arcrun — AI workflow execution engine (clean history)

Self-hosted 開源：WASM 零件 + recipe + cypher-executor，跑在你自己的 Cloudflare。

此為重建的乾淨歷史起點（移除曾誤 commit 的 GCP SA 金鑰，舊歷史保留在
richblack/arcrun 與本地 backup 分支）。含：
- acr init --self-hosted installer（建 KV/R2 + codeload 拉預編譯 wasm + wrangler deploy + seed recipe）
- recipe push 把關（資料外流提醒 + 打通檢查）
- 19 個正當零件預編譯 wasm（claude_api/km_writer/kbdb_upsert_block 排除：違反 DECISIONS §1）
- CLI / cypher-executor / registry / 完整 SDD

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

registry/components/platform_crypto/component.contract.yaml

@@ -0,0 +1,56 @@
+canonical_id: "platform_crypto"
+display_name: "Platform Crypto Primitive"
+category: "platform"
+version: "v1"
+wasi_target: "preview1"
+stability: "stable"
+runtime_compat:
+  - "cf-workers"
+  - "workerd"
+  - "wazero"
+constraints:
+  max_size_kb: 2048
+  max_cold_start_ms: 50
+  no_network_syscall: true
+  no_filesystem_syscall: true
+  io_model: "stdin_stdout_json"
+input_schema:
+  type: object
+  required: [action]
+  properties:
+    action:
+      type: string
+      enum: [generate_api_key, encrypt, random_token]
+    email:
+      type: string
+      description: generate_api_key 用
+    plaintext:
+      type: string
+      description: encrypt 用
+    bytes:
+      type: integer
+      description: random_token 用，預設 32
+output_schema:
+  type: object
+  properties:
+    success:
+      type: boolean
+    api_key:
+      type: string
+      description: generate_api_key 結果，ak_ 前綴
+    encrypted:
+      type: string
+      description: encrypt 結果，base64
+    iv:
+      type: string
+      description: encrypt 結果，base64
+    token:
+      type: string
+      description: random_token 結果，hex
+tags: [platform, crypto, internal]
+description: |
+  平台內部 crypto primitive。
+  - generate_api_key: HMAC-SHA256(email, ENCRYPTION_KEY) → ak_xxx
+  - encrypt: AES-GCM(plaintext, ENCRYPTION_KEY) → {encrypted, iv}（base64）
+  - random_token: crypto random bytes → hex string
+  ENCRYPTION_KEY 由 host 持有，永不進入 WASM。