npm - draft-board - Versions diffs - 0.1.0-beta.0 - Mend

draft-board 0.1.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/app/backend/.env.example +9 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_patch.txt +195 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_stat.txt +6 -0
package/app/backend/CURL_EXAMPLES.md +335 -0
package/app/backend/ENV_SETUP.md +65 -0
package/app/backend/alembic/env.py +71 -0
package/app/backend/alembic/script.py.mako +28 -0
package/app/backend/alembic/versions/001_initial_schema.py +104 -0
package/app/backend/alembic/versions/002_add_jobs_table.py +52 -0
package/app/backend/alembic/versions/003_add_workspace_table.py +48 -0
package/app/backend/alembic/versions/004_add_evidence_table.py +56 -0
package/app/backend/alembic/versions/005_add_verification_commands.py +32 -0
package/app/backend/alembic/versions/006_add_planner_lock_table.py +39 -0
package/app/backend/alembic/versions/007_add_revision_review_tables.py +126 -0
package/app/backend/alembic/versions/008_add_revision_idempotency_and_traceability.py +52 -0
package/app/backend/alembic/versions/009_add_job_health_fields.py +46 -0
package/app/backend/alembic/versions/010_add_review_comment_line_content.py +36 -0
package/app/backend/alembic/versions/011_add_analysis_cache.py +47 -0
package/app/backend/alembic/versions/012_add_boards_table.py +102 -0
package/app/backend/alembic/versions/013_add_ticket_blocking.py +45 -0
package/app/backend/alembic/versions/014_add_agent_sessions.py +220 -0
package/app/backend/alembic/versions/015_add_ticket_sort_order.py +33 -0
package/app/backend/alembic/versions/03220f0b93ae_add_pr_fields_to_ticket.py +49 -0
package/app/backend/alembic/versions/0c2d89fff3b1_seed_board_configs_from_yaml.py +206 -0
package/app/backend/alembic/versions/3348e5cf54c1_add_merge_checklist_table.py +67 -0
package/app/backend/alembic/versions/357c780ee445_add_goal_status.py +34 -0
package/app/backend/alembic/versions/553340b7e26c_add_autonomy_fields_to_goal.py +65 -0
package/app/backend/alembic/versions/774dc335c679_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/7b307e847cbd_merge_heads.py +23 -0
package/app/backend/alembic/versions/82ecd978cc70_add_missing_indexes.py +48 -0
package/app/backend/alembic/versions/8ef5054dc280_add_normalized_log_entries.py +173 -0
package/app/backend/alembic/versions/8f3e2bd8ea3b_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/9d17f0698d3b_add_config_column_to_boards_table.py +30 -0
package/app/backend/alembic/versions/add_agent_conversation_history.py +72 -0
package/app/backend/alembic/versions/add_job_variant.py +34 -0
package/app/backend/alembic/versions/add_performance_indexes.py +95 -0
package/app/backend/alembic/versions/add_repos_and_board_repos.py +174 -0
package/app/backend/alembic/versions/add_session_id_to_jobs.py +27 -0
package/app/backend/alembic/versions/add_sqlite_backend_tables.py +104 -0
package/app/backend/alembic/versions/b10fb0b62240_add_diff_content_to_revisions.py +34 -0
package/app/backend/alembic.ini +89 -0
package/app/backend/app/__init__.py +3 -0
package/app/backend/app/data_dir.py +85 -0
package/app/backend/app/database.py +70 -0
package/app/backend/app/database_sync.py +64 -0
package/app/backend/app/dependencies/__init__.py +5 -0
package/app/backend/app/dependencies/auth.py +80 -0
package/app/backend/app/dependencies.py +43 -0
package/app/backend/app/exceptions.py +178 -0
package/app/backend/app/executors/__init__.py +1 -0
package/app/backend/app/executors/adapters/__init__.py +1 -0
package/app/backend/app/executors/adapters/aider.py +152 -0
package/app/backend/app/executors/adapters/amazon_q.py +103 -0
package/app/backend/app/executors/adapters/amp.py +123 -0
package/app/backend/app/executors/adapters/claude.py +177 -0
package/app/backend/app/executors/adapters/cline.py +127 -0
package/app/backend/app/executors/adapters/codex.py +167 -0
package/app/backend/app/executors/adapters/copilot.py +202 -0
package/app/backend/app/executors/adapters/cursor.py +87 -0
package/app/backend/app/executors/adapters/droid.py +123 -0
package/app/backend/app/executors/adapters/gemini.py +132 -0
package/app/backend/app/executors/adapters/goose.py +131 -0
package/app/backend/app/executors/adapters/opencode.py +123 -0
package/app/backend/app/executors/adapters/qwen.py +123 -0
package/app/backend/app/executors/plugins/__init__.py +1 -0
package/app/backend/app/executors/registry.py +202 -0
package/app/backend/app/executors/spec.py +226 -0
package/app/backend/app/main.py +486 -0
package/app/backend/app/middleware/__init__.py +13 -0
package/app/backend/app/middleware/idempotency.py +426 -0
package/app/backend/app/middleware/rate_limit.py +312 -0
package/app/backend/app/middleware/security_headers.py +43 -0
package/app/backend/app/middleware/timeout.py +37 -0
package/app/backend/app/models/__init__.py +56 -0
package/app/backend/app/models/agent_conversation_history.py +56 -0
package/app/backend/app/models/agent_session.py +127 -0
package/app/backend/app/models/analysis_cache.py +49 -0
package/app/backend/app/models/base.py +9 -0
package/app/backend/app/models/board.py +79 -0
package/app/backend/app/models/board_repo.py +68 -0
package/app/backend/app/models/cost_budget.py +42 -0
package/app/backend/app/models/enums.py +40 -0
package/app/backend/app/models/evidence.py +132 -0
package/app/backend/app/models/goal.py +102 -0
package/app/backend/app/models/idempotency_entry.py +30 -0
package/app/backend/app/models/job.py +163 -0
package/app/backend/app/models/job_queue.py +39 -0
package/app/backend/app/models/kv_store.py +28 -0
package/app/backend/app/models/merge_checklist.py +87 -0
package/app/backend/app/models/normalized_log.py +100 -0
package/app/backend/app/models/planner_lock.py +43 -0
package/app/backend/app/models/rate_limit_entry.py +25 -0
package/app/backend/app/models/repo.py +66 -0
package/app/backend/app/models/review_comment.py +91 -0
package/app/backend/app/models/review_summary.py +69 -0
package/app/backend/app/models/revision.py +130 -0
package/app/backend/app/models/ticket.py +223 -0
package/app/backend/app/models/ticket_event.py +83 -0
package/app/backend/app/models/user.py +47 -0
package/app/backend/app/models/workspace.py +71 -0
package/app/backend/app/redis_client.py +119 -0
package/app/backend/app/routers/__init__.py +29 -0
package/app/backend/app/routers/agents.py +296 -0
package/app/backend/app/routers/auth.py +94 -0
package/app/backend/app/routers/board.py +885 -0
package/app/backend/app/routers/dashboard.py +351 -0
package/app/backend/app/routers/debug.py +528 -0
package/app/backend/app/routers/evidence.py +96 -0
package/app/backend/app/routers/executors.py +324 -0
package/app/backend/app/routers/goals.py +574 -0
package/app/backend/app/routers/jobs.py +448 -0
package/app/backend/app/routers/maintenance.py +172 -0
package/app/backend/app/routers/merge.py +360 -0
package/app/backend/app/routers/planner.py +537 -0
package/app/backend/app/routers/pull_requests.py +382 -0
package/app/backend/app/routers/repos.py +263 -0
package/app/backend/app/routers/revisions.py +939 -0
package/app/backend/app/routers/settings.py +267 -0
package/app/backend/app/routers/tickets.py +2003 -0
package/app/backend/app/routers/webhooks.py +143 -0
package/app/backend/app/routers/websocket.py +249 -0
package/app/backend/app/schemas/__init__.py +109 -0
package/app/backend/app/schemas/board.py +87 -0
package/app/backend/app/schemas/common.py +33 -0
package/app/backend/app/schemas/evidence.py +87 -0
package/app/backend/app/schemas/goal.py +90 -0
package/app/backend/app/schemas/job.py +97 -0
package/app/backend/app/schemas/merge.py +139 -0
package/app/backend/app/schemas/planner.py +500 -0
package/app/backend/app/schemas/repo.py +187 -0
package/app/backend/app/schemas/review.py +137 -0
package/app/backend/app/schemas/revision.py +114 -0
package/app/backend/app/schemas/ticket.py +238 -0
package/app/backend/app/schemas/ticket_event.py +72 -0
package/app/backend/app/schemas/workspace.py +19 -0
package/app/backend/app/services/__init__.py +31 -0
package/app/backend/app/services/agent_memory_service.py +223 -0
package/app/backend/app/services/agent_registry.py +346 -0
package/app/backend/app/services/agent_session_manager.py +318 -0
package/app/backend/app/services/agent_session_service.py +219 -0
package/app/backend/app/services/agent_tools.py +379 -0
package/app/backend/app/services/auth_service.py +98 -0
package/app/backend/app/services/autonomy_service.py +380 -0
package/app/backend/app/services/board_repo_service.py +201 -0
package/app/backend/app/services/board_service.py +326 -0
package/app/backend/app/services/cleanup_service.py +1085 -0
package/app/backend/app/services/config_service.py +908 -0
package/app/backend/app/services/context_gatherer.py +557 -0
package/app/backend/app/services/cost_tracking_service.py +293 -0
package/app/backend/app/services/cursor_log_normalizer.py +536 -0
package/app/backend/app/services/delivery_pipeline.py +440 -0
package/app/backend/app/services/executor_service.py +634 -0
package/app/backend/app/services/git_host/__init__.py +11 -0
package/app/backend/app/services/git_host/factory.py +87 -0
package/app/backend/app/services/git_host/github.py +270 -0
package/app/backend/app/services/git_host/gitlab.py +194 -0
package/app/backend/app/services/git_host/protocol.py +75 -0
package/app/backend/app/services/git_merge_simple.py +346 -0
package/app/backend/app/services/git_ops.py +384 -0
package/app/backend/app/services/github_service.py +233 -0
package/app/backend/app/services/goal_service.py +113 -0
package/app/backend/app/services/job_service.py +423 -0
package/app/backend/app/services/job_watchdog_service.py +424 -0
package/app/backend/app/services/langchain_adapter.py +122 -0
package/app/backend/app/services/llm_provider_clients.py +351 -0
package/app/backend/app/services/llm_service.py +285 -0
package/app/backend/app/services/log_normalizer.py +342 -0
package/app/backend/app/services/log_stream_service.py +276 -0
package/app/backend/app/services/merge_checklist_service.py +264 -0
package/app/backend/app/services/merge_service.py +784 -0
package/app/backend/app/services/orchestrator_log.py +84 -0
package/app/backend/app/services/planner_service.py +1662 -0
package/app/backend/app/services/planner_tick_sync.py +1040 -0
package/app/backend/app/services/queued_message_service.py +156 -0
package/app/backend/app/services/reliability_wrapper.py +389 -0
package/app/backend/app/services/repo_discovery_service.py +318 -0
package/app/backend/app/services/review_service.py +334 -0
package/app/backend/app/services/revision_service.py +389 -0
package/app/backend/app/services/safe_autopilot.py +510 -0
package/app/backend/app/services/sqlite_worker.py +372 -0
package/app/backend/app/services/task_dispatch.py +135 -0
package/app/backend/app/services/ticket_generation_service.py +1781 -0
package/app/backend/app/services/ticket_service.py +486 -0
package/app/backend/app/services/udar_planner_service.py +1007 -0
package/app/backend/app/services/webhook_service.py +126 -0
package/app/backend/app/services/workspace_service.py +465 -0
package/app/backend/app/services/worktree_file_service.py +92 -0
package/app/backend/app/services/worktree_validator.py +213 -0
package/app/backend/app/sqlite_kv.py +278 -0
package/app/backend/app/state_machine.py +128 -0
package/app/backend/app/templates/__init__.py +5 -0
package/app/backend/app/templates/registry.py +243 -0
package/app/backend/app/utils/__init__.py +5 -0
package/app/backend/app/utils/artifact_reader.py +87 -0
package/app/backend/app/utils/circuit_breaker.py +229 -0
package/app/backend/app/utils/db_retry.py +136 -0
package/app/backend/app/utils/ignored_fields.py +123 -0
package/app/backend/app/utils/validators.py +54 -0
package/app/backend/app/websocket/__init__.py +5 -0
package/app/backend/app/websocket/manager.py +179 -0
package/app/backend/app/websocket/state_tracker.py +113 -0
package/app/backend/app/worker.py +3190 -0
package/app/backend/calculator_tickets.json +40 -0
package/app/backend/canary_tests.sh +591 -0
package/app/backend/celerybeat-schedule +0 -0
package/app/backend/celerybeat-schedule-shm +0 -0
package/app/backend/celerybeat-schedule-wal +0 -0
package/app/backend/logs/.gitkeep +3 -0
package/app/backend/multiplication_division_implementation_tickets.json +55 -0
package/app/backend/multiplication_division_tickets.json +42 -0
package/app/backend/pyproject.toml +45 -0
package/app/backend/requirements-dev.txt +8 -0
package/app/backend/requirements.txt +20 -0
package/app/backend/run.sh +30 -0
package/app/backend/run_with_logs.sh +10 -0
package/app/backend/scientific_calculator_tickets.json +40 -0
package/app/backend/scripts/extract_openapi.py +21 -0
package/app/backend/scripts/seed_demo.py +187 -0
package/app/backend/setup_demo_review.py +302 -0
package/app/backend/test_actual_parse.py +41 -0
package/app/backend/test_agent_streaming.py +61 -0
package/app/backend/test_parse.py +51 -0
package/app/backend/test_streaming.py +51 -0
package/app/backend/test_subprocess_streaming.py +50 -0
package/app/backend/tests/__init__.py +1 -0
package/app/backend/tests/conftest.py +46 -0
package/app/backend/tests/test_auth.py +341 -0
package/app/backend/tests/test_autonomy_service.py +391 -0
package/app/backend/tests/test_cleanup_service_safety.py +417 -0
package/app/backend/tests/test_middleware.py +279 -0
package/app/backend/tests/test_planner_providers.py +290 -0
package/app/backend/tests/test_planner_unblock.py +183 -0
package/app/backend/tests/test_revision_invariants.py +618 -0
package/app/backend/tests/test_sqlite_kv.py +290 -0
package/app/backend/tests/test_sqlite_worker.py +353 -0
package/app/backend/tests/test_task_dispatch.py +100 -0
package/app/backend/tests/test_ticket_validation.py +304 -0
package/app/backend/tests/test_udar_agent.py +693 -0
package/app/backend/tests/test_webhook_service.py +184 -0
package/app/backend/tickets_output.json +59 -0
package/app/backend/user_management_tickets.json +50 -0
package/app/backend/uvicorn.log +0 -0
package/app/draft.yaml +313 -0
package/app/frontend/dist/assets/index-LcjCczu5.js +155 -0
package/app/frontend/dist/assets/index-_FP_279e.css +1 -0
package/app/frontend/dist/index.html +14 -0
package/app/frontend/dist/vite.svg +1 -0
package/app/frontend/package.json +101 -0
package/bin/cli.js +527 -0
package/package.json +37 -0

package/app/backend/app/services/goal_service.py ADDED Viewed

@@ -0,0 +1,113 @@
+"""Service layer for Goal operations."""
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+from app.exceptions import ResourceNotFoundError
+from app.models.goal import Goal
+from app.schemas.goal import GoalCreate, GoalUpdate
+class GoalService:
+    """Service class for Goal business logic."""
+    def __init__(self, db: AsyncSession):
+        self.db = db
+    async def create_goal(self, data: GoalCreate) -> Goal:
+        """
+        Create a new goal.
+        Args:
+            data: Goal creation data
+        Returns:
+            The created Goal instance
+        """
+        # If board_id provided, verify the board exists
+        if data.board_id:
+            from app.models.board import Board
+            result = await self.db.execute(
+                select(Board).where(Board.id == data.board_id)
+            )
+            if not result.scalar_one_or_none():
+                raise ValueError(f"Board not found: {data.board_id}")
+        goal = Goal(
+            title=data.title,
+            description=data.description,
+            board_id=data.board_id,
+            autonomy_enabled=data.autonomy_enabled,
+            auto_approve_tickets=data.auto_approve_tickets,
+            auto_approve_revisions=data.auto_approve_revisions,
+            auto_merge=data.auto_merge,
+            auto_approve_followups=data.auto_approve_followups,
+            max_auto_approvals=data.max_auto_approvals,
+        )
+        self.db.add(goal)
+        await self.db.flush()
+        await self.db.refresh(goal)
+        return goal
+    async def get_goals(self, board_id: str | None = None) -> list[Goal]:
+        """
+        Get all goals, optionally filtered by board.
+        Args:
+            board_id: If provided, only return goals for this board
+        Returns:
+            List of Goal instances
+        """
+        stmt = select(Goal)
+        if board_id:
+            stmt = stmt.where(Goal.board_id == board_id)
+        result = await self.db.execute(stmt.order_by(Goal.created_at.desc()))
+        return list(result.scalars().all())
+    async def update_goal(self, goal_id: str, data: GoalUpdate) -> Goal:
+        """Update a goal with partial data.
+        Args:
+            goal_id: The UUID of the goal
+            data: Fields to update (None fields are skipped)
+        Returns:
+            The updated Goal instance
+        Raises:
+            ResourceNotFoundError: If the goal is not found
+        """
+        result = await self.db.execute(select(Goal).where(Goal.id == goal_id))
+        goal = result.scalar_one_or_none()
+        if goal is None:
+            raise ResourceNotFoundError("Goal", goal_id)
+        update_data = data.model_dump(exclude_unset=True)
+        for field, value in update_data.items():
+            if value is not None:
+                setattr(goal, field, value)
+        await self.db.flush()
+        await self.db.refresh(goal)
+        return goal
+    async def get_goal_by_id(self, goal_id: str) -> Goal:
+        """
+        Get a goal by its ID.
+        Args:
+            goal_id: The UUID of the goal
+        Returns:
+            The Goal instance
+        Raises:
+            ResourceNotFoundError: If the goal is not found
+        """
+        result = await self.db.execute(select(Goal).where(Goal.id == goal_id))
+        goal = result.scalar_one_or_none()
+        if goal is None:
+            raise ResourceNotFoundError("Goal", goal_id)
+        return goal

package/app/backend/app/services/job_service.py ADDED Viewed

@@ -0,0 +1,423 @@
+"""Service layer for Job operations."""
+import os
+from datetime import UTC, datetime, timedelta
+from pathlib import Path
+from sqlalchemy import func, select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import selectinload
+from app.exceptions import ResourceNotFoundError, ValidationError
+from app.models.job import Job, JobKind, JobStatus
+from app.models.ticket import Ticket
+from app.schemas.job import QueuedJobResponse, QueueStatusResponse
+from app.services.workspace_service import WorkspaceService
+# Base directory for fallback logs (relative to backend directory)
+FALLBACK_LOGS_DIR = Path(__file__).parent.parent.parent / "logs"
+# Maximum log file size to read (2MB)
+MAX_LOG_BYTES = 2_000_000
+# Job rate limiting (prevent spam/runaway tickets)
+MAX_JOBS_PER_TICKET_PER_HOUR = 10
+MAX_EXECUTE_JOBS_PER_TICKET_PER_DAY = 50
+def _safe_read_file(base_path: Path, allowed_root: Path, relpath: str) -> str | None:
+    """Safely read a file, enforcing it is under allowed_root.
+    Args:
+        base_path: Base path to prepend to relpath
+        allowed_root: Root directory that file must be under
+        relpath: Relative path to the file
+    Returns:
+        File content if safe and exists, None otherwise
+    """
+    rel = Path(relpath)
+    # Reject absolute paths
+    if rel.is_absolute():
+        return None
+    # Resolve paths to canonical form
+    allowed_canonical = allowed_root.resolve(strict=False)
+    target = (base_path / rel).resolve(strict=False)
+    # Enforce target is under allowed_root
+    try:
+        common = os.path.commonpath([str(target), str(allowed_canonical)])
+    except ValueError:
+        return None
+    if common != str(allowed_canonical):
+        return None
+    if not target.is_file():
+        return None
+    try:
+        size = target.stat().st_size
+        if size > MAX_LOG_BYTES:
+            with target.open("rb") as f:
+                data = f.read(MAX_LOG_BYTES)
+            return data.decode("utf-8", errors="replace") + "\n\n[truncated]"
+        return target.read_text(encoding="utf-8", errors="replace")
+    except OSError:
+        return None
+def _safe_read_absolute(target: Path) -> str | None:
+    """Safely read an absolute file path with size cap."""
+    if not target.is_file():
+        return None
+    try:
+        size = target.stat().st_size
+        if size > MAX_LOG_BYTES:
+            with target.open("rb") as f:
+                data = f.read(MAX_LOG_BYTES)
+            return data.decode("utf-8", errors="replace") + "\n\n[truncated]"
+        return target.read_text(encoding="utf-8", errors="replace")
+    except OSError:
+        return None
+class JobService:
+    """Service class for Job business logic."""
+    def __init__(self, db: AsyncSession):
+        self.db = db
+    async def create_job(
+        self, ticket_id: str, kind: JobKind, variant: str | None = None
+    ) -> Job:
+        """
+        Create a new job and enqueue the corresponding Celery task.
+        Includes rate limiting to prevent runaway tickets.
+        Args:
+            ticket_id: The UUID of the ticket
+            kind: The kind of job (execute or verify)
+            variant: Optional execution variant (default, plan, qa, review)
+        Returns:
+            The created Job instance with celery_task_id set
+        Raises:
+            ResourceNotFoundError: If the ticket is not found
+            ValidationError: If rate limit exceeded
+        """
+        # Verify the ticket exists and get its board_id
+        # CRITICAL: Use SELECT FOR UPDATE to prevent race conditions in rate limiting
+        # This locks the ticket row until transaction commits, serializing job creation
+        result = await self.db.execute(
+            select(Ticket).where(Ticket.id == ticket_id).with_for_update()
+        )
+        ticket = result.scalar_one_or_none()
+        if ticket is None:
+            raise ResourceNotFoundError("Ticket", ticket_id)
+        # RATE LIMITING: Check hourly limit (protected by row lock above)
+        one_hour_ago = datetime.now(UTC) - timedelta(hours=1)
+        hourly_result = await self.db.execute(
+            select(func.count(Job.id))
+            .where(Job.ticket_id == ticket_id)
+            .where(Job.kind == kind.value)
+            .where(Job.created_at >= one_hour_ago)
+        )
+        recent_jobs_hour = hourly_result.scalar()
+        if recent_jobs_hour >= MAX_JOBS_PER_TICKET_PER_HOUR:
+            raise ValidationError(
+                f"Rate limit exceeded: {recent_jobs_hour} {kind.value} jobs in past hour. "
+                f"Max {MAX_JOBS_PER_TICKET_PER_HOUR} per hour per ticket."
+            )
+        # RATE LIMITING: Check daily limit for EXECUTE jobs (expensive)
+        if kind == JobKind.EXECUTE:
+            one_day_ago = datetime.now(UTC) - timedelta(days=1)
+            daily_result = await self.db.execute(
+                select(func.count(Job.id))
+                .where(Job.ticket_id == ticket_id)
+                .where(Job.kind == JobKind.EXECUTE.value)
+                .where(Job.created_at >= one_day_ago)
+            )
+            recent_jobs_day = daily_result.scalar()
+            if recent_jobs_day >= MAX_EXECUTE_JOBS_PER_TICKET_PER_DAY:
+                raise ValidationError(
+                    f"Daily execute limit exceeded: {recent_jobs_day} execute jobs in past 24h. "
+                    f"Max {MAX_EXECUTE_JOBS_PER_TICKET_PER_DAY} per day per ticket."
+                )
+        # Create the job record with board_id from ticket for permission scoping
+        job = Job(
+            ticket_id=ticket_id,
+            board_id=ticket.board_id,  # Inherit board_id from ticket
+            kind=kind.value,
+            status=JobStatus.QUEUED.value,
+        )
+        self.db.add(job)
+        await self.db.flush()
+        await self.db.refresh(job)
+        # CRITICAL: Commit the job BEFORE enqueuing Celery task
+        # This ensures the Celery worker (sync session) can see the job
+        # Without this, async/sync session isolation causes "Job not found" errors
+        await self.db.commit()
+        # Enqueue the task via unified dispatch (supports SQLite and Celery backends)
+        from app.services.task_dispatch import enqueue_task
+        task_names = {
+            JobKind.EXECUTE: "execute_ticket",
+            JobKind.VERIFY: "verify_ticket",
+            JobKind.RESUME: "resume_ticket",
+        }
+        task_name = task_names.get(kind)
+        if not task_name:
+            raise ValueError(f"Unknown job kind: {kind}")
+        task = enqueue_task(task_name, args=[job.id])
+        # Store the task ID for later reference (e.g., cancellation)
+        job.celery_task_id = task.id
+        # Commit again to save the celery_task_id
+        await self.db.commit()
+        await self.db.refresh(job)
+        return job
+    async def get_job_by_id(self, job_id: str) -> Job:
+        """
+        Get a job by its ID.
+        Args:
+            job_id: The UUID of the job
+        Returns:
+            The Job instance
+        Raises:
+            ResourceNotFoundError: If the job is not found
+        """
+        result = await self.db.execute(
+            select(Job).where(Job.id == job_id).options(selectinload(Job.ticket))
+        )
+        job = result.scalar_one_or_none()
+        if job is None:
+            raise ResourceNotFoundError("Job", job_id)
+        return job
+    async def get_jobs_for_ticket(self, ticket_id: str) -> list[Job]:
+        """
+        Get all jobs for a ticket.
+        Args:
+            ticket_id: The UUID of the ticket
+        Returns:
+            List of Job instances ordered by created_at descending
+        Raises:
+            ResourceNotFoundError: If the ticket is not found
+        """
+        # Verify the ticket exists
+        result = await self.db.execute(select(Ticket).where(Ticket.id == ticket_id))
+        ticket = result.scalar_one_or_none()
+        if ticket is None:
+            raise ResourceNotFoundError("Ticket", ticket_id)
+        # Get all jobs for the ticket
+        result = await self.db.execute(
+            select(Job)
+            .where(Job.ticket_id == ticket_id)
+            .order_by(Job.created_at.desc())
+        )
+        return list(result.scalars().all())
+    async def cancel_job(self, job_id: str) -> Job:
+        """
+        Cancel a job (actively kills running subprocesses).
+        This will:
+        1. Mark the job as canceled in the database
+        2. Kill any running subprocess for this job
+        3. Attempt to revoke the Celery task
+        Args:
+            job_id: The UUID of the job
+        Returns:
+            The updated Job instance
+        Raises:
+            ResourceNotFoundError: If the job is not found
+        """
+        import asyncio
+        import logging
+        logger = logging.getLogger(__name__)
+        job = await self.get_job_by_id(job_id)
+        # Only cancel if not already in a terminal state
+        if job.status in [
+            JobStatus.SUCCEEDED.value,
+            JobStatus.FAILED.value,
+            JobStatus.CANCELED.value,
+        ]:
+            return job
+        # Mark as canceled in database FIRST (so worker polls see it)
+        job.status = JobStatus.CANCELED.value
+        await self.db.flush()
+        # Kill any running subprocess
+        try:
+            from app.worker import kill_job_process
+            killed = await asyncio.to_thread(kill_job_process, job_id)
+            if killed:
+                logger.info(f"Successfully killed subprocess for job {job_id}")
+            else:
+                logger.warning(f"No active subprocess found for job {job_id}")
+        except Exception as e:
+            logger.error(f"Failed to kill subprocess for job {job_id}: {e}")
+        await self.db.refresh(job)
+        return job
+    def read_job_logs(self, log_path: str | None) -> str | None:
+        """
+        Read the log content for a job (synchronous version).
+        Security:
+            - Reads from central data dir, legacy .draft/, or backend/logs/
+            - Validates canonical path is under allowed directory
+            - Caps file size to prevent memory exhaustion
+        Args:
+            log_path: The path to the log file (absolute or relative)
+        Returns:
+            The log content as a string, or None if no logs available
+        """
+        if not log_path:
+            return None
+        from app.data_dir import get_data_dir
+        # If it's an absolute path under the central data dir, read directly
+        log_p = Path(log_path)
+        if log_p.is_absolute():
+            data_dir = get_data_dir()
+            try:
+                log_p.resolve().relative_to(data_dir.resolve())
+                if log_p.is_file():
+                    return _safe_read_absolute(log_p)
+            except ValueError:
+                pass
+        # Try central data dir (for new logs)
+        data_dir = get_data_dir()
+        content = _safe_read_file(data_dir, data_dir / "logs", log_path)
+        if content is not None:
+            return content
+        # Try repo root (legacy .draft/ logs)
+        repo_path = WorkspaceService.get_repo_path()
+        draft_root = repo_path / ".draft"
+        content = _safe_read_file(repo_path, draft_root, log_path)
+        if content is not None:
+            return content
+        # Fall back to backend/logs/ directory (for legacy fallback logs)
+        backend_root = Path(__file__).parent.parent.parent
+        content = _safe_read_file(backend_root, FALLBACK_LOGS_DIR, log_path)
+        return content
+    async def read_job_logs_async(self, log_path: str | None) -> str | None:
+        """
+        Read the log content for a job (async version - non-blocking).
+        Wraps file I/O in asyncio.to_thread() to avoid blocking the event loop.
+        Security:
+            - Only reads files under <repo_root>/.draft/ or backend/logs/
+            - Rejects absolute paths
+            - Validates canonical path is under allowed directory
+            - Caps file size to prevent memory exhaustion
+        Args:
+            log_path: The relative path to the log file
+        Returns:
+            The log content as a string, or None if no logs available
+        """
+        import asyncio
+        return await asyncio.to_thread(self.read_job_logs, log_path)
+    async def get_queue_status(self) -> QueueStatusResponse:
+        """
+        Get the current queue status showing running and queued jobs.
+        Returns:
+            QueueStatusResponse with running and queued jobs including ticket info
+        """
+        # Get running jobs (ordered by started_at)
+        running_result = await self.db.execute(
+            select(Job)
+            .where(Job.status == JobStatus.RUNNING.value)
+            .options(selectinload(Job.ticket))
+            .order_by(Job.started_at.asc())
+        )
+        running_jobs = list(running_result.scalars().all())
+        # Get queued jobs (ordered by created_at - FIFO)
+        queued_result = await self.db.execute(
+            select(Job)
+            .where(Job.status == JobStatus.QUEUED.value)
+            .options(selectinload(Job.ticket))
+            .order_by(Job.created_at.asc())
+        )
+        queued_jobs = list(queued_result.scalars().all())
+        # Build response
+        running_responses = [
+            QueuedJobResponse(
+                id=job.id,
+                ticket_id=job.ticket_id,
+                ticket_title=job.ticket.title if job.ticket else "Unknown",
+                kind=JobKind(job.kind),
+                status=JobStatus(job.status),
+                created_at=job.created_at,
+                started_at=job.started_at,
+                queue_position=None,  # Running jobs have no queue position
+            )
+            for job in running_jobs
+        ]
+        queued_responses = [
+            QueuedJobResponse(
+                id=job.id,
+                ticket_id=job.ticket_id,
+                ticket_title=job.ticket.title if job.ticket else "Unknown",
+                kind=JobKind(job.kind),
+                status=JobStatus(job.status),
+                created_at=job.created_at,
+                started_at=job.started_at,
+                queue_position=idx + 1,  # 1-based position
+            )
+            for idx, job in enumerate(queued_jobs)
+        ]
+        return QueueStatusResponse(
+            running=running_responses,
+            queued=queued_responses,
+            total_running=len(running_responses),
+            total_queued=len(queued_responses),
+        )