feat(agentci): Clotho orchestrator and security hardening
Adds the Clotho dual-run verification system and hardens the entire
agent dispatch pipeline against command injection, token exposure,
and SSH MitM attacks. Breaks the agentci→handlers circular dependency.
Security:
- SanitizePath (regex whitelist + filepath.Base) for all dispatch inputs
- EscapeShellArg for shell argument safety
- SecureSSHCommand (StrictHostKeyChecking=yes, BatchMode=yes)
- ForgeToken removed from ticket JSON, transferred via .env with 0600
- ssh-keyscan on agent add populates known_hosts before first connection
Clotho:
- Spinner orchestrator determines Standard vs Dual execution mode
- Config-driven via ClothoConfig (strategy, validation_threshold)
- Agent runner supports claude/codex/gemini backends with dual-run
- Divergence detection compares thread outputs via git diff
API:
- LoadActiveAgents() returns map[string]AgentConfig (no handlers import)
- LoadClothoConfig() reads clotho section from config
- Forge helpers: AssignIssue, EnsureLabel, AddIssueLabels
32 tests pass (19 agentci + 13 dispatch).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
d92762ecdc