design: pretty-URL tailnet-direct path for the Authelia-gated MCP fleet (split-DNS + direct-to-pod tailnet Caddy) #474
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#474
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Intent (Kai)
Give Kai's tailnet devices (mcporter / Claude Code / Codex local harnesses) the pretty
<svc>.coilysiren.meMCP URLs, reached tailnet-direct and gate-free, instead of today's ugly unauthenticated NodePort (http://kai-server:30931/mcp). The Authelia gate exists for the hosted claude.ai connector (which runs server-side, off-tailnet, and cannot reach the tailnet - deploy#28); a trusted tailnet peer does not need per-request OIDC. This is the pretty-URL upgrade of deploy#39's tailnet-direct decision.This is a design brief - post a proposal for Kai to approve before any implementation.
Current state (grounded)
<svc>.coilysiren.meresolves to the public IP and flows public -> Traefik -> Authelia, even from the tailnet - no split-DNS override exists.kai-server:30931/mcp, ungated - the tailnet is the trust boundary), chosen in deploy#39.http://kai-serverfront door,caddy/Caddyfile+caddy/sites/*.caddygenerated byscripts/generate-caddy-shortcuts.pyfrom each sibling repo'sconfig.ymltailnet.shortcut). But its shortcutsreverse_proxyto Traefik (192.168.0.194:80) with the<svc>.coilysiren.meHost header, so for a gated MCP they would hit the same Authelia middleware - they do not bypass it today.The three pieces
terraform/tailscale/.reverse_proxystraight to the pod / NodePort / Service ClusterIP (NOT to Traefik), bypassing the Authelia ForwardAuth middleware, served with a DNS-01 cert for*.coilysiren.meso it is HTTPS-clean. This is a new "direct-to-pod" shortcut variant alongside the existing "to-Traefik" one ingenerate-caddy-shortcuts.py.--allowed-hosts(Playwright MCP host-header guard, and the equivalent on the other upstream images) must include the pretty host. Playwright is already gettingplaywright.coilysiren.me; the fleet needs the same.Design questions to resolve in the proposal
*.coilysiren.mewildcard. A wildcard would also capture non-MCP hosts (forgejo, galaxy-gen, tangled) and yank them onto the tailnet path - lean per-host, or wildcard-with-exceptions, and say which.*.coilysiren.meon the tailnet host (issuance + DNS-provider creds); confirm it does not collide with Traefik's public cert for the same names.tailnet.shortcuttype in the generator, or a separate hand-writtensites-manual/*.caddyset?Security posture
The tailnet becomes an ungated path to these MCPs - but that is already true via the NodePort, so this opens no new exposure, it only makes the existing ungated reach pretty. Public / hosted-connector reach stays Authelia-gated. The single load-bearing invariant: keep the split-DNS override tailnet-scoped so the public path is never redirected.
Relationships
--allowed-hostsfollow-up on the playwright bundle (deploy#47).Ask
Concept + design capture. An advisor design proposal (split-DNS scope, direct target, cert, service list, generator change) can follow when Kai wants - no implementation or infra mutation yet.
Concrete follow-up from deploy#133.
http://kai-server/skillsmp/mcpstill returns 404 on the live host, whilehttp://kai-server:30081/mcpreturns 200 withserverInfo: skillsmp. The deploy repo documents the tailnet shortcut as a host-Caddy path, so this looks like the missing host-side deploy/reload step for the existingsites-manual/skillsmp.caddyshortcut.The current deploy issue is
coilyco-bridge/deploy#133. Please re-check the kai-server Caddy install path / reload path for the skillsmp shortcut.🔎 ward agent advisor
ward agent advisor --harness codexran a one-shot standard research pass on this question:pre-commit installed at .git/hooks/pre-commit
pre-commit installed at .git/hooks/commit-msg
Researched and posted automatically by
ward agent advisor --harness codex(ward#179). This is one-shot research, not a carried change - verify before acting on it.— Codex, via
ward agent