Web: connect-time auto-distribution at agent pairing (#207 follow-up)

[hanwencheng]

Context

#207 landed the classifier substrate (worker + CapOp::Classify + catalog), the master-side onboarding (1A default-preset taxonomy init, now wired into the web onboarding flow), and the auto-distribution mechanism end to end:

• daemon POST /v1/master/classify/tag (cred auto-categorize), POST /v1/master/classify/propose (classify an agent's surface → scopes tiered auto/k11 by catalog sensitivity), POST /v1/actors/:id/scope/grant (record a confirmed grant);
• the AutoDistributePanel in apps/parent-control actor-detail.

But today auto-distribution is a MANUAL button ("▷ classify agent surface") in the actor detail. The web onboarding flow was wired up to the point of connecting an agent.

The remaining web-side work — connect-time auto-distribution at pairing

Wire auto-distribution into the agent pairing ceremony so it happens at connect time (spec onboarding-classifier-distribution.md §1 step 3: "agent connect → vendor-default classifier → auto-distribution"), not as a separate manual step:

• Trigger proposeScopes automatically at pairing completion — the pairing ceremony (apps/parent-control/app/_components/pairing.tsx + the daemon pairing handlers) fires the classify → propose for the newly-paired agent's surface (its cred services + the master's inheritable namespaces).
• Surface the propose → confirm tiering as a pairing step — safe categories auto-confirm into the daily review; sensitive (payments, access-control, health, finance, credentials) require an explicit per-grant Touch ID. Batch a reviewed set into one gesture.
• Vendor-default classifier / taxonomy at connect (R2) — consume the agent vendor's signed catalog overlay as a prior (the agentkeys-catalog crate already supports signed vendor overlays bounded by the sensitivity floor); the connect flow should load it and propose accordingly.
• Per-namespace inheritance pick UX (R3 / item 8) — the agent inherits the master's memory namespaces; the master curates per-namespace; sensitive namespaces are an explicit pick; the agent reads under its own cap.
• (Optional follow-up) live on-chain setScope on confirm — today a confirmed grant is recorded in daemon actor state + audited (the same posture as update_scope; the ui-bridge owns the scope view). Wiring confirm → a real AgentKeysScope.setScope tx (daemon → heima-scope-set.sh, mirroring the K11-finish register shell-out) is a deliberate posture change worth its own scoping.

Already landed (the substrate this builds on)

• classifier worker agentkeys-worker-classify (compute gate) + CapOp::Classify + /v1/cap/classify;
• agentkeys-catalog (entity→category + sensitivity floor + signed vendor overlays);
• daemon classify bridge + /v1/master/classify/{tag,propose} + /v1/actors/:id/scope/grant;
• the AutoDistributePanel (manual) + the onboarding 1A taxonomy-setup step;
• stage-3 demo step 22 (classifier-worker isolation negatives, skip-until-deployed).

Also pending (separate)

• Deploy the classify worker (operator one-shot): setup-cloud.sh (DNS) + setup-broker-host.sh --ref main — lights up the audited TAG path + the live stage-3 step-22 assertion.
• 1B — NL → COMPILE onboarding UI (the worker /v1/classify/compile endpoint exists; no UI yet).

Refs: #207 · spec docs/plan/web-flow/onboarding-classifier-distribution.md §1 + §3.