Wire installer to materialise SecurityValidator runtime artefacts (#160)

[virtualian]

Summary

Closes #160. Closes the SecurityValidator regression chain #156 → #157 → #158 → #159 → #160:

• Fix SecurityValidator yaml import crash via lazy dynamic load (#156) #157 made the yaml import lazy/fail-open (silent no-op was masked).
• Restore SecurityValidator pattern shipping and yaml manifest (#158) #159 restored the shipped artefacts at Releases/v4.0.3+/.claude/.
• This PR materialises those artefacts into ~/.pai/ automatically at install time.

Changes

File	Change
Releases/v4.0.3+/.claude/PAI-Install/engine/pai-runtime-migration.ts	NEW — migratePaiRuntime helper
Releases/v4.0.3+/.claude/PAI-Install/engine/actions.ts	+9 — invoke from runRepository after migratePerPackCommands
Releases/v4.0.3+/.claude/PAI-Install/engine/exec.ts	+25 — add tryExecAt (structured cwd, no shell)
Releases/v4.0.3+/.claude/bun.lock	NEW — tracked lockfile, pins yaml@2.8.3

Decisions (recorded in PRD)

• D1 — Materialisation: copy, not symlink. ~/.pai/ is an independent runtime; user-edited patterns.yaml lives alongside the shipped patterns.example.yaml without crossing the ~/.claude boundary.
• D2 — bun.lock tracked in repo. Pins yaml@2.8.3 for reproducible installs across machines/dates. ~360 bytes.
• No new StepId. The helper extends runRepository, mirroring the three existing migrators (memory, skills, commands).

Behaviour

• Fresh install: copies package.json + bun.lock, runs bun install, copies PAI/PAISECURITYSYSTEM/ — failed=0, verify-security-validator.sh PASS=8 FAIL=0.
• Upgrade (idempotent): already-current for manifest, skipped-yaml-present for install, copied for PAISECURITYSYSTEM (cpSync merge semantics — user-edited patterns.yaml preserved).
• Manifest refreshed (yaml version bump): force-runs bun install even when yaml marker is present, so the new pin actually lands in node_modules/.
• Soft-fail: failures (missing source, permission denied, bun install timeout) emit a clear message and continue; the install does NOT abort. verify-security-validator.sh is the post-install regression guard.
• Defensive invariant: if ~/.pai/ exists as a regular file (corrupted state), aborts the module with a clear diagnostic rather than overwriting user data.

Security review (in-PR)

/simplify flagged a shell-injection vector in the first cut — tryExec(\"cd \\\"\${paiHome}\\\" && bun install\") would have failed on paths containing quotes/dollars/backticks and was injection-prone if PAI_DIR were ever attacker-influenced. Fixed by adding tryExecAt to exec.ts (uses execFileSync with structured cwd, no shell concatenation).

Other findings actioned: idempotency hole on yaml major-bump (force install when manifest just changed), missing paiHome-is-directory invariant (clear-diagnostic abort), redundant intermediate mkdirSync (cpSync recursive: true creates intermediates — empirically verified).

Out of scope

• Triplication refactor (getPaiHomeDir × 3, cpFilter/isIgnored × 3 across migrators) — flagged HIGH severity by /simplify but touches three existing reviewed modules. Tracked separately (issue to be filed).
• Whatever populates ~/.claude/PAI/ on a fresh upstream clone (this PR tolerates source-absent gracefully via soft-fail; the upstream gap is Investigate: restructure two-root split to simplify absorbing upstream releases #144 territory).

Test plan

• Run bash Tools/verify-security-validator.sh post-install on a fresh machine — expect PASS=8 FAIL=0.
• Run installer in upgrade mode on an existing install — expect already-current / skipped-yaml-present summary, no patterns.yaml clobbering.
• Bump yaml dep version in Releases/v4.0.3+/.claude/package.json, regenerate bun.lock, run installer — confirm bun install re-runs and yaml updates in ~/.pai/node_modules/yaml/.