feat(config): mcp.publish_skills flag gating the skill catalogue

[dripsmvcp]

Summary

• adds the mcp.publish_skills config flag (default true) that gates the
  Claude Code skill / slash-command catalogue over MCP, per feat(config): mcp.publish_skills: true|false #235.
• ships the catalogue surface it gates — kb.list_skills / kb.get_skill —
  across MCP, JSONL, and the CLI, since the methods the issue assumes ("just
  shipped") were not yet on test.

Root Cause / Context

#235 asks for a gbrain-style mcp.publish_skills flag so a "company-brain"
deployment can hide the slash-command catalogue, which is itself sensitive.
The flag had nothing to gate on test yet, so this change brings the
discovery surface and the gate together as one self-contained feature.

Fix

• src/vouch/skills.py — discovery of <kb_root>/.claude/ and ~/.claude/
skills/*/SKILL.md + commands/*.md (project overrides user on collision).
  publish_skills_enabled() reads mcp.publish_skills from config.yaml
  fresh on every call; only an explicit false disables. list_skills
  returns [] when off; get_skill raises SkillsDisabledError.
• registered on all four surfaces (server.py, jsonl_server.py,
  capabilities.METHODS, cli.py) so test_capabilities stays in lockstep.
• JSONL maps SkillsDisabledError -> permission_denied; the flag is surfaced
  on kb.capabilities.mcp.publish_skills.
• starter config.yaml ships mcp.publish_skills: true; a KB with no mcp:
  block stays default-on.

Test Plan

• Regression tests added: tests/test_skills.py (gate on/off, toggle
  without restart, jsonl permission_denied, capabilities reflects flag)
• pytest tests/ --ignore=tests/embeddings — green (rc=0, UTF-8 locale)
• ruff check src tests — clean
• mypy src — clean

Closes #235

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 4c40a43f-c6a2-4301-8312-3da153b4f42f

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}