From adb7c6802c650017e00886db5108d556ebefcae3 Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.local>
Date: Mon, 15 Jun 2026 18:58:17 +0200
Subject: [PATCH] =?UTF-8?q?feat(nginx):=20/mcp=20auf=20:8002=20=E2=86=92?=
 =?UTF-8?q?=20bp-compliance-mcp=20(Repo-Scanner=20MCP-Endpoint)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Streamable-HTTP-MCP des Compliance-Repos (cra_assess_findings) erreichbar als
macmini:8002/mcp. SSE-sicher: proxy_buffering off, http/1.1, read_timeout 3600s,
Authorization (Bearer) wird durchgereicht. Additiv vor location / im 8002-Block.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 nginx/conf.d/default.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf
index 3c1697b..cd6bb87 100644
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -422,6 +422,21 @@ server {
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
     ssl_prefer_server_ciphers off;
 
+    # CRA MCP server for the external repo-scanner (Streamable HTTP + Bearer).
+    # Separate container (bp-compliance-mcp:8099); buffering off for SSE streaming.
+    location /mcp {
+        set $upstream_mcp bp-compliance-mcp:8099;
+        proxy_pass http://$upstream_mcp;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header Connection "";
+        proxy_buffering off;
+        proxy_read_timeout 3600s;
+    }
+
     location / {
         set $upstream_compliance bp-compliance-backend:8002;
         proxy_pass http://$upstream_compliance;