fix: update Rommie MCP URL and allowed hosts for improved access and security

docs/rommie.md

@@ -59,8 +59,11 @@ Read-only tools (`get_screenshot`, `get_agent_status`) remain available while a
 ## Architecture
 
 ```
-External Agent (e.g., Claude / MCP Switchboard)
-        │  MCP Protocol (Streamable HTTP)
+External Agent (e.g., Claude Desktop / MCP Switchboard)
+        │  MCP Protocol (Streamable HTTP, TLS)
+        │  https://rommie.ouranos.helu.ca/mcp
+        ▼
+  Titania HAProxy (TLS termination, wildcard cert)
         │  http://caliban.incus:22031/mcp
         ▼
   Rommie MCP Server
@@ -98,10 +101,12 @@ All host-specific variables are set in `ansible/inventory/host_vars/caliban.incu
 The MCP URL for Rommie is registered in `group_vars/all/vars.yml`:
 
 ```yaml
-rommie_mcp_url: http://caliban.incus:22031/mcp
+rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
 ```
 
-Consumers (e.g., MCP Switchboard, Open WebUI) reference `{{ rommie_mcp_url }}`.
+Consumers (e.g., MCP Switchboard, Open WebUI, Claude Desktop) reference `{{ rommie_mcp_url }}`.
+
+The route is served via Titania's HAProxy using the existing `*.ouranos.helu.ca` Let's Encrypt wildcard certificate. No additional certificate provisioning is required.
 
 ## Service Management