Clean MCP outputSchema refs for Trust Verification tools

[GsCommand]

Clean up MCP tool schemas so $ref objects stand alone without sibling description fields.

Context:
clas_trust_verify is conceptually valid, but for protocol-clean JSON Schema/MCP compatibility the outputSchema object should be only:

"outputSchema": {
  "$ref": "./verify.receipt.schema.json"
}

Do not keep description as a sibling beside $ref, because some JSON Schema/MCP tooling treats $ref as replacing the whole object and may ignore or reject siblings.

Task:

1. Inspect all files matching:
   schemas/trust-verification/*/*.mcp.tool.schema.json
2. Find any inputSchema or outputSchema objects where $ref has sibling fields such as description.
3. Remove sibling fields beside $ref from those schema ref objects.
4. Keep top-level tool description fields intact.
5. Do not modify request schemas, receipt schemas, OpenAPI files, examples, or manifest unless necessary.
6. Validate every MCP tool schema parses as JSON.
7. Run available validation scripts, including npm run validate:trust-verification if applicable.

Expected clean pattern:

{
  "name": "clas_trust_verify",
  "title": "CLAS Trust Verify",
  "description": "Verify a claim, artifact, receipt, credential, identity, or action. Successful execution returns a CLAS verify receipt.",
  "inputSchema": {
    "$ref": "./verify.request.schema.json"
  },
  "outputSchema": {
    "$ref": "./verify.receipt.schema.json"
  },
  "annotations": {
    "readOnlyHint": true,
    "destructiveHint": false,
    "idempotentHint": true,
    "openWorldHint": true
  }
}

Report:

• files changed
• any ref siblings removed
• validation results
• any remaining issues

[GsCommand]

Next step after this cleanup lands:

1. Run a final CLAS Trust Verification artifact audit:

   • all 10 verbs have request schema, receipt schema, OpenAPI, MCP tool schema, examples
   • all MCP tool schemas parse as JSON
   • no inputSchema or outputSchema $ref objects have sibling fields
   • manifest paths point to existing files
   • capabilities.json paths point to existing files
   • discovery record paths point to existing files

2. Then move back to commandlayer-org and update only the broken CLAS artifact links on /sdk-records.html to point to https://github.com/commandlayer/clas/..., not commandlayer-org/commandlayer-org.

Do not add new verbs or change schema semantics in this cleanup.

[GsCommand]

Codex-ready implementation note:

Please implement this cleanup directly in the repo.

Run something equivalent to:

for f in schemas/trust-verification/*/*.mcp.tool.schema.json; do
  jq '(.inputSchema |= (if type == "object" and has("$ref") then {"$ref": .["$ref"]} else . end)) |
      (.outputSchema |= (if type == "object" and has("$ref") then {"$ref": .["$ref"]} else . end))' "$f" > "$f.tmp" && mv "$f.tmp" "$f"
done

Then validate:

for f in schemas/trust-verification/*/*.mcp.tool.schema.json; do jq empty "$f" || exit 1; done
rg -n '"\$ref".*\n\s*"description"|"description".*\n\s*"\$ref"' schemas/trust-verification/*/*.mcp.tool.schema.json
npm run validate:trust-verification

If the rg pattern is too broad or misses multiline formatting, inspect any MCP file containing both outputSchema and description manually to confirm no $ref sibling fields remain.

Expected result:

• inputSchema/outputSchema ref objects contain only $ref.
• top-level tool descriptions stay intact.
• No request/receipt/OpenAPI/example/schema semantics are changed.