Integrate governed local execution into WorkspaceOperation contract surface

[Copilot]

This PR adds a first-class contract for representing local agent-machine execution as Workspace Operation Plane state, with explicit delegation, policy gating, budget constraints, auditability, and redacted diagnostics. It encodes the required operation types, profiles, artifacts, and hard no-ambient-authority rule into schema-level validation.

• WorkspaceOperation/OperationTask contract integration

  • Added contracts/workspace-operation-contract.schema.json (WorkspaceOperationContract).
  • Models local execution as:
    • workspaceOperation (operation identity/type/command ref)
    • operationTask (task identity/state)

• Governance requirements encoded as contract constraints

  • Enforces all required operation types:
    • agent_machine.profile.create
    • agent_machine.execution.start
    • agent_machine.execution.cancel
    • agent_machine.tool_grant.apply
    • agent_machine.tool_grant.revoke
    • agent_machine.container.run
    • agent_machine.model_provider.bind
    • agent_machine.diagnostics.export_redacted
  • Enforces required profile set and inspectable separation across personal/corporate/multi-corporate and user-owned model boundaries.
  • Enforces required artifacts:
    • AgentMachineProfile
    • LocalAgentExecution
    • ToolGrantRecord
    • ContainerExecutionRecord
    • ModelProviderBinding
    • AgentMachineDiagnosticBundle

• Control-plane safety and audit semantics

  • Encodes delegated authority as mandatory (delegatedAuthorityRequired: true).
  • Requires policy gates for tool grants, model provider use, network profile, container execution, and artifact access.
  • Encodes full budget dimensions (model calls/tokens/connectors/CPU-GPU/disk/memory/runtime/concurrency).
  • Requires operation events covering start/progress/failure/retry/cancel/complete.
  • Enforces diagnostics redaction booleans to prevent credentials/tokens/local secrets/sensitive prompt leakage.
  • Encodes durable state rule (operation-contract-only) and ambientAuthority: false.
  • Requires auditable tool-grant apply/revoke command records.

• Validation wiring and fixture coverage

  • Added examples/workspace-operation-contract.local-execution.json as a canonical governed local execution fixture.
  • Updated src/agent_machine/contracts.py schema mapping to include WorkspaceOperationContract.

{
  "kind": "WorkspaceOperationContract",
  "workspaceOperation": {
    "operationType": "agent_machine.execution.start"
  },
  "controls": {
    "delegatedAuthorityRequired": true,
    "ambientAuthority": false,
    "durableWorkspaceState": {
      "mode": "operation-contract-only",
      "externalWrites": false
    }
  }
}

[mdheller]

Supersession note: this PR is not discarded. Its WorkspaceOperation contract payload has been replayed onto current main in #46.

#46 carries forward the intended content from this PR:

• .gitignore
• contracts/workspace-operation-contract.schema.json
• examples/workspace-operation-contract.local-execution.json
• src/agent_machine/contracts.py schema mapping for WorkspaceOperationContract

Reason for replacement: this PR reported mergeable: false; #46 was created from current main and preserves the contract payload without forcing a stale branch merge.

Do not close this PR until #46 lands, or until #46 is explicitly abandoned with another durable capture location.

[mdheller]

Closing after capture/replay.

Replacement PR #46 landed the intended WorkspaceOperation contract payload on current main.

Merged replacement commit: 114ab6dbb3f7850e7551bbdf507b8d1e8fa71208

Content carried forward:

• .gitignore
• contracts/workspace-operation-contract.schema.json
• examples/workspace-operation-contract.local-execution.json
• src/agent_machine/contracts.py schema mapping for WorkspaceOperationContract

Content intentionally omitted: none. The reason for replacement was branch mergeability/staleness, not content rejection.