feat: implement v2 3-tier architecture (mcpctl → mcplocal → mcpd)

- Rename local-proxy to mcplocal with HTTP server, LLM pipeline, mcpd discovery
- Add LLM pre-processing: token estimation, filter cache, metrics, Gemini CLI + DeepSeek providers
- Add mcpd auth (login/logout) and MCP proxy endpoints
- Update CLI: dual URLs (mcplocalUrl/mcpdUrl), auth commands, --direct flag
- Add tiered health monitoring, shell completions, e2e integration tests
- 57 test files, 597 tests passing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/cli/tests/api-client.test.ts

@@ -74,4 +74,27 @@ describe('ApiClient', () => {
     const client = new ApiClient({ baseUrl: 'http://localhost:1' });
     await expect(client.get('/anything')).rejects.toThrow();
   });
+
+  it('sends Authorization header when token provided', async () => {
+    // We need a separate server to check the header
+    let receivedAuth = '';
+    const authServer = http.createServer((req, res) => {
+      receivedAuth = req.headers['authorization'] ?? '';
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true }));
+    });
+    const authPort = await new Promise<number>((resolve) => {
+      authServer.listen(0, () => {
+        const addr = authServer.address();
+        if (addr && typeof addr === 'object') resolve(addr.port);
+      });
+    });
+    try {
+      const client = new ApiClient({ baseUrl: `http://localhost:${authPort}`, token: 'my-token' });
+      await client.get('/test');
+      expect(receivedAuth).toBe('Bearer my-token');
+    } finally {
+      authServer.close();
+    }
+  });
 });