4runr-os 2.10.65 → 2.10.66

package/apps/gateway/src/routes/sentinel-policies.ts

@@ -175,7 +175,7 @@ export async function sentinelPolicyRoutes(fastify: FastifyInstance) {
       
       try {
         sentinel.updateConfig(config);
-        const savedTo = persistSentinelConfigAfterApply(sentinel, config);
+        const savedTo = persistSentinelConfigAfterApply(sentinel, config, fastify.log);
         return {
           success: true,
           template: templateName,
@@ -235,7 +235,7 @@ export async function sentinelPolicyRoutes(fastify: FastifyInstance) {
 
         try {
           sentinel.updateConfig(config);
-          const savedTo = persistSentinelConfigAfterApply(sentinel, config);
+          const savedTo = persistSentinelConfigAfterApply(sentinel, config, fastify.log);
           return {
             success: true,
             config,

package/apps/gateway/src/security/sentinel-config-store.ts

@@ -119,7 +119,7 @@ export function mergePersistedSentinelConfig(sentinel: Sentinel): boolean {
 
   for (const { field } of ENV_FIELD_KEYS) {
     if (envDefinesField(field)) continue;
-    (merged as Record<string, unknown>)[field] = saved[field];
+    (merged as any)[field] = saved[field];
   }
 
   try {
@@ -137,12 +137,49 @@ export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
   info: (msg: string, meta?: Record<string, unknown>) => void;
   warn: (msg: string, meta?: Record<string, unknown>) => void;
 }): boolean {
+  const filePath = getSentinelLimitsFilePath();
+  const saved = loadSentinelLimitsFromDisk();
+  
+  if (!saved) {
+    logger?.info('No Sentinel limits file found on disk (will use env defaults)', {
+      expectedPath: filePath,
+    });
+    return false;
+  }
+
+  // Check which env vars are set and will override the disk values
+  const envOverrides: string[] = [];
+  const diskApplied: string[] = [];
+  
+  for (const { field, envKeys } of ENV_FIELD_KEYS) {
+    if (envDefinesField(field)) {
+      const activeEnv = envKeys.find(k => process.env[k] !== undefined && process.env[k]?.trim() !== '');
+      if (activeEnv) {
+        envOverrides.push(`${field} (via ${activeEnv}=${process.env[activeEnv]})`);
+      }
+    } else {
+      diskApplied.push(`${field}=${saved[field]}`);
+    }
+  }
+
   const ok = mergePersistedSentinelConfig(sentinel);
+  
   if (ok) {
-    logger?.info('Sentinel limits loaded from disk', {
-      path: getSentinelLimitsFilePath(),
+    const finalConfig = sentinel.getConfig();
+    logger?.info('✅ Sentinel limits loaded from disk and merged', {
+      diskPath: filePath,
+      diskValues: saved,
+      envOverrides: envOverrides.length > 0 ? envOverrides : 'none',
+      diskAppliedFields: diskApplied.length > 0 ? diskApplied : 'none (all env-overridden)',
+      finalActiveConfig: finalConfig,
+    });
+  } else {
+    logger?.warn('Failed to apply Sentinel limits from disk', {
+      diskPath: filePath,
+      savedConfig: saved,
     });
   }
+  
   return ok;
 }
 
@@ -153,8 +190,19 @@ export function hydrateSentinelConfigFromDisk(sentinel: Sentinel): void {
 
 export function persistSentinelConfigAfterApply(
   sentinel: Sentinel,
-  config: SentinelConfig
+  config: SentinelConfig,
+  logger?: {
+    info: (msg: string, meta?: Record<string, unknown>) => void;
+  }
 ): string {
+  const filePath = getSentinelLimitsFilePath();
   saveSentinelLimitsToDisk(config);
-  return getSentinelLimitsFilePath();
+  
+  logger?.info('✅ Sentinel limits saved to disk', {
+    path: filePath,
+    config: config,
+    note: 'Survives Gateway restart. Env vars in docker-compose override individual fields when set.',
+  });
+  
+  return filePath;
 }

package/mk3-tui/src/app.rs

@@ -2571,25 +2571,10 @@ impl App {
                     self.state.sentinel_config.error =
                         Some("Connect to Gateway first.".to_string());
                 } else if let Some(ws) = ws_client {
-                    match self.state.sentinel_config.view_mode {
-                        SentinelViewMode::About => {
-                            self.begin_sentinel_load_request(ws);
-                            self.request_render("sentinel_about_refresh");
-                        }
-                        SentinelViewMode::Templates => {
-                            if let Some(t) = self.state.sentinel_config.selected_template() {
-                                let key = t.key.clone();
-                                let name = t.name.clone();
-                                self.begin_sentinel_apply_request(ws, &key);
-                                self.add_log(format!("[SENTINEL] Applying template: {}", name));
-                            }
-                        }
-                        SentinelViewMode::Custom => {
-                            let draft = self.state.sentinel_config.custom_draft.clone();
-                            self.begin_sentinel_apply_custom_request(ws, &draft);
-                            self.add_log("[SENTINEL] Applying custom limits".to_string());
-                        }
-                    }
+                    // Apply custom configuration
+                    let draft = self.state.sentinel_config.custom_draft.clone();
+                    self.begin_sentinel_apply_custom_request(ws, &draft);
+                    self.add_log("[SENTINEL] Applying custom limits...".to_string());
                 }
                 self.request_render("sentinel_apply");
             }

package/mk3-tui/src/ui/sentinel_config.rs

@@ -14,8 +14,6 @@ const BG_PANEL: Color = Color::Rgb(18, 18, 25);
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum SentinelViewMode {
-    About,
-    Templates,
     Custom,
 }
 
@@ -27,13 +25,13 @@ const ABOUT_SENTINEL_LINES: &[&str] = &[
     "  • Enforces limits: idle time, max duration, token cap, cost, loop detection",
     "  • On violation: kills the run (status killed, policy_violation:* in logs)",
     "",
-    "Scope today:",
+    "Scope:",
     "  • One policy for ALL runs on this Gateway (not per-agent yet)",
     "  • A run = one agent execution (POST /api/runs → start → agent runs)",
     "",
-    "How to use this screen:",
-    "  • Templates: apply a preset · Custom: tune fields · Enter: save to disk",
-    "  • Saved file survives Gateway restart (see path in Custom help)",
+    "Persistence:",
+    "  • Enter: saves to disk (%APPDATA%\\4runr\\config\\sentinel-limits.json)",
+    "  • Survives Gateway restart",
     "  • Env vars in docker-compose override individual fields when set",
 ];
 
@@ -157,7 +155,7 @@ pub struct SentinelConfigState {
 impl Default for SentinelConfigState {
     fn default() -> Self {
         Self {
-            view_mode: SentinelViewMode::Templates,
+            view_mode: SentinelViewMode::Custom,
             templates: Vec::new(),
             selected_index: 0,
             custom_draft: SentinelCurrentConfig::default(),
@@ -185,14 +183,9 @@ impl SentinelConfigState {
     }
 
     pub fn cycle_view_mode(&mut self) {
-        self.view_mode = match self.view_mode {
-            SentinelViewMode::About => SentinelViewMode::Templates,
-            SentinelViewMode::Templates => {
-                self.sync_custom_draft_from_current();
-                SentinelViewMode::Custom
-            }
-            SentinelViewMode::Custom => SentinelViewMode::About,
-        };
+        // Only one view now, so cycling does nothing
+        self.view_mode = SentinelViewMode::Custom;
+        self.sync_custom_draft_from_current();
         self.error = None;
         self.status_message = None;
     }
@@ -210,42 +203,22 @@ impl SentinelConfigState {
     }
 
     pub fn select_previous(&mut self) {
-        match self.view_mode {
-            SentinelViewMode::About => {}
-            SentinelViewMode::Templates => {
-                if self.selected_index > 0 {
-                    self.selected_index -= 1;
-                }
-            }
-            SentinelViewMode::Custom => {
-                let idx = CustomField::ALL
-                    .iter()
-                    .position(|f| *f == self.custom_field)
-                    .unwrap_or(0);
-                if idx > 0 {
-                    self.custom_field = CustomField::ALL[idx - 1];
-                }
-            }
+        let idx = CustomField::ALL
+            .iter()
+            .position(|f| *f == self.custom_field)
+            .unwrap_or(0);
+        if idx > 0 {
+            self.custom_field = CustomField::ALL[idx - 1];
         }
     }
 
     pub fn select_next(&mut self) {
-        match self.view_mode {
-            SentinelViewMode::About => {}
-            SentinelViewMode::Templates => {
-                if self.selected_index + 1 < self.templates.len() {
-                    self.selected_index += 1;
-                }
-            }
-            SentinelViewMode::Custom => {
-                let idx = CustomField::ALL
-                    .iter()
-                    .position(|f| *f == self.custom_field)
-                    .unwrap_or(0);
-                if idx + 1 < CustomField::ALL.len() {
-                    self.custom_field = CustomField::ALL[idx + 1];
-                }
-            }
+        let idx = CustomField::ALL
+            .iter()
+            .position(|f| *f == self.custom_field)
+            .unwrap_or(0);
+        if idx + 1 < CustomField::ALL.len() {
+            self.custom_field = CustomField::ALL[idx + 1];
         }
     }
 
@@ -510,11 +483,6 @@ pub fn render(f: &mut Frame, state: &AppState) {
         ])
         .split(area);
 
-    let mode_label = match sc.view_mode {
-        SentinelViewMode::About => "About",
-        SentinelViewMode::Templates => "Templates",
-        SentinelViewMode::Custom => "Custom",
-    };
     let health_txt = if sc.health_status.is_empty() {
         "—".to_string()
     } else {
@@ -522,10 +490,7 @@ pub fn render(f: &mut Frame, state: &AppState) {
     };
 
     let header = Block::default()
-        .title(format!(
-            " 🛡️  Sentinel — {} · {} ",
-            mode_label, health_txt
-        ))
+        .title(format!(" 🛡️  Sentinel — {} ", health_txt))
         .borders(Borders::ALL)
         .border_style(Style::default().fg(BRAND_PURPLE))
         .style(Style::default().bg(BG_PANEL));
@@ -536,31 +501,12 @@ pub fn render(f: &mut Frame, state: &AppState) {
         .constraints([Constraint::Percentage(45), Constraint::Percentage(55)])
         .split(chunks[1]);
 
-    match sc.view_mode {
-        SentinelViewMode::About => {
-            render_about_panel(f, chunks[1], sc);
-        }
-        SentinelViewMode::Templates => {
-            render_active_panel(f, body[0], sc);
-            render_templates_panel(f, body[1], sc);
-        }
-        SentinelViewMode::Custom => {
-            render_custom_editor(f, body[0], sc);
-            render_custom_help(f, body[1], sc);
-        }
-    }
+    // Unified view: Custom editor on left, About + Help on right
+    render_custom_editor(f, body[0], sc);
+    render_custom_help_with_about(f, body[1], sc);
 
-    let default_footer = match sc.view_mode {
-        SentinelViewMode::About => {
-            "Tab: Templates · R: reload from Gateway · ESC: Close"
-        }
-        SentinelViewMode::Templates => {
-            "Tab: next view · ↑/↓ Template · Enter Apply · R Refresh · ESC Close"
-        }
-        SentinelViewMode::Custom => {
-            "Tab: next view · ↑/↓ Field · ←/→ Value · Enter Apply (saves to disk) · ESC Close"
-        }
-    };
+    const DEFAULT_FOOTER: &str =
+        "↑/↓ Field · ←/→ Value · Enter Apply (saves to disk) · R Refresh · ESC Close";
     const CUSTOM_SHORTCUTS: &str =
         "←/→ or +/- adjust value · wheel · Space ON/OFF · Enter apply · ESC close";
 
@@ -571,13 +517,9 @@ pub fn render(f: &mut Frame, state: &AppState) {
     } else if let Some(e) = &sc.error {
         e.clone()
     } else if let Some(m) = &sc.status_message {
-        if sc.view_mode == SentinelViewMode::Custom {
-            format!("{}\n{}", m, CUSTOM_SHORTCUTS)
-        } else {
-            m.clone()
-        }
+        format!("{}\n{}", m, CUSTOM_SHORTCUTS)
     } else {
-        default_footer.to_string()
+        DEFAULT_FOOTER.to_string()
     };
 
     let footer = Block::default()
@@ -786,50 +728,81 @@ fn render_custom_editor(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
     f.render_widget(List::new(items), inner);
 }
 
-fn render_custom_help(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
-    let block = Block::default()
-        .title(format!(" ℹ️  {} ", sc.custom_field.label()))
+fn render_custom_help_with_about(f: &mut Frame, area: Rect, sc: &SentinelConfigState) {
+    use ratatui::layout::{Constraint, Direction, Layout};
+
+    // Split into About section (top) and field help (bottom)
+    let chunks = Layout::default()
+        .direction(Direction::Vertical)
+        .constraints([Constraint::Length(15), Constraint::Min(10)])
+        .split(area);
+
+    // Top: About Sentinel
+    let about_block = Block::default()
+        .title(" 📖  What is Sentinel? ")
         .borders(Borders::ALL)
-        .border_style(Style::default().fg(BRAND_PURPLE))
+        .border_style(Style::default().fg(CYBER_CYAN))
         .style(Style::default().bg(BG_PANEL));
-    let inner = block.inner(area);
-    f.render_widget(block, area);
+    let about_inner = about_block.inner(chunks[0]);
+    f.render_widget(about_block, chunks[0]);
+
+    let mut about_lines: Vec<Line> = Vec::new();
+    for line in ABOUT_SENTINEL_LINES {
+        if line.is_empty() {
+            about_lines.push(Line::from(""));
+            continue;
+        }
+        let style = if line.starts_with("  •") {
+            Style::default().fg(TEXT_PRIMARY)
+        } else if line.ends_with(':') && !line.starts_with(' ') {
+            Style::default().fg(NEON_GREEN).bold()
+        } else {
+            Style::default().fg(TEXT_DIM)
+        };
+        about_lines.push(Line::from(Span::styled(*line, style)));
+    }
+    f.render_widget(
+        Paragraph::new(about_lines).wrap(Wrap { trim: false }),
+        about_inner,
+    );
 
+    // Bottom: Field-specific help
     let field = sc.custom_field;
-    let mut lines = vec![
+    let help_block = Block::default()
+        .title(format!(" ℹ️  {} ", field.label()))
+        .borders(Borders::ALL)
+        .border_style(Style::default().fg(BRAND_PURPLE))
+        .style(Style::default().bg(BG_PANEL));
+    let help_inner = help_block.inner(chunks[1]);
+    f.render_widget(help_block, chunks[1]);
+
+    let mut help_lines = vec![
         Line::from(""),
         Line::from(field.help()).style(Style::default().fg(TEXT_PRIMARY)),
         Line::from(""),
     ];
     if let Some(reason) = field.kill_reason() {
-        lines.push(Line::from(vec![
+        help_lines.push(Line::from(vec![
             Span::styled("Kill log reason: ", Style::default().fg(TEXT_DIM)),
             Span::styled(reason, Style::default().fg(AMBER_WARN)),
         ]));
-        lines.push(Line::from(""));
+        help_lines.push(Line::from(""));
     }
-    lines.push(Line::from("Persistent via env (Gateway boot):").style(Style::default().fg(NEON_GREEN).bold()));
-    lines.push(Line::from(field.env_var()).style(Style::default().fg(CYBER_CYAN)));
-    lines.push(Line::from(""));
-    lines.push(
-        Line::from("Enter Apply → Gateway + disk (%APPDATA%\\4runr\\config\\sentinel-limits.json).")
-            .style(Style::default().fg(NEON_GREEN)),
-    );
-    lines.push(
-        Line::from("Survives Gateway restart. Env vars in docker-compose override fields when set.")
-            .style(Style::default().fg(TEXT_MUTED)),
+    help_lines.push(
+        Line::from("Persistent via env (Gateway boot):")
+            .style(Style::default().fg(NEON_GREEN).bold()),
     );
-    lines.push(
-        Line::from("Scope: all agent runs on this Gateway (one policy per run execution).")
-            .style(Style::default().fg(TEXT_MUTED)),
-    );
-    lines.push(Line::from(""));
-    lines.push(
-        Line::from("Adjust draft: ←/→ or +/- · mouse wheel · Space toggles Enforcement.")
+    help_lines.push(Line::from(field.env_var()).style(Style::default().fg(CYBER_CYAN)));
+    help_lines.push(Line::from(""));
+    help_lines.push(
+        Line::from("Adjust: ←/→ or +/- · mouse wheel · Space toggles Enforcement.")
             .style(Style::default().fg(NEON_GREEN)),
     );
 
-    f.render_widget(Paragraph::new(lines).wrap(Wrap { trim: false }), inner);
+    f.render_widget(
+        Paragraph::new(help_lines).wrap(Wrap { trim: false }),
+        help_inner,
+    );
 }
 
 #[cfg(test)]

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "4runr-os",
-  "version": "2.10.65",
+  "version": "2.10.66",
   "type": "module",
-  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.65: Sentinel limits reload from disk on open; About tab explains purpose.",
+  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.66: Sentinel unified Custom+About view (Templates removed); enhanced persistence logging.",
   "main": "dist/index.js",
   "bin": {
     "4runr": "dist/index.js",