Same fix as obsidian-mcp: Claude.ai needs PRM to know the resource
identifier and send RFC 8707 `resource` in /authorize requests.
Adds /.well-known/oauth-protected-resource. ResourceUrl is configurable
via Mcp__OAuthDiscovery__ResourceUrl, falling back to request authority
when unset.
- Config/JwtOptions: flatten SigningKeyCurrent/Previous into nested
SigningKey { Current, Previous } class to match obsidian-mcp shape.
Both services now bind the same env var pattern (Jwt__SigningKey__Current),
removing the schema fork that caused gitea-mcp to start with empty keys
when compose used the obsidian-mcp convention.
- Auth/JwtBearerSetup, appsettings.json, README: follow rename.
- .gitea/workflows/build-image.yml: deploy job no longer clones nas-infra
to a temp dir (which lacks the gitignored .env.shared). Now cd directly
into /volume1/docker/compose/gitea-mcp, exposed by gitea-runner mount.
Polly StandardResilienceHandler validates SamplingDuration >= 2 * AttemptTimeout
at startup. Default SamplingDuration is 30s and our AttemptTimeout is 30s, so
the container failed to boot with OptionsValidationException.
Set SamplingDuration explicitly to 60s while keeping AttemptTimeout at 30s.
zhengchen.tao