Commits on May 7, 2026 permissions: origin-grants resolver wires legacy storage into engine Tier 8 of the engine consults a per-origin "Allow always / once / deny" store. This commit lands the read path for that store in typed-action form and wires it into the engine via setOriginGrantResolver. Adds: - extension/src/policy/origin-grants.ts: * lookupOriginGrant() takes a typed action and translates to one or more legacy scope strings, then reads the same `harbor_origin_permissions` storage key the legacy permissions.ts uses. If any mapped scope is granted, the typed action is granted; if any is explicitly denied (and none granted), the action is denied. * tool.call additionally requires the specific tool name to be in the origin's `allowedTools` allowlist — this preserves the legacy semantic that origin-level "Allow tool calls" doesn't mean "any tool". * Origin-grant writes still go through permissions.ts; this module is read-only by design.…