feat(mcp): add file delete tool

[abrookins]

Problem

AFS MCP clients had precise tools for reading files and making localized text edits, but they did not have a first-class way to delete an entire file, symlink, or empty directory from a workspace. That left agents without an explicit whole-path delete operation in both the local stdio MCP server and the hosted control-plane MCP server.

Delete handling also needs to preserve the existing workspace guarantees: root must not be removable, non-empty directories must be refused, edits should leave the workspace dirty until checkpointed, and hosted MCP mutations should write accurate changelog entries.

Proposed solution

Add a file_delete MCP tool to both local and hosted MCP surfaces. The tool uses the existing Redis-backed filesystem Rm behavior, so it inherits the established safety checks for root deletion and non-empty directories while supporting files, symlinks, and empty directories.

The change also wires file_delete into MCP profile gating as a write-capable tool, updates the MCP reference docs, and extends automated coverage for tool listing, profile access, file deletion, empty-directory deletion, root refusal, non-empty directory refusal, and hosted changelog behavior.

During QA, hosted empty-directory deletion exposed a changelog issue: the mutation helper derived the operation from version snapshots, while directories are not versioned. The helper now derives delete operations from the before/after filesystem stats, so empty-directory deletion records rmdir and file/symlink deletion records delete.

Validation

• go test ./cmd/afs -run 'TestAFSMCP|TestMCP'
• go test ./internal/controlplane -run 'TestHostedMCP|TestMCPProfile'
• make test
• make commands
• git diff --check origin/main...HEAD

[jit-ci]

🛡️ Jit Security Scan Results

✅ No security findings were detected in this PR

---

^{Security scan by Jit}