manager: start/restart at will, no approval; refuse self

new manager tools mcp__hyperhive__{start,restart} that delegate to the
existing lifecycle::start / lifecycle::restart on the host. kill was
already at the manager's discretion; rounding out start + restart for
parity so day-to-day container care doesn't have to round-trip through
the operator.

guard: refuse self-targeting on kill/start/restart — the manager would
just be cutting its own legs. spawn (request_spawn) and config changes
(request_apply_commit) still go through the approval queue, since those
are the actual gate. prompt + claude.md updated to make the boundary
explicit. kill now also emits HelperEvent::Killed (it didn't before).

hive-ag3nt/src/bin/hive-m1nd.rs

@@ -41,6 +41,10 @@ enum Cmd {
     RequestSpawn { name: String },
     /// Kill a sub-agent.
     Kill { name: String },
+    /// Start a stopped sub-agent.
+    Start { name: String },
+    /// Restart a sub-agent (stop + start).
+    Restart { name: String },
     /// Submit a config commit on the agent's config repo for user approval.
     RequestApplyCommit { agent: String, commit_ref: String },
     /// Run the manager MCP server on stdio. Spawned by claude via
@@ -103,6 +107,8 @@ async fn main() -> Result<()> {
             one_shot(&cli.socket, ManagerRequest::RequestSpawn { name }).await
         }
         Cmd::Kill { name } => one_shot(&cli.socket, ManagerRequest::Kill { name }).await,
+        Cmd::Start { name } => one_shot(&cli.socket, ManagerRequest::Start { name }).await,
+        Cmd::Restart { name } => one_shot(&cli.socket, ManagerRequest::Restart { name }).await,
         Cmd::RequestApplyCommit { agent, commit_ref } => {
             one_shot(
                 &cli.socket,