Session logRole + policy apply to every command
[physiclaw] Submit a goal. Persona is inferred from goal (e.g. kubectl→SRE, bandit→SecOps, dbt→Data); policy and bridge evaluate.
Physiclaw keeps every request inside your perimeter—no cloud egress. This walkthrough shows the control plane, audit trail, and live policy.
Try one allowed goal, then one blocked goal, to see the guardrails.