feat: --dangerously-skip-permissions + user orchestrator

Changes:
- claude_provider.py: Added --dangerously-skip-permissions flag
- docs/DEPLOYMENT.md: Full deployment documentation

Why:
- Claude CLI blocks --dangerously-skip-permissions with root
- Created non-root user "orchestrator" to run agents without confirmations
- Service now runs as User=orchestrator

Architecture:
- /home/orchestrator/orchestrator/ - Orchestrator code
- /opt/architect-app-v2/ - Web panel
- User orchestrator owns SSH keys and can execute commands

docs/DEPLOYMENT.md

@@ -0,0 +1,101 @@
+# Deployment - TZZR Orchestrator
+
+## Arquitectura del Servidor
+
+```
+Servidor: 69.62.126.110 (tzzrarchitect)
+├── Usuario: orchestrator (no-root)
+│   ├── /home/orchestrator/orchestrator/  # Orchestrator + venv
+│   └── /home/orchestrator/.ssh/tzzr      # Claves SSH
+├── /opt/architect-app-v2/                # Architect App v3.0
+└── Docker
+    └── gitea (puerto 3000)               # Repositorios
+```
+
+## Por qué usuario no-root
+
+Claude CLI bloquea `--dangerously-skip-permissions` con root por seguridad.
+Crear un usuario `orchestrator` permite que los agentes ejecuten comandos sin confirmación.
+
+| Usuario | --dangerously-skip-permissions | Acceso sistema |
+|---------|-------------------------------|----------------|
+| root | Bloqueado | Total |
+| orchestrator | Funciona | Limitado |
+
+## Configuración del Usuario
+
+```bash
+# Crear usuario
+useradd -m -s /bin/bash orchestrator
+
+# Copiar orchestrator
+cp -r /opt/orchestrator /home/orchestrator/
+chown -R orchestrator:orchestrator /home/orchestrator/orchestrator
+
+# Copiar claves SSH
+mkdir -p /home/orchestrator/.ssh
+cp /root/.ssh/tzzr /home/orchestrator/.ssh/
+cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/
+chown -R orchestrator:orchestrator /home/orchestrator/.ssh
+chmod 700 /home/orchestrator/.ssh
+chmod 600 /home/orchestrator/.ssh/tzzr
+
+# Login de Claude Code
+su - orchestrator
+cd orchestrator && source .venv/bin/activate
+claude  # Autenticar con cuenta Anthropic
+```
+
+## Servicio Systemd
+
+`/etc/systemd/system/architect-app.service`:
+
+```ini
+[Unit]
+Description=Architect App v2
+After=network.target
+
+[Service]
+User=orchestrator
+WorkingDirectory=/home/orchestrator/orchestrator
+ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Comandos:
+```bash
+systemctl daemon-reload
+systemctl restart architect-app
+systemctl status architect-app
+journalctl -u architect-app -f
+```
+
+## ClaudeProvider con --dangerously-skip-permissions
+
+El archivo `orchestrator/providers/claude_provider.py` construye el comando:
+
+```python
+cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"]
+```
+
+## Rutas Importantes
+
+| Ruta | Descripcion |
+|------|-------------|
+| /home/orchestrator/orchestrator/ | Codigo del orchestrator |
+| /home/orchestrator/orchestrator/.venv/ | Virtual environment |
+| /home/orchestrator/.ssh/tzzr | Clave SSH |
+| /opt/architect-app-v2/ | Architect App |
+| /opt/architect-app-v2/data/ | SQLite + config |
+
+## Acceso Manual
+
+```bash
+su - orchestrator
+cd orchestrator && source .venv/bin/activate
+python orchestrator/main.py
+```

orchestrator/providers/claude_provider.py

@@ -73,7 +73,7 @@ class ClaudeProvider(BaseProvider):
         system_prompt: Optional[str] = None,
         max_turns: Optional[int] = None,
     ) -> list[str]:
-        cmd = [self.cli_path, "-p", prompt, "--output-format", "json"]
+        cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"]
         
         resolved_model = self._resolve_model(self.model)
         cmd.extend(["--model", resolved_model])