bug(mcp): Server.Start() unconditionally overrides readonly state set by WithReadonly()

[Elvand-Lie]

Bug Report

Description

The Server.Start() method in pkg/mcp/mcp.go unconditionally overrides the readonly field via its writeEnabled parameter (line 149), regardless of what was set by the WithReadonly() option during construction.

Instructions are computed at construction time in New() using the initial s.readonly value (line 83), but the actual enforcement value is overridden when Start() is called. If a caller passes inconsistent values, the MCP instructions will tell the agent it is in read-only mode while the server actually permits deploy and delete operations (or vice versa).

Steps to Reproduce

// Construction: WithReadonly sets s.readonly = true
s := mcp.New(mcp.WithReadonly(true))

// Start: silently overrides to readonly = false
s.Start(ctx, true) // writeEnabled=true -> readonly=false
// BUG: Instructions say read-only but server allows deploy/delete

Expected Behavior

The readonly state should have a single source of truth. Since instructions are computed at construction time, Start() should not accept or override the readonly state.

Proposed Fix

Remove the writeEnabled parameter from Start() entirely. The readonly state should be set exclusively via WithReadonly() at construction time.

Environment

• Component: pkg/mcp/mcp.go
• Lines: 147-150 (Start method), 59-63 (WithReadonly)