---
title: CanLex Web
sdk: docker
app_port: 7860
pinned: false
---

# CanLex Web (Path B)

A private web front-end for **CanLex**, so people without an MCP-capable AI
client can still ask Canadian legal-research questions.

## How it works -- thin client

This app holds **no copy of the legal corpus**. For each question it:

1. calls the deployed **CanLex MCP server** (`canlex_search_legislation`) to
   retrieve the cited source passages;
2. sends those passages and the question to **Google Gemini Flash**, which
   composes a grounded, cited answer following CanLex's own answering
   instructions;
3. displays the answer, with the retrieved passages shown for review.

Because retrieval stays on the MCP server, a corpus or retrieval change is
deployed once (to the MCP Space) and both the MCP connector and this website
pick it up. Only UI or prompt changes redeploy this Space.

## Required Space secrets

Set these under **Settings -> Variables and secrets**:

| Name | Kind | Purpose |
|------|------|---------|
| `GEMINI_API_KEY` | secret | Free Gemini key from Google AI Studio (https://aistudio.google.com/apikey). |
| `CANLEX_WEB_AUTH` | secret | Login credentials, one `username:password` per line. |

Optional overrides:

| Name | Default |
|------|---------|
| `CANLEX_MCP_URL` | `https://beemer0-canlex.hf.space/mcp` |
| `CANLEX_GEMINI_MODEL` | `gemini-2.5-flash` |

If `CANLEX_WEB_AUTH` is unset the app falls back to an insecure default login
(`canlex` / `canlex`) and logs a warning -- set the secret before real use.

## Make the Space private

Under **Settings -> Change Space visibility**, set the Space to **Private**.
The app then has two layers of protection: Hugging Face gates who can open the
page at all, and Gradio's username/password gates who can use it.

## Run locally

```
pip install -r requirements.txt
# PowerShell:
$env:GEMINI_API_KEY = "your-key"
$env:CANLEX_WEB_AUTH = "me:secret"
python app.py
```

Then open http://localhost:7860.