refactor and ui/ux updates. Still much refactoring and clean-up to go.

Author: radicalkjax

.claude/rules/connector-guidelines.md …de/rules/backend/connector-guidelines.md.claude/rules/connector-guidelines.md renamed to .claude/rules/backend/connector-guidelines.md .claude/rules/connector-guidelines.md renamed to .claude/rules/backend/connector-guidelines.md

@@ -34,7 +34,8 @@ springtale-connector     (depends on: crypto, store)
 springtale-scheduler     (depends on: core, store)
 springtale-ai            (depends on: core)
 springtale-mcp           (depends on: core, connector)
-springtale-bot           (depends on: core, crypto, connector, store, transport, ai)
+springtale-runtime       (depends on: core, crypto, store, connector, ai, sentinel)
+springtale-bot           (depends on: core, crypto, connector, store, transport, ai, runtime)
 springtale-sentinel      (depends on: core, store)
 ```
 

.claude/rules/crate-structure.md .claude/rules/backend/crate-structure.md.claude/rules/crate-structure.md renamed to .claude/rules/backend/crate-structure.md

@@ -0,0 +1,46 @@
+---
+paths:
+  - "tauri/**/*.{ts,tsx,css}"
+  - "tauri/**/*.html"
+---
+
+# SolidJS + Tauri Frontend Conventions
+
+## Framework
+- SolidJS 1.9+ (fine-grained reactivity, signals, stores)
+- Tailwind 4 (utility-first, `@theme` for custom properties)
+- Vite 6 (build tool, HMR)
+- Tauri 2 (desktop shell, IPC via `invoke()`)
+
+## Architecture
+- `packages/ui/` — shared component library (no app-specific logic)
+- `packages/types/` — shared TypeScript types
+- `apps/desktop/` — Tauri desktop app
+- `apps/dashboard/` — web SPA served by springtaled
+
+## Colony visual system
+- All UI uses the colony pixel-art theme from `colony.css` and `sprites.css`
+- Colors from soil palette (not Tailwind defaults)
+- Silkscreen pixel font
+- CSS classes over inline styles. Only dynamic `width`/`left`/`top` as inline.
+- Sprite classes defined in `@layer components` in CSS, not inline box-shadow.
+
+## Data flow
+- `DataProvider` interface (platform-agnostic) — defined in `dashboard/types.ts`
+- Desktop provider wraps Tauri IPC (`invoke()`)
+- Web provider wraps HTTP fetch + SSE
+- `createDashboardState(provider)` factory → `useDashboard()` hook
+- NO raw `invoke()` calls in components. Always go through provider.
+
+## Component rules
+- One component per file, named exports only
+- No `innerHTML` or `dangerouslySetInnerHTML` — SolidJS auto-escapes
+- No `@apply` except in colony CSS files
+- Tailwind utility classes in `class=` attribute
+- `@source` directive in index.css to scan shared UI package
+
+## No fake data
+- Every visual signal maps to real backend state
+- No `Math.random()` for data values
+- Seeded positions (deterministic from hash) are acceptable for layout
+- Decorative elements (litter dots, mushrooms, ground texture) are acceptable

.claude/rules/rust-conventions.md .claude/rules/backend/rust-conventions.md.claude/rules/rust-conventions.md renamed to .claude/rules/backend/rust-conventions.md

@@ -0,0 +1,93 @@
+# Springtale Product Model
+
+## What this is
+
+Springtale is a local-first, privacy-preserving bot automation platform.
+It replaces OpenClaw (250K+ stars, riddled with CVEs) with something safe,
+free, and open source. Built for people whose safety depends on privacy.
+
+## The bot-first model
+
+**Bots are the primary unit of interaction.** Not connectors, not rules, not AI.
+
+A bot is:
+- A command router (deterministic, classical — `/search`, `/remind`, `/status`)
+- A set of connectors it can use (Telegram, GitHub, Kick, etc.)
+- Rules that fire automatically (cron, webhook, filesystem watch)
+- An AI adapter (optional, per-bot — defaults to NoopAdapter)
+- Session memory (per-user, per-channel, SQLite-backed)
+- A persona (name, identity, behavior config)
+
+**AI is a socket, not the foundation.** The entire platform works without AI.
+Users plug in Ollama, OpenAI, or Anthropic per-bot. When AI hype dies,
+unplug the adapter. Nothing breaks. Every command, rule, and automation
+continues to work.
+
+## How settings are scoped
+
+Settings are NOT global. They're layered:
+
+```
+App settings (vault, safety, language, data export)
+  └── Formation settings (intent, members, momentum)
+       └── Bot/Agent settings (connectors, rules, AI adapter, autonomy level)
+```
+
+- **App settings** = things about THIS instance of Springtale
+  - Vault lock/unlock, passphrase
+  - Safety config (auto-lock, window title, content protection)
+  - Language/locale
+  - Data export/import
+  - Panic wipe
+
+- **Formation settings** = things about a GROUP of agents working together
+  - Intent (reconnoiter, execute, stabilize, surge)
+  - Member roster (which agents belong)
+  - Momentum tier (cold/warm/hot/fever — determines capabilities)
+
+- **Bot/Agent settings** = things about a SINGLE automation
+  - Which connector it lives on (its "tree")
+  - What rule triggers it
+  - AI adapter (none, ollama, openai, anthropic)
+  - Autonomy level (observe → suggest → approve → autonomous)
+
+## The colony UI
+
+The desktop app and web dashboard render a **pixel-art ecosystem visualization**
+inspired by RTS games (StarCraft, RimWorld) and colony sims (ONI, Factorio).
+
+```
+Connectors → Trees (pixel sprites positioned on canvas)
+Rules/Bots → Springtail agents (pixel sprites near their tree)
+Pipelines  → Mycelium lines (SVG paths between trees)
+Swarms     → Formation zones (dashed ellipses with momentum labels)
+```
+
+Reference design: `docs/intended-arch/springtale-colony-v8.html`
+Cooperation framework: `docs/intended-arch/COOPERATION.pdf`
+
+### Visual communication
+
+Agents communicate their state through:
+- **Simlish bubbles** — short words that map to real activity (not random)
+- **Activity CSS classes** — firing, error, waiting, active, idle
+- **Fuel/HP bars** — only visible when degraded
+- **Status symbols** — `*` active, `!` firing, `!!` error, `~` waiting, `-` idle
+
+### Game-inspired interaction
+
+- Click to select trees/agents/formations
+- Drag trees to reposition on canvas
+- Command grid (3x3, StarCraft-style) changes per selection context
+- Keyboard shortcuts (1-9 select agents, Escape deselects)
+- Confirm dialogs for destructive actions (detach, dissolve, remove)
+
+## What not to do
+
+- Don't design global AI toggles. AI is per-bot.
+- Don't put connector config in app settings. Config is per-connector.
+- Don't treat rules as the primary UI element. Bots/agents are.
+- Don't add decorative fake data. Every visual signal maps to real state.
+- Don't make settings that tell users to "edit a TOML file." If it needs
+  configuring, build the UI for it.
+- Don't leave empty command buttons. Every button does something real.

.claude/rules/security.md .claude/rules/backend/security.md.claude/rules/security.md renamed to .claude/rules/backend/security.md

@@ -1,81 +1,86 @@
 # Springtale
 
-Local-first, privacy-preserving automation platform built for people whose
-safety depends on privacy. Rust workspace. Connector infrastructure first,
-AI consumer second.
+Local-first, privacy-preserving automation platform for people whose
+safety depends on privacy. Bots are the primary unit — connector
+infrastructure first, AI consumer second. Everything works without AI.
 
 **Target users:** Trans people, POC, activists, IPV survivors, immigrants —
 people facing real surveillance, doxxing, deplatforming, and harassment.
-Every decision evaluated from the perspective of the most vulnerable user.
 
 ## Build & Test
 
 ```bash
 cargo build --workspace                    # build all
 cargo test --workspace                     # test all
-cargo clippy --workspace --all-targets -- -D warnings  # lint (warnings = errors)
+cargo clippy --workspace --all-targets -- -D warnings  # lint
 cargo fmt --check                          # format check
 cargo nextest run --workspace              # fast test runner (preferred)
+cd tauri && pnpm build                     # frontend build
+cd tauri/apps/desktop && pnpm tauri dev    # desktop dev
+cd tauri/apps/dashboard && pnpm dev        # web dashboard dev
 ```
 
-## Architecture (read before writing code)
+## Product Model — read first
+
+**@.claude/rules/shared/product-model.md** — the bot-first model, how settings
+are scoped (app → formation → bot), the colony UI vision, what not to do.
+
+## Architecture
 
 **Use `current-arch` — it supersedes `intended-arch` where they differ.**
 
 - Full architecture: `docs/current-arch/ARCHITECTURE.md`
 - Security model: `docs/current-arch/SECURITY.md`
-- Rekindle P2P spec: `docs/current-arch/rekindle-architecture.md`
-- Audit findings: `docs/current-arch/AUDIT-NOTES.md`
-- Change log: `docs/current-arch/CHANGELOG.md`
-
-Original (pre-audit) docs preserved in `docs/intended-arch/` for reference.
-
-## Phase Roadmap — know what phase you're building
-
-- **Phase 1a**: Framework + Connectors (springtaled, CLI, SQLite, LocalTransport, NoopAdapter, 7 connectors)
-- **Phase 1b**: Bot Foundations (springtale-bot, classical command routing, connector-telegram)
-- **Phase 2a**: OpenClaw Parity (HttpTransport, AI adapters, sentinel, chat connectors, recursive pipelines)
-- **Phase 2b**: Desktop + Mobile + Safety (Tauri 2, duress/panic, travel mode, app disguise, accessibility)
-- **Phase 3**: Veilid Mesh (VeilidTransport via rekindle-protocol, distributed registry)
-
-**Do not build Phase N+1 features while implementing Phase N.**
-Stubs and trait definitions for future phases are fine. Implementations are not.
+- Colony v8 visual reference: `docs/intended-arch/springtale-colony-v8.html`
+- Cooperation framework: `docs/intended-arch/COOPERATION.pdf`
 
 ## Core Constraints (non-negotiable)
 
-1. **Security and privacy are constraints, not features.** Every decision evaluated against threat model (§2.1-2.9).
-2. **Built for the most vulnerable user.** Default-safe. Metadata-leaking features off by default. Zero telemetry.
-3. **`NoopAdapter` must work.** The entire platform operates correctly without any AI plugged in.
-4. **Secrets are types.** All sensitive values wrapped in `Secret<T>` from `secrecy`. Memory zeroed on drop via `zeroize`.
-5. **No native-tls.** `rustls-tls` exclusively. `native-tls` banned via Cargo.toml patch.
-6. **Modules over inline.** All functions, types, error variants in named modules. No free-floating impl blocks at crate root.
+1. **Security and privacy are constraints, not features.** Every decision evaluated against threat model.
+2. **Built for the most vulnerable user.** Default-safe. Zero telemetry.
+3. **`NoopAdapter` must work.** The entire platform operates without any AI plugged in.
+4. **Secrets are types.** All sensitive values wrapped in `Secret<T>` from `secrecy`.
+5. **No native-tls.** `rustls-tls` exclusively.
+6. **Modules over inline.** All functions, types, error variants in named modules.
 7. **Connectors are untrusted.** WASM sandbox, manifest signing, capability allow-list.
-8. **Transport is swappable.** All inter-node comms through `Transport` trait. No concrete transport escapes the module.
+8. **Transport is swappable.** All inter-node comms through `Transport` trait.
 
 ## Workspace Structure
 
-- `crates/` — Pure Rust library crates (no Tauri dependency)
-- `connectors/` — First-party connector crates
-- `apps/` — springtaled (daemon) + springtale-cli
-- `tauri/` — Desktop shell (Phase 2b)
-- `sdk/` — TypeScript connector SDK (jco componentize → wasm32-wasip2)
+```
+crates/       — Pure Rust library crates (no Tauri dependency)
+connectors/   — First-party connector crates
+apps/         — springtaled (daemon) + springtale-cli
+tauri/        — Desktop shell + web dashboard (SolidJS + Tailwind)
+sdk/          — TypeScript connector SDK
+docs/         — Architecture, security, design references
+```
 
 ## Dependency Rules
 
-- All version pins at workspace root `Cargo.toml`. No crate specifies its own version for shared deps.
-- Bounded version ranges only (e.g., `"42"` not `">=42.0.0"`). No unbounded `>=` pins.
-- `thiserror` for library error types. `anyhow` only in app binaries. Transport trait uses `TransportError`.
-- `#![deny(clippy::unwrap_used, clippy::expect_used, clippy::panic)]` in all library crates.
-- `#![forbid(unsafe_code)]` on all crates except `springtale-crypto` and `springtale-connector` (audited unsafe only).
+- All version pins at workspace root `Cargo.toml`.
+- `thiserror` for library errors. `anyhow` only in app binaries.
+- `#![deny(clippy::unwrap_used, clippy::expect_used, clippy::panic)]` in library crates.
+- `#![forbid(unsafe_code)]` except `springtale-crypto` and `springtale-connector`.
 
 ## Competitive Context
 
-- **Phase 1a obsoletes NosytLabs' approach** — framework makes ad-hoc unsandboxed MCP servers obsolete.
-- **Phase 2a obsoletes OpenClaw** — 250K+ stars but 800+ malicious skills in ClawHub, CVE-2026-25253 RCE, no sandboxing.
-- **Phase 3 adds what no centralized platform can match** — E2E encrypted P2P AI chat via Veilid, no server, no phone number.
+- **Obsoletes OpenClaw** — 250K+ stars but 800+ malicious skills, CVE-2026-25253 RCE, no sandboxing.
+- **Obsoletes NosytLabs** — framework makes ad-hoc unsandboxed MCP servers obsolete.
+- **Phase 3 adds P2P** — E2E encrypted AI chat via Veilid, no server, no phone number.
+
+## Rules
+
+Rules are organized by domain and path-scoped:
+
+- `.claude/rules/backend/` — Rust conventions, security, crate structure, connectors, testing
+- `.claude/rules/frontend/` — SolidJS conventions, Tauri integration
+- `.claude/rules/shared/` — Product model, git workflow
 
-@.claude/rules/rust-conventions.md
-@.claude/rules/security.md
-@.claude/rules/crate-structure.md
-@.claude/rules/connector-guidelines.md
-@.claude/rules/testing.md
+@.claude/rules/shared/product-model.md
+@.claude/rules/backend/rust-conventions.md
+@.claude/rules/backend/security.md
+@.claude/rules/backend/crate-structure.md
+@.claude/rules/backend/connector-guidelines.md
+@.claude/rules/backend/testing.md
+@.claude/rules/frontend/solidjs-conventions.md