From 145736070375e5bff5f9c2d28bdd16dd37e0ff1d Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 11 Jan 2026 11:55:15 +0000
Subject: [PATCH] Use API_ADMIN_KEY for web service to enable admin operations

The web admin interface needs write permissions to create, update,
move, and delete node tags. Changed to use API_ADMIN_KEY with
fallback to API_READ_KEY if admin key is not configured.
---
 docker-compose.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 6b59fb8..2aece61 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -249,7 +249,9 @@ services:
     environment:
       - LOG_LEVEL=${LOG_LEVEL:-INFO}
       - API_BASE_URL=http://api:8000
-      - API_KEY=${API_READ_KEY:-}
+      # Use ADMIN key to allow write operations from admin interface
+      # Falls back to READ key if ADMIN key is not set
+      - API_KEY=${API_ADMIN_KEY:-${API_READ_KEY:-}}
       - WEB_HOST=0.0.0.0
       - WEB_PORT=8080
       - WEB_ADMIN_ENABLED=${WEB_ADMIN_ENABLED:-false}