docs: local vs server quickstart, authz model, packaging

Reframe the README around two transports and add a local stdio quickstart with
uvx/pip and Claude Desktop / Claude Code wiring. New docs: local-quickstart.md
and packaging.md (uv build/publish). Document resource-type-aware authorization
and classified gitea_request in security.md; stdio env vars + audit-log
fallback in configuration.md; local install in deployment.md; core+adapters in
architecture.md. Add the missing root AGENTS.md contract, update CLAUDE.md with
the core/adapter layout, fail-closed invariants, and the branching flow
(HEAD -> feature -> dev -> main). Update roadmap/todo and .env.example.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

docs/todo.md

@@ -83,6 +83,19 @@
 - [ ] Final security review sign-off.
 - [ ] Release checklist execution.
 
+## Phase 10 Local Package & Safe Full Coverage (0.2.0)
+
+- [x] Extract transport-agnostic core + shared tool registry.
+- [x] Lock the core/web boundary with a no-fastapi import test.
+- [x] Add local stdio adapter (`stdio_app.py`) over the `mcp` SDK.
+- [x] Restructure packaging: core install + `[server]` extra + console scripts.
+- [x] Resource-type-aware authorization (repo/org/user/admin/misc), fail-closed.
+- [x] Classified `gitea_request`: write classifier + known-path gate + denylist.
+- [x] Authz matrix, write-mode bypass, classifier, and stdio adapter tests.
+- [x] `.gitea/workflows/publish.yml` (uv build + publish to Gitea registry on tag).
+- [ ] Make `list_organizations` user-scoped in service-PAT mode (`/users/{login}/orgs`)
+      so it can be allowed instead of denied. (TODO(authz))
+
 ## Release Checklist
 
 - [ ] `make lint`