@sanctuary-framework/mcp-server 0.10.5 → 1.0.0-rc.1

package/dist/cli.cjs

@@ -21,6 +21,7 @@ var fs = require('fs');
 var index_js$1 = require('@modelcontextprotocol/sdk/client/index.js');
 var stdio_js$1 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var sse_js = require('@modelcontextprotocol/sdk/client/sse.js');
+var url = require('url');
 var readline = require('readline');
 var stdio_js = require('@modelcontextprotocol/sdk/server/stdio.js');
 
@@ -846,7 +847,8 @@ var init_state_store = __esm({
       "_handshake",
       "_shr",
       "_sovereignty_profile",
-      "_context_gate_policies"
+      "_context_gate_policies",
+      "_fortress_mode"
     ];
     StateStore = class _StateStore {
       storage;
@@ -1889,7 +1891,8 @@ var init_tools = __esm({
       "_handshake",
       "_shr",
       "_sovereignty_profile",
-      "_context_gate_policies"
+      "_context_gate_policies",
+      "_fortress_mode"
     ];
     IdentityManager = class {
       storage;
@@ -4453,8 +4456,12 @@ var init_loader = __esm({
         // Clears all runtime governance state — always requires approval
         "sanctuary_bootstrap",
         // Creates new Ed25519 identity + publishes — always requires approval
-        "sanctuary_export_identity_bundle"
+        "sanctuary_export_identity_bundle",
         // Exports portable identity — always requires approval
+        // WP-MVP-2 Operator Console: federation-node-join requires explicit
+        // operator confirmation per Key 8. No auto-approve path. The console's
+        // JoinApprover drives this gate via `MeshConsoleClient.makeJoinApprover`.
+        "federation_node_join"
       ],
       tier2_anomaly: DEFAULT_TIER2,
       tier3_always_allow: [
@@ -6513,6 +6520,28 @@ function generateDashboardHTML(options) {
         </div>
       </div>
 
+      <!--
+        Mesh Health panel (WP-MVP-3 Follow-up #3).
+        Subscribes to the existing /events SSE channel \u2014 no new transport.
+        Render shape: per-node row with presence + flags + rollup.
+        On open alert: list inline with operator-decision CTAs (rollback /
+        split-brain / canonical-audit promotion).
+        On post-recovery prompt: render rotation-prompt overlay with
+        broker-credential list + "rotate now" buttons (rotation flow itself
+        is the existing v0.10.x broker rotation surface).
+      -->
+      <div class="mesh-health-panel" id="mesh-health-panel">
+        <div class="panel-header">
+          <div class="panel-title">Mesh Health</div>
+          <span class="card-value" id="mesh-health-updated-at" style="font-size: 11px; color: var(--text-secondary);">\u2014</span>
+        </div>
+        <div id="mesh-health-rows" class="mesh-health-rows">
+          <div class="empty-state">Waiting for mesh health data\u2026</div>
+        </div>
+        <div id="mesh-health-alerts" class="mesh-health-alerts" style="margin-top: 12px;"></div>
+        <div id="mesh-post-recovery-prompt" class="mesh-post-recovery-prompt" style="margin-top: 12px; display: none;"></div>
+      </div>
+
       <!-- Sovereignty Profile Panel -->
       <div class="profile-panel" id="sovereignty-profile-panel">
         <div class="panel-header">
@@ -6715,6 +6744,11 @@ function generateDashboardHTML(options) {
     // SEC-038: Do NOT embed the long-lived auth token in page source.
     // Use only the session token stored in sessionStorage by the login flow.
     const AUTH_TOKEN = sessionStorage.getItem('authToken') || '';
+    // v0.10.6: server-baked flag mirroring _autoAuthLocalhost. When true,
+    // the init-time auth gate does NOT redirect to '/' on empty AUTH_TOKEN,
+    // because the server already admitted this loopback caller without a
+    // bearer token. See dashboard-html.ts generateDashboardHTML() doc.
+    const LOOPBACK_AUTH = ${JSON.stringify(options.loopbackAutoAuth === true)};
     const TIMEOUT_SECONDS = ${options.timeoutSeconds};
     const API_BASE = '';
 
@@ -7217,12 +7251,96 @@ function generateDashboardHTML(options) {
         loadProxyServers();
       });
 
+      // \u2500\u2500 Mesh Health (WP-MVP-3 Follow-up #3) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+      // The federation FailureModeDetector pushes per-tick snapshots and
+      // per-detection alerts via the existing /events channel. Renders are
+      // best-effort \u2014 if the panel DOM is absent (older HTML cache), we
+      // silently skip rather than crashing.
+      eventSource.addEventListener('mesh-health', (e) => {
+        try {
+          const snap = JSON.parse(e.data);
+          renderMeshHealth(snap);
+        } catch (err) { console.error('mesh-health render failed', err); }
+      });
+      eventSource.addEventListener('mesh-failure-mode-alert', (e) => {
+        try {
+          const alert = JSON.parse(e.data);
+          appendMeshAlert(alert);
+        } catch (err) { console.error('mesh alert render failed', err); }
+      });
+      eventSource.addEventListener('mesh-post-recovery-prompt', (e) => {
+        try {
+          const prompt = JSON.parse(e.data);
+          renderMeshPostRecoveryPrompt(prompt);
+        } catch (err) { console.error('mesh post-recovery render failed', err); }
+      });
+
       eventSource.onerror = () => {
         console.error('SSE error');
         setTimeout(setupSSE, 5000);
       };
     }
 
+    // \u2500\u2500 Mesh Health rendering (WP-MVP-3 Follow-up #3) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+    function renderMeshHealth(snap) {
+      const updatedAt = document.getElementById('mesh-health-updated-at');
+      const rows = document.getElementById('mesh-health-rows');
+      if (!rows || !snap) return;
+      if (updatedAt) updatedAt.textContent = formatTime(snap.generated_at);
+      const nodes = Array.isArray(snap.nodes) ? snap.nodes : [];
+      if (nodes.length === 0) {
+        rows.innerHTML = '<div class="empty-state">No mesh nodes seen yet.</div>';
+        return;
+      }
+      rows.innerHTML = nodes.map((n) => {
+        const flags = (n.flags || []).map((f) => '<span class="mesh-flag">' + esc(f) + '</span>').join(' ');
+        return '<div class="mesh-row" data-rollup="' + esc(n.rollup) + '">' +
+          '<span class="mesh-node-id">' + esc(n.node_id) + '</span>' +
+          '<span class="mesh-presence">' + esc(n.presence) + '</span>' +
+          '<span class="mesh-rollup">' + esc(n.rollup) + '</span>' +
+          '<span class="mesh-flags">' + flags + '</span>' +
+        '</div>';
+      }).join('');
+      const alertsBox = document.getElementById('mesh-health-alerts');
+      if (alertsBox && Array.isArray(snap.open_alerts)) {
+        alertsBox.innerHTML = snap.open_alerts.map((a) =>
+          '<div class="mesh-alert" data-mode="' + esc(a.mode) + '">' +
+          '<div class="mesh-alert-mode">' + esc(a.mode) + ' \u2014 ' + esc(a.target_node) + '</div>' +
+          '<div class="mesh-alert-message">' + esc(a.message) + '</div>' +
+          '</div>'
+        ).join('');
+      }
+    }
+
+    function appendMeshAlert(alert) {
+      const alertsBox = document.getElementById('mesh-health-alerts');
+      if (!alertsBox || !alert) return;
+      const html = '<div class="mesh-alert" data-mode="' + esc(alert.mode) + '">' +
+        '<div class="mesh-alert-mode">' + esc(alert.mode) + ' \u2014 ' + esc(alert.target_node) + '</div>' +
+        '<div class="mesh-alert-message">' + esc(alert.message) + '</div>' +
+        '</div>';
+      alertsBox.insertAdjacentHTML('afterbegin', html);
+    }
+
+    function renderMeshPostRecoveryPrompt(prompt) {
+      const box = document.getElementById('mesh-post-recovery-prompt');
+      if (!box || !prompt) return;
+      box.style.display = 'block';
+      const creds = Array.isArray(prompt.credentials) ? prompt.credentials : [];
+      box.innerHTML = '<div class="mesh-rotation-banner">' +
+        '<strong>Post-rotation hygiene:</strong> we just rotated your fortress root key. ' +
+        'Rotate externally-scoped broker credentials that third parties may still associate with ' +
+        'the pre-rotation key material.' +
+        '</div>' +
+        '<ul class="mesh-rotation-list">' +
+        creds.map((c) => '<li>' +
+          '<span class="mesh-cred-name">' + esc(c.secret_name) + '</span>' +
+          '<button class="mesh-cred-rotate" data-secret="' + esc(c.secret_name) + '">' +
+          'rotate now</button>' +
+          '</li>').join('') +
+        '</ul>';
+    }
+
     // Activity Feed
     function addActivityItem(item) {
       activityLog.unshift(item);
@@ -7822,7 +7940,13 @@ function generateDashboardHTML(options) {
 
     // Initialize
     async function initialize() {
-      if (!AUTH_TOKEN) {
+      // v0.10.6: gate on BOTH sessionStorage and the server-baked loopback
+      // auto-auth mirror. Pre-fix, a fresh loopback tab had empty
+      // sessionStorage.authToken AND was admitted by the server via
+      // _autoAuthLocalhost \u2014 this single-operand gate redirected to '/'
+      // which reloaded the same page, which redirected again, infinitely.
+      // See generateDashboardHTML() header comment for full threat model.
+      if (!AUTH_TOKEN && !LOOPBACK_AUTH) {
         redirectToLogin();
         return;
       }
@@ -8867,7 +8991,11 @@ var init_dashboard = __esm({
         this.sessionTTLMs = isLocalhost ? SESSION_TTL_LOCAL_MS : SESSION_TTL_REMOTE_MS;
         this.dashboardHTML = generateDashboardHTML({
           timeoutSeconds: config.timeout_seconds,
-          serverVersion: SANCTUARY_VERSION
+          serverVersion: SANCTUARY_VERSION,
+          // Construction-time default; real value is set by setAutoAuthLocalhost()
+          // below (which regenerates this HTML). Default false preserves the
+          // pre-v0.10.6 remote-deployment behavior when auto-auth is not enabled.
+          loopbackAutoAuth: this._autoAuthLocalhost
         });
         this.loginHTML = generateLoginHTML({ serverVersion: SANCTUARY_VERSION });
         this.sessionCleanupTimer = setInterval(() => this.cleanupSessions(), 6e4);
@@ -8903,6 +9031,11 @@ var init_dashboard = __esm({
        */
       setAutoAuthLocalhost(enabled) {
         this._autoAuthLocalhost = enabled;
+        this.dashboardHTML = generateDashboardHTML({
+          timeoutSeconds: this.config.timeout_seconds,
+          serverVersion: SANCTUARY_VERSION,
+          loopbackAutoAuth: this._autoAuthLocalhost
+        });
       }
       /**
        * v0.10.2: is this request from a loopback interface? We treat the
@@ -9787,6 +9920,27 @@ data: ${JSON.stringify(data)}
       broadcastProtectionStatus(data) {
         this.broadcastSSE("protection-status", data);
       }
+      // ── Mesh-health surface (WP-MVP-3 Follow-up #3) ─────────────────────
+      //
+      // The federation FailureModeDetector pushes per-tick health snapshots and
+      // per-detection alerts here; the existing /events SSE channel transports
+      // them to the browser. No new transport.
+      //
+      // Spec §8 + §9. Spawn-prompt acceptance criterion 7: "Mesh Health dashboard
+      // panel renders via existing SSE /events channel — no new transport. Every
+      // state transition produces an observable SSE event."
+      /** Push a Mesh Health snapshot (full re-render trigger on the client). */
+      broadcastMeshHealth(snapshot) {
+        this.broadcastSSE("mesh-health", snapshot);
+      }
+      /** Push a single failure-mode alert (incremental client update). */
+      broadcastMeshFailureModeAlert(alert) {
+        this.broadcastSSE("mesh-failure-mode-alert", alert);
+      }
+      /** Push a post-recovery prompt update (master rotation hygiene flow). */
+      broadcastMeshPostRecoveryPrompt(prompt) {
+        this.broadcastSSE("mesh-post-recovery-prompt", prompt);
+      }
       /**
        * Open a URL in the system's default browser.
        * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
@@ -13183,7 +13337,7 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const canonicalBytes = canonicalize(outcome);
   const canonicalString = new TextDecoder().decode(canonicalBytes);
-  const sha2566 = createCommitment(canonicalString);
+  const sha2568 = createCommitment(canonicalString);
   let pedersenData;
   if (includePedersen && Number.isInteger(outcome.rounds) && outcome.rounds >= 0) {
     const pedersen = createPedersenCommitment(outcome.rounds);
@@ -13195,7 +13349,7 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   const commitmentPayload = {
     bridge_commitment_id: commitmentId,
     session_id: outcome.session_id,
-    sha256_commitment: sha2566.commitment,
+    sha256_commitment: sha2568.commitment,
     terms_hash: outcome.terms_hash,
     committer_did: identity.did,
     committed_at: now,
@@ -13206,8 +13360,8 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   return {
     bridge_commitment_id: commitmentId,
     session_id: outcome.session_id,
-    sha256_commitment: sha2566.commitment,
-    blinding_factor: sha2566.blinding_factor,
+    sha256_commitment: sha2568.commitment,
+    blinding_factor: sha2568.blinding_factor,
     committer_did: identity.did,
     signature: toBase64url(signature),
     pedersen_commitment: pedersenData,
@@ -22052,7 +22206,13 @@ function l3Card(l3) {
   );
 }
 function l4Card(l4) {
-  const score = l4.score != null ? `<div class="score-block"><span class="score-value">${escHtml2(l4.score)}</span><span class="score-label">Verascore</span></div>` : `<div class="claim-block">${escHtml2(l4.claim_cta ?? "Claim your profile at verascore.ai")}</div>`;
+  let score;
+  if (l4.score != null) {
+    score = `<div class="score-block"><span class="score-value">${escHtml2(l4.score)}</span><span class="score-label">Verascore</span></div>`;
+  } else {
+    const claimText = l4.claim_cta ?? "Claim your profile at verascore.ai";
+    score = `<div class="claim-block"><a class="claim-link" href="${VERASCORE_CLAIM_URL}" target="_blank" rel="noopener noreferrer">${escHtml2(claimText)}</a></div>`;
+  }
   return layerCard(
     l4,
     `<div class="layer-cta">${score}</div>${l4EvidenceBlock(l4)}`
@@ -22714,221 +22874,1349 @@ details.audit-details .audit-filters { display: flex; gap: 6px; padding: 0 18px
 </body>
 </html>`;
 }
-var HERO_COPY;
+var HERO_COPY, VERASCORE_CLAIM_URL;
 var init_html = __esm({
   "src/dashboard/html.ts"() {
     init_multi_html();
     HERO_COPY = "Your agent is protected.";
+    VERASCORE_CLAIM_URL = "https://www.verascore.ai";
   }
 });
 
-// src/dashboard/api.ts
-function constantTimeEquals(a, b) {
-  if (a.length !== b.length) return false;
-  let diff = 0;
-  for (let i = 0; i < a.length; i++) {
-    diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
-  }
-  return diff === 0;
+// src/policy-engine/constants.ts
+function isPolicySlot(value) {
+  return typeof value === "string" && POLICY_SLOTS.includes(value);
 }
-function extractToken(req, url) {
-  const header = req.headers.authorization;
-  if (header && header.startsWith("Bearer ")) {
-    return header.slice(7).trim();
+var COMPILED_POLICY_SCHEMA_VERSION, POLICY_UPDATE_EVENT_TYPE, POLICY_SLOTS, CHANNEL_TEMPLATE_IDS, BUDGET_UNITS;
+var init_constants = __esm({
+  "src/policy-engine/constants.ts"() {
+    COMPILED_POLICY_SCHEMA_VERSION = "0.1";
+    POLICY_UPDATE_EVENT_TYPE = "policy_update";
+    POLICY_SLOTS = [
+      "memory",
+      "credentials",
+      "plans",
+      "outputs"
+    ];
+    CHANNEL_TEMPLATE_IDS = [
+      "read-outputs-only",
+      "bidirectional-sync",
+      "credential-share-scoped",
+      "plan-inspect-read-only",
+      "escrow-handoff"
+    ];
+    BUDGET_UNITS = ["tokens", "usd"];
   }
-  const q = url.searchParams.get("token");
-  return q ?? null;
-}
-function isAuthorized(deps, req, url) {
-  if (!deps.authToken) return true;
-  const token = extractToken(req, url);
-  if (!token) return false;
-  return constantTimeEquals(token, deps.authToken);
-}
-function writeJSON(res, status, payload) {
-  res.writeHead(status, {
-    "Content-Type": "application/json",
-    "Cache-Control": "no-store"
-  });
-  res.end(JSON.stringify(payload));
-}
-function writeText(res, status, body, contentType = "text/plain") {
-  res.writeHead(status, {
-    "Content-Type": contentType,
-    "Cache-Control": "no-store"
-  });
-  res.end(body);
+});
+function isTemplateName(value) {
+  return typeof value === "string" && TEMPLATE_NAMES.includes(value);
 }
-async function handleRequest(deps, req, res) {
-  const host = req.headers.host || "localhost";
-  const url = new URL(req.url ?? "/", `http://${host}`);
-  const method = (req.method ?? "GET").toUpperCase();
-  const path = url.pathname;
-  if (!isAuthorized(deps, req, url)) {
-    writeJSON(res, 401, { error: "unauthorized" });
-    return true;
+function validateMetadata(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "template.json must be an object");
   }
-  if (method === "GET" && path === "/api/health") {
-    writeJSON(res, 200, { ok: true, mode: deps.sources.mode });
-    return true;
+  const d = data;
+  if (typeof d.name !== "string" || d.name !== name) {
+    throw new TemplateValidationError(name, `template.json name must be "${name}"`);
   }
-  if (method === "GET" && (path === "/" || path === "/index.html")) {
-    const snapshot = await getProtectionSnapshot(deps.sources);
-    const html = renderDashboardHTML({ snapshot, authToken: deps.authToken });
-    writeText(res, 200, html, "text/html; charset=utf-8");
-    return true;
+  if (typeof d.version !== "string" || !/^\d+\.\d+\.\d+$/.test(d.version)) {
+    throw new TemplateValidationError(name, "template.json version must be semver");
   }
-  if (method === "GET" && path === "/api/snapshot") {
-    const snapshot = await getProtectionSnapshot(deps.sources);
-    writeJSON(res, 200, snapshot);
-    return true;
+  if (typeof d.channel !== "string" || !CHANNEL_TEMPLATE_IDS.includes(d.channel)) {
+    throw new TemplateValidationError(
+      name,
+      `template.json channel must be one of: ${CHANNEL_TEMPLATE_IDS.join(", ")}`
+    );
   }
-  const approvalMatch = /^\/api\/approvals\/([^/]+)\/(allow|deny)$/.exec(path);
-  if (method === "POST" && approvalMatch) {
-    const id = decodeURIComponent(approvalMatch[1]);
-    const action = approvalMatch[2];
-    if (!deps.approvals) {
-      writeJSON(res, 503, { error: "approvals_unavailable" });
-      return true;
+  if (typeof d.tier !== "string" || !["A", "B", "C"].includes(d.tier)) {
+    throw new TemplateValidationError(name, "template.json tier must be A, B, or C");
+  }
+  if (typeof d.target_archetype !== "string" || d.target_archetype.length === 0) {
+    throw new TemplateValidationError(name, "template.json target_archetype must be a non-empty string");
+  }
+  if (typeof d.description !== "string" || d.description.length === 0) {
+    throw new TemplateValidationError(name, "template.json description must be a non-empty string");
+  }
+}
+function validateDefaults(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "defaults.json must be an object");
+  }
+  const d = data;
+  if (!Array.isArray(d.egress)) {
+    throw new TemplateValidationError(name, "defaults.json egress must be an array");
+  }
+  for (const entry of d.egress) {
+    if (typeof entry !== "object" || entry === null) {
+      throw new TemplateValidationError(name, "defaults.json egress entry must be an object");
     }
-    const handler = action === "allow" ? deps.approvals.allow : deps.approvals.deny;
-    try {
-      const ok2 = await handler(id);
-      writeJSON(res, ok2 ? 200 : 404, { id, action, ok: ok2 });
-    } catch (err) {
-      writeJSON(res, 500, { error: "approval_failed", message: err.message });
+    const e = entry;
+    if (typeof e.destination !== "string" || e.destination.length === 0) {
+      throw new TemplateValidationError(name, "egress entry destination must be a non-empty string");
+    }
+    if (!Array.isArray(e.methods)) {
+      throw new TemplateValidationError(name, "egress entry methods must be an array");
     }
-    return true;
   }
-  if (method === "GET" && path === "/api/stream") {
-    await handleStream(deps, res);
-    return true;
+  if (typeof d.budgets !== "object" || d.budgets === null) {
+    throw new TemplateValidationError(name, "defaults.json budgets must be an object");
+  }
+  if (typeof d.retention !== "object" || d.retention === null) {
+    throw new TemplateValidationError(name, "defaults.json retention must be an object");
+  }
+  const ret = d.retention;
+  if (typeof ret.windows !== "object" || ret.windows === null) {
+    throw new TemplateValidationError(name, "defaults.json retention.windows must be an object");
   }
-  return false;
 }
-async function handleStream(deps, res) {
-  res.writeHead(200, {
-    "Content-Type": "text/event-stream",
-    "Cache-Control": "no-cache, no-transform",
-    Connection: "keep-alive",
-    "X-Accel-Buffering": "no"
-  });
-  const snapshot = await getProtectionSnapshot(deps.sources);
-  res.write(`event: snapshot
-data: ${JSON.stringify(snapshot)}
-
-`);
-  const unsubscribe = deps.onEvent ? deps.onEvent((event) => {
-    try {
-      res.write(`event: ${event.type}
-data: ${JSON.stringify(event.data)}
-
-`);
-    } catch {
+function validateCommitments(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "commitments.json must be an object");
+  }
+  const d = data;
+  if (!Array.isArray(d.shapes)) {
+    throw new TemplateValidationError(name, "commitments.json shapes must be an array");
+  }
+  for (const shape of d.shapes) {
+    if (typeof shape !== "object" || shape === null) {
+      throw new TemplateValidationError(name, "commitment shape must be an object");
     }
-  }) : () => {
-  };
-  const keepAlive = setInterval(() => {
-    try {
-      res.write(": keepalive\n\n");
-    } catch {
+    const s = shape;
+    if (typeof s.commitment_class !== "string" || s.commitment_class.length === 0) {
+      throw new TemplateValidationError(name, "commitment shape commitment_class must be a non-empty string");
     }
-  }, 25e3);
-  const cleanup = () => {
-    clearInterval(keepAlive);
-    unsubscribe();
-  };
-  res.on("close", cleanup);
-  res.on("error", cleanup);
+    if (typeof s.example_deliverable !== "string") {
+      throw new TemplateValidationError(name, "commitment shape example_deliverable must be a string");
+    }
+    if (typeof s.example_deadline_or_terminal !== "string") {
+      throw new TemplateValidationError(name, "commitment shape example_deadline_or_terminal must be a string");
+    }
+  }
 }
-var init_api = __esm({
-  "src/dashboard/api.ts"() {
-    init_aggregator();
-    init_html();
+function lintOnboarding(_name, content) {
+  const violations = [];
+  if (content.includes("\u2014")) {
+    violations.push("onboarding.md contains em-dashes (U+2014). Replace with commas, semicolons, colons, or parentheses.");
   }
-});
-async function startDashboardServer(options) {
-  const port = options.port ?? DEFAULT_PORT;
-  const host = options.host ?? DEFAULT_HOST;
-  const listeners = /* @__PURE__ */ new Set();
-  const onEvent = (listener) => {
-    listeners.add(listener);
-    return () => listeners.delete(listener);
-  };
-  const publish = (event) => {
-    for (const listener of listeners) {
-      try {
-        listener(event);
-      } catch {
-      }
-    }
-  };
-  const deps = {
-    sources: options.sources,
-    authToken: options.authToken,
-    approvals: options.approvals,
-    onEvent
+  if (content.includes("\u2013")) {
+    violations.push("onboarding.md contains en-dashes (U+2013). Replace with hyphens or other punctuation.");
+  }
+  return { clean: violations.length === 0, violations };
+}
+function resolveTemplatesDir() {
+  const thisFile = url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.cjs', document.baseURI).href)));
+  const thisDir = path.dirname(thisFile);
+  if (thisDir.includes("/dist/")) {
+    return thisDir.replace("/dist/templates", "/src/templates");
+  }
+  return thisDir;
+}
+function loadTemplateBundle(name, templatesDir) {
+  const dir = path.join(templatesDir, name);
+  if (!fs.existsSync(dir) || !fs.statSync(dir).isDirectory()) {
+    throw new TemplateValidationError(name, `template directory not found: ${dir}`);
+  }
+  const metadataRaw = JSON.parse(fs.readFileSync(path.join(dir, "template.json"), "utf-8"));
+  validateMetadata(name, metadataRaw);
+  const policyEnglish = fs.readFileSync(path.join(dir, "policy.md"), "utf-8").trim();
+  if (policyEnglish.length === 0) {
+    throw new TemplateValidationError(name, "policy.md must not be empty");
+  }
+  const defaultsRaw = JSON.parse(fs.readFileSync(path.join(dir, "defaults.json"), "utf-8"));
+  validateDefaults(name, defaultsRaw);
+  const commitmentsRaw = JSON.parse(fs.readFileSync(path.join(dir, "commitments.json"), "utf-8"));
+  validateCommitments(name, commitmentsRaw);
+  const onboarding = fs.readFileSync(path.join(dir, "onboarding.md"), "utf-8").trim();
+  if (onboarding.length === 0) {
+    throw new TemplateValidationError(name, "onboarding.md must not be empty");
+  }
+  const lint = lintOnboarding(name, onboarding);
+  if (!lint.clean) {
+    throw new TemplateValidationError(name, lint.violations.join("; "));
+  }
+  return {
+    metadata: metadataRaw,
+    policy_english: policyEnglish,
+    defaults: defaultsRaw,
+    commitments: commitmentsRaw,
+    onboarding
   };
-  const server = http.createServer(async (req, res) => {
-    try {
-      const served = await handleRequest(deps, req, res);
-      if (!served) {
-        res.writeHead(404, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "not_found", path: req.url }));
-      }
-    } catch (err) {
-      try {
-        res.writeHead(500, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "internal", message: err.message }));
-      } catch {
-      }
-    }
+}
+function ensureLoaded() {
+  if (_cache) return _cache;
+  _cache = /* @__PURE__ */ new Map();
+  const dir = resolveTemplatesDir();
+  for (const name of TEMPLATE_NAMES) {
+    _cache.set(name, loadTemplateBundle(name, dir));
+  }
+  return _cache;
+}
+function listTemplates() {
+  const cache = ensureLoaded();
+  return TEMPLATE_NAMES.map((name) => {
+    const bundle = cache.get(name);
+    return {
+      metadata: bundle.metadata,
+      onboarding: bundle.onboarding
+    };
   });
-  await new Promise((resolve2, reject) => {
-    server.once("error", reject);
-    server.listen(port, host, () => {
-      server.off("error", reject);
-      resolve2();
-    });
+}
+function getTemplate2(name) {
+  if (!isTemplateName(name)) return null;
+  const cache = ensureLoaded();
+  return cache.get(name) ?? null;
+}
+function getTemplateEntry(name) {
+  const bundle = getTemplate2(name);
+  if (!bundle) return null;
+  return { metadata: bundle.metadata, onboarding: bundle.onboarding };
+}
+var TEMPLATE_NAMES, TemplateValidationError, _cache;
+var init_registry2 = __esm({
+  "src/templates/registry.ts"() {
+    init_constants();
+    TEMPLATE_NAMES = [
+      "research-assistant",
+      "coding-assistant",
+      "ops-runner",
+      "planner",
+      "handoff-coordinator",
+      "x-miner",
+      "github-miner"
+    ];
+    TemplateValidationError = class extends Error {
+      constructor(templateName, message) {
+        super(`template "${templateName}": ${message}`);
+        this.name = "TemplateValidationError";
+      }
+    };
+    _cache = null;
+  }
+});
+
+// src/policy-engine/null-policy.ts
+function buildNullPolicy(params) {
+  const denyRule = (slot) => ({
+    slot,
+    mode: "deny",
+    grants: []
   });
-  const actualPort = (() => {
-    const addr = server.address();
-    if (addr && typeof addr === "object") return addr.port;
-    return port;
-  })();
-  const url = `http://${host}:${actualPort}`;
   return {
-    url,
-    port: actualPort,
-    host,
-    stop: () => new Promise((resolve2, reject) => {
-      server.close((err) => err ? reject(err) : resolve2());
-    }),
-    publish,
-    publishActivity: (entry) => publish({ type: "activity", data: entry }),
-    publishApproval: (approval) => publish({ type: "approval", data: approval })
+    schema_version: "0.1",
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id,
+    policy_version: 0,
+    slots: {
+      memory: denyRule("memory"),
+      credentials: denyRule("credentials"),
+      plans: denyRule("plans"),
+      outputs: denyRule("outputs")
+    },
+    capabilities: {
+      concordia_commitment_classes: [],
+      honeypot_skill_ids: [],
+      is_sentinel: false
+    },
+    auto_trigger_ladder: {
+      honeypot_auto_freeze: true,
+      threshold_rule_action: "operator_approved",
+      ml_anomaly_action: "operator_approved"
+    },
+    source_english: "(null policy \u2014 no operator authoring yet; hermetic default denies all four slots)",
+    compiled_at: "1970-01-01T00:00:00.000Z"
   };
 }
-var DEFAULT_PORT, DEFAULT_HOST;
-var init_server = __esm({
-  "src/dashboard/server.ts"() {
-    init_api();
-    DEFAULT_PORT = 3501;
-    DEFAULT_HOST = "127.0.0.1";
+var init_null_policy = __esm({
+  "src/policy-engine/null-policy.ts"() {
   }
 });
 
-// src/dashboard/index.ts
-async function startDashboard(options) {
-  const activity = options.initialActivity ? [...options.initialActivity] : [];
-  const pending = options.initialPendingApprovals ? [...options.initialPendingApprovals] : [];
-  const sources = {
-    mode: options.mode,
-    server_version: options.serverVersion,
-    ...options.auditLog ? { auditLog: options.auditLog } : {},
-    ...options.identityManager ? { identityManager: options.identityManager } : {},
-    ...options.clientManager ? { clientManager: options.clientManager } : {},
-    ...options.baseline ? { baseline: options.baseline } : {},
+// src/policy-engine/channel-templates.ts
+function basePolicy(params) {
+  if (params.merge_into) {
+    const p2 = {
+      ...params.merge_into,
+      policy_version: params.policy_version,
+      compiled_at: (/* @__PURE__ */ new Date()).toISOString(),
+      slots: {
+        memory: cloneRule(params.merge_into.slots.memory),
+        credentials: cloneRule(params.merge_into.slots.credentials),
+        plans: cloneRule(params.merge_into.slots.plans),
+        outputs: cloneRule(params.merge_into.slots.outputs)
+      },
+      capabilities: {
+        ...params.merge_into.capabilities,
+        concordia_commitment_classes: [
+          ...params.merge_into.capabilities.concordia_commitment_classes
+        ],
+        honeypot_skill_ids: [...params.merge_into.capabilities.honeypot_skill_ids]
+      },
+      auto_trigger_ladder: { ...params.merge_into.auto_trigger_ladder }
+    };
+    if (params.parent_version !== void 0) p2.parent_version = params.parent_version;
+    else delete p2.parent_version;
+    return p2;
+  }
+  const p = buildNullPolicy({
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id
+  });
+  p.policy_version = params.policy_version;
+  p.compiled_at = (/* @__PURE__ */ new Date()).toISOString();
+  if (params.parent_version !== void 0) p.parent_version = params.parent_version;
+  return p;
+}
+function cloneRule(r) {
+  return {
+    slot: r.slot,
+    mode: r.mode,
+    grants: r.grants.map((g) => ({ ...g, scope: g.scope ? { ...g.scope } : void 0 }))
+  };
+}
+function grantOn(policy, slot, grant) {
+  const rule = policy.slots[slot];
+  rule.mode = "grant";
+  const dup = rule.grants.find(
+    (g) => g.counterparty === grant.counterparty && g.action === grant.action
+  );
+  if (dup) {
+    if (grant.scope) {
+      dup.scope = { ...dup.scope ?? {}, ...grant.scope };
+    }
+    return;
+  }
+  rule.grants.push(grant);
+  rule.grants.sort((a, b) => {
+    if (a.counterparty === b.counterparty) return a.action.localeCompare(b.action);
+    return a.counterparty.localeCompare(b.counterparty);
+  });
+}
+function applyChannelTemplate(id, params) {
+  const entry = REGISTRY[id];
+  if (!entry) {
+    throw new Error(`unknown channel template: ${id}`);
+  }
+  return entry.factory(params);
+}
+var readOutputsOnly, bidirectionalSync, credentialShareScoped, planInspectReadOnly, escrowHandoff, REGISTRY;
+var init_channel_templates = __esm({
+  "src/policy-engine/channel-templates.ts"() {
+    init_constants();
+    init_null_policy();
+    readOutputsOnly = (params) => {
+      const p = basePolicy(params);
+      p.source_english = `${params.counterparty} may read ${params.agent_id}'s outputs \u2014 read-only, no other access.`;
+      grantOn(p, "outputs", {
+        counterparty: params.counterparty,
+        action: "read",
+        ...params.scope ? { scope: { ...params.scope } } : {}
+      });
+      return p;
+    };
+    bidirectionalSync = (params) => {
+      const p = basePolicy(params);
+      p.source_english = `Bidirectional sync between ${params.agent_id} and ${params.counterparty} on memory + outputs.`;
+      for (const slot of ["memory", "outputs"]) {
+        for (const action of ["read", "subscribe"]) {
+          grantOn(p, slot, {
+            counterparty: params.counterparty,
+            action,
+            ...params.scope ? { scope: { ...params.scope } } : {}
+          });
+        }
+      }
+      return p;
+    };
+    credentialShareScoped = (params) => {
+      const p = basePolicy(params);
+      const credentialId = (params.scope && typeof params.scope.credential_id === "string" ? params.scope.credential_id : void 0) ?? "(unspecified)";
+      p.source_english = `${params.agent_id} may share credential "${credentialId}" with ${params.counterparty}; no other credential access.`;
+      grantOn(p, "credentials", {
+        counterparty: params.counterparty,
+        action: "share",
+        scope: {
+          credential_id: credentialId,
+          ...params.scope ?? {}
+        }
+      });
+      return p;
+    };
+    planInspectReadOnly = (params) => {
+      const p = basePolicy(params);
+      p.source_english = `${params.counterparty} may read-only inspect ${params.agent_id}'s plans.`;
+      grantOn(p, "plans", {
+        counterparty: params.counterparty,
+        action: "read",
+        ...params.scope ? { scope: { ...params.scope } } : {}
+      });
+      return p;
+    };
+    escrowHandoff = (params) => {
+      const p = basePolicy(params);
+      p.source_english = `${params.agent_id} may escrow-handoff outputs and plan-read to ${params.counterparty}. Commitment class: intra-mesh-escrow.`;
+      grantOn(p, "plans", {
+        counterparty: params.counterparty,
+        action: "read",
+        ...params.scope ? { scope: { ...params.scope } } : {}
+      });
+      for (const action of ["read", "subscribe"]) {
+        grantOn(p, "outputs", {
+          counterparty: params.counterparty,
+          action,
+          ...params.scope ? { scope: { ...params.scope } } : {}
+        });
+      }
+      const cls = "intra-mesh-escrow";
+      if (!p.capabilities.concordia_commitment_classes.includes(cls)) {
+        p.capabilities.concordia_commitment_classes.push(cls);
+        p.capabilities.concordia_commitment_classes.sort();
+      }
+      return p;
+    };
+    REGISTRY = {
+      "read-outputs-only": {
+        id: "read-outputs-only",
+        label: "Read outputs only",
+        description: "Counterparty may read this agent's outputs. No memory, credentials, or plans access.",
+        factory: readOutputsOnly
+      },
+      "bidirectional-sync": {
+        id: "bidirectional-sync",
+        label: "Bidirectional memory + output sync",
+        description: "Both agents may read and subscribe to each other's memory and outputs. Credentials and plans remain hermetic.",
+        factory: bidirectionalSync
+      },
+      "credential-share-scoped": {
+        id: "credential-share-scoped",
+        label: "Scoped credential share",
+        description: "Share one specific credential with counterparty. Requires scope.credential_id. No broad credential access.",
+        factory: credentialShareScoped
+      },
+      "plan-inspect-read-only": {
+        id: "plan-inspect-read-only",
+        label: "Plan inspect (read-only)",
+        description: "Counterparty may read-only inspect this agent's plans. Intended for supervisor / sentinel patterns.",
+        factory: planInspectReadOnly
+      },
+      "escrow-handoff": {
+        id: "escrow-handoff",
+        label: "Escrow handoff",
+        description: "Escrow-style handoff. Counterparty reads plan, reads + subscribes to outputs, and the intra-mesh-escrow commitment class is declared. Memory and credentials remain hermetic.",
+        factory: escrowHandoff
+      }
+    };
+  }
+});
+
+// src/mesh/errors.ts
+var MeshError, MeshEnvelopeError, MeshReservedExtensionKeyError, MeshReservedEventTypeError;
+var init_errors = __esm({
+  "src/mesh/errors.ts"() {
+    MeshError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "MeshError";
+      }
+    };
+    MeshEnvelopeError = class extends MeshError {
+      constructor(message) {
+        super(message);
+        this.name = "MeshEnvelopeError";
+      }
+    };
+    MeshReservedExtensionKeyError = class extends MeshEnvelopeError {
+      constructor(key) {
+        super(
+          `v0.1 emitters MUST NOT populate reserved extension_envelope key: ${key}`
+        );
+        this.name = "MeshReservedExtensionKeyError";
+      }
+    };
+    MeshReservedEventTypeError = class extends MeshEnvelopeError {
+      constructor(eventType) {
+        super(
+          `v0.1 emitters MUST NOT emit reserved-namespace event_type: ${eventType}`
+        );
+        this.name = "MeshReservedEventTypeError";
+      }
+    };
+  }
+});
+
+// src/mesh/canonical-json.ts
+function canonicalize2(value) {
+  if (value === void 0) {
+    throw new MeshCanonicalJsonError(
+      "canonicalize(): top-level undefined is not serializable"
+    );
+  }
+  return encode(value);
+}
+function encode(value) {
+  if (value === null) return "null";
+  if (typeof value === "boolean") return value ? "true" : "false";
+  if (typeof value === "number") {
+    if (!Number.isFinite(value)) {
+      throw new MeshCanonicalJsonError(
+        `canonicalize(): non-finite number (${String(value)}) is not serializable`
+      );
+    }
+    return JSON.stringify(value);
+  }
+  if (typeof value === "string") return JSON.stringify(value);
+  if (Array.isArray(value)) return encodeArray(value);
+  if (typeof value === "object") return encodeObject(value);
+  throw new MeshCanonicalJsonError(
+    `canonicalize(): unsupported type ${typeof value}`
+  );
+}
+function encodeArray(arr) {
+  const parts = [];
+  for (const item of arr) {
+    parts.push(item === void 0 ? "null" : encode(item));
+  }
+  return "[" + parts.join(",") + "]";
+}
+function encodeObject(obj) {
+  const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+  const parts = [];
+  for (const k of keys) {
+    parts.push(JSON.stringify(k) + ":" + encode(obj[k]));
+  }
+  return "{" + parts.join(",") + "}";
+}
+function canonicalizeToBytes(value) {
+  return new TextEncoder().encode(canonicalize2(value));
+}
+var MeshCanonicalJsonError;
+var init_canonical_json = __esm({
+  "src/mesh/canonical-json.ts"() {
+    init_errors();
+    MeshCanonicalJsonError = class extends MeshError {
+      constructor(message) {
+        super(message);
+        this.name = "MeshCanonicalJsonError";
+      }
+    };
+  }
+});
+
+// src/policy-engine/errors.ts
+var PolicyEngineError, CompiledPolicyShapeError;
+var init_errors2 = __esm({
+  "src/policy-engine/errors.ts"() {
+    PolicyEngineError = class extends Error {
+      constructor(message) {
+        super(message);
+        this.name = "PolicyEngineError";
+      }
+    };
+    CompiledPolicyShapeError = class extends PolicyEngineError {
+      constructor(message) {
+        super(message);
+        this.name = "CompiledPolicyShapeError";
+      }
+    };
+  }
+});
+
+// src/policy-engine/canonical-policy.ts
+function checkSlotGrant(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path}: grant must be an object`);
+  }
+  const g = value;
+  if (typeof g.counterparty !== "string" || g.counterparty.length === 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}.counterparty must be a non-empty string`
+    );
+  }
+  if (typeof g.action !== "string" || g.action.length === 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}.action must be a non-empty string`
+    );
+  }
+  if (g.scope !== void 0) {
+    if (typeof g.scope !== "object" || g.scope === null || Array.isArray(g.scope)) {
+      throw new CompiledPolicyShapeError(
+        `${path}.scope must be an object when present`
+      );
+    }
+  }
+  if (g.max_uses_per_day !== void 0) {
+    if (typeof g.max_uses_per_day !== "number" || !Number.isInteger(g.max_uses_per_day) || g.max_uses_per_day < 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.max_uses_per_day must be a non-negative integer when present`
+      );
+    }
+  }
+}
+function checkSlotRule(slot, value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path}: slot rule must be an object`);
+  }
+  const r = value;
+  if (r.slot !== slot) {
+    throw new CompiledPolicyShapeError(
+      `${path}.slot expected ${slot}, got ${String(r.slot)}`
+    );
+  }
+  if (r.mode !== "deny" && r.mode !== "grant") {
+    throw new CompiledPolicyShapeError(
+      `${path}.mode must be "deny" or "grant"`
+    );
+  }
+  if (!Array.isArray(r.grants)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.grants must be an array (possibly empty)`
+    );
+  }
+  if (r.mode === "deny" && r.grants.length > 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}: deny-mode slot rule must carry zero grants`
+    );
+  }
+  r.grants.forEach((g, i) => checkSlotGrant(g, `${path}.grants[${i}]`));
+}
+function validateCompiledPolicyShape(candidate) {
+  if (typeof candidate !== "object" || candidate === null) {
+    throw new CompiledPolicyShapeError("compiled policy must be an object");
+  }
+  const p = candidate;
+  if (p.schema_version !== COMPILED_POLICY_SCHEMA_VERSION) {
+    throw new CompiledPolicyShapeError(
+      `schema_version ${String(p.schema_version)} not supported at v0.1 (expected "${COMPILED_POLICY_SCHEMA_VERSION}")`
+    );
+  }
+  if (typeof p.agent_id !== "string" || p.agent_id.length === 0) {
+    throw new CompiledPolicyShapeError("agent_id must be a non-empty string");
+  }
+  if (typeof p.fortress_id !== "string" || p.fortress_id.length === 0) {
+    throw new CompiledPolicyShapeError(
+      "fortress_id must be a non-empty string"
+    );
+  }
+  if (typeof p.policy_version !== "number" || !Number.isInteger(p.policy_version) || p.policy_version < 0) {
+    throw new CompiledPolicyShapeError(
+      "policy_version must be a non-negative integer"
+    );
+  }
+  if (p.parent_version !== void 0 && (typeof p.parent_version !== "number" || !Number.isInteger(p.parent_version) || p.parent_version < 0)) {
+    throw new CompiledPolicyShapeError(
+      "parent_version must be a non-negative integer when present"
+    );
+  }
+  if (typeof p.slots !== "object" || p.slots === null) {
+    throw new CompiledPolicyShapeError("slots must be an object");
+  }
+  const slots = p.slots;
+  const slotKeys = Object.keys(slots).sort();
+  const expectedSlotKeys = [...POLICY_SLOTS].sort();
+  if (slotKeys.length !== expectedSlotKeys.length || !slotKeys.every((k, i) => k === expectedSlotKeys[i])) {
+    throw new CompiledPolicyShapeError(
+      `slots must contain exactly ${expectedSlotKeys.join(", ")}; got ${slotKeys.join(", ") || "(none)"}`
+    );
+  }
+  for (const slot of POLICY_SLOTS) {
+    checkSlotRule(slot, slots[slot], `slots.${slot}`);
+  }
+  if (typeof p.capabilities !== "object" || p.capabilities === null) {
+    throw new CompiledPolicyShapeError("capabilities must be an object");
+  }
+  const caps = p.capabilities;
+  if (!Array.isArray(caps.concordia_commitment_classes) || !caps.concordia_commitment_classes.every((c) => typeof c === "string")) {
+    throw new CompiledPolicyShapeError(
+      "capabilities.concordia_commitment_classes must be a string[]"
+    );
+  }
+  if (!Array.isArray(caps.honeypot_skill_ids) || !caps.honeypot_skill_ids.every((c) => typeof c === "string")) {
+    throw new CompiledPolicyShapeError(
+      "capabilities.honeypot_skill_ids must be a string[]"
+    );
+  }
+  if (typeof caps.is_sentinel !== "boolean") {
+    throw new CompiledPolicyShapeError(
+      "capabilities.is_sentinel must be boolean"
+    );
+  }
+  if (typeof p.auto_trigger_ladder !== "object" || p.auto_trigger_ladder === null) {
+    throw new CompiledPolicyShapeError(
+      "auto_trigger_ladder must be an object"
+    );
+  }
+  const lad = p.auto_trigger_ladder;
+  if (typeof lad.honeypot_auto_freeze !== "boolean") {
+    throw new CompiledPolicyShapeError(
+      "auto_trigger_ladder.honeypot_auto_freeze must be boolean"
+    );
+  }
+  if (lad.threshold_rule_action !== "operator_approved" && lad.threshold_rule_action !== "auto") {
+    throw new CompiledPolicyShapeError(
+      'auto_trigger_ladder.threshold_rule_action must be "operator_approved" or "auto"'
+    );
+  }
+  if (lad.ml_anomaly_action !== "operator_approved" && lad.ml_anomaly_action !== "auto") {
+    throw new CompiledPolicyShapeError(
+      'auto_trigger_ladder.ml_anomaly_action must be "operator_approved" or "auto"'
+    );
+  }
+  if (typeof p.source_english !== "string") {
+    throw new CompiledPolicyShapeError("source_english must be a string");
+  }
+  if (typeof p.compiled_at !== "string" || Number.isNaN(Date.parse(p.compiled_at))) {
+    throw new CompiledPolicyShapeError(
+      "compiled_at must be an ISO8601 timestamp string"
+    );
+  }
+  for (const key of slotKeys) {
+    if (!isPolicySlot(key)) {
+      throw new CompiledPolicyShapeError(
+        `slots.${key} is not a recognized policy slot`
+      );
+    }
+  }
+  if (p.egress !== void 0) {
+    checkEgressPolicy(p.egress, "egress");
+  }
+  if (p.budgets !== void 0) {
+    checkBudgetPolicy(p.budgets, "budgets");
+  }
+  if (p.retention !== void 0) {
+    checkRetentionPolicy(p.retention, "retention");
+  }
+}
+function checkEgressPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const eg = value;
+  if (!Array.isArray(eg.allowlist)) {
+    throw new CompiledPolicyShapeError(`${path}.allowlist must be an array`);
+  }
+  for (let i = 0; i < eg.allowlist.length; i++) {
+    const rule = eg.allowlist[i];
+    if (typeof rule !== "object" || rule === null) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}] must be an object`
+      );
+    }
+    const r = rule;
+    if (typeof r.destination !== "string" || r.destination.length === 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}].destination must be a non-empty string`
+      );
+    }
+    if (!Array.isArray(r.methods) || !r.methods.every((m) => typeof m === "string")) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}].methods must be a string[]`
+      );
+    }
+  }
+}
+function checkBudgetLimit(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const lim = value;
+  if (typeof lim.amount !== "number" || lim.amount <= 0 || !Number.isFinite(lim.amount)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.amount must be a positive finite number`
+    );
+  }
+  if (!BUDGET_UNITS.includes(lim.unit)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.unit must be one of: ${BUDGET_UNITS.join(", ")}`
+    );
+  }
+  if (lim.soft_warn_threshold !== void 0) {
+    if (typeof lim.soft_warn_threshold !== "number" || lim.soft_warn_threshold <= 0 || lim.soft_warn_threshold >= 1) {
+      throw new CompiledPolicyShapeError(
+        `${path}.soft_warn_threshold must be in (0, 1) when present`
+      );
+    }
+  }
+}
+function checkBudgetPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const bp = value;
+  if (bp.daily !== void 0) checkBudgetLimit(bp.daily, `${path}.daily`);
+  if (bp.monthly !== void 0) checkBudgetLimit(bp.monthly, `${path}.monthly`);
+  if (bp.daily === void 0 && bp.monthly === void 0) {
+    throw new CompiledPolicyShapeError(
+      `${path} must have at least one of daily or monthly`
+    );
+  }
+}
+function checkRetentionPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const rp = value;
+  if (typeof rp.windows !== "object" || rp.windows === null) {
+    throw new CompiledPolicyShapeError(`${path}.windows must be an object`);
+  }
+  const wins = rp.windows;
+  for (const key of Object.keys(wins)) {
+    if (!isPolicySlot(key)) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key} is not a recognized policy slot`
+      );
+    }
+    const w = wins[key];
+    if (typeof w !== "object" || w === null) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key} must be an object`
+      );
+    }
+    const win = w;
+    if (typeof win.max_age_seconds !== "number" || !Number.isInteger(win.max_age_seconds) || win.max_age_seconds <= 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key}.max_age_seconds must be a positive integer`
+      );
+    }
+    if (win.archive !== void 0 && typeof win.archive !== "boolean") {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key}.archive must be boolean when present`
+      );
+    }
+  }
+}
+function encodePolicyBlob(policy) {
+  validateCompiledPolicyShape(policy);
+  return toBase64url(canonicalizeToBytes(policy));
+}
+var init_canonical_policy = __esm({
+  "src/policy-engine/canonical-policy.ts"() {
+    init_canonical_json();
+    init_encoding();
+    init_constants();
+    init_errors2();
+  }
+});
+
+// src/mesh/constants.ts
+function isReservedEventType(s) {
+  return RESERVED_EVENT_TYPE_PREFIXES.some((p) => s.startsWith(p));
+}
+function isReservedExtensionKey(k) {
+  return RESERVED_EXTENSION_ENVELOPE_KEYS.includes(k);
+}
+var PROTOCOL_VERSION, RESERVED_EVENT_TYPE_PREFIXES, RESERVED_EXTENSION_ENVELOPE_KEYS;
+var init_constants2 = __esm({
+  "src/mesh/constants.ts"() {
+    PROTOCOL_VERSION = "0.1";
+    RESERVED_EVENT_TYPE_PREFIXES = [
+      "EXTENSION_",
+      "cross_fortress_",
+      "multi_master_"
+    ];
+    RESERVED_EXTENSION_ENVELOPE_KEYS = [
+      "cross_fortress_read_grant",
+      "cross_fortress_read_query",
+      "cross_fortress_read_response",
+      "multi_master_policy_merge",
+      "audit_replication_full_n_way",
+      "auto_promote_canonical_audit",
+      "agent_live_migration"
+    ];
+  }
+});
+var init_trust_root = __esm({
+  "src/mesh/trust-root.ts"() {
+    init_encoding();
+    init_identity();
+    init_random();
+    init_canonical_json();
+    init_constants2();
+    init_errors();
+  }
+});
+function packSignedEvent(params) {
+  if (isReservedEventType(params.event_type)) {
+    throw new MeshReservedEventTypeError(params.event_type);
+  }
+  const ext = params.extension_envelope ?? {};
+  for (const key of Object.keys(ext)) {
+    if (isReservedExtensionKey(key)) {
+      throw new MeshReservedExtensionKeyError(key);
+    }
+  }
+  const payloadBytes = canonicalizeToBytes(params.payload);
+  const payload_hash = toBase64url(sha256.sha256(payloadBytes));
+  const body = {
+    protocol_version: PROTOCOL_VERSION,
+    event_type: params.event_type,
+    event_id: generateEventId(),
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    fortress_id: params.fortress_id,
+    causal_parents: params.causal_parents ?? [],
+    payload: params.payload,
+    payload_hash,
+    emitted_at: (/* @__PURE__ */ new Date()).toISOString(),
+    monotonic_seq: params.monotonic_seq,
+    extension_envelope: ext
+  };
+  const bytesToSign = canonicalizeToBytes(body);
+  const nodeSig = ed25519.ed25519.sign(bytesToSign, params.node_private_key);
+  const evt = {
+    ...body,
+    node_signature: toBase64url(nodeSig)
+  };
+  if (params.principal_private_key) {
+    const principalSig = ed25519.ed25519.sign(bytesToSign, params.principal_private_key);
+    evt.principal_signature = toBase64url(principalSig);
+  }
+  return evt;
+}
+function generateEventId() {
+  const bytes = randomBytes(16);
+  let hex = "";
+  for (const b of bytes) hex += b.toString(16).padStart(2, "0");
+  return hex;
+}
+var init_envelope = __esm({
+  "src/mesh/envelope.ts"() {
+    init_encoding();
+    init_random();
+    init_canonical_json();
+    init_constants2();
+    init_errors();
+    init_trust_root();
+  }
+});
+
+// src/policy-engine/envelope.ts
+function packPolicyUpdate(params) {
+  validateCompiledPolicyShape(params.policy);
+  const blob = encodePolicyBlob(params.policy);
+  const payload = {
+    agent_id: params.policy.agent_id,
+    policy_version: params.policy.policy_version,
+    policy_blob: blob,
+    ...params.policy.parent_version !== void 0 ? { parent_version: params.policy.parent_version } : {}
+  };
+  return packSignedEvent({
+    event_type: POLICY_UPDATE_EVENT_TYPE,
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    fortress_id: params.policy.fortress_id,
+    causal_parents: params.causal_parents,
+    payload,
+    monotonic_seq: params.monotonic_seq,
+    node_private_key: params.node_private_key,
+    principal_private_key: params.principal_private_key
+  });
+}
+var init_envelope2 = __esm({
+  "src/policy-engine/envelope.ts"() {
+    init_constants();
+    init_canonical_policy();
+    init_errors2();
+    init_envelope();
+    init_errors();
+  }
+});
+
+// src/templates/init.ts
+function deterministicCompiledAt(version) {
+  const [major, minor, patch] = version.split(".").map(Number);
+  const epoch = /* @__PURE__ */ new Date("2026-01-01T00:00:00.000Z");
+  epoch.setUTCDate(epoch.getUTCDate() + (major - 1) * 365 + minor * 30 + patch);
+  return epoch.toISOString();
+}
+function buildCompiledPolicyFromTemplate(bundle, params) {
+  const policy = applyChannelTemplate(
+    bundle.metadata.channel,
+    {
+      agent_id: params.agent_id,
+      counterparty: params.counterparty,
+      fortress_id: params.fortress_id,
+      policy_version: params.policy_version
+    }
+  );
+  policy.compiled_at = deterministicCompiledAt(bundle.metadata.version);
+  policy.source_english = bundle.policy_english;
+  if (bundle.defaults.egress.length > 0) {
+    const egress = {
+      allowlist: bundle.defaults.egress.map((e) => ({
+        destination: e.destination,
+        methods: [...e.methods]
+      }))
+    };
+    policy.egress = egress;
+  }
+  const budgets = {};
+  if (bundle.defaults.budgets.daily) {
+    budgets.daily = { ...bundle.defaults.budgets.daily };
+  }
+  if (bundle.defaults.budgets.monthly) {
+    budgets.monthly = { ...bundle.defaults.budgets.monthly };
+  }
+  if (budgets.daily || budgets.monthly) {
+    policy.budgets = budgets;
+  }
+  const windows = bundle.defaults.retention.windows;
+  if (Object.keys(windows).length > 0) {
+    const retention = {
+      windows: {}
+    };
+    for (const [slot, win] of Object.entries(windows)) {
+      if (win) {
+        retention.windows[slot] = { ...win };
+      }
+    }
+    policy.retention = retention;
+  }
+  const classes = bundle.commitments.shapes.map((s) => s.commitment_class);
+  for (const cls of classes) {
+    if (!policy.capabilities.concordia_commitment_classes.includes(cls)) {
+      policy.capabilities.concordia_commitment_classes.push(cls);
+    }
+  }
+  policy.capabilities.concordia_commitment_classes.sort();
+  validateCompiledPolicyShape(policy);
+  return policy;
+}
+function initTemplate(params) {
+  const bundle = getTemplate2(params.template_name);
+  if (!bundle) {
+    throw new Error(`unknown template: ${params.template_name}`);
+  }
+  const compiled = buildCompiledPolicyFromTemplate(bundle, {
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id,
+    counterparty: params.counterparty ?? "*",
+    policy_version: params.policy_version ?? 1
+  });
+  const signed_event = packPolicyUpdate({
+    policy: compiled,
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    monotonic_seq: params.monotonic_seq,
+    node_private_key: params.node_private_key,
+    principal_private_key: params.principal_private_key
+  });
+  return { compiled, signed_event, bundle };
+}
+var init_init = __esm({
+  "src/templates/init.ts"() {
+    init_channel_templates();
+    init_canonical_policy();
+    init_envelope2();
+    init_registry2();
+  }
+});
+function constantTimeEquals(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return diff === 0;
+}
+function extractToken(req, url) {
+  const header = req.headers.authorization;
+  if (header && header.startsWith("Bearer ")) {
+    return header.slice(7).trim();
+  }
+  const q = url.searchParams.get("token");
+  return q ?? null;
+}
+function isAuthorized(deps, req, url) {
+  if (!deps.authToken) return true;
+  const token = extractToken(req, url);
+  if (!token) return false;
+  return constantTimeEquals(token, deps.authToken);
+}
+function writeJSON(res, status, payload) {
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Cache-Control": "no-store"
+  });
+  res.end(JSON.stringify(payload));
+}
+async function readJSONBody(req) {
+  const chunks = [];
+  let size = 0;
+  const MAX = 256 * 1024;
+  for await (const chunk of req) {
+    size += chunk.length;
+    if (size > MAX) throw new Error("request body too large");
+    chunks.push(chunk);
+  }
+  const body = Buffer.concat(chunks).toString("utf-8");
+  if (!body) return {};
+  return JSON.parse(body);
+}
+function generateEphemeralKey() {
+  return new Uint8Array(crypto.randomBytes(32));
+}
+function writeText(res, status, body, contentType = "text/plain") {
+  res.writeHead(status, {
+    "Content-Type": contentType,
+    "Cache-Control": "no-store"
+  });
+  res.end(body);
+}
+async function handleRequest(deps, req, res) {
+  const host = req.headers.host || "localhost";
+  const url = new URL(req.url ?? "/", `http://${host}`);
+  const method = (req.method ?? "GET").toUpperCase();
+  const path = url.pathname;
+  if (!isAuthorized(deps, req, url)) {
+    writeJSON(res, 401, { error: "unauthorized" });
+    return true;
+  }
+  if (method === "GET" && path === "/api/health") {
+    writeJSON(res, 200, { ok: true, mode: deps.sources.mode });
+    return true;
+  }
+  if (method === "GET" && (path === "/" || path === "/index.html")) {
+    const snapshot = await getProtectionSnapshot(deps.sources);
+    const html = renderDashboardHTML({ snapshot, authToken: deps.authToken });
+    writeText(res, 200, html, "text/html; charset=utf-8");
+    return true;
+  }
+  if (method === "GET" && path === "/api/snapshot") {
+    const snapshot = await getProtectionSnapshot(deps.sources);
+    writeJSON(res, 200, snapshot);
+    return true;
+  }
+  const approvalMatch = /^\/api\/approvals\/([^/]+)\/(allow|deny)$/.exec(path);
+  if (method === "POST" && approvalMatch) {
+    const id = decodeURIComponent(approvalMatch[1]);
+    const action = approvalMatch[2];
+    if (!deps.approvals) {
+      writeJSON(res, 503, { error: "approvals_unavailable" });
+      return true;
+    }
+    const handler = action === "allow" ? deps.approvals.allow : deps.approvals.deny;
+    try {
+      const ok2 = await handler(id);
+      writeJSON(res, ok2 ? 200 : 404, { id, action, ok: ok2 });
+    } catch (err) {
+      writeJSON(res, 500, { error: "approval_failed", message: err.message });
+    }
+    return true;
+  }
+  if (method === "GET" && path === "/api/stream") {
+    await handleStream(deps, res);
+    return true;
+  }
+  if (method === "GET" && path === "/api/templates") {
+    try {
+      const templates = listTemplates();
+      writeJSON(res, 200, { templates });
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_load_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
+  const templateMatch = /^\/api\/templates\/([^/]+)$/.exec(path);
+  if (method === "GET" && templateMatch) {
+    const name = decodeURIComponent(templateMatch[1]);
+    try {
+      const entry = getTemplateEntry(name);
+      if (!entry) {
+        writeJSON(res, 404, { error: "template_not_found", name });
+        return true;
+      }
+      writeJSON(res, 200, entry);
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_load_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
+  const initMatch = /^\/api\/templates\/([^/]+)\/init$/.exec(path);
+  if (method === "POST" && initMatch) {
+    const name = decodeURIComponent(initMatch[1]);
+    try {
+      const bundle = getTemplate2(name);
+      if (!bundle) {
+        writeJSON(res, 404, { error: "template_not_found", name });
+        return true;
+      }
+      const body = await readJSONBody(req);
+      if (!body.agent_name || typeof body.agent_name !== "string") {
+        writeJSON(res, 400, {
+          error: "validation_error",
+          message: "agent_name is required and must be a string"
+        });
+        return true;
+      }
+      if (!/^[a-zA-Z0-9_-]+$/.test(body.agent_name)) {
+        writeJSON(res, 400, {
+          error: "validation_error",
+          message: "agent_name must contain only alphanumeric characters, hyphens, and underscores"
+        });
+        return true;
+      }
+      const nodeId = deps.nodeId ?? "dashboard-node";
+      const nodePrivateKey = deps.nodePrivateKey ?? generateEphemeralKey();
+      const principalId = deps.principalId ?? "dashboard-principal";
+      const fortressId = deps.fortressId ?? "default";
+      const result = initTemplate({
+        template_name: name,
+        agent_id: body.agent_name,
+        fortress_id: fortressId,
+        counterparty: "*",
+        policy_version: 1,
+        emitter_node: nodeId,
+        emitter_principal: principalId,
+        monotonic_seq: 1,
+        node_private_key: nodePrivateKey
+      });
+      writeJSON(res, 200, {
+        agent_id: body.agent_name,
+        signed_event_id: result.signed_event.event_id,
+        policy_version: result.compiled.policy_version,
+        template_name: name,
+        attestation_panel_url: `/console#agent_roster`
+      });
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_init_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
+  return false;
+}
+async function handleStream(deps, res) {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache, no-transform",
+    Connection: "keep-alive",
+    "X-Accel-Buffering": "no"
+  });
+  const snapshot = await getProtectionSnapshot(deps.sources);
+  res.write(`event: snapshot
+data: ${JSON.stringify(snapshot)}
+
+`);
+  const unsubscribe = deps.onEvent ? deps.onEvent((event) => {
+    try {
+      res.write(`event: ${event.type}
+data: ${JSON.stringify(event.data)}
+
+`);
+    } catch {
+    }
+  }) : () => {
+  };
+  const keepAlive = setInterval(() => {
+    try {
+      res.write(": keepalive\n\n");
+    } catch {
+    }
+  }, 25e3);
+  const cleanup = () => {
+    clearInterval(keepAlive);
+    unsubscribe();
+  };
+  res.on("close", cleanup);
+  res.on("error", cleanup);
+}
+var init_api = __esm({
+  "src/dashboard/api.ts"() {
+    init_aggregator();
+    init_html();
+    init_registry2();
+    init_init();
+  }
+});
+async function startDashboardServer(options) {
+  const port = options.port ?? DEFAULT_PORT;
+  const host = options.host ?? DEFAULT_HOST;
+  const listeners = /* @__PURE__ */ new Set();
+  const onEvent = (listener) => {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+  };
+  const publish = (event) => {
+    for (const listener of listeners) {
+      try {
+        listener(event);
+      } catch {
+      }
+    }
+  };
+  const deps = {
+    sources: options.sources,
+    authToken: options.authToken,
+    approvals: options.approvals,
+    onEvent
+  };
+  const server = http.createServer(async (req, res) => {
+    try {
+      const served = await handleRequest(deps, req, res);
+      if (!served) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "not_found", path: req.url }));
+      }
+    } catch (err) {
+      try {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "internal", message: err.message }));
+      } catch {
+      }
+    }
+  });
+  await new Promise((resolve2, reject) => {
+    server.once("error", reject);
+    server.listen(port, host, () => {
+      server.off("error", reject);
+      resolve2();
+    });
+  });
+  const actualPort = (() => {
+    const addr = server.address();
+    if (addr && typeof addr === "object") return addr.port;
+    return port;
+  })();
+  const url = `http://${host}:${actualPort}`;
+  return {
+    url,
+    port: actualPort,
+    host,
+    stop: () => new Promise((resolve2, reject) => {
+      server.close((err) => err ? reject(err) : resolve2());
+    }),
+    publish,
+    publishActivity: (entry) => publish({ type: "activity", data: entry }),
+    publishApproval: (approval) => publish({ type: "approval", data: approval })
+  };
+}
+var DEFAULT_PORT, DEFAULT_HOST;
+var init_server = __esm({
+  "src/dashboard/server.ts"() {
+    init_api();
+    DEFAULT_PORT = 3501;
+    DEFAULT_HOST = "127.0.0.1";
+  }
+});
+
+// src/dashboard/index.ts
+async function startDashboard(options) {
+  const activity = options.initialActivity ? [...options.initialActivity] : [];
+  const pending = options.initialPendingApprovals ? [...options.initialPendingApprovals] : [];
+  const sources = {
+    mode: options.mode,
+    server_version: options.serverVersion,
+    ...options.auditLog ? { auditLog: options.auditLog } : {},
+    ...options.identityManager ? { identityManager: options.identityManager } : {},
+    ...options.clientManager ? { clientManager: options.clientManager } : {},
+    ...options.baseline ? { baseline: options.baseline } : {},
     ...options.policy ? { policy: options.policy } : {},
     ...options.reputation ? { reputation: options.reputation } : {},
     ...options.teeAvailable != null ? { teeAvailable: options.teeAvailable } : {},
@@ -23677,6 +24965,90 @@ var init_paths = __esm({
     DEFAULT_DASHBOARD_PORT = 3501;
   }
 });
+function getPlatformPaths() {
+  const home = os.homedir();
+  return {
+    "openclaw": [
+      path.join(home, ".openclaw", "openclaw.json"),
+      path.join(home, ".openclaw", "config.json"),
+      path.join(home, "Library", "Application Support", "OpenClaw", "openclaw.json"),
+      path.join(home, "Library", "Application Support", "OpenClaw", "config.json")
+    ],
+    // Hermes Agent (NousResearch, v0.9.0) canonicals live under ~/.hermes.
+    // Hermes ships `cli-config.yaml` as the primary surface per upstream docs.
+    // Sanctuary wrap v1.0 detects the JSON variant only: operators who keep
+    // YAML can still wrap via `sanctuary wrap --wrap <path>` after exporting
+    // to JSON. YAML-native detection is flagged as a v1.x follow-up.
+    "hermes": [
+      path.join(home, ".hermes", "cli-config.json"),
+      path.join(home, ".hermes", "config.json"),
+      path.join(home, ".config", "hermes", "cli-config.json")
+    ],
+    // Claude Code's modern canonical surface is ~/.claude.json (`claude mcp
+    // add` writes here). The legacy ~/.claude/settings.json shape predates
+    // it and is still respected if present. Probe order = preference order:
+    // wrap operates on the first one that exists, and bootstraps a fresh
+    // ~/.claude.json when neither is present (per the cli.ts bootstrap).
+    "claude-code": [
+      path.join(home, ".claude.json"),
+      path.join(home, ".claude", "settings.json"),
+      path.join(home, ".config", "claude-code", "settings.json")
+    ],
+    "cursor": [
+      path.join(home, ".cursor", "mcp.json")
+    ],
+    // Cline is a VS Code extension (saoudrizwan.claude-dev). Its MCP settings
+    // live under the VS Code globalStorage tree, which is OS-specific. We
+    // enumerate the three supported OS layouts; at detection time only the
+    // one matching the running OS will exist.
+    "cline": [
+      // macOS
+      path.join(
+        home,
+        "Library",
+        "Application Support",
+        "Code",
+        "User",
+        "globalStorage",
+        "saoudrizwan.claude-dev",
+        "settings",
+        "cline_mcp_settings.json"
+      ),
+      // Linux
+      path.join(
+        home,
+        ".config",
+        "Code",
+        "User",
+        "globalStorage",
+        "saoudrizwan.claude-dev",
+        "settings",
+        "cline_mcp_settings.json"
+      ),
+      // Windows (honour APPDATA when set, otherwise reconstruct under home)
+      process.env.APPDATA ? path.join(
+        process.env.APPDATA,
+        "Code",
+        "User",
+        "globalStorage",
+        "saoudrizwan.claude-dev",
+        "settings",
+        "cline_mcp_settings.json"
+      ) : path.join(
+        home,
+        "AppData",
+        "Roaming",
+        "Code",
+        "User",
+        "globalStorage",
+        "saoudrizwan.claude-dev",
+        "settings",
+        "cline_mcp_settings.json"
+      )
+    ],
+    "generic": []
+  };
+}
 function backupDir() {
   return path.join(resolveStoragePath(), "backup");
 }
@@ -23720,7 +25092,7 @@ async function detectAgentConfigWithDiagnostics(platform4, configPath) {
     return { config, pathsChecked, errors };
   }
   if (platform4) {
-    const paths = PLATFORM_PATHS[platform4];
+    const paths = getPlatformPaths()[platform4];
     for (const path of paths) {
       pathsChecked.push(path);
       const { config, error } = await readConfigFileWithError(path, platform4);
@@ -23729,7 +25101,7 @@ async function detectAgentConfigWithDiagnostics(platform4, configPath) {
     }
     return { config: null, pathsChecked, errors };
   }
-  for (const [plat, paths] of Object.entries(PLATFORM_PATHS)) {
+  for (const [plat, paths] of Object.entries(getPlatformPaths())) {
     for (const path of paths) {
       pathsChecked.push(path);
       const { config, error } = await readConfigFileWithError(path, plat);
@@ -23787,7 +25159,7 @@ function extractServers(config, platform4) {
     const mcpServers = obj.mcpServers;
     if (mcpServers && typeof mcpServers === "object") {
       for (const [name, serverConfig] of Object.entries(mcpServers)) {
-        if (name.toLowerCase().includes("sanctuary")) continue;
+        if (isCanonicalSanctuaryName(name)) continue;
         const entry = parseServerEntry(name, serverConfig);
         if (entry) servers.push(entry);
       }
@@ -23797,7 +25169,27 @@ function extractServers(config, platform4) {
     const mcpServers = obj.mcpServers;
     if (mcpServers && typeof mcpServers === "object") {
       for (const [name, serverConfig] of Object.entries(mcpServers)) {
-        if (name.toLowerCase().includes("sanctuary")) continue;
+        if (isCanonicalSanctuaryName(name)) continue;
+        const entry = parseServerEntry(name, serverConfig);
+        if (entry) servers.push(entry);
+      }
+    }
+  }
+  if (platform4 === "hermes") {
+    const mcpServers = obj.mcp_servers;
+    if (mcpServers && typeof mcpServers === "object") {
+      for (const [name, serverConfig] of Object.entries(mcpServers)) {
+        if (isCanonicalSanctuaryName(name)) continue;
+        const entry = parseServerEntry(name, serverConfig);
+        if (entry) servers.push(entry);
+      }
+    }
+  }
+  if (platform4 === "cline") {
+    const mcpServers = obj.mcpServers;
+    if (mcpServers && typeof mcpServers === "object") {
+      for (const [name, serverConfig] of Object.entries(mcpServers)) {
+        if (isCanonicalSanctuaryName(name)) continue;
         const entry = parseServerEntry(name, serverConfig);
         if (entry) servers.push(entry);
       }
@@ -23805,6 +25197,9 @@ function extractServers(config, platform4) {
   }
   return servers;
 }
+function isCanonicalSanctuaryName(name) {
+  return name.toLowerCase() === "sanctuary";
+}
 function parseServerEntry(name, config) {
   if (!config || typeof config !== "object") return null;
   const c = config;
@@ -23843,6 +25238,8 @@ async function rewriteConfigForCocoon(agentConfig, sanctuaryCommand, sanctuaryAr
   if (agentConfig.platform === "openclaw") {
     const existingMcp = raw.mcp ?? {};
     existingServers = existingMcp.servers ?? {};
+  } else if (agentConfig.platform === "hermes") {
+    existingServers = raw.mcp_servers ?? {};
   } else {
     existingServers = raw.mcpServers ?? {};
   }
@@ -23886,6 +25283,14 @@ async function rewriteConfigForCocoon(agentConfig, sanctuaryCommand, sanctuaryAr
       }
     };
     delete rewritten.mcpServers;
+  } else if (agentConfig.platform === "hermes") {
+    rewritten = {
+      ...raw,
+      mcp_servers: {
+        ...existingServers,
+        sanctuary: sanctuaryEntry
+      }
+    };
   } else {
     rewritten = {
       ...raw,
@@ -23898,26 +25303,9 @@ async function rewriteConfigForCocoon(agentConfig, sanctuaryCommand, sanctuaryAr
   await promises.writeFile(agentConfig.configPath, JSON.stringify(rewritten, null, 2), { mode: 384 });
   return agentConfig.configPath;
 }
-var PLATFORM_PATHS;
 var init_config_reader = __esm({
   "src/cocoon/config-reader.ts"() {
     init_paths();
-    PLATFORM_PATHS = {
-      "openclaw": [
-        path.join(os.homedir(), ".openclaw", "openclaw.json"),
-        path.join(os.homedir(), ".openclaw", "config.json"),
-        path.join(os.homedir(), "Library", "Application Support", "OpenClaw", "openclaw.json"),
-        path.join(os.homedir(), "Library", "Application Support", "OpenClaw", "config.json")
-      ],
-      "claude-code": [
-        path.join(os.homedir(), ".claude", "settings.json"),
-        path.join(os.homedir(), ".config", "claude-code", "settings.json")
-      ],
-      "cursor": [
-        path.join(os.homedir(), ".cursor", "mcp.json")
-      ],
-      "generic": []
-    };
   }
 });
 
@@ -24223,13 +25611,46 @@ async function runWrap(options, deps = {}) {
   }
   let platformHint;
   if (options.openclaw) platformHint = "openclaw";
+  else if (options.hermes) platformHint = "hermes";
   else if (options.claudeCode) platformHint = "claude-code";
   else if (options.cursor) platformHint = "cursor";
-  const detection = await detectAgentConfigWithDiagnostics(
+  else if (options.cline) platformHint = "cline";
+  let detection = await detectAgentConfigWithDiagnostics(
     platformHint,
     options.wrap
   );
-  const agentConfig = detection.config;
+  let agentConfig = detection.config;
+  if (!agentConfig && platformHint && !options.wrap) {
+    const candidatePaths = getPlatformPaths()[platformHint];
+    const canonicalPath = candidatePaths[0];
+    if (canonicalPath) {
+      try {
+        await promises.mkdir(path.dirname(canonicalPath), { recursive: true, mode: 448 });
+        await promises.writeFile(canonicalPath, "{}", { mode: 384 });
+        console.error(
+          `
+  No existing ${platformHint} config found.`
+        );
+        console.error(
+          `  Bootstrapped a fresh config at ${canonicalPath}.
+`
+        );
+        detection = await detectAgentConfigWithDiagnostics(
+          platformHint,
+          options.wrap
+        );
+        agentConfig = detection.config;
+      } catch (err) {
+        console.error(
+          `
+  Sanctuary: could not bootstrap ${platformHint} config at ${canonicalPath}`
+        );
+        console.error(`  Error: ${err.message}
+`);
+        process.exit(1);
+      }
+    }
+  }
   if (!agentConfig) {
     console.error(`
   Sanctuary \u2014 Configuration Not Found
@@ -24241,7 +25662,7 @@ async function runWrap(options, deps = {}) {
     } else {
       console.error("  Could not auto-detect any agent configuration.");
       console.error(
-        "  Use --openclaw, --claude-code, --cursor, or --wrap /path/to/config.json"
+        "  Use --openclaw, --hermes, --claude-code, --cursor, --cline, or --wrap /path/to/config.json"
       );
     }
     if (detection.pathsChecked.length > 0) {
@@ -24259,25 +25680,25 @@ async function runWrap(options, deps = {}) {
     console.error("");
     process.exit(1);
   }
-  if (agentConfig.servers.length === 0) {
+  const hasSanctuaryInRaw = rawConfigContainsSanctuary(
+    agentConfig.rawConfig,
+    agentConfig.platform
+  );
+  if (hasSanctuaryInRaw) {
     console.error(
       `
-  Found ${agentConfig.platform} config at ${agentConfig.configPath},`
+  Sanctuary already wrapped: updating the existing Sanctuary entry.
+`
     );
-    console.error(`  but no MCP servers are configured in it.
-`);
-    process.exit(1);
-  }
-  const hasSanctuary = agentConfig.servers.some(
-    (s) => s.name.toLowerCase() === "sanctuary"
-  );
-  if (hasSanctuary) {
+  } else if (agentConfig.servers.length === 0) {
     console.error(
       `
-  Warning: This agent already has a Sanctuary server configured.`
+  Found ${agentConfig.platform} config at ${agentConfig.configPath} with no MCP servers yet.`
+    );
+    console.error(
+      `  Sanctuary will be installed as the only MCP server.
+`
     );
-    console.error(`  Re-wrapping will update the existing Sanctuary entry.
-`);
   }
   console.error(`
   Sanctuary wrap`);
@@ -24553,7 +25974,7 @@ async function verifyRewrittenConfig(configPath, backupPath) {
       await restoreFromBackup(configPath, backupPath);
       return false;
     }
-    const servers = parsed.mcp?.servers ?? parsed.mcpServers ?? {};
+    const servers = parsed.mcp?.servers ?? parsed.mcpServers ?? parsed.mcp_servers ?? {};
     if (!servers.sanctuary) {
       console.error(`
   Verification FAILED: No sanctuary entry in rewritten config.`);
@@ -24644,10 +26065,14 @@ function toolNameFor(platform4, _servers) {
   switch (platform4) {
     case "openclaw":
       return "OpenClaw";
+    case "hermes":
+      return "Hermes Agent";
     case "claude-code":
       return "Claude Code";
     case "cursor":
       return "Cursor";
+    case "cline":
+      return "Cline";
     default:
       return "your agent";
   }
@@ -24658,6 +26083,23 @@ function countUpstreamTools(servers) {
 function readPackageVersion() {
   return SANCTUARY_VERSION;
 }
+function rawConfigContainsSanctuary(raw, agentPlatform) {
+  if (!raw || typeof raw !== "object") return false;
+  const obj = raw;
+  let serversBag;
+  if (agentPlatform === "openclaw") {
+    const mcp = obj.mcp;
+    serversBag = mcp?.servers ?? obj.mcpServers;
+  } else if (agentPlatform === "hermes") {
+    serversBag = obj.mcp_servers;
+  } else {
+    serversBag = obj.mcpServers;
+  }
+  if (!serversBag || typeof serversBag !== "object") return false;
+  return Object.keys(serversBag).some(
+    (name) => name.toLowerCase() === "sanctuary"
+  );
+}
 function parseWrapArgs(argv) {
   const options = {};
   for (let i = 0; i < argv.length; i++) {
@@ -24668,12 +26110,18 @@ function parseWrapArgs(argv) {
       case "--openclaw":
         options.openclaw = true;
         break;
+      case "--hermes":
+        options.hermes = true;
+        break;
       case "--claude-code":
         options.claudeCode = true;
         break;
       case "--cursor":
         options.cursor = true;
         break;
+      case "--cline":
+        options.cline = true;
+        break;
       case "--unwrap":
         options.unwrap = true;
         break;
@@ -24703,15 +26151,19 @@ function printWrapHelp() {
 
   Usage:
     sanctuary wrap --openclaw          Wrap OpenClaw
+    sanctuary wrap --hermes            Wrap Hermes Agent (NousResearch)
     sanctuary wrap --claude-code       Wrap Claude Code
     sanctuary wrap --cursor            Wrap Cursor
+    sanctuary wrap --cline             Wrap Cline (VS Code extension)
     sanctuary wrap --wrap <path>       Wrap a specific MCP config file
     sanctuary wrap --unwrap            Restore original config
 
   Options:
     --openclaw         Auto-detect and wrap OpenClaw
+    --hermes           Auto-detect and wrap Hermes Agent
     --claude-code      Auto-detect and wrap Claude Code
     --cursor           Auto-detect and wrap Cursor
+    --cline            Auto-detect and wrap Cline (VS Code extension)
     --wrap <path>      Wrap a specific MCP config file
     --unwrap           Restore original config from backup
     --passphrase <p>   Override the stored passphrase (one-off)
@@ -26654,6 +28106,230 @@ var init_secrets = __esm({
     STDIN_READ_DEADLINE_MS = 3e4;
   }
 });
+
+// src/templates/cli.ts
+var cli_exports3 = {};
+__export(cli_exports3, {
+  runTemplateCommand: () => runTemplateCommand
+});
+async function runTemplateCommand(args) {
+  const out = args.out ?? process.stdout;
+  const err = args.err ?? process.stderr;
+  const [sub, ...rest] = args.argv;
+  if (!sub || sub === "--help" || sub === "-h") {
+    printTemplateHelp(out);
+    return 0;
+  }
+  switch (sub) {
+    case "list":
+      return cmdList2(out);
+    case "init":
+      return cmdInit(rest, out, err);
+    default:
+      err.write(`Unknown template subcommand: ${sub}
+`);
+      printTemplateHelp(err);
+      return 1;
+  }
+}
+function cmdList2(out, _err) {
+  const templates = listTemplates();
+  out.write("\nSanctuary Template Library\n");
+  out.write("=".repeat(60) + "\n\n");
+  out.write(
+    padRight("NAME", 24) + padRight("CHANNEL", 26) + padRight("TIER", 6) + "DESCRIPTION\n"
+  );
+  out.write("-".repeat(100) + "\n");
+  for (const entry of templates) {
+    const m = entry.metadata;
+    out.write(
+      padRight(m.name, 24) + padRight(m.channel, 26) + padRight(m.tier, 6) + m.description + "\n"
+    );
+  }
+  out.write("\n");
+  out.write(`Use "sanctuary template init <name> --agent-id <id>" to load a template.
+
+`);
+  return 0;
+}
+function padRight(str, len) {
+  return str.length >= len ? str + " " : str + " ".repeat(len - str.length);
+}
+function cmdInit(argv, out, err) {
+  let templateName;
+  let agentId;
+  let fortressId = "fortress-default";
+  let counterparty = "*";
+  for (let i = 0; i < argv.length; i++) {
+    if (argv[i] === "--agent-id" && argv[i + 1]) {
+      agentId = argv[++i];
+    } else if (argv[i] === "--fortress-id" && argv[i + 1]) {
+      fortressId = argv[++i];
+    } else if (argv[i] === "--counterparty" && argv[i + 1]) {
+      counterparty = argv[++i];
+    } else if (argv[i] === "--help" || argv[i] === "-h") {
+      printInitHelp(out);
+      return 0;
+    } else if (!argv[i].startsWith("--")) {
+      templateName = argv[i];
+    }
+  }
+  if (!templateName) {
+    err.write("Error: template name is required.\n");
+    err.write(`Available templates: ${TEMPLATE_NAMES.join(", ")}
+`);
+    return 1;
+  }
+  if (!isTemplateName(templateName)) {
+    err.write(`Error: unknown template "${templateName}".
+`);
+    err.write(`Available templates: ${TEMPLATE_NAMES.join(", ")}
+`);
+    return 1;
+  }
+  if (!agentId) {
+    err.write("Error: --agent-id is required.\n");
+    return 1;
+  }
+  const bundle = getTemplate2(templateName);
+  if (!bundle) {
+    err.write(`Error: template "${templateName}" not found.
+`);
+    return 1;
+  }
+  const compiled = buildCompiledPolicyFromTemplate(bundle, {
+    agent_id: agentId,
+    fortress_id: fortressId,
+    counterparty,
+    policy_version: 1
+  });
+  const blob = encodePolicyBlob(compiled);
+  out.write("\nTemplate initialized successfully.\n");
+  out.write("=".repeat(60) + "\n\n");
+  out.write(`Template:       ${bundle.metadata.name}
+`);
+  out.write(`Channel:        ${bundle.metadata.channel}
+`);
+  out.write(`Tier:           ${bundle.metadata.tier}
+`);
+  out.write(`Agent ID:       ${compiled.agent_id}
+`);
+  out.write(`Fortress ID:    ${compiled.fortress_id}
+`);
+  out.write(`Policy Version: ${compiled.policy_version}
+`);
+  out.write(`Schema Version: ${compiled.schema_version}
+`);
+  out.write("\n");
+  out.write("Slot access:\n");
+  for (const slot of ["memory", "credentials", "plans", "outputs"]) {
+    const rule = compiled.slots[slot];
+    if (rule.mode === "deny") {
+      out.write(`  ${slot}: deny (hermetic)
+`);
+    } else {
+      const grants = rule.grants.map(
+        (g) => `${g.action} by ${g.counterparty}`
+      );
+      out.write(`  ${slot}: ${grants.join(", ")}
+`);
+    }
+  }
+  if (compiled.capabilities.concordia_commitment_classes.length > 0) {
+    out.write(
+      `
+Commitment classes: ${compiled.capabilities.concordia_commitment_classes.join(", ")}
+`
+    );
+  }
+  if (compiled.egress) {
+    out.write(`
+Egress allowlist (${compiled.egress.allowlist.length} entries):
+`);
+    for (const rule of compiled.egress.allowlist) {
+      const methods = rule.methods.length > 0 ? rule.methods.join(",") : "*";
+      out.write(`  ${rule.destination} [${methods}]
+`);
+    }
+  } else {
+    out.write("\nEgress: hermetic (no outbound access)\n");
+  }
+  if (compiled.budgets) {
+    out.write("\nBudgets:\n");
+    if (compiled.budgets.daily) {
+      out.write(
+        `  Daily: ${compiled.budgets.daily.amount} ${compiled.budgets.daily.unit}
+`
+      );
+    }
+    if (compiled.budgets.monthly) {
+      out.write(
+        `  Monthly: ${compiled.budgets.monthly.amount} ${compiled.budgets.monthly.unit}
+`
+      );
+    }
+  }
+  if (compiled.retention) {
+    out.write("\nRetention windows:\n");
+    for (const [slot, win] of Object.entries(compiled.retention.windows)) {
+      if (win) {
+        const days = Math.round(win.max_age_seconds / 86400);
+        out.write(`  ${slot}: ${days} days${win.archive ? " (archive)" : ""}
+`);
+      }
+    }
+  }
+  out.write(`
+Policy blob (base64url, ${blob.length} chars):
+`);
+  out.write(`  ${blob.slice(0, 80)}...
+
+`);
+  out.write(
+    "To sign and emit this policy as a policy_update event, use the\npolicy engine's packPolicyUpdate with your node signing key.\n\n"
+  );
+  return 0;
+}
+function printTemplateHelp(out) {
+  out.write(`
+sanctuary template \u2014 Manage Sanctuary policy templates.
+
+Usage:
+  sanctuary template list                    List available templates
+  sanctuary template init <name> [options]   Load a template
+
+Options:
+  --help, -h    Show this help
+
+Use "sanctuary template init --help" for init-specific options.
+`);
+}
+function printInitHelp(out) {
+  out.write(`
+sanctuary template init \u2014 Load a template into a fortress.
+
+Usage:
+  sanctuary template init <name> --agent-id <id> [options]
+
+Arguments:
+  <name>              Template name (see "sanctuary template list")
+
+Options:
+  --agent-id <id>     Agent ID to bind the policy to (required)
+  --fortress-id <id>  Fortress ID (default: "fortress-default")
+  --counterparty <id> Counterparty for channel grants (default: "*")
+  --help, -h          Show this help
+
+Available templates: ${TEMPLATE_NAMES.join(", ")}
+`);
+}
+var init_cli3 = __esm({
+  "src/templates/cli.ts"() {
+    init_registry2();
+    init_init();
+    init_canonical_policy();
+  }
+});
 async function isTenantDir(path$1) {
   const [hasState, hasProfile, hasFallback] = await Promise.all([
     dirExists(path.join(path$1, "state")),
@@ -26865,7 +28541,7 @@ async function runAgentsCommand(args) {
   try {
     switch (sub) {
       case "list":
-        return await cmdList2(rest, ctx);
+        return await cmdList3(rest, ctx);
       case "show":
         return await cmdShow(rest, ctx);
       case "status":
@@ -26924,11 +28600,11 @@ function passphraseLabel(tenant) {
       return "not-init";
   }
 }
-function padRight(s, width) {
+function padRight2(s, width) {
   if (s.length >= width) return s;
   return s + " ".repeat(width - s.length);
 }
-async function cmdList2(argv, ctx) {
+async function cmdList3(argv, ctx) {
   const json = hasJsonFlag(argv);
   const tenants = await discoverTenants(ctx.discoverOpts);
   if (json) {
@@ -26960,7 +28636,7 @@ async function cmdList2(argv, ctx) {
   }));
   const nameW = Math.max(4, ...rows.map((r) => r.tenant.name.length));
   const pathW = Math.max(12, ...rows.map((r) => r.tenant.storage_path.length));
-  const header = padRight("NAME", nameW) + "  " + padRight("STATUS", 8) + padRight("DASH", 6) + padRight("HOOK", 6) + padRight("PP", 15) + padRight("STORAGE", pathW);
+  const header = padRight2("NAME", nameW) + "  " + padRight2("STATUS", 8) + padRight2("DASH", 6) + padRight2("HOOK", 6) + padRight2("PP", 15) + padRight2("STORAGE", pathW);
   ctx.out.write(header + "\n");
   for (const { tenant, probe } of rows) {
     const status = probe.running ? "running" : tenant.initialized ? "stopped" : "empty";
@@ -26968,7 +28644,7 @@ async function cmdList2(argv, ctx) {
     const webhook = tenant.runtime?.webhook_callback_port != null ? String(tenant.runtime.webhook_callback_port) : "-";
     const pp = passphraseLabel(tenant);
     ctx.out.write(
-      padRight(tenant.name, nameW) + "  " + padRight(status, 8) + padRight(dashboard, 6) + padRight(webhook, 6) + padRight(pp, 15) + padRight(tenant.storage_path, pathW) + "\n"
+      padRight2(tenant.name, nameW) + "  " + padRight2(status, 8) + padRight2(dashboard, 6) + padRight2(webhook, 6) + padRight2(pp, 15) + padRight2(tenant.storage_path, pathW) + "\n"
     );
   }
   return 0;
@@ -27077,13 +28753,13 @@ async function cmdStatus(argv, ctx) {
     const dash = tenant.runtime?.dashboard_port != null ? `:${tenant.runtime.dashboard_port}` : "";
     const last = tenant.last_activity ? ` \xB7 last ${formatRelative2(tenant.last_activity)}` : "";
     ctx.out.write(
-      `${padRight(tenant.name, nameW)}  ${padRight(state, 8)}${dash}${last}
+      `${padRight2(tenant.name, nameW)}  ${padRight2(state, 8)}${dash}${last}
 `
     );
   }
   return 0;
 }
-var init_cli3 = __esm({
+var init_cli4 = __esm({
   "src/cli/agents/cli.ts"() {
     init_discovery();
     init_health();
@@ -27107,7 +28783,7 @@ var init_agents = __esm({
     init_discovery();
     init_health();
     init_runtime();
-    init_cli3();
+    init_cli4();
   }
 });
 
@@ -27621,8 +29297,8 @@ Refusing to generate a new recovery key over the default root \u2014 that would
   const dashboardHost = options.host ?? config.dashboard.host;
   let authToken = config.dashboard.auth_token;
   if (authToken === "auto") {
-    const { randomBytes: randomBytes7 } = await import('crypto');
-    authToken = randomBytes7(32).toString("hex");
+    const { randomBytes: randomBytes8 } = await import('crypto');
+    authToken = randomBytes8(32).toString("hex");
   }
   const dashboard = new DashboardApprovalChannel({
     port: dashboardPort,
@@ -27847,6 +29523,11 @@ async function main() {
     const code = await runSecretsCommand2({ argv: args.slice(1) });
     process.exit(code);
   }
+  if (args[0] === "template") {
+    const { runTemplateCommand: runTemplateCommand2 } = await Promise.resolve().then(() => (init_cli3(), cli_exports3));
+    const code = await runTemplateCommand2({ argv: args.slice(1) });
+    process.exit(code);
+  }
   if (args[0] === "agents") {
     const { runAgentsCommand: runAgentsCommand2 } = await Promise.resolve().then(() => (init_agents(), agents_exports));
     const code = await runAgentsCommand2({ argv: args.slice(1) });
@@ -28043,6 +29724,9 @@ Subcommands:
                        Use "sanctuary dashboard --help" for options.
                        Pass --multi to render the multi-tenant overview.
 
+  template             Manage policy templates (list, init).
+                       Use "sanctuary template --help" for options.
+
   agents               List / inspect tenants on a multi-agent host.
                        Use "sanctuary agents --help" for options.