@amodalai/runtime 0.1.26 → 0.2.1

package/dist/src/agent/local-server.js

@@ -1,17 +1,35 @@
 /**
  * @license
- * Copyright 2025 Amodal Labs, Inc.
+ * Copyright 2026 Amodal Labs, Inc.
  * SPDX-License-Identifier: MIT
  */
+/**
+ * Local server for repo-based agent mode.
+ *
+ * Loads the `.amodal/` config from `config.repoPath`, creates a
+ * StandaloneSessionManager, mounts all routes, and optionally watches
+ * for config changes (hot reload).
+ *
+ * Replaces the old initialization sequence that depended on gemini-cli-core's
+ * Config, GeminiClient, and upstream ToolRegistry.
+ */
 import express from 'express';
 import { existsSync } from 'node:fs';
 import path from 'node:path';
 import { loadRepo } from '@amodalai/core';
-import { SessionManager } from '../session/session-manager.js';
-import { LocalShellExecutor } from './shell-executor-local.js';
+import { StandaloneSessionManager } from '../session/manager.js';
+import { selectSessionStore } from '../session/session-store-selector.js';
+import { resolveEnvRef } from '../env-ref.js';
+import { buildSessionComponents } from '../session/session-builder.js';
+import { LocalToolExecutor } from './tool-executor-local.js';
+import { buildMcpConfigs } from './mcp-config.js';
 import { ConfigWatcher } from './config-watcher.js';
+import { RuntimeEventBus } from '../events/event-bus.js';
+import { createEventsRouter } from '../events/events-route.js';
+import { wrapStoreBackendWithEvents } from '../events/store-event-wrapper.js';
 import { ProactiveRunner } from './proactive/proactive-runner.js';
 import { createChatStreamRouter } from '../routes/chat-stream.js';
+import { createChatRouter } from '../routes/chat.js';
 import { createAdminChatRouter } from './routes/admin-chat.js';
 import { createTaskRouter } from './routes/task.js';
 import { createInspectRouter } from './routes/inspect.js';
@@ -23,20 +41,21 @@ import { createStoresRouter } from './routes/stores.js';
 import { createFilesRouter } from './routes/files.js';
 import { createEvalRouter } from './routes/evals.js';
 import { errorHandler } from '../middleware/error-handler.js';
+import { asyncHandler } from '../routes/route-helpers.js';
 import { createPGLiteStoreBackend } from '../stores/pglite-store-backend.js';
-import { SessionStore } from './session-store.js';
 import { EvalStore } from './eval-store.js';
 import { buildPages } from './page-builder.js';
 import { LOCAL_APP_ID } from '../constants.js';
-import { log } from '../logger.js';
+import { log, createLogger } from '../logger.js';
+// Each check must use an endpoint that returns 200 on a valid key and
+// a distinct auth-failure status (typically 401) on a bad key. Do NOT
+// use endpoints with method guards that might return 405 before the
+// auth check — `GET /v1/messages` on Anthropic does exactly that, and
+// makes every key (good or bad) look invalid because Anthropic returns
+// 405 for wrong-method regardless of whether the x-api-key is real.
 const PROVIDER_CHECKS = [
-    { provider: 'anthropic', envVar: 'ANTHROPIC_API_KEY', url: 'https://api.anthropic.com/v1/models', authHeader: (k) => ({ 'x-api-key': k, 'anthropic-version': '2023-06-01' }) },
-    { provider: 'openai', envVar: 'OPENAI_API_KEY', url: 'https://api.openai.com/v1/models?limit=1', authHeader: (k) => ({ Authorization: `Bearer ${k}` }) },
-    { provider: 'google', envVar: 'GOOGLE_API_KEY', url: 'https://generativelanguage.googleapis.com/v1beta/models?pageSize=1', authHeader: (k) => ({ 'x-goog-api-key': k }) },
-    { provider: 'deepseek', envVar: 'DEEPSEEK_API_KEY', url: 'https://api.deepseek.com/v1/models', authHeader: (k) => ({ Authorization: `Bearer ${k}` }) },
-    { provider: 'groq', envVar: 'GROQ_API_KEY', url: 'https://api.groq.com/openai/v1/models', authHeader: (k) => ({ Authorization: `Bearer ${k}` }) },
-    { provider: 'mistral', envVar: 'MISTRAL_API_KEY', url: 'https://api.mistral.ai/v1/models', authHeader: (k) => ({ Authorization: `Bearer ${k}` }) },
-    { provider: 'xai', envVar: 'XAI_API_KEY', url: 'https://api.x.ai/v1/models', authHeader: (k) => ({ Authorization: `Bearer ${k}` }) },
+    { provider: 'anthropic', envVar: 'ANTHROPIC_API_KEY', url: 'https://api.anthropic.com/v1/models', authHeader: (key) => ({ 'x-api-key': key, 'anthropic-version': '2023-06-01' }) },
+    { provider: 'openai', envVar: 'OPENAI_API_KEY', url: 'https://api.openai.com/v1/models', authHeader: (key) => ({ Authorization: `Bearer ${key}` }) },
 ];
 async function checkProviders() {
     const results = await Promise.allSettled(PROVIDER_CHECKS.map(async (check) => {
@@ -45,7 +64,6 @@ async function checkProviders() {
             return { provider: check.provider, envVar: check.envVar, keySet: false, verified: false };
         }
         try {
-            // globalThis.fetch is available in Node 18+
             const res = await globalThis.fetch(check.url, {
                 method: 'GET',
                 headers: check.authHeader(key),
@@ -62,46 +80,75 @@ async function checkProviders() {
     }));
     return results.map((r) => r.status === 'fulfilled' ? r.value : { provider: 'unknown', envVar: '', keySet: false, verified: false });
 }
+// ---------------------------------------------------------------------------
+// Local server
+// ---------------------------------------------------------------------------
 /**
  * Creates an Express server for repo-based agent mode.
  *
  * Loads the `.amodal/` config from `config.repoPath`, creates a
- * `SessionManager`, mounts chat/task/inspect/automation/webhook routes,
- * and optionally watches for config changes (hot reload).
+ * `StandaloneSessionManager`, mounts all routes, and optionally watches
+ * for config changes (hot reload).
  */
+/**
+ * Install a process-level unhandledRejection listener that logs instead
+ * of crashing. An escaped rejection is always a bug — we want loud logs,
+ * not silent outages. The previous behavior (default Node: print + crash)
+ * turned small bugs (one leaked promise) into whole-server downtime for
+ * every active session. Logging + continuing preserves service for all
+ * other sessions while still surfacing the issue to operators.
+ *
+ * Idempotent: only installs once per process (the local-server can be
+ * created and torn down repeatedly during tests).
+ */
+let unhandledRejectionListenerInstalled = false;
+function installUnhandledRejectionLogger() {
+    if (unhandledRejectionListenerInstalled)
+        return;
+    unhandledRejectionListenerInstalled = true;
+    process.on('unhandledRejection', (reason) => {
+        const err = reason instanceof Error ? reason : new Error(String(reason));
+        log.error('unhandled_rejection', {
+            name: err.name,
+            message: err.message,
+            stack: err.stack,
+        });
+    });
+}
 export async function createLocalServer(config) {
-    const repo = await loadRepo({ localPath: config.repoPath });
+    installUnhandledRejectionLogger();
+    let bundle = await loadRepo({ localPath: config.repoPath });
     // Check provider API keys in the background at startup
     let providerStatuses = PROVIDER_CHECKS.map((c) => ({
         provider: c.provider, envVar: c.envVar, keySet: !!process.env[c.envVar], verified: false,
     }));
-    checkProviders().then((results) => {
+    void checkProviders().then((results) => {
         providerStatuses = results;
         const verified = results.filter((r) => r.verified).map((r) => r.provider);
         if (verified.length > 0) {
-            process.stderr.write(`[dev] Provider keys verified: ${verified.join(', ')}\n`);
+            log.info('provider_keys_verified', { providers: verified });
         }
         const failed = results.filter((r) => r.keySet && !r.verified);
         for (const f of failed) {
-            process.stderr.write(`[dev] Provider key invalid: ${f.provider} (${f.error ?? 'unknown'})\n`);
+            log.warn('provider_key_invalid', { provider: f.provider, error: f.error });
         }
-    }).catch(() => { });
-    // Create shell executor if sandbox.shellExec is enabled
-    const shellExecutor = repo.config.sandbox?.shellExec
-        ? new LocalShellExecutor()
-        : undefined;
-    // Create shared store backend if stores are defined
+    }).catch((err) => {
+        log.error('provider_check_failed', { error: err instanceof Error ? err.message : String(err) });
+    });
+    // Create custom tool executor
+    const toolExecutor = bundle.tools.length > 0 ? new LocalToolExecutor() : undefined;
+    // -------------------------------------------------------------------------
+    // Store backend
+    // -------------------------------------------------------------------------
     let storeBackend;
     let storeBackendType = 'none';
-    if (repo.stores.length > 0) {
-        const storeConfig = repo.config.stores;
+    if (bundle.stores.length > 0) {
+        const storeConfig = bundle.config.stores;
         const backend = storeConfig?.backend ?? 'pglite';
         if (backend === 'postgres' && storeConfig?.postgresUrl) {
-            const connUrl = storeConfig.postgresUrl.startsWith('env:')
-                ? process.env[storeConfig.postgresUrl.slice(4)] ?? ''
-                : storeConfig.postgresUrl;
+            const connUrl = resolveEnvRef(storeConfig.postgresUrl) ?? '';
             if (!connUrl) {
-                log.error(`Postgres URL not set (${storeConfig.postgresUrl})`, 'dev');
+                log.error('store_postgres_url_missing', { configured: storeConfig.postgresUrl });
             }
             else {
                 try {
@@ -109,95 +156,176 @@ export async function createLocalServer(config) {
                     // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- dynamic import for optional postgres backend
                     const mod = await import(pgModPath).catch(() => null);
                     if (mod?.createPostgresStoreBackend) {
-                        storeBackend = await mod.createPostgresStoreBackend(repo.stores, connUrl);
+                        storeBackend = await mod.createPostgresStoreBackend(bundle.stores, connUrl);
                         storeBackendType = 'postgres';
-                        log.info(`Store backend ready (postgres, ${String(repo.stores.length)} stores)`, 'dev');
+                        log.info('store_backend_ready', { type: 'postgres', storeCount: bundle.stores.length });
                     }
                     else {
-                        log.error('Postgres backend not available — install @amodalai/store-postgres', 'dev');
+                        log.error('store_postgres_unavailable', { hint: 'install @amodalai/store-postgres' });
                     }
                 }
                 catch (err) {
-                    log.error(`Postgres store backend failed: ${err instanceof Error ? err.message : String(err)}`, 'dev');
-                    log.info('Falling back to PGLite', 'dev');
+                    log.error('store_postgres_failed', { error: err instanceof Error ? err.message : String(err) });
+                    log.info('store_fallback_pglite', {});
                 }
             }
         }
         // Default: PGLite
         if (!storeBackend) {
             const dataDir = storeConfig?.dataDir ?? `${config.repoPath}/.amodal/store-data`;
-            // Check for lock file — another instance may be using this data dir
-            const lockPath = `${dataDir}/server.lock`;
+            // Check for lock file — another instance may be using this data dir.
+            // Lock file lives in the PARENT dir (not inside dataDir) so it doesn't
+            // conflict with PGLite's own PostgreSQL data files (e.g. postmaster.pid).
+            const lockPath = `${dataDir}.lock`;
             try {
                 const { readFileSync, writeFileSync, mkdirSync, unlinkSync } = await import('node:fs');
-                mkdirSync(dataDir, { recursive: true });
+                const path = await import('node:path');
+                mkdirSync(path.dirname(dataDir), { recursive: true });
                 try {
                     const existing = readFileSync(lockPath, 'utf-8').trim();
                     try {
                         process.kill(Number(existing), 0);
-                        log.warn(`Another amodal instance (PID ${existing}) may be using this store directory. PGLite does not support concurrent access.`, 'dev');
+                        log.warn('store_lock_conflict', { pid: existing });
                     }
-                    catch { /* PID not running, stale lock */ }
+                    catch { /* PID not running — stale lock, safe to overwrite */ }
                 }
-                catch { /* no lock file */ }
+                catch { /* No lock file exists — first run */ }
                 writeFileSync(lockPath, String(process.pid));
                 const lockCleanup = lockPath;
                 process.on('exit', () => { try {
                     unlinkSync(lockCleanup);
                 }
-                catch { /* */ } });
+                catch { /* exit handler — can't log */ } });
+            }
+            catch (err) {
+                log.warn('store_lock_setup_failed', { dataDir, error: err instanceof Error ? err.message : String(err) });
             }
-            catch { /* lock file handling failed, proceed anyway */ }
             try {
-                storeBackend = await createPGLiteStoreBackend(repo.stores, dataDir);
+                storeBackend = await createPGLiteStoreBackend(bundle.stores, dataDir);
                 storeBackendType = 'pglite';
-                log.info(`Store backend ready (pglite, ${String(repo.stores.length)} stores, dir: ${dataDir})`, 'dev');
+                log.info('store_backend_ready', { type: 'pglite', storeCount: bundle.stores.length, dataDir });
             }
             catch (err) {
-                log.error(`Store backend failed to initialize: ${err instanceof Error ? err.message : String(err)}`, 'dev');
-                log.error(`Try deleting ${dataDir} and restarting`, 'dev');
+                const errMsg = err instanceof Error ? err.message : (typeof err === 'object' ? JSON.stringify(err) : String(err));
+                log.error('store_backend_init_failed', { error: errMsg, dataDir });
             }
         }
     }
-    // Session persistence — created before SessionManager so hydration works
-    const sessionStore = new SessionStore(config.repoPath);
-    const sessionManager = new SessionManager({
-        baseParams: {
-            sessionId: 'local-init',
-            interactive: false,
-            noBrowser: true,
-            debugMode: process.env['DEBUG'] === 'true',
-            cwd: config.repoPath,
-            targetDir: config.repoPath,
+    // -------------------------------------------------------------------------
+    // Runtime event bus (powers /api/events SSE for live UI updates)
+    // -------------------------------------------------------------------------
+    const eventBus = new RuntimeEventBus({
+        onListenerError: (err, event) => {
+            log.warn('event_bus_listener_error', {
+                seq: event.seq,
+                type: event.type,
+                error: err instanceof Error ? err.message : String(err),
+            });
         },
+    });
+    // Wrap the store backend so every write emits store_updated events.
+    // Covers every write path through one seam: tools, REST routes, admin
+    // file tools, task execution — they all go through this backend.
+    if (storeBackend) {
+        storeBackend = wrapStoreBackendWithEvents(storeBackend, eventBus);
+    }
+    // -------------------------------------------------------------------------
+    // Session manager (new standalone stack)
+    // -------------------------------------------------------------------------
+    const sessionLogger = createLogger({ component: 'session-manager' });
+    const sessionDataDir = `${config.repoPath}/.amodal/session-data`;
+    const sessionStore = await selectSessionStore({
+        backend: bundle.config.stores?.backend,
+        postgresUrl: resolveEnvRef(bundle.config.stores?.postgresUrl),
+        logger: sessionLogger,
+        dataDir: sessionDataDir,
+    });
+    const sessionManager = new StandaloneSessionManager({
+        logger: sessionLogger,
+        store: sessionStore,
         ttlMs: config.sessionTtlMs,
-        bundle: repo,
-        shellExecutor,
-        storeBackend,
-        sessionStore: {
-            async getSession(sessionId) {
-                const persisted = sessionStore.load(sessionId);
-                if (!persisted || !persisted.conversationHistory.length)
-                    return null;
-                return {
-                    id: persisted.id,
-                    app_id: persisted.appId,
-                    // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- Persisted data
-                    messages: persisted.conversationHistory,
-                    status: 'completed',
-                };
-            },
-        },
+        eventBus,
     });
-    const runner = new ProactiveRunner(repo, {
+    sessionManager.start();
+    // -------------------------------------------------------------------------
+    // MCP connections (shared across sessions)
+    // -------------------------------------------------------------------------
+    let mcpManager = null;
+    {
+        const { McpManager } = await import('@amodalai/core');
+        const mcpConfigs = buildMcpConfigs(bundle);
+        if (Object.keys(mcpConfigs).length > 0) {
+            const manager = new McpManager();
+            try {
+                await manager.startServers(mcpConfigs);
+                if (manager.connectedCount > 0) {
+                    mcpManager = manager;
+                    const tools = manager.getDiscoveredTools();
+                    log.info('mcp_initialized', { servers: manager.connectedCount, tools: tools.length });
+                }
+            }
+            catch (err) {
+                log.error('mcp_init_failed', { error: err instanceof Error ? err.message : String(err) });
+            }
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Shared resources for route handlers
+    // -------------------------------------------------------------------------
+    const shared = {
+        storeBackend: storeBackend ?? null,
+        mcpManager,
+        logger: log,
+        toolExecutor,
+    };
+    // Helper: get current bundle (updated by config watcher)
+    const getBundle = () => bundle;
+    // Helper: create automation session components
+    const createAutomationSessionComponents = () => {
+        const components = buildSessionComponents({
+            bundle,
+            storeBackend: storeBackend ?? null,
+            mcpManager,
+            logger: log,
+            toolExecutor,
+            sessionType: 'automation',
+        });
+        const session = sessionManager.create({
+            provider: components.provider,
+            toolRegistry: components.toolRegistry,
+            permissionChecker: components.permissionChecker,
+            systemPrompt: components.systemPrompt,
+            userRoles: components.userRoles,
+            toolContextFactory: components.toolContextFactory,
+            appId: LOCAL_APP_ID,
+        });
+        return { session, toolContextFactory: components.toolContextFactory };
+    };
+    // -------------------------------------------------------------------------
+    // Proactive runner
+    // -------------------------------------------------------------------------
+    const runner = new ProactiveRunner(bundle, {
+        sessionManager,
+        createSessionComponents: createAutomationSessionComponents,
+        logger: log,
         webhookSecret: config.webhookSecret,
-        createSession: async () => sessionManager.create(LOCAL_APP_ID),
-        destroySession: async (id) => sessionManager.destroy(id),
+        summarizeToolResult: config.summarizeToolResult,
         onSessionComplete: (session, automationName) => {
-            sessionStore.save(session, automationName);
+            // Tag the automation name onto metadata so the UI can filter
+            // sessions by automation via /sessions?automation=<name>.
+            session.metadata.automationName = automationName;
+            void sessionManager.persist(session);
         },
+        eventBus,
+        onAutomationResult: config.onAutomationResult,
     });
+    // -------------------------------------------------------------------------
+    // Config watcher (hot reload)
+    // -------------------------------------------------------------------------
     let watcher = null;
+    // -------------------------------------------------------------------------
+    // Express app
+    // -------------------------------------------------------------------------
     const app = express();
     // CORS
     const corsOrigin = config.corsOrigin ?? '*';
@@ -227,9 +355,9 @@ export async function createLocalServer(config) {
     app.post('/auth/token', (_req, res) => {
         res.json({ token: '', expires_at: null });
     });
-    // Unified config endpoint — same path as hosted, different response
+    // Unified config endpoint
     app.get('/api/config', (_req, res) => {
-        const bundleData = sessionManager.getBundle();
+        const bundleData = getBundle();
         const cfg = bundleData.config;
         // Collect all env:* references from connection specs
         const envRefs = [];
@@ -241,11 +369,8 @@ export async function createLocalServer(config) {
             }
         }
         res.json({
-            // Common fields (used by useHostedConfig)
             appId: LOCAL_APP_ID,
             appName: cfg?.name ?? '',
-            // No authMode — signals to the SPA that no auth is needed
-            // Local dev fields (used by config pages)
             name: cfg?.name ?? '',
             version: cfg?.version ?? '',
             description: cfg?.description ?? '',
@@ -262,57 +387,61 @@ export async function createLocalServer(config) {
     // Resolve resume session ID
     let resumeSessionId = config.resumeSessionId;
     if (resumeSessionId === 'latest') {
-        resumeSessionId = sessionStore.latest() ?? undefined;
+        const { sessions: recent } = await sessionStore.list({
+            limit: 1,
+            filter: { appId: LOCAL_APP_ID },
+        });
+        resumeSessionId = recent[0]?.id;
     }
     if (resumeSessionId) {
-        log.debug(`Resume session: ${resumeSessionId}`, 'dev');
+        log.debug('resume_session', { sessionId: resumeSessionId });
     }
     // Client config — tells the web UI which session to resume
     app.get('/config', (_req, res) => {
         res.json({ resumeSessionId: resumeSessionId ?? null });
     });
-    // Sessions endpoints
-    app.get('/sessions', (req, res) => {
+    // Sessions endpoints — served directly from the DrizzleSessionStore.
+    //
+    // Dev-UI consumers (sidebar Recent list, Sessions page, Automation detail
+    // page) don't paginate — they render what they get and slice the top N.
+    // A 500-session ceiling keeps the response bounded without forcing a
+    // cursor API on the client today. If dev sessions regularly exceed this,
+    // the store already supports cursor pagination via SessionListOptions.
+    const SESSION_LIST_LIMIT = 500;
+    app.get('/sessions', asyncHandler(async (req, res) => {
         const automationFilter = typeof req.query?.['automation'] === 'string' ? String(req.query['automation']) : undefined;
-        const all = sessionStore.list();
-        // Filter out eval and admin sessions from chat history
-        const visible = all.filter((s) => s.appId !== 'eval-runner' && s.appId !== 'admin');
-        const filtered = automationFilter ? visible.filter((s) => s.automationName === automationFilter) : visible;
-        res.json({ sessions: filtered });
-    });
-    app.get('/session/:id', (req, res) => {
-        const persisted = sessionStore.load(req.params['id'] ?? '');
+        // Automation filter uses metadata.automationName; otherwise restrict
+        // to chat sessions by metadata.appId (excludes eval-runner / admin).
+        const filter = automationFilter
+            ? { automationName: automationFilter }
+            : { appId: LOCAL_APP_ID };
+        const { sessions: rows } = await sessionStore.list({ limit: SESSION_LIST_LIMIT, filter });
+        const sessions = rows.map((s) => {
+            const title = typeof s.metadata['title'] === 'string' ? s.metadata['title'] : undefined;
+            const appId = typeof s.metadata['appId'] === 'string' ? s.metadata['appId'] : LOCAL_APP_ID;
+            const automationName = typeof s.metadata['automationName'] === 'string' ? s.metadata['automationName'] : undefined;
+            return {
+                id: s.id,
+                appId,
+                title,
+                summary: title ?? extractFirstUserText(s.messages) ?? 'Untitled',
+                createdAt: s.createdAt.getTime(),
+                lastAccessedAt: s.updatedAt.getTime(),
+                automationName,
+            };
+        });
+        res.json({ sessions });
+    }));
+    app.get('/session/:id', asyncHandler(async (req, res) => {
+        const persisted = await sessionStore.load(req.params['id'] ?? '');
         if (!persisted) {
             res.status(404).json({ error: 'Session not found' });
             return;
         }
-        // Convert persisted messages to the format the UI expects.
-        // Supports both SessionMessage format ({type, text}) and legacy LLMMessage ({role, content}).
-        const messages = persisted.conversationHistory.map((msg) => {
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- Persisted message
-            const m = msg;
-            // SessionMessage format (new): {type: 'user'|'assistant_text'|'error', text, toolCalls?, ...}
-            if (m['type'] === 'user') {
-                return { role: 'user', text: String(m['text'] ?? '') };
-            }
-            if (m['type'] === 'assistant_text') {
-                return { role: 'assistant', text: String(m['text'] ?? ''), toolCalls: m['toolCalls'] };
-            }
-            // Legacy LLMMessage format: {role: 'user'|'assistant', content: string|Block[]}
-            if (m['role'] === 'user') {
-                return { role: 'user', text: typeof m['content'] === 'string' ? m['content'] : '' };
-            }
-            if (m['role'] === 'assistant') {
-                const blocks = Array.isArray(m['content']) ? m['content'] : [];
-                const isTextBlock = (b) => typeof b === 'object' && b !== null && 'type' in b && b['type'] === 'text' && 'text' in b;
-                const text = blocks.filter(isTextBlock).map((b) => b.text).join('');
-                return { role: 'assistant', text };
-            }
-            return { role: String(m['role'] ?? m['type'] ?? 'unknown'), text: String(m['text'] ?? '') };
-        });
+        const messages = persisted.messages.map(flattenModelMessage).filter((m) => m !== null);
         res.json({ session_id: persisted.id, messages });
-    });
-    app.patch('/session/:id', express.json(), (req, res) => {
+    }));
+    app.patch('/session/:id', express.json(), asyncHandler(async (req, res) => {
         const sessionId = req.params['id'] ?? '';
         const body = req.body;
         if (!body || typeof body !== 'object' || !('title' in body) || typeof body['title'] !== 'string') {
@@ -321,56 +450,85 @@ export async function createLocalServer(config) {
         }
         // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- validated above
         const title = body['title'];
-        const updated = sessionStore.updateTitle(sessionId, title);
-        if (!updated) {
-            res.status(404).json({ error: 'Session not found' });
-            return;
+        // Live session: mutate metadata on the shared object and persist so
+        // the next /sessions read reflects the new title. A concurrent
+        // runMessage may be mid-turn, but JSON.stringify runs atomically in
+        // JS's single-threaded event loop — no torn writes. The next
+        // end-of-turn persist will overwrite with the completed messages
+        // array; metadata.title stays because it's on the live session.
+        //
+        // Not-live: load → mutate → save. No race possible.
+        const live = sessionManager.get(sessionId);
+        if (live) {
+            live.metadata.title = title;
+            await sessionManager.persist(live);
         }
-        // Also update in-memory session if active
-        const activeSession = sessionManager.get(sessionId);
-        if (activeSession) {
-            activeSession.title = title;
+        else {
+            const persisted = await sessionStore.load(sessionId);
+            if (!persisted) {
+                res.status(404).json({ error: 'Session not found' });
+                return;
+            }
+            persisted.metadata.title = title;
+            persisted.updatedAt = new Date();
+            await sessionStore.save(persisted);
         }
+        // Emit session_updated so the sidebar picks up the new title live.
+        eventBus.emit({ type: 'session_updated', sessionId, appId: LOCAL_APP_ID, title });
         res.json({ ok: true });
-    });
-    app.delete('/session/:id', (req, res) => {
+    }));
+    app.delete('/session/:id', asyncHandler(async (req, res) => {
         const sessionId = req.params['id'] ?? '';
-        // Destroy in-memory session if active
-        void sessionManager.destroy(sessionId);
-        const deleted = sessionStore.delete(sessionId);
+        await sessionManager.destroy(sessionId);
+        const deleted = await sessionStore.delete(sessionId);
         if (!deleted) {
             res.status(404).json({ error: 'Session not found' });
             return;
         }
+        eventBus.emit({ type: 'session_deleted', sessionId });
         res.json({ ok: true });
-    });
+    }));
     // File browser/editor
     app.use(createFilesRouter({ repoPath: config.repoPath }));
+    // Event bus SSE stream (live UI updates)
+    app.use(createEventsRouter({ bus: eventBus, logger: log }));
     // Evals
     const evalStore = new EvalStore(config.repoPath);
-    app.use(createEvalRouter({ sessionManager, evalStore, repoPath: config.repoPath, getPort: () => config.port }));
+    app.use(createEvalRouter({ getBundle, evalStore, repoPath: config.repoPath, getPort: () => config.port }));
     // Feedback
     const feedbackStore = new FeedbackStore(config.repoPath);
     app.use(createFeedbackRouter({ feedbackStore }));
-    // Routes
+    // Chat routes (new stack) — persistence is handled inside runMessage /
+    // route-helpers, so no explicit hooks are needed here.
     app.use(createChatStreamRouter({
         sessionManager,
-        createStreamHooks: () => ({
-            onSessionPersist: (sessionId) => {
-                const session = sessionManager.get(sessionId);
-                if (session)
-                    sessionStore.save(session);
-            },
-        }),
+        bundleResolver: { staticBundle: bundle },
+        shared,
+        summarizeToolResult: config.summarizeToolResult,
+    }));
+    app.use(createChatRouter({
+        sessionManager,
+        bundleResolver: { staticBundle: bundle },
+        shared,
+        summarizeToolResult: config.summarizeToolResult,
     }));
-    app.use(createTaskRouter({ sessionManager }));
-    app.use(createAdminChatRouter({ sessionManager, getPort: () => config.port }));
-    app.use(createInspectRouter({ sessionManager, repoPath: config.repoPath }));
+    // Task runner
+    app.use(createTaskRouter({ sessionManager, createTaskSession: createAutomationSessionComponents }));
+    // Admin chat (new stack)
+    app.use(createAdminChatRouter({
+        sessionManager,
+        shared,
+        getBundle,
+        getPort: () => config.port,
+    }));
+    // Inspect
+    app.use(createInspectRouter({ getBundle, repoPath: config.repoPath }));
+    // Automations
     app.use(createAutomationRouter({ runner }));
     app.use(createWebhookRouter({ runner, webhookSecret: config.webhookSecret }));
     // Store REST API (if stores are defined)
     if (storeBackend) {
-        app.use(createStoresRouter({ repo, storeBackend, appId: LOCAL_APP_ID }));
+        app.use(createStoresRouter({ repo: bundle, storeBackend, appId: LOCAL_APP_ID }));
     }
     // Build user pages (if pages/ directory exists)
     let builtPages = [];
@@ -378,14 +536,12 @@ export async function createLocalServer(config) {
         const result = await buildPages(config.repoPath);
         builtPages = result.pages;
         if (builtPages.length > 0) {
-            log.info(`Built ${String(builtPages.length)} page(s)`, 'dev');
-            // Serve compiled page bundles
+            log.info('pages_built', { count: builtPages.length });
             app.use('/pages-bundle', express.static(result.outDir));
         }
     }
     catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        log.error(`Page build failed: ${msg}`, 'dev');
+        log.error('pages_build_failed', { error: err instanceof Error ? err.message : String(err) });
     }
     // Pages list endpoint
     app.get('/api/pages', (_req, res) => {
@@ -398,11 +554,8 @@ export async function createLocalServer(config) {
         app.use(config.appMiddleware);
     }
     else if (config.staticAppDir && existsSync(config.staticAppDir)) {
-        // Serve pre-built SPA static assets with index.html fallback
         app.use(express.static(config.staticAppDir));
-        // SPA fallback — serve index.html for any non-API, non-static route
         app.use((_req, res, next) => {
-            // Don't intercept API or inspect routes (already handled above)
             if (_req.path.startsWith('/api/') || _req.path.startsWith('/inspect/') || _req.method !== 'GET') {
                 next();
                 return;
@@ -427,17 +580,18 @@ export async function createLocalServer(config) {
             // Start hot reload watcher
             if (config.hotReload) {
                 watcher = new ConfigWatcher(config.repoPath, (newBundle) => {
-                    sessionManager.updateBundle(newBundle);
+                    bundle = newBundle;
+                    // Shared resources and session components will pick up the new
+                    // bundle on next session creation via getBundle().
+                    log.info('config_reloaded', { name: newBundle.config.name });
+                    eventBus.emit({ type: 'manifest_changed' });
+                    eventBus.emit({ type: 'files_changed' });
                 });
                 watcher.start();
             }
             return new Promise((resolve) => {
                 const httpServer = app.listen(port, host, () => {
-                    log.info(`Repo server listening on ${host}:${port}`);
-                    log.info(`Repo: ${config.repoPath}`);
-                    if (config.hotReload) {
-                        log.info('Hot reload enabled');
-                    }
+                    log.info('server_started', { host, port, repoPath: config.repoPath, hotReload: !!config.hotReload });
                     resolve(httpServer);
                 });
                 server = httpServer;
@@ -462,11 +616,92 @@ export async function createLocalServer(config) {
                 server = null;
             }
             await sessionManager.shutdown();
+            if (mcpManager) {
+                await mcpManager.shutdown();
+            }
             if (storeBackend) {
                 await storeBackend.close();
             }
-            log.info('Repo server stopped');
+            log.info('server_stopped', {});
         },
     };
 }
+// ---------------------------------------------------------------------------
+// /sessions + /session/:id response helpers
+// ---------------------------------------------------------------------------
+/** Max length of the first-user-message excerpt shown in session lists. */
+const SUMMARY_EXCERPT_MAX = 80;
+function isRecord(x) {
+    return typeof x === 'object' && x !== null;
+}
+function isTextPart(part) {
+    return isRecord(part) && part['type'] === 'text' && typeof part['text'] === 'string';
+}
+function isToolCallPart(part) {
+    return (isRecord(part) &&
+        part['type'] === 'tool-call' &&
+        typeof part['toolCallId'] === 'string' &&
+        typeof part['toolName'] === 'string');
+}
+function getMessageRole(raw) {
+    if (!isRecord(raw))
+        return null;
+    const role = raw['role'];
+    return typeof role === 'string' ? role : null;
+}
+function getMessageContent(raw) {
+    if (!isRecord(raw))
+        return undefined;
+    return raw['content'];
+}
+/** Truncate with an ellipsis when the source exceeds the excerpt budget. */
+function excerpt(s) {
+    return s.length > SUMMARY_EXCERPT_MAX ? `${s.slice(0, SUMMARY_EXCERPT_MAX)}…` : s;
+}
+/** Extract the first user-message text from a persisted message array for list summaries. */
+function extractFirstUserText(messages) {
+    for (const raw of messages) {
+        if (getMessageRole(raw) !== 'user')
+            continue;
+        const content = getMessageContent(raw);
+        if (typeof content === 'string')
+            return excerpt(content);
+        if (Array.isArray(content)) {
+            const firstText = content.find(isTextPart);
+            if (firstText)
+                return excerpt(firstText.text);
+        }
+    }
+    return undefined;
+}
+/**
+ * Flatten a persisted `ModelMessage` (ai SDK v6) into the shape the web UI's
+ * /session/:id consumer expects: {role, text, toolCalls?}. Returns null for
+ * tool-result messages and for assistant turns with no renderable content
+ * (the history panel shows conversation + tool-call chips, not raw tool
+ * plumbing).
+ */
+function flattenModelMessage(raw) {
+    const role = getMessageRole(raw);
+    if (role !== 'user' && role !== 'assistant')
+        return null;
+    const content = getMessageContent(raw);
+    if (typeof content === 'string') {
+        return { role, text: content };
+    }
+    if (Array.isArray(content)) {
+        const text = content.filter(isTextPart).map((p) => p.text).join('');
+        const toolCalls = role === 'assistant'
+            ? content.filter(isToolCallPart).map((p) => ({
+                toolId: p.toolCallId,
+                toolName: p.toolName,
+                parameters: isRecord(p.input) ? p.input : {},
+            }))
+            : [];
+        if (text.length === 0 && toolCalls.length === 0)
+            return null;
+        return toolCalls.length > 0 ? { role, text, toolCalls } : { role, text };
+    }
+    return null;
+}
 //# sourceMappingURL=local-server.js.map