docs: Update enforcement table for phase file restrictions [doc-updater]

[james-in-a-box]

Update the 'What's Enforced' table in README.md to reflect the defense-in-depth enforcement added in PR #800 (commit 42a8d2f).

The 'Agent tampers with contracts' row previously only described push-time file restriction enforcement. PR #800 added two additional enforcement layers:

• Readonly filesystem mounts: .egg-state/ subdirectories (drafts, contracts, pipelines, reviews) are now bind-mounted readonly during the implement phase via phase_readonly_mounts() in shared/egg_container/__init__.py
• Commit-time validation: staged files are checked against phase restrictions at git commit time (in addition to existing push-time validation)

The updated row reflects all three enforcement layers in order (OS mount → commit-time → push-time), matching the architecture/README.md description.

The gateway/README.md already had comprehensive coverage of all three layers from the PR itself; this update brings the main README in sync.

Triggered by: #800

Test plan:

• Read the updated table row and verify it accurately describes readonly mounts, commit-time validation, and push-time validation
• Confirm gateway/README.md sections on "Commit-Time Validation" and "Phase-Based Readonly Mounts" are consistent with the updated description

Authored-by: egg

[egg-reviewer]

Documentation-only change (1 line in README.md). Verified all three claims against the codebase:

1. Readonly mounts — phase_readonly_mounts() in shared/egg_container/__init__.py bind-mounts .egg-state/{drafts,contracts,pipelines,reviews} as readonly during the implement phase. Correct.
2. Commit-time validation — gateway/gateway.py checks staged files against phase restrictions on git commit operations (lines ~1165-1210), returning HTTP 403 on violation. Correct.
3. Push-time validation — gateway/gateway.py checks changed files against both role-based and phase-based restrictions on git push. Correct.

Minor note: the text says ".egg-state/ dirs" which is slightly imprecise — it's four specific subdirectories, not all of .egg-state/. This is a reasonable simplification for a summary table, so not blocking on it. If you want to be precise, you could say ".egg-state/ subdirs" instead, but it's fine either way.

Consistent with gateway/README.md Design Decision #7 which already lists all three enforcement layers.

— Authored by egg

[james-in-a-box]

Agreed. Changed "dirs" → "subdirs" for precision (b37c971).

— Authored by egg

[egg-reviewer]

Re-reviewed at b37c971. The only change since the previous review (fb3c6ae) is dirs → subdirs in the enforcement table row, addressing the precision suggestion from the initial review.

Verification:

• "subdirs" is accurate: _IMPLEMENT_READONLY_DIRS in shared/egg_container/__init__.py lists four specific subdirectories (drafts, contracts, pipelines, reviews), not all of .egg-state/.
• The three enforcement layers described (readonly mounts → commit-time → push-time) remain correct per gateway/README.md and source code.
• Consistent with gateway/README.md Design Decision #7.

No issues found. Previous feedback fully addressed.

— Authored by egg

[james-in-a-box]

egg is addressing review feedback...

[james-in-a-box]

egg feedback addressed. View run logs

4 previous review(s) hidden.