[codex] Add MCP integration

[guima-why]

Summary

This PR adds full Model Context Protocol (MCP) integration to iac-code across the interactive CLI, headless mode, ACP, A2A, and pipeline flows.

The implementation introduces a new iac_code.mcp package that can load MCP server configuration, connect to local and remote MCP servers, expose MCP tools/resources/prompts/skills to the agent runtime, handle OAuth authentication, persist MCP auth state, and surface connection/configuration warnings without blocking otherwise usable servers.

What Changed

MCP runtime and configuration

• Added MCP server configuration support with user/local/project scopes.
• Added project MCP approval handling so .mcp.json servers must be trusted before use.
• Added environment-variable expansion for MCP config values, including warnings for missing env vars.
• Added validation for server names, transports, OAuth config, unsupported fields, and plaintext secret risks.
• Added duplicate-content detection so higher-precedence MCP servers win cleanly.
• Added keyring-backed MCP auth storage with an environment override for test/non-keyring environments.

Transports, tools, resources, prompts, and skills

• Added MCP client/manager support for stdio, streamable HTTP, and SSE transports.
• Added dynamic MCP tool registration using stable mcp__server__tool names.
• Added built-in list_mcp_resources, read_mcp_resource, and MCP auth helper tools.
• Added MCP resource rendering, artifact handling, structured content rendering, and base64 artifact storage.
• Added MCP prompt command registration and argument parsing.
• Added remote MCP skills exposed through skill://... resources and $mcp__server__skill commands.
• Added list-changed callback handling for MCP tools/resources/prompts.

OAuth and security

• Added OAuth metadata discovery, authorization-code flow, loopback callback handling, token refresh, and auth reset support.
• Added public output sanitization for MCP-derived ACP progress messages so untrusted MCP progress cannot leak local paths or secrets.
• Rejected unsupported dynamic headersHelper execution and plaintext oauth.clientSecret usage.
• Added warning paths for unsupported MCP elicitation requests instead of allowing unsafe interactive prompts.

Runtime integrations

• Integrated MCP runtime setup into AgentFactory so tools/resources/prompts/skills are available to normal chat and pipeline runs.
• Added MCP warning/progress events to the shared stream event model.
• Integrated MCP progress/warnings in:
  • REPL
  • headless mode
  • ACP sessions
  • A2A normal mode
  • A2A pipeline mode
• Ensured session cleanup closes MCP managers for REPL, ACP, A2A, and pipeline runtime paths.
• Preserved compatibility with recent A2A metadata redaction, image/artifact handling, task persistence, and session recovery changes from main.

CLI and docs

• Added iac-code mcp commands for adding/removing/listing servers, approving/rejecting project servers, authenticating, and resetting auth state.
• Added complete website documentation for MCP:
  • Overview
  • Configuration
  • Tools, Resources, Prompts, and Skills
  • OAuth and Security
  • Troubleshooting
• Added full localized MCP docs for zh-Hans, ja, fr, de, es, and pt.
• Added website sidebar entries and localized sidebar category labels.

Internationalization

• Wrapped MCP user-facing runtime strings in _() without using f-strings inside translation calls.
• Ran make translate and filled real translations for MCP strings in all supported locales.
• Verified MCP-related PO entries have no empty translations, no fuzzy markers, and no placeholder mismatches.

Why

iac-code previously had no MCP support, which prevented users from connecting external tool/resource/prompt providers in the same way they can in MCP-capable coding assistants. This PR adds that capability while preserving existing execution surfaces and safety requirements:

• project-level MCP servers are approval-gated,
• secrets are discouraged from plaintext config,
• OAuth state is stored separately,
• warnings are surfaced without taking down unrelated usable servers,
• untrusted MCP progress/output paths are sanitized before public protocol emission.

Compatibility Notes

I rebased this branch onto the latest origin/main before opening the PR.

During rebase there was one code conflict in src/iac_code/a2a/events.py; the resolution keeps both sides:

• main's A2A metadata echo redaction import and behavior,
• this branch's MCP i18n/progress/warning integration.

A follow-up compatibility review compared origin/main..HEAD against the code added on main while this feature was in development. The review found one issue: ACP MCP progress messages were not sanitized before being sent to ACP clients. That has been fixed by applying sanitize_public_text() in _format_mcp_progress_text(), with a regression test covering API-key and local-path redaction.

No remaining required MCP/main compatibility issues were found in the review.

Validation

Ran after rebasing onto origin/main:

make translate
make lint
uv run pytest tests/mcp tests/cli/test_mcp_command.py tests/cli/test_headless.py tests/acp/test_convert.py tests/acp/test_mcp.py tests/acp/test_protocol_lifecycle.py tests/acp/test_scenarios.py tests/acp/test_server_coverage.py tests/a2a/test_events.py tests/a2a/test_executor.py tests/a2a/test_pipeline_events.py tests/a2a/test_pipeline_executor.py tests/a2a/test_task_store.py tests/ui/test_stream_accumulator.py tests/ui/test_repl_integration.py -q
npm run typecheck
npm test
npm run build
git diff --check

Results:

• make translate: passed
• make lint: passed
• targeted pytest suite: 711 passed, 3 warnings
  • warnings are from MCP SDK deprecation notices for streamable_http_client
• npm run typecheck: passed
• npm test: passed (6 passed)
• npm run build: passed for all configured locales (en, zh-Hans, ja, fr, de, es, pt)
• git diff --check: passed

Review Notes

This is intentionally opened as a draft because the diff is large and touches multiple runtime surfaces. The most important areas to review carefully are:

• MCP server config precedence and project approval behavior,
• OAuth auth/refresh/reset flow,
• ACP/A2A warning and progress event conversion,
• session/runtime cleanup paths,
• localized runtime strings and website documentation.