Initial commit: Product OS platform

- Control Plane API with Gemini integration
- Executors: Deploy, Analytics, Marketing
- MCP Adapter for Continue integration
- VSCode/VSCodium extension
- Tool registry and run tracking
- In-memory storage for local dev
- Terraform infrastructure setup

platform/infra/terraform/iam.tf

@@ -0,0 +1,16 @@
+# Allow control-plane to write artifacts in GCS
+resource "google_storage_bucket_iam_member" "control_plane_bucket_writer" {
+  bucket = google_storage_bucket.artifacts.name
+  role   = "roles/storage.objectAdmin"
+  member = "serviceAccount:${google_service_account.control_plane_sa.email}"
+}
+
+# Firestore access for run/tool metadata
+resource "google_project_iam_member" "control_plane_firestore" {
+  project = var.project_id
+  role    = "roles/datastore.user"
+  member  = "serviceAccount:${google_service_account.control_plane_sa.email}"
+}
+
+# Placeholder: executor services will each have their own service accounts.
+# Control-plane should be granted roles/run.invoker on each executor service once created.