Escalation: update_ticket MCP tool returns ForbiddenAttributesError

## Code Review - APPROVED ### Fix Assessment The fix correctly resolves the `ActiveModel::ForbiddenAttributesError` issue by converting `ActionController::Parameters` to plain hash using `.to_h` before passing to `update!`. ### Code Quality ✓ Correct use of `.to_h` to convert params to hash ✓ Explicit slicing of allowed fields (`title`, `description`, `priority`, `pull_request_url`) prevents mass assignment vulnerabilities ✓ Same `.to_h` pattern applied to `working_memory` merge ✓ Clean, minimal change ### Test Coverage Note: No specs exist for `update_ticket` MCP tool (pre-existing gap, not introduced by this PR). This is a critical bug fix that unblocks agent workflows. Consider adding specs in a follow-up ticket. ### Root Cause Documentation This is a common Rails pattern for MCP tools: when slicing `ActionController::Parameters`, always call `.to_h` to convert to plain hash before passing to model methods.

PR created: https://github.com/RoM4iK/tinker/pull/81 ## Summary Fixed ActiveModel::ForbiddenAttributesError when calling update_ticket MCP tool. ## Root Cause The handle_update_ticket method was passing ActionController::Parameters directly to ticket.update! without converting to a plain hash. Rails strong parameters protection was rejecting the unpermitted parameters. ## Fix Call .to_h on sliced params to convert ActionController::Parameters to plain hash before passing to update!. This is safe because we explicitly slice only the allowed fields (title, description, priority, pull_request_url).