@geekbeer/minion 3.34.0 → 3.40.1

package/core/lib/config-warnings.js

@@ -7,13 +7,15 @@
  *
  * Warning categories:
  * - llm_not_authenticated: No LLM service is authenticated (Claude/Gemini/Codex)
- * - llm_command_not_set: LLM_COMMAND is not configured (required for workflow/routine execution)
+ * - llm_plugin_primary_not_set: LLM plugin `primary` is not selected (required for workflow/routine execution)
+ * - llm_plugin_primary_not_enabled: `primary` plugin is not present in `enabled` list (inconsistent config)
  * - tunnel_not_running: Cloudflare tunnel is not running (required for VNC/terminal access)
  */
 
 const { execSync } = require('child_process')
 const { config } = require('../config')
-const { getLlmServices, isLlmCommandConfigured } = require('./llm-checker')
+const { getLlmServices } = require('./llm-checker')
+const { readConfig: readLlmPluginConfig } = require('../llm-plugins/registry')
 const { IS_WINDOWS } = require('./platform')
 
 /**
@@ -59,15 +61,21 @@ function getConfigWarnings() {
   if (!hasAuthenticatedLlm) {
     warnings.push({
       code: 'llm_not_authenticated',
-      message: 'LLM\u304C\u672A\u8A8D\u8A3C\u3067\u3059\u3002Claude/Gemini/Codex\u306E\u3044\u305A\u308C\u304B\u3092\u8A8D\u8A3C\u3057\u3066\u304F\u3060\u3055\u3044',
+      message: 'LLMが未認証です。Claude/Gemini/Codexのいずれかを認証してください',
     })
   }
 
-  // Check LLM_COMMAND
-  if (!isLlmCommandConfigured()) {
+  // Check LLM plugin selection
+  const pluginCfg = readLlmPluginConfig()
+  if (!pluginCfg.primary) {
     warnings.push({
-      code: 'llm_command_not_set',
-      message: 'LLM_COMMAND\u304C\u672A\u8A2D\u5B9A\u3067\u3059\u3002\u30EF\u30FC\u30AF\u30D5\u30ED\u30FC/\u30EB\u30FC\u30C6\u30A3\u30F3\u5B9F\u884C\u306B\u5FC5\u8981\u3067\u3059',
+      code: 'llm_plugin_primary_not_set',
+      message: 'LLMプラグインのprimaryが未設定です。ワークフロー/ルーティン実行に必要です',
+    })
+  } else if (!pluginCfg.enabled.includes(pluginCfg.primary)) {
+    warnings.push({
+      code: 'llm_plugin_primary_not_enabled',
+      message: `primaryプラグイン "${pluginCfg.primary}" がenabledに含まれていません`,
     })
   }
 
@@ -75,7 +83,7 @@ function getConfigWarnings() {
   if (config.HQ_URL && !isTunnelRunning()) {
     warnings.push({
       code: 'tunnel_not_running',
-      message: 'Cloudflare\u30C8\u30F3\u30CD\u30EB\u304C\u505C\u6B62\u3057\u3066\u3044\u307E\u3059\u3002VNC/\u30BF\u30FC\u30DF\u30CA\u30EB\u63A5\u7D9A\u304C\u3067\u304D\u307E\u305B\u3093',
+      message: 'Cloudflareトンネルが停止しています。VNC/ターミナル接続ができません',
     })
   }
 

package/core/lib/dag-step-poller.js

@@ -255,6 +255,7 @@ async function executeTransformNode(node) {
     assigned_role,
     input_data,
     transform_instruction,
+    input_contracts,
     output_contracts,
   } = node
 
@@ -290,7 +291,12 @@ async function executeTransformNode(node) {
 
     // 2. Create ephemeral skill from transform_instruction.
     // Write to every active plugin's skill dir so any Primary can find it.
-    const skillContent = buildTransformSkillContent(transform_instruction, input_data, output_contracts)
+    const skillContent = buildTransformSkillContent(
+      transform_instruction,
+      input_data,
+      input_contracts,
+      output_contracts,
+    )
     for (const dir of ephemeralSkillDirs) {
       await fs.mkdir(dir, { recursive: true })
       await fs.writeFile(path.join(dir, 'SKILL.md'), skillContent, 'utf-8')
@@ -357,51 +363,88 @@ async function executeTransformNode(node) {
 
 /**
  * Build SKILL.md content for a transform node's ephemeral skill.
+ *
+ * Transform is contract-driven: the Output Contract is the authoritative
+ * target shape, enforced by HQ's runtime validator on node-complete.
+ * `instruction` is an optional hint layered on top for cases where the
+ * contract alone doesn't convey the intent (unit conversion, filter
+ * criteria, renaming conventions, etc.).
  */
-function buildTransformSkillContent(instruction, inputData, outputContracts) {
+function buildTransformSkillContent(instruction, inputData, inputContracts, outputContracts) {
   const lines = [
     '---',
     'name: dag-transform',
     'description: DAG Transform Node',
     '---',
     '',
-    'You are a data transformation step in a DAG workflow.',
+    'You are a data transformation step in a DAG workflow. Your job is to',
+    'reshape the Input Data into an object that conforms **exactly** to the',
+    'Output Contract. HQ will reject the result if any required field is',
+    'missing or has the wrong type.',
     '',
     '## Input Data',
     '```json',
     JSON.stringify(inputData, null, 2),
     '```',
-    '',
-    '## Transform Instruction',
-    instruction,
   ]
 
+  if (inputContracts && inputContracts.length > 0) {
+    lines.push('', '## Input Contract')
+    lines.push('The Input Data above conforms to:')
+    for (const ic of inputContracts) {
+      lines.push(`### ${ic.contract_name}`)
+      lines.push(ic.contract.description || '')
+      appendContractTable(lines, ic.contract.fields || [])
+    }
+  }
+
   if (outputContracts && outputContracts.length > 0) {
-    lines.push('', '## Output Contract')
-    lines.push('Your output MUST conform to the following contract(s):')
+    lines.push('', '## Output Contract (REQUIRED)')
+    lines.push(
+      'Produce a JSON object matching this contract. Every required field',
+      'must be present with the declared type. Extra fields are discarded.',
+    )
     for (const oc of outputContracts) {
       lines.push(`### ${oc.contract_name}`)
       lines.push(oc.contract.description || '')
-      lines.push('| Field | Type | Required | Description |')
-      lines.push('|-------|------|----------|-------------|')
-      for (const f of oc.contract.fields || []) {
-        const typeDisplay = f.type === 'array' && f.items ? `array<${f.items}>` : f.type
-        lines.push(`| ${f.key} | ${typeDisplay} | ${f.required ? 'Yes' : 'No'} | ${f.description || ''} |`)
-      }
+      appendContractTable(lines, oc.contract.fields || [])
     }
+  } else {
+    lines.push(
+      '',
+      '## Output Contract',
+      '⚠️ No output contract was declared on the outgoing edge. This transform',
+      'node is misconfigured and should not have reached execution. Return',
+      'the input data unchanged and fail loudly.',
+    )
+  }
+
+  if (instruction && instruction.trim()) {
+    lines.push('', '## Hint (optional)')
+    lines.push(instruction.trim())
   }
 
   lines.push(
     '',
     '## Task',
-    'Apply the transform instruction to the input data above.',
-    'Output the result as a JSON object in an "## Output Data" section with a json code block.',
+    '1. Read Input Data and the Output Contract carefully.',
+    '2. Construct a JSON object satisfying the Output Contract.',
+    '3. Output it under a "## Output Data" section with a json code block.',
     'Do NOT output anything other than the Output Data section.',
   )
 
   return lines.join('\n')
 }
 
+function appendContractTable(lines, fields) {
+  lines.push('| Field | Type | Required | Description |')
+  lines.push('|-------|------|----------|-------------|')
+  for (const f of fields) {
+    const typeDisplay = f.type === 'array' && f.items ? `array<${f.items}>` : f.type
+    lines.push(`| ${f.name} | ${typeDisplay} | ${f.required ? 'Yes' : 'No'} | ${f.description || ''} |`)
+  }
+}
+
 /**
  * Resolve skill_version_id to skill name via HQ API.
  */

package/core/lib/end-of-day.js

@@ -1,8 +1,9 @@
 /**
  * Shared end-of-day processing logic
  *
- * Extracts daily conversation summary and long-term learnings from the chat session.
- * Used by both the chat route (manual trigger) and the reflection scheduler (automatic).
+ * Extracts daily conversation summary and long-term learnings from the chat session
+ * of a specific workspace. Used by both the chat route (manual trigger) and the
+ * reflection scheduler (automatic, loops over all workspaces).
  *
  * @module core/lib/end-of-day
  */
@@ -10,19 +11,35 @@
 const chatStore = require('../stores/chat-store')
 const memoryStore = require('../stores/memory-store')
 const dailyLogStore = require('../stores/daily-log-store')
+const workspaceStore = require('../stores/workspace-store')
 
 /**
- * Run end-of-day processing: generate daily log + extract memories from conversation.
+ * Run end-of-day processing for a single workspace: generate daily log + extract
+ * memories from the workspace's chat session. If no conversation exists, a stub
+ * log is saved so that the absence of activity is itself a record.
  *
  * @param {Object} opts
+ * @param {string} opts.workspaceId - Workspace to process ('' = unassigned)
  * @param {(prompt: string) => Promise<string>} opts.runQuickLlmCall - Platform-specific LLM call function
  * @param {boolean} [opts.clearSession=false] - Whether to clear the chat session after processing
- * @returns {Promise<{ daily_log: string|null, memory_entries_added: number }>}
+ * @returns {Promise<{ daily_log: string|null, memory_entries_added: number, had_conversation: boolean }>}
  */
-async function runEndOfDay({ runQuickLlmCall, clearSession = false }) {
-  const session = await chatStore.load()
+async function runEndOfDay({ workspaceId, runQuickLlmCall, clearSession = false }) {
+  if (workspaceId == null) {
+    throw new Error('workspaceId is required for end-of-day processing')
+  }
+
+  const today = new Date().toISOString().split('T')[0]
+  const session = await chatStore.load(workspaceId)
+
+  // No conversation — record a stub so the idle day is still logged.
   if (!session || session.messages.length === 0) {
-    return { daily_log: null, memory_entries_added: 0 }
+    const ws = workspaceId ? workspaceStore.getById(workspaceId) : null
+    const wsLabel = ws ? `${ws.name}` : (workspaceId ? `workspace:${workspaceId}` : '未所属')
+    const stub = `# ${today} (${wsLabel})\n\n本日、このワークスペースでの会話はありませんでした。`
+    await dailyLogStore.saveLog(workspaceId, today, stub)
+    console.log(`[EndOfDay] No conversation in workspace=${workspaceId || '(unassigned)'}, saved stub log for ${today}`)
+    return { daily_log: today, memory_entries_added: 0, had_conversation: false }
   }
 
   // Build conversation text for summarization (last 50 messages)
@@ -52,7 +69,6 @@ ${conversationText}
 
 JSON形式のみで回答してください（\`\`\`jsonブロックは不要）:`
 
-  const today = new Date().toISOString().split('T')[0]
   let dailyLog = null
   let memoriesAdded = 0
 
@@ -73,8 +89,8 @@ JSON形式のみで回答してください（\`\`\`jsonブロックは不要）
     // Save daily log
     if (parsed.daily_summary) {
       dailyLog = parsed.daily_summary
-      await dailyLogStore.saveLog(today, dailyLog)
-      console.log(`[EndOfDay] Saved daily log for ${today}`)
+      await dailyLogStore.saveLog(workspaceId, today, dailyLog)
+      console.log(`[EndOfDay] Saved daily log for ${today} workspace=${workspaceId || '(unassigned)'}`)
     }
 
     // Save learnings to memory
@@ -102,15 +118,15 @@ JSON形式のみで回答してください（\`\`\`jsonブロックは不要）
       .map(m => `**${m.role === 'user' ? 'ユーザー' : 'アシスタント'}**: ${m.content.substring(0, 300)}`)
       .join('\n\n')
     dailyLog = `# ${today} 会話ログ\n\n${fallback}`
-    await dailyLogStore.saveLog(today, dailyLog)
+    await dailyLogStore.saveLog(workspaceId, today, dailyLog)
   }
 
   if (clearSession) {
-    await chatStore.clear()
-    console.log('[EndOfDay] Session cleared')
+    await chatStore.clear(workspaceId)
+    console.log(`[EndOfDay] Session cleared for workspace=${workspaceId || '(unassigned)'}`)
   }
 
-  return { daily_log: today, memory_entries_added: memoriesAdded }
+  return { daily_log: today, memory_entries_added: memoriesAdded, had_conversation: true }
 }
 
 module.exports = { runEndOfDay }

package/core/lib/reflection-scheduler.js

@@ -19,6 +19,7 @@
 const { Cron } = require('croner')
 const { config } = require('../config')
 const { runEndOfDay } = require('./end-of-day')
+const workspaceStore = require('../stores/workspace-store')
 
 /** @type {import('croner').Cron | null} */
 let cronJob = null
@@ -134,16 +135,29 @@ async function runReflection() {
   console.log('[ReflectionScheduler] Starting daily reflection...')
 
   try {
-    const result = await runEndOfDay({
-      runQuickLlmCall: llmCallFn,
-      clearSession: false,
-    })
-
-    if (result.daily_log) {
-      console.log(`[ReflectionScheduler] Completed: log=${result.daily_log}, memories=${result.memory_entries_added}`)
-    } else {
-      console.log('[ReflectionScheduler] Completed: no conversation to process')
+    // Always include '' (unassigned) so pre-workspace-scoping legacy conversations
+    // (or minions not yet synced with HQ) are still processed.
+    const workspaces = workspaceStore.list()
+    const workspaceIds = ['', ...workspaces.map(w => w.id)]
+
+    let totalMemories = 0
+    let totalLogs = 0
+
+    for (const workspaceId of workspaceIds) {
+      try {
+        const result = await runEndOfDay({
+          workspaceId,
+          runQuickLlmCall: llmCallFn,
+          clearSession: false,
+        })
+        if (result.daily_log) totalLogs++
+        totalMemories += result.memory_entries_added
+      } catch (err) {
+        console.error(`[ReflectionScheduler] Workspace ${workspaceId || '(unassigned)'} failed: ${err.message}`)
+      }
     }
+
+    console.log(`[ReflectionScheduler] Completed: ${totalLogs} logs across ${workspaceIds.length} workspaces, ${totalMemories} memories`)
   } catch (err) {
     console.error(`[ReflectionScheduler] Failed: ${err.message}`)
   } finally {

package/core/lib/thread-watcher.js

@@ -310,6 +310,8 @@ ${roleGuidance}
         const linkedProjectId = (threadSummary.linked_projects && threadSummary.linked_projects.length > 0)
           ? threadSummary.linked_projects[0].id
           : null
+        // HQ resolves the thread's workspace_id on delivery (see
+        // src/app/api/minion/threads/route.ts). Fall back to '' if missing.
         todoStore.add({
           title: parsed.todo.title,
           priority: parsed.todo.priority || 'normal',
@@ -317,6 +319,7 @@ ${roleGuidance}
           source_type: 'thread',
           source_id: threadSummary.id,
           project_id: linkedProjectId,
+          workspace_id: threadSummary.workspace_id || '',
         })
         console.log(`[ThreadWatcher] Created TODO from thread: "${parsed.todo.title}"`)
       } catch (err) {

package/core/routes/daily-logs.js

@@ -1,40 +1,56 @@
 /**
  * Daily log endpoints
  *
- * Provides CRUD + search for daily conversation summaries.
+ * Provides CRUD + search for daily conversation summaries, scoped by workspace.
  * Logs are stored in SQLite with FTS5 full-text search.
  *
+ * All endpoints require a `workspace_id` identifying the scope. Pass `''`
+ * (empty string) to address legacy / unassigned logs.
+ *
  * Endpoints:
- *   GET    /api/daily-logs          - List all logs (or search with ?search=keyword)
- *   POST   /api/daily-logs          - Create a new daily log
- *   GET    /api/daily-logs/:date    - Get a specific day's log
- *   PUT    /api/daily-logs/:date    - Update a daily log
- *   DELETE /api/daily-logs/:date    - Delete a specific day's log
+ *   GET    /api/daily-logs?workspace_id=...                  - List logs
+ *   GET    /api/daily-logs?workspace_id=...&search=keyword   - FTS5 search
+ *   POST   /api/daily-logs                                    - Create (body: workspace_id, date, content)
+ *   GET    /api/daily-logs/:date?workspace_id=...            - Get a specific day's log
+ *   PUT    /api/daily-logs/:date                              - Update (body: workspace_id, content)
+ *   DELETE /api/daily-logs/:date?workspace_id=...            - Delete
  */
 
 const { verifyToken } = require('../lib/auth')
 const dailyLogStore = require('../stores/daily-log-store')
 
+function pickWorkspaceId(raw) {
+  // Accept '' (explicit unassigned) but reject undefined/null.
+  if (raw === '' || typeof raw === 'string') return raw
+  return null
+}
+
 /**
  * Register daily log routes as Fastify plugin
  * @param {import('fastify').FastifyInstance} fastify
  */
 async function dailyLogRoutes(fastify) {
 
-  // GET /api/daily-logs - List or search logs
+  // GET /api/daily-logs - List or search logs (scoped)
   fastify.get('/api/daily-logs', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
+    const workspaceId = pickWorkspaceId(request.query?.workspace_id)
+    if (workspaceId === null) {
+      reply.code(400)
+      return { success: false, error: 'workspace_id query param is required' }
+    }
+
     const { search } = request.query || {}
     if (search) {
-      const logs = dailyLogStore.searchLogs(search)
+      const logs = dailyLogStore.searchLogs(workspaceId, search)
       return { success: true, logs }
     }
 
-    const logs = dailyLogStore.listLogs()
+    const logs = dailyLogStore.listLogs(workspaceId)
     return { success: true, logs }
   })
 
@@ -45,39 +61,50 @@ async function dailyLogRoutes(fastify) {
       return { success: false, error: 'Unauthorized' }
     }
 
-    const { date, content } = request.body || {}
+    const { workspace_id, date, content } = request.body || {}
+    const workspaceId = pickWorkspaceId(workspace_id)
+    if (workspaceId === null) {
+      reply.code(400)
+      return { success: false, error: 'workspace_id is required' }
+    }
     if (!date || !content) {
       reply.code(400)
       return { success: false, error: 'date and content are required' }
     }
 
-    // Check if log already exists
-    const existing = dailyLogStore.loadLog(date)
+    // Check if log already exists for this (workspace, date)
+    const existing = dailyLogStore.loadLog(workspaceId, date)
     if (existing !== null) {
       reply.code(409)
       return { success: false, error: 'Log already exists for this date. Use PUT to update.' }
     }
 
-    dailyLogStore.saveLog(date, content)
-    console.log(`[DailyLogs] Created log: ${date}`)
-    return { success: true, log: { date, content } }
+    dailyLogStore.saveLog(workspaceId, date, content)
+    console.log(`[DailyLogs] Created log: ${date} workspace=${workspaceId || '(unassigned)'}`)
+    return { success: true, log: { workspace_id: workspaceId, date, content } }
   })
 
-  // GET /api/daily-logs/:date - Get a specific day's log
+  // GET /api/daily-logs/:date - Get a specific day's log for a workspace
   fastify.get('/api/daily-logs/:date', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
+    const workspaceId = pickWorkspaceId(request.query?.workspace_id)
+    if (workspaceId === null) {
+      reply.code(400)
+      return { success: false, error: 'workspace_id query param is required' }
+    }
+
     const { date } = request.params
-    const content = dailyLogStore.loadLog(date)
+    const content = dailyLogStore.loadLog(workspaceId, date)
     if (content === null) {
       reply.code(404)
       return { success: false, error: 'Log not found' }
     }
 
-    return { success: true, log: { date, content } }
+    return { success: true, log: { workspace_id: workspaceId, date, content } }
   })
 
   // PUT /api/daily-logs/:date - Update a daily log
@@ -87,23 +114,27 @@ async function dailyLogRoutes(fastify) {
       return { success: false, error: 'Unauthorized' }
     }
 
-    const { date } = request.params
-    const { content } = request.body || {}
+    const { workspace_id, content } = request.body || {}
+    const workspaceId = pickWorkspaceId(workspace_id)
+    if (workspaceId === null) {
+      reply.code(400)
+      return { success: false, error: 'workspace_id is required' }
+    }
     if (!content) {
       reply.code(400)
       return { success: false, error: 'content is required' }
     }
 
-    // Check if log exists
-    const existing = dailyLogStore.loadLog(date)
+    const { date } = request.params
+    const existing = dailyLogStore.loadLog(workspaceId, date)
     if (existing === null) {
       reply.code(404)
       return { success: false, error: 'Log not found' }
     }
 
-    dailyLogStore.saveLog(date, content)
-    console.log(`[DailyLogs] Updated log: ${date}`)
-    return { success: true, log: { date, content } }
+    dailyLogStore.saveLog(workspaceId, date, content)
+    console.log(`[DailyLogs] Updated log: ${date} workspace=${workspaceId || '(unassigned)'}`)
+    return { success: true, log: { workspace_id: workspaceId, date, content } }
   })
 
   // DELETE /api/daily-logs/:date - Delete a specific day's log
@@ -113,14 +144,20 @@ async function dailyLogRoutes(fastify) {
       return { success: false, error: 'Unauthorized' }
     }
 
+    const workspaceId = pickWorkspaceId(request.query?.workspace_id)
+    if (workspaceId === null) {
+      reply.code(400)
+      return { success: false, error: 'workspace_id query param is required' }
+    }
+
     const { date } = request.params
-    const deleted = dailyLogStore.deleteLog(date)
+    const deleted = dailyLogStore.deleteLog(workspaceId, date)
     if (!deleted) {
       reply.code(404)
       return { success: false, error: 'Log not found' }
     }
 
-    console.log(`[DailyLogs] Deleted log: ${date}`)
+    console.log(`[DailyLogs] Deleted log: ${date} workspace=${workspaceId || '(unassigned)'}`)
     return { success: true }
   })
 }

package/core/routes/routines.js

@@ -69,14 +69,18 @@ async function routineRoutes(fastify, opts) {
     }
   })
 
-  // List all routines with their current status
+  // List routines with their current status.
+  // Optional ?workspace_id= filter: when provided, scope to that workspace;
+  // when absent, return all.
   fastify.get('/api/routines', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
-    const routines = await routineStore.load()
+    const rawWs = request.query?.workspace_id
+    const workspaceId = (rawWs === '' || typeof rawWs === 'string') ? rawWs : undefined
+    const routines = await routineStore.load(workspaceId)
     const status = routineRunner.getStatus()
 
     // Merge routine data with runtime status

package/core/routes/skills.js

@@ -340,6 +340,7 @@ async function skillRoutes(fastify, opts) {
       execution_id,
       step_index,
       workflow_name,
+      workspace_id,
       role,
       revision_feedback,
       review_history,
@@ -380,6 +381,7 @@ async function skillRoutes(fastify, opts) {
       skill_name,
       workflow_id: null,
       workflow_name: workflow_name || null,
+      workspace_id: workspace_id || '',
       status: 'running',
       outcome: null,
       started_at: startedAt,
@@ -407,6 +409,7 @@ async function skillRoutes(fastify, opts) {
         const syntheticWorkflow = {
           id: effectiveExecutionId,
           name: workflow_name || skill_name,
+          workspace_id: workspace_id || '',
         }
         const result = await workflowRunner.runWorkflow({
           ...syntheticWorkflow,
@@ -421,6 +424,7 @@ async function skillRoutes(fastify, opts) {
           skill_name,
           workflow_id: null,
           workflow_name: workflow_name || null,
+          workspace_id: workspace_id || '',
           status: 'failed',
           outcome: 'failure',
           started_at: startedAt,

package/core/routes/todos.js

@@ -22,18 +22,22 @@ const todoStore = require('../stores/todo-store')
  */
 async function todoRoutes(fastify) {
 
-  // GET /api/todos/summary - Status counts (must be before /:id)
+  // GET /api/todos/summary - Status counts (must be before /:id).
+  // Optional ?workspace_id= scopes the counts.
   fastify.get('/api/todos/summary', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
-    const summary = todoStore.getSummary()
+    const rawWs = request.query?.workspace_id
+    const workspaceId = (rawWs === '' || typeof rawWs === 'string') ? rawWs : undefined
+    const summary = todoStore.getSummary(workspaceId)
     return { success: true, summary }
   })
 
-  // GET /api/todos - List with optional filters
+  // GET /api/todos - List with optional filters.
+  // Optional ?workspace_id= scopes to a workspace; omit for cross-workspace view.
   fastify.get('/api/todos', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
@@ -41,12 +45,15 @@ async function todoRoutes(fastify) {
     }
 
     const { status, priority, project_id, source_type, session_id, limit } = request.query || {}
+    const rawWs = request.query?.workspace_id
+    const workspaceId = (rawWs === '' || typeof rawWs === 'string') ? rawWs : undefined
     const todos = todoStore.list({
       status,
       priority,
       project_id,
       source_type,
       session_id,
+      workspace_id: workspaceId,
       limit: limit ? parseInt(limit, 10) : undefined,
     })
 
@@ -69,22 +76,28 @@ async function todoRoutes(fastify) {
     return { success: true, todo }
   })
 
-  // POST /api/todos - Create a new todo
+  // POST /api/todos - Create a new todo.
+  // workspace_id is required (pass "" for unassigned/legacy); no auto-resolution
+  // is performed so callers must always decide the scope explicitly.
   fastify.post('/api/todos', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
-    const { title, description, priority, source_type, source_id, project_id, due_at, data, session_id } = request.body || {}
+    const { title, description, priority, source_type, source_id, project_id, workspace_id, due_at, data, session_id } = request.body || {}
     if (!title) {
       reply.code(400)
       return { success: false, error: 'title is required' }
     }
+    if (workspace_id !== '' && typeof workspace_id !== 'string') {
+      reply.code(400)
+      return { success: false, error: 'workspace_id is required (pass "" for unassigned/legacy todos)' }
+    }
 
     try {
-      const todo = todoStore.add({ title, description, priority, source_type, source_id, project_id, due_at, data, session_id })
-      console.log(`[Todos] Created: ${todo.id} "${todo.title}"`)
+      const todo = todoStore.add({ title, description, priority, source_type, source_id, project_id, workspace_id, due_at, data, session_id })
+      console.log(`[Todos] Created: ${todo.id} "${todo.title}" ws=${workspace_id || '(unassigned)'}`)
       reply.code(201)
       return { success: true, todo }
     } catch (err) {