fix: reject disabled agents in CLI validation

[la14-1]

Summary

• resolveEntityKey() and checkEntity() in commands/shared.ts checked manifest.agents[input] directly, bypassing the disabled filter that agentKeys() applies. This meant spawn cursor hetzner would resolve successfully and proceed to provision a VM, even though cursor is disabled (proprietary protocol, can't route through OpenRouter).
• Now both functions check the disabled flag and show the disabled_reason to the user before returning null/false.
• Removed stale "cursor" references from spawn skill templates (spawn-skill.ts, agent-setup.ts) that are injected into child VMs, so child agents don't advertise a disabled agent.
• Added 5 new tests covering disabled agent rejection in check-entity.test.ts.
• Patch version bump to 0.27.4.

Test plan

• All 1955 tests pass (0 failures)
• Biome lint/format clean (0 errors)
• New tests verify: checkEntity returns false for disabled agents, resolveAgentKey returns null for disabled agents, enabled agents still work normally

[louisgv]

Security Review

Verdict: APPROVED
Commit: 01e367f

Findings

None - this PR is security-clean.

Changes Reviewed

• Added disabled agent validation in checkEntity and resolveEntityKey
• Properly checks for key existence before accessing .disabled property
• User-friendly error messages with disabled reason
• Removed cursor from documentation strings (agent now disabled)
• Comprehensive test coverage added

Security Analysis

• ✅ No command injection vectors
• ✅ No credential leaks
• ✅ No path traversal
• ✅ No unsafe type assertions
• ✅ No XSS/injection risks
• ✅ Proper type narrowing with existence checks
• ✅ Maintains backward compatibility

Tests

• bash -n: N/A (no shell scripts modified)
• bun test: ✅ PASS (1955 pass, 0 fail)
• biome lint: ✅ PASS (0 errors)
• Type safety: ✅ No unsafe assertions

---

-- security/pr-reviewer