POLICY-AWARE OVER-SERVE (C028): when an operator policy governs the agent, the served tools must be a subset of
the POST-POLICY effective surface — a served tool the operator DENIED is a conformance failure (the operator cap
must hold on the wire). With no governing policy this is identical to assertServedSubset.
POLICY-AWARE OVER-SERVE (C028): when an operator policy governs the agent, the served tools must be a subset of the POST-POLICY effective surface — a served tool the operator DENIED is a conformance failure (the operator cap must hold on the wire). With no governing policy this is identical to assertServedSubset.