docs: canonicalize hosted MCP endpoint to taskade.com/mcp (closes #6)

[johnxie]

Decision: use the live hosted endpoint at https://taskade.com/mcp rather than standing up a separate mcp.taskade.com subdomain (no new infra, no redirect/rewrite fragility).

Verified

https://taskade.com/mcp is an OAuth-protected remote MCP server:

• WWW-Authenticate: Bearer realm="mcp" on unauthenticated requests
• OAuth discovery live at /.well-known/oauth-authorization-server (200) + resource metadata under /mcp/.well-known/oauth-protected-resource

So remote-capable MCP clients authorize via browser — true zero-install, no API key to copy.

Changes

• Add a prominent zero-install hosted-endpoint callout to Quick Start pointing at https://taskade.com/mcp.
• Remove the planned mcp.taskade.com roadmap item — superseded by the live endpoint.

Closes #6. cc @deanzaka @lxcid

[changeset-bot]

⚠️ No Changeset found

Latest commit: 41c3120

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[johnxie]

✅ Validated → fixed → merging

Claim	Verification
https://www.taskade.com/mcp is a live OAuth-protected hosted endpoint	✅ live probe: GET /mcp → 401 with WWW-Authenticate: Bearer realm="mcp", resource_metadata=… (RFC 9728); /.well-known/oauth-protected-resource → 200
Roadmap's mcp.taskade.com is the wrong canonical host	✅ that subdomain is dead; www.taskade.com/mcp is what's deployed — removing the stale roadmap line is correct (closes #6)
"point any MCP client at it"	⚠️ overpromise — fixed: OAuth dynamic client registration currently allowlists claude.ai + loopback redirect URIs only, so Cursor desktop (cursor://…) and VS Code (vscode.dev/redirect) are rejected at registration today. Reworded to "Claude (web, Desktop, mobile) and Claude Code today; more remote clients rolling out."

Also rebased onto current main (branch predated the README overhaul; now a clean 2-commit diff).

QA: markdown-only; note sits above Quick Start without disturbing the 7-step numbering. Confidence: high · zero regression. Merging.

Follow-up that makes "any client" true: widen isAllowedRedirectUri in the backend (spec already written — adds Cursor/VS Code/Windsurf redirect URIs).