@runcore-sh/runcore 0.1.9 → 0.1.10

package/dist/posture/middleware.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Posture middleware — gates routes by current UI surface level
+ * and records interaction signals for intent accumulation.
+ *
+ * Routes return 404 (not 403) when posture is below threshold.
+ * The surface doesn't exist yet — it's not forbidden, it's not assembled.
+ */
+import type { MiddlewareHandler } from "hono";
+import type { PostureSurface } from "./types.js";
+/**
+ * Middleware: record every API interaction as a signal.
+ * Mounted early — runs for all /api/* routes.
+ */
+export declare function postureTracker(): MiddlewareHandler;
+/**
+ * Middleware: record page views (HTML page loads).
+ * Mounted on page routes like /board, /ops, /observatory, etc.
+ */
+export declare function pageViewTracker(pageName: string): MiddlewareHandler;
+/**
+ * Require a minimum posture level for a route group.
+ * Returns 404 if the surface isn't assembled yet.
+ */
+export declare function requireSurface(surface: keyof PostureSurface): MiddlewareHandler;
+/**
+ * Add posture info to API responses via header.
+ * Clients use this to know what to render.
+ */
+export declare function postureHeader(): MiddlewareHandler;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/posture/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/posture/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAE9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,iBAAiB,CAsClD;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,CASnE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,cAAc,GAAG,iBAAiB,CAO/E;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,iBAAiB,CAMjD"}

package/dist/posture/middleware.js

@@ -0,0 +1,92 @@
+/**
+ * Posture middleware — gates routes by current UI surface level
+ * and records interaction signals for intent accumulation.
+ *
+ * Routes return 404 (not 403) when posture is below threshold.
+ * The surface doesn't exist yet — it's not forbidden, it's not assembled.
+ */
+import { hasSurface, recordInteraction, getSurface } from "./engine.js";
+/**
+ * Middleware: record every API interaction as a signal.
+ * Mounted early — runs for all /api/* routes.
+ */
+export function postureTracker() {
+    return async (c, next) => {
+        const path = c.req.path;
+        // Classify the interaction
+        let surface = "chat";
+        let detail;
+        if (path.startsWith("/api/nerve") || path.startsWith("/api/pulse")) {
+            surface = "pulse";
+        }
+        else if (path.startsWith("/api/board")) {
+            surface = "pages";
+            detail = "board";
+        }
+        else if (path.startsWith("/api/ops")) {
+            surface = "pages";
+            detail = "ops";
+        }
+        else if (path.startsWith("/api/agents")) {
+            surface = "agents";
+        }
+        else if (path.startsWith("/api/settings") || path.startsWith("/api/admin")) {
+            surface = "settings";
+        }
+        else if (path.startsWith("/api/open-loops") || path.startsWith("/api/insights") || path.startsWith("/api/metrics")) {
+            surface = "pages";
+            detail = "observatory";
+        }
+        else if (path.startsWith("/api/chat")) {
+            surface = "chat";
+        }
+        else if (path.startsWith("/api/browse") || path.startsWith("/api/search")) {
+            surface = "pages";
+            detail = "browser";
+        }
+        recordInteraction({
+            timestamp: new Date().toISOString(),
+            surface,
+            detail,
+        });
+        await next();
+    };
+}
+/**
+ * Middleware: record page views (HTML page loads).
+ * Mounted on page routes like /board, /ops, /observatory, etc.
+ */
+export function pageViewTracker(pageName) {
+    return async (c, next) => {
+        recordInteraction({
+            timestamp: new Date().toISOString(),
+            surface: "page-view",
+            detail: pageName,
+        });
+        await next();
+    };
+}
+/**
+ * Require a minimum posture level for a route group.
+ * Returns 404 if the surface isn't assembled yet.
+ */
+export function requireSurface(surface) {
+    return async (c, next) => {
+        if (!hasSurface(surface)) {
+            return c.json({ error: "not_available", posture: "surface not assembled" }, 404);
+        }
+        await next();
+    };
+}
+/**
+ * Add posture info to API responses via header.
+ * Clients use this to know what to render.
+ */
+export function postureHeader() {
+    return async (c, next) => {
+        await next();
+        const surface = getSurface();
+        c.header("X-Posture-Surface", JSON.stringify(surface));
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/posture/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/posture/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGxE;;;GAGG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QAExB,2BAA2B;QAC3B,IAAI,OAAO,GAAuC,MAAM,CAAC;QACzD,IAAI,MAA0B,CAAC;QAE/B,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACnE,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACzC,OAAO,GAAG,OAAO,CAAC;YAClB,MAAM,GAAG,OAAO,CAAC;QACnB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,OAAO,GAAG,OAAO,CAAC;YAClB,MAAM,GAAG,KAAK,CAAC;QACjB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,OAAO,GAAG,QAAQ,CAAC;QACrB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7E,OAAO,GAAG,UAAU,CAAC;QACvB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACrH,OAAO,GAAG,OAAO,CAAC;YAClB,MAAM,GAAG,aAAa,CAAC;QACzB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACxC,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5E,OAAO,GAAG,OAAO,CAAC;YAClB,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QAED,iBAAiB,CAAC;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO;YACP,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,iBAAiB,CAAC;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;QACH,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,OAA6B;IAC1D,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,GAAG,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,MAAM,IAAI,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,CAAC,CAAC,MAAM,CAAC,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC;AACJ,CAAC"}

package/dist/posture/types.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Posture — how much UI surface assembles around the user.
+ *
+ * Three modes:
+ * - silent:  No UI. Core works in background. Reaches out via chat/SMS/email.
+ * - pulse:   Three dots only. Tap for drill-down. Zero-to-one interaction.
+ * - board:   Full visibility. Threads, agents, memory, operations.
+ *
+ * Posture is orthogonal to tier (capabilities) and bonding (trust).
+ * A BYOK user might be silent. A Spawn user might only want pulse.
+ * UI is a symptom of unresolved autonomy — buttons exist because
+ * Core couldn't handle it alone yet.
+ *
+ * Posture is observed, not configured. Intent accumulation drives transitions.
+ * The system records interaction patterns and adapts surface area.
+ */
+export type PostureName = "silent" | "pulse" | "board";
+export declare const POSTURE_LEVEL: Record<PostureName, number>;
+/** What UI surfaces are available at each posture. */
+export interface PostureSurface {
+    /** Chat channel (always available — the minimum) */
+    chat: boolean;
+    /** Three-dot pulse strip */
+    pulse: boolean;
+    /** Drill-down panels when tapping dots */
+    drilldown: boolean;
+    /** Full page views: observatory, ops, board, library, etc. */
+    pages: boolean;
+    /** Agent task management UI */
+    agents: boolean;
+    /** Settings/configuration UI */
+    settings: boolean;
+}
+export declare const POSTURE_SURFACE: Record<PostureName, PostureSurface>;
+/**
+ * An interaction signal — recorded every time the user does something.
+ * Intent accumulation uses these to decide posture transitions.
+ */
+export interface InteractionSignal {
+    timestamp: string;
+    /** What surface the user touched */
+    surface: keyof PostureSurface | "page-view";
+    /** Specific detail — page name, dot tapped, etc. */
+    detail?: string;
+}
+/**
+ * Posture state — persisted in brain/settings.json alongside other settings.
+ */
+export interface PostureState {
+    /** Current posture */
+    current: PostureName;
+    /** When the posture last changed */
+    changedAt: string;
+    /** Whether the user explicitly set this (locks auto-transition) */
+    pinned: boolean;
+    /** Interaction count per surface in the current window */
+    interactions: Record<string, number>;
+    /** When the interaction window started */
+    windowStart: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/posture/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/posture/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC;AAEvD,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAIrD,CAAC;AAEF,sDAAsD;AACtD,MAAM,WAAW,cAAc;IAC7B,oDAAoD;IACpD,IAAI,EAAE,OAAO,CAAC;IACd,4BAA4B;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,0CAA0C;IAC1C,SAAS,EAAE,OAAO,CAAC;IACnB,8DAA8D;IAC9D,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,gCAAgC;IAChC,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,WAAW,EAAE,cAAc,CAyB/D,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,OAAO,EAAE,MAAM,cAAc,GAAG,WAAW,CAAC;IAC5C,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,sBAAsB;IACtB,OAAO,EAAE,WAAW,CAAC;IACrB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,MAAM,EAAE,OAAO,CAAC;IAChB,0DAA0D;IAC1D,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;CACrB"}

package/dist/posture/types.js

@@ -0,0 +1,48 @@
+/**
+ * Posture — how much UI surface assembles around the user.
+ *
+ * Three modes:
+ * - silent:  No UI. Core works in background. Reaches out via chat/SMS/email.
+ * - pulse:   Three dots only. Tap for drill-down. Zero-to-one interaction.
+ * - board:   Full visibility. Threads, agents, memory, operations.
+ *
+ * Posture is orthogonal to tier (capabilities) and bonding (trust).
+ * A BYOK user might be silent. A Spawn user might only want pulse.
+ * UI is a symptom of unresolved autonomy — buttons exist because
+ * Core couldn't handle it alone yet.
+ *
+ * Posture is observed, not configured. Intent accumulation drives transitions.
+ * The system records interaction patterns and adapts surface area.
+ */
+export const POSTURE_LEVEL = {
+    silent: 0,
+    pulse: 1,
+    board: 2,
+};
+export const POSTURE_SURFACE = {
+    silent: {
+        chat: true,
+        pulse: false,
+        drilldown: false,
+        pages: false,
+        agents: false,
+        settings: false,
+    },
+    pulse: {
+        chat: true,
+        pulse: true,
+        drilldown: true,
+        pages: false,
+        agents: false,
+        settings: false,
+    },
+    board: {
+        chat: true,
+        pulse: true,
+        drilldown: true,
+        pages: true,
+        agents: true,
+        settings: true,
+    },
+};
+//# sourceMappingURL=types.js.map

package/dist/posture/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/posture/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,MAAM,CAAC,MAAM,aAAa,GAAgC;IACxD,MAAM,EAAE,CAAC;IACT,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;CACT,CAAC;AAkBF,MAAM,CAAC,MAAM,eAAe,GAAwC;IAClE,MAAM,EAAE;QACN,IAAI,EAAE,IAAI;QACV,KAAK,EAAE,KAAK;QACZ,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,KAAK;KAChB;IACD,KAAK,EAAE;QACL,IAAI,EAAE,IAAI;QACV,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,KAAK;KAChB;IACD,KAAK,EAAE;QACL,IAAI,EAAE,IAAI;QACV,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,IAAI;KACf;CACF,CAAC"}

package/dist/server.d.ts

@@ -3,7 +3,9 @@
  * Hono app: serves static UI, handles pairing/auth, streams chat via Ollama (local) or OpenRouter (cloud).
  */
 export declare function getStartupToken(): string | null;
-declare function start(): Promise<void>;
+declare function start(opts?: {
+    tier?: import("./tier/types.js").TierName;
+}): Promise<void>;
 /** Returns the port the server is actually listening on (resolves port 0). */
 export declare function getActualPort(): number;
 export { start };

package/dist/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuTH,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAE/C;AA62JD,iBAAe,KAAK,kBAkgBnB;AAED,8EAA8E;AAC9E,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,OAAO,EAAE,KAAK,EAAE,CAAC"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAuTH,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAE/C;AA2gKD,iBAAe,KAAK,CAAC,IAAI,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,iBAAiB,EAAE,QAAQ,CAAA;CAAE,iBAghBxE;AAED,8EAA8E;AAC9E,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,OAAO,EAAE,KAAK,EAAE,CAAC"}

package/dist/server.js

@@ -406,6 +406,11 @@ app.use("/api/*", async (c, next) => {
     }
     return generalLimiter(c, next);
 });
+// --- Posture middleware (intent accumulation + surface gating) ---
+// Track all API interactions for posture engine
+app.use("/api/*", postureTracker());
+// Attach posture surface header to all responses
+app.use("/api/*", postureHeader());
 // --- Webhook initialization (batch registration + config + admin routes) ---
 const webhookInitStart = performance.now();
 // Phase 1: Batch-register all webhook providers (deferred from module imports to avoid
@@ -2438,6 +2443,10 @@ function issuesToCardPayload(issues) {
         };
     });
 }
+// Board API — gated to board posture
+app.use("/api/board/*", requireSurface("pages"));
+app.use("/api/ops/*", requireSurface("pages"));
+app.use("/api/agents/*", requireSurface("agents"));
 // Board status: is a provider configured, and who is the user?
 app.get("/api/board/status", async (c) => {
     const board = getBoardProvider();
@@ -3244,33 +3253,29 @@ app.get("/api/help/context", async (c) => {
         changelog,
     });
 });
-// --- Ops dashboard routes (no auth — local-only diagnostics) ---
-// Serve observatory.html
-app.get("/observatory", async (c) => {
+// --- Ops dashboard routes (posture-gated: board level) ---
+// Board-level pages — only assembled when user has shown intent for full visibility
+app.get("/observatory", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "observatory.html"));
     return c.html(html);
 });
-// Serve ops.html
-app.get("/ops", async (c) => {
+app.get("/ops", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "ops.html"));
     return c.html(html);
 });
-// Serve board.html (kanban view)
-app.get("/board", async (c) => {
+app.get("/board", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "board.html"));
     return c.html(html);
 });
-// Serve library.html (file explorer)
-app.get("/library", async (c) => {
+app.get("/library", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "library.html"));
     return c.html(html);
 });
-// Serve browser.html (agent's-eye view of web pages)
-app.get("/browser", async (c) => {
+app.get("/browser", requireSurface("pages"), async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "browser.html"));
     return c.html(html);
 });
-// Serve registry.html (service & capability dashboard)
+// Registry is always available — it's the entry point
 app.get("/registry", async (c) => {
     const html = await serveHtmlTemplate(join(PKG_ROOT, "public", "registry.html"));
     return c.html(html);
@@ -3689,6 +3694,30 @@ app.delete("/api/ops/projects/:id", async (c) => {
         return c.json({ error: "Project not found" }, 404);
     return c.json({ ok: true });
 });
+// --- Posture API (UI surface assembly) ---
+app.get("/api/posture", (c) => {
+    return c.json({
+        posture: getPosture(),
+        surface: getSurface(),
+        state: getPostureState(),
+    });
+});
+app.put("/api/posture", async (c) => {
+    const body = await c.req.json();
+    if (body.posture && ["silent", "pulse", "board"].includes(body.posture)) {
+        if (body.pinned !== false) {
+            pinPosture(body.posture);
+        }
+        else {
+            pinPosture(body.posture);
+            unpinPosture();
+        }
+    }
+    else if (body.pinned === false) {
+        unpinPosture();
+    }
+    return c.json({ posture: getPosture(), surface: getSurface(), state: getPostureState() });
+});
 // --- Pulse (nervous system) endpoint ---
 app.get("/api/pulse/status", (c) => {
     const integrator = getPressureIntegrator();
@@ -3707,6 +3736,8 @@ app.get("/api/pulse/history", (c) => {
 // --- Nerve API (three-dot goo) ---
 import { getNerveState } from "./nerve/state.js";
 import { initPush, getVapidPublicKey, addSubscription, checkAndNotify, startPushMonitor, stopPushMonitor } from "./nerve/push.js";
+import { loadPosture, startDecayTimer, getPosture, getPostureState, getSurface, pinPosture, unpinPosture, } from "./posture/engine.js";
+import { postureTracker, requireSurface, postureHeader } from "./posture/middleware.js";
 // State endpoint — three dots
 app.get("/api/nerve/state", async (c) => {
     const state = await getNerveState();
@@ -4781,8 +4812,111 @@ app.post("/api/chat", async (c) => {
         });
     });
 });
+// --- Freeze endpoint (operator clicks freeze link) ---
+app.post("/api/freeze", async (c) => {
+    const body = await c.req.json().catch(() => null);
+    if (!body?.signal)
+        return c.json({ error: "Missing freeze signal" }, 400);
+    const { freeze, isFrozen } = await import("./tier/freeze.js");
+    if (isFrozen())
+        return c.json({ error: "Already frozen" }, 409);
+    await freeze(body.signal, process.cwd());
+    return c.json({ status: "frozen", message: "All agents dormant." });
+});
+app.post("/api/thaw", async (c) => {
+    const { thaw } = await import("./tier/freeze.js");
+    await thaw(process.cwd());
+    return c.json({ status: "thawed", message: "Operations resuming." });
+});
+app.get("/api/freeze/status", async (c) => {
+    const { isFrozen, getFreezeSignal } = await import("./tier/freeze.js");
+    return c.json({ frozen: isFrozen(), signal: getFreezeSignal() });
+});
+// --- Brain import API ---
+app.post("/api/import/folder", async (c) => {
+    const body = await c.req.json();
+    if (!body.paths || !Array.isArray(body.paths) || body.paths.length === 0) {
+        return c.json({ error: "paths[] required" }, 400);
+    }
+    const { resolve } = await import("node:path");
+    const { importToBrain } = await import("./files/import.js");
+    const result = await importToBrain({
+        sources: body.paths.map(p => resolve(p)),
+        brainRoot: process.cwd(),
+        dryRun: body.dryRun ?? false,
+    });
+    // After import: fast pass → deep pass (both background, chained)
+    if (!body.dryRun && result.imported > 0) {
+        import("./files/index-local.js").then(({ indexImportedFiles }) => {
+            indexImportedFiles({ localOnly: true })
+                .then(() => import("./files/deep-index.js"))
+                .then(({ runDeepIndex }) => runDeepIndex())
+                .catch(() => { });
+        });
+    }
+    return c.json(result);
+});
+app.post("/api/import/index", async (c) => {
+    const { indexImportedFiles } = await import("./files/index-local.js");
+    const result = await indexImportedFiles({ localOnly: true });
+    // After fast pass, kick off deep index in background
+    import("./files/deep-index.js").then(({ runDeepIndex }) => {
+        runDeepIndex().catch(() => { });
+    });
+    return c.json(result);
+});
+app.post("/api/import/deep-index", async (c) => {
+    const { runDeepIndex } = await import("./files/deep-index.js");
+    const result = await runDeepIndex();
+    return c.json(result);
+});
+app.get("/api/import/deep-index/progress", async (c) => {
+    const { getDeepIndexProgress } = await import("./files/deep-index.js");
+    return c.json(getDeepIndexProgress());
+});
+app.get("/api/import/deep-index/results", async (c) => {
+    const { readFile: rf } = await import("node:fs/promises");
+    const { join: jp } = await import("node:path");
+    try {
+        const raw = await rf(jp(process.cwd(), "brain", ".core", "deep-index.json"), "utf-8");
+        return c.json(JSON.parse(raw));
+    }
+    catch {
+        return c.json({ entities: [], themes: [], crossRefs: [], flags: [], deepIndexed: [] });
+    }
+});
+app.post("/api/import/files", async (c) => {
+    const formData = await c.req.formData();
+    const files = formData.getAll("files");
+    if (files.length === 0)
+        return c.json({ error: "No files provided" }, 400);
+    const { mkdir: mkdirFs, writeFile: writeFs } = await import("node:fs/promises");
+    const { join: joinPath } = await import("node:path");
+    const ingestDir = joinPath(process.cwd(), "ingest");
+    await mkdirFs(ingestDir, { recursive: true });
+    const saved = [];
+    for (const file of files) {
+        if (!file.name)
+            continue;
+        const buffer = Buffer.from(await file.arrayBuffer());
+        const dest = joinPath(ingestDir, file.name);
+        await writeFs(dest, buffer);
+        saved.push(file.name);
+    }
+    // Process the ingest folder immediately
+    const { processIngestFolder } = await import("./files/ingest-folder.js");
+    const ingestedDir = joinPath(process.cwd(), "ingested");
+    const result = await processIngestFolder(ingestDir, ingestedDir);
+    return c.json({
+        saved: saved.length,
+        files: saved,
+        ingested: result.newFiles,
+    });
+});
 // --- Startup ---
-async function start() {
+async function start(opts) {
+    const tier = opts?.tier ?? "byok";
+    const tierGate = await import("./tier/gate.js");
     // Initialize instance name before anything else
     initInstanceName();
     // Initialize OpenTelemetry tracing (must be early, before instrumented code)
@@ -4793,6 +4927,9 @@ async function start() {
     });
     // Load settings (airplane mode, model selection)
     const settings = await loadSettings();
+    // Initialize posture system (UI surface assembly)
+    await loadPosture();
+    startDecayTimer();
     // Install fetch guard before any routes or outbound calls
     installFetchGuard();
     // Initialize PrivacyMembrane for reversible redaction
@@ -4963,17 +5100,24 @@ async function start() {
             logActivity({ source: "agent", summary: `Continuation error: ${msg}` });
         }
     });
-    // Initialize instance manager (GC, health checks, load balancing)
-    instanceManager = new AgentInstanceManager(runtime);
-    await instanceManager.init();
-    // Initialize agent pool (circuit breakers, isolation, resource management)
-    agentPool = AgentPool.fromExisting(runtime, instanceManager);
-    setAgentPool(agentPool);
-    // Initialize workflow engine for multi-agent coordination
-    workflowEngine = new WorkflowEngine(agentPool);
-    await workflowEngine.loadAllDefinitions().catch((err) => {
-        log.warn("Failed to load workflow definitions", { error: err instanceof Error ? err.message : String(err) });
-    });
+    // Initialize agent spawning — tier >= spawn only
+    if (tierGate.canSpawn(tier)) {
+        // Initialize instance manager (GC, health checks, load balancing)
+        instanceManager = new AgentInstanceManager(runtime);
+        await instanceManager.init();
+        // Initialize agent pool (circuit breakers, isolation, resource management)
+        agentPool = AgentPool.fromExisting(runtime, instanceManager);
+        setAgentPool(agentPool);
+        // Initialize workflow engine for multi-agent coordination
+        workflowEngine = new WorkflowEngine(agentPool);
+        await workflowEngine.loadAllDefinitions().catch((err) => {
+            log.warn("Failed to load workflow definitions", { error: err instanceof Error ? err.message : String(err) });
+        });
+        log.info(`Agent spawning enabled (tier: ${tier})`);
+    }
+    else {
+        log.info(`Agent spawning disabled (tier: ${tier} — requires spawn tier)`);
+    }
     // --- Register component health checks (after all systems initialized) ---
     // Queue store: can we read the JSONL file?
     health.register("queue", queueStoreCheck(() => queueProvider.getStore()), { critical: false });
@@ -4997,25 +5141,27 @@ async function start() {
     recovery.start();
     // Start alert evaluation loop (evaluates every 30s)
     alertManager.start();
-    // Wire notification channels — email (Resend) and phone (Twilio voice)
-    const resendKey = process.env.RESEND_API_KEY;
-    if (resendKey) {
-        alertDispatcher.add(new EmailChannel({
-            endpoint: "https://api.resend.com/emails",
-            apiKey: resendKey,
-            from: `${getInstanceName()} <${getAlertEmailFrom()}>`,
-            to: [resolveEnv("ALERT_EMAIL_TO") ?? ""].filter(Boolean),
-        }));
-        log.info("Alert channel: email (Resend)");
-    }
-    if (process.env.TWILIO_ACCOUNT_SID) {
-        alertDispatcher.add(new PhoneChannel());
-        log.info("Alert channel: phone (Twilio voice)");
-    }
-    alertManager.updateNotifications([
-        { channel: "email", minSeverity: "warning" },
-        { channel: "phone", minSeverity: "critical" },
-    ]);
+    // Wire notification channels — tier >= byok only (requires BYOK API keys)
+    if (tierGate.canAlert(tier)) {
+        const resendKey = process.env.RESEND_API_KEY;
+        if (resendKey) {
+            alertDispatcher.add(new EmailChannel({
+                endpoint: "https://api.resend.com/emails",
+                apiKey: resendKey,
+                from: `${getInstanceName()} <${getAlertEmailFrom()}>`,
+                to: [resolveEnv("ALERT_EMAIL_TO") ?? ""].filter(Boolean),
+            }));
+            log.info("Alert channel: email (Resend)");
+        }
+        if (process.env.TWILIO_ACCOUNT_SID) {
+            alertDispatcher.add(new PhoneChannel());
+            log.info("Alert channel: phone (Twilio voice)");
+        }
+        alertManager.updateNotifications([
+            { channel: "email", minSeverity: "warning" },
+            { channel: "phone", minSeverity: "critical" },
+        ]);
+    }
     // Start credit monitoring (checks every 5 min, configurable via CORE_CREDIT_CHECK_INTERVAL_MS)
     startCreditMonitor(health, alertManager);
     // Avatar sidecar launches in background — slow (model loading) but non-blocking
@@ -5238,8 +5384,8 @@ async function start() {
                 });
             }
             catch { /* ok */ }
-            // Announce on LAN if mesh.lanAnnounce is enabled
-            if (getMeshConfig().lanAnnounce) {
+            // Announce on LAN if mesh.lanAnnounce is enabled AND tier >= byok
+            if (tierGate.canMesh(tier) && getMeshConfig().lanAnnounce) {
                 try {
                     startMdns(actualPort);
                 }