Add guarded-surface safety rules

[eggrollofchaos]

Summary

• Add guarded-surface rules for auth, persistence, money, privacy, concurrency, security, and public APIs.
• Preserve critical controls when Ponytail minimizes code: authorization, validation, idempotence, migrations, auditability, rate limits, privacy boundaries, concurrency safety, tests, and public API compatibility.
• Treat /ponytail-review as a complexity pass only, not approval to remove safety controls.
• Strengthen copied-rule invariants so the skill, compact agent rules, and hook fallback cannot drift silently.
• Make the correctness benchmark more portable by resolving Python/pandas through explicit interpreter and uv fallback paths instead of assuming base python3 has pandas.

Motivation

Ponytail already says "lazy, not negligent." Public feedback points to correctness-by-context: a shorter answer can be right for one prompt while quietly dropping validation, readability, maintainability, or future-change affordances.

• GitHub issue #112 asks whether readability belongs on the never-simplify-away list, using the concrete failure mode of a dense one-liner that cuts lines but gets harder to change.
• GitHub issue #100 raises the broader question of whether always-on minimality constraints trade off model performance or reasoning quality, and recommends stronger eval coverage for quality regressions alongside LOC.
• The Reddit launch discussion includes exactly the validation critique this PR is meant to address: one line can be smaller without preserving the same validation level.
• The Hacker News discussion makes the context point directly: a native control can be the correct lazy answer in one scenario and the wrong one in another.
• Ponytail's own v4.4.0 release notes describe a real field test as a net win while also saying the laziness needed a tighter leash around failsafes, validation, and auth checks.

This PR makes that leash explicit for the surfaces where "less code" can otherwise become "less responsibility."

Verification

• node scripts/check-rule-copies.js
• node --test tests/*.test.js pi-extension/test/*.test.js

Latest local run: 12 rule invariants, 10 hook invariants, 47/47 tests passing.

Suggestion for default mode change

Consider making lite the default Ponytail mode. The tool makes potentially broad changes to everyday agent behavior; users will likely want to test it in lite first, watch it work on their own codebase, and then decide whether to run full broadly across their agents.

• GitHub issue #100 explicitly mentions adoption hesitation around model-degradation worries from always-on constraints.
• The Hacker News discussion shows the same adoption tension: strong interest in reducing over-engineering, paired with caution that senior judgment depends on context.