Policy Engine demo

• resource: file | process | network | tool | env
• pattern: glob (* single segment / ** any segments / ? 1 char)
• severity: Allow | Block | Warn | Review | Sanitize
• allow: boolean — false 면 severity 무시 + Block

평가 = 첫 매치 rule 결과. 매치 없음 = evaluate → allow, decide → block (default deny).

✅ TS-side glob → JsPolicyFile.evaluate() swap 완료 (alpha.4). 매치 결과 = wasm-bindgen 직접 호출. block / review 결정 시 audit log 에 policy.deny 자동 기록 + inline alert toast 표시.

1. ✅ @wasmclaw/core 1.0.0-alpha.4 import
2. ✅ JsPolicyFile.fromJson() + evaluate() live
3. ✅ Browser-safe wrapper (@soulclaw/engine-wrapper/policy)
4. ✅ Audit log 통합 (UserAction kind, policy.deny target)
5. ✅ 3 demo presets (HTTP whitelist / SSH guard / secret guard)
6. ⏳ Capability lease 통합 (alpha.5+)
7. ⏳ Streaming evaluation (C12 후)