v5.3.1 — Security hardening: advisory tokens, context injection validation, Pyright fixes

Advisory token enforcement (scripts/checkpermission.py) — all grant tokens now explicitly marked dvisory: true; unknown agent identities receive reduced trust (0.3) and an unknownagent: true warning flag; CLI shows [ADV

What's Changed

Security fixes

• Advisory token enforcement (scripts/check_permission.py) — all grant tokens now explicitly marked dvisory: true; unknown agent identities receive reduced trust (0.3) and an unknown_agent: true warning flag; CLI shows [ADVISORY — agent identity was NOT verified]
• High-risk resource gating (scripts/check_permission.py) — PAYMENTS and DATABASE resources require --confirm-high-risk flag or request is denied
• KNOWN_AGENTS allowlist (scripts/check_permission.py) — agents not in the allowlist are flagged and down-scored
• Context injection validation (scripts/context_manager.py) — _validate_context() runs schema checks + 16-pattern injection detection on all free-text fields before inject/show commands run
• SKILL.md hardening — removed sessions_send mention; added inter_agent_comms: none to OpenClaw metadata; separated advisory-token and data-flow notices
• Pyright type safety (scripts/context_manager.py) — resolved eportUnknownMemberType / eportUnknownArgumentType in _validate_context()

Docs pass

• ARCHITECTURE.md, BENCHMARKS.md, AUDIT_LOG_SCHEMA.md updated to v5.3.1
• ENTERPRISE.md: ClawHub scanner findings resolved row + updated What It Does paragraph
• references/auth-guardian.md: unknown agent trust 0.3, advisory token notice, --confirm-high-risk in resource table and CLI examples
• QUICKSTART.md: 29 adapters count

Full test suite: 2,899 / 2,899 passing (28 suites) — unchanged.