feat(proxy): optional evidence payload on POST /audit (#11)

[olivrg]

Description

Adds an optional evidence array to POST /audit so a hook-based adapter (OpenClaw, #11) can populate
evidence-grounding facts on its single adapter-scoped token, instead of the SDK-scoped POST /evidence. This is the one remaining Helio-core change the adapter depends on.

• governance-service: AuditInput gains evidence; on a successful, first-finalize audit it writes each entry via EvidenceStore, bound to the pending evaluation's own session_id/tool_name (the adapter never supplies them — it cannot target another session). Every per-entry failure is soft (reported, never request-fatal) and the audit still finalizes 201: caps are enforced here as soft-drops — too_many (>16) / too_large (>64 KiB) — alongside the store's key_not_in_policy_allowlist / closed and no_session / evidence_unavailable. Notably closed is not the 503 the standalone /evidence route returns — losing the audit row for a call that already ran would be worse than a dropped evidence entry.
• governance-api: evidence added to the auditBody schema (no route-level .max(), so caps stay soft-drops) and folded into auditPayloadHash, order-independent (sorted by the full canonical tuple) — an identical retry replays cleanly while divergent evidence is a 409 evaluation_conflict.

Success-only, first-finalize-only (idempotent replays never re-write). The /audit endpoint stays adapter-token-scoped; non-evidence audits are byte-identical and the MCP path is untouched.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (no functional changes)
• Documentation
• CI / build / tooling

Packages Affected

• packages/proxy
• packages/dashboard
• packages/python-sdk
• Root config / monorepo tooling
• docs/
• examples/

Checklist

• I have read CONTRIBUTING.md
• My code follows the existing style (ESLint + Prettier pass)
• TypeScript strict mode — no any types or @ts-ignore without justification
• I have added or updated tests for my changes
• All CI checks pass (pnpm secrets:scan, pnpm docs:check:ci, pnpm audit --audit-level=high, pnpm build, pnpm lint, pnpm format:check, pnpm typecheck, pnpm test)
• I have updated documentation if this changes user-facing behavior
• Commit messages follow Conventional Commits (e.g. feat:, fix:, docs:)

How to Test

1. Run a proxy with an evidence.requires rule for a key, then POST /evaluate → POST /audit with status: "success" and evidence: [{ evidence_key, evidence_data }]; confirm the response returns evidence: [{ evidence_key, stored: true }] and a later evidence-grounded /evaluate sees the stored fact.
2. Submit a disallowed key, an oversized (>64 KiB) entry, and a >16-entry array; confirm each soft-drops with the matching reason (key_not_in_policy_allowlist / too_large / too_many) while the audit still returns 201.
3. Close the evidence store mid-flight and POST /audit with evidence; confirm 201 with reason: "closed" (never 503). Replay the same evaluation_id with divergent evidence → 409 evaluation_conflict; replay with identical evidence in any order → 200 already_finalized.
4. pnpm --filter @gethelio/proxy test — full suite (1592 tests) passes, including the new audit evidence cases in governance-service and the route-level evidence cases in governance-api.

Part of #11.

Additional Context