feat: Phase 1 P1 — Dockerfile, AGNTCY alignment docs, Node.js SDK

Three remaining Phase 1 P1 deliverables:

1. Dockerfile — multi-stage build (builder + production), node:18-alpine,
   non-root USER node, .dockerignore excluding secrets and dev artifacts

2. AGNTCY alignment docs (docs/agntcy/) — README and alignment.md mapping
   all 6 AGNTCY domains to AgentIdP features with Phase 2/3 pending items noted

3. Node.js SDK (@sentryagent/idp-sdk) — TypeScript strict, zero any, native
   fetch (Node 18+), TokenManager with 60s auto-refresh, service clients for
   all 14 endpoints (agents, credentials, tokens, audit), AgentIdPError typed
   error hierarchy, full README

All three changes tracked under openspec/changes/ with tasks marked complete.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Dockerfile

@@ -0,0 +1,41 @@
+# ─────────────────────────────────────────────────────────────
+# Stage 1: builder — compile TypeScript to dist/
+# ─────────────────────────────────────────────────────────────
+FROM node:18-alpine AS builder
+
+WORKDIR /app
+
+# Copy package files and install all dependencies (including dev)
+COPY package.json package-lock.json ./
+RUN npm ci
+
+# Copy source and compile
+COPY tsconfig.json ./
+COPY src/ ./src/
+COPY scripts/ ./scripts/
+RUN npm run build
+
+# ─────────────────────────────────────────────────────────────
+# Stage 2: production — minimal runtime image
+# ─────────────────────────────────────────────────────────────
+FROM node:18-alpine AS production
+
+WORKDIR /app
+
+# Copy package files and install production dependencies only
+COPY package.json package-lock.json ./
+RUN npm ci --omit=dev
+
+# Copy compiled output from builder stage
+COPY --from=builder /app/dist ./dist
+
+# Copy migration scripts (needed for db:migrate at deploy time)
+COPY --from=builder /app/scripts ./scripts
+COPY src/db/migrations ./src/db/migrations
+
+# Run as non-root user (built into node:alpine)
+USER node
+
+EXPOSE 3000
+
+CMD ["node", "dist/server.js"]