feat: Phase 1 MVP — complete AgentIdP implementation

Implements all P0 features per OpenSpec change phase-1-mvp-implementation:
- Agent Registry Service (CRUD) — full lifecycle management
- OAuth 2.0 Token Service (Client Credentials flow)
- Credential Management (generate, rotate, revoke)
- Immutable Audit Log Service

Tech: Node.js 18+, TypeScript 5.3+ strict, Express 4.18+, PostgreSQL 14+, Redis 7+
Standards: OpenAPI 3.0 specs, DRY/SOLID, zero `any` types
Quality: 18 unit test suites, 244 tests passing, 97%+ coverage
OpenAPI: 4 complete specs (14 endpoints total)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/db/pool.ts

@@ -0,0 +1,44 @@
+/**
+ * PostgreSQL connection pool singleton.
+ * All database access flows through this pool.
+ */
+
+import { Pool } from 'pg';
+
+let pool: Pool | null = null;
+
+/**
+ * Returns the singleton pg Pool instance.
+ * Initialises the pool on first call using DATABASE_URL from the environment.
+ *
+ * @returns The PostgreSQL connection pool.
+ * @throws Error if DATABASE_URL is not set.
+ */
+export function getPool(): Pool {
+  if (!pool) {
+    const connectionString = process.env['DATABASE_URL'];
+    if (!connectionString) {
+      throw new Error('DATABASE_URL environment variable is required');
+    }
+    pool = new Pool({ connectionString });
+
+    pool.on('error', (err: Error) => {
+      // eslint-disable-next-line no-console
+      console.error('Unexpected pg pool error', err);
+    });
+  }
+  return pool;
+}
+
+/**
+ * Closes the pool and resets the singleton.
+ * Used for graceful shutdown and tests.
+ *
+ * @returns Promise that resolves when the pool is closed.
+ */
+export async function closePool(): Promise<void> {
+  if (pool) {
+    await pool.end();
+    pool = null;
+  }
+}