feat: M18a — MCP server exposing all 76 API endpoints as AI-native tools

Separate standalone binary (cmd/mcp-server/) using official MCP Go SDK
(modelcontextprotocol/go-sdk v1.4.1) with stdio transport. Stateless HTTP
proxy translates MCP tool calls to certctl REST API requests. 76 tools
across 16 resource domains with typed input structs and jsonschema tags
for automatic LLM-friendly schema generation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

cmd/mcp-server/main.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"os/signal"
+
+	gomcp "github.com/modelcontextprotocol/go-sdk/mcp"
+
+	"github.com/shankar0123/certctl/internal/mcp"
+)
+
+// Version is set at build time via -ldflags.
+var Version = "dev"
+
+func main() {
+	serverURL := os.Getenv("CERTCTL_SERVER_URL")
+	if serverURL == "" {
+		serverURL = "http://localhost:8443"
+	}
+
+	apiKey := os.Getenv("CERTCTL_API_KEY")
+
+	client := mcp.NewClient(serverURL, apiKey)
+
+	server := gomcp.NewServer(&gomcp.Implementation{
+		Name:    "certctl",
+		Version: Version,
+	}, nil)
+
+	mcp.RegisterTools(server, client)
+
+	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt)
+	defer stop()
+
+	fmt.Fprintf(os.Stderr, "certctl MCP server %s (backend: %s)\n", Version, serverURL)
+
+	if err := server.Run(ctx, &gomcp.StdioTransport{}); err != nil {
+		log.Fatalf("MCP server error: %v", err)
+	}
+}