Context

RuntimeLayer in crates/zeph-core/src/runtime_layer.rs is a public trait that external code can implement. If a future external layer panics inside before_chat/after_chat/before_tool/after_tool, it will propagate up and potentially crash the agent turn.

Fix

Wrap hook invocations in the agent loop with catch_unwind (or equivalent AssertUnwindSafe + catch_unwind for async). On panic: log a warning and continue with the remaining layers or skip the hook. Do not crash the turn.

Acceptance criteria

A panicking layer implementation does not crash the agent. Existing tests still pass.

Discovered in PR #2358 security audit (INFO-02).