fix: remove MCP application-level authorization

app/config.py

@@ -1,6 +1,4 @@
 from functools import lru_cache
-from typing import Literal
-
 from pydantic import Field, field_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
@@ -19,13 +17,6 @@ class Settings(BaseSettings):
     admin_username: str = "admin"
     admin_password: str = "admin"
     session_secret: str = Field(default="dev-session-secret", min_length=8)
-    mcp_token: str = "dev-mcp-token"
-    mcp_auth_mode: Literal["token", "oauth"] = "oauth"
-    mcp_resource_url: str = "http://localhost:8001/mcp"
-    mcp_oauth_issuer: str = ""
-    mcp_oauth_audience: str = ""
-    mcp_oauth_jwks_url: str = ""
-    mcp_oauth_required_scope: str = "mcp:tools"
 
     @field_validator("crawl_limit", mode="before")
     @classmethod
@@ -34,15 +25,6 @@ class Settings(BaseSettings):
             return None
         return value
 
-    def oauth_jwks_url(self) -> str:
-        if self.mcp_oauth_jwks_url:
-            return self.mcp_oauth_jwks_url
-        issuer = self.mcp_oauth_issuer.rstrip("/")
-        if not issuer:
-            return ""
-        return f"{issuer}/.well-known/jwks.json"
-
-
 @lru_cache
 def get_settings() -> Settings:
     return Settings()