@runcore-sh/runcore 0.4.0 → 0.5.1

package/dist/server.js

@@ -37,38 +37,47 @@ import { installFetchGuard } from "./llm/fetch-guard.js";
 import { SensitiveRegistry } from "./llm/sensitive-registry.js";
 import { PrivacyMembrane } from "./llm/membrane.js";
 import { setActiveMembrane, getActiveMembrane, rehydrateResponse } from "./llm/redact.js";
-import { VolumeManager } from "./volumes/index.js";
+import { logLlmCall } from "./llm/call-log.js";
+// VolumeManager — dynamically imported in start() (EXT-BYOK)
+let _volumes = null;
 import { loadSettings, getSettings, updateSettings, resolveProvider, resolveChatModel, resolveUtilityModel, getPulseSettings, getMeshConfig, } from "./settings.js";
-import { startMdns, stopMdns } from "./mdns.js";
+// mdns — dynamically imported in start() (EXT-BYOK)
+let _mdns = null;
 import { ingestDirectory } from "./files/ingest.js";
 import { processIngestFolder } from "./files/ingest-folder.js";
 import { saveSession, loadSession } from "./sessions/store.js";
 import { extractAndLearn } from "./learning/extractor.js";
 import { startSidecar, stopSidecar, isSidecarAvailable } from "./search/sidecar.js";
 import { classifySearchNeed } from "./search/classify.js";
-import { findBrainDocument } from "./search/brain-docs.js";
+import { findBrainDocument, setBrainRAG } from "./search/brain-docs.js";
+import { BrainRAG } from "./search/brain-rag.js";
+import { watchBrain } from "./search/file-watcher.js";
+let stopFileWatcher = () => { };
 import { isSearchAvailable, search } from "./search/client.js";
-import { browseUrl, detectUrl } from "./search/browse.js";
-import { startTtsSidecar, stopTtsSidecar } from "./tts/sidecar.js";
-import { isTtsAvailable, synthesize } from "./tts/client.js";
-import { startSttSidecar, stopSttSidecar } from "./stt/sidecar.js";
-import { isSttAvailable, transcribe } from "./stt/client.js";
-import { startAvatarSidecar, stopAvatarSidecar, isAvatarAvailable } from "./avatar/sidecar.js";
-import { preparePhoto, generateVideo, getCachedVideo, cacheVideo, clearVideoCache } from "./avatar/client.js";
-import { getTtsConfig, getSttConfig, getAvatarConfig } from "./settings.js";
-import { loadVault, listVaultKeys, setVaultKey, deleteVaultKey, getDashReadableVault, getVaultEntries, hydrateEnv as rehydrateVaultEnv } from "./vault/store.js";
-import { exportVault, importVault, verifyExport } from "./vault/transfer.js";
-import { getIntegrationStatus, isIntegrationEnabled } from "./integrations/gate.js";
-import { makeCall } from "./twilio/call.js";
-import { isGoogleConfigured, isGoogleAuthenticated, getAuthUrl, exchangeCode, } from "./google/auth.js";
-import { isCalendarAvailable, getTodaySchedule, getUpcomingEvents, listEvents, searchEvents, getFreeBusy, createEvent, updateEvent, deleteEvent } from "./google/calendar.js";
-import { validateCalendarEntry, getDayOfWeek } from "./google/temporal.js";
-import { startCalendarTimer, stopCalendarTimer } from "./google/calendar-timer.js";
-import { isGmailAvailable, categorizeMessages, prioritizeInbox, getInboxSummary, markAsRead, markAsUnread, batchMarkAsRead, batchMarkAsUnread } from "./google/gmail.js";
-import { startGmailTimer, stopGmailTimer, onDashEmail } from "./google/gmail-timer.js";
-import { startTasksTimer, stopTasksTimer } from "./google/tasks-timer.js";
-import { sendEmail } from "./google/gmail-send.js";
-import { isTasksAvailable, listTaskLists, createTaskList, updateTaskList, deleteTaskList, listTasks, getTask as getGoogleTask, createTask, updateTask, completeTask, uncompleteTask, deleteTask, createRecurringWeeklyTasks, } from "./google/tasks.js";
+// browse, tts, stt, avatar, vault, integrations, twilio — dynamically imported in start() (EXT-BYOK)
+let _browse = null;
+let _ttsSidecar = null;
+let _ttsClient = null;
+let _sttSidecar = null;
+let _sttClient = null;
+let _avatarSidecar = null;
+let _avatarClient = null;
+let _settingsVoice = null;
+let _vaultStore = null;
+let _vaultTransfer = null;
+let _integrationsGate = null;
+let _twilioCall = null;
+// Google workspace — dynamically imported in start() (EXT-BYOK)
+let _googleAuth = null;
+let _googleCalendar = null;
+let _googleTemporal = null;
+let _googleCalendarTimer = null;
+let _googleGmail = null;
+let _googleGmailTimer = null;
+let _googleTasksTimer = null;
+let _googleGmailSend = null;
+let _googleDocs = null;
+let _googleTasks = null;
 import { runGoalCheck } from "./goals/loop.js";
 import { startGoalTimer, stopGoalTimer } from "./goals/timer.js";
 import { drainNotifications, pushNotification, initNotifications } from "./goals/notifications.js";
@@ -76,9 +85,10 @@ import { logActivity, getActivities, getActivitiesByIds, generateTraceId } from
 import { compactHistory } from "./context/compaction.js";
 import { rateLimit } from "./rate-limit.js";
 import { initAgents, recoverAndStartMonitor, shutdownAgents, submitTask, getTask, listTasks as listAgentTasks, cancelTask, getTaskOutput, setOnBatchComplete, setAgentPool } from "./agents/index.js";
-import { rememberTaskCompletion } from "./agents/memory.js";
-import { acquireLocks, releaseLocks, releaseFileLock, forceReleaseLock, listLocks, checkLocks, pruneAllStaleLocks } from "./agents/locks.js";
-import { continueAfterBatch, startAutonomousTimer, stopAutonomousTimer, resetContinuation, getAutonomousStatus, triggerPulse } from "./agents/autonomous.js";
+// Agent memory, locks, autonomous — dynamically imported in start() (EXT-SPAWN)
+let _agentMemory = null;
+let _agentLocks = null;
+let _agentAutonomous = null;
 import { initPressureIntegrator, getPressureIntegrator } from "./pulse/pressure.js";
 import { startBacklogReviewTimer, stopBacklogReviewTimer, triggerBacklogReview, getLastBacklogReview, isBacklogReviewRunning } from "./services/backlogReview.js";
 import { startBriefingTimer, stopBriefingTimer, triggerBriefing, getLastBriefing, getLastDeliveryResult, updateBriefingConfig } from "./services/morningBriefing.js";
@@ -86,43 +96,49 @@ import { initTraining, getTrainingProgress } from "./services/training.js";
 import { startInsightsTimer, stopInsightsTimer, getInsights, getLastInsightRun, triggerInsightAnalysis } from "./services/traceInsights.js";
 import { startCreditMonitor, stopCreditMonitor, getCreditStatus, triggerCreditCheck } from "./services/credit-monitor.js";
 import { loadLoops, loadLoopsByState, loadTriads, transitionLoop, startOpenLoopScanner, stopOpenLoopScanner, getResonances, getLastScanRun, triggerOpenLoopScan, triggerResolutionScan, getResolutions, getLastResolutionScanRun, foldBack, } from "./openloop/index.js";
-import { createRuntime, getRuntime, shutdownRuntime } from "./agents/runtime/index.js";
-import { AgentInstanceManager } from "./agents/instance-manager.js";
-import { AgentPool } from "./agents/runtime.js";
-import { WorkflowEngine } from "./agents/workflow.js";
+// Agent runtime, instance manager, pool, workflow — dynamically imported in start() (EXT-SPAWN)
+let _agentRuntime = null;
+let _agentInstanceManager = null;
+let _agentPoolMod = null;
+let _agentWorkflow = null;
 import { getBoardProvider, setBoardProvider, isBoardAvailable } from "./board/provider.js";
 import { QueueBoardProvider } from "./queue/provider.js";
 import { QUEUE_STATES } from "./queue/types.js";
-import { Tracer } from "./tracing/tracer.js";
-import { initTracing, shutdownTracing } from "./tracing/init.js";
-import { tracingMiddleware } from "./tracing/middleware.js";
-import { attachOTelToBus } from "./tracing/bridge.js";
+// Tracing — dynamically imported in start() (EXT-HOSTED)
+let _tracingTracer = null;
+let _tracingInit = null;
+let _tracingMiddleware = null;
+let _tracingBridge = null;
 import { HealthChecker, memoryCheck, eventLoopCheck, availabilityCheck, cpuCheck, diskUsageCheck, diskCheck, queueStoreCheck, agentCapacityCheck, agentHealthCheck, boardCheck, RecoveryManager, sidecarRecovery, AlertManager, defaultAlertConfig, } from "./health/index.js";
-import { NotificationDispatcher, EmailChannel, PhoneChannel } from "./notifications/index.js";
+// Notifications — dynamically imported in start() (EXT-BYOK)
+let _notifications = null;
 import { skillRegistry as _skillRegistry } from "./skills/index.js";
 import { createModuleRegistry, getModuleRegistry } from "./modules/index.js";
-import { createCapabilityRegistry, getCapabilityRegistry, calendarCapability, emailCapability, docsCapability, boardCapability, browserCapability, closeBrowser, taskDoneCapability, calendarContextProvider, emailContextProvider, createWebSearchContextProvider, vaultContextProvider } from "./capabilities/index.js";
+import { createCapabilityRegistry, getCapabilityRegistry, calendarCapability, emailCapability, docsCapability, boardCapability, taskDoneCapability, calendarContextProvider, emailContextProvider, createWebSearchContextProvider, vaultContextProvider } from "./capabilities/index.js";
+// browserCapability, closeBrowser — dynamically imported in start() (EXT-HOSTED)
+let _browser = null;
 import { MetricsStore, startCollector, stopCollector, registerDefaultThresholds, evaluateAlerts, buildDashboard, metricsMiddleware, collectPrometheus, generatePeriodStats, generateComparisonReport, } from "./metrics/index.js";
 import { startGroomingTimer, stopGroomingTimer } from "./queue/grooming.js";
 import { createSchedulingStore, getSchedulingStore } from "./scheduling/store.js";
 import { startSchedulingTimer, stopSchedulingTimer } from "./scheduling/timer.js";
 import { createContactStore, getContactStore } from "./contacts/store.js";
-import { createCredentialStore, getCredentialStore, maskValue } from "./credentials/store.js";
-import { verifyWebhookSignature, githubProvider } from "./github/webhooks.js";
-import { initGitHub, shutdownGitHub, getGitHubStatus, reviewPullRequest, reviewAndCommentPR, triageGitHubIssue, triageAndLabelIssue, batchTriageIssues, analyzeGitHubCommit, analyzeRecentGitHubCommits, getGitHubRepoHealth, processWebhook as processGitHubWebhook, formatHealthReport, } from "./integrations/github.js";
-import { isSlackConfigured, getOAuthUrl as getSlackOAuthUrl, exchangeOAuthCode as exchangeSlackCode, getClient as getSlackClient, } from "./slack/client.js";
-import { slackEventsProvider, slackCommandsProvider, slackInteractionsProvider } from "./slack/webhooks.js";
-import { listChannels, getChannelInfo, joinChannel, getChannelHistory } from "./slack/channels.js";
-// Slack types no longer needed — providers handle their own type mapping
-import { getClient as getWhatsAppClient, isWhatsAppConfigured } from "./channels/whatsapp.js";
-import { parseFormBody, processIncomingMessage, emptyTwimlResponse, replyTwiml, twilioProvider } from "./webhooks/twilio.js";
-import { resendProvider } from "./resend/webhooks.js";
-import { handleWhatsAppMessage } from "./services/whatsapp.js";
+// Credentials, GitHub, Slack, WhatsApp, Webhooks — dynamically imported in start() (EXT-BYOK)
+let _credentialStore = null;
+let _githubWebhooks = null;
+let _integrationsGithub = null;
+let _slackClient = null;
+let _slackWebhooks = null;
+let _slackChannels = null;
+let _channelsWhatsapp = null;
+let _webhooksTwilio = null;
+let _resendWebhooks = null;
+let _servicesWhatsapp = null;
 import { initLLMCache, shutdownLLMCache, getCacheDiagnostics } from "./cache/llm-cache.js";
-import { mountWebhookAdmin, createWebhookRoute, verifyWebhookRequest } from "./webhooks/mount.js";
-import { setProviderConfigs } from "./webhooks/config.js";
-import { registerProviders } from "./webhooks/registry.js";
-import { verifyRelaySignature } from "./webhooks/relay.js";
+import { createWebhookRoute, verifyWebhookRequest } from "./webhooks/mount.js";
+let _webhooksMount = null;
+let _webhooksConfig = null;
+let _webhooksRegistry = null;
+let _webhooksRelay = null;
 import { setEncryptionKey } from "./lib/key-store.js";
 import { FileManager } from "./files/manager.js";
 import { createLibraryStore } from "./library/store.js";
@@ -159,15 +175,14 @@ health.register("cpu", cpuCheck());
 health.register("disk", diskCheck(BRAIN_DIR));
 health.register("disk_usage", diskUsageCheck(BRAIN_DIR));
 const recovery = new RecoveryManager(health);
-// --- Alerting ---
-const alertDispatcher = new NotificationDispatcher();
-const alertManager = new AlertManager(health, defaultAlertConfig(), alertDispatcher);
+// --- Alerting (initialized in start() after dynamic import) ---
+let alertDispatcher = null;
+let alertManager = null;
 // --- Metrics ---
 const metricsStore = new MetricsStore(BRAIN_DIR);
 registerDefaultThresholds();
-// --- Volume manager ---
-const volumeManager = new VolumeManager(BRAIN_DIR);
-volumeManager.init().catch((err) => log.warn("Volume manager init failed — single-volume mode", { error: String(err) }));
+// --- Volume manager (initialized in start() after dynamic import) ---
+let volumeManager = null;
 const chatSessions = new Map();
 const sessionKeys = new Map();
 let goalTimerStarted = false;
@@ -184,6 +199,41 @@ function getThreadsForSession(sessionId) {
 function generateThreadId() {
     return Date.now().toString(36) + Math.random().toString(36).slice(2, 8);
 }
+/**
+ * Switch cs to point at the given thread's history (or back to main).
+ * Saves/restores main history transparently.
+ */
+function switchSessionThread(cs, threadId, sessionId) {
+    const currentThread = cs.activeThreadId;
+    if (currentThread === threadId)
+        return; // already there
+    // Save current history back to wherever it belongs
+    if (currentThread) {
+        // Currently on a thread — save back to that thread
+        const threads = getThreadsForSession(sessionId);
+        const t = threads.get(currentThread);
+        if (t) {
+            t.history = cs.history;
+            t.historySummary = cs.historySummary;
+        }
+        // Restore main
+        cs.history = cs.mainHistory;
+        cs.historySummary = cs.mainHistorySummary;
+    }
+    if (threadId) {
+        // Switching to a thread — save main, load thread
+        const threads = getThreadsForSession(sessionId);
+        const t = threads.get(threadId);
+        if (t) {
+            cs.mainHistory = cs.history;
+            cs.mainHistorySummary = cs.historySummary;
+            cs.history = t.history;
+            cs.historySummary = t.historySummary;
+            t.updatedAt = new Date().toISOString();
+        }
+    }
+    cs.activeThreadId = threadId;
+}
 /** One-time startup token for zero-friction local auth. */
 let startupToken = null;
 export function getStartupToken() {
@@ -191,7 +241,7 @@ export function getStartupToken() {
 }
 /** Autonomous timer started flag. */
 let autonomousStarted = false;
-const tracer = new Tracer();
+let tracer = null;
 let instanceManager = null;
 let agentPool = null;
 let workflowEngine = null;
@@ -314,20 +364,20 @@ async function getOrCreateChatSession(sessionId, name) {
                 : `You do NOT have web search capability. If ${name} asks you to search or asks about current events, be honest that you can't look things up right now.`,
             ``,
             // Google Workspace status (gated on auth, instructions come from registry)
-            ...(isGoogleAuthenticated()
+            ...((_googleAuth?.isGoogleAuthenticated() ?? false)
                 ? [
                     `You have Google Workspace integration. Your available actions are listed below.`,
                     `If Google data appears in your context, use it. It is real, live data from ${name}'s account.`,
                     `You do NOT need to build or implement Google integration — it is already working.`,
                     ``,
                 ]
-                : isGoogleConfigured()
+                : (_googleAuth?.isGoogleConfigured() ?? false)
                     ? [`Google Workspace credentials are configured but not yet authorized. Tell ${name} to click "Connect Google" in settings to complete the setup.`, ``]
                     : [`Google Workspace is not connected. ${name} can add GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET in vault settings to enable Calendar, Gmail, and Drive access.`, ``]),
             // Non-Google capability instructions (always injected)
             ...(getCapabilityRegistry()?.getPromptInstructions({ origin: "chat", name, exclude: ["calendar", "email", "docs"] }) ?? "").split("\n"),
             // Google capability instructions (only when authenticated)
-            ...(isGoogleAuthenticated()
+            ...((_googleAuth?.isGoogleAuthenticated() ?? false)
                 ? (getCapabilityRegistry()?.getPromptInstructions({ origin: "chat", name, filter: ["calendar", "email", "docs"] }) ?? "").split("\n")
                 : []),
             ``,
@@ -377,7 +427,7 @@ async function getOrCreateChatSession(sessionId, name) {
             ] : []), // end spawning gate
             // Inject instance-readable vault values (CORE_*/DASH_* prefixed only — never secrets)
             ...(() => {
-                const readable = getDashReadableVault();
+                const readable = (_vaultStore ? _vaultStore.getDashReadableVault() : []);
                 if (readable.length === 0)
                     return [];
                 const lines = readable.map((r) => `- ${r.name}: ${r.value}`);
@@ -430,12 +480,26 @@ async function getOrCreateChatSession(sessionId, name) {
     if (key) {
         const restored = await loadSession(sessionId, key);
         if (restored) {
-            cs = { history: restored.history, historySummary: restored.historySummary ?? "", brain, fileContext: restored.fileContext, learnedPaths: restored.learnedPaths, ingestedContext, turnCount: 0, lastExtractionTurn: 0, foldedBack: false };
+            cs = { history: restored.history, historySummary: restored.historySummary ?? "", brain, fileContext: restored.fileContext, learnedPaths: restored.learnedPaths, ingestedContext, turnCount: 0, lastExtractionTurn: 0, foldedBack: false, activeThreadId: null, mainHistory: [], mainHistorySummary: "" };
             chatSessions.set(sessionId, cs);
+            // Restore threads
+            if (restored.threads && restored.threads.length > 0) {
+                const threads = getThreadsForSession(sessionId);
+                for (const t of restored.threads) {
+                    threads.set(t.id, {
+                        id: t.id,
+                        title: t.title,
+                        history: t.history || [],
+                        historySummary: t.historySummary || "",
+                        createdAt: t.createdAt,
+                        updatedAt: t.updatedAt,
+                    });
+                }
+            }
             return cs;
         }
     }
-    cs = { history: [], historySummary: "", brain, fileContext: "", learnedPaths: [], ingestedContext, turnCount: 0, lastExtractionTurn: 0, foldedBack: false };
+    cs = { history: [], historySummary: "", brain, fileContext: "", learnedPaths: [], ingestedContext, turnCount: 0, lastExtractionTurn: 0, foldedBack: false, activeThreadId: null, mainHistory: [], mainHistorySummary: "" };
     chatSessions.set(sessionId, cs);
     return cs;
 }
@@ -496,8 +560,13 @@ app.use("/api/*", async (c, next) => {
     const caller = `http:${c.req.method} ${c.req.path}`;
     return runWithAuditContext({ caller, channel: "http" }, () => next());
 });
-// --- Tracing middleware ---
-app.use("/api/*", tracingMiddleware());
+// --- Tracing middleware (lazy — only active when hosted tier loads tracing) ---
+app.use("/api/*", async (c, next) => {
+    if (_tracingMiddleware) {
+        return _tracingMiddleware.tracingMiddleware()(c, next);
+    }
+    return next();
+});
 // --- Metrics middleware ---
 app.use("/api/*", metricsMiddleware());
 // --- Rate limiting ---
@@ -526,35 +595,48 @@ app.use("/api/*", postureTracker());
 app.use("/api/*", postureHeader());
 // --- Webhook initialization (batch registration + config + admin routes) ---
 const webhookInitStart = performance.now();
-// Phase 1: Batch-register all webhook providers (deferred from module imports to avoid
-// 5 individual logActivity calls during startup — now a single batch call).
-const registerStart = performance.now();
-registerProviders([githubProvider, slackEventsProvider, slackCommandsProvider, slackInteractionsProvider, twilioProvider, resendProvider]);
-const registerMs = performance.now() - registerStart;
-// Phase 2: Configure webhook providers (secrets resolved from env vars)
-const configStart = performance.now();
-setProviderConfigs([
-    { name: "slack-events", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/events" },
-    { name: "slack-commands", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/commands" },
-    { name: "slack-interactions", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/interactions" },
-    { name: "twilio", secret: "TWILIO_AUTH_TOKEN", signatureHeader: "x-twilio-signature", algorithm: "twilio", path: "/api/twilio/whatsapp" },
-    { name: "github", secret: "GITHUB_WEBHOOK_SECRET", signatureHeader: "x-hub-signature-256", algorithm: "hmac-sha256-hex", path: "/api/github/webhooks" },
-    { name: "resend", secret: "RESEND_WEBHOOK_SECRET", signatureHeader: "svix-signature", algorithm: "custom", path: "/api/resend/webhooks" },
-]);
-const configMs = performance.now() - configStart;
-// Phase 3: Mount admin routes
-const mountStart = performance.now();
-mountWebhookAdmin(app);
-const mountMs = performance.now() - mountStart;
-const webhookInitMs = performance.now() - webhookInitStart;
-log.debug(`Webhook init complete: ${webhookInitMs.toFixed(1)}ms — register:${registerMs.toFixed(1)}ms, config:${configMs.toFixed(1)}ms, mount:${mountMs.toFixed(1)}ms`, { durationMs: Math.round(webhookInitMs), registerMs: Math.round(registerMs), configMs: Math.round(configMs), mountMs: Math.round(mountMs) });
-if (webhookInitMs > 100) {
-    logActivity({
-        source: "system",
-        summary: `[perf] Webhook init slow: ${webhookInitMs.toFixed(1)}ms — register:${registerMs.toFixed(1)}ms, config:${configMs.toFixed(1)}ms, mount:${mountMs.toFixed(1)}ms`,
-    });
+// Phase 1-3: Webhook provider registration is deferred to start() where modules are loaded.
+// initWebhookProviders() is called in start() after dynamic imports complete.
+function initWebhookProviders() {
+    if (!_webhooksRegistry || !_webhooksConfig || !_webhooksMount || !_githubWebhooks || !_slackWebhooks || !_webhooksTwilio || !_resendWebhooks) {
+        log.debug("Webhook init skipped — BYOK modules not loaded");
+        return;
+    }
+    const registerStart = performance.now();
+    _webhooksRegistry.registerProviders([_githubWebhooks.githubProvider, _slackWebhooks.slackEventsProvider, _slackWebhooks.slackCommandsProvider, _slackWebhooks.slackInteractionsProvider, _webhooksTwilio.twilioProvider, _resendWebhooks.resendProvider]);
+    const registerMs = performance.now() - registerStart;
+    const configStart = performance.now();
+    _webhooksConfig.setProviderConfigs([
+        { name: "slack-events", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/events" },
+        { name: "slack-commands", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/commands" },
+        { name: "slack-interactions", secret: "SLACK_SIGNING_SECRET", signatureHeader: "x-slack-signature", algorithm: "slack-v0", path: "/api/slack/interactions" },
+        { name: "twilio", secret: "TWILIO_AUTH_TOKEN", signatureHeader: "x-twilio-signature", algorithm: "twilio", path: "/api/twilio/whatsapp" },
+        { name: "github", secret: "GITHUB_WEBHOOK_SECRET", signatureHeader: "x-hub-signature-256", algorithm: "hmac-sha256-hex", path: "/api/github/webhooks" },
+        { name: "resend", secret: "RESEND_WEBHOOK_SECRET", signatureHeader: "svix-signature", algorithm: "custom", path: "/api/resend/webhooks" },
+    ]);
+    const configMs = performance.now() - configStart;
+    const mountStart = performance.now();
+    _webhooksMount.mountWebhookAdmin(app);
+    const mountMs = performance.now() - mountStart;
+    const webhookInitMs = performance.now() - webhookInitStart;
+    log.debug(`Webhook init complete: ${webhookInitMs.toFixed(1)}ms — register:${registerMs.toFixed(1)}ms, config:${configMs.toFixed(1)}ms, mount:${mountMs.toFixed(1)}ms`, { durationMs: Math.round(webhookInitMs), registerMs: Math.round(registerMs), configMs: Math.round(configMs), mountMs: Math.round(mountMs) });
+    if (webhookInitMs > 100) {
+        logActivity({
+            source: "system",
+            summary: `[perf] Webhook init slow: ${webhookInitMs.toFixed(1)}ms — register:${registerMs.toFixed(1)}ms, config:${configMs.toFixed(1)}ms, mount:${mountMs.toFixed(1)}ms`,
+        });
+    }
 }
 // --- API routes ---
+// UI version check (stub — UI polls this to detect hot-reload)
+app.get("/api/ui-version", (c) => c.json({ version: "0.4.0" }));
+// Return current seal values so client can blur on page load
+app.get("/api/sensitive/seals", (c) => {
+    const membrane = getActiveMembrane();
+    return c.json({ values: membrane ? membrane.knownValues.map(v => v.value) : [] });
+});
+// Pending questions (stub — proactive question chips)
+app.get("/api/pending-questions", (c) => c.json({ questions: [] }));
 // Status: what screen should the UI show?
 app.get("/api/status", async (c) => {
     const status = await getStatus();
@@ -566,9 +648,9 @@ app.get("/api/status", async (c) => {
         privateMode: settings.privateMode,
         authMode: settings.safeWordMode,
         search: isSearchAvailable(),
-        tts: isTtsAvailable(),
-        stt: isSttAvailable(),
-        avatar: isAvatarAvailable(),
+        tts: (_ttsClient?.isTtsAvailable() ?? false),
+        stt: (_sttClient?.isSttAvailable() ?? false),
+        avatar: (_avatarSidecar?.isAvatarAvailable() ?? false),
         agentName: getInstanceName(),
     });
 });
@@ -601,7 +683,8 @@ app.post("/api/pair", async (c) => {
     sessionKeys.set(result.session.id, result.sessionKey);
     setEncryptionKey(result.sessionKey);
     cacheSessionKey(result.sessionKey);
-    await loadVault(result.sessionKey);
+    if (_vaultStore)
+        await _vaultStore.loadVault(result.sessionKey);
     // Save agent name to settings + update in-memory name
     if (agentName) {
         setInstanceName(agentName);
@@ -633,7 +716,8 @@ app.post("/api/auth", async (c) => {
     sessionKeys.set(result.session.id, result.sessionKey);
     setEncryptionKey(result.sessionKey);
     cacheSessionKey(result.sessionKey);
-    await loadVault(result.sessionKey);
+    if (_vaultStore)
+        await _vaultStore.loadVault(result.sessionKey);
     return c.json({ sessionId: result.session.id, name: result.name });
 });
 // Validate an existing session (for "restart" auth mode)
@@ -692,7 +776,8 @@ app.post("/api/recover", async (c) => {
     sessionKeys.set(result.session.id, result.sessionKey);
     setEncryptionKey(result.sessionKey);
     cacheSessionKey(result.sessionKey);
-    await loadVault(result.sessionKey);
+    if (_vaultStore)
+        await _vaultStore.loadVault(result.sessionKey);
     return c.json({ sessionId: result.session.id, name: result.name });
 });
 const deviceVouchers = new Map();
@@ -1076,7 +1161,7 @@ app.get("/api/vault", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    return c.json({ keys: listVaultKeys() });
+    return c.json({ keys: (_vaultStore ? _vaultStore.listVaultKeys() : []) });
 });
 // Add or update a vault key
 app.put("/api/vault/:name", async (c) => {
@@ -1094,7 +1179,7 @@ app.put("/api/vault/:name", async (c) => {
     const { value, label } = body;
     if (!value)
         return c.json({ error: "value required" }, 400);
-    await setVaultKey(name, value, key, label);
+    await _vaultStore.setVaultKey(name, value, key, label);
     return c.json({ ok: true });
 });
 // Delete a vault key
@@ -1109,7 +1194,7 @@ app.delete("/api/vault/:name", async (c) => {
     if (!key)
         return c.json({ error: "Session key not found" }, 401);
     const name = c.req.param("name");
-    await deleteVaultKey(name, key);
+    await _vaultStore.deleteVaultKey(name, key);
     return c.json({ ok: true });
 });
 // Export vault to portable passphrase-encrypted file
@@ -1125,7 +1210,7 @@ app.post("/api/vault/export", async (c) => {
         return c.json({ error: "Passphrase required (min 8 characters)" }, 400);
     }
     try {
-        const result = await exportVault(body.passphrase);
+        const result = await _vaultTransfer.exportVault(body.passphrase);
         return c.json({ ok: true, filePath: result.filePath, stats: result.stats });
     }
     catch (e) {
@@ -1149,7 +1234,7 @@ app.post("/api/vault/import", async (c) => {
     }
     const strategy = body.strategy ?? "skip";
     try {
-        const result = await importVault(body.filePath, body.passphrase, strategy, key);
+        const result = await _vaultTransfer.importVault(body.filePath, body.passphrase, strategy, key);
         return c.json({ ok: true, stats: result.stats });
     }
     catch (e) {
@@ -1169,7 +1254,7 @@ app.post("/api/vault/verify-export", async (c) => {
         return c.json({ error: "filePath and passphrase required" }, 400);
     }
     try {
-        const result = await verifyExport(body.filePath, body.passphrase);
+        const result = await _vaultTransfer.verifyExport(body.filePath, body.passphrase);
         return c.json({ ok: true, message: result.message, stats: result.stats });
     }
     catch (e) {
@@ -1181,7 +1266,7 @@ app.post("/api/vault/verify-export", async (c) => {
 // No session required: this just redirects to Google, no sensitive data returned
 app.get("/api/google/auth", async (c) => {
     const redirectUri = `http://localhost:${PORT}/api/google/callback`;
-    const result = getAuthUrl(redirectUri);
+    const result = _googleAuth.getAuthUrl(redirectUri);
     if (!result.ok) {
         return c.html(`<html><body><h2>Google OAuth not configured</h2><p>${result.message}</p></body></html>`);
     }
@@ -1198,7 +1283,7 @@ app.get("/api/google/callback", async (c) => {
         return c.html(`<html><body><h2>Missing authorization code</h2><p>No code received from Google.</p></body></html>`);
     }
     const redirectUri = `http://localhost:${PORT}/api/google/callback`;
-    const result = await exchangeCode(code, redirectUri);
+    const result = await _googleAuth.exchangeCode(code, redirectUri);
     if (!result.ok) {
         return c.html(`<html><body><h2>Token exchange failed</h2><p>${result.message}</p></body></html>`);
     }
@@ -1214,26 +1299,27 @@ app.get("/api/google/callback", async (c) => {
             vaultKey = restored.sessionKey;
             sessionKeys.set(restored.session.id, restored.sessionKey);
             setEncryptionKey(restored.sessionKey);
-            await loadVault(restored.sessionKey);
+            if (_vaultStore)
+                await _vaultStore.loadVault(restored.sessionKey);
         }
     }
     if (!vaultKey) {
         return c.html(`<html><body><h2>Session not found</h2><p>Could not find a session key to store credentials. Please log in first, then try connecting Google again.</p></body></html>`);
     }
-    await setVaultKey("GOOGLE_REFRESH_TOKEN", result.refreshToken, vaultKey, "Google OAuth refresh token");
+    await _vaultStore.setVaultKey("GOOGLE_REFRESH_TOKEN", result.refreshToken, vaultKey, "Google OAuth refresh token");
     logActivity({ source: "google", summary: "Google OAuth connected — refresh token stored in vault", actionLabel: "PROMPTED", reason: "user connected Google OAuth" });
     // Start Google polling timers now that Google is connected
-    startCalendarTimer();
-    startGmailTimer();
-    startTasksTimer();
+    _googleCalendarTimer?.startCalendarTimer();
+    _googleGmailTimer?.startGmailTimer();
+    _googleTasksTimer?.startTasksTimer();
     return c.html(`<html><body><h2>Google connected!</h2><p>${getInstanceName()} now has access to Calendar, Gmail, and Drive.</p><p>This tab will close automatically.</p><script>if(window.opener){window.opener.postMessage("google-connected","*")}setTimeout(()=>window.close(),1500)</script></body></html>`);
 });
 // Check Google auth state (public — only returns booleans, no sensitive data)
 app.get("/api/google/status", async (c) => {
     return c.json({
-        configured: isGoogleConfigured(),
-        authenticated: isGoogleAuthenticated(),
-        scopes: isGoogleAuthenticated() ? ["gmail.modify", "calendar.events", "drive.file", "tasks"] : [],
+        configured: (_googleAuth?.isGoogleConfigured() ?? false),
+        authenticated: (_googleAuth?.isGoogleAuthenticated() ?? false),
+        scopes: (_googleAuth?.isGoogleAuthenticated() ?? false) ? ["gmail.modify", "calendar.events", "drive.file", "tasks"] : [],
     });
 });
 // Send email via Gmail
@@ -1244,14 +1330,14 @@ app.post("/api/google/send-email", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGoogleAuthenticated()) {
+    if (!(_googleAuth?.isGoogleAuthenticated() ?? false)) {
         return c.json({ error: "Google not authenticated" }, 400);
     }
     const body = await c.req.json();
     if (!body.to || !body.subject || !body.body) {
         return c.json({ error: "to, subject, and body are required" }, 400);
     }
-    const result = await sendEmail(body);
+    const result = await _googleGmailSend.sendEmail(body);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "gmail", summary: `Email sent to ${Array.isArray(body.to) ? body.to.join(", ") : body.to}: "${body.subject}"`, actionLabel: "PROMPTED", reason: "user sent email" });
@@ -1266,10 +1352,10 @@ app.get("/api/google/gmail/inbox-summary", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGmailAvailable())
+    if (!(_googleGmail?.isGmailAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const hours = parseInt(c.req.query("hours") ?? "24", 10);
-    const result = await getInboxSummary(hours);
+    const result = await _googleGmail.getInboxSummary(hours);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1282,10 +1368,10 @@ app.get("/api/google/gmail/categorize", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGmailAvailable())
+    if (!(_googleGmail?.isGmailAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const hours = parseInt(c.req.query("hours") ?? "24", 10);
-    const result = await categorizeMessages(hours);
+    const result = await _googleGmail.categorizeMessages(hours);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1298,10 +1384,10 @@ app.get("/api/google/gmail/prioritize", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGmailAvailable())
+    if (!(_googleGmail?.isGmailAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const hours = parseInt(c.req.query("hours") ?? "24", 10);
-    const result = await prioritizeInbox(hours);
+    const result = await _googleGmail.prioritizeInbox(hours);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1314,18 +1400,18 @@ app.post("/api/google/gmail/mark-read", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGmailAvailable())
+    if (!(_googleGmail?.isGmailAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (body.messageIds && body.messageIds.length > 0) {
-        const result = await batchMarkAsRead(body.messageIds);
+        const result = await _googleGmail.batchMarkAsRead(body.messageIds);
         if (!result.ok)
             return c.json({ error: result.message }, 500);
         return c.json(result);
     }
     if (!body.messageId)
         return c.json({ error: "messageId or messageIds required" }, 400);
-    const result = await markAsRead(body.messageId);
+    const result = await _googleGmail.markAsRead(body.messageId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1338,18 +1424,18 @@ app.post("/api/google/gmail/mark-unread", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isGmailAvailable())
+    if (!(_googleGmail?.isGmailAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (body.messageIds && body.messageIds.length > 0) {
-        const result = await batchMarkAsUnread(body.messageIds);
+        const result = await _googleGmail.batchMarkAsUnread(body.messageIds);
         if (!result.ok)
             return c.json({ error: result.message }, 500);
         return c.json(result);
     }
     if (!body.messageId)
         return c.json({ error: "messageId or messageIds required" }, 400);
-    const result = await markAsUnread(body.messageId);
+    const result = await _googleGmail.markAsUnread(body.messageId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1357,53 +1443,53 @@ app.post("/api/google/gmail/mark-unread", async (c) => {
 // --- Google Calendar routes ---
 // Get today's schedule
 app.get("/api/google/calendar/today", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
-    const result = await getTodaySchedule();
+    const result = await _googleCalendar.getTodaySchedule();
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
 });
 // Get upcoming events
 app.get("/api/google/calendar/upcoming", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const hours = parseInt(c.req.query("hours") ?? "4", 10);
-    const result = await getUpcomingEvents(hours);
+    const result = await _googleCalendar.getUpcomingEvents(hours);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
 });
 // Get free/busy
 app.post("/api/google/calendar/freebusy", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (!body.start || !body.end)
         return c.json({ error: "start and end are required" }, 400);
-    const result = await getFreeBusy(body.start, body.end);
+    const result = await _googleCalendar.getFreeBusy(body.start, body.end);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
 });
 // Create calendar event
 app.post("/api/google/calendar/events", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (!body.title || !body.start || !body.end) {
         return c.json({ error: "title, start, and end are required" }, 400);
     }
     // Temporal validation: catch day-of-week mismatches before creating events (ts_temporal_mismatch_01)
-    const temporalCheck = validateCalendarEntry(body.start, body.expectedDayOfWeek);
+    const temporalCheck = _googleTemporal.validateCalendarEntry(body.start, body.expectedDayOfWeek);
     if (!temporalCheck.ok) {
         return c.json({
             error: temporalCheck.message,
             suggestion: temporalCheck.suggestion,
-            actualDayOfWeek: getDayOfWeek(body.start),
+            actualDayOfWeek: _googleTemporal.getDayOfWeek(body.start),
         }, 400);
     }
-    const result = await createEvent(body.title, body.start, body.end, {
+    const result = await _googleCalendar.createEvent(body.title, body.start, body.end, {
         description: body.description,
         location: body.location,
         attendees: body.attendees,
@@ -1413,13 +1499,13 @@ app.post("/api/google/calendar/events", async (c) => {
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "calendar", summary: `Event created: ${body.title}`, actionLabel: "PROMPTED", reason: "user created calendar event" });
-    return c.json({ ...result, actualDayOfWeek: getDayOfWeek(body.start) });
+    return c.json({ ...result, actualDayOfWeek: _googleTemporal.getDayOfWeek(body.start) });
 });
 // List events with flexible filtering
 app.get("/api/google/calendar/events", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
-    const result = await listEvents({
+    const result = await _googleCalendar.listEvents({
         timeMin: c.req.query("timeMin"),
         timeMax: c.req.query("timeMax"),
         query: c.req.query("q"),
@@ -1432,34 +1518,34 @@ app.get("/api/google/calendar/events", async (c) => {
 });
 // Update calendar event
 app.patch("/api/google/calendar/events/:eventId", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const eventId = c.req.param("eventId");
     const body = await c.req.json();
     // Temporal validation on updated start date (ts_temporal_mismatch_01)
     if (body.start) {
-        const temporalCheck = validateCalendarEntry(body.start, body.expectedDayOfWeek);
+        const temporalCheck = _googleTemporal.validateCalendarEntry(body.start, body.expectedDayOfWeek);
         if (!temporalCheck.ok) {
             return c.json({
                 error: temporalCheck.message,
                 suggestion: temporalCheck.suggestion,
-                actualDayOfWeek: getDayOfWeek(body.start),
+                actualDayOfWeek: _googleTemporal.getDayOfWeek(body.start),
             }, 400);
         }
     }
-    const result = await updateEvent(eventId, body);
+    const result = await _googleCalendar.updateEvent(eventId, body);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "calendar", summary: `Event updated: ${eventId}`, actionLabel: "PROMPTED", reason: "user updated calendar event" });
-    return c.json(body.start ? { ...result, actualDayOfWeek: getDayOfWeek(body.start) } : result);
+    return c.json(body.start ? { ...result, actualDayOfWeek: _googleTemporal.getDayOfWeek(body.start) } : result);
 });
 // Delete calendar event
 app.delete("/api/google/calendar/events/:eventId", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const eventId = c.req.param("eventId");
     const sendUpdates = c.req.query("sendUpdates");
-    const result = await deleteEvent(eventId, { sendUpdates });
+    const result = await _googleCalendar.deleteEvent(eventId, { sendUpdates });
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "calendar", summary: `Event deleted: ${eventId}`, actionLabel: "PROMPTED", reason: "user deleted calendar event" });
@@ -1467,12 +1553,12 @@ app.delete("/api/google/calendar/events/:eventId", async (c) => {
 });
 // Search calendar events by text
 app.get("/api/google/calendar/search", async (c) => {
-    if (!isCalendarAvailable())
+    if (!(_googleCalendar?.isCalendarAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const query = c.req.query("q");
     if (!query)
         return c.json({ error: "q (search query) is required" }, 400);
-    const result = await searchEvents(query, {
+    const result = await _googleCalendar.searchEvents(query, {
         timeMin: c.req.query("timeMin"),
         timeMax: c.req.query("timeMax"),
         maxResults: c.req.query("maxResults") ? parseInt(c.req.query("maxResults"), 10) : undefined,
@@ -1490,9 +1576,9 @@ app.get("/api/google/tasks/lists", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
-    const result = await listTaskLists();
+    const result = await _googleTasks.listTaskLists();
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1505,12 +1591,12 @@ app.post("/api/google/tasks/lists", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (!body.title)
         return c.json({ error: "title is required" }, 400);
-    const result = await createTaskList(body.title);
+    const result = await _googleTasks.createTaskList(body.title);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task list created: ${body.title}`, actionLabel: "PROMPTED", reason: "user created task list" });
@@ -1524,13 +1610,13 @@ app.patch("/api/google/tasks/lists/:listId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const body = await c.req.json();
     if (!body.title)
         return c.json({ error: "title is required" }, 400);
-    const result = await updateTaskList(listId, body.title);
+    const result = await _googleTasks.updateTaskList(listId, body.title);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1543,10 +1629,10 @@ app.delete("/api/google/tasks/lists/:listId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
-    const result = await deleteTaskList(listId);
+    const result = await _googleTasks.deleteTaskList(listId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task list deleted: ${listId}`, actionLabel: "PROMPTED", reason: "user deleted task list" });
@@ -1560,7 +1646,7 @@ app.post("/api/google/tasks/recurring", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const body = await c.req.json();
     if (!body.title)
@@ -1584,7 +1670,7 @@ app.post("/api/google/tasks/recurring", async (c) => {
             }, 400);
         }
     }
-    const result = await createRecurringWeeklyTasks(body);
+    const result = await _googleTasks.createRecurringWeeklyTasks(body);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: result.message, actionLabel: "PROMPTED", reason: "user created recurring tasks" });
@@ -1598,13 +1684,13 @@ app.get("/api/google/tasks/:listId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const showCompleted = c.req.query("showCompleted") === "true";
     const dueMin = c.req.query("dueMin");
     const dueMax = c.req.query("dueMax");
-    const result = await listTasks(listId, {
+    const result = await _googleTasks.listTasks(listId, {
         showCompleted,
         dueMin: dueMin || undefined,
         dueMax: dueMax || undefined,
@@ -1621,11 +1707,11 @@ app.get("/api/google/tasks/:listId/:taskId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const taskId = c.req.param("taskId");
-    const result = await getGoogleTask(listId, taskId);
+    const result = await _googleTasks.getTask(listId, taskId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1638,13 +1724,13 @@ app.post("/api/google/tasks/:listId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const body = await c.req.json();
     if (!body.title)
         return c.json({ error: "title is required" }, 400);
-    const result = await createTask(listId, body);
+    const result = await _googleTasks.createTask(listId, body);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task created: ${body.title}`, actionLabel: "PROMPTED", reason: "user created task" });
@@ -1658,12 +1744,12 @@ app.patch("/api/google/tasks/:listId/:taskId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const taskId = c.req.param("taskId");
     const body = await c.req.json();
-    const result = await updateTask(listId, taskId, body);
+    const result = await _googleTasks.updateTask(listId, taskId, body);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task updated: ${taskId}`, actionLabel: "PROMPTED", reason: "user updated task" });
@@ -1677,11 +1763,11 @@ app.post("/api/google/tasks/:listId/:taskId/complete", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const taskId = c.req.param("taskId");
-    const result = await completeTask(listId, taskId);
+    const result = await _googleTasks.completeTask(listId, taskId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task completed: ${taskId}`, actionLabel: "PROMPTED", reason: "user completed task" });
@@ -1695,11 +1781,11 @@ app.post("/api/google/tasks/:listId/:taskId/uncomplete", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const taskId = c.req.param("taskId");
-    const result = await uncompleteTask(listId, taskId);
+    const result = await _googleTasks.uncompleteTask(listId, taskId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     return c.json(result);
@@ -1712,11 +1798,11 @@ app.delete("/api/google/tasks/:listId/:taskId", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isTasksAvailable())
+    if (!(_googleTasks?.isTasksAvailable() ?? false))
         return c.json({ error: "Google not authenticated" }, 400);
     const listId = c.req.param("listId");
     const taskId = c.req.param("taskId");
-    const result = await deleteTask(listId, taskId);
+    const result = await _googleTasks.deleteTask(listId, taskId);
     if (!result.ok)
         return c.json({ error: result.message }, 500);
     logActivity({ source: "tasks", summary: `Task deleted: ${taskId}`, actionLabel: "PROMPTED", reason: "user deleted task" });
@@ -1857,7 +1943,7 @@ app.put("/api/settings", async (c) => {
 app.get("/api/admin/integrations", async (c) => {
     const settings = getSettings();
     const integrations = settings.integrations ?? { enabled: true };
-    const status = getIntegrationStatus();
+    const status = (_integrationsGate ? _integrationsGate.getIntegrationStatus() : []);
     return c.json({
         enabled: integrations.enabled ?? true,
         services: status,
@@ -1876,9 +1962,9 @@ app.post("/api/admin/integrations", async (c) => {
     }
     const updated = await updateSettings(patch);
     // Re-hydrate env with new gates — clear integration vars first, then re-hydrate
-    const status = getIntegrationStatus();
-    rehydrateVaultEnv();
-    const credStore = getCredentialStore();
+    const status = (_integrationsGate ? _integrationsGate.getIntegrationStatus() : []);
+    _vaultStore?.hydrateEnv();
+    const credStore = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (credStore)
         await credStore.hydrate();
     return c.json({
@@ -1886,23 +1972,23 @@ app.post("/api/admin/integrations", async (c) => {
         services: status.map((s) => ({
             ...s,
             // Re-check after settings update
-            enabled: isIntegrationEnabled(s.service),
+            enabled: (_integrationsGate?.isIntegrationEnabled(s.service) ?? false),
         })),
     });
 });
 // --- Voice routes ---
 // Voice status: which voice features are available?
 app.get("/api/voice-status", async (c) => {
-    return c.json({ tts: isTtsAvailable(), stt: isSttAvailable() });
+    return c.json({ tts: (_ttsClient?.isTtsAvailable() ?? false), stt: (_sttClient?.isSttAvailable() ?? false) });
 });
 // TTS: synthesize text to WAV audio via Piper
 app.get("/api/tts", async (c) => {
     const text = c.req.query("text");
     if (!text)
         return c.json({ error: "text query param required" }, 400);
-    if (!isTtsAvailable())
+    if (!(_ttsClient?.isTtsAvailable() ?? false))
         return c.json({ error: "TTS not available" }, 503);
-    const wav = await synthesize(text);
+    const wav = await _ttsClient.synthesize(text);
     if (!wav)
         return c.json({ error: "Synthesis failed" }, 502);
     return new Response(wav, {
@@ -1914,12 +2000,12 @@ app.get("/api/tts", async (c) => {
 });
 // STT: transcribe audio via whisper-server
 app.post("/api/stt", async (c) => {
-    if (!isSttAvailable())
+    if (!(_sttClient?.isSttAvailable() ?? false))
         return c.json({ error: "STT not available" }, 503);
     const body = await c.req.arrayBuffer();
     if (!body || body.byteLength === 0)
         return c.json({ error: "Audio body required" }, 400);
-    const text = await transcribe(Buffer.from(body));
+    const text = await _sttClient.transcribe(Buffer.from(body));
     if (!text)
         return c.json({ error: "Transcription failed" }, 502);
     return c.json({ text });
@@ -1934,7 +2020,7 @@ function pushPendingVideo(filename) {
 }
 // Avatar status: is MuseTalk sidecar running?
 app.get("/api/avatar/status", async (c) => {
-    return c.json({ available: isAvatarAvailable() });
+    return c.json({ available: (_avatarSidecar?.isAvatarAvailable() ?? false) });
 });
 // Poll for new avatar videos since a given timestamp
 app.get("/api/avatar/latest", async (c) => {
@@ -1976,18 +2062,18 @@ app.post("/api/avatar/photo", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    if (!isAvatarAvailable())
+    if (!(_avatarSidecar?.isAvatarAvailable() ?? false))
         return c.json({ error: "Avatar not available" }, 503);
     const body = await c.req.arrayBuffer();
     if (!body || body.byteLength === 0)
         return c.json({ error: "Photo body required" }, 400);
-    const avatarConfig = getAvatarConfig();
+    const avatarConfig = _settingsVoice ? _settingsVoice.getAvatarConfig() : { photoPath: "public/avatar/photo.png", port: 0, enabled: false };
     const photoPath = join(process.cwd(), avatarConfig.photoPath);
     await mkdir(join(UI_DIR, "avatar"), { recursive: true });
     await writeFile(photoPath, Buffer.from(body));
-    const ok = await preparePhoto(photoPath);
+    const ok = await _avatarClient.preparePhoto(photoPath);
     if (ok) {
-        await clearVideoCache();
+        await _avatarClient.clearVideoCache();
         latestAvatarVideo = null;
     }
     return c.json({ ok });
@@ -2036,8 +2122,9 @@ app.get("/api/history", async (c) => {
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
     const cs = await getOrCreateChatSession(sessionId, session.name);
-    // Return only user and assistant messages (not system)
-    const messages = cs.history
+    // Always return main history (not active thread's)
+    const historySource = cs.activeThreadId ? cs.mainHistory : cs.history;
+    const messages = historySource
         .filter((m) => m.role === "user" || m.role === "assistant")
         .map((m) => ({ role: m.role, content: m.content }));
     return c.json({ messages });
@@ -2084,20 +2171,25 @@ app.post("/api/threads", async (c) => {
     const now = new Date().toISOString();
     const thread = {
         id: generateThreadId(),
-        title: body.title || "New thread",
+        title: body.title || "New chat",
         history: [],
         historySummary: "",
         createdAt: now,
         updatedAt: now,
     };
     threads.set(thread.id, thread);
-    // Save current main history as the previous thread, then clear for fresh conversation
+    // New thread starts blank. Main chat keeps its history.
+    // If currently on a thread, save it back first.
     const cs = chatSessions.get(sessionId);
-    if (cs) {
-        cs.history = [];
-        cs.historySummary = "";
-        cs.foldedBack = false;
-        cs.turnCount = 0;
+    if (cs && cs.activeThreadId) {
+        const prevThread = threads.get(cs.activeThreadId);
+        if (prevThread) {
+            prevThread.history = cs.history;
+            prevThread.historySummary = cs.historySummary;
+        }
+        cs.history = cs.mainHistory;
+        cs.historySummary = cs.mainHistorySummary;
+        cs.activeThreadId = null;
     }
     return c.json({ thread: { id: thread.id, title: thread.title, createdAt: thread.createdAt, updatedAt: thread.updatedAt } });
 });
@@ -2108,11 +2200,15 @@ app.get("/api/threads/:id/history", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid session" }, 401);
+    const threadId = c.req.param("id");
     const threads = getThreadsForSession(sessionId);
-    const thread = threads.get(c.req.param("id"));
+    const thread = threads.get(threadId);
     if (!thread)
         return c.json({ error: "Thread not found" }, 404);
-    const messages = thread.history
+    // If this thread is currently active on cs, its live history is in cs.history
+    const cs = chatSessions.get(sessionId);
+    const historySource = (cs && cs.activeThreadId === threadId) ? cs.history : thread.history;
+    const messages = historySource
         .filter((m) => m.role === "user" || m.role === "assistant")
         .map((m) => ({ role: m.role, content: m.content }));
     return c.json({ messages });
@@ -2141,8 +2237,14 @@ app.delete("/api/threads/:id", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid session" }, 401);
+    const threadId = c.req.param("id");
     const threads = getThreadsForSession(sessionId);
-    threads.delete(c.req.param("id"));
+    // If deleting the active thread, switch back to main first
+    const cs = chatSessions.get(sessionId);
+    if (cs && cs.activeThreadId === threadId) {
+        switchSessionThread(cs, null, sessionId);
+    }
+    threads.delete(threadId);
     return c.json({ ok: true });
 });
 // Activity log: poll for background actions
@@ -2273,13 +2375,17 @@ app.post("/api/branch", async (c) => {
             reqSignal?.addEventListener("abort", onAbort, { once: true });
             // Token buffer for split-placeholder rehydration
             let tokenBuf = "";
+            let totalOutputChars = 0;
+            const streamStartMs = performance.now();
             const flushBuf = () => {
                 if (!tokenBuf)
                     return;
                 const rehydrated = rehydrateResponse(tokenBuf);
+                totalOutputChars += rehydrated.length;
                 tokenBuf = "";
                 stream.writeSSE({ data: JSON.stringify({ token: rehydrated }) }).catch(() => { });
             };
+            const streamModel = activeChatModel ?? (activeProvider === "ollama" ? "llama3.2:3b" : "claude-sonnet-4");
             stream_fn({
                 messages: redactedBranchMessages,
                 model: activeChatModel,
@@ -2296,6 +2402,12 @@ app.post("/api/branch", async (c) => {
                     flushBuf(); // flush remainder
                     reqSignal?.removeEventListener("abort", onAbort);
                     stream.writeSSE({ data: JSON.stringify({ done: true }) }).catch(() => { });
+                    const durationMs = Math.round(performance.now() - streamStartMs);
+                    logLlmCall({
+                        ts: new Date().toISOString(), mode: "stream",
+                        provider: activeProvider, model: streamModel,
+                        durationMs, outputTokens: Math.ceil(totalOutputChars / 4), ok: true,
+                    });
                     resolve();
                 },
                 onError: async (err) => {
@@ -2307,6 +2419,12 @@ app.post("/api/branch", async (c) => {
                         if (!health.ok)
                             errorMsg += " — Check that Ollama is running. " + health.message;
                     }
+                    const durationMs = Math.round(performance.now() - streamStartMs);
+                    logLlmCall({
+                        ts: new Date().toISOString(), mode: "stream",
+                        provider: activeProvider, model: streamModel,
+                        durationMs, ok: false, error: errorMsg,
+                    });
                     stream.writeSSE({ data: JSON.stringify({ error: errorMsg }) }).catch(() => { });
                     resolve();
                 },
@@ -2357,7 +2475,7 @@ app.post("/api/agents/tasks/:id/cancel", async (c) => {
 });
 // --- File lock routes ---
 app.get("/api/agents/locks", async (c) => {
-    const locks = await listLocks();
+    const locks = await _agentLocks.listLocks();
     return c.json({ locks });
 });
 app.post("/api/agents/locks/acquire", async (c) => {
@@ -2366,7 +2484,7 @@ app.post("/api/agents/locks/acquire", async (c) => {
     if (!agentId || !filePaths || !Array.isArray(filePaths)) {
         return c.json({ error: "agentId and filePaths[] required" }, 400);
     }
-    const result = await acquireLocks(agentId, agentLabel || agentId, filePaths, timeoutMs);
+    const result = await _agentLocks.acquireLocks(agentId, agentLabel || agentId, filePaths, timeoutMs);
     return c.json(result, result.acquired ? 200 : 409);
 });
 app.post("/api/agents/locks/release", async (c) => {
@@ -2375,10 +2493,10 @@ app.post("/api/agents/locks/release", async (c) => {
     if (!agentId)
         return c.json({ error: "agentId required" }, 400);
     if (filePath) {
-        const ok = await releaseFileLock(agentId, filePath);
+        const ok = await _agentLocks.releaseFileLock(agentId, filePath);
         return c.json({ released: ok ? 1 : 0 });
     }
-    const count = await releaseLocks(agentId);
+    const count = await _agentLocks.releaseLocks(agentId);
     return c.json({ released: count });
 });
 app.post("/api/agents/locks/force-release", async (c) => {
@@ -2386,7 +2504,7 @@ app.post("/api/agents/locks/force-release", async (c) => {
     const { filePath } = body;
     if (!filePath)
         return c.json({ error: "filePath required" }, 400);
-    const ok = await forceReleaseLock(filePath);
+    const ok = await _agentLocks.forceReleaseLock(filePath);
     return c.json({ released: ok });
 });
 app.post("/api/agents/locks/check", async (c) => {
@@ -2395,11 +2513,11 @@ app.post("/api/agents/locks/check", async (c) => {
     if (!filePaths || !Array.isArray(filePaths)) {
         return c.json({ error: "filePaths[] required" }, 400);
     }
-    const conflicts = await checkLocks(filePaths);
+    const conflicts = await _agentLocks.checkLocks(filePaths);
     return c.json({ locked: conflicts.length > 0, conflicts });
 });
 app.post("/api/agents/locks/prune", async (_c) => {
-    const pruned = await pruneAllStaleLocks();
+    const pruned = await _agentLocks.pruneAllStaleLocks();
     return _c.json({ pruned });
 });
 // --- Self-reported issues (autonomous agent findings) ---
@@ -2410,7 +2528,7 @@ app.get("/api/agents/issues", async (c) => {
 });
 // --- Agent runtime routes ---
 app.get("/api/runtime/status", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ available: false });
     return c.json({
@@ -2420,14 +2538,14 @@ app.get("/api/runtime/status", async (c) => {
     });
 });
 app.get("/api/runtime/instances", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ instances: [] });
     const states = c.req.query("states")?.split(",");
     return c.json({ instances: rt.listInstances(states ? { states } : undefined) });
 });
 app.get("/api/runtime/instances/:id", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     const inst = rt.getInstance(c.req.param("id"));
@@ -2436,7 +2554,7 @@ app.get("/api/runtime/instances/:id", async (c) => {
     return c.json(inst);
 });
 app.post("/api/runtime/spawn", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     const body = await c.req.json();
@@ -2481,7 +2599,7 @@ app.post("/api/runtime/spawn", async (c) => {
     }
 });
 app.post("/api/runtime/instances/:id/pause", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     try {
@@ -2493,7 +2611,7 @@ app.post("/api/runtime/instances/:id/pause", async (c) => {
     }
 });
 app.post("/api/runtime/instances/:id/resume", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     try {
@@ -2505,7 +2623,7 @@ app.post("/api/runtime/instances/:id/resume", async (c) => {
     }
 });
 app.post("/api/runtime/instances/:id/terminate", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     try {
@@ -2517,7 +2635,7 @@ app.post("/api/runtime/instances/:id/terminate", async (c) => {
     }
 });
 app.post("/api/runtime/instances/:id/message", async (c) => {
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (!rt)
         return c.json({ error: "Runtime not initialized" }, 503);
     const body = await c.req.json();
@@ -2666,7 +2784,7 @@ app.post("/api/github/webhooks", async (c) => {
     const rawBody = await c.req.text();
     const secret = process.env.GITHUB_WEBHOOK_SECRET;
     if (secret && signature) {
-        if (!verifyWebhookSignature(rawBody, signature, secret)) {
+        if (!_githubWebhooks.verifyWebhookSignature(rawBody, signature, secret)) {
             return c.json({ error: "Invalid signature" }, 401);
         }
     }
@@ -2677,12 +2795,12 @@ app.post("/api/github/webhooks", async (c) => {
     catch {
         return c.json({ error: "Invalid JSON" }, 400);
     }
-    const result = await processGitHubWebhook(eventType, payload);
+    const result = await _integrationsGithub.processWebhook(eventType, payload);
     return c.json(result);
 });
 // GitHub status
 app.get("/api/github/status", async (c) => {
-    const status = await getGitHubStatus();
+    const status = await _integrationsGithub.getGitHubStatus();
     return c.json(status);
 });
 // GitHub PR review
@@ -2698,8 +2816,8 @@ app.post("/api/github/pr/review", async (c) => {
     if (!prNumber)
         return c.json({ error: "prNumber required" }, 400);
     const result = postComment
-        ? await reviewAndCommentPR(prNumber, repo)
-        : await reviewPullRequest(prNumber, repo);
+        ? await _integrationsGithub.reviewAndCommentPR(prNumber, repo)
+        : await _integrationsGithub.reviewPullRequest(prNumber, repo);
     if (!result)
         return c.json({ error: "Failed to review PR" }, 502);
     return c.json(result);
@@ -2717,8 +2835,8 @@ app.post("/api/github/issues/triage", async (c) => {
     if (!issueNumber)
         return c.json({ error: "issueNumber required" }, 400);
     const result = apply
-        ? await triageAndLabelIssue(issueNumber, repo)
-        : await triageGitHubIssue(issueNumber, repo);
+        ? await _integrationsGithub.triageAndLabelIssue(issueNumber, repo)
+        : await _integrationsGithub.triageGitHubIssue(issueNumber, repo);
     if (!result)
         return c.json({ error: "Failed to triage issue" }, 502);
     return c.json(result);
@@ -2733,7 +2851,7 @@ app.post("/api/github/issues/triage/batch", async (c) => {
         return c.json({ error: "Invalid or expired session" }, 401);
     const body = await c.req.json();
     const { repo, apply } = body;
-    const results = await batchTriageIssues(repo, { apply });
+    const results = await _integrationsGithub.batchTriageIssues(repo, { apply });
     return c.json({ count: results.length, results });
 });
 // GitHub commit analysis
@@ -2747,34 +2865,34 @@ app.post("/api/github/commits/analyze", async (c) => {
     const body = await c.req.json();
     const { sha, repo, count, since } = body;
     if (sha) {
-        const result = await analyzeGitHubCommit(sha, repo);
+        const result = await _integrationsGithub.analyzeGitHubCommit(sha, repo);
         if (!result)
             return c.json({ error: "Failed to analyze commit" }, 502);
         return c.json(result);
     }
-    const results = await analyzeRecentGitHubCommits(repo, { count, since });
+    const results = await _integrationsGithub.analyzeRecentGitHubCommits(repo, { count, since });
     return c.json({ count: results.length, results });
 });
 // GitHub repo health
 app.get("/api/github/health/:owner/:repo", async (c) => {
     const { owner, repo } = c.req.param();
-    const report = await getGitHubRepoHealth(`${owner}/${repo}`);
+    const report = await _integrationsGithub.getGitHubRepoHealth(`${owner}/${repo}`);
     if (!report)
         return c.json({ error: "Failed to generate health report" }, 502);
     return c.json(report);
 });
 app.get("/api/github/health/:owner/:repo/markdown", async (c) => {
     const { owner, repo } = c.req.param();
-    const report = await getGitHubRepoHealth(`${owner}/${repo}`);
+    const report = await _integrationsGithub.getGitHubRepoHealth(`${owner}/${repo}`);
     if (!report)
         return c.json({ error: "Failed to generate health report" }, 502);
-    return c.text(formatHealthReport(report));
+    return c.text(_integrationsGithub.formatHealthReport(report));
 });
 // --- Slack routes ---
 // Slack OAuth: initiate "Add to Slack" flow
 app.get("/api/slack/auth", async (c) => {
     const redirectUri = `http://localhost:${PORT}/api/slack/callback`;
-    const result = getSlackOAuthUrl(redirectUri);
+    const result = _slackClient.getOAuthUrl(redirectUri);
     if (!result.ok) {
         return c.html(`<html><body><h2>Slack not configured</h2><p>${result.message}</p></body></html>`);
     }
@@ -2791,7 +2909,7 @@ app.get("/api/slack/callback", async (c) => {
         return c.html(`<html><body><h2>Missing authorization code</h2></body></html>`);
     }
     const redirectUri = `http://localhost:${PORT}/api/slack/callback`;
-    const result = await exchangeSlackCode(code, redirectUri);
+    const result = await _slackClient.exchangeOAuthCode(code, redirectUri);
     if (!result.ok) {
         return c.html(`<html><body><h2>Token exchange failed</h2><p>${result.message}</p></body></html>`);
     }
@@ -2803,32 +2921,33 @@ app.get("/api/slack/callback", async (c) => {
             vaultKey = restored.sessionKey;
             sessionKeys.set(restored.session.id, restored.sessionKey);
             setEncryptionKey(restored.sessionKey);
-            await loadVault(restored.sessionKey);
+            if (_vaultStore)
+                await _vaultStore.loadVault(restored.sessionKey);
         }
     }
     if (!vaultKey) {
         return c.html(`<html><body><h2>Session not found</h2><p>Log in first, then try connecting Slack again.</p></body></html>`);
     }
-    await setVaultKey("SLACK_BOT_TOKEN", result.botToken, vaultKey, "Slack Bot Token");
+    await _vaultStore.setVaultKey("SLACK_BOT_TOKEN", result.botToken, vaultKey, "Slack Bot Token");
     if (result.teamId) {
-        await setVaultKey("SLACK_TEAM_ID", result.teamId, vaultKey, "Slack Team ID");
+        await _vaultStore.setVaultKey("SLACK_TEAM_ID", result.teamId, vaultKey, "Slack Team ID");
     }
     logActivity({ source: "slack", summary: `Slack OAuth connected — team: ${result.teamName ?? result.teamId}`, actionLabel: "PROMPTED", reason: "user connected Slack OAuth" });
     return c.html(`<html><body><h2>Slack connected!</h2><p>Team: ${result.teamName ?? "connected"}</p><p>This tab will close automatically.</p><script>if(window.opener){window.opener.postMessage("slack-connected","*")}setTimeout(()=>window.close(),1500)</script></body></html>`);
 });
 // Slack status: check connection state
 app.get("/api/slack/status", async (c) => {
-    const client = getSlackClient();
+    const client = (_slackClient?.getClient() ?? null);
     if (!client) {
         return c.json({
-            configured: isSlackConfigured(),
+            configured: (_slackClient?.isSlackConfigured() ?? false),
             authenticated: false,
             message: "SLACK_BOT_TOKEN not set",
         });
     }
     const auth = await client.testAuth();
     return c.json({
-        configured: isSlackConfigured(),
+        configured: (_slackClient?.isSlackConfigured() ?? false),
         authenticated: auth.ok,
         userId: auth.userId,
         teamId: auth.teamId,
@@ -2844,7 +2963,7 @@ app.post("/api/slack/send", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getSlackClient();
+    const client = (_slackClient?.getClient() ?? null);
     if (!client)
         return c.json({ error: "Slack not available" }, 503);
     const body = await c.req.json();
@@ -2867,7 +2986,7 @@ app.post("/api/slack/dm", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getSlackClient();
+    const client = (_slackClient?.getClient() ?? null);
     if (!client)
         return c.json({ error: "Slack not available" }, 503);
     const body = await c.req.json();
@@ -2888,7 +3007,7 @@ app.get("/api/slack/channels", async (c) => {
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
     const types = c.req.query("types") || undefined;
-    const result = await listChannels({ types });
+    const result = await _slackChannels.listChannels({ types });
     if (!result.ok)
         return c.json({ error: result.message }, 502);
     return c.json({ channels: result.channels });
@@ -2901,7 +3020,7 @@ app.get("/api/slack/channels/:id", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const result = await getChannelInfo(c.req.param("id"));
+    const result = await _slackChannels.getChannelInfo(c.req.param("id"));
     if (!result.ok)
         return c.json({ error: result.message }, 502);
     return c.json(result.channel);
@@ -2914,7 +3033,7 @@ app.post("/api/slack/channels/:id/join", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const result = await joinChannel(c.req.param("id"));
+    const result = await _slackChannels.joinChannel(c.req.param("id"));
     if (!result.ok)
         return c.json({ error: result.message }, 502);
     return c.json({ ok: true, message: result.message });
@@ -2928,7 +3047,7 @@ app.get("/api/slack/channels/:id/history", async (c) => {
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
     const limit = c.req.query("limit") ? parseInt(c.req.query("limit"), 10) : undefined;
-    const result = await getChannelHistory(c.req.param("id"), { limit });
+    const result = await _slackChannels.getChannelHistory(c.req.param("id"), { limit });
     if (!result.ok)
         return c.json({ error: result.message }, 502);
     return c.json({ messages: result.messages });
@@ -2941,7 +3060,7 @@ app.get("/api/slack/users/:id", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getSlackClient();
+    const client = (_slackClient?.getClient() ?? null);
     if (!client)
         return c.json({ error: "Slack not available" }, 503);
     const result = await client.getUser(c.req.param("id"));
@@ -2986,14 +3105,14 @@ app.post("/api/resend/check-inbox", async (c) => {
 // --- WhatsApp routes (Twilio-backed) ---
 // WhatsApp status: check if configured
 app.get("/api/whatsapp/status", (c) => {
-    return c.json({ available: isWhatsAppConfigured() });
+    return c.json({ available: (_channelsWhatsapp?.isWhatsAppConfigured() ?? false) });
 });
 // WhatsApp webhook: receive incoming messages from Twilio
 // Uses centralized verification via verifyWebhookRequest from the webhook registry.
 // Custom TwiML response handling prevents use of generic createWebhookRoute.
 app.post("/api/twilio/whatsapp", async (c) => {
     const rawBody = await c.req.text();
-    const params = parseFormBody(rawBody);
+    const params = _webhooksTwilio.parseFormBody(rawBody);
     // Verify via centralized webhook system (handles secret resolution from config)
     const headers = {};
     c.req.raw.headers.forEach((value, key) => {
@@ -3008,24 +3127,24 @@ app.post("/api/twilio/whatsapp", async (c) => {
     }
     const payload = params;
     // Store the inbound message in history + update contacts
-    await processIncomingMessage(payload);
+    await _webhooksTwilio.processIncomingMessage(payload);
     // Extract sender info
     const from = payload.From?.replace(/^whatsapp:/, "") ?? "";
     const body = payload.Body?.trim() ?? "";
     if (!body) {
         c.header("Content-Type", "text/xml");
-        return c.body(emptyTwimlResponse());
+        return c.body(_webhooksTwilio.emptyTwimlResponse());
     }
     // Process through chat pipeline (async — Twilio allows up to 15s for response).
     // The service sends the reply via Twilio API, so we return empty TwiML to avoid
     // duplicate messages. If chat processing fails, we reply inline via TwiML as fallback.
-    const result = await handleWhatsAppMessage(from, body, payload.ProfileName);
+    const result = await _servicesWhatsapp.handleWhatsAppMessage(from, body, payload.ProfileName);
     c.header("Content-Type", "text/xml");
     if (!result.ok && !result.reply) {
         // Chat failed and no reply was sent — respond inline so user isn't left hanging
-        return c.body(replyTwiml("Sorry, I couldn't process that right now. Please try again."));
+        return c.body(_webhooksTwilio.replyTwiml("Sorry, I couldn't process that right now. Please try again."));
     }
-    return c.body(emptyTwimlResponse());
+    return c.body(_webhooksTwilio.emptyTwimlResponse());
 });
 // WhatsApp relay: receive pre-verified messages from the Cloudflare Worker.
 // The Worker has already verified Twilio's signature — this endpoint verifies
@@ -3037,21 +3156,21 @@ app.post("/api/relay/whatsapp", async (c) => {
         headers[key.toLowerCase()] = value;
     });
     const relaySecret = process.env.RELAY_SECRET ?? "";
-    const verification = verifyRelaySignature(rawBody, headers, relaySecret);
+    const verification = _webhooksRelay.verifyRelaySignature(rawBody, headers, relaySecret);
     if (!verification.valid) {
         return c.json({ error: verification.error ?? "Invalid relay signature" }, 401);
     }
-    const params = parseFormBody(rawBody);
+    const params = _webhooksTwilio.parseFormBody(rawBody);
     const payload = params;
     // Store inbound message + update contacts (same as direct webhook path)
-    await processIncomingMessage(payload);
+    await _webhooksTwilio.processIncomingMessage(payload);
     const from = payload.From?.replace(/^whatsapp:/, "") ?? "";
     const body = payload.Body?.trim() ?? "";
     if (!body) {
         return c.json({ ok: true, message: "Empty message, skipped" });
     }
     // Process through chat pipeline — reply sent via Twilio API
-    const result = await handleWhatsAppMessage(from, body, payload.ProfileName);
+    const result = await _servicesWhatsapp.handleWhatsAppMessage(from, body, payload.ProfileName);
     return c.json({ ok: result.ok, reply: result.reply, error: result.error });
 });
 // Resend relay: receive pre-verified inbound emails from the Cloudflare Worker.
@@ -3064,7 +3183,7 @@ app.post("/api/relay/resend", async (c) => {
         headers[key.toLowerCase()] = value;
     });
     const relaySecret = process.env.RELAY_SECRET ?? "";
-    const verification = verifyRelaySignature(rawBody, headers, relaySecret);
+    const verification = _webhooksRelay.verifyRelaySignature(rawBody, headers, relaySecret);
     if (!verification.valid) {
         return c.json({ error: verification.error ?? "Invalid relay signature" }, 401);
     }
@@ -3115,7 +3234,7 @@ app.post("/api/whatsapp/send", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getWhatsAppClient();
+    const client = (_channelsWhatsapp?.getClient() ?? null);
     if (!client)
         return c.json({ error: "WhatsApp not configured. Add TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_PHONE_NUMBER to vault." }, 503);
     const body = await c.req.json();
@@ -3134,7 +3253,7 @@ app.get("/api/whatsapp/contacts", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getWhatsAppClient();
+    const client = (_channelsWhatsapp?.getClient() ?? null);
     if (!client)
         return c.json({ error: "WhatsApp not configured" }, 503);
     const contacts = await client.listContacts();
@@ -3148,7 +3267,7 @@ app.get("/api/whatsapp/history", async (c) => {
     const session = validateSession(sessionId);
     if (!session)
         return c.json({ error: "Invalid or expired session" }, 401);
-    const client = getWhatsAppClient();
+    const client = (_channelsWhatsapp?.getClient() ?? null);
     if (!client)
         return c.json({ error: "WhatsApp not configured" }, 503);
     const phone = c.req.query("phone") || undefined;
@@ -3802,18 +3921,18 @@ app.get("/api/contacts/graph/:id", async (c) => {
 // --- Credentials endpoints ---
 // List credentials (values masked).
 app.get("/api/credentials", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
     const type = (c.req.query("type") || undefined);
     const search = c.req.query("search") || undefined;
     const creds = await store.list({ type, search });
-    const masked = creds.map((cr) => ({ ...cr, value: maskValue(cr.value) }));
+    const masked = creds.map((cr) => ({ ...cr, value: _credentialStore.maskValue(cr.value) }));
     return c.json({ credentials: masked, count: masked.length });
 });
 // Get single credential (full value for reveal/copy).
 app.get("/api/credentials/:id", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
     const cred = await store.get(c.req.param("id"));
@@ -3823,7 +3942,7 @@ app.get("/api/credentials/:id", async (c) => {
 });
 // Create credential.
 app.post("/api/credentials", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
     const body = await c.req.json();
@@ -3839,7 +3958,7 @@ app.post("/api/credentials", async (c) => {
 });
 // Update credential.
 app.patch("/api/credentials/:id", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
     const id = c.req.param("id");
@@ -3855,7 +3974,7 @@ app.patch("/api/credentials/:id", async (c) => {
 });
 // Archive credential (soft-delete).
 app.delete("/api/credentials/:id", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
     const id = c.req.param("id");
@@ -3870,10 +3989,10 @@ app.delete("/api/credentials/:id", async (c) => {
 });
 // Migrate vault keys → credential store.
 app.post("/api/credentials/migrate-vault", async (c) => {
-    const store = getCredentialStore();
+    const store = (_credentialStore ? _credentialStore.getCredentialStore() : null);
     if (!store)
         return c.json({ error: "Credentials not initialized" }, 503);
-    const vaultEntries = getVaultEntries();
+    const vaultEntries = (_vaultStore ? _vaultStore.getVaultEntries() : []);
     if (vaultEntries.length === 0) {
         return c.json({ migrated: 0, message: "No vault keys to migrate" });
     }
@@ -4159,14 +4278,14 @@ app.get("/api/help/context", async (c) => {
         model: resolveChatModel() ?? "auto",
         sidecars: {
             search: isSearchAvailable(),
-            tts: isTtsAvailable(),
-            stt: isSttAvailable(),
-            avatar: isAvatarAvailable(),
+            tts: (_ttsClient?.isTtsAvailable() ?? false),
+            stt: (_sttClient?.isSttAvailable() ?? false),
+            avatar: (_avatarSidecar?.isAvatarAvailable() ?? false),
         },
         integrations: {
-            google: isGoogleAuthenticated(),
-            slack: isSlackConfigured(),
-            whatsapp: isWhatsAppConfigured(),
+            google: (_googleAuth?.isGoogleAuthenticated() ?? false),
+            slack: (_slackClient?.isSlackConfigured() ?? false),
+            whatsapp: (_channelsWhatsapp?.isWhatsAppConfigured() ?? false),
         },
         recentActivity: last20.map((e) => ({
             timestamp: e.timestamp,
@@ -4303,7 +4422,7 @@ app.get("/api/browse", async (c) => {
     catch {
         return c.json({ error: "Invalid URL" }, 400);
     }
-    const result = await browseUrl(url);
+    const result = await _browse.browseUrl(url);
     if (!result) {
         return c.json({ error: "Failed to fetch URL — timeout, non-HTML content, or network error" }, 502);
     }
@@ -4409,9 +4528,9 @@ app.get("/api/ops/health", async (c) => {
         models: settings.models,
         sidecars: {
             search: isSidecarAvailable(),
-            tts: isTtsAvailable(),
-            stt: isSttAvailable(),
-            avatar: isAvatarAvailable(),
+            tts: (_ttsClient?.isTtsAvailable() ?? false),
+            stt: (_sttClient?.isSttAvailable() ?? false),
+            avatar: (_avatarSidecar?.isAvatarAvailable() ?? false),
         },
         agents: {
             total: agents.length,
@@ -4434,20 +4553,20 @@ app.get("/api/ops/sidecars", async (c) => {
             port: parseInt(resolveEnv("SEARCH_PORT") ?? "3578", 10),
         },
         tts: {
-            available: isTtsAvailable(),
+            available: (_ttsClient?.isTtsAvailable() ?? false),
             enabled: settings.tts.enabled,
             port: settings.tts.port,
             voice: settings.tts.voice,
             autoPlay: settings.tts.autoPlay,
         },
         stt: {
-            available: isSttAvailable(),
+            available: (_sttClient?.isSttAvailable() ?? false),
             enabled: settings.stt.enabled,
             port: settings.stt.port,
             model: settings.stt.model,
         },
         avatar: {
-            available: isAvatarAvailable(),
+            available: (_avatarSidecar?.isAvatarAvailable() ?? false),
             enabled: settings.avatar.enabled,
             port: settings.avatar.port,
         },
@@ -4463,16 +4582,16 @@ app.post("/api/ops/sidecars/:name/restart", async (c) => {
             ok = await startSidecar();
             break;
         case "tts":
-            stopTtsSidecar();
-            ok = await startTtsSidecar();
+            _ttsSidecar?.stopTtsSidecar();
+            ok = await _ttsSidecar?.startTtsSidecar() ?? false;
             break;
         case "stt":
-            stopSttSidecar();
-            ok = await startSttSidecar();
+            _sttSidecar?.stopSttSidecar();
+            ok = await _sttSidecar?.startSttSidecar() ?? false;
             break;
         case "avatar":
-            stopAvatarSidecar();
-            ok = await startAvatarSidecar();
+            _avatarSidecar?.stopAvatarSidecar();
+            ok = await _avatarSidecar?.startAvatarSidecar() ?? false;
             break;
         default:
             return c.json({ error: `Unknown sidecar: ${name}` }, 400);
@@ -4775,8 +4894,11 @@ app.post("/api/chat", async (c) => {
         return c.json({ error: "Invalid or expired session" }, 401);
     }
     const cs = await getOrCreateChatSession(sessionId, session.name);
+    // Route to thread history if threadId is provided
+    const requestThreadId = body.threadId;
+    switchSessionThread(cs, requestThreadId || null, sessionId);
     // Reset continuation rounds when user sends a real message
-    resetContinuation(sessionId);
+    _agentAutonomous?.resetContinuation(sessionId);
     // Inject user-chat tension into the nervous system
     getPressureIntegrator()?.addUserChatTension();
     // Start goal timer on first chat call
@@ -4784,25 +4906,40 @@ app.post("/api/chat", async (c) => {
         goalTimerStarted = true;
         startGoalTimer({ brain: cs.brain, humanName: session.name });
         // Start Google polling timers if already authenticated
-        if (isCalendarAvailable()) {
-            startCalendarTimer();
+        if ((_googleCalendar?.isCalendarAvailable() ?? false)) {
+            _googleCalendarTimer?.startCalendarTimer();
         }
-        if (isGmailAvailable()) {
-            startGmailTimer();
+        if ((_googleGmail?.isGmailAvailable() ?? false)) {
+            _googleGmailTimer?.startGmailTimer();
         }
-        if (isTasksAvailable()) {
-            startTasksTimer();
+        if ((_googleTasks?.isTasksAvailable() ?? false)) {
+            _googleTasksTimer?.startTasksTimer();
         }
     }
     // Helper: persist session to disk (fire-and-forget)
     const persistSession = () => {
         const key = sessionKeys.get(sessionId);
         if (key) {
+            // Collect threads for persistence
+            const threads = getThreadsForSession(sessionId);
+            const threadList = [...threads.values()].map((t) => ({
+                id: t.id,
+                title: t.title,
+                // If this thread is active, its live history is in cs.history
+                history: (cs.activeThreadId === t.id) ? cs.history : t.history,
+                historySummary: (cs.activeThreadId === t.id) ? cs.historySummary : t.historySummary,
+                createdAt: t.createdAt,
+                updatedAt: t.updatedAt,
+            }));
+            // Persist main history (from mainHistory if a thread is active, else cs.history)
+            const mainHistory = cs.activeThreadId ? cs.mainHistory : cs.history;
+            const mainSummary = cs.activeThreadId ? cs.mainHistorySummary : cs.historySummary;
             saveSession(sessionId, {
-                history: cs.history,
+                history: mainHistory,
                 fileContext: cs.fileContext,
                 learnedPaths: cs.learnedPaths,
-                historySummary: cs.historySummary,
+                historySummary: mainSummary,
+                threads: threadList.length > 0 ? threadList : undefined,
             }, key).catch(() => { });
         }
         // Auto fold-back: fire once per session when user messages reach threshold
@@ -4841,14 +4978,14 @@ app.post("/api/chat", async (c) => {
     if (callMatch) {
         const to = callMatch[1] || undefined;
         const msg = callMatch[2]?.trim() || undefined;
-        const result = await makeCall({ to, message: msg });
+        const result = await _twilioCall.makeCall({ to, message: msg });
         return c.json({ system: true, content: result.message });
     }
     // --- Handle "email <address> subject: <subject> body: <body>" command ---
     const emailMatch = message.match(/^(?:email|send email|mail)\s+(\S+@\S+)\s+subject:\s*(.+?)\s+body:\s*([\s\S]+)$/i);
     if (emailMatch) {
         const [, to, subject, body] = emailMatch;
-        const result = await sendEmail({ to: to.trim(), subject: subject.trim(), body: body.trim() });
+        const result = await _googleGmailSend.sendEmail({ to: to.trim(), subject: subject.trim(), body: body.trim() });
         logActivity({ source: "gmail", summary: `Email sent to ${to.trim()}: "${subject.trim()}"`, actionLabel: "PROMPTED", reason: "user sent email via chat" });
         return c.json({ system: true, content: result.message });
     }
@@ -4922,7 +5059,7 @@ app.post("/api/chat", async (c) => {
     // --- Handle "auto" / "autonomous" command ---
     const autoMatch = message.match(/^(?:auto|autonomous)\s*$/i);
     if (autoMatch) {
-        const status = getAutonomousStatus();
+        const status = (_agentAutonomous?.getAutonomousStatus() ?? null);
         const lines = [
             `**Autonomous Work Loop**`,
             ``,
@@ -5151,10 +5288,10 @@ app.post("/api/chat", async (c) => {
         });
     }
     // --- URL browse injection ---
-    const detectedUrl = detectUrl(chatMessage);
+    const detectedUrl = _browse?.detectUrl(chatMessage);
     if (detectedUrl) {
         logActivity({ source: "browse", summary: `Auto-browsing URL in message: ${detectedUrl}`, actionLabel: "PROMPTED", reason: "user message contained URL" });
-        const browseResult = await browseUrl(detectedUrl);
+        const browseResult = await _browse.browseUrl(detectedUrl);
         if (browseResult) {
             const browseMsg = {
                 role: "system",
@@ -5175,21 +5312,25 @@ app.post("/api/chat", async (c) => {
         const doc = await findBrainDocument(chatMessage);
         if (doc) {
             brainDocFound = true;
+            const siblingNote = doc.siblings && doc.siblings.length > 0
+                ? `\nAlso in the same directory: ${doc.siblings.join(", ")}\nYou can ask to see any of these files.`
+                : "";
             const docMsg = {
                 role: "system",
                 content: [
                     `--- Brain document: ${doc.filename} ---`,
                     doc.content,
                     `--- End ${doc.filename} ---`,
-                    `This document was found in your brain files. Use it to answer the user's question.`,
+                    `This document was found in your brain files. Use it to answer the user's question.${siblingNote}`,
                 ].join("\n"),
             };
             ctx.messages.splice(1, 0, docMsg);
             logActivity({ source: "system", summary: `Auto-loaded brain document: ${doc.filename}`, actionLabel: "PROMPTED", reason: "user message referenced a brain document" });
         }
     }
-    catch {
+    catch (err) {
         // Non-critical — fall through to web search
+        console.error("[brain-docs] findBrainDocument error:", err instanceof Error ? err.message : String(err));
     }
     // --- Context provider injection (web search, calendar, email) ---
     {
@@ -5544,6 +5685,8 @@ app.post("/api/chat", async (c) => {
             reqSignal?.addEventListener("abort", onAbort, { once: true });
             // Token buffer for split-placeholder rehydration
             let tokenBuf2 = "";
+            const streamStartMs2 = performance.now();
+            const streamModel2 = activeChatModel ?? (activeProvider === "ollama" ? "llama3.2:3b" : "claude-sonnet-4");
             const flushBuf2 = () => {
                 if (!tokenBuf2)
                     return;
@@ -5568,6 +5711,12 @@ app.post("/api/chat", async (c) => {
                 onDone: async () => {
                     flushBuf2(); // flush remainder
                     reqSignal?.removeEventListener("abort", onAbort);
+                    logLlmCall({
+                        ts: new Date().toISOString(), mode: "stream",
+                        provider: activeProvider, model: streamModel2,
+                        durationMs: Math.round(performance.now() - streamStartMs2),
+                        outputTokens: Math.ceil(fullResponse.length / 4), ok: true,
+                    });
                     // Process action blocks BEFORE sending done — ensures SSE events reach client before stream closes.
                     // ALWAYS strip [AGENT_REQUEST] blocks from response, even if they can't be parsed.
                     // Capture raw block content first for logging/parsing.
@@ -5740,20 +5889,20 @@ app.post("/api/chat", async (c) => {
                         }
                     }).catch(() => { });
                     // Fire-and-forget: generate avatar video (TTS → MuseTalk → MP4)
-                    if (isAvatarAvailable() && isTtsAvailable() && fullResponse) {
+                    if ((_avatarSidecar?.isAvatarAvailable() ?? false) && (_ttsClient?.isTtsAvailable() ?? false) && fullResponse) {
                         const trimmedText = fullResponse.slice(0, 2000);
-                        synthesize(trimmedText).then(async (wavBuffer) => {
+                        _ttsClient.synthesize(trimmedText).then(async (wavBuffer) => {
                             if (!wavBuffer)
                                 return;
-                            const cached = await getCachedVideo(wavBuffer);
+                            const cached = await _avatarClient.getCachedVideo(wavBuffer);
                             if (cached) {
                                 pushPendingVideo(cached);
                                 return;
                             }
-                            const mp4 = await generateVideo(wavBuffer);
+                            const mp4 = await _avatarClient.generateVideo(wavBuffer);
                             if (!mp4)
                                 return;
-                            const filename = await cacheVideo(mp4, wavBuffer);
+                            const filename = await _avatarClient.cacheVideo(mp4, wavBuffer);
                             pushPendingVideo(filename);
                             logActivity({ source: "avatar", summary: "Generated avatar video", actionLabel: "PROMPTED", reason: "user conversation triggered avatar" });
                         }).catch((err) => {
@@ -5796,6 +5945,12 @@ app.post("/api/chat", async (c) => {
                     // If this error is from an abort, save partial and exit quietly
                     if (reqSignal?.aborted) {
                         savePartial();
+                        logLlmCall({
+                            ts: new Date().toISOString(), mode: "stream",
+                            provider: activeProvider, model: streamModel2,
+                            durationMs: Math.round(performance.now() - streamStartMs2),
+                            outputTokens: Math.ceil(fullResponse.length / 4), ok: true, error: "client_abort",
+                        });
                     }
                     else {
                         let errorMsg = err instanceof LLMError ? err.userMessage : (err.message || "Stream error");
@@ -5808,6 +5963,12 @@ app.post("/api/chat", async (c) => {
                             if (!health.ok)
                                 errorMsg += " — Check that Ollama is running. " + health.message;
                         }
+                        logLlmCall({
+                            ts: new Date().toISOString(), mode: "stream",
+                            provider: activeProvider, model: streamModel2,
+                            durationMs: Math.round(performance.now() - streamStartMs2),
+                            ok: false, error: errorMsg,
+                        });
                         stream.writeSSE({ data: JSON.stringify({ error: errorMsg, errorDetail: rawDetail }) }).catch(() => { });
                     }
                     resolve(); // Still resolve so stream closes
@@ -5924,12 +6085,111 @@ async function start(opts) {
     const tierGate = await import("./tier/gate.js");
     // Initialize instance name before anything else
     initInstanceName();
-    // Initialize OpenTelemetry tracing (must be early, before instrumented code)
-    initTracing({
-        serviceName: `${getInstanceNameLower()}-brain`,
-        serviceVersion: "0.1.0",
-        consoleExport: process.env.OTEL_CONSOLE_EXPORT !== "false",
-    });
+    // --- Dynamic imports: load gated modules based on tier ---
+    // EXT-BYOK: vault, voice, integrations, notifications, etc.
+    if (tierGate.meetsMinimum(tier, "byok")) {
+        [
+            _browse, _ttsSidecar, _ttsClient, _sttSidecar, _sttClient,
+            _avatarSidecar, _avatarClient, _settingsVoice,
+            _vaultStore, _vaultTransfer, _integrationsGate, _twilioCall,
+            _googleAuth, _googleCalendar, _googleTemporal, _googleCalendarTimer,
+            _googleGmail, _googleGmailTimer, _googleTasksTimer, _googleGmailSend,
+            _googleDocs, _googleTasks,
+            _notifications, _credentialStore, _githubWebhooks, _integrationsGithub,
+            _slackClient, _slackWebhooks, _slackChannels,
+            _channelsWhatsapp, _webhooksTwilio, _resendWebhooks, _servicesWhatsapp,
+            _webhooksMount, _webhooksConfig, _webhooksRegistry, _webhooksRelay,
+            _volumes, _mdns,
+        ] = await Promise.all([
+            import("./search/browse.js"),
+            import("./tts/sidecar.js"),
+            import("./tts/client.js"),
+            import("./stt/sidecar.js"),
+            import("./stt/client.js"),
+            import("./avatar/sidecar.js"),
+            import("./avatar/client.js"),
+            import("./settings.js"),
+            import("./vault/store.js"),
+            import("./vault/transfer.js"),
+            import("./integrations/gate.js"),
+            import("./twilio/call.js"),
+            import("./google/auth.js"),
+            import("./google/calendar.js"),
+            import("./google/temporal.js"),
+            import("./google/calendar-timer.js"),
+            import("./google/gmail.js"),
+            import("./google/gmail-timer.js"),
+            import("./google/tasks-timer.js"),
+            import("./google/gmail-send.js"),
+            import("./google/docs.js"),
+            import("./google/tasks.js"),
+            import("./notifications/index.js"),
+            import("./credentials/store.js"),
+            import("./github/webhooks.js"),
+            import("./integrations/github.js"),
+            import("./slack/client.js"),
+            import("./slack/webhooks.js"),
+            import("./slack/channels.js"),
+            import("./channels/whatsapp.js"),
+            import("./webhooks/twilio.js"),
+            import("./resend/webhooks.js"),
+            import("./services/whatsapp.js"),
+            import("./webhooks/mount.js"),
+            import("./webhooks/config.js"),
+            import("./webhooks/registry.js"),
+            import("./webhooks/relay.js"),
+            import("./volumes/index.js"),
+            import("./mdns.js"),
+        ]);
+        // Initialize alerting (requires notifications module)
+        alertDispatcher = new _notifications.NotificationDispatcher();
+        alertManager = new AlertManager(health, defaultAlertConfig(), alertDispatcher);
+        // Initialize volume manager
+        volumeManager = new _volumes.VolumeManager(BRAIN_DIR);
+        volumeManager.init().catch((err) => log.warn("Volume manager init failed — single-volume mode", { error: String(err) }));
+        // Initialize webhook providers (now that modules are loaded)
+        initWebhookProviders();
+        log.info(`BYOK-tier modules loaded (tier: ${tier})`);
+    }
+    else {
+        // Local tier: alerting with no-op dispatcher
+        alertDispatcher = null;
+        alertManager = new AlertManager(health, defaultAlertConfig(), { dispatch: async () => { } });
+        log.info(`Local-tier — BYOK modules skipped (tier: ${tier})`);
+    }
+    // EXT-SPAWN: agent runtime, instance manager, pool, workflow
+    if (tierGate.canSpawn(tier)) {
+        [_agentMemory, _agentLocks, _agentAutonomous, _agentRuntime, _agentInstanceManager, _agentPoolMod, _agentWorkflow] = await Promise.all([
+            import("./agents/memory.js"),
+            import("./agents/locks.js"),
+            import("./agents/autonomous.js"),
+            import("./agents/runtime/index.js"),
+            import("./agents/instance-manager.js"),
+            import("./agents/runtime.js"),
+            import("./agents/workflow.js"),
+        ]);
+        log.info(`Spawn-tier modules loaded (tier: ${tier})`);
+    }
+    // EXT-HOSTED: tracing, browser
+    if (tierGate.meetsMinimum(tier, "hosted")) {
+        [_tracingTracer, _tracingInit, _tracingMiddleware, _tracingBridge, _browser] = await Promise.all([
+            import("./tracing/tracer.js"),
+            import("./tracing/init.js"),
+            import("./tracing/middleware.js"),
+            import("./tracing/bridge.js"),
+            import("./capabilities/definitions/browser.js"),
+        ]);
+        tracer = new _tracingTracer.Tracer();
+        log.info(`Hosted-tier modules loaded (tier: ${tier})`);
+    }
+    // Initialize OpenTelemetry tracing (must be early, before instrumented code) — hosted tier only
+    if (_tracingInit) {
+        _tracingInit.initTracing({
+            serviceName: `${getInstanceNameLower()}-brain`,
+            serviceVersion: "0.1.0",
+            consoleExport: process.env.OTEL_CONSOLE === "1",
+        });
+    }
     // Load settings (airplane mode, model selection)
     const settings = await loadSettings();
     // Initialize posture system (UI surface assembly)
@@ -5953,13 +6213,18 @@ async function start(opts) {
             if (restored) {
                 sessionKeys.set(restored.session.id, restored.sessionKey);
                 setEncryptionKey(restored.sessionKey);
-                await loadVault(restored.sessionKey);
+                if (_vaultStore)
+                    await _vaultStore.loadVault(restored.sessionKey);
                 log.info("Session restored (no re-auth needed)");
             }
             return code;
         })(),
-        // Start all sidecars in parallel
-        Promise.all([startSidecar(), startTtsSidecar(), startSttSidecar()]),
+        // Start all sidecars in parallel (search always, tts/stt if BYOK)
+        Promise.all([
+            startSidecar(),
+            _ttsSidecar ? _ttsSidecar.startTtsSidecar() : Promise.resolve(false),
+            _sttSidecar ? _sttSidecar.startSttSidecar() : Promise.resolve(false),
+        ]),
     ]);
     const code = pairingCode;
     const [searchAvailable, ttsAvailable, sttAvailable] = sidecarResults;
@@ -5996,15 +6261,29 @@ async function start(opts) {
         log.info(`Loaded ${notifCount} pending notification(s) from disk`);
     // Register sidecar health checks (optional — degraded, not unhealthy)
     health.register("search", availabilityCheck(isSidecarAvailable, "search"), { critical: false });
-    health.register("tts", availabilityCheck(isTtsAvailable, "tts"), { critical: false });
-    health.register("stt", availabilityCheck(isSttAvailable, "stt"), { critical: false });
+    if (_ttsClient)
+        health.register("tts", availabilityCheck(_ttsClient.isTtsAvailable, "tts"), { critical: false });
+    if (_sttClient)
+        health.register("stt", availabilityCheck(_sttClient.isSttAvailable, "stt"), { critical: false });
     // Google Workspace health checks (optional — degraded if not connected)
-    health.register("google_calendar", availabilityCheck(isCalendarAvailable, "Google Calendar"), { critical: false });
+    if (_googleCalendar)
+        health.register("google_calendar", availabilityCheck(_googleCalendar.isCalendarAvailable, "Google Calendar"), { critical: false });
     // Initialize FileManager (file registry + storage for uploads, visual memory, etc.)
     await FileManager.init(BRAIN_DIR, join(BRAIN_DIR, "files", "storage"));
     // Initialize Library store (virtual folders over file registry)
     createLibraryStore(BRAIN_DIR);
     initBrainShadow(BRAIN_DIR);
+    // Initialize Brain RAG (semantic file search)
+    const rag = new BrainRAG();
+    await rag.load();
+    setBrainRAG(rag);
+    stopFileWatcher = watchBrain(rag);
+    // Background index — never block startup
+    rag.indexAll().then((r) => {
+        log.info(`Brain RAG index: ${r.indexed} indexed, ${r.skipped} skipped, ${r.errors} errors`);
+    }).catch((err) => {
+        log.error("Brain RAG indexAll failed", { error: err instanceof Error ? err.message : String(err) });
+    });
     // Register board provider (local queue, always available)
     const queueProvider = new QueueBoardProvider(BRAIN_DIR);
     queueProvider.setOnProjectlessTask((identifier, title) => {
@@ -6014,7 +6293,8 @@ async function start(opts) {
     queueProvider.getStore().setOnStateTransition(async (task, from, to) => {
         if (to === "done" || to === "cancelled") {
             try {
-                await rememberTaskCompletion(task, from);
+                if (_agentMemory)
+                    await _agentMemory.rememberTaskCompletion(task, from);
             }
             catch (err) {
                 log.warn("Failed to record task completion memory", {
@@ -6029,10 +6309,13 @@ async function start(opts) {
     startSchedulingTimer(schedulingStore);
     createContactStore(BRAIN_DIR);
     createCalendarStore(BRAIN_DIR);
-    const credStore = createCredentialStore(BRAIN_DIR);
-    await credStore.hydrate();
+    if (_credentialStore) {
+        const credStore = _credentialStore.createCredentialStore(BRAIN_DIR);
+        await credStore.hydrate();
+    }
     initTraining();
-    initGitHub();
+    if (_integrationsGithub)
+        _integrationsGithub.initGitHub();
     // Start metrics collector (system, HTTP, agent metrics at 30s interval)
     // brainDir enables tiered aggregation (hourly/daily rollups)
     startCollector(metricsStore, undefined, BRAIN_DIR);
@@ -6041,26 +6324,33 @@ async function start(opts) {
     // of skills/module init, so running them concurrently improves startup time (DASH-60).
     // Note: initAgents() only creates directories — recovery runs after the runtime
     // is ready so the monitor can skip runtime-managed tasks (DASH-82 fix).
-    const [, moduleRegistry, , runtime] = await Promise.all([
+    const initPromises = [
         _skillRegistry.refresh(),
         Promise.resolve(createModuleRegistry(BRAIN_DIR)),
         initAgents(),
-        createRuntime(),
-    ]);
+    ];
+    if (_agentRuntime)
+        initPromises.push(_agentRuntime.createRuntime());
+    else
+        initPromises.push(Promise.resolve(null));
+    const [, moduleRegistry, , runtime] = await Promise.all(initPromises);
     const skillRegistry = _skillRegistry;
     // Recover tasks from previous session AFTER runtime is initialized.
     // The monitor checks the runtime registry to skip tasks that RuntimeManager
     // already handles, preventing the double-recovery race (DASH-82).
     await recoverAndStartMonitor();
-    tracer.attachToBus(runtime.bus);
-    attachOTelToBus(runtime.bus);
+    if (tracer && runtime?.bus)
+        tracer.attachToBus(runtime.bus);
+    if (_tracingBridge && runtime?.bus)
+        _tracingBridge.attachOTelToBus(runtime.bus);
     // Initialize capability registry (action blocks + context providers)
     const capRegistry = createCapabilityRegistry();
     capRegistry.register(calendarCapability);
     capRegistry.register(emailCapability);
     capRegistry.register(docsCapability);
     capRegistry.register(boardCapability);
-    capRegistry.register(browserCapability);
+    if (_browser)
+        capRegistry.register(_browser.browserCapability);
     // Meta capabilities
     capRegistry.register(taskDoneCapability);
     // Context providers — replace hardcoded injection logic
@@ -6073,11 +6363,12 @@ async function start(opts) {
     }));
     capRegistry.register(vaultContextProvider);
     // Start autonomous work timer (60-min coma failsafe — primary trigger is now tension-based)
-    startAutonomousTimer();
+    if (_agentAutonomous)
+        _agentAutonomous.startAutonomousTimer();
     // Initialize metabolic pulse (tension-based heartbeat)
     const pulseSettings = getPulseSettings();
-    if (pulseSettings.mode !== "timer") {
-        const pulse = initPressureIntegrator(triggerPulse, { threshold: pulseSettings.threshold });
+    if (pulseSettings.mode !== "timer" && _agentAutonomous) {
+        const pulse = initPressureIntegrator(_agentAutonomous.triggerPulse, { threshold: pulseSettings.threshold });
         log.info(`Metabolic pulse initialized: Θ=${pulseSettings.threshold}mV, mode=${pulseSettings.mode}`);
         // Boot scan: if todos already exist, inject tension so Core starts working immediately
         const todoCount = (await queueProvider.getStore().list()).filter((t) => t.state === "todo").length;
@@ -6111,17 +6402,17 @@ async function start(opts) {
     // Start open loop scanner (ambient resonance matching)
     startOpenLoopScanner();
     // Start Google polling timers at boot if already authenticated (don't wait for first chat)
-    if (isGmailAvailable())
-        startGmailTimer();
-    if (isCalendarAvailable()) {
-        startCalendarTimer();
+    if (_googleGmail?.isGmailAvailable())
+        _googleGmailTimer.startGmailTimer();
+    if (_googleCalendar?.isCalendarAvailable()) {
+        _googleCalendarTimer.startCalendarTimer();
         // Initial sync: pull Google events into local calendar store
         getGoogleCalendarAdapter().sync().catch((err) => {
             log.warn("Initial Google Calendar sync failed", { error: err instanceof Error ? err.message : String(err) });
         });
     }
-    if (isTasksAvailable())
-        startTasksTimer();
+    if (_googleTasks?.isTasksAvailable())
+        _googleTasksTimer.startTasksTimer();
     // Initialize plugin registry (authenticate + start all registered plugins)
     await initPlugins().catch((err) => {
         log.warn("Plugin init failed", { error: err instanceof Error ? err.message : String(err) });
@@ -6130,7 +6421,8 @@ async function start(opts) {
     setOnBatchComplete(async (sessionId, results) => {
         try {
             logActivity({ source: "agent", summary: `Batch complete: session=${sessionId}, ${results.length} result(s)` });
-            await continueAfterBatch(sessionId, results);
+            if (_agentAutonomous)
+                await _agentAutonomous.continueAfterBatch(sessionId, results);
         }
         catch (err) {
             const msg = err instanceof Error ? err.message : String(err);
@@ -6138,15 +6430,15 @@ async function start(opts) {
         }
     });
     // Initialize agent spawning — tier >= spawn only
-    if (tierGate.canSpawn(tier)) {
+    if (tierGate.canSpawn(tier) && _agentInstanceManager && _agentPoolMod && _agentWorkflow && runtime) {
         // Initialize instance manager (GC, health checks, load balancing)
-        instanceManager = new AgentInstanceManager(runtime);
+        instanceManager = new _agentInstanceManager.AgentInstanceManager(runtime);
         await instanceManager.init();
         // Initialize agent pool (circuit breakers, isolation, resource management)
-        agentPool = AgentPool.fromExisting(runtime, instanceManager);
+        agentPool = _agentPoolMod.AgentPool.fromExisting(runtime, instanceManager);
         setAgentPool(agentPool);
         // Initialize workflow engine for multi-agent coordination
-        workflowEngine = new WorkflowEngine(agentPool);
+        workflowEngine = new _agentWorkflow.WorkflowEngine(agentPool);
         await workflowEngine.loadAllDefinitions().catch((err) => {
             log.warn("Failed to load workflow definitions", { error: err instanceof Error ? err.message : String(err) });
         });
@@ -6162,7 +6454,7 @@ async function start(opts) {
     health.register("board", boardCheck(() => getBoardProvider()), { critical: false });
     // Agent runtime capacity: resource utilization
     health.register("agent_capacity", agentCapacityCheck(() => {
-        const rt = getRuntime();
+        const rt = _agentRuntime ? _agentRuntime.getRuntime() : null;
         return rt ? rt.getResourceSnapshot() : null;
     }), { critical: false });
     // Agent instance health: aggregate health scores
@@ -6172,17 +6464,20 @@ async function start(opts) {
     // --- Register auto-recovery actions ---
     // Sidecar recovery: restart if unavailable for 3+ checks
     recovery.register(sidecarRecovery("search", "search", stopSidecar, startSidecar));
-    recovery.register(sidecarRecovery("tts", "tts", stopTtsSidecar, startTtsSidecar));
-    recovery.register(sidecarRecovery("stt", "stt", stopSttSidecar, startSttSidecar));
+    if (_ttsSidecar)
+        recovery.register(sidecarRecovery("tts", "tts", _ttsSidecar.stopTtsSidecar, _ttsSidecar.startTtsSidecar));
+    if (_sttSidecar)
+        recovery.register(sidecarRecovery("stt", "stt", _sttSidecar.stopSttSidecar, _sttSidecar.startSttSidecar));
     // Start recovery loop (evaluates every 30s)
     recovery.start();
     // Start alert evaluation loop (evaluates every 30s)
-    alertManager.start();
+    if (alertManager)
+        alertManager.start();
     // Wire notification channels — tier >= byok only (requires BYOK API keys)
-    if (tierGate.canAlert(tier)) {
+    if (tierGate.canAlert(tier) && _notifications && alertDispatcher) {
         const resendKey = process.env.RESEND_API_KEY;
         if (resendKey) {
-            alertDispatcher.add(new EmailChannel({
+            alertDispatcher.add(new _notifications.EmailChannel({
                 endpoint: "https://api.resend.com/emails",
                 apiKey: resendKey,
                 from: `${getInstanceName()} <${getAlertEmailFrom()}>`,
@@ -6191,7 +6486,7 @@ async function start(opts) {
             log.info("Alert channel: email (Resend)");
         }
         if (process.env.TWILIO_ACCOUNT_SID) {
-            alertDispatcher.add(new PhoneChannel());
+            alertDispatcher.add(new _notifications.PhoneChannel());
             log.info("Alert channel: phone (Twilio voice)");
         }
         alertManager.updateNotifications([
@@ -6202,21 +6497,25 @@ async function start(opts) {
     // Start credit monitoring (checks every 5 min, configurable via CORE_CREDIT_CHECK_INTERVAL_MS)
     startCreditMonitor(health, alertManager);
     // Avatar sidecar launches in background — slow (model loading) but non-blocking
-    const avatarConfig = getAvatarConfig();
+    const avatarConfig = _settingsVoice ? _settingsVoice.getAvatarConfig() : { enabled: false, port: 0, photoPath: "" };
     let avatarAvailable = false;
-    (async () => {
-        avatarAvailable = await startAvatarSidecar();
-        if (avatarAvailable) {
-            const photoPath = join(process.cwd(), avatarConfig.photoPath);
-            const prepared = await preparePhoto(photoPath).catch(() => false);
-            if (!prepared) {
-                log.warn("Photo preparation failed — place a photo at " + avatarConfig.photoPath, { namespace: "avatar" });
-            }
-            else {
-                log.info("Avatar ready — MuseTalk sidecar (port " + avatarConfig.port + ")", { namespace: "avatar" });
+    if (_avatarSidecar && _avatarClient) {
+        const avatarSidecar = _avatarSidecar;
+        const avatarClient = _avatarClient;
+        (async () => {
+            avatarAvailable = await avatarSidecar.startAvatarSidecar();
+            if (avatarAvailable) {
+                const photoPath = join(process.cwd(), avatarConfig.photoPath);
+                const prepared = await avatarClient.preparePhoto(photoPath).catch(() => false);
+                if (!prepared) {
+                    log.warn("Photo preparation failed — place a photo at " + avatarConfig.photoPath, { namespace: "avatar" });
+                }
+                else {
+                    log.info("Avatar ready — MuseTalk sidecar (port " + avatarConfig.port + ")", { namespace: "avatar" });
+                }
             }
-        }
-    })();
+        })();
+    }
     log.info(`${getInstanceName()} — Local Chat starting`);
     // Show LLM provider based on settings
     const provider = resolveProvider();
@@ -6252,8 +6551,8 @@ async function start(opts) {
         log.info("Search: awaiting auth (Perplexity via vault, or: cd sidecar/search && pip install -r requirements.txt)");
     }
     // Show voice status
-    const ttsConfig = getTtsConfig();
-    const sttConfig = getSttConfig();
+    const ttsConfig = _settingsVoice ? _settingsVoice.getTtsConfig() : { enabled: false, port: 0 };
+    const sttConfig = _settingsVoice ? _settingsVoice.getSttConfig() : { enabled: false, port: 0 };
     if (ttsAvailable) {
         log.info(`TTS: Piper sidecar (port ${ttsConfig.port})`);
     }
@@ -6279,16 +6578,16 @@ async function start(opts) {
         log.info("Avatar: disabled");
     }
     // Show runtime status
-    const rt = getRuntime();
+    const rt = (_agentRuntime?.getRuntime() ?? null);
     if (rt) {
         const snap = rt.getResourceSnapshot();
         log.info(`Runtime: active (${snap.activeAgents}/${snap.maxAgents} agents, ${snap.totalMemoryMB}/${snap.maxMemoryMB}MB)`);
     }
     // Show Google integration status
-    if (isGoogleAuthenticated()) {
+    if ((_googleAuth?.isGoogleAuthenticated() ?? false)) {
         log.info("Google: connected (Calendar, Gmail, Drive)");
     }
-    else if (isGoogleConfigured()) {
+    else if ((_googleAuth?.isGoogleConfigured() ?? false)) {
         log.info("Google: configured — visit /api/google/auth to connect");
     }
     else {
@@ -6335,84 +6634,86 @@ async function start(opts) {
         }
     }
     // Register email handler — emails with instance name in subject are processed as chat
-    onDashEmail(async (message) => {
-        const human = await readHuman();
-        const name = human?.name ?? "Human";
-        const emailBody = message.body?.trim();
-        if (!emailBody)
-            return null;
-        // Build a lightweight Brain for email context
-        const ltm = new FileSystemLongTermMemory(MEMORY_DIR);
-        await ltm.init();
-        const emailBrain = new Brain({
-            systemPrompt: [
-                `You are ${getInstanceName()}, a personal AI agent paired with ${name}. You run locally on ${name}'s machine.`,
-                `Today is ${new Date().toLocaleDateString("en-US", { weekday: "long", year: "numeric", month: "long", day: "numeric" })}.`,
-                `You are responding to an email that was sent to you. This is a working email channel — you received this email and your reply will be sent back automatically via Gmail.`,
-                ``,
-                `Your capabilities — USE THEM when the email requests action:`,
-                `- Google Calendar: CREATE, UPDATE, DELETE events using [CALENDAR_ACTION] blocks.`,
-                `- Gmail: SEND emails and REPLY to threads using [EMAIL_ACTION] blocks.`,
-                `- Google Docs & Sheets: CREATE documents using [DOC_ACTION] blocks.`,
-                `- Task board for tracking work.`,
-                `- Long-term memory of past conversations and learned facts.`,
-                ``,
-                ...(getCapabilityRegistry()?.getPromptInstructions({ origin: "email", name }) ?? "").split("\n"),
-                ``,
-                `Rules for email replies:`,
-                `- Write a natural, helpful reply as plain text (no markdown).`,
-                `- Be warm and direct — you have personality, you're not a corporate assistant.`,
-                `- Keep it concise and appropriate for email.`,
-                `- Do not include a subject line. Just write the body of the reply.`,
-                `- NEVER claim you can't do something you clearly just did (you ARE sending this email).`,
-                `- When someone asks you to DO something (schedule, create, send), DO IT with the appropriate action block — don't just acknowledge it.`,
-                `- Action blocks will be stripped from the email reply automatically. The recipient only sees your text.`,
-                `- Sign off as "— ${getInstanceName()}"`,
-            ].join("\n"),
-        }, ltm);
-        const senderName = message.from.split("<")[0].trim() || "someone";
-        const ctx = await emailBrain.getContextForTurn({
-            userInput: emailBody,
-            conversationHistory: [],
-        });
-        // Inject email metadata so the agent knows the context
-        ctx.messages.splice(1, 0, {
-            role: "system",
-            content: [
-                `--- Incoming email ---`,
-                `From: ${message.from}`,
-                `Subject: ${message.subject}`,
-                `Date: ${message.date}`,
-                `--- End email metadata ---`,
-            ].join("\n"),
-        });
-        // Add the email body as the "user" message
-        ctx.messages.push({ role: "user", content: emailBody });
-        const provider = getProvider(resolveProvider());
-        const model = resolveChatModel();
-        let reply = await provider.completeChat(ctx.messages, model ?? undefined);
-        if (!reply?.trim())
-            return null;
-        // Process action blocks from the AI response via capability registry
-        {
-            const capReg = getCapabilityRegistry();
-            if (capReg) {
-                const { cleaned } = await capReg.processResponse(reply, { origin: "email", name });
-                reply = cleaned;
+    if (_googleGmailTimer)
+        _googleGmailTimer.onDashEmail(async (message) => {
+            const human = await readHuman();
+            const name = human?.name ?? "Human";
+            const emailBody = message.body?.trim();
+            if (!emailBody)
+                return null;
+            // Build a lightweight Brain for email context
+            const ltm = new FileSystemLongTermMemory(MEMORY_DIR);
+            await ltm.init();
+            const emailBrain = new Brain({
+                systemPrompt: [
+                    `You are ${getInstanceName()}, a personal AI agent paired with ${name}. You run locally on ${name}'s machine.`,
+                    `Today is ${new Date().toLocaleDateString("en-US", { weekday: "long", year: "numeric", month: "long", day: "numeric" })}.`,
+                    `You are responding to an email that was sent to you. This is a working email channel — you received this email and your reply will be sent back automatically via Gmail.`,
+                    ``,
+                    `Your capabilities — USE THEM when the email requests action:`,
+                    `- Google Calendar: CREATE, UPDATE, DELETE events using [CALENDAR_ACTION] blocks.`,
+                    `- Gmail: SEND emails and REPLY to threads using [EMAIL_ACTION] blocks.`,
+                    `- Google Docs & Sheets: CREATE documents using [DOC_ACTION] blocks.`,
+                    `- Task board for tracking work.`,
+                    `- Long-term memory of past conversations and learned facts.`,
+                    ``,
+                    ...(getCapabilityRegistry()?.getPromptInstructions({ origin: "email", name }) ?? "").split("\n"),
+                    ``,
+                    `Rules for email replies:`,
+                    `- Write a natural, helpful reply as plain text (no markdown).`,
+                    `- Be warm and direct — you have personality, you're not a corporate assistant.`,
+                    `- Keep it concise and appropriate for email.`,
+                    `- Do not include a subject line. Just write the body of the reply.`,
+                    `- NEVER claim you can't do something you clearly just did (you ARE sending this email).`,
+                    `- When someone asks you to DO something (schedule, create, send), DO IT with the appropriate action block — don't just acknowledge it.`,
+                    `- Action blocks will be stripped from the email reply automatically. The recipient only sees your text.`,
+                    `- Sign off as "— ${getInstanceName()}"`,
+                ].join("\n"),
+            }, ltm);
+            const senderName = message.from.split("<")[0].trim() || "someone";
+            const ctx = await emailBrain.getContextForTurn({
+                userInput: emailBody,
+                conversationHistory: [],
+            });
+            // Inject email metadata so the agent knows the context
+            ctx.messages.splice(1, 0, {
+                role: "system",
+                content: [
+                    `--- Incoming email ---`,
+                    `From: ${message.from}`,
+                    `Subject: ${message.subject}`,
+                    `Date: ${message.date}`,
+                    `--- End email metadata ---`,
+                ].join("\n"),
+            });
+            // Add the email body as the "user" message
+            ctx.messages.push({ role: "user", content: emailBody });
+            const provider = getProvider(resolveProvider());
+            const model = resolveChatModel();
+            let reply = await provider.completeChat(ctx.messages, model ?? undefined);
+            if (!reply?.trim())
+                return null;
+            // Process action blocks from the AI response via capability registry
+            {
+                const capReg = getCapabilityRegistry();
+                if (capReg) {
+                    const { cleaned } = await capReg.processResponse(reply, { origin: "email", name });
+                    reply = cleaned;
+                }
             }
-        }
-        // Guard: if stripping action blocks left only a signature,
-        // the reply has no real content — don't send an empty email.
-        const signaturePattern = new RegExp(`[\\s\\n]*[—\\-]+\\s*${getInstanceName()}[\\s.!]*$`, "i");
-        const withoutSignature = reply.replace(signaturePattern, "").trim();
-        if (!withoutSignature) {
-            log.warn("Email reply was empty after stripping action blocks — not sending", { to: message.from, subject: message.subject });
-            return null;
-        }
-        log.info("Email reply generated", { to: message.from, subject: message.subject, replyLength: reply.length });
-        return reply.trim();
-    });
-    log.info(`${getInstanceName()} email handler registered — emails with '${getInstanceName()}' in subject will be auto-replied`);
+            // Guard: if stripping action blocks left only a signature,
+            // the reply has no real content — don't send an empty email.
+            const signaturePattern = new RegExp(`[\\s\\n]*[—\\-]+\\s*${getInstanceName()}[\\s.!]*$`, "i");
+            const withoutSignature = reply.replace(signaturePattern, "").trim();
+            if (!withoutSignature) {
+                log.warn("Email reply was empty after stripping action blocks — not sending", { to: message.from, subject: message.subject });
+                return null;
+            }
+            log.info("Email reply generated", { to: message.from, subject: message.subject, replyLength: reply.length });
+            return reply.trim();
+        });
+    if (_googleGmailTimer)
+        log.info(`${getInstanceName()} email handler registered — emails with '${getInstanceName()}' in subject will be auto-replied`);
     await new Promise((resolve) => {
         function onListening(server) {
             const addr = server.address();
@@ -6440,7 +6741,8 @@ async function start(opts) {
             // Announce on LAN if mesh.lanAnnounce is enabled AND tier >= byok
             if (tierGate.canMesh(tier) && getMeshConfig().lanAnnounce) {
                 try {
-                    startMdns(actualPort);
+                    if (_mdns)
+                        _mdns.startMdns(actualPort);
                 }
                 catch (err) {
                     log.warn("mDNS announcement failed — discovery disabled", {
@@ -6571,46 +6873,86 @@ function parseRoadmapYaml(raw) {
 // then sidecars, timers, and monitors.
 async function gracefulShutdown(signal) {
     // Agent pool handles coordinated shutdown: drain → terminate → cleanup
-    if (workflowEngine) {
-        await workflowEngine.shutdown().catch(() => { });
-        workflowEngine = null;
-    }
-    if (agentPool) {
-        await agentPool.shutdown(signal).catch(() => { });
-        setAgentPool(null);
-        agentPool = null;
-    }
-    else {
-        // Fallback if pool wasn't initialized
-        await instanceManager?.shutdown().catch(() => { });
-        await shutdownRuntime(signal).catch(() => { });
+    try {
+        if (workflowEngine) {
+            await workflowEngine.shutdown().catch(() => { });
+            workflowEngine = null;
+        }
+        if (agentPool) {
+            await agentPool.shutdown(signal).catch(() => { });
+            setAgentPool(null);
+            agentPool = null;
+        }
+        else if (instanceManager || _agentRuntime) {
+            // Fallback if pool wasn't initialized
+            await instanceManager?.shutdown().catch(() => { });
+            if (_agentRuntime)
+                await _agentRuntime.shutdownRuntime(signal).catch(() => { });
+        }
     }
+    catch { }
     recovery.stop();
     stopCollector();
-    stopGmailTimer();
-    stopCalendarTimer();
-    stopTasksTimer();
+    try {
+        _googleGmailTimer?.stopGmailTimer();
+    }
+    catch { }
+    try {
+        _googleCalendarTimer?.stopCalendarTimer();
+    }
+    catch { }
+    try {
+        _googleTasksTimer?.stopTasksTimer();
+    }
+    catch { }
     stopGroomingTimer();
     stopSchedulingTimer();
-    shutdownGitHub();
+    try {
+        _integrationsGithub?.shutdownGitHub();
+    }
+    catch { }
     stopGoalTimer();
-    stopAutonomousTimer();
+    try {
+        _agentAutonomous?.stopAutonomousTimer();
+    }
+    catch { }
     stopBacklogReviewTimer();
     stopBriefingTimer();
     stopInsightsTimer();
     stopOpenLoopScanner();
     stopCreditMonitor();
     stopPushMonitor();
-    stopMdns();
-    stopAvatarSidecar();
-    stopTtsSidecar();
-    stopSttSidecar();
+    try {
+        _mdns?.stopMdns();
+    }
+    catch { }
+    stopFileWatcher();
+    try {
+        _avatarSidecar?.stopAvatarSidecar();
+    }
+    catch { }
+    try {
+        _ttsSidecar?.stopTtsSidecar();
+    }
+    catch { }
+    try {
+        _sttSidecar?.stopSttSidecar();
+    }
+    catch { }
     stopSidecar();
-    await closeBrowser();
+    try {
+        if (_browser)
+            await _browser.closeBrowser();
+    }
+    catch { }
     shutdownAgents();
     await shutdownPlugins().catch(() => { });
     await shutdownLLMCache();
-    await shutdownTracing();
+    try {
+        if (_tracingInit)
+            await _tracingInit.shutdownTracing();
+    }
+    catch { }
     releaseLock();
     process.exit(0);
 }