feat: add Trusted Runtime routing registry and DAO_lim adapter

[safal207]

Summary

Implements #593 with a provider-neutral routing registry, a deterministic fail-closed local router, and an optional DAO_lim adapter.

This PR is stacked on top of #616 and #617. It remains a draft while those dependency PRs are open, although the routing implementation and CI validation are complete.

What is included

• explicit AdapterRegistry capability declarations;
• deterministic BackendCandidate and RoutingPolicy evaluation;
• routing by capability, latency, reliability, load, privacy, and cost;
• deterministic scores and ordered alternatives;
• primary and explicit fallback tiers;
• fail-closed NoRouteError behavior;
• ROUTE_SELECTED Cognitive Trail events with sanitized explainability metadata;
• feature-flagged DAO_lim CLI and HTTP adapter;
• explicit DAO_lim backend allowlist;
• machine-tag-only routing intent validation;
• timeout, malformed response, and no-route fixtures;
• configuration, security-boundary, and secret-handling documentation.

Routing flow

workflow role
-> declared capability
-> adapter registry
-> approved candidate set
-> policy filters
-> deterministic score or DAO_lim explain result
-> RouteDecision
-> ROUTE_SELECTED trail event

Security boundaries

• DAO_lim is disabled by default;
• core LS runs without DAO_lim installed;
• task content and user prompt text are not sent to DAO_lim;
• provider credentials and secret-like fields are removed from trail metadata;
• free-form routing intent is rejected in favor of bounded machine tags;
• DAO_lim selections require an explicit approved_backends allowlist;
• unavailable, degraded, malformed, timed-out, or unapproved routes fail closed;
• no routing decision authorizes execution or sends work to a provider.

Local verification

python -m pip install jsonschema pytest
PYTHONPATH=.:python:python/modules \
  python -m pytest python/tests/test_trusted_runtime_routing.py

Local preflight result: 10 tests passed; Python compilation and line-length checks passed.

CI result

All pull-request workflows are green on head 5d5b67aa:

• Trusted Runtime Contract — Python 3.9 and 3.11: success
• Ruff Auto-fix: success
• Phase 12.1 Regression Scan / Semgrep: success
• Reflection Dashboard HTTP E2E: success
• Security & CI Pipeline: success
• hardening verification, quality gate, vulnerability audit, SBOM, CodeQL, and dependency review: success

Related

• Implements Trusted Runtime: add adapter registry and DAO_lim routing integration #593
• Depends on Trusted Runtime: define contracts, boundaries, and canonical schemas #591 / feat: add Trusted Runtime contract foundation #616
• Depends on Trusted Runtime: implement provider-neutral workflow orchestrator #592 / feat: add deterministic Trusted Runtime orchestrator #617
• Epic: EPIC: LS Trusted Cooperative Runtime MVP #599