# CI read-only MCP endpoint

Настройка GitHub Actions (или другого CI) для read-only анализа 1С-кода через hosted HTTP MCP без write-tools.

## Prerequisites

- Running HTTP gateway (`apps/gateway/src/http.ts`) доступный из CI runner (self-hosted или VPN).
- Scoped MCP token: только read scopes, короткий TTL, `allowedClients: ["ci"]`.
- Git repo с EDT/export (artifact или checkout).
- Запрет write/admin scopes на token и `environment: production` только read.

## Пошаговая настройка

### 1. Deploy read-only gateway endpoint

```bash
export ONEC_MCP_HTTP_HOST=127.0.0.1
export ONEC_MCP_HTTP_PORT=3000
export ONEC_MCP_DATA_DIR=/var/lib/onec-mcp-gateway
npm run build && npm run start:http
```

Reverse proxy (nginx) с TLS termination recommended для remote runners.

### 2. Выпуск CI token

```bash
curl -s -X POST https://gateway.internal/api/mcp-tokens \
  -H "Content-Type: application/json" \
  -d '{
    "title": "github-actions-readonly",
    "scopes": ["mcp:call", "connections.manage:read"],
    "expiresAt": "2026-12-31T23:59:59.000Z",
    "allowedClients": ["ci"],
    "rateLimit": { "windowSeconds": 60, "maxRequests": 30 }
  }'
```

Сохраните plaintext token в GitHub Secret: `ONEC_MCP_HTTP_TOKEN`.

### 3. Профиль git-only в gateway

Один раз через Web Console или API — профиль с `gitPath` CI workspace (mount одинакового export).

### 4. GitHub Actions workflow

`.github/workflows/1c-mcp-review.yml`:

```yaml
name: 1C MCP Read-only Review
on:
  pull_request:
    paths: ['src/**', 'Configuration/**']

jobs:
  bsl-context:
    runs-on: self-hosted
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }

      - uses: actions/setup-node@v4
        with: { node-version: '22' }

      - name: MCP smoke — list tools
        env:
          ONEC_MCP_URL: https://gateway.internal/mcp
          ONEC_MCP_HTTP_TOKEN: ${{ secrets.ONEC_MCP_HTTP_TOKEN }}
        run: |
          curl -sf -X POST "$ONEC_MCP_URL" \
            -H "Authorization: Bearer $ONEC_MCP_HTTP_TOKEN" \
            -H "X-MCP-Client-ID: ci" \
            -H "Content-Type: application/json" \
            -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
            | jq '.result.tools[].name' | head -20

      - name: Agent review (optional)
        run: |
          npx tsx scripts/ci-mcp-agent.ts
```

`scripts/ci-mcp-agent.ts` — thin MCP client: `tools/list` → `bsl_search` по changed files → comment PR.

### 5. Ограничение tools в CI

Policy engine скрывает write tools для token без scopes `code.write` / `agent.feedback`. Проверьте:

- Нет `propose_*`, `apply_*`, `import_*` в `tools/list`.
- `environment: production` → только metadata/bsl read.

## Copy-ready config

Gateway env (CI-facing instance):

```bash
ONEC_MCP_DATA_DIR=/data
ONEC_MCP_HTTP_HOST=0.0.0.0          # за reverse proxy
ONEC_MCP_ACTOR=ci-agent
ONEC_MCP_ALLOW_INSECURE_HTTP=0
# Не задавайте ONEC_CLI_* на CI read-only node
```

GitHub secrets:

```
ONEC_MCP_HTTP_TOKEN=<issued-token>
ONEC_MCP_URL=https://gateway.internal/mcp
```

## Проверка tools/list

CI step должен assert:

```bash
TOOLS=$(curl ... tools/list)
echo "$TOOLS" | jq -e '.result.tools[] | select(.name|test("apply|import|load_extension"))' && exit 1 || true
```

Ожидаемые read tools: `bsl_search`, `bsl_get_module`, `analyze_1c_impact`, `discover_1c_context`.

## Первый тестовый prompt

```
(В локальном CI debug) Подключись к MCP CI endpoint. list_profiles → профиль repo-ci.
bsl_search по символу из diff PR. Верни impact summary без предложений patch.
```

## Типовые ошибки

| Ошибка | Решение |
|--------|---------|
| 401 Bearer | Secret rotation, expired token |
| 403 client id | Header `X-MCP-Client-ID: ci` |
| 429 rate limit | Увеличьте window или batch calls |
| Empty git context | `fetch-depth: 0`, правильный `gitPath` |
| Write tool leaked | Уберите scopes с write toolsets |

## Security warning

- CI token — read-only, минимальный TTL, rotate после каждого compromise.
- Self-hosted runner с доступом к prod OData — изолированный network segment.
- Не mount production credentials на PR forks (GitHub `pull_request_target` осторожно).
- Logs CI не должны печатать token или OData rows with PII.
- Separate gateway instance для CI vs human dev (different `ONEC_MCP_DATA_DIR`).

## Related docs

- [GIT_REPO_CONNECTION.md](./GIT_REPO_CONNECTION.md) — git-only profile
- [SECURITY_MODEL.md](./SECURITY_MODEL.md) — scopes, token model
- [DEPLOYMENT.md](./DEPLOYMENT.md) — prod HTTP
- [MCP_CONNECTION.md](./MCP_CONNECTION.md) — HTTP headers
