From 46ea3ca8ad4fe3424a81033f9f86660c7dfc2333 Mon Sep 17 00:00:00 2001
From: Matthieu <mtholot19@gmail.com>
Date: Mon, 16 Mar 2026 14:09:29 +0100
Subject: [PATCH] feat(mcp) : re-enable MCP bundle config after package install

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 config/bundles.php                |  2 ++
 config/packages/mcp.yaml          | 20 ++++++++++++++++++++
 config/packages/rate_limiter.yaml |  6 ++++++
 config/packages/security.yaml     | 13 ++++++-------
 config/routes.yaml                |  4 ++++
 config/services.yaml              |  9 +++------
 phpunit.dist.xml                  |  1 -
 7 files changed, 41 insertions(+), 14 deletions(-)
 create mode 100644 config/packages/mcp.yaml
 create mode 100644 config/packages/rate_limiter.yaml

diff --git a/config/bundles.php b/config/bundles.php
index 9155747..861ea7a 100644
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -8,6 +8,7 @@ use Doctrine\Bundle\DoctrineBundle\DoctrineBundle;
 use Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle;
 use Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle;
 use Nelmio\CorsBundle\NelmioCorsBundle;
+use Symfony\AI\McpBundle\McpBundle;
 use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
 use Symfony\Bundle\SecurityBundle\SecurityBundle;
 use Symfony\Bundle\TwigBundle\TwigBundle;
@@ -22,4 +23,5 @@ return [
     ApiPlatformBundle::class            => ['all' => true],
     LexikJWTAuthenticationBundle::class => ['all' => true],
     DAMADoctrineTestBundle::class       => ['test' => true],
+    McpBundle::class                    => ['all' => true],
 ];
diff --git a/config/packages/mcp.yaml b/config/packages/mcp.yaml
new file mode 100644
index 0000000..ddc2cc2
--- /dev/null
+++ b/config/packages/mcp.yaml
@@ -0,0 +1,20 @@
+mcp:
+    app: 'inventory'
+    version: '1.0.0'
+    description: 'Inventory MCP Server - Gestion inventaire industriel (machines, pièces, composants, produits)'
+    instructions: |
+        Serveur MCP pour gérer un inventaire industriel.
+        Entités principales : Machine, Composant, Pièce, Produit, Site, Constructeur.
+        Utilisez search_inventory pour chercher dans toutes les entités.
+        Utilisez get_model_type pour comprendre la structure attendue avant de créer un composant ou une pièce.
+        Consultez la resource inventory://schema/entities pour voir le schéma complet.
+        Authentification requise : envoyez X-Profile-Id et X-Profile-Password dans les headers HTTP.
+    client_transports:
+        stdio: true
+        http: true
+    http:
+        path: /_mcp
+        session:
+            store: file
+            directory: '%kernel.cache_dir%/mcp-sessions'
+            ttl: 3600
diff --git a/config/packages/rate_limiter.yaml b/config/packages/rate_limiter.yaml
new file mode 100644
index 0000000..87b497b
--- /dev/null
+++ b/config/packages/rate_limiter.yaml
@@ -0,0 +1,6 @@
+framework:
+    rate_limiter:
+        mcp_auth:
+            policy: sliding_window
+            limit: 5
+            interval: '1 minute'
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index b725395..d4fd595 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -27,12 +27,11 @@ security:
             pattern: ^/api/session/profiles?$
             security: false
 
-        # TODO: re-enable when symfony/ai-mcp-bundle is installed
-        # mcp:
-        #     pattern: ^/_mcp
-        #     stateless: true
-        #     custom_authenticators:
-        #         - App\Mcp\Security\McpHeaderAuthenticator
+        mcp:
+            pattern: ^/_mcp
+            stateless: true
+            custom_authenticators:
+                - App\Mcp\Security\McpHeaderAuthenticator
 
         api:
             pattern: ^/api
@@ -56,7 +55,7 @@ security:
         - { path: ^/api/admin, roles: ROLE_ADMIN }
         - { path: ^/api/docs, roles: PUBLIC_ACCESS }
         - { path: ^/api/health$, roles: PUBLIC_ACCESS }
-        # - { path: ^/_mcp, roles: ROLE_USER }  # TODO: re-enable with MCP
+        - { path: ^/_mcp, roles: ROLE_USER }
         - { path: ^/docs, roles: PUBLIC_ACCESS }
         - { path: ^/contexts, roles: PUBLIC_ACCESS }
         - { path: ^/\.well-known, roles: PUBLIC_ACCESS }
diff --git a/config/routes.yaml b/config/routes.yaml
index 58a67fe..c827fad 100644
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -12,3 +12,7 @@ api_login_check:
 
 controllers:
     resource: routing.controllers
+
+mcp:
+    resource: .
+    type: mcp
diff --git a/config/services.yaml b/config/services.yaml
index 2c795a7..8d0e4d0 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -18,8 +18,6 @@ services:
     # this creates a service per class whose id is the fully-qualified class name
     App\:
         resource: '../src/'
-        exclude:
-            - '../src/Mcp/'
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
@@ -36,10 +34,9 @@ services:
         tags:
             - { name: doctrine.event_subscriber }
 
-    # TODO: re-enable when symfony/ai-mcp-bundle is installed
-    # App\Mcp\Security\McpHeaderAuthenticator:
-    #     arguments:
-    #         $mcpAuthLimiter: '@limiter.mcp_auth'
+    App\Mcp\Security\McpHeaderAuthenticator:
+        arguments:
+            $mcpAuthLimiter: '@limiter.mcp_auth'
 
     App\OpenApi\OpenApiDecorator:
         decorates: 'api_platform.openapi.factory'
diff --git a/phpunit.dist.xml b/phpunit.dist.xml
index 4dd9e0e..294e6d1 100644
--- a/phpunit.dist.xml
+++ b/phpunit.dist.xml
@@ -20,7 +20,6 @@
     <testsuites>
         <testsuite name="Project Test Suite">
             <directory>tests</directory>
-            <exclude>tests/Mcp</exclude>
         </testsuite>
     </testsuites>