Make ag-bids-mcp a standalone compose project on .0.2

Reflect the deploy decision: ag-bids-mcp lives in its own
~/ag-bids-mcp/ folder on 192.168.0.2 (NOT inside zerto-docs-rag's
compose). It joins the existing mcp-servers_mcp Docker network as
external so MetaMCP can still reach it at http://ag-bids-mcp:8000/mcp.

Updated:
- deploy/docker-compose.snippet.yml — now a self-contained compose
  project file with `networks.mcp.external: true; name: mcp-servers_mcp`
- deploy/README.md — full runbook for the standalone-folder deploy,
  smoke-test commands that match the actual network name, and a
  base64-encoded Authorization-header recipe for testing without
  fighting curl's -u quoting

Verified live: container on .0.2 returns 401 anonymous and 200 with
real MCP initialize handshake from inside mcp-servers_mcp.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-20 15:59:33 -04:00
parent 875a190983
commit 8aa4cc0ef3
2 changed files with 83 additions and 57 deletions
+20 -14
View File
@@ -1,18 +1,23 @@
# Paste this service block into /home/justin/zerto-docs-rag/deploy/docker-compose.yml
# on 192.168.0.2 (the MetaMCP host), alongside zerto-docs-mcp. It joins the
# same `mcp` Docker network so MetaMCP can reach it by container DNS name.
# Standalone docker-compose for ag-bids-mcp.
#
# Required env vars (set in the same .env that already powers the rest of the
# MetaMCP stack):
# AG_BIDS_API_KEY — copy from ag-monitor's .env (BRIEF_API_KEY)
# This file is the ENTIRE compose project — it does NOT belong inside
# zerto-docs-rag's compose. Put it in /home/justin/ag-bids-mcp/ on the
# MetaMCP host (192.168.0.2) alongside a .env file with three secrets:
# AG_BIDS_API_KEY — copy from ag-monitor's .env (BRIEF_API_KEY) on .0.126
# AG_BIDS_MCP_USER — username MetaMCP will send in Basic auth
# AG_BIDS_MCP_PASS — password MetaMCP will send in Basic auth
#
# Joins the EXISTING `mcp-servers_mcp` network (created by the MetaMCP
# compose project at /home/justin/mcp-servers/) as external, so MetaMCP
# can reach this container by DNS name `ag-bids-mcp`.
services:
ag-bids-mcp:
container_name: ag-bids-mcp
image: git.jpaul.io/justin/ag-bids-mcp:latest
pull_policy: always
restart: unless-stopped
env_file: .env
environment:
MCP_TRANSPORT: streamable-http
MCP_HOST: 0.0.0.0
@@ -20,14 +25,6 @@
# Behind a Docker DNS name, FastMCP's localhost-only rebinding-protection
# would 421 every call from MetaMCP. Disable it; the mcp network is private.
MCP_DISABLE_DNS_REBINDING_PROTECTION: "1"
# --- upstream ag-monitor (Cloudflare Tunnel from .0.126) ---
AG_BIDS_API_URL: https://agbids.paul.farm
AG_BIDS_API_KEY: ${AG_BIDS_API_KEY}
AG_BIDS_API_TIMEOUT_SECS: "20"
# --- HTTP Basic auth in front of this MCP ---
AG_BIDS_MCP_USER: ${AG_BIDS_MCP_USER}
AG_BIDS_MCP_PASS: ${AG_BIDS_MCP_PASS}
# --- per-tool-call JSONL usage log ---
USAGE_LOG_DIR: /app/var/logs
USAGE_LOG_KEEP_DAYS: "90"
volumes:
@@ -35,4 +32,13 @@
- ./ag-bids-mcp-logs:/app/var/logs
networks: [mcp]
labels:
# Watchtower (on the same daemon) auto-pulls new images for any container
# with this label set to "true".
com.centurylinklabs.watchtower.enable: "true"
networks:
mcp:
external: true
# Confirmed on 192.168.0.2 — joined by metamcp, metamcp-pg, zerto-docs-mcp,
# jina-rerank. Created by the compose project rooted at ~/mcp-servers/.
name: mcp-servers_mcp