The PolicyEngine is now in the path for every gated handler. requireAction is the new typed-action gate; the legacy requirePermission(scope) is kept as a thin shim that resolves to the canonical typed action and calls requireAction internally. Adds: - extension/src/agents/handlers/helpers.ts (rewrite): * requireAction(ctx, sender, action, options) — calls engine.evaluate, returns true on allow, sends a structured error and returns false on deny, falls back to the existing showPermissionPrompt flow on ask/preview. Carries resource (server/tool/host/path), inputLabels, tokenId, and mode through to the engine. * sendDeny() emits the engine's tier, source, rule, and errorCode in the response details — handlers that catch these can surface richer information to users. * primaryLegacyScope(action) maps a typed action back to its canonical legacy scope for the prompt fallback. * requirePermission(scope) is preserved as a shim that resolves the colon-form scope to a primary typed action and delegates.…