cat1: mixed-server (2.7) + whoami per-user execution proof (2.4) PASS via tunnel-registered ref server

LIVE-POC.md

@@ -47,7 +47,10 @@ Self-hosted on `backstage-wus2-v4` via Flux; vendor Helm chart **1.8.8**
 - **Baseline gateway:** `zeb-gateway-test` — auth mode **Arcade Headers** (API key + `Arcade-User-ID`);
   7 main-catalog tools (Slack ×2, GoogleDocs ×4, Brightdata ×1). See `config/targets.yaml`.
   Confirmed live 2026-06-18: tool list is gateway-wide (same for all `Arcade-User-ID`s).
-- **Shared reference server:** _name + tools echo/whoami/add (Task 1.4)_
+- **Shared reference server:** `arcade-eval-ref` (dashboard id `military-healthy-posted-rats`), toolkit
+  `ArcadeEvalRef`, tools Echo/Add/Whoami — self-hosted at `lib/mcp_server`, registered via a Cloudflare
+  **quick** tunnel (ephemeral URL in `results/tunnel_url.txt`; re-register on restart). whoami exec-proof
+  verified (A→user-a, B→user-b).
 - **`whoami` identity field:** server reads `context.user_id` (arcade_mcp_server `Context`), populated by the Engine from the calling user (`Arcade-User-ID` / auth `sub`).
 
 ## Known behaviors (findings)