feat(agent): add decision snapshot provenance

[bitloi]

Summary

• Closes feat(agent): add decision snapshot provenance fields #282
• Added typed agent context snapshot provenance with public-safe source, freshness, confidence, evidence-gap, warning, and source-upload metadata plus authenticated-only provenance fields.
• Persisted provenance on agent_context_snapshots through a nullable provenance_json column and exposed it in the AgentContextSnapshot OpenAPI schema.
• Populated provenance for decision-pack and local-branch snapshots, and limited public AI prompt serialization to provenance.publicSafe.

Scope

• This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
• This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
• I linked an issue, or this is small enough that the summary explains why an issue is not needed.

Validation

• git diff --check
• npm run actionlint
• npm run typecheck
• npm run test:coverage locally; global coverage stays at or above 97% for lines, statements, functions, and branches (aim for 98%+ branch coverage locally so CI variance does not fail near the threshold)
• npm run test:workers
• npm run build:mcp
• npm run test:mcp-pack
• npm run ui:openapi:check
• npm run ui:lint
• npm run ui:typecheck
• npm run ui:build
• npm audit --audit-level=moderate
• New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

• None. npm run test:ci passed locally and covers the required gate. A sandboxed npm run test:coverage attempt failed because local fixture servers cannot bind 127.0.0.1 in the sandbox; the unsandboxed required gate passed.

Safety

• No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
• Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
• Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests. N/A, this PR does not change auth, cookie, CORS, GitHub App, Cloudflare, or session behavior.
• API/OpenAPI/MCP behavior is updated and tested where needed. AgentContextSnapshot OpenAPI schema and the generated UI OpenAPI artifact were updated.
• UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks. N/A, this PR does not change visible UI behavior.
• Visible UI changes include screenshots or a short recording. N/A, this PR has no visible UI changes.
• Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs. N/A, no docs or changelog update is needed for this focused schema/API change.

Notes

• The root cause was that action-level evidence already existed, but persisted context snapshots had no explicit provenance/public-safety boundary, so public serialization could not distinguish public-safe provenance from authenticated metadata.
• Existing snapshots remain compatible because provenance_json is nullable and parsed as null when absent.
• This intentionally does not add replay endpoints, UI surfaces, counterfactuals, or action snapshot IDs; those belong to sibling snapshot issues.

[JSONbored]

@bitloi the provenance direction is useful, but the migration sequencing blocks this branch.

A few notes:

• Adding public-safe provenance plus authenticated-only fields is aligned with #282.
• The new migration reuses 0020, and other open PRs also introduce 0020 migrations.
• That cannot land safely because whichever PR merges first will make the others stale or ambiguous.

Required changes:

• Rebase onto current main and allocate the next available migration number.
• Confirm the generated OpenAPI artifact matches the final schema.
• Recheck that public serialization only includes public-safe provenance.

Validation expected:

• Rerun migration-related tests, agent-orchestrator/provenance tests, npm run ui:openapi:check, and npm run typecheck.