feat: repoint to backend MCP gateway + require OST_API_KEY#4
Merged
Conversation
Startup now fails fast with a guided error when OST_API_KEY is unset. Default API URL targets the new ost-backend MCP gateway path.
401/403 → guide the user to regenerate their token. 429 → surface Retry-After. 5xx → explicit "temporarily unavailable".
Quick Start and Distribution snippets now include OST_API_KEY in the env block. Environment Variables table added. Architecture note points at the backend MCP gateway instead of the linker.
3 tasks
spideystreet
added a commit
that referenced
this pull request
Apr 21, 2026
…#5) Regression from the merge of #4: getConfig() validated OST_API_KEY but dropped it from the return value, and OSTClient lost its apiKey field and the Authorization header attachment. Every MCP request was going out unauthenticated and getting a misleading "Invalid or missing OST_API_KEY" error back from the backend. Restore the plumbing end-to-end: config returns { apiUrl, apiKey }; OSTClient constructor takes (baseUrl, apiKey); request() attaches Authorization: Bearer \${apiKey} on every call. Verified by running ost-mcp via stdio against a live backend + real ost-linker: list_categories and list_techstacks now return the actual taxonomy data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Switches the
ost-mcpHTTP client from the ost-linker API to the newost-backend/v1/mcp/*gateway, improves auth/rate-limit/5xx error messages, and documentsOST_API_KEYso users actually know it's required.Pairs with the
opensource-together/ost-backendPR on branchfeat/user-api-key-authwhich implements the gateway + key issuance.What changed
src/config.ts—DEFAULT_API_URLnowhttps://api.opensource-together.com/v1/mcp. Startup error whenOST_API_KEYis unset now tells the user exactly where to generate one.src/client.ts— 401/403 → "Invalid or missing OST_API_KEY. Regenerate in account settings"; 429 → "Rate limit exceeded. Retry in {Retry-After} seconds"; 5xx → "OST backend temporarily unavailable". Happy path + public signatures untouched.README.md— Quick Start + Distribution snippets now showOST_API_KEYin theenvblock. Added Environment Variables section.CLAUDE.md— env-var table listsOST_API_KEYas required.No breaking changes
Public MCP tool schemas unchanged. Existing users already pass
OST_API_KEYvia theenvblock (the env var was already enforced at startup insrc/config.ts:13) — this PR just makes that visible in the docs.Test plan
npm install && npm run build && npm run lint && npm testall green.OST_API_KEY→ expect the new helpful startup error.search_projects/get_trending/list_categories. Expect normal results.