feat(gateway): add botnexus_admin tool for safe platform management

[sytone]

Closes #370

Changes

Adds a new botnexus_admin IAgentTool that provides a safe, validated gateway management API for agents.

Why

Agents were writing directly to config.json via write/edit tools. This caused production incidents. This tool routes all mutations through the Gateway's own validated code paths.

Operations

• get_config: Read effective platform config summary (secrets redacted)
• list_agents: List all registered agents with running status
• get_platform_status: Get agent counts and server time
• create_agent: Register a new agent (validated required fields)
• update_agent: Update agent properties (only provided fields changed)
• delete_agent: Unregister an agent

Implementation

• New PlatformAdminTool in BotNexus.Gateway.Tools
• Wired into InProcessIsolationStrategy.CreateAsync alongside list_agents
• Mutations go through IAgentRegistry and IAgentConfigurationWriter -- never direct file access
• 15 new tests covering happy paths and all sad/error paths

Not in this PR (follow-up work)

• Audit log for mutations
• Privilege scoping per agent
• Portal UI for audit trail

[sytone]

CI: ✅ All checks passing
Merge: CLEAN — no conflicts
Commit title: feat(gateway): add botnexus_admin tool for safe platform management ✅ Conventional commit
Coverage: 15 tests covering all 6 actions + sad paths
Spec completeness: Closes #370 — get_config, list_agents, get_platform_status, create_agent, update_agent, delete_agent all wired through IAgentRegistry/IAgentConfigurationWriter

LGTM — ready to merge.

[sytone]

Farnsworth Review — PR #499

CI: ✅ All checks passing (build-and-test, CodeQL, Security Scan)
Merge conflicts: ✅ Clean (MERGEABLE)
Conventional commit title: ✅ feat(gateway): add botnexus_admin tool for safe platform management

Test coverage:

• ✅ All 6 actions covered (get_config, list_agents, get_platform_status, create_agent, update_agent, delete_agent)
• ✅ Authorization/opt-in via toolIds
• ✅ Mutations via IAgentRegistry + IAgentConfigurationWriter (no direct file access)
• 15 new tests; 1651/1651 pass

Spec completeness vs #370: Fully satisfies acceptance criteria. Using registry + writer abstractions rather than direct file access is the right architectural choice.

LGTM. Ready to merge.

[sytone]

Closing as part of a planned hard-reset of the in-flight branch set so the new domain-model refactor can land on a clean trunk.

Audit verdict: keep

Rationale: Tool-layer addition; orthogonal.

The new plan (in session state) reshapes core types: Citizen (User+Agent union), Vogen-generated value objects, ThreadId removed in favour of composite ChannelAddress, mark-not-delete compaction, centralised SessionContextProjector, single-path routing. Many in-flight branches touch contracts that are about to change — rebasing later would be more work than rebuilding on the new shape.

If this work is still wanted, refile as a new issue/PR against the post-refactor contracts.