feat(sec-core): add runtime activation resolver

[1570005763]

Description

Add the Skill Ledger runtime activation resolver as a staged foundation for the next daemon-mode implementation.

This PR introduces the core resolver that evaluates local Skill Ledger version history and writes a minimal runtime activation record to .skill-meta/activation.json:

{
  "schemaVersion": 1,
  "target": ".skill-meta/versions/v000002.snapshot"
}

If there is no trusted runtime snapshot, target is written as null. The same activation contract is also written best-effort to the skill directory xattr user.agent_sec.skill_ledger.activation when the platform/filesystem supports xattrs.

Key behavior:

• check is now read-only: it reports none for unscanned skills and does not create baseline manifests or snapshots.
• scan, certify, and init baseline remain responsible for creating signed versions and snapshots.
• The internal resolver activates only signed, manifest-hash-valid, scanStatus=pass versions with intact snapshots.
• Drifted, warn, deny, tampered, or unscanned source workspaces are not activated directly; activation falls back to the latest trusted pass snapshot or target: null.
• Runtime snapshot verification rejects symlinks, special files, and forbidden metadata paths.
• audit --verify-snapshots uses the same stricter snapshot verification semantics.
• Activation xattr writes are best-effort: xattr failure or unsupported platforms do not break .skill-meta/activation.json writes.
• No public or hidden resolve CLI is exposed in this PR. The next stage is daemon mode, which will call the internal resolver directly when it decides to refresh activation.
• README, design docs, user guide, integration tests, and e2e coverage are updated for the new staged activation workflow.

Related Issue

no-issue: staged Skill Ledger daemon groundwork does not have a public tracking issue yet.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• ckpt (ws-ckpt)
• memory (agent-memory)
• anolisa (anolisa-cli)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): make python-code-pretty, git diff --check, and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Ran under src/agent-sec-core:

make python-code-pretty
git diff --check
PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 agent-sec-cli/.venv/bin/pytest -q -p pytest_cov.plugin -p no:cacheprovider tests/unit-test/skill_ledger tests/integration-test/skill-ledger/test_skill_ledger_integration.py
PATH="$PWD/agent-sec-cli/.venv/bin:$PATH" PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 agent-sec-cli/.venv/bin/pytest -q -p pytest_cov.plugin -p no:cacheprovider tests/e2e/skill-ledger/e2e_test.py

Results:

• make python-code-pretty: pass, no further formatting changes
• git diff --check: pass
• Skill Ledger unit + integration: 197 passed, 2 subtests passed
• Skill Ledger e2e: 1 passed

Additional Notes

• activation.json intentionally remains minimal: only schemaVersion and target are part of the staged runtime record.
• The activation xattr uses the same minimal JSON payload and is a parallel optimization path for SkillFS.
• SkillFS integration is out of scope for this PR. The next planned step is Skill Ledger daemon mode, which will decide when to check/scan/resolve and reconcile missed changes.