chore(mcp): remove docs refs to vendored adapters; add example adapter scaffold and tests

.env.example

@@ -17,21 +17,15 @@ PENTESTAGENT_DEBUG=true
 #   vendored MCP servers and helper daemons. Set to `true` to enable auto-start.
 # - Defaults are `false` to avoid automatically running networked services.
 
-# Vendored HexStrike MCP adapter (legacy name support: LAUNCH_HEXSTRIKE)
-LAUNCH_HEXTRIKE=false
-#LAUNCH_HEXSTRIKE=false    # alternate spelling (kept for compatibility)
-
-# Metasploit MCP (MetasploitMCP)
-# When `LAUNCH_METASPLOIT_MCP=true` the setup script may attempt to start
-# `msfrpcd` (Metasploit RPC daemon) and then start the vendored MetasploitMCP
-# HTTP/SSE server. Provide `MSF_PASSWORD` if you want the setup script to
-# auto-launch `msfrpcd` (it will never invoke sudo).
-LAUNCH_METASPLOIT_MCP=false
-
-# When set to `true`, the subtree helper scripts (e.g. scripts/add_metasploit_subtree.sh)
-# will force a pull/update of vendored subtrees. Useful when you want to refresh
-# the third_party trees during setup. Set to `true` to enable.
-FORCE_SUBTREE_PULL=true
+# MCP adapters and vendored integrations
+# The project no longer vendors external MCP adapters such as HexStrike
+# or MetasploitMCP. Operators who need external adapters should install
+# and run them manually (for example under `third_party/`) and then
+# configure `mcp_servers.json` to reference the adapter.
+#
+# A minimal example adapter scaffold is provided at
+# `pentestagent/mcp/example_adapter.py` to help implement adapters that
+# match the expected adapter interface.
 
 # Metasploit RPC (msfrpcd) connection settings
 # - `MSF_USER`/`MSF_PASSWORD`: msfrpcd credentials (keep password secret)