docs(federation): PRD, milestones, mission manifest, and M1 task breakdown

Plans the Federation v1 mission: cross-instance data federation between Mosaic Stack gateways with asymmetric trust (home gateway sees blended A+B at session time; work gateway sees only its own tenants), mTLS via X.509 / Step-CA for auth, multi-tenant RBAC with no cross-user leakage, and no data persistence across the boundary. - docs/federation/PRD.md — 16-section product requirements (v1 locked) - docs/federation/MILESTONES.md — 7-milestone decomposition with per-milestone acceptance test tables across unit/integration/E2E layers - docs/federation/MISSION-MANIFEST.md — mission scope, success criteria, milestone table linked to issues #460-#466 - docs/federation/TASKS.md — FED-M1 decomposed into 12 tasks; M2-M7 deferred to per-milestone planning to avoid speculative decomposition Refs: #460 #461 #462 #463 #464 #465 #466 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 17:04:39 -05:00
28 changed files with 160 additions and 1436 deletions
--- a/docker-compose.federated.yml
+++ b/docker-compose.federated.yml
@@ -1,60 +0,0 @@
 # docker-compose.federated.yml — Federated tier overlay
 #
 # USAGE:
 #   docker compose -f docker-compose.federated.yml --profile federated up -d
 #
 # This file is a standalone overlay for the Mosaic federated tier.
 # It is NOT an extension of docker-compose.yml — it defines its own services
 # and named volumes so it can run independently of the base dev stack.
 #
 # IMPORTANT — HOST PORT CONFLICTS:
 #   The federated services bind the same host ports as the base dev stack
 #   (5433 for Postgres, 6380 for Valkey). You must stop the base dev stack
 #   before starting the federated stack on the same machine:
 #     docker compose down
 #     docker compose -f docker-compose.federated.yml --profile federated up -d
 #
 # pgvector extension:
 #   The vector extension is created automatically at first boot via
 #   ./infra/pg-init/01-extensions.sql (CREATE EXTENSION IF NOT EXISTS vector).
 #
 # Tier configuration:
 #   Used by `mosaic` instances configured with `tier: federated`.
 #   DEFAULT_FEDERATED_CONFIG points at:
 #     postgresql://mosaic:mosaic@localhost:5433/mosaic
 services:
  postgres-federated:
    image: pgvector/pgvector:pg17
    profiles: [federated]
    ports:
      - '${PG_FEDERATED_HOST_PORT:-5433}:5432'
    environment:
      POSTGRES_USER: mosaic
      POSTGRES_PASSWORD: mosaic
      POSTGRES_DB: mosaic
    volumes:
      - pg_federated_data:/var/lib/postgresql/data
      - ./infra/pg-init:/docker-entrypoint-initdb.d:ro
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U mosaic']
      interval: 5s
      timeout: 3s
      retries: 5
  valkey-federated:
    image: valkey/valkey:8-alpine
    profiles: [federated]
    ports:
      - '${VALKEY_FEDERATED_HOST_PORT:-6380}:6379'
    volumes:
      - valkey_federated_data:/data
    healthcheck:
      test: ['CMD', 'valkey-cli', 'ping']
      interval: 5s
      timeout: 3s
      retries: 5
 volumes:
  pg_federated_data:
  valkey_federated_data:
--- a/docs/MISSION-MANIFEST.md
+++ b/docs/MISSION-MANIFEST.md
@@ -1,116 +1,73 @@
-# Mission Manifest — MVP
+# Mission Manifest — Install UX v2
-> Top-level rollup tracking Mosaic Stack MVP execution.
+> Persistent document tracking full mission scope, status, and session history.
-> Workstreams have their own manifests; this document is the source of truth for MVP scope, status, and history.
+> Updated by the orchestrator at each phase transition and milestone completion.
 > Owner: Orchestrator (sole writer).
 ## Mission
-**ID:** mvp-20260312
+**ID:** install-ux-v2-20260405
-**Statement:** Ship a self-hosted, multi-user AI agent platform that consolidates the user's disparate jarvis-brain usage across home and USC workstations into a single coherent system reachable via three first-class surfaces — webUI, TUI, and CLI — with federation as the data-layer mechanism that makes cross-host agent sessions work in real time without copying user data across the boundary.
+**Statement:** The install-ux-hardening mission shipped the plumbing (uninstall, masked password, hooks consent, unified flow, headless path), but the first real end-to-end run surfaced a critical regression and a collection of UX failings that make the wizard feel neither quick nor intelligent. This mission closes the bootstrap regression as a hotfix, then rethinks the first-run experience around a provider-first, intent-driven flow with a drill-down main menu and a genuinely fast quick-start.
-**Phase:** Execution (workstream W1 in planning-complete state)
+**Phase:** Execution
-**Current Workstream:** W1 — Federation v1
+**Current Milestone:** IUV-M03
-**Progress:** 0 / 1 declared workstreams complete (more workstreams will be declared as scope is refined)
+**Progress:** 2 / 3 milestones
-**Status:** active (continuous since 2026-03-13)
+**Status:** active
-**Last Updated:** 2026-04-19 (manifest authored at the rollup level; install-ux-v2 archived; W1 federation planning landed via PR #468)
+**Last Updated:** 2026-04-05 (IUV-M02 complete — CORS/FQDN + skill installer rework)
-**Source PRD:** [docs/PRD.md](./PRD.md) — Mosaic Stack v0.1.0
+**Parent Mission:** [install-ux-hardening-20260405](./archive/missions/install-ux-hardening-20260405/MISSION-MANIFEST.md) (complete — `mosaic-v0.0.25`)
 **Scratchpad:** [docs/scratchpads/mvp-20260312.md](./scratchpads/mvp-20260312.md) (active since 2026-03-13; 14 prior sessions of phase-based execution)
 ## Context
-Jarvis (v0.2.0) was a single-host Python/Next.js assistant. The user runs sessions across 3–4 workstations split between home and USC. Today every session reaches back to a single jarvis-brain checkout, which is brittle (offline-hostile, no consolidation, no shared state beyond a single repo). A prior OpenBrain attempt punished offline use, introduced cache/latency/opacity pain, and tightly coupled every session to a remote service.
+Real-run testing of `@mosaicstack/mosaic@0.0.25` uncovered:
-The MVP solution: keep each user's home gateway as the source of truth, connect gateways gateway-to-gateway over mTLS with scoped read-only data exposure, and expose the unified experience through three coherent surfaces:
+1. **Critical:** admin bootstrap fails with HTTP 400 `property email should not exist` — `bootstrap.controller.ts` uses `import type { BootstrapSetupDto }`, erasing the class at runtime. Nest's `@Body()` falls back to plain `Object` metatype, and ValidationPipe with `forbidNonWhitelisted` rejects every property. One-character fix (drop the `type` keyword), but it blocks the happy path of the release that just shipped.
-
+2. The wizard reports `✔ Wizard complete` and `✔ Done` _after_ the bootstrap 400 — failure only propagates in headless mode (`wizard.ts:147`).
- **webUI** — the primary visual control plane (Next.js + React 19, `apps/web`)
+3. The gateway port prompt does not prefill `14242` in the input buffer.
- **TUI** — the terminal-native interface for agent work (`packages/mosaic` wizard + Pi TUI)
+4. `"What is Mosaic?"` intro copy does not mention Pi SDK (the actual agent runtime behind Claude/Codex/OpenCode).
- **CLI** — `mosaic` command for scripted/headless workflows
+5. CORS origin prompt is confusing — the user should be able to supply an FQDN/hostname and have the system derive the CORS value.
-
+6. Skill / additional feature install section is unusable in practice.
-Federation is required NOW because it unblocks cross-host consolidation; it is necessary but not sufficient for MVP. Additional workstreams will be declared as their scope solidifies.
+7. Quick-start asks far too many questions to be meaningfully "quick".
-
+8. No drill-down main menu — everything is a linear interrogation.
-## Prior Execution (March 13 → April 5)
+9. Provider setup happens late and without intelligence. An OpenClaw-style provider-first flow would let the user describe what they want in natural language, have the agent expound on it, and have the agent choose its own name based on that intent.
 This manifest was authored on 2026-04-19 to rollup work that began 2026-03-13. Before this date, MVP work was tracked via phase-based Gitea milestones and the scratchpad — there was no rollup manifest at the `docs/MISSION-MANIFEST.md` path (the slot was occupied by sub-mission manifests for `install-ux-hardening` and then `install-ux-v2`).
 Prior execution outline (full detail in [scratchpads/mvp-20260312.md](./scratchpads/mvp-20260312.md)):
 - **Phases 0 → 7** (Gitea milestones `ms-157` → `ms-164`, issues #1–#59): foundation, core API, agent layer, web dashboard, memory, remote control, CLI/tools, polish/beta. Substantially shipped by Session 13.
 - **Phase 8** (Gitea milestone `ms-165`, issues #160–#172): platform architecture extension — teams, workspaces, `/provider` OAuth, preferences, etc. Wave-based execution plan defined at Session 14.
 - **Sub-missions** during the gap: `install-ux-hardening` (complete, `mosaic-v0.0.25`), `install-ux-v2` (complete on 2026-04-19, `0.0.27` → `0.0.29`). Both archived under `docs/archive/missions/`.
 Going forward, MVP execution is tracked through the **Workstreams** table below. Phase-based issue numbering is preserved on Gitea but is no longer the primary control plane.
 ## Cross-Cutting MVP Requirements
 These apply to every workstream and every milestone. A workstream cannot ship if it breaks any of them.
 | #      | Requirement                                                                                                                                                                      |
 | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | MVP-X1 | Three-surface parity: every user-facing capability is reachable via webUI **and** TUI **and** CLI (read paths at minimum; mutating paths where applicable to the surface).       |
 | MVP-X2 | Multi-tenant isolation is enforced at every boundary; no cross-user leakage under any circumstance.                                                                              |
 | MVP-X3 | Auth via BetterAuth (existing); SSO adapters per PRD; admin bootstrap remains a one-shot.                                                                                        |
 | MVP-X4 | Three quality gates green before push: `pnpm typecheck`, `pnpm lint`, `pnpm format:check`.                                                                                       |
 | MVP-X5 | Federated tier (PG + pgvector + Valkey) is the canonical MVP deployment topology; local/standalone tiers continue to work for non-federated installs but are not the MVP target. |
 | MVP-X6 | OTEL tracing on every request path; `traceparent` propagated across the federation boundary in both directions.                                                                  |
 | MVP-X7 | Trunk merge strategy: branch from `main`, squash-merge via PR, never push to `main` directly.                                                                                    |
 ## Success Criteria
-The MVP is complete when ALL declared workstreams are complete AND every cross-cutting requirement is verifiable on a live two-host deployment (woltje.com ↔ uscllc.com).
+- [x] AC-1: Admin bootstrap completes successfully end-to-end on a fresh install (DTO value import, no forbidNonWhitelisted regression); covered by an integration or e2e test that exercises the real DTO binding. _(PR #440)_
 - [x] AC-2: Wizard fails loudly (non-zero exit, clear error) when the bootstrap stage returns `completed: false`, in both interactive and headless modes. No more silent `✔ Wizard complete` after a 400. _(PR #440)_
 - [x] AC-3: Gateway port prompt prefills `14242` in the input field (user can press Enter to accept). _(PR #440)_
 - [x] AC-4: `"What is Mosaic?"` intro copy mentions Pi SDK as the underlying agent runtime. _(PR #440)_
 - [x] AC-5: Release `mosaic-v0.0.26` tagged and published to the Gitea npm registry, unblocking the 0.0.25 happy path. _(tag: mosaic-v0.0.26, registry: 0.0.26 live)_
 - [ ] AC-6: CORS origin prompt replaced with FQDN/hostname input; CORS string is derived from that.
 - [ ] AC-7: Skill / additional feature install section is reworked until it is actually usable end-to-end (worker defines the concrete failure modes during diagnosis).
 - [ ] AC-8: First-run flow has a drill-down main menu with at least `Plugins` (Recommended / Custom), `Providers`, and the other top-level configuration groups. Linear interrogation is gone.
 - [ ] AC-9: `Quick Start` path completes with a minimal, curated set of questions (target: under 90 seconds for a returning user; define the exact baseline during design).
 - [ ] AC-10: Provider setup happens first, driven by a natural-language intake prompt. The agent expounds on the user's intent and chooses its own name based on that intent (OpenClaw-style). Naming is confirmable / overridable.
 - [ ] AC-11: All milestones ship as merged PRs with green CI and closed issues.
- [ ] AC-MVP-1: All declared workstreams reach `complete` status with merged PRs and green CI
+## Milestones
 - [ ] AC-MVP-2: A user session on the home gateway can transparently query work-gateway data subject to scope, with no data persisted across the boundary
 - [ ] AC-MVP-3: The same user-facing capability is reachable from webUI, TUI, and CLI (per MVP-X1)
 - [ ] AC-MVP-4: Two-gateway production deployment (woltje.com ↔ uscllc.com) operational ≥7 days without incident
 - [ ] AC-MVP-5: All cross-cutting requirements (MVP-X1 → MVP-X7) verified with evidence
 - [ ] AC-MVP-6: PRD `docs/PRD.md` "In Scope (v0.1.0 Beta)" list mapped to evidence (each item: shipped / explicitly deferred with rationale)
-## Workstreams
+| #   | ID      | Name                                                         | Status      | Branch                 | Issue | Started    | Completed  |
 | --- | ------- | ------------------------------------------------------------ | ----------- | ---------------------- | ----- | ---------- | ---------- |
 | 1   | IUV-M01 | Hotfix: bootstrap DTO + wizard failure + port prefill + copy | complete    | fix/bootstrap-hotfix   | #436  | 2026-04-05 | 2026-04-05 |
 | 2   | IUV-M02 | UX polish: CORS/FQDN, skill installer rework                 | complete    | feat/install-ux-polish | #437  | 2026-04-05 | 2026-04-05 |
 | 3   | IUV-M03 | Provider-first intelligent flow + drill-down main menu       | not-started | feat/install-ux-intent | #438  | —          | —          |
-| #   | ID  | Name                                        | Status            | Manifest                                                                | Notes                                               |
+## Subagent Delegation Plan
 | --- | --- | ------------------------------------------- | ----------------- | ----------------------------------------------------------------------- | --------------------------------------------------- |
 | W1  | FED | Federation v1                               | planning-complete | [docs/federation/MISSION-MANIFEST.md](./federation/MISSION-MANIFEST.md) | 7 milestones, ~175K tokens, issues #460–#466 filed  |
 | W2+ | TBD | (additional workstreams declared as scoped) | —                 | —                                                                       | Scope creep is expected and explicitly accommodated |
-### Likely Additional Workstreams (Not Yet Declared)
+| Milestone | Recommended Tier | Rationale                                                             |
-
+| --------- | ---------------- | --------------------------------------------------------------------- |
-These are anticipated based on the PRD `In Scope` list but are NOT counted toward MVP completion until they have their own manifest, milestones, and tracking issues. Listed here so the orchestrator knows what's likely coming.
+| IUV-M01   | sonnet           | Tight bug cluster with known fix sites + small release cycle          |
-
+| IUV-M02   | sonnet           | UX rework, moderate surface, diagnostic-heavy for the skill installer |
- Web dashboard parity with PRD scope (chat, tasks, projects, missions, agent status surfaces)
+| IUV-M03   | opus             | Architectural redesign of first-run flow, state machine + LLM intake  |
 - Pi TUI integration for terminal-native agent work
 - CLI completeness for headless / scripted workflows that mirror webUI capability
 - Remote control plugins (Discord priority, then Telegram)
 - Multi-user / SSO finishing (BetterAuth + Authentik/WorkOS/Keycloak adapters per PRD)
 - LLM provider expansion (Anthropic, Codex, Z.ai, Ollama, LM Studio, llama.cpp) + routing matrix
 - MCP server/client capability + skill import interface
 - Brain (`@mosaicstack/brain`) as the structured data layer on PG + vector
 When any of these solidify into a real workstream, add a row to the Workstreams table, create a workstream-level manifest under `docs/{workstream}/MISSION-MANIFEST.md`, and file tracking issues.
 ## Risks
- **Scope creep is the named risk.** Workstreams will be added; the rule is that each must have its own manifest + milestones + acceptance criteria before it consumes execution capacity.
+- **Hotfix regression surface** — the `import type` → `import` fix on the DTO class is one character but needs an integration test that binds the real DTO, not just a controller unit test, to prevent the same class-erasure regression from sneaking back in.
- **Federation urgency vs. surface parity** — federation is being built first because it unblocks the user, but webUI/TUI/CLI parity (MVP-X1) cannot slip indefinitely. Track surface coverage explicitly when each workstream lands.
+- **LLM-driven intake latency / offline** — M03's provider-first intent flow assumes an available LLM call to expound on user input and choose a name. Offline installs need a deterministic fallback.
- **Three-surface fan-out** — the same capability exposed three ways multiplies test surface and design effort. Default to a shared API/contract layer, then thin surface adapters; resist surface-specific business logic.
+- **Menu vs. linear back-compat** — M03 changes the top-level flow shape; existing `tools/install.sh --yes` + env-var headless path must continue to work.
- **Federated-tier dependency** — MVP requires PG + pgvector + Valkey; users on local/standalone tier cannot federate. This is intentional but must be communicated clearly in the wizard.
+- **Scope creep in M03** — "redesign the wizard" can absorb arbitrary work. Keep it bounded with explicit non-goals.
-## Out of Scope (MVP)
+## Out of Scope
- SaaS / multi-tenant revenue model — personal/family/team tool only
+- Migrating the wizard to a GUI / web UI (still terminal-first)
- Mobile native apps — responsive web only
+- Replacing the Gitea registry or the Woodpecker publish pipeline
- Public npm registry publishing — Gitea registry only
+- Multi-tenant / multi-user onboarding (still single-admin bootstrap)
- Voice / video agent interaction
+- Reworking `mosaic uninstall` (M01 of the parent mission — stable)
 - Full OpenClaw feature parity — inspiration only
 - Calendar / GLPI / Woodpecker tooling integrations (deferred to post-MVP)
 ## Session History
 For sessions 1–14 (phase-based execution, 2026-03-13 → 2026-03-15), see [scratchpads/mvp-20260312.md](./scratchpads/mvp-20260312.md). Sessions below are tracked at the rollup level.
 | Session | Date       | Runtime | Outcome                                                                                                                                                                                                                                                                |
 | ------- | ---------- | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | S15     | 2026-04-19 | claude  | MVP rollup manifest authored. Install-ux-v2 archived (IUV-M03 retroactively closed — shipped via PR #446 + releases 0.0.27 → 0.0.29). Federation v1 planning landed via PR #468. W1 manifest reachable at `docs/federation/MISSION-MANIFEST.md`. Next: kickoff FED-M1. |
 ## Next Step
 Begin W1 / FED-M1 — federated tier infrastructure. Task breakdown lives at [docs/federation/TASKS.md](./federation/TASKS.md).
--- a/docs/TASKS.md
+++ b/docs/TASKS.md
@@ -1,40 +1,39 @@
-# Tasks — MVP (Top-Level Rollup)
+# Tasks — Install UX v2
 > Single-writer: orchestrator only. Workers read but never modify.
 >
-> **Mission:** mvp-20260312
+> **Mission:** install-ux-v2-20260405
-> **Manifest:** [docs/MISSION-MANIFEST.md](./MISSION-MANIFEST.md)
+> **Schema:** `| id | status | description | issue | agent | branch | depends_on | estimate | notes |`
->
+> **Status values:** `not-started` | `in-progress` | `done` | `blocked` | `failed` | `needs-qa`
-> This file is a **rollup**. Per-workstream task breakdowns live in workstream task files
+> **Agent values:** `codex` | `sonnet` | `haiku` | `opus` | `—` (auto)
 > (e.g. `docs/federation/TASKS.md`). Workers operating inside a workstream should treat
 > the workstream file as their primary task source; this file exists for orchestrator-level
 > visibility into MVP-wide state.
 >
 > **Status values:** `not-started` | `in-progress` | `done` | `blocked` | `failed`
-## Workstream Rollup
+## Milestone 1 — Hotfix: bootstrap DTO + wizard failure + port prefill + copy (IUV-M01)
-| id  | status            | workstream          | progress         | tasks file                                        | notes                                                           |
+| id        | status | description                                                                                                                                                                                   | issue | agent  | branch               | depends_on | estimate | notes                                                                                   |
-| --- | ----------------- | ------------------- | ---------------- | ------------------------------------------------- | --------------------------------------------------------------- |
+| --------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | ------ | -------------------- | ---------- | -------- | --------------------------------------------------------------------------------------- |
-| W1  | planning-complete | Federation v1 (FED) | 0 / 7 milestones | [docs/federation/TASKS.md](./federation/TASKS.md) | M1 task breakdown populated; M2–M7 deferred to mission planning |
+| IUV-01-01 | done   | Fix `apps/gateway/src/admin/bootstrap.controller.ts:16` — switch `import type { BootstrapSetupDto }` to a value import so Nest's `@Body()` binds the real class                               | #436  | sonnet | fix/bootstrap-hotfix | —          | 3K       | PR #440 merged `0ae932ab`                                                               |
 | IUV-01-02 | done   | Add integration / e2e test that POSTs `/api/bootstrap/setup` with `{name,email,password}` against a real Nest app instance and asserts 201 — NOT a mocked controller unit test                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-01  | 10K      | `apps/gateway/src/admin/bootstrap.e2e.spec.ts` — 4 tests; unplugin-swc added for vitest |
 | IUV-01-03 | done   | `packages/mosaic/src/wizard.ts:147` — propagate `!bootstrapResult.completed` as a wizard failure in **interactive** mode too (not only headless); non-zero exit + no `✔ Wizard complete` line | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-02  | 5K       | removed `&& headlessRun` guard                                                          |
 | IUV-01-04 | done   | Gateway port prompt prefills `14242` in the input buffer — investigate why `promptPort`'s `defaultValue` isn't reaching the user-visible input                                                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-03  | 5K       | added `initialValue` through prompter interface → clack                                 |
 | IUV-01-05 | done   | `"What is Mosaic?"` intro copy updated to mention Pi SDK as the underlying agent runtime (alongside Claude Code / Codex / OpenCode)                                                           | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-04  | 2K       | `packages/mosaic/src/stages/welcome.ts`                                                 |
 | IUV-01-06 | done   | Tests + code review + PR merge + tag `mosaic-v0.0.26` + Gitea release + npm registry republish                                                                                                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-05  | 10K      | PRs #440/#441/#442 merged; tag `mosaic-v0.0.26`; registry latest=0.0.26 ✓               |
-## Cross-Cutting Tracking
+## Milestone 2 — UX polish: CORS/FQDN, skill installer rework (IUV-M02)
-These are MVP-level checks that don't belong to any single workstream. Updated by the orchestrator at each session.
+| id        | status | description                                                                                                                          | issue | agent  | branch                 | depends_on | estimate | notes                                                                  |
 | --------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------ | ----- | ------ | ---------------------- | ---------- | -------- | ---------------------------------------------------------------------- |
 | IUV-02-01 | done   | Replace CORS origin prompt with FQDN / hostname input; derive the CORS value internally; default to `localhost` with clear help text | #437  | sonnet | feat/install-ux-polish | —          | 10K      | `deriveCorsOrigin()` pure fn; MOSAIC_HOSTNAME headless var; PR #444    |
 | IUV-02-02 | done   | Diagnose and document the concrete failure modes of the current skill / additional feature install section end-to-end                | #437  | sonnet | feat/install-ux-polish | IUV-02-01  | 8K       | selection→install gap, silent catch{}, no whitelist concept            |
 | IUV-02-03 | done   | Rework the skill installer so it is usable end-to-end (selection, install, verify, failure reporting)                                | #437  | sonnet | feat/install-ux-polish | IUV-02-02  | 20K      | MOSAIC_INSTALL_SKILLS env var whitelist; SyncSkillsResult typed return |
 | IUV-02-04 | done   | Tests + code review + PR merge                                                                                                       | #437  | sonnet | feat/install-ux-polish | IUV-02-03  | 10K      | 18 new tests (13 CORS + 5 skills); PR #444 merged `172bacb3`           |
-| id      | status      | description                                                                                              | notes                                                                                   |
+## Milestone 3 — Provider-first intelligent flow + drill-down main menu (IUV-M03)
 | ------- | ----------- | -------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
 | MVP-T01 | done        | Author MVP-level manifest at `docs/MISSION-MANIFEST.md`                                                  | This session (2026-04-19); PR pending                                                   |
 | MVP-T02 | done        | Archive install-ux-v2 mission state to `docs/archive/missions/install-ux-v2-20260405/`                   | IUV-M03 retroactively closed (shipped via PR #446 + releases 0.0.27→0.0.29)             |
 | MVP-T03 | done        | Land federation v1 planning artifacts on `main`                                                          | PR #468 merged 2026-04-19 (commit `66512550`)                                           |
 | MVP-T04 | not-started | Sync `.mosaic/orchestrator/mission.json` MVP slot with this manifest (milestone enumeration, etc.)       | Coord state file; consider whether to repopulate via `mosaic coord` or accept hand-edit |
 | MVP-T05 | in-progress | Kick off W1 / FED-M1 — federated tier infrastructure                                                     | Session 16 (2026-04-19): FED-M1-01 in-progress on `feat/federation-m1-tier-config`      |
 | MVP-T06 | not-started | Declare additional workstreams (web dashboard, TUI/CLI parity, remote control, etc.) as scope solidifies | Track each new workstream by adding a row to the Workstream Rollup                      |
-## Pointer to Active Workstream
+| id        | status      | description                                                                                                                                                  | issue | agent | branch                 | depends_on | estimate | notes                                                         |
-
+| --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | ----- | ---------------------- | ---------- | -------- | ------------------------------------------------------------- |
-Active workstream is **W1 — Federation v1**. Workers should:
+| IUV-03-01 | not-started | Design doc: new first-run state machine — main menu (Plugins / Providers / …), Quick Start vs Custom paths, provider-first flow, intent intake + naming loop | #438  | opus  | feat/install-ux-intent | —          | 15K      | scratchpad + explicit non-goals                               |
-
+| IUV-03-02 | not-started | Implement drill-down main menu (Plugins: Recommended / Custom, Providers, …) as the top-level entry point of `mosaic wizard`                                 | #438  | opus  | feat/install-ux-intent | IUV-03-01  | 25K      |                                                               |
-1. Read [docs/federation/MISSION-MANIFEST.md](./federation/MISSION-MANIFEST.md) for workstream scope
+| IUV-03-03 | not-started | Quick Start path: curated minimum question set — define the exact baseline, delete everything else from the fast path                                        | #438  | opus  | feat/install-ux-intent | IUV-03-02  | 15K      |                                                               |
-2. Read [docs/federation/TASKS.md](./federation/TASKS.md) for the next pending task
+| IUV-03-04 | not-started | Provider-first natural-language intake: user describes intent → agent expounds → agent proposes a name (confirmable / overridable) — OpenClaw-style          | #438  | opus  | feat/install-ux-intent | IUV-03-03  | 25K      | offline fallback required (deterministic default name + path) |
-3. Follow per-task agent + tier guidance from the workstream manifest
+| IUV-03-05 | not-started | Preserve backward-compat: headless path (`MOSAIC_ASSUME_YES=1` + env vars) still works end-to-end; `tools/install.sh --yes` unchanged                        | #438  | opus  | feat/install-ux-intent | IUV-03-04  | 10K      |                                                               |
 | IUV-03-06 | not-started | Tests + code review + PR merge + `mosaic-v0.0.27` release                                                                                                    | #438  | opus  | feat/install-ux-intent | IUV-03-05  | 15K      |                                                               |
--- a/docs/archive/missions/install-ux-v2-20260405/MISSION-MANIFEST.md
+++ b/docs/archive/missions/install-ux-v2-20260405/MISSION-MANIFEST.md
@@ -1,74 +0,0 @@
 # Mission Manifest — Install UX v2
 > Persistent document tracking full mission scope, status, and session history.
 > Updated by the orchestrator at each phase transition and milestone completion.
 ## Mission
 **ID:** install-ux-v2-20260405
 **Statement:** The install-ux-hardening mission shipped the plumbing (uninstall, masked password, hooks consent, unified flow, headless path), but the first real end-to-end run surfaced a critical regression and a collection of UX failings that make the wizard feel neither quick nor intelligent. This mission closes the bootstrap regression as a hotfix, then rethinks the first-run experience around a provider-first, intent-driven flow with a drill-down main menu and a genuinely fast quick-start.
 **Phase:** Closed
 **Current Milestone:** —
 **Progress:** 3 / 3 milestones
 **Status:** complete
 **Last Updated:** 2026-04-19 (archived during MVP manifest authoring; IUV-M03 substantively shipped via PR #446 — drill-down menu + provider-first flow + quick start; releases 0.0.27 → 0.0.29)
 **Archived to:** `docs/archive/missions/install-ux-v2-20260405/`
 **Parent Mission:** [install-ux-hardening-20260405](./archive/missions/install-ux-hardening-20260405/MISSION-MANIFEST.md) (complete — `mosaic-v0.0.25`)
 ## Context
 Real-run testing of `@mosaicstack/mosaic@0.0.25` uncovered:
 1. **Critical:** admin bootstrap fails with HTTP 400 `property email should not exist` — `bootstrap.controller.ts` uses `import type { BootstrapSetupDto }`, erasing the class at runtime. Nest's `@Body()` falls back to plain `Object` metatype, and ValidationPipe with `forbidNonWhitelisted` rejects every property. One-character fix (drop the `type` keyword), but it blocks the happy path of the release that just shipped.
 2. The wizard reports `✔ Wizard complete` and `✔ Done` _after_ the bootstrap 400 — failure only propagates in headless mode (`wizard.ts:147`).
 3. The gateway port prompt does not prefill `14242` in the input buffer.
 4. `"What is Mosaic?"` intro copy does not mention Pi SDK (the actual agent runtime behind Claude/Codex/OpenCode).
 5. CORS origin prompt is confusing — the user should be able to supply an FQDN/hostname and have the system derive the CORS value.
 6. Skill / additional feature install section is unusable in practice.
 7. Quick-start asks far too many questions to be meaningfully "quick".
 8. No drill-down main menu — everything is a linear interrogation.
 9. Provider setup happens late and without intelligence. An OpenClaw-style provider-first flow would let the user describe what they want in natural language, have the agent expound on it, and have the agent choose its own name based on that intent.
 ## Success Criteria
 - [x] AC-1: Admin bootstrap completes successfully end-to-end on a fresh install (DTO value import, no forbidNonWhitelisted regression); covered by an integration or e2e test that exercises the real DTO binding. _(PR #440)_
 - [x] AC-2: Wizard fails loudly (non-zero exit, clear error) when the bootstrap stage returns `completed: false`, in both interactive and headless modes. No more silent `✔ Wizard complete` after a 400. _(PR #440)_
 - [x] AC-3: Gateway port prompt prefills `14242` in the input field (user can press Enter to accept). _(PR #440)_
 - [x] AC-4: `"What is Mosaic?"` intro copy mentions Pi SDK as the underlying agent runtime. _(PR #440)_
 - [x] AC-5: Release `mosaic-v0.0.26` tagged and published to the Gitea npm registry, unblocking the 0.0.25 happy path. _(tag: mosaic-v0.0.26, registry: 0.0.26 live)_
 - [ ] AC-6: CORS origin prompt replaced with FQDN/hostname input; CORS string is derived from that.
 - [ ] AC-7: Skill / additional feature install section is reworked until it is actually usable end-to-end (worker defines the concrete failure modes during diagnosis).
 - [ ] AC-8: First-run flow has a drill-down main menu with at least `Plugins` (Recommended / Custom), `Providers`, and the other top-level configuration groups. Linear interrogation is gone.
 - [ ] AC-9: `Quick Start` path completes with a minimal, curated set of questions (target: under 90 seconds for a returning user; define the exact baseline during design).
 - [ ] AC-10: Provider setup happens first, driven by a natural-language intake prompt. The agent expounds on the user's intent and chooses its own name based on that intent (OpenClaw-style). Naming is confirmable / overridable.
 - [ ] AC-11: All milestones ship as merged PRs with green CI and closed issues.
 ## Milestones
 | #   | ID      | Name                                                         | Status   | Branch                 | Issue | Started    | Completed  |
 | --- | ------- | ------------------------------------------------------------ | -------- | ---------------------- | ----- | ---------- | ---------- |
 | 1   | IUV-M01 | Hotfix: bootstrap DTO + wizard failure + port prefill + copy | complete | fix/bootstrap-hotfix   | #436  | 2026-04-05 | 2026-04-05 |
 | 2   | IUV-M02 | UX polish: CORS/FQDN, skill installer rework                 | complete | feat/install-ux-polish | #437  | 2026-04-05 | 2026-04-05 |
 | 3   | IUV-M03 | Provider-first intelligent flow + drill-down main menu       | complete | feat/install-ux-intent | #438  | 2026-04-05 | 2026-04-19 |
 ## Subagent Delegation Plan
 | Milestone | Recommended Tier | Rationale                                                             |
 | --------- | ---------------- | --------------------------------------------------------------------- |
 | IUV-M01   | sonnet           | Tight bug cluster with known fix sites + small release cycle          |
 | IUV-M02   | sonnet           | UX rework, moderate surface, diagnostic-heavy for the skill installer |
 | IUV-M03   | opus             | Architectural redesign of first-run flow, state machine + LLM intake  |
 ## Risks
 - **Hotfix regression surface** — the `import type` → `import` fix on the DTO class is one character but needs an integration test that binds the real DTO, not just a controller unit test, to prevent the same class-erasure regression from sneaking back in.
 - **LLM-driven intake latency / offline** — M03's provider-first intent flow assumes an available LLM call to expound on user input and choose a name. Offline installs need a deterministic fallback.
 - **Menu vs. linear back-compat** — M03 changes the top-level flow shape; existing `tools/install.sh --yes` + env-var headless path must continue to work.
 - **Scope creep in M03** — "redesign the wizard" can absorb arbitrary work. Keep it bounded with explicit non-goals.
 ## Out of Scope
 - Migrating the wizard to a GUI / web UI (still terminal-first)
 - Replacing the Gitea registry or the Woodpecker publish pipeline
 - Multi-tenant / multi-user onboarding (still single-admin bootstrap)
 - Reworking `mosaic uninstall` (M01 of the parent mission — stable)
--- a/docs/archive/missions/install-ux-v2-20260405/TASKS.md
+++ b/docs/archive/missions/install-ux-v2-20260405/TASKS.md
@@ -1,39 +0,0 @@
 # Tasks — Install UX v2
 > Single-writer: orchestrator only. Workers read but never modify.
 >
 > **Mission:** install-ux-v2-20260405
 > **Schema:** `| id | status | description | issue | agent | branch | depends_on | estimate | notes |`
 > **Status values:** `not-started` | `in-progress` | `done` | `blocked` | `failed` | `needs-qa`
 > **Agent values:** `codex` | `sonnet` | `haiku` | `opus` | `—` (auto)
 ## Milestone 1 — Hotfix: bootstrap DTO + wizard failure + port prefill + copy (IUV-M01)
 | id        | status | description                                                                                                                                                                                   | issue | agent  | branch               | depends_on | estimate | notes                                                                                   |
 | --------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | ------ | -------------------- | ---------- | -------- | --------------------------------------------------------------------------------------- |
 | IUV-01-01 | done   | Fix `apps/gateway/src/admin/bootstrap.controller.ts:16` — switch `import type { BootstrapSetupDto }` to a value import so Nest's `@Body()` binds the real class                               | #436  | sonnet | fix/bootstrap-hotfix | —          | 3K       | PR #440 merged `0ae932ab`                                                               |
 | IUV-01-02 | done   | Add integration / e2e test that POSTs `/api/bootstrap/setup` with `{name,email,password}` against a real Nest app instance and asserts 201 — NOT a mocked controller unit test                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-01  | 10K      | `apps/gateway/src/admin/bootstrap.e2e.spec.ts` — 4 tests; unplugin-swc added for vitest |
 | IUV-01-03 | done   | `packages/mosaic/src/wizard.ts:147` — propagate `!bootstrapResult.completed` as a wizard failure in **interactive** mode too (not only headless); non-zero exit + no `✔ Wizard complete` line | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-02  | 5K       | removed `&& headlessRun` guard                                                          |
 | IUV-01-04 | done   | Gateway port prompt prefills `14242` in the input buffer — investigate why `promptPort`'s `defaultValue` isn't reaching the user-visible input                                                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-03  | 5K       | added `initialValue` through prompter interface → clack                                 |
 | IUV-01-05 | done   | `"What is Mosaic?"` intro copy updated to mention Pi SDK as the underlying agent runtime (alongside Claude Code / Codex / OpenCode)                                                           | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-04  | 2K       | `packages/mosaic/src/stages/welcome.ts`                                                 |
 | IUV-01-06 | done   | Tests + code review + PR merge + tag `mosaic-v0.0.26` + Gitea release + npm registry republish                                                                                                | #436  | sonnet | fix/bootstrap-hotfix | IUV-01-05  | 10K      | PRs #440/#441/#442 merged; tag `mosaic-v0.0.26`; registry latest=0.0.26 ✓               |
 ## Milestone 2 — UX polish: CORS/FQDN, skill installer rework (IUV-M02)
 | id        | status | description                                                                                                                          | issue | agent  | branch                 | depends_on | estimate | notes                                                                  |
 | --------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------ | ----- | ------ | ---------------------- | ---------- | -------- | ---------------------------------------------------------------------- |
 | IUV-02-01 | done   | Replace CORS origin prompt with FQDN / hostname input; derive the CORS value internally; default to `localhost` with clear help text | #437  | sonnet | feat/install-ux-polish | —          | 10K      | `deriveCorsOrigin()` pure fn; MOSAIC_HOSTNAME headless var; PR #444    |
 | IUV-02-02 | done   | Diagnose and document the concrete failure modes of the current skill / additional feature install section end-to-end                | #437  | sonnet | feat/install-ux-polish | IUV-02-01  | 8K       | selection→install gap, silent catch{}, no whitelist concept            |
 | IUV-02-03 | done   | Rework the skill installer so it is usable end-to-end (selection, install, verify, failure reporting)                                | #437  | sonnet | feat/install-ux-polish | IUV-02-02  | 20K      | MOSAIC_INSTALL_SKILLS env var whitelist; SyncSkillsResult typed return |
 | IUV-02-04 | done   | Tests + code review + PR merge                                                                                                       | #437  | sonnet | feat/install-ux-polish | IUV-02-03  | 10K      | 18 new tests (13 CORS + 5 skills); PR #444 merged `172bacb3`           |
 ## Milestone 3 — Provider-first intelligent flow + drill-down main menu (IUV-M03)
 | id        | status      | description                                                                                                                                                  | issue | agent | branch                 | depends_on | estimate | notes                                                         |
 | --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | ----- | ---------------------- | ---------- | -------- | ------------------------------------------------------------- |
 | IUV-03-01 | not-started | Design doc: new first-run state machine — main menu (Plugins / Providers / …), Quick Start vs Custom paths, provider-first flow, intent intake + naming loop | #438  | opus  | feat/install-ux-intent | —          | 15K      | scratchpad + explicit non-goals                               |
 | IUV-03-02 | not-started | Implement drill-down main menu (Plugins: Recommended / Custom, Providers, …) as the top-level entry point of `mosaic wizard`                                 | #438  | opus  | feat/install-ux-intent | IUV-03-01  | 25K      |                                                               |
 | IUV-03-03 | not-started | Quick Start path: curated minimum question set — define the exact baseline, delete everything else from the fast path                                        | #438  | opus  | feat/install-ux-intent | IUV-03-02  | 15K      |                                                               |
 | IUV-03-04 | not-started | Provider-first natural-language intake: user describes intent → agent expounds → agent proposes a name (confirmable / overridable) — OpenClaw-style          | #438  | opus  | feat/install-ux-intent | IUV-03-03  | 25K      | offline fallback required (deterministic default name + path) |
 | IUV-03-05 | not-started | Preserve backward-compat: headless path (`MOSAIC_ASSUME_YES=1` + env vars) still works end-to-end; `tools/install.sh --yes` unchanged                        | #438  | opus  | feat/install-ux-intent | IUV-03-04  | 10K      |                                                               |
 | IUV-03-06 | not-started | Tests + code review + PR merge + `mosaic-v0.0.27` release                                                                                                    | #438  | opus  | feat/install-ux-intent | IUV-03-05  | 15K      |                                                               |
--- a/docs/federation/TASKS.md
+++ b/docs/federation/TASKS.md
@@ -15,20 +15,20 @@
 Goal: Gateway runs in `federated` tier with containerized PG+pgvector+Valkey. No federation logic yet. Existing standalone behavior does not regress.
-| id        | status      | description                                                                                                                                                                                                        | issue | agent  | branch                          | depends_on | estimate | notes                                                                                                                             |
+| id        | status      | description                                                                                                                                                                                                        | issue | agent  | branch                          | depends_on | estimate | notes                                                                                                             |
-| --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | ------ | ------------------------------- | ---------- | -------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| --------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | ------ | ------------------------------- | ---------- | -------- | ----------------------------------------------------------------------------------------------------------------- |
-| FED-M1-01 | done        | Extend `mosaic.config.json` schema: add `"federated"` to `tier` enum in validator + TS types. Keep `local` and `standalone` working. Update schema docs/README where referenced.                                   | #460  | sonnet | feat/federation-m1-tier-config  | —          | 4K       | Shipped in PR #470. Renamed `team` → `standalone`; added `team` deprecation alias; added `DEFAULT_FEDERATED_CONFIG`.              |
+| FED-M1-01 | not-started | Extend `mosaic.config.json` schema: add `"federated"` to `tier` enum in validator + TS types. Keep `local` and `standalone` working. Update schema docs/README where referenced.                                   | #460  | codex  | feat/federation-m1-tier-config  | —          | 4K       | Schema lives in `packages/types`; validator in gateway bootstrap. No behavior change yet — enum only.             |
-| FED-M1-02 | in-progress | Author `docker-compose.federated.yml` as an overlay profile: Postgres 17 + pgvector extension (port 5433), Valkey (6380), named volumes, healthchecks. Compose-up should boot cleanly on a clean machine.          | #460  | sonnet | feat/federation-m1-compose      | FED-M1-01  | 5K       | Bumped PG16→PG17 to match base compose. Overlay defines distinct `postgres-federated`/`valkey-federated` services, profile-gated. |
+| FED-M1-02 | not-started | Author `docker-compose.federated.yml` as an overlay profile: Postgres 16 + pgvector extension (port 5433), Valkey (6380), named volumes, healthchecks. Compose-up should boot cleanly on a clean machine.          | #460  | codex  | feat/federation-m1-compose      | FED-M1-01  | 5K       | Overlay on existing `docker-compose.yml`; no changes to base file. Add `profile: federated` gating.               |
-| FED-M1-03 | not-started | Add pgvector support to `packages/storage/src/adapters/postgres.ts`: create extension on init (idempotent), expose vector column type in schema helpers. No adapter changes for non-federated tiers.               | #460  | codex  | feat/federation-m1-pgvector     | FED-M1-02  | 8K       | Extension create is idempotent `CREATE EXTENSION IF NOT EXISTS vector`. Gate on tier = federated.                                 |
+| FED-M1-03 | not-started | Add pgvector support to `packages/storage/src/adapters/postgres.ts`: create extension on init (idempotent), expose vector column type in schema helpers. No adapter changes for non-federated tiers.               | #460  | codex  | feat/federation-m1-pgvector     | FED-M1-02  | 8K       | Extension create is idempotent `CREATE EXTENSION IF NOT EXISTS vector`. Gate on tier = federated.                 |
-| FED-M1-04 | not-started | Implement `apps/gateway/src/bootstrap/tier-detector.ts`: reads config, asserts PG/Valkey/pgvector reachable for `federated`, fail-fast with actionable error message on failure. Unit tests for each failure mode. | #460  | codex  | feat/federation-m1-detector     | FED-M1-03  | 8K       | Structured error type with remediation hints. Logs which service failed, with host:port attempted.                                |
+| FED-M1-04 | not-started | Implement `apps/gateway/src/bootstrap/tier-detector.ts`: reads config, asserts PG/Valkey/pgvector reachable for `federated`, fail-fast with actionable error message on failure. Unit tests for each failure mode. | #460  | codex  | feat/federation-m1-detector     | FED-M1-03  | 8K       | Structured error type with remediation hints. Logs which service failed, with host:port attempted.                |
-| FED-M1-05 | not-started | Write `scripts/migrate-to-federated.ts`: one-way migration from `local` (PGlite) / `standalone` (PG without pgvector) → `federated`. Dumps, transforms, loads; dry-run + confirm UX. Idempotent on re-run.         | #460  | codex  | feat/federation-m1-migrate      | FED-M1-04  | 10K      | Do NOT run automatically. CLI subcommand `mosaic migrate tier --to federated --dry-run`. Safety rails.                            |
+| FED-M1-05 | not-started | Write `scripts/migrate-to-federated.ts`: one-way migration from `local` (PGlite) / `standalone` (PG without pgvector) → `federated`. Dumps, transforms, loads; dry-run + confirm UX. Idempotent on re-run.         | #460  | codex  | feat/federation-m1-migrate      | FED-M1-04  | 10K      | Do NOT run automatically. CLI subcommand `mosaic migrate tier --to federated --dry-run`. Safety rails.            |
-| FED-M1-06 | not-started | Update `mosaic doctor`: report current tier, required services, actual health per service, pgvector presence, overall green/yellow/red. Machine-readable JSON output flag for CI use.                              | #460  | sonnet | feat/federation-m1-doctor       | FED-M1-04  | 6K       | Existing doctor output evolves; add `--json` flag. Green/yellow/red + remediation suggestions per issue.                          |
+| FED-M1-06 | not-started | Update `mosaic doctor`: report current tier, required services, actual health per service, pgvector presence, overall green/yellow/red. Machine-readable JSON output flag for CI use.                              | #460  | sonnet | feat/federation-m1-doctor       | FED-M1-04  | 6K       | Existing doctor output evolves; add `--json` flag. Green/yellow/red + remediation suggestions per issue.          |
-| FED-M1-07 | not-started | Integration test: gateway boots in `federated` tier with docker-compose `federated` profile; refuses to boot when PG unreachable (asserts fail-fast); pgvector extension query succeeds.                           | #460  | sonnet | feat/federation-m1-integration  | FED-M1-04  | 8K       | Vitest + docker-compose test profile. One test file per assertion; real services, no mocks.                                       |
+| FED-M1-07 | not-started | Integration test: gateway boots in `federated` tier with docker-compose `federated` profile; refuses to boot when PG unreachable (asserts fail-fast); pgvector extension query succeeds.                           | #460  | sonnet | feat/federation-m1-integration  | FED-M1-04  | 8K       | Vitest + docker-compose test profile. One test file per assertion; real services, no mocks.                       |
-| FED-M1-08 | not-started | Integration test for migration script: seed a local PGlite with representative data (tasks, notes, users, teams), run migration, assert row counts + key samples equal on federated PG.                            | #460  | sonnet | feat/federation-m1-migrate-test | FED-M1-05  | 6K       | Runs against docker-compose federated profile; uses temp PGlite file; deterministic seed.                                         |
+| FED-M1-08 | not-started | Integration test for migration script: seed a local PGlite with representative data (tasks, notes, users, teams), run migration, assert row counts + key samples equal on federated PG.                            | #460  | sonnet | feat/federation-m1-migrate-test | FED-M1-05  | 6K       | Runs against docker-compose federated profile; uses temp PGlite file; deterministic seed.                         |
-| FED-M1-09 | not-started | Standalone regression: full agent-session E2E on existing `standalone` tier with a gateway built from this branch. Must pass without referencing any federation module.                                            | #460  | haiku  | feat/federation-m1-regression   | FED-M1-07  | 4K       | Reuse existing e2e harness; just re-point at the federation branch build. Canary that we didn't break it.                         |
+| FED-M1-09 | not-started | Standalone regression: full agent-session E2E on existing `standalone` tier with a gateway built from this branch. Must pass without referencing any federation module.                                            | #460  | haiku  | feat/federation-m1-regression   | FED-M1-07  | 4K       | Reuse existing e2e harness; just re-point at the federation branch build. Canary that we didn't break it.         |
-| FED-M1-10 | not-started | Code review pass: security-focused on the migration script (data-at-rest during migration) + tier detector (error-message sensitivity leakage). Independent reviewer, not authors of tasks 01-09.                  | #460  | sonnet | —                               | FED-M1-09  | 8K       | Use `feature-dev:code-reviewer` agent. Specifically: no secrets in error messages; no partial-migration footguns.                 |
+| FED-M1-10 | not-started | Code review pass: security-focused on the migration script (data-at-rest during migration) + tier detector (error-message sensitivity leakage). Independent reviewer, not authors of tasks 01-09.                  | #460  | sonnet | —                               | FED-M1-09  | 8K       | Use `feature-dev:code-reviewer` agent. Specifically: no secrets in error messages; no partial-migration footguns. |
-| FED-M1-11 | not-started | Docs update: `docs/federation/` operator notes for tier setup; README blurb on federated tier; `docs/guides/` entry for migration. Do NOT touch runbook yet (deferred to FED-M7).                                  | #460  | haiku  | feat/federation-m1-docs         | FED-M1-10  | 4K       | Short, actionable. Link from MISSION-MANIFEST. No decisions captured here — those belong in PRD.                                  |
+| FED-M1-11 | not-started | Docs update: `docs/federation/` operator notes for tier setup; README blurb on federated tier; `docs/guides/` entry for migration. Do NOT touch runbook yet (deferred to FED-M7).                                  | #460  | haiku  | feat/federation-m1-docs         | FED-M1-10  | 4K       | Short, actionable. Link from MISSION-MANIFEST. No decisions captured here — those belong in PRD.                  |
-| FED-M1-12 | not-started | PR, CI green, merge to main, close #460.                                                                                                                                                                           | #460  | —      | (aggregate)                     | FED-M1-11  | 3K       | Queue-guard before push; wait for green; merge squashed; tea `issue-close` #460.                                                  |
+| FED-M1-12 | not-started | PR, CI green, merge to main, close #460.                                                                                                                                                                           | #460  | —      | (aggregate)                     | FED-M1-11  | 3K       | Queue-guard before push; wait for green; merge squashed; tea `issue-close` #460.                                  |
 **M1 total estimate:** ~74K tokens (over-budget vs 20K PRD estimate — explanation below)
--- a/docs/archive/missions/install-ux-v2-20260405/scratchpad.md
+++ b/docs/archive/missions/install-ux-v2-20260405/scratchpad.md
--- a/docs/archive/missions/install-ux-v2-20260405/iuv-m03-design.md
+++ b/docs/archive/missions/install-ux-v2-20260405/iuv-m03-design.md
--- a/docs/scratchpads/mvp-20260312.md
+++ b/docs/scratchpads/mvp-20260312.md
@@ -266,80 +266,3 @@ Issues closed: #52, #55, #57, #58, #120-#134
 **P8-018 closed:** Spin-off stubs created (gatekeeper-service.md, task-queue-unification.md, chroot-sandboxing.md)
 **Next:** Begin execution at Wave 1 — P8-007 (DB migrations) + P8-008 (Types) in parallel.
 ---
 ### Session 15 — 2026-04-19 — MVP Rollup Manifest Authored
 | Session | Date       | Milestone      | Tasks Done                                                                | Outcome                                                                                                                                                                |
 | ------- | ---------- | -------------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | 15      | 2026-04-19 | (rollup-level) | MVP-T01 (manifest), MVP-T02 (archive iuv-v2), MVP-T03 (land FED planning) | Authored MVP rollup manifest at `docs/MISSION-MANIFEST.md`. Federation v1 planning merged to `main` (PR #468 / commit `66512550`). Install-ux-v2 archived as complete. |
 **Gap context:** The MVP scratchpad was last updated at Session 14 (2026-03-15). In the intervening month, two sub-missions ran outside the MVP framework: `install-ux-hardening` (complete, `mosaic-v0.0.25`) and `install-ux-v2` (complete on 2026-04-19, `0.0.27` → `0.0.29`). Both archived under `docs/archive/missions/`. The phase-based execution from Sessions 1–14 (Phases 0–8, issues #1–#172) substantially shipped during this window via those sub-missions and standalone PRs — the MVP mission was nominally active but had no rollup manifest tracking it.
 **User reframe (this session):**
 > There will be more in the MVP. This will inevitably become scope creep. I need a solution that works via webUI, TUI, CLI, and just works for MVP. Federation is required because I need it to work NOW, so my disparate jarvis-brain usage can be consolidated properly.
 **Decisions:**
 1. **MVP is the rollup mission**, not a single-purpose mission. Federation v1 is one workstream of MVP, not MVP itself. Phase 0–8 work is preserved as historical context but is no longer the primary control plane.
 2. **Three-surface parity (webUI / TUI / CLI) is a cross-cutting MVP requirement** (MVP-X1), not a workstream. Encoded explicitly so it can't be silently dropped.
 3. **Scope creep is named and accommodated.** Manifest has explicit "Likely Additional Workstreams" section listing PRD-derived candidates without committing execution capacity to them.
 4. **Workstream isolation** — each workstream gets its own manifest under `docs/{workstream}/MISSION-MANIFEST.md`. MVP manifest is rollup only.
 5. **Archive-don't-delete** — install-ux-v2 manifest moved to `docs/archive/missions/install-ux-v2-20260405/` with status corrected to `complete` (IUV-M03 closeout note added pointing at PR #446 + releases 0.0.27 → 0.0.29).
 6. **Federation planning landed first** — PR #468 merged before MVP manifest authored, so the manifest references real on-`main` artifacts.
 **Open items:**
 - `.mosaic/orchestrator/mission.json` MVP slot remains empty (zero milestones). Tracked as MVP-T04. Defer until next session — does not block W1 kickoff. Open question: hand-edit vs. `mosaic coord init` reinit.
 - Additional workstreams (web dashboard parity, TUI/CLI completion, remote control, multi-user/SSO, LLM provider expansion, MCP, brain) anticipated per PRD but not declared. Pre-staged in manifest's "Likely Additional Workstreams" list.
 **Artifacts this session:**
 | Artifact                                                                               | Status                                                                                     |
 | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
 | PR #468 (`docs(federation): PRD, milestones, mission manifest, and M1 task breakdown`) | merged 2026-04-19 → `main` (commit `66512550`)                                             |
 | `docs/MISSION-MANIFEST.md` (MVP rollup, replaces install-ux-v2 manifest)               | authored on `docs/mvp-mission-manifest` branch                                             |
 | `docs/TASKS.md` (MVP rollup, points at workstream task files)                          | authored                                                                                   |
 | Install-ux-v2 manifest + tasks + scratchpad + iuv-m03-design                           | moved to `docs/archive/missions/install-ux-v2-20260405/` with status corrected to complete |
 **Next:** PR `docs/mvp-mission-manifest` → merge to `main` → next session begins W1 / FED-M1 from clean state.
 ---
 ## Session 16 — 2026-04-19 — claude
 **Mode:** Delivery (W1 / FED-M1 execution)
 **Branch:** `feat/federation-m1-tier-config`
 **Context budget:** 200K, currently ~45% used (compaction-aware)
 **Goal:** FED-M1-01 — extend `mosaic.config.json` schema: add `"federated"` to tier enum.
 **Critical reconciliation surfaced during pre-flight:**
 The federation PRD (`docs/federation/PRD.md` line 247) defines three tiers: `local | standalone | federated`.
 The existing code (`packages/config/src/mosaic-config.ts`, `packages/mosaic/src/types.ts`, `packages/mosaic/src/stages/gateway-config.ts`) uses `local | team`.
 `team` is the same conceptual tier as PRD `standalone` (Postgres + Valkey, no pgvector). Rather than carrying a confusing alias forever, FED-M1-01 will rename `team` → `standalone` and add `federated` as a third value, so all downstream federation work has a coherent vocabulary.
 Affected files (storage-tier semantics only — Team/workspace usages unaffected):
 - `packages/config/src/mosaic-config.ts` (StorageTier type, validator enum, defaults)
 - `packages/mosaic/src/types.ts` (GatewayStorageTier)
 - `packages/mosaic/src/stages/gateway-config.ts` (~10 references)
 - `packages/mosaic/src/stages/gateway-config.spec.ts` (test references)
 - Possibly `tools/e2e-install-test.sh` (referenced grep) and headless env hint string
 **Worker plan:**
 1. Spawn sonnet subagent with explicit task spec + the reconciliation context above.
 2. Worker delivers diff; orchestrator runs `pnpm typecheck && pnpm lint && pnpm format:check`.
 3. Independent `feature-dev:code-reviewer` subagent reviews diff.
 4. Second independent verification subagent (general-purpose, sonnet) verifies reviewer's claims and confirms all `'team'` storage-tier references migrated, no `Team`/workspace bleed.
 5. Open PR via tea CLI; wait for CI; queue-guard; squash merge; record actuals.
 **Open items:**
 - `MVP-T04` (sync `.mosaic/orchestrator/mission.json`) still deferred.
 - `team` tier rename touches install wizard headless env vars (`MOSAIC_STORAGE_TIER=team`); will need 0.0.x deprecation note in scratchpad if release notes are written this milestone.
--- a/docs/scratchpads/tools-md-seeding-20260411.md
+++ b/docs/scratchpads/tools-md-seeding-20260411.md
@@ -1,110 +0,0 @@
 # Hotfix Scratchpad — `install.sh` does not seed `TOOLS.md`
 - **Issue:** mosaicstack/stack#457
 - **Branch:** `fix/tools-md-seeding`
 - **Type:** Out-of-mission hotfix (not part of Install UX v2 mission)
 - **Started:** 2026-04-11
 - **Ships in:** `@mosaicstack/mosaic` 0.0.30
 ## Objective
 Ensure `~/.config/mosaic/TOOLS.md` is created on every supported install path so the mandatory AGENTS.md load order actually resolves. The load order lists `TOOLS.md` at position 5 but the bash installer never seeds it.
 ## Root cause
 `packages/mosaic/framework/install.sh:228-236` — the post-sync "Seed defaults" loop explicitly lists `AGENTS.md STANDARDS.md`:
 ```bash
 DEFAULTS_DIR="$TARGET_DIR/defaults"
 if [[ -d "$DEFAULTS_DIR" ]]; then
  for default_file in AGENTS.md STANDARDS.md; do    # ← missing TOOLS.md
    if [[ -f "$DEFAULTS_DIR/$default_file" ]] && [[ ! -f "$TARGET_DIR/$default_file" ]]; then
      cp "$DEFAULTS_DIR/$default_file" "$TARGET_DIR/$default_file"
      ok "Seeded $default_file from defaults"
    fi
  done
 fi
 ```
 `TOOLS.md` is listed in `PRESERVE_PATHS` (line 24) but never created in the first place. A fresh bootstrap install via `tools/install.sh → framework/install.sh` leaves `~/.config/mosaic/TOOLS.md` absent, and the agent load order then points at a missing file.
 ### Secondary: TypeScript `syncFramework` is too greedy
 `packages/mosaic/src/config/file-adapter.ts:133-160` — `FileConfigAdapter.syncFramework` correctly seeds TOOLS.md, but it does so by iterating _every_ file in `framework/defaults/`:
 ```ts
 for (const entry of readdirSync(defaultsDir)) {
  const dest = join(this.mosaicHome, entry);
  if (!existsSync(dest)) {
    copyFileSync(join(defaultsDir, entry), dest);
  }
 }
 ```
 `framework/defaults/` contains:
 ```
 AGENTS.md
 AUDIT-2026-02-17-framework-consistency.md
 README.md
 SOUL.md        ← hardcoded "Jarvis"
 STANDARDS.md
 TOOLS.md
 USER.md
 ```
 So on a fresh install the TS wizard would silently copy the `Jarvis`-flavored `SOUL.md` + placeholder `USER.md` + internal `AUDIT-*.md` and `README.md` into the user's mosaic home before `mosaic init` ever prompts them. That's a latent identity bug as well as a root-clutter bug — the wizard's own stages are responsible for generating `SOUL.md`/`USER.md` via templates.
 ### Tertiary: stale `TOOLS.md.template`
 `packages/mosaic/framework/templates/TOOLS.md.template` still references `~/.config/mosaic/rails/git/…` and `~/.config/mosaic/rails/codex/…`. The `rails/` tree was renamed to `tools/` in the v1→v2 migration (see `run_migrations` in `install.sh`, which removes the old `rails/` symlink). Any user who does run `mosaic init` ends up with a `TOOLS.md` that points to paths that no longer exist.
 ## Scope of this fix
 1. **`packages/mosaic/framework/install.sh`** — extend the explicit seed list to include `TOOLS.md`.
 2. **`packages/mosaic/src/config/file-adapter.ts`** — restrict `syncFramework` defaults-seeding to an explicit whitelist (`AGENTS.md`, `STANDARDS.md`, `TOOLS.md`) so the TS wizard never accidentally seeds `SOUL.md`/`USER.md`/`README.md`/`AUDIT-*.md` into the mosaic home.
 3. **`packages/mosaic/framework/templates/TOOLS.md.template`** — replace `rails/` with `tools/` in the wrapper-path examples (minimal surgical fix; full template modernization is out of scope for a 0.0.30 hotfix).
 4. **Regression test** — unit test around `FileConfigAdapter.syncFramework` that runs against a tmpdir fixture asserting:
   - `TOOLS.md` is seeded when absent
   - `AGENTS.md` / `STANDARDS.md` are still seeded when absent
   - `SOUL.md` / `USER.md` are **not** seeded from `defaults/` (the wizard stages own those)
   - Existing root files are not clobbered.
 Out of scope (tracked separately / future work):
 - Regenerating `defaults/SOUL.md` and `defaults/USER.md` so they no longer contain Jarvis-specific content.
 - Fully modernizing `TOOLS.md.template` to match the rich canonical `defaults/TOOLS.md` reference.
 - `issue-create.sh` / `pr-create.sh` `eval` bugs (already captured to OpenBrain from the prior hotfix).
 ## Plan / checklist
 - [ ] Branch `fix/tools-md-seeding` from `main` (at `b2cbf89`)
 - [ ] File Gitea issue (direct API; wrappers broken for bodies with backticks)
 - [ ] Scratchpad created (this file)
 - [ ] `install.sh` seed loop extended to `AGENTS.md STANDARDS.md TOOLS.md`
 - [ ] `file-adapter.ts` seeding restricted to explicit whitelist
 - [ ] `TOOLS.md.template` `rails/` → `tools/`
 - [ ] Regression test added (`file-adapter.test.ts`) — failing first, then green
 - [ ] `pnpm --filter @mosaicstack/mosaic run typecheck` green
 - [ ] `pnpm --filter @mosaicstack/mosaic run lint` green
 - [ ] `pnpm --filter @mosaicstack/mosaic exec vitest run` — new test green, no new failures beyond the known pre-existing `uninstall.spec.ts:138`
 - [ ] Repo baselines: `pnpm typecheck` / `pnpm lint` / `pnpm format:check`
 - [ ] Independent code review (`feature-dev:code-reviewer`, sonnet tier)
 - [ ] Commit + push
 - [ ] PR opened via Gitea API
 - [ ] CI queue guard cleared (bypass local `ci-queue-wait.sh` if stale origin URL breaks it; query Gitea API directly)
 - [ ] CI green on PR
 - [ ] PR merged (squash)
 - [ ] CI green on main
 - [ ] Issue closed with link to merge commit
 - [ ] `chore/release-mosaic-0.0.30` branch bumps `packages/mosaic/package.json` 0.0.29 → 0.0.30
 - [ ] Release PR opened + merged
 - [ ] `.woodpecker/publish.yml` auto-publishes to Gitea npm registry
 - [ ] Publish verified (`npm view @mosaicstack/mosaic version` or registry check)
 ## Risks / blockers
 - `ci-queue-wait.sh` wrapper may still crash on stale `origin` URL (captured in OpenBrain from prior hotfix). Workaround: query Gitea API directly for running/queued pipelines.
 - `issue-create.sh` / `pr-create.sh` `eval` bugs. Workaround: Gitea API direct call.
 - `uninstall.spec.ts:138` is a pre-existing failure on main; not this change's problem.
 - Publish flow is fire-and-forget on main push — if `publish.yml` fails, rollback means republishing a follow-up patch, not reverting the version bump.
--- a/docs/scratchpads/yolo-runtime-initial-arg-20260411.md
+++ b/docs/scratchpads/yolo-runtime-initial-arg-20260411.md
@@ -1,114 +0,0 @@
 # Hotfix Scratchpad — `mosaic yolo <runtime>` passes runtime name as initial user message
 - **Issue:** mosaicstack/stack#454
 - **Branch:** `fix/yolo-runtime-initial-arg`
 - **Type:** Out-of-mission hotfix (not part of Install UX v2 mission)
 - **Started:** 2026-04-11
 ## Objective
 Stop `mosaic yolo <runtime>` from passing the runtime name (`claude`, `codex`, etc.) as the initial user message to the underlying CLI. Restore the mission-auto-prompt path for yolo launches.
 ## Root cause (confirmed)
 `packages/mosaic/src/commands/launch.ts:779` — the `yolo <runtime>` action handler:
 ```ts
 .action((runtime: string, _opts: unknown, cmd: Command) => {
  // ... validate runtime ...
  launchRuntime(runtime as RuntimeName, cmd.args, true);
 });
 ```
 Commander.js includes declared positional arguments in `cmd.args`. For `mosaic yolo claude`:
 - `runtime` (destructured) = `"claude"`
 - `cmd.args` = `["claude"]` — the same value
 `launchRuntime` treats `["claude"]` as excess positional args, and for the `claude` case that becomes the initial user message. As a secondary consequence, `hasMissionNoArgs` evaluates false, so the mission-auto-prompt path is bypassed too.
 ## Live reproduction (intercepted claude binary)
 ```
 $ PATH=/tmp/fake-claude-bin:$PATH mosaic yolo claude
 [mosaic] Launching Claude Code in YOLO mode...
 argv[1]: --dangerously-skip-permissions
 argv[2]: --append-system-prompt
 argv[3] (len=25601): # ACTIVE MISSION — HARD GATE ...
 argv[4]: claude                                       ← the bug
 ```
 Non-yolo variant `mosaic claude` is clean:
 ```
 argv[1]: --append-system-prompt
 argv[2]: <prompt>
 argv[3]: Active mission detected: MVP. Read the mission state files and report status.
 ```
 ## Plan
 1. Refactor `launch.ts`: extract `registerRuntimeLaunchers(program, handler)` with an injectable handler so commander wiring is testable without spawning subprocesses. `registerLaunchCommands` delegates to it with `launchRuntime` as the handler.
 2. Fix: in the `yolo <runtime>` action, pass `cmd.args.slice(1)` instead of `cmd.args`.
 3. Add `packages/mosaic/src/commands/launch.spec.ts`:
   - Failing-first reproducer: parse `['node','x','yolo','claude']` and assert handler receives `extraArgs=[]` and `yolo=true`.
   - Regression test: parse `['node','x','claude']` asserts handler receives `extraArgs=[]` and `yolo=false`.
   - Excess args: parse `['node','x','yolo','claude','--print','hi']` asserts handler receives `extraArgs=['--print','hi']` (with `--print` kept because `allowUnknownOption` is true).
   - Excess args non-yolo: parse `['node','x','claude','--print','hi']` asserts `extraArgs=['--print','hi']`.
   - Reject unknown runtime under yolo.
 4. Run typecheck, lint, format:check, vitest for `@mosaicstack/mosaic`.
 5. Independent code review (feature-dev:code-reviewer subagent, sonnet tier).
 6. Commit → push → PR via wrappers → merge → CI green → close issue #454.
 7. Release decision (`mosaic-v0.0.30`) deferred to Jason after merge.
 ## Framework compliance sub-findings (out-of-scope; to capture in OpenBrain after)
 - `~/.config/mosaic/tools/git/issue-create.sh` uses `eval` on `$BODY`; arbitrary bodies with backticks, `$`, or parens break catastrophically.
 - `gitea_issue_create_api` fallback uses `curl -fsS` without `-L`; after the `mosaicstack/mosaic-stack → mosaicstack/stack` rename, the API redirect is not followed and the fallback silently fails.
 - Local repo `origin` remote still points at old `mosaic/mosaic-stack.git` slug. Not touched here per git-config safety rule.
 - `~/.config/mosaic/TOOLS.md` referenced by the global load order but does not exist on disk.
 These will be captured to OpenBrain after the hotfix merges so they don't get lost, and filed as separate tracking items.
 ## Progress checkpoints
 - [x] Branch created (`fix/yolo-runtime-initial-arg`)
 - [x] Issue #454 opened
 - [x] Scratchpad scaffolded
 - [x] Failing test added (red)
 - [x] Refactor + fix applied
 - [x] Tests green (launch.spec.ts 11/11)
 - [x] Baselines green (typecheck, lint, format:check, vitest — pre-existing `uninstall.spec.ts:138` failure on branch main acknowledged, not caused by this change)
 - [x] Code review pass (feature-dev:code-reviewer, sonnet — no blockers)
 - [x] Commit + push (commit 1dd4f59)
 - [x] PR opened (mosaicstack/stack#455)
 - [x] CI queue guard cleared (no pending pipelines pre-push or pre-merge)
 - [x] PR merged (squash merge commit b2cec8c6bac29336a6cdcdb4f19806f7b5fa0054)
 - [x] CI green on main (`ci/woodpecker/push/ci` + `ci/woodpecker/push/publish` both success on merge commit)
 - [x] Issue #454 closed
 - [x] Scratchpad final evidence entry
 ## Tests run
 - `pnpm --filter @mosaicstack/mosaic run typecheck` → green
 - `pnpm --filter @mosaicstack/mosaic run lint` → green
 - `pnpm --filter @mosaicstack/mosaic exec prettier --check "src/**/*.ts"` → green
 - `pnpm --filter @mosaicstack/mosaic exec vitest run src/commands/launch.spec.ts` → 11/11 pass
 - `pnpm --filter @mosaicstack/mosaic exec vitest run` → 270/271 pass (1 pre-existing `uninstall.spec.ts:138` EACCES failure, confirmed on the branch before this change)
 - `pnpm typecheck` (repo) → green
 - `pnpm lint` (repo) → green
 - `pnpm format:check` (repo) → green (after prettier-writing the scratchpad)
 ## Risks / blockers
 None expected. Refactor is small and the Commander API is stable. Test needs `exitOverride()` to prevent `process.exit` on invalid runtime.
 ## Final verification evidence
 - PR: mosaicstack/stack#455 — state `closed`, merged.
 - Merge commit: `b2cec8c6bac29336a6cdcdb4f19806f7b5fa0054` (squash to `main`).
 - Post-merge CI (main @ b2cec8c6): `ci/woodpecker/push/ci` = success, `ci/woodpecker/push/publish` = success. (`ci/woodpecker/tag/publish` was last observed as a pre-existing failure on the prior release tag and is unrelated to this change.)
 - Issue mosaicstack/stack#454 closed with a comment linking the merge commit.
 - Launch regression suite: `launch.spec.ts` 11/11 pass on main.
 - Baselines on main after merge are inherited from the PR CI run.
 - Release decision (`mosaicstack/mosaic` 0.0.30) intentionally deferred to the user — the fix is now sitting on main awaiting a release cut.
--- a/packages/config/src/index.ts
+++ b/packages/config/src/index.ts
@@ -1,9 +1,7 @@
 export type { MosaicConfig, StorageTier, MemoryConfigRef } from './mosaic-config.js';
 export {
  DEFAULT_LOCAL_CONFIG,
-  DEFAULT_STANDALONE_CONFIG,
+  DEFAULT_TEAM_CONFIG,
  DEFAULT_FEDERATED_CONFIG,
  loadConfig,
  validateConfig,
  detectFromEnv,
 } from './mosaic-config.js';
--- a/packages/config/src/mosaic-config.spec.ts
+++ b/packages/config/src/mosaic-config.spec.ts
@@ -1,170 +0,0 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import {
  validateConfig,
  detectFromEnv,
  DEFAULT_LOCAL_CONFIG,
  DEFAULT_STANDALONE_CONFIG,
  DEFAULT_FEDERATED_CONFIG,
 } from './mosaic-config.js';
 describe('validateConfig — tier enum', () => {
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  let stderrSpy: any;
  beforeEach(() => {
    stderrSpy = vi.spyOn(process.stderr, 'write').mockImplementation(() => true);
  });
  afterEach(() => {
    stderrSpy.mockRestore();
  });
  it('accepts tier="local"', () => {
    const result = validateConfig({
      tier: 'local',
      storage: { type: 'pglite', dataDir: '.mosaic/storage-pglite' },
      queue: { type: 'local', dataDir: '.mosaic/queue' },
      memory: { type: 'keyword' },
    });
    expect(result.tier).toBe('local');
  });
  it('accepts tier="standalone"', () => {
    const result = validateConfig({
      tier: 'standalone',
      storage: { type: 'postgres', url: 'postgresql://mosaic:mosaic@localhost:5432/mosaic' },
      queue: { type: 'bullmq' },
      memory: { type: 'keyword' },
    });
    expect(result.tier).toBe('standalone');
  });
  it('accepts tier="federated"', () => {
    const result = validateConfig({
      tier: 'federated',
      storage: { type: 'postgres', url: 'postgresql://mosaic:mosaic@localhost:5433/mosaic' },
      queue: { type: 'bullmq' },
      memory: { type: 'pgvector' },
    });
    expect(result.tier).toBe('federated');
  });
  it('accepts deprecated tier="team" as alias for "standalone" and emits a deprecation warning', () => {
    const result = validateConfig({
      tier: 'team',
      storage: { type: 'postgres', url: 'postgresql://mosaic:mosaic@localhost:5432/mosaic' },
      queue: { type: 'bullmq' },
      memory: { type: 'keyword' },
    });
    expect(result.tier).toBe('standalone');
    expect(stderrSpy).toHaveBeenCalledWith(expect.stringContaining('DEPRECATED'));
  });
  it('rejects an invalid tier with an error listing all three valid values', () => {
    expect(() =>
      validateConfig({
        tier: 'invalid',
        storage: { type: 'postgres', url: 'postgresql://mosaic:mosaic@localhost:5432/mosaic' },
        queue: { type: 'bullmq' },
        memory: { type: 'keyword' },
      }),
    ).toThrow(/local.*standalone.*federated|federated.*standalone.*local/);
  });
  it('error message for invalid tier mentions all three valid values', () => {
    let message = '';
    try {
      validateConfig({
        tier: 'invalid',
        storage: { type: 'postgres', url: 'postgresql://...' },
        queue: { type: 'bullmq' },
        memory: { type: 'keyword' },
      });
    } catch (err) {
      message = err instanceof Error ? err.message : String(err);
    }
    expect(message).toContain('"local"');
    expect(message).toContain('"standalone"');
    expect(message).toContain('"federated"');
  });
 });
 describe('DEFAULT_* config constants', () => {
  it('DEFAULT_LOCAL_CONFIG has tier="local"', () => {
    expect(DEFAULT_LOCAL_CONFIG.tier).toBe('local');
  });
  it('DEFAULT_STANDALONE_CONFIG has tier="standalone"', () => {
    expect(DEFAULT_STANDALONE_CONFIG.tier).toBe('standalone');
  });
  it('DEFAULT_FEDERATED_CONFIG has tier="federated" and pgvector memory', () => {
    expect(DEFAULT_FEDERATED_CONFIG.tier).toBe('federated');
    expect(DEFAULT_FEDERATED_CONFIG.memory.type).toBe('pgvector');
  });
  it('DEFAULT_FEDERATED_CONFIG uses port 5433 (distinct from standalone 5432)', () => {
    const url = (DEFAULT_FEDERATED_CONFIG.storage as { url: string }).url;
    expect(url).toContain('5433');
  });
  it('DEFAULT_FEDERATED_CONFIG has enableVector=true on storage', () => {
    const storage = DEFAULT_FEDERATED_CONFIG.storage as {
      type: string;
      url: string;
      enableVector?: boolean;
    };
    expect(storage.enableVector).toBe(true);
  });
 });
 describe('detectFromEnv — tier env-var routing', () => {
  const originalEnv = process.env;
  beforeEach(() => {
    // Work on a fresh copy so individual tests can set/delete keys freely.
    process.env = { ...originalEnv };
    delete process.env['MOSAIC_STORAGE_TIER'];
    delete process.env['DATABASE_URL'];
    delete process.env['VALKEY_URL'];
  });
  afterEach(() => {
    process.env = originalEnv;
  });
  it('no env vars → returns local config', () => {
    const config = detectFromEnv();
    expect(config.tier).toBe('local');
    expect(config.storage.type).toBe('pglite');
    expect(config.memory.type).toBe('keyword');
  });
  it('MOSAIC_STORAGE_TIER=federated alone → returns federated config with enableVector=true', () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'federated';
    const config = detectFromEnv();
    expect(config.tier).toBe('federated');
    expect(config.memory.type).toBe('pgvector');
    const storage = config.storage as { type: string; enableVector?: boolean };
    expect(storage.enableVector).toBe(true);
  });
  it('MOSAIC_STORAGE_TIER=federated + DATABASE_URL → uses the URL and still has enableVector=true', () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'federated';
    process.env['DATABASE_URL'] = 'postgresql://custom:pass@db.example.com:5432/mydb';
    const config = detectFromEnv();
    expect(config.tier).toBe('federated');
    const storage = config.storage as { type: string; url: string; enableVector?: boolean };
    expect(storage.url).toBe('postgresql://custom:pass@db.example.com:5432/mydb');
    expect(storage.enableVector).toBe(true);
    expect(config.memory.type).toBe('pgvector');
  });
  it('MOSAIC_STORAGE_TIER=standalone alone → returns standalone-shaped config (not local)', () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'standalone';
    const config = detectFromEnv();
    expect(config.tier).toBe('standalone');
    expect(config.storage.type).toBe('postgres');
    expect(config.memory.type).toBe('keyword');
  });
 });
--- a/packages/config/src/mosaic-config.ts
+++ b/packages/config/src/mosaic-config.ts
@@ -7,7 +7,7 @@ import type { QueueAdapterConfig as QueueConfig } from '@mosaicstack/queue';
 /*  Types                                                              */
 /* ------------------------------------------------------------------ */
-export type StorageTier = 'local' | 'standalone' | 'federated';
+export type StorageTier = 'local' | 'team';
 export interface MemoryConfigRef {
  type: 'pgvector' | 'sqlite-vec' | 'keyword';
@@ -31,21 +31,10 @@ export const DEFAULT_LOCAL_CONFIG: MosaicConfig = {
  memory: { type: 'keyword' },
 };
-export const DEFAULT_STANDALONE_CONFIG: MosaicConfig = {
+export const DEFAULT_TEAM_CONFIG: MosaicConfig = {
-  tier: 'standalone',
+  tier: 'team',
  storage: { type: 'postgres', url: 'postgresql://mosaic:mosaic@localhost:5432/mosaic' },
  queue: { type: 'bullmq' },
  memory: { type: 'keyword' },
 };
 export const DEFAULT_FEDERATED_CONFIG: MosaicConfig = {
  tier: 'federated',
  storage: {
    type: 'postgres',
    url: 'postgresql://mosaic:mosaic@localhost:5433/mosaic',
    enableVector: true,
  },
  queue: { type: 'bullmq' },
  memory: { type: 'pgvector' },
 };
@@ -53,7 +42,7 @@ export const DEFAULT_FEDERATED_CONFIG: MosaicConfig = {
 /*  Validation                                                         */
 /* ------------------------------------------------------------------ */
-const VALID_TIERS = new Set<string>(['local', 'standalone', 'federated']);
+const VALID_TIERS = new Set<string>(['local', 'team']);
 const VALID_STORAGE_TYPES = new Set<string>(['postgres', 'pglite', 'files']);
 const VALID_QUEUE_TYPES = new Set<string>(['bullmq', 'local']);
 const VALID_MEMORY_TYPES = new Set<string>(['pgvector', 'sqlite-vec', 'keyword']);
@@ -66,19 +55,9 @@ export function validateConfig(raw: unknown): MosaicConfig {
  const obj = raw as Record<string, unknown>;
  // tier
-  let tier = obj['tier'];
+  const tier = obj['tier'];
  // Deprecated alias: 'team' → 'standalone' (kept for backward-compat with 0.0.x installs)
  if (tier === 'team') {
    process.stderr.write(
      '[mosaic] DEPRECATED: tier="team" is deprecated — use "standalone" instead. ' +
        'Update your mosaic.config.json.\n',
    );
    tier = 'standalone';
  }
  if (typeof tier !== 'string' || !VALID_TIERS.has(tier)) {
-    throw new Error(
+    throw new Error(`Invalid tier "${String(tier)}" — expected "local" or "team"`);
      `Invalid tier "${String(tier)}" — expected "local", "standalone", or "federated"`,
    );
  }
  // storage
@@ -123,52 +102,10 @@ export function validateConfig(raw: unknown): MosaicConfig {
 /*  Loader                                                             */
 /* ------------------------------------------------------------------ */
-export function detectFromEnv(): MosaicConfig {
+function detectFromEnv(): MosaicConfig {
  const tier = process.env['MOSAIC_STORAGE_TIER'];
  if (tier === 'federated') {
    if (process.env['DATABASE_URL']) {
      return {
        ...DEFAULT_FEDERATED_CONFIG,
        storage: {
          type: 'postgres',
          url: process.env['DATABASE_URL'],
          enableVector: true,
        },
        queue: {
          type: 'bullmq',
          url: process.env['VALKEY_URL'],
        },
      };
    }
    // MOSAIC_STORAGE_TIER=federated without DATABASE_URL — use the default
    // federated config (port 5433, enableVector: true, pgvector memory).
    return DEFAULT_FEDERATED_CONFIG;
  }
  if (tier === 'standalone') {
    if (process.env['DATABASE_URL']) {
      return {
        ...DEFAULT_STANDALONE_CONFIG,
        storage: {
          type: 'postgres',
          url: process.env['DATABASE_URL'],
        },
        queue: {
          type: 'bullmq',
          url: process.env['VALKEY_URL'],
        },
      };
    }
    // MOSAIC_STORAGE_TIER=standalone without DATABASE_URL — use the default
    // standalone config instead of silently falling back to local.
    return DEFAULT_STANDALONE_CONFIG;
  }
  // Legacy: DATABASE_URL set without MOSAIC_STORAGE_TIER — treat as standalone.
  if (process.env['DATABASE_URL']) {
    return {
-      ...DEFAULT_STANDALONE_CONFIG,
+      ...DEFAULT_TEAM_CONFIG,
      storage: {
        type: 'postgres',
        url: process.env['DATABASE_URL'],
@@ -179,7 +116,6 @@ export function detectFromEnv(): MosaicConfig {
      },
    };
  }
  return DEFAULT_LOCAL_CONFIG;
 }
--- a/packages/db/src/schema.ts
+++ b/packages/db/src/schema.ts
@@ -372,11 +372,7 @@ export const messages = pgTable(
 // ─── pgvector custom type ───────────────────────────────────────────────────
-export const vector = customType<{
+const vector = customType<{ data: number[]; driverParam: string; config: { dimensions: number } }>({
  data: number[];
  driverParam: string;
  config: { dimensions: number };
 }>({
  dataType(config) {
    return `vector(${config?.dimensions ?? 1536})`;
  },
--- a/packages/mosaic/framework/install.sh
+++ b/packages/mosaic/framework/install.sh
@@ -222,17 +222,12 @@ sync_framework
 mkdir -p "$TARGET_DIR/memory"
 mkdir -p "$TARGET_DIR/credentials"
-# Seed defaults — copy framework contract files from defaults/ to framework
+# Seed defaults — copy from defaults/ to framework root if not already present.
-# root if not already present. These ship with sensible defaults but must
+# These are user-editable files that ship with sensible defaults but should
 # never be overwritten once the user has customized them.
 #
 # This list must match the framework-contract whitelist in
 # packages/mosaic/src/config/file-adapter.ts (FileConfigAdapter.syncFramework).
 # SOUL.md and USER.md are intentionally NOT seeded here — they are generated
 # by `mosaic init` from templates with user-supplied values.
 DEFAULTS_DIR="$TARGET_DIR/defaults"
 if [[ -d "$DEFAULTS_DIR" ]]; then
-  for default_file in AGENTS.md STANDARDS.md TOOLS.md; do
+  for default_file in AGENTS.md STANDARDS.md; do
    if [[ -f "$DEFAULTS_DIR/$default_file" ]] && [[ ! -f "$TARGET_DIR/$default_file" ]]; then
      cp "$DEFAULTS_DIR/$default_file" "$TARGET_DIR/$default_file"
      ok "Seeded $default_file from defaults"
--- a/packages/mosaic/framework/templates/TOOLS.md.template
+++ b/packages/mosaic/framework/templates/TOOLS.md.template
@@ -5,32 +5,32 @@ Project-specific tooling belongs in the project's `AGENTS.md`, not here.
 ## Mosaic Git Wrappers (Use First)
-Mosaic wrappers at `~/.config/mosaic/tools/git/*.sh` handle platform detection and edge cases. Always use these before raw CLI commands.
+Mosaic wrappers at `~/.config/mosaic/rails/git/*.sh` handle platform detection and edge cases. Always use these before raw CLI commands.
 ```bash
 # Issues
-~/.config/mosaic/tools/git/issue-create.sh
+~/.config/mosaic/rails/git/issue-create.sh
-~/.config/mosaic/tools/git/issue-close.sh
+~/.config/mosaic/rails/git/issue-close.sh
 # PRs
-~/.config/mosaic/tools/git/pr-create.sh
+~/.config/mosaic/rails/git/pr-create.sh
-~/.config/mosaic/tools/git/pr-merge.sh
+~/.config/mosaic/rails/git/pr-merge.sh
 # Milestones
-~/.config/mosaic/tools/git/milestone-create.sh
+~/.config/mosaic/rails/git/milestone-create.sh
 # CI queue guard (required before push/merge)
-~/.config/mosaic/tools/git/ci-queue-wait.sh --purpose push|merge
+~/.config/mosaic/rails/git/ci-queue-wait.sh --purpose push|merge
 ```
 ## Code Review (Codex)
 ```bash
 # Code quality review
-~/.config/mosaic/tools/codex/codex-code-review.sh --uncommitted
+~/.config/mosaic/rails/codex/codex-code-review.sh --uncommitted
 # Security review
-~/.config/mosaic/tools/codex/codex-security-review.sh --uncommitted
+~/.config/mosaic/rails/codex/codex-security-review.sh --uncommitted
 ```
 ## Git Providers
--- a/packages/mosaic/package.json
+++ b/packages/mosaic/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@mosaicstack/mosaic",
-  "version": "0.0.30",
+  "version": "0.0.29",
  "repository": {
    "type": "git",
    "url": "https://git.mosaicstack.dev/mosaicstack/stack.git",
--- a/packages/mosaic/src/commands/launch.spec.ts
+++ b/packages/mosaic/src/commands/launch.spec.ts
@@ -1,111 +0,0 @@
 import { describe, it, expect, vi, beforeEach, afterEach, type MockInstance } from 'vitest';
 import { Command } from 'commander';
 import { registerRuntimeLaunchers, type RuntimeLaunchHandler } from './launch.js';
 /**
 * Tests for the commander wiring between `mosaic <runtime>` / `mosaic yolo <runtime>`
 * subcommands and the internal `launchRuntime` dispatcher.
 *
 * Regression target: see mosaicstack/stack#454 — before the fix, `mosaic yolo claude`
 * passed the literal string "claude" as an excess positional argument to the
 * underlying CLI, which Claude Code then interpreted as the first user message.
 *
 * The bug existed because Commander.js includes declared positional arguments
 * (here `<runtime>`) in `cmd.args` alongside any true excess args. The action
 * handler must slice them off before forwarding.
 */
 function buildProgram(handler: RuntimeLaunchHandler): Command {
  const program = new Command();
  program.exitOverride(); // prevent process.exit on parse errors
  registerRuntimeLaunchers(program, handler);
  return program;
 }
 // `process.exit` returns `never`, so vi.spyOn demands a replacement with the
 // same signature. We throw from the mock to short-circuit into test-land.
 const exitThrows = (): never => {
  throw new Error('process.exit called');
 };
 describe('registerRuntimeLaunchers — non-yolo subcommands', () => {
  let mockExit: MockInstance<typeof process.exit>;
  beforeEach(() => {
    // process.exit is called when the yolo action rejects an invalid runtime.
    // Stub it so the assertion catches the rejection instead of terminating
    // the test runner.
    mockExit = vi.spyOn(process, 'exit').mockImplementation(exitThrows);
  });
  afterEach(() => {
    mockExit.mockRestore();
  });
  it.each(['claude', 'codex', 'opencode', 'pi'] as const)(
    'forwards %s with empty extraArgs and yolo=false',
    (runtime) => {
      const handler = vi.fn();
      const program = buildProgram(handler);
      program.parse(['node', 'mosaic', runtime]);
      expect(handler).toHaveBeenCalledTimes(1);
      expect(handler).toHaveBeenCalledWith(runtime, [], false);
    },
  );
  it('forwards excess args after a non-yolo runtime subcommand', () => {
    const handler = vi.fn();
    const program = buildProgram(handler);
    program.parse(['node', 'mosaic', 'claude', '--print', 'hello']);
    expect(handler).toHaveBeenCalledWith('claude', ['--print', 'hello'], false);
  });
 });
 describe('registerRuntimeLaunchers — yolo <runtime>', () => {
  let mockExit: MockInstance<typeof process.exit>;
  let mockError: MockInstance<typeof console.error>;
  beforeEach(() => {
    mockExit = vi.spyOn(process, 'exit').mockImplementation(exitThrows);
    mockError = vi.spyOn(console, 'error').mockImplementation(() => {});
  });
  afterEach(() => {
    mockExit.mockRestore();
    mockError.mockRestore();
  });
  it.each(['claude', 'codex', 'opencode', 'pi'] as const)(
    'does NOT pass the runtime name as an extra arg (regression #454) for yolo %s',
    (runtime) => {
      const handler = vi.fn();
      const program = buildProgram(handler);
      program.parse(['node', 'mosaic', 'yolo', runtime]);
      expect(handler).toHaveBeenCalledTimes(1);
      // The critical assertion: extraArgs must be empty, not [runtime].
      // Before the fix, cmd.args was [runtime] and the runtime name leaked
      // through to the underlying CLI as an initial positional argument.
      expect(handler).toHaveBeenCalledWith(runtime, [], true);
    },
  );
  it('forwards true excess args after a yolo runtime', () => {
    const handler = vi.fn();
    const program = buildProgram(handler);
    program.parse(['node', 'mosaic', 'yolo', 'claude', '--print', 'hi']);
    expect(handler).toHaveBeenCalledWith('claude', ['--print', 'hi'], true);
  });
  it('rejects an unknown runtime under yolo without invoking the handler', () => {
    const handler = vi.fn();
    const program = buildProgram(handler);
    expect(() => program.parse(['node', 'mosaic', 'yolo', 'bogus'])).toThrow('process.exit called');
    expect(handler).not.toHaveBeenCalled();
    expect(mockExit).toHaveBeenCalledWith(1);
  });
 });
--- a/packages/mosaic/src/commands/launch.ts
+++ b/packages/mosaic/src/commands/launch.ts
@@ -757,23 +757,8 @@ function runUpgrade(args: string[]): never {
 // ─── Commander registration ─────────────────────────────────────────────────
-/**
+export function registerLaunchCommands(program: Command): void {
- * Handler invoked when a runtime subcommand (`<runtime>` or `yolo <runtime>`)
+  // Runtime launchers
 * is parsed. Exposed so tests can exercise the commander wiring without
 * spawning subprocesses.
 */
 export type RuntimeLaunchHandler = (
  runtime: RuntimeName,
  extraArgs: string[],
  yolo: boolean,
 ) => void;
 /**
 * Wire `<runtime>` and `yolo <runtime>` subcommands onto `program` using a
 * pluggable launch handler. Separated from `registerLaunchCommands` so tests
 * can inject a spy and verify argument forwarding.
 */
 export function registerRuntimeLaunchers(program: Command, handler: RuntimeLaunchHandler): void {
  for (const runtime of ['claude', 'codex', 'opencode', 'pi'] as const) {
    program
      .command(runtime)
@@ -781,10 +766,11 @@ export function registerRuntimeLaunchers(program: Command, handler: RuntimeLaunc
      .allowUnknownOption(true)
      .allowExcessArguments(true)
      .action((_opts: unknown, cmd: Command) => {
-        handler(runtime, cmd.args, false);
+        launchRuntime(runtime, cmd.args, false);
      });
  }
  // Yolo mode
  program
    .command('yolo <runtime>')
    .description('Launch a runtime in dangerous-permissions mode (claude|codex|opencode|pi)')
@@ -798,21 +784,8 @@ export function registerRuntimeLaunchers(program: Command, handler: RuntimeLaunc
        );
        process.exit(1);
      }
-      // Commander includes declared positional arguments (`<runtime>`) in
+      launchRuntime(runtime as RuntimeName, cmd.args, true);
      // `cmd.args` alongside any trailing excess args. Slice off the first
      // element so we forward only true excess args — otherwise the runtime
      // name leaks into the underlying CLI as an initial positional arg,
      // which Claude Code interprets as the first user message.
      // Regression test: launch.spec.ts, issue mosaicstack/stack#454.
      handler(runtime as RuntimeName, cmd.args.slice(1), true);
    });
 }
 export function registerLaunchCommands(program: Command): void {
  // Runtime launchers + yolo mode wired to the real process-replacing launcher.
  registerRuntimeLaunchers(program, (runtime, extraArgs, yolo) => {
    launchRuntime(runtime, extraArgs, yolo);
  });
  // Coord (mission orchestrator)
  program
--- a/packages/mosaic/src/config/file-adapter.test.ts
+++ b/packages/mosaic/src/config/file-adapter.test.ts
@@ -1,134 +0,0 @@
 import { describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { mkdtempSync, mkdirSync, writeFileSync, rmSync, readFileSync, existsSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { FileConfigAdapter, DEFAULT_SEED_FILES } from './file-adapter.js';
 /**
 * Regression tests for the `FileConfigAdapter.syncFramework` seed behavior.
 *
 * Background: the bash installer (`framework/install.sh`) and this TS wizard
 * path both seed framework-contract files from `framework/defaults/` into the
 * user's mosaic home on first install. Before this fix:
 *
 *   - The bash installer only seeded `AGENTS.md` and `STANDARDS.md`, leaving
 *     `TOOLS.md` missing despite it being listed as mandatory in the
 *     AGENTS.md load order (position 5).
 *   - The TS wizard iterated every file in `defaults/` and copied it to the
 *     mosaic home root — including `defaults/SOUL.md` (hardcoded "Jarvis"),
 *     `defaults/USER.md` (placeholder), and internal framework files like
 *     `README.md` and `AUDIT-*.md`. That clobbered the identity flow on
 *     fresh installs and leaked framework-internal clutter into the user's
 *     home directory.
 *
 * This suite pins the whitelist and the preservation semantics so both
 * regressions stay fixed.
 */
 function makeFixture(): { sourceDir: string; mosaicHome: string; defaultsDir: string } {
  const root = mkdtempSync(join(tmpdir(), 'mosaic-file-adapter-'));
  const sourceDir = join(root, 'source');
  const mosaicHome = join(root, 'mosaic-home');
  const defaultsDir = join(sourceDir, 'defaults');
  mkdirSync(defaultsDir, { recursive: true });
  mkdirSync(mosaicHome, { recursive: true });
  // Framework-contract defaults we expect the wizard to seed.
  writeFileSync(join(defaultsDir, 'AGENTS.md'), '# AGENTS default\n');
  writeFileSync(join(defaultsDir, 'STANDARDS.md'), '# STANDARDS default\n');
  writeFileSync(join(defaultsDir, 'TOOLS.md'), '# TOOLS default\n');
  // Non-contract files we must NOT seed on first install.
  writeFileSync(join(defaultsDir, 'SOUL.md'), '# SOUL default (should not be seeded)\n');
  writeFileSync(join(defaultsDir, 'USER.md'), '# USER default (should not be seeded)\n');
  writeFileSync(join(defaultsDir, 'README.md'), '# README (framework-internal)\n');
  writeFileSync(
    join(defaultsDir, 'AUDIT-2026-02-17-framework-consistency.md'),
    '# Audit snapshot\n',
  );
  return { sourceDir, mosaicHome, defaultsDir };
 }
 describe('FileConfigAdapter.syncFramework — defaults seeding', () => {
  let fixture: ReturnType<typeof makeFixture>;
  beforeEach(() => {
    fixture = makeFixture();
  });
  afterEach(() => {
    rmSync(join(fixture.sourceDir, '..'), { recursive: true, force: true });
  });
  it('seeds the three framework-contract files on a fresh mosaic home', async () => {
    const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
    await adapter.syncFramework('fresh');
    for (const name of DEFAULT_SEED_FILES) {
      expect(existsSync(join(fixture.mosaicHome, name))).toBe(true);
    }
    expect(readFileSync(join(fixture.mosaicHome, 'TOOLS.md'), 'utf-8')).toContain(
      '# TOOLS default',
    );
  });
  it('does NOT seed SOUL.md or USER.md from defaults/ (wizard stages own those)', async () => {
    const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
    await adapter.syncFramework('fresh');
    // SOUL.md and USER.md live in defaults/ for historical reasons, but they
    // are template-rendered per-user by the wizard stages. Seeding them here
    // would clobber the identity flow and leak placeholder content.
    expect(existsSync(join(fixture.mosaicHome, 'SOUL.md'))).toBe(false);
    expect(existsSync(join(fixture.mosaicHome, 'USER.md'))).toBe(false);
  });
  it('does NOT seed README.md or AUDIT-*.md from defaults/', async () => {
    const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
    await adapter.syncFramework('fresh');
    expect(existsSync(join(fixture.mosaicHome, 'README.md'))).toBe(false);
    expect(existsSync(join(fixture.mosaicHome, 'AUDIT-2026-02-17-framework-consistency.md'))).toBe(
      false,
    );
  });
  it('preserves existing contract files — never overwrites user customization', async () => {
    // Also plant a root-level AGENTS.md in sourceDir so that `syncDirectory`
    // itself (not just the seed loop) has something to try to overwrite.
    // Without this, the test would silently pass even if preserve semantics
    // were broken in syncDirectory.
    writeFileSync(join(fixture.sourceDir, 'AGENTS.md'), '# shipped AGENTS from source root\n');
    writeFileSync(join(fixture.mosaicHome, 'TOOLS.md'), '# user-customized TOOLS\n');
    writeFileSync(join(fixture.mosaicHome, 'AGENTS.md'), '# user-customized AGENTS\n');
    const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
    await adapter.syncFramework('keep');
    expect(readFileSync(join(fixture.mosaicHome, 'TOOLS.md'), 'utf-8')).toBe(
      '# user-customized TOOLS\n',
    );
    expect(readFileSync(join(fixture.mosaicHome, 'AGENTS.md'), 'utf-8')).toBe(
      '# user-customized AGENTS\n',
    );
    // And the missing contract file still gets seeded.
    expect(readFileSync(join(fixture.mosaicHome, 'STANDARDS.md'), 'utf-8')).toContain(
      '# STANDARDS default',
    );
  });
  it('is a no-op for seeding when defaults/ dir does not exist', async () => {
    rmSync(fixture.defaultsDir, { recursive: true });
    const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
    await expect(adapter.syncFramework('fresh')).resolves.toBeUndefined();
    expect(existsSync(join(fixture.mosaicHome, 'TOOLS.md'))).toBe(false);
  });
 });
--- a/packages/mosaic/src/config/file-adapter.ts
+++ b/packages/mosaic/src/config/file-adapter.ts
@@ -1,19 +1,5 @@
-import { readFileSync, existsSync, statSync, copyFileSync } from 'node:fs';
+import { readFileSync, existsSync, readdirSync, statSync, copyFileSync } from 'node:fs';
 import { join } from 'node:path';
 /**
 * Framework-contract files that `syncFramework` seeds from `framework/defaults/`
 * into the mosaic home root on first install. These are the only files the
 * wizard is allowed to touch as a one-time seed — SOUL.md and USER.md are
 * generated from templates by their respective wizard stages with
 * user-supplied values, and anything else under `defaults/` (README.md,
 * audit snapshots, etc.) is framework-internal and must not leak into the
 * user's mosaic home.
 *
 * This list must match the explicit seed loop in
 * packages/mosaic/framework/install.sh.
 */
 export const DEFAULT_SEED_FILES = ['AGENTS.md', 'STANDARDS.md', 'TOOLS.md'] as const;
 import type { ConfigService, ConfigSection, ResolvedConfig } from './config-service.js';
 import type { SoulConfig, UserConfig, ToolsConfig, InstallAction } from '../types.js';
 import { soulSchema, userSchema, toolsSchema } from './schemas.js';
@@ -145,24 +131,9 @@ export class FileConfigAdapter implements ConfigService {
  }
  async syncFramework(action: InstallAction): Promise<void> {
    // Must match PRESERVE_PATHS in packages/mosaic/framework/install.sh so
    // the bash and TS install paths have the same upgrade-preservation
    // semantics. Contract files (AGENTS.md, STANDARDS.md, TOOLS.md) are
    // seeded from defaults/ on first install and preserved thereafter;
    // identity files (SOUL.md, USER.md) are generated by wizard stages and
    // must never be touched by the framework sync.
    const preservePaths =
      action === 'keep' || action === 'reconfigure'
-        ? [
+        ? ['SOUL.md', 'USER.md', 'TOOLS.md', 'memory']
            'AGENTS.md',
            'SOUL.md',
            'USER.md',
            'TOOLS.md',
            'STANDARDS.md',
            'memory',
            'sources',
            'credentials',
          ]
        : [];
    syncDirectory(this.sourceDir, this.mosaicHome, {
@@ -170,23 +141,20 @@ export class FileConfigAdapter implements ConfigService {
      excludeGit: true,
    });
-    // Copy framework-contract files (AGENTS.md, STANDARDS.md, TOOLS.md)
+    // Copy default root-level .md files (AGENTS.md, STANDARDS.md, etc.)
-    // from framework/defaults/ into the mosaic home root if they don't
+    // from framework/defaults/ into mosaicHome root if they don't exist yet.
-    // exist yet. These are written on first install only and are never
+    // These are framework contracts — only written on first install, never
-    // overwritten afterwards — the user may have customized them.
+    // overwritten (user may have customized them).
    //
    // SOUL.md and USER.md are deliberately NOT seeded here. They are
    // generated from templates by the soul/user wizard stages with
    // user-supplied values; seeding them from defaults would clobber the
    // identity flow and leak placeholder content into the mosaic home.
    const defaultsDir = join(this.sourceDir, 'defaults');
    if (existsSync(defaultsDir)) {
-      for (const entry of DEFAULT_SEED_FILES) {
+      for (const entry of readdirSync(defaultsDir)) {
        const src = join(defaultsDir, entry);
        const dest = join(this.mosaicHome, entry);
-        if (existsSync(dest)) continue;
+        if (!existsSync(dest)) {
-        if (!existsSync(src) || !statSync(src).isFile()) continue;
+          const src = join(defaultsDir, entry);
-        copyFileSync(src, dest);
+          if (statSync(src).isFile()) {
            copyFileSync(src, dest);
          }
        }
      }
    }
  }
--- a/packages/mosaic/src/stages/gateway-config.spec.ts
+++ b/packages/mosaic/src/stages/gateway-config.spec.ts
@@ -216,30 +216,7 @@ describe('gatewayConfigStage', () => {
    expect(daemonState.startCalled).toBe(0);
  });
-  it('honors MOSAIC_STORAGE_TIER=standalone in headless path', async () => {
+  it('honors MOSAIC_STORAGE_TIER=team in headless path', async () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'standalone';
    process.env['MOSAIC_DATABASE_URL'] = 'postgresql://test/db';
    process.env['MOSAIC_VALKEY_URL'] = 'redis://test:6379';
    const p = buildPrompter();
    const state = makeState('/home/user/.config/mosaic');
    const result = await gatewayConfigStage(p, state, {
      host: 'localhost',
      defaultPort: 14242,
      skipInstall: true,
    });
    expect(result.ready).toBe(true);
    expect(state.gateway?.tier).toBe('standalone');
    const envContents = readFileSync(daemonState.envFile, 'utf-8');
    expect(envContents).toContain('DATABASE_URL=postgresql://test/db');
    expect(envContents).toContain('VALKEY_URL=redis://test:6379');
    const mosaicConfig = JSON.parse(readFileSync(daemonState.mosaicConfigFile, 'utf-8'));
    expect(mosaicConfig.tier).toBe('standalone');
  });
  it('accepts deprecated MOSAIC_STORAGE_TIER=team as alias for standalone', async () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'team';
    process.env['MOSAIC_DATABASE_URL'] = 'postgresql://test/db';
    process.env['MOSAIC_VALKEY_URL'] = 'redis://test:6379';
@@ -253,53 +230,13 @@ describe('gatewayConfigStage', () => {
      skipInstall: true,
    });
    // Deprecated alias 'team' maps to 'standalone'
    expect(result.ready).toBe(true);
-    expect(state.gateway?.tier).toBe('standalone');
+    expect(state.gateway?.tier).toBe('team');
    const mosaicConfig = JSON.parse(readFileSync(daemonState.mosaicConfigFile, 'utf-8'));
    expect(mosaicConfig.tier).toBe('standalone');
  });
  it('honors MOSAIC_STORAGE_TIER=federated in headless path', async () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'federated';
    process.env['MOSAIC_DATABASE_URL'] = 'postgresql://test/feddb';
    process.env['MOSAIC_VALKEY_URL'] = 'redis://test:6379';
    const p = buildPrompter();
    const state = makeState('/home/user/.config/mosaic');
    const result = await gatewayConfigStage(p, state, {
      host: 'localhost',
      defaultPort: 14242,
      skipInstall: true,
    });
    expect(result.ready).toBe(true);
    expect(state.gateway?.tier).toBe('federated');
    const envContents = readFileSync(daemonState.envFile, 'utf-8');
-    expect(envContents).toContain('DATABASE_URL=postgresql://test/feddb');
+    expect(envContents).toContain('DATABASE_URL=postgresql://test/db');
    expect(envContents).toContain('VALKEY_URL=redis://test:6379');
    const mosaicConfig = JSON.parse(readFileSync(daemonState.mosaicConfigFile, 'utf-8'));
-    expect(mosaicConfig.tier).toBe('federated');
+    expect(mosaicConfig.tier).toBe('team');
    expect(mosaicConfig.memory.type).toBe('pgvector');
  });
  it('rejects an unknown MOSAIC_STORAGE_TIER value in headless mode with a descriptive warning', async () => {
    process.env['MOSAIC_STORAGE_TIER'] = 'federatd'; // deliberate typo
    const warnFn = vi.fn();
    const p = buildPrompter({ warn: warnFn });
    const state = makeState('/home/user/.config/mosaic');
    const result = await gatewayConfigStage(p, state, {
      host: 'localhost',
      defaultPort: 14242,
      skipInstall: true,
    });
    // The stage surfaces validation errors as ready:false (warning is shown to the user).
    expect(result.ready).toBe(false);
    // The warning message must name all three valid values.
    expect(warnFn).toHaveBeenCalledWith(expect.stringMatching(/local.*standalone.*federated/i));
  });
  it('regenerates config when portOverride differs from saved GATEWAY_PORT', async () => {
--- a/packages/mosaic/src/stages/gateway-config.ts
+++ b/packages/mosaic/src/stages/gateway-config.ts
@@ -84,15 +84,10 @@ async function promptTier(p: WizardPrompter): Promise<GatewayStorageTier> {
        hint: 'embedded database, no dependencies',
      },
      {
-        value: 'standalone',
+        value: 'team',
-        label: 'Standalone',
+        label: 'Team',
        hint: 'PostgreSQL + Valkey required',
      },
      {
        value: 'federated',
        label: 'Federated',
        hint: 'PostgreSQL + Valkey + pgvector, federation server+client',
      },
    ],
  });
  return tier;
@@ -442,21 +437,7 @@ async function collectAndWriteConfig(
    p.log('Headless mode detected — reading configuration from environment variables.');
    const storageTierEnv = process.env['MOSAIC_STORAGE_TIER'] ?? 'local';
-    if (storageTierEnv === 'team') {
+    tier = storageTierEnv === 'team' ? 'team' : 'local';
      // Deprecated alias — warn and treat as standalone
      process.stderr.write(
        '[mosaic] DEPRECATED: MOSAIC_STORAGE_TIER=team is deprecated — use "standalone" instead.\n',
      );
      tier = 'standalone';
    } else if (storageTierEnv === 'standalone' || storageTierEnv === 'federated') {
      tier = storageTierEnv;
    } else if (storageTierEnv !== '' && storageTierEnv !== 'local') {
      throw new GatewayConfigValidationError(
        `Invalid MOSAIC_STORAGE_TIER="${storageTierEnv}" — expected "local", "standalone", or "federated" (deprecated alias "team" also accepted)`,
      );
    } else {
      tier = 'local';
    }
    const portEnv = process.env['MOSAIC_GATEWAY_PORT'];
    port = portEnv ? parseInt(portEnv, 10) : opts.defaultPort;
@@ -472,13 +453,13 @@ async function collectAndWriteConfig(
    hostname = hostnameEnv;
    corsOrigin = corsOverride ?? deriveCorsOrigin(hostnameEnv, 3000);
-    if (tier === 'standalone' || tier === 'federated') {
+    if (tier === 'team') {
      const missing: string[] = [];
      if (!databaseUrl) missing.push('MOSAIC_DATABASE_URL');
      if (!valkeyUrl) missing.push('MOSAIC_VALKEY_URL');
      if (missing.length > 0) {
        throw new GatewayConfigValidationError(
-          `Headless install with tier=${tier} requires env vars: ` + missing.join(', '),
+          'Headless install with tier=team requires env vars: ' + missing.join(', '),
        );
      }
    }
@@ -486,15 +467,11 @@ async function collectAndWriteConfig(
    tier = await promptTier(p);
    port = await promptPort(p, opts.defaultPort);
-    if (tier === 'standalone' || tier === 'federated') {
+    if (tier === 'team') {
      const defaultDbUrl =
        tier === 'federated'
          ? 'postgresql://mosaic:mosaic@localhost:5433/mosaic'
          : 'postgresql://mosaic:mosaic@localhost:5432/mosaic';
      databaseUrl = await p.text({
        message: 'DATABASE_URL',
-        initialValue: defaultDbUrl,
+        initialValue: 'postgresql://mosaic:mosaic@localhost:5433/mosaic',
-        defaultValue: defaultDbUrl,
+        defaultValue: 'postgresql://mosaic:mosaic@localhost:5433/mosaic',
      });
      valkeyUrl = await p.text({
        message: 'VALKEY_URL',
@@ -544,7 +521,7 @@ async function collectAndWriteConfig(
    `OTEL_SERVICE_NAME=mosaic-gateway`,
  ];
-  if ((tier === 'standalone' || tier === 'federated') && databaseUrl && valkeyUrl) {
+  if (tier === 'team' && databaseUrl && valkeyUrl) {
    envLines.push(`DATABASE_URL=${databaseUrl}`);
    envLines.push(`VALKEY_URL=${valkeyUrl}`);
  }
@@ -568,19 +545,12 @@ async function collectAndWriteConfig(
          queue: { type: 'local', dataDir: join(opts.gatewayHome, 'queue') },
          memory: { type: 'keyword' },
        }
-      : tier === 'federated'
+      : {
-        ? {
+          tier: 'team',
-            tier: 'federated',
+          storage: { type: 'postgres', url: databaseUrl },
-            storage: { type: 'postgres', url: databaseUrl },
+          queue: { type: 'bullmq', url: valkeyUrl },
-            queue: { type: 'bullmq', url: valkeyUrl },
+          memory: { type: 'pgvector' },
-            memory: { type: 'pgvector' },
+        };
          }
        : {
            tier: 'standalone',
            storage: { type: 'postgres', url: databaseUrl },
            queue: { type: 'bullmq', url: valkeyUrl },
            memory: { type: 'keyword' },
          };
  writeFileSync(opts.mosaicConfigFile, JSON.stringify(mosaicConfig, null, 2) + '\n', {
    mode: 0o600,
--- a/packages/mosaic/src/types.ts
+++ b/packages/mosaic/src/types.ts
@@ -58,7 +58,7 @@ export interface HooksState {
  acceptedAt?: string;
 }
-export type GatewayStorageTier = 'local' | 'standalone' | 'federated';
+export type GatewayStorageTier = 'local' | 'team';
 export interface GatewayAdminState {
  name: string;
--- a/packages/storage/src/adapters/postgres.spec.ts
+++ b/packages/storage/src/adapters/postgres.spec.ts
@@ -1,107 +0,0 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import type { DbHandle } from '@mosaicstack/db';
 // Mock @mosaicstack/db before importing the adapter
 vi.mock('@mosaicstack/db', async (importOriginal) => {
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  const actual = await importOriginal<Record<string, any>>();
  return {
    ...actual,
    createDb: vi.fn(),
    runMigrations: vi.fn().mockResolvedValue(undefined),
  };
 });
 import { createDb, runMigrations } from '@mosaicstack/db';
 import { PostgresAdapter } from './postgres.js';
 describe('PostgresAdapter — vector extension gating', () => {
  let mockExecute: ReturnType<typeof vi.fn>;
  let mockDb: { execute: ReturnType<typeof vi.fn> };
  let mockHandle: Pick<DbHandle, 'close'> & { db: typeof mockDb };
  beforeEach(() => {
    vi.clearAllMocks();
    mockExecute = vi.fn().mockResolvedValue(undefined);
    mockDb = { execute: mockExecute };
    mockHandle = { db: mockDb, close: vi.fn().mockResolvedValue(undefined) };
    vi.mocked(createDb).mockReturnValue(mockHandle as unknown as DbHandle);
  });
  it('calls db.execute with CREATE EXTENSION IF NOT EXISTS vector when enableVector=true', async () => {
    const adapter = new PostgresAdapter({
      type: 'postgres',
      url: 'postgresql://test:test@localhost:5432/test',
      enableVector: true,
    });
    await adapter.migrate();
    // Should have called execute
    expect(mockExecute).toHaveBeenCalledTimes(1);
    // Verify the SQL contains the extension creation statement.
    // Prefer Drizzle's public toSQL() API; fall back to queryChunks if unavailable.
    // NOTE: queryChunks is an undocumented Drizzle internal (drizzle-orm ^0.45.x).
    // toSQL() was not present on the raw sql`` result in this version — if a future
    // Drizzle upgrade adds it, remove the fallback path and delete this comment.
    const sqlObj = mockExecute.mock.calls[0]![0] as {
      toSQL?: () => { sql: string; params: unknown[] };
      queryChunks?: Array<{ value: string[] }>;
    };
    const sqlText = sqlObj.toSQL
      ? sqlObj.toSQL().sql.toLowerCase()
      : (sqlObj.queryChunks ?? [])
          .flatMap((chunk) => chunk.value)
          .join('')
          .toLowerCase();
    expect(sqlText).toContain('create extension if not exists vector');
  });
  it('does NOT call db.execute for extension when enableVector is false', async () => {
    const adapter = new PostgresAdapter({
      type: 'postgres',
      url: 'postgresql://test:test@localhost:5432/test',
      enableVector: false,
    });
    await adapter.migrate();
    expect(mockExecute).not.toHaveBeenCalled();
    expect(vi.mocked(runMigrations)).toHaveBeenCalledOnce();
  });
  it('does NOT call db.execute for extension when enableVector is unset', async () => {
    const adapter = new PostgresAdapter({
      type: 'postgres',
      url: 'postgresql://test:test@localhost:5432/test',
    });
    await adapter.migrate();
    expect(mockExecute).not.toHaveBeenCalled();
    expect(vi.mocked(runMigrations)).toHaveBeenCalledOnce();
  });
  it('calls runMigrations after the extension is created', async () => {
    const callOrder: string[] = [];
    mockExecute.mockImplementation(() => {
      callOrder.push('execute');
      return Promise.resolve(undefined);
    });
    vi.mocked(runMigrations).mockImplementation(() => {
      callOrder.push('runMigrations');
      return Promise.resolve();
    });
    const adapter = new PostgresAdapter({
      type: 'postgres',
      url: 'postgresql://test:test@localhost:5432/test',
      enableVector: true,
    });
    await adapter.migrate();
    expect(callOrder).toEqual(['execute', 'runMigrations']);
  });
 });
--- a/packages/storage/src/adapters/postgres.ts
+++ b/packages/storage/src/adapters/postgres.ts
@@ -66,19 +66,13 @@ export class PostgresAdapter implements StorageAdapter {
  private handle: DbHandle;
  private db: Db;
  private url: string;
  private enableVector: boolean;
  constructor(config: Extract<StorageConfig, { type: 'postgres' }>) {
    this.url = config.url;
    this.enableVector = config.enableVector ?? false;
    this.handle = createDb(config.url);
    this.db = this.handle.db;
  }
  private async ensureVectorExtension(): Promise<void> {
    await this.db.execute(sql`CREATE EXTENSION IF NOT EXISTS vector`);
  }
  async create<T extends Record<string, unknown>>(
    collection: string,
    data: T,
@@ -155,9 +149,6 @@ export class PostgresAdapter implements StorageAdapter {
  }
  async migrate(): Promise<void> {
    if (this.enableVector) {
      await this.ensureVectorExtension();
    }
    await runMigrations(this.url);
  }
--- a/packages/storage/src/types.ts
+++ b/packages/storage/src/types.ts
@@ -38,6 +38,6 @@ export interface StorageAdapter {
 }
 export type StorageConfig =
-  | { type: 'postgres'; url: string; enableVector?: boolean }
+  | { type: 'postgres'; url: string }
  | { type: 'pglite'; dataDir?: string }
  | { type: 'files'; dataDir: string; format?: 'json' | 'md' };