chapterhouse 0.9.2 → 0.10.0

package/dist/api/server.js

@@ -1,363 +1,48 @@
 import cors from "cors";
 import express from "express";
 import helmet from "helmet";
-import { existsSync, readFileSync, statSync, writeFileSync } from "fs";
-import { join, dirname, resolve, sep } from "path";
+import { existsSync } from "fs";
+import { join, dirname } from "path";
 import { fileURLToPath } from "url";
-import { z } from "zod";
-import { sendToOrchestrator, interruptCurrentTurn, enqueueForSse, cancelCurrentMessage, interruptSessionTurn, getLastRouteResult, getCurrentSessionKey, getPersistentAgentSessionState, reloadPersistentAgent } from "../copilot/orchestrator.js";
-import { agentEventBus } from "../copilot/agent-event-bus.js";
-import { ensureDefaultAgents, getAgent, getAgentRegistry, isBuiltinAgent, loadAgents, notifyAgentSaved, parseAgentMd, parseAgentMdOrThrow, serializeAgentMd, setAgentSaveRuntimeHooks, SLUG_REGEX, } from "../copilot/agents.js";
-import { config, persistModel } from "../config.js";
+import { getPersistentAgentSessionState, reloadPersistentAgent } from "../copilot/orchestrator.js";
+import { setAgentSaveRuntimeHooks } from "../copilot/agents.js";
+import { config } from "../config.js";
 import { ModeContext } from "../mode-context.js";
-import { getRouterConfig, updateRouterConfig } from "../copilot/router.js";
-import { searchIndex, parseIndex } from "../wiki/index-manager.js";
-import { createAuthMiddleware, getBootstrapAuthResponse } from "./auth.js";
-import { assertAgentEditAccess } from "./agent-edit-access.js";
+import { createAuthMiddleware } from "./auth.js";
 import { createConcurrentConnectionLimiter, createFixedWindowRateLimiter } from "./rate-limit.js";
 import { createTeamRouter } from "./team.js";
-import { readPage, writePage, deletePage, pageExists, listPages, ensureWikiStructure, assertPagePath, getWikiDir, } from "../wiki/fs.js";
-import { parseWikiFrontmatter } from "../wiki/frontmatter.js";
-import { normalizeWikiPath } from "../wiki/path-utils.js";
-import { loadRegistry, saveRegistry } from "../wiki/project-registry.js";
-import { getProjectRulesPath, listTopLevelSoftRules, loadProjectRules, loadProjectRuleSummary, renderInitialProjectRulesPage, saveProjectRulesHardFields, saveProjectRulesSoftRules, } from "../wiki/project-rules.js";
-import { readWikiPage, teamWikiSync } from "../wiki/team-sync.js";
-import { withWikiWrite } from "../wiki/lock.js";
-import { listSkills, removeSkill } from "../copilot/skills.js";
-import { restartDaemon } from "../daemon.js";
-import { AGENTS_DIR, API_TOKEN_PATH } from "../paths.js";
-import { getCurrentRunId, getDb, getSessionMessages, getTaskEvents } from "../store/db.js";
-import { getTaskLogEvents, subscribeTaskLog } from "../copilot/task-event-log.js";
-import { subscribeSession, getSessionEventsFromDb, getSessionMaxSeqFromDb, oldestSessionSeq, } from "../copilot/turn-event-log.js";
-import { getStatus, onStatusChange } from "../status.js";
-import { formatSseData } from "./sse.js";
-import { assertAuthenticationConfigured, createHealthPayload, createPublicConfigPayload, getDisplayHost, resolveApiToken, shouldServeSpaPath, } from "./server-runtime.js";
-import { BadRequestError, ForbiddenError, InternalServerError, NotFoundError, apiNotFoundHandler, asBadRequest, createApiErrorHandler, parseRequest, } from "./errors.js";
+import { apiNotFoundHandler, createApiErrorHandler } from "./errors.js";
 import { childLogger } from "../util/logger.js";
-import { getActiveScope, setActiveScope } from "../memory/active-scope.js";
-import { createScope, getScope, listScopes } from "../memory/scopes.js";
-import { handleGitCommitHook, handlePrMergeHook } from "../memory/hooks.js";
-import { recordObservation } from "../memory/observations.js";
-import { recordDecision } from "../memory/decisions.js";
-import { upsertEntity } from "../memory/entities.js";
-import { getInboxItem, listPendingInboxItems, resolveInboxItem } from "../memory/inbox.js";
-import { ingestSource } from "../wiki/ingest.js";
-import { listKorgResearchSessions } from "./korg.js";
+import { assertAuthenticationConfigured, getDisplayHost, shouldServeSpaPath } from "./server-runtime.js";
+import { createAgentsRouter } from "./routes/agents.js";
+import { createMemoryRouter } from "./routes/memory.js";
+import { createProjectsRouter } from "./routes/projects.js";
+import { createSessionsRouter } from "./routes/sessions.js";
+import { createSystemRouter } from "./routes/system.js";
+import { createWikiRouter } from "./routes/wiki.js";
+import { broadcastSsePayload, broadcastSsePayloadToSession, broadcastToSSE } from "./sse-hub.js";
 const log = childLogger("server");
 const modeContext = new ModeContext(config);
-void searchIndex; // re-exported by index-manager; reference here documents the dep
 const __dirname = dirname(fileURLToPath(import.meta.url));
-// Built SPA bundle (web/dist/), shipped alongside dist/
 const WEB_DIST_DIR = join(__dirname, "..", "..", "web", "dist");
 const WEB_INDEX_HTML = join(WEB_DIST_DIR, "index.html");
-const requiredString = (message) => z.string({ error: message }).trim().min(1, message);
-const messageRequestSchema = z.object({
-    prompt: requiredString("Missing 'prompt' in request body"),
-    connectionId: requiredString("Missing or invalid 'connectionId'. Connect to /stream first."),
-    projectPath: z.string().optional(),
-    sessionKey: z.string().optional(),
-    /** Optional client-generated correlation ID. Echoed back in the `queued` SSE event
-     * so the frontend can match the event to the user message bubble it should update. */
-    msgId: z.string().optional(),
-});
-const interruptRequestSchema = z.object({
-    prompt: requiredString("Missing 'prompt' in request body"),
-    connectionId: requiredString("Missing or invalid 'connectionId'. Connect to /stream first."),
-    attachments: z.array(z.object({
-        type: z.literal("file"),
-        path: z.string(),
-        displayName: z.string().optional(),
-    })).optional(),
-});
-const modelRequestSchema = z.object({
-    model: requiredString("Missing 'model' in request body"),
-}).strict();
-const autoRequestSchema = z.object({
-    enabled: z.boolean().optional(),
-    tierModels: z.object({
-        fast: requiredString("tierModels.fast must be a non-empty string").optional(),
-        standard: requiredString("tierModels.standard must be a non-empty string").optional(),
-        premium: requiredString("tierModels.premium must be a non-empty string").optional(),
-    }).strict().optional(),
-    cooldownMessages: z.number({ error: "cooldownMessages must be a number" })
-        .int("cooldownMessages must be an integer")
-        .min(0, "cooldownMessages must be a non-negative integer")
-        .optional(),
-}).strict();
-const wikiWriteSchema = z.object({
-    content: z.string({ error: "Missing 'content' string in request body" }),
-}).strict();
-const agentPatchSchema = z.object({
-    name: requiredString("name must be a non-empty string").optional(),
-    description: requiredString("description must be a non-empty string").optional(),
-    model: requiredString("model must be a non-empty string").optional(),
-    systemPrompt: z.string().optional(),
-}).passthrough().superRefine((value, ctx) => {
-    for (const key of ["slug", "scope", "tools", "skills"]) {
-        if (Object.prototype.hasOwnProperty.call(value, key)) {
-            ctx.addIssue({
-                code: "custom",
-                path: [key],
-                message: `'${key}' is read-only`,
-            });
-        }
-    }
-});
-const projectCreateSchema = z.object({
-    slug: requiredString("Missing 'slug' in request body")
-        .regex(/^[a-z0-9][a-z0-9-]*$/, "Project slug must be a lowercase slug"),
-    cwd: requiredString("Missing 'cwd' in request body")
-        .refine((value) => value.startsWith("/"), "Project cwd must be an absolute path"),
-}).strict();
-const scopeCreateSchema = z.object({
-    slug: requiredString("Missing 'slug' in request body")
-        .regex(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, "Scope slug must be unique kebab-case"),
-    title: requiredString("Missing 'title' in request body"),
-    description: z.string().optional(),
-}).strict();
-const setActiveScopeSchema = z.object({
-    scope: z.string().nullable(),
-});
-const memoryEntriesQuerySchema = z.object({
-    store: z.enum(["observations", "decisions", "entities", "action_items"]).optional(),
-    tier: z.enum(["hot", "warm", "cold"]).optional(),
-});
-const memoryRememberSchema = z.object({
-    content: requiredString("Missing 'content' in request body"),
-    kind: z.enum(["observation", "decision"]).optional(),
-    entity_name: z.string().optional(),
-    entity_kind: z.string().optional(),
-    title: z.string().optional(),
-    decided_at: z.string().optional(),
-    tier: z.enum(["hot", "warm", "cold"]).optional(),
-});
-const inboxRouteSchema = z.object({
-    action: z.enum(["accept", "reject", "route"]),
-    reason: z.string().optional(),
-    target_scope: z.string().optional(),
-});
-const gitCommitHookSchema = z.object({
-    message: requiredString("Missing 'message' in request body"),
-    stat: z.string().optional(),
-});
-const prMergeHookSchema = z.object({
-    number: z.number({ error: "Missing or invalid 'number' in request body" }).int().positive(),
-    title: requiredString("Missing 'title' in request body"),
-    body: z.string().optional(),
-    files_changed: z.array(z.string()).optional(),
-});
-const projectHardRulesSchema = z.object({
-    hardRules: z.object({
-        auto_pr: z.boolean({ error: "hardRules.auto_pr must be a boolean" }),
-        require_worktree: z.boolean({ error: "hardRules.require_worktree must be a boolean" }),
-        pr_draft_default: z.boolean({ error: "hardRules.pr_draft_default must be a boolean" }),
-        default_branch: requiredString("hardRules.default_branch must be a non-empty string"),
-        commit_co_author: requiredString("hardRules.commit_co_author must be a non-empty string"),
-        test_command: z.string({ error: "hardRules.test_command must be a string" }),
-        build_command: z.string({ error: "hardRules.build_command must be a string" }),
-        lint_command: z.string({ error: "hardRules.lint_command must be a string" }),
-        require_clean_worktree: z.boolean({ error: "hardRules.require_clean_worktree must be a boolean" }),
-    }).strict(),
-}).strict();
-const projectSoftRulesSchema = z.object({
-    softRules: z.array(requiredString("softRules entries must be non-empty strings")),
-}).strict();
-function createWikiPagePayload(path, content) {
-    const { parsed: frontmatter, body: renderedContent } = parseWikiFrontmatter(content);
-    return {
-        path,
-        content,
-        renderedContent,
-        frontmatter,
-    };
-}
-function createProjectDetailPayload(slug, cwd) {
-    const rules = loadProjectRules(slug);
-    if (!rules.found) {
-        return {
-            slug,
-            cwd,
-            rulesFound: false,
-            hardRules: null,
-            softRules: [],
-        };
-    }
-    return {
-        slug,
-        cwd,
-        rulesFound: true,
-        hardRules: rules.hard,
-        softRules: listTopLevelSoftRules(rules.soft),
-    };
-}
-function coerceWikiPageUpdated(path, updated) {
-    const normalized = updated?.trim();
-    if (normalized) {
-        return normalized;
-    }
-    try {
-        return statSync(join(getWikiDir(), path)).mtime.toISOString();
-    }
-    catch {
-        return "unknown";
-    }
-}
-function wikiPathToBrowserSlug(path) {
-    return path.replace(/^pages\//, "").replace(/\.md$/, "");
-}
-function entityTypeFromPath(path) {
-    const rest = path.startsWith("pages/") ? path.slice("pages/".length) : path;
-    const segs = rest.split("/").filter(Boolean);
-    if (segs.length <= 1)
-        return (segs[0] || "pages").replace(/\.md$/i, "");
-    return segs[0];
-}
-function normalizeOptionalQueryParam(value) {
-    if (typeof value !== "string") {
-        return undefined;
-    }
-    const trimmed = value.trim();
-    return trimmed ? trimmed : undefined;
-}
-function matchesWikiBrowserFilters(page, filters) {
-    if (filters.type && page.type !== filters.type) {
-        return false;
-    }
-    if (!filters.q) {
-        return true;
-    }
-    const query = filters.q.toLowerCase();
-    return page.title.toLowerCase().includes(query) || page.summary.toLowerCase().includes(query);
-}
-function mapIndexEntryToBrowserPage(entry) {
-    return {
-        slug: wikiPathToBrowserSlug(entry.path),
-        title: entry.title,
-        summary: entry.summary,
-        type: entry.section,
-        last_updated: coerceWikiPageUpdated(entry.path, entry.updated),
-    };
-}
-function listFallbackWikiBrowserPages(filters) {
-    const entries = parseIndex();
-    const indexed = new Set(entries.map((entry) => entry.path));
-    const indexedResults = entries.map(mapIndexEntryToBrowserPage);
-    const orphanResults = listPages()
-        .filter((path) => !indexed.has(path))
-        .map((path) => ({
-        slug: wikiPathToBrowserSlug(path),
-        title: path,
-        summary: "",
-        type: "Unindexed",
-        last_updated: coerceWikiPageUpdated(path, undefined),
-    }));
-    return [...indexedResults, ...orphanResults].filter((page) => matchesWikiBrowserFilters(page, filters));
-}
-function listDbWikiBrowserPages(filters) {
-    const db = getDb();
-    const clauses = [];
-    const params = [];
-    if (filters.type) {
-        clauses.push("(entity_type = ? OR (entity_type IS NULL AND path LIKE ?))");
-        params.push(filters.type, `pages/${filters.type}/%`);
-    }
-    if (filters.q) {
-        clauses.push("(title LIKE ? COLLATE NOCASE OR COALESCE(summary, '') LIKE ? COLLATE NOCASE)");
-        params.push(`%${filters.q}%`, `%${filters.q}%`);
-    }
-    const rows = db.prepare(`
-    SELECT path, title, summary, entity_type, last_updated, pinned
-    FROM wiki_pages
-    ${clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : ""}
-    ORDER BY COALESCE(last_updated, '') DESC, title ASC
-  `).all(...params);
-    return rows.map((row) => ({
-        slug: wikiPathToBrowserSlug(row.path),
-        title: row.title,
-        summary: row.summary ?? "",
-        type: row.entity_type ?? entityTypeFromPath(row.path),
-        last_updated: coerceWikiPageUpdated(row.path, row.last_updated ?? undefined),
-        ...(row.pinned ? { pinned: true } : {}),
-    }));
-}
-function parseWikiSourcePages(value) {
-    if (!value) {
-        return [];
-    }
-    try {
-        const parsed = JSON.parse(value);
-        return Array.isArray(parsed)
-            ? parsed.filter((entry) => typeof entry === "string").map((entry) => normalizeWikiPath(entry))
-            : [];
-    }
-    catch {
-        return [];
-    }
-}
-function listWikiSources(page) {
-    const rows = getDb().prepare(`
-    SELECT source_type, origin, raw_path, pages_updated, status, session_id, ingested_at
-    FROM wiki_sources
-    ORDER BY ingested_at DESC, id ASC
-  `).all();
-    return rows
-        .filter((row) => !page || parseWikiSourcePages(row.pages_updated).includes(page))
-        .map((row) => ({
-        source_url: row.origin,
-        path: row.raw_path ?? undefined,
-        kind: row.source_type,
-        status: row.status,
-        session_id: row.session_id,
-        ingested_at: row.ingested_at,
-    }));
-}
-function wikiPathToSlug(path) {
-    const segments = normalizeWikiPath(path).split("/").filter(Boolean);
-    const file = segments[segments.length - 1] ?? path;
-    const base = file.endsWith(".md") ? file.slice(0, -3) : file;
-    if (base === "index" && segments.length >= 2) {
-        return segments[segments.length - 2] ?? base;
-    }
-    return base;
-}
-function listWikiLinks(page) {
-    const rows = page
-        ? getDb().prepare(`
-      SELECT from_page, to_page, link_type
-      FROM wiki_links
-      WHERE from_page = ? OR to_page = ?
-      ORDER BY from_page ASC, to_page ASC, link_type ASC
-    `).all(page, page)
-        : getDb().prepare(`
-      SELECT from_page, to_page, link_type
-      FROM wiki_links
-      ORDER BY from_page ASC, to_page ASC, link_type ASC
-    `).all();
-    return rows.map((row) => ({
-        source_slug: wikiPathToSlug(row.from_page),
-        target_slug: wikiPathToSlug(row.to_page),
-        link_type: row.link_type,
-        ...(page ? { direction: row.from_page === page ? "outgoing" : "incoming" } : {}),
-    }));
-}
-// Load a configured API token when present; startup validation below enforces auth.
 let apiToken = null;
 try {
-    apiToken = resolveApiToken({
-        envToken: process.env.API_TOKEN,
-        tokenPath: API_TOKEN_PATH,
-    });
+    apiToken = config.apiToken;
     assertAuthenticationConfigured({
         entraAuthEnabled: config.entraAuthEnabled,
         apiToken,
+        apiHost: config.apiHost,
     });
 }
 catch (err) {
     log.error({ err: err instanceof Error ? err.message : String(err) }, "Auth token error");
     process.exit(1);
 }
-if (modeContext.isPersonal() && config.standaloneMode) {
-    log.warn("Running without authentication — team features disabled");
+if (config.standaloneMode) {
+    log.warn({ host: config.apiHost }, modeContext.isPersonal()
+        ? "Running without authentication on loopback — team features disabled"
+        : "Running without authentication on loopback — set API_TOKEN or configure Entra auth before exposing this service");
 }
 function isLoopbackHostname(hostname) {
     return hostname === "127.0.0.1" || hostname === "localhost" || hostname === "::1";
@@ -395,7 +80,7 @@ app.use(cors({
     maxAge: 600,
     optionsSuccessStatus: 204,
 }));
-app.use(express.json({ limit: "2mb" }));
+app.use(express.json({ limit: config.jsonBodyLimit }));
 function sendRateLimitResponse(res, retryAfterSeconds, message) {
     res.setHeader("Retry-After", String(retryAfterSeconds));
     res.status(429).json({ error: `${message} Retry after ${retryAfterSeconds} seconds.` });
@@ -437,1433 +122,27 @@ app.use("/api", apiRateLimit);
 app.use("/api/bootstrap", authRateLimit);
 app.use("/stream", authRateLimit, sseConcurrentLimit);
 app.use(authMiddleware);
-// Loopback-only origin gate for the bootstrap endpoint that hands the token to the SPA.
-function isLoopbackOrigin(req) {
-    const origin = req.headers.origin || req.headers.referer;
-    if (!origin) {
-        // Same-origin fetches from the served SPA omit Origin; permit when the request comes
-        // from the loopback socket itself.
-        const remote = req.socket.remoteAddress || "";
-        return remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
-    }
-    try {
-        return isLoopbackHostname(new URL(origin).hostname);
-    }
-    catch {
-        return false;
-    }
-}
-function readPathParam(req) {
-    const raw = req.query.path;
-    if (typeof raw !== "string" || !raw) {
-        throw new BadRequestError("Missing 'path' query param");
-    }
-    return raw;
-}
-function readOptionalPageFilter(req) {
-    const raw = req.query.page;
-    if (typeof raw !== "string" || !raw.trim()) {
-        return undefined;
-    }
-    return normalizeWikiPath(raw.trim());
-}
-function assertValidPagePath(path) {
-    try {
-        assertPagePath(path);
-        return path;
-    }
-    catch (error) {
-        asBadRequest(error);
-    }
-}
-function getWikiPageScope(path) {
-    return modeContext.canSyncTeamWiki() && teamWikiSync.isTeamPath(path) ? "team" : "personal";
-}
-function getEmptyWikiWelcomeContent(today = new Date()) {
-    return `---
-title: Wiki
-summary: Empty wiki — get started.
-updated: ${today.toISOString().slice(0, 10)}
----
-
-# Wiki
-
-Your wiki is empty. Pages are organized by category — projects, people, tools, topics, areas, orgs, facts, preferences, routines.
-
-Create your first page via the wiki UI or by editing files under \`pages/\`.
-`;
-}
-// Active SSE connections
-const sseClients = new Map();
-const pendingSseMessages = [];
-let connectionCounter = 0;
-function broadcastSsePayload(payload) {
-    for (const [, res] of sseClients) {
-        res.write(formatSseData(payload));
-    }
-}
 setAgentSaveRuntimeHooks({
     getPersistentSessionState: getPersistentAgentSessionState,
     reloadPersistentSession: reloadPersistentAgent,
     emitAgentReloadEvent: (event) => {
-        broadcastSsePayload(event);
-    },
-});
-// ---------------------------------------------------------------------------
-// Bootstrap — hands the API token to the same-origin SPA on first load.
-// Loopback-only by IP / Origin check.
-// ---------------------------------------------------------------------------
-app.get("/api/bootstrap", (req, res) => {
-    if (!isLoopbackOrigin(req)) {
-        throw new ForbiddenError("Bootstrap is loopback-only");
-    }
-    res.json(getBootstrapAuthResponse(apiToken, {
-        entraAuthEnabled: config.entraAuthEnabled,
-        standaloneMode: config.standaloneMode,
-        entraTenantId: config.entraTenantId,
-        entraClientId: config.entraClientId,
-        entraRequiredRole: config.entraRequiredRole,
-        entraTeamLeadId: config.entraTeamLeadId,
-    }));
-});
-app.get("/api/config/public", (_req, res) => {
-    res.json(createPublicConfigPayload({
-        entraAuthEnabled: config.entraAuthEnabled,
-        standaloneMode: config.standaloneMode,
-        entraClientId: config.entraClientId,
-        entraTenantId: config.entraTenantId,
-        chatSseEnabled: config.chatSseEnabled,
-    }));
-});
-// Health check — intentionally unauthenticated, returns no sensitive data
-const handleHealth = (_req, res) => {
-    res.json(createHealthPayload());
-};
-app.get("/status", handleHealth);
-app.get("/health", handleHealth);
-function getLoadedAgents() {
-    let agents = getAgentRegistry();
-    if (agents.length === 0) {
-        ensureDefaultAgents();
-        agents = loadAgents();
-    }
-    return agents;
-}
-function getAgentLastEdited(slug) {
-    try {
-        return statSync(join(AGENTS_DIR, `${slug}.agent.md`)).mtime.toISOString();
-    }
-    catch {
-        return null;
-    }
-}
-// ---------------------------------------------------------------------------
-// Workers / agents
-// ---------------------------------------------------------------------------
-app.get("/api/agents", (_req, res) => {
-    const agents = getLoadedAgents()
-        .map((agent) => ({
-        name: agent.name,
-        slug: agent.slug,
-        description: agent.description,
-        model: agent.model,
-        scope: agent.scope ?? null,
-        type: isBuiltinAgent(agent.slug) ? "builtin" : "custom",
-        lastEdited: getAgentLastEdited(agent.slug),
-    }))
-        .sort((left, right) => {
-        if (left.type !== right.type) {
-            return left.type === "builtin" ? -1 : 1;
-        }
-        return left.name.localeCompare(right.name);
-    });
-    res.json(agents);
-});
-app.get("/api/agents/:slug", (req, res, next) => {
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? slugParam[0] : slugParam;
-    if (slug === "stream") {
-        next();
-        return;
-    }
-    if (!SLUG_REGEX.test(slug)) {
-        res.status(400).json({ error: "Invalid slug" });
-        return;
-    }
-    getLoadedAgents();
-    const filePath = join(AGENTS_DIR, `${slug}.agent.md`);
-    const resolvedAgentsDir = resolve(AGENTS_DIR);
-    const resolvedFilePath = resolve(filePath);
-    if (!(resolvedFilePath === resolvedAgentsDir || resolvedFilePath.startsWith(`${resolvedAgentsDir}${sep}`))) {
-        res.status(403).json({ error: "Access denied" });
-        return;
-    }
-    let content;
-    try {
-        content = readFileSync(filePath, "utf-8");
-    }
-    catch {
-        res.status(404).json({ error: `Agent '${slug}' not found` });
-        return;
-    }
-    const agent = parseAgentMd(content, slug);
-    if (!agent) {
-        res.status(500).json({ error: `Agent '${slug}' could not be parsed` });
-        return;
-    }
-    const builtin = isBuiltinAgent(slug);
-    res.json({
-        name: agent.name,
-        slug: agent.slug,
-        description: agent.description,
-        model: agent.model,
-        scope: agent.scope ?? null,
-        persistent: agent.persistent ?? false,
-        skills: agent.skills ?? [],
-        type: builtin ? "builtin" : "custom",
-        editable: !builtin,
-        systemPrompt: agent.systemMessage,
-    });
-});
-app.patch("/api/agents/:slug", async (req, res) => {
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? slugParam[0] : slugParam;
-    if (!SLUG_REGEX.test(slug)) {
-        throw new BadRequestError("Invalid slug");
-    }
-    if (modeContext.isTeam() && req.user?.role !== "team-lead") {
-        throw new ForbiddenError("Forbidden");
-    }
-    const patch = parseRequest(agentPatchSchema, req.body ?? {});
-    const filePath = join(AGENTS_DIR, `${slug}.agent.md`);
-    const resolvedAgentsDir = resolve(AGENTS_DIR);
-    const resolvedFilePath = resolve(filePath);
-    if (!(resolvedFilePath === resolvedAgentsDir || resolvedFilePath.startsWith(`${resolvedAgentsDir}${sep}`))) {
-        throw new ForbiddenError("Access denied");
-    }
-    assertAgentEditAccess({ entraAuthEnabled: config.entraAuthEnabled }, req.user);
-    if (isBuiltinAgent(slug)) {
-        throw new ForbiddenError("Built-in agents are read-only");
-    }
-    if (!existsSync(filePath)) {
-        throw new NotFoundError("Agent not found");
-    }
-    try {
-        const current = parseAgentMdOrThrow(readFileSync(filePath, "utf-8"), slug);
-        const updated = {
-            ...current,
-            name: patch.name ?? current.name,
-            description: patch.description ?? current.description,
-            model: patch.model ?? current.model,
-            systemMessage: patch.systemPrompt ?? current.systemMessage,
-        };
-        const nextContent = serializeAgentMd(updated);
-        writeFileSync(filePath, nextContent, "utf-8");
-        await notifyAgentSaved(slug, updated);
-        res.json({
-            name: updated.name,
-            slug: updated.slug,
-            description: updated.description,
-            model: updated.model,
-            scope: updated.scope ?? null,
-            persistent: updated.persistent ?? false,
-            skills: updated.skills ?? [],
-            type: "custom",
-            editable: true,
-            systemPrompt: updated.systemMessage,
-        });
-    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        throw new BadRequestError(`Invalid content: ${message}`);
-    }
-});
-app.get("/api/channels", (_req, res) => {
-    const agents = getLoadedAgents();
-    const persistentAgentChannels = agents
-        .filter((agent) => agent.persistent)
-        .map((agent) => ({
-        key: `agent:${agent.slug}`,
-        label: `# ${agent.slug}`,
-        slug: agent.slug,
-        name: agent.name,
-        description: agent.description,
-        ...(agent.scope ? { scope: agent.scope } : {}),
-    }))
-        .sort((a, b) => a.label.localeCompare(b.label));
-    res.json([
-        {
-            key: "default",
-            label: "# chapterhouse",
-            name: "Chapterhouse",
-            description: "Orchestrator",
-        },
-        ...persistentAgentChannels,
-    ]);
-});
-// List all workers: reads from SQLite agent_tasks (last 24 hours) so completed
-// dispatched subagents remain visible after they finish, not just in-flight ones.
-app.get("/api/workers", (_req, res) => {
-    const rows = getDb()
-        .prepare(`SELECT task_id, agent_slug, description, status, started_at, completed_at
-       FROM agent_tasks
-       WHERE started_at >= datetime('now', '-24 hours')
-       ORDER BY started_at DESC
-       LIMIT 100`)
-        .all();
-    const registry = getAgentRegistry();
-    res.json(rows.map((row) => {
-        const agent = registry.find((a) => a.slug === row.agent_slug);
-        return {
-            taskId: row.task_id,
-            slug: row.agent_slug,
-            name: agent?.name || row.agent_slug,
-            model: agent?.model || "unknown",
-            description: row.description,
-            status: row.status,
-            startedAt: row.started_at,
-            completedAt: row.completed_at,
-        };
-    }));
-});
-// Detailed worker row: include task status, description, and any captured result/output.
-app.get("/api/workers/:taskId", (req, res) => {
-    const taskId = req.params.taskId;
-    const row = getDb()
-        .prepare(`SELECT task_id, agent_slug, description, prompt, status, result, started_at, completed_at
-       FROM agent_tasks WHERE task_id = ?`)
-        .get(taskId);
-    if (!row) {
-        throw new NotFoundError("Task not found");
-    }
-    const registry = getAgentRegistry();
-    const agent = registry.find((a) => a.slug === row.agent_slug);
-    res.json({
-        taskId: row.task_id,
-        agentSlug: row.agent_slug,
-        name: agent?.name || row.agent_slug,
-        description: row.description,
-        prompt: row.prompt,
-        status: row.status,
-        result: row.result,
-        startedAt: row.started_at,
-        completedAt: row.completed_at,
-    });
-});
-const TERMINAL_TASK_STATUSES = new Set(["completed", "failed", "cancelled", "error"]);
-// SSE stream for per-task tool-call activity.
-// Replays buffered/persisted backlog on connect, then streams live events until
-// the task reaches a terminal state.
-app.get("/api/workers/:taskId/events", (req, res) => {
-    const taskId = req.params.taskId;
-    const taskRow = getDb()
-        .prepare(`SELECT task_id FROM agent_tasks WHERE task_id = ?`)
-        .get(taskId);
-    if (!taskRow) {
-        throw new NotFoundError("Task not found");
-    }
-    res.setHeader("Content-Type", "text/event-stream");
-    res.setHeader("Cache-Control", "no-cache");
-    res.setHeader("Connection", "keep-alive");
-    res.setHeader("X-Accel-Buffering", "no");
-    res.flushHeaders();
-    const rawLastId = req.headers["last-event-id"];
-    const lastSeq = rawLastId && !Array.isArray(rawLastId) && /^\d+$/.test(rawLastId.trim())
-        ? parseInt(rawLastId.trim(), 10)
-        : undefined;
-    const sendEvent = (event) => {
-        let payload;
-        if (event.kind === "output_delta") {
-            payload = {
-                type: "output_delta",
-                taskId: event.taskId,
-                seq: event.seq,
-                text: event.text ?? "",
-            };
-        }
-        else if (event.kind === "task_status") {
-            payload = {
-                type: "task_status",
-                taskId: event.taskId,
-                seq: event.seq,
-                status: event.status ?? "running",
-                summary: event.summary,
-            };
-        }
-        else {
-            payload = {
-                taskId: event.taskId,
-                seq: event.seq,
-                ts: event.ts,
-                kind: event.kind,
-                toolName: event.toolName,
-                summary: event.summary,
-            };
-        }
-        res.write(`id: ${event.seq}\ndata: ${JSON.stringify(payload)}\n\n`);
-    };
-    let replayHighSeq = lastSeq;
-    if (lastSeq !== undefined) {
-        const bufferedEvents = getTaskLogEvents(taskId);
-        const oldestBufferedSeq = bufferedEvents[0]?.seq;
-        const bufferMissesRange = oldestBufferedSeq === undefined || oldestBufferedSeq > lastSeq + 1;
-        if (bufferMissesRange) {
-            const dbEvents = getTaskEvents(taskId, lastSeq);
-            for (const event of dbEvents) {
-                sendEvent(event);
-                if (replayHighSeq === undefined || event.seq > replayHighSeq) {
-                    replayHighSeq = event.seq;
-                }
-            }
-        }
-    }
-    const replayEvents = getTaskLogEvents(taskId, replayHighSeq ?? 0);
-    const backlog = replayEvents.length > 0 ? replayEvents : getTaskEvents(taskId, replayHighSeq ?? 0);
-    for (const event of backlog) {
-        sendEvent(event);
-    }
-    const isTerminal = () => {
-        const row = getDb()
-            .prepare(`SELECT status FROM agent_tasks WHERE task_id = ?`)
-            .get(taskId);
-        return row ? TERMINAL_TASK_STATUSES.has(row.status) : true;
-    };
-    res.write(`: connected task=${taskId}\n\n`);
-    if (isTerminal()) {
-        res.end();
-        return;
-    }
-    const heartbeat = setInterval(() => {
-        res.write(`: keep-alive\n\n`);
-    }, 15_000);
-    let cleaned = false;
-    let unsubscribeTaskLog;
-    let unsubscribeDestroyed;
-    let unsubscribeError;
-    const cleanup = () => {
-        if (cleaned)
-            return;
-        cleaned = true;
-        clearInterval(heartbeat);
-        unsubscribeTaskLog?.();
-        unsubscribeDestroyed?.();
-        unsubscribeError?.();
-    };
-    unsubscribeTaskLog = subscribeTaskLog(taskId, (event) => {
-        sendEvent(event);
-        // Close SSE when a terminal task_status event arrives
-        if (event.kind === "task_status" && event.status && TERMINAL_TASK_STATUSES.has(event.status)) {
-            cleanup();
-            res.end();
-        }
-    });
-    unsubscribeDestroyed = agentEventBus.subscribe("session:destroyed", (event) => {
-        if (event.sessionId === taskId && isTerminal()) {
-            cleanup();
-            res.end();
-        }
-    });
-    unsubscribeError = agentEventBus.subscribe("session:error", (event) => {
-        if (event.sessionId === taskId && isTerminal()) {
-            cleanup();
-            res.end();
-        }
-    });
-    req.on("close", () => {
-        cleanup();
-    });
-});
-// ---------------------------------------------------------------------------
-// Global agent EventBus SSE stream — thin pass-through of AgentEvents.
-// Replaces the 4-second poll in the Workers frontend: clients subscribe once
-// and receive push notifications on session:created / session:destroyed /
-// session:error so the worker list updates in real time.
-// Chat-specific events (delta, message, queued) are NOT emitted here.
-// ---------------------------------------------------------------------------
-app.get("/api/agents/stream", (req, res) => {
-    res.writeHead(200, {
-        "Content-Type": "text/event-stream",
-        "Cache-Control": "no-cache",
-        Connection: "keep-alive",
-    });
-    res.write(formatSseData({ type: "connected" }));
-    const heartbeat = setInterval(() => { res.write(`:ping\n\n`); }, 20_000);
-    const unsub = agentEventBus.subscribeAll((event) => {
-        res.write(formatSseData({ type: "agent_event", agentEvent: event }));
-    });
-    req.on("close", () => {
-        clearInterval(heartbeat);
-        unsub();
-    });
-});
-app.get("/stream", (req, res) => {
-    const connectionId = `web-${++connectionCounter}`;
-    res.writeHead(200, {
-        "Content-Type": "text/event-stream",
-        "Cache-Control": "no-cache",
-        Connection: "keep-alive",
-    });
-    res.write(formatSseData({ type: "connected", connectionId }));
-    while (pendingSseMessages.length > 0) {
-        const queued = pendingSseMessages.shift();
-        if (!queued) {
-            continue;
-        }
-        res.write(formatSseData({ type: "message", content: queued }));
-    }
-    sseClients.set(connectionId, res);
-    const unsubscribeStatus = onStatusChange((status, message) => {
-        res.write(formatSseData({ type: "status", status, message }));
-    });
-    const currentStatus = getStatus();
-    if (currentStatus.status !== "idle") {
-        res.write(formatSseData({ type: "status", ...currentStatus }));
-    }
-    const heartbeat = setInterval(() => {
-        res.write(`:ping\n\n`);
-    }, 20_000);
-    req.on("close", () => {
-        clearInterval(heartbeat);
-        unsubscribeStatus();
-        sseClients.delete(connectionId);
-    });
-});
-// ---------------------------------------------------------------------------
-// Send a message to the orchestrator
-// ---------------------------------------------------------------------------
-app.post("/api/message", (req, res) => {
-    const { prompt, connectionId, projectPath, sessionKey: requestedSessionKey, msgId } = parseRequest(messageRequestSchema, req.body);
-    const effectiveSessionKey = requestedSessionKey || "default";
-    if (!sseClients.has(connectionId)) {
-        throw new BadRequestError("Missing or invalid 'connectionId'. Connect to /stream first.");
-    }
-    sendToOrchestrator(prompt, {
-        type: "web",
-        connectionId,
-        user: req.user,
-        authorizationHeader: typeof req.headers.authorization === "string" ? req.headers.authorization : undefined,
-        projectPath: projectPath || undefined,
-    }, (text, done, turnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            const event = {
-                type: done ? "message" : "delta",
-                content: text,
-                sessionKey: effectiveSessionKey,
-                turnId,
-            };
-            if (done) {
-                const routeResult = getLastRouteResult();
-                if (routeResult) {
-                    event.route = {
-                        model: routeResult.model,
-                        routerMode: routeResult.routerMode,
-                        ...(routeResult.tier !== null ? { tier: routeResult.tier } : {}),
-                        ...(routeResult.overrideName ? { overrideName: routeResult.overrideName } : {}),
-                    };
-                }
-            }
-            sseRes.write(formatSseData(event));
-        }
-    }, undefined, (activity, turnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            sseRes.write(formatSseData({ type: "activity", ...activity, sessionKey: effectiveSessionKey, ...(turnId ? { turnId } : {}) }));
-        }
-    }, (position, turnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            sseRes.write(formatSseData({
-                type: "queued",
-                position,
-                sessionKey: effectiveSessionKey,
-                turnId,
-                ...(msgId ? { msgId } : {}),
-            }));
-        }
-    }, (remainingLength) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            sseRes.write(formatSseData({
-                type: "queue-advance",
-                length: remainingLength,
-                sessionKey: effectiveSessionKey,
-            }));
-        }
-    });
-    res.json({ status: "queued" });
-});
-// Cancel the current in-flight message
-app.post("/api/cancel", async (_req, res) => {
-    const sessionKey = getCurrentSessionKey();
-    const cancelled = await cancelCurrentMessage();
-    for (const [, sseRes] of sseClients) {
-        sseRes.write(formatSseData({ type: "cancelled", sessionKey }));
-    }
-    res.json({ status: "ok", cancelled });
-});
-app.post("/api/agents/:slug/reload-confirm", async (req, res) => {
-    const slugParam = Array.isArray(req.params.slug) ? req.params.slug[0] : req.params.slug;
-    const slug = slugParam?.trim() || "";
-    const agent = getAgent(slug);
-    if (!agent?.persistent) {
-        throw new NotFoundError("Agent not found");
-    }
-    const sessionKey = `agent:${agent.slug}`;
-    await interruptSessionTurn(sessionKey);
-    const reloadResult = await reloadPersistentAgent(agent.slug);
-    if (reloadResult === "reloaded") {
-        broadcastSsePayload({ type: "agent_reloaded", slug: agent.slug, reason: "confirmed_restart" });
-    }
-    res.json({ status: "ok" });
-});
-// Cancel the active turn for one session key without touching other channels.
-app.post("/api/session/:sessionKey/interrupt", async (req, res) => {
-    const sessionKey = Array.isArray(req.params.sessionKey)
-        ? req.params.sessionKey[0]
-        : req.params.sessionKey;
-    if (!sessionKey)
-        throw new BadRequestError("Missing sessionKey");
-    const cancelled = await interruptSessionTurn(sessionKey);
-    res.json({ status: "ok", cancelled });
-});
-// Interrupt the active turn on a specific session and start a replacement turn.
-// POST /api/sessions/:sessionKey/interrupt
-// Body: { prompt, connectionId, attachments? }
-app.post("/api/sessions/:sessionKey/interrupt", (req, res) => {
-    const sessionKey = Array.isArray(req.params.sessionKey)
-        ? req.params.sessionKey[0]
-        : req.params.sessionKey;
-    if (!sessionKey)
-        throw new BadRequestError("Missing sessionKey");
-    const { prompt, connectionId, attachments } = parseRequest(interruptRequestSchema, req.body);
-    if (!sseClients.has(connectionId)) {
-        throw new BadRequestError("Missing or invalid 'connectionId'. Connect to /stream first.");
-    }
-    const source = {
-        type: "web",
-        connectionId,
-        user: req.user,
-        authorizationHeader: typeof req.headers.authorization === "string" ? req.headers.authorization : undefined,
-    };
-    interruptCurrentTurn(sessionKey, prompt, source, (text, done, turnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            const event = {
-                type: done ? "message" : "delta",
-                content: text,
-                sessionKey,
-                turnId,
-            };
-            if (done) {
-                const routeResult = getLastRouteResult();
-                if (routeResult) {
-                    event.route = {
-                        model: routeResult.model,
-                        routerMode: routeResult.routerMode,
-                        ...(routeResult.tier !== null ? { tier: routeResult.tier } : {}),
-                        ...(routeResult.overrideName ? { overrideName: routeResult.overrideName } : {}),
-                    };
-                }
-            }
-            sseRes.write(formatSseData(event));
-        }
-    }, attachments, (activity, turnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            sseRes.write(formatSseData({ type: "activity", ...activity, sessionKey, ...(turnId ? { turnId } : {}) }));
-        }
-    }, (abortedTurnId) => {
-        const sseRes = sseClients.get(connectionId);
-        if (sseRes) {
-            sseRes.write(formatSseData({ type: "turn-interrupted", abortedTurnId, sessionKey }));
-        }
-    });
-    res.json({ status: "interrupting" });
-});
-// ---------------------------------------------------------------------------
-// Chat POST→SSE endpoints — enabled by default, overridable via CHAPTERHOUSE_CHAT_SSE (#130)
-// ---------------------------------------------------------------------------
-const turnRequestSchema = z.object({
-    prompt: z.string().trim().min(1, "Missing prompt"),
-    source: z.string().optional(),
-    attachments: z
-        .array(z.object({
-        type: z.literal("file"),
-        path: z.string(),
-        displayName: z.string().optional(),
-    }))
-        .optional(),
-    interrupt: z.boolean().optional(),
-});
-if (config.chatSseEnabled) {
-    /**
-     * POST /api/sessions/:key/turn
-     *
-     * Submit a new turn to the given session.  Returns `{ turnId }` immediately;
-     * the turn runs asynchronously and emits events on the per-session SSE stream.
-     *
-     * Body: `{ prompt, source?, attachments?, interrupt? }`
-     * Response: `{ turnId: string }`
-     */
-    app.post("/api/sessions/:key/turn", (req, res) => {
-        const sessionKey = Array.isArray(req.params.key) ? req.params.key[0] : req.params.key;
-        if (!sessionKey)
-            throw new BadRequestError("Missing session key");
-        const { prompt, attachments, interrupt } = parseRequest(turnRequestSchema, req.body);
-        const authUser = req.user;
-        const authHeader = req.headers.authorization ?? undefined;
-        const turnId = enqueueForSse({
-            sessionKey,
-            prompt,
-            attachments,
-            authUser,
-            authHeader,
-            interrupt: interrupt ?? false,
-        });
-        res.json({ turnId });
-    });
-    /**
-     * GET /api/sessions/:key/stream
-     *
-     * Per-session SSE channel.  Delivers turn events:
-     *   `turn:started`, `turn:delta`, `turn:queued`, `turn:interrupted`,
-     *   `turn:complete`, `turn:error`
-     *
-     * Supports `Last-Event-ID` for reconnect replay:
-     *  - If the session ring buffer covers the requested range, replays from memory.
-     *  - Otherwise falls back to SQLite (covers completed-turn replay).
-     *
-     * Keep-alive comments are sent every 15 s.
-     * Multiple simultaneous subscribers (tabs) are supported.
-     */
-    app.get("/api/sessions/:key/stream", (req, res) => {
-        const sessionKey = Array.isArray(req.params.key) ? req.params.key[0] : req.params.key;
-        if (!sessionKey)
-            throw new BadRequestError("Missing session key");
-        const includeHistorical = req.query.include === "all";
-        res.setHeader("Content-Type", "text/event-stream");
-        res.setHeader("Cache-Control", "no-cache");
-        res.setHeader("Connection", "keep-alive");
-        res.setHeader("X-Accel-Buffering", "no");
-        res.flushHeaders();
-        // Parse Last-Event-ID for reconnect replay
-        const rawLastId = req.headers["last-event-id"];
-        const lastSeq = rawLastId && !Array.isArray(rawLastId) && /^\d+$/.test(rawLastId.trim())
-            ? parseInt(rawLastId.trim(), 10)
-            : undefined;
-        const maxCurrentSeq = getSessionMaxSeqFromDb(sessionKey, { includeHistorical });
-        const effectiveLastSeq = maxCurrentSeq !== undefined && lastSeq !== undefined && lastSeq > maxCurrentSeq
-            ? 0
-            : lastSeq;
-        // Helper: send a named SSE event with an id: field
-        const sendEvent = (event, seq) => {
-            const payload = JSON.stringify(event);
-            res.write(`id: ${seq}\ndata: ${payload}\n\n`);
-        };
-        // If Last-Event-ID is present and the session ring buffer doesn't cover it,
-        // fall back to SQLite for replay of completed turns.
-        let replayHighSeq = effectiveLastSeq;
-        if (effectiveLastSeq !== undefined) {
-            const oldestBuf = oldestSessionSeq(sessionKey);
-            const bufferMissesRange = oldestBuf === undefined || oldestBuf > effectiveLastSeq + 1;
-            if (bufferMissesRange) {
-                // Replay from SQLite (completed turns)
-                const dbEvents = getSessionEventsFromDb(sessionKey, effectiveLastSeq, { includeHistorical });
-                for (const e of dbEvents) {
-                    sendEvent(e, e._seq);
-                    if (replayHighSeq === undefined || e._seq > replayHighSeq)
-                        replayHighSeq = e._seq;
-                }
-            }
-        }
-        // Subscribe to session events (replays ring buffer for afterSeq, then live).
-        // Use replayHighSeq (not lastSeq) so ring-buffer replay starts after any DB
-        // events we already sent — avoids double-replay overlap (Fix 5).
-        const unsub = subscribeSession(sessionKey, (e) => {
-            sendEvent(e, e._seq);
-        }, replayHighSeq);
-        // Send connected event
-        res.write(`: connected session=${sessionKey} run=${getCurrentRunId()}\n\n`);
-        // Keep-alive every 15 s
-        const keepAlive = setInterval(() => {
-            res.write(`: keep-alive\n\n`);
-        }, 15_000);
-        req.on("close", () => {
-            clearInterval(keepAlive);
-            unsub();
-        });
-    });
-}
-else {
-    // Feature flag off — return 404 for both endpoints
-    app.post("/api/sessions/:key/turn", (_req, res) => {
-        res.status(404).json({ error: "Chat SSE not enabled. Set CHAPTERHOUSE_CHAT_SSE=1." });
-    });
-    app.get("/api/sessions/:key/stream", (_req, res) => {
-        res.status(404).json({ error: "Chat SSE not enabled. Set CHAPTERHOUSE_CHAT_SSE=1." });
-    });
-}
-// ---------------------------------------------------------------------------
-// Model & router
-// ---------------------------------------------------------------------------
-app.get("/api/model", (_req, res) => {
-    res.json({ model: config.copilotModel });
-});
-app.post("/api/model", async (req, res) => {
-    const { model } = parseRequest(modelRequestSchema, req.body);
-    try {
-        const { getClient } = await import("../copilot/client.js");
-        const client = await getClient();
-        const models = await client.listModels();
-        const match = models.find((m) => m.id === model);
-        if (!match) {
-            const suggestions = models
-                .filter((m) => m.id.includes(model) || m.id.toLowerCase().includes(model.toLowerCase()))
-                .map((m) => m.id);
-            const hint = suggestions.length > 0 ? ` Did you mean: ${suggestions.join(", ")}?` : "";
-            throw new BadRequestError(`Model '${model}' not found.${hint}`);
-        }
-    }
-    catch (error) {
-        if (error instanceof BadRequestError) {
-            throw error;
-        }
-        // If we can't validate (client not ready), allow the switch — it'll fail on next message if wrong
-    }
-    const previous = config.copilotModel;
-    config.copilotModel = model;
-    persistModel(model);
-    res.json({ previous, current: model });
-});
-app.get("/api/models", async (_req, res) => {
-    try {
-        const { getClient } = await import("../copilot/client.js");
-        const client = await getClient();
-        const models = await client.listModels();
-        res.json({ models: models.map((m) => m.id), current: config.copilotModel });
-    }
-    catch (error) {
-        log.error({ err: error instanceof Error ? error.message : error }, "Failed to list models");
-        throw new InternalServerError();
-    }
-});
-app.get("/api/auto", (_req, res) => {
-    const routerConfig = getRouterConfig();
-    const lastRoute = getLastRouteResult();
-    res.json({
-        ...routerConfig,
-        currentModel: config.copilotModel,
-        lastRoute: lastRoute || null,
-    });
-});
-app.get("/api/memory/active-scope", (_req, res) => {
-    const activeScope = getActiveScope();
-    if (!activeScope) {
-        res.json(null);
-        return;
-    }
-    res.json({
-        slug: activeScope.slug,
-        title: activeScope.title,
-    });
-});
-app.post("/api/memory/active-scope", (req, res) => {
-    const body = parseRequest(setActiveScopeSchema, req.body ?? {});
-    try {
-        const scope = setActiveScope(body.scope);
-        res.json({ ok: true, scope: scope?.slug ?? null });
-    }
-    catch (err) {
-        res.status(404).json({ error: err instanceof Error ? err.message : String(err) });
-    }
-});
-app.get("/api/memory/scopes", (_req, res) => {
-    const db = getDb();
-    const activeScope = getActiveScope();
-    const scopes = listScopes();
-    const result = scopes.map((scope) => {
-        const counts = {
-            observations: db.prepare(`SELECT COUNT(*) AS count FROM mem_observations WHERE scope_id = ?`).get(scope.id).count,
-            decisions: db.prepare(`SELECT COUNT(*) AS count FROM mem_decisions WHERE scope_id = ?`).get(scope.id).count,
-            entities: db.prepare(`SELECT COUNT(*) AS count FROM mem_entities WHERE scope_id = ?`).get(scope.id).count,
-            action_items: db.prepare(`SELECT COUNT(*) AS count FROM mem_action_items WHERE scope_id = ?`).get(scope.id).count,
-        };
-        return {
-            slug: scope.slug,
-            title: scope.title,
-            description: scope.description,
-            active: activeScope?.slug === scope.slug,
-            counts,
-        };
-    });
-    res.json({ scopes: result });
-});
-app.get("/api/memory/inbox", (_req, res) => {
-    const items = listPendingInboxItems();
-    const result = items.map((item) => ({
-        id: item.id,
-        scope_slug: item.scopeId
-            ? getDb().prepare(`SELECT slug FROM mem_scopes WHERE id = ?`).get(item.scopeId)?.slug ?? null
-            : null,
-        kind: item.kind,
-        payload: item.payload,
-        source_agent: item.sourceAgent,
-        created_at: item.createdAt,
-    }));
-    res.json({ items: result, total: result.length });
-});
-app.post("/api/memory/inbox/:id/route", (req, res) => {
-    const id = Number(req.params.id);
-    if (!Number.isInteger(id) || id <= 0) {
-        res.status(400).json({ error: "Invalid inbox item id" });
-        return;
-    }
-    const body = parseRequest(inboxRouteSchema, req.body ?? {});
-    const item = getInboxItem(id);
-    if (!item) {
-        res.status(404).json({ error: `Inbox item '${id}' not found` });
-        return;
-    }
-    if (item.status !== "pending") {
-        res.status(409).json({ error: `Inbox item '${id}' is already resolved` });
-        return;
-    }
-    const status = body.action === "accept" ? "accepted" : "rejected";
-    const reason = body.reason ?? (body.action === "accept" ? "Accepted via web UI" : "Rejected via web UI");
-    resolveInboxItem(id, status, reason);
-    log.info({ id, action: body.action }, "inbox item routed via web UI");
-    res.json({ ok: true });
-});
-app.get("/api/memory/:scope", (req, res) => {
-    const scopeSlug = String(req.params.scope);
-    const scope = getScope(scopeSlug);
-    if (!scope) {
-        res.status(404).json({ error: `Memory scope '${scopeSlug}' not found` });
-        return;
-    }
-    const query = parseRequest(memoryEntriesQuerySchema, req.query);
-    const store = query.store ?? "observations";
-    const tier = query.tier;
-    const db = getDb();
-    let entries;
-    let total;
-    if (store === "observations") {
-        if (tier) {
-            entries = db.prepare(`SELECT id, content, source, tier, entity_id, created_at FROM mem_observations WHERE scope_id = ? AND tier = ? AND archived_at IS NULL ORDER BY id DESC LIMIT 100`).all(scope.id, tier);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_observations WHERE scope_id = ? AND tier = ? AND archived_at IS NULL`).get(scope.id, tier).n;
-        }
-        else {
-            entries = db.prepare(`SELECT id, content, source, tier, entity_id, created_at FROM mem_observations WHERE scope_id = ? AND archived_at IS NULL ORDER BY id DESC LIMIT 100`).all(scope.id);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_observations WHERE scope_id = ? AND archived_at IS NULL`).get(scope.id).n;
-        }
-    }
-    else if (store === "decisions") {
-        if (tier) {
-            entries = db.prepare(`SELECT id, title, rationale, tier, entity_id, decided_at, created_at FROM mem_decisions WHERE scope_id = ? AND tier = ? AND archived_at IS NULL ORDER BY decided_at DESC, id DESC LIMIT 100`).all(scope.id, tier);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_decisions WHERE scope_id = ? AND tier = ? AND archived_at IS NULL`).get(scope.id, tier).n;
-        }
-        else {
-            entries = db.prepare(`SELECT id, title, rationale, tier, entity_id, decided_at, created_at FROM mem_decisions WHERE scope_id = ? AND archived_at IS NULL ORDER BY decided_at DESC, id DESC LIMIT 100`).all(scope.id);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_decisions WHERE scope_id = ? AND archived_at IS NULL`).get(scope.id).n;
-        }
-    }
-    else if (store === "entities") {
-        if (tier) {
-            entries = db.prepare(`SELECT id, kind, name, summary, tier, created_at, updated_at FROM mem_entities WHERE scope_id = ? AND tier = ? ORDER BY updated_at DESC, id DESC LIMIT 100`).all(scope.id, tier);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_entities WHERE scope_id = ? AND tier = ?`).get(scope.id, tier).n;
-        }
-        else {
-            entries = db.prepare(`SELECT id, kind, name, summary, tier, created_at, updated_at FROM mem_entities WHERE scope_id = ? ORDER BY updated_at DESC, id DESC LIMIT 100`).all(scope.id);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_entities WHERE scope_id = ?`).get(scope.id).n;
-        }
-    }
-    else {
-        if (tier) {
-            entries = db.prepare(`SELECT id, title, detail, status, tier, due_at, entity_id, created_at FROM mem_action_items WHERE scope_id = ? AND tier = ? ORDER BY created_at DESC, id DESC LIMIT 100`).all(scope.id, tier);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_action_items WHERE scope_id = ? AND tier = ?`).get(scope.id, tier).n;
-        }
-        else {
-            entries = db.prepare(`SELECT id, title, detail, status, tier, due_at, entity_id, created_at FROM mem_action_items WHERE scope_id = ? ORDER BY created_at DESC, id DESC LIMIT 100`).all(scope.id);
-            total = db.prepare(`SELECT COUNT(*) AS n FROM mem_action_items WHERE scope_id = ?`).get(scope.id).n;
-        }
-    }
-    res.json({ entries, total });
-});
-app.post("/api/memory/:scope/remember", (req, res) => {
-    const scopeSlug = String(req.params.scope);
-    const scope = getScope(scopeSlug);
-    if (!scope) {
-        res.status(404).json({ error: `Memory scope '${scopeSlug}' not found` });
-        return;
-    }
-    const body = parseRequest(memoryRememberSchema, req.body ?? {});
-    if (body.entity_name && !body.entity_kind) {
-        res.status(400).json({ error: "entity_kind is required when entity_name is provided" });
-        return;
-    }
-    const kind = body.kind ?? "observation";
-    const entity = body.entity_name
-        ? upsertEntity({
-            scope_id: scope.id,
-            kind: body.entity_kind,
-            name: body.entity_name,
-            tier: body.tier ?? "warm",
-        })
-        : undefined;
-    if (kind === "decision") {
-        if (!body.title) {
-            res.status(400).json({ error: "title is required when kind='decision'" });
-            return;
-        }
-        const decision = recordDecision({
-            scope_id: scope.id,
-            entity_id: entity?.id,
-            title: body.title,
-            rationale: body.content,
-            decided_at: body.decided_at ?? new Date().toISOString().slice(0, 10),
-            tier: body.tier ?? "warm",
-        });
-        log.info({ id: decision.id, scope: scopeSlug, kind }, "memory written via web UI");
-        res.json({ ok: true, id: String(decision.id) });
-        return;
-    }
-    const observation = recordObservation({
-        scope_id: scope.id,
-        entity_id: entity?.id,
-        content: body.content,
-        source: "agent:web-ui",
-        tier: body.tier ?? "warm",
-    });
-    log.info({ id: observation.id, scope: scopeSlug, kind }, "memory written via web UI");
-    res.json({ ok: true, id: String(observation.id) });
-});
-app.post("/api/memory/hooks/git-commit", authMiddleware, (req, res, next) => {
-    const body = parseRequest(gitCommitHookSchema, req.body ?? {});
-    handleGitCommitHook({ message: body.message, stat: body.stat })
-        .then((result) => res.json({ ok: true, observation_id: result.observation_id }))
-        .catch(next);
-});
-app.post("/api/memory/hooks/pr-merge", authMiddleware, (req, res, next) => {
-    const body = parseRequest(prMergeHookSchema, req.body ?? {});
-    handlePrMergeHook({
-        number: body.number,
-        title: body.title,
-        body: body.body,
-        files_changed: body.files_changed,
-    })
-        .then((result) => res.json({ ok: true, observation_id: result.observation_id }))
-        .catch(next);
-});
-app.post("/api/scopes", (req, res) => {
-    const body = parseRequest(scopeCreateSchema, req.body ?? {});
-    if (getScope(body.slug)) {
-        res.status(409).json({ error: `Memory scope '${body.slug}' already exists` });
-        return;
-    }
-    const scope = createScope({
-        slug: body.slug,
-        title: body.title,
-        description: body.description ?? "",
-        keywords: [body.slug],
-    });
-    res.status(201).json({
-        slug: scope.slug,
-        title: scope.title,
-        description: scope.description,
-        active: scope.active,
-    });
-});
-app.post("/api/auto", (req, res) => {
-    const body = parseRequest(autoRequestSchema, req.body ?? {});
-    const updated = updateRouterConfig(body);
-    log.info({ enabled: updated.enabled }, "Auto-routing updated");
-    res.json(updated);
-});
-app.get("/api/projects", (_req, res) => {
-    ensureWikiStructure();
-    const projects = Object.entries(loadRegistry())
-        .sort(([left], [right]) => left.localeCompare(right))
-        .map(([slug, cwd]) => {
-        const summary = loadProjectRuleSummary(slug);
-        return {
-            slug,
-            cwd,
-            hardRuleCount: summary.hardRuleCount,
-            softRuleCount: summary.softRuleCount,
-        };
-    });
-    res.json(projects);
-});
-app.get("/api/projects/:slug", (req, res) => {
-    ensureWikiStructure();
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? (slugParam[0] ?? "") : (slugParam ?? "");
-    const cwd = loadRegistry()[slug];
-    if (!cwd) {
-        res.status(404).json({ error: "Project not found" });
-        return;
-    }
-    res.json(createProjectDetailPayload(slug, cwd));
-});
-app.post("/api/projects", async (req, res) => {
-    ensureWikiStructure();
-    const { slug, cwd } = parseRequest(projectCreateSchema, req.body ?? {});
-    const rulesPath = getProjectRulesPath(slug);
-    await withWikiWrite(() => {
-        const registry = loadRegistry();
-        if (registry[slug]) {
-            throw new BadRequestError(`Project '${slug}' already exists`);
-        }
-        if (pageExists(rulesPath)) {
-            throw new BadRequestError(`Project rules page '${rulesPath}' already exists`);
-        }
-        saveRegistry({
-            ...registry,
-            [slug]: cwd,
-        });
-        writePage(rulesPath, renderInitialProjectRulesPage(slug));
-    });
-    res.status(201).json(createProjectDetailPayload(slug, cwd));
-});
-app.delete("/api/projects/:slug", async (req, res) => {
-    ensureWikiStructure();
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? (slugParam[0] ?? "") : (slugParam ?? "");
-    const registry = loadRegistry();
-    if (!registry[slug]) {
-        throw new NotFoundError("Project not found");
-    }
-    const rulesPath = getProjectRulesPath(slug);
-    await withWikiWrite(() => {
-        const nextRegistry = { ...loadRegistry() };
-        delete nextRegistry[slug];
-        saveRegistry(nextRegistry);
-        deletePage(rulesPath);
-    });
-    res.json({ ok: true, slug });
-});
-app.put("/api/projects/:slug/rules/hard", async (req, res) => {
-    ensureWikiStructure();
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? (slugParam[0] ?? "") : (slugParam ?? "");
-    const cwd = loadRegistry()[slug];
-    if (!cwd) {
-        throw new NotFoundError("Project not found");
-    }
-    if (!pageExists(getProjectRulesPath(slug))) {
-        throw new NotFoundError("Project rules not found");
-    }
-    const { hardRules } = parseRequest(projectHardRulesSchema, req.body ?? {});
-    await withWikiWrite(() => {
-        saveProjectRulesHardFields(slug, hardRules);
-    });
-    res.json(createProjectDetailPayload(slug, cwd));
-});
-app.put("/api/projects/:slug/rules/soft", async (req, res) => {
-    ensureWikiStructure();
-    const slugParam = req.params.slug;
-    const slug = Array.isArray(slugParam) ? (slugParam[0] ?? "") : (slugParam ?? "");
-    const cwd = loadRegistry()[slug];
-    if (!cwd) {
-        throw new NotFoundError("Project not found");
-    }
-    if (!pageExists(getProjectRulesPath(slug))) {
-        throw new NotFoundError("Project rules not found");
-    }
-    const { softRules } = parseRequest(projectSoftRulesSchema, req.body ?? {});
-    await withWikiWrite(() => {
-        saveProjectRulesSoftRules(slug, softRules);
-    });
-    res.json(createProjectDetailPayload(slug, cwd));
-});
-// ---------------------------------------------------------------------------
-// Wiki: list, read, write, delete
-// ---------------------------------------------------------------------------
-app.get("/api/wiki/pages", async (req, res) => {
-    ensureWikiStructure();
-    // Sync team wiki pages if connected, using the caller's auth token
-    if (modeContext.canSyncTeamWiki() && teamWikiSync.isEnabled()) {
-        const authorizationHeader = typeof req.headers.authorization === "string"
-            ? req.headers.authorization
-            : undefined;
-        try {
-            await teamWikiSync.syncAll({ authorizationHeader });
-        }
-        catch {
-            // Non-fatal: list local pages even if team sync fails
-        }
-    }
-    const entries = parseIndex();
-    // Index entries first (rich metadata), then any pages on disk that aren't yet indexed.
-    const indexed = new Set(entries.map((e) => e.path));
-    const indexedResults = entries.map((e) => ({
-        path: e.path,
-        title: e.title,
-        summary: e.summary,
-        section: e.section,
-        tags: e.tags || [],
-        updated: coerceWikiPageUpdated(e.path, e.updated),
-        scope: getWikiPageScope(e.path),
-    }));
-    const orphanResults = listPages()
-        .filter((p) => !indexed.has(p))
-        .map((p) => ({
-        path: p,
-        title: p,
-        summary: "",
-        section: "Unindexed",
-        tags: [],
-        updated: coerceWikiPageUpdated(p, undefined),
-        scope: getWikiPageScope(p),
-    }));
-    res.json([...indexedResults, ...orphanResults]);
-});
-app.get("/api/wiki/browser-pages", async (req, res) => {
-    ensureWikiStructure();
-    const filters = {
-        q: normalizeOptionalQueryParam(req.query.q),
-        type: normalizeOptionalQueryParam(req.query.type),
-    };
-    const db = getDb();
-    const { count } = db.prepare("SELECT COUNT(*) AS count FROM wiki_pages").get();
-    const pages = count > 0
-        ? listDbWikiBrowserPages(filters)
-        : listFallbackWikiBrowserPages(filters);
-    res.json({ pages });
-});
-app.get("/api/wiki/sources", async (req, res) => {
-    ensureWikiStructure();
-    res.json({ sources: listWikiSources(readOptionalPageFilter(req)) });
-});
-app.get("/api/wiki/links", async (req, res) => {
-    ensureWikiStructure();
-    res.json({ links: listWikiLinks(readOptionalPageFilter(req)) });
-});
-app.get("/api/wiki/page", async (req, res) => {
-    const slugParam = normalizeOptionalQueryParam(req.query.slug);
-    if (slugParam) {
-        const path = `pages/${slugParam}.md`;
-        assertValidPagePath(path);
-        const db = getDb();
-        const row = db.prepare("SELECT title, entity_type, last_updated, pinned FROM wiki_pages WHERE path = ?").get(path);
-        const authorizationHeader = typeof req.headers.authorization === "string"
-            ? req.headers.authorization
-            : undefined;
-        const rawContent = await readWikiPage(path, { authorizationHeader });
-        if (rawContent === undefined) {
-            throw new NotFoundError("Page not found");
-        }
-        const { parsed: frontmatter } = parseWikiFrontmatter(rawContent);
-        res.json({
-            page: {
-                slug: slugParam,
-                title: row?.title ?? slugParam,
-                type: row?.entity_type ?? "topics",
-                last_updated: row?.last_updated ?? coerceWikiPageUpdated(path, undefined),
-                compiled_truth: rawContent,
-                pinned: Boolean(row?.pinned),
-                frontmatter,
-            },
-        });
-        return;
-    }
-    const path = assertValidPagePath(readPathParam(req));
-    const authorizationHeader = typeof req.headers.authorization === "string"
-        ? req.headers.authorization
-        : undefined;
-    const content = await readWikiPage(path, { authorizationHeader });
-    if (content === undefined) {
-        if (path === "pages/index.md") {
-            res.json(createWikiPagePayload(path, getEmptyWikiWelcomeContent()));
+        const slug = typeof event.slug === "string" ? event.slug : undefined;
+        if (slug) {
+            broadcastSsePayloadToSession(`agent:${slug}`, event);
             return;
         }
-        throw new NotFoundError("Page not found");
-    }
-    res.json(createWikiPagePayload(path, content));
-});
-app.put("/api/wiki/page", async (req, res) => {
-    const path = assertValidPagePath(readPathParam(req));
-    const { content } = parseRequest(wikiWriteSchema, req.body);
-    const created = await withWikiWrite(() => {
-        const isCreated = !pageExists(path);
-        writePage(path, content);
-        return isCreated;
-    });
-    res.json({ ok: true, created, path });
-});
-const wikiUpdateSchema = z.object({
-    slug: requiredString("Missing 'slug' in request body"),
-    compiled_truth: z.string().optional(),
-    frontmatter: z.record(z.string(), z.unknown()).optional(),
-});
-app.post("/api/wiki/update", authMiddleware, async (req, res) => {
-    const { slug, compiled_truth, frontmatter: newFrontmatter } = parseRequest(wikiUpdateSchema, req.body);
-    const path = assertValidPagePath(`pages/${slug}.md`);
-    let finalContent = compiled_truth;
-    if (newFrontmatter !== undefined) {
-        const existing = readPage(path);
-        const base = finalContent ?? existing ?? "";
-        const { parsed: existingFrontmatter, body } = parseWikiFrontmatter(base);
-        const merged = { ...existingFrontmatter, ...newFrontmatter };
-        const fmLines = Object.entries(merged).map(([k, v]) => `${k}: ${JSON.stringify(v)}`).join("\n");
-        finalContent = `---\n${fmLines}\n---\n${body}`;
-    }
-    if (finalContent !== undefined) {
-        await withWikiWrite(() => writePage(path, finalContent));
-    }
-    const db = getDb();
-    const row = db.prepare("SELECT title, entity_type, last_updated, pinned FROM wiki_pages WHERE path = ?").get(path);
-    const content = readPage(path) ?? finalContent ?? "";
-    const { parsed: frontmatter } = parseWikiFrontmatter(content);
-    res.json({
-        ok: true,
-        page: {
-            slug,
-            title: row?.title ?? slug,
-            type: row?.entity_type ?? "topics",
-            last_updated: row?.last_updated ?? coerceWikiPageUpdated(path, undefined),
-            compiled_truth: content,
-            pinned: Boolean(row?.pinned),
-            frontmatter,
-        },
-    });
-});
-const wikiPinSchema = z.object({
-    slug: requiredString("Missing 'slug' in request body"),
-    pinned: z.boolean({ error: "Missing 'pinned' in request body" }),
-});
-app.post("/api/wiki/page/pin", authMiddleware, async (req, res) => {
-    const { slug, pinned } = parseRequest(wikiPinSchema, req.body);
-    const path = assertValidPagePath(`pages/${slug}.md`);
-    const db = getDb();
-    db.prepare("UPDATE wiki_pages SET pinned = ? WHERE path = ?").run(pinned ? 1 : 0, path);
-    res.json({ ok: true, pinned: Boolean(pinned) });
-});
-app.delete("/api/wiki/page", async (req, res) => {
-    const path = assertValidPagePath(readPathParam(req));
-    const removed = await withWikiWrite(() => deletePage(path));
-    res.json({ ok: removed, path });
-});
-app.get("/api/wiki/korg/sessions", authMiddleware, (_req, res) => {
-    res.json({ sessions: listKorgResearchSessions(getDb()) });
-});
-const wikiIngestSchema = z.object({
-    source_url: z.string().optional(),
-    path: z.string().optional(),
-    topic: z.string().optional(),
-});
-app.post("/api/wiki/ingest", authMiddleware, async (req, res) => {
-    const { source_url, path: ingestPath, topic } = parseRequest(wikiIngestSchema, req.body ?? {});
-    const source = source_url ?? ingestPath;
-    if (!source) {
-        throw new BadRequestError("Missing 'source_url' or 'path' in request body");
-    }
-    const type = source_url ? "url" : "text";
-    await withWikiWrite(() => ingestSource(source, type, topic));
-    res.json({ ok: true });
-});
-const wikiSearchSchema = z.object({
-    q: z.string().optional(),
-    type: z.string().optional(),
-});
-app.get("/api/wiki/search", authMiddleware, async (req, res) => {
-    ensureWikiStructure();
-    const q = normalizeOptionalQueryParam(req.query.q);
-    const type = normalizeOptionalQueryParam(req.query.type);
-    const db = getDb();
-    let rows;
-    try {
-        const clauses = ["wiki_pages_fts MATCH ?"];
-        const params = [q ? `${q}*` : "*"];
-        if (type) {
-            clauses.push("entity_type = ?");
-            params.push(type);
-        }
-        rows = db.prepare(`
-      SELECT path, title, entity_type, last_updated
-      FROM wiki_pages_fts
-      WHERE ${clauses.join(" AND ")}
-      ORDER BY rank
-      LIMIT 50
-    `).all(...params);
-    }
-    catch {
-        const clauses = [];
-        const params = [];
-        if (q) {
-            clauses.push("title LIKE ? COLLATE NOCASE");
-            params.push(`%${q}%`);
-        }
-        if (type) {
-            clauses.push("entity_type = ?");
-            params.push(type);
-        }
-        rows = db.prepare(`
-      SELECT path, title, entity_type, last_updated
-      FROM wiki_pages
-      ${clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : ""}
-      LIMIT 50
-    `).all(...params);
-    }
-    const pages = rows.map((row) => ({
-        slug: wikiPathToBrowserSlug(row.path),
-        title: row.title,
-        type: row.entity_type ?? "topics",
-        last_updated: coerceWikiPageUpdated(row.path, row.last_updated ?? undefined),
-    }));
-    res.json({ pages });
-});
-// ---------------------------------------------------------------------------
-// Skills
-// ---------------------------------------------------------------------------
-app.get("/api/skills", (_req, res) => {
-    res.json(listSkills());
-});
-app.delete("/api/skills/:slug", (req, res) => {
-    const slug = Array.isArray(req.params.slug) ? req.params.slug[0] : req.params.slug;
-    const result = removeSkill(slug);
-    if (!result.ok) {
-        throw new BadRequestError(result.message);
-    }
-    res.json({ ok: true, message: result.message });
-});
-// Restart daemon
-app.post("/api/restart", (_req, res) => {
-    res.json({ status: "restarting" });
-    setTimeout(() => {
-        restartDaemon().catch((err) => {
-            log.error({ err: err instanceof Error ? err.message : err }, "Restart failed");
-        });
-    }, 500);
-});
-// ---------------------------------------------------------------------------
-// Session messages — frontend rehydration on reload
-// ---------------------------------------------------------------------------
-app.get("/api/session/:sessionKey/messages", (req, res) => {
-    const sessionKey = Array.isArray(req.params.sessionKey)
-        ? req.params.sessionKey[0]
-        : req.params.sessionKey;
-    if (!sessionKey) {
-        throw new BadRequestError("Missing sessionKey");
-    }
-    const rawLimit = req.query.limit;
-    const limit = rawLimit !== undefined ? parseInt(String(rawLimit), 10) : undefined;
-    if (limit !== undefined && (!Number.isFinite(limit) || limit < 1)) {
-        throw new BadRequestError("'limit' must be a positive integer");
-    }
-    const includeHistorical = req.query.include === "all";
-    const messages = getSessionMessages(sessionKey, limit, { includeHistorical });
-    res.json({ sessionKey, messages });
+        broadcastSsePayload(event);
+    },
 });
+app.use(createSystemRouter({ apiToken }));
+app.use(createAgentsRouter({ modeContext }));
+app.use(createMemoryRouter({ authMiddleware }));
+app.use(createProjectsRouter({ modeContext }));
+app.use(createSessionsRouter());
+app.use(createWikiRouter({ authMiddleware, modeContext }));
 app.use(apiNotFoundHandler);
-// ---------------------------------------------------------------------------
-// Static SPA + fallback. Mounted last so API routes win.
-// ---------------------------------------------------------------------------
 if (existsSync(WEB_DIST_DIR)) {
     app.use(express.static(WEB_DIST_DIR, { index: false, maxAge: "1h" }));
-    // SPA fallback for client-side routing. Everything not under /api/ or the
-    // public transport endpoints gets index.html.
     app.use((req, res, next) => {
         if (req.method !== "GET" || !shouldServeSpaPath(req.path)) {
             next();
@@ -1901,14 +180,5 @@ export function startApiServer() {
         });
     });
 }
-/** Broadcast a proactive message to all connected SSE clients (for background task completions). */
-export function broadcastToSSE(text) {
-    if (sseClients.size === 0) {
-        pendingSseMessages.push(text);
-        return;
-    }
-    for (const [, res] of sseClients) {
-        res.write(formatSseData({ type: "message", content: text }));
-    }
-}
+export { broadcastToSSE };
 //# sourceMappingURL=server.js.map