@sanctuary-framework/mcp-server 0.8.0 → 0.10.1

package/dist/index.js

@@ -13,8 +13,8 @@ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
 import { createServer as createServer$2 } from 'http';
 import { createServer as createServer$1 } from 'https';
-import { readFileSync, statSync } from 'fs';
 import { exec, execSync } from 'child_process';
+import { statSync } from 'fs';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
@@ -380,6 +380,48 @@ var init_identity = __esm({
     init_random();
   }
 });
+async function tightenStoragePermissions(root) {
+  try {
+    await tightenEntry(root);
+  } catch {
+  }
+}
+async function tightenEntry(path) {
+  let info;
+  try {
+    info = await stat(path);
+  } catch {
+    return;
+  }
+  if (info.isDirectory()) {
+    const current = info.mode & 511;
+    if (current !== 448) {
+      try {
+        await chmod(path, 448);
+      } catch (err) {
+        console.error(`  Warning: could not chmod dir ${path}: ${err.message}`);
+      }
+    }
+    let entries;
+    try {
+      entries = await readdir(path);
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      await tightenEntry(join(path, entry));
+    }
+  } else if (info.isFile()) {
+    const current = info.mode & 511;
+    if (current !== 384) {
+      try {
+        await chmod(path, 384);
+      } catch (err) {
+        console.error(`  Warning: could not chmod file ${path}: ${err.message}`);
+      }
+    }
+  }
+}
 var require2 = createRequire(import.meta.url);
 var { version: PKG_VERSION } = require2("../package.json");
 var SANCTUARY_VERSION = PKG_VERSION;
@@ -773,17 +815,48 @@ var RESERVED_NAMESPACE_PREFIXES = [
   "_sovereignty_profile",
   "_context_gate_policies"
 ];
-var StateStore = class {
+var StateStore = class _StateStore {
   storage;
   masterKey;
   // Cache of version numbers per namespace/key for anti-rollback
   versionCache = /* @__PURE__ */ new Map();
   // Cache of content hashes per namespace for Merkle tree computation
   contentHashes = /* @__PURE__ */ new Map();
+  // LRU-with-TTL cache for derived namespace keys (avoids repeated HKDF)
+  namespaceKeyCache = /* @__PURE__ */ new Map();
+  static KEY_CACHE_TTL_MS = 15 * 60 * 1e3;
+  // 15 minutes
+  static KEY_CACHE_MAX_ENTRIES = 128;
   constructor(storage, masterKey) {
     this.storage = storage;
     this.masterKey = masterKey;
   }
+  /**
+   * Get or derive a namespace encryption key, with caching.
+   * Cache entries expire after 15 minutes and are evicted LRU when
+   * the cache exceeds 128 entries.
+   */
+  getNamespaceKey(namespace) {
+    const now = Date.now();
+    const cached = this.namespaceKeyCache.get(namespace);
+    if (cached && cached.expiresAt > now) {
+      return cached.key;
+    }
+    if (this.namespaceKeyCache.size >= _StateStore.KEY_CACHE_MAX_ENTRIES) {
+      const firstKey = this.namespaceKeyCache.keys().next().value;
+      if (firstKey !== void 0) this.namespaceKeyCache.delete(firstKey);
+    }
+    const derived = deriveNamespaceKey(this.masterKey, namespace);
+    this.namespaceKeyCache.set(namespace, {
+      key: derived,
+      expiresAt: now + _StateStore.KEY_CACHE_TTL_MS
+    });
+    return derived;
+  }
+  /** Invalidate all cached namespace keys (call on master key rotation). */
+  invalidateKeyCache() {
+    this.namespaceKeyCache.clear();
+  }
   versionKey(namespace, key) {
     return `${namespace}/${key}`;
   }
@@ -825,7 +898,7 @@ var StateStore = class {
    * @param options - Optional metadata
    */
   async write(namespace, key, value, identityId, encryptedPrivateKey, identityEncryptionKey, options = {}) {
-    const namespaceKey = deriveNamespaceKey(this.masterKey, namespace);
+    const namespaceKey = this.getNamespaceKey(namespace);
     const plaintext = stringToBytes(value);
     const integrityHash = hashToString(plaintext);
     const payload = encrypt(plaintext, namespaceKey);
@@ -906,7 +979,7 @@ var StateStore = class {
         );
       }
     }
-    const namespaceKey = deriveNamespaceKey(this.masterKey, namespace);
+    const namespaceKey = this.getNamespaceKey(namespace);
     const plaintext = decrypt(stateEntry.payload, namespaceKey);
     const value = bytesToString(plaintext);
     const computedHash = hashToString(plaintext);
@@ -1428,6 +1501,19 @@ var IdentityManager = class {
       key_protection: si.key_protection
     }));
   }
+  /** List identities with rotation count (for dashboard display). */
+  listWithRotationCount() {
+    return Array.from(this.identities.values()).map((si) => ({
+      identity_id: si.identity_id,
+      label: si.label,
+      public_key: si.public_key,
+      did: si.did,
+      created_at: si.created_at,
+      key_type: si.key_type,
+      key_protection: si.key_protection,
+      rotation_count: si.rotation_history?.length ?? 0
+    }));
+  }
 };
 function createL1Tools(stateStore, storage, masterKey, keyProtection, auditLog) {
   const identityMgr = new IdentityManager(storage, masterKey);
@@ -1882,17 +1968,34 @@ function createL1Tools(stateStore, storage, masterKey, keyProtection, auditLog)
 // src/l2-operational/audit-log.ts
 init_encryption();
 init_encoding();
+var DEFAULT_MAX_TOTAL_SIZE_BYTES = 100 * 1024 * 1024;
+var DEFAULT_MAX_ENTRIES = 1e5;
 var AuditLog = class {
   storage;
   encryptionKey;
   entries = [];
   counter = 0;
-  constructor(storage, masterKey) {
+  maxTotalSizeBytes;
+  maxEntries;
+  rotationInFlight = false;
+  pendingWrites = /* @__PURE__ */ new Set();
+  constructor(storage, masterKey, config) {
     this.storage = storage;
     this.encryptionKey = derivePurposeKey(masterKey, "audit-log");
+    this.maxTotalSizeBytes = config?.maxTotalSizeBytes ?? DEFAULT_MAX_TOTAL_SIZE_BYTES;
+    this.maxEntries = config?.maxEntries ?? DEFAULT_MAX_ENTRIES;
   }
   /**
    * Append an audit entry.
+   *
+   * The on-disk persist is async and tracked via `pendingWrites`. Long-lived
+   * callers (the main MCP server) can ignore that tracking and let writes
+   * drain naturally. Short-lived callers — the `sanctuary secrets` CLI which
+   * `process.exit()`s immediately after returning from a broker mutation —
+   * MUST await `flush()` before exiting, or in-flight writes get killed
+   * with the event loop and the entry is silently lost. That was the
+   * v0.10.0-rc.2 soak failure mode where `secrets audit` returned empty
+   * after a clean 7-verb lifecycle.
    */
   append(layer, operation, identityId, details, result = "success") {
     const entry = {
@@ -1904,8 +2007,22 @@ var AuditLog = class {
       details
     };
     this.entries.push(entry);
-    this.persistEntry(entry).catch(() => {
+    const writePromise = this.persistEntry(entry).catch(() => {
     });
+    this.pendingWrites.add(writePromise);
+    void writePromise.finally(() => this.pendingWrites.delete(writePromise));
+  }
+  /**
+   * Wait for every in-flight `append()` persist (and its rotation pass) to
+   * settle. Safe to call multiple times — newly-appended entries during a
+   * flush are also awaited. Re-entrant only at the granularity of "drain
+   * everything queued so far". Short-lived CLIs MUST call this before
+   * `process.exit()` to keep audit writes durable.
+   */
+  async flush() {
+    while (this.pendingWrites.size > 0) {
+      await Promise.allSettled([...this.pendingWrites]);
+    }
   }
   async persistEntry(entry) {
     const key = `${Date.now()}-${this.counter++}`;
@@ -1916,6 +2033,38 @@ var AuditLog = class {
       key,
       stringToBytes(JSON.stringify(encrypted))
     );
+    await this.maybeRotate().catch(() => {
+    });
+  }
+  /**
+   * Prune oldest audit entries when storage exceeds configured limits.
+   * Entries are sorted by key (timestamp-based) so oldest are pruned first.
+   */
+  async maybeRotate() {
+    if (this.rotationInFlight) return;
+    this.rotationInFlight = true;
+    try {
+      const metas = await this.storage.list("_audit");
+      if (metas.length === 0) return;
+      metas.sort((a, b) => a.key.localeCompare(b.key));
+      const totalSize = metas.reduce((sum, m) => sum + m.size_bytes, 0);
+      let toDelete = 0;
+      if (metas.length > this.maxEntries) {
+        toDelete = metas.length - this.maxEntries;
+      }
+      if (totalSize > this.maxTotalSizeBytes) {
+        let runningSize = totalSize;
+        for (let i = toDelete; i < metas.length && runningSize > this.maxTotalSizeBytes; i++) {
+          runningSize -= metas[i].size_bytes;
+          toDelete = i + 1;
+        }
+      }
+      for (let i = 0; i < toDelete; i++) {
+        await this.storage.delete("_audit", metas[i].key);
+      }
+    } finally {
+      this.rotationInFlight = false;
+    }
   }
   /**
    * Query the audit log with filtering.
@@ -1997,7 +2146,9 @@ function verifyCommitment(commitment, value, blindingFactor) {
   const valueBytes = stringToBytes(value);
   const combined = concatBytes(valueBytes, blindingBytes);
   const expectedHash = toBase64url(hash(combined));
-  return commitment === expectedHash;
+  const commitmentBytes = fromBase64url(commitment);
+  const expectedBytes = fromBase64url(expectedHash);
+  return constantTimeEqual(commitmentBytes, expectedBytes);
 }
 var CommitmentStore = class {
   storage;
@@ -3179,6 +3330,51 @@ var ReputationStore = class {
     );
     return guarantee;
   }
+  // ─── L4 Evidence Summary ─────────────────────────────────────────────
+  /**
+   * Summarize attestations for the L4 degradation emitter and dashboard widget.
+   *
+   * Returns aggregate evidence about the identity's reputation state —
+   * counts, tier distribution, recency, dispute counts, context coverage —
+   * without exposing raw attestations. The caller combines this with an
+   * audit-log check for Verascore link state to produce the final
+   * `L4Evidence` struct consumed by the SHR generator.
+   *
+   * @param participantDid - If provided, only count attestations where the
+   *   `participant_did` matches. If omitted, covers all attestations in the
+   *   store.
+   */
+  async summarizeForSHR(participantDid) {
+    const all = await this.loadAll();
+    const filtered = participantDid ? all.filter((a) => a.attestation.data.participant_did === participantDid) : all;
+    const tierDist = {
+      "verified-sovereign": 0,
+      "verified-degraded": 0,
+      "self-attested": 0,
+      "unverified": 0
+    };
+    const contextBreakdown = {};
+    let mostRecentMs = null;
+    let disputeCount = 0;
+    for (const a of filtered) {
+      const tier = a.attestation.data.sovereignty_tier;
+      if (tier) tierDist[tier]++;
+      const ctx = a.attestation.data.context;
+      if (ctx) contextBreakdown[ctx] = (contextBreakdown[ctx] ?? 0) + 1;
+      const ts = new Date(a.attestation.data.timestamp).getTime();
+      if (!isNaN(ts) && (mostRecentMs === null || ts > mostRecentMs)) {
+        mostRecentMs = ts;
+      }
+      if (a.attestation.data.outcome_result === "disputed") disputeCount++;
+    }
+    return {
+      attestation_count: filtered.length,
+      tier_distribution: tierDist,
+      most_recent_attestation_at: mostRecentMs !== null ? new Date(mostRecentMs).toISOString() : null,
+      dispute_count: disputeCount,
+      context_breakdown: contextBreakdown
+    };
+  }
   // ─── Tier-Aware Access ───────────────────────────────────────────────
   /**
    * Load attestations for tier-weighted scoring.
@@ -3200,21 +3396,37 @@ var ReputationStore = class {
   // ─── Internal ─────────────────────────────────────────────────────────
   async loadAll() {
     const results = [];
+    for await (const page of this.loadAllPaginated(100)) {
+      results.push(...page);
+    }
+    return results;
+  }
+  /**
+   * Cursor-based async iterator that loads attestations in pages.
+   * Prevents OOM at 100K+ records by reading and decrypting in batches.
+   */
+  async *loadAllPaginated(pageSize = 100) {
+    let entries;
     try {
-      const entries = await this.storage.list("_reputation");
-      for (const meta of entries) {
+      entries = await this.storage.list("_reputation");
+    } catch {
+      return;
+    }
+    for (let i = 0; i < entries.length; i += pageSize) {
+      const page = [];
+      const slice = entries.slice(i, i + pageSize);
+      for (const meta of slice) {
         const raw = await this.storage.read("_reputation", meta.key);
         if (!raw) continue;
         try {
           const encrypted = JSON.parse(bytesToString(raw));
           const decrypted = decrypt(encrypted, this.encryptionKey);
-          results.push(JSON.parse(bytesToString(decrypted)));
+          page.push(JSON.parse(bytesToString(decrypted)));
         } catch {
         }
       }
-    } catch {
+      if (page.length > 0) yield page;
     }
-    return results;
   }
 };
 
@@ -4441,13 +4653,78 @@ function canonicalizeForSigning(body) {
 init_identity();
 init_encoding();
 var DEFAULT_VALIDITY_MS = 60 * 60 * 1e3;
+var DEFAULT_FRESHNESS_WINDOW_DAYS = 30;
+var DEFAULT_LOW_TIER_DOMINANCE_THRESHOLD = 0.6;
+function deriveL4Degradations(evidence, now = /* @__PURE__ */ new Date()) {
+  const out = [];
+  const freshnessDays = evidence.thresholds?.freshness_window_days ?? DEFAULT_FRESHNESS_WINDOW_DAYS;
+  const dominanceThreshold = evidence.thresholds?.low_tier_dominance_threshold ?? DEFAULT_LOW_TIER_DOMINANCE_THRESHOLD;
+  if (evidence.attestation_count === 0) {
+    out.push({
+      layer: "l4",
+      code: "NO_REPUTATION_HISTORY",
+      severity: "warning",
+      description: "Signing identity has no recorded reputation attestations",
+      mitigation: "Complete interactions that produce reputation_record calls, or import a portable reputation bundle"
+    });
+  } else {
+    const lowTierCount = (evidence.tier_distribution["self-attested"] ?? 0) + (evidence.tier_distribution["unverified"] ?? 0);
+    const lowTierShare = lowTierCount / evidence.attestation_count;
+    if (lowTierShare > dominanceThreshold) {
+      const pct = Math.round(lowTierShare * 100);
+      out.push({
+        layer: "l4",
+        code: "LOW_TIER_DOMINANCE",
+        severity: "info",
+        description: `${pct}% of attestations are self-attested or unverified`,
+        mitigation: "Complete sovereignty handshakes with counterparties to upgrade future attestations to verified tiers"
+      });
+    }
+    if (evidence.most_recent_attestation_at) {
+      const mostRecentMs = new Date(evidence.most_recent_attestation_at).getTime();
+      if (!isNaN(mostRecentMs)) {
+        const ageMs = now.getTime() - mostRecentMs;
+        const windowMs = freshnessDays * 24 * 60 * 60 * 1e3;
+        if (ageMs > windowMs) {
+          const ageDays = Math.round(ageMs / (24 * 60 * 60 * 1e3));
+          out.push({
+            layer: "l4",
+            code: "STALE_REPUTATION",
+            severity: "info",
+            description: `Most recent attestation is ${ageDays} days old (freshness window: ${freshnessDays} days)`,
+            mitigation: "Record a fresh interaction outcome or refresh reputation from active counterparties"
+          });
+        }
+      }
+    }
+    if (evidence.dispute_count > 0) {
+      out.push({
+        layer: "l4",
+        code: "DISPUTE_ON_RECORD",
+        severity: "warning",
+        description: `${evidence.dispute_count} attestation${evidence.dispute_count === 1 ? "" : "s"} marked as disputed`,
+        mitigation: "Review disputed interactions; counterparties may weigh this signal when evaluating trust"
+      });
+    }
+  }
+  if (!evidence.verascore_linked) {
+    out.push({
+      layer: "l4",
+      code: "NO_VERASCORE_LINK",
+      severity: "info",
+      description: "No successful reputation_publish call for this identity \u2014 reputation is not externally discoverable",
+      mitigation: "Run reputation_publish to link this identity to a Verascore profile"
+    });
+  }
+  return out;
+}
 function generateSHR(identityId, opts) {
-  const { config, identityManager, masterKey, validityMs } = opts;
+  const { config, identityManager, masterKey, validityMs, l4Evidence, now: nowOverride } = opts;
   const identity = identityId ? identityManager.get(identityId) : identityManager.getDefault();
   if (!identity) {
     return "No identity available for signing. Create an identity first.";
   }
-  const now = /* @__PURE__ */ new Date();
+  const now = nowOverride ?? /* @__PURE__ */ new Date();
   const expiresAt = new Date(now.getTime() + (validityMs ?? DEFAULT_VALIDITY_MS));
   const degradations = [];
   if (config.execution.environment === "local-process") {
@@ -4466,6 +4743,9 @@ function generateSHR(identityId, opts) {
       mitigation: "TEE attestation planned for a future release"
     });
   }
+  const l4Degradations = l4Evidence ? deriveL4Degradations(l4Evidence, now) : [];
+  degradations.push(...l4Degradations);
+  const l4Status = l4Degradations.length > 0 ? "degraded" : "active";
   const body = {
     shr_version: "1.0",
     implementation: {
@@ -4496,7 +4776,7 @@ function generateSHR(identityId, opts) {
         selective_disclosure: true
       },
       l4: {
-        status: "active",
+        status: l4Status,
         reputation_mode: config.reputation.mode,
         attestation_format: config.reputation.attestation_format,
         reputation_portable: true
@@ -7457,7 +7737,7 @@ function generateFortressViewHTML(options) {
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Sanctuary \u2014 Fortress View</title>
+  <title>Sanctuary</title>
   <style>
     :root {
       --bg: #0d1117;
@@ -7846,7 +8126,7 @@ function generateFortressViewHTML(options) {
     <div class="fortress-brand">
       <div class="shield">&#x1F6E1;</div>
       <div>
-        <h1>Sanctuary Cocoon</h1>
+        <h1>Sanctuary</h1>
         <div class="version">v${esc(options.serverVersion)}</div>
       </div>
     </div>
@@ -8388,6 +8668,10 @@ var RATE_LIMIT_WINDOW_MS = 6e4;
 var RATE_LIMIT_GENERAL = 120;
 var RATE_LIMIT_DECISIONS = 20;
 var MAX_RATE_LIMIT_ENTRIES = 1e4;
+function isDashboardViewRoute(method, path) {
+  if (method !== "GET") return false;
+  return path === "/" || path === "/dashboard" || path === "/fortress" || path === "/events";
+}
 var DashboardApprovalChannel = class {
   config;
   pending = /* @__PURE__ */ new Map();
@@ -8455,20 +8739,22 @@ var DashboardApprovalChannel = class {
    * Start the HTTP(S) server for the dashboard.
    */
   async start() {
+    const handler = (req, res) => this.handleRequest(req, res);
+    let server;
+    if (this.useTLS && this.config.tls) {
+      const tlsOpts = {
+        cert: await readFile(this.config.tls.cert_path),
+        key: await readFile(this.config.tls.key_path)
+      };
+      server = createServer$1(tlsOpts, handler);
+    } else {
+      server = createServer$2(handler);
+    }
+    this.httpServer = server;
     return new Promise((resolve, reject) => {
-      const handler = (req, res) => this.handleRequest(req, res);
-      if (this.useTLS && this.config.tls) {
-        const tlsOpts = {
-          cert: readFileSync(this.config.tls.cert_path),
-          key: readFileSync(this.config.tls.key_path)
-        };
-        this.httpServer = createServer$1(tlsOpts, handler);
-      } else {
-        this.httpServer = createServer$2(handler);
-      }
       const protocol = this.useTLS ? "https" : "http";
       const baseUrl = `${protocol}://${this.config.host}:${this.config.port}`;
-      this.httpServer.listen(this.config.port, this.config.host, () => {
+      server.listen(this.config.port, this.config.host, () => {
         const sessionUrl = this.authToken ? this.createSessionUrl() : baseUrl;
         process.stderr.write(
           `
@@ -8492,7 +8778,7 @@ var DashboardApprovalChannel = class {
         }
         resolve();
       });
-      this.httpServer.on("error", (err) => {
+      server.on("error", (err) => {
         if (err.code === "EADDRINUSE") {
           const port = this.config.port;
           process.stderr.write(
@@ -8781,13 +9067,14 @@ var DashboardApprovalChannel = class {
     }
     if (method === "GET" && url.pathname === "/" && this.authToken) {
       if (!this.isAuthenticated(req, url)) {
-        if (!this.checkRateLimit(req, res, "general")) return;
         this.serveLoginPage(res);
         return;
       }
     }
     if (!this.checkAuth(req, url, res)) return;
-    if (!this.checkRateLimit(req, res, "general")) return;
+    if (!isDashboardViewRoute(method, url.pathname)) {
+      if (!this.checkRateLimit(req, res, "general")) return;
+    }
     try {
       if (method === "GET" && url.pathname === "/fortress") {
         this.serveFortressView(res);
@@ -9081,16 +9368,7 @@ data: ${JSON.stringify(initData)}
       res.end(JSON.stringify({ identities: [], count: 0 }));
       return;
     }
-    const identities = this.identityManager.list().map((id) => ({
-      identity_id: id.identity_id,
-      label: id.label,
-      public_key: id.public_key,
-      did: id.did,
-      created_at: id.created_at,
-      key_type: id.key_type,
-      key_protection: id.key_protection,
-      rotation_count: id.rotation_history?.length ?? 0
-    }));
+    const identities = this.identityManager.listWithRotationCount();
     const primary = this.identityManager.getDefault();
     res.writeHead(200, { "Content-Type": "application/json" });
     res.end(JSON.stringify({
@@ -9695,16 +9973,6 @@ var INVISIBLE_CHARS = [
 ];
 var VARIATION_SELECTOR_RANGE_START = 65024;
 var VARIATION_SELECTOR_RANGE_END = 65039;
-var ZERO_WIDTH_CHARS = [
-  "\u200B",
-  // Zero-width space
-  "\u200C",
-  // Zero-width non-joiner
-  "\u200D",
-  // Zero-width joiner
-  "\uFEFF"
-  // Zero-width no-break space
-];
 var BASE64_STANDARD_PATTERN = /^[A-Za-z0-9+/]+={0,2}$/;
 var BASE64URL_PATTERN = /^[A-Za-z0-9_-]+={0,2}$/;
 var BASE64_BLOCK_PATTERN = /[A-Za-z0-9+/]{20,}={0,2}/g;
@@ -10321,10 +10589,8 @@ var InjectionDetector = class {
         });
       }
     }
-    let zeroWidthCount = 0;
-    for (const char of ZERO_WIDTH_CHARS) {
-      zeroWidthCount += (value.match(new RegExp(char, "g")) || []).length;
-    }
+    const zeroWidthMatches = value.match(/[\u200B\u200C\u200D\uFEFF]/g);
+    const zeroWidthCount = zeroWidthMatches ? zeroWidthMatches.length : 0;
     if (zeroWidthCount > 0) {
       signals.push({
         type: "encoding_evasion",
@@ -11317,6 +11583,16 @@ function transformDegradations(degradations) {
       authzImpact = "Must share entire data context, cannot redact";
     } else if (deg.code === "BASIC_SYBIL_ONLY") {
       authzImpact = "Restrict to interactions with known agents only";
+    } else if (deg.code === "NO_REPUTATION_HISTORY") {
+      authzImpact = "No prior reputation \u2014 treat as a new counterparty; require escrow or human approval for value transfer";
+    } else if (deg.code === "LOW_TIER_DOMINANCE") {
+      authzImpact = "Reputation dominated by self-attested / unverified signers \u2014 weight accordingly, require additional confirmation on high-value actions";
+    } else if (deg.code === "STALE_REPUTATION") {
+      authzImpact = "Reputation is stale \u2014 may not reflect current behavior; refresh before relying on it";
+    } else if (deg.code === "DISPUTE_ON_RECORD") {
+      authzImpact = "Disputes on record \u2014 review dispute context before extending trust beyond low-value interactions";
+    } else if (deg.code === "NO_VERASCORE_LINK") {
+      authzImpact = "No external reputation profile \u2014 counterparty cannot independently discover reputation bundle";
     } else {
       authzImpact = "Unknown authorization impact";
     }
@@ -11423,12 +11699,37 @@ function transformSHRGeneric(shr) {
 }
 
 // src/shr/tools.ts
-function createSHRTools(config, identityManager, masterKey, auditLog) {
+async function gatherL4Evidence(reputationStore, auditLog, identity) {
+  const summary = await reputationStore.summarizeForSHR(identity.did);
+  const published = await auditLog.query({
+    layer: "l4",
+    operation_type: "reputation_publish",
+    limit: 500
+  });
+  const verascoreLinked = published.entries.some(
+    (e) => e.result === "success" && e.identity_id === identity.identity_id
+  );
+  return {
+    attestation_count: summary.attestation_count,
+    tier_distribution: summary.tier_distribution,
+    most_recent_attestation_at: summary.most_recent_attestation_at,
+    dispute_count: summary.dispute_count,
+    context_breakdown: summary.context_breakdown,
+    verascore_linked: verascoreLinked
+  };
+}
+function createSHRTools(config, identityManager, masterKey, auditLog, reputationStore) {
   const generatorOpts = {
     config,
     identityManager,
     masterKey
   };
+  async function resolveL4Evidence(identityId) {
+    if (!reputationStore) return void 0;
+    const identity = identityId ? identityManager.get(identityId) : identityManager.getDefault();
+    if (!identity) return void 0;
+    return gatherL4Evidence(reputationStore, auditLog, identity);
+  }
   const tools = [
     {
       name: "shr_generate",
@@ -11448,9 +11749,12 @@ function createSHRTools(config, identityManager, masterKey, auditLog) {
       },
       handler: async (args) => {
         const validityMs = args.validity_minutes ? args.validity_minutes * 60 * 1e3 : void 0;
-        const result = generateSHR(args.identity_id, {
+        const identityId = args.identity_id;
+        const l4Evidence = await resolveL4Evidence(identityId);
+        const result = generateSHR(identityId, {
           ...generatorOpts,
-          validityMs
+          validityMs,
+          l4Evidence
         });
         if (typeof result === "string") {
           return toolResult({ error: result });
@@ -11509,9 +11813,12 @@ function createSHRTools(config, identityManager, masterKey, auditLog) {
       handler: async (args) => {
         const format = args.format || "ping";
         const validityMs = args.validity_minutes ? args.validity_minutes * 60 * 1e3 : void 0;
-        const shrResult = generateSHR(args.identity_id, {
+        const identityId = args.identity_id;
+        const l4Evidence = await resolveL4Evidence(identityId);
+        const shrResult = generateSHR(identityId, {
           ...generatorOpts,
-          validityMs
+          validityMs,
+          l4Evidence
         });
         if (typeof shrResult === "string") {
           return toolResult({ error: shrResult });
@@ -17210,8 +17517,27 @@ function validateVerascoreUrl(urlStr, configuredUrl) {
   }
 }
 function createSanctuaryTools(opts) {
-  const { config, identityManager, masterKey, auditLog, policy, keyProtection } = opts;
+  const { config, identityManager, masterKey, auditLog, policy, keyProtection, reputationStore } = opts;
   const identityEncKey = derivePurposeKey(masterKey, "identity-encryption");
+  async function l4EvidenceForIdentity(identity) {
+    if (!reputationStore) return void 0;
+    return gatherL4Evidence(reputationStore, auditLog, identity);
+  }
+  function emptyL4Evidence() {
+    return {
+      attestation_count: 0,
+      tier_distribution: {
+        "verified-sovereign": 0,
+        "verified-degraded": 0,
+        "self-attested": 0,
+        "unverified": 0
+      },
+      most_recent_attestation_at: null,
+      dispute_count: 0,
+      context_breakdown: {},
+      verascore_linked: false
+    };
+  }
   const tools = [
     // ─── sanctuary_bootstrap ───────────────────────────────────────────
     {
@@ -17251,7 +17577,8 @@ function createSanctuaryTools(opts) {
         const shr = generateSHR(publicIdentity.identity_id, {
           config,
           identityManager,
-          masterKey
+          masterKey,
+          l4Evidence: emptyL4Evidence()
         });
         if (typeof shr === "string") {
           return toolResult({
@@ -17410,10 +17737,12 @@ function createSanctuaryTools(opts) {
             error: "No identity found. Create one with identity_create first."
           });
         }
+        const l4Evidence = await l4EvidenceForIdentity(identity);
         const shr = generateSHR(identity.identity_id, {
           config,
           identityManager,
-          masterKey
+          masterKey,
+          l4Evidence
         });
         const attestations = args.attestations ?? [];
         const body = {
@@ -19215,7 +19544,7 @@ the Sanctuary oversight gate recorded the following activity:
 | Outcome | Count |
 |---|---|
 | Gate allow (Tier 3 auto-allow or approved Tier 1/2) | {{ gate_allow_count }} |
-| Gate allow_proxy (Cocoon MCP-proxy pass-through) | {{ gate_allow_proxy_count }} |
+| Gate allow_proxy (Sanctuary MCP-proxy pass-through) | {{ gate_allow_proxy_count }} |
 | Gate deny (approval denied or timeout) | {{ gate_deny_count }} |
 | Gate escalate (Tier 2 anomaly raised for human review) | {{ gate_escalate_count }} |
 | Gate unclassified (no matching rule, default behaviour applied) | {{ gate_unclassified_count }} |
@@ -20848,10 +21177,1206 @@ var MemoryStorage = class {
   }
 };
 
+// src/dashboard/aggregator.ts
+var L4_DEGRADATION_IMPACT = {
+  critical: 40,
+  warning: 25,
+  info: 10
+};
+function computeL4LayerScore(degradations, status) {
+  if (status === "compromised") return 0;
+  let score = 100;
+  for (const deg of degradations) {
+    score -= L4_DEGRADATION_IMPACT[deg.severity] ?? 10;
+  }
+  score = Math.max(0, score);
+  if (degradations.length === 0 && score > 50) {
+    score = Math.min(100, score + 5);
+  }
+  return Math.round(score);
+}
+var MAX_ACTIVITY = 50;
+var MAX_AUDIT = 50;
+function fingerprintDID(did) {
+  const raw = did.replace(/^did:[a-z0-9]+:/i, "");
+  if (raw.length <= 12) return raw;
+  return `${raw.slice(0, 6)}\u2026${raw.slice(-6)}`;
+}
+function countInjectionsToday(audit) {
+  const startOfDay = /* @__PURE__ */ new Date();
+  startOfDay.setHours(0, 0, 0, 0);
+  const cutoff = startOfDay.getTime();
+  return audit.filter((e) => {
+    const ts = new Date(e.timestamp).getTime();
+    if (isNaN(ts) || ts < cutoff) return false;
+    const op = (e.operation ?? "").toLowerCase();
+    return op.includes("injection") || op.includes("blocked");
+  }).length;
+}
+var PROOF_CREATION_OPS = /* @__PURE__ */ new Set([
+  "zk_prove",
+  "zk_range_prove",
+  "proof_commitment"
+]);
+function countProofsToday(audit) {
+  const startOfDay = /* @__PURE__ */ new Date();
+  startOfDay.setHours(0, 0, 0, 0);
+  const cutoff = startOfDay.getTime();
+  return audit.filter((e) => {
+    if (e.layer !== "l3") return false;
+    if (!PROOF_CREATION_OPS.has(e.operation)) return false;
+    const ts = new Date(e.timestamp).getTime();
+    return !isNaN(ts) && ts >= cutoff;
+  }).length;
+}
+function buildAgent(sources) {
+  if (!sources.identityManager) {
+    return {
+      display_name: "Unclaimed agent",
+      did: null,
+      did_fingerprint: null,
+      identity_count: 0,
+      primary_identity_id: null
+    };
+  }
+  const primary = sources.identityManager.getDefault();
+  const identities = sources.identityManager.list();
+  if (!primary) {
+    return {
+      display_name: "Unclaimed agent",
+      did: null,
+      did_fingerprint: null,
+      identity_count: identities.length,
+      primary_identity_id: null
+    };
+  }
+  return {
+    display_name: primary.label || "Sovereign agent",
+    did: primary.did,
+    did_fingerprint: fingerprintDID(primary.did),
+    identity_count: identities.length,
+    primary_identity_id: primary.identity_id
+  };
+}
+function buildL1(sources, audit) {
+  const hasIdentity = !!sources.identityManager?.getDefault();
+  const state = hasIdentity ? "full" : "degraded";
+  return {
+    label: "L1 Cognitive",
+    state,
+    headline: hasIdentity ? "State encrypted at rest" : "No sovereign identity \u2014 run sanctuary_bootstrap",
+    encryption: "AES-256-GCM + HKDF per namespace",
+    injection_blocked_today: countInjectionsToday(audit),
+    memory_attest_ready: hasIdentity
+  };
+}
+function buildL2(sources) {
+  const teeAvailable = sources.teeAvailable ?? false;
+  const state = teeAvailable ? "full" : "degraded";
+  return {
+    label: "L2 Operational",
+    state,
+    headline: teeAvailable ? "Hardware isolation active" : "Process isolation \u2014 no TEE on this host",
+    isolation_type: teeAvailable ? "hardware-tee" : "process-level",
+    tee_available: teeAvailable,
+    tee_status: teeAvailable ? "Attested" : "Not available \u2014 normal on local dev",
+    sandbox_status: "Principal Policy gate active"
+  };
+}
+function buildL3(sources, audit) {
+  const VC_ISSUING_OPS = /* @__PURE__ */ new Set([
+    "reputation_record",
+    "bootstrap_provide_guarantee",
+    "reputation_publish"
+  ]);
+  const didActive = !!sources.identityManager?.getDefault()?.did;
+  const vcCount = audit.filter(
+    (e) => e.layer === "l4" && VC_ISSUING_OPS.has(e.operation)
+  ).length;
+  return {
+    label: "L3 Disclosure",
+    state: didActive ? "full" : "degraded",
+    headline: didActive ? "Selective disclosure ready" : "No DID \u2014 disclosure unavailable",
+    did_active: didActive,
+    vc_count: vcCount,
+    proofs_today: countProofsToday(audit)
+  };
+}
+function buildL4(sources) {
+  const rep = sources.reputation;
+  const hasDid = !!sources.identityManager?.getDefault()?.did;
+  const evidenceBlock = buildL4EvidenceBlock(sources);
+  const base = rep?.score != null ? {
+    label: "L4 Reputation",
+    state: "full",
+    headline: "Verascore attached",
+    score: rep.score,
+    profile_url: rep.profile_url,
+    claim_cta: null
+  } : hasDid ? {
+    label: "L4 Reputation",
+    state: "degraded",
+    headline: "Claim your profile",
+    score: null,
+    profile_url: null,
+    claim_cta: "Claim your profile at verascore.ai"
+  } : {
+    label: "L4 Reputation",
+    state: "degraded",
+    headline: "No identity claimed",
+    score: null,
+    profile_url: null,
+    claim_cta: "Claim your profile at verascore.ai"
+  };
+  if (!evidenceBlock) return base;
+  const nextState = evidenceBlock.active_degradations.length > 0 && base.state === "full" ? "degraded" : base.state;
+  const nextHeadline = nextState === base.state ? base.headline : "Attached, but evidence is degraded";
+  return {
+    ...base,
+    state: nextState,
+    headline: nextHeadline,
+    evidence: evidenceBlock.evidence,
+    layer_score: evidenceBlock.layer_score,
+    active_degradations: evidenceBlock.active_degradations
+  };
+}
+function buildL4EvidenceBlock(sources) {
+  const ev = sources.l4Evidence;
+  if (!ev) return null;
+  const degradations = deriveL4Degradations(ev, sources.l4Now ?? /* @__PURE__ */ new Date());
+  const status = degradations.length > 0 ? "degraded" : "full";
+  const layer_score = computeL4LayerScore(degradations, status);
+  return {
+    evidence: {
+      attestation_count: ev.attestation_count,
+      tier_distribution: ev.tier_distribution,
+      most_recent_attestation_at: ev.most_recent_attestation_at,
+      dispute_count: ev.dispute_count,
+      context_breakdown: ev.context_breakdown ?? {},
+      verascore_linked: ev.verascore_linked
+    },
+    layer_score,
+    active_degradations: degradations.map((d) => ({
+      code: d.code,
+      severity: d.severity,
+      description: d.description,
+      ...d.mitigation !== void 0 ? { mitigation: d.mitigation } : {}
+    }))
+  };
+}
+function computeOverall(l1, l2, l3, l4) {
+  const critical = [l1.state, l3.state, l4.state];
+  if (critical.includes("compromised") || l2.state === "compromised") {
+    return {
+      status: "compromised",
+      light: "red",
+      headline: "Sovereignty compromised"
+    };
+  }
+  const allCriticalFull = critical.every((s) => s === "full");
+  if (allCriticalFull && l2.state === "full") {
+    return {
+      status: "healthy",
+      light: "green",
+      headline: "All layers full"
+    };
+  }
+  if (allCriticalFull && l2.state === "degraded") {
+    return {
+      status: "healthy",
+      light: "green",
+      headline: "L1\xB7L3\xB7L4 full \u2014 L2 degraded (no TEE on this host)"
+    };
+  }
+  return {
+    status: "degraded",
+    light: "yellow",
+    headline: "One or more layers degraded"
+  };
+}
+function buildUpstreamServers(sources) {
+  if (!sources.clientManager) return [];
+  return sources.clientManager.getStatus().map((s) => {
+    const entry = {
+      name: s.name,
+      state: s.state,
+      tool_count: s.tool_count
+    };
+    if (s.error) entry.error = s.error;
+    return entry;
+  });
+}
+async function getProtectionSnapshot(sources) {
+  let audit = [];
+  if (sources.auditLog) {
+    try {
+      const result = await sources.auditLog.query({ limit: MAX_AUDIT });
+      audit = result.entries;
+    } catch {
+      audit = [];
+    }
+  }
+  const agent = buildAgent(sources);
+  const l1 = buildL1(sources, audit);
+  const l2 = buildL2(sources);
+  const l3 = buildL3(sources, audit);
+  const l4 = buildL4(sources);
+  const activity = (sources.activity ?? []).slice(0, MAX_ACTIVITY);
+  const pending_approvals = sources.pendingApprovals ?? [];
+  const upstream_servers = buildUpstreamServers(sources);
+  return {
+    overall: computeOverall(l1, l2, l3, l4),
+    agent,
+    layers: { l1, l2, l3, l4 },
+    activity,
+    pending_approvals,
+    audit: audit.slice(-MAX_AUDIT).reverse(),
+    upstream_servers,
+    mode: sources.mode,
+    server_version: sources.server_version,
+    generated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+// src/dashboard/html.ts
+var HERO_COPY = "Your agent is protected.";
+function escHtml(value) {
+  if (value == null) return "";
+  return String(value).replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+}
+function layerCard(layer, extra) {
+  return `<section class="layer-card layer-${escHtml(layer.state)}" data-layer-label="${escHtml(layer.label)}">
+    <div class="layer-head">
+      <div class="layer-dot"></div>
+      <div>
+        <h3>${escHtml(layer.label)}</h3>
+        <p class="layer-headline">${escHtml(layer.headline)}</p>
+      </div>
+    </div>
+    <dl class="layer-detail">${extra}</dl>
+  </section>`;
+}
+function l1Card(l1) {
+  return layerCard(
+    l1,
+    `<div><dt>Encryption</dt><dd>${escHtml(l1.encryption)}</dd></div>
+     <div><dt>Injections blocked today</dt><dd>${escHtml(l1.injection_blocked_today)}</dd></div>
+     <div><dt>memory_attest</dt><dd>${l1.memory_attest_ready ? "Ready" : "Not ready"}</dd></div>`
+  );
+}
+function l2Card(l2) {
+  return layerCard(
+    l2,
+    `<div><dt>Isolation</dt><dd>${escHtml(l2.isolation_type)}</dd></div>
+     <div><dt>TEE</dt><dd>${escHtml(l2.tee_status)}</dd></div>
+     <div><dt>Sandbox</dt><dd>${escHtml(l2.sandbox_status)}</dd></div>`
+  );
+}
+function l3Card(l3) {
+  return layerCard(
+    l3,
+    `<div><dt>DID</dt><dd>${l3.did_active ? "Active" : "None"}</dd></div>
+     <div><dt>Credentials</dt><dd>${escHtml(l3.vc_count)}</dd></div>
+     <div><dt>Proofs today</dt><dd>${escHtml(l3.proofs_today)}</dd></div>`
+  );
+}
+function l4Card(l4) {
+  const score = l4.score != null ? `<div class="score-block"><span class="score-value">${escHtml(l4.score)}</span><span class="score-label">Verascore</span></div>` : `<div class="claim-block">${escHtml(l4.claim_cta ?? "Claim your profile at verascore.ai")}</div>`;
+  return layerCard(
+    l4,
+    `<div class="layer-cta">${score}</div>${l4EvidenceBlock(l4)}`
+  );
+}
+function formatRelativeDays(iso) {
+  if (!iso) return "none on record";
+  const ts = new Date(iso).getTime();
+  if (isNaN(ts)) return "unknown";
+  const days = Math.round((Date.now() - ts) / (24 * 60 * 60 * 1e3));
+  if (days <= 0) return "today";
+  if (days === 1) return "1 day ago";
+  return `${days} days ago`;
+}
+function l4EvidenceBlock(l4) {
+  if (!l4.evidence) return "";
+  const ev = l4.evidence;
+  const tierSovereign = ev.tier_distribution["verified-sovereign"];
+  const tierDegraded = ev.tier_distribution["verified-degraded"];
+  const tierSelf = ev.tier_distribution["self-attested"];
+  const tierUnverified = ev.tier_distribution["unverified"];
+  const contextCount = Object.keys(ev.context_breakdown).length;
+  const mostRecent = formatRelativeDays(ev.most_recent_attestation_at);
+  const score = l4.layer_score ?? 100;
+  const summaryLine = `
+    <div><dt>L4 score</dt><dd>${escHtml(score)} / 100</dd></div>
+    <div><dt>Attestations</dt><dd>${escHtml(ev.attestation_count)}</dd></div>
+    <div><dt>Verified tiers</dt><dd>${escHtml(tierSovereign)} sovereign \xB7 ${escHtml(tierDegraded)} degraded</dd></div>
+    <div><dt>Lower tiers</dt><dd>${escHtml(tierSelf)} self \xB7 ${escHtml(tierUnverified)} unverified</dd></div>
+    <div><dt>Contexts</dt><dd>${escHtml(contextCount)}</dd></div>
+    <div><dt>Disputes</dt><dd>${escHtml(ev.dispute_count)}</dd></div>
+    <div><dt>Last activity</dt><dd>${escHtml(mostRecent)}</dd></div>
+    <div><dt>Verascore link</dt><dd>${ev.verascore_linked ? "Yes" : "Not linked"}</dd></div>
+  `;
+  const degs = l4.active_degradations ?? [];
+  const degList = degs.length === 0 ? "" : `<ul class="l4-deg-list">${degs.map(
+    (d) => `
+          <li class="l4-deg l4-deg-${escHtml(d.severity)}">
+            <div class="l4-deg-head">
+              <span class="l4-deg-code">${escHtml(d.code)}</span>
+              <span class="l4-deg-sev">${escHtml(d.severity)}</span>
+            </div>
+            <p class="l4-deg-desc">${escHtml(d.description)}</p>
+            ${d.mitigation ? `<p class="l4-deg-mit">${escHtml(d.mitigation)}</p>` : ""}
+          </li>`
+  ).join("")}</ul>`;
+  return `
+    <div class="l4-evidence">
+      <dl class="layer-detail l4-evidence-summary">${summaryLine}</dl>
+      ${degList}
+    </div>
+  `;
+}
+function renderDashboardHTML(options) {
+  const { snapshot } = options;
+  const { overall, agent, layers, activity, pending_approvals, audit, upstream_servers } = snapshot;
+  const activityRows = activity.length === 0 ? `<tr class="empty"><td colspan="5">Waiting for tool calls\u2026</td></tr>` : activity.map((entry) => {
+    const time = new Date(entry.timestamp).toLocaleTimeString();
+    return `<tr class="result-${escHtml(entry.result)}">
+            <td class="mono time">${escHtml(time)}</td>
+            <td class="mono">${escHtml(entry.tool)}</td>
+            <td class="mono">${escHtml(entry.server)}</td>
+            <td class="tier tier-${escHtml(entry.tier)}">T${escHtml(entry.tier)}</td>
+            <td class="result">${escHtml(entry.result)}</td>
+          </tr>`;
+  }).join("");
+  const approvalItems = pending_approvals.length === 0 ? `<div class="empty-block">No pending approvals</div>` : pending_approvals.map((p) => `<article class="approval" data-id="${escHtml(p.id)}">
+          <div class="approval-head">
+            <span class="tier-chip tier-${escHtml(p.tier)}">Tier ${escHtml(p.tier)}</span>
+            <span class="mono">${escHtml(p.operation)}</span>
+          </div>
+          <p class="approval-reason">${escHtml(p.reason)}</p>
+          <div class="approval-actions">
+            <button class="btn btn-allow" data-action="allow" data-id="${escHtml(p.id)}">Allow</button>
+            <button class="btn btn-deny" data-action="deny" data-id="${escHtml(p.id)}">Deny</button>
+          </div>
+        </article>`).join("");
+  const auditRows = audit.length === 0 ? `<tr class="empty"><td colspan="4">Audit log empty</td></tr>` : audit.map((entry) => `<tr data-kind="${escHtml(entry.layer)}" data-op="${escHtml(entry.operation)}">
+          <td class="mono time">${escHtml(new Date(entry.timestamp).toLocaleTimeString())}</td>
+          <td class="layer-pill">${escHtml(entry.layer.toUpperCase())}</td>
+          <td class="mono">${escHtml(entry.operation)}</td>
+          <td class="result-${escHtml(entry.result)}">${escHtml(entry.result)}</td>
+        </tr>`).join("");
+  const serverRows = upstream_servers.length === 0 ? `<li class="empty-block">No upstream servers connected</li>` : upstream_servers.map((s) => `<li class="server-row state-${escHtml(s.state)}">
+          <span class="server-dot"></span>
+          <span class="mono">${escHtml(s.name)}</span>
+          <span class="server-meta">${escHtml(s.state)} \xB7 ${escHtml(s.tool_count)} tool${s.tool_count === 1 ? "" : "s"}</span>
+        </li>`).join("");
+  const initialSnapshot = JSON.stringify(snapshot).replace(/</g, "\\u003c").replace(/\u2028/g, "\\u2028").replace(/\u2029/g, "\\u2029");
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Sanctuary \u2014 Sovereignty Dashboard</title>
+<style>
+:root {
+  --bg: #07080c;
+  --bg-2: #0f1220;
+  --surface: #131729;
+  --surface-2: #1a1f36;
+  --border: #26304d;
+  --border-strong: #39436a;
+  --ink: #eef1fb;
+  --ink-dim: #b9c0dc;
+  --ink-mute: #7e86a8;
+  --indigo: #6e7bff;
+  --indigo-deep: #3b4ad8;
+  --green: #3ee08f;
+  --green-deep: #168a4d;
+  --amber: #f1c05a;
+  --red: #ff6b7a;
+  --violet: #a77bff;
+  --radius: 14px;
+  --radius-sm: 8px;
+  --shadow: 0 14px 42px rgba(3, 6, 19, 0.45);
+  --mono: ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace;
+}
+* { margin: 0; padding: 0; box-sizing: border-box; }
+html, body { background: var(--bg); color: var(--ink); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Inter, sans-serif; min-height: 100vh; -webkit-font-smoothing: antialiased; }
+body { background: radial-gradient(circle at 50% -200px, rgba(110, 123, 255, 0.18), transparent 60%), var(--bg); }
+a { color: var(--indigo); text-decoration: none; }
+button { font: inherit; cursor: pointer; }
+
+.wrap { max-width: 1180px; margin: 0 auto; padding: 40px 32px 120px; }
+
+/* \u2500\u2500 Top meta row \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.meta-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  color: var(--ink-mute);
+  font-size: 12px;
+  letter-spacing: 0.08em;
+  text-transform: uppercase;
+  margin-bottom: 8px;
+}
+.meta-row .mode-pill {
+  padding: 4px 10px;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: var(--surface);
+  font-family: var(--mono);
+  text-transform: none;
+  letter-spacing: 0;
+  font-size: 11px;
+  color: var(--ink-dim);
+}
+
+/* \u2500\u2500 Hero \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.hero {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  text-align: center;
+  padding: 48px 24px 56px;
+  border-radius: 22px;
+  background:
+    radial-gradient(circle at 50% 0%, rgba(62, 224, 143, 0.08), transparent 70%),
+    linear-gradient(180deg, var(--bg-2) 0%, var(--surface) 100%);
+  border: 1px solid var(--border);
+  box-shadow: var(--shadow);
+  margin-bottom: 32px;
+  position: relative;
+  overflow: hidden;
+}
+.hero::after {
+  content: "";
+  position: absolute;
+  inset: 0;
+  background: radial-gradient(circle at 50% 100%, rgba(110, 123, 255, 0.10), transparent 60%);
+  pointer-events: none;
+}
+.shield {
+  width: 200px;
+  height: 200px;
+  position: relative;
+  filter: drop-shadow(0 16px 32px rgba(62, 224, 143, 0.18));
+  animation: hero-in 600ms cubic-bezier(0.2, 0.8, 0.2, 1) both;
+}
+@keyframes hero-in {
+  from { opacity: 0; transform: translateY(12px) scale(0.96); }
+  to { opacity: 1; transform: translateY(0) scale(1); }
+}
+.shield svg { width: 100%; height: 100%; display: block; }
+.shield.green .shield-ring { stroke: var(--green); }
+.shield.green .shield-core { fill: rgba(62, 224, 143, 0.14); }
+.shield.green .shield-mark { stroke: var(--green); }
+.shield.yellow .shield-ring { stroke: var(--amber); }
+.shield.yellow .shield-core { fill: rgba(241, 192, 90, 0.14); }
+.shield.yellow .shield-mark { stroke: var(--amber); }
+.shield.red .shield-ring { stroke: var(--red); }
+.shield.red .shield-core { fill: rgba(255, 107, 122, 0.16); }
+.shield.red .shield-mark { stroke: var(--red); }
+.shield .shield-ring {
+  fill: none;
+  stroke-width: 3;
+  stroke-dasharray: 600;
+  stroke-dashoffset: 0;
+  transform-origin: center;
+  transition: stroke 320ms ease;
+}
+.shield .shield-ring-bg { fill: none; stroke: rgba(255, 255, 255, 0.06); stroke-width: 3; }
+.shield .shield-mark { fill: none; stroke-width: 4; stroke-linecap: round; stroke-linejoin: round; transition: stroke 320ms ease; }
+
+.hero h1 {
+  font-size: 40px;
+  font-weight: 650;
+  letter-spacing: -0.02em;
+  margin-top: 28px;
+  position: relative;
+  z-index: 1;
+}
+.hero .hero-sub {
+  margin-top: 10px;
+  color: var(--ink-dim);
+  font-size: 15px;
+  position: relative;
+  z-index: 1;
+}
+.identity-line {
+  margin-top: 22px;
+  display: inline-flex;
+  align-items: center;
+  gap: 10px;
+  padding: 10px 18px;
+  border-radius: 999px;
+  border: 1px solid var(--border);
+  background: rgba(19, 23, 41, 0.7);
+  font-family: var(--mono);
+  font-size: 13px;
+  color: var(--ink-dim);
+  position: relative;
+  z-index: 1;
+}
+.identity-line .name { color: var(--ink); font-weight: 500; font-family: -apple-system, BlinkMacSystemFont, Inter, sans-serif; letter-spacing: 0; }
+.identity-line .sep { color: var(--ink-mute); }
+.identity-line .did { color: var(--violet); }
+.identity-line .primary-flag {
+  padding: 2px 8px;
+  border-radius: 999px;
+  background: rgba(110, 123, 255, 0.16);
+  color: var(--indigo);
+  font-size: 11px;
+  text-transform: uppercase;
+  letter-spacing: 0.1em;
+  font-family: -apple-system, BlinkMacSystemFont, Inter, sans-serif;
+}
+
+/* \u2500\u2500 Layer grid \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.layer-grid {
+  display: grid;
+  grid-template-columns: repeat(4, 1fr);
+  gap: 16px;
+  margin-bottom: 32px;
+}
+@media (max-width: 960px) { .layer-grid { grid-template-columns: repeat(2, 1fr); } }
+@media (max-width: 520px) { .layer-grid { grid-template-columns: 1fr; } }
+
+.layer-card {
+  padding: 20px;
+  border-radius: var(--radius);
+  background: var(--surface);
+  border: 1px solid var(--border);
+  transition: border 220ms ease, transform 220ms ease;
+}
+.layer-card:hover { border-color: var(--border-strong); transform: translateY(-1px); }
+
+.layer-head { display: flex; align-items: flex-start; gap: 12px; margin-bottom: 14px; }
+.layer-dot { width: 12px; height: 12px; border-radius: 50%; margin-top: 6px; background: var(--ink-mute); box-shadow: 0 0 0 3px rgba(255, 255, 255, 0.04); }
+.layer-full .layer-dot { background: var(--green); box-shadow: 0 0 0 3px rgba(62, 224, 143, 0.18); }
+.layer-degraded .layer-dot { background: var(--amber); box-shadow: 0 0 0 3px rgba(241, 192, 90, 0.18); }
+.layer-compromised .layer-dot { background: var(--red); box-shadow: 0 0 0 3px rgba(255, 107, 122, 0.18); }
+.layer-head h3 { font-size: 13px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--ink-dim); margin-bottom: 4px; }
+.layer-headline { font-size: 15px; color: var(--ink); line-height: 1.35; }
+
+.layer-detail { display: flex; flex-direction: column; gap: 8px; }
+.layer-detail > div { display: flex; justify-content: space-between; gap: 12px; font-size: 12px; }
+.layer-detail dt { color: var(--ink-mute); text-transform: uppercase; letter-spacing: 0.06em; font-size: 11px; }
+.layer-detail dd { color: var(--ink-dim); text-align: right; font-family: var(--mono); font-size: 12px; }
+
+.layer-cta { margin-top: 6px; text-align: center; padding: 16px; border-radius: var(--radius-sm); background: var(--bg-2); border: 1px solid var(--border); }
+.score-block { display: flex; flex-direction: column; gap: 2px; }
+.score-value { font-size: 28px; font-weight: 650; color: var(--green); letter-spacing: -0.02em; }
+.score-label { font-size: 11px; text-transform: uppercase; color: var(--ink-mute); letter-spacing: 0.08em; }
+.claim-block { font-size: 13px; color: var(--violet); }
+
+/* \u2500\u2500 L4 evidence widget (v0.9.1) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.l4-evidence { margin-top: 12px; padding-top: 12px; border-top: 1px dashed var(--border); }
+.l4-evidence-summary { gap: 6px; margin-bottom: 10px; }
+.l4-evidence-summary dt { font-size: 10px; }
+.l4-evidence-summary dd { font-size: 11px; }
+.l4-deg-list { list-style: none; display: flex; flex-direction: column; gap: 6px; margin-top: 8px; }
+.l4-deg { padding: 8px 10px; border-radius: var(--radius-sm); background: var(--bg-2); border: 1px solid var(--border); font-size: 12px; }
+.l4-deg-head { display: flex; justify-content: space-between; align-items: baseline; gap: 8px; margin-bottom: 3px; }
+.l4-deg-code { font-family: var(--mono); font-size: 11px; color: var(--ink); letter-spacing: 0.02em; }
+.l4-deg-sev { font-size: 10px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--ink-mute); }
+.l4-deg-warning { border-color: rgba(241, 192, 90, 0.4); }
+.l4-deg-warning .l4-deg-sev { color: var(--amber); }
+.l4-deg-critical { border-color: rgba(255, 107, 122, 0.5); }
+.l4-deg-critical .l4-deg-sev { color: var(--red); }
+.l4-deg-info .l4-deg-sev { color: var(--indigo); }
+.l4-deg-desc { color: var(--ink-dim); line-height: 1.35; font-size: 11px; }
+.l4-deg-mit { color: var(--ink-mute); line-height: 1.35; font-size: 10px; margin-top: 3px; font-style: italic; }
+
+/* \u2500\u2500 Section headers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.section { margin-bottom: 28px; }
+.section h2 {
+  font-size: 13px;
+  text-transform: uppercase;
+  letter-spacing: 0.1em;
+  color: var(--ink-dim);
+  margin-bottom: 12px;
+  display: flex;
+  align-items: center;
+  gap: 12px;
+}
+.section h2 .count {
+  font-family: var(--mono);
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 999px;
+  background: var(--surface);
+  border: 1px solid var(--border);
+  color: var(--ink-mute);
+  text-transform: none;
+  letter-spacing: 0;
+}
+
+/* \u2500\u2500 Approval queue \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.approval-list { display: flex; flex-direction: column; gap: 10px; }
+.approval {
+  padding: 16px;
+  background: var(--surface);
+  border: 1px solid var(--amber);
+  border-radius: var(--radius);
+  box-shadow: 0 0 0 1px rgba(241, 192, 90, 0.18);
+  animation: fade-up 260ms ease both;
+}
+@keyframes fade-up { from { opacity: 0; transform: translateY(6px); } to { opacity: 1; transform: translateY(0); } }
+.approval-head { display: flex; align-items: center; gap: 10px; margin-bottom: 6px; font-size: 14px; }
+.tier-chip { padding: 2px 8px; border-radius: 999px; font-size: 10px; text-transform: uppercase; letter-spacing: 0.08em; font-family: -apple-system, Inter, sans-serif; }
+.tier-chip.tier-1 { background: rgba(255, 107, 122, 0.16); color: var(--red); }
+.tier-chip.tier-2 { background: rgba(241, 192, 90, 0.16); color: var(--amber); }
+.approval-reason { font-size: 13px; color: var(--ink-dim); margin-bottom: 12px; }
+.approval-actions { display: flex; gap: 8px; }
+.btn {
+  padding: 7px 14px;
+  border-radius: var(--radius-sm);
+  border: 1px solid var(--border);
+  background: var(--surface-2);
+  color: var(--ink);
+  font-size: 13px;
+  transition: all 160ms ease;
+}
+.btn:hover { border-color: var(--border-strong); background: #202641; }
+.btn-allow { background: var(--green-deep); border-color: var(--green-deep); color: white; }
+.btn-allow:hover { background: #1ba25b; border-color: #1ba25b; }
+.btn-deny { background: transparent; border-color: var(--red); color: var(--red); }
+.btn-deny:hover { background: rgba(255, 107, 122, 0.1); border-color: var(--red); }
+
+/* \u2500\u2500 Tables \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.panel { background: var(--surface); border: 1px solid var(--border); border-radius: var(--radius); overflow: hidden; }
+.panel-head { display: flex; justify-content: space-between; align-items: center; padding: 12px 18px; border-bottom: 1px solid var(--border); }
+.panel-head h3 { font-size: 12px; text-transform: uppercase; letter-spacing: 0.1em; color: var(--ink-dim); }
+.filter-row { display: flex; gap: 6px; }
+.filter-row button {
+  padding: 4px 10px;
+  font-size: 11px;
+  border-radius: 999px;
+  background: transparent;
+  border: 1px solid var(--border);
+  color: var(--ink-mute);
+  text-transform: uppercase;
+  letter-spacing: 0.06em;
+  transition: all 140ms ease;
+}
+.filter-row button.active, .filter-row button:hover { color: var(--ink); border-color: var(--border-strong); background: var(--surface-2); }
+
+table { width: 100%; border-collapse: collapse; }
+th, td { padding: 10px 18px; text-align: left; font-size: 13px; border-bottom: 1px solid var(--border); }
+th { font-size: 11px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--ink-mute); font-weight: 500; background: var(--bg-2); }
+tr:last-child td { border-bottom: none; }
+tr.empty td { text-align: center; color: var(--ink-mute); padding: 32px 18px; }
+.mono { font-family: var(--mono); font-size: 12px; }
+.time { color: var(--ink-mute); white-space: nowrap; }
+.tier { text-align: center; font-family: var(--mono); font-size: 11px; font-weight: 600; }
+.tier-1 { color: var(--red); }
+.tier-2 { color: var(--amber); }
+.tier-3 { color: var(--green); }
+.result { font-family: var(--mono); font-size: 12px; text-transform: uppercase; letter-spacing: 0.06em; }
+.result-allowed, .result-success { color: var(--green); }
+.result-denied, .result-failure { color: var(--red); }
+.result-approved { color: var(--indigo); }
+.result-pending { color: var(--amber); }
+.layer-pill { font-family: var(--mono); font-size: 11px; padding: 2px 8px; border-radius: 999px; background: var(--surface-2); color: var(--ink-dim); display: inline-block; }
+
+/* \u2500\u2500 Upstream servers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+.server-list { list-style: none; display: flex; flex-direction: column; gap: 8px; }
+.server-row { display: flex; align-items: center; gap: 10px; padding: 10px 14px; background: var(--surface); border: 1px solid var(--border); border-radius: var(--radius-sm); font-size: 13px; }
+.server-dot { width: 8px; height: 8px; border-radius: 50%; background: var(--ink-mute); }
+.server-row.state-connected .server-dot { background: var(--green); }
+.server-row.state-connecting .server-dot { background: var(--amber); }
+.server-row.state-disconnected .server-dot, .server-row.state-error .server-dot { background: var(--red); }
+.server-meta { margin-left: auto; font-size: 12px; color: var(--ink-mute); font-family: var(--mono); }
+
+.empty-block { padding: 18px; color: var(--ink-mute); text-align: center; font-size: 13px; background: var(--surface); border: 1px dashed var(--border); border-radius: var(--radius-sm); }
+
+/* \u2500\u2500 Audit collapsible \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+details.audit-details { background: var(--surface); border: 1px solid var(--border); border-radius: var(--radius); overflow: hidden; }
+details.audit-details summary { cursor: pointer; list-style: none; padding: 14px 18px; display: flex; align-items: center; justify-content: space-between; }
+details.audit-details summary::-webkit-details-marker { display: none; }
+details.audit-details summary h3 { font-size: 12px; text-transform: uppercase; letter-spacing: 0.1em; color: var(--ink-dim); }
+details.audit-details summary .caret { color: var(--ink-mute); font-family: var(--mono); }
+details.audit-details[open] .caret { transform: rotate(90deg); display: inline-block; }
+details.audit-details .audit-filters { display: flex; gap: 6px; padding: 0 18px 12px; border-bottom: 1px solid var(--border); }
+</style>
+</head>
+<body>
+<div class="wrap">
+  <div class="meta-row">
+    <span>Sanctuary Framework</span>
+    <span class="mode-pill" id="mode-pill">${escHtml(snapshot.mode)} \xB7 v${escHtml(snapshot.server_version)}</span>
+  </div>
+
+  <section class="hero">
+    <div class="shield ${escHtml(overall.light)}" id="shield">
+      <svg viewBox="0 0 200 200" aria-hidden="true">
+        <circle class="shield-ring-bg" cx="100" cy="100" r="92"></circle>
+        <circle class="shield-ring" cx="100" cy="100" r="92"></circle>
+        <circle class="shield-core" cx="100" cy="100" r="80" fill="rgba(255,255,255,0.02)"></circle>
+        <path class="shield-mark" d="M100 52 L132 68 L132 108 C132 130 118 144 100 150 C82 144 68 130 68 108 L68 68 Z"></path>
+        <path class="shield-mark" d="M85 102 L96 113 L118 90"></path>
+      </svg>
+    </div>
+    <h1 id="hero-copy">${escHtml(HERO_COPY)}</h1>
+    <p class="hero-sub" id="hero-sub">${escHtml(overall.headline)}</p>
+    <div class="identity-line" id="identity-line">
+      <span class="name" id="agent-name">${escHtml(agent.display_name)}</span>
+      <span class="sep">\xB7</span>
+      <span class="did" id="agent-did">${escHtml(agent.did_fingerprint ?? "unclaimed")}</span>
+      ${agent.primary_identity_id ? `<span class="primary-flag">Primary</span>` : ""}
+    </div>
+  </section>
+
+  <div class="layer-grid" id="layer-grid">
+    ${l1Card(layers.l1)}
+    ${l2Card(layers.l2)}
+    ${l3Card(layers.l3)}
+    ${l4Card(layers.l4)}
+  </div>
+
+  <section class="section" id="approval-section">
+    <h2>Needs approval <span class="count" id="approval-count">${pending_approvals.length}</span></h2>
+    <div class="approval-list" id="approval-list">${approvalItems}</div>
+  </section>
+
+  <section class="section">
+    <h2>Upstream servers <span class="count">${upstream_servers.length}</span></h2>
+    <ul class="server-list" id="server-list">${serverRows}</ul>
+  </section>
+
+  <section class="section">
+    <h2>Live activity <span class="count" id="activity-count">${activity.length}</span></h2>
+    <div class="panel">
+      <div class="panel-head"><h3>Recent tool calls</h3></div>
+      <table>
+        <thead><tr><th>Time</th><th>Tool</th><th>Server</th><th>Tier</th><th>Result</th></tr></thead>
+        <tbody id="activity-body">${activityRows}</tbody>
+      </table>
+    </div>
+  </section>
+
+  <section class="section">
+    <details class="audit-details">
+      <summary>
+        <h3>Audit trail <span class="count" id="audit-count">${audit.length}</span></h3>
+        <span class="caret">\u25B8</span>
+      </summary>
+      <div class="audit-filters">
+        <div class="filter-row" id="audit-filter">
+          <button class="active" data-filter="all">All</button>
+          <button data-filter="l1">Cognitive</button>
+          <button data-filter="l2">Operational</button>
+          <button data-filter="l3">Disclosure</button>
+          <button data-filter="l4">Reputation</button>
+        </div>
+      </div>
+      <table>
+        <thead><tr><th>Time</th><th>Layer</th><th>Operation</th><th>Result</th></tr></thead>
+        <tbody id="audit-body">${auditRows}</tbody>
+      </table>
+    </details>
+  </section>
+</div>
+
+<script>
+(() => {
+  const INITIAL_SNAPSHOT = ${initialSnapshot};
+  const AUTH_TOKEN = ${options.authToken ? JSON.stringify(options.authToken) : "null"};
+  const AUTH_HEADER = AUTH_TOKEN ? { "Authorization": "Bearer " + AUTH_TOKEN } : {};
+  const AUTH_QS = AUTH_TOKEN ? "?token=" + encodeURIComponent(AUTH_TOKEN) : "";
+
+  let snapshot = INITIAL_SNAPSHOT;
+
+  function esc(value) {
+    if (value == null) return "";
+    return String(value)
+      .replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;")
+      .replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+  }
+  function fmtTime(iso) {
+    try { return new Date(iso).toLocaleTimeString(); } catch { return iso; }
+  }
+
+  function renderShield(light, headline) {
+    const shield = document.getElementById("shield");
+    if (!shield) return;
+    shield.classList.remove("green", "yellow", "red");
+    shield.classList.add(light);
+    document.getElementById("hero-sub").textContent = headline;
+  }
+
+  function renderActivity(entries) {
+    const body = document.getElementById("activity-body");
+    const count = document.getElementById("activity-count");
+    if (!body) return;
+    count.textContent = String(entries.length);
+    if (!entries.length) {
+      body.innerHTML = '<tr class="empty"><td colspan="5">Waiting for tool calls\u2026</td></tr>';
+      return;
+    }
+    body.innerHTML = entries.map(e => (
+      '<tr class="result-' + esc(e.result) + '">' +
+        '<td class="mono time">' + esc(fmtTime(e.timestamp)) + '</td>' +
+        '<td class="mono">' + esc(e.tool) + '</td>' +
+        '<td class="mono">' + esc(e.server) + '</td>' +
+        '<td class="tier tier-' + esc(e.tier) + '">T' + esc(e.tier) + '</td>' +
+        '<td class="result">' + esc(e.result) + '</td>' +
+      '</tr>'
+    )).join("");
+  }
+
+  function renderApprovals(list) {
+    const container = document.getElementById("approval-list");
+    const count = document.getElementById("approval-count");
+    if (!container) return;
+    count.textContent = String(list.length);
+    if (!list.length) {
+      container.innerHTML = '<div class="empty-block">No pending approvals</div>';
+      return;
+    }
+    container.innerHTML = list.map(p => (
+      '<article class="approval" data-id="' + esc(p.id) + '">' +
+        '<div class="approval-head">' +
+          '<span class="tier-chip tier-' + esc(p.tier) + '">Tier ' + esc(p.tier) + '</span>' +
+          '<span class="mono">' + esc(p.operation) + '</span>' +
+        '</div>' +
+        '<p class="approval-reason">' + esc(p.reason) + '</p>' +
+        '<div class="approval-actions">' +
+          '<button class="btn btn-allow" data-action="allow" data-id="' + esc(p.id) + '">Allow</button>' +
+          '<button class="btn btn-deny" data-action="deny" data-id="' + esc(p.id) + '">Deny</button>' +
+        '</div>' +
+      '</article>'
+    )).join("");
+    wireApprovalButtons();
+  }
+
+  function renderAudit(entries, filter) {
+    filter = filter || "all";
+    const body = document.getElementById("audit-body");
+    const count = document.getElementById("audit-count");
+    if (!body) return;
+    const visible = filter === "all" ? entries : entries.filter(e => e.layer === filter);
+    count.textContent = String(visible.length);
+    if (!visible.length) {
+      body.innerHTML = '<tr class="empty"><td colspan="4">Audit log empty</td></tr>';
+      return;
+    }
+    body.innerHTML = visible.map(e => (
+      '<tr data-kind="' + esc(e.layer) + '" data-op="' + esc(e.operation) + '">' +
+        '<td class="mono time">' + esc(fmtTime(e.timestamp)) + '</td>' +
+        '<td><span class="layer-pill">' + esc(String(e.layer).toUpperCase()) + '</span></td>' +
+        '<td class="mono">' + esc(e.operation) + '</td>' +
+        '<td class="result-' + esc(e.result) + '">' + esc(e.result) + '</td>' +
+      '</tr>'
+    )).join("");
+  }
+
+  function renderAll(snap) {
+    snapshot = snap;
+    renderShield(snap.overall.light, snap.overall.headline);
+    const mp = document.getElementById("mode-pill");
+    if (mp) mp.textContent = snap.mode + " \xB7 v" + snap.server_version;
+    document.getElementById("agent-name").textContent = snap.agent.display_name;
+    document.getElementById("agent-did").textContent = snap.agent.did_fingerprint || "unclaimed";
+    renderActivity(snap.activity);
+    renderApprovals(snap.pending_approvals);
+    renderAudit(snap.audit, currentAuditFilter());
+  }
+
+  function currentAuditFilter() {
+    const active = document.querySelector("#audit-filter button.active");
+    return active ? active.dataset.filter : "all";
+  }
+
+  function wireApprovalButtons() {
+    document.querySelectorAll("#approval-list button[data-action]").forEach(btn => {
+      btn.addEventListener("click", async () => {
+        const id = btn.dataset.id;
+        const action = btn.dataset.action;
+        btn.disabled = true;
+        try {
+          await fetch("/api/approvals/" + encodeURIComponent(id) + "/" + action + AUTH_QS, {
+            method: "POST", headers: AUTH_HEADER
+          });
+        } catch {}
+        await refreshSnapshot();
+      });
+    });
+  }
+
+  function wireAuditFilter() {
+    document.querySelectorAll("#audit-filter button").forEach(btn => {
+      btn.addEventListener("click", () => {
+        document.querySelectorAll("#audit-filter button").forEach(b => b.classList.remove("active"));
+        btn.classList.add("active");
+        renderAudit(snapshot.audit, btn.dataset.filter);
+      });
+    });
+  }
+
+  async function refreshSnapshot() {
+    try {
+      const res = await fetch("/api/snapshot" + AUTH_QS, { headers: AUTH_HEADER });
+      if (!res.ok) return;
+      const snap = await res.json();
+      renderAll(snap);
+    } catch {}
+  }
+
+  function connectSSE() {
+    try {
+      const es = new EventSource("/api/stream" + AUTH_QS);
+      es.addEventListener("snapshot", (ev) => {
+        try { renderAll(JSON.parse(ev.data)); } catch {}
+      });
+      es.addEventListener("activity", () => refreshSnapshot());
+      es.addEventListener("approval", () => refreshSnapshot());
+      es.onerror = () => { es.close(); setTimeout(connectSSE, 3000); };
+    } catch {}
+  }
+
+  wireApprovalButtons();
+  wireAuditFilter();
+  connectSSE();
+})();
+</script>
+</body>
+</html>`;
+}
+
+// src/dashboard/api.ts
+function constantTimeEquals(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return diff === 0;
+}
+function extractToken(req, url) {
+  const header = req.headers.authorization;
+  if (header && header.startsWith("Bearer ")) {
+    return header.slice(7).trim();
+  }
+  const q = url.searchParams.get("token");
+  return q ?? null;
+}
+function isAuthorized(deps, req, url) {
+  if (!deps.authToken) return true;
+  const token = extractToken(req, url);
+  if (!token) return false;
+  return constantTimeEquals(token, deps.authToken);
+}
+function writeJSON(res, status, payload) {
+  res.writeHead(status, {
+    "Content-Type": "application/json",
+    "Cache-Control": "no-store"
+  });
+  res.end(JSON.stringify(payload));
+}
+function writeText(res, status, body, contentType = "text/plain") {
+  res.writeHead(status, {
+    "Content-Type": contentType,
+    "Cache-Control": "no-store"
+  });
+  res.end(body);
+}
+async function handleRequest(deps, req, res) {
+  const host = req.headers.host || "localhost";
+  const url = new URL(req.url ?? "/", `http://${host}`);
+  const method = (req.method ?? "GET").toUpperCase();
+  const path = url.pathname;
+  if (!isAuthorized(deps, req, url)) {
+    writeJSON(res, 401, { error: "unauthorized" });
+    return true;
+  }
+  if (method === "GET" && path === "/api/health") {
+    writeJSON(res, 200, { ok: true, mode: deps.sources.mode });
+    return true;
+  }
+  if (method === "GET" && (path === "/" || path === "/index.html")) {
+    const snapshot = await getProtectionSnapshot(deps.sources);
+    const html = renderDashboardHTML({ snapshot, authToken: deps.authToken });
+    writeText(res, 200, html, "text/html; charset=utf-8");
+    return true;
+  }
+  if (method === "GET" && path === "/api/snapshot") {
+    const snapshot = await getProtectionSnapshot(deps.sources);
+    writeJSON(res, 200, snapshot);
+    return true;
+  }
+  const approvalMatch = /^\/api\/approvals\/([^/]+)\/(allow|deny)$/.exec(path);
+  if (method === "POST" && approvalMatch) {
+    const id = decodeURIComponent(approvalMatch[1]);
+    const action = approvalMatch[2];
+    if (!deps.approvals) {
+      writeJSON(res, 503, { error: "approvals_unavailable" });
+      return true;
+    }
+    const handler = action === "allow" ? deps.approvals.allow : deps.approvals.deny;
+    try {
+      const ok = await handler(id);
+      writeJSON(res, ok ? 200 : 404, { id, action, ok });
+    } catch (err) {
+      writeJSON(res, 500, { error: "approval_failed", message: err.message });
+    }
+    return true;
+  }
+  if (method === "GET" && path === "/api/stream") {
+    await handleStream(deps, res);
+    return true;
+  }
+  return false;
+}
+async function handleStream(deps, res) {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache, no-transform",
+    Connection: "keep-alive",
+    "X-Accel-Buffering": "no"
+  });
+  const snapshot = await getProtectionSnapshot(deps.sources);
+  res.write(`event: snapshot
+data: ${JSON.stringify(snapshot)}
+
+`);
+  const unsubscribe = deps.onEvent ? deps.onEvent((event) => {
+    try {
+      res.write(`event: ${event.type}
+data: ${JSON.stringify(event.data)}
+
+`);
+    } catch {
+    }
+  }) : () => {
+  };
+  const keepAlive = setInterval(() => {
+    try {
+      res.write(": keepalive\n\n");
+    } catch {
+    }
+  }, 25e3);
+  const cleanup = () => {
+    clearInterval(keepAlive);
+    unsubscribe();
+  };
+  res.on("close", cleanup);
+  res.on("error", cleanup);
+}
+
+// src/dashboard/server.ts
+var DEFAULT_PORT = 3501;
+var DEFAULT_HOST = "127.0.0.1";
+async function startDashboardServer(options) {
+  const port = options.port ?? DEFAULT_PORT;
+  const host = options.host ?? DEFAULT_HOST;
+  const listeners = /* @__PURE__ */ new Set();
+  const onEvent = (listener) => {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+  };
+  const publish = (event) => {
+    for (const listener of listeners) {
+      try {
+        listener(event);
+      } catch {
+      }
+    }
+  };
+  const deps = {
+    sources: options.sources,
+    authToken: options.authToken,
+    approvals: options.approvals,
+    onEvent
+  };
+  const server = createServer$2(async (req, res) => {
+    try {
+      const served = await handleRequest(deps, req, res);
+      if (!served) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "not_found", path: req.url }));
+      }
+    } catch (err) {
+      try {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "internal", message: err.message }));
+      } catch {
+      }
+    }
+  });
+  await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(port, host, () => {
+      server.off("error", reject);
+      resolve();
+    });
+  });
+  const actualPort = (() => {
+    const addr = server.address();
+    if (addr && typeof addr === "object") return addr.port;
+    return port;
+  })();
+  const url = `http://${host}:${actualPort}`;
+  return {
+    url,
+    port: actualPort,
+    host,
+    stop: () => new Promise((resolve, reject) => {
+      server.close((err) => err ? reject(err) : resolve());
+    }),
+    publish,
+    publishActivity: (entry) => publish({ type: "activity", data: entry }),
+    publishApproval: (approval) => publish({ type: "approval", data: approval })
+  };
+}
+
+// src/dashboard/index.ts
+async function startDashboard(options) {
+  const activity = options.initialActivity ? [...options.initialActivity] : [];
+  const pending = options.initialPendingApprovals ? [...options.initialPendingApprovals] : [];
+  const sources = {
+    mode: options.mode,
+    server_version: options.serverVersion,
+    ...options.auditLog ? { auditLog: options.auditLog } : {},
+    ...options.identityManager ? { identityManager: options.identityManager } : {},
+    ...options.clientManager ? { clientManager: options.clientManager } : {},
+    ...options.baseline ? { baseline: options.baseline } : {},
+    ...options.policy ? { policy: options.policy } : {},
+    ...options.reputation ? { reputation: options.reputation } : {},
+    ...options.teeAvailable != null ? { teeAvailable: options.teeAvailable } : {},
+    ...options.l4Evidence ? { l4Evidence: options.l4Evidence } : {},
+    activity,
+    pendingApprovals: pending
+  };
+  const serverOpts = {
+    mode: options.mode,
+    sources,
+    ...options.port != null ? { port: options.port } : {},
+    ...options.host ? { host: options.host } : {},
+    ...options.authToken ? { authToken: options.authToken } : {},
+    ...options.approvals ? { approvals: options.approvals } : {}
+  };
+  const handle = await startDashboardServer(serverOpts);
+  const wrapped = {
+    ...handle,
+    publishActivity: (entry) => {
+      activity.unshift(entry);
+      if (activity.length > 50) activity.length = 50;
+      handle.publishActivity(entry);
+    },
+    publishApproval: (approval) => {
+      pending.push(approval);
+      handle.publishApproval(approval);
+    }
+  };
+  return wrapped;
+}
+
 // src/index.ts
 async function createSanctuaryServer(options) {
   const config = await loadConfig(options?.configPath);
   await mkdir(config.storage_path, { recursive: true, mode: 448 });
+  await tightenStoragePermissions(config.storage_path);
   const storage = options?.storage ?? new FilesystemStorage(
     `${config.storage_path}/state`
   );
@@ -21171,12 +22696,6 @@ async function createSanctuaryServer(options) {
     }
   };
   const { tools: l3Tools } = createL3Tools(storage, masterKey, auditLog);
-  const { tools: shrTools } = createSHRTools(
-    config,
-    identityManager,
-    masterKey,
-    auditLog
-  );
   const { tools: handshakeTools, handshakeResults } = createHandshakeTools(
     config,
     identityManager,
@@ -21187,7 +22706,7 @@ async function createSanctuaryServer(options) {
       verascoreUrl: config.verascore.url
     }
   );
-  const { tools: l4Tools} = createL4Tools(
+  const { tools: l4Tools, reputationStore } = createL4Tools(
     storage,
     masterKey,
     identityManager,
@@ -21195,6 +22714,13 @@ async function createSanctuaryServer(options) {
     handshakeResults,
     config.verascore.url
   );
+  const { tools: shrTools } = createSHRTools(
+    config,
+    identityManager,
+    masterKey,
+    auditLog,
+    reputationStore
+  );
   const { tools: federationTools } = createFederationTools(
     auditLog,
     handshakeResults
@@ -21285,7 +22811,8 @@ async function createSanctuaryServer(options) {
     masterKey,
     auditLog,
     policy,
-    keyProtection
+    keyProtection,
+    reputationStore
   });
   const { tools: memoryAttestTools } = createMemoryAttestTools(
     identityManager,
@@ -21457,6 +22984,6 @@ async function createSanctuaryServer(options) {
   };
 }
 
-export { ATTESTATION_VERSION, ApprovalGate, AuditLog, AutoApproveChannel, BaselineTracker, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, ClientManager, CommitmentStore, ContextGateEnforcer, ContextGatePolicyStore, DashboardApprovalChannel, FederationRegistry, FilesystemStorage, InMemoryModelProvenanceStore, InjectionDetector, MODEL_PRESETS, MemoryStorage, PolicyStore, ProxyRouter, ReputationStore, SovereigntyProfileStore, StateStore, StderrApprovalChannel, TIER_WEIGHTS, WebhookApprovalChannel, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createDefaultProfile, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, generateSystemPrompt, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, resolveTier, respondToHandshake, signPayload, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
+export { ATTESTATION_VERSION, ApprovalGate, AuditLog, AutoApproveChannel, BaselineTracker, TEMPLATES as CONTEXT_GATE_TEMPLATES, CallbackApprovalChannel, ClientManager, CommitmentStore, ContextGateEnforcer, ContextGatePolicyStore, DashboardApprovalChannel, FederationRegistry, FilesystemStorage, HERO_COPY, InMemoryModelProvenanceStore, InjectionDetector, MODEL_PRESETS, MemoryStorage, PolicyStore, ProxyRouter, ReputationStore, SovereigntyProfileStore, StateStore, StderrApprovalChannel, TIER_WEIGHTS, WebhookApprovalChannel, canonicalize, classifyField, completeHandshake, computeWeightedScore, createBridgeCommitment, createDefaultProfile, createPedersenCommitment, createProofOfKnowledge, createRangeProof, createSanctuaryServer, evaluateField, filterContext, generateAttestation, generateSHR, generateSystemPrompt, getProtectionSnapshot, getTemplate, initiateHandshake, listTemplateIds, loadConfig, loadPrincipalPolicy, recommendPolicy, renderDashboardHTML, resolveTier, respondToHandshake, signPayload, startDashboard, startDashboardServer, tierDistribution, verifyAttestation, verifyBridgeCommitment, verifyCompletion, verifyPedersenCommitment, verifyProofOfKnowledge, verifyRangeProof, verifySHR, verifySignature };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map