Document how to run AegisFlow behind nginx or Caddy

[saivedant169]

Problem

The starter kit's production compose file starts AegisFlow on ports 8080, 8081, and 8082 directly. Most real deployments will want to put a reverse proxy in front of those ports for TLS termination, access logging, and rate limiting.

There is nothing in the docs explaining how to do that, so every new user has to figure it out themselves.

Acceptance criteria

• New file: docs/deploy/reverse-proxy.md
• Contains a working nginx config snippet for AegisFlow
• Contains a working Caddy config snippet for AegisFlow
• Covers: TLS termination, the three separate ports (gateway/admin/mcp), WebSocket upgrade for /v1/ws, SSE long-lived connections for the MCP /sse endpoint
• Linked from starter-kit/deploy/docker-compose.yaml and from the main README deployment section

Files to create or touch

• docs/deploy/reverse-proxy.md (new)
• README.md (add a link near the deployment mentions)
• starter-kit/deploy/docker-compose.yaml (add a comment pointing to the doc)

How to test locally

Stand up AegisFlow on one terminal, nginx on another with the config from the doc, and verify:

1. curl https://your-host/health returns the gateway health
2. curl https://your-host/admin/... returns the admin API
3. Claude Code connected to https://your-host/sse works end-to-end

Notes

The SSE endpoint needs proxy_buffering off in nginx or it will hang. That is the most common gotcha, so please call it out explicitly in the docs.