4runr-os 2.10.64 → 2.10.66

package/apps/gateway/src/__tests__/sentinel-config-persist-http.test.ts

@@ -11,6 +11,7 @@ import { Sentinel } from '@4runr/sentinel';
 import {
   getSentinelLimitsFilePath,
   applyPersistedSentinelConfig,
+  hydrateSentinelConfigFromDisk,
 } from '../security/sentinel-config-store.js';
 
 jest.mock('../middleware/rateLimit.js', () => ({
@@ -81,5 +82,12 @@ describe('POST /api/sentinel/policies/custom persistence', () => {
     const sentinel = Sentinel.getInstance();
     expect(applyPersistedSentinelConfig(sentinel)).toBe(true);
     expect(sentinel.getConfig().runIdleMs).toBe(distinctiveIdle);
+
+    Sentinel.resetInstance();
+    const stale = Sentinel.getInstance();
+    expect(stale.getConfig().runIdleMs).not.toBe(distinctiveIdle);
+
+    hydrateSentinelConfigFromDisk(stale);
+    expect(stale.getConfig().runIdleMs).toBe(distinctiveIdle);
   });
 });

package/apps/gateway/src/routes/sentinel-policies.ts

@@ -12,7 +12,11 @@ import {
 } from '@4runr/sentinel';
 import { requireAuth } from '../middleware/auth.js';
 import { readRateLimit, writeRateLimit } from '../middleware/rateLimit.js';
-import { persistSentinelConfigAfterApply } from '../security/sentinel-config-store.js';
+import {
+  persistSentinelConfigAfterApply,
+  hydrateSentinelConfigFromDisk,
+  getSentinelLimitsFilePath,
+} from '../security/sentinel-config-store.js';
 
 /**
  * Register Sentinel policy management routes
@@ -171,7 +175,7 @@ export async function sentinelPolicyRoutes(fastify: FastifyInstance) {
       
       try {
         sentinel.updateConfig(config);
-        const savedTo = persistSentinelConfigAfterApply(sentinel, config);
+        const savedTo = persistSentinelConfigAfterApply(sentinel, config, fastify.log);
         return {
           success: true,
           template: templateName,
@@ -231,11 +235,11 @@ export async function sentinelPolicyRoutes(fastify: FastifyInstance) {
 
         try {
           sentinel.updateConfig(config);
-          const savedTo = persistSentinelConfigAfterApply(sentinel, config);
+          const savedTo = persistSentinelConfigAfterApply(sentinel, config, fastify.log);
           return {
             success: true,
             config,
-            message: `Custom Sentinel limits applied and saved to ${savedTo}. Survives Gateway restart; env vars override individual fields when set.`,
+            message: `Custom limits saved (${savedTo}). Reopen Sentinel or restart Gateway to reload; env vars override fields when set.`,
           };
         } catch (error: unknown) {
           const msg = error instanceof Error ? error.message : String(error);
@@ -270,10 +274,12 @@ export async function sentinelPolicyRoutes(fastify: FastifyInstance) {
     try {
       const { Sentinel } = await import('@4runr/sentinel');
       const sentinel = Sentinel.getInstance();
-      
+      hydrateSentinelConfigFromDisk(sentinel);
+
       return {
         success: true,
-        config: sentinel.getConfig()
+        config: sentinel.getConfig(),
+        persistedPath: getSentinelLimitsFilePath(),
       };
     } catch (error: any) {
       return reply.status(500).send({

package/apps/gateway/src/security/sentinel-config-store.ts

@@ -109,13 +109,8 @@ export function saveSentinelLimitsToDisk(config: SentinelConfig): void {
   fs.writeFileSync(filePath, JSON.stringify(payload, null, 2), { mode: 0o600 });
 }
 
-/**
- * Apply saved limits on Gateway boot. Env-defined fields keep env values.
- */
-export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
-  info: (msg: string, meta?: Record<string, unknown>) => void;
-  warn: (msg: string, meta?: Record<string, unknown>) => void;
-}): boolean {
+/** Merge saved limits from disk into the live Sentinel singleton (env wins per field). */
+export function mergePersistedSentinelConfig(sentinel: Sentinel): boolean {
   const saved = loadSentinelLimitsFromDisk();
   if (!saved) return false;
 
@@ -124,27 +119,90 @@ export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
 
   for (const { field } of ENV_FIELD_KEYS) {
     if (envDefinesField(field)) continue;
-    (merged as Record<string, unknown>)[field] = saved[field];
+    (merged as any)[field] = saved[field];
   }
 
   try {
     sentinel.updateConfig(merged);
-    logger?.info('Sentinel limits loaded from disk', {
-      path: getSentinelLimitsFilePath(),
-    });
     return true;
-  } catch (err) {
-    logger?.warn('Failed to apply saved Sentinel limits', {
-      error: err instanceof Error ? err.message : String(err),
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Apply saved limits on Gateway boot. Env-defined fields keep env values.
+ */
+export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
+  info: (msg: string, meta?: Record<string, unknown>) => void;
+  warn: (msg: string, meta?: Record<string, unknown>) => void;
+}): boolean {
+  const filePath = getSentinelLimitsFilePath();
+  const saved = loadSentinelLimitsFromDisk();
+  
+  if (!saved) {
+    logger?.info('No Sentinel limits file found on disk (will use env defaults)', {
+      expectedPath: filePath,
     });
     return false;
   }
+
+  // Check which env vars are set and will override the disk values
+  const envOverrides: string[] = [];
+  const diskApplied: string[] = [];
+  
+  for (const { field, envKeys } of ENV_FIELD_KEYS) {
+    if (envDefinesField(field)) {
+      const activeEnv = envKeys.find(k => process.env[k] !== undefined && process.env[k]?.trim() !== '');
+      if (activeEnv) {
+        envOverrides.push(`${field} (via ${activeEnv}=${process.env[activeEnv]})`);
+      }
+    } else {
+      diskApplied.push(`${field}=${saved[field]}`);
+    }
+  }
+
+  const ok = mergePersistedSentinelConfig(sentinel);
+  
+  if (ok) {
+    const finalConfig = sentinel.getConfig();
+    logger?.info('✅ Sentinel limits loaded from disk and merged', {
+      diskPath: filePath,
+      diskValues: saved,
+      envOverrides: envOverrides.length > 0 ? envOverrides : 'none',
+      diskAppliedFields: diskApplied.length > 0 ? diskApplied : 'none (all env-overridden)',
+      finalActiveConfig: finalConfig,
+    });
+  } else {
+    logger?.warn('Failed to apply Sentinel limits from disk', {
+      diskPath: filePath,
+      savedConfig: saved,
+    });
+  }
+  
+  return ok;
+}
+
+/** Call before returning policy config to clients so long-lived Gateway picks up disk saves. */
+export function hydrateSentinelConfigFromDisk(sentinel: Sentinel): void {
+  mergePersistedSentinelConfig(sentinel);
 }
 
 export function persistSentinelConfigAfterApply(
   sentinel: Sentinel,
-  config: SentinelConfig
+  config: SentinelConfig,
+  logger?: {
+    info: (msg: string, meta?: Record<string, unknown>) => void;
+  }
 ): string {
+  const filePath = getSentinelLimitsFilePath();
   saveSentinelLimitsToDisk(config);
-  return getSentinelLimitsFilePath();
+  
+  logger?.info('✅ Sentinel limits saved to disk', {
+    path: filePath,
+    config: config,
+    note: 'Survives Gateway restart. Env vars in docker-compose override individual fields when set.',
+  });
+  
+  return filePath;
 }

package/mk3-tui/src/app.rs

@@ -828,13 +828,30 @@ impl App {
         }
     }
 
+    pub fn open_sentinel_config(&mut self, ws: Option<&WebSocketClient>) {
+        self.state.pending_sentinel_load_id = None;
+        self.state.pending_sentinel_apply_id = None;
+        self.push_overlay(Screen::SentinelConfig);
+        self.state
+            .logs
+            .push_back("[NAV] Opening Sentinel Configuration...".into());
+        if self.state.operation_mode == OperationMode::Connected {
+            if let Some(ws) = ws {
+                self.begin_sentinel_load_request(ws);
+            }
+        } else {
+            self.state.sentinel_config.error = Some(
+                "Connect to Gateway first (connect portal).".to_string(),
+            );
+        }
+        self.request_immediate_render("open_sentinel_config");
+    }
+
     pub fn begin_sentinel_load_request(&mut self, ws: &WebSocketClient) {
         if self.state.operation_mode != OperationMode::Connected {
             return;
         }
-        if self.state.pending_sentinel_load_id.is_some()
-            || self.state.pending_sentinel_apply_id.is_some()
-        {
+        if self.state.pending_sentinel_load_id.is_some() {
             return;
         }
         self.state.sentinel_config.loading = true;
@@ -1551,19 +1568,7 @@ impl App {
                             }
                         }
                         "sentinel" | "sentinel config" | "sentinel policies" => {
-                            self.push_overlay(Screen::SentinelConfig);
-                            self.state
-                                .logs
-                                .push_back("[NAV] Opening Sentinel Configuration...".into());
-                            if self.state.operation_mode == OperationMode::Connected {
-                                if let Some(ws) = ws_client {
-                                    self.begin_sentinel_load_request(ws);
-                                }
-                            } else {
-                                self.state.sentinel_config.error = Some(
-                                    "Connect to Gateway first (connect portal).".to_string(),
-                                );
-                            }
+                            self.open_sentinel_config(ws_client);
                         }
                         "config" | "settings" => {
                             self.push_overlay(Screen::Settings);
@@ -2514,7 +2519,7 @@ impl App {
 
         match key.code {
             KeyCode::Tab => {
-                self.state.sentinel_config.toggle_view_mode();
+                self.state.sentinel_config.cycle_view_mode();
                 self.request_immediate_render("sentinel_tab");
             }
             KeyCode::Up => {
@@ -2566,21 +2571,10 @@ impl App {
                     self.state.sentinel_config.error =
                         Some("Connect to Gateway first.".to_string());
                 } else if let Some(ws) = ws_client {
-                    match self.state.sentinel_config.view_mode {
-                        SentinelViewMode::Templates => {
-                            if let Some(t) = self.state.sentinel_config.selected_template() {
-                                let key = t.key.clone();
-                                let name = t.name.clone();
-                                self.begin_sentinel_apply_request(ws, &key);
-                                self.add_log(format!("[SENTINEL] Applying template: {}", name));
-                            }
-                        }
-                        SentinelViewMode::Custom => {
-                            let draft = self.state.sentinel_config.custom_draft.clone();
-                            self.begin_sentinel_apply_custom_request(ws, &draft);
-                            self.add_log("[SENTINEL] Applying custom limits".to_string());
-                        }
-                    }
+                    // Apply custom configuration
+                    let draft = self.state.sentinel_config.custom_draft.clone();
+                    self.begin_sentinel_apply_custom_request(ws, &draft);
+                    self.add_log("[SENTINEL] Applying custom limits...".to_string());
                 }
                 self.request_render("sentinel_apply");
             }

package/mk3-tui/src/ui/sentinel_config.rs

@@ -14,10 +14,27 @@ const BG_PANEL: Color = Color::Rgb(18, 18, 25);
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum SentinelViewMode {
-    Templates,
     Custom,
 }
 
+const ABOUT_SENTINEL_LINES: &[&str] = &[
+    "Sentinel is 4Runr's runtime safety layer for agent executions on this Gateway.",
+    "",
+    "What it does:",
+    "  • Watches each run while it is running (queue processor path)",
+    "  • Enforces limits: idle time, max duration, token cap, cost, loop detection",
+    "  • On violation: kills the run (status killed, policy_violation:* in logs)",
+    "",
+    "Scope:",
+    "  • One policy for ALL runs on this Gateway (not per-agent yet)",
+    "  • A run = one agent execution (POST /api/runs → start → agent runs)",
+    "",
+    "Persistence:",
+    "  • Enter: saves to disk (%APPDATA%\\4runr\\config\\sentinel-limits.json)",
+    "  • Survives Gateway restart",
+    "  • Env vars in docker-compose override individual fields when set",
+];
+
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum CustomField {
     Enabled,
@@ -138,7 +155,7 @@ pub struct SentinelConfigState {
 impl Default for SentinelConfigState {
     fn default() -> Self {
         Self {
-            view_mode: SentinelViewMode::Templates,
+            view_mode: SentinelViewMode::Custom,
             templates: Vec::new(),
             selected_index: 0,
             custom_draft: SentinelCurrentConfig::default(),
@@ -165,14 +182,10 @@ impl SentinelConfigState {
         self.templates.get(self.selected_index)
     }
 
-    pub fn toggle_view_mode(&mut self) {
-        self.view_mode = match self.view_mode {
-            SentinelViewMode::Templates => {
-                self.sync_custom_draft_from_current();
-                SentinelViewMode::Custom
-            }
-            SentinelViewMode::Custom => SentinelViewMode::Templates,
-        };
+    pub fn cycle_view_mode(&mut self) {
+        // Only one view now, so cycling does nothing
+        self.view_mode = SentinelViewMode::Custom;
+        self.sync_custom_draft_from_current();
         self.error = None;
         self.status_message = None;
     }
@@ -190,40 +203,22 @@ impl SentinelConfigState {
     }
 
     pub fn select_previous(&mut self) {
-        match self.view_mode {
-            SentinelViewMode::Templates => {
-                if self.selected_index > 0 {
-                    self.selected_index -= 1;
-                }
-            }
-            SentinelViewMode::Custom => {
-                let idx = CustomField::ALL
-                    .iter()
-                    .position(|f| *f == self.custom_field)
-                    .unwrap_or(0);
-                if idx > 0 {
-                    self.custom_field = CustomField::ALL[idx - 1];
-                }
-            }
+        let idx = CustomField::ALL
+            .iter()
+            .position(|f| *f == self.custom_field)
+            .unwrap_or(0);
+        if idx > 0 {
+            self.custom_field = CustomField::ALL[idx - 1];
         }
     }
 
     pub fn select_next(&mut self) {
-        match self.view_mode {
-            SentinelViewMode::Templates => {
-                if self.selected_index + 1 < self.templates.len() {
-                    self.selected_index += 1;
-                }
-            }
-            SentinelViewMode::Custom => {
-                let idx = CustomField::ALL
-                    .iter()
-                    .position(|f| *f == self.custom_field)
-                    .unwrap_or(0);
-                if idx + 1 < CustomField::ALL.len() {
-                    self.custom_field = CustomField::ALL[idx + 1];
-                }
-            }
+        let idx = CustomField::ALL
+            .iter()
+            .position(|f| *f == self.custom_field)
+            .unwrap_or(0);
+        if idx + 1 < CustomField::ALL.len() {
+            self.custom_field = CustomField::ALL[idx + 1];
         }
     }
 
@@ -488,10 +483,6 @@ pub fn render(f: &mut Frame, state: &AppState) {
         ])
         .split(area);
 
-    let mode_label = match sc.view_mode {
-        SentinelViewMode::Templates => "Templates",
-        SentinelViewMode::Custom => "Custom",
-    };
     let health_txt = if sc.health_status.is_empty() {
         "—".to_string()
     } else {
@@ -499,10 +490,7 @@ pub fn render(f: &mut Frame, state: &AppState) {
     };
 
     let header = Block::default()
-        .title(format!(
-            " 🛡️  Sentinel — {} · {} ",
-            mode_label, health_txt
-        ))
+        .title(format!(" 🛡️  Sentinel — {} ", health_txt))
         .borders(Borders::ALL)
         .border_style(Style::default().fg(BRAND_PURPLE))
         .style(Style::default().bg(BG_PANEL));
@@ -513,25 +501,12 @@ pub fn render(f: &mut Frame, state: &AppState) {
         .constraints([Constraint::Percentage(45), Constraint::Percentage(55)])
         .split(chunks[1]);
 
-    match sc.view_mode {
-        SentinelViewMode::Templates => {
-            render_active_panel(f, body[0], sc);
-            render_templates_panel(f, body[1], sc);
-        }
-        SentinelViewMode::Custom => {
-            render_custom_editor(f, body[0], sc);
-            render_custom_help(f, body[1], sc);
-        }
-    }
+    // Unified view: Custom editor on left, About + Help on right
+    render_custom_editor(f, body[0], sc);
+    render_custom_help_with_about(f, body[1], sc);
 
-    let default_footer = match sc.view_mode {
-        SentinelViewMode::Templates => {
-            "Tab Custom · ↑/↓ Template · Enter Apply · R Refresh · ESC Close"
-        }
-        SentinelViewMode::Custom => {
-            "Tab Templates · ↑/↓ Field · ←/→ Value · Enter Apply (saves to disk) · ESC Close"
-        }
-    };
+    const DEFAULT_FOOTER: &str =
+        "↑/↓ Field · ←/→ Value · Enter Apply (saves to disk) · R Refresh · ESC Close";
     const CUSTOM_SHORTCUTS: &str =
         "←/→ or +/- adjust value · wheel · Space ON/OFF · Enter apply · ESC close";
 
@@ -542,13 +517,9 @@ pub fn render(f: &mut Frame, state: &AppState) {
     } else if let Some(e) = &sc.error {
         e.clone()
     } else if let Some(m) = &sc.status_message {
-        if sc.view_mode == SentinelViewMode::Custom {
-            format!("{}\n{}", m, CUSTOM_SHORTCUTS)
-        } else {
-            m.clone()
-        }
+        format!("{}\n{}", m, CUSTOM_SHORTCUTS)
     } else {
-        default_footer.to_string()
+        DEFAULT_FOOTER.to_string()
     };
 
     let footer = Block::default()
@@ -573,6 +544,48 @@ pub fn render(f: &mut Frame, state: &AppState) {
     );
 }
 
+fn render_about_panel(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
+    let block = Block::default()
+        .title(" 📖  What is Sentinel? ")
+        .borders(Borders::ALL)
+        .border_style(Style::default().fg(CYBER_CYAN))
+        .style(Style::default().bg(BG_PANEL));
+    let inner = block.inner(area);
+    f.render_widget(block, area);
+
+    let mut lines: Vec<Line> = Vec::new();
+    for line in ABOUT_SENTINEL_LINES {
+        if line.is_empty() {
+            lines.push(Line::from(""));
+            continue;
+        }
+        let style = if line.starts_with("  •") {
+            Style::default().fg(TEXT_PRIMARY)
+        } else if line.ends_with(':') && !line.starts_with(' ') {
+            Style::default().fg(NEON_GREEN).bold()
+        } else {
+            Style::default().fg(TEXT_DIM)
+        };
+        lines.push(Line::from(Span::styled(*line, style)));
+    }
+    lines.push(Line::from(""));
+    lines.push(Line::from(vec![
+        Span::styled("Active limits now: ", Style::default().fg(TEXT_DIM)),
+        Span::styled(
+            if sc.current_enabled { "ON" } else { "OFF" },
+            Style::default().fg(NEON_GREEN),
+        ),
+        Span::styled(" · idle ", Style::default().fg(TEXT_DIM)),
+        Span::styled(fmt_ms(sc.current_idle_ms), Style::default().fg(TEXT_PRIMARY)),
+        Span::styled(" · max ", Style::default().fg(TEXT_DIM)),
+        Span::styled(fmt_ms(sc.current_duration_ms), Style::default().fg(TEXT_PRIMARY)),
+        Span::styled(" · cost ", Style::default().fg(TEXT_DIM)),
+        Span::styled(fmt_cost(sc.current_max_cost), Style::default().fg(AMBER_WARN)),
+    ]));
+
+    f.render_widget(Paragraph::new(lines).wrap(Wrap { trim: false }), inner);
+}
+
 fn render_active_panel(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
     let block = Block::default()
         .title(" ⚙️  Active limits (live) ")
@@ -627,7 +640,7 @@ fn render_active_panel(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
             ),
         ]),
         Line::from(""),
-        Line::from("Press Tab → Custom to tune your own limits.").style(Style::default().fg(TEXT_MUTED)),
+        Line::from("Tab → About / Custom / Templates to switch views.").style(Style::default().fg(TEXT_MUTED)),
     ];
     f.render_widget(Paragraph::new(lines).wrap(Wrap { trim: false }), inner);
 }
@@ -715,50 +728,81 @@ fn render_custom_editor(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
     f.render_widget(List::new(items), inner);
 }
 
-fn render_custom_help(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
-    let block = Block::default()
-        .title(format!(" ℹ️  {} ", sc.custom_field.label()))
+fn render_custom_help_with_about(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
+    use ratatui::layout::{Constraint, Direction, Layout};
+
+    // Split into About section (top) and field help (bottom)
+    let chunks = Layout::default()
+        .direction(Direction::Vertical)
+        .constraints([Constraint::Length(15), Constraint::Min(10)])
+        .split(area);
+
+    // Top: About Sentinel
+    let about_block = Block::default()
+        .title(" 📖  What is Sentinel? ")
         .borders(Borders::ALL)
-        .border_style(Style::default().fg(BRAND_PURPLE))
+        .border_style(Style::default().fg(CYBER_CYAN))
         .style(Style::default().bg(BG_PANEL));
-    let inner = block.inner(area);
-    f.render_widget(block, area);
+    let about_inner = about_block.inner(chunks[0]);
+    f.render_widget(about_block, chunks[0]);
+
+    let mut about_lines: Vec<Line> = Vec::new();
+    for line in ABOUT_SENTINEL_LINES {
+        if line.is_empty() {
+            about_lines.push(Line::from(""));
+            continue;
+        }
+        let style = if line.starts_with("  •") {
+            Style::default().fg(TEXT_PRIMARY)
+        } else if line.ends_with(':') && !line.starts_with(' ') {
+            Style::default().fg(NEON_GREEN).bold()
+        } else {
+            Style::default().fg(TEXT_DIM)
+        };
+        about_lines.push(Line::from(Span::styled(*line, style)));
+    }
+    f.render_widget(
+        Paragraph::new(about_lines).wrap(Wrap { trim: false }),
+        about_inner,
+    );
 
+    // Bottom: Field-specific help
     let field = sc.custom_field;
-    let mut lines = vec![
+    let help_block = Block::default()
+        .title(format!(" ℹ️  {} ", field.label()))
+        .borders(Borders::ALL)
+        .border_style(Style::default().fg(BRAND_PURPLE))
+        .style(Style::default().bg(BG_PANEL));
+    let help_inner = help_block.inner(chunks[1]);
+    f.render_widget(help_block, chunks[1]);
+
+    let mut help_lines = vec![
         Line::from(""),
         Line::from(field.help()).style(Style::default().fg(TEXT_PRIMARY)),
         Line::from(""),
     ];
     if let Some(reason) = field.kill_reason() {
-        lines.push(Line::from(vec![
+        help_lines.push(Line::from(vec![
             Span::styled("Kill log reason: ", Style::default().fg(TEXT_DIM)),
             Span::styled(reason, Style::default().fg(AMBER_WARN)),
         ]));
-        lines.push(Line::from(""));
+        help_lines.push(Line::from(""));
     }
-    lines.push(Line::from("Persistent via env (Gateway boot):").style(Style::default().fg(NEON_GREEN).bold()));
-    lines.push(Line::from(field.env_var()).style(Style::default().fg(CYBER_CYAN)));
-    lines.push(Line::from(""));
-    lines.push(
-        Line::from("Enter Apply → Gateway + disk (%APPDATA%\\4runr\\config\\sentinel-limits.json).")
-            .style(Style::default().fg(NEON_GREEN)),
-    );
-    lines.push(
-        Line::from("Survives Gateway restart. Env vars in docker-compose override fields when set.")
-            .style(Style::default().fg(TEXT_MUTED)),
-    );
-    lines.push(
-        Line::from("Scope: all agent runs on this Gateway (one policy per run execution).")
-            .style(Style::default().fg(TEXT_MUTED)),
+    help_lines.push(
+        Line::from("Persistent via env (Gateway boot):")
+            .style(Style::default().fg(NEON_GREEN).bold()),
     );
-    lines.push(Line::from(""));
-    lines.push(
-        Line::from("Adjust draft: ←/→ or +/- · mouse wheel · Space toggles Enforcement.")
+    help_lines.push(Line::from(field.env_var()).style(Style::default().fg(CYBER_CYAN)));
+    help_lines.push(Line::from(""));
+    help_lines.push(
+        Line::from("Adjust: ←/→ or +/- · mouse wheel · Space toggles Enforcement.")
             .style(Style::default().fg(NEON_GREEN)),
     );
 
-    f.render_widget(Paragraph::new(lines).wrap(Wrap { trim: false }), inner);
+    f.render_widget(
+        Paragraph::new(help_lines).wrap(Wrap { trim: false }),
+        help_inner,
+    );
 }
 
 #[cfg(test)]

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "4runr-os",
-  "version": "2.10.64",
+  "version": "2.10.66",
   "type": "module",
-  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.64: Sentinel limits persist to disk; Custom tab edit with arrow keys and M:SS display.",
+  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.66: Sentinel unified Custom+About view (Templates removed); enhanced persistence logging.",
   "main": "dist/index.js",
   "bin": {
     "4runr": "dist/index.js",