iranti-control-plane 0.5.0 → 0.5.3

package/dist/server/bundle.cjs

@@ -18407,10 +18407,10 @@ var require_view = __commonJS({
     var debug = require_src()("express:view");
     var path3 = require("path");
     var fs2 = require("fs");
-    var dirname9 = path3.dirname;
+    var dirname10 = path3.dirname;
     var basename7 = path3.basename;
     var extname3 = path3.extname;
-    var join12 = path3.join;
+    var join13 = path3.join;
     var resolve10 = path3.resolve;
     module2.exports = View;
     function View(name, options) {
@@ -18446,7 +18446,7 @@ var require_view = __commonJS({
       for (var i = 0; i < roots.length && !path4; i++) {
         var root = roots[i];
         var loc = resolve10(root, name);
-        var dir = dirname9(loc);
+        var dir = dirname10(loc);
         var file2 = basename7(loc);
         path4 = this.resolve(dir, file2);
       }
@@ -18458,12 +18458,12 @@ var require_view = __commonJS({
     };
     View.prototype.resolve = function resolve11(dir, file2) {
       var ext = this.ext;
-      var path4 = join12(dir, file2);
+      var path4 = join13(dir, file2);
       var stat2 = tryStat(path4);
       if (stat2 && stat2.isFile()) {
         return path4;
       }
-      path4 = join12(dir, basename7(file2, ext), "index" + ext);
+      path4 = join13(dir, basename7(file2, ext), "index" + ext);
       stat2 = tryStat(path4);
       if (stat2 && stat2.isFile()) {
         return path4;
@@ -19096,7 +19096,7 @@ var require_send = __commonJS({
     var Stream = require("stream");
     var util2 = require("util");
     var extname3 = path3.extname;
-    var join12 = path3.join;
+    var join13 = path3.join;
     var normalize = path3.normalize;
     var resolve10 = path3.resolve;
     var sep = path3.sep;
@@ -19315,7 +19315,7 @@ var require_send = __commonJS({
           return res;
         }
         parts = path4.split(sep);
-        path4 = normalize(join12(root, path4));
+        path4 = normalize(join13(root, path4));
       } else {
         if (UP_PATH_REGEXP.test(path4)) {
           debug('malicious path "%s"', path4);
@@ -19326,12 +19326,12 @@ var require_send = __commonJS({
         path4 = resolve10(path4);
       }
       if (containsDotFile(parts)) {
-        var access9 = this._dotfiles;
-        if (access9 === void 0) {
-          access9 = parts[parts.length - 1][0] === "." ? this._hidden ? "allow" : "ignore" : "allow";
+        var access10 = this._dotfiles;
+        if (access10 === void 0) {
+          access10 = parts[parts.length - 1][0] === "." ? this._hidden ? "allow" : "ignore" : "allow";
         }
-        debug('%s dotfile "%s"', access9, path4);
-        switch (access9) {
+        debug('%s dotfile "%s"', access10, path4);
+        switch (access10) {
           case "allow":
             break;
           case "deny":
@@ -19450,7 +19450,7 @@ var require_send = __commonJS({
           if (err) return self.onStatError(err);
           return self.error(404);
         }
-        var p = join12(path4, self._index[i]);
+        var p = join13(path4, self._index[i]);
         debug('stat "%s"', p);
         fs2.stat(p, function(err2, stat2) {
           if (err2) return next(err2);
@@ -20589,7 +20589,7 @@ var require_application = __commonJS({
   "src/server/node_modules/express/lib/application.js"(exports2, module2) {
     "use strict";
     var finalhandler = require_finalhandler();
-    var Router32 = require_router();
+    var Router33 = require_router();
     var methods = require_methods();
     var middleware = require_init();
     var query2 = require_query();
@@ -20654,7 +20654,7 @@ var require_application = __commonJS({
     };
     app2.lazyrouter = function lazyrouter() {
       if (!this._router) {
-        this._router = new Router32({
+        this._router = new Router33({
           caseSensitive: this.enabled("case sensitive routing"),
           strict: this.enabled("strict routing")
         });
@@ -22518,7 +22518,7 @@ var require_express = __commonJS({
     var mixin = require_merge_descriptors();
     var proto = require_application();
     var Route = require_route();
-    var Router32 = require_router();
+    var Router33 = require_router();
     var req = require_request();
     var res = require_response();
     exports2 = module2.exports = createApplication;
@@ -22541,7 +22541,7 @@ var require_express = __commonJS({
     exports2.request = req;
     exports2.response = res;
     exports2.Route = Route;
-    exports2.Router = Router32;
+    exports2.Router = Router33;
     exports2.json = bodyParser.json;
     exports2.query = require_query();
     exports2.raw = bodyParser.raw;
@@ -27129,7 +27129,7 @@ var require_pg_pool = __commonJS({
         pool2.emit("error", err, client);
       };
     }
-    var Pool9 = class extends EventEmitter {
+    var Pool12 = class extends EventEmitter {
       constructor(options, Client3) {
         super();
         this.options = Object.assign({}, options);
@@ -27496,7 +27496,7 @@ var require_pg_pool = __commonJS({
         return this._clients.length;
       }
     };
-    module2.exports = Pool9;
+    module2.exports = Pool12;
   }
 });
 
@@ -27911,12 +27911,12 @@ var require_lib5 = __commonJS({
     var Connection2 = require_connection();
     var Result2 = require_result();
     var utils = require_utils3();
-    var Pool9 = require_pg_pool();
+    var Pool12 = require_pg_pool();
     var TypeOverrides2 = require_type_overrides();
     var { DatabaseError: DatabaseError2 } = require_dist();
     var { escapeIdentifier: escapeIdentifier2, escapeLiteral: escapeLiteral2 } = require_utils3();
     var poolFactory = (Client4) => {
-      return class BoundPool extends Pool9 {
+      return class BoundPool extends Pool12 {
         constructor(options) {
           super(options, Client4);
         }
@@ -28474,11 +28474,11 @@ var require_codegen = __commonJS({
         const rhs = this.rhs === void 0 ? "" : ` = ${this.rhs}`;
         return `${varKind} ${this.name}${rhs};` + _n;
       }
-      optimizeNames(names, constants7) {
+      optimizeNames(names, constants8) {
         if (!names[this.name.str])
           return;
         if (this.rhs)
-          this.rhs = optimizeExpr(this.rhs, names, constants7);
+          this.rhs = optimizeExpr(this.rhs, names, constants8);
         return this;
       }
       get names() {
@@ -28495,10 +28495,10 @@ var require_codegen = __commonJS({
       render({ _n }) {
         return `${this.lhs} = ${this.rhs};` + _n;
       }
-      optimizeNames(names, constants7) {
+      optimizeNames(names, constants8) {
         if (this.lhs instanceof code_1.Name && !names[this.lhs.str] && !this.sideEffects)
           return;
-        this.rhs = optimizeExpr(this.rhs, names, constants7);
+        this.rhs = optimizeExpr(this.rhs, names, constants8);
         return this;
       }
       get names() {
@@ -28559,8 +28559,8 @@ var require_codegen = __commonJS({
       optimizeNodes() {
         return `${this.code}` ? this : void 0;
       }
-      optimizeNames(names, constants7) {
-        this.code = optimizeExpr(this.code, names, constants7);
+      optimizeNames(names, constants8) {
+        this.code = optimizeExpr(this.code, names, constants8);
         return this;
       }
       get names() {
@@ -28589,12 +28589,12 @@ var require_codegen = __commonJS({
         }
         return nodes.length > 0 ? this : void 0;
       }
-      optimizeNames(names, constants7) {
+      optimizeNames(names, constants8) {
         const { nodes } = this;
         let i = nodes.length;
         while (i--) {
           const n = nodes[i];
-          if (n.optimizeNames(names, constants7))
+          if (n.optimizeNames(names, constants8))
             continue;
           subtractNames(names, n.names);
           nodes.splice(i, 1);
@@ -28647,12 +28647,12 @@ var require_codegen = __commonJS({
           return void 0;
         return this;
       }
-      optimizeNames(names, constants7) {
+      optimizeNames(names, constants8) {
         var _a2;
-        this.else = (_a2 = this.else) === null || _a2 === void 0 ? void 0 : _a2.optimizeNames(names, constants7);
-        if (!(super.optimizeNames(names, constants7) || this.else))
+        this.else = (_a2 = this.else) === null || _a2 === void 0 ? void 0 : _a2.optimizeNames(names, constants8);
+        if (!(super.optimizeNames(names, constants8) || this.else))
           return;
-        this.condition = optimizeExpr(this.condition, names, constants7);
+        this.condition = optimizeExpr(this.condition, names, constants8);
         return this;
       }
       get names() {
@@ -28675,10 +28675,10 @@ var require_codegen = __commonJS({
       render(opts) {
         return `for(${this.iteration})` + super.render(opts);
       }
-      optimizeNames(names, constants7) {
-        if (!super.optimizeNames(names, constants7))
+      optimizeNames(names, constants8) {
+        if (!super.optimizeNames(names, constants8))
           return;
-        this.iteration = optimizeExpr(this.iteration, names, constants7);
+        this.iteration = optimizeExpr(this.iteration, names, constants8);
         return this;
       }
       get names() {
@@ -28714,10 +28714,10 @@ var require_codegen = __commonJS({
       render(opts) {
         return `for(${this.varKind} ${this.name} ${this.loop} ${this.iterable})` + super.render(opts);
       }
-      optimizeNames(names, constants7) {
-        if (!super.optimizeNames(names, constants7))
+      optimizeNames(names, constants8) {
+        if (!super.optimizeNames(names, constants8))
           return;
-        this.iterable = optimizeExpr(this.iterable, names, constants7);
+        this.iterable = optimizeExpr(this.iterable, names, constants8);
         return this;
       }
       get names() {
@@ -28759,11 +28759,11 @@ var require_codegen = __commonJS({
         (_b = this.finally) === null || _b === void 0 ? void 0 : _b.optimizeNodes();
         return this;
       }
-      optimizeNames(names, constants7) {
+      optimizeNames(names, constants8) {
         var _a2, _b;
-        super.optimizeNames(names, constants7);
-        (_a2 = this.catch) === null || _a2 === void 0 ? void 0 : _a2.optimizeNames(names, constants7);
-        (_b = this.finally) === null || _b === void 0 ? void 0 : _b.optimizeNames(names, constants7);
+        super.optimizeNames(names, constants8);
+        (_a2 = this.catch) === null || _a2 === void 0 ? void 0 : _a2.optimizeNames(names, constants8);
+        (_b = this.finally) === null || _b === void 0 ? void 0 : _b.optimizeNames(names, constants8);
         return this;
       }
       get names() {
@@ -29064,7 +29064,7 @@ var require_codegen = __commonJS({
     function addExprNames(names, from) {
       return from instanceof code_1._CodeOrName ? addNames(names, from.names) : names;
     }
-    function optimizeExpr(expr, names, constants7) {
+    function optimizeExpr(expr, names, constants8) {
       if (expr instanceof code_1.Name)
         return replaceName(expr);
       if (!canOptimize(expr))
@@ -29079,14 +29079,14 @@ var require_codegen = __commonJS({
         return items;
       }, []));
       function replaceName(n) {
-        const c = constants7[n.str];
+        const c = constants8[n.str];
         if (c === void 0 || names[n.str] !== 1)
           return n;
         delete names[n.str];
         return c;
       }
       function canOptimize(e) {
-        return e instanceof code_1._Code && e._items.some((c) => c instanceof code_1.Name && names[c.str] === 1 && constants7[c.str] !== void 0);
+        return e instanceof code_1._Code && e._items.some((c) => c instanceof code_1.Name && names[c.str] === 1 && constants8[c.str] !== void 0);
       }
     }
     function subtractNames(names, from) {
@@ -35370,11 +35370,11 @@ __export(runner_exports, {
 });
 function resolveMigrationPath(file2) {
   const candidates = [
-    (0, import_path18.resolve)(__dirname2, file2),
-    (0, import_path18.resolve)(__dirname2, "..", "..", "migrations", file2)
+    (0, import_path19.resolve)(__dirname2, file2),
+    (0, import_path19.resolve)(__dirname2, "..", "..", "migrations", file2)
   ];
   for (const candidate of candidates) {
-    if ((0, import_fs12.existsSync)(candidate)) return candidate;
+    if ((0, import_fs13.existsSync)(candidate)) return candidate;
   }
   return candidates[0];
 }
@@ -35383,11 +35383,12 @@ async function run() {
   const migrations = [
     "001_create_staff_events.sql",
     "002_create_archive_flags.sql",
-    "003_staff_events_metrics_index.sql"
+    "003_staff_events_metrics_index.sql",
+    "004_create_fleet_ledger.sql"
   ];
   try {
     for (const file2 of migrations) {
-      const sql = (0, import_fs12.readFileSync)(resolveMigrationPath(file2), "utf8");
+      const sql = (0, import_fs13.readFileSync)(resolveMigrationPath(file2), "utf8");
       console.log(`[migrate] Running ${file2}`);
       await migrationPool.query(sql);
       console.log(`[migrate] Done: ${file2}`);
@@ -35397,17 +35398,17 @@ async function run() {
     await migrationPool.end();
   }
 }
-var import_fs12, import_path18, import_url2, __dirname2;
+var import_fs13, import_path19, import_url2, __dirname2;
 var init_runner = __esm({
   "src/server/migrations/runner.ts"() {
     "use strict";
-    import_fs12 = require("fs");
-    import_path18 = require("path");
+    import_fs13 = require("fs");
+    import_path19 = require("path");
     import_url2 = require("url");
     init_esm();
     init_db();
-    __dirname2 = (0, import_path18.dirname)((0, import_url2.fileURLToPath)(__importmeta_url));
-    if (process.argv[1] && (0, import_path18.resolve)(process.argv[1]) === (0, import_url2.fileURLToPath)(__importmeta_url)) {
+    __dirname2 = (0, import_path19.dirname)((0, import_url2.fileURLToPath)(__importmeta_url));
+    if (process.argv[1] && (0, import_path19.resolve)(process.argv[1]) === (0, import_url2.fileURLToPath)(__importmeta_url)) {
       run().catch((err) => {
         console.error("[migrate] Failed:", err);
         process.exitCode = 1;
@@ -35761,16 +35762,16 @@ __export(index_exports, {
   VERSION: () => VERSION
 });
 module.exports = __toCommonJS(index_exports);
-var import_express32 = __toESM(require_express2(), 1);
+var import_express33 = __toESM(require_express2(), 1);
 var import_cors = __toESM(require_lib3(), 1);
 var import_net = __toESM(require("net"), 1);
-var import_path19 = require("path");
-var import_fs13 = require("fs");
+var import_path20 = require("path");
+var import_fs14 = require("fs");
 var import_url3 = require("url");
 var import_module = require("module");
 
 // src/server/routes/control-plane/index.ts
-var import_express31 = __toESM(require_express2(), 1);
+var import_express32 = __toESM(require_express2(), 1);
 
 // src/server/routes/control-plane/kb.ts
 var import_express = __toESM(require_express2(), 1);
@@ -53953,11 +53954,105 @@ setupRouter.use((err, _req, res, _next) => {
 
 // src/server/routes/control-plane/repair.ts
 var import_express7 = __toESM(require_express2(), 1);
+var import_promises6 = require("fs/promises");
+var import_path9 = require("path");
+init_esm();
+
+// src/server/lib/db-provision.ts
+var import_child_process2 = require("child_process");
 var import_promises5 = require("fs/promises");
+var import_fs6 = require("fs");
 var import_path8 = require("path");
 init_esm();
-var repairRouter = (0, import_express7.Router)();
 var { Pool: Pool6 } = esm_default;
+function escapePgIdentifier(value) {
+  return `"${value.replace(/"/g, '""')}"`;
+}
+async function createDatabaseIfMissing(dbUrl) {
+  const parsed = new URL(dbUrl);
+  const databaseName = decodeURIComponent(parsed.pathname.replace(/^\//, "").trim());
+  if (!databaseName) {
+    throw new Error("DATABASE_URL does not include a database name.");
+  }
+  if (databaseName.toLowerCase() === "postgres") {
+    throw new Error('Refusing to operate on the maintenance database "postgres".');
+  }
+  parsed.pathname = "/postgres";
+  const adminUrl = parsed.toString();
+  const pool2 = new Pool6({
+    connectionString: adminUrl,
+    max: 1,
+    idleTimeoutMillis: 1e3,
+    connectionTimeoutMillis: 4e3
+  });
+  try {
+    const existing = await pool2.query("SELECT 1 FROM pg_database WHERE datname = $1", [databaseName]);
+    if (existing.rows.length > 0) {
+      return { databaseName, alreadyExisted: true };
+    }
+    await pool2.query(`CREATE DATABASE ${escapePgIdentifier(databaseName)}`);
+    return { databaseName, alreadyExisted: false };
+  } finally {
+    await pool2.end().catch(() => {
+    });
+  }
+}
+async function runInstanceMigrations(dbUrl, instanceDir) {
+  const resolution = await resolveIrantiCli();
+  if (!resolution) {
+    return { ran: false, note: "iranti CLI not found \u2014 run migrations manually." };
+  }
+  const cliEntry = resolution.args[0];
+  if (!cliEntry || !cliEntry.toLowerCase().endsWith(".js")) {
+    return { ran: false, note: "Could not locate bundled setup script \u2014 run migrations manually." };
+  }
+  const packageRoot = (0, import_path8.dirname)((0, import_path8.dirname)(cliEntry));
+  const setupScript = (0, import_path8.join)(packageRoot, "dist", "scripts", "setup.js");
+  try {
+    await (0, import_promises5.access)(setupScript, import_fs6.constants.F_OK);
+  } catch {
+    return { ran: false, note: "Bundled setup script not found \u2014 run migrations manually." };
+  }
+  const escalationDir = (0, import_path8.join)(instanceDir, "escalation");
+  await (0, import_promises5.mkdir)(escalationDir, { recursive: true }).catch(() => {
+  });
+  await new Promise((resolve10, reject) => {
+    (0, import_child_process2.execFile)(
+      process.execPath,
+      [setupScript],
+      {
+        env: {
+          ...process.env,
+          DATABASE_URL: dbUrl,
+          IRANTI_ESCALATION_DIR: escalationDir
+        },
+        timeout: 6e4
+      },
+      (err) => {
+        if (err) reject(err);
+        else resolve10();
+      }
+    );
+  });
+  return { ran: true, note: "Migrations applied." };
+}
+async function provisionDatabase(dbUrl, instanceDir) {
+  const { databaseName, alreadyExisted } = await createDatabaseIfMissing(dbUrl);
+  let migrated = false;
+  let migrationNote = "";
+  try {
+    const result = await runInstanceMigrations(dbUrl, instanceDir);
+    migrated = result.ran;
+    migrationNote = result.note;
+  } catch (err) {
+    migrationNote = `Migrations failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+  return { databaseName, created: !alreadyExisted, migrated, migrationNote };
+}
+
+// src/server/routes/control-plane/repair.ts
+var repairRouter = (0, import_express7.Router)();
+var { Pool: Pool7 } = esm_default;
 async function doctorCheckRuntimeAvailability(scope) {
   const controller = new AbortController();
   const timeout = setTimeout(() => controller.abort(), 2500);
@@ -54041,7 +54136,7 @@ async function resolveProjectOr422(scope, projectId, res) {
 }
 async function writeAuditLog(scope, action, detail) {
   if (!scope.databaseUrl) return;
-  const pool2 = new Pool6({
+  const pool2 = new Pool7({
     connectionString: scope.databaseUrl,
     max: 1,
     idleTimeoutMillis: 1e3,
@@ -54078,8 +54173,8 @@ repairRouter.post(
       if (!scope) return;
       const projectPath = await resolveProjectOr422(scope, req.params["projectId"], res);
       if (!projectPath) return;
-      await (0, import_promises5.access)(projectPath, import_promises5.constants.W_OK);
-      const filePath = (0, import_path8.join)(projectPath, ".mcp.json");
+      await (0, import_promises6.access)(projectPath, import_promises6.constants.W_OK);
+      const filePath = (0, import_path9.join)(projectPath, ".mcp.json");
       const content = JSON.stringify(
         {
           mcpServers: {
@@ -54094,12 +54189,12 @@ repairRouter.post(
       ) + "\n";
       let action = "created";
       try {
-        await (0, import_promises5.access)(filePath, import_promises5.constants.F_OK);
+        await (0, import_promises6.access)(filePath, import_promises6.constants.F_OK);
         action = "replaced";
       } catch {
         action = "created";
       }
-      await (0, import_promises5.writeFile)(filePath, content, "utf8");
+      await (0, import_promises6.writeFile)(filePath, content, "utf8");
       await writeAuditLog(scope, "repair_mcp_json", {
         instanceId: scope.instanceId,
         instanceName: scope.instanceName,
@@ -54148,12 +54243,12 @@ repairRouter.post(
       if (!scope) return;
       const projectPath = await resolveProjectOr422(scope, req.params["projectId"], res);
       if (!projectPath) return;
-      await (0, import_promises5.access)(projectPath, import_promises5.constants.W_OK);
-      const filePath = (0, import_path8.join)(projectPath, "CLAUDE.md");
+      await (0, import_promises6.access)(projectPath, import_promises6.constants.W_OK);
+      const filePath = (0, import_path9.join)(projectPath, "CLAUDE.md");
       const block = buildIrantiBlock(scope);
       let existingContent = null;
       try {
-        existingContent = await (0, import_promises5.readFile)(filePath, "utf8");
+        existingContent = await (0, import_promises6.readFile)(filePath, "utf8");
       } catch (err) {
         if (err.code !== "ENOENT") throw err;
       }
@@ -54182,7 +54277,7 @@ repairRouter.post(
         }
       }
       const diff = buildDiff(existingContent, finalContent);
-      await (0, import_promises5.writeFile)(filePath, finalContent, "utf8");
+      await (0, import_promises6.writeFile)(filePath, finalContent, "utf8");
       await writeAuditLog(scope, "repair_claude_md", {
         instanceId: scope.instanceId,
         instanceName: scope.instanceName,
@@ -54208,7 +54303,7 @@ async function doctorCheckDatabase(scope) {
       commands: []
     };
   }
-  const pool2 = new Pool6({
+  const pool2 = new Pool7({
     connectionString: scope.databaseUrl,
     max: 1,
     idleTimeoutMillis: 1e3,
@@ -54277,7 +54372,7 @@ function projectRepairUrl(scope, projectPath, kind) {
 async function doctorProjectChecks(scope) {
   const checks = await Promise.all(scope.boundProjects.map(async (project) => {
     const integration = await inspectProjectIntegration(project.projectPath);
-    const projectName = (0, import_path8.basename)(project.projectPath);
+    const projectName = (0, import_path9.basename)(project.projectPath);
     const mcpCheck = {
       id: `mcp_integration:${project.projectPath}`,
       label: `MCP integration (${projectName})`,
@@ -54377,6 +54472,30 @@ repairRouter.post("/:instanceId/doctor", async (req, res, next) => {
     next(err);
   }
 });
+repairRouter.post("/:instanceId/repair/provision-database", async (req, res, next) => {
+  try {
+    const scope = await resolveScopeOr404(req.params["instanceId"], res);
+    if (!scope) return;
+    if (!scope.databaseUrl) {
+      res.status(422).json({
+        error: "No DATABASE_URL configured for this instance.",
+        code: "NO_DATABASE_URL"
+      });
+      return;
+    }
+    const result = await provisionDatabase(scope.databaseUrl, scope.instanceDir);
+    await writeAuditLog(scope, "provision_database", {
+      instanceId: scope.instanceId,
+      instanceName: scope.instanceName,
+      databaseName: result.databaseName,
+      created: result.created,
+      migrated: result.migrated
+    });
+    res.json({ ok: true, ...result });
+  } catch (err) {
+    next(err);
+  }
+});
 repairRouter.use((err, _req, res, _next) => {
   const apiErr = err;
   if (err?.code === "EACCES") {
@@ -54526,7 +54645,7 @@ escalationsRouter.get("/", async (req, res, next) => {
           "supersededBy"::text AS "supersededBy",
           "conflictLog"
         FROM archive
-        WHERE "resolutionState" IS NULL AND "supersededBy" IS NOT NULL
+        WHERE "archivedReason" = 'escalated' AND "resolutionState" = 'pending'
         ORDER BY "archivedAt" ASC`
       );
       if (archiveResult.rows.length === 0) {
@@ -54595,7 +54714,7 @@ escalationsRouter.get("/", async (req, res, next) => {
           "archivedAt",
           NULL::text AS "resolutionNote"
         FROM archive
-        WHERE "resolutionState" IS NOT NULL
+        WHERE "archivedReason" = 'escalated' AND "resolutionState" = 'resolved'
         ORDER BY "archivedAt" DESC
         LIMIT 500`
       );
@@ -54669,14 +54788,14 @@ escalationsRouter.post(
           "resolutionState",
           "conflictLog"
         FROM archive
-        WHERE id = $1::uuid`,
+        WHERE id = $1::int`,
         [id]
       );
       if (archiveResult.rows.length === 0) {
         throw createApiError(`Escalation not found: ${id}`, "NOT_FOUND", 404);
       }
       const archiveRow = archiveResult.rows[0];
-      if (archiveRow.resolutionState != null) {
+      if (archiveRow.resolutionState != null && archiveRow.resolutionState !== "pending") {
         throw createApiError(
           `Escalation ${id} is already resolved (resolutionState: ${archiveRow.resolutionState})`,
           "ALREADY_RESOLVED",
@@ -54689,8 +54808,8 @@ escalationsRouter.post(
       const resolvedAt = (/* @__PURE__ */ new Date()).toISOString();
       if (resolution === "keep_existing") {
         await query(
-          `UPDATE archive SET "resolutionState" = 'resolved_keep_existing' WHERE id = $1::uuid`,
-          [id]
+          `UPDATE archive SET "resolutionState" = 'resolved', "conflictLog" = COALESCE("conflictLog", '{}'::jsonb) || $2::jsonb WHERE id = $1::int`,
+          [id, JSON.stringify({ resolutionDetail: "keep_existing", resolvedAt, resolvedBy: "control_plane_operator" })]
         );
       } else if (resolution === "accept_challenger") {
         const valueRaw = archiveRow.valueRaw;
@@ -54717,8 +54836,8 @@ escalationsRouter.post(
           [entityType, entityId, key, JSON.stringify(valueRaw), valueSummary, confidence, source, createdBy, validFrom, validUntil]
         );
         await query(
-          `UPDATE archive SET "resolutionState" = 'resolved_accept_challenger' WHERE id = $1::uuid`,
-          [id]
+          `UPDATE archive SET "resolutionState" = 'resolved', "conflictLog" = COALESCE("conflictLog", '{}'::jsonb) || $2::jsonb WHERE id = $1::int`,
+          [id, JSON.stringify({ resolutionDetail: "accept_challenger", resolvedAt, resolvedBy: "control_plane_operator" })]
         );
       } else {
         const parsedCustom = JSON.parse(customValue);
@@ -54740,8 +54859,8 @@ escalationsRouter.post(
           [entityType, entityId, key, JSON.stringify(parsedCustom), createdBy]
         );
         await query(
-          `UPDATE archive SET "resolutionState" = 'resolved_custom' WHERE id = $1::uuid`,
-          [id]
+          `UPDATE archive SET "resolutionState" = 'resolved', "conflictLog" = COALESCE("conflictLog", '{}'::jsonb) || $2::jsonb WHERE id = $1::int`,
+          [id, JSON.stringify({ resolutionDetail: "custom", resolvedAt, resolvedBy: "control_plane_operator" })]
         );
       }
       await writeAuditLog2("conflict_resolved", {
@@ -54769,8 +54888,8 @@ escalationsRouter.use(errorHandler2);
 
 // src/server/routes/control-plane/providers.ts
 var import_express9 = __toESM(require_express2(), 1);
-var import_fs6 = require("fs");
-var import_path9 = require("path");
+var import_fs7 = require("fs");
+var import_path10 = require("path");
 init_db();
 var providersRouter = (0, import_express9.Router)();
 var PROVIDER_KEY_VARS = {
@@ -54807,8 +54926,8 @@ function scopeSummary3(scope) {
 }
 function writeEnvVarAtPath(filePath, key, value, syncLiveEnv) {
   let raw = "";
-  if ((0, import_fs6.existsSync)(filePath)) {
-    raw = (0, import_fs6.readFileSync)(filePath, "utf8");
+  if ((0, import_fs7.existsSync)(filePath)) {
+    raw = (0, import_fs7.readFileSync)(filePath, "utf8");
   }
   const lineEnding = raw.includes("\r\n") ? "\r\n" : "\n";
   const rawLines = raw.split(/\r?\n/);
@@ -54835,7 +54954,7 @@ function writeEnvVarAtPath(filePath, key, value, syncLiveEnv) {
     }
     updated.push(`${key}=${value}`);
   }
-  (0, import_fs6.writeFileSync)(filePath, updated.join(lineEnding), "utf8");
+  (0, import_fs7.writeFileSync)(filePath, updated.join(lineEnding), "utf8");
   if (syncLiveEnv) {
     if (value !== null) {
       env[key] = value;
@@ -54852,7 +54971,7 @@ var reachabilityCache = /* @__PURE__ */ new Map();
 var REACHABILITY_TTL_MS = 60 * 1e3;
 function currentBindingEnvPath() {
   const configured = env["IRANTI_INSTANCE_ENV"] ?? process.env["IRANTI_INSTANCE_ENV"] ?? "";
-  return configured.trim() ? (0, import_path9.resolve)(configured) : null;
+  return configured.trim() ? (0, import_path10.resolve)(configured) : null;
 }
 async function resolveScopeFromRequest2(req) {
   const paramInstance = typeof req.params["instanceId"] === "string" ? req.params["instanceId"] : "";
@@ -54868,7 +54987,7 @@ async function resolveScopeFromRequest2(req) {
 }
 function shouldSyncLiveEnv(scope) {
   const bindingEnvPath = currentBindingEnvPath();
-  return bindingEnvPath !== null && bindingEnvPath === (0, import_path9.resolve)(scope.instanceEnvPath);
+  return bindingEnvPath !== null && bindingEnvPath === (0, import_path10.resolve)(scope.instanceEnvPath);
 }
 function writeEnvVarForScope(scope, key, value) {
   writeEnvVarAtPath(scope.instanceEnvPath, key, value, shouldSyncLiveEnv(scope));
@@ -56683,7 +56802,7 @@ whoknowsRouter.use((err, _req, res, _next) => {
 var import_express14 = __toESM(require_express2(), 1);
 init_esm();
 var diagnosticsRouter = (0, import_express14.Router)();
-var { Pool: Pool7 } = esm_default;
+var { Pool: Pool8 } = esm_default;
 var DIAGNOSTIC_ENTITY_TYPE = "__diagnostics__";
 var DIAGNOSTIC_ENTITY_ID = "__probe__";
 var ROUNDTRIP_KEY = "roundtrip_marker";
@@ -56768,7 +56887,7 @@ function buildKbRouteFailure(scope, routeLabel, statusCode, responseBody, authFi
 }
 async function withScopedPool3(databaseUrl2, fn) {
   if (!databaseUrl2) return fn(null);
-  const pool2 = new Pool7({
+  const pool2 = new Pool8({
     connectionString: databaseUrl2,
     max: 1,
     idleTimeoutMillis: 1e3,
@@ -57509,8 +57628,28 @@ metricsRouter.use(
 
 // src/server/routes/control-plane/overview.ts
 var import_express16 = __toESM(require_express2(), 1);
+init_esm();
 init_db();
+var { Pool: Pool9 } = esm_default;
 var overviewRouter = (0, import_express16.Router)();
+async function withScopedPool4(databaseUrl2, fn) {
+  if (!databaseUrl2) return fn(null);
+  const pool2 = new Pool9({
+    connectionString: databaseUrl2,
+    max: 2,
+    idleTimeoutMillis: 2e3,
+    connectionTimeoutMillis: 5e3
+  });
+  try {
+    return await fn(pool2);
+  } finally {
+    await pool2.end().catch(() => {
+    });
+  }
+}
+function scopedQuery(pool2) {
+  return (text, params) => pool2.query(text, params);
+}
 var HEALTH_FALLBACK = {
   overall: "error",
   checks: [],
@@ -57518,11 +57657,11 @@ var HEALTH_FALLBACK = {
 };
 var WRITE_ACTION_TYPES2 = ["write_created", "write_replaced"];
 var ARCHIVAL_ACTION_TYPES2 = ["entry_archived", "entry_decayed"];
-async function fetchKBSummary() {
+async function fetchKBSummary(queryFn = query) {
   const fetchedAt = (/* @__PURE__ */ new Date()).toISOString();
   const fallbackFromKnowledgeBase = async (truncated) => {
     try {
-      const result = await query(
+      const result = await queryFn(
         `SELECT
            COUNT(*)::text AS total_facts,
            COUNT(*) FILTER (WHERE "createdAt" >= NOW() - INTERVAL '24 hours')::text AS facts_last_24h,
@@ -57544,7 +57683,7 @@ async function fetchKBSummary() {
     }
   };
   try {
-    const existsResult = await query(
+    const existsResult = await queryFn(
       `SELECT EXISTS (
         SELECT 1 FROM information_schema.tables
         WHERE table_schema = 'public' AND table_name = 'staff_events'
@@ -57554,7 +57693,7 @@ async function fetchKBSummary() {
     if (!tableExists) {
       return await fallbackFromKnowledgeBase(true);
     }
-    const result = await query(
+    const result = await queryFn(
       `SELECT
          COUNT(*) FILTER (WHERE action_type = ANY($1)) AS total_writes_all_time,
          COUNT(*) FILTER (WHERE action_type = ANY($2)) AS total_archived_all_time,
@@ -57582,9 +57721,9 @@ async function fetchKBSummary() {
   }
 }
 var PG_UNDEFINED_TABLE2 = "42P01";
-async function fetchRecentEvents() {
+async function fetchRecentEvents(queryFn = query) {
   try {
-    const result = await query(
+    const result = await queryFn(
       `SELECT id, staff_component, action_type, agent_id, entity_type, entity_id, key, reason, timestamp
        FROM staff_events
        ORDER BY timestamp DESC
@@ -57651,10 +57790,10 @@ function getIrantiUrl4() {
 function getIrantiApiKey5() {
   return env["IRANTI_API_KEY"] ?? process.env["IRANTI_API_KEY"] ?? "";
 }
-async function fetchActiveAgents() {
+async function fetchActiveAgents(instanceBaseUrl, instanceApiKey) {
   try {
-    const baseUrl = getIrantiUrl4();
-    const apiKey = getIrantiApiKey5();
+    const baseUrl = instanceBaseUrl ?? getIrantiUrl4();
+    const apiKey = instanceApiKey ?? getIrantiApiKey5();
     const headers = { "Content-Type": "application/json" };
     if (apiKey) headers["X-Iranti-Key"] = apiKey;
     const controller = new AbortController();
@@ -57704,26 +57843,38 @@ async function fetchActiveAgents() {
     return [];
   }
 }
-overviewRouter.get("/", async (_req, res) => {
+overviewRouter.get("/", async (req, res) => {
   const fetchedAt = (/* @__PURE__ */ new Date()).toISOString();
-  const [healthResult, kbResult, eventsResult, agentsResult] = await Promise.allSettled([
-    (async () => {
-      const full = await runAllHealthChecks();
-      return {
-        overall: full.overall,
-        checks: full.checks.map((c) => ({ name: c.name, status: c.status })),
-        fetchedAt: full.checkedAt
-      };
-    })(),
-    fetchKBSummary(),
-    fetchRecentEvents(),
-    fetchActiveAgents()
-  ]);
-  const health = healthResult.status === "fulfilled" ? healthResult.value : { ...HEALTH_FALLBACK, fetchedAt };
-  const kb = kbResult.status === "fulfilled" ? kbResult.value : { totalFacts: 0, factsLast24h: 0, activeAgentsLast7d: 0, truncated: true, fetchedAt };
-  const recentEvents = eventsResult.status === "fulfilled" ? eventsResult.value : [];
-  const activeAgents = agentsResult.status === "fulfilled" ? agentsResult.value : [];
-  const response = { health, kb, recentEvents, activeAgents, fetchedAt };
+  const instanceId = typeof req.query["instanceId"] === "string" ? req.query["instanceId"] : void 0;
+  let scope = null;
+  if (instanceId) {
+    scope = await resolveInstanceAuthority(instanceId).catch(() => null);
+  }
+  const buildResponse = async (pool2) => {
+    const qFn = pool2 ? scopedQuery(pool2) : query;
+    const instanceBaseUrl = scope?.apiBaseUrl;
+    const instanceApiKey = scope?.apiKey ?? void 0;
+    const [healthResult, kbResult, eventsResult, agentsResult] = await Promise.allSettled([
+      (async () => {
+        const full = await runAllHealthChecks(instanceId);
+        return {
+          overall: full.overall,
+          checks: full.checks.map((c) => ({ name: c.name, status: c.status })),
+          fetchedAt: full.checkedAt
+        };
+      })(),
+      fetchKBSummary(qFn),
+      fetchRecentEvents(qFn),
+      fetchActiveAgents(instanceBaseUrl, instanceApiKey)
+    ]);
+    const health = healthResult.status === "fulfilled" ? healthResult.value : { ...HEALTH_FALLBACK, fetchedAt };
+    const kb = kbResult.status === "fulfilled" ? kbResult.value : { totalFacts: 0, factsLast24h: 0, activeAgentsLast7d: 0, truncated: true, fetchedAt };
+    const recentEvents = eventsResult.status === "fulfilled" ? eventsResult.value : [];
+    const activeAgents = agentsResult.status === "fulfilled" ? agentsResult.value : [];
+    return { health, kb, recentEvents, activeAgents, fetchedAt };
+  };
+  const databaseUrl2 = scope?.databaseUrl ?? null;
+  const response = scope ? await withScopedPool4(databaseUrl2, (pool2) => buildResponse(pool2)) : await buildResponse(null);
   res.status(200).json(response);
 });
 
@@ -57964,6 +58115,44 @@ function normalizeSort(value) {
       return void 0;
   }
 }
+function normalizeLedgerLevel(value) {
+  switch (String(value ?? "").trim().toLowerCase()) {
+    case "audit":
+      return "audit";
+    case "debug":
+      return "debug";
+    default:
+      return void 0;
+  }
+}
+function parseLedgerLimit(value) {
+  if (value === void 0 || value === null || String(value).trim() === "") {
+    return 50;
+  }
+  const parsed = Number.parseInt(String(value), 10);
+  if (!Number.isFinite(parsed) || parsed < 1) {
+    throw new Error("limit must be an integer >= 1");
+  }
+  return Math.min(parsed, 200);
+}
+function normalizeLedgerEvent(raw) {
+  const level = normalizeLedgerLevel(raw["level"]) ?? "audit";
+  const metadata = raw["metadata"];
+  return {
+    eventId: String(raw["eventId"] ?? raw["event_id"] ?? raw["id"] ?? ""),
+    timestamp: raw["timestamp"] instanceof Date ? raw["timestamp"].toISOString() : String(raw["timestamp"] ?? ""),
+    staffComponent: String(raw["staffComponent"] ?? raw["staff_component"] ?? "Attendant"),
+    actionType: String(raw["actionType"] ?? raw["action_type"] ?? ""),
+    agentId: String(raw["agentId"] ?? raw["agent_id"] ?? ""),
+    source: String(raw["source"] ?? ""),
+    entityType: typeof raw["entityType"] === "string" ? raw["entityType"] : typeof raw["entity_type"] === "string" ? raw["entity_type"] : null,
+    entityId: typeof raw["entityId"] === "string" ? raw["entityId"] : typeof raw["entity_id"] === "string" ? raw["entity_id"] : null,
+    key: typeof raw["key"] === "string" ? raw["key"] : null,
+    reason: typeof raw["reason"] === "string" ? raw["reason"] : null,
+    level,
+    metadata: metadata && typeof metadata === "object" && !Array.isArray(metadata) ? metadata : null
+  };
+}
 function applySessionFilters(sessions, options) {
   let filtered = sessions;
   if (options.agentId) filtered = filtered.filter((entry) => entry.agentId === options.agentId);
@@ -58026,6 +58215,98 @@ async function fetchIrantiSessions(req) {
     clearTimeout(timeout);
   }
 }
+async function fetchLedgerByParams(req, params) {
+  const url2 = new URL(`${getIrantiUrl5()}/memory/ledger`);
+  for (const [k, v] of Object.entries(params)) url2.searchParams.set(k, v);
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 4e3);
+  try {
+    const response = await fetch(url2.toString(), {
+      method: "GET",
+      headers: buildHeaders5(req),
+      signal: controller.signal
+    });
+    const body = await response.json().catch(() => ({}));
+    if (!response.ok) {
+      const upstreamError = typeof body["error"] === "string" ? body["error"] : null;
+      return {
+        items: [],
+        error: upstreamError ? `Iranti /memory/ledger returned HTTP ${response.status}: ${upstreamError}` : `Iranti /memory/ledger returned HTTP ${response.status}`
+      };
+    }
+    const rawItems = Array.isArray(body["items"]) ? body["items"] : [];
+    return {
+      items: rawItems.filter((entry) => Boolean(entry) && typeof entry === "object" && !Array.isArray(entry)).map(normalizeLedgerEvent)
+    };
+  } catch (err) {
+    return { items: [], error: err instanceof Error ? err.message : String(err) };
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function fetchIrantiSessionLedger(req, sessionId) {
+  const limit = parseLedgerLimit(req.query["limit"]);
+  const agentId = typeof req.query["agentId"] === "string" ? req.query["agentId"].trim() : "";
+  const actionType = typeof req.query["actionType"] === "string" ? req.query["actionType"].trim() : "";
+  const host = typeof req.query["host"] === "string" ? req.query["host"].trim() : "";
+  const level = normalizeLedgerLevel(req.query["level"]);
+  const startedAt = typeof req.query["startedAt"] === "string" ? req.query["startedAt"].trim() : "";
+  const lastHeartbeatAt = typeof req.query["lastHeartbeatAt"] === "string" ? req.query["lastHeartbeatAt"].trim() : "";
+  const sharedParams = { limit: String(limit) };
+  if (agentId) sharedParams["agentId"] = agentId;
+  if (actionType) sharedParams["actionType"] = actionType;
+  if (host) sharedParams["host"] = host;
+  if (level) sharedParams["level"] = level;
+  try {
+    const bySessionId = fetchLedgerByParams(req, { ...sharedParams, sessionId });
+    let byTimeRange = Promise.resolve({ items: [] });
+    if (agentId && startedAt) {
+      const after = new Date(new Date(startedAt).getTime() - 10 * 6e4).toISOString();
+      const before = lastHeartbeatAt ? new Date(new Date(lastHeartbeatAt).getTime() + 2 * 6e4).toISOString() : (/* @__PURE__ */ new Date()).toISOString();
+      byTimeRange = fetchLedgerByParams(req, {
+        ...sharedParams,
+        agentId,
+        after,
+        before,
+        limit: String(limit)
+      });
+    }
+    const [sessionResult, rangeResult] = await Promise.all([bySessionId, byTimeRange]);
+    if (sessionResult.error && rangeResult.items.length === 0) {
+      return {
+        items: [],
+        total: 0,
+        fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        note: "Source: Iranti /memory/ledger",
+        error: sessionResult.error
+      };
+    }
+    const seen = /* @__PURE__ */ new Set();
+    const merged = [];
+    for (const item of [...sessionResult.items, ...rangeResult.items]) {
+      if (item.eventId && !seen.has(item.eventId)) {
+        seen.add(item.eventId);
+        merged.push(item);
+      }
+    }
+    merged.sort((a, b) => b.timestamp > a.timestamp ? 1 : b.timestamp < a.timestamp ? -1 : 0);
+    const limited = merged.slice(0, limit);
+    return {
+      items: limited,
+      total: merged.length,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      note: "Source: Iranti /memory/ledger"
+    };
+  } catch (error2) {
+    return {
+      items: [],
+      total: 0,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      note: "Source: Iranti /memory/ledger",
+      error: error2 instanceof Error ? error2.message : String(error2)
+    };
+  }
+}
 async function fetchLocalFallbackSessions() {
   const [legacyResult, attendantResult] = await Promise.all([
     query(`
@@ -58095,6 +58376,29 @@ sessionsRouter.get("/", async (req, res) => {
     });
   }
 });
+sessionsRouter.get("/:sessionId/ledger", async (req, res) => {
+  try {
+    const sessionId = typeof req.params["sessionId"] === "string" ? req.params["sessionId"].trim() : "";
+    if (!sessionId) {
+      res.status(400).json({
+        items: [],
+        total: 0,
+        fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        error: "sessionId path parameter is required."
+      });
+      return;
+    }
+    const ledger = await fetchIrantiSessionLedger(req, sessionId);
+    res.json(ledger);
+  } catch (error2) {
+    res.status(400).json({
+      items: [],
+      total: 0,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      error: error2 instanceof Error ? error2.message : String(error2)
+    });
+  }
+});
 async function proxySessionAction(req, res, action) {
   const agentId = typeof req.body?.agentId === "string" ? req.body.agentId.trim() : "";
   if (!agentId) {
@@ -58149,7 +58453,7 @@ sessionsRouter.use((err, _req, res, _next) => {
 
 // src/server/routes/control-plane/upgrade.ts
 var import_express18 = __toESM(require_express2(), 1);
-var import_child_process2 = require("child_process");
+var import_child_process3 = require("child_process");
 var upgradeRouter = (0, import_express18.Router)();
 var JOB_STORE_MAX = 50;
 var jobStore = /* @__PURE__ */ new Map();
@@ -58209,7 +58513,7 @@ upgradeRouter.post("/:name/upgrade", async (req, res) => {
   if (runtimeRoot) cliArgs.push("--root", runtimeRoot);
   let child;
   try {
-    child = (0, import_child_process2.spawn)(launch.command, cliArgs, {
+    child = (0, import_child_process3.spawn)(launch.command, cliArgs, {
       stdio: ["ignore", "pipe", "pipe"],
       windowsHide: true
     });
@@ -58417,12 +58721,12 @@ installStateRouter.get("/", async (_req, res) => {
 
 // src/server/routes/control-plane/lifecycle.ts
 var import_express21 = __toESM(require_express2(), 1);
-var import_child_process3 = require("child_process");
-var import_path11 = require("path");
-var import_promises6 = require("fs/promises");
+var import_child_process4 = require("child_process");
+var import_path12 = require("path");
+var import_promises7 = require("fs/promises");
 
 // src/server/routes/control-plane/instance-identifiers.ts
-var import_path10 = require("path");
+var import_path11 = require("path");
 init_db();
 function configuredInstanceEnvPath() {
   const raw = process.env["IRANTI_INSTANCE_ENV"] ?? env["IRANTI_INSTANCE_ENV"] ?? "";
@@ -58431,19 +58735,19 @@ function configuredInstanceEnvPath() {
 function configuredRuntimeRoot() {
   const instanceEnvPath = configuredInstanceEnvPath();
   if (!instanceEnvPath) return process.cwd();
-  return (0, import_path10.resolve)((0, import_path10.dirname)(instanceEnvPath), "..", "..");
+  return (0, import_path11.resolve)((0, import_path11.dirname)(instanceEnvPath), "..", "..");
 }
 function configuredInstanceName() {
   const explicit = process.env["IRANTI_INSTANCE"] ?? env["IRANTI_INSTANCE"] ?? "";
   if (explicit.trim()) return explicit.trim();
   const instanceEnvPath = configuredInstanceEnvPath();
   if (!instanceEnvPath) return null;
-  return (0, import_path10.basename)((0, import_path10.dirname)(instanceEnvPath));
+  return (0, import_path11.basename)((0, import_path11.dirname)(instanceEnvPath));
 }
 function getConfiguredInstanceIdentifiers() {
   const runtimeRoot = configuredRuntimeRoot();
   const instanceName = configuredInstanceName();
-  const instanceDir = instanceName ? (0, import_path10.join)(runtimeRoot, "instances", instanceName) : runtimeRoot;
+  const instanceDir = instanceName ? (0, import_path11.join)(runtimeRoot, "instances", instanceName) : runtimeRoot;
   const instanceId = deriveInstanceId(instanceDir);
   const valid = /* @__PURE__ */ new Set([instanceId]);
   if (instanceName) valid.add(instanceName);
@@ -58471,8 +58775,8 @@ function parseEnvContent2(content) {
   return parsed;
 }
 async function resolveInstancePort(runtimeRoot, name) {
-  const envPath = (0, import_path11.join)(runtimeRoot, "instances", name, ".env");
-  const content = await (0, import_promises6.readFile)(envPath, "utf8");
+  const envPath = (0, import_path12.join)(runtimeRoot, "instances", name, ".env");
+  const content = await (0, import_promises7.readFile)(envPath, "utf8");
   const parsed = parseEnvContent2(content);
   const rawPort = parsed["IRANTI_PORT"] ?? parsed["PORT"] ?? "3001";
   const port = Number.parseInt(rawPort, 10);
@@ -58520,7 +58824,7 @@ function sleep(ms) {
 }
 function execFileAsync2(command, args) {
   return new Promise((resolve10, reject) => {
-    (0, import_child_process3.execFile)(command, args, (error2) => {
+    (0, import_child_process4.execFile)(command, args, (error2) => {
       if (error2) {
         reject(error2);
         return;
@@ -58665,7 +58969,7 @@ lifecycleRouter.post("/:name/start", async (req, res) => {
       });
       return;
     }
-    const child = (0, import_child_process3.spawn)(
+    const child = (0, import_child_process4.spawn)(
       launch.command,
       [...launch.args, "run", "--instance", name, "--root", runtimeRoot],
       {
@@ -58863,11 +59167,11 @@ lifecycleRouter.get("/:name/process-status", (req, res) => {
 
 // src/server/routes/control-plane/open-file.ts
 var import_express22 = __toESM(require_express2(), 1);
-var import_child_process4 = require("child_process");
+var import_child_process5 = require("child_process");
 var import_util7 = require("util");
 var path2 = __toESM(require("path"), 1);
 var fs = __toESM(require("fs/promises"), 1);
-var execAsync = (0, import_util7.promisify)(import_child_process4.exec);
+var execAsync = (0, import_util7.promisify)(import_child_process5.exec);
 var openFileRouter = (0, import_express22.Router)();
 var ALLOWED_PATHS = /* @__PURE__ */ new Set([
   ".env.iranti",
@@ -58934,20 +59238,21 @@ openFileRouter.post("/", async (req, res) => {
 // src/server/routes/control-plane/auth-keys.ts
 var import_express23 = __toESM(require_express2(), 1);
 var import_crypto4 = require("crypto");
-var import_fs7 = require("fs");
-var import_path12 = require("path");
-init_db();
+var import_fs8 = require("fs");
+var import_path13 = require("path");
+init_esm();
 var authKeysRouter = (0, import_express23.Router)();
+var { Pool: Pool10 } = esm_default;
 var REGISTRY_ENTITY_TYPE = "system";
 var REGISTRY_ENTITY_ID = "auth";
 var REGISTRY_KEY = "api_keys";
 var REGISTRY_SOURCE = "system";
 var REGISTRY_CREATED_BY = "system";
-function keyPepper() {
-  return process.env.IRANTI_API_KEY_PEPPER ?? "";
+function keyPepper(scope) {
+  return scope.env["IRANTI_API_KEY_PEPPER"]?.trim() ?? "";
 }
-function hashSecret(secret) {
-  return (0, import_crypto4.createHash)("sha256").update(`${secret}${keyPepper()}`).digest("hex");
+function hashSecret(secret, scope) {
+  return (0, import_crypto4.createHash)("sha256").update(`${secret}${keyPepper(scope)}`).digest("hex");
 }
 function generateSecret(length = 32) {
   return (0, import_crypto4.randomBytes)(length).toString("base64url");
@@ -58990,8 +59295,21 @@ function validateScopeList(scopes) {
     }
   }
 }
-async function loadRegistry() {
-  const result = await query(
+async function withScopedPool5(scope, fn) {
+  const pool2 = new Pool10({
+    connectionString: scope.databaseUrl,
+    max: 1,
+    idleTimeoutMillis: 3e4,
+    connectionTimeoutMillis: 5e3
+  });
+  try {
+    return await fn(pool2);
+  } finally {
+    await Promise.resolve(pool2.end()).catch(() => void 0);
+  }
+}
+async function loadRegistry(pool2) {
+  const result = await pool2.query(
     `SELECT "valueRaw" FROM knowledge_base
      WHERE "entityType" = $1 AND "entityId" = $2 AND key = $3
      LIMIT 1`,
@@ -59000,13 +59318,12 @@ async function loadRegistry() {
   if (result.rows.length === 0) {
     return { version: 1, keys: [] };
   }
-  const raw = result.rows[0].valueRaw;
-  return normalizeRegistry(raw);
+  return normalizeRegistry(result.rows[0]?.valueRaw);
 }
-async function saveRegistry(registry2) {
+async function saveRegistry(pool2, registry2) {
   const normalized = normalizeRegistry(registry2);
   const valueSummary = `API key registry (${normalized.keys.length} keys)`;
-  await query(
+  await pool2.query(
     `INSERT INTO knowledge_base
        ("entityType", "entityId", key, "valueRaw", "valueSummary",
         confidence, source, "createdBy", "isProtected", "conflictLog", "createdAt", "updatedAt")
@@ -59056,10 +59373,10 @@ function normalizeRegistry(raw) {
   };
 }
 function syncTokenToProject(projectRoot, token) {
-  const envPath = (0, import_path12.resolve)(projectRoot, ".env.iranti");
+  const envPath = (0, import_path13.resolve)(projectRoot, ".env.iranti");
   let lines = [];
-  if ((0, import_fs7.existsSync)(envPath)) {
-    lines = (0, import_fs7.readFileSync)(envPath, "utf8").split("\n");
+  if ((0, import_fs8.existsSync)(envPath)) {
+    lines = (0, import_fs8.readFileSync)(envPath, "utf8").split("\n");
   }
   let found = false;
   const updated = [];
@@ -59078,25 +59395,32 @@ function syncTokenToProject(projectRoot, token) {
   if (!found) {
     updated.push(`IRANTI_API_KEY=${token}`);
   }
-  (0, import_fs7.writeFileSync)(envPath, updated.join("\n"), "utf8");
+  (0, import_fs8.writeFileSync)(envPath, updated.join("\n"), "utf8");
 }
-function getDatabaseUrl() {
-  return env["DATABASE_URL"] ?? process.env.DATABASE_URL ?? null;
-}
-function checkDbConfigured(res) {
-  if (!getDatabaseUrl()) {
+async function resolveScopedInstance(req, res) {
+  const instanceId = typeof req.query.instanceId === "string" ? req.query.instanceId.trim() : "";
+  const scope = await resolveInstanceAuthority(instanceId || void 0);
+  if (!scope) {
+    res.status(404).json({
+      error: instanceId ? `Iranti instance not found: ${instanceId}` : "No Iranti instance could be resolved. Select an instance first.",
+      code: "INSTANCE_NOT_FOUND"
+    });
+    return null;
+  }
+  if (!scope.databaseUrl) {
     res.status(503).json({
-      error: "No DATABASE_URL configured. Start an Iranti instance first.",
+      error: `No DATABASE_URL configured for instance ${scope.instanceName}. Configure the instance database first.`,
       code: "NO_DATABASE_URL"
     });
-    return false;
+    return null;
   }
-  return true;
+  return scope;
 }
-authKeysRouter.get("/", async (_req, res) => {
-  if (!checkDbConfigured(res)) return;
+authKeysRouter.get("/", async (req, res) => {
+  const scope = await resolveScopedInstance(req, res);
+  if (!scope) return;
   try {
-    const registry2 = await loadRegistry();
+    const registry2 = await withScopedPool5(scope, (pool2) => loadRegistry(pool2));
     const keys = registry2.keys.map((k) => ({
       keyId: k.keyId,
       owner: k.owner,
@@ -59115,7 +59439,8 @@ authKeysRouter.get("/", async (_req, res) => {
   }
 });
 authKeysRouter.post("/", async (req, res) => {
-  if (!checkDbConfigured(res)) return;
+  const scope = await resolveScopedInstance(req, res);
+  if (!scope) return;
   const { keyId: keyIdRaw, owner, scopes, description, syncToProject } = req.body;
   if (!keyIdRaw || typeof keyIdRaw !== "string") {
     res.status(400).json({ error: "keyId is required and must be a string." });
@@ -59123,7 +59448,7 @@ authKeysRouter.post("/", async (req, res) => {
   }
   const keyId = sanitizeKeyId(keyIdRaw);
   if (!keyId) {
-    res.status(400).json({ error: 'keyId is invalid \u2014 only letters, numbers, "_" and "-" are allowed.' });
+    res.status(400).json({ error: 'keyId is invalid - only letters, numbers, "_" and "-" are allowed.' });
     return;
   }
   if (!owner || typeof owner !== "string" || !owner.trim()) {
@@ -59138,25 +59463,27 @@ authKeysRouter.post("/", async (req, res) => {
     return;
   }
   try {
-    const registry2 = await loadRegistry();
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const secret = generateSecret();
-    const secretHash = hashSecret(secret);
-    const record2 = {
-      keyId,
-      owner: owner.trim(),
-      secretHash,
-      scopes: scopeList,
-      isActive: true,
-      createdAt: now,
-      updatedAt: now,
-      revokedAt: null,
-      description: typeof description === "string" ? description.trim() || void 0 : void 0
-    };
-    const withoutExisting = registry2.keys.filter((k) => k.keyId !== keyId);
-    withoutExisting.push(record2);
-    await saveRegistry({ ...registry2, keys: withoutExisting });
+    const secretHash = hashSecret(secret, scope);
     const token = formatToken(keyId, secret);
+    await withScopedPool5(scope, async (pool2) => {
+      const registry2 = await loadRegistry(pool2);
+      const record2 = {
+        keyId,
+        owner: owner.trim(),
+        secretHash,
+        scopes: scopeList,
+        isActive: true,
+        createdAt: now,
+        updatedAt: now,
+        revokedAt: null,
+        description: typeof description === "string" ? description.trim() || void 0 : void 0
+      };
+      const withoutExisting = registry2.keys.filter((key) => key.keyId !== keyId);
+      withoutExisting.push(record2);
+      await saveRegistry(pool2, { ...registry2, keys: withoutExisting });
+    });
     if (typeof syncToProject === "string" && syncToProject.trim()) {
       try {
         syncTokenToProject(syncToProject.trim(), token);
@@ -59172,12 +59499,7 @@ authKeysRouter.post("/", async (req, res) => {
         return;
       }
     }
-    res.status(201).json({
-      ok: true,
-      keyId,
-      token,
-      scopes: scopeList
-    });
+    res.status(201).json({ ok: true, keyId, token, scopes: scopeList });
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
     console.error("[auth-keys] POST failed:", message);
@@ -59185,22 +59507,30 @@ authKeysRouter.post("/", async (req, res) => {
   }
 });
 authKeysRouter.delete("/:keyId", async (req, res) => {
-  if (!checkDbConfigured(res)) return;
+  const scope = await resolveScopedInstance(req, res);
+  if (!scope) return;
   const keyId = sanitizeKeyId(req.params.keyId ?? "");
   if (!keyId) {
     res.status(400).json({ error: "keyId is required." });
     return;
   }
   try {
-    const registry2 = await loadRegistry();
-    const target = registry2.keys.find((k) => k.keyId === keyId);
-    if (!target) {
+    const revoked = await withScopedPool5(scope, async (pool2) => {
+      const registry2 = await loadRegistry(pool2);
+      const target = registry2.keys.find((key) => key.keyId === keyId);
+      if (!target) {
+        return false;
+      }
+      target.isActive = false;
+      target.revokedAt = (/* @__PURE__ */ new Date()).toISOString();
+      target.updatedAt = target.revokedAt;
+      await saveRegistry(pool2, registry2);
+      return true;
+    });
+    if (!revoked) {
       res.status(404).json({ error: `API key not found: ${keyId}` });
       return;
     }
-    target.isActive = false;
-    target.revokedAt = (/* @__PURE__ */ new Date()).toISOString();
-    await saveRegistry(registry2);
     res.json({ ok: true, keyId });
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
@@ -59212,16 +59542,16 @@ authKeysRouter.delete("/:keyId", async (req, res) => {
 // src/server/routes/control-plane/instance-lifecycle.ts
 var import_express24 = __toESM(require_express2(), 1);
 var import_crypto5 = require("crypto");
-var import_fs8 = require("fs");
-var import_promises7 = require("fs/promises");
-var import_path13 = require("path");
+var import_fs9 = require("fs");
+var import_promises8 = require("fs/promises");
+var import_path14 = require("path");
 var import_os3 = require("os");
 init_esm();
 init_db();
 var INSTANCE_NAME_RE3 = /^[a-zA-Z0-9_-]{1,64}$/;
 var ALLOWED_PROVIDERS = ["openai", "claude", "gemini", "groq", "mistral", "ollama", "mock"];
 var ALLOWED_DB_INTENTS = ["dedicated", "shared", "external"];
-var { Pool: Pool8 } = esm_default;
+var { Pool: Pool11 } = esm_default;
 function isValidInstanceName2(name) {
   return INSTANCE_NAME_RE3.test(name);
 }
@@ -59229,16 +59559,16 @@ function normalizedInstanceCollisionKey(name) {
   return name.trim().toLowerCase().replace(/[-_]+/g, "_");
 }
 function findSiblingInstanceCollision(runtimeRoot, desiredName) {
-  const instancesDir = (0, import_path13.join)(runtimeRoot, "instances");
-  if (!(0, import_fs8.existsSync)(instancesDir)) return null;
+  const instancesDir = (0, import_path14.join)(runtimeRoot, "instances");
+  if (!(0, import_fs9.existsSync)(instancesDir)) return null;
   const desiredKey = normalizedInstanceCollisionKey(desiredName);
-  for (const entry of (0, import_fs8.readdirSync)(instancesDir, { withFileTypes: true })) {
+  for (const entry of (0, import_fs9.readdirSync)(instancesDir, { withFileTypes: true })) {
     if (!entry.isDirectory()) continue;
     if (entry.name === desiredName) continue;
     if (normalizedInstanceCollisionKey(entry.name) !== desiredKey) continue;
     return {
       name: entry.name,
-      dir: (0, import_path13.join)(instancesDir, entry.name)
+      dir: (0, import_path14.join)(instancesDir, entry.name)
     };
   }
   return null;
@@ -59264,21 +59594,28 @@ function validateDbUrl(dbUrl) {
   }
   return null;
 }
+function sanitizeLegacyApiKeyId(input) {
+  return input.trim().toLowerCase().replace(/[^a-z0-9_-]+/g, "_").replace(/^_+|_+$/g, "");
+}
+function generateInstanceApiKey(name) {
+  const keyId = sanitizeLegacyApiKeyId(name + "_control_plane") || "iranti";
+  return keyId + "." + (0, import_crypto5.randomBytes)(32).toString("base64url");
+}
 function preferredRuntimeRoot() {
   const explicit = env["IRANTI_HOME"]?.trim() ?? process.env["IRANTI_HOME"]?.trim() ?? "";
-  if (explicit) return (0, import_path13.resolve)(explicit);
+  if (explicit) return (0, import_path14.resolve)(explicit);
   const configuredInstanceEnv = env["IRANTI_INSTANCE_ENV"]?.trim() ?? process.env["IRANTI_INSTANCE_ENV"]?.trim() ?? "";
   if (configuredInstanceEnv) {
-    return (0, import_path13.resolve)((0, import_path13.dirname)(configuredInstanceEnv), "..", "..");
+    return (0, import_path14.resolve)((0, import_path14.dirname)(configuredInstanceEnv), "..", "..");
   }
   const candidates = runtimeRootCandidates();
   if (candidates.length > 0) return candidates[0];
-  return (0, import_path13.join)((0, import_os3.homedir)(), ".iranti-runtime");
+  return (0, import_path14.join)((0, import_os3.homedir)(), ".iranti-runtime");
 }
 function parseEnvFile2(filePath) {
-  if (!(0, import_fs8.existsSync)(filePath)) return {};
+  if (!(0, import_fs9.existsSync)(filePath)) return {};
   const parsed = {};
-  const lines = (0, import_fs8.readFileSync)(filePath, "utf8").split(/\r?\n/);
+  const lines = (0, import_fs9.readFileSync)(filePath, "utf8").split(/\r?\n/);
   for (const line of lines) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
@@ -59343,65 +59680,65 @@ async function isInstanceRunning(runtimeRoot, name) {
   }
 }
 function instancePaths(runtimeRoot, name) {
-  const instanceDir = (0, import_path13.join)(runtimeRoot, "instances", name);
+  const instanceDir = (0, import_path14.join)(runtimeRoot, "instances", name);
   return {
     instanceDir,
-    envFile: (0, import_path13.join)(instanceDir, ".env")
+    envFile: (0, import_path14.join)(instanceDir, ".env")
   };
 }
 async function moveDirectory(fromPath, toPath) {
   try {
-    await (0, import_promises7.rename)(fromPath, toPath);
+    await (0, import_promises8.rename)(fromPath, toPath);
   } catch (error2) {
     const code = error2.code;
     if (code !== "EXDEV") throw error2;
-    await (0, import_promises7.cp)(fromPath, toPath, { recursive: true, force: true });
-    await (0, import_promises7.rm)(fromPath, { recursive: true, force: true });
+    await (0, import_promises8.cp)(fromPath, toPath, { recursive: true, force: true });
+    await (0, import_promises8.rm)(fromPath, { recursive: true, force: true });
   }
 }
 async function rewriteProjectBindingInstanceEnv(projectPath, oldEnvPath, newEnvPath) {
-  const bindingPath = (0, import_path13.join)(projectPath, ".env.iranti");
-  if (!(0, import_fs8.existsSync)(bindingPath)) return;
-  const parsed = parseSimpleEnv2(await (0, import_promises7.readFile)(bindingPath, "utf8"));
+  const bindingPath = (0, import_path14.join)(projectPath, ".env.iranti");
+  if (!(0, import_fs9.existsSync)(bindingPath)) return;
+  const parsed = parseSimpleEnv2(await (0, import_promises8.readFile)(bindingPath, "utf8"));
   const current = parsed["IRANTI_INSTANCE_ENV"]?.trim() ?? "";
   if (!current) return;
-  if ((0, import_path13.resolve)(current) !== (0, import_path13.resolve)(oldEnvPath)) return;
+  if ((0, import_path14.resolve)(current) !== (0, import_path14.resolve)(oldEnvPath)) return;
   parsed["IRANTI_INSTANCE_ENV"] = newEnvPath;
-  await (0, import_promises7.writeFile)(bindingPath, buildSimpleEnvFile(parsed), "utf8");
+  await (0, import_promises8.writeFile)(bindingPath, buildSimpleEnvFile(parsed), "utf8");
 }
 async function rewriteMovedInstanceEnv(instanceDir, previousInstanceDir) {
-  const envPath = (0, import_path13.join)(instanceDir, ".env");
-  if (!(0, import_fs8.existsSync)(envPath)) return;
-  const parsed = parseSimpleEnv2(await (0, import_promises7.readFile)(envPath, "utf8"));
-  const oldBase = (0, import_path13.resolve)(previousInstanceDir);
-  const nextEscalation = (0, import_path13.join)(instanceDir, "escalation");
-  const nextRequestLog = (0, import_path13.join)(instanceDir, "logs", "api-requests.log");
+  const envPath = (0, import_path14.join)(instanceDir, ".env");
+  if (!(0, import_fs9.existsSync)(envPath)) return;
+  const parsed = parseSimpleEnv2(await (0, import_promises8.readFile)(envPath, "utf8"));
+  const oldBase = (0, import_path14.resolve)(previousInstanceDir);
+  const nextEscalation = (0, import_path14.join)(instanceDir, "escalation");
+  const nextRequestLog = (0, import_path14.join)(instanceDir, "logs", "api-requests.log");
   const currentEscalation = parsed["IRANTI_ESCALATION_DIR"]?.trim() ?? "";
   const currentRequestLog = parsed["IRANTI_REQUEST_LOG_FILE"]?.trim() ?? "";
-  if (!currentEscalation || (0, import_path13.resolve)(currentEscalation).startsWith(oldBase)) {
+  if (!currentEscalation || (0, import_path14.resolve)(currentEscalation).startsWith(oldBase)) {
     parsed["IRANTI_ESCALATION_DIR"] = nextEscalation;
   }
-  if (!currentRequestLog || (0, import_path13.resolve)((0, import_path13.dirname)(currentRequestLog)).startsWith((0, import_path13.resolve)((0, import_path13.join)(previousInstanceDir, "logs")))) {
+  if (!currentRequestLog || (0, import_path14.resolve)((0, import_path14.dirname)(currentRequestLog)).startsWith((0, import_path14.resolve)((0, import_path14.join)(previousInstanceDir, "logs")))) {
     parsed["IRANTI_REQUEST_LOG_FILE"] = nextRequestLog;
   }
-  await (0, import_promises7.writeFile)(envPath, buildSimpleEnvFile(parsed), "utf8");
+  await (0, import_promises8.writeFile)(envPath, buildSimpleEnvFile(parsed), "utf8");
 }
 async function rewriteMovedInstanceMeta(instanceDir, name) {
-  const metaPath = (0, import_path13.join)(instanceDir, "instance.json");
-  if (!(0, import_fs8.existsSync)(metaPath)) return;
-  const parsed = JSON.parse(await (0, import_promises7.readFile)(metaPath, "utf8"));
+  const metaPath = (0, import_path14.join)(instanceDir, "instance.json");
+  if (!(0, import_fs9.existsSync)(metaPath)) return;
+  const parsed = JSON.parse(await (0, import_promises8.readFile)(metaPath, "utf8"));
   parsed["name"] = name;
   parsed["instanceDir"] = instanceDir;
-  parsed["envFile"] = (0, import_path13.join)(instanceDir, ".env");
-  await (0, import_promises7.writeFile)(metaPath, `${JSON.stringify(parsed, null, 2)}
+  parsed["envFile"] = (0, import_path14.join)(instanceDir, ".env");
+  await (0, import_promises8.writeFile)(metaPath, `${JSON.stringify(parsed, null, 2)}
 `, "utf8");
 }
 async function clearMovedRuntimeMetadata(instanceDir) {
-  const runtimePath = (0, import_path13.join)(instanceDir, "runtime.json");
-  if (!(0, import_fs8.existsSync)(runtimePath)) return;
-  await (0, import_promises7.rm)(runtimePath, { force: true });
+  const runtimePath = (0, import_path14.join)(instanceDir, "runtime.json");
+  if (!(0, import_fs9.existsSync)(runtimePath)) return;
+  await (0, import_promises8.rm)(runtimePath, { force: true });
 }
-function escapePgIdentifier(value) {
+function escapePgIdentifier2(value) {
   return `"${value.replace(/"/g, '""')}"`;
 }
 function parseDatabaseTarget2(dbUrl) {
@@ -59421,13 +59758,13 @@ function parseDatabaseTarget2(dbUrl) {
 }
 async function dropDatabase(dbUrl) {
   const { adminUrl, databaseName } = parseDatabaseTarget2(dbUrl);
-  const pool2 = new Pool8({ connectionString: adminUrl });
+  const pool2 = new Pool11({ connectionString: adminUrl });
   try {
     await pool2.query(
       "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = $1 AND pid <> pg_backend_pid()",
       [databaseName]
     );
-    await pool2.query(`DROP DATABASE IF EXISTS ${escapePgIdentifier(databaseName)}`);
+    await pool2.query(`DROP DATABASE IF EXISTS ${escapePgIdentifier2(databaseName)}`);
   } finally {
     await pool2.end();
   }
@@ -59436,8 +59773,8 @@ async function dropDatabase(dbUrl) {
 async function deleteBoundProjectFiles(projectPaths) {
   const removed = [];
   for (const projectPath of projectPaths) {
-    const bindingPath = (0, import_path13.join)(projectPath, ".env.iranti");
-    await (0, import_promises7.rm)(bindingPath, { force: true });
+    const bindingPath = (0, import_path14.join)(projectPath, ".env.iranti");
+    await (0, import_promises8.rm)(bindingPath, { force: true });
     removed.push(bindingPath);
   }
   return removed;
@@ -59493,8 +59830,9 @@ instanceLifecycleRouter.post("/instances", async (req, res) => {
     return;
   }
   const runtimeRoot = preferredRuntimeRoot();
+  const generatedApiKey = generateInstanceApiKey(name);
   const { instanceDir, envFile } = instancePaths(runtimeRoot, name);
-  if ((0, import_fs8.existsSync)(instanceDir)) {
+  if ((0, import_fs9.existsSync)(instanceDir)) {
     res.status(409).json({
       error: "Instance already exists.",
       code: "INSTANCE_EXISTS"
@@ -59519,6 +59857,8 @@ instanceLifecycleRouter.post("/instances", async (req, res) => {
     String(port),
     "--db-url",
     dbUrl.trim(),
+    "--api-key",
+    generatedApiKey,
     "--provider",
     provider
   ];
@@ -59539,7 +59879,7 @@ instanceLifecycleRouter.post("/instances", async (req, res) => {
   try {
     let envContent;
     try {
-      envContent = await (0, import_promises7.readFile)(envFile, "utf8");
+      envContent = await (0, import_promises8.readFile)(envFile, "utf8");
     } catch {
       envContent = "";
     }
@@ -59547,12 +59887,22 @@ instanceLifecycleRouter.post("/instances", async (req, res) => {
       const pepper = (0, import_crypto5.randomBytes)(32).toString("hex");
       const pepperLine = `IRANTI_API_KEY_PEPPER=${pepper}`;
       envContent = envContent.endsWith("\n") ? envContent + pepperLine + "\n" : envContent + "\n" + pepperLine + "\n";
-      await (0, import_promises7.writeFile)(envFile, envContent, "utf8");
+      await (0, import_promises8.writeFile)(envFile, envContent, "utf8");
     }
   } catch {
     console.warn(`[instance-lifecycle] Failed to write IRANTI_API_KEY_PEPPER to ${envFile}`);
   }
   const instanceEnv = parseEnvFile2(envFile);
+  let note = "Instance created. Open it in Control Plane to start the runtime, finish provider setup, and bind projects.";
+  try {
+    const prov = await provisionDatabase(dbUrl.trim(), instanceDir);
+    if (prov.migrated) {
+      note = prov.created ? `Instance and database "${prov.databaseName}" created \u2014 ready to start.` : `Instance created. Database "${prov.databaseName}" already existed \u2014 migrations applied.`;
+    } else if (prov.created) {
+      note = `Instance and database "${prov.databaseName}" created. ${prov.migrationNote} Use the setup or repair flow if migrations are still needed.`;
+    }
+  } catch {
+  }
   res.status(201).json({
     ok: true,
     name,
@@ -59560,7 +59910,7 @@ instanceLifecycleRouter.post("/instances", async (req, res) => {
     envFile,
     port,
     provider: instanceEnv["LLM_PROVIDER"] ?? provider,
-    note: "Instance created. Open it in Control Plane to start the runtime, finish provider setup, and bind projects."
+    note
   });
 });
 instanceLifecycleRouter.patch("/instances/:name", async (req, res) => {
@@ -59574,7 +59924,7 @@ instanceLifecycleRouter.patch("/instances/:name", async (req, res) => {
   }
   const runtimeRoot = preferredRuntimeRoot();
   const { instanceDir, envFile } = instancePaths(runtimeRoot, name);
-  if (!(0, import_fs8.existsSync)(instanceDir)) {
+  if (!(0, import_fs9.existsSync)(instanceDir)) {
     res.status(404).json({
       error: `Instance "${name}" not found.`,
       code: "NOT_FOUND"
@@ -59704,7 +60054,7 @@ instanceLifecycleRouter.delete("/instances/:name", async (req, res) => {
   const resolvedAuthority = await resolveInstanceAuthority(name);
   const runtimeRoot = resolvedAuthority?.runtimeRoot ?? preferredRuntimeRoot();
   const { instanceDir, envFile } = resolvedAuthority ? { instanceDir: resolvedAuthority.instanceDir, envFile: resolvedAuthority.instanceEnvPath } : instancePaths(runtimeRoot, name);
-  if (!(0, import_fs8.existsSync)(instanceDir)) {
+  if (!(0, import_fs9.existsSync)(instanceDir)) {
     res.status(404).json({
       error: `Instance "${name}" not found.`,
       code: "NOT_FOUND"
@@ -59737,7 +60087,7 @@ instanceLifecycleRouter.delete("/instances/:name", async (req, res) => {
     if (dropDatabaseRequested) {
       droppedDatabaseName = await dropDatabase(databaseUrl2);
     }
-    await (0, import_promises7.rm)(instanceDir, { recursive: true, force: true });
+    await (0, import_promises8.rm)(instanceDir, { recursive: true, force: true });
   } catch (error2) {
     res.status(500).json({
       error: commandFailureMessage(error2),
@@ -59774,7 +60124,7 @@ instanceLifecycleRouter.post("/instances/:name/migrate-root", async (req, res) =
   }
   const currentRoot = resolvedAuthority.runtimeRoot;
   const targetRoot = preferredRuntimeRoot();
-  if ((0, import_path13.resolve)(currentRoot) === (0, import_path13.resolve)(targetRoot)) {
+  if ((0, import_path14.resolve)(currentRoot) === (0, import_path14.resolve)(targetRoot)) {
     res.status(200).json({
       ok: true,
       name,
@@ -59794,8 +60144,8 @@ instanceLifecycleRouter.post("/instances/:name/migrate-root", async (req, res) =
     });
     return;
   }
-  const targetInstanceDir = (0, import_path13.join)(targetRoot, "instances", name);
-  if ((0, import_fs8.existsSync)(targetInstanceDir)) {
+  const targetInstanceDir = (0, import_path14.join)(targetRoot, "instances", name);
+  if ((0, import_fs9.existsSync)(targetInstanceDir)) {
     res.status(409).json({
       error: `Target runtime root already contains an instance named "${name}".`,
       code: "TARGET_EXISTS"
@@ -59803,9 +60153,9 @@ instanceLifecycleRouter.post("/instances/:name/migrate-root", async (req, res) =
     return;
   }
   const oldEnvPath = resolvedAuthority.instanceEnvPath;
-  const newEnvPath = (0, import_path13.join)(targetInstanceDir, ".env");
+  const newEnvPath = (0, import_path14.join)(targetInstanceDir, ".env");
   try {
-    await (0, import_promises7.mkdir)((0, import_path13.join)(targetRoot, "instances"), { recursive: true });
+    await (0, import_promises8.mkdir)((0, import_path14.join)(targetRoot, "instances"), { recursive: true });
     await moveDirectory(resolvedAuthority.instanceDir, targetInstanceDir);
     await rewriteMovedInstanceEnv(targetInstanceDir, resolvedAuthority.instanceDir);
     await rewriteMovedInstanceMeta(targetInstanceDir, name);
@@ -59835,20 +60185,20 @@ instanceLifecycleRouter.post("/instances/:name/migrate-root", async (req, res) =
 
 // src/server/routes/control-plane/project-bindings.ts
 var import_express25 = __toESM(require_express2(), 1);
-var import_fs9 = require("fs");
-var import_path14 = require("path");
+var import_fs10 = require("fs");
+var import_path15 = require("path");
 var import_os4 = require("os");
 var projectBindingsRouter = (0, import_express25.Router)();
 var INSTANCE_NAME_RE4 = /^[a-zA-Z0-9_-]{1,64}$/;
 function getRuntimeRoot() {
-  return process.env.IRANTI_HOME ?? (0, import_path14.join)((0, import_os4.homedir)(), ".iranti-runtime");
+  return process.env.IRANTI_HOME ?? (0, import_path15.join)((0, import_os4.homedir)(), ".iranti-runtime");
 }
 function getInstanceEnvPath(runtimeRoot, instanceName) {
-  return (0, import_path14.join)(runtimeRoot, "instances", instanceName, ".env");
+  return (0, import_path15.join)(runtimeRoot, "instances", instanceName, ".env");
 }
 function parseEnvFile3(filePath) {
   const result = {};
-  const lines = (0, import_fs9.readFileSync)(filePath, "utf8").split("\n");
+  const lines = (0, import_fs10.readFileSync)(filePath, "utf8").split("\n");
   for (const line of lines) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
@@ -59864,12 +60214,12 @@ function buildEnvFileContent(pairs) {
   return Object.entries(pairs).map(([k, v]) => `${k}=${v}`).join("\n") + "\n";
 }
 function getRegistryPath(runtimeRoot, instanceName) {
-  return (0, import_path14.join)(runtimeRoot, "instances", instanceName, "projects.json");
+  return (0, import_path15.join)(runtimeRoot, "instances", instanceName, "projects.json");
 }
 function readRegistry2(registryPath) {
-  if (!(0, import_fs9.existsSync)(registryPath)) return { projects: [] };
+  if (!(0, import_fs10.existsSync)(registryPath)) return { projects: [] };
   try {
-    const raw = (0, import_fs9.readFileSync)(registryPath, "utf8");
+    const raw = (0, import_fs10.readFileSync)(registryPath, "utf8");
     const parsed = JSON.parse(raw);
     if (!Array.isArray(parsed.projects)) return { projects: [] };
     return parsed;
@@ -59879,8 +60229,8 @@ function readRegistry2(registryPath) {
 }
 function writeRegistry(registryPath, registry2) {
   const dir = registryPath.replace(/[/\\][^/\\]+$/, "");
-  (0, import_fs9.mkdirSync)(dir, { recursive: true });
-  (0, import_fs9.writeFileSync)(registryPath, JSON.stringify(registry2, null, 2) + "\n", "utf8");
+  (0, import_fs10.mkdirSync)(dir, { recursive: true });
+  (0, import_fs10.writeFileSync)(registryPath, JSON.stringify(registry2, null, 2) + "\n", "utf8");
 }
 function removeProjectFromRegistry(registryPath, projectPath) {
   const registry2 = readRegistry2(registryPath);
@@ -59952,37 +60302,37 @@ function removeIrantiClaudeHooksFromValue(value) {
 function cleanupProjectIntegrations(projectPath) {
   const result = { removed: [], updated: [], warnings: [] };
   const candidates = [
-    (0, import_path14.join)(projectPath, ".mcp.json"),
-    (0, import_path14.join)(projectPath, ".vscode", "mcp.json")
+    (0, import_path15.join)(projectPath, ".mcp.json"),
+    (0, import_path15.join)(projectPath, ".vscode", "mcp.json")
   ];
   for (const candidate of candidates) {
-    if (!(0, import_fs9.existsSync)(candidate)) continue;
+    if (!(0, import_fs10.existsSync)(candidate)) continue;
     try {
-      const parsed = JSON.parse((0, import_fs9.readFileSync)(candidate, "utf8"));
+      const parsed = JSON.parse((0, import_fs10.readFileSync)(candidate, "utf8"));
       const next = removeIrantiMcpServerFromValue(parsed);
       if (next === parsed) continue;
       if (!next) {
-        (0, import_fs9.rmSync)(candidate, { force: true });
+        (0, import_fs10.rmSync)(candidate, { force: true });
         result.removed.push(candidate);
       } else {
-        (0, import_fs9.writeFileSync)(candidate, JSON.stringify(next, null, 2) + "\n", "utf8");
+        (0, import_fs10.writeFileSync)(candidate, JSON.stringify(next, null, 2) + "\n", "utf8");
         result.updated.push(candidate);
       }
     } catch {
       result.warnings.push(`Skipped unreadable MCP file ${candidate}`);
     }
   }
-  const claudeSettingsFile = (0, import_path14.join)(projectPath, ".claude", "settings.local.json");
-  if ((0, import_fs9.existsSync)(claudeSettingsFile)) {
+  const claudeSettingsFile = (0, import_path15.join)(projectPath, ".claude", "settings.local.json");
+  if ((0, import_fs10.existsSync)(claudeSettingsFile)) {
     try {
-      const parsed = JSON.parse((0, import_fs9.readFileSync)(claudeSettingsFile, "utf8"));
+      const parsed = JSON.parse((0, import_fs10.readFileSync)(claudeSettingsFile, "utf8"));
       const next = removeIrantiClaudeHooksFromValue(parsed);
       if (next !== parsed) {
         if (!next) {
-          (0, import_fs9.rmSync)(claudeSettingsFile, { force: true });
+          (0, import_fs10.rmSync)(claudeSettingsFile, { force: true });
           result.removed.push(claudeSettingsFile);
         } else {
-          (0, import_fs9.writeFileSync)(claudeSettingsFile, JSON.stringify(next, null, 2) + "\n", "utf8");
+          (0, import_fs10.writeFileSync)(claudeSettingsFile, JSON.stringify(next, null, 2) + "\n", "utf8");
           result.updated.push(claudeSettingsFile);
         }
       }
@@ -59993,15 +60343,15 @@ function cleanupProjectIntegrations(projectPath) {
   return result;
 }
 function ensureGitignoreEntry(projectPath, entry) {
-  const gitignorePath = (0, import_path14.join)(projectPath, ".gitignore");
-  if ((0, import_fs9.existsSync)(gitignorePath)) {
-    const content = (0, import_fs9.readFileSync)(gitignorePath, "utf8");
+  const gitignorePath = (0, import_path15.join)(projectPath, ".gitignore");
+  if ((0, import_fs10.existsSync)(gitignorePath)) {
+    const content = (0, import_fs10.readFileSync)(gitignorePath, "utf8");
     const lines = content.split("\n").map((l) => l.trim());
     if (lines.includes(entry)) return;
     const updated = content.endsWith("\n") ? content + entry + "\n" : content + "\n" + entry + "\n";
-    (0, import_fs9.writeFileSync)(gitignorePath, updated, "utf8");
+    (0, import_fs10.writeFileSync)(gitignorePath, updated, "utf8");
   } else {
-    (0, import_fs9.writeFileSync)(gitignorePath, entry + "\n", "utf8");
+    (0, import_fs10.writeFileSync)(gitignorePath, entry + "\n", "utf8");
   }
 }
 projectBindingsRouter.post(
@@ -60025,16 +60375,16 @@ projectBindingsRouter.post(
       res.status(400).json({ error: "projectPath is required" });
       return;
     }
-    if (!(0, import_path14.isAbsolute)(projectPath)) {
+    if (!(0, import_path15.isAbsolute)(projectPath)) {
       res.status(400).json({ error: "projectPath must be an absolute path" });
       return;
     }
-    if (!(0, import_fs9.existsSync)(projectPath)) {
+    if (!(0, import_fs10.existsSync)(projectPath)) {
       res.status(400).json({ error: "projectPath does not exist" });
       return;
     }
     try {
-      const stat2 = (0, import_fs9.statSync)(projectPath);
+      const stat2 = (0, import_fs10.statSync)(projectPath);
       if (!stat2.isDirectory()) {
         res.status(400).json({ error: "projectPath must be a directory" });
         return;
@@ -60045,7 +60395,7 @@ projectBindingsRouter.post(
     }
     const runtimeRoot = getRuntimeRoot();
     const instanceEnvPath = getInstanceEnvPath(runtimeRoot, instanceName);
-    if (!(0, import_fs9.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
       res.status(404).json({
         error: `Instance '${instanceName}' not found`,
         instanceEnvPath
@@ -60070,7 +60420,7 @@ projectBindingsRouter.post(
       return;
     }
     const resolvedAgentId = agentId ?? "main_agent";
-    const resolvedMemoryEntity = memoryEntity ?? `project/${(0, import_path14.basename)(projectPath)}`;
+    const resolvedMemoryEntity = memoryEntity ?? `project/${(0, import_path15.basename)(projectPath)}`;
     const resolvedPersonalMemoryEntity = personalMemoryEntity ?? "user/main";
     const resolvedMode = mode === "isolated" || mode === "shared" ? mode : "isolated";
     const resolvedAutoRemember = autoRemember === true ? "true" : "false";
@@ -60085,9 +60435,9 @@ projectBindingsRouter.post(
       IRANTI_INSTANCE_ENV: instanceEnvPath,
       IRANTI_AUTO_REMEMBER: resolvedAutoRemember
     });
-    const envIrantiPath = (0, import_path14.join)(projectPath, ".env.iranti");
+    const envIrantiPath = (0, import_path15.join)(projectPath, ".env.iranti");
     try {
-      (0, import_fs9.writeFileSync)(envIrantiPath, envIrantiContent, "utf8");
+      (0, import_fs10.writeFileSync)(envIrantiPath, envIrantiContent, "utf8");
     } catch (err) {
       res.status(500).json({ error: "Failed to write .env.iranti", detail: String(err) });
       return;
@@ -60147,18 +60497,18 @@ projectBindingsRouter.patch(
       res.status(400).json({ error: "projectPath query param is required" });
       return;
     }
-    if (!(0, import_path14.isAbsolute)(projectPath)) {
+    if (!(0, import_path15.isAbsolute)(projectPath)) {
       res.status(400).json({ error: "projectPath must be an absolute path" });
       return;
     }
     const runtimeRoot = getRuntimeRoot();
     const currentInstanceEnvPath = getInstanceEnvPath(runtimeRoot, instanceName);
-    if (!(0, import_fs9.existsSync)(currentInstanceEnvPath)) {
+    if (!(0, import_fs10.existsSync)(currentInstanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
-    const envIrantiPath = (0, import_path14.join)(projectPath, ".env.iranti");
-    if (!(0, import_fs9.existsSync)(envIrantiPath)) {
+    const envIrantiPath = (0, import_path15.join)(projectPath, ".env.iranti");
+    if (!(0, import_fs10.existsSync)(envIrantiPath)) {
       res.status(404).json({
         error: ".env.iranti not found at projectPath \u2014 bind the project first",
         envIrantiPath
@@ -60181,7 +60531,7 @@ projectBindingsRouter.patch(
         return;
       }
       const targetEnvPath = getInstanceEnvPath(runtimeRoot, targetInstanceName);
-      if (!(0, import_fs9.existsSync)(targetEnvPath)) {
+      if (!(0, import_fs10.existsSync)(targetEnvPath)) {
         res.status(404).json({ error: `Target instance '${targetInstanceName}' not found` });
         return;
       }
@@ -60253,7 +60603,7 @@ projectBindingsRouter.patch(
       if (!canonicalKeys.includes(k)) reordered[k] = v;
     }
     try {
-      (0, import_fs9.writeFileSync)(envIrantiPath, buildEnvFileContent(reordered), "utf8");
+      (0, import_fs10.writeFileSync)(envIrantiPath, buildEnvFileContent(reordered), "utf8");
     } catch (err) {
       res.status(500).json({ error: "Failed to write updated .env.iranti", detail: String(err) });
       return;
@@ -60275,7 +60625,7 @@ projectBindingsRouter.patch(
         const updatedEntry = {
           projectPath,
           agentId: movedEntry?.agentId ?? updated["IRANTI_AGENT_ID"] ?? "main_agent",
-          memoryEntity: movedEntry?.memoryEntity ?? updated["IRANTI_MEMORY_ENTITY"] ?? `project/${(0, import_path14.basename)(projectPath)}`,
+          memoryEntity: movedEntry?.memoryEntity ?? updated["IRANTI_MEMORY_ENTITY"] ?? `project/${(0, import_path15.basename)(projectPath)}`,
           mode: mode ?? movedEntry?.mode ?? "isolated",
           boundAt: movedEntry?.boundAt ?? (/* @__PURE__ */ new Date()).toISOString()
         };
@@ -60314,18 +60664,18 @@ projectBindingsRouter.delete(
       res.status(400).json({ error: "projectPath query param is required" });
       return;
     }
-    if (!(0, import_path14.isAbsolute)(projectPath)) {
+    if (!(0, import_path15.isAbsolute)(projectPath)) {
       res.status(400).json({ error: "projectPath must be an absolute path" });
       return;
     }
     const runtimeRoot = getRuntimeRoot();
     const instanceEnvPath = getInstanceEnvPath(runtimeRoot, instanceName);
-    if (!(0, import_fs9.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
-    const envIrantiPath = (0, import_path14.join)(projectPath, ".env.iranti");
-    if (!(0, import_fs9.existsSync)(envIrantiPath)) {
+    const envIrantiPath = (0, import_path15.join)(projectPath, ".env.iranti");
+    if (!(0, import_fs10.existsSync)(envIrantiPath)) {
       res.status(404).json({
         error: ".env.iranti not found at projectPath \u2014 bind the project first",
         envIrantiPath
@@ -60336,7 +60686,7 @@ projectBindingsRouter.delete(
     const registryPath = getRegistryPath(runtimeRoot, instanceName);
     const registryRemoved = removeProjectFromRegistry(registryPath, projectPath);
     try {
-      (0, import_fs9.rmSync)(envIrantiPath, { force: true });
+      (0, import_fs10.rmSync)(envIrantiPath, { force: true });
     } catch (err) {
       res.status(500).json({ error: "Failed to remove .env.iranti", detail: String(err) });
       return;
@@ -60364,17 +60714,17 @@ projectBindingsRouter.get(
     }
     const runtimeRoot = getRuntimeRoot();
     const instanceEnvPath = getInstanceEnvPath(runtimeRoot, instanceName);
-    if (!(0, import_fs9.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
     const registryPath = getRegistryPath(runtimeRoot, instanceName);
     const registry2 = readRegistry2(registryPath);
     const live = registry2.projects.filter(
-      (entry) => (0, import_fs9.existsSync)((0, import_path14.join)(entry.projectPath, ".env.iranti"))
+      (entry) => (0, import_fs10.existsSync)((0, import_path15.join)(entry.projectPath, ".env.iranti"))
     );
-    const cwdBindingPath = (0, import_path14.join)(process.cwd(), ".env.iranti");
-    if ((0, import_fs9.existsSync)(cwdBindingPath)) {
+    const cwdBindingPath = (0, import_path15.join)(process.cwd(), ".env.iranti");
+    if ((0, import_fs10.existsSync)(cwdBindingPath)) {
       try {
         const binding = parseEnvFile3(cwdBindingPath);
         const bindingInstance = binding["IRANTI_INSTANCE"]?.trim() ?? "";
@@ -60384,9 +60734,9 @@ projectBindingsRouter.get(
           live.push({
             projectPath: process.cwd(),
             agentId: binding["IRANTI_AGENT_ID"]?.trim() || "main_agent",
-            memoryEntity: binding["IRANTI_MEMORY_ENTITY"]?.trim() || `project/${(0, import_path14.basename)(process.cwd())}`,
+            memoryEntity: binding["IRANTI_MEMORY_ENTITY"]?.trim() || `project/${(0, import_path15.basename)(process.cwd())}`,
             mode: binding["IRANTI_PROJECT_MODE"]?.trim() === "shared" ? "shared" : "isolated",
-            boundAt: new Date((0, import_fs9.statSync)(cwdBindingPath).mtimeMs).toISOString()
+            boundAt: new Date((0, import_fs10.statSync)(cwdBindingPath).mtimeMs).toISOString()
           });
         }
       } catch {
@@ -60407,24 +60757,24 @@ projectBindingsRouter.get(
 
 // src/server/routes/control-plane/claude-integration.ts
 var import_express26 = __toESM(require_express2(), 1);
-var import_fs10 = require("fs");
-var import_path15 = require("path");
+var import_fs11 = require("fs");
+var import_path16 = require("path");
 var import_os5 = require("os");
 var claudeIntegrationRouter = (0, import_express26.Router)();
 var INSTANCE_NAME_RE5 = /^[a-zA-Z0-9_-]{1,64}$/;
 function getRuntimeRoot2() {
-  return process.env.IRANTI_HOME ?? (0, import_path15.join)((0, import_os5.homedir)(), ".iranti-runtime");
+  return process.env.IRANTI_HOME ?? (0, import_path16.join)((0, import_os5.homedir)(), ".iranti-runtime");
 }
 function getInstanceEnvPath2(runtimeRoot, instanceName) {
-  return (0, import_path15.join)(runtimeRoot, "instances", instanceName, ".env");
+  return (0, import_path16.join)(runtimeRoot, "instances", instanceName, ".env");
 }
 function getRegistryPath2(runtimeRoot, instanceName) {
-  return (0, import_path15.join)(runtimeRoot, "instances", instanceName, "projects.json");
+  return (0, import_path16.join)(runtimeRoot, "instances", instanceName, "projects.json");
 }
 function readRegistry3(registryPath) {
-  if (!(0, import_fs10.existsSync)(registryPath)) return { projects: [] };
+  if (!(0, import_fs11.existsSync)(registryPath)) return { projects: [] };
   try {
-    const raw = (0, import_fs10.readFileSync)(registryPath, "utf8");
+    const raw = (0, import_fs11.readFileSync)(registryPath, "utf8");
     const parsed = JSON.parse(raw);
     if (!Array.isArray(parsed.projects)) return { projects: [] };
     return parsed;
@@ -60433,9 +60783,9 @@ function readRegistry3(registryPath) {
   }
 }
 function readJsonFile2(filePath) {
-  if (!(0, import_fs10.existsSync)(filePath)) return null;
+  if (!(0, import_fs11.existsSync)(filePath)) return null;
   try {
-    const raw = (0, import_fs10.readFileSync)(filePath, "utf8");
+    const raw = (0, import_fs11.readFileSync)(filePath, "utf8");
     const parsed = JSON.parse(raw);
     if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return null;
     return parsed;
@@ -60496,10 +60846,10 @@ function usesPortableIrantiCommand(command) {
   return /(^|\/)iranti(\.cmd|\.exe)?$/.test(normalized);
 }
 async function checkProjectIntegration2(projectPath) {
-  const mcpJsonPath = (0, import_path15.join)(projectPath, ".mcp.json");
-  const workspaceMcpJsonPath = (0, import_path15.join)(projectPath, ".vscode", "mcp.json");
-  const hooksJsonPath = (0, import_path15.join)(projectPath, ".claude", "settings.local.json");
-  const projectEnvPath = (0, import_path15.join)(projectPath, ".env.iranti");
+  const mcpJsonPath = (0, import_path16.join)(projectPath, ".mcp.json");
+  const workspaceMcpJsonPath = (0, import_path16.join)(projectPath, ".vscode", "mcp.json");
+  const hooksJsonPath = (0, import_path16.join)(projectPath, ".claude", "settings.local.json");
+  const projectEnvPath = (0, import_path16.join)(projectPath, ".env.iranti");
   const mcpJson = readJsonFile2(mcpJsonPath);
   const workspaceMcpJson = readJsonFile2(workspaceMcpJsonPath);
   const hooksJson = readJsonFile2(hooksJsonPath);
@@ -60507,9 +60857,9 @@ async function checkProjectIntegration2(projectPath) {
   const irantiWorkspaceMcpEntry = workspaceMcpJson ? extractIrantiMcpEntry(workspaceMcpJson) : null;
   const irantiHooks = hooksJson ? extractIrantiHooks(hooksJson) : { sessionStart: null, userPromptSubmit: null, stop: null };
   const issues = [];
-  const anyMcpPresent = (0, import_fs10.existsSync)(mcpJsonPath) || (0, import_fs10.existsSync)(workspaceMcpJsonPath);
+  const anyMcpPresent = (0, import_fs11.existsSync)(mcpJsonPath) || (0, import_fs11.existsSync)(workspaceMcpJsonPath);
   const anyMcpHasIranti = irantiMcpEntry !== null || irantiWorkspaceMcpEntry !== null;
-  const mcpInitialize = anyMcpHasIranti && (0, import_fs10.existsSync)(projectEnvPath) ? await probeIrantiMcpInitialize({
+  const mcpInitialize = anyMcpHasIranti && (0, import_fs11.existsSync)(projectEnvPath) ? await probeIrantiMcpInitialize({
     projectPath,
     projectEnvPath
   }) : null;
@@ -60525,7 +60875,7 @@ async function checkProjectIntegration2(projectPath) {
       }
     }
   }
-  if (!(0, import_fs10.existsSync)(hooksJsonPath)) {
+  if (!(0, import_fs11.existsSync)(hooksJsonPath)) {
     issues.push(".claude/settings.local.json not found - hooks not configured");
   } else if (!irantiHooks.sessionStart && !irantiHooks.userPromptSubmit && !irantiHooks.stop) {
     issues.push("No Iranti hooks registered in settings.local.json");
@@ -60547,11 +60897,11 @@ async function checkProjectIntegration2(projectPath) {
   return {
     projectPath,
     mcpJson,
-    mcpJsonPath: (0, import_fs10.existsSync)(mcpJsonPath) ? mcpJsonPath : null,
+    mcpJsonPath: (0, import_fs11.existsSync)(mcpJsonPath) ? mcpJsonPath : null,
     workspaceMcpJson,
-    workspaceMcpJsonPath: (0, import_fs10.existsSync)(workspaceMcpJsonPath) ? workspaceMcpJsonPath : null,
+    workspaceMcpJsonPath: (0, import_fs11.existsSync)(workspaceMcpJsonPath) ? workspaceMcpJsonPath : null,
     hooksJson,
-    hooksJsonPath: (0, import_fs10.existsSync)(hooksJsonPath) ? hooksJsonPath : null,
+    hooksJsonPath: (0, import_fs11.existsSync)(hooksJsonPath) ? hooksJsonPath : null,
     irantiMcpEntry,
     irantiWorkspaceMcpEntry,
     irantiHooks,
@@ -60569,10 +60919,10 @@ async function scaffoldProjectFiles(opts) {
       timeoutMs: 15e3
     });
     const written = [
-      (0, import_path15.join)(projectPath, ".mcp.json"),
-      (0, import_path15.join)(projectPath, ".vscode", "mcp.json"),
-      (0, import_path15.join)(projectPath, ".claude", "settings.local.json")
-    ].filter((filePath) => (0, import_fs10.existsSync)(filePath));
+      (0, import_path16.join)(projectPath, ".mcp.json"),
+      (0, import_path16.join)(projectPath, ".vscode", "mcp.json"),
+      (0, import_path16.join)(projectPath, ".claude", "settings.local.json")
+    ].filter((filePath) => (0, import_fs11.existsSync)(filePath));
     const output = [result.stdout.trim(), result.stderr.trim()].filter(Boolean).join("\n");
     return { ok: true, written, output };
   } catch (err) {
@@ -60598,17 +60948,17 @@ claudeIntegrationRouter.get(
       res.status(400).json({ error: "Invalid projectId encoding" });
       return;
     }
-    if (!(0, import_path15.isAbsolute)(projectPath)) {
+    if (!(0, import_path16.isAbsolute)(projectPath)) {
       res.status(400).json({ error: "projectPath must be an absolute path" });
       return;
     }
-    if (!(0, import_fs10.existsSync)(projectPath)) {
+    if (!(0, import_fs11.existsSync)(projectPath)) {
       res.status(404).json({ error: `projectPath does not exist: ${projectPath}` });
       return;
     }
     const runtimeRoot = getRuntimeRoot2();
     const instanceEnvPath = getInstanceEnvPath2(runtimeRoot, instanceName);
-    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs11.existsSync)(instanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
@@ -60631,23 +60981,23 @@ claudeIntegrationRouter.post(
       res.status(400).json({ error: "Invalid projectId encoding" });
       return;
     }
-    if (!(0, import_path15.isAbsolute)(projectPath)) {
+    if (!(0, import_path16.isAbsolute)(projectPath)) {
       res.status(400).json({ error: "projectPath must be an absolute path" });
       return;
     }
-    if (!(0, import_fs10.existsSync)(projectPath)) {
+    if (!(0, import_fs11.existsSync)(projectPath)) {
       res.status(404).json({ error: `projectPath does not exist: ${projectPath}` });
       return;
     }
     const runtimeRoot = getRuntimeRoot2();
     const instanceEnvPath = getInstanceEnvPath2(runtimeRoot, instanceName);
-    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs11.existsSync)(instanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
     const { force = false } = req.body;
-    const projectEnvPath = (0, import_path15.join)(projectPath, ".env.iranti");
-    if (!(0, import_fs10.existsSync)(projectEnvPath)) {
+    const projectEnvPath = (0, import_path16.join)(projectPath, ".env.iranti");
+    if (!(0, import_fs11.existsSync)(projectEnvPath)) {
       res.status(400).json({
         error: `.env.iranti not found at ${projectEnvPath}. Bind the project first using the Project Bindings panel.`,
         code: "IRANTI_PROJECT_BINDING_MISSING"
@@ -60669,13 +61019,13 @@ claudeIntegrationRouter.get(
     }
     const runtimeRoot = getRuntimeRoot2();
     const instanceEnvPath = getInstanceEnvPath2(runtimeRoot, instanceName);
-    if (!(0, import_fs10.existsSync)(instanceEnvPath)) {
+    if (!(0, import_fs11.existsSync)(instanceEnvPath)) {
       res.status(404).json({ error: `Instance '${instanceName}' not found` });
       return;
     }
     const registryPath = getRegistryPath2(runtimeRoot, instanceName);
     const registry2 = readRegistry3(registryPath);
-    const liveProjects = registry2.projects.filter((entry) => (0, import_fs10.existsSync)((0, import_path15.join)(entry.projectPath, ".env.iranti")));
+    const liveProjects = registry2.projects.filter((entry) => (0, import_fs11.existsSync)((0, import_path16.join)(entry.projectPath, ".env.iranti")));
     const projects = await Promise.all(liveProjects.map(async (entry) => {
       const check2 = await checkProjectIntegration2(entry.projectPath);
       const irantiHooksCount = [check2.irantiHooks.sessionStart, check2.irantiHooks.userPromptSubmit, check2.irantiHooks.stop].filter(Boolean).length;
@@ -60700,13 +61050,13 @@ claudeIntegrationRouter.get(
 var import_express27 = __toESM(require_express2(), 1);
 
 // src/server/lib/codex-cli.ts
-var import_child_process5 = require("child_process");
-var import_promises8 = require("fs/promises");
-var import_fs11 = require("fs");
-var import_path16 = require("path");
+var import_child_process6 = require("child_process");
+var import_promises9 = require("fs/promises");
+var import_fs12 = require("fs");
+var import_path17 = require("path");
 var import_util8 = require("util");
 init_path_utils();
-var execFileAsync3 = (0, import_util8.promisify)(import_child_process5.execFile);
+var execFileAsync3 = (0, import_util8.promisify)(import_child_process6.execFile);
 function candidateFromEnv2() {
   const raw = process.env["CODEX_CLI_PATH"]?.trim() ?? process.env["IRANTI_CP_CODEX_CLI"]?.trim() ?? "";
   return raw || null;
@@ -60714,7 +61064,7 @@ function candidateFromEnv2() {
 async function firstPathHit2() {
   const checker = process.platform === "win32" ? "where" : "which";
   return new Promise((resolveResult) => {
-    const child = (0, import_child_process5.spawn)(checker, ["codex"], { stdio: ["ignore", "pipe", "ignore"] });
+    const child = (0, import_child_process6.spawn)(checker, ["codex"], { stdio: ["ignore", "pipe", "ignore"] });
     let stdout = "";
     let settled = false;
     const finish = (value) => {
@@ -60748,12 +61098,12 @@ async function firstPathHit2() {
 async function normalizeInvocation2(candidate, source) {
   const normalized = resolvePortable(candidate);
   const lower = normalized.toLowerCase();
-  const extension = (0, import_path16.extname)(lower);
+  const extension = (0, import_path17.extname)(lower);
   if (process.platform === "win32" && !extension) {
     for (const suffix of [".exe", ".cmd", ".bat", ".ps1"]) {
       const sibling = `${normalized}${suffix}`;
       try {
-        await (0, import_promises8.access)(sibling, import_fs11.constants.F_OK);
+        await (0, import_promises9.access)(sibling, import_fs12.constants.F_OK);
         return normalizeInvocation2(sibling, source);
       } catch {
       }
@@ -60771,7 +61121,7 @@ async function normalizeInvocation2(candidate, source) {
     const installDir = dirnamePortable(normalized);
     const cliEntry = joinPortable(installDir, "node_modules", "@openai", "codex", "bin", "codex.js");
     try {
-      await (0, import_promises8.access)(cliEntry, import_fs11.constants.F_OK);
+      await (0, import_promises9.access)(cliEntry, import_fs12.constants.F_OK);
       return {
         command: process.execPath,
         args: [cliEntry],
@@ -60781,7 +61131,7 @@ async function normalizeInvocation2(candidate, source) {
     } catch {
       const exeSibling = normalized.replace(/\.(cmd|bat)$/i, ".exe");
       try {
-        await (0, import_promises8.access)(exeSibling, import_fs11.constants.F_OK);
+        await (0, import_promises9.access)(exeSibling, import_fs12.constants.F_OK);
         return {
           command: exeSibling,
           args: [],
@@ -61148,20 +61498,20 @@ attendantDebugRouter.use((err, _req, res, _next) => {
 var import_express29 = __toESM(require_express2(), 1);
 
 // src/server/lib/local-operator-tools.ts
-var import_child_process6 = require("child_process");
-var import_promises9 = require("fs/promises");
-var import_path17 = require("path");
+var import_child_process7 = require("child_process");
+var import_promises10 = require("fs/promises");
+var import_path18 = require("path");
 var RUNNABLE_NPM_SCRIPTS = /* @__PURE__ */ new Set(["migrate"]);
 var RUNNABLE_GLOBAL_NPM_PACKAGES = [/^iranti(?:@[\w.-]+)?$/i];
 function spawnAndCollect(command, args, options = {}) {
   return new Promise((resolve10, reject) => {
     const shouldUseCmdWrapper = process.platform === "win32" && /\.cmd$/i.test(command);
-    const child = shouldUseCmdWrapper ? (0, import_child_process6.spawn)(process.env.ComSpec ?? "cmd.exe", ["/d", "/s", "/c", command, ...args], {
+    const child = shouldUseCmdWrapper ? (0, import_child_process7.spawn)(process.env.ComSpec ?? "cmd.exe", ["/d", "/s", "/c", command, ...args], {
       cwd: options.cwd,
       shell: false,
       windowsHide: true,
       env: process.env
-    }) : (0, import_child_process6.spawn)(command, args, {
+    }) : (0, import_child_process7.spawn)(command, args, {
       cwd: options.cwd,
       shell: false,
       windowsHide: true,
@@ -61205,7 +61555,7 @@ function resolveWindowsCommand(executable) {
   }
 }
 function splitEnvPath(pathValue) {
-  return (pathValue ?? "").split(import_path17.delimiter).map((part) => part.trim()).filter(Boolean);
+  return (pathValue ?? "").split(import_path18.delimiter).map((part) => part.trim()).filter(Boolean);
 }
 async function hasExecutableOnPath(executable) {
   const resolved = resolveWindowsCommand(executable);
@@ -61213,7 +61563,7 @@ async function hasExecutableOnPath(executable) {
   for (const dir of splitEnvPath(process.env["PATH"])) {
     for (const candidate of candidates) {
       try {
-        await (0, import_promises9.access)((0, import_path17.join)(dir, candidate), import_promises9.constants.F_OK);
+        await (0, import_promises10.access)((0, import_path18.join)(dir, candidate), import_promises10.constants.F_OK);
         return true;
       } catch {
       }
@@ -61283,7 +61633,7 @@ async function validateCwd(cwd) {
   if (!cwd) return void 0;
   const pathToUse = cwd.trim();
   if (!pathToUse) return void 0;
-  const stats = await (0, import_promises9.stat)(pathToUse);
+  const stats = await (0, import_promises10.stat)(pathToUse);
   if (!stats.isDirectory()) {
     throw new Error("cwd must be an existing directory.");
   }
@@ -61458,7 +61808,7 @@ localToolsRouter.post("/run-command", async (req, res) => {
 });
 
 // src/server/routes/control-plane/control-plane-self.ts
-var import_child_process7 = require("child_process");
+var import_child_process8 = require("child_process");
 var import_express30 = __toESM(require_express2(), 1);
 var controlPlaneSelfRouter = (0, import_express30.Router)();
 var shutdownListeners = /* @__PURE__ */ new Set();
@@ -61491,7 +61841,7 @@ controlPlaneSelfRouter.get("/self/shutdown-stream", (req, res) => {
 });
 function scheduleSelfUninstall() {
   if (process.platform === "win32") {
-    const child2 = (0, import_child_process7.spawn)("cmd", ["/d", "/s", "/c", "ping 127.0.0.1 -n 3 >nul && npm.cmd uninstall -g iranti-control-plane"], {
+    const child2 = (0, import_child_process8.spawn)("cmd", ["/d", "/s", "/c", "ping 127.0.0.1 -n 3 >nul && npm.cmd uninstall -g iranti-control-plane"], {
       detached: true,
       stdio: "ignore",
       windowsHide: true
@@ -61499,7 +61849,7 @@ function scheduleSelfUninstall() {
     child2.unref();
     return;
   }
-  const child = (0, import_child_process7.spawn)("sh", ["-lc", "sleep 2 && npm uninstall -g iranti-control-plane"], {
+  const child = (0, import_child_process8.spawn)("sh", ["-lc", "sleep 2 && npm uninstall -g iranti-control-plane"], {
     detached: true,
     stdio: "ignore"
   });
@@ -61525,8 +61875,316 @@ controlPlaneSelfRouter.post("/self/uninstall", (_req, res) => {
   scheduleSelfStop();
 });
 
+// src/server/routes/control-plane/session-ledger.ts
+var import_express31 = __toESM(require_express2(), 1);
+
+// src/server/lib/fleet-ledger-repo.ts
+init_db();
+function toIso4(value) {
+  if (value === null || value === void 0) return null;
+  if (value instanceof Date) return value.toISOString();
+  if (typeof value === "string") return value;
+  return String(value);
+}
+function mapRowToMirroredEvent(row) {
+  return {
+    id: row.id,
+    instanceId: row.instance_id,
+    remoteEventId: row.remote_event_id,
+    timestamp: toIso4(row.timestamp),
+    staffComponent: row.staff_component ?? "",
+    actionType: row.action_type ?? "",
+    agentId: row.agent_id ?? null,
+    source: row.source ?? null,
+    host: row.host ?? null,
+    sessionId: row.session_id ?? null,
+    entityType: row.entity_type ?? null,
+    entityId: row.entity_id ?? null,
+    key: row.key ?? null,
+    reason: row.reason ?? null,
+    level: row.level,
+    metadata: row.metadata ?? null,
+    ingestedAt: toIso4(row.ingested_at)
+  };
+}
+function mapRowToWatermark(row) {
+  const lastRemoteEventId = row.last_remote_event_id ?? null;
+  return {
+    instanceId: row.instance_id,
+    lastEventTimestamp: toIso4(row.last_event_timestamp),
+    lastEventId: lastRemoteEventId,
+    lastRemoteEventId,
+    lastPolledAt: toIso4(row.last_polled_at),
+    lastPollSucceeded: row.last_poll_succeeded,
+    lastPollError: row.last_poll_error ?? null,
+    consecutiveFailures: row.consecutive_failures,
+    totalEventsIngested: Number(row.total_events_ingested),
+    createdAt: toIso4(row.created_at),
+    updatedAt: toIso4(row.updated_at)
+  };
+}
+async function upsertMirroredEvents(events) {
+  if (events.length === 0) return 0;
+  const COLS = 15;
+  const params = [];
+  const valueClauses = [];
+  for (const ev of events) {
+    const host = ev.host !== null && ev.host !== void 0 ? ev.host : typeof ev.metadata?.host === "string" ? ev.metadata.host : null;
+    const base = params.length + 1;
+    valueClauses.push(
+      `($${base},$${base + 1},$${base + 2}::TIMESTAMPTZ,$${base + 3},$${base + 4},$${base + 5},$${base + 6},$${base + 7},$${base + 8},$${base + 9},$${base + 10},$${base + 11},$${base + 12},$${base + 13},$${base + 14}::jsonb)`
+    );
+    params.push(
+      ev.instanceId,
+      // $base
+      ev.remoteEventId,
+      // $base+1
+      ev.timestamp,
+      // $base+2
+      ev.staffComponent,
+      // $base+3
+      ev.actionType,
+      // $base+4
+      ev.agentId,
+      // $base+5
+      ev.source,
+      // $base+6
+      host,
+      // $base+7
+      ev.sessionId,
+      // $base+8
+      ev.entityType,
+      // $base+9
+      ev.entityId,
+      // $base+10
+      ev.key,
+      // $base+11
+      ev.reason,
+      // $base+12
+      ev.level,
+      // $base+13
+      ev.metadata !== null && ev.metadata !== void 0 ? JSON.stringify(ev.metadata) : null
+      // $base+14
+    );
+    void COLS;
+  }
+  const sql = `
+    INSERT INTO mirrored_staff_events
+      (instance_id, remote_event_id, timestamp, staff_component, action_type,
+       agent_id, source, host, session_id, entity_type, entity_id, key, reason,
+       level, metadata)
+    VALUES ${valueClauses.join(", ")}
+    ON CONFLICT (instance_id, remote_event_id) DO NOTHING
+  `;
+  const result = await query(sql, params);
+  return result.rowCount ?? 0;
+}
+async function advanceWatermark(instanceId, lastTimestamp, lastEventId, eventsCount) {
+  await query(
+    `
+    INSERT INTO instance_ledger_watermarks
+      (instance_id, last_event_timestamp, last_remote_event_id,
+       last_polled_at, last_poll_succeeded, last_poll_error,
+       consecutive_failures, total_events_ingested,
+       created_at, updated_at)
+    VALUES
+      ($1, $2::TIMESTAMPTZ, $3,
+       now(), true, null,
+       0, $4,
+       now(), now())
+    ON CONFLICT (instance_id) DO UPDATE SET
+      last_event_timestamp  = EXCLUDED.last_event_timestamp,
+      last_remote_event_id  = EXCLUDED.last_remote_event_id,
+      last_polled_at        = now(),
+      last_poll_succeeded   = true,
+      last_poll_error       = null,
+      consecutive_failures  = 0,
+      total_events_ingested = instance_ledger_watermarks.total_events_ingested + $4,
+      updated_at            = now()
+    `,
+    [instanceId, lastTimestamp, lastEventId, eventsCount]
+  );
+}
+async function recordPollFailure(instanceId, error2) {
+  await query(
+    `
+    INSERT INTO instance_ledger_watermarks
+      (instance_id, last_polled_at, last_poll_succeeded, last_poll_error,
+       consecutive_failures, total_events_ingested,
+       created_at, updated_at)
+    VALUES
+      ($1, now(), false, $2,
+       1, 0,
+       now(), now())
+    ON CONFLICT (instance_id) DO UPDATE SET
+      last_polled_at       = now(),
+      last_poll_succeeded  = false,
+      last_poll_error      = $2,
+      consecutive_failures = instance_ledger_watermarks.consecutive_failures + 1,
+      updated_at           = now()
+    `,
+    [instanceId, error2]
+  );
+}
+async function getWatermark(instanceId) {
+  const result = await query(
+    "SELECT * FROM instance_ledger_watermarks WHERE instance_id = $1",
+    [instanceId]
+  );
+  if (result.rows.length === 0) return null;
+  return mapRowToWatermark(result.rows[0]);
+}
+async function getAllWatermarks() {
+  const result = await query(
+    "SELECT * FROM instance_ledger_watermarks ORDER BY instance_id"
+  );
+  return result.rows.map(mapRowToWatermark);
+}
+async function queryFleetLedger(filters) {
+  const limit = Math.min(filters.limit ?? 100, 250);
+  const params = [];
+  const conditions = [];
+  function addFilter(col, value, cast) {
+    if (value === void 0) return;
+    params.push(value);
+    const placeholder = cast ? `$${params.length}::${cast}` : `$${params.length}`;
+    conditions.push(`${col} = ${placeholder}`);
+  }
+  addFilter("instance_id", filters.instanceId);
+  addFilter("source", filters.source);
+  addFilter("host", filters.host);
+  addFilter("agent_id", filters.agentId);
+  addFilter("session_id", filters.sessionId);
+  addFilter("action_type", filters.actionType);
+  addFilter("level", filters.level);
+  if (filters.since !== void 0) {
+    params.push(filters.since);
+    conditions.push(`timestamp >= $${params.length}::TIMESTAMPTZ`);
+  }
+  if (filters.until !== void 0) {
+    params.push(filters.until);
+    conditions.push(`timestamp <= $${params.length}::TIMESTAMPTZ`);
+  }
+  const whereClause = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+  const countSql = `
+    SELECT COUNT(*) AS total
+    FROM mirrored_staff_events
+    ${whereClause}
+  `;
+  const countResult = await query(countSql, params);
+  const total = parseInt(countResult.rows[0]?.total ?? "0", 10);
+  params.push(limit);
+  const dataSql = `
+    SELECT id, instance_id, remote_event_id, timestamp, staff_component, action_type,
+           agent_id, source, host, session_id, entity_type, entity_id, key, reason,
+           level, metadata, ingested_at
+    FROM mirrored_staff_events
+    ${whereClause}
+    ORDER BY timestamp DESC, remote_event_id DESC
+    LIMIT $${params.length}
+  `;
+  const dataResult = await query(dataSql, params);
+  const items = dataResult.rows.map(mapRowToMirroredEvent);
+  return { items, total };
+}
+
+// src/server/routes/control-plane/session-ledger.ts
+var sessionLedgerRouter = (0, import_express31.Router)();
+function parseLimit(value, defaultVal = 100, max = 250) {
+  if (value === void 0 || value === null || String(value).trim() === "") return defaultVal;
+  const n = Number.parseInt(String(value), 10);
+  if (!Number.isFinite(n) || n < 1) throw new Error("limit must be a positive integer");
+  return Math.min(n, max);
+}
+function deriveIngestionStatus(w) {
+  if (!w.lastPolledAt) return "never_polled";
+  const failures = w.consecutiveFailures ?? 0;
+  if (failures === 0) return "healthy";
+  if (failures < 3) return "degraded";
+  return "failing";
+}
+sessionLedgerRouter.get("/", async (req, res) => {
+  let limit;
+  try {
+    limit = parseLimit(req.query["limit"]);
+  } catch (err) {
+    res.status(400).json({ error: err instanceof Error ? err.message : String(err) });
+    return;
+  }
+  try {
+    const rawLevel = String(req.query["level"] ?? "").trim().toLowerCase();
+    let level;
+    if (rawLevel === "audit") level = "audit";
+    else if (rawLevel === "debug") level = "debug";
+    else if (rawLevel !== "") {
+      res.status(400).json({ error: "level must be 'audit' or 'debug'" });
+      return;
+    }
+    const filters = {
+      limit,
+      instanceId: typeof req.query["instanceId"] === "string" && req.query["instanceId"].trim() ? req.query["instanceId"].trim() : void 0,
+      source: typeof req.query["source"] === "string" && req.query["source"].trim() ? req.query["source"].trim() : void 0,
+      host: typeof req.query["host"] === "string" && req.query["host"].trim() ? req.query["host"].trim() : void 0,
+      agentId: typeof req.query["agentId"] === "string" && req.query["agentId"].trim() ? req.query["agentId"].trim() : void 0,
+      sessionId: typeof req.query["sessionId"] === "string" && req.query["sessionId"].trim() ? req.query["sessionId"].trim() : void 0,
+      actionType: typeof req.query["actionType"] === "string" && req.query["actionType"].trim() ? req.query["actionType"].trim() : void 0,
+      since: typeof req.query["since"] === "string" && req.query["since"].trim() ? req.query["since"].trim() : void 0,
+      until: typeof req.query["until"] === "string" && req.query["until"].trim() ? req.query["until"].trim() : void 0,
+      level
+    };
+    const { items, total } = await queryFleetLedger(filters);
+    const body = {
+      items,
+      total,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    res.json(body);
+  } catch (error2) {
+    res.json({
+      items: [],
+      total: 0,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      note: error2 instanceof Error ? error2.message : String(error2)
+    });
+  }
+});
+sessionLedgerRouter.get("/ingestion-health", async (_req, res) => {
+  try {
+    const watermarks = await getAllWatermarks();
+    const instances = watermarks.map((w) => ({
+      instanceId: w.instanceId,
+      lastEventTimestamp: w.lastEventTimestamp ?? null,
+      lastRemoteEventId: w.lastRemoteEventId ?? null,
+      lastPolledAt: w.lastPolledAt ?? null,
+      lastPollSucceeded: w.lastPollSucceeded ?? false,
+      lastPollError: w.lastPollError ?? null,
+      consecutiveFailures: w.consecutiveFailures ?? 0,
+      totalEventsIngested: w.totalEventsIngested ?? 0,
+      status: deriveIngestionStatus(w)
+    }));
+    const body = {
+      instances,
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    res.json(body);
+  } catch (error2) {
+    res.json({
+      instances: [],
+      fetchedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      note: error2 instanceof Error ? error2.message : String(error2)
+    });
+  }
+});
+sessionLedgerRouter.use((err, _req, res, _next) => {
+  const apiErr = err;
+  res.status(apiErr.statusCode ?? 500).json({
+    error: apiErr.message ?? "Internal server error",
+    code: apiErr.code ?? "INTERNAL_ERROR"
+  });
+});
+
 // src/server/routes/control-plane/index.ts
-var controlPlaneRouter = (0, import_express31.Router)();
+var controlPlaneRouter = (0, import_express32.Router)();
 controlPlaneRouter.use("/", archivistRouter);
 controlPlaneRouter.use("/", kbRouter);
 controlPlaneRouter.use("/", whoknowsRouter);
@@ -61547,6 +62205,7 @@ controlPlaneRouter.use("/diagnostics", diagnosticsRouter);
 controlPlaneRouter.use("/metrics", metricsRouter);
 controlPlaneRouter.use("/overview", overviewRouter);
 controlPlaneRouter.use("/sessions", sessionsRouter);
+controlPlaneRouter.use("/session-ledger", sessionLedgerRouter);
 controlPlaneRouter.use("/instances", upgradeRouter);
 controlPlaneRouter.use("/version-sync", versionSyncRouter);
 controlPlaneRouter.use("/install-state", installStateRouter);
@@ -61746,6 +62405,200 @@ function stopAdapter() {
   }
 }
 
+// src/server/lib/fleet-ledger-poller.ts
+var FLEET_LEDGER_POLL_INTERVAL_MS = typeof process.env["FLEET_LEDGER_POLL_INTERVAL_MS"] === "string" && process.env["FLEET_LEDGER_POLL_INTERVAL_MS"].trim() !== "" ? parseInt(process.env["FLEET_LEDGER_POLL_INTERVAL_MS"], 10) : 6e4;
+var POLL_BATCH_LIMIT = 250;
+var FETCH_TIMEOUT_MS = 1e4;
+async function discoverInstances() {
+  const discovered = await discoverAndAggregate();
+  const instances = [];
+  const seenIds = /* @__PURE__ */ new Set();
+  for (const candidate of discovered.instances) {
+    const authority = await resolveInstanceAuthority(candidate.instanceId) ?? await resolveInstanceAuthority(candidate.name);
+    if (!authority) continue;
+    if (seenIds.has(authority.instanceId)) continue;
+    seenIds.add(authority.instanceId);
+    instances.push({
+      instanceId: authority.instanceId,
+      apiBaseUrl: authority.apiBaseUrl,
+      apiKey: authority.apiKey
+    });
+  }
+  return instances;
+}
+function isRecord3(val) {
+  return typeof val === "object" && val !== null;
+}
+function toLedgerResponse(raw) {
+  if (!isRecord3(raw)) return null;
+  const items = raw["items"];
+  if (!Array.isArray(items)) return null;
+  return { items };
+}
+function itemTimestamp(item) {
+  return item?.timestamp ?? null;
+}
+function itemEventId(item) {
+  return item?.eventId ?? item?.event_id ?? item?.id ?? null;
+}
+function decrementIsoTimestamp(iso) {
+  if (!iso) return null;
+  const millis = Date.parse(iso);
+  if (Number.isNaN(millis)) return null;
+  return new Date(millis - 1).toISOString();
+}
+function buildLedgerPollUrl(apiBaseUrl, since, until) {
+  const params = new URLSearchParams({
+    limit: String(POLL_BATCH_LIMIT),
+    level: "audit"
+  });
+  if (since) params.set("since", since);
+  if (until) params.set("until", until);
+  return `${apiBaseUrl}/memory/ledger?${params.toString()}`;
+}
+function mapItem(item, instanceId) {
+  const remoteEventId = item.eventId ?? item.event_id ?? item.id ?? null;
+  const timestamp = item.timestamp ?? null;
+  if (!remoteEventId || !timestamp) return null;
+  const rawLevel = (item.level ?? "audit").toLowerCase();
+  const level = rawLevel === "debug" ? "debug" : "audit";
+  const metadata = isRecord3(item.metadata) ? item.metadata : null;
+  return {
+    instanceId,
+    remoteEventId,
+    timestamp,
+    staffComponent: item.staffComponent ?? item.staff_component ?? null,
+    actionType: item.actionType ?? item.action_type ?? null,
+    agentId: item.agentId ?? item.agent_id ?? null,
+    source: item.source ?? null,
+    host: typeof metadata?.["host"] === "string" ? metadata["host"] : null,
+    sessionId: typeof metadata?.["sessionId"] === "string" ? metadata["sessionId"] : null,
+    entityType: item.entityType ?? item.entity_type ?? null,
+    entityId: item.entityId ?? item.entity_id ?? null,
+    key: item.key ?? null,
+    reason: item.reason ?? null,
+    level,
+    metadata
+  };
+}
+async function pollInstance(instanceId, apiBaseUrl, apiKey) {
+  const watermark = await getWatermark(instanceId);
+  const lowerBoundSince = decrementIsoTimestamp(watermark?.lastEventTimestamp ?? null);
+  let upperBoundUntil = null;
+  let latestTimestampSeen = watermark?.lastEventTimestamp ?? null;
+  let latestEventIdSeen = watermark?.lastEventId ?? null;
+  let capturedLatestFromPoll = false;
+  while (true) {
+    const url2 = buildLedgerPollUrl(apiBaseUrl, lowerBoundSince, upperBoundUntil);
+    const headers = {};
+    if (apiKey) headers["X-Iranti-Key"] = apiKey;
+    let response;
+    try {
+      const controller = new AbortController();
+      const timeoutHandle = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+      try {
+        response = await fetch(url2, { headers, signal: controller.signal });
+      } finally {
+        clearTimeout(timeoutHandle);
+      }
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      await recordPollFailure(instanceId, `Network error: ${message}`);
+      return;
+    }
+    if (!response.ok) {
+      await recordPollFailure(
+        instanceId,
+        `HTTP ${response.status} ${response.statusText} from ${url2}`
+      );
+      return;
+    }
+    let raw;
+    try {
+      raw = await response.json();
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      await recordPollFailure(instanceId, `JSON parse error: ${message}`);
+      return;
+    }
+    const ledger = toLedgerResponse(raw);
+    if (!ledger) {
+      await recordPollFailure(instanceId, "Unexpected ledger response shape (missing items array)");
+      return;
+    }
+    const { items } = ledger;
+    if (items.length === 0) {
+      await advanceWatermark(instanceId, latestTimestampSeen, latestEventIdSeen, 0);
+      return;
+    }
+    const events = [];
+    for (const item of items) {
+      const mapped = mapItem(item, instanceId);
+      if (mapped) events.push(mapped);
+    }
+    const insertedCount = events.length > 0 ? await upsertMirroredEvents(events) : 0;
+    if (!capturedLatestFromPoll) {
+      latestTimestampSeen = itemTimestamp(items[0]);
+      latestEventIdSeen = itemEventId(items[0]);
+      capturedLatestFromPoll = true;
+    }
+    await advanceWatermark(instanceId, latestTimestampSeen, latestEventIdSeen, insertedCount);
+    if (items.length < POLL_BATCH_LIMIT) break;
+    const oldestTimestamp = itemTimestamp(items[items.length - 1]);
+    const nextUpperBoundUntil = decrementIsoTimestamp(oldestTimestamp);
+    if (!nextUpperBoundUntil) break;
+    if (lowerBoundSince && Date.parse(nextUpperBoundUntil) <= Date.parse(lowerBoundSince)) {
+      break;
+    }
+    upperBoundUntil = nextUpperBoundUntil;
+  }
+}
+async function pollAllInstancesOnce() {
+  let instances;
+  try {
+    instances = await discoverInstances();
+  } catch (err) {
+    console.warn("[fleet-poller] Failed to discover instances:", err);
+    return;
+  }
+  if (instances.length === 0) return;
+  for (const instance of instances) {
+    try {
+      await pollInstance(instance.instanceId, instance.apiBaseUrl, instance.apiKey);
+    } catch (err) {
+      console.warn(
+        `[fleet-poller] Error polling instance ${instance.instanceId} (${instance.apiBaseUrl}):`,
+        err
+      );
+    }
+  }
+}
+var _pollInterval = null;
+function startFleetLedgerPoller() {
+  if (_pollInterval !== null) {
+    console.warn("[fleet-poller] Already running - startFleetLedgerPoller() called twice.");
+    return;
+  }
+  console.log(
+    `[fleet-poller] Starting. Poll interval: ${FLEET_LEDGER_POLL_INTERVAL_MS}ms.`
+  );
+  pollAllInstancesOnce().catch((err) => {
+    console.warn("[fleet-poller] Initial poll error:", err);
+  });
+  _pollInterval = setInterval(() => {
+    pollAllInstancesOnce().catch((err) => {
+      console.warn("[fleet-poller] Poll error:", err);
+    });
+  }, FLEET_LEDGER_POLL_INTERVAL_MS);
+}
+function stopFleetLedgerPoller() {
+  if (_pollInterval !== null) {
+    clearInterval(_pollInterval);
+    _pollInterval = null;
+    console.log("[fleet-poller] Stopped.");
+  }
+}
+
 // src/server/index.ts
 init_db();
 
@@ -61766,18 +62619,18 @@ function buildPortSelectionPlan(params) {
 
 // src/server/index.ts
 var _isSea = typeof process.isSea === "function" && process.isSea();
-var __dirname3 = _isSea ? (0, import_path19.dirname)(process.execPath) : (0, import_path19.dirname)((0, import_url3.fileURLToPath)(__importmeta_url));
-var clientDistCandidates = process.env.IRANTI_CP_ASSETS_DIR ? [(0, import_path19.resolve)(process.env.IRANTI_CP_ASSETS_DIR)] : _isSea ? [(0, import_path19.resolve)((0, import_path19.dirname)(process.execPath), "public", "control-plane")] : [
-  (0, import_path19.resolve)(__dirname3, "../../../public/control-plane"),
-  (0, import_path19.resolve)(__dirname3, "../../public/control-plane"),
-  (0, import_path19.resolve)(process.cwd(), "../../public/control-plane"),
-  (0, import_path19.resolve)(process.cwd(), "../public/control-plane")
+var __dirname3 = _isSea ? (0, import_path20.dirname)(process.execPath) : (0, import_path20.dirname)((0, import_url3.fileURLToPath)(__importmeta_url));
+var clientDistCandidates = process.env.IRANTI_CP_ASSETS_DIR ? [(0, import_path20.resolve)(process.env.IRANTI_CP_ASSETS_DIR)] : _isSea ? [(0, import_path20.resolve)((0, import_path20.dirname)(process.execPath), "public", "control-plane")] : [
+  (0, import_path20.resolve)(__dirname3, "../../../public/control-plane"),
+  (0, import_path20.resolve)(__dirname3, "../../public/control-plane"),
+  (0, import_path20.resolve)(process.cwd(), "../../public/control-plane"),
+  (0, import_path20.resolve)(process.cwd(), "../public/control-plane")
 ];
-var clientDist = clientDistCandidates.find((candidate) => (0, import_fs13.existsSync)((0, import_path19.resolve)(candidate, "index.html"))) ?? clientDistCandidates[0];
+var clientDist = clientDistCandidates.find((candidate) => (0, import_fs14.existsSync)((0, import_path20.resolve)(candidate, "index.html"))) ?? clientDistCandidates[0];
 var _version = "0.0.0";
 try {
   if (_isSea) {
-    const pkgPath = (0, import_path19.resolve)((0, import_path19.dirname)(process.execPath), "package.json");
+    const pkgPath = (0, import_path20.resolve)((0, import_path20.dirname)(process.execPath), "package.json");
     const _require = (0, import_module.createRequire)((0, import_url3.pathToFileURL)(process.execPath).href);
     const pkg = _require(pkgPath);
     _version = pkg.version ?? "0.0.0";
@@ -61820,9 +62673,9 @@ async function findAvailablePort(start, end) {
     `[iranti-cp] No available port in range ${start}\u2013${end}. Free one of those ports and try again.`
   );
 }
-var app = (0, import_express32.default)();
+var app = (0, import_express33.default)();
 app.use((0, import_cors.default)({ origin: `http://localhost:5173` }));
-app.use(import_express32.default.json());
+app.use(import_express33.default.json());
 app.get("/api/control-plane/ping", (_req, res) => {
   res.json({
     ok: true,
@@ -61831,9 +62684,9 @@ app.get("/api/control-plane/ping", (_req, res) => {
   });
 });
 app.use("/api/control-plane", controlPlaneRouter);
-app.use("/control-plane", import_express32.default.static(clientDist));
+app.use("/control-plane", import_express33.default.static(clientDist));
 app.get("/control-plane/*", (_req, res) => {
-  res.sendFile((0, import_path19.resolve)(clientDist, "index.html"));
+  res.sendFile((0, import_path20.resolve)(clientDist, "index.html"));
 });
 app.get("/", (_req, res) => res.redirect("/control-plane"));
 app.use(
@@ -61867,6 +62720,7 @@ async function main() {
     startAdapter().catch((err) => {
       console.warn("[adapter] Failed to start:", err.message);
     });
+    startFleetLedgerPoller();
     if (!process.env["IRANTI_CP_NO_OPEN"]) {
       Promise.resolve().then(() => __toESM(require_open(), 1)).then(({ default: open }) => {
         void open(`http://localhost:${PORT}`);
@@ -61877,6 +62731,7 @@ async function main() {
   function shutdown(signal) {
     console.log(`[iranti-cp] Received ${signal} \u2014 shutting down gracefully.`);
     stopAdapter();
+    stopFleetLedgerPoller();
     server.close(() => {
       console.log("[iranti-cp] Server closed.");
       process.exit(0);