caa504913f
Thin parser over the existing api_keys lookup. Strips the Bearer prefix, validates the token via services/api_keys.lookup_key (which already filters revoked keys and updates last_used_at), and returns the user_id for the in-flight MCP request. Tests follow the existing mock-async_session pattern in test_api_keys.py rather than introducing a real DB fixture. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>