feat: Add Amp CLI integration with comprehensive documentation

Add full Amp CLI support to enable routing AI model requests through the proxy
while maintaining Amp-specific features like thread management, user info, and
telemetry. Includes complete documentation and pull bot configuration.

Features:
- Modular architecture with RouteModule interface for clean integration
- Reverse proxy for Amp management routes (thread/user/meta/ads/telemetry)
- Provider-specific route aliases (/api/provider/{provider}/*)
- Secret management with precedence: config > env > file
- 5-minute secret caching to reduce file I/O
- Automatic gzip decompression for responses
- Proper connection cleanup to prevent leaks
- Localhost-only restriction for management routes (configurable)
- CORS protection for management endpoints

Documentation:
- Complete setup guide (USING_WITH_FACTORY_AND_AMP.md)
- OAuth setup for OpenAI (ChatGPT Plus/Pro) and Anthropic (Claude Pro/Max)
- Factory CLI config examples with all model variants
- Amp CLI/IDE configuration examples
- tmux setup for remote server deployment
- Screenshots and diagrams

Configuration:
- Pull bot disabled for this repo (manual rebase workflow)
- Config fields: AmpUpstreamURL, AmpUpstreamAPIKey, AmpRestrictManagementToLocalhost
- Compatible with upstream DisableCooling and other features

Technical details:
- internal/api/modules/amp/: Complete Amp routing module
- sdk/api/httpx/: HTTP utilities for gzip/transport
- 94.6% test coverage with 34 comprehensive test cases
- Clean integration minimizes merge conflict risk

Security:
- Management routes restricted to localhost by default
- Configurable via amp-restrict-management-to-localhost
- Prevents drive-by browser attacks on user data

This provides a production-ready foundation for Amp CLI integration while
maintaining clean separation from upstream code for easy rebasing.

Amp-Thread-ID: https://ampcode.com/threads/T-9e2befc5-f969-41c6-890c-5b779d58cf18

internal/api/modules/amp/proxy.go

@@ -0,0 +1,176 @@
+package amp
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+
+// readCloser wraps a reader and forwards Close to a separate closer.
+// Used to restore peeked bytes while preserving upstream body Close behavior.
+type readCloser struct {
+	r io.Reader
+	c io.Closer
+}
+
+func (rc *readCloser) Read(p []byte) (int, error) { return rc.r.Read(p) }
+func (rc *readCloser) Close() error               { return rc.c.Close() }
+
+// createReverseProxy creates a reverse proxy handler for Amp upstream
+// with automatic gzip decompression via ModifyResponse
+func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputil.ReverseProxy, error) {
+	parsed, err := url.Parse(upstreamURL)
+	if err != nil {
+		return nil, fmt.Errorf("invalid amp upstream url: %w", err)
+	}
+
+	proxy := httputil.NewSingleHostReverseProxy(parsed)
+	originalDirector := proxy.Director
+
+	// Modify outgoing requests to inject API key and fix routing
+	proxy.Director = func(req *http.Request) {
+		originalDirector(req)
+		req.Host = parsed.Host
+
+		// Preserve correlation headers for debugging
+		if req.Header.Get("X-Request-ID") == "" {
+			// Could generate one here if needed
+		}
+
+		// Inject API key from secret source (precedence: config > env > file)
+		if key, err := secretSource.Get(req.Context()); err == nil && key != "" {
+			req.Header.Set("X-Api-Key", key)
+			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", key))
+		} else if err != nil {
+			log.Warnf("amp secret source error (continuing without auth): %v", err)
+		}
+	}
+
+	// Modify incoming responses to handle gzip without Content-Encoding
+	// This addresses the same issue as inline handler gzip handling, but at the proxy level
+	proxy.ModifyResponse = func(resp *http.Response) error {
+		// Only process successful responses
+		if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+			return nil
+		}
+
+		// Skip if already marked as gzip (Content-Encoding set)
+		if resp.Header.Get("Content-Encoding") != "" {
+			return nil
+		}
+
+		// Skip streaming responses (SSE, chunked)
+		if isStreamingResponse(resp) {
+			return nil
+		}
+
+		// Save reference to original upstream body for proper cleanup
+		originalBody := resp.Body
+
+		// Peek at first 2 bytes to detect gzip magic bytes
+		header := make([]byte, 2)
+		n, _ := io.ReadFull(originalBody, header)
+		
+		// Check for gzip magic bytes (0x1f 0x8b)
+		// If n < 2, we didn't get enough bytes, so it's not gzip
+		if n >= 2 && header[0] == 0x1f && header[1] == 0x8b {
+			// It's gzip - read the rest of the body
+			rest, err := io.ReadAll(originalBody)
+			if err != nil {
+				// Restore what we read and return original body (preserve Close behavior)
+				resp.Body = &readCloser{
+					r: io.MultiReader(bytes.NewReader(header[:n]), originalBody),
+					c: originalBody,
+				}
+				return nil
+			}
+			
+			// Reconstruct complete gzipped data
+			gzippedData := append(header[:n], rest...)
+
+			// Decompress
+			gzipReader, err := gzip.NewReader(bytes.NewReader(gzippedData))
+			if err != nil {
+				log.Warnf("amp proxy: gzip header detected but decompress failed: %v", err)
+				// Close original body and return in-memory copy
+				_ = originalBody.Close()
+				resp.Body = io.NopCloser(bytes.NewReader(gzippedData))
+				return nil
+			}
+
+			decompressed, err := io.ReadAll(gzipReader)
+			_ = gzipReader.Close()
+			if err != nil {
+				log.Warnf("amp proxy: gzip decompress error: %v", err)
+				// Close original body and return in-memory copy
+				_ = originalBody.Close()
+				resp.Body = io.NopCloser(bytes.NewReader(gzippedData))
+				return nil
+			}
+
+			// Close original body since we're replacing with in-memory decompressed content
+			_ = originalBody.Close()
+
+			// Replace body with decompressed content
+			resp.Body = io.NopCloser(bytes.NewReader(decompressed))
+			resp.ContentLength = int64(len(decompressed))
+
+			// Update headers to reflect decompressed state
+			resp.Header.Del("Content-Encoding")                                      // No longer compressed
+			resp.Header.Del("Content-Length")                                        // Remove stale compressed length
+			resp.Header.Set("Content-Length", strconv.FormatInt(resp.ContentLength, 10)) // Set decompressed length
+
+			log.Debugf("amp proxy: decompressed gzip response (%d -> %d bytes)", len(gzippedData), len(decompressed))
+		} else {
+			// Not gzip - restore peeked bytes while preserving Close behavior
+			// Handle edge cases: n might be 0, 1, or 2 depending on EOF
+			resp.Body = &readCloser{
+				r: io.MultiReader(bytes.NewReader(header[:n]), originalBody),
+				c: originalBody,
+			}
+		}
+
+		return nil
+	}
+
+	// Error handler for proxy failures
+	proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) {
+		log.Errorf("amp upstream proxy error for %s %s: %v", req.Method, req.URL.Path, err)
+		rw.Header().Set("Content-Type", "application/json")
+		rw.WriteHeader(http.StatusBadGateway)
+		_, _ = rw.Write([]byte(`{"error":"amp_upstream_proxy_error","message":"Failed to reach Amp upstream"}`))
+	}
+
+	return proxy, nil
+}
+
+// isStreamingResponse detects if the response is streaming (SSE only)
+// Note: We only treat text/event-stream as streaming. Chunked transfer encoding
+// is a transport-level detail and doesn't mean we can't decompress the full response.
+// Many JSON APIs use chunked encoding for normal responses.
+func isStreamingResponse(resp *http.Response) bool {
+	contentType := resp.Header.Get("Content-Type")
+
+	// Only Server-Sent Events are true streaming responses
+	if strings.Contains(contentType, "text/event-stream") {
+		return true
+	}
+
+	return false
+}
+
+// proxyHandler converts httputil.ReverseProxy to gin.HandlerFunc
+func proxyHandler(proxy *httputil.ReverseProxy) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		proxy.ServeHTTP(c.Writer, c.Request)
+	}
+}