@sanctuary-framework/mcp-server 0.10.5 → 1.0.0-rc.1

package/dist/index.js

@@ -4,7 +4,7 @@ import { sha256 } from '@noble/hashes/sha256';
 import { hmac } from '@noble/hashes/hmac';
 import { RistrettoPoint, ed25519 } from '@noble/curves/ed25519';
 import { readFile, mkdir, writeFile, stat, unlink, readdir, chmod, access } from 'fs/promises';
-import { join } from 'path';
+import { join, dirname } from 'path';
 import { platform, homedir } from 'os';
 import { createRequire } from 'module';
 import { argon2id } from 'hash-wasm';
@@ -14,10 +14,11 @@ import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprot
 import { createServer as createServer$2 } from 'http';
 import { createServer as createServer$1 } from 'https';
 import { exec, execSync } from 'child_process';
-import { statSync } from 'fs';
+import { statSync, existsSync, readFileSync } from 'fs';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { fileURLToPath } from 'url';
 
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -813,7 +814,8 @@ var RESERVED_NAMESPACE_PREFIXES = [
   "_handshake",
   "_shr",
   "_sovereignty_profile",
-  "_context_gate_policies"
+  "_context_gate_policies",
+  "_fortress_mode"
 ];
 var StateStore = class _StateStore {
   storage;
@@ -1387,7 +1389,8 @@ var RESERVED_NAMESPACE_PREFIXES2 = [
   "_handshake",
   "_shr",
   "_sovereignty_profile",
-  "_context_gate_policies"
+  "_context_gate_policies",
+  "_fortress_mode"
 ];
 function getReservedNamespaceViolation(namespace) {
   for (const prefix of RESERVED_NAMESPACE_PREFIXES2) {
@@ -4140,8 +4143,12 @@ var DEFAULT_POLICY = {
     // Clears all runtime governance state — always requires approval
     "sanctuary_bootstrap",
     // Creates new Ed25519 identity + publishes — always requires approval
-    "sanctuary_export_identity_bundle"
+    "sanctuary_export_identity_bundle",
     // Exports portable identity — always requires approval
+    // WP-MVP-2 Operator Console: federation-node-join requires explicit
+    // operator confirmation per Key 8. No auto-approve path. The console's
+    // JoinApprover drives this gate via `MeshConsoleClient.makeJoinApprover`.
+    "federation_node_join"
   ],
   tier2_anomaly: DEFAULT_TIER2,
   tier3_always_allow: [
@@ -6400,6 +6407,28 @@ function generateDashboardHTML(options) {
         </div>
       </div>
 
+      <!--
+        Mesh Health panel (WP-MVP-3 Follow-up #3).
+        Subscribes to the existing /events SSE channel \u2014 no new transport.
+        Render shape: per-node row with presence + flags + rollup.
+        On open alert: list inline with operator-decision CTAs (rollback /
+        split-brain / canonical-audit promotion).
+        On post-recovery prompt: render rotation-prompt overlay with
+        broker-credential list + "rotate now" buttons (rotation flow itself
+        is the existing v0.10.x broker rotation surface).
+      -->
+      <div class="mesh-health-panel" id="mesh-health-panel">
+        <div class="panel-header">
+          <div class="panel-title">Mesh Health</div>
+          <span class="card-value" id="mesh-health-updated-at" style="font-size: 11px; color: var(--text-secondary);">\u2014</span>
+        </div>
+        <div id="mesh-health-rows" class="mesh-health-rows">
+          <div class="empty-state">Waiting for mesh health data\u2026</div>
+        </div>
+        <div id="mesh-health-alerts" class="mesh-health-alerts" style="margin-top: 12px;"></div>
+        <div id="mesh-post-recovery-prompt" class="mesh-post-recovery-prompt" style="margin-top: 12px; display: none;"></div>
+      </div>
+
       <!-- Sovereignty Profile Panel -->
       <div class="profile-panel" id="sovereignty-profile-panel">
         <div class="panel-header">
@@ -6602,6 +6631,11 @@ function generateDashboardHTML(options) {
     // SEC-038: Do NOT embed the long-lived auth token in page source.
     // Use only the session token stored in sessionStorage by the login flow.
     const AUTH_TOKEN = sessionStorage.getItem('authToken') || '';
+    // v0.10.6: server-baked flag mirroring _autoAuthLocalhost. When true,
+    // the init-time auth gate does NOT redirect to '/' on empty AUTH_TOKEN,
+    // because the server already admitted this loopback caller without a
+    // bearer token. See dashboard-html.ts generateDashboardHTML() doc.
+    const LOOPBACK_AUTH = ${JSON.stringify(options.loopbackAutoAuth === true)};
     const TIMEOUT_SECONDS = ${options.timeoutSeconds};
     const API_BASE = '';
 
@@ -7104,12 +7138,96 @@ function generateDashboardHTML(options) {
         loadProxyServers();
       });
 
+      // \u2500\u2500 Mesh Health (WP-MVP-3 Follow-up #3) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+      // The federation FailureModeDetector pushes per-tick snapshots and
+      // per-detection alerts via the existing /events channel. Renders are
+      // best-effort \u2014 if the panel DOM is absent (older HTML cache), we
+      // silently skip rather than crashing.
+      eventSource.addEventListener('mesh-health', (e) => {
+        try {
+          const snap = JSON.parse(e.data);
+          renderMeshHealth(snap);
+        } catch (err) { console.error('mesh-health render failed', err); }
+      });
+      eventSource.addEventListener('mesh-failure-mode-alert', (e) => {
+        try {
+          const alert = JSON.parse(e.data);
+          appendMeshAlert(alert);
+        } catch (err) { console.error('mesh alert render failed', err); }
+      });
+      eventSource.addEventListener('mesh-post-recovery-prompt', (e) => {
+        try {
+          const prompt = JSON.parse(e.data);
+          renderMeshPostRecoveryPrompt(prompt);
+        } catch (err) { console.error('mesh post-recovery render failed', err); }
+      });
+
       eventSource.onerror = () => {
         console.error('SSE error');
         setTimeout(setupSSE, 5000);
       };
     }
 
+    // \u2500\u2500 Mesh Health rendering (WP-MVP-3 Follow-up #3) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+    function renderMeshHealth(snap) {
+      const updatedAt = document.getElementById('mesh-health-updated-at');
+      const rows = document.getElementById('mesh-health-rows');
+      if (!rows || !snap) return;
+      if (updatedAt) updatedAt.textContent = formatTime(snap.generated_at);
+      const nodes = Array.isArray(snap.nodes) ? snap.nodes : [];
+      if (nodes.length === 0) {
+        rows.innerHTML = '<div class="empty-state">No mesh nodes seen yet.</div>';
+        return;
+      }
+      rows.innerHTML = nodes.map((n) => {
+        const flags = (n.flags || []).map((f) => '<span class="mesh-flag">' + esc(f) + '</span>').join(' ');
+        return '<div class="mesh-row" data-rollup="' + esc(n.rollup) + '">' +
+          '<span class="mesh-node-id">' + esc(n.node_id) + '</span>' +
+          '<span class="mesh-presence">' + esc(n.presence) + '</span>' +
+          '<span class="mesh-rollup">' + esc(n.rollup) + '</span>' +
+          '<span class="mesh-flags">' + flags + '</span>' +
+        '</div>';
+      }).join('');
+      const alertsBox = document.getElementById('mesh-health-alerts');
+      if (alertsBox && Array.isArray(snap.open_alerts)) {
+        alertsBox.innerHTML = snap.open_alerts.map((a) =>
+          '<div class="mesh-alert" data-mode="' + esc(a.mode) + '">' +
+          '<div class="mesh-alert-mode">' + esc(a.mode) + ' \u2014 ' + esc(a.target_node) + '</div>' +
+          '<div class="mesh-alert-message">' + esc(a.message) + '</div>' +
+          '</div>'
+        ).join('');
+      }
+    }
+
+    function appendMeshAlert(alert) {
+      const alertsBox = document.getElementById('mesh-health-alerts');
+      if (!alertsBox || !alert) return;
+      const html = '<div class="mesh-alert" data-mode="' + esc(alert.mode) + '">' +
+        '<div class="mesh-alert-mode">' + esc(alert.mode) + ' \u2014 ' + esc(alert.target_node) + '</div>' +
+        '<div class="mesh-alert-message">' + esc(alert.message) + '</div>' +
+        '</div>';
+      alertsBox.insertAdjacentHTML('afterbegin', html);
+    }
+
+    function renderMeshPostRecoveryPrompt(prompt) {
+      const box = document.getElementById('mesh-post-recovery-prompt');
+      if (!box || !prompt) return;
+      box.style.display = 'block';
+      const creds = Array.isArray(prompt.credentials) ? prompt.credentials : [];
+      box.innerHTML = '<div class="mesh-rotation-banner">' +
+        '<strong>Post-rotation hygiene:</strong> we just rotated your fortress root key. ' +
+        'Rotate externally-scoped broker credentials that third parties may still associate with ' +
+        'the pre-rotation key material.' +
+        '</div>' +
+        '<ul class="mesh-rotation-list">' +
+        creds.map((c) => '<li>' +
+          '<span class="mesh-cred-name">' + esc(c.secret_name) + '</span>' +
+          '<button class="mesh-cred-rotate" data-secret="' + esc(c.secret_name) + '">' +
+          'rotate now</button>' +
+          '</li>').join('') +
+        '</ul>';
+    }
+
     // Activity Feed
     function addActivityItem(item) {
       activityLog.unshift(item);
@@ -7709,7 +7827,13 @@ function generateDashboardHTML(options) {
 
     // Initialize
     async function initialize() {
-      if (!AUTH_TOKEN) {
+      // v0.10.6: gate on BOTH sessionStorage and the server-baked loopback
+      // auto-auth mirror. Pre-fix, a fresh loopback tab had empty
+      // sessionStorage.authToken AND was admitted by the server via
+      // _autoAuthLocalhost \u2014 this single-operand gate redirected to '/'
+      // which reloaded the same page, which redirected again, infinitely.
+      // See generateDashboardHTML() header comment for full threat model.
+      if (!AUTH_TOKEN && !LOOPBACK_AUTH) {
         redirectToLogin();
         return;
       }
@@ -8735,7 +8859,11 @@ var DashboardApprovalChannel = class {
     this.sessionTTLMs = isLocalhost ? SESSION_TTL_LOCAL_MS : SESSION_TTL_REMOTE_MS;
     this.dashboardHTML = generateDashboardHTML({
       timeoutSeconds: config.timeout_seconds,
-      serverVersion: SANCTUARY_VERSION
+      serverVersion: SANCTUARY_VERSION,
+      // Construction-time default; real value is set by setAutoAuthLocalhost()
+      // below (which regenerates this HTML). Default false preserves the
+      // pre-v0.10.6 remote-deployment behavior when auto-auth is not enabled.
+      loopbackAutoAuth: this._autoAuthLocalhost
     });
     this.loginHTML = generateLoginHTML({ serverVersion: SANCTUARY_VERSION });
     this.sessionCleanupTimer = setInterval(() => this.cleanupSessions(), 6e4);
@@ -8771,6 +8899,11 @@ var DashboardApprovalChannel = class {
    */
   setAutoAuthLocalhost(enabled) {
     this._autoAuthLocalhost = enabled;
+    this.dashboardHTML = generateDashboardHTML({
+      timeoutSeconds: this.config.timeout_seconds,
+      serverVersion: SANCTUARY_VERSION,
+      loopbackAutoAuth: this._autoAuthLocalhost
+    });
   }
   /**
    * v0.10.2: is this request from a loopback interface? We treat the
@@ -9655,6 +9788,27 @@ data: ${JSON.stringify(data)}
   broadcastProtectionStatus(data) {
     this.broadcastSSE("protection-status", data);
   }
+  // ── Mesh-health surface (WP-MVP-3 Follow-up #3) ─────────────────────
+  //
+  // The federation FailureModeDetector pushes per-tick health snapshots and
+  // per-detection alerts here; the existing /events SSE channel transports
+  // them to the browser. No new transport.
+  //
+  // Spec §8 + §9. Spawn-prompt acceptance criterion 7: "Mesh Health dashboard
+  // panel renders via existing SSE /events channel — no new transport. Every
+  // state transition produces an observable SSE event."
+  /** Push a Mesh Health snapshot (full re-render trigger on the client). */
+  broadcastMeshHealth(snapshot) {
+    this.broadcastSSE("mesh-health", snapshot);
+  }
+  /** Push a single failure-mode alert (incremental client update). */
+  broadcastMeshFailureModeAlert(alert) {
+    this.broadcastSSE("mesh-failure-mode-alert", alert);
+  }
+  /** Push a post-recovery prompt update (master rotation hygiene flow). */
+  broadcastMeshPostRecoveryPrompt(prompt) {
+    this.broadcastSSE("mesh-post-recovery-prompt", prompt);
+  }
   /**
    * Open a URL in the system's default browser.
    * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
@@ -12985,7 +13139,7 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const canonicalBytes = canonicalize(outcome);
   const canonicalString = new TextDecoder().decode(canonicalBytes);
-  const sha2565 = createCommitment(canonicalString);
+  const sha2567 = createCommitment(canonicalString);
   let pedersenData;
   if (includePedersen && Number.isInteger(outcome.rounds) && outcome.rounds >= 0) {
     const pedersen = createPedersenCommitment(outcome.rounds);
@@ -12997,7 +13151,7 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   const commitmentPayload = {
     bridge_commitment_id: commitmentId,
     session_id: outcome.session_id,
-    sha256_commitment: sha2565.commitment,
+    sha256_commitment: sha2567.commitment,
     terms_hash: outcome.terms_hash,
     committer_did: identity.did,
     committed_at: now,
@@ -13008,8 +13162,8 @@ function createBridgeCommitment(outcome, identity, identityEncryptionKey, includ
   return {
     bridge_commitment_id: commitmentId,
     session_id: outcome.session_id,
-    sha256_commitment: sha2565.commitment,
-    blinding_factor: sha2565.blinding_factor,
+    sha256_commitment: sha2567.commitment,
+    blinding_factor: sha2567.blinding_factor,
     committer_did: identity.did,
     signature: toBase64url(signature),
     pedersen_commitment: pedersenData,
@@ -21533,8 +21687,15 @@ function l3Card(l3) {
      <div><dt>Proofs today</dt><dd>${escHtml(l3.proofs_today)}</dd></div>`
   );
 }
+var VERASCORE_CLAIM_URL = "https://www.verascore.ai";
 function l4Card(l4) {
-  const score = l4.score != null ? `<div class="score-block"><span class="score-value">${escHtml(l4.score)}</span><span class="score-label">Verascore</span></div>` : `<div class="claim-block">${escHtml(l4.claim_cta ?? "Claim your profile at verascore.ai")}</div>`;
+  let score;
+  if (l4.score != null) {
+    score = `<div class="score-block"><span class="score-value">${escHtml(l4.score)}</span><span class="score-label">Verascore</span></div>`;
+  } else {
+    const claimText = l4.claim_cta ?? "Claim your profile at verascore.ai";
+    score = `<div class="claim-block"><a class="claim-link" href="${VERASCORE_CLAIM_URL}" target="_blank" rel="noopener noreferrer">${escHtml(claimText)}</a></div>`;
+  }
   return layerCard(
     l4,
     `<div class="layer-cta">${score}</div>${l4EvidenceBlock(l4)}`
@@ -22197,6 +22358,961 @@ details.audit-details .audit-filters { display: flex; gap: 6px; padding: 0 18px
 </html>`;
 }
 
+// src/policy-engine/constants.ts
+var COMPILED_POLICY_SCHEMA_VERSION = "0.1";
+var POLICY_UPDATE_EVENT_TYPE = "policy_update";
+var POLICY_SLOTS = [
+  "memory",
+  "credentials",
+  "plans",
+  "outputs"
+];
+function isPolicySlot(value) {
+  return typeof value === "string" && POLICY_SLOTS.includes(value);
+}
+var CHANNEL_TEMPLATE_IDS = [
+  "read-outputs-only",
+  "bidirectional-sync",
+  "credential-share-scoped",
+  "plan-inspect-read-only",
+  "escrow-handoff"
+];
+var BUDGET_UNITS = ["tokens", "usd"];
+
+// src/templates/registry.ts
+var TEMPLATE_NAMES = [
+  "research-assistant",
+  "coding-assistant",
+  "ops-runner",
+  "planner",
+  "handoff-coordinator",
+  "x-miner",
+  "github-miner"
+];
+function isTemplateName(value) {
+  return typeof value === "string" && TEMPLATE_NAMES.includes(value);
+}
+var TemplateValidationError = class extends Error {
+  constructor(templateName, message) {
+    super(`template "${templateName}": ${message}`);
+    this.name = "TemplateValidationError";
+  }
+};
+function validateMetadata(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "template.json must be an object");
+  }
+  const d = data;
+  if (typeof d.name !== "string" || d.name !== name) {
+    throw new TemplateValidationError(name, `template.json name must be "${name}"`);
+  }
+  if (typeof d.version !== "string" || !/^\d+\.\d+\.\d+$/.test(d.version)) {
+    throw new TemplateValidationError(name, "template.json version must be semver");
+  }
+  if (typeof d.channel !== "string" || !CHANNEL_TEMPLATE_IDS.includes(d.channel)) {
+    throw new TemplateValidationError(
+      name,
+      `template.json channel must be one of: ${CHANNEL_TEMPLATE_IDS.join(", ")}`
+    );
+  }
+  if (typeof d.tier !== "string" || !["A", "B", "C"].includes(d.tier)) {
+    throw new TemplateValidationError(name, "template.json tier must be A, B, or C");
+  }
+  if (typeof d.target_archetype !== "string" || d.target_archetype.length === 0) {
+    throw new TemplateValidationError(name, "template.json target_archetype must be a non-empty string");
+  }
+  if (typeof d.description !== "string" || d.description.length === 0) {
+    throw new TemplateValidationError(name, "template.json description must be a non-empty string");
+  }
+}
+function validateDefaults(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "defaults.json must be an object");
+  }
+  const d = data;
+  if (!Array.isArray(d.egress)) {
+    throw new TemplateValidationError(name, "defaults.json egress must be an array");
+  }
+  for (const entry of d.egress) {
+    if (typeof entry !== "object" || entry === null) {
+      throw new TemplateValidationError(name, "defaults.json egress entry must be an object");
+    }
+    const e = entry;
+    if (typeof e.destination !== "string" || e.destination.length === 0) {
+      throw new TemplateValidationError(name, "egress entry destination must be a non-empty string");
+    }
+    if (!Array.isArray(e.methods)) {
+      throw new TemplateValidationError(name, "egress entry methods must be an array");
+    }
+  }
+  if (typeof d.budgets !== "object" || d.budgets === null) {
+    throw new TemplateValidationError(name, "defaults.json budgets must be an object");
+  }
+  if (typeof d.retention !== "object" || d.retention === null) {
+    throw new TemplateValidationError(name, "defaults.json retention must be an object");
+  }
+  const ret = d.retention;
+  if (typeof ret.windows !== "object" || ret.windows === null) {
+    throw new TemplateValidationError(name, "defaults.json retention.windows must be an object");
+  }
+}
+function validateCommitments(name, data) {
+  if (typeof data !== "object" || data === null) {
+    throw new TemplateValidationError(name, "commitments.json must be an object");
+  }
+  const d = data;
+  if (!Array.isArray(d.shapes)) {
+    throw new TemplateValidationError(name, "commitments.json shapes must be an array");
+  }
+  for (const shape of d.shapes) {
+    if (typeof shape !== "object" || shape === null) {
+      throw new TemplateValidationError(name, "commitment shape must be an object");
+    }
+    const s = shape;
+    if (typeof s.commitment_class !== "string" || s.commitment_class.length === 0) {
+      throw new TemplateValidationError(name, "commitment shape commitment_class must be a non-empty string");
+    }
+    if (typeof s.example_deliverable !== "string") {
+      throw new TemplateValidationError(name, "commitment shape example_deliverable must be a string");
+    }
+    if (typeof s.example_deadline_or_terminal !== "string") {
+      throw new TemplateValidationError(name, "commitment shape example_deadline_or_terminal must be a string");
+    }
+  }
+}
+function lintOnboarding(_name, content) {
+  const violations = [];
+  if (content.includes("\u2014")) {
+    violations.push("onboarding.md contains em-dashes (U+2014). Replace with commas, semicolons, colons, or parentheses.");
+  }
+  if (content.includes("\u2013")) {
+    violations.push("onboarding.md contains en-dashes (U+2013). Replace with hyphens or other punctuation.");
+  }
+  return { clean: violations.length === 0, violations };
+}
+function resolveTemplatesDir() {
+  const thisFile = fileURLToPath(import.meta.url);
+  const thisDir = dirname(thisFile);
+  if (thisDir.includes("/dist/")) {
+    return thisDir.replace("/dist/templates", "/src/templates");
+  }
+  return thisDir;
+}
+function loadTemplateBundle(name, templatesDir) {
+  const dir = join(templatesDir, name);
+  if (!existsSync(dir) || !statSync(dir).isDirectory()) {
+    throw new TemplateValidationError(name, `template directory not found: ${dir}`);
+  }
+  const metadataRaw = JSON.parse(readFileSync(join(dir, "template.json"), "utf-8"));
+  validateMetadata(name, metadataRaw);
+  const policyEnglish = readFileSync(join(dir, "policy.md"), "utf-8").trim();
+  if (policyEnglish.length === 0) {
+    throw new TemplateValidationError(name, "policy.md must not be empty");
+  }
+  const defaultsRaw = JSON.parse(readFileSync(join(dir, "defaults.json"), "utf-8"));
+  validateDefaults(name, defaultsRaw);
+  const commitmentsRaw = JSON.parse(readFileSync(join(dir, "commitments.json"), "utf-8"));
+  validateCommitments(name, commitmentsRaw);
+  const onboarding = readFileSync(join(dir, "onboarding.md"), "utf-8").trim();
+  if (onboarding.length === 0) {
+    throw new TemplateValidationError(name, "onboarding.md must not be empty");
+  }
+  const lint = lintOnboarding(name, onboarding);
+  if (!lint.clean) {
+    throw new TemplateValidationError(name, lint.violations.join("; "));
+  }
+  return {
+    metadata: metadataRaw,
+    policy_english: policyEnglish,
+    defaults: defaultsRaw,
+    commitments: commitmentsRaw,
+    onboarding
+  };
+}
+var _cache = null;
+function ensureLoaded() {
+  if (_cache) return _cache;
+  _cache = /* @__PURE__ */ new Map();
+  const dir = resolveTemplatesDir();
+  for (const name of TEMPLATE_NAMES) {
+    _cache.set(name, loadTemplateBundle(name, dir));
+  }
+  return _cache;
+}
+function listTemplates() {
+  const cache = ensureLoaded();
+  return TEMPLATE_NAMES.map((name) => {
+    const bundle = cache.get(name);
+    return {
+      metadata: bundle.metadata,
+      onboarding: bundle.onboarding
+    };
+  });
+}
+function getTemplate2(name) {
+  if (!isTemplateName(name)) return null;
+  const cache = ensureLoaded();
+  return cache.get(name) ?? null;
+}
+function getTemplateEntry(name) {
+  const bundle = getTemplate2(name);
+  if (!bundle) return null;
+  return { metadata: bundle.metadata, onboarding: bundle.onboarding };
+}
+
+// src/policy-engine/null-policy.ts
+function buildNullPolicy(params) {
+  const denyRule = (slot) => ({
+    slot,
+    mode: "deny",
+    grants: []
+  });
+  return {
+    schema_version: "0.1",
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id,
+    policy_version: 0,
+    slots: {
+      memory: denyRule("memory"),
+      credentials: denyRule("credentials"),
+      plans: denyRule("plans"),
+      outputs: denyRule("outputs")
+    },
+    capabilities: {
+      concordia_commitment_classes: [],
+      honeypot_skill_ids: [],
+      is_sentinel: false
+    },
+    auto_trigger_ladder: {
+      honeypot_auto_freeze: true,
+      threshold_rule_action: "operator_approved",
+      ml_anomaly_action: "operator_approved"
+    },
+    source_english: "(null policy \u2014 no operator authoring yet; hermetic default denies all four slots)",
+    compiled_at: "1970-01-01T00:00:00.000Z"
+  };
+}
+
+// src/policy-engine/channel-templates.ts
+function basePolicy(params) {
+  if (params.merge_into) {
+    const p2 = {
+      ...params.merge_into,
+      policy_version: params.policy_version,
+      compiled_at: (/* @__PURE__ */ new Date()).toISOString(),
+      slots: {
+        memory: cloneRule(params.merge_into.slots.memory),
+        credentials: cloneRule(params.merge_into.slots.credentials),
+        plans: cloneRule(params.merge_into.slots.plans),
+        outputs: cloneRule(params.merge_into.slots.outputs)
+      },
+      capabilities: {
+        ...params.merge_into.capabilities,
+        concordia_commitment_classes: [
+          ...params.merge_into.capabilities.concordia_commitment_classes
+        ],
+        honeypot_skill_ids: [...params.merge_into.capabilities.honeypot_skill_ids]
+      },
+      auto_trigger_ladder: { ...params.merge_into.auto_trigger_ladder }
+    };
+    if (params.parent_version !== void 0) p2.parent_version = params.parent_version;
+    else delete p2.parent_version;
+    return p2;
+  }
+  const p = buildNullPolicy({
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id
+  });
+  p.policy_version = params.policy_version;
+  p.compiled_at = (/* @__PURE__ */ new Date()).toISOString();
+  if (params.parent_version !== void 0) p.parent_version = params.parent_version;
+  return p;
+}
+function cloneRule(r) {
+  return {
+    slot: r.slot,
+    mode: r.mode,
+    grants: r.grants.map((g) => ({ ...g, scope: g.scope ? { ...g.scope } : void 0 }))
+  };
+}
+function grantOn(policy, slot, grant) {
+  const rule = policy.slots[slot];
+  rule.mode = "grant";
+  const dup = rule.grants.find(
+    (g) => g.counterparty === grant.counterparty && g.action === grant.action
+  );
+  if (dup) {
+    if (grant.scope) {
+      dup.scope = { ...dup.scope ?? {}, ...grant.scope };
+    }
+    return;
+  }
+  rule.grants.push(grant);
+  rule.grants.sort((a, b) => {
+    if (a.counterparty === b.counterparty) return a.action.localeCompare(b.action);
+    return a.counterparty.localeCompare(b.counterparty);
+  });
+}
+var readOutputsOnly = (params) => {
+  const p = basePolicy(params);
+  p.source_english = `${params.counterparty} may read ${params.agent_id}'s outputs \u2014 read-only, no other access.`;
+  grantOn(p, "outputs", {
+    counterparty: params.counterparty,
+    action: "read",
+    ...params.scope ? { scope: { ...params.scope } } : {}
+  });
+  return p;
+};
+var bidirectionalSync = (params) => {
+  const p = basePolicy(params);
+  p.source_english = `Bidirectional sync between ${params.agent_id} and ${params.counterparty} on memory + outputs.`;
+  for (const slot of ["memory", "outputs"]) {
+    for (const action of ["read", "subscribe"]) {
+      grantOn(p, slot, {
+        counterparty: params.counterparty,
+        action,
+        ...params.scope ? { scope: { ...params.scope } } : {}
+      });
+    }
+  }
+  return p;
+};
+var credentialShareScoped = (params) => {
+  const p = basePolicy(params);
+  const credentialId = (params.scope && typeof params.scope.credential_id === "string" ? params.scope.credential_id : void 0) ?? "(unspecified)";
+  p.source_english = `${params.agent_id} may share credential "${credentialId}" with ${params.counterparty}; no other credential access.`;
+  grantOn(p, "credentials", {
+    counterparty: params.counterparty,
+    action: "share",
+    scope: {
+      credential_id: credentialId,
+      ...params.scope ?? {}
+    }
+  });
+  return p;
+};
+var planInspectReadOnly = (params) => {
+  const p = basePolicy(params);
+  p.source_english = `${params.counterparty} may read-only inspect ${params.agent_id}'s plans.`;
+  grantOn(p, "plans", {
+    counterparty: params.counterparty,
+    action: "read",
+    ...params.scope ? { scope: { ...params.scope } } : {}
+  });
+  return p;
+};
+var escrowHandoff = (params) => {
+  const p = basePolicy(params);
+  p.source_english = `${params.agent_id} may escrow-handoff outputs and plan-read to ${params.counterparty}. Commitment class: intra-mesh-escrow.`;
+  grantOn(p, "plans", {
+    counterparty: params.counterparty,
+    action: "read",
+    ...params.scope ? { scope: { ...params.scope } } : {}
+  });
+  for (const action of ["read", "subscribe"]) {
+    grantOn(p, "outputs", {
+      counterparty: params.counterparty,
+      action,
+      ...params.scope ? { scope: { ...params.scope } } : {}
+    });
+  }
+  const cls = "intra-mesh-escrow";
+  if (!p.capabilities.concordia_commitment_classes.includes(cls)) {
+    p.capabilities.concordia_commitment_classes.push(cls);
+    p.capabilities.concordia_commitment_classes.sort();
+  }
+  return p;
+};
+var REGISTRY = {
+  "read-outputs-only": {
+    id: "read-outputs-only",
+    label: "Read outputs only",
+    description: "Counterparty may read this agent's outputs. No memory, credentials, or plans access.",
+    factory: readOutputsOnly
+  },
+  "bidirectional-sync": {
+    id: "bidirectional-sync",
+    label: "Bidirectional memory + output sync",
+    description: "Both agents may read and subscribe to each other's memory and outputs. Credentials and plans remain hermetic.",
+    factory: bidirectionalSync
+  },
+  "credential-share-scoped": {
+    id: "credential-share-scoped",
+    label: "Scoped credential share",
+    description: "Share one specific credential with counterparty. Requires scope.credential_id. No broad credential access.",
+    factory: credentialShareScoped
+  },
+  "plan-inspect-read-only": {
+    id: "plan-inspect-read-only",
+    label: "Plan inspect (read-only)",
+    description: "Counterparty may read-only inspect this agent's plans. Intended for supervisor / sentinel patterns.",
+    factory: planInspectReadOnly
+  },
+  "escrow-handoff": {
+    id: "escrow-handoff",
+    label: "Escrow handoff",
+    description: "Escrow-style handoff. Counterparty reads plan, reads + subscribes to outputs, and the intra-mesh-escrow commitment class is declared. Memory and credentials remain hermetic.",
+    factory: escrowHandoff
+  }
+};
+function applyChannelTemplate(id, params) {
+  const entry = REGISTRY[id];
+  if (!entry) {
+    throw new Error(`unknown channel template: ${id}`);
+  }
+  return entry.factory(params);
+}
+
+// src/mesh/errors.ts
+var MeshError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "MeshError";
+  }
+};
+var MeshEnvelopeError = class extends MeshError {
+  constructor(message) {
+    super(message);
+    this.name = "MeshEnvelopeError";
+  }
+};
+var MeshReservedExtensionKeyError = class extends MeshEnvelopeError {
+  constructor(key) {
+    super(
+      `v0.1 emitters MUST NOT populate reserved extension_envelope key: ${key}`
+    );
+    this.name = "MeshReservedExtensionKeyError";
+  }
+};
+var MeshReservedEventTypeError = class extends MeshEnvelopeError {
+  constructor(eventType) {
+    super(
+      `v0.1 emitters MUST NOT emit reserved-namespace event_type: ${eventType}`
+    );
+    this.name = "MeshReservedEventTypeError";
+  }
+};
+
+// src/mesh/canonical-json.ts
+var MeshCanonicalJsonError = class extends MeshError {
+  constructor(message) {
+    super(message);
+    this.name = "MeshCanonicalJsonError";
+  }
+};
+function canonicalize2(value) {
+  if (value === void 0) {
+    throw new MeshCanonicalJsonError(
+      "canonicalize(): top-level undefined is not serializable"
+    );
+  }
+  return encode(value);
+}
+function encode(value) {
+  if (value === null) return "null";
+  if (typeof value === "boolean") return value ? "true" : "false";
+  if (typeof value === "number") {
+    if (!Number.isFinite(value)) {
+      throw new MeshCanonicalJsonError(
+        `canonicalize(): non-finite number (${String(value)}) is not serializable`
+      );
+    }
+    return JSON.stringify(value);
+  }
+  if (typeof value === "string") return JSON.stringify(value);
+  if (Array.isArray(value)) return encodeArray(value);
+  if (typeof value === "object") return encodeObject(value);
+  throw new MeshCanonicalJsonError(
+    `canonicalize(): unsupported type ${typeof value}`
+  );
+}
+function encodeArray(arr) {
+  const parts = [];
+  for (const item of arr) {
+    parts.push(item === void 0 ? "null" : encode(item));
+  }
+  return "[" + parts.join(",") + "]";
+}
+function encodeObject(obj) {
+  const keys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
+  const parts = [];
+  for (const k of keys) {
+    parts.push(JSON.stringify(k) + ":" + encode(obj[k]));
+  }
+  return "{" + parts.join(",") + "}";
+}
+function canonicalizeToBytes(value) {
+  return new TextEncoder().encode(canonicalize2(value));
+}
+
+// src/policy-engine/canonical-policy.ts
+init_encoding();
+
+// src/policy-engine/errors.ts
+var PolicyEngineError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "PolicyEngineError";
+  }
+};
+var CompiledPolicyShapeError = class extends PolicyEngineError {
+  constructor(message) {
+    super(message);
+    this.name = "CompiledPolicyShapeError";
+  }
+};
+
+// src/policy-engine/canonical-policy.ts
+function checkSlotGrant(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path}: grant must be an object`);
+  }
+  const g = value;
+  if (typeof g.counterparty !== "string" || g.counterparty.length === 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}.counterparty must be a non-empty string`
+    );
+  }
+  if (typeof g.action !== "string" || g.action.length === 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}.action must be a non-empty string`
+    );
+  }
+  if (g.scope !== void 0) {
+    if (typeof g.scope !== "object" || g.scope === null || Array.isArray(g.scope)) {
+      throw new CompiledPolicyShapeError(
+        `${path}.scope must be an object when present`
+      );
+    }
+  }
+  if (g.max_uses_per_day !== void 0) {
+    if (typeof g.max_uses_per_day !== "number" || !Number.isInteger(g.max_uses_per_day) || g.max_uses_per_day < 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.max_uses_per_day must be a non-negative integer when present`
+      );
+    }
+  }
+}
+function checkSlotRule(slot, value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path}: slot rule must be an object`);
+  }
+  const r = value;
+  if (r.slot !== slot) {
+    throw new CompiledPolicyShapeError(
+      `${path}.slot expected ${slot}, got ${String(r.slot)}`
+    );
+  }
+  if (r.mode !== "deny" && r.mode !== "grant") {
+    throw new CompiledPolicyShapeError(
+      `${path}.mode must be "deny" or "grant"`
+    );
+  }
+  if (!Array.isArray(r.grants)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.grants must be an array (possibly empty)`
+    );
+  }
+  if (r.mode === "deny" && r.grants.length > 0) {
+    throw new CompiledPolicyShapeError(
+      `${path}: deny-mode slot rule must carry zero grants`
+    );
+  }
+  r.grants.forEach((g, i) => checkSlotGrant(g, `${path}.grants[${i}]`));
+}
+function validateCompiledPolicyShape(candidate) {
+  if (typeof candidate !== "object" || candidate === null) {
+    throw new CompiledPolicyShapeError("compiled policy must be an object");
+  }
+  const p = candidate;
+  if (p.schema_version !== COMPILED_POLICY_SCHEMA_VERSION) {
+    throw new CompiledPolicyShapeError(
+      `schema_version ${String(p.schema_version)} not supported at v0.1 (expected "${COMPILED_POLICY_SCHEMA_VERSION}")`
+    );
+  }
+  if (typeof p.agent_id !== "string" || p.agent_id.length === 0) {
+    throw new CompiledPolicyShapeError("agent_id must be a non-empty string");
+  }
+  if (typeof p.fortress_id !== "string" || p.fortress_id.length === 0) {
+    throw new CompiledPolicyShapeError(
+      "fortress_id must be a non-empty string"
+    );
+  }
+  if (typeof p.policy_version !== "number" || !Number.isInteger(p.policy_version) || p.policy_version < 0) {
+    throw new CompiledPolicyShapeError(
+      "policy_version must be a non-negative integer"
+    );
+  }
+  if (p.parent_version !== void 0 && (typeof p.parent_version !== "number" || !Number.isInteger(p.parent_version) || p.parent_version < 0)) {
+    throw new CompiledPolicyShapeError(
+      "parent_version must be a non-negative integer when present"
+    );
+  }
+  if (typeof p.slots !== "object" || p.slots === null) {
+    throw new CompiledPolicyShapeError("slots must be an object");
+  }
+  const slots = p.slots;
+  const slotKeys = Object.keys(slots).sort();
+  const expectedSlotKeys = [...POLICY_SLOTS].sort();
+  if (slotKeys.length !== expectedSlotKeys.length || !slotKeys.every((k, i) => k === expectedSlotKeys[i])) {
+    throw new CompiledPolicyShapeError(
+      `slots must contain exactly ${expectedSlotKeys.join(", ")}; got ${slotKeys.join(", ") || "(none)"}`
+    );
+  }
+  for (const slot of POLICY_SLOTS) {
+    checkSlotRule(slot, slots[slot], `slots.${slot}`);
+  }
+  if (typeof p.capabilities !== "object" || p.capabilities === null) {
+    throw new CompiledPolicyShapeError("capabilities must be an object");
+  }
+  const caps = p.capabilities;
+  if (!Array.isArray(caps.concordia_commitment_classes) || !caps.concordia_commitment_classes.every((c) => typeof c === "string")) {
+    throw new CompiledPolicyShapeError(
+      "capabilities.concordia_commitment_classes must be a string[]"
+    );
+  }
+  if (!Array.isArray(caps.honeypot_skill_ids) || !caps.honeypot_skill_ids.every((c) => typeof c === "string")) {
+    throw new CompiledPolicyShapeError(
+      "capabilities.honeypot_skill_ids must be a string[]"
+    );
+  }
+  if (typeof caps.is_sentinel !== "boolean") {
+    throw new CompiledPolicyShapeError(
+      "capabilities.is_sentinel must be boolean"
+    );
+  }
+  if (typeof p.auto_trigger_ladder !== "object" || p.auto_trigger_ladder === null) {
+    throw new CompiledPolicyShapeError(
+      "auto_trigger_ladder must be an object"
+    );
+  }
+  const lad = p.auto_trigger_ladder;
+  if (typeof lad.honeypot_auto_freeze !== "boolean") {
+    throw new CompiledPolicyShapeError(
+      "auto_trigger_ladder.honeypot_auto_freeze must be boolean"
+    );
+  }
+  if (lad.threshold_rule_action !== "operator_approved" && lad.threshold_rule_action !== "auto") {
+    throw new CompiledPolicyShapeError(
+      'auto_trigger_ladder.threshold_rule_action must be "operator_approved" or "auto"'
+    );
+  }
+  if (lad.ml_anomaly_action !== "operator_approved" && lad.ml_anomaly_action !== "auto") {
+    throw new CompiledPolicyShapeError(
+      'auto_trigger_ladder.ml_anomaly_action must be "operator_approved" or "auto"'
+    );
+  }
+  if (typeof p.source_english !== "string") {
+    throw new CompiledPolicyShapeError("source_english must be a string");
+  }
+  if (typeof p.compiled_at !== "string" || Number.isNaN(Date.parse(p.compiled_at))) {
+    throw new CompiledPolicyShapeError(
+      "compiled_at must be an ISO8601 timestamp string"
+    );
+  }
+  for (const key of slotKeys) {
+    if (!isPolicySlot(key)) {
+      throw new CompiledPolicyShapeError(
+        `slots.${key} is not a recognized policy slot`
+      );
+    }
+  }
+  if (p.egress !== void 0) {
+    checkEgressPolicy(p.egress, "egress");
+  }
+  if (p.budgets !== void 0) {
+    checkBudgetPolicy(p.budgets, "budgets");
+  }
+  if (p.retention !== void 0) {
+    checkRetentionPolicy(p.retention, "retention");
+  }
+}
+function checkEgressPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const eg = value;
+  if (!Array.isArray(eg.allowlist)) {
+    throw new CompiledPolicyShapeError(`${path}.allowlist must be an array`);
+  }
+  for (let i = 0; i < eg.allowlist.length; i++) {
+    const rule = eg.allowlist[i];
+    if (typeof rule !== "object" || rule === null) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}] must be an object`
+      );
+    }
+    const r = rule;
+    if (typeof r.destination !== "string" || r.destination.length === 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}].destination must be a non-empty string`
+      );
+    }
+    if (!Array.isArray(r.methods) || !r.methods.every((m) => typeof m === "string")) {
+      throw new CompiledPolicyShapeError(
+        `${path}.allowlist[${i}].methods must be a string[]`
+      );
+    }
+  }
+}
+function checkBudgetLimit(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const lim = value;
+  if (typeof lim.amount !== "number" || lim.amount <= 0 || !Number.isFinite(lim.amount)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.amount must be a positive finite number`
+    );
+  }
+  if (!BUDGET_UNITS.includes(lim.unit)) {
+    throw new CompiledPolicyShapeError(
+      `${path}.unit must be one of: ${BUDGET_UNITS.join(", ")}`
+    );
+  }
+  if (lim.soft_warn_threshold !== void 0) {
+    if (typeof lim.soft_warn_threshold !== "number" || lim.soft_warn_threshold <= 0 || lim.soft_warn_threshold >= 1) {
+      throw new CompiledPolicyShapeError(
+        `${path}.soft_warn_threshold must be in (0, 1) when present`
+      );
+    }
+  }
+}
+function checkBudgetPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const bp = value;
+  if (bp.daily !== void 0) checkBudgetLimit(bp.daily, `${path}.daily`);
+  if (bp.monthly !== void 0) checkBudgetLimit(bp.monthly, `${path}.monthly`);
+  if (bp.daily === void 0 && bp.monthly === void 0) {
+    throw new CompiledPolicyShapeError(
+      `${path} must have at least one of daily or monthly`
+    );
+  }
+}
+function checkRetentionPolicy(value, path) {
+  if (typeof value !== "object" || value === null) {
+    throw new CompiledPolicyShapeError(`${path} must be an object`);
+  }
+  const rp = value;
+  if (typeof rp.windows !== "object" || rp.windows === null) {
+    throw new CompiledPolicyShapeError(`${path}.windows must be an object`);
+  }
+  const wins = rp.windows;
+  for (const key of Object.keys(wins)) {
+    if (!isPolicySlot(key)) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key} is not a recognized policy slot`
+      );
+    }
+    const w = wins[key];
+    if (typeof w !== "object" || w === null) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key} must be an object`
+      );
+    }
+    const win = w;
+    if (typeof win.max_age_seconds !== "number" || !Number.isInteger(win.max_age_seconds) || win.max_age_seconds <= 0) {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key}.max_age_seconds must be a positive integer`
+      );
+    }
+    if (win.archive !== void 0 && typeof win.archive !== "boolean") {
+      throw new CompiledPolicyShapeError(
+        `${path}.windows.${key}.archive must be boolean when present`
+      );
+    }
+  }
+}
+function encodePolicyBlob(policy) {
+  validateCompiledPolicyShape(policy);
+  return toBase64url(canonicalizeToBytes(policy));
+}
+
+// src/mesh/envelope.ts
+init_encoding();
+init_random();
+
+// src/mesh/constants.ts
+var PROTOCOL_VERSION = "0.1";
+var RESERVED_EVENT_TYPE_PREFIXES = [
+  "EXTENSION_",
+  "cross_fortress_",
+  "multi_master_"
+];
+function isReservedEventType(s) {
+  return RESERVED_EVENT_TYPE_PREFIXES.some((p) => s.startsWith(p));
+}
+var RESERVED_EXTENSION_ENVELOPE_KEYS = [
+  "cross_fortress_read_grant",
+  "cross_fortress_read_query",
+  "cross_fortress_read_response",
+  "multi_master_policy_merge",
+  "audit_replication_full_n_way",
+  "auto_promote_canonical_audit",
+  "agent_live_migration"
+];
+function isReservedExtensionKey(k) {
+  return RESERVED_EXTENSION_ENVELOPE_KEYS.includes(k);
+}
+
+// src/mesh/trust-root.ts
+init_encoding();
+init_identity();
+init_random();
+
+// src/mesh/envelope.ts
+function packSignedEvent(params) {
+  if (isReservedEventType(params.event_type)) {
+    throw new MeshReservedEventTypeError(params.event_type);
+  }
+  const ext = params.extension_envelope ?? {};
+  for (const key of Object.keys(ext)) {
+    if (isReservedExtensionKey(key)) {
+      throw new MeshReservedExtensionKeyError(key);
+    }
+  }
+  const payloadBytes = canonicalizeToBytes(params.payload);
+  const payload_hash = toBase64url(sha256(payloadBytes));
+  const body = {
+    protocol_version: PROTOCOL_VERSION,
+    event_type: params.event_type,
+    event_id: generateEventId(),
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    fortress_id: params.fortress_id,
+    causal_parents: params.causal_parents ?? [],
+    payload: params.payload,
+    payload_hash,
+    emitted_at: (/* @__PURE__ */ new Date()).toISOString(),
+    monotonic_seq: params.monotonic_seq,
+    extension_envelope: ext
+  };
+  const bytesToSign = canonicalizeToBytes(body);
+  const nodeSig = ed25519.sign(bytesToSign, params.node_private_key);
+  const evt = {
+    ...body,
+    node_signature: toBase64url(nodeSig)
+  };
+  if (params.principal_private_key) {
+    const principalSig = ed25519.sign(bytesToSign, params.principal_private_key);
+    evt.principal_signature = toBase64url(principalSig);
+  }
+  return evt;
+}
+function generateEventId() {
+  const bytes = randomBytes(16);
+  let hex = "";
+  for (const b of bytes) hex += b.toString(16).padStart(2, "0");
+  return hex;
+}
+
+// src/policy-engine/envelope.ts
+function packPolicyUpdate(params) {
+  validateCompiledPolicyShape(params.policy);
+  const blob = encodePolicyBlob(params.policy);
+  const payload = {
+    agent_id: params.policy.agent_id,
+    policy_version: params.policy.policy_version,
+    policy_blob: blob,
+    ...params.policy.parent_version !== void 0 ? { parent_version: params.policy.parent_version } : {}
+  };
+  return packSignedEvent({
+    event_type: POLICY_UPDATE_EVENT_TYPE,
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    fortress_id: params.policy.fortress_id,
+    causal_parents: params.causal_parents,
+    payload,
+    monotonic_seq: params.monotonic_seq,
+    node_private_key: params.node_private_key,
+    principal_private_key: params.principal_private_key
+  });
+}
+
+// src/templates/init.ts
+function deterministicCompiledAt(version) {
+  const [major, minor, patch] = version.split(".").map(Number);
+  const epoch = /* @__PURE__ */ new Date("2026-01-01T00:00:00.000Z");
+  epoch.setUTCDate(epoch.getUTCDate() + (major - 1) * 365 + minor * 30 + patch);
+  return epoch.toISOString();
+}
+function buildCompiledPolicyFromTemplate(bundle, params) {
+  const policy = applyChannelTemplate(
+    bundle.metadata.channel,
+    {
+      agent_id: params.agent_id,
+      counterparty: params.counterparty,
+      fortress_id: params.fortress_id,
+      policy_version: params.policy_version
+    }
+  );
+  policy.compiled_at = deterministicCompiledAt(bundle.metadata.version);
+  policy.source_english = bundle.policy_english;
+  if (bundle.defaults.egress.length > 0) {
+    const egress = {
+      allowlist: bundle.defaults.egress.map((e) => ({
+        destination: e.destination,
+        methods: [...e.methods]
+      }))
+    };
+    policy.egress = egress;
+  }
+  const budgets = {};
+  if (bundle.defaults.budgets.daily) {
+    budgets.daily = { ...bundle.defaults.budgets.daily };
+  }
+  if (bundle.defaults.budgets.monthly) {
+    budgets.monthly = { ...bundle.defaults.budgets.monthly };
+  }
+  if (budgets.daily || budgets.monthly) {
+    policy.budgets = budgets;
+  }
+  const windows = bundle.defaults.retention.windows;
+  if (Object.keys(windows).length > 0) {
+    const retention = {
+      windows: {}
+    };
+    for (const [slot, win] of Object.entries(windows)) {
+      if (win) {
+        retention.windows[slot] = { ...win };
+      }
+    }
+    policy.retention = retention;
+  }
+  const classes = bundle.commitments.shapes.map((s) => s.commitment_class);
+  for (const cls of classes) {
+    if (!policy.capabilities.concordia_commitment_classes.includes(cls)) {
+      policy.capabilities.concordia_commitment_classes.push(cls);
+    }
+  }
+  policy.capabilities.concordia_commitment_classes.sort();
+  validateCompiledPolicyShape(policy);
+  return policy;
+}
+function initTemplate(params) {
+  const bundle = getTemplate2(params.template_name);
+  if (!bundle) {
+    throw new Error(`unknown template: ${params.template_name}`);
+  }
+  const compiled = buildCompiledPolicyFromTemplate(bundle, {
+    agent_id: params.agent_id,
+    fortress_id: params.fortress_id,
+    counterparty: params.counterparty ?? "*",
+    policy_version: params.policy_version ?? 1
+  });
+  const signed_event = packPolicyUpdate({
+    policy: compiled,
+    emitter_node: params.emitter_node,
+    emitter_principal: params.emitter_principal,
+    monotonic_seq: params.monotonic_seq,
+    node_private_key: params.node_private_key,
+    principal_private_key: params.principal_private_key
+  });
+  return { compiled, signed_event, bundle };
+}
+
 // src/dashboard/api.ts
 function constantTimeEquals(a, b) {
   if (a.length !== b.length) return false;
@@ -22227,6 +23343,22 @@ function writeJSON(res, status, payload) {
   });
   res.end(JSON.stringify(payload));
 }
+async function readJSONBody(req) {
+  const chunks = [];
+  let size = 0;
+  const MAX = 256 * 1024;
+  for await (const chunk of req) {
+    size += chunk.length;
+    if (size > MAX) throw new Error("request body too large");
+    chunks.push(chunk);
+  }
+  const body = Buffer.concat(chunks).toString("utf-8");
+  if (!body) return {};
+  return JSON.parse(body);
+}
+function generateEphemeralKey() {
+  return new Uint8Array(randomBytes$1(32));
+}
 function writeText(res, status, body, contentType = "text/plain") {
   res.writeHead(status, {
     "Content-Type": contentType,
@@ -22279,6 +23411,90 @@ async function handleRequest(deps, req, res) {
     await handleStream(deps, res);
     return true;
   }
+  if (method === "GET" && path === "/api/templates") {
+    try {
+      const templates = listTemplates();
+      writeJSON(res, 200, { templates });
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_load_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
+  const templateMatch = /^\/api\/templates\/([^/]+)$/.exec(path);
+  if (method === "GET" && templateMatch) {
+    const name = decodeURIComponent(templateMatch[1]);
+    try {
+      const entry = getTemplateEntry(name);
+      if (!entry) {
+        writeJSON(res, 404, { error: "template_not_found", name });
+        return true;
+      }
+      writeJSON(res, 200, entry);
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_load_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
+  const initMatch = /^\/api\/templates\/([^/]+)\/init$/.exec(path);
+  if (method === "POST" && initMatch) {
+    const name = decodeURIComponent(initMatch[1]);
+    try {
+      const bundle = getTemplate2(name);
+      if (!bundle) {
+        writeJSON(res, 404, { error: "template_not_found", name });
+        return true;
+      }
+      const body = await readJSONBody(req);
+      if (!body.agent_name || typeof body.agent_name !== "string") {
+        writeJSON(res, 400, {
+          error: "validation_error",
+          message: "agent_name is required and must be a string"
+        });
+        return true;
+      }
+      if (!/^[a-zA-Z0-9_-]+$/.test(body.agent_name)) {
+        writeJSON(res, 400, {
+          error: "validation_error",
+          message: "agent_name must contain only alphanumeric characters, hyphens, and underscores"
+        });
+        return true;
+      }
+      const nodeId = deps.nodeId ?? "dashboard-node";
+      const nodePrivateKey = deps.nodePrivateKey ?? generateEphemeralKey();
+      const principalId = deps.principalId ?? "dashboard-principal";
+      const fortressId = deps.fortressId ?? "default";
+      const result = initTemplate({
+        template_name: name,
+        agent_id: body.agent_name,
+        fortress_id: fortressId,
+        counterparty: "*",
+        policy_version: 1,
+        emitter_node: nodeId,
+        emitter_principal: principalId,
+        monotonic_seq: 1,
+        node_private_key: nodePrivateKey
+      });
+      writeJSON(res, 200, {
+        agent_id: body.agent_name,
+        signed_event_id: result.signed_event.event_id,
+        policy_version: result.compiled.policy_version,
+        template_name: name,
+        attestation_panel_url: `/console#agent_roster`
+      });
+    } catch (err) {
+      writeJSON(res, 500, {
+        error: "template_init_failed",
+        message: err.message
+      });
+    }
+    return true;
+  }
   return false;
 }
 async function handleStream(deps, res) {