@oscharko-dev/keiko-server 0.2.8 → 0.2.9

package/dist/headers.js

@@ -1,21 +1,28 @@
 // Security headers (ADR-0011 D5) applied to every BFF response. The CSP is precomputed once from
 // the static export's inline-script hashes (see csp.ts) and reused for all responses.
-// Headers set on every response regardless of route.
+// Headers set on every response regardless of route. The Permissions-Policy microphone directive is
+// computed separately (see applySecurityHeaders) because Issue #495 scopes it to voice-capable
+// deployments; every other directive is fixed.
 const BASE_SECURITY_HEADERS = {
     "X-Content-Type-Options": "nosniff",
     "X-Frame-Options": "DENY",
     "Referrer-Policy": "no-referrer",
     "Cross-Origin-Opener-Policy": "same-origin",
     "Cross-Origin-Resource-Policy": "same-origin",
-    "Permissions-Policy": "camera=(), geolocation=(), microphone=(), payment=(), usb=()",
 };
+function permissionsPolicy(allowMicrophone) {
+    const microphone = allowMicrophone ? "microphone=(self)" : "microphone=()";
+    return `camera=(), geolocation=(), ${microphone}, payment=(), usb=()`;
+}
 // Applies the CSP and the base security headers, plus `Cache-Control: no-store` for API responses
-// (the contract requires it on every `/api/*` response; D5).
-export function applySecurityHeaders(res, csp, isApiPath) {
+// (the contract requires it on every `/api/*` response; D5). The microphone directive is relaxed only
+// when `options.allowMicrophone` is true (ADR-0058 D6 / docs/voice/privacy-contract.md).
+export function applySecurityHeaders(res, csp, isApiPath, options = {}) {
     res.setHeader("Content-Security-Policy", csp);
     for (const [name, value] of Object.entries(BASE_SECURITY_HEADERS)) {
         res.setHeader(name, value);
     }
+    res.setHeader("Permissions-Policy", permissionsPolicy(options.allowMicrophone === true));
     if (isApiPath) {
         res.setHeader("Cache-Control", "no-store");
     }

package/dist/index.d.ts

@@ -21,7 +21,14 @@ export { runMemoryMaintenance, type MaintenanceCounts } from "./memory-maintenan
 export { exportMemoryDiagnostics, type ExportMemoryDiagnosticsOptions, type MemoryDiagnostics, type MemoryScopeCount, type MemoryStatusHistogram, } from "./memory-diagnostics.js";
 export { createMemoryEmbedder, selectMemoryEmbeddingModelId, type MemoryEmbedder, } from "./memory-embedding.js";
 export { buildTerminalEvidenceEntry, appendTerminalEvidence, type TerminalEvidenceEntry, } from "./terminal-evidence.js";
-export { handleFilesContent, handleFilesSearch, listFilesDirectories, readFilesContent, readFilesPreview, readFilesTree, searchFiles, writeFilesContent, type FilesContentResponse, type FilesDirectoryEntry, type FilesDirectoryListing, type FilesDirectoryRoot, type FilesEntryKind, type FilesSearchResponse, type FilesSearchResult, type FilesPreviewResponse, type FilesTreeEntry, type FilesTreeResponse, } from "./files.js";
+export { DEFAULT_RUNTIME_CAPABILITY_DEADLINE_MS, PathHostExecutableProbe, RUNTIME_HOST_EXECUTABLE_SPECS, detectRuntimeCapabilities, type HostExecutableProbe, type HostExecutableProbeResult, type HostExecutableSpec, type RuntimeCapabilityDetectorOptions, } from "./runtime/capabilityDetector.js";
+export { handleRuntimeCapabilities, type RuntimeCapabilityRouteOptions, } from "./runtime/capabilityRoutes.js";
+export { detectContainerEngines, DEFAULT_CONTAINER_PROBE_DEADLINE_MS, SUPPORTED_DOCKER_MAJOR, KEIKO_CONTAINERS_DISABLED_ENV, type ContainerProbeDeps, } from "./runtime/containerEngineDetector.js";
+export { createContainerRunnerManager, buildContainerRunArgv, DEFAULT_CONTAINER_EXECUTION_POLICY, DEFAULT_CONTAINER_RESOURCE_LIMITS, DEFAULT_CONTAINER_TASKS, type ContainerRunInput, type ContainerRunnerEventEmitter, type ContainerRunnerManager, type ContainerRunnerManagerOptions, } from "./runtime/containerRunner.js";
+export { handleContainerCapability, handleContainerCatalog, handleContainerEvents, handleCreateContainerRun, handleDeleteContainerRun, } from "./runtime/containerRoutes.js";
+export { ContainerRunnerError, CONTAINER_RUNNER_ERROR_CODES, type ContainerRunnerErrorCode, } from "./runtime/containerRunner-errors.js";
+export { appendContainerRunEvidence, buildContainerRunEvidenceEntry, CONTAINER_RUN_EVIDENCE_KIND, type ContainerRunEvidenceEntry, type ContainerRunEvidenceInput, } from "./runtime/containerRunner-evidence.js";
+export { copyFilesEntry, createFilesEntry, deleteFilesEntry, handleFilesContent, handleFilesCopy, handleFilesCreate, handleFilesDelete, handleFilesRename, handleFilesSearch, listFilesDirectories, readFilesContent, readFilesPreview, readFilesTree, renameFilesEntry, searchFiles, writeFilesContent, type FilesContentResponse, type FilesDirectoryEntry, type FilesDirectoryListing, type FilesDirectoryRoot, type FilesEntryKind, type FilesMutationResponse, type FilesSearchFileRole, type FilesSearchMatchQuality, type FilesSearchResponse, type FilesSearchResult, type FilesSearchRootKind, type FilesPreviewResponse, type FilesTreeEntry, type FilesTreeResponse, } from "./files.js";
 export { conversationForGateway, MAX_CONTEXT_MESSAGES, type GatewayConversationMessage, } from "./chat-handlers.js";
 export { conversationForGatewayWithCompaction, type ConversationCompactionOptions, type ConversationCompactionOutcome, } from "./conversation-compaction.js";
 export { handlePromptEnhancement, buildPromptEnhancementRecordInput, runPromptEnhancement, PromptEnhancementCancelledError, PromptEnhancementInputError, type RunPromptEnhancementDeps, } from "./promptEnhancer/index.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAC1F,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACrE,OAAO,EAAE,2BAA2B,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EACL,UAAU,EACV,SAAS,EACT,UAAU,EACV,SAAS,EACT,SAAS,EACT,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC5B,KAAK,QAAQ,EACb,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,iBAAiB,GACvB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,WAAW,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,KAAK,UAAU,EAAE,KAAK,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EACL,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,cAAc,EACd,aAAa,EACb,cAAc,EACd,YAAY,EACZ,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,cAAc,GACpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,kCAAkC,GACnC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,8BAA8B,EAC9B,0BAA0B,EAC1B,eAAe,EACf,KAAK,wBAAwB,EAC7B,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAChG,OAAO,EACL,uBAAuB,EACvB,KAAK,8BAA8B,EACnC,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,YAAY,CAAC;AAKpB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,0BAA0B,GAChC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,oCAAoC,EACpC,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,GACnC,MAAM,8BAA8B,CAAC;AAKtC,OAAO,EACL,uBAAuB,EACvB,iCAAiC,EACjC,oBAAoB,EACpB,+BAA+B,EAC/B,2BAA2B,EAC3B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAC1F,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,UAAU,CAAC;AACrE,OAAO,EAAE,2BAA2B,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EACL,UAAU,EACV,SAAS,EACT,UAAU,EACV,SAAS,EACT,SAAS,EACT,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC5B,KAAK,QAAQ,EACb,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,iBAAiB,GACvB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,WAAW,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,KAAK,UAAU,EAAE,KAAK,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClF,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC1E,OAAO,EACL,eAAe,EACf,eAAe,EACf,eAAe,EACf,YAAY,EACZ,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,GACjB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,cAAc,EACd,aAAa,EACb,cAAc,EACd,YAAY,EACZ,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,WAAW,EAChB,KAAK,QAAQ,EACb,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,cAAc,GACpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,kCAAkC,GACnC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,8BAA8B,EAC9B,0BAA0B,EAC1B,eAAe,EACf,KAAK,wBAAwB,EAC7B,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAChG,OAAO,EACL,uBAAuB,EACvB,KAAK,8BAA8B,EACnC,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,sCAAsC,EACtC,uBAAuB,EACvB,6BAA6B,EAC7B,yBAAyB,EACzB,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,EAC9B,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,GACtC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,yBAAyB,EACzB,KAAK,6BAA6B,GACnC,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,sBAAsB,EACtB,mCAAmC,EACnC,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,kBAAkB,GACxB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EACL,4BAA4B,EAC5B,qBAAqB,EACrB,kCAAkC,EAClC,iCAAiC,EACjC,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,KAAK,2BAA2B,EAChC,KAAK,sBAAsB,EAC3B,KAAK,6BAA6B,GACnC,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,KAAK,wBAAwB,GAC9B,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EACL,0BAA0B,EAC1B,8BAA8B,EAC9B,2BAA2B,EAC3B,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,GAC/B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,gBAAgB,EAChB,WAAW,EACX,iBAAiB,EACjB,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,YAAY,CAAC;AAKpB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,KAAK,0BAA0B,GAChC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,oCAAoC,EACpC,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,GACnC,MAAM,8BAA8B,CAAC;AAKtC,OAAO,EACL,uBAAuB,EACvB,iCAAiC,EACjC,oBAAoB,EACpB,+BAA+B,EAC/B,2BAA2B,EAC3B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC"}

package/dist/index.js

@@ -26,7 +26,15 @@ export { runMemoryMaintenance } from "./memory-maintenance-handlers.js";
 export { exportMemoryDiagnostics, } from "./memory-diagnostics.js";
 export { createMemoryEmbedder, selectMemoryEmbeddingModelId, } from "./memory-embedding.js";
 export { buildTerminalEvidenceEntry, appendTerminalEvidence, } from "./terminal-evidence.js";
-export { handleFilesContent, handleFilesSearch, listFilesDirectories, readFilesContent, readFilesPreview, readFilesTree, searchFiles, writeFilesContent, } from "./files.js";
+export { DEFAULT_RUNTIME_CAPABILITY_DEADLINE_MS, PathHostExecutableProbe, RUNTIME_HOST_EXECUTABLE_SPECS, detectRuntimeCapabilities, } from "./runtime/capabilityDetector.js";
+export { handleRuntimeCapabilities, } from "./runtime/capabilityRoutes.js";
+// Issue #1388 (ADR-0070) — governed container engine detection + execution pilot.
+export { detectContainerEngines, DEFAULT_CONTAINER_PROBE_DEADLINE_MS, SUPPORTED_DOCKER_MAJOR, KEIKO_CONTAINERS_DISABLED_ENV, } from "./runtime/containerEngineDetector.js";
+export { createContainerRunnerManager, buildContainerRunArgv, DEFAULT_CONTAINER_EXECUTION_POLICY, DEFAULT_CONTAINER_RESOURCE_LIMITS, DEFAULT_CONTAINER_TASKS, } from "./runtime/containerRunner.js";
+export { handleContainerCapability, handleContainerCatalog, handleContainerEvents, handleCreateContainerRun, handleDeleteContainerRun, } from "./runtime/containerRoutes.js";
+export { ContainerRunnerError, CONTAINER_RUNNER_ERROR_CODES, } from "./runtime/containerRunner-errors.js";
+export { appendContainerRunEvidence, buildContainerRunEvidenceEntry, CONTAINER_RUN_EVIDENCE_KIND, } from "./runtime/containerRunner-evidence.js";
+export { copyFilesEntry, createFilesEntry, deleteFilesEntry, handleFilesContent, handleFilesCopy, handleFilesCreate, handleFilesDelete, handleFilesRename, handleFilesSearch, listFilesDirectories, readFilesContent, readFilesPreview, readFilesTree, renameFilesEntry, searchFiles, writeFilesContent, } from "./files.js";
 // PR4-W4 (ADR-0055) — additive exports so the deterministic context-quality gate
 // (scripts/check-context-quality.mjs) can drive the REAL chat history-compaction splice end-to-end.
 // Behavior-preserving: these names already exist on their modules; only the barrel surface widens.

package/dist/qualityIntelligence/figmaSnapshotRoutes.d.ts

@@ -101,7 +101,7 @@ export declare function makeInFlightMap(): Map<string, CoalescedBuildEntry>;
 /** Reset the module-level coalescing map. Used by tests to ensure isolation. */
 export declare function resetInFlightMap(): void;
 export declare function handleFigmaTriggerSnapshot(ctx: RouteContext, deps: UiHandlerDeps, inFlight?: Map<string, CoalescedBuildEntry>): Promise<RouteResult>;
-export declare function handleFigmaRevokeToken(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function handleFigmaRevokeToken(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
 export declare function handleFigmaListSnapshots(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
 export declare function handleFigmaLoadSnapshot(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
 export declare function handleFigmaUpdateSnapshotMetadata(ctx: RouteContext, deps: UiHandlerDeps): Promise<RouteResult>;

package/dist/qualityIntelligence/figmaSnapshotRoutes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"figmaSnapshotRoutes.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/figmaSnapshotRoutes.ts"],"names":[],"mappings":"AAkDA,OAAO,EAAa,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AACnG,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EASL,KAAK,qBAAqB,EAE1B,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AA8I1B,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,yEAAyE;IACzE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,gFAAgF;IAChF,QAAQ,CAAC,UAAU,EAAE,8BAA8B,CAAC;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,8CAA8C;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,0DAA0D;IAC1D,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,yFAAyF;IACzF,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,2FAA2F;IAC3F,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IACvC;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,qBAAqB,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,OAAO,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAChD;;;OAGG;IACH,QAAQ,CAAC,iBAAiB,EAAE,SAAS,4BAA4B,EAAE,CAAC;CACrE;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wFAAwF;IACxF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,kCAAkC;IAClC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,qCAAqC;IACrC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wFAAwF;IACxF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AA8CD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,8BAA8B,CAAC;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,sBAAsB,EAAE,CAAC;CACvD;AAwXD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,SAAS,GAAG,sBAAsB,CAiB7E;AAwHD,UAAU,mBAAmB;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CACxC;AAMD,sEAAsE;AACtE,wBAAgB,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAElE;AAED,gFAAgF;AAChF,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AA6FD,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,EACnB,QAAQ,GAAE,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAsB,GAC9D,OAAO,CAAC,WAAW,CAAC,CAiDtB;AAID,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA4B1F;AA2ED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA6B5F;AAID,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA2B3F;AA2DD,wBAAsB,iCAAiC,CACrD,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAuCtB;AAID,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAoC7F;AAID,wBAAgB,oCAAoC,CAClD,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,WAAW,CA4Bb;AAiCD,wBAAgB,4BAA4B,CAC1C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,cAAc,CAgChB"}
+{"version":3,"file":"figmaSnapshotRoutes.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/figmaSnapshotRoutes.ts"],"names":[],"mappings":"AAkDA,OAAO,EAAa,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AACnG,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EASL,KAAK,qBAAqB,EAE1B,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AA8I1B,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,yEAAyE;IACzE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,gFAAgF;IAChF,QAAQ,CAAC,UAAU,EAAE,8BAA8B,CAAC;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,8CAA8C;IAC9C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,0DAA0D;IAC1D,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,yFAAyF;IACzF,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,2FAA2F;IAC3F,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IACvC;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,qBAAqB,CAAC;IACzC;;;OAGG;IACH,QAAQ,CAAC,OAAO,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAChD;;;OAGG;IACH,QAAQ,CAAC,iBAAiB,EAAE,SAAS,4BAA4B,EAAE,CAAC;CACrE;AAED,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wFAAwF;IACxF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,kCAAkC;IAClC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,qCAAqC;IACrC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wFAAwF;IACxF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,4DAA4D;IAC5D,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AA8CD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,8BAA8B,CAAC;IACpD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,yBAAyB;IACxC,QAAQ,CAAC,SAAS,EAAE,SAAS,sBAAsB,EAAE,CAAC;CACvD;AAwXD,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,SAAS,GAAG,sBAAsB,CAiB7E;AAwHD,UAAU,mBAAmB;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;CACxC;AAMD,sEAAsE;AACtE,wBAAgB,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAElE;AAED,gFAAgF;AAChF,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AA6FD,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,EACnB,QAAQ,GAAE,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAsB,GAC9D,OAAO,CAAC,WAAW,CAAC,CAiDtB;AAID,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA4B3F;AA2ED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA6B5F;AAID,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA2B3F;AA2DD,wBAAsB,iCAAiC,CACrD,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAuCtB;AAID,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAoC7F;AAID,wBAAgB,oCAAoC,CAClD,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,WAAW,CA4Bb;AAiCD,wBAAgB,4BAA4B,CAC1C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,cAAc,CAgChB"}

package/dist/qualityIntelligence/figmaSnapshotRoutes.js

@@ -707,7 +707,7 @@ export async function handleFigmaTriggerSnapshot(ctx, deps, inFlight = defaultIn
     }
 }
 // ─── DELETE /api/figma/token — revoke the stored PAT (#758 rotation/revocation, #760 audit) ───
-export function handleFigmaRevokeToken(ctx, deps) {
+export function handleFigmaRevokeToken(_ctx, deps) {
     const evidenceDir = deps.evidenceDir;
     if (evidenceDir === undefined || evidenceDir.length === 0) {
         return { status: 503, body: figmaErrorBody("FIGMA_NO_EVIDENCE_DIR") };

package/dist/read-handlers.d.ts

@@ -1,7 +1,12 @@
+import { type EnvSource } from "@oscharko-dev/keiko-model-gateway";
 import type { RouteContext, RouteResult } from "./routes.js";
 import type { UiHandlerDeps } from "./deps.js";
 export declare function handleConfig(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
 export declare function handleModels(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function isVoiceDisabledByPolicy(env: EnvSource): boolean;
+export declare function handleVoiceCapability(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function isVoiceDictationCapable(deps: UiHandlerDeps): boolean;
+export declare function isVoiceRealtimeCapable(deps: UiHandlerDeps): boolean;
 export declare function handleWorkflows(): RouteResult;
 export declare function handleWorkspace(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
 export declare function handleEvidenceList(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;

package/dist/read-handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"read-handlers.d.ts","sourceRoot":"","sources":["../src/read-handlers.ts"],"names":[],"mappings":"AAkCA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAW/C,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAUjF;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAIjF;AAKD,wBAAgB,eAAe,IAAI,WAAW,CAyC7C;AAuID,wBAAgB,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAUnF;AA+CD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAMtF;AAKD,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA2BxF"}
+{"version":3,"file":"read-handlers.d.ts","sourceRoot":"","sources":["../src/read-handlers.ts"],"names":[],"mappings":"AAQA,OAAO,EAIL,KAAK,SAAS,EACf,MAAM,mCAAmC,CAAC;AA0B3C,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAW/C,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAUjF;AAID,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAIjF;AAMD,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAG/D;AAUD,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAK1F;AAQD,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CASpE;AAUD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CASnE;AAKD,wBAAgB,eAAe,IAAI,WAAW,CAyC7C;AAuID,wBAAgB,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAUnF;AA+CD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAMtF;AAKD,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CA2BxF"}

package/dist/read-handlers.js

@@ -5,7 +5,7 @@
 // construction on disk, served as-is per D9). No secret reaches any response; the config route
 // never leaks the config path even on a load failure (handled upstream in deps.ts, which yields
 // `config: undefined` rather than throwing).
-import { toSafeObject, listConfiguredCapabilities } from "@oscharko-dev/keiko-model-gateway";
+import { toSafeObject, listConfiguredCapabilities, resolveVoiceCapability, } from "@oscharko-dev/keiko-model-gateway";
 import { UNIT_TEST_WORKFLOW_DESCRIPTOR, BUG_INVESTIGATION_WORKFLOW_DESCRIPTOR, } from "@oscharko-dev/keiko-workflows";
 import { DEFAULT_LIMITS } from "@oscharko-dev/keiko-harness";
 import { listEvidence, loadEvidence, assertValidRunId, EvidenceReadError, EvidenceSchemaError, InvalidRunIdError, } from "@oscharko-dev/keiko-evidence";
@@ -34,6 +34,62 @@ export function handleModels(_ctx, deps) {
     const models = config === undefined ? [] : listConfiguredCapabilities(config);
     return { status: 200, body: { models } };
 }
+// Voice-capability disable kill-switch (Issue #493, ADR-0058 D1). A regulated deployment can
+// disable voice entirely via `KEIKO_VOICE_DISABLED`; the resolver then reports a clean
+// `unavailable` (reason "policy-disabled") and Keiko stays fully usable. Exported so the voice
+// dictation route (Issue #494) gates on the identical kill-switch, keeping one source of truth.
+export function isVoiceDisabledByPolicy(env) {
+    const value = env.KEIKO_VOICE_DISABLED;
+    return value === "1" || value?.toLowerCase() === "true";
+}
+// Route — voice capability resolution (Issue #493, Epic #491). Returns the content-free voice
+// capability the UI reads before rendering any voice affordance. The resolution carries only enum
+// literals and booleans — never a provider base URL, credential, model id, audio, or transcript —
+// so provider credentials are never returned to the browser (AC4) and nothing sensitive can leak
+// into UI logs (AC5), by construction. When no config is resolved, voice is disabled by policy, or
+// no voice provider is configured, the endpoint returns a clean `unavailable` resolution rather
+// than failing — Keiko stays fully usable in no-voice environments (AC1). Capability detection is
+// metadata-only and performs NO network probe (ADR-0058 out-of-scope for #493).
+export function handleVoiceCapability(_ctx, deps) {
+    const config = currentGatewayConfig(deps);
+    const policyDisabled = isVoiceDisabledByPolicy(deps.env);
+    const voice = resolveVoiceCapability(config ?? { providers: [] }, { policyDisabled });
+    return { status: 200, body: { voice } };
+}
+// Issue #495, Epic #491 — whether the running deployment should permit browser microphone capture.
+// True only when the resolved voice capability advertises speech-to-text and voice is not disabled by
+// policy. The server scopes the Permissions-Policy microphone directive to this (headers.ts /
+// server.ts) so a no-voice deployment keeps the strict `microphone=()`. It mirrors the dictation
+// route's capability gate (voice-handlers.ts selectDictationProvider) so the header and the route
+// agree on exactly when dictation is permitted.
+export function isVoiceDictationCapable(deps) {
+    const config = currentGatewayConfig(deps);
+    if (config === undefined) {
+        return false;
+    }
+    const voice = resolveVoiceCapability(config, {
+        policyDisabled: isVoiceDisabledByPolicy(deps.env),
+    });
+    return voice.available && voice.capabilities.speechToText;
+}
+// Issue #497, Epic #491 (ADR-0058 D3, ADR-0059) — whether the running deployment may open the
+// realtime voice WebSocket control plane and the browser-native WebRTC media plane. True only when
+// the resolved voice capability is the full-realtime profile (`transport.webrtcMedia`) and voice is
+// not disabled by policy. It is the single source of truth for two gates: the capability-gated
+// WebSocket upgrade (server.ts re-opens the BFF upgrade only for this) and the Permissions-Policy
+// microphone scoping (a realtime-only-without-STT deployment still needs `microphone=(self)` for the
+// WebRTC capture track, which `isVoiceDictationCapable` alone would not grant). A no-voice or
+// STT-only deployment returns false, so the upgrade stays hard-rejected (AC1/AC3).
+export function isVoiceRealtimeCapable(deps) {
+    const config = currentGatewayConfig(deps);
+    if (config === undefined) {
+        return false;
+    }
+    const voice = resolveVoiceCapability(config, {
+        policyDisabled: isVoiceDisabledByPolicy(deps.env),
+    });
+    return voice.available && voice.transport.webrtcMedia;
+}
 // Route 4 — launch-form metadata: the workflow descriptors plus the synthesized explain-plan and
 // verify inputs (both are harness tasks with no workflow descriptor — verify is BFF-only and runs
 // the deterministic verification orchestrator).

package/dist/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAmK/C,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,KAAK,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACrE;AAID,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,SAAS,eAAsB,CAAC;AAC7C,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,SAAS,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,KAChB,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAE9C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;CAChC;AAUD,eAAO,MAAM,UAAU,EAAE,SAAS,eAAe,EAuYhD,CAAC;AA6BF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACnD;AAKD,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,UAAU,GAAG,oBAAoB,GAAG,SAAS,CA2B/C;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,QAAQ,CAEjE;AAED,wBAAgB,YAAY,IAAI,QAAQ,CAEvC;AAED,wBAAgB,oBAAoB,IAAI,QAAQ,CAE/C"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAoO/C,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,KAAK,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACrE;AAID,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,SAAS,eAAsB,CAAC;AAC7C,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,SAAS,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,KAChB,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAE9C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;CAChC;AAUD,eAAO,MAAM,UAAU,EAAE,SAAS,eAAe,EAknBhD,CAAC;AA6BF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACnD;AAKD,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,UAAU,GAAG,oBAAoB,GAAG,SAAS,CA2B/C;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,QAAQ,CAEjE;AAED,wBAAgB,YAAY,IAAI,QAAQ,CAEvC;AAED,wBAAgB,oBAAoB,IAAI,QAAQ,CAE/C"}

package/dist/routes.js

@@ -5,27 +5,38 @@
 // server serializes) OR the STREAMING sentinel, meaning it has taken over the raw ServerResponse
 // (the SSE events route). Non-2xx bodies use the redacted error envelope `{ error: { code, message } }`.
 import { SDK_VERSION } from "@oscharko-dev/keiko-sdk";
-import { handleConfig, handleModels, handleWorkflows, handleWorkspace, handleEvidenceList, handleEvidenceDetail, } from "./read-handlers.js";
+import { handleConfig, handleModels, handleVoiceCapability, handleWorkflows, handleWorkspace, handleEvidenceList, handleEvidenceDetail, } from "./read-handlers.js";
+import { handleGetWorkspaceState, handlePutWorkspaceState } from "./workspace-state-handlers.js";
+import { handleVoiceSpeak, handleVoiceSpeakStream, handleVoiceTranscribe, } from "./voice-handlers.js";
 import { handleCreateRun, handleRunEvents, handleCancelRun, handleGetRun, handleApplyRun, } from "./run-handlers.js";
 import { handleListProjects, handleCreateProject, handleUpdateProject, handleDeleteProject, handleListChats, handleCreateChat, handleUpdateChat, handleDeleteChat, handleListMessages, handleCreateMessage, handleCreateRunSummaryPair, handleUpdateMessage, } from "./store-handlers.js";
-import { handleCreateDesktopChat, handleSendDesktopChat } from "./chat-handlers.js";
+import { handleAppendDesktopVoiceTurn, handleCreateDesktopChat, handleSendDesktopChat, } from "./chat-handlers.js";
 import { handleSendDesktopChatStream } from "./chat-stream-handlers.js";
+import { handleCloneRepository } from "./gitRepositoryRoutes.js";
 import { handleListMemories, handleMemoryReviewQueue, handleGetMemory, handleEditMemory, handlePinMemory, handleUnpinMemory, handleArchiveMemory, handleForgetMemory, handleForgetMemories, handleDeleteMemory, handleCorrectMemory, handleResolveMemoryConflict, handleAcceptMemoryProposal, handleRejectMemoryProposal, } from "./memory-handlers.js";
 import { handleMemoryRetrieveContext, handleMemoryCaptureFromConversation, } from "./memory-conv-handlers.js";
 import { handleCancelConsolidationJob, handleCreateConsolidationJob, handleGetConsolidationJob, } from "./memory-consolidation-handlers.js";
 import { handleRunMaintenance } from "./memory-maintenance-handlers.js";
 import { handleGroundedAsk } from "./grounded-qa.js";
+import { handleRealtimeGroundedVoiceTool } from "./voice-realtime-grounded-tool.js";
 import { handleGatewayReadiness } from "./gateway-readiness.js";
 import { handleGatewaySetup } from "./gateway-setup.js";
 import { handleCreateTerminalExecution, handleDeleteTerminalExecution, handleTerminalDirectories, handleTerminalEvents, handleTerminalPolicy, } from "./terminal-routes.js";
-import { handleFilesContent, handleFilesDirectories, handleFilesPreview, handleFilesSearch, handleFilesTree, } from "./files.js";
-import { handleEditorLanguage, handleEditorLanguageCapabilities } from "./editor/languageRoutes.js";
+import { handleRuntimeCapabilities } from "./runtime/capabilityRoutes.js";
+import { handleCommandCatalog, handleCommandEvents, handleCreateCommandRun, handleDeleteCommandRun, } from "./command-runner-routes.js";
+import { handleActivateTaskWorkspace, handleCleanupOrphanTaskWorkspaces, handleCleanupTaskWorkspace, handleClearActiveTaskWorkspace, handleGetActiveTaskWorkspace, handleGetTaskWorkspace, handleGetTaskWorkspaceHealth, handleGetTaskWorkspaceReconciliation, handleHandoffTaskWorkspace, handleListTaskWorkspaces, handlePauseTaskWorkspace, handleProvisionTaskWorkspace, handleReconcileTaskWorkspaces, handleRepairTaskWorkspace, handleResumeTaskWorkspace, handleSetActiveTaskWorkspace, } from "./task-workspace/routes.js";
+import { handleContainerCapability, handleContainerCatalog, handleContainerEvents, handleCreateContainerRun, handleDeleteContainerRun, } from "./runtime/containerRoutes.js";
+import { handleFilesContent, handleFilesCopy, handleFilesCreate, handleFilesDelete, handleFilesDirectories, handleFilesPreview, handleFilesRename, handleFilesSearch, handleFilesTree, } from "./files.js";
+import { handleGitBranches, handleGitDiff, handleGitStatus } from "./gitRoutes.js";
+import { handleGitHistory, handleGitRemotes, handleGitSummary } from "./gitRepositoryReads.js";
+import { handleEditorLanguage, handleEditorLanguageCapabilitiesForRoute, } from "./editor/languageRoutes.js";
+import { handleEditorLspStatus } from "./editor/lsp/lspStatusRoute.js";
 import { handleEditorContext, handleEditorLocalKnowledgeRetrieve, handleEditorRepoSearch, } from "./editor/contextRoutes.js";
 import { handleEditorCompletion } from "./editor/completionRoutes.js";
 import { handleEditorInlineCompletion, handleEditorInlineCompletionTelemetry, } from "./editor/inlineCompletionRoutes.js";
 import { handleEditorTestGeneration } from "./editor/testGenerationRoutes.js";
 import { handleEditorPatchApply } from "./editor/patchApplyRoutes.js";
-import { handleEditorAgentActions, handleEditorAgentEvents, handleEditorAgentSessions, handleEditorAgentSnapshot, } from "./editor/agentRoutes.js";
+import { handleEditorAgentActions, handleEditorAgentAudit, handleEditorAgentEvents, handleEditorAgentSessions, handleEditorAgentSnapshot, } from "./editor/agentRoutes.js";
 import { handleBrowserApplyScreenshot, handleBrowserContent, handleBrowserEvents, handleBrowserNavigate, handleBrowserScreenshot, handleBrowserStatus, handleCreateBrowserSession, handleDeleteBrowserSession, } from "./browser.js";
 import { handleCancelLocalKnowledgeCapsuleIndexing, handleConnectLocalKnowledgeCapsule, handleCreateLocalKnowledgeCapsule, handleCreateLocalKnowledgeCapsuleSet, handleDeleteLocalKnowledgeCapsule, handleDisconnectLocalKnowledgeCapsule, handleGetLocalKnowledgeCapsule, handleListLocalKnowledgeCapsules, handleListLocalKnowledgeCapsuleSets, handleReindexLocalKnowledgeCapsule, handleStartLocalKnowledgeCapsuleIndexing, handleUpdateLocalKnowledgeCapsule, } from "./local-knowledge-handlers.js";
 import { handleRelationshipCreate, handleRelationshipDelete, handleRelationshipDependencies, handleRelationshipEvents, handleRelationshipExplain, handleRelationshipGet, handleRelationshipHealth, handleRelationshipImpact, handleRelationshipList, handleRelationshipPatch, handleRelationshipValidate, } from "./relationship-handlers.js";
@@ -33,6 +44,15 @@ import { handleQiCapabilities, handleQiDryRunFigma, handleQiDryRunJira, handleQi
 import { handleFigmaListSnapshots, handleFigmaInspectSnapshotScreenJson, handleFigmaDeleteSnapshot, handleFigmaTriggerSnapshot, handleFigmaLoadSnapshot, handleFigmaLoadSnapshotImage, handleFigmaRevokeToken, handleFigmaUpdateSnapshotMetadata, } from "./qualityIntelligence/figmaSnapshotRoutes.js";
 import { handleFigmaGenerateCode } from "./qualityIntelligence/figmaCodegenRoutes.js";
 import { handlePromptEnhancement, handlePromptEnhancementEvidence, } from "./promptEnhancer/index.js";
+import { GIT_DELIVERY_ACTION_SHEET_ROUTE_GROUP } from "./gitDelivery/actionSheetRoutes.js";
+import { GIT_DELIVERY_EVIDENCE_ROUTE_GROUP } from "./gitDelivery/evidenceRoutes.js";
+import { GIT_DELIVERY_LOCAL_MUTATION_ROUTE_GROUP } from "./gitDelivery/localMutationRoutes.js";
+import { GIT_DELIVERY_COMMIT_ROUTE_GROUP } from "./gitDelivery/commitRoutes.js";
+import { GIT_DELIVERY_PUSH_ROUTE_GROUP } from "./gitDelivery/pushRoutes.js";
+import { GIT_DELIVERY_PR_ROUTE_GROUP } from "./gitDelivery/prRoutes.js";
+import { GIT_DELIVERY_MERGE_ROUTE_GROUP } from "./gitDelivery/mergeRoutes.js";
+import { GIT_DELIVERY_SYNC_ROUTE_GROUP } from "./gitDelivery/syncRoutes.js";
+import { GIT_AGENT_OPERATION_ROUTE_GROUP } from "./gitDelivery/agentOperationsRoutes.js";
 export const STREAMING = Symbol("streaming");
 function health() {
     return { status: 200, body: { status: "ok", version: SDK_VERSION } };
@@ -45,6 +65,16 @@ export const API_ROUTES = [
     { method: "GET", pattern: "/api/health", handler: health },
     { method: "GET", pattern: "/api/config", handler: handleConfig },
     { method: "GET", pattern: "/api/models", handler: handleModels },
+    { method: "GET", pattern: "/api/voice/capability", handler: handleVoiceCapability },
+    // Issue #494 (Epic #491) — optional, capability-gated STT composer dictation (ADR-0058 D1/D2/D4).
+    // POST a short audio clip (base64 inside the JSON + CSRF envelope) and receive its transcript;
+    // answers VOICE_UNAVAILABLE when no speech-to-text capability is configured/enabled.
+    { method: "POST", pattern: "/api/voice/transcribe", handler: handleVoiceTranscribe },
+    // Issue #1558 (Epic #1556) — optional, capability-gated assistant speech output (ADR-0095). POST
+    // the visible assistant answer text (inside the JSON + CSRF envelope) and receive synthesized audio
+    // as base64; answers VOICE_UNAVAILABLE when no speech-output capability is configured/enabled.
+    { method: "POST", pattern: "/api/voice/speak", handler: handleVoiceSpeak },
+    { method: "POST", pattern: "/api/voice/speak/stream", handler: handleVoiceSpeakStream },
     { method: "POST", pattern: "/api/gateway/readiness", handler: handleGatewayReadiness },
     { method: "POST", pattern: "/api/gateway/setup", handler: handleGatewaySetup },
     { method: "GET", pattern: "/api/workflows", handler: handleWorkflows },
@@ -56,11 +86,14 @@ export const API_ROUTES = [
     { method: "GET", pattern: "/api/evidence", handler: handleEvidenceList },
     { method: "GET", pattern: "/api/evidence/:runId", handler: handleEvidenceDetail },
     { method: "GET", pattern: "/api/workspace", handler: handleWorkspace },
+    { method: "GET", pattern: "/api/workspace/state", handler: handleGetWorkspaceState },
+    { method: "PUT", pattern: "/api/workspace/state", handler: handlePutWorkspaceState },
     // ADR-0013 D7 — UI-local persistence routes (additive).
     { method: "GET", pattern: "/api/projects", handler: handleListProjects },
     { method: "POST", pattern: "/api/projects", handler: handleCreateProject },
     { method: "PATCH", pattern: "/api/projects", handler: handleUpdateProject },
     { method: "DELETE", pattern: "/api/projects", handler: handleDeleteProject },
+    { method: "POST", pattern: "/api/repositories/clone", handler: handleCloneRepository },
     { method: "GET", pattern: "/api/chats", handler: handleListChats },
     { method: "POST", pattern: "/api/chats", handler: handleCreateChat },
     { method: "PATCH", pattern: "/api/chats", handler: handleUpdateChat },
@@ -77,10 +110,20 @@ export const API_ROUTES = [
     { method: "PATCH", pattern: "/api/chats/messages", handler: handleUpdateMessage },
     // Issue #185 — grounded repository-aware Q&A. Composes #179-#183 behind the chat-scope binding.
     { method: "POST", pattern: "/api/chats/messages/grounded", handler: handleGroundedAsk },
+    {
+        method: "POST",
+        pattern: "/api/voice/realtime/grounded-tool",
+        handler: handleRealtimeGroundedVoiceTool,
+    },
     // Desktop canvas V1 — real chat against the configured gateway model without new agent scope.
     { method: "POST", pattern: "/api/desktop/chats", handler: handleCreateDesktopChat },
     { method: "POST", pattern: "/api/desktop/chat", handler: handleSendDesktopChat },
     { method: "POST", pattern: "/api/desktop/chat/stream", handler: handleSendDesktopChatStream },
+    {
+        method: "POST",
+        pattern: "/api/desktop/chat/voice-turn",
+        handler: handleAppendDesktopVoiceTurn,
+    },
     // ADR-0018 — bounded permitted-command execution. PTY routes (shells/sessions/WS upgrade) and
     // the WebSocket upgrade handler in server.ts are removed; commands run via synchronous POST.
     { method: "GET", pattern: "/api/terminal/policy", handler: handleTerminalPolicy },
@@ -92,6 +135,168 @@ export const API_ROUTES = [
         handler: handleDeleteTerminalExecution,
     },
     { method: "GET", pattern: "/api/terminal/events", handler: handleTerminalEvents },
+    // Issue #1385 — read-only local runtime inventory. Metadata-only detection: no package manager,
+    // Git, language, or container command is executed; root-scoped command sources use contained
+    // manifest reads on a registered project.
+    {
+        method: "GET",
+        pattern: "/api/runtime/capabilities",
+        handler: (ctx, deps) => handleRuntimeCapabilities(ctx, deps, deps.runtimeCapabilityRouteOptions),
+    },
+    // Issue #1386 — read-only Git repository status/diff BFF. Git execution stays server-side with
+    // fixed args/env, selected-root containment, unsafe-owner surfacing, and bounded diff output.
+    {
+        method: "GET",
+        pattern: "/api/git/status",
+        handler: (ctx, deps) => handleGitStatus(ctx, deps, deps.gitRouteOptions),
+    },
+    {
+        method: "GET",
+        pattern: "/api/git/diff",
+        handler: (ctx, deps) => handleGitDiff(ctx, deps, deps.gitRouteOptions),
+    },
+    {
+        method: "GET",
+        pattern: "/api/git/branches",
+        handler: (ctx, deps) => handleGitBranches(ctx, deps, deps.gitRouteOptions),
+    },
+    // Issue #1573 — read-only Git repository summary, history, and remotes BFF. Reuses the hardened
+    // runner + selected-root containment from the #1386 reads; responses are content-free (counts,
+    // typed codes, branch/remote names, ISO dates) and pass through the live-payload redactor.
+    {
+        method: "GET",
+        pattern: "/api/git/summary",
+        handler: (ctx, deps) => handleGitSummary(ctx, deps, deps.gitRouteOptions),
+    },
+    {
+        method: "GET",
+        pattern: "/api/git/history",
+        handler: (ctx, deps) => handleGitHistory(ctx, deps, deps.gitRouteOptions),
+    },
+    {
+        method: "GET",
+        pattern: "/api/git/remotes",
+        handler: (ctx, deps) => handleGitRemotes(ctx, deps, deps.gitRouteOptions),
+    },
+    // Issue #1387 — controlled test/build/run command executor. Tasks are discovered from package
+    // scripts and run through the single governed spawn boundary (keiko-tools runCommand): allowlisted
+    // task ids only (never free-form argv), workspace-contained cwd, output cap, timeout, cancellation,
+    // and content-free evidence. Literal `catalog`/`events` paths register before the `:runId` route.
+    {
+        method: "GET",
+        pattern: "/api/commands/catalog",
+        handler: handleCommandCatalog,
+    },
+    {
+        method: "GET",
+        pattern: "/api/commands/events",
+        handler: handleCommandEvents,
+    },
+    { method: "POST", pattern: "/api/commands/runs", handler: handleCreateCommandRun },
+    {
+        method: "DELETE",
+        pattern: "/api/commands/runs/:runId",
+        handler: handleDeleteCommandRun,
+    },
+    // Issue #445 (Epic #443, ADR-0089) — governed managed task-workspace provisioning + activation.
+    // Provision creates a dedicated task branch + managed Git worktree from an approved base branch
+    // through the narrow worktree adapter (single governed spawn boundary; no generic git runner) and
+    // persists a WorkspaceInstance; activate yields the WorkspaceBinding surfaces bind to. CSRF is
+    // enforced by the server's state-changing gate for the POST routes.
+    { method: "POST", pattern: "/api/task-workspaces", handler: handleProvisionTaskWorkspace },
+    // Issue #446 (Epic #443, ADR-0090) — the shared ACTIVE task-workspace binding the Studio/editor/
+    // runtime/Git-Delivery surfaces consume. `matchRoute` resolves by literal specificity, so the
+    // literal `active` and the `?root` collection paths win over the `:workspaceId` param route
+    // regardless of registration order. CSRF is enforced by the state-changing gate for POST/DELETE.
+    { method: "GET", pattern: "/api/task-workspaces", handler: handleListTaskWorkspaces },
+    { method: "GET", pattern: "/api/task-workspaces/active", handler: handleGetActiveTaskWorkspace },
+    { method: "POST", pattern: "/api/task-workspaces/active", handler: handleSetActiveTaskWorkspace },
+    {
+        method: "DELETE",
+        pattern: "/api/task-workspaces/active",
+        handler: handleClearActiveTaskWorkspace,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/pause",
+        handler: handlePauseTaskWorkspace,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/resume",
+        handler: handleResumeTaskWorkspace,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/handoff",
+        handler: handleHandoffTaskWorkspace,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/activate",
+        handler: handleActivateTaskWorkspace,
+    },
+    // Issue #447 (Epic #443, ADR-0091) — startup reconciliation report (read-only, derived from the
+    // persisted content-free fields), an explicit live reconcile pass (CSRF-gated POST), and the
+    // controlled, operator-approval-gated repair. The literal `reconciliation` path wins over the
+    // `:workspaceId` GET by `matchRoute` specificity.
+    {
+        method: "GET",
+        pattern: "/api/task-workspaces/reconciliation",
+        handler: handleGetTaskWorkspaceReconciliation,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/reconciliation",
+        handler: handleReconcileTaskWorkspaces,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/repair",
+        handler: handleRepairTaskWorkspace,
+    },
+    // Issue #448 (Epic #443, ADR-0092) — operational health/drift/orphan report (read-only) plus the
+    // governed, operator-approval-gated cleanup controls. The literal `health` and `cleanup/orphans`
+    // paths win over the `:workspaceId` routes by `matchRoute` specificity.
+    { method: "GET", pattern: "/api/task-workspaces/health", handler: handleGetTaskWorkspaceHealth },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/cleanup/orphans",
+        handler: handleCleanupOrphanTaskWorkspaces,
+    },
+    {
+        method: "POST",
+        pattern: "/api/task-workspaces/:workspaceId/cleanup",
+        handler: handleCleanupTaskWorkspace,
+    },
+    { method: "GET", pattern: "/api/task-workspaces/:workspaceId", handler: handleGetTaskWorkspace },
+    // Issue #1388 (ADR-0070) — governed container engine detection + execution pilot. The capability
+    // route runs an opt-in ACTIVE daemon probe (distinct from the metadata-only #1385 detector); the
+    // catalog/run routes degrade to 503 CONTAINER_ENGINE_UNAVAILABLE when no engine is present. A run
+    // names a closed-catalog task id only (never a free-form image/argv/flag), executes a server-frozen
+    // hardened `docker run` argv through the single runCommand boundary, and writes content-free
+    // evidence. Literal `capability`/`catalog`/`events` paths register before the `:runId` route.
+    {
+        method: "GET",
+        pattern: "/api/containers/capability",
+        handler: handleContainerCapability,
+    },
+    {
+        method: "GET",
+        pattern: "/api/containers/catalog",
+        handler: handleContainerCatalog,
+    },
+    {
+        method: "GET",
+        pattern: "/api/containers/events",
+        handler: handleContainerEvents,
+    },
+    { method: "POST", pattern: "/api/containers/runs", handler: handleCreateContainerRun },
+    {
+        method: "DELETE",
+        pattern: "/api/containers/runs/:runId",
+        handler: handleDeleteContainerRun,
+    },
     // Desktop files — selected-root browser, preview, and editor control plane.
     { method: "GET", pattern: "/api/files/directories", handler: handleFilesDirectories },
     { method: "GET", pattern: "/api/files/tree", handler: handleFilesTree },
@@ -99,12 +304,19 @@ export const API_ROUTES = [
     { method: "GET", pattern: "/api/files/preview", handler: handleFilesPreview },
     { method: "GET", pattern: "/api/files/content", handler: handleFilesContent },
     { method: "PATCH", pattern: "/api/files/content", handler: handleFilesContent },
+    // File-tree mutations (create / rename / delete). State-changing methods inherit the server CSRF +
+    // JSON gate; each handler re-resolves containment + deny inside the selected root and is
+    // non-destructive by default (atomic no-overwrite create, no-clobber rename, symlinks rejected).
+    { method: "POST", pattern: "/api/files/create", handler: handleFilesCreate },
+    { method: "POST", pattern: "/api/files/rename", handler: handleFilesRename },
+    { method: "POST", pattern: "/api/files/delete", handler: handleFilesDelete },
+    { method: "POST", pattern: "/api/files/copy", handler: handleFilesCopy },
     // Issue #1198 — deterministic, model-free language intelligence (completion, diagnostics, hover,
     // symbols) over an editor overlay (ADR-0042 D4). Capabilities advertises the registered providers.
     {
         method: "GET",
         pattern: "/api/editor/language/capabilities",
-        handler: handleEditorLanguageCapabilities,
+        handler: (ctx, deps) => handleEditorLanguageCapabilitiesForRoute(ctx, deps, deps.editorLanguageRouteOptions),
     },
     {
         method: "POST",
@@ -176,6 +388,19 @@ export const API_ROUTES = [
         pattern: "/api/editor/agent/events",
         handler: handleEditorAgentEvents,
     },
+    // Issue #1395 (ADR-0062) — read-only bounded audit feed of recent agent editor actions.
+    {
+        method: "GET",
+        pattern: "/api/editor/agent/audit",
+        handler: handleEditorAgentAudit,
+    },
+    // Issue #1381 (ADR-0069) — read-only, content-free LSP process lifecycle status feed. Env-gated
+    // default-OFF via KEIKO_EDITOR_LSP_STATUS (404 until an operator opts in). No CSP change needed.
+    {
+        method: "GET",
+        pattern: "/api/editor/lsp/status",
+        handler: (ctx, deps) => handleEditorLspStatus(ctx, { env: deps.env }),
+    },
     {
         method: "POST",
         pattern: "/api/editor/local-knowledge/retrieve",
@@ -432,6 +657,34 @@ export const API_ROUTES = [
     // envelope (refs only, no chat content). Registered as a sibling group so concurrent
     // QI epic merges (e.g. #280) stay mechanically merge-safe.
     ...QI_HANDOFF_ROUTE_GROUP,
+    // Issue #473 (Epic #470) — governed Git delivery action-sheet route group. Single READ-ONLY
+    // POST seam returning a UI-safe GitDeliveryActionSheet projection; never mutates the repo.
+    // Registered as a sibling group so concurrent #470 epic merges stay mechanically merge-safe.
+    ...GIT_DELIVERY_ACTION_SHEET_ROUTE_GROUP,
+    ...GIT_DELIVERY_EVIDENCE_ROUTE_GROUP,
+    // #475 governed local write flows: branch create/switch, staging, and commit preview/execute. These
+    // EXECUTE through the #472 kernel + #474 evidence ledger; gated by the same capability flag and CSRF.
+    ...GIT_DELIVERY_LOCAL_MUTATION_ROUTE_GROUP,
+    ...GIT_DELIVERY_COMMIT_ROUTE_GROUP,
+    // #476 governed remote publish: push preview (read-only) + execute through the SEPARATE publish
+    // gateway (dedicated push-only allowlist) + #474 evidence ledger; same capability flag and CSRF.
+    ...GIT_DELIVERY_PUSH_ROUTE_GROUP,
+    // #477 governed GitHub pull request command center: PR preview (read-only metadata/readiness/
+    // recommendation) + execute through the SEPARATE PR gateway (dedicated `gh api` allowlist) + #474
+    // evidence ledger; same capability flag and CSRF.
+    ...GIT_DELIVERY_PR_ROUTE_GROUP,
+    // #478 governed merge: merge preview (read-only readiness/eligible-strategies/recommendation) +
+    // execute through the SEPARATE merge gateway (dedicated `gh api` merge allowlist, readiness gate, final
+    // approval) + #474 evidence ledger; same capability flag and CSRF.
+    ...GIT_DELIVERY_MERGE_ROUTE_GROUP,
+    // #1573 governed fetch/pull sync: sync preview (read-only readiness + executable gate) + execute
+    // through a preflight-gated credential-capable runner (NOT the #472 kernel — fetch/pull have no
+    // GitDeliveryActionKind) + a dedicated content-free sync evidence ledger; same central CSRF + JSON
+    // content-type gate.
+    ...GIT_DELIVERY_SYNC_ROUTE_GROUP,
+    // #1577 agent repository operations: typed facade over existing Git read and governed delivery
+    // handlers. No shell/provider authority is introduced; command-shaped payloads are denied first.
+    ...GIT_AGENT_OPERATION_ROUTE_GROUP,
 ];
 // Matches a concrete path against a route pattern, capturing `:name` params. Returns the captured
 // params, or undefined when the segment counts differ or a literal segment mismatches.

package/dist/run-engine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run-engine.d.ts","sourceRoot":"","sources":["../src/run-engine.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAqB7D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAa,MAAM,WAAW,CAAC;AAC3E,OAAO,EAIL,KAAK,sBAAsB,EAE5B,MAAM,eAAe,CAAC;AAIvB,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AASD,UAAU,aAAa;IACrB,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAG/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,sBAAsB,GAAG,SAAS,CAAC;IACvD,QAAQ,CAAC,WAAW,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAC;IACpD,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,GAAG,SAAS,CAAC;IAC3E,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;CAC3E;AA8TD,wBAAgB,QAAQ,CACtB,GAAG,EAAE,aAAa,EAClB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,EACzC,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAoBhB;AA4GD,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,iBAAiB,EAC3B,KAAK,EAAE,SAAS,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,GACxC,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAMD,YAAY,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"run-engine.d.ts","sourceRoot":"","sources":["../src/run-engine.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAqB7D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAEnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAa,MAAM,WAAW,CAAC;AAC3E,OAAO,EAIL,KAAK,sBAAsB,EAE5B,MAAM,eAAe,CAAC;AAIvB,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AASD,UAAU,aAAa;IACrB,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;IAG/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,sBAAsB,GAAG,SAAS,CAAC;IACvD,QAAQ,CAAC,WAAW,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAC;IACpD,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,GAAG,SAAS,CAAC;IAC3E,QAAQ,CAAC,gCAAgC,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;CAC3E;AA+TD,wBAAgB,QAAQ,CACtB,GAAG,EAAE,aAAa,EAClB,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,EACzC,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAoBhB;AA8GD,wBAAsB,QAAQ,CAC5B,QAAQ,EAAE,iBAAiB,EAC3B,KAAK,EAAE,SAAS,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,GACxC,OAAO,CAAC,OAAO,CAAC,CAmBlB;AAMD,YAAY,EAAE,aAAa,EAAE,CAAC"}