Harden V1.1 API-stable contracts

[duncanita]

Summary

• Harden runtime/profile/event/memory-storage boundaries against mutable caller-owned strings while preserving the V1.1 public API.
• Correct effect key examples so consumer-owned type and key parts stay colon-free, matching the existing type:key validation contract.
• Add API-stability and release-gate coverage for public docs, storage contract behavior, and legacy mutation storage adapters.

Refs #174

Independent Risk Review

This PR follows an API-stable hardening review of the V1.1 release candidate. The review focused on storage contract/result receipt semantics, diagnostic/value immutability, bounded recovery and mutation safety, runner/storage adapter compatibility, effect identity docs, and V1.1 release-gate documentation.

Risk Findings

• Medium: mutable workflow/event/runtime-profile boundary strings could be mutated after construction or storage calls. The PR defensively copies/freezes those values at API boundaries.
• Low: README and execution-plan effect key examples used colon-delimited key segments even though the current effect value layer already rejects : inside type and key.
• Low: public contract docs referenced internal guidance for a port-extension rationale and the execution plan still contained historical execution wording.
• Low: legacy mutation storage adapter compatibility needed a regression guard.

API Compatibility

• DAG::VERSION remains 1.1.0.
• No changes to lib/dag.rb, lib/ruby-dag.rb, or lib/dag/version.rb.
• No public constants, classes, modules, require entry points, public method names, or required arguments were added/removed/renamed.
• API surface snapshot comparison against origin/main matched exactly: DAG::VERSION=1.1.0, 89 DAG modules/classes.
• Public behavior changes are defensive-copy/immutability hardening behind existing constructors and storage methods.
• README/effect docs now show colon-free keys that match the existing DAG::Effects.validate_ref_part! behavior; this is a correction of examples, not a new schema requirement.

Implementation Notes

• DAG::RuntimeProfile now frozen-copies event_bus_kind so YAML-compatible string values cannot be mutated after profile construction.
• DAG::Event now frozen-copies workflow_id, node_id, and attempt_id.
• Memory storage internals now frozen-copy workflow ids in create_workflow, append_revision, and begin_attempt before using them as durable state coordinates.
• Storage contract groups now include mutable workflow id conformance tests.
• Release-gate tests cover colon-free effect examples, self-contained public contract docs, and historical execution-plan wording.

Verification

• git diff --check origin/main...HEAD — passed.

• TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake — passed: 585 runs, 40553 assertions, 0 failures, 0 errors; RuboCop inspected 149 files with no offenses; YARD reported 99.15% documented.

• Targeted tests — passed:

  • TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake test TEST=spec/r0/types_are_deep_frozen_test.rb — 6 runs, 16 assertions.
  • TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake test TEST=spec/r0/v1_1_release_gate_test.rb — 9 runs, 115 assertions.
  • TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake test TEST=spec/r1/types_validation_test.rb — 32 runs, 57 assertions.
  • TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake test TEST=spec/r2/memory_storage_contract_test.rb — 43 runs, 223 assertions.
  • TMPDIR=/home/hermes/.tmp/ruby-dag bundle exec rake test TEST=spec/r3/mutation_active_run_guard_test.rb — 3 runs, 14 assertions.

• API surface snapshot vs origin/main — passed: exact match, DAG::VERSION=1.1.0, 89 modules/classes.

• Static scan of the diff found no hardcoded secrets, shell injection, eval/exec, unsafe deserialization, SQL injection, or forbidden public wording.

• Final independent review returned pass with no security concerns, logic errors, or API compatibility issues.

• GitHub Actions on PR Harden V1.1 API-stable contracts #175 — passed: test (3.4), test (4.0), and test (head) across the configured CI/Ruby workflows.