v0.11.0 — worker-based execution engine

The QuickJS sandbox is gone 🎉

Agent code now runs in a node:worker_threads worker: a full native JS runtime (Buffer, crypto, real performance) behind the same ExecutionEngine API and the same injected surface (action proxies, actions.list/find/describe/check, MiniSearch-powered discovery).

Why: multi-step action chains moving large base64 payloads (file → Drive → Gmail attachment → Sheets) aborted the entire process with a QuickJS GC assertion (#181) — after side effects had already committed, leaving agents unable to tell what landed. The sandbox was never a security boundary, only an ergonomic coding surface — so the wasm VM was pure overhead with a crash class attached.

What you get:

• Multi-MB payloads flow through multi-step chains in a single execute_actions call — no more splitting into 1–2 ops and reconciling after crashes
• Timeouts interrupt even while(true){} via worker.terminate()
• Memory limits fail soft (resourceLimits on node, RSS watchdog on bun) with a clean Memory limit exceeded error
• process.exit, OOM, and non-serializable action results all surface as catchable errors; a dead worker never poisons the engine
• quickjs-emscripten dependency removed

Merged: #32