AgentGuard PR Review

1. medium — src/config.ts:104-114 (disconnectCloud)
   rmSync(current.eventSpoolPath, { force: true }) and rmSync(current.policyCachePath, { force: true }) delete paths derived from config without any validation. If the config file is tampered with, these fields could point outside the AgentGuard data directory and cause unintended file deletion.
   Fix: Validate that both paths resolve under AGENTGUARD_HOME/the expected AgentGuard root before deleting, and refuse to delete otherwise.

2. medium — src/config.ts:104-114 and src/cli.ts:94-104
   The new disconnect command only removes apiKey and connectedAt, but leaves other Cloud-related state intact. If saveConfig preserves a stale cloudUrl and related connection metadata is still used elsewhere, the CLI can report a disconnected state while parts of the runtime still behave as if Cloud is configured.
   Fix: Audit all Cloud-dependent fields and ensure disconnect clears or invalidates every field that can trigger Cloud communication, or explicitly document and enforce that only the URL remains and cannot be used for reconnect/telemetry without a key.

3. low — src/tests/runtime-cloud.test.ts:60-96
   The new test writes a fake auditPath file and asserts it survives disconnect, but disconnectCloud() never touches audit files. This test does not verify the actual security-sensitive behavior introduced by the patch and could miss regressions in the cleanup logic.
   Fix: Add assertions for the config file contents after disconnect and for path containment/validation behavior on spool and policy cache paths.