aware app install accepts write-without-safety apps that validate + run both reject

[pawellisowski]

Summary

aware app install accepts an app that both aware app validate and aware app run reject for the same reason — a write-mode node missing its required safety: block. So an invalid app installs cleanly (lockfile written) and only fails much later, at run time.

Repro (0.40.1)

App with one write-mode node and no safety::

app: nosafety
version: 0.1.0
display-name: No Safety
description: write-mode node with no safety block.
layout: linear
requires: [microsoft-365@0.1.x]
nodes:
  - id: post
    agent: microsoft-365
    command: teams.channel.post-message
    inputs: { team-id: t, channel-id: c, message: hi }

$ aware app validate ./nosafety
✗ [E_APP_WRITE_WITHOUT_SAFETY] node "post" ... without a `safety:` block
error: validation failed: app failed validation        # correct

$ aware app install ./nosafety
✓ installed nosafety (lockfile written)                 # accepts it anyway

$ aware app run nosafety
error: app failed safety pre-flight ... E_APP_WRITE_WITHOUT_SAFETY   # rejects again

Expected

aware app install should run the same validation as aware app validate and refuse to install (the app-spec § Safety contract says "aware app validate refuses to install an app missing safety: on a write-mode node" — install should enforce it, not just the standalone validate command). Catching this at install time (not run time) matches the contract and fails fast.

(Found while doing real aware app run of the floless target-workflow demos on 0.40.1 — a college-phase-exporter app installed fine despite its M365 write nodes lacking safety:, then failed run pre-flight.)