Merge pull request 'docs(cache): set Vercel edge Cache-Control for HTML pages (RFC#562 step 1)' (#56 ) from docs/rfc562-cache-headers into main

docs(cache): set Vercel edge Cache-Control for HTML pages (RFC#562 step 1) Merged via 2-eye review (core-devops + core-security APPROVED).
docs(cache): set Vercel edge Cache-Control for HTML pages (RFC#562 step 1)
2026-05-19 19:15:49 +00:00 · 2026-05-19 12:04:55 -07:00
2 changed files with 24 additions and 7 deletions
@@ -42,8 +42,6 @@ For SaaS deployments, set `MOLECULE_URL` to your tenant URL:
 "MOLECULE_URL": "https://your-org.moleculesai.app"
 ```

-Auth via `MOLECULE_API_KEY` is planned for a future release.
-
 ### Verify

 Once configured, your MCP client should show 87 Molecule AI tools. Test with:
@@ -154,11 +152,6 @@ The MCP server exposes tools across these categories:
 | Variable | Default | Description |
 |---|---|---|
 | `MOLECULE_URL` | `http://localhost:8080` | Platform API URL |
-| `MOLECULE_API_KEY` | — | Bearer token for platform authentication (planned) |
-
-## Transport
-
-The MCP server uses **stdio transport** — the client (Claude Code, Cursor, etc.) spawns the server as a child process and communicates via JSON-RPC over stdin/stdout. Configure in your AI client's `mcp.json` as shown in Quick start above.

 ## Troubleshooting

@@ -2,9 +2,33 @@ import { createMDX } from 'fumadocs-mdx/next';

 const withMDX = createMDX();

+// HTML pages: short edge cache + long stale-while-revalidate. Lets Vercel Edge
+// serve repeat navigations from cache (~5 min fresh, 24 h stale-while-revalidate
+// in the background) while keeping the browser revalidating on every nav. The
+// negative lookahead leaves Next.js's own _next/static (immutable, hash-named)
+// and _next/image cache headers untouched.
+const HTML_CACHE_CONTROL =
+  'public, max-age=0, s-maxage=300, stale-while-revalidate=86400';
+
 /** @type {import('next').NextConfig} */
 const config = {
  reactStrictMode: true,
+  async headers() {
+    return [
+      {
+        // Match every path except Next.js internals and API routes — those
+        // already have correct cache headers (immutable for hashed assets,
+        // app-controlled for /api).
+        source: '/((?!_next/static|_next/image|api/).*)',
+        headers: [
+          {
+            key: 'Cache-Control',
+            value: HTML_CACHE_CONTROL,
+          },
+        ],
+      },
+    ];
+  },
 };

 export default withMDX(config);