feat: gate create_silence behind --enable-silences flag

The create_silence tool is a write operation that can suppress alerts.
Disable it by default and require explicit opt-in via --enable-silences
CLI flag (or enableSilences NixOS option) as a safety measure.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/monitoring/handlers.go

@@ -18,8 +18,8 @@ func AlertSummary(am *AlertmanagerClient) string {
 	silenced := false
 	inhibited := false
 	alerts, err := am.ListAlerts(context.Background(), AlertFilters{
-		Active:   &active,
-		Silenced: &silenced,
+		Active:    &active,
+		Silenced:  &silenced,
 		Inhibited: &inhibited,
 	})
 	if err != nil || len(alerts) == 0 {
@@ -54,8 +54,15 @@ func AlertSummary(am *AlertmanagerClient) string {
 		len(alerts), strings.Join(parts, ", "))
 }
 
+// HandlerOptions configures which handlers are registered.
+type HandlerOptions struct {
+	// EnableSilences enables the create_silence tool, which is a write operation.
+	// Disabled by default as a safety measure.
+	EnableSilences bool
+}
+
 // RegisterHandlers registers all monitoring tool handlers on the MCP server.
-func RegisterHandlers(server *mcp.Server, prom *PrometheusClient, am *AlertmanagerClient) {
+func RegisterHandlers(server *mcp.Server, prom *PrometheusClient, am *AlertmanagerClient, opts HandlerOptions) {
 	server.RegisterTool(listAlertsTool(), makeListAlertsHandler(am))
 	server.RegisterTool(getAlertTool(), makeGetAlertHandler(am))
 	server.RegisterTool(searchMetricsTool(), makeSearchMetricsHandler(prom))
@@ -63,7 +70,9 @@ func RegisterHandlers(server *mcp.Server, prom *PrometheusClient, am *Alertmanag
 	server.RegisterTool(queryTool(), makeQueryHandler(prom))
 	server.RegisterTool(listTargetsTool(), makeListTargetsHandler(prom))
 	server.RegisterTool(listSilencesTool(), makeListSilencesHandler(am))
-	server.RegisterTool(createSilenceTool(), makeCreateSilenceHandler(am))
+	if opts.EnableSilences {
+		server.RegisterTool(createSilenceTool(), makeCreateSilenceHandler(am))
+	}
 }
 
 // Tool definitions