@opencoreai/opencore 0.2.2 → 0.3.0

package/opencore dashboard/app.js

@@ -4,11 +4,13 @@
 
   const PAGES = [
     { id: "chat", label: "Mission Chat", eyebrow: "Control", blurb: "Live conversation with OpenCore and real-time task flow." },
+    { id: "schedules", label: "Scheduled Tasks", eyebrow: "Automation", blurb: "Cron-backed tasks that are still pending, active, missed, or need attention." },
     { id: "credentials", label: "Credentials", eyebrow: "Identity Access", blurb: "Store website logins, default email settings, and email-activation policy locally." },
     { id: "telegram", label: "Telegram", eyebrow: "Remote Control", blurb: "Connect Telegram, update bot settings, and monitor link status." },
     { id: "skills", label: "Skills", eyebrow: "Capability", blurb: "Installed and available OpenCore skills." },
     { id: "soul", label: "soul.md", eyebrow: "Identity", blurb: "Core identity, posture, and persona memory." },
     { id: "memory", label: "memory.md", eyebrow: "Recall", blurb: "Durable machine facts, lessons, and task history." },
+    { id: "computer-profile", label: "computer-profile.md", eyebrow: "Machine State", blurb: "Hardware, browser, workspace, app inventory, and other durable computer facts." },
     { id: "heartbeat", label: "heartbeat.md", eyebrow: "Execution", blurb: "Current plan plus scheduled-task tracking." },
     { id: "guidelines", label: "guidelines.md", eyebrow: "Guardrails", blurb: "Persistent safety and permission boundaries." },
     { id: "instructions", label: "instructions.md", eyebrow: "Operating Mode", blurb: "Workflow preferences and execution style." },
@@ -47,10 +49,10 @@
     const [fileContent, setFileContent] = useState("");
     const [fileBusy, setFileBusy] = useState(false);
     const [shots, setShots] = useState([]);
+    const [schedules, setSchedules] = useState([]);
     const [skills, setSkills] = useState([]);
     const [skillBusy, setSkillBusy] = useState({});
     const [expandedSkills, setExpandedSkills] = useState({});
-    const [drawerOpen, setDrawerOpen] = useState(true);
     const [liveEvent, setLiveEvent] = useState("Waiting for activity");
     const [theme, setTheme] = useState(initialTheme === "dark" ? "dark" : "light");
     const [telegramConfig, setTelegramConfig] = useState({
@@ -99,6 +101,12 @@
       setShots(json.items || []);
     }
 
+    async function loadSchedules() {
+      const res = await fetch("/api/schedules");
+      const json = await res.json();
+      setSchedules(Array.isArray(json.items) ? json.items : []);
+    }
+
     async function loadSkills() {
       const res = await fetch("/api/skills");
       const json = await res.json();
@@ -140,7 +148,7 @@
     }, [theme]);
 
     useEffect(() => {
-      Promise.all([loadChat(), loadShots(), loadSkills(), loadTelegram(), loadCredentials()])
+      Promise.all([loadChat(), loadShots(), loadSchedules(), loadSkills(), loadTelegram(), loadCredentials()])
         .then(() => setStatus("Online"))
         .catch(() => setStatus("Connection issue"));
 
@@ -159,12 +167,18 @@
               loadShots();
             } else if (evt.type === "task_started") {
               setLiveEvent("Task running");
+              loadSchedules();
             } else if (evt.type === "task_completed") {
               setLiveEvent("Task completed");
+              loadSchedules();
             } else if (evt.type === "task_failed") {
               setLiveEvent("Task failed");
+              loadSchedules();
             } else if (evt.type === "file_updated") {
               setLiveEvent(`Updated ${String(evt.target || "").split("/").pop() || "file"}`);
+              if (String(evt.target || "").includes("schedules.json") || String(evt.target || "").includes("heartbeat.md")) {
+                loadSchedules();
+              }
             } else if (evt.type === "action") {
               setLiveEvent(`Action · ${evt.action || "working"}`);
             }
@@ -204,12 +218,15 @@
     }, []);
 
     useEffect(() => {
-      if (["soul", "memory", "guidelines", "instructions", "heartbeat"].includes(page)) {
+      if (["soul", "memory", "computer-profile", "guidelines", "instructions", "heartbeat"].includes(page)) {
         loadFile(page);
       }
       if (page === "screenshots") {
         loadShots();
       }
+      if (page === "schedules") {
+        loadSchedules();
+      }
       if (page === "skills") {
         loadSkills();
       }
@@ -429,19 +446,21 @@
     const currentPage = PAGES.find((p) => p.id === page) || PAGES[0];
     const installedCount = skills.filter((s) => s.installed).length;
     const latestChat = chat.length ? chat[chat.length - 1] : null;
+    const pendingScheduleCount = schedules.length;
 
     const stats = useMemo(
       () => [
         { label: "Connection", value: status, tone: status === "Online" ? "good" : "warn" },
+        { label: "Pending Schedules", value: String(pendingScheduleCount), tone: pendingScheduleCount ? "warn" : "good" },
         { label: "Installed Skills", value: String(installedCount), tone: "accent" },
         { label: "Screenshots", value: String(shots.length), tone: "neutral" },
         { label: "Live State", value: liveEvent, tone: "neutral wide" },
       ],
-      [installedCount, liveEvent, shots.length, status],
+      [installedCount, liveEvent, pendingScheduleCount, shots.length, status],
     );
 
     function renderChatPage() {
-      return e("div", { className: "content-body stacked" }, [
+      return e("div", { className: "content-body stacked scroll-pane credentials-page" }, [
         e("div", { className: "section-head", key: "head" }, [
           e("div", { className: "section-title", key: "title" }, "Conversation Stream"),
           e("div", { className: "section-meta", key: "meta" }, latestChat ? `Last message · ${fmtTs(latestChat.ts)}` : "No messages yet"),
@@ -458,6 +477,13 @@
                   e("span", { key: "t" }, fmtTs(m.ts)),
                 ]),
                 e("div", { className: "msg-text", key: "t" }, m.text),
+                m.screenshot_path
+                  ? e("img", {
+                      className: "chat-shot",
+                      key: "shot",
+                      src: `/api/screenshots/file?path=${encodeURIComponent(m.screenshot_path)}`,
+                    })
+                  : null,
               ]),
             ]),
           ),
@@ -503,10 +529,47 @@
       );
     }
 
+    function renderSchedulesPage() {
+      return e(
+        "div",
+        { className: "schedules-grid content-body scroll-pane" },
+        schedules.length
+          ? schedules.map((item) =>
+              e("article", { className: "schedule-card", key: item.id }, [
+                e("div", { className: "skill-top", key: "top" }, [
+                  e("div", { key: "title" }, [
+                    e("div", { className: "skill-kicker", key: "k" }, item.schedule_kind || "scheduled"),
+                    e("h3", { key: "h3" }, item.summary || item.id),
+                  ]),
+                  e(
+                    "span",
+                    { className: `skill-status ${["error", "missed"].includes(String(item.last_status || "").toLowerCase()) ? "not-installed" : "installed"}`, key: "status" },
+                    item.last_status || "scheduled",
+                  ),
+                ]),
+                e("p", { key: "task" }, item.task || "No task description"),
+                e("div", { className: "schedule-meta", key: "meta" }, [
+                  e("div", { key: "id" }, `ID: ${item.id}`),
+                  e("div", { key: "cron" }, `Cron: ${item.cron_expression || "n/a"}`),
+                  e("div", { key: "expected" }, `Expected: ${item.expected_time_iso ? fmtTs(item.expected_time_iso) : "n/a"}`),
+                  e("div", { key: "last" }, `Last run: ${item.last_run_at ? fmtTs(item.last_run_at) : "n/a"}`),
+                ]),
+                item.last_error ? e("div", { className: "skill-note", key: "error" }, `Last error: ${item.last_error}`) : null,
+              ]),
+            )
+          : [
+              e("div", { className: "empty-state", key: "empty" }, [
+                e("div", { className: "section-title", key: "title" }, "No pending scheduled tasks"),
+                e("div", { className: "section-meta", key: "meta" }, "Anything active, missed, running, or errored will appear here."),
+              ]),
+            ],
+      );
+    }
+
     function renderSkillsPage() {
       return e(
         "div",
-        { className: "skills-grid content-body" },
+        { className: "skills-grid content-body scroll-pane" },
         skills.map((s) => {
           const expanded = Boolean(expandedSkills[s.id]);
           const titleLong = String(s.name || "").length > 26;
@@ -554,7 +617,7 @@
     }
 
     function renderTelegramPage() {
-      return e("div", { className: "content-body stacked" }, [
+      return e("div", { className: "content-body stacked scroll-pane" }, [
         e("div", { className: "section-head", key: "head" }, [
           e("div", { className: "section-title", key: "title" }, "Telegram Settings"),
           e(
@@ -822,6 +885,7 @@
 
     function renderPage() {
       if (page === "chat") return renderChatPage();
+      if (page === "schedules") return renderSchedulesPage();
       if (page === "credentials") return renderCredentialsPage();
       if (page === "telegram") return renderTelegramPage();
       if (page === "screenshots") return renderScreenshotsPage();
@@ -857,23 +921,13 @@
         { className: "stats-row", key: "stats" },
         stats.map((item, idx) => e(StatCard, { key: `${item.label}-${idx}`, label: item.label, value: item.value, tone: item.tone })),
       ),
-      e("div", { className: `layout ${drawerOpen ? "" : "drawer-closed"}`.trim(), key: "layout" }, [
-        e("aside", { className: `drawer ${drawerOpen ? "open" : "closed"}`, key: "drawer" }, [
+      e("div", { className: "layout", key: "layout" }, [
+        e("aside", { className: "drawer open", key: "drawer" }, [
           e("div", { className: "drawer-head", key: "dh" }, [
             e("div", { className: "drawer-head-main", key: "main" }, [
               e("div", { className: "drawer-kicker", key: "dk" }, "Workspace"),
               e("div", { className: "drawer-title", key: "dt" }, "Navigation"),
             ]),
-            e(
-              "button",
-              {
-                className: "drawer-inline-toggle",
-                key: "tg",
-                onClick: () => setDrawerOpen((v) => !v),
-                "aria-label": drawerOpen ? "Close sidebar" : "Open sidebar",
-              },
-              "◂",
-            ),
           ]),
           e(
             "div",
@@ -894,18 +948,7 @@
             ),
           ),
         ]),
-        !drawerOpen &&
-          e(
-            "button",
-            {
-              className: "drawer-reopen",
-              key: "reopen",
-              onClick: () => setDrawerOpen(true),
-              "aria-label": "Open sidebar",
-            },
-            "▸",
-          ),
-        e("main", { className: "page", key: "page" }, [
+        e("main", { className: `page ${page === "credentials" ? "page-scrollable" : ""}`.trim(), key: "page" }, [
           e("div", { className: "page-head", key: "ph" }, [
             e("div", { key: "copy" }, [
               e("div", { className: "page-kicker", key: "pk" }, currentPage.eyebrow),

package/opencore dashboard/styles.css

@@ -244,10 +244,6 @@ body {
   min-height: 0;
 }
 
-.layout.drawer-closed {
-  grid-template-columns: minmax(0, 1fr);
-}
-
 .drawer {
   background: transparent;
   border: 0;
@@ -263,10 +259,6 @@ body {
   flex-direction: column;
 }
 
-.drawer.closed {
-  display: none;
-}
-
 .drawer-head {
   padding: 4px 10px 12px 12px;
   display: flex;
@@ -279,30 +271,6 @@ body {
   min-width: 0;
 }
 
-.drawer-inline-toggle,
-.drawer-reopen {
-  width: 34px;
-  height: 34px;
-  border: 1px solid rgba(129, 73, 33, 0.14);
-  border-radius: 999px;
-  background: rgba(255, 247, 237, 0.7);
-  color: var(--accent);
-  font-size: 16px;
-  font-weight: 800;
-  cursor: pointer;
-}
-
-:root[data-theme="dark"] .drawer-inline-toggle,
-:root[data-theme="dark"] .drawer-reopen {
-  background: rgba(36, 26, 21, 0.86);
-  border-color: rgba(255, 176, 118, 0.16);
-}
-
-.drawer-reopen {
-  align-self: flex-start;
-  margin: 12px 8px 0 0;
-}
-
 .drawer-title {
   font-size: 22px;
   font-weight: 800;
@@ -384,6 +352,11 @@ body {
   backdrop-filter: none;
 }
 
+.page.page-scrollable {
+  overflow-y: auto;
+  overscroll-behavior: contain;
+}
+
 .page-head {
   padding: 14px 20px 12px;
   border-bottom: 1px solid rgba(101, 67, 37, 0.1);
@@ -409,6 +382,27 @@ body {
   overflow: hidden;
 }
 
+.scroll-pane {
+  overflow-y: auto;
+  min-height: 0;
+}
+
+.credentials-page .credentials-grid {
+  overflow: visible !important;
+  overflow-y: visible !important;
+  max-height: none;
+  grid-auto-rows: auto;
+}
+
+.page.page-scrollable .content-body.credentials-page {
+  overflow: visible;
+  flex: 0 0 auto;
+  min-height: auto;
+  height: auto;
+  max-height: none;
+  padding-bottom: 18px;
+}
+
 .stacked {
   display: flex;
   flex-direction: column;
@@ -526,6 +520,22 @@ body {
   line-height: 1.5;
 }
 
+.chat-shot {
+  display: block;
+  width: 100%;
+  max-width: 560px;
+  margin-top: 12px;
+  border-radius: 16px;
+  border: 1px solid rgba(112, 69, 35, 0.14);
+  background: rgba(255, 255, 255, 0.4);
+  object-fit: contain;
+}
+
+:root[data-theme="dark"] .chat-shot {
+  border-color: rgba(255, 189, 140, 0.18);
+  background: rgba(18, 12, 10, 0.65);
+}
+
 .composer-shell {
   padding: 12px 20px 18px;
   border-top: 1px solid rgba(101, 67, 37, 0.1);
@@ -639,6 +649,7 @@ button {
 
 .shots-grid,
 .skills-grid,
+.schedules-grid,
 .credentials-grid {
   padding: 14px 20px 18px;
   overflow-y: auto;
@@ -651,6 +662,7 @@ button {
 
 .shot-card,
 .skill-card,
+.schedule-card,
 .credential-card,
 .settings-card {
   border-radius: 0;
@@ -674,12 +686,27 @@ button {
   overflow: hidden;
 }
 
+.schedule-card {
+  border: 1px solid rgba(101, 68, 38, 0.12);
+  border-radius: 18px;
+  background: rgba(255, 250, 244, 0.58);
+  box-shadow: 0 10px 24px rgba(95, 58, 31, 0.06);
+  padding: 12px 14px;
+  align-self: start;
+}
+
 :root[data-theme="dark"] .skill-card {
   border-color: rgba(255, 188, 140, 0.12);
   background: rgba(34, 25, 20, 0.78);
   box-shadow: 0 12px 28px rgba(0, 0, 0, 0.22);
 }
 
+:root[data-theme="dark"] .schedule-card {
+  border-color: rgba(255, 188, 140, 0.12);
+  background: rgba(34, 25, 20, 0.78);
+  box-shadow: 0 12px 28px rgba(0, 0, 0, 0.22);
+}
+
 .credential-card {
   border: 1px solid rgba(101, 68, 38, 0.12);
   border-radius: 18px;
@@ -793,6 +820,18 @@ button {
   align-items: flex-start;
 }
 
+.schedule-meta {
+  display: grid;
+  gap: 6px;
+  margin-top: 8px;
+  color: var(--ink-soft);
+  font-size: 13px;
+}
+
+.empty-state {
+  padding: 16px 0;
+}
+
 .shot-name,
 .skill-card h3 {
   margin: 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencoreai/opencore",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "private": false,
   "type": "module",
   "license": "LicenseRef-OpenCore-Personal-Use-1.0",
@@ -14,7 +14,7 @@
     "src/dashboard-server.ts",
     "src/index.ts",
     "src/mac-controller.mjs",
-    "src/opencore-indicator.js",
+    "src/opencore-indicator.m",
     "src/skill-catalog.mjs",
     "scripts",
     "templates",

package/scripts/postinstall.mjs

@@ -9,6 +9,7 @@ import { stdin as input, stdout as output } from "node:process";
 import { fileURLToPath } from "node:url";
 import { SKILL_CATALOG } from "../src/skill-catalog.mjs";
 import { ensureCredentialStore } from "../src/credential-store.mjs";
+process.umask(0o077);
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -20,6 +21,7 @@ const GUIDELINES_PATH = path.join(OPENCORE_HOME, "guidelines.md");
 const INSTRUCTIONS_PATH = path.join(OPENCORE_HOME, "instructions.md");
 const HEARTBEAT_PATH = path.join(OPENCORE_HOME, "heartbeat.md");
 const SOUL_PATH = path.join(OPENCORE_HOME, "soul.md");
+const COMPUTER_PROFILE_PATH = path.join(OPENCORE_HOME, "computer-profile.md");
 const PROFILE_SECTION_START = "<!-- OPENCORE_INSTALL_PROFILE_START -->";
 const PROFILE_SECTION_END = "<!-- OPENCORE_INSTALL_PROFILE_END -->";
 const DIRECTORIES = [
@@ -386,6 +388,10 @@ async function ensureTemplateApplied(filePath, template, legacyDefaults = []) {
 async function run() {
   const defaultSoul = await readTemplate("default-soul.md", "# OpenCore Soul\nName: OpenCore\n");
   const defaultMemory = await readTemplate("default-memory.md", LEGACY_DEFAULT_MEMORY);
+  const defaultComputerProfile = await readTemplate(
+    "default-computer-profile.md",
+    "# OpenCore Computer Profile\n\n## Machine Snapshot\n- Pending first machine scan.\n\n## Learned Facts\n- None yet.\n",
+  );
   const defaultGuidelines = await readTemplate("default-guidelines.md", "# OpenCore Guidelines\n");
   const defaultInstructions = await readTemplate("default-instructions.md", "# OpenCore Instructions\n");
   const defaultHeartbeat = await readTemplate("default-heartbeat.md", "# OpenCore Heartbeat\n");
@@ -396,6 +402,7 @@ async function run() {
 
   await ensureTemplateApplied(path.join(OPENCORE_HOME, "soul.md"), defaultSoul, ["# OpenCore Soul\nName: OpenCore\n"]);
   await ensureTemplateApplied(path.join(OPENCORE_HOME, "memory.md"), defaultMemory, [LEGACY_DEFAULT_MEMORY]);
+  await ensureTemplateApplied(COMPUTER_PROFILE_PATH, defaultComputerProfile, [defaultComputerProfile]);
   await ensureTemplateApplied(HEARTBEAT_PATH, defaultHeartbeat, ["# OpenCore Heartbeat\n"]);
   await ensureTemplateApplied(GUIDELINES_PATH, defaultGuidelines, ["# OpenCore Guidelines\n"]);
   await ensureTemplateApplied(INSTRUCTIONS_PATH, defaultInstructions, ["# OpenCore Instructions\n"]);

package/src/credential-store.mjs

@@ -5,6 +5,15 @@ import { promises as fs } from "node:fs";
 const OPENCORE_HOME = path.join(os.homedir(), ".opencore");
 const CREDENTIALS_PATH = path.join(OPENCORE_HOME, "configs", "credentials.json");
 
+async function tightenCredentialStorePermissions() {
+  try {
+    await fs.chmod(path.dirname(CREDENTIALS_PATH), 0o700);
+  } catch {}
+  try {
+    await fs.chmod(CREDENTIALS_PATH, 0o600);
+  } catch {}
+}
+
 export function defaultCredentialsStore() {
   return {
     default_email: "",
@@ -26,6 +35,7 @@ export async function ensureCredentialStore() {
   } catch {
     await fs.writeFile(CREDENTIALS_PATH, `${JSON.stringify(defaultCredentialsStore(), null, 2)}\n`, "utf8");
   }
+  await tightenCredentialStorePermissions();
 }
 
 export async function readCredentialStore() {
@@ -42,6 +52,7 @@ export async function readCredentialStore() {
 export async function writeCredentialStore(next) {
   const normalized = normalizeCredentialStore(next);
   await fs.writeFile(CREDENTIALS_PATH, `${JSON.stringify(normalized, null, 2)}\n`, "utf8");
+  await tightenCredentialStorePermissions();
   return normalized;
 }
 

package/src/dashboard-server.ts

@@ -20,6 +20,7 @@ export type ChatEntry = {
   source: "terminal" | "dashboard" | "manager" | "telegram" | "system";
   text: string;
   ts: string;
+  screenshot_path?: string;
 };
 
 type DashboardServerOptions = {
@@ -48,6 +49,7 @@ export class DashboardServer {
   private readonly wss: WebSocketServer;
   private readonly dashboardDir: string;
   private readonly skillsDir: string;
+  private readonly schedulesPath: string;
   private readonly chatLogPath: string;
   private readonly vendorMap: Record<string, string>;
   private readonly filesMap: Record<string, string>;
@@ -57,8 +59,10 @@ export class DashboardServer {
 
   constructor(options: DashboardServerOptions) {
     this.options = options;
+    this.app.disable("x-powered-by");
     this.dashboardDir = path.join(options.rootDir, "opencore dashboard");
     this.skillsDir = path.join(options.openCoreHome, "skills");
+    this.schedulesPath = path.join(options.openCoreHome, "configs", "schedules.json");
     this.chatLogPath = path.join(options.openCoreHome, "chat-history.json");
     this.vendorMap = {
       "react.production.min.js": path.join(options.rootDir, "node_modules", "react", "umd", "react.production.min.js"),
@@ -73,11 +77,25 @@ export class DashboardServer {
     this.filesMap = {
       soul: path.join(options.openCoreHome, "soul.md"),
       memory: path.join(options.openCoreHome, "memory.md"),
+      "computer-profile": path.join(options.openCoreHome, "computer-profile.md"),
       heartbeat: path.join(options.openCoreHome, "heartbeat.md"),
       guidelines: path.join(options.openCoreHome, "guidelines.md"),
       instructions: path.join(options.openCoreHome, "instructions.md"),
     };
 
+    this.app.use((req, res, next) => {
+      res.setHeader("X-Content-Type-Options", "nosniff");
+      res.setHeader("X-Frame-Options", "DENY");
+      res.setHeader("Referrer-Policy", "no-referrer");
+      res.setHeader(
+        "Content-Security-Policy",
+        "default-src 'self'; connect-src 'self' ws: wss:; img-src 'self' data: blob:; style-src 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'",
+      );
+      if (req.path.startsWith("/api/")) {
+        res.setHeader("Cache-Control", "no-store");
+      }
+      next();
+    });
     this.app.use(express.json({ limit: "5mb" }));
     this.configureRoutes();
     this.server = http.createServer(this.app);
@@ -107,7 +125,7 @@ export class DashboardServer {
       const files = await fs.readdir(this.options.screenshotDir);
       const items = await Promise.all(
         files
-          .filter((name) => name.toLowerCase().endsWith(".png"))
+          .filter((name) => /\.(png|jpg|jpeg)$/i.test(name))
           .map(async (name) => {
             const abs = path.join(this.options.screenshotDir, name);
             const stat = await fs.stat(abs);
@@ -173,6 +191,24 @@ export class DashboardServer {
     return { ok: true };
   }
 
+  private async listPendingSchedules() {
+    try {
+      const raw = await fs.readFile(this.schedulesPath, "utf8");
+      const parsed = JSON.parse(raw || "[]");
+      const items = Array.isArray(parsed) ? parsed : [];
+      return items
+        .filter((item: any) => {
+          const status = String(item?.last_status || "scheduled").trim().toLowerCase();
+          const active = Boolean(item?.active);
+          if (active) return true;
+          return ["scheduled", "running", "error", "missed"].includes(status);
+        })
+        .sort((a: any, b: any) => String(b?.updated_at || "").localeCompare(String(a?.updated_at || "")));
+    } catch {
+      return [];
+    }
+  }
+
   private configureRoutes() {
     this.app.get("/api/health", (_req, res) => {
       res.json({ ok: true, service: "opencore-dashboard" });
@@ -220,8 +256,9 @@ export class DashboardServer {
     });
 
     this.app.get("/api/screenshots/file", async (req, res) => {
-      const filePath = String(req.query.path || "");
-      if (!filePath.startsWith(this.options.screenshotDir)) {
+      const screenshotRoot = path.resolve(this.options.screenshotDir);
+      const filePath = path.resolve(String(req.query.path || ""));
+      if (!(filePath === screenshotRoot || filePath.startsWith(`${screenshotRoot}${path.sep}`))) {
         return res.status(403).json({ error: "Forbidden screenshot path." });
       }
       res.sendFile(filePath, (err) => {
@@ -241,6 +278,14 @@ export class DashboardServer {
       });
     });
 
+    this.app.get("/api/schedules", async (_req, res) => {
+      try {
+        res.json({ items: await this.listPendingSchedules() });
+      } catch (error) {
+        res.status(500).json({ error: error instanceof Error ? error.message : String(error) });
+      }
+    });
+
     this.app.post("/api/skills/install", async (req, res) => {
       const id = String(req.body?.id || "").trim();
       if (!id) return res.status(400).json({ error: "Skill id is required." });