feat(mcp): add public-safe PR body drafting command

[web-dev0521]

Summary

Closes: #98

• Adds gittensory_draft_pr_body, a public-safe PR body drafting command that turns local branch metadata into a copy/paste, maintainer-friendly PR description without leaking private scoreability context (feat(mcp): add public-safe PR body drafting command #98).
• The draft is composed only from already-public-safe analysis slices, runs an explicit sanitizer pass over every line, and excludes private scoring/reward/trust/eligibility context by construction.
• Returns both a human-readable markdown body and a structured JSON draft; input is metadata only and source contents are never uploaded.

What was added

• src/services/pr-body-draft.ts — buildPublicPrBodyDraft(source) builds the sections the issue asks for: Summary, Changed files, Tests run, Linked issue, Duplicate / WIP check, Branch freshness, Next steps.
  • Missing tests produce a public-safe caveat ("No automated tests were recorded… add validation evidence before requesting review.").
  • Overlap is phrased as hygiene, not accusation ("Possible overlap with existing work: double-check #N before review to avoid duplicate effort.").
  • Every emitted line passes through sanitizePublicComment plus a residual scrub of private/financial terms and local paths; private fields (private score preview, private scenario projections, private risk signals, private score-gate blockers, branch eligibility gate, private ranked next actions) are excluded and listed in excludedPrivateFields.
  • sourceUploadDisabled: true is always set; the drafter reads metadata only.
• src/mcp/server.ts — registers gittensory_draft_pr_body (input localBranchAnalysisShape). The tool returns the rendered markdown body as the human-readable summary and the structured draft as JSON, reusing analyzeLocalBranch so source contents are never uploaded.
• Tests — test/unit/pr-body-draft.test.ts (clean branch, missing tests, duplicate risk, stale base, source-upload guard, private-field exclusion, forbidden-language invariants) plus an integration tool-call in test/integration/api.test.ts asserting the tool stays public-safe end-to-end.

Scope

• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed. (feat(mcp): add public-safe PR body drafting command #98)

Validation

• git diff --check
• npm run typecheck — clean
• npm run test:coverage locally — 990 pass (1 skipped); branch 97.04%, lines 99.66%, statements 99.08%, functions 98.42% (new module at 100% branch coverage; the 3 pre-existing Windows-only spawn failures mcp-cli, github-type-label, mcp-release were excluded locally and are unaffected)
• npm run actionlint
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

• Workflow/worker/MCP/UI/audit steps run in CI on Linux; the local environment has known Windows-only failures in mcp-cli/mcp-release/type-label tooling unrelated to this change.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed. (Every draft line is sanitized; private scoring fields are excluded by construction and asserted absent.)
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics. (Forbidden-language invariants over markdown + JSON; overlap phrased as hygiene.)
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests. (n/a)
• API/OpenAPI/MCP behavior is updated and tested where needed. (New MCP tool with unit + integration coverage; no OpenAPI surface change.)
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks. (n/a)
• Visible UI changes include screenshots or a short recording. (n/a)
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs. (No changelog/snapshot files modified.)

Notes

• Public/private boundary: the draft only reads public-safe slices of the local branch analysis (the prepared packet, base freshness, linked-issue and overlap metadata). Private scoreability, reward/risk, raw trust, and reviewability context are never copied in; their categories are documented in excludedPrivateFields, and the exclusion list itself is phrased without private/financial terms so it is safe to surface.
• Source-upload guarantee: the tool reuses analyzeLocalBranch, which takes structured git/GitHub metadata only (no file contents or diffs); sourceUploadDisabled is asserted and the output is checked to contain no local filesystem paths.
• JSON + human-readable: toolResult returns the rendered markdown PR body in the text content and the structured draft as structuredContent, so agents can copy/paste or consume the JSON.
• Coverage: the new src/services/pr-body-draft.ts is at 100% branch coverage; global coverage stays above the 97% gate on all four metrics.