@sanctuary-framework/mcp-server 0.2.0 → 0.3.0

package/dist/cli.js

@@ -5,13 +5,16 @@ import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'
 import { mkdir, readFile, writeFile, stat, unlink, readdir, chmod } from 'fs/promises';
 import { join } from 'path';
 import { homedir } from 'os';
-import { randomBytes as randomBytes$1 } from 'crypto';
+import { randomBytes as randomBytes$1, createHmac } from 'crypto';
 import { gcm } from '@noble/ciphers/aes.js';
-import { ed25519 } from '@noble/curves/ed25519';
+import { RistrettoPoint, ed25519 } from '@noble/curves/ed25519';
 import { argon2id } from 'hash-wasm';
 import { hkdf } from '@noble/hashes/hkdf';
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { createServer as createServer$2 } from 'http';
+import { createServer as createServer$1 } from 'https';
+import { readFileSync } from 'fs';
 
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -203,7 +206,7 @@ var init_hashing = __esm({
 });
 function defaultConfig() {
   return {
-    version: "0.2.0",
+    version: "0.3.0",
     storage_path: join(homedir(), ".sanctuary"),
     state: {
       encryption: "aes-256-gcm",
@@ -232,7 +235,19 @@ function defaultConfig() {
       service_endpoints: []
     },
     transport: "stdio",
-    http_port: 3500
+    http_port: 3500,
+    dashboard: {
+      enabled: false,
+      port: 3501,
+      host: "127.0.0.1"
+    },
+    webhook: {
+      enabled: false,
+      url: "",
+      secret: "",
+      callback_port: 3502,
+      callback_host: "127.0.0.1"
+    }
   };
 }
 async function loadConfig(configPath) {
@@ -246,6 +261,39 @@ async function loadConfig(configPath) {
   if (process.env.SANCTUARY_HTTP_PORT) {
     config.http_port = parseInt(process.env.SANCTUARY_HTTP_PORT, 10);
   }
+  if (process.env.SANCTUARY_DASHBOARD_ENABLED === "true") {
+    config.dashboard.enabled = true;
+  }
+  if (process.env.SANCTUARY_DASHBOARD_PORT) {
+    config.dashboard.port = parseInt(process.env.SANCTUARY_DASHBOARD_PORT, 10);
+  }
+  if (process.env.SANCTUARY_DASHBOARD_HOST) {
+    config.dashboard.host = process.env.SANCTUARY_DASHBOARD_HOST;
+  }
+  if (process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN) {
+    config.dashboard.auth_token = process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN;
+  }
+  if (process.env.SANCTUARY_DASHBOARD_TLS_CERT && process.env.SANCTUARY_DASHBOARD_TLS_KEY) {
+    config.dashboard.tls = {
+      cert_path: process.env.SANCTUARY_DASHBOARD_TLS_CERT,
+      key_path: process.env.SANCTUARY_DASHBOARD_TLS_KEY
+    };
+  }
+  if (process.env.SANCTUARY_WEBHOOK_ENABLED === "true") {
+    config.webhook.enabled = true;
+  }
+  if (process.env.SANCTUARY_WEBHOOK_URL) {
+    config.webhook.url = process.env.SANCTUARY_WEBHOOK_URL;
+  }
+  if (process.env.SANCTUARY_WEBHOOK_SECRET) {
+    config.webhook.secret = process.env.SANCTUARY_WEBHOOK_SECRET;
+  }
+  if (process.env.SANCTUARY_WEBHOOK_CALLBACK_PORT) {
+    config.webhook.callback_port = parseInt(process.env.SANCTUARY_WEBHOOK_CALLBACK_PORT, 10);
+  }
+  if (process.env.SANCTUARY_WEBHOOK_CALLBACK_HOST) {
+    config.webhook.callback_host = process.env.SANCTUARY_WEBHOOK_CALLBACK_HOST;
+  }
   const path = configPath ?? join(config.storage_path, "sanctuary.json");
   try {
     const raw = await readFile(path, "utf-8");
@@ -1011,7 +1059,7 @@ function createServer(tools, options) {
   const server = new Server(
     {
       name: "sanctuary-mcp-server",
-      version: "0.2.0"
+      version: "0.3.0"
     },
     {
       capabilities: {
@@ -1885,6 +1933,267 @@ var PolicyStore = class {
     );
   }
 };
+init_encoding();
+var G = RistrettoPoint.BASE;
+var H_INPUT = concatBytes(
+  sha256(stringToBytes("sanctuary-pedersen-generator-H-v1-a")),
+  sha256(stringToBytes("sanctuary-pedersen-generator-H-v1-b"))
+);
+var H = RistrettoPoint.hashToCurve(H_INPUT);
+function bigintToBytes(n) {
+  const hex = n.toString(16).padStart(64, "0");
+  const bytes = new Uint8Array(32);
+  for (let i = 0; i < 32; i++) {
+    bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+function bytesToBigint(bytes) {
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return BigInt("0x" + hex);
+}
+var ORDER = BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989");
+function mod(n) {
+  return (n % ORDER + ORDER) % ORDER;
+}
+function safeMultiply(point, scalar) {
+  const s = mod(scalar);
+  if (s === 0n) return RistrettoPoint.ZERO;
+  return point.multiply(s);
+}
+function randomScalar() {
+  const bytes = randomBytes(64);
+  return mod(bytesToBigint(bytes));
+}
+function fiatShamirChallenge(domain, ...points) {
+  const domainBytes = stringToBytes(domain);
+  const combined = concatBytes(domainBytes, ...points);
+  const hash2 = sha256(combined);
+  return mod(bytesToBigint(hash2));
+}
+function createPedersenCommitment(value) {
+  const v = mod(BigInt(value));
+  const b = randomScalar();
+  const C = safeMultiply(G, v).add(safeMultiply(H, b));
+  return {
+    commitment: toBase64url(C.toRawBytes()),
+    blinding_factor: toBase64url(bigintToBytes(b)),
+    committed_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function verifyPedersenCommitment(commitment, value, blindingFactor) {
+  try {
+    const C = RistrettoPoint.fromHex(fromBase64url(commitment));
+    const v = mod(BigInt(value));
+    const b = bytesToBigint(fromBase64url(blindingFactor));
+    const expected = safeMultiply(G, v).add(safeMultiply(H, b));
+    return C.equals(expected);
+  } catch {
+    return false;
+  }
+}
+function createProofOfKnowledge(value, blindingFactor, commitment) {
+  const v = mod(BigInt(value));
+  const b = bytesToBigint(fromBase64url(blindingFactor));
+  const r_v = randomScalar();
+  const r_b = randomScalar();
+  const R = safeMultiply(G, r_v).add(safeMultiply(H, r_b));
+  const C_bytes = fromBase64url(commitment);
+  const R_bytes = R.toRawBytes();
+  const e = fiatShamirChallenge("sanctuary-zk-pok-v1", C_bytes, R_bytes);
+  const s_v = mod(r_v + e * v);
+  const s_b = mod(r_b + e * b);
+  return {
+    type: "schnorr-pedersen-ristretto255",
+    commitment,
+    announcement: toBase64url(R_bytes),
+    response_v: toBase64url(bigintToBytes(s_v)),
+    response_b: toBase64url(bigintToBytes(s_b)),
+    generated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function verifyProofOfKnowledge(proof) {
+  try {
+    const C = RistrettoPoint.fromHex(fromBase64url(proof.commitment));
+    const R = RistrettoPoint.fromHex(fromBase64url(proof.announcement));
+    const s_v = bytesToBigint(fromBase64url(proof.response_v));
+    const s_b = bytesToBigint(fromBase64url(proof.response_b));
+    const e = fiatShamirChallenge(
+      "sanctuary-zk-pok-v1",
+      fromBase64url(proof.commitment),
+      fromBase64url(proof.announcement)
+    );
+    const lhs = safeMultiply(G, s_v).add(safeMultiply(H, s_b));
+    const rhs = R.add(safeMultiply(C, e));
+    return lhs.equals(rhs);
+  } catch {
+    return false;
+  }
+}
+function createRangeProof(value, blindingFactor, commitment, min, max) {
+  if (value < min || value > max) {
+    return { error: `Value ${value} is not in range [${min}, ${max}]` };
+  }
+  const range = max - min;
+  const numBits = Math.ceil(Math.log2(range + 1));
+  const shifted = value - min;
+  const b = bytesToBigint(fromBase64url(blindingFactor));
+  const bits = [];
+  for (let i = 0; i < numBits; i++) {
+    bits.push(shifted >> i & 1);
+  }
+  const bitBlindings = [];
+  const bitCommitments = [];
+  const bitProofs = [];
+  for (let i = 0; i < numBits; i++) {
+    const bit_b = randomScalar();
+    bitBlindings.push(bit_b);
+    const C_i = safeMultiply(G, mod(BigInt(bits[i]))).add(safeMultiply(H, bit_b));
+    bitCommitments.push(toBase64url(C_i.toRawBytes()));
+    const bitProof = createBitProof(bits[i], bit_b, C_i);
+    bitProofs.push(bitProof);
+  }
+  const sumBlinding = bitBlindings.reduce(
+    (acc, bi, i) => mod(acc + mod(BigInt(1 << i)) * bi),
+    0n
+  );
+  const blindingDiff = mod(b - sumBlinding);
+  const r_sum = randomScalar();
+  const R_sum = safeMultiply(H, r_sum);
+  const e_sum = fiatShamirChallenge(
+    "sanctuary-zk-range-sum-v1",
+    fromBase64url(commitment),
+    R_sum.toRawBytes()
+  );
+  const s_sum = mod(r_sum + e_sum * blindingDiff);
+  return {
+    type: "range-pedersen-ristretto255",
+    commitment,
+    min,
+    max,
+    bit_commitments: bitCommitments,
+    bit_proofs: bitProofs,
+    sum_proof: {
+      announcement: toBase64url(R_sum.toRawBytes()),
+      response: toBase64url(bigintToBytes(s_sum))
+    },
+    generated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function verifyRangeProof(proof) {
+  try {
+    const C = RistrettoPoint.fromHex(fromBase64url(proof.commitment));
+    const range = proof.max - proof.min;
+    const numBits = Math.ceil(Math.log2(range + 1));
+    if (proof.bit_commitments.length !== numBits) return false;
+    if (proof.bit_proofs.length !== numBits) return false;
+    for (let i = 0; i < numBits; i++) {
+      const C_i = RistrettoPoint.fromHex(fromBase64url(proof.bit_commitments[i]));
+      if (!verifyBitProof(proof.bit_proofs[i], C_i)) {
+        return false;
+      }
+    }
+    let reconstructed = RistrettoPoint.ZERO;
+    for (let i = 0; i < numBits; i++) {
+      const C_i = RistrettoPoint.fromHex(fromBase64url(proof.bit_commitments[i]));
+      const weight = mod(BigInt(1 << i));
+      reconstructed = reconstructed.add(safeMultiply(C_i, weight));
+    }
+    const diff = C.subtract(safeMultiply(G, mod(BigInt(proof.min)))).subtract(reconstructed);
+    const R_sum = RistrettoPoint.fromHex(fromBase64url(proof.sum_proof.announcement));
+    const s_sum = bytesToBigint(fromBase64url(proof.sum_proof.response));
+    const e_sum = fiatShamirChallenge(
+      "sanctuary-zk-range-sum-v1",
+      fromBase64url(proof.commitment),
+      fromBase64url(proof.sum_proof.announcement)
+    );
+    const lhs = safeMultiply(H, s_sum);
+    const rhs = R_sum.add(safeMultiply(diff, e_sum));
+    return lhs.equals(rhs);
+  } catch {
+    return false;
+  }
+}
+function createBitProof(bit, blinding, commitment) {
+  const C_bytes = commitment.toRawBytes();
+  if (bit === 0) {
+    const C_minus_G = commitment.subtract(G);
+    const e_1 = randomScalar();
+    const s_1 = randomScalar();
+    const R_1 = safeMultiply(H, s_1).subtract(safeMultiply(C_minus_G, e_1));
+    const r_0 = randomScalar();
+    const R_0 = safeMultiply(H, r_0);
+    const e = fiatShamirChallenge(
+      "sanctuary-zk-bit-v1",
+      C_bytes,
+      R_0.toRawBytes(),
+      R_1.toRawBytes()
+    );
+    const e_0 = mod(e - e_1);
+    const s_0 = mod(r_0 + e_0 * blinding);
+    return {
+      announcement_0: toBase64url(R_0.toRawBytes()),
+      announcement_1: toBase64url(R_1.toRawBytes()),
+      challenge_0: toBase64url(bigintToBytes(e_0)),
+      challenge_1: toBase64url(bigintToBytes(e_1)),
+      response_0: toBase64url(bigintToBytes(s_0)),
+      response_1: toBase64url(bigintToBytes(s_1))
+    };
+  } else {
+    const e_0 = randomScalar();
+    const s_0 = randomScalar();
+    const R_0 = safeMultiply(H, s_0).subtract(safeMultiply(commitment, e_0));
+    const r_1 = randomScalar();
+    const R_1 = safeMultiply(H, r_1);
+    const e = fiatShamirChallenge(
+      "sanctuary-zk-bit-v1",
+      C_bytes,
+      R_0.toRawBytes(),
+      R_1.toRawBytes()
+    );
+    const e_1 = mod(e - e_0);
+    const s_1 = mod(r_1 + e_1 * blinding);
+    return {
+      announcement_0: toBase64url(R_0.toRawBytes()),
+      announcement_1: toBase64url(R_1.toRawBytes()),
+      challenge_0: toBase64url(bigintToBytes(e_0)),
+      challenge_1: toBase64url(bigintToBytes(e_1)),
+      response_0: toBase64url(bigintToBytes(s_0)),
+      response_1: toBase64url(bigintToBytes(s_1))
+    };
+  }
+}
+function verifyBitProof(proof, commitment) {
+  try {
+    const C_bytes = commitment.toRawBytes();
+    const R_0 = RistrettoPoint.fromHex(fromBase64url(proof.announcement_0));
+    const R_1 = RistrettoPoint.fromHex(fromBase64url(proof.announcement_1));
+    const e_0 = bytesToBigint(fromBase64url(proof.challenge_0));
+    const e_1 = bytesToBigint(fromBase64url(proof.challenge_1));
+    const s_0 = bytesToBigint(fromBase64url(proof.response_0));
+    const s_1 = bytesToBigint(fromBase64url(proof.response_1));
+    const e = fiatShamirChallenge(
+      "sanctuary-zk-bit-v1",
+      C_bytes,
+      R_0.toRawBytes(),
+      R_1.toRawBytes()
+    );
+    if (mod(e_0 + e_1) !== e) return false;
+    const lhs_0 = safeMultiply(H, s_0);
+    const rhs_0 = R_0.add(safeMultiply(commitment, e_0));
+    if (!lhs_0.equals(rhs_0)) return false;
+    const C_minus_G = commitment.subtract(G);
+    const lhs_1 = safeMultiply(H, s_1);
+    const rhs_1 = R_1.add(safeMultiply(C_minus_G, e_1));
+    if (!lhs_1.equals(rhs_1)) return false;
+    return true;
+  } catch {
+    return false;
+  }
+}
 
 // src/l3-disclosure/tools.ts
 function createL3Tools(storage, masterKey, auditLog) {
@@ -2114,6 +2423,187 @@ function createL3Tools(storage, masterKey, auditLog) {
           overall_recommendation: withholding > 0 ? `Withholding ${withholding} of ${requestedFields.length} requested fields per policy "${policy.policy_name}"` : `All ${requestedFields.length} fields may be disclosed per policy "${policy.policy_name}"`
         });
       }
+    },
+    // ─── ZK Proof Tools ───────────────────────────────────────────────────
+    {
+      name: "sanctuary/zk_commit",
+      description: "Create a Pedersen commitment to a numeric value on Ristretto255. Unlike SHA-256 commitments, Pedersen commitments support zero-knowledge proofs: you can prove properties about the committed value without revealing it.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          value: {
+            type: "number",
+            description: "The integer value to commit to"
+          }
+        },
+        required: ["value"]
+      },
+      handler: async (args) => {
+        const value = args.value;
+        if (!Number.isInteger(value)) {
+          return toolResult({ error: "Value must be an integer." });
+        }
+        const commitment = createPedersenCommitment(value);
+        auditLog.append("l3", "zk_commit", "system", {
+          commitment_hash: commitment.commitment.slice(0, 16) + "..."
+        });
+        return toolResult({
+          commitment: commitment.commitment,
+          blinding_factor: commitment.blinding_factor,
+          committed_at: commitment.committed_at,
+          proof_system: "pedersen-ristretto255",
+          note: "Store the blinding_factor securely. Use zk_prove to create proofs about this commitment."
+        });
+      }
+    },
+    {
+      name: "sanctuary/zk_prove",
+      description: "Create a zero-knowledge proof of knowledge for a Pedersen commitment. Proves you know the value and blinding factor without revealing either. Uses a Schnorr sigma protocol with Fiat-Shamir transform.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          value: {
+            type: "number",
+            description: "The committed value (integer)"
+          },
+          blinding_factor: {
+            type: "string",
+            description: "The blinding factor from zk_commit (base64url)"
+          },
+          commitment: {
+            type: "string",
+            description: "The Pedersen commitment (base64url)"
+          }
+        },
+        required: ["value", "blinding_factor", "commitment"]
+      },
+      handler: async (args) => {
+        const value = args.value;
+        const blindingFactor = args.blinding_factor;
+        const commitment = args.commitment;
+        if (!verifyPedersenCommitment(commitment, value, blindingFactor)) {
+          return toolResult({
+            error: "The provided value and blinding factor do not match the commitment."
+          });
+        }
+        const proof = createProofOfKnowledge(value, blindingFactor, commitment);
+        auditLog.append("l3", "zk_prove", "system", {
+          proof_type: proof.type,
+          commitment: commitment.slice(0, 16) + "..."
+        });
+        return toolResult({
+          proof,
+          note: "This proof demonstrates knowledge of the commitment opening without revealing the value."
+        });
+      }
+    },
+    {
+      name: "sanctuary/zk_verify",
+      description: "Verify a zero-knowledge proof of knowledge for a Pedersen commitment. Checks that the prover knows the commitment's opening without learning anything.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          proof: {
+            type: "object",
+            description: "The ZK proof object from zk_prove"
+          }
+        },
+        required: ["proof"]
+      },
+      handler: async (args) => {
+        const proof = args.proof;
+        const valid = verifyProofOfKnowledge(proof);
+        auditLog.append("l3", "zk_verify", "system", {
+          proof_type: proof.type,
+          valid
+        });
+        return toolResult({
+          valid,
+          proof_type: proof.type,
+          commitment: proof.commitment,
+          verified_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
+    },
+    {
+      name: "sanctuary/zk_range_prove",
+      description: "Create a zero-knowledge range proof: prove that a committed value is within [min, max] without revealing the exact value. Uses bit-decomposition with OR-proofs on Ristretto255.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          value: {
+            type: "number",
+            description: "The committed value (integer)"
+          },
+          blinding_factor: {
+            type: "string",
+            description: "The blinding factor from zk_commit (base64url)"
+          },
+          commitment: {
+            type: "string",
+            description: "The Pedersen commitment (base64url)"
+          },
+          min: {
+            type: "number",
+            description: "Minimum of the range (inclusive)"
+          },
+          max: {
+            type: "number",
+            description: "Maximum of the range (inclusive)"
+          }
+        },
+        required: ["value", "blinding_factor", "commitment", "min", "max"]
+      },
+      handler: async (args) => {
+        const value = args.value;
+        const blindingFactor = args.blinding_factor;
+        const commitment = args.commitment;
+        const min = args.min;
+        const max = args.max;
+        const proof = createRangeProof(value, blindingFactor, commitment, min, max);
+        if ("error" in proof) {
+          return toolResult({ error: proof.error });
+        }
+        auditLog.append("l3", "zk_range_prove", "system", {
+          proof_type: proof.type,
+          range: `[${min}, ${max}]`,
+          bits: proof.bit_commitments.length
+        });
+        return toolResult({
+          proof,
+          note: `This proof demonstrates the committed value is in [${min}, ${max}] without revealing it.`
+        });
+      }
+    },
+    {
+      name: "sanctuary/zk_range_verify",
+      description: "Verify a zero-knowledge range proof \u2014 confirms a committed value is within the claimed range without learning the value.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          proof: {
+            type: "object",
+            description: "The range proof object from zk_range_prove"
+          }
+        },
+        required: ["proof"]
+      },
+      handler: async (args) => {
+        const proof = args.proof;
+        const valid = verifyRangeProof(proof);
+        auditLog.append("l3", "zk_range_verify", "system", {
+          proof_type: proof.type,
+          valid,
+          range: `[${proof.min}, ${proof.max}]`
+        });
+        return toolResult({
+          valid,
+          proof_type: proof.type,
+          range: { min: proof.min, max: proof.max },
+          commitment: proof.commitment,
+          verified_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
     }
   ];
   return { tools, commitmentStore, policyStore };
@@ -2162,7 +2652,7 @@ var ReputationStore = class {
   /**
    * Record an interaction outcome as a signed attestation.
    */
-  async record(interactionId, counterpartyDid, outcome, context, identity, identityEncryptionKey, counterpartyAttestation) {
+  async record(interactionId, counterpartyDid, outcome, context, identity, identityEncryptionKey, counterpartyAttestation, sovereigntyTier) {
     const attestationId = `att-${Date.now()}-${toBase64url(randomBytes(8))}`;
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const attestationData = {
@@ -2173,7 +2663,8 @@ var ReputationStore = class {
       outcome_result: outcome.result,
       metrics: outcome.metrics ?? {},
       context,
-      timestamp: now
+      timestamp: now,
+      sovereignty_tier: sovereigntyTier
     };
     const dataBytes = stringToBytes(JSON.stringify(attestationData));
     const signature = sign(
@@ -2422,6 +2913,24 @@ var ReputationStore = class {
     );
     return guarantee;
   }
+  // ─── Tier-Aware Access ───────────────────────────────────────────────
+  /**
+   * Load attestations for tier-weighted scoring.
+   * Applies basic context/counterparty filtering, returns full StoredAttestations
+   * so callers can access sovereignty_tier from attestation data.
+   */
+  async loadAllForTierScoring(options) {
+    let all = await this.loadAll();
+    if (options?.context) {
+      all = all.filter((a) => a.attestation.data.context === options.context);
+    }
+    if (options?.counterparty_did) {
+      all = all.filter(
+        (a) => a.attestation.data.counterparty_did === options.counterparty_did
+      );
+    }
+    return all;
+  }
   // ─── Internal ─────────────────────────────────────────────────────────
   async loadAll() {
     const results = [];
@@ -2445,9 +2954,70 @@ var ReputationStore = class {
 
 // src/l4-reputation/tools.ts
 init_encoding();
-function createL4Tools(storage, masterKey, identityManager, auditLog) {
+
+// src/l4-reputation/tiers.ts
+var TIER_WEIGHTS = {
+  "verified-sovereign": 1,
+  "verified-degraded": 0.8,
+  "self-attested": 0.5,
+  "unverified": 0.2
+};
+function resolveTier(counterpartyId, handshakeResults, hasSanctuaryIdentity) {
+  const handshake = handshakeResults.get(counterpartyId);
+  if (handshake && handshake.verified) {
+    const expiresAt = new Date(handshake.expires_at);
+    if (expiresAt > /* @__PURE__ */ new Date()) {
+      return {
+        sovereignty_tier: handshake.trust_tier,
+        handshake_completed_at: handshake.completed_at,
+        verified_by: handshake.counterparty_id
+      };
+    }
+  }
+  if (hasSanctuaryIdentity) {
+    return { sovereignty_tier: "self-attested" };
+  }
+  return { sovereignty_tier: "unverified" };
+}
+function trustTierToSovereigntyTier(trustTier) {
+  switch (trustTier) {
+    case "verified-sovereign":
+      return "verified-sovereign";
+    case "verified-degraded":
+      return "verified-degraded";
+    default:
+      return "unverified";
+  }
+}
+function computeWeightedScore(attestations) {
+  if (attestations.length === 0) return null;
+  let weightedSum = 0;
+  let totalWeight = 0;
+  for (const a of attestations) {
+    const weight = TIER_WEIGHTS[a.tier];
+    weightedSum += a.value * weight;
+    totalWeight += weight;
+  }
+  return totalWeight > 0 ? weightedSum / totalWeight : null;
+}
+function tierDistribution(tiers) {
+  const dist = {
+    "verified-sovereign": 0,
+    "verified-degraded": 0,
+    "self-attested": 0,
+    "unverified": 0
+  };
+  for (const tier of tiers) {
+    dist[tier]++;
+  }
+  return dist;
+}
+
+// src/l4-reputation/tools.ts
+function createL4Tools(storage, masterKey, identityManager, auditLog, handshakeResults) {
   const reputationStore = new ReputationStore(storage, masterKey);
   const identityEncryptionKey = derivePurposeKey(masterKey, "identity-encryption");
+  const hsResults = handshakeResults ?? /* @__PURE__ */ new Map();
   const tools = [
     // ─── Reputation Recording ─────────────────────────────────────────
     {
@@ -2509,26 +3079,34 @@ function createL4Tools(storage, masterKey, identityManager, auditLog) {
         }
         const outcome = args.outcome;
         const context = args.context ?? "general";
+        const counterpartyDid = args.counterparty_did;
+        const hasSanctuaryIdentity = identityManager.list().some(
+          (id) => identityManager.get(id.identity_id)?.did === counterpartyDid
+        );
+        const tierMeta = resolveTier(counterpartyDid, hsResults, hasSanctuaryIdentity);
         const stored = await reputationStore.record(
           args.interaction_id,
-          args.counterparty_did,
+          counterpartyDid,
           outcome,
           context,
           identity,
           identityEncryptionKey,
-          args.counterparty_attestation
+          args.counterparty_attestation,
+          tierMeta.sovereignty_tier
         );
         auditLog.append("l4", "reputation_record", identity.identity_id, {
           interaction_id: args.interaction_id,
           outcome_type: outcome.type,
           outcome_result: outcome.result,
-          context
+          context,
+          sovereignty_tier: tierMeta.sovereignty_tier
         });
         return toolResult({
           attestation_id: stored.attestation.attestation_id,
           interaction_id: stored.attestation.data.interaction_id,
           self_attestation: stored.attestation.signature,
           counterparty_confirmed: stored.counterparty_confirmed,
+          sovereignty_tier: tierMeta.sovereignty_tier,
           context,
           recorded_at: stored.recorded_at
         });
@@ -2691,6 +3269,62 @@ function createL4Tools(storage, masterKey, identityManager, auditLog) {
         });
       }
     },
+    // ─── Sovereignty-Weighted Query ──────────────────────────────────
+    {
+      name: "sanctuary/reputation_query_weighted",
+      description: "Query reputation with sovereignty-weighted scoring. Attestations from verified-sovereign agents carry full weight (1.0); unverified attestations carry reduced weight (0.2). Returns both the weighted score and tier distribution.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          metric: {
+            type: "string",
+            description: "Which metric to compute the weighted score for"
+          },
+          context: {
+            type: "string",
+            description: "Filter by context/domain"
+          },
+          counterparty_did: {
+            type: "string",
+            description: "Filter by counterparty"
+          }
+        },
+        required: ["metric"]
+      },
+      handler: async (args) => {
+        const summary = await reputationStore.query({
+          context: args.context,
+          counterparty_did: args.counterparty_did
+        });
+        const allAttestations = await reputationStore.loadAllForTierScoring({
+          context: args.context,
+          counterparty_did: args.counterparty_did
+        });
+        const metric = args.metric;
+        const tieredAttestations = allAttestations.filter((a) => a.attestation.data.metrics[metric] !== void 0).map((a) => ({
+          value: a.attestation.data.metrics[metric],
+          tier: a.attestation.data.sovereignty_tier ?? "unverified"
+        }));
+        const weightedScore = computeWeightedScore(tieredAttestations);
+        const tiers = allAttestations.map(
+          (a) => a.attestation.data.sovereignty_tier ?? "unverified"
+        );
+        const dist = tierDistribution(tiers);
+        auditLog.append("l4", "reputation_query_weighted", "system", {
+          metric,
+          attestation_count: tieredAttestations.length,
+          weighted_score: weightedScore
+        });
+        return toolResult({
+          metric,
+          weighted_score: weightedScore,
+          attestation_count: tieredAttestations.length,
+          tier_distribution: dist,
+          tier_weights: TIER_WEIGHTS,
+          unweighted_summary: summary
+        });
+      }
+    },
     // ─── Trust Bootstrap: Escrow ──────────────────────────────────────
     {
       name: "sanctuary/bootstrap_create_escrow",
@@ -2876,7 +3510,22 @@ var DEFAULT_POLICY = {
     "monitor_audit_log",
     "manifest",
     "principal_policy_view",
-    "principal_baseline_view"
+    "principal_baseline_view",
+    "shr_generate",
+    "shr_verify",
+    "handshake_initiate",
+    "handshake_respond",
+    "handshake_complete",
+    "handshake_status",
+    "reputation_query_weighted",
+    "federation_peers",
+    "federation_trust_evaluate",
+    "federation_status",
+    "zk_commit",
+    "zk_prove",
+    "zk_verify",
+    "zk_range_prove",
+    "zk_range_verify"
   ],
   approval_channel: DEFAULT_CHANNEL
 };
@@ -3011,6 +3660,21 @@ tier3_always_allow:
   - manifest
   - principal_policy_view
   - principal_baseline_view
+  - shr_generate
+  - shr_verify
+  - handshake_initiate
+  - handshake_respond
+  - handshake_complete
+  - handshake_status
+  - reputation_query_weighted
+  - federation_peers
+  - federation_trust_evaluate
+  - federation_status
+  - zk_commit
+  - zk_prove
+  - zk_verify
+  - zk_range_prove
+  - zk_range_verify
 
 # \u2500\u2500\u2500 Approval Channel \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
 # How Sanctuary reaches you when approval is needed.
@@ -3240,20 +3904,1143 @@ var StderrApprovalChannel = class {
   }
 };
 
-// src/principal-policy/gate.ts
-var ApprovalGate = class {
-  policy;
-  baseline;
-  channel;
-  auditLog;
-  constructor(policy, baseline, channel, auditLog) {
-    this.policy = policy;
-    this.baseline = baseline;
-    this.channel = channel;
-    this.auditLog = auditLog;
+// src/principal-policy/dashboard-html.ts
+function generateDashboardHTML(options) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Sanctuary \u2014 Principal Dashboard</title>
+<style>
+  :root {
+    --bg: #0f1117;
+    --bg-surface: #1a1d27;
+    --bg-elevated: #242736;
+    --border: #2e3244;
+    --text: #e4e6f0;
+    --text-muted: #8b8fa3;
+    --accent: #6c8aff;
+    --accent-hover: #839dff;
+    --approve: #3ecf8e;
+    --approve-hover: #5dd9a3;
+    --deny: #f87171;
+    --deny-hover: #fca5a5;
+    --warning: #fbbf24;
+    --tier1: #f87171;
+    --tier2: #fbbf24;
+    --tier3: #3ecf8e;
+    --font: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    --mono: "SF Mono", "Fira Code", "Cascadia Code", monospace;
+    --radius: 8px;
   }
-  /**
-   * Evaluate a tool call against the Principal Policy.
+
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    font-family: var(--font);
+    background: var(--bg);
+    color: var(--text);
+    line-height: 1.5;
+    min-height: 100vh;
+  }
+
+  /* Layout */
+  .container { max-width: 960px; margin: 0 auto; padding: 24px 16px; }
+
+  header {
+    display: flex; align-items: center; justify-content: space-between;
+    padding-bottom: 20px; border-bottom: 1px solid var(--border);
+    margin-bottom: 24px;
+  }
+  header h1 { font-size: 20px; font-weight: 600; letter-spacing: -0.3px; }
+  header h1 span { color: var(--accent); }
+  .status-badge {
+    display: inline-flex; align-items: center; gap: 6px;
+    font-size: 12px; color: var(--text-muted);
+    padding: 4px 10px; border-radius: 12px;
+    background: var(--bg-surface); border: 1px solid var(--border);
+  }
+  .status-dot {
+    width: 8px; height: 8px; border-radius: 50%;
+    background: var(--approve); animation: pulse 2s infinite;
+  }
+  .status-dot.disconnected { background: var(--deny); animation: none; }
+  @keyframes pulse { 0%, 100% { opacity: 1; } 50% { opacity: 0.5; } }
+
+  /* Tabs */
+  .tabs {
+    display: flex; gap: 2px; margin-bottom: 20px;
+    background: var(--bg-surface); border-radius: var(--radius);
+    padding: 3px; border: 1px solid var(--border);
+  }
+  .tab {
+    flex: 1; padding: 8px 12px; text-align: center;
+    font-size: 13px; font-weight: 500; cursor: pointer;
+    border-radius: 6px; border: none; color: var(--text-muted);
+    background: transparent; transition: all 0.15s;
+  }
+  .tab:hover { color: var(--text); }
+  .tab.active { background: var(--bg-elevated); color: var(--text); }
+  .tab .count {
+    display: inline-flex; align-items: center; justify-content: center;
+    min-width: 18px; height: 18px; padding: 0 5px;
+    font-size: 11px; font-weight: 600; border-radius: 9px;
+    margin-left: 6px;
+  }
+  .tab .count.alert { background: var(--deny); color: white; }
+  .tab .count.muted { background: var(--border); color: var(--text-muted); }
+
+  /* Tab Content */
+  .tab-content { display: none; }
+  .tab-content.active { display: block; }
+
+  /* Pending Requests */
+  .pending-empty {
+    text-align: center; padding: 60px 20px; color: var(--text-muted);
+  }
+  .pending-empty .icon { font-size: 32px; margin-bottom: 12px; }
+  .pending-empty p { font-size: 14px; }
+
+  .request-card {
+    background: var(--bg-surface); border: 1px solid var(--border);
+    border-radius: var(--radius); padding: 16px; margin-bottom: 12px;
+    animation: slideIn 0.2s ease-out;
+  }
+  @keyframes slideIn { from { opacity: 0; transform: translateY(-8px); } to { opacity: 1; transform: translateY(0); } }
+  .request-card.tier1 { border-left: 3px solid var(--tier1); }
+  .request-card.tier2 { border-left: 3px solid var(--tier2); }
+  .request-header {
+    display: flex; align-items: center; justify-content: space-between;
+    margin-bottom: 10px;
+  }
+  .request-op {
+    font-family: var(--mono); font-size: 14px; font-weight: 600;
+  }
+  .tier-badge {
+    font-size: 11px; font-weight: 600; padding: 2px 8px;
+    border-radius: 4px; text-transform: uppercase;
+  }
+  .tier-badge.tier1 { background: rgba(248,113,113,0.15); color: var(--tier1); }
+  .tier-badge.tier2 { background: rgba(251,191,36,0.15); color: var(--tier2); }
+  .request-reason {
+    font-size: 13px; color: var(--text-muted); margin-bottom: 12px;
+  }
+  .request-context {
+    font-family: var(--mono); font-size: 12px; color: var(--text-muted);
+    background: var(--bg); border-radius: 4px; padding: 8px 10px;
+    margin-bottom: 14px; white-space: pre-wrap; word-break: break-all;
+    max-height: 120px; overflow-y: auto;
+  }
+  .request-actions {
+    display: flex; align-items: center; gap: 10px;
+  }
+  .btn {
+    padding: 7px 16px; border-radius: 6px; font-size: 13px;
+    font-weight: 600; border: none; cursor: pointer;
+    transition: all 0.15s;
+  }
+  .btn-approve { background: var(--approve); color: #0f1117; }
+  .btn-approve:hover { background: var(--approve-hover); }
+  .btn-deny { background: var(--deny); color: white; }
+  .btn-deny:hover { background: var(--deny-hover); }
+  .countdown {
+    margin-left: auto; font-size: 12px; color: var(--text-muted);
+    font-family: var(--mono);
+  }
+  .countdown.urgent { color: var(--deny); font-weight: 600; }
+
+  /* Audit Log */
+  .audit-table { width: 100%; border-collapse: collapse; }
+  .audit-table th {
+    text-align: left; font-size: 11px; font-weight: 600;
+    text-transform: uppercase; letter-spacing: 0.5px;
+    color: var(--text-muted); padding: 8px 10px;
+    border-bottom: 1px solid var(--border);
+  }
+  .audit-table td {
+    font-size: 13px; padding: 8px 10px;
+    border-bottom: 1px solid var(--border);
+  }
+  .audit-table tr { transition: background 0.1s; }
+  .audit-table tr:hover { background: var(--bg-elevated); }
+  .audit-table tr.new { animation: highlight 1s ease-out; }
+  @keyframes highlight { from { background: rgba(108,138,255,0.15); } to { background: transparent; } }
+  .audit-time { font-family: var(--mono); font-size: 12px; color: var(--text-muted); }
+  .audit-op { font-family: var(--mono); font-size: 12px; }
+  .audit-layer {
+    font-size: 11px; font-weight: 600; padding: 1px 6px;
+    border-radius: 3px; text-transform: uppercase;
+  }
+  .audit-layer.l1 { background: rgba(108,138,255,0.15); color: var(--accent); }
+  .audit-layer.l2 { background: rgba(251,191,36,0.15); color: var(--tier2); }
+  .audit-layer.l3 { background: rgba(62,207,142,0.15); color: var(--tier3); }
+  .audit-layer.l4 { background: rgba(168,85,247,0.15); color: #a855f7; }
+
+  /* Baseline & Policy */
+  .info-section {
+    background: var(--bg-surface); border: 1px solid var(--border);
+    border-radius: var(--radius); padding: 16px; margin-bottom: 16px;
+  }
+  .info-section h3 {
+    font-size: 13px; font-weight: 600; text-transform: uppercase;
+    letter-spacing: 0.5px; color: var(--text-muted); margin-bottom: 12px;
+  }
+  .info-row {
+    display: flex; justify-content: space-between; align-items: center;
+    padding: 6px 0; font-size: 13px;
+  }
+  .info-label { color: var(--text-muted); }
+  .info-value { font-family: var(--mono); font-size: 12px; }
+  .tag-list { display: flex; flex-wrap: wrap; gap: 4px; }
+  .tag {
+    font-family: var(--mono); font-size: 11px; padding: 2px 8px;
+    background: var(--bg-elevated); border-radius: 4px;
+    color: var(--text-muted); border: 1px solid var(--border);
+  }
+  .policy-op {
+    font-family: var(--mono); font-size: 12px; padding: 3px 0;
+  }
+
+  /* Footer */
+  footer {
+    margin-top: 32px; padding-top: 16px;
+    border-top: 1px solid var(--border);
+    font-size: 12px; color: var(--text-muted);
+    text-align: center;
+  }
+</style>
+</head>
+<body>
+<div class="container">
+  <header>
+    <h1><span>Sanctuary</span> Principal Dashboard</h1>
+    <div class="status-badge">
+      <div class="status-dot" id="statusDot"></div>
+      <span id="statusText">Connected</span>
+    </div>
+  </header>
+
+  <div class="tabs">
+    <button class="tab active" data-tab="pending">
+      Pending<span class="count muted" id="pendingCount">0</span>
+    </button>
+    <button class="tab" data-tab="audit">
+      Audit Log<span class="count muted" id="auditCount">0</span>
+    </button>
+    <button class="tab" data-tab="baseline">Baseline</button>
+    <button class="tab" data-tab="policy">Policy</button>
+  </div>
+
+  <!-- Pending Approvals -->
+  <div class="tab-content active" id="tab-pending">
+    <div class="pending-empty" id="pendingEmpty">
+      <div class="icon">&#x2714;</div>
+      <p>No pending approval requests.</p>
+      <p style="font-size:12px; margin-top:4px;">Requests will appear here in real time.</p>
+    </div>
+    <div id="pendingList"></div>
+  </div>
+
+  <!-- Audit Log -->
+  <div class="tab-content" id="tab-audit">
+    <table class="audit-table">
+      <thead>
+        <tr><th>Time</th><th>Layer</th><th>Operation</th><th>Identity</th></tr>
+      </thead>
+      <tbody id="auditBody"></tbody>
+    </table>
+  </div>
+
+  <!-- Baseline -->
+  <div class="tab-content" id="tab-baseline">
+    <div class="info-section">
+      <h3>Session Info</h3>
+      <div class="info-row"><span class="info-label">First session</span><span class="info-value" id="bFirstSession">\u2014</span></div>
+      <div class="info-row"><span class="info-label">Started</span><span class="info-value" id="bStarted">\u2014</span></div>
+    </div>
+    <div class="info-section">
+      <h3>Known Namespaces</h3>
+      <div class="tag-list" id="bNamespaces"><span class="tag">\u2014</span></div>
+    </div>
+    <div class="info-section">
+      <h3>Known Counterparties</h3>
+      <div class="tag-list" id="bCounterparties"><span class="tag">\u2014</span></div>
+    </div>
+    <div class="info-section">
+      <h3>Tool Call Counts</h3>
+      <div id="bToolCalls"><span class="info-value">\u2014</span></div>
+    </div>
+  </div>
+
+  <!-- Policy -->
+  <div class="tab-content" id="tab-policy">
+    <div class="info-section">
+      <h3>Tier 1 \u2014 Always Requires Approval</h3>
+      <div id="pTier1"></div>
+    </div>
+    <div class="info-section">
+      <h3>Tier 2 \u2014 Anomaly Detection</h3>
+      <div id="pTier2"></div>
+    </div>
+    <div class="info-section">
+      <h3>Tier 3 \u2014 Always Allowed</h3>
+      <div class="info-row">
+        <span class="info-label">Operations</span>
+        <span class="info-value" id="pTier3Count">\u2014</span>
+      </div>
+    </div>
+    <div class="info-section">
+      <h3>Approval Channel</h3>
+      <div id="pChannel"></div>
+    </div>
+  </div>
+
+  <footer>Sanctuary Framework v${options.serverVersion} \u2014 Principal Dashboard</footer>
+</div>
+
+<script>
+(function() {
+  const TIMEOUT = ${options.timeoutSeconds};
+  const AUTH_TOKEN = ${options.authToken ? `'${options.authToken}'` : "null"};
+  const pending = new Map();
+  let auditCount = 0;
+
+  // Auth helpers
+  function authHeaders() {
+    const h = { 'Content-Type': 'application/json' };
+    if (AUTH_TOKEN) h['Authorization'] = 'Bearer ' + AUTH_TOKEN;
+    return h;
+  }
+  function authQuery(url) {
+    if (!AUTH_TOKEN) return url;
+    const sep = url.includes('?') ? '&' : '?';
+    return url + sep + 'token=' + AUTH_TOKEN;
+  }
+
+  // Tab switching
+  document.querySelectorAll('.tab').forEach(tab => {
+    tab.addEventListener('click', () => {
+      document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+      document.querySelectorAll('.tab-content').forEach(c => c.classList.remove('active'));
+      tab.classList.add('active');
+      document.getElementById('tab-' + tab.dataset.tab).classList.add('active');
+    });
+  });
+
+  // SSE Connection
+  let evtSource;
+  function connect() {
+    evtSource = new EventSource(authQuery('/events'));
+    evtSource.onopen = () => {
+      document.getElementById('statusDot').classList.remove('disconnected');
+      document.getElementById('statusText').textContent = 'Connected';
+    };
+    evtSource.onerror = () => {
+      document.getElementById('statusDot').classList.add('disconnected');
+      document.getElementById('statusText').textContent = 'Reconnecting...';
+    };
+    evtSource.addEventListener('pending-request', (e) => {
+      const data = JSON.parse(e.data);
+      addPendingRequest(data);
+    });
+    evtSource.addEventListener('request-resolved', (e) => {
+      const data = JSON.parse(e.data);
+      removePendingRequest(data.request_id);
+    });
+    evtSource.addEventListener('audit-entry', (e) => {
+      const data = JSON.parse(e.data);
+      addAuditEntry(data);
+    });
+    evtSource.addEventListener('baseline-update', (e) => {
+      const data = JSON.parse(e.data);
+      updateBaseline(data);
+    });
+    evtSource.addEventListener('policy-update', (e) => {
+      const data = JSON.parse(e.data);
+      updatePolicy(data);
+    });
+    evtSource.addEventListener('init', (e) => {
+      const data = JSON.parse(e.data);
+      if (data.baseline) updateBaseline(data.baseline);
+      if (data.policy) updatePolicy(data.policy);
+      if (data.pending) data.pending.forEach(addPendingRequest);
+      if (data.audit) data.audit.forEach(addAuditEntry);
+    });
+  }
+
+  // Pending requests
+  function addPendingRequest(req) {
+    pending.set(req.request_id, { ...req, remaining: TIMEOUT });
+    renderPending();
+    updatePendingCount();
+    flashTab('pending');
+  }
+
+  function removePendingRequest(id) {
+    pending.delete(id);
+    renderPending();
+    updatePendingCount();
+  }
+
+  function renderPending() {
+    const list = document.getElementById('pendingList');
+    const empty = document.getElementById('pendingEmpty');
+    if (pending.size === 0) {
+      list.innerHTML = '';
+      empty.style.display = 'block';
+      return;
+    }
+    empty.style.display = 'none';
+    list.innerHTML = '';
+    for (const [id, req] of pending) {
+      const card = document.createElement('div');
+      card.className = 'request-card tier' + req.tier;
+      card.id = 'req-' + id;
+      const ctx = typeof req.context === 'string' ? req.context : JSON.stringify(req.context, null, 2);
+      card.innerHTML =
+        '<div class="request-header">' +
+          '<span class="request-op">' + esc(req.operation) + '</span>' +
+          '<span class="tier-badge tier' + req.tier + '">Tier ' + req.tier + '</span>' +
+        '</div>' +
+        '<div class="request-reason">' + esc(req.reason) + '</div>' +
+        '<div class="request-context">' + esc(ctx) + '</div>' +
+        '<div class="request-actions">' +
+          '<button class="btn btn-approve" onclick="handleApprove(\\'' + id + '\\')">Approve</button>' +
+          '<button class="btn btn-deny" onclick="handleDeny(\\'' + id + '\\')">Deny</button>' +
+          '<span class="countdown" id="cd-' + id + '">' + req.remaining + 's</span>' +
+        '</div>';
+      list.appendChild(card);
+    }
+  }
+
+  function updatePendingCount() {
+    const el = document.getElementById('pendingCount');
+    el.textContent = pending.size;
+    el.className = pending.size > 0 ? 'count alert' : 'count muted';
+  }
+
+  function flashTab(name) {
+    const tab = document.querySelector('[data-tab="' + name + '"]');
+    if (!tab.classList.contains('active')) {
+      tab.style.background = 'rgba(248,113,113,0.15)';
+      setTimeout(() => { tab.style.background = ''; }, 1500);
+    }
+  }
+
+  // Countdown timer
+  setInterval(() => {
+    for (const [id, req] of pending) {
+      req.remaining = Math.max(0, req.remaining - 1);
+      const el = document.getElementById('cd-' + id);
+      if (el) {
+        el.textContent = req.remaining + 's';
+        el.className = req.remaining <= 30 ? 'countdown urgent' : 'countdown';
+      }
+    }
+  }, 1000);
+
+  // Approve / Deny handlers (global scope)
+  window.handleApprove = function(id) {
+    fetch('/api/approve/' + id, { method: 'POST', headers: authHeaders() }).then(() => {
+      removePendingRequest(id);
+    });
+  };
+  window.handleDeny = function(id) {
+    fetch('/api/deny/' + id, { method: 'POST', headers: authHeaders() }).then(() => {
+      removePendingRequest(id);
+    });
+  };
+
+  // Audit log
+  function addAuditEntry(entry) {
+    auditCount++;
+    document.getElementById('auditCount').textContent = auditCount;
+    const tbody = document.getElementById('auditBody');
+    const tr = document.createElement('tr');
+    tr.className = 'new';
+    const time = entry.timestamp ? new Date(entry.timestamp).toLocaleTimeString() : '\u2014';
+    const layer = entry.layer || '\u2014';
+    tr.innerHTML =
+      '<td class="audit-time">' + esc(time) + '</td>' +
+      '<td><span class="audit-layer ' + layer + '">' + esc(layer) + '</span></td>' +
+      '<td class="audit-op">' + esc(entry.operation || '\u2014') + '</td>' +
+      '<td style="font-size:12px;color:var(--text-muted)">' + esc(entry.identity_id || '\u2014') + '</td>';
+    tbody.insertBefore(tr, tbody.firstChild);
+    // Keep last 100 entries
+    while (tbody.children.length > 100) tbody.removeChild(tbody.lastChild);
+  }
+
+  // Baseline
+  function updateBaseline(b) {
+    if (!b) return;
+    document.getElementById('bFirstSession').textContent = b.is_first_session ? 'Yes' : 'No';
+    document.getElementById('bStarted').textContent = b.started_at ? new Date(b.started_at).toLocaleString() : '\u2014';
+    const ns = document.getElementById('bNamespaces');
+    ns.innerHTML = (b.known_namespaces || []).length > 0
+      ? (b.known_namespaces || []).map(n => '<span class="tag">' + esc(n) + '</span>').join('')
+      : '<span class="tag">none</span>';
+    const cp = document.getElementById('bCounterparties');
+    cp.innerHTML = (b.known_counterparties || []).length > 0
+      ? (b.known_counterparties || []).map(c => '<span class="tag">' + esc(c.slice(0,16)) + '...</span>').join('')
+      : '<span class="tag">none</span>';
+    const tc = document.getElementById('bToolCalls');
+    const counts = b.tool_call_counts || {};
+    const entries = Object.entries(counts).sort((a,b) => b[1] - a[1]);
+    tc.innerHTML = entries.length > 0
+      ? entries.map(([k,v]) => '<div class="info-row"><span class="info-label">' + esc(k) + '</span><span class="info-value">' + v + '</span></div>').join('')
+      : '<span class="info-value">no calls yet</span>';
+  }
+
+  // Policy
+  function updatePolicy(p) {
+    if (!p) return;
+    const t1 = document.getElementById('pTier1');
+    t1.innerHTML = (p.tier1_always_approve || []).map(op =>
+      '<div class="policy-op">' + esc(op) + '</div>'
+    ).join('');
+    const t2 = document.getElementById('pTier2');
+    const cfg = p.tier2_anomaly || {};
+    t2.innerHTML = Object.entries(cfg).map(([k,v]) =>
+      '<div class="info-row"><span class="info-label">' + esc(k) + '</span><span class="info-value">' + esc(String(v)) + '</span></div>'
+    ).join('');
+    document.getElementById('pTier3Count').textContent = (p.tier3_always_allow || []).length + ' operations';
+    const ch = document.getElementById('pChannel');
+    const chan = p.approval_channel || {};
+    ch.innerHTML = Object.entries(chan).filter(([k]) => k !== 'webhook_secret').map(([k,v]) =>
+      '<div class="info-row"><span class="info-label">' + esc(k) + '</span><span class="info-value">' + esc(String(v)) + '</span></div>'
+    ).join('');
+  }
+
+  function esc(s) {
+    if (!s) return '';
+    const d = document.createElement('div');
+    d.textContent = String(s);
+    return d.innerHTML;
+  }
+
+  // Init
+  connect();
+  fetch('/api/status', { headers: authHeaders() }).then(r => r.json()).then(data => {
+    if (data.baseline) updateBaseline(data.baseline);
+    if (data.policy) updatePolicy(data.policy);
+  }).catch(() => {});
+})();
+</script>
+</body>
+</html>`;
+}
+
+// src/principal-policy/dashboard.ts
+var DashboardApprovalChannel = class {
+  config;
+  pending = /* @__PURE__ */ new Map();
+  sseClients = /* @__PURE__ */ new Set();
+  httpServer = null;
+  policy = null;
+  baseline = null;
+  auditLog = null;
+  dashboardHTML;
+  authToken;
+  useTLS;
+  constructor(config) {
+    this.config = config;
+    this.authToken = config.auth_token;
+    this.useTLS = !!(config.tls?.cert_path && config.tls?.key_path);
+    this.dashboardHTML = generateDashboardHTML({
+      timeoutSeconds: config.timeout_seconds,
+      serverVersion: "0.3.0",
+      authToken: this.authToken
+    });
+  }
+  /**
+   * Inject dependencies after construction.
+   * Called from index.ts after all components are initialized.
+   */
+  setDependencies(deps) {
+    this.policy = deps.policy;
+    this.baseline = deps.baseline;
+    this.auditLog = deps.auditLog;
+  }
+  /**
+   * Start the HTTP(S) server for the dashboard.
+   */
+  async start() {
+    return new Promise((resolve, reject) => {
+      const handler = (req, res) => this.handleRequest(req, res);
+      if (this.useTLS && this.config.tls) {
+        const tlsOpts = {
+          cert: readFileSync(this.config.tls.cert_path),
+          key: readFileSync(this.config.tls.key_path)
+        };
+        this.httpServer = createServer$1(tlsOpts, handler);
+      } else {
+        this.httpServer = createServer$2(handler);
+      }
+      const protocol = this.useTLS ? "https" : "http";
+      const baseUrl = `${protocol}://${this.config.host}:${this.config.port}`;
+      this.httpServer.listen(this.config.port, this.config.host, () => {
+        if (this.authToken) {
+          process.stderr.write(
+            `
+  Sanctuary Principal Dashboard: ${baseUrl}/?token=${this.authToken}
+`
+          );
+          process.stderr.write(
+            `  Auth token: ${this.authToken}
+
+`
+          );
+        } else {
+          process.stderr.write(
+            `
+  Sanctuary Principal Dashboard: ${baseUrl}
+
+`
+          );
+        }
+        resolve();
+      });
+      this.httpServer.on("error", reject);
+    });
+  }
+  /**
+   * Stop the HTTP server and clean up.
+   */
+  async stop() {
+    for (const [, pending] of this.pending) {
+      clearTimeout(pending.timer);
+      pending.resolve({
+        decision: "deny",
+        decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+        decided_by: "auto"
+      });
+    }
+    this.pending.clear();
+    for (const client of this.sseClients) {
+      client.end();
+    }
+    this.sseClients.clear();
+    if (this.httpServer) {
+      return new Promise((resolve) => {
+        this.httpServer.close(() => resolve());
+      });
+    }
+  }
+  /**
+   * Request approval from the human via the dashboard.
+   * Blocks until the human approves/denies or timeout occurs.
+   */
+  async requestApproval(request) {
+    const id = randomBytes$1(8).toString("hex");
+    process.stderr.write(
+      `[Sanctuary] Approval required: ${request.operation} (Tier ${request.tier}) \u2014 open dashboard to respond
+`
+    );
+    return new Promise((resolve) => {
+      const timer = setTimeout(() => {
+        this.pending.delete(id);
+        const response = {
+          decision: this.config.auto_deny ? "deny" : "approve",
+          decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+          decided_by: "timeout"
+        };
+        this.broadcastSSE("request-resolved", {
+          request_id: id,
+          decision: response.decision,
+          decided_by: "timeout"
+        });
+        resolve(response);
+      }, this.config.timeout_seconds * 1e3);
+      const pending = {
+        id,
+        request,
+        resolve,
+        timer,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      this.pending.set(id, pending);
+      this.broadcastSSE("pending-request", {
+        request_id: id,
+        operation: request.operation,
+        tier: request.tier,
+        reason: request.reason,
+        context: request.context,
+        timestamp: request.timestamp
+      });
+    });
+  }
+  // ── Authentication ──────────────────────────────────────────────────
+  /**
+   * Verify bearer token authentication.
+   * Checks Authorization header first, falls back to ?token= query param.
+   * Returns true if auth passes, false if blocked (response already sent).
+   */
+  checkAuth(req, url, res) {
+    if (!this.authToken) return true;
+    const authHeader = req.headers.authorization;
+    if (authHeader) {
+      const parts = authHeader.split(" ");
+      if (parts.length === 2 && parts[0] === "Bearer" && parts[1] === this.authToken) {
+        return true;
+      }
+    }
+    const queryToken = url.searchParams.get("token");
+    if (queryToken === this.authToken) {
+      return true;
+    }
+    res.writeHead(401, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "Unauthorized \u2014 valid bearer token required" }));
+    return false;
+  }
+  // ── HTTP Request Handler ────────────────────────────────────────────
+  handleRequest(req, res) {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    const method = req.method ?? "GET";
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    if (method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
+    if (!this.checkAuth(req, url, res)) return;
+    try {
+      if (method === "GET" && url.pathname === "/") {
+        this.serveDashboard(res);
+      } else if (method === "GET" && url.pathname === "/events") {
+        this.handleSSE(req, res);
+      } else if (method === "GET" && url.pathname === "/api/status") {
+        this.handleStatus(res);
+      } else if (method === "GET" && url.pathname === "/api/pending") {
+        this.handlePendingList(res);
+      } else if (method === "GET" && url.pathname === "/api/audit-log") {
+        this.handleAuditLog(url, res);
+      } else if (method === "POST" && url.pathname.startsWith("/api/approve/")) {
+        const id = url.pathname.slice("/api/approve/".length);
+        this.handleDecision(id, "approve", res);
+      } else if (method === "POST" && url.pathname.startsWith("/api/deny/")) {
+        const id = url.pathname.slice("/api/deny/".length);
+        this.handleDecision(id, "deny", res);
+      } else {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Not found" }));
+      }
+    } catch (err) {
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Internal server error" }));
+    }
+  }
+  // ── Route Handlers ──────────────────────────────────────────────────
+  serveDashboard(res) {
+    res.writeHead(200, {
+      "Content-Type": "text/html; charset=utf-8",
+      "Cache-Control": "no-cache"
+    });
+    res.end(this.dashboardHTML);
+  }
+  handleSSE(req, res) {
+    res.writeHead(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      "Connection": "keep-alive"
+    });
+    const initData = {};
+    if (this.baseline) {
+      initData.baseline = this.baseline.getProfile();
+    }
+    if (this.policy) {
+      initData.policy = {
+        tier1_always_approve: this.policy.tier1_always_approve,
+        tier2_anomaly: this.policy.tier2_anomaly,
+        tier3_always_allow: this.policy.tier3_always_allow,
+        approval_channel: {
+          type: this.policy.approval_channel.type,
+          timeout_seconds: this.policy.approval_channel.timeout_seconds,
+          auto_deny: this.policy.approval_channel.auto_deny
+        }
+      };
+    }
+    const pendingList = Array.from(this.pending.values()).map((p) => ({
+      request_id: p.id,
+      operation: p.request.operation,
+      tier: p.request.tier,
+      reason: p.request.reason,
+      context: p.request.context,
+      timestamp: p.request.timestamp
+    }));
+    if (pendingList.length > 0) {
+      initData.pending = pendingList;
+    }
+    res.write(`event: init
+data: ${JSON.stringify(initData)}
+
+`);
+    this.sseClients.add(res);
+    req.on("close", () => {
+      this.sseClients.delete(res);
+    });
+  }
+  handleStatus(res) {
+    const status = {
+      pending_count: this.pending.size,
+      connected_clients: this.sseClients.size
+    };
+    if (this.baseline) {
+      status.baseline = this.baseline.getProfile();
+    }
+    if (this.policy) {
+      status.policy = {
+        version: this.policy.version,
+        tier1_always_approve: this.policy.tier1_always_approve,
+        tier2_anomaly: this.policy.tier2_anomaly,
+        tier3_always_allow: this.policy.tier3_always_allow,
+        approval_channel: {
+          type: this.policy.approval_channel.type,
+          timeout_seconds: this.policy.approval_channel.timeout_seconds,
+          auto_deny: this.policy.approval_channel.auto_deny
+        }
+      };
+    }
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(status));
+  }
+  handlePendingList(res) {
+    const list = Array.from(this.pending.values()).map((p) => ({
+      id: p.id,
+      operation: p.request.operation,
+      tier: p.request.tier,
+      reason: p.request.reason,
+      context: p.request.context,
+      timestamp: p.request.timestamp,
+      created_at: p.created_at
+    }));
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify(list));
+  }
+  handleAuditLog(url, res) {
+    const limit = parseInt(url.searchParams.get("limit") ?? "50", 10);
+    if (this.auditLog) {
+      this.auditLog.query({ limit }).then((entries) => {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify(entries));
+      }).catch(() => {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify([]));
+      });
+    } else {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify([]));
+    }
+  }
+  handleDecision(id, decision, res) {
+    const pending = this.pending.get(id);
+    if (!pending) {
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Request not found or already resolved" }));
+      return;
+    }
+    clearTimeout(pending.timer);
+    this.pending.delete(id);
+    const response = {
+      decision,
+      decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+      decided_by: "human"
+    };
+    this.broadcastSSE("request-resolved", {
+      request_id: id,
+      decision,
+      decided_by: "human"
+    });
+    pending.resolve(response);
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ success: true, decision }));
+  }
+  // ── SSE Broadcasting ────────────────────────────────────────────────
+  broadcastSSE(event, data) {
+    const message = `event: ${event}
+data: ${JSON.stringify(data)}
+
+`;
+    for (const client of this.sseClients) {
+      try {
+        client.write(message);
+      } catch {
+        this.sseClients.delete(client);
+      }
+    }
+  }
+  /**
+   * Broadcast an audit entry to connected dashboards.
+   * Called externally when audit events happen.
+   */
+  broadcastAuditEntry(entry) {
+    this.broadcastSSE("audit-entry", entry);
+  }
+  /**
+   * Broadcast a baseline update to connected dashboards.
+   * Called externally after baseline changes.
+   */
+  broadcastBaselineUpdate() {
+    if (this.baseline) {
+      this.broadcastSSE("baseline-update", this.baseline.getProfile());
+    }
+  }
+  /** Get the number of pending requests */
+  get pendingCount() {
+    return this.pending.size;
+  }
+  /** Get the number of connected SSE clients */
+  get clientCount() {
+    return this.sseClients.size;
+  }
+};
+function signPayload(body, secret) {
+  return createHmac("sha256", secret).update(body).digest("hex");
+}
+function verifySignature(body, signature, secret) {
+  const expected = signPayload(body, secret);
+  if (expected.length !== signature.length) return false;
+  let mismatch = 0;
+  for (let i = 0; i < expected.length; i++) {
+    mismatch |= expected.charCodeAt(i) ^ signature.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+var WebhookApprovalChannel = class {
+  config;
+  pending = /* @__PURE__ */ new Map();
+  callbackServer = null;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Start the callback listener server.
+   */
+  async start() {
+    return new Promise((resolve, reject) => {
+      this.callbackServer = createServer$2(
+        (req, res) => this.handleCallback(req, res)
+      );
+      this.callbackServer.listen(
+        this.config.callback_port,
+        this.config.callback_host,
+        () => {
+          process.stderr.write(
+            `
+  Sanctuary Webhook Callback: http://${this.config.callback_host}:${this.config.callback_port}
+  Webhook target: ${this.config.webhook_url}
+
+`
+          );
+          resolve();
+        }
+      );
+      this.callbackServer.on("error", reject);
+    });
+  }
+  /**
+   * Stop the callback server and clean up pending requests.
+   */
+  async stop() {
+    for (const [, pending] of this.pending) {
+      clearTimeout(pending.timer);
+      pending.resolve({
+        decision: "deny",
+        decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+        decided_by: "auto"
+      });
+    }
+    this.pending.clear();
+    if (this.callbackServer) {
+      return new Promise((resolve) => {
+        this.callbackServer.close(() => resolve());
+      });
+    }
+  }
+  /**
+   * Request approval by POSTing to the webhook and waiting for a callback.
+   */
+  async requestApproval(request) {
+    const id = randomBytes$1(8).toString("hex");
+    process.stderr.write(
+      `[Sanctuary] Webhook approval sent: ${request.operation} (Tier ${request.tier}) \u2014 awaiting callback
+`
+    );
+    return new Promise((resolve) => {
+      const timer = setTimeout(() => {
+        this.pending.delete(id);
+        const response = {
+          decision: this.config.auto_deny ? "deny" : "approve",
+          decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+          decided_by: "timeout"
+        };
+        resolve(response);
+      }, this.config.timeout_seconds * 1e3);
+      const pending = {
+        id,
+        request,
+        resolve,
+        timer,
+        created_at: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      this.pending.set(id, pending);
+      const callbackUrl = `http://${this.config.callback_host}:${this.config.callback_port}/webhook/respond/${id}`;
+      const payload = {
+        request_id: id,
+        operation: request.operation,
+        tier: request.tier,
+        reason: request.reason,
+        context: request.context,
+        timestamp: request.timestamp,
+        callback_url: callbackUrl,
+        timeout_seconds: this.config.timeout_seconds
+      };
+      this.sendWebhook(payload).catch((err) => {
+        process.stderr.write(
+          `[Sanctuary] Webhook delivery failed: ${err instanceof Error ? err.message : String(err)}
+`
+        );
+      });
+    });
+  }
+  // ── Outbound Webhook ──────────────────────────────────────────────────
+  async sendWebhook(payload) {
+    const body = JSON.stringify(payload);
+    const signature = signPayload(body, this.config.webhook_secret);
+    const response = await fetch(this.config.webhook_url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-Sanctuary-Signature": signature,
+        "X-Sanctuary-Request-Id": payload.request_id
+      },
+      body
+    });
+    if (!response.ok) {
+      throw new Error(
+        `Webhook returned ${response.status}: ${await response.text().catch(() => "")}`
+      );
+    }
+  }
+  // ── Inbound Callback Handler ──────────────────────────────────────────
+  handleCallback(req, res) {
+    const url = new URL(
+      req.url ?? "/",
+      `http://${req.headers.host ?? "localhost"}`
+    );
+    const method = req.method ?? "GET";
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "POST, OPTIONS");
+    res.setHeader(
+      "Access-Control-Allow-Headers",
+      "Content-Type, X-Sanctuary-Signature"
+    );
+    if (method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
+    if (method === "GET" && url.pathname === "/health") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          status: "ok",
+          pending_count: this.pending.size
+        })
+      );
+      return;
+    }
+    const match = url.pathname.match(/^\/webhook\/respond\/([a-f0-9]+)$/);
+    if (method !== "POST" || !match) {
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Not found" }));
+      return;
+    }
+    const requestId = match[1];
+    let bodyChunks = [];
+    req.on("data", (chunk) => bodyChunks.push(chunk));
+    req.on("end", () => {
+      const body = Buffer.concat(bodyChunks).toString("utf-8");
+      const signature = req.headers["x-sanctuary-signature"];
+      if (typeof signature !== "string" || !verifySignature(body, signature, this.config.webhook_secret)) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({ error: "Invalid signature" })
+        );
+        return;
+      }
+      let callbackPayload;
+      try {
+        callbackPayload = JSON.parse(body);
+      } catch {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Invalid JSON" }));
+        return;
+      }
+      if (callbackPayload.decision !== "approve" && callbackPayload.decision !== "deny") {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: 'Decision must be "approve" or "deny"'
+          })
+        );
+        return;
+      }
+      if (callbackPayload.request_id !== requestId) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({ error: "Request ID mismatch" })
+        );
+        return;
+      }
+      const pending = this.pending.get(requestId);
+      if (!pending) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "Request not found or already resolved"
+          })
+        );
+        return;
+      }
+      clearTimeout(pending.timer);
+      this.pending.delete(requestId);
+      const response = {
+        decision: callbackPayload.decision,
+        decided_at: (/* @__PURE__ */ new Date()).toISOString(),
+        decided_by: "human"
+      };
+      pending.resolve(response);
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          success: true,
+          decision: callbackPayload.decision
+        })
+      );
+    });
+  }
+  /** Get the number of pending requests */
+  get pendingCount() {
+    return this.pending.size;
+  }
+};
+
+// src/principal-policy/gate.ts
+var ApprovalGate = class {
+  policy;
+  baseline;
+  channel;
+  auditLog;
+  constructor(policy, baseline, channel, auditLog) {
+    this.policy = policy;
+    this.baseline = baseline;
+    this.channel = channel;
+    this.auditLog = auditLog;
+  }
+  /**
+   * Evaluate a tool call against the Principal Policy.
    *
    * @param toolName - Full MCP tool name (e.g., "sanctuary/state_export")
    * @param args - Tool call arguments (for context extraction)
@@ -3912,6 +5699,7 @@ function deriveTrustTier(level) {
 // src/handshake/tools.ts
 function createHandshakeTools(config, identityManager, masterKey, auditLog) {
   const sessions = /* @__PURE__ */ new Map();
+  const handshakeResults = /* @__PURE__ */ new Map();
   const shrOpts = {
     config,
     identityManager,
@@ -4032,6 +5820,7 @@ function createHandshakeTools(config, identityManager, masterKey, auditLog) {
         session.their_shr = response.shr;
         session.their_nonce = response.responder_nonce;
         session.result = result.result;
+        handshakeResults.set(result.result.counterparty_id, result.result);
         auditLog.append("l4", "handshake_complete", session.our_shr.body.instance_id);
         return toolResult({
           completion: result.completion,
@@ -4068,6 +5857,9 @@ function createHandshakeTools(config, identityManager, masterKey, auditLog) {
           const result = verifyCompletion(completion, session);
           session.state = result.verified ? "completed" : "failed";
           session.result = result;
+          if (result.verified) {
+            handshakeResults.set(result.counterparty_id, result);
+          }
           auditLog.append(
             "l4",
             "handshake_verify_completion",
@@ -4087,7 +5879,759 @@ function createHandshakeTools(config, identityManager, masterKey, auditLog) {
       }
     }
   ];
-  return { tools };
+  return { tools, handshakeResults };
+}
+
+// src/federation/registry.ts
+var DEFAULT_CAPABILITIES = {
+  reputation_exchange: true,
+  mutual_attestation: true,
+  encrypted_channel: false,
+  attestation_formats: ["sanctuary-interaction-v1"]
+};
+var FederationRegistry = class {
+  peers = /* @__PURE__ */ new Map();
+  /**
+   * Register or update a peer from a completed handshake.
+   * This is the ONLY way peers enter the registry.
+   */
+  registerFromHandshake(result, peerDid, capabilities) {
+    const existing = this.peers.get(result.counterparty_id);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const peer = {
+      peer_id: result.counterparty_id,
+      peer_did: peerDid,
+      first_seen: existing?.first_seen ?? now,
+      last_handshake: result.completed_at,
+      trust_tier: trustTierToSovereigntyTier(result.trust_tier),
+      handshake_result: result,
+      capabilities: {
+        ...DEFAULT_CAPABILITIES,
+        ...existing?.capabilities ?? {},
+        ...capabilities ?? {}
+      },
+      active: result.verified && new Date(result.expires_at) > /* @__PURE__ */ new Date()
+    };
+    if (!peer.active) {
+      peer.trust_tier = "self-attested";
+    }
+    this.peers.set(result.counterparty_id, peer);
+    return peer;
+  }
+  /**
+   * Get a peer by instance ID.
+   * Automatically updates active status based on handshake expiry.
+   */
+  getPeer(peerId) {
+    const peer = this.peers.get(peerId);
+    if (!peer) return null;
+    if (peer.active && new Date(peer.handshake_result.expires_at) <= /* @__PURE__ */ new Date()) {
+      peer.active = false;
+      peer.trust_tier = "self-attested";
+    }
+    return peer;
+  }
+  /**
+   * List all known peers, optionally filtered by status.
+   */
+  listPeers(filter) {
+    const peers = Array.from(this.peers.values());
+    for (const peer of peers) {
+      if (peer.active && new Date(peer.handshake_result.expires_at) <= /* @__PURE__ */ new Date()) {
+        peer.active = false;
+        peer.trust_tier = "self-attested";
+      }
+    }
+    if (filter?.active_only) {
+      return peers.filter((p) => p.active);
+    }
+    return peers;
+  }
+  /**
+   * Evaluate trust for a federation peer.
+   *
+   * Trust assessment considers:
+   * - Handshake status (current vs expired)
+   * - Sovereignty tier (verified-sovereign vs degraded vs unverified)
+   * - Reputation data (if available)
+   * - Mutual attestation history
+   */
+  evaluateTrust(peerId, mutualAttestationCount = 0, reputationScore) {
+    const peer = this.getPeer(peerId);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    if (!peer) {
+      return {
+        peer_id: peerId,
+        sovereignty_tier: "unverified",
+        handshake_current: false,
+        mutual_attestation_count: 0,
+        trust_level: "none",
+        factors: ["Peer not found in federation registry"],
+        evaluated_at: now
+      };
+    }
+    const factors = [];
+    let score = 0;
+    if (peer.active) {
+      factors.push("Active handshake (trust current)");
+      score += 3;
+    } else {
+      factors.push("Handshake expired (trust degraded)");
+      score += 1;
+    }
+    switch (peer.trust_tier) {
+      case "verified-sovereign":
+        factors.push("Verified sovereign \u2014 full sovereignty posture");
+        score += 4;
+        break;
+      case "verified-degraded":
+        factors.push("Verified degraded \u2014 sovereignty with known limitations");
+        score += 3;
+        break;
+      case "self-attested":
+        factors.push("Self-attested \u2014 claims not independently verified");
+        score += 1;
+        break;
+      case "unverified":
+        factors.push("Unverified \u2014 no sovereignty proof");
+        score += 0;
+        break;
+    }
+    if (mutualAttestationCount > 10) {
+      factors.push(`Strong attestation history (${mutualAttestationCount} mutual attestations)`);
+      score += 3;
+    } else if (mutualAttestationCount > 0) {
+      factors.push(`Some attestation history (${mutualAttestationCount} mutual attestations)`);
+      score += 1;
+    } else {
+      factors.push("No mutual attestation history");
+    }
+    if (reputationScore !== void 0) {
+      if (reputationScore >= 80) {
+        factors.push(`High reputation score (${reputationScore})`);
+        score += 2;
+      } else if (reputationScore >= 50) {
+        factors.push(`Moderate reputation score (${reputationScore})`);
+        score += 1;
+      } else {
+        factors.push(`Low reputation score (${reputationScore})`);
+      }
+    }
+    let trust_level;
+    if (score >= 9) trust_level = "high";
+    else if (score >= 5) trust_level = "medium";
+    else if (score >= 2) trust_level = "low";
+    else trust_level = "none";
+    return {
+      peer_id: peerId,
+      sovereignty_tier: peer.trust_tier,
+      handshake_current: peer.active,
+      reputation_score: reputationScore,
+      mutual_attestation_count: mutualAttestationCount,
+      trust_level,
+      factors,
+      evaluated_at: now
+    };
+  }
+  /**
+   * Remove a peer from the registry.
+   */
+  removePeer(peerId) {
+    return this.peers.delete(peerId);
+  }
+  /**
+   * Get the handshake results map (for tier resolution integration).
+   */
+  getHandshakeResults() {
+    const results = /* @__PURE__ */ new Map();
+    for (const [id, peer] of this.peers) {
+      if (peer.active) {
+        results.set(id, peer.handshake_result);
+      }
+    }
+    return results;
+  }
+};
+
+// src/federation/tools.ts
+function createFederationTools(auditLog, handshakeResults) {
+  const registry = new FederationRegistry();
+  const tools = [
+    // ─── Peer Management ──────────────────────────────────────────────
+    {
+      name: "sanctuary/federation_peers",
+      description: "List known federation peers, register a peer from a completed handshake, or remove a peer. Every peer MUST enter through a verified handshake \u2014 no self-registration allowed.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          action: {
+            type: "string",
+            enum: ["list", "register", "remove"],
+            description: "Operation to perform on the peer registry"
+          },
+          peer_id: {
+            type: "string",
+            description: "Peer instance ID (required for register/remove)"
+          },
+          peer_did: {
+            type: "string",
+            description: "Peer DID (required for register)"
+          },
+          active_only: {
+            type: "boolean",
+            description: "When listing, only show peers with active handshakes"
+          }
+        },
+        required: ["action"]
+      },
+      handler: async (args) => {
+        const action = args.action;
+        switch (action) {
+          case "list": {
+            const peers = registry.listPeers({
+              active_only: args.active_only
+            });
+            auditLog.append("l4", "federation_peers_list", "system", {
+              peer_count: peers.length
+            });
+            return toolResult({
+              peers: peers.map((p) => ({
+                peer_id: p.peer_id,
+                peer_did: p.peer_did,
+                trust_tier: p.trust_tier,
+                active: p.active,
+                first_seen: p.first_seen,
+                last_handshake: p.last_handshake,
+                capabilities: p.capabilities
+              })),
+              total: peers.length
+            });
+          }
+          case "register": {
+            const peerId = args.peer_id;
+            const peerDid = args.peer_did;
+            if (!peerId || !peerDid) {
+              return toolResult({
+                error: "Both peer_id and peer_did are required for registration."
+              });
+            }
+            const hsResult = handshakeResults.get(peerId);
+            if (!hsResult) {
+              return toolResult({
+                error: `No completed handshake found for peer "${peerId}". Complete a sovereignty handshake first using handshake_initiate.`
+              });
+            }
+            if (!hsResult.verified) {
+              return toolResult({
+                error: `Handshake with "${peerId}" was not verified. Only verified handshakes can establish federation.`
+              });
+            }
+            const peer = registry.registerFromHandshake(hsResult, peerDid);
+            auditLog.append("l4", "federation_peer_register", "system", {
+              peer_id: peerId,
+              peer_did: peerDid,
+              trust_tier: peer.trust_tier
+            });
+            return toolResult({
+              registered: true,
+              peer_id: peer.peer_id,
+              trust_tier: peer.trust_tier,
+              active: peer.active,
+              capabilities: peer.capabilities
+            });
+          }
+          case "remove": {
+            const peerId = args.peer_id;
+            if (!peerId) {
+              return toolResult({ error: "peer_id is required for removal." });
+            }
+            const removed = registry.removePeer(peerId);
+            auditLog.append("l4", "federation_peer_remove", "system", {
+              peer_id: peerId,
+              removed
+            });
+            return toolResult({
+              removed,
+              peer_id: peerId
+            });
+          }
+          default:
+            return toolResult({ error: `Unknown action: ${action}` });
+        }
+      }
+    },
+    // ─── Trust Evaluation ─────────────────────────────────────────────
+    {
+      name: "sanctuary/federation_trust_evaluate",
+      description: "Evaluate the trust level of a federation peer. Considers handshake status, sovereignty tier, reputation score, and mutual attestation history. Returns a composite trust assessment.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          peer_id: {
+            type: "string",
+            description: "Peer instance ID to evaluate"
+          },
+          mutual_attestation_count: {
+            type: "number",
+            description: "Number of mutual attestations with this peer (0 if unknown)"
+          },
+          reputation_score: {
+            type: "number",
+            description: "Peer's weighted reputation score (from reputation_query_weighted)"
+          }
+        },
+        required: ["peer_id"]
+      },
+      handler: async (args) => {
+        const peerId = args.peer_id;
+        const mutualCount = args.mutual_attestation_count ?? 0;
+        const repScore = args.reputation_score;
+        const evaluation = registry.evaluateTrust(peerId, mutualCount, repScore);
+        auditLog.append("l4", "federation_trust_evaluate", "system", {
+          peer_id: peerId,
+          trust_level: evaluation.trust_level,
+          sovereignty_tier: evaluation.sovereignty_tier
+        });
+        return toolResult(evaluation);
+      }
+    },
+    // ─── Federation Status ────────────────────────────────────────────
+    {
+      name: "sanctuary/federation_status",
+      description: "Overview of federation state: total peers, active connections, trust distribution, and readiness for cross-instance operations.",
+      inputSchema: {
+        type: "object",
+        properties: {}
+      },
+      handler: async () => {
+        const allPeers = registry.listPeers();
+        const activePeers = registry.listPeers({ active_only: true });
+        const tierCounts = {
+          "verified-sovereign": 0,
+          "verified-degraded": 0,
+          "self-attested": 0,
+          "unverified": 0
+        };
+        for (const peer of allPeers) {
+          tierCounts[peer.trust_tier] = (tierCounts[peer.trust_tier] ?? 0) + 1;
+        }
+        const capCounts = {
+          reputation_exchange: activePeers.filter((p) => p.capabilities.reputation_exchange).length,
+          mutual_attestation: activePeers.filter((p) => p.capabilities.mutual_attestation).length,
+          encrypted_channel: activePeers.filter((p) => p.capabilities.encrypted_channel).length
+        };
+        auditLog.append("l4", "federation_status", "system", {
+          total_peers: allPeers.length,
+          active_peers: activePeers.length
+        });
+        return toolResult({
+          total_peers: allPeers.length,
+          active_peers: activePeers.length,
+          expired_peers: allPeers.length - activePeers.length,
+          trust_distribution: tierCounts,
+          capability_coverage: capCounts,
+          federation_ready: activePeers.length > 0,
+          checked_at: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
+    }
+  ];
+  return { tools, registry };
+}
+
+// src/bridge/tools.ts
+init_encoding();
+init_encoding();
+
+// src/bridge/bridge.ts
+init_encoding();
+init_hashing();
+function canonicalize(outcome) {
+  return stringToBytes(stableStringify(outcome));
+}
+function stableStringify(value) {
+  if (value === null || value === void 0) return JSON.stringify(value);
+  if (typeof value !== "object") return JSON.stringify(value);
+  if (Array.isArray(value)) {
+    return "[" + value.map((v) => stableStringify(v)).join(",") + "]";
+  }
+  const obj = value;
+  const keys = Object.keys(obj).sort();
+  const pairs = keys.map((k) => JSON.stringify(k) + ":" + stableStringify(obj[k]));
+  return "{" + pairs.join(",") + "}";
+}
+function createBridgeCommitment(outcome, identity, identityEncryptionKey, includePedersen = false) {
+  const commitmentId = `bridge-${Date.now()}-${toBase64url(randomBytes(8))}`;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const canonicalBytes = canonicalize(outcome);
+  const canonicalString = new TextDecoder().decode(canonicalBytes);
+  const sha2564 = createCommitment(canonicalString);
+  let pedersenData;
+  if (includePedersen && Number.isInteger(outcome.rounds) && outcome.rounds >= 0) {
+    const pedersen = createPedersenCommitment(outcome.rounds);
+    pedersenData = {
+      commitment: pedersen.commitment,
+      blinding_factor: pedersen.blinding_factor
+    };
+  }
+  const commitmentPayload = {
+    bridge_commitment_id: commitmentId,
+    session_id: outcome.session_id,
+    sha256_commitment: sha2564.commitment,
+    committer_did: identity.did,
+    committed_at: now,
+    bridge_version: "sanctuary-concordia-bridge-v1"
+  };
+  const payloadBytes = stringToBytes(JSON.stringify(commitmentPayload));
+  const signature = sign(payloadBytes, identity.encrypted_private_key, identityEncryptionKey);
+  return {
+    bridge_commitment_id: commitmentId,
+    session_id: outcome.session_id,
+    sha256_commitment: sha2564.commitment,
+    blinding_factor: sha2564.blinding_factor,
+    committer_did: identity.did,
+    signature: toBase64url(signature),
+    pedersen_commitment: pedersenData,
+    committed_at: now,
+    bridge_version: "sanctuary-concordia-bridge-v1"
+  };
+}
+function verifyBridgeCommitment(commitment, outcome, committerPublicKey) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const canonicalString = new TextDecoder().decode(canonicalize(outcome));
+  const sha256Match = verifyCommitment(
+    commitment.sha256_commitment,
+    canonicalString,
+    commitment.blinding_factor
+  );
+  const commitmentPayload = {
+    bridge_commitment_id: commitment.bridge_commitment_id,
+    session_id: commitment.session_id,
+    sha256_commitment: commitment.sha256_commitment,
+    committer_did: commitment.committer_did,
+    committed_at: commitment.committed_at,
+    bridge_version: commitment.bridge_version
+  };
+  const payloadBytes = stringToBytes(JSON.stringify(commitmentPayload));
+  const sigBytes = fromBase64url(commitment.signature);
+  const signatureValid = verify(payloadBytes, sigBytes, committerPublicKey);
+  const sessionIdMatch = commitment.session_id === outcome.session_id;
+  const termsBytes = stringToBytes(stableStringify(outcome.terms));
+  const computedTermsHash = toBase64url(hash(termsBytes));
+  const termsHashMatch = computedTermsHash === outcome.terms_hash;
+  let pedersenMatch;
+  if (commitment.pedersen_commitment) {
+    pedersenMatch = verifyPedersenCommitment(
+      commitment.pedersen_commitment.commitment,
+      outcome.rounds,
+      commitment.pedersen_commitment.blinding_factor
+    );
+  }
+  const valid = sha256Match && signatureValid && sessionIdMatch && termsHashMatch && (pedersenMatch === void 0 || pedersenMatch);
+  return {
+    valid,
+    checks: {
+      sha256_match: sha256Match,
+      signature_valid: signatureValid,
+      session_id_match: sessionIdMatch,
+      terms_hash_match: termsHashMatch,
+      pedersen_match: pedersenMatch
+    },
+    bridge_commitment_id: commitment.bridge_commitment_id,
+    verified_at: now
+  };
+}
+
+// src/bridge/tools.ts
+var BridgeStore = class {
+  storage;
+  encryptionKey;
+  constructor(storage, masterKey) {
+    this.storage = storage;
+    this.encryptionKey = derivePurposeKey(masterKey, "bridge-commitments");
+  }
+  async save(commitment, outcome) {
+    const record = { commitment, outcome };
+    const serialized = stringToBytes(JSON.stringify(record));
+    const encrypted = encrypt(serialized, this.encryptionKey);
+    await this.storage.write(
+      "_bridge",
+      commitment.bridge_commitment_id,
+      stringToBytes(JSON.stringify(encrypted))
+    );
+  }
+  async get(commitmentId) {
+    const raw = await this.storage.read("_bridge", commitmentId);
+    if (!raw) return null;
+    try {
+      const encrypted = JSON.parse(bytesToString(raw));
+      const decrypted = decrypt(encrypted, this.encryptionKey);
+      return JSON.parse(bytesToString(decrypted));
+    } catch {
+      return null;
+    }
+  }
+};
+function createBridgeTools(storage, masterKey, identityManager, auditLog, handshakeResults) {
+  const bridgeStore = new BridgeStore(storage, masterKey);
+  const reputationStore = new ReputationStore(storage, masterKey);
+  const identityEncryptionKey = derivePurposeKey(masterKey, "identity-encryption");
+  const hsResults = handshakeResults ?? /* @__PURE__ */ new Map();
+  function resolveIdentity(identityId) {
+    const id = identityId ? identityManager.get(identityId) : identityManager.getDefault();
+    if (!id) {
+      throw new Error(
+        identityId ? `Identity "${identityId}" not found` : "No identity available. Create one with identity_create first."
+      );
+    }
+    return id;
+  }
+  const tools = [
+    // ─── bridge_commit ─────────────────────────────────────────────────
+    {
+      name: "sanctuary/bridge_commit",
+      description: "Create a cryptographic commitment binding a Concordia negotiation outcome to Sanctuary's L3 proof layer. The commitment includes a SHA-256 hash of the canonical outcome (hiding + binding), an Ed25519 signature by the committer's identity, and an optional Pedersen commitment on the round count for zero-knowledge range proofs. This is the Sanctuary side of the Concordia bridge \u2014 call this when a Concordia `accept` fires.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          session_id: {
+            type: "string",
+            description: "Concordia session identifier"
+          },
+          protocol_version: {
+            type: "string",
+            description: 'Concordia protocol version (e.g., "concordia-v1")'
+          },
+          proposer_did: {
+            type: "string",
+            description: "DID of the party who proposed the accepted terms"
+          },
+          acceptor_did: {
+            type: "string",
+            description: "DID of the party who accepted"
+          },
+          terms: {
+            type: "object",
+            description: "The accepted terms (opaque to Sanctuary, meaningful to Concordia)"
+          },
+          terms_hash: {
+            type: "string",
+            description: "SHA-256 hash of the canonical terms serialization (computed by Concordia)"
+          },
+          rounds: {
+            type: "number",
+            description: "Number of negotiation rounds (propose/counter cycles)"
+          },
+          accepted_at: {
+            type: "string",
+            description: "ISO 8601 timestamp when accept was issued"
+          },
+          session_receipt: {
+            type: "string",
+            description: "Optional: signed Concordia session receipt"
+          },
+          identity_id: {
+            type: "string",
+            description: "Sanctuary identity to sign the commitment (uses default if omitted)"
+          },
+          include_pedersen: {
+            type: "boolean",
+            description: "Include a Pedersen commitment on round count for ZK range proofs"
+          }
+        },
+        required: [
+          "session_id",
+          "protocol_version",
+          "proposer_did",
+          "acceptor_did",
+          "terms",
+          "terms_hash",
+          "rounds",
+          "accepted_at"
+        ]
+      },
+      handler: async (args) => {
+        const outcome = {
+          session_id: args.session_id,
+          protocol_version: args.protocol_version,
+          proposer_did: args.proposer_did,
+          acceptor_did: args.acceptor_did,
+          terms: args.terms,
+          terms_hash: args.terms_hash,
+          rounds: args.rounds,
+          accepted_at: args.accepted_at,
+          session_receipt: args.session_receipt
+        };
+        const identity = resolveIdentity(args.identity_id);
+        const includePedersen = args.include_pedersen ?? false;
+        const bridgeCommitment = createBridgeCommitment(
+          outcome,
+          identity,
+          identityEncryptionKey,
+          includePedersen
+        );
+        await bridgeStore.save(bridgeCommitment, outcome);
+        auditLog.append("l3", "bridge_commit", identity.identity_id, {
+          bridge_commitment_id: bridgeCommitment.bridge_commitment_id,
+          session_id: outcome.session_id,
+          counterparty: outcome.proposer_did === identity.did ? outcome.acceptor_did : outcome.proposer_did
+        });
+        return toolResult({
+          bridge_commitment_id: bridgeCommitment.bridge_commitment_id,
+          session_id: bridgeCommitment.session_id,
+          sha256_commitment: bridgeCommitment.sha256_commitment,
+          committer_did: bridgeCommitment.committer_did,
+          signature: bridgeCommitment.signature,
+          pedersen_commitment: bridgeCommitment.pedersen_commitment ? { commitment: bridgeCommitment.pedersen_commitment.commitment } : void 0,
+          committed_at: bridgeCommitment.committed_at,
+          bridge_version: bridgeCommitment.bridge_version,
+          note: "Bridge commitment created. The blinding factor is stored encrypted. Use bridge_verify to verify the commitment against the revealed outcome. Use bridge_attest to link this negotiation to your reputation."
+        });
+      }
+    },
+    // ─── bridge_verify ───────────────────────────────────────────────────
+    {
+      name: "sanctuary/bridge_verify",
+      description: "Verify a bridge commitment against a revealed Concordia negotiation outcome. Checks SHA-256 commitment validity, Ed25519 signature, session ID match, terms hash integrity, and Pedersen commitment (if present). Use this to confirm that a counterparty's claimed negotiation outcome matches what was cryptographically committed.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          bridge_commitment_id: {
+            type: "string",
+            description: "The bridge commitment ID to verify"
+          },
+          committer_public_key: {
+            type: "string",
+            description: "The committer's Ed25519 public key (base64url). Required if verifying a counterparty's commitment. Omit to auto-resolve from local identities."
+          }
+        },
+        required: ["bridge_commitment_id"]
+      },
+      handler: async (args) => {
+        const commitmentId = args.bridge_commitment_id;
+        const externalPublicKey = args.committer_public_key;
+        const record = await bridgeStore.get(commitmentId);
+        if (!record) {
+          return toolResult({
+            error: `Bridge commitment "${commitmentId}" not found`
+          });
+        }
+        const { commitment: storedCommitment, outcome } = record;
+        let publicKey;
+        if (externalPublicKey) {
+          publicKey = fromBase64url(externalPublicKey);
+        } else {
+          const localIdentities = identityManager.list();
+          const match = localIdentities.find((i) => i.did === storedCommitment.committer_did);
+          if (!match) {
+            return toolResult({
+              error: `Cannot resolve public key for committer "${storedCommitment.committer_did}". Provide committer_public_key for external verification.`
+            });
+          }
+          publicKey = fromBase64url(match.public_key);
+        }
+        const result = verifyBridgeCommitment(storedCommitment, outcome, publicKey);
+        auditLog.append("l3", "bridge_verify", "system", {
+          bridge_commitment_id: commitmentId,
+          session_id: storedCommitment.session_id,
+          valid: result.valid
+        });
+        return toolResult({
+          ...result,
+          session_id: storedCommitment.session_id,
+          committer_did: storedCommitment.committer_did
+        });
+      }
+    },
+    // ─── bridge_attest ───────────────────────────────────────────────────
+    {
+      name: "sanctuary/bridge_attest",
+      description: "Record a Concordia negotiation as a Sanctuary L4 reputation attestation, linked to a bridge commitment. This completes the bridge: the commitment (L3) proves the terms were agreed, and the attestation (L4) feeds the sovereignty-weighted reputation score. The attestation is automatically tagged with the counterparty's sovereignty tier from any completed handshake.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          bridge_commitment_id: {
+            type: "string",
+            description: "The bridge commitment ID to link"
+          },
+          outcome_result: {
+            type: "string",
+            enum: ["completed", "partial", "failed", "disputed"],
+            description: "Negotiation outcome for reputation scoring"
+          },
+          metrics: {
+            type: "object",
+            description: "Optional metrics (e.g., rounds, response_time_ms, terms_complexity)"
+          },
+          identity_id: {
+            type: "string",
+            description: "Identity to sign the attestation (uses default if omitted)"
+          }
+        },
+        required: ["bridge_commitment_id", "outcome_result"]
+      },
+      handler: async (args) => {
+        const commitmentId = args.bridge_commitment_id;
+        const outcomeResult = args.outcome_result;
+        const metrics = args.metrics ?? {};
+        const identityId = args.identity_id;
+        const record = await bridgeStore.get(commitmentId);
+        if (!record) {
+          return toolResult({
+            error: `Bridge commitment "${commitmentId}" not found`
+          });
+        }
+        const { outcome } = record;
+        const identity = resolveIdentity(identityId);
+        const counterpartyDid = outcome.proposer_did === identity.did ? outcome.acceptor_did : outcome.proposer_did;
+        const hasSanctuaryIdentity = identityManager.list().some(
+          (id) => identityManager.get(id.identity_id)?.did === counterpartyDid
+        );
+        const tierMeta = resolveTier(counterpartyDid, hsResults, hasSanctuaryIdentity);
+        const tier = tierMeta.sovereignty_tier;
+        const fullMetrics = {
+          ...metrics,
+          negotiation_rounds: outcome.rounds
+        };
+        const attestation = await reputationStore.record(
+          outcome.session_id,
+          // interaction_id = concordia session
+          counterpartyDid,
+          {
+            type: "negotiation",
+            result: outcomeResult,
+            metrics: fullMetrics
+          },
+          "concordia-bridge",
+          // context
+          identity,
+          identityEncryptionKey,
+          void 0,
+          // counterparty_attestation
+          tier
+        );
+        auditLog.append("l4", "bridge_attest", identity.identity_id, {
+          bridge_commitment_id: commitmentId,
+          session_id: outcome.session_id,
+          attestation_id: attestation.attestation.attestation_id,
+          counterparty_did: counterpartyDid,
+          sovereignty_tier: tier
+        });
+        const weight = TIER_WEIGHTS[tier];
+        return toolResult({
+          attestation_id: attestation.attestation.attestation_id,
+          bridge_commitment_id: commitmentId,
+          session_id: outcome.session_id,
+          counterparty_did: counterpartyDid,
+          outcome_result: outcomeResult,
+          sovereignty_tier: tier,
+          attested_at: attestation.recorded_at,
+          note: `Negotiation recorded as reputation attestation. Counterparty sovereignty tier: ${tier} (weight: ${weight}).`
+        });
+      }
+    }
+  ];
+  return { tools };
 }
 
 // src/index.ts
@@ -4369,30 +6913,74 @@ async function createSanctuaryServer(options) {
     }
   };
   const { tools: l3Tools } = createL3Tools(storage, masterKey, auditLog);
-  const { tools: l4Tools } = createL4Tools(
-    storage,
-    masterKey,
-    identityManager,
-    auditLog
-  );
-  const policy = await loadPrincipalPolicy(config.storage_path);
-  const baseline = new BaselineTracker(storage, masterKey);
-  await baseline.load();
-  const approvalChannel = new StderrApprovalChannel(policy.approval_channel);
-  const gate = new ApprovalGate(policy, baseline, approvalChannel, auditLog);
-  const policyTools = createPrincipalPolicyTools(policy, baseline, auditLog);
   const { tools: shrTools } = createSHRTools(
     config,
     identityManager,
     masterKey,
     auditLog
   );
-  const { tools: handshakeTools } = createHandshakeTools(
+  const { tools: handshakeTools, handshakeResults } = createHandshakeTools(
     config,
     identityManager,
     masterKey,
     auditLog
   );
+  const { tools: l4Tools } = createL4Tools(
+    storage,
+    masterKey,
+    identityManager,
+    auditLog,
+    handshakeResults
+  );
+  const { tools: federationTools } = createFederationTools(
+    auditLog,
+    handshakeResults
+  );
+  const { tools: bridgeTools } = createBridgeTools(
+    storage,
+    masterKey,
+    identityManager,
+    auditLog,
+    handshakeResults
+  );
+  const policy = await loadPrincipalPolicy(config.storage_path);
+  const baseline = new BaselineTracker(storage, masterKey);
+  await baseline.load();
+  let approvalChannel;
+  let dashboard;
+  if (config.dashboard.enabled) {
+    let authToken = config.dashboard.auth_token;
+    if (authToken === "auto") {
+      const { randomBytes: rb } = await import('crypto');
+      authToken = rb(32).toString("hex");
+    }
+    dashboard = new DashboardApprovalChannel({
+      port: config.dashboard.port,
+      host: config.dashboard.host,
+      timeout_seconds: policy.approval_channel.timeout_seconds,
+      auto_deny: policy.approval_channel.auto_deny,
+      auth_token: authToken,
+      tls: config.dashboard.tls
+    });
+    dashboard.setDependencies({ policy, baseline, auditLog });
+    await dashboard.start();
+    approvalChannel = dashboard;
+  } else if (config.webhook.enabled && config.webhook.url && config.webhook.secret) {
+    const webhook = new WebhookApprovalChannel({
+      webhook_url: config.webhook.url,
+      webhook_secret: config.webhook.secret,
+      callback_port: config.webhook.callback_port,
+      callback_host: config.webhook.callback_host,
+      timeout_seconds: policy.approval_channel.timeout_seconds,
+      auto_deny: policy.approval_channel.auto_deny
+    });
+    await webhook.start();
+    approvalChannel = webhook;
+  } else {
+    approvalChannel = new StderrApprovalChannel(policy.approval_channel);
+  }
+  const gate = new ApprovalGate(policy, baseline, approvalChannel, auditLog);
+  const policyTools = createPrincipalPolicyTools(policy, baseline, auditLog);
   const allTools = [
     ...l1Tools,
     ...l2Tools,
@@ -4401,6 +6989,8 @@ async function createSanctuaryServer(options) {
     ...policyTools,
     ...shrTools,
     ...handshakeTools,
+    ...federationTools,
+    ...bridgeTools,
     manifestTool
   ];
   const server = createServer(allTools, { gate });
@@ -4428,7 +7018,21 @@ async function createSanctuaryServer(options) {
 
 // src/cli.ts
 async function main() {
-  const passphrase = process.env.SANCTUARY_PASSPHRASE;
+  const args = process.argv.slice(2);
+  let passphrase = process.env.SANCTUARY_PASSPHRASE;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--dashboard") {
+      process.env.SANCTUARY_DASHBOARD_ENABLED = "true";
+    } else if (args[i] === "--passphrase" && args[i + 1]) {
+      passphrase = args[++i];
+    } else if (args[i] === "--help" || args[i] === "-h") {
+      printHelp();
+      process.exit(0);
+    } else if (args[i] === "--version" || args[i] === "-v") {
+      console.log("@sanctuary-framework/mcp-server 0.3.0");
+      process.exit(0);
+    }
+  }
   const { server, config } = await createSanctuaryServer({ passphrase });
   if (config.transport === "stdio") {
     const transport = new StdioServerTransport();
@@ -4441,6 +7045,34 @@ async function main() {
     process.exit(1);
   }
 }
+function printHelp() {
+  console.log(`
+@sanctuary-framework/mcp-server v0.3.0
+
+Sovereignty infrastructure for agents in the agentic economy.
+
+Usage:
+  sanctuary-mcp-server [options]
+
+Options:
+  --dashboard          Enable the Principal Dashboard (web UI)
+  --passphrase <pass>  Derive encryption key from passphrase
+  --help, -h           Show this help
+  --version, -v        Show version
+
+Environment variables:
+  SANCTUARY_STORAGE_PATH            State directory (default: ~/.sanctuary)
+  SANCTUARY_PASSPHRASE              Key derivation passphrase
+  SANCTUARY_DASHBOARD_ENABLED       "true" to enable dashboard
+  SANCTUARY_DASHBOARD_PORT          Dashboard port (default: 3501)
+  SANCTUARY_DASHBOARD_AUTH_TOKEN    Bearer token or "auto"
+  SANCTUARY_WEBHOOK_ENABLED         "true" to enable webhook approvals
+  SANCTUARY_WEBHOOK_URL             Webhook target URL
+  SANCTUARY_WEBHOOK_SECRET          HMAC-SHA256 shared secret
+
+For more info: https://github.com/eriknewton/sanctuary-framework
+`);
+}
 main().catch((err) => {
   console.error("Sanctuary MCP Server failed to start:", err);
   process.exit(1);