@haaaiawd/second-nature 0.1.17 → 0.1.19

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
   "id": "second-nature",
   "name": "Second Nature",
-  "version": "0.1.17",
+  "version": "0.1.19",
   "description": "OpenClaw native plugin with synchronous surface registration and bundled runtime spine. Set SECOND_NATURE_WORKSPACE_ROOT or tool workspaceRoot to the same path as the agent workspace (see README / T1.1.4 ops norm).",
   "activation": {
     "onStartup": true,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@haaaiawd/second-nature",
-  "version": "0.1.17",
+  "version": "0.1.19",
   "description": "OpenClaw native plugin with synchronous registration, a packaged runtime artifact, and operator-facing status/explain flows.",
   "keywords": [
     "openclaw",

package/runtime/cli/index.js

@@ -1,23 +1,31 @@
-import { createObservabilityDatabase } from "../observability/db/index.js";
-import { createStateAPI, createStateDatabase } from "../storage/index.js";
+import { createObservabilityDatabase, } from "../observability/db/index.js";
+import { createStateAPI, createStateDatabase, } from "../storage/index.js";
 import path from "node:path";
 import { createActionBridge } from "./action-bridge.js";
-import { createCliCommands } from "./commands/index.js";
+import { createCliCommands, } from "./commands/index.js";
 import { createOpsRouter } from "./ops/ops-router.js";
-import { createCliReadModels } from "./read-models/index.js";
+import { createCliReadModels, } from "./read-models/index.js";
 import { resolvePackagedRuntime } from "./runtime/runtime-artifact-boundary.js";
+import { createRuntimeDecisionRecorder, } from "../observability/services/runtime-decision-recorder.js";
 export function createCliRuntimeDeps(overrides = {}) {
     const stateDb = overrides.stateDb ?? createStateDatabase();
     const observabilityDb = overrides.observabilityDb ?? createObservabilityDatabase();
     const stateApi = overrides.stateApi ?? createStateAPI(stateDb);
-    const readModels = overrides.readModels ?? createCliReadModels({ stateDb, observabilityDb });
+    const readModels = overrides.readModels ??
+        createCliReadModels({
+            stateDb,
+            observabilityDb,
+            workspaceRoot: process.cwd(),
+        });
     const actionBridge = overrides.actionBridge ?? createActionBridge(stateApi);
+    const runtimeRecorder = overrides.runtimeRecorder ?? createRuntimeDecisionRecorder(observabilityDb);
     return {
         stateDb,
         observabilityDb,
         stateApi,
         readModels,
         actionBridge,
+        runtimeRecorder,
     };
 }
 export function createCommandRouter(options = {}) {
@@ -26,6 +34,9 @@ export function createCommandRouter(options = {}) {
     const opsRouter = createOpsRouter({
         runtimeAvailable: resolvePackagedRuntime(pluginRoot).ok,
         readModels: runtime.readModels,
+        runtimeRecorder: runtime.runtimeRecorder,
+        state: runtime.stateDb,
+        workspaceRoot: process.cwd(),
     });
     const commands = createCliCommands({
         readModels: runtime.readModels,
@@ -43,12 +54,12 @@ export function closeCliRuntimeDeps(deps) {
     deps.stateDb.close();
     deps.observabilityDb.close();
 }
-export { createOpsRouter } from "./ops/ops-router.js";
+export { createOpsRouter, } from "./ops/ops-router.js";
 export { heartbeatCheck, } from "./ops/heartbeat-surface.js";
 export * from "./host-capability/types.js";
-export { classifyDeliveryCapability } from "./host-capability/classify-delivery.js";
+export { classifyDeliveryCapability, } from "./host-capability/classify-delivery.js";
 export { probeHostCapability } from "./host-capability/probe-host-capability.js";
 export { recordHostCapability } from "./host-capability/record-host-capability.js";
 export { runHostSmoke } from "./host-smoke/run-host-smoke.js";
 export { explainSurfaceSubject } from "./explain/explain-surface-subject.js";
-export { showOperatorFallback, OperatorFallbackNotFoundError } from "./ops/show-operator-fallback.js";
+export { showOperatorFallback, OperatorFallbackNotFoundError, } from "./ops/show-operator-fallback.js";

package/runtime/cli/ops/heartbeat-surface.d.ts

@@ -7,6 +7,8 @@
 import type { SurfaceMode } from "../runtime/runtime-artifact-boundary.js";
 import type { HeartbeatSignal } from "../../core/second-nature/heartbeat/signal.js";
 import type { CliReadModels } from "../read-models/index.js";
+import type { RuntimeDecisionRecorder } from "../../observability/services/runtime-decision-recorder.js";
+import type { StateDatabase } from "../../storage/db/index.js";
 export type HeartbeatSurfaceStatus = "heartbeat_ok" | "intent_selected" | "denied" | "deferred" | "runtime_carrier_only" | "delivery_unavailable";
 export interface HeartbeatSurfaceResult {
     ok: boolean;
@@ -28,6 +30,14 @@ export interface HeartbeatCheckInput {
     fakeControlPlanePassthrough?: Record<string, unknown>;
     /** When set, full-runtime heartbeat_check runs the control-plane decision loop (US-001). */
     readModels?: CliReadModels;
+    /** When set, full-runtime cycles are persisted so `loadStatus` exits unknown (T1.2.3). */
+    runtimeRecorder?: RuntimeDecisionRecorder;
+    /**
+     * T2.2.2: when set together with `workspaceRoot`, life evidence from the state DB is loaded
+     * and merged into SnapshotInputs so planner/guard paths see real source-ref truth.
+     */
+    state?: StateDatabase;
+    workspaceRoot?: string;
     timestamp?: string;
     sessionContext?: string;
     scopeHint?: HeartbeatSignal["scopeHint"];

package/runtime/cli/ops/heartbeat-surface.js

@@ -1,6 +1,8 @@
 import { createWorkspaceHeartbeatRunner } from "./workspace-heartbeat-runner.js";
 function mapCycleToSurface(cycle, surfaceMode) {
-    const status = cycle.status === "runtime_carrier_only" ? "runtime_carrier_only" : cycle.status;
+    const status = cycle.status === "runtime_carrier_only"
+        ? "runtime_carrier_only"
+        : cycle.status;
     return {
         ok: true,
         status,
@@ -62,10 +64,16 @@ export async function heartbeatCheck(input) {
         scopeHint: input.scopeHint,
         payload: {
             timestamp,
-            sessionContext: typeof input.sessionContext === "string" ? input.sessionContext : undefined,
+            sessionContext: typeof input.sessionContext === "string"
+                ? input.sessionContext
+                : undefined,
         },
     };
-    const run = createWorkspaceHeartbeatRunner(input.readModels);
+    const run = createWorkspaceHeartbeatRunner(input.readModels, {
+        runtimeRecorder: input.runtimeRecorder,
+        state: input.state,
+        workspaceRoot: input.workspaceRoot ?? process.cwd(),
+    });
     const cycle = await run(signal);
     return mapCycleToSurface(cycle, "workspace_full_runtime");
 }

package/runtime/cli/ops/ops-router.d.ts

@@ -3,11 +3,21 @@
  */
 import { type HeartbeatCheckInput, type HeartbeatSurfaceResult } from "./heartbeat-surface.js";
 import type { CliReadModels } from "../read-models/index.js";
+import type { RuntimeDecisionRecorder } from "../../observability/services/runtime-decision-recorder.js";
+import type { StateDatabase } from "../../storage/db/index.js";
 export interface OpsRouterDeps {
     /** When true, packaged runtime artifacts resolved and full graph is loadable */
     runtimeAvailable: boolean;
     /** Workspace read models: fallback view + heartbeat decision loop inputs (T1.2.2 / US-001). */
     readModels?: CliReadModels;
+    /** Persists full-runtime heartbeat cycles so `loadStatus` exits the unknown baseline (T1.2.3). */
+    runtimeRecorder?: RuntimeDecisionRecorder;
+    /**
+     * T2.2.2: state DB + workspace root for life evidence loading in full-runtime heartbeat cycles.
+     * When set, `loadSnapshotInputsForWorkspaceHeartbeat` can fill `lifeEvidenceRefs` from real DB truth.
+     */
+    state?: StateDatabase;
+    workspaceRoot?: string;
 }
 export interface OpsRouter {
     heartbeatCheck(input: HeartbeatCheckInput): Promise<HeartbeatSurfaceResult>;

package/runtime/cli/ops/ops-router.js

@@ -1,8 +1,8 @@
 /**
  * Shared ops command dispatch for CLI + tool surfaces (T1.1.3, T1.2.2).
  */
-import { heartbeatCheck } from "./heartbeat-surface.js";
-import { showOperatorFallback, OperatorFallbackNotFoundError } from "./show-operator-fallback.js";
+import { heartbeatCheck, } from "./heartbeat-surface.js";
+import { showOperatorFallback, OperatorFallbackNotFoundError, } from "./show-operator-fallback.js";
 function coerceProbeOnlyFlag(input) {
     const v = input?.probeOnly;
     return v === true || v === "true" || v === 1 || v === "1";
@@ -13,19 +13,34 @@ export function createOpsRouter(deps) {
             ...input,
             runtimeAvailable: input.runtimeAvailable ?? deps.runtimeAvailable,
             readModels: input.readModels ?? deps.readModels,
+            runtimeRecorder: input.runtimeRecorder ?? deps.runtimeRecorder,
+            state: input.state ?? deps.state,
+            workspaceRoot: input.workspaceRoot ?? deps.workspaceRoot,
         }),
         dispatch(command, input) {
             if (command === "heartbeat_check") {
-                const runtimeAvailable = typeof input?.runtimeAvailable === "boolean" ? input.runtimeAvailable : deps.runtimeAvailable;
+                const runtimeAvailable = typeof input?.runtimeAvailable === "boolean"
+                    ? input.runtimeAvailable
+                    : deps.runtimeAvailable;
                 return heartbeatCheck({
                     probeOnly: coerceProbeOnlyFlag(input),
                     runtimeAvailable,
-                    fakeControlPlanePassthrough: input?.fakeControlPlanePassthrough && typeof input.fakeControlPlanePassthrough === "object"
+                    fakeControlPlanePassthrough: input?.fakeControlPlanePassthrough &&
+                        typeof input.fakeControlPlanePassthrough === "object"
                         ? input.fakeControlPlanePassthrough
                         : undefined,
-                    readModels: input?.readModels ?? deps.readModels,
+                    readModels: input?.readModels ??
+                        deps.readModels,
+                    runtimeRecorder: input
+                        ?.runtimeRecorder ?? deps.runtimeRecorder,
+                    state: input?.state ??
+                        deps.state,
+                    workspaceRoot: input
+                        ?.workspaceRoot ?? deps.workspaceRoot,
                     timestamp: typeof input?.timestamp === "string" ? input.timestamp : undefined,
-                    sessionContext: typeof input?.sessionContext === "string" ? input.sessionContext : undefined,
+                    sessionContext: typeof input?.sessionContext === "string"
+                        ? input.sessionContext
+                        : undefined,
                     scopeHint: input?.scopeHint,
                 });
             }

package/runtime/cli/ops/workspace-heartbeat-runner.d.ts

@@ -1,10 +1,40 @@
 /**
- * Wires CLI read models into control-plane `runHeartbeatCycle` for `heartbeat_check` (US-001 / CH-09-02).
+ * Wires CLI read models into control-plane `runHeartbeatCycle` for `heartbeat_check` (US-001 / CH-09-02 / T1.2.3).
  *
  * Snapshot inputs are derived from aggregated status; delivery defaults to none until host capability is modeled here.
+ *
+ * T1.2.3: when a `RuntimeDecisionRecorder` is provided, persist a `sn-runtime-*` ledger row +
+ * `second-nature-runtime` execution attempt after each cycle so `loadStatus` exits its `unknown`
+ * baseline once the runtime has actually executed at least one full-runtime turn.
+ *
+ * T2.2.2: when `state` + `workspaceRoot` are supplied, call `loadLifeEvidenceSnapshot` to fill
+ * `lifeEvidenceRefs`, `platformEventCount`, `workEventCount`, and `lifeEvidenceEmptyReason` on
+ * `SnapshotInputs` so planner/guard paths that require source refs see real DB truth.
+ * Falls back gracefully to `lifeEvidenceEmptyReason: "state_unavailable"` when state is absent.
  */
 import type { HeartbeatSignal, HeartbeatCycleResult } from "../../core/second-nature/heartbeat/signal.js";
 import type { SnapshotInputs } from "../../core/second-nature/heartbeat/snapshot-builder.js";
 import type { CliReadModels } from "../read-models/index.js";
-export declare function loadSnapshotInputsForWorkspaceHeartbeat(readModels: CliReadModels): Promise<SnapshotInputs>;
-export declare function createWorkspaceHeartbeatRunner(readModels: CliReadModels): (signal: HeartbeatSignal) => Promise<HeartbeatCycleResult>;
+import type { RuntimeDecisionRecorder } from "../../observability/services/runtime-decision-recorder.js";
+import type { StateDatabase } from "../../storage/db/index.js";
+export interface WorkspaceHeartbeatRunnerOptions {
+    /** When supplied, the runner persists the cycle so `loadStatus` can read it (T1.2.3). */
+    runtimeRecorder?: RuntimeDecisionRecorder;
+    /**
+     * T2.2.2: when state + workspaceRoot are provided, life evidence is loaded from DB and merged
+     * into SnapshotInputs so planner/guard paths have real source-ref truth.
+     */
+    state?: StateDatabase;
+    workspaceRoot?: string;
+    /**
+     * T1.2.4: when true (and workspaceRoot is set), inject a `quietWorkflow` dep into the heartbeat
+     * cycle so quiet/reflection intents can call `runSourceBackedQuiet` and write artifacts to disk.
+     * Defaults to true when workspaceRoot is provided, since this is the host-safe workspace path.
+     */
+    enableQuietWorkflow?: boolean;
+}
+export declare function loadSnapshotInputsForWorkspaceHeartbeat(readModels: CliReadModels, options?: {
+    state?: StateDatabase;
+    workspaceRoot?: string;
+}): Promise<SnapshotInputs>;
+export declare function createWorkspaceHeartbeatRunner(readModels: CliReadModels, options?: WorkspaceHeartbeatRunnerOptions): (signal: HeartbeatSignal) => Promise<HeartbeatCycleResult>;

package/runtime/cli/ops/workspace-heartbeat-runner.js

@@ -1,8 +1,48 @@
 import { runHeartbeatCycle } from "../../core/second-nature/heartbeat/run-heartbeat-cycle.js";
-export async function loadSnapshotInputsForWorkspaceHeartbeat(readModels) {
+import { loadLifeEvidenceSnapshot } from "../../storage/snapshots/life-evidence-snapshot.js";
+export async function loadSnapshotInputsForWorkspaceHeartbeat(readModels, options = {}) {
     const status = await readModels.loadStatus();
     const mode = status.rhythm.mode === "unknown" ? "active" : status.rhythm.mode;
-    const quietEnabledBridge = status.quiet.mode === "quiet";
+    // CH-15-03: quietEnabledBridge should reflect whether the quiet *execution path* is wired
+    // (workspaceRoot available), not whether the last observed rhythm decision was "quiet".
+    // status.quiet.mode is typically "unknown" until a Quiet artifact has been persisted, which
+    // means binding to it would permanently suppress the quiet window — the opposite of intent.
+    // We instead enable the bridge whenever workspaceRoot is provided (same condition as
+    // `createWorkspaceHeartbeatRunner` uses for injecting quietWorkflow).
+    const quietEnabledBridge = !!options.workspaceRoot;
+    // T2.2.2: Load life evidence from state DB when available so SnapshotInputs carries real refs.
+    let lifeEvidenceRefs;
+    let platformEventCount;
+    let workEventCount;
+    let lifeEvidenceEmptyReason;
+    if (options.state && options.workspaceRoot) {
+        try {
+            const snapshot = await loadLifeEvidenceSnapshot(options.state, options.workspaceRoot, { limit: 50 }, 
+            // Skip repair gate here — runner is called inside a live cycle; gate ran at startup.
+            { runRepairGate: false });
+            lifeEvidenceRefs = snapshot.evidenceRefs.map((ref) => ({
+                id: ref.id,
+                kind: ref.kind,
+                uri: ref.uri,
+            }));
+            platformEventCount = snapshot.platformEvents.length;
+            workEventCount = snapshot.workEvents.length;
+            if (snapshot.empty) {
+                lifeEvidenceEmptyReason = "no_sources";
+            }
+        }
+        catch {
+            // If evidence load fails, signal state_unavailable rather than crashing the cycle.
+            lifeEvidenceRefs = [];
+            platformEventCount = 0;
+            workEventCount = 0;
+            lifeEvidenceEmptyReason = "state_unavailable";
+        }
+    }
+    else {
+        // No state wired — record that life evidence wasn't loaded so guards can reason honestly.
+        lifeEvidenceEmptyReason = "state_unavailable";
+    }
     return {
         mode,
         currentWindowId: status.rhythm.windowId ?? "workspace-default",
@@ -13,14 +53,41 @@ export async function loadSnapshotInputsForWorkspaceHeartbeat(readModels) {
         awaitingUserInput: false,
         quietEnabledBridge,
         deliveryCapability: { target: "none" },
+        lifeEvidenceRefs,
+        platformEventCount,
+        workEventCount,
+        lifeEvidenceEmptyReason,
     };
 }
-export function createWorkspaceHeartbeatRunner(readModels) {
-    return (signal) => runHeartbeatCycle({
-        signal,
-        runtimeAvailable: true,
-        deps: {
-            loadSnapshotInputs: () => loadSnapshotInputsForWorkspaceHeartbeat(readModels),
-        },
-    });
+export function createWorkspaceHeartbeatRunner(readModels, options = {}) {
+    // T1.2.4: inject quietWorkflow dep when workspaceRoot is set so quiet/reflection intents
+    // can trigger runSourceBackedQuiet and persist artifacts to disk.
+    const quietEnabled = options.workspaceRoot && options.enableQuietWorkflow !== false;
+    return async (signal) => {
+        const cycle = await runHeartbeatCycle({
+            signal,
+            runtimeAvailable: true,
+            deps: {
+                loadSnapshotInputs: () => loadSnapshotInputsForWorkspaceHeartbeat(readModels, {
+                    state: options.state,
+                    workspaceRoot: options.workspaceRoot,
+                }),
+                // T1.2.4: pass quietWorkflow dep so runSourceBackedQuiet can persist artifacts.
+                quietWorkflow: quietEnabled
+                    ? { workspaceRoot: options.workspaceRoot }
+                    : undefined,
+            },
+        });
+        if (options.runtimeRecorder) {
+            try {
+                await options.runtimeRecorder.recordHeartbeatCycle({ cycle, signal });
+            }
+            catch {
+                // T1.2.3: recorder must never break the heartbeat surface response.
+                // Failure here means status simply remains at its previous aggregate; the
+                // cycle outcome itself is still returned to the caller.
+            }
+        }
+        return cycle;
+    };
 }

package/runtime/cli/read-models/index.d.ts

@@ -25,5 +25,11 @@ export interface CliReadModelsDeps {
     observabilityDb: ObservabilityDatabase;
     /** When set, explain can resolve delivery/fallback/report/source_ref and enrich decision subjects from lived-experience audit envelopes (T5.3.1 / T1.2.1). */
     livedExperienceAuditStore?: AppendOnlyAuditStore;
+    /**
+     * T1.2.4: when set, `loadQuiet` and `loadDailyReport` also scan `.second-nature/quiet/{day}/`
+     * for persisted Quiet artifact JSON files (from `persistQuietArtifactToWorkspace`) and merge
+     * them into the read model so operators see non-zero counts after Quiet actually runs.
+     */
+    workspaceRoot?: string;
 }
 export declare function createCliReadModels(deps: CliReadModelsDeps): CliReadModels;

package/runtime/cli/read-models/index.js

@@ -1,12 +1,15 @@
+import fs from "node:fs";
+import path from "node:path";
 import { desc } from "drizzle-orm";
 import { createQuietInputLoader } from "../../storage/services/quiet-input-loader.js";
 import { AssetRepository } from "../../storage/repositories/asset-repository.js";
 import { CredentialRepository } from "../../storage/repositories/credential-repository.js";
 import { EvidenceQueryEngine } from "../../observability/query/evidence-query-engine.js";
-import { decisionLedger, executionAttempts } from "../../observability/db/schema/index.js";
-import { queryExplain } from "../../observability/query/explain-query.js";
+import { decisionLedger, executionAttempts, } from "../../observability/db/schema/index.js";
+import { AppendOnlyAuditStore } from "../../observability/audit/append-only-audit-store.js";
+import { queryExplain, } from "../../observability/query/explain-query.js";
 import { mapOperatorExplainToReadModel } from "./operator-explain-map.js";
-import { loadOperatorFallbackRow, toOperatorFallbackView } from "../../storage/fallback/load-operator-fallback.js";
+import { loadOperatorFallbackRow, toOperatorFallbackView, } from "../../storage/fallback/load-operator-fallback.js";
 const INTERNAL_RUNTIME_PLATFORM_ID = "second-nature-runtime";
 const INTERNAL_RUNTIME_TRACE_PREFIX = "sn-runtime-";
 function toExplainQuery(subject) {
@@ -14,7 +17,9 @@ function toExplainQuery(subject) {
         case "decision":
             return { kind: "decision", decisionId: subject.id };
         case "fallback": {
-            const ref = subject.id.startsWith("fallback:") ? subject.id : `fallback:${subject.id}`;
+            const ref = subject.id.startsWith("fallback:")
+                ? subject.id
+                : `fallback:${subject.id}`;
             return { kind: "fallback", fallbackRef: ref };
         }
         case "probe":
@@ -29,7 +34,11 @@ function toExplainQuery(subject) {
     }
 }
 function isAuditOnlySubjectKind(kind) {
-    return kind === "fallback" || kind === "probe" || kind === "report" || kind === "delivery" || kind === "source_ref";
+    return (kind === "fallback" ||
+        kind === "probe" ||
+        kind === "report" ||
+        kind === "delivery" ||
+        kind === "source_ref");
 }
 function buildCredentialNextStep(status) {
     if (status === "pending_verification")
@@ -38,6 +47,47 @@ function buildCredentialNextStep(status) {
         return "refresh_credential_context";
     return undefined;
 }
+/**
+ * T1.2.4: count persisted Quiet artifact JSON files under `.second-nature/quiet/{day}/`
+ * so `loadQuiet` / `loadDailyReport` can reflect Quiet artifacts in the read model.
+ */
+function countQuietArtifactsForDay(workspaceRoot, day) {
+    try {
+        const dir = path.join(workspaceRoot, ".second-nature", "quiet", day);
+        if (!fs.existsSync(dir))
+            return 0;
+        return fs.readdirSync(dir).filter((f) => f.endsWith(".json")).length;
+    }
+    catch {
+        return 0;
+    }
+}
+/**
+ * T1.2.4: scan the last N days under `.second-nature/quiet/` and count total JSON artifacts.
+ * Returns { totalArtifacts, recentDays } for merging into QuietReadModel.
+ */
+function countRecentQuietArtifacts(workspaceRoot, windowDays = 2) {
+    try {
+        const quietRoot = path.join(workspaceRoot, ".second-nature", "quiet");
+        if (!fs.existsSync(quietRoot))
+            return { totalArtifacts: 0, recentDays: [] };
+        const now = Date.now();
+        const recentDays = [];
+        let total = 0;
+        for (let i = 0; i < windowDays; i++) {
+            const d = new Date(now - i * 86400000).toISOString().slice(0, 10);
+            const count = countQuietArtifactsForDay(workspaceRoot, d);
+            if (count > 0) {
+                recentDays.push(d);
+                total += count;
+            }
+        }
+        return { totalArtifacts: total, recentDays };
+    }
+    catch {
+        return { totalArtifacts: 0, recentDays: [] };
+    }
+}
 function mapRuntimeStatus(attempt) {
     if (!attempt) {
         return "unknown";
@@ -61,7 +111,11 @@ export function createCliReadModels(deps) {
     const credentialRepository = new CredentialRepository(deps.stateDb);
     const quietLoader = createQuietInputLoader(assetRepository);
     const evidenceQuery = new EvidenceQueryEngine(deps.observabilityDb);
-    const auditStore = deps.livedExperienceAuditStore;
+    // T1.2.5 (CH-14-05): default-inject an empty AppendOnlyAuditStore so `explain` does not
+    // immediately return `lived_experience_audit_store_unavailable` for callers that don't supply
+    // an explicit store. The empty store means audit-only subjects return `no_matching_audit_events`
+    // instead of a configuration error — which is more accurate and less alarming to operators.
+    const auditStore = deps.livedExperienceAuditStore ?? new AppendOnlyAuditStore();
     return {
         async loadStatus(_scope) {
             let recentAttempts = [];
@@ -94,15 +148,26 @@ export function createCliReadModels(deps) {
                 credentials = [];
             }
             const latestRuntimeAttempt = recentAttempts.find((attempt) => attempt.platformId === INTERNAL_RUNTIME_PLATFORM_ID);
+            // CH-15-04 (CH-14-03): latestConnectorAttempt is the most recent execution attempt whose
+            // platformId is NOT the internal sn-runtime sentinel — i.e. a real connector platform
+            // (Moltbook, EvoMap, etc.). The `connectors` array in StatusReadModel reflects this single
+            // most-recent non-runtime attempt, NOT the full connector manifest. An empty array means
+            // no connector attempt has been recorded yet, not that connectors are misconfigured.
             const latestConnectorAttempt = recentAttempts.find((attempt) => attempt.platformId !== INTERNAL_RUNTIME_PLATFORM_ID);
             const latestRuntimeDecision = recentDecisions.find((decision) => decision.traceId.startsWith(INTERNAL_RUNTIME_TRACE_PREFIX));
-            const runtimeUpdatedAt = latestRuntimeAttempt?.finishedAt ?? latestRuntimeAttempt?.startedAt ?? latestRuntimeDecision?.createdAt ?? "";
+            const runtimeUpdatedAt = latestRuntimeAttempt?.finishedAt ??
+                latestRuntimeAttempt?.startedAt ??
+                latestRuntimeDecision?.createdAt ??
+                "";
             const quietMode = latestRuntimeDecision?.mode === "quiet" ||
                 latestRuntimeDecision?.mode === "maintenance_only" ||
                 latestRuntimeDecision?.mode === "paused_for_interrupt"
                 ? latestRuntimeDecision.mode
                 : "unknown";
-            const riskFlags = [latestRuntimeAttempt?.failureClass, latestConnectorAttempt?.failureClass].filter((value) => Boolean(value));
+            const riskFlags = [
+                latestRuntimeAttempt?.failureClass,
+                latestConnectorAttempt?.failureClass,
+            ].filter((value) => Boolean(value));
             const connectorSummary = latestConnectorAttempt
                 ? [
                     {
@@ -126,11 +191,14 @@ export function createCliReadModels(deps) {
                 quiet: {
                     mode: quietMode,
                     lastEvent: latestRuntimeDecision?.traceId,
-                    interrupted: latestRuntimeDecision?.mode === "paused_for_interrupt" ? true : undefined,
+                    interrupted: latestRuntimeDecision?.mode === "paused_for_interrupt"
+                        ? true
+                        : undefined,
                 },
                 connectors: connectorSummary,
                 credentials: credentials.map((item) => ({
-                    platformId: item.platformId ?? item.platform_id,
+                    platformId: item.platformId ??
+                        item.platform_id,
                     status: item.status,
                     nextStep: buildCredentialNextStep(item.status),
                 })),
@@ -138,25 +206,49 @@ export function createCliReadModels(deps) {
                     level: riskFlags.length > 0 ? "medium" : "low",
                     flags: riskFlags,
                 },
+                // T1.2.5 (CH-14-04): default delivery posture is workspace_default_none because the
+                // workspace heartbeat hardcodes `deliveryCapability: { target: "none" }` until a host
+                // capability probe explicitly sets a valid target.
+                deliveryPosture: {
+                    verdict: "none",
+                    source: "workspace_default_none",
+                    reasonCode: "delivery_target_none",
+                },
             };
         },
         async loadDailyReport(day) {
             let bundle;
             try {
                 bundle = await quietLoader.loadQuietInputs({
-                    dateRange: { start: `${day}T00:00:00.000Z`, end: `${day}T23:59:59.999Z` },
-                    assetFilters: { includeJournal: false, includeReports: true, includeCurated: false },
+                    dateRange: {
+                        start: `${day}T00:00:00.000Z`,
+                        end: `${day}T23:59:59.999Z`,
+                    },
+                    assetFilters: {
+                        includeJournal: false,
+                        includeReports: true,
+                        includeCurated: false,
+                    },
                 });
             }
             catch {
                 bundle = { dailyReports: [], journalEntries: [], sourceCount: 0 };
             }
+            // T1.2.4: merge persisted Quiet artifact JSON files from `.second-nature/quiet/{day}/`
+            // into the daily report sourceRefs so the read model reflects artifacts written by
+            // `persistQuietArtifactToWorkspace` (closes the canonical read/write gap for loadDailyReport).
+            const fsArtifactCount = deps.workspaceRoot
+                ? countQuietArtifactsForDay(deps.workspaceRoot, day)
+                : 0;
             const report = bundle.dailyReports[0];
+            const existingSources = report?.sources ?? [];
+            // Append synthetic source refs for each FS artifact not already in the list.
+            const fsSourceRefs = Array.from({ length: fsArtifactCount }, (_, i) => `quiet_artifact:${day}:${i}`).filter((ref) => !existingSources.includes(ref));
             return {
                 day,
                 summary: report?.summary ?? "",
                 highlights: report?.highlights ?? [],
-                sourceRefs: report?.sources ?? [],
+                sourceRefs: [...existingSources, ...fsSourceRefs],
             };
         },
         async loadQuiet(scope) {
@@ -172,11 +264,20 @@ export function createCliReadModels(deps) {
             catch {
                 bundle = { dailyReports: [], journalEntries: [], sourceCount: 0 };
             }
+            // T1.2.4 (CH-14-07): also count persisted Quiet artifact JSON files under
+            // `.second-nature/quiet/` so that once `runSourceBackedQuiet` has written
+            // artifacts to disk, the read model is non-zero even if the legacy memory/
+            // journal path is empty.
+            const quietArtifacts = deps.workspaceRoot
+                ? countRecentQuietArtifacts(deps.workspaceRoot, 2)
+                : { totalArtifacts: 0, recentDays: [] };
+            const totalSourceCount = bundle.sourceCount + quietArtifacts.totalArtifacts;
+            const totalReportCount = bundle.dailyReports.length + quietArtifacts.totalArtifacts;
             return {
                 scope,
-                mode: bundle.sourceCount > 0 ? "quiet" : "unknown",
-                sourceCount: bundle.sourceCount,
-                reportCount: bundle.dailyReports.length,
+                mode: totalSourceCount > 0 ? "quiet" : "unknown",
+                sourceCount: totalSourceCount,
+                reportCount: totalReportCount,
                 recentJournalCount: bundle.journalEntries.length,
             };
         },
@@ -209,7 +310,8 @@ export function createCliReadModels(deps) {
                 };
             }
             return {
-                platformId: record.platformId ?? record.platform_id,
+                platformId: record.platformId ??
+                    record.platform_id,
                 status: record.status,
                 verificationDeadline: record.expiresAt ?? undefined,
                 attemptsRemaining: record.attemptsRemaining ?? undefined,
@@ -224,6 +326,9 @@ export function createCliReadModels(deps) {
         },
         async explain(subject) {
             const q = toExplainQuery(subject);
+            // T1.2.5: auditStore is always non-null (default-injected), so the explain path always
+            // has a store available. For audit-only subjects with no matching events the summary
+            // from queryExplain will be "no_matching_audit_events" — accurate and non-alarming.
             if (auditStore && q) {
                 const op = queryExplain(q, auditStore);
                 if (isAuditOnlySubjectKind(subject.kind)) {
@@ -236,12 +341,16 @@ export function createCliReadModels(deps) {
             if (isAuditOnlySubjectKind(subject.kind)) {
                 return {
                     subjectType: subject.kind,
-                    conclusion: auditStore ? "no_matching_audit_events" : "lived_experience_audit_store_unavailable",
-                    keyFactors: auditStore ? [] : ["configure_lived_experience_audit_store_for_operator_explain"],
+                    // auditStore is always present (default-injected by T1.2.5), so this branch is
+                    // only reached when q is undefined (unresolvable subject kind).
+                    conclusion: "no_matching_audit_events",
+                    keyFactors: [],
                     evidenceRefs: [],
                 };
             }
-            const query = subject.kind === "decision" || subject.kind === "platform-selection" || subject.kind === "outreach"
+            const query = subject.kind === "decision" ||
+                subject.kind === "platform-selection" ||
+                subject.kind === "outreach"
                 ? { decisionId: subject.id }
                 : { assetId: subject.id };
             const bundle = await evidenceQuery.queryEvidence(query);

package/runtime/cli/read-models/types.d.ts

@@ -27,6 +27,34 @@ export interface RiskSummary {
     level: "low" | "medium" | "high";
     flags: string[];
 }
+/**
+ * T1.2.5 (CH-14-04): delivery posture summarises why `deliveryCapability.target` is `none`
+ * and which layer set it — workspace heartbeat default vs OpenClaw cron config vs host probe.
+ *
+ * CH-15-02 implementation note: `loadStatus` currently always emits `workspace_default_none`
+ * because the workspace heartbeat hardcodes `target: none` and no T1.1.2 HostCapabilityReport
+ * probe is wired into the read model path yet.  The other two `source` values are reserved for
+ * future integration:
+ *   - `openclaw_cron_delivery_none`: when the OpenClaw cron layer exposes `delivery.mode: none`
+ *     in the host config and that value is surfaced via a new probe or bridge field.
+ *   - `host_capability_probe`: when `HostCapabilityReport.deliveryTarget` is read from the DB
+ *     (T1.1.2) and routed into `loadStatus`.
+ * Do NOT infer either value without a real observation — see ADR-007 "no proof, not sent".
+ */
+export interface DeliveryPosture {
+    /** Current effective verdict: none = no delivery channel; available = a valid target exists. */
+    verdict: "none" | "available";
+    /**
+     * Stable source discriminator for operator tooling (CH-15-02: only workspace_default_none
+     * is emitted today; cron/probe values require additional host-side wiring):
+     *   workspace_default_none — workspace heartbeat hardcodes target:none (no host probe ran).
+     *   openclaw_cron_delivery_none — cron layer has delivery.mode:none (host config decision).
+     *   host_capability_probe — a HostCapabilityReport probe determined the posture.
+     */
+    source: "workspace_default_none" | "openclaw_cron_delivery_none" | "host_capability_probe";
+    /** Human-readable reason code included in explain surfaces. */
+    reasonCode: string;
+}
 export interface StatusReadModel {
     runtime: RuntimeSummary;
     rhythm: RhythmSummary;
@@ -34,6 +62,11 @@ export interface StatusReadModel {
     connectors: ConnectorSummary[];
     credentials: CredentialSummary[];
     risk: RiskSummary;
+    /**
+     * T1.2.5: structured delivery posture so operators can distinguish workspace default "none"
+     * from cron-layer "none" without inspecting raw heartbeat JSON.
+     */
+    deliveryPosture?: DeliveryPosture;
 }
 export interface DailyReportReadModel {
     day: string;

package/runtime/core/second-nature/heartbeat/heartbeat-loop.js

@@ -1,8 +1,8 @@
-import { buildContinuitySnapshot } from "./snapshot-builder.js";
-import { buildHeartbeatRuntimeSnapshot } from "./runtime-snapshot.js";
+import { buildContinuitySnapshot, } from "./snapshot-builder.js";
+import { buildHeartbeatRuntimeSnapshot, } from "./runtime-snapshot.js";
 import { planCandidateIntents } from "../orchestrator/intent-planner.js";
 import { evaluateHardGuards } from "../orchestrator/guard-layer.js";
-import { dispatchUserOutreachIntent } from "../outreach/dispatch-user-outreach.js";
+import { dispatchUserOutreachIntent, } from "../outreach/dispatch-user-outreach.js";
 import { buildJudgeOutreachInputFromSnapshot } from "../outreach/judge-input-from-snapshot.js";
 import { runSourceBackedQuiet } from "../quiet/run-source-backed-quiet.js";
 /**
@@ -10,7 +10,9 @@ import { runSourceBackedQuiet } from "../quiet/run-source-backed-quiet.js";
  * Exported for unit tests (CR-M1 wiring).
  */
 export async function resolveAllowedIntentResult(intent, runtime, inputs, signal, deps) {
-    const day = typeof signal.payload.timestamp === "string" ? signal.payload.timestamp.slice(0, 10) : "1970-01-01";
+    const day = typeof signal.payload.timestamp === "string"
+        ? signal.payload.timestamp.slice(0, 10)
+        : "1970-01-01";
     if (intent.effectClass === "user_outreach" && deps.outreachDispatch) {
         return dispatchUserOutreachIntent({
             candidate: intent,
@@ -22,7 +24,9 @@ export async function resolveAllowedIntentResult(intent, runtime, inputs, signal
         });
     }
     if (deps.quietWorkflow &&
-        (intent.kind === "quiet" || (intent.kind === "reflection" && intent.effectClass === "narrative_reflection"))) {
+        (intent.kind === "quiet" ||
+            (intent.kind === "reflection" &&
+                intent.effectClass === "narrative_reflection"))) {
         const quietRun = await runSourceBackedQuiet({
             candidate: intent,
             runtime,
@@ -32,11 +36,28 @@ export async function resolveAllowedIntentResult(intent, runtime, inputs, signal
         });
         return quietRun.result;
     }
+    // T2.2.3 (CH-14-02/03 / CH-15-01): all intent_selected results must carry at least one
+    // machine-readable reason so operators can distinguish between effect classes:
+    //   - maintenance / no_effect → "internal_tick" (no external side-effects)
+    //   - connector_action without dispatch wired → "connector_dispatch_unwired"
+    //   - external_platform_action / memory_curation → not generated by intent-planner today;
+    //     if a future path produces them, they will reach the fallback [] branch below and
+    //     should have dedicated reason codes added (e.g. "external_platform_action_unwired").
+    //   - other (outreach / quiet) → caught by the early-return branches above
+    const noExternalEffect = intent.effectClass === "maintenance" ||
+        intent.effectClass === "no_effect" ||
+        intent.kind === "maintenance";
+    const connectorUnwired = intent.effectClass === "connector_action";
+    const reasons = noExternalEffect
+        ? ["internal_tick"]
+        : connectorUnwired
+            ? ["connector_dispatch_unwired"]
+            : [];
     return {
         scope: "rhythm",
         status: "intent_selected",
         selectedIntentId: intent.id,
-        reasons: [],
+        reasons,
     };
 }
 /**
@@ -82,7 +103,9 @@ export async function ingestRhythmSignal(signal, deps) {
                 reasons: evaluation.reasons,
             };
             const resolved = await resolveAllowedIntentResult(intent, runtime, inputs, signal, deps);
-            const result = resolved.status === "intent_selected" && resolved.reasons.length === 0 && evaluation.reasons.length > 0
+            const result = resolved.status === "intent_selected" &&
+                resolved.reasons.length === 0 &&
+                evaluation.reasons.length > 0
                 ? { ...resolved, reasons: evaluation.reasons }
                 : resolved;
             await emitTrace(result);

package/runtime/core/second-nature/runtime/service-entry.js

@@ -27,7 +27,7 @@ export function startRuntimeService(ctx) {
     // - control-plane-system (heartbeat bridge preparation)
     const workspaceRoot = ctx?.workspaceRoot ?? process.cwd();
     /** Keep in sync with `plugin/package.json` when cutting releases. */
-    const version = "0.1.17";
+    const version = "0.1.19";
     activeHandle = {
         ready: true,
         version,

package/runtime/observability/db/index.js

@@ -6,83 +6,83 @@ import { fileURLToPath } from "node:url";
 import * as schema from "./schema/index.js";
 // Pre-initialize sql.js WASM at module load time
 const SQL = await initSqlJs();
-const OBSERVABILITY_SCHEMA_SQL = `
-  CREATE TABLE IF NOT EXISTS decision_ledger (
-    id TEXT PRIMARY KEY,
-    tick_id TEXT NOT NULL,
-    trace_id TEXT NOT NULL,
-    intent_id TEXT,
-    platform_id TEXT,
-    verdict TEXT NOT NULL,
-    mode TEXT NOT NULL,
-    reasons TEXT NOT NULL,
-    reason_codes TEXT NOT NULL,
-    decision_basis TEXT NOT NULL,
-    evidence_refs TEXT NOT NULL,
-    model_eval_ref TEXT,
-    created_at TEXT NOT NULL
-  );
-  CREATE UNIQUE INDEX IF NOT EXISTS decision_trace_idx ON decision_ledger(trace_id);
-  CREATE INDEX IF NOT EXISTS decision_tick_idx ON decision_ledger(tick_id);
-  CREATE TABLE IF NOT EXISTS execution_attempts (
-    id TEXT PRIMARY KEY,
-    trace_id TEXT NOT NULL,
-    decision_id TEXT NOT NULL,
-    intent_id TEXT NOT NULL,
-    platform_id TEXT NOT NULL,
-    capability TEXT NOT NULL,
-    channel TEXT NOT NULL,
-    status TEXT NOT NULL,
-    commit_state TEXT,
-    failure_class TEXT,
-    retry_policy TEXT,
-    idempotency_key TEXT,
-    started_at TEXT,
-    finished_at TEXT
-  );
-  CREATE UNIQUE INDEX IF NOT EXISTS attempt_trace_idx ON execution_attempts(trace_id);
-  CREATE INDEX IF NOT EXISTS attempt_decision_idx ON execution_attempts(decision_id);
-  CREATE INDEX IF NOT EXISTS attempt_platform_idx ON execution_attempts(platform_id);
-  CREATE TABLE IF NOT EXISTS governance_audit (
-    id TEXT PRIMARY KEY,
-    event_type TEXT NOT NULL,
-    proposal_id TEXT,
-    target_asset_id TEXT,
-    asset_path TEXT,
-    status_from TEXT,
-    status_to TEXT NOT NULL,
-    before_hash TEXT,
-    after_hash TEXT,
-    supporting_sources TEXT,
-    reason TEXT,
-    verification_deadline TEXT,
-    attempts_remaining INTEGER,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS audit_proposal_idx ON governance_audit(proposal_id);
-  CREATE INDEX IF NOT EXISTS audit_asset_idx ON governance_audit(target_asset_id);
-  CREATE INDEX IF NOT EXISTS audit_event_idx ON governance_audit(event_type);
-  CREATE TABLE IF NOT EXISTS redaction_manifest (
-    id TEXT PRIMARY KEY,
-    event_id TEXT NOT NULL,
-    event_type TEXT NOT NULL,
-    field_name TEXT NOT NULL,
-    action TEXT NOT NULL,
-    original_value_hash TEXT,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS redact_event_idx ON redaction_manifest(event_id);
-  CREATE TABLE IF NOT EXISTS host_capability_reports (
-    report_id TEXT PRIMARY KEY,
-    generated_at TEXT NOT NULL,
-    host_version TEXT,
-    observed_version TEXT,
-    doc_checked_at TEXT NOT NULL,
-    doc_links_json TEXT NOT NULL,
-    delivery_target TEXT NOT NULL,
-    conflict_records_json TEXT NOT NULL,
-    full_report_json TEXT NOT NULL
-  );
+const OBSERVABILITY_SCHEMA_SQL = `
+  CREATE TABLE IF NOT EXISTS decision_ledger (
+    id TEXT PRIMARY KEY,
+    tick_id TEXT NOT NULL,
+    trace_id TEXT NOT NULL,
+    intent_id TEXT,
+    platform_id TEXT,
+    verdict TEXT NOT NULL,
+    mode TEXT NOT NULL,
+    reasons TEXT NOT NULL,
+    reason_codes TEXT NOT NULL,
+    decision_basis TEXT NOT NULL,
+    evidence_refs TEXT NOT NULL,
+    model_eval_ref TEXT,
+    created_at TEXT NOT NULL
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS decision_trace_idx ON decision_ledger(trace_id);
+  CREATE INDEX IF NOT EXISTS decision_tick_idx ON decision_ledger(tick_id);
+  CREATE TABLE IF NOT EXISTS execution_attempts (
+    id TEXT PRIMARY KEY,
+    trace_id TEXT NOT NULL,
+    decision_id TEXT NOT NULL,
+    intent_id TEXT NOT NULL,
+    platform_id TEXT NOT NULL,
+    capability TEXT NOT NULL,
+    channel TEXT NOT NULL,
+    status TEXT NOT NULL,
+    commit_state TEXT,
+    failure_class TEXT,
+    retry_policy TEXT,
+    idempotency_key TEXT,
+    started_at TEXT,
+    finished_at TEXT
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS attempt_trace_idx ON execution_attempts(trace_id);
+  CREATE INDEX IF NOT EXISTS attempt_decision_idx ON execution_attempts(decision_id);
+  CREATE INDEX IF NOT EXISTS attempt_platform_idx ON execution_attempts(platform_id);
+  CREATE TABLE IF NOT EXISTS governance_audit (
+    id TEXT PRIMARY KEY,
+    event_type TEXT NOT NULL,
+    proposal_id TEXT,
+    target_asset_id TEXT,
+    asset_path TEXT,
+    status_from TEXT,
+    status_to TEXT NOT NULL,
+    before_hash TEXT,
+    after_hash TEXT,
+    supporting_sources TEXT,
+    reason TEXT,
+    verification_deadline TEXT,
+    attempts_remaining INTEGER,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS audit_proposal_idx ON governance_audit(proposal_id);
+  CREATE INDEX IF NOT EXISTS audit_asset_idx ON governance_audit(target_asset_id);
+  CREATE INDEX IF NOT EXISTS audit_event_idx ON governance_audit(event_type);
+  CREATE TABLE IF NOT EXISTS redaction_manifest (
+    id TEXT PRIMARY KEY,
+    event_id TEXT NOT NULL,
+    event_type TEXT NOT NULL,
+    field_name TEXT NOT NULL,
+    action TEXT NOT NULL,
+    original_value_hash TEXT,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS redact_event_idx ON redaction_manifest(event_id);
+  CREATE TABLE IF NOT EXISTS host_capability_reports (
+    report_id TEXT PRIMARY KEY,
+    generated_at TEXT NOT NULL,
+    host_version TEXT,
+    observed_version TEXT,
+    doc_checked_at TEXT NOT NULL,
+    doc_links_json TEXT NOT NULL,
+    delivery_target TEXT NOT NULL,
+    conflict_records_json TEXT NOT NULL,
+    full_report_json TEXT NOT NULL
+  );
 `;
 function resolveDbPath(filename) {
     if (path.isAbsolute(filename) || filename === ":memory:") {

package/runtime/observability/index.d.ts

@@ -8,6 +8,7 @@ export { redactEvent, createEmptyManifest, mergeManifests, type RedactionManifes
 export { DecisionLedger, type QuietLifecycleEvent, type OutreachDecision, type HeartbeatDecisionEvent } from "./services/decision-ledger.js";
 export { GovernanceAudit, type CredentialLifecycleAudit } from "./services/governance-audit.js";
 export { ExecutionTelemetry, type ExecutionAttemptInput } from "./services/execution-telemetry.js";
+export { createRuntimeDecisionRecorder, RUNTIME_DECISION_TRACE_PREFIX, RUNTIME_INTERNAL_PLATFORM_ID, type RuntimeDecisionRecorder, type RecordHeartbeatCycleInput, type RecordHeartbeatCycleOutput, } from "./services/runtime-decision-recorder.js";
 export { LivedExperienceAuditRecorder, createLivedExperienceAuditRecorder, type DecisionTracePayload, type DeliveryAuditPayload, type DeliveryAuditStatus, type ExplainLinkageSummary, type GuidanceGroundingAuditPayload, type SourceCoverageAuditPayload, } from "./services/lived-experience-audit.js";
 export { GovernancePlaneRecorder, createGovernancePlaneRecorder, type AuditAppendAck, type ConnectorAttemptAudit, type ConnectorAttemptOutcome, type StateGovernanceAudit, type StateGovernanceKind, } from "./services/governance-plane-recorder.js";
 export { queryExplain, type ExplainQuery, type OperatorExplainReadModel, type RedactedExplainEvent, } from "./query/explain-query.js";

package/runtime/observability/index.js

@@ -8,6 +8,7 @@ export { redactEvent, createEmptyManifest, mergeManifests, } from "./redaction/m
 export { DecisionLedger } from "./services/decision-ledger.js";
 export { GovernanceAudit } from "./services/governance-audit.js";
 export { ExecutionTelemetry } from "./services/execution-telemetry.js";
+export { createRuntimeDecisionRecorder, RUNTIME_DECISION_TRACE_PREFIX, RUNTIME_INTERNAL_PLATFORM_ID, } from "./services/runtime-decision-recorder.js";
 export { LivedExperienceAuditRecorder, createLivedExperienceAuditRecorder, } from "./services/lived-experience-audit.js";
 export { GovernancePlaneRecorder, createGovernancePlaneRecorder, } from "./services/governance-plane-recorder.js";
 export { queryExplain, } from "./query/explain-query.js";

package/runtime/observability/services/runtime-decision-recorder.d.ts

@@ -0,0 +1,29 @@
+import type { ObservabilityDatabase } from "../db/index.js";
+import { DecisionLedger, type HeartbeatDecisionEvent } from "./decision-ledger.js";
+import { ExecutionTelemetry } from "./execution-telemetry.js";
+import type { HeartbeatCycleResult, HeartbeatSignal } from "../../core/second-nature/heartbeat/signal.js";
+export declare const RUNTIME_DECISION_TRACE_PREFIX = "sn-runtime-";
+export declare const RUNTIME_INTERNAL_PLATFORM_ID = "second-nature-runtime";
+export interface RecordHeartbeatCycleInput {
+    cycle: HeartbeatCycleResult;
+    signal: HeartbeatSignal;
+    /**
+     * Override rhythm `mode` written to the ledger row. When omitted, falls back
+     * to `"active"`; downstream loadStatus only treats `quiet` /
+     * `maintenance_only` / `paused_for_interrupt` as Quiet-aware values.
+     */
+    rhythmMode?: HeartbeatDecisionEvent["mode"];
+}
+export interface RecordHeartbeatCycleOutput {
+    traceId: string;
+    decisionId: string;
+    attemptId: string;
+}
+export interface RuntimeDecisionRecorder {
+    recordHeartbeatCycle(input: RecordHeartbeatCycleInput): Promise<RecordHeartbeatCycleOutput>;
+}
+export interface CreateRuntimeDecisionRecorderDeps {
+    ledger?: DecisionLedger;
+    telemetry?: ExecutionTelemetry;
+}
+export declare function createRuntimeDecisionRecorder(observabilityDb: ObservabilityDatabase, overrides?: CreateRuntimeDecisionRecorderDeps): RuntimeDecisionRecorder;

package/runtime/observability/services/runtime-decision-recorder.js

@@ -0,0 +1,94 @@
+/**
+ * Runtime Decision Recorder (T1.2.3).
+ *
+ * Core logic: after a workspace `runHeartbeatCycle` completes, persist two rows that
+ * `loadStatus` already filters on, so operator status stops returning `unknown` for
+ * `rhythm.mode` / `runtime.serviceStatus` once the runtime has executed at least once.
+ *  - `decision_ledger` row via `DecisionLedger.recordHeartbeatDecision()` with
+ *    `traceId` prefix `sn-runtime-` (matches `INTERNAL_RUNTIME_TRACE_PREFIX`).
+ *  - `execution_attempts` row via `ExecutionTelemetry.startAttempt` +
+ *    `completeAttempt` with `platformId === "second-nature-runtime"` (matches
+ *    `INTERNAL_RUNTIME_PLATFORM_ID`).
+ *
+ * Boundaries:
+ *  - Recorder failure must NOT break the heartbeat surface response — caller wraps with try/catch.
+ *  - Carrier-only / probe-only / runtime-unavailable paths do NOT invoke this recorder
+ *    (their semantics intentionally remain "unknown" until a full-runtime turn happens).
+ *  - This is a derived observability writer; it is not the canonical decision producer
+ *    (control-plane keeps that contract). It exists to close the read-side aggregation gap.
+ */
+import { randomUUID } from "node:crypto";
+import { DecisionLedger } from "./decision-ledger.js";
+import { ExecutionTelemetry } from "./execution-telemetry.js";
+export const RUNTIME_DECISION_TRACE_PREFIX = "sn-runtime-";
+export const RUNTIME_INTERNAL_PLATFORM_ID = "second-nature-runtime";
+const RUNTIME_INTERNAL_CAPABILITY = "runtime.heartbeat";
+const RUNTIME_INTERNAL_CHANNEL = "internal";
+export function createRuntimeDecisionRecorder(observabilityDb, overrides = {}) {
+    const ledger = overrides.ledger ?? new DecisionLedger(observabilityDb);
+    const telemetry = overrides.telemetry ?? new ExecutionTelemetry(observabilityDb);
+    return {
+        async recordHeartbeatCycle({ cycle, signal, rhythmMode }) {
+            const timestamp = typeof signal.payload.timestamp === "string" && signal.payload.timestamp.trim().length > 0
+                ? signal.payload.timestamp
+                : new Date().toISOString();
+            const uniqueId = randomUUID();
+            const traceId = `${RUNTIME_DECISION_TRACE_PREFIX}${cycle.scope}-${cycle.status}-${uniqueId}`;
+            const decisionId = `decision-runtime-${uniqueId}`;
+            const tickId = `tick-runtime-${uniqueId}`;
+            const event = {
+                id: decisionId,
+                tickId,
+                traceId,
+                runtimeScope: cycle.scope,
+                triggerSource: signal.trigger,
+                decisionStatus: mapCycleStatus(cycle.status),
+                reasons: cycle.reasons,
+                intentId: cycle.selectedIntentId,
+                mode: rhythmMode ?? "active",
+                createdAt: timestamp,
+            };
+            await ledger.recordHeartbeatDecision(event);
+            const attemptId = await telemetry.startAttempt({
+                traceId,
+                decisionId,
+                intentId: cycle.selectedIntentId ?? `${RUNTIME_INTERNAL_PLATFORM_ID}-tick`,
+                platformId: RUNTIME_INTERNAL_PLATFORM_ID,
+                capability: RUNTIME_INTERNAL_CAPABILITY,
+                channel: RUNTIME_INTERNAL_CHANNEL,
+                startedAt: timestamp,
+            });
+            const status = isFailureCycle(cycle.status) ? "failed" : "succeeded";
+            const failureClass = status === "failed" ? cycleStatusFailureClass(cycle.status) : undefined;
+            await telemetry.completeAttempt(traceId, status, undefined, failureClass);
+            return { traceId, decisionId, attemptId };
+        },
+    };
+}
+function mapCycleStatus(status) {
+    switch (status) {
+        case "intent_selected":
+            return "intent_selected";
+        case "denied":
+            return "denied";
+        case "deferred":
+            return "deferred";
+        case "delivery_unavailable":
+            return "delivery_unavailable";
+        case "runtime_carrier_only":
+            return "runtime_carrier_only";
+        case "heartbeat_ok":
+        default:
+            return "heartbeat_ok";
+    }
+}
+function isFailureCycle(status) {
+    return status === "delivery_unavailable" || status === "denied";
+}
+function cycleStatusFailureClass(status) {
+    if (status === "delivery_unavailable")
+        return "delivery_unavailable";
+    if (status === "denied")
+        return "decision_denied";
+    return undefined;
+}

package/runtime/storage/db/index.js

@@ -6,99 +6,99 @@ import { fileURLToPath } from "node:url";
 import * as schema from "./schema/index.js";
 // Pre-initialize sql.js WASM at module load time
 const SQL = await initSqlJs();
-const STATE_SCHEMA_SQL = `
-  CREATE TABLE IF NOT EXISTS credential_records (
-    platform_id TEXT PRIMARY KEY,
-    credential_type TEXT NOT NULL,
-    encrypted_value TEXT NOT NULL,
-    status TEXT NOT NULL,
-    verification_code TEXT,
-    challenge_text TEXT,
-    expires_at TEXT,
-    attempts_remaining INTEGER,
-    updated_at TEXT NOT NULL
-  );
-  CREATE TABLE IF NOT EXISTS policy_records (
-    platform_id TEXT PRIMARY KEY,
-    social_daily_limit INTEGER NOT NULL,
-    quiet_enabled INTEGER NOT NULL,
-    outreach_daily_budget INTEGER NOT NULL DEFAULT 2,
-    updated_at TEXT NOT NULL
-  );
-  CREATE TABLE IF NOT EXISTS life_evidence_index (
-    id TEXT PRIMARY KEY,
-    timestamp TEXT NOT NULL,
-    evidence_type TEXT NOT NULL,
-    sensitivity TEXT NOT NULL,
-    producer TEXT NOT NULL,
-    artifact_path TEXT NOT NULL,
-    platform_id TEXT,
-    source_refs_json TEXT NOT NULL
-  );
-  CREATE TABLE IF NOT EXISTS asset_registry (
-    id TEXT PRIMARY KEY,
-    kind TEXT NOT NULL,
-    path TEXT NOT NULL,
-    hash TEXT NOT NULL,
-    version INTEGER NOT NULL DEFAULT 1,
-    layer TEXT NOT NULL,
-    last_indexed_at TEXT NOT NULL
-  );
-  CREATE UNIQUE INDEX IF NOT EXISTS asset_registry_path_idx ON asset_registry(path);
-  CREATE TABLE IF NOT EXISTS intent_commit_records (
-    id TEXT PRIMARY KEY,
-    intent_id TEXT NOT NULL,
-    decision_id TEXT NOT NULL,
-    checkpoint_id TEXT,
-    state TEXT NOT NULL,
-    outcome_ref TEXT,
-    metadata_json TEXT,
-    updated_at TEXT NOT NULL
-  );
-  CREATE TABLE IF NOT EXISTS proposal_records (
-    id TEXT PRIMARY KEY,
-    target_asset_id TEXT NOT NULL,
-    before_hash TEXT,
-    after_hash TEXT,
-    status TEXT NOT NULL,
-    proposed_diff TEXT NOT NULL,
-    reason TEXT NOT NULL,
-    supporting_sources TEXT NOT NULL,
-    confidence REAL NOT NULL,
-    created_at TEXT NOT NULL,
-    applied_at TEXT
-  );
-  CREATE TABLE IF NOT EXISTS provenance_edges (
-    id TEXT PRIMARY KEY,
-    from_id TEXT NOT NULL,
-    to_id TEXT NOT NULL,
-    kind TEXT NOT NULL,
-    created_at TEXT NOT NULL
-  );
-  CREATE TABLE IF NOT EXISTS delivery_attempts (
-    attempt_id TEXT PRIMARY KEY,
-    decision_id TEXT NOT NULL,
-    target TEXT,
-    channel TEXT,
-    status TEXT NOT NULL,
-    message_id TEXT,
-    host_proof_ref_json TEXT,
-    error_class TEXT,
-    fallback_ref TEXT,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS delivery_attempt_decision_idx ON delivery_attempts(decision_id);
-  CREATE TABLE IF NOT EXISTS operator_fallback_artifacts (
-    fallback_ref TEXT PRIMARY KEY,
-    decision_id TEXT NOT NULL,
-    status TEXT NOT NULL,
-    reason TEXT NOT NULL,
-    source_refs_json TEXT NOT NULL,
-    candidate_message TEXT,
-    next_step TEXT NOT NULL,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS operator_fallback_decision_idx ON operator_fallback_artifacts(decision_id);
+const STATE_SCHEMA_SQL = `
+  CREATE TABLE IF NOT EXISTS credential_records (
+    platform_id TEXT PRIMARY KEY,
+    credential_type TEXT NOT NULL,
+    encrypted_value TEXT NOT NULL,
+    status TEXT NOT NULL,
+    verification_code TEXT,
+    challenge_text TEXT,
+    expires_at TEXT,
+    attempts_remaining INTEGER,
+    updated_at TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS policy_records (
+    platform_id TEXT PRIMARY KEY,
+    social_daily_limit INTEGER NOT NULL,
+    quiet_enabled INTEGER NOT NULL,
+    outreach_daily_budget INTEGER NOT NULL DEFAULT 2,
+    updated_at TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS life_evidence_index (
+    id TEXT PRIMARY KEY,
+    timestamp TEXT NOT NULL,
+    evidence_type TEXT NOT NULL,
+    sensitivity TEXT NOT NULL,
+    producer TEXT NOT NULL,
+    artifact_path TEXT NOT NULL,
+    platform_id TEXT,
+    source_refs_json TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS asset_registry (
+    id TEXT PRIMARY KEY,
+    kind TEXT NOT NULL,
+    path TEXT NOT NULL,
+    hash TEXT NOT NULL,
+    version INTEGER NOT NULL DEFAULT 1,
+    layer TEXT NOT NULL,
+    last_indexed_at TEXT NOT NULL
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS asset_registry_path_idx ON asset_registry(path);
+  CREATE TABLE IF NOT EXISTS intent_commit_records (
+    id TEXT PRIMARY KEY,
+    intent_id TEXT NOT NULL,
+    decision_id TEXT NOT NULL,
+    checkpoint_id TEXT,
+    state TEXT NOT NULL,
+    outcome_ref TEXT,
+    metadata_json TEXT,
+    updated_at TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS proposal_records (
+    id TEXT PRIMARY KEY,
+    target_asset_id TEXT NOT NULL,
+    before_hash TEXT,
+    after_hash TEXT,
+    status TEXT NOT NULL,
+    proposed_diff TEXT NOT NULL,
+    reason TEXT NOT NULL,
+    supporting_sources TEXT NOT NULL,
+    confidence REAL NOT NULL,
+    created_at TEXT NOT NULL,
+    applied_at TEXT
+  );
+  CREATE TABLE IF NOT EXISTS provenance_edges (
+    id TEXT PRIMARY KEY,
+    from_id TEXT NOT NULL,
+    to_id TEXT NOT NULL,
+    kind TEXT NOT NULL,
+    created_at TEXT NOT NULL
+  );
+  CREATE TABLE IF NOT EXISTS delivery_attempts (
+    attempt_id TEXT PRIMARY KEY,
+    decision_id TEXT NOT NULL,
+    target TEXT,
+    channel TEXT,
+    status TEXT NOT NULL,
+    message_id TEXT,
+    host_proof_ref_json TEXT,
+    error_class TEXT,
+    fallback_ref TEXT,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS delivery_attempt_decision_idx ON delivery_attempts(decision_id);
+  CREATE TABLE IF NOT EXISTS operator_fallback_artifacts (
+    fallback_ref TEXT PRIMARY KEY,
+    decision_id TEXT NOT NULL,
+    status TEXT NOT NULL,
+    reason TEXT NOT NULL,
+    source_refs_json TEXT NOT NULL,
+    candidate_message TEXT,
+    next_step TEXT NOT NULL,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS operator_fallback_decision_idx ON operator_fallback_artifacts(decision_id);
 `;
 function resolveDbPath(filename) {
     if (path.isAbsolute(filename) || filename === ":memory:") {

package/workspace-ops-bridge.js

@@ -39,6 +39,7 @@ export async function openWorkspaceOpsBridge(workspaceRoot) {
         const opsRouter = cliIndex.createOpsRouter({
             runtimeAvailable: runtimeResolved.ok,
             readModels: deps.readModels,
+            runtimeRecorder: deps.runtimeRecorder,
         });
         const commands = commandsMod.createCliCommands({
             readModels: deps.readModels,