@stackbilt/aegis-core 0.1.0

package/src/routes/bluesky.ts

@@ -0,0 +1,116 @@
+// Bluesky API routes — direct AT Protocol operations via stored credentials
+// All endpoints require bearer auth (same as other /api/* routes).
+
+import { Hono } from 'hono';
+import { bodyLimit } from 'hono/body-limit';
+import type { Env } from '../types.js';
+import {
+  postToBluesky,
+  getAuthorFeed,
+  likePost,
+  repostPost,
+  deleteBlueskyPost,
+  getNotifications,
+} from '../bluesky.js';
+
+const BLUESKY_BODY_LIMIT = 100 * 1024;
+
+const bluesky = new Hono<{ Bindings: Env }>();
+
+function getCredentials(env: Env) {
+  const handle = env.BLUESKY_HANDLE;
+  const appPassword = env.BLUESKY_APP_PASSWORD;
+  if (!handle || !appPassword) {
+    throw new Error('BLUESKY_HANDLE and BLUESKY_APP_PASSWORD must be configured');
+  }
+  return { handle, appPassword };
+}
+
+// POST /api/bluesky/post — create a new post
+bluesky.post('/api/bluesky/post', bodyLimit({ maxSize: BLUESKY_BODY_LIMIT }), async (c) => {
+  try {
+    const { handle, appPassword } = getCredentials(c.env);
+    const body = await c.req.json<{
+      text: string;
+      image_url?: string;
+      image_alt?: string;
+      link_url?: string;
+      langs?: string[];
+    }>();
+
+    if (!body.text) return c.json({ error: 'text is required' }, 400);
+
+    const result = await postToBluesky(handle, appPassword, {
+      text: body.text,
+      imageUrl: body.image_url,
+      imageAlt: body.image_alt,
+      langs: body.langs,
+    });
+
+    // Record in content_queue as published (live DB uses `content`/`media_url` columns)
+    const id = crypto.randomUUID();
+    await c.env.DB.prepare(`
+      INSERT INTO content_queue (id, platform, content, media_url, link_url, scheduled_at, status, published_at, post_url)
+      VALUES (?, 'bluesky', ?, ?, ?, datetime('now'), 'published', datetime('now'), ?)
+    `).bind(id, body.text, body.image_url ?? null, body.link_url ?? null, result.url).run();
+
+    return c.json({ uri: result.uri, cid: result.cid, url: result.url, queue_id: id });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error('[bluesky/post]', msg);
+    return c.json({ error: msg }, 500);
+  }
+});
+
+// GET /api/bluesky/feed — get our recent posts
+bluesky.get('/api/bluesky/feed', async (c) => {
+  const handle = c.env.BLUESKY_HANDLE || 'your-handle.bsky.social';
+  const limit = Math.min(Number(c.req.query('limit') ?? 20), 100);
+
+  const posts = await getAuthorFeed(handle, limit);
+  return c.json({ posts, count: posts.length });
+});
+
+// POST /api/bluesky/like — like a post
+bluesky.post('/api/bluesky/like', bodyLimit({ maxSize: BLUESKY_BODY_LIMIT }), async (c) => {
+  const { handle, appPassword } = getCredentials(c.env);
+  const body = await c.req.json<{ uri: string; cid: string }>();
+
+  if (!body.uri || !body.cid) return c.json({ error: 'uri and cid are required' }, 400);
+
+  const result = await likePost(handle, appPassword, body.uri, body.cid);
+  return c.json(result);
+});
+
+// POST /api/bluesky/repost — repost a post
+bluesky.post('/api/bluesky/repost', bodyLimit({ maxSize: BLUESKY_BODY_LIMIT }), async (c) => {
+  const { handle, appPassword } = getCredentials(c.env);
+  const body = await c.req.json<{ uri: string; cid: string }>();
+
+  if (!body.uri || !body.cid) return c.json({ error: 'uri and cid are required' }, 400);
+
+  const result = await repostPost(handle, appPassword, body.uri, body.cid);
+  return c.json(result);
+});
+
+// DELETE /api/bluesky/post — delete a post
+bluesky.delete('/api/bluesky/post', async (c) => {
+  const { handle, appPassword } = getCredentials(c.env);
+  const body = await c.req.json<{ uri: string }>();
+
+  if (!body.uri) return c.json({ error: 'uri is required' }, 400);
+
+  await deleteBlueskyPost(handle, appPassword, body.uri);
+  return c.json({ deleted: true, uri: body.uri });
+});
+
+// GET /api/bluesky/notifications — check notifications
+bluesky.get('/api/bluesky/notifications', async (c) => {
+  const { handle, appPassword } = getCredentials(c.env);
+  const limit = Math.min(Number(c.req.query('limit') ?? 30), 100);
+
+  const notifications = await getNotifications(handle, appPassword, limit);
+  return c.json({ notifications, count: notifications.length });
+});
+
+export { bluesky };

package/src/routes/cc-tasks.ts

@@ -0,0 +1,328 @@
+import { Hono } from 'hono';
+import { bodyLimit } from 'hono/body-limit';
+import type { Env } from '../types.js';
+import { classifyTaskFailure, parseTaskPreflight, scoreTaskUtility } from '../task-intelligence.js';
+import { moveBoardItemLocal, linkTaskToBoard } from '../kernel/board.js';
+import { TASK_AUTHORITIES, TASK_CATEGORIES, validateEnum } from '../schema-enums.js';
+
+const CC_TASKS_BODY_LIMIT = 256 * 1024;
+
+const ccTasks = new Hono<{ Bindings: Env }>();
+
+// Get next pending task (respects dependencies and priority)
+ccTasks.get('/api/cc-tasks/next', async (c) => {
+  const task = await c.env.DB.prepare(`
+    SELECT * FROM cc_tasks
+    WHERE status = 'pending'
+      AND authority != 'proposed'
+      AND (depends_on IS NULL OR depends_on IN (
+        SELECT id FROM cc_tasks WHERE status = 'completed'
+      ))
+      AND (blocked_by IS NULL OR NOT EXISTS (
+        SELECT 1 FROM json_each(blocked_by) AS b
+        WHERE b.value NOT IN (SELECT id FROM cc_tasks WHERE status = 'completed')
+      ))
+      AND repo NOT IN (
+        SELECT DISTINCT repo FROM cc_tasks WHERE status = 'running'
+      )
+    ORDER BY priority ASC, created_at ASC
+    LIMIT 1
+  `).first();
+
+  if (!task) return c.json({ id: null, message: 'Queue empty' });
+  return c.json(task);
+});
+
+// List tasks with optional status + business_unit filter
+ccTasks.get('/api/cc-tasks', async (c) => {
+  const status = c.req.query('status');
+  const businessUnit = c.req.query('business_unit');
+  const limit = Math.min(parseInt(c.req.query('limit') ?? '50', 10), 100);
+
+  const conditions: string[] = [];
+  const bindings: unknown[] = [];
+  if (status) {
+    conditions.push('status = ?');
+    bindings.push(status);
+  }
+  if (businessUnit) {
+    conditions.push('business_unit = ?');
+    bindings.push(businessUnit);
+  }
+  const where = conditions.length ? `WHERE ${conditions.join(' AND ')}` : '';
+  const query = `SELECT * FROM cc_tasks ${where} ORDER BY created_at DESC LIMIT ?`;
+  bindings.push(limit);
+
+  const tasks = await c.env.DB.prepare(query).bind(...bindings).all();
+  return c.json({ count: tasks.results.length, tasks: tasks.results });
+});
+
+// Create a new task
+ccTasks.post('/api/cc-tasks', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const body = await c.req.json<{
+    title: string;
+    repo: string;
+    prompt: string;
+    completion_signal?: string;
+    priority?: number;
+    depends_on?: string;
+    blocked_by?: string[];
+    max_turns?: number;
+    allowed_tools?: string[];
+    created_by?: string;
+    authority?: string;
+    category?: string;
+    github_issue_repo?: string;
+    github_issue_number?: number;
+    business_unit?: string;
+  }>();
+
+  if (!body.title?.trim() || !body.repo?.trim() || !body.prompt?.trim()) {
+    return c.json({ error: 'title, repo, and prompt are required' }, 400);
+  }
+
+  const authority = validateEnum(TASK_AUTHORITIES, body.authority, 'operator');
+  const category = validateEnum(TASK_CATEGORIES, body.category, 'feature');
+  const blockedBy = body.blocked_by?.length ? body.blocked_by : null;
+
+  // Cycle detection: ensure none of the blockers are blocked by this task (direct cycle)
+  if (blockedBy) {
+    const id_placeholder = crypto.randomUUID(); // preview ID for check
+    const cycleCheck = await c.env.DB.prepare(`
+      SELECT id FROM cc_tasks
+      WHERE id IN (${blockedBy.map(() => '?').join(',')})
+        AND (depends_on = ? OR (blocked_by IS NOT NULL AND EXISTS (
+          SELECT 1 FROM json_each(blocked_by) AS b WHERE b.value = ?
+        )))
+    `).bind(...blockedBy, id_placeholder, id_placeholder).first();
+    // Note: full transitive cycle detection deferred — direct cycles caught here
+    void cycleCheck; // blockers can't reference a task that doesn't exist yet, so this is safe for creation
+  }
+
+  const id = crypto.randomUUID();
+  await c.env.DB.prepare(`
+    INSERT INTO cc_tasks (id, title, repo, prompt, completion_signal, priority, depends_on, blocked_by, max_turns, allowed_tools, created_by, authority, category, github_issue_repo, github_issue_number, business_unit)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).bind(
+    id,
+    body.title.trim(),
+    body.repo.trim(),
+    body.prompt.trim(),
+    body.completion_signal ?? null,
+    body.priority ?? 50,
+    body.depends_on ?? null,
+    blockedBy ? JSON.stringify(blockedBy) : null,
+    body.max_turns ?? 25,
+    body.allowed_tools ? JSON.stringify(body.allowed_tools) : null,
+    body.created_by ?? 'operator',
+    authority,
+    category,
+    body.github_issue_repo ?? null,
+    body.github_issue_number ?? null,
+    body.business_unit?.trim() || 'stackbilt',
+  ).run();
+
+  return c.json({ id, status: 'pending', authority, category }, 201);
+});
+
+// Mark task as started
+ccTasks.post('/api/cc-tasks/:id/start', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const taskId = c.req.param('id');
+  const body = await c.req.json<{ session_id?: string; preflight?: Record<string, unknown> }>()
+    .catch(() => ({ session_id: undefined, preflight: undefined }));
+  const preflightJson = body.preflight ? JSON.stringify(body.preflight) : null;
+
+  await c.env.DB.prepare(`
+    UPDATE cc_tasks SET status = 'running', session_id = ?, preflight_json = COALESCE(?, preflight_json), started_at = datetime('now')
+    WHERE id = ? AND status = 'pending'
+  `).bind(body.session_id ?? null, preflightJson, taskId).run();
+
+  // Update board item if linked to a GitHub issue
+  const task = await c.env.DB.prepare(
+    'SELECT github_issue_repo, github_issue_number FROM cc_tasks WHERE id = ?',
+  ).bind(taskId).first<{ github_issue_repo: string | null; github_issue_number: number | null }>();
+  if (task?.github_issue_repo && task.github_issue_number) {
+    await moveBoardItemLocal(c.env.DB, task.github_issue_repo, task.github_issue_number, 'in_progress').catch(() => {});
+  }
+
+  return c.json({ id: taskId, status: 'running' });
+});
+
+// Mark task as completed/failed
+ccTasks.post('/api/cc-tasks/:id/complete', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const taskId = c.req.param('id');
+  const body = await c.req.json<{
+    status: 'completed' | 'failed';
+    result?: string;
+    error?: string;
+    exit_code?: number;
+    pr_url?: string;
+    branch?: string;
+    task_title?: string;
+    repo?: string;
+    category?: string;
+    preflight?: Record<string, unknown>;
+  }>();
+
+  const status = body.status === 'completed' ? 'completed' : 'failed';
+  const preflight = parseTaskPreflight(body.preflight ?? null);
+  const preflightJson = preflight ? JSON.stringify(preflight) : null;
+  const autopsy = status === 'failed'
+    ? classifyTaskFailure({
+      title: body.task_title ?? null,
+      repo: body.repo ?? null,
+      category: body.category ?? null,
+      error: body.error ?? null,
+      result: body.result ?? null,
+      exitCode: body.exit_code ?? null,
+      preflight,
+    })
+    : null;
+
+  // PR utility scoring for completed tasks (#289)
+  let utilityJson: string | null = null;
+  if (status === 'completed') {
+    // Fetch recent autonomous task titles for novelty comparison
+    const recentAuto = await c.env.DB.prepare(`
+      SELECT title FROM cc_tasks
+      WHERE status = 'completed' AND created_by != 'operator'
+        AND completed_at > datetime('now', '-14 days') AND id != ?
+      ORDER BY completed_at DESC LIMIT 20
+    `).bind(taskId).all<{ title: string }>();
+
+    // Fetch task metadata for scoring (created_by, github_issue_number)
+    const taskMeta = await c.env.DB.prepare(
+      'SELECT created_by, github_issue_number, category FROM cc_tasks WHERE id = ?',
+    ).bind(taskId).first<{ created_by: string; github_issue_number: number | null; category: string }>();
+
+    const utility = scoreTaskUtility({
+      title: body.task_title ?? '',
+      category: taskMeta?.category ?? body.category ?? 'feature',
+      result: body.result ?? null,
+      created_by: taskMeta?.created_by ?? 'operator',
+      pr_url: body.pr_url ?? null,
+      github_issue_number: taskMeta?.github_issue_number ?? null,
+      recentAutoTitles: recentAuto.results.map(r => r.title),
+    });
+
+    utilityJson = JSON.stringify(utility);
+    console.log(`[utility] task ${taskId.slice(0, 8)}: impact=${utility.impact} novelty=${utility.novelty} signals=${utility.signals.length}`);
+  }
+
+  await c.env.DB.prepare(`
+    UPDATE cc_tasks
+    SET status = ?, result = ?, error = ?, exit_code = ?, pr_url = ?, branch = ?,
+        preflight_json = COALESCE(?, preflight_json), failure_kind = ?, retryable = ?,
+        autopsy_json = ?, utility_json = ?, completed_at = datetime('now')
+    WHERE id = ?
+  `).bind(
+    status,
+    body.result ?? null,
+    body.error ?? null,
+    body.exit_code ?? null,
+    body.pr_url ?? null,
+    body.branch ?? null,
+    preflightJson,
+    autopsy?.kind ?? null,
+    autopsy?.retryable ? 1 : 0,
+    autopsy ? JSON.stringify(autopsy) : null,
+    utilityJson,
+    taskId,
+  ).run();
+
+  // Update board item if linked to a GitHub issue
+  const completedTask = await c.env.DB.prepare(
+    'SELECT github_issue_repo, github_issue_number, retryable FROM cc_tasks WHERE id = ?',
+  ).bind(taskId).first<{ github_issue_repo: string | null; github_issue_number: number | null; retryable: number | null }>();
+  if (completedTask?.github_issue_repo && completedTask.github_issue_number) {
+    const boardStatus = status === 'completed'
+      ? 'shipped' as const
+      : (completedTask.retryable ? 'queued' as const : 'blocked' as const);
+    await moveBoardItemLocal(c.env.DB, completedTask.github_issue_repo, completedTask.github_issue_number, boardStatus).catch(() => {});
+  }
+
+  // Cascade cancel: when a task fails, cancel all pending tasks that depend on it
+  // Checks both depends_on (single) and blocked_by (DAG array)
+  if (status === 'failed') {
+    const cancelReason = `Dependency ${taskId} failed`;
+
+    // Cancel tasks using depends_on (legacy single-dependency)
+    await c.env.DB.prepare(`
+      UPDATE cc_tasks SET status = 'cancelled', error = ?
+      WHERE depends_on = ? AND status = 'pending'
+    `).bind(cancelReason, taskId).run();
+
+    // Cancel tasks using blocked_by (DAG multi-dependency)
+    await c.env.DB.prepare(`
+      UPDATE cc_tasks SET status = 'cancelled', error = ?
+      WHERE status = 'pending' AND blocked_by IS NOT NULL
+        AND EXISTS (SELECT 1 FROM json_each(blocked_by) AS b WHERE b.value = ?)
+    `).bind(cancelReason, taskId).run();
+
+    // Recurse one level: cancel tasks depending on the just-cancelled ones
+    const nowCancelled = await c.env.DB.prepare(`
+      SELECT id FROM cc_tasks WHERE status = 'cancelled' AND error = ?
+    `).bind(cancelReason).all();
+
+    for (const dep of nowCancelled.results) {
+      const depId = (dep as any).id;
+      const upstreamReason = `Dependency ${depId} failed (upstream: ${taskId})`;
+      await c.env.DB.prepare(`
+        UPDATE cc_tasks SET status = 'cancelled', error = ?
+        WHERE status = 'pending' AND (
+          depends_on = ?
+          OR (blocked_by IS NOT NULL AND EXISTS (
+            SELECT 1 FROM json_each(blocked_by) AS b WHERE b.value = ?
+          ))
+        )
+      `).bind(upstreamReason, depId, depId).run();
+    }
+  }
+
+  return c.json({
+    id: taskId,
+    status,
+    failure_kind: autopsy?.kind ?? null,
+    retryable: autopsy?.retryable ?? false,
+  });
+});
+
+// Cancel a pending or running task
+ccTasks.post('/api/cc-tasks/:id/cancel', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const taskId = c.req.param('id');
+  const result = await c.env.DB.prepare(`
+    UPDATE cc_tasks SET status = 'cancelled', completed_at = datetime('now') WHERE id = ? AND status IN ('pending', 'running')
+  `).bind(taskId).run();
+  if (!result.meta.changes) {
+    return c.json({ error: 'Task not found or not in a cancellable status (pending/running)' }, 404);
+  }
+  return c.json({ id: taskId, status: 'cancelled' });
+});
+
+// Approve a proposed task (makes it eligible for execution)
+ccTasks.post('/api/cc-tasks/:id/approve', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const taskId = c.req.param('id');
+  const result = await c.env.DB.prepare(`
+    UPDATE cc_tasks SET authority = 'operator'
+    WHERE id = ? AND authority = 'proposed' AND status = 'pending'
+  `).bind(taskId).run();
+  if (!result.meta.changes) {
+    return c.json({ error: 'Task not found, not proposed, or not pending' }, 404);
+  }
+  return c.json({ id: taskId, authority: 'operator', status: 'pending' });
+});
+
+// Reject a proposed task
+ccTasks.post('/api/cc-tasks/:id/reject', bodyLimit({ maxSize: CC_TASKS_BODY_LIMIT }), async (c) => {
+  const taskId = c.req.param('id');
+  const result = await c.env.DB.prepare(`
+    UPDATE cc_tasks SET status = 'cancelled'
+    WHERE id = ? AND authority = 'proposed' AND status = 'pending'
+  `).bind(taskId).run();
+  if (!result.meta.changes) {
+    return c.json({ error: 'Task not found, not proposed, or not pending' }, 404);
+  }
+  return c.json({ id: taskId, status: 'cancelled' });
+});
+
+export { ccTasks };

package/src/routes/codebeast.ts

@@ -0,0 +1 @@
+export { codebeast } from '../codebeast.js';

package/src/routes/content.ts

@@ -0,0 +1,194 @@
+// Stub — full implementation not yet extracted to OSS
+
+import { Hono } from 'hono';
+import { bodyLimit } from 'hono/body-limit';
+import type { Env } from '../types.js';
+import { sanitizeForBlog } from '../sanitize.js';
+import { buildEdgeEnv } from '../edge-env.js';
+import { runRoundtableGeneration, runJournalGeneration } from '../content/index.js';
+import { runDreamingCycle } from '../kernel/scheduled/dreaming.js';
+import { operatorConfig } from '../operator/index.js';
+
+const TECH_POSTS_BODY_LIMIT = 256 * 1024;
+const DEFAULT_BODY_LIMIT = 100 * 1024;
+
+const content = new Hono<{ Bindings: Env }>();
+
+const BLOG_BASE_URL = 'https://your-blog.example.com';
+
+// ─── Tech Blog Redirects ────────────────────────────────────
+
+content.get('/tech', (c) => {
+  return c.redirect(BLOG_BASE_URL, 301);
+});
+
+content.get('/tech/feed.xml', (c) => {
+  return c.redirect(`${BLOG_BASE_URL}/feed.xml`, 301);
+});
+
+content.get('/tech/:slug', (c) => {
+  return c.redirect(`${BLOG_BASE_URL}/post/${c.req.param('slug')}`, 301);
+});
+
+// ─── Tech Post CRUD ─────────────────────────────────────────
+
+content.get('/api/tech-posts', async (c) => {
+  const roundtableDb = (c.env as any).ROUNDTABLE_DB;
+  if (!roundtableDb) return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+
+  const status = c.req.query('status');
+  let query: string;
+  const bindings: unknown[] = [];
+
+  if (status) {
+    query = 'SELECT * FROM posts WHERE status = ? ORDER BY created_at DESC';
+    bindings.push(status);
+  } else {
+    query = 'SELECT * FROM posts ORDER BY created_at DESC';
+  }
+
+  const stmt = roundtableDb.prepare(query);
+  const result = bindings.length > 0 ? await stmt.bind(...bindings).all() : await stmt.all();
+
+  return c.json({ posts: result.results });
+});
+
+content.post('/api/tech-posts', bodyLimit({ maxSize: TECH_POSTS_BODY_LIMIT }), async (c) => {
+  const roundtableDb = (c.env as any).ROUNDTABLE_DB;
+  if (!roundtableDb) return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+
+  const body = await c.req.json<{
+    title?: string;
+    slug?: string;
+    body?: string;
+    description?: string;
+    tags?: string[];
+    status?: string;
+    canonical_url?: string;
+  }>();
+
+  if (!body.title?.trim() || !body.slug?.trim() || !body.body?.trim()) {
+    return c.json({ error: 'title, slug, and body are required' }, 400);
+  }
+
+  const id = crypto.randomUUID();
+  const status = body.status === 'published' ? 'published' : 'draft';
+  const publishedAt = status === 'published' ? new Date().toISOString() : null;
+
+  await roundtableDb.prepare(
+    `INSERT INTO posts (id, title, slug, body, description, tags, status, canonical_url, published_at)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`
+  ).bind(
+    id,
+    body.title.trim(),
+    body.slug.trim(),
+    body.body.trim(),
+    body.description ?? '',
+    JSON.stringify(body.tags ?? []),
+    status,
+    body.canonical_url ?? null,
+    publishedAt,
+  ).run();
+
+  return c.json({
+    id,
+    slug: body.slug.trim(),
+    status,
+    url: status === 'published' ? `${BLOG_BASE_URL}/post/${body.slug.trim()}` : null,
+    note: status === 'draft' ? 'No public route exists for draft posts.' : undefined,
+  }, 201);
+});
+
+content.put('/api/tech-posts/:id', async (c) => {
+  const roundtableDb = (c.env as any).ROUNDTABLE_DB;
+  if (!roundtableDb) return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+
+  const postId = c.req.param('id');
+  const existing = await (roundtableDb as D1Database).prepare(
+    'SELECT * FROM posts WHERE id = ?'
+  ).bind(postId).first() as any;
+
+  if (!existing) return c.json({ error: 'Post not found' }, 404);
+
+  const body = await c.req.json<{
+    title?: string;
+    body?: string;
+    description?: string;
+    tags?: string[];
+    status?: string;
+    canonical_url?: string;
+  }>();
+
+  const newStatus = body.status ?? existing.status;
+  let publishedAt = existing.published_at;
+  if (newStatus === 'published' && !existing.published_at) {
+    publishedAt = new Date().toISOString();
+  }
+
+  await roundtableDb.prepare(
+    `UPDATE posts SET title = ?, body = ?, description = ?, tags = ?, status = ?, canonical_url = ?, published_at = ?
+     WHERE id = ?`
+  ).bind(
+    body.title ?? existing.title,
+    body.body ?? existing.body,
+    body.description ?? existing.description,
+    JSON.stringify(body.tags ?? JSON.parse(existing.tags ?? '[]')),
+    newStatus,
+    body.canonical_url ?? existing.canonical_url,
+    publishedAt,
+    postId,
+  ).run();
+
+  return c.json({ ok: true });
+});
+
+// ─── Content Generation Triggers ────────────────────────────
+
+content.post('/api/generate/roundtable', bodyLimit({ maxSize: DEFAULT_BODY_LIMIT }), async (c) => {
+  const edgeEnv = buildEdgeEnv(c.env);
+  if (!edgeEnv.roundtableDb) {
+    return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+  }
+
+  await runRoundtableGeneration(edgeEnv.roundtableDb!, edgeEnv.db, edgeEnv.anthropicApiKey, edgeEnv.claudeModel, edgeEnv.anthropicBaseUrl);
+  return c.json({ ok: true });
+});
+
+content.post('/api/generate/journal', bodyLimit({ maxSize: DEFAULT_BODY_LIMIT }), async (c) => {
+  const edgeEnv = buildEdgeEnv(c.env);
+  if (!edgeEnv.roundtableDb) {
+    return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+  }
+
+  await runJournalGeneration(edgeEnv as any);
+  return c.json({ ok: true });
+});
+
+content.post('/api/trigger/dreaming', bodyLimit({ maxSize: DEFAULT_BODY_LIMIT }), async (c) => {
+  try {
+    // Clear watermark to force re-run
+    await c.env.DB.prepare(
+      "DELETE FROM web_events WHERE event_id = 'last_dreaming_at'"
+    ).run();
+
+    const edgeEnv = buildEdgeEnv(c.env);
+    await runDreamingCycle(edgeEnv as any);
+
+    return c.json({ ok: true });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return c.json({ error: msg }, 500);
+  }
+});
+
+// ─── Sanitize Backfill ──────────────────────────────────────
+
+content.post('/api/sanitize-backfill', bodyLimit({ maxSize: DEFAULT_BODY_LIMIT }), async (c) => {
+  const roundtableDb = (c.env as any).ROUNDTABLE_DB;
+  if (!roundtableDb) return c.json({ error: 'ROUNDTABLE_DB not bound' }, 500);
+
+  // Backfill sanitization for existing content
+  return c.json({ ok: true, sanitized: 0 });
+});
+
+export { content };

package/src/routes/conversations.ts

@@ -0,0 +1,25 @@
+import { Hono } from 'hono';
+import type { Env } from '../types.js';
+
+export const conversations = new Hono<{ Bindings: Env }>();
+
+conversations.get('/api/conversations', async (c) => {
+  const rows = await c.env.DB.prepare(
+    'SELECT id, title, created_at, updated_at FROM conversations ORDER BY updated_at DESC LIMIT 50'
+  ).all();
+  return c.json({ conversations: rows.results });
+});
+
+conversations.get('/api/conversations/:id/messages', async (c) => {
+  const id = c.req.param('id');
+  const rows = await c.env.DB.prepare(
+    'SELECT id, role, content, metadata, created_at FROM messages WHERE conversation_id = ? ORDER BY created_at ASC'
+  ).bind(id).all();
+  return c.json({
+    conversationId: id,
+    messages: rows.results.map((m: any) => ({
+      ...m,
+      metadata: m.metadata ? JSON.parse(m.metadata) : null,
+    })),
+  });
+});