fix: harden v0.1 Foundry integration and contracts

[OgeonX-Ai]

Summary

• correct the current Foundry Agent Service Responses �gent_reference payload and sanitize backend failures
• enforce and verify immutable cas-contracts v0.1.0 conformance for PromptEnvelope and serialized RunEvents
• preserve trace context, harden managed-identity telemetry, readiness, and deployment/runtime boundaries

Audit findings

• F-01 Foundry request payload used the wrong �gent key
• F-02 PromptEnvelope constraints drifted from canonical schema
• F-03 lifecycle events fabricated trace context when no active SDK span existed
• F-04 external provider failures could propagate beyond the application boundary
• F-05 no immutable release-schema/hash conformance gate existed; nullable serialization also drifted
• F-06 readiness accepted malformed Foundry configuration
• F-07 telemetry export did not enforce managed identity/privacy hardening
• F-08 deployment interface and Docker build-context claims were inaccurate or incomplete

Verification

• ./scripts/validate.ps1: pass
• Ruff: pass
• strict MyPy: pass
• pytest: 31 passed, 97.37% coverage
• committed cas-contracts release hashes: 8/8 verified
• local Docker build: blocked because Docker Desktop daemon is not running; CI performs Linux AMD64 build

No Azure resources were deployed.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.