Architecture

Per camera: sample → change-gate → perceive (metered object detection) → filter (class allow-list) → track (dwell) → zone-test → confirm (dwell window) → decide (rules) → alert. The change-gate skips frames below the change-delta at $0; perceive runs only on the survivors. The class filter drops staff and animals; the zone-test maps the rest by coverage (a person in a restricted or perimeter zone → intrusion · critical; a vehicle → vehicle-breach, warning in a restricted/perimeter zone and info otherwise; a person in the lobby is expected and benign). Confirm requires the qualifying track to dwell across the window (default three frames, ~2s each) before decide raises an alert — single-frame hits never alert.

App 09 owns `camera`, `zone` and `security_event` (the C5 `demo_eco_*` slice, ready for a clean Stage-2 Drizzle/Postgres swap) and reads shared property context. It produces `security_event.raised` on the shared bus on every confirmed alert — its single outbound coupling. Owner ack/dismiss writes are canonical and audited; a viewer cannot act, and any operational write a viewer could make would be an ephemeral overlay the owner never sees and reset clears. Camera frames are read-only synthetic ground truth.

The one metered stage is `perceive`, simulated as a vision detector. Cloud mode bills a representative per-perceived-frame cost (≈ $0.0025/frame) against `claude-haiku-4-5`; OSS mode is recorded at $0 against a local vision stand-in (qwen2.5-vl-7b, recorded on M4). Because the change-gate runs first, spend tracks activity, not camera count. The per-session cost cap fails closed: once Cloud spend would cross the session budget, perceive falls back to the $0 OSS recorded path rather than fabricate an over-budget call. Every non-perceive stage is deterministic and $0 in both modes.

No real cameras, no real footage, no real computer-vision model, no faces or people — the frames are iconographic markers on a synthetic field, and detection reads their ground truth. There are no real alarms or external dispatch. Everything is labelled synthetic in-surface; no real imagery, PII, production prompts or proprietary metrics appear anywhere.