npm - @hellcoder/companion - Versions diffs - 0.96.0 - Mend

@hellcoder/companion 0.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/bin/cli.ts +168 -0
package/bin/ctl.ts +528 -0
package/bin/generate-token.ts +28 -0
package/dist/apple-touch-icon.png +0 -0
package/dist/assets/AgentsPage-DCFhrJ28.js +13 -0
package/dist/assets/CronManager-EGwLJONv.js +1 -0
package/dist/assets/IntegrationsPage-CTMRnbQS.js +1 -0
package/dist/assets/LinearOAuthSettingsPage-CgQFMIgr.js +1 -0
package/dist/assets/LinearSettingsPage-C9nok1qi.js +1 -0
package/dist/assets/Playground-BV3k0RbV.js +109 -0
package/dist/assets/PromptsPage-CFojqNKP.js +4 -0
package/dist/assets/RunsPage-DUJ1QUSa.js +1 -0
package/dist/assets/SandboxManager-CrVQ-VU_.js +8 -0
package/dist/assets/SettingsPage-D1fPCL19.js +1 -0
package/dist/assets/TailscalePage-D06cyvyC.js +1 -0
package/dist/assets/index-BhUa1e6X.css +1 -0
package/dist/assets/index-DkqeP-R9.js +134 -0
package/dist/assets/sw-register-BibwRdvC.js +1 -0
package/dist/assets/workbox-window.prod.es5-BIl4cyR9.js +2 -0
package/dist/favicon.svg +8 -0
package/dist/fonts/MesloLGSNerdFontMono-Bold.woff2 +0 -0
package/dist/fonts/MesloLGSNerdFontMono-Regular.woff2 +0 -0
package/dist/icon-192.png +0 -0
package/dist/icon-512.png +0 -0
package/dist/index.html +20 -0
package/dist/logo-codex.svg +14 -0
package/dist/logo-docker.svg +4 -0
package/dist/logo.svg +14 -0
package/dist/manifest.json +24 -0
package/dist/sw.js +2 -0
package/package.json +104 -0
package/server/agent-cron-migrator.test.ts +610 -0
package/server/agent-cron-migrator.ts +85 -0
package/server/agent-executor.test.ts +1108 -0
package/server/agent-executor.ts +346 -0
package/server/agent-store.test.ts +588 -0
package/server/agent-store.ts +185 -0
package/server/agent-types.ts +138 -0
package/server/ai-validation-settings.test.ts +128 -0
package/server/ai-validation-settings.ts +35 -0
package/server/ai-validator.test.ts +387 -0
package/server/ai-validator.ts +271 -0
package/server/auth-manager.test.ts +83 -0
package/server/auth-manager.ts +150 -0
package/server/auto-namer.test.ts +252 -0
package/server/auto-namer.ts +78 -0
package/server/backend-adapter.test.ts +38 -0
package/server/backend-adapter.ts +54 -0
package/server/cache-headers.test.ts +98 -0
package/server/cache-headers.ts +61 -0
package/server/claude-adapter.test.ts +1363 -0
package/server/claude-adapter.ts +889 -0
package/server/claude-container-auth.test.ts +44 -0
package/server/claude-container-auth.ts +30 -0
package/server/claude-protocol-contract.test.ts +71 -0
package/server/claude-protocol-drift.test.ts +78 -0
package/server/claude-session-discovery.test.ts +132 -0
package/server/claude-session-discovery.ts +157 -0
package/server/claude-session-history.test.ts +158 -0
package/server/claude-session-history.ts +410 -0
package/server/cli-launcher.test.ts +1343 -0
package/server/cli-launcher.ts +1298 -0
package/server/cli.test.ts +16 -0
package/server/codex-adapter.test.ts +5545 -0
package/server/codex-adapter.ts +3062 -0
package/server/codex-container-auth.test.ts +50 -0
package/server/codex-container-auth.ts +24 -0
package/server/codex-home.test.ts +61 -0
package/server/codex-home.ts +26 -0
package/server/codex-protocol-contract.test.ts +96 -0
package/server/codex-protocol-drift.test.ts +123 -0
package/server/codex-ws-proxy.cjs +226 -0
package/server/commands-discovery.test.ts +179 -0
package/server/commands-discovery.ts +81 -0
package/server/constants.ts +7 -0
package/server/container-manager.test.ts +1211 -0
package/server/container-manager.ts +1053 -0
package/server/cron-scheduler.test.ts +957 -0
package/server/cron-scheduler.ts +243 -0
package/server/cron-store.test.ts +422 -0
package/server/cron-store.ts +148 -0
package/server/cron-types.ts +63 -0
package/server/env-manager.test.ts +268 -0
package/server/env-manager.ts +161 -0
package/server/event-bus-types.ts +64 -0
package/server/event-bus.test.ts +244 -0
package/server/event-bus.ts +124 -0
package/server/execution-store.test.ts +307 -0
package/server/execution-store.ts +170 -0
package/server/fs-utils.ts +15 -0
package/server/git-utils.test.ts +938 -0
package/server/git-utils.ts +421 -0
package/server/github-pr.test.ts +498 -0
package/server/github-pr.ts +379 -0
package/server/image-pull-manager.test.ts +303 -0
package/server/image-pull-manager.ts +279 -0
package/server/index.ts +396 -0
package/server/linear-agent-bridge.test.ts +1157 -0
package/server/linear-agent-bridge.ts +629 -0
package/server/linear-agent.test.ts +473 -0
package/server/linear-agent.ts +479 -0
package/server/linear-cache.test.ts +136 -0
package/server/linear-cache.ts +113 -0
package/server/linear-connections.test.ts +350 -0
package/server/linear-connections.ts +231 -0
package/server/linear-credential-migration.test.ts +337 -0
package/server/linear-credential-migration.ts +63 -0
package/server/linear-oauth-connections-migration.test.ts +268 -0
package/server/linear-oauth-connections.test.ts +365 -0
package/server/linear-oauth-connections.ts +294 -0
package/server/linear-project-manager.test.ts +162 -0
package/server/linear-project-manager.ts +111 -0
package/server/linear-prompt-builder.test.ts +74 -0
package/server/linear-prompt-builder.ts +61 -0
package/server/linear-staging.test.ts +276 -0
package/server/linear-staging.ts +142 -0
package/server/logger.test.ts +393 -0
package/server/logger.ts +259 -0
package/server/metrics-collector.test.ts +413 -0
package/server/metrics-collector.ts +350 -0
package/server/metrics-types.ts +108 -0
package/server/middleware/managed-auth.test.ts +264 -0
package/server/middleware/managed-auth.ts +195 -0
package/server/novnc-proxy.test.ts +333 -0
package/server/novnc-proxy.ts +99 -0
package/server/path-resolver.test.ts +552 -0
package/server/path-resolver.ts +186 -0
package/server/paths.test.ts +31 -0
package/server/paths.ts +11 -0
package/server/pr-poller.test.ts +191 -0
package/server/pr-poller.ts +162 -0
package/server/prompt-manager.test.ts +211 -0
package/server/prompt-manager.ts +211 -0
package/server/protocol/claude-upstream/README.md +19 -0
package/server/protocol/claude-upstream/sdk.d.ts.txt +1943 -0
package/server/protocol/codex-upstream/ClientNotification.ts.txt +5 -0
package/server/protocol/codex-upstream/ClientRequest.ts.txt +60 -0
package/server/protocol/codex-upstream/README.md +18 -0
package/server/protocol/codex-upstream/ServerNotification.ts.txt +41 -0
package/server/protocol/codex-upstream/ServerRequest.ts.txt +16 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallParams.ts.txt +6 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallResponse.ts.txt +6 -0
package/server/protocol-monitor.ts +50 -0
package/server/recorder.test.ts +454 -0
package/server/recorder.ts +374 -0
package/server/recording-hub/compat-validator.test.ts +150 -0
package/server/recording-hub/compat-validator.ts +284 -0
package/server/recording-hub/diagnostics.test.ts +140 -0
package/server/recording-hub/diagnostics.ts +299 -0
package/server/recording-hub/hub-config.test.ts +44 -0
package/server/recording-hub/hub-config.ts +19 -0
package/server/recording-hub/hub-routes.test.ts +417 -0
package/server/recording-hub/hub-routes.ts +236 -0
package/server/recording-hub/hub-store.test.ts +262 -0
package/server/recording-hub/hub-store.ts +265 -0
package/server/recording-hub/replay-adapter.test.ts +294 -0
package/server/recording-hub/replay-adapter.ts +207 -0
package/server/relay-client.test.ts +337 -0
package/server/relay-client.ts +320 -0
package/server/replay.test.ts +200 -0
package/server/replay.ts +78 -0
package/server/routes/agent-routes.test.ts +1400 -0
package/server/routes/agent-routes.ts +409 -0
package/server/routes/cron-routes.test.ts +881 -0
package/server/routes/cron-routes.ts +103 -0
package/server/routes/env-routes.test.ts +383 -0
package/server/routes/env-routes.ts +95 -0
package/server/routes/fs-routes.test.ts +1198 -0
package/server/routes/fs-routes.ts +605 -0
package/server/routes/git-routes.test.ts +813 -0
package/server/routes/git-routes.ts +97 -0
package/server/routes/linear-agent-routes.test.ts +721 -0
package/server/routes/linear-agent-routes.ts +304 -0
package/server/routes/linear-connection-routes.test.ts +927 -0
package/server/routes/linear-connection-routes.ts +244 -0
package/server/routes/linear-oauth-connection-routes.test.ts +406 -0
package/server/routes/linear-oauth-connection-routes.ts +129 -0
package/server/routes/linear-routes.test.ts +1510 -0
package/server/routes/linear-routes.ts +953 -0
package/server/routes/metrics-routes.test.ts +103 -0
package/server/routes/metrics-routes.ts +13 -0
package/server/routes/prompt-routes.ts +67 -0
package/server/routes/sandbox-routes.test.ts +513 -0
package/server/routes/sandbox-routes.ts +127 -0
package/server/routes/settings-routes.ts +270 -0
package/server/routes/skills-routes.test.ts +690 -0
package/server/routes/skills-routes.ts +100 -0
package/server/routes/system-routes.test.ts +637 -0
package/server/routes/system-routes.ts +228 -0
package/server/routes/tailscale-routes.test.ts +176 -0
package/server/routes/tailscale-routes.ts +22 -0
package/server/routes.test.ts +4655 -0
package/server/routes.ts +1277 -0
package/server/sandbox-manager.test.ts +378 -0
package/server/sandbox-manager.ts +168 -0
package/server/service.test.ts +1419 -0
package/server/service.ts +718 -0
package/server/session-creation-service.test.ts +661 -0
package/server/session-creation-service.ts +473 -0
package/server/session-git-info.ts +104 -0
package/server/session-linear-issues.test.ts +118 -0
package/server/session-linear-issues.ts +88 -0
package/server/session-names.test.ts +94 -0
package/server/session-names.ts +67 -0
package/server/session-orchestrator.test.ts +1784 -0
package/server/session-orchestrator.ts +973 -0
package/server/session-state-machine.test.ts +606 -0
package/server/session-state-machine.ts +207 -0
package/server/session-store.test.ts +290 -0
package/server/session-store.ts +146 -0
package/server/session-types.ts +509 -0
package/server/settings-manager.test.ts +275 -0
package/server/settings-manager.ts +173 -0
package/server/tailscale-manager.test.ts +553 -0
package/server/tailscale-manager.ts +451 -0
package/server/terminal-manager.ts +240 -0
package/server/update-checker.test.ts +306 -0
package/server/update-checker.ts +197 -0
package/server/usage-limits.test.ts +536 -0
package/server/usage-limits.ts +225 -0
package/server/worktree-tracker.test.ts +243 -0
package/server/worktree-tracker.ts +84 -0
package/server/ws-auth.test.ts +59 -0
package/server/ws-auth.ts +41 -0
package/server/ws-bridge-browser-ingest.test.ts +272 -0
package/server/ws-bridge-browser-ingest.ts +72 -0
package/server/ws-bridge-browser.ts +112 -0
package/server/ws-bridge-cli-ingest.test.ts +302 -0
package/server/ws-bridge-cli-ingest.ts +81 -0
package/server/ws-bridge-codex.test.ts +1837 -0
package/server/ws-bridge-codex.ts +266 -0
package/server/ws-bridge-controls.test.ts +124 -0
package/server/ws-bridge-controls.ts +20 -0
package/server/ws-bridge-persist.test.ts +296 -0
package/server/ws-bridge-persist.ts +66 -0
package/server/ws-bridge-publish.test.ts +234 -0
package/server/ws-bridge-publish.ts +79 -0
package/server/ws-bridge-replay.test.ts +44 -0
package/server/ws-bridge-replay.ts +61 -0
package/server/ws-bridge-types.ts +106 -0
package/server/ws-bridge.test.ts +4777 -0
package/server/ws-bridge.ts +1279 -0

package/server/routes/agent-routes.ts ADDED Viewed

@@ -0,0 +1,409 @@
+import crypto from "node:crypto";
+import type { Hono } from "hono";
+import * as agentStore from "../agent-store.js";
+import type { AgentExecutor } from "../agent-executor.js";
+import type { AgentConfig, AgentConfigCreateInput, AgentConfigExport } from "../agent-types.js";
+import { getSettings, updateSettings } from "../settings-manager.js";
+import * as staging from "../linear-staging.js";
+import { getOAuthConnection, createOAuthConnection } from "../linear-oauth-connections.js";
+/** Fields the user can set when creating/updating an agent */
+const EDITABLE_FIELDS = [
+  "name", "description", "icon", "version",
+  "backendType", "model", "permissionMode", "cwd",
+  "envSlug", "env", "allowedTools", "codexInternetAccess",
+  "prompt", "mcpServers", "skills",
+  "container", "branch", "createBranch", "useWorktree",
+  "triggers", "enabled",
+] as const;
+function pickEditable(body: Record<string, unknown>): Partial<AgentConfig> {
+  const result: Record<string, unknown> = {};
+  for (const key of EDITABLE_FIELDS) {
+    if (key in body) result[key] = body[key];
+  }
+  return result as Partial<AgentConfig>;
+}
+function buildCreateInput(
+  body: Record<string, unknown>,
+  overrides?: Partial<Pick<AgentConfigCreateInput, "enabled" | "version">>,
+): AgentConfigCreateInput {
+  return {
+    version: overrides?.version ?? 1,
+    name: (body.name as string | undefined) || "",
+    description: (body.description as string | undefined) || "",
+    icon: body.icon as string | undefined,
+    backendType: (body.backendType as AgentConfig["backendType"] | undefined) || "claude",
+    model: (body.model as string | undefined) || "",
+    permissionMode: (body.permissionMode as string | undefined) || "bypassPermissions",
+    cwd: (body.cwd as string | undefined) || "",
+    envSlug: body.envSlug as string | undefined,
+    env: body.env as Record<string, string> | undefined,
+    allowedTools: body.allowedTools as string[] | undefined,
+    codexInternetAccess: body.codexInternetAccess as boolean | undefined,
+    prompt: (body.prompt as string | undefined) || "",
+    mcpServers: body.mcpServers as AgentConfig["mcpServers"] | undefined,
+    skills: body.skills as string[] | undefined,
+    container: body.container as AgentConfig["container"] | undefined,
+    branch: body.branch as string | undefined,
+    createBranch: body.createBranch as boolean | undefined,
+    useWorktree: body.useWorktree as boolean | undefined,
+    triggers: body.triggers as AgentConfig["triggers"] | undefined,
+    enabled: overrides?.enabled ?? ((body.enabled as boolean | undefined) ?? true),
+  };
+}
+/** Strip sensitive Linear OAuth credentials before sending to the browser */
+function sanitizeAgent(agent: AgentConfig & { nextRunAt?: number | null }): Record<string, unknown> {
+  if (!agent.triggers?.linear) return agent as unknown as Record<string, unknown>;
+  const { oauthClientSecret, webhookSecret, accessToken, refreshToken, ...safeLinear } = agent.triggers.linear;
+  // Resolve connection info for display and flag derivation
+  const conn = safeLinear.oauthConnectionId
+    ? getOAuthConnection(safeLinear.oauthConnectionId)
+    : null;
+  const oauthConnectionName = conn?.name;
+  const oauthConnectionStatus = conn?.status;
+  return {
+    ...agent,
+    triggers: {
+      ...agent.triggers,
+      linear: {
+        ...safeLinear,
+        hasAccessToken: !!(accessToken || oauthConnectionStatus === "connected"),
+        hasClientSecret: !!(oauthClientSecret || conn?.oauthClientSecret),
+        hasWebhookSecret: !!(webhookSecret || conn?.webhookSecret),
+        oauthConnectionName,
+        oauthConnectionStatus,
+      },
+    },
+  } as unknown as Record<string, unknown>;
+}
+/** Strip internal tracking fields to produce a portable export */
+function toExport(agent: AgentConfig): AgentConfigExport {
+  const {
+    id: _id,
+    createdAt: _ca,
+    updatedAt: _ua,
+    totalRuns: _tr,
+    consecutiveFailures: _cf,
+    lastRunAt: _lr,
+    lastSessionId: _ls,
+    enabled: _en,
+    ...exportable
+  } = agent;
+  // Strip Linear OAuth credentials from export (keep oauthConnectionId for reference)
+  if (exportable.triggers?.linear) {
+    const { oauthClientId, oauthClientSecret, webhookSecret, accessToken, refreshToken, ...safeLinear } = exportable.triggers.linear;
+    exportable.triggers = { ...exportable.triggers, linear: safeLinear };
+  }
+  return exportable;
+}
+export function registerAgentRoutes(
+  api: Hono,
+  agentExecutor?: AgentExecutor,
+): void {
+  // ── CRUD ────────────────────────────────────────────────────────────────
+  api.get("/agents", (c) => {
+    const agents = agentStore.listAgents();
+    const enriched = agents.map((a) => sanitizeAgent({
+      ...a,
+      nextRunAt: agentExecutor?.getNextRunTime(a.id)?.getTime() ?? null,
+    }));
+    return c.json(enriched);
+  });
+  api.get("/agents/:id", (c) => {
+    const agent = agentStore.getAgent(c.req.param("id"));
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(sanitizeAgent({
+      ...agent,
+      nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null,
+    }));
+  });
+  api.post("/agents", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const agent = agentStore.createAgent(buildCreateInput(body));
+      // If this is a Linear agent, resolve credentials:
+      // New model: oauthConnectionId already set in triggers.linear
+      // Legacy model: resolve from staging/clone/global
+      if (agent.triggers?.linear?.enabled) {
+        // New model: oauthConnectionId passed directly — nothing more to do
+        if (agent.triggers.linear.oauthConnectionId) {
+          // Already stored via triggers, just proceed
+        } else if (!agent.triggers.linear.oauthClientId) {
+          // Legacy model: resolve credentials from staging/clone/global
+          let linearCreds: {
+            oauthClientId: string;
+            oauthClientSecret: string;
+            webhookSecret: string;
+            accessToken: string;
+            refreshToken: string;
+          } | null = null;
+          // Priority 1: staging slot → create OAuth connection from it
+          if (body.stagingId) {
+            const slot = staging.consumeSlot(body.stagingId);
+            if (slot?.clientId) {
+              // Create a new OAuth connection from the staging slot
+              const conn = createOAuthConnection({
+                name: `${agent.name} OAuth App`,
+                oauthClientId: slot.clientId,
+                oauthClientSecret: slot.clientSecret,
+                webhookSecret: slot.webhookSecret,
+                accessToken: slot.accessToken,
+                refreshToken: slot.refreshToken,
+              });
+              const updated = agentStore.updateAgent(agent.id, {
+                triggers: {
+                  ...agent.triggers,
+                  linear: {
+                    ...agent.triggers.linear,
+                    oauthConnectionId: conn.id,
+                  },
+                },
+              });
+              if (updated) {
+                if (updated.enabled && updated.triggers?.schedule?.enabled) {
+                  agentExecutor?.scheduleAgent(updated);
+                }
+                return c.json(sanitizeAgent({ ...updated, nextRunAt: null }), 201);
+              }
+            }
+          }
+          // Priority 2: clone from existing agent
+          if (!linearCreds && body.cloneFromAgentId) {
+            const source = agentStore.getAgent(body.cloneFromAgentId);
+            // Prefer cloning the oauthConnectionId reference
+            if (source?.triggers?.linear?.oauthConnectionId) {
+              const updated = agentStore.updateAgent(agent.id, {
+                triggers: {
+                  ...agent.triggers,
+                  linear: {
+                    ...agent.triggers.linear,
+                    oauthConnectionId: source.triggers.linear.oauthConnectionId,
+                  },
+                },
+              });
+              if (updated) {
+                if (updated.enabled && updated.triggers?.schedule?.enabled) {
+                  agentExecutor?.scheduleAgent(updated);
+                }
+                return c.json(sanitizeAgent({ ...updated, nextRunAt: null }), 201);
+              }
+            } else if (source?.triggers?.linear?.oauthClientId) {
+              linearCreds = {
+                oauthClientId: source.triggers.linear.oauthClientId,
+                oauthClientSecret: source.triggers.linear.oauthClientSecret || "",
+                webhookSecret: source.triggers.linear.webhookSecret || "",
+                accessToken: source.triggers.linear.accessToken || "",
+                refreshToken: source.triggers.linear.refreshToken || "",
+              };
+            }
+          }
+          // Priority 3: global staging (backward compat)
+          if (!linearCreds) {
+            const settings = getSettings();
+            if (settings.linearOAuthClientId) {
+              linearCreds = {
+                oauthClientId: settings.linearOAuthClientId,
+                oauthClientSecret: settings.linearOAuthClientSecret,
+                webhookSecret: settings.linearOAuthWebhookSecret,
+                accessToken: settings.linearOAuthAccessToken,
+                refreshToken: settings.linearOAuthRefreshToken,
+              };
+            }
+          }
+          if (linearCreds) {
+            const updated = agentStore.updateAgent(agent.id, {
+              triggers: {
+                ...agent.triggers,
+                linear: {
+                  ...agent.triggers.linear,
+                  ...linearCreds,
+                },
+              },
+            });
+            if (updated) {
+              // Clear global staging if we used it (no stagingId and no clone source)
+              if (!body.stagingId && !body.cloneFromAgentId) {
+                updateSettings({
+                  linearOAuthClientId: "",
+                  linearOAuthClientSecret: "",
+                  linearOAuthWebhookSecret: "",
+                  linearOAuthAccessToken: "",
+                  linearOAuthRefreshToken: "",
+                });
+              }
+              if (updated.enabled && updated.triggers?.schedule?.enabled) {
+                agentExecutor?.scheduleAgent(updated);
+              }
+              return c.json(sanitizeAgent({ ...updated, nextRunAt: null }), 201);
+            }
+          }
+        }
+      }
+      if (agent.enabled && agent.triggers?.schedule?.enabled) {
+        agentExecutor?.scheduleAgent(agent);
+      }
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: null }), 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+  api.put("/agents/:id", async (c) => {
+    const id = c.req.param("id");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const allowed = pickEditable(body);
+      const agent = agentStore.updateAgent(id, allowed);
+      if (!agent) return c.json({ error: "Agent not found" }, 404);
+      // Stop old timer (id may differ after a rename)
+      if (agent.id !== id) {
+        agentExecutor?.stopAgent(id);
+      }
+      // Reschedule if enabled
+      if (agent.enabled && agent.triggers?.schedule?.enabled) {
+        agentExecutor?.scheduleAgent(agent);
+      } else {
+        agentExecutor?.stopAgent(agent.id);
+      }
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null }));
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+  api.delete("/agents/:id", (c) => {
+    const id = c.req.param("id");
+    agentExecutor?.stopAgent(id);
+    const deleted = agentStore.deleteAgent(id);
+    if (!deleted) return c.json({ error: "Agent not found" }, 404);
+    return c.json({ ok: true });
+  });
+  // ── Toggle ──────────────────────────────────────────────────────────────
+  api.post("/agents/:id/toggle", (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    const updated = agentStore.updateAgent(id, { enabled: !agent.enabled });
+    if (updated?.enabled && updated.triggers?.schedule?.enabled) {
+      agentExecutor?.scheduleAgent(updated);
+    } else if (updated) {
+      agentExecutor?.stopAgent(updated.id);
+    }
+    return c.json(updated ? sanitizeAgent({ ...updated, nextRunAt: agentExecutor?.getNextRunTime(updated.id)?.getTime() ?? null }) : updated);
+  });
+  // ── Run (manual trigger) ───────────────────────────────────────────────
+  api.post("/agents/:id/run", async (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    const body = await c.req.json().catch(() => ({}));
+    const input = typeof body.input === "string" ? body.input : undefined;
+    agentExecutor?.executeAgentManually(id, input);
+    return c.json({ ok: true, message: "Agent triggered" });
+  });
+  // ── Executions ─────────────────────────────────────────────────────────
+  api.get("/agents/:id/executions", (c) => {
+    const id = c.req.param("id");
+    return c.json(agentExecutor?.getExecutions(id) ?? []);
+  });
+  /** List executions across all agents with filtering and pagination (for Runs view). */
+  api.get("/executions", (c) => {
+    const agentId = c.req.query("agentId");
+    const triggerType = c.req.query("triggerType");
+    const rawStatus = c.req.query("status");
+    const status = (rawStatus === "running" || rawStatus === "success" || rawStatus === "error")
+      ? rawStatus : undefined;
+    const limit = Math.min(Math.max(Number(c.req.query("limit")) || 50, 1), 500);
+    const offset = Math.max(Number(c.req.query("offset")) || 0, 0);
+    return c.json(agentExecutor?.listAllExecutions({ agentId, triggerType, status, limit, offset }) ?? { executions: [], total: 0 });
+  });
+  // ── Import / Export ────────────────────────────────────────────────────
+  api.post("/agents/import", async (c) => {
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      // Accept an exported agent JSON and create a new agent from it
+      const agent = agentStore.createAgent(buildCreateInput(body, {
+        version: (body.version as AgentConfigCreateInput["version"] | undefined) || 1,
+        enabled: false, // Imported agents start disabled for safety
+      }));
+      return c.json(sanitizeAgent({ ...agent, nextRunAt: null }), 201);
+    } catch (e: unknown) {
+      return c.json({ error: e instanceof Error ? e.message : String(e) }, 400);
+    }
+  });
+  api.get("/agents/:id/export", (c) => {
+    const agent = agentStore.getAgent(c.req.param("id"));
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(toExport(agent));
+  });
+  // ── Webhook Secret ─────────────────────────────────────────────────────
+  api.post("/agents/:id/regenerate-secret", (c) => {
+    const id = c.req.param("id");
+    const agent = agentStore.regenerateWebhookSecret(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    return c.json(sanitizeAgent({ ...agent, nextRunAt: agentExecutor?.getNextRunTime(agent.id)?.getTime() ?? null }));
+  });
+  // ── Webhook Trigger ────────────────────────────────────────────────────
+  api.post("/agents/:id/webhook/:secret", async (c) => {
+    const id = c.req.param("id");
+    const secret = c.req.param("secret");
+    const agent = agentStore.getAgent(id);
+    if (!agent) return c.json({ error: "Agent not found" }, 404);
+    // Validate webhook is enabled and secret matches
+    if (!agent.triggers?.webhook?.enabled) {
+      return c.json({ error: "Webhook not enabled for this agent" }, 403);
+    }
+    // Use constant-time comparison to prevent timing attacks
+    const expected = Buffer.from(agent.triggers.webhook.secret);
+    const received = Buffer.from(secret);
+    if (expected.length !== received.length || !crypto.timingSafeEqual(expected, received)) {
+      return c.json({ error: "Invalid webhook secret" }, 401);
+    }
+    // Extract input from body — accept JSON { input: "..." } or plain text
+    let input: string | undefined;
+    const contentType = c.req.header("content-type") || "";
+    if (contentType.includes("application/json")) {
+      const body = await c.req.json().catch(() => ({}));
+      input = typeof body.input === "string" ? body.input : undefined;
+    } else {
+      const text = await c.req.text().catch(() => "");
+      if (text.trim()) input = text.trim();
+    }
+    agentExecutor?.executeAgentManually(id, input);
+    return c.json({ ok: true, message: "Agent triggered via webhook" });
+  });
+}