feat: 添加 LocalMemoryRecallTool 和 VaultHttpFetchTool

- LocalMemoryRecallTool: 跨会话本地笔记召回，权限门控，大小限制
- VaultHttpFetchTool: 使用 vault 密钥的认证 HTTP 请求，ACL 规则
- agentToolFilter: 子 agent 工具继承过滤层
- ALL_AGENT_DISALLOWED_TOOLS 白名单更新

Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>

src/constants/tools.ts

@@ -38,6 +38,8 @@ import {
   CRON_DELETE_TOOL_NAME,
   CRON_LIST_TOOL_NAME,
 } from '@claude-code-best/builtin-tools/tools/ScheduleCronTool/prompt.js'
+import { LOCAL_MEMORY_RECALL_TOOL_NAME } from '@claude-code-best/builtin-tools/tools/LocalMemoryRecallTool/constants.js'
+import { VAULT_HTTP_FETCH_TOOL_NAME } from '@claude-code-best/builtin-tools/tools/VaultHttpFetchTool/constants.js'
 
 export const ALL_AGENT_DISALLOWED_TOOLS = new Set([
   TASK_OUTPUT_TOOL_NAME,
@@ -49,6 +51,14 @@ export const ALL_AGENT_DISALLOWED_TOOLS = new Set([
   TASK_STOP_TOOL_NAME,
   // Prevent recursive workflow execution inside subagents.
   ...(feature('WORKFLOW_SCRIPTS') ? [WORKFLOW_TOOL_NAME] : []),
+  // LOCAL-WIRING PR-1: keep local-memory recall on the main thread only.
+  // Cross-session user notes shouldn't be siphoned by spawned subagents.
+  // Layer 2 of the gate (fork path useExactTools) is enforced separately
+  // by filterParentToolsForFork in src/utils/agentToolFilter.ts.
+  LOCAL_MEMORY_RECALL_TOOL_NAME,
+  // LOCAL-WIRING PR-2: vault HTTP fetch is even more sensitive (touches
+  // user secrets). Same two-layer gate applies — keep main thread only.
+  VAULT_HTTP_FETCH_TOOL_NAME,
 ])
 
 export const CUSTOM_AGENT_DISALLOWED_TOOLS = new Set([