fix(http): inline-auth handlers missing tenant ID context — agent lookup always fails

[vanlong2109]

Bug

Three HTTP handlers (/v1/chat/completions, /v1/responses, /v1/agents/{id}/wake) perform authentication inline instead of using the requireAuth middleware. They authenticate correctly but skip the tenant ID injection step, causing all downstream agent lookups to fail with "agent not found".

Root Cause

requireAuth middleware in auth.go:290-315 injects store.WithTenantID() into the request context after authentication. The three affected handlers bypass this middleware and do auth inline via resolveAuth(r), but never call store.WithTenantID().

When the agent resolver calls store.GetByKey(), it reads TenantIDFromContext(ctx) which returns uuid.Nil → the SQL query filters by tenant_id = uuid.Nil → no rows match → "agent not found".

Affected Files

• internal/http/chat_completions.go — ServeHTTP() line ~137
• internal/http/responses.go — ServeHTTP() line ~81
• internal/http/wake.go — handleWake() line ~95

Reproduction

curl -X POST http://localhost:18790/v1/chat/completions \
  -H "Authorization: Bearer <gateway_token>" \
  -H "X-GoClaw-User-Id: <user>" \
  -H "Content-Type: application/json" \
  -d '{"model": "agent:<agent_key>", "messages": [{"role": "user", "content": "Hello"}]}'
# Returns: {"error":{"message":"agent not found: <agent_key>"}}

Fix

Inject tenant ID into context right after auth check, before agent lookup, in all three handlers:

if auth.TenantID != uuid.Nil {
    r = r.WithContext(store.WithTenantID(r.Context(), auth.TenantID))
} else {
    r = r.WithContext(store.WithTenantID(r.Context(), store.MasterTenantID))
}

Fix already implemented and tested locally on branch fix/memory-tenant-id-ambiguous.