Add tool search, centralized key storage, PTAB updates, and thread-safe proxy startup

Implements four major enhancements to improve context efficiency, user experience, API compatibility, and reliability:

1. Tool Search Configuration (60-75% token reduction)
   - Add SERVER_INSTRUCTIONS for Claude Code v2.1.7+ tool search
   - Make 3 tools always-available: fpd_search_petitions_minimal, fpd_get_petition_details, fpd_get_guidance
   - Enable progressive disclosure for remaining tools (on-demand loading)

2. Centralized Linux Key Storage
   - Add key detection functions to Validation-Helpers.sh
   - Implement prompt_and_validate_uspto_key() with existing key detection
   - Implement prompt_and_validate_mistral_key() with existing key detection
   - Users only enter API keys once across all 4 USPTO MCPs (PFW, FPD, PTAB, Citations)

3. PTAB Tool Reference Updates
   - Update all references from ptab_search_proceedings_minimal to search_trials_minimal
   - Reflect PTAB API changes (new tool names and progressive disclosure)
   - Add PTAB fields parameter documentation to tool_reflections.py
   - Update 4 prompt files: art_unit_quality_assessment, company_petition_risk_assessment_pfw, patent_vulnerability_assessment_ptab, complete_portfolio_due_diligence_pfw_ptab

4. On-Demand Proxy Startup Fix
   - Add asyncio.Lock to prevent race conditions on concurrent downloads
   - Implement double-check pattern (fast path + lock + double-check)
   - Add health check verification after proxy startup
   - Enhanced error handling and logging with emoji status messages

All changes verified and tested according to implementation plan.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: john-walkoe

deploy/Validation-Helpers.sh

@@ -84,6 +84,247 @@ validate_mistral_api_key() {
     return 0
 }
 
+# ============================================
+# Existing Key Detection Functions
+# ============================================
+
+# Check if USPTO API key exists in secure storage
+check_existing_uspto_key() {
+    if [[ -f "$HOME/.uspto_api_key" ]]; then
+        return 0  # Exists
+    else
+        return 1  # Does not exist
+    fi
+}
+
+# Check if Mistral API key exists in secure storage
+check_existing_mistral_key() {
+    if [[ -f "$HOME/.mistral_api_key" ]]; then
+        return 0  # Exists
+    else
+        return 1  # Does not exist
+    fi
+}
+
+# Load existing USPTO key from secure storage (uses Python)
+load_existing_uspto_key() {
+    # Use Python to load from secure storage
+    python3 << 'EOF'
+import sys
+from pathlib import Path
+sys.path.insert(0, str(Path.cwd() / 'src'))
+
+try:
+    from fpd_mcp.shared_secure_storage import get_uspto_api_key
+    key = get_uspto_api_key()
+    if key:
+        print(key)
+        sys.exit(0)
+    else:
+        sys.exit(1)
+except Exception as e:
+    sys.exit(1)
+EOF
+}
+
+# Load existing Mistral key from secure storage (uses Python)
+load_existing_mistral_key() {
+    # Use Python to load from secure storage
+    python3 << 'EOF'
+import sys
+from pathlib import Path
+sys.path.insert(0, str(Path.cwd() / 'src'))
+
+try:
+    from fpd_mcp.shared_secure_storage import get_mistral_api_key
+    key = get_mistral_api_key()
+    if key:
+        print(key)
+        sys.exit(0)
+    else:
+        sys.exit(1)
+except Exception as e:
+    sys.exit(1)
+EOF
+}
+
+# Mask API key for display (show last 5 characters)
+mask_api_key() {
+    local key="$1"
+    local key_length=${#key}
+
+    if [[ $key_length -le 5 ]]; then
+        echo "$key"  # Too short to mask
+    else
+        echo "...${key: -5}"
+    fi
+}
+
+# Prompt user if they want to use existing key
+prompt_use_existing_key() {
+    local key_type="$1"  # "USPTO" or "Mistral"
+    local masked_key="$2"
+
+    echo ""
+    echo -e "${GREEN}✓ Detected existing $key_type API key in secure storage${NC}"
+    echo -e "  Key (masked): ${masked_key}"
+    echo ""
+    read -p "Would you like to use this existing key? (Y/n): " USE_EXISTING
+    USE_EXISTING=${USE_EXISTING:-Y}
+
+    if [[ "$USE_EXISTING" =~ ^[Yy]$ ]]; then
+        return 0  # Use existing
+    else
+        return 1  # Don't use existing
+    fi
+}
+
+# Securely read API key (no echo to terminal)
+read_api_key_secure() {
+    local prompt="$1"
+    local varname="$2"
+
+    read -s -p "$prompt: " $varname
+    echo  # Newline after hidden input
+}
+
+# Prompt for API key with validation loop (with existing key detection)
+prompt_and_validate_uspto_key() {
+    local key=""
+    local max_attempts=3
+    local attempt=0
+
+    # STEP 1: Check if key already exists in secure storage
+    if check_existing_uspto_key; then
+        echo -e "${YELLOW}ℹ Checking existing USPTO API key from another USPTO MCP installation...${NC}"
+
+        # Try to load the existing key
+        local existing_key=$(load_existing_uspto_key)
+        if [[ $? -eq 0 && -n "$existing_key" ]]; then
+            # Mask the key for display
+            local masked_key=$(mask_api_key "$existing_key")
+
+            # Ask user if they want to use it
+            if prompt_use_existing_key "USPTO" "$masked_key"; then
+                echo -e "${GREEN}✓ Using existing USPTO API key from secure storage${NC}"
+                echo "$existing_key"
+                return 0
+            else
+                echo -e "${YELLOW}ℹ You chose to enter a new USPTO API key${NC}"
+                echo -e "${RED}⚠ This will OVERWRITE the existing key for ALL USPTO MCPs${NC}"
+                read -p "Are you sure you want to continue? (y/N): " CONFIRM_OVERWRITE
+                if [[ ! "$CONFIRM_OVERWRITE" =~ ^[Yy]$ ]]; then
+                    echo -e "${GREEN}ℹ Keeping existing key${NC}"
+                    echo "$existing_key"
+                    return 0
+                fi
+            fi
+        else
+            echo -e "${YELLOW}⚠ Existing key file found but could not load (may be corrupted)${NC}"
+            echo -e "${YELLOW}ℹ You will need to enter a new key${NC}"
+        fi
+    fi
+
+    # STEP 2: Prompt for new key (either no existing key, or user wants to override)
+    while [[ $attempt -lt $max_attempts ]]; do
+        ((attempt++))
+
+        read_api_key_secure "Enter your USPTO API key" key
+
+        if [[ -z "$key" ]]; then
+            echo -e "${RED}ERROR: USPTO API key cannot be empty${NC}"
+            if [[ $attempt -lt $max_attempts ]]; then
+                echo -e "${YELLOW}Attempt $attempt of $max_attempts${NC}"
+            fi
+            continue
+        fi
+
+        if validate_uspto_api_key "$key"; then
+            # Success - return key via echo
+            echo "$key"
+            return 0
+        else
+            if [[ $attempt -lt $max_attempts ]]; then
+                echo -e "${YELLOW}Attempt $attempt of $max_attempts - please try again${NC}"
+                echo -e "${YELLOW}USPTO API key format: 30 lowercase letters (a-z)${NC}"
+            fi
+        fi
+    done
+
+    echo -e "${RED}ERROR: Failed to provide valid USPTO API key after $max_attempts attempts${NC}"
+    return 1
+}
+
+# Prompt for Mistral API key with validation loop (optional, with existing key detection)
+prompt_and_validate_mistral_key() {
+    local key=""
+    local max_attempts=3
+    local attempt=0
+
+    # STEP 1: Check if key already exists in secure storage
+    if check_existing_mistral_key; then
+        echo -e "${YELLOW}ℹ Checking existing Mistral API key from another USPTO MCP installation...${NC}"
+
+        # Try to load the existing key
+        local existing_key=$(load_existing_mistral_key)
+        if [[ $? -eq 0 && -n "$existing_key" ]]; then
+            # Mask the key for display
+            local masked_key=$(mask_api_key "$existing_key")
+
+            # Ask user if they want to use it
+            if prompt_use_existing_key "Mistral" "$masked_key"; then
+                echo -e "${GREEN}✓ Using existing Mistral API key from secure storage${NC}"
+                echo "$existing_key"
+                return 0
+            else
+                echo -e "${YELLOW}ℹ You chose to enter a new Mistral API key${NC}"
+                echo -e "${RED}⚠ This will OVERWRITE the existing key for ALL USPTO MCPs${NC}"
+                read -p "Are you sure you want to continue? (y/N): " CONFIRM_OVERWRITE
+                if [[ ! "$CONFIRM_OVERWRITE" =~ ^[Yy]$ ]]; then
+                    echo -e "${GREEN}ℹ Keeping existing key${NC}"
+                    echo "$existing_key"
+                    return 0
+                fi
+            fi
+        else
+            echo -e "${YELLOW}⚠ Existing key file found but could not load (may be corrupted)${NC}"
+            echo -e "${YELLOW}ℹ You will need to enter a new key${NC}"
+        fi
+    fi
+
+    # STEP 2: Prompt for new key (either no existing key, or user wants to override)
+    echo -e "${YELLOW}ℹ Mistral API key is OPTIONAL (for OCR on scanned documents)${NC}"
+    echo -e "${YELLOW}ℹ Press Enter to skip, or enter your 32-character Mistral API key${NC}"
+    echo
+
+    while [[ $attempt -lt $max_attempts ]]; do
+        ((attempt++))
+
+        read_api_key_secure "Enter your Mistral API key (or press Enter to skip)" key
+
+        # Empty is OK (optional)
+        if [[ -z "$key" ]]; then
+            echo -e "${YELLOW}ℹ Skipping Mistral API key (OCR disabled)${NC}"
+            echo ""  # Return empty string
+            return 0
+        fi
+
+        if validate_mistral_api_key "$key"; then
+            # Success - return key
+            echo "$key"
+            return 0
+        else
+            if [[ $attempt -lt $max_attempts ]]; then
+                echo -e "${YELLOW}Attempt $attempt of $max_attempts - please try again${NC}"
+                echo -e "${YELLOW}Mistral API key format: 32 alphanumeric characters (a-z, A-Z, 0-9)${NC}"
+            fi
+        fi
+    done
+
+    echo -e "${RED}ERROR: Failed to provide valid Mistral API key after $max_attempts attempts${NC}"
+    return 1
+}
+
 # Test function (run with: bash Validation-Helpers.sh test)
 if [[ "${BASH_SOURCE[0]}" == "${0}" ]] && [[ "$1" == "test" ]]; then
     echo "Testing API Key Validation..."

src/fpd_mcp/config/tool_reflections.py

@@ -254,7 +254,7 @@ def _get_workflows_ptab_section() -> str:
    ```
 3. **PTAB:** Check for post-grant challenges
    ```python
-   ptab_search_proceedings_minimal(patent_number='11788453')
+   search_trials_minimal(patent_number='11788453')
    ```
 4. Correlation Analysis:
    - Patents with denied examiner dispute petitions → Higher PTAB vulnerability
@@ -267,6 +267,29 @@ def _get_workflows_ptab_section() -> str:
 - High petition frequency + PTAB institution = Pattern of prosecution problems
 
 **Value:** Predict PTAB vulnerability based on prosecution petition patterns
+
+### PTAB Search Tool Parameters
+
+**All PTAB search tools support:**
+- `patent_number`: Patent number (e.g., '10701173')
+- `petitioner_name`: Party filing the challenge
+- `patent_owner_name`: Patent owner name
+- `trial_type`: 'IPR', 'PGR', 'CBM'
+- `trial_status`: Status category
+- `tech_center`: Technology center (e.g., '2600')
+- `filing_date_from/to`: Date range filters
+- `fields`: Ultra-minimal field selection (99% context reduction)
+- `limit`: Max results (default 50, max 100)
+
+**Example - Ultra-minimal PTAB query:**
+```python
+# Only 2 fields - 99% context reduction
+search_trials_minimal(
+    patent_number='10701173',
+    fields=['trialNumber', 'trialMetaData.trialStatusCategory'],
+    limit=20
+)
+```
 """
 
 
@@ -382,7 +405,7 @@ def _get_workflows_complete_section() -> str:
 
 4. **PTAB Challenge Analysis (PTAB)** - For granted patents
    ```python
-   ptab_search_proceedings_minimal(patent_number=patent_num)
+   search_trials_minimal(patent_number=patent_num)
    ```
    Assess post-grant challenge exposure
 
@@ -645,7 +668,7 @@ def _get_tools_section() -> str:
 - Action: Full details and document access
 
 **Stage 5: Cross-MCP**
-- Tools: pfw_search_applications, ptab_search_proceedings
+- Tools: pfw_search_applications, search_trials
 - Action: Cross-reference with prosecution and PTAB
 """