knowledge: agent self-correction with audit + per-persona gate + revert

Bundles three coupled changes so agent-side mutations stay
auditable and reversible:

1. Audit columns on entity_facts —
   `last_modified_by_model` / `last_modified_by_backend` /
   `last_modified_at`. Stamped on every mutation path
   (update_fact, supersede_fact, manual PATCH, manual supersede,
   the new revert). NULL on rows never touched since creation.
   Partial index on `last_modified_at WHERE NOT NULL` keeps the
   "show me recent edits" feed fast without bloating from legacy
   rows.

2. Per-persona gate `personas.allow_agent_corrections` (BOOLEAN,
   default 0). Defense in depth at two layers:
   - build_tool_definitions: when off, `update_fact` and
     `supersede_fact` aren't in the catalog at all, so even a
     hallucinated tool call by the model fails fast.
   - tool_update_fact / tool_supersede_fact: re-checks the persona
     flag at call time and returns an explicit "corrections
     disabled" error if it's somehow off (e.g. flag flipped mid-
     loop).
   ToolGateOpts grows the flag; current_gate_opts splits into
   `current_gate_opts` (no persona context, defaults closed) +
   `current_gate_opts_for_persona` for chat callers that have a
   persona id. Both call sites in insight_chat are updated.

3. Revert action — new DAO method `revert_supersession` +
   `POST /knowledge/facts/{id}/restore`. Flips status back to
   'active', clears `superseded_by`, clears `valid_until` (we
   don't track whether it was hand-set vs auto-stamped, so the
   safe reset is to drop it — user can re-bound after). Stamps
   `last_modified_*` so the revert itself is attributable.

Manual paths (PATCH / supersede via HTTP, plus restore) stamp the
audit columns with `("manual", "manual")`. Agent paths stamp the
loop-time chat model and backend (mirroring the existing
created_by_* convention).

FactDetail in the HTTP response now carries the audit triple
alongside the existing provenance. Apollo wires the new field set
in the matching commit.

PersonaView / UpdatePersonaRequest grow `allowAgentCorrections`;
the PersonaPatch + InsertPersona + bulk_import paths thread it.

317 lib tests pass, including unchanged update_fact / supersede
DAO tests (now passing audit=None — None means "no provenance
context to attribute", legacy semantics).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/personas.rs

@@ -40,6 +40,11 @@ pub struct PersonaView {
     /// 2026-05-10-000400.
     #[serde(rename = "reviewedOnlyFacts")]
     pub reviewed_only_facts: bool,
+    /// Gate for the agent's update_fact / supersede_fact tools.
+    /// Default false — fresh personas let the agent create but not
+    /// alter. See migration 2026-05-10-000500.
+    #[serde(rename = "allowAgentCorrections")]
+    pub allow_agent_corrections: bool,
 }
 
 impl From<Persona> for PersonaView {
@@ -53,6 +58,7 @@ impl From<Persona> for PersonaView {
             created_at: p.created_at,
             updated_at: p.updated_at,
             reviewed_only_facts: p.reviewed_only_facts,
+            allow_agent_corrections: p.allow_agent_corrections,
         }
     }
 }
@@ -80,6 +86,8 @@ pub struct UpdatePersonaRequest {
     pub include_all_memories: Option<bool>,
     #[serde(default, rename = "reviewedOnlyFacts")]
     pub reviewed_only_facts: Option<bool>,
+    #[serde(default, rename = "allowAgentCorrections")]
+    pub allow_agent_corrections: Option<bool>,
 }
 
 #[derive(Deserialize)]
@@ -258,6 +266,7 @@ async fn update_persona(
         system_prompt: body.system_prompt.clone(),
         include_all_memories: body.include_all_memories,
         reviewed_only_facts: body.reviewed_only_facts,
+        allow_agent_corrections: body.allow_agent_corrections,
     };
     match dao.update_persona(&cx, uid, &pid, patch) {
         Ok(Some(p)) => HttpResponse::Ok().json(PersonaView::from(p)),