[5b] Policy runtime evaluator

[andrmaz]

What to build

Integrate the active department policy (from #8) into the MCP request handling pipeline. The evaluator runs in deterministic order at two points: pre-retrieval (to filter permitted sources by department) and post-retrieval (to apply deny constraints and response redaction). Every evaluation produces a structured policy decision output for downstream audit use.

Acceptance criteria

• Active policy for the requesting user's department is loaded on each MCP call.
• Pre-retrieval: source list is filtered to only department-permitted sources.
• Post-retrieval: deny rules suppress and redact disallowed content in the response.
• Policy decision output (allow/deny + matched rules) is attached to the request context.
• Integration tests cover deny, redact, and source-filter scenarios.

Blocked by

• [4b] Context Bundle assembly + cited MCP response #13 [4b] Context Bundle assembly + cited MCP response
• [5a] Policy editor — admin CRUD + activation #8 [5a] Policy editor — admin CRUD + activation