feat : MCP server infrastructure setup

Install symfony/mcp-bundle, add STDIO + HTTP transport config, API token auth on User entity with custom authenticator and firewall, generate-api-token console command, Nginx /_mcp location, fixture token. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-15 19:33:52 +01:00
parent 760f5b6ad6
commit e16fd2053e
12 changed files with 989 additions and 26 deletions
--- a/config/packages/mcp.yaml
+++ b/config/packages/mcp.yaml
@@ -0,0 +1,23 @@
+mcp:
+    app: 'lesstime'
+    version: '1.0.0'
+    description: 'Lesstime project management — projects, tasks, time tracking'
+    instructions: |
+        This server provides access to the Lesstime project management system.
+        You can list/create/update/delete projects, tasks, and time entries.
+        Tasks belong to projects and have statuses, priorities, efforts, tags, and groups.
+        Statuses, priorities, efforts, and tags are GLOBAL (shared across all projects).
+        Groups are PER-PROJECT (each group belongs to one project).
+        Time entries track work duration and can be linked to projects and tasks.
+        Use list-statuses, list-priorities, list-efforts, list-tags, list-groups to discover
+        available metadata before creating or updating tasks.
+        Use list-users and list-clients to discover valid user and client IDs.
+    client_transports:
+        stdio: true
+        http: true
+    http:
+        path: /_mcp
+        session:
+            store: file
+            directory: '%kernel.cache_dir%/mcp-sessions'
+            ttl: 3600
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -28,6 +28,12 @@ security:
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+        mcp:
+            pattern: ^/_mcp
+            stateless: true
+            provider: app_user_provider
+            custom_authenticators:
+                - App\Security\ApiTokenAuthenticator
        api:
            pattern: ^/api
            stateless: true
@@ -53,6 +59,7 @@ security:
        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
        # Version de l'application en public
        - { path: ^/api/version, roles: PUBLIC_ACCESS, methods: [ GET ] }
+        - { path: ^/_mcp, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

 when@test:
--- a/config/routes/mcp.yaml
+++ b/config/routes/mcp.yaml
@@ -0,0 +1,3 @@
+mcp:
+    resource: .
+    type: mcp