Remove Codebox host tool policy leakage

[chubes4]

Summary

• Replace the host tool policy transport schema recognition with the product-neutral Agents API runtime policy schema.
• Remove the legacy wp-codebox sandbox policy fixture in favor of the neutral Data Machine host policy shape.
• Add an explicit boundary smoke assertion that production inc files contain no Codebox vocabulary.

Tests

• php tests/pipeline-tool-policy-snapshot-smoke.php
• php tests/boundary-forbidden-names-smoke.php
• php tests/agent-bundle-runner-contract-smoke.php

AI assistance

• AI assistance: Yes
• Tool(s): openai/gpt-5.5 via OpenCode
• Used for: Implementing the policy boundary cleanup, updating smoke fixtures, running targeted verification, and drafting this PR description.

[homeboy-ci]

Homeboy Results — data-machine

Lint

✅ lint — passed

ℹ️ Full options: homeboy docs commands/lint
Deep dive: homeboy lint data-machine --changed-since 8bae95b

Artifacts and drill-down

• CI results artifact: homeboy-ci-results-data-machine-lint-quality-Linux-node24 contains immediate command JSON for this action invocation.
• Observation artifact: homeboy-observations-data-machine-lint-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
• Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
• Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27919981166

Test

✅ test — passed

ℹ️ Auto-fix lint issues: homeboy refactor data-machine --from lint --write
ℹ️ Collect coverage: homeboy test data-machine --coverage
ℹ️ Pass args to test runner: homeboy test -- [args]
ℹ️ Full options: homeboy docs commands/test
Deep dive: homeboy test data-machine --changed-since 8bae95b

Artifacts and drill-down

• CI results artifact: homeboy-ci-results-data-machine-test-quality-Linux-node24 contains immediate command JSON for this action invocation.
• Observation artifact: homeboy-observations-data-machine-test-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
• Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
• Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27919981166

Audit

✅ audit — passed

• audit — 15 finding(s)
• Total: 15 finding(s)

Deep dive: homeboy audit data-machine --changed-since 8bae95b

Artifacts and drill-down

• CI results artifact: homeboy-ci-results-data-machine-audit-quality-Linux-node24 contains immediate command JSON for this action invocation.
• Observation artifact: homeboy-observations-data-machine-audit-quality-Linux-node24 contains exported Homeboy run history for deeper queries.
• Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
• Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine/actions/runs/27919981166

Tooling versions

• Homeboy CLI: homeboy 0.249.0+f05a14e58a41+c354cc4b
• Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
• Extension revision: 7b708d61
• Action: unknown@unknown