@agent-e/server 1.5.13 → 1.6.2

package/dist/cli.js

@@ -29,7 +29,951 @@ var import_core3 = require("@agent-e/core");
 
 // src/routes.ts
 var import_core = require("@agent-e/core");
+
+// src/dashboard.ts
+function getDashboardHtml() {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>AgentE Dashboard</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500;600&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+<script src="https://cdn.jsdelivr.net/npm/chart.js@4.5.1/dist/chart.umd.min.js"></script>
+<style>
+  :root {
+    --bg-root: #09090b;
+    --bg-panel: #18181b;
+    --bg-panel-hover: #1f1f23;
+    --border: #27272a;
+    --border-light: #3f3f46;
+    --text-primary: #f4f4f5;
+    --text-secondary: #a1a1aa;
+    --text-muted: #71717a;
+    --text-dim: #52525b;
+    --accent: #22c55e;
+    --accent-dim: #166534;
+    --warning: #eab308;
+    --warning-dim: #854d0e;
+    --danger: #ef4444;
+    --danger-dim: #991b1b;
+    --blue: #3b82f6;
+    --font-sans: 'IBM Plex Sans', system-ui, sans-serif;
+    --font-mono: 'JetBrains Mono', monospace;
+  }
+
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+
+  body {
+    background: var(--bg-root);
+    color: var(--text-primary);
+    font-family: var(--font-sans);
+    font-size: 14px;
+    line-height: 1.5;
+    overflow-x: hidden;
+  }
+
+  /* \u2500\u2500 Header \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .header {
+    position: sticky;
+    top: 0;
+    z-index: 100;
+    background: var(--bg-root);
+    border-bottom: 1px solid var(--border);
+    padding: 12px 24px;
+    display: flex;
+    align-items: center;
+    gap: 24px;
+    backdrop-filter: blur(8px);
+  }
+
+  .header-brand {
+    font-weight: 600;
+    font-size: 16px;
+    color: var(--text-primary);
+    white-space: nowrap;
+  }
+
+  .header-brand span { color: var(--accent); }
+
+  .kpi-row {
+    display: flex;
+    gap: 20px;
+    flex-wrap: wrap;
+    align-items: center;
+    margin-left: auto;
+  }
+
+  .kpi {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 13px;
+    color: var(--text-secondary);
+  }
+
+  .kpi-value {
+    font-family: var(--font-mono);
+    font-weight: 500;
+    color: var(--text-primary);
+    font-size: 13px;
+  }
+
+  .kpi-value.health-good { color: var(--accent); }
+  .kpi-value.health-warn { color: var(--warning); }
+  .kpi-value.health-bad { color: var(--danger); }
+
+  .live-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    background: var(--accent);
+    animation: pulse 2s ease-in-out infinite;
+  }
+
+  .live-dot.disconnected {
+    background: var(--danger);
+    animation: none;
+  }
+
+  @keyframes pulse {
+    0%, 100% { opacity: 1; }
+    50% { opacity: 0.4; }
+  }
+
+  /* \u2500\u2500 Layout \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .container {
+    max-width: 1440px;
+    margin: 0 auto;
+    padding: 20px 24px;
+    display: flex;
+    flex-direction: column;
+    gap: 16px;
+  }
+
+  .panel {
+    background: var(--bg-panel);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    padding: 16px;
+  }
+
+  .panel-title {
+    font-size: 13px;
+    font-weight: 600;
+    color: var(--text-secondary);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    margin-bottom: 12px;
+  }
+
+  /* \u2500\u2500 Charts grid \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .charts-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 16px;
+  }
+
+  .chart-box {
+    background: var(--bg-panel);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    padding: 16px;
+  }
+
+  .chart-box canvas { width: 100% !important; height: 160px !important; }
+
+  .chart-label {
+    font-size: 12px;
+    color: var(--text-muted);
+    font-weight: 500;
+    margin-bottom: 8px;
+  }
+
+  .chart-value {
+    font-family: var(--font-mono);
+    font-size: 22px;
+    font-weight: 500;
+    color: var(--text-primary);
+    margin-bottom: 8px;
+  }
+
+  /* \u2500\u2500 Terminal (Decision Feed) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .terminal {
+    background: var(--bg-root);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    height: 380px;
+    overflow-y: auto;
+    font-family: var(--font-mono);
+    font-size: 12px;
+    line-height: 1.7;
+    padding: 12px 16px;
+  }
+
+  .terminal::-webkit-scrollbar { width: 6px; }
+  .terminal::-webkit-scrollbar-track { background: transparent; }
+  .terminal::-webkit-scrollbar-thumb { background: var(--border-light); border-radius: 3px; }
+
+  .term-line {
+    white-space: nowrap;
+    opacity: 0;
+    transform: translateY(4px);
+    animation: termIn 0.3s ease-out forwards;
+  }
+
+  @keyframes termIn {
+    to { opacity: 1; transform: translateY(0); }
+  }
+
+  .t-tick { color: var(--text-dim); }
+  .t-ok { color: var(--accent); }
+  .t-skip { color: var(--warning); }
+  .t-fail { color: var(--danger); }
+  .t-principle { color: var(--text-primary); font-weight: 500; }
+  .t-param { color: var(--text-secondary); }
+  .t-old { color: #d4d4d8; font-variant-numeric: tabular-nums; }
+  .t-arrow { color: var(--text-dim); }
+  .t-new { color: var(--accent); font-variant-numeric: tabular-nums; }
+  .t-meta { color: var(--text-dim); }
+
+  /* \u2500\u2500 Alerts \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .alerts-container {
+    display: flex;
+    flex-direction: column;
+    gap: 8px;
+    max-height: 320px;
+    overflow-y: auto;
+  }
+
+  .alert-card {
+    display: flex;
+    align-items: flex-start;
+    gap: 12px;
+    padding: 12px;
+    border-radius: 6px;
+    border: 1px solid var(--border);
+    background: var(--bg-panel);
+    transition: opacity 0.3s, transform 0.3s;
+  }
+
+  .alert-card.fade-out {
+    opacity: 0;
+    transform: translateX(20px);
+  }
+
+  .alert-severity {
+    font-family: var(--font-mono);
+    font-weight: 600;
+    font-size: 13px;
+    padding: 2px 8px;
+    border-radius: 4px;
+    white-space: nowrap;
+  }
+
+  .sev-high { background: var(--danger-dim); color: var(--danger); }
+  .sev-med { background: var(--warning-dim); color: var(--warning); }
+  .sev-low { background: var(--accent-dim); color: var(--accent); }
+
+  .alert-body { flex: 1; }
+  .alert-principle { font-weight: 500; font-size: 13px; }
+  .alert-reason { color: var(--text-secondary); font-size: 12px; margin-top: 2px; }
+
+  /* \u2500\u2500 Violations table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .violations-table {
+    width: 100%;
+    border-collapse: collapse;
+    font-size: 12px;
+  }
+
+  .violations-table th {
+    text-align: left;
+    color: var(--text-muted);
+    font-weight: 500;
+    padding: 6px 10px;
+    border-bottom: 1px solid var(--border);
+    cursor: pointer;
+    user-select: none;
+  }
+
+  .violations-table th:hover { color: var(--text-secondary); }
+
+  .violations-table td {
+    padding: 6px 10px;
+    border-bottom: 1px solid var(--border);
+    color: var(--text-secondary);
+    font-family: var(--font-mono);
+    font-size: 11px;
+  }
+
+  .violations-table tr:hover td { background: var(--bg-panel-hover); }
+
+  /* \u2500\u2500 Split row \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .split-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 16px;
+  }
+
+  @media (max-width: 800px) {
+    .split-row { grid-template-columns: 1fr; }
+  }
+
+  /* \u2500\u2500 Persona bar chart \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .persona-bars { display: flex; flex-direction: column; gap: 6px; }
+
+  .persona-row {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    font-size: 12px;
+  }
+
+  .persona-label {
+    width: 100px;
+    text-align: right;
+    color: var(--text-secondary);
+    font-size: 11px;
+    flex-shrink: 0;
+  }
+
+  .persona-bar-track {
+    flex: 1;
+    height: 16px;
+    background: var(--bg-root);
+    border-radius: 3px;
+    overflow: hidden;
+  }
+
+  .persona-bar-fill {
+    height: 100%;
+    background: var(--accent);
+    border-radius: 3px;
+    transition: width 0.5s ease;
+  }
+
+  .persona-pct {
+    width: 40px;
+    font-family: var(--font-mono);
+    font-size: 11px;
+    color: var(--text-muted);
+  }
+
+  /* \u2500\u2500 Registry list \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .registry-list { display: flex; flex-direction: column; gap: 4px; }
+
+  .registry-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 6px 10px;
+    border-radius: 4px;
+    font-size: 12px;
+  }
+
+  .registry-item:nth-child(odd) { background: rgba(255,255,255,0.02); }
+  .registry-key { color: var(--text-secondary); font-family: var(--font-mono); }
+  .registry-val { color: var(--accent); font-family: var(--font-mono); font-weight: 500; }
+
+  /* \u2500\u2500 Advisor mode \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .advisor-banner {
+    display: none;
+    background: var(--warning-dim);
+    border: 1px solid var(--warning);
+    color: var(--warning);
+    padding: 8px 16px;
+    border-radius: 6px;
+    font-size: 13px;
+    font-weight: 500;
+    align-items: center;
+    gap: 8px;
+  }
+
+  .advisor-mode .advisor-banner { display: flex; }
+
+  .pending-pill {
+    background: var(--warning);
+    color: var(--bg-root);
+    font-size: 11px;
+    font-weight: 600;
+    padding: 1px 8px;
+    border-radius: 10px;
+    font-family: var(--font-mono);
+  }
+
+  .advisor-btn {
+    font-family: var(--font-mono);
+    font-size: 11px;
+    padding: 2px 10px;
+    border-radius: 4px;
+    border: none;
+    cursor: pointer;
+    font-weight: 500;
+    transition: opacity 0.15s;
+  }
+
+  .advisor-btn:hover { opacity: 0.85; }
+  .advisor-btn.approve { background: var(--accent); color: var(--bg-root); }
+  .advisor-btn.reject { background: var(--danger); color: #fff; }
+
+  .advisor-actions { display: none; gap: 6px; margin-left: 8px; }
+  .advisor-mode .advisor-actions { display: inline-flex; }
+
+  /* \u2500\u2500 Empty state \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .empty-state {
+    color: var(--text-dim);
+    font-size: 13px;
+    text-align: center;
+    padding: 40px 20px;
+  }
+
+  /* \u2500\u2500 Reduced motion \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  @media (prefers-reduced-motion: reduce) {
+    .term-line { animation: none; opacity: 1; transform: none; }
+    .live-dot { animation: none; }
+    .persona-bar-fill { transition: none; }
+  }
+</style>
+</head>
+<body>
+
+<!-- Header -->
+<div class="header" id="header">
+  <div class="header-brand">Agent<span>E</span> v1.6</div>
+  <div class="kpi-row">
+    <div class="kpi">Health <span class="kpi-value health-good" id="kpi-health">--</span></div>
+    <div class="kpi">Mode <span class="kpi-value" id="kpi-mode">--</span></div>
+    <div class="kpi">Tick <span class="kpi-value" id="kpi-tick">0</span></div>
+    <div class="kpi">Uptime <span class="kpi-value" id="kpi-uptime">0s</span></div>
+    <div class="kpi">Plans <span class="kpi-value" id="kpi-plans">0</span></div>
+    <div class="live-dot" id="live-dot" title="WebSocket connected"></div>
+  </div>
+</div>
+
+<div class="container" id="app">
+  <!-- Advisor banner -->
+  <div class="advisor-banner" id="advisor-banner">
+    ADVISOR MODE \u2014 Recommendations require manual approval
+    <span class="pending-pill" id="pending-count">0</span> pending
+  </div>
+
+  <!-- Charts -->
+  <div class="charts-grid">
+    <div class="chart-box">
+      <div class="chart-label">Economy Health</div>
+      <div class="chart-value" id="cv-health">--</div>
+      <canvas id="chart-health"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Gini Coefficient</div>
+      <div class="chart-value" id="cv-gini">--</div>
+      <canvas id="chart-gini"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Net Flow</div>
+      <div class="chart-value" id="cv-netflow">--</div>
+      <canvas id="chart-netflow"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Avg Satisfaction</div>
+      <div class="chart-value" id="cv-satisfaction">--</div>
+      <canvas id="chart-satisfaction"></canvas>
+    </div>
+  </div>
+
+  <!-- Decision Feed -->
+  <div class="panel">
+    <div class="panel-title">Decision Feed</div>
+    <div class="terminal" id="terminal"></div>
+  </div>
+
+  <!-- Active Alerts -->
+  <div class="panel">
+    <div class="panel-title">Active Alerts</div>
+    <div class="alerts-container" id="alerts-container">
+      <div class="empty-state" id="alerts-empty">No active violations</div>
+    </div>
+  </div>
+
+  <!-- Violation History -->
+  <div class="panel">
+    <div class="panel-title">Violation History</div>
+    <div style="max-height:320px;overflow-y:auto">
+      <table class="violations-table" id="violations-table">
+        <thead>
+          <tr>
+            <th data-sort="tick">Tick</th>
+            <th data-sort="principle">Principle</th>
+            <th data-sort="severity">Severity</th>
+            <th data-sort="parameter">Parameter</th>
+            <th data-sort="result">Result</th>
+          </tr>
+        </thead>
+        <tbody id="violations-body"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- Split: Personas + Registry -->
+  <div class="split-row">
+    <div class="panel">
+      <div class="panel-title">Persona Distribution</div>
+      <div class="persona-bars" id="persona-bars">
+        <div class="empty-state">No persona data yet</div>
+      </div>
+    </div>
+    <div class="panel">
+      <div class="panel-title">Parameter Registry</div>
+      <div class="registry-list" id="registry-list">
+        <div class="empty-state">No parameters registered</div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script>
+(function() {
+  'use strict';
+
+  // \u2500\u2500 State \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  let ws = null;
+  let reconnectDelay = 1000;
+  const MAX_RECONNECT = 30000;
+  let isAdvisor = false;
+  let pendingDecisions = [];
+  const MAX_TERMINAL_LINES = 80;
+  const MAX_VIOLATIONS = 100;
+  let violationSortKey = 'tick';
+  let violationSortAsc = false;
+  let violations = [];
+
+  // Chart instances
+  let chartHealth, chartGini, chartNetflow, chartSatisfaction;
+
+  // \u2500\u2500 DOM refs \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  const $kpiHealth = document.getElementById('kpi-health');
+  const $kpiMode = document.getElementById('kpi-mode');
+  const $kpiTick = document.getElementById('kpi-tick');
+  const $kpiUptime = document.getElementById('kpi-uptime');
+  const $kpiPlans = document.getElementById('kpi-plans');
+  const $liveDot = document.getElementById('live-dot');
+  const $terminal = document.getElementById('terminal');
+  const $alertsContainer = document.getElementById('alerts-container');
+  const $alertsEmpty = document.getElementById('alerts-empty');
+  const $violationsBody = document.getElementById('violations-body');
+  const $personaBars = document.getElementById('persona-bars');
+  const $registryList = document.getElementById('registry-list');
+  const $pendingCount = document.getElementById('pending-count');
+  const $app = document.getElementById('app');
+
+  // \u2500\u2500 Helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function esc(s) { return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;').replace(/'/g,'&#39;'); }
+  function pad(n, w) { return String(n).padStart(w || 4, ' '); }
+  function fmt(n) { return typeof n === 'number' ? n.toFixed(3) : '\u2014'; }
+  function pct(n) { return typeof n === 'number' ? (n * 100).toFixed(0) + '%' : '\u2014'; }
+
+  function formatUptime(ms) {
+    const s = Math.floor(ms / 1000);
+    if (s < 60) return s + 's';
+    if (s < 3600) return Math.floor(s / 60) + 'm ' + (s % 60) + 's';
+    const h = Math.floor(s / 3600);
+    return h + 'h ' + Math.floor((s % 3600) / 60) + 'm';
+  }
+
+  function healthClass(h) {
+    if (h >= 70) return 'health-good';
+    if (h >= 40) return 'health-warn';
+    return 'health-bad';
+  }
+
+  function sevClass(s) {
+    if (s >= 7) return 'sev-high';
+    if (s >= 4) return 'sev-med';
+    return 'sev-low';
+  }
+
+  // \u2500\u2500 Chart setup \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  const chartOpts = {
+    responsive: true,
+    maintainAspectRatio: false,
+    animation: { duration: 300 },
+    plugins: { legend: { display: false } },
+    scales: {
+      x: { display: false },
+      y: {
+        ticks: { color: '#71717a', font: { family: "'JetBrains Mono'", size: 10 } },
+        grid: { color: 'rgba(63,63,70,0.3)' },
+        border: { display: false },
+      }
+    },
+    elements: {
+      point: { radius: 0 },
+      line: { borderWidth: 1.5, tension: 0.3 },
+    }
+  };
+
+  function makeChart(id, color, minY, maxY) {
+    const ctx = document.getElementById(id).getContext('2d');
+    const opts = JSON.parse(JSON.stringify(chartOpts));
+    if (minY !== undefined) opts.scales.y.min = minY;
+    if (maxY !== undefined) opts.scales.y.max = maxY;
+    return new Chart(ctx, {
+      type: 'line',
+      data: {
+        labels: [],
+        datasets: [{
+          data: [],
+          borderColor: color,
+          backgroundColor: color + '18',
+          fill: true,
+        }]
+      },
+      options: opts,
+    });
+  }
+
+  function initCharts() {
+    chartHealth = makeChart('chart-health', '#22c55e', 0, 100);
+    chartGini = makeChart('chart-gini', '#eab308', 0, 1);
+    chartNetflow = makeChart('chart-netflow', '#3b82f6');
+    chartSatisfaction = makeChart('chart-satisfaction', '#22c55e', 0, 100);
+  }
+
+  function updateChart(chart, labels, data) {
+    chart.data.labels = labels;
+    chart.data.datasets[0].data = data;
+    chart.update('none');
+  }
+
+  // \u2500\u2500 Terminal \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function addTerminalLine(html) {
+    const el = document.createElement('div');
+    el.className = 'term-line';
+    el.innerHTML = html;
+    $terminal.appendChild(el);
+    while ($terminal.children.length > MAX_TERMINAL_LINES) {
+      $terminal.removeChild($terminal.firstChild);
+    }
+    $terminal.scrollTop = $terminal.scrollHeight;
+  }
+
+  function decisionToTerminal(d) {
+    const resultIcon = d.result === 'applied'
+      ? '<span class="t-ok">\\u2705 </span>'
+      : d.result === 'rejected'
+        ? '<span class="t-fail">\\u274c </span>'
+        : '<span class="t-skip">\\u23f8 </span>';
+
+    const principle = d.diagnosis?.principle || {};
+    const plan = d.plan || {};
+    const severity = d.diagnosis?.violation?.severity ?? '?';
+    const confidence = d.diagnosis?.violation?.confidence;
+    const confStr = confidence != null ? (confidence * 100).toFixed(0) + '%' : '?';
+
+    let advisorBtns = '';
+    if (isAdvisor && d.result === 'skipped_override') {
+      advisorBtns = '<span class="advisor-actions">'
+        + '<button class="advisor-btn approve" onclick="window._approve(\\'' + esc(d.id) + '\\')">[Approve]</button>'
+        + '<button class="advisor-btn reject" onclick="window._reject(\\'' + esc(d.id) + '\\')">[Reject]</button>'
+        + '</span>';
+    }
+
+    return '<span class="t-tick">[Tick ' + pad(d.tick) + ']</span> '
+      + resultIcon
+      + '<span class="t-principle">[' + esc(principle.id || '?') + '] ' + esc(principle.name || '') + ':</span> '
+      + '<span class="t-param">' + esc(plan.parameter || '\u2014') + ' </span>'
+      + '<span class="t-old">' + fmt(plan.currentValue) + '</span>'
+      + '<span class="t-arrow"> \\u2192 </span>'
+      + '<span class="t-new">' + fmt(plan.targetValue) + '</span>'
+      + '<span class="t-meta">  severity ' + severity + '/10, confidence ' + confStr + '</span>'
+      + advisorBtns;
+  }
+
+  // \u2500\u2500 Alerts \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderAlerts(alerts) {
+    if (!alerts || alerts.length === 0) {
+      $alertsContainer.innerHTML = '<div class="empty-state">No active violations</div>';
+      return;
+    }
+    const sorted = [...alerts].sort((a, b) => (b.severity || 0) - (a.severity || 0));
+    $alertsContainer.innerHTML = sorted.map(function(a) {
+      const sev = a.severity || a.violation?.severity || 0;
+      const sc = sevClass(sev);
+      const name = a.principleName || a.principle?.name || '?';
+      const pid = a.principleId || a.principle?.id || '?';
+      const reason = a.reasoning || a.violation?.suggestedAction?.reasoning || '';
+      return '<div class="alert-card">'
+        + '<span class="alert-severity ' + sc + '">' + sev + '/10</span>'
+        + '<div class="alert-body">'
+        + '<div class="alert-principle">[' + esc(pid) + '] ' + esc(name) + '</div>'
+        + '<div class="alert-reason">' + esc(reason) + '</div>'
+        + '</div></div>';
+    }).join('');
+  }
+
+  // \u2500\u2500 Violations table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function addViolation(d) {
+    violations.push({
+      tick: d.tick,
+      principle: (d.diagnosis?.principle?.id || '?') + ' ' + (d.diagnosis?.principle?.name || ''),
+      severity: d.diagnosis?.violation?.severity || 0,
+      parameter: d.plan?.parameter || '\u2014',
+      result: d.result,
+    });
+    if (violations.length > MAX_VIOLATIONS) violations.shift();
+    renderViolations();
+  }
+
+  function renderViolations() {
+    const sorted = [...violations].sort(function(a, b) {
+      const va = a[violationSortKey], vb = b[violationSortKey];
+      if (va < vb) return violationSortAsc ? -1 : 1;
+      if (va > vb) return violationSortAsc ? 1 : -1;
+      return 0;
+    });
+    $violationsBody.innerHTML = sorted.map(function(v) {
+      return '<tr>'
+        + '<td>' + v.tick + '</td>'
+        + '<td style="color:var(--text-primary);font-family:var(--font-sans)">' + esc(v.principle) + '</td>'
+        + '<td><span class="alert-severity ' + sevClass(v.severity) + '">' + v.severity + '</span></td>'
+        + '<td>' + esc(v.parameter) + '</td>'
+        + '<td>' + esc(v.result) + '</td>'
+        + '</tr>';
+    }).join('');
+  }
+
+  // Table sorting
+  document.querySelectorAll('.violations-table th').forEach(function(th) {
+    th.addEventListener('click', function() {
+      const key = th.dataset.sort;
+      if (violationSortKey === key) violationSortAsc = !violationSortAsc;
+      else { violationSortKey = key; violationSortAsc = true; }
+      renderViolations();
+    });
+  });
+
+  // \u2500\u2500 Personas \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderPersonas(dist) {
+    if (!dist || Object.keys(dist).length === 0) {
+      $personaBars.innerHTML = '<div class="empty-state">No persona data yet</div>';
+      return;
+    }
+    const total = Object.values(dist).reduce(function(s, v) { return s + v; }, 0);
+    const entries = Object.entries(dist).sort(function(a, b) { return b[1] - a[1]; });
+    $personaBars.innerHTML = entries.map(function(e) {
+      const pctVal = total > 0 ? (e[1] / total * 100) : 0;
+      return '<div class="persona-row">'
+        + '<div class="persona-label">' + esc(e[0]) + '</div>'
+        + '<div class="persona-bar-track"><div class="persona-bar-fill" style="width:' + pctVal + '%"></div></div>'
+        + '<div class="persona-pct">' + pctVal.toFixed(0) + '%</div>'
+        + '</div>';
+    }).join('');
+  }
+
+  // \u2500\u2500 Registry \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderRegistry(principles) {
+    if (!principles || principles.length === 0) {
+      $registryList.innerHTML = '<div class="empty-state">No parameters registered</div>';
+      return;
+    }
+    $registryList.innerHTML = principles.slice(0, 30).map(function(p) {
+      return '<div class="registry-item">'
+        + '<span class="registry-key">[' + esc(p.id) + ']</span>'
+        + '<span class="registry-val">' + esc(p.name) + '</span>'
+        + '</div>';
+    }).join('');
+  }
+
+  // \u2500\u2500 KPI update \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function updateKPIs(data) {
+    if (data.health != null) {
+      $kpiHealth.textContent = data.health + '/100';
+      $kpiHealth.className = 'kpi-value ' + healthClass(data.health);
+      document.getElementById('cv-health').textContent = data.health + '/100';
+    }
+    if (data.mode != null) {
+      $kpiMode.textContent = data.mode;
+      isAdvisor = data.mode === 'advisor';
+      $app.classList.toggle('advisor-mode', isAdvisor);
+    }
+    if (data.tick != null) $kpiTick.textContent = data.tick;
+    if (data.uptime != null) $kpiUptime.textContent = formatUptime(data.uptime);
+    if (data.activePlans != null) $kpiPlans.textContent = data.activePlans;
+  }
+
+  // \u2500\u2500 Metrics history \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function updateChartsFromHistory(history) {
+    if (!history || history.length === 0) return;
+    const ticks = history.map(function(h) { return h.tick; });
+    updateChart(chartHealth, ticks, history.map(function(h) { return h.health; }));
+    updateChart(chartGini, ticks, history.map(function(h) { return h.giniCoefficient; }));
+    updateChart(chartNetflow, ticks, history.map(function(h) { return h.netFlow; }));
+    updateChart(chartSatisfaction, ticks, history.map(function(h) { return h.avgSatisfaction; }));
+
+    const last = history[history.length - 1];
+    document.getElementById('cv-gini').textContent = last.giniCoefficient.toFixed(3);
+    document.getElementById('cv-netflow').textContent = last.netFlow.toFixed(1);
+    document.getElementById('cv-satisfaction').textContent = last.avgSatisfaction.toFixed(0) + '/100';
+  }
+
+  // \u2500\u2500 API calls \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function fetchJSON(path) {
+    return fetch(path).then(function(r) { return r.json(); });
+  }
+
+  function postJSON(path, body) {
+    return fetch(path, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }).then(function(r) { return r.json(); });
+  }
+
+  function loadInitialData() {
+    fetchJSON('/health').then(function(data) {
+      updateKPIs(data);
+    }).catch(function() {});
+
+    fetchJSON('/decisions?limit=50').then(function(data) {
+      if (data.decisions) {
+        data.decisions.reverse().forEach(function(d) {
+          addTerminalLine(decisionToTerminal(d));
+          addViolation(d);
+        });
+      }
+    }).catch(function() {});
+
+    fetchJSON('/metrics').then(function(data) {
+      if (data.history) updateChartsFromHistory(data.history);
+      if (data.latest) {
+        renderPersonas(data.latest.personaDistribution);
+      }
+    }).catch(function() {});
+
+    fetchJSON('/principles').then(function(data) {
+      if (data.principles) renderRegistry(data.principles);
+    }).catch(function() {});
+
+    fetchJSON('/pending').then(function(data) {
+      if (data.pending) {
+        pendingDecisions = data.pending;
+        $pendingCount.textContent = data.count || 0;
+      }
+    }).catch(function() {});
+  }
+
+  // \u2500\u2500 Polling fallback \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  let pollInterval = null;
+
+  function startPolling() {
+    if (pollInterval) return;
+    pollInterval = setInterval(function() {
+      fetchJSON('/health').then(updateKPIs).catch(function() {});
+      fetchJSON('/metrics').then(function(data) {
+        if (data.history) updateChartsFromHistory(data.history);
+        if (data.latest) renderPersonas(data.latest.personaDistribution);
+      }).catch(function() {});
+    }, 5000);
+  }
+
+  function stopPolling() {
+    if (pollInterval) { clearInterval(pollInterval); pollInterval = null; }
+  }
+
+  // \u2500\u2500 WebSocket \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function connectWS() {
+    const proto = location.protocol === 'https:' ? 'wss:' : 'ws:';
+    ws = new WebSocket(proto + '//' + location.host);
+
+    ws.onopen = function() {
+      reconnectDelay = 1000;
+      $liveDot.classList.remove('disconnected');
+      $liveDot.title = 'WebSocket connected';
+      stopPolling();
+      // Request fresh health
+      ws.send(JSON.stringify({ type: 'health' }));
+    };
+
+    ws.onclose = function() {
+      $liveDot.classList.add('disconnected');
+      $liveDot.title = 'WebSocket disconnected \u2014 reconnecting...';
+      startPolling();
+      setTimeout(connectWS, reconnectDelay);
+      reconnectDelay = Math.min(reconnectDelay * 1.5, MAX_RECONNECT);
+    };
+
+    ws.onerror = function() { ws.close(); };
+
+    ws.onmessage = function(ev) {
+      var msg;
+      try { msg = JSON.parse(ev.data); } catch(e) { return; }
+
+      switch (msg.type) {
+        case 'tick_result':
+          updateKPIs({ health: msg.health, tick: msg.tick });
+          if (msg.alerts) renderAlerts(msg.alerts);
+          // Refresh charts
+          fetchJSON('/metrics').then(function(data) {
+            if (data.history) updateChartsFromHistory(data.history);
+            if (data.latest) renderPersonas(data.latest.personaDistribution);
+          }).catch(function() {});
+          break;
+
+        case 'health_result':
+          updateKPIs(msg);
+          break;
+
+        case 'advisor_action':
+          if (msg.action === 'approved' || msg.action === 'rejected') {
+            pendingDecisions = pendingDecisions.filter(function(d) {
+              return d.id !== msg.decisionId;
+            });
+            $pendingCount.textContent = pendingDecisions.length;
+          }
+          break;
+      }
+    };
+  }
+
+  // \u2500\u2500 Advisor actions \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  window._approve = function(id) {
+    postJSON('/approve', { decisionId: id }).then(function(data) {
+      if (data.ok) {
+        addTerminalLine('<span class="t-tick">[Advisor]</span> <span class="t-ok">\\u2705 Approved ' + id + '</span>');
+      }
+    }).catch(function() {});
+  };
+
+  window._reject = function(id) {
+    var reason = prompt('Rejection reason (optional):');
+    postJSON('/reject', { decisionId: id, reason: reason || undefined }).then(function(data) {
+      if (data.ok) {
+        addTerminalLine('<span class="t-tick">[Advisor]</span> <span class="t-fail">\\u274c Rejected ' + id + '</span>');
+      }
+    }).catch(function() {});
+  };
+
+  // \u2500\u2500 Init \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  initCharts();
+  loadInitialData();
+  connectWS();
+
+})();
+</script>
+</body>
+</html>`;
+}
+
+// src/routes.ts
+function setSecurityHeaders(res) {
+  res.setHeader("X-Content-Type-Options", "nosniff");
+  res.setHeader("X-Frame-Options", "DENY");
+  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+}
 function setCorsHeaders(res, origin) {
+  setSecurityHeaders(res);
   res.setHeader("Access-Control-Allow-Origin", origin);
   res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
   res.setHeader("Access-Control-Allow-Headers", "Content-Type");
@@ -86,21 +1030,19 @@ function createRouteHandler(server2) {
         const payload = parsed;
         const state = payload["state"] ?? parsed;
         const events = payload["events"];
-        if (server2.validateState) {
-          const validation = (0, import_core.validateEconomyState)(state);
-          if (!validation.valid) {
-            json(res, 400, {
-              error: "invalid_state",
-              validationErrors: validation.errors
-            }, cors);
-            return;
-          }
+        const validation = server2.validateState ? (0, import_core.validateEconomyState)(state) : null;
+        if (validation && !validation.valid) {
+          json(res, 400, {
+            error: "invalid_state",
+            validationErrors: validation.errors
+          }, cors);
+          return;
         }
         const result = await server2.processTick(
           state,
           Array.isArray(events) ? events : void 0
         );
-        const warnings = server2.validateState ? (0, import_core.validateEconomyState)(state).warnings : [];
+        const warnings = validation?.warnings ?? [];
         json(res, 200, {
           adjustments: result.adjustments,
           alerts: result.alerts.map((a) => ({
@@ -128,12 +1070,18 @@ function createRouteHandler(server2) {
         return;
       }
       if (path === "/decisions" && method === "GET") {
-        const limit = parseInt(url.searchParams.get("limit") ?? "100", 10);
-        const since = url.searchParams.get("since");
+        const rawLimit = parseInt(url.searchParams.get("limit") ?? "100", 10);
+        const limit = Math.min(Math.max(isNaN(rawLimit) ? 100 : rawLimit, 1), 1e3);
+        const sinceParam = url.searchParams.get("since");
         const agentE = server2.getAgentE();
         let decisions;
-        if (since) {
-          decisions = agentE.getDecisions({ since: parseInt(since, 10) });
+        if (sinceParam) {
+          const since = parseInt(sinceParam, 10);
+          if (isNaN(since)) {
+            json(res, 400, { error: 'Invalid "since" parameter \u2014 must be a number' }, cors);
+            return;
+          }
+          decisions = agentE.getDecisions({ since });
         } else {
           decisions = agentE.log.latest(limit);
         }
@@ -164,6 +1112,14 @@ function createRouteHandler(server2) {
           for (const c of config["constrain"]) {
             if (c && typeof c === "object" && typeof c["param"] === "string" && typeof c["min"] === "number" && typeof c["max"] === "number") {
               const constraint = c;
+              if (!isFinite(constraint.min) || !isFinite(constraint.max)) {
+                json(res, 400, { error: "Constraint bounds must be finite numbers" }, cors);
+                return;
+              }
+              if (constraint.min > constraint.max) {
+                json(res, 400, { error: "Constraint min cannot exceed max" }, cors);
+                return;
+              }
               server2.constrain(constraint.param, { min: constraint.min, max: constraint.max });
             }
           }
@@ -218,6 +1174,112 @@ function createRouteHandler(server2) {
         }, cors);
         return;
       }
+      if (path === "/" && method === "GET" && server2.serveDashboard) {
+        setCorsHeaders(res, cors);
+        res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self' ws: wss:; img-src 'self' data:");
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(getDashboardHtml());
+        return;
+      }
+      if (path === "/metrics" && method === "GET") {
+        const agentE = server2.getAgentE();
+        const latest = agentE.store.latest();
+        const history = agentE.store.recentHistory(100);
+        json(res, 200, { latest, history }, cors);
+        return;
+      }
+      if (path === "/metrics/personas" && method === "GET") {
+        const agentE = server2.getAgentE();
+        const latest = agentE.store.latest();
+        const dist = latest.personaDistribution || {};
+        const total = Object.values(dist).reduce((s, v) => s + v, 0);
+        json(res, 200, { distribution: dist, total }, cors);
+        return;
+      }
+      if (path === "/approve" && method === "POST") {
+        const body = await readBody(req);
+        let parsed;
+        try {
+          parsed = JSON.parse(body);
+        } catch {
+          json(res, 400, { error: "Invalid JSON" }, cors);
+          return;
+        }
+        const payload = parsed;
+        const decisionId = payload["decisionId"];
+        if (!decisionId) {
+          json(res, 400, { error: "missing_decision_id" }, cors);
+          return;
+        }
+        const agentE = server2.getAgentE();
+        if (agentE.getMode() !== "advisor") {
+          json(res, 400, { error: "not_in_advisor_mode" }, cors);
+          return;
+        }
+        const entry = agentE.log.getById(decisionId);
+        if (!entry) {
+          json(res, 404, { error: "decision_not_found" }, cors);
+          return;
+        }
+        if (entry.result !== "skipped_override") {
+          json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
+          return;
+        }
+        await agentE.apply(entry.plan);
+        agentE.log.updateResult(decisionId, "applied");
+        server2.broadcast({ type: "advisor_action", action: "approved", decisionId });
+        json(res, 200, {
+          ok: true,
+          parameter: entry.plan.parameter,
+          value: entry.plan.targetValue
+        }, cors);
+        return;
+      }
+      if (path === "/reject" && method === "POST") {
+        const body = await readBody(req);
+        let parsed;
+        try {
+          parsed = JSON.parse(body);
+        } catch {
+          json(res, 400, { error: "Invalid JSON" }, cors);
+          return;
+        }
+        const payload = parsed;
+        const decisionId = payload["decisionId"];
+        const reason = payload["reason"] || void 0;
+        if (!decisionId) {
+          json(res, 400, { error: "missing_decision_id" }, cors);
+          return;
+        }
+        const agentE = server2.getAgentE();
+        if (agentE.getMode() !== "advisor") {
+          json(res, 400, { error: "not_in_advisor_mode" }, cors);
+          return;
+        }
+        const entry = agentE.log.getById(decisionId);
+        if (!entry) {
+          json(res, 404, { error: "decision_not_found" }, cors);
+          return;
+        }
+        if (entry.result !== "skipped_override") {
+          json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
+          return;
+        }
+        agentE.log.updateResult(decisionId, "rejected", reason);
+        server2.broadcast({ type: "advisor_action", action: "rejected", decisionId, reason });
+        json(res, 200, { ok: true, decisionId }, cors);
+        return;
+      }
+      if (path === "/pending" && method === "GET") {
+        const agentE = server2.getAgentE();
+        const pending = agentE.log.query({ result: "skipped_override" });
+        json(res, 200, {
+          mode: agentE.getMode(),
+          pending,
+          count: pending.length
+        }, cors);
+        return;
+      }
       json(res, 404, { error: "Not found" }, cors);
     } catch (err) {
       console.error("[AgentE Server] Unhandled route error:", err);
@@ -234,8 +1296,10 @@ function send(ws, data) {
     ws.send(JSON.stringify(data));
   }
 }
+var MAX_WS_PAYLOAD = 1048576;
+var MAX_WS_CONNECTIONS = 100;
 function createWebSocketHandler(httpServer, server2) {
-  const wss = new import_ws.WebSocketServer({ server: httpServer });
+  const wss = new import_ws.WebSocketServer({ server: httpServer, maxPayload: MAX_WS_PAYLOAD });
   const aliveMap = /* @__PURE__ */ new WeakMap();
   const heartbeatInterval = setInterval(() => {
     for (const ws of wss.clients) {
@@ -250,6 +1314,10 @@ function createWebSocketHandler(httpServer, server2) {
     }
   }, 3e4);
   wss.on("connection", (ws) => {
+    if (wss.clients.size > MAX_WS_CONNECTIONS) {
+      ws.close(1013, "Server at capacity");
+      return;
+    }
     console.log("[AgentE Server] Client connected");
     aliveMap.set(ws, true);
     ws.on("pong", () => {
@@ -355,9 +1423,20 @@ function createWebSocketHandler(httpServer, server2) {
       }
     });
   });
-  return () => {
-    clearInterval(heartbeatInterval);
-    wss.close();
+  function broadcast(data) {
+    const payload = JSON.stringify(data);
+    for (const ws of wss.clients) {
+      if (ws.readyState === import_ws.WebSocket.OPEN) {
+        ws.send(payload);
+      }
+    }
+  }
+  return {
+    cleanup: () => {
+      clearInterval(heartbeatInterval);
+      wss.close();
+    },
+    broadcast
   };
 }
 
@@ -368,11 +1447,12 @@ var AgentEServer = class {
     this.adjustmentQueue = [];
     this.alerts = [];
     this.startedAt = Date.now();
-    this.cleanupWs = null;
+    this.wsHandle = null;
     this.port = config.port ?? 3100;
     this.host = config.host ?? "0.0.0.0";
     this.validateState = config.validateState ?? true;
-    this.corsOrigin = config.corsOrigin ?? "*";
+    this.corsOrigin = config.corsOrigin ?? "http://localhost:3100";
+    this.serveDashboard = config.serveDashboard ?? true;
     const adapter = {
       getState: () => {
         if (!this.lastState) {
@@ -421,7 +1501,7 @@ var AgentEServer = class {
     this.server = http.createServer(routeHandler);
   }
   async start() {
-    this.cleanupWs = createWebSocketHandler(this.server, this);
+    this.wsHandle = createWebSocketHandler(this.server, this);
     return new Promise((resolve) => {
       this.server.listen(this.port, this.host, () => {
         const addr = this.getAddress();
@@ -432,7 +1512,7 @@ var AgentEServer = class {
   }
   async stop() {
     this.agentE.stop();
-    if (this.cleanupWs) this.cleanupWs();
+    if (this.wsHandle) this.wsHandle.cleanup();
     return new Promise((resolve, reject) => {
       this.server.close((err) => {
         if (err) reject(err);
@@ -526,6 +1606,9 @@ var AgentEServer = class {
   constrain(param, bounds) {
     this.agentE.constrain(param, bounds);
   }
+  broadcast(data) {
+    if (this.wsHandle) this.wsHandle.broadcast(data);
+  }
 };
 
 // src/cli.ts