feat: add DiffPolicy rule type for git change scope enforcement #395
Description
Summary
PolicyEvaluator handles tool call authorization but has no way to enforce git diff constraints — file count limits, line count limits, path pattern restrictions on agent-authored changes.
Proposal
Add a DiffPolicy rule type:
- max_files_changed: int (e.g., 20)
- max_lines_changed: int (e.g., 400)
- allowed_paths: list[glob] (e.g., ["src/", "tests/"])
- blocked_paths: list[glob] (e.g., [".github/workflows/**", "*.lock"])
- Decision: PASS / SOFT_FAIL (warning) / HARD_FAIL (block)
- HARD_FAIL threshold at 2x limit, SOFT_FAIL at 1x
Why This Matters
Agent-authored PRs are the primary output of governed agents. Without diff-level policy enforcement, agents can make sweeping changes that are impossible to review. Every consumer building PR workflows needs this.
Real-World Evidence
ai-native-team daemon scope_guard.py implements file/line count enforcement with per-agent overrides and drift detection. This is generic enough to belong in the toolkit.