refactor: Modularize server into separate concerns

Split monolithic index.ts (~1400 lines) into modular structure:
- config.ts: Server configuration and constants
- db/: Database initialization, migrations, and seeds
- routes/: API handlers by domain (themes, canvas, components, etc.)
- services/: Terminal WebSocket server
- utils/: CORS helpers

Entry point now only coordinates initialization.

server/routes/webmcp.ts

@@ -0,0 +1,42 @@
+import { jsonResponse, errorResponse } from '../utils/cors'
+
+// WebMCP token storage (in-memory)
+let pendingWebMCPToken: { token: string; createdAt: Date } | null = null
+
+export async function handleWebMCPToken(req: Request) {
+  if (req.method === 'GET') {
+    if (pendingWebMCPToken) {
+      // Check if token is not expired (5 minutes)
+      const age = Date.now() - pendingWebMCPToken.createdAt.getTime()
+      if (age < 5 * 60 * 1000) {
+        return jsonResponse({
+          token: pendingWebMCPToken.token,
+          createdAt: pendingWebMCPToken.createdAt.toISOString()
+        })
+      }
+      // Token expired
+      pendingWebMCPToken = null
+    }
+    return jsonResponse({ token: null })
+  }
+
+  if (req.method === 'POST') {
+    const body = await req.json()
+    if (body.token) {
+      pendingWebMCPToken = {
+        token: body.token,
+        createdAt: new Date()
+      }
+      console.log('[WebMCP] Token received and stored')
+      return jsonResponse({ success: true })
+    }
+    return errorResponse('Token required', 400)
+  }
+
+  if (req.method === 'DELETE') {
+    pendingWebMCPToken = null
+    return jsonResponse({ success: true })
+  }
+
+  return null
+}