Commits on May 7, 2026 permissions: PolicyEngine — the chokepoint that walks the 9-tier ladder Every gated API call now has a single decision function: evaluate(req). The engine walks the ladder described in docs/PERMISSIONS.md and returns a PolicyDecision with the final effect, the tier that produced it, the source family, the matching rule (if any), the labels to attach to the output, and a tier-by-tier trace for the activity feed and "Why?" UI. Adds: - extension/src/policy/engine.ts: * Tier 0 Ambient: unknown actions deny with ERR_UNKNOWN_ACTION; metadata reads pass through. * Tier 1 Managed deny: org policy denies cannot be overridden. * Tier 2 Sensitivity gate: classifies (domain + tool manifest) and computes labels; forces a minimum effect (preview) for destructive writes and writes from untrusted manifests.…