ltcai 4.0.0 → 4.1.0

package/static/v3/js/views/admin-permissions.js

@@ -1,177 +0,0 @@
-/* ============================================================================
- * View: Permissions — Administration · roles and capability mapping (RBAC).
- * Renders the role → capability matrix and per-role summaries from the admin
- * roles endpoint. Capabilities map to product areas; "all" grants everything.
- * Role editing is read-only unless a backend mutation route is added.
- *
- * View contract (shared by all views):
- *   export async function render(ctx) -> single DOM node
- *   ctx = { h, icon, api, store, c, route, params, navigate, toast }
- * ========================================================================== */
-
-/* Capability columns, in product-area order. Each maps to a routable surface
- * and a Tabler icon so the matrix reads at a glance. */
-const CAPS = [
-  { key: "chat", label: "Chat", icon: "message-2", route: "chat" },
-  { key: "search", label: "Search", icon: "arrows-join", route: "hybrid-search" },
-  { key: "files", label: "Files", icon: "folders", route: "files" },
-  { key: "pipeline", label: "Pipeline", icon: "git-branch", route: "pipeline" },
-  { key: "users", label: "Users", icon: "users", route: "admin/users" },
-  { key: "policies", label: "Policies", icon: "shield-lock", route: "admin/policies" },
-  { key: "audit", label: "Audit", icon: "history", route: "admin/audit" },
-  { key: "security", label: "Security", icon: "shield-check", route: "admin/security" },
-];
-
-const ROLE_META = {
-  owner: { icon: "crown", variant: "ok" },
-  admin: { icon: "shield-check", variant: "info" },
-  member: { icon: "user-check", variant: "" },
-  viewer: { icon: "eye", variant: "warn" },
-};
-const metaFor = (role) => ROLE_META[String(role).toLowerCase()] || { icon: "user", variant: "" };
-
-/** A role grants a capability when it holds "all" or that specific cap. */
-const grants = (caps, key) => Array.isArray(caps) && (caps.includes("all") || caps.includes(key));
-const capLabel = (key) => (CAPS.find((cc) => cc.key === key)?.label) || key;
-
-export async function render(ctx) {
-  const { h, icon, c, navigate, toast } = ctx;
-
-  // Live RBAC roles from /admin/roles.
-  const res = await ctx.api.adminRoles();
-  const roles = Array.isArray(res.data && res.data.roles) ? res.data.roles
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-  const totalMembers = roles.reduce((sum, r) => sum + (r.members || 0), 0);
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Permissions",
-      sub: "Roles and capability mapping.",
-      actions: [
-        c.sourceBadge(source),
-        h("button.lt3-btn.lt3-btn--ghost", { on: { click: () => navigate("admin/users") } }, icon("users"), "Members"),
-        h("button.lt3-btn.lt3-btn--primary", { on: { click: () => pendingToast(toast, "Creating a role") } }, icon("plus"), "New role"),
-      ],
-    }),
-
-    c.banner(
-      "Access is role-based (RBAC): every member holds exactly one role, and each role grants a set of capabilities that map to product areas. The owner role grants all capabilities.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("div.lt3-statrow",
-      c.stat({ label: "Roles", value: roles.length, icon: "id-badge-2" }),
-      c.stat({ label: "Members", value: c.fmtNum(totalMembers), icon: "users" }),
-      c.stat({ label: "Capabilities", value: CAPS.length, icon: "key" }),
-      c.stat({ label: "Full-access roles", value: roles.filter((r) => (r.caps || []).includes("all")).length, icon: "crown" }),
-    ),
-
-    c.panel({
-      eyebrow: "RBAC",
-      title: "Capability matrix",
-      sub: "Which product areas each role can reach. Scroll horizontally to see every capability.",
-      children: buildMatrix(ctx, roles),
-    }),
-
-    h("section",
-      c.sectionHead("Roles", c.sourceBadge(source)),
-      buildRoleGrid(ctx, roles),
-    ),
-  );
-
-  return root;
-}
-
-/* ── Capability matrix ──────────────────────────────────────────────────── */
-function buildMatrix(ctx, roles) {
-  const { h, icon, c } = ctx;
-
-  if (!roles.length) {
-    return c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to start mapping capabilities." });
-  }
-
-  const columns = [
-    {
-      key: "role",
-      label: "Role",
-      width: "180px",
-      render: (r) => {
-        const m = metaFor(r.role);
-        return h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-result__rank", { style: { color: "var(--accent)" } }, icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-sm)", "text-transform": "capitalize" } }, r.role),
-            c.pill(`${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`, m.variant || "", { dot: true }),
-          ),
-        );
-      },
-    },
-    ...CAPS.map((cap) => ({
-      key: cap.key,
-      label: cap.label,
-      render: (r) => cell(ctx, grants(r.caps, cap.key)),
-    })),
-  ];
-
-  return c.table(columns, roles);
-}
-
-/** A matrix cell: accent check when granted, muted dash when not. */
-function cell({ h, icon }, granted) {
-  return h("div", { style: { display: "grid", "place-items": "center" }, "aria-label": granted ? "granted" : "not granted" },
-    granted
-      ? h("span", { style: { color: "var(--accent)", "font-size": "var(--lt3-text-lg)", "line-height": "1" } }, icon("check"))
-      : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-lg)", "line-height": "1" }, "aria-hidden": "true" }, "–"),
-  );
-}
-
-/* ── Per-role summary cards ─────────────────────────────────────────────── */
-function buildRoleGrid(ctx, roles) {
-  const { h } = ctx;
-  if (!roles.length) {
-    return ctx.c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to map capabilities." });
-  }
-  return h("div.lt3-grid-auto", roles.map((r) => roleCard(ctx, r)));
-}
-
-function roleCard(ctx, r) {
-  const { h, icon, c, toast } = ctx;
-  const m = metaFor(r.role);
-  const isAll = (r.caps || []).includes("all");
-  const grantedKeys = isAll ? CAPS.map((cc) => cc.key) : CAPS.filter((cc) => (r.caps || []).includes(cc.key)).map((cc) => cc.key);
-
-  return c.card(
-    h("div.lt3-stack-3",
-      h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
-        h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-quick__icon", icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-md)", "text-transform": "capitalize" } }, r.role),
-            h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, `${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`),
-          ),
-        ),
-        c.pill(isAll ? "Full access" : `${grantedKeys.length}/${CAPS.length}`, m.variant || "info"),
-      ),
-
-      h("div.lt3-cluster", { "aria-label": `${r.role} capabilities` },
-        isAll
-          ? h("span.lt3-chip", { dataset: { active: "true" } }, icon("infinity"), "All capabilities")
-          : (grantedKeys.length
-              ? grantedKeys.map((k) => h("span.lt3-chip", { dataset: { active: "true" } }, icon(CAPS.find((cc) => cc.key === k).icon), capLabel(k)))
-              : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, "No capabilities")),
-      ),
-
-      h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", { style: { "align-self": "flex-start" }, on: { click: () => pendingToast(toast, `Editing the ${r.role} role`) } },
-        icon("edit"), "Edit role"),
-    ),
-    { attrs: { "data-role": r.role } },
-  );
-}
-
-/* ── Read-only affordance ───────────────────────────────────────────────── */
-function pendingToast(toast, what) {
-  toast(`${what} is not available in this build — roles are a fixed RBAC model (owner · admin · member · viewer).`, "warn");
-}

package/static/v3/js/views/admin-policies.3658fd86.js

@@ -1,102 +0,0 @@
-/* ============================================================================
- * View: Policies — administration · governance and enforcement.
- * Surfaces the local-first guardrails the workspace enforces and the open-core
- * seam where Enterprise governance packs extend them. Policy state reflects the
- * live /admin/policies contract; missing backend data renders unavailable.
- * ========================================================================== */
-
-// Governance capabilities that live behind the open-core Enterprise seam. These
-// are extension points, not implemented backend logic.
-const PACKS = [
-  { id: "siem", icon: "broadcast", title: "SIEM export", desc: "Stream the audit trail to an external SIEM (Splunk, Elastic, Sentinel)." },
-  { id: "retention", icon: "archive", title: "Compliance retention", desc: "Configurable retention windows and legal-hold for messages and traces." },
-  { id: "isolation", icon: "wall", title: "Tenant isolation", desc: "Hard multi-tenant boundaries with per-tenant keys and storage." },
-];
-
-export async function render(ctx) {
-  const { h, icon, c, toast } = ctx;
-
-  // Live governance posture from /admin/policies.
-  const res = await ctx.api.adminPolicies();
-  const policies = Array.isArray(res.data && res.data.policies) ? res.data.policies
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Policies",
-      sub: "Governance and enforcement.",
-      actions: [c.sourceBadge(source)],
-    }),
-
-    c.banner(
-      "Policies enforce Lattice's local-first guardrails. Enterprise packs extend them with org-wide governance.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("section.lt3-stack-3",
-      c.sectionHead(
-        "Active guardrails",
-        c.sourceBadge(source),
-      ),
-      policies.length
-        ? h("div.lt3-stack-3", policies.map((p) => policyRow(ctx, p)))
-        : c.emptyState({ icon: "shield-off", title: "No policies defined", body: "Policies appear once the governance backend is connected." }),
-    ),
-
-    packsPanel(ctx),
-  );
-
-  return root;
-}
-
-/* ── One policy row: description and its real, runtime-enforced state ─────── */
-// Policies are enforced by the runtime (approval gating, local-only egress,
-// local storage). They are reported read-only — not user-toggleable — so the UI
-// never implies a guardrail can be relaxed from the browser.
-function policyRow({ h, icon, c }, p) {
-  return c.card(
-    h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-      h("div.lt3-stack-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-        h("div.lt3-row-2",
-          h("span.lt3-card__icon", { style: { color: "var(--accent)" } }, icon("shield-check")),
-          h("h3", { style: { "font-size": "var(--lt3-text-base)", "font-weight": "var(--lt3-weight-semibold)", "margin": "0" } }, p.label),
-        ),
-        h("p.lt3-muted", { style: { "font-size": "var(--lt3-text-sm)", "margin": "0" } }, p.value),
-      ),
-      h("div.lt3-row-2", { style: { "flex": "none", "align-items": "center" } },
-        c.statePill(p.enforced ? "active" : "idle"),
-        h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, p.enforced ? "Enforced" : "Not enforced"),
-      ),
-    ),
-  );
-}
-
-/* ── Enterprise governance packs (open-core extension points) ────────────── */
-function packsPanel({ h, icon, c }) {
-  return c.panel({
-    eyebrow: "Open core",
-    title: "Policy packs",
-    sub: "Governance capabilities available as Enterprise extension points on top of the local-first core.",
-    actions: c.sourceBadge("unavailable"),
-    children: h("div.lt3-stack-2",
-      PACKS.map((pk) => h("div.lt3-card.lt3-card--flat",
-        h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "center", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-          h("div.lt3-row-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-            h("span.lt3-card__icon", { style: { color: "var(--muted)" } }, icon(pk.icon)),
-            h("div.lt3-stack-2", { style: { "min-width": "0" } },
-              h("div", { style: { "font-weight": "var(--lt3-weight-medium)" } }, pk.title),
-              h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, pk.desc),
-            ),
-          ),
-          h("div.lt3-row-2", { style: { "flex": "none" } },
-            c.pill("Enterprise", "info"),
-            h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, "Available as an extension point"),
-          ),
-        ),
-      )),
-    ),
-  });
-}

package/static/v3/js/views/admin-policies.js

@@ -1,102 +0,0 @@
-/* ============================================================================
- * View: Policies — administration · governance and enforcement.
- * Surfaces the local-first guardrails the workspace enforces and the open-core
- * seam where Enterprise governance packs extend them. Policy state reflects the
- * live /admin/policies contract; missing backend data renders unavailable.
- * ========================================================================== */
-
-// Governance capabilities that live behind the open-core Enterprise seam. These
-// are extension points, not implemented backend logic.
-const PACKS = [
-  { id: "siem", icon: "broadcast", title: "SIEM export", desc: "Stream the audit trail to an external SIEM (Splunk, Elastic, Sentinel)." },
-  { id: "retention", icon: "archive", title: "Compliance retention", desc: "Configurable retention windows and legal-hold for messages and traces." },
-  { id: "isolation", icon: "wall", title: "Tenant isolation", desc: "Hard multi-tenant boundaries with per-tenant keys and storage." },
-];
-
-export async function render(ctx) {
-  const { h, icon, c, toast } = ctx;
-
-  // Live governance posture from /admin/policies.
-  const res = await ctx.api.adminPolicies();
-  const policies = Array.isArray(res.data && res.data.policies) ? res.data.policies
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Policies",
-      sub: "Governance and enforcement.",
-      actions: [c.sourceBadge(source)],
-    }),
-
-    c.banner(
-      "Policies enforce Lattice's local-first guardrails. Enterprise packs extend them with org-wide governance.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("section.lt3-stack-3",
-      c.sectionHead(
-        "Active guardrails",
-        c.sourceBadge(source),
-      ),
-      policies.length
-        ? h("div.lt3-stack-3", policies.map((p) => policyRow(ctx, p)))
-        : c.emptyState({ icon: "shield-off", title: "No policies defined", body: "Policies appear once the governance backend is connected." }),
-    ),
-
-    packsPanel(ctx),
-  );
-
-  return root;
-}
-
-/* ── One policy row: description and its real, runtime-enforced state ─────── */
-// Policies are enforced by the runtime (approval gating, local-only egress,
-// local storage). They are reported read-only — not user-toggleable — so the UI
-// never implies a guardrail can be relaxed from the browser.
-function policyRow({ h, icon, c }, p) {
-  return c.card(
-    h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-      h("div.lt3-stack-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-        h("div.lt3-row-2",
-          h("span.lt3-card__icon", { style: { color: "var(--accent)" } }, icon("shield-check")),
-          h("h3", { style: { "font-size": "var(--lt3-text-base)", "font-weight": "var(--lt3-weight-semibold)", "margin": "0" } }, p.label),
-        ),
-        h("p.lt3-muted", { style: { "font-size": "var(--lt3-text-sm)", "margin": "0" } }, p.value),
-      ),
-      h("div.lt3-row-2", { style: { "flex": "none", "align-items": "center" } },
-        c.statePill(p.enforced ? "active" : "idle"),
-        h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, p.enforced ? "Enforced" : "Not enforced"),
-      ),
-    ),
-  );
-}
-
-/* ── Enterprise governance packs (open-core extension points) ────────────── */
-function packsPanel({ h, icon, c }) {
-  return c.panel({
-    eyebrow: "Open core",
-    title: "Policy packs",
-    sub: "Governance capabilities available as Enterprise extension points on top of the local-first core.",
-    actions: c.sourceBadge("unavailable"),
-    children: h("div.lt3-stack-2",
-      PACKS.map((pk) => h("div.lt3-card.lt3-card--flat",
-        h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "center", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-          h("div.lt3-row-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-            h("span.lt3-card__icon", { style: { color: "var(--muted)" } }, icon(pk.icon)),
-            h("div.lt3-stack-2", { style: { "min-width": "0" } },
-              h("div", { style: { "font-weight": "var(--lt3-weight-medium)" } }, pk.title),
-              h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, pk.desc),
-            ),
-          ),
-          h("div.lt3-row-2", { style: { "flex": "none" } },
-            c.pill("Enterprise", "info"),
-            h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, "Available as an extension point"),
-          ),
-        ),
-      )),
-    ),
-  });
-}

package/static/v3/js/views/admin-private-vpc.7d342d36.js

@@ -1,135 +0,0 @@
-/* ============================================================================
- * View: Admin · Private VPC — network isolation and peering.
- * Lattice is local-first: by default everything runs on-prem with no external
- * network egress. Private VPC is an Enterprise networking extension for teams
- * that need cloud peering. Reads /vpc/status (fallback-safe, badged) and never
- * invents backend mutations.
- * ========================================================================== */
-
-const PENDING = "an Enterprise networking feature, not available in this build.";
-
-export async function render(ctx) {
-  const { h, icon, api, c, toast } = ctx;
-
-  const statusHost = h("div", c.loading({ lines: 4 }));
-  const subnetsHost = h("div", c.loading({ lines: 3 }));
-  const srcSlot = h("span", c.sourceBadge("pending"));
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Private VPC",
-      sub: "Network isolation and peering.",
-      actions: [
-        h("button.lt3-btn.lt3-btn--primary",
-          { on: { click: () => toast("Configure peering — " + PENDING, "info") } },
-          icon("network"), "Configure peering"),
-      ],
-    }),
-
-    c.banner(
-      "Lattice is local-first. By default everything runs on this machine with no external network egress — Private VPC is an Enterprise networking extension for teams that need cloud peering.",
-      "info", "shield-lock"),
-
-    c.panel({
-      eyebrow: "Network",
-      head: h("div.lt3-row", { style: { "justify-content": "space-between", width: "100%" } },
-        h("div",
-          h("div.lt3-eyebrow", "Network"),
-          h("h3.lt3-panel__title", "Connectivity status"),
-        ),
-        srcSlot,
-      ),
-      children: statusHost,
-    }),
-
-    c.panel({
-      eyebrow: "Topology",
-      title: "Private subnets",
-      sub: "Peered subnets exposed to this workspace.",
-      children: subnetsHost,
-    }),
-
-    buildPosture(ctx),
-  );
-
-  hydrate(ctx, { statusHost, subnetsHost, srcSlot });
-  return root;
-}
-
-/* ── Network posture summary (always-true, local-first facts) ─────────────── */
-function buildPosture({ h, icon, c }) {
-  const items = [
-    { icon: "plug-connected-x", label: "Egress", value: "None", variant: "ok", note: "No external network calls" },
-    { icon: "cpu", label: "Inference", value: "Local", variant: "ok", note: "On-device MLX runtime" },
-    { icon: "folder-lock", label: "Storage", value: "~/.ltcai", variant: "info", note: "Single-tenant on disk" },
-  ];
-  return h("section",
-    c.sectionHead("Network posture"),
-    h("div.lt3-grid-3",
-      items.map((it) => c.card(
-        h("div.lt3-stack-2",
-          h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
-            h("div.lt3-stat__label", icon(it.icon), it.label),
-            c.pill(it.value, it.variant, { dot: true }),
-          ),
-          h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, it.note),
-        ),
-        { flat: true },
-      )),
-    ),
-  );
-}
-
-/* ── Hydration ────────────────────────────────────────────────────────────── */
-async function hydrate(ctx, hosts) {
-  const { h, icon, api, c } = ctx;
-  const { statusHost, subnetsHost, srcSlot } = hosts;
-
-  const res = await api.vpcStatus();
-  const vpc = (res.data && typeof res.data === "object") ? res.data : {};
-  srcSlot.replaceChildren(c.sourceBadge(res.source));
-
-  const subnets = Array.isArray(vpc.private_subnets) ? vpc.private_subnets : [];
-
-  // Status key/value block.
-  const rows = [
-    { icon: "cloud", k: "Provider", v: vpc.provider || "local", mono: true },
-    { icon: "map-pin", k: "Region", v: vpc.region || "on-prem", mono: true },
-    { icon: "lock", k: "VPN status", node: c.statePill(vpc.vpn_status || "standby") },
-    { icon: "arrows-transfer-up", k: "Peering status", node: c.statePill(vpc.peering_status || "not_configured") },
-    { icon: "plug-connected-x", k: "Egress", node: c.pill("local-only", "ok", { dot: true }) },
-    { icon: "subtask", k: "Subnets", v: String(subnets.length) },
-  ];
-  statusHost.replaceChildren(
-    h("dl.lt3-keyval",
-      rows.flatMap((r) => [
-        h("dt", h("span.lt3-row-2", icon(r.icon), r.k)),
-        h("dd", r.node ? r.node : (r.mono ? h("span.lt3-mono", String(r.v)) : String(r.v))),
-      ]),
-    ),
-    !vpc.enabled && h("div.lt3-row-2", { style: { "margin-top": "var(--lt3-space-4)" } },
-      c.pill("Enterprise extension", "info", { dot: true }),
-      h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } },
-        "Private VPC is inactive — Lattice is running fully local."),
-    ),
-  );
-
-  // Private subnets table / empty state.
-  if (!subnets.length) {
-    subnetsHost.replaceChildren(c.emptyState({
-      icon: "network-off",
-      title: "No private subnets",
-      body: "Peering is not configured. Lattice runs fully local by default.",
-    }));
-    return;
-  }
-
-  const columns = [
-    { key: "name", label: "Subnet", render: (s) => h("span.lt3-row-2", icon("subtask"), String(s.name || s.id || "subnet")) },
-    { key: "cidr", label: "CIDR", render: (s) => h("span.lt3-mono", String(s.cidr || s.range || "—")) },
-    { key: "zone", label: "Zone", render: (s) => String(s.zone || s.az || "—") },
-    { key: "state", label: "State", width: "120px", render: (s) => c.statePill(s.state || "active") },
-  ];
-  subnetsHost.replaceChildren(c.table(columns, subnets));
-}

package/static/v3/js/views/admin-private-vpc.js

@@ -1,135 +0,0 @@
-/* ============================================================================
- * View: Admin · Private VPC — network isolation and peering.
- * Lattice is local-first: by default everything runs on-prem with no external
- * network egress. Private VPC is an Enterprise networking extension for teams
- * that need cloud peering. Reads /vpc/status (fallback-safe, badged) and never
- * invents backend mutations.
- * ========================================================================== */
-
-const PENDING = "an Enterprise networking feature, not available in this build.";
-
-export async function render(ctx) {
-  const { h, icon, api, c, toast } = ctx;
-
-  const statusHost = h("div", c.loading({ lines: 4 }));
-  const subnetsHost = h("div", c.loading({ lines: 3 }));
-  const srcSlot = h("span", c.sourceBadge("pending"));
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Private VPC",
-      sub: "Network isolation and peering.",
-      actions: [
-        h("button.lt3-btn.lt3-btn--primary",
-          { on: { click: () => toast("Configure peering — " + PENDING, "info") } },
-          icon("network"), "Configure peering"),
-      ],
-    }),
-
-    c.banner(
-      "Lattice is local-first. By default everything runs on this machine with no external network egress — Private VPC is an Enterprise networking extension for teams that need cloud peering.",
-      "info", "shield-lock"),
-
-    c.panel({
-      eyebrow: "Network",
-      head: h("div.lt3-row", { style: { "justify-content": "space-between", width: "100%" } },
-        h("div",
-          h("div.lt3-eyebrow", "Network"),
-          h("h3.lt3-panel__title", "Connectivity status"),
-        ),
-        srcSlot,
-      ),
-      children: statusHost,
-    }),
-
-    c.panel({
-      eyebrow: "Topology",
-      title: "Private subnets",
-      sub: "Peered subnets exposed to this workspace.",
-      children: subnetsHost,
-    }),
-
-    buildPosture(ctx),
-  );
-
-  hydrate(ctx, { statusHost, subnetsHost, srcSlot });
-  return root;
-}
-
-/* ── Network posture summary (always-true, local-first facts) ─────────────── */
-function buildPosture({ h, icon, c }) {
-  const items = [
-    { icon: "plug-connected-x", label: "Egress", value: "None", variant: "ok", note: "No external network calls" },
-    { icon: "cpu", label: "Inference", value: "Local", variant: "ok", note: "On-device MLX runtime" },
-    { icon: "folder-lock", label: "Storage", value: "~/.ltcai", variant: "info", note: "Single-tenant on disk" },
-  ];
-  return h("section",
-    c.sectionHead("Network posture"),
-    h("div.lt3-grid-3",
-      items.map((it) => c.card(
-        h("div.lt3-stack-2",
-          h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
-            h("div.lt3-stat__label", icon(it.icon), it.label),
-            c.pill(it.value, it.variant, { dot: true }),
-          ),
-          h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, it.note),
-        ),
-        { flat: true },
-      )),
-    ),
-  );
-}
-
-/* ── Hydration ────────────────────────────────────────────────────────────── */
-async function hydrate(ctx, hosts) {
-  const { h, icon, api, c } = ctx;
-  const { statusHost, subnetsHost, srcSlot } = hosts;
-
-  const res = await api.vpcStatus();
-  const vpc = (res.data && typeof res.data === "object") ? res.data : {};
-  srcSlot.replaceChildren(c.sourceBadge(res.source));
-
-  const subnets = Array.isArray(vpc.private_subnets) ? vpc.private_subnets : [];
-
-  // Status key/value block.
-  const rows = [
-    { icon: "cloud", k: "Provider", v: vpc.provider || "local", mono: true },
-    { icon: "map-pin", k: "Region", v: vpc.region || "on-prem", mono: true },
-    { icon: "lock", k: "VPN status", node: c.statePill(vpc.vpn_status || "standby") },
-    { icon: "arrows-transfer-up", k: "Peering status", node: c.statePill(vpc.peering_status || "not_configured") },
-    { icon: "plug-connected-x", k: "Egress", node: c.pill("local-only", "ok", { dot: true }) },
-    { icon: "subtask", k: "Subnets", v: String(subnets.length) },
-  ];
-  statusHost.replaceChildren(
-    h("dl.lt3-keyval",
-      rows.flatMap((r) => [
-        h("dt", h("span.lt3-row-2", icon(r.icon), r.k)),
-        h("dd", r.node ? r.node : (r.mono ? h("span.lt3-mono", String(r.v)) : String(r.v))),
-      ]),
-    ),
-    !vpc.enabled && h("div.lt3-row-2", { style: { "margin-top": "var(--lt3-space-4)" } },
-      c.pill("Enterprise extension", "info", { dot: true }),
-      h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } },
-        "Private VPC is inactive — Lattice is running fully local."),
-    ),
-  );
-
-  // Private subnets table / empty state.
-  if (!subnets.length) {
-    subnetsHost.replaceChildren(c.emptyState({
-      icon: "network-off",
-      title: "No private subnets",
-      body: "Peering is not configured. Lattice runs fully local by default.",
-    }));
-    return;
-  }
-
-  const columns = [
-    { key: "name", label: "Subnet", render: (s) => h("span.lt3-row-2", icon("subtask"), String(s.name || s.id || "subnet")) },
-    { key: "cidr", label: "CIDR", render: (s) => h("span.lt3-mono", String(s.cidr || s.range || "—")) },
-    { key: "zone", label: "Zone", render: (s) => String(s.zone || s.az || "—") },
-    { key: "state", label: "State", width: "120px", render: (s) => c.statePill(s.state || "active") },
-  ];
-  subnetsHost.replaceChildren(c.table(columns, subnets));
-}