npm - @stackbilt/aegis-core - Versions diffs - 0.1.0 - Mend

@stackbilt/aegis-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/package.json +96 -0
package/schema.sql +586 -0
package/src/adapters/voice/cloudflare-agent.ts +34 -0
package/src/auth.ts +124 -0
package/src/bluesky.ts +464 -0
package/src/claude-tools/content.ts +188 -0
package/src/claude-tools/email.ts +69 -0
package/src/claude-tools/github.ts +440 -0
package/src/claude-tools/goals.ts +116 -0
package/src/claude-tools/index.ts +353 -0
package/src/claude-tools/web.ts +59 -0
package/src/claude.ts +406 -0
package/src/codebeast.ts +200 -0
package/src/composite.ts +715 -0
package/src/content/column.ts +80 -0
package/src/content/hero-image.ts +47 -0
package/src/content/index.ts +27 -0
package/src/content/journal.ts +91 -0
package/src/content/roundtable.ts +163 -0
package/src/core.ts +309 -0
package/src/dashboard.ts +620 -0
package/src/decision-docs.ts +284 -0
package/src/dispatch.ts +13 -0
package/src/edge-env.ts +58 -0
package/src/email.ts +850 -0
package/src/exports.ts +156 -0
package/src/github-projects.ts +312 -0
package/src/github.ts +670 -0
package/src/groq.ts +247 -0
package/src/health-page.ts +578 -0
package/src/index.ts +89 -0
package/src/kernel/argus-actions.ts +397 -0
package/src/kernel/argus-correlation.ts +639 -0
package/src/kernel/board.ts +91 -0
package/src/kernel/briefing.ts +177 -0
package/src/kernel/classify-memory-topic.ts +166 -0
package/src/kernel/cognition.ts +377 -0
package/src/kernel/court-cards.ts +163 -0
package/src/kernel/dispatch.ts +587 -0
package/src/kernel/domain.ts +50 -0
package/src/kernel/dynamic-tools.ts +322 -0
package/src/kernel/executor-port.ts +45 -0
package/src/kernel/executors/claude.ts +73 -0
package/src/kernel/executors/direct.ts +237 -0
package/src/kernel/executors/groq.ts +18 -0
package/src/kernel/executors/index.ts +87 -0
package/src/kernel/executors/tarotscript.ts +104 -0
package/src/kernel/executors/workers-ai.ts +54 -0
package/src/kernel/insight-cache.ts +76 -0
package/src/kernel/memory/agenda.ts +200 -0
package/src/kernel/memory/blocks.ts +188 -0
package/src/kernel/memory/consolidation.ts +194 -0
package/src/kernel/memory/episodic.ts +241 -0
package/src/kernel/memory/goals.ts +156 -0
package/src/kernel/memory/graph.ts +290 -0
package/src/kernel/memory/index.ts +11 -0
package/src/kernel/memory/insights.ts +316 -0
package/src/kernel/memory/procedural.ts +467 -0
package/src/kernel/memory/pruning.ts +67 -0
package/src/kernel/memory/recall.ts +367 -0
package/src/kernel/memory/semantic.ts +315 -0
package/src/kernel/memory/synthesis.ts +161 -0
package/src/kernel/memory-adapter.ts +369 -0
package/src/kernel/memory-guardrails.ts +76 -0
package/src/kernel/port.ts +23 -0
package/src/kernel/resilience.ts +322 -0
package/src/kernel/router.ts +471 -0
package/src/kernel/scheduled/agent-dispatch.ts +252 -0
package/src/kernel/scheduled/argus-analytics.ts +247 -0
package/src/kernel/scheduled/argus-heartbeat.ts +320 -0
package/src/kernel/scheduled/argus-notify.ts +348 -0
package/src/kernel/scheduled/board-sync.ts +110 -0
package/src/kernel/scheduled/ci-watcher.ts +125 -0
package/src/kernel/scheduled/cognitive-metrics.ts +377 -0
package/src/kernel/scheduled/consolidation.ts +229 -0
package/src/kernel/scheduled/content-drip.ts +47 -0
package/src/kernel/scheduled/content.ts +6 -0
package/src/kernel/scheduled/conversation-facts.ts +204 -0
package/src/kernel/scheduled/cost-report.ts +84 -0
package/src/kernel/scheduled/curiosity.ts +219 -0
package/src/kernel/scheduled/dev-activity.ts +44 -0
package/src/kernel/scheduled/digest.ts +317 -0
package/src/kernel/scheduled/dreaming/agenda-triage.ts +115 -0
package/src/kernel/scheduled/dreaming/facts.ts +239 -0
package/src/kernel/scheduled/dreaming/index.ts +8 -0
package/src/kernel/scheduled/dreaming/llm.ts +33 -0
package/src/kernel/scheduled/dreaming/pattern-synthesis.ts +124 -0
package/src/kernel/scheduled/dreaming/persona.ts +75 -0
package/src/kernel/scheduled/dreaming/symbolic.ts +31 -0
package/src/kernel/scheduled/dreaming/task-proposals.ts +80 -0
package/src/kernel/scheduled/dreaming.ts +66 -0
package/src/kernel/scheduled/entropy.ts +149 -0
package/src/kernel/scheduled/escalation.ts +192 -0
package/src/kernel/scheduled/feed-watcher.ts +206 -0
package/src/kernel/scheduled/goals.ts +214 -0
package/src/kernel/scheduled/governance.ts +41 -0
package/src/kernel/scheduled/heartbeat.ts +220 -0
package/src/kernel/scheduled/inbox-processor.ts +174 -0
package/src/kernel/scheduled/index.ts +245 -0
package/src/kernel/scheduled/issue-proposer.ts +478 -0
package/src/kernel/scheduled/issue-watcher.ts +128 -0
package/src/kernel/scheduled/pr-automerge.ts +213 -0
package/src/kernel/scheduled/product-health.ts +107 -0
package/src/kernel/scheduled/reflection.ts +373 -0
package/src/kernel/scheduled/self-improvement.ts +114 -0
package/src/kernel/scheduled/social-engage.ts +175 -0
package/src/kernel/scheduled/task-audit.ts +60 -0
package/src/kernel/symbolic.ts +156 -0
package/src/kernel/types.ts +145 -0
package/src/landing.ts +1190 -0
package/src/lib/audit-chain/chain.ts +28 -0
package/src/lib/audit-chain/types.ts +12 -0
package/src/lib/observability/errors.ts +55 -0
package/src/markdown.ts +164 -0
package/src/mcp/handlers.ts +647 -0
package/src/mcp/server.ts +184 -0
package/src/mcp/tools.ts +316 -0
package/src/mcp-client.ts +275 -0
package/src/mcp-server.ts +2 -0
package/src/operator/config.example.ts +60 -0
package/src/operator/config.ts +60 -0
package/src/operator/index.ts +46 -0
package/src/operator/persona.example.ts +34 -0
package/src/operator/persona.ts +34 -0
package/src/operator/prompt-builder.ts +190 -0
package/src/operator/types.ts +43 -0
package/src/pulse.ts +1179 -0
package/src/routes/bluesky.ts +116 -0
package/src/routes/cc-tasks.ts +328 -0
package/src/routes/codebeast.ts +1 -0
package/src/routes/content.ts +194 -0
package/src/routes/conversations.ts +25 -0
package/src/routes/dynamic-tools.ts +111 -0
package/src/routes/feedback.ts +192 -0
package/src/routes/health.ts +147 -0
package/src/routes/messages.ts +228 -0
package/src/routes/observability.ts +82 -0
package/src/routes/operator-logs.ts +42 -0
package/src/routes/pages.ts +96 -0
package/src/routes/sessions.ts +54 -0
package/src/sanitize.ts +73 -0
package/src/schema-enums.ts +155 -0
package/src/search.ts +112 -0
package/src/task-intelligence.ts +497 -0
package/src/types.ts +194 -0
package/src/ui.ts +5 -0
package/src/version.ts +3 -0
package/src/workers-ai-chat.ts +333 -0

package/src/kernel/scheduled/argus-heartbeat.ts ADDED Viewed

@@ -0,0 +1,320 @@
+// ARGUS Phase 3: Ambient event heartbeat
+// Sweeps the events table for temporal patterns that point-in-time checks miss.
+// Runs every 3 hours. No LLM calls — pure D1 queries and threshold logic.
+//
+// Patterns detected:
+// 1. CI failure cluster — N+ failures in a rolling window
+// 2. Payment anomaly — charge failures without recent successes
+// 3. Event drought — expected source goes silent for too long
+// 4. Velocity spike — unusual burst of events from a single source
+//
+// Findings route through the same notification infrastructure as Phase 2:
+// critical → immediate email, high/medium → digest_sections.
+import { type EdgeEnv } from '../dispatch.js';
+import { resolveEmailProfile } from '../../email.js';
+import { operatorConfig } from '../../operator/index.js';
+// TODO: Wire correlation analysis into heartbeat pattern detection
+import type { CorrelationResult, IncidentCluster, ArgusDiagnosis } from '../argus-correlation.js';
+// ─── Configuration ───────────────────────────────────────────
+const RUN_CADENCE_HOURS = 3;
+const COOLDOWN_MS = 12 * 60 * 60 * 1000; // 12h cooldown per pattern alert
+// Pattern thresholds
+const CI_FAILURE_WINDOW_HOURS = 6;
+const CI_FAILURE_THRESHOLD = 3;
+const PAYMENT_FAILURE_WINDOW_HOURS = 24;
+const EVENT_DROUGHT_HOURS: Record<string, number> = {
+  github: 72,   // no github events in 3 days = unusual
+  stripe: 168,  // no stripe events in 7 days = check billing
+};
+const VELOCITY_WINDOW_HOURS = 1;
+const VELOCITY_THRESHOLD = 50; // 50+ events in 1 hour from single source
+// ─── Pattern Detectors ──────────────────────────────────────
+interface PatternFinding {
+  pattern: string;     // unique key for cooldown dedup
+  severity: 'critical' | 'high' | 'medium';
+  summary: string;
+  detail: string;
+}
+async function detectCiFailureCluster(db: D1Database): Promise<PatternFinding | null> {
+  const result = await db.prepare(`
+    SELECT COUNT(*) as cnt FROM events
+    WHERE source = 'github'
+      AND event_type = 'check_run.completed'
+      AND ts > datetime('now', '-${CI_FAILURE_WINDOW_HOURS} hours')
+      AND json_extract(payload, '$.check_run.conclusion') = 'failure'
+  `).first<{ cnt: number }>();
+  const count = result?.cnt ?? 0;
+  if (count < CI_FAILURE_THRESHOLD) return null;
+  // Get the repos involved
+  const repos = await db.prepare(`
+    SELECT DISTINCT json_extract(payload, '$.repository.full_name') as repo FROM events
+    WHERE source = 'github'
+      AND event_type = 'check_run.completed'
+      AND ts > datetime('now', '-${CI_FAILURE_WINDOW_HOURS} hours')
+      AND json_extract(payload, '$.check_run.conclusion') = 'failure'
+    LIMIT 5
+  `).all<{ repo: string }>();
+  const repoList = repos.results.map(r => r.repo).filter(Boolean).join(', ');
+  return {
+    pattern: 'ci_failure_cluster',
+    severity: count >= 5 ? 'critical' : 'high',
+    summary: `${count} CI failures in ${CI_FAILURE_WINDOW_HOURS}h`,
+    detail: `${count} check_run failures detected across: ${repoList || 'unknown repos'}. Possible systemic issue — review CI configurations.`,
+  };
+}
+async function detectPaymentAnomaly(db: D1Database): Promise<PatternFinding | null> {
+  const failures = await db.prepare(`
+    SELECT COUNT(*) as cnt FROM events
+    WHERE source = 'stripe'
+      AND event_type IN ('charge.failed', 'invoice.payment_failed', 'payment_intent.payment_failed')
+      AND ts > datetime('now', '-${PAYMENT_FAILURE_WINDOW_HOURS} hours')
+  `).first<{ cnt: number }>();
+  if (!failures?.cnt || failures.cnt === 0) return null;
+  // Check if there were any successes in the same window
+  const successes = await db.prepare(`
+    SELECT COUNT(*) as cnt FROM events
+    WHERE source = 'stripe'
+      AND event_type IN ('charge.succeeded', 'invoice.paid', 'payment_intent.succeeded', 'checkout.session.completed')
+      AND ts > datetime('now', '-${PAYMENT_FAILURE_WINDOW_HOURS} hours')
+  `).first<{ cnt: number }>();
+  // Failures without any successes = likely payment system issue
+  if ((successes?.cnt ?? 0) === 0 && failures.cnt >= 2) {
+    return {
+      pattern: 'payment_anomaly',
+      severity: 'critical',
+      summary: `${failures.cnt} payment failures, 0 successes in ${PAYMENT_FAILURE_WINDOW_HOURS}h`,
+      detail: `All payment attempts are failing with no successful charges. Check Stripe dashboard for account issues, API key validity, or upstream payment processor problems.`,
+    };
+  }
+  // High failure ratio
+  const total = failures.cnt + (successes?.cnt ?? 0);
+  const failRate = failures.cnt / total;
+  if (failRate > 0.5 && failures.cnt >= 3) {
+    return {
+      pattern: 'payment_high_failure_rate',
+      severity: 'high',
+      summary: `${Math.round(failRate * 100)}% payment failure rate (${failures.cnt}/${total})`,
+      detail: `Payment failure rate above 50% in the last ${PAYMENT_FAILURE_WINDOW_HOURS}h. Not a total outage but warrants investigation.`,
+    };
+  }
+  return null;
+}
+async function detectEventDrought(db: D1Database): Promise<PatternFinding[]> {
+  const findings: PatternFinding[] = [];
+  for (const [source, thresholdHours] of Object.entries(EVENT_DROUGHT_HOURS)) {
+    // Only check drought if we've ever received events from this source
+    const hasHistory = await db.prepare(
+      "SELECT id FROM events WHERE source = ? LIMIT 1"
+    ).bind(source).first();
+    if (!hasHistory) continue;
+    const recent = await db.prepare(`
+      SELECT COUNT(*) as cnt FROM events
+      WHERE source = ? AND ts > datetime('now', '-${thresholdHours} hours')
+    `).bind(source).first<{ cnt: number }>();
+    if (recent?.cnt === 0) {
+      findings.push({
+        pattern: `drought_${source}`,
+        severity: 'medium',
+        summary: `No ${source} events in ${thresholdHours}h`,
+        detail: `Expected ${source} webhook events but received none in ${thresholdHours} hours. Check if the webhook is still configured and delivering.`,
+      });
+    }
+  }
+  return findings;
+}
+async function detectVelocitySpike(db: D1Database): Promise<PatternFinding | null> {
+  const result = await db.prepare(`
+    SELECT source, COUNT(*) as cnt FROM events
+    WHERE ts > datetime('now', '-${VELOCITY_WINDOW_HOURS} hours')
+    GROUP BY source
+    HAVING cnt > ${VELOCITY_THRESHOLD}
+    ORDER BY cnt DESC
+    LIMIT 1
+  `).first<{ source: string; cnt: number }>();
+  if (!result) return null;
+  return {
+    pattern: `velocity_spike_${result.source}`,
+    severity: 'high',
+    summary: `${result.cnt} ${result.source} events in ${VELOCITY_WINDOW_HOURS}h`,
+    detail: `Unusual event velocity from ${result.source} — ${result.cnt} events in the last hour. This could indicate a deploy storm, automated bot activity, or webhook replay.`,
+  };
+}
+// ─── Cooldown ────────────────────────────────────────────────
+async function isOnCooldown(db: D1Database, pattern: string): Promise<boolean> {
+  const key = `argus_pattern_${pattern}`;
+  const last = await db.prepare(
+    "SELECT received_at FROM web_events WHERE event_id = ?"
+  ).bind(key).first<{ received_at: string }>();
+  if (!last) return false;
+  return (Date.now() - new Date(last.received_at + 'Z').getTime()) < COOLDOWN_MS;
+}
+async function recordCooldown(db: D1Database, pattern: string): Promise<void> {
+  const key = `argus_pattern_${pattern}`;
+  await db.prepare(
+    "INSERT OR REPLACE INTO web_events (event_id, received_at) VALUES (?, datetime('now'))"
+  ).bind(key).run();
+}
+// ─── Notification ────────────────────────────────────────────
+async function sendPatternAlert(env: EdgeEnv, findings: PatternFinding[]): Promise<void> {
+  if (!env.resendApiKey || !env.notifyEmail) return;
+  const sender = resolveEmailProfile(operatorConfig.integrations.email.defaultProfile, {
+    resendApiKey: env.resendApiKey,
+    resendApiKeyPersonal: env.resendApiKeyPersonal,
+  });
+  const rows = findings.map(f => `
+    <tr>
+      <td style="padding:8px 12px;font-size:11px;color:${f.severity === 'critical' ? '#ef4444' : '#f5a623'};border-bottom:1px solid #1a1a2e;text-transform:uppercase">${f.severity}</td>
+      <td style="padding:8px 12px;font-size:12px;color:#e0e0e0;border-bottom:1px solid #1a1a2e;font-weight:500">${escapeHtml(f.summary)}</td>
+    </tr>
+    <tr>
+      <td colspan="2" style="padding:4px 12px 12px;font-size:11px;color:#888;border-bottom:1px solid #222">${escapeHtml(f.detail)}</td>
+    </tr>`).join('');
+  const html = `<!DOCTYPE html>
+<html><head><meta charset="utf-8"></head>
+<body style="background:#0a0a0f;color:#e0e0e0;font-family:system-ui,sans-serif;margin:0;padding:24px">
+<div style="max-width:640px;margin:0 auto">
+  <div style="background:#1a1a2e;border:1px solid #333;border-left:4px solid #f5a623;border-radius:4px;padding:16px 20px;margin-bottom:20px">
+    <p style="margin:0 0 2px;font-size:11px;color:#888;text-transform:uppercase;letter-spacing:1px">ARGUS Pattern Detection</p>
+    <p style="margin:0;font-size:16px;font-weight:600;color:#f5a623">${findings.length} Pattern${findings.length > 1 ? 's' : ''} Detected</p>
+  </div>
+  <table style="width:100%;border-collapse:collapse;background:#111;border:1px solid #222;border-radius:6px">
+    <tbody>${rows}</tbody>
+  </table>
+  <p style="margin:16px 0 0;font-size:11px;color:#444">aegis · argus heartbeat · ${new Date().toISOString()}</p>
+</div></body></html>`;
+  await fetch('https://api.resend.com/emails', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${sender.apiKey}` },
+    body: JSON.stringify({
+      from: sender.from,
+      to: [env.notifyEmail],
+      subject: `[ARGUS] ${findings[0].summary}`,
+      html,
+    }),
+    signal: AbortSignal.timeout(10_000),
+  });
+}
+// ─── Main ────────────────────────────────────────────────────
+export async function runArgusHeartbeat(env: EdgeEnv): Promise<void> {
+  // Cadence gate: every 3 hours
+  const hour = new Date().getUTCHours();
+  if (hour % RUN_CADENCE_HOURS !== 0) return;
+  // Check if events table has any data yet — skip if empty (no webhooks configured)
+  const hasEvents = await env.db.prepare("SELECT id FROM events LIMIT 1").first();
+  if (!hasEvents) return;
+  // Run all pattern detectors
+  const findings: PatternFinding[] = [];
+  const ciCluster = await detectCiFailureCluster(env.db);
+  if (ciCluster) findings.push(ciCluster);
+  const paymentAnomaly = await detectPaymentAnomaly(env.db);
+  if (paymentAnomaly) findings.push(paymentAnomaly);
+  const droughts = await detectEventDrought(env.db);
+  findings.push(...droughts);
+  const velocitySpike = await detectVelocitySpike(env.db);
+  if (velocitySpike) findings.push(velocitySpike);
+  if (findings.length === 0) return;
+  // Filter by cooldown
+  const actionable: PatternFinding[] = [];
+  for (const f of findings) {
+    if (!(await isOnCooldown(env.db, f.pattern))) {
+      actionable.push(f);
+    }
+  }
+  if (actionable.length === 0) {
+    console.log(`[argus-heartbeat] ${findings.length} pattern(s) detected but all on cooldown`);
+    return;
+  }
+  // Split: critical gets immediate email, rest goes to digest
+  const critical = actionable.filter(f => f.severity === 'critical');
+  const digestable = actionable.filter(f => f.severity !== 'critical');
+  if (critical.length > 0) {
+    try {
+      await sendPatternAlert(env, critical);
+      console.log(`[argus-heartbeat] Sent critical alert for ${critical.length} pattern(s)`);
+    } catch (err) {
+      console.error('[argus-heartbeat] Alert send failed:', err instanceof Error ? err.message : err);
+    }
+  }
+  if (digestable.length > 0) {
+    const payload = JSON.stringify({
+      type: 'argus_patterns',
+      patterns: digestable.map(f => ({
+        pattern: f.pattern,
+        severity: f.severity,
+        summary: f.summary,
+        detail: f.detail,
+      })),
+      timestamp: new Date().toISOString(),
+    });
+    await env.db.prepare(
+      "INSERT INTO digest_sections (section, payload) VALUES ('event_notification', ?)"
+    ).bind(payload).run();
+  }
+  // Record cooldowns for all actioned findings
+  for (const f of actionable) {
+    await recordCooldown(env.db, f.pattern);
+  }
+  console.log(`[argus-heartbeat] ${actionable.length} pattern(s) actioned: ${actionable.map(f => f.pattern).join(', ')}`);
+}
+// ─── Helpers ─────────────────────────────────────────────────
+function escapeHtml(s: string): string {
+  return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}

package/src/kernel/scheduled/argus-notify.ts ADDED Viewed

@@ -0,0 +1,348 @@
+// ARGUS Phase 2: Event notification processor
+// Reads unnotified events from the events table, classifies priority,
+// and routes to immediate email (critical) or daily digest (high/medium).
+// Runs every hour as a scheduled task.
+import { type EdgeEnv } from '../dispatch.js';
+import { resolveEmailProfile } from '../../email.js';
+import { operatorConfig } from '../../operator/index.js';
+// ─── Priority Classification ────────────────────────────────
+type Priority = 'critical' | 'high' | 'medium' | 'low';
+interface ClassifiedEvent {
+  id: string;
+  source: string;
+  event_type: string;
+  payload: Record<string, unknown>;
+  ts: string;
+  priority: Priority;
+  summary: string;
+}
+// Events that warrant immediate email
+const CRITICAL_EVENTS: Record<string, Set<string>> = {
+  stripe: new Set([
+    'charge.failed',
+    'customer.subscription.deleted',
+    'invoice.payment_failed',
+    'payment_intent.payment_failed',
+  ]),
+  github: new Set([
+    'check_run.completed', // only if conclusion=failure, refined below
+  ]),
+};
+// Events worth tracking in digest
+const HIGH_EVENTS: Record<string, Set<string>> = {
+  stripe: new Set([
+    'checkout.session.completed',
+    'customer.subscription.created',
+    'customer.subscription.updated',
+    'invoice.paid',
+    'payment_intent.succeeded',
+  ]),
+  github: new Set([
+    'pull_request.merged',
+    'pull_request.opened',
+    'issues.opened',
+    'release.published',
+  ]),
+};
+// Events to log but not notify
+const MEDIUM_EVENTS: Record<string, Set<string>> = {
+  github: new Set([
+    'pull_request.closed',
+    'issues.closed',
+    'push',
+    'create', // branch/tag creation
+  ]),
+};
+export function classifyEvent(source: string, event_type: string, payload: Record<string, unknown>): { priority: Priority; summary: string } {
+  // GitHub push to auto/* branches with 0 commits = taskrunner branch cleanup noise
+  if (source === 'github' && event_type === 'push') {
+    const ref = (payload.ref as string) ?? '';
+    const commits = payload.commits as unknown[] | undefined;
+    if (ref.startsWith('refs/heads/auto/') && (!commits || commits.length === 0)) {
+      return { priority: 'low', summary: 'Auto-branch push (0 commits, filtered)' };
+    }
+  }
+  // GitHub check_run failures are critical, successes are low
+  if (source === 'github' && event_type === 'check_run.completed') {
+    const conclusion = (payload.check_run as Record<string, unknown>)?.conclusion as string;
+    if (conclusion === 'failure') {
+      const name = (payload.check_run as Record<string, unknown>)?.name ?? 'CI';
+      const repo = (payload.repository as Record<string, unknown>)?.full_name ?? 'unknown';
+      return { priority: 'critical', summary: `CI failure: ${name} in ${repo}` };
+    }
+    return { priority: 'low', summary: 'CI check passed' };
+  }
+  // Critical events
+  if (CRITICAL_EVENTS[source]?.has(event_type)) {
+    return { priority: 'critical', summary: summarizeEvent(source, event_type, payload) };
+  }
+  // High events
+  if (HIGH_EVENTS[source]?.has(event_type)) {
+    return { priority: 'high', summary: summarizeEvent(source, event_type, payload) };
+  }
+  // Medium events
+  if (MEDIUM_EVENTS[source]?.has(event_type)) {
+    return { priority: 'medium', summary: summarizeEvent(source, event_type, payload) };
+  }
+  return { priority: 'low', summary: summarizeEvent(source, event_type, payload) };
+}
+function summarizeEvent(source: string, event_type: string, payload: Record<string, unknown>): string {
+  if (source === 'github') {
+    const repo = (payload.repository as Record<string, unknown>)?.full_name ?? '';
+    const pr = payload.pull_request as Record<string, unknown> | undefined;
+    const issue = payload.issue as Record<string, unknown> | undefined;
+    if (pr) return `${event_type}: ${pr.title} (#${pr.number}) in ${repo}`;
+    if (issue) return `${event_type}: ${issue.title} (#${issue.number}) in ${repo}`;
+    if (event_type === 'push') {
+      const ref = (payload.ref as string)?.replace('refs/heads/', '') ?? '';
+      const commits = (payload.commits as unknown[])?.length ?? 0;
+      return `push: ${commits} commit(s) to ${ref} in ${repo}`;
+    }
+    return `${event_type} in ${repo}`;
+  }
+  if (source === 'stripe') {
+    const obj = payload.data as Record<string, unknown> | undefined;
+    const inner = obj?.object as Record<string, unknown> | undefined;
+    const amount = inner?.amount as number | undefined;
+    const currency = (inner?.currency as string)?.toUpperCase() ?? '';
+    if (amount !== undefined) {
+      return `${event_type}: ${(amount / 100).toFixed(2)} ${currency}`;
+    }
+    return event_type;
+  }
+  return `${source}/${event_type}`;
+}
+// ─── Notification Routing ────────────────────────────────────
+const ALERT_COOLDOWN_MS = 4 * 60 * 60 * 1000; // 4h cooldown per event type
+async function shouldNotify(db: D1Database, source: string, event_type: string): Promise<boolean> {
+  const cooldownKey = `argus_alert_${source}_${event_type}`;
+  const last = await db.prepare(
+    "SELECT received_at FROM web_events WHERE event_id = ?"
+  ).bind(cooldownKey).first<{ received_at: string }>();
+  if (last) {
+    const elapsed = Date.now() - new Date(last.received_at + 'Z').getTime();
+    if (elapsed < ALERT_COOLDOWN_MS) return false;
+  }
+  return true;
+}
+async function recordCooldown(db: D1Database, source: string, event_type: string): Promise<void> {
+  const cooldownKey = `argus_alert_${source}_${event_type}`;
+  await db.prepare(
+    "INSERT OR REPLACE INTO web_events (event_id, received_at) VALUES (?, datetime('now'))"
+  ).bind(cooldownKey).run();
+}
+async function sendCriticalAlert(env: EdgeEnv, events: ClassifiedEvent[]): Promise<void> {
+  if (!env.resendApiKey || !env.notifyEmail) return;
+  const sender = resolveEmailProfile(operatorConfig.integrations.email.defaultProfile, {
+    resendApiKey: env.resendApiKey,
+    resendApiKeyPersonal: env.resendApiKeyPersonal,
+  });
+  const eventRows = events.map(e => `
+    <tr>
+      <td style="padding:6px 12px;font-size:11px;color:#888;border-bottom:1px solid #1a1a2e">${e.source}</td>
+      <td style="padding:6px 12px;font-size:12px;color:#e0e0e0;border-bottom:1px solid #1a1a2e">${escapeHtml(e.event_type)}</td>
+      <td style="padding:6px 12px;font-size:12px;color:#ccc;border-bottom:1px solid #1a1a2e">${escapeHtml(e.summary)}</td>
+      <td style="padding:6px 12px;font-size:11px;color:#666;border-bottom:1px solid #1a1a2e">${e.ts.slice(0, 19)}</td>
+    </tr>`).join('');
+  const html = `<!DOCTYPE html>
+<html><head><meta charset="utf-8"></head>
+<body style="background:#0a0a0f;color:#e0e0e0;font-family:system-ui,sans-serif;margin:0;padding:24px">
+<div style="max-width:640px;margin:0 auto">
+  <div style="background:#1a1a2e;border:1px solid #333;border-left:4px solid #ef4444;border-radius:4px;padding:16px 20px;margin-bottom:20px">
+    <p style="margin:0 0 2px;font-size:11px;color:#888;text-transform:uppercase;letter-spacing:1px">ARGUS Alert</p>
+    <p style="margin:0;font-size:16px;font-weight:600;color:#ef4444">${events.length} Critical Event${events.length > 1 ? 's' : ''}</p>
+  </div>
+  <table style="width:100%;border-collapse:collapse;background:#111;border:1px solid #222;border-radius:6px">
+    <thead><tr>
+      <th style="padding:8px 12px;font-size:10px;color:#666;text-align:left;text-transform:uppercase;border-bottom:1px solid #333">Source</th>
+      <th style="padding:8px 12px;font-size:10px;color:#666;text-align:left;text-transform:uppercase;border-bottom:1px solid #333">Event</th>
+      <th style="padding:8px 12px;font-size:10px;color:#666;text-align:left;text-transform:uppercase;border-bottom:1px solid #333">Summary</th>
+      <th style="padding:8px 12px;font-size:10px;color:#666;text-align:left;text-transform:uppercase;border-bottom:1px solid #333">Time</th>
+    </tr></thead>
+    <tbody>${eventRows}</tbody>
+  </table>
+  <p style="margin:16px 0 0;font-size:11px;color:#444">aegis · argus · ${new Date().toISOString()}</p>
+</div></body></html>`;
+  const subject = events.length === 1
+    ? `[ARGUS] ${events[0].summary}`
+    : `[ARGUS] ${events.length} critical events — ${events[0].summary}`;
+  await fetch('https://api.resend.com/emails', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${sender.apiKey}` },
+    body: JSON.stringify({ from: sender.from, to: [env.notifyEmail], subject, html }),
+    signal: AbortSignal.timeout(10_000),
+  });
+}
+async function queueForDigest(db: D1Database, events: ClassifiedEvent[]): Promise<void> {
+  if (events.length === 0) return;
+  const payload = JSON.stringify({
+    type: 'argus_events',
+    events: events.map(e => ({
+      source: e.source,
+      event_type: e.event_type,
+      summary: e.summary,
+      priority: e.priority,
+      ts: e.ts,
+    })),
+    timestamp: new Date().toISOString(),
+  });
+  await db.prepare(
+    "INSERT INTO digest_sections (section, payload) VALUES ('event_notification', ?)"
+  ).bind(payload).run();
+}
+// ─── Main Processor ──────────────────────────────────────────
+export async function runArgusNotifications(env: EdgeEnv): Promise<void> {
+  // Fetch unprocessed events (batch of 50)
+  const result = await env.db.prepare(
+    "SELECT id, source, event_type, payload, ts FROM events WHERE notified = 0 ORDER BY ts ASC LIMIT 50"
+  ).all<{ id: string; source: string; event_type: string; payload: string; ts: string }>();
+  const rows = result.results;
+  if (rows.length === 0) return;
+  // Classify all events. Stripe test-mode events are dropped pre-classification so
+  // they never land in digest_sections — real MRR is livemode=true only. Rows still
+  // get marked notified=1 below so we don't re-scan them on the next run.
+  const classified: ClassifiedEvent[] = rows.flatMap(row => {
+    let payload: Record<string, unknown> = {};
+    try { payload = JSON.parse(row.payload); } catch { /* use empty */ }
+    if (row.source === 'stripe' && payload.livemode === false) {
+      return [];
+    }
+    const { priority, summary } = classifyEvent(row.source, row.event_type, payload);
+    return [{ id: row.id, source: row.source, event_type: row.event_type, payload, ts: row.ts, priority, summary }];
+  });
+  // Split by priority
+  const critical: ClassifiedEvent[] = [];
+  const digestable: ClassifiedEvent[] = [];
+  for (const event of classified) {
+    if (event.priority === 'critical') {
+      const canNotify = await shouldNotify(env.db, event.source, event.event_type);
+      if (canNotify) critical.push(event);
+    } else if (event.priority === 'high' || event.priority === 'medium') {
+      digestable.push(event);
+    }
+    // low priority: skip notification entirely, just mark as notified
+  }
+  // Send critical alerts immediately
+  if (critical.length > 0) {
+    try {
+      await sendCriticalAlert(env, critical);
+      for (const e of critical) {
+        await recordCooldown(env.db, e.source, e.event_type);
+      }
+      console.log(`[argus] Sent critical alert for ${critical.length} event(s)`);
+    } catch (err) {
+      console.error('[argus] Critical alert send failed:', err instanceof Error ? err.message : err);
+    }
+  }
+  // Queue high/medium for daily digest
+  if (digestable.length > 0) {
+    try {
+      await queueForDigest(env.db, digestable);
+      console.log(`[argus] Queued ${digestable.length} event(s) for daily digest`);
+    } catch (err) {
+      console.error('[argus] Digest queue failed:', err instanceof Error ? err.message : err);
+    }
+  }
+  // Mark all events as notified (including low-priority ones)
+  const ids = rows.map(r => r.id);
+  // D1 doesn't support IN with bind params easily — batch update
+  for (const id of ids) {
+    await env.db.prepare("UPDATE events SET notified = 1 WHERE id = ?").bind(id).run();
+  }
+  const summary = [
+    critical.length > 0 ? `${critical.length} critical` : null,
+    digestable.length > 0 ? `${digestable.length} digest` : null,
+    `${ids.length - critical.length - digestable.length} suppressed`,
+  ].filter(Boolean).join(', ');
+  console.log(`[argus] Processed ${ids.length} events: ${summary}`);
+  // ── Prune old events (daily, piggybacks on hourly run) ──
+  await pruneOldEvents(env.db);
+}
+// ─── Event Pruning ───────────────────────────────────────────
+// Deletes notified events older than 30 days. Runs at most once per 24h.
+const RETENTION_DAYS = 30;
+const PRUNE_COOLDOWN_MS = 24 * 60 * 60 * 1000;
+async function pruneOldEvents(db: D1Database): Promise<void> {
+  const lastPrune = await db.prepare(
+    "SELECT received_at FROM web_events WHERE event_id = 'argus_prune'"
+  ).first<{ received_at: string }>();
+  if (lastPrune) {
+    const elapsed = Date.now() - new Date(lastPrune.received_at + 'Z').getTime();
+    if (elapsed < PRUNE_COOLDOWN_MS) return;
+  }
+  const result = await db.prepare(
+    `DELETE FROM events WHERE notified = 1 AND ts < datetime('now', '-${RETENTION_DAYS} days')`
+  ).run();
+  const pruned = result.meta?.changes ?? 0;
+  if (pruned > 0) {
+    console.log(`[argus] Pruned ${pruned} events older than ${RETENTION_DAYS}d`);
+  }
+  // Also prune consumed digest_sections older than 7 days
+  await db.prepare(
+    "DELETE FROM digest_sections WHERE consumed = 1 AND created_at < datetime('now', '-7 days')"
+  ).run();
+  // Also prune stale ARGUS cooldown entries from web_events (older than 30d)
+  await db.prepare(
+    "DELETE FROM web_events WHERE event_id LIKE 'argus_%' AND received_at < datetime('now', '-30 days')"
+  ).run();
+  await db.prepare(
+    "INSERT OR REPLACE INTO web_events (event_id, received_at) VALUES ('argus_prune', datetime('now'))"
+  ).run();
+}
+// ─── Helpers ─────────────────────────────────────────────────
+function escapeHtml(s: string): string {
+  return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}