4runr-os 2.10.68 → 2.10.69

package/apps/gateway/package-lock.json

@@ -2929,9 +2929,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.41",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.41.tgz",
-      "integrity": "sha512-ECymXOukMnOoVkC2bb1Vc/w/836DXncOg5m8Xj1RH7xSHZJWNYY6Zh7EH477vcnD5egKNNfy2RpNOmuChhFPgQ==",
+      "version": "20.19.42",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.42.tgz",
+      "integrity": "sha512-5L7SUaFC1RyDraj2yRhyBzHTobyXHmohD100CChNtyPyleoq37Mqab5Gn8XEKI04dfN/oqPdpHk38MgcQWHbZg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"

package/apps/gateway/scripts/verify-sentinel-persist.mjs

@@ -1,81 +1,81 @@
-/**
- * One-shot: prove sentinel-limits.json round-trip changes Sentinel.getConfig()
- * and policy thresholds (simulates Gateway restart without HTTP).
- *
- * Usage: node scripts/verify-sentinel-persist.mjs
- */
-import * as fs from 'fs';
-import * as path from 'path';
-import * as os from 'os';
-
-const tmp = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-persist-verify-'));
-process.env['APPDATA'] = tmp;
-
-const { Sentinel, policyManager } = await import('@4runr/sentinel');
-const {
-  saveSentinelLimitsToDisk,
-  loadSentinelLimitsFromDisk,
-  applyPersistedSentinelConfig,
-  getSentinelLimitsFilePath,
-} = await import('../dist/security/sentinel-config-store.js');
-
-const distinctive = {
-  enabled: true,
-  runMaxDurationMs: 111_000,
-  runMaxTokens: 22_000,
-  runIdleMs: 12_345,
-  loopWindow: 9,
-  loopMax: 4,
-  runMaxCost: 2.75,
-};
-
-saveSentinelLimitsToDisk(distinctive);
-const filePath = getSentinelLimitsFilePath();
-if (!fs.existsSync(filePath)) {
-  console.error('FAIL: file not written', filePath);
-  process.exit(1);
-}
-const onDisk = JSON.parse(fs.readFileSync(filePath, 'utf8'));
-console.log('OK: wrote', filePath);
-console.log('   config.runIdleMs on disk:', onDisk.config?.runIdleMs);
-
-const loaded = loadSentinelLimitsFromDisk();
-if (loaded?.runIdleMs !== distinctive.runIdleMs) {
-  console.error('FAIL: load from disk', loaded);
-  process.exit(1);
-}
-console.log('OK: loadSentinelLimitsFromDisk matches');
-
-Sentinel.resetInstance();
-const sentinel = Sentinel.getInstance();
-const before = sentinel.getConfig().runIdleMs;
-applyPersistedSentinelConfig(sentinel);
-const after = sentinel.getConfig().runIdleMs;
-if (after !== distinctive.runIdleMs) {
-  console.error('FAIL: after boot apply', { before, after, expected: distinctive.runIdleMs });
-  process.exit(1);
-}
-console.log('OK: fresh singleton after applyPersistedSentinelConfig', { before, after });
-
-const violations = policyManager.evaluatePolicies(
-  'verify-run',
-  {
-    runId: 'verify-run',
-    createdAt: Date.now(),
-    startedAt: Date.now() - 30_000,
-    lastTokenAt: Date.now() - 30_000,
-    tokenCount: 0,
-    status: 'running',
-    events: [],
-  },
-  sentinel.getConfig()
-);
-const idle = violations.find((v) => v.policy === 'idle');
-if (!idle || idle.threshold !== distinctive.runIdleMs) {
-  console.error('FAIL: policy threshold', idle);
-  process.exit(1);
-}
-console.log('OK: idle policy threshold = persisted runIdleMs', idle.threshold);
-
-fs.rmSync(tmp, { recursive: true, force: true });
-console.log('\nAll persistence checks passed (fundamental, not UI-only).');
+/**
+ * One-shot: prove sentinel-limits.json round-trip changes Sentinel.getConfig()
+ * and policy thresholds (simulates Gateway restart without HTTP).
+ *
+ * Usage: node scripts/verify-sentinel-persist.mjs
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+
+const tmp = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-persist-verify-'));
+process.env['APPDATA'] = tmp;
+
+const { Sentinel, policyManager } = await import('@4runr/sentinel');
+const {
+  saveSentinelLimitsToDisk,
+  loadSentinelLimitsFromDisk,
+  applyPersistedSentinelConfig,
+  getSentinelLimitsFilePath,
+} = await import('../dist/security/sentinel-config-store.js');
+
+const distinctive = {
+  enabled: true,
+  runMaxDurationMs: 111_000,
+  runMaxTokens: 22_000,
+  runIdleMs: 12_345,
+  loopWindow: 9,
+  loopMax: 4,
+  runMaxCost: 2.75,
+};
+
+saveSentinelLimitsToDisk(distinctive);
+const filePath = getSentinelLimitsFilePath();
+if (!fs.existsSync(filePath)) {
+  console.error('FAIL: file not written', filePath);
+  process.exit(1);
+}
+const onDisk = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+console.log('OK: wrote', filePath);
+console.log('   config.runIdleMs on disk:', onDisk.config?.runIdleMs);
+
+const loaded = loadSentinelLimitsFromDisk();
+if (loaded?.runIdleMs !== distinctive.runIdleMs) {
+  console.error('FAIL: load from disk', loaded);
+  process.exit(1);
+}
+console.log('OK: loadSentinelLimitsFromDisk matches');
+
+Sentinel.resetInstance();
+const sentinel = Sentinel.getInstance();
+const before = sentinel.getConfig().runIdleMs;
+applyPersistedSentinelConfig(sentinel);
+const after = sentinel.getConfig().runIdleMs;
+if (after !== distinctive.runIdleMs) {
+  console.error('FAIL: after boot apply', { before, after, expected: distinctive.runIdleMs });
+  process.exit(1);
+}
+console.log('OK: fresh singleton after applyPersistedSentinelConfig', { before, after });
+
+const violations = policyManager.evaluatePolicies(
+  'verify-run',
+  {
+    runId: 'verify-run',
+    createdAt: Date.now(),
+    startedAt: Date.now() - 30_000,
+    lastTokenAt: Date.now() - 30_000,
+    tokenCount: 0,
+    status: 'running',
+    events: [],
+  },
+  sentinel.getConfig()
+);
+const idle = violations.find((v) => v.policy === 'idle');
+if (!idle || idle.threshold !== distinctive.runIdleMs) {
+  console.error('FAIL: policy threshold', idle);
+  process.exit(1);
+}
+console.log('OK: idle policy threshold = persisted runIdleMs', idle.threshold);
+
+fs.rmSync(tmp, { recursive: true, force: true });
+console.log('\nAll persistence checks passed (fundamental, not UI-only).');

package/apps/gateway/src/__tests__/sentinel-config-persist-http.test.ts

@@ -1,93 +1,93 @@
-/**
- * HTTP apply → disk → simulated restart (proves route wiring, not UI-only).
- */
-
-import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
-import Fastify from 'fastify';
-import * as fs from 'fs';
-import * as path from 'path';
-import * as os from 'os';
-import { Sentinel } from '@4runr/sentinel';
-import {
-  getSentinelLimitsFilePath,
-  applyPersistedSentinelConfig,
-  hydrateSentinelConfigFromDisk,
-} from '../security/sentinel-config-store.js';
-
-jest.mock('../middleware/rateLimit.js', () => ({
-  writeRateLimit: async () => {},
-  readRateLimit: async () => {},
-}));
-
-jest.mock('../middleware/auth.js', () => ({
-  requireAuth: async () => {},
-}));
-
-describe('POST /api/sentinel/policies/custom persistence', () => {
-  const originalAppData = process.env['APPDATA'];
-  let tmpDir: string;
-  let app: ReturnType<typeof Fastify>;
-
-  beforeEach(async () => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-sentinel-http-'));
-    process.env['APPDATA'] = tmpDir;
-    delete process.env['RUN_IDLE_MS'];
-    delete process.env['SENTINEL_IDLE_MS'];
-    Sentinel.resetInstance();
-
-    const { sentinelPolicyRoutes } = await import('../routes/sentinel-policies.js');
-    app = Fastify();
-    await sentinelPolicyRoutes(app);
-    await app.ready();
-  });
-
-  afterEach(async () => {
-    await app.close();
-    Sentinel.resetInstance();
-    if (originalAppData === undefined) delete process.env['APPDATA'];
-    else process.env['APPDATA'] = originalAppData;
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  it('writes sentinel-limits.json and reloads after simulated Gateway restart', async () => {
-    const distinctiveIdle = 77_777;
-
-    const res = await app.inject({
-      method: 'POST',
-      url: '/api/sentinel/policies/custom',
-      payload: {
-        enabled: true,
-        runMaxDurationMs: 120_000,
-        runMaxTokens: 16_000,
-        runIdleMs: distinctiveIdle,
-        loopWindow: 15,
-        loopMax: 5,
-        runMaxCost: 1.5,
-      },
-    });
-
-    expect(res.statusCode).toBe(200);
-    const body = res.json() as { success?: boolean; config?: { runIdleMs?: number } };
-    expect(body.success).toBe(true);
-    expect(body.config?.runIdleMs).toBe(distinctiveIdle);
-
-    const filePath = getSentinelLimitsFilePath();
-    expect(fs.existsSync(filePath)).toBe(true);
-    const onDisk = JSON.parse(fs.readFileSync(filePath, 'utf8')) as {
-      config: { runIdleMs: number };
-    };
-    expect(onDisk.config.runIdleMs).toBe(distinctiveIdle);
-
-    Sentinel.resetInstance();
-    const sentinel = Sentinel.getInstance();
-    expect(applyPersistedSentinelConfig(sentinel)).toBe(true);
-    expect(sentinel.getConfig().runIdleMs).toBe(distinctiveIdle);
-
-    Sentinel.resetInstance();
-    const stale = Sentinel.getInstance();
-    expect(stale.getConfig().runIdleMs).not.toBe(distinctiveIdle);
-
-    hydrateSentinelConfigFromDisk(stale);
-    expect(stale.getConfig().runIdleMs).toBe(distinctiveIdle);
-  });
-});
+/**
+ * HTTP apply → disk → simulated restart (proves route wiring, not UI-only).
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import Fastify from 'fastify';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { Sentinel } from '@4runr/sentinel';
+import {
+  getSentinelLimitsFilePath,
+  applyPersistedSentinelConfig,
+  hydrateSentinelConfigFromDisk,
+} from '../security/sentinel-config-store.js';
+
+jest.mock('../middleware/rateLimit.js', () => ({
+  writeRateLimit: async () => {},
+  readRateLimit: async () => {},
+}));
+
+jest.mock('../middleware/auth.js', () => ({
+  requireAuth: async () => {},
+}));
+
+describe('POST /api/sentinel/policies/custom persistence', () => {
+  const originalAppData = process.env['APPDATA'];
+  let tmpDir: string;
+  let app: ReturnType<typeof Fastify>;
+
+  beforeEach(async () => {
+    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-sentinel-http-'));
+    process.env['APPDATA'] = tmpDir;
+    delete process.env['RUN_IDLE_MS'];
+    delete process.env['SENTINEL_IDLE_MS'];
+    Sentinel.resetInstance();
+
+    const { sentinelPolicyRoutes } = await import('../routes/sentinel-policies.js');
+    app = Fastify();
+    await sentinelPolicyRoutes(app);
+    await app.ready();
+  });
+
+  afterEach(async () => {
+    await app.close();
+    Sentinel.resetInstance();
+    if (originalAppData === undefined) delete process.env['APPDATA'];
+    else process.env['APPDATA'] = originalAppData;
+    fs.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it('writes sentinel-limits.json and reloads after simulated Gateway restart', async () => {
+    const distinctiveIdle = 77_777;
+
+    const res = await app.inject({
+      method: 'POST',
+      url: '/api/sentinel/policies/custom',
+      payload: {
+        enabled: true,
+        runMaxDurationMs: 120_000,
+        runMaxTokens: 16_000,
+        runIdleMs: distinctiveIdle,
+        loopWindow: 15,
+        loopMax: 5,
+        runMaxCost: 1.5,
+      },
+    });
+
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { success?: boolean; config?: { runIdleMs?: number } };
+    expect(body.success).toBe(true);
+    expect(body.config?.runIdleMs).toBe(distinctiveIdle);
+
+    const filePath = getSentinelLimitsFilePath();
+    expect(fs.existsSync(filePath)).toBe(true);
+    const onDisk = JSON.parse(fs.readFileSync(filePath, 'utf8')) as {
+      config: { runIdleMs: number };
+    };
+    expect(onDisk.config.runIdleMs).toBe(distinctiveIdle);
+
+    Sentinel.resetInstance();
+    const sentinel = Sentinel.getInstance();
+    expect(applyPersistedSentinelConfig(sentinel)).toBe(true);
+    expect(sentinel.getConfig().runIdleMs).toBe(distinctiveIdle);
+
+    Sentinel.resetInstance();
+    const stale = Sentinel.getInstance();
+    expect(stale.getConfig().runIdleMs).not.toBe(distinctiveIdle);
+
+    hydrateSentinelConfigFromDisk(stale);
+    expect(stale.getConfig().runIdleMs).toBe(distinctiveIdle);
+  });
+});

package/apps/gateway/src/__tests__/sentinel-config-store.test.ts

@@ -1,133 +1,133 @@
-/**
- * Sentinel limits disk persistence
- */
-
-import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
-import * as fs from 'fs';
-import * as path from 'path';
-import * as os from 'os';
-import {
-  getSentinelLimitsFilePath,
-  loadSentinelLimitsFromDisk,
-  saveSentinelLimitsToDisk,
-  applyPersistedSentinelConfig,
-} from '../security/sentinel-config-store.js';
-import { Sentinel, policyManager } from '@4runr/sentinel';
-import type { RunState } from '@4runr/sentinel';
-
-describe('sentinel-config-store', () => {
-  const originalAppData = process.env['APPDATA'];
-  let tmpDir: string;
-
-  beforeEach(() => {
-    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-sentinel-'));
-    process.env['APPDATA'] = tmpDir;
-    Sentinel.resetInstance();
-  });
-
-  afterEach(() => {
-    Sentinel.resetInstance();
-    if (originalAppData === undefined) {
-      delete process.env['APPDATA'];
-    } else {
-      process.env['APPDATA'] = originalAppData;
-    }
-    fs.rmSync(tmpDir, { recursive: true, force: true });
-  });
-
-  it('round-trips config to disk', () => {
-    const config = {
-      enabled: true,
-      runMaxDurationMs: 90_000,
-      runMaxTokens: 8_000,
-      runIdleMs: 45_000,
-      loopWindow: 10,
-      loopMax: 3,
-      runMaxCost: 1.25,
-    };
-    saveSentinelLimitsToDisk(config);
-    expect(fs.existsSync(getSentinelLimitsFilePath())).toBe(true);
-    const loaded = loadSentinelLimitsFromDisk();
-    expect(loaded).toMatchObject(config);
-  });
-
-  it('applyPersistedSentinelConfig merges when env field unset', () => {
-    delete process.env['RUN_IDLE_MS'];
-    delete process.env['SENTINEL_IDLE_MS'];
-    saveSentinelLimitsToDisk({
-      enabled: true,
-      runMaxDurationMs: 60_000,
-      runMaxTokens: 16_000,
-      runIdleMs: 99_000,
-      loopWindow: 15,
-      loopMax: 5,
-      runMaxCost: 2.0,
-    });
-    const sentinel = Sentinel.getInstance();
-    applyPersistedSentinelConfig(sentinel);
-    expect(sentinel.getConfig().runIdleMs).toBe(99_000);
-  });
-
-  it('simulates Gateway restart: disk limits reload into a fresh Sentinel singleton', () => {
-    delete process.env['RUN_IDLE_MS'];
-    delete process.env['SENTINEL_IDLE_MS'];
-
-    const distinctiveIdle = 12_345;
-    saveSentinelLimitsToDisk({
-      enabled: true,
-      runMaxDurationMs: 600_000,
-      runMaxTokens: 50_000,
-      runIdleMs: distinctiveIdle,
-      loopWindow: 15,
-      loopMax: 5,
-      runMaxCost: 3.5,
-    });
-
-    Sentinel.resetInstance();
-    const sentinel = Sentinel.getInstance();
-    expect(sentinel.getConfig().runIdleMs).not.toBe(distinctiveIdle);
-
-    expect(applyPersistedSentinelConfig(sentinel)).toBe(true);
-    expect(sentinel.getConfig().runIdleMs).toBe(distinctiveIdle);
-    expect(sentinel.getConfig().runMaxCost).toBe(3.5);
-  });
-
-  it('persisted limits drive real policy evaluation (not display-only)', () => {
-    delete process.env['RUN_IDLE_MS'];
-    delete process.env['SENTINEL_IDLE_MS'];
-
-    const idleMs = 8_000;
-    saveSentinelLimitsToDisk({
-      enabled: true,
-      runMaxDurationMs: 600_000,
-      runMaxTokens: 50_000,
-      runIdleMs: idleMs,
-      loopWindow: 15,
-      loopMax: 5,
-      runMaxCost: 1.0,
-    });
-
-    Sentinel.resetInstance();
-    const sentinel = Sentinel.getInstance();
-    applyPersistedSentinelConfig(sentinel);
-
-    const runState: RunState = {
-      runId: 'run-persist-verify',
-      createdAt: Date.now(),
-      startedAt: Date.now() - 20_000,
-      lastTokenAt: Date.now() - 20_000,
-      tokenCount: 0,
-      status: 'running',
-      events: [],
-    };
-
-    const violations = policyManager.evaluatePolicies(
-      'run-persist-verify',
-      runState,
-      sentinel.getConfig()
-    );
-    const idleViolation = violations.find((v) => v.policy === 'idle');
-    expect(idleViolation).toBeDefined();
-    expect(idleViolation!.threshold).toBe(idleMs);
-  });
-});
+/**
+ * Sentinel limits disk persistence
+ */
+
+import { describe, it, expect, beforeEach, afterEach } from '@jest/globals';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import {
+  getSentinelLimitsFilePath,
+  loadSentinelLimitsFromDisk,
+  saveSentinelLimitsToDisk,
+  applyPersistedSentinelConfig,
+} from '../security/sentinel-config-store.js';
+import { Sentinel, policyManager } from '@4runr/sentinel';
+import type { RunState } from '@4runr/sentinel';
+
+describe('sentinel-config-store', () => {
+  const originalAppData = process.env['APPDATA'];
+  let tmpDir: string;
+
+  beforeEach(() => {
+    tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), '4runr-sentinel-'));
+    process.env['APPDATA'] = tmpDir;
+    Sentinel.resetInstance();
+  });
+
+  afterEach(() => {
+    Sentinel.resetInstance();
+    if (originalAppData === undefined) {
+      delete process.env['APPDATA'];
+    } else {
+      process.env['APPDATA'] = originalAppData;
+    }
+    fs.rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  it('round-trips config to disk', () => {
+    const config = {
+      enabled: true,
+      runMaxDurationMs: 90_000,
+      runMaxTokens: 8_000,
+      runIdleMs: 45_000,
+      loopWindow: 10,
+      loopMax: 3,
+      runMaxCost: 1.25,
+    };
+    saveSentinelLimitsToDisk(config);
+    expect(fs.existsSync(getSentinelLimitsFilePath())).toBe(true);
+    const loaded = loadSentinelLimitsFromDisk();
+    expect(loaded).toMatchObject(config);
+  });
+
+  it('applyPersistedSentinelConfig merges when env field unset', () => {
+    delete process.env['RUN_IDLE_MS'];
+    delete process.env['SENTINEL_IDLE_MS'];
+    saveSentinelLimitsToDisk({
+      enabled: true,
+      runMaxDurationMs: 60_000,
+      runMaxTokens: 16_000,
+      runIdleMs: 99_000,
+      loopWindow: 15,
+      loopMax: 5,
+      runMaxCost: 2.0,
+    });
+    const sentinel = Sentinel.getInstance();
+    applyPersistedSentinelConfig(sentinel);
+    expect(sentinel.getConfig().runIdleMs).toBe(99_000);
+  });
+
+  it('simulates Gateway restart: disk limits reload into a fresh Sentinel singleton', () => {
+    delete process.env['RUN_IDLE_MS'];
+    delete process.env['SENTINEL_IDLE_MS'];
+
+    const distinctiveIdle = 12_345;
+    saveSentinelLimitsToDisk({
+      enabled: true,
+      runMaxDurationMs: 600_000,
+      runMaxTokens: 50_000,
+      runIdleMs: distinctiveIdle,
+      loopWindow: 15,
+      loopMax: 5,
+      runMaxCost: 3.5,
+    });
+
+    Sentinel.resetInstance();
+    const sentinel = Sentinel.getInstance();
+    expect(sentinel.getConfig().runIdleMs).not.toBe(distinctiveIdle);
+
+    expect(applyPersistedSentinelConfig(sentinel)).toBe(true);
+    expect(sentinel.getConfig().runIdleMs).toBe(distinctiveIdle);
+    expect(sentinel.getConfig().runMaxCost).toBe(3.5);
+  });
+
+  it('persisted limits drive real policy evaluation (not display-only)', () => {
+    delete process.env['RUN_IDLE_MS'];
+    delete process.env['SENTINEL_IDLE_MS'];
+
+    const idleMs = 8_000;
+    saveSentinelLimitsToDisk({
+      enabled: true,
+      runMaxDurationMs: 600_000,
+      runMaxTokens: 50_000,
+      runIdleMs: idleMs,
+      loopWindow: 15,
+      loopMax: 5,
+      runMaxCost: 1.0,
+    });
+
+    Sentinel.resetInstance();
+    const sentinel = Sentinel.getInstance();
+    applyPersistedSentinelConfig(sentinel);
+
+    const runState: RunState = {
+      runId: 'run-persist-verify',
+      createdAt: Date.now(),
+      startedAt: Date.now() - 20_000,
+      lastTokenAt: Date.now() - 20_000,
+      tokenCount: 0,
+      status: 'running',
+      events: [],
+    };
+
+    const violations = policyManager.evaluatePolicies(
+      'run-persist-verify',
+      runState,
+      sentinel.getConfig()
+    );
+    const idleViolation = violations.find((v) => v.policy === 'idle');
+    expect(idleViolation).toBeDefined();
+    expect(idleViolation!.threshold).toBe(idleMs);
+  });
+});

package/apps/gateway/src/security/sentinel-config-store.ts

@@ -1,208 +1,208 @@
-/**
- * Persist operator Sentinel limits to disk (survives Gateway restart).
- * File: {4Runr data dir}/config/sentinel-limits.json
- *
- * Boot order: env defaults (packages/sentinel) → overlay saved file when present.
- * Explicit env vars for a field are not overwritten by the saved file.
- */
-
-import * as fs from 'fs';
-import * as path from 'path';
-import { get4RunrConfigDir } from '@4runr/shared';
-import { Sentinel, type SentinelConfig } from '@4runr/sentinel';
-
-const FILE_NAME = 'sentinel-limits.json';
-
-const ENV_FIELD_KEYS: Array<{
-  field: keyof SentinelConfig;
-  envKeys: string[];
-}> = [
-  { field: 'enabled', envKeys: ['SENTINEL_ENABLED'] },
-  { field: 'runMaxDurationMs', envKeys: ['RUN_MAX_DURATION_MS'] },
-  { field: 'runMaxTokens', envKeys: ['RUN_MAX_TOKENS'] },
-  { field: 'runIdleMs', envKeys: ['SENTINEL_IDLE_MS', 'RUN_IDLE_MS'] },
-  { field: 'loopWindow', envKeys: ['SENTINEL_LOOP_WINDOW'] },
-  { field: 'loopMax', envKeys: ['SENTINEL_LOOP_MAX'] },
-  { field: 'runMaxCost', envKeys: ['RUN_MAX_COST', 'SENTINEL_MAX_COST'] },
-];
-
-export function getSentinelLimitsFilePath(): string {
-  return path.join(get4RunrConfigDir(), FILE_NAME);
-}
-
-function envDefinesField(field: keyof SentinelConfig): boolean {
-  const entry = ENV_FIELD_KEYS.find((e) => e.field === field);
-  if (!entry) return false;
-  return entry.envKeys.some((k) => {
-    const v = process.env[k];
-    return v !== undefined && v.trim() !== '';
-  });
-}
-
-function parseSavedPayload(raw: unknown): SentinelConfig | null {
-  if (!raw || typeof raw !== 'object') return null;
-  const o = raw as Record<string, unknown>;
-  const num = (key: string): number | undefined => {
-    const v = o[key];
-    if (typeof v === 'number' && Number.isFinite(v)) return v;
-    return undefined;
-  };
-  const enabled = o['enabled'];
-  if (typeof enabled !== 'boolean') return null;
-  const runMaxDurationMs = num('runMaxDurationMs');
-  const runMaxTokens = num('runMaxTokens');
-  const runIdleMs = num('runIdleMs');
-  const loopWindow = num('loopWindow');
-  const loopMax = num('loopMax');
-  if (
-    runMaxDurationMs === undefined ||
-    runMaxTokens === undefined ||
-    runIdleMs === undefined ||
-    loopWindow === undefined ||
-    loopMax === undefined
-  ) {
-    return null;
-  }
-  const runMaxCost = num('runMaxCost');
-  return {
-    enabled,
-    runMaxDurationMs,
-    runMaxTokens,
-    runIdleMs,
-    loopWindow,
-    loopMax,
-    ...(runMaxCost !== undefined ? { runMaxCost } : {}),
-  };
-}
-
-export function loadSentinelLimitsFromDisk(): SentinelConfig | null {
-  const filePath = getSentinelLimitsFilePath();
-  try {
-    if (!fs.existsSync(filePath)) return null;
-    const text = fs.readFileSync(filePath, 'utf8');
-    const parsed = JSON.parse(text) as unknown;
-    const inner =
-      parsed && typeof parsed === 'object' && 'config' in (parsed as object)
-        ? (parsed as { config: unknown }).config
-        : parsed;
-    return parseSavedPayload(inner);
-  } catch {
-    return null;
-  }
-}
-
-export function saveSentinelLimitsToDisk(config: SentinelConfig): void {
-  const filePath = getSentinelLimitsFilePath();
-  const payload = {
-    version: 1,
-    updatedAt: new Date().toISOString(),
-    config: {
-      enabled: config.enabled,
-      runMaxDurationMs: config.runMaxDurationMs,
-      runMaxTokens: config.runMaxTokens,
-      runIdleMs: config.runIdleMs,
-      loopWindow: config.loopWindow,
-      loopMax: config.loopMax,
-      runMaxCost: config.runMaxCost ?? 1.0,
-    },
-  };
-  fs.writeFileSync(filePath, JSON.stringify(payload, null, 2), { mode: 0o600 });
-}
-
-/** Merge saved limits from disk into the live Sentinel singleton (env wins per field). */
-export function mergePersistedSentinelConfig(sentinel: Sentinel): boolean {
-  const saved = loadSentinelLimitsFromDisk();
-  if (!saved) return false;
-
-  const current = sentinel.getConfig();
-  const merged: SentinelConfig = { ...current };
-
-  for (const { field } of ENV_FIELD_KEYS) {
-    if (envDefinesField(field)) continue;
-    (merged as any)[field] = saved[field];
-  }
-
-  try {
-    sentinel.updateConfig(merged);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Apply saved limits on Gateway boot. Env-defined fields keep env values.
- */
-export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
-  info: (msg: string, meta?: Record<string, unknown>) => void;
-  warn: (msg: string, meta?: Record<string, unknown>) => void;
-}): boolean {
-  const filePath = getSentinelLimitsFilePath();
-  const saved = loadSentinelLimitsFromDisk();
-  
-  if (!saved) {
-    logger?.info('No Sentinel limits file found on disk (will use env defaults)', {
-      expectedPath: filePath,
-    });
-    return false;
-  }
-
-  // Check which env vars are set and will override the disk values
-  const envOverrides: string[] = [];
-  const diskApplied: string[] = [];
-  
-  for (const { field, envKeys } of ENV_FIELD_KEYS) {
-    if (envDefinesField(field)) {
-      const activeEnv = envKeys.find(k => process.env[k] !== undefined && process.env[k]?.trim() !== '');
-      if (activeEnv) {
-        envOverrides.push(`${field} (via ${activeEnv}=${process.env[activeEnv]})`);
-      }
-    } else {
-      diskApplied.push(`${field}=${saved[field]}`);
-    }
-  }
-
-  const ok = mergePersistedSentinelConfig(sentinel);
-  
-  if (ok) {
-    const finalConfig = sentinel.getConfig();
-    logger?.info('✅ Sentinel limits loaded from disk and merged', {
-      diskPath: filePath,
-      diskValues: saved,
-      envOverrides: envOverrides.length > 0 ? envOverrides : 'none',
-      diskAppliedFields: diskApplied.length > 0 ? diskApplied : 'none (all env-overridden)',
-      finalActiveConfig: finalConfig,
-    });
-  } else {
-    logger?.warn('Failed to apply Sentinel limits from disk', {
-      diskPath: filePath,
-      savedConfig: saved,
-    });
-  }
-  
-  return ok;
-}
-
-/** Call before returning policy config to clients so long-lived Gateway picks up disk saves. */
-export function hydrateSentinelConfigFromDisk(sentinel: Sentinel): void {
-  mergePersistedSentinelConfig(sentinel);
-}
-
-export function persistSentinelConfigAfterApply(
-  sentinel: Sentinel,
-  config: SentinelConfig,
-  logger?: {
-    info: (msg: string, meta?: Record<string, unknown>) => void;
-  }
-): string {
-  const filePath = getSentinelLimitsFilePath();
-  saveSentinelLimitsToDisk(config);
-  
-  logger?.info('✅ Sentinel limits saved to disk', {
-    path: filePath,
-    config: config,
-    note: 'Survives Gateway restart. Env vars in docker-compose override individual fields when set.',
-  });
-  
-  return filePath;
-}
+/**
+ * Persist operator Sentinel limits to disk (survives Gateway restart).
+ * File: {4Runr data dir}/config/sentinel-limits.json
+ *
+ * Boot order: env defaults (packages/sentinel) → overlay saved file when present.
+ * Explicit env vars for a field are not overwritten by the saved file.
+ */
+
+import * as fs from 'fs';
+import * as path from 'path';
+import { get4RunrConfigDir } from '@4runr/shared';
+import { Sentinel, type SentinelConfig } from '@4runr/sentinel';
+
+const FILE_NAME = 'sentinel-limits.json';
+
+const ENV_FIELD_KEYS: Array<{
+  field: keyof SentinelConfig;
+  envKeys: string[];
+}> = [
+  { field: 'enabled', envKeys: ['SENTINEL_ENABLED'] },
+  { field: 'runMaxDurationMs', envKeys: ['RUN_MAX_DURATION_MS'] },
+  { field: 'runMaxTokens', envKeys: ['RUN_MAX_TOKENS'] },
+  { field: 'runIdleMs', envKeys: ['SENTINEL_IDLE_MS', 'RUN_IDLE_MS'] },
+  { field: 'loopWindow', envKeys: ['SENTINEL_LOOP_WINDOW'] },
+  { field: 'loopMax', envKeys: ['SENTINEL_LOOP_MAX'] },
+  { field: 'runMaxCost', envKeys: ['RUN_MAX_COST', 'SENTINEL_MAX_COST'] },
+];
+
+export function getSentinelLimitsFilePath(): string {
+  return path.join(get4RunrConfigDir(), FILE_NAME);
+}
+
+function envDefinesField(field: keyof SentinelConfig): boolean {
+  const entry = ENV_FIELD_KEYS.find((e) => e.field === field);
+  if (!entry) return false;
+  return entry.envKeys.some((k) => {
+    const v = process.env[k];
+    return v !== undefined && v.trim() !== '';
+  });
+}
+
+function parseSavedPayload(raw: unknown): SentinelConfig | null {
+  if (!raw || typeof raw !== 'object') return null;
+  const o = raw as Record<string, unknown>;
+  const num = (key: string): number | undefined => {
+    const v = o[key];
+    if (typeof v === 'number' && Number.isFinite(v)) return v;
+    return undefined;
+  };
+  const enabled = o['enabled'];
+  if (typeof enabled !== 'boolean') return null;
+  const runMaxDurationMs = num('runMaxDurationMs');
+  const runMaxTokens = num('runMaxTokens');
+  const runIdleMs = num('runIdleMs');
+  const loopWindow = num('loopWindow');
+  const loopMax = num('loopMax');
+  if (
+    runMaxDurationMs === undefined ||
+    runMaxTokens === undefined ||
+    runIdleMs === undefined ||
+    loopWindow === undefined ||
+    loopMax === undefined
+  ) {
+    return null;
+  }
+  const runMaxCost = num('runMaxCost');
+  return {
+    enabled,
+    runMaxDurationMs,
+    runMaxTokens,
+    runIdleMs,
+    loopWindow,
+    loopMax,
+    ...(runMaxCost !== undefined ? { runMaxCost } : {}),
+  };
+}
+
+export function loadSentinelLimitsFromDisk(): SentinelConfig | null {
+  const filePath = getSentinelLimitsFilePath();
+  try {
+    if (!fs.existsSync(filePath)) return null;
+    const text = fs.readFileSync(filePath, 'utf8');
+    const parsed = JSON.parse(text) as unknown;
+    const inner =
+      parsed && typeof parsed === 'object' && 'config' in (parsed as object)
+        ? (parsed as { config: unknown }).config
+        : parsed;
+    return parseSavedPayload(inner);
+  } catch {
+    return null;
+  }
+}
+
+export function saveSentinelLimitsToDisk(config: SentinelConfig): void {
+  const filePath = getSentinelLimitsFilePath();
+  const payload = {
+    version: 1,
+    updatedAt: new Date().toISOString(),
+    config: {
+      enabled: config.enabled,
+      runMaxDurationMs: config.runMaxDurationMs,
+      runMaxTokens: config.runMaxTokens,
+      runIdleMs: config.runIdleMs,
+      loopWindow: config.loopWindow,
+      loopMax: config.loopMax,
+      runMaxCost: config.runMaxCost ?? 1.0,
+    },
+  };
+  fs.writeFileSync(filePath, JSON.stringify(payload, null, 2), { mode: 0o600 });
+}
+
+/** Merge saved limits from disk into the live Sentinel singleton (env wins per field). */
+export function mergePersistedSentinelConfig(sentinel: Sentinel): boolean {
+  const saved = loadSentinelLimitsFromDisk();
+  if (!saved) return false;
+
+  const current = sentinel.getConfig();
+  const merged: SentinelConfig = { ...current };
+
+  for (const { field } of ENV_FIELD_KEYS) {
+    if (envDefinesField(field)) continue;
+    (merged as any)[field] = saved[field];
+  }
+
+  try {
+    sentinel.updateConfig(merged);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Apply saved limits on Gateway boot. Env-defined fields keep env values.
+ */
+export function applyPersistedSentinelConfig(sentinel: Sentinel, logger?: {
+  info: (msg: string, meta?: Record<string, unknown>) => void;
+  warn: (msg: string, meta?: Record<string, unknown>) => void;
+}): boolean {
+  const filePath = getSentinelLimitsFilePath();
+  const saved = loadSentinelLimitsFromDisk();
+  
+  if (!saved) {
+    logger?.info('No Sentinel limits file found on disk (will use env defaults)', {
+      expectedPath: filePath,
+    });
+    return false;
+  }
+
+  // Check which env vars are set and will override the disk values
+  const envOverrides: string[] = [];
+  const diskApplied: string[] = [];
+  
+  for (const { field, envKeys } of ENV_FIELD_KEYS) {
+    if (envDefinesField(field)) {
+      const activeEnv = envKeys.find(k => process.env[k] !== undefined && process.env[k]?.trim() !== '');
+      if (activeEnv) {
+        envOverrides.push(`${field} (via ${activeEnv}=${process.env[activeEnv]})`);
+      }
+    } else {
+      diskApplied.push(`${field}=${saved[field]}`);
+    }
+  }
+
+  const ok = mergePersistedSentinelConfig(sentinel);
+  
+  if (ok) {
+    const finalConfig = sentinel.getConfig();
+    logger?.info('✅ Sentinel limits loaded from disk and merged', {
+      diskPath: filePath,
+      diskValues: saved,
+      envOverrides: envOverrides.length > 0 ? envOverrides : 'none',
+      diskAppliedFields: diskApplied.length > 0 ? diskApplied : 'none (all env-overridden)',
+      finalActiveConfig: finalConfig,
+    });
+  } else {
+    logger?.warn('Failed to apply Sentinel limits from disk', {
+      diskPath: filePath,
+      savedConfig: saved,
+    });
+  }
+  
+  return ok;
+}
+
+/** Call before returning policy config to clients so long-lived Gateway picks up disk saves. */
+export function hydrateSentinelConfigFromDisk(sentinel: Sentinel): void {
+  mergePersistedSentinelConfig(sentinel);
+}
+
+export function persistSentinelConfigAfterApply(
+  sentinel: Sentinel,
+  config: SentinelConfig,
+  logger?: {
+    info: (msg: string, meta?: Record<string, unknown>) => void;
+  }
+): string {
+  const filePath = getSentinelLimitsFilePath();
+  saveSentinelLimitsToDisk(config);
+  
+  logger?.info('✅ Sentinel limits saved to disk', {
+    path: filePath,
+    config: config,
+    note: 'Survives Gateway restart. Env vars in docker-compose override individual fields when set.',
+  });
+  
+  return filePath;
+}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "4runr-os",
-  "version": "2.10.68",
+  "version": "2.10.69",
   "type": "module",
-  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.68: Fix Windows relaunch after auto-update (opens new 4Runr window).",
+  "description": "4Runr AI Agent OS - Secure terminal interface for AI agents. v2.10.69: Bundle pre-built Windows mk3-tui binary so 4r launches without a local Rust build.",
   "main": "dist/index.js",
   "bin": {
     "4runr": "dist/index.js",

package/scripts/os-tools-smoke.cjs

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 /**
  * OS-first smoke for 4Runr Tools (Sentinel + Shield) against a live Gateway.
  *