fix(agentd): use authoritative trust scores in production

[EfeDurmaz16]

Summary

• make production /v1/authorize resolve reputation and capability scores from trust-graph
• keep request-body score fields only for non-production simulation
• fail closed with 503 when production score lookup is unavailable
• document production semantics for authorization score inputs

Verification

• pnpm --filter @fides/agentd test
• pnpm --filter @fides/agentd lint
• pnpm --filter @fides/agentd build
• git diff --check

[chatgpt-codex-connector]

💡 Codex Review

fides/services/agentd/src/index.ts

Line 802 in ed79b42

const response = await fetch(url)

Add a timeout to production score fetches

When trust-graph accepts the connection but stops responding, these production authorization lookups wait on fetch instead of failing closed, so /v1/authorize can hang for a long time rather than returning the intended 503 denial. This affects the new production-only score path; adding an AbortController timeout like the health probe uses would make the failure mode deterministic.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".