Close remaining Sonar + Codacy findings on PR #194

Sonar (3 left after the previous pass):
- LSP run() complexity dropped from 16→<10 by extracting
  _build_reply() and collapsing the request==None / method==exit guards
  into one branch (python:S3776).
- Dockerfile: merged the chmod + user-creation RUN layers so docker:S7031
  is satisfied without extra image layers.
- test_acme_v2: chained endswith → tuple form (python:S8513).

Codacy:
- Real bug: connection_screen called send_magic_packet(broadcast=...)
  but the wake_on_lan signature is broadcast_address=. Fixed.
- Real bug: examples 03/11/12 called default_scheduler() /
  default_hotkey_daemon() / default_trigger_engine() but those are
  module-level instances, not factories. Dropped the parens.
- autocontrol-lsp/vscode/package-lock.json: generated via
  ``npm install --package-lock-only`` so dependencies are reproducible
  (text:S8564 / Codacy lockfile rule).

False positives — tool-specific suppressions with reason:
- Semgrep dangerous-subprocess-use-audit in adb_client.py + tls_acme/
  challenge.py + test_android_adb.py (Bandit B603 already justifies; the
  argv list is hard-coded / shutil.which-resolved).
- Semgrep request-data-write in usbip/libusb_backend.py (rule expects a
  Django filesystem path; this is libusb's bulk-out endpoint write).
- Semgrep openai.import-without-guardrails in agent/backends/openai.py
  (Guardrails is an unrelated content-filter SDK; safety is handled at
  the action-executor allowlist + audit layer).
- Bandit B105 hardcoded-password in examples/16_secrets.py + B310
  url-open in examples/06_observability.py + examples/15_rest_api.py
  (demo strings + loopback URLs).
- Pylint W0622 ``format`` shadow in two ``log_message`` overrides
  (the parameter name comes from BaseHTTPRequestHandler — we can't
  rename it without breaking the protocol).

Author: JE-Chen

autocontrol-lsp/autocontrol_lsp/server/server.py

@@ -82,33 +82,35 @@ def _write_message(stream, message: Dict[str, Any]) -> None:
     stream.flush()
 
 
+def _build_reply(method, request_id, result) -> Dict[str, Any]:
+    reply: Dict[str, Any] = {"jsonrpc": "2.0", "id": request_id}
+    if result is None:
+        reply["error"] = {
+            "code": -32601, "message": f"method not found: {method}",
+        }
+    else:
+        reply["result"] = result
+    return reply
+
+
 def run(input_stream=None, output_stream=None) -> int:
     """Run the LSP loop. Returns 0 on clean shutdown, 1 on transport error."""
     inp = input_stream or sys.stdin.buffer
     out = output_stream or sys.stdout.buffer
     try:
         while True:
             request = _read_message(inp)
-            if request is None:
+            if request is None or request.get("method") == "exit":
                 return 0
             method = request.get("method")
-            if method == "exit":
-                return 0
             params = request.get("params") or {}
             result = (
                 _dispatch(method, params) if isinstance(method, str) else None
             )
             request_id = request.get("id")
             if request_id is None:
                 continue  # notification; no response needed
-            reply: Dict[str, Any] = {"jsonrpc": "2.0", "id": request_id}
-            if result is None:
-                reply["error"] = {
-                    "code": -32601, "message": f"method not found: {method}",
-                }
-            else:
-                reply["result"] = result
-            _write_message(out, reply)
+            _write_message(out, _build_reply(method, request_id, result))
     except (OSError, ValueError):
         return 1