From 0f32d5b0795e2eba4aee93cba28a33eee23656d5 Mon Sep 17 00:00:00 2001
From: rcourtman <courtmanr@gmail.com>
Date: Tue, 24 Mar 2026 15:42:22 +0000
Subject: [PATCH] Align auth restart guidance with managed dev runtime

---
 .../v6/internal/subsystems/security-privacy.md               | 5 +++++
 .../src/utils/__tests__/securityAuthPresentation.test.ts     | 4 ++--
 frontend-modern/src/utils/securityAuthPresentation.ts        | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/docs/release-control/v6/internal/subsystems/security-privacy.md b/docs/release-control/v6/internal/subsystems/security-privacy.md
index b95884573..13ee5ff27 100644
--- a/docs/release-control/v6/internal/subsystems/security-privacy.md
+++ b/docs/release-control/v6/internal/subsystems/security-privacy.md
@@ -258,6 +258,11 @@ of allowing plaintext licensing state to remain on the runtime primary path.
 That same shared token-settings boundary must stay under explicit proof routing
 on both sides: `frontend-modern/src/components/Settings/APITokenManager.tsx`,
 `frontend-modern/src/components/Settings/apiTokenManagerModel.ts`, and
+That same security settings presentation boundary also owns deployment-specific
+restart guidance after auth changes. When `securityAuthPresentation.ts`
+describes the development deployment, it must point at the canonical managed
+runtime control surface (`npm run dev:restart` from the repo root), not a
+stale `pulse-hot-dev` service name or any lane-local restart folklore.
 `frontend-modern/src/components/Settings/useAPITokenManagerState.ts` must
 continue to carry the direct `security-settings-surfaces` proof path together
 with the API-contract token-management proof instead of borrowing coverage only
diff --git a/frontend-modern/src/utils/__tests__/securityAuthPresentation.test.ts b/frontend-modern/src/utils/__tests__/securityAuthPresentation.test.ts
index 47e327b18..fdf3b85ef 100644
--- a/frontend-modern/src/utils/__tests__/securityAuthPresentation.test.ts
+++ b/frontend-modern/src/utils/__tests__/securityAuthPresentation.test.ts
@@ -36,8 +36,8 @@ describe('securityAuthPresentation', () => {
       command: 'systemctl restart pulse',
     });
     expect(getSecurityAuthRestartInstruction('development')).toEqual({
-      label: 'Restart the development server:',
-      command: 'sudo systemctl restart pulse-hot-dev',
+      label: 'Restart the managed development runtime from the repo root:',
+      command: 'npm run dev:restart',
     });
     expect(getSecurityAuthRestartInstruction()).toEqual({
       label: 'Restart Pulse using your deployment method',
diff --git a/frontend-modern/src/utils/securityAuthPresentation.ts b/frontend-modern/src/utils/securityAuthPresentation.ts
index 5d864ff3a..a9de9fa1f 100644
--- a/frontend-modern/src/utils/securityAuthPresentation.ts
+++ b/frontend-modern/src/utils/securityAuthPresentation.ts
@@ -45,8 +45,8 @@ export function getSecurityAuthRestartInstruction(
       };
     case 'development':
       return {
-        label: 'Restart the development server:',
-        command: 'sudo systemctl restart pulse-hot-dev',
+        label: 'Restart the managed development runtime from the repo root:',
+        command: 'npm run dev:restart',
       };
     default:
       return {