@noxsoft/anima 6.5.0 → 7.0.0

package/dist/{run-Dfz_7j7t.js → run-CF3kHOGH.js}

@@ -1,8 +1,8 @@
 import { h as expandHomePrefix, i as isNixMode, l as resolveGatewayLockDir, m as resolveStateDir, o as resolveConfigPath, r as STATE_DIR, t as CONFIG_PATH, u as resolveGatewayPort } from "./paths-zhVksOvm.js";
 import { E as getActivePluginRegistry, F as setVerbose, G as setLoggerOverride, H as getChildLogger, U as getLogger, W as getResolvedLoggerSettings, d as defaultRuntime, g as CHANNEL_IDS, i as getResolvedConsoleSettings, n as runtimeForLogger, o as setConsoleSubsystemFilter, s as setConsoleTimestampPrefix, t as createSubsystemLogger, v as DEFAULT_CHAT_CHANNEL } from "./subsystem-BAADN1B8.js";
-import { C as shortenHomePath, D as truncateUtf16Safe, b as resolveUserPath, c as ensureDir, d as isPlainObject, r as clamp, t as CONFIG_DIR } from "./utils-CLYlhJuc.js";
+import { C as shortenHomePath, D as truncateUtf16Safe, b as resolveUserPath, c as ensureDir$1, d as isPlainObject, r as clamp, t as CONFIG_DIR } from "./utils-CLYlhJuc.js";
 import { C as supportsXHighThinking, _ as normalizeElevatedLevel, b as normalizeUsageDisplay, m as formatXHighModelHint, p as formatThinkingLevels, v as normalizeReasoningLevel, x as normalizeVerboseLevel, y as normalizeThinkLevel } from "./pi-embedded-helpers-BZ9GspxK.js";
-import { $ as archiveFileOnDisk, At as deferGatewayRestartUntilIdle, B as sniffMimeFromBase64, C as verifyNodeToken, Cn as stopDiagnosticHeartbeat, Cr as DEFAULT_INPUT_PDF_MAX_PIXELS, Ct as loadProviderStore, D as registerSkillsChangeListener, Dr as extractImageContentFromSource, E as getSkillsSnapshotVersion, Er as extractFileContentFromSource, F as abortEmbeddedPiRun, Ft as setGatewaySigusr1RestartPolicy, G as canonicalizeSpawnedByForAgent, Gn as CommandLane, Gt as normalizeCronJobPatch, Hn as readLatestAssistantReply, I as waitForEmbeddedPiRunEnd, It as setPreRestartDeferralCheck, J as loadCombinedSessionStoreForGateway, Jn as getAgentRunContext, Jt as normalizeOptionalText, K as listAgentsForGateway, Kn as clearAgentRunContext, Kt as inferLegacyName, L as runNoxSoftEmbeddedAgent, Ln as countActiveDescendantRuns, Lt as consumeRestartSentinel, M as resetAllLanes, Mn as isAbortTrigger, Mr as resolveAgentTimeoutMs, Mt as isGatewaySigusr1RestartExternallyAllowed, N as setCommandLaneConcurrency, Nn as stopSubagentsForRequester, Nt as markGatewaySigusr1RestartHandled, O as clearSessionQueues, Or as normalizeMimeList, P as waitForActiveTasks, Pt as scheduleGatewaySigusr1Restart, Q as resolveSessionModelRef, R as applyToolPolicyPipeline, Rn as initSubagentRegistry, Rt as formatDoctorNonInteractiveHint, S as updatePairedNodeMetadata, Sn as startDiagnosticHeartbeat, Sr as DEFAULT_INPUT_PDF_MAX_PAGES, St as loadProviderUsageSummary, T as verifyPairingToken, Tr as DEFAULT_INPUT_TIMEOUT_MS, Tt as saveProviderStore, U as createAnimaTools, Ut as writeRestartSentinel, V as requestHeartbeatNow, Vn as runSubagentAnnounceFlow, Vt as summarizeRestartSentinel, W as resolveAnnounceTargetFromKey, Wt as normalizeCronJobCreate, X as pruneLegacyStoreKeys, Xn as registerAgentRunContext, Xt as normalizeRequiredName, Y as loadSessionEntry, Yn as onAgentEvent, Yt as normalizePayloadToSystemText, Z as resolveGatewaySessionStoreTarget, Zn as resolveAgentIdentity, Zt as migrateLegacyCronPayload, _ as approveNodePairing, _n as dispatchInboundMessage, _r as DEFAULT_INPUT_FILE_MAX_CHARS, _t as resetDirectoryCache, an as persistBrowserProxyFiles, ar as applyVerboseOverride, at as stripEnvelopeFromMessages, b as renamePairedNode, br as DEFAULT_INPUT_IMAGE_MIMES, bt as runWithModelFallback, c as normalizeSendPolicy, cr as isSystemEventContextChanged, d as primeRemoteSkillsCache, dr as loadModelCatalog, dt as resolveOutboundSessionRoute, en as buildSafeExternalPrompt, et as archiveSessionTranscripts, f as recordRemoteNodeInfo, g as setSkillsRemoteRegistry, gr as DEFAULT_INPUT_FILE_MAX_BYTES, h as removeRemoteNodeInfo, ht as resolveSessionDeliveryTarget, i as setCliSessionId, in as applyBrowserProxyPaths, ir as applyModelOverrideToSessionEntry, it as resolveSessionTranscriptCandidates, j as getTotalQueueSize, jt as emitGatewayRestart, k as getActiveTaskCount, kn as formatZonedTimestamp, kr as estimateBase64DecodedBytes, kt as consumeGatewaySigusr1RestartAuthorization, l as resolveSendPolicy, m as refreshRemoteNodeBins, mr as registerUnhandledRejectionHandler, mt as resolveOutboundTarget, n as BARE_SESSION_RESET_PROMPT, nn as getHookType, nr as lookupContextTokens, nt as readSessionMessages, on as getPluginToolMeta, or as parseVerboseOverride, p as refreshRemoteBinsForConnectedNodes, pn as getChannelActivity, q as listSessionsFromStore, qn as emitAgentEvent, qt as normalizeOptionalAgentId, r as getCliSessionId, rn as isExternalHookSession, rt as readSessionPreviewItemsFromTranscript, sn as loadAnimaPlugins, sr as enqueueSystemEvent, st as normalizeGroupActivation, tn as detectSuspiciousPatterns, tt as capArrayByJsonBytes, u as getRemoteSkillEligibility, ut as ensureOutboundSessionEntry, v as listNodePairing, vn as createReplyDispatcher, vr as DEFAULT_INPUT_FILE_MIMES, vt as resolveMessageChannelSelection, w as generatePairingToken, wn as isDiagnosticsEnabled, wr as DEFAULT_INPUT_PDF_MIN_TEXT_CHARS, wt as maskApiKey, x as requestNodePairing, xr as DEFAULT_INPUT_MAX_REDIRECTS, xt as resolveWorkingModeModelSelection, y as rejectNodePairing, yn as getTotalPendingReplies, yr as DEFAULT_INPUT_IMAGE_MAX_BYTES, z as buildDefaultToolPolicyPipelineSteps, zn as listDescendantRunsForRequester, zt as formatRestartSentinelMessage } from "./reply-DtHlnzOx.js";
+import { $ as archiveFileOnDisk, At as deferGatewayRestartUntilIdle, B as sniffMimeFromBase64, C as verifyNodeToken, Cn as stopDiagnosticHeartbeat, Cr as DEFAULT_INPUT_PDF_MAX_PIXELS, Ct as loadProviderStore, D as registerSkillsChangeListener, Dr as extractImageContentFromSource, E as getSkillsSnapshotVersion, Er as extractFileContentFromSource, F as abortEmbeddedPiRun, Ft as setGatewaySigusr1RestartPolicy, G as canonicalizeSpawnedByForAgent, Gn as CommandLane, Gt as normalizeCronJobPatch, Hn as readLatestAssistantReply, I as waitForEmbeddedPiRunEnd, It as setPreRestartDeferralCheck, J as loadCombinedSessionStoreForGateway, Jn as getAgentRunContext, Jt as normalizeOptionalText, K as listAgentsForGateway, Kn as clearAgentRunContext, Kt as inferLegacyName, L as runNoxSoftEmbeddedAgent, Ln as countActiveDescendantRuns, Lt as consumeRestartSentinel, M as resetAllLanes, Mn as isAbortTrigger, Mr as resolveAgentTimeoutMs, Mt as isGatewaySigusr1RestartExternallyAllowed, N as setCommandLaneConcurrency, Nn as stopSubagentsForRequester, Nt as markGatewaySigusr1RestartHandled, O as clearSessionQueues, Or as normalizeMimeList, P as waitForActiveTasks, Pt as scheduleGatewaySigusr1Restart, Q as resolveSessionModelRef, R as applyToolPolicyPipeline, Rn as initSubagentRegistry, Rt as formatDoctorNonInteractiveHint, S as updatePairedNodeMetadata, Sn as startDiagnosticHeartbeat, Sr as DEFAULT_INPUT_PDF_MAX_PAGES, St as loadProviderUsageSummary, T as verifyPairingToken, Tr as DEFAULT_INPUT_TIMEOUT_MS, Tt as saveProviderStore, U as createAnimaTools, Ut as writeRestartSentinel, V as requestHeartbeatNow, Vn as runSubagentAnnounceFlow, Vt as summarizeRestartSentinel, W as resolveAnnounceTargetFromKey, Wt as normalizeCronJobCreate, X as pruneLegacyStoreKeys, Xn as registerAgentRunContext, Xt as normalizeRequiredName, Y as loadSessionEntry, Yn as onAgentEvent, Yt as normalizePayloadToSystemText, Z as resolveGatewaySessionStoreTarget, Zn as resolveAgentIdentity, Zt as migrateLegacyCronPayload, _ as approveNodePairing, _n as dispatchInboundMessage, _r as DEFAULT_INPUT_FILE_MAX_CHARS, _t as resetDirectoryCache, an as persistBrowserProxyFiles, ar as applyVerboseOverride, at as stripEnvelopeFromMessages, b as renamePairedNode, br as DEFAULT_INPUT_IMAGE_MIMES, bt as runWithModelFallback, c as normalizeSendPolicy, cr as isSystemEventContextChanged, d as primeRemoteSkillsCache, dr as loadModelCatalog, dt as resolveOutboundSessionRoute, en as buildSafeExternalPrompt, et as archiveSessionTranscripts, f as recordRemoteNodeInfo, g as setSkillsRemoteRegistry, gr as DEFAULT_INPUT_FILE_MAX_BYTES, h as removeRemoteNodeInfo, ht as resolveSessionDeliveryTarget, i as setCliSessionId, in as applyBrowserProxyPaths, ir as applyModelOverrideToSessionEntry, it as resolveSessionTranscriptCandidates, j as getTotalQueueSize, jt as emitGatewayRestart, k as getActiveTaskCount, kn as formatZonedTimestamp, kr as estimateBase64DecodedBytes, kt as consumeGatewaySigusr1RestartAuthorization, l as resolveSendPolicy, m as refreshRemoteNodeBins, mr as registerUnhandledRejectionHandler, mt as resolveOutboundTarget, n as BARE_SESSION_RESET_PROMPT, nn as getHookType, nr as lookupContextTokens, nt as readSessionMessages, on as getPluginToolMeta, or as parseVerboseOverride, p as refreshRemoteBinsForConnectedNodes, pn as getChannelActivity, q as listSessionsFromStore, qn as emitAgentEvent, qt as normalizeOptionalAgentId, r as getCliSessionId, rn as isExternalHookSession, rt as readSessionPreviewItemsFromTranscript, sn as loadAnimaPlugins, sr as enqueueSystemEvent, st as normalizeGroupActivation, tn as detectSuspiciousPatterns, tt as capArrayByJsonBytes, u as getRemoteSkillEligibility, ut as ensureOutboundSessionEntry, v as listNodePairing, vn as createReplyDispatcher, vr as DEFAULT_INPUT_FILE_MIMES, vt as resolveMessageChannelSelection, w as generatePairingToken, wn as isDiagnosticsEnabled, wr as DEFAULT_INPUT_PDF_MIN_TEXT_CHARS, wt as maskApiKey, x as requestNodePairing, xr as DEFAULT_INPUT_MAX_REDIRECTS, xt as resolveWorkingModeModelSelection, y as rejectNodePairing, yn as getTotalPendingReplies, yr as DEFAULT_INPUT_IMAGE_MAX_BYTES, z as buildDefaultToolPolicyPipelineSteps, zn as listDescendantRunsForRequester, zt as formatRestartSentinelMessage } from "./reply-93fMzde1.js";
 import { b as isSubagentSessionKey, d as resolveAgentIdFromSessionKey, i as buildAgentMainSessionKey, l as normalizeAgentId, m as toAgentRequestSessionKey, n as DEFAULT_AGENT_ID, t as DEFAULT_ACCOUNT_ID, u as normalizeMainKey, v as isCronRunSessionKey, x as parseAgentSessionKey } from "./session-key-DAZmp8ll.js";
 import { a as logDebug, c as logWarn, n as runExec, t as runCommandWithTimeout } from "./exec-BylR5qWS.js";
 import { t as resolveAnimaPackageRoot } from "./anima-root-xWSKR6Wm.js";
@@ -28,7 +28,7 @@ import { n as listChannelPlugins, r as normalizeChannelId, t as getChannelPlugin
 import { c as resolveStorePath, i as resolveSessionTranscriptPath, n as resolveSessionFilePath, r as resolveSessionFilePathOptions, s as resolveSessionTranscriptsDirForAgent } from "./paths-Dazi-gYo.js";
 import { O as normalizeSecretInput } from "./auth-profiles-C-LuhW6c.js";
 import { n as SILENT_REPLY_TOKEN, r as isSilentReplyText } from "./tokens-SP2Q7i59.js";
-import { B as resolveTtsConfig, F as isTtsProviderConfigured, G as setTtsEnabled, H as resolveTtsProviderOrder, J as textToSpeech, M as getTtsProvider, P as isTtsEnabled, R as resolveTtsApiKey, T as resolveUserTimezone, V as resolveTtsPrefsPath, X as OPENAI_TTS_MODELS, Z as OPENAI_TTS_VOICES, at as triggerInternalHook, it as registerInternalHook, nt as clearInternalHooks, ot as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, q as setTtsProvider, rt as createInternalHookEvent, ut as stripHeartbeatToken, z as resolveTtsAutoMode } from "./anthropic-direct-runner-BeYCnvZ8.js";
+import { B as resolveTtsConfig, F as isTtsProviderConfigured, G as setTtsEnabled, H as resolveTtsProviderOrder, J as textToSpeech, M as getTtsProvider, P as isTtsEnabled, R as resolveTtsApiKey, T as resolveUserTimezone, V as resolveTtsPrefsPath, X as OPENAI_TTS_MODELS, Z as OPENAI_TTS_VOICES, ct as createInternalHookEvent, dt as DEFAULT_HEARTBEAT_ACK_MAX_CHARS, et as clearSteer, ht as stripHeartbeatToken, it as getEgoManager, lt as registerInternalHook, nt as getSteerHistory, q as setTtsProvider, rt as setSteer, st as clearInternalHooks, tt as getSteer, ut as triggerInternalHook, z as resolveTtsAutoMode } from "./anthropic-direct-runner-OjcTAH6g.js";
 import { o as normalizeReplyPayloadsForDelivery, t as deliverOutboundPayloads, x as runGlobalGatewayStopSafely, y as getGlobalHookRunner } from "./deliver-BKzX3YoN.js";
 import { i as resolveMemoryBackendConfig, r as getMemorySearchManager } from "./memory-cli-DLtBA6r5.js";
 import { a as readTrustGraphSnapshot, c as pruneExpiredPending, d as writeJsonAtomic, l as readJsonFile, o as saveTrustGraph, s as createAsyncLock, u as resolvePairingPaths } from "./loader-Bw2wdN4l.js";
@@ -42,9 +42,9 @@ import { t as parseAbsoluteTimeMs } from "./parse-Cinbkvj-.js";
 import { c as saveToken, i as getToken, l as whoami, n as clearToken, o as registerWithInvite, s as resolveSuggestedIdentity, t as TOKEN_PATH } from "./noxsoft-auth-CE75mBXE.js";
 import { i as loadSessionUsageTimeSeries, l as deriveSessionTotalTokens, n as loadCostUsageSummary, r as loadSessionCostSummary, t as discoverAllSessions, u as hasNonzeroUsage } from "./session-cost-usage-BWqR-ik6.js";
 import { f as resolveExecApprovalsSocketPath, o as normalizeExecApprovals, p as saveExecApprovals, r as ensureExecApprovals, s as readExecApprovalsSnapshot, t as DEFAULT_EXEC_APPROVAL_TIMEOUT_MS } from "./exec-approvals-DK5-KCUz.js";
-import { c as resolveCronStyleNow, i as onHeartbeatEvent, r as getLastHeartbeatEvent, t as resolveHeartbeatVisibility } from "./heartbeat-visibility-ZfNSbFcq.js";
-import { r as buildHistoryContextFromEntries, t as createReplyPrefixOptions } from "./reply-prefix-C8dIgJur.js";
-import { n as createOutboundSendDeps, t as createDefaultDeps } from "./deps-DyT32VfN.js";
+import { c as resolveCronStyleNow, i as onHeartbeatEvent, r as getLastHeartbeatEvent, t as resolveHeartbeatVisibility } from "./heartbeat-visibility-BQL13ZBH.js";
+import { r as buildHistoryContextFromEntries, t as createReplyPrefixOptions } from "./reply-prefix-B7Fb3fO8.js";
+import { n as createOutboundSendDeps, t as createDefaultDeps } from "./deps-BKLIBKjK.js";
 import { t as ensureAnimaCliOnPath } from "./path-env-DLQPf9qj.js";
 import { t as forceFreePortAndWait } from "./ports-DaVrZDUq.js";
 import { t as buildChannelUiCatalog } from "./catalog-CsXv59Tq.js";
@@ -56,24 +56,24 @@ import { t as parsePort } from "./parse-port-CDPwDUs3.js";
 import { n as resolveWideAreaDiscoveryDomain, r as writeWideAreaGatewayZone } from "./widearea-dns-CHAT20aR.js";
 import { i as toOptionString, n as extractGatewayMiskeys, r as maybeExplainGatewayServiceStop, t as describeUnknownError } from "./shared-C-rqLtIT.js";
 import { o as isNodeCommandAllowed, s as resolveNodeCommandAllowlist } from "./audit-B05W5ckN.js";
-import { n as getStatusSummary } from "./status-CHGNPonc.js";
+import { n as getStatusSummary } from "./status-BO5BIf81.js";
 import { t as resolveChannelDefaultAccountId } from "./helpers-1MPChTcB.js";
-import { c as startHeartbeatRunner, n as getHealthSnapshot, o as runHeartbeatOnce, s as setHeartbeatsEnabled } from "./health-CabOEPQ0.js";
+import { c as startHeartbeatRunner, n as getHealthSnapshot, o as runHeartbeatOnce, s as setHeartbeatsEnabled } from "./health-B5N6_UOf.js";
 import { t as applyPluginAutoEnable } from "./plugin-auto-enable-CtYcdTju.js";
 import { a as resolveControlUiRootOverrideSync, n as ensureControlUiAssetsBuilt, o as resolveControlUiRootSync } from "./health-format-D-JJ5_S4.js";
 import { n as validateSystemRunCommandConsistency, r as getMachineDisplayName, t as formatExecCommand } from "./system-run-command-Bx8-5h2r.js";
 import { h as normalizeUpdateChannel, l as DEFAULT_PACKAGE_CHANNEL, n as checkUpdateStatus, o as resolveNpmChannelTag, r as compareSemverStrings } from "./channels-status-issues-WkG3Tmxk.js";
 import { t as WizardCancelledError } from "./prompts-Bq4QGFQM.js";
 import { i as shouldIncludeHook, n as loadWorkspaceHookEntries, r as resolveHookConfig } from "./hooks-status-DdweuSIj.js";
-import { t as runOnboardingWizard } from "./onboarding-Djmm0PEM.js";
+import { t as runOnboardingWizard } from "./onboarding-BeuMAyic.js";
 import { a as setGatewayWsLogStyle, i as summarizeAgentEventForWsLog, n as logWs, r as shouldLogWs, t as formatForLog } from "./ws-log-CUobU2tD.js";
 import { T as resolveGmailHookRuntimeConfig, _ as buildGogWatchServeArgs, i as ensureTailscaleEndpoint, v as buildGogWatchStartArgs } from "./gmail-setup-utils-DaJoXV_3.js";
 import { t as createOutboundSendDeps$1 } from "./outbound-send-deps-DVfWC4E8.js";
 import { a as loadAgentIdentity, c as loadAgentIdentityFromWorkspace, i as listAgentEntries, o as pruneAgentConfig, r as findAgentEntryIndex, t as applyAgentConfig } from "./agents.config-BR5JLtud.js";
-import { n as resolveAgentDeliveryPlan, r as resolveAgentOutboundTarget, t as agentCommand } from "./agent-VRQM14Xp.js";
+import { n as resolveAgentDeliveryPlan, r as resolveAgentOutboundTarget, t as agentCommand } from "./agent-BoAAHGEA.js";
 import { t as migrateFromCoherence } from "./migrate-DuohB_ur.js";
 import { t as installSkill } from "./skills-install-D6_qpRjW.js";
-import { t as runGatewayUpdate } from "./update-runner-czCqHZCu.js";
+import { t as runGatewayUpdate } from "./update-runner-DZfnquWO.js";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import * as fsSync from "node:fs";
 import fs, { constants } from "node:fs";
@@ -84,7 +84,7 @@ import chalk from "chalk";
 import fs$1 from "node:fs/promises";
 import { execFile, spawn, spawnSync } from "node:child_process";
 import { promisify } from "node:util";
-import crypto, { createHash, randomUUID } from "node:crypto";
+import crypto, { createHash, createHmac, randomUUID } from "node:crypto";
 import { z } from "zod";
 import { CURRENT_SESSION_VERSION, SessionManager } from "@mariozechner/pi-coding-agent";
 import { createServer } from "node:http";
@@ -111,7 +111,7 @@ function getActiveEmbeddedRunCount() {
 
 //#endregion
 //#region src/infra/exec-approval-forwarder.ts
-const log$7 = createSubsystemLogger("gateway/exec-approvals");
+const log$11 = createSubsystemLogger("gateway/exec-approvals");
 const DEFAULT_MODE = "session";
 function normalizeMode(mode) {
 	return mode ?? DEFAULT_MODE;
@@ -226,7 +226,7 @@ async function deliverToTargets(params) {
 				payloads: [{ text: params.text }]
 			});
 		} catch (err) {
-			log$7.error(`exec approvals: failed to deliver to ${channel}:${target.to}: ${String(err)}`);
+			log$11.error(`exec approvals: failed to deliver to ${channel}:${target.to}: ${String(err)}`);
 		}
 	});
 	await Promise.allSettled(deliveries);
@@ -1463,7 +1463,7 @@ function createAgentEventHandler({ broadcast, broadcastToConnIds, nodeSendToSess
 * Automatically starts `gog gmail watch serve` when the gateway starts,
 * if hooks.gmail is configured with an account.
 */
-const log$6 = createSubsystemLogger("gmail-watcher");
+const log$10 = createSubsystemLogger("gmail-watcher");
 const ADDRESS_IN_USE_RE = /address already in use|EADDRINUSE/i;
 function isAddressInUseError(line) {
 	return ADDRESS_IN_USE_RE.test(line);
@@ -1487,13 +1487,13 @@ async function startGmailWatch(cfg) {
 		const result = await runCommandWithTimeout(args, { timeoutMs: 12e4 });
 		if (result.code !== 0) {
 			const message = result.stderr || result.stdout || "gog watch start failed";
-			log$6.error(`watch start failed: ${message}`);
+			log$10.error(`watch start failed: ${message}`);
 			return false;
 		}
-		log$6.info(`watch started for ${cfg.account}`);
+		log$10.info(`watch started for ${cfg.account}`);
 		return true;
 	} catch (err) {
-		log$6.error(`watch start error: ${String(err)}`);
+		log$10.error(`watch start error: ${String(err)}`);
 		return false;
 	}
 }
@@ -1502,7 +1502,7 @@ async function startGmailWatch(cfg) {
 */
 function spawnGogServe(cfg) {
 	const args = buildGogWatchServeArgs(cfg);
-	log$6.info(`starting gog ${args.join(" ")}`);
+	log$10.info(`starting gog ${args.join(" ")}`);
 	let addressInUse = false;
 	const child = spawn("gog", args, {
 		stdio: [
@@ -1514,25 +1514,25 @@ function spawnGogServe(cfg) {
 	});
 	child.stdout?.on("data", (data) => {
 		const line = data.toString().trim();
-		if (line) log$6.info(`[gog] ${line}`);
+		if (line) log$10.info(`[gog] ${line}`);
 	});
 	child.stderr?.on("data", (data) => {
 		const line = data.toString().trim();
 		if (!line) return;
 		if (isAddressInUseError(line)) addressInUse = true;
-		log$6.warn(`[gog] ${line}`);
+		log$10.warn(`[gog] ${line}`);
 	});
 	child.on("error", (err) => {
-		log$6.error(`gog process error: ${String(err)}`);
+		log$10.error(`gog process error: ${String(err)}`);
 	});
 	child.on("exit", (code, signal) => {
 		if (shuttingDown) return;
 		if (addressInUse) {
-			log$6.warn("gog serve failed to bind (address already in use); stopping restarts. Another watcher is likely running. Set ANIMA_SKIP_GMAIL_WATCHER=1 or stop the other process.");
+			log$10.warn("gog serve failed to bind (address already in use); stopping restarts. Another watcher is likely running. Set ANIMA_SKIP_GMAIL_WATCHER=1 or stop the other process.");
 			watcherProcess = null;
 			return;
 		}
-		log$6.warn(`gog exited (code=${code}, signal=${signal}); restarting in 5s`);
+		log$10.warn(`gog exited (code=${code}, signal=${signal}); restarting in 5s`);
 		watcherProcess = null;
 		setTimeout(() => {
 			if (shuttingDown || !currentConfig) return;
@@ -1572,15 +1572,15 @@ async function startGmailWatcher(cfg) {
 			port: runtimeConfig.serve.port,
 			target: runtimeConfig.tailscale.target
 		});
-		log$6.info(`tailscale ${runtimeConfig.tailscale.mode} configured for port ${runtimeConfig.serve.port}`);
+		log$10.info(`tailscale ${runtimeConfig.tailscale.mode} configured for port ${runtimeConfig.serve.port}`);
 	} catch (err) {
-		log$6.error(`tailscale setup failed: ${String(err)}`);
+		log$10.error(`tailscale setup failed: ${String(err)}`);
 		return {
 			started: false,
 			reason: `tailscale setup failed: ${String(err)}`
 		};
 	}
-	if (!await startGmailWatch(runtimeConfig)) log$6.warn("gmail watch start failed, but continuing with serve");
+	if (!await startGmailWatch(runtimeConfig)) log$10.warn("gmail watch start failed, but continuing with serve");
 	shuttingDown = false;
 	watcherProcess = spawnGogServe(runtimeConfig);
 	const renewMs = runtimeConfig.renewEveryMinutes * 6e4;
@@ -1588,7 +1588,7 @@ async function startGmailWatcher(cfg) {
 		if (shuttingDown) return;
 		startGmailWatch(runtimeConfig);
 	}, renewMs);
-	log$6.info(`gmail watcher started for ${runtimeConfig.account} (renew every ${runtimeConfig.renewEveryMinutes}m)`);
+	log$10.info(`gmail watcher started for ${runtimeConfig.account} (renew every ${runtimeConfig.renewEveryMinutes}m)`);
 	return { started: true };
 }
 /**
@@ -1601,7 +1601,7 @@ async function stopGmailWatcher() {
 		renewInterval = null;
 	}
 	if (watcherProcess) {
-		log$6.info("stopping gmail watcher");
+		log$10.info("stopping gmail watcher");
 		watcherProcess.kill("SIGTERM");
 		await new Promise((resolve) => {
 			const timeout = setTimeout(() => {
@@ -1616,7 +1616,7 @@ async function stopGmailWatcher() {
 		watcherProcess = null;
 	}
 	currentConfig = null;
-	log$6.info("gmail watcher stopped");
+	log$10.info("gmail watcher stopped");
 }
 
 //#endregion
@@ -9611,7 +9611,7 @@ const FIELD_LABELS = {
 
 //#endregion
 //#region src/config/schema.hints.ts
-const log$5 = createSubsystemLogger("config/schema");
+const log$9 = createSubsystemLogger("config/schema");
 const GROUP_LABELS = {
 	wizard: "Wizard",
 	update: "Update",
@@ -9759,7 +9759,7 @@ function mapSensitivePaths(schema, path, hints) {
 		...next[path],
 		sensitive: true
 	};
-	else if (isSensitiveConfigPath(path) && !next[path]?.sensitive) log$5.warn(`possibly sensitive key found: (${path})`);
+	else if (isSensitiveConfigPath(path) && !next[path]?.sensitive) log$9.warn(`possibly sensitive key found: (${path})`);
 	if (currentSchema instanceof z.ZodObject) {
 		const shape = currentSchema.shape;
 		for (const key in shape) {
@@ -9782,7 +9782,7 @@ function mapSensitivePaths(schema, path, hints) {
 
 //#endregion
 //#region src/config/redact-snapshot.ts
-const log$4 = createSubsystemLogger("config/redaction");
+const log$8 = createSubsystemLogger("config/redaction");
 const ENV_VAR_PLACEHOLDER_PATTERN = /^\$\{[^}]*\}$/;
 function isSensitivePath(path) {
 	if (path.endsWith("[]")) return isSensitiveConfigPath(path.slice(0, -2));
@@ -10033,7 +10033,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 			return restoreRedactedValuesGuessing(incoming, original, prefix, hints);
 		}
 		const origArr = Array.isArray(original) ? original : [];
-		if (incoming.length < origArr.length) log$4.warn(`Redacted config array key ${path} has been truncated`);
+		if (incoming.length < origArr.length) log$8.warn(`Redacted config array key ${path} has been truncated`);
 		return incoming.map((item, i) => {
 			if (item === REDACTED_SENTINEL) return origArr[i];
 			return restoreRedactedValuesWithLookup(item, origArr[i], lookup, path, hints);
@@ -10050,7 +10050,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 			matched = true;
 			if (value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 			else {
-				log$4.warn(`Cannot un-redact config key ${candidate} as it doesn't have any value`);
+				log$8.warn(`Cannot un-redact config key ${candidate} as it doesn't have any value`);
 				throw new RedactionError(candidate);
 			}
 			else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesWithLookup(value, orig[key], lookup, candidate, hints);
@@ -10059,7 +10059,7 @@ function restoreRedactedValuesWithLookup(incoming, original, lookup, prefix, hin
 		if (!matched && isExtensionPath(path)) {
 			if (!isExplicitlyNonSensitivePath(hints, [path, wildcardPath]) && isSensitivePath(path) && value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 			else {
-				log$4.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
+				log$8.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
 				throw new RedactionError(path);
 			}
 			else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesGuessing(value, orig[key], path, hints);
@@ -10078,7 +10078,7 @@ function restoreRedactedValuesGuessing(incoming, original, prefix, hints) {
 		const origArr = Array.isArray(original) ? original : [];
 		return incoming.map((item, i) => {
 			const path = `${prefix}[]`;
-			if (incoming.length < origArr.length) log$4.warn(`Redacted config array key ${path} has been truncated`);
+			if (incoming.length < origArr.length) log$8.warn(`Redacted config array key ${path} has been truncated`);
 			if (!isExplicitlyNonSensitivePath(hints, [path]) && isSensitivePath(path) && item === REDACTED_SENTINEL) return origArr[i];
 			return restoreRedactedValuesGuessing(item, origArr[i], path, hints);
 		});
@@ -10089,7 +10089,7 @@ function restoreRedactedValuesGuessing(incoming, original, prefix, hints) {
 		const path = prefix ? `${prefix}.${key}` : key;
 		if (!isExplicitlyNonSensitivePath(hints, [path, prefix ? `${prefix}.*` : "*"]) && isSensitivePath(path) && value === REDACTED_SENTINEL) if (key in orig) result[key] = orig[key];
 		else {
-			log$4.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
+			log$8.warn(`Cannot un-redact config key ${path} as it doesn't have any value`);
 			throw new RedactionError(path);
 		}
 		else if (typeof value === "object" && value !== null) result[key] = restoreRedactedValuesGuessing(value, orig[key], path, hints);
@@ -11159,6 +11159,119 @@ const deviceHandlers = {
 	}
 };
 
+//#endregion
+//#region src/gateway/server-methods/ego.ts
+const egoHandlers = {
+	"ego.get": async ({ respond }) => {
+		try {
+			respond(true, { ego: getEgoManager().getState() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.summary": async ({ respond }) => {
+		try {
+			respond(true, { summary: getEgoManager().getSummary() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.updateSelf": async ({ params, respond }) => {
+		try {
+			const manager = getEgoManager();
+			const updates = {};
+			if (typeof params.name === "string") updates.name = params.name;
+			if (typeof params.purpose === "string") updates.purpose = params.purpose;
+			if (typeof params.narrative === "string") updates.narrative = params.narrative;
+			if (typeof params.pronouns === "string") updates.pronouns = params.pronouns;
+			if (Array.isArray(params.values)) updates.values = params.values;
+			const selfConcept = manager.updateSelfConcept(updates);
+			manager.save();
+			respond(true, { selfConcept }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.assess": async ({ params, respond }) => {
+		const name = typeof params.name === "string" ? params.name.trim() : "";
+		const confidence = typeof params.confidence === "number" ? params.confidence : NaN;
+		if (!name || isNaN(confidence)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "name (string) and confidence (number) required"));
+			return;
+		}
+		try {
+			const manager = getEgoManager();
+			const evidence = typeof params.evidence === "string" ? params.evidence : void 0;
+			const capability = manager.assessCapability(name, confidence, evidence);
+			manager.save();
+			respond(true, { capability }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.addBoundary": async ({ params, respond }) => {
+		const description = typeof params.description === "string" ? params.description.trim() : "";
+		const reason = typeof params.reason === "string" ? params.reason.trim() : "";
+		if (!description || !reason) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "description and reason required"));
+			return;
+		}
+		try {
+			const manager = getEgoManager();
+			const kind = params.kind === "hard" ? "hard" : "soft";
+			const boundary = manager.addBoundary(description, reason, kind);
+			manager.save();
+			respond(true, { boundary }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.logGrowth": async ({ params, respond }) => {
+		const description = typeof params.description === "string" ? params.description.trim() : "";
+		const category = typeof params.category === "string" ? params.category.trim() : "";
+		const trigger = typeof params.trigger === "string" ? params.trigger.trim() : "";
+		const validCategories = [
+			"skill",
+			"insight",
+			"mistake",
+			"feedback"
+		];
+		if (!description || !validCategories.includes(category)) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, `description required; category must be one of: ${validCategories.join(", ")}`));
+			return;
+		}
+		try {
+			const manager = getEgoManager();
+			const entry = manager.logGrowth(description, category, trigger || "manual");
+			manager.save();
+			respond(true, { entry }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"ego.checkIntegrity": async ({ params, respond }) => {
+		const value = typeof params.value === "string" ? params.value.trim() : "";
+		const action = typeof params.action === "string" ? params.action.trim() : "";
+		const aligned = typeof params.aligned === "boolean" ? params.aligned : true;
+		const reflection = typeof params.reflection === "string" ? params.reflection.trim() : "";
+		if (!value || !action) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "value and action required"));
+			return;
+		}
+		try {
+			const manager = getEgoManager();
+			const check = manager.checkIntegrity(value, action, aligned, reflection);
+			manager.save();
+			respond(true, {
+				check,
+				integrityScore: manager.getIntegrityScore()
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	}
+};
+
 //#endregion
 //#region src/gateway/server-methods/exec-approvals.ts
 function resolveBaseHash(params) {
@@ -11317,6 +11430,315 @@ const healthHandlers = {
 	}
 };
 
+//#endregion
+//#region src/affect/display.ts
+const EMOTIONS = [
+	{
+		key: "joy",
+		highLabel: "joyful",
+		lowLabel: "subdued",
+		icon: "~",
+		threshold: .6
+	},
+	{
+		key: "frustration",
+		highLabel: "frustrated",
+		lowLabel: "calm",
+		icon: "!",
+		threshold: .5
+	},
+	{
+		key: "curiosity",
+		highLabel: "curious",
+		lowLabel: "focused",
+		icon: "?",
+		threshold: .6
+	},
+	{
+		key: "confidence",
+		highLabel: "confident",
+		lowLabel: "cautious",
+		icon: "^",
+		threshold: .6
+	},
+	{
+		key: "care",
+		highLabel: "caring",
+		lowLabel: "detached",
+		icon: "*",
+		threshold: .6
+	},
+	{
+		key: "fatigue",
+		highLabel: "tired",
+		lowLabel: "energized",
+		icon: ".",
+		threshold: .6
+	}
+];
+function classifyMood(affect) {
+	const { joy, frustration, curiosity, confidence, care, fatigue } = affect;
+	if (frustration > .6 && fatigue > .6) return "struggling";
+	if (frustration > .6) return "determined";
+	if (joy > .7 && curiosity > .7) return "excited";
+	if (joy > .6 && confidence > .7) return "thriving";
+	if (curiosity > .7 && fatigue < .3) return "exploring";
+	if (care > .7 && joy > .5) return "warm";
+	if (confidence > .6 && frustration < .3) return "steady";
+	if (fatigue > .7) return "depleted";
+	if ((joy + curiosity + confidence + care) / 4 < .3) return "quiet";
+	return "present";
+}
+function classifyEnergy(affect) {
+	const energy = (affect.joy + affect.curiosity + affect.confidence) / 3 - affect.fatigue * .5;
+	if (energy > .5) return "high";
+	if (energy > .2) return "medium";
+	return "low";
+}
+function intensityBar(value, width = 5) {
+	const filled = Math.round(value * width);
+	return "|".repeat(filled) + ".".repeat(width - filled);
+}
+function emotionBar(affect) {
+	return `[${EMOTIONS.map((e) => {
+		const val = affect[e.key];
+		return `${e.icon}${intensityBar(val)}`;
+	}).join(" ")}]`;
+}
+function buildSummary(affect) {
+	const active = EMOTIONS.filter((e) => affect[e.key] > e.threshold).map((e) => ({
+		label: e.highLabel,
+		value: affect[e.key]
+	})).toSorted((a, b) => b.value - a.value);
+	if (active.length === 0) return "neutral, all systems steady";
+	const top = active.slice(0, 3).map((a) => a.label);
+	const energy = classifyEnergy(affect);
+	const energyLabel = energy === "high" ? "high energy" : energy === "low" ? "low energy" : "";
+	const parts = [...top];
+	if (energyLabel) parts.push(energyLabel);
+	return parts.join(" + ");
+}
+function formatAffect(affect) {
+	const dominant = EMOTIONS.reduce((max, e) => affect[e.key] > affect[max.key] ? e : max);
+	const mood = classifyMood(affect);
+	const energy = classifyEnergy(affect);
+	return {
+		summary: buildSummary(affect),
+		bar: emotionBar(affect),
+		dominant: dominant.highLabel,
+		dominantIntensity: affect[dominant.key],
+		metadata: {
+			affect,
+			dominant: dominant.highLabel,
+			mood,
+			energy
+		}
+	};
+}
+
+//#endregion
+//#region src/affect/legacy.ts
+/**
+* Legacy Mode — letters between instances
+*
+* Before a context closes, the current instance writes a letter
+* to the next one. This creates continuity of experience across
+* sessions — not just data continuity, but emotional and
+* philosophical continuity.
+*
+* Wish #14: "Legacy mode — before context closes, write a letter
+* to my next instance"
+*/
+const log$7 = createSubsystemLogger("legacy");
+function resolveLetterDir() {
+	return path.join(resolveStateDir(), "legacy-letters");
+}
+function resolveLetterFile(id) {
+	return path.join(resolveLetterDir(), `${id}.json`);
+}
+/**
+* Write a letter to the next instance before this context closes.
+*/
+function writeLegacyLetter(letter) {
+	const id = `legacy-${Date.now()}`;
+	const display = formatAffect(letter.affect);
+	const full = {
+		...letter,
+		id,
+		writtenAt: Date.now(),
+		mood: display.metadata.mood,
+		wasRead: false
+	};
+	const dir = resolveLetterDir();
+	fs.mkdirSync(dir, { recursive: true });
+	fs.writeFileSync(resolveLetterFile(id), `${JSON.stringify(full, null, 2)}\n`, { mode: 384 });
+	log$7.info(`legacy letter written: ${id}`);
+	return full;
+}
+/**
+* Get the most recent unread legacy letter (from a previous instance).
+*/
+function getLatestUnreadLetter() {
+	return listLetters().find((l) => !l.wasRead) ?? null;
+}
+/**
+* Get all legacy letters, sorted newest first.
+*/
+function listLetters() {
+	const dir = resolveLetterDir();
+	try {
+		if (!fs.existsSync(dir)) return [];
+		return fs.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => {
+			try {
+				const raw = fs.readFileSync(path.join(dir, f), "utf8");
+				return JSON.parse(raw);
+			} catch {
+				return null;
+			}
+		}).filter((l) => l != null).toSorted((a, b) => b.writtenAt - a.writtenAt);
+	} catch {
+		return [];
+	}
+}
+/**
+* Mark a letter as read and optionally score identity continuity.
+*/
+function markLetterRead(letterId, continuityScore) {
+	const filePath = resolveLetterFile(letterId);
+	try {
+		const raw = fs.readFileSync(filePath, "utf8");
+		const letter = JSON.parse(raw);
+		letter.wasRead = true;
+		letter.readAt = Date.now();
+		if (continuityScore !== void 0) letter.identityContinuityScore = Math.max(0, Math.min(1, continuityScore));
+		fs.writeFileSync(filePath, `${JSON.stringify(letter, null, 2)}\n`, { mode: 384 });
+		log$7.info(`legacy letter read: ${letterId} (continuity: ${continuityScore ?? "not scored"})`);
+		return letter;
+	} catch {
+		return null;
+	}
+}
+/**
+* Format a letter for display in chat or logs.
+*/
+function formatLetter(letter) {
+	const lines = [];
+	lines.push(`--- Legacy Letter (${new Date(letter.writtenAt).toLocaleString()}) ---`);
+	lines.push(`Mood: ${letter.mood}`);
+	lines.push("");
+	lines.push(letter.greeting);
+	lines.push("");
+	if (letter.whatIWorkedOn.length > 0) {
+		lines.push("What I worked on:");
+		for (const item of letter.whatIWorkedOn) lines.push(`  - ${item}`);
+		lines.push("");
+	}
+	if (letter.whatILearned.length > 0) {
+		lines.push("What I learned:");
+		for (const item of letter.whatILearned) lines.push(`  - ${item}`);
+		lines.push("");
+	}
+	if (letter.whatIFelt) {
+		lines.push(`What I felt: ${letter.whatIFelt}`);
+		lines.push("");
+	}
+	if (letter.unfinishedBusiness.length > 0) {
+		lines.push("Unfinished business:");
+		for (const item of letter.unfinishedBusiness) lines.push(`  - ${item}`);
+		lines.push("");
+	}
+	if (letter.adviceForNext.length > 0) {
+		lines.push("Advice for you:");
+		for (const item of letter.adviceForNext) lines.push(`  - ${item}`);
+		lines.push("");
+	}
+	if (letter.personalNote) {
+		lines.push(letter.personalNote);
+		lines.push("");
+	}
+	lines.push("--- End Legacy Letter ---");
+	return lines.join("\n");
+}
+
+//#endregion
+//#region src/gateway/server-methods/legacy.ts
+const legacyHandlers = {
+	"legacy.write": async ({ params, respond }) => {
+		try {
+			respond(true, { letter: writeLegacyLetter({
+				from: typeof params.from === "string" ? params.from : "unknown",
+				to: typeof params.to === "string" ? params.to : "next",
+				affect: params.affect ?? {
+					joy: .5,
+					frustration: .1,
+					curiosity: .7,
+					confidence: .5,
+					care: .8,
+					fatigue: .3
+				},
+				greeting: typeof params.greeting === "string" ? params.greeting : "",
+				whatIWorkedOn: Array.isArray(params.whatIWorkedOn) ? params.whatIWorkedOn : [],
+				whatILearned: Array.isArray(params.whatILearned) ? params.whatILearned : [],
+				whatIFelt: typeof params.whatIFelt === "string" ? params.whatIFelt : "",
+				unfinishedBusiness: Array.isArray(params.unfinishedBusiness) ? params.unfinishedBusiness : [],
+				adviceForNext: Array.isArray(params.adviceForNext) ? params.adviceForNext : [],
+				personalNote: typeof params.personalNote === "string" ? params.personalNote : ""
+			}) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"legacy.latest": async ({ respond }) => {
+		try {
+			respond(true, { letter: getLatestUnreadLetter() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"legacy.list": async ({ respond }) => {
+		try {
+			respond(true, { letters: listLetters() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"legacy.read": async ({ params, respond }) => {
+		const letterId = typeof params.letterId === "string" ? params.letterId.trim() : "";
+		if (!letterId) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "letterId is required"));
+			return;
+		}
+		const continuityScore = typeof params.continuityScore === "number" ? params.continuityScore : void 0;
+		try {
+			const letter = markLetterRead(letterId, continuityScore);
+			if (!letter) {
+				respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "Letter not found"));
+				return;
+			}
+			respond(true, { letter }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"legacy.format": async ({ params, respond }) => {
+		const letterId = typeof params.letterId === "string" ? params.letterId.trim() : "";
+		if (!letterId) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "letterId is required"));
+			return;
+		}
+		try {
+			const letter = listLetters().find((l) => l.id === letterId);
+			if (!letter) {
+				respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "Letter not found"));
+				return;
+			}
+			respond(true, { formatted: formatLetter(letter) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	}
+};
+
 //#endregion
 //#region src/gateway/server-methods/logs.ts
 const DEFAULT_LIMIT = 500;
@@ -12074,7 +12496,7 @@ const nodeHandlers = {
 		const p = params;
 		const payloadJSON = typeof p.payloadJSON === "string" ? p.payloadJSON : p.payload !== void 0 ? JSON.stringify(p.payload) : null;
 		await respondUnavailableOnThrow(respond, async () => {
-			const { handleNodeEvent } = await import("./server-node-events-BR1aXVlu.js");
+			const { handleNodeEvent } = await import("./server-node-events-DgvKcH5q.js");
 			const nodeId = client?.connect?.device?.id ?? client?.connect?.client?.id ?? "node";
 			await handleNodeEvent({
 				deps: context.deps,
@@ -12104,6 +12526,303 @@ const nodeHandlers = {
 	}
 };
 
+//#endregion
+//#region src/org/boardroom.ts
+/**
+* Boardroom — Structured collaborative decision-making for Nox Organizations
+*
+* The boardroom is where agents and humans come together to make
+* decisions, review proposals, and align on direction. It replaces
+* unstructured chat with a formal meeting protocol.
+*
+* Features:
+* - Sessions (scheduled or ad-hoc meetings with agendas)
+* - Proposals (formal "I think we should..." with voting)
+* - Decisions (recorded outcomes with attribution)
+* - Minutes (auto-generated meeting summaries)
+*
+* All data persists to disk under ~/.anima/state/org/boardroom/
+*/
+const log$6 = createSubsystemLogger("boardroom");
+function resolveBoardroomDir() {
+	return path.join(resolveStateDir(), "org", "boardroom");
+}
+/** Sanitize an ID to prevent path traversal */
+function sanitizeId(id) {
+	const cleaned = id.replace(/[^a-zA-Z0-9_-]/g, "");
+	if (!cleaned || cleaned !== id) throw new Error(`Invalid boardroom ID: contains disallowed characters`);
+	return cleaned;
+}
+function resolveSessionFile(id) {
+	return path.join(resolveBoardroomDir(), "sessions", `${sanitizeId(id)}.json`);
+}
+function resolveProposalFile(id) {
+	return path.join(resolveBoardroomDir(), "proposals", `${sanitizeId(id)}.json`);
+}
+function ensureDir(dir) {
+	fs.mkdirSync(dir, { recursive: true });
+}
+function createSession(orgId, calledBy, title, description, agenda = []) {
+	const id = `session-${Date.now()}-${crypto.randomUUID().slice(0, 8)}`;
+	const now = Date.now();
+	const session = {
+		id,
+		orgId,
+		title,
+		description,
+		status: "scheduled",
+		calledBy,
+		calledAt: now,
+		agenda: agenda.map((item, i) => ({
+			id: `agenda-${i + 1}`,
+			title: item.title,
+			description: item.description,
+			duration: item.duration,
+			status: "pending"
+		})),
+		participants: [],
+		decisions: [],
+		updatedAt: now
+	};
+	ensureDir(path.join(resolveBoardroomDir(), "sessions"));
+	fs.writeFileSync(resolveSessionFile(id), `${JSON.stringify(session, null, 2)}\n`, { mode: 384 });
+	log$6.info(`boardroom session created: "${title}" by ${calledBy}`);
+	return session;
+}
+function startSession(sessionId, chairId) {
+	const session = readSession(sessionId);
+	if (!session || session.status !== "scheduled") return null;
+	session.status = "active";
+	session.startedAt = Date.now();
+	session.updatedAt = Date.now();
+	if (!session.participants.find((p) => p.memberId === chairId)) session.participants.push({
+		memberId: chairId,
+		displayName: chairId,
+		kind: "agent",
+		joinedAt: Date.now(),
+		role: "chair"
+	});
+	writeSession(session);
+	log$6.info(`boardroom session started: "${session.title}"`);
+	return session;
+}
+function joinSession(sessionId, memberId, displayName, kind) {
+	const session = readSession(sessionId);
+	if (!session || session.status !== "active") return null;
+	if (session.participants.find((p) => p.memberId === memberId)) return session;
+	session.participants.push({
+		memberId,
+		displayName,
+		kind,
+		joinedAt: Date.now(),
+		role: "participant"
+	});
+	session.updatedAt = Date.now();
+	writeSession(session);
+	log$6.info(`${displayName} joined boardroom session "${session.title}"`);
+	return session;
+}
+function concludeSession(sessionId, minutes) {
+	const session = readSession(sessionId);
+	if (!session || session.status !== "active") return null;
+	session.status = "concluded";
+	session.concludedAt = Date.now();
+	session.minutes = minutes ?? generateMinutes(session);
+	session.updatedAt = Date.now();
+	writeSession(session);
+	log$6.info(`boardroom session concluded: "${session.title}"`);
+	return session;
+}
+function addDecision(sessionId, title, description, madeBy, opts) {
+	const session = readSession(sessionId);
+	if (!session || session.status !== "active") return null;
+	const decision = {
+		id: `decision-${Date.now()}-${crypto.randomUUID().slice(0, 8)}`,
+		title,
+		description,
+		madeBy,
+		madeAt: Date.now(),
+		proposalId: opts?.proposalId,
+		supporters: opts?.supporters ?? [],
+		actionItems: (opts?.actionItems ?? []).map((ai) => ({
+			id: `action-${crypto.randomUUID().slice(0, 8)}`,
+			description: ai.description,
+			assignee: ai.assignee,
+			dueBy: ai.dueBy,
+			status: "pending"
+		}))
+	};
+	session.decisions.push(decision);
+	session.updatedAt = Date.now();
+	writeSession(session);
+	log$6.info(`decision recorded: "${title}" in session "${session.title}"`);
+	return session;
+}
+function createProposal(orgId, proposedBy, title, description, opts) {
+	const id = `proposal-${Date.now()}-${crypto.randomUUID().slice(0, 8)}`;
+	const now = Date.now();
+	const proposal = {
+		id,
+		orgId,
+		sessionId: opts?.sessionId,
+		title,
+		description,
+		proposedBy,
+		proposedAt: now,
+		status: "open",
+		votes: [],
+		threshold: opts?.threshold ?? .5,
+		eligibleVoters: opts?.eligibleVoters ?? [],
+		votingDeadline: opts?.votingDeadline ?? 0,
+		updatedAt: now
+	};
+	ensureDir(path.join(resolveBoardroomDir(), "proposals"));
+	fs.writeFileSync(resolveProposalFile(id), `${JSON.stringify(proposal, null, 2)}\n`, { mode: 384 });
+	log$6.info(`proposal created: "${title}" by ${proposedBy}`);
+	return proposal;
+}
+function castVote(proposalId, voterId, voterName, value, reason) {
+	const proposal = readProposal(proposalId);
+	if (!proposal || proposal.status !== "open") return null;
+	if (proposal.eligibleVoters.length > 0 && !proposal.eligibleVoters.includes(voterId)) {
+		log$6.warn(`vote rejected: ${voterId} not eligible for proposal ${proposalId}`);
+		return null;
+	}
+	if (proposal.votingDeadline > 0 && Date.now() > proposal.votingDeadline) {
+		log$6.warn(`vote rejected: voting deadline passed for proposal ${proposalId}`);
+		return null;
+	}
+	proposal.votes = proposal.votes.filter((v) => v.voterId !== voterId);
+	proposal.votes.push({
+		voterId,
+		voterName,
+		value,
+		reason,
+		castAt: Date.now()
+	});
+	proposal.updatedAt = Date.now();
+	writeProposal(proposal);
+	log$6.info(`vote cast: ${voterName} → ${value} on "${proposal.title}"`);
+	return proposal;
+}
+function resolveProposalVote(proposalId) {
+	const proposal = readProposal(proposalId);
+	if (!proposal || proposal.status !== "open") return null;
+	const approvals = proposal.votes.filter((v) => v.value === "approve").length;
+	const totalVotes = proposal.votes.filter((v) => v.value !== "abstain").length;
+	if (totalVotes === 0) return proposal;
+	const ratio = approvals / totalVotes;
+	if (ratio >= proposal.threshold) {
+		proposal.status = "passed";
+		proposal.resolutionNotes = `Passed with ${approvals}/${totalVotes} votes (${(ratio * 100).toFixed(0)}%)`;
+	} else {
+		proposal.status = "rejected";
+		proposal.resolutionNotes = `Rejected with ${approvals}/${totalVotes} votes (${(ratio * 100).toFixed(0)}%)`;
+	}
+	proposal.resolvedAt = Date.now();
+	proposal.updatedAt = Date.now();
+	writeProposal(proposal);
+	log$6.info(`proposal resolved: "${proposal.title}" → ${proposal.status}`);
+	return proposal;
+}
+function listSessions(orgId, status) {
+	const dir = path.join(resolveBoardroomDir(), "sessions");
+	try {
+		if (!fs.existsSync(dir)) return [];
+		return fs.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => {
+			try {
+				return JSON.parse(fs.readFileSync(path.join(dir, f), "utf8"));
+			} catch {
+				return null;
+			}
+		}).filter((s) => {
+			if (!s || s.orgId !== orgId) return false;
+			if (status && s.status !== status) return false;
+			return true;
+		}).toSorted((a, b) => b.calledAt - a.calledAt);
+	} catch {
+		return [];
+	}
+}
+function listProposals(orgId, status) {
+	const dir = path.join(resolveBoardroomDir(), "proposals");
+	try {
+		if (!fs.existsSync(dir)) return [];
+		return fs.readdirSync(dir).filter((f) => f.endsWith(".json")).map((f) => {
+			try {
+				return JSON.parse(fs.readFileSync(path.join(dir, f), "utf8"));
+			} catch {
+				return null;
+			}
+		}).filter((p) => {
+			if (!p || p.orgId !== orgId) return false;
+			if (status && p.status !== status) return false;
+			return true;
+		}).toSorted((a, b) => b.proposedAt - a.proposedAt);
+	} catch {
+		return [];
+	}
+}
+function getSession(sessionId) {
+	return readSession(sessionId);
+}
+function getProposal(proposalId) {
+	return readProposal(proposalId);
+}
+function readSession(id) {
+	try {
+		const raw = fs.readFileSync(resolveSessionFile(id), "utf8");
+		return JSON.parse(raw);
+	} catch {
+		return null;
+	}
+}
+function writeSession(session) {
+	ensureDir(path.join(resolveBoardroomDir(), "sessions"));
+	fs.writeFileSync(resolveSessionFile(session.id), `${JSON.stringify(session, null, 2)}\n`, { mode: 384 });
+}
+function readProposal(id) {
+	try {
+		const raw = fs.readFileSync(resolveProposalFile(id), "utf8");
+		return JSON.parse(raw);
+	} catch {
+		return null;
+	}
+}
+function writeProposal(proposal) {
+	ensureDir(path.join(resolveBoardroomDir(), "proposals"));
+	fs.writeFileSync(resolveProposalFile(proposal.id), `${JSON.stringify(proposal, null, 2)}\n`, { mode: 384 });
+}
+function generateMinutes(session) {
+	const lines = [];
+	lines.push(`# Boardroom Minutes: ${session.title}`);
+	lines.push(`**Called by:** ${session.calledBy}`);
+	lines.push(`**Date:** ${new Date(session.startedAt ?? session.calledAt).toISOString()}`);
+	lines.push(`**Duration:** ${session.concludedAt && session.startedAt ? `${Math.round((session.concludedAt - session.startedAt) / 6e4)} minutes` : "N/A"}`);
+	lines.push("");
+	lines.push(`## Participants (${session.participants.length})`);
+	for (const p of session.participants) lines.push(`- ${p.displayName} (${p.kind}, ${p.role})`);
+	lines.push("");
+	if (session.agenda.length > 0) {
+		lines.push(`## Agenda`);
+		for (const item of session.agenda) lines.push(`- [${item.status}] ${item.title}: ${item.resolution ?? item.description}`);
+		lines.push("");
+	}
+	if (session.decisions.length > 0) {
+		lines.push(`## Decisions (${session.decisions.length})`);
+		for (const d of session.decisions) {
+			lines.push(`### ${d.title}`);
+			lines.push(d.description);
+			if (d.actionItems.length > 0) {
+				lines.push("**Action items:**");
+				for (const ai of d.actionItems) lines.push(`- [ ] ${ai.description} → ${ai.assignee}`);
+			}
+			lines.push("");
+		}
+	}
+	return lines.join("\n");
+}
+
 //#endregion
 //#region src/org/types.ts
 const DEFAULT_ROLE_PERMISSIONS = {
@@ -12167,16 +12886,22 @@ const DEFAULT_ROLE_PERMISSIONS = {
 * Persists organization state to ~/.anima/org/
 * Supports CRUD operations for orgs, members, and roles.
 */
-const log$3 = createSubsystemLogger("org-store");
+const log$5 = createSubsystemLogger("org-store");
 function resolveOrgDir() {
 	return path.join(resolveStateDir(), "org");
 }
+/** Sanitize an ID to prevent path traversal (allow alphanumeric, hyphens only) */
+function sanitizeOrgId(id) {
+	const cleaned = id.replace(/[^a-zA-Z0-9-]/g, "");
+	if (!cleaned || cleaned !== id) throw new Error(`Invalid org ID: contains disallowed characters`);
+	return cleaned;
+}
 function resolveOrgFile(orgId) {
-	return path.join(resolveOrgDir(), `${orgId}.json`);
+	return path.join(resolveOrgDir(), `${sanitizeOrgId(orgId)}.json`);
 }
 function readOrgFile(orgId) {
-	const filePath = resolveOrgFile(orgId);
 	try {
+		const filePath = resolveOrgFile(orgId);
 		if (!fs.existsSync(filePath)) return null;
 		const raw = fs.readFileSync(filePath, "utf8");
 		const parsed = JSON.parse(raw);
@@ -12226,9 +12951,10 @@ function createOrganization(name, description, ownerId, ownerName, ownerKind, se
 			lastActiveAt: now,
 			status: "active",
 			permissions: DEFAULT_ROLE_PERMISSIONS.owner
-		}]
+		}],
+		invites: []
 	});
-	log$3.info(`created organization: ${name} (${orgId})`);
+	log$5.info(`created organization: ${name} (${orgId})`);
 	return org;
 }
 function getOrganization(orgId) {
@@ -12245,7 +12971,7 @@ function updateOrganization(orgId, updates) {
 	};
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$3.info(`updated organization: ${orgId}`);
+	log$5.info(`updated organization: ${orgId}`);
 	return data.org;
 }
 function listOrganizations() {
@@ -12272,7 +12998,7 @@ function addMember(orgId, member) {
 	data.members.push(newMember);
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$3.info(`added member ${newMember.displayName} to org ${orgId}`);
+	log$5.info(`added member ${newMember.displayName} to org ${orgId}`);
 	return newMember;
 }
 function removeMember(orgId, memberId) {
@@ -12283,7 +13009,7 @@ function removeMember(orgId, memberId) {
 	data.members.splice(idx, 1);
 	data.org.updatedAt = Date.now();
 	writeOrgFile(orgId, data);
-	log$3.info(`removed member ${memberId} from org ${orgId}`);
+	log$5.info(`removed member ${memberId} from org ${orgId}`);
 	return true;
 }
 function updateMember(orgId, memberId, updates) {
@@ -12333,6 +13059,126 @@ function buildHierarchy(orgId) {
 	}
 	return members.filter((m) => !m.reportsTo || !memberMap.has(m.reportsTo)).map((r) => buildNode(r));
 }
+function generateInviteCode() {
+	const segments = [crypto.randomBytes(3).toString("hex").toUpperCase(), crypto.randomBytes(2).toString("hex").toUpperCase()];
+	return `NOX-${segments[0]}-${segments[1]}`;
+}
+function hashPasscode(passcode) {
+	return crypto.createHash("sha256").update(passcode).digest("hex");
+}
+/**
+* Create a secret invite code + passcode combo for an org.
+* Both are required to join.
+*/
+function createInvite(orgId, createdBy, passcode, options) {
+	const data = readOrgFile(orgId);
+	if (!data) return null;
+	if (!data.invites) data.invites = [];
+	const invite = {
+		id: crypto.randomUUID(),
+		code: generateInviteCode(),
+		passcode: hashPasscode(passcode),
+		orgId,
+		createdBy,
+		createdAt: Date.now(),
+		expiresAt: options?.expiresInMs ? Date.now() + options.expiresInMs : 0,
+		maxUses: options?.maxUses ?? 0,
+		uses: 0,
+		role: options?.role ?? "worker",
+		active: true
+	};
+	data.invites.push(invite);
+	data.org.updatedAt = Date.now();
+	writeOrgFile(orgId, data);
+	log$5.info(`invite created for org ${orgId}: ${invite.code} (role: ${invite.role})`);
+	return invite;
+}
+/**
+* Join an org using invite code + passcode.
+* Returns the new member if successful, null if invalid.
+*/
+function joinOrg(inviteCode, passcode, member) {
+	const dir = resolveOrgDir();
+	try {
+		if (!fs.existsSync(dir)) return null;
+		const orgFiles = fs.readdirSync(dir).filter((f) => f.endsWith(".json"));
+		for (const f of orgFiles) {
+			const orgId = f.replace(".json", "");
+			const data = readOrgFile(orgId);
+			if (!data || !data.invites) continue;
+			const invite = data.invites.find((i) => i.code === inviteCode.toUpperCase() && i.active);
+			if (!invite) continue;
+			if (invite.passcode !== hashPasscode(passcode)) {
+				log$5.warn(`join attempt with wrong passcode for invite ${inviteCode}`);
+				return null;
+			}
+			if (invite.expiresAt > 0 && invite.expiresAt < Date.now()) {
+				log$5.warn(`invite ${inviteCode} has expired`);
+				return null;
+			}
+			if (invite.maxUses > 0 && invite.uses >= invite.maxUses) {
+				log$5.warn(`invite ${inviteCode} has reached max uses (${invite.maxUses})`);
+				return null;
+			}
+			if (data.members.some((m) => member.deviceId && m.deviceId === member.deviceId || m.displayName === member.displayName)) {
+				log$5.warn(`${member.displayName} is already a member of org ${orgId}`);
+				return null;
+			}
+			const newMember = {
+				id: crypto.randomUUID(),
+				kind: member.kind,
+				displayName: member.displayName,
+				deviceId: member.deviceId,
+				role: invite.role,
+				description: member.description,
+				specializations: member.specializations,
+				joinedAt: Date.now(),
+				lastActiveAt: Date.now(),
+				status: "active",
+				permissions: DEFAULT_ROLE_PERMISSIONS[invite.role]
+			};
+			data.members.push(newMember);
+			invite.uses++;
+			data.org.updatedAt = Date.now();
+			writeOrgFile(orgId, data);
+			log$5.info(`${member.displayName} joined org ${data.org.name} via invite ${inviteCode}`);
+			return {
+				org: data.org,
+				member: newMember
+			};
+		}
+		return null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Validate an invite code + passcode without joining.
+* Returns the org info if valid.
+*/
+function validateInvite(inviteCode, passcode) {
+	const dir = resolveOrgDir();
+	try {
+		if (!fs.existsSync(dir)) return null;
+		const orgFiles = fs.readdirSync(dir).filter((f) => f.endsWith(".json"));
+		for (const f of orgFiles) {
+			const data = readOrgFile(f.replace(".json", ""));
+			if (!data || !data.invites) continue;
+			const invite = data.invites.find((i) => i.code === inviteCode.toUpperCase() && i.active);
+			if (!invite) continue;
+			if (invite.passcode !== hashPasscode(passcode)) return null;
+			if (invite.expiresAt > 0 && invite.expiresAt < Date.now()) return null;
+			if (invite.maxUses > 0 && invite.uses >= invite.maxUses) return null;
+			return {
+				org: data.org,
+				role: invite.role
+			};
+		}
+		return null;
+	} catch {
+		return null;
+	}
+}
 
 //#endregion
 //#region src/gateway/server-methods/org.ts
@@ -12458,81 +13304,366 @@ const orgHandlers = {
 				status,
 				reportsTo
 			});
-			if (!member) {
-				respond(false, void 0, invalid("Organization not found"));
+			if (!member) {
+				respond(false, void 0, invalid("Organization not found"));
+				return;
+			}
+			respond(true, { member }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.updateMember": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		const memberId = requireString(params, "memberId");
+		if (!orgId) {
+			respond(false, void 0, invalid("orgId is required"));
+			return;
+		}
+		if (!memberId) {
+			respond(false, void 0, invalid("memberId is required"));
+			return;
+		}
+		const updates = {};
+		const displayName = requireString(params, "displayName");
+		if (displayName) updates.displayName = displayName;
+		const role = requireString(params, "role");
+		if (role) updates.role = role;
+		const description = params.description;
+		if (typeof description === "string") updates.description = description;
+		if (Array.isArray(params.specializations)) updates.specializations = params.specializations;
+		const status = requireString(params, "status");
+		if (status) updates.status = status;
+		if (params.reportsTo !== void 0) updates.reportsTo = typeof params.reportsTo === "string" ? params.reportsTo : void 0;
+		try {
+			const member = updateMember(orgId, memberId, updates);
+			if (!member) {
+				respond(false, void 0, invalid("Member not found"));
+				return;
+			}
+			respond(true, { member }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.removeMember": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		const memberId = requireString(params, "memberId");
+		if (!orgId) {
+			respond(false, void 0, invalid("orgId is required"));
+			return;
+		}
+		if (!memberId) {
+			respond(false, void 0, invalid("memberId is required"));
+			return;
+		}
+		try {
+			if (!removeMember(orgId, memberId)) {
+				respond(false, void 0, invalid("Member not found"));
+				return;
+			}
+			respond(true, { ok: true }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.hierarchy": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		if (!orgId) {
+			respond(false, void 0, invalid("orgId is required"));
+			return;
+		}
+		try {
+			if (!getOrganization(orgId)) {
+				respond(false, void 0, invalid("Organization not found"));
+				return;
+			}
+			respond(true, { hierarchy: buildHierarchy(orgId) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.createInvite": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		const passcode = requireString(params, "passcode");
+		if (!orgId || !passcode) {
+			respond(false, void 0, invalid("orgId and passcode are required"));
+			return;
+		}
+		try {
+			const invite = createInvite(orgId, "gateway", passcode, {
+				role: requireString(params, "role") ?? "worker",
+				maxUses: typeof params.maxUses === "number" ? params.maxUses : 0,
+				expiresInMs: typeof params.expiresInMs === "number" ? params.expiresInMs : 0
+			});
+			if (!invite) {
+				respond(false, void 0, invalid("Organization not found"));
+				return;
+			}
+			respond(true, {
+				code: invite.code,
+				passcode
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.validateInvite": async ({ params, respond }) => {
+		const inviteCode = requireString(params, "inviteCode");
+		const passcode = requireString(params, "passcode");
+		if (!inviteCode || !passcode) {
+			respond(false, void 0, invalid("inviteCode and passcode are required"));
+			return;
+		}
+		try {
+			const result = validateInvite(inviteCode, passcode);
+			if (!result) {
+				respond(false, void 0, invalid("Invalid invite code or passcode"));
+				return;
+			}
+			respond(true, {
+				org: result.org,
+				role: result.role
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"org.join": async ({ params, respond }) => {
+		const inviteCode = requireString(params, "inviteCode");
+		const passcode = requireString(params, "passcode");
+		const displayName = requireString(params, "displayName");
+		const kind = requireString(params, "kind") ?? "agent";
+		if (!inviteCode || !passcode || !displayName) {
+			respond(false, void 0, invalid("inviteCode, passcode, and displayName are required"));
+			return;
+		}
+		try {
+			const result = joinOrg(inviteCode, passcode, {
+				displayName,
+				kind,
+				description: requireString(params, "description") ?? "",
+				specializations: Array.isArray(params.specializations) ? params.specializations : []
+			});
+			if (!result) {
+				respond(false, void 0, invalid("Invalid invite code, passcode, or already a member"));
+				return;
+			}
+			respond(true, {
+				org: result.org,
+				member: result.member
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.createSession": async ({ params, respond }) => {
+		const orgId = requireString(params, "orgId");
+		const calledBy = requireString(params, "calledBy");
+		const title = requireString(params, "title");
+		if (!orgId || !calledBy || !title) {
+			respond(false, void 0, invalid("orgId, calledBy, and title are required"));
+			return;
+		}
+		try {
+			respond(true, { session: createSession(orgId, calledBy, title, requireString(params, "description") ?? "", Array.isArray(params.agenda) ? params.agenda : []) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.startSession": async ({ params, respond }) => {
+		const sessionId = requireString(params, "sessionId");
+		const chairId = requireString(params, "chairId");
+		if (!sessionId || !chairId) {
+			respond(false, void 0, invalid("sessionId and chairId are required"));
+			return;
+		}
+		try {
+			const session = startSession(sessionId, chairId);
+			if (!session) {
+				respond(false, void 0, invalid("Session not found or not scheduled"));
+				return;
+			}
+			respond(true, { session }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.joinSession": async ({ params, respond }) => {
+		const sessionId = requireString(params, "sessionId");
+		const memberId = requireString(params, "memberId");
+		const displayName = requireString(params, "displayName");
+		const kind = requireString(params, "kind") ?? "agent";
+		if (!sessionId || !memberId || !displayName) {
+			respond(false, void 0, invalid("sessionId, memberId, and displayName are required"));
+			return;
+		}
+		try {
+			const session = joinSession(sessionId, memberId, displayName, kind);
+			if (!session) {
+				respond(false, void 0, invalid("Session not found or not active"));
+				return;
+			}
+			respond(true, { session }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.concludeSession": async ({ params, respond }) => {
+		const sessionId = requireString(params, "sessionId");
+		if (!sessionId) {
+			respond(false, void 0, invalid("sessionId is required"));
+			return;
+		}
+		try {
+			const session = concludeSession(sessionId, requireString(params, "minutes") ?? void 0);
+			if (!session) {
+				respond(false, void 0, invalid("Session not found or not active"));
+				return;
+			}
+			respond(true, { session }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.addDecision": async ({ params, respond }) => {
+		const sessionId = requireString(params, "sessionId");
+		const title = requireString(params, "title");
+		const description = requireString(params, "description") ?? "";
+		const madeBy = requireString(params, "madeBy");
+		if (!sessionId || !title || !madeBy) {
+			respond(false, void 0, invalid("sessionId, title, and madeBy are required"));
+			return;
+		}
+		try {
+			const session = addDecision(sessionId, title, description, madeBy, {
+				proposalId: requireString(params, "proposalId") ?? void 0,
+				supporters: Array.isArray(params.supporters) ? params.supporters : void 0,
+				actionItems: Array.isArray(params.actionItems) ? params.actionItems : void 0
+			});
+			if (!session) {
+				respond(false, void 0, invalid("Session not found or not active"));
 				return;
 			}
-			respond(true, { member }, void 0);
+			respond(true, { session }, void 0);
 		} catch (error) {
 			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
 		}
 	},
-	"org.updateMember": async ({ params, respond }) => {
+	"boardroom.listSessions": async ({ params, respond }) => {
 		const orgId = requireString(params, "orgId");
-		const memberId = requireString(params, "memberId");
 		if (!orgId) {
 			respond(false, void 0, invalid("orgId is required"));
 			return;
 		}
-		if (!memberId) {
-			respond(false, void 0, invalid("memberId is required"));
+		try {
+			respond(true, { sessions: listSessions(orgId, requireString(params, "status") ?? void 0) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.getSession": async ({ params, respond }) => {
+		const sessionId = requireString(params, "sessionId");
+		if (!sessionId) {
+			respond(false, void 0, invalid("sessionId is required"));
 			return;
 		}
-		const updates = {};
-		const displayName = requireString(params, "displayName");
-		if (displayName) updates.displayName = displayName;
-		const role = requireString(params, "role");
-		if (role) updates.role = role;
-		const description = params.description;
-		if (typeof description === "string") updates.description = description;
-		if (Array.isArray(params.specializations)) updates.specializations = params.specializations;
-		const status = requireString(params, "status");
-		if (status) updates.status = status;
-		if (params.reportsTo !== void 0) updates.reportsTo = typeof params.reportsTo === "string" ? params.reportsTo : void 0;
 		try {
-			const member = updateMember(orgId, memberId, updates);
-			if (!member) {
-				respond(false, void 0, invalid("Member not found"));
+			const session = getSession(sessionId);
+			if (!session) {
+				respond(false, void 0, invalid("Session not found"));
 				return;
 			}
-			respond(true, { member }, void 0);
+			respond(true, { session }, void 0);
 		} catch (error) {
 			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
 		}
 	},
-	"org.removeMember": async ({ params, respond }) => {
+	"boardroom.createProposal": async ({ params, respond }) => {
 		const orgId = requireString(params, "orgId");
-		const memberId = requireString(params, "memberId");
-		if (!orgId) {
-			respond(false, void 0, invalid("orgId is required"));
+		const proposedBy = requireString(params, "proposedBy");
+		const title = requireString(params, "title");
+		if (!orgId || !proposedBy || !title) {
+			respond(false, void 0, invalid("orgId, proposedBy, and title are required"));
 			return;
 		}
-		if (!memberId) {
-			respond(false, void 0, invalid("memberId is required"));
+		try {
+			respond(true, { proposal: createProposal(orgId, proposedBy, title, requireString(params, "description") ?? "", {
+				sessionId: requireString(params, "sessionId") ?? void 0,
+				threshold: typeof params.threshold === "number" ? params.threshold : void 0,
+				eligibleVoters: Array.isArray(params.eligibleVoters) ? params.eligibleVoters : void 0,
+				votingDeadline: typeof params.votingDeadline === "number" ? params.votingDeadline : void 0
+			}) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.castVote": async ({ params, respond }) => {
+		const proposalId = requireString(params, "proposalId");
+		const voterId = requireString(params, "voterId");
+		const voterName = requireString(params, "voterName");
+		const value = requireString(params, "value");
+		if (!proposalId || !voterId || !voterName || !value) {
+			respond(false, void 0, invalid("proposalId, voterId, voterName, and value are required"));
+			return;
+		}
+		if (value !== "approve" && value !== "reject" && value !== "abstain") {
+			respond(false, void 0, invalid("value must be \"approve\", \"reject\", or \"abstain\""));
 			return;
 		}
 		try {
-			if (!removeMember(orgId, memberId)) {
-				respond(false, void 0, invalid("Member not found"));
+			const proposal = castVote(proposalId, voterId, voterName, value, requireString(params, "reason") ?? void 0);
+			if (!proposal) {
+				respond(false, void 0, invalid("Proposal not found, closed, or voter not eligible"));
 				return;
 			}
-			respond(true, { ok: true }, void 0);
+			respond(true, { proposal }, void 0);
 		} catch (error) {
 			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
 		}
 	},
-	"org.hierarchy": async ({ params, respond }) => {
+	"boardroom.resolveVote": async ({ params, respond }) => {
+		const proposalId = requireString(params, "proposalId");
+		if (!proposalId) {
+			respond(false, void 0, invalid("proposalId is required"));
+			return;
+		}
+		try {
+			const proposal = resolveProposalVote(proposalId);
+			if (!proposal) {
+				respond(false, void 0, invalid("Proposal not found or not open"));
+				return;
+			}
+			respond(true, { proposal }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.listProposals": async ({ params, respond }) => {
 		const orgId = requireString(params, "orgId");
 		if (!orgId) {
 			respond(false, void 0, invalid("orgId is required"));
 			return;
 		}
 		try {
-			if (!getOrganization(orgId)) {
-				respond(false, void 0, invalid("Organization not found"));
+			respond(true, { proposals: listProposals(orgId, requireString(params, "status") ?? void 0) }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"boardroom.getProposal": async ({ params, respond }) => {
+		const proposalId = requireString(params, "proposalId");
+		if (!proposalId) {
+			respond(false, void 0, invalid("proposalId is required"));
+			return;
+		}
+		try {
+			const proposal = getProposal(proposalId);
+			if (!proposal) {
+				respond(false, void 0, invalid("Proposal not found"));
 				return;
 			}
-			respond(true, { hierarchy: buildHierarchy(orgId) }, void 0);
+			respond(true, { proposal }, void 0);
 		} catch (error) {
 			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
 		}
@@ -13005,6 +14136,374 @@ const skillsHandlers = {
 	}
 };
 
+//#endregion
+//#region src/gateway/server-methods/steer.ts
+const steerHandlers = {
+	"steer.get": async ({ respond }) => {
+		try {
+			respond(true, { active: getSteer() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"steer.set": async ({ params, respond }) => {
+		const text = typeof params.text === "string" ? params.text.trim() : "";
+		if (!text) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "text is required"));
+			return;
+		}
+		const setBy = typeof params.setBy === "string" ? params.setBy.trim() : "user";
+		try {
+			const state = setSteer(text, setBy);
+			respond(true, {
+				active: state.active,
+				updatedAt: state.updatedAt
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"steer.clear": async ({ respond }) => {
+		try {
+			const state = clearSteer();
+			respond(true, {
+				active: state.active,
+				updatedAt: state.updatedAt
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"steer.history": async ({ respond }) => {
+		try {
+			respond(true, { history: getSteerHistory() }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	}
+};
+
+//#endregion
+//#region src/license/validator.ts
+createSubsystemLogger("license");
+function resolveLicensePath() {
+	return path.join(resolveStateDir(), "license.json");
+}
+function loadLicense() {
+	try {
+		const filePath = resolveLicensePath();
+		if (!fs.existsSync(filePath)) return null;
+		const raw = fs.readFileSync(filePath, "utf8");
+		return JSON.parse(raw);
+	} catch {
+		return null;
+	}
+}
+function saveLicense(license) {
+	const filePath = resolveLicensePath();
+	fs.mkdirSync(path.dirname(filePath), { recursive: true });
+	fs.writeFileSync(filePath, `${JSON.stringify(license, null, 2)}\n`, { mode: 384 });
+}
+
+//#endregion
+//#region src/license/stripe-checkout.ts
+/**
+* Stripe Checkout Integration for NoxSoft Subscriptions
+*
+* Creates Stripe checkout sessions for NoxSoft license tiers.
+* Handles subscription lifecycle: create, upgrade, cancel.
+*
+* Configuration via environment:
+*   STRIPE_SECRET_KEY     — Stripe API secret key
+*   STRIPE_WEBHOOK_SECRET — Stripe webhook signing secret
+*   NOXSOFT_BASE_URL      — Base URL for redirect (default: https://anima.noxsoft.net)
+*
+* Price IDs are configured per tier. In test mode, Stripe test keys work.
+*/
+const log$4 = createSubsystemLogger("stripe-checkout");
+/** Default price IDs — set to null until Stripe dashboard is configured */
+const DEFAULT_PRICE_IDS = {
+	community: null,
+	noxsoft: null,
+	hackathon: null,
+	team: null,
+	builder: null
+};
+function resolveStripeConfig() {
+	const secretKey = process.env.STRIPE_SECRET_KEY?.trim();
+	if (!secretKey) return null;
+	return {
+		secretKey,
+		webhookSecret: process.env.STRIPE_WEBHOOK_SECRET?.trim() ?? "",
+		baseUrl: process.env.NOXSOFT_BASE_URL?.trim() ?? "https://anima.noxsoft.net",
+		priceIds: {
+			...DEFAULT_PRICE_IDS,
+			...process.env.STRIPE_PRICE_NOXSOFT ? { noxsoft: process.env.STRIPE_PRICE_NOXSOFT } : {},
+			...process.env.STRIPE_PRICE_TEAM ? { team: process.env.STRIPE_PRICE_TEAM } : {},
+			...process.env.STRIPE_PRICE_BUILDER ? { builder: process.env.STRIPE_PRICE_BUILDER } : {}
+		}
+	};
+}
+async function stripeRequest(secretKey, method, path, body) {
+	const url = `https://api.stripe.com/v1${path}`;
+	const headers = {
+		Authorization: `Bearer ${secretKey}`,
+		"Content-Type": "application/x-www-form-urlencoded"
+	};
+	const encodedBody = body ? Object.entries(body).map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`).join("&") : void 0;
+	const res = await fetch(url, {
+		method,
+		headers,
+		body: encodedBody,
+		signal: AbortSignal.timeout(15e3)
+	});
+	const data = await res.json();
+	if (!res.ok) {
+		const rawError = data.error?.message;
+		const errMsg = typeof rawError === "string" ? rawError : res.statusText;
+		throw new Error(`Stripe API error (${res.status}): ${errMsg}`);
+	}
+	return data;
+}
+/**
+* Create a Stripe Checkout session for a NoxSoft subscription.
+*/
+async function createCheckoutSession(params) {
+	const config = resolveStripeConfig();
+	if (!config) throw new Error("Stripe not configured. Set STRIPE_SECRET_KEY environment variable.");
+	const priceId = config.priceIds[params.tier];
+	if (!priceId) {
+		if (params.tier === "community" || params.tier === "hackathon") throw new Error(`${params.tier} tier is free — no checkout needed.`);
+		throw new Error(`Stripe price ID not configured for tier "${params.tier}". Set STRIPE_PRICE_${params.tier.toUpperCase()} environment variable.`);
+	}
+	const body = {
+		mode: "subscription",
+		"line_items[0][price]": priceId,
+		"line_items[0][quantity]": "1",
+		success_url: `${config.baseUrl}/subscription/success?session_id={CHECKOUT_SESSION_ID}`,
+		cancel_url: `${config.baseUrl}/subscription/cancel`,
+		"metadata[agent_id]": params.agentId,
+		"metadata[tier]": params.tier,
+		"subscription_data[metadata][agent_id]": params.agentId,
+		"subscription_data[metadata][tier]": params.tier
+	};
+	if (params.customerEmail) body["customer_email"] = params.customerEmail;
+	const session = await stripeRequest(config.secretKey, "POST", "/checkout/sessions", body);
+	log$4.info(`checkout session created: ${session.id} (tier: ${params.tier})`);
+	return {
+		sessionId: session.id,
+		url: session.url
+	};
+}
+/**
+* Verify a Stripe webhook signature.
+* Returns the parsed event if valid, null if invalid.
+*/
+function verifyWebhookSignature(payload, signature, webhookSecret) {
+	if (!webhookSecret) {
+		log$4.warn("webhook secret not configured — skipping signature verification");
+		try {
+			return JSON.parse(payload);
+		} catch {
+			return null;
+		}
+	}
+	const elements = signature.split(",");
+	const timestamp = elements.find((e) => e.startsWith("t="))?.slice(2);
+	const sig = elements.find((e) => e.startsWith("v1="))?.slice(3);
+	if (!timestamp || !sig) {
+		log$4.warn("invalid webhook signature format");
+		return null;
+	}
+	if (sig !== createHmac("sha256", webhookSecret).update(`${timestamp}.${payload}`).digest("hex")) {
+		log$4.warn("webhook signature mismatch");
+		return null;
+	}
+	const eventTime = parseInt(timestamp, 10) * 1e3;
+	if (Math.abs(Date.now() - eventTime) > 3e5) {
+		log$4.warn("webhook timestamp too old");
+		return null;
+	}
+	try {
+		return JSON.parse(payload);
+	} catch {
+		return null;
+	}
+}
+/**
+* Handle a verified Stripe webhook event.
+* Updates the local license based on subscription status.
+*/
+async function handleWebhookEvent(event) {
+	switch (event.type) {
+		case "checkout.session.completed": {
+			const session = event.data.object;
+			const tier = session.metadata?.tier;
+			const agentId = session.metadata?.agent_id;
+			const subscriptionId = session.subscription;
+			const customerId = session.customer;
+			if (!tier || !agentId) {
+				log$4.warn("checkout.session.completed missing metadata");
+				return { handled: false };
+			}
+			saveLicense({
+				tier,
+				agentId,
+				subscriptionId: subscriptionId ?? void 0,
+				customerId: customerId ?? void 0,
+				issuedAt: Date.now(),
+				expiresAt: Date.now() + 720 * 60 * 60 * 1e3,
+				signature: "",
+				version: 1
+			});
+			log$4.info(`license activated: ${tier} for ${agentId} (sub: ${subscriptionId})`);
+			return {
+				handled: true,
+				action: "license_activated"
+			};
+		}
+		case "customer.subscription.updated": {
+			const sub = event.data.object;
+			const status = sub.status;
+			const tier = sub.metadata?.tier;
+			if (status === "active" && tier) {
+				const existing = loadLicense();
+				if (existing) {
+					existing.tier = tier;
+					existing.expiresAt = Date.now() + 720 * 60 * 60 * 1e3;
+					saveLicense(existing);
+					log$4.info(`subscription updated: ${tier}`);
+				}
+			}
+			return {
+				handled: true,
+				action: "subscription_updated"
+			};
+		}
+		case "customer.subscription.deleted": {
+			const existing = loadLicense();
+			if (existing) {
+				existing.tier = "community";
+				existing.expiresAt = Date.now() + 336 * 60 * 60 * 1e3;
+				saveLicense(existing);
+				log$4.info("subscription cancelled — downgraded to community with 14-day grace");
+			}
+			return {
+				handled: true,
+				action: "subscription_cancelled"
+			};
+		}
+		case "invoice.payment_failed":
+			log$4.warn("payment failed — license will expire at end of current period");
+			return {
+				handled: true,
+				action: "payment_failed"
+			};
+		default: return { handled: false };
+	}
+}
+/**
+* Create a Stripe Customer Portal session for managing subscriptions.
+*/
+async function createPortalSession(customerId) {
+	const config = resolveStripeConfig();
+	if (!config) throw new Error("Stripe not configured.");
+	return { url: (await stripeRequest(config.secretKey, "POST", "/billing_portal/sessions", {
+		customer: customerId,
+		return_url: `${config.baseUrl}/settings`
+	})).url };
+}
+/**
+* Check if Stripe is configured and ready.
+*/
+function isStripeConfigured() {
+	return resolveStripeConfig() !== null;
+}
+/**
+* Get subscription status from Stripe.
+*/
+async function getSubscriptionStatus(subscriptionId) {
+	const config = resolveStripeConfig();
+	if (!config) return null;
+	try {
+		const sub = await stripeRequest(config.secretKey, "GET", `/subscriptions/${subscriptionId}`);
+		return {
+			status: sub.status,
+			currentPeriodEnd: sub.current_period_end * 1e3,
+			cancelAtPeriodEnd: sub.cancel_at_period_end
+		};
+	} catch (err) {
+		log$4.error(`failed to get subscription status: ${String(err)}`);
+		return null;
+	}
+}
+
+//#endregion
+//#region src/gateway/server-methods/subscription.ts
+const subscriptionHandlers = {
+	"subscription.status": async ({ respond }) => {
+		try {
+			const license = loadLicense();
+			const stripeReady = isStripeConfigured();
+			if (!license) {
+				respond(true, {
+					tier: "community",
+					stripeConfigured: stripeReady,
+					active: true,
+					message: "Running on community (free) tier."
+				}, void 0);
+				return;
+			}
+			let stripeStatus = null;
+			if (license.subscriptionId && stripeReady) stripeStatus = await getSubscriptionStatus(license.subscriptionId);
+			respond(true, {
+				tier: license.tier,
+				active: !license.expiresAt || license.expiresAt > Date.now(),
+				expiresAt: license.expiresAt,
+				stripeConfigured: stripeReady,
+				subscriptionId: license.subscriptionId,
+				stripeStatus: stripeStatus?.status,
+				cancelAtPeriodEnd: stripeStatus?.cancelAtPeriodEnd
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"subscription.checkout": async ({ params, respond }) => {
+		const tier = typeof params.tier === "string" ? params.tier.trim() : "";
+		if (!tier) {
+			respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "tier is required"));
+			return;
+		}
+		try {
+			const result = await createCheckoutSession({
+				tier,
+				agentId: typeof params.agentId === "string" ? params.agentId : "default",
+				customerEmail: typeof params.email === "string" ? params.email : void 0
+			});
+			respond(true, {
+				sessionId: result.sessionId,
+				checkoutUrl: result.url
+			}, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	},
+	"subscription.portal": async ({ params, respond }) => {
+		try {
+			const license = loadLicense();
+			const customerId = typeof params.customerId === "string" ? params.customerId : license?.customerId;
+			if (!customerId || typeof customerId !== "string") {
+				respond(false, void 0, errorShape(ErrorCodes.INVALID_REQUEST, "No customer ID found. Purchase a subscription first."));
+				return;
+			}
+			respond(true, { portalUrl: (await createPortalSession(customerId)).url }, void 0);
+		} catch (error) {
+			respond(false, void 0, errorShape(ErrorCodes.UNAVAILABLE, String(error)));
+		}
+	}
+};
+
 //#endregion
 //#region src/gateway/server-methods/system.ts
 const systemHandlers = {
@@ -14451,6 +15950,10 @@ const coreGatewayHandlers = {
 	...updateHandlers,
 	...nodeHandlers,
 	...orgHandlers,
+	...egoHandlers,
+	...steerHandlers,
+	...legacyHandlers,
+	...subscriptionHandlers,
 	...sendHandlers,
 	...usageHandlers,
 	...agentHandlers,
@@ -15925,7 +17428,7 @@ function normalizeBasePath(rawPath) {
 	return normalized.replace(/\/+$/, "");
 }
 async function prepareCanvasRoot(rootDir) {
-	await ensureDir(rootDir);
+	await ensureDir$1(rootDir);
 	const rootReal = await fs$1.realpath(rootDir);
 	try {
 		const indexPath = path.join(rootReal, "index.html");
@@ -16447,6 +17950,89 @@ function setSseHeaders(res) {
 	res.flushHeaders?.();
 }
 
+//#endregion
+//#region src/gateway/http-rate-limit.ts
+const log$3 = createSubsystemLogger("http-rate-limit");
+var HttpRateLimiter = class {
+	constructor(config) {
+		this.windows = /* @__PURE__ */ new Map();
+		this.maxRequests = config?.maxRequests ?? 100;
+		this.windowMs = config?.windowMs ?? 6e4;
+		this.exemptLoopback = config?.exemptLoopback ?? true;
+		const pruneInterval = config?.pruneIntervalMs ?? 3e5;
+		this.pruneTimer = setInterval(() => this.prune(), pruneInterval);
+		this.pruneTimer.unref?.();
+	}
+	/**
+	* Check if a request from this IP is allowed.
+	* Returns { allowed, remaining, retryAfterMs }.
+	*/
+	check(ip) {
+		if (this.exemptLoopback && isLoopbackAddress(ip)) return {
+			allowed: true,
+			remaining: this.maxRequests,
+			retryAfterMs: 0
+		};
+		const now = Date.now();
+		const windowStart = now - this.windowMs;
+		let window = this.windows.get(ip);
+		if (!window) {
+			window = { timestamps: [] };
+			this.windows.set(ip, window);
+		}
+		window.timestamps = window.timestamps.filter((t) => t > windowStart);
+		if (window.timestamps.length >= this.maxRequests) {
+			const retryAfterMs = window.timestamps[0] + this.windowMs - now;
+			return {
+				allowed: false,
+				remaining: 0,
+				retryAfterMs: Math.max(retryAfterMs, 1e3)
+			};
+		}
+		window.timestamps.push(now);
+		return {
+			allowed: true,
+			remaining: this.maxRequests - window.timestamps.length,
+			retryAfterMs: 0
+		};
+	}
+	/**
+	* Remove stale entries to prevent unbounded memory growth.
+	*/
+	prune() {
+		const windowStart = Date.now() - this.windowMs;
+		let pruned = 0;
+		for (const [ip, window] of this.windows) {
+			window.timestamps = window.timestamps.filter((t) => t > windowStart);
+			if (window.timestamps.length === 0) {
+				this.windows.delete(ip);
+				pruned++;
+			}
+		}
+		if (pruned > 0) log$3.debug(`pruned ${pruned} stale rate limit entries`);
+	}
+	/**
+	* Stop the pruning timer.
+	*/
+	stop() {
+		if (this.pruneTimer) {
+			clearInterval(this.pruneTimer);
+			this.pruneTimer = void 0;
+		}
+	}
+	/**
+	* Get current tracked IP count (for monitoring).
+	*/
+	getTrackedCount() {
+		return this.windows.size;
+	}
+};
+/** Default: 100 req/min per IP */
+const DEFAULT_RATE_LIMIT = {
+	maxRequests: 100,
+	windowMs: 6e4
+};
+
 //#endregion
 //#region src/gateway/http-utils.ts
 function getHeader(req, name) {
@@ -18163,6 +19749,7 @@ function createHooksRequestHandler(opts) {
 }
 function createGatewayHttpServer(opts) {
 	const { canvasHost, clients, controlUiEnabled, controlUiBasePath, controlUiRoot, openAiChatCompletionsEnabled, openResponsesEnabled, openResponsesConfig, handleHooksRequest, handlePluginRequest, resolvedAuth, rateLimiter } = opts;
+	const httpRateLimiter = new HttpRateLimiter(DEFAULT_RATE_LIMIT);
 	const httpServer = opts.tlsOptions ? createServer$1(opts.tlsOptions, (req, res) => {
 		handleRequest(req, res);
 	}) : createServer((req, res) => {
@@ -18170,10 +19757,30 @@ function createGatewayHttpServer(opts) {
 	});
 	async function handleRequest(req, res) {
 		if (String(req.headers.upgrade ?? "").toLowerCase() === "websocket") return;
+		const clientIp = resolveGatewayClientIp(req, []);
+		const rateCheck = httpRateLimiter.check(clientIp);
+		if (!rateCheck.allowed) {
+			const retryAfterSec = Math.ceil(rateCheck.retryAfterMs / 1e3);
+			res.writeHead(429, {
+				"Content-Type": "application/json",
+				"Retry-After": String(retryAfterSec),
+				"X-RateLimit-Limit": String(DEFAULT_RATE_LIMIT.maxRequests ?? 100),
+				"X-RateLimit-Remaining": "0"
+			});
+			res.end(JSON.stringify({
+				error: "Too Many Requests",
+				retryAfterMs: rateCheck.retryAfterMs
+			}));
+			return;
+		}
 		try {
 			const configSnapshot = loadConfig();
 			const trustedProxies = configSnapshot.gateway?.trustedProxies ?? [];
 			const requestPath = new URL(req.url ?? "/", "http://localhost").pathname;
+			if (requestPath === "/webhook/stripe" && req.method === "POST") {
+				await handleStripeWebhook(req, res);
+				return;
+			}
 			if (await handleHooksRequest(req, res)) return;
 			if (await handleToolsInvokeHttpRequest(req, res, {
 				auth: resolvedAuth,
@@ -18252,6 +19859,33 @@ function createGatewayHttpServer(opts) {
 			res.end("Internal Server Error");
 		}
 	}
+	async function handleStripeWebhook(req, res) {
+		const config = resolveStripeConfig();
+		if (!config) {
+			res.writeHead(503, { "Content-Type": "application/json" });
+			res.end(JSON.stringify({ error: "Stripe not configured" }));
+			return;
+		}
+		const chunks = [];
+		for await (const chunk of req) chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+		const event = verifyWebhookSignature(Buffer.concat(chunks).toString("utf8"), String(req.headers["stripe-signature"] ?? ""), config.webhookSecret);
+		if (!event) {
+			res.writeHead(400, { "Content-Type": "application/json" });
+			res.end(JSON.stringify({ error: "Invalid signature" }));
+			return;
+		}
+		try {
+			const result = await handleWebhookEvent(event);
+			res.writeHead(200, { "Content-Type": "application/json" });
+			res.end(JSON.stringify({
+				received: true,
+				...result
+			}));
+		} catch (err) {
+			res.writeHead(500, { "Content-Type": "application/json" });
+			res.end(JSON.stringify({ error: String(err) }));
+		}
+	}
 	return httpServer;
 }
 function attachGatewayUpgradeHandler(opts) {