CalaT 1.9.1 adds permission gate

The real contribution here is the control plane: CalaT treats the model as a planner, not an executor, which is the right way to make a local agent auditable and harder to abuse.

• –A single validation point keeps dashboard, WebSocket, and Telegram inputs from branching into hidden execution paths.
• –Hardware-aware model selection is a practical local-first move; the same codebase can scale from Pi-class devices to GPU rigs.
• –Heartbeat isolation is a good safety boundary because monitoring should notify, not execute.
• –Persistent memory plus optional Telegram make the agent useful in practice, but they also raise the bar for audit trails and explicit user boundaries.
• –A declarative policy engine is the right 2.0 step if the project wants richer rules without reintroducing bypasses.