Add specification for intent-based tool split feature (RFC-003 Phase 2):

## Key Features
- Split call_tool into call_tool_read/write/destructive for IDE permission control
- Two-key security model: tool variant + intent.operation_type must match
- Server annotation validation (destructiveHint/readOnlyHint)
- Enhanced retrieve_tools with annotations and call_with guidance
- CLI commands: mcpproxy call tool-read/write/destructive

## Breaking Changes
- Remove legacy call_tool (clean break)
- Intent parameter now required
- intent.operation_type must match tool variant

## Spec Statistics
- 8 user stories, 19 acceptance scenarios
- 42 functional requirements
- Complete validation matrix

* fix: resolve activity CLI bugs from QA report

This commit addresses multiple issues found during QA testing of the
activity log feature (Specs 016/017):

1. Fix summary endpoint 404: The /api/v1/activity/summary endpoint was
   missing and requests were being routed to /{id} handler. Added the
   handleActivitySummary handler and registered the route before the
   catch-all {id} route.

2. Fix activity show table output: The cliclient's GetActivityDetail
   was returning the whole API response object including the 'activity'
   wrapper, causing the CLI to read empty fields. Fixed by properly
   unwrapping the activity object from the response.

3. Fix ID truncation: The activity list command was truncating ULIDs
   to 13 characters for display, but activity show required the full
   ID. Removed truncation so users can copy/paste IDs directly.

4. Fix export --include-bodies flag: The flag was being passed but
   ignored by the API handler. Added logic to respect the parameter
   and only include request/response bodies when explicitly requested.

Fixes issues from docs/qa/activity-log-qa-report.md.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: regenerate OpenAPI spec for activity summary endpoint

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

This change addresses TC6 from the activity log QA report by adding
activity logging for CLI tool calls with a source indicator.

Changes:
- Add Source field to ActivityRecord in storage and contracts packages
- Support three source values: "mcp" (AI agent), "cli" (CLI command), "api" (REST API)
- Update event bus to pass source parameter through activity events
- Set request source context in REST API tool call handler
- Update MCP handler to check context for source (defaults to "mcp")
- Update CLI display to show source indicator in list, show, and watch commands
- Update documentation with new source column examples

The source field allows distinguishing between:
- MCP: Tool calls from AI agents via MCP protocol
- CLI: Tool calls from direct CLI commands (mcpproxy call tool)
- API: Tool calls from REST API

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Implement the two-key security model for MCP tool calls with three
operation-specific tool variants replacing the single call_tool.

Key changes:
- Add IntentDeclaration struct with validation in internal/contracts/intent.go
- Replace call_tool with call_tool_read/write/destructive variants
- Enforce two-key validation: intent.operation_type must match tool variant
- Add server annotation validation against destructiveHint/readOnlyHint
- Enhance retrieve_tools with annotations and call_with recommendations
- Add IntentDeclarationConfig for strict_server_validation setting
- Update E2E tests to use new tool variants with required intent

Tool variants:
- call_tool_read: For read-only operations (intent: operation_type=read)
- call_tool_write: For write operations (intent: operation_type=write)
- call_tool_destructive: For destructive operations (intent: operation_type=destructive)

Security model:
- Intent must be declared in both tool selection AND intent parameter
- Mismatches are rejected with clear error messages
- Server annotations provide additional validation layer
- call_tool_destructive is most permissive (skips server validation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…c 018 Phase 7-8)

Add CLI commands for intent-based tool calling:
- mcpproxy call tool-read: Read-only operations
- mcpproxy call tool-write: Write operations
- mcpproxy call tool-destructive: Destructive operations

Each command auto-populates intent based on variant and supports:
- --reason: Human-readable explanation (max 1000 chars)
- --sensitivity: Data classification (public/internal/private/unknown)

Activity system integration:
- Store intent and tool_variant in ActivityRecord.Metadata
- Update EmitActivityToolCallCompleted to pass intent metadata
- Activity service extracts and persists intent in records

The legacy 'call tool' command is deprecated with clear messaging.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add formatIntentIndicator() for intent column with visual indicators
- Add visual indicators for operation types: 📖 read, ✏️ write, ⚠️ destructive
- Add displayIntentSection() for activity show command
- Add getMapField() helper for extracting map fields from API responses
- Add INTENT column to activity list table output
- Update activity show to display full intent declaration section
- Mark T047-T052 complete in tasks.md

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add --intent-type flag to activity list CLI command
- Add IntentType field to ActivityFilter in storage layer
- Implement extractIntentType() to get operation type from metadata
- Update Matches() to filter by intent_type
- Add intent_type query parameter to GET /api/v1/activity endpoint
- Update OpenAPI spec with intent_type filter parameter
- Mark T057-T062 complete in tasks.md

Users can now filter activity by intent operation type:
  mcpproxy activity list --intent-type read
  mcpproxy activity list --intent-type destructive

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Update CLAUDE.md Built-in Tools section with new tool variants
- Add Intent Declaration documentation with example JSON
- Mark all Phase 11 documentation tasks complete
- All 69 tasks for Spec 018 Intent Declaration complete

Spec 018 Intent Declaration is now fully implemented:
- Phase 1-6 (MVP): Three tool variants with two-key security
- Phase 7: CLI tool-read/write/destructive commands
- Phase 8: Intent display in activity CLI
- Phase 9: Optional metadata validation
- Phase 10: Activity filtering by intent_type
- Phase 11: Documentation and validation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Regenerate swagger.yaml to include intent_type filter parameter
and ensure CI verification passes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Run swag init with --v3.1 --exclude specs flags to match CI expectations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Resolved conflicts in:
- cmd/mcpproxy/activity_cmd.go (intent display functions and INTENT column)
- internal/runtime/activity_service.go (intent metadata extraction)
- internal/runtime/event_bus.go (EmitActivityToolCallCompleted signature)
- internal/server/mcp.go (emitActivityToolCallCompleted signature)
- oas/docs.go (regenerated)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add activity policy_decision records when intent validation fails
- Parse tool name early to capture server/tool for activity logging
- Record blocked status with descriptive reason for:
  - Invalid intent parameter format
  - Missing required intent
  - Intent operation_type mismatch with tool variant
  - Intent conflict with server annotations
- Reuse getSessionID helper for consistent session tracking
- Fix nil pointer dereference when intent is nil

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…ules

- Change default tool variant from call_tool_write to call_tool_read
  (most tools are read-only: search, query, list, get operations)
- Add comprehensive DECISION RULES to tool descriptions with keyword lists
- Improve usage_instructions in retrieve_tools response with categorized
  keyword patterns for each operation type
- Add clearer documentation for DeriveCallWith function

This helps LLMs correctly choose call_tool_read for search operations
instead of incorrectly using call_tool_write.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add swaggertype:"object" annotations to map[string]interface{} fields
  in contracts/types.go, contracts/activity.go, and contracts/intent.go
- Add swaggertype:"string" for Duration fields in config.go
- Add swaggerignore for Duration array fields that cause swag crashes
- Add swaggertype:"primitive,string" for interface{} Count fields
- Regenerate swagger.yaml with fixed schema types

This eliminates "found schema with no Type, returning any" warnings
during swagger generation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Fix health calculator to handle case-insensitive state matching
  (ConnectionState.String() returns "Error" but calculator expected "error")

- Fix OAuth autodiscovery detection: when server requires OAuth via autodiscovery
  but has no stored token, set oauthConfig and oauthStatus="none" so health
  calculator shows "Authentication required" instead of "Connected"

- Detect OAuth-related errors in connection error states and suggest "login"
  action instead of "restart" for OAuth-required servers

Before: bindings-cloudflare with OAuth error showed "healthy"/"Connected"
After: Shows "unhealthy"/"Authentication required" with action "login"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Changed DeriveCallWith default from write to read in previous commit,
test expectation needed updating to match.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Remove docs/proposals (drafts), docs/qa (test reports), and docs/research
(brainstorming) from git tracking. These are local working files not
intended for the repository.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add comprehensive documentation for the intent-based tool splitting feature
that enables fine-grained IDE permission control.

## New Documentation
- docs/features/intent-declaration.md - Full feature documentation
  - Two-key security model explanation
  - Tool variants (call_tool_read/write/destructive)
  - Server annotation validation matrix
  - CLI commands and examples
  - IDE configuration examples

## Updated Documentation
- docs/api/mcp-protocol.md - Replace call_tool with three variants
- docs/features/activity-log.md - Add intent tracking section
- website/sidebars.js - Add intent-declaration and activity-log to sidebar

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes 4 issues from the QA report:

1. Fixed CLI arg name: --args → --json_args in quickstart.md
   - Updated all examples to use correct --json_args parameter

2. Clarified legacy call_tool status:
   - CLI: marked as legacy, will be deprecated (still works)
   - MCP: removed, clients must use call_tool_read/write/destructive

3. Fixed DeriveCallWith default for tools without annotations:
   - Empty annotations now default to call_tool_read (safe default)
   - Only explicit readOnlyHint=false returns call_tool_write
   - Updated test expectations to match new behavior

4. Documented NO_COLOR=1 for disabling CLI icons/colors
   - Added "Plain Text Output" section to quickstart.md

Note: Issue #5 (activity logging for intent validation errors) was
already implemented correctly - policy decisions are being logged
via emitActivityPolicyDecision() → handlePolicyDecision() → SaveActivity()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>