fix: address 18 CRITICAL+HIGH PR review comments

**Critical Fixes (7 issues):**
- Fix GraphQL schema field names in users tool (role→roles, remove email)
- Fix GraphQL mutation signatures (addUserInput, deleteUser input)
- Fix dict(None) TypeError guards in users tool (use `or {}` pattern)
- Fix FastAPI version constraint (0.116.1→0.115.0)
- Fix WebSocket SSL context handling (support CA bundles, bool, and None)
- Fix critical disk threshold treated as warning (split counters)

**High Priority Fixes (11 issues):**
- Fix Docker update/remove action response field mapping
- Fix path traversal vulnerability in log validation (normalize paths)
- Fix deleteApiKeys validation (check response before success)
- Fix rclone create_remote validation (check response)
- Fix keys input_data type annotation (dict[str, Any])
- Fix VM domain/domains fallback restoration

**Changes by file:**
- unraid_mcp/tools/docker.py: Response field mapping
- unraid_mcp/tools/info.py: Split critical/warning counters
- unraid_mcp/tools/storage.py: Path normalization for traversal protection
- unraid_mcp/tools/users.py: GraphQL schema + null handling
- unraid_mcp/tools/keys.py: Validation + type annotations
- unraid_mcp/tools/rclone.py: Response validation
- unraid_mcp/tools/virtualization.py: Domain fallback
- unraid_mcp/subscriptions/manager.py: SSL context creation
- pyproject.toml: FastAPI version fix
- tests/*: New tests for all fixes

**Review threads resolved:**
PRRT_kwDOO6Hdxs5uu70L, PRRT_kwDOO6Hdxs5uu70O, PRRT_kwDOO6Hdxs5uu70V,
PRRT_kwDOO6Hdxs5uu70e, PRRT_kwDOO6Hdxs5uu70i, PRRT_kwDOO6Hdxs5uu7zn,
PRRT_kwDOO6Hdxs5uu7z_, PRRT_kwDOO6Hdxs5uu7sI, PRRT_kwDOO6Hdxs5uu7sJ,
PRRT_kwDOO6Hdxs5uu7sK, PRRT_kwDOO6Hdxs5uu7Tk, PRRT_kwDOO6Hdxs5uu7Tn,
PRRT_kwDOO6Hdxs5uu7Tr, PRRT_kwDOO6Hdxs5uu7Ts, PRRT_kwDOO6Hdxs5uu7Tu,
PRRT_kwDOO6Hdxs5uu7Tv, PRRT_kwDOO6Hdxs5uu7Tw, PRRT_kwDOO6Hdxs5uu7Tx

All tests passing.

Co-authored-by: docker-fixer <agent@pr-fixes>
Co-authored-by: info-fixer <agent@pr-fixes>
Co-authored-by: storage-fixer <agent@pr-fixes>
Co-authored-by: users-fixer <agent@pr-fixes>
Co-authored-by: config-fixer <agent@pr-fixes>
Co-authored-by: websocket-fixer <agent@pr-fixes>
Co-authored-by: keys-rclone-fixer <agent@pr-fixes>
Co-authored-by: vm-fixer <agent@pr-fixes>

skills/unraid/references/quick-reference.md

@@ -0,0 +1,219 @@
+# Unraid API Quick Reference
+
+Quick reference for the most common Unraid GraphQL API queries.
+
+## Setup
+
+```bash
+# Set environment variables
+export UNRAID_URL="https://your-unraid-server/graphql"
+export UNRAID_API_KEY="your-api-key-here"
+
+# Or use the helper script directly
+./scripts/unraid-query.sh -u "$UNRAID_URL" -k "$API_KEY" -q "{ online }"
+```
+
+## Common Queries
+
+### System Status
+```graphql
+{ 
+  online 
+  metrics { 
+    cpu { percentTotal } 
+    memory { total used free percentTotal } 
+  } 
+}
+```
+
+### Array Status
+```graphql
+{ 
+  array { 
+    state 
+    parityCheckStatus { status progress errors } 
+  } 
+}
+```
+
+### Disk List with Temperatures
+```graphql
+{ 
+  array { 
+    disks { 
+      name 
+      device 
+      temp 
+      status 
+      fsSize 
+      fsFree 
+      isSpinning 
+    } 
+  } 
+}
+```
+
+### All Physical Disks (including USB/SSDs)
+```graphql
+{ 
+  disks { 
+    id 
+    name 
+  } 
+}
+```
+
+### Network Shares
+```graphql
+{ 
+  shares { 
+    name 
+    comment 
+  } 
+}
+```
+
+### Docker Containers
+```graphql
+{ 
+  docker { 
+    containers { 
+      id 
+      names 
+      image 
+      state 
+      status 
+    } 
+  } 
+}
+```
+
+### Virtual Machines
+```graphql
+{ 
+  vms { 
+    id 
+    name 
+    state 
+    cpus 
+    memory 
+  } 
+}
+```
+
+### List Log Files
+```graphql
+{ 
+  logFiles { 
+    name 
+    size 
+    modifiedAt 
+  } 
+}
+```
+
+### Read Log Content
+```graphql
+{ 
+  logFile(path: "syslog", lines: 20) { 
+    content 
+    totalLines 
+  } 
+}
+```
+
+### System Info
+```graphql
+{ 
+  info { 
+    time 
+    cpu { model cores threads } 
+    os { distro release } 
+    system { manufacturer model } 
+  } 
+}
+```
+
+### UPS Devices
+```graphql
+{ 
+  upsDevices { 
+    id 
+    name 
+    status 
+    charge 
+    load 
+  } 
+}
+```
+
+### Notifications
+
+**Counts:**
+```graphql
+{ 
+  notifications { 
+    overview { 
+      unread { info warning alert total } 
+      archive { info warning alert total } 
+    } 
+  } 
+}
+```
+
+**List Unread:**
+```graphql
+{ 
+  notifications { 
+    list(filter: { type: UNREAD, offset: 0, limit: 10 }) { 
+      id 
+      subject 
+      description 
+      timestamp 
+    } 
+  } 
+}
+```
+
+**List Archived:**
+```graphql
+{ 
+  notifications { 
+    list(filter: { type: ARCHIVE, offset: 0, limit: 10 }) { 
+      id 
+      subject 
+      description 
+      timestamp 
+    } 
+  } 
+}
+```
+
+## Field Name Notes
+
+- Use `metrics` for real-time usage (CPU/memory percentages)
+- Use `info` for hardware specs (cores, model, etc.)
+- Temperature field is `temp` (not `temperature`)
+- Status field is `state` for array (not `status`)
+- Sizes are in kilobytes
+- Temperatures are in Celsius
+
+## Response Structure
+
+All responses follow this pattern:
+```json
+{
+  "data": {
+    "queryName": { ... }
+  }
+}
+```
+
+Errors appear in:
+```json
+{
+  "errors": [
+    { "message": "..." }
+  ]
+}
+```