Summary

Adds a remote MCP transport over HTTP so aingle's MCP server can be used as a remote connector by cloud clients (claude.ai, and — being MCP-standard — Codex/Cursor/etc.), not just locally over stdio.

• Serves the existing AingleMcp (25 tools) + AppState over Streamable HTTP at /mcp, mounted on cortex's existing axum server (rmcp 1.7 StreamableHttpService). Same tools, same service:: layer — only the transport is new.
• Bearer-token auth on /mcp (constant-time compare), with a deliberate safety gate: the route is only mounted when a token is configured (--mcp-http-token / AINGLE_MCP_HTTP_TOKEN) or --mcp-http-allow-anonymous is passed — never exposed unintentionally.
• AINGLE_PUBLIC_HOST adds the deployment hostname(s) to rmcp's allowed_hosts (default is loopback-only, anti DNS-rebinding).
• New cargo feature mcp-http (composes rmcp transport-streamable-http-server + server-side-http). Default build and mcp-without-mcp-http are unaffected.

Why

The classic stdio MCP server only works with local clients (Claude Desktop classic / Claude Code). Cloud clients use remote HTTP connectors. This is Phase 1 of the remote connector.

Test plan

• cargo test -p aingle_cortex --features "mcp-http dag" — 188 lib + integration; 0 failures.
• tests/mcp_http_integration.rs over real HTTP: no-auth → 401, wrong token → 401, correct token → 2xx + serverInfo; gating (no token) → 404 (route absent); anonymous mode → 2xx without auth.
• Builds: mcp dag mcp-http, mcp dag, and default — all compile.
• New code clippy-clean; rustfmt applied to changed files.

Notes / scope

• claude.ai caveat: claude.ai's connector UI can't attach a static bearer header, so a secured claude.ai connection needs OAuth (Phase 2). Programmatic/curl/MCP-Inspector use works now with the bearer token; --mcp-http-allow-anonymous enables an (open, test-only) claude.ai connection.
• Deployment artifacts (Docker/Caddy/DigitalOcean) live in a separate private ops repo, not here.
• Out of scope (Phase 2): OAuth 2.x / IdP.