Self-hosted `--require-auth` is unusable: the `--auth-token-store` file format is undocumented, and the documented "hash:json-principal" form is rejected

[Regis-RCR]

Summary

memcore-server --help advertises an auth layer: --require-auth, --auth-token-store <file> (described as "one hash:json-principal per line"), and --policy. In practice there is no documented, working way to provision a token, so a self-hoster cannot actually turn --require-auth on.

What I hit

1. Following the documented format, a file with hash:json-principal lines makes the engine fail to start with a TOML parse error. So the file is parsed as TOML, not the per-line format the help describes.
2. Switching to TOML, the engine boots and logs loading token store, but no token I add authenticates. Every request comes back UNAUTHENTICATED: invalid bearer token, regardless of the entry shape I try.

The flags exist and the engine clearly wants a token store, but the schema that registers a usable token is not specified anywhere I can find.

What would unblock self-hosters

• Document the --auth-token-store file schema: the exact key form and the value structure (fields and types).
• Provide a supported way to mint or add a token: an admin subcommand, or at least one worked example entry that authenticates.
• Fix the --help text if the hash:json-principal description is stale, since following it literally does not parse.

Environment

memtrace 0.6.46, macOS arm64. Local self-hosted MemDB, community license.

[blocksorg]

Mention Blocks like a regular teammate with your question or request:

@blocks can you add technical details to this issue?
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message