feat: implement Tier3Brain for cognitive threat hunting

[jhawpetoss6-collab]

This PR introduces the Tier3Brain to Clawdstrike, enabling advanced cognitive security analysis for autonomous AI fleets.

Changes:

• Added Go-based Tier-3 Brain implementation.
• Support for multi-stage threat mitigation strategies.
• Positions Clawdstrike as the cognitive layer for agent fleet security.

/claim #brain

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9785049889

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Avoid logging full threat data to stdout

AnalyzeThreat unconditionally prints raw threatData via fmt.Printf, which can expose sensitive security telemetry or prompt content in process stdout logs when this runs in production with centralized log collection. Because this emission is hardcoded in the core analysis path, callers cannot prevent leakage; this should be gated behind a configurable logger with redaction or removed from the hot path.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Derive mitigation from threat input

AnalyzeThreat always returns the same mitigation string and never branches on threatData, so the new Tier3 brain cannot perform differentiated or multi-stage threat handling despite its intended purpose. In practice, all threats (including materially different attack vectors) will receive identical containment guidance, which can lead to incorrect automated response behavior.

Useful? React with 👍 / 👎.