Human label for an approval mode atom.

Future-tense operator copy describing the approval gate — D-12 honesty seam.

Returns:

• nil for :auto (no gate to describe)
• String for :requires_approval (gate exists — future-tense)
• String for :always_block (terminal — "cannot be approved or run")

Present-tense operator copy for an active approval record (D15-16 real copy).

Takes a %ToolApproval{} struct or a map with a :status key (and optionally :reason). Returns a calm, present-tense string for operators — or nil for unknown states.

Replaces the future-tense approval_outlook/1 honesty seam when an active approval exists. Never re-reads live config (brand §5.3/§5.6 reason-forward, no raw terms).

Returns operator copy explaining why a proposal was blocked, or nil/empty for non-blocked.

Human-readable relative timestamp for an event datetime.

Returns a human-readable line for a ToolActionEvent.

Catch-all → "Workflow updated" for any unrecognized event_type (D-24).

Converts an input_snapshot map to a list of {label, value} display rows.

MASKING RULES (D-22):

• Iterates ALL keys (both atom and string-keyed JSONB snapshots are supported)
• Scalar values (string, number, boolean) are humanized and displayed
• Lists of scalars are joined with ", "
• Nested maps, tuples, and other complex values → "Unsupported value" sentinel
• Sensitive field names (containing "password", "token", "secret", "key") → "••••••"
• Never dumps raw nested structures to operators

Returns a calm one-sentence explanation from the policy_snapshot.

Uses dual-key lookup (atom + string) to survive the JSONB string-key round-trip (mirrors ReviewTaskPresenter.metadata_value/2). Raw map is NOT returned — only a humanized sentence. (D-14 / brand §5.6)

Humanizes a reason value — never passes raw inspect output to operators (D-14).

Handles:

• nil → nil
• → "Missing scopes: scope1, scope2"
• known atom → human-readable label from @reason_labels
• unknown atom → humanize via capitalize-and-replace
• string → pass through
• any tuple → generic human fallback (no raw inspect)

Human label for a risk tier atom.

Semantic tone for the risk tier — returns an atom only (brand §7.5 / D-13). LiveView MUST pair this with a text label — never rely on color alone.

:info — :read_only (low risk, informational) :warning — :low_write (moderate risk) :danger — :high_write, :destructive (high risk)

Human summary of required scopes from a scope_snapshot map.

Groups proposal status into display buckets.

• :awaiting — :proposed, :needs_input (action needed but not yet blocked)
• :blocked — :scope_invalid, :policy_denied (terminal blocked state in Phase 14)
• :active — declared for future Phase 15/16 running/approved states (unreachable now)
• :done — declared for future completed/executed states (unreachable now)

Human label for the status group.

Human label for a proposal status atom or ToolProposal struct.

Status meaning — one calm sentence explaining what this state means for operators.

Returns a map of de-emphasized trace fields for a proposal. Safe for display; all values are strings. Shows a short idempotency key suffix.