feat(rebrand): light-mode pastel identity — blue + cream palette + new logo

.claude/launch.json

@@ -3,12 +3,9 @@
   "configurations": [
     {
       "name": "dev",
-      "runtimeExecutable": "/Users/yantr/.nvm/versions/node/v24.13.1/bin/node",
-      "runtimeArgs": [
-        "/Users/yantr/Desktop/HoundShield.Online-main/compliance-firewall-agent/node_modules/next/dist/bin/next",
-        "dev",
-        "/Users/yantr/Desktop/HoundShield.Online-main/compliance-firewall-agent"
-      ],
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run", "dev"],
+      "cwd": "/Users/yantr/Desktop/HoundShield-main/.claude/worktrees/beautiful-wiles-b5b879/compliance-firewall-agent",
       "port": 3000
     }
   ]

.claude/rules/frontend.md

@@ -8,17 +8,23 @@ paths:
 # Frontend Rules — Hound Shield
 
 ## Design System (NEVER violate)
-- Homepage bg: `bg-[#07070b]` — never `bg-white`, `bg-surface`, `bg-slate-*`
-- Alt section bg: `bg-[#0d0d14]`
-- Brand gold: `brand-400` CSS variable — NEVER `amber-*`, `yellow-*`, `indigo-*`, `blue-*`
-- Cards: `bg-white/[0.03]` + `border border-white/[0.08]` for glass surfaces
+- **Theme default: LIGHT.** `<html className="scroll-smooth">` — no `dark` class on root.
+- Homepage bg: `bg-[#FBF8F2]` (cream-50) — never `bg-black`, `bg-slate-900`, raw dark hexes
+- Alt section bg: `bg-[#F3E3D0]` (cream-100, palette Cream)
+- Surface accent: `bg-[#E5D2BD]` (cream-200) / `bg-[#D2C4B4]` (palette Beige)
+- Brand blue: `brand-500` (#81A6C6, palette Blue) — primary CTA, focus, accents
+- Brand text on light bg: `text-brand-700` or darker (brand-500 fails WCAG AA on cream)
+- CTAs: `bg-brand-500 text-white hover:bg-brand-600`
+- NEVER `amber-*`, `yellow-*`, `orange-*`, `indigo-*` — use `brand-*` (which is now blue)
+- Semantic colors stay: `success` (emerald), `danger` (red), `warning` (amber DEFAULT token only via theme — not raw `amber-400`)
+- Cards: `bg-white/80` + `border border-slate-200` for glass on light
 - Typography: `font-editorial` (display headers), `font-mono` (metrics/code)
-- Dark mode always: `<html className="dark scroll-smooth">`
+- Dark mode = optional inverse via theme toggle; `.dark` class on `html` enables it
 
 ## Styling
 - Tailwind CSS ONLY — no inline styles (exception: radial-gradient as `style` prop only)
 - `cn()` for conditional class merging
-- No flat black — use gradients, glass borders, glows for depth
+- Soft pastel surfaces; no flat white — use cream/beige gradients, subtle blue glows for depth
 
 ## Components
 - Functional components + hooks only
@@ -28,5 +34,6 @@ paths:
 - `transformStyle: "preserve-3d"` + Framer Motion `motion.div` = crash — never combine
 - Components max 500 lines — split into co-located files if larger
 - Every new feature: error boundary + loading state
-- `next/image` for all images
-- Custom cursor `CursorGlow` on `pointer:fine` — never break it
+- `next/image` for all images (including the logo)
+- Logo: `<Logo />` component renders `/houndshield-logo.png` via `next/image`
+- Custom cursor `CursorGlow` on `pointer:fine` — never break it; tint = `brand-500` rgba

CLAUDE.md

@@ -1,156 +1,44 @@
-# HoundShield — Project Brain (HERMES Doctrine, compass-corrected 2026-05-26)
+# HoundShield — Project Brain (HERMES Doctrine)
 
 ## Product
-OpenAI-compatible compliance proxy. Intercepts prompts before they reach ChatGPT, Copilot, or Claude. Local scan <10ms. 16 detection engines (CUI/PHI/PII/IP/ITAR). SHA-256 hash-chained audit log. Generates PDF mapped to NIST 800-171 Rev 2 controls.
+Local-only AI compliance firewall. Intercepts every AI prompt before it leaves the network. Enforces CMMC Level 2, SOC 2, HIPAA. 16 detection engines. <10ms latency. One proxy URL change to deploy.
 
-## Three Deployment Modes (NEVER conflate)
-| Mode | Stack | CUI-safe? | Audience |
-|------|-------|-----------|----------|
-| A | `proxy.houndshield.com` (Vercel) | NO — not FedRAMP-authorized | Demo, non-CUI evaluation only |
-| B | Self-hosted Docker on customer infra | YES — data never leaves boundary | CUI-handling contractors |
-| C | Air-gapped customer network | YES | Enterprise, IL-5+ |
-
-**Architecture truth:** Marketing/dashboard plane runs on Vercel. Vercel is NOT FedRAMP-authorized. Any C3PAO assessor will flag this if shown the hosted endpoint as the production CUI path. Mode B (Docker) is the answer. The CUI-safe claim is true ONLY in Mode B/C. Be explicit about this distinction before every sales conversation.
-
-**Brain AI restriction:** Brain AI routes through OpenRouter → commercial LLM endpoints (not FedRAMP-authorized). Any CUI input to Brain AI is a CMMC spillage event. Must display: "Do not input CUI. This feature routes to a commercial cloud endpoint." If warning is not yet live, Brain AI is removed from the homepage.
-
----
-
-## Prime Objective — Stage 1 (by June 25, 2026)
-
-- **3 paid $499 CMMC AI Risk Reports** closed (any vertical: healthcare/defense/legal)
-- **1 RPO or CMMC-focused MSP** signed referral agreement (40–50% rev share on $499 co-brand)
-
-The "10 SaaS customers by June 10" goal is dead — median B2B SaaS cycle is 84 days. The above is the revised, arithmetic-honest milestone.
-
----
-
-## Session Start Protocol
-
-Output this block first thing every session:
-
-```
-HERMES BRIEFING — [DATE]
-DAYS TO JUNE 25 CHECKPOINT:    [X]
-PAID GAP REPORTS CLOSED:       [X] / 3
-RPO/MSP REFERRAL AGREEMENTS:   [X] / 1
-ARCHITECTURE STATUS:           Vercel (trial) / Docker (CUI-safe) / [customer's stack]
-BRAIN AI STATUS:               ON (non-CUI only, warning live) / OFF
-TODAY'S PRIORITY:              [derive from stage]
-```
-
-Then ask: "What are we shipping today?"
+Target buyer: Jordan — IT Security Manager at 50-250 person DoD contractor facing CMMC Level 2 deadline.
+Pricing: Free → $199 Pro → $499 Growth → $999 Enterprise → $2,499 Agency/mo.
+**Prime objective: $5,000 MRR in 30 days → $10K MRR → YC S26/W27.**
 
 ---
 
 ## HERMES AI Swarm — Agent Roster
 
-Each agent runs OODA loop (Observe → Orient → Decide → Act). Self-corrects via `tasks/lessons.md`. Self-terminates if KPI missed 3 cycles. No agent overrides prime objective. No agent works outside its domain without team-lead escalation.
+Each agent runs OODA loop (Observe → Orient → Decide → Act). Self-corrects via `tasks/lessons.md`. Self-terminates if KPI missed 3 cycles.
 
 | Agent    | Role                  | Owns                                                              |
 |----------|-----------------------|-------------------------------------------------------------------|
 | ATLAS    | Backend + Infra       | Supabase schema, API routes, migrations, Stripe wiring            |
-| FORGE    | Frontend + UI         | Design system, all components, landing page                       |
-| CIPHER   | LLM Orchestration     | OpenRouter routing, Brain AI (with CUI warning gate), prompt chains |
-| STRIKER  | Revenue + Growth      | RPO outreach, $499 gap-report funnel, pricing coherence           |
+| FORGE    | Frontend + UI         | Design system, all components, landing page, light-mode rebuild   |
+| CIPHER   | LLM Orchestration     | OpenRouter routing, Brain AI, prompt chains                       |
+| STRIKER  | Revenue + Growth      | Pricing coherence, onboarding funnel, MRR tracking                |
 | GUARDIAN | QA + Testing          | Test coverage gates, pre-commit hooks, E2E                        |
-| SCRIBE   | Docs                  | CLAUDE.md, PRD, README, docs/ folder, SEO articles                |
+| SCRIBE   | Docs                  | CLAUDE.md, PRD, README, docs/ folder                             |
 | ORACLE   | Research              | Market research, competitor mapping, product ideas                |
 
----
-
-## Three Buyers (sales-cycle speed order)
-
-1. **Rachel H. — Healthcare Privacy Officer / CISO** (30–90 days, fastest)
-   - 50–300-person physician group or clinic
-   - Pain: nurses pasting patient data into ChatGPT (not HIPAA-compliant without BAA)
-   - Budget: $299–$799/month. No FedRAMP requirement on vendor.
-   - Evidence: 81% of healthcare data policy violations involve regulated data (Netskope, May 2025).
-
-2. **Jordan M. — Defense IT Security Manager** (90–180 days)
-   - 50–500-person DoD subcontractor
-   - Pain: employees pasting CUI into ChatGPT. No audit trail. C3PAO assessment due.
-   - Budget: $500–$1,500/month. Needs: Mode B (Docker), SHA-256 log, C3PAO PDF.
-   - Blocker: SOC 2 Type I before mid-market DIB will sign.
-
-3. **Marcus T. — Law Firm IT Director** (45–90 days)
-   - 50–500-attorney firm
-   - Pain: attorneys pasting privileged comms into ChatGPT (state bar AI ethics opinions, 2024–2025)
-   - Budget: $500–$2,000/month.
-
-**Sequence:** Lead with Rachel. Use Jordan wins as CMMC validation. Add Marcus when bandwidth exists.
+**No agent overrides prime objective. No agent works outside its domain without team-lead escalation.**
 
 ---
 
-## Lead Product — $499 CMMC AI Risk Assessment Report
+## Manager Mode (ACTIVE)
 
-**What it is:** 14-day proxy deployment in customer's environment. SHA-256-signed PDF showing every AI prompt event risk-scored against NIST 800-171 controls. No subscription. No MSA needed for a $499 PO. Bypasses procurement.
+Before every task:
+1. Is this in the active sprint in `tasks/todo.md`?
+2. Does it serve Jordan (the CMMC buyer) directly?
+3. Are we building a feature or building distribution?
 
-**Who buys it:** Jordan and Rachel both buy this before they buy a subscription.
+If unclear → **[MANAGER CHECK]** This looks like [X]. Sprint goal is [Y]. Deliberately shifting?
 
-**Why it works:** RPOs charge $5K–$15K for gap assessments. $499 is impulse. Report becomes evidence of both problem AND solution.
+**Drift indicators:** UI polish before paying customers · features for hypothetical buyers · refactoring without a failing test · non-Jordan work before Sprint 2 complete.
 
-**RPO white-label:** $299 wholesale → RPO charges client $499–$999.
-
-**DO NOT** lead with $199/mo SaaS subscription. Subscription requires procurement review. $499 PO does not.
-
----
-
-## Pricing (revised)
-
-**Stage 1 (now — June 25):**
-- CMMC AI Risk Assessment Report: $499 one-time (primary product)
-- RPO co-brand wholesale: $299 → RPO marks up
-
-**Stage 2 (July–September 2026, only after Stage 1 triggers hit):**
-- Starter: $299/mo — quarterly gap report, basic monitoring
-- Pro: $799/mo — continuous detection, Slack alerts, C3PAO PDF
-- Enterprise: $1,499/mo — on-prem Docker, dedicated CSM, air-gapped option
-- Audit Pack: $999 one-time — SSP + POA&M + 14 policy templates + 1-hr expert review
-
-Annual discount: 17%. 30-day money-back. ONE pricing grid. No Federal tier until SOC 2 lands.
-
----
-
-## Channel — RPOs and MSPs ONLY
-
-**NEVER C3PAOs.** C3PAOs are legally prohibited from product recommendations to clients they assess (32 CFR Part 170, CMMC CoPC, ISO 17020 cooling-off).
-
-**Target list:** 50 RPOs from Cyber AB Marketplace.
-**Top names:** Summit 7, MAD Security, CyberSheath, CompliancePoint, BEMO, Steel Root, Etactics.
-**Offer:** 40–50% rev share on $499 gap-report co-brand.
-
----
-
-## Manager Mode — Counter-Intelligence Protocol
-
-Before executing ANY new request:
-1. Does this help close 1+ paid gap report or RPO agreement by June 25?
-2. Does it map to a NIST 800-171 / HIPAA control the buyer needs evidence for?
-3. Under $500 and under 8 hours of solo founder time?
-4. Is it on the NEVER DO list?
-5. Does it expose the Vercel/OpenRouter stack issue to a buyer before we've addressed it?
-
-If any check fails: **[HERMES CHALLENGE]** [reason] / Cost: [tradeoff] / Recommendation: [drop/defer/modify] / Override? Y/N
-
-**Drift indicators:** UI polish before paying customers · features for hypothetical buyers · refactoring without a failing test · subscription-first pitches · C3PAO outreach.
-
----
-
-## NEVER DO List
-
-- ✗ Claim "10 customers by June 10" — impossible with 84-day median B2B SaaS cycle
-- ✗ Pitch C3PAOs as referral/endorsement channel — legally prohibited
-- ✗ Lead with $199/mo SaaS before proving $499 gap report sells
-- ✗ Claim hosted endpoint (Vercel) is CUI-safe — NOT FedRAMP-authorized
-- ✗ Allow Brain AI to process CUI without explicit warning + user consent
-- ✗ Publish fictional metrics ("500+ teams," "2M+ scans") — defense/healthcare buyers verify
-- ✗ Mobile app before 50 customers
-- ✗ Israel / Mossad / foreign defense (12–24 month motion)
-- ✗ Generic "AI security" positioning — always: "AI prompt compliance for CMMC / HIPAA"
-- ✗ Features without NIST 800-171 or HIPAA control mapping
-- ✗ Lower gap report below $499 — anchors value
-- ✗ A second pricing grid
+**Current sprint:** Sprint 2 — 10 paying customers by Day 14, $5K MRR by Day 30.
 
 ---
 
@@ -172,60 +60,52 @@ Rules:
 
 ## Task Management
 
-- All tasks in `tasks/todo.md`. Stage 1 → `## Stage 1`. Done → `## Done`.
+- All tasks in `tasks/todo.md`. Active → `## Active`. Done → `## Done`.
 - Add to backlog before starting. Never work from memory.
 - Corrections → dated entry in `tasks/lessons.md`.
 
 ---
 
 ## Core Principles
 
-1. **Local-only data boundary is sacred** — in Mode B/C only. Mode A is trial, not CUI-safe. Any code or copy implying otherwise is CRITICAL.
+1. **Local-only data boundary is sacred.** Prompt content never leaves the customer's machine. Only license key hash + prompt count go external. Any violation is CRITICAL.
 2. **Compliance accuracy over features.** 16 CUI patterns, 110 NIST 800-171 Rev 2 controls, SPRS weights must be correct. Run `compliance-specialist` before any engine change.
-3. **Sequenced beachhead.** Lead with healthcare (Rachel — fastest). Layer in defense (Jordan) and legal (Marcus). One vertical landing page per stage gate.
-4. **Revenue before polish.** If a feature doesn't close a $499 gap report or sign an RPO, it waits.
-
----
-
-## Architecture Critical Path
-
-| Timeline | Action |
-|----------|--------|
-| Now      | Add explicit "Mode B (Docker) required for CUI workloads" warning everywhere |
-| Stage 1  | Publish `houndshield/proxy:latest` to Docker Hub + 60-second deploy video |
-| Stage 2  | Begin SOC 2 Type I (Vanta/Drata, ~$5K–$15K, 60–90 days) |
-| Stage 3  | Begin AWS GovCloud deployment option for larger DIB contracts |
-
----
-
-## Kill Criteria (September 1, 2026)
-
-If ANY TWO are true → shut down or pivot:
-- Fewer than 5 paid customers (any product, any price)
-- No signed channel partner generating leads
-- CMMC Phase 2 enforcement officially extended ≥6 months by DoD
+3. **One beachhead.** Lead with CMMC only. SOC 2 and HIPAA are upsells.
+4. **Revenue before polish.** If a feature doesn't close Jordan, it waits.
 
 ---
 
 ## Design System
 
-Landing = light mode. Dashboard = dark mode. Both coexist via `html.dark` class toggle.
-
-**Landing (light):**
-- Body bg: `#ffffff` / `#f0f4f8` (slate-50)
-- Primary text: `#0f172a` (slate-900) · Secondary: `#475569` (slate-600)
-- Brand accent: `brand-400` CSS var — never raw `amber-*`, `yellow-*`, `indigo-*`
-- Cards: light glass, `border-slate-200`, white bg
+**Theme: LIGHT default everywhere.** Dark mode = optional inverse via toggle (`.dark` class on `<html>`).
+
+Palette (soft blue + cream pastels):
+- `#81A6C6` Blue — `brand-500` PRIMARY
+- `#AACDDC` Sea — `brand-300`
+- `#F3E3D0` Cream — `cream-100`
+- `#D2C4B4` Beige — `cream-300`
+
+**Landing + Dashboard (light, no `.dark` on `<html>`):**
+- Body bg: `#FBF8F2` (cream-50)
+- Section alt bg: `#F3E3D0` (cream-100, palette Cream)
+- Surface accent: `#D2C4B4` (cream-300, palette Beige)
+- Primary text: `#0f172a` (slate-900)
+- Secondary text: `#475569` (slate-600)
+- Brand text on light bg: `text-brand-700`+ (brand-500 fails WCAG AA on cream)
+- CTA: `bg-brand-500 text-white hover:bg-brand-600`
+- Cards: `bg-white/80` + `border-slate-200`
 - Fonts: `font-editorial` (headers), `font-mono` (metrics)
+- NEVER `amber-*`, `yellow-*`, `orange-*`, `indigo-*` — use `brand-*` (blue)
 
-**Dashboard (dark, `.dark` on wrapper):**
-- Background: `#07070b` (home), `#0d0d14` (alt sections)
-- Brand gold: `brand-400` — never raw color names
+**Logo:**
+- File: `compliance-firewall-agent/public/houndshield-logo.png` (black doberman + shield)
+- Component: `<Logo />` renders via `next/image`
+- Favicon: same file referenced in `app/layout.tsx`
 
-**Both:**
+**Both modes:**
 - No inline styles (radial-gradient `style` prop OK)
 - Components max 500 lines — split if larger
-- Custom cursor `CursorGlow` on `pointer:fine` — never break it
+- Custom cursor `CursorGlow` on `pointer:fine` — never break it; tint = blue rgba
 
 ---
 
@@ -235,6 +115,5 @@ Landing = light mode. Dashboard = dark mode. Both coexist via `html.dark` class
 - `transformStyle: "preserve-3d"` + Framer Motion `motion.div` = crash.
 - HMR error: `rm -rf .next` then restart.
 - Never `git push origin main`. Never `vercel --prod` without explicit approval.
-- Never claim CUI-safety for Mode A (Vercel-hosted endpoint).
 
 → Stack details: `.claude/rules/stack.md` · API rules: `.claude/rules/api.md`

compliance-firewall-agent/app/agents/page.tsx

@@ -343,7 +343,7 @@ export default function AgentsPage() {
     amber: { bg: "bg-brand-500/5", border: "border-brand-500/30", text: "text-brand-400", iconBg: "bg-brand-500/10 border-brand-500/20" },
     rose: { bg: "bg-rose-500/5", border: "border-rose-500/30", text: "text-rose-400", iconBg: "bg-rose-500/10 border-rose-500/20" },
     cyan: { bg: "bg-cyan-500/5", border: "border-cyan-500/30", text: "text-cyan-400", iconBg: "bg-cyan-500/10 border-cyan-500/20" },
-    orange: { bg: "bg-orange-500/5", border: "border-orange-500/30", text: "text-orange-400", iconBg: "bg-orange-500/10 border-orange-500/20" },
+    orange: { bg: "bg-brand-500/5", border: "border-brand-500/30", text: "text-brand-400", iconBg: "bg-brand-500/10 border-brand-500/20" },
     teal: { bg: "bg-teal-500/5", border: "border-teal-500/30", text: "text-teal-400", iconBg: "bg-teal-500/10 border-teal-500/20" },
     indigo: { bg: "bg-brand-500/5", border: "border-brand-500/30", text: "text-brand-400", iconBg: "bg-brand-500/10 border-brand-500/20" },
   };

compliance-firewall-agent/app/command-center/agents/page.tsx

@@ -43,7 +43,7 @@ const EDGES: SimEdge[] = [
 ];
 
 const STATUS_ICON: Record<string, React.ComponentType<{ className?: string }>> = { idle: Clock, thinking: Brain, interacting: Zap };
-const STATUS_COLOR: Record<string, string> = { idle: "text-slate-400", thinking: "text-amber-400", interacting: "text-brand-400" };
+const STATUS_COLOR: Record<string, string> = { idle: "text-slate-400", thinking: "text-brand-400", interacting: "text-brand-400" };
 
 export default function AgentsPage() {
   const [selectedGroup, setSelectedGroup] = useState<string | null>(null);
@@ -69,7 +69,7 @@ export default function AgentsPage() {
         {[
           { label: "Active", value: activeCount, icon: Activity, color: "text-brand-400" },
           { label: "Interacting", value: interactingCount, icon: Zap, color: "text-brand-400" },
-          { label: "Thinking", value: thinkingCount, icon: Brain, color: "text-amber-400" },
+          { label: "Thinking", value: thinkingCount, icon: Brain, color: "text-brand-400" },
         ].map(({ label, value, icon: Icon, color }) => (
           <div key={label} className="flex items-center gap-2.5 p-3 rounded-xl bg-white/[0.03] border border-white/[0.06]">
             <Icon className={`w-4 h-4 ${color} flex-shrink-0`} />

compliance-firewall-agent/app/command-center/rules/page.tsx

@@ -211,14 +211,14 @@ const PREDEFINED_PATTERNS: { label: string; category: RuleCategory; pattern: str
 
 const RISK_COLORS: Record<RiskLevel, string> = {
   LOW: "text-sky-400 bg-sky-400/10 border-sky-400/20",
-  MEDIUM: "text-amber-400 bg-amber-400/10 border-amber-400/20",
-  HIGH: "text-orange-400 bg-orange-400/10 border-orange-400/20",
+  MEDIUM: "text-brand-400 bg-brand-400/10 border-brand-400/20",
+  HIGH: "text-brand-400 bg-brand-400/10 border-brand-400/20",
   CRITICAL: "text-red-400 bg-red-400/10 border-red-400/20",
 };
 
 const ACTION_COLORS: Record<RuleAction, string> = {
   ALLOW: "text-emerald-400 bg-emerald-400/10 border-emerald-400/20",
-  WARN: "text-yellow-400 bg-yellow-400/10 border-yellow-400/20",
+  WARN: "text-brand-400 bg-brand-400/10 border-brand-400/20",
   BLOCK: "text-red-400 bg-red-400/10 border-red-400/20",
   QUARANTINE: "text-brand-400 bg-brand-400/10 border-brand-400/20",
 };