@runcore-sh/runcore 0.1.8 → 0.1.10

package/dist/server.js

@@ -16,6 +16,7 @@ const PKG_ROOT = join(__dirname, "..");
 import { writeFileSync } from "node:fs";
 import { initInstanceName, getInstanceName, getInstanceNameLower, resolveEnv, getAlertEmailFrom } from "./instance.js";
 import { readBrainFile, writeBrainFile, appendBrainLine } from "./lib/brain-io.js";
+import { runWithAuditContext } from "./lib/audit.js";
 import { Brain } from "./brain.js";
 import { FileSystemLongTermMemory } from "./memory/file-backed.js";
 import { createLogger } from "./utils/logger.js";
@@ -25,7 +26,13 @@ import { ensurePairingCode, getStatus, pair, authenticate, getRecoveryQuestion,
 import { getProvider } from "./llm/providers/index.js";
 import { withStreamRetry } from "./llm/retry.js";
 import { LLMError } from "./llm/errors.js";
-import { loadSettings, getSettings, updateSettings, resolveProvider, resolveChatModel, resolveUtilityModel, getPulseSettings, } from "./settings.js";
+import { PrivateModeError, isPrivateMode, checkOllamaHealth } from "./llm/guard.js";
+import { installFetchGuard } from "./llm/fetch-guard.js";
+import { SensitiveRegistry } from "./llm/sensitive-registry.js";
+import { PrivacyMembrane } from "./llm/membrane.js";
+import { setActiveMembrane, rehydrateResponse } from "./llm/redact.js";
+import { loadSettings, getSettings, updateSettings, resolveProvider, resolveChatModel, resolveUtilityModel, getPulseSettings, getMeshConfig, } from "./settings.js";
+import { startMdns, stopMdns } from "./mdns.js";
 import { ingestDirectory } from "./files/ingest.js";
 import { processIngestFolder } from "./files/ingest-folder.js";
 import { saveSession, loadSession } from "./sessions/store.js";
@@ -42,7 +49,9 @@ import { isSttAvailable, transcribe } from "./stt/client.js";
 import { startAvatarSidecar, stopAvatarSidecar, isAvatarAvailable } from "./avatar/sidecar.js";
 import { preparePhoto, generateVideo, getCachedVideo, cacheVideo, clearVideoCache } from "./avatar/client.js";
 import { getTtsConfig, getSttConfig, getAvatarConfig } from "./settings.js";
-import { loadVault, listVaultKeys, setVaultKey, deleteVaultKey, getDashReadableVault, getVaultEntries } from "./vault/store.js";
+import { loadVault, listVaultKeys, setVaultKey, deleteVaultKey, getDashReadableVault, getVaultEntries, hydrateEnv as rehydrateVaultEnv } from "./vault/store.js";
+import { exportVault, importVault, verifyExport } from "./vault/transfer.js";
+import { getIntegrationStatus, isIntegrationEnabled } from "./integrations/gate.js";
 import { makeCall } from "./twilio/call.js";
 import { isGoogleConfigured, isGoogleAuthenticated, getAuthUrl, exchangeCode, } from "./google/auth.js";
 import { isCalendarAvailable, getTodaySchedule, getUpcomingEvents, listEvents, searchEvents, getFreeBusy, createEvent, updateEvent, deleteEvent } from "./google/calendar.js";
@@ -100,6 +109,7 @@ import { listChannels, getChannelInfo, joinChannel, getChannelHistory } from "./
 // Slack types no longer needed — providers handle their own type mapping
 import { getClient as getWhatsAppClient, isWhatsAppConfigured } from "./channels/whatsapp.js";
 import { parseFormBody, processIncomingMessage, emptyTwimlResponse, replyTwiml, twilioProvider } from "./webhooks/twilio.js";
+import { resendProvider } from "./resend/webhooks.js";
 import { handleWhatsAppMessage } from "./services/whatsapp.js";
 import { initLLMCache, shutdownLLMCache, getCacheDiagnostics } from "./cache/llm-cache.js";
 import { mountWebhookAdmin, createWebhookRoute, verifyWebhookRequest } from "./webhooks/mount.js";
@@ -122,7 +132,8 @@ function pickStreamFn() {
     return withStreamRetry((options) => provider.streamChat(options), { maxRetries: 3, baseDelayMs: 1_000, maxDelayMs: 30_000 });
 }
 // --- Config ---
-const PORT = parseInt(process.env.CORE_PORT ?? resolveEnv("PORT") ?? "3577", 10);
+const PORT = parseInt(process.env.CORE_PORT ?? resolveEnv("PORT") ?? "0", 10);
+let actualPort = PORT;
 const SIDECAR_PORT = resolveEnv("SEARCH_PORT") ?? "3578";
 const BRAIN_DIR = join(process.cwd(), "brain");
 const SKILLS_DIR = join(process.cwd(), "skills");
@@ -177,7 +188,7 @@ async function getOrCreateChatSession(sessionId, name) {
     // Read custom personality instructions (empty string if file doesn't exist)
     let personality = "";
     try {
-        personality = (await readBrainFile(PERSONALITY_PATH)).trim();
+        personality = (await runWithAuditContext({ caller: "http:init:personality", channel: "http" }, () => readBrainFile(PERSONALITY_PATH))).trim();
     }
     catch { }
     // Fetch current projects for system prompt injection
@@ -362,6 +373,17 @@ app.get("/", async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "index.html"));
     return c.html(html);
 });
+// --- Nerve endpoint (PWA) ---
+app.get("/nerve", async (c) => {
+    const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "nerve", "index.html"));
+    return c.html(html);
+});
+// --- Audit context middleware ---
+// Tags all brain file reads within HTTP handlers with the route info.
+app.use("/api/*", async (c, next) => {
+    const caller = `http:${c.req.method} ${c.req.path}`;
+    return runWithAuditContext({ caller, channel: "http" }, () => next());
+});
 // --- Tracing middleware ---
 app.use("/api/*", tracingMiddleware());
 // --- Metrics middleware ---
@@ -384,12 +406,17 @@ app.use("/api/*", async (c, next) => {
     }
     return generalLimiter(c, next);
 });
+// --- Posture middleware (intent accumulation + surface gating) ---
+// Track all API interactions for posture engine
+app.use("/api/*", postureTracker());
+// Attach posture surface header to all responses
+app.use("/api/*", postureHeader());
 // --- Webhook initialization (batch registration + config + admin routes) ---
 const webhookInitStart = performance.now();
 // Phase 1: Batch-register all webhook providers (deferred from module imports to avoid
 // 5 individual logActivity calls during startup — now a single batch call).
 const registerStart = performance.now();
-registerProviders([githubProvider, slackEventsProvider, slackCommandsProvider, slackInteractionsProvider, twilioProvider]);
+registerProviders([githubProvider, slackEventsProvider, slackCommandsProvider, slackInteractionsProvider, twilioProvider, resendProvider]);
 const registerMs = performance.now() - registerStart;
 // Phase 2: Configure webhook providers (secrets resolved from env vars)
 const configStart = performance.now();
@@ -399,6 +426,7 @@ setProviderConfigs([
     { name: "slack-interactions", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/interactions" },
     { name: "twilio", secret: "TWILIO_AUTH_TOKEN", signatureHeader: "x-twilio-signature", algorithm: "twilio", path: "/api/twilio/whatsapp" },
     { name: "github", secret: "GITHUB_WEBHOOK_SECRET", signatureHeader: "x-hub-signature-256", algorithm: "hmac-sha256-hex", path: "/api/github/webhooks" },
+    { name: "resend", secret: "RESEND_WEBHOOK_SECRET", signatureHeader: "svix-signature", algorithm: "custom", path: "/api/resend/webhooks" },
 ]);
 const configMs = performance.now() - configStart;
 // Phase 3: Mount admin routes
@@ -422,6 +450,7 @@ app.get("/api/status", async (c) => {
         ...status,
         provider: resolveProvider(),
         airplaneMode: settings.airplaneMode,
+        privateMode: settings.privateMode,
         safeWordMode: settings.safeWordMode,
         search: isSearchAvailable(),
         tts: isTtsAvailable(),
@@ -579,6 +608,70 @@ app.delete("/api/vault/:name", async (c) => {
     await deleteVaultKey(name, key);
     return c.json({ ok: true });
 });
+// Export vault to portable passphrase-encrypted file
+app.post("/api/vault/export", async (c) => {
+    const sessionId = c.req.query("sessionId");
+    if (!sessionId)
+        return c.json({ error: "sessionId required" }, 400);
+    const session = validateSession(sessionId);
+    if (!session)
+        return c.json({ error: "Invalid or expired session" }, 401);
+    const body = await c.req.json();
+    if (!body.passphrase || body.passphrase.length < 8) {
+        return c.json({ error: "Passphrase required (min 8 characters)" }, 400);
+    }
+    try {
+        const result = await exportVault(body.passphrase);
+        return c.json({ ok: true, filePath: result.filePath, stats: result.stats });
+    }
+    catch (e) {
+        return c.json({ error: e.message }, 500);
+    }
+});
+// Import vault from portable passphrase-encrypted file
+app.post("/api/vault/import", async (c) => {
+    const sessionId = c.req.query("sessionId");
+    if (!sessionId)
+        return c.json({ error: "sessionId required" }, 400);
+    const session = validateSession(sessionId);
+    if (!session)
+        return c.json({ error: "Invalid or expired session" }, 401);
+    const key = sessionKeys.get(sessionId);
+    if (!key)
+        return c.json({ error: "Session key not found" }, 401);
+    const body = await c.req.json();
+    if (!body.filePath || !body.passphrase) {
+        return c.json({ error: "filePath and passphrase required" }, 400);
+    }
+    const strategy = body.strategy ?? "skip";
+    try {
+        const result = await importVault(body.filePath, body.passphrase, strategy, key);
+        return c.json({ ok: true, stats: result.stats });
+    }
+    catch (e) {
+        return c.json({ error: e.message }, 400);
+    }
+});
+// Verify a vault export file without importing
+app.post("/api/vault/verify-export", async (c) => {
+    const sessionId = c.req.query("sessionId");
+    if (!sessionId)
+        return c.json({ error: "sessionId required" }, 400);
+    const session = validateSession(sessionId);
+    if (!session)
+        return c.json({ error: "Invalid or expired session" }, 401);
+    const body = await c.req.json();
+    if (!body.filePath || !body.passphrase) {
+        return c.json({ error: "filePath and passphrase required" }, 400);
+    }
+    try {
+        const result = await verifyExport(body.filePath, body.passphrase);
+        return c.json({ ok: true, message: result.message, stats: result.stats });
+    }
+    catch (e) {
+        return c.json({ error: e.message }, 400);
+    }
+});
 // --- Google OAuth2 routes ---
 // Initiate Google OAuth flow — redirects to Google consent screen
 // No session required: this just redirects to Google, no sensitive data returned
@@ -1178,6 +1271,43 @@ app.put("/api/settings", async (c) => {
         },
     });
 });
+// --- Integration admin routes ---
+app.get("/api/admin/integrations", async (c) => {
+    const settings = getSettings();
+    const integrations = settings.integrations ?? { enabled: true };
+    const status = getIntegrationStatus();
+    return c.json({
+        enabled: integrations.enabled ?? true,
+        services: status,
+    });
+});
+app.post("/api/admin/integrations", async (c) => {
+    const body = await c.req.json();
+    const patch = {
+        integrations: {},
+    };
+    if (typeof body.enabled === "boolean") {
+        patch.integrations.enabled = body.enabled;
+    }
+    if (body.services && typeof body.services === "object") {
+        patch.integrations.services = body.services;
+    }
+    const updated = await updateSettings(patch);
+    // Re-hydrate env with new gates — clear integration vars first, then re-hydrate
+    const status = getIntegrationStatus();
+    rehydrateVaultEnv();
+    const credStore = getCredentialStore();
+    if (credStore)
+        await credStore.hydrate();
+    return c.json({
+        enabled: updated.integrations?.enabled ?? true,
+        services: status.map((s) => ({
+            ...s,
+            // Re-check after settings update
+            enabled: isIntegrationEnabled(s.service),
+        })),
+    });
+});
 // --- Voice routes ---
 // Voice status: which voice features are available?
 app.get("/api/voice-status", async (c) => {
@@ -1386,7 +1516,16 @@ app.post("/api/branch", async (c) => {
     ];
     const activeProvider = resolveProvider();
     const activeChatModel = resolveChatModel();
-    const stream_fn = pickStreamFn();
+    let stream_fn;
+    try {
+        stream_fn = pickStreamFn();
+    }
+    catch (err) {
+        if (err instanceof PrivateModeError) {
+            return c.json({ error: err.message }, 503);
+        }
+        throw err;
+    }
     const reqSignal = c.req.raw.signal;
     return streamSSE(c, async (stream) => {
         // Send branch trace metadata so the UI can track lineage
@@ -1407,21 +1546,42 @@ app.post("/api/branch", async (c) => {
             }
             const onAbort = () => resolve();
             reqSignal?.addEventListener("abort", onAbort, { once: true });
+            // Token buffer for split-placeholder rehydration
+            let tokenBuf = "";
+            const flushBuf = () => {
+                if (!tokenBuf)
+                    return;
+                const rehydrated = rehydrateResponse(tokenBuf);
+                tokenBuf = "";
+                stream.writeSSE({ data: JSON.stringify({ token: rehydrated }) }).catch(() => { });
+            };
             stream_fn({
                 messages,
                 model: activeChatModel,
                 signal: reqSignal,
                 onToken: (token) => {
-                    stream.writeSSE({ data: JSON.stringify({ token }) }).catch(() => { });
+                    tokenBuf += token;
+                    // Hold if buffer ends with partial placeholder: << ... (no closing >>)
+                    const lastOpen = tokenBuf.lastIndexOf("<<");
+                    if (lastOpen !== -1 && tokenBuf.indexOf(">>", lastOpen) === -1)
+                        return;
+                    flushBuf();
                 },
                 onDone: () => {
+                    flushBuf(); // flush remainder
                     reqSignal?.removeEventListener("abort", onAbort);
                     stream.writeSSE({ data: JSON.stringify({ done: true }) }).catch(() => { });
                     resolve();
                 },
-                onError: (err) => {
+                onError: async (err) => {
+                    flushBuf();
                     reqSignal?.removeEventListener("abort", onAbort);
-                    const errorMsg = err instanceof LLMError ? err.userMessage : (err.message || "Stream error");
+                    let errorMsg = err instanceof LLMError ? err.userMessage : (err.message || "Stream error");
+                    if (isPrivateMode() && /ECONNREFUSED|fetch failed|network|socket/i.test(errorMsg)) {
+                        const health = await checkOllamaHealth();
+                        if (!health.ok)
+                            errorMsg += " — Check that Ollama is running. " + health.message;
+                    }
                     stream.writeSSE({ data: JSON.stringify({ error: errorMsg }) }).catch(() => { });
                     resolve();
                 },
@@ -2076,6 +2236,22 @@ app.post("/api/slack/commands", createWebhookRoute({ provider: "slack-commands"
 // Slack interactions: routed through the generic webhook system.
 // The slack-interactions provider handles extracting JSON from the form "payload" field.
 app.post("/api/slack/interactions", createWebhookRoute({ provider: "slack-interactions" }));
+// --- Resend inbound email ---
+// Resend webhook: receive inbound emails via Svix-signed webhooks (direct path).
+// Uses generic webhook route with Svix signature verification.
+app.post("/api/resend/webhooks", createWebhookRoute({ provider: "resend" }));
+// Resend inbox: manually trigger inbox check (pulls from Worker KV).
+app.post("/api/resend/check-inbox", async (c) => {
+    const sessionId = c.req.query("sessionId");
+    if (!sessionId)
+        return c.json({ error: "sessionId required" }, 400);
+    const session = validateSession(sessionId);
+    if (!session)
+        return c.json({ error: "Invalid or expired session" }, 401);
+    const { forceCheckResendInbox } = await import("./resend/inbox.js");
+    const count = await forceCheckResendInbox();
+    return c.json({ ok: true, processed: count });
+});
 // --- WhatsApp routes (Twilio-backed) ---
 // WhatsApp status: check if configured
 app.get("/api/whatsapp/status", (c) => {
@@ -2147,6 +2323,59 @@ app.post("/api/relay/whatsapp", async (c) => {
     const result = await handleWhatsAppMessage(from, body, payload.ProfileName);
     return c.json({ ok: result.ok, reply: result.reply, error: result.error });
 });
+// Resend relay: receive pre-verified inbound emails from the Cloudflare Worker.
+// The Worker has already verified Resend's Svix signature and fetched the full
+// email body — this endpoint verifies the relay's own HMAC-SHA256 signature.
+app.post("/api/relay/resend", async (c) => {
+    const rawBody = await c.req.text();
+    const headers = {};
+    c.req.raw.headers.forEach((value, key) => {
+        headers[key.toLowerCase()] = value;
+    });
+    const relaySecret = process.env.RELAY_SECRET ?? "";
+    const verification = verifyRelaySignature(rawBody, headers, relaySecret);
+    if (!verification.valid) {
+        return c.json({ error: verification.error ?? "Invalid relay signature" }, 401);
+    }
+    let payload;
+    try {
+        payload = JSON.parse(rawBody);
+    }
+    catch {
+        return c.json({ error: "Invalid JSON" }, 400);
+    }
+    if (payload.type !== "email.received" || !payload.body?.trim()) {
+        return c.json({ ok: true, message: "No actionable content" });
+    }
+    logActivity({
+        source: "resend",
+        summary: `Inbound email relayed from ${payload.from}: "${payload.subject}"`,
+    });
+    // Import processInboundEmail dynamically to avoid circular deps at module level
+    const { processInboundEmail, sendResendReply } = await import("./resend/webhooks.js");
+    const reply = await processInboundEmail({
+        from: payload.from,
+        subject: payload.subject,
+        body: payload.body,
+        date: payload.created_at || new Date().toISOString(),
+    });
+    if (!reply) {
+        return c.json({ ok: true, message: "No reply generated" });
+    }
+    const sent = await sendResendReply({
+        to: payload.from,
+        subject: payload.subject,
+        body: reply,
+        inReplyTo: payload.message_id,
+    });
+    logActivity({
+        source: "resend",
+        summary: sent
+            ? `Replied to ${payload.from}: "${payload.subject}" (${reply.length} chars)`
+            : `Failed to reply to ${payload.from}: "${payload.subject}"`,
+    });
+    return c.json({ ok: true, sent, replyLength: reply.length });
+});
 // WhatsApp send: send a message (requires sessionId)
 app.post("/api/whatsapp/send", async (c) => {
     const sessionId = c.req.query("sessionId");
@@ -2214,6 +2443,10 @@ function issuesToCardPayload(issues) {
         };
     });
 }
+// Board API — gated to board posture
+app.use("/api/board/*", requireSurface("pages"));
+app.use("/api/ops/*", requireSurface("pages"));
+app.use("/api/agents/*", requireSurface("agents"));
 // Board status: is a provider configured, and who is the user?
 app.get("/api/board/status", async (c) => {
     const board = getBoardProvider();
@@ -3020,32 +3253,114 @@ app.get("/api/help/context", async (c) => {
         changelog,
     });
 });
-// --- Ops dashboard routes (no auth — local-only diagnostics) ---
-// Serve observatory.html
-app.get("/observatory", async (c) => {
+// --- Ops dashboard routes (posture-gated: board level) ---
+// Board-level pages — only assembled when user has shown intent for full visibility
+app.get("/observatory", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "observatory.html"));
     return c.html(html);
 });
-// Serve ops.html
-app.get("/ops", async (c) => {
+app.get("/ops", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "ops.html"));
     return c.html(html);
 });
-// Serve board.html (kanban view)
-app.get("/board", async (c) => {
+app.get("/board", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "board.html"));
     return c.html(html);
 });
-// Serve library.html (file explorer)
-app.get("/library", async (c) => {
+app.get("/library", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "library.html"));
     return c.html(html);
 });
-// Serve browser.html (agent's-eye view of web pages)
-app.get("/browser", async (c) => {
+app.get("/browser", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "browser.html"));
     return c.html(html);
 });
+// Registry is always available — it's the entry point
+app.get("/registry", async (c) => {
+    const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "registry.html"));
+    return c.html(html);
+});
+// Serve roadmap.html (strategic roadmap & rearview)
+app.get("/roadmap", async (c) => {
+    const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "roadmap.html"));
+    return c.html(html);
+});
+// Roadmap API — parse brain/operations/roadmap.yaml and return as JSON
+app.get("/api/roadmap", async (c) => {
+    try {
+        const raw = await readBrainFile(join(process.cwd(), "brain", "operations", "roadmap.yaml"));
+        const parsed = parseRoadmapYaml(raw);
+        return c.json(parsed);
+    }
+    catch (err) {
+        return c.json({ error: "Failed to load roadmap.yaml" }, 500);
+    }
+});
+// Roadmap rearview API — recent git commits grouped by hour
+app.get("/api/roadmap/recent", async (c) => {
+    const hours = parseInt(c.req.query("hours") || "24", 10);
+    if (isNaN(hours) || hours < 1 || hours > 168) {
+        return c.json({ error: "hours must be between 1 and 168" }, 400);
+    }
+    try {
+        const { execSync } = await import("child_process");
+        const since = new Date(Date.now() - hours * 60 * 60 * 1000).toISOString();
+        const raw = execSync(`git log --after="${since}" --format="%H||%an||%ai||%s" --no-merges`, { cwd: process.cwd(), encoding: "utf-8", timeout: 10000 }).trim();
+        if (!raw)
+            return c.json({ commits: [], groups: [], hours, total: 0 });
+        const commits = raw.split("\n").map((line) => {
+            const [hash, author, date, ...msgParts] = line.split("||");
+            const message = msgParts.join("||");
+            const isAuto = /^\[(?:dash|agent)\]/i.test(message);
+            return {
+                hash: hash.slice(0, 8),
+                fullHash: hash,
+                author,
+                date,
+                message,
+                autonomous: isAuto,
+                tag: isAuto ? "dash" : "human",
+            };
+        });
+        // Group by hour bucket
+        const groups = {};
+        for (const commit of commits) {
+            const d = new Date(commit.date);
+            const hourKey = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}-${String(d.getDate()).padStart(2, "0")} ${String(d.getHours()).padStart(2, "0")}:00`;
+            if (!groups[hourKey])
+                groups[hourKey] = [];
+            groups[hourKey].push(commit);
+        }
+        const grouped = Object.entries(groups)
+            .map(([hour, items]) => ({ hour, commits: items, count: items.length }))
+            .sort((a, b) => b.hour.localeCompare(a.hour));
+        return c.json({ commits, groups: grouped, hours, total: commits.length });
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return c.json({ error: "Failed to read git log: " + msg }, 500);
+    }
+});
+// Serve personal.html (placeholder — instances populate this)
+app.get("/personal", async (c) => {
+    try {
+        const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "personal.html"));
+        return c.html(html);
+    }
+    catch {
+        return c.text("Personal page not configured for this instance.", 404);
+    }
+});
+// Serve life.html (placeholder — instances populate this)
+app.get("/life", async (c) => {
+    try {
+        const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "life.html"));
+        return c.html(html);
+    }
+    catch {
+        return c.text("Life page not configured for this instance.", 404);
+    }
+});
 // Browse API — fetch a URL and return what the agent sees (stripped text)
 app.get("/api/browse", async (c) => {
     const url = c.req.query("url");
@@ -3159,6 +3474,7 @@ app.get("/api/ops/health", async (c) => {
         },
         provider: resolveProvider(),
         airplaneMode: settings.airplaneMode,
+        privateMode: settings.privateMode,
         models: settings.models,
         sidecars: {
             search: isSidecarAvailable(),
@@ -3378,6 +3694,30 @@ app.delete("/api/ops/projects/:id", async (c) => {
         return c.json({ error: "Project not found" }, 404);
     return c.json({ ok: true });
 });
+// --- Posture API (UI surface assembly) ---
+app.get("/api/posture", (c) => {
+    return c.json({
+        posture: getPosture(),
+        surface: getSurface(),
+        state: getPostureState(),
+    });
+});
+app.put("/api/posture", async (c) => {
+    const body = await c.req.json();
+    if (body.posture && ["silent", "pulse", "board"].includes(body.posture)) {
+        if (body.pinned !== false) {
+            pinPosture(body.posture);
+        }
+        else {
+            pinPosture(body.posture);
+            unpinPosture();
+        }
+    }
+    else if (body.pinned === false) {
+        unpinPosture();
+    }
+    return c.json({ posture: getPosture(), surface: getSurface(), state: getPostureState() });
+});
 // --- Pulse (nervous system) endpoint ---
 app.get("/api/pulse/status", (c) => {
     const integrator = getPressureIntegrator();
@@ -3393,6 +3733,85 @@ app.get("/api/pulse/history", (c) => {
     }
     return c.json(integrator.getVoltageHistory());
 });
+// --- Nerve API (three-dot goo) ---
+import { getNerveState } from "./nerve/state.js";
+import { initPush, getVapidPublicKey, addSubscription, checkAndNotify, startPushMonitor, stopPushMonitor } from "./nerve/push.js";
+import { loadPosture, startDecayTimer, getPosture, getPostureState, getSurface, pinPosture, unpinPosture, } from "./posture/engine.js";
+import { postureTracker, requireSurface, postureHeader } from "./posture/middleware.js";
+// State endpoint — three dots
+app.get("/api/nerve/state", async (c) => {
+    const state = await getNerveState();
+    return c.json(state);
+});
+// VAPID public key for push subscription
+app.get("/api/nerve/vapid-key", (c) => {
+    try {
+        return c.json({ key: getVapidPublicKey() });
+    }
+    catch {
+        return c.json({ error: "Push not initialized" }, 503);
+    }
+});
+// Store push subscription from a nerve endpoint
+app.post("/api/nerve/subscribe", async (c) => {
+    const body = await c.req.json();
+    const { subscription, label } = body;
+    if (!subscription?.endpoint || !subscription?.keys) {
+        return c.json({ error: "Invalid subscription" }, 400);
+    }
+    const id = await addSubscription(subscription, label);
+    return c.json({ id });
+});
+// SSE stream — real-time nerve state updates
+app.get("/api/nerve/stream", async (c) => {
+    return streamSSE(c, async (stream) => {
+        // Send initial state
+        const initial = await getNerveState();
+        await stream.writeSSE({ event: "state", data: JSON.stringify(initial) });
+        // Poll every 5 seconds and send updates
+        let lastJson = JSON.stringify(initial);
+        const interval = setInterval(async () => {
+            try {
+                const state = await getNerveState();
+                const json = JSON.stringify(state);
+                if (json !== lastJson) {
+                    lastJson = json;
+                    await stream.writeSSE({ event: "state", data: json });
+                    // Check if push notifications should fire
+                    await checkAndNotify(state).catch(() => { });
+                }
+            }
+            catch { /* stream may be closed */ }
+        }, 5000);
+        // Keep alive
+        const keepAlive = setInterval(async () => {
+            try {
+                await stream.writeSSE({ event: "ping", data: "" });
+            }
+            catch { /* ok */ }
+        }, 30000);
+        stream.onAbort(() => {
+            clearInterval(interval);
+            clearInterval(keepAlive);
+        });
+        // Hold the stream open
+        await new Promise(() => { });
+    });
+});
+// Update: accept a pending major update
+app.post("/api/nerve/accept-update", async (c) => {
+    try {
+        const { acceptMajorUpdate } = await import("./updater.js");
+        const { clearPendingUpdate } = await import("./nerve/state.js");
+        clearPendingUpdate();
+        // This will restart the process after updating
+        await acceptMajorUpdate();
+        return c.json({ ok: true, message: "Updating and restarting..." });
+    }
+    catch (err) {
+        return c.json({ error: err.message }, 500);
+    }
+});
 // Chat: streamed response (or learn command)
 app.post("/api/chat", async (c) => {
     const body = await c.req.json();
@@ -4091,7 +4510,16 @@ app.post("/api/chat", async (c) => {
             ctx.messages[lastIdx] = { role: "user", content: userContent };
         }
     }
-    const stream_fn = pickStreamFn();
+    let stream_fn;
+    try {
+        stream_fn = pickStreamFn();
+    }
+    catch (err) {
+        if (err instanceof PrivateModeError) {
+            return c.json({ error: err.message }, 503);
+        }
+        throw err;
+    }
     const activeProvider = resolveProvider();
     const activeChatModel = resolveChatModel();
     const reqSignal = c.req.raw.signal;
@@ -4118,15 +4546,30 @@ app.post("/api/chat", async (c) => {
                 resolve();
             };
             reqSignal?.addEventListener("abort", onAbort, { once: true });
+            // Token buffer for split-placeholder rehydration
+            let tokenBuf2 = "";
+            const flushBuf2 = () => {
+                if (!tokenBuf2)
+                    return;
+                const rehydrated = rehydrateResponse(tokenBuf2);
+                tokenBuf2 = "";
+                stream.writeSSE({ data: JSON.stringify({ token: rehydrated }) }).catch(() => { });
+            };
             stream_fn({
                 messages: ctx.messages,
                 model: activeChatModel,
                 signal: reqSignal,
                 onToken: (token) => {
                     fullResponse += token;
-                    stream.writeSSE({ data: JSON.stringify({ token }) }).catch(() => { });
+                    tokenBuf2 += token;
+                    // Hold if buffer ends with partial placeholder
+                    const lastOpen = tokenBuf2.lastIndexOf("<<");
+                    if (lastOpen !== -1 && tokenBuf2.indexOf(">>", lastOpen) === -1)
+                        return;
+                    flushBuf2();
                 },
                 onDone: () => {
+                    flushBuf2(); // flush remainder
                     reqSignal?.removeEventListener("abort", onAbort);
                     // Process action blocks BEFORE sending done — ensures SSE events reach client before stream closes.
                     // ALWAYS strip [AGENT_REQUEST] blocks from response, even if they can't be parsed.
@@ -4347,14 +4790,20 @@ app.post("/api/chat", async (c) => {
                         resolve();
                     }
                 },
-                onError: (err) => {
+                onError: async (err) => {
+                    flushBuf2();
                     reqSignal?.removeEventListener("abort", onAbort);
                     // If this error is from an abort, save partial and exit quietly
                     if (reqSignal?.aborted) {
                         savePartial();
                     }
                     else {
-                        const errorMsg = err instanceof LLMError ? err.userMessage : (err.message || "Stream error");
+                        let errorMsg = err instanceof LLMError ? err.userMessage : (err.message || "Stream error");
+                        if (isPrivateMode() && /ECONNREFUSED|fetch failed|network|socket/i.test(errorMsg)) {
+                            const health = await checkOllamaHealth();
+                            if (!health.ok)
+                                errorMsg += " — Check that Ollama is running. " + health.message;
+                        }
                         stream.writeSSE({ data: JSON.stringify({ error: errorMsg }) }).catch(() => { });
                     }
                     resolve(); // Still resolve so stream closes
@@ -4363,8 +4812,111 @@ app.post("/api/chat", async (c) => {
         });
     });
 });
+// --- Freeze endpoint (operator clicks freeze link) ---
+app.post("/api/freeze", async (c) => {
+    const body = await c.req.json().catch(() => null);
+    if (!body?.signal)
+        return c.json({ error: "Missing freeze signal" }, 400);
+    const { freeze, isFrozen } = await import("./tier/freeze.js");
+    if (isFrozen())
+        return c.json({ error: "Already frozen" }, 409);
+    await freeze(body.signal, process.cwd());
+    return c.json({ status: "frozen", message: "All agents dormant." });
+});
+app.post("/api/thaw", async (c) => {
+    const { thaw } = await import("./tier/freeze.js");
+    await thaw(process.cwd());
+    return c.json({ status: "thawed", message: "Operations resuming." });
+});
+app.get("/api/freeze/status", async (c) => {
+    const { isFrozen, getFreezeSignal } = await import("./tier/freeze.js");
+    return c.json({ frozen: isFrozen(), signal: getFreezeSignal() });
+});
+// --- Brain import API ---
+app.post("/api/import/folder", async (c) => {
+    const body = await c.req.json();
+    if (!body.paths || !Array.isArray(body.paths) || body.paths.length === 0) {
+        return c.json({ error: "paths[] required" }, 400);
+    }
+    const { resolve } = await import("node:path");
+    const { importToBrain } = await import("./files/import.js");
+    const result = await importToBrain({
+        sources: body.paths.map(p => resolve(p)),
+        brainRoot: process.cwd(),
+        dryRun: body.dryRun ?? false,
+    });
+    // After import: fast pass → deep pass (both background, chained)
+    if (!body.dryRun && result.imported > 0) {
+        import("./files/index-local.js").then(({ indexImportedFiles }) => {
+            indexImportedFiles({ localOnly: true })
+                .then(() => import("./files/deep-index.js"))
+                .then(({ runDeepIndex }) => runDeepIndex())
+                .catch(() => { });
+        });
+    }
+    return c.json(result);
+});
+app.post("/api/import/index", async (c) => {
+    const { indexImportedFiles } = await import("./files/index-local.js");
+    const result = await indexImportedFiles({ localOnly: true });
+    // After fast pass, kick off deep index in background
+    import("./files/deep-index.js").then(({ runDeepIndex }) => {
+        runDeepIndex().catch(() => { });
+    });
+    return c.json(result);
+});
+app.post("/api/import/deep-index", async (c) => {
+    const { runDeepIndex } = await import("./files/deep-index.js");
+    const result = await runDeepIndex();
+    return c.json(result);
+});
+app.get("/api/import/deep-index/progress", async (c) => {
+    const { getDeepIndexProgress } = await import("./files/deep-index.js");
+    return c.json(getDeepIndexProgress());
+});
+app.get("/api/import/deep-index/results", async (c) => {
+    const { readFile: rf } = await import("node:fs/promises");
+    const { join: jp } = await import("node:path");
+    try {
+        const raw = await rf(jp(process.cwd(), "brain", ".core", "deep-index.json"), "utf-8");
+        return c.json(JSON.parse(raw));
+    }
+    catch {
+        return c.json({ entities: [], themes: [], crossRefs: [], flags: [], deepIndexed: [] });
+    }
+});
+app.post("/api/import/files", async (c) => {
+    const formData = await c.req.formData();
+    const files = formData.getAll("files");
+    if (files.length === 0)
+        return c.json({ error: "No files provided" }, 400);
+    const { mkdir: mkdirFs, writeFile: writeFs } = await import("node:fs/promises");
+    const { join: joinPath } = await import("node:path");
+    const ingestDir = joinPath(process.cwd(), "ingest");
+    await mkdirFs(ingestDir, { recursive: true });
+    const saved = [];
+    for (const file of files) {
+        if (!file.name)
+            continue;
+        const buffer = Buffer.from(await file.arrayBuffer());
+        const dest = joinPath(ingestDir, file.name);
+        await writeFs(dest, buffer);
+        saved.push(file.name);
+    }
+    // Process the ingest folder immediately
+    const { processIngestFolder } = await import("./files/ingest-folder.js");
+    const ingestedDir = joinPath(process.cwd(), "ingested");
+    const result = await processIngestFolder(ingestDir, ingestedDir);
+    return c.json({
+        saved: saved.length,
+        files: saved,
+        ingested: result.newFiles,
+    });
+});
 // --- Startup ---
-async function start() {
+async function start(opts) {
+    const tier = opts?.tier ?? "byok";
+    const tierGate = await import("./tier/gate.js");
     // Initialize instance name before anything else
     initInstanceName();
     // Initialize OpenTelemetry tracing (must be early, before instrumented code)
@@ -4375,6 +4927,16 @@ async function start() {
     });
     // Load settings (airplane mode, model selection)
     const settings = await loadSettings();
+    // Initialize posture system (UI surface assembly)
+    await loadPosture();
+    startDecayTimer();
+    // Install fetch guard before any routes or outbound calls
+    installFetchGuard();
+    // Initialize PrivacyMembrane for reversible redaction
+    const sensitiveRegistry = new SensitiveRegistry();
+    await sensitiveRegistry.load(BRAIN_DIR);
+    const membrane = new PrivacyMembrane(sensitiveRegistry);
+    setActiveMembrane(membrane);
     // Run independent initialization in parallel: LLM cache, auth, and sidecars
     const [, pairingCode, sidecarResults] = await Promise.all([
         // LLM response cache (file-backed in .core/cache/, 1-hour TTL)
@@ -4491,6 +5053,17 @@ async function start() {
             log.info(`Boot tension: ${todoCount} todo(s) found — pulse should fire`);
         }
     }
+    // Initialize nerve push notifications (VAPID keys + subscriptions)
+    try {
+        await initPush();
+        startPushMonitor(getNerveState, 30_000);
+        log.info("Nerve push notifications ready (monitoring every 30s)");
+    }
+    catch (err) {
+        log.warn("Nerve push init failed — push notifications disabled", {
+            error: err instanceof Error ? err.message : String(err),
+        });
+    }
     // Start weekly backlog review timer (runs every Friday — DASH-59)
     startBacklogReviewTimer(queueProvider.getStore());
     // Start daily morning briefing timer (DASH-44)
@@ -4527,17 +5100,24 @@ async function start() {
             logActivity({ source: "agent", summary: `Continuation error: ${msg}` });
         }
     });
-    // Initialize instance manager (GC, health checks, load balancing)
-    instanceManager = new AgentInstanceManager(runtime);
-    await instanceManager.init();
-    // Initialize agent pool (circuit breakers, isolation, resource management)
-    agentPool = AgentPool.fromExisting(runtime, instanceManager);
-    setAgentPool(agentPool);
-    // Initialize workflow engine for multi-agent coordination
-    workflowEngine = new WorkflowEngine(agentPool);
-    await workflowEngine.loadAllDefinitions().catch((err) => {
-        log.warn("Failed to load workflow definitions", { error: err instanceof Error ? err.message : String(err) });
-    });
+    // Initialize agent spawning — tier >= spawn only
+    if (tierGate.canSpawn(tier)) {
+        // Initialize instance manager (GC, health checks, load balancing)
+        instanceManager = new AgentInstanceManager(runtime);
+        await instanceManager.init();
+        // Initialize agent pool (circuit breakers, isolation, resource management)
+        agentPool = AgentPool.fromExisting(runtime, instanceManager);
+        setAgentPool(agentPool);
+        // Initialize workflow engine for multi-agent coordination
+        workflowEngine = new WorkflowEngine(agentPool);
+        await workflowEngine.loadAllDefinitions().catch((err) => {
+            log.warn("Failed to load workflow definitions", { error: err instanceof Error ? err.message : String(err) });
+        });
+        log.info(`Agent spawning enabled (tier: ${tier})`);
+    }
+    else {
+        log.info(`Agent spawning disabled (tier: ${tier} — requires spawn tier)`);
+    }
     // --- Register component health checks (after all systems initialized) ---
     // Queue store: can we read the JSONL file?
     health.register("queue", queueStoreCheck(() => queueProvider.getStore()), { critical: false });
@@ -4561,25 +5141,27 @@ async function start() {
     recovery.start();
     // Start alert evaluation loop (evaluates every 30s)
     alertManager.start();
-    // Wire notification channels — email (Resend) and phone (Twilio voice)
-    const resendKey = process.env.RESEND_API_KEY;
-    if (resendKey) {
-        alertDispatcher.add(new EmailChannel({
-            endpoint: "https://api.resend.com/emails",
-            apiKey: resendKey,
-            from: `${getInstanceName()} <${getAlertEmailFrom()}>`,
-            to: [resolveEnv("ALERT_EMAIL_TO") ?? ""].filter(Boolean),
-        }));
-        log.info("Alert channel: email (Resend)");
-    }
-    if (process.env.TWILIO_ACCOUNT_SID) {
-        alertDispatcher.add(new PhoneChannel());
-        log.info("Alert channel: phone (Twilio voice)");
-    }
-    alertManager.updateNotifications([
-        { channel: "email", minSeverity: "warning" },
-        { channel: "phone", minSeverity: "critical" },
-    ]);
+    // Wire notification channels — tier >= byok only (requires BYOK API keys)
+    if (tierGate.canAlert(tier)) {
+        const resendKey = process.env.RESEND_API_KEY;
+        if (resendKey) {
+            alertDispatcher.add(new EmailChannel({
+                endpoint: "https://api.resend.com/emails",
+                apiKey: resendKey,
+                from: `${getInstanceName()} <${getAlertEmailFrom()}>`,
+                to: [resolveEnv("ALERT_EMAIL_TO") ?? ""].filter(Boolean),
+            }));
+            log.info("Alert channel: email (Resend)");
+        }
+        if (process.env.TWILIO_ACCOUNT_SID) {
+            alertDispatcher.add(new PhoneChannel());
+            log.info("Alert channel: phone (Twilio voice)");
+        }
+        alertManager.updateNotifications([
+            { channel: "email", minSeverity: "warning" },
+            { channel: "phone", minSeverity: "critical" },
+        ]);
+    }
     // Start credit monitoring (checks every 5 min, configurable via CORE_CREDIT_CHECK_INTERVAL_MS)
     startCreditMonitor(health, alertManager);
     // Avatar sidecar launches in background — slow (model loading) but non-blocking
@@ -4601,7 +5183,21 @@ async function start() {
     log.info(`${getInstanceName()} — Local Chat starting`);
     // Show LLM provider based on settings
     const provider = resolveProvider();
-    if (settings.airplaneMode) {
+    if (settings.privateMode) {
+        log.info("Mode: PRIVATE (network-isolated), LLM: Ollama only — cloud providers blocked");
+        // Fail loudly at startup if Ollama isn't available in private mode
+        try {
+            const { assertOllamaAvailable } = await import("./llm/guard.js");
+            await assertOllamaAvailable();
+            log.info("Ollama: reachable ✓");
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            log.error(msg);
+            throw new Error("Cannot start in privateMode without Ollama. " + msg);
+        }
+    }
+    else if (settings.airplaneMode) {
         log.info("Mode: Airplane (local only), LLM: Ollama");
     }
     else {
@@ -4767,10 +5363,46 @@ async function start() {
         return reply.trim();
     });
     log.info(`${getInstanceName()} email handler registered — emails with '${getInstanceName()}' in subject will be auto-replied`);
-    serve({ fetch: app.fetch, port: PORT }, () => {
-        log.info(`Listening on http://localhost:${PORT}`);
+    await new Promise((resolve) => {
+        const server = serve({ fetch: app.fetch, port: PORT }, () => {
+            const addr = server.address();
+            if (typeof addr === "object" && addr) {
+                actualPort = addr.port;
+            }
+            log.info(`Listening on http://localhost:${actualPort}`);
+            // Show LAN IP for phone access
+            try {
+                import("node:os").then(({ networkInterfaces }) => {
+                    const nets = networkInterfaces();
+                    for (const name of Object.keys(nets)) {
+                        for (const net of nets[name] ?? []) {
+                            if (net.family === "IPv4" && !net.internal) {
+                                log.info(`Nerve (phone): http://${net.address}:${actualPort}/nerve`);
+                            }
+                        }
+                    }
+                });
+            }
+            catch { /* ok */ }
+            // Announce on LAN if mesh.lanAnnounce is enabled AND tier >= byok
+            if (tierGate.canMesh(tier) && getMeshConfig().lanAnnounce) {
+                try {
+                    startMdns(actualPort);
+                }
+                catch (err) {
+                    log.warn("mDNS announcement failed — discovery disabled", {
+                        error: err instanceof Error ? err.message : String(err),
+                    });
+                }
+            }
+            resolve();
+        });
     });
 }
+/** Returns the port the server is actually listening on (resolves port 0). */
+export function getActualPort() {
+    return actualPort;
+}
 export { start };
 const isDirectRun = process.argv[1]?.replace(/\\/g, "/").includes("server");
 if (isDirectRun) {
@@ -4779,6 +5411,87 @@ if (isDirectRun) {
         process.exit(1);
     });
 }
+function parseRoadmapYaml(raw) {
+    const result = { phases: [], streams: [], milestones: [] };
+    const lines = raw.split("\n");
+    let section = null;
+    let currentObj = null;
+    function flush() {
+        if (currentObj && section && section !== "layout") {
+            result[section].push(currentObj);
+            currentObj = null;
+        }
+    }
+    for (const line of lines) {
+        const trimmed = line.trimEnd();
+        if (trimmed === "" || trimmed.startsWith("#"))
+            continue;
+        // Top-level section headers
+        if (/^layout:\s*$/.test(trimmed)) {
+            flush();
+            section = "layout";
+            result.layout = {};
+            continue;
+        }
+        if (/^phases:\s*$/.test(trimmed)) {
+            flush();
+            section = "phases";
+            continue;
+        }
+        if (/^streams:\s*$/.test(trimmed)) {
+            flush();
+            section = "streams";
+            continue;
+        }
+        if (/^milestones:\s*$/.test(trimmed)) {
+            flush();
+            section = "milestones";
+            continue;
+        }
+        if (!section)
+            continue;
+        // Layout is a flat object, not an array
+        if (section === "layout") {
+            const kvMatch = trimmed.match(/^\s+(\w+)\s*:\s*(.*)/);
+            if (kvMatch && result.layout) {
+                result.layout[kvMatch[1]] = kvMatch[2].replace(/^["']|["']$/g, "").trim();
+            }
+            continue;
+        }
+        // New list item: "  - key: value"
+        const newItemMatch = trimmed.match(/^\s+-\s+(\w+)\s*:\s*(.*)/);
+        if (newItemMatch) {
+            flush();
+            currentObj = {};
+            const key = newItemMatch[1];
+            const val = newItemMatch[2].replace(/^["']|["']$/g, "").trim();
+            if (val.startsWith("[")) {
+                // Inline array: [a, b, c]
+                currentObj[key] = val.slice(1, -1).split(",").map(s => s.trim().replace(/^["']|["']$/g, ""));
+            }
+            else {
+                currentObj[key] = val;
+            }
+            continue;
+        }
+        // Continuation key: "    key: value"
+        if (currentObj) {
+            const kvMatch = trimmed.match(/^\s+(\w+)\s*:\s*(.*)/);
+            if (kvMatch) {
+                const key = kvMatch[1];
+                const val = kvMatch[2].replace(/^["']|["']$/g, "").trim();
+                if (val.startsWith("[")) {
+                    currentObj[key] = val.slice(1, -1).split(",").map(s => s.trim().replace(/^["']|["']$/g, ""));
+                }
+                else {
+                    currentObj[key] = val;
+                }
+            }
+        }
+    }
+    flush();
+    return result;
+}
 // Graceful shutdown: agent pool first (drains queue, terminates agents, cleans resources),
 // then sidecars, timers, and monitors.
 async function gracefulShutdown(signal) {
@@ -4812,6 +5525,8 @@ async function gracefulShutdown(signal) {
     stopInsightsTimer();
     stopOpenLoopScanner();
     stopCreditMonitor();
+    stopPushMonitor();
+    stopMdns();
     stopAvatarSidecar();
     stopTtsSidecar();
     stopSttSidecar();