v0.11.0 — team-shared rule ledgers (import + re-verify)

Roadmap #3, increment 2: import a shared ledger and re-verify each rule locally — never trusting a foreign delta.

What's new

• /warden-adopt --from <path> (and src/adopt.ts) reads a shared ledger (from /warden-share) and queues its rules as candidates locally. The foreign measured delta is discarded and the context rent is recomputed locally, so by invariant #1 an adopted rule is never injected into memory until the local selector re-measures it on this machine's golden suite. Near-duplicates of any existing rule (active/candidate/evicted) are skipped; re-adopting is idempotent.

Why this is safe

This is the increment that writes to the rule ledger, so it was the one to handle carefully. The safety comes from a single decision: an adopted rule is just a candidate, so it flows through the existing selector untouched — the whole variance-conservative verdict path re-measures it on your own suite. There is no new trust path. The ledger JSON is zod-validated; control-char bodies and malformed blocks are rejected.

Verified end-to-end: real rules exported → adopted into a fresh DB as candidates (rent recomputed, foreign delta discarded) → re-adopt correctly skipped as duplicates. 174 tests, green on Node 22 and 24.

Full changelog: v0.10.0...v0.11.0