feat(state,engine): run checkpointing + resume (agentctl run --resume)

[leo-aa88]

Summary

• Adds SQLite run_checkpoints table (migration 003) with SaveCheckpoint, GetLatestCheckpoint, and UpdateRunStatus on RuntimeStore. Checkpoints cascade when trace retention prunes runs.
• Makes the workflow engine checkpoint-aware: after each completed step it persists a canonical JSON snapshot of interpolation context (${input.*}, ${steps.*}) and accumulated cost. Resume continues from the next step without replaying earlier steps.
• Adds agentctl run --resume <run-id> to rehydrate and continue an interrupted or crash-recovered run. Interrupted runs exit cleanly (status interrupted, exit code 0).

Closes #105

Design notes

• Checkpoint context_json is engine-owned and opaque to the CLI surface.
• engine.ErrInterrupted + optional InterruptAfterStepIndex stub simulate approval-gate pauses until HITL (feat(engine,policy): human-in-the-loop approvals (approve | reject | edit | switch) #106) lands.
• New trace events: run.interrupted, run.resumed.

Test plan

• make ci (gofmt, vet, go test -race ./...)
• State: checkpoint round-trip, FK enforcement, cascade on DeleteRunsStartedBefore
• Engine: interrupt → resume without replaying completed steps; crash recovery from running checkpoint; reject completed checkpoint
• Runtime: end-to-end interrupt → resume with coherent trace log
• CLI: --resume validation paths (missing run, conflicting args)

Made with Cursor

[github-actions]

ReviewGate [WARN] WARN

Stats

• Files changed: 25
• Raw LOC changed: 1607
• LOC after §10.4 exclusions (human_loc_changed): 1607
• PR author class: human (human collaborator account) — login leo-aa88 (§10.4.2).

Warnings (3)

• medium too_many_files_changed -- PR exceeds warn files_changed threshold: 25 files (threshold 25).
• medium too_large_human_loc -- PR exceeds warn human_loc_changed threshold: 1607 lines (threshold 800).
• medium many_risky_files -- This PR touches 2 risky files, at or above the warning threshold of 2 (risky_files_changed).

Suggested labels: reviewability-warn, too-large, risky-change

File categories: 25 files (2 risky)

[github-actions]

Automated review

Summary

Feature introduces run checkpointing and resume functionality.

Findings

• high · internal/engine/checkpoint.go — Risk of data loss on checkpointing
  Checkpoints are designed to be written under specific conditions. If these conditions fail, such as database write errors during a crash, it may lead to data inconsistencies or loss.
• medium · internal/cli/run.go — Potential security risk with resumed runs
  The implementation of --resume should ensure the run ID is safe and validated. Without verification, it can allow arbitrary workflow continuations, potentially leading to conflicts or unauthorized data modifications.
• medium · internal/runtime/local/runner.go — Workflow state synchronization issues
  Resuming workflows without validating the spec hash can introduce issues if the workflow definitions change during an existing run.
• medium · internal/state/sqlite/checkpoint.go — Foreign key integrity risks
  Checkpoints have foreign key dependencies on runs. If run data is deleted, the integrity of checkpoints could be compromised without proper cascading rules in place.