feat: Add local MCP server for result fetching and readout analysis

[neelay-aign]

No description provided.

[sentry]

Bug: The token command always exits with an error code (1) due to a misplaced sys.exit(1) call, even on successful execution.
_{Severity: HIGH}

Suggested Fix

Move the sys.exit(1) call to be inside the except Exception as e: block. This ensures that the command only exits with an error code when an exception is actually caught, and exits with the default success code (0) otherwise.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: src/aignostics/mcp/_server.py#L120

Potential issue: In the `token` command function within
`src/aignostics/platform/_cli.py`, the `sys.exit(1)` call is incorrectly placed at the
end of the function, outside of the `except` block. As a result, the command will always
exit with a status code of 1, indicating an error, even when the token is successfully
retrieved and printed. This behavior breaks standard command-line tool conventions,
where a zero exit code signifies success, and will cause issues for any scripts or
automation that rely on the exit code to determine the command's outcome.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[codecov]

Codecov Report

❌ Patch coverage is 65.54455% with 174 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/aignostics/mcp/_server.py	66.74%	105 Missing and 40 partials ⚠️
src/aignostics/platform/_client.py	12.50%	14 Missing ⚠️
src/aignostics/platform/_cli.py	20.00%	8 Missing ⚠️
src/aignostics/mcp/__main__.py	0.00%	6 Missing ⚠️
src/aignostics/platform/_service.py	66.66%	1 Missing ⚠️

Files with missing lines	Coverage Δ
src/aignostics/mcp/__init__.py	100.00% <100.00%> (ø)
src/aignostics/mcp/_settings.py	100.00% <100.00%> (ø)
src/aignostics/platform/_service.py	73.68% <66.66%> (-0.19%)	⬇️
src/aignostics/mcp/__main__.py	0.00% <0.00%> (ø)
src/aignostics/platform/_cli.py	78.16% <20.00%> (-7.56%)	⬇️
src/aignostics/platform/_client.py	81.98% <12.50%> (-11.71%)	⬇️
src/aignostics/mcp/_server.py	66.74% <66.74%> (ø)

... and 9 files with indirect coverage changes

[sonarqubecloud]

Quality Gate failed

Failed conditions
11 New issues
70.4% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[olivermeyer]

Do we ever expect to execute this script directly?

[olivermeyer]

This could reuse the download_file function to get integrity checking out of the box.

[neelay-aign]

Can probably be gotten rid of now. There were some auth issues in early development which were solved using this explicit method. Will investigate.

[olivermeyer]

The API root is already defined in the settings. I'd suggest pulling it from there.

[olivermeyer]

(Agree in principle with controlling the URLs with a single environment setting but then we should propagate that change to the entire SDK).

[olivermeyer]

Suggest using the cache_dir defined in the settings.

Additionally, if I understand the current implementation correctly, users could easily end up downloading readouts twice:

• Once when they download run results using the GUI or CLI (application run result download ...) -> readouts are downloaded to <cache_dir>/results/<run_id>/<external_item_id>/...
• Once when they work with the readouts in the MCP server -> readouts are downloaded to a different location

Ideally, we would use the same location: if the user already downloaded all results for a run, the MCP server should simply open those without downloading them again.