runtime: harden stdin validation and JSON parsing

[Conalh]

Base SHA: 15b5dc3a22c190d1eb18e25ce41de320d12a3b62
Candidate SHA: 670be6a641306eabefac7ecc5081921b19de2e49

Summary

• Normalize backslashes in action path values before path predicates run, so Windows-style paths are evaluated with the same segment semantics as slash paths.
• Reject invalid JSON inputs with unescaped control characters in strings or leading-zero integers.
• Validate policies before entering long-lived --stdin mode, keeping stdout reserved for verdict JSONL and reporting policy lint/self-test failures on stderr.
• Add integration and parser tests for the new behavior, including a portable stdin helper that tolerates Unix BrokenPipe when validation exits before reading input.
• Update README notes for Rust 2024/path normalization.

Validation

• cargo test --test integration stdin_rejects_failed_policy_self_tests_before_streaming_verdicts --locked: passed after fixing the Linux CI BrokenPipe repro
• cargo fmt --all -- --check: passed
• git diff --check: passed
• cargo clippy --all-targets --locked -- -D warnings: passed
• cargo test --all --locked: passed (78 library tests, 25 integration tests, 3 parser robustness tests, 1 doctest)
• cargo build --release --locked: passed
• Post-amend cargo build --locked: passed

Barbican compatibility

Frozen dependency revisions tested:

• Warden base SHA: 15b5dc3a22c190d1eb18e25ce41de320d12a3b62
• Warden candidate SHA: 670be6a641306eabefac7ecc5081921b19de2e49
• Barbican SHA: 73acbe17b9d47b5b195d17c9629a5b7675886168
• agent-gov-core SHA: 89409673b1943460f3262011418d085844de697e
• CapabilityEcho SHA: d7b60697df3f1c37319e636268a46355b6bbd607
• Node: v24.15.0
• npm: 11.13.0
• rustc: rustc 1.95.0 (59807616e 2026-04-14)
• cargo: cargo 1.95.0 (f2d3ce0bd 2026-03-21)

Build order used for the frozen Barbican workspace:

• base Warden: cargo build --locked passed
• candidate Warden: cargo build --locked passed
• agent-gov-core: npm ci passed; npm run build passed
• CapabilityEcho: npm ci passed; npm run build passed
• barbican: npm ci passed; npm run build passed

Baseline Barbican verification:

• Command: BARBICAN_WARDEN=<base-warden.exe> npm run verify
• Result: passed, exit 0
• Test totals: 34 tests, 34 pass, 0 fail, 0 skipped
• Evidence demo: passed
• Denied calls: confirmed not to reach downstream server
• Allowed call: run_shell / git status reached downstream exactly once
• Downstream total: exactly one tools/call, the allowed git status call
• Report validation: canonical barbican and capability_echo reports validated against agent-gov-core

Candidate Barbican verification:

• Command: BARBICAN_WARDEN=<candidate-warden.exe> npm run verify
• Result: passed, exit 0
• Test totals: 34 tests, 34 pass, 0 fail, 0 skipped
• Evidence demo: passed
• Denied calls: confirmed not to reach downstream server
• Allowed call: run_shell / git status reached downstream exactly once
• Downstream total: exactly one tools/call, the allowed git status call
• Report validation: canonical barbican and capability_echo reports validated against agent-gov-core

No source or tracked files remain modified in the temporary barbican, agent-gov-core, or CapabilityEcho checkouts after the compatibility run.