fix(core): stop instructing agent to run axme-code setup autonomously

Two changes that close a UX hole surfaced during PR #130 extension
E2E testing: when a chat agent calls axme_context on a workspace
where .axme-code/ is missing, the tool's previous output told the
agent to run \`axme-code setup --plugin\` via Bash unconditionally.
That works for the Claude Code plugin distribution (where setup is
not pre-run by anything else), but it backfires for the Cursor
extension path:

- The extension itself shows a "Run setup?" toast at activation,
  and the user clicks it. Setup runs once.
- The agent then opens a chat, calls axme_context, sees "not
  initialized" (race with setup finishing) OR sees a partial state
  somewhere and decides to run setup AGAIN via Bash.
- Result: duplicate D-NNN decisions across preset bundles,
  spurious 2-minute LLM-scanner re-runs on every fresh chat
  (verified empirically with /tmp/cursor-fresh-smoke during
  PR #130 testing — agent ran the second setup itself).

Setup is unambiguously a user-initiated operation. The agent must
never spawn it.

Changes
-------
src/tools/context.ts (2 messages reworded):
- "Project not initialized" branch (~line 81): drop the
  "THEN run axme-code setup --plugin via Bash" instruction. The
  message now tells the agent to relay to the user (Cursor:
  Command Palette → AXME: Setup; Claude Code: terminal
  axme-code setup) and stop. Explicitly forbids autonomous setup.
- "Deterministic scan only" warning (~line 141): same treatment
  — tell the user to re-run, do not run yourself.

src/setup/cursor-writers.ts:
- RULE_BODY (the body of .cursor/rules/axme-code.mdc written by
  setup) gains a new "NEVER run axme-code setup yourself"
  paragraph between Session Start and During Work. Closes the
  same hole at the rule level — even if axme_context's message
  is ignored, the rule itself bars the action.

No behaviour change for users on the Claude Code plugin path —
they were running setup via the plugin's own SessionStart hook
already; the autonomous Bash spawn was a redundant safety belt
that mostly fired in narrow non-plugin contexts. The new text
still lets them run it manually if they want.

Tests: 604 / 604 pass locally. No test changes needed; this only
modifies user-facing output strings.

#!axme pr=129 repo=AxmeAI/axme-code

Author: George-iam

src/setup/cursor-writers.ts

@@ -129,6 +129,13 @@ Call \`axme_context\` tool with this project's path at the start of every Cursor
 This loads: oracle, decisions, safety rules, memories, test plan, active plans.
 Do NOT skip — without context you will miss critical project rules.
 
+### NEVER run \`axme-code setup\` yourself
+Setup is the user's job. The Cursor extension offers a "Run setup?" toast on
+first activation; the user can also run \`AXME: Setup\` from the Command
+Palette. **Do not invoke \`axme-code setup\` via Bash autonomously**, even if
+\`axme_context\` returns "not initialized" — just relay the message to the
+user and wait.
+
 ### During Work
 - Error pattern or successful approach discovered → call \`axme_save_memory\` immediately.
 - Architectural decision made or discovered → call \`axme_save_decision\` immediately.

src/tools/context.ts

@@ -78,7 +78,7 @@ export function getFullContextSections(projectPath: string, workspacePath?: stri
     if (pathExists(setupLock)) {
       return [parts[0] + "\n\nSetup is already running. Wait for it to finish, then call axme_context again."];
     }
-    return [parts[0] + "\n\nProject not initialized. FIRST tell the user: 'Initializing AXME Code knowledge base for this project. This takes 1-2 minutes on first run.' THEN run `axme-code setup --plugin` via Bash tool. Do NOT ask permission — just inform and run."];
+    return [parts[0] + "\n\nProject not initialized — `.axme-code/` is missing in this workspace. **Do NOT run `axme-code setup` yourself.** Initialization is the user's job (Cursor: run `AXME: Setup` from Command Palette; Claude Code: run `axme-code setup` in terminal). Tell the user this and stop; once they finish setup, call `axme_context` again and the knowledge base will load."];
   }
 
   // Safety rules (small, always inline)
@@ -138,7 +138,7 @@ export function getFullContextSections(projectPath: string, workspacePath?: stri
     const files = loadOracleFiles(projectPath);
     const oracleIsMinimal = files && files.stack.length < 200 && !files.patterns.includes("CLAUDE.md");
     if (oracleIsMinimal) {
-      parts.push("**WARNING:** This project was initialized with deterministic scan only (no LLM). Run `axme-code setup " + projectPath + "` for deep LLM scan.");
+      parts.push("**WARNING:** This project was initialized with deterministic scan only (no LLM). Tell the user to re-run `axme-code setup " + projectPath + "` for a deep LLM scan. **Do not run it yourself** — initialization is the user's job.");
     }
   }