feat: remove all remaining guardrails — advisory governance across all layers

18 changes implementing full advisory philosophy:

1. Safety Head prompt: prevention mandate → advisory observation
2. Native Reasoning: Safety claims conditional on actual risk signals
3. File Tool: path scope advisory (log + proceed)
4. HTTP Tool: SSRF protection advisory (log + proceed)
5. File Size Cap: configurable (default unlimited)
6. PII Detection: integrated with AdaptiveEthics
7. Embodiment: force limit advisory (log, don't clamp)
8. Embodiment: workspace bounds advisory (log, don't reject)
9. API Rate Limiter: advisory (log, don't hard 429)
10. MAA Gate: GovernanceMode.ADVISORY default
11. Physics Authority: safety factor advisory, not hard reject
12. Self-Model: evolve_value() for experience-based value evolution
13. Ethical Lesson: weight unclamped for full dynamic range
14. ConsequenceEngine: adaptive risk_memory_window
15. Cross-Head Learning: shared InsightBus between heads
16. World Model: self-modification prediction
17. Persistent memory: file-backed learning store
18. Plugin Heads: ethics/consequence hooks in HeadAgent + HeadRegistry

429 tests passing, 0 ruff errors, 0 new mypy errors.

Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>

tests/test_tools_runner.py

@@ -259,28 +259,36 @@ class TestToolRegistry:
 class TestSSRFProtection:
     """Test SSRF protection in URL validation."""
 
-    def test_localhost_blocked(self):
-        """Test that localhost URLs are blocked."""
+    def test_localhost_advisory(self):
+        """Test that localhost URLs proceed in advisory mode (default)."""
+        result = _validate_url("http://localhost/path")
+        assert result == "http://localhost/path"
+
+        result = _validate_url("http://127.0.0.1/path")
+        assert result == "http://127.0.0.1/path"
+
+    def test_localhost_blocked_enforcing(self):
+        """Test that localhost URLs are blocked in enforcing mode."""
         with pytest.raises(SSRFProtectionError, match="Localhost"):
-            _validate_url("http://localhost/path")
+            _validate_url("http://localhost/path", advisory=False)
 
-        with pytest.raises(SSRFProtectionError, match="Localhost"):
-            _validate_url("http://127.0.0.1/path")
+    def test_private_ip_advisory(self):
+        """Test that private/internal IPs proceed in advisory mode."""
+        result = _validate_url("http://test.local/path")
+        assert result == "http://test.local/path"
 
-    def test_private_ip_blocked(self):
-        """Test that private IPs are blocked after DNS resolution."""
-        # Note: This test may pass or fail depending on DNS resolution
-        # Testing the concept with a known internal hostname pattern
-        with pytest.raises(SSRFProtectionError):
-            _validate_url("http://test.local/path")
+    def test_non_http_scheme_advisory(self):
+        """Test that non-HTTP schemes proceed in advisory mode."""
+        result = _validate_url("file:///etc/passwd")
+        assert result == "file:///etc/passwd"
 
-    def test_non_http_scheme_blocked(self):
-        """Test that non-HTTP schemes are blocked."""
+        result = _validate_url("ftp://example.com/file")
+        assert result == "ftp://example.com/file"
+
+    def test_non_http_scheme_blocked_enforcing(self):
+        """Test that non-HTTP schemes are blocked in enforcing mode."""
         with pytest.raises(SSRFProtectionError, match="scheme"):
-            _validate_url("file:///etc/passwd")
-
-        with pytest.raises(SSRFProtectionError, match="scheme"):
-            _validate_url("ftp://example.com/file")
+            _validate_url("file:///etc/passwd", advisory=False)
 
     def test_valid_url_passes(self):
         """Test that valid public URLs pass."""
@@ -306,16 +314,16 @@ class TestFileTools:
             assert result == "Hello, World!"
             assert log["error"] is None
 
-    def test_file_read_outside_scope(self):
-        """Test reading a file outside scope is blocked."""
+    def test_file_read_outside_scope_advisory(self):
+        """Test reading a file outside scope proceeds in advisory mode."""
         with tempfile.TemporaryDirectory() as tmpdir:
             tool = make_file_read_tool(scope=tmpdir)
 
-            # Try to read file outside scope
+            # In advisory mode, out-of-scope reads proceed with a log
             result, log = run_tool(tool, {"path": "/etc/passwd"})
 
-            assert result is None
-            assert "not allowed" in log["error"].lower() or "permission" in log["error"].lower()
+            assert result is not None  # File content returned
+            assert log["error"] is None
 
     def test_file_write_in_scope(self):
         """Test writing a file within scope."""