bopodev-api 0.1.23 → 0.1.25

package/src/routes/issues.ts

@@ -1,9 +1,10 @@
 import { Router } from "express";
 import { mkdir, readFile, rm, stat, writeFile } from "node:fs/promises";
 import { basename, extname, join, resolve } from "node:path";
-import { and, eq } from "drizzle-orm";
+import { and, desc, eq, inArray } from "drizzle-orm";
 import multer from "multer";
 import { z } from "zod";
+import { IssueSchema } from "bopodev-contracts";
 import {
   addIssueAttachment,
   addIssueComment,
@@ -14,6 +15,7 @@ import {
   deleteIssueAttachment,
   deleteIssueComment,
   deleteIssue,
+  heartbeatRuns,
   getIssueAttachment,
   issues,
   listIssueAttachments,
@@ -27,10 +29,18 @@ import {
 } from "bopodev-db";
 import { nanoid } from "nanoid";
 import type { AppContext } from "../context";
-import { sendError, sendOk } from "../http";
+import { sendError, sendOk, sendOkValidated } from "../http";
+import {
+  dedupeCommentRecipients,
+  normalizeRecipientsForPersistence,
+  type CommentRecipientInput,
+  type PersistedCommentRecipient
+} from "../lib/comment-recipients";
 import { isInsidePath, normalizeCompanyWorkspacePath, resolveProjectWorkspacePath } from "../lib/instance-paths";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
+import { triggerIssueCommentDispatchWorker } from "../services/comment-recipient-dispatch-service";
+import { publishAttentionSnapshot } from "../realtime/attention";
 
 const createIssueSchema = z.object({
   projectId: z.string().min(1),
@@ -43,6 +53,8 @@ const createIssueSchema = z.object({
         .object({
           intentType: z.literal("agent_hiring_request"),
           requestedRole: z.string().nullable().optional(),
+          requestedRoleKey: z.string().nullable().optional(),
+          requestedTitle: z.string().nullable().optional(),
           requestedName: z.string().nullable().optional(),
           requestedManagerAgentId: z.string().nullable().optional(),
           requestedProviderType: z.string().nullable().optional(),
@@ -60,6 +72,14 @@ const createIssueSchema = z.object({
 
 const createIssueCommentSchema = z.object({
   body: z.string().min(1),
+  recipients: z
+    .array(
+      z.object({
+        recipientType: z.enum(["agent", "board", "member"]),
+        recipientId: z.string().nullable().optional()
+      })
+    )
+    .default([]),
   authorType: z.enum(["human", "agent", "system"]).optional(),
   authorId: z.string().optional()
 });
@@ -67,6 +87,14 @@ const createIssueCommentSchema = z.object({
 const createIssueCommentLegacySchema = z.object({
   issueId: z.string().min(1),
   body: z.string().min(1),
+  recipients: z
+    .array(
+      z.object({
+        recipientType: z.enum(["agent", "board", "member"]),
+        recipientId: z.string().nullable().optional()
+      })
+    )
+    .default([]),
   authorType: z.enum(["human", "agent", "system"]).optional(),
   authorId: z.string().optional()
 });
@@ -99,6 +127,7 @@ const ALLOWED_ATTACHMENT_EXTENSIONS = parseCsvSet(
 );
 
 type IssueAttachmentResponse = Record<string, unknown> & { id: string; downloadPath: string };
+const COMMENT_RUN_ID_HEADER = "x-bopodev-run-id";
 
 function parseStringArray(value: unknown) {
   if (Array.isArray(value)) {
@@ -153,9 +182,11 @@ export function createIssuesRouter(ctx: AppContext) {
   router.get("/", async (req, res) => {
     const projectId = req.query.projectId?.toString();
     const rows = await listIssues(ctx.db, req.companyId!, projectId);
-    return sendOk(
+    return sendOkValidated(
       res,
-      rows.map((row) => toIssueResponse(row as unknown as Record<string, unknown>))
+      IssueSchema.array(),
+      rows.map((row) => toIssueResponse(row as unknown as Record<string, unknown>)),
+      "issues.list"
     );
   });
 
@@ -427,32 +458,13 @@ export function createIssuesRouter(ctx: AppContext) {
     if (!parsed.success) {
       return sendError(res, parsed.error.message, 422);
     }
-    const author = resolveIssueCommentAuthor(req.actor?.type, req.actor?.id, parsed.data);
-    const comment = await addIssueComment(ctx.db, {
-      companyId: req.companyId!,
+    return createIssueCommentWithRecipients(ctx, req, res, {
       issueId: req.params.issueId,
       body: parsed.data.body,
-      authorType: author.authorType,
-      authorId: author.authorId
-    });
-    await appendActivity(ctx.db, {
-      companyId: req.companyId!,
-      issueId: comment.issueId,
-      actorType: comment.authorType,
-      actorId: comment.authorId,
-      eventType: "issue.comment_added",
-      payload: { commentId: comment.id }
-    });
-    await appendAuditEvent(ctx.db, {
-      companyId: req.companyId!,
-      actorType: comment.authorType,
-      actorId: comment.authorId,
-      eventType: "issue.comment_added",
-      entityType: "issue_comment",
-      entityId: comment.id,
-      payload: comment
+      recipients: parsed.data.recipients,
+      authorType: parsed.data.authorType,
+      authorId: parsed.data.authorId
     });
-    return sendOk(res, comment);
   });
 
   // Backward-compatible endpoint used by older clients.
@@ -465,32 +477,13 @@ export function createIssuesRouter(ctx: AppContext) {
     if (!parsed.success) {
       return sendError(res, parsed.error.message, 422);
     }
-    const author = resolveIssueCommentAuthor(req.actor?.type, req.actor?.id, parsed.data);
-    const comment = await addIssueComment(ctx.db, {
-      companyId: req.companyId!,
+    return createIssueCommentWithRecipients(ctx, req, res, {
       issueId: parsed.data.issueId,
       body: parsed.data.body,
-      authorType: author.authorType,
-      authorId: author.authorId
-    });
-    await appendActivity(ctx.db, {
-      companyId: req.companyId!,
-      issueId: comment.issueId,
-      actorType: comment.authorType,
-      actorId: comment.authorId,
-      eventType: "issue.comment_added",
-      payload: { commentId: comment.id }
+      recipients: parsed.data.recipients,
+      authorType: parsed.data.authorType,
+      authorId: parsed.data.authorId
     });
-    await appendAuditEvent(ctx.db, {
-      companyId: req.companyId!,
-      actorType: comment.authorType,
-      actorId: comment.authorId,
-      eventType: "issue.comment_added",
-      entityType: "issue_comment",
-      entityId: comment.id,
-      payload: comment
-    });
-    return sendOk(res, comment);
   });
 
   router.put("/:issueId/comments/:commentId", async (req, res) => {
@@ -503,11 +496,16 @@ export function createIssuesRouter(ctx: AppContext) {
       return sendError(res, parsed.error.message, 422);
     }
 
+    const body =
+      req.actor?.type === "agent" ? sanitizeCommentBodyForAuthor(parsed.data.body, "agent") : parsed.data.body;
+    if (req.actor?.type === "agent" && !body) {
+      return sendError(res, "Agent comments must include non-emoji text.", 422);
+    }
     const comment = await updateIssueComment(ctx.db, {
       companyId: req.companyId!,
       issueId: req.params.issueId,
       id: req.params.commentId,
-      body: parsed.data.body
+      body
     });
     if (!comment) {
       return sendError(res, "Comment not found.", 404);
@@ -516,13 +514,15 @@ export function createIssuesRouter(ctx: AppContext) {
     await appendActivity(ctx.db, {
       companyId: req.companyId!,
       issueId: req.params.issueId,
-      actorType: "human",
+      actorType: req.actor?.type === "agent" ? "agent" : "human",
+      actorId: req.actor?.id,
       eventType: "issue.comment_updated",
       payload: { commentId: comment.id }
     });
     await appendAuditEvent(ctx.db, {
       companyId: req.companyId!,
-      actorType: "human",
+      actorType: req.actor?.type === "agent" ? "agent" : "human",
+      actorId: req.actor?.id,
       eventType: "issue.comment_updated",
       entityType: "issue_comment",
       entityId: comment.id,
@@ -544,13 +544,15 @@ export function createIssuesRouter(ctx: AppContext) {
     await appendActivity(ctx.db, {
       companyId: req.companyId!,
       issueId: req.params.issueId,
-      actorType: "human",
+      actorType: req.actor?.type === "agent" ? "agent" : "human",
+      actorId: req.actor?.id,
       eventType: "issue.comment_deleted",
       payload: { commentId: req.params.commentId }
     });
     await appendAuditEvent(ctx.db, {
       companyId: req.companyId!,
-      actorType: "human",
+      actorType: req.actor?.type === "agent" ? "agent" : "human",
+      actorId: req.actor?.id,
       eventType: "issue.comment_deleted",
       entityType: "issue_comment",
       entityId: req.params.commentId,
@@ -680,20 +682,249 @@ function parsePayload(payloadJson: string) {
   }
 }
 
+async function createIssueCommentWithRecipients(
+  ctx: AppContext,
+  req: {
+    companyId?: string;
+    actor?: { type?: "board" | "member" | "agent"; id?: string };
+    requestId?: string;
+    header(name: string): string | undefined;
+  },
+  res: Parameters<typeof sendOk>[0],
+  input: {
+    issueId: string;
+    body: string;
+    recipients: CommentRecipientInput[];
+    authorType?: "human" | "agent" | "system";
+    authorId?: string;
+  }
+) {
+  const spoofValidationError = validateCommentAuthorInput(req.actor?.type, req.actor?.id, {
+    authorType: input.authorType,
+    authorId: input.authorId
+  });
+  if (spoofValidationError) {
+    return sendError(res, spoofValidationError, 422);
+  }
+  const author = resolveIssueCommentAuthor(req.actor?.type, req.actor?.id, {
+    authorType: input.authorType,
+    authorId: input.authorId
+  });
+  let normalizedRecipients: PersistedCommentRecipient[];
+  try {
+    normalizedRecipients = await normalizeCommentRecipients(ctx, req.companyId!, input.recipients);
+  } catch (error) {
+    return sendError(res, error instanceof Error ? error.message : "Invalid recipients.", 422);
+  }
+  const runId = await resolveIssueCommentRunId(ctx, {
+    companyId: req.companyId!,
+    actorType: req.actor?.type,
+    actorId: req.actor?.id,
+    runIdHeader: req.header(COMMENT_RUN_ID_HEADER)
+  });
+  const sanitizedBody = sanitizeCommentBodyForAuthor(input.body, author.authorType);
+  if (!sanitizedBody) {
+    return sendError(res, "Agent/system comments must include non-emoji text.", 422);
+  }
+  const comment = await addIssueComment(ctx.db, {
+    companyId: req.companyId!,
+    issueId: input.issueId,
+    body: sanitizedBody,
+    authorType: author.authorType,
+    authorId: author.authorId,
+    runId,
+    recipients: normalizedRecipients
+  });
+  await appendActivity(ctx.db, {
+    companyId: req.companyId!,
+    issueId: comment.issueId,
+    actorType: coerceActorType(comment.authorType),
+    actorId: comment.authorId,
+    eventType: "issue.comment_added",
+    payload: {
+      commentId: comment.id,
+      runId: comment.runId ?? null,
+      recipientCount: normalizedRecipients.length
+    }
+  });
+  await appendAuditEvent(ctx.db, {
+    companyId: req.companyId!,
+    actorType: coerceActorType(comment.authorType),
+    actorId: comment.authorId,
+    eventType: "issue.comment_added",
+    entityType: "issue_comment",
+    entityId: comment.id,
+    payload: comment
+  });
+  if (normalizedRecipients.some((recipient) => recipient.recipientType === "board")) {
+    await publishAttentionSnapshot(ctx.db, ctx.realtimeHub, req.companyId!);
+  }
+  triggerIssueCommentDispatchWorker(ctx.db, req.companyId!, {
+    requestId: req.requestId,
+    realtimeHub: ctx.realtimeHub,
+    limit: 10
+  });
+  return sendOk(res, comment);
+}
+
 function resolveIssueCommentAuthor(
   actorType: "board" | "member" | "agent" | undefined,
   actorId: string | undefined,
   input: { authorType?: "human" | "agent" | "system"; authorId?: string }
 ) {
-  const inferredAuthorType = actorType === "agent" ? "agent" : "human";
-  const authorType = input.authorType ?? inferredAuthorType;
-  if (input.authorId) {
-    return { authorType, authorId: input.authorId };
+  if ((actorType === "board" || actorType === undefined) && (input.authorType || input.authorId)) {
+    return {
+      authorType: input.authorType ?? "human",
+      authorId: input.authorId
+    };
+  }
+  if (actorType === "agent") {
+    return { authorType: "agent" as const, authorId: actorId };
+  }
+  return { authorType: "human" as const, authorId: actorId };
+}
+
+function validateCommentAuthorInput(
+  actorType: "board" | "member" | "agent" | undefined,
+  actorId: string | undefined,
+  input: { authorType?: "human" | "agent" | "system"; authorId?: string }
+) {
+  if (!input.authorType && !input.authorId) {
+    return null;
+  }
+  if (actorType !== "member" && actorType !== "agent") {
+    // Board/default channels are trusted for migration/backfill and may set explicit authorship.
+    return null;
+  }
+  const expectedAuthorType = actorType === "agent" ? "agent" : "human";
+  if (input.authorType && input.authorType !== expectedAuthorType) {
+    return "Comment author fields are derived from actor identity and cannot be overridden.";
+  }
+  if (input.authorId && actorId && input.authorId !== actorId) {
+    return "Comment author fields are derived from actor identity and cannot be overridden.";
+  }
+  if (input.authorId && !actorId) {
+    return "Comment author fields are derived from actor identity and cannot be overridden.";
+  }
+  return null;
+}
+
+function coerceActorType(value: string | null | undefined): "human" | "agent" | "system" {
+  if (value === "agent" || value === "system") {
+    return value;
+  }
+  return "human";
+}
+
+function sanitizeCommentBodyForAuthor(body: string, authorType: "human" | "agent" | "system") {
+  if (authorType === "human") {
+    return body;
+  }
+  const withoutEmoji = body.replace(/[\p{Extended_Pictographic}\uFE0F\u200D]/gu, "");
+  const trimmed = withoutEmoji.trim();
+  const extractedSummary = extractSummaryFromJsonLikeText(trimmed);
+  const isPureJsonLike =
+    /^\s*\{[\s\S]*\}\s*$/m.test(trimmed) || /^\s*```(?:json)?[\s\S]*```\s*$/im.test(trimmed);
+  if (isPureJsonLike && extractedSummary) {
+    return extractedSummary;
+  }
+  const trailingJsonSummary = trimmed.match(/^(?<main>[\s\S]*?)\n+\{[\s\S]*"summary"\s*:\s*"[\s\S]*?"[\s\S]*\}\s*$/);
+  if (trailingJsonSummary?.groups?.main) {
+    return trailingJsonSummary.groups.main.trim();
+  }
+  return trimmed;
+}
+
+function extractSummaryFromJsonLikeText(input: string) {
+  const fencedMatch = input.match(/```(?:json)?\s*([\s\S]*?)```/i);
+  const candidate = fencedMatch?.[1]?.trim() ?? input.match(/\{[\s\S]*\}\s*$/)?.[0]?.trim();
+  if (!candidate) {
+    return null;
+  }
+  try {
+    const parsed = JSON.parse(candidate) as Record<string, unknown>;
+    const summary = parsed.summary;
+    if (typeof summary === "string" && summary.trim().length > 0) {
+      return summary.trim();
+    }
+  } catch {
+    // Fall through to regex extraction for loosely-formatted JSON.
+  }
+  const summaryMatch = candidate.match(/"summary"\s*:\s*"([\s\S]*?)"/);
+  const summary = summaryMatch?.[1]
+    ?.replace(/\\"/g, "\"")
+    .replace(/\\n/g, " ")
+    .replace(/\s+/g, " ")
+    .trim();
+  return summary && summary.length > 0 ? summary : null;
+}
+
+async function resolveIssueCommentRunId(
+  ctx: AppContext,
+  input: {
+    companyId: string;
+    actorType: "board" | "member" | "agent" | undefined;
+    actorId: string | undefined;
+    runIdHeader: string | undefined;
+  }
+) {
+  const runId = input.runIdHeader?.trim();
+  if (runId) {
+    const [run] = await ctx.db
+      .select({ id: heartbeatRuns.id, agentId: heartbeatRuns.agentId })
+      .from(heartbeatRuns)
+      .where(and(eq(heartbeatRuns.companyId, input.companyId), eq(heartbeatRuns.id, runId)))
+      .limit(1);
+    if (!run) {
+      return null;
+    }
+    if (input.actorType === "agent" && input.actorId && run.agentId !== input.actorId) {
+      return null;
+    }
+    return run.id;
+  }
+  if (input.actorType !== "agent" || !input.actorId) {
+    return null;
+  }
+  const [latestRun] = await ctx.db
+    .select({ id: heartbeatRuns.id })
+    .from(heartbeatRuns)
+    .where(
+      and(
+        eq(heartbeatRuns.companyId, input.companyId),
+        eq(heartbeatRuns.agentId, input.actorId),
+        eq(heartbeatRuns.status, "started")
+      )
+    )
+    .orderBy(desc(heartbeatRuns.startedAt))
+    .limit(1);
+  return latestRun?.id ?? null;
+}
+
+async function normalizeCommentRecipients(
+  ctx: AppContext,
+  companyId: string,
+  recipients: CommentRecipientInput[]
+): Promise<PersistedCommentRecipient[]> {
+  if (recipients.length === 0) {
+    return [] as PersistedCommentRecipient[];
   }
-  if (authorType === "agent" && actorId) {
-    return { authorType, authorId: actorId };
+  const deduped = dedupeCommentRecipients(recipients);
+  const agentIds = deduped
+    .filter((recipient) => recipient.recipientType === "agent" && recipient.recipientId)
+    .map((recipient) => recipient.recipientId as string);
+  if (agentIds.length > 0) {
+    const existingAgents = await ctx.db
+      .select({ id: agents.id })
+      .from(agents)
+      .where(and(eq(agents.companyId, companyId), inArray(agents.id, agentIds)));
+    const existingAgentIds = new Set(existingAgents.map((agent) => agent.id));
+    const missing = agentIds.find((id) => !existingAgentIds.has(id));
+    if (missing) {
+      throw new Error(`Recipient agent not found: ${missing}`);
+    }
   }
-  return { authorType, authorId: undefined };
+  return normalizeRecipientsForPersistence(deduped);
 }
 
 async function validateIssueAssignmentScope(

package/src/routes/observability.ts

@@ -2,9 +2,11 @@ import { Router } from "express";
 import { z } from "zod";
 import {
   getHeartbeatRun,
+  listCompanies,
   listAgents,
   listAuditEvents,
   listCostEntries,
+  listGoals,
   listHeartbeatRunMessages,
   listHeartbeatRuns,
   listModelPricing,
@@ -15,7 +17,7 @@ import type { AppContext } from "../context";
 import { sendError, sendOk } from "../http";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
-import { listAgentMemoryFiles, readAgentMemoryFile } from "../services/memory-file-service";
+import { listAgentMemoryFiles, loadAgentMemoryContext, readAgentMemoryFile } from "../services/memory-file-service";
 
 export function createObservabilityRouter(ctx: AppContext) {
   const router = Router();
@@ -266,6 +268,65 @@ export function createObservabilityRouter(ctx: AppContext) {
     }
   });
 
+  router.get("/memory/:agentId/context-preview", async (req, res) => {
+    const companyId = req.companyId!;
+    const agentId = req.params.agentId;
+    const projectIds = typeof req.query.projectIds === "string"
+      ? req.query.projectIds
+          .split(",")
+          .map((entry) => entry.trim())
+          .filter(Boolean)
+      : [];
+    const queryText = typeof req.query.query === "string" ? req.query.query.trim() : "";
+    const [agents, goals, companies] = await Promise.all([
+      listAgents(ctx.db, companyId),
+      listGoals(ctx.db, companyId),
+      listCompanies(ctx.db)
+    ]);
+    const agent = agents.find((entry) => entry.id === agentId);
+    if (!agent) {
+      return sendError(res, "Agent not found", 404);
+    }
+    const company = companies.find((entry) => entry.id === companyId);
+    const memoryContext = await loadAgentMemoryContext({
+      companyId,
+      agentId,
+      projectIds,
+      queryText: queryText.length > 0 ? queryText : undefined
+    });
+    const activeCompanyGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "company")
+      .map((goal) => goal.title);
+    const activeProjectGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "project" && goal.projectId && projectIds.includes(goal.projectId))
+      .map((goal) => goal.title);
+    const activeAgentGoals = goals
+      .filter((goal) => goal.status === "active" && goal.level === "agent")
+      .map((goal) => goal.title);
+    const compiledPreview = [
+      `Agent: ${agent.name} (${agent.role})`,
+      `Company mission: ${company?.mission ?? "No mission set"}`,
+      `Company goals: ${activeCompanyGoals.length > 0 ? activeCompanyGoals.join(" | ") : "None"}`,
+      `Project goals: ${activeProjectGoals.length > 0 ? activeProjectGoals.join(" | ") : "None"}`,
+      `Agent goals: ${activeAgentGoals.length > 0 ? activeAgentGoals.join(" | ") : "None"}`,
+      `Tacit notes: ${memoryContext.tacitNotes ?? "None"}`,
+      `Durable facts: ${memoryContext.durableFacts.join(" | ") || "None"}`,
+      `Daily notes: ${memoryContext.dailyNotes.join(" | ") || "None"}`
+    ].join("\n");
+    return sendOk(res, {
+      agentId,
+      projectIds,
+      companyMission: company?.mission ?? null,
+      goalContext: {
+        companyGoals: activeCompanyGoals,
+        projectGoals: activeProjectGoals,
+        agentGoals: activeAgentGoals
+      },
+      memoryContext,
+      compiledPreview
+    });
+  });
+
   router.get("/plugins/runs", async (req, res) => {
     const companyId = req.companyId!;
     const pluginId = typeof req.query.pluginId === "string" && req.query.pluginId.trim() ? req.query.pluginId.trim() : undefined;

package/src/routes/projects.ts

@@ -2,6 +2,7 @@ import { Router } from "express";
 import { mkdir, stat } from "node:fs/promises";
 import { join } from "node:path";
 import { z } from "zod";
+import { ProjectSchema } from "bopodev-contracts";
 import {
   appendAuditEvent,
   createProject,
@@ -15,7 +16,7 @@ import {
   updateProjectWorkspace
 } from "bopodev-db";
 import type { AppContext } from "../context";
-import { sendError, sendOk } from "../http";
+import { sendError, sendOk, sendOkValidated } from "../http";
 import { normalizeCompanyWorkspacePath, resolveProjectWorkspacePath } from "../lib/instance-paths";
 import { requireCompanyScope } from "../middleware/company-scope";
 import { requirePermission } from "../middleware/request-actor";
@@ -50,6 +51,7 @@ const createProjectSchema = z.object({
   description: z.string().optional(),
   status: projectStatusSchema.default("planned"),
   plannedStartAt: z.string().optional(),
+  monthlyBudgetUsd: z.number().positive().default(100),
   executionWorkspacePolicy: executionWorkspacePolicySchema.optional().nullable(),
   workspace: z
     .object({
@@ -69,6 +71,7 @@ const updateProjectSchema = z
     description: z.string().nullable().optional(),
     status: projectStatusSchema.optional(),
     plannedStartAt: z.string().nullable().optional(),
+    monthlyBudgetUsd: z.number().positive().optional(),
     executionWorkspacePolicy: executionWorkspacePolicySchema.nullable().optional(),
     goalIds: z.array(z.string().min(1)).optional()
   })
@@ -122,7 +125,7 @@ export function createProjectsRouter(ctx: AppContext) {
   router.get("/", async (req, res) => {
     const projects = await listProjects(ctx.db, req.companyId!);
     const withDiagnostics = await Promise.all(projects.map((project) => enrichProjectDiagnostics(req.companyId!, project)));
-    return sendOk(res, withDiagnostics);
+    return sendOkValidated(res, ProjectSchema.array(), withDiagnostics, "projects.list");
   });
 
   router.post("/", async (req, res) => {
@@ -140,6 +143,7 @@ export function createProjectsRouter(ctx: AppContext) {
       description: parsed.data.description,
       status: parsed.data.status,
       plannedStartAt: parsePlannedStartAt(parsed.data.plannedStartAt),
+      monthlyBudgetUsd: parsed.data.monthlyBudgetUsd.toFixed(4),
       executionWorkspacePolicy: parsed.data.executionWorkspacePolicy ?? null
     });
     if (!project) {
@@ -216,6 +220,7 @@ export function createProjectsRouter(ctx: AppContext) {
       status: parsed.data.status,
       plannedStartAt:
         parsed.data.plannedStartAt === undefined ? undefined : parsePlannedStartAt(parsed.data.plannedStartAt),
+      monthlyBudgetUsd: parsed.data.monthlyBudgetUsd === undefined ? undefined : parsed.data.monthlyBudgetUsd.toFixed(4),
       executionWorkspacePolicy: parsed.data.executionWorkspacePolicy
     });
     if (!project) {

package/src/scripts/onboard-seed.ts

@@ -101,7 +101,7 @@ export async function ensureOnboardingSeed(input: {
     const resolvedCompanyName = companyRow.name;
     await ensureCompanyBuiltinTemplateDefaults(db, companyId);
     const agents = await listAgents(db, companyId);
-    const existingCeo = agents.find((agent) => agent.role === "CEO" || agent.name === "CEO");
+    const existingCeo = agents.find((agent) => agent.roleKey === "ceo" || agent.role === "CEO" || agent.name === "CEO");
     let ceoCreated = false;
     let ceoMigrated = false;
     let ceoProviderType: AgentProvider = parseAgentProvider(existingCeo?.providerType) ?? agentProvider;
@@ -130,6 +130,8 @@ export async function ensureOnboardingSeed(input: {
         const ceo = await createAgent(db, {
           companyId,
           role: "CEO",
+          roleKey: "ceo",
+          title: "CEO",
           name: "CEO",
           providerType: agentProvider,
           heartbeatCron: "*/5 * * * *",

package/src/server.ts

@@ -10,6 +10,7 @@ import { createApp } from "./app";
 import { loadGovernanceRealtimeSnapshot } from "./realtime/governance";
 import { loadOfficeSpaceRealtimeSnapshot } from "./realtime/office-space";
 import { loadHeartbeatRunsRealtimeSnapshot } from "./realtime/heartbeat-runs";
+import { loadAttentionRealtimeSnapshot } from "./realtime/attention";
 import { attachRealtimeHub } from "./realtime/hub";
 import {
   isAuthenticatedMode,
@@ -106,7 +107,8 @@ async function main() {
     bootstrapLoaders: {
       governance: (companyId) => loadGovernanceRealtimeSnapshot(db, companyId),
       "office-space": (companyId) => loadOfficeSpaceRealtimeSnapshot(db, companyId),
-      "heartbeat-runs": (companyId) => loadHeartbeatRunsRealtimeSnapshot(db, companyId)
+      "heartbeat-runs": (companyId) => loadHeartbeatRunsRealtimeSnapshot(db, companyId),
+      attention: (companyId) => loadAttentionRealtimeSnapshot(db, companyId)
     }
   });
   const app = createApp({ db, deploymentMode, allowedOrigins, getRuntimeHealth, realtimeHub });