docs: add canonical provider-matrix.md, drop redundant README copies

The detailed row-by-row capability matrix now lives in docs/provider-matrix.md
(searchable, screen-readable, diffable) instead of being restated three more ways
in the README's Provider support section.

- new docs/provider-matrix.md: the canonical what-maps-where reference, generated
  from capabilities.py, with the audit-vs-deploy distinction and per-cell notes
- README: remove the providers.png embed (its 'catch' cells were a hand-made,
  un-diffable fourth copy of the same capability truth)
- README: trim the Google live-preview blockquote to the parity WARNING + a link
  to the matrix (the enumerated maps/doesn't-map list now lives in the matrix)
- README: list provider-matrix.md in the Documentation index

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Author: phuryn

README.md

@@ -198,15 +198,13 @@ A subagent roster is a **universal** capability, not a per-provider lottery: `na
 
 ### Provider support
 
-![The provider map: one neutral folder, three runtimes. Anthropic Managed Agents (deploy live + export anthropic-yaml; all six dimensions exercised server-side), Google Vertex AI Agent Engine (deploy preview, live-verified; compiles prompts + subagents + skills + URL MCP to a real reasoningEngine, all six exercised server-side), OpenAI Agents SDK (export + self-host; subagents as agent-as-tool).](providers.png)
-
 | Runtime | How agentlift targets it | Notes |
 |---|---|---|
 | **Anthropic Managed Agents** | `deploy` (live) + `export anthropic-yaml` | reference target; the folder maps 1:1. `export` emits the YAML the official `ant` CLI consumes — `ant` is one of agentlift's *outputs*, not a competitor. |
 | **Google Vertex AI Agent Engine** | `deploy --target google` (live, preview) + `export google-adk` | Live `reasoningEngine` with confirmed server-side coordinator→subagent delegation. The deploy now also maps **skills** (SKILL.md bundles ship inside the engine's source package, loaded via ADK `load_skill_from_dir`) and **URL MCP servers** (each an ADK `McpToolset` with a `tool_filter` allowlist; inline auth header values resolve from your local env into Agent Engine `env_vars`, never inlined into source). Idempotent create/update/skip via a spec hash. Remaining gaps: `:ask`/per-tool approval, the built-in tool sandbox (Python/JS only), and stdio MCP servers; Claude models map to Gemini. See [tested-platforms](docs/tested-platforms.md). |
 | **OpenAI** | `export openai-agents` (preview, self-host) | subagents emulated via agent-as-tool (the delegation loop runs in your app); no code-define + OpenAI-host path, so `export`, never `deploy`. |
 
-> **What "live, preview" means for Google — read this before assuming parity.** The deploy carries the agent's portable capabilities onto a hosted `reasoningEngine`: the coordinator + subagents delegate server-side, **skills** ride inside the source package (loaded via ADK `load_skill_from_dir`), and **URL MCP servers** are wired as ADK `McpToolset`s with a `tool_filter` allowlist (inline auth header values resolve from your local env into Agent Engine `env_vars` — the secret never lands in the generated source). Redeploys are idempotent: a spec hash drives create / update / skip. What's still **not** mapped: the built-in tool sandbox (Vertex's is Python/JS only — no bash/web/glob-grep), `:ask`/per-tool approval (not enforced on `VertexAiSessionService`), and stdio MCP servers (host them behind HTTPS first); Claude models map to Gemini. So Anthropic remains the fullest mapping (its sandbox + `:ask` + native Claude have no Vertex equivalent), but Google is no longer a prompt-only skeleton. OpenAI is export/self-host (no hosted engine at all).
+> **Google is live but preview — read this before assuming parity.** Anthropic is the fullest managed-agent target today. Google deploys real Vertex AI Agent Engine agents (server-side delegation, skills, and URL MCP with inline-auth-via-env-vars all map), but parity is not exact: the built-in tool sandbox, `:ask` enforcement, and stdio MCP are not equivalent, and Claude model names become Gemini defaults. OpenAI is export + self-host only (no hosted-deploy path at all). For the row-by-row breakdown, see the **[full provider capability matrix](docs/provider-matrix.md)**.
 
 #### Live coverage matrix — what actually ran, not what the docs claim
 
@@ -371,6 +369,7 @@ Everything is here or one click away:
 | Doc | What's in it |
 |---|---|
 | [docs/convention.md](docs/convention.md) | The `.managed-agents/` folder spec, frontmatter, skills, MCP, `:ask` permissions, native subagents |
+| [docs/provider-matrix.md](docs/provider-matrix.md) | Row-by-row capability matrix — what maps where across Anthropic / Google / OpenAI |
 | [docs/deploying.md](docs/deploying.md) | The three deploy paths, the lockfile / where IDs live, isolation, hooks |
 | [docs/how-it-works.md](docs/how-it-works.md) | `parse → plan → apply → run`, determinism, idempotency, the confirmed wire format |
 | [docs/anthropic-mapping.md](docs/anthropic-mapping.md) | Exact local → Managed Agents field mapping + API constraints |

docs/provider-matrix.md

@@ -0,0 +1,65 @@
+# Provider capability matrix
+
+One neutral `.managed-agents/` folder, three managed-agent runtimes. This is the
+row-by-row reference for **what maps where** — the detailed companion to the README's
+summary. It is generated from the same source of truth the tooling uses:
+[`src/agentlift/capabilities.py`](../src/agentlift/capabilities.py), which `agentlift
+audit` and `agentlift export` both read.
+
+**`audit` vs `deploy` — they answer different questions.** `audit` reports each
+*platform's* capability (what the runtime could do); `deploy` reports *agentlift's
+current implementation* (what the compiler ships today). They agree on almost everything;
+where they differ it's called out below (built-in tools and `:ask` on Google: `audit`
+rates the platform `degraded`/`unsupported`, and `deploy` correspondingly skips/refuses).
+
+**Legend:** ✅ native / maps 1:1 · 🟡 live, preview · 🔁 translated to a different shape
+(export, or model remap) · 🚧 not mapped / not enforced yet (surfaced as a diagnostic,
+never a silent drop) · ❌ refused / not applicable.
+
+| Capability | Anthropic Managed Agents | Google (`--target google`) | OpenAI |
+|---|---|---|---|
+| **Handoff** | ✅ `deploy` (live, full) | 🟡 `deploy` (live, preview) | 🔁 `export` + self-host |
+| **Agents** | ✅ live, per-agent IDs | ✅ live (one `reasoningEngine`) | 🔁 export |
+| **Subagents** | ✅ native, server-side coordinator | ✅ server-side delegation (ADK `sub_agents`, one engine) | 🔁 `as_tool`, loop runs in your app |
+| **Shared skill** | ✅ uploaded once, shared by id | ✅ embedded in source pkg, ADK `load_skill_from_dir` | 🔁 Skills-API scaffold (self-host) |
+| **Private skill** | ✅ | ✅ | 🔁 scaffold |
+| **Shared MCP (URL)** | ✅ mapped | ✅ `McpToolset` + `tool_filter` | 🔁 `HostedMCPTool` scaffold |
+| **Private MCP (URL)** | ✅ | ✅ | 🔁 scaffold |
+| **MCP inline auth** | 🚧 dropped (diagnostic) | ✅ resolved to Agent Engine `env_vars` (never inlined) | 🚧 scaffold |
+| **stdio MCP** | ❌ refused (host behind HTTPS) | ❌ refused (host behind HTTPS) | ❌ n/a |
+| **Built-in tools** | ✅ mapped (`read/glob/grep/bash/edit/write/web_*`) | 🚧 skipped — Vertex sandbox is Python/JS only | 🔁 self-host runner |
+| **`:ask` per-tool** | ✅ permission policy | 🚧 not enforced on `VertexAiSessionService` | 🔁 client-side (your runner) |
+| **Idempotency** | ✅ lockfile + content hashes | ✅ `.agentlift-google.json` spec hash → create / update / skip | ❌ n/a |
+| **Model** | ✅ Claude (native) | 🔁 Gemini (`gemini-2.5-flash`, override with `--google-model`) | 🔁 `gpt-*` |
+
+## How to read the non-obvious cells
+
+- **MCP inline auth.** Anthropic's managed URL-MCP shape carries no credentials, so an
+  inline auth header is **dropped with a warning** — the server must be public or
+  self-authenticating. Google **does** carry it: the header *value* resolves from the
+  deployer's local environment at deploy time into an Agent Engine `env_var`; only the
+  env-var *name* is ever written into the plan, source, or lockfile.
+- **stdio MCP.** A hosted engine can't spawn a local subprocess, so a `command:`/`npx`
+  server is refused on both deploy targets. Host it behind an HTTPS URL first.
+- **Built-in tools (Google).** Agent Engine's hosted sandbox is Python/JS only — no
+  shell, no network fetch, no glob/grep over a workspace (there is no workspace). Supply
+  equivalents via an MCP server. The agent deploys without the built-ins, with a warning.
+- **`:ask` (Google).** ADK tool-confirmation is not enforced under the Agent Engine
+  session service today, so a `:ask`-gated tool stays available without a gate. Keep
+  `:ask` agents on the Anthropic target where the gate is real.
+- **Subagents (per-agent IDs).** Anthropic gives each agent its own addressable id;
+  Google deploys the whole roster as **one** `reasoningEngine` with server-side
+  delegation, so the roster is not individually addressable (the A2A protocol across
+  separate deployments would be the path to per-agent ids).
+- **OpenAI.** There is no code-define + OpenAI-host path, so OpenAI is an `export` target,
+  never a `deploy` target. Agents + subagents are real (`as_tool` composition,
+  trace-verified); skills and MCP compile to guided self-host scaffolding.
+
+## What's been exercised live
+
+This matrix is the *capability* reference — what the compiler maps. For *receipt
+evidence* of what actually ran on a deployed engine (all six portability dimensions, both
+Anthropic and Google, classified by objective runtime events), see
+[`tested-platforms.md`](tested-platforms.md). For the honest constraints and non-goals,
+see [`limitations.md`](limitations.md). The exact Anthropic field-level mapping is in
+[`anthropic-mapping.md`](anthropic-mapping.md).