feat: harden OAuth state secret validation, DCR file permissions, and policy defaults

- Enforce 32-char minimum on OAUTH_STATE_SECRET at startup (config.py)
- Write DCR client registry with owner-only (0o600) permissions before atomic replace
- Flip policy.yaml default write action from allow → deny
- Add CLAUDE.md with architecture, commands, and AGENTS.md contract summary
- Add .pre-commit-config.yaml mirroring `make lint` checks
- Update .gitignore: add .venv, .claude, .mypy_cache, .ruff_cache, .coverage.*
- Extend docs: audit log rotation guidance, OAUTH_STATE_SECRET and DCR_STORAGE_PATH notes
- Tests: short-secret rejection, 32-char acceptance, POSIX permission check for DCR store

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.env.example

@@ -8,6 +8,10 @@ GITEA_URL=https://git.hiddenden.cafe
 OAUTH_MODE=true
 GITEA_OAUTH_CLIENT_ID=your-gitea-oauth-client-id
 GITEA_OAUTH_CLIENT_SECRET=your-gitea-oauth-client-secret
+# Server secret used to HMAC-sign the OAuth proxy state parameter.
+# Required when OAUTH_MODE=true; must be at least 32 characters.
+# Generate with: openssl rand -hex 32
+OAUTH_STATE_SECRET=
 # Optional explicit audience override; defaults to GITEA_OAUTH_CLIENT_ID
 OAUTH_EXPECTED_AUDIENCE=
 # OIDC discovery and JWKS cache TTL
@@ -16,7 +20,8 @@ OAUTH_CACHE_TTL_SECONDS=300
 # MCP server configuration
 MCP_HOST=127.0.0.1
 MCP_PORT=8080
-# Optional external URL used in OAuth metadata when running behind reverse proxies.
+# Optional external URL used in OAuth metadata and callback URLs when running behind a
+# reverse proxy. When unset, the server derives these from the incoming request.
 # Example: PUBLIC_BASE_URL=https://gitea-mcp.hiddenden.cafe
 PUBLIC_BASE_URL=
 ALLOW_INSECURE_BIND=false