docs(plans): credential-pool failover + approval-coalescing plans

[nnemirovsky]

Two implementation plans, both auto-reviewed by the plan-review agent and revised to address all critical/important findings.

20260515-credential-pool-failover.md

One phantom identity backed by N OAuth credentials (a pool), auto-failover to the next member on 429/401. Driving case: two OpenAI Codex accounts behind one agent.

Review-driven fixes baked in:

• Refresh attribution keyed on the injected real refresh token (not the access token, which a refresh POST need not carry), fail-closed on a missing tag, with a two-members-one-token-URL collision test.
• Pool-keyed synthetic JWT so the agent's phantom is byte-stable across member switches (resignJWT is per-real-token, which would otherwise break the "agent never notices" property).
• Synchronous in-memory health update on failover instead of waiting on the 2s data-version watcher.
• Single chokepoint for pool->member expansion across every binding.Credential/OAuthIndex.Has consumer.

20260515-approval-coalescing.md

Coalesce duplicate Telegram approval prompts by dest:port (the persisted-rule granularity), so a burst of requests to one target produces one prompt, not the reported wall of identical prompts.

Review-driven fixes baked in:

• Corrected call-site topology: only three broker.Request sites; SSH/IMAP/SMTP share the HTTP site (coalesce uniformly); MCP is the one that opts out (arg-sensitive). The original SSH opt-out was based on a non-existent site.
• Concrete Store.HasApprovalRule SELECT for idempotent persist (no migration).
• Buffered sub channels + dedicated timeout select arm so a timed-out sub can't tear down the shared waiter; Resolve snapshots subs under lock.
• Final count folded into the existing resolve edit (zero new Telegram API calls); flood-control-prone live counter split into optional Phase 2.

Both are phased with per-task test gates. Plans only — no code changes.