feat(policy): enforce truthfulness and autonomy guardrails

Add runtime truthfulness modes and autonomy-level tool gating with audit metadata for overrides/denials.

Wire policy through prompt assembly, tool execution context, and daemon/gateway agent paths; update tests and planning state for Phase 3 PR #2 completion.

docs/plans/state.json

@@ -1,6 +1,6 @@
 {
   "version": "1.0",
-  "updated_at": "2026-02-11",
+  "updated_at": "2026-02-12",
   "description": "Tracks the status of all Flynn plans and implementation phases",
 
   "plans": {
@@ -1040,7 +1040,162 @@
         }
       }
     },
-  "skills_infrastructure": {
+    "remaining-phases-phase1-pr1-context-levels": {
+      "file": "phase1-pr1-context-level-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added prompt context levels (minimal/normal/detailed/debug) with config schema support, prompt assembly behavior changes, daemon wiring, and coverage for parsing plus level-specific prompt output.",
+      "files_modified": [
+        "src/config/schema.ts",
+        "src/config/schema.test.ts",
+        "src/prompt/template.ts",
+        "src/prompt/template.test.ts",
+        "src/daemon/services.ts",
+        "config/default.yaml"
+      ],
+      "test_status": "typecheck + targeted template tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase1-pr2-command-registry": {
+      "file": "phase1-pr2-command-registry-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added a deterministic fast-path CommandRegistry with built-in slash commands and integrated it into channel routing and gateway agent handling so known commands execute before orchestrator message processing.",
+      "files_created": [
+        "src/commands/types.ts",
+        "src/commands/registry.ts",
+        "src/commands/builtin/index.ts",
+        "src/commands/index.ts",
+        "src/commands/registry.test.ts",
+        "src/gateway/handlers/agent.test.ts"
+      ],
+      "files_modified": [
+        "src/daemon/index.ts",
+        "src/daemon/routing.ts",
+        "src/daemon/routing.test.ts",
+        "src/daemon/services.ts",
+        "src/gateway/server.ts",
+        "src/gateway/handlers/agent.ts"
+      ],
+      "test_status": "typecheck + targeted command/routing/gateway tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase1-pr3-memory-structure": {
+      "file": "phase1-pr3-memory-structure-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added structured memory categories (facts/preferences/decisions/projects) with backward-compatible MemoryStore category APIs, optional category-aware search filters, prompt-context category inclusion, and updated memory tool namespace docs.",
+      "files_created": [
+        "src/memory/categories.ts",
+        "src/memory/categories.test.ts"
+      ],
+      "files_modified": [
+        "src/memory/store.ts",
+        "src/memory/store.test.ts",
+        "src/memory/index.ts",
+        "src/tools/builtin/memory-read.ts",
+        "src/tools/builtin/memory-write.ts",
+        "src/tools/builtin/memory-search.ts"
+      ],
+      "test_status": "typecheck + targeted categories/store tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase2-pr1-component-registry": {
+      "file": "phase2-pr1-component-registry-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added intent/component registry routing with configurable match rules and deterministic resolution, integrated opt-in intent-based agent override in daemon routing, and exposed gateway inspection endpoints (`intents.list`, `intents.match`).",
+      "files_created": [
+        "src/intents/registry.ts",
+        "src/intents/index.ts",
+        "src/intents/registry.test.ts",
+        "src/gateway/handlers/intents.ts"
+      ],
+      "files_modified": [
+        "src/config/schema.ts",
+        "src/config/schema.test.ts",
+        "src/daemon/index.ts",
+        "src/daemon/routing.ts",
+        "src/daemon/routing.test.ts",
+        "src/daemon/services.ts",
+        "src/gateway/server.ts",
+        "src/gateway/handlers/index.ts",
+        "src/gateway/handlers/handlers.test.ts"
+      ],
+      "test_status": "typecheck + targeted intents/routing/handlers tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase2-pr2-confidence-routing": {
+      "file": "phase2-pr2-confidence-routing-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added confidence-based routing policy with configurable thresholds to choose fast-path intent routing versus standard LLM orchestration, and exposed routing decision inspection via gateway.",
+      "files_created": [
+        "src/routing/policy.ts",
+        "src/routing/index.ts",
+        "src/routing/policy.test.ts",
+        "src/gateway/handlers/routing.ts"
+      ],
+      "files_modified": [
+        "src/config/schema.ts",
+        "src/config/schema.test.ts",
+        "src/intents/registry.test.ts",
+        "src/daemon/index.ts",
+        "src/daemon/routing.ts",
+        "src/daemon/routing.test.ts",
+        "src/daemon/services.ts",
+        "src/gateway/server.ts",
+        "src/gateway/handlers/index.ts",
+        "src/gateway/handlers/handlers.test.ts"
+      ],
+      "test_status": "typecheck + targeted policy/intents/routing tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase3-pr1-adaptive-memory-compaction": {
+      "file": "phase3-pr1-adaptive-memory-compaction-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added configurable memory injection strategies (all/recent/adaptive) with adaptive relevance scoring and budget clipping, plus weighted compaction that can preserve high-importance turns while keeping default behavior when thresholds remain at defaults.",
+      "files_created": [
+        "src/memory/adaptive.ts",
+        "src/memory/adaptive.test.ts",
+        "src/context/weighting.ts",
+        "src/context/weighting.test.ts"
+      ],
+      "files_modified": [
+        "src/config/schema.ts",
+        "src/config/schema.test.ts",
+        "src/memory/store.ts",
+        "src/memory/index.ts",
+        "src/backends/native/orchestrator.ts",
+        "src/backends/native/orchestrator.test.ts",
+        "src/context/compaction.ts",
+        "src/context/compaction.test.ts",
+        "src/daemon/routing.ts",
+        "src/gateway/session-bridge.ts"
+      ],
+      "test_status": "typecheck + targeted adaptive/weighting/compaction/orchestrator tests + full test suite + build passing; lint currently fails due pre-existing unrelated repo issues"
+    },
+    "remaining-phases-phase3-pr2-policy-autonomy-hardening": {
+      "file": "phase3-pr2-policy-autonomy-hardening-checklist.md",
+      "status": "completed",
+      "date": "2026-02-12",
+      "summary": "Added runtime-enforceable truthfulness guardrails (strict/standard/relaxed modes injected into system prompts) and autonomy-aware tool execution controls (conservative/standard/autonomous levels with per-tool danger classification and override logic). Both configs default to 'standard' for safe behavior.",
+      "files_created": [
+        "src/backends/native/guardrails.ts",
+        "src/backends/native/guardrails.test.ts",
+        "src/hooks/autonomy.ts",
+        "src/hooks/autonomy.test.ts"
+      ],
+      "files_modified": [
+        "src/config/schema.ts",
+        "src/tools/policy.ts",
+        "src/tools/executor.ts",
+        "src/audit/types.ts",
+        "src/prompt/template.ts",
+        "src/daemon/services.ts",
+        "src/daemon/routing.ts",
+        "src/gateway/session-bridge.ts",
+        "src/tools/integration.test.ts"
+      ],
+      "test_status": "typecheck + targeted guardrails/autonomy/executor/engine/schema/template tests + full suite passing (1490/1490); lint passing baseline (394 warnings, 0 errors); build passing"
+    },
+    "skills_infrastructure": {
     "file": "2026-02-11-skills-infrastructure-plan.md",
     "status": "planned",
     "date": "2026-02-11",
@@ -1089,7 +1244,7 @@
   },
 
   "overall_progress": {
-    "total_test_count": 1369,
+    "total_test_count": 1490,
     "all_tests_passing": true,
     "p0_completion": "3/3 (100%)",
     "p1_completion": "4/4 (100%)",
@@ -1108,7 +1263,8 @@
     "operator_dx_milestone": "Phase 3 (Live Ops Dashboard): 1/2 plans complete — metrics backend done, dashboard UI next",
     "gmail_auth_cli": "flynn gmail-auth command implemented with OAuth2 flow, doctor check, config routed to Telegram",
     "native_audio_support": "completed — smart routing for native audio (Gemini/OpenAI/GitHub) vs Whisper transcription fallback",
-    "next_up": "End-to-end test that Flynn follows through on tool calls via GitHub Copilot fallback. Remaining gaps: Tier 4 channels (Signal, Matrix, Teams, Google Chat), Tier 5 deferred/niche items"
+    "remaining_phases_completion": "Phase 1: 3/3 (100%) — context levels, command registry, memory structure. Phase 2: 2/2 (100%) — component registry, confidence routing. Phase 3: 2/2 (100%) — adaptive memory/compaction, truthfulness/autonomy hardening",
+    "next_up": "Skills infrastructure implementation (Phase 1: command dispatch)"
   },
   "soul_md_and_cron_create": {
     "date": "2026-02-11",
@@ -1199,4 +1355,4 @@
     ],
     "test_status": "4/4 passing"
   }
-}
+}