dual-brain 7.1.3 → 7.1.5

package/CLAUDE.md

@@ -2,7 +2,7 @@
 
 This project uses dual-provider orchestration. Config: `.claude/orchestrator.json`.
 
-## Core Architecture (v6)
+## Core Architecture (v7)
 
 Four modules in `src/` form the decision pipeline:
 
@@ -71,21 +71,21 @@ Dual-brain is a multi-round conversation between Claude and GPT — not a single
 ## Quality Gate
 
 Before ending a session with code changes:
-1. Run `node .claude/hooks/session-report.mjs`
-2. Run `node .claude/hooks/quality-gate.mjs`
+1. `node .claude/hooks/session-report.mjs` (allowed by head-guard for hook scripts)
+2. `node .claude/hooks/quality-gate.mjs`
 
 Gate statuses: `pass` (safe to end), `issues_found` (fix first), `needs_human_review` (GPT unavailable).
 
 ## Profiles
 
-Profile persists to `.claude/dual-brain.profile.json` (gitignored).
+Profile persists to `.dualbrain/profile.json` (project-scoped, gitignored).
 
 - **auto** (default): Adapts routing based on task risk, provider health, and outcomes
 - **balanced**: Best model per tier, normal budgets, reviews at medium+ risk
 - **cost-saver**: Prefer cheaper models, lower budgets, skip GPT for non-critical
 - **quality-first**: Dual-brain for medium+ risk, higher budgets, stricter reviews
 
-Switch: `dual-brain mode cost-saver` · Natural language aliases work: "be careful", "cheap mode", "thorough"
+Switch via the interactive Profile screen in `dual-brain`, or set `bias` in `.dualbrain/profile.json`.
 
 ## Adaptive Routing (Auto Mode)
 

package/README.md

@@ -24,7 +24,7 @@ dual-brain detects the intent and risk of your task, picks the best model based
 
 ### `dual-brain init`
 
-First-time setup. Three questions: which providers you have, subscription tiers, and optimization preference.
+First-time setup. Three questions: which providers you have, subscription tiers, and optimization preference. The actual flow auto-detects existing auth and adapts — you may see fewer prompts if credentials are already configured.
 
 ```
 Dual-Brain Orchestrator — First-time setup
@@ -121,7 +121,7 @@ Preferences are stored in `.dualbrain/profile.json` and applied on every `go` in
 import { orchestrate } from 'dual-brain';
 
 const result = await orchestrate({ prompt: "fix the bug", cwd: "." });
-console.log(result.summary);
+console.log(result.result?.summary);
 ```
 
 Individual modules are also exported:
@@ -174,7 +174,7 @@ For Claude Code users, a hooks layer provides deeper integration. Hooks fire on
 
 ```bash
 # Install hooks into .claude/settings.json
-npx -y dual-brain
+npx dual-brain install
 ```
 
 The installer auto-detects your environment (Claude CLI, Codex CLI, Replit), registers `enforce-tier.mjs` and `cost-logger.mjs` hooks, and writes `orchestrator.json` with your subscription config. Re-run anytime — it's idempotent.

package/bin/dual-brain.mjs

@@ -66,9 +66,7 @@ Commands:
 
 Interactive mode (entered with no args on a TTY):
   Shows dashboard screen with menu-driven navigation.
-  [g] Go — dispatch a task
-  [s] Status, [p] Profile, [a] Auth, [d] Diagnostics
-  [c] Command mode (REPL), [q] Exit
+  [s] Status, [p] Profile, [a] Auth, [d] Diagnostics, [q] Exit
 
 Options:
   --version                 Print version
@@ -82,8 +80,9 @@ Options:
 /**
  * Print a compact auth status table to stdout.
  * @param {{ claude: object, openai: object }} auth  Result from detectAuth()
+ * @param {object} [profile]  Optional loaded profile to cross-check enabled state
  */
-function printAuthTable(auth) {
+function printAuthTable(auth, profile) {
   const W = 55; // inner width (wide enough for source labels)
   const hbar = '═'.repeat(W);
   const pad = (s) => {
@@ -91,15 +90,21 @@ function printAuthTable(auth) {
     return s + ' '.repeat(Math.max(0, W - visible.length));
   };
 
+  const claudeDisabled = profile?.providers?.claude?.enabled === false;
+  const openaiDisabled = profile?.providers?.openai?.enabled === false;
+
+  const claudeDisabledNote = claudeDisabled ? ' (auth ok, but disabled in profile)' : '';
+  const openaiDisabledNote = openaiDisabled ? ' (auth ok, but disabled in profile)' : '';
+
   const claudeLine1 = auth.claude.found
-    ? `  Claude:  ✓ found via ${auth.claude.source}`
+    ? `  Claude:  ✓ found via ${auth.claude.source}${claudeDisabledNote}`
     : `  Claude:  ✗ not found`;
   const claudeLine2 = auth.claude.found
     ? `           ${auth.claude.masked}`
     : `           run: dual-brain auth setup`;
 
   const openaiLine1 = auth.openai.found
-    ? `  OpenAI:  ✓ found via ${auth.openai.source}`
+    ? `  OpenAI:  ✓ found via ${auth.openai.source}${openaiDisabledNote}`
     : `  OpenAI:  ✗ not found`;
   const openaiLine2 = auth.openai.found
     ? `           ${auth.openai.masked}`
@@ -122,7 +127,7 @@ async function cmdInit(rl) {
 
   // --- Step 1: Auth preflight ---
   const auth = await detectAuth();
-  printAuthTable(auth);
+  printAuthTable(auth, loadProfile(cwd));
 
   const noneFound = !auth.claude.found && !auth.openai.found;
   if (noneFound) {
@@ -148,6 +153,9 @@ async function cmdInit(rl) {
   const profile = await runOnboarding({ interactive: true, detectedAuth: auth, rl });
   saveProfile(profile, { cwd });
 
+  // --- Step 2b: Install hooks so enforcement is active from first run ---
+  await cmdInstall(cwd);
+
   // --- Step 3: Show dashboard ---
   console.log('');
   const repo    = loadRepoCache(cwd);
@@ -166,7 +174,8 @@ async function cmdAuth(subArgs = [], rl) {
   }
 
   const auth = await detectAuth();
-  printAuthTable(auth);
+  const profile = loadProfile(process.cwd());
+  printAuthTable(auth, profile);
 
   // If anything is missing, point to setup command
   if (!auth.claude.found || !auth.openai.found) {
@@ -272,6 +281,27 @@ async function cmdGo(args) {
     }, cwd);
   } else {
     result = await dispatch({ decision, prompt, files, cwd });
+    if (result.status === 'completed' && result.type === 'native-agent') {
+      const nd = result.nativeDispatch || {};
+      const promptPreview = (nd.prompt || prompt).slice(0, 100);
+      const promptSuffix  = (nd.prompt || prompt).length > 100 ? '...' : '';
+      console.log(`\nRouted: ${decision.provider}/${nd.model || decision.model} (${decision.tier})`);
+      console.log('To dispatch, use the Agent tool with:');
+      console.log(`  model: ${nd.model || decision.model}`);
+      console.log(`  prompt: ${promptPreview}${promptSuffix}`);
+      if (nd.isolation)  console.log(`  isolation: ${nd.isolation}`);
+      if (nd.maxTurns)   console.log(`  maxTurns: ${nd.maxTurns}`);
+      saveSession({
+        objective:    prompt,
+        branch:       null,
+        filesChanged: files,
+        commandsRun:  [`dual-brain go "${prompt}"`],
+        lastResult:   { status: 'success', summary: `native-agent routed to ${nd.model || decision.model}` },
+        provider:     decision.provider,
+        nextAction:   null,
+      }, cwd);
+      return;
+    }
     const statusLine = result.status === 'completed' ? 'Done' : `Failed (exit ${result.exitCode})`;
     console.log(`\n${statusLine} in ${(result.durationMs / 1000).toFixed(1)}s`);
     if (result.summary) console.log(result.summary);
@@ -339,10 +369,20 @@ async function cmdStatus(args = []) {
   const totalTokens = Object.values(sessionStats).reduce((s, v) => s + v.tokens, 0);
   console.log(`\nSession: ${totalCalls} dispatch${totalCalls !== 1 ? 'es' : ''}, ${totalTokens} tokens observed`);
 
-  // Models
+  // Models — only list enabled providers
   console.log('\nAvailable models:');
-  if (available.claude.length) console.log(`  Claude : ${available.claude.join(', ')}`);
-  if (available.openai.length) console.log(`  OpenAI : ${available.openai.join(', ')}`);
+  const claudeEnabled = profile?.providers?.claude?.enabled !== false;
+  const openaiEnabled = profile?.providers?.openai?.enabled !== false;
+  if (claudeEnabled && available.claude.length) {
+    console.log(`  Claude : ${available.claude.join(', ')}`);
+  } else if (!claudeEnabled) {
+    console.log(`  Claude : (disabled — run "dual-brain init" to enable)`);
+  }
+  if (openaiEnabled && available.openai.length) {
+    console.log(`  OpenAI : ${available.openai.join(', ')}`);
+  } else if (!openaiEnabled) {
+    console.log(`  OpenAI : (disabled — run "dual-brain init" to enable)`);
+  }
 
   // Head model
   console.log(`\nHead model : ${getHeadModel(profile)}`);
@@ -425,7 +465,7 @@ async function cmdStatus(args = []) {
 
 const PROVIDER_MODEL_CLASSES = {
   claude: ['haiku', 'sonnet', 'opus'],
-  openai: ['o4-mini', 'o3', 'gpt-4.1', 'gpt-4.1-mini', 'gpt-5.4', 'gpt-5.5'],
+  openai: ['gpt-4.1-mini', 'gpt-4.1', 'gpt-5.2', 'gpt-5.4-mini', 'gpt-5.3-codex', 'gpt-5.4', 'gpt-5.5'],
 };
 
 function cmdHot(providerArg) {
@@ -448,8 +488,8 @@ function cmdCool(providerArg) {
   console.log(`Cleared hot state for all ${provider} model classes.`);
 }
 
-async function cmdInstall() {
-  const cwd = process.cwd();
+async function cmdInstall(cwd) {
+  if (!cwd) cwd = process.cwd();
 
   // Run the main install.mjs (orchestrator config, all hooks, CLAUDE.md, etc.)
   const { spawnSync } = await import('child_process');
@@ -468,8 +508,6 @@ async function cmdInstall() {
     console.log(`Enforcement hooks already present (${skipped.length}):`);
     for (const item of skipped) console.log(`  = ${item}`);
   }
-
-  process.exit(0);
 }
 
 function cmdRemember(text) {
@@ -541,6 +579,7 @@ async function welcomeScreen(rl, ask) {
     } else {
       // Enter or anything else → save and go to dashboard
       saveProfile(setup.profile, { cwd });
+      await cmdInstall(cwd);
       return { next: 'dashboard' };
     }
   } else {
@@ -667,6 +706,8 @@ async function welcomeScreen(rl, ask) {
   console.log(box('Setup Complete', summaryLines));
   console.log('');
 
+  await cmdInstall(cwd);
+
   return { next: 'dashboard' };
 }
 
@@ -680,8 +721,15 @@ async function dashboardScreen(rl, ask) {
   const env = detectEnvironment();
 
   // Build status lines for box
-  const claudeStatus = auth.claude.found ? `🟢 Claude ${badge('connected')}` : `🔴 Claude ${badge('missing')}`;
-  const openaiStatus = auth.openai.found ? `🟢 OpenAI ${badge('connected')}` : `🔴 OpenAI ${badge('missing')}`;
+  // If auth is found but provider is disabled in profile, show warning instead of green
+  const claudeProviderEnabled = profile?.providers?.claude?.enabled !== false;
+  const openaiProviderEnabled = profile?.providers?.openai?.enabled !== false;
+  const claudeStatus = auth.claude.found
+    ? (claudeProviderEnabled ? `🟢 Claude ${badge('connected')}` : `⚠️  Claude ${badge('warning')} disabled`)
+    : `🔴 Claude ${badge('missing')}`;
+  const openaiStatus = auth.openai.found
+    ? (openaiProviderEnabled ? `🟢 OpenAI ${badge('connected')}` : `⚠️  OpenAI ${badge('warning')} disabled`)
+    : `🔴 OpenAI ${badge('missing')}`;
   const envLabel = env.hasReplitTools ? 'Replit + replit-tools' : env.isReplit ? 'Replit' : 'local';
 
   // Enforcement check

package/hooks/head-guard.mjs

@@ -15,7 +15,15 @@
 
 import { readFileSync } from 'fs';
 
-const BLOCKED_TOOLS = new Set(['Edit', 'Write', 'NotebookEdit', 'Bash']);
+const BLOCKED_TOOLS = new Set(['Edit', 'Write', 'NotebookEdit']);
+
+// Patterns that indicate a Bash command is writing/mutating the filesystem.
+// Anchored to avoid false positives on grep/find output containing these words.
+const WRITE_BASH_RE = /\brm\b|\bmv\b|\bcp\b|\bmkdir\b|\btouch\b|\bchmod\b|\bchown\b|\bdd\b|\binstall\b|\btruncate\b|\btee\b|\bsed\s+-i\b|\bawk\s+-i\b|>>|(?<![><])>(?![>=])/;
+
+function isBashWriteIntent(command) {
+  return WRITE_BASH_RE.test(command);
+}
 
 // Read stdin JSON payload
 let input;
@@ -23,9 +31,16 @@ try {
   const raw = readFileSync('/dev/stdin', 'utf8');
   input = JSON.parse(raw);
 } catch {
-  // If we can't read / parse input, fail open — don't break sessions
-  // that aren't using dual-brain at all.
-  process.exit(0);
+  // Can't parse input — fail closed to avoid guard bypass.
+  const output = {
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: '[dual-brain] head-guard could not parse hook input — blocking as a safety measure.',
+    },
+  };
+  process.stdout.write(JSON.stringify(output));
+  process.exit(2);
 }
 
 const toolName = input.tool_name || '';
@@ -50,9 +65,30 @@ if (BLOCKED_TOOLS.has(toolName)) {
   process.exit(2);
 }
 
-// Also block MCP filesystem write tools (any mcp__ tool with write/create/
-// delete/remove/move/rename in the name).
-if (toolName.startsWith('mcp__') && /write|create|delete|remove|move|rename/i.test(toolName)) {
+// Bash: allow read-only commands; block write-intent ones.
+// Always allow node .claude/hooks/ and node hooks/ — CLAUDE.md instructs HEAD to run these.
+if (toolName === 'Bash') {
+  const command = (input.tool_input && input.tool_input.command) || '';
+  if (/^node\s+\.?(?:\.claude\/)?hooks\//.test(command.trimStart())) {
+    process.exit(0);
+  }
+  if (isBashWriteIntent(command)) {
+    const output = {
+      hookSpecificOutput: {
+        hookEventName: 'PreToolUse',
+        permissionDecision: 'deny',
+        permissionDecisionReason:
+          '[dual-brain] HEAD cannot run write-intent Bash commands. Dispatch via: dual-brain go "task description"',
+      },
+    };
+    process.stdout.write(JSON.stringify(output));
+    process.exit(2);
+  }
+  process.exit(0);
+}
+
+// Block MCP filesystem write tools by name.
+if (toolName.startsWith('mcp__') && /write|create|delete|remove|move|rename|append|patch|truncate|copy|commit|push|stage|merge|update|overwrite/i.test(toolName)) {
   const output = {
     hookSpecificOutput: {
       hookEventName: 'PreToolUse',

package/hooks/test-orchestrator.mjs

@@ -445,7 +445,7 @@ test('enforce-tier: cost-saver demotes think', () => {
     // cost-saver's demote_think=true demotes think→execute when text lacks think words
     const payload = JSON.stringify({
       tool_name: 'Agent',
-      tool_input: { prompt: 'edit the README file', model: 'opus' },
+      tool_input: { prompt: '<!-- dual-brain-dispatch: test23 -->edit the README file', model: 'opus' },
     });
     const { parsed, status } = run(ENFORCE_TIER, payload);
     if (status !== 0) return `non-zero exit: ${status}`;
@@ -494,7 +494,7 @@ test('enforce-tier: auto profile with high-risk file', () => {
     // Description with auth/credentials path → risk classifier detects critical risk → promote to think
     const payload = JSON.stringify({
       tool_name: 'Agent',
-      tool_input: { description: 'update src/auth/credentials.mjs', prompt: 'change the token logic', model: 'sonnet' },
+      tool_input: { description: 'update src/auth/credentials.mjs', prompt: '<!-- dual-brain-dispatch: test25 -->change the token logic', model: 'sonnet' },
     });
     const { parsed, status } = run(ENFORCE_TIER, payload);
     if (status !== 0) return `non-zero exit: ${status}`;
@@ -740,9 +740,9 @@ test('install: preserves existing hooks', () => {
   if (!installSrc.includes('.filter'))
     return 'install.mjs missing .filter() call — may clobber non-dual-brain hooks';
 
-  // The merge logic should spread existingEntries first, then add dual-brain hooks
-  if (!installSrc.includes('existingEntries'))
-    return 'install.mjs missing existingEntries variable — may not preserve other hooks';
+  // The merge logic should filter existing hooks before merging dual-brain hooks
+  if (!installSrc.includes('existingPre') && !installSrc.includes('existingEntries'))
+    return 'install.mjs missing existing hook preservation — may not preserve other hooks';
 
   // Verify it reads existing settings before overwriting
   if (!installSrc.includes('existing') || !installSrc.includes('settings.json'))
@@ -1017,7 +1017,7 @@ test('adaptive loop: end-to-end hash match', () => {
     writeFileSync(LEDGER, '', 'utf8');
 
     // Step 1: Define a specific Agent payload used consistently across all steps
-    const toolInput = { prompt: 'fix the auth bug', description: 'patch auth module' };
+    const toolInput = { prompt: '<!-- dual-brain-dispatch: test40 -->fix the auth bug', description: 'patch auth module' };
     const agentPayload = JSON.stringify({ tool_name: 'Agent', tool_input: toolInput });
 
     // Step 2: Run enforce-tier with this payload (computes and may log a promptHash)

package/mcp-server/index.mjs

@@ -253,7 +253,7 @@ async function handleRequest(msg) {
         return respond(id, {
           protocolVersion: '2024-11-05',
           capabilities: { tools: {} },
-          serverInfo: { name: 'dual-brain', version: '7.1.0' },
+          serverInfo: { name: 'dual-brain', version: '7.1.4' },
         });
 
       case 'initialized':
@@ -283,7 +283,7 @@ async function handleRequest(msg) {
   } catch (err) {
     const code = err.code ?? -32000;
     const message = err.message ?? 'Internal error';
-    return errorResponse(id, code, message, err.stack);
+    return errorResponse(id, code, message);
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dual-brain",
-  "version": "7.1.3",
+  "version": "7.1.5",
   "description": "AI orchestration across Claude + OpenAI subscriptions — smart routing, budget awareness, and dual-brain collaboration",
   "type": "module",
   "bin": {
@@ -46,10 +46,50 @@
     "node": ">=20.0.0"
   },
   "files": [
-    "src/*.mjs",
+    "src/profile.mjs",
+    "src/detect.mjs",
+    "src/decide.mjs",
+    "src/dispatch.mjs",
+    "src/playbook.mjs",
+    "src/health.mjs",
+    "src/repo.mjs",
+    "src/session.mjs",
+    "src/decompose.mjs",
+    "src/brief.mjs",
+    "src/redact.mjs",
+    "src/index.mjs",
+    "src/tui.mjs",
+    "src/install-hooks.mjs",
+    "src/update-check.mjs",
     "bin/*.mjs",
-    "hooks/*.mjs",
-    "hooks/*.sh",
+    "hooks/enforce-tier.mjs",
+    "hooks/cost-logger.mjs",
+    "hooks/cost-report.mjs",
+    "hooks/dual-brain-review.mjs",
+    "hooks/dual-brain-think.mjs",
+    "hooks/quality-gate.mjs",
+    "hooks/test-orchestrator.mjs",
+    "hooks/setup-wizard.mjs",
+    "hooks/health-check.mjs",
+    "hooks/install-git-hooks.mjs",
+    "hooks/session-report.mjs",
+    "hooks/budget-balancer.mjs",
+    "hooks/gpt-work-dispatcher.mjs",
+    "hooks/profiles.mjs",
+    "hooks/summary-checkpoint.mjs",
+    "hooks/decision-ledger.mjs",
+    "hooks/control-panel.mjs",
+    "hooks/risk-classifier.mjs",
+    "hooks/failure-detector.mjs",
+    "hooks/vibe-router.mjs",
+    "hooks/plan-generator.mjs",
+    "hooks/vibe-memory.mjs",
+    "hooks/wave-orchestrator.mjs",
+    "hooks/task-classifier.mjs",
+    "hooks/model-registry.mjs",
+    "hooks/auto-update-wrapper.mjs",
+    "hooks/head-guard.mjs",
+    "hooks/auto-update.sh",
     "mcp-server/*.mjs",
     "mcp-server/README.md",
     "install.mjs",

package/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "dual-brain",
-  "version": "7.1.0",
+  "version": "7.1.4",
   "description": "Dual-provider AI orchestration — smart routing between Claude and OpenAI",
   "skills": [
     { "name": "go", "description": "Route and dispatch a task", "file": "skills/go.md" },

package/src/decide.mjs

@@ -71,10 +71,37 @@ const MODEL_CAPABILITIES = {
     effortLevels: ['low', 'medium', 'high'],
     costTier: 'medium',
   },
+  'gpt-5.2': {
+    provider: 'openai',
+    tierFit: ['search', 'execute'],
+    contextWindow: 200_000,
+    costTier: 'medium',
+    strengths: ['code-generation', 'analysis'],
+    weaknesses: [],
+    effortLevels: null,
+  },
+  'gpt-5.4-mini': {
+    provider: 'openai',
+    tierFit: ['search'],
+    contextWindow: 200_000,
+    costTier: 'low',
+    strengths: ['quick-tasks', 'search'],
+    weaknesses: ['complex-edits', 'architecture'],
+    effortLevels: null,
+  },
+  'gpt-5.3-codex': {
+    provider: 'openai',
+    tierFit: ['execute'],
+    contextWindow: 200_000,
+    costTier: 'medium',
+    strengths: ['code-generation', 'refactoring'],
+    weaknesses: ['architecture', 'security'],
+    effortLevels: null,
+  },
   'gpt-5.4': {
     provider: 'openai',
     tierFit: ['execute', 'think'],
-    contextWindow: 200_000,
+    contextWindow: 1_050_000,
     strengths: ['refactor', 'debug', 'code-generation', 'test'],
     weaknesses: ['cost'],
     effortLevels: ['low', 'medium', 'high', 'xhigh'],
@@ -83,7 +110,7 @@ const MODEL_CAPABILITIES = {
   'gpt-5.5': {
     provider: 'openai',
     tierFit: ['think'],
-    contextWindow: 200_000,
+    contextWindow: 1_000_000,
     strengths: ['architecture', 'security', 'review', 'planning', 'complex-debug'],
     weaknesses: ['cost', 'latency'],
     effortLevels: ['low', 'medium', 'high', 'xhigh'],
@@ -264,16 +291,19 @@ function applyHealthDowngrade(model, score, provider, available, isHighStakes) {
   }
 }
 
-function applyProfileBias(model, profile, provider, available) {
+function applyProfileBias(model, profile, provider, available, tier) {
   const mode = profile?.mode || profile?.profile || 'auto';
   if (mode === 'cost-saver') {
-    // Prefer cheapest available
+    // Prefer cheapest available that also fits the required tier
     const ranks = {
       claude: ['haiku', 'sonnet', 'opus'],
       openai: ['gpt-4.1-mini', 'gpt-4.1', 'gpt-5.2', 'gpt-5.4-mini', 'gpt-5.3-codex', 'gpt-5.4', 'gpt-5.5'],
     };
     for (const m of ranks[provider]) {
-      if (available.includes(m)) return m;
+      if (!available.includes(m)) continue;
+      const caps = MODEL_CAPABILITIES[m];
+      if (tier && caps && !caps.tierFit.includes(tier)) continue;
+      return m;
     }
   }
   if (mode === 'quality-first') {
@@ -449,6 +479,35 @@ export function parsePreferences(preferences) {
   return signals;
 }
 
+// ─── Internal: safety floor for critical-risk tasks ───────────────────────────
+
+/**
+ * Ensure critical-risk tasks are never handled by the cheapest (haiku/gpt-4.1-mini) model.
+ * Cost-saver mode is the main culprit; escalate silently but emit a stderr warning.
+ * @param {string} model
+ * @param {string} provider
+ * @param {string[]} available
+ * @param {'low'|'medium'|'high'|'critical'} risk
+ * @returns {string}
+ */
+function applyCriticalRiskFloor(model, provider, available, risk) {
+  if (risk !== 'critical') return model;
+
+  const cheapModels = { claude: 'haiku', openai: 'gpt-4.1-mini' };
+  const floorModels = { claude: 'sonnet', openai: 'gpt-4.1' };
+
+  if (model === cheapModels[provider]) {
+    const floor = floorModels[provider];
+    const escalated = available.includes(floor) ? floor : available[available.length - 1] ?? model;
+    process.stderr.write(
+      `[dual-brain] Warning: cost-saver selected ${model} for a critical-risk task. ` +
+      `Escalating to ${escalated} (safety floor).\n`
+    );
+    return escalated;
+  }
+  return model;
+}
+
 // ─── Exported: decideRoute ────────────────────────────────────────────────────
 
 /**
@@ -506,7 +565,10 @@ export function decideRoute({ profile = {}, detection = {}, cwd } = {}) {
   model = applyHealthDowngrade(model, healthScores[provider], provider, available[provider], isHighStakes);
 
   // Apply profile mode bias (cost-saver / quality-first / preferences) using patched profile
-  model = applyProfileBias(model, profileWithEffectiveBias, provider, available[provider]);
+  model = applyProfileBias(model, profileWithEffectiveBias, provider, available[provider], detection.tier);
+
+  // Safety floor: critical-risk tasks must never use haiku/gpt-4.1-mini even in cost-saver mode
+  model = applyCriticalRiskFloor(model, provider, available[provider], detection.risk);
 
   // Apply preferModel signal from preferences (override after all other picks)
   if (prefSignals.preferModel) {

package/src/dispatch.mjs

@@ -647,13 +647,14 @@ async function dispatch(input = {}) {
     }
     _recordDispatchBudget(prompt);
     return {
-      status:        'native-agent',
+      status:        'completed',
+      type:          'native-agent',
       provider:      effectiveProvider,
       model:         effectiveModel,
       command:       null,
       nativeDispatch: nativeDescriptor,
-      exitCode:      null,
-      summary:       `[native] ${nativeDescriptor.description}`,
+      exitCode:      0,
+      summary:       `Routed to ${effectiveProvider}/${effectiveModel} (${effectiveDecision.tier})`,
       durationMs:    0,
       usage:         null,
       error:         null,

package/src/index.mjs

@@ -6,9 +6,9 @@
  * orchestrate() convenience function for programmatic use.
  */
 
-export { loadProfile, saveProfile, ensureProfile, runOnboarding, rememberPreference, forgetPreference, getActivePreferences, getAvailableProviders, isSoloBrain, getHeadModel, detectAuth, detectEnvironment, setupAuth, getActiveKey, removeAuthKey, disableKey, rotateToNextKey } from './profile.mjs';
+export { loadProfile, saveProfile, ensureProfile, runOnboarding, rememberPreference, forgetPreference, getActivePreferences, getAvailableProviders, isSoloBrain, getHeadModel, detectAuth, detectEnvironment, setupAuth, getActiveKey } from './profile.mjs';
 export { detectTask, classifyIntent, classifyRisk, estimateComplexity, inferTier, extractPaths } from './detect.mjs';
-export { decideRoute, getModelCapabilities, getAvailableModels, estimateBudgetPressure, shouldDualBrain, explainDecision } from './decide.mjs';
+export { decideRoute, getModelCapabilities, getAvailableModels, shouldDualBrain, explainDecision } from './decide.mjs';
 export { dispatch, buildCommand, detectRuntime, compressResult, dispatchDualBrain } from './dispatch.mjs';
 export { loadPlaybook, listPlaybooks, executePlaybook, createRunArtifact } from './playbook.mjs';
 export { getHealth, markHot, markDegraded, markHealthy, checkCooldown, getProviderScore, recordDispatch, getSessionStats, resetHealth, remainingCooldownMinutes } from './health.mjs';