Detect and clean stale POLECAT_DONE messages (#913)

* fix(witness): detect and ignore stale POLECAT_DONE messages

Add timestamp validation to prevent witness from nuking newly spawned
polecat sessions when processing stale POLECAT_DONE messages from
previous sessions.

- Add isStalePolecatDone() to compare message timestamp vs session created time
- If message timestamp < session created time, message is stale and ignored
- Add unit tests for timestamp parsing and stale detection logic

Fixes #909

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(mail): add --stale flag to gt mail archive

Add ability to archive stale messages (sent before current session started).
This prevents old messages from cycling forever in patrol inbox.

Changes:
- Add --stale and --dry-run flags to gt mail archive
- Move stale detection helpers to internal/session/stale.go for reuse
- Add ParseAddress to parse mail addresses into AgentIdentity
- Add SessionCreatedAt to get tmux session start time

Usage:
  gt mail archive --stale           # Archive all stale messages
  gt mail archive --stale --dry-run # Preview what would be archived

Co-Authored-By: GPT-5.2 Codex <noreply@openai.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: GPT-5.2 Codex <noreply@openai.com>

internal/session/identity.go

@@ -25,6 +25,59 @@ type AgentIdentity struct {
 	Name string // crew/polecat name (empty for mayor/deacon/witness/refinery)
 }
 
+// ParseAddress parses a mail-style address into an AgentIdentity.
+func ParseAddress(address string) (*AgentIdentity, error) {
+	address = strings.TrimSpace(address)
+	if address == "" {
+		return nil, fmt.Errorf("empty address")
+	}
+
+	if address == "mayor" || address == "mayor/" {
+		return &AgentIdentity{Role: RoleMayor}, nil
+	}
+	if address == "deacon" || address == "deacon/" {
+		return &AgentIdentity{Role: RoleDeacon}, nil
+	}
+	if address == "overseer" {
+		return nil, fmt.Errorf("overseer has no session")
+	}
+
+	address = strings.TrimSuffix(address, "/")
+	parts := strings.Split(address, "/")
+	if len(parts) < 2 {
+		return nil, fmt.Errorf("invalid address %q", address)
+	}
+
+	rig := parts[0]
+	switch len(parts) {
+	case 2:
+		name := parts[1]
+		switch name {
+		case "witness":
+			return &AgentIdentity{Role: RoleWitness, Rig: rig}, nil
+		case "refinery":
+			return &AgentIdentity{Role: RoleRefinery, Rig: rig}, nil
+		case "crew", "polecats":
+			return nil, fmt.Errorf("invalid address %q", address)
+		default:
+			return &AgentIdentity{Role: RolePolecat, Rig: rig, Name: name}, nil
+		}
+	case 3:
+		role := parts[1]
+		name := parts[2]
+		switch role {
+		case "crew":
+			return &AgentIdentity{Role: RoleCrew, Rig: rig, Name: name}, nil
+		case "polecats":
+			return &AgentIdentity{Role: RolePolecat, Rig: rig, Name: name}, nil
+		default:
+			return nil, fmt.Errorf("invalid address %q", address)
+		}
+	default:
+		return nil, fmt.Errorf("invalid address %q", address)
+	}
+}
+
 // ParseSessionName parses a tmux session name into an AgentIdentity.
 //
 // Session name formats: