What this PR does

Before this PR:

Swagger UI at /api-docs showed "No operations defined in spec!" because swagger-jsdoc attempted to scan .ts source files at runtime, but in the bundled Electron app (compiled into a single out/main/index.js), the source files are unavailable. Additionally, GET / only listed the health endpoint.

After this PR:

• OpenAPI spec is generated at build time via pnpm generate:openapi, producing a static openapi-spec.json that is imported at runtime
• Swagger UI correctly displays all 17 API operations
• GET / lists all available API endpoints
• MCP proxy endpoint (/v1/mcps/:server_id/mcp) now has swagger documentation
• CI checks that the committed spec stays in sync with source annotations via pnpm openapi:check

Why we need it and why it was done in this way

The following tradeoffs were made:

• The generated openapi-spec.json is committed to the repo so that typecheck works without running the generator first. A --check mode verifies it stays in sync with annotations.
• swagger-jsdoc is moved to devDependencies since it's only used at build time, reducing the production bundle size.

The following alternatives were considered:

• Using require() instead of import to avoid typecheck dependency on the generated file — rejected because import is cleaner and the file is committed anyway.
• Gitignoring the generated file and regenerating in CI — rejected because it adds unnecessary CI complexity and the file serves as a reviewable API surface.

Breaking changes

None.

Special notes for your reviewer

• The openapi:check script does a semantic JSON comparison (parse + stringify both sides) so that Biome formatting differences don't cause false failures.
• The MCP proxy route uses router.all() in Express but is documented as post: in the swagger annotation since all: is not a valid OpenAPI 3.0 operation verb.

Checklist

• PR: The PR description is expressive enough and will help future contributors
• Code: Write code that humans can understand and Keep it simple
• Refactor: You have left the code cleaner than you found it (Boy Scout Rule)
• Upgrade: Impact of this change on upgrade flows was considered and addressed if required
• Documentation: A user-guide update was considered and is present (link) or not required. Check this only when the PR introduces or changes a user-facing feature or behavior.
• Self-review: I have reviewed my own code (e.g., via /gh-pr-review, gh pr diff, or GitHub UI) before requesting review from others

Release note

Fix API documentation page (`/api-docs`) showing "No operations defined in spec!" by moving OpenAPI spec generation to build time. The root endpoint (`GET /`) now lists all available API endpoints.