feat: add enable/disable toggle for broker services

[dangtony98]

Summary

• Services gain a nullable enabled flag; disabled services return 403 service_disabled distinct from 403 forbidden for unmatched hosts, at both the explicit /proxy and MITM ingress paths.
• Operator surface spans UI (new Enabled column with optimistic toggle + modal field), CLI (service enable|disable, plus --disabled on service add), and HTTP (PATCH /v1/vaults/{name}/services/{host} admin-only).
• Agents can propose enable/disable via a set proposal that carries only enabled — merge preserves the existing Auth config so toggles don't clobber credentials.

Behavior notes

• New services default to enabled. Services persisted before this change (no enabled field in the stored JSON) are treated as enabled on load, so there's no migration and no behavior change at upgrade time.
• The enable/disable flow is admin-direct (like existing service edits) and proposable; the direct path is for operator kill-switches, the proposal path is for agent-initiated staged rollouts.
• Agent skill files now document the new service_disabled error code so agents don't mistakenly create a new proposal when they hit a disabled host.

Test plan

• make test — new tests for ErrServiceDisabled inject gate (including passthrough case), enable-only proposal validation, and enable-only merge preserving Auth
• make build — binary + embedded web bundle
• tsc --noEmit on web package
• Manual end-to-end with ./agent-vault:
  • Enable-happy-path: register a service, proxy traffic succeeds, service disable <host> → same curl returns 403 with {"error":"service_disabled"}, toggle back via UI → succeeds again
  • Disabled-at-creation: service add --host example.com --auth-type bearer --token-key EXAMPLE_TOKEN --disabled → service list shows enabled: false, proxy returns 403 immediately
  • MITM path: HTTPS_PROXY=… curl https://<disabled-host>/… → 403 surfaces on the MITM ingress too
  • Proposal: submit a set proposal with enabled: false only (no auth), approve → service is disabled without losing auth config
  • UI: toggle flips optimistically and rolls back with an error banner if PATCH fails; non-admins see the toggle in read-only state

🤖 Generated with Claude Code

[claude]

⚠️ Code review skipped — your organization's overage spend limit has been reached.

Code review is billed via overage credits. To resume reviews, an organization admin can raise the monthly limit at claude.ai/admin-settings/claude-code.

Once credits are available, reopen this pull request to trigger a review.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
agent-vault	🟢 Ready	View Preview	Apr 20, 2026, 9:54 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.