@jhizzard/termdeck 1.3.0 → 1.5.0

package/packages/client/public/index.html

@@ -35,12 +35,18 @@
       </div>
 
       <div class="topbar-center">
-        <button class="layout-btn" data-layout="1x1">1x1</button>
-        <button class="layout-btn active" data-layout="2x1">2x1</button>
-        <button class="layout-btn" data-layout="2x2">2x2</button>
-        <button class="layout-btn" data-layout="3x2">3x2</button>
-        <button class="layout-btn" data-layout="2x4">2x4</button>
-        <button class="layout-btn" data-layout="4x2">4x2</button>
+        <button class="layout-btn" data-layout="1x1" title="1 panel">1x1</button>
+        <button class="layout-btn active" data-layout="2x1" title="2 panels — side by side">2x1</button>
+        <button class="layout-btn" data-layout="1x2" title="2 panels — stacked vertically">1x2</button>
+        <button class="layout-btn" data-layout="2x2" title="4 panels">2x2</button>
+        <button class="layout-btn" data-layout="3x2" title="6 panels">3x2</button>
+        <button class="layout-btn" data-layout="2x4" title="8 panels — 2 cols × 4 rows">2x4</button>
+        <button class="layout-btn" data-layout="4x2" title="8 panels — 4 cols × 2 rows">4x2</button>
+        <button class="layout-btn" data-layout="2x5" title="10 panels — 2 cols × 5 rows">2x5</button>
+        <button class="layout-btn" data-layout="5x2" title="10 panels — 5 cols × 2 rows">5x2</button>
+        <button class="layout-btn" data-layout="4x3" title="12 panels — 4 cols × 3 rows">4x3</button>
+        <button class="layout-btn" data-layout="3x4" title="12 panels — 3 cols × 4 rows">3x4</button>
+        <button class="layout-btn" data-layout="4x4" title="16 panels">4x4</button>
         <button class="layout-btn" data-layout="orch" title="Orchestrator: 4 workers across top, 1 full-width orchestrator across bottom">orch</button>
         <button class="layout-btn control-btn" data-layout="control" title="Aggregate activity feed">control</button>
       </div>
@@ -58,6 +64,13 @@
         <button class="topbar-ql-btn" onclick="quickLaunch('python3 -m http.server 8080')" title="Open a Python HTTP server on :8080">python</button>
       </div>
       <div class="topbar-row-2-spacer"></div>
+      <!-- TERMINAL FONT-SIZE STEPPER (Sprint 65 T1): global xterm.js font size,
+           persisted in localStorage, applied to every panel. -->
+      <div class="topbar-fontsize" title="Terminal font size (applies to all panels)">
+        <button type="button" id="btn-font-dec" class="font-step-btn" aria-label="Decrease terminal font size">A−</button>
+        <span id="fontSizeLabel" class="font-size-label">13</span>
+        <button type="button" id="btn-font-inc" class="font-step-btn" aria-label="Increase terminal font size">A+</button>
+      </div>
       <button id="btn-status" title="Global metrics: session counts, RAG mode, and memory bridge status">status</button>
       <button id="btn-config" title="Configuration: project list, theme defaults, and live RAG-mode toggle">config</button>      <button id="btn-sprint" title="Define and kick off a 4+1 sprint">sprint</button>
       <button id="btn-graph" title="Open the knowledge-graph view (memory_items + memory_relationships, force-directed)" onclick="window.open('/graph.html','_blank','noopener')">graph</button>
@@ -67,6 +80,15 @@
     </div>
   </div>
 
+  <!-- ORCHESTRATOR PIN ROW (Sprint 65 T1): panels with meta.role==='orchestrator'
+       render here — pinned, always visible, outside the chip filter. The row
+       collapses to zero height when no orchestrator panel exists. -->
+  <div class="orch-pin-row" id="orch-pin-row"></div>
+
+  <!-- PROJECT FILTER CHIPS (Sprint 65 T1): per-project visibility filter,
+       auto-discovered from meta.project and populated by app.js. -->
+  <div class="project-chips-row" id="project-chips"></div>
+
   <!-- TERMINAL GRID -->
   <div class="grid-container layout-2x1" id="termGrid">
     <div class="control-feed" id="controlFeed">

package/packages/client/public/style.css

@@ -10,6 +10,9 @@
       --tg-text-bright: #eef1ff;
       --tg-accent: #7aa2f7;
       --tg-accent-dim: #3d5a9e;
+      /* Sprint 65 T1 — orchestrator-panel accent (gold/amber). A theme can
+         override this var; the ORCH-pin CSS falls back to #d4a017 if unset. */
+      --tg-accent-orch: #d4a017;
       --tg-green: #9ece6a;
       --tg-amber: #e0af68;
       --tg-red: #f7768e;
@@ -317,6 +320,14 @@
     .grid-container.layout-3x2 { grid-template-columns: 1fr 1fr 1fr; grid-template-rows: 1fr 1fr; }
     .grid-container.layout-4x2 { grid-template-columns: 1fr 1fr 1fr 1fr; grid-template-rows: 1fr 1fr; }
     .grid-container.layout-2x4 { grid-template-columns: 1fr 1fr; grid-template-rows: 1fr 1fr 1fr 1fr; }
+    /* Sprint 65 T1 (1.4 / Path A) — denser presets for many-parallel-projects
+       work. layout-1x2 already exists above; these cover 10 / 12 / 16-panel
+       grids. WxH = columns × rows, consistent with the presets above. */
+    .grid-container.layout-2x5 { grid-template-columns: 1fr 1fr; grid-template-rows: repeat(5, 1fr); }
+    .grid-container.layout-5x2 { grid-template-columns: repeat(5, 1fr); grid-template-rows: 1fr 1fr; }
+    .grid-container.layout-4x3 { grid-template-columns: repeat(4, 1fr); grid-template-rows: 1fr 1fr 1fr; }
+    .grid-container.layout-3x4 { grid-template-columns: 1fr 1fr 1fr; grid-template-rows: repeat(4, 1fr); }
+    .grid-container.layout-4x4 { grid-template-columns: repeat(4, 1fr); grid-template-rows: repeat(4, 1fr); }
 
     /* Orchestrator: workers across the top (60%), one full-width orchestrator
        panel across the bottom (40%). The last panel is always the orchestrator.
@@ -370,6 +381,122 @@
     .term-panel.exited { opacity: 0.55; }
     .term-panel.exited .panel-terminal { pointer-events: none; }
 
+    /* ===== Sprint 65 T1: project-filter chips + ORCH pin + tile lifecycle =====
+       Brad's 2026-05-13 v2 spec (BACKLOG § D.5). Placed after the .term-panel
+       base + variants so .term-panel.panel--role-orch wins the cascade against
+       .term-panel:hover / .term-panel.exited (equal specificity → source order). */
+
+    /* 1.1 — project-filter chip row, above the grid. app.js leaves it empty
+       when there is only one project bucket (nothing worth filtering). */
+    .project-chips-row {
+      display: flex;
+      flex-wrap: wrap;
+      align-items: center;
+      gap: 6px;
+      padding: 6px 38px 0 6px;
+      flex-shrink: 0;
+    }
+    .project-chips-row:empty { display: none; }
+
+    .project-chip {
+      display: inline-flex;
+      align-items: center;
+      gap: 5px;
+      font-family: var(--tg-mono);
+      font-size: 11px;
+      color: var(--tg-text-dim);
+      background: var(--tg-surface);
+      border: 1px solid var(--tg-border);
+      border-radius: 999px;
+      padding: 3px 11px;
+      cursor: pointer;
+      white-space: nowrap;
+      transition: color 0.1s, background 0.1s, border-color 0.1s;
+    }
+    .project-chip:hover {
+      color: var(--tg-text);
+      background: var(--tg-surface-hover);
+      border-color: var(--tg-border-active);
+    }
+    .project-chip.active {
+      color: var(--tg-accent);
+      border-color: var(--tg-accent);
+    }
+    .project-chip-count { font-size: 10px; opacity: 0.7; }
+
+    /* 1.1 — a tile hidden by the chip filter. display:none keeps the PTY +
+       xterm.js instance alive (no teardown); fitAll() / verifyLayoutHealth()
+       already skip display:none panels. Two classes → beats base .term-panel. */
+    .term-panel.panel--filtered-out { display: none; }
+
+    /* 1.2 — orchestrator pin row: above the chip row + grid. The orch tile is
+       always grid-column 1 for muscle-memory consistency; the row collapses to
+       zero height when no orchestrator panel exists. Right padding mirrors the
+       grid's 38px guide-rail reservation. */
+    .orch-pin-row {
+      display: grid;
+      grid-template-columns: minmax(280px, 1fr) 2fr;
+      gap: 6px;
+      height: clamp(180px, 24vh, 280px);
+      padding: 6px 38px 0 6px;
+      flex-shrink: 0;
+      box-sizing: border-box;
+    }
+    .orch-pin-row:empty { display: none; }
+
+    /* 1.2 — orchestrator panel: gold/amber border so the operator's primary
+       control surface is distinguishable at a glance (Brad's "from 6+ feet"
+       acceptance bar). */
+    .term-panel.panel--role-orch {
+      border: 2px solid var(--tg-accent-orch, #d4a017);
+      box-shadow: 0 0 0 1px rgba(212, 160, 23, 0.3);
+    }
+    .term-panel.panel--role-orch:hover {
+      border-color: var(--tg-accent-orch, #d4a017);
+    }
+    /* The ORCH text badge — prepended to the .panel-type slot so the header
+       reads "ORCH <type>". ORCH always wins the slot over the project label. */
+    .term-panel.panel--role-orch .panel-type::before {
+      content: "ORCH ";
+      font-weight: 700;
+      color: var(--tg-accent-orch, #d4a017);
+      margin-right: 4px;
+    }
+
+    /* 1.3 — a tile dimming out during the grace window before auto-removal. */
+    .term-panel.panel--exiting {
+      opacity: 0.5;
+      pointer-events: none;
+      transition: opacity 0.3s ease;
+    }
+
+    /* (c) — topbar terminal font-size stepper (Joshua's 2026-05-16 ask). */
+    .topbar-fontsize {
+      display: inline-flex;
+      align-items: center;
+      gap: 3px;
+      margin-right: 4px;
+    }
+    .font-step-btn {
+      background: var(--tg-surface);
+      border: 1px solid var(--tg-border);
+      color: var(--tg-text-dim);
+      font-family: var(--tg-mono);
+      font-size: 10px;
+      padding: 2px 6px;
+      border-radius: var(--tg-radius-sm);
+      cursor: pointer;
+      transition: color 0.1s, border-color 0.1s;
+    }
+    .font-step-btn:hover { color: var(--tg-text); border-color: var(--tg-border-active); }
+    .font-size-label {
+      font-family: var(--tg-mono);
+      font-size: 10px;
+      color: var(--tg-text-dim);
+      min-width: 14px;
+      text-align: center;
+    }
+
     /* --- Panel Header (metadata bar) --- */
     .panel-header {
       display: flex;
@@ -567,6 +694,15 @@
     .ctrl-btn:hover { color: var(--tg-text); border-color: var(--tg-border-active); }
     .ctrl-btn.active { color: var(--tg-accent); border-color: var(--tg-accent-dim); }
 
+    /* Sprint 66 T1 (Task 1.3) — the "mark / unmark orchestrator" toggle in the
+       Overview controls. When the panel IS the orchestrator the button takes
+       the gold/amber accent — the same hue as the ORCH-pin border + badge — so
+       the control and the panel treatment read as one feature. */
+    .ctrl-btn.orch-toggle.is-orch {
+      color: var(--tg-accent-orch, #d4a017);
+      border-color: var(--tg-accent-orch, #d4a017);
+    }
+
     .theme-select {
       background: var(--tg-bg);
       border: 1px solid var(--tg-border);

package/packages/server/src/database.js

@@ -66,7 +66,8 @@ function initDatabase(Database) {
       exit_code INTEGER,
       reason TEXT,
       theme TEXT DEFAULT 'tokyo-night',
-      theme_override TEXT
+      theme_override TEXT,
+      role TEXT
     );
 
     CREATE TABLE IF NOT EXISTS command_history (
@@ -137,6 +138,24 @@ function initDatabase(Database) {
     console.warn('[db] sessions.theme_override migration failed:', err.message);
   }
 
+  // Migration (Sprint 65 T2): add sessions.role for the explicit
+  // orchestrator/worker/reviewer/auditor panel-role flag (Brad's 2026-05-13
+  // v2 dashboard spec — Approach A). SQLite has no `ADD COLUMN IF NOT EXISTS`,
+  // so PRAGMA-check first — same pattern as the command_history.source and
+  // sessions.theme_override migrations above. No backfill: pre-Sprint-65 rows
+  // stay role=NULL (unroled), which is the correct default for sessions that
+  // pre-date the feature.
+  try {
+    const cols = db.prepare(`PRAGMA table_info(sessions)`).all();
+    const hasRole = cols.some((c) => c.name === 'role');
+    if (!hasRole) {
+      db.exec(`ALTER TABLE sessions ADD COLUMN role TEXT`);
+      console.log("[db] Migrated sessions: added 'role' column");
+    }
+  } catch (err) {
+    console.warn('[db] sessions.role migration failed:', err.message);
+  }
+
   // Migration (v0.7.0): drop the dead projects.default_theme column. It was
   // CREATE'd in early v0.1 but was never read or written by any code path
   // (see Sprint 32 T1 grep). Removing it eliminates a latent contract-drift

package/packages/server/src/index.js

@@ -10,7 +10,6 @@ const os = require('os');
 const fs = require('fs');
 const dns = require('dns');
 const { spawn: spawnChild } = require('child_process');
-const { v4: uuidv4 } = require('uuid');
 const { createCachedLookup, createFailureLogger } = require('./rumen-pool-resilience');
 
 // Conditional imports (graceful fallback if not installed yet)
@@ -29,7 +28,7 @@ try {
     console.error('[db] better-sqlite3 native ABI mismatch (Node was upgraded after install).');
     console.error('[db] TermDeck cannot serve memory features without a working SQLite.');
     console.error('[db] Fix:');
-    console.error('       cd "$(npm root -g)/@jhizzard/termdeck" && npm rebuild better-sqlite3');
+    process.stderr.write('       cd "$(npm root -g)/@jhizzard/termdeck" && npm rebuild better-sqlite3\n');
     console.error('[db] Then restart TermDeck. Aborting.');
     process.exit(1);
   }
@@ -150,6 +149,15 @@ const SECRETS_EXCLUDED_FROM_PTY = new Set([
   'NPM_TOKEN',
 ]);
 
+// Sprint 65 T2 (2.1) — explicit operator-role whitelist for the optional
+// `role` field on POST /api/sessions (Brad's 2026-05-13 v2 dashboard spec,
+// Approach A). `null` is the valid "unroled" value; an absent field also
+// defaults to null. The dashboard renders the ORCH pin when
+// `meta.role === 'orchestrator'`; worker/reviewer/auditor are accepted now
+// for forward-compat with the canonical 3+1+1 role taxonomy. Unknown values
+// are rejected with 400 at the route. Exported for the route-fence test.
+const ALLOWED_SESSION_ROLES = ['orchestrator', 'worker', 'reviewer', 'auditor', null];
+
 function readTermdeckSecretsForPty() {
   if (_termdeckSecretsCache !== null) return _termdeckSecretsCache;
   const secretsPath = path.join(os.homedir(), '.termdeck', 'secrets.env');
@@ -201,13 +209,13 @@ function _defaultSpawnSessionEndHookImpl(hookPath, payload, env) {
     env,
   });
   child.on('error', (err) => {
-    console.error('[onPanelClose] hook spawn error:', err && err.message ? err.message : err);
+    console.error('[panel-close] hook spawn error:', err && err.message ? err.message : err);
   });
   try {
     child.stdin.write(JSON.stringify(payload));
     child.stdin.end();
   } catch (err) {
-    console.error('[onPanelClose] hook stdin write failed:', err && err.message ? err.message : err);
+    console.error('[panel-close] hook stdin write failed:', err && err.message ? err.message : err);
   }
   child.unref();
   return child;
@@ -283,7 +291,7 @@ async function onPanelClose(session) {
       ...readTermdeckSecretsForPty(),
     });
   } catch (err) {
-    console.error('[onPanelClose] error:', err && err.message ? err.message : err);
+    console.error('[panel-close] error:', err && err.message ? err.message : err);
   }
 }
 
@@ -358,7 +366,7 @@ async function onPanelPeriodicCapture(session) {
     session._periodicCapture.lastSize = stat.size;
     session._periodicCapture.lastFireMs = Date.now();
   } catch (err) {
-    console.error('[onPanelPeriodicCapture] error:', err && err.message ? err.message : err);
+    console.error('[periodic-capture] error:', err && err.message ? err.message : err);
   }
 }
 
@@ -415,7 +423,7 @@ function _getT2DestFor() {
 
 function _termdeckVersion() {
   try { return require('../../../package.json').version; }
-  catch { return '0.0.0'; }
+  catch (err) { console.error('[version] package.json read failed:', err); return '0.0.0'; }
 }
 
 // Sprint 60 v1.0.14 (Item 3) — safe PTY resize. Brad's 2026-05-07 r730 crash
@@ -423,7 +431,7 @@ function _termdeckVersion() {
 // EBADF/ENOTTY` per 13h uptime. Race: WS `resize` message arrives for a PTY
 // that pty-reaper has already closed (or the child has exited), and
 // `pty.resize()` ioctls a stale fd. The error is race-expected, not a bug,
-// but the noisy console.error trace pollutes diagnostics and obscures real
+// but the noisy stderr trace pollutes diagnostics and obscures real
 // errors. This helper guards against the race and downgrades the known
 // race-class errors (EBADF, ENOTTY) to a silent return. Set
 // TERMDECK_DEBUG_PTY_RACES=1 to log to console.debug for diagnostics.
@@ -1240,7 +1248,15 @@ function createServer(config) {
 
   // GET /api/sessions - list all active sessions
   app.get('/api/sessions', (req, res) => {
-    res.json(sessions.getAll());
+    // Sprint 65 T2 (2.2) — exited (dead-PTY) sessions are excluded by default
+    // so an orchestrator polling this endpoint doesn't see dead panels as
+    // live (Brad's "18 windows open, 10 were dead codex cli" — BACKLOG § D.5).
+    // `?includeExited=true` returns the legacy full shape for `termdeck
+    // doctor` + debug tooling. The 2s status_broadcast is intentionally NOT
+    // filtered (it calls bare getAll()) so the dashboard's missed-exit
+    // reconciliation still has exited sessions to work from.
+    const includeExited = req.query.includeExited === 'true';
+    res.json(sessions.getAll({ includeExited }));
   });
 
   // Reusable PTY spawn + wire helper. Used by POST /api/sessions and the
@@ -1248,7 +1264,7 @@ function createServer(config) {
   // the same wiring (transcripts, RAG, Mnestra flashback) without copy-paste.
   // Returns the Session object regardless of PTY success — status will be
   // 'errored' if pty.spawn threw.
-  function spawnTerminalSession({ command, cwd, project, label, type, theme, reason }) {
+  function spawnTerminalSession({ command, cwd, project, label, type, theme, reason, role }) {
     const rawCwd = cwd || config.projects?.[project]?.path || os.homedir();
     const resolvedCwd = path.resolve(rawCwd.replace(/^~/, os.homedir()));
 
@@ -1259,7 +1275,10 @@ function createServer(config) {
       command: command || config.shell,
       cwd: resolvedCwd,
       theme: theme || config.projects?.[project]?.defaultTheme || config.defaultTheme,
-      reason: reason || 'launched via API'
+      reason: reason || 'launched via API',
+      // Sprint 65 T2 (2.1) — explicit operator role. Route validation has
+      // already rejected unknown values; here `undefined`/`null` → null.
+      role: role || null,
     });
 
     if (pty) {
@@ -1437,7 +1456,7 @@ function createServer(config) {
             session._periodicCapture = { lastSize: 0, lastFireMs: 0, timer: null };
             session._periodicCapture.timer = setInterval(() => {
               onPanelPeriodicCapture(session).catch((err) => {
-                console.error('[onPanelPeriodicCapture] async error:', err && err.message ? err.message : err);
+                console.error('[periodic-capture] async error:', err && err.message ? err.message : err);
               });
             }, intervalMs);
             // Don't keep the event loop alive solely for this timer — the PTY
@@ -1468,6 +1487,10 @@ function createServer(config) {
         term.onExit(({ exitCode, signal }) => {
           session.meta.status = 'exited';
           session.meta.exitCode = exitCode;
+          // Sprint 65 T2 (2.4) — stamp the exit timestamp so the panel_exited
+          // WS frame (below) and the 410 body on POST .../input can both
+          // report when the panel died.
+          session.meta.exitedAt = new Date().toISOString();
           session.meta.statusDetail = `Exited (${exitCode})${signal ? `, signal ${signal}` : ''}`;
 
           if (session.ws && session.ws.readyState === 1) {
@@ -1478,6 +1501,32 @@ function createServer(config) {
             }));
           }
 
+          // Sprint 65 T2 (2.4) — broadcast panel_exited to ALL dashboard WS
+          // clients so the grid can auto-remove the dead tile (Brad's
+          // 2026-05-12 item 2b — CLI panels must auto-close on PTY exit).
+          // Distinct from the `exit` frame above, which targets ONLY this
+          // panel's own socket; panel_exited goes to every connected client
+          // because any of them may be rendering this tile in its grid.
+          // Inlined wss.clients broadcast — same idiom as status_broadcast /
+          // config_changed / projects_changed elsewhere in this file.
+          try {
+            const exitPayload = JSON.stringify({
+              type: 'panel_exited',
+              sessionId: session.id,
+              exitCode,
+              signal: signal || null,
+              exitedAt: session.meta.exitedAt,
+            });
+            wss.clients.forEach((client) => {
+              if (client.readyState === 1) {
+                try { client.send(exitPayload); }
+                catch (err) { console.error('[ws] panel_exited send failed:', err); }
+              }
+            });
+          } catch (err) {
+            console.error('[ws] panel_exited broadcast failed:', err);
+          }
+
           rag.onSessionEnded(session);
 
           // Fire-and-forget session log (T2.5)
@@ -1499,7 +1548,7 @@ function createServer(config) {
           // skip-claude + skip-when-no-transcript. Fire-and-forget; any
           // error logs and never blocks teardown.
           onPanelClose(session).catch((err) => {
-            console.error('[onPanelClose] async error:', err && err.message ? err.message : err);
+            console.error('[panel-close] async error:', err && err.message ? err.message : err);
           });
 
           // Sprint 59 T4-CODEX UPLOAD-AUDIT-CONCERN closure: blow away the
@@ -1663,8 +1712,17 @@ function createServer(config) {
 
   // POST /api/sessions - create a new terminal session
   app.post('/api/sessions', (req, res) => {
-    const { command, cwd, project, label, type, theme, reason } = req.body || {};
-    const session = spawnTerminalSession({ command, cwd, project, label, type, theme, reason });
+    const { command, cwd, project, label, type, theme, reason, role } = req.body || {};
+    // Sprint 65 T2 (2.1) — validate the optional explicit operator-role flag
+    // (Approach A). An absent field (`undefined`) is fine — it defaults to
+    // null in spawnTerminalSession. Any present value must be in the
+    // whitelist (case-sensitive exact match; `null` is allowed). Unknown
+    // values are a 400 so a typo'd role surfaces immediately rather than
+    // silently rendering as an unroled panel.
+    if (role !== undefined && !ALLOWED_SESSION_ROLES.includes(role)) {
+      return res.status(400).json({ ok: false, code: 'invalid_role', allowed: ALLOWED_SESSION_ROLES });
+    }
+    const session = spawnTerminalSession({ command, cwd, project, label, type, theme, reason, role });
     res.status(201).json(session.toJSON());
   });
 
@@ -1695,7 +1753,19 @@ function createServer(config) {
 
   // PATCH /api/sessions/:id - update session metadata
   app.patch('/api/sessions/:id', (req, res) => {
-    const session = sessions.updateMeta(req.params.id, req.body);
+    // Sprint 66 T1 (Task 1.2) — `role` is PATCH-mutable so an operator can tag
+    // a live panel as orchestrator in place. Validate it exactly as POST
+    // /api/sessions does (index.js — the `invalid_role` 400 above): an absent
+    // field is fine, any present value must be in ALLOWED_SESSION_ROLES
+    // (orchestrator/worker/reviewer/auditor/null) — an unknown value is a 400
+    // so a typo surfaces immediately rather than silently mis-tagging the
+    // panel. Validation runs BEFORE updateMeta so a bad role never reaches the
+    // whitelist apply or the SQLite write.
+    const body = req.body || {};
+    if (body.role !== undefined && !ALLOWED_SESSION_ROLES.includes(body.role)) {
+      return res.status(400).json({ ok: false, code: 'invalid_role', allowed: ALLOWED_SESSION_ROLES });
+    }
+    const session = sessions.updateMeta(req.params.id, body);
     if (!session) return res.status(404).json({ error: 'Session not found' });
     res.json(session.toJSON());
   });
@@ -1729,8 +1799,25 @@ function createServer(config) {
   app.post('/api/sessions/:id/input', (req, res) => {
     const session = sessions.get(req.params.id);
     if (!session) return res.status(404).json({ error: 'Session not found' });
+    // Sprint 65 T2 (2.3) — inject to a dead panel returns 410 Gone, not the
+    // pre-Sprint-65 silent 404. The orchestrator POSTing to an exited panel
+    // (Brad's D.5 item 3 — "10 dead codex cli") got a 404 that reads as
+    // "session never existed"; 410 = "the resource was here, has been
+    // intentionally removed" — the semantically correct + debuggable signal.
+    // Mirrors POST /api/sessions/:id/resize (Sprint 63). The body carries
+    // `error` (backward-compat with the client api()/sendReply() path that
+    // treats a missing `.error` as success — T4-CODEX 19:44) AND `code`
+    // (programmatic discriminator) AND `ok:false`.
     if (session.meta.status === 'exited' || !session.pty) {
-      return res.status(404).json({ error: 'Session is exited' });
+      const msg = `Panel ${req.params.id} has exited`;
+      return res.status(410).json({
+        ok: false,
+        code: 'panel_exited',
+        error: msg,
+        message: msg,
+        exitCode: session.meta.exitCode ?? null,
+        exitedAt: session.meta.exitedAt || null,
+      });
     }
 
     const { text, source, fromSessionId } = req.body || {};
@@ -1947,7 +2034,7 @@ function createServer(config) {
       return res.status(410).json({ error: 'PTY is gone (session exited)' });
     }
 
-    const { cols, rows } = req.body;
+    const { cols, rows } = req.body || {};
     try {
       const resized = safelyResizePty(session, cols, rows);
       if (!resized) {
@@ -2527,7 +2614,7 @@ function createServer(config) {
 
   // POST /api/ai/query - query Mnestra memory via the bridge (direct|webhook|mcp)
   app.post('/api/ai/query', async (req, res) => {
-    let { question, sessionId, project } = req.body;
+    let { question, sessionId, project } = req.body || {};
     if (!question) return res.status(400).json({ error: 'Missing question' });
 
     let searchAll = false;
@@ -2682,8 +2769,9 @@ function createServer(config) {
     });
   }, 2000);
 
-  // Fallback route → serve index.html
-  app.get('*', (req, res) => {
+  // Fallback route → serve index.html. Express 5: named wildcard '/{*splat}'
+  // (path-to-regexp v8 — a bare '*' throws at registration; this matches all paths incl. root).
+  app.get('/{*splat}', (req, res) => {
     res.sendFile(path.join(clientDir, 'index.html'));
   });
 
@@ -2972,6 +3060,8 @@ module.exports = {
   // Sprint 64 T1 (ORCH SCOPE 16:29 item 4) — management-token exclusion list.
   // Exported for `packages/cli/tests/spawn-env-exclusion.test.js` fence.
   SECRETS_EXCLUDED_FROM_PTY,
+  // Sprint 65 T2 (2.1) — operator-role whitelist, exported for the route fence.
+  ALLOWED_SESSION_ROLES,
   // Sprint 50 T1 — exported for unit testing the per-agent SessionEnd
   // hook trigger (skip-claude, no-transcript, no-hook-installed,
   // payload shape, fire-and-forget).

package/packages/server/src/orchestration-preview.js

@@ -187,7 +187,7 @@ async function generateScaffolding({ name, projects, cwd, force, initProject, te
   // Refuse on existing non-empty dir without force, mirroring T2's CLI semantics.
   if (fs.existsSync(targetPath)) {
     const entries = (() => {
-      try { return fs.readdirSync(targetPath); } catch { return []; }
+      try { return fs.readdirSync(targetPath); } catch (err) { console.error('[orch-preview] readdir failed:', err); return []; }
     })();
     const nonEmpty = entries.length > 0;
     if (nonEmpty && !force) {

package/packages/server/src/session.js

@@ -10,7 +10,7 @@
 // metadata broadcast in index.js untouched — `s.meta.theme` already returns
 // the right thing whenever index.js dereferences it.
 
-const { v4: uuidv4 } = require('uuid');
+const { randomUUID } = require('crypto');
 const os = require('os');
 const path = require('path');
 const { resolveTheme } = require('./theme-resolver');
@@ -135,7 +135,7 @@ const PATTERNS = {
 
 class Session {
   constructor(options) {
-    this.id = options.id || uuidv4();
+    this.id = options.id || randomUUID();
     this.pid = null;
     this.pty = null;
     this.ws = null;
@@ -162,6 +162,13 @@ class Session {
     this.meta = {
       type: options.type || 'shell',        // shell, claude-code, gemini, python-server, one-shot
       project: options.project || null,
+      // Sprint 65 T2 (2.1) — explicit operator role (Approach A). One of
+      // orchestrator / worker / reviewer / auditor / null. Set at spawn time
+      // via POST /api/sessions (route-validated against ALLOWED_SESSION_ROLES);
+      // flows through status_broadcast unchanged so the dashboard can pin the
+      // ORCH panel. Distinct from `type` (the agent CLI) — role is operator
+      // intent, type is the running program.
+      role: options.role || null,
       label: options.label || '',
       command: options.command || '',
       cwd: options.cwd || os.homedir(),
@@ -575,8 +582,8 @@ class SessionManager {
     //                     a PATCH from the dropdown sets it (see updateMeta).
     if (this.db) {
       this.db.prepare(`
-        INSERT INTO sessions (id, type, project, label, command, cwd, created_at, reason, theme, theme_override)
-        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        INSERT INTO sessions (id, type, project, label, command, cwd, created_at, reason, theme, theme_override, role)
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
       `).run(
         session.id,
         session.meta.type,
@@ -587,7 +594,8 @@ class SessionManager {
         session.meta.createdAt,
         session.meta.reason,
         session.meta.theme,           // resolved snapshot, legacy column
-        session.theme_override        // NULL by default
+        session.theme_override,       // NULL by default
+        session.meta.role             // Sprint 65 T2 — operator role, NULL by default
       );
     }
 
@@ -599,8 +607,20 @@ class SessionManager {
     return this.sessions.get(id);
   }
 
-  getAll() {
-    return Array.from(this.sessions.values()).map(s => s.toJSON());
+  // Sprint 65 T2 (2.2) — `opts.includeExited` controls whether PTY-exited
+  // sessions appear in the listing. Default is legacy (include everything):
+  // the 2s status_broadcast (index.js:2675) and the projects-route live-PTY
+  // guard both call bare getAll() and must keep seeing the full set. Only
+  // GET /api/sessions opts into the filtered view (default on at the route).
+  // Brad's "18 windows open, 10 were dead codex cli" report (BACKLOG § D.5)
+  // is the orchestrator polling /api/sessions and seeing dead panels as live.
+  getAll(opts = {}) {
+    const all = Array.from(this.sessions.values());
+    const includeExited = opts.includeExited !== false;
+    const visible = includeExited
+      ? all
+      : all.filter((s) => s.meta.status !== 'exited');
+    return visible.map((s) => s.toJSON());
   }
 
   // Fields a client is allowed to modify via PATCH /api/sessions/:id.
@@ -614,7 +634,15 @@ class SessionManager {
     'label',
     'project',
     'ragEnabled',
-    'flashbackEnabled'
+    'flashbackEnabled',
+    // Sprint 66 T1 (Task 1.2) — `role` is now PATCH-mutable so an operator can
+    // tag a live panel as orchestrator in place (Brad's existing orch panel
+    // was spawned with no role and had no way to set one short of a raw-API
+    // destroy + recreate). The PATCH /api/sessions/:id route validates the
+    // value against ALLOWED_SESSION_ROLES before this whitelist is consulted —
+    // the same "route validates, model trusts" boundary as POST /api/sessions
+    // and the Session constructor.
+    'role'
   ]);
 
   updateMeta(id, updates) {
@@ -637,6 +665,16 @@ class SessionManager {
         .run(applied.theme == null ? null : applied.theme, id);
     }
 
+    // Sprint 66 T1 (Task 1.2) — persist a role change to SQLite so a panel
+    // tagged orchestrator via PATCH keeps the role across a server restart /
+    // dashboard reload, exactly as a spawn-time role does. create() writes the
+    // `role` column on INSERT; this is its UPDATE counterpart. The column was
+    // added by Sprint 65 T2 (CREATE TABLE + a PRAGMA-guarded ALTER migration).
+    if ('role' in applied && this.db) {
+      this.db.prepare('UPDATE sessions SET role = ? WHERE id = ?')
+        .run(applied.role == null ? null : applied.role, id);
+    }
+
     this._emit('session:updated', session);
     return session;
   }