Add AST-based security middleware and enforcement wiring

src/agents/manifest.ts

@@ -1,10 +1,11 @@
 import { isRecord } from "./types.js";
 import { isDomainEventType, type DomainEventType } from "./domain-events.js";
+import {
+  parseToolClearancePolicy,
+  type ToolClearancePolicy as SecurityToolClearancePolicy,
+} from "../security/schemas.js";
 
-export type ToolClearancePolicy = {
-  allowlist: string[];
-  banlist: string[];
-};
+export type ToolClearancePolicy = SecurityToolClearancePolicy;
 
 export type ManifestPersona = {
   id: string;
@@ -139,14 +140,12 @@ function readStringArray(record: Record<string, unknown>, key: string): string[]
 }
 
 function parseToolClearance(value: unknown): ToolClearancePolicy {
-  if (!isRecord(value)) {
-    throw new Error("Manifest persona toolClearance must be an object.");
+  try {
+    return parseToolClearancePolicy(value);
+  } catch (error) {
+    const detail = error instanceof Error ? error.message : String(error);
+    throw new Error(`Manifest persona toolClearance is invalid: ${detail}`);
   }
-
-  return {
-    allowlist: readStringArray(value, "allowlist"),
-    banlist: readStringArray(value, "banlist"),
-  };
 }
 
 function parsePersona(value: unknown): ManifestPersona {