Add automation_file_mcp console script and mcp CLI subcommand

MCPServer now has a thin argparse entry point (_cli) exposed as the
automation_file_mcp console script via [project.scripts] in both
stable.toml and dev.toml. The automation_file CLI learns a new mcp
subcommand that forwards --name / --version / --allowed-actions to the
same entry, so hosts can launch the bridge without writing Python glue.

--allowed-actions takes a comma-separated whitelist and builds a filtered
registry at startup — recommended because the default registry includes
high-privilege actions like FA_run_shell.

Five new tests cover the whitelist filter, the CLI entry point, and the
mcp subcommand forwarding.

Author: JE-Chen

automation_file/__main__.py

@@ -104,6 +104,15 @@ def _cmd_ui(_args: argparse.Namespace) -> int:
     return launch_ui()
 
 
+def _cmd_mcp(args: argparse.Namespace) -> int:
+    from automation_file.server.mcp_server import _cli as mcp_cli
+
+    forwarded: list[str] = ["--name", args.name, "--version", args.version]
+    if args.allowed_actions:
+        forwarded.extend(["--allowed-actions", args.allowed_actions])
+    return mcp_cli(forwarded)
+
+
 def _cmd_drive_upload(args: argparse.Namespace) -> int:
     from automation_file.remote.google_drive.client import driver_instance
     from automation_file.remote.google_drive.upload_ops import (
@@ -177,6 +186,18 @@ def _build_parser() -> argparse.ArgumentParser:
     ui_parser = subparsers.add_parser("ui", help="launch the PySide6 GUI")
     ui_parser.set_defaults(handler=_cmd_ui)
 
+    mcp_parser = subparsers.add_parser(
+        "mcp", help="serve the action registry as an MCP server over stdio"
+    )
+    mcp_parser.add_argument("--name", default="automation_file")
+    mcp_parser.add_argument("--version", default="1.0.0")
+    mcp_parser.add_argument(
+        "--allowed-actions",
+        default=None,
+        help="comma-separated allow list (default: expose every registered action)",
+    )
+    mcp_parser.set_defaults(handler=_cmd_mcp)
+
     drive_parser = subparsers.add_parser("drive-upload", help="upload a file to Google Drive")
     drive_parser.add_argument("file")
     drive_parser.add_argument("--token", required=True)

automation_file/server/mcp_server.py

@@ -19,10 +19,11 @@
 
 from __future__ import annotations
 
+import argparse
 import inspect
 import json
 import sys
-from collections.abc import Callable, Iterable
+from collections.abc import Callable, Iterable, Sequence
 from typing import Any, TextIO
 
 from automation_file.core.action_executor import executor
@@ -232,3 +233,61 @@ def tools_from_registry(registry: ActionRegistry) -> Iterable[dict[str, Any]]:
     """
     server = MCPServer(registry)
     yield from server._handle_tools_list()["tools"]
+
+
+def _filtered_registry(source: ActionRegistry, allowed: Sequence[str]) -> ActionRegistry:
+    filtered = ActionRegistry()
+    missing: list[str] = []
+    for name in allowed:
+        command = source.resolve(name)
+        if command is None:
+            missing.append(name)
+            continue
+        filtered.register(name, command)
+    if missing:
+        raise MCPServerException("unknown action(s) in allow list: " + ", ".join(sorted(missing)))
+    return filtered
+
+
+def _build_cli_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="automation_file_mcp",
+        description="Expose the automation_file action registry as an MCP server over stdio.",
+    )
+    parser.add_argument(
+        "--name", default="automation_file", help="serverInfo.name reported at handshake"
+    )
+    parser.add_argument(
+        "--version", default="1.0.0", help="serverInfo.version reported at handshake"
+    )
+    parser.add_argument(
+        "--allowed-actions",
+        default=None,
+        help=(
+            "comma-separated allow list of action names (e.g. "
+            "'FA_list_dir,FA_file_checksum'); defaults to every registered action"
+        ),
+    )
+    return parser
+
+
+def _cli(argv: Sequence[str] | None = None) -> int:
+    """Console-script entry point for the MCP stdio server."""
+    args = _build_cli_parser().parse_args(argv)
+    registry = executor.registry
+    if args.allowed_actions:
+        names = [name.strip() for name in args.allowed_actions.split(",") if name.strip()]
+        registry = _filtered_registry(registry, names)
+    server = MCPServer(registry, name=args.name, version=args.version)
+    file_automation_logger.info(
+        "mcp_server: serving %d tools over stdio (name=%s version=%s)",
+        len(registry.event_dict),
+        args.name,
+        args.version,
+    )
+    server.serve_stdio()
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(_cli())

dev.toml

@@ -49,6 +49,9 @@ dev = [
     "twine>=5.1.0"
 ]
 
+[project.scripts]
+automation_file_mcp = "automation_file.server.mcp_server:_cli"
+
 [project.urls]
 "Homepage" = "https://github.com/JE-Chen/Integration-testing-environment"
 

stable.toml

@@ -49,6 +49,9 @@ dev = [
     "twine>=5.1.0"
 ]
 
+[project.scripts]
+automation_file_mcp = "automation_file.server.mcp_server:_cli"
+
 [project.urls]
 "Homepage" = "https://github.com/JE-Chen/Integration-testing-environment"
 

tests/test_cli_main.py

@@ -0,0 +1,57 @@
+"""Tests for ``automation_file.__main__`` subcommand wiring."""
+
+from __future__ import annotations
+
+import pytest
+
+from automation_file import __main__ as cli_main
+
+
+def test_mcp_subcommand_forwards_all_flags(monkeypatch: pytest.MonkeyPatch) -> None:
+    captured: dict[str, list[str]] = {}
+
+    def _fake_cli(argv: list[str] | None = None) -> int:
+        captured["argv"] = list(argv or [])
+        return 0
+
+    monkeypatch.setattr("automation_file.server.mcp_server._cli", _fake_cli)
+
+    rc = cli_main.main(
+        [
+            "mcp",
+            "--name",
+            "svc",
+            "--version",
+            "3.2.1",
+            "--allowed-actions",
+            "FA_file_checksum,FA_fast_find",
+        ]
+    )
+
+    assert rc == 0
+    assert captured["argv"] == [
+        "--name",
+        "svc",
+        "--version",
+        "3.2.1",
+        "--allowed-actions",
+        "FA_file_checksum,FA_fast_find",
+    ]
+
+
+def test_mcp_subcommand_omits_allowed_actions_when_unset(
+    monkeypatch: pytest.MonkeyPatch,
+) -> None:
+    captured: dict[str, list[str]] = {}
+
+    def _fake_cli(argv: list[str] | None = None) -> int:
+        captured["argv"] = list(argv or [])
+        return 0
+
+    monkeypatch.setattr("automation_file.server.mcp_server._cli", _fake_cli)
+
+    rc = cli_main.main(["mcp"])
+
+    assert rc == 0
+    assert "--allowed-actions" not in captured["argv"]
+    assert captured["argv"] == ["--name", "automation_file", "--version", "1.0.0"]

tests/test_mcp_server.py

@@ -5,8 +5,16 @@
 import io
 import json
 
+import pytest
+
 from automation_file.core.action_registry import ActionRegistry
-from automation_file.server.mcp_server import MCPServer, tools_from_registry
+from automation_file.exceptions import MCPServerException
+from automation_file.server.mcp_server import (
+    MCPServer,
+    _cli,
+    _filtered_registry,
+    tools_from_registry,
+)
 
 
 def _make_registry() -> ActionRegistry:
@@ -151,3 +159,37 @@ def test_serve_stdio_handles_malformed_json() -> None:
     server.serve_stdio(stdin=stdin, stdout=stdout)
     reply = json.loads(stdout.getvalue().strip())
     assert reply["error"]["code"] == -32700
+
+
+def test_filtered_registry_keeps_only_allowed_actions() -> None:
+    filtered = _filtered_registry(_make_registry(), ["add"])
+    assert set(filtered.event_dict.keys()) == {"add"}
+
+
+def test_filtered_registry_raises_on_unknown_name() -> None:
+    with pytest.raises(MCPServerException, match="unknown action"):
+        _filtered_registry(_make_registry(), ["add", "does_not_exist"])
+
+
+def test_cli_serves_whitelisted_registry(monkeypatch: pytest.MonkeyPatch) -> None:
+    captured: dict[str, object] = {}
+
+    class _FakeServer:
+        def __init__(self, registry: ActionRegistry, *, name: str, version: str) -> None:
+            captured["tools"] = set(registry.event_dict.keys())
+            captured["name"] = name
+            captured["version"] = version
+
+        def serve_stdio(self) -> None:
+            captured["served"] = True
+
+    stub_registry = _make_registry()
+    monkeypatch.setattr("automation_file.server.mcp_server.executor.registry", stub_registry)
+    monkeypatch.setattr("automation_file.server.mcp_server.MCPServer", _FakeServer)
+
+    rc = _cli(["--allowed-actions", "echo", "--name", "t", "--version", "2.0.0"])
+    assert rc == 0
+    assert captured["tools"] == {"echo"}
+    assert captured["name"] == "t"
+    assert captured["version"] == "2.0.0"
+    assert captured["served"] is True