@cgh567/agent 2.4.3 → 2.4.5

package/daemon/helios-api.js

@@ -383,7 +383,9 @@ async function handleCreateTask(req, res, ctx) {
   const cid = ctx.cid;
 
   const body = await parseBody(req);
-  const { title, assigneeAgentId, priority, body: taskBody, executionPolicy } = body;
+  const { title, assigneeAgentId, priority, body: taskBody, executionPolicy,
+          // Phase 2.5-B additions: sourceType, sourceId, originKind, projectId for email-to-task
+          sourceType, sourceId, originKind, projectId } = body;
 
   if (!title || typeof title !== 'string' || title.trim() === '') {
     jsonResponse(res, 400, { error: 'title is required and must be a non-empty string' });
@@ -439,19 +441,24 @@ async function handleCreateTask(req, res, ctx) {
   const resolvedPriority = Number.isFinite(Number(priority)) ? Number(priority) : 2;
 
   try {
+    // HIGH-3: use MERGE when sourceId provided to prevent duplicate tasks on network-error retry
+    const _taskCypher = (sourceId && originKind)
+      ? `MERGE (t:Task {sourceId: \, companyId: \, originKind: \})
+         ON CREATE SET
+           t.id = \, t.title = \, t.status = 'todo', t.priority = toInteger(\),
+           t.assigneeAgentId = \, t.body = \,
+           t.executionPolicyJson = \, t.executionStateJson = \,
+           t.sourceType = \, t.projectId = \, t.createdAt = datetime()
+         ON MATCH SET t.updatedAt = datetime()`
+      : `CREATE (t:Task {
+           id: \, companyId: \, title: \, status: 'todo',
+           priority: toInteger(\), assigneeAgentId: \, body: \,
+           executionPolicyJson: \, executionStateJson: \,
+           sourceType: \, sourceId: \, originKind: \,
+           projectId: \, createdAt: datetime()
+         })`;
     await mgQuery(
-      `CREATE (t:Task {
-         id: $id,
-         companyId: $cid,
-         title: $title,
-         status: 'todo',
-         priority: toInteger($priority),
-         assigneeAgentId: $assigneeAgentId,
-         body: $body,
-         executionPolicyJson: $policyJson,
-         executionStateJson: $stateJson,
-         createdAt: datetime()
-       })`,
+      _taskCypher,
       {
         id: taskId,
         cid,
@@ -461,8 +468,26 @@ async function handleCreateTask(req, res, ctx) {
         body: taskBody ? String(taskBody) : null,
         policyJson: validatedPolicyJson,
         stateJson: initialStateJson,
+        sourceType: sourceType ? String(sourceType) : null,
+        sourceId: sourceId ? String(sourceId) : null,
+        originKind: originKind ? String(originKind) : null,
+        projectId: projectId ? String(projectId) : null,
       }
-    );
+    ));
+
+    // Phase 2.5-B: OI-P3 fix — write BELONGS_TO_PROJECT edge when projectId is provided
+    if (projectId) {
+      try {
+        await mgQuery(
+          `MATCH (t:Task {id: $taskId}), (p:HeliosProject {id: $projectId, companyId: $cid})
+           MERGE (t)-[:BELONGS_TO_PROJECT]->(p)`,
+          { taskId, projectId: String(projectId), cid }
+        );
+      } catch (_edgeErr) {
+        // Edge write is best-effort — task is already created; log but don't fail
+        log('warn', 'BELONGS_TO_PROJECT edge write failed (OI-P3)', { taskId, projectId });
+      }
+    }
 
     mirrorHboStore('task.create', () => hboStore.createTask?.({
       id: taskId,
@@ -479,6 +504,17 @@ async function handleCreateTask(req, res, ctx) {
 
     broadcast({ type: 'task.created', taskId, status: 'todo', companyId: cid });
     jsonResponse(res, 201, { task: { id: taskId, title, status: 'todo', priority: resolvedPriority, assigneeAgentId, executionPolicyJson: validatedPolicyJson } });
+
+    // P_EXPLAIN-01: fire-and-forget interpretation explanation background job
+    const { rawWrite: _interpRawWrite } = require('../lib/safe-memgraph.js');
+    setImmediate(() => {
+      try {
+        const { createInterpretationExplanation } = require('./lib/interpretation-engine.js');
+        createInterpretationExplanation(taskId, cid, _interpRawWrite).catch(e =>
+          log('warn', 'P_EXPLAIN-01 failed', { e: e.message })
+        );
+      } catch (_) { /* interpretation is non-blocking */ }
+    });
   } catch (err) {
     jsonResponse(res, 500, { error: `Create failed: ${err.message}` });
   }
@@ -491,7 +527,9 @@ async function handleUpdateTask(req, res, ctx, taskId) {
   const cid = ctx.cid;
 
   const body = await parseBody(req);
-  const { status, priority } = body;
+  // P6-06a: workspacePath added — desktop sets this after acquiring a SessionWorktree
+  // for isolated execution; daemon reads it into adapterContext.workspacePath
+  const { status, priority, workspacePath, blockedReason, clearBlocked, hillPosition } = body;
 
   // P4-01: 'in_review' added — allows execution policy gate to hold a task for review
   const VALID_STATUSES = new Set(['todo', 'in_progress', 'done', 'failed', 'cancelled', 'blocked', 'escalated', 'in_review']);
@@ -504,8 +542,8 @@ async function handleUpdateTask(req, res, ctx, taskId) {
     return;
   }
 
-  if (status === undefined && priority === undefined) {
-    jsonResponse(res, 400, { error: 'Provide at least one field to update: status, priority' });
+  if (status === undefined && priority === undefined && workspacePath === undefined && blockedReason === undefined && clearBlocked === undefined && hillPosition === undefined) {
+    jsonResponse(res, 400, { error: 'Provide at least one field to update: status, priority, workspacePath, blockedReason, clearBlocked, hillPosition' });
     return;
   }
 
@@ -767,6 +805,17 @@ async function handleUpdateTask(req, res, ctx, taskId) {
     const params = { id: taskId, cid };
     if (status !== undefined) { setClauses.push('t.status = $status'); params.status = status; }
     if (priority !== undefined) { setClauses.push('t.priority = toInteger($priority)'); params.priority = Number(priority); }
+    // P6-06a: persist workspacePath on Task node so daemon can read it into adapterContext
+    if (workspacePath !== undefined) { setClauses.push('t.workspacePath = $workspacePath'); params.workspacePath = workspacePath ? String(workspacePath) : null; }
+    // P1-G: blockedReason + blockedAt — clearBlocked=true nulls both fields and resets status to todo.
+    // COALESCE preserves existing reason if not re-set; blockedAt only set once on initial block.
+    if (blockedReason !== undefined || clearBlocked !== undefined) {
+      params.clearBlocked = clearBlocked === true;
+      params.blockedReason = (blockedReason !== undefined && blockedReason !== null) ? String(blockedReason) : null;
+      setClauses.push('t.blockedReason = CASE WHEN $clearBlocked = true THEN null ELSE COALESCE($blockedReason, t.blockedReason) END');
+      setClauses.push('t.blockedAt = CASE WHEN $clearBlocked = true THEN null WHEN $blockedReason IS NOT NULL AND t.blockedAt IS NULL THEN datetime() ELSE t.blockedAt END');
+      setClauses.push('t.status = CASE WHEN $clearBlocked = true AND t.status = \'blocked\' THEN \'todo\' ELSE t.status END');
+    }
     setClauses.push('t.updatedAt = datetime()');
 
     // B-09: Single atomic check+update — no TOCTOU window between existence check and SET
@@ -779,9 +828,25 @@ async function handleUpdateTask(req, res, ctx, taskId) {
       return;
     }
 
+    // T4-02: HillChart write — track task work-cycle position for hill chart visualisation
+    if (hillPosition !== undefined && Number.isFinite(Number(hillPosition))) {
+      const hPos = Math.max(0, Math.min(1, Number(hillPosition)));
+      const hPhase = hPos < 0.5 ? 'uphill' : hPos < 1.0 ? 'downhill' : 'complete';
+      mgQuery(
+        `MERGE (h:HillChart {id: 'hill:' + $taskId})
+         SET h.taskId = $taskId, h.companyId = $cid,
+             h.position = $pos, h.phase = $phase, h.updatedAt = datetime()
+         WITH h
+         MATCH (t:Task {id: $taskId, companyId: $cid})
+         MERGE (t)-[:HAS_HILL_CHART]->(h)`,
+        { taskId, cid, pos: hPos, phase: hPhase }
+      ).catch(e => log('warn', `HillChart MERGE failed for task ${taskId}: ${e.message}`));
+    }
+
     const storeUpdate = {};
     if (status !== undefined) storeUpdate.status = status;
     if (priority !== undefined) storeUpdate.priority = Number(priority);
+    if (workspacePath !== undefined) storeUpdate.workspacePath = workspacePath ? String(workspacePath) : null;
     mirrorHboStore('task.update', () => hboStore.updateTask?.(taskId, cid, storeUpdate));
 
     broadcast({ type: 'task.updated', taskId, ...(status !== undefined ? { status } : {}), companyId: cid });
@@ -907,6 +972,7 @@ async function handleGetApprovals(req, res, ctx) {
            a.status AS status, a.requestedBy AS requestedBy,
            a.agentId AS agentId, a.taskId AS taskId,
            a.createdAt AS createdAt, a.followUpTaskCreated AS followUpTaskCreated,
+           a.followUpTaskId AS followUpTaskId,
            a.expiresAt AS expiresAt,
            a.kaizenProposalId AS kaizenProposalId,
            a.description AS description,
@@ -954,7 +1020,7 @@ async function handleGetApprovals(req, res, ctx) {
     const rows = parseRows(result);
     const keys = [
       'id', 'type', 'title', 'status', 'requestedBy', 'agentId', 'taskId',
-      'createdAt', 'followUpTaskCreated', 'expiresAt', 'kaizenProposalId',
+      'createdAt', 'followUpTaskCreated', 'followUpTaskId', 'expiresAt', 'kaizenProposalId',
       'description', 'payload', 'body', 'question', 'pillarId',
       'sourceAgent', 'resolvedAt', 'department', 'templateKey',
       'inferredAnswer', 'defaultAnswer',
@@ -1089,6 +1155,8 @@ async function handleApproveApproval(req, res, ctx, approvalId) {
     }
 
     broadcast({ type: 'approval.approved', approvalId, companyId: cid });
+    // H-01: record approval.approve in ActivityLogger
+    ctx.activityLogger?.record({ action: 'approval.approve', actor: cid, entityId: approvalId, companyId: cid });
     jsonResponse(res, 200, { approved: true, approvalId });
   } catch (err) {
     jsonResponse(res, 500, { error: `Approve failed: ${err.message}` });
@@ -1118,6 +1186,8 @@ async function handleRejectApproval(req, res, ctx, approvalId) {
     }
     mirrorHboStore('approval.reject', () => hboStore.updateApproval?.(approvalId, cid, { status: 'rejected', rejectReason: reason, rejectedAt: Date.now() }));
     broadcast({ type: 'approval.rejected', approvalId, reason, companyId: cid });
+    // H-01: record approval.reject in ActivityLogger
+    ctx.activityLogger?.record({ action: 'approval.reject', actor: cid, entityId: approvalId, companyId: cid });
     jsonResponse(res, 200, { rejected: true, approvalId, reason });
   } catch (err) {
     jsonResponse(res, 500, { error: `Reject failed: ${err.message}` });
@@ -1396,16 +1466,39 @@ async function handleGetAgents(req, res, ctx) {
 
 async function handleGetAgent(req, res, ctx, agentId) {
   const { mgQuery } = ctx;
-  if (!mgQuery) { jsonResponse(res, 503, { error: 'Memgraph not connected' }); return; }
   if (!agentId) { jsonResponse(res, 400, { error: 'Missing agent ID' }); return; }
   const cid = ctx.cid;
 
+  // P7-A1: SQL parity — fall back to SQLite when Memgraph unavailable
+  if (!mgQuery) {
+    try {
+      const a = hboStore.getBusinessAgent ? hboStore.getBusinessAgent(agentId, cid) : null;
+      if (!a) { jsonResponse(res, 404, { error: `Agent not found: ${agentId}` }); return; }
+      // H-1 fix: also include recentTasks from SQLite so shape matches Memgraph path
+      const sqliteTasks = hboStore.getTasksByCompanyStatus
+        ? hboStore.getTasksByCompanyStatus(cid, ['todo', 'in_progress', 'done']).filter(t => t.assigneeAgentId === agentId || t.assignee_agent_id === agentId).slice(0, 10)
+        : [];
+      a.recentTasks = sqliteTasks.map(t => ({ id: t.id, title: t.title ?? null, status: t.status ?? null, priority: t.priority ?? null }));
+      return jsonResponse(res, 200, { agent: a, _source: 'sqlite' });
+    } catch (storeErr) {
+      return jsonResponse(res, 503, { error: 'Agent unavailable: Memgraph not connected', agent: null });
+    }
+  }
+
   try {
     const [agentResult, tasksResult] = await Promise.all([
       mgQuery(
+        // P7-A1: extended RETURN to include all required fields for agent detail page
         `MATCH (a:BusinessAgent {id: $id, companyId: $cid})
-         RETURN a.id AS id, a.title AS title, a.status AS status,
-                a.lastHeartbeatAt AS lastHeartbeat, a.pauseReason AS pauseReason`,
+         RETURN a.id AS id, a.title AS title, a.role AS role, a.status AS status,
+                a.skill AS skill, a.adapter AS adapter,
+                a.budgetMonthlyCents AS budgetMonthlyCents,
+                a.heartbeatIntervalMs AS heartbeatIntervalMs,
+                a.capabilities AS capabilities,
+                a.defaultSkills AS defaultSkills,
+                a.lastHeartbeatAt AS lastHeartbeatAt,
+                a.pauseReason AS pauseReason,
+                a.companyId AS companyId`,
         { id: agentId, cid }
       ),
       mgQuery(
@@ -1422,7 +1515,9 @@ async function handleGetAgent(req, res, ctx, agentId) {
       return;
     }
 
-    const agentKeys = ['id', 'title', 'status', 'lastHeartbeat', 'pauseReason'];
+    const agentKeys = ['id', 'title', 'role', 'status', 'skill', 'adapter',
+      'budgetMonthlyCents', 'heartbeatIntervalMs', 'capabilities', 'defaultSkills',
+      'lastHeartbeatAt', 'pauseReason', 'companyId'];
     const taskKeys = ['id', 'title', 'status', 'priority'];
     const agent = rowToObj(agentRows[0], agentKeys);
     agent.recentTasks = parseRows(tasksResult).map(r => rowToObj(r, taskKeys));
@@ -1433,6 +1528,37 @@ async function handleGetAgent(req, res, ctx, agentId) {
   }
 }
 
+// P7-A2: GET /api/agents/:id/runs — HeartbeatRun history for an agent
+async function handleGetAgentRuns(req, res, ctx, agentId) {
+  const { mgQuery } = ctx;
+  if (!agentId) { jsonResponse(res, 400, { error: 'Missing agent ID' }); return; }
+  const cid = ctx.cid;
+
+  // SQL parity: HeartbeatRun nodes are Memgraph-only (no SQLite mirror yet)
+  if (!mgQuery) {
+    return jsonResponse(res, 200, { runs: [], _source: 'sqlite' });
+  }
+
+  try {
+    const result = await mgQuery(
+      // H-2 fix: removed h.runId (field doesn't exist on HeartbeatRun nodes — they use h.id)
+      // M-4 fix: use toString() for consistent datetime ordering (matches all other ORDER BY in codebase)
+      `MATCH (h:HeartbeatRun {agentId: $agentId, companyId: $cid})
+       RETURN h.id AS id, h.agentId AS agentId, h.companyId AS companyId,
+              h.status AS status, h.startedAt AS startedAt, h.endedAt AS endedAt,
+              h.taskId AS taskId
+       ORDER BY toString(h.startedAt) DESC LIMIT toInteger(50)`,
+      { agentId, cid }
+    );
+    const rows = parseRows(result);
+    const keys = ['id', 'agentId', 'companyId', 'status', 'startedAt', 'endedAt', 'taskId'];
+    const runs = rows.map(r => rowToObj(r, keys));
+    return jsonResponse(res, 200, { runs, count: runs.length });
+  } catch (err) {
+    return jsonResponse(res, 500, { error: `Query failed: ${err.message}` });
+  }
+}
+
 // ── Activity ──────────────────────────────────────────────────────────────────
 
 async function handleGetActivity(req, res, ctx) {
@@ -1821,6 +1947,38 @@ async function handleReviseApproval(req, res, ctx, approvalId) {
       return;
     }
     broadcast({ type: 'approval.revised', approvalId, companyId: cid });
+
+    // Record revision in ActivityLogger so the activity feed shows it
+    ctx.activityLogger?.record({ action: 'approval.revise', actor: cid, entityId: approvalId, companyId: cid });
+
+    // B-19 fix: create AgentReadySignal so the assigned agent wakes and processes the revision.
+    // Without this, the agent that owns the approval's task never re-evaluates after revision.
+    setImmediate(async () => {
+      try {
+        const taskRows = await mgQuery(
+          `MATCH (a:Approval {id: $id, companyId: $cid})-[:FOR_TASK]->(t:Task)
+           RETURN t.id AS taskId, t.assigneeAgentId AS agentId`,
+          { id: approvalId, cid }
+        );
+        const taskRow = parseRows(taskRows)[0];
+        if (taskRow && taskRow.taskId && taskRow.agentId) {
+          await mgQuery(
+            `MERGE (s:AgentReadySignal {id: 'signal:revise:' + $taskId})
+             ON CREATE SET s.agentId = $agentId, s.companyId = $cid, s.status = 'pending',
+                           s.origin = 'approval_revision', s.taskId = $taskId,
+                           s.approvalId = $approvalId, s.createdAt = localdatetime()
+             ON MATCH SET  s.status = 'pending', s.approvalId = $approvalId`,
+            { taskId: taskRow.taskId, agentId: taskRow.agentId, cid, approvalId }
+          );
+        } else {
+          // MED-8: B-19 — no [:FOR_TASK] edge found; agent not signaled
+          log('warn', 'B-19: no Task linked to approval via FOR_TASK edge -- agent not signaled', { approvalId, cid });
+        }
+      } catch (sigErr) {
+        log('warn', 'B-19: AgentReadySignal creation failed after revision', { approvalId, err: sigErr.message });
+      }
+    });
+
     jsonResponse(res, 200, { revised: true, approvalId });
   } catch (err) {
     jsonResponse(res, 500, { error: { code: 'UPDATE_FAILED', message: `Revise failed: ${err.message}` } });
@@ -2674,6 +2832,10 @@ async function handleGetRoutineTriggers(req, res, ctx, routineId) {
 
 async function handleCreateRoutineTrigger(req, res, ctx, routineId) {
   const { mgQuery } = ctx;
+  // HIGH-2 fix: guard against Memgraph unavailability
+  if (!mgQuery) { return jsonResponse(res, 503, { error: 'Memgraph not connected' }); }
+  // CRIT-2 fix: declare cid so broadcast() does not throw ReferenceError
+  const cid = ctx.cid;
   const body = await parseBody(req);
   const kind = body.kind;
   if (!kind || !['schedule', 'webhook', 'api'].includes(kind)) {
@@ -2698,7 +2860,7 @@ async function handleCreateRoutineTrigger(req, res, ctx, routineId) {
       {
         triggerId,
         routineId,
-        cid: ctx.cid,
+        cid,
         kind,
         publicId,
         config: JSON.stringify(body.config || {}),
@@ -2900,13 +3062,17 @@ async function handleCreateRoutine(req, res, ctx) {
 
 async function handlePatchRoutine(req, res, ctx, routineId) {
   const { mgQuery } = ctx;
+  // HIGH-2 fix: guard against Memgraph unavailability
+  if (!mgQuery) { return jsonResponse(res, 503, { error: 'Memgraph not connected' }); }
+  // CRIT-2 fix: declare cid so broadcast() does not throw ReferenceError
+  const cid = ctx.cid;
   const body = await parseBody(req);
 
   try {
-    // Get current routine
+    // Get current routine — CRIT-5 fix: use r.name (not r.title) consistently
     const existing = await mgQuery(
-      `MATCH (r:Routine {id: $routineId, companyId: $cid}) RETURN r.title AS title, r.config AS config`,
-      { routineId, cid: ctx.cid }
+      `MATCH (r:Routine {id: $routineId, companyId: $cid}) RETURN r.name AS name, r.config AS config`,
+      { routineId, cid }
     );
     const rows = parseRows(existing);
     if (rows.length === 0) return jsonResponse(res, 404, { error: 'Routine not found' });
@@ -2914,48 +3080,69 @@ async function handlePatchRoutine(req, res, ctx, routineId) {
     // Count existing revisions to determine revision number
     const revCount = await mgQuery(
       `MATCH (rv:RoutineRevision {routineId: $routineId, companyId: $cid}) RETURN count(rv) AS cnt`,
-      { routineId, cid: ctx.cid }
+      { routineId, cid }
     );
     const revRows = parseRows(revCount);
     const revisionNumber = (revRows[0]?.[0] || 0) + 1;
 
-    // Create revision
-    const revisionId = `revision:${crypto.randomUUID()}`;
-    await mgQuery(
-      `CREATE (rv:RoutineRevision {
-        id: $revisionId,
-        routineId: $routineId,
-        companyId: $cid,
-        revisionNumber: $revisionNumber,
-        config: $config,
-        createdAt: datetime()
-      })`,
-      {
-        revisionId,
-        routineId,
-        cid: ctx.cid,
-        revisionNumber,
-        config: JSON.stringify(body)
-      }
-    );
-
     // Update routine with new values
+    // CRIT-3 fix: handle body.status (for soft-delete via 'inactive' + other status changes)
+    // CRIT-5 fix: use r.name not r.title
     const sets = [];
-    const params = { routineId, cid: ctx.cid };
-    if (body.title) { sets.push('r.title = $title'); params.title = body.title; }
-    if (body.catchUpPolicy) { sets.push('r.catchUpPolicy = $catchUpPolicy'); params.catchUpPolicy = body.catchUpPolicy; }
+    const params = { routineId, cid };
+    if (body.name)              { sets.push('r.name = $name'); params.name = String(body.name); }
+    if (body.title)             { sets.push('r.name = $name'); params.name = String(body.title); } // legacy alias
+    if (body.status)            { sets.push('r.status = $status'); params.status = String(body.status); }
+    if (body.catchUpPolicy)     { sets.push('r.catchUpPolicy = $catchUpPolicy'); params.catchUpPolicy = body.catchUpPolicy; }
     if (body.concurrencyPolicy) { sets.push('r.concurrencyPolicy = $concurrencyPolicy'); params.concurrencyPolicy = body.concurrencyPolicy; }
-    if (body.config) { sets.push('r.config = $config'); params.config = JSON.stringify(body.config); }
+    if (body.cronExpr)          { sets.push('r.cronExpr = $cronExpr'); params.cronExpr = body.cronExpr; }
+    if (body.config)            { sets.push('r.config = $config'); params.config = JSON.stringify(body.config); }
+    sets.push('r.updatedAt = datetime()');
+
+    // MED-3 fix: only create a revision if there are actual field changes (not on no-op patches)
+    const hasChanges = sets.length > 1; // always has updatedAt, so check > 1
+    if (hasChanges) {
+      const revisionId = `revision:${crypto.randomUUID()}`;
+      await mgQuery(
+        `CREATE (rv:RoutineRevision {
+          id: $revisionId,
+          routineId: $routineId,
+          companyId: $cid,
+          revisionNumber: $revisionNumber,
+          config: $config,
+          createdAt: datetime()
+        })`,
+        {
+          revisionId,
+          routineId,
+          cid,
+          revisionNumber,
+          config: JSON.stringify(body)
+        }
+      );
+    }
 
-    if (sets.length > 0) {
+    if (sets.length > 1) {
       await mgQuery(
         `MATCH (r:Routine {id: $routineId, companyId: $cid}) SET ${sets.join(', ')}`,
         params
       );
     }
 
-    broadcast({ type: 'routine.updated', routineId, revisionNumber, companyId: cid });
-    return jsonResponse(res, 200, { updated: true, routineId, revisionNumber, revisionId });
+    // HIGH-3 fix: SQLite write-through after successful Memgraph update
+    if (sets.length > 1 && hboStore?.updateRoutine) {
+      const storeUpdate = {};
+      if (body.name || body.title) storeUpdate.name = body.name ?? body.title;
+      if (body.status)             storeUpdate.status = body.status;
+      if (body.catchUpPolicy)      storeUpdate.catch_up_policy = body.catchUpPolicy;
+      if (body.concurrencyPolicy)  storeUpdate.concurrency_policy = body.concurrencyPolicy;
+      if (body.cronExpr)           storeUpdate.cron_expr = body.cronExpr;
+      try { hboStore.updateRoutine(routineId, cid, storeUpdate); }
+      catch (storeErr) { log('error', 'hboStore.updateRoutine failed', { err: storeErr.message, routineId }); }
+    }
+
+    broadcast({ type: 'routine.updated', routineId, revisionNumber: hasChanges ? revisionNumber : null, companyId: cid });
+    return jsonResponse(res, 200, { updated: true, routineId, revisionNumber: hasChanges ? revisionNumber : null });
   } catch (err) {
     return jsonResponse(res, 500, { error: err.message });
   }
@@ -2981,6 +3168,12 @@ async function handleGetRoutineRevisions(req, res, ctx, routineId) {
 
 async function handleGetRoutineRuns(req, res, ctx, routineId) {
   const { mgQuery } = ctx;
+  const cid = ctx.cid;
+  // MED-5 fix: SQL parity — fallback to SQLite when Memgraph unavailable
+  if (!mgQuery) {
+    // No RoutineRun SQLite table exists yet — return empty gracefully
+    return jsonResponse(res, 200, { runs: [], _source: 'sqlite' });
+  }
   try {
     const result = await mgQuery(
       `MATCH (rr:RoutineRun {routineId: $routineId, companyId: $cid})
@@ -2988,7 +3181,7 @@ async function handleGetRoutineRuns(req, res, ctx, routineId) {
               rr.startedAt AS startedAt, rr.completedAt AS completedAt
        ORDER BY rr.startedAt DESC
        LIMIT toInteger($lim)`,
-      { routineId, cid: ctx.cid, lim: 50 }
+      { routineId, cid, lim: 50 }
     );
     const rows = parseRows(result);
     const keys = ['id', 'status', 'taskId', 'startedAt', 'completedAt'];
@@ -3348,9 +3541,14 @@ const approvalsRoute = require('./routes/approvals')({
 
 const agentsRoute = require('./routes/agents')({
   handleGetAgents,
+  handleGetAgent,         // P7-A1: wire single-agent GET (was dead code — not passed before)
+  handleGetAgentRuns,     // P7-A2: HeartbeatRun history
   handleSyncSkills,
   handleApproveAgent,
   handleTerminateAgent,
+  handlePauseAgent,       // Bug fix: was missing, caused TypeError in agents.js
+  handleResumeAgent,      // Bug fix: was missing
+  handlePauseAll: null,   // pause-all is handled in hbo.js; stub null to prevent TypeError
 });
 
 const skillsRoute = require('./routes/skills')({
@@ -3405,7 +3603,7 @@ const inboxRoute = require('./routes/inbox')({ broadcast });
 const queueRoute = require('./routes/queue')({ broadcast });
 const { handleDraftsRoute } = require('./routes/drafts');
 const goalsRoute = require('./routes/goals');
-const hboRoute = require('./routes/hbo')({ broadcast });
+let hboRoute = require('./routes/hbo')({ broadcast });
 const emailTriageRoute = require('./routes/email-triage')();
 const andonRoute = require('./routes/andon')({ handleGetAndonBoard });
 const wizardRoute = require('./routes/wizard')({});
@@ -3435,6 +3633,9 @@ let mandalaRoute;
 try { mandalaRoute = require('./routes/mandala').mandalaRoute; } catch (_) { mandalaRoute = () => false; }
 let personRoute;
 try { personRoute = require('./routes/person')({ handleGetPersonProfile, handleGetPersonByEmail, handleGetPersonEpisodes }); } catch (_) { personRoute = () => false; }
+// P5-S5c: CRM dual-write route — accepts POST /api/crm/contacts from desktop crmSyncService
+let crmRoute;
+try { crmRoute = require('./routes/crm')({ parseBody, jsonResponse }); } catch (_) { crmRoute = () => false; }
 
 
 // ── WS-nonce store (single-use, 60-second TTL) ───────────────────────────────
@@ -3499,6 +3700,25 @@ async function route(req, res, ctx) {
     return;
   }
 
+  // SP3: Read receipt tracking pixel — must be before auth middleware, no auth required
+  if (req.method === 'GET' && /^\/t\/[a-zA-Z0-9_-]+\.png$/.test(req.url || '')) {
+    const trackingId = (req.url || '').slice(3, -4); // strip leading /t/ and trailing .png
+    const gif1x1 = Buffer.from('R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7', 'base64');
+    res.writeHead(200, {
+      'Content-Type': 'image/gif',
+      'Content-Length': gif1x1.length,
+      'Cache-Control': 'no-cache, no-store, must-revalidate',
+      'Pragma': 'no-cache',
+    });
+    res.end(gif1x1);
+    // Fire-and-forget: log open event to Memgraph
+    try {
+      const { rawWrite: rw } = require('../lib/safe-memgraph.js');
+      rw(`MERGE (o:OpenEvent {trackingId: $id}) ON CREATE SET o.count = 1, o.firstOpenedAt = datetime() ON MATCH SET o.count = o.count + 1, o.lastOpenedAt = datetime()`, { id: trackingId }).catch(() => {});
+    } catch {}
+    return;
+  }
+
   // ── Bearer token auth ────────────────────────────────────────────────────
   // Public routes that skip auth
   const PUBLIC_PATHS = new Set(['/api/health', '/api/auth/ws-nonce', '/login', '/signup', '/api/auth/signup', '/api/auth/login', '/api/auth/logout']);
@@ -3875,6 +4095,7 @@ async function route(req, res, ctx) {
   if (await suggestionsRoute(req, res, reqCtx, pathname, method)) return;
   if (await mandalaRoute(req, res, reqCtx, pathname, method)) return;
   if (await personRoute(req, res, reqCtx, pathname, method)) return;
+  if (await crmRoute(req, res, reqCtx, pathname, method)) return;
 
   // ── Phase 3: SystemAim endpoints ─────────────────────────────────────────
   if (pathname === '/api/system-aim') {
@@ -4151,11 +4372,26 @@ async function handleGetDepartmentPageRoute(req, res, ctx, department) {
       if (narrativeStr && lastGenStr) {
         const lastGen = new Date(String(lastGenStr)).getTime();
         if (!isNaN(lastGen) && Date.now() - lastGen < CACHE_TTL_MS) {
-          // Cache hit — return as-is
+          // Cache hit — return as-is, also include tasks created from this page
           let narrative;
           try { narrative = JSON.parse(String(narrativeStr)); }
           catch (_) { narrative = { governingThought: String(narrativeStr) }; }
-          jsonResponse(res, 200, { department, narrative, generatedAt: lastGenStr, cached: true });
+
+          // P8E-01: Include tasks created from this department page's decisionsStructured
+          const tasksResult = await mg(
+            `MATCH (dp:DepartmentPage {companyId: $cid, department: $dept})
+             WHERE dp.narrative IS NOT NULL
+             OPTIONAL MATCH (dp)-[:CREATED_TASK]->(t:Task)
+             RETURN collect({id: t.id, title: t.title, status: t.status, originKind: t.originKind}) AS tasks
+             ORDER BY dp.lastGeneratedAt DESC LIMIT 1`,
+            { cid, dept: department }
+          ).catch(() => null);
+          const tasksRow = tasksResult && tasksResult.rows ? tasksResult.rows[0] : null;
+          const tasks = tasksRow
+            ? (Array.isArray(tasksRow) ? (tasksRow[0] || []) : (tasksRow.tasks || []))
+            : [];
+
+          jsonResponse(res, 200, { department, narrative, generatedAt: lastGenStr, cached: true, tasks });
           return;
         }
       }
@@ -4407,6 +4643,21 @@ function startApi(mgQuery, config = {}, state = {}) {
     deptRoute = require('./routes/dept')({ mgQuery, broadcast: state.broadcast ?? (() => {}) });
   }
 
+  // Reinitialize hboRoute with triggerGoalDecompose hook so POST /api/hbo/goals immediately
+  // fires tickGoalDecompose instead of waiting up to 150s for the next 5th-tick.
+  // state.daemon._mods is the per-company module registry built by buildForCompany().
+  if (state.daemon && typeof state.broadcast === 'function') {
+    const _triggerFn = (cid) => {
+      try {
+        const mods = state.daemon._mods && state.daemon._mods.get ? state.daemon._mods.get(cid) : (state.daemon._mods?.[cid]);
+        if (mods && mods.hboBridge && typeof mods.hboBridge.tickGoalDecompose === 'function') {
+          mods.hboBridge.tickGoalDecompose({ fromGoalCreate: true }).catch(() => {});
+        }
+      } catch (_) {}
+    };
+    hboRoute = require('./routes/hbo')({ broadcast: state.broadcast, mgQuery, triggerGoalDecompose: _triggerFn });
+  }
+
   // HED routes — requires mgQuery for HEDEngine
   try {
     const { createHedRoutes } = require('./routes/hed');
@@ -4439,6 +4690,7 @@ function startApi(mgQuery, config = {}, state = {}) {
     draining: false,
     apiToken: config.apiToken || null, // null = no auth (backward compat)
     daemon: state.daemon ?? null, // daemon instance ref — used by wizard route for onCompanyReady
+    activityLogger: state.activityLogger ?? null, // H-01: for recording approval events
     modules: [
       'RoutineEvaluator', 'BudgetEnforcer', 'LivenessWatchdog',
       'AgentDispatcher', 'ActivityLogger', 'TaskCompletionWatchdog',