add legal page, update CMO to hybrid manual-review mode

Legal page at /legal — combined privacy policy and terms of service.
Zero data collection philosophy: no analytics, no cookies, no tracking.
Required by X Developer Console for app registration.

CMO pipeline updated from roots-only to hybrid model: root posts
auto-scheduled, reply/quote candidates generated for manual review
and manual execution only. Updated operating policy, implementation
plan (D4 revised), and README.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ccross2

ops/cmo-automation/README.md

@@ -15,7 +15,10 @@ What this does today
 6) Build execution report from approved actions (dry-run default)
 
 Current mode
-- Scheduled root posts only. No automated replies or quotes.
+- Hybrid: root posts auto-scheduled, reply/quote candidates generated for manual review.
+- Root posts execute via cron (daily-post.js for @sovren_software) or manual x-cli.
+- Reply/quote candidates are generated and hydrated by the pipeline but never auto-executed.
+  Review cmo-hydrated-queue.md, then run approved x-cli commands manually.
 - @mrhaven_agent was removed after X suspension for inauthentic behavior (2026-04-03).
 - API credentials are per-account (X_FOUNDER_* for @TheCesarCross, X_SOVREN_* for @sovren_software).
 - See reports/CMO-AUTOMATION-IMPLEMENTATION-PLAN.md Phase 7 for full decision log.

ops/cmo-automation/config/operating_policy.json

@@ -9,8 +9,12 @@
     "short_generic_reply_share_max_pct": 30
   },
   "automation": {
-    "mode": "hybrid-autonomous",
-    "founder_autonomy": "autonomous_with_posthoc_audit",
+    "mode": "hybrid-manual-review",
+    "execution_model": "roots_auto_replies_manual",
+    "root_posts": "auto_scheduled",
+    "reply_candidates": "generated_for_manual_review",
+    "quote_candidates": "generated_for_manual_review",
+    "live_execution": "never_automatic",
     "dry_run_default": true
   },
   "account_strategy": {

ops/cmo-automation/reports/CMO-AUTOMATION-IMPLEMENTATION-PLAN.md

@@ -216,14 +216,17 @@ D3. Per-account access tokens with unified app credentials
 - Expected benefit: eliminates single-token-for-all-accounts pattern that contributed to
   coordinated behavior detection. Each account's posting is independently authenticated.
 
-D4. Scheduled roots only — no automated replies or quotes
+D4. Hybrid model — roots auto-scheduled, replies/quotes manual-review only
 - Rationale: the 13 consecutive 403 failures on quote attempts were the primary trigger
-  signal. Reply/quote automation on accounts without organic conversation participation
-  is inherently risky under X's authenticity rules.
-- Trade-off: reduced engagement volume and reach. No automated discovery of new audiences
-  through reply threads.
-- Expected benefit: eliminates the engagement pattern that caused the suspension. Root-post
-  scheduling is the safest automation mode under X's rules.
+  signal. Fully automated reply/quote posting is too risky. But the pipeline's candidate
+  generation and hydration are still valuable for surfacing engagement opportunities.
+  Human-in-the-loop on all engagement actions eliminates the automation detection risk
+  while preserving reach.
+- Trade-off: slower engagement cadence (manual review bottleneck). Founder must review
+  cmo-hydrated-queue.md each cycle and run approved x-cli commands individually.
+- Expected benefit: maintains engagement volume at human quality. The founder is the
+  circuit breaker — no risk of automated 403 cascades or template-fingerprinted replies.
+  Free tier API limits (1,500 writes/month, 10K reads/month) are sufficient.
 
 Implemented changes
 - secrets.env: removed dead mrhaven_agent credentials, added 7-variable per-account structure
@@ -250,9 +253,9 @@ Drawbacks and known limitations
 - The hydration layer still produces templated replies with "Specific to [keyword salad]"
   suffixes. This copy quality issue predates the restructure and needs a generator rewrite
   before reply automation could safely resume.
-- No circuit breaker in execute_approved_queue.py — if reply automation is re-enabled in
-  the future, the script should abort after N consecutive failures to avoid triggering
-  platform detection.
+- No circuit breaker in execute_approved_queue.py — manual execution mitigates this, but
+  if automated execution is ever re-enabled, the script should abort after N consecutive
+  failures to avoid triggering platform detection.
 - X Premium subscription on @mrhaven_agent must be cancelled manually (via App Store,
   Google Play, or X support depending on how it was purchased).
 
@@ -262,3 +265,5 @@ Remaining work to fully complete this phase
 3. Update 4 GitHub Actions secrets in sovren-software repo settings
 4. Run direnv reload, then verify: x-cli -j user get TheCesarCross
 5. Cancel @mrhaven_agent X Premium subscription
+6. Fix "Specific to [keyword salad]" suffix in hydration generator — blocks reply quality
+7. Add quote eligibility preflight check before including candidates in hydrated queue

src/routes/+layout.svelte

@@ -53,6 +53,7 @@
         <div class="footer-col">
           <span class="col-label">// COMPANY</span>
           <a href="/ecosystem">CODEX</a>
+          <a href="/legal">LEGAL</a>
           <a href="mailto:hello@sovren.software">CONTACT</a>
         </div>
         <div class="footer-col">

src/routes/legal/+page.svelte

@@ -0,0 +1,158 @@
+<svelte:head>
+  <title>Legal — Sovren Software</title>
+  <meta name="description" content="Privacy policy and terms of service for Sovren Software. Zero data collection. No tracking. No telemetry." />
+  <link rel="canonical" href="https://sovren.software/legal" />
+  <meta property="og:title" content="Legal — Sovren Software" />
+  <meta property="og:description" content="Privacy policy and terms of service. Zero data collection. No tracking." />
+  <meta property="og:url" content="https://sovren.software/legal" />
+  <meta name="twitter:title" content="Legal — Sovren Software" />
+  <meta name="twitter:description" content="Privacy policy and terms of service. Zero data collection. No tracking." />
+</svelte:head>
+
+<section class="legal-hero">
+  <span class="category-rule">// LEGAL</span>
+  <h1>PRIVACY &amp; TERMS.</h1>
+  <p class="tagline">Last updated April 3, 2026</p>
+</section>
+
+<section class="legal-content">
+
+  <div class="legal-block">
+    <h2>// PRIVACY POLICY</h2>
+
+    <h3>The short version</h3>
+    <p>We do not collect, store, process, sell, or share your personal data. There is no tracking. There is no telemetry. There are no analytics scripts on this website. There are no cookies.</p>
+
+    <h3>What we collect</h3>
+    <p>Nothing. This website is a static site served via GitHub Pages and Cloudflare. We do not run analytics, pixel trackers, session recorders, or fingerprinting scripts. We do not use cookies. We do not embed third-party scripts that collect data on our behalf.</p>
+
+    <h3>Email collection</h3>
+    <p>If you voluntarily submit your email address through our launch notification form, it is stored by Brevo (formerly Sendinblue), our email delivery provider, solely for the purpose of sending you the notification you requested. We do not share this list with anyone. You can unsubscribe at any time via the link in any email.</p>
+
+    <h3>Product philosophy</h3>
+    <p>Our products are designed to operate entirely on hardware you own. Esver OS runs local inference with no cloud telemetry. Visage performs biometric authentication on-device with encrypted embeddings that never leave your machine. Mr. Haven operates through non-custodial smart contracts where you hold the keys. This privacy policy reflects the same principle applied to our website: your data stays with you because we never ask for it.</p>
+
+    <h3>Server logs</h3>
+    <p>Our hosting providers (GitHub Pages, Cloudflare) may collect standard server access logs (IP address, timestamp, page requested) as part of their infrastructure. We do not access, analyze, or retain these logs. Refer to <a href="https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" target="_blank" rel="noreferrer">GitHub's privacy statement</a> and <a href="https://www.cloudflare.com/privacypolicy/" target="_blank" rel="noreferrer">Cloudflare's privacy policy</a> for their respective data handling practices.</p>
+
+    <h3>Third-party services</h3>
+    <p>This site does not use Google Analytics, Facebook Pixel, Hotjar, Intercom, or any equivalent. The only third-party integration is the Brevo email form, which loads only on the Esver OS page when you interact with it.</p>
+
+    <h3>Children</h3>
+    <p>We do not knowingly collect data from anyone, including children under 13.</p>
+
+    <h3>Changes</h3>
+    <p>If this policy changes, the "last updated" date at the top of this page will reflect it. We will not introduce tracking or data collection without updating this policy first.</p>
+
+    <h3>Contact</h3>
+    <p>Questions about this policy: <a href="mailto:hello@sovren.software">hello@sovren.software</a></p>
+  </div>
+
+  <div class="legal-rule"></div>
+
+  <div class="legal-block">
+    <h2>// TERMS OF SERVICE</h2>
+
+    <h3>Acceptance</h3>
+    <p>By accessing sovren.software, you agree to these terms. If you do not agree, do not use the site.</p>
+
+    <h3>What this site is</h3>
+    <p>This is an informational website for Sovren Software and its products (Esver OS, Visage, Mr. Haven). Content is provided for informational purposes. Product specifications, timelines, and capabilities described on this site reflect current development status and may change.</p>
+
+    <h3>Intellectual property</h3>
+    <p>All content, design, code, and branding on this site is the property of Sovren Software unless otherwise noted. The Sovren name, hexagonal knot mark, and product names (Esver, Visage) are trademarks of Sovren Software. Open-source components are governed by their respective licenses (MIT, Apache 2.0) as indicated in their repositories.</p>
+
+    <h3>No warranty</h3>
+    <p>This site and its content are provided "as is" without warranty of any kind. We do not guarantee uninterrupted availability, accuracy of all content, or fitness for any particular purpose.</p>
+
+    <h3>Limitation of liability</h3>
+    <p>Sovren Software is not liable for any damages arising from your use of this site or reliance on its content. This includes but is not limited to direct, indirect, incidental, or consequential damages.</p>
+
+    <h3>Product-specific terms</h3>
+    <p>Individual products have their own terms. Mr. Haven smart contracts operate on Base L2 and are governed by their on-chain behavior. Esver OS is distributed under its own license. These product-level terms supersede this page where applicable.</p>
+
+    <h3>Governing law</h3>
+    <p>These terms are governed by the laws of the State of Wyoming, United States.</p>
+
+    <h3>Contact</h3>
+    <p>Questions about these terms: <a href="mailto:hello@sovren.software">hello@sovren.software</a></p>
+  </div>
+
+</section>
+
+<style>
+  .legal-hero {
+    padding: var(--pad-hero);
+    max-width: var(--max-w);
+    margin: 0 auto;
+  }
+
+  .category-rule {
+    display: block;
+    font-size: var(--fs-label-sm);
+    letter-spacing: var(--ls-ultra);
+    text-transform: uppercase;
+    color: var(--text-muted);
+    margin-bottom: var(--space-lg);
+  }
+
+  .legal-hero h1 {
+    font-size: clamp(2.5rem, 6vw, 5rem);
+    font-weight: var(--fw-bold);
+    line-height: var(--lh-tight);
+    letter-spacing: var(--ls-tight);
+    color: var(--text-primary);
+    margin: 0;
+  }
+
+  .tagline {
+    font-size: var(--fs-body-sm);
+    color: var(--text-secondary);
+    margin-top: var(--space-md);
+  }
+
+  .legal-content {
+    padding: var(--pad-section);
+    max-width: var(--max-w-prose);
+    margin: 0 auto;
+  }
+
+  .legal-block h2 {
+    font-size: var(--fs-label-sm);
+    letter-spacing: var(--ls-ultra);
+    text-transform: uppercase;
+    color: var(--text-muted);
+    margin-bottom: var(--space-xl);
+    padding-bottom: var(--space-sm);
+    border-bottom: var(--panel-border);
+  }
+
+  .legal-block h3 {
+    font-size: var(--fs-body);
+    font-weight: var(--fw-semibold);
+    color: var(--text-primary);
+    margin-top: var(--space-xl);
+    margin-bottom: var(--space-sm);
+  }
+
+  .legal-block p {
+    font-size: var(--fs-body-sm);
+    line-height: var(--lh-relaxed);
+    color: var(--text-secondary);
+    margin-bottom: var(--space-lg);
+  }
+
+  .legal-block a {
+    color: var(--accent);
+    text-decoration: none;
+  }
+
+  .legal-block a:hover {
+    text-decoration: underline;
+  }
+
+  .legal-rule {
+    border-top: var(--panel-border);
+    margin: var(--space-5xl) 0;
+  }
+</style>

static/sitemap.xml

@@ -30,4 +30,10 @@
     <changefreq>monthly</changefreq>
     <priority>0.8</priority>
   </url>
+  <url>
+    <loc>https://sovren.software/legal</loc>
+    <lastmod>2026-04-03</lastmod>
+    <changefreq>yearly</changefreq>
+    <priority>0.3</priority>
+  </url>
 </urlset>