litentry · hanwencheng · May 25, 2026 · May 25, 2026 · May 25, 2026 · May 25, 2026
diff --git a/.github/workflows/mcp-server.yml b/.github/workflows/mcp-server.yml
@@ -0,0 +1,89 @@
+name: mcp-server
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "crates/agentkeys-mcp-server/**"
+      - "scripts/mcp-demo-mode-a.sh"
+      - "scripts/mcp-demo-mode-b-protocol.sh"
+      - "scripts/mcp-demo-mode-c-xiaozhi-client.sh"
+      - "scripts/mcp-demo-mode-d-xiaozhi-endpoint.sh"
+      - "Cargo.toml"
+      - "Cargo.lock"
+      - ".github/workflows/mcp-server.yml"
+  pull_request:
+    paths:
+      - "crates/agentkeys-mcp-server/**"
+      - "scripts/mcp-demo-mode-a.sh"
+      - "scripts/mcp-demo-mode-b-protocol.sh"
+      - "scripts/mcp-demo-mode-c-xiaozhi-client.sh"
+      - "scripts/mcp-demo-mode-d-xiaozhi-endpoint.sh"
+      - "Cargo.toml"
+      - "Cargo.lock"
+      - ".github/workflows/mcp-server.yml"
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  test:
+    name: test + clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: ". -> target"
+      - name: cargo test
+        run: cargo test -p agentkeys-mcp-server --all-features
+      - name: cargo clippy
+        run: cargo clippy -p agentkeys-mcp-server --all-targets -- -D warnings
+      # Phase A dev-mode demo smoke — boots the binary with --backend in-memory
+      # and walks the three-act storyboard end-to-end via curl. Catches drift
+      # between code and runbook §A in `docs/spec/plans/issue-107-mcp-demo-runbook.md`.
+      - name: mcp demo (mode A — dev smoke)
+        run: bash scripts/mcp-demo-mode-a.sh
+
+      # Phase B testing ladder (runbook §B.0). Modes B/C/D need `uv` to manage
+      # a Python venv on the fly so the official Anthropic mcp SDK + xiaozhi-
+      # server's own integration class can drive our server. These tiers catch
+      # bugs at the MCP wire layer, the xiaozhi integration layer, and the
+      # relay-topology layer respectively. No live broker or xiaozhi account.
+      - name: install uv (for modes B/C/D)
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+      - name: mcp demo (mode B — Anthropic mcp SDK protocol smoke)
+        run: bash scripts/mcp-demo-mode-b-protocol.sh
+      - name: mcp demo (mode C — xiaozhi ServerMCPClient integration)
+        run: bash scripts/mcp-demo-mode-c-xiaozhi-client.sh
+      - name: mcp demo (mode D — xiaozhi MCP-endpoint relay topology)
+        run: bash scripts/mcp-demo-mode-d-xiaozhi-endpoint.sh
+
+  image:
+    name: build + publish image
+    needs: test
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: build + push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: crates/agentkeys-mcp-server/Dockerfile
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository }}/agentkeys-mcp-server:latest
+            ghcr.io/${{ github.repository }}/agentkeys-mcp-server:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,6 +7,7 @@ members = [
     "crates/agentkeys-cli",
     "crates/agentkeys-daemon",
     "crates/agentkeys-mcp",
+    "crates/agentkeys-mcp-server",
     "crates/agentkeys-provisioner",
     "crates/agentkeys-broker-server",
     "crates/agentkeys-worker-creds",

diff --git a/crates/agentkeys-mcp-server/Cargo.toml b/crates/agentkeys-mcp-server/Cargo.toml
@@ -0,0 +1,38 @@
+[package]
+name = "agentkeys-mcp-server"
+version = "0.1.0"
+edition = "2021"
+
+[[bin]]
+name = "agentkeys-mcp-server"
+path = "src/main.rs"
+
+[lib]
+name = "agentkeys_mcp_server"
+path = "src/lib.rs"
+
+[dependencies]
+agentkeys-types = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true }
+async-trait = { workspace = true }
+thiserror = { workspace = true }
+anyhow = { workspace = true }
+axum = { version = "0.7", features = ["json"] }
+tower = "0.4"
+reqwest = { version = "0.12", features = ["json"] }
+tokio-tungstenite = "0.23"
+futures-util = "0.3"
+clap = { version = "4", features = ["derive", "env"] }
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+base64 = "0.22"
+hex = "0.4"
+sha2 = "0.10"
+uuid = { version = "1", features = ["v4"] }
+
+[dev-dependencies]
+tokio = { workspace = true }
+tower = { version = "0.4", features = ["util"] }
+http-body-util = "0.1"