feat(mcp-proxy): close customer cold path

[oleg-bk]

Summary

Close the MCP Proxy customer cold path for P4/P7: a developer can now go from local proxy setup to an offline-verified evidence bundle through the proxy CLI path, without claiming production parity beyond the controlled MCP Proxy adapter path.

Source branch: feat/mcp-proxy-cold-path
Commits:

• f526571 feat(mcp-proxy): close customer cold path
• 64cce6d fix(paperclip): preserve which paths on Windows
• 20f1623 fix(ci): handle Windows path compatibility

What changed

• Runtime Gate ALLOW / BLOCK decisions now record verified decision_receipt/2 metadata in local evidence and can export bundles with signed DecisionReceipts attached.
• agentveil-mcp-proxy doctor --check-backend adds opt-in read-only backend preflight for health + onboarding status while preserving offline doctor by default.
• agentveil-mcp-proxy register bridges local proxy identity creation to backend registration while preserving the proxy identity format and encrypted-at-rest key file.
• docs/MCP_PROXY_QUICKSTART.md documents the customer cold path from install/init through export and offline verification, including explicit boundary statements.
• Paperclip doctor preserves shutil.which() path strings, honors explicit HOME overrides for dry-run tests, and Windows-incompatible POSIX chmod assertions are gated to POSIX platforms.

What this PR is not claiming

• It does not claim the production agentveil.dev backend signed the v1.2 internal proof harness artifact.
• It does not claim every MCP decision has a backend-signed receipt.
• It does not add backend-signed human_approval_receipt/2 to proxy bundles.
• It does not add backend-signed execution_receipt/2 for proxy-forwarded downstream MCP calls.
• It does not claim AgentVeil controls actions outside controlled adapters, replaces sandboxing, or fixes model behavior.

Tests run in the clean-branch gate

• python3 -m pytest tests/test_mcp_proxy_cli.py tests/test_mcp_proxy_runtime_gate.py tests/test_mcp_proxy_evidence.py tests/test_mcp_proxy_proof.py tests/test_mcp_proxy_approval.py tests/test_mcp_proxy_passthrough.py -q -> 274 passed, 1 skipped
• python3 -m pytest tests/test_mcp_proxy_circuit_breaker.py tests/test_mcp_proxy_multi_instance.py tests/test_mcp_proxy_policy.py tests/test_mcp_proxy_classification.py -q -> 115 passed
• python3 -m pytest tests/test_paperclip_doctor.py -q -> 28 passed
• python3 -m pytest tests/test_mcp_proxy_cli.py -q -k "register or doctor" -> 25 passed, 28 deselected
• git diff --check -> clean
• Overclaim grep across agentveil_mcp_proxy/, docs/, and MCP Proxy tests -> only the explicit denial in the quickstart's "does NOT prove" section.

Remaining non-blocking gaps

• Backend human_approval_receipt/2 integration for proxy approvals remains a future design slice.
• Signer DID rotation / discovery remains cross-repo work.
• Live production E2E against agentveil.dev was not run in this PR.
• Action mapping docs and decision_receipt/3 replay hardening remain future slices.

Notes

This PR intentionally excludes the unrelated AGENTS.md hardening commit from the earlier working branch.