Add ldk-server-mcp crate scaffolding for MCP gateway

[vincenzopalazzo]

Summary

v1 scaffolding for a new ldk-server-mcp workspace crate — an HTTPS gateway that will eventually expose the LDK Server gRPC API as an MCP (Model Context Protocol) server, plus a small admin web UI for minting scoped auth tokens to plug into Claude Desktop / Claude Code.

This PR is the foundational layer only. The daemon is unmodified.

• New ldk-server-mcp workspace crate: TOML config + axum HTTPS listener (HTTP/1.1 + HTTP/2 via hyper-util auto builder) + /healthz
• Self-signed TLS cert auto-generation, mirroring the daemon's pattern in ldk-server/src/util/tls.rs. Copied (not extracted into a shared util crate) to keep this PR scoped — the brainstorm doc flags the refactor as a v2 deferred item.
• DaemonClient wrapper around ldk-server-client that loads the daemon's api_key and TLS cert from disk and verifies connectivity on boot via GetNodeInfo.
• GatewayLogger matching the daemon's ServerLogger so operators see consistent log output across the two processes.
• Sample contrib/ldk-server-mcp-config.toml and crate-level README.md.
• Brainstorm doc at docs/brainstorms/2026-05-07-ldk-server-mcp.md capturing the full v1 spec and the PR breakdown for follow-ups (sqlite token store, web UI, MCP tool layer over the ~40 RPCs, SubscribeEvents -> MCP notifications fan-out, Connect-to-Claude UX).

Architecture

ldk-server-mcp is a separate process and a separate workspace crate from ldk-server. It calls the daemon over its existing gRPC + TLS interface using ldk-server-client. Token storage and scope enforcement live entirely in the gateway in v1; promoting them into the daemon is the v2 path described in the brainstorm.

New dependencies

• axum 0.7 (default features off; json, tokio)
• hyper 1 server features http1, http2
• hyper-util 0.1 features tokio, service, server-auto, http1, http2
• tower 0.5 (dev-only, for ServiceExt::oneshot in tests)

Everything else is reused from the workspace (tokio, tokio-rustls, ring, serde, toml, clap, log, chrono, hex-conservative, base64, getrandom, ldk-server-client, ldk-server-grpc).

Test plan

• cargo fmt --all -- --check clean
• cargo clippy -p ldk-server-mcp --all-targets -- -D warnings clean
• cargo test -p ldk-server-mcp — 14 tests pass (config parse / unknown-field reject / log-level validate / TLS generate-and-load roundtrip / /healthz returns 200 / unknown path returns 404)
• cargo check --release -p ldk-server-mcp clean
• cargo doc --release -p ldk-server-mcp --no-deps clean
• Manual smoke test against a running daemon (curl -k https://127.0.0.1:3537/healthz -> ok) — recommended before merge

Notes for review

• The daemon's util/tls.rs is duplicated rather than shared. The brainstorm doc flags extracting it into a ldk-server-util crate as a v2 follow-up — keeping this PR to one new crate keeps the diff reviewable. ALPN here is ["h2", "http/1.1"] (vs. the daemon's ["h2"]) so browsers reach the future UI.
• TLS handshake errors are at debug! (not error!) — port-scanning is normal in the threat model and we don't want to spam the log on each scan.
• The bootstrap admin token, sqlite token store, and the /api/* UI endpoints are deliberately not in this PR — they land in PR2 of the breakdown in the brainstorm doc.

This change was developed with Claude Code assistance.

[ldk-reviews-bot]

I've assigned @wpaulino as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[Anyitechs]

Have you seen #188 or this is different?

[vincenzopalazzo]

Ah sorry! i open the PR on the wrong repository.

Have you seen #188 or this is different?

Yes but this is an PoC over the Https transport layer and not only stdio See https://modelcontextprotocol.io/specification/2025-03-26/basic/transports but this is not ready to be proposed yet, sorry