forgejo-mcp-broker/cmd/broker/main.go

// Command fjmcp-broker is an OAuth 2.1 authorization server and MCP session
// broker that fronts forgejo-mcp. See ../../README.md and ../../docs/ for
// the design.
package main

import (
	"context"
	"errors"
	"flag"
	"fmt"
	"io"
	"os"
	"os/signal"
	"syscall"

	"kode.naiv.no/olemd/forgejo-mcp-broker/internal/buildinfo"
	"kode.naiv.no/olemd/forgejo-mcp-broker/internal/config"
	"kode.naiv.no/olemd/forgejo-mcp-broker/internal/httpserver"
	brokerlog "kode.naiv.no/olemd/forgejo-mcp-broker/internal/log"
	"kode.naiv.no/olemd/forgejo-mcp-broker/internal/store"
)

// Exit codes follow the usual convention: 0 success, 2 config/usage, 1 runtime.
const (
	exitSuccess = 0
	exitRuntime = 1
	exitConfig  = 2
)

func main() {
	os.Exit(run(os.Args[1:], os.Stderr))
}

// run is the testable entry point. Parses config, wires dependencies, and
// blocks until the HTTP server exits or a shutdown signal arrives. Returns
// an OS exit code.
func run(args []string, out io.Writer) int {
	// --version is handled before config.Load so operators can inspect a
	// binary without providing the rest of the required config.
	for _, a := range args {
		if a == "--version" || a == "-version" {
			fmt.Fprintf(out, "fjmcp-broker %s (rev %s, built %s)\n",
				buildinfo.Version, buildinfo.GitRevision, buildinfo.BuildDate)
			return exitSuccess
		}
	}

	cfg, err := config.Load(args, out)
	switch {
	case errors.Is(err, flag.ErrHelp):
		return exitSuccess
	case err != nil:
		fmt.Fprintln(out, "fjmcp-broker: config error:")
		fmt.Fprintln(out, err.Error())
		return exitConfig
	}

	logger := brokerlog.New(out, cfg.Debug)
	logger.Info("starting broker",
		"listen", cfg.Listen,
		"public_url", cfg.PublicURL,
		"forgejo_url", cfg.ForgejoURL,
		"store_path", cfg.StorePath,
		"max_sessions", cfg.MaxSessions,
		"idle_timeout", cfg.SessionIdleTimeout.String(),
	)

	// Signal handling is owned here; the HTTP server just responds to ctx
	// cancellation. This keeps internal/httpserver free of signal coupling
	// and makes it testable without any OS-level wiring.
	ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
	defer stop()

	st, err := store.Open(ctx, cfg.StorePath)
	if err != nil {
		logger.Error("open store", "err", err.Error())
		return exitRuntime
	}
	defer func() {
		if err := st.Close(); err != nil {
			logger.Error("close store", "err", err.Error())
		}
	}()

	srv := &httpserver.Server{
		Addr:  cfg.Listen,
		Log:   logger,
		Store: st,
	}
	if err := srv.Run(ctx); err != nil {
		logger.Error("server exit", "err", err.Error())
		return exitRuntime
	}
	logger.Info("broker stopped")
	return exitSuccess
}
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`// Command fjmcp-broker is an OAuth 2.1 authorization server and MCP session`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`// broker that fronts forgejo-mcp. See ../../README.md and ../../docs/ for`
			`// the design.`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`package main`

			`import (`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`"context"`
			`"errors"`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`"flag"`
			`"fmt"`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`"io"`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`"os"`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`"os/signal"`
			`"syscall"`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00
			`"kode.naiv.no/olemd/forgejo-mcp-broker/internal/buildinfo"`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`"kode.naiv.no/olemd/forgejo-mcp-broker/internal/config"`
			`"kode.naiv.no/olemd/forgejo-mcp-broker/internal/httpserver"`
			`brokerlog "kode.naiv.no/olemd/forgejo-mcp-broker/internal/log"`
			`"kode.naiv.no/olemd/forgejo-mcp-broker/internal/store"`
			`)`

			`// Exit codes follow the usual convention: 0 success, 2 config/usage, 1 runtime.`
			`const (`
			`exitSuccess = 0`
			`exitRuntime = 1`
			`exitConfig = 2`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`)`

			`func main() {`
feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`os.Exit(run(os.Args[1:], os.Stderr))`
			`}`

			`// run is the testable entry point. Parses config, wires dependencies, and`
			`// blocks until the HTTP server exits or a shutdown signal arrives. Returns`
			`// an OS exit code.`
			`func run(args []string, out io.Writer) int {`
			`// --version is handled before config.Load so operators can inspect a`
			`// binary without providing the rest of the required config.`
			`for _, a := range args {`
			`if a == "--version" \|\| a == "-version" {`
			`fmt.Fprintf(out, "fjmcp-broker %s (rev %s, built %s)\n",`
			`buildinfo.Version, buildinfo.GitRevision, buildinfo.BuildDate)`
			`return exitSuccess`
			`}`
			`}`

			`cfg, err := config.Load(args, out)`
			`switch {`
			`case errors.Is(err, flag.ErrHelp):`
			`return exitSuccess`
			`case err != nil:`
			`fmt.Fprintln(out, "fjmcp-broker: config error:")`
			`fmt.Fprintln(out, err.Error())`
			`return exitConfig`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`}`

feat(cmd/broker): wire config → log → store → httpserver (forgejo-mcp-broker-t37) Final phase-1 step: the broker now starts. run() parses config, opens the store, builds the httpserver, and blocks on signal.NotifyContext until SIGTERM/SIGINT fires, at which point it drains through httpserver.Run's graceful-shutdown path and closes the store. --version is handled before config.Load so operators can inspect a binary without providing the rest of the config. flag.ErrHelp is passed through so -h exits 0. Config failure exits 2; runtime failure exits 1. Integration tests build the binary once in TestMain and exercise three acceptance scenarios against it: - --version: prints build info, exits 0 - no config: exits nonzero with stderr listing every missing field - full startup: /healthz returns 200 with correct JSON; SIGTERM triggers clean exit within 2s Closes forgejo-mcp-broker-t37. Phase 1 complete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 17:29:37 +02:00			`logger := brokerlog.New(out, cfg.Debug)`
			`logger.Info("starting broker",`
			`"listen", cfg.Listen,`
			`"public_url", cfg.PublicURL,`
			`"forgejo_url", cfg.ForgejoURL,`
			`"store_path", cfg.StorePath,`
			`"max_sessions", cfg.MaxSessions,`
			`"idle_timeout", cfg.SessionIdleTimeout.String(),`
			`)`

			`// Signal handling is owned here; the HTTP server just responds to ctx`
			`// cancellation. This keeps internal/httpserver free of signal coupling`
			`// and makes it testable without any OS-level wiring.`
			`ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)`
			`defer stop()`

			`st, err := store.Open(ctx, cfg.StorePath)`
			`if err != nil {`
			`logger.Error("open store", "err", err.Error())`
			`return exitRuntime`
			`}`
			`defer func() {`
			`if err := st.Close(); err != nil {`
			`logger.Error("close store", "err", err.Error())`
			`}`
			`}()`

			`srv := &httpserver.Server{`
			`Addr: cfg.Listen,`
			`Log: logger,`
			`Store: st,`
			`}`
			`if err := srv.Run(ctx); err != nil {`
			`logger.Error("server exit", "err", err.Error())`
			`return exitRuntime`
			`}`
			`logger.Info("broker stopped")`
			`return exitSuccess`
feat: bootstrap Go project layout (forgejo-mcp-broker-n84) - Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker - Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver} - Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info - Stub cmd/broker/main.go with --version support; real wiring follows in -t37 - Stub doc.go for each internal/* package, pointing to the issue that fills it in Closes forgejo-mcp-broker-n84. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-24 16:54:27 +02:00			`}`