feat(API-11): Route API calls through AgilitonAPI gateway

Add gateway-first pattern: when AGILITON_API_KEY is set, route all
external API calls through the gateway with X-API-Key auth. Falls back
to direct API access when gateway is unavailable.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

node_modules/@modelcontextprotocol/sdk/dist/cjs/examples/client/simpleOAuthClientProvider.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryOAuthClientProvider = void 0;
+/**
+ * In-memory OAuth client provider for demonstration purposes
+ * In production, you should persist tokens securely
+ */
+class InMemoryOAuthClientProvider {
+    constructor(_redirectUrl, _clientMetadata, onRedirect, clientMetadataUrl) {
+        this._redirectUrl = _redirectUrl;
+        this._clientMetadata = _clientMetadata;
+        this.clientMetadataUrl = clientMetadataUrl;
+        this._onRedirect =
+            onRedirect ||
+                (url => {
+                    console.log(`Redirect to: ${url.toString()}`);
+                });
+    }
+    get redirectUrl() {
+        return this._redirectUrl;
+    }
+    get clientMetadata() {
+        return this._clientMetadata;
+    }
+    clientInformation() {
+        return this._clientInformation;
+    }
+    saveClientInformation(clientInformation) {
+        this._clientInformation = clientInformation;
+    }
+    tokens() {
+        return this._tokens;
+    }
+    saveTokens(tokens) {
+        this._tokens = tokens;
+    }
+    redirectToAuthorization(authorizationUrl) {
+        this._onRedirect(authorizationUrl);
+    }
+    saveCodeVerifier(codeVerifier) {
+        this._codeVerifier = codeVerifier;
+    }
+    codeVerifier() {
+        if (!this._codeVerifier) {
+            throw new Error('No code verifier saved');
+        }
+        return this._codeVerifier;
+    }
+}
+exports.InMemoryOAuthClientProvider = InMemoryOAuthClientProvider;
+//# sourceMappingURL=simpleOAuthClientProvider.js.map