@useorgx/openclaw-plugin 0.4.6 → 0.4.9

package/dist/http/routes/agent-suite.d.ts

@@ -0,0 +1,29 @@
+import type { Router } from "../router.js";
+type JsonRecord = Record<string, unknown>;
+type ReadSkillPackStateFn = typeof import("../../skill-pack-state.js").readSkillPackState;
+type UpdateSkillPackPolicyFn = typeof import("../../skill-pack-state.js").updateSkillPackPolicy;
+type ComputeOrgxAgentSuitePlanFn = typeof import("../../agent-suite.js").computeOrgxAgentSuitePlan;
+type ApplyOrgxAgentSuitePlanFn = typeof import("../../agent-suite.js").applyOrgxAgentSuitePlan;
+type OrgxSkillPackOverrides = import("../../agent-suite.js").OrgxSkillPackOverrides;
+type RegisterAgentSuiteRoutesDeps<TReq, TRes> = {
+    pluginVersion: string | null | undefined;
+    telemetryDistinctId: string;
+    parseJsonRequest: (req: TReq) => Promise<JsonRecord>;
+    resolveSkillPackOverrides: (input: {
+        force?: boolean;
+    }) => Promise<OrgxSkillPackOverrides | null>;
+    readSkillPackState: ReadSkillPackStateFn;
+    computeOrgxAgentSuitePlan: ComputeOrgxAgentSuitePlanFn;
+    applyOrgxAgentSuitePlan: ApplyOrgxAgentSuitePlanFn;
+    generateAgentSuiteOperationId: () => string;
+    updateSkillPackPolicy: UpdateSkillPackPolicyFn;
+    posthogCapture: (input: {
+        event: string;
+        distinctId: string;
+        properties: Record<string, unknown>;
+    }) => Promise<unknown>;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerAgentSuiteRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: RegisterAgentSuiteRoutesDeps<TReq, TRes>): void;
+export {};

package/dist/http/routes/agent-suite.js

@@ -0,0 +1,198 @@
+function getPluginVersion(pluginVersion) {
+    const normalized = (pluginVersion ?? "").trim();
+    return normalized.length > 0 ? normalized : null;
+}
+function toRecord(value) {
+    return value && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : {};
+}
+function readBoolean(payload, ...keys) {
+    for (const key of keys) {
+        const value = payload[key];
+        if (typeof value === "boolean") {
+            return value;
+        }
+    }
+    return false;
+}
+function computeUpdateAvailable(state) {
+    return Boolean(state.remote?.checksum &&
+        state.pack?.checksum &&
+        state.remote.checksum !== state.pack.checksum);
+}
+export function registerAgentSuiteRoutes(router, deps) {
+    async function renderStatus(res) {
+        try {
+            // Resolve skill pack overrides opportunistically; fallback to builtins.
+            let skillPack = null;
+            try {
+                skillPack = await deps.resolveSkillPackOverrides({});
+            }
+            catch {
+                // Ignore resolver errors and use local defaults.
+            }
+            const state = deps.readSkillPackState();
+            const plan = deps.computeOrgxAgentSuitePlan({
+                packVersion: deps.pluginVersion || "0.0.0",
+                skillPack,
+                skillPackRemote: state.remote,
+                skillPackPolicy: state.policy,
+                skillPackUpdateAvailable: computeUpdateAvailable(state),
+            });
+            deps.sendJson(res, 200, {
+                ok: true,
+                data: plan,
+            });
+        }
+        catch (err) {
+            deps.sendJson(res, 500, {
+                ok: false,
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }
+    router.add("GET", "agent-suite/status", async ({ res }) => renderStatus(res), "Agent suite installation status");
+    router.add("HEAD", "agent-suite/status", async ({ res }) => renderStatus(res), "Agent suite installation status (HEAD)");
+    router.add("POST", "agent-suite/install", async ({ req, res }) => {
+        try {
+            const payload = toRecord(await deps.parseJsonRequest(req));
+            const dryRun = readBoolean(payload, "dryRun", "dry_run");
+            const forceSkillPack = readBoolean(payload, "forceSkillPack", "force_skill_pack");
+            const skillPack = await deps.resolveSkillPackOverrides({ force: forceSkillPack });
+            const state = deps.readSkillPackState();
+            const plan = deps.computeOrgxAgentSuitePlan({
+                packVersion: deps.pluginVersion || "0.0.0",
+                skillPack,
+                skillPackRemote: state.remote,
+                skillPackPolicy: state.policy,
+                skillPackUpdateAvailable: computeUpdateAvailable(state),
+            });
+            const result = deps.applyOrgxAgentSuitePlan({ plan, dryRun, skillPack });
+            const counts = {
+                create: 0,
+                update: 0,
+                noop: 0,
+                conflict: 0,
+            };
+            for (const entry of result.plan.workspaceFiles ?? []) {
+                if (entry.action in counts) {
+                    counts[entry.action] += 1;
+                }
+            }
+            void deps
+                .posthogCapture({
+                event: "openclaw_agent_suite_install",
+                distinctId: deps.telemetryDistinctId,
+                properties: {
+                    plugin_version: getPluginVersion(deps.pluginVersion),
+                    dry_run: Boolean(dryRun),
+                    applied: Boolean(result.applied),
+                    openclaw_config_updated: Boolean(result.plan.openclawConfigWouldUpdate),
+                    added_agents_count: result.plan.openclawConfigAddedAgents.length,
+                    files_create: counts.create,
+                    files_update: counts.update,
+                    files_noop: counts.noop,
+                    files_conflict: counts.conflict,
+                    skill_pack_source: result.plan.skillPack?.source ?? null,
+                    skill_pack_checksum: result.plan.skillPack?.checksum ?? null,
+                    skill_pack_version: result.plan.skillPack?.version ?? null,
+                },
+            })
+                .catch(() => {
+                // best effort
+            });
+            deps.sendJson(res, 200, {
+                ok: true,
+                operationId: deps.generateAgentSuiteOperationId(),
+                dryRun,
+                applied: result.applied,
+                data: result.plan,
+            });
+        }
+        catch (err) {
+            void deps
+                .posthogCapture({
+                event: "openclaw_agent_suite_install_failed",
+                distinctId: deps.telemetryDistinctId,
+                properties: {
+                    plugin_version: getPluginVersion(deps.pluginVersion),
+                    error: deps.safeErrorMessage(err),
+                },
+            })
+                .catch(() => {
+                // best effort
+            });
+            deps.sendJson(res, 500, {
+                ok: false,
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }, "Install managed OrgX agent suite");
+    router.add("*", "agent-suite/install", ({ res }) => {
+        deps.sendJson(res, 405, {
+            ok: false,
+            error: "Use POST /orgx/api/agent-suite/install",
+        });
+    }, "Reject unsupported methods for agent-suite/install");
+    router.add("GET", "skill-pack/policy", ({ res }) => {
+        const state = deps.readSkillPackState();
+        deps.sendJson(res, 200, {
+            ok: true,
+            data: {
+                policy: state.policy,
+                pack: state.pack,
+                remote: state.remote,
+                updateAvailable: computeUpdateAvailable(state),
+                lastCheckedAt: state.lastCheckedAt,
+                lastError: state.lastError,
+            },
+        });
+    }, "Read skill-pack policy");
+    router.add("POST", "skill-pack/policy", async ({ req, res }) => {
+        try {
+            const payload = toRecord(await deps.parseJsonRequest(req));
+            const frozenRaw = payload.frozen;
+            const frozen = typeof frozenRaw === "boolean" ? frozenRaw : undefined;
+            const pinToCurrent = readBoolean(payload, "pinToCurrent", "pin_to_current");
+            const clearPin = readBoolean(payload, "clearPin", "clear_pin");
+            const pinnedChecksumRaw = payload.pinnedChecksum;
+            const pinnedChecksum = typeof pinnedChecksumRaw === "string"
+                ? pinnedChecksumRaw
+                : pinnedChecksumRaw === null
+                    ? null
+                    : undefined;
+            const state = deps.updateSkillPackPolicy({
+                frozen,
+                pinToCurrent,
+                clearPin,
+                pinnedChecksum,
+            });
+            void deps
+                .posthogCapture({
+                event: "openclaw_skill_pack_policy_updated",
+                distinctId: deps.telemetryDistinctId,
+                properties: {
+                    plugin_version: getPluginVersion(deps.pluginVersion),
+                    frozen: state.policy.frozen,
+                    pinned_checksum_prefix: state.policy.pinnedChecksum
+                        ? state.policy.pinnedChecksum.slice(0, 12)
+                        : null,
+                },
+            })
+                .catch(() => {
+                // best effort
+            });
+            deps.sendJson(res, 200, { ok: true, data: state.policy });
+        }
+        catch (err) {
+            deps.sendJson(res, 400, { ok: false, error: deps.safeErrorMessage(err) });
+        }
+    }, "Update skill-pack policy");
+    router.add("*", "skill-pack/policy", ({ res }) => {
+        deps.sendJson(res, 405, {
+            ok: false,
+            error: "Use GET/POST /orgx/api/skill-pack/policy",
+        });
+    }, "Reject unsupported methods for skill-pack/policy");
+}

package/dist/http/routes/agents-catalog.d.ts

@@ -0,0 +1,40 @@
+import type { Router } from "../router.js";
+type OpenClawAgentEntry = {
+    id?: string;
+    name?: string;
+    workspace?: string;
+    model?: string;
+    isDefault?: boolean;
+};
+type LocalAgentSnapshot = {
+    id: string;
+    status: string;
+    currentTask: string | null;
+    runId: string | null;
+    startedAt: string | null;
+    blockers: string[];
+};
+type LocalSnapshot = {
+    agents: LocalAgentSnapshot[];
+};
+type AgentRun = {
+    agentId: string;
+    startedAt: string | null;
+    status: string;
+};
+type AgentRunStoreSnapshot = {
+    runs: Record<string, AgentRun & Record<string, unknown>>;
+};
+type AgentContextStoreSnapshot = {
+    agents: Record<string, unknown>;
+};
+type AgentsCatalogDeps<TRes> = {
+    listAgents: () => Promise<OpenClawAgentEntry[]>;
+    loadLocalSnapshot: () => Promise<LocalSnapshot | null>;
+    readAgentContexts: () => AgentContextStoreSnapshot;
+    readAgentRuns: () => AgentRunStoreSnapshot;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerAgentsCatalogRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: AgentsCatalogDeps<TRes>): void;
+export {};

package/dist/http/routes/agents-catalog.js

@@ -0,0 +1,83 @@
+export function registerAgentsCatalogRoutes(router, deps) {
+    async function handle(res) {
+        try {
+            const [openclawAgents, localSnapshot] = await Promise.all([
+                deps.listAgents(),
+                deps.loadLocalSnapshot(),
+            ]);
+            const localById = new Map();
+            if (localSnapshot) {
+                for (const agent of localSnapshot.agents) {
+                    localById.set(agent.id, {
+                        status: agent.status,
+                        currentTask: agent.currentTask,
+                        runId: agent.runId,
+                        startedAt: agent.startedAt,
+                        blockers: agent.blockers,
+                    });
+                }
+            }
+            const contexts = deps.readAgentContexts().agents;
+            const runs = deps.readAgentRuns().runs;
+            const latestRunByAgent = new Map();
+            for (const run of Object.values(runs)) {
+                if (!run || typeof run !== "object")
+                    continue;
+                const agentId = typeof run.agentId === "string" ? run.agentId.trim() : "";
+                if (!agentId)
+                    continue;
+                const existing = latestRunByAgent.get(agentId);
+                const nextTs = Date.parse(run.startedAt ?? "");
+                const existingTs = existing ? Date.parse(existing.startedAt ?? "") : 0;
+                if (!existing) {
+                    latestRunByAgent.set(agentId, run);
+                    continue;
+                }
+                const existingRunning = existing.status === "running";
+                const nextRunning = run.status === "running";
+                if (nextRunning && !existingRunning) {
+                    latestRunByAgent.set(agentId, run);
+                    continue;
+                }
+                if (nextRunning === existingRunning && nextTs > existingTs) {
+                    latestRunByAgent.set(agentId, run);
+                }
+            }
+            const agents = openclawAgents.map((entry) => {
+                const id = typeof entry.id === "string" ? entry.id.trim() : "";
+                const name = typeof entry.name === "string" && entry.name.trim().length > 0
+                    ? entry.name.trim()
+                    : id || "unknown";
+                const local = id ? localById.get(id) ?? null : null;
+                const context = id ? contexts[id] ?? null : null;
+                const runFromSession = id && local?.runId ? runs[local.runId] ?? null : null;
+                const run = runFromSession ?? (id ? latestRunByAgent.get(id) ?? null : null);
+                return {
+                    id,
+                    name,
+                    workspace: typeof entry.workspace === "string" ? entry.workspace : null,
+                    model: typeof entry.model === "string" ? entry.model : null,
+                    isDefault: Boolean(entry.isDefault),
+                    status: local?.status ?? null,
+                    currentTask: local?.currentTask ?? null,
+                    runId: local?.runId ?? null,
+                    startedAt: local?.startedAt ?? null,
+                    blockers: local?.blockers ?? [],
+                    context,
+                    run,
+                };
+            });
+            deps.sendJson(res, 200, {
+                generatedAt: new Date().toISOString(),
+                agents,
+            });
+        }
+        catch (err) {
+            deps.sendJson(res, 500, {
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }
+    router.add("GET", "agents/catalog", async ({ res }) => handle(res), "Agent catalog");
+    router.add("HEAD", "agents/catalog", async ({ res }) => handle(res), "Agent catalog (HEAD)");
+}

package/dist/http/routes/billing.d.ts

@@ -0,0 +1,23 @@
+import type { BillingCheckoutRequest } from "../../types.js";
+import type { Router } from "../router.js";
+type JsonRecord = Record<string, unknown>;
+type BillingClientLike = {
+    getBaseUrl: () => string;
+    getBillingStatus: () => Promise<unknown>;
+    createBillingCheckout: (input: BillingCheckoutRequest) => Promise<{
+        url?: string | null;
+        checkout_url?: string | null;
+    }>;
+    createBillingPortal: () => Promise<{
+        url?: string | null;
+    }>;
+};
+type RegisterBillingRoutesDeps<TReq, TRes> = {
+    client: BillingClientLike;
+    parseJsonRequest: (req: TReq) => Promise<JsonRecord>;
+    pickString: (input: JsonRecord, keys: string[]) => string | null;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerBillingRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: RegisterBillingRoutesDeps<TReq, TRes>): void;
+export {};

package/dist/http/routes/billing.js

@@ -0,0 +1,55 @@
+export function registerBillingRoutes(router, deps) {
+    router.add("GET", "billing/status", async ({ res }) => {
+        try {
+            const status = await deps.client.getBillingStatus();
+            deps.sendJson(res, 200, { ok: true, data: status });
+        }
+        catch (err) {
+            deps.sendJson(res, 200, { ok: false, error: deps.safeErrorMessage(err) });
+        }
+    }, "Get billing plan/status");
+    router.add("POST", "billing/checkout", async ({ req, res }) => {
+        const basePricingUrl = `${deps.client.getBaseUrl().replace(/\/+$/, "")}/pricing`;
+        try {
+            const payload = await deps.parseJsonRequest(req);
+            const planIdRaw = (deps.pickString(payload, ["planId", "plan_id", "plan"]) ?? "starter")
+                .trim()
+                .toLowerCase();
+            const billingCycleRaw = (deps.pickString(payload, ["billingCycle", "billing_cycle"]) ?? "monthly")
+                .trim()
+                .toLowerCase();
+            const planId = planIdRaw === "team" || planIdRaw === "enterprise" ? planIdRaw : "starter";
+            const billingCycle = billingCycleRaw === "annual" ? "annual" : "monthly";
+            const result = await deps.client.createBillingCheckout({
+                planId,
+                billingCycle,
+            });
+            const url = result?.url ?? result?.checkout_url ?? null;
+            deps.sendJson(res, 200, { ok: true, data: { url: url ?? basePricingUrl } });
+        }
+        catch {
+            // If remote billing endpoints are unavailable, degrade gracefully.
+            deps.sendJson(res, 200, { ok: true, data: { url: basePricingUrl } });
+        }
+    }, "Create billing checkout session");
+    router.add("POST", "billing/portal", async ({ res }) => {
+        const basePricingUrl = `${deps.client.getBaseUrl().replace(/\/+$/, "")}/pricing`;
+        try {
+            const result = await deps.client.createBillingPortal();
+            const url = result?.url ?? null;
+            deps.sendJson(res, 200, { ok: true, data: { url: url ?? basePricingUrl } });
+        }
+        catch {
+            deps.sendJson(res, 200, { ok: true, data: { url: basePricingUrl } });
+        }
+    }, "Create billing portal session");
+    router.add("*", "billing/status", ({ res }) => {
+        deps.sendJson(res, 405, { ok: false, error: "Method not allowed" });
+    }, "Reject unsupported methods for billing/status");
+    router.add("*", "billing/checkout", ({ res }) => {
+        deps.sendJson(res, 405, { ok: false, error: "Method not allowed" });
+    }, "Reject unsupported methods for billing/checkout");
+    router.add("*", "billing/portal", ({ res }) => {
+        deps.sendJson(res, 405, { ok: false, error: "Method not allowed" });
+    }, "Reject unsupported methods for billing/portal");
+}

package/dist/http/routes/debug.d.ts

@@ -0,0 +1,14 @@
+import type { Router } from "../router.js";
+type CodexBinInfo = {
+    bin: string | null;
+    version: unknown;
+    versionString: string | null;
+};
+type DebugRoutesDeps<TRes> = {
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+    resolveCodexBinInfo: () => CodexBinInfo;
+    getCachedCodexProbeSummary: () => unknown;
+};
+export declare function registerDebugRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: DebugRoutesDeps<TRes>): void;
+export {};

package/dist/http/routes/debug.js

@@ -0,0 +1,21 @@
+export function registerDebugRoutes(router, deps) {
+    router.add("GET", "debug/codex-bin", ({ res }) => {
+        try {
+            const codex = deps.resolveCodexBinInfo();
+            deps.sendJson(res, 200, {
+                ok: true,
+                spawnGuardBypassEnv: Boolean((process.env.ORGX_SPAWN_GUARD_BYPASS ?? "").trim() ||
+                    ["off", "bypass"].includes((process.env.ORGX_SPAWN_GUARD_MODE ?? "").trim().toLowerCase())),
+                codex: {
+                    bin: codex.bin,
+                    version: codex.version,
+                    versionString: codex.versionString,
+                },
+                probe: deps.getCachedCodexProbeSummary(),
+            });
+        }
+        catch (err) {
+            deps.sendJson(res, 500, { ok: false, error: deps.safeErrorMessage(err) });
+        }
+    }, "Debug codex binary/probe status");
+}

package/dist/http/routes/decision-actions.d.ts

@@ -0,0 +1,13 @@
+import type { Router } from "../router.js";
+type JsonRecord = Record<string, unknown>;
+type DecisionAction = "approve" | "reject";
+type RegisterDecisionActionsRoutesDeps<TReq, TRes> = {
+    parseJsonRequest: (req: TReq) => Promise<JsonRecord>;
+    bulkDecideDecisions: (ids: string[], action: DecisionAction, note?: string) => Promise<Array<{
+        ok?: boolean;
+    }>>;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerDecisionActionsRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: RegisterDecisionActionsRoutesDeps<TReq, TRes>): void;
+export {};

package/dist/http/routes/decision-actions.js

@@ -0,0 +1,66 @@
+function extractIdsFromPayload(payload) {
+    const raw = payload.ids;
+    if (!Array.isArray(raw))
+        return [];
+    return raw
+        .filter((id) => typeof id === "string")
+        .map((id) => id.trim())
+        .filter(Boolean);
+}
+async function handleApproveRequest(req, res, deps, routeIds) {
+    const payload = await deps.parseJsonRequest(req);
+    const action = payload.action === "reject" ? "reject" : "approve";
+    const note = typeof payload.note === "string" && payload.note.trim().length > 0
+        ? payload.note.trim()
+        : undefined;
+    const ids = routeIds ?? extractIdsFromPayload(payload);
+    if (ids.length === 0) {
+        deps.sendJson(res, 400, {
+            error: "Decision IDs are required.",
+            expected: {
+                route: "/orgx/api/live/decisions/approve",
+                body: { ids: ["decision-id"], action: "approve|reject" },
+            },
+        });
+        return;
+    }
+    const results = await deps.bulkDecideDecisions(ids, action, note);
+    const updated = results.filter((result) => result.ok === true).length;
+    const failed = results.length - updated;
+    deps.sendJson(res, failed > 0 ? 207 : 200, {
+        action,
+        requested: ids.length,
+        updated,
+        failed,
+        results,
+    });
+}
+export function registerDecisionActionsRoutes(router, deps) {
+    router.add("POST", "live/decisions/approve", async ({ req, res }) => {
+        try {
+            await handleApproveRequest(req, res, deps, null);
+        }
+        catch (err) {
+            deps.sendJson(res, 500, {
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }, "Bulk decision approve/reject");
+    router.add("POST", "live/decisions/*", async ({ req, res, path }) => {
+        const decisionApproveMatch = path.match(/^live\/decisions\/([^/]+)\/approve$/);
+        if (!decisionApproveMatch) {
+            deps.sendJson(res, 404, { error: "Unknown API endpoint" });
+            return;
+        }
+        try {
+            await handleApproveRequest(req, res, deps, [
+                decodeURIComponent(decisionApproveMatch[1]),
+            ]);
+        }
+        catch (err) {
+            deps.sendJson(res, 500, {
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }, "Single decision approve/reject");
+}

package/dist/http/routes/delegation.d.ts

@@ -0,0 +1,19 @@
+import type { Router } from "../router.js";
+type JsonRecord = Record<string, unknown>;
+type DelegationClientLike = {
+    delegationPreflight: (input: {
+        intent: string;
+        acceptanceCriteria?: string[];
+        constraints?: string[];
+        domains?: string[];
+    }) => Promise<unknown>;
+};
+type RegisterDelegationRoutesDeps<TReq, TRes> = {
+    client: DelegationClientLike;
+    parseJsonRequest: (req: TReq) => Promise<JsonRecord>;
+    pickString: (input: JsonRecord, keys: string[]) => string | null;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerDelegationRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: RegisterDelegationRoutesDeps<TReq, TRes>): void;
+export {};

package/dist/http/routes/delegation.js

@@ -0,0 +1,32 @@
+function toStringArray(value) {
+    return Array.isArray(value)
+        ? value.filter((entry) => typeof entry === "string")
+        : undefined;
+}
+export function registerDelegationRoutes(router, deps) {
+    router.add("POST", "delegation/preflight", async ({ req, res }) => {
+        try {
+            const payload = await deps.parseJsonRequest(req);
+            const intent = deps.pickString(payload, ["intent"]);
+            if (!intent) {
+                deps.sendJson(res, 400, { error: "intent is required" });
+                return;
+            }
+            const data = await deps.client.delegationPreflight({
+                intent,
+                acceptanceCriteria: toStringArray(payload.acceptanceCriteria),
+                constraints: toStringArray(payload.constraints),
+                domains: toStringArray(payload.domains),
+            });
+            deps.sendJson(res, 200, data);
+        }
+        catch (err) {
+            deps.sendJson(res, 500, {
+                error: deps.safeErrorMessage(err),
+            });
+        }
+    }, "Delegation preflight");
+    router.add("*", "delegation/preflight", ({ res }) => {
+        deps.sendJson(res, 405, { error: "Use POST /orgx/api/delegation/preflight" });
+    }, "Reject unsupported methods for delegation/preflight");
+}

package/dist/http/routes/entities.d.ts

@@ -0,0 +1,47 @@
+import type { Entity, OrgSnapshot } from "../../types.js";
+import type { Router } from "../router.js";
+type JsonRecord = Record<string, unknown>;
+type AutoAssignmentResult = {
+    ok: boolean;
+    assignment_source: "orchestrator" | "fallback" | "manual";
+    assigned_agents: unknown[];
+    warnings: string[];
+    updated_entity?: Entity;
+};
+type EntityClientLike = {
+    createEntity: (type: string, data: Record<string, unknown>) => Promise<Entity>;
+    updateEntity: (type: string, id: string, updates: Record<string, unknown>) => Promise<Entity>;
+    listEntities: (type: string, input: {
+        status?: string;
+        initiative_id?: string;
+        limit?: number;
+    }) => Promise<unknown>;
+};
+type RegisterEntitiesRoutesDeps<TReq, TRes> = {
+    client: EntityClientLike;
+    parseJsonRequest: (req: TReq) => Promise<JsonRecord>;
+    pickString: (input: Record<string, unknown>, keys: string[]) => string | null;
+    normalizeEntityMutationPayload: (input: Record<string, unknown>) => Record<string, unknown>;
+    resolveAutoAssignments: (input: {
+        entityId: string;
+        entityType: string;
+        initiativeId: string | null;
+        title: string;
+        summary: string | null;
+    }) => Promise<AutoAssignmentResult>;
+    setLocalInitiativeStatusOverride: (initiativeId: string, status: string) => void;
+    clearLocalInitiativeStatusOverride: (initiativeId: string) => void;
+    isUnauthorizedOrgxError: (err: unknown) => boolean;
+    applyLocalInitiativeOverrides: (rows: Array<Record<string, unknown>>) => Array<Record<string, unknown>>;
+    formatInitiatives: (snapshot: OrgSnapshot | null) => Array<{
+        id: string;
+        title: string;
+        status: string;
+        progress?: number | null;
+    }>;
+    getSnapshot: () => OrgSnapshot | null;
+    sendJson: (res: TRes, status: number, payload: unknown) => void;
+    safeErrorMessage: (err: unknown) => string;
+};
+export declare function registerEntitiesRoutes<TReq, TRes>(router: Router<Record<string, never>, TReq, TRes>, deps: RegisterEntitiesRoutesDeps<TReq, TRes>): void;
+export {};