Policy Layer (CBS) + Security Layers

a new version of policy-layer was pushed to github ## [0.5.0] — 2026-05-17 ### Changed - **D' gating system** — Replaced fixed D' bands (LOW_ACCEPT/MEDIUM_CONFIRM/HIGH_REJECT) with sigmoid-based risk scoring. Three zones: ACCEPT (risk ≤ 0.15), ESCALATE (0.15 < risk < 0.85), REJECT (risk ≥ 0.85). Configurable via `sigmoidMidpoint`, `sigmoidSteepness`, `sigmoidAcceptBelow`, `sigmoidRejectAbove`. - **Severity magnitude calculation** — Fixed `1 - avgSeverity` → `avgSeverity / 1000`. Severity now properly contributes to D' score as intended. - **Pattern count** — Updated documentation to reflect actual count: 25 patterns (14 CRITICAL + 11 HIGH). Previously documented as 23. - **README HIGH pattern table** — Expanded from 4 to 11 entries, accurately listing all HIGH severity patterns. - **Analytics dashboard** — Fixed scrollbars for Top Patterns chart and Pattern Breakdown panel. ### Removed - **`/dev/null redirect for output suppression`** — MEDIUM pattern removed. `2>/dev/null` is a common legitimate pattern and was triggering excessive escalations. - **Old D' band thresholds** — `dGateThreshold` config option replaced by sigmoid parameters.