feat(core): add Risk Aggregator

[Ananya44444]

Implements the Risk Aggregator module for Step 3 (Evaluate phase) of the ACF pipeline.
Added fast-path stateless implementation

• Stateless weighted scoring (fast-path)
• Aggregates obfuscation, lexical, and provenance signals
• Returns normalized risk score and enforcement decision
• Designed for future hybrid model (async state-store integration)

Aligned with Phase-1 architecture contract (<10ms latency constraint).

[Copilot]

Pull request overview

Adds the “Evaluate” (Step 3) fast-path risk scoring layer to the sidecar core, with a YAML-driven policy loader and orchestration that merges scanner outputs and returns an enforcement decision within the low-latency path.

Changes:

• Introduces a stateless RiskAggregator that combines obfuscation, lexical, and provenance signals into a normalized risk score and decision.
• Adds a PolicyEngine + Pydantic policy schema and YAML loader to drive evaluation and merge scanner outputs into the payload.
• Provides a default firewall_policy.yaml including risk-aggregator weights and initial provenance/normalization/lexical sections.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File	Description
sidecar_core/risk_aggregator.py	Implements the weighted risk aggregation and decision mapping.
sidecar_core/policy_engine.py	Adds policy models, YAML loading, and evaluation orchestration around the aggregator.
sidecar_core/firewall_policy.yaml	Supplies a default policy configuration including aggregator weights.
sidecar_core/__init__.py	Declares the sidecar_core package.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[eddymontana]

Great work on the weighted scoring model, @Ananya44444 . This aligns perfectly with the Hybrid Evaluation Model we just 'frozen' with @adityac.jaiswal. and @aryank.

​By keeping your module stateless and emitting a Weighted Risk Vector (0.0 - 1.0), the PDP can act as the 'State Bridge'—querying the local Risk Cache for temporal context without slowing down your scanners. I've integrated this External Risk Signal logic into the Phase-1 Contract to ensure your aggregator plugs directly into the PDP's policy engine. Looking forward to reviewing the scoring logic!

[Pranjal0410]

Hey @Ananya44444 - just opened #10 for the semantic scanner. My module outputs a risk_score + semantic_hits that your aggregator would consume. Let me know if the output schema works for your signal inputs, happy to adjust.