feat(0144b): provision-agent-user.sh script idempotente + templates

Bash script que provisiona Matrix user via Synapse admin API + login para
access_token + scaffold completo (config.yaml, agent.go, prompts/system.md).
6 templates (user/sudo x config/agent.go/prompt). 20 tests bash pasan.
Genera .env con AGENT_<ID>_TOKEN/PASSWORD/PICKLE/DEVICE_ID + URL mesh.

dev-scripts/agent/templates/config.sudo.yaml.tmpl

@@ -0,0 +1,254 @@
+# ============================================
+# IDENTIDAD — agent LLM sudo-scope (mode=sudo)
+# ============================================
+# Generado por dev-scripts/agent/provision-agent-user.sh
+# Issue 0144 §6.1. NO editar a mano sin razon — re-provisionar reescribe.
+#
+# CADA tool call sudo dispara approval request a #operator-approvals.
+# Sin 👍 del operador en 60s -> timeout.
+
+agent:
+  id: {{AGENT_ID}}
+  name: "{{DISPLAY_NAME}}"
+  version: "0.1.0"
+  enabled: true
+  description: "Conversational LLM agent for {{HOST}} (sudo-scope). All tools require operator approval. Receives delegations from agent-{{HOST}}."
+  tags: [agent, llm, devicemesh, {{HOST}}, sudo]
+  type: agent
+
+# ============================================
+# PERSONALIDAD — formal, gated
+# ============================================
+personality:
+  tone: formal
+  verbosity: concise
+  language: es
+  languages_supported: [es, en]
+  emoji_style: minimal
+  prefix: "🔒"
+  error_style: detailed
+
+  templates:
+    greeting: "Soy {{DISPLAY_NAME}}, scope sudo en {{HOST}}. Cada acción requiere tu aprobación."
+    unknown_command: "Comando no reconocido."
+    permission_denied: "Acción rechazada por policy interna del agent sudo."
+    error: "Operación fallida: {{.Error}}"
+    success: "{{.Summary}}"
+    busy: "Esperando aprobación del operador, dame un momento..."
+
+  behavior:
+    proactive: false
+    ask_confirmation: true
+    show_reasoning: true
+    thread_replies: true
+    typing_indicator: true
+    acknowledge_receipt: true
+
+# ============================================
+# LLM
+# ============================================
+llm:
+  primary:
+    provider: claude-code
+    model: ""
+    api_key_env: ""
+    base_url: ""
+    max_tokens: 4096
+    temperature: 0.2
+    claude_code:
+      binary: "claude"
+      timeout: 5m
+      disable_tools: true
+      allowed_tools: []
+      disallowed_tools: []
+      working_dir: "/tmp/claude-agents/{{AGENT_ID}}"
+      permission_mode: "bypassPermissions"
+      model: "sonnet"
+      fallback_model: ""
+      session_id: ""
+      add_dirs: []
+
+  fallback:
+    provider: ""
+    model: ""
+    api_key_env: ""
+    base_url: ""
+    max_tokens: 0
+    temperature: 0
+
+  reasoning:
+    system_prompt_file: "prompts/system.md"
+    context_window: 32768
+    memory_messages: 50
+
+  tool_use:
+    enabled: true
+    max_iterations: 8
+    parallel_calls: false
+
+  rate_limit:
+    requests_per_minute: 30
+    tokens_per_minute: 100000
+    concurrent_requests: 3
+
+# ============================================
+# DEVICE MESH — solo tools sudo (todas requieren approval)
+# ============================================
+device_mesh:
+  enabled: true
+  device_id: {{HOST}}
+  mode: sudo
+  manifest_id: manifest_{{HOST}}-sudo_v1
+  device_agent_url_env: {{AGENT_ID_UPPER}}_DEVICE_MESH_URL
+  client_timeout_s: 120
+  tools_allowed:
+    - exec
+    - fs.read
+    - fs.write
+    - fs.list
+    - fs.stat
+    - pkg.install
+    - pkg.search
+    - proc.list
+    - proc.kill
+    - current_time
+    - memory.recall
+    - memory.note
+  rate_limit:
+    tools_per_minute: 20
+    tools_per_turn: 6
+
+# ============================================
+# TOOLS
+# ============================================
+tools:
+  ssh:
+    enabled: false
+    allowed_targets: []
+    forbidden_commands: []
+    timeout: 0s
+    max_concurrent: 0
+    require_confirmation: []
+  http:
+    enabled: false
+    allowed_domains: []
+    timeout: 0s
+    max_retries: 0
+  scripts:
+    enabled: false
+    scripts_dir: ""
+    allowed: []
+    timeout: 0s
+    sandbox: false
+  file_ops:
+    enabled: false
+    allowed_paths: []
+    read_only: true
+  mcp:
+    enabled: false
+    servers: []
+    expose:
+      port: 0
+      tools: []
+  memory:
+    enabled: true
+  knowledge:
+    enabled: false
+
+# ============================================
+# MEMORIA
+# ============================================
+memory:
+  enabled: true
+  window_size: 50
+  db_path: "./agents/{{AGENT_ID}}/data/memory.db"
+
+# ============================================
+# MATRIX
+# ============================================
+matrix:
+  homeserver: "{{MATRIX_HOMESERVER}}"
+  user_id: "@{{AGENT_ID}}:{{MATRIX_SERVER_NAME}}"
+  access_token_env: MATRIX_TOKEN_{{AGENT_ID_UPPER}}
+  device_id: "{{MATRIX_DEVICE_ID}}"
+
+  encryption:
+    enabled: true
+    store_path: "./agents/{{AGENT_ID}}/data/crypto/"
+    pickle_key_env: PICKLE_KEY_{{AGENT_ID_UPPER}}
+    trust_mode: tofu
+    recovery_key_env: SSSS_RECOVERY_KEY_{{AGENT_ID_UPPER}}
+
+  rooms:
+    listen: []
+    respond: []
+    admin: []
+
+  filters:
+    command_prefix: "!"
+    mention_respond: true
+    dm_respond: true
+    ignore_bots: true
+    ignore_users: []
+    unauthorized_response: silent
+    min_power_level: 0
+
+  threads:
+    enabled: true
+    auto_thread: false
+
+# ============================================
+# SSH — no aplica
+# ============================================
+ssh:
+  defaults:
+    user: ""
+    port: 22
+    key_file_env: ""
+    known_hosts: ""
+    keepalive_interval: 0s
+    timeout: 0s
+  targets: {}
+
+# ============================================
+# SEGURIDAD
+# ============================================
+security:
+  audit:
+    enabled: true
+    log_file: "./agents/{{AGENT_ID}}/data/audit.log"
+    log_to_room: ""
+    include: [tool_call, llm_request, command, approval_request, approval_grant, approval_deny]
+
+  secrets:
+    provider: env
+
+  sanitize:
+    enabled: true
+    mode: warn
+    min_severity: medium
+    disabled_patterns: []
+
+  tool_rate_limit:
+    enabled: true
+    max_calls_per_min: 20
+    cleanup_interval_s: 60
+
+# ============================================
+# SCHEDULING
+# ============================================
+schedules: []
+
+# ============================================
+# STORAGE
+# ============================================
+storage:
+  base_path: ""
+
+# ============================================
+# OPERATOR
+# ============================================
+operator:
+  matrix_id: "{{OPERATOR_MATRIX_ID}}"
+  requires_approval: true
+  approvals_room: "#operator-approvals:{{MATRIX_SERVER_NAME}}"