feat: Job governance and cost control — permission policies, token tracking, budget limits

[nigel-dev]

Description

Add governance controls over what jobs are allowed to do and how much they can spend. With serve-based event streams providing visibility into every action and token usage, Mission Control can enforce permission policies and track costs per job, per plan, and per session.

Use Case

Today there's no way to constrain what a sub-agent does in its worktree, and no visibility into how many tokens each job consumes. As Mission Control scales to managing many parallel jobs, governance becomes critical — both for safety (preventing unintended destructive operations) and for cost management (preventing runaway token usage on stuck or unfocused agents).

Proposed Solution

Permission Policy Engine

Configurable per-job or per-plan permission rules that intercept permission.request events:

# Example policy definition
plan: "refactor-auth"
permissions:
  file_edit:
    inside_worktree: auto-approve
    outside_worktree: deny
  shell_command:
    inside_worktree: auto-approve
    outside_worktree: ask-user
  network_access: deny
  install_packages: ask-user
  mcp_tools: auto-approve

• Policies are defined in plan config or job-level overrides
• Default policy for jobs without explicit config (safe defaults: auto-approve inside worktree, deny outside)
• Policy evaluation happens in the SSE monitor when permission.request events arrive
• Different jobs get different trust levels based on their task (a "fix typo" job gets tighter constraints than a "build new feature" job)
• Policy violations are logged and surfaced in mc_status / mc_overview

Per-Job Cost & Token Tracking

Track resource consumption per job using event stream data:

• Token counts: Accumulate input/output tokens from message events (if the event payload includes usage data)
• Cost estimation: Map token counts to estimated cost based on model pricing
• Per-plan aggregation: Total spend across all jobs in a plan
• Historical tracking: Store cost data in job state for post-mortem analysis

Budget Limits

Set spending caps that trigger automatic intervention:

• Per-job budget: If a job exceeds N tokens, pause it and ask the user whether to continue
• Per-plan budget: If total plan spend exceeds threshold, pause all running jobs
• Warning thresholds: Notify at 50%, 75%, 90% of budget
• Configurable response: pause, notify-only, or hard-kill on budget exceeded
• Budget config in MCConfig or per-plan definition

Files likely affected: src/lib/monitor.ts, new src/lib/permission-policy.ts, new src/lib/cost-tracker.ts, src/lib/config.ts, src/lib/job-state.ts (add cost fields), src/lib/schemas.ts

Additional Context

Prerequisite: #65 (Serve-based orchestration) — permission interception requires SSE event stream, cost tracking requires structured event data with token counts.

Note: #57 (Permission model for spawned agents) covers the conceptual safety rails. This issue is the concrete implementation leveraging serve-mode's structured permission events, and extends it with cost governance. These two issues should be reconciled during implementation.