fix(agent): expose --scope admin + regression test for SEC-A-09

[intendednull]

Why

PR #389 closed bulk of #311 (SEC-A-09): added --scope {messaging,read,full}, default Messaging, threaded into serve_http. Two gaps remained.

1. Issue spec listed readonly|messaging|full|admin. admin value not exposed on CLI even though TokenScope::Admin exists in scopes.rs (semantically distinct from Full for audit log consumers).
2. No test pinned the regression — nothing prevents future drift back to --scope full default.

What

• Add Admin variant to ScopeArg. Maps to TokenScope::Admin.
• Doc on ScopeArg now lists per-scope tool sets.
• New mod tests in crates/agent/src/main.rs:
  • default_scope_is_messaging — pins SEC-A-09 fix.
  • parse coverage every documented value (messaging/read/full/admin).
  • unknown-value-rejected case.
  • ScopeArg → TokenScope wiring map.

Lowest tier covering behaviour per CLAUDE.md: clap Cli::parse_from on the bin. No process spawn needed.

Behaviour change

None vs current claude/adoring-euler-3axK7. PR #389 already flipped HTTP default Full → Messaging. This PR only adds admin value (additive) and locks the existing default with a test.

Tradeoff considered

Considered flipping TokenScope::default() from Full to Messaging to kill the footgun globally. Rejected. Stdio transport (serve_stdio uses WillowMcpServer::new which reads the Default) is local-process — Full appropriate. Flipping Default would break tests/e2e.rs silently or force every test to with_scope(TokenScope::Full). Worth a follow-up issue to remove the Default impl entirely and force each call site explicit.

Test plan

• cargo fmt --check clean
• cargo clippy -p willow-agent --all-targets -- -D warnings clean
• cargo test -p willow-agent --bin willow-agent 7/7 new tests pass
• cargo test -p willow-agent --lib 31/31 pass
• cargo test -p willow-agent --test e2e 32/32 pass

Refs #311

https://claude.ai/code/session_014KLEYzesqZwWdFQnUeXtrJ

---

Generated by Claude Code

[intendednull]

Is this still needed?

[intendednull]

good catch. #389 already shipped --scope {messaging,read,full} + Messaging default + thread into serve_http. issue auto-close keyword chain didn't fire (closes #301 #304 #305 #311 — GH only closed first id), so #311 stuck open.

what #412 actually adds:

1. admin CLI variant — issue spec listed readonly|messaging|full|admin, admin was missing. TokenScope::Admin already exists in scopes.rs but unreachable from CLI.
2. regression test pinning default_scope_is_messaging so default can't drift back to Full.

3 options:

• keep both — fills spec gap + locks default. ~95 lines, all in main.rs.
• keep just test — drop admin variant, just pin default.
• close + manual-close [SEC-A-09] Agent HTTP server defaults to TokenScope::Full with no CLI flag #311 — declare fix(agent): const-time bearer + scope gates #389 sufficient, ship nothing here.

your call. defaulting to close if no preference.

---

Generated by Claude Code

[intendednull]

Clean up please