Scope memories by API token and add shared-token e2e coverage

AGENTS.md

@@ -7,7 +7,9 @@ memory.
 ## External Memory System
 
 - Use the exact MCP tools `openbrain.store`, `openbrain.query`, and `openbrain.purge`
-- Always use the exact `agent_id` value `openbrain`
+- Memory visibility is determined by the API token in the MCP client config, not by `agent_id`
+- On `openbrain.store`, use `agent_id` only as a provenance label for the storing agent when that label is useful
+- On `openbrain.query`, do not send `agent_id` for normal retrieval; use `source_agent_id` only when you intentionally want to filter by source agent
 - Do not hardcode live credentials into the repository
 - Before answering requests that may depend on prior sessions, project history, user preferences, ongoing work, named people, named projects, deployments, debugging history, or handoff context, call `openbrain.query` first
 - Use noun-heavy search phrases with exact names, tool names, acronyms, hostnames, and document names
@@ -19,7 +21,7 @@ memory.
 - Use metadata when helpful for tags such as `category`, `project`, `source`, `status`, `aliases`, and `confidence`
 - If `openbrain.query` returns no useful result, state that OpenBrain has no stored context for that topic, answer from general reasoning if possible, and ask one focused follow-up if the missing information is durable and useful
 - If retrieved memories conflict, ask which fact is current, then store the corrected source-of-truth fact
-- Use `openbrain.purge` cautiously because it is coarse-grained; it deletes by `agent_id` and optionally before a timestamp, not by individual memory ID
+- Use `openbrain.purge` cautiously because it is coarse-grained; it deletes memories visible to the current API token and can optionally narrow by `source_agent_id` and `before`, not by individual memory ID
 - For ordinary corrections, prefer storing the new source-of-truth fact instead of purging unless cleanup or reset is explicitly requested
 
 ## Agent Identity & Source Tagging