ltcai 4.0.1 → 4.1.0

package/static/v3/js/views/admin-audit.js

@@ -1,185 +0,0 @@
-/* ============================================================================
- * View: Audit Logs — Administration · activity and access trail.
- * Reads /admin/audit (live) and renders unavailable state when it cannot load.
- * Severity filter narrows the rendered events; a compact stat row summarizes
- * actors, volume and risk at a glance.
- * ========================================================================== */
-
-import { timeAgo } from "../core/dom.js";
-
-const SEVERITY = {
-  warning: { variant: "warn", label: "Warning", icon: "alert-triangle" },
-  notice: { variant: "info", label: "Notice", icon: "info-circle" },
-  informational: { variant: "", label: "Informational", icon: "point" },
-};
-function severityMeta(s) {
-  return SEVERITY[String(s || "").toLowerCase()] || { variant: "", label: titleCase(s) || "Event", icon: "point" };
-}
-
-const FILTERS = [
-  { key: "all", label: "All" },
-  { key: "informational", label: "Informational" },
-  { key: "notice", label: "Notice" },
-  { key: "warning", label: "Warning" },
-];
-
-export async function render(ctx) {
-  const { h, icon, api, c } = ctx;
-
-  const state = { events: [], source: "pending", filter: "all", loaded: false };
-
-  const srcSlot = h("span", c.sourceBadge("pending"));
-  const filterHost = h("div", buildTabs());
-  const statHost = h("div.lt3-statrow", c.loading({ lines: 1 }));
-  const tableHost = h("div", c.loading({ lines: 6 }));
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Audit Logs",
-      sub: "Activity and access trail",
-      actions: [
-        srcSlot,
-        h("button.lt3-btn.lt3-btn--ghost", {
-          on: { click: () => ctx.toast("Audit export is not available in this build (SIEM export is an Enterprise feature).", "warn") },
-        }, icon("download"), "Export"),
-      ],
-    }),
-    statHost,
-    c.panel({
-      eyebrow: "Trail",
-      title: "Recent events",
-      head: h("div.lt3-row", { style: { "justify-content": "space-between", flex: "1 1 auto", gap: "var(--lt3-space-3)" } },
-        h("div", h("div.lt3-eyebrow", "Trail"), h("h3.lt3-panel__title", "Recent events")),
-        filterHost,
-      ),
-      children: tableHost,
-    }),
-  );
-
-  function buildTabs() {
-    return c.tabs(FILTERS, state.filter, (key) => {
-      state.filter = key;
-      filterHost.replaceChildren(buildTabs());
-      renderTable();
-    });
-  }
-
-  function visibleEvents() {
-    if (state.filter === "all") return state.events;
-    return state.events.filter((e) => String(e.severity || "").toLowerCase() === state.filter);
-  }
-
-  function renderStats() {
-    const events = state.events;
-    const actors = new Set(events.map((e) => e.actor).filter(Boolean)).size;
-    const startOfDay = new Date(); startOfDay.setHours(0, 0, 0, 0);
-    const today = events.filter((e) => {
-      const t = e.ts ? new Date(e.ts).getTime() : NaN;
-      return !Number.isNaN(t) && t >= startOfDay.getTime();
-    }).length;
-    const high = events.filter((e) => ["warning", "high", "critical"].includes(String(e.severity || "").toLowerCase())).length;
-    statHost.replaceChildren(
-      c.stat({ label: "Total events", value: c.fmtNum(events.length), icon: "list-details" }),
-      c.stat({ label: "Actors", value: c.fmtNum(actors), icon: "users" }),
-      c.stat({ label: "Today", value: c.fmtNum(today), icon: "calendar-event" }),
-      c.stat({ label: "High-severity", value: c.fmtNum(high), icon: "shield-exclamation" }),
-    );
-  }
-
-  function renderTable() {
-    const rows = visibleEvents();
-    if (!rows.length) {
-      tableHost.replaceChildren(state.loaded
-        ? c.emptyState({
-            icon: "history-off",
-            title: state.filter === "all" ? "No audit events" : "No matching events",
-            body: state.filter === "all"
-              ? "Activity will appear here as users act in the workspace."
-              : "No events match this severity. Try a broader filter.",
-            action: state.filter === "all" ? null : h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", {
-              on: { click: () => { state.filter = "all"; filterHost.replaceChildren(buildTabs()); renderTable(); } },
-            }, icon("filter-off"), "Clear filter"),
-          })
-        : c.loading({ lines: 6 }));
-      return;
-    }
-    tableHost.replaceChildren(c.table(columns(ctx), rows));
-  }
-
-  async function load() {
-    const res = await api.adminAudit();
-    state.events = normalize(res.data);
-    state.source = res.source;
-    state.loaded = true;
-    srcSlot.replaceChildren(c.sourceBadge(res.source));
-    renderStats();
-    renderTable();
-  }
-
-  load();
-  return root;
-}
-
-/* ── table ───────────────────────────────────────────────────────────────── */
-function columns({ h, icon, c }) {
-  return [
-    {
-      key: "ts", label: "Time", width: "1%",
-      render: (e) => h("span.lt3-mono.lt3-faint", { style: { "white-space": "nowrap", "font-size": "var(--lt3-text-2xs)" } },
-        e.ts ? timeAgo(e.ts) : "—"),
-    },
-    {
-      key: "actor", label: "Actor",
-      render: (e) => h("div.lt3-row-2",
-        h("span.lt3-avatar", { style: { width: "26px", height: "26px" } }, initials(e.actor)),
-        h("span", { style: { "font-size": "var(--lt3-text-sm)", "white-space": "nowrap" } }, e.actor || "system"),
-      ),
-    },
-    {
-      key: "action", label: "Action", width: "1%",
-      render: (e) => h("span.lt3-pill.lt3-mono", { style: { "white-space": "nowrap" } }, e.action || "event"),
-    },
-    {
-      key: "target", label: "Target",
-      render: (e) => h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-sm)" } }, e.target || "—"),
-    },
-    {
-      key: "severity", label: "Severity", width: "1%",
-      render: (e) => {
-        const m = severityMeta(e.severity);
-        return c.pill(m.label, m.variant, { dot: true });
-      },
-    },
-  ];
-}
-
-/* ── helpers ─────────────────────────────────────────────────────────────── */
-function normalize(data) {
-  const list = Array.isArray(data) ? data
-    : Array.isArray(data && data.recent_events) ? data.recent_events
-    : Array.isArray(data && data.events) ? data.events
-    : [];
-  return list.map((e) => ({
-    ts: e.ts || e.timestamp || e.time || null,
-    actor: e.actor || e.user || e.email || "system",
-    action: e.action || e.event || "event",
-    target: e.target || e.resource || "",
-    severity: e.severity || e.level || "informational",
-  }));
-}
-
-function initials(name) {
-  const s = String(name || "·").trim();
-  if (!s || s === "system") return "SY";
-  const at = s.indexOf("@");
-  const base = at > 0 ? s.slice(0, at) : s;
-  const parts = base.split(/[\s._-]+/).filter(Boolean);
-  if (parts.length >= 2) return (parts[0][0] + parts[1][0]).toUpperCase();
-  return base.slice(0, 2).toUpperCase();
-}
-
-function titleCase(s) {
-  s = String(s || "").trim();
-  return s ? s[0].toUpperCase() + s.slice(1).toLowerCase() : "";
-}

package/static/v3/js/views/admin-permissions.a7ae5f09.js

@@ -1,177 +0,0 @@
-/* ============================================================================
- * View: Permissions — Administration · roles and capability mapping (RBAC).
- * Renders the role → capability matrix and per-role summaries from the admin
- * roles endpoint. Capabilities map to product areas; "all" grants everything.
- * Role editing is read-only unless a backend mutation route is added.
- *
- * View contract (shared by all views):
- *   export async function render(ctx) -> single DOM node
- *   ctx = { h, icon, api, store, c, route, params, navigate, toast }
- * ========================================================================== */
-
-/* Capability columns, in product-area order. Each maps to a routable surface
- * and a Tabler icon so the matrix reads at a glance. */
-const CAPS = [
-  { key: "chat", label: "Chat", icon: "message-2", route: "chat" },
-  { key: "search", label: "Search", icon: "arrows-join", route: "hybrid-search" },
-  { key: "files", label: "Files", icon: "folders", route: "files" },
-  { key: "pipeline", label: "Pipeline", icon: "git-branch", route: "pipeline" },
-  { key: "users", label: "Users", icon: "users", route: "admin/users" },
-  { key: "policies", label: "Policies", icon: "shield-lock", route: "admin/policies" },
-  { key: "audit", label: "Audit", icon: "history", route: "admin/audit" },
-  { key: "security", label: "Security", icon: "shield-check", route: "admin/security" },
-];
-
-const ROLE_META = {
-  owner: { icon: "crown", variant: "ok" },
-  admin: { icon: "shield-check", variant: "info" },
-  member: { icon: "user-check", variant: "" },
-  viewer: { icon: "eye", variant: "warn" },
-};
-const metaFor = (role) => ROLE_META[String(role).toLowerCase()] || { icon: "user", variant: "" };
-
-/** A role grants a capability when it holds "all" or that specific cap. */
-const grants = (caps, key) => Array.isArray(caps) && (caps.includes("all") || caps.includes(key));
-const capLabel = (key) => (CAPS.find((cc) => cc.key === key)?.label) || key;
-
-export async function render(ctx) {
-  const { h, icon, c, navigate, toast } = ctx;
-
-  // Live RBAC roles from /admin/roles.
-  const res = await ctx.api.adminRoles();
-  const roles = Array.isArray(res.data && res.data.roles) ? res.data.roles
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-  const totalMembers = roles.reduce((sum, r) => sum + (r.members || 0), 0);
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Permissions",
-      sub: "Roles and capability mapping.",
-      actions: [
-        c.sourceBadge(source),
-        h("button.lt3-btn.lt3-btn--ghost", { on: { click: () => navigate("admin/users") } }, icon("users"), "Members"),
-        h("button.lt3-btn.lt3-btn--primary", { on: { click: () => pendingToast(toast, "Creating a role") } }, icon("plus"), "New role"),
-      ],
-    }),
-
-    c.banner(
-      "Access is role-based (RBAC): every member holds exactly one role, and each role grants a set of capabilities that map to product areas. The owner role grants all capabilities.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("div.lt3-statrow",
-      c.stat({ label: "Roles", value: roles.length, icon: "id-badge-2" }),
-      c.stat({ label: "Members", value: c.fmtNum(totalMembers), icon: "users" }),
-      c.stat({ label: "Capabilities", value: CAPS.length, icon: "key" }),
-      c.stat({ label: "Full-access roles", value: roles.filter((r) => (r.caps || []).includes("all")).length, icon: "crown" }),
-    ),
-
-    c.panel({
-      eyebrow: "RBAC",
-      title: "Capability matrix",
-      sub: "Which product areas each role can reach. Scroll horizontally to see every capability.",
-      children: buildMatrix(ctx, roles),
-    }),
-
-    h("section",
-      c.sectionHead("Roles", c.sourceBadge(source)),
-      buildRoleGrid(ctx, roles),
-    ),
-  );
-
-  return root;
-}
-
-/* ── Capability matrix ──────────────────────────────────────────────────── */
-function buildMatrix(ctx, roles) {
-  const { h, icon, c } = ctx;
-
-  if (!roles.length) {
-    return c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to start mapping capabilities." });
-  }
-
-  const columns = [
-    {
-      key: "role",
-      label: "Role",
-      width: "180px",
-      render: (r) => {
-        const m = metaFor(r.role);
-        return h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-result__rank", { style: { color: "var(--accent)" } }, icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-sm)", "text-transform": "capitalize" } }, r.role),
-            c.pill(`${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`, m.variant || "", { dot: true }),
-          ),
-        );
-      },
-    },
-    ...CAPS.map((cap) => ({
-      key: cap.key,
-      label: cap.label,
-      render: (r) => cell(ctx, grants(r.caps, cap.key)),
-    })),
-  ];
-
-  return c.table(columns, roles);
-}
-
-/** A matrix cell: accent check when granted, muted dash when not. */
-function cell({ h, icon }, granted) {
-  return h("div", { style: { display: "grid", "place-items": "center" }, "aria-label": granted ? "granted" : "not granted" },
-    granted
-      ? h("span", { style: { color: "var(--accent)", "font-size": "var(--lt3-text-lg)", "line-height": "1" } }, icon("check"))
-      : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-lg)", "line-height": "1" }, "aria-hidden": "true" }, "–"),
-  );
-}
-
-/* ── Per-role summary cards ─────────────────────────────────────────────── */
-function buildRoleGrid(ctx, roles) {
-  const { h } = ctx;
-  if (!roles.length) {
-    return ctx.c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to map capabilities." });
-  }
-  return h("div.lt3-grid-auto", roles.map((r) => roleCard(ctx, r)));
-}
-
-function roleCard(ctx, r) {
-  const { h, icon, c, toast } = ctx;
-  const m = metaFor(r.role);
-  const isAll = (r.caps || []).includes("all");
-  const grantedKeys = isAll ? CAPS.map((cc) => cc.key) : CAPS.filter((cc) => (r.caps || []).includes(cc.key)).map((cc) => cc.key);
-
-  return c.card(
-    h("div.lt3-stack-3",
-      h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
-        h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-quick__icon", icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-md)", "text-transform": "capitalize" } }, r.role),
-            h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, `${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`),
-          ),
-        ),
-        c.pill(isAll ? "Full access" : `${grantedKeys.length}/${CAPS.length}`, m.variant || "info"),
-      ),
-
-      h("div.lt3-cluster", { "aria-label": `${r.role} capabilities` },
-        isAll
-          ? h("span.lt3-chip", { dataset: { active: "true" } }, icon("infinity"), "All capabilities")
-          : (grantedKeys.length
-              ? grantedKeys.map((k) => h("span.lt3-chip", { dataset: { active: "true" } }, icon(CAPS.find((cc) => cc.key === k).icon), capLabel(k)))
-              : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, "No capabilities")),
-      ),
-
-      h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", { style: { "align-self": "flex-start" }, on: { click: () => pendingToast(toast, `Editing the ${r.role} role`) } },
-        icon("edit"), "Edit role"),
-    ),
-    { attrs: { "data-role": r.role } },
-  );
-}
-
-/* ── Read-only affordance ───────────────────────────────────────────────── */
-function pendingToast(toast, what) {
-  toast(`${what} is not available in this build — roles are a fixed RBAC model (owner · admin · member · viewer).`, "warn");
-}

package/static/v3/js/views/admin-permissions.js

@@ -1,177 +0,0 @@
-/* ============================================================================
- * View: Permissions — Administration · roles and capability mapping (RBAC).
- * Renders the role → capability matrix and per-role summaries from the admin
- * roles endpoint. Capabilities map to product areas; "all" grants everything.
- * Role editing is read-only unless a backend mutation route is added.
- *
- * View contract (shared by all views):
- *   export async function render(ctx) -> single DOM node
- *   ctx = { h, icon, api, store, c, route, params, navigate, toast }
- * ========================================================================== */
-
-/* Capability columns, in product-area order. Each maps to a routable surface
- * and a Tabler icon so the matrix reads at a glance. */
-const CAPS = [
-  { key: "chat", label: "Chat", icon: "message-2", route: "chat" },
-  { key: "search", label: "Search", icon: "arrows-join", route: "hybrid-search" },
-  { key: "files", label: "Files", icon: "folders", route: "files" },
-  { key: "pipeline", label: "Pipeline", icon: "git-branch", route: "pipeline" },
-  { key: "users", label: "Users", icon: "users", route: "admin/users" },
-  { key: "policies", label: "Policies", icon: "shield-lock", route: "admin/policies" },
-  { key: "audit", label: "Audit", icon: "history", route: "admin/audit" },
-  { key: "security", label: "Security", icon: "shield-check", route: "admin/security" },
-];
-
-const ROLE_META = {
-  owner: { icon: "crown", variant: "ok" },
-  admin: { icon: "shield-check", variant: "info" },
-  member: { icon: "user-check", variant: "" },
-  viewer: { icon: "eye", variant: "warn" },
-};
-const metaFor = (role) => ROLE_META[String(role).toLowerCase()] || { icon: "user", variant: "" };
-
-/** A role grants a capability when it holds "all" or that specific cap. */
-const grants = (caps, key) => Array.isArray(caps) && (caps.includes("all") || caps.includes(key));
-const capLabel = (key) => (CAPS.find((cc) => cc.key === key)?.label) || key;
-
-export async function render(ctx) {
-  const { h, icon, c, navigate, toast } = ctx;
-
-  // Live RBAC roles from /admin/roles.
-  const res = await ctx.api.adminRoles();
-  const roles = Array.isArray(res.data && res.data.roles) ? res.data.roles
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-  const totalMembers = roles.reduce((sum, r) => sum + (r.members || 0), 0);
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Permissions",
-      sub: "Roles and capability mapping.",
-      actions: [
-        c.sourceBadge(source),
-        h("button.lt3-btn.lt3-btn--ghost", { on: { click: () => navigate("admin/users") } }, icon("users"), "Members"),
-        h("button.lt3-btn.lt3-btn--primary", { on: { click: () => pendingToast(toast, "Creating a role") } }, icon("plus"), "New role"),
-      ],
-    }),
-
-    c.banner(
-      "Access is role-based (RBAC): every member holds exactly one role, and each role grants a set of capabilities that map to product areas. The owner role grants all capabilities.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("div.lt3-statrow",
-      c.stat({ label: "Roles", value: roles.length, icon: "id-badge-2" }),
-      c.stat({ label: "Members", value: c.fmtNum(totalMembers), icon: "users" }),
-      c.stat({ label: "Capabilities", value: CAPS.length, icon: "key" }),
-      c.stat({ label: "Full-access roles", value: roles.filter((r) => (r.caps || []).includes("all")).length, icon: "crown" }),
-    ),
-
-    c.panel({
-      eyebrow: "RBAC",
-      title: "Capability matrix",
-      sub: "Which product areas each role can reach. Scroll horizontally to see every capability.",
-      children: buildMatrix(ctx, roles),
-    }),
-
-    h("section",
-      c.sectionHead("Roles", c.sourceBadge(source)),
-      buildRoleGrid(ctx, roles),
-    ),
-  );
-
-  return root;
-}
-
-/* ── Capability matrix ──────────────────────────────────────────────────── */
-function buildMatrix(ctx, roles) {
-  const { h, icon, c } = ctx;
-
-  if (!roles.length) {
-    return c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to start mapping capabilities." });
-  }
-
-  const columns = [
-    {
-      key: "role",
-      label: "Role",
-      width: "180px",
-      render: (r) => {
-        const m = metaFor(r.role);
-        return h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-result__rank", { style: { color: "var(--accent)" } }, icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-sm)", "text-transform": "capitalize" } }, r.role),
-            c.pill(`${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`, m.variant || "", { dot: true }),
-          ),
-        );
-      },
-    },
-    ...CAPS.map((cap) => ({
-      key: cap.key,
-      label: cap.label,
-      render: (r) => cell(ctx, grants(r.caps, cap.key)),
-    })),
-  ];
-
-  return c.table(columns, roles);
-}
-
-/** A matrix cell: accent check when granted, muted dash when not. */
-function cell({ h, icon }, granted) {
-  return h("div", { style: { display: "grid", "place-items": "center" }, "aria-label": granted ? "granted" : "not granted" },
-    granted
-      ? h("span", { style: { color: "var(--accent)", "font-size": "var(--lt3-text-lg)", "line-height": "1" } }, icon("check"))
-      : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-lg)", "line-height": "1" }, "aria-hidden": "true" }, "–"),
-  );
-}
-
-/* ── Per-role summary cards ─────────────────────────────────────────────── */
-function buildRoleGrid(ctx, roles) {
-  const { h } = ctx;
-  if (!roles.length) {
-    return ctx.c.emptyState({ icon: "lock-off", title: "No roles defined", body: "Define a role to map capabilities." });
-  }
-  return h("div.lt3-grid-auto", roles.map((r) => roleCard(ctx, r)));
-}
-
-function roleCard(ctx, r) {
-  const { h, icon, c, toast } = ctx;
-  const m = metaFor(r.role);
-  const isAll = (r.caps || []).includes("all");
-  const grantedKeys = isAll ? CAPS.map((cc) => cc.key) : CAPS.filter((cc) => (r.caps || []).includes(cc.key)).map((cc) => cc.key);
-
-  return c.card(
-    h("div.lt3-stack-3",
-      h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start" } },
-        h("div.lt3-row-2", { style: { "align-items": "center" } },
-          h("span.lt3-quick__icon", icon(m.icon)),
-          h("div.lt3-stack",
-            h("b", { style: { "font-size": "var(--lt3-text-md)", "text-transform": "capitalize" } }, r.role),
-            h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, `${c.fmtNum(r.members || 0)} ${(r.members === 1) ? "member" : "members"}`),
-          ),
-        ),
-        c.pill(isAll ? "Full access" : `${grantedKeys.length}/${CAPS.length}`, m.variant || "info"),
-      ),
-
-      h("div.lt3-cluster", { "aria-label": `${r.role} capabilities` },
-        isAll
-          ? h("span.lt3-chip", { dataset: { active: "true" } }, icon("infinity"), "All capabilities")
-          : (grantedKeys.length
-              ? grantedKeys.map((k) => h("span.lt3-chip", { dataset: { active: "true" } }, icon(CAPS.find((cc) => cc.key === k).icon), capLabel(k)))
-              : h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, "No capabilities")),
-      ),
-
-      h("button.lt3-btn.lt3-btn--subtle.lt3-btn--sm", { style: { "align-self": "flex-start" }, on: { click: () => pendingToast(toast, `Editing the ${r.role} role`) } },
-        icon("edit"), "Edit role"),
-    ),
-    { attrs: { "data-role": r.role } },
-  );
-}
-
-/* ── Read-only affordance ───────────────────────────────────────────────── */
-function pendingToast(toast, what) {
-  toast(`${what} is not available in this build — roles are a fixed RBAC model (owner · admin · member · viewer).`, "warn");
-}

package/static/v3/js/views/admin-policies.3658fd86.js

@@ -1,102 +0,0 @@
-/* ============================================================================
- * View: Policies — administration · governance and enforcement.
- * Surfaces the local-first guardrails the workspace enforces and the open-core
- * seam where Enterprise governance packs extend them. Policy state reflects the
- * live /admin/policies contract; missing backend data renders unavailable.
- * ========================================================================== */
-
-// Governance capabilities that live behind the open-core Enterprise seam. These
-// are extension points, not implemented backend logic.
-const PACKS = [
-  { id: "siem", icon: "broadcast", title: "SIEM export", desc: "Stream the audit trail to an external SIEM (Splunk, Elastic, Sentinel)." },
-  { id: "retention", icon: "archive", title: "Compliance retention", desc: "Configurable retention windows and legal-hold for messages and traces." },
-  { id: "isolation", icon: "wall", title: "Tenant isolation", desc: "Hard multi-tenant boundaries with per-tenant keys and storage." },
-];
-
-export async function render(ctx) {
-  const { h, icon, c, toast } = ctx;
-
-  // Live governance posture from /admin/policies.
-  const res = await ctx.api.adminPolicies();
-  const policies = Array.isArray(res.data && res.data.policies) ? res.data.policies
-    : (Array.isArray(res.data) ? res.data : []);
-  const source = res.source;
-
-  const root = h("div.lt3-stack-6",
-    c.viewHeader({
-      eyebrow: "Administration",
-      title: "Policies",
-      sub: "Governance and enforcement.",
-      actions: [c.sourceBadge(source)],
-    }),
-
-    c.banner(
-      "Policies enforce Lattice's local-first guardrails. Enterprise packs extend them with org-wide governance.",
-      "info",
-      "shield-lock",
-    ),
-
-    h("section.lt3-stack-3",
-      c.sectionHead(
-        "Active guardrails",
-        c.sourceBadge(source),
-      ),
-      policies.length
-        ? h("div.lt3-stack-3", policies.map((p) => policyRow(ctx, p)))
-        : c.emptyState({ icon: "shield-off", title: "No policies defined", body: "Policies appear once the governance backend is connected." }),
-    ),
-
-    packsPanel(ctx),
-  );
-
-  return root;
-}
-
-/* ── One policy row: description and its real, runtime-enforced state ─────── */
-// Policies are enforced by the runtime (approval gating, local-only egress,
-// local storage). They are reported read-only — not user-toggleable — so the UI
-// never implies a guardrail can be relaxed from the browser.
-function policyRow({ h, icon, c }, p) {
-  return c.card(
-    h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "flex-start", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-      h("div.lt3-stack-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-        h("div.lt3-row-2",
-          h("span.lt3-card__icon", { style: { color: "var(--accent)" } }, icon("shield-check")),
-          h("h3", { style: { "font-size": "var(--lt3-text-base)", "font-weight": "var(--lt3-weight-semibold)", "margin": "0" } }, p.label),
-        ),
-        h("p.lt3-muted", { style: { "font-size": "var(--lt3-text-sm)", "margin": "0" } }, p.value),
-      ),
-      h("div.lt3-row-2", { style: { "flex": "none", "align-items": "center" } },
-        c.statePill(p.enforced ? "active" : "idle"),
-        h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, p.enforced ? "Enforced" : "Not enforced"),
-      ),
-    ),
-  );
-}
-
-/* ── Enterprise governance packs (open-core extension points) ────────────── */
-function packsPanel({ h, icon, c }) {
-  return c.panel({
-    eyebrow: "Open core",
-    title: "Policy packs",
-    sub: "Governance capabilities available as Enterprise extension points on top of the local-first core.",
-    actions: c.sourceBadge("unavailable"),
-    children: h("div.lt3-stack-2",
-      PACKS.map((pk) => h("div.lt3-card.lt3-card--flat",
-        h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "center", "gap": "var(--lt3-space-4)", "flex-wrap": "wrap" } },
-          h("div.lt3-row-2", { style: { "min-width": "0", "flex": "1 1 320px" } },
-            h("span.lt3-card__icon", { style: { color: "var(--muted)" } }, icon(pk.icon)),
-            h("div.lt3-stack-2", { style: { "min-width": "0" } },
-              h("div", { style: { "font-weight": "var(--lt3-weight-medium)" } }, pk.title),
-              h("div.lt3-faint", { style: { "font-size": "var(--lt3-text-xs)" } }, pk.desc),
-            ),
-          ),
-          h("div.lt3-row-2", { style: { "flex": "none" } },
-            c.pill("Enterprise", "info"),
-            h("span.lt3-faint", { style: { "font-size": "var(--lt3-text-2xs)" } }, "Available as an extension point"),
-          ),
-        ),
-      )),
-    ),
-  });
-}