@agentguard-run/spend 0.4.0 → 0.4.2

package/src/{coach → advisor}/conversation.ts

@@ -1,5 +1,5 @@
 /**
- * AgentGuard(TM) Spend: Coach conversation state.
+ * AgentGuard(TM) Spend: Advisor conversation state.
  *
  * Patent notice: Protected by U.S. patent-pending technology
  * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
@@ -9,24 +9,26 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import type { CapabilityTier, SpendCap, SpendPolicy } from '../types';
+import { applyPostureCapability, normalizePosture, postureProfile, suggestPostureForVertical, type GovernancePosture } from './posture';
 
-export type CoachQuestionId = 'building' | 'scale' | 'tasks' | 'budget' | 'confirm';
+export type AdvisorQuestionId = 'building' | 'posture' | 'scale' | 'tasks' | 'budget' | 'confirm';
 
-export interface CoachQuestion {
-  id: CoachQuestionId;
+export interface AdvisorQuestion {
+  id: AdvisorQuestionId;
   prompt: string;
 }
 
-export interface CoachAnswers {
+export interface AdvisorAnswers {
   building?: string;
   scale?: string;
   tasks?: string;
   budget?: string;
   confirm?: string;
   language?: 'ts' | 'py';
+  posture?: GovernancePosture;
 }
 
-export interface CoachBusinessProfile {
+export interface AdvisorBusinessProfile {
   vertical: string;
   tenantId: string;
   teamSize: number;
@@ -41,6 +43,7 @@ export interface CoachBusinessProfile {
   perMonthCapCents: number;
   scopeLabel: string;
   language: 'ts' | 'py';
+  posture: GovernancePosture;
 }
 
 export interface ProjectedSavingsRow {
@@ -58,8 +61,9 @@ export interface ProjectedSavings {
   savingsPercent: number;
 }
 
-export const COACH_QUESTIONS: CoachQuestion[] = [
+export const ADVISOR_QUESTIONS: AdvisorQuestion[] = [
   { id: 'building', prompt: 'What are you building or running? Include your business type and the agent workflow.' },
+  { id: 'posture', prompt: 'Confirm or change governance posture: Velocity / Standard / Compliance.' },
   { id: 'scale', prompt: 'How big is the team and roughly how many AI calls, tickets, orders, encounters, matters, or jobs happen per month?' },
   { id: 'tasks', prompt: 'What are the top 3 AI tasks this agent will perform?' },
   { id: 'budget', prompt: 'What monthly AI budget or per-task ceiling should this stay under?' },
@@ -77,51 +81,77 @@ const VERTICAL_HINTS: Array<{ vertical: string; needles: string[]; scopeLabel: s
   { vertical: 'local-services', needles: ['salon', 'gym', 'restaurant', 'landscaping', 'construction', 'photography', 'fitness', 'pet'], scopeLabel: 'job', capability: 'data_write', primary: 'openai/gpt-5-mini', fallback: 'openai/gpt-4o-mini', perCall: 25 },
 ];
 
-export class CoachConversation {
-  private answers: CoachAnswers = {};
+export class AdvisorConversation {
+  private answers: AdvisorAnswers = {};
   private index = 0;
 
-  constructor(initial?: CoachAnswers) {
+  constructor(initial?: AdvisorAnswers) {
     if (initial) this.answers = { ...initial };
     this.index = firstMissingIndex(this.answers);
   }
 
-  currentQuestion(): CoachQuestion | null {
-    return COACH_QUESTIONS[this.index] ?? null;
+  currentQuestion(): AdvisorQuestion | null {
+    const question = ADVISOR_QUESTIONS[this.index] ?? null;
+    if (question?.id !== 'posture') return question;
+    const vertical = detectVertical(this.answers.building ?? '');
+    const suggested = suggestPostureForVertical(vertical);
+    return {
+      id: 'posture',
+      prompt: `Based on ${vertical}, we suggest ${suggested} governance posture. Confirm or change: Velocity / Standard / Compliance.`,
+    };
   }
 
   answer(value: string): void {
     const question = this.currentQuestion();
     if (!question) return;
+    if (question.id === 'posture') {
+      this.answers.posture = normalizePosture(value) ?? suggestedPostureForText(this.answers.building ?? '');
+      return;
+    }
     this.answers[question.id] = value.trim();
   }
 
-  next(): CoachQuestion | null {
-    this.index = Math.min(this.index + 1, COACH_QUESTIONS.length);
+  next(): AdvisorQuestion | null {
+    this.index = Math.min(this.index + 1, ADVISOR_QUESTIONS.length);
     return this.currentQuestion();
   }
 
-  back(): CoachQuestion | null {
+  back(): AdvisorQuestion | null {
     this.index = Math.max(0, this.index - 1);
     return this.currentQuestion();
   }
 
   isComplete(): boolean {
-    return COACH_QUESTIONS.every((question) => Boolean(this.answers[question.id]?.trim()));
+    return ADVISOR_QUESTIONS.every((question) => Boolean(this.answers[question.id]?.trim()));
   }
 
-  snapshot(): CoachAnswers {
+  snapshot(): AdvisorAnswers {
     return { ...this.answers };
   }
 
-  profile(cwd = process.cwd()): CoachBusinessProfile {
+  setPosture(posture: GovernancePosture): void {
+    this.answers.posture = posture;
+  }
+
+  profile(cwd = process.cwd()): AdvisorBusinessProfile {
     return buildBusinessProfile(this.answers, cwd);
   }
 }
 
-export function buildBusinessProfile(answers: CoachAnswers, cwd = process.cwd()): CoachBusinessProfile {
+export function detectVertical(text: string): string {
+  const joined = text.toLowerCase();
+  return (VERTICAL_HINTS.find((candidate) => candidate.needles.some((needle) => joined.includes(needle))) ?? VERTICAL_HINTS[0]!).vertical;
+}
+
+export function suggestedPostureForText(text: string): GovernancePosture {
+  return suggestPostureForVertical(detectVertical(text));
+}
+
+
+export function buildBusinessProfile(answers: AdvisorAnswers, cwd = process.cwd()): AdvisorBusinessProfile {
   const joined = `${answers.building ?? ''} ${answers.scale ?? ''} ${answers.tasks ?? ''}`.toLowerCase();
   const hint = VERTICAL_HINTS.find((candidate) => candidate.needles.some((needle) => joined.includes(needle))) ?? VERTICAL_HINTS[0]!;
+  const posture = answers.posture ?? suggestPostureForVertical(hint.vertical);
   const scale = parseScale(answers.scale ?? '');
   const budgetCents = parseBudgetCents(answers.budget ?? '', Math.max(4900, Math.ceil(scale.monthlyVolume * hint.perCall * 0.35)));
   const tasks = parseTasks(answers.tasks ?? answers.building ?? hint.vertical);
@@ -134,7 +164,7 @@ export function buildBusinessProfile(answers: CoachAnswers, cwd = process.cwd())
     monthlyVolume: scale.monthlyVolume,
     tasks,
     monthlyBudgetCents: perMonthCapCents,
-    requiredCapability: capabilityFor(joined, hint.capability),
+    requiredCapability: capabilityFor(joined, hint.capability, posture),
     primaryModel: hint.primary,
     fallbackModel: hint.fallback,
     perCallCapCents: hint.perCall,
@@ -142,18 +172,31 @@ export function buildBusinessProfile(answers: CoachAnswers, cwd = process.cwd())
     perMonthCapCents,
     scopeLabel: hint.scopeLabel,
     language: answers.language ?? detectProjectLanguage(cwd),
+    posture,
   };
 }
 
-export function buildPolicyFromProfile(profile: CoachBusinessProfile): SpendPolicy {
+export function buildPolicyFromProfile(profile: AdvisorBusinessProfile): SpendPolicy {
+  const posture = postureProfile(profile.posture);
+  const conservativeBlock = profile.posture === 'compliance' && profile.requiredCapability !== 'read_only';
+  const perCallAmount = profile.posture === 'velocity'
+    ? Math.max(1, Math.ceil(profile.perCallCapCents * 0.6))
+    : profile.perCallCapCents;
   const caps: SpendCap[] = [
-    {
-      amountCents: profile.perCallCapCents,
-      window: 'per_call',
-      action: 'downgrade',
-      downgradeTo: profile.fallbackModel,
-      reason: 'Per-call budget reached, route to fallback model',
-    },
+    conservativeBlock
+      ? {
+          amountCents: perCallAmount,
+          window: 'per_call',
+          action: 'block',
+          reason: 'Per-call regulated capability budget reached',
+        }
+      : {
+          amountCents: perCallAmount,
+          window: 'per_call',
+          action: 'downgrade',
+          downgradeTo: profile.fallbackModel,
+          reason: 'Per-call budget reached, route to fallback model',
+        },
     {
       amountCents: profile.perDayCapCents,
       window: 'per_day',
@@ -168,18 +211,18 @@ export function buildPolicyFromProfile(profile: CoachBusinessProfile): SpendPoli
     },
   ];
   return {
-    id: `coach-${profile.vertical}-v1`,
-    name: `Coach generated ${profile.vertical} policy`,
+    id: `advisor-${profile.vertical}-v1`,
+    name: `Advisor generated ${profile.vertical} policy`,
     scope: { tenantId: profile.tenantId },
     caps,
-    mode: 'enforce',
+    mode: posture.defaultMode,
     requiredCapability: profile.requiredCapability,
     version: 1,
     effectiveFrom: new Date().toISOString(),
   };
 }
 
-export function projectedSavings(profile: CoachBusinessProfile): ProjectedSavings {
+export function projectedSavings(profile: AdvisorBusinessProfile): ProjectedSavings {
   const heavyPerCall = Math.max(profile.perCallCapCents * 4, 100);
   const routedPerCall = Math.max(1, Math.ceil(profile.perCallCapCents * 0.45));
   const monthlyBeforeCents = profile.monthlyVolume * heavyPerCall;
@@ -211,9 +254,9 @@ export function detectProjectLanguage(cwd: string): 'ts' | 'py' {
   return 'ts';
 }
 
-function firstMissingIndex(answers: CoachAnswers): number {
-  const index = COACH_QUESTIONS.findIndex((question) => !answers[question.id]?.trim());
-  return index === -1 ? COACH_QUESTIONS.length : index;
+function firstMissingIndex(answers: AdvisorAnswers): number {
+  const index = ADVISOR_QUESTIONS.findIndex((question) => !answers[question.id]?.trim());
+  return index === -1 ? ADVISOR_QUESTIONS.length : index;
 }
 
 function parseScale(value: string): { teamSize: number; monthlyVolume: number } {
@@ -241,8 +284,6 @@ function tenantIdFromBusiness(value: string): string {
   return cleaned || 'local-business';
 }
 
-function capabilityFor(text: string, fallback: CapabilityTier): CapabilityTier {
-  if (/refund|payment|charge|dispute|money|invoice/.test(text)) return 'payment_initiate';
-  if (/write|update|ledger|chart|patient|health|phi|sox|legal|contract|tax|student|employment/.test(text)) return 'data_write';
-  return fallback;
+function capabilityFor(text: string, fallback: CapabilityTier, posture: GovernancePosture): CapabilityTier {
+  return applyPostureCapability(posture, text, fallback);
 }

package/src/{coach → advisor}/forecast.ts

@@ -1,5 +1,5 @@
 /**
- * AgentGuard(TM) Spend: local Coach forecast skeleton.
+ * AgentGuard(TM) Spend: local Advisor forecast skeleton.
  *
  * Reads local decision logs only. No network calls are made.
  *
@@ -8,9 +8,9 @@
  * 64/071,781; 64/071,789).
  */
 
-import type { CoachSpendPoint } from './anomaly';
+import type { AdvisorSpendPoint } from './anomaly';
 
-export interface CoachForecast {
+export interface AdvisorForecast {
   daysObserved: number;
   monthEndCents: number;
   capCents: number | null;
@@ -18,7 +18,7 @@ export interface CoachForecast {
   message: string;
 }
 
-export function forecastMonthEnd(points: CoachSpendPoint[], capCents: number | null = null, now = new Date()): CoachForecast {
+export function forecastMonthEnd(points: AdvisorSpendPoint[], capCents: number | null = null, now = new Date()): AdvisorForecast {
   const daily = lastThirtyDaily(points, now);
   if (daily.length === 0) {
     return { daysObserved: 0, monthEndCents: 0, capCents, overCap: false, message: 'No local spend history found.' };
@@ -40,7 +40,7 @@ export function forecastMonthEnd(points: CoachSpendPoint[], capCents: number | n
   };
 }
 
-function lastThirtyDaily(points: CoachSpendPoint[], now: Date): Array<{ day: string; cents: number }> {
+function lastThirtyDaily(points: AdvisorSpendPoint[], now: Date): Array<{ day: string; cents: number }> {
   const cutoff = now.getTime() - 30 * 24 * 60 * 60 * 1000;
   const buckets = new Map<string, number>();
   for (const point of points) {

package/src/{coach → advisor}/llm-client.ts

@@ -1,5 +1,5 @@
 /**
- * AgentGuard(TM) Spend: local Coach LLM client.
+ * AgentGuard(TM) Spend: local Advisor LLM client.
  *
  * All provider calls go from the customer terminal to the configured provider.
  * No AgentGuard service is contacted for prompts or completions.
@@ -13,15 +13,15 @@ import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 
-export type CoachProvider = 'openrouter' | 'openai' | 'anthropic' | 'compatible' | 'mock';
+export type AdvisorProvider = 'openrouter' | 'openai' | 'anthropic' | 'compatible' | 'mock';
 
-export interface CoachChatMessage {
+export interface AdvisorChatMessage {
   role: 'system' | 'user' | 'assistant';
   content: string;
 }
 
-export interface CoachClientOptions {
-  provider?: CoachProvider;
+export interface AdvisorClientOptions {
+  provider?: AdvisorProvider;
   apiKey?: string;
   baseUrl?: string;
   model?: string;
@@ -29,11 +29,11 @@ export interface CoachClientOptions {
   fetchImpl?: FetchLike;
 }
 
-export interface CoachClient {
-  provider: CoachProvider;
+export interface AdvisorClient {
+  provider: AdvisorProvider;
   model: string;
   baseUrl: string;
-  streamChat(messages: CoachChatMessage[], signal?: AbortSignalLike): AsyncIterable<string>;
+  streamChat(messages: AdvisorChatMessage[], signal?: AbortSignalLike): AsyncIterable<string>;
 }
 
 type FetchLike = (url: string, init: Record<string, unknown>) => Promise<any>;
@@ -53,12 +53,12 @@ const DEFAULT_OPENAI_BASE_URL = 'https://api.openai.com/v1';
 const DEFAULT_ANTHROPIC_BASE_URL = 'https://api.anthropic.com/v1';
 const DEFAULT_MODEL = 'openai/gpt-4o-mini';
 
-export function resolveCoachApiKey(provider: CoachProvider = 'openrouter', explicit?: string): string | null {
+export function resolveAdvisorApiKey(provider: AdvisorProvider = 'openrouter', explicit?: string): string | null {
   if (explicit?.trim()) return explicit.trim();
   if (provider === 'openai' && process.env.OPENAI_API_KEY) return process.env.OPENAI_API_KEY;
   if (provider === 'anthropic' && process.env.ANTHROPIC_API_KEY) return process.env.ANTHROPIC_API_KEY;
   if ((provider === 'openrouter' || provider === 'compatible') && process.env.OPENROUTER_API_KEY) return process.env.OPENROUTER_API_KEY;
-  if (process.env.AGENTGUARD_COACH_API_KEY) return process.env.AGENTGUARD_COACH_API_KEY;
+  if (process.env.AGENTGUARD_ADVISOR_API_KEY) return process.env.AGENTGUARD_ADVISOR_API_KEY;
   try {
     const key = fs.readFileSync(path.join(agentguardHome(), 'openrouter-key'), 'utf8').trim();
     return key.length > 0 ? key : null;
@@ -67,23 +67,23 @@ export function resolveCoachApiKey(provider: CoachProvider = 'openrouter', expli
   }
 }
 
-export function createCoachClient(options: CoachClientOptions = {}): CoachClient {
+export function createAdvisorClient(options: AdvisorClientOptions = {}): AdvisorClient {
   const provider = options.provider ?? providerFromBaseUrl(options.baseUrl) ?? 'openrouter';
   const model = options.model ?? (provider === 'anthropic' ? 'claude-sonnet-4-6' : DEFAULT_MODEL);
   const baseUrl = normalizeBaseUrl(options.baseUrl ?? defaultBaseUrl(provider));
   const fetchImpl = options.fetchImpl ?? globalFetch;
-  const apiKey = resolveCoachApiKey(provider, options.apiKey);
+  const apiKey = resolveAdvisorApiKey(provider, options.apiKey);
 
   return {
     provider,
     model,
     baseUrl,
-    async *streamChat(messages: CoachChatMessage[], signal?: AbortSignalLike): AsyncIterable<string> {
+    async *streamChat(messages: AdvisorChatMessage[], signal?: AbortSignalLike): AsyncIterable<string> {
       if (provider === 'mock') {
-        yield 'Mock coach response.';
+        yield 'Mock advisor response.';
         return;
       }
-      if (!apiKey) throw new Error('No Coach API key configured');
+      if (!apiKey) throw new Error('No Advisor API key configured');
       if (provider === 'anthropic') {
         yield* streamAnthropic({ fetchImpl, baseUrl, model, apiKey, messages, signal, timeoutMs: options.timeoutMs });
       } else {
@@ -98,7 +98,7 @@ async function* streamOpenAICompatible(args: {
   baseUrl: string;
   model: string;
   apiKey: string;
-  messages: CoachChatMessage[];
+  messages: AdvisorChatMessage[];
   signal?: AbortSignalLike;
   timeoutMs?: number;
 }): AsyncIterable<string> {
@@ -116,7 +116,7 @@ async function* streamOpenAICompatible(args: {
       body: JSON.stringify({ model: args.model, messages: args.messages, stream: true }),
       signal,
     });
-    if (!response.ok) throw new Error(`Coach provider HTTP ${response.status}`);
+    if (!response.ok) throw new Error(`Advisor provider HTTP ${response.status}`);
     yield* parseSseResponse(response, (json) => json?.choices?.[0]?.delta?.content ?? json?.choices?.[0]?.message?.content ?? '');
   } finally {
     clearTimeout(timer);
@@ -128,7 +128,7 @@ async function* streamAnthropic(args: {
   baseUrl: string;
   model: string;
   apiKey: string;
-  messages: CoachChatMessage[];
+  messages: AdvisorChatMessage[];
   signal?: AbortSignalLike;
   timeoutMs?: number;
 }): AsyncIterable<string> {
@@ -149,7 +149,7 @@ async function* streamAnthropic(args: {
       body: JSON.stringify({ model: args.model, system, messages, max_tokens: 1200, stream: true }),
       signal,
     });
-    if (!response.ok) throw new Error(`Coach provider HTTP ${response.status}`);
+    if (!response.ok) throw new Error(`Advisor provider HTTP ${response.status}`);
     yield* parseSseResponse(response, (json) => json?.delta?.text ?? json?.content_block?.text ?? '');
   } finally {
     clearTimeout(timer);
@@ -201,7 +201,7 @@ function chunkToString(chunk: unknown): string {
   return String(chunk ?? '');
 }
 
-function defaultBaseUrl(provider: CoachProvider): string {
+function defaultBaseUrl(provider: AdvisorProvider): string {
   if (provider === 'openai') return DEFAULT_OPENAI_BASE_URL;
   if (provider === 'anthropic') return DEFAULT_ANTHROPIC_BASE_URL;
   return DEFAULT_OPENROUTER_BASE_URL;
@@ -211,7 +211,7 @@ function normalizeBaseUrl(value: string): string {
   return value.replace(/\/+$/, '');
 }
 
-function providerFromBaseUrl(baseUrl?: string): CoachProvider | null {
+function providerFromBaseUrl(baseUrl?: string): AdvisorProvider | null {
   if (!baseUrl) return null;
   if (baseUrl.includes('anthropic.com')) return 'anthropic';
   if (baseUrl.includes('openai.com')) return 'openai';

package/src/{coach → advisor}/output.ts

@@ -1,8 +1,8 @@
 /**
- * AgentGuard(TM) Spend: Coach output writers.
+ * AgentGuard(TM) Spend: Advisor output writers.
  *
  * Files are written locally under ~/.agentguard by default. Conversation logs
- * stay in ~/.agentguard/coach-sessions and are never uploaded by this SDK.
+ * stay in ~/.agentguard/advisor-sessions and are never uploaded by this SDK.
  *
  * Patent notice: Protected by U.S. patent-pending technology
  * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
@@ -17,18 +17,19 @@ import {
   buildPolicyFromProfile,
   formatCents,
   projectedSavings,
-  type CoachBusinessProfile,
+  type AdvisorBusinessProfile,
   type ProjectedSavings,
 } from './conversation';
+import { postureProfile } from './posture';
 
-export interface CoachOutputOptions {
+export interface AdvisorOutputOptions {
   home?: string;
   now?: Date;
   language?: 'ts' | 'py';
   overwrite?: boolean;
 }
 
-export interface CoachOutputs {
+export interface AdvisorOutputs {
   policy: SpendPolicy;
   policyPath: string;
   quickstartPath: string;
@@ -39,7 +40,7 @@ export interface CoachOutputs {
   savingsTable: string;
 }
 
-export interface CoachSessionLogger {
+export interface AdvisorSessionLogger {
   path: string;
   append: (event: string, payload?: Record<string, unknown>) => void;
 }
@@ -48,12 +49,12 @@ export function agentguardHome(): string {
   return process.env.AGENTGUARD_HOME || path.join(os.homedir(), '.agentguard');
 }
 
-export function coachSessionDir(home = agentguardHome()): string {
-  return path.join(home, 'coach-sessions');
+export function advisorSessionDir(home = agentguardHome()): string {
+  return path.join(home, 'advisor-sessions');
 }
 
-export function createCoachSessionLogger(home = agentguardHome(), now = new Date()): CoachSessionLogger {
-  const dir = coachSessionDir(home);
+export function createAdvisorSessionLogger(home = agentguardHome(), now = new Date()): AdvisorSessionLogger {
+  const dir = advisorSessionDir(home);
   fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
   const stamp = now.toISOString().replace(/[:.]/g, '-');
   const file = path.join(dir, `${stamp}.jsonl`);
@@ -67,10 +68,10 @@ export function createCoachSessionLogger(home = agentguardHome(), now = new Date
   };
 }
 
-export function writeCoachOutputs(profile: CoachBusinessProfile, options: CoachOutputOptions = {}): CoachOutputs {
+export function writeAdvisorOutputs(profile: AdvisorBusinessProfile, options: AdvisorOutputOptions = {}): AdvisorOutputs {
   const home = options.home ?? agentguardHome();
   const language = options.language ?? profile.language;
-  const sessionDir = coachSessionDir(home);
+  const sessionDir = advisorSessionDir(home);
   fs.mkdirSync(home, { recursive: true, mode: 0o700 });
   fs.mkdirSync(sessionDir, { recursive: true, mode: 0o700 });
 
@@ -92,7 +93,7 @@ export function writeCoachOutputs(profile: CoachBusinessProfile, options: CoachO
   return { policy, policyPath, quickstartPath, sessionDir, savings, policyYaml, quickstartCode, savingsTable };
 }
 
-export function renderPolicyYaml(policy: SpendPolicy, profile: CoachBusinessProfile, now = new Date()): string {
+export function renderPolicyYaml(policy: SpendPolicy, profile: AdvisorBusinessProfile, now = new Date()): string {
   const caps = policy.caps.map((cap) => {
     const lines = [
       `  # WHY: ${whyForWindow(cap.window)}`,
@@ -105,14 +106,41 @@ export function renderPolicyYaml(policy: SpendPolicy, profile: CoachBusinessProf
     return lines.join('\n');
   }).join('\n');
   const tasks = profile.tasks.map((task) => `  - ${quoteYaml(task)}`).join('\n');
-  return `# AgentGuard Spend policy generated by agentguard coach\n# Generated at: ${now.toISOString()}\n# Scope key: ${profile.scopeLabel}\nid: ${policy.id}\nname: ${quoteYaml(policy.name)}\nversion: ${policy.version}\neffectiveFrom: ${quoteYaml(policy.effectiveFrom)}\nmode: ${policy.mode}\nrequiredCapability: ${policy.requiredCapability ?? 'read_only'}\nscope:\n  tenantId: ${quoteYaml(policy.scope.tenantId)}\nmodels:\n  primary: ${profile.primaryModel}\n  fallback: ${profile.fallbackModel}\ntasks:\n${tasks}\ncaps:\n${caps}\nsystemInstructions: |\n${indent(systemInstructions(profile), 2)}\n`;
-}
-
-export function renderQuickstartTs(policy: SpendPolicy, profile: CoachBusinessProfile): string {
+  const posture = postureProfile(profile.posture);
+  const canary = posture.canaryPercent === undefined ? '' : `  canaryPercent: ${posture.canaryPercent}\n`;
+  return `# AgentGuard Spend policy generated by agentguard advisor
+# Generated at: ${now.toISOString()}
+# Scope key: ${profile.scopeLabel}
+id: ${policy.id}
+name: ${quoteYaml(policy.name)}
+version: ${policy.version}
+effectiveFrom: ${quoteYaml(policy.effectiveFrom)}
+mode: ${policy.mode}
+requiredCapability: ${policy.requiredCapability ?? 'read_only'}
+scope:
+  tenantId: ${quoteYaml(policy.scope.tenantId)}
+models:
+  primary: ${profile.primaryModel}
+  fallback: ${profile.fallbackModel}
+governancePosture:
+  posture: ${profile.posture}
+  auditRetentionDays: ${posture.auditRetentionDays}
+  approvalGates: ${posture.approvalGates}
+  downgradeStyle: ${posture.downgradeStyle}
+${canary}tasks:
+${tasks}
+caps:
+${caps}
+systemInstructions: |
+${indent(systemInstructions(profile), 2)}
+`;
+}
+
+export function renderQuickstartTs(policy: SpendPolicy, profile: AdvisorBusinessProfile): string {
   return `import OpenAI from 'openai';\nimport { withSpendGuard, type SpendPolicy } from '@agentguard-run/spend';\n\nconst policy: SpendPolicy = ${JSON.stringify(policy, null, 2)};\n\nconst openrouter = new OpenAI({\n  baseURL: 'https://openrouter.ai/api/v1',\n  apiKey: process.env.OPENROUTER_API_KEY,\n});\n\nexport const guardedClient = withSpendGuard(openrouter, {\n  policy,\n  scope: { tenantId: '${escapeTs(profile.tenantId)}', agentId: '${escapeTs(profile.vertical)}' },\n  capabilityClaim: '${policy.requiredCapability ?? 'read_only'}',\n});\n\nexport async function runGuardedTask(prompt: string) {\n  return guardedClient.chat.completions.create({\n    model: '${escapeTs(profile.primaryModel)}',\n    messages: [{ role: 'user', content: prompt }],\n  });\n}\n`;
 }
 
-export function renderQuickstartPy(policy: SpendPolicy, profile: CoachBusinessProfile): string {
+export function renderQuickstartPy(policy: SpendPolicy, profile: AdvisorBusinessProfile): string {
   const caps = policy.caps.map((cap) => {
     const args = [`amountCents=${cap.amountCents}`, `window='${cap.window}'`, `action='${cap.action}'`];
     if (cap.downgradeTo) args.push(`downgradeTo='${escapePy(cap.downgradeTo)}'`);
@@ -150,8 +178,9 @@ function whyForWindow(window: string): string {
   return 'Limits spend inside the selected time window.';
 }
 
-function systemInstructions(profile: CoachBusinessProfile): string {
-  return `Run ${profile.vertical} tasks with ${profile.requiredCapability} capability. Prefer ${profile.primaryModel} for high-value work and ${profile.fallbackModel} for routine work. Keep evidence pointers in outputs and escalate anything outside the configured capability tier.`;
+function systemInstructions(profile: AdvisorBusinessProfile): string {
+  const posture = postureProfile(profile.posture);
+  return `Run ${profile.vertical} tasks with ${profile.requiredCapability} capability under ${posture.label} governance posture. Prefer ${profile.primaryModel} for high-value work and ${profile.fallbackModel} for routine work. Keep evidence pointers in outputs and escalate anything outside the configured capability tier.`;
 }
 
 function quoteYaml(value: string): string {

package/src/advisor/posture.ts

@@ -0,0 +1,112 @@
+/**
+ * AgentGuard(TM) Spend: Advisor governance posture profiles.
+ *
+ * Patent notice: Protected by U.S. patent-pending technology
+ * (App. Nos. 63/983,615; 63/983,621; 63/983,843; 63/984,626;
+ * 64/071,781; 64/071,789).
+ */
+
+import type { CapabilityTier, EnforcementMode } from '../types';
+
+export type GovernancePosture = 'velocity' | 'standard' | 'compliance';
+
+export interface GovernancePostureProfile {
+  posture: GovernancePosture;
+  label: string;
+  defaultMode: EnforcementMode;
+  capabilityStyle: 'permissive' | 'balanced' | 'strict';
+  downgradeStyle: 'aggressive' | 'moderate' | 'conservative';
+  auditRetentionDays: number;
+  approvalGates: boolean;
+  canaryPercent?: number;
+}
+
+export const GOVERNANCE_POSTURES: Record<GovernancePosture, GovernancePostureProfile> = {
+  velocity: {
+    posture: 'velocity',
+    label: 'Velocity',
+    defaultMode: 'shadow',
+    capabilityStyle: 'permissive',
+    downgradeStyle: 'aggressive',
+    auditRetentionDays: 30,
+    approvalGates: false,
+  },
+  standard: {
+    posture: 'standard',
+    label: 'Standard',
+    defaultMode: 'enforce',
+    capabilityStyle: 'balanced',
+    downgradeStyle: 'moderate',
+    auditRetentionDays: 90,
+    approvalGates: false,
+  },
+  compliance: {
+    posture: 'compliance',
+    label: 'Compliance',
+    defaultMode: 'canary',
+    capabilityStyle: 'strict',
+    downgradeStyle: 'conservative',
+    auditRetentionDays: 2555,
+    approvalGates: true,
+    canaryPercent: 5,
+  },
+};
+
+const VERTICAL_POSTURES: Record<string, GovernancePosture> = {
+  'law-firm': 'compliance',
+  healthcare: 'compliance',
+  accounting: 'compliance',
+  fintech: 'compliance',
+  insurance: 'compliance',
+  'real-estate': 'standard',
+  marketing: 'standard',
+  ecommerce: 'standard',
+  'local-services': 'standard',
+  dental: 'compliance',
+  software: 'velocity',
+  startup: 'standard',
+  'ai-lab': 'velocity',
+  'ai-team': 'velocity',
+};
+
+export function normalizePosture(value?: string | null): GovernancePosture | null {
+  const normalized = (value ?? '').trim().toLowerCase();
+  if (normalized === 'velocity' || normalized === 'standard' || normalized === 'compliance') return normalized;
+  return null;
+}
+
+export function postureProfile(posture: GovernancePosture): GovernancePostureProfile {
+  return GOVERNANCE_POSTURES[posture];
+}
+
+export function suggestPostureForVertical(vertical: string): GovernancePosture {
+  return VERTICAL_POSTURES[vertical] ?? 'standard';
+}
+
+export function applyPostureCapability(
+  posture: GovernancePosture,
+  text: string,
+  fallback: CapabilityTier,
+): CapabilityTier {
+  const lowered = text.toLowerCase();
+  if (posture === 'velocity') {
+    if (/execute|wire|ach|payout|capture funds/.test(lowered)) return 'payment_execute';
+    if (/refund|payment|charge|dispute|money|invoice/.test(lowered)) return 'payment_initiate';
+    return 'read_only';
+  }
+
+  if (posture === 'compliance') {
+    if (/refund|payment|charge|dispute|money|invoice|ledger|sox|fintech|bank/.test(lowered)) return 'payment_execute';
+    if (/write|update|chart|patient|health|phi|pii|legal|contract|tax|student|employment/.test(lowered)) return 'data_write';
+    return fallback === 'read_only' ? 'data_write' : fallback;
+  }
+
+  if (/refund|payment|charge|dispute|money|invoice/.test(lowered)) return 'payment_initiate';
+  if (/write|update|ledger|chart|patient|health|phi|pii|sox|legal|contract|tax|student|employment/.test(lowered)) return 'data_write';
+  return fallback;
+}
+
+export function postureDescription(posture: GovernancePosture): string {
+  const profile = postureProfile(posture);
+  return `${profile.label}: mode ${profile.defaultMode}, ${profile.capabilityStyle} capabilities, ${profile.downgradeStyle} downgrade chains, ${profile.auditRetentionDays} day audit retention`;
+}