test: zero test coverage across all packages — critical gap for a governance runtime

[jpleva91]

Missing Tests: Zero Coverage Across All Packages

Description

Running go test ./... reports [no test files] for every package. A governance and security runtime with no tests is a significant reliability and safety risk.

Affected packages (all of them)

• internal/governance — policy evaluation engine (core safety logic)
• internal/intent — format-agnostic intent parser (parsing bugs = governance bypass)
• internal/normalizer — action classification and fingerprinting
• internal/correction — escalation and retry logic
• internal/agent — main execution loop
• internal/scheduler — agent scheduling and concurrency
• internal/tools — tool dispatch (file read/write, shell execution)

Highest-priority tests needed

1. internal/governance: Ensure deny policies block in enforce mode; monitor mode allows through; file-write-constraints path matching works correctly.
2. internal/intent: Parser handles JSON blocks, XML tags, bare JSON, OpenAI function_call; unknown formats return nil. A parsing regression = governance bypass.
3. internal/normalizer: classifyShellRisk correctly identifies destructive vs read-only.
4. internal/correction: Lockdown triggers at 10 denials; escalation levels correct.

Why this matters

ShellForge's security model depends on the intent parser and governance engine working correctly. A governance bug returning Allowed: true for a deny policy in enforce mode silently bypasses all protection.