feat(sec-core): add security middleware framework with unified CLI entry point

[RemindD]

Description

Introduce a layered security middleware architecture that routes all agent-sec-core operations through a unified agent-sec-cli.py entry point, ensuring every security action is logged as a structured JSONL event.

Key additions:

security_events: structured JSONL event logging with auto-rotation, thread-safe writes, and configurable log paths
security_middleware: pluggable backend framework with request context, lifecycle hooks (pre/post/error), and lazy-loaded action→backend router
agent-sec-cli.py: single CLI entry point for harden, verify, and summary commands — direct loongshield seharden calls are now prohibited
sandbox-guard.py: integrated middleware prehook logging for block and sandbox decisions (fail-safe, never affects hook behavior)
Backends:

hardening: wraps loongshield seharden with ANSI stripping and structured summary parsing
asset_verify: wraps verifier.py for single-skill and full-scan modes
sandbox: captures prehook decisions (allow/block/sandbox)
summary: aggregates events with time-window filtering and dedup
intent: stub for future intent classification
Includes comprehensive unit tests for all new modules and updated skill documentation to enforce routing through agent-sec-cli.py.

Original PR: #121

Related Issue

closes #108

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

python unit tests added and passed. Manually ran sec-core and found below records in the log file:

{"event_id": "c7dc49a7-3dba-4cd9-8350-9a27f48dbea2", "event_type": "sandbox_prehook", "category": "sandbox", "timestamp": "2026-04-07T03:06:15.543623+00:00", "trace_id": "2d9f2bc3-8069-4de9-a033-a7e2984abc20", "pid": 218434, "uid": 0, "session_id": null, "details": {"request": {"decision": "sandbox", "command": "rm -rf /root/working/anolisa/a.txt", "reasons": "递归/强制删除", "network_policy": "restricted", "cwd": "/root/working/anolisa"}, "result": {"decision": "sandbox", "command": "rm -rf /root/working/anolisa/a.txt", "reasons": "递归/强制删除", "network_policy": "restricted", "cwd": "/root/working/anolisa"}}}

{"event_id": "2452dc63-6e7f-4a64-8999-88d5b360edc6", "event_type": "verify", "category": "asset_verify", "timestamp": "2026-04-07T02:07:59.634517+00:00", "trace_id": "4ec0bac1-38ee-4632-b863-665b3552a9c9", "pid": 205806, "uid": 0, "session_id": null, "details": {"request": {"skill": null}, "result": {"passed": 0, "failed": 0}}}

{"event_id": "6fe3b1ef-b6fd-454a-b915-bccf243c0e0f", "event_type": "harden", "category": "hardening", "timestamp": "2026-04-09T04:54:14.330033+00:00", "trace_id": "43a8dc1d-4191-4998-a4ab-762597428f0d", "pid": 240596, "uid": 0, "session_id": null, "details": {"request": {"mode": "scan", "config": "agentos_baseline"}, "result": {"mode": "scan", "config": "agentos_baseline", "failures": [{"rule_id": "fs.shm_noexec", "status": "FAIL", "message": "/dev/shm must be mounted noexec to prevent in-memory code execution - Reason: /dev/shm is not mounted with noexec. (actual: --"}], "fixed_items": [], "passed": 22, "fixed": 0, "failed": 1, "manual": 0, "dry_run_pending": 0, "total": 23}}}
{"event_id": "90b55581-c1ed-4ac7-b3a9-8159206bcdf2", "event_type": "harden", "category": "hardening", "timestamp": "2026-04-09T04:54:27.836636+00:00", "trace_id": "d82d1d99-9921-4bf5-bd17-5bb65005e13a", "pid": 240799, "uid": 0, "session_id": null, "details": {"request": {"mode": "reinforce", "config": "agentos_baseline"}, "result": {"mode": "reinforce", "config": "agentos_baseline", "failures": [], "fixed_items": [{"rule_id": "fs.shm_noexec", "status": "FAIL", "message": "/dev/shm must be mounted noexec to prevent in-memory code execution - Reason: /dev/shm is not mounted with noexec. (actual: --"}], "passed": 22, "fixed": 1, "failed": 0, "manual": 0, "dry_run_pending": 0, "total": 23}}}

Additional Notes

[edonyzpc]

code changes are reviewed in PR #121 , rename branch for fix the commit message format issue which is pushed to remote repo

[edonyzpc]

Review in #121 , and looks good to me.