feat(brain): setup-gbrain trust-policy step + sync-gbrain flags (T5b / T13+T5c)

T5b — setup-gbrain Step 9.5:
  Inserts the brain trust policy AskUserQuestion before the verdict block.
  Detects active endpoint hash via gstack-config endpoint-hash. Branches
  per transport:
    * Local (sha == "local"): auto-set personal, one-line notice
    * Remote-MCP, unset: AskUserQuestion (personal vs shared)
    * Already-set: skip, just print current policy
  Personal default flips artifacts_sync_mode=full when still off.

T13+T5c — sync-gbrain:
  Adds two flag short-circuits:
    --refresh-cache : route to gstack-brain-cache refresh --project <slug>;
                       skip code + memory + brain-sync stages. Replaces
                       the planned /brain-refresh-context skill per D1
                       fold (one fewer always-loaded skill in catalog).
    --audit          : emit gstack-owned page summary + sensitive-content
                       leak check via gstack-brain-cache list. Read-only.
  Step 1 trust policy gate: fires the same AskUserQuestion as setup-gbrain
  Step 9.5 when policy is unset for a remote endpoint. Local engines
  auto-set personal silently. Idempotent for already-set policies.

Both templates re-rendered via bun run gen:skill-docs. Trust policy
question wording centralized in setup-gbrain Step 9.5; sync-gbrain
Step 1 references it to avoid prompt drift.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

setup-gbrain/SKILL.md

@@ -1513,6 +1513,75 @@ and STOP with a NEEDS_CONTEXT escalation.
 
 ---
 
+## Step 9.5: Brain trust policy (v1.48 brain-aware planning, D4 / Phase 1.5)
+
+The brain trust policy controls whether gstack auto-pushes `~/.gstack/`
+artifacts and writes calibration takes back to this brain. It's per-
+endpoint: a user with both a local PGLite (personal) and a team remote
+MCP (shared) gets both policies tracked separately.
+
+Detect the active endpoint hash + current policy:
+
+```bash
+_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
+_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
+echo "ENDPOINT_HASH: $_HASH"
+echo "BRAIN_TRUST_POLICY: $_POLICY"
+```
+
+Branch on transport + current policy:
+
+**If `_POLICY` is `personal` or `shared`:** policy already set. Print
+"Trust policy for this endpoint: $_POLICY" and skip to Step 10.
+
+**If `_POLICY` is `unset` AND `_HASH == "local"`:** auto-set personal
+(local engines are inherently single-tenant). No AskUserQuestion.
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
+echo "Trust policy auto-set to 'personal' for local PGLite (single-tenant by construction)."
+```
+
+**If `_POLICY` is `unset` AND `_HASH != "local"` (remote MCP):** ask the
+trust policy question via AskUserQuestion:
+
+> The brain at this MCP endpoint — is it your personal brain or a
+> shared/team brain?
+>
+> Personal: gstack auto-pushes ~/.gstack/ artifacts (CEO plans, design
+> docs, retros, learnings) and writes calibration takes back as you make
+> decisions. Your brain gets smarter every session. Pick this if you
+> alone set up this brain.
+>
+> Shared/team: read-only by default. gstack reads context but prompts
+> before any write. Safer for brains where your individual takes
+> shouldn't pollute the shared corpus.
+
+Options:
+- A) Personal (recommended for self-hosted remote brains)
+- B) Shared/team
+
+After answer, persist:
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH <personal|shared>
+```
+
+If `personal` was selected AND `artifacts_sync_mode` is still `off`, also
+default it to `full` (D4 auto-push convention):
+
+```bash
+_CURRENT_SYNC=$(~/.claude/skills/gstack/bin/gstack-config get artifacts_sync_mode 2>/dev/null || echo off)
+if [ "$_CURRENT_SYNC" = "off" ]; then
+  ~/.claude/skills/gstack/bin/gstack-config set artifacts_sync_mode full
+  echo "artifacts_sync_mode auto-set to 'full' (personal brain default)."
+fi
+```
+
+Backwards compat: existing users whose `artifacts_sync_mode_prompted` is
+already `true` keep their answer; this gate only fires for new endpoints
+or first-time-after-upgrade users.
+
 ## Step 10: GREEN/YELLOW/RED verdict block (idempotent doctor output)
 
 After Steps 1-9 complete, summarize. Re-running `/setup-gbrain` on a

setup-gbrain/SKILL.md.tmpl

@@ -868,6 +868,75 @@ and STOP with a NEEDS_CONTEXT escalation.
 
 ---
 
+## Step 9.5: Brain trust policy (v1.48 brain-aware planning, D4 / Phase 1.5)
+
+The brain trust policy controls whether gstack auto-pushes `~/.gstack/`
+artifacts and writes calibration takes back to this brain. It's per-
+endpoint: a user with both a local PGLite (personal) and a team remote
+MCP (shared) gets both policies tracked separately.
+
+Detect the active endpoint hash + current policy:
+
+```bash
+_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
+_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
+echo "ENDPOINT_HASH: $_HASH"
+echo "BRAIN_TRUST_POLICY: $_POLICY"
+```
+
+Branch on transport + current policy:
+
+**If `_POLICY` is `personal` or `shared`:** policy already set. Print
+"Trust policy for this endpoint: $_POLICY" and skip to Step 10.
+
+**If `_POLICY` is `unset` AND `_HASH == "local"`:** auto-set personal
+(local engines are inherently single-tenant). No AskUserQuestion.
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
+echo "Trust policy auto-set to 'personal' for local PGLite (single-tenant by construction)."
+```
+
+**If `_POLICY` is `unset` AND `_HASH != "local"` (remote MCP):** ask the
+trust policy question via AskUserQuestion:
+
+> The brain at this MCP endpoint — is it your personal brain or a
+> shared/team brain?
+>
+> Personal: gstack auto-pushes ~/.gstack/ artifacts (CEO plans, design
+> docs, retros, learnings) and writes calibration takes back as you make
+> decisions. Your brain gets smarter every session. Pick this if you
+> alone set up this brain.
+>
+> Shared/team: read-only by default. gstack reads context but prompts
+> before any write. Safer for brains where your individual takes
+> shouldn't pollute the shared corpus.
+
+Options:
+- A) Personal (recommended for self-hosted remote brains)
+- B) Shared/team
+
+After answer, persist:
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH <personal|shared>
+```
+
+If `personal` was selected AND `artifacts_sync_mode` is still `off`, also
+default it to `full` (D4 auto-push convention):
+
+```bash
+_CURRENT_SYNC=$(~/.claude/skills/gstack/bin/gstack-config get artifacts_sync_mode 2>/dev/null || echo off)
+if [ "$_CURRENT_SYNC" = "off" ]; then
+  ~/.claude/skills/gstack/bin/gstack-config set artifacts_sync_mode full
+  echo "artifacts_sync_mode auto-set to 'full' (personal brain default)."
+fi
+```
+
+Backwards compat: existing users whose `artifacts_sync_mode_prompted` is
+already `true` keep their answer; this gate only fires for new endpoints
+or first-time-after-upgrade users.
+
 ## Step 10: GREEN/YELLOW/RED verdict block (idempotent doctor output)
 
 After Steps 1-9 complete, summarize. Re-running `/setup-gbrain` on a

sync-gbrain/SKILL.md

@@ -697,10 +697,25 @@ the skill itself, not a dispatcher binary):
 - `/sync-gbrain --dry-run` — preview what would sync; no writes anywhere
 - `/sync-gbrain --no-memory` / `--no-brain-sync` — selectively skip stages
 - `/sync-gbrain --quiet` — suppress per-stage output
+- `/sync-gbrain --refresh-cache` — force-rebuild brain-aware planning cache (v1.48; replaces /brain-refresh-context per D1 fold). Skips code + memory stages; routes to `gstack-brain-cache refresh --project <slug>`.
+- `/sync-gbrain --audit` — emit summary of gstack-owned pages per project + sensitive-content audit (v1.48 / D10 lifecycle). Read-only.
 
 Pass-through args go straight to the orchestrator at
 `~/.claude/skills/gstack/bin/gstack-gbrain-sync.ts`.
 
+**`--refresh-cache` short-circuit:** when this flag is present, the skill
+runs ONLY the cache refresh (`gstack-brain-cache refresh --project <slug>`
+for the current worktree's slug, plus a cross-project refresh of
+user-profile if `gstack/user-profile/<user-slug>` exists). Code +
+memory + brain-sync stages are skipped. Useful when the user knows the
+brain has new info gstack should pick up before the next planning skill.
+
+**`--audit` short-circuit:** when this flag is present, the skill runs
+`gstack-brain-cache list --project <slug> --json`, summarizes by page
+type, then scans for any cached salience entries that ended up outside
+the SALIENCE_DEFAULT_ALLOWLIST (T17 / D9 leak check). Read-only; no
+modifications to brain or cache.
+
 ---
 
 ## Step 1: State probe
@@ -711,6 +726,29 @@ Before doing anything, check that /setup-gbrain has been run on this Mac.
 ~/.claude/skills/gstack/bin/gstack-gbrain-detect 2>/dev/null
 ```
 
+**Brain trust policy gate (v1.48 / Phase 1.5 / D4 — added by T13+T5c):**
+If `gbrain_mcp_mode == "remote-http"` from the detect output AND the per-
+endpoint policy is `unset`, the policy question MUST fire here before
+the orchestrator runs. Local engines auto-set to `personal` silently per
+the per-transport default table.
+
+```bash
+_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
+_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
+echo "BRAIN_TRUST_POLICY[$_HASH]: $_POLICY"
+```
+
+If `_POLICY == "unset"` AND `_HASH != "local"`, AskUserQuestion per the
+Step 9.5 wording in `/setup-gbrain` (personal vs shared, with persistence
+to `brain_trust_policy@<hash>` and conditional `artifacts_sync_mode=full`
+flip for personal). Then continue.
+
+If `_POLICY == "unset"` AND `_HASH == "local"`, auto-set personal:
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
+```
+
 **Split-engine model (v1.34.0.0+).** Code stage runs locally against the
 per-machine gbrain engine (PGLite or whatever `gbrain config` points to),
 with each worktree of a repo registered as its own source. **Memory stage

sync-gbrain/SKILL.md.tmpl

@@ -52,10 +52,25 @@ the skill itself, not a dispatcher binary):
 - `/sync-gbrain --dry-run` — preview what would sync; no writes anywhere
 - `/sync-gbrain --no-memory` / `--no-brain-sync` — selectively skip stages
 - `/sync-gbrain --quiet` — suppress per-stage output
+- `/sync-gbrain --refresh-cache` — force-rebuild brain-aware planning cache (v1.48; replaces /brain-refresh-context per D1 fold). Skips code + memory stages; routes to `gstack-brain-cache refresh --project <slug>`.
+- `/sync-gbrain --audit` — emit summary of gstack-owned pages per project + sensitive-content audit (v1.48 / D10 lifecycle). Read-only.
 
 Pass-through args go straight to the orchestrator at
 `{{BIN_DIR}}/gstack-gbrain-sync.ts`.
 
+**`--refresh-cache` short-circuit:** when this flag is present, the skill
+runs ONLY the cache refresh (`gstack-brain-cache refresh --project <slug>`
+for the current worktree's slug, plus a cross-project refresh of
+user-profile if `gstack/user-profile/<user-slug>` exists). Code +
+memory + brain-sync stages are skipped. Useful when the user knows the
+brain has new info gstack should pick up before the next planning skill.
+
+**`--audit` short-circuit:** when this flag is present, the skill runs
+`gstack-brain-cache list --project <slug> --json`, summarizes by page
+type, then scans for any cached salience entries that ended up outside
+the SALIENCE_DEFAULT_ALLOWLIST (T17 / D9 leak check). Read-only; no
+modifications to brain or cache.
+
 ---
 
 ## Step 1: State probe
@@ -66,6 +81,29 @@ Before doing anything, check that /setup-gbrain has been run on this Mac.
 ~/.claude/skills/gstack/bin/gstack-gbrain-detect 2>/dev/null
 ```
 
+**Brain trust policy gate (v1.48 / Phase 1.5 / D4 — added by T13+T5c):**
+If `gbrain_mcp_mode == "remote-http"` from the detect output AND the per-
+endpoint policy is `unset`, the policy question MUST fire here before
+the orchestrator runs. Local engines auto-set to `personal` silently per
+the per-transport default table.
+
+```bash
+_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
+_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
+echo "BRAIN_TRUST_POLICY[$_HASH]: $_POLICY"
+```
+
+If `_POLICY == "unset"` AND `_HASH != "local"`, AskUserQuestion per the
+Step 9.5 wording in `/setup-gbrain` (personal vs shared, with persistence
+to `brain_trust_policy@<hash>` and conditional `artifacts_sync_mode=full`
+flip for personal). Then continue.
+
+If `_POLICY == "unset"` AND `_HASH == "local"`, auto-set personal:
+
+```bash
+~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
+```
+
 **Split-engine model (v1.34.0.0+).** Code stage runs locally against the
 per-machine gbrain engine (PGLite or whatever `gbrain config` points to),
 with each worktree of a repo registered as its own source. **Memory stage