docs(0.2): AI trust boundary + Node 22 prominence + release-smoke matrix

[pmclSF]

Summary

Bundle of three Track 7 / Track 8 deliverables for the parity-gated
0.2.0 release plan. All three close items the launch-readiness
review flagged as insufficiently documented or insufficiently
verified.

• Track 7.3 — AI execution trust-boundary doc. New page
  docs/product/ai-trust-boundary.md explicitly documents what
  Terrain executes vs. parses, where the LLM call actually
  happens (inside the eval framework, not Terrain), per-command
  trust surface for analyze, ai list/doctor, ai run, and
  ai run --ingest-only, plus the 0.2 → 0.3 sandboxing roadmap.
• Track 8.1 — Node 22 prominence. README and
  docs/user-guides/getting-started.md now call out the Node 22
  npm-path requirement up front, with explicit brew / go install
  alternatives for CI on Node 20 LTS.
• Track 8.2 — Release-smoke matrix expansion. Post-publish
  smoke job goes from linux/amd64-only to also cover darwin/arm64
  (Apple Silicon) and windows/amd64. Matrix uses POSIX tar.gz on
  Linux/macOS and pwsh Expand-Archive on Windows; both verify
  terrain version --json reports the tagged version.

Why these three together

They're independent in code but co-located in the plan: all three
are "honest about how this thing actually installs and runs"
items. Bundling minimizes review thrash on a doc-and-CI-config
PR. None changes Go code; the only Go-relevant change is the
release workflow.

Test plan

• go build ./... clean
• go vet ./... clean
• make docs-verify passes
• actionlint .github/workflows/release.yml reports no new
  issues (existing SC2035 info-level warnings on line 231
  are pre-existing and unrelated)
• Workflow matrix verified end-to-end on next tagged release
  (cannot exercise pre-merge — needs a real published archive)
• AI trust-boundary doc reviewed for accuracy of per-command
  claims against current code paths

Plan tracker

Closes Track 7.3, 8.1, 8.2 from the parity-gated 0.2.0 plan.
Remaining 0.2.0 work (per plan): Track 3.3-3.5, 5.1, 5.3, 5.6, 6.x,
7.1-7.2/7.4-7.5, 9.x, 10.2-10.8.

🤖 Generated with Claude Code

[github-actions]

[INFO] Terrain — Informational only

Insufficient data to assess change risk confidently.

Metric	Value
Changed files	4 (0 source · 0 test)

---

Limitations

• No coverage artifacts provided; protection gaps reflect missing data, not measured absence. Provide --coverage to improve accuracy.
• Mixed test cultures reduce cross-framework optimization confidence. Consider standardizing on fewer frameworks.

_{Generated by Terrain · terrain pr --json for machine-readable output}

Targeted Test Results

No tests selected — change affects only non-code files.

[github-actions]

Terrain AI Risk Review

Metric	Value
AI surfaces	13
Eval scenarios	16
Impacted scenarios	0
Uncovered surfaces	13

Decision: PASS — AI surfaces are covered.