@cgh567/agent 2.4.0 → 2.4.2

package/daemon/lib/hed-engine.js

@@ -1,307 +0,0 @@
-'use strict';
-
-const { randomUUID } = require('crypto');
-
-/**
- * HEDEngine — Helios Execution Document orchestration.
- * A HED is a PlanChangeProposal {scope:'execution'} with wave-based CRUD operations.
- * Agents execute against HEDOperations; Murray audits each completion.
- */
-
-class HEDEngine {
-  constructor(mg) {
-    this._mg = mg;
-  }
-
-  // ─── Create ────────────────────────────────────────────────────────────────
-
-  async createHED({ companyId, title, intent, worldStateSnapshot, operations, goalId }) {
-    const hedId = `hed_${Date.now()}_${randomUUID().slice(0, 8)}`;
-    const now = new Date().toISOString();
-
-    // Create PlanChangeProposal with scope='execution'
-    await this._mg(
-      `CREATE (pcp:PlanChangeProposal {
-        id: $id, companyId: $companyId, scope: 'execution',
-        title: $title, intent: $intent,
-        worldStateSnapshot: $worldStateSnapshot,
-        status: 'draft', requiresApproval: true,
-        waveCount: $waveCount, currentWave: 1,
-        createdAt: $now, resolvedAt: null, resolvedBy: null
-      })`,
-      {
-        id: hedId, companyId, title, intent,
-        worldStateSnapshot: JSON.stringify(worldStateSnapshot || {}),
-        waveCount: Math.max(...operations.map(o => o.wave || 1), 1),
-        now
-      }
-    );
-
-    if (goalId) {
-      await this._mg(
-        `MATCH (pcp:PlanChangeProposal {id: $hedId}), (g:BusinessGoal {id: $goalId})
-         MERGE (pcp)-[:IMPLEMENTS_GOAL]->(g)`,
-        { hedId, goalId }
-      ).catch(() => {});
-    }
-
-    // Create HEDOperation nodes
-    for (const op of operations) {
-      await this.createOperation(hedId, op, now);
-    }
-
-    return { hedId };
-  }
-
-  async createOperation(hedId, op, now = new Date().toISOString()) {
-    const opId = op.opId || `op_${Date.now()}_${randomUUID().slice(0, 6)}`;
-    await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId})
-       CREATE (o:HEDOperation {
-         id: $opId, hedId: $hedId,
-         type: $type, target: $target, targetScope: $targetScope,
-         description: $description,
-         acceptanceCriteria: $acceptanceCriteria,
-         dependsOn: $dependsOn, wave: $wave,
-         assignedAgentRole: $assignedAgentRole,
-         deviationPolicy: $deviationPolicy,
-         status: 'pending', createdAt: $now
-       })
-       MERGE (pcp)-[:HAS_OPERATION]->(o)`,
-      {
-        hedId, opId,
-        type: op.type || 'UPDATE',
-        target: op.target || '',
-        targetScope: op.targetScope || '',
-        description: op.description || '',
-        acceptanceCriteria: JSON.stringify(op.acceptanceCriteria || []),
-        dependsOn: JSON.stringify(op.dependsOn || []),
-        wave: op.wave || 1,
-        assignedAgentRole: op.assignedAgentRole || 'worker',
-        deviationPolicy: op.deviationPolicy || 'smart',
-        now
-      }
-    );
-    return opId;
-  }
-
-  // ─── Read ──────────────────────────────────────────────────────────────────
-
-  async getHED(hedId) {
-    const rows = await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId, scope: 'execution'})
-       RETURN pcp`,
-      { hedId }
-    );
-    if (!rows?.length) return null;
-    const pcp = rows[0].pcp;
-    try { pcp.worldStateSnapshot = JSON.parse(pcp.worldStateSnapshot); } catch {}
-    return pcp;
-  }
-
-  async getOperations(hedId) {
-    const rows = await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId})-[:HAS_OPERATION]->(o:HEDOperation)
-       RETURN o ORDER BY o.wave ASC, o.id ASC`,
-      { hedId }
-    );
-    return (rows || []).map(r => {
-      const o = r.o;
-      try { o.acceptanceCriteria = JSON.parse(o.acceptanceCriteria); } catch { o.acceptanceCriteria = []; }
-      try { o.dependsOn = JSON.parse(o.dependsOn); } catch { o.dependsOn = []; }
-      return o;
-    });
-  }
-
-  async getOperation(opId) {
-    const rows = await this._mg(
-      `MATCH (o:HEDOperation {id: $opId}) RETURN o`, { opId }
-    );
-    if (!rows?.length) return null;
-    const o = rows[0].o;
-    try { o.acceptanceCriteria = JSON.parse(o.acceptanceCriteria); } catch { o.acceptanceCriteria = []; }
-    try { o.dependsOn = JSON.parse(o.dependsOn); } catch { o.dependsOn = []; }
-    return o;
-  }
-
-  // ─── State transitions ─────────────────────────────────────────────────────
-
-  async approveHED(hedId, approvedBy) {
-    const now = new Date().toISOString();
-    await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId, scope: 'execution', status: 'draft'})
-       SET pcp.status = 'approved', pcp.approvedAt = $now, pcp.approvedBy = $approvedBy`,
-      { hedId, now, approvedBy }
-    );
-  }
-
-  async claimOperation(opId, agentId) {
-    const now = new Date().toISOString();
-    const rows = await this._mg(
-      `MATCH (o:HEDOperation {id: $opId, status: 'pending'})
-       SET o.status = 'in_progress', o.executionLockedAt = $now, o.executionAgentId = $agentId
-       RETURN o.id AS claimed`,
-      { opId, now, agentId }
-    );
-    return rows?.[0]?.claimed === opId;
-  }
-
-  async completeOperation(opId, { summary, sessionKey, verdict = 'pending_review' }) {
-    const now = new Date().toISOString();
-    await this._mg(
-      `MATCH (o:HEDOperation {id: $opId})
-       SET o.status = $status, o.completedAt = $now,
-           o.executionSummary = $summary, o.sessionKey = $sessionKey`,
-      { opId, status: verdict === 'pending_review' ? 'done' : verdict, now, summary, sessionKey }
-    );
-  }
-
-  async postReviewFinding(opId, finding) {
-    const findingId = `hrf_${Date.now()}_${randomUUID().slice(0, 6)}`;
-    const now = new Date().toISOString();
-    await this._mg(
-      `MATCH (o:HEDOperation {id: $opId})
-       CREATE (f:HEDReviewFinding {
-         id: $findingId, opId: $opId, hedId: o.hedId,
-         verdict: $verdict, deviationClass: $deviationClass,
-         criteriaResults: $criteriaResults,
-         deviationNarrative: $deviationNarrative,
-         blockingBehavior: $blockingBehavior,
-         createdAt: $now
-       })
-       MERGE (o)-[:HAS_REVIEW]->(f)
-       SET o.reviewVerdict = $verdict`,
-      {
-        findingId, opId,
-        verdict: finding.verdict || 'ALIGNED',
-        deviationClass: finding.deviationClass || null,
-        criteriaResults: JSON.stringify(finding.criteriaResults || []),
-        deviationNarrative: finding.deviationNarrative || '',
-        blockingBehavior: finding.blockingBehavior || 'continue',
-        now
-      }
-    );
-    // If hard block — pause HED
-    if (finding.blockingBehavior === 'hard-pause') {
-      await this._mg(
-        `MATCH (pcp:PlanChangeProposal {id: o.hedId})
-         MATCH (o:HEDOperation {id: $opId})
-         SET pcp.status = 'review'`,
-        { opId }
-      ).catch(() => {});
-    }
-    if (finding.blastRadius) {
-      await this._writeBlastRadius(opId, finding.blastRadius, now);
-    }
-    return findingId;
-  }
-
-  async _writeBlastRadius(opId, br, now) {
-    const brId = `bre_${Date.now()}_${randomUUID().slice(0, 6)}`;
-    await this._mg(
-      `MATCH (o:HEDOperation {id: $opId})
-       CREATE (b:BlastRadiusEvent {
-         id: $brId, opId: $opId,
-         filesChanged: $filesChanged,
-         nodesAffected: $nodesAffected,
-         severity: $severity,
-         createdAt: $now
-       })
-       MERGE (o)-[:HAS_BLAST_RADIUS]->(b)`,
-      {
-        brId, opId,
-        filesChanged: JSON.stringify(br.filesChanged || []),
-        nodesAffected: JSON.stringify(br.nodesAffected || []),
-        severity: br.severity || 'none',
-        now
-      }
-    ).catch(err => console.error('[hed-engine] blast radius write failed:', err.message));
-  }
-
-  // ─── Wave advancement ──────────────────────────────────────────────────────
-
-  async checkWaveAdvancement(companyId) {
-    // Find approved HEDs for this company that are executing
-    const heds = await this._mg(
-      `MATCH (pcp:PlanChangeProposal {companyId: $companyId, scope: 'execution', status: 'approved'})
-       RETURN pcp.id AS hedId, pcp.currentWave AS currentWave, pcp.waveCount AS waveCount`,
-      { companyId }
-    );
-    for (const { hedId, currentWave, waveCount } of (heds || [])) {
-      await this._advanceWaveIfReady(hedId, currentWave, waveCount);
-    }
-  }
-
-  async _advanceWaveIfReady(hedId, currentWave, waveCount) {
-    // Check if all ops in currentWave are done or deviated (not blocked/failed)
-    const pending = await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId})-[:HAS_OPERATION]->(o:HEDOperation)
-       WHERE o.wave = $wave AND o.status IN ['pending', 'in_progress']
-       RETURN count(o) AS pendingCount`,
-      { hedId, wave: currentWave }
-    );
-    const hardBlocked = await this._mg(
-      `MATCH (pcp:PlanChangeProposal {id: $hedId})-[:HAS_OPERATION]->(o:HEDOperation)
-       WHERE o.wave = $wave AND o.reviewVerdict = 'FAILED'
-       RETURN count(o) AS blockedCount`,
-      { hedId, wave: currentWave }
-    );
-    if ((pending?.[0]?.pendingCount || 0) > 0) return; // wave still running
-    if ((hardBlocked?.[0]?.blockedCount || 0) > 0) {
-      // Hard block — pause entire HED
-      await this._mg(
-        `MATCH (pcp:PlanChangeProposal {id: $hedId}) SET pcp.status = 'review'`,
-        { hedId }
-      );
-      // Publish PLAN_STALLED to mesh bus — fires the already-wired reflexion loop subscriber
-      try {
-        const mesh = (global).__helios_session_mesh;
-        if (mesh?.bus?.publish) {
-          mesh.bus.publish('PLAN_STALLED', {
-            hedId,
-            wave: currentWave,
-            reason: 'HEDOperation hard-blocked by reviewer verdict',
-            timestamp: new Date().toISOString(),
-          });
-        }
-      } catch (_meshErr) { /* mesh not available in daemon context — non-fatal */ }
-      return;
-    }
-    if (currentWave >= waveCount) {
-      // All waves complete
-      await this._mg(
-        `MATCH (pcp:PlanChangeProposal {id: $hedId}) SET pcp.status = 'closed', pcp.closedAt = $now`,
-        { hedId, now: new Date().toISOString() }
-      );
-    } else {
-      // Advance to next wave
-      await this._mg(
-        `MATCH (pcp:PlanChangeProposal {id: $hedId}) SET pcp.currentWave = $nextWave`,
-        { hedId, nextWave: currentWave + 1 }
-      );
-    }
-  }
-
-  // ─── Context brief helper ──────────────────────────────────────────────────
-
-  async buildOperationContext(opId) {
-    const op = await this.getOperation(opId);
-    if (!op) return null;
-    const hed = await this.getHED(op.hedId);
-    if (!hed) return null;
-    return {
-      hedIntent: hed.intent,
-      worldStateSnapshot: hed.worldStateSnapshot,
-      operation: {
-        type: op.type,
-        target: op.target,
-        targetScope: op.targetScope,
-        description: op.description,
-        acceptanceCriteria: op.acceptanceCriteria,
-        deviationPolicy: op.deviationPolicy
-      }
-    };
-  }
-}
-
-module.exports = { HEDEngine };

package/daemon/lib/mental-model-cache.js

@@ -1,96 +0,0 @@
-'use strict';
-/**
- * mental-model-cache.js — CachedPersonModel node CRUD
- * Pre-assembled mental models for fast agent brief injection.
- * Cache is invalidated by enrichmentNeeded flag on Person node.
- */
-
-const SCHEMA_VERSION = 1;
-
-/**
- * writeCachedModel — upsert a CachedPersonModel node for a person in a company.
- *
- * @param {Function} mgQuery       — Memgraph query function (async)
- * @param {string}   personId      — Person node id
- * @param {string}   companyId     — Company node id
- * @param {object}   assembledModel — Output from assembleMentalModel()
- */
-async function writeCachedModel(mgQuery, personId, companyId, assembledModel) {
-  const modelId = `model:${companyId}:${personId}`;
-  const contextBrief = assembledModel.contextBrief || '';
-  const faveeJson = JSON.stringify(assembledModel.favee || {});
-  const topicsJson = JSON.stringify((assembledModel.activeTopics || []).slice(0, 10));
-  const questionsJson = JSON.stringify((assembledModel.openQuestions || []).slice(0, 5));
-  const completeness = contextBrief ? 'full' : (faveeJson !== '{}' ? 'partial' : 'none');
-
-  await mgQuery(
-    `MERGE (m:CachedPersonModel {id: $id})
-     ON CREATE SET
-       m.personId = $personId, m.companyId = $companyId,
-       m.contextBrief = $brief, m.faveeJson = $favee,
-       m.topicsJson = $topics, m.questionsJson = $questions,
-       m.assembledAt = localdatetime(), m.completeness = $completeness,
-       m.schemaVersion = $sv
-     ON MATCH SET
-       m.contextBrief = $brief, m.faveeJson = $favee,
-       m.topicsJson = $topics, m.questionsJson = $questions,
-       m.assembledAt = localdatetime(), m.completeness = $completeness,
-       m.dirtyAt = null
-     WITH m
-     MATCH (p:Person {id: $personId})
-     MERGE (p)-[:HAS_CACHED_MODEL]->(m)`,
-    { id: modelId, personId, companyId, brief: contextBrief,
-      favee: faveeJson, topics: topicsJson, questions: questionsJson,
-      completeness, sv: SCHEMA_VERSION }
-  );
-}
-
-/**
- * invalidateCache — mark a CachedPersonModel dirty so next read triggers a refresh.
- * Non-fatal: silently ignores errors if the model node doesn't exist yet.
- *
- * @param {Function} mgQuery
- * @param {string}   personId
- * @param {string}   companyId
- */
-async function invalidateCache(mgQuery, personId, companyId) {
-  const modelId = `model:${companyId}:${personId}`;
-  await mgQuery(
-    `MATCH (m:CachedPersonModel {id: $id}) SET m.dirtyAt = localdatetime()`,
-    { id: modelId }
-  ).catch(() => {});
-}
-
-/**
- * getCachedModel — return a cached model if it exists, is not dirty, and is within maxAge.
- * Returns null if the cache is cold, dirty, or expired.
- *
- * @param {Function} mgQuery
- * @param {string}   personId
- * @param {string}   companyId
- * @param {number}   maxAgeMinutes — default 60 minutes
- * @returns {object|null}
- */
-async function getCachedModel(mgQuery, personId, companyId, maxAgeMinutes = 60) {
-  const modelId = `model:${companyId}:${personId}`;
-  const rows = await mgQuery(
-    `MATCH (m:CachedPersonModel {id: $id})
-     WHERE m.dirtyAt IS NULL
-       AND m.assembledAt > localdatetime() - duration({minutes: $maxAge})
-     RETURN m.contextBrief, m.faveeJson, m.topicsJson, m.questionsJson,
-            m.assembledAt, m.completeness`,
-    { id: modelId, maxAge: maxAgeMinutes }
-  );
-  if (!rows?.rows?.length) return null;
-  const r = rows.rows[0];
-  return {
-    contextBrief:  r[0],
-    faveeJson:     r[1],
-    topicsJson:    r[2],
-    questionsJson: r[3],
-    assembledAt:   r[4],
-    completeness:  r[5],
-  };
-}
-
-module.exports = { writeCachedModel, invalidateCache, getCachedModel, SCHEMA_VERSION };

package/daemon/lib/project-factory.js

@@ -1,47 +0,0 @@
-'use strict';
-/**
- * project-factory.js — Creates HeliosProject + ProjectDocument nodes when
- * a GoalPillar is initialized via tickGoalDecompose().
- *
- * Called from daemon/lib/hbo-bridge.js tickGoalDecompose() after
- * mandala.initializeMandala() succeeds for each GoalPillar.
- *
- * ID conventions:
- *   HeliosProject:    proj:<companyId>:<pillarSlug>
- *   ProjectDocument:  pdoc:<projectId>:main
- */
-
-async function ensureProject(mgQuery, companyId, goalId, pillarId, pillarTitle) {
-  const slug   = pillarId.replace(/[^a-z0-9]/gi, '-').toLowerCase().slice(0, 40);
-  const projId = `proj:${companyId}:${slug}`;
-  const docId  = `pdoc:${projId}:main`;
-
-  await mgQuery(
-    `MERGE (p:HeliosProject {id: $projId})
-     ON CREATE SET
-       p.companyId = $cid,
-       p.goalId    = $goalId,
-       p.pillarId  = $pillarId,
-       p.name      = $name,
-       p.status    = 'planning',
-       p.phase     = 'planning',
-       p.createdAt = datetime()`,
-    { projId, cid: companyId, goalId, pillarId, name: pillarTitle }
-  ).catch(() => {});
-
-  await mgQuery(
-    `MERGE (d:ProjectDocument {id: $docId})
-     ON CREATE SET
-       d.projectId       = $projId,
-       d.purpose         = '',
-       d.approach        = '',
-       d.successCriteria = '[]',
-       d.intentAnchor    = '',
-       d.exclusions      = '[]',
-       d.version         = toInteger(1),
-       d.updatedAt       = datetime()`,
-    { docId, projId }
-  ).catch(() => {});
-}
-
-module.exports = { ensureProject };

package/daemon/lib/session-log-reader.js

@@ -1,93 +0,0 @@
-'use strict';
-
-const path = require('path');
-const os = require('os');
-
-/**
- * SessionLogReader — reads OpenCode session logs from opencode.db
- * to reconstruct agent decision traces for HED audit.
- * Uses better-sqlite3 (already a dependency via daemon) for read-only access.
- */
-
-// OpenCode stores sessions at platform-specific paths:
-//   Linux/WSL: ~/.local/share/opencode/opencode.db
-//   macOS:     ~/Library/Application Support/opencode/opencode.db
-//   Windows:   %APPDATA%\opencode\opencode.db
-function getOpenCodeDbPath() {
-  if (process.platform === 'linux') {
-    return path.join(os.homedir(), '.local', 'share', 'opencode', 'opencode.db');
-  }
-  if (process.platform === 'darwin') {
-    return path.join(os.homedir(), 'Library', 'Application Support', 'opencode', 'opencode.db');
-  }
-  return path.join(os.homedir(), 'AppData', 'Local', 'opencode', 'opencode.db');
-}
-
-async function readSessionLog(sessionKey) {
-  if (!sessionKey) return [];
-  let Database;
-  try {
-    Database = require('better-sqlite3');
-  } catch {
-    console.warn('[session-log-reader] better-sqlite3 not available — cannot read session log');
-    return [];
-  }
-  const dbPath = getOpenCodeDbPath();
-  let db;
-  try {
-    db = new Database(dbPath, { readonly: true, fileMustExist: true });
-  } catch (err) {
-    console.warn('[session-log-reader] cannot open opencode.db:', err.message);
-    return [];
-  }
-  try {
-    const messages = db.prepare(
-      `SELECT role, content, created_at FROM messages WHERE session_id = ? ORDER BY created_at ASC`
-    ).all(sessionKey);
-    return messages.map((m, i) => ({
-      index: i,
-      role: m.role,
-      content: typeof m.content === 'string' ? m.content : JSON.stringify(m.content),
-      createdAt: m.created_at
-    }));
-  } catch (err) {
-    console.warn('[session-log-reader] query failed:', err.message);
-    return [];
-  } finally {
-    db.close();
-  }
-}
-
-// Classify messages into XEPV sequence: eXplore, Execute, Plan, Verify
-function classifyXEPV(messages) {
-  return messages.map(m => {
-    const content = m.content || '';
-    // Tool calls in content indicate action type
-    if (content.includes('"edit"') || content.includes('"write"')) return { ...m, xepv: 'X_Execute' };
-    if (content.includes('"read"') || content.includes('"grep"') || content.includes('"search_codebase"') || content.includes('"glob"')) return { ...m, xepv: 'X_Explore' };
-    if (content.includes('"bash"') && (content.includes('test') || content.includes('vitest') || content.includes('grep -n'))) return { ...m, xepv: 'X_Verify' };
-    if (m.role === 'assistant' && (content.includes('plan') || content.includes('approach') || content.includes('strategy') || content.includes('first'))) return { ...m, xepv: 'X_Plan' };
-    return { ...m, xepv: 'X_Unknown' };
-  });
-}
-
-// Find the branch point where the agent deviated from the declared target
-function findBranchPoint(xepvMessages, opTarget) {
-  const exploreBeforeExecute = xepvMessages.filter(m => m.xepv === 'X_Explore');
-  for (const msg of exploreBeforeExecute) {
-    // If the agent explored files NOT in the declared target, that's the branch point
-    if (opTarget && !msg.content.includes(opTarget)) {
-      return { message: msg, reason: `Agent explored ${msg.content.slice(0, 200)} instead of declared target ${opTarget}` };
-    }
-  }
-  return null;
-}
-
-// Compute P-ratio: plan steps vs execution steps
-function computePRatio(xepvMessages) {
-  const plan = xepvMessages.filter(m => m.xepv === 'X_Plan').length;
-  const execute = xepvMessages.filter(m => m.xepv === 'X_Execute').length;
-  return { planSteps: plan, executeSteps: execute, ratio: execute > 0 ? plan / execute : plan };
-}
-
-module.exports = { readSessionLog, classifyXEPV, findBranchPoint, computePRatio };

package/daemon/routes/hed.js

@@ -1,133 +0,0 @@
-'use strict';
-
-const { HEDEngine } = require('../lib/hed-engine');
-
-/**
- * HED API routes — /api/hed/*
- * Follows the standard Helios router pattern: returns true if handled, false otherwise.
- * Initialized lazily inside startApi() via createHedRoutes(mgQuery).
- */
-
-function jsonOk(res, data, status = 200) {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, PATCH, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, Accept',
-  });
-  res.end(JSON.stringify(data));
-}
-
-function jsonErr(res, status, message) {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, PATCH, OPTIONS',
-    'Access-Control-Allow-Headers': 'Content-Type, Accept',
-  });
-  res.end(JSON.stringify({ error: message }));
-}
-
-function readBody(req) {
-  return new Promise((resolve, reject) => {
-    let body = '';
-    req.on('data', chunk => { body += chunk; });
-    req.on('end', () => {
-      try { resolve(body ? JSON.parse(body) : {}); }
-      catch (e) { reject(new Error('Invalid JSON body')); }
-    });
-    req.on('error', reject);
-  });
-}
-
-function createHedRoutes(mgQuery) {
-  const engine = new HEDEngine(mgQuery);
-
-  return async function hedRoute(req, res, ctx, pathname, method) {
-    // Only handle /api/hed paths
-    if (!pathname.startsWith('/api/hed')) return false;
-
-    const mg = ctx?.mgQuery ?? mgQuery;
-    const _engine = ctx?.mgQuery ? new HEDEngine(ctx.mgQuery) : engine;
-
-    try {
-      // POST /api/hed — create a new HED
-      if (method === 'POST' && pathname === '/api/hed') {
-        const body = await readBody(req);
-        const { companyId, title, intent, worldStateSnapshot, operations, goalId } = body;
-        if (!companyId || !title || !operations?.length) {
-          jsonErr(res, 400, 'companyId, title, and operations are required');
-          return true;
-        }
-        const result = await _engine.createHED({ companyId, title, intent, worldStateSnapshot, operations, goalId });
-        jsonOk(res, result, 201);
-        return true;
-      }
-
-      // POST /api/hed/:id/approve — HITL approval
-      const approveMatch = method === 'POST' && pathname.match(/^\/api\/hed\/([^/]+)\/approve$/);
-      if (approveMatch) {
-        const hedId = approveMatch[1];
-        const body = await readBody(req);
-        const { approvedBy } = body;
-        await _engine.approveHED(hedId, approvedBy || 'human');
-        jsonOk(res, { hedId, approved: true });
-        return true;
-      }
-
-      // GET /api/hed/:id/review — aggregated review report
-      const reviewMatch = method === 'GET' && pathname.match(/^\/api\/hed\/([^/]+)\/review$/);
-      if (reviewMatch) {
-        const hedId = reviewMatch[1];
-        const operations = await _engine.getOperations(hedId);
-        const findings = operations.map(op => ({
-          opId: op.id,
-          status: op.status,
-          reviewVerdict: op.reviewVerdict || 'pending'
-        }));
-        const aligned = findings.filter(f => f.reviewVerdict === 'ALIGNED').length;
-        const deviated = findings.filter(f => f.reviewVerdict === 'DEVIATED').length;
-        const failed = findings.filter(f => f.reviewVerdict === 'FAILED').length;
-        jsonOk(res, {
-          hedId,
-          findings,
-          summary: { aligned, deviated, failed, pending: findings.length - aligned - deviated - failed }
-        });
-        return true;
-      }
-
-      // PATCH /api/hed/:hedId/operations/:opId — update operation status
-      const opPatchMatch = method === 'PATCH' && pathname.match(/^\/api\/hed\/([^/]+)\/operations\/([^/]+)$/);
-      if (opPatchMatch) {
-        const opId = opPatchMatch[2];
-        const body = await readBody(req);
-        const { status, summary, sessionKey, verdict } = body;
-        if (status === 'done' || status === 'completed') {
-          await _engine.completeOperation(opId, { summary, sessionKey, verdict });
-        }
-        jsonOk(res, { opId, updated: true });
-        return true;
-      }
-
-      // GET /api/hed/:id — get HED + all operations
-      const hedMatch = method === 'GET' && pathname.match(/^\/api\/hed\/([^/]+)$/);
-      if (hedMatch) {
-        const hedId = hedMatch[1];
-        const hed = await _engine.getHED(hedId);
-        if (!hed) { jsonErr(res, 404, 'HED not found'); return true; }
-        const operations = await _engine.getOperations(hedId);
-        jsonOk(res, { ...hed, operations });
-        return true;
-      }
-
-    } catch (err) {
-      console.error('[hed-routes] error:', err.message);
-      jsonErr(res, 500, err.message);
-      return true;
-    }
-
-    return false;
-  };
-}
-
-module.exports = { createHedRoutes };