Add compiled_action type and governance event promotion

[davidahmann]

Summary

• add built-in compiled_action proof record type schema and registry entry
• add governance event schema and NewRecordFromEvent promotion helper
• update framework mappings (EU AI Act, SOC2 incl CC8, PCI-DSS)
• add docs for governance events and context metadata conventions
• add fixtures/tests/scenario coverage for compiled action and event promotion

Validation

• go test ./...
• go test ./internal/scenarios -count=1 -tags=scenario -v
• go vet ./...
• ./scripts/test_contract_exitcodes.sh

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 14011c645f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Handle pending verdict before mapping script events

ValidateGovernanceEvent accepts verdict: "pending", but NewRecordFromEvent unconditionally copies any non-empty event.Verdict into gate_verdict for script_evaluation events. This produces a compiled_action record that fails schema validation because gate_verdict does not allow pending, so a governance event that passes validation cannot be promoted. This breaks the documented validate-then-promote flow for pending script evaluations.

Useful? React with 👍 / 👎.