Fix MCP config: replace hardcoded token with env-var wrapper script

MCP_AUTH_TOKEN was stored in plain text in .mcp.json and thus in git
history. Now connect.sh reads the token from the environment variable
MCP_AUTH_TOKEN — set via export in ~/.bashrc or a secrets manager.

⚠️ Old token is in git history and should be rotated on the server.
Rotate: python manage.py create_agent_token <username>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.mcp.json

@@ -1,11 +1,9 @@
 {
   "mcpServers": {
     "stiftung": {
-      "command": "ssh",
+      "command": "bash",
       "args": [
-        "-o", "StrictHostKeyChecking=no",
+        "/home/remmer/stiftung/app/mcp_server/connect.sh"
-        "deployment@217.154.84.225",
-        "cd /opt/stiftung && docker compose run --rm -T -e MCP_AUTH_TOKEN=a66d2bf53b83489693a59af6ff0e3dd2a09885b98aced40f6bbb7423a173e173 -e DJANGO_ALLOW_ASYNC_UNSAFE=true mcp"
       ]
     }
   }

app/mcp_server/connect.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+# MCP-Verbindungsskript zum Remote-Server
+# Token wird aus der Umgebungsvariable MCP_AUTH_TOKEN gelesen – nie hardcoden.
+# Einrichten: export MCP_AUTH_TOKEN=<token> in ~/.bashrc oder per Secrets-Manager.
+
+set -euo pipefail
+
+: "${MCP_AUTH_TOKEN:?MCP_AUTH_TOKEN nicht gesetzt. Bitte in ~/.bashrc oder ~/.profile exportieren.}"
+
+exec ssh \
+  -o StrictHostKeyChecking=no \
+  deployment@217.154.84.225 \
+  "cd /opt/stiftung && docker compose run --rm -T \
+    -e MCP_AUTH_TOKEN=${MCP_AUTH_TOKEN} \
+    -e DJANGO_ALLOW_ASYNC_UNSAFE=true \
+    mcp"