neoagent 1.0.0

package/server/routes/mcp.js

@@ -0,0 +1,164 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db/database');
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// List configured MCP servers
+router.get('/', (req, res) => {
+  const servers = db.prepare('SELECT * FROM mcp_servers WHERE user_id = ? ORDER BY name ASC').all(req.session.userId);
+  const mcpClient = req.app.locals.mcpClient;
+  const liveStatuses = mcpClient.getStatus();
+
+  const result = servers.map(s => ({
+    id: s.id,
+    name: s.name,
+    command: s.command,
+    config: JSON.parse(s.config || '{}'),
+    enabled: !!s.enabled,
+    status: liveStatuses[s.id]?.status || 'stopped',
+    toolCount: liveStatuses[s.id]?.toolCount || 0
+  }));
+
+  res.json(result);
+});
+
+// Add a new MCP server
+router.post('/', (req, res) => {
+  const { name, command, config, enabled } = req.body;
+  if (!name || !command) return res.status(400).json({ error: 'name and command are required' });
+
+  const result = db.prepare('INSERT INTO mcp_servers (user_id, name, command, config, enabled) VALUES (?, ?, ?, ?, ?)')
+    .run(req.session.userId, name, command, JSON.stringify(config || {}), enabled !== false ? 1 : 0);
+
+  res.status(201).json({ id: result.lastInsertRowid, name, command });
+});
+
+// Update an MCP server
+router.put('/:id', (req, res) => {
+  const server = db.prepare('SELECT * FROM mcp_servers WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!server) return res.status(404).json({ error: 'Server not found' });
+
+  const { name, command, config, enabled } = req.body;
+  db.prepare('UPDATE mcp_servers SET name = ?, command = ?, config = ?, enabled = ? WHERE id = ?')
+    .run(name || server.name, command || server.command, JSON.stringify(config || JSON.parse(server.config)), enabled !== undefined ? (enabled ? 1 : 0) : server.enabled, server.id);
+
+  res.json({ success: true });
+});
+
+// Delete an MCP server
+router.delete('/:id', async (req, res) => {
+  const server = db.prepare('SELECT * FROM mcp_servers WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!server) return res.status(404).json({ error: 'Server not found' });
+
+  const mcpClient = req.app.locals.mcpClient;
+  await mcpClient.stopServer(server.id).catch(() => { });
+
+  db.prepare('DELETE FROM mcp_servers WHERE id = ?').run(server.id);
+  res.json({ success: true });
+});
+
+// Start an MCP server
+router.post('/:id/start', async (req, res) => {
+  try {
+    const server = db.prepare('SELECT * FROM mcp_servers WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+    if (!server) return res.status(404).json({ error: 'Server not found' });
+
+    const mcpClient = req.app.locals.mcpClient;
+    const result = await mcpClient.startServer(server.id, server.command, server.name);
+    const tools = await mcpClient.listTools(server.id);
+
+    res.json({ ...result, tools });
+  } catch (err) {
+    if (err.message && err.message.startsWith('OAUTH_REDIRECT:')) {
+      const url = err.message.substring(15);
+      return res.json({ status: 'oauth_redirect', url });
+    }
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Stop an MCP server
+router.post('/:id/stop', async (req, res) => {
+  try {
+    // Verify ownership before stopping
+    const server = db.prepare('SELECT id FROM mcp_servers WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+    if (!server) return res.status(404).json({ error: 'Server not found' });
+    const mcpClient = req.app.locals.mcpClient;
+    await mcpClient.stopServer(req.params.id);
+    res.json({ status: 'stopped' });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Get tools from a specific server
+router.get('/:id/tools', async (req, res) => {
+  try {
+    // Verify ownership before listing tools
+    const server = db.prepare('SELECT id FROM mcp_servers WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+    if (!server) return res.status(404).json({ error: 'Server not found' });
+    const mcpClient = req.app.locals.mcpClient;
+    const tools = await mcpClient.listTools(req.params.id);
+    res.json(tools);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// OAuth Callback
+router.get('/oauth/callback', async (req, res) => {
+  const { code, state, error } = req.query;
+  if (!state) return res.status(400).send('Missing state parameter');
+  if (error) return res.status(400).send(`OAuth Error: ${error}`);
+
+  const [serverIdStr] = state.split('::');
+  if (!serverIdStr) return res.status(400).send('Invalid state format');
+
+  const serverId = parseInt(serverIdStr, 10);
+  const mcpClient = req.app.locals.mcpClient;
+
+  try {
+    await mcpClient.finishOAuth(serverId, code);
+    // Render a simple script that closes the popup or redirects parent
+    res.send(`
+      <html><body>
+      <script>
+        if (window.opener) {
+          window.opener.postMessage({ type: 'mcp_oauth_success', serverId: ${serverId} }, '*');
+          window.close();
+        } else {
+          window.location.href = '/?page=mcp';
+        }
+      </script>
+      <p>Authentication successful. You can close this window.</p>
+      </body></html>
+    `);
+  } catch (err) {
+    res.status(500).send(`Failed to finish OAuth: ${sanitizeError(err)}`);
+  }
+});
+
+// Get all tools from all running servers
+router.get('/tools/all', (req, res) => {
+  const mcpClient = req.app.locals.mcpClient;
+  res.json(mcpClient.getAllTools());
+});
+
+// Call a tool
+router.post('/tools/call', async (req, res) => {
+  try {
+    const { serverId, toolName, args } = req.body;
+    if (!serverId || !toolName) return res.status(400).json({ error: 'serverId and toolName required' });
+
+    const mcpClient = req.app.locals.mcpClient;
+    const result = await mcpClient.callTool(serverId, toolName, args || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+module.exports = router;

package/server/routes/memory.js

@@ -0,0 +1,193 @@
+const express = require('express');
+const router = express.Router();
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Overview (for initial page load)
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  res.json({
+    soul: mm.readSoul(),
+    dailyLogs: mm.listDailyLogs(7),
+    apiKeys: Object.keys(mm.readApiKeys()),
+    coreMemory: mm.getCoreMemory(userId)
+  });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Semantic Memories
+// ─────────────────────────────────────────────────────────────────────────────
+
+// List memories (with optional ?category= and ?limit= filters)
+router.get('/memories', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  const { category, limit = 50, offset = 0, archived = false } = req.query;
+  try {
+    const memories = mm.listMemories(userId, {
+      category: category || null,
+      limit: parseInt(limit),
+      offset: parseInt(offset),
+      includeArchived: archived === 'true'
+    });
+    res.json(memories);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Save a new memory
+router.post('/memories', async (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  const { content, category = 'episodic', importance = 5 } = req.body;
+  if (!content || !content.trim()) return res.status(400).json({ error: 'content is required' });
+  try {
+    const id = await mm.saveMemory(userId, content, category, importance);
+    res.json({ success: true, id });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Update a memory
+router.put('/memories/:id', async (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const db = require('../db/database');
+  // Verify ownership before updating
+  const existing = db.prepare('SELECT id FROM memories WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!existing) return res.status(404).json({ error: 'Memory not found' });
+  const { content, importance, category } = req.body;
+  try {
+    const updated = await mm.updateMemory(req.params.id, { content, importance, category });
+    if (!updated) return res.status(404).json({ error: 'Memory not found' });
+    res.json(updated);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Delete a memory
+router.delete('/memories/:id', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const db = require('../db/database');
+  // Verify ownership before deleting
+  const existing = db.prepare('SELECT id FROM memories WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+  if (!existing) return res.status(404).json({ error: 'Memory not found' });
+  mm.deleteMemory(req.params.id);
+  res.json({ success: true });
+});
+
+// Semantic recall (search)
+router.post('/memories/recall', async (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  const { query, limit = 10 } = req.body;
+  if (!query) return res.status(400).json({ error: 'query is required' });
+  try {
+    const results = await mm.recallMemory(userId, query, parseInt(limit));
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Core Memory
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/core', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  res.json(mm.getCoreMemory(userId));
+});
+
+router.put('/core/:key', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  const { value } = req.body;
+  if (value === undefined) return res.status(400).json({ error: 'value is required' });
+  mm.updateCore(userId, req.params.key, value);
+  res.json({ success: true });
+});
+
+router.delete('/core/:key', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const userId = req.session.userId;
+  mm.deleteCore(userId, req.params.key);
+  res.json({ success: true });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// SOUL.md
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/soul', (req, res) => {
+  res.json({ content: req.app.locals.memoryManager.readSoul() });
+});
+
+router.put('/soul', (req, res) => {
+  req.app.locals.memoryManager.writeSoul(req.body.content);
+  res.json({ success: true });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Daily Logs
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/daily', (req, res) => {
+  const limit = parseInt(req.query.limit) || 7;
+  res.json(req.app.locals.memoryManager.listDailyLogs(limit));
+});
+
+router.get('/daily/:date', (req, res) => {
+  const content = req.app.locals.memoryManager.readDailyLog(new Date(req.params.date));
+  res.json({ date: req.params.date, content });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// API Keys (agent-managed)
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/api-keys', (req, res) => {
+  const keys = req.app.locals.memoryManager.readApiKeys();
+  const masked = {};
+  for (const [k, v] of Object.entries(keys)) {
+    masked[k] = v ? `${v.slice(0, 4)}...${v.slice(-4)}` : null;
+  }
+  res.json(masked);
+});
+
+router.put('/api-keys/:service', (req, res) => {
+  req.app.locals.memoryManager.setApiKey(req.params.service, req.body.key);
+  res.json({ success: true });
+});
+
+router.delete('/api-keys/:service', (req, res) => {
+  req.app.locals.memoryManager.deleteApiKey(req.params.service);
+  res.json({ success: true });
+});
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Conversation History
+// ─────────────────────────────────────────────────────────────────────────────
+
+router.get('/conversations', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const conversations = mm.getRecentConversations(req.session.userId, parseInt(req.query.limit) || 20);
+  res.json(conversations);
+});
+
+router.post('/conversations/search', (req, res) => {
+  const mm = req.app.locals.memoryManager;
+  const results = mm.searchConversations(req.session.userId, req.body.query);
+  res.json(results);
+});
+
+module.exports = router;

package/server/routes/messaging.js

@@ -0,0 +1,153 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db/database');
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// Get all platform statuses
+router.get('/status', (req, res) => {
+  const manager = req.app.locals.messagingManager;
+  res.json(manager.getAllStatuses(req.session.userId));
+});
+
+// Connect to a platform
+router.post('/connect', async (req, res) => {
+  try {
+    const { platform, config } = req.body;
+    if (!platform) return res.status(400).json({ error: 'Platform is required' });
+
+    const manager = req.app.locals.messagingManager;
+    const result = await manager.connectPlatform(req.session.userId, platform, config || {});
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Disconnect from a platform
+router.post('/disconnect', async (req, res) => {
+  try {
+    const { platform } = req.body;
+    const manager = req.app.locals.messagingManager;
+    const result = await manager.disconnectPlatform(req.session.userId, platform);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Logout from a platform (clear auth)
+router.post('/logout', async (req, res) => {
+  try {
+    const { platform } = req.body;
+    const manager = req.app.locals.messagingManager;
+    const result = await manager.logoutPlatform(req.session.userId, platform);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Send a message
+router.post('/send', async (req, res) => {
+  try {
+    const { platform, to, content, mediaPath } = req.body;
+    if (!platform || !to || !content) return res.status(400).json({ error: 'platform, to, and content required' });
+
+    const manager = req.app.locals.messagingManager;
+    const result = await manager.sendMessage(req.session.userId, platform, to, content, mediaPath);
+    res.json(result);
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Get message history
+router.get('/messages', (req, res) => {
+  const { platform, chatId, limit } = req.query;
+  let query = 'SELECT * FROM messages WHERE user_id = ?';
+  const params = [req.session.userId];
+
+  if (platform) { query += ' AND platform = ?'; params.push(platform); }
+  if (chatId) { query += ' AND platform_chat_id = ?'; params.push(chatId); }
+
+  query += ' ORDER BY created_at DESC LIMIT ?';
+  params.push(Math.min(parseInt(limit) || 50, 200));
+
+  const messages = db.prepare(query).all(...params);
+  res.json(messages);
+});
+
+// Get platform-specific status
+router.get('/status/:platform', (req, res) => {
+  const manager = req.app.locals.messagingManager;
+  res.json(manager.getPlatformStatus(req.session.userId, req.params.platform));
+});
+
+// Update Telnyx voice secret code (for non-whitelisted caller gating)
+router.put('/telnyx/voice-secret', (req, res) => {
+  try {
+    const code = String(req.body.secret || '').replace(/\D/g, ''); // digits only
+    db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value')
+      .run(req.session.userId, 'platform_voice_secret_telnyx', JSON.stringify(code));
+    const manager = req.app.locals.messagingManager;
+    if (manager) manager.updateTelnyxVoiceSecret(req.session.userId, code);
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Update Telnyx allowed numbers (whitelist)
+router.put('/telnyx/whitelist', (req, res) => {
+  try {
+    const { numbers } = req.body;
+    if (!Array.isArray(numbers)) return res.status(400).json({ error: 'numbers must be an array' });
+    const list = numbers.map(n => n.replace(/[^0-9+]/g, '')).filter(Boolean);
+    db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value')
+      .run(req.session.userId, 'platform_whitelist_telnyx', JSON.stringify(list));
+    const manager = req.app.locals.messagingManager;
+    if (manager) manager.updateTelnyxAllowedNumbers(req.session.userId, list);
+    res.json({ success: true, numbers: list });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Update Discord allowed IDs (whitelist — prefixed: "user:ID", "guild:ID", "channel:ID")
+router.put('/discord/whitelist', (req, res) => {
+  try {
+    const { ids } = req.body;
+    if (!Array.isArray(ids)) return res.status(400).json({ error: 'ids must be an array' });
+    // Keep prefixed format, strip only clearly unsafe characters
+    const list = ids.map(id => String(id).replace(/[^0-9a-z:_-]/gi, '')).filter(Boolean);
+    db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value')
+      .run(req.session.userId, 'platform_whitelist_discord', JSON.stringify(list));
+    const manager = req.app.locals.messagingManager;
+    if (manager) manager.updateDiscordAllowedIds(req.session.userId, list);
+    res.json({ success: true, ids: list });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+// Update Telegram allowed IDs (whitelist — prefixed: "user:ID", "group:ID")
+router.put('/telegram/whitelist', (req, res) => {
+  try {
+    const { ids } = req.body;
+    if (!Array.isArray(ids)) return res.status(400).json({ error: 'ids must be an array' });
+    // Keep prefixed format; group IDs are negative so allow minus sign
+    const list = ids.map(id => String(id).replace(/[^0-9a-z:_-]/gi, '')).filter(Boolean);
+    db.prepare('INSERT INTO user_settings (user_id, key, value) VALUES (?, ?, ?) ON CONFLICT(user_id, key) DO UPDATE SET value = excluded.value')
+      .run(req.session.userId, 'platform_whitelist_telegram', JSON.stringify(list));
+    const manager = req.app.locals.messagingManager;
+    if (manager) manager.updateTelegramAllowedIds(req.session.userId, list);
+    res.json({ success: true, ids: list });
+  } catch (err) {
+    res.status(500).json({ error: sanitizeError(err) });
+  }
+});
+
+module.exports = router;

package/server/routes/protocols.js

@@ -0,0 +1,87 @@
+const express = require('express');
+const router = express.Router();
+const db = require('../db/database');
+const { requireAuth } = require('../middleware/auth');
+
+router.use(requireAuth);
+
+// List protocols
+router.get('/', (req, res) => {
+  try {
+    const protocols = db.prepare('SELECT id, name, description, content, updated_at FROM protocols WHERE user_id = ? ORDER BY name ASC').all(req.session.userId);
+    res.json(protocols);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Get single protocol
+router.get('/:id', (req, res) => {
+  try {
+    const p = db.prepare('SELECT * FROM protocols WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+    if (!p) return res.status(404).json({ error: 'Not found' });
+    res.json(p);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Create protocol
+router.post('/', (req, res) => {
+  try {
+    const { name, description, content } = req.body;
+    if (!name || !content) return res.status(400).json({ error: 'Name and content are required' });
+
+    const stmt = db.prepare('INSERT INTO protocols (user_id, name, description, content) VALUES (?, ?, ?, ?)');
+    const info = stmt.run(req.session.userId, name, description || '', content);
+    
+    const p = db.prepare('SELECT * FROM protocols WHERE id = ?').get(info.lastInsertRowid);
+    res.status(201).json(p);
+  } catch (err) {
+    if (err.code === 'SQLITE_CONSTRAINT_UNIQUE') {
+      return res.status(400).json({ error: 'Protocol with this name already exists' });
+    }
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Update protocol
+router.put('/:id', (req, res) => {
+  try {
+    const { name, description, content } = req.body;
+    
+    // check existence
+    const existing = db.prepare('SELECT id FROM protocols WHERE id = ? AND user_id = ?').get(req.params.id, req.session.userId);
+    if (!existing) return res.status(404).json({ error: 'Not found' });
+    
+    const stmt = db.prepare(`
+      UPDATE protocols 
+      SET name = ?, description = ?, content = ?, updated_at = datetime('now') 
+      WHERE id = ? AND user_id = ?
+    `);
+    
+    stmt.run(name, description || '', content, req.params.id, req.session.userId);
+    const p = db.prepare('SELECT * FROM protocols WHERE id = ?').get(req.params.id);
+    res.json(p);
+  } catch (err) {
+    if (err.code === 'SQLITE_CONSTRAINT_UNIQUE') {
+      return res.status(400).json({ error: 'Protocol with this name already exists' });
+    }
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Delete protocol
+router.delete('/:id', (req, res) => {
+  try {
+    const stmt = db.prepare('DELETE FROM protocols WHERE id = ? AND user_id = ?');
+    const info = stmt.run(req.params.id, req.session.userId);
+    
+    if (info.changes === 0) return res.status(404).json({ error: 'Not found' });
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+module.exports = router;

package/server/routes/scheduler.js

@@ -0,0 +1,63 @@
+const express = require('express');
+const router = express.Router();
+const { requireAuth } = require('../middleware/auth');
+const { sanitizeError } = require('../utils/security');
+
+router.use(requireAuth);
+
+// List scheduled tasks
+router.get('/', (req, res) => {
+  const scheduler = req.app.locals.scheduler;
+  res.json(scheduler.listTasks(req.session.userId));
+});
+
+// Create a new scheduled task
+router.post('/', (req, res) => {
+  try {
+    const { name, cronExpression, prompt, enabled } = req.body;
+    if (!name || !cronExpression || !prompt) {
+      return res.status(400).json({ error: 'name, cronExpression, and prompt required' });
+    }
+
+    const scheduler = req.app.locals.scheduler;
+    const task = scheduler.createTask(req.session.userId, { name, cronExpression, prompt, enabled });
+    res.status(201).json(task);
+  } catch (err) {
+    res.status(400).json({ error: sanitizeError(err) });
+  }
+});
+
+// Update a scheduled task
+router.put('/:id', (req, res) => {
+  try {
+    const scheduler = req.app.locals.scheduler;
+    const task = scheduler.updateTask(parseInt(req.params.id), req.session.userId, req.body);
+    res.json(task);
+  } catch (err) {
+    res.status(400).json({ error: sanitizeError(err) });
+  }
+});
+
+// Delete a scheduled task
+router.delete('/:id', (req, res) => {
+  try {
+    const scheduler = req.app.locals.scheduler;
+    scheduler.deleteTask(parseInt(req.params.id), req.session.userId);
+    res.json({ success: true });
+  } catch (err) {
+    res.status(400).json({ error: sanitizeError(err) });
+  }
+});
+
+// Run a task immediately
+router.post('/:id/run', (req, res) => {
+  try {
+    const scheduler = req.app.locals.scheduler;
+    const result = scheduler.runTaskNow(parseInt(req.params.id), req.session.userId);
+    res.json(result);
+  } catch (err) {
+    res.status(400).json({ error: sanitizeError(err) });
+  }
+});
+
+module.exports = router;