The watchdog is the engine's Tier 4 resolver. It subscribes to the audit log, watches the rolling stream of decisions for each origin, and escalates from normal → flagged → restricted → quarantined when behavior crosses configurable thresholds. Within a session the ratchet is one-way: the watchdog never relaxes. Adds: - extension/src/policy/watchdog.ts: * DEFAULT_THRESHOLDS: 1-minute window, 20 tool calls flag, 60 tool calls restrict, 5 cross-origin egresses restrict, 3 distinct sensitive labels restrict, 3 label-flow blocks quarantine, 5 consecutive denies quarantine. * observe(record) updates rolling counters from an audit record. An `allow` resets the consecutive-denies counter. * resolve() is the engine's Tier 4 resolver: it returns the origin's current status. Quarantined origins are denied at Tier 4 with ERR_QUARANTINED. Restricted origins force ask on what would otherwise allow. * quarantine(origin, reason) and reset(origin) are the manual controls the sidebar exposes.…