npm - @agent-e/server - Versions diffs - 1.5.13 → 1.6.2 - Mend

@agent-e/server 1.5.13 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/README.md +87 -0
package/dist/AgentEServer-DT6ETPR6.mjs +7 -0
package/dist/chunk-53EPMEWX.mjs +1598 -0
package/dist/chunk-53EPMEWX.mjs.map +1 -0
package/dist/cli.js +1105 -22
package/dist/cli.js.map +1 -1
package/dist/cli.mjs +1 -1
package/dist/index.d.mts +4 -1
package/dist/index.d.ts +4 -1
package/dist/index.js +1110 -23
package/dist/index.js.map +1 -1
package/dist/index.mjs +2 -2
package/package.json +2 -2
package/dist/AgentEServer-CBG5JMN4.mjs +0 -7
package/dist/chunk-OXHIY4RU.mjs +0 -515
package/dist/chunk-OXHIY4RU.mjs.map +0 -1
/package/dist/{AgentEServer-CBG5JMN4.mjs.map → AgentEServer-DT6ETPR6.mjs.map} +0 -0

package/dist/index.js CHANGED Viewed

@@ -30,8 +30,955 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/dashboard.ts
+function getDashboardHtml() {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>AgentE Dashboard</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500;600&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+<script src="https://cdn.jsdelivr.net/npm/chart.js@4.5.1/dist/chart.umd.min.js"></script>
+<style>
+  :root {
+    --bg-root: #09090b;
+    --bg-panel: #18181b;
+    --bg-panel-hover: #1f1f23;
+    --border: #27272a;
+    --border-light: #3f3f46;
+    --text-primary: #f4f4f5;
+    --text-secondary: #a1a1aa;
+    --text-muted: #71717a;
+    --text-dim: #52525b;
+    --accent: #22c55e;
+    --accent-dim: #166534;
+    --warning: #eab308;
+    --warning-dim: #854d0e;
+    --danger: #ef4444;
+    --danger-dim: #991b1b;
+    --blue: #3b82f6;
+    --font-sans: 'IBM Plex Sans', system-ui, sans-serif;
+    --font-mono: 'JetBrains Mono', monospace;
+  }
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+  body {
+    background: var(--bg-root);
+    color: var(--text-primary);
+    font-family: var(--font-sans);
+    font-size: 14px;
+    line-height: 1.5;
+    overflow-x: hidden;
+  }
+  /* \u2500\u2500 Header \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .header {
+    position: sticky;
+    top: 0;
+    z-index: 100;
+    background: var(--bg-root);
+    border-bottom: 1px solid var(--border);
+    padding: 12px 24px;
+    display: flex;
+    align-items: center;
+    gap: 24px;
+    backdrop-filter: blur(8px);
+  }
+  .header-brand {
+    font-weight: 600;
+    font-size: 16px;
+    color: var(--text-primary);
+    white-space: nowrap;
+  }
+  .header-brand span { color: var(--accent); }
+  .kpi-row {
+    display: flex;
+    gap: 20px;
+    flex-wrap: wrap;
+    align-items: center;
+    margin-left: auto;
+  }
+  .kpi {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 13px;
+    color: var(--text-secondary);
+  }
+  .kpi-value {
+    font-family: var(--font-mono);
+    font-weight: 500;
+    color: var(--text-primary);
+    font-size: 13px;
+  }
+  .kpi-value.health-good { color: var(--accent); }
+  .kpi-value.health-warn { color: var(--warning); }
+  .kpi-value.health-bad { color: var(--danger); }
+  .live-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    background: var(--accent);
+    animation: pulse 2s ease-in-out infinite;
+  }
+  .live-dot.disconnected {
+    background: var(--danger);
+    animation: none;
+  }
+  @keyframes pulse {
+    0%, 100% { opacity: 1; }
+    50% { opacity: 0.4; }
+  }
+  /* \u2500\u2500 Layout \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .container {
+    max-width: 1440px;
+    margin: 0 auto;
+    padding: 20px 24px;
+    display: flex;
+    flex-direction: column;
+    gap: 16px;
+  }
+  .panel {
+    background: var(--bg-panel);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    padding: 16px;
+  }
+  .panel-title {
+    font-size: 13px;
+    font-weight: 600;
+    color: var(--text-secondary);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    margin-bottom: 12px;
+  }
+  /* \u2500\u2500 Charts grid \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .charts-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 16px;
+  }
+  .chart-box {
+    background: var(--bg-panel);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    padding: 16px;
+  }
+  .chart-box canvas { width: 100% !important; height: 160px !important; }
+  .chart-label {
+    font-size: 12px;
+    color: var(--text-muted);
+    font-weight: 500;
+    margin-bottom: 8px;
+  }
+  .chart-value {
+    font-family: var(--font-mono);
+    font-size: 22px;
+    font-weight: 500;
+    color: var(--text-primary);
+    margin-bottom: 8px;
+  }
+  /* \u2500\u2500 Terminal (Decision Feed) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .terminal {
+    background: var(--bg-root);
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    height: 380px;
+    overflow-y: auto;
+    font-family: var(--font-mono);
+    font-size: 12px;
+    line-height: 1.7;
+    padding: 12px 16px;
+  }
+  .terminal::-webkit-scrollbar { width: 6px; }
+  .terminal::-webkit-scrollbar-track { background: transparent; }
+  .terminal::-webkit-scrollbar-thumb { background: var(--border-light); border-radius: 3px; }
+  .term-line {
+    white-space: nowrap;
+    opacity: 0;
+    transform: translateY(4px);
+    animation: termIn 0.3s ease-out forwards;
+  }
+  @keyframes termIn {
+    to { opacity: 1; transform: translateY(0); }
+  }
+  .t-tick { color: var(--text-dim); }
+  .t-ok { color: var(--accent); }
+  .t-skip { color: var(--warning); }
+  .t-fail { color: var(--danger); }
+  .t-principle { color: var(--text-primary); font-weight: 500; }
+  .t-param { color: var(--text-secondary); }
+  .t-old { color: #d4d4d8; font-variant-numeric: tabular-nums; }
+  .t-arrow { color: var(--text-dim); }
+  .t-new { color: var(--accent); font-variant-numeric: tabular-nums; }
+  .t-meta { color: var(--text-dim); }
+  /* \u2500\u2500 Alerts \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .alerts-container {
+    display: flex;
+    flex-direction: column;
+    gap: 8px;
+    max-height: 320px;
+    overflow-y: auto;
+  }
+  .alert-card {
+    display: flex;
+    align-items: flex-start;
+    gap: 12px;
+    padding: 12px;
+    border-radius: 6px;
+    border: 1px solid var(--border);
+    background: var(--bg-panel);
+    transition: opacity 0.3s, transform 0.3s;
+  }
+  .alert-card.fade-out {
+    opacity: 0;
+    transform: translateX(20px);
+  }
+  .alert-severity {
+    font-family: var(--font-mono);
+    font-weight: 600;
+    font-size: 13px;
+    padding: 2px 8px;
+    border-radius: 4px;
+    white-space: nowrap;
+  }
+  .sev-high { background: var(--danger-dim); color: var(--danger); }
+  .sev-med { background: var(--warning-dim); color: var(--warning); }
+  .sev-low { background: var(--accent-dim); color: var(--accent); }
+  .alert-body { flex: 1; }
+  .alert-principle { font-weight: 500; font-size: 13px; }
+  .alert-reason { color: var(--text-secondary); font-size: 12px; margin-top: 2px; }
+  /* \u2500\u2500 Violations table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .violations-table {
+    width: 100%;
+    border-collapse: collapse;
+    font-size: 12px;
+  }
+  .violations-table th {
+    text-align: left;
+    color: var(--text-muted);
+    font-weight: 500;
+    padding: 6px 10px;
+    border-bottom: 1px solid var(--border);
+    cursor: pointer;
+    user-select: none;
+  }
+  .violations-table th:hover { color: var(--text-secondary); }
+  .violations-table td {
+    padding: 6px 10px;
+    border-bottom: 1px solid var(--border);
+    color: var(--text-secondary);
+    font-family: var(--font-mono);
+    font-size: 11px;
+  }
+  .violations-table tr:hover td { background: var(--bg-panel-hover); }
+  /* \u2500\u2500 Split row \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .split-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 16px;
+  }
+  @media (max-width: 800px) {
+    .split-row { grid-template-columns: 1fr; }
+  }
+  /* \u2500\u2500 Persona bar chart \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .persona-bars { display: flex; flex-direction: column; gap: 6px; }
+  .persona-row {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    font-size: 12px;
+  }
+  .persona-label {
+    width: 100px;
+    text-align: right;
+    color: var(--text-secondary);
+    font-size: 11px;
+    flex-shrink: 0;
+  }
+  .persona-bar-track {
+    flex: 1;
+    height: 16px;
+    background: var(--bg-root);
+    border-radius: 3px;
+    overflow: hidden;
+  }
+  .persona-bar-fill {
+    height: 100%;
+    background: var(--accent);
+    border-radius: 3px;
+    transition: width 0.5s ease;
+  }
+  .persona-pct {
+    width: 40px;
+    font-family: var(--font-mono);
+    font-size: 11px;
+    color: var(--text-muted);
+  }
+  /* \u2500\u2500 Registry list \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .registry-list { display: flex; flex-direction: column; gap: 4px; }
+  .registry-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 6px 10px;
+    border-radius: 4px;
+    font-size: 12px;
+  }
+  .registry-item:nth-child(odd) { background: rgba(255,255,255,0.02); }
+  .registry-key { color: var(--text-secondary); font-family: var(--font-mono); }
+  .registry-val { color: var(--accent); font-family: var(--font-mono); font-weight: 500; }
+  /* \u2500\u2500 Advisor mode \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .advisor-banner {
+    display: none;
+    background: var(--warning-dim);
+    border: 1px solid var(--warning);
+    color: var(--warning);
+    padding: 8px 16px;
+    border-radius: 6px;
+    font-size: 13px;
+    font-weight: 500;
+    align-items: center;
+    gap: 8px;
+  }
+  .advisor-mode .advisor-banner { display: flex; }
+  .pending-pill {
+    background: var(--warning);
+    color: var(--bg-root);
+    font-size: 11px;
+    font-weight: 600;
+    padding: 1px 8px;
+    border-radius: 10px;
+    font-family: var(--font-mono);
+  }
+  .advisor-btn {
+    font-family: var(--font-mono);
+    font-size: 11px;
+    padding: 2px 10px;
+    border-radius: 4px;
+    border: none;
+    cursor: pointer;
+    font-weight: 500;
+    transition: opacity 0.15s;
+  }
+  .advisor-btn:hover { opacity: 0.85; }
+  .advisor-btn.approve { background: var(--accent); color: var(--bg-root); }
+  .advisor-btn.reject { background: var(--danger); color: #fff; }
+  .advisor-actions { display: none; gap: 6px; margin-left: 8px; }
+  .advisor-mode .advisor-actions { display: inline-flex; }
+  /* \u2500\u2500 Empty state \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  .empty-state {
+    color: var(--text-dim);
+    font-size: 13px;
+    text-align: center;
+    padding: 40px 20px;
+  }
+  /* \u2500\u2500 Reduced motion \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 */
+  @media (prefers-reduced-motion: reduce) {
+    .term-line { animation: none; opacity: 1; transform: none; }
+    .live-dot { animation: none; }
+    .persona-bar-fill { transition: none; }
+  }
+</style>
+</head>
+<body>
+<!-- Header -->
+<div class="header" id="header">
+  <div class="header-brand">Agent<span>E</span> v1.6</div>
+  <div class="kpi-row">
+    <div class="kpi">Health <span class="kpi-value health-good" id="kpi-health">--</span></div>
+    <div class="kpi">Mode <span class="kpi-value" id="kpi-mode">--</span></div>
+    <div class="kpi">Tick <span class="kpi-value" id="kpi-tick">0</span></div>
+    <div class="kpi">Uptime <span class="kpi-value" id="kpi-uptime">0s</span></div>
+    <div class="kpi">Plans <span class="kpi-value" id="kpi-plans">0</span></div>
+    <div class="live-dot" id="live-dot" title="WebSocket connected"></div>
+  </div>
+</div>
+<div class="container" id="app">
+  <!-- Advisor banner -->
+  <div class="advisor-banner" id="advisor-banner">
+    ADVISOR MODE \u2014 Recommendations require manual approval
+    <span class="pending-pill" id="pending-count">0</span> pending
+  </div>
+  <!-- Charts -->
+  <div class="charts-grid">
+    <div class="chart-box">
+      <div class="chart-label">Economy Health</div>
+      <div class="chart-value" id="cv-health">--</div>
+      <canvas id="chart-health"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Gini Coefficient</div>
+      <div class="chart-value" id="cv-gini">--</div>
+      <canvas id="chart-gini"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Net Flow</div>
+      <div class="chart-value" id="cv-netflow">--</div>
+      <canvas id="chart-netflow"></canvas>
+    </div>
+    <div class="chart-box">
+      <div class="chart-label">Avg Satisfaction</div>
+      <div class="chart-value" id="cv-satisfaction">--</div>
+      <canvas id="chart-satisfaction"></canvas>
+    </div>
+  </div>
+  <!-- Decision Feed -->
+  <div class="panel">
+    <div class="panel-title">Decision Feed</div>
+    <div class="terminal" id="terminal"></div>
+  </div>
+  <!-- Active Alerts -->
+  <div class="panel">
+    <div class="panel-title">Active Alerts</div>
+    <div class="alerts-container" id="alerts-container">
+      <div class="empty-state" id="alerts-empty">No active violations</div>
+    </div>
+  </div>
+  <!-- Violation History -->
+  <div class="panel">
+    <div class="panel-title">Violation History</div>
+    <div style="max-height:320px;overflow-y:auto">
+      <table class="violations-table" id="violations-table">
+        <thead>
+          <tr>
+            <th data-sort="tick">Tick</th>
+            <th data-sort="principle">Principle</th>
+            <th data-sort="severity">Severity</th>
+            <th data-sort="parameter">Parameter</th>
+            <th data-sort="result">Result</th>
+          </tr>
+        </thead>
+        <tbody id="violations-body"></tbody>
+      </table>
+    </div>
+  </div>
+  <!-- Split: Personas + Registry -->
+  <div class="split-row">
+    <div class="panel">
+      <div class="panel-title">Persona Distribution</div>
+      <div class="persona-bars" id="persona-bars">
+        <div class="empty-state">No persona data yet</div>
+      </div>
+    </div>
+    <div class="panel">
+      <div class="panel-title">Parameter Registry</div>
+      <div class="registry-list" id="registry-list">
+        <div class="empty-state">No parameters registered</div>
+      </div>
+    </div>
+  </div>
+</div>
+<script>
+(function() {
+  'use strict';
+  // \u2500\u2500 State \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  let ws = null;
+  let reconnectDelay = 1000;
+  const MAX_RECONNECT = 30000;
+  let isAdvisor = false;
+  let pendingDecisions = [];
+  const MAX_TERMINAL_LINES = 80;
+  const MAX_VIOLATIONS = 100;
+  let violationSortKey = 'tick';
+  let violationSortAsc = false;
+  let violations = [];
+  // Chart instances
+  let chartHealth, chartGini, chartNetflow, chartSatisfaction;
+  // \u2500\u2500 DOM refs \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  const $kpiHealth = document.getElementById('kpi-health');
+  const $kpiMode = document.getElementById('kpi-mode');
+  const $kpiTick = document.getElementById('kpi-tick');
+  const $kpiUptime = document.getElementById('kpi-uptime');
+  const $kpiPlans = document.getElementById('kpi-plans');
+  const $liveDot = document.getElementById('live-dot');
+  const $terminal = document.getElementById('terminal');
+  const $alertsContainer = document.getElementById('alerts-container');
+  const $alertsEmpty = document.getElementById('alerts-empty');
+  const $violationsBody = document.getElementById('violations-body');
+  const $personaBars = document.getElementById('persona-bars');
+  const $registryList = document.getElementById('registry-list');
+  const $pendingCount = document.getElementById('pending-count');
+  const $app = document.getElementById('app');
+  // \u2500\u2500 Helpers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function esc(s) { return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;').replace(/'/g,'&#39;'); }
+  function pad(n, w) { return String(n).padStart(w || 4, ' '); }
+  function fmt(n) { return typeof n === 'number' ? n.toFixed(3) : '\u2014'; }
+  function pct(n) { return typeof n === 'number' ? (n * 100).toFixed(0) + '%' : '\u2014'; }
+  function formatUptime(ms) {
+    const s = Math.floor(ms / 1000);
+    if (s < 60) return s + 's';
+    if (s < 3600) return Math.floor(s / 60) + 'm ' + (s % 60) + 's';
+    const h = Math.floor(s / 3600);
+    return h + 'h ' + Math.floor((s % 3600) / 60) + 'm';
+  }
+  function healthClass(h) {
+    if (h >= 70) return 'health-good';
+    if (h >= 40) return 'health-warn';
+    return 'health-bad';
+  }
+  function sevClass(s) {
+    if (s >= 7) return 'sev-high';
+    if (s >= 4) return 'sev-med';
+    return 'sev-low';
+  }
+  // \u2500\u2500 Chart setup \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  const chartOpts = {
+    responsive: true,
+    maintainAspectRatio: false,
+    animation: { duration: 300 },
+    plugins: { legend: { display: false } },
+    scales: {
+      x: { display: false },
+      y: {
+        ticks: { color: '#71717a', font: { family: "'JetBrains Mono'", size: 10 } },
+        grid: { color: 'rgba(63,63,70,0.3)' },
+        border: { display: false },
+      }
+    },
+    elements: {
+      point: { radius: 0 },
+      line: { borderWidth: 1.5, tension: 0.3 },
+    }
+  };
+  function makeChart(id, color, minY, maxY) {
+    const ctx = document.getElementById(id).getContext('2d');
+    const opts = JSON.parse(JSON.stringify(chartOpts));
+    if (minY !== undefined) opts.scales.y.min = minY;
+    if (maxY !== undefined) opts.scales.y.max = maxY;
+    return new Chart(ctx, {
+      type: 'line',
+      data: {
+        labels: [],
+        datasets: [{
+          data: [],
+          borderColor: color,
+          backgroundColor: color + '18',
+          fill: true,
+        }]
+      },
+      options: opts,
+    });
+  }
+  function initCharts() {
+    chartHealth = makeChart('chart-health', '#22c55e', 0, 100);
+    chartGini = makeChart('chart-gini', '#eab308', 0, 1);
+    chartNetflow = makeChart('chart-netflow', '#3b82f6');
+    chartSatisfaction = makeChart('chart-satisfaction', '#22c55e', 0, 100);
+  }
+  function updateChart(chart, labels, data) {
+    chart.data.labels = labels;
+    chart.data.datasets[0].data = data;
+    chart.update('none');
+  }
+  // \u2500\u2500 Terminal \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function addTerminalLine(html) {
+    const el = document.createElement('div');
+    el.className = 'term-line';
+    el.innerHTML = html;
+    $terminal.appendChild(el);
+    while ($terminal.children.length > MAX_TERMINAL_LINES) {
+      $terminal.removeChild($terminal.firstChild);
+    }
+    $terminal.scrollTop = $terminal.scrollHeight;
+  }
+  function decisionToTerminal(d) {
+    const resultIcon = d.result === 'applied'
+      ? '<span class="t-ok">\\u2705 </span>'
+      : d.result === 'rejected'
+        ? '<span class="t-fail">\\u274c </span>'
+        : '<span class="t-skip">\\u23f8 </span>';
+    const principle = d.diagnosis?.principle || {};
+    const plan = d.plan || {};
+    const severity = d.diagnosis?.violation?.severity ?? '?';
+    const confidence = d.diagnosis?.violation?.confidence;
+    const confStr = confidence != null ? (confidence * 100).toFixed(0) + '%' : '?';
+    let advisorBtns = '';
+    if (isAdvisor && d.result === 'skipped_override') {
+      advisorBtns = '<span class="advisor-actions">'
+        + '<button class="advisor-btn approve" onclick="window._approve(\\'' + esc(d.id) + '\\')">[Approve]</button>'
+        + '<button class="advisor-btn reject" onclick="window._reject(\\'' + esc(d.id) + '\\')">[Reject]</button>'
+        + '</span>';
+    }
+    return '<span class="t-tick">[Tick ' + pad(d.tick) + ']</span> '
+      + resultIcon
+      + '<span class="t-principle">[' + esc(principle.id || '?') + '] ' + esc(principle.name || '') + ':</span> '
+      + '<span class="t-param">' + esc(plan.parameter || '\u2014') + ' </span>'
+      + '<span class="t-old">' + fmt(plan.currentValue) + '</span>'
+      + '<span class="t-arrow"> \\u2192 </span>'
+      + '<span class="t-new">' + fmt(plan.targetValue) + '</span>'
+      + '<span class="t-meta">  severity ' + severity + '/10, confidence ' + confStr + '</span>'
+      + advisorBtns;
+  }
+  // \u2500\u2500 Alerts \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderAlerts(alerts) {
+    if (!alerts || alerts.length === 0) {
+      $alertsContainer.innerHTML = '<div class="empty-state">No active violations</div>';
+      return;
+    }
+    const sorted = [...alerts].sort((a, b) => (b.severity || 0) - (a.severity || 0));
+    $alertsContainer.innerHTML = sorted.map(function(a) {
+      const sev = a.severity || a.violation?.severity || 0;
+      const sc = sevClass(sev);
+      const name = a.principleName || a.principle?.name || '?';
+      const pid = a.principleId || a.principle?.id || '?';
+      const reason = a.reasoning || a.violation?.suggestedAction?.reasoning || '';
+      return '<div class="alert-card">'
+        + '<span class="alert-severity ' + sc + '">' + sev + '/10</span>'
+        + '<div class="alert-body">'
+        + '<div class="alert-principle">[' + esc(pid) + '] ' + esc(name) + '</div>'
+        + '<div class="alert-reason">' + esc(reason) + '</div>'
+        + '</div></div>';
+    }).join('');
+  }
+  // \u2500\u2500 Violations table \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function addViolation(d) {
+    violations.push({
+      tick: d.tick,
+      principle: (d.diagnosis?.principle?.id || '?') + ' ' + (d.diagnosis?.principle?.name || ''),
+      severity: d.diagnosis?.violation?.severity || 0,
+      parameter: d.plan?.parameter || '\u2014',
+      result: d.result,
+    });
+    if (violations.length > MAX_VIOLATIONS) violations.shift();
+    renderViolations();
+  }
+  function renderViolations() {
+    const sorted = [...violations].sort(function(a, b) {
+      const va = a[violationSortKey], vb = b[violationSortKey];
+      if (va < vb) return violationSortAsc ? -1 : 1;
+      if (va > vb) return violationSortAsc ? 1 : -1;
+      return 0;
+    });
+    $violationsBody.innerHTML = sorted.map(function(v) {
+      return '<tr>'
+        + '<td>' + v.tick + '</td>'
+        + '<td style="color:var(--text-primary);font-family:var(--font-sans)">' + esc(v.principle) + '</td>'
+        + '<td><span class="alert-severity ' + sevClass(v.severity) + '">' + v.severity + '</span></td>'
+        + '<td>' + esc(v.parameter) + '</td>'
+        + '<td>' + esc(v.result) + '</td>'
+        + '</tr>';
+    }).join('');
+  }
+  // Table sorting
+  document.querySelectorAll('.violations-table th').forEach(function(th) {
+    th.addEventListener('click', function() {
+      const key = th.dataset.sort;
+      if (violationSortKey === key) violationSortAsc = !violationSortAsc;
+      else { violationSortKey = key; violationSortAsc = true; }
+      renderViolations();
+    });
+  });
+  // \u2500\u2500 Personas \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderPersonas(dist) {
+    if (!dist || Object.keys(dist).length === 0) {
+      $personaBars.innerHTML = '<div class="empty-state">No persona data yet</div>';
+      return;
+    }
+    const total = Object.values(dist).reduce(function(s, v) { return s + v; }, 0);
+    const entries = Object.entries(dist).sort(function(a, b) { return b[1] - a[1]; });
+    $personaBars.innerHTML = entries.map(function(e) {
+      const pctVal = total > 0 ? (e[1] / total * 100) : 0;
+      return '<div class="persona-row">'
+        + '<div class="persona-label">' + esc(e[0]) + '</div>'
+        + '<div class="persona-bar-track"><div class="persona-bar-fill" style="width:' + pctVal + '%"></div></div>'
+        + '<div class="persona-pct">' + pctVal.toFixed(0) + '%</div>'
+        + '</div>';
+    }).join('');
+  }
+  // \u2500\u2500 Registry \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function renderRegistry(principles) {
+    if (!principles || principles.length === 0) {
+      $registryList.innerHTML = '<div class="empty-state">No parameters registered</div>';
+      return;
+    }
+    $registryList.innerHTML = principles.slice(0, 30).map(function(p) {
+      return '<div class="registry-item">'
+        + '<span class="registry-key">[' + esc(p.id) + ']</span>'
+        + '<span class="registry-val">' + esc(p.name) + '</span>'
+        + '</div>';
+    }).join('');
+  }
+  // \u2500\u2500 KPI update \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function updateKPIs(data) {
+    if (data.health != null) {
+      $kpiHealth.textContent = data.health + '/100';
+      $kpiHealth.className = 'kpi-value ' + healthClass(data.health);
+      document.getElementById('cv-health').textContent = data.health + '/100';
+    }
+    if (data.mode != null) {
+      $kpiMode.textContent = data.mode;
+      isAdvisor = data.mode === 'advisor';
+      $app.classList.toggle('advisor-mode', isAdvisor);
+    }
+    if (data.tick != null) $kpiTick.textContent = data.tick;
+    if (data.uptime != null) $kpiUptime.textContent = formatUptime(data.uptime);
+    if (data.activePlans != null) $kpiPlans.textContent = data.activePlans;
+  }
+  // \u2500\u2500 Metrics history \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function updateChartsFromHistory(history) {
+    if (!history || history.length === 0) return;
+    const ticks = history.map(function(h) { return h.tick; });
+    updateChart(chartHealth, ticks, history.map(function(h) { return h.health; }));
+    updateChart(chartGini, ticks, history.map(function(h) { return h.giniCoefficient; }));
+    updateChart(chartNetflow, ticks, history.map(function(h) { return h.netFlow; }));
+    updateChart(chartSatisfaction, ticks, history.map(function(h) { return h.avgSatisfaction; }));
+    const last = history[history.length - 1];
+    document.getElementById('cv-gini').textContent = last.giniCoefficient.toFixed(3);
+    document.getElementById('cv-netflow').textContent = last.netFlow.toFixed(1);
+    document.getElementById('cv-satisfaction').textContent = last.avgSatisfaction.toFixed(0) + '/100';
+  }
+  // \u2500\u2500 API calls \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function fetchJSON(path) {
+    return fetch(path).then(function(r) { return r.json(); });
+  }
+  function postJSON(path, body) {
+    return fetch(path, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }).then(function(r) { return r.json(); });
+  }
+  function loadInitialData() {
+    fetchJSON('/health').then(function(data) {
+      updateKPIs(data);
+    }).catch(function() {});
+    fetchJSON('/decisions?limit=50').then(function(data) {
+      if (data.decisions) {
+        data.decisions.reverse().forEach(function(d) {
+          addTerminalLine(decisionToTerminal(d));
+          addViolation(d);
+        });
+      }
+    }).catch(function() {});
+    fetchJSON('/metrics').then(function(data) {
+      if (data.history) updateChartsFromHistory(data.history);
+      if (data.latest) {
+        renderPersonas(data.latest.personaDistribution);
+      }
+    }).catch(function() {});
+    fetchJSON('/principles').then(function(data) {
+      if (data.principles) renderRegistry(data.principles);
+    }).catch(function() {});
+    fetchJSON('/pending').then(function(data) {
+      if (data.pending) {
+        pendingDecisions = data.pending;
+        $pendingCount.textContent = data.count || 0;
+      }
+    }).catch(function() {});
+  }
+  // \u2500\u2500 Polling fallback \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  let pollInterval = null;
+  function startPolling() {
+    if (pollInterval) return;
+    pollInterval = setInterval(function() {
+      fetchJSON('/health').then(updateKPIs).catch(function() {});
+      fetchJSON('/metrics').then(function(data) {
+        if (data.history) updateChartsFromHistory(data.history);
+        if (data.latest) renderPersonas(data.latest.personaDistribution);
+      }).catch(function() {});
+    }, 5000);
+  }
+  function stopPolling() {
+    if (pollInterval) { clearInterval(pollInterval); pollInterval = null; }
+  }
+  // \u2500\u2500 WebSocket \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  function connectWS() {
+    const proto = location.protocol === 'https:' ? 'wss:' : 'ws:';
+    ws = new WebSocket(proto + '//' + location.host);
+    ws.onopen = function() {
+      reconnectDelay = 1000;
+      $liveDot.classList.remove('disconnected');
+      $liveDot.title = 'WebSocket connected';
+      stopPolling();
+      // Request fresh health
+      ws.send(JSON.stringify({ type: 'health' }));
+    };
+    ws.onclose = function() {
+      $liveDot.classList.add('disconnected');
+      $liveDot.title = 'WebSocket disconnected \u2014 reconnecting...';
+      startPolling();
+      setTimeout(connectWS, reconnectDelay);
+      reconnectDelay = Math.min(reconnectDelay * 1.5, MAX_RECONNECT);
+    };
+    ws.onerror = function() { ws.close(); };
+    ws.onmessage = function(ev) {
+      var msg;
+      try { msg = JSON.parse(ev.data); } catch(e) { return; }
+      switch (msg.type) {
+        case 'tick_result':
+          updateKPIs({ health: msg.health, tick: msg.tick });
+          if (msg.alerts) renderAlerts(msg.alerts);
+          // Refresh charts
+          fetchJSON('/metrics').then(function(data) {
+            if (data.history) updateChartsFromHistory(data.history);
+            if (data.latest) renderPersonas(data.latest.personaDistribution);
+          }).catch(function() {});
+          break;
+        case 'health_result':
+          updateKPIs(msg);
+          break;
+        case 'advisor_action':
+          if (msg.action === 'approved' || msg.action === 'rejected') {
+            pendingDecisions = pendingDecisions.filter(function(d) {
+              return d.id !== msg.decisionId;
+            });
+            $pendingCount.textContent = pendingDecisions.length;
+          }
+          break;
+      }
+    };
+  }
+  // \u2500\u2500 Advisor actions \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  window._approve = function(id) {
+    postJSON('/approve', { decisionId: id }).then(function(data) {
+      if (data.ok) {
+        addTerminalLine('<span class="t-tick">[Advisor]</span> <span class="t-ok">\\u2705 Approved ' + id + '</span>');
+      }
+    }).catch(function() {});
+  };
+  window._reject = function(id) {
+    var reason = prompt('Rejection reason (optional):');
+    postJSON('/reject', { decisionId: id, reason: reason || undefined }).then(function(data) {
+      if (data.ok) {
+        addTerminalLine('<span class="t-tick">[Advisor]</span> <span class="t-fail">\\u274c Rejected ' + id + '</span>');
+      }
+    }).catch(function() {});
+  };
+  // \u2500\u2500 Init \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  initCharts();
+  loadInitialData();
+  connectWS();
+})();
+</script>
+</body>
+</html>`;
+}
+var init_dashboard = __esm({
+  "src/dashboard.ts"() {
+    "use strict";
+  }
+});
 // src/routes.ts
+function setSecurityHeaders(res) {
+  res.setHeader("X-Content-Type-Options", "nosniff");
+  res.setHeader("X-Frame-Options", "DENY");
+  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
+}
 function setCorsHeaders(res, origin) {
+  setSecurityHeaders(res);
   res.setHeader("Access-Control-Allow-Origin", origin);
   res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
   res.setHeader("Access-Control-Allow-Headers", "Content-Type");
@@ -87,21 +1034,19 @@ function createRouteHandler(server) {
         const payload = parsed;
         const state = payload["state"] ?? parsed;
         const events = payload["events"];
-        if (server.validateState) {
-          const validation = (0, import_core.validateEconomyState)(state);
-          if (!validation.valid) {
-            json(res, 400, {
-              error: "invalid_state",
-              validationErrors: validation.errors
-            }, cors);
-            return;
-          }
+        const validation = server.validateState ? (0, import_core.validateEconomyState)(state) : null;
+        if (validation && !validation.valid) {
+          json(res, 400, {
+            error: "invalid_state",
+            validationErrors: validation.errors
+          }, cors);
+          return;
         }
         const result = await server.processTick(
           state,
           Array.isArray(events) ? events : void 0
         );
-        const warnings = server.validateState ? (0, import_core.validateEconomyState)(state).warnings : [];
+        const warnings = validation?.warnings ?? [];
         json(res, 200, {
           adjustments: result.adjustments,
           alerts: result.alerts.map((a) => ({
@@ -129,12 +1074,18 @@ function createRouteHandler(server) {
         return;
       }
       if (path === "/decisions" && method === "GET") {
-        const limit = parseInt(url.searchParams.get("limit") ?? "100", 10);
-        const since = url.searchParams.get("since");
+        const rawLimit = parseInt(url.searchParams.get("limit") ?? "100", 10);
+        const limit = Math.min(Math.max(isNaN(rawLimit) ? 100 : rawLimit, 1), 1e3);
+        const sinceParam = url.searchParams.get("since");
         const agentE = server.getAgentE();
         let decisions;
-        if (since) {
-          decisions = agentE.getDecisions({ since: parseInt(since, 10) });
+        if (sinceParam) {
+          const since = parseInt(sinceParam, 10);
+          if (isNaN(since)) {
+            json(res, 400, { error: 'Invalid "since" parameter \u2014 must be a number' }, cors);
+            return;
+          }
+          decisions = agentE.getDecisions({ since });
         } else {
           decisions = agentE.log.latest(limit);
         }
@@ -165,6 +1116,14 @@ function createRouteHandler(server) {
           for (const c of config["constrain"]) {
             if (c && typeof c === "object" && typeof c["param"] === "string" && typeof c["min"] === "number" && typeof c["max"] === "number") {
               const constraint = c;
+              if (!isFinite(constraint.min) || !isFinite(constraint.max)) {
+                json(res, 400, { error: "Constraint bounds must be finite numbers" }, cors);
+                return;
+              }
+              if (constraint.min > constraint.max) {
+                json(res, 400, { error: "Constraint min cannot exceed max" }, cors);
+                return;
+              }
               server.constrain(constraint.param, { min: constraint.min, max: constraint.max });
             }
           }
@@ -219,6 +1178,112 @@ function createRouteHandler(server) {
         }, cors);
         return;
       }
+      if (path === "/" && method === "GET" && server.serveDashboard) {
+        setCorsHeaders(res, cors);
+        res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src 'self' ws: wss:; img-src 'self' data:");
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(getDashboardHtml());
+        return;
+      }
+      if (path === "/metrics" && method === "GET") {
+        const agentE = server.getAgentE();
+        const latest = agentE.store.latest();
+        const history = agentE.store.recentHistory(100);
+        json(res, 200, { latest, history }, cors);
+        return;
+      }
+      if (path === "/metrics/personas" && method === "GET") {
+        const agentE = server.getAgentE();
+        const latest = agentE.store.latest();
+        const dist = latest.personaDistribution || {};
+        const total = Object.values(dist).reduce((s, v) => s + v, 0);
+        json(res, 200, { distribution: dist, total }, cors);
+        return;
+      }
+      if (path === "/approve" && method === "POST") {
+        const body = await readBody(req);
+        let parsed;
+        try {
+          parsed = JSON.parse(body);
+        } catch {
+          json(res, 400, { error: "Invalid JSON" }, cors);
+          return;
+        }
+        const payload = parsed;
+        const decisionId = payload["decisionId"];
+        if (!decisionId) {
+          json(res, 400, { error: "missing_decision_id" }, cors);
+          return;
+        }
+        const agentE = server.getAgentE();
+        if (agentE.getMode() !== "advisor") {
+          json(res, 400, { error: "not_in_advisor_mode" }, cors);
+          return;
+        }
+        const entry = agentE.log.getById(decisionId);
+        if (!entry) {
+          json(res, 404, { error: "decision_not_found" }, cors);
+          return;
+        }
+        if (entry.result !== "skipped_override") {
+          json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
+          return;
+        }
+        await agentE.apply(entry.plan);
+        agentE.log.updateResult(decisionId, "applied");
+        server.broadcast({ type: "advisor_action", action: "approved", decisionId });
+        json(res, 200, {
+          ok: true,
+          parameter: entry.plan.parameter,
+          value: entry.plan.targetValue
+        }, cors);
+        return;
+      }
+      if (path === "/reject" && method === "POST") {
+        const body = await readBody(req);
+        let parsed;
+        try {
+          parsed = JSON.parse(body);
+        } catch {
+          json(res, 400, { error: "Invalid JSON" }, cors);
+          return;
+        }
+        const payload = parsed;
+        const decisionId = payload["decisionId"];
+        const reason = payload["reason"] || void 0;
+        if (!decisionId) {
+          json(res, 400, { error: "missing_decision_id" }, cors);
+          return;
+        }
+        const agentE = server.getAgentE();
+        if (agentE.getMode() !== "advisor") {
+          json(res, 400, { error: "not_in_advisor_mode" }, cors);
+          return;
+        }
+        const entry = agentE.log.getById(decisionId);
+        if (!entry) {
+          json(res, 404, { error: "decision_not_found" }, cors);
+          return;
+        }
+        if (entry.result !== "skipped_override") {
+          json(res, 409, { error: "decision_not_pending", currentResult: entry.result }, cors);
+          return;
+        }
+        agentE.log.updateResult(decisionId, "rejected", reason);
+        server.broadcast({ type: "advisor_action", action: "rejected", decisionId, reason });
+        json(res, 200, { ok: true, decisionId }, cors);
+        return;
+      }
+      if (path === "/pending" && method === "GET") {
+        const agentE = server.getAgentE();
+        const pending = agentE.log.query({ result: "skipped_override" });
+        json(res, 200, {
+          mode: agentE.getMode(),
+          pending,
+          count: pending.length
+        }, cors);
+        return;
+      }
       json(res, 404, { error: "Not found" }, cors);
     } catch (err) {
       console.error("[AgentE Server] Unhandled route error:", err);
@@ -231,6 +1296,7 @@ var init_routes = __esm({
   "src/routes.ts"() {
     "use strict";
     import_core = require("@agent-e/core");
+    init_dashboard();
     MAX_BODY_BYTES = 1048576;
   }
 });
@@ -242,7 +1308,7 @@ function send(ws, data) {
   }
 }
 function createWebSocketHandler(httpServer, server) {
-  const wss = new import_ws.WebSocketServer({ server: httpServer });
+  const wss = new import_ws.WebSocketServer({ server: httpServer, maxPayload: MAX_WS_PAYLOAD });
   const aliveMap = /* @__PURE__ */ new WeakMap();
   const heartbeatInterval = setInterval(() => {
     for (const ws of wss.clients) {
@@ -257,6 +1323,10 @@ function createWebSocketHandler(httpServer, server) {
     }
   }, 3e4);
   wss.on("connection", (ws) => {
+    if (wss.clients.size > MAX_WS_CONNECTIONS) {
+      ws.close(1013, "Server at capacity");
+      return;
+    }
     console.log("[AgentE Server] Client connected");
     aliveMap.set(ws, true);
     ws.on("pong", () => {
@@ -362,17 +1432,30 @@ function createWebSocketHandler(httpServer, server) {
       }
     });
   });
-  return () => {
-    clearInterval(heartbeatInterval);
-    wss.close();
+  function broadcast(data) {
+    const payload = JSON.stringify(data);
+    for (const ws of wss.clients) {
+      if (ws.readyState === import_ws.WebSocket.OPEN) {
+        ws.send(payload);
+      }
+    }
+  }
+  return {
+    cleanup: () => {
+      clearInterval(heartbeatInterval);
+      wss.close();
+    },
+    broadcast
   };
 }
-var import_ws, import_core2;
+var import_ws, import_core2, MAX_WS_PAYLOAD, MAX_WS_CONNECTIONS;
 var init_websocket = __esm({
   "src/websocket.ts"() {
     "use strict";
     import_ws = require("ws");
     import_core2 = require("@agent-e/core");
+    MAX_WS_PAYLOAD = 1048576;
+    MAX_WS_CONNECTIONS = 100;
   }
 });
@@ -395,11 +1478,12 @@ var init_AgentEServer = __esm({
         this.adjustmentQueue = [];
         this.alerts = [];
         this.startedAt = Date.now();
-        this.cleanupWs = null;
+        this.wsHandle = null;
         this.port = config.port ?? 3100;
         this.host = config.host ?? "0.0.0.0";
         this.validateState = config.validateState ?? true;
-        this.corsOrigin = config.corsOrigin ?? "*";
+        this.corsOrigin = config.corsOrigin ?? "http://localhost:3100";
+        this.serveDashboard = config.serveDashboard ?? true;
         const adapter = {
           getState: () => {
             if (!this.lastState) {
@@ -448,7 +1532,7 @@ var init_AgentEServer = __esm({
         this.server = http.createServer(routeHandler);
       }
       async start() {
-        this.cleanupWs = createWebSocketHandler(this.server, this);
+        this.wsHandle = createWebSocketHandler(this.server, this);
         return new Promise((resolve) => {
           this.server.listen(this.port, this.host, () => {
             const addr = this.getAddress();
@@ -459,7 +1543,7 @@ var init_AgentEServer = __esm({
       }
       async stop() {
         this.agentE.stop();
-        if (this.cleanupWs) this.cleanupWs();
+        if (this.wsHandle) this.wsHandle.cleanup();
         return new Promise((resolve, reject) => {
           this.server.close((err) => {
             if (err) reject(err);
@@ -553,6 +1637,9 @@ var init_AgentEServer = __esm({
       constrain(param, bounds) {
         this.agentE.constrain(param, bounds);
       }
+      broadcast(data) {
+        if (this.wsHandle) this.wsHandle.broadcast(data);
+      }
     };
   }
 });