fix(intercept): scoped intercept_context() — prevent ContextVar leak across async tool/LLM boundaries

[aural-psynapse]

What

Adds provably.intercept.intercept_context() — a context manager that scopes the agent_id / action_name / intercept_index tag to a with block and resets the underlying ContextVars on exit.

from provably.intercept import intercept_context

@function_tool
def get_temperature():
    with intercept_context(agent_id="demo", action_name="get_weather"):
        return requests.get("https://api.example.com/...").json()

Removes set_interceptor_context() entirely. The fire-and-forget setter was the leaky API — there's no useful callsite for it that wouldn't be better served by intercept_context. No backward-compat shim. Callers must migrate to the new context manager (one-line change).

Why — the bug being fixed

set_interceptor_context() wrote to a ContextVar and never reset it. Inside an async agent loop the tool function and the subsequent LLM turn run in the same asyncio.Task, so a tag set inside the tool keeps applying to every HTTP call that fires after the tool returns. Those LLM calls get persisted into provably_intercepts carrying the tool's action_name.

Two downstream failure modes in user code that calls build_handoff_payload:

#	Code path	What goes wrong
1	load_latest_intercept_payload(pg_url, action_name, agent_id) runs ORDER BY created_at DESC LIMIT 1 against (agent_id, action_name)	Returns the LLM POST that fired after the tool, not the tool's own GET. The claim's request_payload[\"url\"] ends up being the LLM provider URL, which trips the trust gate's "endpoints missing from trusted snapshot" check.
2	get_intercept_row_id(agent_id, action_name) looks up the in-memory _action_row_ids dict, which was overwritten with the LLM row's id	The Provably query record gets created over the LLM row, so the indexed value is the LLM completion JSON. Verbatim claim comparison in evaluate_handoff then returns CAUGHT no matter what the agent claims.

Both symptoms have one root cause; this PR fixes them both.

Migration

If you previously had:

set_interceptor_context(agent_id="demo", action_name="get_weather")
result = requests.get(...).json()

Replace with:

with intercept_context(agent_id="demo", action_name="get_weather"):
    result = requests.get(...).json()

That's the entire migration. There's no reason to call the setter outside a scope — the leak made the unscoped pattern unsafe in async contexts and offered no advantages in sync contexts.

Tests

tests/unit/test_intercept_context.py — 6 new tests, all green:

• intercept_context sets values inside the block ✅
• exit restores the default state when no prior values were set ✅
• exit restores prior values when nested ✅
• exit fires even when the body raises ✅
• rationale documentation — test_naked_ctx_var_set_leaks_into_subsequent_calls: simulates an LLM → tool → LLM sequence in one asyncio.Task using a raw ContextVar.set() (which is what set_interceptor_context used to do internally), asserts the leak still happens with that pattern. Documents why the context manager is necessary and pins the asyncio behavior we're working around. ✅
• the actual fix — test_intercept_context_does_not_leak_into_subsequent_calls: same scenario with intercept_context, asserts the second LLM call goes back to (\"unknown\", \"unknown\"). ✅

Full suite: 88/88 pass (was 82, +6 new). Ruff clean.

Out of scope (deliberately separate)

• Updating any examples / demos that previously called set_interceptor_context — those live on a different branch and will be migrated in their respective PRs (this PR only changes the SDK surface; downstream callers migrate independently).

Suggested reviewer hops

1. src/provably/intercept/interceptor.py — set_interceptor_context removed, intercept_context added.
2. src/provably/intercept/init.py and src/provably/init.py — export changes.
3. tests/unit/test_intercept_context.py — the rationale-documenting test (test_naked_ctx_var_set_leaks_into_subsequent_calls) is the most important one to read; it documents the exact failure mode being prevented.