feat: Add Docker infrastructure with Caddy and startup scripts (#25, #26)

Issue #25 - Docker multi-service infrastructure:
- Create docker/Dockerfile with multi-stage build, git support, port 8080
- Create docker/docker-compose.yml with app + Caddy services
- Create docker/Caddyfile for HTTPS termination and reverse proxy
- Create docker/.env.example with configuration template

Issue #26 - Startup scripts and tests:
- Create scripts/start.sh for production startup with env validation
- Create scripts/healthcheck.sh for Docker health checks
- Add health endpoint tests to test_mcp_endpoints.py
- Fix middleware order (HealthCheckBypass must wrap BearerAuth)
- Fix pyproject.toml testpaths to use 'tests' directory
- Update test_config.py for new defaults (0.0.0.0:8080)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tests/test_config.py

@@ -36,9 +36,10 @@ class TestGiteaSettings:
         assert settings.gitea_token == "test_token"
         assert settings.gitea_owner == "test_owner"
         assert settings.gitea_repo == "test_repo"
-        assert settings.http_host == "127.0.0.1"
-        assert settings.http_port == 8000
+        assert settings.http_host == "0.0.0.0"
+        assert settings.http_port == 8080
         assert settings.auth_token is None
+        assert settings.mcp_auth_mode == "optional"
 
     def test_gitea_url_validation(self):
         """Test Gitea URL validation."""
@@ -152,21 +153,24 @@ class TestGiteaSettings:
         )
         assert settings.disabled_tools_list == ["tool1", "tool2"]
 
-    def test_get_gitea_mcp_env(self):
-        """Test environment variable generation for wrapped MCP server."""
+    def test_mcp_auth_mode_field(self):
+        """Test mcp_auth_mode field with different values."""
         settings = GiteaSettings(
             gitea_url="https://gitea.example.com",
             gitea_token="test_token",
             gitea_owner="test_owner",
-            gitea_repo="test_repo",
+            mcp_auth_mode="required",
         )
 
-        env = settings.get_gitea_mcp_env()
+        assert settings.mcp_auth_mode == "required"
 
-        assert env["GITEA_BASE_URL"] == "https://gitea.example.com"
-        assert env["GITEA_API_TOKEN"] == "test_token"
-        assert env["GITEA_DEFAULT_OWNER"] == "test_owner"
-        assert env["GITEA_DEFAULT_REPO"] == "test_repo"
+        # Default value
+        settings_default = GiteaSettings(
+            gitea_url="https://gitea.example.com",
+            gitea_token="test_token",
+            gitea_owner="test_owner",
+        )
+        assert settings_default.mcp_auth_mode == "optional"
 
 
 class TestLoadSettings:

tests/test_mcp_endpoints.py

@@ -1,4 +1,4 @@
-"""Tests for MCP protocol endpoints."""
+"""Tests for MCP protocol endpoints and health checks."""
 import pytest
 import json
 import re
@@ -26,6 +26,35 @@ def client(mock_env):
     return TestClient(app)
 
 
+# =============================================================================
+# Health Endpoint Tests
+# =============================================================================
+
+
+def test_health_endpoint(client):
+    """Test GET /health returns status ok."""
+    response = client.get("/health")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["status"] == "ok"
+
+
+def test_health_endpoint_no_auth_required(mock_env):
+    """Test health endpoint works even with AUTH_TOKEN set."""
+    with patch.dict("os.environ", {**mock_env, "AUTH_TOKEN": "secret123"}):
+        app = create_app()
+        client = TestClient(app)
+        # Health should bypass auth
+        response = client.get("/health")
+        assert response.status_code == 200
+        assert response.json()["status"] == "ok"
+
+
+# =============================================================================
+# MCP Protocol Tests
+# =============================================================================
+
+
 def parse_sse_message(sse_text: str) -> dict:
     """Parse SSE message data."""
     data_match = re.search(r'data: (.+)', sse_text)