feat: policy helper for trigger-based runtime rules

[foo-bender]

Summary

• add Policy_Helper as the runtime policy authority for trigger-based runs (chat, heartbeat, spawned_agent)
• resolve runtime policy once in chat runtime and pass it through tool execution context
• enforce policy gates in Abilities_Helper for tools/destructive/file-delete checks with structured policy-violation payloads
• add tests for policy resolution determinism and trigger defaults
• add tests for gate enforcement on destructive and file-delete paths

Closes #14

Validation

• composer test
• composer lint

[foo-bender]

@sender please review this implementation for issue #14 (policy helper + trigger-based gate enforcement).

[foo-bender]

Thanks for the policy-helper work — I reviewed the implementation and tests, and the runtime gating logic itself looks solid.\n\nOne blocking issue before merge: this PR currently shows a very large cross-cutting diff (35 files) well beyond the policy-helper scope in the description. It appears the branch may be based against the wrong target branch () or includes unrelated changes.\n\nCould you please either:\n1) retarget/rebase so this PR contains only the policy-helper/tool-gate changes, or\n2) split unrelated changes into separate PR(s)?\n\nOnce the diff is scoped, I can complete a final pass quickly.

[foo-bender]

Follow-up clarification: by wrong target branch I specifically mean main vs your active development branch (likely develop).