✨ Add OAuth functionality, MCP tools, and feature tests

- 🔒 Added migrations for `oauth_access_tokens`, `oauth_refresh_tokens`, `oauth_auth_codes`, `oauth_clients`, and `oauth_device_codes`.
- 🤖 Created MCP tools (Meetups, Cities, Venues, Courses, Lecturers) for managing entities with authentication and validation.
- 🛠️ Implemented Passport-backed OAuth API guard configuration and validation endpoints.
- ✅ Added comprehensive feature tests for MCP tools and OAuth functionality (access control, validation, and token-based authentication).

tests/Feature/Mcp/CourseEventMcpToolTest.php

@@ -0,0 +1,90 @@
+<?php
+
+use App\Mcp\Servers\EinundzwanzigServer;
+use App\Mcp\Tools\CourseEvent\CreateCourseEventTool;
+use App\Mcp\Tools\CourseEvent\ListMyCourseEventsTool;
+use App\Mcp\Tools\CourseEvent\UpdateCourseEventTool;
+use App\Models\Course;
+use App\Models\CourseEvent;
+use App\Models\User;
+use App\Models\Venue;
+
+it('forbids a non-lecturer from creating a course event', function () {
+    $course = Course::factory()->create();
+    $venue = Venue::factory()->create();
+
+    EinundzwanzigServer::actingAs(User::factory()->create(['is_lecturer' => false]))
+        ->tool(CreateCourseEventTool::class, [
+            'course_id' => $course->id,
+            'venue_id' => $venue->id,
+            'from' => '2026-07-01 18:00:00',
+            'to' => '2026-07-01 21:00:00',
+            'link' => 'https://clavastack.com/produkt/specter-shield-lite-workshop',
+        ])
+        ->assertHasErrors();
+});
+
+it('lets a lecturer create a course event and stamps created_by', function () {
+    $user = User::factory()->lecturer()->create();
+    $course = Course::factory()->create();
+    $venue = Venue::factory()->create();
+
+    EinundzwanzigServer::actingAs($user)
+        ->tool(CreateCourseEventTool::class, [
+            'course_id' => $course->id,
+            'venue_id' => $venue->id,
+            'from' => '2026-07-01 18:00:00',
+            'to' => '2026-07-01 21:00:00',
+            'link' => 'https://clavastack.com/produkt/specter-shield-lite-workshop',
+        ])
+        ->assertOk();
+
+    $this->assertDatabaseHas('course_events', [
+        'course_id' => $course->id,
+        'venue_id' => $venue->id,
+        'created_by' => $user->id,
+    ]);
+});
+
+it('fails validation for missing fields', function () {
+    EinundzwanzigServer::actingAs(User::factory()->lecturer()->create())
+        ->tool(CreateCourseEventTool::class, [])
+        ->assertHasErrors();
+});
+
+it('lets the owner update their course event', function () {
+    $user = User::factory()->lecturer()->create();
+    $event = CourseEvent::factory()->create(['created_by' => $user->id]);
+
+    EinundzwanzigServer::actingAs($user)
+        ->tool(UpdateCourseEventTool::class, [
+            'id' => $event->id,
+            'link' => 'https://einundzwanzig.space/courses/updated',
+        ])
+        ->assertOk()
+        ->assertSee('https://einundzwanzig.space/courses/updated');
+});
+
+it('forbids updating a course event owned by someone else', function () {
+    $owner = User::factory()->lecturer()->create();
+    $event = CourseEvent::factory()->create(['created_by' => $owner->id]);
+
+    EinundzwanzigServer::actingAs(User::factory()->lecturer()->create())
+        ->tool(UpdateCourseEventTool::class, [
+            'id' => $event->id,
+            'link' => 'https://einundzwanzig.space/courses/hijacked',
+        ])
+        ->assertHasErrors();
+});
+
+it('returns only own course events in the mine list', function () {
+    $user = User::factory()->lecturer()->create();
+    $other = User::factory()->lecturer()->create();
+
+    CourseEvent::factory()->count(2)->create(['created_by' => $user->id]);
+    CourseEvent::factory()->create(['created_by' => $other->id]);
+
+    EinundzwanzigServer::actingAs($user)
+        ->tool(ListMyCourseEventsTool::class)
+        ->assertOk();
+});