v0.7.0a2

v0.7.0a2 — Architecture deepening + safer memory ops

What's new (user-facing)

• aiswmm doctor gains a Sessions store row with full integrity check (states: ok / corrupt / unreadable / absent). Exit code is now non-zero on CORRUPT/UNREADABLE — CI health checks finally catch data-loss conditions.
• New verb aiswmm memory repair-sessions rebuilds a damaged sessions.sqlite from on-disk session_state.json + agent_trace.jsonl. Defaults to interactive y/N confirmation; pass --dry-run to preview or --yes for scripted use.
• ~/.aiswmm/silent_fallbacks.jsonl — every silent except Exception in the agent runtime now appends a structured row (scope, exception_type, exception_str, timestamp_utc). One jq query answers "what fell back in this session?"

Internal refactor (zero behaviour change for existing flows)

• tool_registry.py split from 2163 LOC monolith → 13 family-named modules under tool_handlers/.
• runtime_loop startup decomposed into 5 named lifecycle phases.
• intent_map merged into intent_classifier.
• @on_exception_return_default decorator consolidates 11 tier-1 boundary sites.
• Project CONTEXT.md documents the domain vocabulary so future contributors onboard faster.

Fixes

• HIGH: repair-sessions no longer offered on a permission-denied DB (would have overwritten a healthy DB).
• HIGH: repair-sessions summary["ok"] correctly reflects failures (was always True).
• repair-sessions uses os.replace instead of shutil.move (cross-filesystem safe).
• repair-sessions exits 1 with a friendly stderr on backup failure.

Closed in this release

#128 #204 #205 #206 #207 #211 #212 #218 #219 #221