feat: implement PLAN_NEXT wave 2 agent detection/correlation/policy

[RyshMan]

Problem

Wave 2 work from product/PLAN_NEXT.md needed implementation for:

• top-5 deterministic agent framework detectors
• agent relationship + deployment correlation in aggregation
• additive agent-centric privilege map/schema context
• deterministic WRKR-A001..A010 policy checks in existing policy framework

Changes

• Added framework detector scaffold and detectors:
  • agentlangchain, agentcrewai, agentopenai, agentautogen, agentllamaindex
• Registered new detectors in defaults registry with deterministic coverage tests.
• Added aggregation packages:
  • core/aggregate/agentresolver
  • core/aggregate/agentdeploy
• Integrated resolver/deployment outputs into scan orchestration and inventory build.
• Extended inventory agent and agent_privilege_map entries additively with bindings/deployment/approval context.
• Updated inventory v1 schema additively for new optional fields.
• Reworked builtin policy pack to include WRKR-A001..A010 and implemented deterministic evaluator logic + tests.
• Added/updated tests across detect/aggregate/cli/policy/profileeval contracts.

Validation

• make prepush-full
• go run ./cmd/wrkr scan --path scenarios/wrkr/scan-mixed-org/repos --json --quiet
• go test ./core/detect/... -count=1
• go test ./core/aggregate/... ./core/detect/compiledaction ./core/cli -count=1
• go test ./core/policy/... -count=1
• make test-contracts
• make test-scenarios
• make test-hardening
• make test-chaos

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 261abf233b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Join agent context using the instance-based agent ID

Build looks up agent context with agentContextByID[tool.AgentID], but tool.AgentID is derived from identity.AgentID(toolID, org) while agent records are keyed by identity.AgentID(instanceID, org) in inventory construction (core/aggregate/inventory/inventory.go uses toolID at lines 218-223 and instanceID at lines 242-254). For framework findings that include a symbol/range, these IDs diverge, so bound/deployment context is dropped from agent_privilege_map even when inventory.agents has it.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Keep WRKR-002 secret checks active when agent findings exist

This branch only falls back to block_secret_presence when there are zero agent findings, so as soon as any agent is detected, WRKR-A002 stops evaluating secret_presence entirely and only checks human-gate behavior. Because rule IDs are canonicalized to the WRKR-### family in core/policy/loader.go (lines 84-89), this effectively changes WRKR-002 behavior in mixed repos and can let leaked-secret findings pass unnoticed.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Provide a satisfiable source for deployment_gate checks

The rule requires deployment_gate evidence for every auto_deploy=true agent, but this commit introduces no detector/emitter path for that key (repo search shows deployment_gate only in this evaluator and its test). In practice, auto-deploy agents will always violate WRKR-A009 regardless of configuration, creating unavoidable policy failures and noisy results.

Useful? React with 👍 / 👎.