Enforce aggregate invariants via constructor/mutator result paths

[danielbdyer]

Motivation

• Ensure all creation/update sites for the interface graph, intervention ledger, and improvement run use explicit aggregate constructors/mutators so invalid aggregate state cannot be assembled ad-hoc.
• Make invariant failures explicit (typed error/result returns) so application workflows handle violations deterministically instead of passively carrying invalid data.
• Add law-style tests that prove no pipeline path can persist invalid aggregate state and document lifecycle rules for these aggregates.

Description

• Converted the three domain aggregates to return explicit result types with invariant errors: ApplicationInterfaceGraph (createApplicationInterfaceGraph, recordTransition), InterventionLedgerAggregate (createInterventionLedger, appendEvent), and ImprovementRun/ledger (createImprovementRun, recordCheckpoint, appendImprovementRun).
• Added invariant report/error types and result unions for the aggregates and changed consumer code to route through these constructors/mutators and handle ok:false results deterministically (throw or fail the Effect as appropriate).
• Updated application workflow call sites to use the aggregate APIs: interface projection now validates graph creation/transition outcomes, agent-session ledger validates ledger construction and each appended event, and improvement run build/record paths validate and prevent persistence of invalid runs.
• Added law tests (tests/aggregate-invariants.laws.spec.ts) and updated existing aggregate tests to assert result shapes and added documentation in docs/seams-and-invariants.md describing lifecycle rules and module pointers.

Testing

• Ran the focused Playwright test set for aggregates and related laws with npm test -- tests/domain/aggregates.spec.ts tests/runtime-screen-id.laws.spec.ts tests/aggregate-invariants.laws.spec.ts tests/improvement-spine.spec.ts; all targeted tests passed (30 passed).
• Ran npm run typecheck; typecheck reported existing baseline diagnostics unrelated to these changes (missing generated types and other repo-legacy type issues) and did not block the targeted tests.
• The change set includes updated tests that exercise rejection paths (duplicate nodes, unknown intervention refs, invalid improvement runs) and these law tests assert that invalid aggregate inputs are rejected and never mutate persisted ledger state.

---

Codex Task