fix(runtime): keep delegation under CoreRoom control

[spytensor]

Summary

Closes the release-blocking delegation/cost issue found during v0.9.17 dogfood and prepares v0.9.18.

Root cause: managed Claude Code roles had access to Claude Code's native Agent tool. That created a second delegation plane inside the @host session: work was host-intended, but not CoreRoom-dispatched, so it bypassed CoreRoom parent turns, lifecycle cards, per-role cost attribution, interrupts, and tracker evidence.

Changes

• Disable Claude Code native Agent delegation for managed roles with --disallowedTools Agent.
• Hard-deny Agent in the CoreRoom Claude permission hook, even if session policy tries to allow it.
• Keep peer delegation on the CoreRoom plane: @role: <brief>.
• Normalize Claude Code cumulative total_cost_usd samples into per-role/session deltas for cr cost.
• Stop treating public root turns as sub-agent spawns, fixing @host spawning footer/card noise.
• Leave terminal mouse capture off by default so transcript text can be selected/copied; opt in with COREROOM_MOUSE_CAPTURE=1.
• Prepare v0.9.18 metadata: Cargo/npm version, README direct install tag, splash notes, changelog, docs.

Evidence

Real dogfood log showed 17 Claude native Agent calls in .coreroom/messages.jsonl, including reviewer audits and implementer worktrees. Examples included @frontend implements #379 demo, @engineer implements #380 lifecycle data model, @frontend implements #381/#382/#384/#386, and reviewer audits for PRs #388-#392.

Those tasks were legitimate delegation/review/implementation work, but the execution mechanism was wrong: they were Claude-native Agent tool calls inside @host, not CoreRoom TurnDispatched child turns. Earlier in the same log, normal @frontend: CoreRoom delegation did emit TurnDispatched role=frontend parent=..., proving the CoreRoom route existed and worked.

Corrected cr cost --since 2026-05-26 on the dogfood log now reports:

role              turns cost (USD)     cache_read
--------------------------------------------------
@frontend             2     3.2642        2605078
@host                23   107.6070       60902970
--------------------------------------------------
TOTAL                25   110.8712       63508048

Raw pre-normalization host sum from the same log was 411.3542, confirming previous overcount from cumulative Claude Code session samples.

Validation

• cargo fmt --all -- --check
• git diff --check
• env -u NO_COLOR TERM=xterm-256color cargo test --quiet
• cargo clippy --all-targets --all-features -- -D warnings
• cargo build --locked --quiet
• npm pack --dry-run --json from npm/ reports @spytensor/coreroom@0.9.18
• env -u NO_COLOR TERM=xterm-256color cargo run --quiet -- cost --project /Users/zhuchaojie/Desktop/codes/CoreRoom --since 2026-05-26

Release Plan

After merge to main, tag and push v0.9.18 from main. The existing release workflow builds GitHub release assets and publishes npm when NPM_PUBLISH_ENABLED is true.

Risks / Rollback

Risk: users who expected Claude Code native Agent inside CoreRoom roles will now be forced through CoreRoom @role routing. That is intentional for host-led control. Rollback is a revert of this PR before tagging v0.9.18.