chore: pre-v1.7.0 audit fixes

[arapov]

Summary

Fixes from the pre-release audit (5 parallel review lanes — security, correctness, API-surface consistency, docs/claims+privacy, release mechanics — each high-severity finding then re-verified against the code). Verdict: GO for v1.7.0; these are the small cleanups, no architectural changes.

Sev	Finding	Fix
HIGH	CHANGELOG.md [Unreleased] contradicted itself — annotations bullet said destructive (7), delete_tag_definition entry said 7→8. Both ship as the 1.7.0 notes.	Annotations bullet → full-release end-state: 8 destructive (incl. delete_tag_definition), 49/8/31 = 88
MED	glama.json public-registry description said "86 tools" (2 bumps stale)	→ 88
MED	list_party_entries merged-timeline pagination over-promised a phantom next page at the 100-entry merge ceiling	<=→< so the feed ends honestly at the ceiling; schema doc now states the concrete ~100 ceiling + per-person workaround instead of vague "approximate"; +1 ceiling-boundary test
LOW	confirm-flag.ts comment "gates 7 destructive tools"	→ 8
LOW (privacy)	bare party-id 254022621 used as a redaction example (possibly a real tenant id)	→ synthetic 123456789

What the audit found clean (no action)

• Security: all 5 new surfaces verified clean — delete_tag_definition (double confirm-gate, enum entity, positiveId tagId, no path traversal), includeLinkedPersons fan-out (concurrency-capped, no SSRF, validated ids), landing page (static, no interpolation), annotations (no destructive tool misclassified).
• Release mechanics: published tarball ships only dist/ (no wire-trace scripts / tests / NOTES leak), npm audit 0 vulns, lockfile not dirty, shebang correct, all gates pass.
• Privacy: whole-tree sweep clean (no banned substrings, tenant names, infra ids, tokens) apart from the LOW above.
• Consistency: catalog still coherent — delete_tag_definition matches the destructive-tool conventions; detach-vs-delete disambiguated in both tool descriptions.

The pagination ceiling, precisely

A top-100-per-party merge reliably orders only the global top ~100 entries (each party is fetched at Capsule's per-party cap of 100). Previously, requestedWindowEnd <= 100 would advertise a page+1 at exactly the ceiling, which then returned an empty slice — a phantom page mid-feed. Strict < 100 ends the feed at the ceiling instead. Entries beyond ~100 of a specific contact are reached via list_party_entries on that person's id (the default single-GET path, no ceiling) — now stated explicitly on the schema rather than hand-waved as "approximate."

Deferred to the release cut (NOT in this PR)

The 6-location 1.6.5 → 1.7.0 version bump, [Unreleased] → [1.7.0] graduation, README/INSTALL pin examples, and the optional biome 2.4.16 patch are the cut itself (Flow A) — done when you say go.

Test plan

• 537 → 538 tests (+1 ceiling-boundary test; existing fix(entries): correct merged-timeline pagination on includeLinkedPersons #64 pagination tests still pass — they use perPage ≤ 25, well under the cap)
• typecheck / lint / format:check / build clean
• privacy re-sweep clean (git grep for all banned substrings → no matches)
• HOWTO test count synced (538)

🤖 Generated with Claude Code