You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fixed
MCP server connection now authenticates to self-hosted / Enterprise
(in-VPC) agents.mcp.json set X-Axonflow-Client and X-License-Token
static headers but no Authorization header, so against an agent that
requires HTTP Basic auth the MCP connection arrived unauthenticated → the
agent 401'd → Cursor fell into OAuth discovery and died on the agent's
plaintext 404 page not found, and governed tool calls were blocked. Added "Authorization": "Basic ${AXONFLOW_AUTH}" to the static headers (Cursor
expands ${AXONFLOW_AUTH} from the launching environment, same as the
existing ${AXONFLOW_ENDPOINT} / ${AXONFLOW_LICENSE_TOKEN}). For an
Enterprise/in-VPC agent set AXONFLOW_AUTH=base64(org_id:license_key) (bare
base64 — the header adds the Basic prefix). Verified at the wire level:
the resulting header set returns HTTP 200 + initialize from a live
in-vpc-enterprise agent. (Distinct from Cursor's lack of a dynamic header
helper for per-session token refresh; X-License-Token is still forwarded
statically via env expansion.)
