@pixelbyte-software/pixcode 1.42.4 → 1.43.0

package/scripts/smoke/v143-remote-control.mjs

@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import path from 'node:path';
+
+const root = process.cwd();
+
+function read(relativePath) {
+  return fs.readFileSync(path.join(root, relativePath), 'utf8');
+}
+
+const telegram = read('server/services/telegram/control-center.js');
+assert.match(telegram, /\/approvals/, 'Telegram control should expose an approvals command.');
+assert.match(telegram, /showApprovalQueue/, 'Telegram menu should render pending approval decisions.');
+assert.match(telegram, /approval_decide/, 'Telegram callbacks should allow approval decisions.');
+assert.match(telegram, /showControlRoom/, 'Telegram menu should expose the multi-project control room.');
+assert.match(telegram, /showWebhookMenu/, 'Telegram menu should expose webhook status.');
+
+const workflowRoutes = read('server/modules/orchestration/workflows/workflow.routes.ts');
+assert.match(workflowRoutes, /\/workflows\/approvals/, 'Orchestration should expose a global approval queue.');
+assert.match(workflowRoutes, /resolvePermissionApproval/, 'Global approval route should resolve permission approvals.');
+assert.match(workflowRoutes, /dispatchWebhookEvent/, 'Workflow routes should dispatch webhook events for remote automation.');
+
+const approvalQueue = read('server/modules/orchestration/workflows/approval-queue.ts');
+assert.match(approvalQueue, /listPendingApprovals/, 'Approval queue should list pending approvals across runs.');
+assert.match(approvalQueue, /resolvePermissionApproval/, 'Approval queue should resolve approval requests centrally.');
+assert.match(approvalQueue, /source: 'ui' \| 'telegram' \| 'api'/, 'Approval queue should preserve the decision source.');
+
+const webhooks = read('server/services/webhooks.js');
+assert.match(webhooks, /PIXCODE_WEBHOOK_EVENT_TYPES/, 'Webhook service should declare supported event taxonomy.');
+assert.match(webhooks, /run\.completed/, 'Webhook taxonomy should include run.completed.');
+assert.match(webhooks, /approval\.needed/, 'Webhook taxonomy should include approval.needed.');
+assert.match(webhooks, /deliverWebhookEvent/, 'Webhook service should deliver signed outbound events.');
+
+const webhookRoutes = read('server/routes/webhooks.js');
+assert.match(webhookRoutes, /router\.get\('\/'/, 'Webhook routes should list configured webhooks.');
+assert.match(webhookRoutes, /router\.post\('\/test'/, 'Webhook routes should support test delivery.');
+
+const remote = read('server/routes/remote.js');
+assert.match(remote, /\/control-room/, 'Remote API should expose the control room snapshot.');
+assert.match(remote, /\/console-layout/, 'Remote API should expose mobile console layout metadata.');
+
+const controlRoom = read('server/services/control-room.js');
+assert.match(controlRoom, /buildControlRoomSnapshot/, 'Control room should build a multi-project snapshot.');
+assert.match(controlRoom, /maxProjects = 4/, 'Control room should cap the live overview at four projects.');
+assert.match(controlRoom, /mobileFirst/, 'Control room should include mobile-first console metadata.');
+
+const publicApi = read('server/routes/public-api.js');
+assert.match(publicApi, /\/sdk\/typescript/, 'Public API should expose a TypeScript SDK starter.');
+assert.match(publicApi, /\/cookbook/, 'Public API should expose a curl cookbook.');
+
+const manifest = read('server/services/public-api-manifest.js');
+assert.match(manifest, /buildTypeScriptSdkStarter/, 'Public API manifest should generate typed TypeScript SDK examples.');
+assert.match(manifest, /webhooks/, 'Public API manifest should document webhook endpoints.');
+
+const appTypes = read('src/types/app.ts');
+assert.match(appTypes, /'remote'/, 'Frontend tabs should include the remote console.');
+
+const mainContent = read('src/components/main-content/view/MainContent.tsx');
+assert.match(mainContent, /RemoteConsole/, 'Main content should render the remote console tab.');
+
+const tabSwitcher = read('src/components/main-content/view/subcomponents/MainContentTabSwitcher.tsx');
+assert.match(tabSwitcher, /tabs\.remote/, 'Tab switcher should expose the remote console tab.');
+
+const remoteConsole = read('src/components/remote-console/RemoteConsole.tsx');
+assert.match(remoteConsole, /control-room/, 'Remote console should load control-room snapshots.');
+assert.match(remoteConsole, /approval queue/i, 'Remote console should show the approval queue.');
+assert.match(remoteConsole, /webhook/i, 'Remote console should show webhook health.');
+
+const docs = read('docs/self-hosted-agent-control-room.md');
+assert.match(docs, /Remote Control/, 'Docs should explain remote control workflows.');
+assert.match(docs, /Webhook/, 'Docs should explain webhook automation.');
+assert.match(docs, /Telegram/, 'Docs should explain Telegram control.');
+
+console.log('v1.43 remote control smoke passed');

package/scripts/smoke/workflow-templates.mjs

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import path from 'node:path';
+
+const root = process.cwd();
+
+function read(relativePath) {
+  return fs.readFileSync(path.join(root, relativePath), 'utf8');
+}
+
+const templates = read('server/modules/orchestration/workflows/workflow-templates.ts');
+assert.match(templates, /PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL/, 'Workflow templates should declare a stable protocol id.');
+assert.match(templates, /pixcode\.workflow-template\.v1/, 'Workflow templates should use the v1 protocol id.');
+assert.match(templates, /bug_fix_team/, 'Bug fix team template is missing.');
+assert.match(templates, /pr_review_team/, 'PR review team template is missing.');
+assert.match(templates, /frontend_polish/, 'Frontend polish template is missing.');
+assert.match(templates, /release_manager/, 'Release manager template is missing.');
+assert.match(templates, /dependency_audit/, 'Dependency audit template is missing.');
+assert.match(templates, /agentSlots/, 'Templates should use provider-independent agent slots.');
+assert.match(templates, /acceptanceCriteria/, 'Templates should include acceptance criteria.');
+assert.match(templates, /applyWorkflowTemplateToMetadata/, 'Templates should be applicable to run metadata.');
+
+const routes = read('server/modules/orchestration/workflows/workflow.routes.ts');
+assert.match(routes, /workflows\/templates/, 'Workflow routes should expose templates.');
+assert.match(routes, /WORKFLOW_TEMPLATE_NOT_FOUND/, 'Workflow template start route should validate template ids.');
+assert.match(routes, /applyWorkflowTemplateToMetadata/, 'Workflow routes should apply templates before starting runs.');
+
+const trace = read('server/modules/orchestration/workflows/workflow-trace.ts');
+assert.match(trace, /workflow\.trace\.template/, 'Trace timeline should surface template metadata.');
+
+const page = read('src/components/orchestration/OrchestrationPage.tsx');
+assert.match(page, /WorkflowTemplate/, 'Orchestration page should type workflow templates.');
+assert.match(page, /applyTemplate/, 'Orchestration page should let users apply a template before launch.');
+assert.match(page, /workflowTemplate/, 'Template run metadata should be sent with orchestration runs.');
+
+const en = read('src/i18n/locales/en/common.json');
+const tr = read('src/i18n/locales/tr/common.json');
+assert.match(en, /"templates"/, 'English template UI label is missing.');
+assert.match(tr, /"templates"/, 'Turkish template UI label is missing.');
+
+console.log('workflow templates smoke passed');

package/server/index.js

@@ -78,6 +78,7 @@ import messagesRoutes from './routes/messages.js';
 import diagnosticsRoutes from './routes/diagnostics.js';
 import remoteRoutes from './routes/remote.js';
 import publicApiRoutes from './routes/public-api.js';
+import webhooksRoutes from './routes/webhooks.js';
 import liveViewRoutes, { createLiveViewPublicRouter } from './routes/live-view.js';
 import providerRoutes from './modules/providers/provider.routes.js';
 import {
@@ -406,6 +407,9 @@ app.use('/api/remote', authenticateToken, remoteRoutes);
 // Public automation manifest (protected so private host details only go to signed-in clients)
 app.use('/api/public', authenticateToken, publicApiRoutes);
 
+// Outbound webhook automation (protected)
+app.use('/api/webhooks', authenticateToken, webhooksRoutes);
+
 // Project Live View (protected control API + public share proxy)
 app.use('/api/live-view', authenticateToken, liveViewRoutes);
 

package/server/modules/orchestration/index.ts

@@ -31,6 +31,16 @@ export {
 export { createOrchestrationTaskRouter } from './tasks/orchestration-task.routes.js';
 export { orchestrationTaskService } from './tasks/orchestration-task.service.js';
 export { createWorkflowRouter } from './workflows/workflow.routes.js';
+export {
+  listPendingApprovals,
+  resolvePermissionApproval,
+} from './workflows/approval-queue.js';
+export {
+  PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+  applyWorkflowTemplateToMetadata,
+  builtInWorkflowTemplates,
+  getWorkflowTemplate,
+} from './workflows/workflow-templates.js';
 export { workflowRunner } from './workflows/workflow-runner.js';
 export { workflowStore } from './workflows/workflow-store.js';
 export { workspaceManager } from './workspace/workspace-manager.js';
@@ -66,6 +76,10 @@ export type {
   OrchestrationTask,
   OrchestrationTaskState,
 } from './tasks/orchestration-task.types.js';
+export type {
+  WorkflowTemplate,
+  WorkflowTemplateAgentSlot,
+} from './workflows/workflow-templates.js';
 export type {
   Workflow,
   WorkflowNode,

package/server/modules/orchestration/workflows/approval-queue.ts

@@ -0,0 +1,106 @@
+import type { WorkflowRun } from '@/modules/orchestration/workflows/workflow.types.js';
+import { workflowStore } from '@/modules/orchestration/workflows/workflow-store.js';
+
+export type ApprovalDecisionSource = 'ui' | 'telegram' | 'api';
+
+export type ApprovalQueueItem = Record<string, unknown> & {
+  id: string;
+  runId: string;
+  workflowId: string;
+  status: string;
+  requestedAt?: number;
+};
+
+function readRunApprovals(run: WorkflowRun): Array<Record<string, unknown>> {
+  const approvals = run.metadata?.pendingPermissionApprovals;
+  return Array.isArray(approvals)
+    ? approvals.filter((approval): approval is Record<string, unknown> => Boolean(approval && typeof approval === 'object'))
+    : [];
+}
+
+function normalizeApproval(run: WorkflowRun, approval: Record<string, unknown>): ApprovalQueueItem | null {
+  const id = typeof approval.id === 'string' && approval.id.trim() ? approval.id : null;
+  if (!id) return null;
+
+  return {
+    ...approval,
+    id,
+    runId: run.id,
+    workflowId: run.workflowId,
+    status: typeof approval.status === 'string' ? approval.status : 'pending',
+    requestedAt: typeof approval.requestedAt === 'number' ? approval.requestedAt : run.startedAt,
+  };
+}
+
+export function listPendingApprovals(options: {
+  projectId?: string;
+  includeResolved?: boolean;
+} = {}): ApprovalQueueItem[] {
+  const items: ApprovalQueueItem[] = [];
+  for (const run of workflowStore.listRuns()) {
+    if (options.projectId && run.metadata?.projectId !== options.projectId) continue;
+    for (const approval of readRunApprovals(run)) {
+      const item = normalizeApproval(run, approval);
+      if (!item) continue;
+      if (!options.includeResolved && item.status !== 'pending') continue;
+      items.push(item);
+    }
+  }
+
+  return items.sort((a, b) => Number(b.requestedAt ?? 0) - Number(a.requestedAt ?? 0));
+}
+
+export function resolvePermissionApproval({
+  approvalId,
+  allow,
+  source = 'api',
+  resolvedBy,
+  message,
+}: {
+  approvalId: string;
+  allow: boolean;
+  source?: ApprovalDecisionSource; // source: 'ui' | 'telegram' | 'api'
+  resolvedBy?: string | number | null;
+  message?: string;
+}): {
+  runId: string;
+  pendingApprovals: ApprovalQueueItem[];
+  approvalHistory: ApprovalQueueItem[];
+} | null {
+  for (const run of workflowStore.listRuns()) {
+    const approvals = readRunApprovals(run);
+    let changed = false;
+    const nextApprovals = approvals.map((approval) => {
+      if (approval.id !== approvalId) return approval;
+      changed = true;
+      return {
+        ...approval,
+        status: allow ? 'allowed' : 'denied',
+        resolvedAt: Date.now(),
+        resolvedBy: resolvedBy ?? null,
+        decisionSource: source,
+        resolutionMessage: typeof message === 'string' && message.trim() ? message.trim() : undefined,
+      };
+    });
+
+    if (!changed) continue;
+
+    run.metadata = {
+      ...run.metadata,
+      pendingPermissionApprovals: nextApprovals,
+    };
+    workflowStore.setRun(run);
+
+    const queueItems = nextApprovals
+      .map((approval) => normalizeApproval(run, approval))
+      .filter((approval): approval is ApprovalQueueItem => Boolean(approval));
+
+    return {
+      runId: run.id,
+      pendingApprovals: queueItems.filter((approval) => approval.status === 'pending'),
+      approvalHistory: queueItems.filter((approval) => approval.status !== 'pending'),
+    };
+  }
+
+  return null;
+}

package/server/modules/orchestration/workflows/workflow-runner.ts

@@ -49,6 +49,8 @@ import {
   notifyRunStopped,
   notifyUserIfEnabled,
 } from '@/services/notification-orchestrator.js';
+// @ts-ignore — plain-JS service
+import { dispatchWebhookEvent } from '@/services/webhooks.js';
 
 const TERMINAL = new Set(['completed', 'failed', 'canceled']);
 const SKIPPED = 'skipped';
@@ -1655,6 +1657,20 @@ class WorkflowRunner {
       workflowStore.setRun(run);
       orchestrationTaskService.updateFromWorkflowRun(run);
       notifyWorkflowRunFinished(run);
+      const webhookRunStatus = String(run.status);
+      dispatchWebhookEvent({
+        type: webhookRunStatus === 'completed'
+          ? 'run.completed'
+          : webhookRunStatus === 'canceled'
+            ? 'run.canceled'
+            : 'run.failed',
+        payload: {
+          runId: run.id,
+          workflowId: run.workflowId,
+          status: webhookRunStatus,
+          error: readString(run.metadata?.error),
+        },
+      });
       this.cancelingRuns.delete(run.id);
     }
   }
@@ -1687,6 +1703,15 @@ class WorkflowRunner {
 
     if (decision.approvalRequest) {
       notifyPermissionApprovalRequested(run, decision);
+      dispatchWebhookEvent({
+        type: 'approval.needed',
+        payload: {
+          runId: run.id,
+          workflowId: run.workflowId,
+          approvalId: decision.approvalRequest.id,
+          capabilities: decision.capabilities,
+        },
+      });
     }
   }
 

package/server/modules/orchestration/workflows/workflow-templates.ts

@@ -0,0 +1,272 @@
+export const PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL = 'pixcode.workflow-template.v1' as const;
+
+export interface WorkflowTemplateAgentSlot {
+  id: string;
+  role: string;
+  label: string;
+  instruction: string;
+}
+
+export interface WorkflowTemplate {
+  id: string;
+  protocol: typeof PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL;
+  version: 1;
+  workflowId: string;
+  name: string;
+  description: string;
+  inputPlaceholder: string;
+  agentSlots: WorkflowTemplateAgentSlot[];
+  acceptanceCriteria: string[];
+  defaultSettings?: {
+    maxParallelAgents?: number;
+    maxRepairCycles?: number;
+  };
+}
+
+type AgentRecord = Record<string, unknown>;
+
+export const builtInWorkflowTemplates: WorkflowTemplate[] = [
+  {
+    id: 'bug_fix_team',
+    protocol: PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+    version: 1,
+    workflowId: 'agent_team',
+    name: 'Bug fix team',
+    description: 'Reproduce, fix, and verify a focused bug with an implementation and review loop.',
+    inputPlaceholder: 'Describe the bug, expected behavior, current behavior, and any reproduction steps.',
+    agentSlots: [
+      {
+        id: 'reproducer',
+        role: 'implementation',
+        label: 'Reproducer',
+        instruction: 'Reproduce the bug from the user report, identify the failing path, and keep the scope narrow.',
+      },
+      {
+        id: 'fixer',
+        role: 'implementation',
+        label: 'Fixer',
+        instruction: 'Implement the smallest durable fix and report changed files and verification commands.',
+      },
+      {
+        id: 'reviewer',
+        role: 'review',
+        label: 'Reviewer',
+        instruction: 'Review the fix for regressions, missing validation, and whether the original bug is covered.',
+      },
+    ],
+    acceptanceCriteria: [
+      'The bug has a concrete reproduction or a clearly documented blocker.',
+      'The fix is limited to the failing behavior.',
+      'Verification commands and remaining risks are reported.',
+    ],
+    defaultSettings: {
+      maxParallelAgents: 2,
+      maxRepairCycles: 1,
+    },
+  },
+  {
+    id: 'pr_review_team',
+    protocol: PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+    version: 1,
+    workflowId: 'multi_model_review',
+    name: 'PR review team',
+    description: 'Run independent reviewers and aggregate actionable findings for a pull request or diff.',
+    inputPlaceholder: 'Paste the PR link, branch, or diff summary to review.',
+    agentSlots: [
+      {
+        id: 'correctness',
+        role: 'review',
+        label: 'Correctness reviewer',
+        instruction: 'Prioritize correctness bugs, regressions, missing tests, and broken edge cases.',
+      },
+      {
+        id: 'security',
+        role: 'review',
+        label: 'Security reviewer',
+        instruction: 'Prioritize security, secret handling, permission, and data exposure risks.',
+      },
+      {
+        id: 'reporter',
+        role: 'report',
+        label: 'Report aggregator',
+        instruction: 'Aggregate findings by severity with file references and concrete fix suggestions.',
+      },
+    ],
+    acceptanceCriteria: [
+      'Findings are ordered by severity and avoid speculative noise.',
+      'Each issue includes the concrete impact and suggested fix.',
+      'The final report clearly says when no blocking issue is found.',
+    ],
+    defaultSettings: {
+      maxParallelAgents: 3,
+    },
+  },
+  {
+    id: 'frontend_polish',
+    protocol: PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+    version: 1,
+    workflowId: 'agent_team',
+    name: 'Frontend polish',
+    description: 'Improve a UI workflow with implementation, responsive checks, and UX review.',
+    inputPlaceholder: 'Describe the screen or workflow that needs frontend polish.',
+    agentSlots: [
+      {
+        id: 'ui_implementation',
+        role: 'frontend',
+        label: 'UI implementer',
+        instruction: 'Implement the requested UI change using existing design conventions and responsive constraints.',
+      },
+      {
+        id: 'ux_review',
+        role: 'review',
+        label: 'UX reviewer',
+        instruction: 'Review layout, text overflow, responsive behavior, accessibility, and interaction states.',
+      },
+      {
+        id: 'verification',
+        role: 'review',
+        label: 'Verification reviewer',
+        instruction: 'Verify the change with available typecheck, lint, build, smoke, or manual UI evidence.',
+      },
+    ],
+    acceptanceCriteria: [
+      'The UI follows existing components and visual density.',
+      'Text and controls do not overlap on mobile or desktop.',
+      'Verification evidence is included in the final summary.',
+    ],
+    defaultSettings: {
+      maxParallelAgents: 2,
+      maxRepairCycles: 1,
+    },
+  },
+  {
+    id: 'release_manager',
+    protocol: PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+    version: 1,
+    workflowId: 'sequential_handoff',
+    name: 'Release manager',
+    description: 'Prepare a release checklist, run verification, and summarize publish readiness.',
+    inputPlaceholder: 'Describe the version, release scope, and target channels.',
+    agentSlots: [
+      {
+        id: 'release_plan',
+        role: 'implementation',
+        label: 'Release planner',
+        instruction: 'Create a release checklist, verify version surfaces, and identify publish blockers.',
+      },
+      {
+        id: 'release_verification',
+        role: 'review',
+        label: 'Release verifier',
+        instruction: 'Run or inspect release verification commands and report the exact publish state.',
+      },
+      {
+        id: 'release_report',
+        role: 'report',
+        label: 'Release reporter',
+        instruction: 'Summarize what was released, what was verified, and any blocked channels.',
+      },
+    ],
+    acceptanceCriteria: [
+      'Version surfaces are aligned.',
+      'Build/package verification is reported.',
+      'Remote artifact and publish state are explicitly stated.',
+    ],
+    defaultSettings: {
+      maxParallelAgents: 1,
+    },
+  },
+  {
+    id: 'dependency_audit',
+    protocol: PIXCODE_WORKFLOW_TEMPLATE_PROTOCOL,
+    version: 1,
+    workflowId: 'agent_team',
+    name: 'Dependency audit',
+    description: 'Inspect dependency, runtime, and package risks without making broad upgrades by default.',
+    inputPlaceholder: 'Describe the dependency or runtime area to audit.',
+    agentSlots: [
+      {
+        id: 'audit',
+        role: 'implementation',
+        label: 'Audit analyst',
+        instruction: 'Inspect dependency and runtime risk using existing lockfiles and configured package managers.',
+      },
+      {
+        id: 'risk_review',
+        role: 'review',
+        label: 'Risk reviewer',
+        instruction: 'Validate the findings, call out false positives, and avoid broad upgrade churn unless requested.',
+      },
+      {
+        id: 'report',
+        role: 'report',
+        label: 'Audit reporter',
+        instruction: 'Produce a prioritized remediation plan with commands, risks, and no-secret output.',
+      },
+    ],
+    acceptanceCriteria: [
+      'Findings are tied to actual dependency evidence.',
+      'No unrelated dependency upgrades are proposed as automatic work.',
+      'Security and runtime risks are separated from maintenance suggestions.',
+    ],
+    defaultSettings: {
+      maxParallelAgents: 2,
+    },
+  },
+];
+
+export function getWorkflowTemplate(templateId: string): WorkflowTemplate | undefined {
+  return builtInWorkflowTemplates.find((template) => template.id === templateId);
+}
+
+function applyTemplateSlots(agents: AgentRecord[] | undefined, template: WorkflowTemplate): AgentRecord[] | undefined {
+  if (!Array.isArray(agents) || agents.length === 0) return agents;
+
+  let enabledSlotIndex = 0;
+  return agents.map((agent) => {
+    if (agent.enabled === false) return agent;
+    const slot = template.agentSlots[enabledSlotIndex];
+    enabledSlotIndex += 1;
+    if (!slot) return agent;
+    return {
+      ...agent,
+      role: slot.role,
+      instruction: typeof agent.instruction === 'string' && agent.instruction.trim()
+        ? agent.instruction
+        : slot.instruction,
+      templateSlotId: slot.id,
+      templateSlotLabel: slot.label,
+    };
+  });
+}
+
+export function applyWorkflowTemplateToMetadata(
+  template: WorkflowTemplate,
+  metadata?: Record<string, unknown>,
+): Record<string, unknown> {
+  const settings = metadata?.settings && typeof metadata.settings === 'object'
+    ? metadata.settings as Record<string, unknown>
+    : {};
+
+  return {
+    ...metadata,
+    workflowTemplate: {
+      protocol: template.protocol,
+      id: template.id,
+      version: template.version,
+      name: template.name,
+      workflowId: template.workflowId,
+      acceptanceCriteria: template.acceptanceCriteria,
+      agentSlots: template.agentSlots.map((slot) => ({
+        id: slot.id,
+        role: slot.role,
+        label: slot.label,
+      })),
+    },
+    agents: applyTemplateSlots(metadata?.agents as AgentRecord[] | undefined, template),
+    settings: {
+      ...settings,
+      ...template.defaultSettings,
+    },
+  };
+}

package/server/modules/orchestration/workflows/workflow-trace.ts

@@ -165,6 +165,28 @@ export function buildWorkflowTrace(run: WorkflowRun): WorkflowTraceEvent[] {
     });
   }
 
+  const workflowTemplate = readRecord(run.metadata?.workflowTemplate);
+  if (workflowTemplate) {
+    pushEvent(events, {
+      id: traceId([run.id, 'workflow-template']),
+      type: 'run',
+      severity: 'info',
+      status: run.status,
+      timestamp: run.startedAt + 0.3,
+      actor: 'Pixcode',
+      title: 'Workflow template applied',
+      titleKey: 'workflow.trace.template',
+      summary: redactTraceText([
+        `Template: ${readString(workflowTemplate.name) ?? readString(workflowTemplate.id) ?? 'unknown'}`,
+        `Protocol: ${readString(workflowTemplate.protocol) ?? 'unknown'}`,
+        Array.isArray(workflowTemplate.acceptanceCriteria)
+          ? `Acceptance criteria:\n- ${workflowTemplate.acceptanceCriteria.filter((item) => typeof item === 'string').join('\n- ')}`
+          : undefined,
+      ].filter(Boolean).join('\n'), run),
+      metadata: workflowTemplate,
+    });
+  }
+
   const fallbackEvents = Array.isArray(run.metadata?.fallbackEvents)
     ? run.metadata.fallbackEvents
     : [];