refactor: rename to to better reflect meaning

2026-04-19 13:35:18 +02:00
parent fd25de32a1
commit a1c3ffd2d1
58 changed files with 437 additions and 437 deletions
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -9,7 +9,7 @@ Arbiter is a permissioned signing service for cryptocurrency wallets. It runs as

 Arbiter distinguishes two kinds of peers:

- **User Agent** — A client application used by the owner to manage the vault (create wallets, approve SDK clients, configure policies).
+- **Operator** — A client application used by the owner to manage the vault (create wallets, approve SDK clients, configure policies).
 - **SDK Client** — A consumer of signing capabilities, typically an automation tool. In the future, this could include a browser-based wallet.
 - **Recovery Operator** — A dormant recovery participant with narrowly scoped authority used only for custody recovery and operator replacement.

@@ -30,24 +30,24 @@ All peers authenticate via public-key cryptography using a challenge-response pr

 Authentication challenges are per-connection, ephemeral values. They are not persisted in the peer tables, and peer records store no challenge state.

-### 2.2 User Agent Bootstrap
+### 2.2 Operator Bootstrap

-On first run — when no User Agents are registered — the server generates a one-time bootstrap token. It is made available in two ways:
+On first run — when no Operators are registered — the server generates a one-time bootstrap token. It is made available in two ways:

- **Local setup:** Written to `~/.arbiter/bootstrap_token` for automatic discovery by a co-located User Agent.
+- **Local setup:** Written to `~/.arbiter/bootstrap_token` for automatic discovery by a co-located Operator.
 - **Remote setup:** Printed to the server's console output.

-The first User Agent must present this token alongside the standard challenge-response to complete registration.
+The first Operator must present this token alongside the standard challenge-response to complete registration.

 ### 2.3 SDK Client Registration

-There is no bootstrap mechanism for SDK clients. They must be explicitly approved by an already-registered User Agent.
+There is no bootstrap mechanism for SDK clients. They must be explicitly approved by an already-registered Operator.

 ---

 ## 3. Multi-Operator Governance

-When more than one User Agent is registered, the vault is treated as having multiple operators. In that mode, sensitive actions are governed by voting rather than by a single operator decision.
+When more than one Operator is registered, the vault is treated as having multiple operators. In that mode, sensitive actions are governed by voting rather than by a single operator decision.

 ### 3.1 Voting Rules

@@ -165,13 +165,13 @@ In both cases, committee formation is a coordinated process. Arbiter does not al

 When an unbootstrapped vault is initialized as a multi-operator vault, the setup proceeds as follows:

-1. An operator connects to the unbootstrapped vault using a User Agent and the bootstrap token.
+1. An operator connects to the unbootstrapped vault using an Operator and the bootstrap token.
 2. During bootstrap setup, that operator declares:
   - the total number of ordinary operators
   - the total number of Recovery Operators
 3. The vault enters **multi-bootstrap mode**.
 4. While in multi-bootstrap mode:
-   - every ordinary operator must connect with a User Agent using the bootstrap token
+   - every ordinary operator must connect with an Operator using the bootstrap token
   - every Recovery Operator must also connect using the bootstrap token
   - each participant is registered individually
   - each participant's share is created and protected with that participant's credentials
@@ -193,8 +193,8 @@ The server proves its identity using TLS with a self-signed certificate. The TLS

 Peers verify the server by its **public key fingerprint**:

- **User Agent (local):** Receives the fingerprint automatically through the bootstrap token.
- **User Agent (remote) / SDK Client:** Must receive the fingerprint out-of-band.
+- **Operator (local):** Receives the fingerprint automatically through the bootstrap token.
+- **Operator (remote) / SDK Client:** Must receive the fingerprint out-of-band.

 > A streamlined setup mechanism using a single connection string is planned but not yet implemented.

@@ -231,11 +231,11 @@ On boot, the root key is encrypted and the server cannot perform any signing ope

 ### 6.2 Unseal Flow

-To transition to the **Unsealed** state, a User Agent must provide the password:
+To transition to the **Unsealed** state, an Operator must provide the password:

-1. The User Agent initiates an unseal request.
+1. The Operator initiates an unseal request.
 2. The server generates a one-time key pair and returns the public key.
-3. The User Agent encrypts the user's password with this one-time public key and sends the ciphertext to the server.
+3. The Operator encrypts the user's password with this one-time public key and sends the ciphertext to the server.
 4. The server decrypts and verifies the password:
   - **Success:** The root key is decrypted and placed into a hardened memory cell. The server transitions to `Unsealed`. Any entries pending encryption scheme migration are re-encrypted.
   - **Failure:** The server returns an error indicating the password is incorrect.
@@ -257,7 +257,7 @@ See [IMPLEMENTATION.md](IMPLEMENTATION.md) for the current and planned memory pr
 ### 7.1 Fundamental Rules

 - SDK clients have **no access by default**.
- Access is granted **explicitly** by a User Agent.
+- Access is granted **explicitly** by an Operator.
 - Grants are scoped to **specific wallets** and governed by **policies**.

 Each blockchain requires its own policy system due to differences in static transaction analysis. Currently, only EVM is supported; Solana support is planned.
@@ -277,19 +277,19 @@ sequenceDiagram
    autonumber
    actor SDK as SDK Client
    participant Server
-    participant UA as User Agent
+    participant operator as Operator

    SDK->>Server: SignTransactionRequest
    Server->>Server: Resolve wallet and wallet visibility
    alt Visibility approval required
-        Server->>UA: Ask for wallet visibility approval
-        UA-->>Server: Vote result
+        Server->>operator: Ask for wallet visibility approval
+        operator-->>Server: Vote result
    end
    Server->>Server: Evaluate transaction
    Server->>Server: Load grant and limits context
    alt Grant approval required
-        Server->>UA: Ask for execution / grant approval
-        UA-->>Server: Vote result
+        Server->>operator: Ask for execution / grant approval
+        operator-->>Server: Vote result
        opt Create persistent grant
            Server->>Server: Create and store grant
        end
--- a/docs/IMPLEMENTATION.md
+++ b/docs/IMPLEMENTATION.md
@@ -8,10 +8,10 @@ This document covers concrete technology choices and dependencies. For the archi

 ### Authentication Result Semantics

-Authentication no longer uses an implicit success-only response shape. Both `client` and `user-agent` return explicit auth status enums over the wire.
+Authentication no longer uses an implicit success-only response shape. Both `client` and `operator` return explicit auth status enums over the wire.

- **Client:** `AuthResult` may return `SUCCESS`, `INVALID_KEY`, `INVALID_SIGNATURE`, `APPROVAL_DENIED`, `NO_USER_AGENTS_ONLINE`, or `INTERNAL`
- **User-agent:** `AuthResult` may return `SUCCESS`, `INVALID_KEY`, `INVALID_SIGNATURE`, `BOOTSTRAP_REQUIRED`, `TOKEN_INVALID`, or `INTERNAL`
+- **Client:** `AuthResult` may return `SUCCESS`, `INVALID_KEY`, `INVALID_SIGNATURE`, `APPROVAL_DENIED`, `NO_OPERATORS_ONLINE`, or `INTERNAL`
+- **Operator:** `AuthResult` may return `SUCCESS`, `INVALID_KEY`, `INVALID_SIGNATURE`, `BOOTSTRAP_REQUIRED`, `TOKEN_INVALID`, or `INTERNAL`

 This makes transport-level failures and actor/domain-level auth failures distinct:

@@ -22,7 +22,7 @@ Clients are expected to handle these status codes directly and present the concr

 ### New Client Approval

-When a client whose public key is not yet in the database connects, all connected user agents are asked to approve the connection. The first agent to respond determines the outcome; remaining requests are cancelled via a watch channel.
+When a client whose public key is not yet in the database connects, all connected operators are asked to approve the connection. The first operator to respond determines the outcome; remaining requests are cancelled via a watch channel.

 ```mermaid
 flowchart TD
@@ -31,10 +31,10 @@ flowchart TD

    C -- yes --> G[Generate AuthChallenge]

-    C -- no --> E[Ask all UserAgents:\nClientConnectionRequest]
+    C -- no --> E[Ask all Operators:\nClientConnectionRequest]
    E --> F{First response}
    F -- denied --> Z([Reject connection])
-    F -- approved --> F2[Cancel remaining\nUserAgent requests]
+    F -- approved --> F2[Cancel remaining\nOperator requests]
    F2 --> F3[INSERT client]
    F3 --> G

@@ -50,7 +50,7 @@ Auth challenges are generated from fresh random bytes plus a nanosecond timestam
 The authentication schema stores peer identity, not replay counters:

 - `program_client` stores the SDK client's public key, metadata binding, and timestamps.
- `useragent_client` stores the User Agent public key and timestamps.
+- `operator_client` stores the Operator public key and timestamps.
 - Neither table stores an authentication nonce, and challenge generation does not update either table.

 ---
@@ -62,7 +62,7 @@ The authentication schema stores peer identity, not replay counters:

 ### User-Agent Authentication

-User-agent authentication supports multiple signature schemes because platform-provided "hardware-bound" keys do not expose a uniform algorithm across operating systems and hardware.
+Operator authentication supports multiple signature schemes because platform-provided "hardware-bound" keys do not expose a uniform algorithm across operating systems and hardware.

 - **Supported schemes:** ML-DSA
 - **Why:** Secure Enclave (MacOS) support them natively, on other platforms we could emulate while they roll-out
@@ -86,7 +86,7 @@ User-agent authentication supports multiple signature schemes because platform-p

 ### Request Multiplexing

-Both `client` and `user-agent` connections support multiple in-flight requests over one gRPC bidi stream.
+Both `client` and `operator` connections support multiple in-flight requests over one gRPC bidi stream.

 - Every request carries a monotonically increasing request ID
 - Every normal response echoes the request ID it corresponds to
@@ -141,7 +141,7 @@ flowchart TD
    L -- Yes --> M[Check grant limits]
    L -- No --> N[Start execution or grant voting flow]

-    N --> O{User-agent decision}
+    N --> O{Operator decision}
    O -- Reject --> Z4[Return no matching grant error]
    O -- Allow once --> M
    O -- Create grant --> P[Create grant with user-selected limits]
--- a/docs/superpowers/plans/2026-03-28-grant-creation-refactor.md
+++ b/docs/superpowers/plans/2026-03-28-grant-creation-refactor.md
@@ -111,7 +111,7 @@ String shortAddress(List<int> bytes) {
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/utils.dart
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/utils.dart
 ```

 Expected: no errors.
@@ -168,7 +168,7 @@ class GrantCreation extends _$GrantCreation {
 - [ ] **Step 2: Run code generator**

 ```sh
-cd useragent && dart run build_runner build --delete-conflicting-outputs
+cd operator && dart run build_runner build --delete-conflicting-outputs
 ```

 Expected: generates `provider.freezed.dart` and `provider.g.dart`, no errors.
@@ -176,7 +176,7 @@ Expected: generates `provider.freezed.dart` and `provider.g.dart`, no errors.
 - [ ] **Step 3: Verify**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/provider.dart
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/provider.dart
 ```

 Expected: no errors.
@@ -204,7 +204,7 @@ jj describe -m "feat(grants): add GrantCreation provider (client selection + gra

 ```dart
 // lib/screens/dashboard/evm/grants/create/fields/client_picker_field.dart
-import 'package:arbiter/proto/user_agent.pb.dart';
+import 'package:arbiter/proto/operator.pb.dart';
 import 'package:arbiter/providers/sdk_clients/list.dart';
 import 'package:arbiter/screens/dashboard/evm/grants/create/provider.dart';
 import 'package:flutter/material.dart';
@@ -246,7 +246,7 @@ class ClientPickerField extends ConsumerWidget {
 ```dart
 // lib/screens/dashboard/evm/grants/create/fields/wallet_access_picker_field.dart
 import 'package:arbiter/proto/evm.pb.dart';
-import 'package:arbiter/proto/user_agent.pb.dart';
+import 'package:arbiter/proto/operator.pb.dart';
 import 'package:arbiter/providers/evm/evm.dart';
 import 'package:arbiter/providers/sdk_clients/wallet_access_list.dart';
 import 'package:arbiter/screens/dashboard/evm/grants/create/provider.dart';
@@ -522,7 +522,7 @@ class TransactionRateLimitField extends StatelessWidget {
 - [ ] **Step 8: Verify all field widgets**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/fields/
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/fields/
 ```

 Expected: no errors.
@@ -585,7 +585,7 @@ class SharedGrantFields extends StatelessWidget {
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/shared_grant_fields.dart
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/shared_grant_fields.dart
 ```

 Expected: no errors.
@@ -978,7 +978,7 @@ class _TokenVolumeLimitRow extends HookWidget {
 - [ ] **Step 4: Run code generator for token_transfer_grant.g.dart**

 ```sh
-cd useragent && dart run build_runner build --delete-conflicting-outputs
+cd operator && dart run build_runner build --delete-conflicting-outputs
 ```

 Expected: generates `token_transfer_grant.g.dart`, no errors.
@@ -986,7 +986,7 @@ Expected: generates `token_transfer_grant.g.dart`, no errors.
 - [ ] **Step 5: Verify**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/grants/
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/grants/
 ```

 Expected: no errors.
@@ -1265,7 +1265,7 @@ String _formatError(Object error) {
 - [ ] **Step 2: Verify the full create/ directory**

 ```sh
-cd useragent && dart analyze lib/screens/dashboard/evm/grants/create/
+cd operator && dart analyze lib/screens/dashboard/evm/grants/create/
 ```

 Expected: no errors.
--- a/docs/superpowers/plans/2026-03-28-grant-grid-view.md
+++ b/docs/superpowers/plans/2026-03-28-grant-grid-view.md
@@ -14,24 +14,24 @@

 | File | Action | Responsibility |
 |---|---|---|
-| `useragent/lib/theme/palette.dart` | Modify | Add `Palette.token` (indigo accent for token-transfer cards) |
-| `useragent/lib/features/connection/evm/wallet_access.dart` | Modify | Add `listAllWalletAccesses()` function |
-| `useragent/lib/providers/sdk_clients/wallet_access_list.dart` | Create | `WalletAccessListProvider` — fetches full wallet access list with IDs |
-| `useragent/lib/screens/dashboard/evm/grants/widgets/grant_card.dart` | Create | `GrantCard` widget — watches enrichment providers + revoke mutation; one card per grant |
-| `useragent/lib/screens/dashboard/evm/grants/grants.dart` | Create | `EvmGrantsScreen` — watches `evmGrantsProvider`; handles loading/error/empty/data states; renders `GrantCard` list |
-| `useragent/lib/router.dart` | Modify | Register `EvmGrantsRoute` in dashboard children |
-| `useragent/lib/screens/dashboard.dart` | Modify | Add Grants entry to `routes` list and `NavigationDestination` list |
+| `operator/lib/theme/palette.dart` | Modify | Add `Palette.token` (indigo accent for token-transfer cards) |
+| `operator/lib/features/connection/evm/wallet_access.dart` | Modify | Add `listAllWalletAccesses()` function |
+| `operator/lib/providers/sdk_clients/wallet_access_list.dart` | Create | `WalletAccessListProvider` — fetches full wallet access list with IDs |
+| `operator/lib/screens/dashboard/evm/grants/widgets/grant_card.dart` | Create | `GrantCard` widget — watches enrichment providers + revoke mutation; one card per grant |
+| `operator/lib/screens/dashboard/evm/grants/grants.dart` | Create | `EvmGrantsScreen` — watches `evmGrantsProvider`; handles loading/error/empty/data states; renders `GrantCard` list |
+| `operator/lib/router.dart` | Modify | Register `EvmGrantsRoute` in dashboard children |
+| `operator/lib/screens/dashboard.dart` | Modify | Add Grants entry to `routes` list and `NavigationDestination` list |

 ---

 ## Task 1: Add `Palette.token`

 **Files:**
- Modify: `useragent/lib/theme/palette.dart`
+- Modify: `operator/lib/theme/palette.dart`

 - [ ] **Step 1: Add the color**

-Replace the contents of `useragent/lib/theme/palette.dart` with:
+Replace the contents of `operator/lib/theme/palette.dart` with:

 ```dart
 import 'package:flutter/material.dart';
@@ -48,7 +48,7 @@ class Palette {
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && flutter analyze lib/theme/palette.dart
+cd operator && flutter analyze lib/theme/palette.dart
 ```

 Expected: no issues.
@@ -65,20 +65,20 @@ jj new
 ## Task 2: Add `listAllWalletAccesses` feature function

 **Files:**
- Modify: `useragent/lib/features/connection/evm/wallet_access.dart`
+- Modify: `operator/lib/features/connection/evm/wallet_access.dart`

 `readClientWalletAccess` (existing) filters the list to one client's wallet IDs and returns `Set<int>`. This new function returns the complete unfiltered list with row IDs so the grant cards can resolve wallet_access_id → wallet + client.

 - [ ] **Step 1: Append function**

-Add at the bottom of `useragent/lib/features/connection/evm/wallet_access.dart`:
+Add at the bottom of `operator/lib/features/connection/evm/wallet_access.dart`:

 ```dart
 Future<List<SdkClientWalletAccess>> listAllWalletAccesses(
  Connection connection,
 ) async {
  final response = await connection.ask(
-    UserAgentRequest(listWalletAccess: Empty()),
+    OperatorRequest(listWalletAccess: Empty()),
  );
  if (!response.hasListWalletAccessResponse()) {
    throw Exception(
@@ -97,7 +97,7 @@ Each returned `SdkClientWalletAccess` has:
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && flutter analyze lib/features/connection/evm/wallet_access.dart
+cd operator && flutter analyze lib/features/connection/evm/wallet_access.dart
 ```

 Expected: no issues.
@@ -114,18 +114,18 @@ jj new
 ## Task 3: Create `WalletAccessListProvider`

 **Files:**
- Create: `useragent/lib/providers/sdk_clients/wallet_access_list.dart`
- Generated: `useragent/lib/providers/sdk_clients/wallet_access_list.g.dart`
+- Create: `operator/lib/providers/sdk_clients/wallet_access_list.dart`
+- Generated: `operator/lib/providers/sdk_clients/wallet_access_list.g.dart`

 Mirrors the structure of `EvmGrants` in `providers/evm/evm_grants.dart` — class-based `@riverpod` with a `refresh()` method.

 - [ ] **Step 1: Write the provider**

-Create `useragent/lib/providers/sdk_clients/wallet_access_list.dart`:
+Create `operator/lib/providers/sdk_clients/wallet_access_list.dart`:

 ```dart
 import 'package:arbiter/features/connection/evm/wallet_access.dart';
-import 'package:arbiter/proto/user_agent.pb.dart';
+import 'package:arbiter/proto/operator.pb.dart';
 import 'package:arbiter/providers/connection/connection_manager.dart';
 import 'package:mtcore/markettakers.dart';
 import 'package:riverpod_annotation/riverpod_annotation.dart';
@@ -165,15 +165,15 @@ class WalletAccessList extends _$WalletAccessList {
 - [ ] **Step 2: Run code generation**

 ```sh
-cd useragent && dart run build_runner build --delete-conflicting-outputs
+cd operator && dart run build_runner build --delete-conflicting-outputs
 ```

-Expected: `useragent/lib/providers/sdk_clients/wallet_access_list.g.dart` created. No errors.
+Expected: `operator/lib/providers/sdk_clients/wallet_access_list.g.dart` created. No errors.

 - [ ] **Step 3: Verify**

 ```sh
-cd useragent && flutter analyze lib/providers/sdk_clients/
+cd operator && flutter analyze lib/providers/sdk_clients/
 ```

 Expected: no issues.
@@ -190,26 +190,26 @@ jj new
 ## Task 4: Create `GrantCard` widget

 **Files:**
- Create: `useragent/lib/screens/dashboard/evm/grants/widgets/grant_card.dart`
+- Create: `operator/lib/screens/dashboard/evm/grants/widgets/grant_card.dart`

 This widget owns all per-card logic: enrichment lookups, revoke action, and rebuild scope. The screen only passes it a `GrantEntry` — the card fetches everything else itself.

 **Key types:**
 - `GrantEntry` (from `proto/evm.pb.dart`): `.id`, `.shared.walletAccessId`, `.shared.chainId`, `.specific.whichGrant()`
 - `SpecificGrant_Grant.etherTransfer` / `.tokenTransfer` — enum values for the oneof
- `SdkClientWalletAccess` (from `proto/user_agent.pb.dart`): `.id`, `.access.walletId`, `.access.sdkClientId`
+- `SdkClientWalletAccess` (from `proto/operator.pb.dart`): `.id`, `.access.walletId`, `.access.sdkClientId`
 - `WalletEntry` (from `proto/evm.pb.dart`): `.id`, `.address` (List<int>)
- `SdkClientEntry` (from `proto/user_agent.pb.dart`): `.id`, `.info.name`
+- `SdkClientEntry` (from `proto/operator.pb.dart`): `.id`, `.info.name`
 - `revokeEvmGrantMutation` — `Mutation<void>` (global; all revoke buttons disable together while any revoke is in flight)
 - `executeRevokeEvmGrant(ref, grantId: int)` — `Future<void>`

 - [ ] **Step 1: Write the widget**

-Create `useragent/lib/screens/dashboard/evm/grants/widgets/grant_card.dart`:
+Create `operator/lib/screens/dashboard/evm/grants/widgets/grant_card.dart`:

 ```dart
 import 'package:arbiter/proto/evm.pb.dart';
-import 'package:arbiter/proto/user_agent.pb.dart';
+import 'package:arbiter/proto/operator.pb.dart';
 import 'package:arbiter/providers/evm/evm.dart';
 import 'package:arbiter/providers/evm/evm_grants.dart';
 import 'package:arbiter/providers/sdk_clients/list.dart';
@@ -438,7 +438,7 @@ class GrantCard extends ConsumerWidget {
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && flutter analyze lib/screens/dashboard/evm/grants/widgets/grant_card.dart
+cd operator && flutter analyze lib/screens/dashboard/evm/grants/widgets/grant_card.dart
 ```

 Expected: no issues.
@@ -455,13 +455,13 @@ jj new
 ## Task 5: Create `EvmGrantsScreen`

 **Files:**
- Create: `useragent/lib/screens/dashboard/evm/grants/grants.dart`
+- Create: `operator/lib/screens/dashboard/evm/grants/grants.dart`

 The screen watches only `evmGrantsProvider` for top-level state (loading / error / no connection / empty / data). When there is data it renders a list of `GrantCard` widgets — each card manages its own enrichment subscriptions.

 - [ ] **Step 1: Write the screen**

-Create `useragent/lib/screens/dashboard/evm/grants/grants.dart`:
+Create `operator/lib/screens/dashboard/evm/grants/grants.dart`:

 ```dart
 import 'package:arbiter/proto/evm.pb.dart';
@@ -702,7 +702,7 @@ class EvmGrantsScreen extends ConsumerWidget {
 - [ ] **Step 2: Verify**

 ```sh
-cd useragent && flutter analyze lib/screens/dashboard/evm/grants/
+cd operator && flutter analyze lib/screens/dashboard/evm/grants/
 ```

 Expected: no issues.
@@ -719,13 +719,13 @@ jj new
 ## Task 6: Wire router and dashboard tab

 **Files:**
- Modify: `useragent/lib/router.dart`
- Modify: `useragent/lib/screens/dashboard.dart`
- Regenerated: `useragent/lib/router.gr.dart`
+- Modify: `operator/lib/router.dart`
+- Modify: `operator/lib/screens/dashboard.dart`
+- Regenerated: `operator/lib/router.gr.dart`

 - [ ] **Step 1: Add route to `router.dart`**

-Replace the contents of `useragent/lib/router.dart` with:
+Replace the contents of `operator/lib/router.dart` with:

 ```dart
 import 'package:auto_route/auto_route.dart';
@@ -759,7 +759,7 @@ class Router extends RootStackRouter {

 - [ ] **Step 2: Update `dashboard.dart`**

-In `useragent/lib/screens/dashboard.dart`, replace the `routes` constant:
+In `operator/lib/screens/dashboard.dart`, replace the `routes` constant:

 ```dart
 final routes = [
@@ -800,7 +800,7 @@ destinations: const [
 - [ ] **Step 3: Regenerate router**

 ```sh
-cd useragent && dart run build_runner build --delete-conflicting-outputs
+cd operator && dart run build_runner build --delete-conflicting-outputs
 ```

 Expected: `lib/router.gr.dart` updated, `EvmGrantsRoute` now available, no errors.
@@ -808,7 +808,7 @@ Expected: `lib/router.gr.dart` updated, `EvmGrantsRoute` now available, no error
 - [ ] **Step 4: Full project verify**

 ```sh
-cd useragent && flutter analyze
+cd operator && flutter analyze
 ```

 Expected: no issues.
--- a/docs/superpowers/specs/2026-03-28-grant-grid-view-design.md
+++ b/docs/superpowers/specs/2026-03-28-grant-grid-view-design.md
@@ -4,7 +4,7 @@

 ## Overview

-Add a "Grants" dashboard tab to the Flutter user-agent app that displays all EVM grants as a card-based grid. Each card shows a compact summary (type, chain, wallet address, client name) with a revoke action. The tab integrates into the existing `AdaptiveScaffold` navigation alongside Wallets, Clients, and About.
+Add a "Grants" dashboard tab to the Flutter operator app that displays all EVM grants as a card-based grid. Each card shows a compact summary (type, chain, wallet address, client name) with a revoke action. The tab integrates into the existing `AdaptiveScaffold` navigation alongside Wallets, Clients, and About.

 ## Scope

@@ -23,7 +23,7 @@ Add a "Grants" dashboard tab to the Flutter user-agent app that displays all EVM

 ### `walletAccessListProvider`

-**File:** `useragent/lib/providers/sdk_clients/wallet_access_list.dart`
+**File:** `operator/lib/providers/sdk_clients/wallet_access_list.dart`

 - `@riverpod` class, watches `connectionManagerProvider.future`
 - Returns `List<SdkClientWalletAccess>?` (null when not connected)
@@ -85,7 +85,7 @@ NavigationDestination(

 ## Screen: `EvmGrantsScreen`

-**File:** `useragent/lib/screens/dashboard/evm/grants/grants.dart`
+**File:** `operator/lib/screens/dashboard/evm/grants/grants.dart`

 ```
 Scaffold