ltcai 4.3.0 → 4.3.1

package/README.md

@@ -203,31 +203,31 @@ npm run dev
 
 ## Latest Release
 
-### v4.3.0 RC — Portability & Product Hardening
-
-- **Portable `.latticebrain` archives** — encrypted archives now include the
-  brain DB, blobs, workspace state, settings, signed bundles, storage metadata,
-  provenance, and public device identity metadata.
-- **Safe backup/restore flows** — archive inspect, verify, import, restore, and
-  restore dry-run are real API-backed operations; destructive restore requires
-  explicit admin confirmation.
-- **Migration safety** — live SQLite-to-Postgres migration creates and verifies
-  a pre-migration backup before copying data.
-- **Desktop hardening** — Tauri sidecar startup, status, restart, shutdown, and
-  loopback-only/default-off guards are hardened.
-- **Privacy audit surface** — token presence alone no longer enables Telegram or
-  external connectors; admin status reports storage, backup health, device
-  identity, permissions, and opt-in integration state.
+### v4.3.1 RC — End-User Audit Repair
+
+- **Desktop startup repair** — Tauri launches a visible app, resolves the
+  FastAPI sidecar from installed or bundled runtime paths, reports sidecar
+  status, and shuts it down on close.
+- **Clean npm install repair** — npm bootstrap ships the required Python
+  requirements file and fails honestly if dependencies cannot be installed.
+- **No default outbound model work** — Model Load refuses implicit downloads or
+  runtime installs unless the user gives explicit download/install consent.
+- **Honest Act surfaces** — agent simulation is not recorded as real success,
+  and workflow create/import/export/run controls call the existing workflow API.
+- **Storage/portability honesty** — sqlite-vec fallback, Postgres dependency
+  status, configured ports, and `.latticebrain` bundle sections match runtime
+  behavior.
 - **Release hardening** — exact-version validation covers wheel, sdist, npm tgz,
   VSIX, and Tauri DMG artifacts.
 
-See [RELEASE_NOTES_v4.3.0.md](RELEASE_NOTES_v4.3.0.md),
+See [RELEASE_NOTES_v4.3.1.md](RELEASE_NOTES_v4.3.1.md),
+[RELEASE_NOTES_v4.3.0.md](RELEASE_NOTES_v4.3.0.md),
 [docs/kg-schema.md](docs/kg-schema.md),
 [FEATURE_STATUS.md](FEATURE_STATUS.md).
 
 ## How it works — every source converges into the graph
 
-As of v4.3.0, data sources flow through the brain ingestion pipeline into
+As of v4.3.1, data sources flow through the brain ingestion pipeline into
 the Knowledge Graph — no source bypasses it, none becomes an isolated silo:
 
 ```text
@@ -290,6 +290,7 @@ For the deeper design, see [ARCHITECTURE.md](ARCHITECTURE.md) and
 ### Releases
 
 - [RELEASE_NOTES.md](RELEASE_NOTES.md) — current release notes
+- [RELEASE_NOTES_v4.3.1.md](RELEASE_NOTES_v4.3.1.md)
 - [RELEASE_NOTES_v4.3.0.md](RELEASE_NOTES_v4.3.0.md)
 - [RELEASE_NOTES_v4.2.0.md](RELEASE_NOTES_v4.2.0.md)
 - [RELEASE_NOTES_v4.1.0.md](RELEASE_NOTES_v4.1.0.md)
@@ -305,6 +306,7 @@ For the deeper design, see [ARCHITECTURE.md](ARCHITECTURE.md) and
 
 | Version | Theme |
 | --- | --- |
+| **4.3.1** | End-User Audit Repair RC — desktop sidecar startup, npm clean install, default-off model downloads, honest agent/workflow unavailable states, configured port reporting, storage/portable archive honesty |
 | **4.3.0** | Portability & Product Hardening RC — portable `.latticebrain` archives, confirmed restore/import, pre-migration backup verification, Tauri sidecar hardening, local-only/default-off integration guards, exact-version DMG validation |
 | **4.2.0** | Brain Core & Storage Rebuild — independent `lattice_brain` package, pluggable storage layer, sqlite-vec/pgvector capability reporting, explicit Postgres migration, consent-gated Docker setup, encrypted `.latticebrain` archives |
 | **4.1.0** | Frontend & Desktop Rebuild RC — React/Vite/OpenAPI desktop SPA, Tauri 2.0 primary shell, graph-first navigation, and legacy static frontend removal |

package/bin/ltcai.js

@@ -60,9 +60,13 @@ function ensureManagedPython() {
 
   if (!canImport(managedPython, "fastapi")) {
     const requirements = path.join(root, "requirements.txt");
+    if (!fs.existsSync(requirements)) {
+      console.error(`[LTCAI] Missing ${requirements}. The npm package is incomplete and cannot start the Python server.`);
+      process.exit(1);
+    }
     console.log("[LTCAI] Installing Python dependencies. This can take a few minutes on first run.");
-    if (!runSync(managedPython, ["-m", "pip", "install", "--upgrade", "pip"])) return null;
-    if (!runSync(managedPython, ["-m", "pip", "install", "-r", requirements])) return null;
+    if (!runSync(managedPython, ["-m", "pip", "install", "--upgrade", "pip"])) process.exit(1);
+    if (!runSync(managedPython, ["-m", "pip", "install", "-r", requirements])) process.exit(1);
   }
 
   return managedPython;

package/docs/CHANGELOG.md

@@ -1,5 +1,35 @@
 # Changelog
 
+## [4.3.1] - 2026-06-12
+
+> End-user audit repair release candidate for v4.3.0 artifacts.
+
+### Fixed
+
+- Tauri desktop startup now launches a visible shell, resolves the FastAPI
+  sidecar through installed or bundled runtime paths, reports backend status,
+  writes sidecar logs, and shuts down the child process on close.
+- npm clean install now ships `requirements.txt` and fails honestly when Python
+  dependency bootstrap cannot complete.
+- Model Load refuses implicit runtime installation and model downloads by
+  default, returning actionable unavailable states instead of hanging or making
+  unauthorized outbound requests.
+- Agent runtime API refuses simulation-mode execution when no LLM-backed model
+  is loaded, preventing fake success records.
+- Workflow UI exposes real create, import, export, and run paths backed by the
+  existing workflow API.
+- Runtime version labels, configured port reporting, SSO default redirect URI,
+  Postgres dependency status, sqlite-vec fallback reporting, and `.latticebrain`
+  bundle claims now match observed behavior.
+
+### Artifacts
+
+- `dist/ltcai-4.3.1-py3-none-any.whl`
+- `dist/ltcai-4.3.1.tar.gz`
+- `dist/ltcai-4.3.1.vsix`
+- `ltcai-4.3.1.tgz`
+- `src-tauri/target/release/bundle/dmg/Lattice AI_4.3.1_aarch64.dmg`
+
 ## [4.3.0] - 2026-06-12
 
 > Portability & Product Hardening release candidate. v4.3.0 preserves the
@@ -10,9 +40,9 @@
 ### Added
 
 - `.latticebrain` archive format v2 with encrypted graph DB, blobs, portable
-  JSON state, signed bundles, storage metadata, provenance, public device
-  identity metadata, manifest hashes, inspect, verify, import, restore, and
-  restore dry-run.
+  JSON state, workspace export bundles when present, storage metadata,
+  provenance, public device identity metadata, manifest hashes, inspect,
+  verify, import, restore, and restore dry-run.
 - FastAPI routes for archive inspect/verify/import, backup health, and admin
   product-hardening status.
 - Product-hardening status for local-only startup, storage mode, backup health,

package/docs/V4_DIGITAL_BRAIN_RECOVERY.md

@@ -5,28 +5,22 @@
 > completed analysis. **Update this file before ending any phase and before any
 > likely session/context/usage limit.**
 >
-> Last updated: 2026-06-12 — v4.3.0 Portability/Product Hardening RC; Remaining Gaps remain empty
+> Last updated: 2026-06-12 — v4.3.1 End-User Audit Repair RC; Remaining Gaps remain empty
 
 ---
 
-## 0. RELEASE STATUS (v4.3.0 RC)
-
-**v4.3.0 hardens the v4.2 Brain Core/storage architecture into a portable,
-user-safe desktop release candidate; implementation gaps remain empty.**
-Latest implementation milestone: `.latticebrain` archive format v2 is the
-primary portable brain format and carries encrypted graph DB, blobs, portable
-JSON state, signed bundles, storage metadata, provenance, public device identity
-metadata, manifest hashes, inspect, verify, import, restore, and dry-run restore.
-Restore/import requires explicit confirmation unless dry-run. Live
-SQLite-to-Postgres migration now creates and verifies a pre-migration backup
-before copying data. Tauri exposes backend status/restart/shutdown and starts
-the sidecar with loopback/default-off guards. Admin product hardening status
-reports local-only startup posture, storage, backup health, device identity,
-permissions, and opt-in external integration state.
-The v4.3.0 RC process builds validated artifacts only. It does not tag, create a
+## 0. RELEASE STATUS (v4.3.1 RC)
+
+**v4.3.1 repairs the v4.3.0 end-user audit blockers without redesigning the
+Digital Brain frontend, Brain Core, storage, or agent/workflow architecture.**
+Latest implementation milestone: desktop sidecar startup/status/shutdown,
+npm clean install bootstrap, default-off model downloads/engine installs,
+agent simulation refusal, workflow create/import/export/run UI, configured
+port reporting, Postgres dependency status, sqlite-vec fallback honesty, and
+`.latticebrain` bundle-section claims now match observed runtime behavior.
+The v4.3.1 RC process builds validated artifacts only. It does not tag, create a
 GitHub Release, publish to PyPI, npm Registry, VS Code Marketplace, Open VSX, or
 deploy to production targets.
-v4.3.0 validation report: `docs/V4_3_VALIDATION_REPORT.md`.
 Remaining implementation gaps: **none**.
 Owner-only blockers: pptx history rewrite (requires force-push/owner decision)
 and consent-gated production embedder provisioning (silent default download is
@@ -34,11 +28,11 @@ not permitted).
 
 ## Remaining Gaps
 
-None. v4.3.0 preserves the already-empty v4.2.0 gap list and closes the
-portability/product-hardening work: `.latticebrain` archives are verified,
-inspectable, dry-runnable, and confirmation-gated; default startup is local-only
-and token-inert; backup health and product hardening are admin-visible; release
-artifact validation includes the exact Tauri DMG. Owner-only blockers above are
+None. v4.3.1 preserves the already-empty v4.3.0 gap list and closes the audit
+repair work: desktop sidecar startup is visible/statused, npm clean install is
+packaged, Model Load is local-only by default, agent simulation is refused as a
+product success state, workflows have real create/import/export/run paths, and
+storage/archive status surfaces are honest. Owner-only blockers above are
 intentionally not implementation gaps.
 
 ## 1. Program Charter (from the user's v4.0.0 directive)

package/frontend/openapi.json

@@ -1349,6 +1349,11 @@
             ],
             "title": "Adapter Path"
           },
+          "allow_download": {
+            "default": false,
+            "title": "Allow Download",
+            "type": "boolean"
+          },
           "draft_model_id": {
             "anyOf": [
               {
@@ -1820,6 +1825,11 @@
       },
       "PrepareModelRequest": {
         "properties": {
+          "allow_download": {
+            "default": false,
+            "title": "Allow Download",
+            "type": "boolean"
+          },
           "engine": {
             "anyOf": [
               {
@@ -3543,7 +3553,7 @@
   },
   "info": {
     "title": "Lattice AI Server (local)",
-    "version": "4.3.0"
+    "version": "4.3.1"
   },
   "openapi": "3.1.0",
   "paths": {

package/frontend/src/App.tsx

@@ -82,6 +82,12 @@ export default function App() {
   const [drawer, setDrawer] = React.useState(false);
   const [palette, setPalette] = React.useState(false);
   const health = useQuery({ queryKey: ["health"], queryFn: latticeApi.health });
+  const desktop = useQuery({
+    queryKey: ["desktopBackendStatus"],
+    queryFn: latticeApi.desktopBackendStatus,
+    enabled: Boolean(window.__TAURI_INTERNALS__),
+    refetchInterval: 5000,
+  });
   const workspace = useQuery({ queryKey: ["workspaceOs"], queryFn: latticeApi.workspaceOs });
 
   React.useEffect(() => {
@@ -98,6 +104,11 @@ export default function App() {
     return () => window.removeEventListener("keydown", onKey);
   }, []);
 
+  const healthData = (health.data?.data || {}) as Record<string, unknown>;
+  const appVersion = typeof healthData.version === "string" ? healthData.version : null;
+  const desktopData = (desktop.data?.data || {}) as Record<string, unknown>;
+  const desktopError = typeof desktopData.last_error === "string" ? desktopData.last_error : desktop.data?.error;
+
   const rail = (
     <aside className="flex h-full w-64 shrink-0 flex-col border-r border-border bg-card">
       <div className="flex h-16 items-center gap-3 border-b border-border px-4">
@@ -134,6 +145,9 @@ export default function App() {
       </nav>
       <div className="border-t border-border p-3 text-xs text-muted-foreground">
         <div>Server: {health.data?.ok ? "online" : "unavailable"}</div>
+        {window.__TAURI_INTERNALS__ ? (
+          <div>Sidecar: {desktopData.running ? "running" : desktopError ? `unavailable (${desktopError})` : "starting"}</div>
+        ) : null}
         <div>Workspace: {String((workspace.data?.data as Record<string, unknown>)?.active_workspace || "local")}</div>
       </div>
     </aside>
@@ -154,7 +168,7 @@ export default function App() {
           <div className="flex min-w-0 items-center gap-2">
             <Button variant="ghost" size="icon" className="lg:hidden" onClick={() => setDrawer(true)}><Menu className="h-5 w-5" /></Button>
             <div className="min-w-0">
-              <div className="truncate text-sm text-muted-foreground">v4.1.0 Release Candidate</div>
+              <div className="truncate text-sm text-muted-foreground">{appVersion ? `v${appVersion}` : "Version unavailable"}</div>
               <div className="truncate font-medium">{primaryRoutes.find((item) => item.id === route.primary)?.label}</div>
             </div>
           </div>

package/frontend/src/api/client.ts

@@ -38,6 +38,16 @@ async function tauriBackendOrigin(): Promise<string | null> {
   return desktopBase;
 }
 
+async function tauriInvoke<T>(command: string): Promise<T | null> {
+  if (!window.__TAURI_INTERNALS__) return null;
+  try {
+    const { invoke } = await import("@tauri-apps/api/core");
+    return await invoke<T>(command);
+  } catch {
+    return null;
+  }
+}
+
 async function apiBase() {
   const stateBase = useAppStore.getState().apiBase;
   if (stateBase) return stateBase;
@@ -203,6 +213,11 @@ async function streamChat(body: Record<string, unknown>, handlers: ChatEventHand
 
 export const latticeApi = {
   raw: get,
+  desktopBackendStatus: async (): Promise<ApiResult<Record<string, unknown>>> => {
+    const status = await tauriInvoke<Record<string, unknown>>("backend_status");
+    if (status) return { ok: true, status: 200, data: status, source: "live" };
+    return { ok: false, status: 0, data: {}, source: "unavailable", error: "Desktop backend status is available only inside the Tauri shell." };
+  },
   health: () => get("/health", {}),
   workspaceOs: () => get("/workspace/os", { counts: {}, models: {}, workspace_registry: { workspaces: [] } }),
   indexStatus: () => get("/api/index/status", {}),
@@ -248,7 +263,7 @@ export const latticeApi = {
   connectFolder: (path: string) => post("/knowledge-graph/local/index", { path, approved: true, watch_enabled: true, consent: { approved: true, source: "desktop-spa" } }, {}),
   localWatchStop: (source_id: string) => post("/knowledge-graph/local/watch/stop", { source_id }, {}),
   models: () => get("/models", { catalog: [], loaded: [], recommended: [] }),
-  loadModel: (model_id: string, engine?: string) => post("/models/load", { model_id, engine: engine || null }, {}),
+  loadModel: (model_id: string, engine?: string, allow_download = false) => post("/models/load", { model_id, engine: engine || null, allow_download }, {}),
   unloadModel: (model_id: string) => del(`/models/unload/${encodeURIComponent(model_id)}`, {}),
   embeddingsStatus: () => get("/api/embeddings/status", {}),
   agentRuntime: () => get("/agents/api/runtime/status", { runtime: {}, agents: [], runs: [] }),
@@ -263,6 +278,9 @@ export const latticeApi = {
   workflowDefinitions: () => get("/workflows/api/definitions", { workflows: [] }),
   workflowRuns: () => get("/workflows/api/runs", { runs: [] }),
   workflowTriggers: () => get("/workflows/api/triggers", { armed: [] }),
+  createWorkflow: (body: { name: string; nodes: Array<Record<string, unknown>>; metadata?: Record<string, unknown> }) => post("/workflows/api/definitions", body, {}),
+  importWorkflow: (data: Record<string, unknown>) => post("/workflows/api/import", { data }, {}),
+  exportWorkflow: (id: string) => get(`/workflows/api/export/${encodeURIComponent(id)}`, {}),
   runWorkflow: (id: string) => post(`/workflows/api/definitions/${encodeURIComponent(id)}/run`, {}, {}),
   updateWorkflow: (id: string, body: unknown) => patch(`/workflows/api/definitions/${encodeURIComponent(id)}`, body, {}),
   stopWorkflowRun: (id: string) => post(`/workflows/api/runs/${encodeURIComponent(id)}/stop`, {}, {}),

package/frontend/src/api/openapi.ts

@@ -6183,6 +6183,11 @@ export interface components {
         LoadModelRequest: {
             /** Adapter Path */
             adapter_path?: string | null;
+            /**
+             * Allow Download
+             * @default false
+             */
+            allow_download: boolean;
             /** Draft Model Id */
             draft_model_id?: string | null;
             /** Engine */
@@ -6416,6 +6421,11 @@ export interface components {
         };
         /** PrepareModelRequest */
         PrepareModelRequest: {
+            /**
+             * Allow Download
+             * @default false
+             */
+            allow_download: boolean;
             /** Engine */
             engine?: string | null;
             /** Model */

package/frontend/src/pages/Act.tsx

@@ -58,6 +58,11 @@ function AgentsPanel() {
     mutationFn: () => latticeApi.registerAgent({ name: agentName, type: "custom", capabilities: [] }),
     onSuccess: () => qc.invalidateQueries({ queryKey: ["agentRegistry"] }),
   });
+  const runtimeData = (runtime.data?.data || {}) as Record<string, unknown>;
+  const runtimeMeta = (runtimeData.runtime || {}) as Record<string, unknown>;
+  const runtimeReady = Boolean(runtimeMeta.ready);
+  const runtimeReason = String(runtimeMeta.unavailable_reason || "Load an LLM-backed model before running agents.");
+  const canRunAgent = Boolean(goal.trim()) && runtimeReady && !run.isPending;
   return (
     <div className="grid gap-4 xl:grid-cols-[0.9fr_1.1fr]">
       <Card>
@@ -67,7 +72,15 @@ function AgentsPanel() {
         </CardHeader>
         <CardContent className="space-y-3">
           <Textarea value={goal} onChange={(e) => setGoal(e.target.value)} placeholder="Describe the objective..." />
-          <Button disabled={!goal.trim() || run.isPending} onClick={() => run.mutate()}><Play className="h-4 w-4" /> Run planner/executor/reviewer</Button>
+          {!runtimeReady ? <Badge variant="warning">{runtimeReason}</Badge> : null}
+          <Button
+            className="w-full"
+            variant={runtimeReady ? "default" : "outline"}
+            disabled={!canRunAgent}
+            onClick={() => run.mutate()}
+          >
+            <Play className="h-4 w-4" /> {runtimeReady ? "Run pipeline" : "Agent execution unavailable"}
+          </Button>
           {run.data ? <JsonView value={run.data.data || run.data.error} /> : null}
         </CardContent>
       </Card>
@@ -162,8 +175,26 @@ function RunList({ runs, kind }: { runs: Array<Record<string, unknown>>; kind: "
 }
 
 function WorkflowsPanel() {
+  const qc = useQueryClient();
   const defs = useQuery({ queryKey: ["workflowDefinitions"], queryFn: latticeApi.workflowDefinitions });
   const triggers = useQuery({ queryKey: ["workflowTriggers"], queryFn: latticeApi.workflowTriggers });
+  const [name, setName] = React.useState("Manual workflow");
+  const [importText, setImportText] = React.useState("");
+  const create = useMutation({
+    mutationFn: () => latticeApi.createWorkflow({
+      name: name.trim() || "Manual workflow",
+      nodes: manualWorkflowNodes(),
+      metadata: { created_from: "desktop-act-ui" },
+    }),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ["workflowDefinitions"] }),
+  });
+  const importWorkflow = useMutation({
+    mutationFn: () => latticeApi.importWorkflow(JSON.parse(importText) as Record<string, unknown>),
+    onSuccess: () => {
+      setImportText("");
+      qc.invalidateQueries({ queryKey: ["workflowDefinitions"] });
+    },
+  });
   const workflows = asArray<Record<string, unknown>>((defs.data?.data as Record<string, unknown>)?.workflows);
   const nodes: Node[] = workflows.slice(0, 12).map((workflow, index) => ({
     id: String(workflow.id || workflow.workflow_id || index),
@@ -189,7 +220,17 @@ function WorkflowsPanel() {
       </Card>
       <DataPanel title="Definitions" result={defs.data}>
         {() => (
-          <div className="space-y-2">
+          <div className="space-y-3">
+            <div className="grid gap-2 rounded-md border border-border p-3">
+              <div className="flex flex-wrap gap-2">
+                <Input value={name} onChange={(event) => setName(event.target.value)} placeholder="Workflow name" />
+                <Button disabled={create.isPending} onClick={() => create.mutate()}>Create</Button>
+              </div>
+              <Textarea value={importText} onChange={(event) => setImportText(event.target.value)} placeholder="Paste exported workflow JSON" />
+              <Button variant="outline" disabled={!importText.trim() || importWorkflow.isPending} onClick={() => importWorkflow.mutate()}>Import</Button>
+              {create.data ? <JsonView value={create.data.data || create.data.error} /> : null}
+              {importWorkflow.data ? <JsonView value={importWorkflow.data.data || importWorkflow.data.error} /> : null}
+            </div>
             {workflows.length ? workflows.map((workflow) => {
               const id = String(workflow.id || workflow.workflow_id);
               return (
@@ -197,6 +238,7 @@ function WorkflowsPanel() {
                   <div className="font-medium">{String(workflow.name || id)}</div>
                   <div className="mt-2 flex gap-2">
                     <ActionButton label="Run" action={() => latticeApi.runWorkflow(id)} invalidate={["workflowRuns"]} />
+                    <ActionButton label="Export" action={() => latticeApi.exportWorkflow(id)} />
                   </div>
                 </div>
               );
@@ -211,6 +253,25 @@ function WorkflowsPanel() {
   );
 }
 
+function manualWorkflowNodes(): Array<Record<string, unknown>> {
+  return [
+    {
+      id: "trigger",
+      type: "trigger",
+      name: "Manual start",
+      config: { trigger: "manual" },
+      next: "output",
+    },
+    {
+      id: "output",
+      type: "output",
+      name: "Output",
+      config: { value: "Workflow completed" },
+      next: null,
+    },
+  ];
+}
+
 function HooksPanel() {
   const hooks = useQuery({ queryKey: ["hooks"], queryFn: latticeApi.hooks });
   const runs = useQuery({ queryKey: ["hookRuns"], queryFn: latticeApi.hookRuns });

package/frontend/src/pages/Library.tsx

@@ -40,7 +40,6 @@ export function LibraryPage({ initialTab }: { initialTab?: string }) {
 }
 
 function ModelsPanel() {
-  const qc = useQueryClient();
   const models = useQuery({ queryKey: ["models"], queryFn: latticeApi.models });
   const emb = useQuery({ queryKey: ["embeddings"], queryFn: latticeApi.embeddingsStatus });
   const catalog = [
@@ -55,18 +54,25 @@ function ModelsPanel() {
             {(catalog.length ? catalog : asArray<Record<string, unknown>>((data as Record<string, unknown>).loaded)).slice(0, 14).map((model, index) => {
               const id = String(model.id || model.model_id || model.name || index);
               const loaded = asArray<string>((data as Record<string, unknown>).loaded).includes(id) || (data as Record<string, unknown>).current === id || model.state === "loaded";
+              const loadId = String(model.recommended_load_id || id);
+              const engine = String(model.recommended_engine || model.engine || "");
+              const loadAvailable = Boolean(model.load_available) || loaded;
+              const loadStatus = String(model.load_status || (loaded ? "loaded" : "unavailable"));
+              const unavailableReason = String(model.unavailable_reason || "Unavailable until the backend reports a local model/runtime ready.");
               return (
                 <div key={id} className="flex flex-wrap items-center justify-between gap-3 rounded-md border border-border bg-background p-3">
                   <div>
                     <div className="font-medium">{String(model.name || id)}</div>
                     <div className="text-sm text-muted-foreground">{String(model.family || model.engine || model.recommended_engine || "local")}</div>
+                    {!loaded && !loadAvailable ? <div className="mt-1 text-xs text-muted-foreground">{unavailableReason}</div> : null}
                   </div>
                   <div className="flex items-center gap-2">
-                    <Badge variant={loaded ? "success" : "muted"}>{loaded ? "loaded" : "available"}</Badge>
+                    <Badge variant={loaded ? "success" : loadAvailable ? "muted" : "warning"}>{loaded ? "loaded" : loadStatus}</Badge>
                     <ActionButton
                       label={loaded ? "Unload" : "Load"}
-                      action={() => loaded ? latticeApi.unloadModel(id) : latticeApi.loadModel(id, String(model.recommended_engine || model.engine || ""))}
+                      action={() => loaded ? latticeApi.unloadModel(loadId) : latticeApi.loadModel(loadId, engine, false)}
                       invalidate={["models"]}
+                      disabled={!loaded && !loadAvailable}
                     />
                   </div>
                 </div>

package/lattice_brain/__init__.py

@@ -19,7 +19,7 @@ from .storage import (
     storage_from_env,
 )
 
-__version__ = "4.3.0"
+__version__ = "4.3.1"
 
 __all__ = [
     "AssembledContext",

package/lattice_brain/archive.py

@@ -1,9 +1,9 @@
 """Encrypted .latticebrain archive support.
 
 The archive is intentionally self-contained and local-only: the encrypted
-payload holds the SQLite brain, blob store, portable JSON state, signed export
-bundles, and public metadata needed to inspect/verify/restore on another
-machine without contacting a service.
+payload holds the SQLite brain, blob store, portable JSON state, workspace
+export bundles when present, and public metadata needed to inspect/verify/
+restore on another machine without contacting a service.
 """
 
 from __future__ import annotations

package/lattice_brain/storage/sqlite.py

@@ -77,7 +77,12 @@ class SQLiteEngine(StorageEngine):
                 backup_restore=True,
                 migrations=True,
                 encrypted_archives=True,
-                metadata={"db_path": str(self.db_path), "sqlite_vec_loaded": False},
+                metadata={
+                    "db_path": str(self.db_path),
+                    "sqlite_vec_loaded": False,
+                    "vector_mode": "fallback",
+                    "honest_fallback": "sqlite-vec has not been probed yet; vector search uses the real brute-force cosine fallback until sqlite-vec is loaded.",
+                },
             )
         # Probe on demand so status is accurate even before the graph opens.
         try:
@@ -94,7 +99,11 @@ class SQLiteEngine(StorageEngine):
         return StorageCapabilities(
             engine=self.name,
             available=True,
-            reason=None if self._sqlite_vec_loaded else self._sqlite_vec_reason,
+            reason=None if self._sqlite_vec_loaded else (
+                f"{self._sqlite_vec_reason}; using real brute-force cosine fallback, not sqlite-vec ANN"
+                if self._sqlite_vec_reason
+                else "sqlite-vec unavailable; using real brute-force cosine fallback, not sqlite-vec ANN"
+            ),
             vector_backend=vector_backend,
             vector_available=True,
             backup_restore=True,
@@ -103,6 +112,10 @@ class SQLiteEngine(StorageEngine):
             metadata={
                 "db_path": str(self.db_path),
                 "sqlite_vec_loaded": self._sqlite_vec_loaded,
+                "sqlite_vec_ann_available": self._sqlite_vec_loaded,
+                "vector_mode": "sqlite-vec" if self._sqlite_vec_loaded else "fallback",
+                "degraded": not self._sqlite_vec_loaded,
+                "honest_fallback": None if self._sqlite_vec_loaded else "Vector search is available through the deterministic brute-force cosine backend. sqlite-vec ANN is unavailable.",
             },
         )
 

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "4.3.0"
+__version__ = "4.3.1"

package/latticeai/api/agents.py

@@ -46,7 +46,7 @@ def create_agents_router(
     run_executor: Any = None,
 ) -> APIRouter:
     from latticeai.core.multi_agent import AGENT_ROLES, ROLE_AGENT_IDS
-    from latticeai.services.agent_runtime import AgentRuntime
+    from latticeai.services.agent_runtime import AgentRuntime, AgentRuntimeUnavailable
 
     # Single AgentRuntime boundary: the router (and via it, the frontend) talks
     # to this façade instead of reaching into the orchestrator/store directly.
@@ -186,6 +186,8 @@ def create_agents_router(
             )
         except ValueError as exc:
             raise HTTPException(status_code=400, detail=str(exc)) from exc
+        except AgentRuntimeUnavailable as exc:
+            raise HTTPException(status_code=409, detail=str(exc)) from exc
         except PermissionError as exc:
             # A pre_run hook gated this run (e.g. a policy/permission hook).
             raise HTTPException(status_code=403, detail=str(exc)) from exc