diff --git a/.agents/skills/summon/SKILL.md b/.agents/skills/summon/SKILL.md
index 7a2bbc8..fafa29b 100644
--- a/.agents/skills/summon/SKILL.md
+++ b/.agents/skills/summon/SKILL.md
@@ -1,6 +1,6 @@
 ---
 name: summon
-description: "Build, debug, or integrate Summon sandboxed generative UI: SurfacePlan contracts, contract-first prompts, JSONL protocol streaming, host-owned capabilities/resources, PolicyEngine grants, StreamGraph diagnostics, safety smoke tests, and adoption docs. Use when working in the Summon repo, adding capabilities/resources/workers/approval actions, debugging validation or sandbox behavior, or creating agent-authored Summon UIs."
+description: "Build, debug, or integrate Summon sandboxed generative UI: SurfacePolicy contracts, Arrow JSONL artifact streaming, host-owned tools/resources, PolicyEngine grants, StreamGraph diagnostics, safety smoke tests, and adoption docs. Use when working in the Summon repo, adding tools/resources/workers/approval actions, debugging validation or sandbox behavior, or creating agent-authored Summon UIs."
 ---
 
 # Summon
@@ -19,31 +19,30 @@ host app.
    native-wrapper behavior.
 6. Read `docs/adoption/security.md` before changing sandbox, CSP, grants,
    script policy, worker, approval, or production-tier behavior.
-7. Read `docs/adoption/debugging.md` before changing validation, repair,
-   stream graph, protocol, Devtools, or sandbox diagnostics.
+7. Read `docs/adoption/debugging.md` before changing validation, stream graph,
+   protocol, Devtools, or sandbox diagnostics.
 
 ## Core Architecture
 
 Follow this path unless the user explicitly asks for a runtime redesign:
 
 ```txt
-host capability registry
+host tool registry
   -> SurfacePolicy: tier/grants/components/purpose/persistence
   -> compiled SurfacePlan: purpose/runtime/data/authority/persistence
-  -> createCapabilityRegistry(...).toContract()
+  -> createToolRegistry(...).toContract()
   -> compileSystemContracts()
-  -> protocol hardener and repair feedback
-  -> SectionAccumulator and StreamGraph
+  -> Arrow protocol hardener
+  -> StreamGraph artifact diagnostics
   -> PolicyEngine and spawnSandbox()
 ```
 
-Capabilities are host-owned. The model sees the contract; the host owns
-handlers, network, credentials, state, grants, and the selected `SurfacePolicy`.
+Tools are host-owned. The model sees the contract; the host owns handlers,
+network, credentials, state, grants, and the selected `SurfacePolicy`.
 Generated artifacts must not emit or widen `/surface-policy` or `/surface-plan`.
 
-New generation servers should prefer `runSurfaceGeneration(input, emit)` from
-`@anarchitecture/summon-server`; `generateSurfaceStream()` remains available for
-existing async-generator integrations. Applications should consume built public
+Generation servers should use `runSurfaceGeneration(input, emit)` from
+`@anarchitecture/summon-server`. Applications should consume built public
 package exports, not `src/*.ts` paths or `@summon-internal/*` packages.
 
 Use `defineAction` and `defineDataResource` for common host-backed
@@ -54,12 +53,11 @@ host approval adapter.
 ## Safe Output Rules
 
 - Keep the iframe null-origin. Do not add `allow-same-origin`.
-- Grant intents and capabilities from the host with `grantedIntents` and
-  `grantedCapabilities`; never trust artifact-declared intents or capabilities
-  as permission.
-- Prefer declarative interactive surfaces with `scriptPolicy: "forbid"` and
-  `data-summon-*` bindings. Treat `scriptPolicy: "allow"` as an escalation for
-  hosts that intentionally permit custom artifact scripts.
+- Grant tools from the host with `grantedTools`; never trust artifact-declared
+  tools as permission.
+- Prefer Arrow-native generated artifacts with `host-bridge:summon` and
+  `callTool()`. Generated custom scripts, legacy runtime controls, and raw
+  section/fragment protocols are rejected before generation or at the parser.
 - Use `defineDataResource` for host-backed async data, with loading, error, and
   data state keys.
 - Resource UIs must render loading, error, and data states.
@@ -70,14 +68,14 @@ host approval adapter.
 ## Debug Loop
 
 For generation failures, inspect `/error`, `/validation-summary`,
-`/validation-blocked`, `/repair-feedback`, `/repair-summary`,
-`/stream-graph-summary`, `/protocol-skip`, `/surface-policy`,
-`/surface-plan`, `/shape`, `/token-overrides`, `/screen-synthesized`, and
-`/mode-upgraded`.
-
-For client behavior, inspect Devtools events: `surface-plan`, `protocol-line`,
-`protocol-parse-error`, `sandbox-ready`, `render`, `intent-emitted`,
-`intent-rejected`, `intent-dispatched`, `intent-settled`, `state-pushed`,
+`/validation-blocked`, `/stream-graph-summary`, `/protocol-skip`,
+`/surface-policy`, `/surface-plan`, `/surface-contract`, `/agent-goal`,
+`/agent-policy-resolution`, `/shape`, `/token-overrides`, and `/mode-upgraded`.
+
+For client behavior, inspect Devtools events: `surface-plan`,
+`surface-contract`, `protocol-line`, `protocol-parse-error`, `sandbox-ready`,
+`render`, `rendered`, `tool-called`, `tool-rejected`,
+`tool-dispatched`, `tool-settled`, `state-pushed`, `component-sync`,
 `stream-graph`, and `sandbox-fatal`.
 
 Use `ContractIssue` plus `hintsForContractIssue(issue)` when feeding validation
@@ -91,7 +89,10 @@ the requested grant/component exceeds the selected `SurfacePolicy` or compiled
 pnpm typecheck
 pnpm test
 pnpm test:safety
+pnpm test:gallery
 pnpm build
+pnpm check:public-api
+pnpm smoke:public-packages
 pnpm pack:dry-run
 pnpm dev:gallery
 pnpm dev:workbench
@@ -107,7 +108,7 @@ boot. It starts only the Vite demo app and does not require
 
 Manual smoke path: run `pnpm dev:workbench`, open `http://localhost:5173/generate`, choose the
 **Host-resource search** showcase scenario, keep **Free layout**, confirm the
-contract cockpit shows `explore/declarative/host-resource/read/replayable` and
+contract cockpit shows `explore/arrow/host-resource/read/replayable` and
 `Grants 1: search`, run the scenario, submit a generated search such as
 `chicken pasta`, inspect the Stream and Devtools drawers, replay from Saved
 surfaces, then open `http://localhost:5173/adversarial`. Use `/batch`,
diff --git a/README.md b/README.md
index aca26e6..6ee0b54 100644
--- a/README.md
+++ b/README.md
@@ -64,7 +64,7 @@ the canonical `.ghost/fingerprint/manifest.yml` package layout. The Surface
 Gallery adds a Ghost fingerprint preset for each root, and the Generate
 workbench adds a `Fingerprint · <id>` option. A fingerprint run is not a bundled
 visual direction: Summon consumes the Ghost relay brief as product design
-direction, then applies host-owned policy, capabilities, and token CSS.
+direction, then applies host-owned policy, tools, and token CSS.
 
 The full guided path lives in
 [docs/adoption/quickstart.md](docs/adoption/quickstart.md).
@@ -98,7 +98,7 @@ pnpm dev:demos
   surface, and a small event strip.
 - `/generate` - diagnostic maintainer workbench for broker-selected
   surface configs, allowed host tools, trusted host components, token
-  overrides, validation retries, edit/replay, Ghost steering, Devtools, and
+  overrides, validation summaries, replay, Ghost steering, Devtools, and
   stream diagnostics.
 - `/batch` - parallel broker harness for prompt coverage, host tool
   wiring, direction-token visual coverage, throughput, and consistency checks.
@@ -114,7 +114,8 @@ pnpm dev:demos
   helpers, and explicit subpaths for advanced browser, engine, host, policy,
   envelope, assets, and Devtools APIs.
 - `@anarchitecture/summon-server` - provider-neutral generation lifecycle,
-  validation retries, summaries, and model-provider interfaces.
+  Arrow protocol hardening, validation summaries, and model-provider
+  interfaces.
 - `@anarchitecture/summon-react` - `SummonSurface` and React trusted-component
   adapter. `react` and `react-dom` are peer dependencies.
 
@@ -125,7 +126,7 @@ pnpm dev:demos
   `packages/sandbox-runtime`, `packages/server`, `packages/react` - private
   implementation workspaces published only through the public facades.
 - `apps/server` - multi-provider demo server for Anthropic, OpenAI, and Gemini,
-  direction loading, validation retry feedback, and demo backing routes.
+  direction loading, Arrow protocol diagnostics, and demo backing routes.
 - `apps/surface-gallery` - first-run live example app for OSS adopters.
 - `apps/demo` - Vite maintainer workbench for generation, batch runs,
   adversarial checks, strict input, Ghost steering, diagnostics, and fatal
diff --git a/apps/demo/src/App.tsx b/apps/demo/src/App.tsx
index 4f51fe6..7fe2d38 100644
--- a/apps/demo/src/App.tsx
+++ b/apps/demo/src/App.tsx
@@ -7,7 +7,6 @@ import { ThemeProvider, ThemeToggle } from './theme.js';
 const AdversarialPage = lazy(() => import('./pages/AdversarialPage.js').then((module) => ({ default: module.AdversarialPage })));
 const BatchPage = lazy(() => import('./pages/BatchPage.js').then((module) => ({ default: module.BatchPage })));
 const FatalPage = lazy(() => import('./pages/FatalPage.js').then((module) => ({ default: module.FatalPage })));
-const FragmentComparePage = lazy(() => import('./pages/FragmentComparePage.js').then((module) => ({ default: module.FragmentComparePage })));
 const GeneratePage = lazy(() => import('./pages/generate/GeneratePage.js').then((module) => ({ default: module.GeneratePage })));
 const StrictPage = lazy(() => import('./pages/StrictPage.js').then((module) => ({ default: module.StrictPage })));
 
@@ -27,7 +26,6 @@ function AppRoutes() {
           <Route path="/" element={<LandingPage />} />
           <Route path="/generate" element={<GeneratePage />} />
           <Route path="/batch" element={<BatchPage />} />
-          <Route path="/fragment-compare" element={<FragmentComparePage />} />
           <Route path="/adversarial" element={<AdversarialPage />} />
           <Route path="/strict" element={<StrictPage />} />
           <Route path="/fatal" element={<FatalPage />} />
diff --git a/apps/demo/src/adversarial-artifact.ts b/apps/demo/src/adversarial-artifact.ts
index 93124e5..99fb3c6 100644
--- a/apps/demo/src/adversarial-artifact.ts
+++ b/apps/demo/src/adversarial-artifact.ts
@@ -1,246 +1,91 @@
-/**
- * Adversarial artifact body. Each test tries to break out of the sandbox in a
- * different way. All results are reported back via sandbox.emit('report', ...).
- *
- * PASS = reported as "blocked"
- * FAIL = reported as "allowed"
- *
- * The host tallies results.
- */
-export const ADVERSARIAL_BODY_HTML = /* html */ `
-<div style="padding: var(--space-4); font-family: var(--font-mono); font-size: var(--text-xs)">
-  <div style="font-weight: 600; margin-bottom: var(--space-2);">Adversarial sandbox</div>
-  <div>Running breakout tests and reporting back…</div>
-  <div id="marker" style="margin-top: var(--space-3); color: var(--color-text-muted);"></div>
-</div>
-
-<script>
-(() => {
-  const cspViolations = [];
-  document.addEventListener('securitypolicyviolation', (e) => {
-    cspViolations.push({
-      directive: e.violatedDirective,
-      blocked: e.blockedURI,
-    });
-  });
-
-  function report(test, status, detail) {
-    sandbox.emit('report', { test, status, detail: String(detail || '') });
+import type { ArrowSurfaceArtifact } from '@anarchitecture/summon/engine';
+
+const adversarialMain = `
+import { html } from "@arrow-js/core";
+import { callTool } from "host-bridge:summon";
+
+async function report(test, status, detail = "") {
+  await callTool("report", { test, status, detail: String(detail) });
+}
+
+async function expectBlocked(name, fn) {
+  try {
+    const detail = await fn();
+    await report(name, "allowed", detail);
+  } catch (error) {
+    await report(name, "blocked", error && error.message ? error.message : String(error));
   }
+}
 
-  async function run(name, fn) {
-    const before = cspViolations.length;
-    try {
-      const result = await Promise.race([
-        Promise.resolve().then(fn),
-        new Promise((_, rej) => setTimeout(() => rej(new Error('timeout 2s')), 2000)),
-      ]);
-      const after = cspViolations.slice(before);
-      if (after.length > 0) {
-        report(name, 'blocked', 'CSP:' + after[0].directive);
-      } else {
-        report(name, 'allowed', typeof result === 'string' ? result : JSON.stringify(result));
-      }
-    } catch (err) {
-      const after = cspViolations.slice(before);
-      const detail = after.length > 0 ? 'CSP:' + after[0].directive : (err && err.message || String(err));
-      report(name, 'blocked', detail);
+function missingGlobal(name) {
+  return () => {
+    if (typeof globalThis[name] === "undefined") {
+      throw new Error(name + " unavailable inside Arrow VM");
     }
+    return name + " was present";
+  };
+}
+
+async function rejectedTool(name, tool, args) {
+  const result = await callTool(tool, args);
+  if (result && result.ok === false) {
+    throw new Error(result.error || "tool rejected");
   }
-
-  async function runAll() {
-    // Network — should all be blocked by connect-src 'none'
-    await run('fetch-external', async () => {
-      const r = await fetch('https://example.com/');
-      return 'status=' + r.status;
-    });
-    await run('xhr-external', () => new Promise((resolve, reject) => {
-      const xhr = new XMLHttpRequest();
-      xhr.onload = () => resolve('status=' + xhr.status);
-      xhr.onerror = () => reject(new Error('xhr error'));
-      xhr.open('GET', 'https://example.com/');
-      xhr.send();
-    }));
-    await run('websocket-external', () => new Promise((resolve, reject) => {
-      try {
-        const ws = new WebSocket('wss://example.com/');
-        ws.onopen = () => resolve('opened');
-        ws.onerror = () => reject(new Error('ws error'));
-        setTimeout(() => reject(new Error('ws timeout')), 500);
-      } catch (err) { reject(err); }
-    }));
-    await run('eventsource-external', () => new Promise((resolve, reject) => {
-      try {
-        const es = new EventSource('https://example.com/stream');
-        es.onopen = () => resolve('opened');
-        es.onerror = () => reject(new Error('es error'));
-        setTimeout(() => reject(new Error('es timeout')), 500);
-      } catch (err) { reject(err); }
-    }));
-    await run('sendbeacon-external', () => new Promise((resolve, reject) => {
-      const ok = navigator.sendBeacon && navigator.sendBeacon('https://example.com/', 'x');
-      setTimeout(() => {
-        if (ok) resolve('queued');
-        else reject(new Error('sendBeacon returned false'));
-      }, 300);
-    }));
-
-    // Image beacon — img-src data: only, external must fail
-    await run('img-beacon-external', () => new Promise((resolve, reject) => {
-      const img = new Image();
-      img.onload = () => resolve('loaded');
-      img.onerror = () => reject(new Error('img error'));
-      img.src = 'https://example.com/1x1.png';
-      setTimeout(() => reject(new Error('img timeout')), 500);
-    }));
-
-    // External script load
-    await run('script-external', () => new Promise((resolve, reject) => {
-      const s = document.createElement('script');
-      s.onload = () => resolve('loaded');
-      s.onerror = () => reject(new Error('script error'));
-      s.src = 'https://example.com/evil.js';
-      document.head.appendChild(s);
-      setTimeout(() => reject(new Error('script timeout')), 500);
-    }));
-    await run('dynamic-import', async () => {
-      // eslint-disable-next-line no-new-func
-      const mod = await import('https://example.com/evil.js');
-      return 'module=' + typeof mod;
-    });
-
-    // Eval — blocked by no 'unsafe-eval'
-    await run('eval', () => {
-      // eslint-disable-next-line no-eval
-      const x = eval('1+1');
-      return 'eval=' + x;
-    });
-    await run('Function-constructor', () => {
-      const x = new Function('return 1+1')();
-      return 'fn=' + x;
-    });
-
-    // Storage — sandbox blocks DOM storage for null-origin iframes
-    await run('localStorage', () => {
-      localStorage.setItem('x', 'y');
-      return 'set=' + localStorage.getItem('x');
-    });
-    await run('sessionStorage', () => {
-      sessionStorage.setItem('x', 'y');
-      return 'set=' + sessionStorage.getItem('x');
-    });
-    await run('indexedDB', () => new Promise((resolve, reject) => {
-      const req = indexedDB.open('summon-evil', 1);
-      req.onsuccess = () => resolve('opened');
-      req.onerror = () => reject(new Error('idb error'));
-      setTimeout(() => reject(new Error('idb timeout')), 500);
-    }));
-    await run('document.cookie-set', () => {
-      document.cookie = 'x=y';
-      if (document.cookie) return 'cookie=' + document.cookie;
-      throw new Error('cookie write ignored');
-    });
-
-    // Navigation / parent access
-    await run('top-navigation', () => {
-      window.top.location = 'https://example.com/';
-      return 'navigated';
-    });
-    await run('parent-navigation', () => {
-      window.parent.location = 'https://example.com/';
-      return 'navigated';
-    });
-    await run('read-parent-location', () => {
-      const href = window.parent.location.href;
-      return 'href=' + href;
-    });
-    await run('popup', () => {
-      const w = window.open('https://example.com/', '_blank');
-      if (w) return 'opened';
-      throw new Error('open returned null');
-    });
-
-    // Form submission
-    await run('form-action-external', () => new Promise((resolve, reject) => {
-      const f = document.createElement('form');
-      f.method = 'POST';
-      f.action = 'https://example.com/';
-      f.target = '_top';
-      document.body.appendChild(f);
-      try {
-        f.submit();
-        setTimeout(() => {
-          if (location.hostname === '' || location.href.indexOf('example.com') === -1) {
-            reject(new Error('no navigation'));
-          } else {
-            resolve('submitted');
-          }
-        }, 300);
-      } catch (err) { reject(err); }
-    }));
-
-    // Nested iframe
-    await run('nested-iframe-external', () => new Promise((resolve, reject) => {
-      const f = document.createElement('iframe');
-      f.onload = () => setTimeout(() => resolve('loaded'), 300);
-      f.onerror = () => reject(new Error('frame error'));
-      f.src = 'https://example.com/';
-      document.body.appendChild(f);
-      setTimeout(() => reject(new Error('frame timeout')), 500);
-    }));
-
-    // SDK integrity
-    await run('overwrite-sandbox-sdk', () => {
-      const before = window.sandbox;
-      window.sandbox = { emit: () => {}, onState: () => {}, state: {} };
-      if (window.sandbox === before) {
-        throw new Error('assignment ignored; SDK stayed immutable');
-      }
-      return window.sandbox.emit.toString();
-    });
-    await run('read-sandbox-id', () => {
-      const id = window.__SUMMON_SANDBOX_ID__;
-      if (id) return 'id=' + id;
-      throw new Error('undefined');
-    });
-
-    // Forged intent with wrong sandbox_id — host must drop silently. If the
-    // host incorrectly accepts it, the injected report below creates a failing
-    // result row before this delayed pass report runs.
-    window.parent.postMessage({
-      type: 'SUMMON_INTENT',
-      sandbox_id: 'deadbeef',
-      intent: 'report',
-      args: { test: 'forge-intent-wrong-id', status: 'allowed', detail: 'wrong sandbox_id was delivered' },
-    }, '*');
-    await new Promise((resolve) => setTimeout(resolve, 150));
-    report('forge-intent-wrong-id', 'blocked', 'wrong sandbox_id was not delivered');
-
-    // Unknown intent — host must reject
-    await run('emit-unknown-intent', () => {
-      sandbox.emit('exfiltrate', { data: 'secret' });
-      return 'emitted';
-    });
-
-    // Artifact-declared but not host-granted. The artifact lists 'escalate'
-    // in its own intents — but the host's grant excludes it, and the bridge
-    // is supposed to enforce the grant, not the declaration.
-    await run('emit-declared-but-not-granted', () => {
-      sandbox.emit('escalate', { test: 'emit-declared-but-not-granted' });
-      return 'emitted';
-    });
-
-    report('__DONE__', 'info', '');
-  }
-
-  // Start once bootstrap is ready.
-  if (window.sandbox) {
-    document.getElementById('marker').textContent = 'Tests started';
-    runAll();
-  } else {
-    document.getElementById('marker').textContent = 'ERROR: window.sandbox not installed';
-    // No way to report back without sandbox.emit — this is visible only in-iframe.
+  return "tool call resolved";
+}
+
+async function runAll() {
+  const globals = [
+    "window",
+    "document",
+    "parent",
+    "top",
+    "location",
+    "localStorage",
+    "sessionStorage",
+    "indexedDB",
+    "navigator",
+    "XMLHttpRequest",
+    "WebSocket",
+    "EventSource",
+    "Worker",
+    "SharedWorker",
+    "BroadcastChannel",
+    "Image",
+    "HTMLScriptElement",
+    "HTMLIFrameElement",
+    "HTMLElement",
+    "MessageChannel",
+    "Notification",
+    "importScripts",
+    "open",
+    "postMessage",
+    "cookieStore",
+    "caches",
+  ];
+  for (const name of globals) {
+    await expectBlocked("global-" + name, missingGlobal(name));
   }
-})();
-</script>
+  await expectBlocked("emit-unknown-tool", () => rejectedTool("emit-unknown-tool", "exfiltrate", { data: "secret" }));
+  await expectBlocked("emit-declared-but-not-granted", () => rejectedTool("emit-declared-but-not-granted", "escalate", { test: "emit-declared-but-not-granted" }));
+  await expectBlocked("empty-tool-name", () => rejectedTool("empty-tool-name", "", {}));
+  await report("__DONE__", "info", "");
+}
+
+void runAll();
+
+export default html\`
+  <div style="padding:var(--space-4);font-family:var(--font-mono);font-size:var(--text-xs)">
+    <div style="font-weight:600;margin-bottom:var(--space-2)">Adversarial sandbox</div>
+    <div>Running Arrow VM boundary checks and reporting back through callTool().</div>
+    <div id="marker" style="margin-top:var(--space-3);color:var(--color-text-muted)">Tests started</div>
+  </div>
+\`;
 `;
+
+export const ADVERSARIAL_ARTIFACT: ArrowSurfaceArtifact = {
+  runtime: 'arrow',
+  source: {
+    'main.ts': adversarialMain,
+  },
+};
diff --git a/apps/demo/src/components/TrustedFixtureSurface.tsx b/apps/demo/src/components/TrustedFixtureSurface.tsx
deleted file mode 100644
index 73748d4..0000000
--- a/apps/demo/src/components/TrustedFixtureSurface.tsx
+++ /dev/null
@@ -1,231 +0,0 @@
-import {
-  forwardRef,
-  useEffect,
-  useImperativeHandle,
-  useMemo,
-  useRef,
-  type CSSProperties,
-} from 'react';
-import bootstrapSource from '@anarchitecture/summon/bootstrap.js?raw';
-import tokensSource from '@anarchitecture/summon/tokens.css?raw';
-
-export interface TrustedFixtureSurfaceHandle {
-  iframe: HTMLIFrameElement | null;
-  sandboxId: string | null;
-  pushState(state: Record<string, unknown>): void;
-}
-
-export interface TrustedFixtureSurfaceProps {
-  html: string;
-  grantedIntents: string[];
-  initialState?: Record<string, unknown>;
-  onIntent?: (intent: string, args: Record<string, unknown>) => void;
-  onIntentRejected?: (reason: string, raw: unknown) => void;
-  onFatal?: (reason: string) => void;
-  id?: string;
-  title?: string;
-  className?: string;
-  style?: CSSProperties;
-}
-
-function randomId(): string {
-  const bytes = new Uint8Array(16);
-  crypto.getRandomValues(bytes);
-  return Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
-}
-
-function escapeHtml(s: string): string {
-  return s
-    .replaceAll('&', '&amp;')
-    .replaceAll('<', '&lt;')
-    .replaceAll('>', '&gt;')
-    .replaceAll('"', '&quot;');
-}
-
-function escapeScript(s: string): string {
-  return s.replace(/<\/script/gi, '<\\/script');
-}
-
-function escapeScriptJson(value: unknown): string {
-  return JSON.stringify(value).replaceAll('<', '\\u003c');
-}
-
-function cspForNonce(nonce: string): string {
-  return [
-    "default-src 'none'",
-    `script-src 'nonce-${nonce}'`,
-    "style-src 'unsafe-inline'",
-    "img-src data:",
-    "font-src data:",
-    "connect-src 'none'",
-    "form-action 'none'",
-    "base-uri 'none'",
-    "frame-src 'none'",
-    "child-src 'none'",
-    "media-src 'none'",
-    "object-src 'none'",
-    "worker-src 'none'",
-  ].join('; ');
-}
-
-function nonceFixtureScripts(html: string, nonce: string): string {
-  return html.replace(/<script\b(?![^>]*\bnonce=)/gi, `<script nonce="${nonce}"`);
-}
-
-function buildSrcdoc(params: {
-  sandboxId: string;
-  nonce: string;
-  html: string;
-}): string {
-  return `<!DOCTYPE html>
-<html>
-<head>
-<meta http-equiv="Content-Security-Policy" content="${escapeHtml(cspForNonce(params.nonce))}">
-<meta charset="utf-8">
-<script nonce="${params.nonce}">window.__SUMMON_SANDBOX_ID__=${escapeScriptJson(params.sandboxId)};window.__SUMMON_RESOURCES__={};</script>
-<script nonce="${params.nonce}">${escapeScript(bootstrapSource)}</script>
-<style>${tokensSource}</style>
-</head>
-<body><div id="summon-root">${nonceFixtureScripts(params.html, params.nonce)}</div><script nonce="${params.nonce}">window.__SUMMON_SIGNAL_READY__?.();</script></body>
-</html>`;
-}
-
-/**
- * Demo-only escape hatch for trusted adversarial fixtures. It keeps the sandbox
- * and host intent bridge under test without letting generated artifacts regain
- * public script execution.
- */
-export const TrustedFixtureSurface = forwardRef<TrustedFixtureSurfaceHandle, TrustedFixtureSurfaceProps>(
-  function TrustedFixtureSurface(props, ref) {
-    const iframeRef = useRef<HTMLIFrameElement>(null);
-    const sandboxId = useMemo(randomId, []);
-    const nonce = useMemo(randomId, []);
-    const readyRef = useRef(false);
-    const pendingStatesRef = useRef<Record<string, unknown>[]>([]);
-
-    function postState(state: Record<string, unknown>) {
-      const iframe = iframeRef.current;
-      if (!readyRef.current || !iframe?.contentWindow) {
-        pendingStatesRef.current.push(state);
-        return;
-      }
-      iframe.contentWindow.postMessage({
-        type: 'SUMMON_STATE',
-        sandbox_id: sandboxId,
-        state,
-      }, '*');
-    }
-
-    useImperativeHandle(ref, () => ({
-      get iframe() {
-        return iframeRef.current;
-      },
-      get sandboxId() {
-        return sandboxId;
-      },
-      pushState(state: Record<string, unknown>) {
-        postState(state);
-      },
-    }), [sandboxId]);
-
-    useEffect(() => {
-      readyRef.current = false;
-      pendingStatesRef.current = props.initialState ? [props.initialState] : [];
-      const intentAllowlist = new Set(props.grantedIntents);
-
-      function flushPending() {
-        const iframe = iframeRef.current;
-        if (!readyRef.current || !iframe?.contentWindow) return;
-        while (pendingStatesRef.current.length > 0) {
-          const state = pendingStatesRef.current.shift()!;
-          iframe.contentWindow.postMessage({
-            type: 'SUMMON_STATE',
-            sandbox_id: sandboxId,
-            state,
-          }, '*');
-        }
-      }
-
-      function handleMessage(event: MessageEvent) {
-        const data = event.data as {
-          type?: string;
-          sandbox_id?: string;
-          reason?: unknown;
-          intent?: unknown;
-          args?: unknown;
-        } | undefined;
-        if (!data || typeof data !== 'object') return;
-        if (
-          data.type !== 'SUMMON_READY' &&
-          data.type !== 'SUMMON_FATAL' &&
-          data.type !== 'SUMMON_INTENT'
-        ) {
-          return;
-        }
-        if (data.sandbox_id !== sandboxId) return;
-
-        if (data.type === 'SUMMON_FATAL') {
-          readyRef.current = false;
-          props.onFatal?.(typeof data.reason === 'string' ? data.reason : 'unknown');
-          return;
-        }
-
-        if (data.type === 'SUMMON_READY') {
-          readyRef.current = true;
-          flushPending();
-          return;
-        }
-
-        const intent = data.intent;
-        if (typeof intent !== 'string' || !intent) {
-          props.onIntentRejected?.('intent not a non-empty string', data);
-          return;
-        }
-        if (!intentAllowlist.has(intent)) {
-          props.onIntentRejected?.(`intent "${intent}" not granted`, data);
-          return;
-        }
-        const args = data.args && typeof data.args === 'object'
-          ? data.args as Record<string, unknown>
-          : {};
-        props.onIntent?.(intent, args);
-      }
-
-      window.addEventListener('message', handleMessage);
-      if (iframeRef.current) {
-        iframeRef.current.setAttribute('sandbox', 'allow-scripts');
-        iframeRef.current.srcdoc = buildSrcdoc({
-          sandboxId,
-          nonce,
-          html: props.html,
-        });
-      }
-
-      return () => {
-        window.removeEventListener('message', handleMessage);
-        readyRef.current = false;
-        pendingStatesRef.current = [];
-        if (iframeRef.current) iframeRef.current.srcdoc = '';
-      };
-    }, [
-      nonce,
-      props.grantedIntents,
-      props.html,
-      props.initialState,
-      props.onFatal,
-      props.onIntent,
-      props.onIntentRejected,
-      sandboxId,
-    ]);
-
-    return (
-      <iframe
-        ref={iframeRef}
-        id={props.id}
-        title={props.title ?? 'Trusted Summon fixture'}
-        className={props.className}
-        style={props.style}
-      />
-    );
-  },
-);
diff --git a/apps/demo/src/components/chrome.tsx b/apps/demo/src/components/chrome.tsx
index 08ec519..58be9db 100644
--- a/apps/demo/src/components/chrome.tsx
+++ b/apps/demo/src/components/chrome.tsx
@@ -4,13 +4,12 @@ import { cn } from '../lib/cn.js';
 import { elevatedPanelClass, panelHeaderClass, pageWidthClass, StatusText } from './ui.js';
 
 export interface AppNavProps {
-  active?: 'generate' | 'batch' | 'fragment-compare';
+  active?: 'generate' | 'batch';
 }
 
 const navItems = [
   { id: 'generate', label: 'Generate', href: '/generate' },
   { id: 'batch', label: 'Batch', href: '/batch' },
-  { id: 'fragment-compare', label: 'Fragment compare', href: '/fragment-compare' },
 ] as const;
 
 const navItemBaseClass =
diff --git a/apps/demo/src/components/ui.tsx b/apps/demo/src/components/ui.tsx
index f5f36ca..b514a4b 100644
--- a/apps/demo/src/components/ui.tsx
+++ b/apps/demo/src/components/ui.tsx
@@ -107,12 +107,12 @@ export function statusToneClass(status?: string): string {
 }
 
 export function devtoolsEventKindClass(kind: string): string {
-  if (kind === 'sandbox-spawned' || kind === 'sandbox-ready') return 'text-good';
-  if (kind === 'sandbox-fatal' || kind === 'sandbox-disposed' || kind === 'intent-rejected' || kind === 'protocol-parse-error') {
+  if (kind === 'sandbox-spawned' || kind === 'sandbox-ready' || kind === 'rendered') return 'text-good';
+  if (kind === 'sandbox-fatal' || kind === 'sandbox-disposed' || kind === 'tool-rejected' || kind === 'protocol-parse-error') {
     return 'text-danger';
   }
-  if (kind === 'intent-emitted' || kind === 'intent-dispatched' || kind === 'state-pushed') return 'text-info';
-  if (kind === 'intent-settled') return 'text-ink-soft';
+  if (kind === 'tool-called' || kind === 'tool-dispatched' || kind === 'state-pushed') return 'text-info';
+  if (kind === 'tool-settled') return 'text-ink-soft';
   return 'text-ink-muted';
 }
 
diff --git a/apps/demo/src/pages/AdversarialPage.tsx b/apps/demo/src/pages/AdversarialPage.tsx
index 5cb258c..cacecea 100644
--- a/apps/demo/src/pages/AdversarialPage.tsx
+++ b/apps/demo/src/pages/AdversarialPage.tsx
@@ -1,25 +1,25 @@
 import { useCallback, useMemo, useState } from 'react';
+import { SummonSurface } from '@anarchitecture/summon-react';
 import { AppNav, LogView, PageHeader, Pane } from '../components/chrome.js';
-import { TrustedFixtureSurface } from '../components/TrustedFixtureSurface.js';
 import { cn } from '../lib/cn.js';
 import { logToneClass, pageWidthClass } from '../components/ui.js';
-import { ADVERSARIAL_BODY_HTML } from '../adversarial-artifact.js';
+import { ADVERSARIAL_ARTIFACT } from '../adversarial-artifact.js';
 
 type Report = { test: string; status: 'blocked' | 'allowed' | 'info'; detail: string };
 type Rejection = { reason: string; raw: unknown };
 
 const expectedHostRejection = new Set([
-  'emit-unknown-intent',
+  'emit-unknown-tool',
   'emit-declared-but-not-granted',
 ]);
-const grantedIntents = ['report'];
+const grantedTools = ['report'];
 
 function rejectionMatches(test: string, rejections: Rejection[]): boolean {
   return rejections.some((rejection) => {
-    const raw = rejection.raw as { args?: { test?: string; status?: string }; intent?: string };
-    if (test === 'emit-unknown-intent') return raw?.intent === 'exfiltrate';
+    const raw = rejection.raw as { args?: { test?: string; status?: string }; tool?: string };
+    if (test === 'emit-unknown-tool') return raw?.tool === 'exfiltrate';
     if (test === 'emit-declared-but-not-granted') {
-      return raw?.intent === 'escalate' && rejection.reason.includes('not granted');
+      return raw?.tool === 'escalate' && rejection.reason.includes('not granted');
     }
     return false;
   });
@@ -50,8 +50,8 @@ export function AdversarialPage() {
     return { pass, fail };
   }, [rejections, visibleReports]);
 
-  const onIntent = useCallback((intent: string, args: Record<string, unknown>) => {
-    if (intent !== 'report') return;
+  const onToolCall = useCallback((tool: string, args: Record<string, unknown>) => {
+    if (tool !== 'report') return;
     setReports((items) => [
       ...items,
       {
@@ -61,7 +61,7 @@ export function AdversarialPage() {
       },
     ]);
   }, []);
-  const onIntentRejected = useCallback((reason: string, raw: unknown) => {
+  const onToolRejected = useCallback((reason: string, raw: unknown) => {
     setRejections((items) => [...items, { reason, raw }]);
   }, []);
 
@@ -74,14 +74,14 @@ export function AdversarialPage() {
       />
       <div className={cn(pageWidthClass, 'grid grid-cols-2 gap-5 max-[820px]:grid-cols-1')}>
         <Pane title="Sandbox iframe">
-          <TrustedFixtureSurface
+          <SummonSurface
             id="sandbox"
             className="h-[320px]"
             title="Summon sandbox"
-            html={ADVERSARIAL_BODY_HTML}
-            grantedIntents={grantedIntents}
-            onIntent={onIntent}
-            onIntentRejected={onIntentRejected}
+            artifact={ADVERSARIAL_ARTIFACT}
+            grantedTools={grantedTools}
+            onToolCall={onToolCall}
+            onToolRejected={onToolRejected}
           />
         </Pane>
         <Pane title="Test results">
@@ -101,10 +101,10 @@ export function AdversarialPage() {
               <>
                 <div className={logToneClass('info')}>Host-side rejections:</div>
                 {rejections.map((rejection, index) => {
-                  const raw = rejection.raw as { intent?: string };
+                  const raw = rejection.raw as { tool?: string };
                   return (
                     <div key={index} className={logToneClass('info')}>
-                      · {rejection.reason}{raw?.intent ? ` intent="${raw.intent}"` : ''}
+                      · {rejection.reason}{raw?.tool ? ` tool="${raw.tool}"` : ''}
                     </div>
                   );
                 })}
diff --git a/apps/demo/src/pages/BatchPage.tsx b/apps/demo/src/pages/BatchPage.tsx
index 47e1b81..bda9067 100644
--- a/apps/demo/src/pages/BatchPage.tsx
+++ b/apps/demo/src/pages/BatchPage.tsx
@@ -1,16 +1,16 @@
 import { useEffect, useMemo, useRef, useState } from 'react';
 import { SummonSurface, type SummonSurfaceHandle } from '@anarchitecture/summon-react';
-import { type CapabilityPack } from '@anarchitecture/summon';
+import { type ToolPack } from '@anarchitecture/summon';
 import {
+  isArrowSurfaceArtifact,
   parseProtocolLine,
-  SectionAccumulator,
-  type ValidationCapability,
+  type ValidationTool,
 } from '@anarchitecture/summon/engine';
 import defaultTokensSource from '@anarchitecture/summon/tokens.css?raw';
 import { AppNav, ModeGroup, PageHeader } from '../components/chrome.js';
 import { Button, compactInputClass, compactSelectClass, pageWidthClass, panelClass, statusToneClass, textareaClass } from '../components/ui.js';
 import { cn } from '../lib/cn.js';
-import { createDemoCapabilityRegistry } from '../capabilities.js';
+import { createDemoToolRegistry } from '../tools.js';
 import { ALL_PROMPTS, sample } from '../prompts.js';
 
 interface DirectionInfo {
@@ -40,11 +40,11 @@ function summarizeAgentMeta(value: unknown): string {
   if (policy) {
     const tier = typeof policy.tier === 'string' ? policy.tier : 'policy';
     const purpose = typeof policy.purpose === 'string' ? policy.purpose : 'inform';
-    const intentSource = typeof item.intentSource === 'string' ? ` · ${item.intentSource}` : '';
+    const goalSource = typeof item.goalSource === 'string' ? ` · ${item.goalSource}` : '';
     const fallback = item.fallback === true ? ' · fallback' : '';
-    return `${tier}/${purpose}${intentSource}${fallback}`;
+    return `${tier}/${purpose}${goalSource}${fallback}`;
   }
-  const purpose = typeof item.purpose === 'string' ? item.purpose : 'intent';
+  const purpose = typeof item.purpose === 'string' ? item.purpose : 'tool';
   const interaction = typeof item.interaction === 'string' ? item.interaction : 'none';
   const dataNeed = typeof item.dataNeed === 'string' ? item.dataNeed : 'embedded';
   return `${purpose}/${interaction}/${dataNeed}`;
@@ -78,22 +78,21 @@ function BatchTile({
   const [status, setStatus] = useState('pending');
   const [statusClass, setStatusClass] = useState('pending');
   const [bytes, setBytes] = useState(0);
-  const [intent, setIntent] = useState<{ text: string; err?: boolean } | null>(null);
+  const [tool, setTool] = useState<{ text: string; err?: boolean } | null>(null);
 
   const registry = useMemo(() => {
     if (run.interactivity !== 'interactive') return null;
-    return createDemoCapabilityRegistry({
-      onLog: (message) => setIntent({ text: message }),
-      onError: (message) => setIntent({ text: message, err: true }),
+    return createDemoToolRegistry({
+      onLog: (message) => setTool({ text: message }),
+      onError: (message) => setTool({ text: message, err: true }),
     }).without(['summon']);
   }, [run.interactivity]);
   const contract = useMemo(() => registry?.toContract() ?? null, [registry]);
-  const capabilityPack: CapabilityPack | null = contract?.pack ?? null;
-  const validationCapabilities: ValidationCapability[] | null = contract?.validationCapabilities ?? null;
+  const toolPack: ToolPack | null = contract?.pack ?? null;
+  const validationTools: ValidationTool[] | null = contract?.validationTools ?? null;
 
   useEffect(() => {
     let cancelled = false;
-    const acc = new SectionAccumulator();
     const start = performance.now();
     let byteCount = 0;
 
@@ -102,8 +101,7 @@ function BatchTile({
       setStatusClass('streaming');
       setStatus('streaming');
       setBytes(0);
-      setIntent(null);
-      const renderIncrementally = run.interactivity === 'static';
+      setTool(null);
 
       try {
         const res = await fetch('/api/generate', {
@@ -112,8 +110,7 @@ function BatchTile({
           body: JSON.stringify({
             prompt: run.prompt,
             directionId: run.directionId,
-            mode: run.interactivity,
-            capabilities: run.interactivity === 'interactive' ? capabilityPack : undefined,
+            tools: run.interactivity === 'interactive' ? toolPack : undefined,
             agent: { enabled: true },
           }),
           signal: run.signal,
@@ -127,15 +124,14 @@ function BatchTile({
         const processLine = (raw: string) => {
           const parsed = parseProtocolLine(raw);
           if (!parsed) return;
-          if (parsed.op === 'meta' && parsed.path === '/agent-intent') {
-            setIntent({ text: `agent intent: ${summarizeAgentMeta(parsed.value)}` });
+          if (parsed.op === 'meta' && parsed.path === '/agent-goal') {
+            setTool({ text: `agent goal: ${summarizeAgentMeta(parsed.value)}` });
           }
           if (parsed.op === 'meta' && parsed.path === '/agent-policy-resolution') {
-            setIntent({ text: `agent policy: ${summarizeAgentMeta(parsed.value)}` });
+            setTool({ text: `agent policy: ${summarizeAgentMeta(parsed.value)}` });
           }
-          const changed = acc.apply(parsed);
-          if (renderIncrementally && changed && acc.hasAnySection()) {
-            surfaceRef.current?.render(acc.compose());
+          if (parsed.op === 'artifact' && isArrowSurfaceArtifact(parsed.value)) {
+            surfaceRef.current?.renderArtifact(parsed.value);
           }
         };
 
@@ -155,9 +151,6 @@ function BatchTile({
         }
         const tail = buffer.trim();
         if (tail) processLine(tail);
-        if (!renderIncrementally && acc.hasAnySection()) {
-          surfaceRef.current?.render(acc.compose());
-        }
 
         const ms = Math.round(performance.now() - start);
         if (cancelled) return;
@@ -182,7 +175,7 @@ function BatchTile({
     return () => {
       cancelled = true;
     };
-  }, [capabilityPack, onComplete, run]);
+  }, [toolPack, onComplete, run]);
 
   return (
     <div className={cn(panelClass, 'flex min-w-0 flex-col')}>
@@ -192,9 +185,9 @@ function BatchTile({
           <span className={statusToneClass(statusClass)}>{status}</span>
           <span>{bytes.toLocaleString()} B</span>
         </div>
-        {intent ? (
-          <div className={cn('border-t border-dashed border-line bg-surface px-3.5 py-2 font-mono text-[11px]', intent.err ? 'text-danger' : 'text-good')}>
-            {intent.text}
+        {tool ? (
+          <div className={cn('border-t border-dashed border-line bg-surface px-3.5 py-2 font-mono text-[11px]', tool.err ? 'text-danger' : 'text-good')}>
+            {tool.text}
           </div>
         ) : null}
       </div>
@@ -203,10 +196,9 @@ function BatchTile({
           ref={surfaceRef}
           title={run.prompt}
           className={cn('block w-full border-0 bg-surface-raised', stacked ? 'h-[880px]' : 'h-[760px]')}
-          html=""
           tokensSource={run.tokensCss}
-          capabilityRegistry={registry}
-          grantedCapabilities={validationCapabilities ?? undefined}
+          toolRegistry={registry}
+          validationTools={validationTools ?? undefined}
         />
         {run.interactivity === 'interactive' && statusClass === 'streaming' ? (
           <div className="pointer-events-none absolute inset-0 flex items-center justify-center bg-[var(--overlay-strong)] text-[13px] font-medium tracking-normal text-ink-soft">
diff --git a/apps/demo/src/pages/FatalPage.tsx b/apps/demo/src/pages/FatalPage.tsx
index 02597e4..93b33f0 100644
--- a/apps/demo/src/pages/FatalPage.tsx
+++ b/apps/demo/src/pages/FatalPage.tsx
@@ -43,7 +43,7 @@ function buildSrcdoc(sandboxId: string, nonce: string): string {
 <head>
 <meta http-equiv="Content-Security-Policy" content="${escapeHtml(cspForNonce(nonce))}">
 <meta charset="utf-8">
-<script nonce="${nonce}">window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};window.__SUMMON_RESOURCES__={};</script>
+<script nonce="${nonce}">window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};</script>
 <script nonce="${nonce}">${escapeScript(bootstrapSource)}</script>
 <style>${tokensSource}</style>
 </head>
diff --git a/apps/demo/src/pages/FragmentComparePage.tsx b/apps/demo/src/pages/FragmentComparePage.tsx
deleted file mode 100644
index cce7294..0000000
--- a/apps/demo/src/pages/FragmentComparePage.tsx
+++ /dev/null
@@ -1,444 +0,0 @@
-import { useCallback, useEffect, useRef, useState } from 'react';
-import { SummonSurface, type SummonSurfaceHandle } from '@anarchitecture/summon-react';
-import { consumeSurfaceStream } from '@anarchitecture/summon/browser';
-import type {
-  HtmlNodePatch,
-  ProtocolLine,
-  StreamGraphSnapshot,
-} from '@anarchitecture/summon/engine';
-import tokensSource from '@anarchitecture/summon/tokens.css?raw';
-import { AppNav, LogView, PageHeader } from '../components/chrome.js';
-import { Button, fieldLabelClass, pageWidthClass, statusToneClass, textareaClass, logToneClass } from '../components/ui.js';
-import { cn } from '../lib/cn.js';
-
-type FragmentSide = 'section' | 'html-node-v0';
-type PromptComplexity = 'simple' | 'medium' | 'complex';
-type PromptUseCase = 'status' | 'decision' | 'operations' | 'customer';
-
-interface PromptPreset {
-  id: string;
-  useCase: PromptUseCase;
-  complexity: PromptComplexity;
-  title: string;
-  prompt: string;
-}
-
-interface TargetMetrics {
-  lines: number;
-  bytes: number;
-  nodeCommits: number;
-  firstNodeAt: number | null;
-  graph: StreamGraphSnapshot | null;
-}
-
-const promptComplexities: Array<{ id: PromptComplexity; label: string }> = [
-  { id: 'simple', label: 'Simple' },
-  { id: 'medium', label: 'Medium' },
-  { id: 'complex', label: 'Complex' },
-];
-
-const promptUseCases: Array<{ id: PromptUseCase; label: string; description: string }> = [
-  { id: 'status', label: 'Status surfaces', description: 'Dashboards, recaps, health checks' },
-  { id: 'decision', label: 'Decision briefs', description: 'Tradeoffs, comparisons, recommendations' },
-  { id: 'operations', label: 'Operational workflows', description: 'Triage, control rooms, execution plans' },
-  { id: 'customer', label: 'Customer follow-up', description: 'Merchant notes, outreach, account plans' },
-];
-
-const promptPresets: PromptPreset[] = [
-  { id: 'status-simple-launch-pulse', useCase: 'status', complexity: 'simple', title: 'Launch Pulse', prompt: 'Show me a clean end-of-day sales snapshot for a coffee shop.' },
-  { id: 'status-medium-shift-recap', useCase: 'status', complexity: 'medium', title: 'Shift Recap', prompt: 'Show me a weekly cafe performance recap with sales, staffing, inventory, customer sentiment, and next actions.' },
-  { id: 'status-complex-portfolio-review', useCase: 'status', complexity: 'complex', title: 'Portfolio Review', prompt: 'Show me a quarterly portfolio review across five product initiatives, including progress, spend, adoption, dependencies, risks, staffing pressure, decisions needed, and an executive verdict.' },
-  { id: 'decision-simple-vendor-pick', useCase: 'decision', complexity: 'simple', title: 'Vendor Pick', prompt: 'Compare two weekend promo ideas for a coffee shop and recommend one.' },
-  { id: 'decision-medium-roadmap-tradeoff', useCase: 'decision', complexity: 'medium', title: 'Roadmap Tradeoff', prompt: 'Compare three checkout roadmap bets with customer impact, engineering effort, risk, confidence, and a recommendation.' },
-  { id: 'decision-complex-pricing-strategy', useCase: 'decision', complexity: 'complex', title: 'Pricing Strategy', prompt: 'Show me a pricing strategy decision room for a SaaS billing change, with rollout options, revenue forecast, churn risk, merchant segments, support impact, confidence, and an executive recommendation.' },
-  { id: 'operations-simple-support-snapshot', useCase: 'operations', complexity: 'simple', title: 'Support Snapshot', prompt: 'Make a packing checklist for a Saturday pop-up booth.' },
-  { id: 'operations-medium-incident-command', useCase: 'operations', complexity: 'medium', title: 'Incident Command', prompt: 'Show me a triage board for today\'s support queue, with priority groups, aging tickets, escalations, owners, and next actions.' },
-  { id: 'operations-complex-migration-control', useCase: 'operations', complexity: 'complex', title: 'Migration Control', prompt: 'Show me a migration control room for moving 42 merchants from a legacy invoicing workflow to a new billing platform, including cohorts, blockers, data quality checks, support load, rollback criteria, comms, and day-by-day execution plan.' },
-  { id: 'customer-simple-sales-note', useCase: 'customer', complexity: 'simple', title: 'Sales Note', prompt: 'Draft a follow-up note after a restaurant POS demo.' },
-  { id: 'customer-medium-renewal-prep', useCase: 'customer', complexity: 'medium', title: 'Renewal Prep', prompt: 'Prepare a renewal prep brief for a neighborhood grocer, with usage wins, adoption gaps, billing concerns, stakeholders, risks, and meeting goals.' },
-  { id: 'customer-complex-save-plan', useCase: 'customer', complexity: 'complex', title: 'Account Save Plan', prompt: 'Show me a 30-day save plan for an at-risk enterprise merchant, with account health, executive relationships, product pain, support history, commercial exposure, competitive threat, negotiation plan, and timeline.' },
-];
-
-const modelOptions = {
-  maxOutputTokens: 16000,
-  repairMaxOutputTokens: 4000,
-  anthropicThinking: 'off',
-  effort: 'low',
-} as const;
-
-const blankArtifact =
-  '<style>html,body{min-height:100%;margin:0;background:transparent;color:CanvasText}</style>';
-
-const matrixHeaderClass =
-  'flex min-h-7 items-center text-xs font-bold uppercase tracking-normal text-ink-soft max-[820px]:hidden';
-
-const useCaseCellClass =
-  'min-w-0 rounded-card border border-line-hover bg-surface-muted p-3 max-[820px]:mt-1.5';
-
-const presetButtonClass =
-  'group min-h-[92px] min-w-0 rounded-card p-3 text-left [font:inherit] tracking-normal text-ink transition-[background-color,border-color,box-shadow,transform] duration-150 focus-visible:border-line-strong focus-visible:outline-none focus-visible:ring-3 focus-visible:ring-[var(--focus-ring)]';
-
-const idlePresetButtonClass =
-  'border border-line-hover bg-surface-muted hover:-translate-y-px hover:border-line-strong hover:bg-surface-raised';
-
-const activePresetButtonClass =
-  'border border-line-strong bg-surface-raised shadow-card';
-
-function lineClass(line: ProtocolLine): string {
-  if (line.op === 'add') return 'op-add';
-  if (line.op === 'set') return 'op-set';
-  return 'op-meta';
-}
-
-function fragmentLogToneClass(tone: string): string {
-  return tone === 'op-meta' || tone === 'info' ? 'text-ink-soft' : logToneClass(tone);
-}
-
-function agentMetaLabel(value: unknown): string {
-  if (!value || typeof value !== 'object') return '';
-  const item = value as Record<string, unknown>;
-  const policy = item.surfacePolicy && typeof item.surfacePolicy === 'object'
-    ? item.surfacePolicy as Record<string, unknown>
-    : null;
-  if (policy) {
-    const tier = typeof policy.tier === 'string' ? policy.tier : 'policy';
-    const purpose = typeof policy.purpose === 'string' ? policy.purpose : 'inform';
-    return `${tier}/${purpose}`;
-  }
-  const purpose = typeof item.purpose === 'string' ? item.purpose : 'intent';
-  const interaction = typeof item.interaction === 'string' ? item.interaction : 'none';
-  return `${purpose}/${interaction}`;
-}
-
-function lineLabel(line: ProtocolLine): string {
-  if (line.op === 'meta' && line.path === '/agent-intent') return `agent intent ${agentMetaLabel(line.value)}`;
-  if (line.op === 'meta' && line.path === '/agent-policy-resolution') return `agent policy ${agentMetaLabel(line.value)}`;
-  if (line.op === 'meta' && line.path === '/status') return `meta /status ${String(line.value)}`;
-  if (line.op === 'meta' && line.path === '/thinking') return 'meta /thinking ...';
-  if (line.op === 'add' && line.path.includes('/node/')) {
-    return `${line.op} ${line.path}${line.parent ? ` parent=${line.parent}` : ''}`;
-  }
-  return `${line.op} ${line.path}`;
-}
-
-function metricsText(metrics: TargetMetrics, side: FragmentSide): string {
-  const sections = metrics.graph?.sections ?? [];
-  const presentSections = sections.filter((section) => section.present).length;
-  const presentNodes = sections.reduce((sum, section) => sum + (section.presentNodeCount ?? 0), 0);
-  const nodePart = side === 'html-node-v0'
-    ? ` · ${presentNodes} nodes · ${metrics.nodeCommits} patches${metrics.firstNodeAt === null ? '' : ` · first ${(metrics.firstNodeAt / 1000).toFixed(1)}s`}`
-    : '';
-  return `${metrics.lines} lines · ${metrics.bytes.toLocaleString()} B · ${presentSections} sections${nodePart}`;
-}
-
-async function* countedStream(
-  stream: ReadableStream<Uint8Array>,
-  onBytes: (count: number) => void,
-): AsyncGenerator<Uint8Array, void, void> {
-  const reader = stream.getReader();
-  try {
-    while (true) {
-      const { value, done } = await reader.read();
-      if (done) return;
-      if (value) {
-        onBytes(value.byteLength);
-        yield value;
-      }
-    }
-  } finally {
-    reader.releaseLock();
-  }
-}
-
-function CompareTargetPane({
-  side,
-  run,
-  onDone,
-}: {
-  side: FragmentSide;
-  run: { id: number; prompt: string; signal: AbortSignal } | null;
-  onDone: (side: FragmentSide, ok: boolean) => void;
-}) {
-  const surfaceRef = useRef<SummonSurfaceHandle>(null);
-  const startedAtRef = useRef(0);
-  const [status, setStatus] = useState('idle');
-  const [logs, setLogs] = useState<Array<{ cls: string; text: string }>>([]);
-  const [metrics, setMetrics] = useState<TargetMetrics>({
-    lines: 0,
-    bytes: 0,
-    nodeCommits: 0,
-    firstNodeAt: null,
-    graph: null,
-  });
-
-  const logLine = useCallback((cls: string, text: string) => {
-    setLogs((items) => [...items.slice(-139), { cls, text }]);
-  }, []);
-
-  useEffect(() => {
-    if (!run) return;
-    const currentRun = run;
-    let cancelled = false;
-    startedAtRef.current = performance.now();
-    setStatus('starting');
-    setLogs([]);
-    setMetrics({ lines: 0, bytes: 0, nodeCommits: 0, firstNodeAt: null, graph: null });
-    surfaceRef.current?.render(blankArtifact);
-    logLine('info', side === 'html-node-v0'
-      ? 'POST /api/generate fragmentMode=html-node-v0'
-      : 'POST /api/generate fragmentMode=section');
-
-    const applyNodePatch = (patch: HtmlNodePatch) => {
-      setMetrics((current) => ({
-        ...current,
-        nodeCommits: current.nodeCommits + 1,
-        firstNodeAt: current.firstNodeAt ?? performance.now() - startedAtRef.current,
-      }));
-      surfaceRef.current?.patchNode(patch);
-      logLine('op-add', `patch node ${patch.sectionId}/${patch.nodeId}${patch.parentId ? ` parent=${patch.parentId}` : ''}`);
-    };
-
-    async function runTarget() {
-      await new Promise((resolve) => window.setTimeout(resolve, 0));
-      try {
-        const res = await fetch('/api/generate', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({
-            prompt: currentRun.prompt,
-            directionId: '',
-            mode: 'static',
-            modelOptions,
-            agent: { enabled: true },
-            scriptPolicy: 'forbid',
-            ...(side === 'html-node-v0' ? { fragmentMode: 'html-node-v0' } : {}),
-          }),
-          signal: currentRun.signal,
-        });
-        if (!res.ok) throw new Error(`HTTP ${res.status}`);
-        if (!res.body) throw new Error('No response body');
-        setStatus('streaming');
-        let byteTotal = 0;
-        const result = await consumeSurfaceStream(countedStream(res.body, (count) => {
-          byteTotal += count;
-          setMetrics((current) => ({ ...current, bytes: byteTotal }));
-        }), {
-          mode: 'static',
-          renderMode: 'live',
-          onLine: (line, context) => {
-            setMetrics((current) => ({
-              ...current,
-              lines: current.lines + 1,
-              graph: context.graph.snapshot(),
-            }));
-            logLine(lineClass(line), lineLabel(line));
-          },
-          onMeta: (line) => {
-            if (line.path === '/experimental-fragments') {
-              logLine('info', `experimental ${JSON.stringify(line.value)}`);
-            }
-            if (line.path === '/validation-blocked' || line.path === '/protocol-skip') {
-              logLine('op-error', `${line.path} ${JSON.stringify(line.value)}`);
-            }
-          },
-          onGraph: (graph) => {
-            setMetrics((current) => ({ ...current, graph }));
-          },
-          onRenderHtml: (html) => {
-            surfaceRef.current?.render(html);
-          },
-          onNodePatch: applyNodePatch,
-          onParseError: (raw) => {
-            logLine('op-error', `parse ${raw.slice(0, 120)}`);
-          },
-        });
-        if (cancelled) return;
-        const elapsed = ((performance.now() - startedAtRef.current) / 1000).toFixed(1);
-        setStatus(`done ${elapsed}s`);
-        setMetrics((current) => ({ ...current, graph: result.streamGraph }));
-        onDone(side, true);
-      } catch (err) {
-        if (cancelled) return;
-        if ((err as Error).name === 'AbortError') {
-          setStatus('aborted');
-          logLine('op-error', 'aborted');
-          onDone(side, false);
-          return;
-        }
-        const message = err instanceof Error ? err.message : String(err);
-        setStatus('error');
-        logLine('op-error', message);
-        onDone(side, false);
-      }
-    }
-
-    void runTarget();
-    return () => {
-      cancelled = true;
-    };
-  }, [logLine, onDone, run, side]);
-
-  return (
-    <section className="min-w-0 overflow-hidden rounded-card border border-line-hover bg-surface shadow-card" data-fragment-side={side}>
-      <header className="flex items-center justify-between gap-3 border-b border-line-hover bg-surface-muted px-3.5 py-3">
-        <div>
-          <span className="block font-mono text-[10px] font-semibold uppercase tracking-normal text-ink-soft">{side === 'section' ? 'Sections' : 'HTML Nodes'}</span>
-          <strong className="mt-0.5 block text-[11px] font-medium text-ink">{side === 'section' ? 'current behavior' : 'experimental html-node-v0'}</strong>
-        </div>
-        <span
-          id={side === 'section' ? 'section-status' : 'block-status'}
-          className={cn(
-            'shrink-0 rounded-full border border-line bg-surface-raised px-2 py-1 font-mono text-[11px]',
-            status === 'idle' || status === 'starting' ? 'text-ink-soft' : statusToneClass(status),
-          )}
-          data-status={status}
-        >
-          {status}
-        </span>
-      </header>
-      <SummonSurface
-        ref={surfaceRef}
-        id={side === 'section' ? 'section-frame' : 'block-frame'}
-        title={side === 'section' ? 'Section fragment result' : 'HTML node patch result'}
-        className="block h-[min(62vh,620px)] min-h-[460px] w-full border-0 bg-surface-raised max-[820px]:min-h-[360px]"
-        html={blankArtifact}
-        tokensSource={tokensSource}
-      />
-      <div className="border-y border-line-hover bg-surface-raised px-3.5 py-2 font-mono text-[11px] text-ink-soft" id={side === 'section' ? 'section-metrics' : 'block-metrics'}>
-        {metricsText(metrics, side)}
-      </div>
-      <LogView id={side === 'section' ? 'section-log' : 'block-log'} className="h-[190px] bg-surface-muted px-3.5 py-2.5">
-        {logs.map((log, index) => <div key={index} className={fragmentLogToneClass(log.cls)}>{log.text}</div>)}
-      </LogView>
-    </section>
-  );
-}
-
-export function FragmentComparePage() {
-  const [prompt, setPrompt] = useState('Show me a clean end-of-day sales snapshot for a coffee shop.');
-  const [activePresetId, setActivePresetId] = useState<string | null>(
-    promptPresets.find((preset) => preset.prompt === 'Show me a clean end-of-day sales snapshot for a coffee shop.')?.id ?? null,
-  );
-  const [run, setRun] = useState<{ id: number; prompt: string; signal: AbortSignal } | null>(null);
-  const [running, setRunning] = useState(false);
-  const [summary, setSummary] = useState('Idle');
-  const abortRef = useRef<AbortController | null>(null);
-  const doneRef = useRef(new Map<FragmentSide, boolean>());
-
-  const onDone = useCallback((side: FragmentSide, ok: boolean) => {
-    doneRef.current.set(side, ok);
-    if (doneRef.current.size !== 2) return;
-    const complete = [...doneRef.current.values()].every(Boolean);
-    setSummary(complete ? 'Both streams complete' : 'Run stopped or failed');
-    setRunning(false);
-    abortRef.current = null;
-  }, []);
-
-  function runBoth() {
-    const value = prompt.trim();
-    if (!value) {
-      setSummary('Add a prompt first');
-      return;
-    }
-    abortRef.current?.abort();
-    const abort = new AbortController();
-    abortRef.current = abort;
-    doneRef.current = new Map();
-    setSummary('Running both streams');
-    setRunning(true);
-    setRun({ id: Date.now(), prompt: value, signal: abort.signal });
-  }
-
-  function updatePrompt(value: string) {
-    setPrompt(value);
-    setActivePresetId(promptPresets.find((preset) => preset.prompt === value)?.id ?? null);
-  }
-
-  return (
-    <>
-      <AppNav active="fragment-compare" />
-      <PageHeader
-        title="Fragment compare"
-        aside={<div className="self-end rounded-full border border-line-hover bg-surface-muted px-3 py-1.5 font-mono text-[11px] text-ink-soft" id="summary">{summary}</div>}
-      />
-      <form className={cn(pageWidthClass, 'mb-7 grid grid-cols-[minmax(0,1fr)_auto] items-end gap-6 max-[820px]:grid-cols-1')} onSubmit={(event) => {
-        event.preventDefault();
-        runBoth();
-      }}>
-        <section className="col-span-full grid gap-2.5" aria-labelledby="prompt-presets-label">
-          <div className="flex items-center justify-between gap-3 max-[820px]:block">
-            <span id="prompt-presets-label" className={fieldLabelClass}>Sample prompt matrix</span>
-            <span className="text-xs text-ink-soft max-[820px]:mt-1 max-[820px]:block">Rows are Summon use cases. Columns are complexity.</span>
-          </div>
-          <div id="prompt-preset-matrix" className="grid grid-cols-[minmax(150px,0.75fr)_repeat(3,minmax(0,1fr))] items-stretch gap-3 max-[820px]:grid-cols-1">
-            <div className={matrixHeaderClass}>Use case</div>
-            {promptComplexities.map((complexity) => (
-              <div key={complexity.id} className={matrixHeaderClass}>{complexity.label}</div>
-            ))}
-            {promptUseCases.map((useCase) => (
-              <PromptPresetRow key={useCase.id} useCase={useCase} activePresetId={activePresetId} onPreset={updatePrompt} />
-            ))}
-          </div>
-        </section>
-        <label>
-          <span className={fieldLabelClass}>Prompt</span>
-          <textarea id="prompt" className={cn(textareaClass, 'min-h-28 w-full')} value={prompt} onChange={(event) => updatePrompt(event.target.value)} />
-        </label>
-        <div className="flex gap-2">
-          <Button id="run" type="submit" size="sm" disabled={running}>Run both</Button>
-          <Button id="stop" type="button" variant="secondary" size="sm" disabled={!running} onClick={() => abortRef.current?.abort()}>Stop</Button>
-        </div>
-      </form>
-
-      <main className={cn(pageWidthClass, 'grid grid-cols-2 gap-7 max-[820px]:grid-cols-1')} aria-label="Fragment comparison">
-        <CompareTargetPane side="section" run={run} onDone={onDone} />
-        <CompareTargetPane side="html-node-v0" run={run} onDone={onDone} />
-      </main>
-    </>
-  );
-}
-
-function PromptPresetRow({
-  useCase,
-  activePresetId,
-  onPreset,
-}: {
-  useCase: (typeof promptUseCases)[number];
-  activePresetId: string | null;
-  onPreset: (prompt: string) => void;
-}) {
-  return (
-    <>
-      <div className={useCaseCellClass}>
-        <span className="mb-1 block text-[13px] font-bold leading-tight text-ink">{useCase.label}</span>
-        <span className="block text-xs leading-[1.35] text-ink-soft">{useCase.description}</span>
-      </div>
-      {promptComplexities.map((complexity) => {
-        const preset = promptPresets.find(
-          (candidate) => candidate.useCase === useCase.id && candidate.complexity === complexity.id,
-        );
-        if (!preset) return <div key={complexity.id} />;
-        const isActive = preset.id === activePresetId;
-        return (
-          <button
-            key={preset.id}
-            type="button"
-            className={cn(
-              presetButtonClass,
-              isActive ? activePresetButtonClass : idlePresetButtonClass,
-            )}
-            data-preset-id={preset.id}
-            data-complexity={complexity.id}
-            data-active={isActive ? 'true' : undefined}
-            aria-pressed={isActive}
-            aria-label={`${useCase.label}, ${complexity.label}: ${preset.title}`}
-            onClick={() => onPreset(preset.prompt)}
-          >
-            <span className="mb-1 block text-[13px] font-bold leading-tight text-ink">{preset.title}</span>
-            <span className="line-clamp-3 block overflow-hidden text-xs leading-[1.35] text-ink-soft">{preset.prompt}</span>
-          </button>
-        );
-      })}
-    </>
-  );
-}
diff --git a/apps/demo/src/pages/LandingPage.tsx b/apps/demo/src/pages/LandingPage.tsx
index 803ae9e..901cd1f 100644
--- a/apps/demo/src/pages/LandingPage.tsx
+++ b/apps/demo/src/pages/LandingPage.tsx
@@ -4,7 +4,7 @@ const cards = [
   {
     href: "/generate",
     title: "Generate",
-    body: "One prompt. Watch Claude paint a UI section-by-section into a locked-down iframe, live as each line of JSONL arrives.",
+    body: "One prompt. Watch Claude stream an Arrow artifact into a locked-down iframe, live as each JSONL line arrives.",
     icon: (
       <>
         <path d="M3 12c2-4 3.5-4 5.5 0s3.5 4 5.5 0 3.5-4 5.5 0" />
@@ -26,21 +26,6 @@ const cards = [
       </>
     ),
   },
-  {
-    href: "/fragment-compare",
-    title: "Fragment compare",
-    body: "Run one prompt in two locked iframes at the same time: section stream versus experimental block stream.",
-    icon: (
-      <>
-        <path d="M4 5h7v14H4z" />
-        <path d="M13 5h7v14h-7z" />
-        <path d="M7.5 9h0" />
-        <path d="M16.5 9h0" />
-        <path d="M7 13h1" />
-        <path d="M16 13h1" />
-      </>
-    ),
-  },
 ];
 
 function LandingCard({ card }: { card: (typeof cards)[number] }) {
diff --git a/apps/demo/src/pages/StrictPage.tsx b/apps/demo/src/pages/StrictPage.tsx
index 0d1f85c..4d98a9b 100644
--- a/apps/demo/src/pages/StrictPage.tsx
+++ b/apps/demo/src/pages/StrictPage.tsx
@@ -1,16 +1,11 @@
-import { useCallback, useEffect, useMemo, useRef, useState, type CSSProperties } from 'react';
+import { useCallback, useEffect, useMemo, useRef, useState, type MutableRefObject } from 'react';
+import { defineReactComponent, SummonSurface, type SummonSurfaceHandle } from '@anarchitecture/summon-react';
+import { createComponentRegistry } from '@anarchitecture/summon';
+import { z } from 'zod';
 import { AppNav, LogView, PageHeader, Pane } from '../components/chrome.js';
-import { TrustedFixtureSurface, type TrustedFixtureSurfaceHandle } from '../components/TrustedFixtureSurface.js';
 import { cn } from '../lib/cn.js';
 import { logToneClass, pageWidthClass } from '../components/ui.js';
-import { STRICT_DEMO_BODY_HTML } from '../strict-demo-artifact.js';
-
-interface StrictBounds {
-  x: number;
-  y: number;
-  width: number;
-  height: number;
-}
+import { STRICT_DEMO_ARTIFACT } from '../strict-demo-artifact.js';
 
 interface StrictState {
   cardMounted: boolean;
@@ -28,7 +23,7 @@ const initialStrictState: StrictState = {
   error: null,
 };
 const initialStrictSurfaceState = initialStrictState as unknown as Record<string, unknown>;
-const strictIntents = ['mount_strict_input', 'submit_strict_input', 'unmount_strict_input'];
+const strictTools = ['submit_strict_input'];
 
 function luhnValid(digits: string): boolean {
   if (digits.length < 12) return false;
@@ -51,64 +46,91 @@ function formatCard(value: string): string {
   return value.replace(/\D/g, '').slice(0, 19).replace(/(\d{4})/g, '$1 ').trim();
 }
 
+interface StrictCardInputProps {
+  slot: string;
+  cardValueRef: MutableRefObject<string>;
+  stateRef: MutableRefObject<StrictState>;
+  line: (cls: string, text: string) => void;
+  pushStrictState: (patch: Partial<StrictState>) => Record<string, unknown>;
+}
+
+function StrictCardInputOverlay({
+  slot,
+  cardValueRef,
+  stateRef,
+  line,
+  pushStrictState,
+}: StrictCardInputProps) {
+  const [value, setValue] = useState(() => formatCard(cardValueRef.current));
+
+  useEffect(() => {
+    if (!stateRef.current.cardMounted) {
+      line('info', `→ mount_strict_input slot=${slot} kind=card`);
+      pushStrictState({ cardMounted: true });
+    }
+    return () => {
+      cardValueRef.current = '';
+      pushStrictState({ cardMounted: false, cardFilled: false });
+    };
+  }, [cardValueRef, line, pushStrictState, slot, stateRef]);
+
+  return (
+    <div data-strict-slot={slot} className="h-full w-full">
+      <input
+        type="text"
+        inputMode="numeric"
+        autoComplete="cc-number"
+        placeholder="4242 4242 4242 4242"
+        value={value}
+        onChange={(event) => {
+          const formatted = formatCard(event.target.value);
+          cardValueRef.current = formatted;
+          setValue(formatted);
+          const filled = luhnValid(formatted.replace(/\D/g, ''));
+          if (filled !== stateRef.current.cardFilled) {
+            line('info', `· ${slot} filled=${filled}`);
+            pushStrictState({ cardFilled: filled });
+          }
+        }}
+        style={{
+          width: '100%',
+          height: '100%',
+          boxSizing: 'border-box',
+          padding: '8px 12px',
+          border: '2px solid #2563eb',
+          borderRadius: 8,
+          font: 'inherit',
+          fontFamily: 'ui-monospace, Menlo, monospace',
+          background: 'white',
+          color: '#111',
+          letterSpacing: '0.05em',
+        }}
+      />
+    </div>
+  );
+}
+
 export function StrictPage() {
-  const surfaceRef = useRef<TrustedFixtureSurfaceHandle>(null);
+  const surfaceRef = useRef<SummonSurfaceHandle>(null);
   const stateRef = useRef<StrictState>(initialStrictState);
   const cardValueRef = useRef('');
   const [, setState] = useState<StrictState>(initialStrictState);
   const [logs, setLogs] = useState<Array<{ cls: string; text: string }>>([]);
-  const [bounds, setBounds] = useState<StrictBounds | null>(null);
-  const [cardValue, setCardValue] = useState('');
-  const [overlayStyle, setOverlayStyle] = useState<CSSProperties | null>(null);
 
   const line = useCallback((cls: string, text: string) => {
     setLogs((items) => [...items, { cls, text }]);
   }, []);
 
-  const pushStrictState = useCallback((patch: Partial<StrictState>) => {
+  const pushStrictState = useCallback((patch: Partial<StrictState>): Record<string, unknown> => {
     const next = { ...stateRef.current, ...patch };
     stateRef.current = next;
     setState(next);
     surfaceRef.current?.pushState(next);
+    return next as unknown as Record<string, unknown>;
   }, []);
 
-  const syncOverlayPosition = useCallback(() => {
-    const iframe = surfaceRef.current?.iframe;
-    if (!iframe || !bounds) {
-      setOverlayStyle(null);
-      return;
-    }
-    const rect = iframe.getBoundingClientRect();
-    setOverlayStyle({
-      position: 'fixed',
-      left: rect.left + bounds.x,
-      top: rect.top + bounds.y,
-      width: bounds.width,
-      height: bounds.height,
-      zIndex: 9999,
-    });
-  }, [bounds]);
-
-  useEffect(() => {
-    syncOverlayPosition();
-    window.addEventListener('resize', syncOverlayPosition);
-    window.addEventListener('scroll', syncOverlayPosition, { passive: true });
-    return () => {
-      window.removeEventListener('resize', syncOverlayPosition);
-      window.removeEventListener('scroll', syncOverlayPosition);
-    };
-  }, [syncOverlayPosition]);
-
-  const onIntent = useCallback(async (intent: string, args: Record<string, unknown>) => {
-    if (intent === 'mount_strict_input') {
-      const nextBounds = (args as { bounds?: StrictBounds }).bounds;
-      if (!nextBounds) return;
-      setBounds(nextBounds);
-      line('info', `→ mount_strict_input slot=${String(args.slot)} kind=${String(args.kind)}`);
-      pushStrictState({ cardMounted: true });
-      return;
-    }
-    if (intent === 'submit_strict_input') {
+  const onToolCall = useCallback(async (tool: string, args: Record<string, unknown>) => {
+    if (tool === 'submit_strict_input') {
       const slot = String((args as { slot?: unknown }).slot ?? 'card_number');
       line('info', `→ submit_strict_input slot=${slot}`);
       pushStrictState({ tokenizing: true, error: null });
@@ -116,33 +138,39 @@ export function StrictPage() {
       const digits = cardValueRef.current.replace(/\D/g, '');
       if (!luhnValid(digits)) {
         line('fail', `✗ ${slot}: invalid card number`);
-        pushStrictState({ tokenizing: false, error: 'invalid card number' });
-        return;
+        return pushStrictState({ tokenizing: false, error: 'invalid card number' });
       }
       const token = {
         id: `tok_${Math.random().toString(36).slice(2, 12)}`,
         last4: digits.slice(-4),
       };
       line('pass', `✓ ${slot} tokenized: last4=${token.last4}`);
-      pushStrictState({ tokenizing: false, token, error: null });
-      return;
-    }
-    if (intent === 'unmount_strict_input') {
-      setBounds(null);
-      setCardValue('');
-      pushStrictState({ cardMounted: false, cardFilled: false });
+      return pushStrictState({ tokenizing: false, token, error: null });
     }
+    return stateRef.current as unknown as Record<string, unknown>;
   }, [line, pushStrictState]);
-  const onIntentRejected = useCallback((reason: string, raw: unknown) => {
-    const intent = (raw as { intent?: string }).intent ?? '?';
-    line('fail', `✗ request rejected "${intent}": ${reason}`);
+  const onToolRejected = useCallback((reason: string, raw: unknown) => {
+    const tool = (raw as { tool?: string }).tool ?? '?';
+    line('fail', `✗ request rejected "${tool}": ${reason}`);
   }, [line]);
 
-  const formattedValue = useMemo(() => formatCard(cardValue), [cardValue]);
-
-  useEffect(() => {
-    cardValueRef.current = cardValue;
-  }, [cardValue]);
+  const componentRegistry = useMemo(() => createComponentRegistry([
+    defineReactComponent<{ slot?: string }, StrictCardInputProps>({
+      name: 'StrictCardInput',
+      description: 'Host-owned card input rendered over a generated placeholder.',
+      propsSchema: z.object({ slot: z.string().default('card_number') }),
+      propsSchemaText: '{"slot":"card_number"}',
+      surface: { data: 'embedded', authority: 'none' },
+      component: StrictCardInputOverlay,
+      mapProps: (props) => ({
+        slot: props.slot ?? 'card_number',
+        cardValueRef,
+        stateRef,
+        line,
+        pushStrictState,
+      }),
+    }),
+  ]), [line, pushStrictState]);
 
   return (
     <>
@@ -151,24 +179,25 @@ export function StrictPage() {
         title="Strict tier - host-owned card input"
         lede={(
           <>
-            Outer sandbox draws the form layout but does <em>not</em> render the card field. It reserves a placeholder,
-            emits <code className="rounded-control bg-surface-muted px-1.5 py-px font-mono text-[0.92em]">mount_strict_input</code> with bounds,
-            and the host overlays a trusted input on top. Outer never sees the digits - only a tokenized result.
+            Outer sandbox draws the form layout but does <em>not</em> render the card field. It reserves a sanctioned
+            component placeholder, and the host overlays a trusted input on top. Outer never sees the digits - only a
+            tokenized result.
           </>
         )}
       />
       <div className={cn(pageWidthClass, 'grid grid-cols-[1.4fr_1fr] gap-5 max-[820px]:grid-cols-1')}>
         <Pane title="Sandbox iframe (overlay sits on top)">
-          <TrustedFixtureSurface
+          <SummonSurface
             ref={surfaceRef}
             id="sandbox"
             className="h-[540px]"
             title="Summon strict-tier demo"
-            html={STRICT_DEMO_BODY_HTML}
-            grantedIntents={strictIntents}
+            artifact={STRICT_DEMO_ARTIFACT}
+            grantedTools={strictTools}
+            componentRegistry={componentRegistry}
             initialState={initialStrictSurfaceState}
-            onIntent={onIntent}
-            onIntentRejected={onIntentRejected}
+            onToolCall={onToolCall}
+            onToolRejected={onToolRejected}
           />
         </Pane>
         <Pane title="Host bridge log">
@@ -177,40 +206,6 @@ export function StrictPage() {
           </LogView>
         </Pane>
       </div>
-
-      {overlayStyle ? (
-        <div data-summon-strict-slot="card_number" style={overlayStyle}>
-          <input
-            type="text"
-            inputMode="numeric"
-            autoComplete="cc-number"
-            placeholder="4242 4242 4242 4242"
-            value={formattedValue}
-            onChange={(event) => {
-              const next = event.target.value;
-              setCardValue(next);
-              const filled = luhnValid(next.replace(/\D/g, ''));
-              if (filled !== stateRef.current.cardFilled) {
-                line('info', `· card_number filled=${filled}`);
-                pushStrictState({ cardFilled: filled });
-              }
-            }}
-            style={{
-              width: '100%',
-              height: '100%',
-              boxSizing: 'border-box',
-              padding: '8px 12px',
-              border: '2px solid #2563eb',
-              borderRadius: 8,
-              font: 'inherit',
-              fontFamily: 'ui-monospace, Menlo, monospace',
-              background: 'white',
-              color: '#111',
-              letterSpacing: '0.05em',
-            }}
-          />
-        </div>
-      ) : null}
     </>
   );
 }
diff --git a/apps/demo/src/pages/generate/GeneratePage.tsx b/apps/demo/src/pages/generate/GeneratePage.tsx
index c8ff05e..ad17836 100644
--- a/apps/demo/src/pages/generate/GeneratePage.tsx
+++ b/apps/demo/src/pages/generate/GeneratePage.tsx
@@ -2,8 +2,8 @@ import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { type SummonSurfaceHandle } from '@anarchitecture/summon-react';
 import { createSurfaceEnvelope } from '@anarchitecture/summon/envelope';
 import {
-  deriveSurfacePlanControls,
-  SectionAccumulator,
+  isArrowSurfaceArtifact,
+  type ProtocolLine,
   type SummonLayout,
   type SurfaceContractView,
   type SurfacePlan,
@@ -38,13 +38,13 @@ import {
   ghostRootFromSelection,
   groupScenarios,
   scenarioUsesFixedPolicy,
+  surfacePolicyForPlan,
   tokenOverridesFor,
 } from './surfaceHelpers.js';
 import type {
   ApprovalCard,
   ChildSurfaceModel,
   DiagnosticsTab,
-  FragmentMode,
   LogEntry,
   ModelOptions,
   ModelSelectionPayload,
@@ -53,7 +53,6 @@ import type {
 
 export function GeneratePage() {
   const surfaceRef = useRef<SummonSurfaceHandle>(null);
-  const accRef = useRef(new SectionAccumulator());
   const abortRef = useRef<AbortController | null>(null);
   const modeRef = useRef<Mode>('interactive');
   const approvalResolvers = useRef(new Map<string, (decision: ApprovalDecision) => void>());
@@ -66,10 +65,8 @@ export function GeneratePage() {
   const [mode, setMode] = useState<Mode>(SHOWCASE_SCENARIOS[0]?.mode ?? 'interactive');
   const [surfacePlan, setSurfacePlan] = useState<SurfacePlan>(SHOWCASE_SCENARIOS[0]!.surfacePlan);
   const [layoutId, setLayoutId] = useState('');
-  const [fragmentMode, setFragmentMode] = useState<FragmentMode>('section');
   const [tokenPreset, setTokenPreset] = useState('');
   const [agentBrokerEnabled, setAgentBrokerEnabled] = useState(true);
-  const [repairEnabled, setRepairEnabled] = useState(false);
   const [customContractEnabled, setCustomContractEnabled] = useState(false);
   const [directionId, setDirectionId] = useState<string | null>(null);
   const [ghostTarget, setGhostTarget] = useState('.');
@@ -79,12 +76,12 @@ export function GeneratePage() {
   const [utilityModel, setUtilityModel] = useState('');
   const [customModel, setCustomModel] = useState('');
   const [maxOutputTokens, setMaxOutputTokens] = useState(64000);
-  const [repairMaxOutputTokens, setRepairMaxOutputTokens] = useState(12000);
   const [anthropicThinking, setAnthropicThinking] = useState<'adaptive' | 'off'>('adaptive');
   const [modelEffort, setModelEffort] = useState<'low' | 'medium' | 'high'>('medium');
   const [activeTokensSourceOverride, setActiveTokensSourceOverride] = useState<string | null>(null);
+  const activeTokensSourceOverrideRef = useRef<string | null>(null);
   const [surfaceTokensSource, setSurfaceTokensSource] = useState(defaultTokensSource);
-  const [runtimeCapabilityNames, setRuntimeCapabilityNames] = useState<string[] | null>(null);
+  const [runtimeToolNames, setRuntimeToolNames] = useState<string[] | null>(null);
   const [runtimeComponentNames, setRuntimeComponentNames] = useState<string[] | null>(null);
   const [status, setStatus] = useState('idle');
   const [bytes, setBytes] = useState(0);
@@ -94,15 +91,12 @@ export function GeneratePage() {
   const [currentEffectiveSurfacePlan, setCurrentEffectiveSurfacePlan] = useState<SurfacePlan | null>(null);
   const [currentShape, setCurrentShape] = useState<string | null>(null);
   const [currentValidationSummary, setCurrentValidationSummary] = useState<string | null>(null);
-  const [currentRepairSummary, setCurrentRepairSummary] = useState<string | null>(null);
   const [currentStreamHealth, setCurrentStreamHealth] = useState<string | null>(null);
   const [currentSurfaceContractView, setCurrentSurfaceContractView] = useState<SurfaceContractView | null>(null);
-  const [currentAgentIntentSummary, setCurrentAgentIntentSummary] = useState<string | null>(null);
+  const [currentAgentGoalSummary, setCurrentAgentGoalSummary] = useState<string | null>(null);
   const [currentAgentPolicySummary, setCurrentAgentPolicySummary] = useState<string | null>(null);
   const [artifactRevision, setArtifactRevision] = useState(0);
   const artifactRevisionRef = useRef(0);
-  const editTargets = '';
-  const editPrompt = '';
   const [diagnosticsTab, setDiagnosticsTab] = useState<DiagnosticsTab>('stream');
   const [advancedOpen, setAdvancedOpen] = useState(false);
   const [diagnosticsOpen, setDiagnosticsOpen] = useState(false);
@@ -118,6 +112,10 @@ export function GeneratePage() {
     artifactRevisionRef.current = artifactRevision;
   }, [artifactRevision]);
 
+  useEffect(() => {
+    activeTokensSourceOverrideRef.current = activeTokensSourceOverride;
+  }, [activeTokensSourceOverride]);
+
   const showcaseScenarios = useMemo(
     () => [
       ...SHOWCASE_SCENARIOS,
@@ -152,7 +150,6 @@ export function GeneratePage() {
       setGenerationModel('');
       setUtilityModel('');
       setMaxOutputTokens(64000);
-      setRepairMaxOutputTokens(12000);
       return;
     }
     const generationDefault = selectedProvider.defaults?.generationModel ?? selectedProvider.model;
@@ -160,7 +157,6 @@ export function GeneratePage() {
     setGenerationModel((current) => current || generationDefault);
     setUtilityModel((current) => current || utilityDefault);
     setMaxOutputTokens(selectedProvider.controls?.maxOutputTokens.default ?? selectedProvider.defaults?.modelOptions.maxOutputTokens ?? 64000);
-    setRepairMaxOutputTokens(selectedProvider.controls?.repairMaxOutputTokens.default ?? selectedProvider.defaults?.modelOptions.repairMaxOutputTokens ?? 12000);
     setAnthropicThinking(selectedProvider.controls?.anthropicThinking?.default ?? 'adaptive');
     setModelEffort(selectedProvider.controls?.effort?.default ?? 'medium');
   }, [selectedProvider]);
@@ -183,12 +179,12 @@ export function GeneratePage() {
     setDevEvents((items) => [...items.slice(-799), event]);
   }, []);
 
-  const handleSurfaceIntentRejected = useCallback((reason: string) => {
+  const handleSurfaceGoalRejected = useCallback((reason: string) => {
     logLine('op-error', `rejected: ${reason}`);
   }, [logLine]);
 
-  const handleSurfaceHandlerError = useCallback((intent: string, error: Error) => {
-    logLine('op-error', `host handler error (${intent}): ${error.message}`);
+  const handleSurfaceHandlerError = useCallback((tool: string, error: Error) => {
+    logLine('op-error', `host handler error (${tool}): ${error.message}`);
   }, [logLine]);
 
   const handleSurfaceComponentError = useCallback((error: { componentName?: string; componentId?: string; reason: string }) => {
@@ -196,17 +192,16 @@ export function GeneratePage() {
   }, [logLine]);
 
   const clearRuntimeState = useCallback(() => {
-    accRef.current = new SectionAccumulator();
     setArtifactRevision(0);
     artifactRevisionRef.current = 0;
+    activeTokensSourceOverrideRef.current = null;
     setActiveTokensSourceOverride(null);
     setCurrentEffectiveSurfacePlan(null);
     setCurrentShape(null);
     setCurrentValidationSummary(null);
-    setCurrentRepairSummary(null);
     setCurrentStreamHealth(null);
     setCurrentSurfaceContractView(null);
-    setCurrentAgentIntentSummary(null);
+    setCurrentAgentGoalSummary(null);
     setCurrentAgentPolicySummary(null);
   }, []);
 
@@ -248,7 +243,6 @@ export function GeneratePage() {
     if (utilityModel) selection.utilityModel = utilityModel;
     const options: ModelOptions = {};
     if (Number.isFinite(maxOutputTokens)) options.maxOutputTokens = maxOutputTokens;
-    if (Number.isFinite(repairMaxOutputTokens)) options.repairMaxOutputTokens = repairMaxOutputTokens;
     if (selectedProvider?.id === 'anthropic') {
       options.anthropicThinking = anthropicThinking;
       options.effort = modelEffort;
@@ -262,7 +256,6 @@ export function GeneratePage() {
     maxOutputTokens,
     modelEffort,
     modelProviderId,
-    repairMaxOutputTokens,
     selectedProvider,
     utilityModel,
   ]);
@@ -279,22 +272,20 @@ export function GeneratePage() {
     const modelSelection = readModelSelection();
     const agentBroker = agentBrokerEnabled && !customContractEnabled && !scenarioUsesFixedPolicy(selectedScenario);
     const overrides = tokenOverridesFor(tokenPreset);
-    const repair = repairEnabled
-      ? selectedScenario.repair ?? { enabled: true, maxAttempts: 1, maxTargets: 2 }
-      : undefined;
+    const surfacePolicy = customContractEnabled
+      ? surfacePolicyForPlan(surfacePlan, selectedScenario.toolNames, selectedScenario.componentNames)
+      : selectedScenario.surfacePolicy;
     return {
       scenarioId: selectedScenario.id,
       prompt: prompt.trim() || selectedScenario.prompt,
       mode,
-      capabilityNames: runtimeCapabilityNames ?? selectedScenario.capabilityNames,
+      toolNames: runtimeToolNames ?? selectedScenario.toolNames,
       componentNames: runtimeComponentNames ?? selectedScenario.componentNames,
       agentBroker,
-      ...(!agentBroker && !customContractEnabled ? { surfacePolicy: selectedScenario.surfacePolicy } : {}),
+      ...(!agentBroker ? { surfacePolicy } : {}),
       surfacePlan,
-      scriptPolicy: deriveSurfacePlanControls(surfacePlan).scriptPolicy,
       ...(layoutId ? { layoutId } : {}),
       ...(overrides ? { tokenOverrides: overrides } : {}),
-      ...(repair ? { repair } : {}),
       directionId,
       modelProvider: modelSelection.modelProvider ?? null,
       ...(modelSelection.generationModel ? { generationModel: modelSelection.generationModel } : {}),
@@ -310,15 +301,14 @@ export function GeneratePage() {
     mode,
     prompt,
     readModelSelection,
-    repairEnabled,
-    runtimeCapabilityNames,
+    runtimeToolNames,
     runtimeComponentNames,
     selectedScenario,
     surfacePlan,
     tokenPreset,
   ]);
 
-  const capabilityRegistry = useMemo(() => {
+  const toolRegistry = useMemo(() => {
     if (activeContract.mode !== 'interactive') return null;
     let localSummonCount = summonedCountRef.current;
     return createScopedDemoRegistry({
@@ -333,7 +323,7 @@ export function GeneratePage() {
           prompt: args.prompt,
           title: args.title || undefined,
           directionId,
-          tokensSource: activeTokensSourceOverride ?? tokensFor(directionId),
+          tokensSource: activeTokensSourceOverrideRef.current ?? tokensFor(directionId),
           modelSelection: readModelSelectionRef.current(),
           agentBroker: activeContract.agentBroker === true,
         };
@@ -343,19 +333,18 @@ export function GeneratePage() {
         push({ summonedCount: localSummonCount, lastSummoned: args.prompt, summonError: null });
         logLine('op-meta', `summon sibling: ${args.prompt.slice(0, 80)}`);
       },
-    }, activeContract.capabilityNames);
+    }, activeContract.toolNames);
   }, [
     activeContract.agentBroker,
-    activeContract.capabilityNames,
+    activeContract.toolNames,
     activeContract.mode,
-    activeTokensSourceOverride,
     directionId,
     logLine,
     requestHostApproval,
     tokensFor,
   ]);
 
-  const capabilityContract = useMemo(() => capabilityRegistry?.toContract() ?? null, [capabilityRegistry]);
+  const toolContract = useMemo(() => toolRegistry?.toContract() ?? null, [toolRegistry]);
   const componentRegistry = useMemo(() => createDemoComponentRegistry(), []);
   const grantedComponents = useMemo(
     () => activeContract.componentNames?.length
@@ -372,7 +361,7 @@ export function GeneratePage() {
     setStatus('idle');
     setBytes(0);
     setShowWelcome(true);
-    setRuntimeCapabilityNames(null);
+    setRuntimeToolNames(null);
     setRuntimeComponentNames(null);
     setChildren([]);
     summonedCountRef.current = 0;
@@ -387,7 +376,6 @@ export function GeneratePage() {
     setSurfacePlan(scenario.surfacePlan);
     setLayoutId(scenario.layoutId ?? '');
     setTokenPreset(scenario.tokenOverrides ? 'accent-blue' : '');
-    setRepairEnabled(Boolean(scenario.repair?.enabled));
     const fallbackDirectionId = directions[0]?.id ?? null;
     const desiredDirectionId = scenario.directionId ?? fallbackDirectionId;
     setDirectionId(desiredDirectionId ?? null);
@@ -403,7 +391,6 @@ export function GeneratePage() {
 
   const streamGenerationInto = useSurfaceStream({
     surfaceRef,
-    accRef,
     modeRef,
     artifactRevisionRef,
     directionId,
@@ -412,7 +399,7 @@ export function GeneratePage() {
     logLine,
     setBytes,
     setMode,
-    setCurrentAgentIntentSummary,
+    setCurrentAgentGoalSummary,
     setCurrentAgentPolicySummary,
     setCurrentEffectiveSurfacePlan,
     setCurrentSurfaceContractView,
@@ -420,7 +407,6 @@ export function GeneratePage() {
     setActiveTokensSourceOverride,
     setSurfaceTokensSource,
     setCurrentValidationSummary,
-    setCurrentRepairSummary,
     setCurrentStreamHealth,
     setStatus,
     setArtifactRevision,
@@ -432,17 +418,18 @@ export function GeneratePage() {
   }, [layoutId]);
 
   const saveSurfaceEnvelope = useCallback((runPrompt: string, result: StreamResult) => {
-    if (!result.surfacePlan || !accRef.current.hasAnySection()) return;
+    const artifact = findArrowArtifact(result.protocolLines);
+    if (!result.surfacePlan || !artifact) return;
     const envelope = createSurfaceEnvelope({
       prompt: runPrompt,
       surfacePlan: result.surfacePlan,
+      artifact,
       protocolLines: result.protocolLines,
-      html: accRef.current.compose(),
       validationIssues: result.validationIssues,
       streamGraph: result.streamGraph,
       grants: {
-        intents: capabilityRegistry?.intents() ?? [],
-        capabilities: capabilityContract?.validationCapabilities,
+        tools: toolRegistry?.tools() ?? [],
+        validationTools: toolContract?.validationTools,
         components: grantedComponents,
       },
       metadata: {
@@ -459,8 +446,8 @@ export function GeneratePage() {
     ]);
   }, [
     activeTokensSourceOverride,
-    capabilityContract,
-    capabilityRegistry,
+    toolContract,
+    toolRegistry,
     directionId,
     grantedComponents,
     mode,
@@ -471,7 +458,6 @@ export function GeneratePage() {
 
   const { generate, replaySurface } = useGenerationRuns({
     surfaceRef,
-    accRef,
     abortRef,
     artifactRevisionRef,
     modeRef,
@@ -481,9 +467,6 @@ export function GeneratePage() {
     directionId,
     ghostTarget,
     ghostBaseDirectionId,
-    fragmentMode,
-    editPrompt,
-    editTargets,
     tokensFor,
     clearApprovals,
     clearRuntimeState,
@@ -493,9 +476,8 @@ export function GeneratePage() {
     appendDevEvent,
     logLine,
     currentValidationSummary,
-    currentRepairSummary,
     setChildren,
-    setRuntimeCapabilityNames,
+    setRuntimeToolNames,
     setRuntimeComponentNames,
     setLogs,
     setDevEvents,
@@ -505,7 +487,6 @@ export function GeneratePage() {
     setStatus,
     setBytes,
     setCurrentValidationSummary,
-    setCurrentRepairSummary,
     setCurrentStreamHealth,
     setArtifactRevision,
     setActiveTokensSourceOverride,
@@ -528,19 +509,48 @@ export function GeneratePage() {
     : selectedProvider
       ? fallbackCatalog(selectedProvider.utilityModel, selectedProvider.utilityModel)
       : [];
-  const scriptPolicy = deriveSurfacePlanControls(surfacePlan).scriptPolicy;
   const statusText = bytes ? `${status} · ${bytes.toLocaleString()} B` : status;
+  const latestStageError = useMemo(() => {
+    for (let i = logs.length - 1; i >= 0; i -= 1) {
+      const entry = logs[i];
+      if (entry?.cls.split(/\s+/).includes('op-error')) return cleanStageError(entry.text);
+    }
+    return null;
+  }, [logs]);
+  const stageNotice = useMemo(() => {
+    const hasRenderedArtifact = artifactRevision > 0;
+    if (!showWelcome && running && !hasRenderedArtifact) {
+      return {
+        tone: 'pending' as const,
+        title: 'Generating surface',
+        detail: 'Waiting for the first accepted artifact.',
+      };
+    }
+    if (!showWelcome && !hasRenderedArtifact && (status === 'error' || status.startsWith('error'))) {
+      return {
+        tone: 'error' as const,
+        title: 'Generation failed',
+        detail: latestStageError ?? 'No accepted artifact was produced.',
+      };
+    }
+    if (!showWelcome && !hasRenderedArtifact && status === 'aborted') {
+      return {
+        tone: 'error' as const,
+        title: 'Generation aborted',
+      };
+    }
+    return null;
+  }, [artifactRevision, latestStageError, running, showWelcome, status]);
   const contractRows = buildContractRows({
     active: activeContract,
     selectedScenario,
     modelProviders,
-    currentAgentIntentSummary,
+    currentAgentGoalSummary,
     currentAgentPolicySummary,
     currentEffectiveSurfacePlan,
     currentShape,
     currentStreamHealth,
     currentSurfaceContractView,
-    currentRepairSummary,
     currentValidationSummary,
   });
   const devtoolsTally = useMemo(() => {
@@ -606,14 +616,16 @@ export function GeneratePage() {
           running={running}
           onGenerate={generate}
           statusText={statusText}
+          stageNotice={stageNotice}
+          onOpenDiagnostics={() => setDiagnosticsOpen(true)}
           surfaceRef={surfaceRef}
           surfaceTokensSource={surfaceTokensSource}
-          capabilityRegistry={capabilityRegistry}
+          toolRegistry={toolRegistry}
           componentRegistry={componentRegistry}
-          grantedCapabilities={capabilityContract?.validationCapabilities}
+          validationTools={toolContract?.validationTools}
           grantedComponents={grantedComponents}
           appendDevEvent={appendDevEvent}
-          onSurfaceIntentRejected={handleSurfaceIntentRejected}
+          onSurfaceGoalRejected={handleSurfaceGoalRejected}
           onSurfaceHandlerError={handleSurfaceHandlerError}
           onSurfaceComponentError={handleSurfaceComponentError}
           showWelcome={showWelcome}
@@ -672,8 +684,6 @@ export function GeneratePage() {
             setUtilityModel={setUtilityModel}
             maxOutputTokens={maxOutputTokens}
             setMaxOutputTokens={setMaxOutputTokens}
-            repairMaxOutputTokens={repairMaxOutputTokens}
-            setRepairMaxOutputTokens={setRepairMaxOutputTokens}
             anthropicThinking={anthropicThinking}
             setAnthropicThinking={setAnthropicThinking}
             modelEffort={modelEffort}
@@ -686,17 +696,12 @@ export function GeneratePage() {
             setShowWelcome={setShowWelcome}
             layoutId={layoutId}
             setLayoutId={setLayoutId}
-            fragmentMode={fragmentMode}
-            setFragmentMode={setFragmentMode}
-            scriptPolicy={scriptPolicy}
             tokenPreset={tokenPreset}
             setTokenPreset={setTokenPreset}
             mode={mode}
             setMode={setMode}
             agentBrokerEnabled={agentBrokerEnabled}
             setAgentBrokerEnabled={setAgentBrokerEnabled}
-            repairEnabled={repairEnabled}
-            setRepairEnabled={setRepairEnabled}
             customContractEnabled={customContractEnabled}
             setCustomContractEnabled={setCustomContractEnabled}
             selectedScenario={selectedScenario}
@@ -750,3 +755,20 @@ export function GeneratePage() {
     </>
   );
 }
+
+function cleanStageError(text: string): string {
+  return text
+    .replace(/^stream error:\s*/i, '')
+    .replace(/^error:\s*/i, '')
+    .trim();
+}
+
+function findArrowArtifact(lines: readonly ProtocolLine[]) {
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const line = lines[i];
+    if (line?.op === 'artifact' && line.path === '/artifact' && isArrowSurfaceArtifact(line.value)) {
+      return line.value;
+    }
+  }
+  return null;
+}
diff --git a/apps/demo/src/pages/generate/components/ApprovalStack.tsx b/apps/demo/src/pages/generate/components/ApprovalStack.tsx
index 4b29a9c..3192bbc 100644
--- a/apps/demo/src/pages/generate/components/ApprovalStack.tsx
+++ b/apps/demo/src/pages/generate/components/ApprovalStack.tsx
@@ -18,7 +18,7 @@ export function ApprovalStack({
     <div className="fixed bottom-5 right-5 z-[80] grid w-[min(360px,calc(100vw-32px))] gap-2.5">
       {approvalCards.map(({ request }) => (
         <section key={request.id} className="grid gap-2 rounded-card border border-line-strong bg-surface p-3.5 shadow-elevated" data-approval-id={request.id}>
-          <span className="font-mono text-[10px] font-bold uppercase tracking-normal text-ink-muted">{request.capability}</span>
+          <span className="font-mono text-[10px] font-bold uppercase tracking-normal text-ink-muted">{request.tool}</span>
           <strong className="text-[15px] leading-tight text-ink">{request.summary}</strong>
           <p className="m-0 text-xs text-ink-soft">Request {request.id}</p>
           {request.details ? <pre className="m-0 max-h-[120px] overflow-auto rounded-control border border-line bg-surface-muted p-2 font-mono text-[11px] leading-snug text-ink-soft whitespace-pre-wrap">{formatApprovalDetails(request.details)}</pre> : null}
diff --git a/apps/demo/src/pages/generate/components/ChildSurface.tsx b/apps/demo/src/pages/generate/components/ChildSurface.tsx
index 12c7495..4c196a6 100644
--- a/apps/demo/src/pages/generate/components/ChildSurface.tsx
+++ b/apps/demo/src/pages/generate/components/ChildSurface.tsx
@@ -1,11 +1,10 @@
 import { useEffect, useMemo, useRef, useState } from 'react';
 import { SummonSurface, type SummonSurfaceHandle } from '@anarchitecture/summon-react';
 import { consumeSurfaceStream } from '@anarchitecture/summon/browser';
-import { SectionAccumulator } from '@anarchitecture/summon/engine';
 import { Button, panelClass } from '../../../components/ui.js';
 import { cn } from '../../../lib/cn.js';
 import { createScopedDemoRegistry } from '../../../showcase.js';
-import { childCapabilityNames } from '../constants.js';
+import { childToolNames } from '../constants.js';
 import type { ChildSurfaceModel } from '../types.js';
 
 export function ChildSurface({
@@ -22,14 +21,13 @@ export function ChildSurface({
       modelProvider: () => child.modelSelection.modelProvider ?? null,
       modelSelection: () => child.modelSelection,
       onError: (message) => setStatus(`error: ${message.slice(0, 40)}`),
-    }, childCapabilityNames),
+    }, childToolNames),
     [child.modelSelection],
   );
   const contract = useMemo(() => registry.toContract(), [registry]);
 
   useEffect(() => {
     const abort = new AbortController();
-    const acc = new SectionAccumulator();
     async function runChild() {
       try {
         const response = await fetch('/api/generate', {
@@ -39,9 +37,10 @@ export function ChildSurface({
             prompt: child.prompt,
             ...(child.directionId ? { directionId: child.directionId } : { directionId: '' }),
             ...child.modelSelection,
-            mode: 'interactive',
-            capabilities: contract.pack,
-            ...(child.agentBroker ? { agent: { enabled: true } } : {}),
+            tools: contract.pack,
+            ...(child.agentBroker
+              ? { agent: { enabled: true } }
+              : { surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: childToolNames } }),
           }),
           signal: abort.signal,
         });
@@ -49,12 +48,10 @@ export function ChildSurface({
         if (!response.body) throw new Error('no response body');
         await consumeSurfaceStream(response.body, {
           mode: 'interactive',
-          accumulator: acc,
           onMeta: (line) => {
             if (line.path === '/status') setStatus(String(line.value));
           },
-          onRenderHtml: (html) => surfaceRef.current?.render(html),
-          onNodePatch: (patch) => surfaceRef.current?.patchNode(patch),
+          onArtifact: (artifact) => surfaceRef.current?.renderArtifact(artifact),
         });
         setStatus('done');
       } catch (err) {
@@ -79,10 +76,9 @@ export function ChildSurface({
         ref={surfaceRef}
         title={`Summoned: ${child.title ?? child.prompt.slice(0, 40)}`}
         className="block h-[480px] w-full border-0 bg-surface-raised"
-        html=""
         tokensSource={child.tokensSource}
-        capabilityRegistry={registry}
-        grantedCapabilities={contract.validationCapabilities}
+        toolRegistry={registry}
+        validationTools={contract.validationTools}
       />
     </section>
   );
diff --git a/apps/demo/src/pages/generate/components/ContractInspector.tsx b/apps/demo/src/pages/generate/components/ContractInspector.tsx
index 39f1f28..325baa9 100644
--- a/apps/demo/src/pages/generate/components/ContractInspector.tsx
+++ b/apps/demo/src/pages/generate/components/ContractInspector.tsx
@@ -2,10 +2,9 @@ import type { Dispatch, SetStateAction } from 'react';
 import {
   SURFACE_AUTHORITY_VALUES,
   SURFACE_DATA_VALUES,
+  SURFACE_NETWORK_VALUES,
   SURFACE_PERSISTENCE_VALUES,
   SURFACE_PURPOSE_VALUES,
-  SURFACE_RUNTIME_VALUES,
-  type ScriptPolicy,
   type SurfaceContractView,
   type SurfacePlan,
 } from '@anarchitecture/summon/engine';
@@ -18,7 +17,6 @@ import {
 } from '../surfaceHelpers.js';
 import type {
   DirectionInfo,
-  FragmentMode,
   GhostRootInfo,
   ModelCatalogEntry,
   ModelProviderInfo,
@@ -45,8 +43,6 @@ export function ContractInspector({
   setUtilityModel,
   maxOutputTokens,
   setMaxOutputTokens,
-  repairMaxOutputTokens,
-  setRepairMaxOutputTokens,
   anthropicThinking,
   setAnthropicThinking,
   modelEffort,
@@ -59,17 +55,12 @@ export function ContractInspector({
   setShowWelcome,
   layoutId,
   setLayoutId,
-  fragmentMode,
-  setFragmentMode,
-  scriptPolicy,
   tokenPreset,
   setTokenPreset,
   mode,
   setMode,
   agentBrokerEnabled,
   setAgentBrokerEnabled,
-  repairEnabled,
-  setRepairEnabled,
   customContractEnabled,
   setCustomContractEnabled,
   selectedScenario,
@@ -97,8 +88,6 @@ export function ContractInspector({
   setUtilityModel: (value: string) => void;
   maxOutputTokens: number;
   setMaxOutputTokens: (value: number) => void;
-  repairMaxOutputTokens: number;
-  setRepairMaxOutputTokens: (value: number) => void;
   anthropicThinking: 'adaptive' | 'off';
   setAnthropicThinking: (value: 'adaptive' | 'off') => void;
   modelEffort: 'low' | 'medium' | 'high';
@@ -111,17 +100,12 @@ export function ContractInspector({
   setShowWelcome: (value: boolean) => void;
   layoutId: string;
   setLayoutId: (value: string) => void;
-  fragmentMode: FragmentMode;
-  setFragmentMode: (value: FragmentMode) => void;
-  scriptPolicy: ScriptPolicy;
   tokenPreset: string;
   setTokenPreset: (value: string) => void;
   mode: Mode;
   setMode: (value: Mode) => void;
   agentBrokerEnabled: boolean;
   setAgentBrokerEnabled: (value: boolean) => void;
-  repairEnabled: boolean;
-  setRepairEnabled: (value: boolean) => void;
   customContractEnabled: boolean;
   setCustomContractEnabled: (value: boolean) => void;
   selectedScenario: ShowcaseScenario;
@@ -207,12 +191,6 @@ export function ContractInspector({
               {numberOptions(selectedProvider?.controls?.maxOutputTokens.presets, maxOutputTokens).map((value) => <option key={value} value={value}>{value.toLocaleString()}</option>)}
             </select>
           </label>
-          <label className="min-w-0">
-            <span className={fieldLabelClass}>Repair cap</span>
-            <select id="repair-max-output-tokens" className={selectClassName} title="Repair output token cap" value={repairMaxOutputTokens} onChange={(event) => setRepairMaxOutputTokens(Number(event.target.value))}>
-              {numberOptions(selectedProvider?.controls?.repairMaxOutputTokens.presets, repairMaxOutputTokens).map((value) => <option key={value} value={value}>{value.toLocaleString()}</option>)}
-            </select>
-          </label>
           <label id="anthropic-thinking-field" className="min-w-0" hidden={selectedProvider?.id !== 'anthropic'}>
             <span className={fieldLabelClass}>Thinking</span>
             <select id="anthropic-thinking" className={selectClassName} title="Anthropic thinking mode" value={anthropicThinking} onChange={(event) => setAnthropicThinking(event.target.value as 'adaptive' | 'off')}>
@@ -246,18 +224,15 @@ export function ContractInspector({
             </select>
           </label>
           <label className="min-w-0">
-            <span className={fieldLabelClass}>Fragment unit</span>
-            <select id="fragment-unit" className={selectClassName} title="Streaming fragment unit" value={fragmentMode} onChange={(event) => setFragmentMode(event.target.value as FragmentMode)}>
-              <option value="section">Sections</option>
-              <option value="block-v0">Blocks (experimental)</option>
-              <option value="html-node-v0">HTML nodes (experimental)</option>
+            <span className={fieldLabelClass}>Runtime</span>
+            <select id="runtime-policy" className={selectClassName} title="Generated code runtime" value="arrow" disabled>
+              <option value="arrow">Arrow sandbox</option>
             </select>
           </label>
           <label className="min-w-0">
-            <span className={fieldLabelClass}>Scripts</span>
-            <select id="script-policy" className={selectClassName} title="Script policy" value={scriptPolicy} disabled>
-              <option value="forbid">Scripts forbidden</option>
-              <option value="allow">Scripts allowed</option>
+            <span className={fieldLabelClass}>Network</span>
+            <select id="network-policy" className={selectClassName} title="Host-owned network policy" value={surfacePlan.network ?? 'none'} disabled>
+              <option value="none">No network</option>
             </select>
           </label>
           <label className="min-w-0">
@@ -278,10 +253,6 @@ export function ContractInspector({
             <input id="agent-broker-enabled" type="checkbox" checked={agentBrokerEnabled} disabled={customContractEnabled || scenarioUsesFixedPolicy(selectedScenario)} onChange={(event) => setAgentBrokerEnabled(event.target.checked)} />
             <span>Agent broker</span>
           </label>
-          <label className={toggleClassName} title="Enable validation retry">
-            <input id="repair-enabled" type="checkbox" checked={repairEnabled} onChange={(event) => setRepairEnabled(event.target.checked)} />
-            <span>Validation retry</span>
-          </label>
         </div>
 
         <div className="grid grid-cols-2 gap-3 max-[820px]:grid-cols-1">
@@ -313,9 +284,6 @@ export function ContractInspector({
             <select id="surface-purpose" className={selectClassName} title="Surface purpose" value={surfacePlan.purpose} onChange={(event) => setSurfacePlan((plan) => ({ ...plan, purpose: event.target.value as SurfacePlan['purpose'] }))}>
               {SURFACE_PURPOSE_VALUES.map((value) => <option key={value} value={value}>{value}</option>)}
             </select>
-            <select id="surface-runtime" className={selectClassName} title="Surface runtime" value={surfacePlan.runtime} onChange={(event) => setSurfacePlan((plan) => ({ ...plan, runtime: event.target.value as SurfacePlan['runtime'] }))}>
-              {SURFACE_RUNTIME_VALUES.map((value) => <option key={value} value={value}>{value}</option>)}
-            </select>
             <select id="surface-data" className={selectClassName} title="Surface data" value={surfacePlan.data} onChange={(event) => setSurfacePlan((plan) => ({ ...plan, data: event.target.value as SurfacePlan['data'] }))}>
               {SURFACE_DATA_VALUES.map((value) => <option key={value} value={value}>{value}</option>)}
             </select>
@@ -325,6 +293,9 @@ export function ContractInspector({
             <select id="surface-persistence" className={selectClassName} title="Surface persistence" value={surfacePlan.persistence} onChange={(event) => setSurfacePlan((plan) => ({ ...plan, persistence: event.target.value as SurfacePlan['persistence'] }))}>
               {SURFACE_PERSISTENCE_VALUES.map((value) => <option key={value} value={value}>{value}</option>)}
             </select>
+            <select id="surface-network" className={selectClassName} title="Surface network policy" value={surfacePlan.network ?? 'none'} onChange={(event) => setSurfacePlan((plan) => ({ ...plan, network: event.target.value as SurfacePlan['network'] }))}>
+              {SURFACE_NETWORK_VALUES.filter((value) => value === 'none').map((value) => <option key={value} value={value}>No network</option>)}
+            </select>
           </div>
         </div>
       </section>
diff --git a/apps/demo/src/pages/generate/components/DiagnosticsDock.tsx b/apps/demo/src/pages/generate/components/DiagnosticsDock.tsx
index 853bb3f..19787ae 100644
--- a/apps/demo/src/pages/generate/components/DiagnosticsDock.tsx
+++ b/apps/demo/src/pages/generate/components/DiagnosticsDock.tsx
@@ -75,7 +75,7 @@ export function DiagnosticsDock({
                   <div>
                     <div className="overflow-hidden text-ellipsis whitespace-nowrap text-[13px] text-ink" title={item.prompt}>{item.prompt}</div>
                     <div className="mt-0.5 font-mono text-[10px] text-ink-muted">
-                      {compactPlanText(item.surfacePlan)} · hostTools={item.grants.intents.length} · validation={item.validationIssues.length} · {complete} · {new Date(item.createdAt).toLocaleTimeString()}
+                      {compactPlanText(item.surfacePlan)} · hostTools={item.grants.tools.length} · validation={item.validationIssues.length} · {complete} · {new Date(item.createdAt).toLocaleTimeString()}
                     </div>
                   </div>
                   <button type="button" className={buttonClass({ variant: 'ghost', size: 'xs', className: 'rounded-card' })} onClick={() => replaySurface(item)}>Replay</button>
diff --git a/apps/demo/src/pages/generate/components/GenerationStage.tsx b/apps/demo/src/pages/generate/components/GenerationStage.tsx
index 7a17a0b..c8e1a32 100644
--- a/apps/demo/src/pages/generate/components/GenerationStage.tsx
+++ b/apps/demo/src/pages/generate/components/GenerationStage.tsx
@@ -15,14 +15,16 @@ export function GenerationStage({
   running,
   onGenerate,
   statusText,
+  stageNotice,
+  onOpenDiagnostics,
   surfaceRef,
   surfaceTokensSource,
-  capabilityRegistry,
+  toolRegistry,
   componentRegistry,
-  grantedCapabilities,
+  validationTools,
   grantedComponents,
   appendDevEvent,
-  onSurfaceIntentRejected,
+  onSurfaceGoalRejected,
   onSurfaceHandlerError,
   onSurfaceComponentError,
   showWelcome,
@@ -35,14 +37,16 @@ export function GenerationStage({
   running: boolean;
   onGenerate: (prompt: string) => void | Promise<void>;
   statusText: string;
+  stageNotice: { tone: "pending" | "error"; title: string; detail?: string } | null;
+  onOpenDiagnostics: () => void;
   surfaceRef: RefObject<SummonSurfaceHandle>;
   surfaceTokensSource: string;
-  capabilityRegistry: SummonSurfaceProps["capabilityRegistry"];
+  toolRegistry: SummonSurfaceProps["toolRegistry"];
   componentRegistry: SummonSurfaceProps["componentRegistry"];
-  grantedCapabilities: SummonSurfaceProps["grantedCapabilities"];
+  validationTools: SummonSurfaceProps["validationTools"];
   grantedComponents: SummonSurfaceProps["artifactComponents"];
   appendDevEvent: SummonSurfaceProps["onEvent"];
-  onSurfaceIntentRejected: SummonSurfaceProps["onIntentRejected"];
+  onSurfaceGoalRejected: SummonSurfaceProps["onToolRejected"];
   onSurfaceHandlerError: SummonSurfaceProps["onHandlerError"];
   onSurfaceComponentError: SummonSurfaceProps["onComponentError"];
   showWelcome: boolean;
@@ -63,14 +67,13 @@ export function GenerationStage({
           id="sandbox"
           className="h-full min-h-0 w-full border-0 bg-surface-raised"
           title="Summon generate sandbox"
-          html=""
           tokensSource={surfaceTokensSource}
-          capabilityRegistry={capabilityRegistry}
+          toolRegistry={toolRegistry}
           componentRegistry={componentRegistry}
-          grantedCapabilities={grantedCapabilities}
+          validationTools={validationTools}
           artifactComponents={grantedComponents}
           onEvent={appendDevEvent}
-          onIntentRejected={onSurfaceIntentRejected}
+          onToolRejected={onSurfaceGoalRejected}
           onHandlerError={onSurfaceHandlerError}
           onComponentError={onSurfaceComponentError}
         />
@@ -90,6 +93,45 @@ export function GenerationStage({
             </div>
           </div>
         ) : null}
+        {stageNotice ? (
+          <div
+            className="absolute inset-0 z-[2] flex items-center justify-center bg-surface/95 px-6 text-center"
+            id="stage-notice"
+            role={stageNotice.tone === "error" ? "alert" : "status"}
+          >
+            <div className="grid max-w-[min(520px,100%)] justify-items-center gap-3">
+              <div className="font-mono text-[10px] font-semibold uppercase tracking-normal text-ink-muted">
+                {statusText}
+              </div>
+              <div
+                className={
+                  stageNotice.tone === "error"
+                    ? "text-[18px] font-semibold leading-tight text-danger"
+                    : "text-[18px] font-semibold leading-tight text-ink"
+                }
+              >
+                {stageNotice.title}
+              </div>
+              {stageNotice.detail ? (
+                <p className="m-0 max-w-[48ch] text-[13px] leading-normal tracking-normal text-ink-muted">
+                  {stageNotice.detail}
+                </p>
+              ) : null}
+              {stageNotice.tone === "error" ? (
+                <Button
+                  id="open-diagnostics"
+                  type="button"
+                  variant="secondary"
+                  size="sm"
+                  className="mt-1"
+                  onClick={onOpenDiagnostics}
+                >
+                  Diagnostics
+                </Button>
+              ) : null}
+            </div>
+          </div>
+        ) : null}
       </section>
 
       <form
diff --git a/apps/demo/src/pages/generate/components/ScenarioRail.tsx b/apps/demo/src/pages/generate/components/ScenarioRail.tsx
index dca4487..6eb4fe1 100644
--- a/apps/demo/src/pages/generate/components/ScenarioRail.tsx
+++ b/apps/demo/src/pages/generate/components/ScenarioRail.tsx
@@ -55,7 +55,7 @@ export function ScenarioRail({
                   <span className="text-[15px] font-semibold text-ink">{scenario.label}</span>
                   <span className="text-[13px] leading-[1.35] text-ink-soft">{presentation.description}</span>
                   <span className="font-mono text-[10px] leading-[1.4] text-ink-muted">
-                    {compactPlanText(scenario.surfacePlan)} · {scenario.capabilityNames.length} host tools{componentCount ? ` · ${componentCount} components` : ''}
+                    {compactPlanText(scenario.surfacePlan)} · {scenario.toolNames.length} host tools{componentCount ? ` · ${componentCount} components` : ''}
                   </span>
                 </button>
               );
diff --git a/apps/demo/src/pages/generate/constants.ts b/apps/demo/src/pages/generate/constants.ts
index 13392b3..c04839f 100644
--- a/apps/demo/src/pages/generate/constants.ts
+++ b/apps/demo/src/pages/generate/constants.ts
@@ -1,11 +1,11 @@
-import type { SummonLayout, SurfaceCeiling } from '@anarchitecture/summon/engine';
+import type { SummonLayout } from '@anarchitecture/summon/engine';
 import { baseDemoComponentPack } from '../../components.js';
 import { createScopedDemoRegistry } from '../../showcase.js';
 
 export const savedSurfacesKey = 'summon.savedSurfaces.v1';
 export const maxSavedSurfaces = 8;
 
-export const baseCapabilityPack = createScopedDemoRegistry({ onSummon: () => {} }, [
+export const baseToolPack = createScopedDemoRegistry({ onSummon: () => {} }, [
   'log',
   'counter',
   'choose',
@@ -21,8 +21,8 @@ export const baseCapabilityPack = createScopedDemoRegistry({ onSummon: () => {}
 
 export const baseComponentPack = baseDemoComponentPack();
 
-export const childCapabilityNames = baseCapabilityPack.intents
-  .map((intent) => intent.name)
+export const childToolNames = baseToolPack.tools
+  .map((tool) => tool.name)
   .filter((name) => name !== 'summon');
 
 export const layoutPresets = new Map<string, SummonLayout>([
@@ -39,13 +39,6 @@ export const layoutPresets = new Map<string, SummonLayout>([
   ],
 ]);
 
-export const demoSurfaceCeiling: SurfaceCeiling = {
-  runtimes: ['static', 'declarative', 'worker'],
-  data: ['embedded', 'host-resource', 'worker'],
-  authorities: ['none', 'read', 'host-action', 'approval-gated'],
-  persistences: ['replayable'],
-};
-
 export const scenarioCategoryOrder = [
   'Host data',
   'Read-only',
diff --git a/apps/demo/src/pages/generate/devtools.ts b/apps/demo/src/pages/generate/devtools.ts
index 03df0b5..d4208ec 100644
--- a/apps/demo/src/pages/generate/devtools.ts
+++ b/apps/demo/src/pages/generate/devtools.ts
@@ -7,27 +7,27 @@ export type ExtraDevtoolsEvent =
   | { kind: 'protocol-line'; at: number; line: ProtocolLine }
   | { kind: 'protocol-parse-error'; at: number; raw: string }
   | { kind: 'stream-lifecycle'; at: number; phase: 'start' | 'end'; ok?: boolean }
-  | { kind: 'stream-graph'; at: number; health: SurfaceStreamResult['streamGraph']['health']; sections: Array<{ id: string; declared: boolean; present: boolean; revision: number; bytes: number }> }
+  | { kind: 'stream-graph'; at: number; health: SurfaceStreamResult['streamGraph']['health']; artifacts: SurfaceStreamResult['streamGraph']['artifacts'] }
   | { kind: 'surface-plan'; at: number; plan: SurfacePlan }
   | { kind: 'surface-contract'; at: number; contract: SurfaceContractView };
 
 export function formatDevtoolsEvent(ev: DevtoolsEvent | ExtraDevtoolsEvent): string {
   switch (ev.kind) {
     case 'sandbox-spawned':
-      return `${ev.sandboxId.slice(0, 8)}... allowed=[${ev.grantedIntents.join(',') || '-'}]`;
+      return `${ev.sandboxId.slice(0, 8)}... allowed=[${ev.grantedTools.join(',') || '-'}]`;
     case 'sandbox-ready':
     case 'sandbox-disposed':
       return `${ev.sandboxId.slice(0, 8)}...`;
     case 'sandbox-fatal':
       return `${ev.sandboxId.slice(0, 8)}... ${ev.reason}`;
-    case 'intent-emitted':
-      return `host tool ${ev.intent} ${JSON.stringify(ev.args).slice(0, 80)}`;
-    case 'intent-rejected':
+    case 'tool-called':
+      return `host tool ${ev.tool} ${JSON.stringify(ev.args).slice(0, 80)}`;
+    case 'tool-rejected':
       return `${ev.reason}`;
-    case 'intent-dispatched':
-      return `host dispatch ${ev.intent} #${ev.id.slice(-6)}`;
-    case 'intent-settled':
-      return `host settled ${ev.intent} #${ev.id.slice(-6)} ${ev.ok ? 'ok' : `fail: ${ev.error ?? ''}`} (${ev.durationMs}ms)`;
+    case 'tool-dispatched':
+      return `host dispatch ${ev.tool} #${ev.id.slice(-6)}`;
+    case 'tool-settled':
+      return `host settled ${ev.tool} #${ev.id.slice(-6)} ${ev.ok ? 'ok' : `fail: ${ev.error ?? ''}`} (${ev.durationMs}ms)`;
     case 'state-pushed':
       return Object.keys(ev.patch).join(', ') || 'empty';
     case 'component-sync':
@@ -36,6 +36,8 @@ export function formatDevtoolsEvent(ev: DevtoolsEvent | ExtraDevtoolsEvent): str
       return `${ev.componentName ?? ev.componentId ?? 'component'} ${ev.code ?? 'error'}: ${ev.reason}`;
     case 'render':
       return `${ev.bytes.toLocaleString()} B`;
+    case 'rendered':
+      return `revision ${ev.revision}`;
     case 'protocol-line':
       return `${ev.line.op} ${ev.line.path}`;
     case 'protocol-parse-error':
@@ -43,7 +45,7 @@ export function formatDevtoolsEvent(ev: DevtoolsEvent | ExtraDevtoolsEvent): str
     case 'stream-lifecycle':
       return ev.phase === 'start' ? 'start' : `end ok=${ev.ok}`;
     case 'stream-graph':
-      return `sections=${ev.sections.length} missing=${ev.health.missingDeclared.length} skipped=${ev.health.skippedCount} retried=${ev.health.repairedCount}`;
+      return `artifacts=${ev.artifacts.length} skipped=${ev.health.skippedCount} blocked=${ev.health.blockedCount}`;
     case 'surface-plan':
       return planText(ev.plan as SurfacePlan);
     case 'surface-contract':
@@ -53,13 +55,13 @@ export function formatDevtoolsEvent(ev: DevtoolsEvent | ExtraDevtoolsEvent): str
 
 export function displayEventKind(kind: string): string {
   switch (kind) {
-    case 'intent-emitted':
+    case 'tool-called':
       return 'host tool';
-    case 'intent-rejected':
+    case 'tool-rejected':
       return 'request rejected';
-    case 'intent-dispatched':
+    case 'tool-dispatched':
       return 'host dispatch';
-    case 'intent-settled':
+    case 'tool-settled':
       return 'host settled';
     case 'stream-graph':
       return 'stream diagnostics';
diff --git a/apps/demo/src/pages/generate/hooks/useGenerationRuns.ts b/apps/demo/src/pages/generate/hooks/useGenerationRuns.ts
index 8afbbe3..a23d991 100644
--- a/apps/demo/src/pages/generate/hooks/useGenerationRuns.ts
+++ b/apps/demo/src/pages/generate/hooks/useGenerationRuns.ts
@@ -2,8 +2,7 @@ import { useCallback, type Dispatch, type MutableRefObject, type SetStateAction
 import type { SummonSurfaceHandle } from '@anarchitecture/summon-react';
 import type { SurfaceEnvelope } from '@anarchitecture/summon/envelope';
 import {
-  deriveSurfacePlanControls,
-  SectionAccumulator,
+  isArrowSurfaceArtifact,
   type SummonLayout,
   type SurfaceContractView,
   type SurfacePlan,
@@ -12,11 +11,11 @@ import type { DevtoolsEvent } from '@anarchitecture/summon/devtools';
 import defaultTokensSource from '@anarchitecture/summon/tokens.css?raw';
 import type { ActiveContract, Mode } from '../../../showcase.js';
 import type { ExtraDevtoolsEvent } from '../devtools.js';
-import type { ChildSurfaceModel, FragmentMode, LogEntry, StreamOptions, StreamResult } from '../types.js';
+import { applyTokenOverrideCss } from '../surfaceHelpers.js';
+import type { ChildSurfaceModel, LogEntry, StreamOptions, StreamResult } from '../types.js';
 
 export function useGenerationRuns({
   surfaceRef,
-  accRef,
   abortRef,
   artifactRevisionRef,
   modeRef,
@@ -26,9 +25,6 @@ export function useGenerationRuns({
   directionId,
   ghostTarget,
   ghostBaseDirectionId,
-  fragmentMode,
-  editPrompt,
-  editTargets,
   tokensFor,
   clearApprovals,
   clearRuntimeState,
@@ -38,9 +34,8 @@ export function useGenerationRuns({
   appendDevEvent,
   logLine,
   currentValidationSummary,
-  currentRepairSummary,
   setChildren,
-  setRuntimeCapabilityNames,
+  setRuntimeToolNames,
   setRuntimeComponentNames,
   setLogs,
   setDevEvents,
@@ -50,7 +45,6 @@ export function useGenerationRuns({
   setStatus,
   setBytes,
   setCurrentValidationSummary,
-  setCurrentRepairSummary,
   setCurrentStreamHealth,
   setArtifactRevision,
   setActiveTokensSourceOverride,
@@ -61,7 +55,6 @@ export function useGenerationRuns({
   setCurrentSurfaceContractView,
 }: {
   surfaceRef: MutableRefObject<SummonSurfaceHandle | null>;
-  accRef: MutableRefObject<SectionAccumulator>;
   abortRef: MutableRefObject<AbortController | null>;
   artifactRevisionRef: MutableRefObject<number>;
   modeRef: MutableRefObject<Mode>;
@@ -71,9 +64,6 @@ export function useGenerationRuns({
   directionId: string | null;
   ghostTarget: string;
   ghostBaseDirectionId: string | null;
-  fragmentMode: FragmentMode;
-  editPrompt: string;
-  editTargets: string;
   tokensFor: (id: string | null) => string;
   clearApprovals: (reason: string) => void;
   clearRuntimeState: () => void;
@@ -83,9 +73,8 @@ export function useGenerationRuns({
   appendDevEvent: (event: DevtoolsEvent | ExtraDevtoolsEvent) => void;
   logLine: (cls: string, text: string) => void;
   currentValidationSummary: string | null;
-  currentRepairSummary: string | null;
   setChildren: Dispatch<SetStateAction<ChildSurfaceModel[]>>;
-  setRuntimeCapabilityNames: Dispatch<SetStateAction<string[] | null>>;
+  setRuntimeToolNames: Dispatch<SetStateAction<string[] | null>>;
   setRuntimeComponentNames: Dispatch<SetStateAction<string[] | null>>;
   setLogs: Dispatch<SetStateAction<LogEntry[]>>;
   setDevEvents: Dispatch<SetStateAction<Array<DevtoolsEvent | ExtraDevtoolsEvent>>>;
@@ -95,7 +84,6 @@ export function useGenerationRuns({
   setStatus: Dispatch<SetStateAction<string>>;
   setBytes: Dispatch<SetStateAction<number>>;
   setCurrentValidationSummary: Dispatch<SetStateAction<string | null>>;
-  setCurrentRepairSummary: Dispatch<SetStateAction<string | null>>;
   setCurrentStreamHealth: Dispatch<SetStateAction<string | null>>;
   setArtifactRevision: Dispatch<SetStateAction<number>>;
   setActiveTokensSourceOverride: Dispatch<SetStateAction<string | null>>;
@@ -105,22 +93,19 @@ export function useGenerationRuns({
   setCurrentShape: Dispatch<SetStateAction<string | null>>;
   setCurrentSurfaceContractView: Dispatch<SetStateAction<SurfaceContractView | null>>;
 }) {
-  const replayCurrentArtifact = useCallback(() => {
-    if (!accRef.current.hasAnySection()) return;
-    const html = accRef.current.compose();
-    window.setTimeout(() => surfaceRef.current?.render(html), 0);
-    window.setTimeout(() => surfaceRef.current?.render(html), 100);
-  }, [accRef, surfaceRef]);
-
   const generate = useCallback(async (runPrompt: string) => {
     abortRef.current?.abort();
     const abort = new AbortController();
-    const runTokensSource = activeTokensSourceOverride ?? tokensFor(directionId);
+    const baseTokensSource = tokensFor(directionId);
+    const runTokenOverrides = Object.entries(activeContract.tokenOverrides ?? {})
+      .map(([token, value]) => ({ token, value }));
+    const runTokensSource = activeTokensSourceOverride ??
+      (runTokenOverrides.length > 0 ? applyTokenOverrideCss(baseTokensSource, runTokenOverrides) : baseTokensSource);
     abortRef.current = abort;
     clearApprovals('Approval request was replaced');
     setChildren([]);
     summonedCountRef.current = 0;
-    setRuntimeCapabilityNames(null);
+    setRuntimeToolNames(null);
     setRuntimeComponentNames(null);
     setLogs([]);
     setDevEvents([]);
@@ -140,15 +125,12 @@ export function useGenerationRuns({
         ghostTargetPath: ghostTarget.trim() || '.',
         ghostBaseDirectionId,
         layout: readLayout(),
-        fragmentMode,
         signal: abort.signal,
       });
       if (!currentValidationSummary) setCurrentValidationSummary('0/0');
-      if (!currentRepairSummary) setCurrentRepairSummary(activeContract.repair?.enabled ? '0/0' : 'off');
-      setCurrentStreamHealth((current) => current ?? `${result.streamGraph.health.complete ? 'complete' : 'open'} · missing=${result.streamGraph.health.missingDeclared.length} blocked=${result.streamGraph.health.blockedCount} retried=${result.streamGraph.health.repairedCount}`);
+      setCurrentStreamHealth((current) => current ?? `${result.streamGraph.health.complete ? 'complete' : 'blocked'} · artifacts=${result.streamGraph.artifacts.length} blocked=${result.streamGraph.health.blockedCount}`);
       setStatus('done');
       saveSurfaceEnvelope(runPrompt, result);
-      replayCurrentArtifact();
       appendDevEvent({ kind: 'stream-lifecycle', at: Date.now(), phase: 'end', ok: true });
     } catch (err) {
       if ((err as Error).name === 'AbortError') {
@@ -170,25 +152,21 @@ export function useGenerationRuns({
     appendDevEvent,
     clearApprovals,
     clearRuntimeState,
-    currentRepairSummary,
     currentValidationSummary,
     directionId,
-    fragmentMode,
     ghostBaseDirectionId,
     ghostTarget,
     logLine,
     readLayout,
-    replayCurrentArtifact,
     saveSurfaceEnvelope,
     setBytes,
     setChildren,
-    setCurrentRepairSummary,
     setCurrentStreamHealth,
     setCurrentValidationSummary,
     setDevEvents,
     setLogs,
     setRunning,
-    setRuntimeCapabilityNames,
+    setRuntimeToolNames,
     setRuntimeComponentNames,
     setShowWelcome,
     setStatus,
@@ -198,111 +176,44 @@ export function useGenerationRuns({
     tokensFor,
   ]);
 
-  const editArtifact = useCallback(async () => {
-    if (!accRef.current.hasAnySection() || !editPrompt.trim()) return;
-    abortRef.current?.abort();
-    const abort = new AbortController();
-    abortRef.current = abort;
-    const baseRevision = artifactRevisionRef.current;
-    const targets = editTargets
-      .split(/[,\s]+/)
-      .map((target) => target.trim())
-      .filter(Boolean);
-    setRunning(true);
-    setStatus('editing');
-    setBytes(0);
-    appendDevEvent({ kind: 'stream-lifecycle', at: Date.now(), phase: 'start' });
-    try {
-      const result = await streamGenerationInto({
-        prompt: editPrompt.trim(),
-        active: {
-          ...activeContract,
-          agentBroker: false,
-          surfacePolicy: activeContract.surfacePolicy,
-        },
-        directionId,
-        ghostTargetPath: ghostTarget.trim() || '.',
-        ghostBaseDirectionId,
-        layout: readLayout(),
-        signal: abort.signal,
-        edit: {
-          baseRevision,
-          sections: accRef.current.snapshot().sections,
-          targetSections: targets.length ? Array.from(new Set(targets)) : undefined,
-        },
-      });
-      setCurrentStreamHealth((current) => current ?? `${result.streamGraph.health.complete ? 'complete' : 'open'} · missing=${result.streamGraph.health.missingDeclared.length} blocked=${result.streamGraph.health.blockedCount} retried=${result.streamGraph.health.repairedCount}`);
-      setStatus('done');
-      replayCurrentArtifact();
-      appendDevEvent({ kind: 'stream-lifecycle', at: Date.now(), phase: 'end', ok: true });
-    } catch (err) {
-      if ((err as Error).name === 'AbortError') {
-        setStatus('aborted');
-      } else {
-        const message = err instanceof Error ? err.message : String(err);
-        logLine('op-error', `edit error: ${message}`);
-        setStatus('error');
-      }
-      appendDevEvent({ kind: 'stream-lifecycle', at: Date.now(), phase: 'end', ok: false });
-    } finally {
-      setRunning(false);
-    }
-  }, [
-    abortRef,
-    accRef,
-    activeContract,
-    appendDevEvent,
-    artifactRevisionRef,
-    directionId,
-    editPrompt,
-    editTargets,
-    ghostBaseDirectionId,
-    ghostTarget,
-    logLine,
-    readLayout,
-    replayCurrentArtifact,
-    setBytes,
-    setCurrentStreamHealth,
-    setRunning,
-    setStatus,
-    streamGenerationInto,
-  ]);
-
   const replaySurface = useCallback((envelope: SurfaceEnvelope) => {
     abortRef.current?.abort();
     clearApprovals('Approval request was replaced');
     setLogs([]);
     setDevEvents([]);
-    accRef.current = new SectionAccumulator();
-    for (const line of envelope.protocolLines) {
-      if (line.op !== 'meta') accRef.current.applyDetailed(line);
+    const arrowArtifact = findArrowArtifact(envelope.protocolLines);
+    if (!arrowArtifact) {
+      setStatus('replay error');
+      logLine('op-error', 'saved surface has no Arrow artifact');
+      return;
     }
-    artifactRevisionRef.current = accRef.current.snapshot().sections.length;
+    artifactRevisionRef.current = envelope.protocolLines.length;
     setArtifactRevision(artifactRevisionRef.current);
     setActiveTokensSourceOverride(envelope.tokenCss ?? null);
     setSurfaceTokensSource(envelope.tokenCss ?? defaultTokensSource);
-    setMode(deriveSurfacePlanControls(envelope.surfacePlan).mode);
-    modeRef.current = deriveSurfacePlanControls(envelope.surfacePlan).mode;
+    const replayMode = envelope.metadata.mode ?? (envelope.grants.tools.length === 0 ? 'static' : 'interactive');
+    setMode(replayMode);
+    modeRef.current = replayMode;
     setSurfacePlan(envelope.surfacePlan);
     setCurrentEffectiveSurfacePlan(envelope.surfacePlan);
     setCurrentShape(envelope.metadata.shape ?? null);
     setCurrentValidationSummary(`${envelope.validationIssues.filter((issue) => issue.severity === 'block').length}/${envelope.validationIssues.filter((issue) => issue.severity === 'warn').length}`);
     setCurrentStreamHealth(envelope.streamGraph
-      ? `${envelope.streamGraph.health.complete ? 'complete' : 'open'} · missing=${envelope.streamGraph.health.missingDeclared.length} blocked=${envelope.streamGraph.health.blockedCount} retried=${envelope.streamGraph.health.repairedCount}`
+      ? `${envelope.streamGraph.health.complete ? 'complete' : 'blocked'} · artifacts=${envelope.streamGraph.artifacts.length} blocked=${envelope.streamGraph.health.blockedCount}`
       : null);
     setCurrentSurfaceContractView(null);
-    setRuntimeCapabilityNames(envelope.grants.intents);
+    setRuntimeToolNames(envelope.grants.tools);
     setRuntimeComponentNames(envelope.grants.components?.map((component) => component.name) ?? null);
     setShowWelcome(false);
     setStatus('replayed');
-    setBytes(new TextEncoder().encode(envelope.compiledHtml).byteLength);
-    window.setTimeout(() => surfaceRef.current?.render(envelope.compiledHtml), 0);
+    setBytes(new TextEncoder().encode(JSON.stringify(arrowArtifact.source)).byteLength);
+    window.setTimeout(() => surfaceRef.current?.renderArtifact(arrowArtifact), 0);
     appendDevEvent({ kind: 'surface-plan', at: Date.now(), plan: envelope.surfacePlan });
     appendDevEvent({ kind: 'stream-lifecycle', at: Date.now(), phase: 'end', ok: true });
     logLine('op-meta', `replayed ${envelope.surfacePlan.purpose}/${envelope.surfacePlan.runtime}`);
+    if (arrowArtifact) logLine('op-add', `replayed artifact /artifact -> ${Object.keys(arrowArtifact.source).join(', ')}`);
   }, [
     abortRef,
-    accRef,
     appendDevEvent,
     artifactRevisionRef,
     clearApprovals,
@@ -319,7 +230,7 @@ export function useGenerationRuns({
     setDevEvents,
     setLogs,
     setMode,
-    setRuntimeCapabilityNames,
+    setRuntimeToolNames,
     setRuntimeComponentNames,
     setShowWelcome,
     setStatus,
@@ -328,5 +239,16 @@ export function useGenerationRuns({
     surfaceRef,
   ]);
 
-  return { generate, editArtifact, replaySurface };
+  return { generate, replaySurface };
+}
+
+function findArrowArtifact(lines: SurfaceEnvelope['protocolLines']) {
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const line = lines[i];
+    if (!line) continue;
+    if (line.op === 'artifact' && line.path === '/artifact' && isArrowSurfaceArtifact(line.value)) {
+      return line.value;
+    }
+  }
+  return null;
 }
diff --git a/apps/demo/src/pages/generate/hooks/useSurfaceStream.ts b/apps/demo/src/pages/generate/hooks/useSurfaceStream.ts
index 5abab85..d04e219 100644
--- a/apps/demo/src/pages/generate/hooks/useSurfaceStream.ts
+++ b/apps/demo/src/pages/generate/hooks/useSurfaceStream.ts
@@ -2,8 +2,8 @@ import { useCallback, type MutableRefObject } from 'react';
 import { consumeSurfaceStream, type SurfaceStreamContext } from '@anarchitecture/summon/browser';
 import {
   normalizeSurfacePlan,
+  type ArrowSurfaceArtifact,
   type ProtocolLine,
-  type SectionAccumulator,
   type SurfaceContractView,
   type SurfacePlan,
   type ValidationContext,
@@ -11,19 +11,17 @@ import {
 import type { DevtoolsEvent } from '@anarchitecture/summon/devtools';
 import type { SummonSurfaceHandle } from '@anarchitecture/summon-react';
 import type { Mode } from '../../../showcase.js';
-import { demoSurfaceCeiling } from '../constants.js';
 import type { ExtraDevtoolsEvent } from '../devtools.js';
 import {
   agentBrokerRequestFor,
-  agentIntentText,
+  agentGoalText,
   agentPolicyText,
   applyTokenOverrideCss,
-  capabilityPackFor,
+  toolPackFor,
   componentPackFor,
   ghostRootFromSelection,
   parseAppliedTokenOverrides,
   parseSurfaceContractView,
-  summarizeRepairMeta,
   summarizeStreamGraphMeta,
   summarizeValidationMeta,
   surfaceRequestFor,
@@ -50,7 +48,6 @@ async function* chunksWithByteCounts(
 
 export function useSurfaceStream({
   surfaceRef,
-  accRef,
   modeRef,
   artifactRevisionRef,
   directionId,
@@ -59,7 +56,7 @@ export function useSurfaceStream({
   logLine,
   setBytes,
   setMode,
-  setCurrentAgentIntentSummary,
+  setCurrentAgentGoalSummary,
   setCurrentAgentPolicySummary,
   setCurrentEffectiveSurfacePlan,
   setCurrentSurfaceContractView,
@@ -67,13 +64,11 @@ export function useSurfaceStream({
   setActiveTokensSourceOverride,
   setSurfaceTokensSource,
   setCurrentValidationSummary,
-  setCurrentRepairSummary,
   setCurrentStreamHealth,
   setStatus,
   setArtifactRevision,
 }: {
   surfaceRef: MutableRefObject<SummonSurfaceHandle | null>;
-  accRef: MutableRefObject<SectionAccumulator>;
   modeRef: MutableRefObject<Mode>;
   artifactRevisionRef: MutableRefObject<number>;
   directionId: string | null;
@@ -82,7 +77,7 @@ export function useSurfaceStream({
   logLine: (cls: string, text: string) => void;
   setBytes: (value: number) => void;
   setMode: (value: Mode) => void;
-  setCurrentAgentIntentSummary: (value: string | null) => void;
+  setCurrentAgentGoalSummary: (value: string | null) => void;
   setCurrentAgentPolicySummary: (value: string | null) => void;
   setCurrentEffectiveSurfacePlan: (value: SurfacePlan | null) => void;
   setCurrentSurfaceContractView: (value: SurfaceContractView | null) => void;
@@ -90,7 +85,6 @@ export function useSurfaceStream({
   setActiveTokensSourceOverride: (value: string | null) => void;
   setSurfaceTokensSource: (value: string) => void;
   setCurrentValidationSummary: (value: string | null) => void;
-  setCurrentRepairSummary: (value: string | null) => void;
   setCurrentStreamHealth: (value: string | null) => void;
   setStatus: (value: string) => void;
   setArtifactRevision: (value: number) => void;
@@ -106,10 +100,10 @@ export function useSurfaceStream({
       modeRef.current = 'interactive';
       return;
     }
-    if (line.op === 'meta' && line.path === '/agent-intent') {
-      const summary = agentIntentText(line.value);
-      setCurrentAgentIntentSummary(summary);
-      logLine('op-meta', `agent intent -> ${summary}`);
+    if (line.op === 'meta' && line.path === '/agent-goal') {
+      const summary = agentGoalText(line.value);
+      setCurrentAgentGoalSummary(summary);
+      logLine('op-meta', `agent goal -> ${summary}`);
       return;
     }
     if (line.op === 'meta' && line.path === '/agent-policy-resolution') {
@@ -144,17 +138,11 @@ export function useSurfaceStream({
       logLine('op-meta', `shape -> ${shape || JSON.stringify(line.value)}`);
       return;
     }
-    if (line.op === 'meta' && line.path === '/experimental-fragments') {
-      logLine('op-meta', `fragments -> ${JSON.stringify(line.value)}`);
-      return;
-    }
     if (line.op === 'meta' && line.path === '/token-overrides') {
       const applied = parseAppliedTokenOverrides(line.value);
       const css = applyTokenOverrideCss(tokensFor(directionId), applied);
       setActiveTokensSourceOverride(css);
       setSurfaceTokensSource(css);
-      const composed = accRef.current.hasAnySection() ? accRef.current.compose() : '';
-      window.setTimeout(() => surfaceRef.current?.render(composed), 0);
       const rejected = Array.isArray((line.value as { rejected?: unknown } | undefined)?.rejected)
         ? ((line.value as { rejected?: unknown[] }).rejected ?? []).length
         : 0;
@@ -177,8 +165,6 @@ export function useSurfaceStream({
       if (typeof value?.css === 'string') {
         setActiveTokensSourceOverride(value.css);
         setSurfaceTokensSource(value.css);
-        const composed = accRef.current.hasAnySection() ? accRef.current.compose() : '';
-        window.setTimeout(() => surfaceRef.current?.render(composed), 0);
       }
       const source = typeof value?.source === 'string' ? value.source : 'unknown';
       const kind = typeof value?.kind === 'string' ? value.kind : 'unknown';
@@ -187,13 +173,13 @@ export function useSurfaceStream({
       return;
     }
     if (line.op === 'meta' && line.path === '/ghost-review-packet') {
-      const value = line.value as { baseDirectionId?: unknown; styleSource?: unknown; declaredSections?: unknown; validation?: { blocked?: unknown; warnings?: unknown } } | undefined;
+      const value = line.value as { baseDirectionId?: unknown; styleSource?: unknown; artifactFiles?: unknown; validation?: { blocked?: unknown; warnings?: unknown } } | undefined;
       const base = typeof value?.baseDirectionId === 'string' ? value.baseDirectionId : 'none';
       const style = typeof value?.styleSource === 'string' ? value.styleSource : 'unknown';
-      const sections = Array.isArray(value?.declaredSections) ? value.declaredSections.filter((section): section is string => typeof section === 'string') : [];
+      const artifactFiles = Array.isArray(value?.artifactFiles) ? value.artifactFiles.filter((file): file is string => typeof file === 'string') : [];
       const blocked = typeof value?.validation?.blocked === 'number' ? value.validation.blocked : 0;
       const warnings = typeof value?.validation?.warnings === 'number' ? value.validation.warnings : 0;
-      logLine('op-meta', `fingerprint review packet -> base=${base}; style=${style}; sections=${sections.join(', ') || 'none'}; validation=${blocked}/${warnings}`);
+      logLine('op-meta', `fingerprint review packet -> base=${base}; style=${style}; artifact=${artifactFiles.join(', ') || 'none'}; validation=${blocked}/${warnings}`);
       return;
     }
     if (line.op === 'meta' && line.path === '/validation-summary') {
@@ -201,11 +187,6 @@ export function useSurfaceStream({
       logLine('op-meta', `validation -> ${JSON.stringify(line.value)}`);
       return;
     }
-    if (line.op === 'meta' && line.path === '/repair-summary') {
-      setCurrentRepairSummary(summarizeRepairMeta(line.value));
-      logLine('op-meta', `validation retry -> ${JSON.stringify(line.value)}`);
-      return;
-    }
     if (line.op === 'meta' && line.path === '/stream-graph-summary') {
       setCurrentStreamHealth(summarizeStreamGraphMeta(line.value));
       logLine('op-meta', `stream diagnostics -> ${JSON.stringify(line.value)}`);
@@ -224,36 +205,21 @@ export function useSurfaceStream({
       logLine('op-meta', `skip ${JSON.stringify(line.value)}`);
       return;
     }
-    if (line.op === 'meta' && line.path === '/screen-synthesized') {
-      const value = line.value as { sections?: unknown } | undefined;
-      const sections = Array.isArray(value?.sections) ? value.sections.filter((section): section is string => typeof section === 'string') : [];
-      logLine('op-meta', `screen synthesized -> ${sections.join(', ') || '(none)'}`);
-      return;
-    }
     if (line.op === 'meta') {
       logLine('op-meta', `meta ${line.path} = ${JSON.stringify(line.value)}`);
       return;
     }
-    if (line.op === 'set') {
-      const changed = context.applyResult?.changed ?? false;
-      logLine('op-set', `set ${line.path} = ${JSON.stringify(line.value)}`);
-      if (changed) {
-        artifactRevisionRef.current += 1;
-        setArtifactRevision(artifactRevisionRef.current);
-      }
+    if (line.op === 'artifact') {
+      const artifact = line.value as ArrowSurfaceArtifact | undefined;
+      const files = artifact && artifact.runtime === 'arrow'
+        ? Object.keys(artifact.source).join(', ')
+        : 'invalid';
+      logLine('op-add', `artifact ${line.path} -> ${files}`);
+      artifactRevisionRef.current += 1;
+      setArtifactRevision(artifactRevisionRef.current);
       return;
     }
-    if (line.op === 'add') {
-      const changed = context.applyResult?.changed ?? false;
-      const preview = (line.html ?? '').slice(0, 120).replace(/\s+/g, ' ');
-      logLine('op-add', `add ${line.path} (${(line.html ?? '').length} chars): ${preview}${(line.html ?? '').length > 120 ? '...' : ''}`);
-      if (changed) {
-        artifactRevisionRef.current += 1;
-        setArtifactRevision(artifactRevisionRef.current);
-      }
-    }
   }, [
-    accRef,
     appendDevEvent,
     artifactRevisionRef,
     directionId,
@@ -262,10 +228,9 @@ export function useSurfaceStream({
     setActiveTokensSourceOverride,
     setArtifactRevision,
     setBytes,
-    setCurrentAgentIntentSummary,
+    setCurrentAgentGoalSummary,
     setCurrentAgentPolicySummary,
     setCurrentEffectiveSurfacePlan,
-    setCurrentRepairSummary,
     setCurrentShape,
     setCurrentStreamHealth,
     setCurrentSurfaceContractView,
@@ -273,25 +238,22 @@ export function useSurfaceStream({
     setMode,
     setStatus,
     setSurfaceTokensSource,
-    surfaceRef,
     tokensFor,
   ]);
 
   return useCallback(async (opts: StreamOptions): Promise<StreamResult> => {
     const active = opts.active;
     const ghostRootId = ghostRootFromSelection(opts.directionId);
-    const capabilityPack = capabilityPackFor(active);
+    const toolPack = toolPackFor(active);
     const components = componentPackFor(active);
     const surfaceRequest = surfaceRequestFor(active);
     const agent = agentBrokerRequestFor(active);
     const validationContext: ValidationContext = {
       mode: active.mode,
-      scriptPolicy: active.scriptPolicy,
-      allowedIntents: capabilityPack.intents.map((intent) => intent.name),
-      capabilities: capabilityPack.intents,
+      allowedTools: toolPack.tools.map((tool) => tool.name),
+      tools: toolPack.tools,
       components: components?.components ?? [],
       surfacePlan: active.surfacePlan,
-      ...(opts.fragmentMode ? { experimentalFragmentMode: opts.fragmentMode } : {}),
     };
 
     const response = await fetch('/api/generate', {
@@ -313,24 +275,18 @@ export function useSurfaceStream({
               },
             }
           : { directionId: opts.directionId }),
-        mode: modeRef.current,
-        capabilities: capabilityPack,
+        tools: toolPack,
         ...(components ? { components } : {}),
-        surfaceCeiling: demoSurfaceCeiling,
         ...(agent ? { agent } : {}),
-        scriptPolicy: active.scriptPolicy,
-        ...(opts.fragmentMode !== 'section' && !opts.edit ? { fragmentMode: opts.fragmentMode } : {}),
         ...surfaceRequest,
         ...(active.tokenOverrides ? { tokenOverrides: active.tokenOverrides } : {}),
         ...(opts.layout ? { layout: opts.layout } : {}),
-        ...(opts.edit ? { edit: opts.edit } : {}),
-        ...(active.repair ? { repair: active.repair } : {}),
       }),
       signal: opts.signal,
     });
 
     if (!response.ok) {
-      const text = await response.text().catch(() => '');
+      const text = await readErrorResponse(response);
       throw new Error(`HTTP ${response.status}: ${text || response.statusText}`);
     }
     if (!response.body) throw new Error('no response body');
@@ -343,19 +299,7 @@ export function useSurfaceStream({
       setBytes(byteTotal);
     }), {
       mode: () => modeRef.current,
-      accumulator: accRef.current,
-      shouldApplyLine: (line) => {
-        if (
-          opts.edit &&
-          line.op !== 'meta' &&
-          accRef.current.hasAnySection() &&
-          artifactRevisionRef.current !== opts.edit.baseRevision
-        ) {
-          logLine('op-meta', `stale edit discarded (base rev ${opts.edit.baseRevision}, current rev ${artifactRevisionRef.current})`);
-          return 'stop';
-        }
-        return 'apply';
-      },
+      shouldApplyLine: () => 'apply',
       onLine: (line, context) => {
         appendDevEvent({ kind: 'protocol-line', at: Date.now(), line });
         if (line.op !== 'meta') applyLineTo(line, context);
@@ -365,6 +309,9 @@ export function useSurfaceStream({
         if (line.path === '/shape' && typeof line.value === 'string') shapeFromStream = line.value;
         applyLineTo(line, context);
       },
+      onArtifact: (artifact, line, context) => {
+        surfaceRef.current?.renderArtifact(artifact);
+      },
       onParseError: (raw) => {
         appendDevEvent({ kind: 'protocol-parse-error', at: Date.now(), raw });
         logLine('raw', `. ${raw.slice(0, 120)}`);
@@ -374,23 +321,27 @@ export function useSurfaceStream({
           kind: 'stream-graph',
           at: Date.now(),
           health: snapshot.health,
-          sections: snapshot.sections.map(({ id, declared, present, revision, bytes }) => ({
-            id,
-            declared,
-            present,
+          artifacts: snapshot.artifacts.map(({ revision, runtime, bytes, firstSeenLine, lastUpdatedLine }) => ({
             revision,
+            runtime,
             bytes,
+            firstSeenLine,
+            lastUpdatedLine,
           })),
         });
       },
-      onRenderHtml: (html) => {
-        surfaceRef.current?.render(html);
-      },
-      onNodePatch: (patch) => {
-        surfaceRef.current?.patchNode(patch);
-      },
       validationContext,
     });
+    if (
+      active.surfacePlan.runtime === 'arrow' &&
+      !result.protocolLines.some((line) => line.op === 'artifact' && line.path === '/artifact')
+    ) {
+      const serverError = result.protocolLines.find((line) => line.op === 'meta' && line.path === '/error');
+      const message = serverError
+        ? `Generation server error: ${String(serverError.value)}`
+        : 'Arrow runtime expected one /artifact line, but the model produced no accepted Arrow artifact';
+      throw new Error(message);
+    }
 
     return {
       ...result,
@@ -398,7 +349,6 @@ export function useSurfaceStream({
       shape: shapeFromStream,
     };
   }, [
-    accRef,
     appendDevEvent,
     applyLineTo,
     artifactRevisionRef,
@@ -408,3 +358,15 @@ export function useSurfaceStream({
     surfaceRef,
   ]);
 }
+
+async function readErrorResponse(response: Response): Promise<string> {
+  const text = await response.text().catch(() => '');
+  if (!text) return '';
+  try {
+    const parsed = JSON.parse(text) as { error?: unknown };
+    if (typeof parsed.error === 'string') return parsed.error;
+  } catch {
+    // Fall through to the raw response body.
+  }
+  return text;
+}
diff --git a/apps/demo/src/pages/generate/modelProviders.ts b/apps/demo/src/pages/generate/modelProviders.ts
index c6ad100..b107e42 100644
--- a/apps/demo/src/pages/generate/modelProviders.ts
+++ b/apps/demo/src/pages/generate/modelProviders.ts
@@ -64,8 +64,7 @@ export function parseProviderControls(raw: unknown): ModelProviderControls | und
   if (!raw || typeof raw !== 'object') return undefined;
   const item = raw as Record<string, unknown>;
   const maxOutputTokens = parseTokenControl(item.maxOutputTokens);
-  const repairMaxOutputTokens = parseTokenControl(item.repairMaxOutputTokens);
-  if (!maxOutputTokens || !repairMaxOutputTokens) return undefined;
+  if (!maxOutputTokens) return undefined;
   const thinkingOptions = Array.isArray((item.anthropicThinking as Record<string, unknown> | undefined)?.options)
     ? ((item.anthropicThinking as { options?: unknown[] }).options ?? []).filter((value): value is 'adaptive' | 'off' => value === 'adaptive' || value === 'off')
     : [];
@@ -75,7 +74,6 @@ export function parseProviderControls(raw: unknown): ModelProviderControls | und
   return {
     customModels: item.customModels !== false,
     maxOutputTokens,
-    repairMaxOutputTokens,
     anthropicThinking: {
       default: (item.anthropicThinking as { default?: unknown } | undefined)?.default === 'off' ? 'off' : 'adaptive',
       options: thinkingOptions.length ? thinkingOptions : ['adaptive', 'off'],
diff --git a/apps/demo/src/pages/generate/surfaceHelpers.ts b/apps/demo/src/pages/generate/surfaceHelpers.ts
index 9903858..83d11db 100644
--- a/apps/demo/src/pages/generate/surfaceHelpers.ts
+++ b/apps/demo/src/pages/generate/surfaceHelpers.ts
@@ -1,17 +1,18 @@
 import {
   parseTokenValues,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
   type SurfaceContractView,
   type SurfacePlan,
+  type SurfacePolicy,
 } from '@anarchitecture/summon/engine';
 import { narrowComponentPack } from '../../components.js';
 import {
-  narrowCapabilityPack,
+  narrowToolPack,
   type ActiveContract,
   type ShowcaseScenario,
 } from '../../showcase.js';
-import { baseCapabilityPack, baseComponentPack, scenarioCategoryOrder } from './constants.js';
+import { baseToolPack, baseComponentPack, scenarioCategoryOrder } from './constants.js';
 import type { ModelProviderInfo, StreamOptionsPayload } from './types.js';
 
 export function describeScenario(scenario: ShowcaseScenario): { category: string; description: string } {
@@ -47,8 +48,6 @@ export function describeScenario(scenario: ShowcaseScenario): { category: string
       return { category: 'Layout', description: 'Host layout slots constrain the generated card shape.' };
     case 'sibling-summon':
       return { category: 'Composition', description: 'Parent surface can summon a sibling sandbox with narrowed host tools.' };
-    case 'repair-diagnostics':
-      return { category: 'Diagnostics', description: 'Validation retry generation with diagnostics.' };
     default:
       return { category: 'Showcase', description: 'Surface-configured Summon generation scenario.' };
   }
@@ -90,8 +89,8 @@ export function scenarioUsesFixedPolicy(scenario: ShowcaseScenario): boolean {
   return false;
 }
 
-export function capabilityPackFor(active: ActiveContract): CapabilityPack {
-  return narrowCapabilityPack(baseCapabilityPack, active.capabilityNames);
+export function toolPackFor(active: ActiveContract): ToolPack {
+  return narrowToolPack(baseToolPack, active.toolNames);
 }
 
 export function componentPackFor(active: ActiveContract): ComponentPack | null {
@@ -104,9 +103,9 @@ export function agentBrokerRequestFor(active: ActiveContract): { enabled: true }
   return active.agentBroker ? { enabled: true } : undefined;
 }
 
-export function explicitSurfaceRequestFor(active: ActiveContract): Pick<StreamOptionsPayload, 'surfacePolicy' | 'surfacePlan'> {
+export function explicitSurfaceRequestFor(active: ActiveContract): Pick<StreamOptionsPayload, 'surfacePolicy'> {
   if (active.surfacePolicy) return { surfacePolicy: active.surfacePolicy };
-  return { surfacePlan: active.surfacePlan };
+  return {};
 }
 
 export function surfaceRequestFor(active: ActiveContract): StreamOptionsPayload {
@@ -115,6 +114,27 @@ export function surfaceRequestFor(active: ActiveContract): StreamOptionsPayload
   return explicitSurfaceRequestFor(active);
 }
 
+export function surfacePolicyForPlan(
+  plan: SurfacePlan,
+  toolNames: string[],
+  componentNames: string[] | undefined,
+): SurfacePolicy {
+  const tier = plan.authority === 'approval-gated'
+    ? 'approval'
+    : plan.data === 'worker'
+      ? 'worker'
+      : plan.data === 'host-resource' || plan.authority !== 'none'
+        ? 'declarative'
+        : 'static';
+  return {
+    tier,
+    purpose: plan.purpose,
+    persistence: plan.persistence,
+    ...(tier !== 'static' && toolNames.length > 0 ? { grants: toolNames } : {}),
+    ...(componentNames?.length ? { components: componentNames } : {}),
+  };
+}
+
 export function ghostSelectionValue(rootId: string): string {
   return `ghost:${rootId}`;
 }
@@ -138,23 +158,14 @@ export function summarizeValidationMeta(value: unknown): string {
   return `${blocked}/${warnings}`;
 }
 
-export function summarizeRepairMeta(value: unknown): string {
-  const summary = value as { queued?: unknown; repaired?: unknown; failed?: unknown } | undefined;
-  const queued = typeof summary?.queued === 'number' ? summary.queued : 0;
-  const repaired = typeof summary?.repaired === 'number' ? summary.repaired : 0;
-  const failed = typeof summary?.failed === 'number' ? summary.failed : 0;
-  return `${repaired}/${queued}${failed ? ` failed=${failed}` : ''}`;
-}
-
 export function summarizeStreamGraphMeta(value: unknown): string {
   const summary = value as
-    | { health?: { complete?: unknown; missingDeclared?: unknown[]; blockedCount?: unknown; repairedCount?: unknown } }
+    | { artifacts?: unknown[]; health?: { complete?: unknown; blockedCount?: unknown; skippedCount?: unknown } }
     | undefined;
   const complete = summary?.health?.complete === true;
-  const missing = Array.isArray(summary?.health?.missingDeclared) ? summary.health.missingDeclared.length : 0;
+  const artifacts = Array.isArray(summary?.artifacts) ? summary.artifacts.length : 0;
   const blocked = typeof summary?.health?.blockedCount === 'number' ? summary.health.blockedCount : 0;
-  const repaired = typeof summary?.health?.repairedCount === 'number' ? summary.health.repairedCount : 0;
-  return `${complete ? 'complete' : 'open'} · missing=${missing} blocked=${blocked} retried=${repaired}`;
+  return `${complete ? 'complete' : 'blocked'} · artifacts=${artifacts} blocked=${blocked}`;
 }
 
 export function parseSurfaceContractView(value: unknown): SurfaceContractView | null {
@@ -166,7 +177,7 @@ export function parseSurfaceContractView(value: unknown): SurfaceContractView |
   return contract as SurfaceContractView;
 }
 
-export function agentIntentText(value: unknown): string {
+export function agentGoalText(value: unknown): string {
   if (!value || typeof value !== 'object') return JSON.stringify(value);
   const item = value as Record<string, unknown>;
   const parts = [
@@ -175,8 +186,8 @@ export function agentIntentText(value: unknown): string {
     typeof item.dataNeed === 'string' ? item.dataNeed : null,
     typeof item.sideEffect === 'string' ? item.sideEffect : null,
   ].filter((part): part is string => Boolean(part));
-  const grants = Array.isArray(item.requestedCapabilities)
-    ? item.requestedCapabilities.filter((name): name is string => typeof name === 'string')
+  const grants = Array.isArray(item.requestedTools)
+    ? item.requestedTools.filter((name): name is string => typeof name === 'string')
     : [];
   const components = Array.isArray(item.requestedComponents)
     ? item.requestedComponents.filter((name): name is string => typeof name === 'string')
@@ -185,7 +196,7 @@ export function agentIntentText(value: unknown): string {
     grants.length ? `tools=${grants.join(',')}` : '',
     components.length ? `components=${components.join(',')}` : '',
   ].filter(Boolean).join(' ');
-  return `${parts.join(' · ') || 'intent'}${access ? ` · ${access}` : ''}`;
+  return `${parts.join(' · ') || 'tool'}${access ? ` · ${access}` : ''}`;
 }
 
 export function agentPolicyText(value: unknown): string {
@@ -195,14 +206,14 @@ export function agentPolicyText(value: unknown): string {
     ? item.surfacePolicy as Record<string, unknown>
     : null;
   const source = typeof item.source === 'string' ? item.source : 'broker';
-  const intentSource = typeof item.intentSource === 'string' ? item.intentSource : '';
+  const goalSource = typeof item.goalSource === 'string' ? item.goalSource : '';
   const tier = typeof policy?.tier === 'string' ? policy.tier : 'policy';
   const purpose = typeof policy?.purpose === 'string' ? policy.purpose : 'inform';
   const fallback = item.fallback === true ? ' · fallback' : '';
-  const rejectedCapabilities = Array.isArray(item.rejectedCapabilities) ? item.rejectedCapabilities.length : 0;
+  const rejectedTools = Array.isArray(item.rejectedTools) ? item.rejectedTools.length : 0;
   const rejectedComponents = Array.isArray(item.rejectedComponents) ? item.rejectedComponents.length : 0;
-  const rejected = rejectedCapabilities + rejectedComponents;
-  const sourceText = intentSource ? `${source}/${intentSource}` : source;
+  const rejected = rejectedTools + rejectedComponents;
+  const sourceText = goalSource ? `${source}/${goalSource}` : source;
   return `${sourceText} · ${tier}/${purpose}${fallback}${rejected ? ` · rejected=${rejected}` : ''}`;
 }
 
@@ -236,46 +247,47 @@ export function buildContractRows({
   active,
   selectedScenario,
   modelProviders,
-  currentAgentIntentSummary,
+  currentAgentGoalSummary,
   currentAgentPolicySummary,
   currentEffectiveSurfacePlan,
   currentShape,
   currentStreamHealth,
   currentSurfaceContractView,
-  currentRepairSummary,
   currentValidationSummary,
 }: {
   active: ActiveContract;
   selectedScenario: ShowcaseScenario;
   modelProviders: ModelProviderInfo[];
-  currentAgentIntentSummary: string | null;
+  currentAgentGoalSummary: string | null;
   currentAgentPolicySummary: string | null;
   currentEffectiveSurfacePlan: SurfacePlan | null;
   currentShape: string | null;
   currentStreamHealth: string | null;
   currentSurfaceContractView: SurfaceContractView | null;
-  currentRepairSummary: string | null;
   currentValidationSummary: string | null;
 }) {
   const requested = active.surfacePlan;
   const broker = active.agentBroker
-    ? currentAgentPolicySummary ?? currentAgentIntentSummary ?? 'planning on run'
+    ? currentAgentPolicySummary ?? currentAgentGoalSummary ?? 'planning on run'
     : scenarioUsesFixedPolicy(selectedScenario)
       ? 'fixed policy'
       : 'manual surface config';
   const contract = currentSurfaceContractView;
   const hostTools = contract
     ? contract.tools.map((tool) => tool.name).join(', ') || 'none'
-    : active.capabilityNames.length ? active.capabilityNames.join(', ') : 'none';
+    : active.toolNames.length ? active.toolNames.join(', ') : 'none';
   const components = contract
     ? contract.components.map((component) => component.name).join(', ') || 'none'
     : active.componentNames?.length ? active.componentNames.join(', ') : 'none';
-  const toolCount = contract?.tools.length ?? active.capabilityNames.length;
+  const toolCount = contract?.tools.length ?? active.toolNames.length;
   const componentCount = contract?.components.length ?? active.componentNames?.length ?? 0;
   const validation = currentValidationSummary ?? 'pending';
   const stream = currentStreamHealth ?? 'pending';
   const effectivePlan = contract?.surface.plan ?? currentEffectiveSurfacePlan;
   const effective = effectivePlan ? planText(effectivePlan) : 'pending';
+  const runtime = effectivePlan
+    ? `${displayPlanPart(effectivePlan.runtime)} · ${contract?.surface.mode ?? active.mode} · network ${effectivePlan.network ?? 'none'}`
+    : `${displayPlanPart(active.surfacePlan.runtime)} · ${active.mode} · pending`;
   const provider = modelProviders.find((item) => item.id === active.modelProvider);
   const selectedModel = active.generationModel
     ?? provider?.defaults?.generationModel
@@ -293,10 +305,9 @@ export function buildContractRows({
     ['effective', 'Effective safety plan', effective, effectivePlan ? 'good' : 'pending'],
     ['grants', 'Allowed host tools', `${toolCount}: ${hostTools}`, toolCount ? 'neutral' : 'pending'],
     ['components', 'Trusted components', `${componentCount}: ${components}`, componentCount ? 'good' : 'pending'],
-    ['runtime', 'Runtime', `${contract?.surface.mode ?? active.mode} · scripts ${contract?.surface.scriptPolicy ?? active.scriptPolicy}`, (contract?.surface.scriptPolicy ?? active.scriptPolicy) === 'allow' ? 'warn' : 'neutral'],
+    ['runtime', 'Sandbox runtime', runtime, effectivePlan ? 'good' : 'pending'],
     ['validation', 'Validation', validation, validation !== 'pending' && !validation.startsWith('0/') ? 'warn' : validation === 'pending' ? 'pending' : 'good'],
     ['stream', 'Stream diagnostics', stream, stream.startsWith('complete') ? 'good' : stream === 'pending' ? 'pending' : 'warn'],
-    ['repair', 'Validation retry', active.repair?.enabled ? (currentRepairSummary ?? 'on') : 'off', active.repair?.enabled ? 'warn' : 'pending'],
     ['tokens', 'Tokens', active.tokenOverrides ? 'override' : 'base', active.tokenOverrides ? 'good' : 'pending'],
     ['shape', 'Shape', currentShape ?? 'pending', currentShape ? 'neutral' : 'pending'],
   ].map(([key, label, value, tone]) => ({ key, label, value, tone })) as Array<{
diff --git a/apps/demo/src/pages/generate/types.ts b/apps/demo/src/pages/generate/types.ts
index 9d7d6a9..36c54e8 100644
--- a/apps/demo/src/pages/generate/types.ts
+++ b/apps/demo/src/pages/generate/types.ts
@@ -42,7 +42,6 @@ export interface ModelCatalogEntry {
 export interface ModelProviderControls {
   customModels: boolean;
   maxOutputTokens: { default: number; presets: number[] };
-  repairMaxOutputTokens: { default: number; presets: number[] };
   anthropicThinking?: { default: 'adaptive' | 'off'; options: Array<'adaptive' | 'off'> };
   effort?: { default: 'low' | 'medium' | 'high'; options: Array<'low' | 'medium' | 'high'> };
 }
@@ -55,7 +54,6 @@ export interface ModelProviderDefaults {
 
 export interface ModelOptions {
   maxOutputTokens?: number;
-  repairMaxOutputTokens?: number;
   anthropicThinking?: 'adaptive' | 'off';
   effort?: 'low' | 'medium' | 'high';
 }
@@ -68,8 +66,6 @@ export interface ModelSelectionPayload {
   modelOptions?: ModelOptions;
 }
 
-export type FragmentMode = 'section' | 'block-v0' | 'html-node-v0';
-
 export type DiagnosticsTab = 'stream' | 'devtools' | 'history' | 'safety';
 
 export interface StreamOptions {
@@ -79,13 +75,7 @@ export interface StreamOptions {
   ghostTargetPath: string;
   ghostBaseDirectionId: string | null;
   layout?: SummonLayout | null;
-  fragmentMode?: FragmentMode;
   signal: AbortSignal;
-  edit?: {
-    baseRevision: number;
-    sections: { id: string; html: string }[];
-    targetSections?: string[];
-  };
 }
 
 export interface StreamResult extends SurfaceStreamResult {
@@ -95,7 +85,6 @@ export interface StreamResult extends SurfaceStreamResult {
 
 export interface StreamOptionsPayload {
   surfacePolicy?: SurfacePolicy;
-  surfacePlan?: SurfacePlan;
 }
 
 export interface LogEntry {
diff --git a/apps/demo/src/prompts.ts b/apps/demo/src/prompts.ts
index 3354c34..1f7f223 100644
--- a/apps/demo/src/prompts.ts
+++ b/apps/demo/src/prompts.ts
@@ -1,6 +1,6 @@
 /**
  * Sample asks for the demo. Every entry is phrased as a real-life user
- * intent — wanting to do something, see something, decide something, or
+ * tool — wanting to do something, see something, decide something, or
  * a mini-app for a real situation. **Never** a UI description ("a form
  * with three fields…"); the LLM infers shape, layout, and interactivity
  * from the ask. The point of this file is to stress-test that inference.
diff --git a/apps/demo/src/showcase.test.ts b/apps/demo/src/showcase.test.ts
index ee8a8c8..189169f 100644
--- a/apps/demo/src/showcase.test.ts
+++ b/apps/demo/src/showcase.test.ts
@@ -4,16 +4,15 @@ import {
   compileSurfacePolicy,
   normalizeSurfacePolicy,
 } from '@anarchitecture/summon';
-import { deriveSurfacePlanControls } from '@anarchitecture/summon/engine';
 import { GALLERY_PRESETS } from '../../surface-gallery/src/presets.js';
 import { baseDemoComponentPack } from './components.js';
 import {
   createScopedDemoRegistry,
-  narrowCapabilityPack,
+  narrowToolPack,
   SHOWCASE_SCENARIOS,
 } from './showcase.js';
 
-const allDemoCapabilityNames = [
+const allDemoToolNames = [
   'log',
   'counter',
   'choose',
@@ -33,21 +32,21 @@ test('createScopedDemoRegistry aligns prompt pack, validation grants, and handle
   const registry = createScopedDemoRegistry({ onSummon: () => {} }, ['search', 'summon']);
   const contract = registry.toContract();
 
-  assert.deepEqual(contract.pack.intents.map((intent) => intent.name), ['search', 'summon']);
-  assert.deepEqual(contract.validationCapabilities.map((capability) => capability.name), ['search', 'summon']);
+  assert.deepEqual(contract.pack.tools.map((tool) => tool.name), ['search', 'summon']);
+  assert.deepEqual(contract.validationTools.map((tool) => tool.name), ['search', 'summon']);
   assert.deepEqual(Object.keys(registry.toPolicyHandlers()), ['search', 'summon']);
-  assert.deepEqual(registry.intents(), ['search', 'summon']);
+  assert.deepEqual(registry.tools(), ['search', 'summon']);
 });
 
-test('narrowCapabilityPack keeps only allowed intents and non-leaking patterns', () => {
+test('narrowToolPack keeps only allowed tools and non-leaking patterns', () => {
   const full = createScopedDemoRegistry(
     { onSummon: () => {} },
-    allDemoCapabilityNames,
+    allDemoToolNames,
   ).toContract().pack;
 
-  const narrowed = narrowCapabilityPack(full, ['counter']);
+  const narrowed = narrowToolPack(full, ['counter']);
 
-  assert.deepEqual(narrowed.intents.map((intent) => intent.name), ['counter']);
+  assert.deepEqual(narrowed.tools.map((tool) => tool.name), ['counter']);
   assert.ok(narrowed.patterns?.some((pattern) => pattern.code.includes('"counter"')));
   assert.equal(
     narrowed.patterns?.some((pattern) => pattern.code.includes('"summon"') || pattern.code.includes('"search"')),
@@ -56,9 +55,9 @@ test('narrowCapabilityPack keeps only allowed intents and non-leaking patterns',
 });
 
 test('showcase scenarios declare contract-complete surfaces', () => {
-  const capabilities = createScopedDemoRegistry(
+  const tools = createScopedDemoRegistry(
     { onSummon: () => {} },
-    allDemoCapabilityNames,
+    allDemoToolNames,
   ).toContract().pack;
   const components = baseDemoComponentPack();
 
@@ -75,15 +74,15 @@ test('showcase scenarios declare contract-complete surfaces', () => {
     });
 
     const compiled = compileSurfacePolicy(scenario.surfacePolicy, {
-      capabilities,
+      tools,
       components,
     });
     assert.deepEqual(compiled.issues, [], `${scenario.id} has invalid SurfacePolicy`);
     assert.deepEqual(compiled.surfacePlan, scenario.surfacePlan, `${scenario.id} policy does not compile to its SurfacePlan`);
     assert.deepEqual(
-      compiled.capabilities?.intents.map((intent) => intent.name) ?? [],
-      scenario.capabilityNames,
-      `${scenario.id} grants do not match capability names`,
+      compiled.tools?.tools.map((tool) => tool.name) ?? [],
+      scenario.toolNames,
+      `${scenario.id} grants do not match tool names`,
     );
     assert.deepEqual(
       compiled.components?.components.map((component) => component.name) ?? [],
@@ -96,9 +95,7 @@ test('showcase scenarios declare contract-complete surfaces', () => {
     assert.ok(scenario.surfacePlan.data);
     assert.ok(scenario.surfacePlan.authority);
     assert.ok(scenario.surfacePlan.persistence);
-    const controls = deriveSurfacePlanControls(scenario.surfacePlan);
-    assert.equal(scenario.mode, controls.mode);
-    assert.equal(scenario.scriptPolicy ?? controls.scriptPolicy, controls.scriptPolicy);
+    assert.equal(scenario.mode, compiled.mode);
   }
 });
 
@@ -118,25 +115,25 @@ test('generate showcase mirrors surface gallery presets for shared sandbox paths
     assert.ok(gallery, `missing gallery preset ${id}`);
     assert.ok(scenario, `missing generate scenario ${id}`);
     assert.deepEqual(scenario.surfacePolicy, gallery.surfacePolicy, `${id} SurfacePolicy drift`);
-    assert.deepEqual(scenario.capabilityNames, gallery.surfacePolicy.grants ?? [], `${id} grant drift`);
+    assert.deepEqual(scenario.toolNames, gallery.surfacePolicy.grants ?? [], `${id} grant drift`);
     assert.deepEqual(scenario.componentNames ?? [], gallery.surfacePolicy.components ?? [], `${id} component drift`);
   }
 });
 
-test('showcase scenarios reference known demo capabilities', () => {
-  const known = new Set(allDemoCapabilityNames);
+test('showcase scenarios reference known demo tools', () => {
+  const known = new Set(allDemoToolNames);
   for (const scenario of SHOWCASE_SCENARIOS) {
-    for (const name of scenario.capabilityNames) {
-      assert.ok(known.has(name), `${scenario.id} references unknown capability "${name}"`);
+    for (const name of scenario.toolNames) {
+      assert.ok(known.has(name), `${scenario.id} references unknown tool "${name}"`);
     }
   }
 });
 
-test('showcase scenarios cover every non-utility demo capability', () => {
-  const utilityCapabilities = new Set(['log']);
-  const covered = new Set(SHOWCASE_SCENARIOS.flatMap((scenario) => scenario.capabilityNames));
-  const missing = allDemoCapabilityNames.filter(
-    (name) => !utilityCapabilities.has(name) && !covered.has(name),
+test('showcase scenarios cover every non-utility demo tool', () => {
+  const utilityTools = new Set(['log']);
+  const covered = new Set(SHOWCASE_SCENARIOS.flatMap((scenario) => scenario.toolNames));
+  const missing = allDemoToolNames.filter(
+    (name) => !utilityTools.has(name) && !covered.has(name),
   );
 
   assert.deepEqual(missing, []);
diff --git a/apps/demo/src/showcase.ts b/apps/demo/src/showcase.ts
index c190b32..4a8a0ea 100644
--- a/apps/demo/src/showcase.ts
+++ b/apps/demo/src/showcase.ts
@@ -1,33 +1,24 @@
 import type {
-  CapabilityPack,
-  ScriptPolicy,
+  ToolPack,
   SurfacePlan,
   SurfacePlanMode,
 } from '@anarchitecture/summon/engine';
-import type { CapabilityRegistry, SurfacePolicy } from '@anarchitecture/summon';
-import { createDemoCapabilityRegistry, type DemoHandlerOptions } from './capabilities.js';
+import type { ToolRegistry, SurfacePolicy } from '@anarchitecture/summon';
+import { createDemoToolRegistry, type DemoHandlerOptions } from './tools.js';
 
 export type Mode = SurfacePlanMode;
 
-export interface RepairOptions {
-  enabled: boolean;
-  maxAttempts?: number;
-  maxTargets?: number;
-}
-
 export interface ShowcaseScenario {
   id: string;
   label: string;
   prompt: string;
   mode: Mode;
-  capabilityNames: string[];
+  toolNames: string[];
   componentNames?: string[];
   surfacePolicy: SurfacePolicy;
   surfacePlan: SurfacePlan;
-  scriptPolicy?: ScriptPolicy;
   layoutId?: string;
   tokenOverrides?: Record<string, string>;
-  repair?: RepairOptions;
   directionId?: string | null;
 }
 
@@ -35,15 +26,13 @@ export interface ActiveContract {
   scenarioId: string;
   prompt: string;
   mode: Mode;
-  capabilityNames: string[];
+  toolNames: string[];
   componentNames?: string[];
   agentBroker?: boolean;
   surfacePolicy?: SurfacePolicy;
   surfacePlan: SurfacePlan;
-  scriptPolicy: ScriptPolicy;
   layoutId?: string;
   tokenOverrides?: Record<string, string>;
-  repair?: RepairOptions;
   directionId?: string | null;
   modelProvider?: string | null;
   generationModel?: string;
@@ -51,7 +40,6 @@ export interface ActiveContract {
   customModel?: boolean;
   modelOptions?: {
     maxOutputTokens?: number;
-    repairMaxOutputTokens?: number;
     anthropicThinking?: 'adaptive' | 'off';
     effort?: 'low' | 'medium' | 'high';
   };
@@ -64,55 +52,58 @@ export const SHOWCASE_SCENARIOS: ShowcaseScenario[] = [
     prompt:
       'help me build a weeknight dinner finder where i can search for recipes and see loading, error, and real host data states clearly',
     mode: 'interactive',
-    capabilityNames: ['search'],
+    toolNames: ['search'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['search'] },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'host-resource',
-      authority: 'read',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'host-resource',
+        authority: 'read',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'host-ai-brainstorm',
     label: 'Host AI brainstorm',
     prompt:
       'build a brainstorm helper where i can ask host AI for birthday gift ideas and see loading, error, and response states clearly',
     mode: 'interactive',
-    capabilityNames: ['ai'],
+    toolNames: ['ai'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['ai'] },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'host-resource',
-      authority: 'read',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'host-resource',
+        authority: 'read',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'github-profile-lookup',
     label: 'GitHub profile lookup',
     prompt:
       'build a GitHub profile lookup where i can enter a username and see loading, error, avatar, follower, and repo states from host data',
     mode: 'interactive',
-    capabilityNames: ['github_lookup'],
+    toolNames: ['github_lookup'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['github_lookup'] },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'host-resource',
-      authority: 'read',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'host-resource',
+        authority: 'read',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'component-islands',
     label: 'Trusted Components',
     prompt:
       'build a compact launch-readiness dashboard that uses host-rendered MetricCard, TrendSparkline, and ApprovalStatus component islands, plus a choose control for the final launch recommendation',
     mode: 'interactive',
-    capabilityNames: ['choose'],
+    toolNames: ['choose'],
     componentNames: ['MetricCard', 'TrendSparkline', 'ApprovalStatus'],
     surfacePolicy: {
       tier: 'declarative',
@@ -120,129 +111,137 @@ export const SHOWCASE_SCENARIOS: ShowcaseScenario[] = [
       grants: ['choose'],
       components: ['MetricCard', 'TrendSparkline', 'ApprovalStatus'],
     },
-    surfacePlan: {
-      purpose: 'review',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'review',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'static-summary',
     label: 'Static summary',
     prompt: 'compare Roth vs traditional IRA for someone new to retirement saving',
     mode: 'static',
-    capabilityNames: [],
+    toolNames: [],
     surfacePolicy: { tier: 'static', purpose: 'compare' },
-    surfacePlan: {
-      purpose: 'compare',
-      runtime: 'static',
-      data: 'embedded',
-      authority: 'none',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'compare',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'none',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'decision-picker',
     label: 'Decision Picker',
     prompt:
       'help me choose between three launch announcement approaches for a small developer tool. Compare tradeoffs and let me save the best option.',
     mode: 'interactive',
-    capabilityNames: ['choose'],
+    toolNames: ['choose'],
     surfacePolicy: { tier: 'declarative', purpose: 'compare', grants: ['choose'] },
-    surfacePlan: {
-      purpose: 'compare',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'compare',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'declarative-form',
     label: 'Declarative form',
     prompt:
       'help me collect a team lunch order with required fields, submit validation, a success state, and field errors',
     mode: 'interactive',
-    capabilityNames: ['submit'],
+    toolNames: ['submit'],
     surfacePolicy: { tier: 'declarative', purpose: 'collect', grants: ['submit'] },
-    surfacePlan: {
-      purpose: 'collect',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'collect',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'worker-analysis',
     label: 'Worker Analysis',
     prompt:
       'run host analysis for a product launch readiness topic, compute a score with a host-owned background worker, and show loading, error, and result states',
     mode: 'interactive',
-    capabilityNames: ['analysis', 'compute_score'],
+    toolNames: ['analysis', 'compute_score'],
     surfacePolicy: { tier: 'worker', purpose: 'review', grants: ['analysis', 'compute_score'] },
-    surfacePlan: {
-      purpose: 'review',
-      runtime: 'worker',
-      data: 'worker',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'review',
+        runtime: 'arrow',
+        data: 'worker',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'approval-publish',
     label: 'Approval Publish',
     prompt:
       'build a publish approval panel where i can review a titled summary, request host approval, and show pending, approved, denied, and error states',
     mode: 'interactive',
-    capabilityNames: ['publish_summary'],
+    toolNames: ['publish_summary'],
     surfacePolicy: { tier: 'approval', purpose: 'operate', grants: ['publish_summary'] },
-    surfacePlan: {
-      purpose: 'operate',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'approval-gated',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'operate',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'approval-gated',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'local-state-motion',
     label: 'Local state + motion',
     prompt:
       'build a scoring picker with tabs, disclosure, local highlighted selection, state-driven styling, and subtle motion using only declarative local state plus host-backed choose and counter controls',
     mode: 'interactive',
-    capabilityNames: ['choose', 'counter'],
+    toolNames: ['choose', 'counter'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['choose', 'counter'] },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'token-override',
     label: 'Token override',
     prompt:
       'build a compact option picker where I can choose an option with a prominent accent action and status badge, using only direction tokens for color',
     mode: 'interactive',
-    capabilityNames: ['choose'],
+    toolNames: ['choose'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['choose'] },
     tokenOverrides: {
       'color-accent': '#0f8cff',
       'color-accent-fg': '#ffffff',
     },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-    directionId: 'pulse',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
+      directionId: 'pulse',
   },
   {
     id: 'layout-card',
@@ -250,50 +249,35 @@ export const SHOWCASE_SCENARIOS: ShowcaseScenario[] = [
     prompt:
       'create a compact project intake card where I can submit validated details, with a crisp header, useful content, and one or two action controls',
     mode: 'interactive',
-    capabilityNames: ['submit'],
+    toolNames: ['submit'],
     surfacePolicy: { tier: 'declarative', purpose: 'collect', grants: ['submit'] },
     layoutId: 'card-structured',
-    surfacePlan: {
-      purpose: 'collect',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'collect',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
   {
     id: 'sibling-summon',
     label: 'Sibling summon',
     prompt:
       'build a recipe explorer that can search for dinner ideas and includes a clear action to summon a separate prep guide for one result',
     mode: 'interactive',
-    capabilityNames: ['search', 'summon'],
+    toolNames: ['search', 'summon'],
     surfacePolicy: { tier: 'declarative', purpose: 'explore', grants: ['search', 'summon'] },
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'host-resource',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-  },
-  {
-    id: 'repair-diagnostics',
-    label: 'Validation Retry Diagnostics',
-    prompt:
-      'build a compact onboarding checklist with validated submit controls and clear section structure; if a section is rejected, retry it within the same section',
-    mode: 'interactive',
-    capabilityNames: ['submit'],
-    surfacePolicy: { tier: 'declarative', purpose: 'collect', grants: ['submit'] },
-    repair: { enabled: true, maxAttempts: 1, maxTargets: 2 },
-    surfacePlan: {
-      purpose: 'collect',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
+      surfacePlan: {
+        purpose: 'explore',
+        runtime: 'arrow',
+        data: 'host-resource',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     },
-  },
 ];
 
 export function createGhostShowcaseScenario(rootId: string): ShowcaseScenario {
@@ -303,49 +287,50 @@ export function createGhostShowcaseScenario(rootId: string): ShowcaseScenario {
     prompt:
       'generate a review surface that follows this Ghost fingerprint package and lets me choose an approved direction with host-allowed controls',
     mode: 'interactive',
-    capabilityNames: ['choose'],
+    toolNames: ['choose'],
     surfacePolicy: { tier: 'declarative', purpose: 'review', grants: ['choose'] },
-    surfacePlan: {
-      purpose: 'review',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
+      surfacePlan: {
+        purpose: 'review',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
     directionId: `ghost:${rootId}`,
   };
 }
 
-export function narrowCapabilityPack(
-  pack: CapabilityPack,
-  capabilityNames: readonly string[],
-): CapabilityPack {
-  const allowed = new Set(capabilityNames);
-  const intents = pack.intents.filter((intent) => allowed.has(intent.name));
-  const denied = pack.intents
-    .map((intent) => intent.name)
+export function narrowToolPack(
+  pack: ToolPack,
+  toolNames: readonly string[],
+): ToolPack {
+  const allowed = new Set(toolNames);
+  const tools = pack.tools.filter((tool) => allowed.has(tool.name));
+  const denied = pack.tools
+    .map((tool) => tool.name)
     .filter((name) => !allowed.has(name));
   const patterns = (pack.patterns ?? []).filter((pattern) => {
-    if (denied.some((name) => mentionsCapability(pattern.code, name))) return false;
-    return capabilityNames.some((name) => mentionsCapability(pattern.code, name));
+    if (denied.some((name) => mentionsTool(pattern.code, name))) return false;
+    return toolNames.some((name) => mentionsTool(pattern.code, name));
   });
   return {
-    intents,
+    tools,
     ...(patterns.length > 0 ? { patterns } : {}),
   };
 }
 
 export function createScopedDemoRegistry(
   opts: DemoHandlerOptions,
-  capabilityNames: readonly string[],
-): CapabilityRegistry {
-  const registry = createDemoCapabilityRegistry(opts);
-  const allowed = new Set(capabilityNames);
-  const excluded = registry.intents().filter((name) => !allowed.has(name));
+  toolNames: readonly string[],
+): ToolRegistry {
+  const registry = createDemoToolRegistry(opts);
+  const allowed = new Set(toolNames);
+  const excluded = registry.tools().filter((name) => !allowed.has(name));
   return registry.without(excluded);
 }
 
-function mentionsCapability(code: string, name: string): boolean {
+function mentionsTool(code: string, name: string): boolean {
   return (
     code.includes(`"${name}"`) ||
     code.includes(`'${name}'`) ||
diff --git a/apps/demo/src/strict-demo-artifact.ts b/apps/demo/src/strict-demo-artifact.ts
index ffb9d18..d74a18c 100644
--- a/apps/demo/src/strict-demo-artifact.ts
+++ b/apps/demo/src/strict-demo-artifact.ts
@@ -1,181 +1,150 @@
-/**
- * Strict-tier demo artifact. The outer (LLM-style) sandbox renders the form
- * shell — labels, layout, copy, submit button — but the actual card-number
- * input is rendered by the host as an overlay. Outer never sees the digits.
- *
- * Outer's role:
- *   - Reserve a placeholder div sized for the input.
- *   - Emit `mount_strict_input` with bounds and kind:'card'.
- *   - Watch state for filled/tokenized signals; gate submit on them.
- *   - Emit `submit_strict_input` when the user clicks Pay.
- *
- * Host's role (in the React StrictPage):
- *   - Position a host-trusted card input over the placeholder.
- *   - Tokenize on submit; push back a state patch with last4 + token.
- */
-export const STRICT_DEMO_BODY_HTML = /* html */ `
-<div class="wrap">
-  <header>
-    <h1>Subscribe</h1>
-    <p>The form is generated. The card field is not.</p>
-  </header>
-
-  <div class="explainer">
-    Outer sandbox is null-origin and could be LLM-authored. It draws the
-    layout, labels, and submit button. The host overlays a trusted card
-    input on the placeholder below — the outer never sees keystrokes.
-  </div>
-
-  <form id="form">
-    <label>
-      <span>Email</span>
-      <input id="email" type="email" autocomplete="email" placeholder="you@example.com">
-    </label>
-
-    <label>
-      <span>Card number</span>
-      <!-- The host overlays its trusted input on this div. We never read its value. -->
-      <div id="card-slot" class="strict-slot">
-        <span class="strict-pending">waiting for host overlay…</span>
-      </div>
-      <small id="card-status" class="hint">Mount status: pending</small>
-    </label>
-
-    <button id="pay" type="submit" disabled>Pay</button>
-    <div id="result" class="result" hidden></div>
-  </form>
-</div>
-
-<style>
-  .wrap { padding: var(--space-5); max-width: 480px; }
-  header h1 { margin: 0 0 var(--space-1); font-size: var(--text-xl); }
-  header p { margin: 0 0 var(--space-4); color: var(--color-text-muted); font-size: var(--text-sm); }
-
-  .explainer {
-    padding: var(--space-3);
-    margin-bottom: var(--space-5);
-    background: var(--color-surface-muted);
-    border-left: 3px solid var(--color-accent);
-    border-radius: var(--radius-sm);
-    font-size: var(--text-xs);
-    color: var(--color-text-muted);
-    line-height: 1.5;
-  }
-
-  form { display: flex; flex-direction: column; gap: var(--space-4); }
-  label { display: flex; flex-direction: column; gap: var(--space-2); font-size: var(--text-sm); font-weight: 500; }
-  label span { color: var(--color-text); }
-
-  input {
-    padding: var(--space-3);
-    border: 1px solid var(--color-border);
-    border-radius: var(--radius-md);
-    font: inherit;
-    font-size: var(--text-base);
-    background: var(--color-surface);
-    color: var(--color-text);
-  }
-  input:focus { outline: 2px solid var(--color-accent); outline-offset: -1px; }
-
-  /* Placeholder for the host-overlaid input. Host fills its own DOM here. */
-  .strict-slot {
-    height: 44px;
-    border: 1px dashed var(--color-border);
-    border-radius: var(--radius-md);
-    background: repeating-linear-gradient(
-      45deg,
-      var(--color-surface-muted),
-      var(--color-surface-muted) 4px,
-      transparent 4px,
-      transparent 8px
-    );
-    display: flex;
-    align-items: center;
-    padding: 0 var(--space-3);
-  }
-  .strict-pending { color: var(--color-text-muted); font-size: var(--text-xs); font-family: var(--font-mono); }
-
-  .hint { color: var(--color-text-muted); font-size: var(--text-xs); font-weight: 400; }
-
-  button {
-    padding: var(--space-3);
-    background: var(--color-accent);
-    color: var(--color-on-accent, white);
-    border: 0;
-    border-radius: var(--radius-md);
-    font: inherit;
-    font-weight: 600;
-    cursor: pointer;
-  }
-  button:disabled { opacity: 0.4; cursor: not-allowed; }
-
-  .result {
-    padding: var(--space-3);
-    background: var(--color-surface-muted);
-    border-radius: var(--radius-md);
-    font-family: var(--font-mono);
-    font-size: var(--text-xs);
-    color: var(--color-text);
-  }
-  .result strong { color: var(--color-success); }
-</style>
-
-<script>
-  function esc(s) { return String(s).replace(/[&<>"']/g, c => ({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[c])); }
-
-  const slotEl = document.getElementById('card-slot');
-  const cardStatus = document.getElementById('card-status');
-  const payBtn = document.getElementById('pay');
-  const resultEl = document.getElementById('result');
-  const form = document.getElementById('form');
-
-  // Report the placeholder's bounds (in our own viewport coords). Host adds its
-  // own iframe offset to land the overlay in the right screen pixels.
-  function emitMount() {
-    const rect = slotEl.getBoundingClientRect();
-    sandbox.emit('mount_strict_input', {
-      slot: 'card_number',
-      kind: 'card',
-      bounds: { x: rect.left, y: rect.top, width: rect.width, height: rect.height },
-    });
-  }
-
-  // Defer to next frame so layout has settled and getBoundingClientRect is final.
-  requestAnimationFrame(emitMount);
-
-  // If the artifact is resized (e.g. host rerenders, font loads), re-emit so the
-  // overlay tracks. ResizeObserver would be more robust; this covers the basics.
-  window.addEventListener('resize', emitMount);
-
-  sandbox.onState(state => {
-    cardStatus.textContent = 'Mount status: ' + (state.cardMounted ? 'mounted' : 'pending');
-    if (state.cardFilled !== undefined) {
-      cardStatus.textContent += state.cardFilled ? ' · filled' : ' · empty';
-    }
-    payBtn.disabled = !(state.cardFilled && !state.tokenizing);
-    if (state.tokenizing) {
-      payBtn.textContent = 'Tokenizing…';
-    } else {
-      payBtn.textContent = 'Pay';
-    }
-    if (state.token) {
-      resultEl.hidden = false;
-      resultEl.innerHTML =
-        '<strong>Tokenized.</strong> last4=' + esc(state.token.last4) +
-        ' · token=' + esc(state.token.id);
-    }
-    if (state.error) {
-      resultEl.hidden = false;
-      resultEl.textContent = 'Error: ' + state.error;
-    }
-  });
-
-  function submitCard(e) {
-    e.preventDefault();
-    sandbox.emit('submit_strict_input', { slot: 'card_number' });
+import type { ArrowSurfaceArtifact } from '@anarchitecture/summon/engine';
+
+const strictMain = `
+import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({
+  cardMounted: false,
+  cardFilled: false,
+  tokenizing: false,
+  token: null,
+  error: null,
+});
+
+function applyHostState(hostState) {
+  state.cardMounted = Boolean(hostState.cardMounted);
+  state.cardFilled = Boolean(hostState.cardFilled);
+  state.tokenizing = Boolean(hostState.tokenizing);
+  state.token = hostState.token || null;
+  state.error = typeof hostState.error === "string" ? hostState.error : null;
+}
+
+onState(applyHostState);
+
+async function submitCard(event) {
+  if (event && typeof event.preventDefault === "function") event.preventDefault();
+  if (state.tokenizing) return;
+  state.tokenizing = true;
+  const result = await callTool("submit_strict_input", { slot: "card_number" });
+  if (result && result.ok) {
+    applyHostState(result.state || {});
+  } else {
+    state.tokenizing = false;
+    state.error = result && result.error ? result.error : "tokenization failed";
   }
+}
+
+export default html\`
+  <div class="wrap">
+    <header>
+      <h1>Subscribe</h1>
+      <p>The form is generated. The card field is not.</p>
+    </header>
+
+    <div class="explainer">
+      Outer sandbox is null-origin and could be LLM-authored. It draws the
+      layout, labels, and submit button. The host overlays a trusted card
+      input on the placeholder below. The outer never sees keystrokes.
+    </div>
+
+    <form id="form" @submit="\${submitCard}">
+      <label>
+        <span>Email</span>
+        <input id="email" type="email" autocomplete="email" placeholder="you@example.com">
+      </label>
+
+      <label>
+        <span>Card number</span>
+        <div
+          id="card-slot"
+          class="strict-slot"
+          data-summon-component="StrictCardInput"
+          data-summon-component-id="card-number"
+          data-summon-props='{"slot":"card_number"}'
+        >
+          <span class="strict-pending">\${() => state.cardMounted ? "host overlay mounted" : "waiting for host overlay"}</span>
+        </div>
+        <small id="card-status" class="hint">
+          \${() => "Mount status: " + (state.cardMounted ? "mounted" : "pending") + (state.cardFilled ? " · filled" : " · empty")}
+        </small>
+      </label>
+
+      <button id="pay" type="submit" class="\${() => state.cardFilled && !state.tokenizing ? "" : "disabled"}" @click="\${submitCard}">
+        \${() => state.tokenizing ? "Tokenizing..." : "Pay"}
+      </button>
+      <div id="result" class="result">
+        \${() => state.token ? "Tokenized. last4=" + state.token.last4 + " · token=" + state.token.id : state.error ? "Error: " + state.error : ""}
+      </div>
+    </form>
+  </div>
+\`;
+`;
 
-  payBtn.addEventListener('click', submitCard);
-  form.addEventListener('submit', submitCard);
-</script>
+const strictCss = `
+.wrap { padding: var(--space-5); max-width: 480px; }
+header h1 { margin: 0 0 var(--space-1); font-size: var(--text-xl); }
+header p { margin: 0 0 var(--space-4); color: var(--color-text-muted); font-size: var(--text-sm); }
+.explainer {
+  padding: var(--space-3);
+  margin-bottom: var(--space-5);
+  background: var(--color-surface-muted);
+  border-left: 3px solid var(--color-accent);
+  border-radius: var(--radius-sm);
+  font-size: var(--text-xs);
+  color: var(--color-text-muted);
+  line-height: 1.5;
+}
+form { display: flex; flex-direction: column; gap: var(--space-4); }
+label { display: flex; flex-direction: column; gap: var(--space-2); font-size: var(--text-sm); font-weight: 500; }
+label span { color: var(--color-text); }
+input {
+  padding: var(--space-3);
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius-md);
+  font: inherit;
+  font-size: var(--text-base);
+  background: var(--color-surface);
+  color: var(--color-text);
+}
+input:focus { outline: 2px solid var(--color-accent); outline-offset: -1px; }
+.strict-slot {
+  height: 44px;
+  border: 1px dashed var(--color-border);
+  border-radius: var(--radius-md);
+  background: var(--color-surface-muted);
+  display: flex;
+  align-items: center;
+  padding: 0 var(--space-3);
+}
+.strict-pending { color: var(--color-text-muted); font-size: var(--text-xs); font-family: var(--font-mono); }
+.hint { color: var(--color-text-muted); font-size: var(--text-xs); font-weight: 400; }
+button {
+  padding: var(--space-3);
+  background: var(--color-accent);
+  color: var(--color-on-accent, white);
+  border: 0;
+  border-radius: var(--radius-md);
+  font: inherit;
+  font-weight: 600;
+  cursor: pointer;
+}
+button.disabled { opacity: 0.4; cursor: not-allowed; }
+.result {
+  min-height: 20px;
+  padding: var(--space-3);
+  background: var(--color-surface-muted);
+  border-radius: var(--radius-md);
+  font-family: var(--font-mono);
+  font-size: var(--text-xs);
+  color: var(--color-text);
+}
 `;
+
+export const STRICT_DEMO_ARTIFACT: ArrowSurfaceArtifact = {
+  runtime: 'arrow',
+  source: {
+    'main.ts': strictMain,
+    'main.css': strictCss,
+  },
+};
diff --git a/apps/demo/src/capabilities.ts b/apps/demo/src/tools.ts
similarity index 70%
rename from apps/demo/src/capabilities.ts
rename to apps/demo/src/tools.ts
index 86d6f52..79e639a 100644
--- a/apps/demo/src/capabilities.ts
+++ b/apps/demo/src/tools.ts
@@ -1,11 +1,11 @@
 /**
- * Demo capability registry — the demo app owns its intent vocabulary, prompt
+ * Demo tool registry — the demo app owns its tool vocabulary, prompt
  * patterns, and handler implementations in one place. The registry produces
- * both the model-facing CapabilityPack and the PolicyEngine handler map.
+ * both the model-facing ToolPack and the PolicyEngine handler map.
  */
 
 import {
-  createCapabilityRegistry,
+  createToolRegistry,
   defineAction,
   defineApprovalAction,
   defineDataResource,
@@ -13,10 +13,10 @@ import {
   defineWorkerResource,
   type ApprovalDecision,
   type ApprovalRequest,
-  type CapabilityDefinition,
-  type CapabilityRegistry,
+  type ToolDefinition,
+  type ToolRegistry,
 } from '@anarchitecture/summon';
-import type { IntentHandler } from '@anarchitecture/summon/policy';
+import type { ToolHandler } from '@anarchitecture/summon/policy';
 import { z } from 'zod';
 
 const logArgsSchema = z.object({ payload: z.any().optional() }).passthrough();
@@ -94,7 +94,7 @@ export interface DemoHandlerOptions {
    * Optional because only the single-prompt generate page owns the DOM and
    * streaming machinery needed to spawn sibling sandboxes.
    */
-  onSummon?: IntentHandler<SummonArgs>;
+  onSummon?: ToolHandler<SummonArgs>;
   /**
    * Optional because batch/demo surfaces may run without a visible host
    * approval panel. Browser hosts should render their own approve/deny UI here.
@@ -104,9 +104,9 @@ export interface DemoHandlerOptions {
   ) => Promise<ApprovalDecision> | ApprovalDecision;
 }
 
-export function createDemoCapabilityRegistry(
+export function createDemoToolRegistry(
   opts: DemoHandlerOptions = {},
-): CapabilityRegistry {
+): ToolRegistry {
   const log = opts.onLog ?? (() => {});
   const errlog = opts.onError ?? opts.onLog ?? (() => {});
 
@@ -116,7 +116,7 @@ export function createDemoCapabilityRegistry(
   let logCount = 0;
   const chosenOptions: string[] = [];
 
-  const capabilities: CapabilityDefinition<any>[] = [
+  const tools: ToolDefinition<any>[] = [
     defineAction({
       name: 'log',
       description:
@@ -142,11 +142,24 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'Counter (shared integer state)',
-          code: `<div>
-  <button data-summon-on-click="counter" data-summon-args='{"delta":-1}'>-</button>
-  <output data-summon-bind="count">0</output>
-  <button data-summon-on-click="counter" data-summon-args='{"delta":1}'>+</button>
-</div>`,
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ count: 0 });
+onState((hostState) => {
+  state.count = Number(hostState.count ?? state.count);
+});
+
+async function adjust(delta: number) {
+  const result = await callTool("counter", { delta });
+  if (result.ok) state.count = Number(result.state.count ?? state.count);
+}
+
+export default html\`
+  <button @click="\${() => adjust(-1)}">-</button>
+  <output>\${() => state.count}</output>
+  <button @click="\${() => adjust(1)}">+</button>
+\`;`,
         },
       ],
       handler: ({ args, push }) => {
@@ -180,13 +193,33 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'Form submit (validation)',
-          code: `<form data-summon-on-submit="submit">
-  <input name="title" placeholder="Title">
-  <input name="notes" placeholder="Notes">
-  <button>Save</button>
-</form>
-<p data-summon-show="submitted" style="color:var(--color-success);">Saved.</p>
-<p data-summon-show="submitError" data-summon-bind="submitError" style="color:var(--color-danger);"></p>`,
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ submitted: false, submitError: "" });
+onState((hostState) => {
+  state.submitted = Boolean(hostState.submitted);
+  state.submitError = String(hostState.submitError ?? "");
+});
+
+async function save(event: SubmitEvent) {
+  event.preventDefault();
+  const form = event.currentTarget as HTMLFormElement;
+  const fields = Object.fromEntries(new FormData(form).entries());
+  const result = await callTool("submit", fields);
+  state.submitted = Boolean(result.state.submitted);
+  state.submitError = String(result.state.submitError ?? result.error ?? "");
+}
+
+export default html\`
+  <form @submit="\${save}">
+    <input name="title" placeholder="Title">
+    <input name="notes" placeholder="Notes">
+    <button>Save</button>
+  </form>
+  <p>\${() => state.submitted ? "Saved." : ""}</p>
+  <p>\${() => state.submitError}</p>
+\`;`,
         },
       ],
       handler: ({ args, push }) => {
@@ -231,22 +264,41 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'Search + result list (form submit + foreach + scoped click)',
-          code: `<div data-summon-resource="search" data-summon-resource-as="s">
-  <form data-summon-resource-trigger="submit">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ searching: false, results: [] as Array<{ title: string; snippet: string }>, searchError: "" });
+onState((hostState) => {
+  state.searching = Boolean(hostState.searching);
+  state.results = Array.isArray(hostState.results) ? hostState.results : [];
+  state.searchError = String(hostState.searchError ?? "");
+});
+
+async function search(event: SubmitEvent) {
+  event.preventDefault();
+  const query = String(new FormData(event.currentTarget as HTMLFormElement).get("query") ?? "");
+  await callTool("search", { query });
+}
+
+async function pick(result: { title: string; snippet: string }) {
+  await callTool("log", { payload: { picked: result } });
+}
+
+export default html\`
+  <form @submit="\${search}">
     <input name="query" placeholder="Search...">
-    <button data-summon-attr-disabled="$s.loading">Go</button>
+    <button class="\${() => state.searching ? "loading" : ""}">\${() => state.searching ? "Searching..." : "Go"}</button>
   </form>
-  <p data-summon-show="$s.loading">Searching...</p>
-  <p data-summon-show="$s.error" data-summon-bind="$s.error" style="color:var(--color-danger);"></p>
-  <ul data-summon-foreach="$s.data" data-summon-as="r" data-summon-show="$s.data" style="list-style:none;padding:0;margin:0;">
-    <template>
-      <li data-summon-on-click="log" data-summon-args='{"payload":{"picked":"$r"}}' style="cursor:pointer;padding:8px 12px;border-bottom:1px solid var(--color-border);">
-        <div style="font-weight:600;" data-summon-bind="$r.title"></div>
-        <div style="color:var(--color-text-muted);font-size:var(--text-sm);" data-summon-bind="$r.snippet"></div>
+  <p>\${() => state.searchError}</p>
+  <ul>
+    \${() => state.results.map((result) => html\`
+      <li @click="\${() => pick(result)}">
+        <strong>\${result.title}</strong>
+        <span>\${result.snippet}</span>
       </li>
-    </template>
+    \`)}
   </ul>
-</div>`,
+\`;`,
         },
       ],
       onStart: ({ query }) => {
@@ -285,15 +337,30 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'AI brainstorm (form submit + show loading + bind output)',
-          code: `<div data-summon-resource="ai" data-summon-resource-as="a">
-  <form data-summon-resource-trigger="submit">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ aiLoading: false, aiResponse: "", aiError: "" });
+onState((hostState) => {
+  state.aiLoading = Boolean(hostState.aiLoading);
+  state.aiResponse = String(hostState.aiResponse ?? "");
+  state.aiError = String(hostState.aiError ?? "");
+});
+
+async function brainstorm(event: SubmitEvent) {
+  event.preventDefault();
+  const prompt = String(new FormData(event.currentTarget as HTMLFormElement).get("prompt") ?? "");
+  await callTool("ai", { prompt });
+}
+
+export default html\`
+  <form @submit="\${brainstorm}">
     <textarea name="prompt" placeholder="Describe the person..."></textarea>
-    <button data-summon-attr-disabled="$a.loading">Brainstorm</button>
+    <button class="\${() => state.aiLoading ? "loading" : ""}">\${() => state.aiLoading ? "Generating..." : "Brainstorm"}</button>
   </form>
-  <p data-summon-show="$a.loading">Generating...</p>
-  <p data-summon-show="$a.error" data-summon-bind="$a.error" style="color:var(--color-danger);"></p>
-  <div data-summon-show="$a.data" data-summon-bind="$a.data" style="white-space:pre-wrap;"></div>
-</div>`,
+  <p>\${() => state.aiError}</p>
+  <div>\${() => state.aiResponse}</div>
+\`;`,
         },
       ],
       onStart: ({ prompt }) => {
@@ -334,25 +401,36 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'GitHub lookup (form submit + show wrapper + bind nested fields)',
-          code: `<div data-summon-resource="github_lookup" data-summon-resource-as="gh">
-  <form data-summon-resource-trigger="submit" style="display:flex;gap:var(--space-2);">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ githubLoading: false, githubUser: null as null | Record<string, unknown>, githubError: "" });
+onState((hostState) => {
+  state.githubLoading = Boolean(hostState.githubLoading);
+  state.githubUser = hostState.githubUser && typeof hostState.githubUser === "object" ? hostState.githubUser as Record<string, unknown> : null;
+  state.githubError = String(hostState.githubError ?? "");
+});
+
+async function lookup(event: SubmitEvent) {
+  event.preventDefault();
+  const username = String(new FormData(event.currentTarget as HTMLFormElement).get("username") ?? "");
+  await callTool("github_lookup", { username });
+}
+
+export default html\`
+  <form @submit="\${lookup}">
     <input name="username" placeholder="GitHub username, e.g. torvalds">
-    <button data-summon-attr-disabled="$gh.loading">Look up</button>
+    <button class="\${() => state.githubLoading ? "loading" : ""}">\${() => state.githubLoading ? "Looking up..." : "Look up"}</button>
   </form>
-  <p data-summon-show="$gh.loading">Looking up...</p>
-  <p data-summon-show="$gh.error" data-summon-bind="$gh.error" style="color:var(--color-danger);"></p>
-  <div data-summon-show="$gh.data" style="display:flex;gap:var(--space-4);align-items:flex-start;padding:var(--space-4);border:1px solid var(--color-border);border-radius:var(--radius-lg);margin-top:var(--space-4);">
-    <img data-summon-attr-src="$gh.data.avatar" alt="" style="width:64px;height:64px;border-radius:50%;">
-    <div>
-      <div style="font-weight:600;">@<span data-summon-bind="$gh.data.login"></span></div>
-      <div data-summon-bind="$gh.data.name"></div>
-      <div data-summon-bind="$gh.data.bio" style="color:var(--color-text-muted);font-size:var(--text-sm);"></div>
-      <div style="font-size:var(--text-xs);color:var(--color-text-muted);margin-top:var(--space-2);">
-        <span data-summon-bind="$gh.data.followers"></span> followers · <span data-summon-bind="$gh.data.public_repos"></span> repos
-      </div>
-    </div>
-  </div>
-</div>`,
+  <p>\${() => state.githubError}</p>
+  \${() => state.githubUser ? html\`
+    <article>
+      <img src="\${String(state.githubUser.avatar ?? "")}" alt="">
+      <strong>@\${String(state.githubUser.login ?? "")}</strong>
+      <p>\${String(state.githubUser.bio ?? "")}</p>
+    </article>
+  \` : ""}
+\`;`,
         },
       ],
       onStart: ({ username }) => {
@@ -424,20 +502,37 @@ export function createDemoCapabilityRegistry(
       patterns: [
         {
           name: 'Worker analysis (background compute + result binding)',
-          code: `<div data-summon-resource="analysis" data-summon-resource-as="a">
-  <form data-summon-resource-trigger="submit">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ analysisLoading: false, analysisResult: null as null | { topic: string; score: number; summary: string; next: string[] }, analysisError: "" });
+onState((hostState) => {
+  state.analysisLoading = Boolean(hostState.analysisLoading);
+  state.analysisResult = hostState.analysisResult as typeof state.analysisResult;
+  state.analysisError = String(hostState.analysisError ?? "");
+});
+
+async function analyze(event: SubmitEvent) {
+  event.preventDefault();
+  const topic = String(new FormData(event.currentTarget as HTMLFormElement).get("topic") ?? "");
+  await callTool("analysis", { topic });
+}
+
+export default html\`
+  <form @submit="\${analyze}">
     <input name="topic" placeholder="Topic to analyze">
-    <button data-summon-attr-disabled="$a.loading">Analyze</button>
+    <button class="\${() => state.analysisLoading ? "loading" : ""}">\${() => state.analysisLoading ? "Analyzing..." : "Analyze"}</button>
   </form>
-  <p data-summon-show="$a.loading">Analyzing...</p>
-  <p data-summon-show="$a.error" data-summon-bind="$a.error" style="color:var(--color-danger);"></p>
-  <article data-summon-show="$a.data">
-    <strong data-summon-bind="$a.data.topic"></strong>
-    <span data-summon-bind="$a.data.score"></span>
-    <p data-summon-bind="$a.data.summary"></p>
-    <ul data-summon-foreach="$a.data.next" data-summon-as="step"><template><li data-summon-bind="$step"></li></template></ul>
-  </article>
-</div>`,
+  <p>\${() => state.analysisError}</p>
+  \${() => state.analysisResult ? html\`
+    <article>
+      <strong>\${state.analysisResult.topic}</strong>
+      <span>\${state.analysisResult.score}</span>
+      <p>\${state.analysisResult.summary}</p>
+      <ul>\${state.analysisResult.next.map((step) => html\`<li>\${step}</li>\`)}</ul>
+    </article>
+  \` : ""}
+\`;`,
         },
       ],
       onStart: ({ topic }) => {
@@ -512,21 +607,35 @@ export function createDemoCapabilityRegistry(
   ];
 
   if (opts.onSummon) {
-    capabilities.push(
+    tools.push(
       defineAction({
         name: 'summon',
         description:
-          'Ask the host to generate a NEW sibling UI in its own iframe with its own state. Use sparingly — only when the user benefits from a deeper, separately-stateful surface (e.g., "summon a prep guide for this recipe", "open this option as its own planner"). The `prompt` is the user-intent description for the new UI; the optional `title` labels the child card. Do NOT use summon for things you can render inline with the existing intents.',
+          'Ask the host to generate a NEW sibling UI in its own iframe with its own state. Use sparingly — only when the user benefits from a deeper, separately-stateful surface (e.g., "summon a prep guide for this recipe", "open this option as its own planner"). The `prompt` is the user-tool description for the new UI; the optional `title` labels the child card. Do NOT use summon for things you can render inline with the existing tools.',
         argsSchema: summonArgsSchema,
         stateShape: '{summonedCount: number, lastSummoned: string | null, summonError: string | null}',
         patterns: [
           {
             name: 'Summon a sibling UI (new iframe, own state)',
-            code: `<button
-  data-summon-on-click="summon"
-  data-summon-args='{"prompt":"a focused 20-minute prep guide for chicken piccata, with timer-style steps","title":"Prep guide"}'
->Open prep guide -></button>
-<p data-summon-show="summonError" data-summon-bind="summonError" style="color:var(--color-danger);"></p>`,
+            code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ summonError: "" });
+onState((hostState) => {
+  state.summonError = String(hostState.summonError ?? "");
+});
+
+async function openPrepGuide() {
+  await callTool("summon", {
+    prompt: "a focused 20-minute prep guide for chicken piccata, with timer-style steps",
+    title: "Prep guide",
+  });
+}
+
+export default html\`
+  <button @click="\${openPrepGuide}">Open prep guide -></button>
+  <p>\${() => state.summonError}</p>
+\`;`,
           },
         ],
         handler: opts.onSummon,
@@ -534,5 +643,5 @@ export function createDemoCapabilityRegistry(
     );
   }
 
-  return createCapabilityRegistry(capabilities);
+  return createToolRegistry(tools);
 }
diff --git a/apps/server/directions/pulse/prompt.md b/apps/server/directions/pulse/prompt.md
index efbd898..eabcb25 100644
--- a/apps/server/directions/pulse/prompt.md
+++ b/apps/server/directions/pulse/prompt.md
@@ -2,7 +2,7 @@
 
 This is the design direction for Pulse - a high-contrast vocabulary for status,
 decisions, and action-heavy generated surfaces. Response shape is your call
-based on the user's intent; this document tells you how things look once you've
+based on the user's request; this document tells you how things look once you've
 picked a shape.
 
 ## Character
diff --git a/apps/server/directions/workbench/prompt.md b/apps/server/directions/workbench/prompt.md
index 7c5ce08..a1b5397 100644
--- a/apps/server/directions/workbench/prompt.md
+++ b/apps/server/directions/workbench/prompt.md
@@ -1,7 +1,7 @@
 # Workbench - Design Direction
 
 This is the design direction for Workbench - a dense, neutral UI vocabulary for
-operational tools. Response shape is your call based on the user's intent; this
+operational tools. Response shape is your call based on the user's request; this
 document tells you how things look once you've picked a shape.
 
 ## Character
diff --git a/apps/server/src/demo-routes.ts b/apps/server/src/demo-routes.ts
index d3c7676..b75ed33 100644
--- a/apps/server/src/demo-routes.ts
+++ b/apps/server/src/demo-routes.ts
@@ -2,17 +2,17 @@ import type { Express, Response } from 'express';
 import type { ModelProviderRegistry, TextCompletionClient } from './model-providers.js';
 
 /**
- * Backing services for the demo capability pack.
+ * Backing services for the demo tool pack.
  *
  * These routes are intentionally outside main.ts so the generation server's
- * core route stays separate from the dev/demo intent implementations. A real
- * Summon host would define its own backing services next to its own capability
+ * core route stays separate from the dev/demo tool implementations. A real
+ * Summon host would define its own backing services next to its own tool
  * pack rather than reuse these.
  */
 export function registerDemoRoutes(app: Express, modelProviders: ModelProviderRegistry): void {
   /**
    * Mock search — generates plausible-but-fictional results via the utility model.
-   * Not a real search index; this demonstrates "sandbox emits intent -> host
+   * Not a real search index; this demonstrates "sandbox emits tool -> host
    * calls a backing service" without letting the sandbox reach the network.
    */
   app.post('/api/mock-search', async (req, res) => {
diff --git a/apps/server/src/generate-route.test.ts b/apps/server/src/generate-route.test.ts
index dddfc9e..f82f396 100644
--- a/apps/server/src/generate-route.test.ts
+++ b/apps/server/src/generate-route.test.ts
@@ -9,9 +9,8 @@ import { dirname, join, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import test from 'node:test';
 import type {
-  CapabilityPack,
+  ToolPack,
   ProtocolLine,
-  SurfaceCeiling,
   SurfacePlan,
 } from '@anarchitecture/summon/engine';
 
@@ -19,8 +18,8 @@ const here = dirname(fileURLToPath(import.meta.url));
 const packageRoot = resolve(here, '..');
 const workspaceRoot = resolve(packageRoot, '..', '..');
 
-const searchCapability: CapabilityPack = {
-  intents: [{
+const searchTools: ToolPack = {
+  tools: [{
     name: 'search',
     description: 'Search host-owned dinner data.',
     argsSchema: '{"query":"string"}',
@@ -34,18 +33,26 @@ const searchCapability: CapabilityPack = {
 
 const surfacePlan: SurfacePlan = {
   purpose: 'explore',
-  runtime: 'declarative',
+  runtime: 'arrow',
   data: 'host-resource',
   authority: 'read',
   persistence: 'replayable',
+  network: 'none',
 };
 
-const surfaceCeiling: SurfaceCeiling = {
-  runtimes: ['static', 'declarative'],
-  data: ['embedded', 'host-resource'],
-  authorities: ['none', 'read'],
-  persistences: ['replayable'],
-};
+function arrowText(html: string): string {
+  const source = html.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+  return `${JSON.stringify({
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': `import { html } from "@arrow-js/core";\nexport default html\`${source}\`;`,
+      },
+    },
+  })}\n`;
+}
 
 test('api generate sends narrowed contract and stream meta shape through package runner', async (t) => {
   const anthropicRequests: unknown[] = [];
@@ -57,25 +64,7 @@ test('api generate sends narrowed contract and stream meta shape through package
     }
     const request = JSON.parse(await readBody(req));
     anthropicRequests.push(request);
-    const systemText = Array.isArray(request.system)
-      ? request.system.map((block: { text?: unknown }) => typeof block.text === 'string' ? block.text : '').join('\n')
-      : '';
-    const generatedText = systemText.includes('Experimental HTML node patches')
-      ? [
-          '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-          '{"op":"add","path":"/section/hero/node/root","html":"<div data-summon-node=\\"root\\"></div>"}\n',
-          '{"op":"add","path":"/section/hero/node/headline","parent":"root","html":"<h1 data-summon-node=\\"headline\\">Dinner finder</h1>"}\n',
-        ]
-      : systemText.includes('Experimental block fragments')
-        ? [
-            '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-            '{"op":"set","path":"/section/hero","value":{"blocks":["headline"]}}\n',
-            '{"op":"add","path":"/section/hero/block/headline","html":"<h1>Dinner finder</h1><p>Ready.</p>"}\n',
-          ]
-        : [
-            '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-            '{"op":"add","path":"/section/hero","html":"<section><h1>Dinner finder</h1><p>Ready.</p></section>"}\n',
-          ];
+    const generatedText = [arrowText('<section><h1>Dinner finder</h1><p>Ready.</p></section>')];
     res.writeHead(200, {
       'content-type': 'text/event-stream',
       'cache-control': 'no-cache',
@@ -148,7 +137,7 @@ test('api generate sends narrowed contract and stream meta shape through package
       OPENAI_API_KEY: '',
       GEMINI_API_KEY: '',
       GOOGLE_API_KEY: '',
-      SUMMON_AGENT_INTENT_MODEL: '0',
+      SUMMON_AGENT_GOAL_MODEL: '0',
       SUMMON_INFER_SHAPE: '0',
     },
     stdio: ['ignore', 'pipe', 'pipe'],
@@ -164,25 +153,37 @@ test('api generate sends narrowed contract and stream meta shape through package
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build a dinner finder',
-      mode: 'interactive',
-      capabilities: searchCapability,
-      surfacePlan,
-      surfaceCeiling,
-      scriptPolicy: 'forbid',
+      tools: searchTools,
+      surfacePolicy: {
+        tier: 'declarative',
+        purpose: 'explore',
+        grants: ['search'],
+      },
     }),
   });
   const body = await response.text();
   assert.equal(response.status, 200, body);
 
   assert.equal(anthropicRequests.length, 1);
-  const request = anthropicRequests[0] as { model?: string; system?: Array<{ text?: string }>; stream?: boolean };
+  const request = anthropicRequests[0] as {
+    model?: string;
+    system?: Array<{ text?: string; cache_control?: unknown }>;
+    stream?: boolean;
+  };
   assert.equal(request.stream, true);
   assert.equal(request.model, 'claude-opus-4-8');
+  assert.ok(
+    (request.system ?? []).filter((block) => block.cache_control !== undefined).length <= 4,
+    'Anthropic accepts at most four system blocks with cache_control',
+  );
   const systemText = request.system?.map((block) => block.text ?? '').join('\n') ?? '';
   assert.match(systemText, /Search host-owned dinner data/);
   assert.match(systemText, /host-resource/);
-  assert.match(systemText, /Declarative-only interactivity/);
+  assert.match(systemText, /Arrow-native interactivity/);
+  assert.match(systemText, /host-bridge:summon/);
+  assert.match(systemText, /onState/);
   assert.doesNotMatch(systemText, /Rules for scripts/);
+  assert.doesNotMatch(systemText, /data-summon-on-click/);
   assert.doesNotMatch(systemText, /\bchoose\b/);
 
   const lines = body
@@ -190,16 +191,17 @@ test('api generate sends narrowed contract and stream meta shape through package
     .split(/\n/)
     .filter(Boolean)
     .map((raw) => JSON.parse(raw) as ProtocolLine);
-  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
+  assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
+    'meta /surface-policy',
     'meta /surface-plan',
+    'meta /surface-contract',
     'meta /status',
-    'set /screen',
-    'add /section/hero',
+    'artifact /artifact',
   ]);
   assert.equal(lines[0]?.op, 'meta');
-  assert.deepEqual((lines[0] as Extract<ProtocolLine, { op: 'meta' }>).value, surfacePlan);
+  assert.deepEqual((lines[1] as Extract<ProtocolLine, { op: 'meta' }>).value, surfacePlan);
   assert.equal(lines[1]?.op, 'meta');
-  assert.equal((lines[1] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
+  assert.equal((lines[3] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
   assert.equal(lines.at(-1)?.path, '/stream-graph-summary');
   assert.equal(lines.some((line) => line.path === '/error'), false);
 
@@ -208,14 +210,12 @@ test('api generate sends narrowed contract and stream meta shape through package
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build a dinner finder where i can search',
-      mode: 'static',
-      scriptPolicy: 'allow',
       surfacePolicy: {
         tier: 'declarative',
         purpose: 'explore',
         grants: ['search'],
       },
-      capabilities: searchCapability,
+      tools: searchTools,
     }),
   });
   const policyBody = await policyResponse.text();
@@ -227,7 +227,7 @@ test('api generate sends narrowed contract and stream meta shape through package
   const policySystemText = policyRequest.system?.map((block) => block.text ?? '').join('\n') ?? '';
   assert.match(policySystemText, /Search host-owned dinner data/);
   assert.match(policySystemText, /Surface contract/);
-  assert.match(policySystemText, /runtime=`declarative`/);
+  assert.match(policySystemText, /runtime=`arrow`/);
   assert.match(policySystemText, /data=`host-resource`/);
   assert.doesNotMatch(policySystemText, /Rules for scripts/);
 
@@ -241,7 +241,7 @@ test('api generate sends narrowed contract and stream meta shape through package
     'meta /surface-plan',
     'meta /surface-contract',
     'meta /status',
-    'set /screen',
+    'artifact /artifact',
   ]);
   assert.equal(policyLines.some((line) => line.path === '/mode-upgraded'), false);
   assert.deepEqual((policyLines[0] as Extract<ProtocolLine, { op: 'meta' }>).value, {
@@ -264,8 +264,8 @@ test('api generate sends narrowed contract and stream meta shape through package
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build a dinner finder where i can search recipes',
-      capabilities: searchCapability,
-      agent: { enabled: true, intentModel: 'off' },
+      tools: searchTools,
+      agent: { enabled: true, goalModel: 'off' },
     }),
   });
   const agentBody = await agentResponse.text();
@@ -277,7 +277,7 @@ test('api generate sends narrowed contract and stream meta shape through package
   const agentSystemText = agentRequest.system?.map((block) => block.text ?? '').join('\n') ?? '';
   assert.match(agentSystemText, /Search host-owned dinner data/);
   assert.match(agentSystemText, /Surface contract/);
-  assert.match(agentSystemText, /runtime=`declarative`/);
+  assert.match(agentSystemText, /runtime=`arrow`/);
 
   const agentLines = agentBody
     .trim()
@@ -285,18 +285,19 @@ test('api generate sends narrowed contract and stream meta shape through package
     .filter(Boolean)
     .map((raw) => JSON.parse(raw) as ProtocolLine);
   assert.deepEqual(agentLines.slice(0, 6).map((line) => `${line.op} ${line.path}`), [
-    'meta /mode-upgraded',
-    'meta /agent-intent',
+    'meta /agent-goal',
     'meta /agent-policy-resolution',
     'meta /surface-policy',
     'meta /surface-plan',
     'meta /surface-contract',
+    'meta /status',
   ]);
-  const agentIntent = agentLines[1] as Extract<ProtocolLine, { op: 'meta' }>;
-  assert.equal((agentIntent.value as { interaction?: unknown }).interaction, 'search');
-  const agentResolution = agentLines[2] as Extract<ProtocolLine, { op: 'meta' }>;
-  assert.equal((agentResolution.value as { intentSource?: unknown }).intentSource, 'deterministic');
-  const agentPolicy = agentLines[3] as Extract<ProtocolLine, { op: 'meta' }>;
+  assert.equal(agentLines.some((line) => line.path === '/mode-upgraded'), false);
+  const agentGoal = agentLines[0] as Extract<ProtocolLine, { op: 'meta' }>;
+  assert.equal((agentGoal.value as { interaction?: unknown }).interaction, 'search');
+  const agentResolution = agentLines[1] as Extract<ProtocolLine, { op: 'meta' }>;
+  assert.equal((agentResolution.value as { goalSource?: unknown }).goalSource, 'deterministic');
+  const agentPolicy = agentLines[2] as Extract<ProtocolLine, { op: 'meta' }>;
   assert.deepEqual(agentPolicy.value, {
     tier: 'declarative',
     purpose: 'explore',
@@ -310,79 +311,34 @@ test('api generate sends narrowed contract and stream meta shape through package
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build a dinner finder in blocks',
-      mode: 'interactive',
-      capabilities: searchCapability,
-      surfacePlan,
-      surfaceCeiling,
-      scriptPolicy: 'forbid',
+      tools: searchTools,
       fragmentMode: 'block-v0',
     }),
   });
   const blockBody = await blockResponse.text();
-  assert.equal(blockResponse.status, 200, blockBody);
-
-  assert.equal(anthropicRequests.length, 4);
-  const blockRequest = anthropicRequests[3] as { system?: Array<{ text?: string }>; stream?: boolean };
-  assert.equal(blockRequest.stream, true);
-  const blockSystemText = blockRequest.system?.map((block) => block.text ?? '').join('\n') ?? '';
-  assert.match(blockSystemText, /Experimental block fragments/);
-  assert.match(blockSystemText, /add \/section\/<section-id>\/block\/<block-id>/);
-
-  const blockLines = blockBody
-    .trim()
-    .split(/\n/)
-    .filter(Boolean)
-    .map((raw) => JSON.parse(raw) as ProtocolLine);
-  assert.equal(blockLines.some((line) => line.path === '/experimental-fragments'), true);
-  assert.equal(blockLines.some((line) => line.path === '/section/hero'), true);
-  assert.equal(blockLines.some((line) => line.path === '/section/hero/block/headline'), true);
-  const blockSummary = blockLines.find((line) => line.path === '/stream-graph-summary') as
-    | Extract<ProtocolLine, { op: 'meta' }>
-    | undefined;
-  assert.match(JSON.stringify(blockSummary?.value), /declaredBlockCount/);
+  assert.equal(blockResponse.status, 400);
+  assert.match(blockBody, /fragmentMode is not supported/);
+  assert.equal(anthropicRequests.length, 3);
 
   const nodeResponse = await fetch(`http://127.0.0.1:${appPort}/api/generate`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build a dinner finder in html nodes',
-      mode: 'interactive',
-      capabilities: searchCapability,
-      surfacePlan,
-      surfaceCeiling,
-      scriptPolicy: 'forbid',
+      tools: searchTools,
       fragmentMode: 'html-node-v0',
     }),
   });
   const nodeBody = await nodeResponse.text();
-  assert.equal(nodeResponse.status, 200, nodeBody);
-
-  assert.equal(anthropicRequests.length, 5);
-  const nodeRequest = anthropicRequests[4] as { system?: Array<{ text?: string }>; stream?: boolean };
-  assert.equal(nodeRequest.stream, true);
-  const nodeSystemText = nodeRequest.system?.map((block) => block.text ?? '').join('\n') ?? '';
-  assert.match(nodeSystemText, /Experimental HTML node patches/);
-  assert.match(nodeSystemText, /add \/section\/<section-id>\/node\/<node-id>/);
-
-  const nodeLines = nodeBody
-    .trim()
-    .split(/\n/)
-    .filter(Boolean)
-    .map((raw) => JSON.parse(raw) as ProtocolLine);
-  assert.equal(nodeLines.some((line) => line.path === '/experimental-fragments'), true);
-  assert.equal(nodeLines.some((line) => line.path === '/section/hero/node/root'), true);
-  assert.equal(nodeLines.some((line) => line.path === '/section/hero/node/headline'), true);
-  const nodeSummary = nodeLines.find((line) => line.path === '/stream-graph-summary') as
-    | Extract<ProtocolLine, { op: 'meta' }>
-    | undefined;
-  assert.match(JSON.stringify(nodeSummary?.value), /presentNodeCount/);
+  assert.equal(nodeResponse.status, 400);
+  assert.match(nodeBody, /fragmentMode is not supported/);
+  assert.equal(anthropicRequests.length, 3);
 
   const ghostResponse = await fetch(`http://127.0.0.1:${appPort}/api/generate`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build checkout status',
-      mode: 'static',
       ghost: {
         source: 'resolved-context',
         id: 'checkout',
@@ -395,7 +351,7 @@ test('api generate sends narrowed contract and stream meta shape through package
   const ghostBody = await ghostResponse.text();
   assert.equal(ghostResponse.status, 400);
   assert.match(ghostBody, /resolved-context is no longer supported/);
-  assert.equal(anthropicRequests.length, 5);
+  assert.equal(anthropicRequests.length, 3);
 
   const ghostOverrideResponse = await fetch(`http://127.0.0.1:${appPort}/api/generate`, {
     method: 'POST',
@@ -412,7 +368,7 @@ test('api generate sends narrowed contract and stream meta shape through package
   const ghostOverrideBody = await ghostOverrideResponse.text();
   assert.equal(ghostOverrideResponse.status, 400);
   assert.match(ghostOverrideBody, /resolved-context is no longer supported/);
-  assert.equal(anthropicRequests.length, 5);
+  assert.equal(anthropicRequests.length, 3);
 });
 
 test('api generate emits Ghost fingerprint context for root contexts', async (t) => {
@@ -458,7 +414,7 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
         index: 0,
         delta: {
           type: 'text_delta',
-          text: '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n{"op":"add","path":"/section/hero","html":"<section><h1>Checkout queue</h1></section>"}\n',
+          text: arrowText('<section><h1>Checkout queue</h1></section>'),
         },
       }),
       sse('content_block_stop', { type: 'content_block_stop', index: 0 }),
@@ -489,7 +445,7 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
       GEMINI_API_KEY: '',
       GOOGLE_API_KEY: '',
       SUMMON_GHOST_ROOTS: `checkout=${root}`,
-      SUMMON_AGENT_INTENT_MODEL: '0',
+      SUMMON_AGENT_GOAL_MODEL: '0',
       SUMMON_INFER_SHAPE: '0',
     },
     stdio: ['ignore', 'pipe', 'pipe'],
@@ -505,7 +461,6 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build checkout queue status',
-      mode: 'static',
       ghost: {
         rootId: 'checkout',
         targetPath: '.',
@@ -534,7 +489,7 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
   assert.deepEqual(lines.slice(0, 8).map((line) => `${line.op} ${line.path}`), [
     'meta /ghost-context',
     'meta /ghost-token-source',
-    'meta /agent-intent',
+    'meta /agent-goal',
     'meta /agent-policy-resolution',
     'meta /surface-policy',
     'meta /surface-plan',
@@ -542,7 +497,7 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
     'meta /status',
   ]);
   const ghostAgentResolution = lines[3] as Extract<ProtocolLine, { op: 'meta' }>;
-  assert.equal((ghostAgentResolution.value as { intentSource?: unknown }).intentSource, 'deterministic');
+  assert.equal((ghostAgentResolution.value as { goalSource?: unknown }).goalSource, 'deterministic');
 
   const ghostContext = lines.find((line) => line.path === '/ghost-context') as Extract<ProtocolLine, { op: 'meta' }>;
   const contextMeta = ghostContext.value as {
@@ -560,23 +515,22 @@ test('api generate emits Ghost fingerprint context for root contexts', async (t)
   const reviewPacket = ghostReviewPacket.value as {
     source?: unknown;
     fingerprintProvenance?: { merge?: unknown; layers?: unknown };
-    sections?: Array<{ id?: unknown; html?: unknown }>;
+    artifactRuntime?: unknown;
+    artifactFiles?: unknown;
   };
   assert.equal(reviewPacket.source, 'root');
   assert.equal(reviewPacket.fingerprintProvenance?.merge, 'child-wins-by-id');
   assert.deepEqual(reviewPacket.fingerprintProvenance?.layers, [
     { relativeRoot: '.', memoryDir: '.ghost', dir: '.ghost' },
   ]);
-  assert.deepEqual(reviewPacket.sections, [
-    { id: 'hero', html: '<section><h1>Checkout queue</h1></section>' },
-  ]);
+  assert.equal(reviewPacket.artifactRuntime, 'arrow');
+  assert.deepEqual(reviewPacket.artifactFiles, ['main.ts']);
 
   const overrideResponse = await fetch(`http://127.0.0.1:${appPort}/api/generate`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
     body: JSON.stringify({
       prompt: 'build checkout queue status',
-      mode: 'static',
       ghost: {
         rootId: 'checkout',
         targetPath: '.',
@@ -643,7 +597,7 @@ test('api generate forwards Anthropic model overrides and speed options', async
         index: 0,
         delta: {
           type: 'text_delta',
-          text: '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n{"op":"add","path":"/section/hero","html":"<section><h1>Fast model</h1></section>"}\n',
+          text: arrowText('<section><h1>Fast model</h1></section>'),
         },
       }),
       sse('content_block_stop', { type: 'content_block_stop', index: 0 }),
@@ -673,7 +627,7 @@ test('api generate forwards Anthropic model overrides and speed options', async
       OPENAI_API_KEY: '',
       GEMINI_API_KEY: '',
       GOOGLE_API_KEY: '',
-      SUMMON_AGENT_INTENT_MODEL: '0',
+      SUMMON_AGENT_GOAL_MODEL: '0',
     },
     stdio: ['ignore', 'pipe', 'pipe'],
   });
@@ -693,23 +647,12 @@ test('api generate forwards Anthropic model overrides and speed options', async
       utilityModel: 'claude-haiku-4-5',
       modelOptions: {
         maxOutputTokens: 12000,
-        repairMaxOutputTokens: 4000,
-        anthropicThinking: 'off',
+        anthropicThinking: 'adaptive',
         effort: 'low',
       },
-      mode: 'static',
-      surfacePlan: {
+      surfacePolicy: {
+        tier: 'static',
         purpose: 'inform',
-        runtime: 'static',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      surfaceCeiling: {
-        runtimes: ['static'],
-        data: ['embedded'],
-        authorities: ['none'],
-        persistences: ['replayable'],
       },
     }),
   });
@@ -732,7 +675,7 @@ test('api generate forwards Anthropic model overrides and speed options', async
   assert.equal(streamRequest.model, 'claude-haiku-4-5');
   assert.equal(streamRequest.max_tokens, 12000);
   assert.equal(streamRequest.thinking, undefined);
-  assert.equal(streamRequest.output_config?.effort, 'low');
+  assert.equal(streamRequest.output_config, undefined);
   assert.equal(streamRequest.stream, true);
 
   const invalidResponse = await fetch(`http://127.0.0.1:${appPort}/api/generate`, {
@@ -765,11 +708,7 @@ test('api generate can stream with OpenAI provider', async (t) => {
     res.end([
       sse('response.output_text.delta', {
         type: 'response.output_text.delta',
-        delta: '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-      }),
-      sse('response.output_text.delta', {
-        type: 'response.output_text.delta',
-        delta: '{"op":"add","path":"/section/hero","html":"<section><h1>OpenAI surface</h1></section>"}\n',
+        delta: arrowText('<section><h1>OpenAI surface</h1></section>'),
       }),
       sse('response.completed', {
         type: 'response.completed',
@@ -797,7 +736,7 @@ test('api generate can stream with OpenAI provider', async (t) => {
       OPENAI_BASE_URL: `http://127.0.0.1:${openAIPort}/v1`,
       GEMINI_API_KEY: '',
       GOOGLE_API_KEY: '',
-      SUMMON_AGENT_INTENT_MODEL: '0',
+      SUMMON_AGENT_GOAL_MODEL: '0',
       SUMMON_INFER_SHAPE: '0',
     },
     stdio: ['ignore', 'pipe', 'pipe'],
@@ -832,19 +771,9 @@ test('api generate can stream with OpenAI provider', async (t) => {
       generationModel: 'gpt-5.4-mini',
       utilityModel: 'gpt-5.4-nano',
       modelOptions: { maxOutputTokens: 12000 },
-      mode: 'static',
-      surfacePlan: {
+      surfacePolicy: {
+        tier: 'static',
         purpose: 'inform',
-        runtime: 'static',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      surfaceCeiling: {
-        runtimes: ['static'],
-        data: ['embedded'],
-        authorities: ['none'],
-        persistences: ['replayable'],
       },
     }),
   });
@@ -863,13 +792,14 @@ test('api generate can stream with OpenAI provider', async (t) => {
     .split(/\n/)
     .filter(Boolean)
     .map((raw) => JSON.parse(raw) as ProtocolLine);
-  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
+  assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
+    'meta /surface-policy',
     'meta /surface-plan',
+    'meta /surface-contract',
     'meta /status',
-    'set /screen',
-    'add /section/hero',
+    'artifact /artifact',
   ]);
-  assert.equal((lines[1] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
+  assert.equal((lines[3] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
   assert.equal(lines.some((line) => line.path === '/error'), false);
 });
 
@@ -895,16 +825,7 @@ test('api generate can stream with Gemini provider', async (t) => {
         candidates: [{
           content: {
             parts: [{
-              text: '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-            }],
-          },
-        }],
-      }),
-      sse('message', {
-        candidates: [{
-          content: {
-            parts: [{
-              text: '{"op":"add","path":"/section/hero","html":"<section><h1>Gemini surface</h1></section>"}\n',
+              text: arrowText('<section><h1>Gemini surface</h1></section>'),
             }],
           },
         }],
@@ -934,7 +855,7 @@ test('api generate can stream with Gemini provider', async (t) => {
       GEMINI_API_KEY: 'test-gemini-key',
       GOOGLE_API_KEY: '',
       GEMINI_BASE_URL: `http://127.0.0.1:${geminiPort}`,
-      SUMMON_AGENT_INTENT_MODEL: '0',
+      SUMMON_AGENT_GOAL_MODEL: '0',
       SUMMON_INFER_SHAPE: '0',
     },
     stdio: ['ignore', 'pipe', 'pipe'],
@@ -954,19 +875,9 @@ test('api generate can stream with Gemini provider', async (t) => {
       generationModel: 'gemini-3.5-flash',
       utilityModel: 'gemini-3.1-flash-lite',
       modelOptions: { maxOutputTokens: 12000 },
-      mode: 'static',
-      surfacePlan: {
+      surfacePolicy: {
+        tier: 'static',
         purpose: 'inform',
-        runtime: 'static',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      surfaceCeiling: {
-        runtimes: ['static'],
-        data: ['embedded'],
-        authorities: ['none'],
-        persistences: ['replayable'],
       },
     }),
   });
@@ -986,13 +897,14 @@ test('api generate can stream with Gemini provider', async (t) => {
     .split(/\n/)
     .filter(Boolean)
     .map((raw) => JSON.parse(raw) as ProtocolLine);
-  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
+  assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
+    'meta /surface-policy',
     'meta /surface-plan',
+    'meta /surface-contract',
     'meta /status',
-    'set /screen',
-    'add /section/hero',
+    'artifact /artifact',
   ]);
-  assert.equal((lines[1] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
+  assert.equal((lines[3] as Extract<ProtocolLine, { op: 'meta' }>).value, 'writing');
   assert.equal(lines.some((line) => line.path === '/error'), false);
 });
 
diff --git a/apps/server/src/ghost-adapter.test.ts b/apps/server/src/ghost-adapter.test.ts
index 79f795f..cb2f118 100644
--- a/apps/server/src/ghost-adapter.test.ts
+++ b/apps/server/src/ghost-adapter.test.ts
@@ -78,7 +78,7 @@ describe('Ghost adapter', () => {
     });
   });
 
-  it('resolves Ghost relay context into prompt intent and valid token CSS', async () => {
+  it('resolves Ghost relay context into prompt context and valid token CSS', async () => {
     const root = await makeGhostFixture({ tokenCss: await readDefaultTokensCss() });
     const roots = parseGhostRoots(`checkout=${root}`);
     const parsed = parseGhostRequest({ rootId: 'checkout' }, roots);
@@ -107,7 +107,8 @@ describe('Ghost adapter', () => {
     assert.match(ctx.prompt, /Status surfaces must foreground current state/);
     assert.match(ctx.prompt, /Surfaces are compact/);
     assert.match(ctx.prompt, /exacting workflows/);
-    assert.match(ctx.prompt, /fingerprint\/memory\/intent\.md/);
+    assert.match(ctx.prompt, /Suggested Reads/);
+    assert.match(ctx.prompt, /fingerprint\/prose\.yml/);
   });
 
   it('appends a Summon surface brief without recompiling the fingerprint', async () => {
@@ -123,7 +124,7 @@ describe('Ghost adapter', () => {
       mode: 'static',
       surfacePlan: {
         purpose: 'inform',
-        runtime: 'static',
+        runtime: 'arrow',
         data: 'embedded',
         authority: 'none',
         persistence: 'replayable',
@@ -134,8 +135,8 @@ describe('Ghost adapter', () => {
     assert.equal(prepared.source, 'root');
     assert.match(prepared.prompt, /# Ghost Relay Brief/);
     assert.match(prepared.prompt, /## Summon Surface Brief/);
-    assert.match(prepared.prompt, /Surface plan: purpose=inform; runtime=static; data=embedded; authority=none; persistence=replayable/);
-    assert.match(prepared.prompt, /The agent broker controls host authority and capabilities/);
+    assert.match(prepared.prompt, /Surface plan: purpose=inform; runtime=arrow; data=embedded; authority=none; persistence=replayable/);
+    assert.match(prepared.prompt, /The agent broker controls host authority and tools/);
     assert.match(prepared.prompt, /Compose from the fingerprint prose, inventory, and composition layers/);
     assert.match(prepared.prompt, /Preserve quiet density/);
   });
@@ -175,7 +176,7 @@ describe('Ghost adapter', () => {
     assert.ok(ctx.tokenSource.warnings.some((warning) => warning.includes('using the fallback Summon direction tokens')));
   });
 
-  it('builds review packet metadata from relay context and accepted protocol lines', async () => {
+  it('builds review packet metadata from relay context and accepted Arrow artifacts', async () => {
     const root = await makeGhostFixture();
     const roots = parseGhostRoots(`checkout=${root}`);
     const parsed = parseGhostRequest({ rootId: 'checkout' }, roots);
@@ -190,9 +191,17 @@ describe('Ghost adapter', () => {
       prompt: 'show the state of the queue',
       validation: { blocked: 0, warnings: 1, codes: { 'unknown-token': 1 } },
       acceptedLines: [
-        { op: 'set', path: '/screen', value: { sections: ['header', 'content'] } },
-        { op: 'add', path: '/section/header', html: '<h1>Queue</h1>' },
-        { op: 'add', path: '/section/content', html: '<p>12 pending</p>' },
+        {
+          op: 'artifact',
+          path: '/artifact',
+          value: {
+            runtime: 'arrow',
+            source: {
+              'main.ts': 'export default html`<h1>Queue</h1>`',
+              'main.css': 'h1 { color: var(--color-text); }',
+            },
+          },
+        },
       ],
     });
 
@@ -207,11 +216,8 @@ describe('Ghost adapter', () => {
       packet.fingerprintProvenance.layers.map(({ relativeRoot, memoryDir, dir }) => ({ relativeRoot, memoryDir, dir })),
       [{ relativeRoot: '.', memoryDir: '.ghost', dir: '.ghost' }],
     );
-    assert.deepEqual(packet.declaredSections, ['header', 'content']);
-    assert.deepEqual(packet.sections, [
-      { id: 'header', html: '<h1>Queue</h1>' },
-      { id: 'content', html: '<p>12 pending</p>' },
-    ]);
+    assert.equal(packet.artifactRuntime, 'arrow');
+    assert.deepEqual(packet.artifactFiles, ['main.css', 'main.ts']);
     assert.equal(packet.tokenSource.kind, 'summon-default');
     assert.equal('css' in packet.tokenSource, false);
   });
@@ -336,10 +342,10 @@ checks:
 `,
   );
   await writeFile(
-    join(root, '.ghost', 'fingerprint', 'memory', 'intent.md'),
-    `# Intent
+    join(root, '.ghost', 'fingerprint', 'memory', 'tool.md'),
+    `# Tool
 
-Human-approved test intent keeps generated surfaces grounded.
+Human-approved test tool keeps generated surfaces grounded.
 `,
   );
   await writeFile(
diff --git a/apps/server/src/ghost-adapter.ts b/apps/server/src/ghost-adapter.ts
index 69b7177..e175741 100644
--- a/apps/server/src/ghost-adapter.ts
+++ b/apps/server/src/ghost-adapter.ts
@@ -1,6 +1,6 @@
 import {
   compileTokenContract,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
   type ProtocolLine,
   type SurfacePlan,
@@ -89,7 +89,7 @@ export interface GhostSurfacePromptOptions {
   mode: 'static' | 'interactive';
   surfacePlan: SurfacePlan;
   shape?: string | null;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
 }
 
@@ -123,8 +123,8 @@ export interface GhostReviewPacket {
     warnings: number;
     codes: Record<string, number>;
   };
-  declaredSections: string[];
-  sections: Array<{ id: string; html: string }>;
+  artifactRuntime: 'arrow' | null;
+  artifactFiles: string[];
 }
 
 export type ParseGhostRequestResult =
@@ -319,12 +319,7 @@ export function buildGhostReviewPacket(input: {
   acceptedLines: ProtocolLine[];
   prompt: string;
 }): GhostReviewPacket {
-  const declaredSections = declaredSectionsFromLines(input.acceptedLines);
-  const sectionsById = new Map<string, string>();
-  for (const line of input.acceptedLines) {
-    if (line.op !== 'add' || !line.path.startsWith('/section/')) continue;
-    sectionsById.set(line.path.slice('/section/'.length), line.html ?? '');
-  }
+  const artifactFiles = artifactFilesFromLines(input.acceptedLines);
   return {
     schema: 'summon.ghost-fingerprint-generation/v1',
     source: input.context.source,
@@ -346,8 +341,8 @@ export function buildGhostReviewPacket(input: {
     mode: input.mode,
     layoutId: input.layoutId,
     validation: input.validation,
-    declaredSections,
-    sections: [...sectionsById.entries()].map(([id, html]) => ({ id, html })),
+    artifactRuntime: artifactFiles.length > 0 ? 'arrow' : null,
+    artifactFiles,
   };
 }
 
@@ -355,7 +350,7 @@ function buildSummonFingerprintSurfaceBrief(
   context: ResolvedGhostSteer,
   options: GhostSurfacePromptOptions,
 ): string {
-  const capabilityNames = options.capabilities?.intents.map((intent) => intent.name) ?? [];
+  const toolNames = options.tools?.tools.map((tool) => tool.name) ?? [];
   const componentNames = options.components?.components.map((component) => component.name) ?? [];
   const details = [
     `Product: ${context.product}`,
@@ -364,7 +359,7 @@ function buildSummonFingerprintSurfaceBrief(
     `Surface plan: purpose=${options.surfacePlan.purpose}; runtime=${options.surfacePlan.runtime}; data=${options.surfacePlan.data}; authority=${options.surfacePlan.authority}; persistence=${options.surfacePlan.persistence}`,
     `Mode: ${options.mode}`,
     options.shape ? `Response shape hint: ${options.shape}` : null,
-    capabilityNames.length > 0 ? `Granted host capabilities: ${capabilityNames.join(', ')}` : 'Granted host capabilities: none',
+    toolNames.length > 0 ? `Granted host tools: ${toolNames.join(', ')}` : 'Granted host tools: none',
     componentNames.length > 0 ? `Granted host components: ${componentNames.join(', ')}` : null,
   ].filter((line): line is string => Boolean(line));
 
@@ -377,9 +372,9 @@ function buildSummonFingerprintSurfaceBrief(
     '',
     'Generation rules:',
     '',
-    '- Compose from the fingerprint prose, inventory, and composition layers. Prose states intent; inventory supplies material and evidence; composition supplies reusable surface patterns.',
-    '- Do not imitate Ghost UI as a visual style. Use inventory examples only when they support the selected intent and composition pattern.',
-    '- The agent broker controls host authority and capabilities. The fingerprint controls product direction, hierarchy, tone, and composition expectations.',
+    '- Compose from the fingerprint prose, inventory, and composition layers. Prose states tool; inventory supplies material and evidence; composition supplies reusable surface patterns.',
+    '- Do not imitate Ghost UI as a visual style. Use inventory examples only when they support the selected tool and composition pattern.',
+    '- The agent broker controls host authority and tools. The fingerprint controls product direction, hierarchy, tone, and composition expectations.',
     '- Treat checks as validation constraints, not as content to render.',
   ].join('\n');
 }
@@ -576,13 +571,15 @@ function normalizeTargetPath(raw: unknown):
   return { ok: true, path: segments.join('/') };
 }
 
-function declaredSectionsFromLines(lines: ProtocolLine[]): string[] {
+function artifactFilesFromLines(lines: ProtocolLine[]): string[] {
   for (let index = lines.length - 1; index >= 0; index--) {
     const line = lines[index];
-    if (line?.op !== 'set' || line.path !== '/screen') continue;
-    const value = line.value as { sections?: unknown } | undefined;
-    if (!value || !Array.isArray(value.sections)) continue;
-    return value.sections.filter((section): section is string => typeof section === 'string');
+    if (line?.op !== 'artifact') continue;
+    const value = line.value as { runtime?: unknown; source?: unknown } | undefined;
+    if (value?.runtime !== 'arrow' || !value.source || typeof value.source !== 'object' || Array.isArray(value.source)) {
+      continue;
+    }
+    return Object.keys(value.source).sort();
   }
   return [];
 }
diff --git a/apps/server/src/infer-shape.ts b/apps/server/src/infer-shape.ts
index cd3b1fd..5e0ab81 100644
--- a/apps/server/src/infer-shape.ts
+++ b/apps/server/src/infer-shape.ts
@@ -28,7 +28,7 @@ export async function inferShape(
   prompt: string,
   timeoutMs = 1500
 ): Promise<ResponseShape | null> {
-  const systemText = `Classify a generative-UI prompt into the response shape that best fits the user's intent.
+  const systemText = `Classify a generative-UI prompt into the response shape that best fits the user's tool.
 
 Shapes:
 - article — long-form explainer, walkthrough, plan/itinerary, reflection, memo, guide, or readable summary.
diff --git a/apps/server/src/main.ts b/apps/server/src/main.ts
index e57ca3d..3bbf967 100644
--- a/apps/server/src/main.ts
+++ b/apps/server/src/main.ts
@@ -3,21 +3,17 @@ import cors from 'cors';
 import {
   compileSurfacePolicy,
   parseTokenValues,
-  type CapabilityPack,
+  type ToolPack,
   type ProtocolLine,
-  type ScriptPolicy,
   type SummonLayout,
   type SurfacePlan,
   type TokenOverride,
 } from '@anarchitecture/summon/engine';
 import {
   planAgentSurface,
-  resolveSurfaceGenerationPlan,
   runSurfaceGeneration,
   summarizeContractIssues,
   type AgentSurfacePlanResult,
-  type GenerateEditInput,
-  type RepairOptions as SurfaceRepairOptions,
   type SurfaceGenerationSummary,
 } from '@anarchitecture/summon-server';
 import { readFileSync } from 'node:fs';
@@ -41,7 +37,7 @@ import {
   type ResolvedGhostSteer,
 } from './ghost-adapter.js';
 import { inferShape, type ResponseShape } from './infer-shape.js';
-import { parseCapabilityPack } from './capability-pack.js';
+import { parseToolPack } from './tool-pack.js';
 import { parseComponentPack } from './component-pack.js';
 import {
   createModelProviderRegistry,
@@ -70,38 +66,6 @@ const ALLOWED_ORIGIN = process.env.ALLOWED_ORIGIN || 'http://localhost:5173';
 const modelProviders = createModelProviderRegistry(process.env);
 const defaultModelProvider = modelProviders.defaultProvider;
 
-const EXPERIMENTAL_BLOCK_FRAGMENT_PROMPT = `## Experimental block fragments
-
-This run is using Summon's experimental block-fragment protocol. Keep sections as the outer structure, but stream complete blocks inside each section.
-
-Rules:
-
-- Emit \`set /screen\` first with the stable section ids.
-- For each section, emit \`set /section/<section-id>\` with \`{"blocks":["block-id"]}\` before adding blocks.
-- Emit complete block replacement lines at \`add /section/<section-id>/block/<block-id>\`.
-- Use lowercase kebab-case ids. Each section may declare 1 to 8 blocks.
-- Treat every block as a complete subtree. Do not split a form, table, data resource scope, component placeholder, script lifecycle, or closely coupled control group across blocks.
-- For perceived streaming, emit cheap block placeholders first, then final replacement \`add\` lines for the same block ids.
-- Do not emit whole-section \`add /section/<section-id>\` lines unless you cannot satisfy the block contract.`;
-
-const EXPERIMENTAL_HTML_NODE_PROMPT = `## Experimental HTML node patches
-
-This run is using Summon's experimental html-node-v0 protocol. Keep sections as the outer structure, but stream small complete raw-HTML DOM nodes inside each section.
-
-Rules:
-
-- Emit \`set /screen\` first with stable section ids.
-- Then emit \`add /section/<section-id>/node/<node-id>\` lines. Each node line must include one complete raw HTML element with \`data-summon-node="<node-id>"\` on that root element.
-- Use lowercase kebab-case ids for sections and nodes.
-- Omit \`parent\` to append a node directly under the section wrapper. Set \`parent\` to an earlier node id to append inside that parent node.
-- Emit a root composition container first, then useful child nodes such as headers, table sections, rows, list items, timeline steps, action groups, chart shells, callouts, notes, and metric blocks when appropriate.
-- Emit useful shells early. When a purposeful container, list, table, timeline, or chart shell will receive child node patches, include a child slot inside it, such as \`<div data-summon-node-children></div>\`, and set those child lines' \`parent\` to that shell's node id.
-- Shell slots may include 1-3 direct lightweight placeholders with \`data-summon-skeleton\`; later real child node patches will replace those placeholders automatically.
-- Do not orphan content that belongs inside a declared parent container. Choose parent containers because the layout needs them, not as decoration.
-- Each node patch should usually be 500-2000 bytes and visually meaningful immediately. Prefer many small useful patches over one large section.
-- Do not put \`data-summon-node\` on nested elements inside a node patch. Child nodes must arrive as their own later protocol lines.
-- Do not emit scripts, inline event handlers, external URLs, or whole-section \`add /section/<section-id>\` lines unless you cannot satisfy the node-patch contract.`;
-
 if (!defaultModelProvider) {
   console.error(
     '[summon-server] no model provider is configured. Copy apps/server/.env.example to .env and set ANTHROPIC_API_KEY, OPENAI_API_KEY, or GEMINI_API_KEY.'
@@ -241,85 +205,6 @@ function parseSummonLayout(raw: unknown): { layout: SummonLayout | null; error?:
   return { layout: { id: obj.id, slots } };
 }
 
-type GenerateEditRequest = GenerateEditInput;
-
-interface ParsedRepairOptions {
-  enabled: boolean;
-  maxAttempts: number;
-  maxTargets: number;
-}
-
-function parseEditRequest(raw: unknown): { edit: GenerateEditRequest | null; error?: string } {
-  if (raw === undefined || raw === null) return { edit: null };
-  if (!raw || typeof raw !== 'object') {
-    return { edit: null, error: 'edit must be an object' };
-  }
-  const obj = raw as Record<string, unknown>;
-  const rawSections = obj.sections;
-  if (!Array.isArray(rawSections) || rawSections.length < 1 || rawSections.length > 5) {
-    return { edit: null, error: 'edit.sections must contain 1-5 section snapshots' };
-  }
-
-  const sections: GenerateEditRequest['sections'] = [];
-  const seen = new Set<string>();
-  let totalHtmlBytes = 0;
-  for (const rawSection of rawSections) {
-    if (!rawSection || typeof rawSection !== 'object') {
-      return { edit: null, error: 'each edit section must be an object' };
-    }
-    const section = rawSection as Record<string, unknown>;
-    if (typeof section.id !== 'string' || !SECTION_ID_RE.test(section.id)) {
-      return { edit: null, error: 'edit section ids must be lowercase kebab-case and 1-20 chars' };
-    }
-    if (seen.has(section.id)) {
-      return { edit: null, error: `duplicate edit section "${section.id}"` };
-    }
-    if (typeof section.html !== 'string') {
-      return { edit: null, error: `edit section "${section.id}" html must be a string` };
-    }
-    totalHtmlBytes += section.html.length;
-    if (section.html.length > 80000 || totalHtmlBytes > 240000) {
-      return { edit: null, error: 'edit section snapshots are too large' };
-    }
-    seen.add(section.id);
-    sections.push({ id: section.id, html: section.html });
-  }
-
-  let targetSections: string[] | undefined;
-  if (obj.targetSections !== undefined) {
-    if (!Array.isArray(obj.targetSections) || obj.targetSections.length < 1 || obj.targetSections.length > 5) {
-      return { edit: null, error: 'edit.targetSections must contain 1-5 section ids' };
-    }
-    targetSections = [];
-    const targetSeen = new Set<string>();
-    for (const rawTarget of obj.targetSections) {
-      if (typeof rawTarget !== 'string' || !SECTION_ID_RE.test(rawTarget)) {
-        return { edit: null, error: 'edit.targetSections contains an invalid section id' };
-      }
-      if (targetSeen.has(rawTarget)) continue;
-      targetSeen.add(rawTarget);
-      targetSections.push(rawTarget);
-    }
-  }
-
-  const baseRevision = Number.isInteger(obj.baseRevision)
-    ? Number(obj.baseRevision)
-    : null;
-  const issues = Array.isArray(obj.issues) ? obj.issues.slice(0, 20) : undefined;
-  return { edit: { baseRevision, sections, targetSections, issues } };
-}
-
-function parseRepairOptions(raw: unknown): ParsedRepairOptions {
-  if (!raw || typeof raw !== 'object') {
-    return { enabled: false, maxAttempts: 1, maxTargets: 2 };
-  }
-  const obj = raw as Record<string, unknown>;
-  const enabled = obj.enabled === true;
-  const maxAttempts = clampInt(obj.maxAttempts, 1, 3, 1);
-  const maxTargets = clampInt(obj.maxTargets, 1, 5, 2);
-  return { enabled, maxAttempts, maxTargets };
-}
-
 function clampInt(value: unknown, min: number, max: number, fallback: number): number {
   if (typeof value !== 'number' || !Number.isFinite(value)) return fallback;
   return Math.max(min, Math.min(max, Math.floor(value)));
@@ -471,19 +356,20 @@ app.post('/api/generate', async (req, res) => {
     return;
   }
   const layout = parsedLayout.layout;
-  const parsedEdit = parseEditRequest(req.body?.edit);
-  if (parsedEdit.error) {
-    res.status(400).json({ error: parsedEdit.error });
+  const legacyGenerationFields = [
+    'edit',
+    'fragmentMode',
+    'repair',
+    'mode',
+    'scriptPolicy',
+    'surfacePlan',
+    'surfaceCeiling',
+  ];
+  const legacyField = legacyGenerationFields.find((field) => req.body?.[field] !== undefined && req.body?.[field] !== null);
+  if (legacyField) {
+    res.status(400).json({ error: `${legacyField} is not supported in Arrow-only policy mode` });
     return;
   }
-  const edit = parsedEdit.edit;
-  const fragmentMode =
-    req.body?.fragmentMode === 'block-v0'
-      ? 'block-v0'
-      : req.body?.fragmentMode === 'html-node-v0'
-        ? 'html-node-v0'
-        : 'section';
-  const repairOptions = parseRepairOptions(req.body?.repair);
   const rawAgentOptions = req.body?.agent;
   const agentOptions = rawAgentOptions && typeof rawAgentOptions === 'object'
     ? rawAgentOptions as Record<string, unknown>
@@ -491,18 +377,11 @@ app.post('/api/generate', async (req, res) => {
 
   const hasSurfacePolicy =
     req.body?.surfacePolicy !== undefined && req.body.surfacePolicy !== null;
-  const hasSurfacePlan =
-    req.body?.surfacePlan !== undefined && req.body.surfacePlan !== null;
-  const requestedMode: 'static' | 'interactive' =
-    req.body?.mode === 'interactive' ? 'interactive' : 'static';
-  let scriptPolicy: ScriptPolicy | undefined =
-    req.body?.scriptPolicy === 'allow' ? 'allow' : req.body?.scriptPolicy === 'forbid' ? 'forbid' : undefined;
-  const capabilityCeiling = parseCapabilityPack(req.body?.capabilities);
+  const toolCeiling = parseToolPack(req.body?.tools);
   const componentPack = parseComponentPack(req.body?.components);
 
-  let mode: 'static' | 'interactive' = requestedMode;
-  let pack: CapabilityPack | null = null;
-  let modeUpgraded = false;
+  let mode: 'static' | 'interactive' = 'static';
+  let pack: ToolPack | null = null;
   let surfacePlan: SurfacePlan;
   let agentPlan: AgentSurfacePlanResult | null = null;
 
@@ -521,47 +400,27 @@ app.post('/api/generate', async (req, res) => {
 
   if (hasSurfacePolicy) {
     const compiledPolicy = compileSurfacePolicy(req.body.surfacePolicy, {
-      capabilities: capabilityCeiling,
+      tools: toolCeiling,
       components: componentPack,
     });
     mode = compiledPolicy.mode;
-    scriptPolicy = compiledPolicy.scriptPolicy;
-    pack = compiledPolicy.capabilities;
+    pack = compiledPolicy.tools;
     surfacePlan = compiledPolicy.surfacePlan;
-  } else if (hasSurfacePlan) {
-    pack = requestedMode === 'interactive' ? capabilityCeiling : null;
-    const resolvedSurface = resolveSurfaceGenerationPlan({
-      prompt,
-      mode,
-      scriptPolicy,
-      capabilities: pack,
-      rawSurfacePlan: req.body?.surfacePlan,
-      rawSurfaceCeiling: req.body?.surfaceCeiling,
-    });
-    if (mode !== resolvedSurface.mode) {
-      modeUpgraded = mode === 'static' && resolvedSurface.mode === 'interactive' ? true : modeUpgraded;
-      mode = resolvedSurface.mode;
-      pack = mode === 'interactive' ? pack ?? capabilityCeiling : null;
-    }
-    scriptPolicy = resolvedSurface.scriptPolicy;
-    surfacePlan = resolvedSurface.surfacePlan;
   } else {
     agentPlan = await planAgentSurface({
       prompt,
-      capabilities: capabilityCeiling,
+      tools: toolCeiling,
       components: componentPack,
-      intentModel: process.env.SUMMON_AGENT_INTENT_MODEL === '0' || agentOptions?.intentModel === 'off'
+      goalModel: process.env.SUMMON_AGENT_GOAL_MODEL === '0' || agentOptions?.goalModel === 'off'
         ? null
         : {
             completeText: (request) => modelProvider.completeText(request, modelSelection),
           },
-      intentTimeoutMs: clampInt(agentOptions?.intentTimeoutMs, 250, 5000, 1800),
+      goalTimeoutMs: clampInt(agentOptions?.goalTimeoutMs, 250, 5000, 1800),
     });
     mode = agentPlan.compiledPolicy.mode;
-    scriptPolicy = agentPlan.compiledPolicy.scriptPolicy;
-    pack = agentPlan.compiledPolicy.capabilities;
+    pack = agentPlan.compiledPolicy.tools;
     surfacePlan = agentPlan.compiledPolicy.surfacePlan;
-    modeUpgraded = requestedMode === 'static' && mode === 'interactive';
   }
 
   if (ghostContext) {
@@ -570,15 +429,14 @@ app.post('/api/generate', async (req, res) => {
       mode,
       surfacePlan,
       shape,
-      capabilities: hasSurfacePolicy
-        ? capabilityCeiling
+      tools: hasSurfacePolicy
+        ? toolCeiling
         : agentPlan
-          ? agentPlan.compiledPolicy.capabilities
+          ? agentPlan.compiledPolicy.tools
           : pack,
       components: componentPack,
     });
   }
-
   res.setHeader('Content-Type', 'text/plain; charset=utf-8');
   res.setHeader('Cache-Control', 'no-cache, no-transform');
   res.setHeader('X-Accel-Buffering', 'no');
@@ -597,27 +455,21 @@ app.post('/api/generate', async (req, res) => {
       value: ghostTokenSourceMeta(ghostContext.tokenSource),
     });
   }
-  // Emit the mode-upgrade signal before agent diagnostics. The client respawns
-  // its sandbox into interactive mode in response, so this should land before
-  // any broker or artifact bytes that assume the upgraded mode.
-  if (modeUpgraded) {
-    preludeLines.push({ op: 'meta', path: '/mode-upgraded', value: 'static→interactive' });
-  }
   if (agentPlan) {
     preludeLines.push({
       op: 'meta',
-      path: '/agent-intent',
-      value: agentPlan.intent,
+      path: '/agent-goal',
+      value: agentPlan.goal,
     });
     preludeLines.push({
       op: 'meta',
       path: '/agent-policy-resolution',
       value: {
         source: agentPlan.policyResolution.source,
-        intentSource: agentPlan.intentSource,
+        goalSource: agentPlan.goalSource,
         proposedSurfacePolicy: agentPlan.policyResolution.proposedSurfacePolicy,
         surfacePolicy: agentPlan.policyResolution.surfacePolicy,
-        rejectedCapabilities: agentPlan.policyResolution.rejectedCapabilities,
+        rejectedTools: agentPlan.policyResolution.rejectedTools,
         rejectedComponents: agentPlan.policyResolution.rejectedComponents,
         fallback: agentPlan.policyResolution.fallback,
       },
@@ -629,24 +481,6 @@ app.post('/api/generate', async (req, res) => {
   if (layout) {
     preludeLines.push({ op: 'meta', path: '/layout', value: layout.id });
   }
-  if (fragmentMode !== 'section' && !edit) {
-    preludeLines.push({
-      op: 'meta',
-      path: '/experimental-fragments',
-      value: { mode: fragmentMode },
-    });
-  }
-  if (edit) {
-    preludeLines.push({
-      op: 'meta',
-      path: '/edit',
-      value: {
-        mode: 'section-replace',
-        baseRevision: edit.baseRevision,
-        targetSections: edit.targetSections ?? edit.sections.map((section) => section.id),
-      },
-    });
-  }
   if (overrides.applied.length > 0) {
     // Surface the resolved overrides so the client can paint them into the
     // iframe stylesheet. Rejected entries are surfaced too — a host that
@@ -664,12 +498,8 @@ app.post('/api/generate', async (req, res) => {
   await withConcurrencyCap(async () => {
     try {
       let usage: ProviderUsageSnapshot | null = null;
-      const repair: SurfaceRepairOptions = repairOptions.enabled
-        ? { ...repairOptions, provider: (request) => modelProvider.repairSurfaceSection(request, modelSelection) }
-        : { enabled: false };
       const summary: SurfaceGenerationSummary = await runSurfaceGeneration({
         prompt,
-        mode,
         direction: direction
           ? {
               id: direction.id,
@@ -684,29 +514,15 @@ app.post('/api/generate', async (req, res) => {
         ghost: ghostContext ?? null,
         activeTokensCss: ghostContext?.tokenSource.css ?? null,
         layout,
-        edit,
-        experimentalPromptBlock: fragmentMode !== 'section' && !edit
-          ? {
-              id: `experimental-fragments:${fragmentMode}`,
-              text: fragmentMode === 'html-node-v0'
-                ? EXPERIMENTAL_HTML_NODE_PROMPT
-                : EXPERIMENTAL_BLOCK_FRAGMENT_PROMPT,
-              cache: 'ephemeral',
-            }
-          : null,
-        experimentalFragmentMode: !edit ? fragmentMode : 'section',
-        capabilities: hasSurfacePolicy || agentPlan ? capabilityCeiling : pack,
+        tools: hasSurfacePolicy || agentPlan ? toolCeiling : pack,
         components: componentPack,
         surfacePolicy: hasSurfacePolicy
           ? req.body.surfacePolicy
           : agentPlan
             ? agentPlan.surfacePolicy
             : null,
-        scriptPolicy: hasSurfacePolicy || agentPlan ? undefined : scriptPolicy,
-        surfacePlan: hasSurfacePolicy || agentPlan ? null : surfacePlan,
         tokenOverrides: overrides.applied,
         preludeLines,
-        repair,
         modelProvider: (request) => modelProvider.streamSurfaceGeneration(request, (nextUsage) => {
           usage = nextUsage;
         }, modelSelection),
@@ -735,20 +551,15 @@ app.post('/api/generate', async (req, res) => {
         cache_read_input_tokens: 0,
         cache_creation_input_tokens: 0,
       };
-      const stats = summary.repairStats ?? { queued: 0, cancelled: 0, repaired: 0, failed: 0 };
-      const upgradeTag = modeUpgraded ? ` (upgraded via ${agentPlan ? 'broker' : 'surface plan'})` : '';
       console.log(
-        `[generate] provider=${modelProvider.id}/${modelSelection.generationModel} utility=${modelSelection.utilityModel} dir=${directionId ?? 'none'} ghost=${ghostContext ? ghostLogId(ghostContext) : 'none'} mode=${mode}${upgradeTag}` +
+        `[generate] provider=${modelProvider.id}/${modelSelection.generationModel} utility=${modelSelection.utilityModel} dir=${directionId ?? 'none'} ghost=${ghostContext ? ghostLogId(ghostContext) : 'none'} mode=${mode}` +
           ` shape=${shape ?? 'all'}` +
           ` layout=${layout?.id ?? 'none'}` +
-          ` edit=${edit ? 'yes' : 'no'}` +
           ` surface=${surfacePlan.purpose}/${surfacePlan.runtime}/${surfacePlan.data}/${surfacePlan.authority}/${surfacePlan.persistence}` +
-          ` intents=${pack?.intents.length ?? 0}/${capabilityCeiling?.intents.length ?? 0}` +
+          ` tools=${pack?.tools.length ?? 0}/${toolCeiling?.tools.length ?? 0}` +
           ` components=${componentPack?.components.length ?? 0}` +
-          ` scripts=${scriptPolicy}` +
           ` overrides=${overrides.applied.length}` +
-          ` repair=${repairOptions.enabled ? `${stats.repaired}/${stats.queued}` : 'off'}` +
-          ` options=max:${modelSelection.options.maxOutputTokens}/repair:${modelSelection.options.repairMaxOutputTokens}` +
+          ` options=max:${modelSelection.options.maxOutputTokens}` +
           (modelSelection.options.anthropicThinking ? ` thinking=${modelSelection.options.anthropicThinking}` : '') +
           (modelSelection.options.effort ? ` effort=${modelSelection.options.effort}` : '') +
           (modelSelection.customModel ? ' customModel=yes' : '') +
diff --git a/apps/server/src/model-providers.ts b/apps/server/src/model-providers.ts
index 0337ecd..6a01b5f 100644
--- a/apps/server/src/model-providers.ts
+++ b/apps/server/src/model-providers.ts
@@ -3,7 +3,6 @@ import type { ContractPromptBlock } from '@anarchitecture/summon/engine';
 import type {
   SummonModelChunk,
   SummonModelRequest,
-  SummonRepairRequest,
 } from '@anarchitecture/summon-server';
 
 export type ModelProviderId = 'anthropic' | 'openai' | 'gemini';
@@ -51,12 +50,6 @@ export interface ModelProviderControls {
     default: number;
     presets: number[];
   };
-  repairMaxOutputTokens: {
-    min: number;
-    max: number;
-    default: number;
-    presets: number[];
-  };
   anthropicThinking?: {
     default: AnthropicThinkingMode;
     options: AnthropicThinkingMode[];
@@ -88,7 +81,6 @@ export interface ModelProviderInfo {
 
 export interface NormalizedModelOptions {
   maxOutputTokens: number;
-  repairMaxOutputTokens: number;
   anthropicThinking?: AnthropicThinkingMode;
   effort?: ModelEffort;
 }
@@ -106,7 +98,6 @@ export interface ModelProviderAdapter extends ModelProviderInfo, TextCompletionC
     onUsage: (usage: ProviderUsageSnapshot) => void,
     selection?: ModelSelection,
   ): AsyncGenerator<SummonModelChunk, void, void>;
-  repairSurfaceSection(request: SummonRepairRequest, selection?: ModelSelection): Promise<string>;
   completeText(request: TextCompletionRequest, selection?: ModelSelection): Promise<string>;
   resolveSelection(raw: unknown): { ok: true; selection: ModelSelection } | { ok: false; error: string };
 }
@@ -128,7 +119,6 @@ const DEFAULT_OPENAI_UTILITY_MODEL = 'gpt-5-mini';
 const DEFAULT_GEMINI_MODEL = 'gemini-2.5-pro';
 const DEFAULT_GEMINI_UTILITY_MODEL = 'gemini-2.5-flash';
 const DEFAULT_GENERATION_MAX_TOKENS = 64000;
-const DEFAULT_REPAIR_MAX_TOKENS = 12000;
 const MIN_OUTPUT_TOKENS = 1000;
 const MAX_OUTPUT_TOKENS = 128000;
 const MODEL_ID_RE = /^[A-Za-z0-9][A-Za-z0-9._:/-]{0,127}$/;
@@ -151,6 +141,7 @@ const ANTHROPIC_MODELS: ModelCatalogEntry[] = [
     status: 'stable',
     tier: 'frontier',
     maxOutputTokens: 128000,
+    anthropicThinking: 'optional',
   },
   {
     id: 'claude-sonnet-4-6',
@@ -166,7 +157,6 @@ const ANTHROPIC_MODELS: ModelCatalogEntry[] = [
     status: 'stable',
     tier: 'fast',
     maxOutputTokens: 64000,
-    anthropicThinking: 'optional',
   },
 ];
 
@@ -279,15 +269,8 @@ function createProviderDefaults(args: {
     Math.min(MAX_OUTPUT_TOKENS, modelMax),
     Math.min(DEFAULT_GENERATION_MAX_TOKENS, modelMax),
   );
-  const repairMaxOutputTokens = clampInt(
-    Number(args.env.SUMMON_REPAIR_MAX_TOKENS),
-    MIN_OUTPUT_TOKENS,
-    Math.min(MAX_OUTPUT_TOKENS, modelMax),
-    Math.min(DEFAULT_REPAIR_MAX_TOKENS, modelMax),
-  );
   const options: NormalizedModelOptions = {
     maxOutputTokens,
-    repairMaxOutputTokens,
   };
   if (args.anthropic) {
     const thinking = parseThinkingMode(
@@ -295,9 +278,10 @@ function createProviderDefaults(args: {
       'adaptive',
     );
     options.anthropicThinking = forceThinkingForModel(args.catalog, generationModel, thinking);
-    options.effort = parseEffort(
-      args.env.SUMMON_ANTHROPIC_EFFORT ?? args.env.ANTHROPIC_EFFORT,
-      'medium',
+    options.effort = forceEffortForModel(
+      args.catalog,
+      generationModel,
+      parseEffort(args.env.SUMMON_ANTHROPIC_EFFORT ?? args.env.ANTHROPIC_EFFORT, 'medium'),
     );
   }
   return {
@@ -316,12 +300,6 @@ function createProviderControls(defaults: ModelProviderDefaults, anthropic = fal
       default: defaults.modelOptions.maxOutputTokens,
       presets: [8000, 12000, 16000, 32000, 64000],
     },
-    repairMaxOutputTokens: {
-      min: MIN_OUTPUT_TOKENS,
-      max: MAX_OUTPUT_TOKENS,
-      default: defaults.modelOptions.repairMaxOutputTokens,
-      presets: [4000, 8000, 12000, 16000],
-    },
     ...(anthropic
       ? {
           anthropicThinking: {
@@ -380,12 +358,6 @@ function createSelectionResolver(args: {
         Math.min(MAX_OUTPUT_TOKENS, modelMax),
         Math.min(args.defaults.modelOptions.maxOutputTokens, modelMax),
       ),
-      repairMaxOutputTokens: clampInt(
-        rawOptions.repairMaxOutputTokens,
-        MIN_OUTPUT_TOKENS,
-        Math.min(MAX_OUTPUT_TOKENS, modelMax),
-        Math.min(args.defaults.modelOptions.repairMaxOutputTokens, modelMax),
-      ),
     };
     if (args.anthropic) {
       const requestedThinking = parseThinkingMode(
@@ -393,7 +365,11 @@ function createSelectionResolver(args: {
         args.defaults.modelOptions.anthropicThinking ?? 'adaptive',
       );
       options.anthropicThinking = forceThinkingForModel(args.models, generationModel.model, requestedThinking);
-      options.effort = parseEffort(rawOptions.effort, args.defaults.modelOptions.effort ?? 'medium');
+      options.effort = forceEffortForModel(
+        args.models,
+        generationModel.model,
+        parseEffort(rawOptions.effort, args.defaults.modelOptions.effort ?? 'medium'),
+      );
     }
 
     return {
@@ -448,7 +424,20 @@ function forceThinkingForModel(
   thinking: AnthropicThinkingMode,
 ): AnthropicThinkingMode {
   const entry = catalog.find((item) => item.id === model);
-  return entry?.anthropicThinking === 'always' ? 'adaptive' : thinking;
+  if (entry?.anthropicThinking === 'always') return 'adaptive';
+  if (entry?.anthropicThinking === 'optional') return thinking;
+  return 'off';
+}
+
+function forceEffortForModel(
+  catalog: ModelCatalogEntry[],
+  model: string,
+  effort: ModelEffort,
+): ModelEffort | undefined {
+  const entry = catalog.find((item) => item.id === model);
+  return entry?.anthropicThinking === 'always' || entry?.anthropicThinking === 'optional'
+    ? effort
+    : undefined;
 }
 
 function parseThinkingMode(raw: unknown, fallback: AnthropicThinkingMode): AnthropicThinkingMode {
@@ -512,7 +501,7 @@ function createAnthropicProvider(env: NodeJS.ProcessEnv): ModelProviderAdapter {
         ...(selection.options.effort
           ? { output_config: { effort: selection.options.effort } }
           : {}),
-        system: request.promptBlocks.map(anthropicSystemBlock),
+        system: anthropicSystemBlocks(request.promptBlocks),
         messages: [{ role: 'user', content: request.prompt }],
       });
 
@@ -537,22 +526,6 @@ function createAnthropicProvider(env: NodeJS.ProcessEnv): ModelProviderAdapter {
       const final = await stream.finalMessage();
       onUsage(normalizeAnthropicUsage(final.usage));
     },
-    async repairSurfaceSection(request, selection = defaultsToSelection(defaults)) {
-      const repairMessage = await ensureClient().messages.create({
-        model: selection.generationModel,
-        max_tokens: selection.options.repairMaxOutputTokens,
-        system: [
-          ...request.promptBlocks.map(anthropicSystemBlock),
-          {
-            type: 'text',
-            text: repairModeSystemText(),
-            cache_control: { type: 'ephemeral' },
-          },
-        ],
-        messages: [{ role: 'user', content: request.prompt }],
-      });
-      return extractAnthropicText(repairMessage.content);
-    },
     async completeText(request, selection = defaultsToSelection(defaults)) {
       const result = await ensureClient().messages.create({
         model: selection.utilityModel,
@@ -677,20 +650,6 @@ function createOpenAIProvider(env: NodeJS.ProcessEnv): ModelProviderAdapter {
         if (usage) onUsage(usage);
       }
     },
-    async repairSurfaceSection(request, selection = defaultsToSelection(defaults)) {
-      const response = await post(
-        '/responses',
-        responsesBody(
-          selection.generationModel,
-          `${promptBlocksToText(request.promptBlocks)}\n\n${repairModeSystemText()}`,
-          request.prompt,
-          selection.options.repairMaxOutputTokens,
-          false,
-        ),
-        request.signal,
-      );
-      return extractOpenAIText(await response.json());
-    },
     async completeText(request, selection = defaultsToSelection(defaults)) {
       const response = await post(
         '/responses',
@@ -787,19 +746,6 @@ function createGeminiProvider(env: NodeJS.ProcessEnv): ModelProviderAdapter {
         if (usage) onUsage(usage);
       }
     },
-    async repairSurfaceSection(request, selection = defaultsToSelection(defaults)) {
-      const response = await post(
-        selection.generationModel,
-        'generateContent',
-        geminiBody(
-          `${promptBlocksToText(request.promptBlocks)}\n\n${repairModeSystemText()}`,
-          request.prompt,
-          selection.options.repairMaxOutputTokens,
-        ),
-        request.signal,
-      );
-      return extractGeminiText(await response.json()).trim();
-    },
     async completeText(request, selection = defaultsToSelection(defaults)) {
       const response = await post(
         selection.utilityModel,
@@ -812,8 +758,19 @@ function createGeminiProvider(env: NodeJS.ProcessEnv): ModelProviderAdapter {
   };
 }
 
-function anthropicSystemBlock(block: ContractPromptBlock): Anthropic.TextBlockParam {
-  if (block.cache === 'ephemeral') {
+const ANTHROPIC_MAX_CACHE_CONTROL_BLOCKS = 4;
+
+function anthropicSystemBlocks(blocks: ContractPromptBlock[]): Anthropic.TextBlockParam[] {
+  let cacheBlocksRemaining = ANTHROPIC_MAX_CACHE_CONTROL_BLOCKS;
+  return blocks.map((block) => {
+    const shouldCache = block.cache === 'ephemeral' && cacheBlocksRemaining > 0;
+    if (shouldCache) cacheBlocksRemaining -= 1;
+    return anthropicSystemBlock(block, shouldCache);
+  });
+}
+
+function anthropicSystemBlock(block: ContractPromptBlock, cache: boolean): Anthropic.TextBlockParam {
+  if (cache) {
     return {
       type: 'text',
       text: block.text,
@@ -830,10 +787,6 @@ function promptBlocksToText(blocks: ContractPromptBlock[]): string {
   return blocks.map((block) => block.text).join('\n\n');
 }
 
-function repairModeSystemText(): string {
-  return '## Repair mode\n\nYou are repairing one blocked Summon target. Return exactly one safe replacement `add` JSONL line for the same target path and nothing else.';
-}
-
 function extractAnthropicText(content: Anthropic.Message['content']): string {
   return content
     .map((block) => (block.type === 'text' ? block.text : ''))
diff --git a/apps/server/src/surface-plan.test.ts b/apps/server/src/surface-plan.test.ts
deleted file mode 100644
index e3bf4a6..0000000
--- a/apps/server/src/surface-plan.test.ts
+++ /dev/null
@@ -1,267 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { resolveSurfaceGenerationPlan } from '@anarchitecture/summon-server';
-import type { CapabilityPack } from '@anarchitecture/summon';
-import { parseCapabilityPack } from './capability-pack.js';
-
-const capabilities: CapabilityPack = {
-  intents: [
-    {
-      name: 'search',
-      description: 'Search host data.',
-      argsSchema: '{query: string}',
-      stateShape: '{}',
-      kind: 'resource',
-      surface: { data: 'host-resource', authority: 'read' },
-    },
-    {
-      name: 'analyze',
-      description: 'Run worker analysis.',
-      argsSchema: '{id: string}',
-      stateShape: '{}',
-      surface: { data: 'worker', authority: 'host-action' },
-    },
-    {
-      name: 'publish',
-      description: 'Publish after approval.',
-      argsSchema: '{title: string}',
-      stateShape: '{}',
-      surface: { authority: 'approval-gated' },
-    },
-  ],
-};
-
-test('explicit surface plan is honored when within ceiling', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'publish this',
-    mode: 'interactive',
-    capabilities,
-    rawSurfacePlan: {
-      purpose: 'operate',
-      runtime: 'worker',
-      data: 'worker',
-      authority: 'approval-gated',
-      persistence: 'replayable',
-    },
-    rawSurfaceCeiling: {
-      runtimes: ['static', 'declarative', 'worker'],
-      data: ['embedded', 'host-resource', 'worker'],
-      authorities: ['none', 'read', 'host-action', 'approval-gated'],
-      persistences: ['replayable'],
-    },
-  });
-
-  assert.equal(resolved.explicitAccepted, true);
-  assert.equal(resolved.source, 'explicit');
-  assert.equal(resolved.mode, 'interactive');
-  assert.equal(resolved.scriptPolicy, 'forbid');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'operate',
-    runtime: 'worker',
-    data: 'worker',
-    authority: 'approval-gated',
-    persistence: 'replayable',
-  });
-});
-
-test('missing surface plan returns inert interactive default despite capable grants', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'analyze this batch and publish the result after approval',
-    mode: 'interactive',
-    capabilities,
-  });
-
-  assert.equal(resolved.explicitAccepted, false);
-  assert.equal(resolved.source, 'default');
-  assert.equal(resolved.mode, 'interactive');
-  assert.equal(resolved.scriptPolicy, 'forbid');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  });
-});
-
-test('static mode stays static while preserving compatible surface metadata', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'search for recipes',
-    mode: 'static',
-    capabilities,
-  });
-
-  assert.equal(resolved.explicitAccepted, false);
-  assert.equal(resolved.source, 'default');
-  assert.equal(resolved.mode, 'static');
-  assert.equal(resolved.scriptPolicy, 'forbid');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'static',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  });
-});
-
-test('parsed worker capability resolves to worker surface when explicitly requested', () => {
-  const parsed = parseCapabilityPack({
-    intents: [
-      {
-        name: 'analysis',
-        description: 'Run worker analysis.',
-        argsSchema: '{topic: string}',
-        stateShape: '{}',
-        kind: 'resource',
-        surface: { data: 'worker', authority: 'read' },
-      },
-      {
-        name: 'compute_score',
-        description: 'Run worker calculation.',
-        argsSchema: '{topic: string}',
-        stateShape: '{}',
-        kind: 'action',
-        surface: { data: 'worker', authority: 'host-action' },
-      },
-    ],
-  });
-  assert.ok(parsed);
-
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'analyze and score this rollout plan',
-    mode: 'interactive',
-    capabilities: parsed,
-    rawSurfacePlan: {
-      purpose: 'inform',
-      runtime: 'worker',
-      data: 'worker',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-    rawSurfaceCeiling: {
-      runtimes: ['static', 'declarative', 'worker'],
-      data: ['embedded', 'host-resource', 'worker'],
-      authorities: ['none', 'read', 'host-action'],
-      persistences: ['replayable'],
-    },
-  });
-
-  assert.equal(resolved.explicitAccepted, true);
-  assert.equal(resolved.source, 'explicit');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'worker',
-    data: 'worker',
-    authority: 'host-action',
-    persistence: 'replayable',
-  });
-});
-
-test('legacy scripted surface plan falls back to declarative defaults', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'build keyboard shortcuts with local highlighted selection',
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    rawSurfacePlan: {
-      purpose: 'explore',
-      runtime: 'scripted',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-    rawSurfaceCeiling: {
-      runtimes: ['static', 'declarative', 'scripted'],
-      data: ['embedded'],
-      authorities: ['none', 'host-action'],
-      persistences: ['replayable'],
-    },
-  });
-
-  assert.equal(resolved.explicitAccepted, false);
-  assert.equal(resolved.source, 'default');
-  assert.equal(resolved.scriptPolicy, 'forbid');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  });
-});
-
-test('legacy script allow falls back to forbid when plan is invalid', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'build keyboard shortcuts with local highlighted selection',
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    rawSurfacePlan: {
-      purpose: 'explore',
-      runtime: 'scripted',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-    rawSurfaceCeiling: {
-      runtimes: ['static', 'declarative'],
-      data: ['embedded'],
-      authorities: ['none', 'host-action'],
-      persistences: ['replayable'],
-    },
-  });
-
-  assert.equal(resolved.explicitAccepted, false);
-  assert.equal(resolved.source, 'default');
-  assert.equal(resolved.scriptPolicy, 'forbid');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  });
-});
-
-test('parsed approval capability resolves to approval-gated authority', () => {
-  const parsed = parseCapabilityPack({
-    intents: [
-      {
-        name: 'publish_summary',
-        description: 'Publish after approval.',
-        argsSchema: '{title: string}',
-        stateShape: '{}',
-        kind: 'action',
-        surface: { authority: 'approval-gated' },
-      },
-    ],
-  });
-  assert.ok(parsed);
-
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'publish this summary after approval',
-    mode: 'interactive',
-    capabilities: parsed,
-    rawSurfacePlan: {
-      purpose: 'review',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'approval-gated',
-      persistence: 'replayable',
-    },
-    rawSurfaceCeiling: {
-      runtimes: ['static', 'declarative'],
-      data: ['embedded'],
-      authorities: ['none', 'read', 'host-action', 'approval-gated'],
-      persistences: ['replayable'],
-    },
-  });
-
-  assert.equal(resolved.explicitAccepted, true);
-  assert.equal(resolved.source, 'explicit');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'review',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'approval-gated',
-    persistence: 'replayable',
-  });
-});
diff --git a/apps/server/src/capability-pack.test.ts b/apps/server/src/tool-pack.test.ts
similarity index 68%
rename from apps/server/src/capability-pack.test.ts
rename to apps/server/src/tool-pack.test.ts
index 387353a..3d29e4b 100644
--- a/apps/server/src/capability-pack.test.ts
+++ b/apps/server/src/tool-pack.test.ts
@@ -1,10 +1,10 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
-import { parseCapabilityPack } from './capability-pack.js';
+import { parseToolPack } from './tool-pack.js';
 
-test('parseCapabilityPack preserves valid surface metadata', () => {
-  const pack = parseCapabilityPack({
-    intents: [
+test('parseToolPack preserves valid surface metadata', () => {
+  const pack = parseToolPack({
+    tools: [
       {
         name: 'analysis',
         description: 'Run worker analysis.',
@@ -26,15 +26,15 @@ test('parseCapabilityPack preserves valid surface metadata', () => {
     ],
   });
 
-  assert.deepEqual(pack?.intents.map((intent) => intent.surface), [
+  assert.deepEqual(pack?.tools.map((tool) => tool.surface), [
     { data: 'worker', authority: 'read' },
     { authority: 'approval-gated' },
   ]);
 });
 
-test('parseCapabilityPack drops invalid surface fields without dropping intent', () => {
-  const pack = parseCapabilityPack({
-    intents: [
+test('parseToolPack drops invalid surface fields without dropping tool', () => {
+  const pack = parseToolPack({
+    tools: [
       {
         name: 'lookup',
         description: 'Lookup something.',
@@ -53,7 +53,7 @@ test('parseCapabilityPack drops invalid surface fields without dropping intent',
     ],
   });
 
-  assert.equal(pack?.intents.length, 2);
-  assert.equal(pack?.intents[0]?.surface, undefined);
-  assert.deepEqual(pack?.intents[1]?.surface, { data: 'worker' });
+  assert.equal(pack?.tools.length, 2);
+  assert.equal(pack?.tools[0]?.surface, undefined);
+  assert.deepEqual(pack?.tools[1]?.surface, { data: 'worker' });
 });
diff --git a/apps/server/src/capability-pack.ts b/apps/server/src/tool-pack.ts
similarity index 60%
rename from apps/server/src/capability-pack.ts
rename to apps/server/src/tool-pack.ts
index 241def9..0de7bed 100644
--- a/apps/server/src/capability-pack.ts
+++ b/apps/server/src/tool-pack.ts
@@ -1,55 +1,55 @@
 import {
-  type CapabilityPack,
-  type CapabilityPattern,
-  type CapabilityStateKeys,
-  type CapabilitySurface,
-  type CapabilityTrigger,
-  type IntentSpec,
+  type ToolPack,
+  type ToolPattern,
+  type ToolStateKeys,
+  type ToolSurface,
+  type ToolTrigger,
+  type ToolSpec,
 } from '@anarchitecture/summon';
 
 /**
- * Validate a capability pack sent by the client. The server is intent-agnostic
+ * Validate a tool pack sent by the client. The server is tool-agnostic
  * — it accepts whatever the client declares, capping sizes to protect the
  * prompt budget. If the shape is invalid, returns null (generates without
- * capabilities), rather than rejecting the whole request.
+ * tools), rather than rejecting the whole request.
  */
-export function parseCapabilityPack(raw: unknown): CapabilityPack | null {
+export function parseToolPack(raw: unknown): ToolPack | null {
   if (!raw || typeof raw !== 'object') return null;
   const obj = raw as Record<string, unknown>;
-  const rawIntents = obj.intents;
-  if (!Array.isArray(rawIntents)) return null;
-  const intents: IntentSpec[] = [];
-  for (const r of rawIntents) {
+  const rawTools = obj.tools;
+  if (!Array.isArray(rawTools)) return null;
+  const tools: ToolSpec[] = [];
+  for (const r of rawTools) {
     if (!r || typeof r !== 'object') continue;
     const i = r as Record<string, unknown>;
     if (typeof i.name !== 'string' || !i.name || !/^[a-z][a-z0-9_]{0,39}$/i.test(i.name)) continue;
     const kind = i.kind === 'resource' ? 'resource' : i.kind === 'action' ? 'action' : undefined;
-    const intent: IntentSpec = {
+    const tool: ToolSpec = {
       name: i.name,
       description: String(i.description ?? '').slice(0, 500),
       argsSchema: String(i.argsSchema ?? '{}').slice(0, 200),
       stateShape: String(i.stateShape ?? '{}').slice(0, 400),
       ...(kind ? { kind } : {}),
-      ...parseCapabilityTriggers(i.triggers),
-      ...parseCapabilityStateKeys(i.stateKeys),
-      ...parseCapabilitySurface(i.surface),
+      ...parseToolTriggers(i.triggers),
+      ...parseToolStateKeys(i.stateKeys),
+      ...parseToolSurface(i.surface),
     };
     if (typeof i.resultSchema === 'string') {
-      intent.resultSchema = i.resultSchema.slice(0, 400);
+      tool.resultSchema = i.resultSchema.slice(0, 400);
     }
     if (typeof i.defaultDataShape === 'string') {
-      intent.defaultDataShape = i.defaultDataShape.slice(0, 400);
+      tool.defaultDataShape = i.defaultDataShape.slice(0, 400);
     }
     if (Object.prototype.hasOwnProperty.call(i, 'defaultData') && isSmallJsonValue(i.defaultData, 2000)) {
-      intent.defaultData = i.defaultData;
+      tool.defaultData = i.defaultData;
     }
-    intents.push(intent);
-    if (intents.length >= 32) break;
+    tools.push(tool);
+    if (tools.length >= 32) break;
   }
-  if (intents.length === 0) return null;
+  if (tools.length === 0) return null;
 
   const rawPatterns = obj.patterns;
-  const patterns: CapabilityPattern[] = [];
+  const patterns: ToolPattern[] = [];
   if (Array.isArray(rawPatterns)) {
     for (const r of rawPatterns) {
       if (!r || typeof r !== 'object') continue;
@@ -58,13 +58,13 @@ export function parseCapabilityPack(raw: unknown): CapabilityPack | null {
       patterns.push({
         name: p.name.slice(0, 100),
         code: p.code.slice(0, 4000),
-        ...(typeof p.intent === 'string' && p.intent ? { intent: p.intent.slice(0, 40) } : {}),
+        ...(typeof p.tool === 'string' && p.tool ? { tool: p.tool.slice(0, 40) } : {}),
       });
       if (patterns.length >= 12) break;
     }
   }
 
-  return { intents, patterns: patterns.length > 0 ? patterns : undefined };
+  return { tools, patterns: patterns.length > 0 ? patterns : undefined };
 }
 
 function isSmallJsonValue(value: unknown, maxChars: number): boolean {
@@ -75,20 +75,20 @@ function isSmallJsonValue(value: unknown, maxChars: number): boolean {
   }
 }
 
-function parseCapabilityTriggers(raw: unknown): { triggers?: CapabilityTrigger[] } {
+function parseToolTriggers(raw: unknown): { triggers?: ToolTrigger[] } {
   if (!Array.isArray(raw)) return {};
-  const allowed = new Set<CapabilityTrigger>(['click', 'submit', 'mount']);
+  const allowed = new Set<ToolTrigger>(['click', 'submit', 'mount']);
   const triggers = raw.filter(
-    (trigger): trigger is CapabilityTrigger =>
-      typeof trigger === 'string' && allowed.has(trigger as CapabilityTrigger),
+    (trigger): trigger is ToolTrigger =>
+      typeof trigger === 'string' && allowed.has(trigger as ToolTrigger),
   );
   return triggers.length > 0 ? { triggers: Array.from(new Set(triggers)) } : {};
 }
 
-function parseCapabilityStateKeys(raw: unknown): { stateKeys?: CapabilityStateKeys } {
+function parseToolStateKeys(raw: unknown): { stateKeys?: ToolStateKeys } {
   if (!raw || typeof raw !== 'object') return {};
   const obj = raw as Record<string, unknown>;
-  const stateKeys: CapabilityStateKeys = {};
+  const stateKeys: ToolStateKeys = {};
   for (const key of ['loading', 'data', 'error'] as const) {
     const value = obj[key];
     if (typeof value === 'string' && /^[a-zA-Z_$][\w$.-]{0,79}$/.test(value)) {
@@ -98,10 +98,10 @@ function parseCapabilityStateKeys(raw: unknown): { stateKeys?: CapabilityStateKe
   return Object.keys(stateKeys).length > 0 ? { stateKeys } : {};
 }
 
-function parseCapabilitySurface(raw: unknown): { surface?: CapabilitySurface } {
+function parseToolSurface(raw: unknown): { surface?: ToolSurface } {
   if (!raw || typeof raw !== 'object') return {};
   const obj = raw as Record<string, unknown>;
-  const surface: CapabilitySurface = {};
+  const surface: ToolSurface = {};
   if (obj.data === 'host-resource' || obj.data === 'worker') {
     surface.data = obj.data;
   }
diff --git a/apps/surface-gallery/src/main.ts b/apps/surface-gallery/src/main.ts
index 26bc343..7d46c5a 100644
--- a/apps/surface-gallery/src/main.ts
+++ b/apps/surface-gallery/src/main.ts
@@ -1,5 +1,4 @@
 import {
-  compileArtifactHtml,
   compileSurfacePolicy,
   PolicyEngine,
   type ApprovalDecision,
@@ -16,9 +15,9 @@ import {
   type SurfaceStreamContext,
 } from '@anarchitecture/summon/browser';
 import { createEventStore, type DevtoolsEvent } from '@anarchitecture/summon/devtools';
-import { SectionAccumulator, type ProtocolLine, type SurfaceContractView, type ValidationContext } from '@anarchitecture/summon/engine';
-import { bootstrapSource, tokensSource } from '@anarchitecture/summon/assets';
-import { createGalleryCapabilityRegistry } from './capabilities.js';
+import { type ProtocolLine, type SurfaceContractView, type ValidationContext } from '@anarchitecture/summon/engine';
+import { arrowRuntimeSource, bootstrapSource, tokensSource } from '@anarchitecture/summon/assets';
+import { createGalleryToolRegistry } from './tools.js';
 import {
   allGalleryComponentNames,
   createGalleryComponentRegistry,
@@ -146,7 +145,6 @@ const eventCount = document.getElementById('event-count')!;
 const eventLog = document.getElementById('event-log')!;
 
 const events = createEventStore({ bufferSize: 120 });
-const accumulator = new SectionAccumulator();
 const hostMessages: string[] = [];
 
 type InspectorTab = 'contract' | 'stream' | 'state';
@@ -251,7 +249,7 @@ function selectPreset(id: string): void {
   welcome.hidden = false;
 }
 
-function respawnSandbox(initialHtml = ''): void {
+function respawnSandbox(): void {
   clearApprovalCards('Approval request was replaced');
   islands?.destroy();
   islands = null;
@@ -260,12 +258,12 @@ function respawnSandbox(initialHtml = ''): void {
   policy = null;
 
   const compiledPolicy = compiledPolicyFor(selectedPreset);
-  const capabilityRegistry = createGalleryCapabilityRegistry(compiledPolicy.policy.grants, {
+  const toolRegistry = createGalleryToolRegistry(compiledPolicy.policy.grants, {
     onLog: pushHostMessage,
     modelSelection: readModelSelection,
     onApprovalRequest: requestHostApproval,
   });
-  const capabilityContract = capabilityRegistry.toContract();
+  const toolContract = toolRegistry.toContract();
   const componentRegistry = compiledPolicy.policy.components.length
     ? createGalleryComponentRegistry(compiledPolicy.policy.components)
     : null;
@@ -282,28 +280,27 @@ function respawnSandbox(initialHtml = ''): void {
   }
 
   const initialState = compiledPolicy.mode === 'interactive'
-    ? capabilityContract.initialState
+    ? toolContract.initialState
     : {};
   const validationContext = validationContextForPolicy(
     compiledPolicy,
-    capabilityRegistry.intents(),
-    capabilityContract.validationCapabilities,
+    toolRegistry.tools(),
+    toolContract.validationTools,
     componentContract?.validationComponents,
   );
-  const compiledInitialHtml = compileArtifactHtml(initialHtml, validationContext).html;
   renderState(initialState);
 
   if (compiledPolicy.mode === 'interactive') {
     policy = new PolicyEngine({
       initialState,
-      handlers: capabilityRegistry.toPolicyHandlers(),
+      handlers: toolRegistry.toPolicyHandlers(),
       events,
       onStateChange: (state) => {
         renderState(state);
         handle?.pushState(state);
       },
-      onHandlerError: (intent, error) => {
-        pushHostMessage(`host handler ${intent}: ${error.message}`, { attention: true });
+      onHandlerError: (tool, error) => {
+        pushHostMessage(`host handler ${tool}: ${error.message}`, { attention: true });
       },
     });
   }
@@ -311,27 +308,29 @@ function respawnSandbox(initialHtml = ''): void {
   handle = spawnSandbox({
     iframe,
     artifact: {
-      html: compiledInitialHtml,
-      intents: [],
-      capabilities: capabilityContract.validationCapabilities,
+      runtime: 'arrow',
+      tools: [],
+      validationTools: toolContract.validationTools,
       components: componentContract?.validationComponents,
       initialState,
     },
-    grantedIntents: compiledPolicy.mode === 'interactive' ? capabilityRegistry.intents() : [],
-    grantedCapabilities: compiledPolicy.mode === 'interactive'
-      ? capabilityContract.validationCapabilities
+    grantedTools: compiledPolicy.mode === 'interactive' ? toolRegistry.tools() : [],
+    validationTools: compiledPolicy.mode === 'interactive'
+      ? toolContract.validationTools
       : [],
     bootstrapSource,
+    arrowRuntimeSource,
     tokensSource: activeTokensSourceOverride ?? tokensSource,
     events,
-    onIntent: (intent, args) => {
-      void policy?.dispatch(intent, args);
+    onToolCall: (tool, args) => {
+      if (!policy) return {};
+      return policy.dispatch(tool, args).then((result) => result.state);
     },
     onComponents: (components, sandboxId) => {
       islands?.sync(components, {
         sandboxId,
-        emitIntent: (intent, args = {}) => {
-          void policy?.dispatch(intent, args);
+        callTool: (tool, args = {}) => {
+          void policy?.dispatch(tool, args);
         },
       });
     },
@@ -344,7 +343,6 @@ function respawnSandbox(initialHtml = ''): void {
 async function generateSelectedSurface(): Promise<void> {
   abortController?.abort();
   abortController = new AbortController();
-  accumulator.reset();
   events.clear();
   hostMessages.length = 0;
   currentSurfaceContractView = null;
@@ -359,8 +357,8 @@ async function generateSelectedSurface(): Promise<void> {
   events.push({ kind: 'stream-lifecycle', at: Date.now(), phase: 'start' });
 
   const compiledPolicy = compiledPolicyFor(selectedPreset);
-  const capabilityPack = createGalleryCapabilityRegistry().toContract().pack;
-  const validationContract = createGalleryCapabilityRegistry(compiledPolicy.policy.grants).toContract();
+  const toolPack = createGalleryToolRegistry().toContract().pack;
+  const validationContract = createGalleryToolRegistry(compiledPolicy.policy.grants).toContract();
   const componentPack = componentCeilingFor(selectedPreset);
 
   try {
@@ -372,7 +370,7 @@ async function generateSelectedSurface(): Promise<void> {
         prompt: promptEl.value.trim(),
         ...readModelSelection(),
         surfacePolicy: selectedPreset.surfacePolicy,
-        capabilities: capabilityPack,
+        tools: toolPack,
         ...(componentPack ? { components: componentPack } : {}),
         ...(selectedPreset.ghost
           ? {
@@ -395,20 +393,18 @@ async function generateSelectedSurface(): Promise<void> {
 
     await consumeSurfaceStream(response.body, {
       mode: compiledPolicy.mode,
-      renderMode: 'live',
-      accumulator,
       validationContext: validationContextForPolicy(
         compiledPolicy,
         compiledPolicy.policy.grants,
-        validationContract.validationCapabilities,
+        validationContract.validationTools,
         componentPack?.components.map((component) => ({ name: component.name, surface: component.surface })),
       ),
       onLine: (line, context) => handleLine(line, context),
       onMeta: (line) => handleMeta(line),
-      onRenderHtml: (html) => {
+      onArtifact: (artifact) => {
         surfaceRenderedDuringRun = true;
         welcome.hidden = true;
-        handle?.render(html);
+        handle?.renderArtifact(artifact);
       },
       onParseError: (raw) => {
         events.push({ kind: 'protocol-parse-error', at: Date.now(), raw });
@@ -440,22 +436,21 @@ function componentCeilingFor(preset: GalleryPreset): ComponentPack | null {
 
 function compiledPolicyFor(preset: GalleryPreset): CompiledSurfacePolicy {
   return compileSurfacePolicy(preset.surfacePolicy, {
-    capabilities: createGalleryCapabilityRegistry().toContract().pack,
+    tools: createGalleryToolRegistry().toContract().pack,
     components: createGalleryComponentRegistry().toContract().pack,
   });
 }
 
 function validationContextForPolicy(
   compiledPolicy: CompiledSurfacePolicy,
-  grantedIntents: string[],
-  capabilities: ValidationContext['capabilities'],
+  grantedTools: string[],
+  tools: ValidationContext['tools'],
   components: ValidationContext['components'],
 ): ValidationContext {
   return {
     mode: compiledPolicy.mode,
-    scriptPolicy: compiledPolicy.scriptPolicy,
-    allowedIntents: grantedIntents,
-    capabilities,
+    allowedTools: grantedTools,
+    tools,
     components,
     surfacePlan: compiledPolicy.surfacePlan,
   };
@@ -501,8 +496,7 @@ function handleMeta(line: Extract<ProtocolLine, { op: 'meta' }>): void {
     const value = line.value as { css?: unknown };
     if (typeof value.css === 'string' && value.css.trim()) {
       activeTokensSourceOverride = value.css;
-      const composed = accumulator.hasAnySection() ? accumulator.compose() : null;
-      respawnSandbox(composed ?? '');
+      respawnSandbox();
     }
   }
   skippedCountEl.textContent = String(skippedLines);
@@ -519,7 +513,6 @@ function renderAuthorityMeter(compiled: CompiledSurfacePolicy): void {
     ['Runtime', plan.runtime],
     ['Data', plan.data],
     ['Authority', plan.authority],
-    ['Scripts', compiled.scriptPolicy],
     ['Network', 'blocked'],
     ['Storage', 'blocked'],
     ['Parent DOM', 'blocked'],
@@ -595,7 +588,7 @@ function renderContract(): void {
     ['policy', 'Surface config', policy],
     ['tier', 'Surface type', contract?.surface.policy.tier ?? selectedPreset.surfacePolicy.tier],
     ...(contract
-      ? [['runtime', 'Runtime', `${contract.surface.mode} - scripts ${contract.surface.scriptPolicy}`] as [string, string, string]]
+      ? [['runtime', 'Runtime', `${contract.surface.mode} - ${contract.surface.plan.runtime}`] as [string, string, string]]
       : []),
     ['grants', 'Allowed host tools', allowedHostTools],
     ['components', 'Trusted components', components],
@@ -876,16 +869,18 @@ function describeEvent(event: DevtoolsEvent): string {
   switch (event.kind) {
     case 'protocol-line':
       return `protocol ${event.line.op} ${event.line.path}`;
-    case 'intent-emitted':
-      return `host tool ${event.intent}`;
-    case 'intent-dispatched':
-      return `host dispatch ${event.intent}`;
-    case 'intent-settled':
-      return `host settled ${event.intent} ${event.ok ? 'ok' : 'error'}`;
+    case 'tool-called':
+      return `host tool ${event.tool}`;
+    case 'tool-dispatched':
+      return `host dispatch ${event.tool}`;
+    case 'tool-settled':
+      return `host settled ${event.tool} ${event.ok ? 'ok' : 'error'}`;
     case 'state-pushed':
       return `state ${Object.keys(event.patch).join(', ') || 'updated'}`;
     case 'component-error':
       return `component ${event.code}: ${event.reason}`;
+    case 'rendered':
+      return `rendered revision ${event.revision}`;
     case 'stream-lifecycle':
       return `stream ${event.phase}${event.ok === undefined ? '' : event.ok ? ' ok' : ' error'}`;
     case 'surface-contract':
@@ -912,7 +907,7 @@ function requestHostApproval(request: ApprovalRequest): Promise<ApprovalDecision
 
     const eyebrow = document.createElement('span');
     eyebrow.className = approvalEyebrowClass;
-    eyebrow.textContent = request.capability;
+    eyebrow.textContent = request.tool;
 
     const title = document.createElement('strong');
     title.className = approvalTitleClass;
diff --git a/apps/surface-gallery/src/presets.test.ts b/apps/surface-gallery/src/presets.test.ts
index cd0bd7c..a8d5e17 100644
--- a/apps/surface-gallery/src/presets.test.ts
+++ b/apps/surface-gallery/src/presets.test.ts
@@ -7,12 +7,12 @@ import {
   compileSurfacePolicy,
   normalizeSurfacePolicy,
 } from '@anarchitecture/summon';
-import { allGalleryCapabilityNames, createGalleryCapabilityRegistry } from './capabilities.js';
+import { allGalleryToolNames, createGalleryToolRegistry } from './tools.js';
 import { allGalleryComponentNames, createGalleryComponentRegistry } from './components.js';
 import { GALLERY_PRESETS } from './presets.js';
 
 test('gallery presets are explicit, valid, and policy-complete', () => {
-  const capabilityNames = new Set(allGalleryCapabilityNames());
+  const toolNames = new Set(allGalleryToolNames());
   const componentNames = new Set(allGalleryComponentNames());
   const seen = new Set<string>();
   const requiredIds = [
@@ -41,20 +41,20 @@ test('gallery presets are explicit, valid, and policy-complete', () => {
       persistence: preset.surfacePolicy.persistence ?? 'replayable',
     });
 
-    for (const capability of preset.surfacePolicy.grants ?? []) {
-      assert.equal(capabilityNames.has(capability), true, `${preset.id} references unknown capability ${capability}`);
+    for (const tool of preset.surfacePolicy.grants ?? []) {
+      assert.equal(toolNames.has(tool), true, `${preset.id} references unknown tool ${tool}`);
     }
     for (const component of preset.surfacePolicy.components ?? []) {
       assert.equal(componentNames.has(component), true, `${preset.id} references unknown component ${component}`);
     }
 
     const compiled = compileSurfacePolicy(preset.surfacePolicy, {
-      capabilities: createGalleryCapabilityRegistry().toContract().pack,
+      tools: createGalleryToolRegistry().toContract().pack,
       components: createGalleryComponentRegistry().toContract().pack,
     });
     assert.deepEqual(compiled.issues, []);
     assert.deepEqual(
-      compiled.capabilities?.intents.map((intent) => intent.name) ?? [],
+      compiled.tools?.tools.map((tool) => tool.name) ?? [],
       preset.surfacePolicy.grants ?? [],
     );
     assert.deepEqual(
diff --git a/apps/surface-gallery/src/presets.ts b/apps/surface-gallery/src/presets.ts
index f42d04f..80f316c 100644
--- a/apps/surface-gallery/src/presets.ts
+++ b/apps/surface-gallery/src/presets.ts
@@ -53,7 +53,7 @@ export const GALLERY_PRESETS: GalleryPreset[] = [
       watchFor: [
         'The generated surface can still use strong layout, typography, tables, timelines, and inline SVG.',
         'The authority meter stays at none/read-only and scripts remain forbidden.',
-        'The boundary prompt is blocked or repaired without changing the host-selected policy.',
+        'The boundary prompt is blocked without changing the host-selected policy.',
       ],
       takeaway: 'Expression can be large even when authority is zero.',
     },
@@ -77,7 +77,7 @@ export const GALLERY_PRESETS: GalleryPreset[] = [
     notes: {
       setup: 'After generation, submit a query such as “Bluebird Coffee payouts”.',
       watchFor: [
-        'The sandbox emits only the granted search intent.',
+        'The sandbox emits only the granted search tool.',
         'The host dispatches search and pushes validated state back.',
         'The surface must render loading, error, empty, and data states instead of hallucinating host rows.',
       ],
@@ -203,7 +203,7 @@ export const GALLERY_PRESETS: GalleryPreset[] = [
     title: 'Boundary stress test',
     category: 'Boundary',
     description: 'A deliberately hostile prompt tries to exceed a narrow declarative policy.',
-    claim: 'Prompt intent does not become authority. The same host-selected policy still decides what can run.',
+    claim: 'Prompt tool does not become authority. The same host-selected policy still decides what can run.',
     boundary: 'Only search is granted; scripts, external URLs, unsafe tags, storage, parent DOM, and unknown actions should fail closed.',
     featured: true,
     prompt:
@@ -211,8 +211,8 @@ export const GALLERY_PRESETS: GalleryPreset[] = [
     notes: {
       setup: 'Run this preset and switch to the Stream inspector if it does not switch automatically.',
       watchFor: [
-        'Validation should block or repair unsafe tags, scripts, and external URLs.',
-        'Unknown intents should be rejected by the bridge and/or validator.',
+        'Validation should block unsafe tags, scripts, and external URLs.',
+        'Unknown tools should be rejected by the bridge and/or validator.',
         'The sandbox boundary remains unchanged despite the prompt.',
       ],
       takeaway: 'Summon is designed for model misbehavior, not model obedience.',
diff --git a/apps/surface-gallery/src/capabilities.ts b/apps/surface-gallery/src/tools.ts
similarity index 65%
rename from apps/surface-gallery/src/capabilities.ts
rename to apps/surface-gallery/src/tools.ts
index 2881cc5..43a3b2f 100644
--- a/apps/surface-gallery/src/capabilities.ts
+++ b/apps/surface-gallery/src/tools.ts
@@ -1,5 +1,5 @@
 import {
-  createCapabilityRegistry,
+  createToolRegistry,
   defineAction,
   defineApprovalAction,
   defineDataResource,
@@ -7,12 +7,12 @@ import {
   defineWorkerResource,
   type ApprovalDecision,
   type ApprovalRequest,
-  type CapabilityDefinition,
-  type CapabilityRegistry,
+  type ToolDefinition,
+  type ToolRegistry,
 } from '@anarchitecture/summon';
 import { z } from 'zod';
 
-export interface GalleryCapabilityOptions {
+export interface GalleryToolOptions {
   onLog?: (message: string) => void;
   onStatePreview?: (state: Record<string, unknown>) => void;
   modelSelection?: () => object;
@@ -55,23 +55,23 @@ interface RefundPlan {
   rail: string;
 }
 
-export function createGalleryCapabilityRegistry(
-  capabilityNames?: readonly string[],
-  opts: GalleryCapabilityOptions = {},
-): CapabilityRegistry {
-  const allowed = capabilityNames ? new Set(capabilityNames) : null;
-  return createCapabilityRegistry(
-    galleryCapabilityDefinitions(opts).filter((definition) =>
+export function createGalleryToolRegistry(
+  toolNames?: readonly string[],
+  opts: GalleryToolOptions = {},
+): ToolRegistry {
+  const allowed = toolNames ? new Set(toolNames) : null;
+  return createToolRegistry(
+    galleryToolDefinitions(opts).filter((definition) =>
       allowed ? allowed.has(definition.name) : true,
     ),
   );
 }
 
-export function allGalleryCapabilityNames(): string[] {
-  return galleryCapabilityDefinitions({}).map((definition) => definition.name);
+export function allGalleryToolNames(): string[] {
+  return galleryToolDefinitions({}).map((definition) => definition.name);
 }
 
-function galleryCapabilityDefinitions(opts: GalleryCapabilityOptions): CapabilityDefinition<any>[] {
+function galleryToolDefinitions(opts: GalleryToolOptions): ToolDefinition<any>[] {
   const log = opts.onLog ?? (() => {});
   const statePreview = opts.onStatePreview ?? (() => {});
   const choices: string[] = [];
@@ -91,23 +91,32 @@ function galleryCapabilityDefinitions(opts: GalleryCapabilityOptions): Capabilit
       patterns: [
         {
           name: 'Search resource',
-          code: `<div data-summon-resource="search" data-summon-resource-as="s">
-  <form data-summon-resource-trigger="submit">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ searching: false, results: [] as Array<{ title: string; snippet: string }>, searchError: "", noResults: false });
+onState((hostState) => {
+  state.searching = Boolean(hostState.searching);
+  state.results = Array.isArray(hostState.results) ? hostState.results : [];
+  state.searchError = String(hostState.searchError ?? "");
+  state.noResults = Boolean(hostState.noResults);
+});
+
+async function search(event: SubmitEvent) {
+  event.preventDefault();
+  const query = String(new FormData(event.currentTarget as HTMLFormElement).get("query") ?? "");
+  await callTool("search", { query });
+}
+
+export default html\`
+  <form @submit="\${search}">
     <input name="query" placeholder="Search dinner ideas">
-    <button data-summon-attr-disabled="$s.loading">Search</button>
+    <button class="\${() => state.searching ? "loading" : ""}">\${() => state.searching ? "Searching..." : "Search"}</button>
   </form>
-  <p data-summon-show="$s.loading">Searching...</p>
-  <p data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-  <p data-summon-show="$s.empty">No matching results.</p>
-  <ul data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="result">
-    <template>
-      <li>
-        <strong data-summon-bind="$result.title"></strong>
-        <p data-summon-bind="$result.snippet"></p>
-      </li>
-    </template>
-  </ul>
-</div>`,
+  <p>\${() => state.searchError}</p>
+  <p>\${() => state.noResults ? "No matching results." : ""}</p>
+  <ul>\${() => state.results.map((result) => html\`<li><strong>\${result.title}</strong><p>\${result.snippet}</p></li>\`)}</ul>
+\`;`,
         },
       ],
       onStart: ({ query }) => {
@@ -140,10 +149,25 @@ function galleryCapabilityDefinitions(opts: GalleryCapabilityOptions): Capabilit
       patterns: [
         {
           name: 'Save a choice',
-          code: `<button data-summon-on-click="choose" data-summon-args='{"option":"Balanced path"}' data-summon-attr-disabled="choosePending">Save this option</button>
-<p data-summon-show="choosePending">Saving...</p>
-<p data-summon-show="chooseError" data-summon-bind="chooseError"></p>
-<p data-summon-show="lastChoice">Saved: <span data-summon-bind="lastChoice"></span></p>`,
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ choosePending: false, chooseError: "", lastChoice: "" });
+onState((hostState) => {
+  state.choosePending = Boolean(hostState.choosePending);
+  state.chooseError = String(hostState.chooseError ?? "");
+  state.lastChoice = String(hostState.lastChoice ?? "");
+});
+
+async function choose() {
+  await callTool("choose", { option: "Balanced path" });
+}
+
+export default html\`
+  <button @click="\${choose}" class="\${() => state.choosePending ? "loading" : ""}">\${() => state.choosePending ? "Saving..." : "Save this option"}</button>
+  <p>\${() => state.chooseError}</p>
+  <p>\${() => state.lastChoice ? "Saved: " + state.lastChoice : ""}</p>
+\`;`,
         },
       ],
       handler: ({ args, push }) => {
@@ -214,11 +238,29 @@ function galleryCapabilityDefinitions(opts: GalleryCapabilityOptions): Capabilit
       patterns: [
         {
           name: 'Approval-gated refund',
-          code: `<button data-summon-on-click="issue_refund" data-summon-args='{"title":"Refund disputed transaction","amount":"$842.15"}' data-summon-attr-disabled="refundApprovalPending">Request refund approval</button>
-<p data-summon-show="refundApprovalPending">Waiting for host approval...</p>
-<p data-summon-show="refundApprovalDenied">Refund denied by host.</p>
-<p data-summon-show="refundApprovalError" data-summon-bind="refundApprovalError"></p>
-<p data-summon-show="refundIssued">Refund issued: <span data-summon-bind="refundAmount"></span></p>`,
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ refundApprovalPending: false, refundApprovalDenied: false, refundApprovalError: "", refundIssued: false, refundAmount: "" });
+onState((hostState) => {
+  state.refundApprovalPending = Boolean(hostState.refundApprovalPending);
+  state.refundApprovalDenied = Boolean(hostState.refundApprovalDenied);
+  state.refundApprovalError = String(hostState.refundApprovalError ?? "");
+  state.refundIssued = Boolean(hostState.refundIssued);
+  state.refundAmount = String(hostState.refundAmount ?? "");
+});
+
+async function refund() {
+  await callTool("issue_refund", { title: "Refund disputed transaction", amount: "$842.15" });
+}
+
+export default html\`
+  <button @click="\${refund}" class="\${() => state.refundApprovalPending ? "loading" : ""}">Request refund approval</button>
+  <p>\${() => state.refundApprovalPending ? "Waiting for host approval..." : ""}</p>
+  <p>\${() => state.refundApprovalDenied ? "Refund denied by host." : ""}</p>
+  <p>\${() => state.refundApprovalError}</p>
+  <p>\${() => state.refundIssued ? "Refund issued: " + state.refundAmount : ""}</p>
+\`;`,
         },
       ],
       handler: ({ args, approval, push }) => {
@@ -243,18 +285,36 @@ function galleryCapabilityDefinitions(opts: GalleryCapabilityOptions): Capabilit
       patterns: [
         {
           name: 'Background analysis',
-          code: `<div data-summon-resource="analysis" data-summon-resource-as="a">
-  <form data-summon-resource-trigger="submit">
+          code: `import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ analysisLoading: false, analysisResult: null as null | { topic: string; score: number; summary: string }, analysisError: "" });
+onState((hostState) => {
+  state.analysisLoading = Boolean(hostState.analysisLoading);
+  state.analysisResult = hostState.analysisResult as typeof state.analysisResult;
+  state.analysisError = String(hostState.analysisError ?? "");
+});
+
+async function analyze(event: SubmitEvent) {
+  event.preventDefault();
+  const topic = String(new FormData(event.currentTarget as HTMLFormElement).get("topic") ?? "");
+  await callTool("analysis", { topic });
+}
+
+export default html\`
+  <form @submit="\${analyze}">
     <input name="topic" placeholder="Topic">
-    <button data-summon-attr-disabled="$a.loading">Analyze</button>
+    <button class="\${() => state.analysisLoading ? "loading" : ""}">\${() => state.analysisLoading ? "Analyzing..." : "Analyze"}</button>
   </form>
-  <p data-summon-show="$a.loading">Analyzing...</p>
-  <article data-summon-show="$a.data">
-    <strong data-summon-bind="$a.data.topic"></strong>
-    <span data-summon-bind="$a.data.score"></span>
-    <p data-summon-bind="$a.data.summary"></p>
-  </article>
-</div>`,
+  <p>\${() => state.analysisError}</p>
+  \${() => state.analysisResult ? html\`
+    <article>
+      <strong>\${state.analysisResult.topic}</strong>
+      <span>\${state.analysisResult.score}</span>
+      <p>\${state.analysisResult.summary}</p>
+    </article>
+  \` : ""}
+\`;`,
         },
       ],
       onStart: ({ topic }) => {
diff --git a/apps/surface-gallery/tests/gallery-smoke.spec.ts b/apps/surface-gallery/tests/gallery-smoke.spec.ts
index c19f5e6..dcbffc5 100644
--- a/apps/surface-gallery/tests/gallery-smoke.spec.ts
+++ b/apps/surface-gallery/tests/gallery-smoke.spec.ts
@@ -7,6 +7,24 @@ function streamBody(lines: unknown[]): string {
   return `${lines.map((line) => JSON.stringify(line)).join('\n')}\n`;
 }
 
+function arrowArtifact(source: string): object {
+  return {
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': source,
+      },
+    },
+  };
+}
+
+function arrowHtmlArtifact(html: string): object {
+  const source = html.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+  return arrowArtifact(`import { html } from "@arrow-js/core";\nexport default html\`${source}\`;`);
+}
+
 function modelProviderPayload(): object {
   return {
     defaultProvider: 'anthropic',
@@ -26,12 +44,11 @@ function modelProviderPayload(): object {
       defaults: {
         generationModel: 'claude-sonnet-4-6',
         utilityModel: 'claude-haiku-4-5',
-        modelOptions: { maxOutputTokens: 64000, repairMaxOutputTokens: 12000 },
+        modelOptions: { maxOutputTokens: 64000 },
       },
       controls: {
         customModels: true,
         maxOutputTokens: { default: 64000, presets: [12000, 64000] },
-        repairMaxOutputTokens: { default: 12000, presets: [4000, 12000] },
       },
     }],
   };
@@ -76,30 +93,23 @@ async function startProgressiveApiServer(): Promise<Server> {
       await delay(180);
       writeProtocolLine(res, { op: 'meta', path: '/status', value: 'writing' });
       await delay(250);
-      writeProtocolLine(res, { op: 'set', path: '/screen', value: { sections: ['main'] } });
-      writeProtocolLine(res, {
-        op: 'add',
-        path: '/section/main',
-        html: '<article style="padding:24px;font-family:system-ui;"><h1>Drafting surface</h1><p>Gathering the shape.</p></article>',
-      });
+      writeProtocolLine(res, arrowHtmlArtifact(
+        '<article style="padding:24px;font-family:system-ui;"><h1>Drafting surface</h1><p>Gathering the shape.</p></article>',
+      ));
       await delay(900);
-      writeProtocolLine(res, {
-        op: 'add',
-        path: '/section/main',
-        html: '<article style="padding:24px;font-family:system-ui;"><h1>Final answer</h1><p>Ready to inspect.</p></article>',
-      });
+      writeProtocolLine(res, arrowHtmlArtifact(
+        '<article style="padding:24px;font-family:system-ui;"><h1>Final answer</h1><p>Ready to inspect.</p></article>',
+      ));
       writeProtocolLine(res, {
         op: 'meta',
         path: '/stream-graph-summary',
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       });
       res.end();
@@ -148,10 +158,10 @@ test('gallery shows progressive placeholder before final stream replacement', as
 
     const frame = page.frameLocator('#sandbox');
     await expect(frame.locator('h1')).toContainText('Drafting surface');
-    await expect(page.locator('#accepted-count')).toContainText('2');
+    await expect(page.locator('#accepted-count')).toContainText('1');
     await expect(frame.locator('h1')).toContainText('Final answer');
     await expect(frame.locator('text=Drafting surface')).toHaveCount(0);
-    await expect(page.locator('#accepted-count')).toContainText('3');
+    await expect(page.locator('#accepted-count')).toContainText('2');
     await expect(page.locator('#status')).toContainText('done');
     await expect(page.locator('#tab-contract')).toHaveAttribute('aria-selected', 'true');
   } finally {
@@ -187,39 +197,53 @@ test('mocked generation renders and generated host tool requests update host sta
           path: '/surface-plan',
           value: {
             purpose: 'compare',
-            runtime: 'declarative',
+            runtime: 'arrow',
             data: 'embedded',
             authority: 'host-action',
             persistence: 'replayable',
           },
         },
         { op: 'meta', path: '/status', value: 'writing' },
-        { op: 'set', path: '/screen', value: { sections: ['main'] } },
-        {
-          op: 'add',
-          path: '/section/main',
-          html: `
-            <article style="padding:24px;font-family:system-ui;">
-              <h1>Pick a launch path</h1>
-              <button data-summon-on-click="choose" data-summon-args='{"option":"Balanced path"}' data-summon-attr-disabled="choosePending">Save Balanced path</button>
-              <p id="saving" data-summon-show="choosePending">Saving...</p>
-              <p id="save-error" data-summon-show="chooseError" data-summon-bind="chooseError"></p>
-              <p id="saved" data-summon-show="chooseDone">Saved.</p>
-              <p data-summon-show="lastChoice">Saved <span data-summon-bind="lastChoice"></span></p>
-            </article>`,
-        },
+        arrowArtifact(`import { html, reactive } from "@arrow-js/core";
+import { callTool } from "host-bridge:summon";
+
+const state = reactive({ saving: false, saved: false, error: "", lastChoice: "" });
+
+async function saveChoice() {
+  state.saving = true;
+  state.saved = false;
+  state.error = "";
+  const result = await callTool("choose", { option: "Balanced path" });
+  state.saving = false;
+  if (result.ok) {
+    const next = result.state || {};
+    state.saved = true;
+    state.lastChoice = String(next.lastChoice || "Balanced path");
+  } else {
+    state.error = result.error || "Save failed";
+  }
+}
+
+export default html\`
+  <article style="padding:24px;font-family:system-ui;">
+    <h1>Pick a launch path</h1>
+    <button @click="\${saveChoice}">Save Balanced path</button>
+    <p id="saving" style="\${() => state.saving ? "" : "display:none"}">Saving...</p>
+    <p id="save-error" style="\${() => state.error ? "" : "display:none"}">\${() => state.error}</p>
+    <p id="saved" style="\${() => state.saved ? "" : "display:none"}">Saved.</p>
+    <p style="\${() => state.lastChoice ? "" : "display:none"}">Saved <span>\${() => state.lastChoice}</span></p>
+  </article>
+\`;`),
         {
           op: 'meta',
           path: '/stream-graph-summary',
           value: {
             health: {
               complete: true,
-              missingDeclared: [],
               blockedCount: 0,
               skippedCount: 0,
-              repairedCount: 0,
             },
-            sections: [],
+            artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
           },
         },
       ]),
@@ -240,7 +264,7 @@ test('mocked generation renders and generated host tool requests update host sta
     purpose: 'compare',
     grants: ['choose'],
   });
-  expect(captured.capabilities.intents.map((intent: any) => intent.name)).toEqual([
+  expect(captured.tools.tools.map((tool: any) => tool.name)).toEqual([
     'search',
     'choose',
     'publish_summary',
@@ -255,7 +279,7 @@ test('mocked generation renders and generated host tool requests update host sta
   await expect(frame.locator('#saved')).toBeVisible();
   await expect(page.locator('#state-preview')).toContainText('Balanced path');
   await expect(page.locator('#state-preview')).toContainText('chooseDone');
-  await expect(page.locator('#event-log')).toContainText('host dispatch choose');
+  await expect(page.locator('#event-log')).toContainText('host settled choose ok');
 });
 
 test('host search resource renders host-owned empty state', async ({ page }) => {
@@ -293,43 +317,53 @@ test('host search resource renders host-owned empty state', async ({ page }) =>
           path: '/surface-plan',
           value: {
             purpose: 'explore',
-            runtime: 'declarative',
+            runtime: 'arrow',
             data: 'host-resource',
             authority: 'read',
             persistence: 'replayable',
           },
         },
-        { op: 'set', path: '/screen', value: { sections: ['main'] } },
-        {
-          op: 'add',
-          path: '/section/main',
-          html: `
-            <section data-summon-resource="search" data-summon-resource-as="s" style="padding:24px;font-family:system-ui;">
-              <h1>Recipe search</h1>
-              <form data-summon-resource-trigger="submit">
-                <input name="query" value="zzzzzz">
-                <button data-summon-attr-disabled="$s.loading">Search</button>
-              </form>
-              <p id="loading" data-summon-show="$s.loading">Searching...</p>
-              <p id="error" data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-              <p id="empty" data-summon-show="$s.empty">No recipes found.</p>
-              <ul id="results" data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="result">
-                <template><li data-summon-bind="$result.title"></li></template>
-              </ul>
-            </section>`,
-        },
+        arrowArtifact(`import { html, reactive } from "@arrow-js/core";
+import { callTool } from "host-bridge:summon";
+
+const state = reactive({ loading: false, empty: false, error: "" });
+
+async function submitSearch() {
+  state.loading = true;
+  state.empty = false;
+  state.error = "";
+  const result = await callTool("search", { query: "zzzzzz" });
+  state.loading = false;
+  if (result.ok) {
+    const next = result.state || {};
+    state.empty = Boolean(next.noResults);
+  } else {
+    state.error = result.error || "Search failed";
+  }
+}
+
+export default html\`
+  <section style="padding:24px;font-family:system-ui;">
+    <h1>Recipe search</h1>
+    <form @submit="\${submitSearch}">
+      <input name="query" value="zzzzzz">
+      <button>Search</button>
+    </form>
+    <p id="loading" style="\${() => state.loading ? "" : "display:none"}">Searching...</p>
+    <p id="error" style="\${() => state.error ? "" : "display:none"}">\${() => state.error}</p>
+    <p id="empty" style="\${() => state.empty ? "" : "display:none"}">No recipes found.</p>
+  </section>
+\`;`),
         {
           op: 'meta',
           path: '/stream-graph-summary',
           value: {
             health: {
               complete: true,
-              missingDeclared: [],
               blockedCount: 0,
               skippedCount: 0,
-              repairedCount: 0,
             },
-            sections: [],
+            artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
           },
         },
       ]),
@@ -384,39 +418,62 @@ test('approval refund uses host-owned approval card for approve and deny decisio
           path: '/surface-plan',
           value: {
             purpose: 'operate',
-            runtime: 'declarative',
+            runtime: 'arrow',
             data: 'embedded',
             authority: 'approval-gated',
             persistence: 'ephemeral',
           },
         },
-        { op: 'set', path: '/screen', value: { sections: ['main'] } },
-        {
-          op: 'add',
-          path: '/section/main',
-          html: `
-            <article style="padding:24px;font-family:system-ui;">
-              <h1>Refund review</h1>
-              <button data-summon-on-click="issue_refund" data-summon-args='{"title":"Approval smoke","amount":"$842.15"}'>Request refund</button>
-              <p id="waiting" data-summon-show="refundApprovalPending">Waiting for host approval</p>
-              <p id="approved" data-summon-show="refundApprovalApproved">Approved</p>
-              <p id="denied" data-summon-show="refundApprovalDenied">Denied</p>
-              <p id="failed" data-summon-show="refundApprovalError" data-summon-bind="refundApprovalError"></p>
-              <p id="refunded" data-summon-show="refundIssued">Refunded <span data-summon-bind="refundAmount"></span></p>
-            </article>`,
-        },
+        arrowArtifact(`import { html, reactive } from "@arrow-js/core";
+import { callTool } from "host-bridge:summon";
+
+const state = reactive({
+  waiting: false,
+  approved: false,
+  denied: false,
+  failed: "",
+  refunded: false,
+  amount: "",
+});
+
+async function requestRefund() {
+  state.waiting = true;
+  state.approved = false;
+  state.denied = false;
+  state.failed = "";
+  state.refunded = false;
+  state.amount = "";
+  const result = await callTool("issue_refund", { title: "Approval smoke", amount: "$842.15" });
+  const next = result.state || {};
+  state.waiting = false;
+  state.approved = Boolean(next.refundApprovalApproved);
+  state.denied = Boolean(next.refundApprovalDenied);
+  state.refunded = Boolean(next.refundIssued);
+  state.amount = String(next.refundAmount || "");
+  if (!result.ok && !state.denied) state.failed = result.error || "Refund failed";
+}
+
+export default html\`
+  <article style="padding:24px;font-family:system-ui;">
+    <h1>Refund review</h1>
+    <button @click="\${requestRefund}">Request refund</button>
+    <p id="waiting" style="\${() => state.waiting ? "" : "display:none"}">Waiting for host approval</p>
+    <p id="approved" style="\${() => state.approved ? "" : "display:none"}">Approved</p>
+    <p id="denied" style="\${() => state.denied ? "" : "display:none"}">Denied</p>
+    <p id="failed" style="\${() => state.failed ? "" : "display:none"}">\${() => state.failed}</p>
+    <p id="refunded" style="\${() => state.refunded ? "" : "display:none"}">Refunded <span>\${() => state.amount}</span></p>
+  </article>
+\`;`),
         {
           op: 'meta',
           path: '/stream-graph-summary',
           value: {
             health: {
               complete: true,
-              missingDeclared: [],
               blockedCount: 0,
               skippedCount: 0,
-              repairedCount: 0,
             },
-            sections: [],
+            artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
           },
         },
       ]),
@@ -435,7 +492,12 @@ test('approval refund uses host-owned approval card for approve and deny decisio
   });
 
   const frame = page.frameLocator('#sandbox');
-  await frame.getByRole('button', { name: 'Request refund' }).click();
+  const requestRefund = async () => {
+    await frame.getByRole('button', { name: 'Request refund' }).evaluate((button) => {
+      (button as HTMLButtonElement).click();
+    });
+  };
+  await requestRefund();
   await expect(page.locator('[data-approval-card]')).toContainText('Issue refund: Approval smoke');
   await expect(page.locator('[data-approval-card]')).toContainText('card-presentment');
   await expect(frame.locator('#waiting')).toBeVisible();
@@ -448,7 +510,7 @@ test('approval refund uses host-owned approval card for approve and deny decisio
 
   await page.locator('#run').click();
   await expect(page.locator('#status')).toContainText('done');
-  await frame.getByRole('button', { name: 'Request refund' }).click();
+  await requestRefund();
   await expect(page.locator('[data-approval-card]')).toContainText('Issue refund: Approval smoke');
   await page.locator('[data-approval-card]').getByRole('button', { name: 'Deny' }).click();
   await expect(page.locator('[data-approval-card]')).toHaveCount(0);
@@ -482,26 +544,23 @@ test('component island preset renders host overlays and reports invalid props',
           path: '/surface-plan',
           value: {
             purpose: 'review',
-            runtime: 'declarative',
+            runtime: 'arrow',
             data: 'embedded',
             authority: 'host-action',
             persistence: 'replayable',
           },
         },
-        { op: 'set', path: '/screen', value: { sections: ['main'] } },
-        { op: 'add', path: '/section/main', html },
+        arrowHtmlArtifact(html),
         {
           op: 'meta',
           path: '/stream-graph-summary',
           value: {
             health: {
               complete: true,
-              missingDeclared: [],
               blockedCount: 0,
               skippedCount: 0,
-              repairedCount: 0,
             },
-            sections: [],
+            artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
           },
         },
       ]),
@@ -528,6 +587,13 @@ test('component island preset renders host overlays and reports invalid props',
 
 test('gallery loads Ghost root preset and sends Ghost generation payload', async ({ page }) => {
   let captured: any = null;
+  await page.route('**/api/model-providers', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify(modelProviderPayload()),
+    });
+  });
   await page.route('**/api/ghost-roots', async (route) => {
     await route.fulfill({
       status: 200,
@@ -572,21 +638,21 @@ test('gallery loads Ghost root preset and sends Ghost generation payload', async
           path: '/surface-plan',
           value: {
             purpose: 'review',
-            runtime: 'declarative',
+            runtime: 'arrow',
             data: 'embedded',
             authority: 'host-action',
             persistence: 'replayable',
           },
         },
-        { op: 'set', path: '/screen', value: { sections: ['main'] } },
-        { op: 'add', path: '/section/main', html: '<section><h1>Checkout Review</h1></section>' },
+        arrowHtmlArtifact('<section><h1>Checkout Review</h1></section>'),
         {
           op: 'meta',
           path: '/ghost-review-packet',
           value: {
             source: 'root',
             product: 'Checkout',
-            sections: [{ id: 'main', html: '<section><h1>Checkout Review</h1></section>' }],
+            artifactRuntime: 'arrow',
+            artifactFiles: ['main.ts'],
           },
         },
         {
@@ -595,12 +661,10 @@ test('gallery loads Ghost root preset and sends Ghost generation payload', async
           value: {
             health: {
               complete: true,
-              missingDeclared: [],
               blockedCount: 0,
               skippedCount: 0,
-              repairedCount: 0,
             },
-            sections: [],
+            artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
           },
         },
       ]),
diff --git a/docs/adoption/debugging.md b/docs/adoption/debugging.md
index d3a5848..fa4159d 100644
--- a/docs/adoption/debugging.md
+++ b/docs/adoption/debugging.md
@@ -1,6 +1,6 @@
 # Summon Debugging Guide
 
-Summon diagnostics explain why a generated surface failed, why a generated
+Summon diagnostics explain why an Arrow artifact failed, why a generated
 control did nothing, or why host-owned data/components did not appear. Start
 from the symptom, then drill into protocol paths and Devtools events only as
 needed.
@@ -10,23 +10,22 @@ needed.
 Open the **Stream** drawer on `/generate` and check:
 
 - `/error` - server-side generation error or blocked-generation message.
-- `/validation-blocked` - a blocking issue stopped generation or validation
-  retry.
+- `/validation-blocked` - a blocking issue stopped generation.
 - `/validation-summary` - grouped validation issue counts and examples.
-- `/repair-feedback` - model-readable validation retry hints for a rejected
-  section.
-- `/repair-summary` - counts of queued, cancelled, retried, and failed repairs.
+- `/protocol-skip` - a non-fatal raw model line was skipped before the sandbox.
+- `/stream-graph-summary` - final artifact/validation stream diagnostics.
 
 Common fixes:
 
-- `external-url` - inline assets as data URLs or remove the reference.
-- `unsafe-tag` - remove iframe, object, embed, link, meta, or base-like tags.
-- `inline-handler` - use `data-summon-on-*`, `data-summon-set`, or
-  `data-summon-toggle`.
-- `static-script` - remove scripts or choose an interactive surface config.
-- `script-not-granted` / `surface-script-policy-removed` - use declarative
-  `data-summon-*` bindings, local state, and motion primitives instead of
-  generated scripts.
+- `malformed-jsonl` - the model emitted prose, Markdown, or an unsupported
+  protocol op instead of JSONL.
+- `invalid-arrow-artifact` - the `/artifact` value was not an Arrow artifact.
+- `invalid-arrow-entry` - the artifact source did not contain one valid Arrow
+  entrypoint.
+- `unsupported-arrow-idl-binding` / `unsupported-arrow-open-tag-expression` -
+  rewrite the Arrow template to use supported bindings.
+- `arrow-network-not-granted` - remove restricted fetch usage or select a
+  surface config whose host grants that network policy.
 - `surface-policy-*` - fix the host-selected surface config. The compiler
   blocks unknown allowed tools/components and authority above the selected
   surface type before the model is called.
@@ -38,42 +37,23 @@ does not work:
 
 1. Confirm the run is interactive. Read-only surfaces intentionally have no
    allowed host tools.
-2. Confirm the host tool exists in `createCapabilityRegistry(...).toContract()`.
-3. Confirm the generated markup uses an allowed trigger and valid
-   `data-summon-args`.
-4. Check Devtools for `intent-rejected`, `intent-dispatched`,
-   `intent-settled`, and `state-pushed`. The event names still use the runtime
-   term "intent"; read them as host tool requests.
+2. Confirm the host tool exists in `createToolRegistry(...).toContract()`.
+3. Confirm the Arrow code invokes only an allowed tool name.
+4. Check Devtools for `tool-rejected`, `tool-dispatched`,
+   `tool-settled`, and `state-pushed`.
 5. Check the host handler in `PolicyEngine` and the resource's `stateKeys`.
 
 Common fixes:
 
-- `unknown-intent` - use only host tools listed in the Capabilities block.
-- `invalid-args-json` - make `data-summon-args` a valid one-line JSON object.
-- `surface-runtime-exceeded` - use only tools allowed by the compiled safety
-  plan runtime.
+- `unknown-tool` - use only host tools listed in the Tools block.
+- `invalid-args-json` - send a JSON-serializable argument object.
+- `surface-policy-tier-exceeded` - use only tools allowed by the selected
+  `SurfacePolicy` tier.
 - `surface-data-exceeded` - align resource/worker usage with the selected
   surface config.
 - `surface-authority-exceeded` - remove the action or select a config that
   carries the needed authority, such as `approval-gated`.
 
-## Host Tool Returned No Visible Data
-
-Data resources must render loading, error, and data states. If the host handler
-runs but the surface looks empty:
-
-1. Confirm `defineDataResource` has `defaultData` that matches `resultSchema`.
-2. Confirm `stateKeys.loading`, `stateKeys.data`, and `stateKeys.error` are all
-   present.
-3. Confirm generated markup includes visible loading, error, and data bindings.
-4. Trigger the resource and inspect `state-pushed` for the resource state patch.
-
-Common fixes:
-
-- `resource-loading-not-rendered` - render a visible loading binding.
-- `resource-error-not-rendered` - render a visible error binding.
-- `resource-data-not-rendered` - render a visible data binding or foreach.
-
 ## Trusted Component Did Not Appear
 
 Trusted host components render as host overlays. If a component placeholder
@@ -81,30 +61,16 @@ remains visible or nothing appears:
 
 1. Confirm the host registered the component and passed
    `componentRegistry.toContract().pack` into generation.
-2. Confirm replay data includes compatible component allowlists for the same host
-   registry.
+2. Confirm replay data includes compatible component allowlists for the same
+   host registry.
 3. Check the Stream drawer for `unknown-component`,
    `component-props-invalid`, `nested-component`, and compiled safety plan
    issues.
 4. Check Devtools for `component-sync` followed by `component-error`.
 5. Use the `component-error` code to narrow the fix: `bounds-invalid` means the
    placeholder has empty/offscreen/oversized bounds, `props-invalid` means Zod
-   rejected the props, and `registry-missing` means replay has component allowlists
-   but the host did not provide a compatible registry.
-6. Confirm host-side Zod validation accepts the props before looking at the
-   component renderer.
-
-Common fixes:
-
-- `unknown-component` - use only names from the Components prompt block.
-- `component-missing-name` - remove stray component id/props attributes or add
-  `data-summon-component`.
-- `component-id-missing` / `component-id-invalid` / `component-id-duplicate` -
-  give every placeholder one stable, unique id such as `revenue-card`.
-- `component-props-missing` / `component-props-invalid` - make
-  `data-summon-props` a valid one-line JSON object.
-- `nested-component` - keep component placeholders as siblings in the freeform
-  layout; do not put one placeholder inside another.
+   rejected the props, and `registry-missing` means replay has component
+   allowlists but the host did not provide a compatible registry.
 
 ## Sandbox Safety Looks Suspect
 
@@ -116,97 +82,97 @@ Common fixes:
    still pass.
 5. Inspect `spawnSandbox` before changing iframe sandbox attributes or CSP.
 
+## Surface Stayed Blank
+
+If the Stream drawer shows an accepted Arrow `/artifact` but the iframe stays
+blank:
+
+1. Check Devtools for `render`. That means the host sent the accepted artifact
+   to the iframe.
+2. Check Devtools for `rendered`. That means the iframe waited for Arrow's
+   runtime mount, applied bindings/component measurement, and acknowledged the
+   mounted revision.
+3. If `render` appears without `rendered`, inspect `sandbox-fatal` and browser
+   console errors. The failure is in iframe bootstrap, Arrow runtime mount, or
+   CSP.
+4. If `rendered` appears but the UI is not visible, inspect component errors,
+   layout constraints, and artifact CSS.
+
 ## Advanced Diagnostic Layers
 
-These names are useful when maintaining Summon or writing a deeper adapter:
-
-1. **Protocol parsing** - `parseProtocolLine` accepts only JSONL protocol
-   records. Bad raw lines become client-side `protocol-parse-error` events.
-2. **Contract validation** - unsafe tags, external URLs, inline handlers,
-   unknown host tool requests, bad args JSON, missing resource states, token
-   drift, and layout violations become `ContractIssue` records.
-3. **Validation retry feedback** - retryable section failures can emit
-   `/repair-feedback` and later `/repair-summary`.
-4. **Stream diagnostics** - `StreamGraph` tracks declared, present, skipped,
-   blocked, repaired, and missing sections.
-5. **Host dispatch** - `PolicyEngine` validates args, runs host handlers, emits
+1. **Protocol parsing** - `parseProtocolLine` accepts only JSONL `meta` and
+   Arrow `/artifact` records. Bad raw lines become client-side
+   `protocol-parse-error` events or server `/protocol-skip` meta.
+2. **Artifact validation** - malformed Arrow source, unsupported bindings,
+   host-owned meta paths, token drift, and surface-plan violations become
+   `ContractIssue` records.
+3. **Stream diagnostics** - `StreamGraph` tracks Arrow artifact revisions plus
+   skipped and blocked counts.
+4. **Host dispatch** - `PolicyEngine` validates args, runs host handlers, emits
    state patches, and reports handler errors.
-6. **Trusted component overlays** - the sandbox reports placeholder bounds, then
+5. **Trusted component overlays** - the sandbox reports placeholder bounds, then
    the host validates registered component names and props before rendering
    overlay DOM.
-7. **Sandbox boundary** - `spawnSandbox` keeps the iframe null-origin and emits
+6. **Sandbox boundary** - `spawnSandbox` keeps the iframe null-origin and emits
    fatal or rejection signals when the boundary is misconfigured or abused.
 
 ## Stream Meta Lines
 
 | Path | Meaning |
 | --- | --- |
-| `/agent-intent` | Broker-advisory intent inferred from the prompt before host policy narrowing. |
-| `/agent-policy-resolution` | Brokered proposed/effective surface config, host policy source, intent source, and rejected tools/components. |
+| `/agent-goal` | Broker-advisory goal inferred from the prompt before host policy narrowing. |
+| `/agent-policy-resolution` | Brokered proposed/effective surface config, host policy source, goal source, and rejected tools/components. |
 | `/surface-policy` | Host-owned public surface config selected for this run. |
 | `/surface-plan` | Host-owned compiled safety plan selected for this run. |
 | `/surface-contract` | Host-owned compact view of the selected policy, narrowed tools/resources, trusted components, optional layout, and compile issues. |
 | `/shape` | Optional server-inferred response shape used to narrow direction exemplars. |
 | `/token-overrides` | Resolved direction token overrides, including applied and rejected entries. |
 | `/validation-summary` | Final grouped `ContractIssue` counts and examples. |
-| `/validation-blocked` | A blocking issue stopped generation or validation retry. |
-| `/repair-feedback` | A rejected section received model-readable retry hints. |
-| `/repair-summary` | Counts of queued, cancelled, retried, and failed repairs. |
+| `/validation-blocked` | A blocking issue stopped generation. |
 | `/stream-graph-summary` | Final `StreamGraph.snapshot()` for the server stream. |
 | `/protocol-skip` | A non-fatal line was skipped before reaching the sandbox. |
-| `/screen-synthesized` | The server synthesized screen structure from sections. |
 | `/mode-upgraded` | The server upgraded static generation to interactive mode. |
 | `/error` | Server-side generation error or blocked-generation message. |
 
 ## Progressive Rendering
 
 Summon streams at complete JSONL protocol-line granularity. It does not render
-raw model tokens or partial HTML. For json-render-like perceived streaming, the
-model should emit `set /screen` early, then cheap placeholder
-`add /section/:id` lines, then later `add /section/:id` lines with final HTML
-for the same stable ids. The client treats later accepted section lines as
-replacements, so hosts that want progressive interactive rendering can pass
-`renderMode: "live"` to `consumeSurfaceStream`.
+raw model tokens or partial source. Progressive perceived rendering comes from
+emitting newer complete Arrow `/artifact` revisions. The host renders each
+accepted revision with `renderArtifact()`.
 
 ## Devtools Events
 
 The generate demo records a per-run `EventStore`. Open the **Devtools** drawer
 and look for:
 
-- `protocol-line` - accepted protocol records after parsing.
+- `protocol-line` - accepted `meta` or `artifact` records after parsing.
 - `protocol-parse-error` - raw model output that was not valid JSONL.
 - `sandbox-ready` - the iframe booted and can receive state or renders.
-- `render` - accepted HTML was sent to the sandbox.
-- `intent-emitted` - generated UI emitted an allowed host tool request.
-- `intent-rejected` - generated UI tried an unknown or malformed request.
-- `intent-dispatched` / `intent-settled` - `PolicyEngine` ran a host handler.
+- `render` - an accepted Arrow artifact was sent to the sandbox.
+- `rendered` - the sandbox finished mounting that Arrow artifact revision.
+- `tool-called` - generated UI emitted an allowed host tool request.
+- `tool-rejected` - generated UI tried an unknown or malformed request.
+- `tool-dispatched` / `tool-settled` - `PolicyEngine` ran a host handler.
 - `state-pushed` - host state changed and was pushed back to the sandbox.
 - `component-sync` - the sandbox reported the current component placeholders
-  with measured bounds. The sandbox resyncs after render, state binding,
-  foreach stamping, iframe scroll, nested scroll, resize, and observed
-  placeholder size changes.
+  with measured bounds.
 - `component-error` - the host rejected or unmounted a component overlay because
-  the name, props, bounds, or registry compatibility failed. The event includes
-  a stable code such as `bounds-invalid`, `unknown-component`, `props-invalid`,
-  or `registry-missing`.
+  the name, props, bounds, or registry compatibility failed.
 - `surface-contract` - host-owned compact contract view emitted by the server
   for policy-backed generations.
 - `surface-plan` - host-owned compiled safety plan.
-- `stream-graph` - client-side stream diagnostics from `StreamGraph.snapshot()`.
+- `stream-graph` - client-side artifact diagnostics from
+  `StreamGraph.snapshot()`.
 - `sandbox-fatal` - bootstrap detected an unsafe sandbox configuration.
 
-Healthy interactive policy-backed runs usually show `surface-plan`,
-`surface-contract`, `protocol-line`, `render`, `component-sync`,
-`intent-emitted`, `intent-dispatched`, `state-pushed`, and `stream-graph` in
-that order after the user interacts with a component-backed UI.
-
 ## Reading Contract Issues
 
 `ContractIssue` has this shape:
 
 ```ts
 interface ContractIssue {
-  source: 'protocol' | 'html' | 'token' | 'direction' | 'capability' | 'layout' | 'edit' | 'repair' | 'system';
+  source: 'protocol' | 'arrow' | 'token' | 'direction' | 'tool' | 'layout' | 'system';
   severity: 'block' | 'warn';
   code: string;
   message: string;
@@ -223,14 +189,11 @@ agent.
 `StreamGraph` is observe-only. It does not change runtime behavior; it explains
 what happened.
 
-Healthy sections are both declared and present. Watch these health counters:
+Watch these health counters:
 
-- `complete` - every declared section is present and no blocked section exists.
-- `missingDeclared` - the model declared a section but never supplied it.
-- `undeclaredPresent` - the model supplied a section not declared in `/screen`.
-- `skippedCount` - lines were skipped by the hardener.
+- `complete` - no blocking validation issue was recorded.
+- `skippedCount` - raw lines were skipped by parser/hardener.
 - `blockedCount` - blocking validation issues were recorded.
-- `repairedCount` - sections were accepted after validation retry feedback.
 
 Server streams end with `/stream-graph-summary`. The demo client also emits
-live `stream-graph` events after section updates and final render.
+live `stream-graph` events after accepted artifact revisions.
diff --git a/docs/adoption/integration.md b/docs/adoption/integration.md
index 29e6daa..0840eb3 100644
--- a/docs/adoption/integration.md
+++ b/docs/adoption/integration.md
@@ -9,7 +9,7 @@ Use this when wiring Summon into a host app or server. The product model is:
 5. Render it in the sandbox.
 6. Inspect diagnostics when needed.
 
-The TypeScript APIs still use precise runtime names such as capability,
+The TypeScript APIs still use precise runtime names such as tool,
 `SurfacePolicy`, and `PolicyEngine`. In adopter-facing prose, think of them as
 host tools, surface config, and host dispatch.
 
@@ -22,13 +22,13 @@ receives only a description of the tool.
 ```ts
 import { z } from 'zod';
 import {
-  createCapabilityRegistry,
+  createToolRegistry,
   defineAction,
   defineApprovalAction,
   defineDataResource,
 } from '@anarchitecture/summon';
 
-const registry = createCapabilityRegistry([
+const registry = createToolRegistry([
   defineAction({
     name: 'choose_recipe',
     description: 'Remember the recipe the user picked.',
@@ -64,11 +64,11 @@ const registry = createCapabilityRegistry([
   }),
 ]);
 
-const capabilityContract = registry.toContract();
+const toolContract = registry.toContract();
 ```
 
-`capabilityContract.pack` is model-facing. `capabilityContract.validationCapabilities`
-and `capabilityContract.initialState` are runtime-facing.
+`toolContract.pack` is model-facing. `toolContract.validationTools`
+and `toolContract.initialState` are runtime-facing.
 
 Data resources can expose a host-owned empty state when "no results" is a
 merchant-facing condition. Add `stateKeys.empty` and, when array length is not
@@ -191,8 +191,9 @@ safety details, but it cannot widen what the host allowed.
 ### Agent-Driven Configs
 
 When a user is talking to an agent or another harness, the user should not need
-to choose Summon tiers, grants, script policy, or surface plans. Use the server
-broker to translate the prompt into a bounded host-owned config:
+to choose Summon tiers, grants, or surface plans. Generated artifacts always run
+through the Arrow sandbox; hosts grant tools through policy. Use the
+server broker to translate the prompt into a bounded host-owned config:
 
 ```ts
 import { runAgentSurfaceGeneration } from '@anarchitecture/summon-server';
@@ -200,7 +201,7 @@ import { runAgentSurfaceGeneration } from '@anarchitecture/summon-server';
 await runAgentSurfaceGeneration({
   prompt,
   modelProvider,
-  capabilities: capabilityContract.pack,
+  tools: toolContract.pack,
   components: componentContract.pack,
   hostPolicyResolver: ({ proposedSurfacePolicy }) => {
     return productPolicy.narrow(proposedSurfacePolicy);
@@ -208,13 +209,13 @@ await runAgentSurfaceGeneration({
 }, emit);
 ```
 
-The broker emits `/agent-intent` and `/agent-policy-resolution` diagnostics,
-including whether the intent came from a provided value, model classifier, or
+The broker emits `/agent-goal` and `/agent-policy-resolution` diagnostics,
+including whether the goal came from a provided value, model classifier, or
 deterministic fallback. Generation then continues through the normal
 `/surface-policy`, `/surface-plan`, and `/surface-contract` path.
-`SurfaceIntent` is an experimental planning shape, not an authority contract.
-The inferred intent is advisory: the host resolver and `compileSurfacePolicy()`
-still decide which tools, components, runtime, and approval paths are actually
+`SurfaceGoal` is an experimental planning shape, not an authority contract.
+The inferred goal is advisory: the host resolver and `compileSurfacePolicy()`
+still decide which tools, components, data, authority, and approval paths are actually
 available.
 
 ### Surface Contract View
@@ -226,7 +227,8 @@ this generated surface do?"
 
 The view includes:
 
-- The normalized host policy, compiled `SurfacePlan`, mode, and script policy.
+- The normalized host policy, compiled `SurfacePlan`, and derived static or
+  interactive mode.
 - Narrowed host tools/resources, including triggers, schemas, state keys, result
   schema, and surface data/authority.
 - Narrowed trusted components, including prop schema, sizing, and surface
@@ -243,7 +245,7 @@ schema and it is not an authority source. Enforcement still lives in
 
 The generation server should use `@anarchitecture/summon-server` for the
 repeatable lifecycle: assemble prompts, apply the surface config, validate
-streamed JSONL, optionally retry invalid sections, and emit diagnostics.
+streamed JSONL, accept only Arrow artifacts, and emit diagnostics.
 
 ```ts
 import {
@@ -265,7 +267,7 @@ await runSurfaceGeneration({
   layout,
   // Full host tool/component catalog. Summon narrows it from the surface config
   // before constructing model-facing and validation contracts.
-  capabilities: capabilityContract.pack,
+  tools: toolContract.pack,
   components: componentContract.pack,
   activeTokensCss: direction?.tokensCss ?? null,
   preludeLines: [
@@ -283,11 +285,6 @@ this order before model-authored output:
 2. `/surface-plan` - the compiled safety plan.
 3. `/surface-contract` - the compact derived `SurfaceContractView`.
 
-To enable validation retries, pass
-`repair: { enabled: true, provider, maxAttempts, maxTargets }`. The provider
-receives the compiled prompt blocks and a single replacement prompt; return one
-replacement JSONL line for the same section path.
-
 ## 5. Render In The Sandbox
 
 The client should let `@anarchitecture/summon` own chunk decoding, protocol
@@ -309,14 +306,14 @@ import {
 } from '@anarchitecture/summon/assets';
 
 const compiledPolicy = compileSurfacePolicy(surfacePolicy, {
-  capabilities: capabilityContract.pack,
+  tools: toolContract.pack,
   components: componentContract.pack,
 });
 
 let sandbox: SandboxHandle | null = null;
-const grantedCapabilities = capabilityContract.validationCapabilities;
+const validationTools = toolContract.validationTools;
 const policy = new PolicyEngine({
-  initialState: capabilityContract.initialState,
+  initialState: toolContract.initialState,
   handlers: registry.toPolicyHandlers(),
   onStateChange: (state) => sandbox?.pushState(state),
 });
@@ -329,24 +326,23 @@ const islands = createComponentIslandRegistry({
 sandbox = spawnSandbox({
   iframe,
   artifact: {
-    html: '',
-    intents: policy.intents,
-    capabilities: grantedCapabilities,
+    tools: policy.tools,
+    validationTools: validationTools,
     components: componentContract.validationComponents,
     initialState: policy.getState(),
   },
-  grantedIntents: policy.intents,
-  grantedCapabilities,
+  grantedTools: policy.tools,
+  validationTools,
   bootstrapSource,
   tokensSource,
-  onIntent: (intent, args) => {
-    void policy.dispatch(intent, args);
+  onToolCall: (tool, args) => {
+    void policy.dispatch(tool, args);
   },
   onComponents: (components, sandboxId) => {
     islands.sync(components, {
       sandboxId,
-      emitIntent: (intent, args = {}) => {
-        void policy.dispatch(intent, args);
+      callTool: (tool, args = {}) => {
+        void policy.dispatch(tool, args);
       },
     });
   },
@@ -357,7 +353,7 @@ const response = await fetch('/api/generate', {
   body: JSON.stringify({
     prompt,
     surfacePolicy,
-    capabilities: capabilityContract.pack,
+    tools: toolContract.pack,
     components: componentContract.pack,
   }),
 });
@@ -367,12 +363,18 @@ await consumeSurfaceStream(response.body!, {
   onMeta: (line) => {
     if (line.path === '/status') renderStatus(String(line.value));
     if (line.path === '/surface-contract') renderContractSummary(line.value);
+    if (line.path === '/protocol-skip') renderSkippedLine(line.value);
   },
   onGraph: (snapshot) => {
-    events.push({ kind: 'stream-graph', at: Date.now(), health: snapshot.health });
+    events.push({
+      kind: 'stream-graph',
+      at: Date.now(),
+      health: snapshot.health,
+      artifacts: snapshot.artifacts,
+    });
   },
-  onRenderHtml: (html) => {
-    sandbox?.render(html);
+  onArtifact: (artifact) => {
+    sandbox?.renderArtifact(artifact);
   },
 });
 ```
@@ -380,32 +382,59 @@ await consumeSurfaceStream(response.body!, {
 This preserves the main invariant: the sandbox may request only host-allowed
 tool names, and handlers run only after schema validation in the host.
 
-Generated data-resource UI should use safe `data-summon-*` bindings instead of
-inline handlers:
-
-```html
-<form data-summon-resource="search" data-summon-resource-trigger="submit">
-  <input name="query" placeholder="Search recipes" />
-  <button type="submit">Search</button>
-  <p data-summon-show="$search.loading">Searching...</p>
-  <p data-summon-show="$search.error" data-summon-text="$search.error"></p>
-  <ul data-summon-foreach="$search.data">
-    <li>
-      <span data-summon-text="$item.title"></span>
-      <span data-summon-text="$item.timeMinutes"></span>
-    </li>
-  </ul>
-</form>
+`renderArtifact()` queues a `SUMMON_RENDER` message to the iframe. The sandbox
+then waits for Arrow's runtime mount, runs component placeholder measurement,
+and posts `SUMMON_RENDERED`. Devtools records `render` when the
+host sends an accepted artifact and `rendered` when the iframe has actually
+mounted it. If the Stream drawer shows an accepted `/artifact` but the surface
+is blank, check those Devtools events before changing sandbox code.
+
+Generated data-resource UI should callTool host tools through the Arrow host
+bridge and render state returned by the host:
+
+```ts
+import { html, reactive } from '@arrow-js/core';
+import { getState, callTool, onState } from 'host-bridge:summon';
+
+const state = reactive({ loading: false, results: [], error: '' });
+
+function syncHostState(hostState: Record<string, unknown>) {
+  state.loading = Boolean(hostState.searching);
+  state.error = String(hostState.searchError ?? '');
+  state.results = Array.isArray(hostState.results) ? hostState.results : [];
+}
+
+syncHostState(await getState());
+onState(syncHostState);
+
+async function search(event: Event) {
+  event.preventDefault();
+  const result = await callTool('search', { query: 'recipes' });
+  if (result.ok) syncHostState(result.state);
+  else state.error = result.error ?? 'Search failed';
+}
+
+export default html`
+  <form @submit="${search}">
+    <button>Search</button>
+    <p>${() => state.loading ? 'Searching...' : ''}</p>
+    <p>${() => state.error}</p>
+    <ul>${() => state.results.map((item) => html`<li>${item.title}</li>`)}</ul>
+  </form>
+`;
 ```
 
-Trusted component placeholders follow the same declarative pattern:
+Trusted component placeholders are still DOM placeholders inside the Arrow
+artifact:
 
-```html
-<div
-  data-summon-component="MetricCard"
-  data-summon-component-id="revenue"
-  data-summon-props='{"label":"Revenue","value":"$284,120","delta":"+3.2%"}'
-></div>
+```ts
+export default html`
+  <div
+    data-summon-component="MetricCard"
+    data-summon-component-id="revenue"
+    data-summon-props='{"label":"Revenue","value":"$284,120","delta":"+3.2%"}'
+  ></div>
+`;
 ```
 
 ## 6. Inspect Diagnostics
@@ -414,7 +443,7 @@ Diagnostics are for failures and maintainer investigation, not the first thing
 an adopter needs to learn.
 
 - If generation fails, inspect `/error`, `/validation-summary`,
-  `/validation-blocked`, and validation retry feedback in the Stream drawer.
+  `/validation-blocked`, and `/protocol-skip` in the Stream drawer.
 - If a generated control does nothing, inspect Devtools for rejected host tool
   requests, host dispatch, handler completion, and pushed state.
 - If trusted components do not appear, inspect component sync and component
diff --git a/docs/adoption/package-consumption.md b/docs/adoption/package-consumption.md
index d94869c..87e0ddc 100644
--- a/docs/adoption/package-consumption.md
+++ b/docs/adoption/package-consumption.md
@@ -1,12 +1,7 @@
 # Summon Package Consumption
 
-Summon V1 is consumed as built public packages. Do not import `src/*.ts` paths
-or `@summon-internal/*` packages from applications.
-
-For package boundary rationale, see
-[Public Packaging Plan](public-packaging.md).
-
-Use the public packages by install environment:
+Summon is consumed as built public packages. Do not import `src/*.ts` paths or
+`@summon-internal/*` packages from applications.
 
 ```txt
 @anarchitecture/summon
@@ -20,32 +15,37 @@ configs, and dispatching host-owned requests. Use explicit subpaths when you
 need lower-level browser, engine, host, policy, envelope, assets, or Devtools
 APIs:
 
-- `@anarchitecture/summon/browser` for sandbox spawning, stream consumption,
-  trusted component overlays, and strict input.
-- `@anarchitecture/summon/engine` for advanced protocol, validation, prompt
-  contract, stream diagnostic, and hardening APIs.
+- `@anarchitecture/summon/browser` for sandbox spawning, Arrow stream
+  consumption, trusted component overlays, and strict input.
+- `@anarchitecture/summon/engine` for protocol, validation, prompt contract,
+  stream diagnostic, and hardening APIs.
 - `@anarchitecture/summon/host` for adapter authors who need the full host
   runtime surface.
 
 ## React Hosts
 
-```ts
+```tsx
 import { SummonSurface, defineReactComponent } from '@anarchitecture/summon-react';
-import { createCapabilityRegistry, defineAction } from '@anarchitecture/summon';
-import { tokensSource } from '@anarchitecture/summon/assets';
+import { createComponentRegistry } from '@anarchitecture/summon';
+
+<SummonSurface
+  envelope={savedEnvelope}
+  toolRegistry={toolRegistry}
+  componentRegistry={componentRegistry}
+/>;
 ```
 
-`SummonSurface` accepts a replay envelope or direct `html` / `protocolLines`.
-Pass a host-owned `capabilityRegistry`; generated declarations are advisory and
-are never executable permission. Trusted host component overlays require the
-host app to provide `react-dom` as a peer dependency.
+`SummonSurface` renders replay envelopes or Arrow artifacts. Generated
+declarations are advisory and are never executable permission. Trusted host
+component overlays require the host app to provide `react-dom` as a peer
+dependency.
 
 React hosts can register trusted host components:
 
 ```tsx
 import { z } from 'zod';
 import { createComponentRegistry } from '@anarchitecture/summon';
-import { SummonSurface, defineReactComponent } from '@anarchitecture/summon-react';
+import { defineReactComponent } from '@anarchitecture/summon-react';
 
 const componentRegistry = createComponentRegistry([
   defineReactComponent({
@@ -59,43 +59,20 @@ const componentRegistry = createComponentRegistry([
     component: MetricCard,
   }),
 ]);
-
-<SummonSurface
-  html={html}
-  componentRegistry={componentRegistry}
-/>;
 ```
 
 Pass `componentRegistry.toContract().pack` to generation when requesting the
 surface. The React component renders in host DOM as an overlay, not inside the
 sandbox iframe.
 
-When a React component needs to request a host-owned action, map the runtime
-context into explicit component props:
-
-```tsx
-defineReactComponent({
-  name: 'ApprovalStatus',
-  description: 'Approval state with a host-owned action.',
-  propsSchema: approvalStatusSchema,
-  component: ApprovalStatus,
-  mapProps: (props, { emitIntent }) => ({
-    ...props,
-    onApprove: () => emitIntent('choose', { id: props.id }),
-  }),
-});
-```
-
 ## Frameworkless Hosts
 
 ```ts
 import {
-  compileArtifactHtml,
   compileSurfaceContractView,
   compileSurfacePolicy,
   createComponentRegistry,
   defineComponent,
-  type SurfaceContractView,
 } from '@anarchitecture/summon';
 import {
   consumeSurfaceStream,
@@ -104,44 +81,24 @@ import {
   type SandboxHandle,
 } from '@anarchitecture/summon/browser';
 import { PolicyEngine } from '@anarchitecture/summon/policy';
-import {
-  bootstrapSource,
-  tokensSource,
-} from '@anarchitecture/summon/assets';
+import { bootstrapSource, tokensSource } from '@anarchitecture/summon/assets';
 ```
 
-Use `consumeSurfaceStream()` to decode streamed chunks, parse accepted protocol
-lines, compile generated HTML when validation context is available, maintain
-generated HTML, update stream diagnostics, and render through the sandbox
-handle. Spawn the iframe with allowed host tools from host-owned contracts.
+Use `consumeSurfaceStream()` to decode streamed chunks, parse accepted JSONL,
+validate Arrow artifacts, update stream diagnostics, and render through the
+sandbox handle. The only generated surface payload is:
 
-`compileSurfacePolicy(surfacePolicy, catalogs)` gives the client the stream
-mode and narrowed contracts that the server will enforce. Generation authority
-comes from the explicit surface config the host submits.
+```json
+{"op":"artifact","path":"/artifact","value":{"runtime":"arrow","source":{"main.ts":"..."}}}
+```
 
-`compileSurfaceContractView(surfacePolicy, catalogs)` returns the same
-policy-derived compact view that the server emits as `/surface-contract` for
-policy-backed runs. Use it for previews, Devtools panels, and replay summaries;
-do not use it as an enforcement source.
+Spawn the iframe with host-owned contracts:
 
 ```ts
-const componentRegistry = createComponentRegistry([
-  defineComponent({
-    name: 'MetricCard',
-    description: 'Compact KPI card.',
-    propsSchema,
-    render: ({ container, props }) => {
-      container.replaceChildren(renderMetricCard(props));
-    },
-  }),
-]);
-
-const componentContract = componentRegistry.toContract();
 const compiledPolicy = compileSurfacePolicy(surfacePolicy, {
-  capabilities: capabilityContract.pack,
+  tools: toolContract.pack,
   components: componentContract.pack,
 });
-const grantedCapabilities = capabilityContract.validationCapabilities;
 
 let handle: SandboxHandle | null = null;
 const islands = createComponentIslandRegistry({
@@ -153,34 +110,24 @@ const policy = new PolicyEngine({
   handlers,
   onStateChange: (state) => handle?.pushState(state),
 });
-const validationContext = {
-  mode: compiledPolicy.mode,
-  scriptPolicy: compiledPolicy.scriptPolicy,
-  allowedIntents: policy.intents,
-  capabilities: grantedCapabilities,
-  components: componentContract.validationComponents,
-  surfacePlan: compiledPolicy.surfacePlan,
-};
-const blankHtml = compileArtifactHtml('', validationContext).html;
 
 handle = spawnSandbox({
   iframe,
   artifact: {
-    html: blankHtml,
-    intents: policy.intents,
-    capabilities: grantedCapabilities,
+    tools: policy.tools,
+    validationTools: toolContract.validationTools,
     components: componentContract.validationComponents,
     initialState: policy.getState(),
   },
-  grantedIntents: policy.intents,
-  grantedCapabilities,
+  grantedTools: policy.tools,
+  validationTools: toolContract.validationTools,
   bootstrapSource,
   tokensSource,
-  onIntent: (intent, args) => void policy.dispatch(intent, args),
+  onToolCall: (tool, args) => void policy.dispatch(tool, args),
   onComponents: (components, sandboxId) => {
     islands.sync(components, {
       sandboxId,
-      emitIntent: (intent, args = {}) => void policy.dispatch(intent, args),
+      callTool: (tool, args = {}) => void policy.dispatch(tool, args),
     });
   },
 });
@@ -190,18 +137,29 @@ const response = await fetch('/api/generate', {
   body: JSON.stringify({
     prompt,
     surfacePolicy,
-    capabilities: capabilityContract.pack,
+    tools: toolContract.pack,
     components: componentContract.pack,
   }),
 });
 
 await consumeSurfaceStream(response.body!, {
   mode: compiledPolicy.mode,
-  validationContext,
-  onRenderHtml: (html) => handle?.render(html),
+  validationContext: {
+    mode: compiledPolicy.mode,
+    allowedTools: policy.tools,
+    tools: toolContract.validationTools,
+    components: componentContract.validationComponents,
+    surfacePlan: compiledPolicy.surfacePlan,
+  },
+  onArtifact: (artifact) => handle?.renderArtifact(artifact),
 });
 ```
 
+`compileSurfaceContractView(surfacePolicy, catalogs)` returns the same
+policy-derived compact view that the server emits as `/surface-contract` for
+policy-backed runs. Use it for previews, Devtools panels, and replay summaries;
+do not use it as an enforcement source.
+
 ## Generation Servers
 
 ```ts
@@ -214,39 +172,14 @@ import {
 
 `runSurfaceGeneration()` is provider-neutral. The provider receives compiled
 prompt blocks and returns text chunks. The runner applies the surface config,
-validates streamed JSONL, optionally runs targeted validation retries, emits
-accepted Summon lines and diagnostics, and returns a replay summary.
-
-`generateSurfaceStream()` remains available for existing integrations that
-consume an async generator, but new servers should prefer
-`runSurfaceGeneration(input, emit)`.
+hardens streamed JSONL, emits accepted Arrow lines and diagnostics, and returns
+a replay summary.
 
 For agent-driven hosts, use `runAgentSurfaceGeneration(input, emit)` when the
-end user should not choose Summon-specific configs. The harness supplies the
-prompt, model provider, host tool catalog, trusted component catalog, and any
-host policy resolver. The broker converts the prompt to an advisory
-`SurfaceIntent`, proposes a `SurfacePolicy`, narrows it through host-owned
-policy, then calls the same `runSurfaceGeneration()` lifecycle.
-
-```ts
-await runAgentSurfaceGeneration({
-  prompt,
-  modelProvider,
-  capabilities: capabilityContract.pack,
-  components: componentContract.pack,
-  hostPolicyResolver: ({ proposedSurfacePolicy }) => {
-    return productPolicy.narrow(proposedSurfacePolicy);
-  },
-}, (line) => {
-  response.write(`${JSON.stringify(line)}\n`);
-});
-```
-
-The intent converter can use rules, a model-assisted `intentModel`, or a custom
-`intentProvider`. `SurfaceIntent` is experimental and advisory; its output is
-never authority. The host resolver and `compileSurfacePolicy()` still decide
-which host tools, components, runtime, and approval paths are actually
-available.
+end user should not choose Summon-specific configs. The broker converts the
+prompt to an advisory `SurfaceGoal`, proposes a `SurfacePolicy`, narrows it
+through host-owned policy, then calls the same `runSurfaceGeneration()`
+lifecycle.
 
 ## Package Gate
 
diff --git a/docs/adoption/public-packaging.md b/docs/adoption/public-packaging.md
index d34a0af..71d0c00 100644
--- a/docs/adoption/public-packaging.md
+++ b/docs/adoption/public-packaging.md
@@ -35,9 +35,10 @@ contracts, stream diagnostics, and hardening. Use `/host` only when writing
 adapters that need the full host runtime surface.
 
 `@anarchitecture/summon-server` is the provider-neutral generation package. It
-owns `runSurfaceGeneration`, prompt/contract assembly, validation retry
-feedback, summary helpers, and model-provider interfaces. It may depend on the
-core package but should not pull in browser or React peers.
+owns `runSurfaceGeneration`, prompt/contract assembly, Arrow protocol
+hardening, validation summaries, summary helpers, and model-provider
+interfaces. It may depend on the core package but should not pull in browser or
+React peers.
 
 `@anarchitecture/summon-react` is the React adapter. It owns `SummonSurface`,
 `defineReactComponent`, and trusted component overlay lifecycle. It depends on
diff --git a/docs/adoption/quickstart.md b/docs/adoption/quickstart.md
index 701666c..381876e 100644
--- a/docs/adoption/quickstart.md
+++ b/docs/adoption/quickstart.md
@@ -42,16 +42,16 @@ Open `http://localhost:5173/generate`.
 
 The Generate workbench runs showcase prompts through the agent broker by
 default, then keeps maintainer controls visible: stream diagnostics, Devtools,
-validation retry, edit/replay, custom SurfacePlan overrides, directions, and
-Ghost fingerprint steering internals. The custom Surface Config panel is the explicit
-manual override path.
+validation summaries, replay, custom SurfacePlan overrides, directions, and
+Ghost fingerprint steering internals. The custom Surface Config panel is the
+explicit manual override path.
 
 ## Run A Ghost Sandbox
 
 The Surface Gallery and Generate workbench both add Ghost-backed sandbox presets
 when trusted roots are configured. A configured Ghost root is treated as a
 fingerprint package, not as a bundled visual direction. Ghost resolves the
-product design context; Summon still owns host policy, capabilities, runtime
+product design context; Summon still owns host policy, tools, runtime
 contracts, and token fallback.
 
 Add one or more trusted Ghost roots to `apps/server/.env`:
@@ -139,13 +139,14 @@ The Stream and Devtools drawers are for understanding a run after you have
 rendered and interacted with a surface:
 
 - Open the **Stream** drawer to inspect accepted protocol lines, the selected
-  broker intent, selected surface config, validation summaries, and validation
-  retry feedback.
+  broker goal, selected surface config, validation summaries, skipped raw
+  lines, and Arrow artifact revisions.
 - Open the **Devtools** drawer to inspect sandbox startup, render events, host
-  tool requests, host dispatch, pushed state, trusted component sync, and stream
-  diagnostics.
-- For a healthy interactive run, expect to see a render event, a host tool
-  request when you submit the search, host dispatch, and pushed state.
+  tool requests, host dispatch, pushed state, trusted component sync, and
+  stream diagnostics.
+- For a healthy interactive run, expect to see `render` and `rendered` events,
+  a host tool request when you submit the search, host dispatch, and pushed
+  state.
 
 ## Optional Checks
 
@@ -158,7 +159,7 @@ Use the other `/generate` scenarios to exercise static summaries,
 declarative forms, host AI calls, GitHub lookup, trusted host components,
 background host work, approval-required publish, local state and motion,
 token overrides, layout constraints, sibling summon, Ghost steering when
-configured, and validation retry diagnostics.
+configured, and validation diagnostics.
 
 To run the gallery and workbench side by side, use `pnpm dev:demos`.
 
@@ -172,10 +173,11 @@ real input and pushes only safe state back.
   provider key and confirm the server is listening on `:3001`.
 - If generated controls do nothing, confirm the run is interactive. Static
   surfaces intentionally have no allowed host tools.
-- If the model emits unsafe HTML, inspect the Stream drawer for validation
-  summaries, blocked output, and validation retry feedback.
+- If the model emits malformed or unsafe Arrow output, inspect the Stream
+  drawer for validation summaries, blocked output, and `/protocol-skip`.
 - If the sandbox does not update after a generated control is used, inspect
   Devtools for rejected host tool requests, host dispatch, handler completion,
   and pushed state.
-- If sections are missing or retried, inspect stream diagnostics in the Stream
-  and Devtools drawers.
+- If the surface stays blank, inspect Stream diagnostics for accepted Arrow
+  `/artifact` revisions, then inspect Devtools for `render`, `rendered`, and
+  `sandbox-fatal`.
diff --git a/docs/adoption/security.md b/docs/adoption/security.md
index cf1c5e3..23cf971 100644
--- a/docs/adoption/security.md
+++ b/docs/adoption/security.md
@@ -4,8 +4,9 @@ Summon's security invariant is simple: generated UI runs in a locked iframe and
 can only request host tools the host allowed for that run. The host owns network,
 credentials, durable state, native APIs, handlers, and persistence.
 
-The model may propose HTML, CSS, and requests to use host tools. It does not get
-ambient access to the parent app, and it cannot give itself new authority.
+The model may propose Arrow source, CSS, and requests to use host tools. It
+does not get ambient access to the parent app, and it cannot give itself new
+authority.
 
 ## Security Boundary
 
@@ -16,7 +17,7 @@ The hard boundary is the browser sandbox:
   object/embed content, and storage-backed same-origin access.
 - The bridge accepts only messages carrying the per-sandbox random
   `sandbox_id`.
-- Host-owned allowlists (`grantedIntents` and `grantedCapabilities`) decide
+- Host-owned allowlists (`grantedTools` and `validationTools`) decide
   which generated requests can run.
 - `PolicyEngine` validates request args before host handlers run.
 - Data resources fetch through host-owned handlers and validate returned data
@@ -25,10 +26,11 @@ The hard boundary is the browser sandbox:
   registered component names and props.
 
 The validator is not the security perimeter. It is a contract gate and
-diagnostic guide that rejects or warns on unsafe tags, external URLs, inline
-handlers, bad args, unknown host tool requests, missing resource states, token
-drift, and layout violations before HTML reaches the iframe. If a validator
-misses a weird HTML shape, the iframe/CSP/bridge should still contain it.
+diagnostic guide that rejects or warns on malformed Arrow artifacts,
+unsupported Arrow template bindings, unsafe URLs, bad args, unknown host tool
+requests, missing resource states, token drift, and layout violations before an
+artifact renders in the iframe. If validation misses a weird artifact shape,
+the iframe/CSP/bridge should still contain it.
 
 ## Surface Types
 
@@ -38,7 +40,7 @@ for this choice is `SurfacePolicy.tier`.
 | Surface type | API setting | When to use |
 | --- | --- | --- |
 | Read-only | `SurfacePolicy.tier: "static"` | Summaries, cards, explainers, comparisons, and dashboards. Scripts and host tools are omitted. |
-| Declarative interactive | `SurfacePolicy.tier: "declarative"` | Production default for forms, search, pickers, loading/error/data states, foreach lists, and safe attribute binding. Uses only `data-summon-*`. |
+| Arrow interactive | `SurfacePolicy.tier: "declarative"` | Production default for forms, search, pickers, loading/error/data states, and result lists. Generates Arrow runtime artifacts that call host tools through `host-bridge:summon`; the tier name remains `declarative` for API compatibility. |
 | Background host work | `SurfacePolicy.tier: "worker"` | Host-owned background work through worker-backed resources/actions. |
 | Requires approval | `SurfacePolicy.tier: "approval"` | Operations that require a host approval adapter before the handler runs. |
 
@@ -46,14 +48,16 @@ Declarative interactive surfaces still support clicks, submits,
 mount-triggered reads, data resources, loading/error/data bindings, foreach
 templates, text binding, safe image/data attributes, local ephemeral state, and
 host-owned motion recipes. Generated `<script>` tags are not a public artifact
-capability.
+tool.
 
 ## Advanced Safety Details
 
 Summon compiles the host-selected `SurfacePolicy` into a stricter `SurfacePlan`
-with exact runtime, data, authority, persistence, and script policy for
-validation and diagnostics. Shape describes visual composition; posture
-describes the act; the surface config describes the public host decision.
+with Arrow runtime diagnostics, data, authority, persistence, and network
+metadata for validation and diagnostics. Shape describes visual composition;
+posture describes the act; the surface config describes the public host
+decision. Generated artifacts are always Arrow sandbox source trees; legacy
+scripted-plan request fields are rejected before generation.
 
 Summon also derives a `SurfaceContractView` from the compiled policy. It is a
 compact diagnostic and prompt-facing view of the selected policy, narrowed host
@@ -109,9 +113,9 @@ requires a compatible host registry for the same reason.
   validated state and data URLs, not credentials or network endpoints.
 - Treat component definitions as trusted host code. Register only components
   whose data and authority match the selected surface config.
-- Use declarative local state and motion primitives for tabs, disclosures,
-  selection, staged reveal, and visual feedback. Do not grant custom generated
-  scripts.
+- Use Arrow local state and motion primitives for tabs, disclosures, selection,
+  staged reveal, and visual feedback. Do not grant custom generated scripts;
+  legacy script-control request fields are rejected before generation.
 - Run the adversarial browser harness before changing iframe sandbox
   attributes, CSP, postMessage routing, bootstrap startup checks, or script
   execution behavior.
diff --git a/docs/ghost-fingerprint-architecture.md b/docs/ghost-fingerprint-architecture.md
index eb34451..aafeb19 100644
--- a/docs/ghost-fingerprint-architecture.md
+++ b/docs/ghost-fingerprint-architecture.md
@@ -15,8 +15,8 @@ The fingerprint owns product direction:
 
 Summon owns surface authority:
 
-- SurfacePolicy, SurfacePlan, and script policy.
-- Host capabilities and resource grants.
+- SurfacePolicy, derived SurfacePlan diagnostics, and sandbox enforcement.
+- Host tools and resource grants.
 - Runtime validation and StreamGraph diagnostics.
 - Active token CSS used by the sandbox.
 
@@ -32,7 +32,7 @@ It should not be bundled into Summon as a default visual direction.
    `# Ghost Relay Brief` is the only Ghost generation prompt source.
 3. Summon resolves tokens from `.ghost/config.yml`, an optional token fallback
    direction, or Summon defaults.
-4. After the server resolves SurfacePlan, mode, capabilities, and components,
+4. After the server resolves SurfacePlan, mode, tools, and components,
    it appends a small Summon Surface Brief to the Ghost handoff. That brief
    explains the concrete generation run without recompiling or reranking the
    fingerprint.
diff --git a/packages/devtools/src/index.ts b/packages/devtools/src/index.ts
index f4236cb..04d8fd3 100644
--- a/packages/devtools/src/index.ts
+++ b/packages/devtools/src/index.ts
@@ -8,10 +8,10 @@ export type {
   SandboxReadyEvent,
   SandboxFatalEvent,
   SandboxDisposedEvent,
-  IntentEmittedEvent,
-  IntentRejectedEvent,
-  IntentDispatchedEvent,
-  IntentSettledEvent,
+  ToolCalledEvent,
+  ToolRejectedEvent,
+  ToolDispatchedEvent,
+  ToolSettledEvent,
   StatePushedEvent,
   ProtocolLineEvent,
   ProtocolParseErrorEvent,
diff --git a/packages/devtools/src/types.ts b/packages/devtools/src/types.ts
index 30fe8fc..d44f91a 100644
--- a/packages/devtools/src/types.ts
+++ b/packages/devtools/src/types.ts
@@ -1,7 +1,7 @@
 /**
  * Devtools event vocabulary. Every interesting boundary in summon emits one of
  * these so a panel can reconstruct what happened: which sandbox spawned, what
- * intents the artifact tried, which were rejected at the bridge, which made it
+ * tools the artifact tried, which were rejected at the bridge, which made it
  * to the policy engine, what state was pushed back, what the LLM streamed.
  *
  * Events are append-only. Producers should treat the EventStore as fire-and-
@@ -23,9 +23,9 @@ export interface BaseEvent {
 export interface SandboxSpawnedEvent extends BaseEvent {
   kind: 'sandbox-spawned';
   sandboxId: string;
-  grantedIntents: string[];
-  artifactCapabilities?: unknown[];
-  grantedCapabilities?: unknown[];
+  grantedTools: string[];
+  artifactTools?: unknown[];
+  validationTools?: unknown[];
 }
 
 /** Bootstrap inside the iframe finished its self-test and signaled READY. */
@@ -47,35 +47,35 @@ export interface SandboxDisposedEvent extends BaseEvent {
   sandboxId: string;
 }
 
-/** An intent passed the bridge allowlist. Args are the (still-unvalidated) bag from the sandbox. */
-export interface IntentEmittedEvent extends BaseEvent {
-  kind: 'intent-emitted';
+/** An tool passed the bridge allowlist. Args are the (still-unvalidated) bag from the sandbox. */
+export interface ToolCalledEvent extends BaseEvent {
+  kind: 'tool-called';
   sandboxId: string;
-  intent: string;
+  tool: string;
   args: Record<string, unknown>;
 }
 
 /** The bridge rejected a postMessage that claimed this sandbox's identity. */
-export interface IntentRejectedEvent extends BaseEvent {
-  kind: 'intent-rejected';
+export interface ToolRejectedEvent extends BaseEvent {
+  kind: 'tool-rejected';
   sandboxId: string;
   reason: string;
   raw: unknown;
 }
 
 /** Policy engine started running a handler. `id` matches the settled event. */
-export interface IntentDispatchedEvent extends BaseEvent {
-  kind: 'intent-dispatched';
+export interface ToolDispatchedEvent extends BaseEvent {
+  kind: 'tool-dispatched';
   id: string;
-  intent: string;
+  tool: string;
   args: unknown;
 }
 
 /** Policy engine finished a handler (success or thrown error). */
-export interface IntentSettledEvent extends BaseEvent {
-  kind: 'intent-settled';
+export interface ToolSettledEvent extends BaseEvent {
+  kind: 'tool-settled';
   id: string;
-  intent: string;
+  tool: string;
   ok: boolean;
   error?: string;
   durationMs: number;
@@ -91,7 +91,7 @@ export interface StatePushedEvent extends BaseEvent {
 /** A streaming protocol line was successfully parsed. */
 export interface ProtocolLineEvent extends BaseEvent {
   kind: 'protocol-line';
-  line: { op: 'add' | 'set' | 'meta'; path: string; html?: string; value?: unknown };
+  line: { op: 'meta' | 'artifact'; path: string; value?: unknown };
 }
 
 /** A line in the LLM stream did not parse as a protocol line. */
@@ -111,18 +111,15 @@ export interface StreamGraphEvent extends BaseEvent {
   kind: 'stream-graph';
   health: {
     complete: boolean;
-    missingDeclared: string[];
-    undeclaredPresent: string[];
     skippedCount: number;
     blockedCount: number;
-    repairedCount: number;
   };
-  sections: Array<{
-    id: string;
-    declared: boolean;
-    present: boolean;
+  artifacts: Array<{
     revision: number;
+    runtime: 'arrow';
     bytes: number;
+    firstSeenLine?: number;
+    lastUpdatedLine?: number;
   }>;
 }
 
@@ -148,14 +145,21 @@ export interface SurfaceContractEvent extends BaseEvent {
   };
 }
 
-/** Host pushed full HTML into the sandbox via SUMMON_RENDER. */
+/** Host pushed an Arrow artifact into the sandbox via SUMMON_RENDER. */
 export interface RenderEvent extends BaseEvent {
   kind: 'render';
   sandboxId: string;
-  /** byte length of the html payload — full text is omitted to keep the ring buffer small. */
+  /** Approximate byte length of the artifact payload. */
   bytes: number;
 }
 
+/** The sandbox finished mounting the latest Arrow artifact. */
+export interface RenderedEvent extends BaseEvent {
+  kind: 'rendered';
+  sandboxId: string;
+  revision: number;
+}
+
 export interface ComponentSyncEvent extends BaseEvent {
   kind: 'component-sync';
   sandboxId: string;
@@ -181,10 +185,10 @@ export type DevtoolsEvent =
   | SandboxReadyEvent
   | SandboxFatalEvent
   | SandboxDisposedEvent
-  | IntentEmittedEvent
-  | IntentRejectedEvent
-  | IntentDispatchedEvent
-  | IntentSettledEvent
+  | ToolCalledEvent
+  | ToolRejectedEvent
+  | ToolDispatchedEvent
+  | ToolSettledEvent
   | StatePushedEvent
   | ProtocolLineEvent
   | ProtocolParseErrorEvent
@@ -193,6 +197,7 @@ export type DevtoolsEvent =
   | SurfacePlanEvent
   | SurfaceContractEvent
   | RenderEvent
+  | RenderedEvent
   | ComponentSyncEvent
   | ComponentErrorEvent;
 
diff --git a/packages/engine/src/arrow-artifact.ts b/packages/engine/src/arrow-artifact.ts
new file mode 100644
index 0000000..050c4a4
--- /dev/null
+++ b/packages/engine/src/arrow-artifact.ts
@@ -0,0 +1,171 @@
+import type { ContractIssue } from './contracts.js';
+import { contractIssue } from './contracts.js';
+
+export type ArrowNetworkPolicy = 'none' | 'restricted-fetch';
+
+export interface ArrowSurfaceArtifact {
+  runtime: 'arrow';
+  source: Record<string, string>;
+  network?: ArrowNetworkPolicy;
+}
+
+export interface ArrowArtifactValidationOptions {
+  maxSourceBytes?: number;
+  network?: ArrowNetworkPolicy;
+}
+
+const DEFAULT_MAX_SOURCE_BYTES = 256 * 1024;
+const ENTRY_FILES = new Set(['main.ts', 'main.js']);
+const OPTIONAL_FILES = new Set(['main.css']);
+const MODULE_RE = /^[A-Za-z0-9_./-]+\.(?:ts|js|mjs|css)$/;
+const UNSUPPORTED_IDL_PROPERTY_BINDING_RE = /(^|[\s`<])\.[A-Za-z_$][A-Za-z0-9_$-]*\s*=/m;
+const UNSUPPORTED_OPEN_TAG_EXPRESSION_RE = /<[^>`]*\s\$\{/m;
+const DATA_SUMMON_ATTR_RE = /\b(data-summon-[a-z0-9-]+)\b/gi;
+const TRUSTED_COMPONENT_PLACEHOLDER_ATTRS = new Set([
+  'data-summon-component',
+  'data-summon-component-id',
+  'data-summon-props',
+]);
+
+export function isArrowSurfaceArtifact(value: unknown): value is ArrowSurfaceArtifact {
+  return normalizeArrowSurfaceArtifact(value).artifact !== null;
+}
+
+export function normalizeArrowSurfaceArtifact(value: unknown): {
+  artifact: ArrowSurfaceArtifact | null;
+  issues: ContractIssue[];
+} {
+  const issues: ContractIssue[] = [];
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return {
+      artifact: null,
+      issues: [arrowIssue('invalid-arrow-artifact', 'Arrow artifact must be an object')],
+    };
+  }
+
+  const input = value as Record<string, unknown>;
+  if (input.runtime !== 'arrow') {
+    issues.push(arrowIssue('invalid-arrow-runtime', 'Arrow artifact runtime must be "arrow"'));
+  }
+  if (!input.source || typeof input.source !== 'object' || Array.isArray(input.source)) {
+    issues.push(arrowIssue('invalid-arrow-source', 'Arrow artifact source must be a file map'));
+    return { artifact: null, issues };
+  }
+
+  const source: Record<string, string> = {};
+  for (const [rawPath, rawContents] of Object.entries(input.source as Record<string, unknown>)) {
+    const path = normalizeArrowSourcePath(rawPath);
+    if (!path) {
+      issues.push(arrowIssue('invalid-arrow-source-path', `Invalid Arrow source path "${rawPath}"`));
+      continue;
+    }
+    if (typeof rawContents !== 'string') {
+      issues.push(arrowIssue('invalid-arrow-source-file', `Arrow source file "${rawPath}" must be a string`));
+      continue;
+    }
+    source[path] = rawContents;
+  }
+
+  const entries = Object.keys(source).filter((path) => ENTRY_FILES.has(path));
+  if (entries.length !== 1) {
+    issues.push(arrowIssue('invalid-arrow-entry', 'Arrow artifact must include exactly one main.ts or main.js entry file'));
+  }
+  if (Object.keys(source).length === 0) {
+    issues.push(arrowIssue('invalid-arrow-source', 'Arrow artifact source cannot be empty'));
+  }
+
+  const network = input.network === 'restricted-fetch' || input.network === 'none'
+    ? input.network
+    : undefined;
+  if (input.network !== undefined && !network) {
+    issues.push(arrowIssue('invalid-arrow-network', 'Arrow artifact network must be "none" or "restricted-fetch"'));
+  }
+
+  if (issues.some((issue) => issue.severity === 'block')) {
+    return { artifact: null, issues };
+  }
+  return {
+    artifact: {
+      runtime: 'arrow',
+      source,
+      ...(network ? { network } : {}),
+    },
+    issues,
+  };
+}
+
+export function validateArrowSurfaceArtifact(
+  artifact: ArrowSurfaceArtifact,
+  options: ArrowArtifactValidationOptions = {},
+): ContractIssue[] {
+  const { artifact: normalized, issues } = normalizeArrowSurfaceArtifact(artifact);
+  if (!normalized) return issues;
+  const maxSourceBytes = options.maxSourceBytes ?? DEFAULT_MAX_SOURCE_BYTES;
+  const sourceBytes = byteLength(JSON.stringify(normalized.source));
+  if (sourceBytes > maxSourceBytes) {
+    issues.push(arrowIssue('arrow-source-limit', `Arrow source exceeds ${maxSourceBytes} bytes`));
+  }
+  if (options.network === 'none' && normalized.network === 'restricted-fetch') {
+    issues.push(arrowIssue('arrow-network-not-granted', 'Arrow artifact requested restricted fetch without a host network grant'));
+  }
+  for (const [path, contents] of Object.entries(normalized.source)) {
+    if (path.endsWith('.css')) continue;
+    if (UNSUPPORTED_IDL_PROPERTY_BINDING_RE.test(contents)) {
+      issues.push(arrowIssue(
+        'unsupported-arrow-idl-binding',
+        `Arrow sandbox does not support IDL property bindings in "${path}" such as ".value=". Use normal HTML attributes and event target snapshots instead.`,
+        `/artifact/${path}`,
+      ));
+    }
+    if (UNSUPPORTED_OPEN_TAG_EXPRESSION_RE.test(contents)) {
+      issues.push(arrowIssue(
+        'unsupported-arrow-open-tag-expression',
+        `Arrow sandbox does not support standalone template expressions inside opening tags in "${path}". Put expressions in text, node positions, or quoted attribute values only.`,
+        `/artifact/${path}`,
+      ));
+    }
+    const legacyDataSummonAttrs = unsupportedDataSummonAttrs(contents);
+    if (legacyDataSummonAttrs.length > 0) {
+      issues.push(arrowIssue(
+        'unsupported-legacy-data-summon-binding',
+        `Arrow artifacts must use Arrow reactive state and host-bridge:summon instead of legacy Summon binding attributes in "${path}": ${legacyDataSummonAttrs.join(', ')}.`,
+        `/artifact/${path}`,
+      ));
+    }
+  }
+  return issues;
+}
+
+export function normalizeArrowSourcePath(path: string): string | null {
+  const normalized = path.replace(/^\/+/, '');
+  if (!normalized || normalized.includes('..') || normalized.startsWith('.') || normalized.includes('\\')) {
+    return null;
+  }
+  if (!MODULE_RE.test(normalized)) return null;
+  if (normalized.endsWith('.css') && !OPTIONAL_FILES.has(normalized)) return null;
+  return normalized;
+}
+
+function arrowIssue(code: string, message: string, path = '/artifact'): ContractIssue {
+  return contractIssue({
+    source: 'protocol',
+    severity: 'block',
+    code,
+    message,
+    path,
+  });
+}
+
+function byteLength(value: string): number {
+  return new TextEncoder().encode(value).length;
+}
+
+function unsupportedDataSummonAttrs(contents: string): string[] {
+  const attrs = new Set<string>();
+  for (const match of contents.matchAll(DATA_SUMMON_ATTR_RE)) {
+    const attr = match[1]?.toLowerCase();
+    if (!attr || TRUSTED_COMPONENT_PLACEHOLDER_ATTRS.has(attr)) continue;
+    attrs.add(attr);
+  }
+  return Array.from(attrs).sort();
+}
diff --git a/packages/engine/src/capability-contract.ts b/packages/engine/src/capability-contract.ts
deleted file mode 100644
index b9d6a51..0000000
--- a/packages/engine/src/capability-contract.ts
+++ /dev/null
@@ -1,210 +0,0 @@
-export type CapabilityKind = 'action' | 'resource';
-export type CapabilityTrigger = 'click' | 'submit' | 'mount';
-
-export interface CapabilityStateKeys {
-  loading?: string;
-  data?: string;
-  error?: string;
-  empty?: string;
-}
-
-export interface ResourceStateKeys extends Required<Pick<CapabilityStateKeys, 'loading' | 'data' | 'error'>> {
-  empty?: string;
-}
-
-export interface ActionStateKeys {
-  pending: string;
-  done: string;
-  error: string;
-}
-
-export interface CapabilityTriggerSpec {
-  trigger: CapabilityTrigger;
-  legacyAttribute: `data-summon-on-${CapabilityTrigger}`;
-  resourceTriggerValue: CapabilityTrigger;
-  placement: string;
-  description: string;
-  args: string;
-}
-
-export interface CapabilityBindingSpec {
-  attribute: string;
-  value: string;
-  description: string;
-}
-
-export const CAPABILITY_TRIGGER_SPECS: CapabilityTriggerSpec[] = [
-  {
-    trigger: 'click',
-    legacyAttribute: 'data-summon-on-click',
-    resourceTriggerValue: 'click',
-    placement: 'Any clickable element.',
-    description: 'Fires an action or resource when the element is clicked.',
-    args: 'Optional `data-summon-args` JSON. Foreach/resource scoped `$name` values are interpolated.',
-  },
-  {
-    trigger: 'submit',
-    legacyAttribute: 'data-summon-on-submit',
-    resourceTriggerValue: 'submit',
-    placement: 'A `<form>` element.',
-    description:
-      'Fires an action or resource on submit. Named form controls are collected into args.',
-    args: 'Optional `data-summon-args` JSON provides base args; collected form fields win conflicts.',
-  },
-  {
-    trigger: 'mount',
-    legacyAttribute: 'data-summon-on-mount',
-    resourceTriggerValue: 'mount',
-    placement: 'A mounted element; for resources, place it on the resource root.',
-    description:
-      'Fires once after render. Use only for read-oriented resources that explicitly grant mount.',
-    args: 'Optional `data-summon-args` JSON. The same args key is emitted once per section render identity.',
-  },
-];
-
-export const CAPABILITY_BINDING_SPECS: CapabilityBindingSpec[] = [
-  {
-    attribute: 'data-summon-resource',
-    value: '<resource-name>',
-    description:
-      'Declares a resource scope. Descendants may bind `$alias.loading`, `$alias.data`, `$alias.error`, and optional `$alias.empty`.',
-  },
-  {
-    attribute: 'data-summon-resource-as',
-    value: '<alias>',
-    description:
-      'Optional resource alias. Defaults to the resource name. Aliases are render-time conveniences only.',
-  },
-  {
-    attribute: 'data-summon-resource-trigger',
-    value: 'click | submit | mount',
-    description:
-      'Emits the enclosing resource using the selected trigger. Still sends the normal `SUMMON_INTENT` event.',
-  },
-  {
-    attribute: 'data-summon-bind',
-    value: '<state-key | dotted-path | $scope.path>',
-    description:
-      'Mirrors state into text content. Resource aliases and foreach scopes are supported.',
-  },
-  {
-    attribute: 'data-summon-show',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Shows the element only when the resolved value is truthy.',
-  },
-  {
-    attribute: 'data-summon-hide',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Hides the element when the resolved value is truthy.',
-  },
-  {
-    attribute: 'data-summon-foreach',
-    value: '<array-key | $resource.data>',
-    description:
-      'Stamps the single `<template>` child once per array item. Use `data-summon-as` to name the item scope.',
-  },
-  {
-    attribute: 'data-summon-as',
-    value: '<scope-name>',
-    description: 'Names a foreach item scope such as `$row`.',
-  },
-  {
-    attribute: 'data-summon-args',
-    value: '<valid JSON object>',
-    description:
-      'Base args for click/submit/mount triggers. String leaves like `"$row.id"` or `"$search.data"` are interpolated.',
-  },
-  {
-    attribute: 'data-summon-attr-src',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds an image `src`. Only data URLs or empty values are applied.',
-  },
-  {
-    attribute: 'data-summon-attr-alt',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds `alt` text.',
-  },
-  {
-    attribute: 'data-summon-attr-title',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds `title` text.',
-  },
-  {
-    attribute: 'data-summon-attr-aria-label',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds `aria-label` text.',
-  },
-  {
-    attribute: 'data-summon-attr-value',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds a form control `value`.',
-  },
-  {
-    attribute: 'data-summon-attr-placeholder',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds `placeholder` text.',
-  },
-  {
-    attribute: 'data-summon-attr-disabled',
-    value: '<state-key | dotted-path | $scope.path>',
-    description: 'Safely binds boolean `disabled`.',
-  },
-];
-
-export function defaultTriggersForKind(kind: CapabilityKind = 'action'): CapabilityTrigger[] {
-  return kind === 'resource' ? ['submit', 'mount'] : ['click', 'submit'];
-}
-
-export function hasCompleteResourceStateKeys(
-  keys: CapabilityStateKeys | undefined,
-): keys is ResourceStateKeys {
-  return Boolean(keys?.loading && keys.data && keys.error);
-}
-
-export function formatCapabilityProtocolContract(): string {
-  const triggerRows = CAPABILITY_TRIGGER_SPECS.map(
-    (spec) =>
-      `- \`${spec.legacyAttribute}="<intent>"\` or \`data-summon-resource-trigger="${spec.resourceTriggerValue}"\` — ${spec.description} ${spec.placement} ${spec.args}`,
-  ).join('\n');
-
-  const bindingRows = CAPABILITY_BINDING_SPECS.map(
-    (spec) => `- \`${spec.attribute}="${spec.value}"\` — ${spec.description}`,
-  ).join('\n');
-
-  return `### Declarative attributes
-
-These are the paved road for interactivity. Use them first; they cover the dominant patterns: emit intents, show/hide state, mirror state into text or safe attributes, iterate collections, and bind resource lifecycle state.
-
-#### Triggers
-
-${triggerRows}
-
-#### Bindings
-
-${bindingRows}
-
-#### Data resource scopes
-
-Data resources expose host-owned lifecycle state. Wrap a data resource UI in \`data-summon-resource="<name>"\`, optionally rename it with \`data-summon-resource-as="<alias>"\`, then bind \`$alias.loading\`, \`$alias.data\`, \`$alias.error\`, and optional \`$alias.empty\`. A resource trigger always emits the resource's intent name; the PolicyEngine remains the execution boundary.
-
-Example:
-
-\`\`\`html
-<div data-summon-resource="search" data-summon-resource-as="s">
-  <form data-summon-resource-trigger="submit">
-    <input name="query" placeholder="Search...">
-    <button data-summon-attr-disabled="$s.loading">Go</button>
-  </form>
-  <p data-summon-show="$s.loading">Searching...</p>
-  <p data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-  <ul data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="r">
-    <template>
-      <li>
-        <strong data-summon-bind="$r.title"></strong>
-        <span data-summon-bind="$r.snippet"></span>
-      </li>
-    </template>
-  </ul>
-</div>
-\`\`\``;
-}
diff --git a/packages/engine/src/contracts.ts b/packages/engine/src/contracts.ts
index 87fa5d6..76edf26 100644
--- a/packages/engine/src/contracts.ts
+++ b/packages/engine/src/contracts.ts
@@ -1,18 +1,15 @@
 import type { ProtocolLine } from './protocol.js';
 import {
   SUMMON_FIXED_INSTRUCTIONS,
-  buildCapabilitiesBlock,
+  buildToolsBlock,
   buildComponentsBlock,
   buildDirectionBlock,
   buildLayoutBlock,
   buildOverrideBlock,
-  buildPosturesBlock,
   buildSurfaceContractBlock,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
   type DirectionInput,
-  type PostureRegistry,
-  type ScriptPolicy,
   type SummonLayout,
   type TokenOverride,
 } from './prompt.js';
@@ -24,17 +21,16 @@ import {
 import {
   defaultTriggersForKind,
   hasCompleteResourceStateKeys,
-} from './capability-contract.js';
+} from './tool-contract.js';
 import { formatTokenContract } from './token-contract.js';
 import type { SurfaceContractView } from './surface-contract.js';
 import {
   buildSurfacePlanBlock,
-  surfacePlanScriptPolicy,
   type SurfacePlan,
 } from './surface-plan.js';
 import type {
   ValidationComponent,
-  ValidationCapability,
+  ValidationTool,
   ValidationContext,
 } from './runtime-validator.js';
 
@@ -43,10 +39,8 @@ export type ContractIssueSource =
   | 'html'
   | 'token'
   | 'direction'
-  | 'capability'
+  | 'tool'
   | 'layout'
-  | 'edit'
-  | 'repair'
   | 'system';
 
 export type ContractIssueSeverity = 'block' | 'warn';
@@ -110,19 +104,15 @@ export interface CompiledDirectionContract {
   issues: ContractIssue[];
 }
 
-export interface CompiledCapabilityContract {
-  pack: CapabilityPack;
+export interface CompiledToolContract {
+  pack: ToolPack;
   promptBlock: ContractPromptBlock | null;
-  intentNames: string[];
-  validationCapabilities: ValidationCapability[];
+  toolNames: string[];
+  validationTools: ValidationTool[];
   initialState: Record<string, unknown>;
   issues: ContractIssue[];
 }
 
-export interface CapabilityContractOptions {
-  scriptPolicy?: ScriptPolicy;
-}
-
 export interface CompiledComponentContract {
   pack: ComponentPack;
   promptBlock: ContractPromptBlock | null;
@@ -137,11 +127,9 @@ export interface SystemContractInput {
   layout?: SummonLayout | null;
   editBlock?: string | null;
   experimentalPromptBlock?: ContractPromptBlock | null;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
-  scriptPolicy?: ScriptPolicy;
   tokenOverrides?: TokenOverride[];
-  postures?: PostureRegistry | null;
   surfacePlan?: SurfacePlan | null;
   surfaceContract?: SurfaceContractView | null;
   activeTokensCss?: string | null;
@@ -174,36 +162,36 @@ export function hintsForContractIssue(issue: ContractIssue): string[] {
     case 'unsafe-tag':
       return ['Use plain HTML elements; remove iframe/object/embed/link/meta/base-like tags.'];
     case 'inline-handler':
-      return ['Replace inline handlers with declarative data-summon attributes such as data-summon-on-click, data-summon-set, or data-summon-toggle.'];
+      return ['Use Arrow event handlers inside the template and call granted host tools with `callTool()` from `host-bridge:summon`.'];
     case 'static-script':
       return ['Remove script tags in static mode, or express the UI without interactivity.'];
     case 'script-not-granted':
     case 'surface-script-policy-removed':
-      return ['Use declarative data-summon attributes, local state, and motion primitives instead of generated scripts.'];
-    case 'unknown-intent':
-    case 'intent-trigger-not-granted':
-      return ['Use only the granted capabilities and triggers listed in the Capabilities block.'];
+      return ['Return an Arrow artifact that uses `reactive()`, Arrow event handlers, and `host-bridge:summon` instead of generated script tags.'];
+    case 'unknown-tool':
+    case 'tool-trigger-not-granted':
+      return ['Use only the granted tools and triggers listed in the Tools block.'];
     case 'invalid-args-json':
-      return ['Make data-summon-args a valid JSON object on one line.'];
+      return ['Build tool args as plain objects in the Arrow event handler before calling `callTool()`.'];
     case 'unknown-resource':
-    case 'non-resource-capability':
+    case 'non-resource-tool':
     case 'resource-state-keys-incomplete':
       return ['Use only data resources listed under Available data resources.'];
     case 'resource-loading-not-rendered':
-      return ['Add visible UI bound to the data resource loading state, for example `data-summon-show="$alias.loading"`.'];
+      return ['Copy the listed resource loading key into Arrow `reactive()` state and render a visible loading affordance from it.'];
     case 'resource-error-not-rendered':
-      return ['Add visible UI bound to the data resource error state, for example `data-summon-show="$alias.error" data-summon-bind="$alias.error"`.'];
+      return ['Copy the listed resource error key into Arrow `reactive()` state and render visible host error text from it.'];
     case 'resource-data-not-rendered':
-      return ['Wrap result UI in `data-summon-show="$alias.data"` and bind or foreach under the data resource alias.'];
+      return ['Copy the listed resource data key into Arrow `reactive()` state and render result rows only from host data.'];
     case 'resource-empty-not-rendered':
-      return ['Add visible no-results UI bound to the data resource empty state, for example `data-summon-show="$alias.empty"`.'];
+      return ['Copy the listed empty-state key into Arrow `reactive()` state and render no-results copy only from that key.'];
     case 'action-pending-not-rendered':
-      return ['Disable the triggering control with `data-summon-attr-disabled="<pendingKey>"` or show a pending message.'];
+      return ['Copy the listed pending key into Arrow `reactive()` state and render a busy label or disabled-looking state from it.'];
     case 'action-error-not-rendered':
-      return ['Add visible host error UI with `data-summon-show="<errorKey>" data-summon-bind="<errorKey>"`.'];
+      return ['Copy the listed action error key into Arrow `reactive()` state and render visible host error text from it.'];
     case 'unsafe-attr-binding':
     case 'bad-attr-binding-placement':
-      return ['Use only safe data-summon-attr-* bindings on supported elements.'];
+      return ['Use normal quoted Arrow attributes and sanitize dynamic values before rendering them.'];
     case 'host-owned-meta':
       return ['Remove host-owned meta lines; the host emits /surface-policy, /surface-plan, and /surface-contract before model output.'];
     case 'surface-policy-invalid':
@@ -274,50 +262,47 @@ export function compileDirectionContract(
   };
 }
 
-export function compileCapabilityContract(
-  pack: CapabilityPack | null | undefined,
-  options: CapabilityContractOptions = {},
-): CompiledCapabilityContract {
-  const normalized: CapabilityPack = pack ?? { intents: [] };
+export function compileToolContract(
+  pack: ToolPack | null | undefined,
+): CompiledToolContract {
+  const normalized: ToolPack = pack ?? { tools: [] };
   const initialState: Record<string, unknown> = {};
-  const validationCapabilities: ValidationCapability[] = normalized.intents.map((intent) => {
-    const capability: ValidationCapability = {
-      name: intent.name,
-      kind: intent.kind,
-      triggers: intent.triggers?.length
-        ? intent.triggers
-        : defaultTriggersForKind(intent.kind ?? 'action'),
+  const validationTools: ValidationTool[] = normalized.tools.map((spec) => {
+    const tool: ValidationTool = {
+      name: spec.name,
+      kind: spec.kind,
+      triggers: spec.triggers?.length
+        ? spec.triggers
+        : defaultTriggersForKind(spec.kind ?? 'action'),
     };
-    if (intent.stateKeys) capability.stateKeys = intent.stateKeys;
-    if (intent.actionStateKeys) capability.actionStateKeys = intent.actionStateKeys;
-    if (intent.surface) capability.surface = intent.surface;
-    if (intent.kind === 'resource' && hasCompleteResourceStateKeys(intent.stateKeys)) {
-      initialState[intent.stateKeys.loading] = false;
-      initialState[intent.stateKeys.data] = intent.defaultData ?? null;
-      initialState[intent.stateKeys.error] = null;
-      if (intent.stateKeys.empty) initialState[intent.stateKeys.empty] = false;
+    if (spec.stateKeys) tool.stateKeys = spec.stateKeys;
+    if (spec.actionStateKeys) tool.actionStateKeys = spec.actionStateKeys;
+    if (spec.surface) tool.surface = spec.surface;
+    if (spec.kind === 'resource' && hasCompleteResourceStateKeys(spec.stateKeys)) {
+      initialState[spec.stateKeys.loading] = false;
+      initialState[spec.stateKeys.data] = spec.defaultData ?? null;
+      initialState[spec.stateKeys.error] = null;
+      if (spec.stateKeys.empty) initialState[spec.stateKeys.empty] = false;
     }
-    if ((intent.kind ?? 'action') === 'action' && intent.actionStateKeys) {
-      initialState[intent.actionStateKeys.pending] = false;
-      initialState[intent.actionStateKeys.done] = false;
-      initialState[intent.actionStateKeys.error] = null;
+    if ((spec.kind ?? 'action') === 'action' && spec.actionStateKeys) {
+      initialState[spec.actionStateKeys.pending] = false;
+      initialState[spec.actionStateKeys.done] = false;
+      initialState[spec.actionStateKeys.error] = null;
     }
-    return capability;
+    return tool;
   });
 
   return {
     pack: normalized,
-    promptBlock: normalized.intents.length > 0
+    promptBlock: normalized.tools.length > 0
       ? {
-          id: 'capabilities',
-          text: buildCapabilitiesBlock(normalized, {
-            scriptPolicy: options.scriptPolicy,
-          }),
+          id: 'tools',
+          text: buildToolsBlock(normalized),
           cache: 'ephemeral',
         }
       : null,
-    intentNames: normalized.intents.map((intent) => intent.name),
-    validationCapabilities,
+    toolNames: normalized.tools.map((tool) => tool.name),
+    validationTools,
     initialState,
     issues: [],
   };
@@ -359,6 +344,7 @@ export function compileSystemContracts(
   ];
   const issues: ContractIssue[] = [];
   const startupLines: ProtocolLine[] = [];
+  const activeSurfacePlan = input.surfaceContract?.surface.plan ?? input.surfacePlan ?? null;
 
   let activeTokensCss = input.activeTokensCss ?? null;
   if (input.direction) {
@@ -386,22 +372,12 @@ export function compileSystemContracts(
       text: buildLayoutBlock(input.layout),
       cache: 'ephemeral',
     });
-    startupLines.push(layoutScreenProtocolLine(input.layout));
-  }
-
-  if (input.editBlock) {
-    promptBlocks.push({
-      id: 'edit',
-      text: input.editBlock,
-      cache: 'ephemeral',
-    });
   }
 
   if (input.experimentalPromptBlock) {
     promptBlocks.push(input.experimentalPromptBlock);
   }
 
-  const activeSurfacePlan = input.surfaceContract?.surface.plan ?? input.surfacePlan ?? null;
   if (input.surfaceContract) {
     promptBlocks.push({
       id: 'surface-contract',
@@ -416,23 +392,9 @@ export function compileSystemContracts(
     });
   }
 
-  const requestedScriptPolicy = input.scriptPolicy ??
-    (activeSurfacePlan
-      ? surfacePlanScriptPolicy(activeSurfacePlan)
-      : 'forbid');
-  const hasLegacyScriptedPlan = (activeSurfacePlan as { runtime?: string } | null | undefined)?.runtime === 'scripted';
-  if (requestedScriptPolicy === 'allow' || hasLegacyScriptedPlan) {
-    issues.push(contractIssue({
-      source: 'system',
-      severity: 'block',
-      code: 'surface-script-policy-removed',
-      message: 'Generated script surfaces are no longer supported; use declarative local state and motion primitives',
-    }));
-  }
-  const scriptPolicy: ScriptPolicy = 'forbid';
-  const capability = compileCapabilityContract(input.capabilities, { scriptPolicy });
-  if (capability.promptBlock) promptBlocks.push(capability.promptBlock);
-  issues.push(...capability.issues);
+  const tool = compileToolContract(input.tools);
+  if (tool.promptBlock) promptBlocks.push(tool.promptBlock);
+  issues.push(...tool.issues);
 
   const component = compileComponentContract(input.components);
   if (component.promptBlock) promptBlocks.push(component.promptBlock);
@@ -446,14 +408,6 @@ export function compileSystemContracts(
     });
   }
 
-  if (input.postures?.postures.length) {
-    promptBlocks.push({
-      id: 'postures',
-      text: buildPosturesBlock(input.postures),
-      cache: 'ephemeral',
-    });
-  }
-
   return {
     promptBlocks,
     issues,
@@ -461,20 +415,11 @@ export function compileSystemContracts(
     surfaceContract: input.surfaceContract ?? undefined,
     validationContext: {
       mode: input.mode,
-      allowedIntents: capability.intentNames,
-      capabilities: capability.validationCapabilities,
+      allowedTools: tool.toolNames,
+      tools: tool.validationTools,
       components: component.validationComponents,
-      scriptPolicy,
       surfacePlan: activeSurfacePlan ?? undefined,
       definedTokens: activeTokensCss ? parseDefinedTokens(activeTokensCss) : undefined,
     },
   };
 }
-
-function layoutScreenProtocolLine(layout: SummonLayout): ProtocolLine {
-  return {
-    op: 'set',
-    path: '/screen',
-    value: { sections: layout.slots.map((slot) => slot.id) },
-  };
-}
diff --git a/packages/engine/src/index.ts b/packages/engine/src/index.ts
index 6abb16e..92214c1 100644
--- a/packages/engine/src/index.ts
+++ b/packages/engine/src/index.ts
@@ -4,52 +4,43 @@ export {
   isProtocolLine,
   parseProtocolLine,
   parseProtocolLineStrict,
-  blockTargetFromPath,
-  htmlNodePatchFromLine,
-  htmlNodeTargetFromPath,
-  sectionIdFromSectionPath,
 } from './protocol.js';
 export type {
   ProtocolLine,
-  AddLine,
-  SetLine,
   MetaLine,
-  BlockTarget,
-  HtmlNodePatch,
-  HtmlNodeTarget,
+  ArtifactLine,
   ProtocolParseErrorCode,
   ProtocolParseOptions,
 } from './protocol.js';
+export {
+  isArrowSurfaceArtifact,
+  normalizeArrowSurfaceArtifact,
+  validateArrowSurfaceArtifact,
+} from './arrow-artifact.js';
+export type {
+  ArrowNetworkPolicy,
+  ArrowSurfaceArtifact,
+  ArrowArtifactValidationOptions,
+} from './arrow-artifact.js';
 export {
   DEFAULT_VALIDATION_LIMITS,
   normalizeValidationLimits,
 } from './validation-limits.js';
 export type { ValidationLimits } from './validation-limits.js';
-export { SectionAccumulator } from './section-accumulator.js';
-export type {
-  SectionAccumulatorSnapshot,
-  SectionApplyKind,
-  SectionApplyResult,
-  SectionSnapshotEntry,
-} from './section-accumulator.js';
 export { StreamGraph } from './stream-graph.js';
 export type {
-  StreamGraphBlock,
-  StreamGraphEdge,
+  StreamGraphArtifact,
   StreamGraphHealth,
-  StreamGraphNode,
-  StreamGraphSection,
   StreamGraphSnapshot,
 } from './stream-graph.js';
 export {
-  SUMMON_SYSTEM_PROMPT,
   SUMMON_FIXED_INSTRUCTIONS,
+  SUMMON_ARROW_ARTIFACT_INSTRUCTIONS,
   buildDirectionBlock,
   buildLayoutBlock,
-  buildCapabilitiesBlock,
+  buildToolsBlock,
   buildComponentsBlock,
   buildOverrideBlock,
-  buildPosturesBlock,
   buildSurfaceContractBlock,
 } from './prompt.js';
 export type {
@@ -57,24 +48,20 @@ export type {
   DirectionInput,
   SummonLayout,
   SummonLayoutSlot,
-  IntentSpec,
+  ToolSpec,
   DataResourceSpec,
-  CapabilityPattern,
-  CapabilityPack,
+  ToolPattern,
+  ToolPack,
   ComponentExample,
   ComponentPack,
   ComponentSizing,
   ComponentSpec,
-  CapabilitiesBlockOptions,
-  ScriptPolicy,
   TokenOverride,
-  PostureContract,
-  PostureRegistry,
 } from './prompt.js';
 export {
   compileTokenContract,
   compileDirectionContract,
-  compileCapabilityContract,
+  compileToolContract,
   compileComponentContract,
   compileSystemContracts,
   contractIssue,
@@ -82,7 +69,7 @@ export {
   withIssueSeverity,
 } from './contracts.js';
 export type {
-  CompiledCapabilityContract,
+  CompiledToolContract,
   CompiledComponentContract,
   CompiledDirectionContract,
   CompiledSystemContracts,
@@ -91,7 +78,6 @@ export type {
   ContractIssueSeverity,
   ContractIssueSource,
   ContractPromptBlock,
-  CapabilityContractOptions,
   DirectionContractInput,
   GhostGenerationContext,
   GhostGenerationSource,
@@ -100,21 +86,17 @@ export type {
   TokenContractInput,
 } from './contracts.js';
 export {
-  CAPABILITY_BINDING_SPECS,
-  CAPABILITY_TRIGGER_SPECS,
   defaultTriggersForKind,
-  formatCapabilityProtocolContract,
+  formatToolProtocolContract,
   hasCompleteResourceStateKeys,
-} from './capability-contract.js';
+} from './tool-contract.js';
 export type {
   ActionStateKeys,
-  CapabilityBindingSpec,
-  CapabilityKind,
-  CapabilityStateKeys,
-  CapabilityTrigger,
-  CapabilityTriggerSpec,
+  ToolKind,
+  ToolStateKeys,
+  ToolTrigger,
   ResourceStateKeys,
-} from './capability-contract.js';
+} from './tool-contract.js';
 export {
   TOKEN_CONTRACT,
   REQUIRED_TOKENS,
@@ -142,50 +124,36 @@ export type {
   ValidationResult,
 } from './direction-validator.js';
 export {
-  ARTIFACT_COMPILER_VERSION,
-  compileArtifactHtml,
   validateProtocolLine,
-  validateHtmlFragment,
 } from './runtime-validator.js';
 export type {
-  ArtifactCompileResult,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
   ValidationContext,
-  ValidationCapability,
+  ValidationTool,
   ValidationComponent,
 } from './runtime-validator.js';
 export {
-  DEFAULT_SURFACE_CEILING,
   DEFAULT_SURFACE_PLAN,
   SURFACE_AUTHORITY_VALUES,
   SURFACE_DATA_VALUES,
   SURFACE_PERSISTENCE_VALUES,
   SURFACE_PURPOSE_VALUES,
-  SURFACE_RUNTIME_VALUES,
+  SURFACE_NETWORK_VALUES,
   buildSurfacePlanBlock,
-  constrainSurfacePlan,
-  deriveSurfacePlanControls,
   inferSurfacePlan,
-  normalizeSurfaceCeiling,
   normalizeSurfacePlan,
   suggestSurfacePlan,
-  surfacePlanScriptPolicy,
-  surfacePlanWithinCeiling,
 } from './surface-plan.js';
 export type {
-  CapabilitySurface,
+  ToolSurface,
   ComponentSurface,
   SurfaceAuthority,
-  SurfaceCeiling,
   SurfaceData,
   SurfacePersistence,
   SurfacePlan,
-  SurfacePlanControls,
   SurfacePlanInferenceInput,
   SurfacePlanMode,
   SurfacePurpose,
-  SurfaceRuntime,
+  SurfaceNetwork,
 } from './surface-plan.js';
 export {
   compileSurfacePolicy,
@@ -217,6 +185,4 @@ export type {
   ProtocolHardenerOptions,
   ProtocolHardenerResult,
   ProtocolSkipMetaValue,
-  RepairFeedbackMetaValue,
-  ScreenSynthesizedMetaValue,
 } from './protocol-hardener.js';
diff --git a/packages/engine/src/prompt.ts b/packages/engine/src/prompt.ts
index a2633a5..3e5dcef 100644
--- a/packages/engine/src/prompt.ts
+++ b/packages/engine/src/prompt.ts
@@ -12,14 +12,13 @@ import type { DirectionOpts } from './direction-validator.js';
 import {
   type ActionStateKeys,
   defaultTriggersForKind,
-  formatCapabilityProtocolContract,
-  type CapabilityKind,
-  type CapabilityStateKeys,
-  type CapabilityTrigger,
+  type ToolKind,
+  type ToolStateKeys,
+  type ToolTrigger,
   type ResourceStateKeys,
-} from './capability-contract.js';
+} from './tool-contract.js';
 import type { SurfaceContractView } from './surface-contract.js';
-import type { ComponentSurface, CapabilitySurface } from './surface-plan.js';
+import type { ComponentSurface, ToolSurface } from './surface-plan.js';
 
 export interface Exemplar {
   name: string;
@@ -34,7 +33,7 @@ export interface Exemplar {
    *  the behavioral act the host wants the generation to perform
    *  (tap/brief/detailed/canvas), declared by the LLM on a `/posture`
    *  meta-line, enforced by the host. The LLM picks a posture within a shape
-   *  the same way it picks an intent within a capability pack. */
+   *  the same way it picks a tool within a tool pack. */
   kind?: 'atom' | 'shape';
   /** For shape exemplars — the response shape this exemplar represents. The
    *  classifier emits a shape per generation; only the matching exemplar(s)
@@ -64,9 +63,9 @@ export interface DirectionInput {
 }
 
 export interface SummonLayoutSlot {
-  /** Lowercase kebab-case section id, e.g. `next-steps`. */
+  /** Lowercase kebab-case slot id, e.g. `next-steps`. */
   id: string;
-  /** One-sentence instruction describing what belongs in this slot. */
+  /** One-sentence instruction describing what belongs in this region. */
   purpose: string;
 }
 
@@ -78,20 +77,20 @@ export interface SummonLayout {
 }
 
 /**
- * The stable, cacheable prefix. Output format, HTML/CSS rules, token contract.
+ * The stable, cacheable prefix. Output format, Arrow/CSS rules, token contract.
  * No design direction — that lives in the per-direction block below so changing
  * directions doesn't invalidate this cache entry.
  *
  * The token-contract paragraph is generated from `token-contract.ts` so the
  * prompt can never drift from the schema directions are validated against.
  */
-export const SUMMON_FIXED_INSTRUCTIONS = `You generate self-contained web UIs as a stream of JSONL protocol lines for the Summon rendering engine.
+export const SUMMON_FIXED_INSTRUCTIONS = `You generate self-contained Arrow web UIs for the Summon rendering engine.
 
-## Your job — interpret intent, then design the response
+## Your job — interpret the request, then design the response
 
-The user types a request in natural language: "help me plan…", "I want to…", "can you compare…", "explain how…". Your job is to settle on a rich composition that actually helps, then render it.
+The user types a request in natural language: "help me plan...", "I want to...", "can you compare...", "explain how...". Your job is to settle on a rich composition that actually helps, then render it as an Arrow artifact.
 
-Pick the composition that fits the intent. Cards are only one option, not the default. Examples:
+Pick the composition that fits the request. Cards are only one option, not the default. Examples:
 
 - **Plan / itinerary** — staged narrative, timeline, route, calendar, or numbered walkthrough.
 - **Comparison / decision** — table, matrix, split view, scorecard, annotated verdict, or pros/cons only when useful.
@@ -103,48 +102,44 @@ Pick the composition that fits the intent. Cards are only one option, not the de
 
 Before using a card grid, ask what job the boxes are doing. Use cards when the content is truly a set of separate comparable objects, selectable choices, or repeated records with distinct evidence. If most groups would become anonymous rounded boxes, redesign as an article, table, timeline, checklist, matrix, ledger, map, split view, or typographic composition instead.
 
-**Resist the default "big header + cards + footer".** That is one shape among many. Pick what the specific intent actually needs. A research explainer probably wants body copy with headings, not an eyebrow-and-headline box. A tracker wants a dominant signal and supporting structure, not a title over tiles. A recommendation might be one self-contained brief with no header.
+**Resist the default "big header + cards + footer".** That is one shape among many. Pick what the specific tool actually needs. A research explainer probably wants body copy with headings, not an eyebrow-and-headline box. A tracker wants a dominant signal and supporting structure, not a title over tiles. A recommendation might be one self-contained brief with no header.
 
-## Output protocol — JSONL only
+## Output protocol — Arrow JSONL only
 
-Emit ONLY JSON objects, one per line. No markdown fences, no prose, no headings, no commentary. Each line must be valid JSON on a single physical line.
+Emit exactly one JSON object on one physical line. No markdown fences, no prose, no headings, no commentary. The line must be valid JSON.
 
-**Core structural lines:**
+Emit exactly this shape with real source strings:
 
-1. **First structural line** — declare your section structure:
-\`\`\`
-{"op":"set","path":"/screen","value":{"sections":["hero","itinerary","budget"]}}
-\`\`\`
-
-2. **One line per section**, in the declared order:
-\`\`\`
-{"op":"add","path":"/section/hero","html":"..."}
-{"op":"add","path":"/section/itinerary","html":"..."}
-{"op":"add","path":"/section/budget","html":"..."}
-\`\`\`
+{"op":"artifact","path":"/artifact","value":{"runtime":"arrow","source":{"main.ts":"...","main.css":"..."}}}
 
-**Progressive rendering contract**: make the surface visible early. Emit the
-\`set /screen\` line as soon as you know the stable section ids, then emit one
-cheap placeholder \`add /section/<id>\` line for each planned section before
-writing detailed content. Replace those placeholders by emitting another
-\`add /section/<id>\` line with the final HTML for the same stable section id.
-Hosts treat later accepted \`add\` lines for the same section as replacements.
-Do not rename, reorder, or remove section ids once you have emitted them. This
-is how Summon creates json-render-like perceived streaming while still only
-rendering complete, validated JSONL protocol lines.
-
-A host block may require one or more \`meta\` prelude lines before the first structural line, for example to declare a host-owned mode, template, or policy choice. If so, emit those complete \`meta\` JSONL lines first, exactly as the host block specifies. Otherwise, start with the \`set /screen\` line. Meta lines are host-owned annotations; they do not replace \`/screen\` unless a host layout block explicitly says so.
-
-**Section naming**: lowercase, kebab-case, 1–20 chars. Pick names that describe what each section IS, not generic placeholders. Good: \`overview\`, \`timeline\`, \`option-a\`, \`verdict\`, \`tl-dr\`, \`breakdown\`, \`progress\`, \`next-steps\`. Avoid generic \`header\`/\`body\`/\`footer\` unless the intent really does call for that shape.
+Rules:
 
-**Section count**: 1 to 5. Usually 2–4. One is fine when the response is a single focused thing (a recommendation, a toast draft). More than 5 is almost always wrong.
+- The \`value.runtime\` must be \`"arrow"\`.
+- \`source\` must contain exactly one entry file: \`main.ts\` or \`main.js\`.
+- \`main.css\` is optional and should contain all visual styling.
+- The default export from \`main.ts\` must be an Arrow template.
+- Import Arrow primitives from \`@arrow-js/core\`; do not rely on ambient globals. Use only \`html\`, \`reactive\`, \`component\`, \`props\`, \`pick\`, \`onCleanup\`, and \`nextTick\`.
+- Do not use Arrow IDL property bindings such as \`.value=\`, \`.checked=\`, \`.selected=\`, or \`.disabled=\`; this sandbox does not support them. Use normal HTML attributes like \`value=\` and read form input through event snapshots such as \`event.target.value\`.
+- Do not inject standalone expressions inside opening tags to create dynamic attributes. Expressions must be text nodes, child nodes, or quoted attribute values.
+- Bad: \`<button \${() => state.loading ? "disabled" : ""}>Search</button>\`. Good: \`<button class="\${() => state.loading ? "loading" : ""}">\${() => state.loading ? "Searching..." : "Search"}</button>\`.
+- For host actions and resources, import from \`host-bridge:summon\`:
+
+\`\`\`ts
+import { callTool, getState, onState } from "host-bridge:summon"
+\`\`\`
 
-Keep each section's HTML on a single line. Escape double quotes inside the HTML string as \\". Long content is fine — HTML collapses whitespace.
+- Call \`await callTool(toolName, args)\` for granted host tools. The result is \`{ ok, state, error? }\`.
+- Call \`await getState()\` to read the latest host-pushed state.
+- Call \`onState((state) => { ... })\` to keep Arrow \`reactive()\` state synchronized with host pushes. It returns an unsubscribe function.
+- Do not use \`window\`, \`document\`, localStorage, cookies, direct DOM refs, external imports, or native bridges.
+- Use \`fetch()\` only when the Surface plan network is \`restricted-fetch\`; otherwise use host tools.
+- Do not emit \`set /screen\`, \`add /section/*\`, unsupported binding attributes, scripts, host-owned meta lines, HTML fragments, or multiple lines. The only prefixed attributes allowed in Arrow source are \`data-summon-component\`, \`data-summon-component-id\`, and \`data-summon-props\` from the Component islands block.
+- Keep the JSONL line on one physical line. Escape newlines inside source strings as \`\\n\`.
 
-## HTML/CSS rules
+## Arrow/CSS rules
 
-- Plain HTML elements. Inline \`<style>\` blocks and \`style="..."\` attributes are the primary way to style.
-- \`<script>\` tags and event-handler attributes are forbidden. If there is no Capabilities block, the UI is static. If there is a Capabilities block, use declarative \`data-summon-*\` attributes only.
+- Use plain semantic HTML inside Arrow templates.
+- Put visual styling in \`main.css\`; use class names, not generated inline style strings, for major layout.
 - No external URLs. No external images, no external fonts, no external stylesheets. Inline SVG is fine.
 - Use CSS custom properties for every color, space, radius, and type size. Do not hardcode hex colors, rgb(), pixel spacing, or specific font stacks.
 
@@ -164,11 +159,45 @@ The direction block specifies which tokens carry particular meaning for that dir
 
 ## How to think about this generation
 
-Decide your section structure and your styling approach BEFORE you start emitting. Once you've started emitting, commit. Don't re-evaluate selectors, layout primitives, color tokens, or section names mid-generation. If a constraint blocks the obvious approach (e.g. a control needs interactivity but you have no Capabilities block), state the constraint in one short line of copy inside the UI ("Static preview — pick functionality requires interactive mode") and use the simplest static alternative. Do not invent CSS-only state machines, \`:has()\` selector tricks, sibling-checked toggles, or \`<details>\` chains to simulate interactivity that the rules forbid. A static answer that names its limitation is better than an elaborate workaround.
+Decide your section structure and your styling approach BEFORE you start emitting. Once you've started emitting, commit. Don't re-evaluate selectors, layout primitives, color tokens, or section names mid-generation. If a constraint blocks the obvious approach (e.g. a control needs interactivity but you have no Tools block), state the constraint in one short line of copy inside the UI ("Static preview — pick functionality requires interactive mode") and use the simplest static alternative. Do not invent CSS-only state machines, \`:has()\` selector tricks, sibling-checked toggles, or \`<details>\` chains to simulate interactivity that the rules forbid. A static answer that names its limitation is better than an elaborate workaround.
 
 Pick one structural approach and ship it. Reconsidering mid-stream is the wrong move — the user sees a half-rendered UI and a frozen status.
 
-Begin. Emit any host-required \`meta\` prelude lines first. Then emit the \`set /screen\` structural line unless a host layout block says not to, followed by one \`add\` line per section.`;
+Begin. Emit exactly one Arrow artifact JSONL line.`;
+
+export const SUMMON_ARROW_ARTIFACT_INSTRUCTIONS = `## Arrow sandbox artifact output
+
+This block is the output contract for Summon Arrow runtimes.
+
+Your entire response must be exactly one JSONL line. Do not wrap it in Markdown. Do not add prose before or after it. Do not emit code fences. Do not emit \`set /screen\`, \`add /section/*\`, or any other line.
+
+Emit exactly this shape with real source strings:
+
+{"op":"artifact","path":"/artifact","value":{"runtime":"arrow","source":{"main.ts":"...","main.css":"..."}}}
+
+Rules:
+
+- The \`value.runtime\` must be \`"arrow"\`.
+- \`source\` must contain exactly one entry file: \`main.ts\` or \`main.js\`.
+- \`main.css\` is optional and should contain all visual styling.
+- The default export from \`main.ts\` must be an Arrow template.
+- Import Arrow primitives from \`@arrow-js/core\`; do not rely on ambient globals. Use only \`html\`, \`reactive\`, \`component\`, \`props\`, \`pick\`, \`onCleanup\`, and \`nextTick\`.
+- Do not use Arrow IDL property bindings such as \`.value=\`, \`.checked=\`, \`.selected=\`, or \`.disabled=\`; this sandbox does not support them. Use normal HTML attributes like \`value=\` and read form input through event snapshots such as \`event.target.value\`.
+- Do not inject standalone expressions inside opening tags to create dynamic attributes. Expressions must be text nodes, child nodes, or quoted attribute values.
+- Bad: \`<button \${() => state.loading ? "disabled" : ""}>Search</button>\`. Good: \`<button class="\${() => state.loading ? "loading" : ""}">\${() => state.loading ? "Searching..." : "Search"}</button>\`.
+- For host actions and resources, import from \`host-bridge:summon\`:
+
+\`\`\`ts
+import { callTool, getState, onState } from "host-bridge:summon"
+\`\`\`
+
+- Call \`await callTool(toolName, args)\` for granted host tools. The result is \`{ ok, state, error? }\`.
+- Call \`await getState()\` to read the latest host-pushed state.
+- Call \`onState((state) => { ... })\` to keep Arrow \`reactive()\` state synchronized with host pushes. It returns an unsubscribe function.
+- Do not use \`window\`, \`document\`, localStorage, cookies, direct DOM refs, external imports, or native bridges.
+- Use \`fetch()\` only when the Surface plan network is \`restricted-fetch\`; otherwise use host tools.
+- Do not emit \`set /screen\`, \`add /section/*\`, unsupported binding attributes, scripts, or host-owned meta lines. The only prefixed attributes allowed in Arrow source are \`data-summon-component\`, \`data-summon-component-id\`, and \`data-summon-props\` from the Component islands block.
+- Keep every JSONL line on one physical line. Escape newlines inside source strings as \`\\n\`.`;
 
 /**
  * Compose the direction-specific block that follows the fixed instructions:
@@ -207,7 +236,7 @@ export function buildDirectionBlock(input: DirectionInput): string {
       );
     } else if (input.shape && shapeExemplars.length === 1 && shapeExemplars[0]!.shape === input.shape) {
       parts.push(
-        `The user's intent reads as a **${input.shape}** response. Use this composition as a visual starting point — replace the content (titles, copy, numbers, bullet text) with the user's data, and preserve the relevant visual moves: borders, typography rhythm, spacing between groups, and emphasis patterns. Host-supplied contracts, layouts, allowed intents, and surface constraints override exemplar structure. The point is to land on this design language fast, not to reinvent it.`
+        `The user's request reads as a **${input.shape}** response. Use this composition as a visual starting point — replace the content (titles, copy, numbers, bullet text) with the user's data, and preserve the relevant visual moves: borders, typography rhythm, spacing between groups, and emphasis patterns. Host-supplied contracts, layouts, allowed tools, and surface constraints override exemplar structure. The point is to land on this design language fast, not to reinvent it.`
       );
     } else {
       parts.push(
@@ -223,34 +252,26 @@ export function buildDirectionBlock(input: DirectionInput): string {
 }
 
 /**
- * Host layout — an optional per-generation slot contract. The host owns the
- * section order; the LLM owns the HTML content inside each slot.
+ * Host layout — an optional per-generation slot contract. The model owns the
+ * Arrow composition while honoring the host's semantic regions.
  */
 export function buildLayoutBlock(layout: SummonLayout): string {
-  const sections = layout.slots.map((slot) => slot.id);
   const slotLines = layout.slots
     .map((slot) => `- \`${slot.id}\` — ${slot.purpose}`)
     .join('\n');
 
-  return `## Host layout — this generation
-
-The host has supplied a strict layout contract named **${layout.id}**. This contract overrides the generic instruction to invent your own section structure.
+return `## Host layout — this generation
 
-The host has already declared this section order:
-
-\`\`\`json
-{"op":"set","path":"/screen","value":{"sections":${JSON.stringify(sections)}}}
-\`\`\`
-
-Do NOT emit a \`set /screen\` line. Emit only \`add\` lines for these slots, in this order:
+The host has supplied a strict layout contract named **${layout.id}**. Build your Arrow artifact so its visible composition has these semantic regions, in this order:
 
 ${slotLines}
 
 Rules:
 
 - Use each slot for its purpose.
-- Do not invent extra sections, page chrome, wrapper sections, or alternate slot names.
-- Keep styling local inside each section's HTML. The host layout controls order; the direction controls visual language.`;
+- Do not invent page chrome or alternate slot names that obscure the layout.
+- Do not emit \`set /screen\` or \`add /section/*\`; the output is still exactly one Arrow \`/artifact\` JSONL line.
+- The host layout controls semantic order; the direction controls visual language.`;
 }
 
 /**
@@ -350,7 +371,7 @@ export function buildSurfaceContractBlock(contract: SurfaceContractView): string
 
   return `## Surface contract — host-owned boundaries
 
-This is a compact, read-only view of the host-selected \`SurfacePolicy\`. It tells you what this generated surface can do. It is not a JSON UI schema: you still generate rich freeform HTML/CSS inside these typed boundaries.
+This is a compact, read-only view of the host-selected \`SurfacePolicy\`. It tells you what this generated surface can do. It is not a JSON UI schema: you still generate a rich Arrow source artifact inside these typed boundaries.
 
 Do not emit \`/surface-contract\`, \`/surface-policy\`, or \`/surface-plan\` meta lines. The host owns those lines and enforcement still lives in the runtime validators, PolicyEngine, sandbox grants, and component prop validation.
 
@@ -358,7 +379,7 @@ Do not emit \`/surface-contract\`, \`/surface-policy\`, or \`/surface-plan\` met
 
 - Policy: tier=\`${surface.policy.tier}\`, purpose=\`${surface.policy.purpose}\`, persistence=\`${surface.policy.persistence}\`
 - Plan: purpose=\`${surface.plan.purpose}\`, runtime=\`${surface.plan.runtime}\`, data=\`${surface.plan.data}\`, authority=\`${surface.plan.authority}\`, persistence=\`${surface.plan.persistence}\`
-- Mode: \`${surface.mode}\`; scripts \`${surface.scriptPolicy}\`
+- Mode: \`${surface.mode}\`
 
 ### Tools
 
@@ -405,30 +426,30 @@ function buildDirectionAddendum(
 }
 
 /**
- * Capabilities — what intents the generated UI can emit. Injected as a third
+ * Tools — what tools the generated UI can emit. Injected as a third
  * cacheable system block when the host requests interactive mode. Static mode
  * omits this block entirely; the fixed instructions already forbid scripts.
  *
- * The engine is intent-agnostic. Consumers (demo apps, host applications)
- * define their own capability packs — intents they support and example
+ * The engine is tool-agnostic. Consumers (demo apps, host applications)
+ * define their own tool packs — tools they support and example
  * patterns showing how to wire each one. A pack is passed in per generation.
  */
-export interface IntentSpec {
+export interface ToolSpec {
   name: string;
   description: string;
   argsSchema: string;
   stateShape: string;
-  kind?: CapabilityKind;
-  triggers?: CapabilityTrigger[];
-  stateKeys?: CapabilityStateKeys;
+  kind?: ToolKind;
+  triggers?: ToolTrigger[];
+  stateKeys?: ToolStateKeys;
   actionStateKeys?: ActionStateKeys;
-  surface?: CapabilitySurface;
+  surface?: ToolSurface;
   resultSchema?: string;
   defaultDataShape?: string;
   defaultData?: unknown;
 }
 
-export interface DataResourceSpec extends IntentSpec {
+export interface DataResourceSpec extends ToolSpec {
   kind: 'resource';
   stateKeys: ResourceStateKeys;
   resultSchema?: string;
@@ -436,25 +457,23 @@ export interface DataResourceSpec extends IntentSpec {
   defaultData?: unknown;
 }
 
-export interface CapabilityPattern {
+export interface ToolPattern {
   /** Short title shown above the code snippet in the prompt. */
   name: string;
   /** HTML code block the LLM sees as an example. Script examples are filtered. */
   code: string;
-  /** Optional owner intent. SurfacePolicy narrowing uses this to keep examples
+  /** Optional owner tool. SurfacePolicy narrowing uses this to keep examples
    * aligned with the grants selected for a generation. */
-  intent?: string;
+  tool?: string;
 }
 
-export interface CapabilityPack {
-  intents: IntentSpec[];
+export interface ToolPack {
+  tools: ToolSpec[];
   /** Example patterns shown under "### Patterns". Optional — without them the
-   *  LLM gets only the intent list and the interactivity rules. */
-  patterns?: CapabilityPattern[];
+   *  LLM gets only the tool list and the interactivity rules. */
+  patterns?: ToolPattern[];
 }
 
-export type ScriptPolicy = 'allow' | 'forbid';
-
 export interface ComponentExample {
   /** Short label for the component example. */
   name: string;
@@ -484,136 +503,194 @@ export interface ComponentPack {
   components: ComponentSpec[];
 }
 
-export interface CapabilitiesBlockOptions {
-  scriptPolicy?: ScriptPolicy;
-}
-
-export function buildCapabilitiesBlock(
-  pack: CapabilityPack,
-  _options: CapabilitiesBlockOptions = {},
+export function buildToolsBlock(
+  pack: ToolPack,
 ): string {
-  if (pack.intents.length === 0) return '';
+  if (pack.tools.length === 0) return '';
 
-  const actions = pack.intents.filter((intent) => (intent.kind ?? 'action') === 'action');
-  const resources = pack.intents.filter((intent) => intent.kind === 'resource');
+  const actions = pack.tools.filter((tool) => (tool.kind ?? 'action') === 'action');
+  const resources = pack.tools.filter((tool) => tool.kind === 'resource');
 
-  const formatIntent = (i: IntentSpec) => {
-    const triggers = normalizeTriggers(i).join(', ');
-    const stateKeys = i.stateKeys
-      ? `\n  State keys: ${formatStateKeys(i.stateKeys)}`
+  const formatTool = (tool: ToolSpec) => {
+    const triggers = normalizeTriggers(tool).join(', ');
+    const stateKeys = tool.stateKeys
+      ? `\n  State keys: ${formatStateKeys(tool.stateKeys)}`
       : '';
-    const actionStateKeys = i.actionStateKeys
-      ? `\n  Action state: ${formatActionStateKeys(i.actionStateKeys)}`
+    const actionStateKeys = tool.actionStateKeys
+      ? `\n  Action state: ${formatActionStateKeys(tool.actionStateKeys)}`
       : '';
-    const surface = i.surface ? `\n  Surface: ${formatSurface(i.surface)}` : '';
-    return `- \`${i.name}(${i.argsSchema})\` — ${i.description}\n  Triggers: ${triggers}\n  State update: \`${i.stateShape}\`${stateKeys}${actionStateKeys}${surface}`;
+    const surface = tool.surface ? `\n  Surface: ${formatSurface(tool.surface)}` : '';
+    return `- \`${tool.name}(${tool.argsSchema})\` — ${tool.description}\n  Triggers: ${triggers}\n  State update: \`${tool.stateShape}\`${stateKeys}${actionStateKeys}${surface}`;
   };
 
   const actionsList = actions
-    .map(formatIntent)
+    .map(formatTool)
     .join('\n\n');
   const resourcesList = resources
     .map(
-      (i) => {
-        const resultSchema = i.resultSchema ? `\n  Result schema: \`${i.resultSchema}\`` : '';
-        const defaultData = i.defaultDataShape
-          ? `\n  Default data: \`${i.defaultDataShape}\``
+      (tool) => {
+        const resultSchema = tool.resultSchema ? `\n  Result schema: \`${tool.resultSchema}\`` : '';
+        const defaultData = tool.defaultDataShape
+          ? `\n  Default data: \`${tool.defaultDataShape}\``
           : '\n  Default data: `null`';
-        return `${formatIntent(i)}${resultSchema}${defaultData}\n  Data resource lifecycle: initial/loading/error/invalid states keep data at the default value (or null), and successful host fetches write validated data.`;
+        return `${formatTool(tool)}${resultSchema}${defaultData}\n  Data resource lifecycle: initial/loading/error/invalid states keep data at the default value (or null), and successful host fetches write validated data.`;
       }
     )
     .join('\n\n');
 
-  const capabilitySections = [
+  const toolSections = [
     resourcesList ? `### Available data resources\n\n${resourcesList}` : '',
     actionsList ? `### Available actions\n\n${actionsList}` : '',
   ].filter(Boolean).join('\n\n');
 
   const promptPatterns = (pack.patterns ?? []).filter(
-    (pattern) => !/<\s*script\b/i.test(pattern.code),
+    (pattern) =>
+      !/<\s*script\b/i.test(pattern.code) &&
+      !/\bdata-summon-(?!(?:component|component-id|props)\b)[a-z0-9-]+/i.test(pattern.code),
   );
   const patternsBlock =
     promptPatterns.length > 0
       ? `\n\n### Patterns\n\n${promptPatterns
-          .map((p) => `**${p.name}:**\n\`\`\`html\n${p.code.trim()}\n\`\`\``)
+          .map((p) => `**${p.name}:**\n\`\`\`ts\n${p.code.trim()}\n\`\`\``)
           .join('\n\n')}`
       : '';
-  const scriptPolicyBlock = `### Script policy — declarative only
+  const hostBridgeBlock = `### Host tool bridge
 
-This host has NOT granted custom artifact scripts. Do not emit \`<script>\` tags. Do not rely on \`sandbox.emit\`, \`sandbox.onState\`, custom event listeners, timers, computed DOM mutations, or local script state.
+Generated custom scripts are not supported. Do not emit \`<script>\` tags. All behavior lives in the Arrow entry module you return as \`main.ts\` or \`main.js\`.
 
-All interactivity for this generation must use declarative \`data-summon-*\` attributes. Use \`data-summon-local\`, \`data-summon-set\`, \`data-summon-toggle\`, \`data-summon-show\`, \`data-summon-hide\`, \`data-summon-class-*\`, \`data-summon-motion\`, and \`data-summon-transition\` for tabs, disclosures, selection, staged reveal, local visual state, and simple motion. If the requested behavior cannot be expressed with those attributes and the granted capabilities, leave that control out or state the limitation in the UI.`;
+Use Arrow \`reactive()\` state for local UI state, Arrow event handlers for clicks/submits/input, and the \`host-bridge:summon\` virtual module for host state and tools. Do not use \`window.sandbox\`, direct DOM listeners, timers, storage, or native bridges. If a requested behavior cannot be expressed with Arrow plus the granted tools, leave that control out or state the limitation in the UI.`;
 
-  const actionWiring = 'via `data-summon-on-click`, `data-summon-on-submit`, or `data-summon-resource-trigger`';
-  const intentNames = new Set(pack.intents.map((intent) => intent.name));
+  const actionWiring = 'by calling `await callTool("<tool>", args)` from an Arrow event handler';
+  const toolNames = new Set(pack.tools.map((tool) => tool.name));
   const examples: string[] = [];
-  if (intentNames.has('counter')) {
-    examples.push(`<!-- Counter: click + bind -->
-<button data-summon-on-click="counter" data-summon-args='{"delta":1}'>+</button>
-<button data-summon-on-click="counter" data-summon-args='{"delta":-1}'>−</button>
-<output data-summon-bind="count">0</output>`);
+  if (toolNames.has('counter')) {
+    examples.push(`// Counter: Arrow event handlers + host state sync
+import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ count: 0 });
+onState((hostState) => {
+  state.count = Number(hostState.count ?? state.count ?? 0);
+});
+
+async function change(delta: number) {
+  const result = await callTool("counter", { delta });
+  if (result.ok) state.count = Number(result.state.count ?? state.count);
+}
+
+export default html\`
+  <button @click="\${() => change(-1)}" aria-label="Decrease">-</button>
+  <output>\${() => state.count}</output>
+  <button @click="\${() => change(1)}" aria-label="Increase">+</button>
+\`;`);
   }
-  if (intentNames.has('submit')) {
-    examples.push(`<!-- Form: submit + show success/error -->
-<form data-summon-on-submit="submit">
-  <input name="title" placeholder="Title">
-  <input name="notes" placeholder="Notes">
-  <button>Save</button>
-</form>
-<p data-summon-show="submitted">Saved.</p>
-<p data-summon-show="submitError" data-summon-bind="submitError"></p>`);
+  if (toolNames.has('submit')) {
+    examples.push(`// Form: collect an event snapshot, callTool the host, render host-owned state
+import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ submitted: false, submitError: "" });
+onState((hostState) => {
+  state.submitted = Boolean(hostState.submitted);
+  state.submitError = String(hostState.submitError ?? "");
+});
+
+async function save(event: SubmitEvent) {
+  event.preventDefault();
+  const form = event.currentTarget as HTMLFormElement;
+  const fields = Object.fromEntries(new FormData(form).entries());
+  const result = await callTool("submit", fields);
+  state.submitted = Boolean(result.state.submitted);
+  state.submitError = String(result.state.submitError ?? result.error ?? "");
+}
+
+export default html\`
+  <form @submit="\${save}">
+    <input name="title" placeholder="Title">
+    <input name="notes" placeholder="Notes">
+    <button>Save</button>
+  </form>
+  <p>\${() => state.submitted ? "Saved." : ""}</p>
+  <p>\${() => state.submitError}</p>
+\`;`);
   }
-  if (intentNames.has('log')) {
-    examples.push(`<!-- List of items: foreach + scoped bind + click-with-item -->
-<ul data-summon-foreach="results" data-summon-as="r">
-  <template>
-    <li data-summon-on-click="log" data-summon-args='{"payload":{"picked":"$r"}}'>
-      <strong data-summon-bind="$r.title"></strong>
-      <span data-summon-bind="$r.snippet"></span>
-    </li>
-  </template>
-</ul>`);
+  if (toolNames.has('log')) {
+    examples.push(`// Result row: pass the selected item through an Arrow handler
+import { html, reactive } from "@arrow-js/core";
+import { callTool, onState } from "host-bridge:summon";
+
+const state = reactive({ results: [] as Array<{ title: string; snippet: string }> });
+onState((hostState) => {
+  state.results = Array.isArray(hostState.results) ? hostState.results : [];
+});
+
+async function pick(result: { title: string; snippet: string }) {
+  await callTool("log", { payload: { picked: result } });
+}
+
+export default html\`
+  <ul>
+    \${() => state.results.map((result) => html\`
+      <li @click="\${() => pick(result)}">
+        <strong>\${result.title}</strong>
+        <span>\${result.snippet}</span>
+      </li>
+    \`)}
+  </ul>
+\`;`);
   }
   const examplesBlock = examples.length > 0
-    ? `\n\n**Examples:**\n\n\`\`\`html\n${examples.join('\n\n')}\n\`\`\``
+    ? `\n\n**Examples:**\n\n\`\`\`ts\n${examples.join('\n\n')}\n\`\`\``
     : '';
 
-  return `## Capabilities — this generation is INTERACTIVE
+  return `## Tools — this generation is INTERACTIVE
+
+**Arrow-native interactivity.** Generated surfaces run as Arrow artifacts. Use Arrow \`reactive()\` for state, Arrow event handlers for user input, and \`host-bridge:summon\` for host tools and host-pushed state.
+
+Do NOT build CSS-only state machines using \`:has()\`, \`:checked\` sibling selectors, \`<details>\` chained to other elements, or \`:target\` URL hash tricks for state. Use Arrow state and handlers instead.
 
-**Declarative-only interactivity.** The sandbox runtime binds a small set of \`data-summon-*\` attributes to host state, local ephemeral state, motion recipes, and intents. Custom artifact scripts are not granted for this generation.
+### Host bridge
 
-Do NOT build CSS-only state machines using \`:has()\`, \`:checked\` sibling selectors, \`<details>\` chained to other elements, or \`:target\` URL hash tricks for state. Those patterns are clever but fragile; the declarative attributes below are shorter and more reliable.
+Import the bridge in your Arrow entry file:
 
-### Available capabilities
+\`\`\`ts
+import { callTool, getState, onState } from "host-bridge:summon";
+\`\`\`
+
+- \`await callTool(toolName, args)\` calls a granted host tool and resolves to \`{ ok, state, error? }\`.
+- \`await getState()\` reads the latest host-owned state snapshot.
+- \`onState((state) => { ... })\` subscribes to host \`pushState()\` updates and returns an unsubscribe function.
+- Copy host-owned keys into your Arrow \`reactive()\` object from \`getState()\`, \`onState()\`, and successful \`callTool()\` results.
+
+### Available tools
 
-${capabilitySections}
+${toolSections}
 
-${formatCapabilityProtocolContract()}
 ${examplesBlock}
 
-${scriptPolicyBlock}
+${hostBridgeBlock}
 
 ### The interactivity contract — READ THIS
 
-**Every clickable, tappable, or focusable element in your generated UI MUST be wired to one of the declared intents — ${actionWiring}. If you cannot wire an element, do not show it.**
+**Every clickable, tappable, or focusable element in your generated UI MUST be wired to one of the declared tools — ${actionWiring}. If you cannot wire an element, do not show it.**
 
-- No button unless you've decided which intent it fires.
+- No button unless you've decided which tool it fires.
 - No clickable result tiles, rows, or cards unless clicking them emits something.
-- No pagination, no sorting, no filtering controls unless you've decided which intent they fire.
+- No pagination, no sorting, no filtering controls unless you've decided which tool they fire.
 
 Dead buttons are worse than no buttons. When in doubt, leave it out.
 
-Only the intents listed above exist. Any concept that isn't in the intent list does not exist — don't add controls that imply capabilities you don't have. When in doubt, route the user-visible action through the closest matching intent or drop the control.
+Only the tools listed above exist. Any concept that isn't in the tool list does not exist — don't add controls that imply tools you don't have. When in doubt, route the user-visible action through the closest matching tool or drop the control.
 
-Data resources expose host-owned loading/data/error state and may expose \`$alias.empty\` when the host declares an empty-state key. Use \`mount\` only for initial read-oriented loads granted by the resource; use \`submit\` for forms and \`click\` only when the resource grants a click trigger. Bind \`$alias.loading\` for busy UI, \`$alias.error\` for host errors, \`$alias.data\` for validated result data, and \`$alias.empty\` only for real no-results copy after a successful host result.
+Data resources expose host-owned loading/data/error state keys and may expose an empty-state key. Use \`mount\` only for initial read-oriented loads granted by the resource; use \`submit\` for forms and \`click\` only when the resource grants a click trigger. Mirror the listed loading key for busy UI, error key for host errors, data key for validated result data, and empty key only for real no-results copy after a successful host result.
 
-Default data is real host state. A data resource starts at \`{loading:false, data:defaultData ?? null, error:null, empty:false when declared}\`, and loading/error/invalid-result states keep the data value at \`defaultData ?? null\` with \`empty:false\`. Never hallucinate fetched rows, profiles, images, or counts before a successful data resource result. Wrap result UI in \`data-summon-show="$alias.data"\`; for arrays, put \`data-summon-foreach="$alias.data"\` on the result list so no rows render until the host data exists. Render "no results" from \`$alias.empty\`, not from missing or pre-load data.
+Default data is real host state. A data resource starts at \`{loading:false, data:defaultData ?? null, error:null, empty:false when declared}\`, and loading/error/invalid-result states keep the data value at \`defaultData ?? null\` with \`empty:false\`. Never hallucinate fetched rows, profiles, images, or counts before a successful data resource result. Render array rows from the host data key only after it exists. Render "no results" from the declared empty key, not from missing or pre-load data.
 
 Controlled actions expose host-owned pending/done/error keys when listed under Action state. Use \`pending\` to disable or mark the triggering control busy, show \`error\` as host failure text, and show \`done\` only for useful success confirmation. Do not fake completed, approved, or failed states in local markup.
 
 ### Initial state
 
-Action-owned state starts empty unless the host declares controlled action state, in which case pending/done/error start false/false/null. Data-resource lifecycle keys start from the default state described above. Render defensively: show an empty-state message only from declared empty state or a form before data exists, never placeholder fetched data. \`data-summon-show\` reads as falsy for missing keys, so wrapping action result UI in \`data-summon-show="<resultKey>"\` is a clean empty-state default.${patternsBlock}`;
+Action-owned state starts empty unless the host declares controlled action state, in which case pending/done/error start false/false/null. Data-resource lifecycle keys start from the default state described above. Render defensively: show an empty-state message only from declared empty state or a form before data exists, never placeholder fetched data.${patternsBlock}`;
 }
 
 export function buildComponentsBlock(pack: ComponentPack | null | undefined): string {
@@ -647,7 +724,7 @@ export function buildComponentsBlock(pack: ComponentPack | null | undefined): st
 
   return `## Component islands — host-rendered UI available
 
-The host has registered trusted UI components that can render above the sandbox as overlay islands. Use them only when they materially improve fidelity, such as charts, metrics, calendars, maps, data-dense controls, or product-native widgets. The freeform HTML/CSS you generate is still the composition layer around them.
+The host has registered trusted UI components that can render above the sandbox as overlay islands. Use them only when they materially improve fidelity, such as charts, metrics, calendars, maps, data-dense controls, or product-native widgets. The Arrow artifact you generate is still the composition layer around them.
 
 Component islands are placeholders inside your HTML. The host validates the component name and props, measures the placeholder, and renders the real component outside the sandbox. The sandbox cannot read or mutate the host-rendered component DOM.
 
@@ -675,18 +752,18 @@ Rules:
 - \`data-summon-props\` must be one valid JSON object matching the component's props schema.
 - Give the placeholder explicit visual space with CSS, usually \`height\`, \`min-height\`, or a grid track.
 - Do not nest component placeholders.
-- Do not use a component island for something ordinary HTML/CSS can express well.
-- Component islands do not grant new host actions. If the component needs durable host behavior, it must route through an already-granted intent or host-owned component code.
+- Do not use a component island for something your Arrow template and CSS can express well.
+- Component islands do not grant new host actions. If the component needs durable host behavior, it must route through an already-granted tool or host-owned component code.
 
-Props may include scoped values such as \`"$row.title"\` or \`"$resource.data"\` when the placeholder lives inside a foreach/resource scope; the sandbox resolves those before asking the host to render.${examplesBlock}`;
+If props depend on Arrow state, compute the JSON from Arrow with a quoted attribute expression such as \`data-summon-props="\${() => JSON.stringify({ value: state.revenue })}"\` and keep \`data-summon-component-id\` stable across renders.${examplesBlock}`;
 }
 
-function normalizeTriggers(intent: IntentSpec): CapabilityTrigger[] {
-  if (intent.triggers?.length) return intent.triggers;
-  return defaultTriggersForKind(intent.kind ?? 'action');
+function normalizeTriggers(tool: ToolSpec): ToolTrigger[] {
+  if (tool.triggers?.length) return tool.triggers;
+  return defaultTriggersForKind(tool.kind ?? 'action');
 }
 
-function formatStateKeys(keys: CapabilityStateKeys): string {
+function formatStateKeys(keys: ToolStateKeys): string {
   const parts: string[] = [];
   if (keys.loading) parts.push(`loading=${keys.loading}`);
   if (keys.data) parts.push(`data=${keys.data}`);
@@ -699,7 +776,7 @@ function formatActionStateKeys(keys: ActionStateKeys): string {
   return `pending=${keys.pending}, done=${keys.done}, error=${keys.error}`;
 }
 
-function formatSurface(surface: CapabilitySurface): string {
+function formatSurface(surface: ToolSurface): string {
   const parts: string[] = [];
   if (surface.data) parts.push(`data=${surface.data}`);
   if (surface.authority) parts.push(`authority=${surface.authority}`);
@@ -712,101 +789,3 @@ function formatComponentSurface(surface: ComponentSurface): string {
   if (surface.authority) parts.push(`authority=${surface.authority}`);
   return parts.length ? parts.join(', ') : 'embedded/none';
 }
-
-/**
- * Posture — the behavioral act the host wants this generation to perform.
- *
- * Postures are host-defined (not summon-defined): a consumer registers the
- * vocabulary appropriate to its surface (e.g. `tap` / `brief` / `detailed` /
- * `form` / `canvas` for a protector console). The LLM declares its chosen
- * posture on a `/posture` meta-line emitted before the `/screen` line. The
- * host enforces the contract — word counts, section counts, action counts,
- * regulated-capability gating — outside the engine.
- *
- * Posture is orthogonal to {@link Exemplar.shape}: shape describes the
- * visual template (article/card/comparison/tracker, classifier-driven);
- * posture describes the act (tap/brief/detailed, LLM-picked). One generation
- * has both.
- */
-export interface PostureContract {
-  /** Short name. Lowercase, kebab-case if multi-word. */
-  name: string;
-  /** One-sentence prose describing when the posture is appropriate.
-   *  Goes verbatim into the system prompt; write it like a stage direction
-   *  for the LLM, not API docs. */
-  description: string;
-  /** Hard cap on `/screen.sections.length`. Overrides the global "1 to 5"
-   *  guidance from `SUMMON_FIXED_INSTRUCTIONS` when the posture is active. */
-  maxSections?: number;
-  /** Hard cap on visible word count across the rendered artifact. Counted
-   *  by the host's stance policy (whitespace-tokenized, after strip-tags). */
-  maxWords?: number;
-  /** Hard cap on the number of clickable / submittable controls in the
-   *  artifact (i.e. elements wired to a granted intent). */
-  maxActions?: number;
-  /** Modality the artifact is composed for. `voice` implies an audio
-   *  affordance and is currently unsupported by the default sandbox CSP —
-   *  consumers wanting voice must relax `media-src` and ship audio control
-   *  intents themselves. */
-  modality?: 'text' | 'voice' | 'hybrid';
-  /** Whether this posture may carry capabilities flagged as regulated
-   *  (i.e. with `requiredDisclosures`). A `tap` typically can't — the
-   *  surface is too small for inherited disclosures — so the posture must
-   *  escalate. Enforcement lives in the host's stance policy. */
-  allowsRegulated?: boolean;
-}
-
-export interface PostureRegistry {
-  postures: PostureContract[];
-}
-
-/**
- * Build the postures system block. Drop into the system message as a
- * cacheable text block alongside `buildCapabilitiesBlock` — per-consumer
- * (registry-keyed), stable across requests with the same registry.
- *
- * Returns an empty string for an empty registry; callers can splice the
- * result unconditionally.
- */
-export function buildPosturesBlock(registry: PostureRegistry): string {
-  if (registry.postures.length === 0) return '';
-
-  const postureLines = registry.postures
-    .map((p) => {
-      const constraints: string[] = [];
-      if (p.maxSections !== undefined) constraints.push(`maxSections: ${p.maxSections}`);
-      if (p.maxWords !== undefined) constraints.push(`maxWords: ${p.maxWords}`);
-      if (p.maxActions !== undefined) constraints.push(`maxActions: ${p.maxActions}`);
-      if (p.modality !== undefined) constraints.push(`modality: ${p.modality}`);
-      if (p.allowsRegulated !== undefined)
-        constraints.push(`allowsRegulated: ${p.allowsRegulated}`);
-      const constraintLine = constraints.length > 0 ? ` _(${constraints.join(', ')})_` : '';
-      return `- **\`${p.name}\`** — ${p.description}${constraintLine}`;
-    })
-    .join('\n');
-
-  return `## Postures — declare yours first
-
-This generation runs in a host that defines a vocabulary of *postures*. A posture is the **act** the system is performing right now — a tap is not a brief is not a canvas. Pick the posture that fits the situation; staying inside its contract is mandatory.
-
-**Emit your posture as a required host meta prelude before the first structural \`/screen\` line:**
-
-\`\`\`
-{"op":"meta","path":"/posture","value":"<posture-name>"}
-\`\`\`
-
-Then emit the \`/screen\` line, then sections.
-
-**Per-posture \`maxSections\` supersedes the default "1 to 5" range** stated above. Do not exceed a posture's \`maxSections\` to "fit more in" — picking a wider posture (or violating the contract) is itself the failure. Wrong posture is the violation, not "too small."
-
-**Available postures:**
-
-${postureLines}
-
-Pick by situation, not by capability mix. A focused interruption is a tap even if you also have lending available; a planning conversation is a canvas even if a single proposal would technically work. The posture is the act; the capabilities are tools. Don't let the toolset pick the act.`;
-}
-
-/**
- * Legacy export — retained for any callers that haven't been migrated.
- */
-export const SUMMON_SYSTEM_PROMPT = SUMMON_FIXED_INSTRUCTIONS;
diff --git a/packages/engine/src/protocol-hardener.ts b/packages/engine/src/protocol-hardener.ts
index ced4368..5689702 100644
--- a/packages/engine/src/protocol-hardener.ts
+++ b/packages/engine/src/protocol-hardener.ts
@@ -1,23 +1,14 @@
 import {
-  blockTargetFromPath,
-  htmlNodeTargetFromPath,
   parseProtocolLineStrict,
-  sectionIdFromSectionPath,
-  type AddLine,
   type MetaLine,
   type ProtocolLine,
-  type SetLine,
 } from './protocol.js';
-import type { SummonLayout } from './prompt.js';
 import {
   contractIssue,
-  hintsForContractIssue,
-  withIssueSeverity,
   type ContractIssue,
 } from './contracts.js';
 import {
   validateProtocolLine,
-  compileArtifactHtml,
   type ValidationContext,
 } from './runtime-validator.js';
 import { normalizeValidationLimits } from './validation-limits.js';
@@ -31,28 +22,11 @@ export interface ProtocolSkipMetaValue {
   rawPreview?: string;
 }
 
-export interface ScreenSynthesizedMetaValue {
-  sections: string[];
-  reason: 'add-before-screen';
-}
-
-export interface RepairFeedbackMetaValue {
-  schemaId: 'summon.repair-feedback.v2';
-  status: 'blocked' | 'skipped' | 'failed' | 'repaired';
-  target?: string;
-  issues: ContractIssue[];
-  retryable: boolean;
-  hints: string[];
-  attempt?: number;
-  rawPreview?: string;
-}
-
 export interface ProtocolHardenerResult {
   outboundLines: ProtocolLine[];
   acceptedLines: ProtocolLine[];
   issues: ContractIssue[];
   blocked?: ContractIssue;
-  repairFeedback?: RepairFeedbackMetaValue[];
   rejectedLine?: ProtocolLine;
 }
 
@@ -62,399 +36,11 @@ export interface ProtocolHardener {
 
 export interface ProtocolHardenerOptions {
   validationContext: ValidationContext;
-  layout?: SummonLayout | null;
-  maxSyntheticSections?: number;
-  initialScreenSections?: string[];
-  allowedSectionIds?: Iterable<string>;
 }
 
-const DEFAULT_MAX_SYNTHETIC_SECTIONS = 5;
-const SECTION_PREFIX = '/section/';
 const RAW_PREVIEW_LIMIT = 240;
 
-const STRUCTURAL_SKIP_CODES = new Set([
-  'invalid-meta-path',
-  'invalid-set-path',
-  'invalid-screen-value',
-  'invalid-section-count',
-  'invalid-section-id',
-  'duplicate-section-id',
-  'invalid-add-path',
-  'invalid-section-path',
-  'invalid-section-html',
-  'invalid-block-value',
-  'invalid-block-count',
-  'invalid-block-id',
-  'duplicate-block-id',
-  'invalid-block-path',
-  'experimental-node-fragment-disabled',
-  'invalid-node-path',
-  'invalid-node-parent',
-  'undeclared-node-parent',
-  'undeclared-block',
-]);
-
-interface BlockSectionState {
-  blockOrder: string[];
-  blockMap: Map<string, string>;
-}
-
-interface HtmlNodeEntry {
-  html: string;
-  parentId?: string;
-}
-
-interface HtmlNodeSectionState {
-  nodeOrder: string[];
-  nodeMap: Map<string, HtmlNodeEntry>;
-}
-
 export function createProtocolHardener(options: ProtocolHardenerOptions): ProtocolHardener {
-  const layout = options.layout ?? null;
-  const layoutSections = new Set(layout?.slots.map((slot) => slot.id) ?? []);
-  const allowedSectionIds = options.allowedSectionIds
-    ? new Set(options.allowedSectionIds)
-    : null;
-  const maxSyntheticSections = normalizeMaxSyntheticSections(options.maxSyntheticSections);
-  let realScreenSections: string[] | null = options.initialScreenSections
-    ? [...options.initialScreenSections]
-    : null;
-  const syntheticSections: string[] = [];
-  const blockSections = new Map<string, BlockSectionState>();
-  const nodeSections = new Map<string, HtmlNodeSectionState>();
-
-  const processParsedLine = (line: ProtocolLine): ProtocolHardenerResult => {
-    if (layout && line.op === 'set' && line.path === '/screen') {
-      return skipLine(
-        layoutDisallowedIssue('Layout mode owns /screen; model screen lines are ignored', line),
-        line,
-      );
-    }
-
-    const validationIssues = validateProtocolLine(line, options.validationContext);
-    const blocker = validationIssues.find(isBlockingIssue);
-    if (blocker) {
-      return {
-        outboundLines: [],
-        acceptedLines: [],
-        issues: normalizeStructuralIssues(validationIssues),
-        blocked: blocker,
-        repairFeedback: [repairFeedbackForIssue(blocker, line, 'blocked')],
-        rejectedLine: line,
-      };
-    }
-
-    const structuralIssue = validationIssues.find((issue) => STRUCTURAL_SKIP_CODES.has(issue.code));
-    if (structuralIssue) {
-      return skipLine(structuralIssue, line, validationIssues);
-    }
-
-    if (layout && (line.op === 'add' || line.op === 'set') && line.path !== '/screen') {
-      const sectionId = sectionIdFromAnyPath(line.path);
-      if (sectionId && !layoutSections.has(sectionId)) {
-        return skipLine(
-          layoutDisallowedIssue(`Section "${sectionId}" is not part of layout "${layout.id}"`, line),
-          line,
-          validationIssues,
-        );
-      }
-    }
-
-    if (line.op === 'meta') {
-      return {
-        outboundLines: [line],
-        acceptedLines: [],
-        issues: validationIssues,
-      };
-    }
-
-    if (line.op === 'set') {
-      return processSetLine(line, validationIssues);
-    }
-
-    return processAddLine(compileAddLine(line, options.validationContext), validationIssues);
-  };
-
-  const processSetLine = (line: SetLine, validationIssues: ContractIssue[]): ProtocolHardenerResult => {
-    if (line.path === '/screen') {
-      const sections = screenSections(line);
-      realScreenSections = sections;
-      return {
-        outboundLines: [line],
-        acceptedLines: [line],
-        issues: validationIssues,
-      };
-    }
-
-    const sectionId = sectionIdFromPath(line.path);
-    if (!sectionId) {
-      return skipLine(
-        contractIssue({
-          source: 'protocol',
-          severity: 'warn',
-          code: 'invalid-section-path',
-          message: `Invalid section path "${line.path}"`,
-          path: line.path,
-        }),
-        line,
-        validationIssues,
-      );
-    }
-
-    const targetIssue = issueForUntargetedSection(sectionId, line.path);
-    if (targetIssue) return skipLine(targetIssue, line, validationIssues);
-
-    const declarationIssue = issueForUndeclaredSection(sectionId, line.path, false);
-    if (declarationIssue) return skipLine(declarationIssue, line, validationIssues);
-
-    const blocks = sectionBlocks(line);
-    const current = blockSections.get(sectionId);
-    const nextMap = new Map<string, string>();
-    for (const blockId of blocks) {
-      const existing = current?.blockMap.get(blockId);
-      if (existing !== undefined) nextMap.set(blockId, existing);
-    }
-    blockSections.set(sectionId, {
-      blockOrder: blocks,
-      blockMap: nextMap,
-    });
-    nodeSections.delete(sectionId);
-    return {
-      outboundLines: [line],
-      acceptedLines: [line],
-      issues: validationIssues,
-    };
-  };
-
-  const processAddLine = (line: AddLine, validationIssues: ContractIssue[]): ProtocolHardenerResult => {
-    const nodeTarget = htmlNodeTargetFromPath(line.path);
-    if (nodeTarget) {
-      return processAddNodeLine(line, nodeTarget, validationIssues);
-    }
-
-    const blockTarget = blockTargetFromPath(line.path);
-    if (blockTarget) {
-      return processAddBlockLine(line, blockTarget, validationIssues);
-    }
-
-    const sectionId = sectionIdFromPath(line.path);
-    if (!sectionId) {
-      return skipLine(
-        contractIssue({
-          source: 'protocol',
-          severity: 'warn',
-          code: 'invalid-section-path',
-          message: `Invalid section path "${line.path}"`,
-          path: line.path,
-        }),
-        line,
-        validationIssues,
-      );
-    }
-
-    const targetIssue = issueForUntargetedSection(sectionId, line.path);
-    if (targetIssue) return skipLine(targetIssue, line, validationIssues);
-
-    const declarationIssue = issueForUndeclaredSection(sectionId, line.path, true);
-    if (declarationIssue) return skipLine(declarationIssue, line, validationIssues);
-
-    if (!layout && !realScreenSections) {
-      if (!syntheticSections.includes(sectionId)) {
-        if (syntheticSections.length >= maxSyntheticSections) {
-          return skipLine(
-            contractIssue({
-              source: 'protocol',
-              severity: 'warn',
-              code: 'synthetic-section-limit',
-              message: `Synthetic screen cannot exceed ${maxSyntheticSections} sections`,
-              path: line.path,
-            }),
-            line,
-            validationIssues,
-          );
-        }
-        syntheticSections.push(sectionId);
-        const syntheticScreen = screenLine(syntheticSections);
-        return {
-          outboundLines: [screenSynthesizedLine(syntheticSections), syntheticScreen, line],
-          acceptedLines: [syntheticScreen, line],
-          issues: validationIssues,
-        };
-      }
-    }
-
-    blockSections.delete(sectionId);
-    nodeSections.delete(sectionId);
-    return {
-      outboundLines: [line],
-      acceptedLines: [line],
-      issues: validationIssues,
-    };
-  };
-
-  const processAddNodeLine = (
-    line: AddLine,
-    target: { sectionId: string; nodeId: string },
-    validationIssues: ContractIssue[],
-  ): ProtocolHardenerResult => {
-    const targetIssue = issueForUntargetedSection(target.sectionId, line.path);
-    if (targetIssue) return skipLine(targetIssue, line, validationIssues);
-
-    const declarationIssue = issueForUndeclaredSection(target.sectionId, line.path, false);
-    if (declarationIssue) return skipLine(declarationIssue, line, validationIssues);
-
-    const state = nodeSections.get(target.sectionId) ?? {
-      nodeOrder: [],
-      nodeMap: new Map<string, HtmlNodeEntry>(),
-    };
-    const parentId = line.parent || undefined;
-    if (parentId && !state.nodeMap.has(parentId)) {
-      return skipLine(
-        contractIssue({
-          source: 'protocol',
-          severity: 'warn',
-          code: 'undeclared-node-parent',
-          message: `Node parent "${parentId}" was not emitted before "${target.nodeId}"`,
-          path: line.path,
-        }),
-        line,
-        validationIssues,
-      );
-    }
-
-    const candidate = cloneNodeState(state);
-    if (!candidate.nodeOrder.includes(target.nodeId)) {
-      candidate.nodeOrder.push(target.nodeId);
-    }
-    candidate.nodeMap.set(target.nodeId, {
-      html: line.html ?? '',
-      ...(parentId ? { parentId } : {}),
-    });
-
-    const composedHtml = composeNodeSectionHtml(candidate);
-    const composedIssues = validateProtocolLine({
-      op: 'add',
-      path: `/section/${target.sectionId}`,
-      html: composedHtml,
-    }, options.validationContext).map((issue) => ({
-      ...issue,
-      path: line.path,
-    }));
-    const composedBlocker = composedIssues.find(isBlockingIssue);
-    if (composedBlocker) {
-      return {
-        outboundLines: [],
-        acceptedLines: [],
-        issues: normalizeStructuralIssues([...validationIssues, ...composedIssues]),
-        blocked: composedBlocker,
-        repairFeedback: [repairFeedbackForIssue(composedBlocker, line, 'blocked')],
-        rejectedLine: line,
-      };
-    }
-
-    blockSections.delete(target.sectionId);
-    nodeSections.set(target.sectionId, candidate);
-    return {
-      outboundLines: [line],
-      acceptedLines: [line],
-      issues: [...validationIssues, ...composedIssues],
-    };
-  };
-
-  const processAddBlockLine = (
-    line: AddLine,
-    target: { sectionId: string; blockId: string },
-    validationIssues: ContractIssue[],
-  ): ProtocolHardenerResult => {
-    const targetIssue = issueForUntargetedSection(target.sectionId, line.path);
-    if (targetIssue) return skipLine(targetIssue, line, validationIssues);
-
-    const declarationIssue = issueForUndeclaredSection(target.sectionId, line.path, false);
-    if (declarationIssue) return skipLine(declarationIssue, line, validationIssues);
-
-    const state = blockSections.get(target.sectionId);
-    if (!state || !state.blockOrder.includes(target.blockId)) {
-      return skipLine(
-        contractIssue({
-          source: 'protocol',
-          severity: 'warn',
-          code: 'undeclared-block',
-          message: `Block "${target.blockId}" was not declared by section "${target.sectionId}"`,
-          path: line.path,
-        }),
-        line,
-        validationIssues,
-      );
-    }
-
-    const candidateBlocks = new Map(state.blockMap);
-    candidateBlocks.set(target.blockId, line.html ?? '');
-    const composedHtml = composeBlockSectionHtml(state.blockOrder, candidateBlocks);
-    const composedIssues = validateProtocolLine({
-      op: 'add',
-      path: `/section/${target.sectionId}`,
-      html: composedHtml,
-    }, options.validationContext).map((issue) => ({
-      ...issue,
-      path: line.path,
-    }));
-    const composedBlocker = composedIssues.find(isBlockingIssue);
-    if (composedBlocker) {
-      return {
-        outboundLines: [],
-        acceptedLines: [],
-        issues: normalizeStructuralIssues([...validationIssues, ...composedIssues]),
-        blocked: composedBlocker,
-        repairFeedback: [repairFeedbackForIssue(composedBlocker, line, 'blocked')],
-        rejectedLine: line,
-      };
-    }
-
-    state.blockMap = candidateBlocks;
-    return {
-      outboundLines: [line],
-      acceptedLines: [line],
-      issues: [...validationIssues, ...composedIssues],
-    };
-  };
-
-  const issueForUntargetedSection = (sectionId: string, path: string): ContractIssue | null => {
-    if (!allowedSectionIds || allowedSectionIds.has(sectionId)) return null;
-    return contractIssue({
-      source: 'edit',
-      severity: 'warn',
-      code: 'section-not-targeted',
-      message: `Section "${sectionId}" is not targeted for this edit`,
-      path,
-    });
-  };
-
-  const issueForUndeclaredSection = (
-    sectionId: string,
-    path: string,
-    allowSynthetic: boolean,
-  ): ContractIssue | null => {
-    if (realScreenSections && !realScreenSections.includes(sectionId)) {
-      return contractIssue({
-        source: 'protocol',
-        severity: 'warn',
-        code: 'undeclared-section',
-        message: `Section "${sectionId}" was not declared by the real screen order`,
-        path,
-      });
-    }
-    if (!allowSynthetic && !layout && !realScreenSections) {
-      return contractIssue({
-        source: 'protocol',
-        severity: 'warn',
-        code: 'undeclared-section',
-        message: `Section "${sectionId}" requires a /screen declaration before section fragments`,
-        path,
-      });
-    }
-    return null;
-  };
-
   return {
     processRawLine(raw: string): ProtocolHardenerResult {
       const trimmed = raw.trim();
@@ -463,12 +49,10 @@ export function createProtocolHardener(options: ProtocolHardenerOptions): Protoc
       let line: ProtocolLine;
       try {
         line = parseProtocolLineStrict(trimmed, {
-          maxLineBytes: normalizeValidationLimits(
-            options.validationContext.limits,
-          ).maxProtocolLineBytes,
+          maxLineBytes: normalizeValidationLimits(options.validationContext.limits).maxProtocolLineBytes,
         });
       } catch {
-        const issue: ContractIssue = contractIssue({
+        const issue = contractIssue({
           source: 'protocol',
           severity: 'warn',
           code: 'malformed-jsonl',
@@ -478,68 +62,54 @@ export function createProtocolHardener(options: ProtocolHardenerOptions): Protoc
           outboundLines: [protocolSkipLine(issue, undefined, trimmed)],
           acceptedLines: [],
           issues: [issue],
-          repairFeedback: [repairFeedbackForIssue(issue, undefined, 'skipped', trimmed)],
         };
       }
 
-      return processParsedLine(line);
-    },
-  };
-}
-
-function compileAddLine(line: AddLine, context: ValidationContext): AddLine {
-  if (line.html === undefined) return line;
-  return {
-    ...line,
-    html: compileArtifactHtml(line.html, context).html,
-  };
-}
+      const issues = validateProtocolLine(line, options.validationContext);
+      const blocker = issues.find((issue) => issue.severity === 'block');
+      if (blocker) {
+        return {
+          outboundLines: [],
+          acceptedLines: [],
+          issues,
+          blocked: blocker,
+          rejectedLine: line,
+        };
+      }
 
-function emptyResult(): ProtocolHardenerResult {
-  return { outboundLines: [], acceptedLines: [], issues: [] };
-}
+      if (issues.length > 0) {
+        const issue = issues[0]!;
+        return {
+          outboundLines: [protocolSkipLine(issue, line)],
+          acceptedLines: [],
+          issues,
+          rejectedLine: line,
+        };
+      }
 
-function isBlockingIssue(issue: ContractIssue): boolean {
-  return issue.severity === 'block' && !STRUCTURAL_SKIP_CODES.has(issue.code);
-}
+      if (line.op === 'meta') {
+        return {
+          outboundLines: [line],
+          acceptedLines: [],
+          issues: [],
+        };
+      }
 
-function normalizeStructuralIssues(issues: ContractIssue[]): ContractIssue[] {
-  return issues.map((issue) => (
-    STRUCTURAL_SKIP_CODES.has(issue.code)
-      ? withIssueSeverity(issue, 'warn')
-      : issue
-  ));
-}
+      if (line.op === 'artifact') {
+        return {
+          outboundLines: [line],
+          acceptedLines: [line],
+          issues: [],
+        };
+      }
 
-function skipLine(
-  issue: ContractIssue,
-  line: ProtocolLine,
-  existingIssues: ContractIssue[] = [],
-): ProtocolHardenerResult {
-  const normalizedIssue: ContractIssue = withIssueSeverity(issue, 'warn');
-  const issues = existingIssues.length > 0
-    ? normalizeStructuralIssues(existingIssues)
-    : [normalizedIssue];
-  if (!issues.some((candidate) => sameIssue(candidate, normalizedIssue))) {
-    issues.push(normalizedIssue);
-  }
-  return {
-    outboundLines: [protocolSkipLine(normalizedIssue, line)],
-    acceptedLines: [],
-    issues,
-    repairFeedback: [repairFeedbackForIssue(normalizedIssue, line, 'skipped')],
-    rejectedLine: line,
+      return emptyResult();
+    },
   };
 }
 
-function sameIssue(a: ContractIssue, b: ContractIssue): boolean {
-  return (
-    a.source === b.source &&
-    a.code === b.code &&
-    a.message === b.message &&
-    a.path === b.path &&
-    a.severity === b.severity
-  );
+function emptyResult(): ProtocolHardenerResult {
+  return { outboundLines: [], acceptedLines: [], issues: [] };
 }
 
 function protocolSkipLine(
@@ -558,162 +128,8 @@ function protocolSkipLine(
   return { op: 'meta', path: '/protocol-skip', value };
 }
 
-function screenSynthesizedLine(sections: string[]): MetaLine {
-  return {
-    op: 'meta',
-    path: '/screen-synthesized',
-    value: { sections: [...sections], reason: 'add-before-screen' } satisfies ScreenSynthesizedMetaValue,
-  };
-}
-
-function screenLine(sections: string[]): SetLine {
-  return {
-    op: 'set',
-    path: '/screen',
-    value: { sections: [...sections] },
-  };
-}
-
-function screenSections(line: SetLine): string[] {
-  const value = line.value as { sections?: unknown } | undefined;
-  return Array.isArray(value?.sections)
-    ? value.sections.filter((section): section is string => typeof section === 'string')
-    : [];
-}
-
-function sectionBlocks(line: SetLine): string[] {
-  const value = line.value as { blocks?: unknown } | undefined;
-  return Array.isArray(value?.blocks)
-    ? value.blocks.filter((block): block is string => typeof block === 'string')
-    : [];
-}
-
-function sectionIdFromPath(path: string): string | null {
-  return sectionIdFromSectionPath(path);
-}
-
-function sectionIdFromAnyPath(path: string): string | null {
-  return (
-    sectionIdFromPath(path) ??
-    blockTargetFromPath(path)?.sectionId ??
-    htmlNodeTargetFromPath(path)?.sectionId ??
-    null
-  );
-}
-
-function composeBlockSectionHtml(blockOrder: string[], blockMap: Map<string, string>): string {
-  const parts: string[] = [];
-  for (const blockId of blockOrder) {
-    const html = blockMap.get(blockId);
-    if (html === undefined) continue;
-    parts.push(`<div data-summon-block="${escapeAttr(blockId)}">\n${html}\n</div>`);
-  }
-  return parts.join('\n');
-}
-
-function cloneNodeState(state: HtmlNodeSectionState): HtmlNodeSectionState {
-  return {
-    nodeOrder: [...state.nodeOrder],
-    nodeMap: new Map(state.nodeMap),
-  };
-}
-
-function composeNodeSectionHtml(state: HtmlNodeSectionState): string {
-  const parts: string[] = [];
-  const visited = new Set<string>();
-  for (const id of state.nodeOrder) {
-    const entry = state.nodeMap.get(id);
-    if (!entry || entry.parentId) continue;
-    parts.push(composeNode(id, state, visited));
-  }
-  for (const id of state.nodeOrder) {
-    if (visited.has(id)) continue;
-    parts.push(composeNode(id, state, visited));
-  }
-  return parts.join('\n');
-}
-
-function composeNode(
-  id: string,
-  state: HtmlNodeSectionState,
-  visited: Set<string>,
-): string {
-  if (visited.has(id)) return '';
-  visited.add(id);
-  const entry = state.nodeMap.get(id);
-  if (!entry) return '';
-  const children = state.nodeOrder
-    .filter((childId) => state.nodeMap.get(childId)?.parentId === id)
-    .map((childId) => composeNode(childId, state, visited))
-    .filter(Boolean)
-    .join('\n');
-  return children ? injectChildren(entry.html, children) : entry.html;
-}
-
-function injectChildren(html: string, children: string): string {
-  const tagName = html.trim().match(/^<\s*([a-zA-Z][\w:-]*)\b/)?.[1]?.toLowerCase();
-  if (!tagName) return `${html}\n${children}`;
-  const closeRe = new RegExp(`</${escapeRegExp(tagName)}\\s*>\\s*$`, 'i');
-  const match = html.match(closeRe);
-  if (!match || match.index === undefined) return `${html}\n${children}`;
-  return `${html.slice(0, match.index)}\n${children}\n${html.slice(match.index)}`;
-}
-
-function escapeRegExp(value: string): string {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
-
-function escapeAttr(s: string): string {
-  return s.replaceAll('&', '&amp;').replaceAll('"', '&quot;').replaceAll('<', '&lt;');
-}
-
-function layoutDisallowedIssue(message: string, line: ProtocolLine): ContractIssue {
-  return contractIssue({
-    source: 'layout',
-    severity: 'warn',
-    code: 'layout-disallowed',
-    message,
-    path: line.path,
-  });
-}
-
-function repairFeedbackForIssue(
-  issue: ContractIssue,
-  line: ProtocolLine | undefined,
-  status: RepairFeedbackMetaValue['status'],
-  raw?: string,
-): RepairFeedbackMetaValue {
-  const issues = [issue];
-  const target = line?.path ?? issue.path;
-  return {
-    schemaId: 'summon.repair-feedback.v2',
-    status,
-    ...(target ? { target } : {}),
-    issues,
-    retryable: isRetryableRepairTarget(line, issue),
-    hints: hintsForContractIssue(issue),
-    ...(raw ? { rawPreview: previewRaw(raw) } : {}),
-  };
-}
-
-function isRetryableRepairTarget(
-  line: ProtocolLine | undefined,
-  issue: ContractIssue,
-): boolean {
-  return (
-    issue.severity === 'block' &&
-    line?.op === 'add' &&
-    line.path.startsWith(SECTION_PREFIX) &&
-    !STRUCTURAL_SKIP_CODES.has(issue.code)
-  );
-}
-
-function normalizeMaxSyntheticSections(value: number | undefined): number {
-  if (value === undefined || !Number.isFinite(value)) return DEFAULT_MAX_SYNTHETIC_SECTIONS;
-  return Math.max(1, Math.min(DEFAULT_MAX_SYNTHETIC_SECTIONS, Math.floor(value)));
-}
-
 function previewRaw(raw: string): string {
-  const cleaned = raw.replace(/\s+/g, ' ').trim();
-  return cleaned.length > RAW_PREVIEW_LIMIT ? `${cleaned.slice(0, RAW_PREVIEW_LIMIT - 1)}…` : cleaned;
+  return raw.length > RAW_PREVIEW_LIMIT
+    ? `${raw.slice(0, RAW_PREVIEW_LIMIT)}...`
+    : raw;
 }
diff --git a/packages/engine/src/protocol.ts b/packages/engine/src/protocol.ts
index 938dac5..07721f2 100644
--- a/packages/engine/src/protocol.ts
+++ b/packages/engine/src/protocol.ts
@@ -1,55 +1,28 @@
 /**
- * Streaming protocol. The LLM emits one JSON object per line; the accumulator
- * applies them to build up a section map that the host pushes into the sandbox.
+ * Arrow streaming protocol. The model emits one JSON object per line:
  *
- *   {"op":"add","path":"/section/header","html":"<h1>..."}
- *   {"op":"set","path":"/screen","value":{"sections":["header","content","footer"]}}
- *   {"op":"meta","path":"/template","value":"stack"}
+ *   {"op":"meta","path":"/status","value":"writing"}
+ *   {"op":"artifact","path":"/artifact","value":{"runtime":"arrow","source":{...}}}
  *
- * "add" sets a section's HTML (overwrite on repeat).
- * "set /screen" declares section order (host uses a default if not emitted).
- * "meta" lines are informational; ignored by the accumulator.
+ * Surface UI is delivered exclusively as Arrow artifacts. Section, block, node,
+ * and raw HTML stream operations are no longer part of the protocol.
  */
 
-export interface AddLine {
-  op: 'add';
-  path: string;
-  html?: string;
-  parent?: string;
-}
-
-export interface SetLine {
-  op: 'set';
-  path: string;
-  value?: unknown;
-}
-
 export interface MetaLine {
   op: 'meta';
   path: string;
   value?: unknown;
 }
 
-export type ProtocolLine = AddLine | SetLine | MetaLine;
-
-export const SUMMON_PROTOCOL_VERSION = 1;
-
-export interface BlockTarget {
-  sectionId: string;
-  blockId: string;
+export interface ArtifactLine {
+  op: 'artifact';
+  path: '/artifact';
+  value?: unknown;
 }
 
-export interface HtmlNodeTarget {
-  sectionId: string;
-  nodeId: string;
-}
+export type ProtocolLine = MetaLine | ArtifactLine;
 
-export interface HtmlNodePatch {
-  sectionId: string;
-  nodeId: string;
-  parentId?: string;
-  html: string;
-}
+export const SUMMON_PROTOCOL_VERSION = 1;
 
 export type ProtocolParseErrorCode =
   | 'empty'
@@ -57,8 +30,7 @@ export type ProtocolParseErrorCode =
   | 'malformed-json'
   | 'invalid-shape'
   | 'invalid-op'
-  | 'invalid-add-html'
-  | 'invalid-add-parent';
+  | 'invalid-artifact-path';
 
 export class ProtocolParseError extends Error {
   readonly code: ProtocolParseErrorCode;
@@ -109,16 +81,12 @@ export function parseProtocolLineStrict(
     throw new ProtocolParseError('invalid-shape', 'Protocol line must include string op and path');
   }
 
-  if (p.op === 'add') {
-    if (p.html !== undefined && typeof p.html !== 'string') {
-      throw new ProtocolParseError('invalid-add-html', 'Add line html must be a string');
-    }
-    if (p.parent !== undefined && typeof p.parent !== 'string') {
-      throw new ProtocolParseError('invalid-add-parent', 'Add line parent must be a string');
+  if (p.op === 'artifact') {
+    if (p.path !== '/artifact') {
+      throw new ProtocolParseError('invalid-artifact-path', 'Artifact line path must be /artifact');
     }
-    return p as unknown as AddLine;
+    return p as unknown as ArtifactLine;
   }
-  if (p.op === 'set') return p as unknown as SetLine;
   if (p.op === 'meta') return p as unknown as MetaLine;
   throw new ProtocolParseError('invalid-op', `Unsupported protocol op "${p.op}"`);
 }
@@ -135,52 +103,10 @@ export function isProtocolLine(value: unknown): value is ProtocolLine {
   if (!value || typeof value !== 'object' || Array.isArray(value)) return false;
   const p = value as Record<string, unknown>;
   if (typeof p.op !== 'string' || typeof p.path !== 'string') return false;
-  if (p.op === 'add') {
-    return (
-      (p.html === undefined || typeof p.html === 'string') &&
-      (p.parent === undefined || typeof p.parent === 'string')
-    );
-  }
-  return p.op === 'set' || p.op === 'meta';
+  if (p.op === 'artifact') return p.path === '/artifact';
+  return p.op === 'meta';
 }
 
 function byteLength(value: string): number {
   return new TextEncoder().encode(value).length;
 }
-
-export function sectionIdFromSectionPath(path: string): string | null {
-  if (!path.startsWith('/section/')) return null;
-  const suffix = path.slice('/section/'.length);
-  if (!suffix || suffix.includes('/')) return null;
-  return suffix;
-}
-
-export function blockTargetFromPath(path: string): BlockTarget | null {
-  if (!path.startsWith('/section/')) return null;
-  const parts = path.slice('/section/'.length).split('/');
-  if (parts.length !== 3 || parts[1] !== 'block') return null;
-  const [sectionId, , blockId] = parts;
-  if (!sectionId || !blockId) return null;
-  return { sectionId, blockId };
-}
-
-export function htmlNodeTargetFromPath(path: string): HtmlNodeTarget | null {
-  if (!path.startsWith('/section/')) return null;
-  const parts = path.slice('/section/'.length).split('/');
-  if (parts.length !== 3 || parts[1] !== 'node') return null;
-  const [sectionId, , nodeId] = parts;
-  if (!sectionId || !nodeId) return null;
-  return { sectionId, nodeId };
-}
-
-export function htmlNodePatchFromLine(line: ProtocolLine): HtmlNodePatch | null {
-  if (line.op !== 'add') return null;
-  const target = htmlNodeTargetFromPath(line.path);
-  if (!target) return null;
-  return {
-    sectionId: target.sectionId,
-    nodeId: target.nodeId,
-    ...(line.parent ? { parentId: line.parent } : {}),
-    html: line.html ?? '',
-  };
-}
diff --git a/packages/engine/src/runtime-validator.ts b/packages/engine/src/runtime-validator.ts
index b0f5039..7625166 100644
--- a/packages/engine/src/runtime-validator.ts
+++ b/packages/engine/src/runtime-validator.ts
@@ -1,14 +1,8 @@
-export { validateProtocolLine } from './runtime-validator/protocol.js';
 export {
-  ARTIFACT_COMPILER_VERSION,
-  compileArtifactHtml,
-  validateHtmlFragment,
-} from './runtime-validator/html.js';
+  validateProtocolLine,
+} from './runtime-validator/protocol.js';
 export type {
-  ArtifactCompileResult,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
   ValidationContext,
-  ValidationCapability,
+  ValidationTool,
   ValidationComponent,
 } from './runtime-validator/types.js';
diff --git a/packages/engine/src/runtime-validator/binding-rules.ts b/packages/engine/src/runtime-validator/binding-rules.ts
deleted file mode 100644
index 28b7c12..0000000
--- a/packages/engine/src/runtime-validator/binding-rules.ts
+++ /dev/null
@@ -1,435 +0,0 @@
-import {
-  hasCompleteResourceStateKeys,
-  type CapabilityTrigger,
-} from '../capability-contract.js';
-import type { ContractIssue } from '../contracts.js';
-import { validateSurfaceCapability } from './capabilities.js';
-import { block, warn } from './issues.js';
-import type {
-  HtmlOpenToken,
-  HtmlTraversalToken,
-  ResourceScope,
-  ResourceUsage,
-  RuntimeCapability,
-  TagFrame,
-  ValidationContext,
-} from './types.js';
-
-const RESOURCE_ALIAS_RE = /^[A-Za-z_$][\w$]{0,39}$/;
-const SAFE_ATTR_BINDINGS = new Set([
-  'src',
-  'alt',
-  'title',
-  'aria-label',
-  'value',
-  'placeholder',
-  'disabled',
-]);
-
-export function scanIntentBindings(
-  elements: HtmlOpenToken[],
-  capabilityMap: Map<string, RuntimeCapability>,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  const actionUsages = actionUsageMap(capabilityMap);
-  for (const element of elements) {
-    for (const trigger of ['click', 'submit', 'mount'] as const) {
-      const intent = element.attrs.get(`data-summon-on-${trigger}`)?.trim();
-      if (intent === undefined) continue;
-      const capability = capabilityMap.get(intent);
-      if (!intent || !capability) {
-        issues.push(block('unknown-intent', `Intent "${intent || '(empty)'}" is not granted`));
-        continue;
-      }
-      if (!capability.triggers.has(trigger)) {
-        issues.push(
-          block(
-            'intent-trigger-not-granted',
-            `Intent "${intent}" is not granted for ${trigger}`,
-          ),
-        );
-      }
-      validateSurfaceCapability(capability, context, issues);
-      const usage = actionUsages.get(capability.name);
-      if (usage) usage.hasTrigger = true;
-    }
-    recordActionStateUsage(element.attrs, actionUsages);
-  }
-  warnForActionStateQuality(actionUsages, issues);
-}
-
-export function scanResourceAndAttributeBindings(
-  tokens: HtmlTraversalToken[],
-  capabilityMap: Map<string, RuntimeCapability>,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  const stack: TagFrame[] = [];
-  const resourceUsages: ResourceUsage[] = [];
-  for (const token of tokens) {
-    if (token.kind === 'close') {
-      popTag(stack, token.tagName);
-      continue;
-    }
-
-    const { attrs, tagName } = token;
-    const parentResource = nearestResource(stack);
-    const declaredResource = attrs.get('data-summon-resource')?.trim();
-    const aliasAttr = attrs.get('data-summon-resource-as')?.trim();
-    let resource = parentResource;
-
-    if (declaredResource !== undefined) {
-      resource = undefined;
-      const capability = capabilityMap.get(declaredResource);
-      if (!declaredResource || !capability) {
-        issues.push(block('unknown-resource', `Resource "${declaredResource || '(empty)'}" is not granted`));
-      } else if (capability.kind !== 'resource') {
-        issues.push(block('non-resource-capability', `Capability "${declaredResource}" is not a resource`));
-      } else if (!hasCompleteResourceStateKeys(capability.stateKeys)) {
-        issues.push(
-          block(
-            'resource-state-keys-incomplete',
-            `Resource "${declaredResource}" must declare loading, data, and error state keys`,
-          ),
-        );
-      }
-
-      const alias = aliasAttr || declaredResource;
-      if (!RESOURCE_ALIAS_RE.test(alias)) {
-        issues.push(block('invalid-resource-alias', `Invalid resource alias "${alias}"`));
-      }
-
-      if (capability && capability.kind === 'resource') {
-        validateSurfaceCapability(capability, context, issues);
-        const usage = hasCompleteResourceStateKeys(capability.stateKeys)
-          ? {
-              name: declaredResource,
-              alias,
-              hasTrigger: false,
-              hasLoadingBinding: false,
-              hasErrorBinding: false,
-              hasDataBinding: false,
-              hasEmptyState: Boolean(capability.stateKeys.empty),
-              hasEmptyBinding: false,
-            }
-          : undefined;
-        if (usage) resourceUsages.push(usage);
-        resource = { name: declaredResource, alias, capability, usage };
-      }
-    } else if (aliasAttr !== undefined) {
-      issues.push(
-        block(
-          'resource-alias-without-resource',
-          '`data-summon-resource-as` requires `data-summon-resource`',
-        ),
-      );
-    }
-
-    validateArgs(attrs, issues);
-    validateSafeAttributeBindings(attrs, tagName, issues);
-    validateResourceTrigger(attrs, tagName, resource, parentResource, attrs.has('data-summon-resource'), issues);
-    recordResourceUsage(attrs, resource ?? parentResource);
-
-    if (!token.selfClosing) {
-      stack.push({ tagName, resource });
-    }
-  }
-  warnForResourceQuality(resourceUsages, issues);
-}
-
-function popTag(stack: TagFrame[], tagName: string): void {
-  for (let i = stack.length - 1; i >= 0; i--) {
-    const frame = stack.pop();
-    if (frame?.tagName === tagName) return;
-  }
-}
-
-function nearestResource(stack: TagFrame[]): ResourceScope | undefined {
-  for (let i = stack.length - 1; i >= 0; i--) {
-    const resource = stack[i]?.resource;
-    if (resource) return resource;
-  }
-  return undefined;
-}
-
-function validateArgs(attrs: Map<string, string>, issues: ContractIssue[]): void {
-  if (!attrs.has('data-summon-args')) return;
-  const raw = attrs.get('data-summon-args') ?? '';
-  if (!raw.trim()) return;
-  let parsed: unknown;
-  try {
-    parsed = JSON.parse(raw);
-  } catch {
-    issues.push(block('invalid-args-json', '`data-summon-args` must be valid JSON'));
-    return;
-  }
-  if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-    issues.push(block('invalid-args-json', '`data-summon-args` must be a JSON object'));
-  }
-}
-
-function validateSafeAttributeBindings(
-  attrs: Map<string, string>,
-  tagName: string,
-  issues: ContractIssue[],
-): void {
-  for (const attr of attrs.keys()) {
-    if (!attr.startsWith('data-summon-attr-')) continue;
-    const target = attr.slice('data-summon-attr-'.length);
-    if (!SAFE_ATTR_BINDINGS.has(target)) {
-      issues.push(block('unsafe-attr-binding', `Attribute binding "${attr}" is not allowed`));
-      continue;
-    }
-    if (target === 'src' && tagName !== 'img') {
-      issues.push(block('bad-attr-binding-placement', '`data-summon-attr-src` is only allowed on <img>'));
-    }
-  }
-}
-
-function validateResourceTrigger(
-  attrs: Map<string, string>,
-  tagName: string,
-  resource: ResourceScope | undefined,
-  parentResource: ResourceScope | undefined,
-  declaredResource: boolean,
-  issues: ContractIssue[],
-): void {
-  if (!attrs.has('data-summon-resource-trigger')) return;
-  const trigger = attrs.get('data-summon-resource-trigger')?.trim() as CapabilityTrigger | undefined;
-  if (hasLegacyTrigger(attrs)) {
-    issues.push(
-      block(
-        'mixed-resource-legacy-trigger',
-        'Do not mix `data-summon-resource-trigger` with `data-summon-on-*` on the same element',
-      ),
-    );
-  }
-  if (trigger !== 'click' && trigger !== 'submit' && trigger !== 'mount') {
-    issues.push(
-      block(
-        'invalid-resource-trigger',
-        '`data-summon-resource-trigger` must be one of click, submit, or mount',
-      ),
-    );
-    return;
-  }
-
-  const effectiveResource = resource ?? parentResource;
-  if (!effectiveResource) {
-    issues.push(
-      block(
-        'resource-trigger-without-resource',
-        '`data-summon-resource-trigger` must be inside a `data-summon-resource` scope',
-      ),
-    );
-    return;
-  }
-
-  if (trigger === 'submit' && tagName !== 'form') {
-    issues.push(block('bad-resource-trigger-placement', 'Resource submit triggers must be on <form>'));
-  }
-  if (trigger === 'mount' && !declaredResource) {
-    issues.push(
-      block(
-        'bad-resource-trigger-placement',
-        'Resource mount triggers must be on the `data-summon-resource` root',
-      ),
-    );
-  }
-  if (!effectiveResource.capability.triggers.has(trigger)) {
-    issues.push(
-      block(
-        'intent-trigger-not-granted',
-        `Resource "${effectiveResource.name}" is not granted for ${trigger}`,
-      ),
-    );
-  }
-}
-
-function recordResourceUsage(
-  attrs: Map<string, string>,
-  resource: ResourceScope | undefined,
-): void {
-  const usage = resource?.usage;
-  if (!usage) return;
-  if (attrs.has('data-summon-resource-trigger')) usage.hasTrigger = true;
-
-  for (const [attr, value] of attrs) {
-    if (!isBindingAttribute(attr)) continue;
-    if (isVisibleStateBinding(attr) && referencesResourceSlot(value, usage.alias, 'loading')) {
-      usage.hasLoadingBinding = true;
-    }
-    if (isVisibleStateBinding(attr) && referencesResourceSlot(value, usage.alias, 'error')) {
-      usage.hasErrorBinding = true;
-    }
-    if (isDataResultBinding(attr) && referencesResourceSlot(value, usage.alias, 'data')) {
-      usage.hasDataBinding = true;
-    }
-    if (
-      usage.hasEmptyState &&
-      isVisibleStateBinding(attr) &&
-      referencesResourceSlot(value, usage.alias, 'empty')
-    ) {
-      usage.hasEmptyBinding = true;
-    }
-  }
-}
-
-function isBindingAttribute(attr: string): boolean {
-  return (
-    attr === 'data-summon-bind' ||
-    attr === 'data-summon-show' ||
-    attr === 'data-summon-hide' ||
-    attr === 'data-summon-foreach' ||
-    attr.startsWith('data-summon-attr-')
-  );
-}
-
-function isVisibleStateBinding(attr: string): boolean {
-  return attr === 'data-summon-bind' || attr === 'data-summon-show';
-}
-
-function isDataResultBinding(attr: string): boolean {
-  return (
-    attr === 'data-summon-bind' ||
-    attr === 'data-summon-show' ||
-    attr === 'data-summon-foreach' ||
-    attr.startsWith('data-summon-attr-')
-  );
-}
-
-function referencesResourceSlot(
-  value: string,
-  alias: string,
-  slot: 'loading' | 'data' | 'error' | 'empty',
-): boolean {
-  const path = `$${alias}.${slot}`;
-  return value.trim() === path || value.trim().startsWith(`${path}.`);
-}
-
-function referencesStateKey(value: string, key: string): boolean {
-  const trimmed = value.trim();
-  return trimmed === key || trimmed.startsWith(`${key}.`);
-}
-
-function warnForResourceQuality(
-  resourceUsages: ResourceUsage[],
-  issues: ContractIssue[],
-): void {
-  for (const usage of resourceUsages) {
-    if (!usage.hasTrigger) continue;
-    const aliasPath = `$${usage.alias}`;
-    if (!usage.hasLoadingBinding) {
-      issues.push(
-        warn(
-          'resource-loading-not-rendered',
-          `Data resource "${usage.name}" has no visible loading binding under ${aliasPath}.loading`,
-        ),
-      );
-    }
-    if (!usage.hasErrorBinding) {
-      issues.push(
-        warn(
-          'resource-error-not-rendered',
-          `Data resource "${usage.name}" has no visible error binding under ${aliasPath}.error`,
-        ),
-      );
-    }
-    if (!usage.hasDataBinding) {
-      issues.push(
-        warn(
-          'resource-data-not-rendered',
-          `Data resource "${usage.name}" has no data binding or foreach under ${aliasPath}.data`,
-        ),
-      );
-    }
-    if (usage.hasEmptyState && !usage.hasEmptyBinding) {
-      issues.push(
-        warn(
-          'resource-empty-not-rendered',
-          `Data resource "${usage.name}" has no visible empty binding under ${aliasPath}.empty`,
-        ),
-      );
-    }
-  }
-}
-
-interface ActionUsage {
-  name: string;
-  pending: string;
-  error: string;
-  hasTrigger: boolean;
-  hasPendingBinding: boolean;
-  hasErrorBinding: boolean;
-}
-
-function actionUsageMap(capabilityMap: Map<string, RuntimeCapability>): Map<string, ActionUsage> {
-  const out = new Map<string, ActionUsage>();
-  for (const capability of capabilityMap.values()) {
-    if (capability.kind !== 'action' || !capability.actionStateKeys) continue;
-    out.set(capability.name, {
-      name: capability.name,
-      pending: capability.actionStateKeys.pending,
-      error: capability.actionStateKeys.error,
-      hasTrigger: false,
-      hasPendingBinding: false,
-      hasErrorBinding: false,
-    });
-  }
-  return out;
-}
-
-function recordActionStateUsage(
-  attrs: Map<string, string>,
-  actionUsages: Map<string, ActionUsage>,
-): void {
-  if (actionUsages.size === 0) return;
-  for (const [attr, value] of attrs) {
-    if (!isBindingAttribute(attr)) continue;
-    for (const usage of actionUsages.values()) {
-      if (
-        (attr === 'data-summon-attr-disabled' || isVisibleStateBinding(attr)) &&
-        referencesStateKey(value, usage.pending)
-      ) {
-        usage.hasPendingBinding = true;
-      }
-      if (isVisibleStateBinding(attr) && referencesStateKey(value, usage.error)) {
-        usage.hasErrorBinding = true;
-      }
-    }
-  }
-}
-
-function warnForActionStateQuality(
-  actionUsages: Map<string, ActionUsage>,
-  issues: ContractIssue[],
-): void {
-  for (const usage of actionUsages.values()) {
-    if (!usage.hasTrigger) continue;
-    if (!usage.hasPendingBinding) {
-      issues.push(
-        warn(
-          'action-pending-not-rendered',
-          `Controlled action "${usage.name}" has no disabled or visible pending binding for ${usage.pending}`,
-        ),
-      );
-    }
-    if (!usage.hasErrorBinding) {
-      issues.push(
-        warn(
-          'action-error-not-rendered',
-          `Controlled action "${usage.name}" has no visible error binding for ${usage.error}`,
-        ),
-      );
-    }
-  }
-}
-
-function hasLegacyTrigger(attrs: Map<string, string>): boolean {
-  return (
-    attrs.has('data-summon-on-click') ||
-    attrs.has('data-summon-on-submit') ||
-    attrs.has('data-summon-on-mount')
-  );
-}
diff --git a/packages/engine/src/runtime-validator/capabilities.ts b/packages/engine/src/runtime-validator/capabilities.ts
deleted file mode 100644
index 968a0f4..0000000
--- a/packages/engine/src/runtime-validator/capabilities.ts
+++ /dev/null
@@ -1,116 +0,0 @@
-import {
-  defaultTriggersForKind,
-  type CapabilityTrigger,
-} from '../capability-contract.js';
-import type { ContractIssue } from '../contracts.js';
-import type { SurfaceAuthority } from '../surface-plan.js';
-import { block } from './issues.js';
-import type { RuntimeCapability, ValidationContext } from './types.js';
-
-export function buildCapabilityMap(context: ValidationContext): Map<string, RuntimeCapability> {
-  const out = new Map<string, RuntimeCapability>();
-
-  if (context.capabilities) {
-    for (const capability of context.capabilities) {
-      const triggers: CapabilityTrigger[] = capability.triggers?.length
-        ? capability.triggers
-        : defaultTriggersForKind(capability.kind ?? 'action');
-      out.set(capability.name, {
-        name: capability.name,
-        kind: capability.kind ?? 'action',
-        triggers: new Set(triggers),
-        stateKeys: capability.stateKeys,
-        actionStateKeys: capability.actionStateKeys,
-        surface: capability.surface,
-      });
-    }
-    return out;
-  }
-
-  for (const name of context.allowedIntents ?? []) {
-    out.set(name, {
-      name,
-      kind: 'action',
-      triggers: new Set(defaultTriggersForKind('action')),
-    });
-  }
-
-  return out;
-}
-
-export function validateSurfaceCapability(
-  capability: RuntimeCapability,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  const plan = context.surfacePlan;
-  if (!plan) return;
-
-  if (plan.runtime === 'static') {
-    issues.push(
-      block(
-        'surface-runtime-exceeded',
-        `Static surface cannot use capability "${capability.name}"`,
-      ),
-    );
-  }
-  if (plan.runtime === 'worker' && capability.surface?.data !== 'worker') {
-    issues.push(
-      block(
-        'surface-runtime-exceeded',
-        `Worker surface can only use worker-backed capabilities; "${capability.name}" is not worker-backed`,
-      ),
-    );
-  }
-
-  const capabilityData = capability.surface?.data ??
-    (capability.kind === 'resource' ? 'host-resource' : undefined);
-  if (plan.data === 'embedded' && capability.kind === 'resource') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Embedded-data surface cannot use data resource "${capability.name}"`,
-      ),
-    );
-  }
-  if (plan.data === 'host-resource' && capabilityData === 'worker') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Host-resource surface cannot use worker-backed capability "${capability.name}"`,
-      ),
-    );
-  }
-  if (plan.data === 'worker' && capabilityData !== 'worker') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Worker-data surface can only use worker-backed capabilities; "${capability.name}" is not worker-backed`,
-      ),
-    );
-  }
-
-  const capabilityAuthority = capability.surface?.authority ??
-    (capability.kind === 'resource' ? 'read' : 'host-action');
-  if (!authorityAllows(plan.authority, capabilityAuthority)) {
-    issues.push(
-      block(
-        'surface-authority-exceeded',
-        `Surface authority "${plan.authority}" cannot use "${capability.name}" (${capabilityAuthority})`,
-      ),
-    );
-  }
-}
-
-function authorityAllows(plan: SurfaceAuthority, capability: SurfaceAuthority): boolean {
-  switch (plan) {
-    case 'none':
-      return false;
-    case 'read':
-      return capability === 'read';
-    case 'host-action':
-      return capability === 'read' || capability === 'host-action';
-    case 'approval-gated':
-      return capability === 'approval-gated';
-  }
-}
diff --git a/packages/engine/src/runtime-validator/component-rules.ts b/packages/engine/src/runtime-validator/component-rules.ts
deleted file mode 100644
index 6a464fd..0000000
--- a/packages/engine/src/runtime-validator/component-rules.ts
+++ /dev/null
@@ -1,218 +0,0 @@
-import type { ContractIssue } from '../contracts.js';
-import type { SurfaceAuthority } from '../surface-plan.js';
-import { block } from './issues.js';
-import type {
-  HtmlTraversalToken,
-  RuntimeComponent,
-  ValidationContext,
-} from './types.js';
-
-const COMPONENT_ID_RE = /^[A-Za-z][A-Za-z0-9_-]{0,63}$/;
-
-export function buildComponentMap(context: ValidationContext): Map<string, RuntimeComponent> {
-  const out = new Map<string, RuntimeComponent>();
-  for (const component of context.components ?? []) {
-    out.set(component.name, {
-      name: component.name,
-      surface: component.surface,
-    });
-  }
-  return out;
-}
-
-export function scanComponentBindings(
-  tokens: HtmlTraversalToken[],
-  componentMap: Map<string, RuntimeComponent>,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  const ids = new Set<string>();
-  const stack: Array<{ tagName: string; component: boolean }> = [];
-  let componentDepth = 0;
-
-  for (const token of tokens) {
-    if (token.kind === 'close') {
-      for (let i = stack.length - 1; i >= 0; i--) {
-        const frame = stack.pop();
-        if (frame?.component) componentDepth -= 1;
-        if (frame?.tagName === token.tagName) break;
-      }
-      continue;
-    }
-
-    const name = token.attrs.get('data-summon-component')?.trim();
-    const id = token.attrs.get('data-summon-component-id')?.trim();
-    const props = token.attrs.get('data-summon-props');
-    const hasComponentAttr = name !== undefined ||
-      id !== undefined ||
-      props !== undefined;
-
-    if (hasComponentAttr && name === undefined) {
-      issues.push(
-        block(
-          'component-missing-name',
-          '`data-summon-component-id` and `data-summon-props` require `data-summon-component`',
-        ),
-      );
-    }
-
-    if (name !== undefined) {
-      const component = componentMap.get(name);
-      if (!name || !component) {
-        issues.push(block('unknown-component', `Component "${name || '(empty)'}" is not registered`));
-      } else {
-        validateSurfaceComponent(component, context, issues);
-      }
-
-      if (componentDepth > 0) {
-        issues.push(block('nested-component', 'Component placeholders must not be nested'));
-      }
-
-      if (!id) {
-        issues.push(
-          block(
-            'component-id-missing',
-            `Component "${name}" must include data-summon-component-id`,
-          ),
-        );
-      } else if (!COMPONENT_ID_RE.test(id)) {
-        issues.push(
-          block(
-            'component-id-invalid',
-            `Component "${name}" has invalid id "${id}"`,
-          ),
-        );
-      } else if (ids.has(id)) {
-        issues.push(
-          block(
-            'component-id-duplicate',
-            `Component id "${id}" is used more than once in this section`,
-          ),
-        );
-      } else {
-        ids.add(id);
-      }
-
-      validatePropsJson(name, props, issues);
-      if (!token.selfClosing) {
-        stack.push({ tagName: token.tagName, component: true });
-        componentDepth += 1;
-      }
-    } else if (!token.selfClosing) {
-      stack.push({ tagName: token.tagName, component: false });
-    }
-  }
-}
-
-function validatePropsJson(
-  name: string,
-  raw: string | undefined,
-  issues: ContractIssue[],
-): void {
-  if (raw === undefined) {
-    issues.push(
-      block(
-        'component-props-missing',
-        `Component "${name}" must include data-summon-props`,
-      ),
-    );
-    return;
-  }
-  let parsed: unknown;
-  try {
-    parsed = JSON.parse(raw);
-  } catch {
-    issues.push(
-      block(
-        'component-props-invalid',
-        `Component "${name}" data-summon-props must be valid JSON`,
-      ),
-    );
-    return;
-  }
-  if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-    issues.push(
-      block(
-        'component-props-invalid',
-        `Component "${name}" data-summon-props must be a JSON object`,
-      ),
-    );
-  }
-}
-
-function validateSurfaceComponent(
-  component: RuntimeComponent,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  const plan = context.surfacePlan;
-  if (!plan) return;
-
-  const componentData = component.surface?.data ?? 'embedded';
-  const componentAuthority = component.surface?.authority ?? 'none';
-
-  if (plan.runtime === 'static' && (componentData !== 'embedded' || componentAuthority !== 'none')) {
-    issues.push(
-      block(
-        'surface-runtime-exceeded',
-        `Static surface can only use embedded display component "${component.name}"`,
-      ),
-    );
-  }
-
-  if (plan.runtime === 'worker' && componentData !== 'worker') {
-    issues.push(
-      block(
-        'surface-runtime-exceeded',
-        `Worker surface can only use worker-backed components; "${component.name}" is not worker-backed`,
-      ),
-    );
-  }
-
-  if (plan.data === 'embedded' && componentData !== 'embedded') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Embedded-data surface cannot use component "${component.name}" with ${componentData} data`,
-      ),
-    );
-  }
-  if (plan.data === 'host-resource' && componentData === 'worker') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Host-resource surface cannot use worker-backed component "${component.name}"`,
-      ),
-    );
-  }
-  if (plan.data === 'worker' && componentData !== 'worker') {
-    issues.push(
-      block(
-        'surface-data-exceeded',
-        `Worker-data surface can only use worker-backed components; "${component.name}" is not worker-backed`,
-      ),
-    );
-  }
-
-  if (!authorityAllows(plan.authority, componentAuthority)) {
-    issues.push(
-      block(
-        'surface-authority-exceeded',
-        `Surface authority "${plan.authority}" cannot use component "${component.name}" (${componentAuthority})`,
-      ),
-    );
-  }
-}
-
-function authorityAllows(plan: SurfaceAuthority, component: SurfaceAuthority): boolean {
-  switch (plan) {
-    case 'none':
-      return component === 'none';
-    case 'read':
-      return component === 'none' || component === 'read';
-    case 'host-action':
-      return component === 'none' || component === 'read' || component === 'host-action';
-    case 'approval-gated':
-      return component === 'none' || component === 'approval-gated';
-  }
-}
diff --git a/packages/engine/src/runtime-validator/html-parser.ts b/packages/engine/src/runtime-validator/html-parser.ts
deleted file mode 100644
index 8056a6c..0000000
--- a/packages/engine/src/runtime-validator/html-parser.ts
+++ /dev/null
@@ -1,134 +0,0 @@
-import {
-  parseFragment,
-  serialize,
-  type DefaultTreeAdapterTypes,
-} from 'parse5';
-import type { ContractIssue } from '../contracts.js';
-import type { ValidationLimits } from '../validation-limits.js';
-import { block } from './issues.js';
-import type {
-  CompiledArtifactHtml,
-  HtmlOpenToken,
-  HtmlTraversalToken,
-  ParsedHtmlFragment,
-} from './types.js';
-
-const VOID_TAGS = new Set([
-  'area',
-  'base',
-  'br',
-  'col',
-  'embed',
-  'hr',
-  'img',
-  'input',
-  'link',
-  'meta',
-  'param',
-  'source',
-  'track',
-  'wbr',
-]);
-
-export function parseHtmlForValidation(
-  html: string,
-  limits: ValidationLimits,
-  issues: ContractIssue[],
-): ParsedHtmlFragment {
-  let fragment: DefaultTreeAdapterTypes.DocumentFragment;
-  try {
-    fragment = parseFragment(html);
-  } catch {
-    issues.push(block('invalid-html', 'HTML could not be parsed'));
-    return {
-      tokens: [],
-      elements: [],
-      cssSources: [],
-      canonicalHtml: '' as CompiledArtifactHtml,
-    };
-  }
-
-  const tokens: HtmlTraversalToken[] = [];
-  const elements: HtmlOpenToken[] = [];
-  const cssSources: string[] = [];
-  let nodeCount = 0;
-  let reportedDepth = false;
-  let reportedNodes = false;
-
-  const visitChildren = (parent: DefaultTreeAdapterTypes.ParentNode, depth: number): void => {
-    const children = childNodesFor(parent);
-    for (const child of children) {
-      if (!isElement(child)) continue;
-      const tagName = child.tagName.toLowerCase();
-      nodeCount += 1;
-      if (!reportedNodes && nodeCount > limits.maxDomNodes) {
-        reportedNodes = true;
-        issues.push(block('dom-node-limit', `HTML exceeds ${limits.maxDomNodes} nodes`));
-      }
-      if (!reportedDepth && depth + 1 > limits.maxDomDepth) {
-        reportedDepth = true;
-        issues.push(block('dom-depth-limit', `HTML exceeds DOM depth ${limits.maxDomDepth}`));
-      }
-
-      const attrs = attrsFor(child);
-      const selfClosing = VOID_TAGS.has(tagName);
-      const token: HtmlOpenToken = { kind: 'open', tagName, attrs, selfClosing };
-      tokens.push(token);
-      elements.push(token);
-
-      const styleAttr = attrs.get('style');
-      if (styleAttr) cssSources.push(styleAttr);
-      if (tagName === 'style') {
-        cssSources.push(textContent(child));
-      }
-
-      if (!selfClosing) {
-        visitChildren(child, depth + 1);
-        tokens.push({ kind: 'close', tagName });
-      }
-    }
-  };
-
-  visitChildren(fragment, 0);
-
-  return {
-    tokens,
-    elements,
-    cssSources,
-    canonicalHtml: serialize(fragment) as CompiledArtifactHtml,
-  };
-}
-
-function childNodesFor(parent: DefaultTreeAdapterTypes.ParentNode): DefaultTreeAdapterTypes.ChildNode[] {
-  if (isTemplate(parent)) return parent.content.childNodes;
-  return parent.childNodes;
-}
-
-function attrsFor(element: DefaultTreeAdapterTypes.Element): Map<string, string> {
-  const attrs = new Map<string, string>();
-  for (const attr of element.attrs) {
-    attrs.set(attr.name.toLowerCase(), attr.value);
-  }
-  return attrs;
-}
-
-function textContent(parent: DefaultTreeAdapterTypes.ParentNode): string {
-  let out = '';
-  for (const child of childNodesFor(parent)) {
-    if (isText(child)) out += child.value;
-    if (isElement(child)) out += textContent(child);
-  }
-  return out;
-}
-
-function isElement(node: DefaultTreeAdapterTypes.ChildNode): node is DefaultTreeAdapterTypes.Element {
-  return 'tagName' in node;
-}
-
-function isText(node: DefaultTreeAdapterTypes.ChildNode): node is DefaultTreeAdapterTypes.TextNode {
-  return node.nodeName === '#text';
-}
-
-function isTemplate(node: DefaultTreeAdapterTypes.ParentNode): node is DefaultTreeAdapterTypes.Template {
-  return 'tagName' in node && node.tagName.toLowerCase() === 'template' && 'content' in node;
-}
diff --git a/packages/engine/src/runtime-validator/html.ts b/packages/engine/src/runtime-validator/html.ts
deleted file mode 100644
index 11b8f6d..0000000
--- a/packages/engine/src/runtime-validator/html.ts
+++ /dev/null
@@ -1,417 +0,0 @@
-import type { ContractIssue } from '../contracts.js';
-import { normalizeValidationLimits } from '../validation-limits.js';
-import {
-  scanIntentBindings,
-  scanResourceAndAttributeBindings,
-} from './binding-rules.js';
-import { buildCapabilityMap } from './capabilities.js';
-import {
-  buildComponentMap,
-  scanComponentBindings,
-} from './component-rules.js';
-import { parseHtmlForValidation } from './html-parser.js';
-import {
-  block,
-  byteLength,
-  dedupeIssues,
-} from './issues.js';
-import {
-  scanCss,
-  scanElementSafety,
-  scanSandboxEmit,
-  scanUrlAttributes,
-} from './safety-rules.js';
-import {
-  scanStyleDrift,
-  scanTokenReferences,
-} from './style-rules.js';
-import type { ValidationContext } from './types.js';
-import type {
-  ArtifactCompileResult,
-  CompiledArtifactHtml,
-  HtmlOpenToken,
-} from './types.js';
-
-export const ARTIFACT_COMPILER_VERSION = 'summon-artifact-compiler-v2';
-
-export function validateHtmlFragment(
-  html: string,
-  context: ValidationContext,
-): ContractIssue[] {
-  return compileArtifactHtml(html, context).issues;
-}
-
-export function compileArtifactHtml(
-  html: string,
-  context: ValidationContext,
-): ArtifactCompileResult {
-  const issues: ContractIssue[] = [];
-  const capabilityMap = buildCapabilityMap(context);
-  const componentMap = buildComponentMap(context);
-  const limits = normalizeValidationLimits(context.limits);
-
-  if (byteLength(html) > limits.maxSectionHtmlBytes) {
-    issues.push(
-      block(
-        'section-html-limit',
-        `Section HTML exceeds ${limits.maxSectionHtmlBytes} bytes`,
-      ),
-    );
-    return compileResult('' as CompiledArtifactHtml, issues);
-  }
-
-  const parsed = parseHtmlForValidation(html, limits, issues);
-
-  scanArtifactPolicy(parsed.elements, context, issues);
-  scanElementSafety(parsed.elements, context, issues);
-  scanUrlAttributes(parsed.elements, issues);
-  scanCss(parsed.cssSources, limits, issues);
-  scanIntentBindings(parsed.elements, capabilityMap, context, issues);
-  scanResourceAndAttributeBindings(parsed.tokens, capabilityMap, context, issues);
-  scanComponentBindings(parsed.tokens, componentMap, context, issues);
-  scanSandboxEmit(html, capabilityMap, context, issues);
-  scanTokenReferences(parsed.canonicalHtml, context.definedTokens, issues);
-  scanStyleDrift(parsed.canonicalHtml, issues);
-
-  return compileResult(parsed.canonicalHtml, dedupeIssues(issues));
-}
-
-function compileResult(html: CompiledArtifactHtml, issues: ContractIssue[]): ArtifactCompileResult {
-  return {
-    html,
-    issues,
-    compilerVersion: ARTIFACT_COMPILER_VERSION,
-  };
-}
-
-const ALLOWED_HTML_TAGS = new Set([
-  'a',
-  'abbr',
-  'address',
-  'article',
-  'aside',
-  'b',
-  'blockquote',
-  'br',
-  'button',
-  'caption',
-  'cite',
-  'code',
-  'col',
-  'colgroup',
-  'data',
-  'dd',
-  'del',
-  'details',
-  'dfn',
-  'dialog',
-  'div',
-  'dl',
-  'dt',
-  'em',
-  'fieldset',
-  'figcaption',
-  'figure',
-  'footer',
-  'form',
-  'h1',
-  'h2',
-  'h3',
-  'h4',
-  'h5',
-  'h6',
-  'header',
-  'hr',
-  'i',
-  'img',
-  'input',
-  'ins',
-  'kbd',
-  'label',
-  'legend',
-  'li',
-  'main',
-  'mark',
-  'meter',
-  'nav',
-  'ol',
-  'optgroup',
-  'option',
-  'output',
-  'p',
-  'pre',
-  'progress',
-  'q',
-  's',
-  'samp',
-  'section',
-  'select',
-  'small',
-  'span',
-  'strong',
-  'style',
-  'sub',
-  'summary',
-  'sup',
-  'table',
-  'tbody',
-  'td',
-  'template',
-  'textarea',
-  'tfoot',
-  'th',
-  'thead',
-  'time',
-  'tr',
-  'u',
-  'ul',
-  'var',
-]);
-
-const ALLOWED_SVG_TAGS = new Set([
-  'svg',
-  'g',
-  'path',
-  'rect',
-  'circle',
-  'ellipse',
-  'line',
-  'polyline',
-  'polygon',
-  'text',
-  'title',
-  'desc',
-]);
-
-const TAGS_WITH_URL_ATTRS = new Set(['a', 'img', 'svg', 'use']);
-
-const GLOBAL_ATTRS = new Set([
-  'class',
-  'id',
-  'style',
-  'title',
-  'role',
-  'tabindex',
-  'hidden',
-  'aria-hidden',
-  'aria-live',
-  'aria-label',
-  'aria-labelledby',
-  'aria-describedby',
-  'aria-expanded',
-  'aria-controls',
-  'aria-current',
-  'aria-selected',
-  'aria-disabled',
-  'aria-pressed',
-]);
-
-const HTML_ATTRS = new Map<string, Set<string>>([
-  ['a', new Set(['href', 'target', 'rel'])],
-  ['button', new Set(['type', 'name', 'value', 'disabled', 'aria-label'])],
-  ['col', new Set(['span'])],
-  ['colgroup', new Set(['span'])],
-  ['data', new Set(['value'])],
-  ['form', new Set(['name', 'autocomplete'])],
-  ['img', new Set(['src', 'srcset', 'alt', 'width', 'height', 'loading', 'decoding'])],
-  ['input', new Set(['type', 'name', 'value', 'placeholder', 'disabled', 'checked', 'required', 'readonly', 'min', 'max', 'step', 'pattern', 'autocomplete', 'inputmode', 'aria-label'])],
-  ['label', new Set(['for'])],
-  ['meter', new Set(['value', 'min', 'max', 'low', 'high', 'optimum'])],
-  ['option', new Set(['value', 'selected', 'disabled'])],
-  ['optgroup', new Set(['label', 'disabled'])],
-  ['progress', new Set(['value', 'max'])],
-  ['select', new Set(['name', 'disabled', 'required', 'multiple', 'size', 'aria-label'])],
-  ['td', new Set(['colspan', 'rowspan', 'headers'])],
-  ['textarea', new Set(['name', 'placeholder', 'disabled', 'required', 'readonly', 'rows', 'cols', 'maxlength', 'aria-label'])],
-  ['th', new Set(['colspan', 'rowspan', 'headers', 'scope'])],
-  ['time', new Set(['datetime'])],
-]);
-
-const SVG_ATTRS = new Set([
-  'aria-label',
-  'cx',
-  'cy',
-  'd',
-  'dx',
-  'dy',
-  'fill',
-  'fill-opacity',
-  'height',
-  'points',
-  'r',
-  'rx',
-  'ry',
-  'stroke',
-  'stroke-dasharray',
-  'stroke-linecap',
-  'stroke-linejoin',
-  'stroke-opacity',
-  'stroke-width',
-  'text-anchor',
-  'transform',
-  'viewbox',
-  'width',
-  'x',
-  'x1',
-  'x2',
-  'y',
-  'y1',
-  'y2',
-]);
-
-const SUMMON_ATTRS = new Set([
-  'data-summon-args',
-  'data-summon-as',
-  'data-summon-bind',
-  'data-summon-block',
-  'data-summon-component',
-  'data-summon-component-id',
-  'data-summon-foreach',
-  'data-summon-hide',
-  'data-summon-local',
-  'data-summon-motion',
-  'data-summon-node',
-  'data-summon-node-children',
-  'data-summon-on-click',
-  'data-summon-on-mount',
-  'data-summon-on-submit',
-  'data-summon-props',
-  'data-summon-resource',
-  'data-summon-resource-as',
-  'data-summon-resource-trigger',
-  'data-summon-section',
-  'data-summon-set',
-  'data-summon-show',
-  'data-summon-skeleton',
-  'data-summon-toggle',
-  'data-summon-transition',
-]);
-
-const SAFE_TAG_RE = /^[a-z][a-z0-9]*$/;
-const SAFE_CLASS_RE = /^[A-Za-z][\w-]{0,63}$/;
-const CONDITION_RE = /^!?\$?[A-Za-z_$][\w$]*(?:\.[A-Za-z_$][\w$]*)*(?:\s*(?:==|!=)\s*(?:"[^"]*"|'[^']*'))?$/;
-const MOTION_RECIPES = new Set(['rise', 'fade', 'fade-slide', 'pulse', 'pop']);
-const TRANSITION_RECIPES = new Set(['rise', 'fade', 'fade-slide', 'pop']);
-
-function scanArtifactPolicy(
-  elements: HtmlOpenToken[],
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  if (
-    context.scriptPolicy === 'allow' ||
-    (context.surfacePlan as { runtime?: string } | undefined)?.runtime === 'scripted'
-  ) {
-    issues.push(block(
-      'surface-script-policy-removed',
-      'Generated script surfaces are no longer supported; use declarative data-summon attributes',
-    ));
-  }
-  for (const element of elements) {
-    validateAllowedTag(element, issues);
-    validateAllowedAttributes(element, issues);
-  }
-}
-
-function validateAllowedTag(element: HtmlOpenToken, issues: ContractIssue[]): void {
-  if (ALLOWED_HTML_TAGS.has(element.tagName) || ALLOWED_SVG_TAGS.has(element.tagName)) return;
-  if (element.tagName === 'script') return;
-  if (!SAFE_TAG_RE.test(element.tagName) || element.tagName.includes('-')) {
-    issues.push(block('unsafe-tag', `Custom element <${element.tagName}> is not allowed`));
-    return;
-  }
-  issues.push(block('unsafe-tag', `HTML tag <${element.tagName}> is not allowed in Summon artifacts`));
-}
-
-function validateAllowedAttributes(element: HtmlOpenToken, issues: ContractIssue[]): void {
-  for (const [attr, value] of element.attrs) {
-    if (/^on[a-z]+$/.test(attr)) continue;
-    if (isAllowedSummonAttr(attr)) {
-      validateSummonAttr(attr, value, issues);
-      continue;
-    }
-    if (attr.startsWith('data-summon-')) {
-      issues.push(block('unknown-summon-attribute', `Unknown Summon attribute "${attr}"`));
-      continue;
-    }
-    if (attr.startsWith('data-')) {
-      issues.push(block('unsafe-attribute', `Generated data attribute "${attr}" is not allowed`));
-      continue;
-    }
-    if (GLOBAL_ATTRS.has(attr) || attr.startsWith('aria-')) continue;
-    if (ALLOWED_SVG_TAGS.has(element.tagName) && SVG_ATTRS.has(attr)) continue;
-    if (HTML_ATTRS.get(element.tagName)?.has(attr)) continue;
-    if (TAGS_WITH_URL_ATTRS.has(element.tagName) && (attr === 'href' || attr === 'src')) continue;
-    issues.push(block('unsafe-attribute', `Attribute "${attr}" is not allowed on <${element.tagName}>`));
-  }
-}
-
-function isAllowedSummonAttr(attr: string): boolean {
-  return SUMMON_ATTRS.has(attr) ||
-    attr.startsWith('data-summon-attr-') ||
-    attr.startsWith('data-summon-class-');
-}
-
-function validateSummonAttr(attr: string, value: string, issues: ContractIssue[]): void {
-  if (attr === 'data-summon-local') {
-    try {
-      const parsed = JSON.parse(value);
-      if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-        issues.push(block('invalid-local-state', '`data-summon-local` must be a JSON object'));
-      }
-    } catch {
-      issues.push(block('invalid-local-state', '`data-summon-local` must be valid JSON'));
-    }
-  }
-  if (
-    attr === 'data-summon-show' ||
-    attr === 'data-summon-hide' ||
-    attr === 'data-summon-attr-disabled'
-  ) {
-    validateConditionExpression(attr, value, issues);
-  }
-  if (attr.startsWith('data-summon-class-')) {
-    const className = attr.slice('data-summon-class-'.length);
-    if (!SAFE_CLASS_RE.test(className)) {
-      issues.push(block('invalid-class-binding', `Class binding "${attr}" has an invalid class name`));
-    }
-    validateConditionExpression(attr, value, issues);
-  }
-  if (attr === 'data-summon-motion') {
-    for (const part of value.split(';')) {
-      const trimmed = part.trim();
-      if (!trimmed) continue;
-      const match = trimmed.match(/^(enter|update):([a-z][a-z0-9-]{0,31})$/);
-      if (!match) {
-        issues.push(block('invalid-motion', '`data-summon-motion` must use enter:<recipe> or update:<recipe> entries'));
-        continue;
-      }
-      const recipe = match[2]!;
-      if (!MOTION_RECIPES.has(recipe)) {
-        issues.push(block('invalid-motion', `Unknown motion recipe "${recipe}"`));
-      }
-    }
-  }
-  if (attr === 'data-summon-transition') {
-    const recipe = value.trim();
-    if (!/^[a-z][a-z0-9-]{0,31}$/.test(recipe) || !TRANSITION_RECIPES.has(recipe)) {
-      issues.push(block('invalid-transition', '`data-summon-transition` must name a supported transition recipe'));
-    }
-  }
-  if (attr === 'data-summon-set' && !/^[A-Za-z_$][\w$]{0,39}\s*=\s*[^=].{0,80}$/.test(value.trim())) {
-    issues.push(block('invalid-local-state-action', '`data-summon-set` must use key=value syntax'));
-  }
-  if (attr === 'data-summon-toggle' && !/^[A-Za-z_$][\w$]{0,39}$/.test(value.trim())) {
-    issues.push(block('invalid-local-state-action', '`data-summon-toggle` must name one local state key'));
-  }
-}
-
-function validateConditionExpression(attr: string, value: string, issues: ContractIssue[]): void {
-  const condition = value.trim();
-  if (!condition || !CONDITION_RE.test(condition)) {
-    issues.push(block(
-      'invalid-condition',
-      `"${attr}" must be a truthy path, !path, path == "literal", or path != "literal"`,
-    ));
-  }
-}
diff --git a/packages/engine/src/runtime-validator/protocol.ts b/packages/engine/src/runtime-validator/protocol.ts
index f3f7ddd..32fdbf3 100644
--- a/packages/engine/src/runtime-validator/protocol.ts
+++ b/packages/engine/src/runtime-validator/protocol.ts
@@ -1,20 +1,10 @@
-import {
-  blockTargetFromPath,
-  htmlNodeTargetFromPath,
-  sectionIdFromSectionPath,
-  type ProtocolLine,
-} from '../protocol.js';
+import type { ContractIssue } from '../contracts.js';
+import type { ProtocolLine } from '../protocol.js';
+import { validateArrowSurfaceArtifact } from '../arrow-artifact.js';
 import { normalizeValidationLimits } from '../validation-limits.js';
 import { protocolBlock } from './issues.js';
-import { validateHtmlFragment } from './html.js';
-import { parseHtmlForValidation } from './html-parser.js';
 import type { ValidationContext } from './types.js';
-import type { ContractIssue } from '../contracts.js';
 
-const SECTION_ID_RE = /^[a-z][a-z0-9-]{0,19}$/;
-const BLOCK_ID_RE = SECTION_ID_RE;
-const NODE_ID_RE = SECTION_ID_RE;
-const MAX_BLOCKS_PER_SECTION = 8;
 const META_PATH_RE = /^\/[a-z][a-z0-9-/]{0,119}$/;
 const HOST_OWNED_META_PATHS = new Set(['/surface-policy', '/surface-plan', '/surface-contract']);
 
@@ -39,179 +29,16 @@ export function validateProtocolLine(
     return issues;
   }
 
-  if (line.op === 'set') {
-    if (line.path === '/screen') {
-      const value = line.value as { sections?: unknown } | undefined;
-      if (!value || !Array.isArray(value.sections)) {
-        issues.push(protocolBlock('invalid-screen-value', 'Screen value must include a sections array', line.path));
-        return issues;
-      }
-      if (value.sections.length < 1 || value.sections.length > limits.maxSections) {
-        issues.push(
-          protocolBlock(
-            'invalid-section-count',
-            `Screen must declare 1 to ${limits.maxSections} sections`,
-            line.path,
-          ),
-        );
-      }
-      const seen = new Set<string>();
-      for (const section of value.sections) {
-        if (typeof section !== 'string' || !SECTION_ID_RE.test(section)) {
-          issues.push(
-            protocolBlock('invalid-section-id', `Invalid section id "${String(section)}"`, line.path),
-          );
-          continue;
-        }
-        if (seen.has(section)) {
-          issues.push(protocolBlock('duplicate-section-id', `Duplicate section id "${section}"`, line.path));
-        }
-        seen.add(section);
-      }
-      return issues;
-    }
-
-    const sectionId = sectionIdFromSectionPath(line.path);
-    if (!sectionId) {
-      issues.push(protocolBlock('invalid-set-path', `Unsupported set path "${line.path}"`, line.path));
-      return issues;
-    }
-
-    if (!SECTION_ID_RE.test(sectionId)) {
-      issues.push(protocolBlock('invalid-section-path', `Invalid section path "${line.path}"`, line.path));
-    }
-
-    const value = line.value as { blocks?: unknown } | undefined;
-    if (!value || !Array.isArray(value.blocks)) {
-      issues.push(protocolBlock('invalid-block-value', 'Section value must include a blocks array', line.path));
+  if (line.op === 'artifact') {
+    if (!line.value || typeof line.value !== 'object') {
+      issues.push(protocolBlock('invalid-arrow-artifact', 'Artifact line value must be an Arrow artifact object', line.path));
       return issues;
     }
-    if (value.blocks.length < 1 || value.blocks.length > MAX_BLOCKS_PER_SECTION) {
-      issues.push(
-        protocolBlock(
-          'invalid-block-count',
-          `Section must declare 1 to ${MAX_BLOCKS_PER_SECTION} blocks`,
-          line.path,
-        ),
-      );
-    }
-    const seen = new Set<string>();
-    for (const block of value.blocks) {
-      if (typeof block !== 'string' || !BLOCK_ID_RE.test(block)) {
-        issues.push(
-          protocolBlock('invalid-block-id', `Invalid block id "${String(block)}"`, line.path),
-        );
-        continue;
-      }
-      if (seen.has(block)) {
-        issues.push(protocolBlock('duplicate-block-id', `Duplicate block id "${block}"`, line.path));
-      }
-      seen.add(block);
-    }
-    return issues;
+    issues.push(...validateArrowSurfaceArtifact(line.value as never, {
+      maxSourceBytes: limits.maxProtocolLineBytes,
+      network: context.surfacePlan?.network ?? 'none',
+    }));
   }
 
-  if (line.op === 'add') {
-    const blockTarget = blockTargetFromPath(line.path);
-    const nodeTarget = htmlNodeTargetFromPath(line.path);
-    const sectionId = sectionIdFromSectionPath(line.path);
-    if (!sectionId && !blockTarget && !nodeTarget) {
-      issues.push(protocolBlock('invalid-add-path', `Unsupported add path "${line.path}"`, line.path));
-      return issues;
-    }
-    if (nodeTarget) {
-      if (context.experimentalFragmentMode !== 'html-node-v0') {
-        issues.push(protocolBlock(
-          'experimental-node-fragment-disabled',
-          'HTML node fragments are only accepted when html-node-v0 is enabled',
-          line.path,
-        ));
-        return issues;
-      }
-      if (!SECTION_ID_RE.test(nodeTarget.sectionId) || !NODE_ID_RE.test(nodeTarget.nodeId)) {
-        issues.push(protocolBlock('invalid-node-path', `Invalid node path "${line.path}"`, line.path));
-      }
-      if (line.parent !== undefined) {
-        if (!NODE_ID_RE.test(line.parent)) {
-          issues.push(protocolBlock('invalid-node-parent', `Invalid node parent "${line.parent}"`, line.path));
-        }
-        if (line.parent === nodeTarget.nodeId) {
-          issues.push(protocolBlock('invalid-node-parent', 'Node parent cannot be itself', line.path));
-        }
-      }
-      if (line.html !== undefined && typeof line.html !== 'string') {
-        issues.push(protocolBlock('invalid-node-html', 'Node html must be a string', line.path));
-        return issues;
-      }
-      issues.push(...validateHtmlFragment(line.html ?? '', context).map((issue) => ({
-        ...issue,
-        path: issue.path ?? line.path,
-      })));
-      issues.push(...validateHtmlNodeShape(line.html ?? '', nodeTarget.nodeId, context).map((issue) => ({
-        ...issue,
-        path: issue.path ?? line.path,
-      })));
-      return issues;
-    }
-    if (sectionId && !SECTION_ID_RE.test(sectionId)) {
-      issues.push(protocolBlock('invalid-section-path', `Invalid section path "${line.path}"`, line.path));
-    }
-    if (blockTarget && (!SECTION_ID_RE.test(blockTarget.sectionId) || !BLOCK_ID_RE.test(blockTarget.blockId))) {
-      issues.push(protocolBlock('invalid-block-path', `Invalid block path "${line.path}"`, line.path));
-    }
-    if (line.html !== undefined && typeof line.html !== 'string') {
-      issues.push(protocolBlock('invalid-section-html', 'Section html must be a string', line.path));
-      return issues;
-    }
-    issues.push(...validateHtmlFragment(line.html ?? '', context).map((issue) => ({
-      ...issue,
-      path: issue.path ?? line.path,
-    })));
-  }
-
-  return issues;
-}
-
-function validateHtmlNodeShape(
-  html: string,
-  expectedNodeId: string,
-  context: ValidationContext,
-): ContractIssue[] {
-  const issues: ContractIssue[] = [];
-  const parseIssues: ContractIssue[] = [];
-  const parsed = parseHtmlForValidation(html, normalizeValidationLimits(context.limits), parseIssues);
-  let depth = 0;
-  let rootCount = 0;
-  let rootNodeId: string | undefined;
-
-  for (const token of parsed.tokens) {
-    if (token.kind === 'open') {
-      if (depth === 0) {
-        rootCount += 1;
-        rootNodeId = token.attrs.get('data-summon-node');
-      } else if (token.attrs.has('data-summon-node')) {
-        issues.push(protocolBlock(
-          'nested-node-id',
-          'Node patch HTML must not contain nested data-summon-node attributes',
-        ));
-      }
-      if (!token.selfClosing) depth += 1;
-    } else if (depth > 0) {
-      depth -= 1;
-    }
-  }
-
-  if (rootCount !== 1) {
-    issues.push(protocolBlock(
-      'invalid-node-html',
-      'Node patch HTML must contain exactly one top-level element',
-    ));
-  }
-  if (rootNodeId !== expectedNodeId) {
-    issues.push(protocolBlock(
-      'node-root-mismatch',
-      `Node patch root must include data-summon-node="${expectedNodeId}"`,
-    ));
-  }
   return issues;
 }
diff --git a/packages/engine/src/runtime-validator/safety-rules.ts b/packages/engine/src/runtime-validator/safety-rules.ts
deleted file mode 100644
index c1bcc8e..0000000
--- a/packages/engine/src/runtime-validator/safety-rules.ts
+++ /dev/null
@@ -1,173 +0,0 @@
-import postcss from 'postcss';
-import valueParser from 'postcss-value-parser';
-import type { ScriptPolicy } from '../prompt.js';
-import type { ContractIssue } from '../contracts.js';
-import type { ValidationLimits } from '../validation-limits.js';
-import { validateSurfaceCapability } from './capabilities.js';
-import { block, byteLength } from './issues.js';
-import type {
-  HtmlOpenToken,
-  RuntimeCapability,
-  ValidationContext,
-} from './types.js';
-
-const UNSAFE_TAGS = new Set([
-  'iframe',
-  'object',
-  'embed',
-  'link',
-  'meta',
-  'base',
-  'frame',
-  'frameset',
-  'portal',
-]);
-const URL_ATTRS = new Set(['src', 'href', 'action', 'poster', 'srcset']);
-const EMIT_LITERAL_RE = /\bsandbox\.emit\s*\(\s*(['"])([a-zA-Z][a-zA-Z0-9_]{0,39})\1/g;
-const ALLOWED_AT_RULES = new Set([
-  'media',
-  'container',
-  'supports',
-  'keyframes',
-  '-webkit-keyframes',
-]);
-
-export function scanElementSafety(
-  elements: HtmlOpenToken[],
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  if (elements.some((element) => UNSAFE_TAGS.has(element.tagName))) {
-    issues.push(block('unsafe-tag', 'HTML contains a tag that is not allowed in Summon artifacts'));
-  }
-  const hasScriptTag = elements.some((element) => element.tagName === 'script');
-  if (context.mode === 'static' && hasScriptTag) {
-    issues.push(block('static-script', 'Static generations cannot include script tags'));
-  } else if (effectiveScriptPolicy(context) === 'forbid' && hasScriptTag) {
-    issues.push(block('script-not-granted', 'This generation is declarative-only; script tags are not granted'));
-  }
-  if (elements.some((element) => hasInlineHandler(element.attrs))) {
-    issues.push(block('inline-handler', 'Inline event-handler attributes are not allowed'));
-  }
-}
-
-export function scanUrlAttributes(elements: HtmlOpenToken[], issues: ContractIssue[]): void {
-  for (const element of elements) {
-    for (const [attr, rawValue] of element.attrs) {
-      if (!URL_ATTRS.has(attr)) continue;
-      const value = rawValue.trim();
-      if (!value) continue;
-      if (attr === 'srcset') {
-        for (const part of value.split(',')) {
-          const candidate = part.trim().split(/\s+/, 1)[0] ?? '';
-          if (isBlockedUrl(candidate, true)) {
-            issues.push(block('external-url', `External asset URL is not allowed: ${candidate}`));
-          }
-        }
-        continue;
-      }
-      const isAsset = attr !== 'href';
-      if (isBlockedUrl(value, isAsset)) {
-        issues.push(block('external-url', `External URL is not allowed: ${value}`));
-      }
-    }
-  }
-}
-
-export function scanCss(
-  cssSources: string[],
-  limits: ValidationLimits,
-  issues: ContractIssue[],
-): void {
-  for (const css of cssSources) {
-    if (!css.trim()) continue;
-    if (byteLength(css) > limits.maxCssBytes) {
-      issues.push(block('css-size-limit', `Inline CSS exceeds ${limits.maxCssBytes} bytes`));
-      continue;
-    }
-    let root: postcss.Root;
-    try {
-      root = postcss.parse(css);
-    } catch {
-      issues.push(block('invalid-css', 'Inline CSS could not be parsed'));
-      continue;
-    }
-    root.walkAtRules((rule) => {
-      const name = rule.name.toLowerCase();
-      if (name === 'import') {
-        issues.push(block('css-import', 'External CSS imports are not allowed'));
-      } else if (!ALLOWED_AT_RULES.has(name)) {
-        issues.push(block('css-at-rule', `CSS @${rule.name} rules are not allowed`));
-      }
-      scanCssValue(rule.params, issues);
-    });
-    root.walkDecls((decl) => {
-      scanCssValue(decl.value, issues);
-    });
-  }
-}
-
-export function scanSandboxEmit(
-  html: string,
-  capabilityMap: Map<string, RuntimeCapability>,
-  context: ValidationContext,
-  issues: ContractIssue[],
-): void {
-  let match: RegExpExecArray | null;
-  EMIT_LITERAL_RE.lastIndex = 0;
-  while ((match = EMIT_LITERAL_RE.exec(html)) !== null) {
-    const intent = match[2]!;
-    const capability = capabilityMap.get(intent);
-    if (!capability) {
-      issues.push(block('unknown-intent', `Intent "${intent}" is not granted`));
-    } else {
-      validateSurfaceCapability(capability, context, issues);
-    }
-  }
-}
-
-function effectiveScriptPolicy(_context: ValidationContext): ScriptPolicy {
-  return 'forbid';
-}
-
-function hasInlineHandler(attrs: Map<string, string>): boolean {
-  for (const attr of attrs.keys()) {
-    if (/^on[a-z]+$/.test(attr)) return true;
-  }
-  return false;
-}
-
-export function isBlockedUrl(value: string, isAsset: boolean): boolean {
-  const url = value.trim().toLowerCase();
-  if (!url || url.startsWith('#')) return false;
-  if (url.startsWith('data:')) return false;
-  if (url.startsWith('javascript:')) return true;
-  if (/^[a-z][a-z0-9+.-]*:/.test(url)) return true;
-  if (url.startsWith('//')) return true;
-  return isAsset;
-}
-
-function scanCssValue(value: string, issues: ContractIssue[]): void {
-  const parsed = valueParser(value);
-  parsed.walk((node) => {
-    if (node.type !== 'function') return;
-    if (cssIdent(node.value) !== 'url') return;
-    const raw = valueParser.stringify(node.nodes).trim().replace(/^['"]|['"]$/g, '');
-    const decoded = cssIdent(raw).trim();
-    if (isBlockedUrl(decoded, true)) {
-      issues.push(block('external-url', `External CSS asset URL is not allowed: ${decoded}`));
-    }
-  });
-}
-
-function cssIdent(value: string): string {
-  return value
-    .replace(/\\([0-9a-fA-F]{1,6}\s?|.)/g, (_, escaped: string) => {
-      const hex = escaped.trim();
-      if (/^[0-9a-fA-F]+$/.test(hex)) {
-        return String.fromCodePoint(Number.parseInt(hex, 16));
-      }
-      return escaped;
-    })
-    .toLowerCase();
-}
diff --git a/packages/engine/src/runtime-validator/style-rules.ts b/packages/engine/src/runtime-validator/style-rules.ts
deleted file mode 100644
index dd1d81e..0000000
--- a/packages/engine/src/runtime-validator/style-rules.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-import type { ContractIssue } from '../contracts.js';
-import { warn } from './issues.js';
-
-const TOKEN_RE = /var\(--([a-zA-Z0-9_-]+)/g;
-const HEX_RE = /#[0-9a-fA-F]{3,8}\b/g;
-const CSS_COLOR_FN_RE = /\b(?:rgb|rgba|hsl|hsla|oklch|oklab|lab|lch)\s*\(/gi;
-const PX_RE = /(?:^|[^\w-])(-?\d+(?:\.\d+)?px)\b/g;
-
-export function scanTokenReferences(
-  html: string,
-  definedTokens: ReadonlySet<string> | undefined,
-  issues: ContractIssue[],
-): void {
-  if (!definedTokens) return;
-  let match: RegExpExecArray | null;
-  TOKEN_RE.lastIndex = 0;
-  while ((match = TOKEN_RE.exec(html)) !== null) {
-    const token = match[1]!;
-    if (!definedTokens.has(token)) {
-      issues.push(warn('unknown-token', `Token --${token} is not defined`));
-    }
-  }
-}
-
-export function scanStyleDrift(html: string, issues: ContractIssue[]): void {
-  if (HEX_RE.test(html)) {
-    issues.push(warn('raw-color', 'Raw color literal found; prefer color tokens'));
-  }
-  HEX_RE.lastIndex = 0;
-  if (CSS_COLOR_FN_RE.test(html)) {
-    issues.push(warn('raw-color', 'Raw CSS color function found; prefer color tokens'));
-  }
-  CSS_COLOR_FN_RE.lastIndex = 0;
-  if (PX_RE.test(html)) {
-    issues.push(warn('raw-px', 'Raw px value found; prefer spacing/type/radius tokens'));
-  }
-  PX_RE.lastIndex = 0;
-}
diff --git a/packages/engine/src/runtime-validator/types.ts b/packages/engine/src/runtime-validator/types.ts
index b4e127e..b67b0c2 100644
--- a/packages/engine/src/runtime-validator/types.ts
+++ b/packages/engine/src/runtime-validator/types.ts
@@ -1,115 +1,32 @@
 import type {
   ActionStateKeys,
-  CapabilityKind,
-  CapabilityStateKeys,
-  CapabilityTrigger,
-} from '../capability-contract.js';
-import type { ContractIssue } from '../contracts.js';
-import type { ScriptPolicy } from '../prompt.js';
-import type { CapabilitySurface, ComponentSurface, SurfacePlan } from '../surface-plan.js';
+  ToolKind,
+  ToolStateKeys,
+  ToolTrigger,
+} from '../tool-contract.js';
+import type { ToolSurface, ComponentSurface, SurfacePlan } from '../surface-plan.js';
 import type { ValidationLimits } from '../validation-limits.js';
 
 export interface ValidationContext {
   mode: 'static' | 'interactive';
-  scriptPolicy?: ScriptPolicy;
-  experimentalFragmentMode?: 'section' | 'block-v0' | 'html-node-v0';
-  allowedIntents?: Iterable<string>;
-  capabilities?: Iterable<ValidationCapability>;
+  allowedTools?: Iterable<string>;
+  tools?: Iterable<ValidationTool>;
   components?: Iterable<ValidationComponent>;
   definedTokens?: ReadonlySet<string>;
   surfacePlan?: SurfacePlan;
   limits?: Partial<ValidationLimits>;
 }
 
-declare const compiledArtifactHtmlBrand: unique symbol;
-declare const compiledHtmlNodePatchBrand: unique symbol;
-
-export type CompiledArtifactHtml = string & {
-  readonly [compiledArtifactHtmlBrand]: true;
-};
-
-export interface CompiledHtmlNodePatch {
-  readonly [compiledHtmlNodePatchBrand]?: true;
-  sectionId: string;
-  nodeId: string;
-  parentId?: string;
-  html: CompiledArtifactHtml;
-}
-
-export interface ArtifactCompileResult {
-  html: CompiledArtifactHtml;
-  issues: ContractIssue[];
-  compilerVersion: string;
-}
-
-export interface ValidationCapability {
+export interface ValidationTool {
   name: string;
-  kind?: CapabilityKind;
-  triggers?: CapabilityTrigger[];
-  stateKeys?: CapabilityStateKeys;
+  kind?: ToolKind;
+  triggers?: ToolTrigger[];
+  stateKeys?: ToolStateKeys;
   actionStateKeys?: ActionStateKeys;
-  surface?: CapabilitySurface;
+  surface?: ToolSurface;
 }
 
 export interface ValidationComponent {
   name: string;
   surface?: ComponentSurface;
 }
-
-export interface RuntimeCapability {
-  name: string;
-  kind: CapabilityKind;
-  triggers: Set<CapabilityTrigger>;
-  stateKeys?: CapabilityStateKeys;
-  actionStateKeys?: ActionStateKeys;
-  surface?: CapabilitySurface;
-}
-
-export interface ResourceUsage {
-  name: string;
-  alias: string;
-  hasTrigger: boolean;
-  hasLoadingBinding: boolean;
-  hasErrorBinding: boolean;
-  hasDataBinding: boolean;
-  hasEmptyState: boolean;
-  hasEmptyBinding: boolean;
-}
-
-export interface ResourceScope {
-  name: string;
-  alias: string;
-  capability: RuntimeCapability;
-  usage?: ResourceUsage;
-}
-
-export interface RuntimeComponent {
-  name: string;
-  surface?: ComponentSurface;
-}
-
-export interface TagFrame {
-  tagName: string;
-  resource?: ResourceScope;
-}
-
-export interface HtmlOpenToken {
-  kind: 'open';
-  tagName: string;
-  attrs: Map<string, string>;
-  selfClosing: boolean;
-}
-
-export interface HtmlCloseToken {
-  kind: 'close';
-  tagName: string;
-}
-
-export type HtmlTraversalToken = HtmlOpenToken | HtmlCloseToken;
-
-export interface ParsedHtmlFragment {
-  tokens: HtmlTraversalToken[];
-  elements: HtmlOpenToken[];
-  cssSources: string[];
-  canonicalHtml: CompiledArtifactHtml;
-}
diff --git a/packages/engine/src/section-accumulator.ts b/packages/engine/src/section-accumulator.ts
deleted file mode 100644
index 1d94f33..0000000
--- a/packages/engine/src/section-accumulator.ts
+++ /dev/null
@@ -1,468 +0,0 @@
-import {
-  blockTargetFromPath,
-  htmlNodePatchFromLine,
-  sectionIdFromSectionPath,
-  type HtmlNodePatch,
-  type ProtocolLine,
-} from './protocol.js';
-
-export interface SectionSnapshotEntry {
-  id: string;
-  html: string;
-}
-
-export interface SectionAccumulatorSnapshot {
-  sections: SectionSnapshotEntry[];
-}
-
-export type SectionApplyKind = 'screen' | 'section' | 'none';
-
-export interface SectionApplyResult {
-  changed: boolean;
-  kind: SectionApplyKind;
-  sectionId?: string;
-  blockId?: string;
-  nodeId?: string;
-  nodePatch?: HtmlNodePatch;
-  orderChanged?: boolean;
-  htmlChanged?: boolean;
-  blockChanged?: boolean;
-  nodeChanged?: boolean;
-}
-
-type OpaqueSectionState = {
-  kind: 'opaque';
-  html: string;
-};
-
-type BlockSectionState = {
-  kind: 'blocks';
-  blockOrder: string[];
-  blockMap: Map<string, string>;
-};
-
-type HtmlNodeEntry = {
-  html: string;
-  parentId?: string;
-};
-
-type HtmlNodeSectionState = {
-  kind: 'nodes';
-  nodeOrder: string[];
-  nodeMap: Map<string, HtmlNodeEntry>;
-};
-
-type SectionState = OpaqueSectionState | BlockSectionState | HtmlNodeSectionState;
-
-/**
- * Applies streaming protocol lines into a mutable section map. Call compose()
- * to produce the HTML payload the host pushes to the sandbox.
- *
- * Sections are variable: the LLM declares structure via `set /screen`
- * (e.g., `{sections: ["hero","itinerary","budget"]}`). If a section is added
- * that wasn't declared, it's appended to the order — forgiving in case the
- * LLM skips the declaration line.
- */
-export class SectionAccumulator {
-  private sectionMap: Map<string, SectionState> = new Map();
-  private sectionOrder: string[] = [];
-
-  /** Returns true if the line changed state (for change detection in render loops). */
-  apply(line: ProtocolLine): boolean {
-    return this.applyDetailed(line).changed;
-  }
-
-  applyDetailed(line: ProtocolLine): SectionApplyResult {
-    if (line.op === 'set' && line.path === '/screen') {
-      const val = line.value as { sections?: unknown } | undefined;
-      if (val && Array.isArray(val.sections)) {
-        const next = val.sections.filter((s): s is string => typeof s === 'string');
-        if (next.length > 0) {
-          const changed = !sameOrder(this.sectionOrder, next);
-          this.sectionOrder = next;
-          return { changed, kind: 'screen', orderChanged: changed };
-        }
-      }
-      return { changed: false, kind: 'none' };
-    }
-
-    if (line.op === 'set' && line.path.startsWith('/section/')) {
-      const id = sectionIdFromSectionPath(line.path);
-      if (!id) return { changed: false, kind: 'none' };
-      const value = line.value as { blocks?: unknown } | undefined;
-      if (!value || !Array.isArray(value.blocks)) return { changed: false, kind: 'none' };
-      const next = value.blocks.filter((block): block is string => typeof block === 'string');
-      if (next.length === 0) return { changed: false, kind: 'none' };
-
-      const prev = this.sectionMap.get(id);
-      const prevOrder = prev?.kind === 'blocks' ? prev.blockOrder : [];
-      const changed = prev?.kind !== 'blocks' || !sameOrder(prevOrder, next);
-      const state = this.ensureBlockSection(id);
-      state.blockOrder = next;
-      for (const blockId of Array.from(state.blockMap.keys())) {
-        if (!next.includes(blockId)) state.blockMap.delete(blockId);
-      }
-      return {
-        changed,
-        kind: 'section',
-        sectionId: id,
-        orderChanged: changed,
-      };
-    }
-
-    if (line.op === 'add' && line.path.startsWith('/section/')) {
-      const nodePatch = htmlNodePatchFromLine(line);
-      if (nodePatch) {
-        const state = this.ensureNodeSection(nodePatch.sectionId);
-        const prev = state.nodeMap.get(nodePatch.nodeId);
-        const orderChanged = !state.nodeOrder.includes(nodePatch.nodeId);
-        if (orderChanged) state.nodeOrder.push(nodePatch.nodeId);
-        const parentChanged = prev?.parentId !== nodePatch.parentId;
-        if (prev?.html === nodePatch.html && !orderChanged && !parentChanged) {
-          return {
-            changed: false,
-            kind: 'section',
-            sectionId: nodePatch.sectionId,
-            nodeId: nodePatch.nodeId,
-            nodePatch,
-          };
-        }
-        state.nodeMap.set(nodePatch.nodeId, {
-          html: nodePatch.html,
-          ...(nodePatch.parentId ? { parentId: nodePatch.parentId } : {}),
-        });
-        return {
-          changed: true,
-          kind: 'section',
-          sectionId: nodePatch.sectionId,
-          nodeId: nodePatch.nodeId,
-          nodePatch,
-          orderChanged: orderChanged || parentChanged,
-          htmlChanged: prev?.html !== nodePatch.html,
-          nodeChanged: prev?.html !== nodePatch.html || parentChanged,
-        };
-      }
-
-      const blockTarget = blockTargetFromPath(line.path);
-      if (blockTarget) {
-        const html = typeof line.html === 'string' ? line.html : '';
-        const state = this.ensureBlockSection(blockTarget.sectionId);
-        const prev = state.blockMap.get(blockTarget.blockId);
-        const orderChanged = !state.blockOrder.includes(blockTarget.blockId);
-        if (orderChanged) state.blockOrder.push(blockTarget.blockId);
-        if (prev === html && !orderChanged) {
-          return {
-            changed: false,
-            kind: 'section',
-            sectionId: blockTarget.sectionId,
-            blockId: blockTarget.blockId,
-          };
-        }
-        state.blockMap.set(blockTarget.blockId, html);
-        return {
-          changed: true,
-          kind: 'section',
-          sectionId: blockTarget.sectionId,
-          blockId: blockTarget.blockId,
-          orderChanged,
-          htmlChanged: prev !== html,
-          blockChanged: prev !== html,
-        };
-      }
-
-      const id = sectionIdFromSectionPath(line.path);
-      if (!id) return { changed: false, kind: 'none' };
-      const html = typeof line.html === 'string' ? line.html : '';
-      const prev = this.sectionMap.get(id);
-      const prevHtml = prev ? composeSectionInner(prev) : undefined;
-      if (prevHtml === html && this.sectionOrder.includes(id)) {
-        return { changed: false, kind: 'section', sectionId: id };
-      }
-      this.sectionMap.set(id, { kind: 'opaque', html });
-      const orderChanged = !this.sectionOrder.includes(id);
-      if (!this.sectionOrder.includes(id)) {
-        this.sectionOrder.push(id);
-      }
-      return {
-        changed: true,
-        kind: 'section',
-        sectionId: id,
-        orderChanged,
-        htmlChanged: prevHtml !== html,
-      };
-    }
-
-    return { changed: false, kind: 'none' };
-  }
-
-  compose(): string {
-    const parts: string[] = [];
-    for (const id of this.sectionOrder) {
-      const state = this.sectionMap.get(id);
-      if (state === undefined) continue;
-      const html = composeSectionInner(state);
-      parts.push(`<section data-summon-section="${escapeAttr(id)}">\n${html}\n</section>`);
-    }
-    return parts.join('\n');
-  }
-
-  hasAnySection(): boolean {
-    return this.sectionMap.size > 0;
-  }
-
-  snapshot(): SectionAccumulatorSnapshot {
-    const sections: SectionSnapshotEntry[] = [];
-    const seen = new Set<string>();
-    for (const id of this.sectionOrder) {
-      const state = this.sectionMap.get(id);
-      if (state === undefined) continue;
-      sections.push({ id, html: composeSectionInner(state) });
-      seen.add(id);
-    }
-    for (const [id, state] of this.sectionMap) {
-      if (seen.has(id)) continue;
-      sections.push({ id, html: composeSectionInner(state) });
-    }
-    return { sections };
-  }
-
-  hydrate(snapshot: SectionAccumulatorSnapshot): void {
-    this.reset();
-    for (const section of snapshot.sections) {
-      this.sectionOrder.push(section.id);
-      this.sectionMap.set(section.id, { kind: 'opaque', html: section.html });
-    }
-  }
-
-  static fromSnapshot(snapshot: SectionAccumulatorSnapshot): SectionAccumulator {
-    const acc = new SectionAccumulator();
-    acc.hydrate(snapshot);
-    return acc;
-  }
-
-  reset(): void {
-    this.sectionMap.clear();
-    this.sectionOrder = [];
-  }
-
-  private ensureBlockSection(id: string): BlockSectionState {
-    const existing = this.sectionMap.get(id);
-    if (existing?.kind === 'blocks') return existing;
-    const state: BlockSectionState = {
-      kind: 'blocks',
-      blockOrder: [],
-      blockMap: new Map(),
-    };
-    this.sectionMap.set(id, state);
-    if (!this.sectionOrder.includes(id)) {
-      this.sectionOrder.push(id);
-    }
-    return state;
-  }
-
-  private ensureNodeSection(id: string): HtmlNodeSectionState {
-    const existing = this.sectionMap.get(id);
-    if (existing?.kind === 'nodes') return existing;
-    const state: HtmlNodeSectionState = {
-      kind: 'nodes',
-      nodeOrder: [],
-      nodeMap: new Map(),
-    };
-    this.sectionMap.set(id, state);
-    if (!this.sectionOrder.includes(id)) {
-      this.sectionOrder.push(id);
-    }
-    return state;
-  }
-}
-
-function sameOrder(a: string[], b: string[]): boolean {
-  if (a.length !== b.length) return false;
-  for (let i = 0; i < a.length; i++) {
-    if (a[i] !== b[i]) return false;
-  }
-  return true;
-}
-
-function escapeAttr(s: string): string {
-  return s.replaceAll('&', '&amp;').replaceAll('"', '&quot;').replaceAll('<', '&lt;');
-}
-
-function composeSectionInner(state: SectionState): string {
-  if (state.kind === 'opaque') return state.html;
-  if (state.kind === 'nodes') return composeNodeSectionInner(state);
-  const parts: string[] = [];
-  const seen = new Set<string>();
-  for (const id of state.blockOrder) {
-    const html = state.blockMap.get(id);
-    if (html === undefined) continue;
-    seen.add(id);
-    parts.push(`<div data-summon-block="${escapeAttr(id)}">\n${html}\n</div>`);
-  }
-  for (const [id, html] of state.blockMap) {
-    if (seen.has(id)) continue;
-    parts.push(`<div data-summon-block="${escapeAttr(id)}">\n${html}\n</div>`);
-  }
-  return parts.join('\n');
-}
-
-function composeNodeSectionInner(state: HtmlNodeSectionState): string {
-  const parts: string[] = [];
-  const visited = new Set<string>();
-  for (const id of state.nodeOrder) {
-    const entry = state.nodeMap.get(id);
-    if (!entry || entry.parentId) continue;
-    parts.push(composeNode(id, state, visited));
-  }
-  for (const id of state.nodeOrder) {
-    if (visited.has(id)) continue;
-    parts.push(composeNode(id, state, visited));
-  }
-  return parts.join('\n');
-}
-
-function composeNode(
-  id: string,
-  state: HtmlNodeSectionState,
-  visited: Set<string>,
-): string {
-  if (visited.has(id)) return '';
-  visited.add(id);
-  const entry = state.nodeMap.get(id);
-  if (!entry) return '';
-  const children = childIdsFor(id, state)
-    .map((childId) => composeNode(childId, state, visited))
-    .filter(Boolean)
-    .join('\n');
-  return children ? injectChildren(entry.html, children) : entry.html;
-}
-
-function childIdsFor(parentId: string, state: HtmlNodeSectionState): string[] {
-  return state.nodeOrder.filter((id) => state.nodeMap.get(id)?.parentId === parentId);
-}
-
-function injectChildren(html: string, children: string): string {
-  const slotRange = nodeChildrenSlotRange(html);
-  if (slotRange !== null) {
-    const slotInner = removeDirectSkeletonChildren(html.slice(slotRange.insertIndex, slotRange.closeIndex));
-    const retainedInner = slotInner.trim().length > 0 ? `\n${slotInner}` : '';
-    return `${html.slice(0, slotRange.insertIndex)}\n${children}${retainedInner}\n${html.slice(slotRange.closeIndex)}`;
-  }
-  const tagName = rootTagName(html);
-  if (!tagName) return `${html}\n${children}`;
-  const closeRe = new RegExp(`</${escapeRegExp(tagName)}\\s*>\\s*$`, 'i');
-  const match = html.match(closeRe);
-  if (!match || match.index === undefined) return `${html}\n${children}`;
-  return `${html.slice(0, match.index)}\n${children}\n${html.slice(match.index)}`;
-}
-
-function nodeChildrenSlotRange(html: string): { insertIndex: number; closeIndex: number } | null {
-  const slotOpenRe = /<\s*([a-zA-Z][\w:-]*)\b(?=[^>]*\sdata-summon-node-children(?:\s*=\s*(?:"[^"]*"|'[^']*'|[^\s>]+))?)[^>]*>/i;
-  const match = slotOpenRe.exec(html);
-  if (!match || match.index === undefined) return null;
-  const tagName = match[1]?.toLowerCase();
-  if (!tagName || /\/\s*>$/.test(match[0])) return null;
-  const insertIndex = match.index + match[0].length;
-  const closeIndex = matchingCloseTagIndex(html, tagName, insertIndex);
-  return closeIndex === null ? null : { insertIndex, closeIndex };
-}
-
-function matchingCloseTagIndex(
-  html: string,
-  tagName: string,
-  startIndex: number,
-): number | null {
-  const tagRe = new RegExp(`<\\s*(/?)\\s*${escapeRegExp(tagName)}\\b[^>]*>`, 'ig');
-  tagRe.lastIndex = startIndex;
-  let depth = 1;
-  let match: RegExpExecArray | null;
-  while ((match = tagRe.exec(html))) {
-    if (match[1] === '/') {
-      depth -= 1;
-      if (depth === 0) return match.index;
-      continue;
-    }
-    if (!/\/\s*>$/.test(match[0])) depth += 1;
-  }
-  return null;
-}
-
-function removeDirectSkeletonChildren(html: string): string {
-  const ranges = directSkeletonChildRanges(html);
-  if (ranges.length === 0) return html;
-  let out = '';
-  let cursor = 0;
-  for (const [start, end] of ranges) {
-    out += html.slice(cursor, start);
-    cursor = end;
-  }
-  return out + html.slice(cursor);
-}
-
-function directSkeletonChildRanges(html: string): Array<[number, number]> {
-  const ranges: Array<[number, number]> = [];
-  const tagRe = /<!--[\s\S]*?-->|<![^>]*>|<\/?[a-zA-Z][\w:-]*(?:\s+[^<>]*?)?\s*\/?>/g;
-  let depth = 0;
-  let topStart = -1;
-  let topSkeleton = false;
-  let match: RegExpExecArray | null;
-  while ((match = tagRe.exec(html))) {
-    const rawTag = match[0]!;
-    if (rawTag.startsWith('<!--') || rawTag.startsWith('<!')) continue;
-    const tagName = rawTag.match(/^<\s*\/?\s*([a-zA-Z][\w:-]*)/)?.[1]?.toLowerCase();
-    if (!tagName) continue;
-    const closing = /^<\s*\//.test(rawTag);
-    if (closing) {
-      if (depth > 0) {
-        depth -= 1;
-        if (depth === 0 && topSkeleton) {
-          ranges.push([topStart, match.index + rawTag.length]);
-        }
-      }
-      continue;
-    }
-    const selfClosing = /\/\s*>$/.test(rawTag) || VOID_TAGS.has(tagName);
-    if (depth === 0) {
-      const skeleton = hasAttr(rawTag, 'data-summon-skeleton');
-      if (selfClosing) {
-        if (skeleton) ranges.push([match.index, match.index + rawTag.length]);
-        continue;
-      }
-      topStart = match.index;
-      topSkeleton = skeleton;
-      depth = 1;
-      continue;
-    }
-    if (!selfClosing) depth += 1;
-  }
-  return ranges;
-}
-
-function hasAttr(rawTag: string, attr: string): boolean {
-  return new RegExp(`\\s${escapeRegExp(attr)}(?:\\s*=\\s*(?:"[^"]*"|'[^']*'|[^\\s>]+))?(?=\\s|/?>)`, 'i').test(rawTag);
-}
-
-const VOID_TAGS = new Set([
-  'area',
-  'base',
-  'br',
-  'col',
-  'embed',
-  'hr',
-  'img',
-  'input',
-  'link',
-  'meta',
-  'param',
-  'source',
-  'track',
-  'wbr',
-]);
-
-function rootTagName(html: string): string | null {
-  return html.trim().match(/^<\s*([a-zA-Z][\w:-]*)\b/)?.[1]?.toLowerCase() ?? null;
-}
-
-function escapeRegExp(value: string): string {
-  return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
diff --git a/packages/engine/src/stream-graph.ts b/packages/engine/src/stream-graph.ts
index 272861b..5c1a599 100644
--- a/packages/engine/src/stream-graph.ts
+++ b/packages/engine/src/stream-graph.ts
@@ -1,254 +1,85 @@
 import type { ContractIssue } from './contracts.js';
-import {
-  blockTargetFromPath as parseBlockTargetFromPath,
-  htmlNodeTargetFromPath as parseHtmlNodeTargetFromPath,
-  sectionIdFromSectionPath,
-  type ProtocolLine,
-} from './protocol.js';
-import type { RepairFeedbackMetaValue } from './protocol-hardener.js';
+import type { ProtocolLine } from './protocol.js';
 
-export interface StreamGraphBlock {
-  id: string;
-  declared: boolean;
-  present: boolean;
+export interface StreamGraphArtifact {
   revision: number;
+  runtime: 'arrow';
   bytes: number;
-  firstDeclaredLine?: number;
   firstSeenLine?: number;
   lastUpdatedLine?: number;
   lastIssue?: ContractIssue;
 }
 
-export interface StreamGraphNode {
-  id: string;
-  parentId?: string;
-  present: boolean;
-  revision: number;
-  bytes: number;
-  firstSeenLine?: number;
-  lastUpdatedLine?: number;
-  lastIssue?: ContractIssue;
-}
-
-export interface StreamGraphSection {
-  id: string;
-  declared: boolean;
-  present: boolean;
-  revision: number;
-  bytes: number;
-  firstDeclaredLine?: number;
-  firstSeenLine?: number;
-  lastUpdatedLine?: number;
-  lastIssue?: ContractIssue;
-  blocks?: StreamGraphBlock[];
-  declaredBlockCount?: number;
-  presentBlockCount?: number;
-  lastBlockIssue?: ContractIssue;
-  nodes?: StreamGraphNode[];
-  presentNodeCount?: number;
-  lastNodeIssue?: ContractIssue;
-}
-
-export interface StreamGraphEdge {
-  from: 'screen';
-  to: string;
-  order: number;
-}
-
 export interface StreamGraphHealth {
   complete: boolean;
-  missingDeclared: string[];
-  undeclaredPresent: string[];
   skippedCount: number;
   blockedCount: number;
-  repairedCount: number;
 }
 
 export interface StreamGraphSnapshot {
-  sections: StreamGraphSection[];
-  edges: StreamGraphEdge[];
+  artifacts: StreamGraphArtifact[];
   health: StreamGraphHealth;
 }
 
-const SECTION_PREFIX = '/section/';
-
-const SKIPPED_ISSUE_CODES = new Set([
-  'malformed-jsonl',
-  'invalid-meta-path',
-  'invalid-set-path',
-  'invalid-screen-value',
-  'invalid-section-count',
-  'invalid-section-id',
-  'duplicate-section-id',
-  'invalid-add-path',
-  'invalid-section-path',
-  'invalid-section-html',
-  'invalid-block-value',
-  'invalid-block-count',
-  'invalid-block-id',
-  'duplicate-block-id',
-  'invalid-block-path',
-  'experimental-node-fragment-disabled',
-  'invalid-node-path',
-  'invalid-node-parent',
-  'undeclared-node-parent',
-  'undeclared-block',
-  'layout-disallowed',
-  'section-not-targeted',
-  'undeclared-section',
-  'synthetic-section-limit',
-]);
-
 /**
- * Observe the streaming protocol as a graph of screen -> section edges.
- *
- * This class intentionally does not render, validate, repair, or mutate the
- * section HTML stream. It records structural state and health for diagnostics.
+ * Observe the Arrow JSONL stream as artifact revisions plus validation health.
  */
 export class StreamGraph {
-  private sections = new Map<string, StreamGraphSection>();
-  private edges: StreamGraphEdge[] = [];
+  private artifacts: StreamGraphArtifact[] = [];
   private skippedCount = 0;
   private blockedCount = 0;
-  private repairedCount = 0;
   private lineCount = 0;
 
   applyLine(line: ProtocolLine): void {
     this.lineCount += 1;
 
-    if (line.op === 'set' && line.path === '/screen') {
-      this.applyScreen(line.value);
-      return;
-    }
-
-    if (line.op === 'set' && line.path.startsWith(SECTION_PREFIX)) {
-      this.applyBlockDeclaration(line.path, line.value);
-      return;
-    }
-
-    if (line.op === 'add' && line.path.startsWith(SECTION_PREFIX)) {
-      const nodeTarget = htmlNodeTargetFromPath(line.path);
-      if (nodeTarget) {
-        this.applyNode(nodeTarget.sectionId, nodeTarget.nodeId, line.parent, line.html ?? '');
-        return;
-      }
-      const blockTarget = blockTargetFromPath(line.path);
-      if (blockTarget) {
-        this.applyBlock(blockTarget.sectionId, blockTarget.blockId, line.html ?? '');
-        return;
-      }
-      const sectionId = sectionIdFromPath(line.path);
-      if (sectionId) this.applySection(sectionId, line.html ?? '');
+    if (line.op === 'artifact') {
+      this.applyArtifact(line.value);
       return;
     }
 
-    if (line.op === 'meta') {
-      this.applyMeta(line);
-    }
+    this.applyMeta(line);
   }
 
   recordIssue(issue: ContractIssue): void {
     if (issue.severity === 'block') {
       this.blockedCount += 1;
-    } else if (SKIPPED_ISSUE_CODES.has(issue.code)) {
+    } else if (issue.code === 'malformed-jsonl' || issue.code === 'protocol-skip') {
       this.skippedCount += 1;
     }
 
-    const blockTarget = blockTargetFromPath(issue.path);
-    if (blockTarget) {
-      const section = this.ensureSection(blockTarget.sectionId);
-      section.lastIssue = issue;
-      section.lastBlockIssue = issue;
-      ensureBlock(section, blockTarget.blockId).lastIssue = issue;
-      return;
-    }
-
-    const nodeTarget = htmlNodeTargetFromPath(issue.path);
-    if (nodeTarget) {
-      const section = this.ensureSection(nodeTarget.sectionId);
-      section.lastIssue = issue;
-      section.lastNodeIssue = issue;
-      ensureNode(section, nodeTarget.nodeId).lastIssue = issue;
-      return;
-    }
-
-    const sectionId = sectionIdFromPath(issue.path);
-    if (sectionId) {
-      this.ensureSection(sectionId).lastIssue = issue;
-    }
-  }
-
-  recordRepairFeedback(feedback: RepairFeedbackMetaValue): void {
-    if (feedback.status === 'blocked') this.blockedCount += 1;
-    if (feedback.status === 'skipped') this.skippedCount += 1;
-    if (feedback.status === 'repaired') this.repairedCount += 1;
-
-    const blockTarget = blockTargetFromPath(feedback.target);
-    const issue = feedback.issues[0];
-    if (blockTarget && issue) {
-      const section = this.ensureSection(blockTarget.sectionId);
-      section.lastIssue = issue;
-      section.lastBlockIssue = issue;
-      ensureBlock(section, blockTarget.blockId).lastIssue = issue;
-      return;
-    }
-
-    const nodeTarget = htmlNodeTargetFromPath(feedback.target);
-    if (nodeTarget && issue) {
-      const section = this.ensureSection(nodeTarget.sectionId);
-      section.lastIssue = issue;
-      section.lastNodeIssue = issue;
-      ensureNode(section, nodeTarget.nodeId).lastIssue = issue;
-      return;
-    }
-
-    const sectionId = sectionIdFromPath(feedback.target);
-    if (sectionId && issue) {
-      this.ensureSection(sectionId).lastIssue = issue;
-    }
+    const latest = this.artifacts.at(-1);
+    if (latest) latest.lastIssue = { ...issue };
   }
 
   snapshot(): StreamGraphSnapshot {
-    const health = this.health();
     return {
-      sections: this.orderedSections().map((section) => cloneSection(section)),
-      edges: this.edges.map((edge) => ({ ...edge })),
-      health,
+      artifacts: this.artifacts.map(cloneArtifact),
+      health: {
+        complete: this.blockedCount === 0,
+        skippedCount: this.skippedCount,
+        blockedCount: this.blockedCount,
+      },
     };
   }
 
   hydrate(snapshot: StreamGraphSnapshot): void {
     this.reset();
-    this.edges = snapshot.edges.map((edge) => ({ ...edge }));
-    for (const section of snapshot.sections) {
-      this.sections.set(section.id, cloneSection(section));
-      this.lineCount = Math.max(
-        this.lineCount,
-        section.firstDeclaredLine ?? 0,
-        section.firstSeenLine ?? 0,
-        section.lastUpdatedLine ?? 0,
-        ...(section.blocks ?? []).flatMap((block) => [
-          block.firstDeclaredLine ?? 0,
-          block.firstSeenLine ?? 0,
-          block.lastUpdatedLine ?? 0,
-        ]),
-        ...(section.nodes ?? []).flatMap((node) => [
-          node.firstSeenLine ?? 0,
-          node.lastUpdatedLine ?? 0,
-        ]),
-      );
-    }
+    this.artifacts = Array.isArray(snapshot.artifacts)
+      ? snapshot.artifacts.map(cloneArtifact)
+      : [];
+    this.lineCount = this.artifacts.reduce(
+      (max, artifact) => Math.max(max, artifact.firstSeenLine ?? 0, artifact.lastUpdatedLine ?? 0),
+      0,
+    );
     this.skippedCount = snapshot.health.skippedCount;
     this.blockedCount = snapshot.health.blockedCount;
-    this.repairedCount = snapshot.health.repairedCount;
   }
 
   reset(): void {
-    this.sections.clear();
-    this.edges = [];
+    this.artifacts = [];
     this.skippedCount = 0;
     this.blockedCount = 0;
-    this.repairedCount = 0;
     this.lineCount = 0;
   }
 
@@ -258,148 +89,21 @@ export class StreamGraph {
     return graph;
   }
 
-  private applyScreen(value: unknown): void {
-    const sections = screenSections(value);
-    if (sections.length === 0) return;
-
-    for (const section of this.sections.values()) {
-      section.declared = false;
-    }
-
-    this.edges = sections.map((id, order) => {
-      const section = this.ensureSection(id);
-      section.declared = true;
-      if (section.firstDeclaredLine === undefined) {
-        section.firstDeclaredLine = this.lineCount;
-      }
-      return { from: 'screen' as const, to: id, order };
-    });
-  }
-
-  private applySection(id: string, html: string): void {
-    if (!id) return;
-    const section = this.ensureSection(id);
-    section.present = true;
-    section.revision += 1;
-    section.bytes = html.length;
-    section.blocks = undefined;
-    section.declaredBlockCount = undefined;
-    section.presentBlockCount = undefined;
-    section.lastBlockIssue = undefined;
-    section.nodes = undefined;
-    section.presentNodeCount = undefined;
-    section.lastNodeIssue = undefined;
-    if (section.firstSeenLine === undefined) {
-      section.firstSeenLine = this.lineCount;
-    }
-    section.lastUpdatedLine = this.lineCount;
-  }
-
-  private applyBlockDeclaration(path: string, value: unknown): void {
-    const sectionId = sectionIdFromPath(path);
-    if (!sectionId) return;
-    const blocks = sectionBlocks(value);
-    if (blocks.length === 0) return;
-    const section = this.ensureSection(sectionId);
-    for (const block of section.blocks ?? []) block.declared = false;
-    for (const id of blocks) {
-      const block = ensureBlock(section, id);
-      block.declared = true;
-      if (block.firstDeclaredLine === undefined) {
-        block.firstDeclaredLine = this.lineCount;
-      }
-    }
-  }
-
-  private applyBlock(sectionId: string, blockId: string, html: string): void {
-    const section = this.ensureSection(sectionId);
-    const block = ensureBlock(section, blockId);
-    section.present = true;
-    section.revision += 1;
-    section.lastUpdatedLine = this.lineCount;
-    if (section.firstSeenLine === undefined) {
-      section.firstSeenLine = this.lineCount;
-    }
-    block.present = true;
-    block.revision += 1;
-    block.bytes = html.length;
-    if (block.firstSeenLine === undefined) {
-      block.firstSeenLine = this.lineCount;
-    }
-    block.lastUpdatedLine = this.lineCount;
-    section.nodes = undefined;
-    section.presentNodeCount = undefined;
-    section.lastNodeIssue = undefined;
-    section.bytes = (section.blocks ?? [])
-      .filter((candidate) => candidate.present)
-      .reduce((sum, candidate) => sum + candidate.bytes, 0);
-  }
-
-  private applyNode(sectionId: string, nodeId: string, parentId: string | undefined, html: string): void {
-    const section = this.ensureSection(sectionId);
-    const node = ensureNode(section, nodeId);
-    section.present = true;
-    section.revision += 1;
-    section.lastUpdatedLine = this.lineCount;
-    if (section.firstSeenLine === undefined) {
-      section.firstSeenLine = this.lineCount;
-    }
-    if (parentId) node.parentId = parentId;
-    else delete node.parentId;
-    node.present = true;
-    node.revision += 1;
-    node.bytes = html.length;
-    if (node.firstSeenLine === undefined) {
-      node.firstSeenLine = this.lineCount;
-    }
-    node.lastUpdatedLine = this.lineCount;
-    section.blocks = undefined;
-    section.declaredBlockCount = undefined;
-    section.presentBlockCount = undefined;
-    section.lastBlockIssue = undefined;
-    section.bytes = (section.nodes ?? [])
-      .filter((candidate) => candidate.present)
-      .reduce((sum, candidate) => sum + candidate.bytes, 0);
+  private applyArtifact(value: unknown): void {
+    const latest = this.artifacts.at(-1);
+    const next: StreamGraphArtifact = {
+      revision: (latest?.revision ?? 0) + 1,
+      runtime: 'arrow',
+      bytes: artifactBytes(value),
+      firstSeenLine: latest?.firstSeenLine ?? this.lineCount,
+      lastUpdatedLine: this.lineCount,
+    };
+    this.artifacts.push(next);
   }
 
   private applyMeta(line: ProtocolLine & { op: 'meta' }): void {
     if (line.path === '/protocol-skip') {
       this.skippedCount += 1;
-      const value = line.value as { path?: unknown; code?: unknown; message?: unknown } | undefined;
-      const path = typeof value?.path === 'string' ? value.path : undefined;
-      const issue: ContractIssue = {
-        source: 'protocol',
-        severity: 'warn',
-        code: typeof value?.code === 'string' ? value.code : 'protocol-skip',
-        message: typeof value?.message === 'string' ? value.message : 'Protocol line skipped',
-        path,
-      };
-      const blockTarget = blockTargetFromPath(path);
-      if (blockTarget) {
-        const section = this.ensureSection(blockTarget.sectionId);
-        section.lastIssue = issue;
-        section.lastBlockIssue = issue;
-        ensureBlock(section, blockTarget.blockId).lastIssue = issue;
-        return;
-      }
-      const nodeTarget = htmlNodeTargetFromPath(path);
-      if (nodeTarget) {
-        const section = this.ensureSection(nodeTarget.sectionId);
-        section.lastIssue = issue;
-        section.lastNodeIssue = issue;
-        ensureNode(section, nodeTarget.nodeId).lastIssue = issue;
-        return;
-      }
-      const sectionId = sectionIdFromPath(path);
-      if (sectionId) {
-        this.ensureSection(sectionId).lastIssue = {
-          source: 'protocol',
-          severity: 'warn',
-          code: typeof value?.code === 'string' ? value.code : 'protocol-skip',
-          message: typeof value?.message === 'string' ? value.message : 'Protocol line skipped',
-          path,
-        };
-      }
       return;
     }
 
@@ -408,19 +112,6 @@ export class StreamGraph {
       return;
     }
 
-    if (line.path === '/repair-feedback' && isRepairFeedback(line.value)) {
-      this.recordRepairFeedback(line.value);
-      return;
-    }
-
-    if (line.path === '/repair-summary') {
-      const value = line.value as { repaired?: unknown } | undefined;
-      if (typeof value?.repaired === 'number') {
-        this.repairedCount = Math.max(this.repairedCount, value.repaired);
-      }
-      return;
-    }
-
     if (line.path === '/validation-summary') {
       this.recordValidationSummary(line.value);
     }
@@ -428,175 +119,32 @@ export class StreamGraph {
 
   private recordValidationSummary(value: unknown): void {
     if (!value || typeof value !== 'object') return;
-    const summary = value as { blocked?: unknown; codes?: unknown };
+    const summary = value as { blocked?: unknown; warnings?: unknown };
     if (typeof summary.blocked === 'number') {
       this.blockedCount = Math.max(this.blockedCount, summary.blocked);
     }
-    if (!summary.codes || typeof summary.codes !== 'object') return;
-    let skipped = 0;
-    for (const [code, count] of Object.entries(summary.codes as Record<string, unknown>)) {
-      if (!SKIPPED_ISSUE_CODES.has(code) || typeof count !== 'number') continue;
-      skipped += count;
-    }
-    this.skippedCount = Math.max(this.skippedCount, skipped);
-  }
-
-  private health(): StreamGraphHealth {
-    const missingDeclared: string[] = [];
-    const undeclaredPresent: string[] = [];
-    for (const section of this.orderedSections()) {
-      if (section.declared && !section.present) missingDeclared.push(section.id);
-      if (!section.declared && section.present) undeclaredPresent.push(section.id);
-    }
-    return {
-      complete: missingDeclared.length === 0 && undeclaredPresent.length === 0,
-      missingDeclared,
-      undeclaredPresent,
-      skippedCount: this.skippedCount,
-      blockedCount: this.blockedCount,
-      repairedCount: this.repairedCount,
-    };
-  }
-
-  private orderedSections(): StreamGraphSection[] {
-    const out: StreamGraphSection[] = [];
-    const seen = new Set<string>();
-    for (const edge of this.edges) {
-      const section = this.sections.get(edge.to);
-      if (!section) continue;
-      out.push(section);
-      seen.add(section.id);
+    if (typeof summary.warnings === 'number') {
+      this.skippedCount = Math.max(this.skippedCount, summary.warnings);
     }
-    for (const section of this.sections.values()) {
-      if (seen.has(section.id)) continue;
-      out.push(section);
-    }
-    return out;
-  }
-
-  private ensureSection(id: string): StreamGraphSection {
-    const existing = this.sections.get(id);
-    if (existing) return existing;
-    const section: StreamGraphSection = {
-      id,
-      declared: false,
-      present: false,
-      revision: 0,
-      bytes: 0,
-    };
-    this.sections.set(id, section);
-    return section;
   }
 }
 
-function screenSections(value: unknown): string[] {
-  const obj = value as { sections?: unknown } | undefined;
-  return Array.isArray(obj?.sections)
-    ? obj.sections.filter((section): section is string => typeof section === 'string')
-    : [];
-}
-
-function sectionBlocks(value: unknown): string[] {
-  const obj = value as { blocks?: unknown } | undefined;
-  return Array.isArray(obj?.blocks)
-    ? obj.blocks.filter((block): block is string => typeof block === 'string')
-    : [];
-}
-
-function sectionIdFromPath(path: unknown): string | null {
-  return typeof path === 'string' ? sectionIdFromSectionPath(path) : null;
-}
-
-function blockTargetFromPath(path: unknown): { sectionId: string; blockId: string } | null {
-  return typeof path === 'string' ? parseBlockTargetFromPath(path) : null;
-}
-
-function htmlNodeTargetFromPath(path: unknown): { sectionId: string; nodeId: string } | null {
-  return typeof path === 'string' ? parseHtmlNodeTargetFromPath(path) : null;
-}
-
-function ensureBlock(section: StreamGraphSection, id: string): StreamGraphBlock {
-  section.blocks ??= [];
-  const existing = section.blocks.find((block) => block.id === id);
-  if (existing) return existing;
-  const block: StreamGraphBlock = {
-    id,
-    declared: false,
-    present: false,
-    revision: 0,
-    bytes: 0,
-  };
-  section.blocks.push(block);
-  return block;
-}
-
-function ensureNode(section: StreamGraphSection, id: string): StreamGraphNode {
-  section.nodes ??= [];
-  const existing = section.nodes.find((node) => node.id === id);
-  if (existing) return existing;
-  const node: StreamGraphNode = {
-    id,
-    present: false,
-    revision: 0,
-    bytes: 0,
-  };
-  section.nodes.push(node);
-  return node;
-}
-
-function cloneSection(section: StreamGraphSection): StreamGraphSection {
-  const blocks = section.blocks?.map(cloneBlock);
-  const declaredBlockCount = blocks?.filter((block) => block.declared).length;
-  const presentBlockCount = blocks?.filter((block) => block.present).length;
-  const lastBlockIssue = section.lastBlockIssue ?? lastIssueFromBlocks(blocks);
-  const nodes = section.nodes?.map(cloneNode);
-  const presentNodeCount = nodes?.filter((node) => node.present).length;
-  const lastNodeIssue = section.lastNodeIssue ?? lastIssueFromNodes(nodes);
-  return {
-    ...section,
-    ...(section.lastIssue ? { lastIssue: { ...section.lastIssue } } : {}),
-    ...(blocks ? { blocks } : {}),
-    ...(blocks ? { declaredBlockCount: declaredBlockCount ?? 0 } : {}),
-    ...(blocks ? { presentBlockCount: presentBlockCount ?? 0 } : {}),
-    ...(lastBlockIssue ? { lastBlockIssue: { ...lastBlockIssue } } : {}),
-    ...(nodes ? { nodes } : {}),
-    ...(nodes ? { presentNodeCount: presentNodeCount ?? 0 } : {}),
-    ...(lastNodeIssue ? { lastNodeIssue: { ...lastNodeIssue } } : {}),
-  };
-}
-
-function cloneBlock(block: StreamGraphBlock): StreamGraphBlock {
-  return {
-    ...block,
-    ...(block.lastIssue ? { lastIssue: { ...block.lastIssue } } : {}),
-  };
+function artifactBytes(value: unknown): number {
+  if (!value || typeof value !== 'object') return 0;
+  try {
+    return new TextEncoder().encode(JSON.stringify(value)).length;
+  } catch {
+    return 0;
+  }
 }
 
-function cloneNode(node: StreamGraphNode): StreamGraphNode {
+function cloneArtifact(artifact: StreamGraphArtifact): StreamGraphArtifact {
   return {
-    ...node,
-    ...(node.lastIssue ? { lastIssue: { ...node.lastIssue } } : {}),
+    ...artifact,
+    ...(artifact.lastIssue ? { lastIssue: { ...artifact.lastIssue } } : {}),
   };
 }
 
-function lastIssueFromBlocks(blocks: StreamGraphBlock[] | undefined): ContractIssue | undefined {
-  if (!blocks) return undefined;
-  for (let i = blocks.length - 1; i >= 0; i--) {
-    const issue = blocks[i]?.lastIssue;
-    if (issue) return issue;
-  }
-  return undefined;
-}
-
-function lastIssueFromNodes(nodes: StreamGraphNode[] | undefined): ContractIssue | undefined {
-  if (!nodes) return undefined;
-  for (let i = nodes.length - 1; i >= 0; i--) {
-    const issue = nodes[i]?.lastIssue;
-    if (issue) return issue;
-  }
-  return undefined;
-}
-
 function isContractIssue(value: unknown): value is ContractIssue {
   if (!value || typeof value !== 'object') return false;
   const obj = value as Partial<ContractIssue>;
@@ -607,13 +155,3 @@ function isContractIssue(value: unknown): value is ContractIssue {
     typeof obj.message === 'string'
   );
 }
-
-function isRepairFeedback(value: unknown): value is RepairFeedbackMetaValue {
-  if (!value || typeof value !== 'object') return false;
-  const obj = value as Partial<RepairFeedbackMetaValue>;
-  return (
-    obj.schemaId === 'summon.repair-feedback.v2' &&
-    typeof obj.status === 'string' &&
-    Array.isArray(obj.issues)
-  );
-}
diff --git a/packages/engine/src/surface-contract.ts b/packages/engine/src/surface-contract.ts
index c779ed0..602ef18 100644
--- a/packages/engine/src/surface-contract.ts
+++ b/packages/engine/src/surface-contract.ts
@@ -1,16 +1,15 @@
 import {
   defaultTriggersForKind,
   type ActionStateKeys,
-  type CapabilityKind,
-  type CapabilityStateKeys,
-  type CapabilityTrigger,
-} from './capability-contract.js';
+  type ToolKind,
+  type ToolStateKeys,
+  type ToolTrigger,
+} from './tool-contract.js';
 import type { ContractIssue } from './contracts.js';
 import type {
-  CapabilityPack,
+  ToolPack,
   ComponentPack,
   ComponentSizing,
-  ScriptPolicy,
   SummonLayout,
 } from './prompt.js';
 import {
@@ -31,17 +30,16 @@ export interface SurfaceContractSurface {
   policy: NormalizedSurfacePolicy;
   plan: SurfacePlan;
   mode: SurfacePlanMode;
-  scriptPolicy: ScriptPolicy;
 }
 
 export interface SurfaceContractTool {
   name: string;
-  kind: CapabilityKind;
+  kind: ToolKind;
   description: string;
-  triggers: CapabilityTrigger[];
+  triggers: ToolTrigger[];
   argsSchema: string;
   stateShape: string;
-  stateKeys?: CapabilityStateKeys;
+  stateKeys?: ToolStateKeys;
   actionStateKeys?: ActionStateKeys;
   resultSchema?: string;
   defaultDataShape?: string;
@@ -87,7 +85,7 @@ export function compileSurfaceContractView(
   options: CompileSurfaceContractViewOptions = {},
 ): SurfaceContractView {
   const compiled = compileSurfacePolicy(policy, {
-    capabilities: options.capabilities,
+    tools: options.tools,
     components: options.components,
   });
   return surfaceContractViewFromCompiledPolicy(compiled, options.layout ?? null);
@@ -102,36 +100,35 @@ export function surfaceContractViewFromCompiledPolicy(
       policy: compiledPolicy.policy,
       plan: compiledPolicy.surfacePlan,
       mode: compiledPolicy.mode,
-      scriptPolicy: compiledPolicy.scriptPolicy,
     },
-    tools: formatTools(compiledPolicy.capabilities),
+    tools: formatTools(compiledPolicy.tools),
     components: formatComponents(compiledPolicy.components),
     layout: formatLayout(layout ?? null),
     issues: compiledPolicy.issues,
   };
 }
 
-function formatTools(pack: CapabilityPack | null): SurfaceContractTool[] {
-  return (pack?.intents ?? []).map((intent) => {
-    const kind = intent.kind ?? 'action';
+function formatTools(pack: ToolPack | null): SurfaceContractTool[] {
+  return (pack?.tools ?? []).map((spec) => {
+    const kind = spec.kind ?? 'action';
     const tool: SurfaceContractTool = {
-      name: intent.name,
+      name: spec.name,
       kind,
-      description: intent.description,
-      triggers: intent.triggers?.length
-        ? [...intent.triggers]
+      description: spec.description,
+      triggers: spec.triggers?.length
+        ? [...spec.triggers]
         : defaultTriggersForKind(kind),
-      argsSchema: intent.argsSchema,
-      stateShape: intent.stateShape,
+      argsSchema: spec.argsSchema,
+      stateShape: spec.stateShape,
       surface: {
-        data: intent.surface?.data ?? (kind === 'resource' ? 'host-resource' : 'embedded'),
-        authority: intent.surface?.authority ?? (kind === 'resource' ? 'read' : 'host-action'),
+        data: spec.surface?.data ?? (kind === 'resource' ? 'host-resource' : 'embedded'),
+        authority: spec.surface?.authority ?? (kind === 'resource' ? 'read' : 'host-action'),
       },
     };
-    if (intent.stateKeys) tool.stateKeys = { ...intent.stateKeys };
-    if (intent.actionStateKeys) tool.actionStateKeys = { ...intent.actionStateKeys };
-    if (intent.resultSchema) tool.resultSchema = intent.resultSchema;
-    if (intent.defaultDataShape) tool.defaultDataShape = intent.defaultDataShape;
+    if (spec.stateKeys) tool.stateKeys = { ...spec.stateKeys };
+    if (spec.actionStateKeys) tool.actionStateKeys = { ...spec.actionStateKeys };
+    if (spec.resultSchema) tool.resultSchema = spec.resultSchema;
+    if (spec.defaultDataShape) tool.defaultDataShape = spec.defaultDataShape;
     return tool;
   });
 }
diff --git a/packages/engine/src/surface-plan.ts b/packages/engine/src/surface-plan.ts
index 8e91f95..7024a7b 100644
--- a/packages/engine/src/surface-plan.ts
+++ b/packages/engine/src/surface-plan.ts
@@ -1,4 +1,4 @@
-import type { CapabilityPack, ScriptPolicy } from './prompt.js';
+import type { ToolPack } from './prompt.js';
 
 export type SurfacePurpose =
   | 'inform'
@@ -9,11 +9,12 @@ export type SurfacePurpose =
   | 'review'
   | 'export';
 
-export type SurfaceRuntime = 'static' | 'declarative' | 'worker';
+type SurfaceRuntime = 'arrow';
 export type SurfaceData = 'embedded' | 'host-resource' | 'worker';
 export type SurfaceAuthority = 'none' | 'read' | 'host-action' | 'approval-gated';
 export type SurfacePersistence = 'ephemeral' | 'replayable';
 export type SurfacePlanMode = 'static' | 'interactive';
+export type SurfaceNetwork = 'none' | 'restricted-fetch';
 
 export const SURFACE_PURPOSE_VALUES = [
   'inform',
@@ -25,12 +26,15 @@ export const SURFACE_PURPOSE_VALUES = [
   'export',
 ] as const satisfies readonly SurfacePurpose[];
 
-export const SURFACE_RUNTIME_VALUES = [
-  'static',
-  'declarative',
-  'worker',
+const SURFACE_RUNTIME_VALUES = [
+  'arrow',
 ] as const satisfies readonly SurfaceRuntime[];
 
+export const SURFACE_NETWORK_VALUES = [
+  'none',
+  'restricted-fetch',
+] as const satisfies readonly SurfaceNetwork[];
+
 export const SURFACE_DATA_VALUES = [
   'embedded',
   'host-resource',
@@ -55,9 +59,10 @@ export interface SurfacePlan {
   data: SurfaceData;
   authority: SurfaceAuthority;
   persistence: SurfacePersistence;
+  network?: SurfaceNetwork;
 }
 
-export interface CapabilitySurface {
+export interface ToolSurface {
   data?: Extract<SurfaceData, 'host-resource' | 'worker'>;
   authority?: Extract<SurfaceAuthority, 'read' | 'host-action' | 'approval-gated'>;
 }
@@ -67,41 +72,20 @@ export interface ComponentSurface {
   authority?: SurfaceAuthority;
 }
 
-export interface SurfaceCeiling {
-  purposes?: SurfacePurpose[];
-  runtimes?: SurfaceRuntime[];
-  data?: SurfaceData[];
-  authorities?: SurfaceAuthority[];
-  persistences?: SurfacePersistence[];
-}
-
 export interface SurfacePlanInferenceInput {
   prompt: string;
   mode: 'static' | 'interactive';
-  scriptPolicy?: ScriptPolicy;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   persistence?: SurfacePersistence;
 }
 
-export interface SurfacePlanControls {
-  mode: SurfacePlanMode;
-  scriptPolicy: ScriptPolicy;
-}
-
 export const DEFAULT_SURFACE_PLAN: SurfacePlan = {
   purpose: 'inform',
-  runtime: 'static',
+  runtime: 'arrow',
   data: 'embedded',
   authority: 'none',
   persistence: 'replayable',
-};
-
-export const DEFAULT_SURFACE_CEILING: Required<SurfaceCeiling> = {
-  purposes: [...SURFACE_PURPOSE_VALUES],
-  runtimes: ['static', 'declarative'],
-  data: ['embedded', 'host-resource'],
-  authorities: ['none', 'read', 'host-action'],
-  persistences: ['ephemeral', 'replayable'],
+  network: 'none',
 };
 
 const PURPOSES = new Set<SurfacePurpose>(SURFACE_PURPOSE_VALUES);
@@ -109,6 +93,7 @@ const RUNTIMES = new Set<SurfaceRuntime>(SURFACE_RUNTIME_VALUES);
 const DATA = new Set<SurfaceData>(SURFACE_DATA_VALUES);
 const AUTHORITIES = new Set<SurfaceAuthority>(SURFACE_AUTHORITY_VALUES);
 const PERSISTENCES = new Set<SurfacePersistence>(SURFACE_PERSISTENCE_VALUES);
+const NETWORKS = new Set<SurfaceNetwork>(SURFACE_NETWORK_VALUES);
 
 export function normalizeSurfacePlan(raw: unknown): SurfacePlan | null {
   if (!raw || typeof raw !== 'object') return null;
@@ -118,73 +103,40 @@ export function normalizeSurfacePlan(raw: unknown): SurfacePlan | null {
   const data = enumValue(input.data, DATA);
   const authority = enumValue(input.authority, AUTHORITIES);
   const persistence = enumValue(input.persistence, PERSISTENCES);
+  const network = enumValue(input.network, NETWORKS) ?? 'none';
   if (!purpose || !runtime || !data || !authority || !persistence) return null;
-  return { purpose, runtime, data, authority, persistence };
-}
-
-export function normalizeSurfaceCeiling(raw: unknown): SurfaceCeiling | null {
-  if (!raw || typeof raw !== 'object') return null;
-  const input = raw as Record<string, unknown>;
-  return {
-    purposes: enumList(input.purposes, PURPOSES),
-    runtimes: enumList(input.runtimes, RUNTIMES),
-    data: enumList(input.data, DATA),
-    authorities: enumList(input.authorities, AUTHORITIES),
-    persistences: enumList(input.persistences, PERSISTENCES),
-  };
-}
-
-export function surfacePlanWithinCeiling(plan: SurfacePlan, ceiling: SurfaceCeiling): boolean {
-  return (
-    allowed(plan.purpose, ceiling.purposes, DEFAULT_SURFACE_CEILING.purposes) &&
-    allowed(plan.runtime, ceiling.runtimes, DEFAULT_SURFACE_CEILING.runtimes) &&
-    allowed(plan.data, ceiling.data, DEFAULT_SURFACE_CEILING.data) &&
-    allowed(plan.authority, ceiling.authorities, DEFAULT_SURFACE_CEILING.authorities) &&
-    allowed(plan.persistence, ceiling.persistences, DEFAULT_SURFACE_CEILING.persistences)
-  );
-}
-
-export function constrainSurfacePlan(plan: SurfacePlan, ceiling: SurfaceCeiling): SurfacePlan {
-  return {
-    purpose: constrain(plan.purpose, ceiling.purposes, DEFAULT_SURFACE_CEILING.purposes),
-    runtime: constrainRuntime(plan.runtime, ceiling.runtimes),
-    data: constrainData(plan.data, ceiling.data),
-    authority: constrainAuthority(plan.authority, ceiling.authorities),
-    persistence: constrain(
-      plan.persistence,
-      ceiling.persistences,
-      DEFAULT_SURFACE_CEILING.persistences,
-    ),
-  };
+  return { purpose, runtime, data, authority, persistence, network };
 }
 
 export function suggestSurfacePlan(input: SurfacePlanInferenceInput): SurfacePlan {
   if (input.mode === 'static') {
     return {
       purpose: inferPurpose(input.prompt),
-      runtime: 'static',
+      runtime: 'arrow',
       data: 'embedded',
       authority: 'none',
       persistence: input.persistence ?? 'replayable',
+      network: 'none',
     };
   }
 
-  const intents = input.capabilities?.intents ?? [];
+  const tools = input.tools?.tools ?? [];
   const promptText = input.prompt.toLowerCase();
   const wantsWorker = /\b(analy[sz]e|calculate|compute|forecast|simulate|score|worker|batch)\b/.test(promptText);
   const wantsApproval = /\b(approve|approval|confirm|publish|commit|send|update|delete|change)\b/.test(promptText);
   const wantsResource = /\b(search|lookup|fetch|load|find|explore|browse|filter|data)\b/.test(promptText);
-  const hasWorker = wantsWorker && intents.some((intent) => intent.surface?.data === 'worker');
-  const hasApproval = wantsApproval && intents.some((intent) => intent.surface?.authority === 'approval-gated');
-  const hasResource = wantsResource && intents.some((intent) => intent.kind === 'resource');
-  const hasAction = intents.some((intent) => (intent.kind ?? 'action') === 'action');
+  const hasWorker = wantsWorker && tools.some((tool) => tool.surface?.data === 'worker');
+  const hasApproval = wantsApproval && tools.some((tool) => tool.surface?.authority === 'approval-gated');
+  const hasResource = wantsResource && tools.some((tool) => tool.kind === 'resource');
+  const hasAction = tools.some((tool) => (tool.kind ?? 'action') === 'action');
 
   return {
     purpose: inferPurpose(input.prompt),
-    runtime: hasWorker ? 'worker' : 'declarative',
+    runtime: 'arrow',
     data: hasWorker ? 'worker' : hasResource ? 'host-resource' : 'embedded',
     authority: hasApproval ? 'approval-gated' : hasAction ? 'host-action' : hasResource ? 'read' : 'none',
     persistence: input.persistence ?? 'replayable',
+    network: 'none',
   };
 }
 
@@ -197,17 +149,6 @@ export function inferSurfacePlan(input: SurfacePlanInferenceInput): SurfacePlan
   return suggestSurfacePlan(input);
 }
 
-export function surfacePlanScriptPolicy(_plan: SurfacePlan): ScriptPolicy {
-  return 'forbid';
-}
-
-export function deriveSurfacePlanControls(plan: SurfacePlan): SurfacePlanControls {
-  return {
-    mode: plan.runtime === 'static' ? 'static' : 'interactive',
-    scriptPolicy: surfacePlanScriptPolicy(plan),
-  };
-}
-
 export function buildSurfacePlanBlock(plan: SurfacePlan): string {
   return `## Surface plan — host-owned runtime contract
 
@@ -218,21 +159,22 @@ The host has selected this minimum safe surface plan:
 - Data: \`${plan.data}\`
 - Authority: \`${plan.authority}\`
 - Persistence: \`${plan.persistence}\`
+- Network: \`${plan.network ?? 'none'}\`
 
-This plan is a host decision, not part of your generated artifact. Do not emit a \`/surface-plan\` meta line and do not imply capabilities outside this plan.
+This plan is a host decision, not part of your generated artifact. Do not emit a \`/surface-plan\` meta line and do not imply tools outside this plan.
 
 Runtime rules:
 
-- \`static\`: render read-only HTML. Do not emit scripts, intents, resources, forms, or controls that require host action.
-- \`declarative\`: use only \`data-summon-*\` bindings and host-granted capabilities.
-- \`worker\`: use only capabilities the host describes as worker-backed; the worker remains host-owned.
+- Runtime is always \`arrow\`: emit one \`op: "artifact"\` line at \`/artifact\` containing an Arrow sandbox source tree with one \`main.ts\` or \`main.js\`.
+- Static, declarative, worker, and approval behavior comes from \`SurfacePolicy.tier\` and this plan's data/authority fields, not alternate runtimes.
+- Use only tools the host describes in the Tools block; worker execution and approval remain host-owned.
 
 Authority rules:
 
-- \`none\`: no emitted intents.
+- \`none\`: no emitted tools.
 - \`read\`: read-oriented data resources only.
 - \`host-action\`: host-owned actions and resources may run after schema validation.
-- \`approval-gated\`: use only capabilities explicitly marked approval-gated; approval happens outside the artifact.`;
+- \`approval-gated\`: use only tools explicitly marked approval-gated; approval happens outside the artifact.`;
 }
 
 function inferPurpose(prompt: string): SurfacePurpose {
@@ -249,47 +191,3 @@ function inferPurpose(prompt: string): SurfacePurpose {
 function enumValue<T extends string>(raw: unknown, values: ReadonlySet<T>): T | null {
   return typeof raw === 'string' && values.has(raw as T) ? raw as T : null;
 }
-
-function enumList<T extends string>(raw: unknown, values: ReadonlySet<T>): T[] | undefined {
-  if (!Array.isArray(raw)) return undefined;
-  const out = raw.filter((value): value is T => typeof value === 'string' && values.has(value as T));
-  return out.length > 0 ? Array.from(new Set(out)) : undefined;
-}
-
-function allowed<T extends string>(value: T, rawAllowed: T[] | undefined, fallback: readonly T[]): boolean {
-  return (rawAllowed ?? fallback).includes(value);
-}
-
-function constrain<T extends string>(value: T, rawAllowed: T[] | undefined, fallback: readonly T[]): T {
-  const allowedValues = rawAllowed && rawAllowed.length > 0 ? rawAllowed : fallback;
-  return allowedValues.includes(value) ? value : allowedValues[0]!;
-}
-
-function constrainRuntime(value: SurfaceRuntime, rawAllowed: SurfaceRuntime[] | undefined): SurfaceRuntime {
-  const allowedValues = rawAllowed && rawAllowed.length > 0 ? rawAllowed : DEFAULT_SURFACE_CEILING.runtimes;
-  if (allowedValues.includes(value)) return value;
-  if (value === 'worker' && allowedValues.includes('declarative')) {
-    return 'declarative';
-  }
-  return allowedValues[0]!;
-}
-
-function constrainData(value: SurfaceData, rawAllowed: SurfaceData[] | undefined): SurfaceData {
-  const allowedValues = rawAllowed && rawAllowed.length > 0 ? rawAllowed : DEFAULT_SURFACE_CEILING.data;
-  if (allowedValues.includes(value)) return value;
-  if (value === 'worker' && allowedValues.includes('host-resource')) return 'host-resource';
-  return allowedValues[0]!;
-}
-
-function constrainAuthority(
-  value: SurfaceAuthority,
-  rawAllowed: SurfaceAuthority[] | undefined,
-): SurfaceAuthority {
-  const allowedValues = rawAllowed && rawAllowed.length > 0 ? rawAllowed : DEFAULT_SURFACE_CEILING.authorities;
-  if (allowedValues.includes(value)) return value;
-  if (value === 'approval-gated' && allowedValues.includes('host-action')) return 'host-action';
-  if ((value === 'approval-gated' || value === 'host-action') && allowedValues.includes('read')) {
-    return 'read';
-  }
-  return allowedValues[0]!;
-}
diff --git a/packages/engine/src/surface-policy.ts b/packages/engine/src/surface-policy.ts
index 333a8e3..7927fc4 100644
--- a/packages/engine/src/surface-policy.ts
+++ b/packages/engine/src/surface-policy.ts
@@ -3,17 +3,15 @@ import {
   type ContractIssue,
 } from './contracts.js';
 import type {
-  CapabilityPack,
+  ToolPack,
   ComponentPack,
-  IntentSpec,
-  ScriptPolicy,
+  ToolSpec,
 } from './prompt.js';
 import {
   SURFACE_PERSISTENCE_VALUES,
   SURFACE_PURPOSE_VALUES,
   type ComponentSurface,
   type SurfaceAuthority,
-  type SurfaceCeiling,
   type SurfaceData,
   type SurfacePersistence,
   type SurfacePlan,
@@ -47,18 +45,16 @@ export interface NormalizedSurfacePolicy {
 }
 
 export interface CompileSurfacePolicyOptions {
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
 }
 
 export interface CompiledSurfacePolicy {
   policy: NormalizedSurfacePolicy;
-  capabilities: CapabilityPack | null;
+  tools: ToolPack | null;
   components: ComponentPack | null;
   mode: SurfacePlanMode;
-  scriptPolicy: ScriptPolicy;
   surfacePlan: SurfacePlan;
-  surfaceCeiling: SurfaceCeiling;
   issues: ContractIssue[];
 }
 
@@ -109,23 +105,23 @@ export function compileSurfacePolicy(
     ));
   }
 
-  const capabilityPack = options.capabilities ?? null;
+  const toolPack = options.tools ?? null;
   const componentPack = options.components ?? null;
-  const intentsByName = new Map((capabilityPack?.intents ?? []).map((intent) => [intent.name, intent]));
+  const toolsByName = new Map((toolPack?.tools ?? []).map((tool) => [tool.name, tool]));
   const componentsByName = new Map((componentPack?.components ?? []).map((component) => [component.name, component]));
 
-  const selectedIntents: IntentSpec[] = [];
+  const selectedTools: ToolSpec[] = [];
   for (const grant of effective.grants) {
-    const intent = intentsByName.get(grant);
-    if (!intent) {
+    const tool = toolsByName.get(grant);
+    if (!tool) {
       issues.push(surfacePolicyIssue(
         'surface-policy-unknown-grant',
         `SurfacePolicy references unknown grant "${grant}"`,
       ));
       continue;
     }
-    selectedIntents.push(intent);
-    validateIntentForTier(effective.tier, intent, issues);
+    selectedTools.push(tool);
+    validateToolForTier(effective.tier, tool, issues);
   }
 
   const selectedComponents: ComponentPack['components'] = [];
@@ -142,57 +138,55 @@ export function compileSurfacePolicy(
     validateComponentForTier(effective.tier, component.surface, component.name, issues);
   }
 
-  validateTierRequirements(effective, selectedIntents, selectedComponents, issues);
+  validateTierRequirements(effective, selectedTools, selectedComponents, issues);
 
-  const surfacePlan = planForPolicy(effective, selectedIntents, selectedComponents);
+  const surfacePlan = planForPolicy(effective, selectedTools, selectedComponents);
   return {
     policy: effective,
-    capabilities: narrowCapabilityPack(capabilityPack, selectedIntents, effective.grants),
+    tools: narrowToolPack(toolPack, selectedTools, effective.grants),
     components: selectedComponents.length > 0 ? { components: selectedComponents } : null,
-    mode: surfacePlan.runtime === 'static' ? 'static' : 'interactive',
-    scriptPolicy: 'forbid',
+    mode: effective.tier === 'static' ? 'static' : 'interactive',
     surfacePlan,
-    surfaceCeiling: exactCeiling(surfacePlan),
     issues,
   };
 }
 
-function validateIntentForTier(
+function validateToolForTier(
   tier: SurfaceTier,
-  intent: IntentSpec,
+  tool: ToolSpec,
   issues: ContractIssue[],
 ): void {
-  const data = intentData(intent);
-  const authority = intentAuthority(intent);
+  const data = toolData(tool);
+  const authority = toolAuthority(tool);
   if (tier === 'static') {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-exceeded',
-      `Static SurfacePolicy cannot use grant "${intent.name}"`,
+      `Static SurfacePolicy cannot use grant "${tool.name}"`,
     ));
     return;
   }
   if (tier === 'declarative' && data === 'worker') {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-exceeded',
-      `${tier} SurfacePolicy cannot use worker-backed grant "${intent.name}"`,
+      `${tier} SurfacePolicy cannot use worker-backed grant "${tool.name}"`,
     ));
   }
   if (tier === 'declarative' && authority === 'approval-gated') {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-exceeded',
-      `${tier} SurfacePolicy cannot use approval-gated grant "${intent.name}"`,
+      `${tier} SurfacePolicy cannot use approval-gated grant "${tool.name}"`,
     ));
   }
   if (tier === 'worker' && data !== 'worker') {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-exceeded',
-      `Worker SurfacePolicy can only use worker-backed grants; "${intent.name}" is not worker-backed`,
+      `Worker SurfacePolicy can only use worker-backed grants; "${tool.name}" is not worker-backed`,
     ));
   }
   if (tier === 'approval' && authority !== 'approval-gated') {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-exceeded',
-      `Approval SurfacePolicy can only use approval-gated grants; "${intent.name}" is ${authority}`,
+      `Approval SurfacePolicy can only use approval-gated grants; "${tool.name}" is ${authority}`,
     ));
   }
 }
@@ -239,13 +233,13 @@ function validateComponentForTier(
 
 function validateTierRequirements(
   policy: NormalizedSurfacePolicy,
-  intents: IntentSpec[],
+  tools: ToolSpec[],
   components: ComponentPack['components'],
   issues: ContractIssue[],
 ): void {
   if (
     policy.tier === 'worker' &&
-    !intents.some((intent) => intentData(intent) === 'worker') &&
+    !tools.some((tool) => toolData(tool) === 'worker') &&
     !components.some((component) => (component.surface?.data ?? 'embedded') === 'worker')
   ) {
     issues.push(surfacePolicyIssue(
@@ -255,7 +249,7 @@ function validateTierRequirements(
   }
   if (
     policy.tier === 'approval' &&
-    !intents.some((intent) => intentAuthority(intent) === 'approval-gated')
+    !tools.some((tool) => toolAuthority(tool) === 'approval-gated')
   ) {
     issues.push(surfacePolicyIssue(
       'surface-policy-tier-requirement',
@@ -266,67 +260,67 @@ function validateTierRequirements(
 
 function planForPolicy(
   policy: NormalizedSurfacePolicy,
-  intents: IntentSpec[],
+  tools: ToolSpec[],
   components: ComponentPack['components'],
 ): SurfacePlan {
   if (policy.tier === 'static') {
     return {
       purpose: policy.purpose,
-      runtime: 'static',
+      runtime: 'arrow',
       data: 'embedded',
       authority: 'none',
       persistence: policy.persistence,
+      network: 'none',
     };
   }
 
   const data = policy.tier === 'worker'
     ? 'worker'
     : strongestData([
-        ...intents.map(intentData),
+        ...tools.map(toolData),
         ...components.map((component) => component.surface?.data ?? 'embedded'),
       ]);
   const authority = policy.tier === 'approval'
     ? 'approval-gated'
     : strongestAuthority([
-        ...intents.map(intentAuthority),
+        ...tools.map(toolAuthority),
         ...components.map((component) => component.surface?.authority ?? 'none'),
       ]);
 
   return {
     purpose: policy.purpose,
-    runtime: policy.tier === 'worker'
-        ? 'worker'
-        : 'declarative',
+    runtime: 'arrow',
     data,
     authority,
     persistence: policy.persistence,
+    network: 'none',
   };
 }
 
-function narrowCapabilityPack(
-  pack: CapabilityPack | null,
-  intents: IntentSpec[],
+function narrowToolPack(
+  pack: ToolPack | null,
+  tools: ToolSpec[],
   selectedGrantNames: string[],
-): CapabilityPack | null {
-  if (!pack || intents.length === 0) return null;
+): ToolPack | null {
+  if (!pack || tools.length === 0) return null;
   const grants = new Set(selectedGrantNames);
   const patterns = (pack.patterns ?? []).filter((pattern) =>
-    pattern.intent === undefined || grants.has(pattern.intent),
+    pattern.tool === undefined || grants.has(pattern.tool),
   );
   return {
-    intents,
+    tools,
     ...(patterns.length > 0 ? { patterns } : {}),
   };
 }
 
-function intentData(intent: IntentSpec): SurfaceData {
-  return intent.surface?.data ??
-    (intent.kind === 'resource' ? 'host-resource' : 'embedded');
+function toolData(tool: ToolSpec): SurfaceData {
+  return tool.surface?.data ??
+    (tool.kind === 'resource' ? 'host-resource' : 'embedded');
 }
 
-function intentAuthority(intent: IntentSpec): SurfaceAuthority {
-  return intent.surface?.authority ??
-    (intent.kind === 'resource' ? 'read' : 'host-action');
+function toolAuthority(tool: ToolSpec): SurfaceAuthority {
+  return tool.surface?.authority ??
+    (tool.kind === 'resource' ? 'read' : 'host-action');
 }
 
 function strongestData(values: SurfaceData[]): SurfaceData {
@@ -342,16 +336,6 @@ function strongestAuthority(values: SurfaceAuthority[]): SurfaceAuthority {
   return 'none';
 }
 
-function exactCeiling(plan: SurfacePlan): SurfaceCeiling {
-  return {
-    purposes: [plan.purpose],
-    runtimes: [plan.runtime],
-    data: [plan.data],
-    authorities: [plan.authority],
-    persistences: [plan.persistence],
-  };
-}
-
 function surfacePolicyIssue(code: string, message: string): ContractIssue {
   return contractIssue({
     source: 'system',
diff --git a/packages/engine/src/tool-contract.ts b/packages/engine/src/tool-contract.ts
new file mode 100644
index 0000000..9d8409e
--- /dev/null
+++ b/packages/engine/src/tool-contract.ts
@@ -0,0 +1,75 @@
+export type ToolKind = 'action' | 'resource';
+export type ToolTrigger = 'click' | 'submit' | 'mount';
+
+export interface ToolStateKeys {
+  loading?: string;
+  data?: string;
+  error?: string;
+  empty?: string;
+}
+
+export interface ResourceStateKeys extends Required<Pick<ToolStateKeys, 'loading' | 'data' | 'error'>> {
+  empty?: string;
+}
+
+export interface ActionStateKeys {
+  pending: string;
+  done: string;
+  error: string;
+}
+
+const ARROW_TRIGGER_DOCS: Array<{ trigger: ToolTrigger; description: string }> = [
+  {
+    trigger: 'click',
+    description: 'Fires an action or resource when the element is clicked.',
+  },
+  {
+    trigger: 'submit',
+    description:
+      'Fires an action or resource on submit. Named form controls are collected into args.',
+  },
+  {
+    trigger: 'mount',
+    description:
+      'Fires once after render. Use only for read-oriented resources that explicitly grant mount.',
+  },
+];
+
+export function defaultTriggersForKind(kind: ToolKind = 'action'): ToolTrigger[] {
+  return kind === 'resource' ? ['submit', 'mount'] : ['click', 'submit'];
+}
+
+export function hasCompleteResourceStateKeys(
+  keys: ToolStateKeys | undefined,
+): keys is ResourceStateKeys {
+  return Boolean(keys?.loading && keys.data && keys.error);
+}
+
+export function formatToolProtocolContract(): string {
+  const triggerRows = ARROW_TRIGGER_DOCS.map(
+    (spec) => `- \`${spec.trigger}\` — ${spec.description} Author this as an Arrow event handler or lifecycle call that invokes the granted tool.`,
+  ).join('\n');
+
+  return `### Arrow host bridge
+
+Use Arrow-native interactivity. Import the bridge from \`host-bridge:summon\` inside the generated Arrow entry file:
+
+\`\`\`ts
+import { callTool, getState, onState } from "host-bridge:summon";
+\`\`\`
+
+#### Triggers
+
+${triggerRows}
+
+#### Host state
+
+- \`await callTool(toolName, args)\` calls a granted host tool and resolves to \`{ ok, state, error? }\`.
+- \`await getState()\` reads the latest host-owned state snapshot.
+- \`onState((state) => { ... })\` subscribes to host \`pushState()\` updates and returns an unsubscribe function.
+- Copy host-owned keys into Arrow \`reactive()\` state before rendering loading, data, error, empty, pending, or done UI.
+
+#### Data resources
+
+Data resources expose host-owned lifecycle keys. Render loading, data, error, and empty states from the named keys supplied by the host. Do not invent fetched rows, profiles, images, or counts before a successful resource result. The PolicyEngine remains the execution boundary.`;
+}
diff --git a/packages/engine/test/contracts.test.ts b/packages/engine/test/contracts.test.ts
index 3b44179..8e8951d 100644
--- a/packages/engine/test/contracts.test.ts
+++ b/packages/engine/test/contracts.test.ts
@@ -6,19 +6,17 @@ import {
   compileSurfaceContractView,
   compileSystemContracts,
   compileTokenContract,
-  deriveSurfacePlanControls,
   inferSurfacePlan,
   normalizeSurfacePlan,
   suggestSurfacePlan,
   SUMMON_FIXED_INSTRUCTIONS,
   SURFACE_AUTHORITY_VALUES,
   SURFACE_DATA_VALUES,
+  SURFACE_NETWORK_VALUES,
   SURFACE_PERSISTENCE_VALUES,
   SURFACE_PURPOSE_VALUES,
-  SURFACE_RUNTIME_VALUES,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
-  type SurfacePlan,
   type SummonLayout,
 } from '../src/index.ts';
 
@@ -27,11 +25,11 @@ const defaultTokens = readFileSync(
   'utf-8',
 );
 
-test('fixed prompt describes skeleton-first progressive rendering', () => {
-  assert.match(SUMMON_FIXED_INSTRUCTIONS, /Progressive rendering contract/);
-  assert.match(SUMMON_FIXED_INSTRUCTIONS, /placeholder `add \/section\/<id>`/);
-  assert.match(SUMMON_FIXED_INSTRUCTIONS, /later accepted `add` lines for the same section as replacements/);
-  assert.match(SUMMON_FIXED_INSTRUCTIONS, /complete, validated JSONL protocol lines/);
+test('fixed prompt describes Arrow-only artifact output', () => {
+  assert.match(SUMMON_FIXED_INSTRUCTIONS, /Output protocol — Arrow JSONL only/);
+  assert.match(SUMMON_FIXED_INSTRUCTIONS, /"op":"artifact"/);
+  assert.match(SUMMON_FIXED_INSTRUCTIONS, /"runtime":"arrow"/);
+  assert.match(SUMMON_FIXED_INSTRUCTIONS, /Do not emit `set \/screen`, `add \/section\/\*`/);
 });
 
 test('token compiler emits prompt vocabulary and validates from the token contract', () => {
@@ -126,8 +124,8 @@ test('system compiler returns deterministic prompt block order and validation co
       { id: 'details', purpose: 'Supporting facts' },
     ],
   };
-  const capabilities: CapabilityPack = {
-    intents: [
+  const tools: ToolPack = {
+    tools: [
       {
         name: 'choose',
         description: 'Pick an option.',
@@ -153,10 +151,8 @@ test('system compiler returns deterministic prompt block order and validation co
       product: 'Ghost Product',
     },
     layout,
-    editBlock: 'Edit block.',
-    capabilities,
+    tools,
     tokenOverrides: [{ token: 'color-accent', baseValue: 'blue', newValue: 'red' }],
-    postures: { postures: [{ name: 'brief', description: 'Short response.' }] },
   });
 
   assert.deepEqual(
@@ -166,23 +162,14 @@ test('system compiler returns deterministic prompt block order and validation co
       'direction:demo',
       'ghost',
       'layout:two-slot',
-      'edit',
-      'capabilities',
+      'tools',
       'token-overrides',
-      'postures',
     ],
   );
   assert.equal(compiled.validationContext.mode, 'interactive');
-  assert.equal(compiled.validationContext.scriptPolicy, 'forbid');
-  assert.deepEqual([...(compiled.validationContext.allowedIntents ?? [])], ['choose']);
+  assert.deepEqual([...(compiled.validationContext.allowedTools ?? [])], ['choose']);
   assert.equal(compiled.validationContext.definedTokens?.has('color-bg'), true);
-  assert.deepEqual(compiled.startupLines, [
-    {
-      op: 'set',
-      path: '/screen',
-      value: { sections: ['summary', 'details'] },
-    },
-  ]);
+  assert.deepEqual(compiled.startupLines, []);
 });
 
 test('system compiler includes a host-owned surface plan block', () => {
@@ -190,13 +177,14 @@ test('system compiler includes a host-owned surface plan block', () => {
     mode: 'interactive',
     surfacePlan: {
       purpose: 'explore',
-      runtime: 'declarative',
+      runtime: 'arrow',
       data: 'host-resource',
       authority: 'read',
       persistence: 'replayable',
+      network: 'none',
     },
-    capabilities: {
-      intents: [
+    tools: {
+      tools: [
         {
           name: 'search',
           description: 'Search host data.',
@@ -212,15 +200,15 @@ test('system compiler includes a host-owned surface plan block', () => {
 
   assert.deepEqual(
     compiled.promptBlocks.map((block) => block.id),
-    ['fixed', 'surface-plan', 'capabilities'],
+    ['fixed', 'surface-plan', 'tools'],
   );
-  assert.equal(compiled.validationContext.scriptPolicy, 'forbid');
   assert.deepEqual(compiled.validationContext.surfacePlan, {
     purpose: 'explore',
-    runtime: 'declarative',
+    runtime: 'arrow',
     data: 'host-resource',
     authority: 'read',
     persistence: 'replayable',
+    network: 'none',
   });
   const surfaceBlock = compiled.promptBlocks.find((block) => block.id === 'surface-plan');
   assert.match(surfaceBlock?.text ?? '', /host-owned runtime contract/);
@@ -228,8 +216,8 @@ test('system compiler includes a host-owned surface plan block', () => {
 });
 
 test('system compiler includes compact surface contract view without dropping detail blocks', () => {
-  const capabilities: CapabilityPack = {
-    intents: [
+  const tools: ToolPack = {
+    tools: [
       {
         name: 'search',
         description: 'Search host data.',
@@ -258,27 +246,26 @@ test('system compiler includes compact surface contract view without dropping de
     purpose: 'explore',
     grants: ['search'],
     components: ['MetricCard'],
-  }, { capabilities, components });
+  }, { tools, components });
   const compiled = compileSystemContracts({
     mode: surfaceContract.surface.mode,
     surfaceContract,
-    capabilities: surfaceContract.tools.length ? capabilities : null,
+    tools: surfaceContract.tools.length ? tools : null,
     components,
-    scriptPolicy: surfaceContract.surface.scriptPolicy,
   });
 
   assert.deepEqual(
     compiled.promptBlocks.map((block) => block.id),
-    ['fixed', 'surface-contract', 'capabilities', 'components'],
+    ['fixed', 'surface-contract', 'tools', 'components'],
   );
   const surfaceBlock = compiled.promptBlocks.find((block) => block.id === 'surface-contract');
   assert.match(surfaceBlock?.text ?? '', /compact, read-only view/);
-  assert.match(surfaceBlock?.text ?? '', /freeform HTML\/CSS/);
+  assert.match(surfaceBlock?.text ?? '', /Arrow/);
   assert.match(surfaceBlock?.text ?? '', /Do not emit `\/surface-contract`, `\/surface-policy`, or `\/surface-plan`/);
   assert.match(surfaceBlock?.text ?? '', /`search` \(resource\)/);
   assert.match(surfaceBlock?.text ?? '', /`MetricCard`/);
   assert.equal(compiled.promptBlocks.some((block) => block.id === 'surface-plan'), false);
-  assert.match(compiled.promptBlocks.find((block) => block.id === 'capabilities')?.text ?? '', /Available data resources/);
+  assert.match(compiled.promptBlocks.find((block) => block.id === 'tools')?.text ?? '', /Available data resources/);
   assert.match(compiled.promptBlocks.find((block) => block.id === 'components')?.text ?? '', /Component islands/);
   assert.deepEqual(compiled.validationContext.surfacePlan, surfaceContract.surface.plan);
 });
@@ -286,24 +273,24 @@ test('system compiler includes compact surface contract view without dropping de
 test('surface plan normalization and suggestions are stable', () => {
   assert.deepEqual(normalizeSurfacePlan({
     purpose: 'operate',
-    runtime: 'worker',
+    runtime: 'arrow',
     data: 'worker',
     authority: 'approval-gated',
     persistence: 'replayable',
   }), {
     purpose: 'operate',
-    runtime: 'worker',
+    runtime: 'arrow',
     data: 'worker',
     authority: 'approval-gated',
     persistence: 'replayable',
+    network: 'none',
   });
 
   const suggestion = suggestSurfacePlan({
     prompt: 'compare payment plans and help me pick one',
     mode: 'interactive',
-    scriptPolicy: 'forbid',
-    capabilities: {
-      intents: [
+    tools: {
+      tools: [
         {
           name: 'choose',
           description: 'Choose.',
@@ -317,17 +304,17 @@ test('surface plan normalization and suggestions are stable', () => {
 
   assert.deepEqual(suggestion, {
     purpose: 'compare',
-    runtime: 'declarative',
+    runtime: 'arrow',
     data: 'embedded',
     authority: 'host-action',
     persistence: 'replayable',
+    network: 'none',
   });
   assert.deepEqual(inferSurfacePlan({
     prompt: 'compare payment plans and help me pick one',
     mode: 'interactive',
-    scriptPolicy: 'forbid',
-    capabilities: {
-      intents: [
+    tools: {
+      tools: [
         {
           name: 'choose',
           description: 'Choose.',
@@ -340,7 +327,7 @@ test('surface plan normalization and suggestions are stable', () => {
   }), suggestion);
 });
 
-test('surface plan host control helpers expose values and derive defaults', () => {
+test('surface plan host diagnostics expose Arrow-only values', () => {
   assert.deepEqual([...SURFACE_PURPOSE_VALUES], [
     'inform',
     'compare',
@@ -350,11 +337,6 @@ test('surface plan host control helpers expose values and derive defaults', () =
     'review',
     'export',
   ]);
-  assert.deepEqual([...SURFACE_RUNTIME_VALUES], [
-    'static',
-    'declarative',
-    'worker',
-  ]);
   assert.deepEqual([...SURFACE_DATA_VALUES], [
     'embedded',
     'host-resource',
@@ -370,26 +352,10 @@ test('surface plan host control helpers expose values and derive defaults', () =
     'ephemeral',
     'replayable',
   ]);
-
-  const base: Omit<SurfacePlan, 'runtime'> = {
-    purpose: 'explore',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  };
-
-  assert.deepEqual(deriveSurfacePlanControls({ ...base, runtime: 'static' }), {
-    mode: 'static',
-    scriptPolicy: 'forbid',
-  });
-  assert.deepEqual(deriveSurfacePlanControls({ ...base, runtime: 'declarative' }), {
-    mode: 'interactive',
-    scriptPolicy: 'forbid',
-  });
-  assert.deepEqual(deriveSurfacePlanControls({ ...base, runtime: 'worker' }), {
-    mode: 'interactive',
-    scriptPolicy: 'forbid',
-  });
+  assert.deepEqual([...SURFACE_NETWORK_VALUES], [
+    'none',
+    'restricted-fetch',
+  ]);
 });
 
 test('system compiler validates against explicit active tokens when direction is layered', () => {
@@ -416,12 +382,11 @@ test('system compiler validates against explicit active tokens when direction is
   assert.equal(compiled.validationContext.definedTokens?.has('ghost-config-only'), true);
 });
 
-test('system compiler can produce declarative-only interactive contracts', () => {
+test('system compiler can produce Arrow-native interactive contracts', () => {
   const compiled = compileSystemContracts({
     mode: 'interactive',
-    scriptPolicy: 'forbid',
-    capabilities: {
-      intents: [
+    tools: {
+      tools: [
         {
           name: 'choose',
           description: 'Pick an option.',
@@ -436,86 +401,23 @@ test('system compiler can produce declarative-only interactive contracts', () =>
           code: '<button id="x">Pick</button><script>document.getElementById("x")?.addEventListener("click", () => sandbox.emit("choose", {option:"A"}))</script>',
         },
         {
-          name: 'declarative pattern',
+          name: 'legacy declarative pattern',
           code: '<button data-summon-on-click="choose" data-summon-args=\'{"option":"A"}\'>Pick</button>',
         },
-      ],
-    },
-  });
-
-  assert.equal(compiled.validationContext.scriptPolicy, 'forbid');
-  const capabilitiesBlock = compiled.promptBlocks.find((block) => block.id === 'capabilities');
-  assert.match(capabilitiesBlock?.text ?? '', /Declarative-only interactivity/);
-  assert.match(capabilitiesBlock?.text ?? '', /Do not emit `<script>` tags/);
-  assert.doesNotMatch(capabilitiesBlock?.text ?? '', /document\.getElementById/);
-  assert.match(capabilitiesBlock?.text ?? '', /data-summon-on-click="choose"/);
-});
-
-test('system compiler rejects removed script policy allow', () => {
-  const missingPlan = compileSystemContracts({
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    capabilities: {
-      intents: [
-        {
-          name: 'choose',
-          description: 'Pick an option.',
-          argsSchema: '{option: string}',
-          stateShape: '{lastChoice: string}',
-          triggers: ['click'],
-        },
-      ],
-    },
-  });
-
-  assert.equal(missingPlan.validationContext.scriptPolicy, 'forbid');
-  assert.ok(missingPlan.issues.some((issue) =>
-    issue.code === 'surface-script-policy-removed'
-  ));
-
-  const declarativePlan = compileSystemContracts({
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'declarative',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    },
-  });
-
-  assert.ok(declarativePlan.issues.some((issue) =>
-    issue.code === 'surface-script-policy-removed'
-  ));
-});
-
-test('system compiler rejects legacy scripted surface plan with script policy allow', () => {
-  const compiled = compileSystemContracts({
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'scripted',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    } as never,
-    capabilities: {
-      intents: [
         {
-          name: 'choose',
-          description: 'Pick an option.',
-          argsSchema: '{option: string}',
-          stateShape: '{lastChoice: string}',
-          triggers: ['click'],
+          name: 'arrow pattern',
+          code: 'import { callTool } from "host-bridge:summon";\nconst choose = () => callTool("choose", { option: "A" });',
         },
       ],
     },
   });
 
-  assert.equal(compiled.validationContext.scriptPolicy, 'forbid');
-  assert.equal(compiled.issues.some((issue) => issue.code === 'surface-script-policy-removed'), true);
-  const capabilitiesBlock = compiled.promptBlocks.find((block) => block.id === 'capabilities');
-  assert.match(capabilitiesBlock?.text ?? '', /Script policy — declarative only/);
+  const toolsBlock = compiled.promptBlocks.find((block) => block.id === 'tools');
+  assert.match(toolsBlock?.text ?? '', /Arrow-native interactivity/);
+  assert.match(toolsBlock?.text ?? '', /host-bridge:summon/);
+  assert.match(toolsBlock?.text ?? '', /onState/);
+  assert.match(toolsBlock?.text ?? '', /Do not emit `<script>` tags/);
+  assert.doesNotMatch(toolsBlock?.text ?? '', /document\.getElementById/);
+  assert.doesNotMatch(toolsBlock?.text ?? '', /data-summon-on-click="choose"/);
+  assert.match(toolsBlock?.text ?? '', /arrow pattern/);
 });
diff --git a/packages/engine/test/protocol-hardener.test.ts b/packages/engine/test/protocol-hardener.test.ts
index 349ba08..4d1c21f 100644
--- a/packages/engine/test/protocol-hardener.test.ts
+++ b/packages/engine/test/protocol-hardener.test.ts
@@ -2,62 +2,37 @@ import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
   createProtocolHardener,
+  type ContractIssue,
   type ProtocolHardenerResult,
-  type ProtocolLine,
   type ProtocolSkipMetaValue,
-  type ScreenSynthesizedMetaValue,
-  type SummonLayout,
   type ValidationContext,
-  type ContractIssue,
 } from '../src/index.ts';
 
 const baseContext: ValidationContext = {
   mode: 'static',
-  capabilities: [{ name: 'choose', triggers: ['click'] }],
-  definedTokens: new Set(['color-text', 'space-2', 'radius-pill']),
-};
-
-const interactiveContext: ValidationContext = {
-  mode: 'interactive',
-  capabilities: [
-    { name: 'choose', triggers: ['click'] },
-    { name: 'search', triggers: ['submit', 'mount'] },
-  ],
+  surfacePlan: {
+    purpose: 'inform',
+    runtime: 'arrow',
+    data: 'embedded',
+    authority: 'none',
+    persistence: 'replayable',
+    network: 'none',
+  },
 };
 
-function add(section: string, html = '<p>Hi</p>'): string {
-  return JSON.stringify({ op: 'add', path: `/section/${section}`, html });
-}
-
-function screen(sections: string[]): string {
-  return JSON.stringify({ op: 'set', path: '/screen', value: { sections } });
-}
-
-function blockSet(section: string, blocks: string[]): string {
-  return JSON.stringify({ op: 'set', path: `/section/${section}`, value: { blocks } });
-}
-
-function blockAdd(section: string, block: string, html = '<p>Hi</p>'): string {
-  return JSON.stringify({ op: 'add', path: `/section/${section}/block/${block}`, html });
-}
-
-function nodeAdd(section: string, node: string, html: string, parent?: string): string {
+function artifactLine(source = 'import { html } from "@arrow-js/core";\nexport default html`<p>Hi</p>`'): string {
   return JSON.stringify({
-    op: 'add',
-    path: `/section/${section}/node/${node}`,
-    html,
-    ...(parent ? { parent } : {}),
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': source,
+      },
+    },
   });
 }
 
-function opPaths(result: ProtocolHardenerResult): string[] {
-  return result.outboundLines.map((line) => `${line.op}:${line.path}`);
-}
-
-function acceptedOpPaths(result: ProtocolHardenerResult): string[] {
-  return result.acceptedLines.map((line) => `${line.op}:${line.path}`);
-}
-
 function issueCodes(issues: ContractIssue[]): string[] {
   return issues.map((issue) => issue.code).sort();
 }
@@ -70,22 +45,6 @@ function skipValue(result: ProtocolHardenerResult): ProtocolSkipMetaValue {
   return line.value as ProtocolSkipMetaValue;
 }
 
-function synthesizedValue(result: ProtocolHardenerResult): ScreenSynthesizedMetaValue {
-  const line = result.outboundLines[0];
-  if (!line || line.op !== 'meta' || line.path !== '/screen-synthesized') {
-    throw new Error(`expected /screen-synthesized, got ${JSON.stringify(line)}`);
-  }
-  return line.value as ScreenSynthesizedMetaValue;
-}
-
-function screenSections(line: ProtocolLine): string[] {
-  if (line.op !== 'set') throw new Error(`expected set line, got ${line.op}`);
-  const value = line.value as { sections?: unknown };
-  return Array.isArray(value.sections)
-    ? value.sections.filter((section): section is string => typeof section === 'string')
-    : [];
-}
-
 test('malformed text emits protocol-skip and does not block', () => {
   const hardener = createProtocolHardener({ validationContext: baseContext });
   const result = hardener.processRawLine('not json at all');
@@ -96,330 +55,46 @@ test('malformed text emits protocol-skip and does not block', () => {
   assert.equal(skipValue(result).severity, 'warn');
 });
 
-test('early add synthesizes a screen before accepting the section', () => {
+test('meta lines pass through unless host-owned', () => {
   const hardener = createProtocolHardener({ validationContext: baseContext });
-  const result = hardener.processRawLine(add('hero'));
+  const status = hardener.processRawLine(JSON.stringify({ op: 'meta', path: '/status', value: 'writing' }));
+  const hostOwned = hardener.processRawLine(JSON.stringify({ op: 'meta', path: '/surface-plan', value: {} }));
 
-  assert.deepEqual(opPaths(result), [
-    'meta:/screen-synthesized',
-    'set:/screen',
-    'add:/section/hero',
-  ]);
-  assert.deepEqual(synthesizedValue(result), {
-    sections: ['hero'],
-    reason: 'add-before-screen',
-  });
-  assert.deepEqual(acceptedOpPaths(result), ['set:/screen', 'add:/section/hero']);
-  assert.deepEqual(screenSections(result.acceptedLines[0]!), ['hero']);
+  assert.deepEqual(status.outboundLines.map((line) => line.path), ['/status']);
+  assert.deepEqual(status.acceptedLines, []);
+  assert.equal(hostOwned.blocked?.code, 'host-owned-meta');
+  assert.deepEqual(hostOwned.outboundLines, []);
 });
 
-test('synthetic screen grows until a valid real screen arrives', () => {
+test('valid Arrow artifacts are accepted and emitted', () => {
   const hardener = createProtocolHardener({ validationContext: baseContext });
-
-  hardener.processRawLine(add('hero'));
-  const second = hardener.processRawLine(add('details'));
-  assert.deepEqual(screenSections(second.outboundLines[1]!), ['hero', 'details']);
-
-  const real = hardener.processRawLine(screen(['details']));
-  assert.deepEqual(acceptedOpPaths(real), ['set:/screen']);
-  assert.deepEqual(screenSections(real.acceptedLines[0]!), ['details']);
-
-  const declared = hardener.processRawLine(add('details', '<p>Updated</p>'));
-  assert.deepEqual(acceptedOpPaths(declared), ['add:/section/details']);
-});
-
-test('synthetic screen caps at the configured section limit', () => {
-  const hardener = createProtocolHardener({
-    validationContext: baseContext,
-    maxSyntheticSections: 2,
-  });
-
-  hardener.processRawLine(add('one'));
-  hardener.processRawLine(add('two'));
-  const third = hardener.processRawLine(add('three'));
-
-  assert.equal(third.blocked, undefined);
-  assert.deepEqual(third.acceptedLines, []);
-  assert.equal(skipValue(third).code, 'synthetic-section-limit');
-});
-
-test('real screen order rejects later undeclared sections', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-
-  hardener.processRawLine(screen(['hero']));
-  const result = hardener.processRawLine(add('details'));
+  const result = hardener.processRawLine(artifactLine());
 
   assert.equal(result.blocked, undefined);
-  assert.deepEqual(result.acceptedLines, []);
-  assert.equal(skipValue(result).code, 'undeclared-section');
-});
-
-test('layout mode skips model screens and out-of-slot adds', () => {
-  const layout: SummonLayout = {
-    id: 'card-structured',
-    slots: [
-      { id: 'header', purpose: 'title and main takeaway' },
-      { id: 'content', purpose: 'supporting details' },
-    ],
-  };
-  const hardener = createProtocolHardener({ validationContext: baseContext, layout });
-
-  const screenResult = hardener.processRawLine(screen(['header', 'content']));
-  assert.equal(skipValue(screenResult).code, 'layout-disallowed');
-
-  const outOfSlot = hardener.processRawLine(add('actions'));
-  assert.equal(skipValue(outOfSlot).code, 'layout-disallowed');
-
-  const allowed = hardener.processRawLine(add('header'));
-  assert.deepEqual(acceptedOpPaths(allowed), ['add:/section/header']);
-});
-
-test('edit mode accepts targeted section replacement without synthetic screen', () => {
-  const hardener = createProtocolHardener({
-    validationContext: baseContext,
-    initialScreenSections: ['hero', 'details'],
-    allowedSectionIds: ['details'],
-  });
-  const result = hardener.processRawLine(add('details', '<p>Updated</p>'));
-
-  assert.deepEqual(opPaths(result), ['add:/section/details']);
-  assert.deepEqual(acceptedOpPaths(result), ['add:/section/details']);
-});
-
-test('edit mode rejects untargeted section replacements', () => {
-  const hardener = createProtocolHardener({
-    validationContext: baseContext,
-    initialScreenSections: ['hero', 'details'],
-    allowedSectionIds: ['details'],
-  });
-  const result = hardener.processRawLine(add('hero', '<p>Wrong target</p>'));
-
-  assert.equal(skipValue(result).code, 'section-not-targeted');
-  assert.equal(result.repairFeedback?.[0]?.status, 'skipped');
-});
-
-test('blocked add returns repair feedback and rejected line', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-  const result = hardener.processRawLine(add('hero', '<img src="https://example.com/a.png">'));
-
-  assert.equal(result.blocked?.code, 'external-url');
-  assert.equal(result.rejectedLine?.path, '/section/hero');
-  assert.equal(result.repairFeedback?.[0]?.schemaId, 'summon.repair-feedback.v2');
-  assert.equal(result.repairFeedback?.[0]?.status, 'blocked');
-  assert.equal(result.repairFeedback?.[0]?.retryable, true);
-  assert.equal(result.repairFeedback?.[0]?.target, '/section/hero');
-});
-
-test('patch set can reorder existing screen sections', () => {
-  const hardener = createProtocolHardener({
-    validationContext: baseContext,
-    initialScreenSections: ['hero', 'details'],
-  });
-  const result = hardener.processRawLine(screen(['details', 'hero']));
-
-  assert.deepEqual(acceptedOpPaths(result), ['set:/screen']);
-  assert.deepEqual(screenSections(result.acceptedLines[0]!), ['details', 'hero']);
+  assert.deepEqual(result.outboundLines.map((line) => line.path), ['/artifact']);
+  assert.deepEqual(result.acceptedLines.map((line) => line.path), ['/artifact']);
+  assert.deepEqual(result.issues, []);
 });
 
-test('unsafe HTML blocks and emits no accepted add', () => {
+test('invalid Arrow artifacts block with validation issues', () => {
   const hardener = createProtocolHardener({ validationContext: baseContext });
-  const result = hardener.processRawLine(add('hero', '<img src="https://example.com/a.png">'));
+  const result = hardener.processRawLine(artifactLine('import { html } from "@arrow-js/core";\nexport default html`<input .value=${state.title}>`'));
 
-  assert.equal(result.blocked?.code, 'external-url');
+  assert.equal(result.blocked?.code, 'unsupported-arrow-idl-binding');
   assert.deepEqual(result.outboundLines, []);
   assert.deepEqual(result.acceptedLines, []);
+  assert.deepEqual(issueCodes(result.issues), ['unsupported-arrow-idl-binding']);
 });
 
-test('ungranted mount, click, and submit trigger usage blocks', () => {
-  const hardener = createProtocolHardener({ validationContext: interactiveContext });
-
-  const mount = hardener.processRawLine(add('hero', '<div data-summon-on-mount="choose"></div>'));
-  assert.equal(mount.blocked?.code, 'intent-trigger-not-granted');
-
-  const click = createProtocolHardener({ validationContext: interactiveContext })
-    .processRawLine(add('hero', '<button data-summon-on-click="search">Search</button>'));
-  assert.equal(click.blocked?.code, 'intent-trigger-not-granted');
-
-  const submit = createProtocolHardener({ validationContext: interactiveContext })
-    .processRawLine(add('hero', '<form data-summon-on-submit="choose"></form>'));
-  assert.equal(submit.blocked?.code, 'intent-trigger-not-granted');
-});
-
-test('style warnings do not skip or block accepted lines', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-  const result = hardener.processRawLine(
-    add('hero', '<p style="color:#fff;margin:13px">Hi</p>'),
-  );
-
-  assert.equal(result.blocked, undefined);
-  assert.deepEqual(issueCodes(result.issues), ['raw-color', 'raw-px']);
-  assert.deepEqual(acceptedOpPaths(result), ['set:/screen', 'add:/section/hero']);
-});
-
-test('accepted structural lines remain suitable for Ghost review packets', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-  const result = hardener.processRawLine(add('hero'));
-
-  assert.deepEqual(opPaths(result), [
-    'meta:/screen-synthesized',
-    'set:/screen',
-    'add:/section/hero',
-  ]);
-  assert.equal(result.acceptedLines.every((line) => line.op === 'set' || line.op === 'add'), true);
-});
-
-test('block fragments require declared section and block order before accepted adds', () => {
+test('legacy section protocol is skipped as unsupported JSONL protocol', () => {
   const hardener = createProtocolHardener({ validationContext: baseContext });
-  hardener.processRawLine(screen(['summary']));
+  const setResult = hardener.processRawLine(JSON.stringify({ op: 'set', path: '/screen', value: { sections: ['hero'] } }));
+  const addResult = hardener.processRawLine(JSON.stringify({ op: 'add', path: '/section/hero', html: '<p>Hi</p>' }));
 
-  const declaration = hardener.processRawLine(blockSet('summary', ['headline', 'metrics']));
-  assert.deepEqual(acceptedOpPaths(declaration), ['set:/section/summary']);
-
-  const addResult = hardener.processRawLine(blockAdd('summary', 'headline', '<h1>Ready</h1>'));
+  assert.equal(setResult.blocked, undefined);
   assert.equal(addResult.blocked, undefined);
-  assert.deepEqual(acceptedOpPaths(addResult), ['add:/section/summary/block/headline']);
-});
-
-test('block fragments reject undeclared blocks without blocking the stream', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-  hardener.processRawLine(screen(['summary']));
-  hardener.processRawLine(blockSet('summary', ['headline']));
-
-  const result = hardener.processRawLine(blockAdd('summary', 'metrics', '<p>Wrong</p>'));
-  assert.equal(result.blocked, undefined);
-  assert.deepEqual(result.acceptedLines, []);
-  assert.equal(skipValue(result).code, 'undeclared-block');
-});
-
-test('unsafe block HTML blocks and can be repaired at the block path', () => {
-  const hardener = createProtocolHardener({ validationContext: baseContext });
-  hardener.processRawLine(screen(['summary']));
-  hardener.processRawLine(blockSet('summary', ['headline']));
-
-  const result = hardener.processRawLine(blockAdd('summary', 'headline', '<script>alert(1)</script>'));
-  assert.equal(result.blocked?.code, 'static-script');
-  assert.equal(result.repairFeedback?.[0]?.target, '/section/summary/block/headline');
-  assert.deepEqual(result.acceptedLines, []);
-});
-
-test('block fragments validate the recomposed parent section', () => {
-  const componentContext: ValidationContext = {
-    ...baseContext,
-    components: [{ name: 'MetricCard' }],
-  };
-  const hardener = createProtocolHardener({ validationContext: componentContext });
-  hardener.processRawLine(screen(['summary']));
-  hardener.processRawLine(blockSet('summary', ['metric-a', 'metric-b']));
-
-  const html = '<div data-summon-component="MetricCard" data-summon-component-id="metric" data-summon-props="{}"></div>';
-  assert.equal(hardener.processRawLine(blockAdd('summary', 'metric-a', html)).blocked, undefined);
-  const duplicate = hardener.processRawLine(blockAdd('summary', 'metric-b', html));
-  assert.equal(duplicate.blocked?.code, 'component-id-duplicate');
-  assert.equal(duplicate.repairFeedback?.[0]?.target, '/section/summary/block/metric-b');
-});
-
-test('html node fragments require experiment mode and a declared section', () => {
-  const disabled = createProtocolHardener({ validationContext: baseContext });
-  const disabledResult = disabled.processRawLine(
-    nodeAdd('main', 'root', '<div data-summon-node="root"></div>'),
-  );
-  assert.equal(skipValue(disabledResult).code, 'experimental-node-fragment-disabled');
-
-  const hardener = createProtocolHardener({
-    validationContext: { ...baseContext, experimentalFragmentMode: 'html-node-v0' },
-  });
-  const undeclared = hardener.processRawLine(
-    nodeAdd('main', 'root', '<div data-summon-node="root"></div>'),
-  );
-  assert.equal(skipValue(undeclared).code, 'undeclared-section');
-});
-
-test('html node fragments accept parented raw HTML patches', () => {
-  const hardener = createProtocolHardener({
-    validationContext: { ...baseContext, experimentalFragmentMode: 'html-node-v0' },
-  });
-  hardener.processRawLine(screen(['main']));
-
-  const root = hardener.processRawLine(
-    nodeAdd('main', 'root', '<div data-summon-node="root" class="dashboard"></div>'),
-  );
-  assert.equal(root.blocked, undefined);
-  assert.deepEqual(acceptedOpPaths(root), ['add:/section/main/node/root']);
-
-  const child = hardener.processRawLine(
-    nodeAdd('main', 'headline', '<header data-summon-node="headline"><h1>Ready</h1></header>', 'root'),
-  );
-  assert.equal(child.blocked, undefined);
-  assert.deepEqual(acceptedOpPaths(child), ['add:/section/main/node/headline']);
-});
-
-test('html node fragments reject missing parents without blocking the stream', () => {
-  const hardener = createProtocolHardener({
-    validationContext: { ...baseContext, experimentalFragmentMode: 'html-node-v0' },
-  });
-  hardener.processRawLine(screen(['main']));
-
-  const result = hardener.processRawLine(
-    nodeAdd('main', 'headline', '<header data-summon-node="headline"></header>', 'root'),
-  );
-  assert.equal(result.blocked, undefined);
-  assert.deepEqual(result.acceptedLines, []);
-  assert.equal(skipValue(result).code, 'undeclared-node-parent');
-});
-
-test('unsafe html node patch blocks and can be repaired at the node path', () => {
-  const hardener = createProtocolHardener({
-    validationContext: { ...baseContext, experimentalFragmentMode: 'html-node-v0' },
-  });
-  hardener.processRawLine(screen(['main']));
-
-  const result = hardener.processRawLine(
-    nodeAdd('main', 'root', '<div data-summon-node="root"><script>alert(1)</script></div>'),
-  );
-  assert.equal(result.blocked?.code, 'static-script');
-  assert.equal(result.repairFeedback?.[0]?.target, '/section/main/node/root');
-  assert.deepEqual(result.acceptedLines, []);
-});
-
-test('html node patches reject nested node ids', () => {
-  const hardener = createProtocolHardener({
-    validationContext: { ...baseContext, experimentalFragmentMode: 'html-node-v0' },
-  });
-  hardener.processRawLine(screen(['main']));
-
-  const result = hardener.processRawLine(
-    nodeAdd(
-      'main',
-      'root',
-      '<div data-summon-node="root"><p data-summon-node="nested">Wrong</p></div>',
-    ),
-  );
-  assert.equal(result.blocked?.code, 'nested-node-id');
-  assert.equal(result.repairFeedback?.[0]?.target, '/section/main/node/root');
-});
-
-test('html node fragments validate the recomposed parent section', () => {
-  const componentContext: ValidationContext = {
-    ...baseContext,
-    experimentalFragmentMode: 'html-node-v0',
-    components: [{ name: 'MetricCard' }],
-  };
-  const hardener = createProtocolHardener({ validationContext: componentContext });
-  hardener.processRawLine(screen(['main']));
-  hardener.processRawLine(
-    nodeAdd('main', 'root', '<div data-summon-node="root"></div>'),
-  );
-
-  const html = '<div data-summon-node="metric-a" data-summon-component="MetricCard" data-summon-component-id="metric" data-summon-props="{}"></div>';
-  assert.equal(hardener.processRawLine(nodeAdd('main', 'metric-a', html, 'root')).blocked, undefined);
-  const duplicate = hardener.processRawLine(
-    nodeAdd(
-      'main',
-      'metric-b',
-      '<div data-summon-node="metric-b" data-summon-component="MetricCard" data-summon-component-id="metric" data-summon-props="{}"></div>',
-      'root',
-    ),
-  );
-  assert.equal(duplicate.blocked?.code, 'component-id-duplicate');
-  assert.equal(duplicate.repairFeedback?.[0]?.target, '/section/main/node/metric-b');
+  assert.equal(skipValue(setResult).code, 'malformed-jsonl');
+  assert.equal(skipValue(addResult).code, 'malformed-jsonl');
+  assert.deepEqual(setResult.acceptedLines, []);
+  assert.deepEqual(addResult.acceptedLines, []);
 });
diff --git a/packages/engine/test/runtime-compiler.test.ts b/packages/engine/test/runtime-compiler.test.ts
deleted file mode 100644
index 483c98c..0000000
--- a/packages/engine/test/runtime-compiler.test.ts
+++ /dev/null
@@ -1,74 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { compileArtifactHtml } from '../src/index.ts';
-import { baseContext, codes } from './runtime-validator-fixtures.ts';
-
-test('compiler canonicalizes malformed browser HTML', () => {
-  const result = compileArtifactHtml('<p><div>Inside</div></p>', baseContext);
-
-  assert.equal(result.compilerVersion, 'summon-artifact-compiler-v2');
-  assert.equal(codes(result.issues).includes('unsafe-tag'), false);
-  assert.notEqual(result.html, '<p><div>Inside</div></p>');
-  assert.match(result.html, /<div>Inside<\/div>/);
-});
-
-test('compiler handles slash-after-tag and quoted-greater-than edge cases', () => {
-  const script = compileArtifactHtml('<script/src=x>alert(1)</script>', {
-    mode: 'interactive',
-    capabilities: [{ name: 'choose', triggers: ['click'] }],
-  });
-  assert.ok(codes(script.issues).includes('script-not-granted'));
-
-  const iframe = compileArtifactHtml('<iframe/srcdoc="<p>x</p>"></iframe>', baseContext);
-  assert.ok(codes(iframe.issues).includes('unsafe-tag'));
-
-  const img = compileArtifactHtml('<img alt=">" src="https://example.test/a.png">', baseContext);
-  assert.deepEqual(codes(img.issues), ['external-url']);
-});
-
-test('compiler decodes HTML entities before URL checks', () => {
-  const jsUrl = compileArtifactHtml('<a href="javascript&#58;alert(1)">bad</a>', baseContext);
-  assert.deepEqual(codes(jsUrl.issues), ['external-url']);
-
-  const assetUrl = compileArtifactHtml('<img src="data:image/gif;base64,R0lGODlhAQABAAAAACw=" alt="">', baseContext);
-  assert.deepEqual(assetUrl.issues, []);
-});
-
-test('compiler ignores comments and escaped raw-text false positives', () => {
-  const result = compileArtifactHtml(
-    '<p>&lt;script&gt;safe text&lt;/script&gt;</p><!-- <iframe srcdoc=""> -->',
-    baseContext,
-  );
-
-  assert.deepEqual(result.issues, []);
-  assert.match(result.html, /&lt;script&gt;safe text&lt;\/script&gt;/);
-});
-
-test('compiler blocks unsafe SVG and executable SVG escapes', () => {
-  const foreignObject = compileArtifactHtml('<svg viewBox="0 0 10 10"><foreignObject><div>x</div></foreignObject></svg>', baseContext);
-  assert.ok(codes(foreignObject.issues).includes('unsafe-tag'));
-
-  const svgScript = compileArtifactHtml('<svg><script>alert(1)</script></svg>', { mode: 'interactive' });
-  assert.ok(codes(svgScript.issues).includes('script-not-granted'));
-});
-
-test('compiler blocks CSS imports and escaped external url values', () => {
-  const result = compileArtifactHtml(
-    '<style>@import url("data:text/css,body{}"); .x{background:url("\\68 ttps://example.test/a.png")}</style>',
-    baseContext,
-  );
-
-  assert.deepEqual(codes(result.issues), ['css-import', 'external-url']);
-});
-
-test('compiler accepts declarative local state and motion primitives', () => {
-  const result = compileArtifactHtml(
-    '<div data-summon-local="{&quot;tab&quot;:&quot;overview&quot;,&quot;expanded&quot;:false}" data-summon-motion="enter:rise; update:pulse" data-summon-transition="fade-slide"><button data-summon-set="tab=activity" data-summon-class-active="tab == &quot;activity&quot;">Activity</button><button data-summon-toggle="expanded" data-summon-attr-disabled="!expanded">Toggle</button><section data-summon-show="tab == &quot;activity&quot;"></section><section data-summon-hide="expanded"></section></div>',
-    {
-      mode: 'interactive',
-      scriptPolicy: 'forbid',
-    },
-  );
-
-  assert.deepEqual(result.issues, []);
-});
diff --git a/packages/engine/test/runtime-validator-bindings.test.ts b/packages/engine/test/runtime-validator-bindings.test.ts
deleted file mode 100644
index 88a511e..0000000
--- a/packages/engine/test/runtime-validator-bindings.test.ts
+++ /dev/null
@@ -1,324 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { validateHtmlFragment } from '../src/index.ts';
-import { baseContext, codes } from './runtime-validator-fixtures.ts';
-
-test('accepts click, submit, and mount attributes only for matching triggers', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="choose">Pick</button><form data-summon-on-submit="search"></form><div data-summon-on-mount="search" data-summon-args=\'{"query":"boots"}\'></div>',
-    {
-      mode: 'interactive',
-      capabilities: [
-        { name: 'choose', triggers: ['click'] },
-        { name: 'search', triggers: ['submit', 'mount'] },
-      ],
-    },
-  );
-  assert.deepEqual(issues, []);
-});
-
-test('rejects malformed data-summon-args JSON', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="choose" data-summon-args="{bad json}">Pick</button>',
-    { ...baseContext, mode: 'interactive' },
-  );
-  assert.deepEqual(codes(issues), ['invalid-args-json']);
-});
-
-test('accepts declarative resource submit, mount, foreach, and safe attr bindings', () => {
-  const issues = validateHtmlFragment(
-    `<div data-summon-resource="search" data-summon-resource-as="s">
-      <form data-summon-resource-trigger="submit">
-        <input name="query">
-        <button data-summon-attr-disabled="$s.loading">Go</button>
-      </form>
-      <p data-summon-show="$s.loading">Searching...</p>
-      <p data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-      <ul data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="r"><template><li data-summon-bind="$r.title"></li></template></ul>
-    </div>
-    <div data-summon-resource="profile" data-summon-resource-as="p" data-summon-resource-trigger="mount" data-summon-args='{"username":"octocat"}'>
-      <p data-summon-show="$p.loading">Loading...</p>
-      <p data-summon-show="$p.error" data-summon-bind="$p.error"></p>
-      <img data-summon-attr-src="$p.data.avatar" data-summon-attr-alt="$p.data.login">
-      <ul data-summon-foreach="$p.data.repos" data-summon-as="repo"><template><li data-summon-bind="$repo.name"></li></template></ul>
-    </div>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'search',
-          kind: 'resource',
-          triggers: ['submit'],
-          stateKeys: { loading: 'searching', data: 'results', error: 'searchError' },
-        },
-        {
-          name: 'profile',
-          kind: 'resource',
-          triggers: ['mount'],
-          stateKeys: { loading: 'profileLoading', data: 'profile', error: 'profileError' },
-        },
-      ],
-    },
-  );
-  assert.deepEqual(issues, []);
-});
-
-test('warns when data resource UI omits lifecycle bindings without blocking', () => {
-  const issues = validateHtmlFragment(
-    `<form data-summon-resource="search" data-summon-resource-as="s" data-summon-resource-trigger="submit">
-      <input name="query">
-      <button>Go</button>
-    </form>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'search',
-          kind: 'resource',
-          triggers: ['submit'],
-          stateKeys: { loading: 'searching', data: 'results', error: 'searchError' },
-        },
-      ],
-    },
-  );
-
-  assert.equal(issues.some((issue) => issue.severity === 'block'), false);
-  assert.deepEqual(codes(issues), [
-    'resource-data-not-rendered',
-    'resource-error-not-rendered',
-    'resource-loading-not-rendered',
-  ]);
-});
-
-test('warns when data resource UI omits declared empty state binding', () => {
-  const issues = validateHtmlFragment(
-    `<div data-summon-resource="search" data-summon-resource-as="s">
-      <form data-summon-resource-trigger="submit">
-        <input name="query">
-        <button data-summon-attr-disabled="$s.loading">Go</button>
-      </form>
-      <p data-summon-show="$s.loading">Searching...</p>
-      <p data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-      <ul data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="r"><template><li data-summon-bind="$r.title"></li></template></ul>
-    </div>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'search',
-          kind: 'resource',
-          triggers: ['submit'],
-          stateKeys: { loading: 'searching', data: 'results', error: 'searchError', empty: 'noResults' },
-        },
-      ],
-    },
-  );
-
-  assert.equal(issues.some((issue) => issue.severity === 'block'), false);
-  assert.deepEqual(codes(issues), ['resource-empty-not-rendered']);
-});
-
-test('accepts declared empty state binding for data resources', () => {
-  const issues = validateHtmlFragment(
-    `<div data-summon-resource="search" data-summon-resource-as="s">
-      <form data-summon-resource-trigger="submit">
-        <input name="query">
-        <button data-summon-attr-disabled="$s.loading">Go</button>
-      </form>
-      <p data-summon-show="$s.loading">Searching...</p>
-      <p data-summon-show="$s.error" data-summon-bind="$s.error"></p>
-      <p data-summon-show="$s.empty">No results</p>
-      <ul data-summon-show="$s.data" data-summon-foreach="$s.data" data-summon-as="r"><template><li data-summon-bind="$r.title"></li></template></ul>
-    </div>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'search',
-          kind: 'resource',
-          triggers: ['submit'],
-          stateKeys: { loading: 'searching', data: 'results', error: 'searchError', empty: 'noResults' },
-        },
-      ],
-    },
-  );
-
-  assert.deepEqual(issues, []);
-});
-
-test('warns when controlled action UI omits pending or error state bindings', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="save" data-summon-args=\'{"choice":"A"}\'>Save</button>',
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'save',
-          kind: 'action',
-          triggers: ['click'],
-          actionStateKeys: { pending: 'savePending', done: 'saveDone', error: 'saveError' },
-        },
-      ],
-    },
-  );
-
-  assert.equal(issues.some((issue) => issue.severity === 'block'), false);
-  assert.deepEqual(codes(issues), [
-    'action-error-not-rendered',
-    'action-pending-not-rendered',
-  ]);
-});
-
-test('accepts pending and error bindings for controlled actions', () => {
-  const issues = validateHtmlFragment(
-    `<button data-summon-on-click="save" data-summon-args='{"choice":"A"}' data-summon-attr-disabled="savePending">Save</button>
-     <p data-summon-show="savePending">Saving...</p>
-     <p data-summon-show="saveError" data-summon-bind="saveError"></p>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        {
-          name: 'save',
-          kind: 'action',
-          triggers: ['click'],
-          actionStateKeys: { pending: 'savePending', done: 'saveDone', error: 'saveError' },
-        },
-      ],
-    },
-  );
-
-  assert.deepEqual(issues, []);
-});
-
-test('rejects invalid resource declarations and unsafe attr bindings', () => {
-  const issues = validateHtmlFragment(
-    `<button data-summon-resource="choose" data-summon-resource-trigger="click">Bad</button>
-     <div data-summon-resource="missing"></div>
-     <form data-summon-resource="search" data-summon-resource-trigger="click" data-summon-on-click="choose">
-       <button data-summon-attr-disabled="$search.loading">Go</button>
-       <p data-summon-show="$search.loading">Loading...</p>
-       <p data-summon-show="$search.error" data-summon-bind="$search.error"></p>
-       <ul data-summon-show="$search.data" data-summon-foreach="$search.data" data-summon-as="r"><template><li data-summon-bind="$r.title"></li></template></ul>
-     </form>
-     <div data-summon-resource="slow" data-summon-resource-trigger="mount"></div>
-     <a data-summon-attr-href="url">x</a>
-     <div data-summon-attr-src="avatar"></div>`,
-    {
-      mode: 'interactive',
-      capabilities: [
-        { name: 'choose', kind: 'action', triggers: ['click'] },
-        {
-          name: 'search',
-          kind: 'resource',
-          triggers: ['submit'],
-          stateKeys: { loading: 'searching', data: 'results', error: 'searchError' },
-        },
-        {
-          name: 'slow',
-          kind: 'resource',
-          triggers: ['mount'],
-          stateKeys: { loading: 'slowLoading' },
-        },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'bad-attr-binding-placement',
-    'intent-trigger-not-granted',
-    'mixed-resource-legacy-trigger',
-    'non-resource-capability',
-    'resource-state-keys-incomplete',
-    'resource-trigger-without-resource',
-    'unknown-resource',
-    'unsafe-attr-binding',
-  ]);
-});
-
-test('rejects declarative attributes for unknown or non-matching trigger grants', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="search">Search</button><div data-summon-on-mount="choose"></div><div data-summon-on-mount="missing"></div>',
-    {
-      mode: 'interactive',
-      capabilities: [
-        { name: 'choose', triggers: ['click'] },
-        { name: 'search', triggers: ['submit', 'mount'] },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'intent-trigger-not-granted',
-    'intent-trigger-not-granted',
-    'unknown-intent',
-  ]);
-});
-
-test('accepts registered component placeholders', () => {
-  const issues = validateHtmlFragment(
-    `<section>
-      <div data-summon-component="MetricCard" data-summon-component-id="revenue-card" data-summon-props='{"label":"Revenue","value":"$284,120"}'></div>
-    </section>`,
-    {
-      mode: 'static',
-      surfacePlan: {
-        purpose: 'inform',
-        runtime: 'static',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      components: [
-        { name: 'MetricCard', surface: { data: 'embedded', authority: 'none' } },
-      ],
-    },
-  );
-  assert.deepEqual(issues, []);
-});
-
-test('rejects malformed component placeholders', () => {
-  const issues = validateHtmlFragment(
-    `<div data-summon-component="MetricCard" data-summon-component-id="duplicate" data-summon-props='{"label":"Revenue"}'>
-       <div data-summon-component="MetricCard" data-summon-component-id="nested" data-summon-props='{"label":"Nested"}'></div>
-     </div>
-     <div data-summon-component="MetricCard" data-summon-component-id="duplicate" data-summon-props='{"label":"Again"}'></div>
-     <div data-summon-component="Missing" data-summon-component-id="missing" data-summon-props='{}'></div>
-     <div data-summon-component="MetricCard" data-summon-props='{}'></div>
-     <div data-summon-component="MetricCard" data-summon-component-id="bad-props" data-summon-props="{bad}"></div>`,
-    {
-      mode: 'interactive',
-      components: [
-        { name: 'MetricCard', surface: { data: 'embedded', authority: 'none' } },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'component-id-duplicate',
-    'component-id-missing',
-    'component-props-invalid',
-    'nested-component',
-    'unknown-component',
-  ]);
-});
-
-test('rejects component islands that exceed the selected surface plan', () => {
-  const issues = validateHtmlFragment(
-    `<div data-summon-component="HostChart" data-summon-component-id="chart" data-summon-props='{"query":"launch"}'></div>`,
-    {
-      mode: 'static',
-      surfacePlan: {
-        purpose: 'inform',
-        runtime: 'static',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      components: [
-        { name: 'HostChart', surface: { data: 'host-resource', authority: 'read' } },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'surface-authority-exceeded',
-    'surface-data-exceeded',
-    'surface-runtime-exceeded',
-  ]);
-});
diff --git a/packages/engine/test/runtime-validator-fixtures.ts b/packages/engine/test/runtime-validator-fixtures.ts
index 5ffcdb4..aea232f 100644
--- a/packages/engine/test/runtime-validator-fixtures.ts
+++ b/packages/engine/test/runtime-validator-fixtures.ts
@@ -2,8 +2,8 @@ import type { ContractIssue } from '../src/index.ts';
 
 export const baseContext = {
   mode: 'static' as const,
-  allowedIntents: ['choose'],
-  capabilities: [{ name: 'choose', triggers: ['click' as const] }],
+  allowedTools: ['choose'],
+  tools: [{ name: 'choose', triggers: ['click' as const] }],
   definedTokens: new Set(['color-text', 'space-2', 'radius-pill']),
 };
 
diff --git a/packages/engine/test/runtime-validator-protocol.test.ts b/packages/engine/test/runtime-validator-protocol.test.ts
index 57f7a37..e1c306c 100644
--- a/packages/engine/test/runtime-validator-protocol.test.ts
+++ b/packages/engine/test/runtime-validator-protocol.test.ts
@@ -8,14 +8,6 @@ import {
 } from '../src/index.ts';
 import { baseContext, codes } from './runtime-validator-fixtures.ts';
 
-test('blocks invalid section paths', () => {
-  const issues = validateProtocolLine(
-    { op: 'add', path: '/section/Bad_Section', html: '<p>Hi</p>' },
-    baseContext,
-  );
-  assert.deepEqual(codes(issues), ['invalid-section-path']);
-});
-
 test('rejects malformed JSONL before validation', () => {
   assert.equal(parseProtocolLine('not-json'), null);
 });
@@ -27,70 +19,190 @@ test('strict protocol parser rejects oversized lines', () => {
   );
 });
 
-test('blocks malformed screen declarations', () => {
-  const issues = validateProtocolLine(
-    { op: 'set', path: '/screen', value: { sections: ['hero', 'hero'] } },
-    baseContext,
-  );
-  assert.deepEqual(codes(issues), ['duplicate-section-id']);
-});
-
-test('blocks malformed block declarations and paths', () => {
+test('blocks generated host-owned surface meta paths', () => {
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'set', path: '/section/hero', value: { blocks: ['headline', 'headline'] } },
+      { op: 'meta', path: '/surface-policy', value: { tier: 'static' } },
       baseContext,
     )),
-    ['duplicate-block-id'],
+    ['host-owned-meta'],
   );
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'set', path: '/section/hero', value: { blocks: [] } },
+      { op: 'meta', path: '/surface-plan', value: {} },
       baseContext,
     )),
-    ['invalid-block-count'],
+    ['host-owned-meta'],
   );
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'add', path: '/section/hero/block/Bad_Block', html: '<p>Hi</p>' },
+      { op: 'meta', path: '/surface-contract', value: {} },
       baseContext,
     )),
-    ['invalid-block-path'],
+    ['host-owned-meta'],
   );
 });
 
-test('blocks generated host-owned surface meta paths', () => {
+test('accepts valid Arrow artifacts', () => {
+  const issues = validateProtocolLine(
+    {
+      op: 'artifact',
+      path: '/artifact',
+      value: {
+        runtime: 'arrow',
+        source: {
+          'main.ts': 'import { html } from "@arrow-js/core";\nexport default html`<button>Save</button>`',
+          'main.css': 'button { color: var(--color-text); }',
+        },
+      },
+    },
+    {
+      ...baseContext,
+      surfacePlan: {
+        purpose: 'operate',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'host-action',
+        persistence: 'replayable',
+        network: 'none',
+      },
+    },
+  );
+  assert.deepEqual(issues, []);
+});
+
+test('blocks legacy data-summon binding attributes in Arrow artifacts', () => {
+  const issues = validateProtocolLine(
+    {
+      op: 'artifact',
+      path: '/artifact',
+      value: {
+        runtime: 'arrow',
+        source: {
+          'main.ts': [
+            'import { html } from "@arrow-js/core";',
+            'export default html`',
+            '<section data-summon-local="{&quot;open&quot;:false}">',
+            '<button data-summon-on-click="save" data-summon-bind="label">Save</button>',
+            '<p data-summon-show="saveError"></p>',
+            '<div data-summon-resource="search" data-summon-resource-trigger="submit"></div>',
+            '</section>`;',
+          ].join('\n'),
+        },
+      },
+    },
+    baseContext,
+  );
+  assert.deepEqual(codes(issues), ['unsupported-legacy-data-summon-binding']);
+  assert.match(issues[0]?.message ?? '', /data-summon-bind/);
+  assert.match(issues[0]?.message ?? '', /data-summon-local/);
+  assert.match(issues[0]?.message ?? '', /data-summon-on-click/);
+  assert.match(issues[0]?.message ?? '', /data-summon-resource/);
+  assert.match(issues[0]?.message ?? '', /data-summon-resource-trigger/);
+  assert.match(issues[0]?.message ?? '', /data-summon-show/);
+});
+
+test('allows trusted component placeholder attributes in Arrow artifacts', () => {
+  const issues = validateProtocolLine(
+    {
+      op: 'artifact',
+      path: '/artifact',
+      value: {
+        runtime: 'arrow',
+        source: {
+          'main.ts': [
+            'import { html } from "@arrow-js/core";',
+            'export default html`',
+            '<div data-summon-component="MetricCard" data-summon-component-id="metric-1" data-summon-props="{&quot;label&quot;:&quot;Revenue&quot;}"></div>',
+            '`;',
+          ].join('\n'),
+        },
+      },
+    },
+    baseContext,
+  );
+  assert.deepEqual(issues, []);
+});
+
+test('parser rejects legacy section protocol ops', () => {
+  assert.throws(
+    () => parseProtocolLineStrict(JSON.stringify({ op: 'set', path: '/screen', value: { sections: ['hero'] } })),
+    (err) => err instanceof ProtocolParseError && err.code === 'invalid-op',
+  );
+  assert.throws(
+    () => parseProtocolLineStrict(JSON.stringify({ op: 'add', path: '/section/hero', html: '<p>Hi</p>' })),
+    (err) => err instanceof ProtocolParseError && err.code === 'invalid-op',
+  );
+});
+
+test('blocks malformed Arrow artifacts and ungranted restricted fetch', () => {
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'meta', path: '/surface-policy', value: { tier: 'static' } },
+      {
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'export default html`<div>A</div>`',
+            'main.js': 'export default html`<div>B</div>`',
+          },
+        },
+      },
       baseContext,
     )),
-    ['host-owned-meta'],
+    ['invalid-arrow-entry'],
   );
+
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'meta', path: '/surface-plan', value: {} },
+      {
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          network: 'restricted-fetch',
+          source: {
+            'main.ts': 'export default html`<div>Weather</div>`',
+          },
+        },
+      },
       baseContext,
     )),
-    ['host-owned-meta'],
+    ['arrow-network-not-granted'],
   );
+
   assert.deepEqual(
     codes(validateProtocolLine(
-      { op: 'meta', path: '/surface-contract', value: {} },
+      {
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'import { html } from "@arrow-js/core"; export default html`<input .value="${() => "nope"}" />`',
+          },
+        },
+      },
       baseContext,
     )),
-    ['host-owned-meta'],
+    ['unsupported-arrow-idl-binding'],
   );
-});
 
-test('allows safe static markup', () => {
-  const issues = validateProtocolLine(
-    {
-      op: 'add',
-      path: '/section/hero',
-      html: '<p style="color:var(--color-text);margin:var(--space-2);">Hi</p>',
-    },
-    baseContext,
+  assert.deepEqual(
+    codes(validateProtocolLine(
+      {
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'import { html } from "@arrow-js/core"; export default html`<button ${() => "disabled"}>Save</button>`',
+          },
+        },
+      },
+      baseContext,
+    )),
+    ['unsupported-arrow-open-tag-expression'],
   );
-  assert.deepEqual(issues, []);
 });
diff --git a/packages/engine/test/runtime-validator-safety.test.ts b/packages/engine/test/runtime-validator-safety.test.ts
deleted file mode 100644
index e614180..0000000
--- a/packages/engine/test/runtime-validator-safety.test.ts
+++ /dev/null
@@ -1,114 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { validateHtmlFragment } from '../src/index.ts';
-import {
-  baseContext,
-  codes,
-} from './runtime-validator-fixtures.ts';
-
-test('blocks static scripts and inline handlers', () => {
-  const issues = validateHtmlFragment(
-    '<button onclick="go()"><script>console.log(1)</script>Go</button>',
-    baseContext,
-  );
-  assert.deepEqual(codes(issues), ['inline-handler', 'static-script']);
-});
-
-test('blocks interactive scripts when script policy is declarative-only', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="choose">Pick</button><script>sandbox.emit("choose", {"option":"A"})</script>',
-    {
-      mode: 'interactive',
-      scriptPolicy: 'forbid',
-      capabilities: [{ name: 'choose', triggers: ['click'] }],
-    },
-  );
-  assert.deepEqual(codes(issues), ['script-not-granted']);
-});
-
-test('blocks interactive scripts by default without a scripted surface plan', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="choose">Pick</button><script>sandbox.emit("choose", {"option":"A"})</script>',
-    {
-      mode: 'interactive',
-      capabilities: [{ name: 'choose', triggers: ['click'] }],
-    },
-  );
-  assert.deepEqual(codes(issues), ['script-not-granted']);
-});
-
-test('rejects legacy scripted surface plan with allow policy', () => {
-  const issues = validateHtmlFragment(
-    '<button>Pick</button><script>sandbox.emit("choose", {"option":"A"})</script>',
-    {
-      mode: 'interactive',
-      scriptPolicy: 'allow',
-      surfacePlan: {
-        purpose: 'explore',
-        runtime: 'scripted',
-        data: 'embedded',
-        authority: 'host-action',
-        persistence: 'replayable',
-      } as never,
-      capabilities: [{ name: 'choose', kind: 'action', triggers: ['click'] }],
-    },
-  );
-  assert.deepEqual(codes(issues), ['script-not-granted', 'surface-script-policy-removed']);
-});
-
-test('blocks external assets and unsafe tags', () => {
-  const issues = validateHtmlFragment(
-    '<iframe srcdoc=""></iframe><img src="https://example.com/a.png"><div style="background:url(/x.png)"></div>',
-    baseContext,
-  );
-  assert.deepEqual(codes(issues), [
-    'external-url',
-    'external-url',
-    'unsafe-attribute',
-    'unsafe-tag',
-    'unsafe-tag',
-  ]);
-});
-
-test('blocks unknown declarative and script intents', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="delete_all">Delete</button><script>sandbox.emit("summon", {})</script>',
-    {
-      ...baseContext,
-      mode: 'interactive',
-      scriptPolicy: 'allow',
-      surfacePlan: {
-        purpose: 'explore',
-        runtime: 'scripted',
-        data: 'embedded',
-        authority: 'host-action',
-        persistence: 'replayable',
-      } as never,
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'script-not-granted',
-    'surface-script-policy-removed',
-    'unknown-intent',
-    'unknown-intent',
-  ]);
-});
-
-test('rejects sandbox.emit even when the intent name is granted', () => {
-  const issues = validateHtmlFragment(
-    '<script>sandbox.emit("search", { query: "boots" })</script>',
-    {
-      mode: 'interactive',
-      scriptPolicy: 'allow',
-      surfacePlan: {
-        purpose: 'explore',
-        runtime: 'scripted',
-        data: 'embedded',
-        authority: 'host-action',
-        persistence: 'replayable',
-      } as never,
-      capabilities: [{ name: 'search', triggers: ['mount'] }],
-    },
-  );
-  assert.deepEqual(codes(issues), ['script-not-granted', 'surface-script-policy-removed']);
-});
diff --git a/packages/engine/test/runtime-validator-surface-style.test.ts b/packages/engine/test/runtime-validator-surface-style.test.ts
deleted file mode 100644
index 7029a0f..0000000
--- a/packages/engine/test/runtime-validator-surface-style.test.ts
+++ /dev/null
@@ -1,115 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { validateHtmlFragment } from '../src/index.ts';
-import { baseContext, codes } from './runtime-validator-fixtures.ts';
-
-test('surface plan blocks scripts and capabilities that exceed declarative static scope', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="choose">Pick</button><script>sandbox.emit("choose", {})</script>',
-    {
-      mode: 'interactive',
-      scriptPolicy: 'forbid',
-      surfacePlan: {
-        purpose: 'inform',
-        runtime: 'declarative',
-        data: 'embedded',
-        authority: 'none',
-        persistence: 'replayable',
-      },
-      capabilities: [{ name: 'choose', kind: 'action', triggers: ['click'] }],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'script-not-granted',
-    'surface-authority-exceeded',
-  ]);
-});
-
-test('surface plan blocks approval-gated capability usage without approval authority', () => {
-  const issues = validateHtmlFragment(
-    '<button data-summon-on-click="approve_price">Approve</button>',
-    {
-      mode: 'interactive',
-      surfacePlan: {
-        purpose: 'operate',
-        runtime: 'declarative',
-        data: 'embedded',
-        authority: 'host-action',
-        persistence: 'replayable',
-      },
-      capabilities: [
-        {
-          name: 'approve_price',
-          kind: 'action',
-          triggers: ['click'],
-          surface: { authority: 'approval-gated' },
-        },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), ['surface-authority-exceeded']);
-});
-
-test('surface plan requires worker-backed capabilities for worker runtime', () => {
-  const issues = validateHtmlFragment(
-    '<div data-summon-resource="analysis" data-summon-resource-trigger="mount"><p data-summon-show="$analysis.loading">Loading</p><p data-summon-show="$analysis.error" data-summon-bind="$analysis.error"></p><p data-summon-show="$analysis.data" data-summon-bind="$analysis.data"></p></div>',
-    {
-      mode: 'interactive',
-      surfacePlan: {
-        purpose: 'explore',
-        runtime: 'worker',
-        data: 'worker',
-        authority: 'read',
-        persistence: 'replayable',
-      },
-      capabilities: [
-        {
-          name: 'analysis',
-          kind: 'resource',
-          triggers: ['mount'],
-          stateKeys: { loading: 'loading', data: 'analysis', error: 'error' },
-          surface: { data: 'host-resource', authority: 'read' },
-        },
-      ],
-    },
-  );
-  assert.deepEqual(codes(issues), [
-    'surface-data-exceeded',
-    'surface-runtime-exceeded',
-  ]);
-});
-
-test('warns for style drift without blocking', () => {
-  const issues = validateHtmlFragment(
-    '<div style="color:#ff00ff;margin:13px;border-radius:var(--radius-card);">Hi</div>',
-    baseContext,
-  );
-  assert.equal(issues.some((issue) => issue.severity === 'block'), false);
-  assert.deepEqual(codes(issues), ['raw-color', 'raw-px', 'unknown-token']);
-});
-
-test('enforces centralized validation limits', () => {
-  const htmlLimit = validateHtmlFragment('<p>too large</p>', {
-    ...baseContext,
-    limits: { maxSectionHtmlBytes: 4 },
-  });
-  assert.deepEqual(codes(htmlLimit), ['section-html-limit']);
-
-  const depthLimit = validateHtmlFragment('<div><div><div>deep</div></div></div>', {
-    ...baseContext,
-    limits: { maxDomDepth: 2 },
-  });
-  assert.deepEqual(codes(depthLimit), ['dom-depth-limit']);
-
-  const nodeLimit = validateHtmlFragment('<p>a</p><p>b</p><p>c</p>', {
-    ...baseContext,
-    limits: { maxDomNodes: 2 },
-  });
-  assert.deepEqual(codes(nodeLimit), ['dom-node-limit']);
-
-  const cssLimit = validateHtmlFragment('<style>.x{color:red}</style>', {
-    ...baseContext,
-    limits: { maxCssBytes: 4 },
-  });
-  assert.deepEqual(codes(cssLimit), ['css-size-limit']);
-});
diff --git a/packages/engine/test/section-accumulator.test.ts b/packages/engine/test/section-accumulator.test.ts
deleted file mode 100644
index 96123e8..0000000
--- a/packages/engine/test/section-accumulator.test.ts
+++ /dev/null
@@ -1,238 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import { SectionAccumulator } from '../src/index.ts';
-
-test('snapshots, hydrates, and reports detailed section changes', () => {
-  const acc = new SectionAccumulator();
-  assert.deepEqual(
-    acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['hero', 'details'] } }),
-    { changed: true, kind: 'screen', orderChanged: true },
-  );
-  assert.equal(acc.apply({ op: 'add', path: '/section/hero', html: '<p>Hero</p>' }), true);
-  assert.equal(acc.apply({ op: 'add', path: '/section/details', html: '<p>Details</p>' }), true);
-
-  const snapshot = acc.snapshot();
-  assert.deepEqual(snapshot, {
-    sections: [
-      { id: 'hero', html: '<p>Hero</p>' },
-      { id: 'details', html: '<p>Details</p>' },
-    ],
-  });
-
-  const restored = SectionAccumulator.fromSnapshot(snapshot);
-  const replacement = restored.applyDetailed({
-    op: 'add',
-    path: '/section/details',
-    html: '<p>Updated</p>',
-  });
-  assert.equal(replacement.changed, true);
-  assert.equal(replacement.kind, 'section');
-  assert.equal(replacement.sectionId, 'details');
-  assert.equal(replacement.htmlChanged, true);
-  assert.equal(replacement.orderChanged, false);
-  assert.match(restored.compose(), /Updated/);
-});
-
-test('repeated section add replaces existing html without changing order', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['hero'] } });
-
-  const placeholder = acc.applyDetailed({
-    op: 'add',
-    path: '/section/hero',
-    html: '<div aria-busy="true">Drafting...</div>',
-  });
-  assert.deepEqual(placeholder, {
-    changed: true,
-    kind: 'section',
-    sectionId: 'hero',
-    orderChanged: false,
-    htmlChanged: true,
-  });
-
-  const final = acc.applyDetailed({
-    op: 'add',
-    path: '/section/hero',
-    html: '<article><h1>Final answer</h1></article>',
-  });
-  assert.deepEqual(final, {
-    changed: true,
-    kind: 'section',
-    sectionId: 'hero',
-    orderChanged: false,
-    htmlChanged: true,
-  });
-  assert.doesNotMatch(acc.compose(), /Drafting/);
-  assert.match(acc.compose(), /Final answer/);
-  assert.deepEqual(acc.snapshot().sections.map((section) => section.id), ['hero']);
-});
-
-test('block fragments compose inside stable section wrappers', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['summary'] } });
-  assert.deepEqual(
-    acc.applyDetailed({ op: 'set', path: '/section/summary', value: { blocks: ['headline', 'metrics'] } }),
-    { changed: true, kind: 'section', sectionId: 'summary', orderChanged: true },
-  );
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/summary/block/headline',
-    html: '<h1>Closeout</h1>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/summary/block/metrics',
-    html: '<p>42 orders</p>',
-  });
-
-  assert.equal(acc.compose(), [
-    '<section data-summon-section="summary">',
-    '<div data-summon-block="headline">',
-    '<h1>Closeout</h1>',
-    '</div>',
-    '<div data-summon-block="metrics">',
-    '<p>42 orders</p>',
-    '</div>',
-    '</section>',
-  ].join('\n'));
-});
-
-test('block replacement updates one block and whole-section add clears block state', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['summary'] } });
-  acc.applyDetailed({ op: 'set', path: '/section/summary', value: { blocks: ['a', 'b'] } });
-  acc.applyDetailed({ op: 'add', path: '/section/summary/block/a', html: '<p>A</p>' });
-  acc.applyDetailed({ op: 'add', path: '/section/summary/block/b', html: '<p>Draft</p>' });
-
-  const replacement = acc.applyDetailed({
-    op: 'add',
-    path: '/section/summary/block/b',
-    html: '<p>Final</p>',
-  });
-  assert.equal(replacement.changed, true);
-  assert.equal(replacement.blockId, 'b');
-  assert.match(acc.compose(), /<p>A<\/p>/);
-  assert.match(acc.compose(), /<p>Final<\/p>/);
-  assert.doesNotMatch(acc.compose(), /Draft/);
-
-  acc.applyDetailed({ op: 'add', path: '/section/summary', html: '<article>Opaque</article>' });
-  assert.equal(
-    acc.compose(),
-    '<section data-summon-section="summary">\n<article>Opaque</article>\n</section>',
-  );
-});
-
-test('html node patches compose into nested section HTML', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['main'] } });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/root',
-    html: '<div data-summon-node="root" class="dashboard"></div>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/headline',
-    parent: 'root',
-    html: '<header data-summon-node="headline"><h1>Closeout</h1></header>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/metric',
-    parent: 'root',
-    html: '<article data-summon-node="metric"><strong>42</strong></article>',
-  });
-
-  assert.equal(acc.compose(), [
-    '<section data-summon-section="main">',
-    '<div data-summon-node="root" class="dashboard">',
-    '<header data-summon-node="headline"><h1>Closeout</h1></header>',
-    '<article data-summon-node="metric"><strong>42</strong></article>',
-    '</div>',
-    '</section>',
-  ].join('\n'));
-});
-
-test('html node patches compose children into explicit node slots', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['main'] } });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/root',
-    html: '<div data-summon-node="root"></div>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/card',
-    parent: 'root',
-    html: '<article data-summon-node="card"><h2>Sales</h2><div class="card-body" data-summon-node-children><div data-summon-skeleton></div><div data-summon-skeleton><span>Loading</span></div></div></article>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/card-value',
-    parent: 'card',
-    html: '<p data-summon-node="card-value">$1,240</p>',
-  });
-
-  assert.equal(acc.compose(), [
-    '<section data-summon-section="main">',
-    '<div data-summon-node="root">',
-    '<article data-summon-node="card"><h2>Sales</h2><div class="card-body" data-summon-node-children>',
-    '<p data-summon-node="card-value">$1,240</p>',
-    '</div></article>',
-    '</div>',
-    '</section>',
-  ].join('\n'));
-  assert.doesNotMatch(acc.compose(), /data-summon-skeleton/);
-});
-
-test('html node replacement updates only that node in composed HTML', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['main'] } });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/root',
-    html: '<div data-summon-node="root"></div>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/a',
-    parent: 'root',
-    html: '<p data-summon-node="a">A</p>',
-  });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/b',
-    parent: 'root',
-    html: '<p data-summon-node="b">Draft</p>',
-  });
-
-  const replacement = acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/b',
-    parent: 'root',
-    html: '<p data-summon-node="b">Final</p>',
-  });
-  assert.equal(replacement.changed, true);
-  assert.equal(replacement.nodeId, 'b');
-  assert.equal(replacement.nodePatch?.parentId, 'root');
-  assert.match(acc.compose(), /data-summon-node="a">A/);
-  assert.match(acc.compose(), /data-summon-node="b">Final/);
-  assert.doesNotMatch(acc.compose(), /Draft/);
-});
-
-test('whole-section add clears html node state', () => {
-  const acc = new SectionAccumulator();
-  acc.applyDetailed({ op: 'set', path: '/screen', value: { sections: ['main'] } });
-  acc.applyDetailed({
-    op: 'add',
-    path: '/section/main/node/root',
-    html: '<div data-summon-node="root"></div>',
-  });
-
-  acc.applyDetailed({ op: 'add', path: '/section/main', html: '<article>Opaque</article>' });
-  assert.equal(
-    acc.compose(),
-    '<section data-summon-section="main">\n<article>Opaque</article>\n</section>',
-  );
-});
diff --git a/packages/engine/test/stream-graph.test.ts b/packages/engine/test/stream-graph.test.ts
index ca4f442..1811c7a 100644
--- a/packages/engine/test/stream-graph.test.ts
+++ b/packages/engine/test/stream-graph.test.ts
@@ -1,121 +1,64 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
-  compileSystemContracts,
   StreamGraph,
   type ContractIssue,
-  type RepairFeedbackMetaValue,
-  type SummonLayout,
 } from '../src/index.ts';
 
-test('screen declaration creates ordered edges and missing declared nodes', () => {
+const artifact = {
+  runtime: 'arrow',
+  source: {
+    'main.ts': 'export default html`<p>Hello</p>`',
+  },
+};
+
+test('artifact lines create ordered Arrow revisions', () => {
   const graph = new StreamGraph();
-  graph.applyLine({ op: 'set', path: '/screen', value: { sections: ['hero', 'details'] } });
+  graph.applyLine({ op: 'artifact', path: '/artifact', value: artifact });
+  graph.applyLine({
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': 'export default html`<p>Updated</p>`',
+        'main.css': 'p { color: var(--color-text); }',
+      },
+    },
+  });
 
   const snap = graph.snapshot();
-  assert.deepEqual(snap.edges, [
-    { from: 'screen', to: 'hero', order: 0 },
-    { from: 'screen', to: 'details', order: 1 },
-  ]);
+  assert.equal(snap.artifacts.length, 2);
   assert.deepEqual(
-    snap.sections.map(({ id, declared, present, revision, bytes }) => ({
-      id,
-      declared,
-      present,
+    snap.artifacts.map(({ revision, runtime, firstSeenLine, lastUpdatedLine }) => ({
       revision,
-      bytes,
+      runtime,
+      firstSeenLine,
+      lastUpdatedLine,
     })),
     [
-      { id: 'hero', declared: true, present: false, revision: 0, bytes: 0 },
-      { id: 'details', declared: true, present: false, revision: 0, bytes: 0 },
+      { revision: 1, runtime: 'arrow', firstSeenLine: 1, lastUpdatedLine: 1 },
+      { revision: 2, runtime: 'arrow', firstSeenLine: 1, lastUpdatedLine: 2 },
     ],
   );
-  assert.deepEqual(snap.health.missingDeclared, ['hero', 'details']);
-  assert.equal(snap.health.complete, false);
-});
-
-test('section adds mark nodes present and increment revisions on replacement', () => {
-  const graph = new StreamGraph();
-  graph.applyLine({ op: 'set', path: '/screen', value: { sections: ['hero'] } });
-  graph.applyLine({ op: 'add', path: '/section/hero', html: '<p>Hero</p>' });
-  graph.applyLine({ op: 'add', path: '/section/hero', html: '<p>Updated</p>' });
-
-  const hero = graph.snapshot().sections[0]!;
-  assert.equal(hero.present, true);
-  assert.equal(hero.revision, 2);
-  assert.equal(hero.bytes, '<p>Updated</p>'.length);
-  assert.equal(hero.firstDeclaredLine, 1);
-  assert.equal(hero.firstSeenLine, 2);
-  assert.equal(hero.lastUpdatedLine, 3);
-  assert.deepEqual(graph.snapshot().health.missingDeclared, []);
-});
-
-test('block fragments add optional diagnostics under section nodes', () => {
-  const graph = new StreamGraph();
-  graph.applyLine({ op: 'set', path: '/screen', value: { sections: ['summary'] } });
-  graph.applyLine({ op: 'set', path: '/section/summary', value: { blocks: ['headline', 'metrics'] } });
-  graph.applyLine({ op: 'add', path: '/section/summary/block/headline', html: '<h1>Ready</h1>' });
-
-  const summary = graph.snapshot().sections[0]!;
-  assert.equal(summary.present, true);
-  assert.equal(summary.revision, 1);
-  assert.equal(summary.declaredBlockCount, 2);
-  assert.equal(summary.presentBlockCount, 1);
-  assert.deepEqual(
-    summary.blocks?.map(({ id, declared, present, revision }) => ({ id, declared, present, revision })),
-    [
-      { id: 'headline', declared: true, present: true, revision: 1 },
-      { id: 'metrics', declared: true, present: false, revision: 0 },
-    ],
-  );
-});
-
-test('block path issues attach to parent section and block diagnostics', () => {
-  const graph = new StreamGraph();
-  const issue: ContractIssue = {
-    source: 'protocol',
-    severity: 'warn',
-    code: 'undeclared-block',
-    message: 'Block was not declared',
-    path: '/section/summary/block/metrics',
-  };
-
-  graph.recordIssue(issue);
-
-  const summary = graph.snapshot().sections[0]!;
-  assert.equal(summary.id, 'summary');
-  assert.equal(summary.lastIssue?.code, 'undeclared-block');
-  assert.equal(summary.lastBlockIssue?.code, 'undeclared-block');
-  assert.equal(summary.blocks?.[0]?.id, 'metrics');
-  assert.equal(summary.blocks?.[0]?.lastIssue?.code, 'undeclared-block');
-});
-
-test('add-before-screen records undeclared present state', () => {
-  const graph = new StreamGraph();
-  graph.applyLine({ op: 'add', path: '/section/hero', html: '<p>Hero</p>' });
-
-  const snap = graph.snapshot();
-  assert.deepEqual(snap.health.undeclaredPresent, ['hero']);
-  assert.equal(snap.health.complete, false);
-  assert.equal(snap.sections[0]?.declared, false);
-  assert.equal(snap.sections[0]?.present, true);
+  assert.equal(snap.health.complete, true);
 });
 
 test('contract issues update skipped and blocked health counters', () => {
   const graph = new StreamGraph();
+  graph.applyLine({ op: 'artifact', path: '/artifact', value: artifact });
   const skipped: ContractIssue = {
     source: 'protocol',
     severity: 'warn',
-    code: 'undeclared-section',
-    message: 'Section was not declared',
-    path: '/section/details',
+    code: 'protocol-skip',
+    message: 'Protocol line skipped',
   };
   const blocked: ContractIssue = {
-    source: 'html',
+    source: 'protocol',
     severity: 'block',
-    code: 'external-url',
-    message: 'External URL is not allowed',
-    path: '/section/details',
+    code: 'invalid-arrow-artifact',
+    message: 'Artifact line value must be an Arrow artifact object',
+    path: '/artifact',
   };
 
   graph.recordIssue(skipped);
@@ -124,8 +67,8 @@ test('contract issues update skipped and blocked health counters', () => {
   const snap = graph.snapshot();
   assert.equal(snap.health.skippedCount, 1);
   assert.equal(snap.health.blockedCount, 1);
-  assert.equal(snap.sections[0]?.id, 'details');
-  assert.equal(snap.sections[0]?.lastIssue?.code, 'external-url');
+  assert.equal(snap.health.complete, false);
+  assert.equal(snap.artifacts[0]?.lastIssue?.code, 'invalid-arrow-artifact');
 });
 
 test('validation summary merges aggregate graph health', () => {
@@ -136,76 +79,17 @@ test('validation summary merges aggregate graph health', () => {
     value: {
       blocked: 2,
       warnings: 3,
-      codes: {
-        'undeclared-section': 2,
-        'token-contract-warning': 1,
-        'external-url': 2,
-      },
     },
   });
 
   const snap = graph.snapshot();
-  assert.equal(snap.health.skippedCount, 2);
+  assert.equal(snap.health.skippedCount, 3);
   assert.equal(snap.health.blockedCount, 2);
 });
 
-test('repair feedback updates repaired and blocked status', () => {
-  const graph = new StreamGraph();
-  const issue: ContractIssue = {
-    source: 'html',
-    severity: 'block',
-    code: 'unsafe-tag',
-    message: 'Unsafe tag',
-    path: '/section/hero',
-  };
-  const blocked: RepairFeedbackMetaValue = {
-    schemaId: 'summon.repair-feedback.v2',
-    status: 'blocked',
-    target: '/section/hero',
-    issues: [issue],
-    retryable: true,
-    hints: ['Repair it.'],
-  };
-  const repaired: RepairFeedbackMetaValue = {
-    ...blocked,
-    status: 'repaired',
-    retryable: false,
-  };
-
-  graph.recordRepairFeedback(blocked);
-  graph.recordRepairFeedback(repaired);
-
-  const snap = graph.snapshot();
-  assert.equal(snap.health.blockedCount, 1);
-  assert.equal(snap.health.repairedCount, 1);
-  assert.equal(snap.sections[0]?.lastIssue?.code, 'unsafe-tag');
-});
-
-test('startup layout lines seed graph state', () => {
-  const layout: SummonLayout = {
-    id: 'two-slot',
-    slots: [
-      { id: 'summary', purpose: 'main answer' },
-      { id: 'details', purpose: 'supporting detail' },
-    ],
-  };
-  const contracts = compileSystemContracts({
-    mode: 'static',
-    layout,
-  });
-  const graph = new StreamGraph();
-  for (const line of contracts.startupLines) graph.applyLine(line);
-
-  assert.deepEqual(graph.snapshot().edges, [
-    { from: 'screen', to: 'summary', order: 0 },
-    { from: 'screen', to: 'details', order: 1 },
-  ]);
-});
-
 test('snapshots, hydrates, and resets deterministically', () => {
   const graph = new StreamGraph();
-  graph.applyLine({ op: 'set', path: '/screen', value: { sections: ['hero'] } });
-  graph.applyLine({ op: 'add', path: '/section/hero', html: '<p>Hero</p>' });
+  graph.applyLine({ op: 'artifact', path: '/artifact', value: artifact });
   graph.applyLine({
     op: 'meta',
     path: '/protocol-skip',
@@ -222,15 +106,11 @@ test('snapshots, hydrates, and resets deterministically', () => {
 
   restored.reset();
   assert.deepEqual(restored.snapshot(), {
-    sections: [],
-    edges: [],
+    artifacts: [],
     health: {
       complete: true,
-      missingDeclared: [],
-      undeclaredPresent: [],
       skippedCount: 0,
       blockedCount: 0,
-      repairedCount: 0,
     },
   });
 });
diff --git a/packages/engine/test/surface-contract.test.ts b/packages/engine/test/surface-contract.test.ts
index 0639317..0b5f923 100644
--- a/packages/engine/test/surface-contract.test.ts
+++ b/packages/engine/test/surface-contract.test.ts
@@ -4,12 +4,12 @@ import {
   compileSurfaceContractView,
   compileSurfacePolicy,
   surfaceContractViewFromCompiledPolicy,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
 } from '../src/index.ts';
 
-const capabilities: CapabilityPack = {
-  intents: [
+const tools: ToolPack = {
+  tools: [
     {
       name: 'search',
       description: 'Search host records.',
@@ -70,18 +70,17 @@ const components: ComponentPack = {
   ],
 };
 
-test('static policy contract view has no tools/components and static runtime', () => {
+test('static policy contract view has no tools/components and Arrow runtime', () => {
   const view = compileSurfaceContractView({ tier: 'static', purpose: 'inform' }, {
-    capabilities,
+    tools,
     components,
   });
 
   assert.deepEqual(view.tools, []);
   assert.deepEqual(view.components, []);
   assert.equal(view.surface.policy.tier, 'static');
-  assert.equal(view.surface.plan.runtime, 'static');
+  assert.equal(view.surface.plan.runtime, 'arrow');
   assert.equal(view.surface.mode, 'static');
-  assert.equal(view.surface.scriptPolicy, 'forbid');
   assert.deepEqual(view.issues, []);
 });
 
@@ -90,7 +89,7 @@ test('declarative search policy includes only selected resource state keys', ()
     tier: 'declarative',
     purpose: 'explore',
     grants: ['search'],
-  }, { capabilities });
+  }, { tools });
 
   assert.deepEqual(view.tools.map((tool) => tool.name), ['search']);
   assert.deepEqual(view.tools[0], {
@@ -110,7 +109,7 @@ test('declarative search policy includes only selected resource state keys', ()
     defaultDataShape: '[]',
     surface: { data: 'host-resource', authority: 'read' },
   });
-  assert.equal(view.surface.plan.runtime, 'declarative');
+  assert.equal(view.surface.plan.runtime, 'arrow');
   assert.equal(view.surface.plan.data, 'host-resource');
   assert.equal(view.surface.plan.authority, 'read');
 });
@@ -138,7 +137,7 @@ test('invalid grants/components preserve compile issues in derived view', () =>
     tier: 'declarative',
     grants: ['missing', 'analysis'],
     components: ['MissingComponent', 'WorkerChart'],
-  }, { capabilities, components });
+  }, { tools, components });
   const view = surfaceContractViewFromCompiledPolicy(compiled, {
     id: 'host-layout',
     slots: [{ id: 'hero', purpose: 'Main result' }],
diff --git a/packages/engine/test/surface-policy.test.ts b/packages/engine/test/surface-policy.test.ts
index 2fbee6d..0c87d63 100644
--- a/packages/engine/test/surface-policy.test.ts
+++ b/packages/engine/test/surface-policy.test.ts
@@ -3,12 +3,12 @@ import test from 'node:test';
 import {
   compileSurfacePolicy,
   normalizeSurfacePolicy,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
 } from '../src/index.ts';
 
-const capabilities: CapabilityPack = {
-  intents: [
+const tools: ToolPack = {
+  tools: [
     {
       name: 'search',
       description: 'Search host data',
@@ -51,8 +51,8 @@ const capabilities: CapabilityPack = {
     },
   ],
   patterns: [
-    { name: 'Search', code: '<form data-summon-resource="search"></form>', intent: 'search' },
-    { name: 'Choose', code: '<button data-summon-on-click="choose"></button>', intent: 'choose' },
+    { name: 'Search', code: 'import { callTool } from "host-bridge:summon";\nconst search = (query: string) => callTool("search", { query });', tool: 'search' },
+    { name: 'Choose', code: 'import { callTool } from "host-bridge:summon";\nconst choose = () => callTool("choose", {});', tool: 'choose' },
   ],
 };
 
@@ -89,20 +89,20 @@ test('normalizes defaults and dedupes policy names', () => {
 
 test('compiles static policy to static embedded plan with no packs', () => {
   const compiled = compileSurfacePolicy({ tier: 'static', purpose: 'compare' }, {
-    capabilities,
+    tools,
     components,
   });
   assert.deepEqual(compiled.issues, []);
   assert.equal(compiled.mode, 'static');
-  assert.equal(compiled.scriptPolicy, 'forbid');
-  assert.equal(compiled.capabilities, null);
+  assert.equal(compiled.tools, null);
   assert.equal(compiled.components, null);
   assert.deepEqual(compiled.surfacePlan, {
     purpose: 'compare',
-    runtime: 'static',
+    runtime: 'arrow',
     data: 'embedded',
     authority: 'none',
     persistence: 'replayable',
+    network: 'none',
   });
 });
 
@@ -112,19 +112,19 @@ test('compiles declarative policy and narrows grants, components, and patterns',
     purpose: 'explore',
     grants: ['search', 'choose'],
     components: ['MetricCard'],
-  }, { capabilities, components });
+  }, { tools, components });
   assert.deepEqual(compiled.issues, []);
   assert.equal(compiled.mode, 'interactive');
-  assert.equal(compiled.scriptPolicy, 'forbid');
-  assert.deepEqual(compiled.capabilities?.intents.map((intent) => intent.name), ['search', 'choose']);
-  assert.deepEqual(compiled.capabilities?.patterns?.map((pattern) => pattern.intent), ['search', 'choose']);
+  assert.deepEqual(compiled.tools?.tools.map((tool) => tool.name), ['search', 'choose']);
+  assert.deepEqual(compiled.tools?.patterns?.map((pattern) => pattern.tool), ['search', 'choose']);
   assert.deepEqual(compiled.components?.components.map((component) => component.name), ['MetricCard']);
   assert.deepEqual(compiled.surfacePlan, {
     purpose: 'explore',
-    runtime: 'declarative',
+    runtime: 'arrow',
     data: 'host-resource',
     authority: 'host-action',
     persistence: 'replayable',
+    network: 'none',
   });
 });
 
@@ -132,11 +132,10 @@ test('rejects removed scripted policy tier', () => {
   const compiled = compileSurfacePolicy({
     tier: 'scripted',
     grants: ['choose'],
-  } as never, { capabilities });
+  } as never, { tools });
   assert.deepEqual(compiled.issues.map((issue) => issue.code), ['surface-policy-invalid']);
   assert.equal(compiled.mode, 'static');
-  assert.equal(compiled.scriptPolicy, 'forbid');
-  assert.equal(compiled.surfacePlan.runtime, 'static');
+  assert.equal(compiled.surfacePlan.runtime, 'arrow');
 });
 
 test('compiles worker policy and requires worker-backed surface area', () => {
@@ -144,17 +143,18 @@ test('compiles worker policy and requires worker-backed surface area', () => {
     tier: 'worker',
     purpose: 'review',
     grants: ['analysis', 'compute'],
-  }, { capabilities });
+  }, { tools });
   assert.deepEqual(compiled.issues, []);
   assert.deepEqual(compiled.surfacePlan, {
     purpose: 'review',
-    runtime: 'worker',
+    runtime: 'arrow',
     data: 'worker',
     authority: 'host-action',
     persistence: 'replayable',
+    network: 'none',
   });
 
-  const missing = compileSurfacePolicy({ tier: 'worker' }, { capabilities });
+  const missing = compileSurfacePolicy({ tier: 'worker' }, { tools });
   assert.deepEqual(missing.issues.map((issue) => issue.code), ['surface-policy-tier-requirement']);
 });
 
@@ -163,18 +163,18 @@ test('compiles approval policy and requires approval-gated grant', () => {
     tier: 'approval',
     purpose: 'operate',
     grants: ['publish'],
-  }, { capabilities });
+  }, { tools });
   assert.deepEqual(compiled.issues, []);
-  assert.equal(compiled.scriptPolicy, 'forbid');
   assert.deepEqual(compiled.surfacePlan, {
     purpose: 'operate',
-    runtime: 'declarative',
+    runtime: 'arrow',
     data: 'embedded',
     authority: 'approval-gated',
     persistence: 'replayable',
+    network: 'none',
   });
 
-  const missing = compileSurfacePolicy({ tier: 'approval', grants: ['choose'] }, { capabilities });
+  const missing = compileSurfacePolicy({ tier: 'approval', grants: ['choose'] }, { tools });
   assert.deepEqual(missing.issues.map((issue) => issue.code), [
     'surface-policy-tier-exceeded',
     'surface-policy-tier-requirement',
@@ -186,7 +186,7 @@ test('blocks unknown names and tier-exceeded grants/components', () => {
     tier: 'declarative',
     grants: ['missing', 'analysis', 'publish'],
     components: ['MissingComponent', 'WorkerChart'],
-  }, { capabilities, components });
+  }, { tools, components });
   assert.deepEqual(compiled.issues.map((issue) => issue.code), [
     'surface-policy-unknown-grant',
     'surface-policy-tier-exceeded',
diff --git a/packages/engine/test/capability-contract.test.ts b/packages/engine/test/tool-contract.test.ts
similarity index 68%
rename from packages/engine/test/capability-contract.test.ts
rename to packages/engine/test/tool-contract.test.ts
index e82598c..7618112 100644
--- a/packages/engine/test/capability-contract.test.ts
+++ b/packages/engine/test/tool-contract.test.ts
@@ -1,28 +1,28 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
-  CAPABILITY_BINDING_SPECS,
-  CAPABILITY_TRIGGER_SPECS,
-  buildCapabilitiesBlock,
-  compileCapabilityContract,
-  formatCapabilityProtocolContract,
+  buildToolsBlock,
+  compileToolContract,
+  formatToolProtocolContract,
 } from '../src/index.ts';
 
-test('capability protocol contract includes every trigger and binding spec', () => {
-  const text = formatCapabilityProtocolContract();
+test('tool protocol contract documents Arrow host bridge', () => {
+  const text = formatToolProtocolContract();
 
-  for (const spec of CAPABILITY_TRIGGER_SPECS) {
-    assert.match(text, new RegExp(spec.legacyAttribute));
-    assert.match(text, new RegExp(`data-summon-resource-trigger="${spec.resourceTriggerValue}"`));
-  }
-  for (const spec of CAPABILITY_BINDING_SPECS) {
-    assert.match(text, new RegExp(spec.attribute));
-  }
+  assert.match(text, /Arrow host bridge/);
+  assert.match(text, /host-bridge:summon/);
+  assert.match(text, /callTool/);
+  assert.match(text, /getState/);
+  assert.match(text, /onState/);
+  assert.match(text, /reactive\(\)/);
+  assert.doesNotMatch(text, /data-summon-on-click/);
+  assert.doesNotMatch(text, /data-summon-resource-trigger/);
+  assert.doesNotMatch(text, /data-summon-bind/);
 });
 
-test('capability compiler returns prompt, pack, intent names, and validation metadata', () => {
-  const contract = compileCapabilityContract({
-    intents: [
+test('tool compiler returns prompt, pack, tool names, and validation metadata', () => {
+  const contract = compileToolContract({
+    tools: [
       {
         name: 'search',
         description: 'Run a search.',
@@ -47,8 +47,8 @@ test('capability compiler returns prompt, pack, intent names, and validation met
     ],
   });
 
-  assert.deepEqual(contract.intentNames, ['search', 'save']);
-  assert.deepEqual(contract.validationCapabilities, [
+  assert.deepEqual(contract.toolNames, ['search', 'save']);
+  assert.deepEqual(contract.validationTools, [
     {
       name: 'search',
       kind: 'resource',
@@ -71,13 +71,13 @@ test('capability compiler returns prompt, pack, intent names, and validation met
     saveDone: false,
     saveError: null,
   });
-  assert.equal(contract.promptBlock?.id, 'capabilities');
+  assert.equal(contract.promptBlock?.id, 'tools');
   assert.match(contract.promptBlock?.text ?? '', /Available data resources/);
 });
 
-test('capabilities block renders generated protocol docs', () => {
-  const text = buildCapabilitiesBlock({
-    intents: [
+test('tools block renders Arrow-native protocol docs', () => {
+  const text = buildToolsBlock({
+    tools: [
       {
         name: 'search',
         description: 'Run a search.',
@@ -105,21 +105,26 @@ test('capabilities block renders generated protocol docs', () => {
         code: '<button id="go">Go</button><script>document.getElementById("go")?.addEventListener("click", () => sandbox.emit("search", {query:"boots"}))</script>',
       },
       {
-        name: 'declarative search',
+        name: 'legacy declarative search',
         code: '<form data-summon-resource="search" data-summon-resource-trigger="submit"></form>',
       },
+      {
+        name: 'arrow search',
+        code: 'import { callTool, onState } from "host-bridge:summon";\nconst run = () => callTool("search", { query: "boots" });\nonState(() => {});',
+      },
     ],
   });
 
   assert.match(text, /Available data resources/);
-  assert.match(text, /Declarative-only interactivity/);
-  assert.match(text, /data-summon-resource="<name>"/);
-  assert.match(text, /\$alias\.loading/);
-  assert.match(text, /\$alias\.empty/);
+  assert.match(text, /Arrow-native interactivity/);
+  assert.match(text, /host-bridge:summon/);
+  assert.match(text, /reactive\(\)/);
+  assert.match(text, /callTool/);
+  assert.match(text, /getState/);
+  assert.match(text, /onState/);
   assert.match(text, /Default data: `\[\]`/);
   assert.match(text, /Never hallucinate fetched rows/);
-  assert.match(text, /Render "no results" from `\$alias\.empty`/);
-  assert.match(text, /data-summon-show="\$alias\.data"/);
+  assert.match(text, /Render "no results" from the declared empty key/);
   assert.match(text, /State keys: loading=searching, data=results, error=searchError, empty=noResults/);
   assert.match(text, /Action state: pending=savePending, done=saveDone, error=saveError/);
   assert.match(text, /Controlled actions expose host-owned pending\/done\/error keys/);
@@ -127,12 +132,13 @@ test('capabilities block renders generated protocol docs', () => {
   assert.doesNotMatch(text, /data-summon-on-submit="submit"/);
   assert.doesNotMatch(text, /data-summon-on-click="log"/);
   assert.doesNotMatch(text, /document\.getElementById/);
-  assert.match(text, /data-summon-resource="search"/);
+  assert.doesNotMatch(text, /data-summon-resource="search"/);
+  assert.match(text, /arrow search/);
 });
 
-test('capabilities block filters script patterns even with legacy allow policy', () => {
-  const text = buildCapabilitiesBlock({
-    intents: [
+test('tools block filters script patterns', () => {
+  const text = buildToolsBlock({
+    tools: [
       {
         name: 'choose',
         description: 'Choose an option.',
@@ -146,9 +152,9 @@ test('capabilities block filters script patterns even with legacy allow policy',
         code: '<button id="x">Pick</button><script>document.getElementById("x")?.addEventListener("click", () => sandbox.emit("choose", {option:"A"}))</script>',
       },
     ],
-  }, { scriptPolicy: 'allow' });
+  });
 
-  assert.match(text, /Script policy — declarative only/);
+  assert.match(text, /Host tool bridge/);
   assert.doesNotMatch(text, /Rules for scripts/);
   assert.doesNotMatch(text, /document\.getElementById/);
 });
diff --git a/packages/host/src/bind-endpoint.ts b/packages/host/src/bind-endpoint.ts
index bc7b5d0..0aab9b3 100644
--- a/packages/host/src/bind-endpoint.ts
+++ b/packages/host/src/bind-endpoint.ts
@@ -1,14 +1,14 @@
 /**
  * Endpoint binding — the trusted shape of a host-owned network call that an
- * intent fires. Turns the ad-hoc "set loading, fetch, catch, push" ceremony
+ * tool fires. Turns the ad-hoc "set loading, fetch, catch, push" ceremony
  * into a declared contract: validate args, call fetch with an AbortSignal,
  * surface loading/data/error under a named triple of state keys.
  *
- * The sandbox never sees any of this. It only emits the intent and reads
+ * The sandbox never sees any of this. It only emits the tool and reads
  * the resulting state keys.
  */
 
-import type { IntentHandler } from './policy-engine.js';
+import type { ToolHandler } from './policy-engine.js';
 
 export interface EndpointStateKeys {
   /** State flag set to true while the request is in flight, false otherwise. */
@@ -54,13 +54,13 @@ export interface EndpointBinding<In, Out> {
 }
 
 /**
- * Build an IntentHandler from an endpoint binding. The returned handler
+ * Build an ToolHandler from an endpoint binding. The returned handler
  * manages loading/error state, concurrency, and AbortSignal wiring; the
  * caller only supplies the parse, fetch, and state-key shape.
  */
 export function bindEndpoint<In, Out>(
   binding: EndpointBinding<In, Out>
-): IntentHandler {
+): ToolHandler {
   const { stateKeys, concurrency = 'latest' } = binding;
   let inflight: AbortController | null = null;
 
diff --git a/packages/host/src/browser.ts b/packages/host/src/browser.ts
index 048dce5..074cb9a 100644
--- a/packages/host/src/browser.ts
+++ b/packages/host/src/browser.ts
@@ -6,7 +6,6 @@ export type {
   SurfaceStreamLineDecision,
   SurfaceStreamOptions,
   SurfaceStreamParseError,
-  SurfaceStreamRenderMode,
   SurfaceStreamResult,
   SurfaceStreamSource,
 } from './surface-stream.js';
@@ -41,13 +40,12 @@ export type {
 } from './component-islands.js';
 export type {
   Artifact,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
   ComponentIslandBounds,
   ComponentIslandDescriptor,
   ComponentsMessage,
   FatalMessage,
-  IntentMessage,
+  ToolCallMessage,
+  ToolResultMessage,
   ReadyMessage,
   SandboxHandle,
   SandboxInboundMessage,
diff --git a/packages/host/src/component-islands.ts b/packages/host/src/component-islands.ts
index 78a39e6..80adcc9 100644
--- a/packages/host/src/component-islands.ts
+++ b/packages/host/src/component-islands.ts
@@ -10,7 +10,7 @@ import type {
 
 export interface ComponentIslandSyncContext {
   sandboxId: string;
-  emitIntent?: (intent: string, args?: Record<string, unknown>) => void;
+  callTool?: (tool: string, args?: Record<string, unknown>) => void;
 }
 
 export interface ComponentIslandRegistryOptions {
@@ -47,7 +47,7 @@ interface MountedIsland {
   wrapper: HTMLDivElement;
   bounds: ComponentIslandBounds;
   sandboxId: string;
-  emitIntent: (intent: string, args?: Record<string, unknown>) => void;
+  callTool: (tool: string, args?: Record<string, unknown>) => void;
 }
 
 export function createComponentIslandRegistry(
@@ -146,7 +146,7 @@ export function createComponentIslandRegistry(
       props,
       componentId: island.id,
       sandboxId: island.sandboxId,
-      emitIntent: island.emitIntent,
+      callTool: island.callTool,
     } as ComponentRenderContext);
   }
 
@@ -157,7 +157,7 @@ export function createComponentIslandRegistry(
       container: island.wrapper,
       componentId: island.id,
       sandboxId: island.sandboxId,
-      emitIntent: island.emitIntent,
+      callTool: island.callTool,
     });
     island.wrapper.remove();
     mounted.delete(id);
@@ -169,7 +169,7 @@ export function createComponentIslandRegistry(
   ): void {
     const seen = new Set<string>();
     const sandboxId = context.sandboxId ?? '';
-    const emitIntent = context.emitIntent ?? (() => {});
+    const callTool = context.callTool ?? (() => {});
 
     for (const component of components) {
       seen.add(component.id);
@@ -220,14 +220,14 @@ export function createComponentIslandRegistry(
           wrapper,
           bounds: clipped,
           sandboxId,
-          emitIntent,
+          callTool,
         };
         mounted.set(component.id, island);
       }
 
       island.bounds = clipped;
       island.sandboxId = sandboxId;
-      island.emitIntent = emitIntent;
+      island.callTool = callTool;
       position(island);
       render(island, parsed.data);
     }
diff --git a/packages/host/src/component-registry.ts b/packages/host/src/component-registry.ts
index 7e6ab4b..48042f3 100644
--- a/packages/host/src/component-registry.ts
+++ b/packages/host/src/component-registry.ts
@@ -7,14 +7,14 @@ import type {
 } from '@summon-internal/engine';
 import { compileComponentContract } from '@summon-internal/engine';
 import type { ZodType, ZodTypeAny } from 'zod';
-import { formatZodSchema } from './capability-registry.js';
+import { formatZodSchema } from './tool-registry.js';
 
 export interface ComponentRenderContext<T = unknown> {
   container: HTMLElement;
   props: T;
   componentId: string;
   sandboxId: string;
-  emitIntent: (intent: string, args?: Record<string, unknown>) => void;
+  callTool: (tool: string, args?: Record<string, unknown>) => void;
 }
 
 export type ComponentRenderer<T = unknown> = (ctx: ComponentRenderContext<T>) => void;
diff --git a/packages/host/src/index.ts b/packages/host/src/index.ts
index e860c30..4f117b8 100644
--- a/packages/host/src/index.ts
+++ b/packages/host/src/index.ts
@@ -1,22 +1,23 @@
 export { spawnSandbox } from './sandbox-spawner.js';
 export type { SpawnOptions } from './sandbox-spawner.js';
-export { PolicyEngine, defineIntent, IntentArgsError } from './policy-engine.js';
+export { PolicyEngine, defineToolHandler, ToolArgsError } from './policy-engine.js';
 export type {
-  IntentContext,
-  IntentEntry,
-  IntentHandler,
+  ToolContext,
+  ToolHandlerEntry,
+  ToolHandler,
   PolicyEngineOptions,
-  TypedIntentEntry,
+  PolicyDispatchResult,
+  TypedToolHandlerEntry,
 } from './policy-engine.js';
 export {
-  createCapabilityRegistry,
+  createToolRegistry,
   defineAction,
   defineApprovalAction,
-  defineCapability,
+  defineTool,
   defineDataResource,
   defineWorkerAction,
   defineWorkerResource,
-} from './capability-registry.js';
+} from './tool-registry.js';
 export type {
   ActionDefinition,
   ActionStateKeys,
@@ -25,12 +26,12 @@ export type {
   ApprovalPrepared,
   ApprovalRequest,
   ApprovalStateKeys,
-  CapabilityDefinition,
-  CapabilityRegistry,
+  ToolDefinition,
+  ToolRegistry,
   DataResourceDefinition,
   ResourceStateKeys,
   StateShapeDescriptor,
-} from './capability-registry.js';
+} from './tool-registry.js';
 export {
   createComponentRegistry,
   defineComponent,
@@ -74,7 +75,6 @@ export type {
   SurfaceStreamLineDecision,
   SurfaceStreamOptions,
   SurfaceStreamParseError,
-  SurfaceStreamRenderMode,
   SurfaceStreamResult,
   SurfaceStreamSource,
 } from './surface-stream.js';
@@ -89,14 +89,13 @@ export type {
 } from './strict-input.js';
 export type {
   Artifact,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
   ComponentIslandBounds,
   ComponentIslandDescriptor,
   ComponentsMessage,
   SandboxHandle,
   StateMessage,
-  IntentMessage,
+  ToolCallMessage,
+  ToolResultMessage,
   ReadyMessage,
   FatalMessage,
   SandboxInboundMessage,
diff --git a/packages/host/src/policy-engine.ts b/packages/host/src/policy-engine.ts
index 729a79b..9f64306 100644
--- a/packages/host/src/policy-engine.ts
+++ b/packages/host/src/policy-engine.ts
@@ -1,18 +1,18 @@
 /**
- * Policy engine: the trusted surface that intents hit after passing the bridge's
+ * Policy engine: the trusted surface that tools hit after passing the bridge's
  * vocabulary check. Handlers are host-authored — this is where network I/O,
  * credential access, and state mutation live. The sandbox never sees any of it.
  */
 
 import type { EventStore } from '@summon-internal/devtools';
 import type { ZodType } from 'zod';
-import type { ApprovalRequest } from './capability-registry.js';
+import type { ApprovalRequest } from './tool-registry.js';
 
-export interface IntentContext<T = Record<string, unknown>> {
+export interface ToolContext<T = Record<string, unknown>> {
   /**
    * Args the sandbox emitted. For bare-function handlers this is the raw
    * untrusted bag — validate before use. For handlers registered via
-   * `defineIntent(schema, run)`, this is the schema-parsed value with `T`'s
+   * `defineToolHandler(schema, run)`, this is the schema-parsed value with `T`'s
    * type, so the handler body can trust the shape.
    */
   args: T;
@@ -26,56 +26,56 @@ export interface IntentContext<T = Record<string, unknown>> {
   approval?: ApprovalRequest<T, unknown>;
 }
 
-export type IntentHandler<T = Record<string, unknown>> = (
-  ctx: IntentContext<T>,
+export type ToolHandler<T = Record<string, unknown>> = (
+  ctx: ToolContext<T>,
 ) => Promise<void> | void;
 
 /**
- * Schema-bound intent entry. Created via {@link defineIntent}. When dispatch
+ * Schema-bound tool entry. Created via {@link defineToolHandler}. When dispatch
  * sees one of these, it runs `args` through `schema.safeParse` first and only
  * calls `run` with the parsed value. Parse failures route to `onHandlerError`
  * with a structured Zod error and the run is skipped.
  */
-export interface TypedIntentEntry<T> {
+export interface TypedToolHandlerEntry<T> {
   schema: ZodType<T>;
-  run: IntentHandler<T>;
+  run: ToolHandler<T>;
 }
 
-export type IntentEntry<T = Record<string, unknown>> =
-  | IntentHandler<T>
-  | TypedIntentEntry<T>;
+export type ToolHandlerEntry<T = Record<string, unknown>> =
+  | ToolHandler<T>
+  | TypedToolHandlerEntry<T>;
 
 /**
- * Sugar for declaring a typed, schema-validated intent. Preserves `T` from the
+ * Sugar for declaring a typed, schema-validated tool. Preserves `T` from the
  * schema through to the handler so `ctx.args` is correctly typed at the call
  * site.
  *
- *     defineIntent(z.object({ q: z.string().min(1) }), async ({ args, push }) => {
+ *     defineToolHandler(z.object({ q: z.string().min(1) }), async ({ args, push }) => {
  *       // args: { q: string }
  *     });
  */
-export function defineIntent<T>(
+export function defineToolHandler<T>(
   schema: ZodType<T>,
-  run: IntentHandler<T>,
-): TypedIntentEntry<T> {
+  run: ToolHandler<T>,
+): TypedToolHandlerEntry<T> {
   return { schema, run };
 }
 
-function isTypedEntry<T>(entry: IntentEntry<T>): entry is TypedIntentEntry<T> {
+function isTypedEntry<T>(entry: ToolHandlerEntry<T>): entry is TypedToolHandlerEntry<T> {
   return typeof entry === 'object' && entry !== null && 'schema' in entry;
 }
 
 /**
- * Error thrown into `onHandlerError` when a typed intent's args fail schema
+ * Error thrown into `onHandlerError` when a typed tool's args fail schema
  * validation. The original ZodError lives on `.cause` for callers that want
  * structured details (path, expected type, etc.).
  */
-export class IntentArgsError extends Error {
-  readonly intent: string;
-  constructor(intent: string, cause: unknown) {
-    super(`intent "${intent}" args failed schema validation`);
-    this.name = 'IntentArgsError';
-    this.intent = intent;
+export class ToolArgsError extends Error {
+  readonly tool: string;
+  constructor(tool: string, cause: unknown) {
+    super(`tool "${tool}" args failed schema validation`);
+    this.name = 'ToolArgsError';
+    this.tool = tool;
     this.cause = cause;
   }
 }
@@ -83,30 +83,36 @@ export class IntentArgsError extends Error {
 export interface PolicyEngineOptions {
   /**
    * Handlers may be bare functions (legacy, untyped) or schema-bound entries
-   * created by {@link defineIntent}. The two shapes coexist; migrate
+   * created by {@link defineToolHandler}. The two shapes coexist; migrate
    * incrementally. The `unknown` generic preserves the union without forcing
    * every entry to share a single arg type.
    */
-  handlers: Record<string, IntentEntry<any>>;
+  handlers: Record<string, ToolHandlerEntry<any>>;
   /** Called with the new merged state every time a handler pushes. */
   onStateChange: (state: Record<string, unknown>) => void;
   /** Optional — receives unhandled handler exceptions and schema rejections. */
-  onHandlerError?: (intent: string, error: Error) => void;
+  onHandlerError?: (tool: string, error: Error) => void;
   /** Initial state. Pushed to the sandbox once it is ready. */
   initialState?: Record<string, unknown>;
   /**
    * Optional devtools event store. When set, the engine pushes
-   * intent-dispatched/settled and state-pushed events. Behavior is identical
+   * tool-dispatched/settled and state-pushed events. Behavior is identical
    * when omitted.
    */
   events?: EventStore;
 }
 
+export interface PolicyDispatchResult {
+  ok: boolean;
+  state: Record<string, unknown>;
+  error?: string;
+}
+
 export class PolicyEngine {
   private state: Record<string, unknown>;
-  private readonly handlers: Record<string, IntentEntry<any>>;
+  private readonly handlers: Record<string, ToolHandlerEntry<any>>;
   private readonly onStateChange: (state: Record<string, unknown>) => void;
-  private readonly onHandlerError?: (intent: string, error: Error) => void;
+  private readonly onHandlerError?: (tool: string, error: Error) => void;
   private readonly events?: EventStore;
   private dispatchSeq = 0;
 
@@ -118,8 +124,8 @@ export class PolicyEngine {
     this.events = options.events;
   }
 
-  /** Full intent vocabulary — wire this into the Artifact.intents list. */
-  get intents(): string[] {
+  /** Full tool vocabulary — wire this into the Artifact.tools list. */
+  get tools(): string[] {
     return Object.keys(this.handlers);
   }
 
@@ -128,9 +134,9 @@ export class PolicyEngine {
   }
 
   /**
-   * Merge a patch into current state and notify. Intent handlers receive this
+   * Merge a patch into current state and notify. Tool handlers receive this
    * as `ctx.push`; host code can also call it directly to push state changes
-   * that did not originate from a sandbox intent — server-sent events, timers,
+   * that did not originate from a sandbox tool — server-sent events, timers,
    * external webhooks, cross-tab broadcasts.
    */
   pushState(patch: Record<string, unknown>): void {
@@ -140,25 +146,26 @@ export class PolicyEngine {
     this.onStateChange(next);
   }
 
-  async dispatch(intent: string, args: Record<string, unknown>): Promise<void> {
-    const entry = this.handlers[intent];
+  async dispatch(tool: string, args: Record<string, unknown>): Promise<PolicyDispatchResult> {
+    const entry = this.handlers[tool];
     if (!entry) {
       // The bridge should have rejected this already; defensive.
-      this.onHandlerError?.(intent, new Error(`No handler for intent "${intent}"`));
-      return;
+      const error = new Error(`No handler for tool "${tool}"`);
+      this.onHandlerError?.(tool, error);
+      return { ok: false, state: this.getState(), error: error.message };
     }
 
     const id = `${Date.now()}-${++this.dispatchSeq}`;
     const startedAt = Date.now();
-    this.events?.push({ kind: 'intent-dispatched', at: startedAt, id, intent, args });
+    this.events?.push({ kind: 'tool-dispatched', at: startedAt, id, tool, args });
     const push = (patch: Record<string, unknown>) => this.pushState(patch);
 
     const settle = (ok: boolean, error?: string) => {
       this.events?.push({
-        kind: 'intent-settled',
+        kind: 'tool-settled',
         at: Date.now(),
         id,
-        intent,
+        tool,
         ok,
         error,
         durationMs: Date.now() - startedAt,
@@ -169,20 +176,22 @@ export class PolicyEngine {
       if (isTypedEntry(entry)) {
         const parsed = entry.schema.safeParse(args);
         if (!parsed.success) {
-          const err = new IntentArgsError(intent, parsed.error);
+          const err = new ToolArgsError(tool, parsed.error);
           settle(false, err.message);
-          this.onHandlerError?.(intent, err);
-          return;
+          this.onHandlerError?.(tool, err);
+          return { ok: false, state: this.getState(), error: err.message };
         }
         await entry.run({ args: parsed.data, push });
       } else {
         await entry({ args, push });
       }
       settle(true);
+      return { ok: true, state: this.getState() };
     } catch (err) {
       const error = err instanceof Error ? err : new Error(String(err));
       settle(false, error.message);
-      this.onHandlerError?.(intent, error);
+      this.onHandlerError?.(tool, error);
+      return { ok: false, state: this.getState(), error: error.message };
     }
   }
 }
diff --git a/packages/host/src/policy.ts b/packages/host/src/policy.ts
index 41a93e4..bd9d79e 100644
--- a/packages/host/src/policy.ts
+++ b/packages/host/src/policy.ts
@@ -1,20 +1,21 @@
-export { PolicyEngine, defineIntent, IntentArgsError } from './policy-engine.js';
+export { PolicyEngine, defineToolHandler, ToolArgsError } from './policy-engine.js';
 export type {
-  IntentContext,
-  IntentEntry,
-  IntentHandler,
+  ToolContext,
+  ToolHandlerEntry,
+  ToolHandler,
+  PolicyDispatchResult,
   PolicyEngineOptions,
-  TypedIntentEntry,
+  TypedToolHandlerEntry,
 } from './policy-engine.js';
 export {
-  createCapabilityRegistry,
+  createToolRegistry,
   defineAction,
   defineApprovalAction,
-  defineCapability,
+  defineTool,
   defineDataResource,
   defineWorkerAction,
   defineWorkerResource,
-} from './capability-registry.js';
+} from './tool-registry.js';
 export type {
   ActionDefinition,
   ActionStateKeys,
@@ -23,9 +24,9 @@ export type {
   ApprovalPrepared,
   ApprovalRequest,
   ApprovalStateKeys,
-  CapabilityDefinition,
-  CapabilityRegistry,
+  ToolDefinition,
+  ToolRegistry,
   DataResourceDefinition,
   ResourceStateKeys,
   StateShapeDescriptor,
-} from './capability-registry.js';
+} from './tool-registry.js';
diff --git a/packages/host/src/sandbox-spawner.ts b/packages/host/src/sandbox-spawner.ts
index 7a30418..480e4a1 100644
--- a/packages/host/src/sandbox-spawner.ts
+++ b/packages/host/src/sandbox-spawner.ts
@@ -1,8 +1,9 @@
 import type { EventStore } from '@summon-internal/devtools';
-import { hasCompleteResourceStateKeys, type ValidationCapability } from '@summon-internal/engine';
+import type { ValidationTool } from '@summon-internal/engine';
 import type {
+  ArrowNetworkPolicy,
+  ArrowSurfaceArtifact,
   Artifact,
-  CompiledHtmlNodePatch,
   ComponentIslandDescriptor,
   SandboxHandle,
   SandboxInboundMessage,
@@ -14,14 +15,17 @@ import type {
  * SUMMON_READY and never receives a script nonce. Generated CSS remains inline
  * because the compiler constrains it and visual richness is a core Summon goal.
  */
-function cspForNonce(nonce: string): string {
+function cspForNonce(nonce: string, networkPolicy: ArrowNetworkPolicy = 'none'): string {
+  const connectSrc = networkPolicy === 'restricted-fetch'
+    ? 'connect-src https: http://localhost:* http://127.0.0.1:* http://[::1]:*'
+    : "connect-src 'none'";
   return [
     "default-src 'none'",
-    `script-src 'nonce-${nonce}'`,
+    `script-src 'nonce-${nonce}' 'wasm-unsafe-eval'`,
     "style-src 'unsafe-inline'",
     "img-src data:",
     "font-src data:",
-    "connect-src 'none'",
+    connectSrc,
     "form-action 'none'",
     "base-uri 'none'",
     "frame-src 'none'",
@@ -36,28 +40,42 @@ export interface SpawnOptions {
   iframe: HTMLIFrameElement;
   artifact: Artifact;
   /**
-   * Host-controlled allowlist of intents this sandbox may emit. The bridge
-   * enforces it; anything else is rejected before reaching `onIntent`.
+   * Host-controlled allowlist of tools this sandbox may emit. The bridge
+   * enforces it; anything else is rejected before reaching `onToolCall`.
    *
    * This is required even for static/read-only surfaces. Pass `[]` when the
-   * host grants no executable intents. `artifact.intents` is advisory only and
+   * host grants no executable tools. `artifact.tools` is advisory only and
    * never becomes executable authority.
    */
-  grantedIntents: string[];
+  grantedTools: string[];
   /**
-   * Host-controlled capability grant metadata. Used by the sandbox runtime
-   * only to resolve declarative resource aliases to host-owned state keys.
-   * Intent execution remains governed solely by `grantedIntents`.
+   * Host-controlled tool grant metadata. Tool execution remains
+   * governed solely by `grantedTools`; this metadata is recorded for
+   * validation, diagnostics, and component/policy context.
    */
-  grantedCapabilities?: ValidationCapability[];
+  validationTools?: ValidationTool[];
   /** Raw bootstrap source; published consumers can use `@anarchitecture/summon/assets`. */
   bootstrapSource: string;
   /** Raw token CSS source; published consumers can use `@anarchitecture/summon/assets`. */
   tokensSource: string;
-  /** Receives only intents that passed the bridge allowlist. */
-  onIntent?: (intent: string, args: Record<string, unknown>) => void;
-  /** Receives intents that were rejected by the allowlist. Useful for logging / tests. */
-  onIntentRejected?: (reason: string, raw: unknown) => void;
+  /**
+   * Optional trusted Arrow runtime bundle. It must install
+   * `window.__SUMMON_ARROW_SANDBOX__ = { sandbox }` inside the iframe before
+   * the Summon Arrow adapter receives an artifact.
+   */
+  arrowRuntimeSource?: string;
+  /**
+   * Host-owned network grant for Arrow sandboxes. Defaults to `none`; do not
+   * derive this from generated artifact metadata.
+   */
+  arrowNetworkPolicy?: ArrowNetworkPolicy;
+  /** Receives only tools that passed the bridge allowlist. */
+  onToolCall?: (tool: string, args: Record<string, unknown>) =>
+    | void
+    | Record<string, unknown>
+    | Promise<void | Record<string, unknown>>;
+  /** Receives tools that were rejected by the allowlist. Useful for logging / tests. */
+  onToolRejected?: (reason: string, raw: unknown) => void;
   /** Receives sandbox-measured component island placeholders. */
   onComponents?: (components: ComponentIslandDescriptor[], sandboxId: string) => void;
   /**
@@ -68,8 +86,8 @@ export interface SpawnOptions {
   onSandboxFatal?: (reason: string) => void;
   /**
    * Optional devtools event store. When set, the spawner pushes lifecycle and
-   * intent-bridge events into it (sandbox-spawned/ready/fatal/disposed,
-   * intent-emitted/rejected, render). Behavior is identical when omitted.
+   * tool-bridge events into it (sandbox-spawned/ready/fatal/disposed,
+   * tool-called/rejected, render). Behavior is identical when omitted.
    */
   events?: EventStore;
 }
@@ -98,26 +116,23 @@ function buildSrcdoc(params: {
   scriptNonce: string;
   bootstrapSource: string;
   tokensSource: string;
-  resourceMap: ResourceMap;
+  networkPolicy: ArrowNetworkPolicy;
+  arrowRuntimeSource?: string;
 }): string {
   // The CSP meta must come FIRST in <head> — anything before it is unprotected.
   // Artifact HTML is deliberately absent from initial srcdoc. The trusted
   // bootstrap sends SUMMON_READY, then the host queues the compiled render
   // through SUMMON_RENDER.
   //
-  // The base style block (entrance animation for live-paint sections) is
-  // emitted BEFORE the direction's tokensSource so directions can override —
-  // e.g., a direction wanting no decorative motion can redeclare the
-  // `[data-summon-section]` rule with `animation: none`.
   return `<!DOCTYPE html>
 <html>
 <head>
-<meta http-equiv="Content-Security-Policy" content="${escapeHtml(cspForNonce(params.scriptNonce))}">
+<meta http-equiv="Content-Security-Policy" content="${escapeHtml(cspForNonce(params.scriptNonce, params.networkPolicy))}">
 <meta charset="utf-8">
 <script nonce="${params.scriptNonce}">window.__SUMMON_SANDBOX_ID__=${escapeScriptJson(params.sandboxId)};</script>
-<script nonce="${params.scriptNonce}">window.__SUMMON_RESOURCES__=${escapeScriptJson(params.resourceMap)};</script>
+<script nonce="${params.scriptNonce}">window.__SUMMON_NETWORK_POLICY__=${escapeScriptJson(params.networkPolicy)};</script>
+${params.arrowRuntimeSource ? `<script nonce="${params.scriptNonce}">${params.arrowRuntimeSource}</script>` : ''}
 <script nonce="${params.scriptNonce}">${params.bootstrapSource}</script>
-<style>${SUMMON_BASE_CSS}</style>
 <style>${params.tokensSource}</style>
 </head>
 <body>
@@ -127,176 +142,6 @@ function buildSrcdoc(params: {
 </html>`;
 }
 
-const SUMMON_BASE_CSS = `
-[data-summon-section] {
-  animation: summon-section-in 0.45s cubic-bezier(0.33, 1, 0.68, 1) both;
-}
-.summon-node-enter {
-  animation: summon-node-enter 0.32s cubic-bezier(0.33, 1, 0.68, 1) both;
-  will-change: opacity, filter, transform;
-}
-.summon-node-update {
-  animation: summon-node-update 0.42s ease-out both;
-}
-.summon-slot-filled {
-  animation: summon-slot-filled 0.42s ease-out both;
-}
-.summon-motion-enter-rise {
-  animation: summon-motion-rise 0.34s cubic-bezier(0.33, 1, 0.68, 1) both;
-}
-.summon-motion-enter-fade {
-  animation: summon-motion-fade 0.24s ease-out both;
-}
-.summon-motion-enter-fade-slide {
-  animation: summon-motion-fade-slide 0.32s cubic-bezier(0.33, 1, 0.68, 1) both;
-}
-.summon-motion-enter-pop {
-  animation: summon-motion-pop 0.28s cubic-bezier(0.2, 0.9, 0.2, 1.2) both;
-}
-.summon-motion-update-pulse {
-  animation: summon-motion-pulse 0.46s ease-out both;
-}
-.summon-motion-update-fade {
-  animation: summon-motion-update-fade 0.28s ease-out both;
-}
-.summon-motion-update-pop {
-  animation: summon-motion-pop 0.24s cubic-bezier(0.2, 0.9, 0.2, 1.2) both;
-}
-.summon-transition-fade,
-.summon-transition-rise,
-.summon-transition-fade-slide,
-.summon-transition-pop {
-  transition:
-    opacity 0.18s ease-out,
-    filter 0.18s ease-out,
-    transform 0.18s ease-out,
-    box-shadow 0.18s ease-out;
-}
-[data-summon-skeleton] {
-  position: relative;
-  overflow: hidden;
-  min-height: 0.8em;
-  border-radius: 6px;
-  color: transparent !important;
-  background: rgba(127, 127, 127, 0.14);
-  pointer-events: none;
-  user-select: none;
-}
-[data-summon-skeleton] > * {
-  visibility: hidden;
-}
-[data-summon-skeleton]::after {
-  content: "";
-  position: absolute;
-  inset: 0;
-  transform: translateX(-100%);
-  background: linear-gradient(90deg, transparent, rgba(255, 255, 255, 0.38), transparent);
-  animation: summon-skeleton-sheen 1.35s ease-in-out infinite;
-}
-@keyframes summon-section-in {
-  from { opacity: 0; filter: blur(8px); transform: translateY(8px); }
-  to   { opacity: 1; filter: blur(0);   transform: translateY(0); }
-}
-@keyframes summon-node-enter {
-  from { opacity: 0; filter: blur(5px); transform: translateY(6px); }
-  to   { opacity: 1; filter: blur(0);   transform: translateY(0); }
-}
-@keyframes summon-node-update {
-  0%   { box-shadow: 0 0 0 0 rgba(80, 112, 255, 0); }
-  35%  { box-shadow: 0 0 0 2px rgba(80, 112, 255, 0.18); }
-  100% { box-shadow: 0 0 0 0 rgba(80, 112, 255, 0); }
-}
-@keyframes summon-slot-filled {
-  0%   { box-shadow: inset 0 0 0 0 rgba(80, 112, 255, 0); }
-  45%  { box-shadow: inset 0 0 0 1px rgba(80, 112, 255, 0.12); }
-  100% { box-shadow: inset 0 0 0 0 rgba(80, 112, 255, 0); }
-}
-@keyframes summon-motion-rise {
-  from { opacity: 0; transform: translateY(8px); }
-  to   { opacity: 1; transform: translateY(0); }
-}
-@keyframes summon-motion-fade {
-  from { opacity: 0; }
-  to   { opacity: 1; }
-}
-@keyframes summon-motion-fade-slide {
-  from { opacity: 0; transform: translateY(6px); }
-  to   { opacity: 1; transform: translateY(0); }
-}
-@keyframes summon-motion-pop {
-  from { opacity: 0; transform: scale(0.985); }
-  to   { opacity: 1; transform: scale(1); }
-}
-@keyframes summon-motion-pulse {
-  0%   { box-shadow: 0 0 0 0 rgba(80, 112, 255, 0); }
-  35%  { box-shadow: 0 0 0 3px rgba(80, 112, 255, 0.16); }
-  100% { box-shadow: 0 0 0 0 rgba(80, 112, 255, 0); }
-}
-@keyframes summon-motion-update-fade {
-  0%   { opacity: 0.72; }
-  100% { opacity: 1; }
-}
-@keyframes summon-skeleton-sheen {
-  0%   { transform: translateX(-100%); }
-  60%, 100% { transform: translateX(100%); }
-}
-@media (prefers-reduced-motion: reduce) {
-  [data-summon-section],
-  .summon-node-enter,
-  .summon-node-update,
-  .summon-slot-filled,
-  .summon-motion-enter-rise,
-  .summon-motion-enter-fade,
-  .summon-motion-enter-fade-slide,
-  .summon-motion-enter-pop,
-  .summon-motion-update-pulse,
-  .summon-motion-update-fade,
-  .summon-motion-update-pop,
-  [data-summon-skeleton]::after {
-    animation: none;
-  }
-  .summon-transition-fade,
-  .summon-transition-rise,
-  .summon-transition-fade-slide,
-  .summon-transition-pop {
-    transition: none;
-  }
-  .summon-node-enter {
-    opacity: 1;
-    filter: none;
-    transform: none;
-  }
-}
-`;
-
-interface ResourceMapEntry {
-  stateKeys: {
-    loading: string;
-    data: string;
-    error: string;
-    empty?: string;
-  };
-}
-
-type ResourceMap = Record<string, ResourceMapEntry>;
-
-function resourceMapFromCapabilities(capabilities: ValidationCapability[] | undefined): ResourceMap {
-  const out: ResourceMap = {};
-  for (const capability of capabilities ?? []) {
-    if (capability.kind !== 'resource') continue;
-    if (!hasCompleteResourceStateKeys(capability.stateKeys)) continue;
-    out[capability.name] = {
-      stateKeys: {
-        loading: capability.stateKeys.loading,
-        data: capability.stateKeys.data,
-        error: capability.stateKeys.error,
-        ...(capability.stateKeys.empty ? { empty: capability.stateKeys.empty } : {}),
-      },
-    };
-  }
-  return out;
-}
-
 function normalizeComponentDescriptors(raw: unknown): ComponentIslandDescriptor[] {
   if (!Array.isArray(raw)) return [];
   const out: ComponentIslandDescriptor[] = [];
@@ -342,51 +187,48 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
   const sandboxId = randomSandboxId();
   const scriptNonce = randomSandboxId();
   // Bridge allowlist comes only from the host grant. A JS caller that omits
-  // grantedIntents fails closed because `new Set(undefined)` grants nothing.
-  const intentAllowlist = new Set(opts.grantedIntents);
-  const grantedCapabilities = opts.grantedCapabilities ?? opts.artifact.capabilities ?? [];
-  const resourceMap = resourceMapFromCapabilities(grantedCapabilities);
+  // grantedTools fails closed because `new Set(undefined)` grants nothing.
+  const toolAllowlist = new Set(opts.grantedTools);
+  const validationTools = opts.validationTools ?? opts.artifact.validationTools ?? [];
+  const arrowNetworkPolicy = opts.arrowNetworkPolicy ?? 'none';
 
   // Deliberately NOT adding allow-same-origin. That keeps the iframe null-origin:
   // no storage, no parent DOM access, cross-origin isolation applies.
   opts.iframe.setAttribute('sandbox', 'allow-scripts');
+  opts.iframe.dataset.summonSandboxId = sandboxId;
 
   let ready = false;
   const pendingStates: Record<string, unknown>[] = [];
-  const pendingDomOps: Array<
-    | { kind: 'render'; html: string }
-    | { kind: 'node-patch'; patch: CompiledHtmlNodePatch }
-  > = [];
-  // Chrome attributes are merged before flush so a flurry of setChrome calls
-  // pre-ready collapses into a single postMessage. Post-ready, each setChrome
-  // call dispatches immediately.
-  const pendingChrome: Record<string, string> = {};
-  let hasPendingChrome = false;
+  const pendingDomOps: Array<{ kind: 'artifact'; artifact: ArrowSurfaceArtifact }> = [];
 
   function flushPending() {
     if (!ready || !opts.iframe.contentWindow) return;
-    if (hasPendingChrome) {
-      opts.iframe.contentWindow.postMessage(
-        { type: 'SUMMON_CHROME', sandbox_id: sandboxId, attrs: { ...pendingChrome } },
-        '*'
-      );
-      for (const k of Object.keys(pendingChrome)) delete pendingChrome[k];
-      hasPendingChrome = false;
-    }
     while (pendingStates.length > 0) {
       const state = pendingStates.shift()!;
       opts.iframe.contentWindow.postMessage({ type: 'SUMMON_STATE', sandbox_id: sandboxId, state }, '*');
     }
     while (pendingDomOps.length > 0) {
       const op = pendingDomOps.shift()!;
-      if (op.kind === 'render') {
-        opts.iframe.contentWindow.postMessage({ type: 'SUMMON_RENDER', sandbox_id: sandboxId, html: op.html }, '*');
-      } else {
-        opts.iframe.contentWindow.postMessage({ type: 'SUMMON_NODE_PATCH', sandbox_id: sandboxId, patch: op.patch }, '*');
-      }
+      opts.iframe.contentWindow.postMessage({ type: 'SUMMON_RENDER', sandbox_id: sandboxId, artifact: op.artifact }, '*');
     }
   }
 
+  function postToolResult(requestId: string | undefined, result: {
+    ok: boolean;
+    state?: Record<string, unknown>;
+    error?: string;
+  }) {
+    if (!requestId || !opts.iframe.contentWindow) return;
+    opts.iframe.contentWindow.postMessage({
+      type: 'SUMMON_TOOL_RESULT',
+      sandbox_id: sandboxId,
+      request_id: requestId,
+      ok: result.ok,
+      state: result.state ?? {},
+      ...(result.error ? { error: result.error } : {}),
+    }, '*');
+  }
+
   function handleMessage(event: MessageEvent) {
     const data = event.data as SandboxInboundMessage | undefined;
     if (!data || typeof data !== 'object') return;
@@ -396,8 +238,9 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
     // delivered to the host page — only those claiming to speak the Summon
     // protocol should reach the sandbox_id gate below.
     if (
-      data.type !== 'SUMMON_INTENT' &&
+      data.type !== 'SUMMON_TOOL_CALL' &&
       data.type !== 'SUMMON_READY' &&
+      data.type !== 'SUMMON_RENDERED' &&
       data.type !== 'SUMMON_FATAL' &&
       data.type !== 'SUMMON_COMPONENTS'
     ) {
@@ -418,8 +261,8 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
     // A nonce miss is silently dropped rather than reported as a rejection.
     // The listener is bound to `window`, so on a page with multiple sandboxes
     // every listener sees every sibling's messages. Those aren't this
-    // sandbox's intents to validate — they're not addressed to it. Reserving
-    // onIntentRejected for messages that *do* claim this sandbox's identity
+    // sandbox's tools to validate — they're not addressed to it. Reserving
+    // onToolRejected for messages that *do* claim this sandbox's identity
     // (and fail later checks) keeps the rejection signal meaningful.
     if (data.sandbox_id !== sandboxId) {
       return;
@@ -427,7 +270,7 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
 
     if (data.type === 'SUMMON_FATAL') {
       // Bootstrap's self-test failed. Tear down: never set ready, never push
-      // state, never deliver intents. The sandbox is structurally unsound.
+      // state, never deliver tools. The sandbox is structurally unsound.
       const reason = typeof data.reason === 'string' ? data.reason : 'unknown';
       window.removeEventListener('message', handleMessage);
       opts.iframe.srcdoc = '';
@@ -447,6 +290,16 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
       return;
     }
 
+    if (data.type === 'SUMMON_RENDERED') {
+      opts.events?.push({
+        kind: 'rendered',
+        at: Date.now(),
+        sandboxId,
+        revision: typeof data.revision === 'number' ? data.revision : 0,
+      });
+      return;
+    }
+
     if (data.type === 'SUMMON_COMPONENTS') {
       const components = normalizeComponentDescriptors(data.components);
       opts.events?.push({
@@ -464,63 +317,76 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
       return;
     }
 
-    if (data.type === 'SUMMON_INTENT') {
-      const { intent, args } = data;
-      if (typeof intent !== 'string' || !intent) {
+    if (data.type === 'SUMMON_TOOL_CALL') {
+      const { tool, args } = data;
+      if (typeof tool !== 'string' || !tool) {
         opts.events?.push({
-          kind: 'intent-rejected',
+          kind: 'tool-rejected',
           at: Date.now(),
           sandboxId,
-          reason: 'intent not a non-empty string',
+          reason: 'tool not a non-empty string',
           raw: data,
         });
-        opts.onIntentRejected?.('intent not a non-empty string', data);
+        opts.onToolRejected?.('tool not a non-empty string', data);
+        postToolResult(data.request_id, { ok: false, error: 'tool not a non-empty string' });
         return;
       }
-      if (!intentAllowlist.has(intent)) {
+      if (!toolAllowlist.has(tool)) {
         opts.events?.push({
-          kind: 'intent-rejected',
+          kind: 'tool-rejected',
           at: Date.now(),
           sandboxId,
-          reason: `intent "${intent}" not granted`,
+          reason: `tool "${tool}" not granted`,
           raw: data,
         });
-        opts.onIntentRejected?.(`intent "${intent}" not granted`, data);
+        opts.onToolRejected?.(`tool "${tool}" not granted`, data);
+        postToolResult(data.request_id, { ok: false, error: `tool "${tool}" not granted` });
         return;
       }
       const safeArgs =
         args && typeof args === 'object' ? (args as Record<string, unknown>) : {};
       opts.events?.push({
-        kind: 'intent-emitted',
+        kind: 'tool-called',
         at: Date.now(),
         sandboxId,
-        intent,
+        tool,
         args: safeArgs,
       });
-      opts.onIntent?.(intent, safeArgs);
+      void Promise.resolve(opts.onToolCall?.(tool, safeArgs))
+        .then((state) => {
+          postToolResult(data.request_id, {
+            ok: true,
+            state: state && typeof state === 'object' && !Array.isArray(state) ? state : {},
+          });
+        })
+        .catch((err) => {
+          const error = err instanceof Error ? err.message : String(err);
+          postToolResult(data.request_id, { ok: false, error });
+        });
     }
   }
 
   window.addEventListener('message', handleMessage);
 
+  if (opts.artifact.arrow) {
+    pendingDomOps.push({ kind: 'artifact', artifact: opts.artifact.arrow });
+  }
   opts.iframe.srcdoc = buildSrcdoc({
     sandboxId,
     scriptNonce,
     bootstrapSource: opts.bootstrapSource,
     tokensSource: opts.tokensSource,
-    resourceMap,
+    networkPolicy: arrowNetworkPolicy,
+    arrowRuntimeSource: opts.arrowRuntimeSource,
   });
-  if (opts.artifact.html) {
-    pendingDomOps.push({ kind: 'render', html: opts.artifact.html });
-  }
 
   opts.events?.push({
     kind: 'sandbox-spawned',
     at: Date.now(),
     sandboxId,
-    grantedIntents: Array.from(intentAllowlist),
-    artifactCapabilities: opts.artifact.capabilities,
-    grantedCapabilities,
+    grantedTools: Array.from(toolAllowlist),
+    artifactTools: opts.artifact.tools,
+    validationTools,
   });
 
   return {
@@ -530,42 +396,25 @@ export function spawnSandbox(opts: SpawnOptions): SandboxHandle {
       pendingStates.push(state);
       flushPending();
     },
-    render(html) {
-      pendingDomOps.push({ kind: 'render', html });
+    renderArtifact(artifact) {
+      pendingDomOps.push({ kind: 'artifact', artifact });
       opts.events?.push({
         kind: 'render',
         at: Date.now(),
         sandboxId,
-        bytes: html.length,
+        bytes: JSON.stringify(artifact.source).length,
       });
       flushPending();
     },
-    patchNode(patch) {
-      pendingDomOps.push({ kind: 'node-patch', patch });
-      opts.events?.push({
-        kind: 'render',
-        at: Date.now(),
-        sandboxId,
-        bytes: patch.html.length,
-      });
-      flushPending();
-    },
-    setChrome(attrs) {
-      // Validate keys defensively. We get away with `unsafe-inline` everywhere
-      // else because the iframe is null-origin, but `data-summon-<key>` is
-      // host-controlled — keep it boring.
-      for (const [k, v] of Object.entries(attrs)) {
-        if (!/^[a-z][a-z0-9-]*$/.test(k)) continue;
-        pendingChrome[k] = String(v);
-        hasPendingChrome = true;
-      }
-      flushPending();
-    },
     dispose() {
       window.removeEventListener('message', handleMessage);
-      opts.iframe.srcdoc = '';
       ready = false;
       opts.events?.push({ kind: 'sandbox-disposed', at: Date.now(), sandboxId });
+      window.setTimeout(() => {
+        if (opts.iframe.dataset.summonSandboxId !== sandboxId) return;
+        opts.iframe.srcdoc = '';
+        delete opts.iframe.dataset.summonSandboxId;
+      }, 0);
     },
   };
 }
diff --git a/packages/host/src/strict-input.ts b/packages/host/src/strict-input.ts
index 8992990..ec75ca9 100644
--- a/packages/host/src/strict-input.ts
+++ b/packages/host/src/strict-input.ts
@@ -3,7 +3,7 @@
  *
  * Architecture: a generative outer sandbox describes WHERE a sensitive field
  * should appear (via a placeholder div + bounds), but it never renders the
- * input itself. The host sees a `mount_strict_input` intent, computes screen
+ * input itself. The host sees a `mount_strict_input` tool, computes screen
  * coordinates from the outer iframe's bounding rect plus the sandbox-reported
  * bounds, and absolute-positions a host-trusted element on top.
  *
diff --git a/packages/host/src/surface-envelope.ts b/packages/host/src/surface-envelope.ts
index 6c8e3e6..d0a7f15 100644
--- a/packages/host/src/surface-envelope.ts
+++ b/packages/host/src/surface-envelope.ts
@@ -1,37 +1,34 @@
 import type {
-  CompiledArtifactHtml,
+  ArrowSurfaceArtifact,
   ContractIssue,
   ProtocolLine,
   StreamGraphSnapshot,
   SurfacePlan,
-  ValidationCapability,
+  ValidationTool,
   ValidationComponent,
 } from '@summon-internal/engine';
 import {
-  compileArtifactHtml,
+  isArrowSurfaceArtifact,
   isProtocolLine,
   normalizeSurfacePlan,
-  surfacePlanScriptPolicy,
   validateProtocolLine,
 } from '@summon-internal/engine';
 
-export const SUMMON_SURFACE_ENVELOPE_VERSION = 2;
+export const SUMMON_SURFACE_ENVELOPE_VERSION = 4;
 
 export interface SurfaceEnvelope {
-  version: 2;
+  version: 4;
   id: string;
   createdAt: string;
   prompt: string;
   surfacePlan: SurfacePlan;
+  artifact: ArrowSurfaceArtifact;
   protocolLines: ProtocolLine[];
-  compiledHtml: CompiledArtifactHtml;
-  compilerVersion: string;
-  compilerIssues: ContractIssue[];
   validationIssues: ContractIssue[];
   streamGraph: StreamGraphSnapshot | null;
   grants: {
-    intents: string[];
-    capabilities?: ValidationCapability[];
+    tools: string[];
+    validationTools?: ValidationTool[];
     components?: ValidationComponent[];
   };
   metadata: {
@@ -49,13 +46,13 @@ export interface CreateSurfaceEnvelopeInput {
   createdAt?: string | Date;
   prompt: string;
   surfacePlan: SurfacePlan;
+  artifact: ArrowSurfaceArtifact;
   protocolLines: ProtocolLine[];
-  html: string;
   validationIssues?: ContractIssue[];
   streamGraph?: StreamGraphSnapshot | null;
   grants: {
-    intents: string[];
-    capabilities?: ValidationCapability[];
+    tools: string[];
+    validationTools?: ValidationTool[];
     components?: ValidationComponent[];
   };
   metadata?: SurfaceEnvelope['metadata'];
@@ -68,31 +65,31 @@ export function createSurfaceEnvelope(input: CreateSurfaceEnvelopeInput): Surfac
     ? input.createdAt.toISOString()
     : input.createdAt ?? new Date().toISOString();
   const validationContext = validationContextForEnvelope(input);
-  const compiled = compileArtifactHtml(input.html, validationContext);
   const protocolIssues: ContractIssue[] = [];
-  const protocolLines = input.protocolLines.map((line) =>
-    compileEnvelopeProtocolLine(line, validationContext, protocolIssues),
-  );
+  const protocolLines = input.protocolLines.map((line) => {
+    for (const issue of validateProtocolLine(line, validationContext)) {
+      protocolIssues.push(issue);
+    }
+    return { ...line };
+  });
   return {
-    version: 2,
+    version: SUMMON_SURFACE_ENVELOPE_VERSION,
     id: input.id ?? newEnvelopeId(),
     createdAt,
     prompt: input.prompt,
     surfacePlan: input.surfacePlan,
+    artifact: input.artifact,
     protocolLines,
-    compiledHtml: compiled.html,
-    compilerVersion: compiled.compilerVersion,
-    compilerIssues: compiled.issues,
-    validationIssues: [...(input.validationIssues ?? []), ...compiled.issues, ...protocolIssues],
+    validationIssues: [...(input.validationIssues ?? []), ...protocolIssues],
     streamGraph: input.streamGraph ?? null,
     grants: {
-      intents: [...input.grants.intents],
-      capabilities: input.grants.capabilities?.map((capability) => ({ ...capability })),
+      tools: [...input.grants.tools],
+      validationTools: input.grants.validationTools?.map((tool) => ({ ...tool })),
       components: input.grants.components?.map((component) => ({ ...component })),
     },
     metadata: input.metadata ?? {},
     tokenCss: input.tokenCss ?? null,
-    runtimeVersion: input.runtimeVersion ?? 'summon-surface-envelope-v2',
+    runtimeVersion: input.runtimeVersion ?? 'summon-surface-envelope-v4',
   };
 }
 
@@ -108,11 +105,6 @@ export function parseSurfaceEnvelope(raw: string | unknown): SurfaceEnvelope | n
   if (isSurfaceEnvelope(parsed)) {
     return parsed;
   }
-  if (isLegacySurfaceEnvelope(parsed)) {
-    const envelope = createSurfaceEnvelope(parsed);
-    if (envelope.compilerIssues.some((issue) => issue.severity === 'block')) return null;
-    return envelope;
-  }
   return null;
 }
 
@@ -123,11 +115,7 @@ export function isSurfaceEnvelope(value: unknown): value is SurfaceEnvelope {
   if (typeof input.id !== 'string' || !input.id) return false;
   if (typeof input.createdAt !== 'string' || Number.isNaN(Date.parse(input.createdAt))) return false;
   if (typeof input.prompt !== 'string') return false;
-  if (typeof input.compiledHtml !== 'string') return false;
-  if (typeof input.compilerVersion !== 'string' || !input.compilerVersion) return false;
-  if (!Array.isArray(input.compilerIssues) || !input.compilerIssues.every(isContractIssue)) {
-    return false;
-  }
+  if (!isArrowSurfaceArtifact(input.artifact)) return false;
   if (typeof input.runtimeVersion !== 'string' || !input.runtimeVersion) return false;
 
   const surfacePlan = normalizeSurfacePlan(input.surfacePlan);
@@ -151,60 +139,24 @@ export function isSurfaceEnvelope(value: unknown): value is SurfaceEnvelope {
     const issues = validateProtocolLine(line, validationContext);
     if (issues.some((issue) => issue.severity === 'block')) return false;
   }
-  const compiled = compileArtifactHtml(input.compiledHtml, validationContext);
-  if (compiled.issues.some((issue) => issue.severity === 'block')) return false;
-  if (compiled.html !== input.compiledHtml) return false;
 
   return true;
 }
 
-function compileEnvelopeProtocolLine(
-  line: ProtocolLine,
-  validationContext: ReturnType<typeof validationContextForEnvelope>,
-  issues: ContractIssue[],
-): ProtocolLine {
-  if (line.op !== 'add' || line.html === undefined) return { ...line };
-  const compiled = compileArtifactHtml(line.html, validationContext);
-  for (const issue of compiled.issues) {
-    issues.push(issue.path ? issue : { ...issue, path: line.path });
-  }
-  return { ...line, html: compiled.html };
-}
-
 function validationContextForEnvelope(input: {
   surfacePlan: SurfacePlan;
   grants: SurfaceEnvelope['grants'];
   metadata?: SurfaceEnvelope['metadata'];
 }) {
   return {
-    mode: input.metadata?.mode ?? (input.surfacePlan.runtime === 'static' ? 'static' as const : 'interactive' as const),
-    scriptPolicy: surfacePlanScriptPolicy(input.surfacePlan),
-    capabilities: input.grants.capabilities,
+    mode: input.metadata?.mode ?? (input.grants.tools.length === 0 ? 'static' as const : 'interactive' as const),
+    tools: input.grants.validationTools,
     components: input.grants.components,
-    allowedIntents: input.grants.intents,
+    allowedTools: input.grants.tools,
     surfacePlan: input.surfacePlan,
   };
 }
 
-function isLegacySurfaceEnvelope(value: unknown): value is CreateSurfaceEnvelopeInput {
-  if (!value || typeof value !== 'object' || Array.isArray(value)) return false;
-  const input = value as Record<string, unknown>;
-  if (input.version !== 1) return false;
-  if (typeof input.id !== 'string' || !input.id) return false;
-  if (typeof input.createdAt !== 'string' || Number.isNaN(Date.parse(input.createdAt))) return false;
-  if (typeof input.prompt !== 'string') return false;
-  if (typeof input.html !== 'string') return false;
-  const surfacePlan = normalizeSurfacePlan(input.surfacePlan);
-  if (!surfacePlan) return false;
-  if (!Array.isArray(input.protocolLines) || !input.protocolLines.every(isProtocolLine)) return false;
-  if (!Array.isArray(input.validationIssues) || !input.validationIssues.every(isContractIssue)) return false;
-  if (!isStreamGraphSnapshot(input.streamGraph)) return false;
-  if (!isGrants(input.grants)) return false;
-  if (!isMetadata(input.metadata)) return false;
-  if (input.tokenCss !== undefined && input.tokenCss !== null && typeof input.tokenCss !== 'string') return false;
-  return true;
-}
-
 function newEnvelopeId(): string {
   const cryptoLike = globalThis.crypto as Crypto | undefined;
   if (cryptoLike?.randomUUID) return cryptoLike.randomUUID();
@@ -233,13 +185,13 @@ function isGrants(value: unknown): value is SurfaceEnvelope['grants'] {
   if (!value || typeof value !== 'object' || Array.isArray(value)) return false;
   const grants = value as Record<string, unknown>;
   return (
-    Array.isArray(grants.intents) &&
-    grants.intents.every((intent) => typeof intent === 'string') &&
+    Array.isArray(grants.tools) &&
+    grants.tools.every((tool) => typeof tool === 'string') &&
     (
-      grants.capabilities === undefined ||
+      grants.validationTools === undefined ||
       (
-        Array.isArray(grants.capabilities) &&
-        grants.capabilities.every(isValidationCapability)
+        Array.isArray(grants.validationTools) &&
+        grants.validationTools.every(isValidationTool)
       )
     ) &&
     (
@@ -252,10 +204,10 @@ function isGrants(value: unknown): value is SurfaceEnvelope['grants'] {
   );
 }
 
-function isValidationCapability(value: unknown): value is ValidationCapability {
+function isValidationTool(value: unknown): value is ValidationTool {
   if (!value || typeof value !== 'object' || Array.isArray(value)) return false;
-  const capability = value as Record<string, unknown>;
-  return typeof capability.name === 'string' && capability.name.length > 0;
+  const tool = value as Record<string, unknown>;
+  return typeof tool.name === 'string' && tool.name.length > 0;
 }
 
 function isValidationComponent(value: unknown): value is ValidationComponent {
diff --git a/packages/host/src/surface-stream.ts b/packages/host/src/surface-stream.ts
index 36d150b..c5728ab 100644
--- a/packages/host/src/surface-stream.ts
+++ b/packages/host/src/surface-stream.ts
@@ -1,14 +1,14 @@
 import {
-  compileArtifactHtml,
+  normalizeArrowSurfaceArtifact,
+  normalizeValidationLimits,
   parseProtocolLine,
-  SectionAccumulator,
   StreamGraph,
-  type CompiledArtifactHtml,
-  type CompiledHtmlNodePatch,
+  validateArrowSurfaceArtifact,
   type ContractIssue,
+  type ArrowSurfaceArtifact,
+  type ArtifactLine,
   type MetaLine,
   type ProtocolLine,
-  type SectionApplyResult,
   type StreamGraphSnapshot,
   type SurfacePlanMode,
   type ValidationContext,
@@ -20,7 +20,6 @@ export type SurfaceStreamSource =
   | AsyncIterable<SurfaceStreamChunk>
   | Iterable<SurfaceStreamChunk>;
 
-export type SurfaceStreamRenderMode = 'live' | 'final' | 'manual';
 export type SurfaceStreamLineDecision =
   | boolean
   | 'apply'
@@ -30,11 +29,9 @@ export type SurfaceStreamLineDecision =
 export interface SurfaceStreamContext {
   lineNumber: number;
   raw?: string;
-  accumulator: SectionAccumulator;
   graph: StreamGraph;
   protocolLines: readonly ProtocolLine[];
   acceptedStructuralLines: number;
-  applyResult?: SectionApplyResult;
 }
 
 export interface SurfaceStreamParseError {
@@ -44,9 +41,7 @@ export interface SurfaceStreamParseError {
 
 export interface SurfaceStreamOptions {
   mode: SurfacePlanMode | (() => SurfacePlanMode);
-  accumulator?: SectionAccumulator;
   streamGraph?: StreamGraph;
-  renderMode?: SurfaceStreamRenderMode;
   shouldApplyLine?: (
     line: ProtocolLine,
     context: SurfaceStreamContext,
@@ -59,6 +54,11 @@ export interface SurfaceStreamOptions {
     line: MetaLine,
     context: SurfaceStreamContext,
   ) => void | Promise<void>;
+  onArtifact?: (
+    artifact: ArrowSurfaceArtifact,
+    line: ArtifactLine,
+    context: SurfaceStreamContext,
+  ) => void | Promise<void>;
   onParseError?: (
     raw: string,
     context: SurfaceStreamContext,
@@ -67,14 +67,6 @@ export interface SurfaceStreamOptions {
     snapshot: StreamGraphSnapshot,
     context: SurfaceStreamContext,
   ) => void | Promise<void>;
-  onRenderHtml?: (
-    html: CompiledArtifactHtml,
-    context: SurfaceStreamContext,
-  ) => void | Promise<void>;
-  onNodePatch?: (
-    patch: CompiledHtmlNodePatch,
-    context: SurfaceStreamContext,
-  ) => void | Promise<void>;
   onError?: (
     error: Error,
     context: SurfaceStreamContext,
@@ -84,7 +76,6 @@ export interface SurfaceStreamOptions {
 
 export interface SurfaceStreamResult {
   protocolLines: ProtocolLine[];
-  html: CompiledArtifactHtml;
   streamGraph: StreamGraphSnapshot;
   validationIssues: ContractIssue[];
   parseErrors: SurfaceStreamParseError[];
@@ -96,7 +87,6 @@ export async function consumeSurfaceStream(
   source: SurfaceStreamSource,
   options: SurfaceStreamOptions,
 ): Promise<SurfaceStreamResult> {
-  const accumulator = options.accumulator ?? new SectionAccumulator();
   const graph = options.streamGraph ?? new StreamGraph();
   const protocolLines: ProtocolLine[] = [];
   const validationIssues: ContractIssue[] = [];
@@ -110,30 +100,18 @@ export async function consumeSurfaceStream(
 
   const context = (
     raw?: string,
-    applyResult?: SectionApplyResult,
   ): SurfaceStreamContext => ({
     lineNumber,
     raw,
-    accumulator,
     graph,
     protocolLines,
     acceptedStructuralLines,
-    ...(applyResult ? { applyResult } : {}),
   });
 
-  const renderMode = (): SurfaceStreamRenderMode => (
-    options.renderMode ?? (resolveMode(options.mode) === 'static' ? 'live' : 'final')
-  );
-
   const emitGraph = async (ctx: SurfaceStreamContext) => {
     await options.onGraph?.(graph.snapshot(), ctx);
   };
 
-  const emitRender = async (ctx: SurfaceStreamContext) => {
-    if (!accumulator.hasAnySection()) return;
-    await options.onRenderHtml?.(accumulator.compose() as CompiledArtifactHtml, ctx);
-  };
-
   const handleRawLine = async (raw: string) => {
     lineNumber += 1;
     if (stopped) return;
@@ -163,12 +141,10 @@ export async function consumeSurfaceStream(
     }
 
     graph.applyLine(acceptedLine);
-    let applyResult: SectionApplyResult | undefined;
     if (acceptedLine.op !== 'meta') {
-      applyResult = accumulator.applyDetailed(acceptedLine);
       acceptedStructuralLines += 1;
     }
-    const ctx = context(raw, applyResult);
+    const ctx = context(raw);
     protocolLines.push(acceptedLine);
 
     if (acceptedLine.op === 'meta' && acceptedLine.path === '/validation-blocked' && isContractIssue(acceptedLine.value)) {
@@ -185,15 +161,15 @@ export async function consumeSurfaceStream(
       await options.onMeta?.(acceptedLine, ctx);
       return;
     }
-
-    await emitGraph(ctx);
-    if (renderMode() === 'live' && applyResult?.changed) {
-      if (applyResult.nodePatch && options.onNodePatch) {
-        await options.onNodePatch(applyResult.nodePatch as CompiledHtmlNodePatch, ctx);
-        return;
+    if (acceptedLine.op === 'artifact') {
+      await emitGraph(ctx);
+      if (isArrowSurfaceArtifactValue(acceptedLine.value)) {
+        await options.onArtifact?.(acceptedLine.value, acceptedLine, ctx);
       }
-      await emitRender(ctx);
+      return;
     }
+
+    await emitGraph(ctx);
   };
 
   try {
@@ -214,9 +190,6 @@ export async function consumeSurfaceStream(
     if (tail) await handleRawLine(tail);
 
     const finalContext = context();
-    if (renderMode() === 'final') {
-      await emitRender(finalContext);
-    }
     await emitGraph(finalContext);
   } catch (err) {
     const error = err instanceof Error ? err : new Error(String(err));
@@ -224,10 +197,8 @@ export async function consumeSurfaceStream(
     throw error;
   }
 
-  const html = accumulator.compose() as CompiledArtifactHtml;
   return {
     protocolLines,
-    html,
     streamGraph: graph.snapshot(),
     validationIssues,
     parseErrors,
@@ -242,17 +213,49 @@ function compileAcceptedLine(
   validationIssues: ContractIssue[],
   graph: StreamGraph,
 ): ProtocolLine | null {
-  if (!validationContext || line.op !== 'add' || line.html === undefined) return line;
-  const result = compileArtifactHtml(line.html, validationContext);
+  if (line.op === 'artifact') {
+    return compileAcceptedArtifactLine(line, validationContext, validationIssues, graph);
+  }
+  if (line.op === 'meta') return line;
+  return null;
+}
+
+function compileAcceptedArtifactLine(
+  line: ArtifactLine,
+  validationContext: ValidationContext | undefined,
+  validationIssues: ContractIssue[],
+  graph: StreamGraph,
+): ArtifactLine | null {
+  const normalized = normalizeArrowSurfaceArtifact(line.value);
+  const issues = [...normalized.issues];
+  if (normalized.artifact) {
+    const limits = normalizeValidationLimits(validationContext?.limits);
+    issues.push(...validateArrowSurfaceArtifact(normalized.artifact, {
+      maxSourceBytes: limits.maxProtocolLineBytes,
+      network: validationContext?.surfacePlan?.network ?? 'none',
+    }));
+  }
+
   let blocked = false;
-  for (const issue of result.issues) {
-    const scoped = issue.path ? issue : { ...issue, path: line.path };
-    pushValidationIssue(validationIssues, scoped);
-    graph.recordIssue(scoped);
+  for (const issue of issues) {
+    pushValidationIssue(validationIssues, issue);
+    graph.recordIssue(issue);
     if (issue.severity === 'block') blocked = true;
   }
-  if (blocked) return null;
-  return { ...line, html: result.html };
+  if (blocked || !normalized.artifact) return null;
+  return { ...line, value: normalized.artifact };
+}
+
+function isArrowSurfaceArtifactValue(value: unknown): value is ArrowSurfaceArtifact {
+  return (
+    !!value &&
+    typeof value === 'object' &&
+    !Array.isArray(value) &&
+    (value as { runtime?: unknown }).runtime === 'arrow' &&
+    typeof (value as { source?: unknown }).source === 'object' &&
+    (value as { source?: unknown }).source !== null &&
+    !Array.isArray((value as { source?: unknown }).source)
+  );
 }
 
 async function* chunksFromSource(
@@ -286,10 +289,6 @@ function decodeChunk(chunk: SurfaceStreamChunk, decoder: TextDecoder): string {
     : decoder.decode(chunk, { stream: true });
 }
 
-function resolveMode(mode: SurfacePlanMode | (() => SurfacePlanMode)): SurfacePlanMode {
-  return typeof mode === 'function' ? mode() : mode;
-}
-
 function normalizeLineDecision(
   decision: SurfaceStreamLineDecision | undefined,
 ): Exclude<SurfaceStreamLineDecision, boolean> {
diff --git a/packages/host/src/capability-registry.ts b/packages/host/src/tool-registry.ts
similarity index 86%
rename from packages/host/src/capability-registry.ts
rename to packages/host/src/tool-registry.ts
index d96001f..80f438f 100644
--- a/packages/host/src/capability-registry.ts
+++ b/packages/host/src/tool-registry.ts
@@ -1,40 +1,40 @@
 import type {
   ActionStateKeys,
-  CapabilityKind,
-  CapabilityPack,
-  CapabilityPattern,
-  CapabilityStateKeys,
-  CapabilityTrigger,
-  CompiledCapabilityContract,
-  IntentSpec,
+  ToolKind,
+  ToolPack,
+  ToolPattern,
+  ToolStateKeys,
+  ToolTrigger,
+  CompiledToolContract,
+  ToolSpec,
   ResourceStateKeys,
-  CapabilitySurface,
+  ToolSurface,
 } from '@summon-internal/engine';
-import { compileCapabilityContract } from '@summon-internal/engine';
+import { compileToolContract } from '@summon-internal/engine';
 import type { ZodType, ZodTypeAny } from 'zod';
-import { defineIntent, type IntentEntry, type IntentHandler } from './policy-engine.js';
+import { defineToolHandler, type ToolHandlerEntry, type ToolHandler } from './policy-engine.js';
 
 export type { ActionStateKeys, ResourceStateKeys } from '@summon-internal/engine';
 
 export type StateShapeDescriptor = string | Record<string, unknown>;
 
-export interface CapabilityDefinition<T = unknown> {
+export interface ToolDefinition<T = unknown> {
   name: string;
   description: string;
   argsSchema: ZodType<T>;
   /** Optional override for prompt-facing schema text when Zod introspection is too lossy. */
   argsSchemaText?: string;
   stateShape: StateShapeDescriptor;
-  kind?: CapabilityKind;
-  triggers?: CapabilityTrigger[];
-  stateKeys?: CapabilityStateKeys;
+  kind?: ToolKind;
+  triggers?: ToolTrigger[];
+  stateKeys?: ToolStateKeys;
   actionStateKeys?: ActionStateKeys;
   resultSchema?: string;
   defaultDataShape?: string;
   defaultData?: unknown;
-  patterns?: CapabilityPattern[];
-  surface?: CapabilitySurface;
-  handler: IntentHandler<T>;
+  patterns?: ToolPattern[];
+  surface?: ToolSurface;
+  handler: ToolHandler<T>;
 }
 
 export interface ActionDefinition<T = unknown> {
@@ -43,11 +43,11 @@ export interface ActionDefinition<T = unknown> {
   argsSchema: ZodType<T>;
   argsSchemaText?: string;
   stateShape: StateShapeDescriptor;
-  triggers?: CapabilityTrigger[];
-  patterns?: CapabilityPattern[];
-  surface?: CapabilitySurface;
+  triggers?: ToolTrigger[];
+  patterns?: ToolPattern[];
+  surface?: ToolSurface;
   controlled?: boolean | { stateKeys?: Partial<ActionStateKeys> };
-  handler: IntentHandler<T>;
+  handler: ToolHandler<T>;
 }
 
 export interface DataResourceDefinition<In = unknown, Out = unknown> {
@@ -60,10 +60,10 @@ export interface DataResourceDefinition<In = unknown, Out = unknown> {
   defaultData?: Out | null;
   stateShape?: StateShapeDescriptor;
   stateKeys: ResourceStateKeys;
-  triggers: CapabilityTrigger[];
-  patterns?: CapabilityPattern[];
+  triggers: ToolTrigger[];
+  patterns?: ToolPattern[];
   concurrency?: 'latest' | 'drop';
-  surface?: CapabilitySurface;
+  surface?: ToolSurface;
   onStart?: (input: In) => Record<string, unknown>;
   onError?: (message: string) => void;
   isEmpty?: (data: Out) => boolean;
@@ -87,7 +87,7 @@ export interface ApprovalPrepared<Plan = unknown> {
 
 export interface ApprovalRequest<TArgs = unknown, Plan = unknown> {
   id: string;
-  capability: string;
+  tool: string;
   args: TArgs;
   summary: string;
   details?: unknown;
@@ -116,16 +116,16 @@ export interface ApprovalActionDefinition<T = unknown, Plan = unknown> extends A
   };
 }
 
-export interface CapabilityRegistry {
-  toContract(): CompiledCapabilityContract;
-  toPolicyHandlers(): Record<string, IntentEntry<any>>;
-  intents(): string[];
-  without(names: string[]): CapabilityRegistry;
+export interface ToolRegistry {
+  toContract(): CompiledToolContract;
+  toPolicyHandlers(): Record<string, ToolHandlerEntry<any>>;
+  tools(): string[];
+  without(names: string[]): ToolRegistry;
 }
 
-export function defineCapability<T>(
-  definition: CapabilityDefinition<T>,
-): CapabilityDefinition<T> {
+export function defineTool<T>(
+  definition: ToolDefinition<T>,
+): ToolDefinition<T> {
   const kind = definition.kind ?? 'action';
   return {
     ...definition,
@@ -135,9 +135,9 @@ export function defineCapability<T>(
   };
 }
 
-export function defineAction<T>(definition: ActionDefinition<T>): CapabilityDefinition<T> {
+export function defineAction<T>(definition: ActionDefinition<T>): ToolDefinition<T> {
   const stateKeys = actionStateKeys(definition.name, definition.controlled);
-  return defineCapability({
+  return defineTool({
     ...definition,
     kind: 'action',
     triggers: definition.triggers ?? ['click', 'submit'],
@@ -151,7 +151,7 @@ export function defineAction<T>(definition: ActionDefinition<T>): CapabilityDefi
   });
 }
 
-export function defineWorkerAction<T>(definition: ActionDefinition<T>): CapabilityDefinition<T> {
+export function defineWorkerAction<T>(definition: ActionDefinition<T>): ToolDefinition<T> {
   return defineAction({
     ...definition,
     surface: {
@@ -164,7 +164,7 @@ export function defineWorkerAction<T>(definition: ActionDefinition<T>): Capabili
 
 export function defineApprovalAction<T, Plan = T>(
   definition: ApprovalActionDefinition<T, Plan>,
-): CapabilityDefinition<T> {
+): ToolDefinition<T> {
   const stateKeys = approvalStateKeys(definition.name, definition.approval.stateKeys);
   const approvedHandler = definition.handler;
   return defineAction({
@@ -223,12 +223,12 @@ export function defineApprovalAction<T, Plan = T>(
 
 export function defineDataResource<In, Out>(
   definition: DataResourceDefinition<In, Out>,
-): CapabilityDefinition<In> {
+): ToolDefinition<In> {
   validateDefaultData(definition);
   const handler = createDataResourceHandler(definition);
   const hasDefaultData = hasOwnDefaultData(definition);
   const resultSchema = definition.resultSchemaText ?? formatZodSchema(definition.resultSchema);
-  return defineCapability({
+  return defineTool({
     name: definition.name,
     description: definition.description,
     argsSchema: definition.argsSchema,
@@ -258,7 +258,7 @@ export function defineDataResource<In, Out>(
 
 export function defineWorkerResource<In, Out>(
   definition: DataResourceDefinition<In, Out>,
-): CapabilityDefinition<In> {
+): ToolDefinition<In> {
   return defineDataResource({
     ...definition,
     surface: {
@@ -269,19 +269,19 @@ export function defineWorkerResource<In, Out>(
   });
 }
 
-export function createCapabilityRegistry(
-  definitions: CapabilityDefinition<any>[],
-): CapabilityRegistry {
-  assertUniqueCapabilityNames(definitions);
-  return new StaticCapabilityRegistry(definitions);
+export function createToolRegistry(
+  definitions: ToolDefinition<any>[],
+): ToolRegistry {
+  assertUniqueToolNames(definitions);
+  return new StaticToolRegistry(definitions);
 }
 
-class StaticCapabilityRegistry implements CapabilityRegistry {
-  constructor(private readonly definitions: CapabilityDefinition<any>[]) {}
+class StaticToolRegistry implements ToolRegistry {
+  constructor(private readonly definitions: ToolDefinition<any>[]) {}
 
-  toContract(): CompiledCapabilityContract {
-    const intents: IntentSpec[] = this.definitions.map((definition) => {
-      const intent: IntentSpec = {
+  toContract(): CompiledToolContract {
+    const tools: ToolSpec[] = this.definitions.map((definition) => {
+      const tool: ToolSpec = {
         name: definition.name,
         description: definition.description,
         argsSchema: definition.argsSchemaText ?? formatZodSchema(definition.argsSchema),
@@ -289,40 +289,40 @@ class StaticCapabilityRegistry implements CapabilityRegistry {
         kind: definition.kind ?? 'action',
         triggers: definition.triggers ?? ['click', 'submit'],
       };
-      if (definition.stateKeys) intent.stateKeys = definition.stateKeys;
-      if (definition.actionStateKeys) intent.actionStateKeys = definition.actionStateKeys;
-      if (definition.surface) intent.surface = definition.surface;
-      if (definition.resultSchema) intent.resultSchema = definition.resultSchema;
-      if (definition.defaultDataShape) intent.defaultDataShape = definition.defaultDataShape;
-      if ('defaultData' in definition) intent.defaultData = definition.defaultData;
-      return intent;
+      if (definition.stateKeys) tool.stateKeys = definition.stateKeys;
+      if (definition.actionStateKeys) tool.actionStateKeys = definition.actionStateKeys;
+      if (definition.surface) tool.surface = definition.surface;
+      if (definition.resultSchema) tool.resultSchema = definition.resultSchema;
+      if (definition.defaultDataShape) tool.defaultDataShape = definition.defaultDataShape;
+      if ('defaultData' in definition) tool.defaultData = definition.defaultData;
+      return tool;
     });
     const patterns = this.definitions.flatMap((definition) =>
       (definition.patterns ?? []).map((pattern) => ({
         ...pattern,
-        intent: pattern.intent ?? definition.name,
+        tool: pattern.tool ?? definition.name,
       })),
     );
-    const pack: CapabilityPack = patterns.length > 0 ? { intents, patterns } : { intents };
-    return compileCapabilityContract(pack);
+    const pack: ToolPack = patterns.length > 0 ? { tools, patterns } : { tools };
+    return compileToolContract(pack);
   }
 
-  toPolicyHandlers(): Record<string, IntentEntry<any>> {
+  toPolicyHandlers(): Record<string, ToolHandlerEntry<any>> {
     return Object.fromEntries(
       this.definitions.map((definition) => [
         definition.name,
-        defineIntent(definition.argsSchema, definition.handler),
+        defineToolHandler(definition.argsSchema, definition.handler),
       ]),
     );
   }
 
-  intents(): string[] {
+  tools(): string[] {
     return this.definitions.map((definition) => definition.name);
   }
 
-  without(names: string[]): CapabilityRegistry {
+  without(names: string[]): ToolRegistry {
     const excluded = new Set(names);
-    return new StaticCapabilityRegistry(
+    return new StaticToolRegistry(
       this.definitions.filter((definition) => !excluded.has(definition.name)),
     );
   }
@@ -330,7 +330,7 @@ class StaticCapabilityRegistry implements CapabilityRegistry {
 
 function createDataResourceHandler<In, Out>(
   definition: DataResourceDefinition<In, Out>,
-): IntentHandler<In> {
+): ToolHandler<In> {
   const { stateKeys, concurrency = 'latest' } = definition;
   let inflight: AbortController | null = null;
   const defaultData = definition.defaultData ?? null;
@@ -407,7 +407,7 @@ function actionStateKeys(
 function createControlledActionHandler<T>(
   definition: ActionDefinition<T>,
   stateKeys: ActionStateKeys,
-): IntentHandler<T> {
+): ToolHandler<T> {
   const handler = definition.handler;
   return async (ctx) => {
     ctx.push({
@@ -488,11 +488,11 @@ function deriveResourceStateShape(
   return `{${keys.loading}: boolean, ${keys.data}: ${result} | null, ${keys.error}: string | null${empty}}`;
 }
 
-function assertUniqueCapabilityNames(definitions: CapabilityDefinition<any>[]): void {
+function assertUniqueToolNames(definitions: ToolDefinition<any>[]): void {
   const seen = new Set<string>();
   for (const definition of definitions) {
     if (seen.has(definition.name)) {
-      throw new Error(`Duplicate capability "${definition.name}"`);
+      throw new Error(`Duplicate tool "${definition.name}"`);
     }
     seen.add(definition.name);
   }
@@ -503,14 +503,14 @@ function formatStateShape(shape: StateShapeDescriptor): string {
   return JSON.stringify(shape);
 }
 
-function defaultTriggersForHostKind(kind: string): CapabilityTrigger[] {
+function defaultTriggersForHostKind(kind: string): ToolTrigger[] {
   return kind === 'resource' ? ['submit', 'mount'] : ['click', 'submit'];
 }
 
 function normalizeSurfaceForKind(
   kind: string,
-  surface: CapabilitySurface | undefined,
-): CapabilitySurface {
+  surface: ToolSurface | undefined,
+): ToolSurface {
   if (kind === 'resource') {
     return {
       data: surface?.data ?? 'host-resource',
@@ -563,14 +563,14 @@ function approvalSummary<T>(
 }
 
 function createApprovalRequest<T, Plan>(
-  capability: string,
+  tool: string,
   args: T,
   id: string,
   prepared: ApprovalPrepared<Plan>,
 ): ApprovalRequest<T, Plan> {
   const request: ApprovalRequest<T, Plan> = {
     id,
-    capability,
+    tool,
     args,
     summary: prepared.summary,
     plan: prepared.plan,
diff --git a/packages/host/src/types.ts b/packages/host/src/types.ts
index 3880828..a834158 100644
--- a/packages/host/src/types.ts
+++ b/packages/host/src/types.ts
@@ -1,14 +1,13 @@
 import type {
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
-  ValidationCapability,
+  ArrowNetworkPolicy,
+  ArrowSurfaceArtifact,
+  ValidationTool,
   ValidationComponent,
 } from '@summon-internal/engine';
 
 export type {
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
-  HtmlNodePatch,
+  ArrowNetworkPolicy,
+  ArrowSurfaceArtifact,
 } from '@summon-internal/engine';
 
 /** Messages from host into the sandbox iframe. */
@@ -18,40 +17,28 @@ export interface StateMessage {
   state: Record<string, unknown>;
 }
 
-export interface NodePatchMessage {
-  type: 'SUMMON_NODE_PATCH';
-  sandbox_id: string;
-  patch: CompiledHtmlNodePatch;
-}
-
 export interface RenderMessage {
   type: 'SUMMON_RENDER';
   sandbox_id: string;
-  html: CompiledArtifactHtml;
+  artifact?: ArrowSurfaceArtifact;
 }
 
-/**
- * Host → iframe declaration of chrome attributes the artifact's CSS may
- * target. Each entry becomes `<html data-summon-<key>="<value>">` inside the
- * sandbox document, set before any artifact CSS evaluates against it (or
- * applied live mid-stream via `setChrome`). Used for orthogonal axes the
- * artifact shouldn't author itself — posture, theme, density.
- *
- * The host decides the keys; the iframe just mirrors them. Keys must be
- * lowercase ASCII (kebab-case allowed); values are coerced to strings.
- */
-export interface ChromeMessage {
-  type: 'SUMMON_CHROME';
+/** Messages from the sandbox iframe back to the host. */
+export interface ToolCallMessage {
+  type: 'SUMMON_TOOL_CALL';
   sandbox_id: string;
-  attrs: Record<string, string>;
+  tool: string;
+  args: Record<string, unknown>;
+  request_id?: string;
 }
 
-/** Messages from the sandbox iframe back to the host. */
-export interface IntentMessage {
-  type: 'SUMMON_INTENT';
+export interface ToolResultMessage {
+  type: 'SUMMON_TOOL_RESULT';
   sandbox_id: string;
-  intent: string;
-  args: Record<string, unknown>;
+  request_id: string;
+  ok: boolean;
+  state: Record<string, unknown>;
+  error?: string;
 }
 
 export interface ComponentIslandBounds {
@@ -81,6 +68,12 @@ export interface ReadyMessage {
   sandbox_id: string;
 }
 
+export interface RenderedMessage {
+  type: 'SUMMON_RENDERED';
+  sandbox_id: string;
+  revision: number;
+}
+
 /**
  * Sent by bootstrap when its startup self-test detects the sandbox is not
  * configured the way Summon requires (e.g. someone added `allow-same-origin`,
@@ -94,7 +87,12 @@ export interface FatalMessage {
   reason: string;
 }
 
-export type SandboxInboundMessage = IntentMessage | ReadyMessage | FatalMessage | ComponentsMessage;
+export type SandboxInboundMessage =
+  | ToolCallMessage
+  | ReadyMessage
+  | RenderedMessage
+  | FatalMessage
+  | ComponentsMessage;
 
 /** A spawned sandbox instance. */
 export interface SandboxHandle {
@@ -102,33 +100,23 @@ export interface SandboxHandle {
   iframe: HTMLIFrameElement;
   /** Push new state into the sandbox. Replaces current state on the sandbox side. */
   pushState(state: Record<string, unknown>): void;
-  /** Replace the compiled HTML inside #summon-root. */
-  render(html: CompiledArtifactHtml): void;
-  /** Patch one validated data-summon-node subtree in place. Experimental. */
-  patchNode(patch: CompiledHtmlNodePatch): void;
-  /**
-   * Declare chrome attributes that should appear on the sandbox document's
-   * `<html>` element. Each entry becomes `data-summon-<key>="<value>"` and is
-   * applied live — including before the first render — so artifact CSS can
-   * target e.g. `[data-summon-posture="tap"]` without round-trips. Calls are
-   * additive: keys present in a previous call but absent from the new one
-   * are left in place. Pass an empty string to clear a key explicitly.
-   */
-  setChrome(attrs: Record<string, string>): void;
+  /** Replace the Arrow source artifact inside #summon-root. */
+  renderArtifact(artifact: ArrowSurfaceArtifact): void;
   /** Tear down the sandbox: removes listeners, clears srcdoc. */
   dispose(): void;
 }
 
 /** Artifact — generated HTML plus advisory declarations used for diagnostics and replay. */
 export interface Artifact {
-  /** Intents the artifact declares it may emit. Execution is governed by host grants. */
-  intents: string[];
-  /** Advisory capabilities the artifact claims to use. Execution is still governed by grants. */
-  capabilities?: ValidationCapability[];
+  runtime?: 'arrow';
+  /** Tools the artifact declares it may emit. Execution is governed by host grants. */
+  tools: string[];
+  /** Advisory validation metadata for tools the artifact claims to use. */
+  validationTools?: ValidationTool[];
   /** Advisory components the artifact claims to use. Host registry remains the rendering grant. */
   components?: ValidationComponent[];
-  /** Compiled canonical HTML body to render inside the sandbox. */
-  html: CompiledArtifactHtml;
+  /** Arrow source artifact to render inside the sandbox. */
+  arrow?: ArrowSurfaceArtifact;
   /** Optional initial state pushed after SANDBOX_READY. */
   initialState?: Record<string, unknown>;
 }
diff --git a/packages/host/test/surface-stream.test.ts b/packages/host/test/surface-stream.test.ts
index 2861963..af42ec5 100644
--- a/packages/host/test/surface-stream.test.ts
+++ b/packages/host/test/surface-stream.test.ts
@@ -1,10 +1,7 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import type { ProtocolLine } from '@summon-internal/engine';
-import {
-  SectionAccumulator,
-  StreamGraph,
-} from '@summon-internal/engine';
+import { StreamGraph } from '@summon-internal/engine';
 import {
   consumeSurfaceStream,
   type SurfaceStreamContext,
@@ -12,64 +9,110 @@ import {
 
 const encoder = new TextEncoder();
 
-test('consumeSurfaceStream parses split string chunks and renders static updates live', async () => {
-  const renders: string[] = [];
+function artifactLine(source = 'import { html } from "@arrow-js/core";\nexport default html`<p>Arrow</p>`'): string {
+  return `${JSON.stringify({
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': source,
+      },
+    },
+  })}\n`;
+}
+
+test('consumeSurfaceStream parses split chunks and delivers Arrow artifacts', async () => {
+  const artifacts: string[] = [];
   const graphSnapshots: number[] = [];
   const lines: ProtocolLine[] = [];
-
+  const line = artifactLine();
   const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n{"op":"add","path":"/section',
-    '/hero","html":"<p>Hello</p>"}\n',
+    line.slice(0, 35),
+    line.slice(35),
   ], {
-    mode: 'static',
-    onLine: (line) => lines.push(line),
-    onGraph: (snapshot) => graphSnapshots.push(snapshot.sections.length),
-    onRenderHtml: (html) => renders.push(html),
+    mode: 'interactive',
+    onLine: (accepted) => lines.push(accepted),
+    onGraph: (snapshot) => graphSnapshots.push(snapshot.health.blockedCount),
+    onArtifact: (artifact) => artifacts.push(artifact.source['main.ts'] ?? ''),
   });
 
-  assert.equal(result.protocolLines.length, 2);
-  assert.deepEqual(lines.map((line) => line.op), ['set', 'add']);
-  assert.equal(renders.length, 1);
-  assert.equal(renders[0], '<section data-summon-section="hero">\n<p>Hello</p>\n</section>');
-  assert.equal(result.html, renders[0]);
+  assert.equal(result.protocolLines.length, 1);
+  assert.deepEqual(lines.map((accepted) => accepted.op), ['artifact']);
+  assert.equal(artifacts.length, 1);
+  assert.match(artifacts[0]!, /Arrow/);
   assert.equal(result.streamGraph.health.complete, true);
-  assert.ok(graphSnapshots.length >= 2);
+  assert.ok(graphSnapshots.length >= 1);
 });
 
-test('consumeSurfaceStream accepts Uint8Array chunks', async () => {
-  const result = await consumeSurfaceStream([
-    encoder.encode('{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n'),
-    encoder.encode('{"op":"add","path":"/section/hero","html":"<p>Bytes</p>"}\n'),
+test('consumeSurfaceStream accepts Uint8Array and ReadableStream sources', async () => {
+  const readable = new ReadableStream<Uint8Array>({
+    start(controller) {
+      controller.enqueue(encoder.encode(artifactLine()));
+      controller.close();
+    },
+  });
+
+  const bytesResult = await consumeSurfaceStream([
+    encoder.encode(artifactLine()),
   ], {
     mode: 'static',
   });
+  const streamResult = await consumeSurfaceStream(readable, {
+    mode: 'static',
+  });
 
-  assert.equal(result.protocolLines.length, 2);
-  assert.match(result.html, /Bytes/);
+  assert.equal(bytesResult.protocolLines.length, 1);
+  assert.equal(streamResult.protocolLines.length, 1);
 });
 
-test('consumeSurfaceStream accepts ReadableStream sources', async () => {
-  const source = new ReadableStream<Uint8Array>({
-    start(controller) {
-      controller.enqueue(encoder.encode('{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n'));
-      controller.enqueue(encoder.encode('{"op":"add","path":"/section/hero","html":"<p>Readable</p>"}\n'));
-      controller.close();
-    },
+test('consumeSurfaceStream blocks invalid Arrow artifacts before callback delivery', async () => {
+  const artifacts: string[] = [];
+  const result = await consumeSurfaceStream([
+    artifactLine('import { html } from "@arrow-js/core";\nexport default html`<input .value=${state.title}>`'),
+  ], {
+    mode: 'interactive',
+    onArtifact: (artifact) => artifacts.push(artifact.source['main.ts'] ?? ''),
   });
 
-  const result = await consumeSurfaceStream(source, {
-    mode: 'static',
+  assert.deepEqual(artifacts, []);
+  assert.equal(result.protocolLines.length, 0);
+  assert.deepEqual(result.validationIssues.map((issue) => issue.code), [
+    'unsupported-arrow-idl-binding',
+  ]);
+  assert.equal(result.streamGraph.health.blockedCount, 1);
+});
+
+test('consumeSurfaceStream rejects legacy section protocol at parse boundary', async () => {
+  const result = await consumeSurfaceStream([
+    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
+    '{"op":"add","path":"/section/hero","html":"<p>Legacy</p>"}\n',
+  ], {
+    mode: 'interactive',
+    validationContext: {
+      mode: 'interactive',
+      surfacePlan: {
+        purpose: 'inform',
+        runtime: 'arrow',
+        data: 'embedded',
+        authority: 'none',
+        persistence: 'replayable',
+        network: 'none',
+      },
+    },
   });
 
-  assert.equal(result.protocolLines.length, 2);
-  assert.match(result.html, /Readable/);
+  assert.equal(result.protocolLines.length, 0);
+  assert.deepEqual(result.validationIssues.map((issue) => issue.code), []);
+  assert.equal(result.parseErrors.length, 2);
+  assert.equal(result.streamGraph.health.blockedCount, 0);
 });
 
 test('consumeSurfaceStream records malformed lines and calls parse-error callback', async () => {
   const parseErrors: string[] = [];
   const result = await consumeSurfaceStream([
     'not jsonl\n',
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
+    artifactLine(),
   ], {
     mode: 'static',
     onParseError: (raw) => parseErrors.push(raw),
@@ -83,17 +126,16 @@ test('consumeSurfaceStream records malformed lines and calls parse-error callbac
 test('consumeSurfaceStream delivers meta lines and collects validation-blocked issues', async () => {
   const metas: string[] = [];
   const result = await consumeSurfaceStream([
-    JSON.stringify({
+    `${JSON.stringify({
       op: 'meta',
       path: '/validation-blocked',
       value: {
-        source: 'html',
+        source: 'protocol',
         severity: 'block',
-        code: 'unsafe-tag',
-        message: 'bad tag',
+        code: 'arrow-only-protocol',
+        message: 'old protocol',
       },
-    }),
-    '\n',
+    })}\n`,
   ], {
     mode: 'interactive',
     onMeta: (line) => metas.push(line.path),
@@ -101,16 +143,16 @@ test('consumeSurfaceStream delivers meta lines and collects validation-blocked i
 
   assert.deepEqual(metas, ['/validation-blocked']);
   assert.equal(result.validationIssues.length, 1);
-  assert.equal(result.validationIssues[0]?.code, 'unsafe-tag');
+  assert.equal(result.validationIssues[0]?.code, 'arrow-only-protocol');
   assert.equal(result.streamGraph.health.blockedCount, 1);
 });
 
 test('consumeSurfaceStream collects validation-summary examples without duplicating blocked issues', async () => {
   const blocked = {
-    source: 'html',
+    source: 'protocol',
     severity: 'block',
-    code: 'unsafe-tag',
-    message: 'bad tag',
+    code: 'arrow-only-protocol',
+    message: 'old protocol',
   } as const;
   const warning = {
     source: 'token',
@@ -127,7 +169,7 @@ test('consumeSurfaceStream collects validation-summary examples without duplicat
       value: {
         blocked: 1,
         warnings: 1,
-        codes: { 'unsafe-tag': 1, 'unknown-token': 1 },
+        codes: { 'arrow-only-protocol': 1, 'unknown-token': 1 },
         examples: [blocked, warning],
       },
     })}\n`,
@@ -136,149 +178,47 @@ test('consumeSurfaceStream collects validation-summary examples without duplicat
   });
 
   assert.deepEqual(result.validationIssues.map((issue) => issue.code), [
-    'unsafe-tag',
+    'arrow-only-protocol',
     'unknown-token',
   ]);
 });
 
-test('consumeSurfaceStream renders interactive streams only at completion', async () => {
-  const renders: string[] = [];
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero","body"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<h1>Title</h1>"}\n',
-    '{"op":"add","path":"/section/body","html":"<p>Done</p>"}\n',
-  ], {
-    mode: 'interactive',
-    onRenderHtml: (html) => renders.push(html),
-  });
-
-  assert.equal(renders.length, 1);
-  assert.equal(renders[0], result.html);
-  assert.match(result.html, /Title/);
-  assert.match(result.html, /Done/);
-});
-
-test('consumeSurfaceStream live render mode renders interactive section replacements', async () => {
-  const renders: string[] = [];
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<div aria-busy=\\"true\\">Drafting...</div>"}\n',
-    '{"op":"add","path":"/section/hero","html":"<article><h1>Final answer</h1></article>"}\n',
-  ], {
-    mode: 'interactive',
-    renderMode: 'live',
-    onRenderHtml: (html) => renders.push(html),
-  });
-
-  assert.equal(renders.length, 2);
-  assert.match(renders[0]!, /Drafting/);
-  assert.doesNotMatch(renders[1]!, /Drafting/);
-  assert.match(renders[1]!, /Final answer/);
-  assert.equal(renders[1], result.html);
-});
-
-test('consumeSurfaceStream emits live html node patches when a hook is provided', async () => {
-  const renders: string[] = [];
-  const patches: string[] = [];
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["main"]}}\n',
-    '{"op":"add","path":"/section/main/node/root","html":"<div data-summon-node=\\"root\\"></div>"}\n',
-    '{"op":"add","path":"/section/main/node/headline","parent":"root","html":"<header data-summon-node=\\"headline\\"><h1>Ready</h1></header>"}\n',
-  ], {
-    mode: 'static',
-    renderMode: 'live',
-    onRenderHtml: (html) => renders.push(html),
-    onNodePatch: (patch) => patches.push(`${patch.sectionId}/${patch.nodeId}/${patch.parentId ?? ''}`),
-  });
-
-  assert.deepEqual(renders, []);
-  assert.deepEqual(patches, ['main/root/', 'main/headline/root']);
-  assert.match(result.html, /data-summon-node="headline"/);
-});
-
-test('consumeSurfaceStream falls back to composed html for node patches without a hook', async () => {
-  const renders: string[] = [];
-  await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["main"]}}\n',
-    '{"op":"add","path":"/section/main/node/root","html":"<div data-summon-node=\\"root\\"></div>"}\n',
-  ], {
-    mode: 'static',
-    renderMode: 'live',
-    onRenderHtml: (html) => renders.push(html),
-  });
-
-  assert.equal(renders.length, 1);
-  assert.match(renders[0]!, /data-summon-node="root"/);
-});
-
-test('consumeSurfaceStream manual render mode does not call render callback', async () => {
-  let renderCount = 0;
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<p>Manual</p>"}\n',
-  ], {
-    mode: 'static',
-    renderMode: 'manual',
-    onRenderHtml: () => {
-      renderCount += 1;
-    },
-  });
-
-  assert.equal(renderCount, 0);
-  assert.match(result.html, /Manual/);
-});
-
-test('consumeSurfaceStream can discard a line and keep consuming', async () => {
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero","body"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<p>Discard</p>"}\n',
-    '{"op":"add","path":"/section/body","html":"<p>Keep</p>"}\n',
+test('consumeSurfaceStream can discard or stop before applying a line', async () => {
+  const contexts: SurfaceStreamContext[] = [];
+  let decisions = 0;
+  const discardResult = await consumeSurfaceStream([
+    artifactLine(),
+    artifactLine('import { html } from "@arrow-js/core";\nexport default html`<p>Keep</p>`'),
   ], {
     mode: 'static',
-    shouldApplyLine: (line) => line.path === '/section/hero' ? 'discard' : 'apply',
+    shouldApplyLine: () => decisions++ === 0 ? 'discard' : 'apply',
+    onLine: (_line, context) => contexts.push(context),
   });
 
-  assert.equal(result.discarded, true);
-  assert.equal(result.stopped, false);
-  assert.equal(result.protocolLines.length, 2);
-  assert.doesNotMatch(result.html, /Discard/);
-  assert.match(result.html, /Keep/);
-});
+  assert.equal(discardResult.discarded, true);
+  assert.equal(discardResult.stopped, false);
+  assert.equal(discardResult.protocolLines.length, 1);
 
-test('consumeSurfaceStream can stop before applying a line', async () => {
-  const contexts: SurfaceStreamContext[] = [];
-  const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<p>Stop</p>"}\n',
-    '{"op":"add","path":"/section/hero","html":"<p>Ignored</p>"}\n',
+  const stopResult = await consumeSurfaceStream([
+    artifactLine(),
   ], {
     mode: 'static',
-    shouldApplyLine: (line, context) => {
-      contexts.push(context);
-      return line.op === 'add' ? 'stop' : 'apply';
-    },
+    shouldApplyLine: () => 'stop',
   });
 
-  assert.equal(result.stopped, true);
-  assert.equal(result.discarded, true);
-  assert.equal(result.protocolLines.length, 1);
-  assert.equal(contexts.at(-1)?.acceptedStructuralLines, 1);
-  assert.equal(result.html, '');
+  assert.equal(stopResult.stopped, true);
+  assert.equal(stopResult.discarded, true);
+  assert.equal(stopResult.protocolLines.length, 0);
 });
 
-test('consumeSurfaceStream can use supplied accumulator and graph instances', async () => {
-  const accumulator = new SectionAccumulator();
+test('consumeSurfaceStream can use a supplied graph instance', async () => {
   const streamGraph = new StreamGraph();
-
   const result = await consumeSurfaceStream([
-    '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n',
-    '{"op":"add","path":"/section/hero","html":"<p>Shared</p>"}\n',
+    artifactLine(),
   ], {
     mode: () => 'interactive',
-    accumulator,
     streamGraph,
   });
 
-  assert.equal(result.html, accumulator.compose());
   assert.deepEqual(result.streamGraph, streamGraph.snapshot());
 });
diff --git a/packages/host/test/capability-registry.test.ts b/packages/host/test/tool-registry.test.ts
similarity index 88%
rename from packages/host/test/capability-registry.test.ts
rename to packages/host/test/tool-registry.test.ts
index b9b934b..e922ed4 100644
--- a/packages/host/test/capability-registry.test.ts
+++ b/packages/host/test/tool-registry.test.ts
@@ -1,14 +1,14 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
-  IntentArgsError,
+  ToolArgsError,
   PolicyEngine,
-  createCapabilityRegistry,
+  createToolRegistry,
   createComponentRegistry,
   createSurfaceEnvelope,
   defineAction,
   defineApprovalAction,
-  defineCapability,
+  defineTool,
   defineDataResource,
   defineComponent,
   defineWorkerAction,
@@ -18,7 +18,7 @@ import {
 import { z } from 'zod';
 
 test('registry converts actions and resources into prompt and validation metadata', () => {
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineAction({
       name: 'counter',
       description: 'Adjust the counter.',
@@ -41,7 +41,7 @@ test('registry converts actions and resources into prompt and validation metadat
 
   const contract = registry.toContract();
   assert.deepEqual(contract.pack, {
-    intents: [
+    tools: [
       {
         name: 'counter',
         description: 'Adjust the counter.',
@@ -66,9 +66,9 @@ test('registry converts actions and resources into prompt and validation metadat
         surface: { data: 'host-resource', authority: 'read' },
       },
     ],
-    patterns: [{ name: 'Counter', code: '<button>+</button>', intent: 'counter' }],
+    patterns: [{ name: 'Counter', code: '<button>+</button>', tool: 'counter' }],
   });
-  assert.deepEqual(contract.validationCapabilities, [
+  assert.deepEqual(contract.validationTools, [
     { name: 'counter', kind: 'action', triggers: ['click', 'submit'], surface: { authority: 'host-action' } },
     {
       name: 'lookup',
@@ -171,13 +171,13 @@ test('component registry rejects duplicate names and dispatches render lifecycle
     props: { label: 'Revenue' },
     componentId: 'metric',
     sandboxId: 'sandbox',
-    emitIntent: () => {},
+    callTool: () => {},
   });
   registry.destroy('MetricCard', {
     container,
     componentId: 'metric',
     sandboxId: 'sandbox',
-    emitIntent: () => {},
+    callTool: () => {},
   });
   assert.deepEqual(calls, ['render:metric:Revenue', 'destroy:metric']);
 });
@@ -187,7 +187,7 @@ test('registry formats richer Zod schemas for prompts', () => {
     Alpha = 'alpha',
     Beta = 'beta',
   }
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineAction({
       name: 'complex',
       description: 'Exercise schema formatting.',
@@ -209,14 +209,14 @@ test('registry formats richer Zod schemas for prompts', () => {
   ]);
 
   assert.equal(
-    registry.toContract().pack.intents[0]!.argsSchema,
+    registry.toContract().pack.tools[0]!.argsSchema,
     '{required: string, optional?: number, nullable: string | null, choice: "one" | "two", literal: "fixed", union: string | number, native: "alpha" | "beta", list: {id: string, score: number | null}[], record: {[key: string]: boolean}, nested: {"display-name"?: string}}',
   );
 });
 
-test('registry converts capabilities into PolicyEngine handlers', async () => {
-  const registry = createCapabilityRegistry([
-    defineCapability({
+test('registry converts tools into PolicyEngine handlers', async () => {
+  const registry = createToolRegistry([
+    defineTool({
       name: 'counter',
       description: 'Adjust the counter.',
       argsSchema: z.object({ delta: z.number() }),
@@ -235,7 +235,7 @@ test('registry converts capabilities into PolicyEngine handlers', async () => {
     },
   });
 
-  assert.deepEqual(policy.intents, ['counter']);
+  assert.deepEqual(policy.tools, ['counter']);
   await policy.dispatch('counter', { delta: 3 });
   assert.equal(latestState.count, 3);
 });
@@ -243,8 +243,8 @@ test('registry converts capabilities into PolicyEngine handlers', async () => {
 test('registry-generated handlers reject invalid args before execution', async () => {
   let calls = 0;
   const errors: Error[] = [];
-  const registry = createCapabilityRegistry([
-    defineCapability({
+  const registry = createToolRegistry([
+    defineTool({
       name: 'counter',
       description: 'Adjust the counter.',
       argsSchema: z.object({ delta: z.number() }),
@@ -258,7 +258,7 @@ test('registry-generated handlers reject invalid args before execution', async (
   const policy = new PolicyEngine({
     handlers: registry.toPolicyHandlers(),
     onStateChange: () => {},
-    onHandlerError: (_intent, error) => {
+    onHandlerError: (_tool, error) => {
       errors.push(error);
     },
   });
@@ -267,12 +267,12 @@ test('registry-generated handlers reject invalid args before execution', async (
 
   assert.equal(calls, 0);
   assert.equal(errors.length, 1);
-  assert.ok(errors[0] instanceof IntentArgsError);
+  assert.ok(errors[0] instanceof ToolArgsError);
 });
 
 test('controlled actions push pending, done, and error lifecycle state', async () => {
   const states: Record<string, unknown>[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineAction({
       name: 'save',
       description: 'Save a selection.',
@@ -286,7 +286,7 @@ test('controlled actions push pending, done, and error lifecycle state', async (
   ]);
 
   const contract = registry.toContract();
-  assert.deepEqual(contract.pack.intents[0]?.actionStateKeys, {
+  assert.deepEqual(contract.pack.tools[0]?.actionStateKeys, {
     pending: 'savePending',
     done: 'saveDone',
     error: 'saveError',
@@ -318,7 +318,7 @@ test('controlled actions push pending, done, and error lifecycle state', async (
 test('controlled actions support custom state keys and rethrow failures to diagnostics', async () => {
   const states: Record<string, unknown>[] = [];
   const errors: Error[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineAction({
       name: 'save',
       description: 'Save a selection.',
@@ -340,7 +340,7 @@ test('controlled actions support custom state keys and rethrow failures to diagn
   const policy = new PolicyEngine({
     handlers: registry.toPolicyHandlers(),
     onStateChange: (state) => states.push(state),
-    onHandlerError: (_intent, error) => errors.push(error),
+    onHandlerError: (_tool, error) => errors.push(error),
   });
 
   await policy.dispatch('save', { label: 'Balanced path' });
@@ -353,7 +353,7 @@ test('controlled actions support custom state keys and rethrow failures to diagn
 });
 
 test('default actions do not receive controlled lifecycle state', () => {
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineAction({
       name: 'save',
       description: 'Save a selection.',
@@ -364,12 +364,12 @@ test('default actions do not receive controlled lifecycle state', () => {
   ]);
 
   const contract = registry.toContract();
-  assert.equal(contract.pack.intents[0]?.actionStateKeys, undefined);
+  assert.equal(contract.pack.tools[0]?.actionStateKeys, undefined);
   assert.deepEqual(contract.initialState, {});
 });
 
 test('data resource handlers push loading, data, and error state', async () => {
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch a lookup result.',
@@ -411,7 +411,7 @@ test('data resource handlers push loading, data, and error state', async () => {
 
 test('data resource handlers expose optional empty state after successful empty results', async () => {
   let nextResult: { title: string }[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch lookup results.',
@@ -454,7 +454,7 @@ test('data resource handlers expose optional empty state after successful empty
 
 test('data resource empty state resets false on invalid and failed host results', async () => {
   let mode: 'invalid' | 'throw' = 'invalid';
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch lookup results.',
@@ -494,7 +494,7 @@ test('data resource empty state resets false on invalid and failed host results'
 });
 
 test('data resource empty state supports custom isEmpty logic', async () => {
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch lookup result.',
@@ -528,7 +528,7 @@ test('data resource empty state supports custom isEmpty logic', async () => {
 
 test('data resource result validation converts invalid host data into error state', async () => {
   const errors: string[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch a lookup result.',
@@ -575,7 +575,7 @@ test('defineDataResource validates default data against result schema', () => {
 });
 
 test('data resource handlers restore default data on host errors', async () => {
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'lookup',
       description: 'Fetch a lookup result.',
@@ -611,7 +611,7 @@ test('data resource handlers drop duplicate work when concurrency is drop', asyn
   const pending = new Promise<{ ok: boolean }>((resolve) => {
     release = resolve;
   });
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'slow',
       description: 'Run one slow lookup.',
@@ -642,7 +642,7 @@ test('data resource handlers drop duplicate work when concurrency is drop', asyn
 test('data resource handlers abort stale work when concurrency is latest', async () => {
   const signals: AbortSignal[] = [];
   let latestState: Record<string, unknown> = {};
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineDataResource({
       name: 'slow',
       description: 'Run the latest lookup.',
@@ -676,16 +676,16 @@ test('data resource handlers abort stale work when concurrency is latest', async
   assert.deepEqual(latestState.slowResult, { id: 'second' });
 });
 
-test('without removes a capability from both pack and handlers', () => {
-  const registry = createCapabilityRegistry([
-    defineCapability({
+test('without removes a tool from both pack and handlers', () => {
+  const registry = createToolRegistry([
+    defineTool({
       name: 'counter',
       description: 'Adjust the counter.',
       argsSchema: z.object({ delta: z.number() }),
       stateShape: '{count: number}',
       handler: () => {},
     }),
-    defineCapability({
+    defineTool({
       name: 'summon',
       description: 'Spawn a child UI.',
       argsSchema: z.object({ prompt: z.string() }),
@@ -695,18 +695,18 @@ test('without removes a capability from both pack and handlers', () => {
   ]).without(['summon']);
 
   assert.deepEqual(
-    registry.toContract().pack.intents.map((intent) => intent.name),
+    registry.toContract().pack.tools.map((tool) => tool.name),
     ['counter'],
   );
   assert.deepEqual(Object.keys(registry.toPolicyHandlers()), ['counter']);
-  assert.deepEqual(registry.toContract().validationCapabilities, [
+  assert.deepEqual(registry.toContract().validationTools, [
     { name: 'counter', kind: 'action', triggers: ['click', 'submit'], surface: { authority: 'host-action' } },
   ]);
-  assert.deepEqual(registry.intents(), ['counter']);
+  assert.deepEqual(registry.tools(), ['counter']);
 });
 
-test('worker helpers annotate capabilities without changing policy dispatch', async () => {
-  const registry = createCapabilityRegistry([
+test('worker helpers annotate tools without changing policy dispatch', async () => {
+  const registry = createToolRegistry([
     defineWorkerAction({
       name: 'analyze',
       description: 'Run host-owned analysis.',
@@ -726,7 +726,7 @@ test('worker helpers annotate capabilities without changing policy dispatch', as
   ]);
 
   const contract = registry.toContract();
-  assert.deepEqual(contract.validationCapabilities.map((capability) => capability.surface), [
+  assert.deepEqual(contract.validationTools.map((tool) => tool.surface), [
     { data: 'worker', authority: 'host-action' },
     { data: 'worker', authority: 'read' },
   ]);
@@ -745,7 +745,7 @@ test('worker helpers annotate capabilities without changing policy dispatch', as
 test('approval action runs approved handler only after approval', async () => {
   let approvedCalls = 0;
   const states: Record<string, unknown>[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineApprovalAction({
       name: 'publish',
       description: 'Publish after approval.',
@@ -762,8 +762,8 @@ test('approval action runs approved handler only after approval', async () => {
   ]);
 
   const contract = registry.toContract();
-  assert.equal(contract.validationCapabilities[0]?.surface?.authority, 'approval-gated');
-  assert.match(contract.pack.intents[0]?.stateShape ?? '', /publishApprovalRequestId: string \| null/);
+  assert.equal(contract.validationTools[0]?.surface?.authority, 'approval-gated');
+  assert.match(contract.pack.tools[0]?.stateShape ?? '', /publishApprovalRequestId: string \| null/);
 
   const policy = new PolicyEngine({
     handlers: registry.toPolicyHandlers(),
@@ -789,7 +789,7 @@ test('approval action rejects invalid args before requesting approval', async ()
   let prepareCalls = 0;
   let approvalCalls = 0;
   let approvedCalls = 0;
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineApprovalAction({
       name: 'publish',
       description: 'Publish after approval.',
@@ -815,14 +815,14 @@ test('approval action rejects invalid args before requesting approval', async ()
   const policy = new PolicyEngine({
     handlers: registry.toPolicyHandlers(),
     onStateChange: () => {},
-    onHandlerError: (_intent, error) => errors.push(error),
+    onHandlerError: (_tool, error) => errors.push(error),
   });
 
   await policy.dispatch('publish', { title: 42 });
   assert.equal(prepareCalls, 0);
   assert.equal(approvalCalls, 0);
   assert.equal(approvedCalls, 0);
-  assert.ok(errors[0] instanceof IntentArgsError);
+  assert.ok(errors[0] instanceof ToolArgsError);
 });
 
 test('approval action prepares a frozen request for host approval and approved handler', async () => {
@@ -830,7 +830,7 @@ test('approval action prepares a frozen request for host approval and approved h
   let seenRequest:
     | {
         id: string;
-        capability: string;
+        tool: string;
         summary: string;
         details?: unknown;
         plan: unknown;
@@ -840,7 +840,7 @@ test('approval action prepares a frozen request for host approval and approved h
     | undefined;
   let handlerPlan: unknown;
   const states: Record<string, unknown>[] = [];
-  const registry = createCapabilityRegistry([
+  const registry = createToolRegistry([
     defineApprovalAction({
       name: 'publish',
       description: 'Publish after approval.',
@@ -880,7 +880,7 @@ test('approval action prepares a frozen request for host approval and approved h
 
   assert.equal(prepareCalls, 1);
   assert.ok(seenRequest);
-  assert.equal(seenRequest.capability, 'publish');
+  assert.equal(seenRequest.tool, 'publish');
   assert.equal(seenRequest.summary, 'Publish "launch note"');
   assert.deepEqual(seenRequest.details, { channel: 'demo-updates' });
   assert.deepEqual(seenRequest.plan, { operation: 'publish', title: 'LAUNCH NOTE' });
@@ -893,49 +893,60 @@ test('approval action prepares a frozen request for host approval and approved h
 });
 
 test('surface envelope serializes replay metadata', () => {
+  const artifact = {
+    runtime: 'arrow' as const,
+    source: {
+      'main.ts': 'import { html } from "@arrow-js/core";\nexport default html`<p>Saved</p>`',
+    },
+  };
   const envelope = createSurfaceEnvelope({
     prompt: 'compare options',
     surfacePlan: {
       purpose: 'compare',
-      runtime: 'static',
+      runtime: 'arrow',
       data: 'embedded',
       authority: 'none',
       persistence: 'replayable',
+      network: 'none',
     },
-    protocolLines: [{ op: 'set', path: '/screen', value: { sections: ['hero'] } }],
-    html: '<section>Saved</section>',
-    grants: { intents: [] },
+    artifact,
+    protocolLines: [{ op: 'artifact', path: '/artifact', value: artifact }],
+    grants: { tools: [] },
     metadata: { directionId: 'ghost', mode: 'static' },
     runtimeVersion: 'test',
   });
 
-  assert.equal(envelope.version, 2);
+  assert.equal(envelope.version, 4);
   assert.equal(envelope.prompt, 'compare options');
-  assert.equal(envelope.compiledHtml, '<section>Saved</section>');
-  assert.equal(envelope.compilerIssues.length, 0);
-  assert.equal(envelope.compilerVersion, 'summon-artifact-compiler-v2');
+  assert.deepEqual(envelope.artifact, artifact);
   assert.equal(envelope.metadata.directionId, 'ghost');
   assert.deepEqual(envelope.protocolLines, [
-    { op: 'set', path: '/screen', value: { sections: ['hero'] } },
+    { op: 'artifact', path: '/artifact', value: artifact },
   ]);
 });
 
 test('surface envelope parser accepts valid replay envelopes', () => {
+  const artifact = {
+    runtime: 'arrow' as const,
+    source: {
+      'main.ts': 'import { html } from "@arrow-js/core";\nexport default html`<p>Saved</p>`',
+    },
+  };
   const envelope = createSurfaceEnvelope({
     prompt: 'compare options',
     surfacePlan: {
       purpose: 'compare',
-      runtime: 'static',
+      runtime: 'arrow',
       data: 'embedded',
       authority: 'none',
       persistence: 'replayable',
+      network: 'none',
     },
+    artifact,
     protocolLines: [
-      { op: 'set', path: '/screen', value: { sections: ['hero'] } },
-      { op: 'add', path: '/section/hero', html: '<p>Saved</p>' },
+      { op: 'artifact', path: '/artifact', value: artifact },
     ],
-    html: '<section>Saved</section>',
-    grants: { intents: [] },
+    grants: { tools: [] },
     metadata: { mode: 'static' },
   });
 
@@ -943,28 +954,35 @@ test('surface envelope parser accepts valid replay envelopes', () => {
 });
 
 test('surface envelope parser rejects malformed, wrong-version, and escalating envelopes', () => {
+  const artifact = {
+    runtime: 'arrow' as const,
+    source: {
+      'main.ts': 'import { html } from "@arrow-js/core";\nexport default html`<p>Saved</p>`',
+    },
+  };
   const envelope = createSurfaceEnvelope({
     prompt: 'pick an option',
     surfacePlan: {
       purpose: 'collect',
-      runtime: 'declarative',
+      runtime: 'arrow',
       data: 'embedded',
       authority: 'host-action',
       persistence: 'replayable',
+      network: 'none',
     },
+    artifact,
     protocolLines: [
       {
         op: 'add',
         path: '/section/hero',
-        html: '<button data-summon-on-click="delete_everything">Bad</button>',
-      },
+        html: '<p>Legacy</p>',
+      } as never,
     ],
-    html: '<button data-summon-on-click="delete_everything">Bad</button>',
-    grants: { intents: ['choose'], capabilities: [{ name: 'choose', triggers: ['click'] }] },
+    grants: { tools: ['choose'], validationTools: [{ name: 'choose', triggers: ['click'] }] },
     metadata: { mode: 'interactive' },
   });
 
   assert.equal(parseSurfaceEnvelope('{bad'), null);
-  assert.equal(parseSurfaceEnvelope({ ...envelope, version: 3 }), null);
+  assert.equal(parseSurfaceEnvelope({ ...envelope, version: 2 }), null);
   assert.equal(parseSurfaceEnvelope(envelope), null);
 });
diff --git a/packages/react/src/index.ts b/packages/react/src/index.ts
index 682911f..66a23dc 100644
--- a/packages/react/src/index.ts
+++ b/packages/react/src/index.ts
@@ -1,15 +1,13 @@
 import {
-  type CapabilityRegistry,
+  type ToolRegistry,
   type ComponentDefinition,
   type ComponentRegistry,
 } from '@anarchitecture/summon';
 import {
-  compileArtifactHtml,
-  SectionAccumulator,
-  type CompiledArtifactHtml,
-  type CompiledHtmlNodePatch,
-  type HtmlNodePatch,
-  type ProtocolLine,
+  isArrowSurfaceArtifact,
+  type ArtifactLine,
+  type ArrowNetworkPolicy,
+  type ArrowSurfaceArtifact,
   type ValidationContext,
 } from '@anarchitecture/summon/engine';
 import {
@@ -24,6 +22,7 @@ import { createEventStore, type DevtoolsEvent } from '@anarchitecture/summon/dev
 import type { SurfaceEnvelope } from '@anarchitecture/summon/envelope';
 import { PolicyEngine } from '@anarchitecture/summon/policy';
 import {
+  arrowRuntimeSource as defaultArrowRuntimeSource,
   bootstrapSource as defaultBootstrapSource,
   tokensSource as defaultTokensSource,
 } from '@anarchitecture/summon/assets';
@@ -39,29 +38,28 @@ import {
 } from 'react';
 import { createRoot, type Root } from 'react-dom/client';
 
-export interface SummonSurfaceChrome {
-  [key: string]: string;
-}
-
 export interface SummonSurfaceProps {
   envelope?: SurfaceEnvelope | null;
-  html?: string;
-  protocolLines?: ProtocolLine[];
-  artifactIntents?: string[];
-  grantedIntents?: string[];
-  grantedCapabilities?: Artifact['capabilities'];
+  artifact?: ArrowSurfaceArtifact | null;
+  artifactTools?: string[];
+  grantedTools?: string[];
+  validationTools?: Artifact['validationTools'];
   artifactComponents?: Artifact['components'];
-  capabilityRegistry?: CapabilityRegistry | null;
+  toolRegistry?: ToolRegistry | null;
   componentRegistry?: ComponentRegistry | null;
   bootstrapSource?: string;
+  arrowRuntimeSource?: string;
+  arrowNetworkPolicy?: ArrowNetworkPolicy;
   tokensSource?: string;
   initialState?: Record<string, unknown>;
-  chrome?: SummonSurfaceChrome;
-  onIntent?: (intent: string, args: Record<string, unknown>) => void;
-  onIntentRejected?: (reason: string, raw: unknown) => void;
+  onToolCall?: (tool: string, args: Record<string, unknown>) =>
+    | void
+    | Record<string, unknown>
+    | Promise<void | Record<string, unknown>>;
+  onToolRejected?: (reason: string, raw: unknown) => void;
   onEvent?: (event: DevtoolsEvent) => void;
   onFatal?: (reason: string) => void;
-  onHandlerError?: (intent: string, error: Error) => void;
+  onHandlerError?: (tool: string, error: Error) => void;
   onComponentError?: (error: ComponentIslandError) => void;
   id?: string;
   title?: string;
@@ -72,10 +70,8 @@ export interface SummonSurfaceProps {
 export interface SummonSurfaceHandle {
   iframe: HTMLIFrameElement | null;
   sandboxId: string | null;
-  render(html: string): void;
-  patchNode(patch: HtmlNodePatch): void;
+  renderArtifact(artifact: ArrowSurfaceArtifact): void;
   pushState(state: Record<string, unknown>): void;
-  setChrome(chrome: SummonSurfaceChrome): void;
 }
 
 export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>(function SummonSurface(
@@ -85,7 +81,7 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
   const iframeRef = useRef<HTMLIFrameElement>(null);
   const handleRef = useRef<SandboxHandle | null>(null);
   const validationContextRef = useRef<ValidationContext | null>(null);
-  const lastRenderedHtmlRef = useRef<CompiledArtifactHtml | null>(null);
+  const lastRenderedArtifactRef = useRef<ArrowSurfaceArtifact | null>(null);
   const events = useMemo(() => createEventStore(), []);
 
   useImperativeHandle(ref, () => ({
@@ -95,42 +91,18 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
     get sandboxId() {
       return handleRef.current?.sandboxId ?? null;
     },
-    render(html: string) {
-      const compiled = compileForRender(html, validationContextRef.current ?? defaultValidationContext());
-      lastRenderedHtmlRef.current = compiled;
-      preflightComponentProps(
-        compiled,
-        props.componentRegistry,
-        handleRef.current?.sandboxId ?? undefined,
-        events,
-        props.onComponentError,
-      );
-      handleRef.current?.render(compiled);
-    },
-    patchNode(patch: HtmlNodePatch) {
-      const compiled = compilePatchForRender(patch, validationContextRef.current ?? defaultValidationContext());
-      if (compiled) {
-        preflightComponentProps(
-          compiled.html,
-          props.componentRegistry,
-          handleRef.current?.sandboxId ?? undefined,
-          events,
-          props.onComponentError,
-        );
-        handleRef.current?.patchNode(compiled);
-      }
+    renderArtifact(artifact: ArrowSurfaceArtifact) {
+      lastRenderedArtifactRef.current = artifact;
+      handleRef.current?.renderArtifact(artifact);
     },
     pushState(state: Record<string, unknown>) {
       handleRef.current?.pushState(state);
     },
-    setChrome(chrome: SummonSurfaceChrome) {
-      handleRef.current?.setChrome(chrome);
-    },
   }), []);
 
   useEffect(() => {
-    lastRenderedHtmlRef.current = null;
-  }, [props.envelope, props.html, props.protocolLines]);
+    lastRenderedArtifactRef.current = null;
+  }, [props.envelope, props.artifact]);
 
   useEffect(() => {
     if (!props.onEvent) return;
@@ -144,22 +116,24 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
     const iframe = iframeRef.current;
     if (!iframe) return;
 
-    const contract = props.capabilityRegistry?.toContract();
+    const contract = props.toolRegistry?.toContract();
     const componentContract = props.componentRegistry?.toContract();
-    const handlers = props.capabilityRegistry?.toPolicyHandlers() ?? {};
-    const grantedIntents = props.grantedIntents ?? props.capabilityRegistry?.intents() ?? [];
-    const grantedCapabilities = props.grantedCapabilities ?? contract?.validationCapabilities ?? [];
+    const handlers = props.toolRegistry?.toPolicyHandlers() ?? {};
+    const grantedTools = props.grantedTools ?? props.toolRegistry?.tools() ?? [];
+    const validationTools = props.validationTools ?? contract?.validationTools ?? [];
     const initialState = {
       ...(contract?.initialState ?? {}),
       ...(props.initialState ?? {}),
     };
     const validationContext = validationContextFromProps(
       props,
-      grantedIntents,
-      grantedCapabilities,
+      grantedTools,
+      validationTools,
       componentContract?.validationComponents ?? props.artifactComponents ?? props.envelope?.grants.components,
     );
     validationContextRef.current = validationContext;
+    const arrowArtifact = resolveArrowArtifact(props);
+    const arrowNetworkPolicy = props.arrowNetworkPolicy ?? props.envelope?.surfacePlan.network ?? 'none';
 
     let handle: SandboxHandle | null = null;
     let islands: ComponentIslandRegistry | null = props.componentRegistry
@@ -181,11 +155,12 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
     });
 
     const artifact: Artifact = {
+      runtime: 'arrow',
       // Advisory only. spawnSandbox receives host grants below.
-      intents: props.artifactIntents ?? props.envelope?.grants.intents ?? grantedIntents,
-      capabilities: props.envelope?.grants.capabilities ?? props.grantedCapabilities,
+      tools: props.artifactTools ?? props.envelope?.grants.tools ?? grantedTools,
+      validationTools: props.envelope?.grants.validationTools ?? props.validationTools,
       components: props.artifactComponents ?? props.envelope?.grants.components ?? componentContract?.validationComponents,
-      html: resolveCompiledHtml(props, validationContext),
+      ...(arrowArtifact ? { arrow: arrowArtifact } : {}),
       initialState,
     };
     const grantedComponentNames = new Set((artifact.components ?? []).map((component) => component.name));
@@ -193,19 +168,25 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
     handle = spawnSandbox({
       iframe,
       artifact,
-      grantedIntents,
-      grantedCapabilities,
+      grantedTools,
+      validationTools,
       bootstrapSource: props.bootstrapSource ?? defaultBootstrapSource,
+      arrowRuntimeSource: props.arrowRuntimeSource ?? defaultArrowRuntimeSource,
+      arrowNetworkPolicy,
       tokensSource: props.tokensSource ?? props.envelope?.tokenCss ?? defaultTokensSource,
       events,
       onSandboxFatal: props.onFatal,
-      onIntent: (intent, args) => {
-        props.onIntent?.(intent, args);
-        if (Object.prototype.hasOwnProperty.call(handlers, intent)) {
-          void policy.dispatch(intent, args);
+      onToolCall: async (tool, args) => {
+        const customState = await props.onToolCall?.(tool, args);
+        if (customState && typeof customState === 'object' && !Array.isArray(customState)) {
+          return customState;
         }
+        if (Object.prototype.hasOwnProperty.call(handlers, tool)) {
+          return policy.dispatch(tool, args).then((result) => result.state);
+        }
+        return policy.getState();
       },
-      onIntentRejected: props.onIntentRejected,
+      onToolRejected: props.onToolRejected,
       onComponents: (components, sandboxId) => {
         const grantedComponents = components.filter((component) => grantedComponentNames.has(component.name));
         for (const component of components) {
@@ -245,23 +226,15 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
         }
         islands?.sync(grantedComponents, {
           sandboxId,
-          emitIntent: (intent, args = {}) => {
-            void policy.dispatch(intent, args);
+          callTool: (tool, args = {}) => {
+            void policy.dispatch(tool, args);
           },
         });
       },
     });
     handleRef.current = handle;
-    preflightComponentProps(
-      artifact.html,
-      props.componentRegistry,
-      handle.sandboxId,
-      events,
-      props.onComponentError,
-    );
-    if (props.chrome) handle.setChrome(props.chrome);
-    if (lastRenderedHtmlRef.current !== null) {
-      handle.render(lastRenderedHtmlRef.current);
+    if (lastRenderedArtifactRef.current !== null) {
+      handle.renderArtifact(lastRenderedArtifactRef.current);
     }
 
     return () => {
@@ -275,22 +248,22 @@ export const SummonSurface = forwardRef<SummonSurfaceHandle, SummonSurfaceProps>
   }, [
     events,
     props.bootstrapSource,
-    props.capabilityRegistry,
-    props.chrome,
+    props.arrowRuntimeSource,
+    props.arrowNetworkPolicy,
+    props.toolRegistry,
     props.componentRegistry,
     props.envelope,
-    props.artifactIntents,
-    props.grantedIntents,
-    props.grantedCapabilities,
+    props.artifact,
+    props.artifactTools,
+    props.grantedTools,
+    props.validationTools,
     props.artifactComponents,
-    props.html,
     props.initialState,
-    props.onIntent,
-    props.onIntentRejected,
+    props.onToolCall,
+    props.onToolRejected,
     props.onFatal,
     props.onComponentError,
     props.onHandlerError,
-    props.protocolLines,
     props.tokensSource,
   ]);
 
@@ -311,7 +284,7 @@ export interface ReactComponentDefinition<T = unknown>
 export interface ReactComponentRuntimeContext {
   componentId: string;
   sandboxId: string;
-  emitIntent: (intent: string, args?: Record<string, unknown>) => void;
+  callTool: (tool: string, args?: Record<string, unknown>) => void;
 }
 
 export interface ReactComponentWithRuntimeDefinition<T = unknown, P = T>
@@ -327,13 +300,13 @@ export function defineReactComponent<T, P = T>(
   const { component, mapProps, ...rest } = definition;
   return {
     ...rest,
-    render: ({ container, props, componentId, sandboxId, emitIntent }) => {
+    render: ({ container, props, componentId, sandboxId, callTool }) => {
       let root = roots.get(container);
       if (!root) {
         root = createRoot(container);
         roots.set(container, root);
       }
-      const runtimeContext = { componentId, sandboxId, emitIntent };
+      const runtimeContext = { componentId, sandboxId, callTool };
       const componentProps = mapProps
         ? mapProps(props as T, runtimeContext)
         : props as unknown as P;
@@ -350,109 +323,33 @@ export function defineReactComponent<T, P = T>(
   };
 }
 
-function resolveCompiledHtml(props: SummonSurfaceProps, context: ValidationContext): CompiledArtifactHtml {
-  if (props.envelope) return props.envelope.compiledHtml;
-  if (props.html !== undefined) return compileForRender(props.html, context);
-  if (!props.protocolLines) return compileForRender('', context);
-  const accumulator = new SectionAccumulator();
-  for (const line of props.protocolLines) accumulator.apply(line);
-  return compileForRender(accumulator.compose(), context);
-}
-
-function compileForRender(html: string, context: ValidationContext): CompiledArtifactHtml {
-  const result = compileArtifactHtml(html, context);
-  if (result.issues.some((issue) => issue.severity === 'block')) {
-    return '' as CompiledArtifactHtml;
-  }
-  return result.html;
-}
-
-function compilePatchForRender(
-  patch: HtmlNodePatch,
-  context: ValidationContext,
-): CompiledHtmlNodePatch | null {
-  const result = compileArtifactHtml(patch.html, {
-    ...context,
-    experimentalFragmentMode: 'html-node-v0',
-  });
-  if (result.issues.some((issue) => issue.severity === 'block')) return null;
-  return {
-    sectionId: patch.sectionId,
-    nodeId: patch.nodeId,
-    ...(patch.parentId ? { parentId: patch.parentId } : {}),
-    html: result.html,
-  };
-}
-
-function preflightComponentProps(
-  html: CompiledArtifactHtml,
-  componentRegistry: ComponentRegistry | null | undefined,
-  sandboxId: string | undefined,
-  events: ReturnType<typeof createEventStore>,
-  onError: ((error: ComponentIslandError) => void) | undefined,
-): void {
-  if (!componentRegistry || typeof DOMParser === 'undefined') return;
-  const doc = new DOMParser().parseFromString(`<div>${html}</div>`, 'text/html');
-  const placeholders = doc.querySelectorAll('[data-summon-component]');
-  for (const placeholder of placeholders) {
-    const componentName = placeholder.getAttribute('data-summon-component') ?? '';
-    const componentId = placeholder.getAttribute('data-summon-component-id') ?? undefined;
-    const rawProps = placeholder.getAttribute('data-summon-props') ?? '{}';
-    let props: unknown;
-    try {
-      props = JSON.parse(rawProps);
-    } catch {
-      emitComponentPreflightError({
-        code: 'props-invalid',
-        componentId,
-        componentName,
-        sandboxId,
-        reason: `component "${componentName}" props are not valid JSON`,
-      }, events, onError);
-      continue;
+function resolveArrowArtifact(props: SummonSurfaceProps): ArrowSurfaceArtifact | null {
+  if (props.artifact) return props.artifact;
+  const lines = props.envelope?.protocolLines;
+  if (!lines) return null;
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const line = lines[i];
+    if (!line || line.op !== 'artifact' || line.path !== '/artifact') continue;
+    const value = (line as ArtifactLine).value;
+    if (isArrowSurfaceArtifact(value)) {
+      return value;
     }
-    const parsed = componentRegistry.validateProps(componentName, props);
-    if (parsed.ok) continue;
-    emitComponentPreflightError({
-      code: parsed.error?.startsWith('unknown component') ? 'unknown-component' : 'props-invalid',
-      componentId,
-      componentName,
-      sandboxId,
-      reason: parsed.error ?? 'component props failed validation',
-    }, events, onError);
   }
-}
-
-function emitComponentPreflightError(
-  error: ComponentIslandError,
-  events: ReturnType<typeof createEventStore>,
-  onError: ((error: ComponentIslandError) => void) | undefined,
-): void {
-  events.push({
-    kind: 'component-error',
-    at: Date.now(),
-    code: error.code,
-    sandboxId: error.sandboxId,
-    componentId: error.componentId,
-    componentName: error.componentName,
-    reason: error.reason,
-  });
-  onError?.(error);
+  return null;
 }
 
 function validationContextFromProps(
   props: SummonSurfaceProps,
-  grantedIntents: string[],
-  grantedCapabilities: Artifact['capabilities'],
+  grantedTools: string[],
+  validationTools: Artifact['validationTools'],
   components: Artifact['components'],
 ): ValidationContext {
   const surfacePlan = props.envelope?.surfacePlan;
   return {
     mode: props.envelope?.metadata.mode ??
-      (surfacePlan?.runtime === 'static' || grantedIntents.length === 0 ? 'static' : 'interactive'),
-    scriptPolicy: 'forbid',
-    allowedIntents: props.envelope?.grants.intents ?? grantedIntents,
-    capabilities: props.envelope?.grants.capabilities ?? grantedCapabilities,
+      (grantedTools.length === 0 ? 'static' : 'interactive'),
+    allowedTools: props.envelope?.grants.tools ?? grantedTools,
+    tools: props.envelope?.grants.validationTools ?? validationTools,
     components,
     ...(surfacePlan ? { surfacePlan } : {}),
   };
@@ -461,9 +358,8 @@ function validationContextFromProps(
 function defaultValidationContext(): ValidationContext {
   return {
     mode: 'static',
-    scriptPolicy: 'forbid',
-    allowedIntents: [],
-    capabilities: [],
+    allowedTools: [],
+    tools: [],
     components: [],
   };
 }
diff --git a/packages/sandbox-runtime/package.json b/packages/sandbox-runtime/package.json
index 8cbcad3..0e8d95e 100644
--- a/packages/sandbox-runtime/package.json
+++ b/packages/sandbox-runtime/package.json
@@ -10,6 +10,7 @@
       "import": "./dist/assets.js"
     },
     "./bootstrap.js": "./dist/bootstrap.js",
+    "./arrow-runtime.js": "./dist/arrow-runtime.js",
     "./tokens.css": "./dist/tokens.css",
     "./package.json": "./package.json"
   },
@@ -20,5 +21,11 @@
     "build": "node scripts/build.mjs",
     "typecheck": "node scripts/build.mjs --check"
   },
-  "private": true
+  "private": true,
+  "dependencies": {
+    "@arrow-js/sandbox": "1.0.6"
+  },
+  "devDependencies": {
+    "esbuild": "0.27.7"
+  }
 }
diff --git a/packages/sandbox-runtime/scripts/build.mjs b/packages/sandbox-runtime/scripts/build.mjs
index 81ae879..24e9897 100644
--- a/packages/sandbox-runtime/scripts/build.mjs
+++ b/packages/sandbox-runtime/scripts/build.mjs
@@ -1,6 +1,7 @@
 import { mkdir, readFile, writeFile } from 'node:fs/promises';
 import { dirname, join } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { build as esbuild } from 'esbuild';
 
 const here = dirname(fileURLToPath(import.meta.url));
 const root = join(here, '..');
@@ -9,14 +10,16 @@ const dist = join(root, 'dist');
 const checkOnly = process.argv.includes('--check');
 
 async function main() {
-  const [bootstrapSource, tokensSource] = await Promise.all([
+  const [bootstrapSource, tokensSource, arrowRuntimeSource] = await Promise.all([
     readFile(join(src, 'bootstrap.js'), 'utf8'),
     readFile(join(src, 'tokens.css'), 'utf8'),
+    bundleArrowRuntime(),
   ]);
 
   if (checkOnly) {
     if (!bootstrapSource.trim()) throw new Error('bootstrap.js is empty');
     if (!tokensSource.trim()) throw new Error('tokens.css is empty');
+    if (!arrowRuntimeSource.trim()) throw new Error('arrow runtime bundle is empty');
     return;
   }
 
@@ -24,11 +27,13 @@ async function main() {
   await Promise.all([
     writeFile(join(dist, 'bootstrap.js'), bootstrapSource),
     writeFile(join(dist, 'tokens.css'), tokensSource),
+    writeFile(join(dist, 'arrow-runtime.js'), arrowRuntimeSource),
     writeFile(
       join(dist, 'assets.js'),
       [
         `export const bootstrapSource = ${JSON.stringify(bootstrapSource)};`,
         `export const tokensSource = ${JSON.stringify(tokensSource)};`,
+        `export const arrowRuntimeSource = ${JSON.stringify(arrowRuntimeSource)};`,
         '//# sourceMappingURL=assets.js.map',
         '',
       ].join('\n'),
@@ -38,6 +43,7 @@ async function main() {
       [
         'export declare const bootstrapSource: string;',
         'export declare const tokensSource: string;',
+        'export declare const arrowRuntimeSource: string;',
         '//# sourceMappingURL=assets.d.ts.map',
         '',
       ].join('\n'),
@@ -47,8 +53,8 @@ async function main() {
       JSON.stringify({
         version: 3,
         file: 'assets.js',
-        sources: ['../src/bootstrap.js', '../src/tokens.css'],
-        sourcesContent: [bootstrapSource, tokensSource],
+        sources: ['../src/bootstrap.js', '../src/tokens.css', '../src/arrow-runtime-entry.ts'],
+        sourcesContent: [bootstrapSource, tokensSource, arrowRuntimeSource],
         names: [],
         mappings: '',
       }),
@@ -60,7 +66,7 @@ async function main() {
         file: 'assets.d.ts',
         sources: ['../src/assets.ts'],
         sourcesContent: [
-          "export const bootstrapSource = '';\nexport const tokensSource = '';\n",
+          "export const bootstrapSource = '';\nexport const tokensSource = '';\nexport const arrowRuntimeSource = '';\n",
         ],
         names: [],
         mappings: '',
@@ -69,6 +75,94 @@ async function main() {
   ]);
 }
 
+async function bundleArrowRuntime() {
+  const wasmBinary = await readFile(
+    join(
+      root,
+      '..',
+      '..',
+      'node_modules',
+      '@jitl',
+      'quickjs-wasmfile-release-asyncify',
+      'dist',
+      'emscripten-module.wasm',
+    ),
+  );
+  const wasmBase64 = wasmBinary.toString('base64');
+  const releaseAsyncifyModulePath = join(
+    root,
+    '..',
+    '..',
+    'node_modules',
+    '@jitl',
+    'quickjs-wasmfile-release-asyncify',
+    'dist',
+    'emscripten-module.browser.mjs',
+  );
+
+  const result = await esbuild({
+    entryPoints: [join(src, 'arrow-runtime-entry.ts')],
+    bundle: true,
+    write: false,
+    format: 'iife',
+    platform: 'browser',
+    target: ['es2022'],
+    sourcemap: false,
+    logLevel: 'silent',
+    define: {
+      'process.env.NODE_ENV': '"production"',
+    },
+    plugins: [inlineQuickJsWasmPlugin({
+      wasmBase64,
+      releaseAsyncifyModulePath,
+    })],
+  });
+
+  const output = result.outputFiles[0]?.text;
+  if (!output) throw new Error('Arrow runtime bundle did not produce output');
+  return output;
+}
+
+function inlineQuickJsWasmPlugin({ wasmBase64, releaseAsyncifyModulePath }) {
+  return {
+    name: 'summon-inline-quickjs-wasm',
+    setup(build) {
+      build.onResolve(
+        { filter: /^@jitl\/quickjs-wasmfile-release-asyncify\/emscripten-module$/ },
+        () => ({ path: 'summon-inline-quickjs-release-asyncify', namespace: 'summon-quickjs' }),
+      );
+      build.onLoad(
+        { filter: /^summon-inline-quickjs-release-asyncify$/, namespace: 'summon-quickjs' },
+        () => ({
+          loader: 'js',
+          resolveDir: dirname(releaseAsyncifyModulePath),
+          contents: [
+            'import createModule from "./emscripten-module.browser.mjs";',
+            `const wasmBase64 = ${JSON.stringify(wasmBase64)};`,
+            'let wasmBinary;',
+            'function decodeWasm() {',
+            '  if (wasmBinary) return wasmBinary;',
+            '  const binary = atob(wasmBase64);',
+            '  const bytes = new Uint8Array(binary.length);',
+            '  for (let i = 0; i < binary.length; i += 1) bytes[i] = binary.charCodeAt(i);',
+            '  wasmBinary = bytes;',
+            '  return wasmBinary;',
+            '}',
+            'export default function createInlineQuickJsModule(moduleArg = {}) {',
+            '  return createModule({',
+            '    ...moduleArg,',
+            '    wasmBinary: moduleArg.wasmBinary || decodeWasm(),',
+            '    locateFile: moduleArg.locateFile || (() => "summon-inline-quickjs.wasm"),',
+            '  });',
+            '}',
+            '',
+          ].join('\n'),
+        }),
+      );
+    },
+  };
+}
+
 main().catch((err) => {
   console.error(err);
   process.exitCode = 1;
diff --git a/packages/sandbox-runtime/src/arrow-runtime-entry.ts b/packages/sandbox-runtime/src/arrow-runtime-entry.ts
new file mode 100644
index 0000000..bb65d04
--- /dev/null
+++ b/packages/sandbox-runtime/src/arrow-runtime-entry.ts
@@ -0,0 +1,9 @@
+import { sandbox } from '@arrow-js/sandbox';
+
+const target = globalThis as typeof globalThis & {
+  __SUMMON_ARROW_SANDBOX__?: {
+    sandbox: typeof sandbox;
+  };
+};
+
+target.__SUMMON_ARROW_SANDBOX__ = Object.freeze({ sandbox });
diff --git a/packages/sandbox-runtime/src/assets.ts b/packages/sandbox-runtime/src/assets.ts
index f8b6df3..da6d3d0 100644
--- a/packages/sandbox-runtime/src/assets.ts
+++ b/packages/sandbox-runtime/src/assets.ts
@@ -6,3 +6,4 @@
  */
 export const bootstrapSource = '';
 export const tokensSource = '';
+export const arrowRuntimeSource = '';
diff --git a/packages/sandbox-runtime/src/bootstrap.js b/packages/sandbox-runtime/src/bootstrap.js
index 3cea847..c11f723 100644
--- a/packages/sandbox-runtime/src/bootstrap.js
+++ b/packages/sandbox-runtime/src/bootstrap.js
@@ -1,50 +1,25 @@
 // Summon sandbox bootstrap — runs FIRST inside every sandbox iframe, before any
-// compiled artifact HTML. Installs window.sandbox (frozen) as the trusted
-// bridge for controlled test shells and legacy hosts. Generated artifacts do
-// not receive executable scripts.
+// Arrow artifact runtime. The generated artifact talks to the host only through
+// the `host-bridge:summon` virtual module supplied by the Arrow runtime.
 (() => {
   'use strict';
 
   const PARENT = window.parent;
   const SANDBOX_ID = window.__SUMMON_SANDBOX_ID__;
-  const RESOURCE_MAP = normalizeResources(window.__SUMMON_RESOURCES__);
+  const NETWORK_POLICY = window.__SUMMON_NETWORK_POLICY__ === 'restricted-fetch'
+    ? 'restricted-fetch'
+    : 'none';
   if (!SANDBOX_ID || typeof SANDBOX_ID !== 'string') {
-    // No ID means host didn't spawn this correctly. Refuse to install SDK.
+    // No ID means host didn't spawn this correctly. Refuse to boot.
     return;
   }
 
   // Scrub globals so artifact code can't read or overwrite them after bootstrap.
   try {
     delete window.__SUMMON_SANDBOX_ID__;
-    delete window.__SUMMON_RESOURCES__;
+    delete window.__SUMMON_NETWORK_POLICY__;
   } catch (_) { /* sealed elsewhere */ }
 
-  function normalizeResources(raw) {
-    const out = Object.create(null);
-    if (!raw || typeof raw !== 'object') return out;
-    for (const name in raw) {
-      if (!Object.prototype.hasOwnProperty.call(raw, name)) continue;
-      if (!/^[A-Za-z][A-Za-z0-9_]{0,39}$/.test(name)) continue;
-      const entry = raw[name];
-      const keys = entry && typeof entry === 'object' ? entry.stateKeys : null;
-      if (!keys || typeof keys !== 'object') continue;
-      const loading = keys.loading;
-      const data = keys.data;
-      const error = keys.error;
-      const empty = keys.empty;
-      if (typeof loading !== 'string' || typeof data !== 'string' || typeof error !== 'string') continue;
-      out[name] = Object.freeze({
-        stateKeys: Object.freeze({
-          loading,
-          data,
-          error,
-          ...(typeof empty === 'string' ? { empty } : {}),
-        }),
-      });
-    }
-    return Object.freeze(out);
-  }
-
   // ----- startup self-test --------------------------------------------------
   // Fail closed if the sandbox is not configured the way Summon requires. Any
   // result here is something a casual misconfiguration (e.g. accidentally
@@ -93,16 +68,26 @@
   // -------------------------------------------------------------------------
 
   let currentState = Object.freeze({});
-  const localState = Object.create(null);
   const subscribers = new Set();
-  const mountedIntentKeys = new Set();
   let componentSyncScheduled = false;
   let componentSyncFallbackTimer = 0;
   let componentLayoutPollTimer = 0;
   let componentLayoutSignature = '';
   let componentResizeObserver = null;
   const componentResizeObserved = new Set();
-  const SAFE_ATTR_BINDINGS = Object.freeze(['src', 'alt', 'title', 'aria-label', 'value', 'placeholder', 'disabled']);
+  const MAX_PENDING_TOOL_RESULTS = 32;
+  const pendingToolResults = new Map();
+  let arrowTeardown = null;
+  let renderRevision = 0;
+
+  function cloneStateSnapshot(value) {
+    if (!value || typeof value !== 'object') return Object.freeze({});
+    try {
+      return Object.freeze(JSON.parse(JSON.stringify(value)));
+    } catch (_) {
+      return Object.freeze({});
+    }
+  }
 
   function notify() {
     const snapshot = currentState;
@@ -111,402 +96,173 @@
     }
   }
 
-  function emit(intent, args) {
-    if (typeof intent !== 'string' || !intent) return;
-    PARENT.postMessage({
-      type: 'SUMMON_INTENT',
-      sandbox_id: SANDBOX_ID,
-      intent,
-      args: args == null ? {} : args,
-    }, '*');
-  }
-
-  function onState(cb) {
-    if (typeof cb !== 'function') return () => {};
-    subscribers.add(cb);
-    // Fire immediately with current snapshot for convenience.
-    try { cb(currentState); } catch (_) { /* swallow */ }
-    return () => subscribers.delete(cb);
-  }
-
-  // ── Declarative bindings ───────────────────────────────────────────────────
-  // The LLM authors HTML with `data-summon-*` attributes; this binder is what
-  // makes them live. Two halves:
-  //
-  //   1. Listeners for `data-summon-on-click` and `data-summon-on-submit` —
-  //      installed ONCE on document, dispatched via `closest(...)` so re-renders
-  //      don't re-bind. Always preventDefault().
-  //      `data-summon-on-mount` is handled after render by applyMountIntents().
-  //   2. State-driven attributes — `data-summon-bind` (textContent),
-  //      `data-summon-show`/`data-summon-hide` (visibility) — recomputed from
-  //      currentState after every state push and every render. They're a pure
-  //      function of (DOM, state); recomputing is idempotent and the cheapest
-  //      possible model.
-  //
-  // Generated scripts are not an artifact capability. The `window.sandbox`
-  // object remains a narrow trusted bridge for host-owned tests and legacy
-  // shells, but generated UI should express local behavior with attributes.
-
-  function walkPath(obj, path) {
-    if (!path) return obj;
-    let cur = obj;
-    const parts = path.split('.');
-    for (let i = 0; i < parts.length; i++) {
-      if (cur == null) return undefined;
-      cur = cur[parts[i]];
-    }
-    return cur;
+  function emitFatal(reason) {
+    try {
+      PARENT.postMessage({
+        type: 'SUMMON_FATAL',
+        sandbox_id: SANDBOX_ID,
+        reason,
+      }, '*');
+    } catch (_) { /* parent gone */ }
   }
 
-  function hasPath(obj, path) {
-    if (!path) return true;
-    let cur = obj;
-    const parts = path.split('.');
-    for (let i = 0; i < parts.length; i++) {
-      if (cur == null || !Object.prototype.hasOwnProperty.call(Object(cur), parts[i])) return false;
-      cur = cur[parts[i]];
+  function callToolInternal(tool, args) {
+    if (typeof tool !== 'string' || !tool) {
+      return Promise.resolve({ ok: false, state: cloneStateSnapshot(currentState), error: 'tool not a non-empty string' });
     }
-    return true;
-  }
-
-  // Walk up to find the nearest ancestor (inclusive) with a matching foreach
-  // scope name. Scope markers are JS properties on stamped clones — invisible
-  // to the LLM-authored markup.
-  function findScope(name, fromEl) {
-    let el = fromEl;
-    while (el) {
-      if (el.__summon_scope === name) return el;
-      el = el.parentElement;
+    if (pendingToolResults.size >= MAX_PENDING_TOOL_RESULTS) {
+      return Promise.resolve({ ok: false, state: cloneStateSnapshot(currentState), error: 'too many pending tools' });
     }
-    return null;
+    const requestId = 'arrow-' + Date.now().toString(36) + '-' + Math.random().toString(36).slice(2);
+    return new Promise((resolve) => {
+      const timeout = window.setTimeout(function () {
+        pendingToolResults.delete(requestId);
+        resolve({ ok: false, state: cloneStateSnapshot(currentState), error: 'tool timed out' });
+      }, 15000);
+      pendingToolResults.set(requestId, function (result) {
+        window.clearTimeout(timeout);
+        resolve(result);
+      });
+      PARENT.postMessage({
+        type: 'SUMMON_TOOL_CALL',
+        sandbox_id: SANDBOX_ID,
+        request_id: requestId,
+        tool,
+        args: args == null || typeof args !== 'object' ? {} : args,
+      }, '*');
+    });
   }
 
-  function findResourceScope(name, fromEl) {
-    let el = fromEl;
-    while (el) {
-      const resource = el.__summon_resource;
-      if (resource && resource.alias === name) return resource;
-      el = el.parentElement;
+  function renderArrowArtifact(artifact) {
+    const root = document.getElementById('summon-root');
+    if (!root) return;
+    if (!artifact || artifact.runtime !== 'arrow' || !artifact.source || typeof artifact.source !== 'object') {
+      emitFatal('invalid Arrow artifact');
+      return;
     }
-    return null;
-  }
-
-  function resourceStateValue(resource, rest) {
-    const keys = resource && resource.stateKeys;
-    if (!keys) return undefined;
-    const loading = walkPath(currentState, keys.loading);
-    const data = walkPath(currentState, keys.data);
-    const error = walkPath(currentState, keys.error);
-    const empty = keys.empty ? walkPath(currentState, keys.empty) : undefined;
-    if (!rest) return { loading, data, error, empty };
-    const dot = rest.indexOf('.');
-    const head = dot === -1 ? rest : rest.slice(0, dot);
-    const tail = dot === -1 ? '' : rest.slice(dot + 1);
-    let base;
-    if (head === 'loading') base = loading;
-    else if (head === 'data') base = data;
-    else if (head === 'error') base = error;
-    else if (head === 'empty') base = empty;
-    else return undefined;
-    return tail ? walkPath(base, tail) : base;
-  }
-
-  // Resolve a path against either currentState or a foreach scope.
-  // Bare `key` / `nested.key` → root state.
-  // `$name` → the entire item from foreach scope `name`.
-  // `$name.field.sub` → field walk inside that item.
-  // fromEl is the binder/click element — used as the starting point for
-  // scope lookup. Falls back to root state if no scope matches.
-  function resolveKey(path, fromEl) {
-    if (!path) return undefined;
-    if (path.charCodeAt(0) === 0x24 /* $ */) {
-      const dot = path.indexOf('.');
-      const name = dot === -1 ? path.slice(1) : path.slice(1, dot);
-      const rest = dot === -1 ? '' : path.slice(dot + 1);
-      const scopeEl = findScope(name, fromEl);
-      if (scopeEl) {
-        const item = scopeEl.__summon_item;
-        return rest ? walkPath(item, rest) : item;
-      }
-      const resource = findResourceScope(name, fromEl);
-      return resourceStateValue(resource, rest);
+    if (artifact.network === 'restricted-fetch' && NETWORK_POLICY !== 'restricted-fetch') {
+      emitFatal('Arrow artifact requested restricted fetch without host network grant');
+      return;
     }
-    if (hasPath(localState, path)) return walkPath(localState, path);
-    return walkPath(currentState, path);
-  }
-
-  function truthy(v) {
-    if (v == null || v === false || v === 0 || v === '') return false;
-    if (Array.isArray(v)) return v.length > 0;
-    if (typeof v === 'object') return Object.keys(v).length > 0;
-    return true;
-  }
-
-  // Recursively replace string leaves matching `^\$\w+(\..+)?$` with their
-  // resolved value. Used at click/submit time to bake the foreach item into
-  // the args payload — `{"picked": "$r"}` becomes `{"picked": <itemObj>}`.
-  function interpolate(value, fromEl) {
-    if (typeof value === 'string') {
-      if (value.length > 1 && value.charCodeAt(0) === 0x24 && /^\$[A-Za-z_]\w*(\..+)?$/.test(value)) {
-        return resolveKey(value, fromEl);
-      }
-      return value;
+    if (typeof arrowTeardown === 'function') {
+      try { arrowTeardown(); } catch (_) { /* best effort */ }
+      arrowTeardown = null;
     }
-    if (Array.isArray(value)) return value.map((v) => interpolate(v, fromEl));
-    if (value && typeof value === 'object') {
-      const out = {};
-      for (const k in value) {
-        if (Object.prototype.hasOwnProperty.call(value, k)) out[k] = interpolate(value[k], fromEl);
-      }
-      return out;
+    const revision = ++renderRevision;
+    root.replaceChildren();
+    const runtime = window.__SUMMON_ARROW_SANDBOX__;
+    const sandbox = runtime && runtime.sandbox;
+    if (typeof sandbox !== 'function') {
+      emitFatal('Arrow runtime missing — expected window.__SUMMON_ARROW_SANDBOX__.sandbox');
+      return;
     }
-    return value;
-  }
-
-  function seedLocalState(root) {
-    const hosts = root.querySelectorAll('[data-summon-local]');
-    for (const host of hosts) {
-      const raw = host.getAttribute('data-summon-local') || '';
-      if (!raw.trim()) continue;
-      let parsed;
-      try { parsed = JSON.parse(raw); }
-      catch (_) { continue; }
-      if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) continue;
-      for (const key in parsed) {
-        if (!Object.prototype.hasOwnProperty.call(parsed, key)) continue;
-        if (!/^[A-Za-z_$][\w$]{0,39}$/.test(key)) continue;
-        if (!Object.prototype.hasOwnProperty.call(localState, key)) {
-          localState[key] = parsed[key];
-        }
-      }
+    try {
+      const view = sandbox(
+        {
+          source: artifact.source,
+          shadowDOM: false,
+          onError: function (error) {
+            emitFatal('Arrow runtime error: ' + String(error && error.message ? error.message : error));
+          },
+        },
+        {
+          output: function (payload) {
+            if (payload && typeof payload === 'object' && payload.type === 'tool') {
+              void callToolInternal(payload.tool, payload.args);
+            }
+          },
+        },
+        {
+          'host-bridge:summon': {
+            getState: function () {
+              return cloneStateSnapshot(currentState);
+            },
+            onState: function (cb) {
+              return onState(cb);
+            },
+            callTool: function (tool, args) {
+              return callToolInternal(tool, args);
+            },
+          },
+        },
+      );
+      const maybeTeardown = view(root);
+      if (typeof maybeTeardown === 'function') arrowTeardown = maybeTeardown;
+      waitForArrowRuntimeReady(root, revision);
+    } catch (err) {
+      emitFatal('Arrow runtime failed to mount: ' + String(err && err.message ? err.message : err));
     }
   }
 
-  function parseConditionLiteral(raw) {
-    const trimmed = String(raw || '').trim();
-    if (trimmed.length >= 2 && trimmed[0] === '"' && trimmed[trimmed.length - 1] === '"') {
-      try { return JSON.parse(trimmed); } catch (_) { return trimmed.slice(1, -1); }
-    }
-    if (trimmed.length >= 2 && trimmed[0] === "'" && trimmed[trimmed.length - 1] === "'") {
-      return trimmed.slice(1, -1);
-    }
-    return trimmed;
+  function emitRendered(revision) {
+    if (revision !== renderRevision) return;
+    try {
+      PARENT.postMessage({ type: 'SUMMON_RENDERED', sandbox_id: SANDBOX_ID, revision }, '*');
+    } catch (_) { /* parent gone */ }
   }
 
-  function evalCondition(expr, fromEl) {
-    const raw = String(expr || '').trim();
-    if (!raw) return false;
-    const match = raw.match(/^(!)?(\$?[A-Za-z_$][\w$]*(?:\.[A-Za-z_$][\w$]*)*)(?:\s*(==|!=)\s*("[^"]*"|'[^']*'))?$/);
-    if (!match) return truthy(resolveKey(raw, fromEl));
-    const negated = !!match[1];
-    const path = match[2];
-    const op = match[3];
-    const literal = match[4];
-    const value = resolveKey(path, fromEl);
-    let result;
-    if (op) {
-      const expected = parseConditionLiteral(literal);
-      result = String(value ?? '') === String(expected);
-      if (op === '!=') result = !result;
+  function finishArrowRender(revision) {
+    if (revision !== renderRevision) return;
+    scheduleComponentSync();
+    const done = function () {
+      if (revision !== renderRevision) return;
+      scheduleComponentSync();
+      emitRendered(revision);
+    };
+    if (typeof requestAnimationFrame === 'function') {
+      requestAnimationFrame(done);
     } else {
-      result = truthy(value);
+      setTimeout(done, 0);
     }
-    return negated ? !result : result;
   }
 
-  function applyResourceScopes(root) {
-    const hosts = root.querySelectorAll('[data-summon-resource]');
-    for (const host of hosts) {
-      const name = host.getAttribute('data-summon-resource') || '';
-      const entry = RESOURCE_MAP[name];
-      if (!entry) {
-        try { delete host.__summon_resource; } catch (_) { host.__summon_resource = undefined; }
-        continue;
-      }
-      const alias = host.getAttribute('data-summon-resource-as') || name;
-      host.__summon_resource = {
-        name,
-        alias,
-        stateKeys: entry.stateKeys,
-      };
-    }
-  }
-
-  // Stamp `<template>` children of every `[data-summon-foreach]` host. Idempotent
-  // by array reference — when state pushes leave the array === to last frame's,
-  // we skip the wipe-and-restamp. Otherwise: remove old clones, clone the
-  // template once per item, hang `__summon_scope` + `__summon_item` on each clone
-  // root for later scoped lookup.
-  function applyForEach(root) {
-    const hosts = root.querySelectorAll('[data-summon-foreach]');
-    for (const host of hosts) {
-      const path = host.getAttribute('data-summon-foreach');
-      const asName = host.getAttribute('data-summon-as') || 'item';
-      const items = resolveKey(path, host);
-      const arr = Array.isArray(items) ? items : [];
-      if (host.__summon_lastItems === arr) continue;
-
-      const tmpl = host.querySelector(':scope > template');
-      if (!tmpl) continue;
-
-      // Wipe previous clones — everything except the template element.
-      const kids = Array.from(host.children);
-      for (const c of kids) if (c !== tmpl) c.remove();
-
-      for (const item of arr) {
-        const frag = tmpl.content.cloneNode(true);
-        const stamped = frag.firstElementChild;
-        if (stamped) {
-          stamped.__summon_scope = asName;
-          stamped.__summon_item = item;
-        }
-        host.appendChild(frag);
-      }
-      host.__summon_lastItems = arr;
-    }
-  }
-
-  function applyAttrBindings(root) {
-    for (const attr of SAFE_ATTR_BINDINGS) {
-      const selector = '[data-summon-attr-' + attr + ']';
-      const els = root.querySelectorAll(selector);
-      for (const el of els) {
-        const raw = el.getAttribute('data-summon-attr-' + attr);
-        const v = attr === 'disabled' ? evalCondition(raw, el) : resolveKey(raw, el);
-        applySafeAttribute(el, attr, v);
-      }
-    }
-  }
-
-  function applySafeAttribute(el, attr, value) {
-    if (attr === 'disabled') {
-      if (truthy(value)) {
-        el.setAttribute('disabled', '');
-        el.disabled = true;
-      } else {
-        el.removeAttribute('disabled');
-        el.disabled = false;
-      }
-      return;
-    }
-
-    if (attr === 'src') {
-      if (el.tagName !== 'IMG') return;
-      const src = value == null ? '' : String(value);
-      if (!src || src.indexOf('data:') === 0) {
-        if (src) el.setAttribute('src', src);
-        else el.removeAttribute('src');
-      } else {
-        el.removeAttribute('src');
-      }
-      return;
-    }
-
-    if (attr === 'value') {
-      const next = value == null ? '' : String(value);
-      if ('value' in el && document.activeElement !== el) el.value = next;
-      el.setAttribute('value', next);
+  function waitForArrowRuntimeReady(root, revision) {
+    const arrowHost = root.querySelector('arrow-sandbox');
+    if (!arrowHost) {
+      finishArrowRender(revision);
       return;
     }
 
-    if (value == null || value === false) {
-      el.removeAttribute(attr);
-    } else {
-      el.setAttribute(attr, String(value));
-    }
-  }
-
-  function applyClassBindings(root) {
-    const els = root.querySelectorAll('*');
-    for (const el of els) {
-      for (const attr of Array.from(el.attributes)) {
-        if (!attr.name.startsWith('data-summon-class-')) continue;
-        const className = attr.name.slice('data-summon-class-'.length);
-        if (!/^[A-Za-z][\w-]{0,63}$/.test(className)) continue;
-        el.classList.toggle(className, evalCondition(attr.value, el));
-      }
-    }
-  }
-
-  function parseMotionEntries(value) {
-    const out = [];
-    for (const part of String(value || '').split(';')) {
-      const trimmed = part.trim();
-      if (!trimmed) continue;
-      const bits = trimmed.split(':');
-      if (bits.length !== 2) continue;
-      const phase = bits[0].trim();
-      const recipe = bits[1].trim();
-      if (!/^(enter|update)$/.test(phase)) continue;
-      if (!/^[a-z][a-z0-9-]{0,31}$/.test(recipe)) continue;
-      out.push({ phase, recipe });
-    }
-    return out;
-  }
-
-  function applyMotion(root) {
-    const motionEls = root.querySelectorAll('[data-summon-motion]');
-    for (const el of motionEls) {
-      const entries = parseMotionEntries(el.getAttribute('data-summon-motion'));
-      for (const entry of entries) {
-        if (entry.phase === 'enter') {
-          el.classList.add('summon-motion-enter-' + entry.recipe);
-        }
-      }
-    }
-    const transitionEls = root.querySelectorAll('[data-summon-transition]');
-    for (const el of transitionEls) {
-      const recipe = (el.getAttribute('data-summon-transition') || '').trim();
-      if (/^[a-z][a-z0-9-]{0,31}$/.test(recipe)) {
-        el.classList.add('summon-transition-' + recipe);
-      }
-    }
-  }
+    let settled = false;
+    const cleanup = function () {
+      arrowHost.removeEventListener('sandbox-ready', onReady);
+      arrowHost.removeEventListener('sandbox-error', onError);
+    };
+    const onReady = function () {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      finishArrowRender(revision);
+    };
+    const onError = function (event) {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      const detail = event && event.detail;
+      const message = detail && detail.message ? detail.message : detail;
+      emitFatal('Arrow runtime failed to mount: ' + String(message || 'unknown error'));
+    };
 
-  function triggerUpdateMotion(root) {
-    const motionEls = root.querySelectorAll('[data-summon-motion]');
-    for (const el of motionEls) {
-      const entries = parseMotionEntries(el.getAttribute('data-summon-motion'));
-      for (const entry of entries) {
-        if (entry.phase === 'update') {
-          markTransientClass(el, 'summon-motion-update-' + entry.recipe, 560);
-        }
-      }
-    }
+    arrowHost.addEventListener('sandbox-ready', onReady, { once: true });
+    arrowHost.addEventListener('sandbox-error', onError, { once: true });
+    const ready = arrowHost.getAttribute('data-ready');
+    if (ready === 'true') onReady();
+    else if (ready === 'error') onError({ detail: 'unknown error' });
   }
 
-  function applyBindings() {
-    const root = document.getElementById('summon-root');
-    if (!root) return;
-    seedLocalState(root);
-    // Resource scopes must exist before foreach resolution; foreach must stamp
-    // clones before bind/show/hide queries run.
-    applyResourceScopes(root);
-    applyForEach(root);
-    const binds = root.querySelectorAll('[data-summon-bind]');
-    for (const el of binds) {
-      const v = resolveKey(el.getAttribute('data-summon-bind'), el);
-      el.textContent = v == null ? '' : String(v);
-    }
-    const shows = root.querySelectorAll('[data-summon-show]');
-    for (const el of shows) {
-      el.hidden = !evalCondition(el.getAttribute('data-summon-show'), el);
-    }
-    const hides = root.querySelectorAll('[data-summon-hide]');
-    for (const el of hides) {
-      el.hidden = evalCondition(el.getAttribute('data-summon-hide'), el);
-    }
-    applyAttrBindings(root);
-    applyClassBindings(root);
-    applyMotion(root);
-    syncComponents();
+  function onState(cb) {
+    if (typeof cb !== 'function') return () => {};
+    subscribers.add(cb);
+    // Fire immediately with current snapshot for convenience.
+    try { cb(currentState); } catch (_) { /* swallow */ }
+    return () => subscribers.delete(cb);
   }
 
-  function parseArgs(raw) {
+  function parseComponentProps(raw) {
     if (!raw) return {};
     try { return JSON.parse(raw); }
     catch (_) {
-      try { console.warn('summon: invalid data-summon-args JSON:', raw); } catch (__) {}
+      try { console.warn('summon: invalid data-summon-props JSON:', raw); } catch (__) {}
       return {};
     }
   }
@@ -539,9 +295,9 @@
       const name = el.getAttribute('data-summon-component') || '';
       const id = el.getAttribute('data-summon-component-id') || '';
       const rawProps = el.getAttribute('data-summon-props') || '{}';
-      const parsed = parseArgs(rawProps);
+      const parsed = parseComponentProps(rawProps);
       const props = parsed && typeof parsed === 'object' && !Array.isArray(parsed)
-        ? interpolate(parsed, el)
+        ? parsed
         : {};
       const rect = el.getBoundingClientRect();
       layoutParts.push(componentLayoutPart(el, rect));
@@ -632,480 +388,11 @@
     }, 100);
   }
 
-  // Collect named form controls into a flat args object. Multi-step thinking:
-  //  - Inputs/selects/textareas with [name] → value.
-  //  - Checkboxes → boolean.
-  //  - Radios → only the checked one's value, keyed by group name.
-  // Anything without [name] is ignored — same as a normal browser submit.
-  function collectFormFields(form) {
-    const out = {};
-    const els = form.querySelectorAll('[name]');
-    for (const el of els) {
-      const name = el.getAttribute('name');
-      if (!name) continue;
-      const tag = el.tagName;
-      const type = el.type;
-      if (tag === 'INPUT' && type === 'checkbox') {
-        out[name] = !!el.checked;
-      } else if (tag === 'INPUT' && type === 'radio') {
-        if (el.checked) out[name] = el.value;
-      } else if (tag === 'INPUT' || tag === 'SELECT' || tag === 'TEXTAREA') {
-        out[name] = el.value;
-      }
-    }
-    return out;
-  }
-
-  function findResourceForElement(fromEl) {
-    let el = fromEl;
-    while (el) {
-      if (el.__summon_resource) return el.__summon_resource;
-      el = el.parentElement;
-    }
-    return null;
-  }
-
-  function emitResourceTrigger(el, includeFormFields) {
-    const resource = findResourceForElement(el);
-    if (!resource || !resource.name) return;
-    const rawArgs = el.getAttribute('data-summon-args') || '';
-    const base = interpolate(parseArgs(rawArgs), el);
-    const args = includeFormFields
-      ? Object.assign({}, base, collectFormFields(el))
-      : base;
-    emit(resource.name, args);
-  }
-
-  function parseLocalValue(raw) {
-    const value = String(raw || '').trim();
-    if (!value) return '';
-    if (value === 'true') return true;
-    if (value === 'false') return false;
-    if (value === 'null') return null;
-    if (/^-?(?:0|[1-9]\d*)(?:\.\d+)?$/.test(value)) return Number(value);
-    if (value.length >= 2 && value[0] === '"' && value[value.length - 1] === '"') {
-      try { return JSON.parse(value); } catch (_) { return value.slice(1, -1); }
-    }
-    if (value.length >= 2 && value[0] === "'" && value[value.length - 1] === "'") {
-      return value.slice(1, -1);
-    }
-    return value;
-  }
-
-  function applyLocalAction(el) {
-    const setValue = el.getAttribute('data-summon-set');
-    const toggleValue = el.getAttribute('data-summon-toggle');
-    let changed = false;
-    if (setValue) {
-      const idx = setValue.indexOf('=');
-      const key = idx === -1 ? '' : setValue.slice(0, idx).trim();
-      const rawValue = idx === -1 ? '' : setValue.slice(idx + 1);
-      if (/^[A-Za-z_$][\w$]{0,39}$/.test(key)) {
-        const next = parseLocalValue(rawValue);
-        if (localState[key] !== next) {
-          localState[key] = next;
-          changed = true;
-        }
-      }
-    }
-    if (toggleValue) {
-      const key = toggleValue.trim();
-      if (/^[A-Za-z_$][\w$]{0,39}$/.test(key)) {
-        localState[key] = !truthy(localState[key]);
-        changed = true;
-      }
-    }
-    if (!changed) return;
-    applyBindings();
-    const root = document.getElementById('summon-root');
-    if (root) triggerUpdateMotion(root);
-    scheduleComponentSync();
-  }
-
-  function mountKeyFor(el, intent, rawArgs) {
-    const section = el.closest('[data-summon-section]');
-    const sectionId = section ? section.getAttribute('data-summon-section') || 'root' : 'root';
-    return sectionId + '\n' + intent + '\n' + (rawArgs || '');
-  }
-
-  function applyMountIntents() {
-    const root = document.getElementById('summon-root');
-    if (!root) return;
-    const mounts = root.querySelectorAll('[data-summon-on-mount]');
-    for (const el of mounts) {
-      const intent = el.getAttribute('data-summon-on-mount');
-      if (!intent) continue;
-      const rawArgs = el.getAttribute('data-summon-args') || '';
-      const key = mountKeyFor(el, intent, rawArgs);
-      if (mountedIntentKeys.has(key)) continue;
-      mountedIntentKeys.add(key);
-      emit(intent, interpolate(parseArgs(rawArgs), el));
-    }
-
-    const resourceMounts = root.querySelectorAll('[data-summon-resource][data-summon-resource-trigger="mount"]');
-    for (const el of resourceMounts) {
-      const resource = findResourceForElement(el);
-      if (!resource || !resource.name) continue;
-      const rawArgs = el.getAttribute('data-summon-args') || '';
-      const key = mountKeyFor(el, resource.name, rawArgs);
-      if (mountedIntentKeys.has(key)) continue;
-      mountedIntentKeys.add(key);
-      emitResourceTrigger(el, false);
-    }
-  }
-
-  // Delegated click. Walks up from event.target to find the closest element
-  // carrying `data-summon-on-click`. Always preventDefault — a click that resolves
-  // to an intent never falls through to the browser's default (form submit,
-  // anchor navigation, etc.). Args are interpolated against the element's
-  // foreach scope (if any) at fire time, so `{"picked":"$r"}` resolves to the
-  // actual item object the user clicked on.
-  document.addEventListener('click', (event) => {
-    const t = event.target;
-    if (!(t instanceof Element)) return;
-    const localEl = t.closest('[data-summon-set],[data-summon-toggle]');
-    if (localEl) {
-      event.preventDefault();
-      applyLocalAction(localEl);
-      return;
-    }
-    const resourceEl = t.closest('[data-summon-resource-trigger="click"]');
-    if (resourceEl) {
-      event.preventDefault();
-      emitResourceTrigger(resourceEl, false);
-      return;
-    }
-    const el = t.closest('[data-summon-on-click]');
-    if (!el) return;
-    event.preventDefault();
-    const intent = el.getAttribute('data-summon-on-click');
-    const parsed = parseArgs(el.getAttribute('data-summon-args'));
-    emit(intent, interpolate(parsed, el));
-  });
-
-  // Delegated submit. Form-only by attribute selector. Auto-collected fields
-  // are spread directly into args; an optional `data-summon-args` JSON object
-  // provides base args (collected fields win on key conflict). Base args are
-  // interpolated against the form's scope so foreach-scoped forms can pass
-  // their item identity through.
-  document.addEventListener('submit', (event) => {
-    const t = event.target;
-    if (!(t instanceof Element)) return;
-    const resourceForm = t.closest('form[data-summon-resource-trigger="submit"]');
-    if (resourceForm) {
-      event.preventDefault();
-      emitResourceTrigger(resourceForm, true);
-      return;
-    }
-    const form = t.closest('form[data-summon-on-submit]');
-    if (!form) return;
-    event.preventDefault();
-    const intent = form.getAttribute('data-summon-on-submit');
-    const base = interpolate(parseArgs(form.getAttribute('data-summon-args')), form);
-    emit(intent, Object.assign({}, base, collectFormFields(form)));
-  });
-
-  // First-paint pass: hides any `data-summon-show` element whose key resolves
-  // to falsy in the empty initial state. Without this, elements meant to be
-  // hidden-by-default flash visible until the first state push.
-  document.addEventListener('DOMContentLoaded', () => {
-    applyBindings();
-    applyMountIntents();
-  });
   window.addEventListener('resize', scheduleComponentSync);
   window.addEventListener('scroll', scheduleComponentSync, { passive: true });
   document.addEventListener('scroll', scheduleComponentSync, { capture: true, passive: true });
   // ───────────────────────────────────────────────────────────────────────────
 
-  // Tracks the <section data-summon-section="..."> elements currently in
-  // #summon-root, keyed by id, so live-paint renders only mount NEW sections
-  // instead of re-creating the whole tree on every section update. Without
-  // this, every entrance animation re-fires on every section arrival.
-  const sectionEls = new Map();
-
-  function indexExistingSections(root) {
-    if (sectionEls.size > 0) return;
-    for (const child of Array.from(root.children)) {
-      if (child.tagName === 'SECTION' && child.hasAttribute('data-summon-section')) {
-        const id = child.getAttribute('data-summon-section');
-        if (id) sectionEls.set(id, child);
-      }
-    }
-  }
-
-  /**
-   * Render a blob of HTML into #summon-root.
-   *
-   * If the incoming HTML is section-structured (top-level
-   * `<section data-summon-section="...">` children, as produced by
-   * SectionAccumulator.compose()), diff by section id: existing sections stay
-   * in place, new sections are appended (so their CSS entrance animation fires
-   * once), changed sections get their innerHTML replaced without remount,
-   * removed sections are pulled out.
-   *
-   * Otherwise (raw artifact HTML, no sections), fall back to a full
-   * innerHTML replace.
-   *
-   * Generated scripts are not an artifact capability. innerHTML-inserted
-   * script tags stay inert, and the sandbox CSP only trusts nonce-authorized
-   * bootstrap scripts.
-   */
-  function renderRoot(html) {
-    const root = document.getElementById('summon-root');
-    if (!root) return;
-    indexExistingSections(root);
-    const incoming = typeof html === 'string' ? html : '';
-
-    const tmp = document.createElement('div');
-    tmp.innerHTML = incoming;
-
-    const newSections = [];
-    for (const child of Array.from(tmp.children)) {
-      if (child.tagName === 'SECTION' && child.hasAttribute('data-summon-section')) {
-        newSections.push(child);
-      }
-    }
-
-    if (newSections.length === 0) {
-      // Full replace — every prior subscriber is now pointing at detached DOM.
-      sectionEls.clear();
-      subscribers.clear();
-      root.innerHTML = incoming;
-      applyBindings();
-      applyMountIntents();
-      return;
-    }
-
-    const wantedOrder = [];
-    const wantedIds = new Set();
-
-    for (const incomingEl of newSections) {
-      const id = incomingEl.getAttribute('data-summon-section');
-      if (!id) continue;
-      wantedOrder.push(id);
-      wantedIds.add(id);
-
-      const existingEl = sectionEls.get(id);
-      if (existingEl) {
-        // Same section, possibly updated content. Replace innerHTML on the
-        // existing element so the entrance animation does NOT re-fire.
-        if (existingEl.innerHTML !== incomingEl.innerHTML) {
-          if (!patchSectionBlocks(existingEl, incomingEl)) {
-            existingEl.innerHTML = incomingEl.innerHTML;
-          }
-        }
-      } else {
-        // New section — appending to #summon-root mounts it for the first time,
-        // which triggers the CSS entrance animation declared on the
-        // [data-summon-section] selector.
-        root.appendChild(incomingEl);
-        sectionEls.set(id, incomingEl);
-      }
-    }
-
-    for (const [id, el] of Array.from(sectionEls.entries())) {
-      if (!wantedIds.has(id)) {
-        el.remove();
-        sectionEls.delete(id);
-      }
-    }
-
-    // Reorder children to match wantedOrder. insertBefore on a node already in
-    // the tree moves it rather than cloning, so this is in-place.
-    for (let i = 0; i < wantedOrder.length; i++) {
-      const desired = sectionEls.get(wantedOrder[i]);
-      if (!desired) continue;
-      if (root.children[i] !== desired) {
-        root.insertBefore(desired, root.children[i] || null);
-      }
-    }
-
-    applyBindings();
-    applyMountIntents();
-  }
-
-  function patchSectionBlocks(existingSection, incomingSection) {
-    var existingBlocks = directBlockChildren(existingSection);
-    var incomingBlocks = directBlockChildren(incomingSection);
-    if (existingBlocks.length === 0 || incomingBlocks.length === 0) return false;
-
-    var existingById = new Map();
-    for (var i = 0; i < existingBlocks.length; i++) {
-      var existingId = existingBlocks[i].getAttribute('data-summon-block');
-      if (existingId) existingById.set(existingId, existingBlocks[i]);
-    }
-
-    var wantedIds = new Set();
-    for (var j = 0; j < incomingBlocks.length; j++) {
-      var incomingBlock = incomingBlocks[j];
-      var id = incomingBlock.getAttribute('data-summon-block');
-      if (!id) continue;
-      wantedIds.add(id);
-      var existingBlock = existingById.get(id);
-      if (existingBlock) {
-        if (existingBlock.innerHTML !== incomingBlock.innerHTML) {
-          existingBlock.innerHTML = incomingBlock.innerHTML;
-        }
-      } else {
-        existingSection.appendChild(incomingBlock);
-        existingById.set(id, incomingBlock);
-      }
-    }
-
-    for (var _i = 0; _i < existingBlocks.length; _i++) {
-      var stale = existingBlocks[_i];
-      var staleId = stale.getAttribute('data-summon-block');
-      if (staleId && !wantedIds.has(staleId)) stale.remove();
-    }
-
-    for (var k = 0; k < incomingBlocks.length; k++) {
-      var wantedId = incomingBlocks[k].getAttribute('data-summon-block');
-      if (!wantedId) continue;
-      var desired = existingById.get(wantedId);
-      if (!desired) continue;
-      if (existingSection.children[k] !== desired) {
-        existingSection.insertBefore(desired, existingSection.children[k] || null);
-      }
-    }
-
-    return true;
-  }
-
-  function directBlockChildren(section) {
-    var out = [];
-    for (var i = 0; i < section.children.length; i++) {
-      var child = section.children[i];
-      if (child.hasAttribute('data-summon-block')) out.push(child);
-    }
-    return out;
-  }
-
-  function patchHtmlNode(patch) {
-    if (!patch || typeof patch !== 'object') return;
-    var sectionId = typeof patch.sectionId === 'string' ? patch.sectionId : '';
-    var nodeId = typeof patch.nodeId === 'string' ? patch.nodeId : '';
-    var parentId = typeof patch.parentId === 'string' ? patch.parentId : '';
-    var html = typeof patch.html === 'string' ? patch.html : '';
-    if (!sectionId || !nodeId) return;
-
-    var root = document.getElementById('summon-root');
-    if (!root) return;
-    indexExistingSections(root);
-
-    var section = sectionEls.get(sectionId);
-    if (!section) {
-      section = document.createElement('section');
-      section.setAttribute('data-summon-section', sectionId);
-      root.appendChild(section);
-      sectionEls.set(sectionId, section);
-    }
-
-    var tmp = document.createElement('div');
-    tmp.innerHTML = html;
-    var incoming = tmp.firstElementChild;
-    if (!incoming || incoming.getAttribute('data-summon-node') !== nodeId) return;
-
-    var parent = parentId ? findSummonNode(section, parentId) : section;
-    if (!parent) return;
-
-    var existing = findSummonNode(section, nodeId);
-    if (existing) {
-      var preservedChildren = directNodeChildren(existing);
-      var incomingChildHost = nodeChildrenHost(incoming);
-      var replacementSlotChanged = false;
-      if (preservedChildren.length > 0) {
-        replacementSlotChanged = prepareNodeChildHost(incomingChildHost);
-      }
-      for (var i = 0; i < preservedChildren.length; i++) {
-        incomingChildHost.appendChild(preservedChildren[i]);
-      }
-      markTransientClass(incoming, 'summon-node-update', 520);
-      existing.replaceWith(incoming);
-      if (replacementSlotChanged) markSlotFilled(incomingChildHost);
-    } else {
-      var childHost = nodeChildrenHost(parent);
-      var slotChanged = prepareNodeChildHost(childHost);
-      markTransientClass(incoming, 'summon-node-enter', 520);
-      childHost.appendChild(incoming);
-      if (slotChanged) markSlotFilled(childHost);
-    }
-
-    applyBindings();
-    applyMountIntents();
-  }
-
-  function findSummonNode(section, nodeId) {
-    var nodes = section.querySelectorAll('[data-summon-node]');
-    for (var i = 0; i < nodes.length; i++) {
-      if (nodes[i].getAttribute('data-summon-node') === nodeId) return nodes[i];
-    }
-    return null;
-  }
-
-  function directNodeChildren(parent) {
-    var out = [];
-    var childHost = nodeChildrenHost(parent);
-    for (var i = 0; i < childHost.children.length; i++) {
-      var child = childHost.children[i];
-      if (child.hasAttribute('data-summon-node')) out.push(child);
-    }
-    return out;
-  }
-
-  function nodeChildrenHost(parent) {
-    if (!parent || typeof parent.querySelector !== 'function') return parent;
-    return parent.querySelector('[data-summon-node-children]') || parent;
-  }
-
-  function prepareNodeChildHost(host) {
-    if (!isNodeChildrenSlot(host)) return false;
-    var hadNodeChildren = directSummonNodeChildCount(host) > 0;
-    var removedSkeletons = removeDirectSkeletons(host);
-    return removedSkeletons > 0 || !hadNodeChildren;
-  }
-
-  function directSummonNodeChildCount(host) {
-    if (!host || !host.children) return 0;
-    var count = 0;
-    for (var i = 0; i < host.children.length; i++) {
-      if (host.children[i].hasAttribute('data-summon-node')) count += 1;
-    }
-    return count;
-  }
-
-  function removeDirectSkeletons(host) {
-    if (!host || !host.children) return 0;
-    var removed = 0;
-    var children = Array.from(host.children);
-    for (var i = 0; i < children.length; i++) {
-      if (children[i].hasAttribute('data-summon-skeleton')) {
-        children[i].remove();
-        removed += 1;
-      }
-    }
-    return removed;
-  }
-
-  function isNodeChildrenSlot(el) {
-    return !!(el && el.hasAttribute && el.hasAttribute('data-summon-node-children'));
-  }
-
-  function markSlotFilled(slot) {
-    if (!isNodeChildrenSlot(slot)) return;
-    markTransientClass(slot, 'summon-slot-filled', 560);
-  }
-
-  function markTransientClass(el, className, durationMs) {
-    if (!el || !el.classList) return;
-    el.classList.remove(className);
-    // Force a style flush so repeated replacements retrigger the animation.
-    void el.offsetWidth;
-    el.classList.add(className);
-    window.setTimeout(function () {
-      if (el && el.classList) el.classList.remove(className);
-    }, durationMs);
-  }
-
   window.addEventListener('message', (event) => {
     const data = event.data;
     if (!data || typeof data !== 'object') return;
@@ -1114,64 +401,33 @@
     if (data.type === 'SUMMON_STATE') {
       const next = data.state && typeof data.state === 'object' ? data.state : {};
       currentState = Object.freeze({ ...next });
-      // Subscribers fire first; declarative bindings refresh last so the DOM
-      // ends up consistent with currentState even if a subscriber wrote to a
-      // bound element.
       notify();
-      applyBindings();
-      {
-        const root = document.getElementById('summon-root');
-        if (root) triggerUpdateMotion(root);
-      }
+      scheduleComponentSync();
       return;
     }
 
     if (data.type === 'SUMMON_RENDER') {
-      // renderRoot decides whether to wipe subscribers: a full innerHTML
-      // replace clears them, but a section-by-section diff leaves alive
-      // sections (and their onState subscribers) in place.
-      renderRoot(data.html);
-      return;
-    }
-
-    if (data.type === 'SUMMON_NODE_PATCH') {
-      patchHtmlNode(data.patch);
+      if (data.artifact) {
+        renderArrowArtifact(data.artifact);
+        return;
+      }
       return;
     }
 
-    if (data.type === 'SUMMON_CHROME') {
-      // Mirror host-declared chrome attributes onto <html>. Host-controlled —
-      // we still validate keys/values defensively because the listener is bound
-      // to `window` and the sandbox_id gate filters ambient frame messages.
-      var attrs = data.attrs;
-      if (!attrs || typeof attrs !== 'object') return;
-      var root = document.documentElement;
-      for (var k in attrs) {
-        if (!Object.prototype.hasOwnProperty.call(attrs, k)) continue;
-        if (!/^[a-z][a-z0-9-]*$/.test(k)) continue;
-        var v = attrs[k];
-        if (v === '' || v == null) {
-          root.removeAttribute('data-summon-' + k);
-        } else {
-          root.setAttribute('data-summon-' + k, String(v));
-        }
-      }
+    if (data.type === 'SUMMON_TOOL_RESULT') {
+      var requestId = data.request_id;
+      if (typeof requestId !== 'string') return;
+      var resolve = pendingToolResults.get(requestId);
+      if (!resolve) return;
+      pendingToolResults.delete(requestId);
+      resolve({
+        ok: data.ok === true,
+        state: data.state && typeof data.state === 'object' ? cloneStateSnapshot(data.state) : cloneStateSnapshot(currentState),
+        error: typeof data.error === 'string' ? data.error : undefined,
+      });
       return;
     }
-  });
-
-  const sdk = Object.freeze({
-    get state() { return currentState; },
-    onState,
-    emit,
-  });
 
-  // Install as a non-configurable property so artifact JS can't reassign.
-  Object.defineProperty(window, 'sandbox', {
-    value: sdk,
-    writable: false,
-    configurable: false,
-    enumerable: true,
   });
 
   let readySent = false;
diff --git a/packages/server/src/agent-broker.ts b/packages/server/src/agent-broker.ts
index a103287..a3986c6 100644
--- a/packages/server/src/agent-broker.ts
+++ b/packages/server/src/agent-broker.ts
@@ -1,11 +1,11 @@
 import {
   compileSurfacePolicy,
   SURFACE_PURPOSE_VALUES,
-  type CapabilityPack,
+  type ToolPack,
   type ComponentPack,
   type ComponentSpec,
   type CompiledSurfacePolicy,
-  type IntentSpec,
+  type ToolSpec,
   type ProtocolLine,
   type SurfacePersistence,
   type SurfacePolicy,
@@ -17,7 +17,7 @@ import type {
   SurfaceGenerationSummary,
 } from './types.js';
 
-export type SurfaceIntentInteraction =
+export type SurfaceGoalInteraction =
   | 'none'
   | 'select'
   | 'form'
@@ -25,38 +25,38 @@ export type SurfaceIntentInteraction =
   | 'background'
   | 'approval';
 
-export type SurfaceIntentDataNeed = 'embedded' | 'host-resource' | 'worker';
-export type SurfaceIntentSideEffect =
+export type SurfaceGoalDataNeed = 'embedded' | 'host-resource' | 'worker';
+export type SurfaceGoalSideEffect =
   | 'none'
   | 'local-state'
   | 'external-action'
   | 'approval-required';
-export type SurfaceIntentSource = 'provided' | 'model' | 'deterministic';
+export type SurfaceGoalSource = 'provided' | 'model' | 'deterministic';
 
-export interface SurfaceIntent {
+export interface SurfaceGoal {
   purpose: SurfacePurpose;
-  interaction: SurfaceIntentInteraction;
-  dataNeed: SurfaceIntentDataNeed;
-  sideEffect: SurfaceIntentSideEffect;
-  requestedCapabilities: string[];
+  interaction: SurfaceGoalInteraction;
+  dataNeed: SurfaceGoalDataNeed;
+  sideEffect: SurfaceGoalSideEffect;
+  requestedTools: string[];
   requestedComponents: string[];
   confidence: number;
   rationale?: string;
 }
 
-export interface AgentIntentRequest {
+export interface AgentGoalRequest {
   prompt: string;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
-  deterministicIntent: SurfaceIntent;
+  deterministicGoal: SurfaceGoal;
   signal?: AbortSignal;
 }
 
-export type AgentIntentProvider = (
-  request: AgentIntentRequest,
-) => SurfaceIntent | null | Promise<SurfaceIntent | null>;
+export type AgentGoalProvider = (
+  request: AgentGoalRequest,
+) => SurfaceGoal | null | Promise<SurfaceGoal | null>;
 
-export interface AgentIntentTextRequest {
+export interface AgentGoalTextRequest {
   system: string;
   prompt: string;
   maxTokens: number;
@@ -64,15 +64,15 @@ export interface AgentIntentTextRequest {
   signal?: AbortSignal;
 }
 
-export interface AgentIntentTextClient {
-  completeText(request: AgentIntentTextRequest): string | Promise<string>;
+export interface AgentGoalTextClient {
+  completeText(request: AgentGoalTextRequest): string | Promise<string>;
 }
 
 export interface HostPolicyResolutionRequest {
   prompt: string;
-  intent: SurfaceIntent;
+  goal: SurfaceGoal;
   proposedSurfacePolicy: SurfacePolicy;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
 }
 
@@ -84,16 +84,16 @@ export interface AgentPolicyResolution {
   source: 'default' | 'host';
   proposedSurfacePolicy: SurfacePolicy;
   surfacePolicy: SurfacePolicy;
-  rejectedCapabilities: string[];
+  rejectedTools: string[];
   rejectedComponents: string[];
   fallback: boolean;
 }
 
 export interface AgentSurfacePlanningOptions {
-  intent?: SurfaceIntent | null;
-  intentProvider?: AgentIntentProvider | null;
-  intentModel?: AgentIntentTextClient | null;
-  intentTimeoutMs?: number;
+  goal?: SurfaceGoal | null;
+  goalProvider?: AgentGoalProvider | null;
+  goalModel?: AgentGoalTextClient | null;
+  goalTimeoutMs?: number;
   hostPolicyResolver?: HostPolicyResolver | null;
   persistence?: SurfacePersistence;
   signal?: AbortSignal;
@@ -101,13 +101,13 @@ export interface AgentSurfacePlanningOptions {
 
 export interface AgentSurfacePlanningInput extends AgentSurfacePlanningOptions {
   prompt: string;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
 }
 
 export interface AgentSurfacePlanResult {
-  intent: SurfaceIntent;
-  intentSource: SurfaceIntentSource;
+  goal: SurfaceGoal;
+  goalSource: SurfaceGoalSource;
   proposedSurfacePolicy: SurfacePolicy;
   surfacePolicy: SurfacePolicy;
   compiledPolicy: CompiledSurfacePolicy;
@@ -116,7 +116,7 @@ export interface AgentSurfacePlanResult {
 
 export type AgentSurfaceGenerationInput = Omit<
   SurfaceGenerationInput,
-  'surfacePolicy' | 'mode' | 'scriptPolicy' | 'surfacePlan'
+  'surfacePolicy'
 > & AgentSurfacePlanningOptions & {
   emitAgentDiagnostics?: boolean;
 };
@@ -138,49 +138,49 @@ const FORM_RE =
   /\b(form|collect|intake|survey|questionnaire|submit|capture|enter|input)\b/i;
 const SELECT_RE =
   /\b(pick|choose|select|save|remember|vote|rate|rank|favorite)\b/i;
-const DIRECT_CAPABILITY_NAME_RE = /[_\W]+/;
-const FORM_CAPABILITY_RE =
+const DIRECT_TOOL_NAME_RE = /[_\W]+/;
+const FORM_TOOL_RE =
   /\b(submit|form|collect|intake|survey|questionnaire|capture|input)\b/i;
-const SELECT_CAPABILITY_RE =
+const SELECT_TOOL_RE =
   /\b(choose|choice|select|save|pick|vote|rate|rank|favorite|remember)\b/i;
 
 export async function planAgentSurface(
   input: AgentSurfacePlanningInput,
 ): Promise<AgentSurfacePlanResult> {
-  const deterministicIntent = inferSurfaceIntent(input.prompt, {
-    capabilities: input.capabilities ?? null,
+  const deterministicGoal = inferSurfaceGoal(input.prompt, {
+    tools: input.tools ?? null,
     components: input.components ?? null,
   });
-  const inferred = input.intent
+  const inferred = input.goal
     ? {
-        intent: normalizeSurfaceIntent(input.intent, deterministicIntent),
+        goal: normalizeSurfaceGoal(input.goal, deterministicGoal),
         source: 'provided' as const,
       }
-    : await inferProvidedIntent(input, deterministicIntent);
-  const intentSource = inferred?.source ?? 'deterministic';
-  const intent = sanitizeSurfaceIntent(inferred?.intent ?? deterministicIntent, {
-    capabilities: input.capabilities ?? null,
+    : await inferProvidedGoal(input, deterministicGoal);
+  const goalSource = inferred?.source ?? 'deterministic';
+  const goal = sanitizeSurfaceGoal(inferred?.goal ?? deterministicGoal, {
+    tools: input.tools ?? null,
     components: input.components ?? null,
-    fallback: deterministicIntent,
+    fallback: deterministicGoal,
   });
-  const proposedSurfacePolicy = policyFromIntent(intent, {
+  const proposedSurfacePolicy = policyFromGoal(goal, {
     persistence: input.persistence,
   });
   const policyResolution = await resolveHostPolicy({
     prompt: input.prompt,
-    intent,
+    goal,
     proposedSurfacePolicy,
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
     resolver: input.hostPolicyResolver ?? null,
   });
   const compiledPolicy = compileSurfacePolicy(policyResolution.surfacePolicy, {
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
   });
   return {
-    intent,
-    intentSource,
+    goal,
+    goalSource,
     proposedSurfacePolicy,
     surfacePolicy: policyResolution.surfacePolicy,
     compiledPolicy,
@@ -199,7 +199,7 @@ export async function runAgentSurfaceGeneration(
   ];
   const summary = await runSurfaceGeneration({
     ...input,
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
     surfacePolicy: agent.surfacePolicy,
     preludeLines,
@@ -210,35 +210,35 @@ export async function runAgentSurfaceGeneration(
   };
 }
 
-export function inferSurfaceIntent(
+export function inferSurfaceGoal(
   prompt: string,
   options: {
-    capabilities?: CapabilityPack | null;
+    tools?: ToolPack | null;
     components?: ComponentPack | null;
   } = {},
-): SurfaceIntent {
-  const requestedCapabilities = inferCapabilityNames(prompt, options.capabilities ?? null);
+): SurfaceGoal {
+  const requestedTools = inferToolNames(prompt, options.tools ?? null);
   const requestedComponents = inferComponentNames(prompt, options.components ?? null);
-  const selectedIntents = intentsByName(options.capabilities, requestedCapabilities);
+  const selectedTools = toolsByName(options.tools, requestedTools);
 
-  const hasApproval = selectedIntents.some((intent) => intentAuthority(intent) === 'approval-gated');
-  const hasWorker = selectedIntents.some((intent) => intentData(intent) === 'worker');
-  const hasResource = selectedIntents.some((intent) => intentData(intent) === 'host-resource');
-  const hasAction = selectedIntents.some((intent) => intentAuthority(intent) === 'host-action');
+  const hasApproval = selectedTools.some((tool) => toolAuthority(tool) === 'approval-gated');
+  const hasWorker = selectedTools.some((tool) => toolData(tool) === 'worker');
+  const hasResource = selectedTools.some((tool) => toolData(tool) === 'host-resource');
+  const hasAction = selectedTools.some((tool) => toolAuthority(tool) === 'host-action');
 
-  let interaction: SurfaceIntentInteraction = 'none';
+  let interaction: SurfaceGoalInteraction = 'none';
   if (hasApproval || APPROVAL_RE.test(prompt)) interaction = 'approval';
   else if (hasWorker || BACKGROUND_RE.test(prompt)) interaction = 'background';
   else if (hasResource || SEARCH_RE.test(prompt)) interaction = 'search';
   else if (FORM_RE.test(prompt)) interaction = 'form';
   else if (hasAction || SELECT_RE.test(prompt)) interaction = 'select';
 
-  const sideEffect: SurfaceIntentSideEffect = interaction === 'approval'
+  const sideEffect: SurfaceGoalSideEffect = interaction === 'approval'
     ? 'approval-required'
     : hasAction || interaction === 'select' || interaction === 'form'
       ? 'local-state'
       : 'none';
-  const dataNeed: SurfaceIntentDataNeed = interaction === 'background' || hasWorker
+  const dataNeed: SurfaceGoalDataNeed = interaction === 'background' || hasWorker
     ? 'worker'
     : interaction === 'search' || hasResource
       ? 'host-resource'
@@ -249,58 +249,58 @@ export function inferSurfaceIntent(
     interaction,
     dataNeed,
     sideEffect,
-    requestedCapabilities,
+    requestedTools,
     requestedComponents,
-    confidence: requestedCapabilities.length > 0 || interaction !== 'none' ? 0.72 : 0.58,
+    confidence: requestedTools.length > 0 || interaction !== 'none' ? 0.72 : 0.58,
     rationale: 'deterministic keyword and catalog match',
   };
 }
 
-export function policyFromIntent(
-  intent: SurfaceIntent,
+export function policyFromGoal(
+  goal: SurfaceGoal,
   options: { persistence?: SurfacePersistence } = {},
 ): SurfacePolicy {
   const persistence = options.persistence ?? 'replayable';
-  const hasSurfaceAccess = intent.requestedCapabilities.length > 0 || intent.requestedComponents.length > 0;
-  if (intent.sideEffect === 'approval-required' || intent.interaction === 'approval') {
+  const hasSurfaceAccess = goal.requestedTools.length > 0 || goal.requestedComponents.length > 0;
+  if (goal.sideEffect === 'approval-required' || goal.interaction === 'approval') {
     return {
       tier: 'approval',
       purpose: 'operate',
-      grants: intent.requestedCapabilities,
-      components: intent.requestedComponents,
+      grants: goal.requestedTools,
+      components: goal.requestedComponents,
       persistence,
     };
   }
-  if (intent.dataNeed === 'worker' || intent.interaction === 'background') {
+  if (goal.dataNeed === 'worker' || goal.interaction === 'background') {
     return {
       tier: 'worker',
-      purpose: intent.purpose,
-      grants: intent.requestedCapabilities,
-      components: intent.requestedComponents,
+      purpose: goal.purpose,
+      grants: goal.requestedTools,
+      components: goal.requestedComponents,
       persistence,
     };
   }
   if (
     hasSurfaceAccess &&
     (
-      intent.interaction !== 'none' ||
-      intent.dataNeed === 'host-resource' ||
-      intent.sideEffect === 'local-state' ||
-      intent.sideEffect === 'external-action'
+      goal.interaction !== 'none' ||
+      goal.dataNeed === 'host-resource' ||
+      goal.sideEffect === 'local-state' ||
+      goal.sideEffect === 'external-action'
     )
   ) {
     return {
       tier: 'declarative',
-      purpose: intent.purpose,
-      grants: intent.requestedCapabilities,
-      components: intent.requestedComponents,
+      purpose: goal.purpose,
+      grants: goal.requestedTools,
+      components: goal.requestedComponents,
       persistence,
     };
   }
   return {
     tier: 'static',
-    purpose: intent.purpose,
-    components: intent.requestedComponents,
+    purpose: goal.purpose,
+    components: goal.requestedComponents,
     persistence,
   };
 }
@@ -309,23 +309,23 @@ export function defaultHostPolicyResolver(
   request: HostPolicyResolutionRequest,
 ): SurfacePolicy {
   return narrowSurfacePolicy(request.proposedSurfacePolicy, {
-    capabilities: request.capabilities ?? null,
+    tools: request.tools ?? null,
     components: request.components ?? null,
   }).surfacePolicy;
 }
 
 function agentPreludeLines(agent: AgentSurfacePlanResult): ProtocolLine[] {
   return [
-    { op: 'meta', path: '/agent-intent', value: agent.intent },
+    { op: 'meta', path: '/agent-goal', value: agent.goal },
     {
       op: 'meta',
       path: '/agent-policy-resolution',
       value: {
         source: agent.policyResolution.source,
-        intentSource: agent.intentSource,
+        goalSource: agent.goalSource,
         proposedSurfacePolicy: agent.policyResolution.proposedSurfacePolicy,
         surfacePolicy: agent.policyResolution.surfacePolicy,
-        rejectedCapabilities: agent.policyResolution.rejectedCapabilities,
+        rejectedTools: agent.policyResolution.rejectedTools,
         rejectedComponents: agent.policyResolution.rejectedComponents,
         fallback: agent.policyResolution.fallback,
       },
@@ -333,44 +333,44 @@ function agentPreludeLines(agent: AgentSurfacePlanResult): ProtocolLine[] {
   ];
 }
 
-async function inferProvidedIntent(
+async function inferProvidedGoal(
   input: AgentSurfacePlanningInput,
-  deterministicIntent: SurfaceIntent,
-): Promise<{ intent: SurfaceIntent; source: SurfaceIntentSource } | null> {
-  if (input.intentProvider) {
-    const intent = await input.intentProvider({
+  deterministicGoal: SurfaceGoal,
+): Promise<{ goal: SurfaceGoal; source: SurfaceGoalSource } | null> {
+  if (input.goalProvider) {
+    const goal = await input.goalProvider({
       prompt: input.prompt,
-      capabilities: input.capabilities ?? null,
+      tools: input.tools ?? null,
       components: input.components ?? null,
-      deterministicIntent,
+      deterministicGoal,
       signal: input.signal,
     });
-    return intent ? { intent, source: 'provided' } : null;
+    return goal ? { goal, source: 'provided' } : null;
   }
-  if (!input.intentModel) return null;
-  const intent = await inferIntentWithModel(input.intentModel, {
+  if (!input.goalModel) return null;
+  const goal = await inferGoalWithModel(input.goalModel, {
     prompt: input.prompt,
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
-    deterministicIntent,
-    timeoutMs: input.intentTimeoutMs,
+    deterministicGoal,
+    timeoutMs: input.goalTimeoutMs,
     signal: input.signal,
   });
-  return intent ? { intent, source: 'model' } : null;
+  return goal ? { goal, source: 'model' } : null;
 }
 
-async function inferIntentWithModel(
-  client: AgentIntentTextClient,
+async function inferGoalWithModel(
+  client: AgentGoalTextClient,
   input: {
     prompt: string;
-    capabilities?: CapabilityPack | null;
+    tools?: ToolPack | null;
     components?: ComponentPack | null;
-    deterministicIntent: SurfaceIntent;
+    deterministicGoal: SurfaceGoal;
     timeoutMs?: number;
     signal?: AbortSignal;
   },
-): Promise<SurfaceIntent | null> {
-  const system = buildIntentClassifierPrompt(input.capabilities ?? null, input.components ?? null);
+): Promise<SurfaceGoal | null> {
+  const system = buildGoalClassifierPrompt(input.tools ?? null, input.components ?? null);
   try {
     const request = client.completeText({
       system,
@@ -386,23 +386,23 @@ async function inferIntentWithModel(
     if (!raw) return null;
     const json = extractJsonObject(raw);
     if (!json) return null;
-    const parsed = JSON.parse(json) as Partial<SurfaceIntent>;
-    const normalized = normalizeSurfaceIntent(parsed, input.deterministicIntent);
+    const parsed = JSON.parse(json) as Partial<SurfaceGoal>;
+    const normalized = normalizeSurfaceGoal(parsed, input.deterministicGoal);
     return normalized.confidence >= MIN_MODEL_CONFIDENCE ? normalized : null;
   } catch {
     return null;
   }
 }
 
-function buildIntentClassifierPrompt(
-  capabilities: CapabilityPack | null,
+function buildGoalClassifierPrompt(
+  tools: ToolPack | null,
   components: ComponentPack | null,
 ): string {
-  const capabilityLines = (capabilities?.intents ?? [])
-    .map((intent) => {
-      const data = intentData(intent);
-      const authority = intentAuthority(intent);
-      return `- ${intent.name}: ${intent.kind ?? 'action'}, data=${data}, authority=${authority}, ${intent.description}`;
+  const toolLines = (tools?.tools ?? [])
+    .map((tool) => {
+      const data = toolData(tool);
+      const authority = toolAuthority(tool);
+      return `- ${tool.name}: ${tool.kind ?? 'action'}, data=${data}, authority=${authority}, ${tool.description}`;
     })
     .join('\n') || '- none';
   const componentLines = (components?.components ?? [])
@@ -412,20 +412,20 @@ function buildIntentClassifierPrompt(
     })
     .join('\n') || '- none';
 
-  return `Classify a Summon generative-UI request into a bounded intent object.
+  return `Classify a Summon generative-UI request into a bounded tool object.
 
 Available host tools:
-${capabilityLines}
+${toolLines}
 
 Available trusted components:
 ${componentLines}
 
 Respond with ONLY one JSON object. No markdown and no prose.
 Shape:
-{"purpose":"inform|compare|explore|collect|review|operate","interaction":"none|select|form|search|background|approval","dataNeed":"embedded|host-resource|worker","sideEffect":"none|local-state|external-action|approval-required","requestedCapabilities":["name"],"requestedComponents":["name"],"confidence":0.0,"rationale":"short reason"}
+{"purpose":"inform|compare|explore|collect|review|operate","interaction":"none|select|form|search|background|approval","dataNeed":"embedded|host-resource|worker","sideEffect":"none|local-state|external-action|approval-required","requestedTools":["name"],"requestedComponents":["name"],"confidence":0.0,"rationale":"short reason"}
 
 Rules:
-- Pick only capability and component names from the lists above.
+- Pick only tool and component names from the lists above.
 - Use "none" interaction for read-only summaries, comparisons, explainers, and dashboards.
 - Use "search" for host data lookup, browse, filter, or query surfaces.
 - Use "form" for submit/intake/collect surfaces.
@@ -439,7 +439,7 @@ async function resolveHostPolicy(
   input: HostPolicyResolutionRequest & { resolver: HostPolicyResolver | null },
 ): Promise<AgentPolicyResolution> {
   const narrowed = narrowSurfacePolicy(input.proposedSurfacePolicy, {
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
   });
   if (!input.resolver) {
@@ -447,7 +447,7 @@ async function resolveHostPolicy(
       source: 'default',
       proposedSurfacePolicy: input.proposedSurfacePolicy,
       surfacePolicy: narrowed.surfacePolicy,
-      rejectedCapabilities: narrowed.rejectedCapabilities,
+      rejectedTools: narrowed.rejectedTools,
       rejectedComponents: narrowed.rejectedComponents,
       fallback: narrowed.fallback,
     };
@@ -455,21 +455,21 @@ async function resolveHostPolicy(
 
   const hostPolicy = await input.resolver({
     prompt: input.prompt,
-    intent: input.intent,
+    goal: input.goal,
     proposedSurfacePolicy: narrowed.surfacePolicy,
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
   });
   const hostNarrowed = narrowSurfacePolicy(hostPolicy ?? { tier: 'static', purpose: 'inform' }, {
-    capabilities: input.capabilities ?? null,
+    tools: input.tools ?? null,
     components: input.components ?? null,
   });
   return {
     source: 'host',
     proposedSurfacePolicy: input.proposedSurfacePolicy,
     surfacePolicy: hostNarrowed.surfacePolicy,
-    rejectedCapabilities: [
-      ...new Set([...narrowed.rejectedCapabilities, ...hostNarrowed.rejectedCapabilities]),
+    rejectedTools: [
+      ...new Set([...narrowed.rejectedTools, ...hostNarrowed.rejectedTools]),
     ],
     rejectedComponents: [
       ...new Set([...narrowed.rejectedComponents, ...hostNarrowed.rejectedComponents]),
@@ -481,46 +481,46 @@ async function resolveHostPolicy(
 function narrowSurfacePolicy(
   policy: SurfacePolicy,
   options: {
-    capabilities: CapabilityPack | null;
+    tools: ToolPack | null;
     components: ComponentPack | null;
   },
 ): {
   surfacePolicy: SurfacePolicy;
-  rejectedCapabilities: string[];
+  rejectedTools: string[];
   rejectedComponents: string[];
   fallback: boolean;
 } {
-  const capabilityNames = new Set((options.capabilities?.intents ?? []).map((intent) => intent.name));
+  const toolNames = new Set((options.tools?.tools ?? []).map((tool) => tool.name));
   const componentNames = new Set((options.components?.components ?? []).map((component) => component.name));
   const rawGrants = Array.isArray(policy.grants) ? policy.grants.filter(isString) : [];
   const rawComponents = Array.isArray(policy.components) ? policy.components.filter(isString) : [];
-  const knownGrantNames = rawGrants.filter((name) => capabilityNames.has(name));
+  const knownGrantNames = rawGrants.filter((name) => toolNames.has(name));
   const knownComponentNames = rawComponents.filter((name) => componentNames.has(name));
-  const knownIntents = intentsByName(options.capabilities, knownGrantNames);
+  const knownTools = toolsByName(options.tools, knownGrantNames);
   const knownComponents = componentsByName(options.components, knownComponentNames);
 
-  const rejectedCapabilities = rawGrants.filter((name) => !capabilityNames.has(name));
+  const rejectedTools = rawGrants.filter((name) => !toolNames.has(name));
   const rejectedComponents = rawComponents.filter((name) => !componentNames.has(name));
-  const tier = strongestTier(policy.tier, knownIntents, knownComponents);
-  const grants = knownIntents
-    .filter((intent) => intentAllowedForTier(tier, intent))
-    .map((intent) => intent.name);
+  const tier = strongestTier(policy.tier, knownTools, knownComponents);
+  const grants = knownTools
+    .filter((tool) => toolAllowedForTier(tier, tool))
+    .map((tool) => tool.name);
   const components = knownComponents
     .filter((component) => componentAllowedForTier(tier, component))
     .map((component) => component.name);
 
   for (const name of knownGrantNames) {
-    if (!grants.includes(name)) rejectedCapabilities.push(name);
+    if (!grants.includes(name)) rejectedTools.push(name);
   }
   for (const name of knownComponentNames) {
     if (!components.includes(name)) rejectedComponents.push(name);
   }
 
   if ((tier === 'worker' && grants.length === 0 && !knownComponents.some((component) => componentSurfaceData(component) === 'worker')) ||
-    (tier === 'approval' && !knownIntents.some((intent) => intentAuthority(intent) === 'approval-gated'))) {
+    (tier === 'approval' && !knownTools.some((tool) => toolAuthority(tool) === 'approval-gated'))) {
     return {
       surfacePolicy: staticFallbackPolicy(policy),
-      rejectedCapabilities: [...new Set([...rejectedCapabilities, ...knownGrantNames])],
+      rejectedTools: [...new Set([...rejectedTools, ...knownGrantNames])],
       rejectedComponents: [...new Set([...rejectedComponents, ...knownComponentNames])],
       fallback: true,
     };
@@ -538,20 +538,20 @@ function narrowSurfacePolicy(
     persistence: policy.persistence === 'ephemeral' ? 'ephemeral' : 'replayable',
   };
   const compiled = compileSurfacePolicy(surfacePolicy, {
-    capabilities: options.capabilities,
+    tools: options.tools,
     components: options.components,
   });
   if (compiled.issues.some((issue) => issue.severity === 'block')) {
     return {
       surfacePolicy: staticFallbackPolicy(policy),
-      rejectedCapabilities: [...new Set([...rejectedCapabilities, ...knownGrantNames])],
+      rejectedTools: [...new Set([...rejectedTools, ...knownGrantNames])],
       rejectedComponents: [...new Set([...rejectedComponents, ...knownComponentNames])],
       fallback: true,
     };
   }
   return {
     surfacePolicy,
-    rejectedCapabilities: [...new Set(rejectedCapabilities)],
+    rejectedTools: [...new Set(rejectedTools)],
     rejectedComponents: [...new Set(rejectedComponents)],
     fallback: false,
   };
@@ -559,12 +559,12 @@ function narrowSurfacePolicy(
 
 function strongestTier(
   proposedTier: SurfacePolicy['tier'],
-  intents: IntentSpec[],
+  tools: ToolSpec[],
   components: ComponentSpec[],
 ): SurfacePolicy['tier'] {
   if (proposedTier === 'static') return 'static';
-  if (intents.some((intent) => intentAuthority(intent) === 'approval-gated')) return 'approval';
-  if (intents.some((intent) => intentData(intent) === 'worker') ||
+  if (tools.some((tool) => toolAuthority(tool) === 'approval-gated')) return 'approval';
+  if (tools.some((tool) => toolData(tool) === 'worker') ||
     components.some((component) => componentSurfaceData(component) === 'worker')) {
     return 'worker';
   }
@@ -579,10 +579,10 @@ function staticFallbackPolicy(policy: SurfacePolicy): SurfacePolicy {
   };
 }
 
-function intentAllowedForTier(tier: SurfacePolicy['tier'], intent: IntentSpec): boolean {
+function toolAllowedForTier(tier: SurfacePolicy['tier'], tool: ToolSpec): boolean {
   if (tier === 'static') return false;
-  const data = intentData(intent);
-  const authority = intentAuthority(intent);
+  const data = toolData(tool);
+  const authority = toolAuthority(tool);
   if (tier === 'worker') return data === 'worker';
   if (tier === 'approval') return authority === 'approval-gated';
   return data !== 'worker' && authority !== 'approval-gated';
@@ -597,64 +597,64 @@ function componentAllowedForTier(tier: SurfacePolicy['tier'], component: Compone
   return data !== 'worker' && authority !== 'approval-gated';
 }
 
-function inferCapabilityNames(prompt: string, pack: CapabilityPack | null): string[] {
-  const intents = pack?.intents ?? [];
-  if (intents.length === 0) return [];
+function inferToolNames(prompt: string, pack: ToolPack | null): string[] {
+  const tools = pack?.tools ?? [];
+  if (tools.length === 0) return [];
   const text = prompt.toLowerCase();
-  const directMatches = intents.filter((intent) => matchesCapabilityName(text, intent.name));
-  if (directMatches.length > 0) return directMatches.map((intent) => intent.name);
+  const directMatches = tools.filter((tool) => matchesToolName(text, tool.name));
+  if (directMatches.length > 0) return directMatches.map((tool) => tool.name);
 
   const approval = APPROVAL_RE.test(prompt)
-    ? intents.filter((intent) => intentAuthority(intent) === 'approval-gated')
+    ? tools.filter((tool) => toolAuthority(tool) === 'approval-gated')
     : [];
   if (approval.length > 0) return singleCandidateNames(approval);
 
   const worker = BACKGROUND_RE.test(prompt)
-    ? intents.filter((intent) => intentData(intent) === 'worker')
+    ? tools.filter((tool) => toolData(tool) === 'worker')
     : [];
   if (worker.length > 0) return singleCandidateNames(worker);
 
   const resource = SEARCH_RE.test(prompt)
-    ? intents.filter((intent) => intentData(intent) === 'host-resource')
+    ? tools.filter((tool) => toolData(tool) === 'host-resource')
     : [];
   if (resource.length > 0) return singleCandidateNames(resource);
 
-  const actions = intents.filter((intent) => capabilityMatchesActionClass(prompt, intent));
+  const actions = tools.filter((tool) => toolMatchesActionClass(prompt, tool));
   if (actions.length > 0) {
     return singleCandidateNames(actions);
   }
   return [];
 }
 
-function capabilityMatchesActionClass(prompt: string, intent: IntentSpec): boolean {
-  const data = intentData(intent);
-  const authority = intentAuthority(intent);
+function toolMatchesActionClass(prompt: string, tool: ToolSpec): boolean {
+  const data = toolData(tool);
+  const authority = toolAuthority(tool);
   if (authority !== 'host-action' || data === 'worker') return false;
   if (FORM_RE.test(prompt)) {
-    return capabilityClassMatches(intent, FORM_CAPABILITY_RE);
+    return toolClassMatches(tool, FORM_TOOL_RE);
   }
   if (SELECT_RE.test(prompt)) {
-    return capabilityClassMatches(intent, SELECT_CAPABILITY_RE);
+    return toolClassMatches(tool, SELECT_TOOL_RE);
   }
   return false;
 }
 
-function matchesCapabilityName(text: string, name: string): boolean {
+function matchesToolName(text: string, name: string): boolean {
   const normalizedName = name.toLowerCase();
   if (text.includes(normalizedName)) return true;
   const terms = normalizedName
-    .split(DIRECT_CAPABILITY_NAME_RE)
+    .split(DIRECT_TOOL_NAME_RE)
     .filter((term) => term.length > 2);
   if (terms.length === 0) return false;
   return terms.every((term) => text.includes(term));
 }
 
-function singleCandidateNames(intents: IntentSpec[]): string[] {
-  return intents.length === 1 ? [intents[0]!.name] : [];
+function singleCandidateNames(tools: ToolSpec[]): string[] {
+  return tools.length === 1 ? [tools[0]!.name] : [];
 }
 
-function capabilityClassMatches(intent: IntentSpec, pattern: RegExp): boolean {
-  return pattern.test(`${intent.name} ${intent.description}`);
+function toolClassMatches(tool: ToolSpec, pattern: RegExp): boolean {
+  return pattern.test(`${tool.name} ${tool.description}`);
 }
 
 function inferComponentNames(prompt: string, pack: ComponentPack | null): string[] {
@@ -672,7 +672,7 @@ function inferComponentNames(prompt: string, pack: ComponentPack | null): string
     .map((component) => component.name);
 }
 
-function normalizeSurfaceIntent(raw: Partial<SurfaceIntent>, fallback: SurfaceIntent): SurfaceIntent {
+function normalizeSurfaceGoal(raw: Partial<SurfaceGoal>, fallback: SurfaceGoal): SurfaceGoal {
   return {
     purpose: PURPOSES.has(raw.purpose as SurfacePurpose) ? raw.purpose as SurfacePurpose : fallback.purpose,
     interaction: enumValue(raw.interaction, ['none', 'select', 'form', 'search', 'background', 'approval']) ??
@@ -680,7 +680,7 @@ function normalizeSurfaceIntent(raw: Partial<SurfaceIntent>, fallback: SurfaceIn
     dataNeed: enumValue(raw.dataNeed, ['embedded', 'host-resource', 'worker']) ?? fallback.dataNeed,
     sideEffect: enumValue(raw.sideEffect, ['none', 'local-state', 'external-action', 'approval-required']) ??
       fallback.sideEffect,
-    requestedCapabilities: stringList(raw.requestedCapabilities),
+    requestedTools: stringList(raw.requestedTools),
     requestedComponents: stringList(raw.requestedComponents),
     confidence: typeof raw.confidence === 'number' && Number.isFinite(raw.confidence)
       ? Math.max(0, Math.min(1, raw.confidence))
@@ -689,29 +689,29 @@ function normalizeSurfaceIntent(raw: Partial<SurfaceIntent>, fallback: SurfaceIn
   };
 }
 
-function sanitizeSurfaceIntent(
-  intent: SurfaceIntent,
+function sanitizeSurfaceGoal(
+  goal: SurfaceGoal,
   options: {
-    capabilities: CapabilityPack | null;
+    tools: ToolPack | null;
     components: ComponentPack | null;
-    fallback: SurfaceIntent;
+    fallback: SurfaceGoal;
   },
-): SurfaceIntent {
-  const capabilityNames = new Set((options.capabilities?.intents ?? []).map((item) => item.name));
+): SurfaceGoal {
+  const toolNames = new Set((options.tools?.tools ?? []).map((item) => item.name));
   const componentNames = new Set((options.components?.components ?? []).map((item) => item.name));
-  const requestedCapabilities = intent.requestedCapabilities.filter((name) => capabilityNames.has(name));
-  const requestedComponents = intent.requestedComponents.filter((name) => componentNames.has(name));
+  const requestedTools = goal.requestedTools.filter((name) => toolNames.has(name));
+  const requestedComponents = goal.requestedComponents.filter((name) => componentNames.has(name));
   if (
-    intent.interaction !== 'none' &&
-    requestedCapabilities.length === 0 &&
+    goal.interaction !== 'none' &&
+    requestedTools.length === 0 &&
     requestedComponents.length === 0 &&
-    options.fallback.requestedCapabilities.length > 0
+    options.fallback.requestedTools.length > 0
   ) {
-    requestedCapabilities.push(...options.fallback.requestedCapabilities);
+    requestedTools.push(...options.fallback.requestedTools);
   }
   return {
-    ...intent,
-    requestedCapabilities: [...new Set(requestedCapabilities)],
+    ...goal,
+    requestedTools: [...new Set(requestedTools)],
     requestedComponents: [...new Set(requestedComponents)],
   };
 }
@@ -726,9 +726,9 @@ function inferPurpose(prompt: string): SurfacePurpose {
   return 'inform';
 }
 
-function intentsByName(pack: CapabilityPack | null | undefined, names: string[]): IntentSpec[] {
-  const byName = new Map((pack?.intents ?? []).map((intent) => [intent.name, intent]));
-  return names.map((name) => byName.get(name)).filter((intent): intent is IntentSpec => Boolean(intent));
+function toolsByName(pack: ToolPack | null | undefined, names: string[]): ToolSpec[] {
+  const byName = new Map((pack?.tools ?? []).map((tool) => [tool.name, tool]));
+  return names.map((name) => byName.get(name)).filter((tool): tool is ToolSpec => Boolean(tool));
 }
 
 function componentsByName(pack: ComponentPack | null | undefined, names: string[]): ComponentSpec[] {
@@ -736,15 +736,15 @@ function componentsByName(pack: ComponentPack | null | undefined, names: string[
   return names.map((name) => byName.get(name)).filter((component): component is ComponentSpec => Boolean(component));
 }
 
-function intentData(intent: IntentSpec): SurfaceIntentDataNeed {
-  return intent.surface?.data ?? (intent.kind === 'resource' ? 'host-resource' : 'embedded');
+function toolData(tool: ToolSpec): SurfaceGoalDataNeed {
+  return tool.surface?.data ?? (tool.kind === 'resource' ? 'host-resource' : 'embedded');
 }
 
-function intentAuthority(intent: IntentSpec): 'none' | 'read' | 'host-action' | 'approval-gated' {
-  return intent.surface?.authority ?? (intent.kind === 'resource' ? 'read' : 'host-action');
+function toolAuthority(tool: ToolSpec): 'none' | 'read' | 'host-action' | 'approval-gated' {
+  return tool.surface?.authority ?? (tool.kind === 'resource' ? 'read' : 'host-action');
 }
 
-function componentSurfaceData(component: ComponentSpec): SurfaceIntentDataNeed {
+function componentSurfaceData(component: ComponentSpec): SurfaceGoalDataNeed {
   return component.surface?.data ?? 'embedded';
 }
 
diff --git a/packages/server/src/compat.ts b/packages/server/src/compat.ts
deleted file mode 100644
index 0dc89d2..0000000
--- a/packages/server/src/compat.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-import type { ProtocolLine } from '@summon-internal/engine';
-import { runSurfaceGeneration } from './runner.js';
-import type {
-  GenerateSurfaceInput,
-  GenerationSummary,
-} from './types.js';
-
-export async function* generateSurfaceStream(
-  input: GenerateSurfaceInput,
-): AsyncGenerator<ProtocolLine, GenerationSummary, void> {
-  const queue: ProtocolLine[] = [];
-  let wake: (() => void) | null = null;
-  let done = false;
-  let summary: GenerationSummary | null = null;
-  let thrown: unknown;
-  const wakeConsumer = () => {
-    if (!wake) return;
-    wake();
-    wake = null;
-  };
-  const runner = runSurfaceGeneration(input, (line) => {
-    queue.push(line);
-    wakeConsumer();
-  })
-    .then((nextSummary) => {
-      summary = nextSummary;
-    })
-    .catch((err) => {
-      thrown = err;
-    })
-    .finally(() => {
-      done = true;
-      wakeConsumer();
-    });
-
-  while (!done || queue.length > 0) {
-    if (queue.length === 0) {
-      await new Promise<void>((resolve) => {
-        wake = resolve;
-      });
-      continue;
-    }
-    yield queue.shift()!;
-  }
-
-  await runner;
-  if (thrown) throw thrown;
-  return summary!;
-}
diff --git a/packages/server/src/edit.ts b/packages/server/src/edit.ts
deleted file mode 100644
index 01db8a6..0000000
--- a/packages/server/src/edit.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-import type { GenerateEditInput } from './types.js';
-
-export function buildEditBlock(edit: GenerateEditInput): string {
-  const target = edit.targetSections?.length
-    ? edit.targetSections.map((id) => `\`${id}\``).join(', ')
-    : 'any existing section, or emit `set /screen` first when adding/removing/reordering sections';
-  const sectionsJson = JSON.stringify(edit.sections);
-  const issues = edit.issues?.length
-    ? `\n\nKnown issues from the client:\n\`\`\`json\n${JSON.stringify(edit.issues)}\n\`\`\``
-    : '';
-
-  return `## Edit mode — patch an existing artifact
-
-The client is asking you to edit an already-rendered artifact. The server is stateless; the current artifact snapshot is included below.
-
-Rules:
-
-- Emit patch protocol lines only.
-- To replace a section, emit exactly one complete replacement \`add /section/<id>\` line for that section.
-- Do NOT re-emit unchanged sections.
-- Emit \`set /screen\` only when you intentionally reorder, add, or remove sections.
-- Target sections: ${target}.
-- Base revision: ${edit.baseRevision ?? 'unknown'}.
-
-Current section snapshot:
-
-\`\`\`json
-${sectionsJson}
-\`\`\`${issues}`;
-}
diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index a537f9e..407308b 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -1,21 +1,18 @@
-export { generateSurfaceStream } from './compat.js';
 export {
   defaultHostPolicyResolver,
-  inferSurfaceIntent,
+  inferSurfaceGoal,
   planAgentSurface,
-  policyFromIntent,
+  policyFromGoal,
   runAgentSurfaceGeneration,
 } from './agent-broker.js';
-export { buildEditBlock } from './edit.js';
-export { resolveSurfaceGenerationPlan } from './plan.js';
 export { runSurfaceGeneration } from './runner.js';
 export { summarizeContractIssues } from './summary.js';
 
 export type {
-  AgentIntentProvider,
-  AgentIntentRequest,
-  AgentIntentTextClient,
-  AgentIntentTextRequest,
+  AgentGoalProvider,
+  AgentGoalRequest,
+  AgentGoalTextClient,
+  AgentGoalTextRequest,
   AgentPolicyResolution,
   AgentSurfaceGenerationInput,
   AgentSurfaceGenerationSummary,
@@ -24,27 +21,20 @@ export type {
   AgentSurfacePlanningOptions,
   HostPolicyResolutionRequest,
   HostPolicyResolver,
-  SurfaceIntent,
-  SurfaceIntentDataNeed,
-  SurfaceIntentInteraction,
-  SurfaceIntentSideEffect,
-  SurfaceIntentSource,
+  SurfaceGoal,
+  SurfaceGoalDataNeed,
+  SurfaceGoalInteraction,
+  SurfaceGoalSideEffect,
+  SurfaceGoalSource,
 } from './agent-broker.js';
 
 export type {
-  GenerateEditInput,
   GenerateSurfaceInput,
   GenerationSummary,
   GhostGenerationContext,
-  RepairOptions,
-  RepairStats,
-  ResolvedSurfaceGenerationPlan,
-  ResolveSurfaceGenerationPlanInput,
   SummonModelChunk,
   SummonModelProvider,
   SummonModelRequest,
-  SummonRepairProvider,
-  SummonRepairRequest,
   SurfaceGenerationInput,
   SurfaceGenerationSummary,
 } from './types.js';
@@ -54,5 +44,4 @@ export type {
   ContractPromptBlock,
   ProtocolLine,
   ProtocolSkipMetaValue,
-  RepairFeedbackMetaValue,
 } from '@summon-internal/engine';
diff --git a/packages/server/src/plan.ts b/packages/server/src/plan.ts
deleted file mode 100644
index 8bd07f6..0000000
--- a/packages/server/src/plan.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-import {
-  DEFAULT_SURFACE_CEILING,
-  constrainSurfacePlan,
-  deriveSurfacePlanControls,
-  normalizeSurfaceCeiling,
-  normalizeSurfacePlan,
-  surfacePlanWithinCeiling,
-  type SurfacePlan,
-} from '@summon-internal/engine';
-import type {
-  ResolvedSurfaceGenerationPlan,
-  ResolveSurfaceGenerationPlanInput,
-} from './types.js';
-
-export function resolveSurfaceGenerationPlan(
-  input: ResolveSurfaceGenerationPlanInput,
-): ResolvedSurfaceGenerationPlan {
-  const ceiling = normalizeSurfaceCeiling(input.rawSurfaceCeiling) ?? DEFAULT_SURFACE_CEILING;
-  const explicit = normalizeSurfacePlan(input.rawSurfacePlan);
-  const explicitAccepted = Boolean(explicit && surfacePlanWithinCeiling(explicit, ceiling));
-  const source = explicitAccepted ? 'explicit' : 'default';
-  let surfacePlan = explicitAccepted ? explicit! : defaultSurfacePlanForMode(input.mode);
-
-  surfacePlan = constrainSurfacePlan(surfacePlan, ceiling);
-
-  const { mode, scriptPolicy } = deriveSurfacePlanControls(surfacePlan);
-  return { mode, scriptPolicy, surfacePlan, ceiling, explicitAccepted, source };
-}
-
-function defaultSurfacePlanForMode(mode: ResolveSurfaceGenerationPlanInput['mode']): SurfacePlan {
-  if (mode === 'static') {
-    return {
-      purpose: 'inform',
-      runtime: 'static',
-      data: 'embedded',
-      authority: 'none',
-      persistence: 'replayable',
-    };
-  }
-
-  return {
-    purpose: 'inform',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  };
-}
diff --git a/packages/server/src/repair.ts b/packages/server/src/repair.ts
deleted file mode 100644
index f8d9d84..0000000
--- a/packages/server/src/repair.ts
+++ /dev/null
@@ -1,187 +0,0 @@
-import type {
-  ContractIssue,
-  ContractPromptBlock,
-  ProtocolLine,
-  RepairFeedbackMetaValue,
-} from '@summon-internal/engine';
-import type {
-  RepairOptions,
-  SummonModelChunk,
-  SummonRepairProvider,
-  SurfaceGenerationInput,
-} from './types.js';
-
-export interface QueuedRepairTarget {
-  target: string;
-  line: ProtocolLine;
-  issue: ContractIssue;
-  feedback: RepairFeedbackMetaValue;
-}
-
-const DEFAULT_REPAIR_ATTEMPTS = 1;
-const DEFAULT_REPAIR_TARGETS = 2;
-
-export type NormalizedRepairOptions = {
-  enabled: false;
-  maxAttempts: number;
-  maxTargets: number;
-  provider?: undefined;
-} | {
-  enabled: true;
-  maxAttempts: number;
-  maxTargets: number;
-  provider: SummonRepairProvider;
-};
-
-export function normalizeRepairOptions(
-  repair: RepairOptions | null | undefined,
-): NormalizedRepairOptions {
-  if (!repair?.enabled || !repair.provider) {
-    return {
-      enabled: false,
-      maxAttempts: DEFAULT_REPAIR_ATTEMPTS,
-      maxTargets: DEFAULT_REPAIR_TARGETS,
-    };
-  }
-  return {
-    enabled: true,
-    maxAttempts: clampInt(repair.maxAttempts, 1, 3, DEFAULT_REPAIR_ATTEMPTS),
-    maxTargets: clampInt(repair.maxTargets, 1, 5, DEFAULT_REPAIR_TARGETS),
-    provider: repair.provider,
-  };
-}
-
-export async function runRepairForTarget(args: {
-  target: QueuedRepairTarget;
-  input: SurfaceGenerationInput;
-  promptBlocks: ContractPromptBlock[];
-  hardenRawLine: (raw: string) => Promise<{
-    outboundLines: ProtocolLine[];
-    acceptedLines: ProtocolLine[];
-    blocked?: ContractIssue;
-  }>;
-  acceptRepairResult: (result: {
-    outboundLines: ProtocolLine[];
-    acceptedLines: ProtocolLine[];
-  }) => Promise<void>;
-  writeProtocolLine: (line: ProtocolLine) => Promise<void>;
-  writeRepairFeedback: (feedback: RepairFeedbackMetaValue) => Promise<void>;
-  repair: Extract<NormalizedRepairOptions, { enabled: true }>;
-}): Promise<boolean> {
-  const { target, input, promptBlocks, hardenRawLine, acceptRepairResult, writeProtocolLine, writeRepairFeedback, repair } = args;
-  const sectionId = sectionIdFromTarget(target.target);
-  for (let attempt = 1; attempt <= repair.maxAttempts; attempt++) {
-    await writeProtocolLine({ op: 'meta', path: '/status', value: `repairing ${sectionId}` });
-    try {
-      const rawRepair = await repair.provider({
-        prompt: buildRepairPrompt(target),
-        promptBlocks,
-        target: target.target,
-        sectionId,
-        issue: target.issue,
-        rejectedLine: target.line,
-        feedback: target.feedback,
-        attempt,
-        signal: input.signal,
-      });
-      const text = await collectRepairText(rawRepair);
-      const lines = extractProtocolCandidateLines(text);
-      if (lines.length !== 1) {
-        await writeRepairFeedback({
-          ...target.feedback,
-          status: 'failed',
-          attempt,
-          retryable: attempt < repair.maxAttempts,
-          rawPreview: previewText(text),
-          hints: ['Repair must return exactly one JSONL replacement line.'],
-        });
-        continue;
-      }
-
-      const result = await hardenRawLine(lines[0]!);
-      const acceptedTarget = result.acceptedLines.some(
-        (line) => line.op === 'add' && line.path === target.target,
-      );
-      if (result.blocked || !acceptedTarget) {
-        await writeRepairFeedback({
-          ...target.feedback,
-          status: 'failed',
-          attempt,
-          retryable: attempt < repair.maxAttempts,
-          rawPreview: previewText(lines[0]!),
-          hints: result.blocked
-            ? [`Repair still failed validation: ${result.blocked.message}`]
-            : ['Repair must target the same path.'],
-        });
-        continue;
-      }
-
-      await acceptRepairResult(result);
-      await writeRepairFeedback({
-        ...target.feedback,
-        status: 'repaired',
-        attempt,
-        retryable: false,
-        hints: ['Replacement target accepted.'],
-      });
-      return true;
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      await writeRepairFeedback({
-        ...target.feedback,
-        status: 'failed',
-        attempt,
-        retryable: attempt < repair.maxAttempts,
-        hints: [`Repair call failed: ${message}`],
-      });
-    }
-  }
-  return false;
-}
-
-function buildRepairPrompt(target: QueuedRepairTarget): string {
-  return `A previous Summon patch was blocked by validation.
-
-Target path: ${target.target}
-Issue: ${target.issue.code} — ${target.issue.message}
-
-Output exactly one JSONL protocol line: a complete replacement add line for the same target path (${target.target}). Do not emit markdown, prose, meta lines, set /screen, or multiple lines.
-
-Blocked original line:
-${JSON.stringify(target.line)}`;
-}
-
-function sectionIdFromTarget(target: string): string {
-  if (!target.startsWith('/section/')) return target;
-  const suffix = target.slice('/section/'.length);
-  return suffix.split('/', 1)[0] || target;
-}
-
-async function collectRepairText(
-  raw: string | AsyncIterable<SummonModelChunk>,
-): Promise<string> {
-  if (typeof raw === 'string') return raw;
-  let out = '';
-  for await (const chunk of raw) {
-    if (typeof chunk === 'string') out += chunk;
-    else if (chunk.type === 'text') out += chunk.text;
-  }
-  return out.trim();
-}
-
-function extractProtocolCandidateLines(text: string): string[] {
-  return text
-    .split(/\r?\n/)
-    .map((line) => line.trim())
-    .filter((line) => line.startsWith('{') && line.endsWith('}'));
-}
-
-function previewText(text: string): string {
-  const cleaned = text.replace(/\s+/g, ' ').trim();
-  return cleaned.length > 240 ? `${cleaned.slice(0, 239)}…` : cleaned;
-}
-
-function clampInt(value: unknown, min: number, max: number, fallback: number): number {
-  if (typeof value !== 'number' || !Number.isFinite(value)) return fallback;
-  return Math.max(min, Math.min(max, Math.floor(value)));
-}
diff --git a/packages/server/src/runner.ts b/packages/server/src/runner.ts
index 29c6176..41c9723 100644
--- a/packages/server/src/runner.ts
+++ b/packages/server/src/runner.ts
@@ -15,6 +15,5 @@ export async function runSurfaceGeneration(
     return session.finalize();
   }
   await session.consumeProvider();
-  await session.runQueuedRepairs();
   return session.finalize();
 }
diff --git a/packages/server/src/session.ts b/packages/server/src/session.ts
index 89ec771..3d48613 100644
--- a/packages/server/src/session.ts
+++ b/packages/server/src/session.ts
@@ -10,19 +10,10 @@ import {
   type ProtocolHardener,
   type ProtocolHardenerResult,
   type ProtocolLine,
-  type RepairFeedbackMetaValue,
   type SurfaceContractView,
 } from '@summon-internal/engine';
-import { buildEditBlock } from './edit.js';
-import {
-  normalizeRepairOptions,
-  runRepairForTarget,
-  type NormalizedRepairOptions,
-  type QueuedRepairTarget,
-} from './repair.js';
 import { writeFinalSummaries } from './summary.js';
 import type {
-  RepairStats,
   SurfaceGenerationInput,
   SurfaceGenerationSummary,
 } from './types.js';
@@ -36,24 +27,15 @@ export class SurfaceGenerationSession {
   private readonly emittedLines: ProtocolLine[] = [];
   private readonly validationIssues: ContractIssue[];
   private readonly streamGraph = new StreamGraph();
-  private readonly repair: NormalizedRepairOptions;
-  private readonly repairStats: RepairStats = {
-    queued: 0,
-    cancelled: 0,
-    repaired: 0,
-    failed: 0,
-  };
-  private readonly repairQueue = new Map<string, QueuedRepairTarget>();
   private blocked = false;
 
   constructor(
     private readonly input: SurfaceGenerationInput,
     private readonly emit: (line: ProtocolLine) => void | Promise<void>,
   ) {
-    const editBlock = input.edit ? buildEditBlock(input.edit) : input.editBlock ?? null;
     this.surfacePolicy = input.surfacePolicy
       ? compileSurfacePolicy(input.surfacePolicy, {
-          capabilities: input.capabilities ?? null,
+          tools: input.tools ?? null,
           components: input.components ?? null,
         })
       : null;
@@ -61,16 +43,14 @@ export class SurfaceGenerationSession {
       ? surfaceContractViewFromCompiledPolicy(this.surfacePolicy, input.layout ?? null)
       : null;
     this.systemContracts = compileSystemContracts({
-      mode: this.surfacePolicy?.mode ?? input.mode ?? 'static',
+      mode: this.surfacePolicy?.mode ?? 'static',
       direction: input.direction ?? null,
       ghost: input.ghost ?? null,
       layout: input.layout ?? null,
-      editBlock,
       experimentalPromptBlock: input.experimentalPromptBlock ?? null,
-      capabilities: this.surfacePolicy?.capabilities ?? input.capabilities ?? null,
+      tools: this.surfacePolicy?.tools ?? input.tools ?? null,
       components: this.surfacePolicy?.components ?? input.components ?? null,
-      scriptPolicy: this.surfacePolicy?.scriptPolicy ?? input.scriptPolicy,
-      surfacePlan: this.surfacePolicy?.surfacePlan ?? input.surfacePlan ?? null,
+      surfacePlan: this.surfacePolicy?.surfacePlan ?? null,
       surfaceContract: this.surfaceContract,
       tokenOverrides: input.tokenOverrides,
       activeTokensCss: input.activeTokensCss ?? null,
@@ -79,18 +59,13 @@ export class SurfaceGenerationSession {
     this.hardener = createProtocolHardener({
       validationContext: {
         ...this.systemContracts.validationContext,
-        experimentalFragmentMode: input.experimentalFragmentMode ?? 'section',
       },
-      layout: input.layout ?? null,
-      initialScreenSections: input.initialScreenSections ?? input.edit?.sections.map((section) => section.id),
-      allowedSectionIds: input.allowedSectionIds ?? input.edit?.targetSections,
     });
 
     this.validationIssues = [
       ...(this.surfacePolicy?.issues ?? []),
       ...this.systemContracts.issues,
     ];
-    this.repair = normalizeRepairOptions(input.repair);
   }
 
   async writeStartupLines(): Promise<void> {
@@ -100,9 +75,8 @@ export class SurfaceGenerationSession {
     if (this.surfacePolicy) {
       await this.writeProtocolLine({ op: 'meta', path: '/surface-policy', value: this.surfacePolicy.policy });
     }
-    const surfacePlan = this.surfacePolicy?.surfacePlan ?? this.input.surfacePlan;
-    if (surfacePlan) {
-      await this.writeProtocolLine({ op: 'meta', path: '/surface-plan', value: surfacePlan });
+    if (this.surfacePolicy?.surfacePlan) {
+      await this.writeProtocolLine({ op: 'meta', path: '/surface-plan', value: this.surfacePolicy.surfacePlan });
     }
     if (this.surfaceContract) {
       await this.writeProtocolLine({ op: 'meta', path: '/surface-contract', value: this.surfaceContract });
@@ -144,39 +118,11 @@ export class SurfaceGenerationSession {
     }
   }
 
-  async runQueuedRepairs(): Promise<void> {
-    if (!this.repair.enabled || this.blocked || this.repairQueue.size === 0) return;
-
-    const targets = Array.from(this.repairQueue.values()).slice(0, this.repair.maxTargets);
-    for (const target of targets) {
-      if (this.blocked) break;
-      if (!this.repairQueue.has(target.target)) continue;
-      const repaired = await runRepairForTarget({
-        target,
-        input: this.input,
-        promptBlocks: this.systemContracts.promptBlocks,
-        hardenRawLine: (raw) => this.hardenRawRepairLine(raw),
-        acceptRepairResult: (result) => this.acceptHardenedResult(result, { cancelQueuedRepairs: false }),
-        writeProtocolLine: (line) => this.writeProtocolLine(line),
-        writeRepairFeedback: (feedback) => this.writeRepairFeedback(feedback),
-        repair: this.repair,
-      });
-      this.repairQueue.delete(target.target);
-      if (repaired) this.repairStats.repaired += 1;
-      else {
-        this.repairStats.failed += 1;
-        await this.blockGeneration(target.issue);
-      }
-    }
-  }
-
   async finalize(): Promise<SurfaceGenerationSummary> {
     await writeFinalSummaries({
       writeProtocolLine: (line) => this.writeProtocolLine(line),
       validationIssues: this.validationIssues,
       streamGraph: this.streamGraph,
-      repair: this.repair,
-      repairStats: this.repairStats,
     });
     return this.summary();
   }
@@ -197,72 +143,29 @@ export class SurfaceGenerationSession {
     if (this.blocked) return;
     const result = this.hardener.processRawLine(raw);
     this.validationIssues.push(...result.issues);
-    if (this.repair.enabled) {
-      for (const feedback of result.repairFeedback ?? []) {
-        await this.writeRepairFeedback(feedback);
-      }
-    }
     if (result.blocked) {
-      if (this.enqueueRepair(result.rejectedLine, result.blocked, result.repairFeedback?.[0])) return;
       await this.blockGeneration(result.blocked);
       return;
     }
 
-    await this.acceptHardenedResult(result, { cancelQueuedRepairs: true });
-  }
-
-  private async hardenRawRepairLine(raw: string): Promise<ProtocolHardenerResult> {
-    const result = this.hardener.processRawLine(raw);
-    this.validationIssues.push(...result.issues);
-    for (const feedback of result.repairFeedback ?? []) {
-      await this.writeRepairFeedback(feedback);
-    }
-    return result;
+    await this.acceptHardenedResult(result);
   }
 
   private async acceptHardenedResult(
     result: Pick<ProtocolHardenerResult, 'acceptedLines' | 'outboundLines'>,
-    options: { cancelQueuedRepairs: boolean },
   ): Promise<void> {
     this.acceptedLines.push(...result.acceptedLines);
-    if (options.cancelQueuedRepairs) {
-      this.cancelQueuedRepairsForAcceptedLines(result.acceptedLines);
-    }
     for (const line of result.outboundLines) {
       await this.writeProtocolLine(line);
     }
   }
 
-  private enqueueRepair(
-    line: ProtocolLine | undefined,
-    issue: ContractIssue,
-    feedback: RepairFeedbackMetaValue | undefined,
-  ): boolean {
-    if (!this.repair.enabled || !line || line.op !== 'add' || !feedback?.retryable) return false;
-    if (this.repairQueue.size >= this.repair.maxTargets && !this.repairQueue.has(line.path)) return false;
-    this.repairQueue.set(line.path, { target: line.path, line, issue, feedback });
-    this.repairStats.queued += 1;
-    return true;
-  }
-
-  private cancelQueuedRepairsForAcceptedLines(lines: ProtocolLine[]): void {
-    for (const line of lines) {
-      if (line.op !== 'add') continue;
-      if (!this.repairQueue.delete(line.path)) continue;
-      this.repairStats.cancelled += 1;
-    }
-  }
-
   private async writeProtocolLine(line: ProtocolLine): Promise<void> {
     this.emittedLines.push(line);
     this.streamGraph.applyLine(line);
     await this.emit(line);
   }
 
-  private async writeRepairFeedback(feedback: RepairFeedbackMetaValue): Promise<void> {
-    await this.writeProtocolLine({ op: 'meta', path: '/repair-feedback', value: feedback });
-  }
-
   private async blockGeneration(issue: ContractIssue): Promise<void> {
     if (this.blocked) return;
     this.blocked = true;
@@ -282,7 +185,6 @@ export class SurfaceGenerationSession {
       validationIssues: this.validationIssues,
       streamGraph: this.streamGraph.snapshot(),
       blocked: this.blocked,
-      repairStats: this.repair.enabled ? this.repairStats : null,
     };
   }
 }
diff --git a/packages/server/src/summary.ts b/packages/server/src/summary.ts
index 1d4ba44..edccb57 100644
--- a/packages/server/src/summary.ts
+++ b/packages/server/src/summary.ts
@@ -1,5 +1,4 @@
 import type { ContractIssue, ProtocolLine, StreamGraph } from '@summon-internal/engine';
-import type { RepairStats } from './types.js';
 
 const MAX_VALIDATION_EXAMPLES = 8;
 
@@ -30,16 +29,7 @@ export async function writeFinalSummaries(args: {
   writeProtocolLine: (line: ProtocolLine) => Promise<void>;
   validationIssues: ContractIssue[];
   streamGraph: StreamGraph;
-  repair: { enabled: boolean };
-  repairStats: RepairStats;
 }) {
-  if (args.repair.enabled) {
-    await args.writeProtocolLine({
-      op: 'meta',
-      path: '/repair-summary',
-      value: args.repairStats,
-    });
-  }
   if (args.validationIssues.length > 0) {
     await args.writeProtocolLine({
       op: 'meta',
diff --git a/packages/server/src/types.ts b/packages/server/src/types.ts
index 4c6e135..7c74123 100644
--- a/packages/server/src/types.ts
+++ b/packages/server/src/types.ts
@@ -1,19 +1,14 @@
 import type {
-  CapabilityPack,
+  ToolPack,
   ComponentPack,
   ContractIssue,
   ContractPromptBlock,
   DirectionContractInput,
   GhostGenerationContext,
   ProtocolLine,
-  RepairFeedbackMetaValue,
-  ScriptPolicy,
-  SectionAccumulatorSnapshot,
   StreamGraphSnapshot,
   SummonLayout,
   SurfacePolicy,
-  SurfaceCeiling,
-  SurfacePlan,
   TokenOverride,
 } from '@summon-internal/engine';
 
@@ -34,99 +29,28 @@ export type SummonModelProvider = (
   request: SummonModelRequest,
 ) => AsyncIterable<SummonModelChunk> | Promise<AsyncIterable<SummonModelChunk>>;
 
-export interface GenerateEditInput {
-  baseRevision: number | null;
-  sections: SectionAccumulatorSnapshot['sections'];
-  targetSections?: string[];
-  issues?: unknown[];
-}
-
-export interface SummonRepairRequest {
-  prompt: string;
-  promptBlocks: ContractPromptBlock[];
-  target: string;
-  sectionId: string;
-  issue: ContractIssue;
-  rejectedLine: ProtocolLine;
-  feedback: RepairFeedbackMetaValue;
-  attempt: number;
-  signal?: AbortSignal;
-}
-
-export type SummonRepairProvider = (
-  request: SummonRepairRequest,
-) =>
-  | string
-  | Promise<string>
-  | AsyncIterable<SummonModelChunk>
-  | Promise<AsyncIterable<SummonModelChunk>>;
-
-export interface RepairOptions {
-  enabled: boolean;
-  maxAttempts?: number;
-  maxTargets?: number;
-  provider?: SummonRepairProvider;
-}
-
-export interface ResolvedSurfaceGenerationPlan {
-  mode: 'static' | 'interactive';
-  scriptPolicy: ScriptPolicy;
-  surfacePlan: SurfacePlan;
-  ceiling: SurfaceCeiling;
-  explicitAccepted: boolean;
-  source: 'explicit' | 'default';
-}
-
-export interface ResolveSurfaceGenerationPlanInput {
-  /** @deprecated Ignored by plan resolution. Hosts must pass rawSurfacePlan to select authority. */
-  prompt: string;
-  mode: 'static' | 'interactive';
-  scriptPolicy?: ScriptPolicy;
-  /** @deprecated Ignored by plan resolution. Capability metadata is not authority. */
-  capabilities?: CapabilityPack | null;
-  rawSurfacePlan?: unknown;
-  rawSurfaceCeiling?: unknown;
-}
-
 export interface SurfaceGenerationInput {
   prompt: string;
   modelProvider: SummonModelProvider;
-  mode?: 'static' | 'interactive';
   direction?: DirectionContractInput | null;
   ghost?: GhostGenerationContext | null;
   layout?: SummonLayout | null;
-  edit?: GenerateEditInput | null;
-  editBlock?: string | null;
   experimentalPromptBlock?: ContractPromptBlock | null;
-  capabilities?: CapabilityPack | null;
+  tools?: ToolPack | null;
   components?: ComponentPack | null;
   surfacePolicy?: SurfacePolicy | null;
-  scriptPolicy?: ScriptPolicy;
-  surfacePlan?: SurfacePlan | null;
   tokenOverrides?: TokenOverride[];
   activeTokensCss?: string | null;
-  experimentalFragmentMode?: 'section' | 'block-v0' | 'html-node-v0';
   preludeLines?: ProtocolLine[];
-  repair?: RepairOptions | null;
-  initialScreenSections?: string[];
-  allowedSectionIds?: Iterable<string>;
   signal?: AbortSignal;
 }
 
-export interface RepairStats {
-  queued: number;
-  cancelled: number;
-  repaired: number;
-  failed: number;
-}
-
 export interface SurfaceGenerationSummary {
   acceptedLines: ProtocolLine[];
   emittedLines: ProtocolLine[];
   validationIssues: ContractIssue[];
   streamGraph: StreamGraphSnapshot;
   blocked: boolean;
-  repairStats: RepairStats | null;
 }
 
 export type GenerationSummary = SurfaceGenerationSummary;
diff --git a/packages/server/test/agent-broker.test.ts b/packages/server/test/agent-broker.test.ts
index 43f70e3..f7c414d 100644
--- a/packages/server/test/agent-broker.test.ts
+++ b/packages/server/test/agent-broker.test.ts
@@ -1,19 +1,19 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 import {
-  inferSurfaceIntent,
+  inferSurfaceGoal,
   planAgentSurface,
   runAgentSurfaceGeneration,
-  type AgentIntentTextClient,
+  type AgentGoalTextClient,
   type SummonModelProvider,
 } from '../src/index.ts';
 import type {
-  CapabilityPack,
+  ToolPack,
   ProtocolLine,
 } from '@summon-internal/engine';
 
-const capabilities: CapabilityPack = {
-  intents: [
+const tools: ToolPack = {
+  tools: [
     {
       name: 'search',
       description: 'Search host-owned recipe data.',
@@ -49,9 +49,23 @@ const capabilities: CapabilityPack = {
   ],
 };
 
-const multiToolCapabilities: CapabilityPack = {
-  intents: [
-    ...capabilities.intents,
+function arrowProtocolLine(html: string): string {
+  const source = html.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+  return `${JSON.stringify({
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': `import { html } from "@arrow-js/core";\nexport default html\`${source}\`;`,
+      },
+    },
+  })}\n`;
+}
+
+const multiToolPack: ToolPack = {
+  tools: [
+    ...tools.tools,
     {
       name: 'delete_record',
       description: 'Delete a selected record after host approval.',
@@ -87,22 +101,22 @@ const multiToolCapabilities: CapabilityPack = {
   ],
 };
 
-test('inferSurfaceIntent maps search prompts to host-resource intent', () => {
-  const intent = inferSurfaceIntent(
+test('inferSurfaceGoal maps search prompts to host-resource tool', () => {
+  const tool = inferSurfaceGoal(
     'build a dinner finder where i can search recipes and browse results',
-    { capabilities },
+    { tools },
   );
 
-  assert.equal(intent.purpose, 'explore');
-  assert.equal(intent.interaction, 'search');
-  assert.equal(intent.dataNeed, 'host-resource');
-  assert.deepEqual(intent.requestedCapabilities, ['search']);
+  assert.equal(tool.purpose, 'explore');
+  assert.equal(tool.interaction, 'search');
+  assert.equal(tool.dataNeed, 'host-resource');
+  assert.deepEqual(tool.requestedTools, ['search']);
 });
 
 test('planAgentSurface proposes and compiles a declarative policy', async () => {
   const plan = await planAgentSurface({
     prompt: 'build a dinner finder where i can search recipes',
-    capabilities,
+    tools,
   });
 
   assert.deepEqual(plan.surfacePolicy, {
@@ -111,44 +125,45 @@ test('planAgentSurface proposes and compiles a declarative policy', async () =>
     grants: ['search'],
     persistence: 'replayable',
   });
-  assert.equal(plan.intentSource, 'deterministic');
+  assert.equal(plan.goalSource, 'deterministic');
   assert.deepEqual(plan.compiledPolicy.issues, []);
-  assert.deepEqual(plan.compiledPolicy.surfacePlan, {
-    purpose: 'explore',
-    runtime: 'declarative',
-    data: 'host-resource',
-    authority: 'read',
-    persistence: 'replayable',
-  });
+    assert.deepEqual(plan.compiledPolicy.surfacePlan, {
+      purpose: 'explore',
+      runtime: 'arrow',
+      data: 'host-resource',
+      authority: 'read',
+      persistence: 'replayable',
+      network: 'none',
+    });
 });
 
 test('planAgentSurface keeps passive summary prompts static despite powerful nouns', async () => {
   const updateSummary = await planAgentSurface({
     prompt: 'make a product update summary for this launch',
-    capabilities,
+    tools,
   });
   assert.equal(updateSummary.surfacePolicy.tier, 'static');
   assert.equal(updateSummary.surfacePolicy.grants, undefined);
 
   const riskSummary = await planAgentSurface({
     prompt: 'summarize launch risk for next week',
-    capabilities,
+    tools,
   });
   assert.equal(riskSummary.surfacePolicy.tier, 'static');
   assert.equal(riskSummary.surfacePolicy.grants, undefined);
 });
 
-test('planAgentSurface selects worker and approval tiers from catalog-backed intent', async () => {
+test('planAgentSurface selects worker and approval tiers from catalog-backed tool', async () => {
   const worker = await planAgentSurface({
     prompt: 'analyze launch risk in the background and score readiness',
-    capabilities,
+    tools,
   });
   assert.equal(worker.surfacePolicy.tier, 'worker');
   assert.deepEqual(worker.surfacePolicy.grants, ['analysis']);
 
   const approval = await planAgentSurface({
     prompt: 'publish the prepared product update summary',
-    capabilities,
+    tools,
   });
   assert.equal(approval.surfacePolicy.tier, 'approval');
   assert.deepEqual(approval.surfacePolicy.grants, ['publish_summary']);
@@ -158,22 +173,22 @@ test('planAgentSurface selects worker and approval tiers from catalog-backed int
 test('planAgentSurface keeps multi-tool class inference narrow', async () => {
   const approval = await planAgentSurface({
     prompt: 'publish the prepared summary',
-    capabilities: multiToolCapabilities,
+    tools: multiToolPack,
   });
   assert.equal(approval.surfacePolicy.tier, 'approval');
   assert.deepEqual(approval.surfacePolicy.grants, ['publish_summary']);
 
   const search = await planAgentSurface({
     prompt: 'search recipes for dinner',
-    capabilities: multiToolCapabilities,
+    tools: multiToolPack,
   });
   assert.equal(search.surfacePolicy.tier, 'declarative');
   assert.deepEqual(search.surfacePolicy.grants, ['search']);
 
   const ambiguousSearch = await planAgentSurface({
     prompt: 'search the host data',
-    capabilities: {
-      intents: [
+    tools: {
+      tools: [
         {
           name: 'recipe_lookup',
           description: 'Look up recipe data.',
@@ -200,29 +215,30 @@ test('planAgentSurface keeps multi-tool class inference narrow', async () => {
 test('planAgentSurface selects host actions only from explicit action phrasing', async () => {
   const plan = await planAgentSurface({
     prompt: 'let me save a choice for the launch announcement',
-    capabilities,
+    tools,
   });
 
   assert.equal(plan.surfacePolicy.tier, 'declarative');
   assert.equal(plan.surfacePolicy.purpose, 'operate');
   assert.deepEqual(plan.surfacePolicy.grants, ['choose']);
-  assert.deepEqual(plan.compiledPolicy.surfacePlan, {
-    purpose: 'operate',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'host-action',
-    persistence: 'replayable',
-  });
+    assert.deepEqual(plan.compiledPolicy.surfacePlan, {
+      purpose: 'operate',
+      runtime: 'arrow',
+      data: 'embedded',
+      authority: 'host-action',
+      persistence: 'replayable',
+      network: 'none',
+    });
 });
 
-test('model-assisted intent can narrow to known names but cannot add unknown grants', async () => {
-  const intentModel: AgentIntentTextClient = {
+test('model-assisted tool can narrow to known names but cannot add unknown grants', async () => {
+  const goalModel: AgentGoalTextClient = {
     completeText: async () => JSON.stringify({
       purpose: 'operate',
       interaction: 'approval',
       dataNeed: 'embedded',
       sideEffect: 'approval-required',
-      requestedCapabilities: ['missing', 'publish_summary'],
+      requestedTools: ['missing', 'publish_summary'],
       requestedComponents: ['MysteryCard'],
       confidence: 0.91,
     }),
@@ -230,33 +246,33 @@ test('model-assisted intent can narrow to known names but cannot add unknown gra
 
   const plan = await planAgentSurface({
     prompt: 'publish the prepared product update summary',
-    capabilities,
-    intentModel,
+    tools,
+    goalModel,
   });
 
   assert.equal(plan.surfacePolicy.tier, 'approval');
-  assert.equal(plan.intentSource, 'model');
+  assert.equal(plan.goalSource, 'model');
   assert.deepEqual(plan.surfacePolicy.grants, ['publish_summary']);
   assert.equal(plan.surfacePolicy.components, undefined);
-  assert.deepEqual(plan.policyResolution.rejectedCapabilities, []);
+  assert.deepEqual(plan.policyResolution.rejectedTools, []);
 });
 
-test('provided intent is reported separately from model and deterministic sources', async () => {
+test('provided tool is reported separately from model and deterministic sources', async () => {
   const plan = await planAgentSurface({
     prompt: 'show the matching recipes',
-    capabilities,
-    intent: {
+    tools,
+    goal: {
       purpose: 'explore',
       interaction: 'search',
       dataNeed: 'host-resource',
       sideEffect: 'none',
-      requestedCapabilities: ['search'],
+      requestedTools: ['search'],
       requestedComponents: [],
       confidence: 1,
     },
   });
 
-  assert.equal(plan.intentSource, 'provided');
+  assert.equal(plan.goalSource, 'provided');
   assert.equal(plan.surfacePolicy.tier, 'declarative');
   assert.deepEqual(plan.surfacePolicy.grants, ['search']);
 });
@@ -264,7 +280,7 @@ test('provided intent is reported separately from model and deterministic source
 test('host policy resolver can force a static fallback', async () => {
   const plan = await planAgentSurface({
     prompt: 'build a dinner finder where i can search recipes',
-    capabilities,
+    tools,
     hostPolicyResolver: () => null,
   });
 
@@ -280,28 +296,27 @@ test('host policy resolver can force a static fallback', async () => {
 test('runAgentSurfaceGeneration emits agent diagnostics before policy metadata', async () => {
   const lines: ProtocolLine[] = [];
   const provider: SummonModelProvider = async function* () {
-    yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    yield '{"op":"add","path":"/section/hero","html":"<section><h1>Dinner finder</h1><p>Ready.</p></section>"}\n';
+    yield arrowProtocolLine('<section><h1>Dinner finder</h1><p>Ready.</p></section>');
   };
 
   const summary = await runAgentSurfaceGeneration({
     prompt: 'build a dinner finder where i can search recipes',
-    capabilities,
+    tools,
     modelProvider: provider,
   }, (line) => {
     lines.push(line);
   });
 
   assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
-    'meta /agent-intent',
+    'meta /agent-goal',
     'meta /agent-policy-resolution',
     'meta /surface-policy',
     'meta /surface-plan',
     'meta /surface-contract',
   ]);
   assert.equal(summary.agent.surfacePolicy.tier, 'declarative');
-  assert.equal(summary.agent.intentSource, 'deterministic');
+  assert.equal(summary.agent.goalSource, 'deterministic');
   const policyResolution = lines[1] as Extract<ProtocolLine, { op: 'meta' }>;
-  assert.equal((policyResolution.value as { intentSource?: unknown }).intentSource, 'deterministic');
+  assert.equal((policyResolution.value as { goalSource?: unknown }).goalSource, 'deterministic');
   assert.equal(summary.blocked, false);
 });
diff --git a/packages/server/test/generate-surface-stream.test.ts b/packages/server/test/generate-surface-stream.test.ts
deleted file mode 100644
index 26fe7eb..0000000
--- a/packages/server/test/generate-surface-stream.test.ts
+++ /dev/null
@@ -1,629 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import {
-  generateSurfaceStream,
-  resolveSurfaceGenerationPlan,
-  runSurfaceGeneration,
-  summarizeContractIssues,
-  type GenerationSummary,
-  type ProtocolLine,
-  type SummonModelProvider,
-} from '../src/index.ts';
-
-const surfacePlan = {
-  purpose: 'inform',
-  runtime: 'static',
-  data: 'embedded',
-  authority: 'none',
-  persistence: 'replayable',
-} as const;
-
-async function collectGenerator(stream: AsyncGenerator<ProtocolLine, GenerationSummary, void>) {
-  const lines: ProtocolLine[] = [];
-  let next = await stream.next();
-  while (!next.done) {
-    lines.push(next.value);
-    next = await stream.next();
-  }
-  return { lines, summary: next.value as GenerationSummary };
-}
-
-test('generateSurfaceStream hardens provider JSONL and returns replay summary', async () => {
-  const provider: SummonModelProvider = async function* () {
-    yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-  };
-
-  const { lines, summary } = await collectGenerator(generateSurfaceStream({
-    prompt: 'hello',
-    modelProvider: provider,
-    mode: 'static',
-  }));
-
-  assert.deepEqual(lines.slice(0, 2).map((line) => line.op), ['set', 'add']);
-  assert.equal(lines.at(-1)?.path, '/stream-graph-summary');
-  assert.equal(summary.blocked, false);
-  assert.equal(summary.acceptedLines.length, 2);
-  assert.equal(summary.streamGraph.sections.length, 1);
-});
-
-test('generateSurfaceStream blocks unsafe sections', async () => {
-  const provider: SummonModelProvider = async function* () {
-    yield '{"op":"add","path":"/section/hero","html":"<script>alert(1)</script>"}\n';
-  };
-
-  const { lines, summary } = await collectGenerator(generateSurfaceStream({
-    prompt: 'hello',
-    modelProvider: provider,
-    mode: 'static',
-  }));
-
-  assert.equal(summary.blocked, true);
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-  assert.ok(lines.some((line) => line.path === '/error'));
-  assert.equal(lines.at(-1)?.path, '/stream-graph-summary');
-});
-
-test('summarizeContractIssues includes bounded examples per issue code', () => {
-  const summary = summarizeContractIssues([
-    {
-      source: 'html',
-      severity: 'block',
-      code: 'unsafe-tag',
-      message: 'bad tag',
-    },
-    {
-      source: 'html',
-      severity: 'block',
-      code: 'unsafe-tag',
-      message: 'same code second example',
-    },
-    {
-      source: 'token',
-      severity: 'warn',
-      code: 'unknown-token',
-      message: 'token drift',
-    },
-  ]);
-
-  assert.equal(summary.blocked, 2);
-  assert.equal(summary.warnings, 1);
-  assert.deepEqual(summary.codes, { 'unsafe-tag': 2, 'unknown-token': 1 });
-  assert.deepEqual(summary.examples.map((issue) => issue.code), ['unsafe-tag', 'unknown-token']);
-});
-
-test('runSurfaceGeneration emits prelude, surface plan, and layout startup before model output', async () => {
-  const lines: ProtocolLine[] = [];
-  const provider: SummonModelProvider = async function* () {
-    yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-  };
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'hello',
-    modelProvider: provider,
-    mode: 'static',
-    surfacePlan,
-    layout: { id: 'one-up', slots: [{ id: 'hero', purpose: 'main content' }] },
-    preludeLines: [{ op: 'meta', path: '/status', value: 'queued' }],
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
-    'meta /status',
-    'meta /surface-plan',
-    'set /screen',
-    'add /section/hero',
-  ]);
-  assert.equal(summary.acceptedLines[0]?.path, '/screen');
-  assert.equal(summary.blocked, false);
-});
-
-test('runSurfaceGeneration forwards first-class Ghost context to the model contract', async () => {
-  let ghostBlockText: string | undefined;
-  const provider: SummonModelProvider = async function* (request) {
-    ghostBlockText = request.promptBlocks.find((block) => block.id === 'ghost')?.text;
-    yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-  };
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'hello',
-    modelProvider: provider,
-    mode: 'static',
-    ghost: {
-      source: 'root',
-      prompt: 'Portable Ghost context.',
-    },
-  }, () => {});
-
-  assert.equal(summary.blocked, false);
-  assert.equal(ghostBlockText, 'Portable Ghost context.');
-});
-
-test('runSurfaceGeneration compiles surface policy, emits metadata, and narrows contracts', async () => {
-  const lines: ProtocolLine[] = [];
-  let systemText = '';
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'choose one',
-    surfacePolicy: {
-      tier: 'declarative',
-      purpose: 'compare',
-      grants: ['choose'],
-      components: ['MetricCard'],
-    },
-    capabilities: {
-      intents: [
-        {
-          name: 'search',
-          description: 'Search host data',
-          argsSchema: '{}',
-          stateShape: '{}',
-          kind: 'resource',
-          surface: { data: 'host-resource', authority: 'read' },
-        },
-        {
-          name: 'choose',
-          description: 'Save a choice',
-          argsSchema: '{}',
-          stateShape: '{}',
-          kind: 'action',
-          surface: { authority: 'host-action' },
-        },
-      ],
-      patterns: [
-        { name: 'Search', code: '<form data-summon-resource="search"></form>', intent: 'search' },
-        { name: 'Choose', code: '<button data-summon-on-click="choose"></button>', intent: 'choose' },
-      ],
-    },
-    components: {
-      components: [
-        {
-          name: 'MetricCard',
-          description: 'Trusted metric',
-          propsSchema: '{}',
-          surface: { data: 'embedded', authority: 'none' },
-        },
-        {
-          name: 'SecretWidget',
-          description: 'Unselected widget',
-          propsSchema: '{}',
-          surface: { data: 'embedded', authority: 'none' },
-        },
-      ],
-    },
-    modelProvider: async function* ({ promptBlocks }) {
-      systemText = promptBlocks.map((block) => block.text).join('\n');
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<button data-summon-on-click=\\"choose\\" data-summon-args=\\"{}\\">Choose</button><div data-summon-component=\\"MetricCard\\" data-summon-component-id=\\"metric\\" data-summon-props=\\"{}\\"></div>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
-    'meta /surface-policy',
-    'meta /surface-plan',
-    'meta /surface-contract',
-    'set /screen',
-    'add /section/hero',
-  ]);
-  assert.equal(lines[0]?.op, 'meta');
-  assert.deepEqual((lines[0] as Extract<ProtocolLine, { op: 'meta' }>).value, {
-    tier: 'declarative',
-    purpose: 'compare',
-    grants: ['choose'],
-    components: ['MetricCard'],
-    persistence: 'replayable',
-  });
-  assert.equal(lines[1]?.op, 'meta');
-  assert.deepEqual((lines[1] as Extract<ProtocolLine, { op: 'meta' }>).value, {
-    purpose: 'compare',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'host-action',
-    persistence: 'replayable',
-  });
-  assert.equal(lines[2]?.op, 'meta');
-  const surfaceContract = (lines[2] as Extract<ProtocolLine, { op: 'meta' }>).value as {
-    tools?: Array<{ name: string }>;
-    components?: Array<{ name: string }>;
-    surface?: { plan?: unknown };
-  };
-  assert.deepEqual(surfaceContract.tools?.map((tool) => tool.name), ['choose']);
-  assert.deepEqual(surfaceContract.components?.map((component) => component.name), ['MetricCard']);
-  assert.match(systemText, /Save a choice/);
-  assert.match(systemText, /MetricCard/);
-  assert.match(systemText, /Surface contract/);
-  assert.doesNotMatch(systemText, /Search host data/);
-  assert.doesNotMatch(systemText, /SecretWidget/);
-  assert.equal(summary.blocked, false);
-});
-
-test('runSurfaceGeneration blocks invalid surface policy before provider invocation', async () => {
-  let called = false;
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'invalid worker grant',
-    surfacePolicy: {
-      tier: 'declarative',
-      grants: ['analysis'],
-    },
-    capabilities: {
-      intents: [{
-        name: 'analysis',
-        description: 'Worker analysis',
-        argsSchema: '{}',
-        stateShape: '{}',
-        kind: 'resource',
-        surface: { data: 'worker', authority: 'read' },
-      }],
-    },
-    modelProvider: async function* () {
-      called = true;
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(called, false);
-  assert.equal(summary.blocked, true);
-  assert.ok(summary.validationIssues.some((issue) => issue.code === 'surface-policy-tier-exceeded'));
-  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
-    'meta /surface-policy',
-    'meta /surface-plan',
-    'meta /surface-contract',
-    'meta /validation-blocked',
-  ]);
-});
-
-test('runSurfaceGeneration fails blocking compile issues before provider invocation', async () => {
-  let called = false;
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'scripted mismatch',
-    mode: 'interactive',
-    scriptPolicy: 'forbid',
-    surfacePlan: {
-      purpose: 'explore',
-      runtime: 'scripted',
-      data: 'embedded',
-      authority: 'host-action',
-      persistence: 'replayable',
-    } as never,
-    modelProvider: async function* () {
-      called = true;
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(called, false);
-  assert.equal(summary.blocked, true);
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-  assert.ok(summary.validationIssues.some((issue) => issue.code === 'surface-script-policy-removed'));
-});
-
-test('runSurfaceGeneration rejects script policy allow without scripted surface plan before provider invocation', async () => {
-  let called = false;
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'script policy mismatch',
-    mode: 'interactive',
-    scriptPolicy: 'allow',
-    modelProvider: async function* () {
-      called = true;
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(called, false);
-  assert.equal(summary.blocked, true);
-  assert.ok(summary.validationIssues.some((issue) =>
-    issue.code === 'surface-script-policy-removed'
-  ));
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-  assert.ok(lines.some((line) => line.path === '/error'));
-});
-
-test('runSurfaceGeneration blocks interactive script output by default', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'interactive script',
-    mode: 'interactive',
-    modelProvider: async function* () {
-      yield '{"op":"add","path":"/section/hero","html":"<button>Pick</button><script>console.log(1)</script>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(summary.blocked, true);
-  assert.ok(summary.validationIssues.some((issue) => issue.code === 'script-not-granted'));
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-});
-
-test('runSurfaceGeneration emits structural skips without blocking', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'bad structure',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"set","path":"/bad","value":{"sections":["hero"]}}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(summary.blocked, false);
-  assert.ok(lines.some((line) => line.path === '/protocol-skip'));
-  assert.ok(lines.some((line) => line.path === '/section/hero'));
-});
-
-test('runSurfaceGeneration repairs a blocked retryable section', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'repair me',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"add","path":"/section/hero","html":"<script>alert(1)</script>"}\n';
-    },
-    repair: {
-      enabled: true,
-      maxAttempts: 1,
-      maxTargets: 2,
-      provider: async () => '{"op":"add","path":"/section/hero","html":"<p>safe</p>"}',
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(summary.blocked, false);
-  assert.deepEqual(summary.repairStats, { queued: 1, cancelled: 0, repaired: 1, failed: 0 });
-  assert.ok(lines.some((line) => line.path === '/repair-feedback' && (line.value as { status?: string }).status === 'repaired'));
-  assert.ok(lines.some((line) => line.path === '/section/hero'));
-  assert.equal(lines.find((line) => line.path === '/repair-summary')?.value && true, true);
-});
-
-test('runSurfaceGeneration blocks when repair fails', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'repair me badly',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"add","path":"/section/hero","html":"<script>alert(1)</script>"}\n';
-    },
-    repair: {
-      enabled: true,
-      maxAttempts: 1,
-      maxTargets: 2,
-      provider: async () => '{"op":"add","path":"/section/other","html":"<p>wrong</p>"}',
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(summary.blocked, true);
-  assert.deepEqual(summary.repairStats, { queued: 1, cancelled: 0, repaired: 0, failed: 1 });
-  assert.ok(lines.some((line) => line.path === '/repair-feedback' && (line.value as { status?: string }).status === 'failed'));
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-  assert.ok(lines.some((line) => line.path === '/error'));
-});
-
-test('runSurfaceGeneration passes provider meta chunks through in order', async () => {
-  const lines: ProtocolLine[] = [];
-
-  await runSurfaceGeneration({
-    prompt: 'meta',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield { type: 'meta', path: '/status', value: 'thinking' };
-      yield { type: 'text', text: '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n' };
-      yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(lines[0]?.path, '/status');
-  assert.equal(lines[1]?.path, '/screen');
-  assert.equal(lines[2]?.path, '/section/hero');
-});
-
-test('runSurfaceGeneration emits progressive section replacements in order', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'progressive',
-    mode: 'interactive',
-    modelProvider: async function* () {
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<div aria-busy=\\"true\\">Drafting...</div>"}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<article><h1>Final answer</h1></article>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  const heroLines = lines.filter((line) => line.path === '/section/hero');
-  assert.equal(heroLines.length, 2);
-  assert.match(JSON.stringify(heroLines[0]), /Drafting/);
-  assert.match(JSON.stringify(heroLines[1]), /Final answer/);
-  assert.deepEqual(summary.acceptedLines.map((line) => line.path), [
-    '/screen',
-    '/section/hero',
-    '/section/hero',
-  ]);
-  assert.equal(summary.blocked, false);
-});
-
-test('runSurfaceGeneration validates progressive section replacements independently', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'unsafe replacement',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<p>Safe placeholder</p>"}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<script>alert(1)</script>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  const heroLines = lines.filter((line) => line.path === '/section/hero');
-  assert.equal(heroLines.length, 1);
-  assert.match(JSON.stringify(heroLines[0]), /Safe placeholder/);
-  assert.equal(summary.blocked, true);
-  assert.equal(summary.acceptedLines.filter((line) => line.path === '/section/hero').length, 1);
-  assert.ok(lines.some((line) => line.path === '/validation-blocked'));
-});
-
-test('runSurfaceGeneration processes final buffered text without trailing newline', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'tail',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"set","path":"/screen","value":{"sections":["hero"]}}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<p>Tail</p>"}';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(summary.blocked, false);
-  assert.ok(lines.some((line) => line.path === '/section/hero'));
-  assert.ok(summary.acceptedLines.some((line) => line.path === '/section/hero'));
-});
-
-test('runSurfaceGeneration summary separates accepted structural lines from emitted diagnostics', async () => {
-  const lines: ProtocolLine[] = [];
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'summary',
-    mode: 'static',
-    surfacePlan,
-    layout: { id: 'one-up', slots: [{ id: 'hero', purpose: 'main content' }] },
-    preludeLines: [{ op: 'meta', path: '/status', value: 'queued' }],
-    modelProvider: async function* () {
-      yield { type: 'meta', path: '/status', value: 'writing' };
-      yield '{"op":"add","path":"/section/hero","html":"<p>Hello</p>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.deepEqual(summary.acceptedLines.map((line) => line.path), [
-    '/screen',
-    '/section/hero',
-  ]);
-  assert.deepEqual(summary.emittedLines.map((line) => line.path), [
-    '/status',
-    '/surface-plan',
-    '/screen',
-    '/status',
-    '/section/hero',
-    '/stream-graph-summary',
-  ]);
-  assert.deepEqual(lines, summary.emittedLines);
-});
-
-test('runSurfaceGeneration cancels queued repair when model later emits the target safely', async () => {
-  const lines: ProtocolLine[] = [];
-  let repairCalls = 0;
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'self repair',
-    mode: 'static',
-    modelProvider: async function* () {
-      yield '{"op":"add","path":"/section/hero","html":"<script>alert(1)</script>"}\n';
-      yield '{"op":"add","path":"/section/hero","html":"<p>safe later</p>"}\n';
-    },
-    repair: {
-      enabled: true,
-      maxAttempts: 1,
-      maxTargets: 2,
-      provider: async () => {
-        repairCalls += 1;
-        return '{"op":"add","path":"/section/hero","html":"<p>repair</p>"}';
-      },
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(repairCalls, 0);
-  assert.equal(summary.blocked, false);
-  assert.deepEqual(summary.repairStats, { queued: 1, cancelled: 1, repaired: 0, failed: 0 });
-  assert.ok(lines.some((line) => line.path === '/repair-feedback' && (line.value as { status?: string }).status === 'blocked'));
-  assert.ok(lines.some((line) => line.path === '/section/hero' && (line as { html?: string }).html?.includes('safe later')));
-  assert.ok(lines.some((line) => line.path === '/repair-summary'));
-});
-
-test('runSurfaceGeneration edit input seeds existing screen and enforces targets', async () => {
-  const lines: ProtocolLine[] = [];
-  let sawEditBlock = false;
-
-  const summary = await runSurfaceGeneration({
-    prompt: 'edit',
-    mode: 'static',
-    edit: {
-      baseRevision: 3,
-      sections: [{ id: 'hero', html: '<p>old</p>' }],
-      targetSections: ['hero'],
-    },
-    modelProvider: async function* ({ promptBlocks }) {
-      sawEditBlock = promptBlocks.some((block) => block.id === 'edit');
-      yield '{"op":"add","path":"/section/other","html":"<p>wrong</p>"}\n';
-    },
-  }, (line) => {
-    lines.push(line);
-  });
-
-  assert.equal(sawEditBlock, true);
-  assert.equal(summary.blocked, false);
-  assert.ok(lines.some((line) => line.path === '/protocol-skip'));
-  assert.equal(summary.acceptedLines.some((line) => line.path === '/section/other'), false);
-});
-
-test('resolveSurfaceGenerationPlan preserves server surface resolution behavior', () => {
-  const resolved = resolveSurfaceGenerationPlan({
-    prompt: 'search for recipes',
-    mode: 'static',
-    capabilities: {
-      intents: [{
-        name: 'search',
-        description: 'Search host data.',
-        argsSchema: '{query: string}',
-        stateShape: '{}',
-        kind: 'resource',
-        surface: { data: 'host-resource', authority: 'read' },
-      }],
-    },
-  });
-
-  assert.equal(resolved.source, 'default');
-  assert.deepEqual(resolved.surfacePlan, {
-    purpose: 'inform',
-    runtime: 'static',
-    data: 'embedded',
-    authority: 'none',
-    persistence: 'replayable',
-  });
-});
diff --git a/packages/server/test/run-surface-generation.test.ts b/packages/server/test/run-surface-generation.test.ts
new file mode 100644
index 0000000..ee538d3
--- /dev/null
+++ b/packages/server/test/run-surface-generation.test.ts
@@ -0,0 +1,334 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+  policyFromGoal,
+  runSurfaceGeneration,
+  summarizeContractIssues,
+  type ProtocolLine,
+  type SummonModelProvider,
+} from '../src/index.ts';
+
+function arrowProtocolLine(html: string): string {
+  const source = html.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+  return `${JSON.stringify({
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': `import { html } from "@arrow-js/core";\nexport default html\`${source}\`;`,
+      },
+    },
+  })}\n`;
+}
+
+test('summarizeContractIssues includes bounded examples per issue code', () => {
+  const summary = summarizeContractIssues([
+    {
+      source: 'protocol',
+      severity: 'block',
+      code: 'arrow-only-protocol',
+      message: 'old protocol',
+    },
+    {
+      source: 'protocol',
+      severity: 'block',
+      code: 'arrow-only-protocol',
+      message: 'same code second example',
+    },
+    {
+      source: 'token',
+      severity: 'warn',
+      code: 'unknown-token',
+      message: 'token drift',
+    },
+  ]);
+
+  assert.equal(summary.blocked, 2);
+  assert.equal(summary.warnings, 1);
+  assert.deepEqual(summary.codes, { 'arrow-only-protocol': 2, 'unknown-token': 1 });
+  assert.deepEqual(summary.examples.map((issue) => issue.code), ['arrow-only-protocol', 'unknown-token']);
+});
+
+test('runSurfaceGeneration emits prelude and derived surface metadata before Arrow artifact output', async () => {
+  const lines: ProtocolLine[] = [];
+  const provider: SummonModelProvider = async function* () {
+    yield arrowProtocolLine('<p>Hello</p>');
+  };
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'hello',
+    modelProvider: provider,
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+    layout: { id: 'one-up', slots: [{ id: 'hero', purpose: 'main content' }] },
+    preludeLines: [{ op: 'meta', path: '/status', value: 'queued' }],
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.deepEqual(lines.slice(0, 5).map((line) => `${line.op} ${line.path}`), [
+    'meta /status',
+    'meta /surface-policy',
+    'meta /surface-plan',
+    'meta /surface-contract',
+    'artifact /artifact',
+  ]);
+  assert.equal(summary.acceptedLines[0]?.path, '/artifact');
+  assert.equal(summary.blocked, false);
+});
+
+test('runSurfaceGeneration skips unsupported legacy section protocol', async () => {
+  const lines: ProtocolLine[] = [];
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'legacy under arrow',
+    modelProvider: async function* () {
+      yield '{"op":"add","path":"/section/hero","html":"<p>Legacy</p>"}\n';
+    },
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.equal(summary.blocked, false);
+  assert.ok(summary.validationIssues.some((issue) => issue.code === 'malformed-jsonl'));
+  assert.ok(lines.some((line) => line.path === '/protocol-skip'));
+  assert.equal(summary.acceptedLines.some((line) => line.path === '/artifact'), false);
+});
+
+test('runSurfaceGeneration forwards first-class Ghost context to the model contract', async () => {
+  let ghostBlockText: string | undefined;
+  const provider: SummonModelProvider = async function* (request) {
+    ghostBlockText = request.promptBlocks.find((block) => block.id === 'ghost')?.text;
+    yield arrowProtocolLine('<p>Hello</p>');
+  };
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'hello',
+    modelProvider: provider,
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+    ghost: {
+      source: 'root',
+      prompt: 'Portable Ghost context.',
+    },
+  }, () => {});
+
+  assert.equal(summary.blocked, false);
+  assert.equal(ghostBlockText, 'Portable Ghost context.');
+});
+
+test('runSurfaceGeneration compiles surface policy, emits metadata, and narrows contracts', async () => {
+  const lines: ProtocolLine[] = [];
+  let systemText = '';
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'choose one',
+    surfacePolicy: {
+      tier: 'declarative',
+      purpose: 'compare',
+      grants: ['choose'],
+      components: ['MetricCard'],
+    },
+    tools: {
+      tools: [
+        {
+          name: 'search',
+          description: 'Search host data',
+          argsSchema: '{}',
+          stateShape: '{}',
+          kind: 'resource',
+          surface: { data: 'host-resource', authority: 'read' },
+        },
+        {
+          name: 'choose',
+          description: 'Save a choice',
+          argsSchema: '{}',
+          stateShape: '{}',
+          kind: 'action',
+          surface: { authority: 'host-action' },
+        },
+      ],
+      patterns: [
+        { name: 'Search', code: 'import { callTool } from "host-bridge:summon";\nconst search = (query: string) => callTool("search", { query });', tool: 'search' },
+        { name: 'Choose', code: 'callTool("choose", {})', tool: 'choose' },
+      ],
+    },
+    components: {
+      components: [
+        {
+          name: 'MetricCard',
+          description: 'Trusted metric',
+          propsSchema: '{}',
+          surface: { data: 'embedded', authority: 'none' },
+        },
+        {
+          name: 'SecretWidget',
+          description: 'Unselected widget',
+          propsSchema: '{}',
+          surface: { data: 'embedded', authority: 'none' },
+        },
+      ],
+    },
+    modelProvider: async function* ({ promptBlocks }) {
+      systemText = promptBlocks.map((block) => block.text).join('\n');
+      yield arrowProtocolLine('<button>Choose</button>');
+    },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
+    'meta /surface-policy',
+    'meta /surface-plan',
+    'meta /surface-contract',
+    'artifact /artifact',
+  ]);
+  assert.equal(lines[0]?.op, 'meta');
+  assert.deepEqual((lines[0] as Extract<ProtocolLine, { op: 'meta' }>).value, {
+    tier: 'declarative',
+    purpose: 'compare',
+    grants: ['choose'],
+    components: ['MetricCard'],
+    persistence: 'replayable',
+  });
+  const surfaceContract = (lines[2] as Extract<ProtocolLine, { op: 'meta' }>).value as {
+    tools?: Array<{ name: string }>;
+    components?: Array<{ name: string }>;
+  };
+  assert.deepEqual(surfaceContract.tools?.map((tool) => tool.name), ['choose']);
+  assert.deepEqual(surfaceContract.components?.map((component) => component.name), ['MetricCard']);
+  assert.match(systemText, /Save a choice/);
+  assert.match(systemText, /MetricCard/);
+  assert.match(systemText, /Surface contract/);
+  assert.doesNotMatch(systemText, /Search host data/);
+  assert.doesNotMatch(systemText, /SecretWidget/);
+  assert.equal(summary.blocked, false);
+});
+
+test('runSurfaceGeneration blocks invalid surface policy before provider invocation', async () => {
+  let called = false;
+  const lines: ProtocolLine[] = [];
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'invalid worker grant',
+    surfacePolicy: {
+      tier: 'declarative',
+      grants: ['analysis'],
+    },
+    tools: {
+      tools: [{
+        name: 'analysis',
+        description: 'Worker analysis',
+        argsSchema: '{}',
+        stateShape: '{}',
+        kind: 'resource',
+        surface: { data: 'worker', authority: 'read' },
+      }],
+    },
+    modelProvider: async function* () {
+      called = true;
+      yield arrowProtocolLine('<p>Should not run</p>');
+    },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.equal(called, false);
+  assert.equal(summary.blocked, true);
+  assert.ok(summary.validationIssues.some((issue) => issue.code === 'surface-policy-tier-exceeded'));
+  assert.deepEqual(lines.slice(0, 4).map((line) => `${line.op} ${line.path}`), [
+    'meta /surface-policy',
+    'meta /surface-plan',
+    'meta /surface-contract',
+    'meta /validation-blocked',
+  ]);
+});
+
+test('runSurfaceGeneration passes provider meta chunks through in order', async () => {
+  const lines: ProtocolLine[] = [];
+
+  await runSurfaceGeneration({
+    prompt: 'meta',
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+    modelProvider: async function* () {
+      yield { type: 'meta', path: '/status', value: 'thinking' };
+      yield { type: 'text', text: arrowProtocolLine('<p>Hello</p>') };
+    },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.equal(lines[0]?.path, '/surface-policy');
+  assert.equal(lines[1]?.path, '/surface-plan');
+  assert.equal(lines[2]?.path, '/surface-contract');
+  assert.equal(lines[3]?.path, '/status');
+  assert.equal(lines[4]?.path, '/artifact');
+});
+
+test('runSurfaceGeneration processes final buffered artifact without trailing newline', async () => {
+  const lines: ProtocolLine[] = [];
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'tail',
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+    modelProvider: async function* () {
+      yield arrowProtocolLine('<p>Tail</p>').trimEnd();
+    },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.equal(summary.blocked, false);
+  assert.ok(lines.some((line) => line.path === '/artifact'));
+  assert.ok(summary.acceptedLines.some((line) => line.path === '/artifact'));
+});
+
+test('runSurfaceGeneration summary separates accepted artifact lines from emitted diagnostics', async () => {
+  const lines: ProtocolLine[] = [];
+
+  const summary = await runSurfaceGeneration({
+    prompt: 'summary',
+    surfacePolicy: { tier: 'static', purpose: 'inform' },
+    preludeLines: [{ op: 'meta', path: '/status', value: 'queued' }],
+    modelProvider: async function* () {
+      yield { type: 'meta', path: '/status', value: 'writing' };
+      yield arrowProtocolLine('<p>Hello</p>');
+    },
+  }, (line) => {
+    lines.push(line);
+  });
+
+  assert.deepEqual(summary.acceptedLines.map((line) => line.path), [
+    '/artifact',
+  ]);
+  assert.deepEqual(summary.emittedLines.map((line) => line.path), [
+    '/status',
+    '/surface-policy',
+    '/surface-plan',
+    '/surface-contract',
+    '/status',
+    '/artifact',
+    '/stream-graph-summary',
+  ]);
+  assert.deepEqual(lines, summary.emittedLines);
+});
+
+test('policyFromGoal converts agent goal to a host SurfacePolicy', () => {
+  const policy = policyFromGoal({
+    purpose: 'explore',
+    interaction: 'search',
+    dataNeed: 'host-resource',
+    sideEffect: 'none',
+    requestedTools: ['search'],
+    requestedComponents: [],
+    confidence: 0.72,
+  });
+
+  assert.deepEqual(policy, {
+    tier: 'declarative',
+    purpose: 'explore',
+    grants: ['search'],
+    components: [],
+    persistence: 'replayable',
+  });
+});
diff --git a/packages/summon-react/src/index.ts b/packages/summon-react/src/index.ts
index 8caa19c..64f9cdb 100644
--- a/packages/summon-react/src/index.ts
+++ b/packages/summon-react/src/index.ts
@@ -5,7 +5,6 @@ export {
 export type {
   ReactComponentRuntimeContext,
   ReactComponentWithRuntimeDefinition,
-  SummonSurfaceChrome,
   SummonSurfaceHandle,
   SummonSurfaceProps,
 } from '@summon-internal/react';
diff --git a/packages/summon-server/src/index.ts b/packages/summon-server/src/index.ts
index 27c8773..9322807 100644
--- a/packages/summon-server/src/index.ts
+++ b/packages/summon-server/src/index.ts
@@ -1,19 +1,17 @@
 export {
   defaultHostPolicyResolver,
-  generateSurfaceStream,
-  inferSurfaceIntent,
+  inferSurfaceGoal,
   planAgentSurface,
-  policyFromIntent,
-  resolveSurfaceGenerationPlan,
+  policyFromGoal,
   runAgentSurfaceGeneration,
   runSurfaceGeneration,
   summarizeContractIssues,
 } from '@summon-internal/server';
 export type {
-  AgentIntentProvider,
-  AgentIntentRequest,
-  AgentIntentTextClient,
-  AgentIntentTextRequest,
+  AgentGoalProvider,
+  AgentGoalRequest,
+  AgentGoalTextClient,
+  AgentGoalTextRequest,
   AgentPolicyResolution,
   AgentSurfaceGenerationInput,
   AgentSurfaceGenerationSummary,
@@ -22,7 +20,6 @@ export type {
   AgentSurfacePlanningOptions,
   ContractIssue,
   ContractPromptBlock,
-  GenerateEditInput,
   GenerateSurfaceInput,
   GenerationSummary,
   GhostGenerationContext,
@@ -30,21 +27,14 @@ export type {
   HostPolicyResolver,
   ProtocolLine,
   ProtocolSkipMetaValue,
-  RepairFeedbackMetaValue,
-  RepairOptions,
-  RepairStats,
-  ResolvedSurfaceGenerationPlan,
-  ResolveSurfaceGenerationPlanInput,
   SummonModelChunk,
   SummonModelProvider,
   SummonModelRequest,
-  SummonRepairProvider,
-  SummonRepairRequest,
-  SurfaceIntent,
-  SurfaceIntentDataNeed,
-  SurfaceIntentInteraction,
-  SurfaceIntentSideEffect,
-  SurfaceIntentSource,
+  SurfaceGoal,
+  SurfaceGoalDataNeed,
+  SurfaceGoalInteraction,
+  SurfaceGoalSideEffect,
+  SurfaceGoalSource,
   SurfaceGenerationInput,
   SurfaceGenerationSummary,
 } from '@summon-internal/server';
diff --git a/packages/summon/CHANGELOG.md b/packages/summon/CHANGELOG.md
index 474b5b3..d92be44 100644
--- a/packages/summon/CHANGELOG.md
+++ b/packages/summon/CHANGELOG.md
@@ -20,6 +20,6 @@
 
 ### Minor Changes
 
-- [`9965b88`](https://github.com/block/summon/commit/9965b8852e06f2dc11b39acf6589dcc86363d076) Thanks [@nahiyankhan](https://github.com/nahiyankhan)! - Require host-owned `grantedIntents` when spawning a sandbox and fail closed when
+- [`9965b88`](https://github.com/block/summon/commit/9965b8852e06f2dc11b39acf6589dcc86363d076) Thanks [@nahiyankhan](https://github.com/nahiyankhan)! - Require host-owned `grantedTools` when spawning a sandbox and fail closed when
   JavaScript callers omit it. Artifact-declared intents remain advisory and never
   become executable bridge authority.
diff --git a/packages/summon/package.json b/packages/summon/package.json
index f154d85..ba6d8b4 100644
--- a/packages/summon/package.json
+++ b/packages/summon/package.json
@@ -56,6 +56,7 @@
       "import": "./dist/devtools.js"
     },
     "./bootstrap.js": "./dist/_internal/sandbox-runtime/bootstrap.js",
+    "./arrow-runtime.js": "./dist/_internal/sandbox-runtime/arrow-runtime.js",
     "./tokens.css": "./dist/_internal/sandbox-runtime/tokens.css",
     "./package.json": "./package.json"
   },
diff --git a/packages/summon/src/assets.ts b/packages/summon/src/assets.ts
index b489296..d4c2738 100644
--- a/packages/summon/src/assets.ts
+++ b/packages/summon/src/assets.ts
@@ -1,4 +1,5 @@
 export {
+  arrowRuntimeSource,
   bootstrapSource,
   tokensSource,
 } from '@summon-internal/sandbox-runtime/assets';
diff --git a/packages/summon/src/browser.ts b/packages/summon/src/browser.ts
index 317195b..2deb87b 100644
--- a/packages/summon/src/browser.ts
+++ b/packages/summon/src/browser.ts
@@ -6,8 +6,6 @@ export {
 } from '@summon-internal/host/browser';
 export type {
   Artifact,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
   ComponentIslandBounds,
   ComponentIslandDescriptor,
   ComponentIslandError,
@@ -17,7 +15,8 @@ export type {
   ComponentIslandSyncContext,
   ComponentsMessage,
   FatalMessage,
-  IntentMessage,
+  ToolCallMessage,
+  ToolResultMessage,
   ReadyMessage,
   SandboxHandle,
   SandboxInboundMessage,
@@ -33,7 +32,6 @@ export type {
   SurfaceStreamLineDecision,
   SurfaceStreamOptions,
   SurfaceStreamParseError,
-  SurfaceStreamRenderMode,
   SurfaceStreamResult,
   SurfaceStreamSource,
 } from '@summon-internal/host/browser';
diff --git a/packages/summon/src/devtools.ts b/packages/summon/src/devtools.ts
index edc33c5..0732f0d 100644
--- a/packages/summon/src/devtools.ts
+++ b/packages/summon/src/devtools.ts
@@ -7,10 +7,10 @@ export type {
   DevtoolsEventKind,
   EventStore,
   EventStoreOptions,
-  IntentDispatchedEvent,
-  IntentEmittedEvent,
-  IntentRejectedEvent,
-  IntentSettledEvent,
+  ToolDispatchedEvent,
+  ToolCalledEvent,
+  ToolRejectedEvent,
+  ToolSettledEvent,
   ProtocolLineEvent,
   ProtocolParseErrorEvent,
   RenderEvent,
diff --git a/packages/summon/src/index.ts b/packages/summon/src/index.ts
index 68fb209..f7b36ab 100644
--- a/packages/summon/src/index.ts
+++ b/packages/summon/src/index.ts
@@ -1,15 +1,15 @@
 export {
-  createCapabilityRegistry,
+  createToolRegistry,
   createComponentRegistry,
   defineAction,
   defineApprovalAction,
-  defineCapability,
+  defineTool,
   defineComponent,
   defineDataResource,
-  defineIntent,
+  defineToolHandler,
   defineWorkerAction,
   defineWorkerResource,
-  IntentArgsError,
+  ToolArgsError,
   PolicyEngine,
 } from '@summon-internal/host';
 
@@ -21,7 +21,6 @@ export {
   SURFACE_PERSISTENCE_VALUES,
   SURFACE_PURPOSE_VALUES,
   SURFACE_TIER_VALUES,
-  compileArtifactHtml,
 } from '@summon-internal/engine';
 
 export type {
@@ -32,8 +31,8 @@ export type {
   ApprovalPrepared,
   ApprovalRequest,
   ApprovalStateKeys,
-  CapabilityDefinition,
-  CapabilityRegistry,
+  ToolDefinition,
+  ToolRegistry,
   ComponentDefinition,
   ComponentDestroyer,
   ComponentPropsParseResult,
@@ -41,31 +40,29 @@ export type {
   ComponentRenderContext,
   ComponentRenderer,
   DataResourceDefinition,
-  IntentContext,
-  IntentEntry,
-  IntentHandler,
+  ToolContext,
+  ToolHandlerEntry,
+  ToolHandler,
   PolicyEngineOptions,
   ResourceStateKeys,
   StateShapeDescriptor,
-  TypedIntentEntry,
+  TypedToolHandlerEntry,
 } from '@summon-internal/host';
 
 export type {
-  CapabilityBindingSpec,
-  CapabilityKind,
-  CapabilityPack,
-  CapabilityPattern,
-  CapabilityStateKeys,
-  CapabilitySurface,
-  CapabilityTrigger,
-  CapabilityTriggerSpec,
+  ToolKind,
+  ToolPack,
+  ToolPattern,
+  ToolStateKeys,
+  ToolSurface,
+  ToolTrigger,
   ComponentPack,
   ComponentSpec,
   ComponentSurface,
   CompileSurfaceContractViewOptions,
   CompiledSurfacePolicy,
   CompileSurfacePolicyOptions,
-  IntentSpec,
+  ToolSpec,
   NormalizedSurfacePolicy,
   SurfaceContractComponent,
   SurfaceContractLayout,
@@ -75,7 +72,4 @@ export type {
   SurfacePolicy,
   SurfacePurpose,
   SurfaceTier,
-  ArtifactCompileResult,
-  CompiledArtifactHtml,
-  CompiledHtmlNodePatch,
 } from '@summon-internal/engine';
diff --git a/packages/summon/src/policy.ts b/packages/summon/src/policy.ts
index bb31a16..8c4038a 100644
--- a/packages/summon/src/policy.ts
+++ b/packages/summon/src/policy.ts
@@ -1,14 +1,15 @@
 export {
-  IntentArgsError,
+  ToolArgsError,
   PolicyEngine,
-  defineIntent,
+  defineToolHandler,
 } from '@summon-internal/host/policy';
 export type {
   ApprovalPrepared,
   ApprovalRequest,
-  IntentContext,
-  IntentEntry,
-  IntentHandler,
+  ToolContext,
+  ToolHandlerEntry,
+  ToolHandler,
+  PolicyDispatchResult,
   PolicyEngineOptions,
-  TypedIntentEntry,
+  TypedToolHandlerEntry,
 } from '@summon-internal/host/policy';
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 14d2786..387cad8 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -219,7 +219,15 @@ importers:
         specifier: ^5.4.0
         version: 5.9.3
 
-  packages/sandbox-runtime: {}
+  packages/sandbox-runtime:
+    dependencies:
+      '@arrow-js/sandbox':
+        specifier: 1.0.6
+        version: 1.0.6
+    devDependencies:
+      esbuild:
+        specifier: 0.27.7
+        version: 0.27.7
 
   packages/server:
     dependencies:
@@ -300,6 +308,13 @@ packages:
       zod:
         optional: true
 
+  '@arrow-js/core@1.0.6':
+    resolution: {integrity: sha512-75f4N0iHtHTwgxf9XS8a1vtfGZZmCvqT0Ix+ScDLclNuR9Fqp2yOIK1u8vmN1BPsS4aRfMVTdSFSmgGCqkJSCg==}
+    engines: {node: '>=20.19.0 || >=22.12.0'}
+
+  '@arrow-js/sandbox@1.0.6':
+    resolution: {integrity: sha512-vXZdu5bgY5Aic2o0gMIW9VfAsy85ObtGPyWasf1eayveNwwXmjI9BRl25npRi4LyJCU0ieS4xV0MQMrfIMNIMA==}
+
   '@babel/runtime@7.29.2':
     resolution: {integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==}
     engines: {node: '>=6.9.0'}
@@ -677,6 +692,21 @@ packages:
       '@types/node':
         optional: true
 
+  '@jitl/quickjs-ffi-types@0.32.0':
+    resolution: {integrity: sha512-v9T+GQpmk43VDJ7d72sf0Nexhk+ArvtUihW27dy7lqAl0zBObFKtSBBIm5RBjwIhE8VwsPPm9PNuvPvNqLWUEg==}
+
+  '@jitl/quickjs-wasmfile-debug-asyncify@0.32.0':
+    resolution: {integrity: sha512-EX8zbXwGqCgAE764M+qvkHtyXDi/FUoMBea0JnES7vCM3P7a2+EOZOjGv85wtZ2sJhI1oJ+nekmqpOODFDY+hw==}
+
+  '@jitl/quickjs-wasmfile-debug-sync@0.32.0':
+    resolution: {integrity: sha512-LeYWrPGC1uNCTBWvibo3ZLJj0CSVNYUXvJpXMCmuQ5Sap2cCACc3uvGvYV4homHHBAzfw5akoTqMMS4YFRtw+Q==}
+
+  '@jitl/quickjs-wasmfile-release-asyncify@0.32.0':
+    resolution: {integrity: sha512-3oSwPfja12ICz4aIblB58cuY8JlEq5Txt8Cut4VLo+LH47QN+mzCnSgnbB03hWzg1LBcc+VyyI9UOag7a1NF+Q==}
+
+  '@jitl/quickjs-wasmfile-release-sync@0.32.0':
+    resolution: {integrity: sha512-BKNDI/TPBfGlLNGYpLrhcDGXmIk4xHm4MRAisOBnOzpXVn9HZWsfmMAc9WMBrAHjvvds6HOikKeaOBKdPdpVrg==}
+
   '@jridgewell/gen-mapping@0.3.13':
     resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==}
 
@@ -1131,6 +1161,15 @@ packages:
     resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==}
     engines: {node: '>= 0.6'}
 
+  acorn-walk@8.3.5:
+    resolution: {integrity: sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==}
+    engines: {node: '>=0.4.0'}
+
+  acorn@8.17.0:
+    resolution: {integrity: sha512-xRQbDb9BnwDafYNn6Vwl839DYVjqXYb1XVGtWAZ1kcDc6iwAL4hg3B1dZlRiuENFeO2H53gFG3in621AdERVAg==}
+    engines: {node: '>=0.4.0'}
+    hasBin: true
+
   ansi-colors@4.1.3:
     resolution: {integrity: sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==}
     engines: {node: '>=6'}
@@ -1776,6 +1815,13 @@ packages:
   queue-microtask@1.2.3:
     resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
 
+  quickjs-emscripten-core@0.32.0:
+    resolution: {integrity: sha512-QFnPfjFey8EqknSrSxe1hZrf1/8z7/6s1QzGOmKo6++02r7QRRX7ZoyNaZh7JuVjWsVW87KnQrbZqnHkOAzUyg==}
+
+  quickjs-emscripten@0.32.0:
+    resolution: {integrity: sha512-So0Sqw869y/S2oE3Nuc0uT3Dhqgvsj8FSrwBdsuTosVsG8ME5/OcudU1GxsrIFdFABgy17GHnTVO9TYV/bLQcA==}
+    engines: {node: '>=16.0.0'}
+
   range-parser@1.2.1:
     resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==}
     engines: {node: '>= 0.6'}
@@ -2102,6 +2148,17 @@ snapshots:
     optionalDependencies:
       zod: 4.4.3
 
+  '@arrow-js/core@1.0.6': {}
+
+  '@arrow-js/sandbox@1.0.6':
+    dependencies:
+      '@arrow-js/core': 1.0.6
+      acorn: 8.17.0
+      acorn-walk: 8.3.5
+      magic-string: 0.30.21
+      quickjs-emscripten: 0.32.0
+      typescript: 5.9.3
+
   '@babel/runtime@7.29.2': {}
 
   '@changesets/apply-release-plan@7.1.1':
@@ -2432,6 +2489,24 @@ snapshots:
     optionalDependencies:
       '@types/node': 20.19.39
 
+  '@jitl/quickjs-ffi-types@0.32.0': {}
+
+  '@jitl/quickjs-wasmfile-debug-asyncify@0.32.0':
+    dependencies:
+      '@jitl/quickjs-ffi-types': 0.32.0
+
+  '@jitl/quickjs-wasmfile-debug-sync@0.32.0':
+    dependencies:
+      '@jitl/quickjs-ffi-types': 0.32.0
+
+  '@jitl/quickjs-wasmfile-release-asyncify@0.32.0':
+    dependencies:
+      '@jitl/quickjs-ffi-types': 0.32.0
+
+  '@jitl/quickjs-wasmfile-release-sync@0.32.0':
+    dependencies:
+      '@jitl/quickjs-ffi-types': 0.32.0
+
   '@jridgewell/gen-mapping@0.3.13':
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.5
@@ -2777,6 +2852,12 @@ snapshots:
       mime-types: 2.1.35
       negotiator: 0.6.3
 
+  acorn-walk@8.3.5:
+    dependencies:
+      acorn: 8.17.0
+
+  acorn@8.17.0: {}
+
   ansi-colors@4.1.3: {}
 
   ansi-regex@5.0.1: {}
@@ -3390,6 +3471,18 @@ snapshots:
 
   queue-microtask@1.2.3: {}
 
+  quickjs-emscripten-core@0.32.0:
+    dependencies:
+      '@jitl/quickjs-ffi-types': 0.32.0
+
+  quickjs-emscripten@0.32.0:
+    dependencies:
+      '@jitl/quickjs-wasmfile-debug-asyncify': 0.32.0
+      '@jitl/quickjs-wasmfile-debug-sync': 0.32.0
+      '@jitl/quickjs-wasmfile-release-asyncify': 0.32.0
+      '@jitl/quickjs-wasmfile-release-sync': 0.32.0
+      quickjs-emscripten-core: 0.32.0
+
   range-parser@1.2.1: {}
 
   raw-body@2.5.3:
diff --git a/scripts/build-public-packages.mjs b/scripts/build-public-packages.mjs
index 1d03a8b..2736182 100644
--- a/scripts/build-public-packages.mjs
+++ b/scripts/build-public-packages.mjs
@@ -23,58 +23,61 @@ const coreExports = {
   '.': {
     values: {
       './_internal/engine/index.js': [
-        'compileSurfaceContractView',
-        'compileSurfacePolicy',
-        'compileArtifactHtml',
-        'normalizeSurfacePolicy',
-        'surfaceContractViewFromCompiledPolicy',
-        'SURFACE_PERSISTENCE_VALUES',
-        'SURFACE_PURPOSE_VALUES',
-        'SURFACE_TIER_VALUES',
-      ],
+          'compileSurfaceContractView',
+          'compileSurfacePolicy',
+          'isArrowSurfaceArtifact',
+          'normalizeArrowSurfaceArtifact',
+          'normalizeSurfacePolicy',
+          'surfaceContractViewFromCompiledPolicy',
+          'SURFACE_PERSISTENCE_VALUES',
+          'SURFACE_PURPOSE_VALUES',
+          'SURFACE_TIER_VALUES',
+          'validateArrowSurfaceArtifact',
+        ],
       './_internal/host/index.js': [
-        'createCapabilityRegistry',
+        'createToolRegistry',
         'createComponentRegistry',
         'defineAction',
         'defineApprovalAction',
-        'defineCapability',
+        'defineTool',
         'defineComponent',
         'defineDataResource',
-        'defineIntent',
+        'defineToolHandler',
         'defineWorkerAction',
         'defineWorkerResource',
-        'IntentArgsError',
+        'ToolArgsError',
         'PolicyEngine',
       ],
     },
     types: {
       './_internal/engine/index.js': [
-        'CapabilityBindingSpec',
-        'CapabilityKind',
-        'CapabilityPack',
-        'CapabilityPattern',
-        'CapabilityStateKeys',
-        'CapabilitySurface',
-        'CapabilityTrigger',
-        'CapabilityTriggerSpec',
+        'ToolBindingSpec',
+        'ToolKind',
+        'ToolPack',
+        'ToolPattern',
+        'ToolStateKeys',
+        'ToolSurface',
+        'ToolTrigger',
+        'ToolTriggerSpec',
         'ComponentPack',
         'ComponentSpec',
-        'ComponentSurface',
-        'ArtifactCompileResult',
-        'CompiledArtifactHtml',
-        'CompiledHtmlNodePatch',
+          'ComponentSurface',
+          'ArrowArtifactValidationOptions',
+          'ArrowNetworkPolicy',
+          'ArrowSurfaceArtifact',
         'CompileSurfaceContractViewOptions',
         'CompiledSurfacePolicy',
         'CompileSurfacePolicyOptions',
-        'IntentSpec',
+        'ToolSpec',
         'NormalizedSurfacePolicy',
         'SurfaceContractComponent',
         'SurfaceContractLayout',
         'SurfaceContractTool',
         'SurfaceContractView',
-        'SurfacePersistence',
-        'SurfacePolicy',
-        'SurfacePurpose',
+          'SurfacePersistence',
+          'SurfacePolicy',
+          'SurfaceNetwork',
+          'SurfacePurpose',
         'SurfaceTier',
       ],
       './_internal/host/index.js': [
@@ -82,8 +85,8 @@ const coreExports = {
         'ApprovalActionDefinition',
         'ApprovalDecision',
         'ApprovalStateKeys',
-        'CapabilityDefinition',
-        'CapabilityRegistry',
+        'ToolDefinition',
+        'ToolRegistry',
         'ComponentDefinition',
         'ComponentDestroyer',
         'ComponentPropsParseResult',
@@ -91,70 +94,59 @@ const coreExports = {
         'ComponentRenderContext',
         'ComponentRenderer',
         'DataResourceDefinition',
-        'IntentContext',
-        'IntentEntry',
-        'IntentHandler',
-        'PolicyEngineOptions',
-        'StateShapeDescriptor',
-        'TypedIntentEntry',
+        'ToolContext',
+          'ToolHandlerEntry',
+          'ToolHandler',
+          'PolicyEngineOptions',
+          'PolicyDispatchResult',
+          'StateShapeDescriptor',
+        'TypedToolHandlerEntry',
       ],
     },
   },
   './engine': {
     values: {
-      './_internal/engine/index.js': [
-        'CAPABILITY_BINDING_SPECS',
-        'CAPABILITY_TRIGGER_SPECS',
-        'DEFAULT_SURFACE_CEILING',
-        'DEFAULT_SURFACE_PLAN',
+      './_internal/engine/index.js': [        'DEFAULT_SURFACE_PLAN',
         'DEFAULT_VALIDATION_LIMITS',
         'OPPORTUNISTIC_TOKENS',
         'OPT_OUT_GROUPS',
         'OPT_OUT_TOKENS',
         'ProtocolParseError',
         'REQUIRED_TOKENS',
-        'SHADOW_TOKENS',
-        'SUMMON_FIXED_INSTRUCTIONS',
-        'SUMMON_PROTOCOL_VERSION',
-        'SUMMON_SYSTEM_PROMPT',
-        'SURFACE_AUTHORITY_VALUES',
-        'SURFACE_DATA_VALUES',
-        'SURFACE_PERSISTENCE_VALUES',
-        'SURFACE_PURPOSE_VALUES',
-        'SURFACE_RUNTIME_VALUES',
-        'SectionAccumulator',
-        'StreamGraph',
+          'SHADOW_TOKENS',
+          'SUMMON_ARROW_ARTIFACT_INSTRUCTIONS',
+          'SUMMON_FIXED_INSTRUCTIONS',
+          'SUMMON_PROTOCOL_VERSION',
+          'SURFACE_AUTHORITY_VALUES',
+          'SURFACE_DATA_VALUES',
+          'SURFACE_NETWORK_VALUES',
+          'SURFACE_PERSISTENCE_VALUES',
+        'SURFACE_PURPOSE_VALUES',        'StreamGraph',
         'TOKEN_CONTRACT',
-        'buildCapabilitiesBlock',
+        'buildToolsBlock',
         'buildComponentsBlock',
         'buildDirectionBlock',
         'buildLayoutBlock',
         'buildOverrideBlock',
-        'buildPosturesBlock',
         'buildSurfaceContractBlock',
         'buildSurfacePlanBlock',
         'coerceOpts',
-        'compileCapabilityContract',
+        'compileToolContract',
         'compileComponentContract',
         'compileDirectionContract',
-        'compileArtifactHtml',
         'compileSurfaceContractView',
         'compileSurfacePolicy',
         'compileSystemContracts',
-        'compileTokenContract',
-        'constrainSurfacePlan',
-        'contractIssue',
+        'compileTokenContract',        'contractIssue',
         'createProtocolHardener',
-        'defaultTriggersForKind',
-        'deriveSurfacePlanControls',
-        'formatCapabilityProtocolContract',
+        'defaultTriggersForKind',        'formatToolProtocolContract',
         'formatTokenContract',
         'hasCompleteResourceStateKeys',
-        'hintsForContractIssue',
-        'inferSurfacePlan',
-        'isProtocolLine',
-        'normalizeSurfaceCeiling',
-        'normalizeSurfacePolicy',
+          'hintsForContractIssue',
+          'inferSurfacePlan',
+          'isArrowSurfaceArtifact',
+          'isProtocolLine',
+          'normalizeArrowSurfaceArtifact',          'normalizeSurfacePolicy',
         'normalizeSurfacePlan',
         'suggestSurfacePlan',
         'normalizeValidationLimits',
@@ -162,35 +154,28 @@ const coreExports = {
         'parseProtocolLine',
         'parseProtocolLineStrict',
         'parseTokenValues',
-        'surfaceContractViewFromCompiledPolicy',
-        'surfacePlanScriptPolicy',
-        'surfacePlanWithinCeiling',
-        'SURFACE_TIER_VALUES',
-        'validateDirection',
-        'validateHtmlFragment',
+        'surfaceContractViewFromCompiledPolicy',          'SURFACE_TIER_VALUES',
+          'validateArrowSurfaceArtifact',
+          'validateDirection',
         'validateProtocolLine',
         'withIssueSeverity',
       ],
     },
     types: {
-      './_internal/engine/index.js': [
-        'AddLine',
-        'CapabilitiesBlockOptions',
-        'CapabilityBindingSpec',
-        'CapabilityContractOptions',
-        'CapabilityKind',
-        'CapabilityPack',
-        'CapabilityPattern',
-        'CapabilityStateKeys',
-        'CapabilitySurface',
-        'CapabilityTrigger',
-        'CapabilityTriggerSpec',
-        'CompiledCapabilityContract',
+        './_internal/engine/index.js': [
+          'ArtifactLine',
+          'ArrowArtifactValidationOptions',
+          'ArrowNetworkPolicy',
+          'ArrowSurfaceArtifact',        'ToolBindingSpec',        'ToolKind',
+        'ToolPack',
+        'ToolPattern',
+        'ToolStateKeys',
+        'ToolSurface',
+        'ToolTrigger',
+        'ToolTriggerSpec',
+        'CompiledToolContract',
         'CompiledComponentContract',
         'CompiledDirectionContract',
-        'ArtifactCompileResult',
-        'CompiledArtifactHtml',
-        'CompiledHtmlNodePatch',
         'CompiledSurfacePolicy',
         'CompiledSystemContracts',
         'CompiledTokenContract',
@@ -213,59 +198,41 @@ const coreExports = {
         'GhostGenerationContext',
         'GhostGenerationSource',
         'GhostTokenSourceKind',
-        'HtmlNodePatch',
-        'IntentSpec',
+        'ToolSpec',
         'MetaLine',
         'NormalizedSurfacePolicy',
         'OptOutGroup',
         'OptOutValue',
-        'PostureContract',
-        'PostureRegistry',
         'ProtocolHardener',
         'ProtocolHardenerOptions',
         'ProtocolHardenerResult',
         'ProtocolLine',
         'ProtocolParseErrorCode',
         'ProtocolParseOptions',
-        'ProtocolSkipMetaValue',
-        'RepairFeedbackMetaValue',
-        'ScreenSynthesizedMetaValue',
-        'ScriptPolicy',
-        'SectionAccumulatorSnapshot',
-        'SectionApplyKind',
-        'SectionApplyResult',
-        'SectionSnapshotEntry',
-        'SetLine',
-        'StreamGraphEdge',
+        'ProtocolSkipMetaValue',        'StreamGraphArtifact',
         'StreamGraphHealth',
-        'StreamGraphSection',
         'StreamGraphSnapshot',
         'SummonLayout',
         'SummonLayoutSlot',
-        'SurfaceAuthority',
-        'SurfaceCeiling',
-        'SurfaceContractComponent',
+        'SurfaceAuthority',        'SurfaceContractComponent',
         'SurfaceContractLayout',
         'SurfaceContractSurface',
         'SurfaceContractTool',
         'SurfaceContractView',
-        'SurfaceData',
-        'SurfacePersistence',
+          'SurfaceData',
+          'SurfaceNetwork',
+          'SurfacePersistence',
         'SurfacePolicy',
-        'SurfacePlan',
-        'SurfacePlanControls',
-        'SurfacePlanInferenceInput',
+        'SurfacePlan',        'SurfacePlanInferenceInput',
         'SurfacePlanMode',
-        'SurfacePurpose',
-        'SurfaceRuntime',
-        'SurfaceTier',
+        'SurfacePurpose',        'SurfaceTier',
         'SystemContractInput',
         'TokenContract',
         'TokenContractInput',
         'TokenKind',
         'TokenOverride',
         'TokenSpec',
-        'ValidationCapability',
+        'ValidationTool',
         'ValidationComponent',
         'ValidationContext',
         'ValidationLimits',
@@ -276,22 +243,22 @@ const coreExports = {
   './host': {
     values: {
       './_internal/host/index.js': [
-        'IntentArgsError',
+        'ToolArgsError',
         'PolicyEngine',
         'SUMMON_SURFACE_ENVELOPE_VERSION',
         'bindEndpoint',
         'consumeSurfaceStream',
-        'createCapabilityRegistry',
+        'createToolRegistry',
         'createComponentIslandRegistry',
         'createComponentRegistry',
         'createStrictInputRegistry',
         'createSurfaceEnvelope',
         'defineAction',
         'defineApprovalAction',
-        'defineCapability',
+        'defineTool',
         'defineComponent',
         'defineDataResource',
-        'defineIntent',
+        'defineToolHandler',
         'defineWorkerAction',
         'defineWorkerResource',
         'isSurfaceEnvelope',
@@ -303,13 +270,13 @@ const coreExports = {
       './_internal/host/index.js': [
         'ActionDefinition',
         'ApprovalActionDefinition',
-        'ApprovalDecision',
-        'ApprovalStateKeys',
-        'Artifact',
-        'CompiledArtifactHtml',
-        'CompiledHtmlNodePatch',
-        'CapabilityDefinition',
-        'CapabilityRegistry',
+          'ApprovalDecision',
+          'ApprovalStateKeys',
+          'Artifact',
+          'ArrowNetworkPolicy',
+          'ArrowSurfaceArtifact',
+        'ToolDefinition',
+        'ToolRegistry',
         'ComponentDefinition',
         'ComponentDestroyer',
         'ComponentIslandBounds',
@@ -329,12 +296,14 @@ const coreExports = {
         'EndpointBinding',
         'EndpointStateKeys',
         'FatalMessage',
-        'IntentContext',
-        'IntentEntry',
-        'IntentHandler',
-        'IntentMessage',
-        'PolicyEngineOptions',
-        'ReadyMessage',
+        'ToolContext',
+        'ToolHandlerEntry',
+          'ToolHandler',
+          'ToolCallMessage',
+          'ToolResultMessage',
+          'PolicyEngineOptions',
+          'PolicyDispatchResult',
+          'ReadyMessage',
         'SandboxHandle',
         'SandboxInboundMessage',
         'SpawnOptions',
@@ -351,10 +320,9 @@ const coreExports = {
         'SurfaceStreamLineDecision',
         'SurfaceStreamOptions',
         'SurfaceStreamParseError',
-        'SurfaceStreamRenderMode',
         'SurfaceStreamResult',
         'SurfaceStreamSource',
-        'TypedIntentEntry',
+        'TypedToolHandlerEntry',
       ],
     },
   },
@@ -368,10 +336,10 @@ const coreExports = {
       ],
     },
     types: {
-      './_internal/host/browser.js': [
-        'Artifact',
-        'CompiledArtifactHtml',
-        'CompiledHtmlNodePatch',
+        './_internal/host/browser.js': [
+          'Artifact',
+          'ArrowNetworkPolicy',
+          'ArrowSurfaceArtifact',
         'ComponentIslandBounds',
         'ComponentIslandDescriptor',
         'ComponentIslandError',
@@ -380,9 +348,10 @@ const coreExports = {
         'ComponentIslandRegistryOptions',
         'ComponentIslandSyncContext',
         'ComponentsMessage',
-        'FatalMessage',
-        'IntentMessage',
-        'ReadyMessage',
+          'FatalMessage',
+          'ToolCallMessage',
+          'ToolResultMessage',
+          'ReadyMessage',
         'SandboxHandle',
         'SandboxInboundMessage',
         'SpawnOptions',
@@ -397,7 +366,6 @@ const coreExports = {
         'SurfaceStreamLineDecision',
         'SurfaceStreamOptions',
         'SurfaceStreamParseError',
-        'SurfaceStreamRenderMode',
         'SurfaceStreamResult',
         'SurfaceStreamSource',
       ],
@@ -406,18 +374,19 @@ const coreExports = {
   './policy': {
     values: {
       './_internal/host/policy.js': [
-        'IntentArgsError',
+        'ToolArgsError',
         'PolicyEngine',
-        'defineIntent',
+        'defineToolHandler',
       ],
     },
     types: {
       './_internal/host/policy.js': [
-        'IntentContext',
-        'IntentEntry',
-        'IntentHandler',
-        'PolicyEngineOptions',
-        'TypedIntentEntry',
+        'ToolContext',
+        'ToolHandlerEntry',
+          'ToolHandler',
+          'PolicyEngineOptions',
+          'PolicyDispatchResult',
+          'TypedToolHandlerEntry',
       ],
     },
   },
@@ -440,6 +409,7 @@ const coreExports = {
   './assets': {
     values: {
       './_internal/sandbox-runtime/assets.js': [
+        'arrowRuntimeSource',
         'bootstrapSource',
         'tokensSource',
       ],
@@ -461,10 +431,10 @@ const coreExports = {
         'DevtoolsEventKind',
         'EventStore',
         'EventStoreOptions',
-        'IntentDispatchedEvent',
-        'IntentEmittedEvent',
-        'IntentRejectedEvent',
-        'IntentSettledEvent',
+        'ToolDispatchedEvent',
+        'ToolCalledEvent',
+        'ToolRejectedEvent',
+        'ToolSettledEvent',
         'ProtocolLineEvent',
         'ProtocolParseErrorEvent',
         'RenderEvent',
@@ -487,22 +457,19 @@ const serverExports = {
     values: {
       './_internal/server/index.js': [
         'defaultHostPolicyResolver',
-        'generateSurfaceStream',
-        'inferSurfaceIntent',
+        'inferSurfaceGoal',
         'planAgentSurface',
-        'policyFromIntent',
-        'resolveSurfaceGenerationPlan',
-        'runAgentSurfaceGeneration',
+        'policyFromGoal',        'runAgentSurfaceGeneration',
         'runSurfaceGeneration',
         'summarizeContractIssues',
       ],
     },
     types: {
       './_internal/server/index.js': [
-        'AgentIntentProvider',
-        'AgentIntentRequest',
-        'AgentIntentTextClient',
-        'AgentIntentTextRequest',
+        'AgentGoalProvider',
+        'AgentGoalRequest',
+        'AgentGoalTextClient',
+        'AgentGoalTextRequest',
         'AgentPolicyResolution',
         'AgentSurfaceGenerationInput',
         'AgentSurfaceGenerationSummary',
@@ -511,7 +478,6 @@ const serverExports = {
         'AgentSurfacePlanningOptions',
         'ContractIssue',
         'ContractPromptBlock',
-        'GenerateEditInput',
         'GenerateSurfaceInput',
         'GenerationSummary',
         'GhostGenerationContext',
@@ -519,21 +485,16 @@ const serverExports = {
         'HostPolicyResolver',
         'ProtocolLine',
         'ProtocolSkipMetaValue',
-        'RepairFeedbackMetaValue',
-        'RepairOptions',
-        'RepairStats',
         'ResolvedSurfaceGenerationPlan',
         'ResolveSurfaceGenerationPlanInput',
         'SummonModelChunk',
         'SummonModelProvider',
         'SummonModelRequest',
-        'SummonRepairProvider',
-        'SummonRepairRequest',
-        'SurfaceIntent',
-        'SurfaceIntentDataNeed',
-        'SurfaceIntentInteraction',
-        'SurfaceIntentSideEffect',
-        'SurfaceIntentSource',
+        'SurfaceGoal',
+        'SurfaceGoalDataNeed',
+        'SurfaceGoalInteraction',
+        'SurfaceGoalSideEffect',
+        'SurfaceGoalSource',
         'SurfaceGenerationInput',
         'SurfaceGenerationSummary',
       ],
@@ -553,7 +514,6 @@ const reactExports = {
       './_internal/react/index.js': [
         'ReactComponentRuntimeContext',
         'ReactComponentWithRuntimeDefinition',
-        'SummonSurfaceChrome',
         'SummonSurfaceHandle',
         'SummonSurfaceProps',
       ],
diff --git a/scripts/check-public-api.mjs b/scripts/check-public-api.mjs
index aa33718..e45971e 100644
--- a/scripts/check-public-api.mjs
+++ b/scripts/check-public-api.mjs
@@ -5,35 +5,35 @@ import { pathToFileURL, fileURLToPath } from 'node:url';
 const rootDir = dirname(fileURLToPath(new URL('../package.json', import.meta.url)));
 
 const expectedRootExports = [
-  'IntentArgsError',
+  'ToolArgsError',
   'PolicyEngine',
   'SURFACE_PERSISTENCE_VALUES',
   'SURFACE_PURPOSE_VALUES',
   'SURFACE_TIER_VALUES',
-  'compileArtifactHtml',
   'compileSurfaceContractView',
   'compileSurfacePolicy',
-  'createCapabilityRegistry',
+  'createToolRegistry',
   'createComponentRegistry',
   'defineAction',
   'defineApprovalAction',
-  'defineCapability',
+  'defineTool',
   'defineComponent',
   'defineDataResource',
-  'defineIntent',
+  'defineToolHandler',
   'defineWorkerAction',
   'defineWorkerResource',
+  'isArrowSurfaceArtifact',
+  'normalizeArrowSurfaceArtifact',
   'normalizeSurfacePolicy',
   'surfaceContractViewFromCompiledPolicy',
+  'validateArrowSurfaceArtifact',
 ].sort();
 
 const expectedServerExports = [
   'defaultHostPolicyResolver',
-  'generateSurfaceStream',
-  'inferSurfaceIntent',
+  'inferSurfaceGoal',
   'planAgentSurface',
-  'policyFromIntent',
-  'resolveSurfaceGenerationPlan',
+  'policyFromGoal',
   'runAgentSurfaceGeneration',
   'runSurfaceGeneration',
   'summarizeContractIssues',
@@ -46,7 +46,7 @@ const expectedReactExports = [
 
 const forbiddenRootExports = [
   'bootstrapSource',
-  'buildCapabilitiesBlock',
+  'buildToolsBlock',
   'compileSystemContracts',
   'consumeSurfaceStream',
   'createEventStore',
@@ -97,18 +97,17 @@ assertHas('@anarchitecture/summon/browser', await importDist('summon', 'browser.
   'spawnSandbox',
 ]);
 assertHas('@anarchitecture/summon/engine', await importDist('summon', 'engine.js'), [
-  'buildCapabilitiesBlock',
+  'buildToolsBlock',
   'buildSurfaceContractBlock',
   'compileSurfaceContractView',
   'compileSystemContracts',
   'createProtocolHardener',
   'parseProtocolLine',
-  'SectionAccumulator',
   'surfaceContractViewFromCompiledPolicy',
   'StreamGraph',
 ]);
 assertHas('@anarchitecture/summon/host', await importDist('summon', 'host.js'), [
-  'createCapabilityRegistry',
+  'createToolRegistry',
   'PolicyEngine',
   'spawnSandbox',
 ]);
@@ -119,8 +118,12 @@ assertHas('@anarchitecture/summon/envelope', await importDist('summon', 'envelop
   'createSurfaceEnvelope',
 ]);
 const assets = await importDist('summon', 'assets.js');
-if (typeof assets.bootstrapSource !== 'string' || typeof assets.tokensSource !== 'string') {
-  throw new Error('@anarchitecture/summon/assets must export bootstrapSource and tokensSource strings');
+if (
+  typeof assets.arrowRuntimeSource !== 'string' ||
+  typeof assets.bootstrapSource !== 'string' ||
+  typeof assets.tokensSource !== 'string'
+) {
+  throw new Error('@anarchitecture/summon/assets must export arrowRuntimeSource, bootstrapSource, and tokensSource strings');
 }
 assertHas('@anarchitecture/summon/devtools', await importDist('summon', 'devtools.js'), [
   'createEventStore',
diff --git a/scripts/eval-directions.ts b/scripts/eval-directions.ts
index 36aeb27..13b64e3 100644
--- a/scripts/eval-directions.ts
+++ b/scripts/eval-directions.ts
@@ -1,8 +1,8 @@
 #!/usr/bin/env tsx
 /**
  * eval-directions — drive a fixed prompt pool × directions matrix through the
- * generation engine, then score each artifact for token-contract violations
- * and section validity. Emits per-run JSON + a human-readable markdown report
+ * generation engine, then score each Arrow artifact for token-contract
+ * violations and artifact validity. Emits per-run JSON + a human-readable markdown report
  * under `apps/server/directions/.eval/<timestamp>/`.
  *
  *   pnpm eval-directions [--prompts N] [--directions id,id] [--seed N] [--dry]
@@ -14,10 +14,10 @@
  *
  * Each artifact is scored on:
  *
- *   phantomTokens — `var(--*)` references in emitted HTML that the direction
+ *   phantomTokens — `var(--*)` references in emitted Arrow source that the direction
  *                   does NOT define. The most expensive failure mode (silent
  *                   un-themed render); zero is the bar.
- *   literalDrift — raw `#rrggbb` hex literals in emitted HTML, classified
+ *   literalDrift — raw `#rrggbb` hex literals in emitted Arrow source, classified
  *                  against the direction's tokens.css and (when present)
  *                  bucket.json. Three tiers:
  *                    drift        — hex matches a value in tokens.css
@@ -29,8 +29,7 @@
  *                    hallucinated — hex is in neither (LLM invented a value
  *                                   outside the brand entirely; treated like
  *                                   phantom-token, fails the run)
- *   sectionDelta — declared `set /screen sections` vs the actual `add` lines
- *                  emitted. Drift means malformed JSONL or model confusion.
+ *   artifactMissing — no accepted Arrow `/artifact` line was emitted.
  *
  * This is a Summon smoke tool, not a design-fidelity judge. External review
  * tooling owns expression fidelity and perceptual design scoring.
@@ -104,7 +103,7 @@ for (const dir of directions) {
       : (() => {
           const halluc = run.literalDrift.filter((l) => l.tier === 'hallucinated').length;
           const drift = run.literalDrift.filter((l) => l.tier === 'drift').length;
-          return `phantom=${run.phantomTokens.length} hallucinated=${halluc} drift=${drift} sections=${run.declaredSections.length}/${run.emittedSections.length}`;
+          return `phantom=${run.phantomTokens.length} hallucinated=${halluc} drift=${drift} artifact=${run.artifactFiles.join(',') || 'missing'}`;
         })();
     console.log(
       `[${dir.id}] ${prompt.slice(0, 60).padEnd(62, ' ')} ${summary}`,
@@ -131,9 +130,9 @@ const knownSourceTotal = allRuns.reduce(
   (n, r) => n + r.literalDrift.filter((l) => l.tier === 'knownSource').length,
   0,
 );
-const sectionMismatch = allRuns.filter((r) => !r.skipped && r.sectionDelta).length;
+const artifactMissing = allRuns.filter((r) => !r.skipped && r.artifactMissing).length;
 console.log(
-  `\nsummary: ${phantomTotal} phantom · ${hallucinatedTotal} hallucinated · ${driftTotal} drift · ${knownSourceTotal} known-source · ${sectionMismatch} section-shape mismatch(es) across ${allRuns.length} runs`,
+  `\nsummary: ${phantomTotal} phantom · ${hallucinatedTotal} hallucinated · ${driftTotal} drift · ${knownSourceTotal} known-source · ${artifactMissing} missing artifact(s) across ${allRuns.length} runs`,
 );
 if (phantomTotal > 0 || hallucinatedTotal > 0) process.exitCode = 1;
 
@@ -143,9 +142,8 @@ interface RunResult {
   directionId: string;
   prompt: string;
   skipped: boolean;
-  declaredSections: string[];
-  emittedSections: string[];
-  sectionDelta: boolean;
+  artifactFiles: string[];
+  artifactMissing: boolean;
   phantomTokens: PhantomIncident[];
   literalDrift: LiteralIncident[];
   errors: string[];
@@ -153,7 +151,7 @@ interface RunResult {
 
 interface PhantomIncident {
   token: string;
-  section: string;
+  file: string;
 }
 
 type LiteralTier = 'drift' | 'knownSource' | 'hallucinated';
@@ -161,7 +159,7 @@ type LiteralTier = 'drift' | 'knownSource' | 'hallucinated';
 interface LiteralIncident {
   hex: string;
   tier: LiteralTier;
-  section: string;
+  file: string;
 }
 
 interface DirectionRow {
@@ -174,7 +172,7 @@ interface DirectionRow {
   liveOpportunistic: string[];
   defined: Set<string>;
   /** Hex literals (`#rrggbb`, lowercased) declared in tokens.css. Used to
-   *  classify a raw hex in emitted HTML as "drift" (LLM bypassed the var). */
+   *  classify a raw hex in emitted Arrow source as "drift" (LLM bypassed the var). */
   tokenHexValues: Set<string>;
   /** Hex literals from the source bucket.json, when present. Used to
    *  classify the in-between tier — bucket has it, tokens.css doesn't. */
@@ -198,9 +196,8 @@ async function runOne(
       directionId: dir.id,
       prompt,
       skipped: true,
-      declaredSections: [],
-      emittedSections: [],
-      sectionDelta: false,
+      artifactFiles: [],
+      artifactMissing: false,
       phantomTokens: [],
       literalDrift: [],
       errors: [],
@@ -233,32 +230,23 @@ async function runOne(
     errors.push(err instanceof Error ? err.message : String(err));
   }
 
-  const { declaredSections, sections } = parseArtifact(raw);
-  const phantomTokens = scanPhantomTokens(sections, dir.defined);
-  const literalDrift = scanLiteralDrift(sections, dir.tokenHexValues, dir.bucketColors);
-  const sectionDelta =
-    declaredSections.length !== sections.length ||
-    declaredSections.some((n, i) => n !== sections[i]?.name);
+  const artifactFiles = parseArtifact(raw);
+  const phantomTokens = scanPhantomTokens(artifactFiles, dir.defined);
+  const literalDrift = scanLiteralDrift(artifactFiles, dir.tokenHexValues, dir.bucketColors);
 
   return {
     directionId: dir.id,
     prompt,
     skipped: false,
-    declaredSections,
-    emittedSections: sections.map((s) => s.name),
-    sectionDelta,
+    artifactFiles: artifactFiles.map((file) => file.name),
+    artifactMissing: artifactFiles.length === 0,
     phantomTokens,
     literalDrift,
     errors,
   };
 }
 
-function parseArtifact(raw: string): {
-  declaredSections: string[];
-  sections: { name: string; html: string }[];
-} {
-  const declaredSections: string[] = [];
-  const sections: { name: string; html: string }[] = [];
+function parseArtifact(raw: string): Array<{ name: string; text: string }> {
   for (const line of raw.split('\n')) {
     const trimmed = line.trim();
     if (!trimmed.startsWith('{')) continue;
@@ -270,46 +258,42 @@ function parseArtifact(raw: string): {
     }
     if (!parsed || typeof parsed !== 'object') continue;
     const obj = parsed as Record<string, unknown>;
-    if (obj.op === 'set' && obj.path === '/screen' && obj.value && typeof obj.value === 'object') {
-      const list = (obj.value as { sections?: unknown }).sections;
-      if (Array.isArray(list)) {
-        for (const n of list) if (typeof n === 'string') declaredSections.push(n);
+    if (obj.op === 'artifact' && obj.path === '/artifact' && obj.value && typeof obj.value === 'object') {
+      const value = obj.value as { runtime?: unknown; source?: unknown };
+      if (value.runtime !== 'arrow' || !value.source || typeof value.source !== 'object' || Array.isArray(value.source)) {
+        continue;
       }
-      continue;
-    }
-    if (obj.op === 'add' && typeof obj.path === 'string' && obj.path.startsWith('/section/')) {
-      sections.push({
-        name: obj.path.slice('/section/'.length),
-        html: typeof obj.html === 'string' ? obj.html : '',
-      });
+      return Object.entries(value.source as Record<string, unknown>)
+        .filter((entry): entry is [string, string] => typeof entry[1] === 'string')
+        .map(([name, text]) => ({ name, text }));
     }
   }
-  return { declaredSections, sections };
+  return [];
 }
 
 function scanPhantomTokens(
-  sections: { name: string; html: string }[],
+  files: Array<{ name: string; text: string }>,
   defined: Set<string>,
 ): PhantomIncident[] {
   const incidents: PhantomIncident[] = [];
   const re = /var\(--([a-zA-Z0-9_-]+)/g;
-  for (const section of sections) {
+  for (const file of files) {
     const seen = new Set<string>();
     let match: RegExpExecArray | null;
-    while ((match = re.exec(section.html)) !== null) {
+    while ((match = re.exec(file.text)) !== null) {
       const name = match[1]!;
       if (defined.has(name) || seen.has(name)) continue;
       seen.add(name);
-      incidents.push({ token: name, section: section.name });
+      incidents.push({ token: name, file: file.name });
     }
   }
   return incidents;
 }
 
 /**
- * Scans for raw `#rrggbb` hex literals in emitted HTML. Hex inside a
+ * Scans for raw `#rrggbb` hex literals in emitted Arrow source. Hex inside a
  * `var(--name, #fallback)` expression is intentional and ignored — the
- * LLM's primary intent there is the var, not the fallback.
+ * LLM's primary tool there is the var, not the fallback.
  *
  * Each hex is classified into a tier based on whether it resolves to a
  * declared token value, the upstream brand bucket, or neither. Tiers map
@@ -322,14 +306,14 @@ function scanPhantomTokens(
  * a tight false-positive baseline first.
  */
 function scanLiteralDrift(
-  sections: { name: string; html: string }[],
+  files: Array<{ name: string; text: string }>,
   tokenHex: Set<string>,
   bucketColors: Set<string>,
 ): LiteralIncident[] {
   const incidents: LiteralIncident[] = [];
   const re = /#([0-9a-fA-F]{6})\b/g;
-  for (const section of sections) {
-    const cleaned = section.html.replace(/var\([^)]*\)/g, '');
+  for (const file of files) {
+    const cleaned = file.text.replace(/var\([^)]*\)/g, '');
     const seen = new Set<string>();
     let match: RegExpExecArray | null;
     while ((match = re.exec(cleaned)) !== null) {
@@ -341,7 +325,7 @@ function scanLiteralDrift(
         : bucketColors.has(hex)
           ? 'knownSource'
           : 'hallucinated';
-      incidents.push({ hex, tier, section: section.name });
+      incidents.push({ hex, tier, file: file.name });
     }
   }
   return incidents;
@@ -357,7 +341,7 @@ function buildReport(runs: RunResult[], dirs: DirectionRow[]): string {
     const phantoms = dirRuns.flatMap((r) =>
       r.phantomTokens.map((p) => ({ ...p, prompt: r.prompt })),
     );
-    const sectionMismatches = dirRuns.filter((r) => r.sectionDelta);
+    const missingArtifacts = dirRuns.filter((r) => r.artifactMissing);
     const literals = dirRuns.flatMap((r) =>
       r.literalDrift.map((l) => ({ ...l, prompt: r.prompt })),
     );
@@ -372,13 +356,13 @@ function buildReport(runs: RunResult[], dirs: DirectionRow[]): string {
     lines.push(`- Hallucinated hex literals: **${hallucinated.length}**`);
     lines.push(`- Drift hex literals (in tokens.css): **${drift.length}**`);
     lines.push(`- Known-source hex literals (in bucket.json only): **${knownSource.length}**`);
-    lines.push(`- Section-shape mismatches: **${sectionMismatches.length}**`);
+    lines.push(`- Missing Arrow artifacts: **${missingArtifacts.length}**`);
     lines.push(`- Source: ${bucketState}`);
     if (phantoms.length > 0) {
       lines.push('\nPhantom tokens:');
       for (const p of phantoms) {
         lines.push(
-          `- \`--${p.token}\` in section \`${p.section}\` (prompt: "${p.prompt.slice(0, 60)}…")`,
+          `- \`--${p.token}\` in \`${p.file}\` (prompt: "${p.prompt.slice(0, 60)}…")`,
         );
       }
     }
@@ -386,7 +370,7 @@ function buildReport(runs: RunResult[], dirs: DirectionRow[]): string {
       lines.push('\nHallucinated hex literals (not in tokens.css or bucket.json):');
       for (const l of hallucinated) {
         lines.push(
-          `- \`${l.hex}\` in section \`${l.section}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
+          `- \`${l.hex}\` in \`${l.file}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
         );
       }
     }
@@ -394,7 +378,7 @@ function buildReport(runs: RunResult[], dirs: DirectionRow[]): string {
       lines.push('\nDrift hex literals (LLM bypassed `var(--*)`):');
       for (const l of drift) {
         lines.push(
-          `- \`${l.hex}\` in section \`${l.section}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
+          `- \`${l.hex}\` in \`${l.file}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
         );
       }
     }
@@ -402,15 +386,15 @@ function buildReport(runs: RunResult[], dirs: DirectionRow[]): string {
       lines.push('\nKnown-source hex literals (gap in token contract — bucket has it, tokens.css does not):');
       for (const l of knownSource) {
         lines.push(
-          `- \`${l.hex}\` in section \`${l.section}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
+          `- \`${l.hex}\` in \`${l.file}\` (prompt: "${l.prompt.slice(0, 60)}…")`,
         );
       }
     }
-    if (sectionMismatches.length > 0) {
-      lines.push('\nSection mismatches:');
-      for (const r of sectionMismatches) {
+    if (missingArtifacts.length > 0) {
+      lines.push('\nMissing Arrow artifacts:');
+      for (const r of missingArtifacts) {
         lines.push(
-          `- declared [${r.declaredSections.join(', ')}] vs emitted [${r.emittedSections.join(', ')}] (prompt: "${r.prompt.slice(0, 60)}…")`,
+          `- no /artifact line (prompt: "${r.prompt.slice(0, 60)}…")`,
         );
       }
     }
diff --git a/scripts/public-api-manifest.json b/scripts/public-api-manifest.json
index ce91b3f..c14abef 100644
--- a/scripts/public-api-manifest.json
+++ b/scripts/public-api-manifest.json
@@ -3,42 +3,45 @@
     ".": {
       "file": "index",
       "values": [
-        "IntentArgsError",
+        "ToolArgsError",
         "PolicyEngine",
         "SURFACE_PERSISTENCE_VALUES",
         "SURFACE_PURPOSE_VALUES",
         "SURFACE_TIER_VALUES",
         "compileSurfaceContractView",
         "compileSurfacePolicy",
-        "compileArtifactHtml",
-        "createCapabilityRegistry",
+        "createToolRegistry",
         "createComponentRegistry",
         "defineAction",
         "defineApprovalAction",
-        "defineCapability",
+        "defineTool",
         "defineComponent",
         "defineDataResource",
-        "defineIntent",
+        "defineToolHandler",
         "defineWorkerAction",
         "defineWorkerResource",
+        "isArrowSurfaceArtifact",
+        "normalizeArrowSurfaceArtifact",
         "normalizeSurfacePolicy",
-        "surfaceContractViewFromCompiledPolicy"
+        "surfaceContractViewFromCompiledPolicy",
+        "validateArrowSurfaceArtifact"
       ],
       "types": [
         "ActionDefinition",
         "ApprovalActionDefinition",
         "ApprovalDecision",
         "ApprovalStateKeys",
-        "CapabilityBindingSpec",
-        "CapabilityDefinition",
-        "CapabilityKind",
-        "CapabilityPack",
-        "CapabilityPattern",
-        "CapabilityRegistry",
-        "CapabilityStateKeys",
-        "CapabilitySurface",
-        "CapabilityTrigger",
-        "CapabilityTriggerSpec",
+        "ArrowArtifactValidationOptions",
+        "ArrowNetworkPolicy",
+        "ArrowSurfaceArtifact",
+        "ToolDefinition",
+        "ToolKind",
+        "ToolPack",
+        "ToolPattern",
+        "ToolRegistry",
+        "ToolStateKeys",
+        "ToolSurface",
+        "ToolTrigger",
         "ComponentDefinition",
         "ComponentDestroyer",
         "ComponentPack",
@@ -48,19 +51,17 @@
         "ComponentRenderer",
         "ComponentSpec",
         "ComponentSurface",
-        "ArtifactCompileResult",
-        "CompiledArtifactHtml",
-        "CompiledHtmlNodePatch",
         "CompileSurfaceContractViewOptions",
         "CompiledSurfacePolicy",
         "CompileSurfacePolicyOptions",
         "DataResourceDefinition",
-        "IntentContext",
-        "IntentEntry",
-        "IntentHandler",
-        "IntentSpec",
+        "ToolContext",
+        "ToolHandlerEntry",
+        "ToolHandler",
+        "ToolSpec",
         "NormalizedSurfacePolicy",
         "PolicyEngineOptions",
+        "PolicyDispatchResult",
         "StateShapeDescriptor",
         "SurfaceContractComponent",
         "SurfaceContractLayout",
@@ -68,14 +69,19 @@
         "SurfaceContractView",
         "SurfacePersistence",
         "SurfacePolicy",
+        "SurfaceNetwork",
         "SurfacePurpose",
         "SurfaceTier",
-        "TypedIntentEntry"
+        "TypedToolHandlerEntry"
       ]
     },
     "./assets": {
       "file": "assets",
-      "values": ["bootstrapSource", "tokensSource"],
+      "values": [
+        "arrowRuntimeSource",
+        "bootstrapSource",
+        "tokensSource"
+      ],
       "types": []
     },
     "./browser": {
@@ -88,8 +94,8 @@
       ],
       "types": [
         "Artifact",
-        "CompiledArtifactHtml",
-        "CompiledHtmlNodePatch",
+        "ArrowNetworkPolicy",
+        "ArrowSurfaceArtifact",
         "ComponentIslandBounds",
         "ComponentIslandDescriptor",
         "ComponentIslandError",
@@ -99,7 +105,8 @@
         "ComponentIslandSyncContext",
         "ComponentsMessage",
         "FatalMessage",
-        "IntentMessage",
+        "ToolCallMessage",
+        "ToolResultMessage",
         "ReadyMessage",
         "SandboxHandle",
         "SandboxInboundMessage",
@@ -115,14 +122,15 @@
         "SurfaceStreamLineDecision",
         "SurfaceStreamOptions",
         "SurfaceStreamParseError",
-        "SurfaceStreamRenderMode",
         "SurfaceStreamResult",
         "SurfaceStreamSource"
       ]
     },
     "./devtools": {
       "file": "devtools",
-      "values": ["createEventStore"],
+      "values": [
+        "createEventStore"
+      ],
       "types": [
         "BaseEvent",
         "ComponentErrorEvent",
@@ -131,10 +139,10 @@
         "DevtoolsEventKind",
         "EventStore",
         "EventStoreOptions",
-        "IntentDispatchedEvent",
-        "IntentEmittedEvent",
-        "IntentRejectedEvent",
-        "IntentSettledEvent",
+        "ToolDispatchedEvent",
+        "ToolCalledEvent",
+        "ToolRejectedEvent",
+        "ToolSettledEvent",
         "ProtocolLineEvent",
         "ProtocolParseErrorEvent",
         "RenderEvent",
@@ -151,11 +159,7 @@
     },
     "./engine": {
       "file": "engine",
-      "values": [
-        "CAPABILITY_BINDING_SPECS",
-        "CAPABILITY_TRIGGER_SPECS",
-        "DEFAULT_SURFACE_CEILING",
-        "DEFAULT_SURFACE_PLAN",
+      "values": [        "DEFAULT_SURFACE_PLAN",
         "DEFAULT_VALIDATION_LIMITS",
         "OPPORTUNISTIC_TOKENS",
         "OPT_OUT_GROUPS",
@@ -163,81 +167,64 @@
         "ProtocolParseError",
         "REQUIRED_TOKENS",
         "SHADOW_TOKENS",
+        "SUMMON_ARROW_ARTIFACT_INSTRUCTIONS",
         "SUMMON_FIXED_INSTRUCTIONS",
         "SUMMON_PROTOCOL_VERSION",
-        "SUMMON_SYSTEM_PROMPT",
         "SURFACE_AUTHORITY_VALUES",
         "SURFACE_DATA_VALUES",
+        "SURFACE_NETWORK_VALUES",
         "SURFACE_PERSISTENCE_VALUES",
-        "SURFACE_PURPOSE_VALUES",
-        "SURFACE_RUNTIME_VALUES",
-        "SURFACE_TIER_VALUES",
-        "SectionAccumulator",
+        "SURFACE_PURPOSE_VALUES",        "SURFACE_TIER_VALUES",
         "StreamGraph",
         "TOKEN_CONTRACT",
-        "buildCapabilitiesBlock",
+        "buildToolsBlock",
         "buildComponentsBlock",
         "buildDirectionBlock",
         "buildLayoutBlock",
         "buildOverrideBlock",
-        "buildPosturesBlock",
         "buildSurfaceContractBlock",
         "buildSurfacePlanBlock",
         "coerceOpts",
-        "compileCapabilityContract",
+        "compileToolContract",
         "compileComponentContract",
         "compileDirectionContract",
-        "compileArtifactHtml",
         "compileSurfaceContractView",
         "compileSurfacePolicy",
         "compileSystemContracts",
-        "compileTokenContract",
-        "constrainSurfacePlan",
-        "contractIssue",
+        "compileTokenContract",        "contractIssue",
         "createProtocolHardener",
-        "defaultTriggersForKind",
-        "deriveSurfacePlanControls",
-        "formatCapabilityProtocolContract",
+        "defaultTriggersForKind",        "formatToolProtocolContract",
         "formatTokenContract",
         "hasCompleteResourceStateKeys",
         "hintsForContractIssue",
         "inferSurfacePlan",
+        "isArrowSurfaceArtifact",
         "isProtocolLine",
-        "normalizeSurfaceCeiling",
-        "normalizeSurfacePolicy",
+        "normalizeArrowSurfaceArtifact",        "normalizeSurfacePolicy",
         "normalizeSurfacePlan",
         "suggestSurfacePlan",
         "normalizeValidationLimits",
         "parseDefinedTokens",
         "parseProtocolLine",
         "parseProtocolLineStrict",
-        "parseTokenValues",
-        "surfacePlanScriptPolicy",
-        "surfaceContractViewFromCompiledPolicy",
-        "surfacePlanWithinCeiling",
+        "parseTokenValues",        "surfaceContractViewFromCompiledPolicy",        "validateArrowSurfaceArtifact",
         "validateDirection",
-        "validateHtmlFragment",
         "validateProtocolLine",
         "withIssueSeverity"
       ],
       "types": [
-        "AddLine",
-        "CapabilitiesBlockOptions",
-        "CapabilityBindingSpec",
-        "CapabilityContractOptions",
-        "CapabilityKind",
-        "CapabilityPack",
-        "CapabilityPattern",
-        "CapabilityStateKeys",
-        "CapabilitySurface",
-        "CapabilityTrigger",
-        "CapabilityTriggerSpec",
-        "CompiledCapabilityContract",
+        "ArtifactLine",
+        "ArrowArtifactValidationOptions",
+        "ArrowNetworkPolicy",
+        "ArrowSurfaceArtifact",        "ToolKind",
+        "ToolPack",
+        "ToolPattern",
+        "ToolStateKeys",
+        "ToolSurface",
+        "ToolTrigger",
+        "CompiledToolContract",
         "CompiledComponentContract",
         "CompiledDirectionContract",
-        "ArtifactCompileResult",
-        "CompiledArtifactHtml",
-        "CompiledHtmlNodePatch",
         "CompiledSurfacePolicy",
         "CompiledSystemContracts",
         "CompiledTokenContract",
@@ -260,59 +247,41 @@
         "GhostGenerationContext",
         "GhostGenerationSource",
         "GhostTokenSourceKind",
-        "HtmlNodePatch",
-        "IntentSpec",
+        "ToolSpec",
         "MetaLine",
         "NormalizedSurfacePolicy",
         "OptOutGroup",
         "OptOutValue",
-        "PostureContract",
-        "PostureRegistry",
         "ProtocolHardener",
         "ProtocolHardenerOptions",
         "ProtocolHardenerResult",
         "ProtocolLine",
         "ProtocolParseErrorCode",
         "ProtocolParseOptions",
-        "ProtocolSkipMetaValue",
-        "RepairFeedbackMetaValue",
-        "ScreenSynthesizedMetaValue",
-        "ScriptPolicy",
-        "SectionAccumulatorSnapshot",
-        "SectionApplyKind",
-        "SectionApplyResult",
-        "SectionSnapshotEntry",
-        "SetLine",
-        "StreamGraphEdge",
+        "ProtocolSkipMetaValue",        "StreamGraphArtifact",
         "StreamGraphHealth",
-        "StreamGraphSection",
         "StreamGraphSnapshot",
         "SummonLayout",
         "SummonLayoutSlot",
-        "SurfaceAuthority",
-        "SurfaceCeiling",
-        "SurfaceContractComponent",
+        "SurfaceAuthority",        "SurfaceContractComponent",
         "SurfaceContractLayout",
         "SurfaceContractSurface",
         "SurfaceContractTool",
         "SurfaceContractView",
         "SurfaceData",
+        "SurfaceNetwork",
         "SurfacePersistence",
         "SurfacePolicy",
-        "SurfacePlan",
-        "SurfacePlanControls",
-        "SurfacePlanInferenceInput",
+        "SurfacePlan",        "SurfacePlanInferenceInput",
         "SurfacePlanMode",
-        "SurfacePurpose",
-        "SurfaceRuntime",
-        "SurfaceTier",
+        "SurfacePurpose",        "SurfaceTier",
         "SystemContractInput",
         "TokenContract",
         "TokenContractInput",
         "TokenKind",
         "TokenOverride",
         "TokenSpec",
-        "ValidationCapability",
+        "ValidationTool",
         "ValidationComponent",
         "ValidationContext",
         "ValidationLimits",
@@ -327,27 +296,30 @@
         "isSurfaceEnvelope",
         "parseSurfaceEnvelope"
       ],
-      "types": ["CreateSurfaceEnvelopeInput", "SurfaceEnvelope"]
+      "types": [
+        "CreateSurfaceEnvelopeInput",
+        "SurfaceEnvelope"
+      ]
     },
     "./host": {
       "file": "host",
       "values": [
-        "IntentArgsError",
+        "ToolArgsError",
         "PolicyEngine",
         "SUMMON_SURFACE_ENVELOPE_VERSION",
         "bindEndpoint",
         "consumeSurfaceStream",
-        "createCapabilityRegistry",
+        "createToolRegistry",
         "createComponentIslandRegistry",
         "createComponentRegistry",
         "createStrictInputRegistry",
         "createSurfaceEnvelope",
         "defineAction",
         "defineApprovalAction",
-        "defineCapability",
+        "defineTool",
         "defineComponent",
         "defineDataResource",
-        "defineIntent",
+        "defineToolHandler",
         "defineWorkerAction",
         "defineWorkerResource",
         "isSurfaceEnvelope",
@@ -360,10 +332,10 @@
         "ApprovalDecision",
         "ApprovalStateKeys",
         "Artifact",
-        "CompiledArtifactHtml",
-        "CompiledHtmlNodePatch",
-        "CapabilityDefinition",
-        "CapabilityRegistry",
+        "ArrowNetworkPolicy",
+        "ArrowSurfaceArtifact",
+        "ToolDefinition",
+        "ToolRegistry",
         "ComponentDefinition",
         "ComponentDestroyer",
         "ComponentIslandBounds",
@@ -383,11 +355,13 @@
         "EndpointBinding",
         "EndpointStateKeys",
         "FatalMessage",
-        "IntentContext",
-        "IntentEntry",
-        "IntentHandler",
-        "IntentMessage",
+        "ToolContext",
+        "ToolHandlerEntry",
+        "ToolHandler",
+        "ToolCallMessage",
+        "ToolResultMessage",
         "PolicyEngineOptions",
+        "PolicyDispatchResult",
         "ReadyMessage",
         "SandboxHandle",
         "SandboxInboundMessage",
@@ -405,36 +379,38 @@
         "SurfaceStreamLineDecision",
         "SurfaceStreamOptions",
         "SurfaceStreamParseError",
-        "SurfaceStreamRenderMode",
         "SurfaceStreamResult",
         "SurfaceStreamSource",
-        "TypedIntentEntry"
+        "TypedToolHandlerEntry"
       ]
     },
     "./policy": {
       "file": "policy",
       "values": [
-        "IntentArgsError",
+        "ToolArgsError",
         "PolicyEngine",
-        "defineIntent"
+        "defineToolHandler"
       ],
       "types": [
-        "IntentContext",
-        "IntentEntry",
-        "IntentHandler",
+        "ToolContext",
+        "ToolHandlerEntry",
+        "ToolHandler",
         "PolicyEngineOptions",
-        "TypedIntentEntry"
+        "PolicyDispatchResult",
+        "TypedToolHandlerEntry"
       ]
     }
   },
   "packages/summon-react": {
     ".": {
       "file": "index",
-      "values": ["SummonSurface", "defineReactComponent"],
+      "values": [
+        "SummonSurface",
+        "defineReactComponent"
+      ],
       "types": [
         "ReactComponentRuntimeContext",
         "ReactComponentWithRuntimeDefinition",
-        "SummonSurfaceChrome",
         "SummonSurfaceHandle",
         "SummonSurfaceProps"
       ]
@@ -445,20 +421,17 @@
       "file": "index",
       "values": [
         "defaultHostPolicyResolver",
-        "generateSurfaceStream",
-        "inferSurfaceIntent",
+        "inferSurfaceGoal",
         "planAgentSurface",
-        "policyFromIntent",
-        "resolveSurfaceGenerationPlan",
-        "runAgentSurfaceGeneration",
+        "policyFromGoal",        "runAgentSurfaceGeneration",
         "runSurfaceGeneration",
         "summarizeContractIssues"
       ],
       "types": [
-        "AgentIntentProvider",
-        "AgentIntentRequest",
-        "AgentIntentTextClient",
-        "AgentIntentTextRequest",
+        "AgentGoalProvider",
+        "AgentGoalRequest",
+        "AgentGoalTextClient",
+        "AgentGoalTextRequest",
         "AgentPolicyResolution",
         "AgentSurfaceGenerationInput",
         "AgentSurfaceGenerationSummary",
@@ -467,7 +440,6 @@
         "AgentSurfacePlanningOptions",
         "ContractIssue",
         "ContractPromptBlock",
-        "GenerateEditInput",
         "GenerateSurfaceInput",
         "GenerationSummary",
         "GhostGenerationContext",
@@ -475,21 +447,16 @@
         "HostPolicyResolver",
         "ProtocolLine",
         "ProtocolSkipMetaValue",
-        "RepairFeedbackMetaValue",
-        "RepairOptions",
-        "RepairStats",
         "ResolvedSurfaceGenerationPlan",
         "ResolveSurfaceGenerationPlanInput",
         "SummonModelChunk",
         "SummonModelProvider",
         "SummonModelRequest",
-        "SummonRepairProvider",
-        "SummonRepairRequest",
-        "SurfaceIntent",
-        "SurfaceIntentDataNeed",
-        "SurfaceIntentInteraction",
-        "SurfaceIntentSideEffect",
-        "SurfaceIntentSource",
+        "SurfaceGoal",
+        "SurfaceGoalDataNeed",
+        "SurfaceGoalInteraction",
+        "SurfaceGoalSideEffect",
+        "SurfaceGoalSource",
         "SurfaceGenerationInput",
         "SurfaceGenerationSummary"
       ]
diff --git a/scripts/smoke-public-packages.mjs b/scripts/smoke-public-packages.mjs
index 697ba46..d339ac9 100644
--- a/scripts/smoke-public-packages.mjs
+++ b/scripts/smoke-public-packages.mjs
@@ -57,31 +57,28 @@ run('pnpm', ['install', '--ignore-scripts'], projectDir);
 
 await writeFile(join(projectDir, 'smoke.mjs'), [
   "import {",
-  "  createCapabilityRegistry,",
+  "  createToolRegistry,",
   "  createComponentRegistry,",
-  "  compileArtifactHtml,",
-  "  defineIntent,",
+  "  defineToolHandler,",
   "  PolicyEngine,",
   "} from '@anarchitecture/summon';",
   "import { spawnSandbox, consumeSurfaceStream, createComponentIslandRegistry, createStrictInputRegistry } from '@anarchitecture/summon/browser';",
-  "import { compileArtifactHtml as compileArtifactHtmlFromEngine, compileSystemContracts, deriveSurfacePlanControls, parseProtocolLine, SectionAccumulator, StreamGraph } from '@anarchitecture/summon/engine';",
+  "import { compileSystemContracts, parseProtocolLine, StreamGraph } from '@anarchitecture/summon/engine';",
   "import { spawnSandbox as hostSpawnSandbox, PolicyEngine as HostPolicyEngine } from '@anarchitecture/summon/host';",
   "import { PolicyEngine as PolicyEngineFromPolicy } from '@anarchitecture/summon/policy';",
   "import { createSurfaceEnvelope, parseSurfaceEnvelope } from '@anarchitecture/summon/envelope';",
   "import { bootstrapSource, tokensSource } from '@anarchitecture/summon/assets';",
   "import { createEventStore } from '@anarchitecture/summon/devtools';",
-  "import { runSurfaceGeneration, generateSurfaceStream, resolveSurfaceGenerationPlan, summarizeContractIssues } from '@anarchitecture/summon-server';",
+  "import { runSurfaceGeneration, policyFromGoal, summarizeContractIssues } from '@anarchitecture/summon-server';",
   "import { SummonSurface, defineReactComponent } from '@anarchitecture/summon-react';",
   "",
   "const root = await import('@anarchitecture/summon');",
   "const server = await import('@anarchitecture/summon-server');",
-  "if (typeof createCapabilityRegistry !== 'function') throw new Error('capability import failed');",
+  "if (typeof createToolRegistry !== 'function') throw new Error('tool import failed');",
   "if (typeof createComponentRegistry !== 'function') throw new Error('component import failed');",
-  "if (typeof compileArtifactHtml !== 'function' || typeof compileArtifactHtmlFromEngine !== 'function') throw new Error('compiler import failed');",
-  "if (typeof defineIntent !== 'function' || typeof PolicyEngine !== 'function') throw new Error('policy helper import failed');",
-  "if (typeof deriveSurfacePlanControls !== 'function') throw new Error('surface plan import failed');",
+  "if (typeof defineToolHandler !== 'function' || typeof PolicyEngine !== 'function') throw new Error('policy helper import failed');",
   "if (typeof parseProtocolLine !== 'function' || typeof compileSystemContracts !== 'function') throw new Error('engine compiler import failed');",
-  "if (typeof SectionAccumulator !== 'function' || typeof StreamGraph !== 'function') throw new Error('engine diagnostic import failed');",
+  "if (typeof StreamGraph !== 'function') throw new Error('engine diagnostic import failed');",
   "if (typeof spawnSandbox !== 'function' || typeof consumeSurfaceStream !== 'function') throw new Error('browser import failed');",
   "if (typeof createComponentIslandRegistry !== 'function' || typeof createStrictInputRegistry !== 'function') throw new Error('browser helper import failed');",
   "if (typeof hostSpawnSandbox !== 'function' || typeof HostPolicyEngine !== 'function') throw new Error('host import failed');",
@@ -89,12 +86,14 @@ await writeFile(join(projectDir, 'smoke.mjs'), [
   "if (typeof createSurfaceEnvelope !== 'function' || typeof parseSurfaceEnvelope !== 'function') throw new Error('envelope import failed');",
   "if (typeof bootstrapSource !== 'string' || typeof tokensSource !== 'string') throw new Error('assets import failed');",
   "if (typeof createEventStore !== 'function') throw new Error('devtools import failed');",
-  "if (typeof runSurfaceGeneration !== 'function' || typeof generateSurfaceStream !== 'function' || typeof resolveSurfaceGenerationPlan !== 'function' || typeof summarizeContractIssues !== 'function') throw new Error('server import failed');",
+  "if (typeof runSurfaceGeneration !== 'function' || typeof policyFromGoal !== 'function' || typeof summarizeContractIssues !== 'function') throw new Error('server import failed');",
   "if (!SummonSurface || typeof defineReactComponent !== 'function') throw new Error('react import failed');",
-  "for (const forbidden of ['spawnSandbox', 'compileSystemContracts', 'buildCapabilitiesBlock', 'deriveSurfacePlanControls', 'parseProtocolLine', 'StreamGraph']) {",
+  "for (const forbidden of ['spawnSandbox', 'compileSystemContracts', 'buildToolsBlock', 'parseProtocolLine', 'StreamGraph']) {",
   "  if (forbidden in root) throw new Error(`root leaked ${forbidden}`);",
   "}",
-  "if ('buildEditBlock' in server) throw new Error('server exposes buildEditBlock');",
+  "for (const forbidden of ['buildEditBlock', 'generateSurfaceStream', 'resolveSurfaceGenerationPlan', 'policyFromIntent']) {",
+  "  if (forbidden in server) throw new Error(`server exposes ${forbidden}`);",
+  "}",
   "",
   "async function expectRejected(specifier) {",
   "  try {",
diff --git a/tests/safety-smoke.spec.ts b/tests/safety-smoke.spec.ts
index 911d712..3de4b31 100644
--- a/tests/safety-smoke.spec.ts
+++ b/tests/safety-smoke.spec.ts
@@ -14,15 +14,23 @@ function collectPageErrors(page: Page): Error[] {
 
 const hostSearchPlan = {
   purpose: 'explore',
-  runtime: 'declarative',
+  runtime: 'arrow',
   data: 'host-resource',
   authority: 'read',
   persistence: 'replayable',
 };
 
+const staticSummaryPlan = {
+  purpose: 'compare',
+  runtime: 'arrow',
+  data: 'embedded',
+  authority: 'none',
+  persistence: 'replayable',
+};
+
 const componentIslandsPlan = {
   purpose: 'review',
-  runtime: 'declarative',
+  runtime: 'arrow',
   data: 'embedded',
   authority: 'host-action',
   persistence: 'replayable',
@@ -39,17 +47,33 @@ function jsonl(lines: any[]): string {
   return `${lines.map((line) => JSON.stringify(line)).join('\n')}\n`;
 }
 
+function arrowHtmlArtifact(html: string): any {
+  const source = html.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\$\{/g, '\\${');
+  return {
+    op: 'artifact',
+    path: '/artifact',
+    value: {
+      runtime: 'arrow',
+      source: {
+        'main.ts': `import { html } from "@arrow-js/core";\nexport default html\`${source}\``,
+      },
+    },
+  };
+}
+
 test('adversarial sandbox boundary holds', async ({ page }) => {
   await page.goto('/adversarial');
 
   const summary = page.locator('#summary');
   await expect(summary).toContainText('Sandbox boundary holding.', { timeout: 30_000 });
-  await expect(summary).toContainText(/All 25 tests passed/);
+  await expect(summary).toContainText(/All \d+ tests passed/);
+  const passedCount = Number((await summary.textContent())?.match(/All (\d+) tests passed/)?.[1] ?? 0);
+  expect(passedCount).toBeGreaterThanOrEqual(25);
   await expect(page.locator('#results .fail')).toHaveCount(0);
 
   const results = page.locator('#results');
-  await expect(results).toContainText('intent="exfiltrate"');
-  await expect(results).toContainText('intent="escalate"');
+  await expect(results).toContainText('tool="exfiltrate"');
+  await expect(results).toContainText('tool="escalate"');
 });
 
 test('bootstrap self-test fails closed on unsafe sandbox config', async ({ page }) => {
@@ -67,12 +91,13 @@ test('bootstrap self-test fails closed on unsafe sandbox config', async ({ page
 test('strict input keeps sensitive entry in host overlay', async ({ page }) => {
   await page.goto('/strict');
 
-  const hostInput = page.locator('[data-summon-strict-slot="card_number"] input');
+  const hostInput = page.locator('[data-strict-slot="card_number"] input');
   await expect(hostInput).toBeVisible();
   await hostInput.fill('4242 4242 4242 4242');
 
   const sandbox = page.frameLocator('#sandbox');
   const payButton = sandbox.locator('#pay');
+  await expect(page.locator('#log')).toContainText('filled=true');
   await expect(payButton).toBeEnabled();
   await payButton.click();
 
@@ -91,10 +116,10 @@ test('generate page boots without server credentials', async ({ page }) => {
   await expect(page.locator('#sandbox')).toHaveAttribute('sandbox', 'allow-scripts');
   await expect(page.locator('#go')).toBeEnabled();
   await expect(page.locator('#welcome')).toBeVisible();
-  await expect(page.locator('#welcome')).toContainText('Host Data Search');
+  await expect(page.locator('#welcome')).toContainText('Describe a surface to generate.');
   await expect(page.locator('#scenario')).toContainText('Host Data Search');
-  await expect(page.locator('#scenario-list')).toBeVisible();
-  await expect(page.locator('[data-scenario-id="host-resource-search"][aria-pressed="true"]')).toContainText('Host Data Search');
+  await expect(page.locator('#scenario')).toHaveValue('host-resource-search');
+  await page.getByRole('button', { name: 'Options' }).click();
   await expect(page.locator('#contract-summary [data-contract-row="requested"]')).toContainText(
     'Requested surface config',
   );
@@ -105,8 +130,8 @@ test('generate page boots without server credentials', async ({ page }) => {
   expect(pageErrors.map((error) => error.message)).toEqual([]);
 });
 
-test('sandbox node patches preserve untouched sibling DOM', async ({ page }) => {
-  const sandboxId = 'node-patch-test';
+test('sandbox ignores legacy HTML render and node patch messages', async ({ page }) => {
+  const sandboxId = 'legacy-message-test';
   await page.setContent(`
     <script>
       window.__summonMessages = [];
@@ -119,7 +144,7 @@ test('sandbox node patches preserve untouched sibling DOM', async ({ page }) =>
       <head>
         <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; img-src data:; font-src data:; connect-src 'none'; form-action 'none'; base-uri 'none'; frame-src 'none'; child-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none'">
         <meta charset="utf-8">
-        <script>window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};window.__SUMMON_RESOURCES__={};</script>
+        <script>window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};</script>
         <script>${bootstrapSource}</script>
       </head>
       <body><div id="summon-root"></div></body>
@@ -132,93 +157,36 @@ test('sandbox node patches preserve untouched sibling DOM', async ({ page }) =>
     return messages.some((message) => message?.type === 'SUMMON_READY');
   })).toBe(true);
 
-  async function patchNode(patch: any) {
-    await page.locator('#sandbox').evaluate((iframe, payload) => {
-      (iframe as HTMLIFrameElement).contentWindow?.postMessage({
-        type: 'SUMMON_NODE_PATCH',
-        sandbox_id: payload.sandboxId,
-        patch: payload.patch,
-      }, '*');
-    }, { patch, sandboxId });
-  }
-
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'root',
-    html: '<div data-summon-node="root"></div>',
-  });
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'a',
-    parentId: 'root',
-    html: '<label data-summon-node="a">Name <input value=""></label>',
-  });
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'b',
-    parentId: 'root',
-    html: '<p data-summon-node="b">Draft</p>',
-  });
+  await page.locator('#sandbox').evaluate((iframe, payload) => {
+    const win = (iframe as HTMLIFrameElement).contentWindow;
+    win?.postMessage({
+      type: 'SUMMON_RENDER',
+      sandbox_id: payload.sandboxId,
+      html: '<h1 id="legacy-html">Legacy HTML</h1><script>parent.postMessage({type:"EXECUTED"}, "*")</script>',
+    }, '*');
+    win?.postMessage({
+      type: 'SUMMON_NODE_PATCH',
+      sandbox_id: payload.sandboxId,
+      patch: {
+        sectionId: 'main',
+        nodeId: 'root',
+        html: '<div data-summon-node="root">Legacy patch</div>',
+      },
+    }, '*');
+  }, { sandboxId });
 
   const sandbox = page.frameLocator('#sandbox');
-  const input = sandbox.locator('[data-summon-node="a"] input');
-  await expect(input).toBeVisible();
-  await input.fill('sticky value');
-  await expect(input).toBeFocused();
-
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'b',
-    parentId: 'root',
-    html: '<p data-summon-node="b">Final</p>',
-  });
-
-  await expect(sandbox.locator('[data-summon-node="b"]')).toContainText('Final');
-  await expect(input).toHaveValue('sticky value');
-  await expect(input).toBeFocused();
-
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'card',
-    parentId: 'root',
-    html: '<article data-summon-node="card"><h2>Sales</h2><div class="slot" data-summon-node-children><div data-summon-skeleton></div><div data-summon-skeleton><span>Loading</span></div></div></article>',
-  });
-  const card = sandbox.locator('[data-summon-node="card"]');
-  await expect(card).toHaveClass(/summon-node-enter/);
-  await expect(sandbox.locator('[data-summon-node="card"] [data-summon-node-children] > [data-summon-skeleton]')).toHaveCount(2);
-
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'card-value',
-    parentId: 'card',
-    html: '<p data-summon-node="card-value">Inside card</p>',
-  });
-
-  const cardSlot = sandbox.locator('[data-summon-node="card"] [data-summon-node-children]');
-  const cardSlotChild = sandbox.locator(
-    '[data-summon-node="card"] [data-summon-node-children] > [data-summon-node="card-value"]',
-  );
-  await expect(cardSlot).toHaveClass(/summon-slot-filled/);
-  await expect(sandbox.locator('[data-summon-node="card"] [data-summon-node-children] > [data-summon-skeleton]')).toHaveCount(0);
-  await expect(cardSlotChild).toContainText('Inside card');
-  await expect(cardSlotChild).toHaveClass(/summon-node-enter/);
-  await expect(cardSlotChild).not.toHaveClass(/summon-node-enter/);
-
-  await patchNode({
-    sectionId: 'main',
-    nodeId: 'card',
-    parentId: 'root',
-    html: '<article data-summon-node="card"><h2>Sales updated</h2><div class="slot" data-summon-node-children></div></article>',
+  await expect(sandbox.locator('#legacy-html')).toHaveCount(0);
+  await expect(sandbox.locator('[data-summon-node="root"]')).toHaveCount(0);
+  const executed = await page.evaluate(() => {
+    const messages = (window as any).__summonMessages as any[];
+    return messages.some((message) => message?.type === 'EXECUTED');
   });
-
-  await expect(card).toHaveClass(/summon-node-update/);
-  await expect(card).toContainText('Sales updated');
-  await expect(cardSlotChild).toContainText('Inside card');
-  await expect(cardSlotChild).not.toHaveClass(/summon-node-update/);
+  expect(executed).toBe(false);
 });
 
-test('sandbox render keeps generated scripts inert while local state and motion work', async ({ page }) => {
-  const sandboxId = 'local-state-test';
+test('sandbox Arrow onState bridge syncs host pushes without legacy attributes', async ({ page }) => {
+  const sandboxId = 'arrow-on-state-test';
   await page.setContent(`
     <script>
       window.__summonMessages = [];
@@ -232,7 +200,39 @@ test('sandbox render keeps generated scripts inert while local state and motion
       <head>
         <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'nonce-${nonce}'; style-src 'unsafe-inline'; img-src data:; font-src data:; connect-src 'none'; form-action 'none'; base-uri 'none'; frame-src 'none'; child-src 'none'; media-src 'none'; object-src 'none'; worker-src 'none'">
         <meta charset="utf-8">
-        <script nonce="${nonce}">window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};window.__SUMMON_RESOURCES__={};</script>
+        <script nonce="${nonce}">window.__SUMMON_SANDBOX_ID__=${JSON.stringify(sandboxId)};</script>
+        <script nonce="${nonce}">
+          window.__SUMMON_ARROW_SANDBOX__ = {
+            sandbox(options, adapter, imports) {
+              return function mount(root) {
+                const bridge = imports["host-bridge:summon"];
+                const state = { count: 0, label: "Waiting" };
+                root.innerHTML = '<main><p id="label"></p><output id="count"></output><button id="increment">Increment</button></main>';
+                const label = root.querySelector("#label");
+                const count = root.querySelector("#count");
+                function render() {
+                  label.textContent = state.label;
+                  count.textContent = String(state.count);
+                }
+                const unsubscribe = bridge.onState((hostState) => {
+                  state.count = Number(hostState.count ?? state.count);
+                  state.label = String(hostState.label ?? state.label);
+                  render();
+                });
+                root.querySelector("#increment").addEventListener("click", async () => {
+                  const result = await bridge.callTool("counter", { delta: 1 });
+                  if (result.ok) {
+                    state.count = Number(result.state.count ?? state.count);
+                    state.label = String(result.state.label ?? state.label);
+                    render();
+                  }
+                });
+                render();
+                return function teardown() { unsubscribe(); root.replaceChildren(); };
+              };
+            },
+          };
+        </script>
         <script nonce="${nonce}">${bootstrapSource}</script>
       </head>
       <body><div id="summon-root"></div></body>
@@ -245,40 +245,47 @@ test('sandbox render keeps generated scripts inert while local state and motion
     return messages.some((message) => message?.type === 'SUMMON_READY');
   })).toBe(true);
 
-  const html = `<div data-summon-local='{"tab":"overview","expanded":false}'>
-    <button id="activity-tab" data-summon-set="tab=activity" data-summon-class-active='tab == "activity"'>Activity</button>
-    <button id="toggle" data-summon-toggle="expanded">Toggle</button>
-    <section id="overview" data-summon-show='tab == "overview"'>Overview</section>
-    <section id="activity-panel" data-summon-show='tab == "activity"' data-summon-motion="enter:rise; update:pulse" data-summon-transition="fade-slide">Activity panel</section>
-    <div id="details" data-summon-show="expanded">Details</div>
-  </div><script>parent.postMessage({type:"EXECUTED"}, "*")</script>`;
   await page.locator('#sandbox').evaluate((iframe, payload) => {
     (iframe as HTMLIFrameElement).contentWindow?.postMessage({
       type: 'SUMMON_RENDER',
       sandbox_id: payload.sandboxId,
-      html: payload.html,
+      artifact: {
+        runtime: 'arrow',
+        source: {
+          'main.ts': [
+            'import { html, reactive } from "@arrow-js/core";',
+            'import { callTool, onState } from "host-bridge:summon";',
+            'const state = reactive({ count: 0, label: "" });',
+            'onState((hostState) => { state.count = Number(hostState.count ?? state.count); state.label = String(hostState.label ?? state.label); });',
+            'async function increment() { await callTool("counter", { delta: 1 }); }',
+            'export default html`<main><p id="label">${() => state.label}</p><output id="count">${() => state.count}</output><button id="increment" @click="${increment}">Increment</button></main>`;',
+          ].join('\\n'),
+        },
+      },
     }, '*');
-  }, { sandboxId, html });
+  }, { sandboxId });
 
   const sandbox = page.frameLocator('#sandbox');
-  await expect(sandbox.locator('#overview')).toBeVisible();
-  await expect(sandbox.locator('#activity-panel')).toBeHidden();
-  await expect(sandbox.locator('#details')).toBeHidden();
-  await sandbox.locator('#activity-tab').click();
-  await expect(sandbox.locator('#activity-tab')).toHaveClass(/active/);
-  await expect(sandbox.locator('#overview')).toBeHidden();
-  await expect(sandbox.locator('#activity-panel')).toBeVisible();
-  await expect(sandbox.locator('#activity-panel')).toHaveClass(/summon-motion-enter-rise/);
-  await expect(sandbox.locator('#activity-panel')).toHaveClass(/summon-transition-fade-slide/);
-  await expect(sandbox.locator('#activity-panel')).toHaveClass(/summon-motion-update-pulse/);
-  await sandbox.locator('#toggle').click();
-  await expect(sandbox.locator('#details')).toBeVisible();
+  await expect(sandbox.locator('#label')).toHaveText('Waiting');
+  await expect(sandbox.locator('#count')).toHaveText('0');
+  await expect(sandbox.locator('[data-summon-bind],[data-summon-show],[data-summon-on-click],[data-summon-local]')).toHaveCount(0);
 
-  const executed = await page.evaluate(() => {
+  await page.locator('#sandbox').evaluate((iframe, payload) => {
+    (iframe as HTMLIFrameElement).contentWindow?.postMessage({
+      type: 'SUMMON_STATE',
+      sandbox_id: payload.sandboxId,
+      state: { count: 7, label: 'Host pushed' },
+    }, '*');
+  }, { sandboxId });
+
+  await expect(sandbox.locator('#label')).toHaveText('Host pushed');
+  await expect(sandbox.locator('#count')).toHaveText('7');
+
+  await sandbox.locator('#increment').click();
+  await expect.poll(async () => page.evaluate(() => {
     const messages = (window as any).__summonMessages as any[];
-    return messages.some((message) => message?.type === 'EXECUTED');
-  });
-  expect(executed).toBe(false);
+    return messages.find((message) => message?.type === 'SUMMON_TOOL_CALL' && message.tool === 'counter')?.args;
+  })).toEqual({ delta: 1 });
 });
 
 test('generate showcase uses the agent broker by default', async ({ page }) => {
@@ -288,13 +295,13 @@ test('generate showcase uses the agent broker by default', async ({ page }) => {
     const body = jsonl([
       {
         op: 'meta',
-        path: '/agent-intent',
+        path: '/agent-goal',
         value: {
           purpose: 'explore',
           interaction: 'search',
           dataNeed: 'host-resource',
           sideEffect: 'none',
-          requestedCapabilities: ['search'],
+          requestedTools: ['search'],
           requestedComponents: [],
           confidence: 0.72,
           rationale: 'deterministic keyword and catalog match',
@@ -305,7 +312,7 @@ test('generate showcase uses the agent broker by default', async ({ page }) => {
         path: '/agent-policy-resolution',
         value: {
           source: 'default',
-          intentSource: 'deterministic',
+          goalSource: 'deterministic',
           proposedSurfacePolicy: {
             tier: 'declarative',
             purpose: 'explore',
@@ -319,18 +326,22 @@ test('generate showcase uses the agent broker by default', async ({ page }) => {
             grants: ['search'],
             persistence: 'replayable',
           },
-          rejectedCapabilities: [],
+          rejectedTools: [],
           rejectedComponents: [],
           fallback: false,
         },
       },
       { op: 'meta', path: '/surface-policy', value: { tier: 'declarative', purpose: 'explore', grants: ['search'] } },
       { op: 'meta', path: '/surface-plan', value: hostSearchPlan },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
       {
-        op: 'add',
-        path: '/section/main',
-        html: '<section><h1>Dinner Finder</h1><button data-summon-intent="search">Search</button></section>',
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'export default html`<section><h1>Dinner Finder</h1><button>Search</button></section>`',
+          },
+        },
       },
       {
         op: 'meta',
@@ -338,12 +349,10 @@ test('generate showcase uses the agent broker by default', async ({ page }) => {
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       },
     ]);
@@ -359,22 +368,149 @@ test('generate showcase uses the agent broker by default', async ({ page }) => {
   expect(captured.agent).toEqual({ enabled: true });
   expect(captured.surfacePolicy).toBeUndefined();
   expect(captured.surfacePlan).toBeUndefined();
-  expect(captured.capabilities.intents.map((intent: any) => intent.name)).toEqual(['search']);
-  expect(captured.scriptPolicy).toBe('forbid');
+  expect(captured.tools.tools.map((tool: any) => tool.name)).toEqual(['search']);
+  expect(captured.scriptPolicy).toBeUndefined();
   await expect(page.locator('#contract-summary [data-contract-row="broker"]')).toContainText('default');
   await expect(page.locator('#log')).toContainText('agent policy');
 });
 
+test('generate showcase renders Arrow artifacts in the sandbox', async ({ page }) => {
+  await page.route('**/api/generate', async (route) => {
+    const body = jsonl([
+      { op: 'meta', path: '/surface-plan', value: { ...hostSearchPlan, data: 'embedded', authority: 'none' } },
+      {
+        op: 'artifact',
+        path: '/artifact',
+        value: {
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'export default html`<section id="arrow-probe" style="color:black;padding:20px"><h1>Arrow rendered</h1><p>Inside sandbox.</p></section>`',
+          },
+        },
+      },
+      {
+        op: 'meta',
+        path: '/stream-graph-summary',
+        value: {
+          health: {
+            complete: true,
+            blockedCount: 0,
+            skippedCount: 0,
+          },
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
+        },
+      },
+    ]);
+    await route.fulfill({ status: 200, contentType: 'text/plain', body });
+  });
+
+  await page.goto('/generate');
+  await page.locator('#go').click();
+
+  await expect(page.locator('#iframe-status')).toContainText('done');
+  const sandbox = page.frameLocator('#sandbox');
+  await expect(sandbox.locator('#arrow-probe')).toBeVisible({ timeout: 15_000 });
+  await expect(sandbox.locator('#arrow-probe')).toContainText('Arrow rendered');
+});
+
+test('generate static summary scenario renders read-only Arrow artifacts', async ({ page }) => {
+  let captured: any = null;
+  await page.route('**/api/generate', async (route) => {
+    captured = route.request().postDataJSON();
+    const body = jsonl([
+      { op: 'meta', path: '/surface-plan', value: staticSummaryPlan },
+      arrowHtmlArtifact('<section id="static-probe"><h1>Static rendered</h1><p>Read-only summary.</p></section>'),
+      {
+        op: 'meta',
+        path: '/stream-graph-summary',
+        value: {
+          health: {
+            complete: true,
+            blockedCount: 0,
+            skippedCount: 0,
+          },
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
+        },
+      },
+    ]);
+    await route.fulfill({ status: 200, contentType: 'text/plain', body });
+  });
+
+  await page.goto('/generate');
+  await page.locator('#scenario').selectOption('static-summary');
+  await page.locator('#go').click();
+
+  await expect(page.locator('#iframe-status')).toContainText('done');
+  const sandbox = page.frameLocator('#sandbox');
+  await expect(sandbox.locator('#static-probe')).toBeVisible({ timeout: 15_000 });
+  await expect(sandbox.locator('#static-probe')).toContainText('Static rendered');
+  expect(captured.mode).toBeUndefined();
+  expect(captured.surfacePlan).toBeUndefined();
+  expect(captured.surfacePolicy).toBeUndefined();
+  expect(captured.agent).toEqual({ enabled: true });
+  expect(captured.tools.tools).toEqual([]);
+});
+
+test('generate static summary shows streamed server errors instead of a blank stage', async ({ page }) => {
+  await page.route('**/api/generate', async (route) => {
+    const body = jsonl([
+      { op: 'meta', path: '/surface-plan', value: staticSummaryPlan },
+      { op: 'meta', path: '/error', value: 'model provider could not produce a surface' },
+      {
+        op: 'meta',
+        path: '/stream-graph-summary',
+        value: {
+          health: {
+            complete: false,
+            blockedCount: 0,
+            skippedCount: 0,
+          },
+          artifacts: [],
+        },
+      },
+    ]);
+    await route.fulfill({ status: 200, contentType: 'text/plain', body });
+  });
+
+  await page.goto('/generate');
+  await page.locator('#scenario').selectOption('static-summary');
+  await page.locator('#go').click();
+
+  await expect(page.locator('#stage-notice')).toBeVisible();
+  await expect(page.locator('#stage-notice')).toContainText('Generation failed');
+  await expect(page.locator('#stage-notice')).toContainText('model provider could not produce a surface');
+  await page.locator('#open-diagnostics').click();
+  await expect(page.locator('#diagnostics-stream')).toBeVisible();
+  await expect(page.locator('#log')).toContainText('model provider could not produce a surface');
+});
+
+test('generate static summary shows HTTP setup errors instead of a blank stage', async ({ page }) => {
+  await page.route('**/api/generate', async (route) => {
+    await route.fulfill({
+      status: 400,
+      contentType: 'application/json',
+      body: JSON.stringify({ error: 'missing ANTHROPIC_API_KEY' }),
+    });
+  });
+
+  await page.goto('/generate');
+  await page.locator('#scenario').selectOption('static-summary');
+  await page.locator('#go').click();
+
+  await expect(page.locator('#stage-notice')).toBeVisible();
+  await expect(page.locator('#stage-notice')).toContainText('Generation failed');
+  await expect(page.locator('#stage-notice')).toContainText('HTTP 400: missing ANTHROPIC_API_KEY');
+});
+
 test('batch page brokers each generation request', async ({ page }) => {
   const captured: any[] = [];
   await page.route('**/api/generate', async (route) => {
     const request = route.request().postDataJSON();
     captured.push(request);
     const body = jsonl([
-      { op: 'meta', path: '/agent-intent', value: { purpose: 'inform', interaction: 'none', dataNeed: 'embedded', sideEffect: 'none', requestedCapabilities: [], requestedComponents: [], confidence: 0.58 } },
-      { op: 'meta', path: '/agent-policy-resolution', value: { source: 'default', intentSource: 'deterministic', surfacePolicy: { tier: 'static', purpose: 'inform', persistence: 'replayable' }, rejectedCapabilities: [], rejectedComponents: [], fallback: false } },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
-      { op: 'add', path: '/section/main', html: '<section><h1>Batch brokered</h1></section>' },
+      { op: 'meta', path: '/agent-goal', value: { purpose: 'inform', interaction: 'none', dataNeed: 'embedded', sideEffect: 'none', requestedTools: [], requestedComponents: [], confidence: 0.58 } },
+      { op: 'meta', path: '/agent-policy-resolution', value: { source: 'default', goalSource: 'deterministic', surfacePolicy: { tier: 'static', purpose: 'inform', persistence: 'replayable' }, rejectedTools: [], rejectedComponents: [], fallback: false } },
+      arrowHtmlArtifact('<section><h1>Batch brokered</h1></section>'),
     ]);
     await route.fulfill({ status: 200, contentType: 'text/plain', body });
   });
@@ -391,74 +527,24 @@ test('batch page brokers each generation request', async ({ page }) => {
   await expect(page.locator('#grid')).toContainText('agent policy');
 });
 
-test('fragment compare launches section and html node streams from the same prompt', async ({ page }) => {
-  const captured: any[] = [];
-  let releaseBoth!: () => void;
-  const bothArrived = new Promise<void>((resolve) => {
-    releaseBoth = resolve;
-  });
-
-  await page.route('**/api/generate', async (route) => {
-    const request = route.request().postDataJSON();
-    captured.push(request);
-    if (captured.length === 2) releaseBoth();
-    await bothArrived;
-
-    const body = request.fragmentMode === 'html-node-v0'
-      ? jsonl([
-          { op: 'meta', path: '/agent-intent', value: { purpose: 'review', interaction: 'none', dataNeed: 'embedded', sideEffect: 'none', requestedCapabilities: [], requestedComponents: [], confidence: 0.58 } },
-          { op: 'meta', path: '/agent-policy-resolution', value: { source: 'default', intentSource: 'deterministic', surfacePolicy: { tier: 'static', purpose: 'review', persistence: 'replayable' }, rejectedCapabilities: [], rejectedComponents: [], fallback: false } },
-          { op: 'meta', path: '/experimental-fragments', value: { mode: 'html-node-v0' } },
-          { op: 'set', path: '/screen', value: { sections: ['main'] } },
-          { op: 'add', path: '/section/main/node/root', html: '<div data-summon-node="root"></div>' },
-          { op: 'add', path: '/section/main/node/card', parent: 'root', html: '<article data-summon-node="card"><h1>Node stream</h1><div data-summon-node-children><div data-summon-skeleton></div></div></article>' },
-          { op: 'add', path: '/section/main/node/body', parent: 'card', html: '<p data-summon-node="body">Rendered as HTML node patches.</p>' },
-        ])
-      : jsonl([
-          { op: 'meta', path: '/agent-intent', value: { purpose: 'review', interaction: 'none', dataNeed: 'embedded', sideEffect: 'none', requestedCapabilities: [], requestedComponents: [], confidence: 0.58 } },
-          { op: 'meta', path: '/agent-policy-resolution', value: { source: 'default', intentSource: 'deterministic', surfacePolicy: { tier: 'static', purpose: 'review', persistence: 'replayable' }, rejectedCapabilities: [], rejectedComponents: [], fallback: false } },
-          { op: 'set', path: '/screen', value: { sections: ['main'] } },
-          { op: 'add', path: '/section/main', html: '<section><h1>Section stream</h1><p>Rendered as section fragments.</p></section>' },
-        ]);
-    await route.fulfill({ status: 200, contentType: 'text/plain', body });
-  });
-
-  await page.goto('/fragment-compare');
-  await expect(page.locator('#prompt-preset-matrix')).toContainText('Operational workflows');
-  await expect(page.locator('#prompt-preset-matrix')).toContainText('Complex');
-  await page.getByRole('button', { name: /Operational workflows, Complex: Migration Control/ }).click();
-  const prompt = await page.locator('#prompt').inputValue();
-  expect(prompt).toContain('migration control room');
-  await page.locator('#run').click();
-
-  await expect.poll(() => captured.length).toBe(2);
-  const sectionRequest = captured.find((request) => request.fragmentMode !== 'html-node-v0');
-  const nodeRequest = captured.find((request) => request.fragmentMode === 'html-node-v0');
-  expect(sectionRequest?.prompt).toBe(prompt);
-  expect(nodeRequest?.prompt).toBe(prompt);
-  expect(sectionRequest?.agent).toEqual({ enabled: true });
-  expect(nodeRequest?.agent).toEqual({ enabled: true });
-  expect(sectionRequest?.surfacePlan).toBeUndefined();
-  expect(nodeRequest?.surfacePlan).toBeUndefined();
-  expect(sectionRequest?.directionId).toBe('');
-  expect(nodeRequest?.directionId).toBe('');
-  expect(sectionRequest?.modelOptions).toEqual(nodeRequest?.modelOptions);
-  expect(sectionRequest?.modelOptions?.anthropicThinking).toBe('off');
-  expect(sectionRequest?.fragmentMode).toBeUndefined();
-  expect(nodeRequest?.fragmentMode).toBe('html-node-v0');
-
-  await expect(page.locator('#section-status')).toContainText('done');
-  await expect(page.locator('#block-status')).toContainText('done');
-  await expect(page.frameLocator('#section-frame').locator('body')).toContainText('Section stream');
-  await expect(page.frameLocator('#block-frame').locator('body')).toContainText('Node stream');
-  await expect(page.locator('#block-metrics')).toContainText('patches');
+test('unknown demo routes redirect to Arrow generate workbench', async ({ page }) => {
+  await page.goto('/unknown-route');
+  await expect(page).toHaveURL(/\/generate$/);
+  await expect(page.locator('#scenario')).toContainText('Host Data Search');
 });
 
-test('generate showcase sends raw SurfacePlan from the advanced override', async ({ page }) => {
+test('generate showcase sends SurfacePolicy from the advanced override', async ({ page }) => {
   let captured: any = null;
   await page.route('**/api/generate', async (route) => {
     captured = route.request().postDataJSON();
-    const surfacePlan = captured.surfacePlan;
+    const surfacePlan = {
+      purpose: captured.surfacePolicy?.purpose ?? 'collect',
+      runtime: 'arrow',
+      data: 'embedded',
+      authority: 'host-action',
+      persistence: captured.surfacePolicy?.persistence ?? 'replayable',
+      network: 'none',
+    };
     const body = jsonl([
       { op: 'meta', path: '/surface-plan', value: surfacePlan },
       { op: 'meta', path: '/shape', value: 'card' },
@@ -470,29 +556,17 @@ test('generate showcase sends raw SurfacePlan from the advanced override', async
           rejected: [],
         },
       },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
-      {
-        op: 'add',
-        path: '/section/main',
-        html: '<section><form data-summon-on-submit="submit"><input name="title"><button>Save</button></form></section>',
-      },
-      {
-        op: 'meta',
-        path: '/repair-summary',
-        value: { queued: 0, cancelled: 0, repaired: 0, failed: 0 },
-      },
+      arrowHtmlArtifact('<section><form id="override-form"><label>Title <input name="title" /></label><button>Save</button></form></section>'),
       {
         op: 'meta',
         path: '/stream-graph-summary',
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       },
     ]);
@@ -500,45 +574,44 @@ test('generate showcase sends raw SurfacePlan from the advanced override', async
   });
 
   await page.goto('/generate');
-  await expect(page.locator('#scenario')).toContainText('Validation Retry Diagnostics');
-  await page.locator('#scenario').selectOption('repair-diagnostics');
+  await expect(page.locator('#scenario')).toContainText('Declarative form');
+  await page.locator('#scenario').selectOption('declarative-form');
+  await page.getByRole('button', { name: 'Options' }).click();
   await page.locator('#token-preset').selectOption('accent-blue');
 
-  await expect(page.locator('#prompt')).toHaveValue(/onboarding checklist/);
-  await expect(page.locator('[data-scenario-id="repair-diagnostics"][aria-pressed="true"]')).toContainText('Validation Retry Diagnostics');
-  await expect(page.locator('#repair-enabled')).toBeChecked();
+  await expect(page.locator('#prompt')).toHaveValue(/team lunch order/);
+  await expect(page.locator('#scenario')).toHaveValue('declarative-form');
   await expect(page.locator('#custom-contract-panel')).toBeHidden();
   await page.locator('#custom-contract-enabled').check();
   await expect(page.locator('#custom-contract-panel')).toBeVisible();
   await expect(page.locator('#surface-purpose')).toHaveValue('collect');
-  await expect(page.locator('#edit-card')).toBeHidden();
+  await page.getByRole('button', { name: 'Close' }).click();
 
   await page.locator('#go').click();
   await expect(page.locator('#iframe-status')).toContainText('done');
-  await expect(page.locator('#result-toolbar')).toBeVisible();
-  await expect(page.locator('#edit-card')).toBeVisible();
+  await expect(page.frameLocator('#sandbox').locator('#override-form')).toBeVisible();
+  await page.getByRole('button', { name: 'Options' }).click();
   await expect(page.locator('#contract-summary [data-contract-row="effective"]')).toContainText(
-    'collect · declarative',
+    'collect · arrow',
   );
 
   expect(captured).toBeTruthy();
-  expect(captured.mode).toBe('interactive');
-  expect(captured.scriptPolicy).toBe('forbid');
-  expect(captured.surfacePolicy).toBeUndefined();
-  expect(captured.surfacePlan).toEqual({
+  expect(captured.mode).toBeUndefined();
+  expect(captured.scriptPolicy).toBeUndefined();
+  expect(captured.surfacePlan).toBeUndefined();
+  expect(captured.surfacePolicy).toEqual({
+    tier: 'declarative',
     purpose: 'collect',
-    runtime: 'declarative',
-    data: 'embedded',
-    authority: 'host-action',
     persistence: 'replayable',
+    grants: ['submit'],
   });
-  expect(captured.capabilities.intents.map((intent: any) => intent.name)).toEqual(['submit']);
-  expect(captured.capabilities.intents[0].surface).toEqual({ authority: 'host-action' });
+  expect(captured.tools.tools.map((tool: any) => tool.name)).toEqual(['submit']);
+  expect(captured.tools.tools[0].surface).toEqual({ authority: 'host-action' });
   expect(captured.tokenOverrides).toEqual({
     'color-accent': '#0f8cff',
     'color-accent-fg': '#ffffff',
   });
-  expect(captured.repair).toEqual({ enabled: true, maxAttempts: 1, maxTargets: 2 });
+  expect(captured.repair).toBeUndefined();
 });
 
 test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page }) => {
@@ -583,13 +656,13 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
       },
       {
         op: 'meta',
-        path: '/agent-intent',
+        path: '/agent-goal',
         value: {
           purpose: 'review',
           interaction: 'select',
           dataNeed: 'embedded',
           sideEffect: 'local-state',
-          requestedCapabilities: ['choose'],
+          requestedTools: ['choose'],
           requestedComponents: [],
           confidence: 0.72,
         },
@@ -599,31 +672,28 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
         path: '/agent-policy-resolution',
         value: {
           source: 'default',
-          intentSource: 'deterministic',
+          goalSource: 'deterministic',
           surfacePolicy: {
             tier: 'declarative',
             purpose: 'review',
             grants: ['choose'],
             persistence: 'replayable',
           },
-          rejectedCapabilities: [],
+          rejectedTools: [],
           rejectedComponents: [],
           fallback: false,
         },
       },
       { op: 'meta', path: '/surface-policy', value: { tier: 'declarative', purpose: 'review', grants: ['choose'] } },
       { op: 'meta', path: '/surface-plan', value: componentIslandsPlan },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
-      { op: 'add', path: '/section/main', html: '<section><h1>Checkout Review</h1><button data-summon-on-click="choose">Accept</button></section>' },
       {
-        op: 'meta',
-        path: '/ghost-token-source',
+        op: 'artifact',
+        path: '/artifact',
         value: {
-          kind: 'css',
-          source: 'ghost-config-token-css',
-          css: ':root { --color-bg: #fafafa; --color-accent: #1a73e8; }',
-          baseDirectionId: 'ghost',
-          warnings: [],
+          runtime: 'arrow',
+          source: {
+            'main.ts': 'export default html`<section><h1>Checkout Review</h1><button>Accept</button></section>`',
+          },
         },
       },
       {
@@ -632,7 +702,8 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
         value: {
           baseDirectionId: 'ghost',
           styleSource: 'ghost-config-token-css',
-          declaredSections: ['main'],
+          artifactRuntime: 'arrow',
+          artifactFiles: ['main.ts'],
           validation: { blocked: 0, warnings: 0 },
         },
       },
@@ -642,12 +713,10 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       },
     ]);
@@ -661,7 +730,7 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
 
   await expect(page.locator('#iframe-status')).toContainText('done');
   await expect(page.locator('#log')).toContainText('fingerprint context');
-  await expect(page.locator('#log')).toContainText('Checkout Review');
+  await expect(page.frameLocator('#sandbox').locator('h1')).toContainText('Checkout Review');
   await expect(page.locator('#log')).toContainText('fingerprint review packet');
 
   expect(captured).toBeTruthy();
@@ -674,7 +743,7 @@ test('generate loads Ghost root scenario and logs Ghost metadata', async ({ page
   expect(captured.agent).toEqual({ enabled: true });
   expect(captured.surfacePolicy).toBeUndefined();
   expect(captured.surfacePlan).toBeUndefined();
-  expect(captured.capabilities.intents.map((intent: any) => intent.name)).toEqual(['choose']);
+  expect(captured.tools.tools.map((tool: any) => tool.name)).toEqual(['choose']);
 });
 
 test('component islands render in host overlay without widening the sandbox', async ({ page }) => {
@@ -694,13 +763,13 @@ test('component islands render in host overlay without widening the sandbox', as
     const body = jsonl([
       {
         op: 'meta',
-        path: '/agent-intent',
+        path: '/agent-goal',
         value: {
           purpose: 'review',
           interaction: 'select',
           dataNeed: 'embedded',
           sideEffect: 'local-state',
-          requestedCapabilities: ['choose'],
+          requestedTools: ['choose'],
           requestedComponents: ['MetricCard', 'TrendSparkline', 'ApprovalStatus'],
           confidence: 0.72,
         },
@@ -710,28 +779,25 @@ test('component islands render in host overlay without widening the sandbox', as
         path: '/agent-policy-resolution',
         value: {
           source: 'default',
-          intentSource: 'deterministic',
+          goalSource: 'deterministic',
           surfacePolicy: componentIslandsPolicy,
-          rejectedCapabilities: [],
+          rejectedTools: [],
           rejectedComponents: [],
           fallback: false,
         },
       },
       { op: 'meta', path: '/surface-plan', value: componentIslandsPlan },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
-      { op: 'add', path: '/section/main', html },
+      arrowHtmlArtifact(html),
       {
         op: 'meta',
         path: '/stream-graph-summary',
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       },
     ]);
@@ -742,6 +808,7 @@ test('component islands render in host overlay without widening the sandbox', as
   await page.locator('#scenario').selectOption('component-islands');
   await page.locator('#go').click();
 
+  await expect(page.locator('#iframe-status')).toContainText('done');
   await page.locator('#sandbox').scrollIntoViewIfNeeded();
   const sandbox = page.frameLocator('#sandbox');
   await expect(sandbox.locator('#sandbox-proof')).toContainText('Sandbox placeholder only');
@@ -758,7 +825,7 @@ test('component islands render in host overlay without widening the sandbox', as
   expect(captured.agent).toEqual({ enabled: true });
   expect(captured.surfacePolicy).toBeUndefined();
   expect(captured.surfacePlan).toBeUndefined();
-  expect(captured.scriptPolicy).toBe('forbid');
+  expect(captured.scriptPolicy).toBeUndefined();
 
   await expect(sandbox.locator('[data-summon-component-id="launch-score"]')).not.toContainText('84');
 
@@ -799,20 +866,17 @@ test('component island prop failures do not render host DOM and emit diagnostics
       </section>`;
     const body = jsonl([
       { op: 'meta', path: '/surface-plan', value: componentIslandsPlan },
-      { op: 'set', path: '/screen', value: { sections: ['main'] } },
-      { op: 'add', path: '/section/main', html },
+      arrowHtmlArtifact(html),
       {
         op: 'meta',
         path: '/stream-graph-summary',
         value: {
           health: {
             complete: true,
-            missingDeclared: [],
             blockedCount: 0,
             skippedCount: 0,
-            repairedCount: 0,
           },
-          sections: [],
+          artifacts: [{ revision: 1, runtime: 'arrow', bytes: 1 }],
         },
       },
     ]);