feat: coord API — no-auth, DB softfail 503, agent tracking protocol

- coord routers: removed JWT auth requirement (internal-only endpoints)
- error_handler: SQLAlchemy OperationalError/DisconnectionError → 503
  with Retry-After: 30 header instead of 500
- /health: live DB probe (SELECT 1) instead of static response
- CLAUDE.md: "Live State Tracking" section with full agent protocol
  for all projects — session start, lock claim/release, component
  state updates, softfail + local queue catch-up
- COORDINATION_PROTOCOL.md: softfail/catch-up section + server-side
  503 behavior documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

api/main.py

@@ -3,8 +3,10 @@ ClaudeTools FastAPI Application
 Main entry point for the ClaudeTools MSP management system API
 """
 
+import sqlalchemy as sa
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import Response
 from contextlib import asynccontextmanager
 
 from api.config import get_settings
@@ -108,10 +110,17 @@ async def root():
 @app.get("/health")
 async def health_check():
     """Health check endpoint for monitoring"""
-    return {
-        "status": "healthy",
-        "database": "connected"
-    }
+    try:
+        with engine.connect() as conn:
+            conn.execute(sa.text("SELECT 1"))
+        return {"status": "healthy", "database": "connected"}
+    except Exception:
+        return Response(
+            content='{"status":"degraded","database":"disconnected"}',
+            status_code=503,
+            media_type="application/json",
+            headers={"Retry-After": "30"},
+        )
 
 
 # Register routers