Phase 3: MCP HTTP clients + Dockerization

Wrapper async tipizzati sui sei servizi MCP HTTP che Cerbero Bite
consuma in autonomia. 277 test pass, copertura clients 93%, mypy
strict pulito, ruff clean.

Base layer:
- clients/_base.py: HttpToolClient con httpx + tenacity (retry
  esponenziale 3x, timeout 8s, mapping HTTP→eccezioni tipizzate).
- clients/_exceptions.py: McpAuthError, McpServerError, McpToolError,
  McpDataAnomalyError, McpNotFoundError, McpTimeoutError.
- config/mcp_endpoints.py: risoluzione URL via Docker DNS
  (mcp-deribit:9011, ...) con override per servizio via env var;
  caricamento bearer token da secrets/core.token o
  CERBERO_BITE_CORE_TOKEN_FILE.

Wrapper:
- clients/macro.py: next_high_severity_within() per filtro entry §2.5.
- clients/sentiment.py: funding_cross_median_annualized() con
  annualizzazione per period nativo per exchange (Binance/Bybit/OKX
  1095, Hyperliquid 8760).
- clients/hyperliquid.py: funding_rate_annualized() per filtro §2.6.
- clients/portfolio.py: total_equity_eur(), asset_pct_of_portfolio()
  per sizing engine + filtro §2.7.
- clients/telegram.py: notify-only (no callback queue, no
  conferme — Bite auto-execute).
- clients/deribit.py: environment_info, index_price_eth,
  latest_dvol, options_chain, get_tickers, orderbook_depth_top3,
  get_account_summary, get_positions, place_combo_order (combo
  atomico), cancel_order.

CLI:
- cerbero-bite ping: health-check parallelo di tutti gli MCP con
  tabella rich (OK/FAIL/SKIPPED).

Docker:
- Dockerfile multi-stage Python 3.13 + uv, user non-root.
- docker-compose.yml con rete external "cerbero-suite", secret
  core_token montato a /run/secrets/core_token, env per ogni MCP.
- secrets/README.md documenta il setup del token.

Documentazione di intervento:
- docs/12-mcp-deribit-changes.md: spec delle modifiche apportate
  al server mcp-deribit (place_combo_order + override testnet via
  DERIBIT_TESTNET).

Dipendenze:
- aggiunto pytest-httpx per i test HTTP.
- rimosso mcp>=1.0 (non usiamo l'SDK MCP, parliamo via HTTP REST).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/unit/test_cli_ping.py

@@ -0,0 +1,110 @@
+"""End-to-end test for ``cerbero-bite ping``.
+
+The CLI uses the production code paths, so we set up an HTTP mock that
+matches every URL Bite is going to hit and assert the rendered output
+contains the expected statuses.
+"""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+from click.testing import CliRunner
+from pytest_httpx import HTTPXMock
+
+from cerbero_bite.cli import main as cli_main
+
+
+def _seed_token(tmp_path: Path) -> Path:
+    target = tmp_path / "core_token"
+    target.write_text("super-secret\n", encoding="utf-8")
+    return target
+
+
+def test_ping_reports_each_service(
+    tmp_path: Path, httpx_mock: HTTPXMock
+) -> None:
+    token_file = _seed_token(tmp_path)
+
+    httpx_mock.add_response(
+        url="http://mcp-deribit:9011/tools/environment_info",
+        json={
+            "exchange": "deribit",
+            "environment": "testnet",
+            "source": "env",
+            "env_value": "true",
+            "base_url": "https://test.deribit.com/api/v2",
+            "max_leverage": 3,
+        },
+    )
+    httpx_mock.add_response(
+        url="http://mcp-hyperliquid:9012/tools/get_funding_rate",
+        json={"asset": "ETH", "current_funding_rate": 0.0001},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-macro:9013/tools/get_macro_calendar",
+        json={"events": []},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-sentiment:9014/tools/get_cross_exchange_funding",
+        json={"snapshot": {"ETH": {"binance": 0.0001}}},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-portfolio:9018/tools/get_total_portfolio_value",
+        json={"total_value_eur": 5000.0},
+    )
+
+    result = CliRunner().invoke(
+        cli_main, ["ping", "--token-file", str(token_file), "--timeout", "1.0"]
+    )
+    assert result.exit_code == 0, result.output
+    assert "deribit" in result.output
+    assert "hyperliquid" in result.output
+    assert "macro" in result.output
+    assert "sentiment" in result.output
+    assert "portfolio" in result.output
+    assert "telegram" in result.output  # listed even if skipped
+    # at least 5 OK statuses
+    assert result.output.count("OK") >= 5
+
+
+def test_ping_reports_failure_when_service_unreachable(
+    tmp_path: Path, httpx_mock: HTTPXMock
+) -> None:
+    token_file = _seed_token(tmp_path)
+    httpx_mock.add_response(
+        url="http://mcp-deribit:9011/tools/environment_info",
+        status_code=500,
+        text="boom",
+    )
+    # Provide successful stubs for the others to keep the call small.
+    httpx_mock.add_response(
+        url="http://mcp-hyperliquid:9012/tools/get_funding_rate",
+        json={"asset": "ETH", "current_funding_rate": 0.0001},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-macro:9013/tools/get_macro_calendar",
+        json={"events": []},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-sentiment:9014/tools/get_cross_exchange_funding",
+        json={"snapshot": {"ETH": {"binance": 0.0001}}},
+    )
+    httpx_mock.add_response(
+        url="http://mcp-portfolio:9018/tools/get_total_portfolio_value",
+        json={"total_value_eur": 0.0},
+    )
+
+    result = CliRunner().invoke(
+        cli_main, ["ping", "--token-file", str(token_file), "--timeout", "1.0"]
+    )
+    assert result.exit_code == 0
+    assert "FAIL" in result.output
+
+
+def test_ping_token_missing_exits_nonzero(tmp_path: Path) -> None:
+    result = CliRunner().invoke(
+        cli_main, ["ping", "--token-file", str(tmp_path / "nope")]
+    )
+    assert result.exit_code == 1
+    assert "token error" in result.output