patchwork-os 0.2.0-alpha.9 → 0.2.0-beta.0

package/dist/server.js

@@ -1,14 +1,18 @@
 import { EventEmitter } from "node:events";
 import http from "node:http";
-import os from "node:os";
-import path from "node:path";
 import { WebSocket, WebSocketServer as WsServer } from "ws";
-import { routeApprovalRequest } from "./approvalHttp.js";
+import { handleApprovalsStream, routeApprovalRequest } from "./approvalHttp.js";
 import { getApprovalQueue } from "./approvalQueue.js";
+import { saveBridgeConfigDriver } from "./config.js";
+import { tryHandleConnectorRoute, tryHandlePublicConnectorRoute, } from "./connectorRoutes.js";
 import { timingSafeStringEqual } from "./crypto.js";
 import { renderDashboardHtml } from "./dashboard.js";
+import { tryHandleInboxRoute } from "./inboxRoutes.js";
+import { tryHandleMcpRoute } from "./mcpRoutes.js";
+import { tryHandleOAuthRoute } from "./oauthRoutes.js";
 import { loadConfig as loadPatchworkConfig, defaultConfigPath as patchworkConfigPath, saveConfig as savePatchworkConfig, } from "./patchworkConfig.js";
-import { BRIDGE_PROTOCOL_VERSION, PACKAGE_LICENSE, PACKAGE_VERSION, } from "./version.js";
+import { tryHandleRecipeRoute } from "./recipeRoutes.js";
+import { PACKAGE_VERSION } from "./version.js";
 const LOOPBACK_HOSTS = new Set(["localhost", "127.0.0.1", "[::1]"]);
 const SESSION_ID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function enableTcpKeepalive(ws) {
@@ -18,30 +22,10 @@ function enableTcpKeepalive(ws) {
         rawSocket.setKeepAlive(true, 60_000); // 60s TCP keepalive as defense-in-depth
     }
 }
-/**
- * Return the CORS origin to reflect, or null if the origin is untrusted.
- * Loopback origins are always allowed. Additional origins can be passed via
- * --cors-origin (e.g. https://claude.ai for remote deployments).
- */
-export function corsOrigin(requestOrigin, extraOrigins = []) {
-    if (!requestOrigin)
-        return null;
-    if (extraOrigins.includes(requestOrigin))
-        return requestOrigin;
-    try {
-        const { hostname, protocol } = new URL(requestOrigin);
-        if (protocol === "http:" &&
-            (hostname === "localhost" ||
-                hostname === "127.0.0.1" ||
-                hostname === "[::1]")) {
-            return requestOrigin;
-        }
-    }
-    catch {
-        // malformed origin — deny
-    }
-    return null;
-}
+import { corsOrigin } from "./cors.js";
+// Re-exported for streamableHttp.ts and any external callers; new code
+// should import directly from "./cors.js".
+export { corsOrigin };
 // Re-export canonical constant-time comparison for use in this module.
 // Implementation lives in src/crypto.ts — see there for security notes.
 const timingSafeTokenCompare = timingSafeStringEqual;
@@ -74,6 +58,8 @@ export class Server extends EventEmitter {
     oauthServer = null;
     oauthIssuerUrl = null;
     sseSubscriberCount = 0;
+    /** Cache for CC permission rules (30s TTL) to avoid filesystem walks on each dashboard poll */
+    _explainRulesCache = null;
     static MAX_SSE_SUBSCRIBERS = 20;
     /** Set by bridge to provide health data */
     healthDataFn = null;
@@ -87,24 +73,87 @@ export class Server extends EventEmitter {
     readyFn = null;
     /** Set by bridge to provide task list data (sanitized — no raw prompts) */
     tasksFn = null;
+    /** Set by bridge to cancel a running/pending task by id. Returns true if found. */
+    cancelTaskFn = null;
+    /** Patchwork: set by bridge to set the trust level for a recipe by name. */
+    setRecipeTrustFn = null;
+    /** Patchwork: set by bridge to generate a recipe YAML draft from a natural-language prompt. */
+    generateRecipeFn = null;
     /** Patchwork: set by bridge to list installed recipes for the dashboard. */
     recipesFn = null;
+    /** Patchwork: set by bridge to load raw recipe source content by name. */
+    loadRecipeContentFn = null;
+    /** Patchwork: set by bridge to save raw recipe source content by name. */
+    saveRecipeContentFn = null;
+    /** Patchwork: set by bridge to delete a recipe by name. */
+    deleteRecipeContentFn = null;
+    /** Patchwork: set by bridge to promote a variant recipe to the canonical name. */
+    promoteRecipeVariantFn = null;
+    /** Patchwork: set by bridge to duplicate a recipe as a variant. */
+    duplicateRecipeFn = null;
+    /** Patchwork: set by bridge to lint raw recipe content without saving. */
+    lintRecipeContentFn = null;
     /** Patchwork: set by bridge to save a new recipe draft to disk. */
     saveRecipeFn = null;
     /** Patchwork: set by bridge to query the recipe run audit log. */
     runsFn = null;
+    /** Patchwork: set by bridge to fetch a single run by seq for the detail page. */
+    runDetailFn = null;
+    /** Patchwork: set by bridge to generate a dry-run plan for a recipe by name. */
+    runPlanFn = null;
+    /** Patchwork (VD-4): mocked replay of an existing run. Returns the new
+     *  run's seq plus any unmocked steps the caller may want to surface. */
+    runReplayFn = null;
     /** Patchwork: set by bridge to launch a named recipe via the orchestrator. */
     runRecipeFn = null;
     /** Patchwork: admin-controlled managed settings path (highest rule precedence). */
     managedSettingsPath = undefined;
+    /** Effective bridge config path to update when dashboard saves driver changes. */
+    bridgeConfigPath = undefined;
     /** Patchwork: live approval gate level — mutated by POST /settings, read by bridge per-session setup. */
     approvalGate = "off";
     /** Patchwork: outbound webhook URL for approval notifications (from dashboard.webhookUrl in config). */
     approvalWebhookUrl = undefined;
+    /** Patchwork: push relay service URL — when set, per-callId approval tokens are generated. */
+    pushServiceUrl = undefined;
+    /** Patchwork: bearer token for the push relay service. */
+    pushServiceToken = undefined;
+    /** Patchwork: public base URL of this bridge, embedded in push payloads as callback base. */
+    pushServiceBaseUrl = undefined;
     /** Patchwork: approval decision audit callback wired to activityLog.recordEvent. */
     onApprovalDecision = undefined;
+    /**
+     * Patchwork: activity log handle, used by approvalHttp to compute
+     * passive risk personalization signals (`src/approvalSignals.ts`).
+     * When unset, personalSignals are simply omitted from queue entries.
+     */
+    activityLog = undefined;
+    /**
+     * Patchwork: recipe-run log handle, used by approvalHttp for the
+     * "recipe-step trust" heuristic (h6 in src/approvalSignals.ts). When
+     * unset, h6 is silently skipped; the other personalSignals heuristics
+     * still compute as long as `activityLog` is wired.
+     */
+    recipeRunLog = undefined;
+    /**
+     * Patchwork: opt-in switch for personalSignals heuristic 10
+     * (time-of-day anomaly). Off by default — see config.ts. Threaded into
+     * routeApprovalRequest deps so the personalSignals computation honors
+     * the user's preference.
+     */
+    enableTimeOfDayAnomaly = false;
     /** Patchwork: set by bridge to match + fire webhook-triggered recipes. */
     webhookFn = null;
+    /**
+     * Patchwork: ring buffer of recent webhook payloads, keyed by path
+     * (e.g. "/incident-war-room"). The last MAX_WEBHOOK_PAYLOADS entries are
+     * retained per path so the dashboard can show what the recipe most
+     * recently received — answers "did the trigger fire? what did it send?"
+     * without forcing the user to dig through bridge logs. In-memory only;
+     * cleared on restart.
+     */
+    webhookPayloads = new Map();
+    static MAX_WEBHOOK_PAYLOADS = 5;
     /** Set by bridge to handle MCP Streamable HTTP sessions (POST/GET/DELETE /mcp) */
     httpMcpHandler = null;
     /** Set by bridge to subscribe a caller to real-time activity events. Returns unsubscribe fn. */
@@ -127,6 +176,7 @@ export class Server extends EventEmitter {
     sessionDetailFn = null;
     /** Set by bridge to handle POST /launch-quick-task — invokes launchQuickTask tool in-process. */
     launchQuickTaskFn = null;
+    setRecipeEnabledFn = null;
     /**
      * Attach an OAuth 2.0 Authorization Server.
      * When set, the bridge exposes:
@@ -181,141 +231,37 @@ export class Server extends EventEmitter {
                 res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id");
                 res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
             }
-            const parsedUrl = new URL(req.url ?? "/", "http://localhost");
-            // ── OAuth 2.0 endpoints (unauthenticated — handled before bearer check) ──
-            // RFC 8414 discovery document
-            if (parsedUrl.pathname === "/.well-known/oauth-authorization-server" &&
-                req.method === "GET") {
-                if (this.oauthServer) {
-                    this.oauthServer.handleDiscovery(res);
-                }
-                else {
-                    res.writeHead(404, { "Content-Type": "text/plain" });
-                    res.end("OAuth not configured");
-                }
-                return;
-            }
-            // RFC 9396 Protected Resource Metadata — Claude.ai probes this to discover
-            // which authorization server protects this resource. Both the bare and
-            // resource-path variants are handled.
-            if (req.method === "GET" &&
-                (parsedUrl.pathname === "/.well-known/oauth-protected-resource" ||
-                    parsedUrl.pathname.startsWith("/.well-known/oauth-protected-resource/"))) {
-                if (this.oauthServer && this.oauthIssuerUrl) {
-                    res.writeHead(200, {
-                        "Content-Type": "application/json",
-                        "Cache-Control": "no-store",
-                    });
-                    res.end(JSON.stringify({
-                        resource: this.oauthIssuerUrl,
-                        authorization_servers: [this.oauthIssuerUrl],
-                    }));
-                }
-                else {
-                    res.writeHead(404, { "Content-Type": "text/plain" });
-                    res.end("OAuth not configured");
-                }
-                return;
-            }
-            // Authorization endpoint
-            if (parsedUrl.pathname === "/oauth/authorize" &&
-                (req.method === "GET" || req.method === "POST")) {
-                if (this.oauthServer) {
-                    this.oauthServer.handleAuthorize(req, res);
-                }
-                else {
-                    res.writeHead(404, { "Content-Type": "text/plain" });
-                    res.end("OAuth not configured");
-                }
-                return;
-            }
-            // Dynamic Client Registration endpoint (RFC 7591)
-            if (parsedUrl.pathname === "/oauth/register") {
-                if (this.oauthServer) {
-                    this.oauthServer.handleRegister(req, res).catch((err) => {
-                        if (!res.headersSent) {
-                            res.writeHead(500, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ error: String(err) }));
-                        }
-                    });
-                }
-                else {
-                    res.writeHead(404, { "Content-Type": "text/plain" });
-                    res.end("OAuth not configured");
-                }
-                return;
-            }
-            // Token endpoint
-            if (parsedUrl.pathname === "/oauth/token" && req.method === "POST") {
-                if (this.oauthServer) {
-                    this.oauthServer.handleToken(req, res).catch((err) => {
-                        if (!res.headersSent) {
-                            res.writeHead(500, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ error: String(err) }));
-                        }
-                    });
-                }
-                else {
-                    res.writeHead(404, { "Content-Type": "text/plain" });
-                    res.end("OAuth not configured");
-                }
-                return;
-            }
-            // Revocation endpoint (RFC 7009)
-            if (parsedUrl.pathname === "/oauth/revoke" && req.method === "POST") {
-                if (this.oauthServer) {
-                    this.oauthServer.handleRevoke(req, res).catch(() => {
-                        // RFC 7009: always 200
-                        if (!res.headersSent) {
-                            res.writeHead(200, { "Content-Type": "application/json" });
-                            res.end("{}");
-                        }
-                    });
-                }
-                else {
-                    res.writeHead(200, { "Content-Type": "application/json" });
-                    res.end("{}");
-                }
+            // DNS rebinding defense: validate Host header on every HTTP request,
+            // mirroring the WS upgrade handler below. Without this, attacker DNS
+            // can rebind a public hostname to 127.0.0.1 in the victim's browser
+            // and reach `/dashboard`, `/health`, `/metrics`, `/mcp`, OAuth
+            // endpoints, etc. with arbitrary Host headers. CORS gates browser
+            // *reads* of responses but does NOT gate top-level navigations or
+            // simple side-effect-bearing POSTs (e.g. `/oauth/authorize`).
+            const rawHost = req.headers.host ?? "";
+            const host = rawHost.startsWith("[")
+                ? rawHost.slice(0, rawHost.indexOf("]") + 1)
+                : rawHost.replace(/:\d+$/, "");
+            if (!host || !this.allowedHosts.has(host)) {
+                this.logger.warn(`Rejected HTTP request with invalid Host header: ${rawHost}`);
+                res.writeHead(403, { "Content-Type": "text/plain" });
+                res.end("Invalid Host header");
                 return;
             }
-            // ── MCP server-card (public) ──────────────────────────────────────────
-            if (req.url === "/.well-known/mcp/server-card.json" ||
-                req.url === "/.well-known/mcp") {
-                const card = {
-                    name: "claude-ide-bridge",
-                    version: BRIDGE_PROTOCOL_VERSION,
-                    description: "MCP bridge providing full IDE integration for Claude Code — LSP, diagnostics, file operations, terminal, debug adapters, and AI task orchestration",
-                    homepage: "https://github.com/Oolab-labs/claude-ide-bridge",
-                    transport: ["websocket", "stdio", "streamable-http"],
-                    capabilities: {
-                        tools: true,
-                        resources: true,
-                        prompts: true,
-                        elicitation: true,
-                    },
-                    author: "Oolab Labs",
-                    license: PACKAGE_LICENSE,
-                    repository: "https://github.com/Oolab-labs/claude-ide-bridge",
-                };
-                res.writeHead(200, {
-                    "Content-Type": "application/json",
-                    "Access-Control-Allow-Origin": "*",
-                });
-                res.end(JSON.stringify(card, null, 2));
+            const parsedUrl = new URL(req.url ?? "/", "http://localhost");
+            // ── OAuth 2.0 endpoints (extracted to src/oauthRoutes.ts) ────────────
+            // Unauthenticated — must run BEFORE the bearer-auth gate.
+            if (tryHandleOAuthRoute(req, res, parsedUrl, {
+                oauthServer: this.oauthServer,
+                oauthIssuerUrl: this.oauthIssuerUrl,
+            })) {
                 return;
             }
-            // CORS preflight for /mcp — browsers (and Claude Desktop's web renderer) send
-            // OPTIONS before POST. Respond without requiring auth so the preflight succeeds.
-            if (req.method === "OPTIONS" && parsedUrl.pathname === "/mcp") {
-                const origin = corsOrigin(req.headers.origin, this.extraCorsOrigins);
-                if (origin) {
-                    res.setHeader("Access-Control-Allow-Origin", origin);
-                    res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
-                    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id");
-                    res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
-                }
-                res.writeHead(204);
-                res.end();
+            // ── MCP server-card + CORS preflight (extracted to src/mcpRoutes.ts) ─
+            // Unauthenticated — must run BEFORE the bearer-auth gate.
+            if (tryHandleMcpRoute(req, res, parsedUrl, {
+                extraCorsOrigins: this.extraCorsOrigins,
+            })) {
                 return;
             }
             // Unauthenticated liveness probe — safe to expose; contains no sensitive data.
@@ -355,78 +301,57 @@ export class Server extends EventEmitter {
                 res.end(JSON.stringify({ ok: true, v: PACKAGE_VERSION }));
                 return;
             }
-            // ── Connector OAuth callbacks (unauthenticated — browser redirect from vendor) ──
-            if (parsedUrl.pathname === "/connections/github/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleGithubCallback } = await import("./connectors/github.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleGithubCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/linear/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleLinearCallback } = await import("./connectors/linear.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleLinearCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/sentry/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleSentryCallback } = await import("./connectors/sentry.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleSentryCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
+            // ── Connector OAuth callbacks (extracted to src/connectorRoutes.ts) ──
+            // Unauthenticated — browser redirects from vendor must run BEFORE the
+            // bearer-auth gate.
+            if (tryHandlePublicConnectorRoute(req, res, parsedUrl)) {
                 return;
             }
-            if (parsedUrl.pathname === "/connections/google-calendar/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleCalendarCallback } = await import("./connectors/googleCalendar.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleCalendarCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
+            // ── /schemas/* — unauthenticated registry-derived JSON Schemas ────────
+            // Serves recipe.v1.json, dry-run-plan.v1.json, tools/<ns>.json so YAML-LSP
+            // editors can resolve `$schema:` headers against a running bridge. No
+            // secrets — schemas are generated from the tool registry.
+            if (parsedUrl.pathname?.startsWith("/schemas/") && req.method === "GET") {
+                try {
+                    await import("./recipes/tools/index.js");
+                    const { generateSchemaSet } = await import("./recipes/schemaGenerator.js");
+                    const schemas = generateSchemaSet();
+                    const rest = parsedUrl.pathname.slice("/schemas/".length);
+                    let body;
+                    if (rest === "recipe.v1.json") {
+                        body = schemas.recipe;
+                    }
+                    else if (rest === "dry-run-plan.v1.json") {
+                        body = schemas.dryRunPlan;
+                    }
+                    else if (rest.startsWith("tools/") && rest.endsWith(".json")) {
+                        const ns = rest.slice("tools/".length, -".json".length);
+                        body = schemas.namespaces[ns];
+                    }
+                    else if (rest === "" || rest === "index.json") {
+                        body = {
+                            recipe: "/schemas/recipe.v1.json",
+                            dryRunPlan: "/schemas/dry-run-plan.v1.json",
+                            tools: Object.keys(schemas.namespaces).map((ns) => `/schemas/tools/${ns}.json`),
+                        };
+                    }
+                    if (body === undefined) {
+                        res.writeHead(404, { "Content-Type": "application/json" });
+                        res.end(JSON.stringify({ error: `schema not found: ${rest}` }));
+                        return;
+                    }
+                    res.writeHead(200, {
+                        "Content-Type": "application/schema+json",
+                        "Cache-Control": "public, max-age=60",
                     });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/slack/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleSlackCallback } = await import("./connectors/slack.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleSlackCallback(code, state, error);
-                    res.writeHead(result.status, { "Content-Type": result.contentType ?? "application/json" });
-                    res.end(result.body);
-                })();
+                    res.end(JSON.stringify(body, null, 2));
+                }
+                catch (err) {
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        error: err instanceof Error ? err.message : String(err),
+                    }));
+                }
                 return;
             }
             // ── Bearer token authentication ───────────────────────────────────────
@@ -446,8 +371,13 @@ export class Server extends EventEmitter {
             const oauthResolved = !isStaticToken && this.oauthServer
                 ? this.oauthServer.resolveBearerToken(bearer)
                 : null;
+            // Phone-path: approve/reject with x-approval-token bypass bearer check.
+            // The token itself is validated inside routeApprovalRequest via queue.validateToken.
+            const isPhoneApprovalPath = req.method === "POST" &&
+                /^\/(approve|reject)\/[A-Za-z0-9-]+$/.test(parsedUrl.pathname) &&
+                !!req.headers["x-approval-token"];
             // oauthResolved is the bridge token if the OAuth token is valid; null otherwise
-            if (!isStaticToken && !oauthResolved) {
+            if (!isStaticToken && !oauthResolved && !isPhoneApprovalPath) {
                 // RFC 6750: only include error= when a token was actually presented but invalid
                 const tokenPresented = bearer.length > 0;
                 const wwwAuth = this.oauthServer && this.oauthIssuerUrl
@@ -552,6 +482,83 @@ export class Server extends EventEmitter {
                 }
                 return;
             }
+            if (parsedUrl.pathname === "/traces/export" && req.method === "GET") {
+                void (async () => {
+                    try {
+                        // Accept passphrase only via header — never query string (prevents
+                        // proxy access-log exposure and browser-history leakage).
+                        if (parsedUrl.searchParams?.get("passphrase")) {
+                            res.writeHead(400, { "Content-Type": "application/json" });
+                            res.end(JSON.stringify({
+                                error: "passphrase must be sent in the X-Trace-Passphrase header, not the URL",
+                            }));
+                            return;
+                        }
+                        const passphraseRaw = req.headers["x-trace-passphrase"] ?? null;
+                        if (passphraseRaw !== null && passphraseRaw.length > 4096) {
+                            res.writeHead(400, { "Content-Type": "application/json" });
+                            res.end(JSON.stringify({
+                                error: "passphrase too long (max 4096 chars)",
+                            }));
+                            return;
+                        }
+                        if (passphraseRaw !== null && passphraseRaw.length < 12) {
+                            res.writeHead(400, { "Content-Type": "application/json" });
+                            res.end(JSON.stringify({
+                                error: "passphrase too short (min 12 chars)",
+                            }));
+                            return;
+                        }
+                        const passphrase = passphraseRaw;
+                        const { runTracesExportToStream } = await import("./commands/tracesExport.js");
+                        const stamp = new Date()
+                            .toISOString()
+                            .replace(/:/g, "-")
+                            .replace(/\..+$/, "");
+                        if (passphrase) {
+                            // Encrypted export — buffer the gzip, then AES-256-GCM encrypt.
+                            const { encryptTraceBundle } = await import("./traceEncryption.js");
+                            const chunks = [];
+                            const { Writable } = await import("node:stream");
+                            const collector = new Writable({
+                                write(chunk, _enc, cb) {
+                                    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+                                    cb();
+                                },
+                            });
+                            await runTracesExportToStream(collector);
+                            const plain = Buffer.concat(chunks);
+                            const encrypted = encryptTraceBundle(plain, passphrase);
+                            const filename = `traces-export-${stamp}.enc`;
+                            res.writeHead(200, {
+                                "Content-Type": "application/octet-stream",
+                                "Content-Disposition": `attachment; filename="${filename}"`,
+                                "Cache-Control": "no-store",
+                                "Content-Length": String(encrypted.length),
+                            });
+                            res.end(encrypted);
+                        }
+                        else {
+                            const filename = `traces-export-${stamp}.jsonl.gz`;
+                            res.writeHead(200, {
+                                "Content-Type": "application/gzip",
+                                "Content-Disposition": `attachment; filename="${filename}"`,
+                                "Cache-Control": "no-store",
+                            });
+                            await runTracesExportToStream(res);
+                        }
+                    }
+                    catch (err) {
+                        if (!res.headersSent) {
+                            res.writeHead(500, { "Content-Type": "application/json" });
+                            res.end(JSON.stringify({
+                                error: err instanceof Error ? err.message : String(err),
+                            }));
+                        }
+                    }
+                })();
+                return;
+            }
             if (parsedUrl.pathname === "/analytics" && req.method === "GET") {
                 try {
                     const wh = parsedUrl.searchParams.get("windowHours");
@@ -681,6 +688,28 @@ export class Server extends EventEmitter {
                 }
                 return;
             }
+            const cancelMatch = parsedUrl.pathname?.match(/^\/tasks\/([^/]+)\/cancel$/);
+            if (cancelMatch && req.method === "POST") {
+                const taskId = cancelMatch[1];
+                try {
+                    const found = this.cancelTaskFn?.(taskId) ?? false;
+                    if (!found) {
+                        res.writeHead(404, { "Content-Type": "application/json" });
+                        res.end(JSON.stringify({ error: "task not found or already terminal" }));
+                    }
+                    else {
+                        res.writeHead(200, { "Content-Type": "application/json" });
+                        res.end(JSON.stringify({ ok: true }));
+                    }
+                }
+                catch (err) {
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        error: err instanceof Error ? err.message : String(err),
+                    }));
+                }
+                return;
+            }
             if (parsedUrl.pathname?.startsWith("/hooks/") && req.method === "POST") {
                 const hookPath = parsedUrl.pathname.substring("/hooks".length);
                 const chunks = [];
@@ -713,531 +742,191 @@ export class Server extends EventEmitter {
                             : result.error === "not_found"
                                 ? 404
                                 : 400;
+                        // Record in ring buffer so the dashboard can show "last
+                        // payload" per recipe. Skip not_found so unknown paths don't
+                        // pollute the buffer with garbage / scanner traffic.
+                        if (result.error !== "not_found") {
+                            const existing = this.webhookPayloads.get(hookPath) ?? [];
+                            existing.unshift({
+                                receivedAt: Date.now(),
+                                payload,
+                                ok: result.ok,
+                                error: result.error,
+                                taskId: result.taskId,
+                                recipeName: result.name,
+                            });
+                            if (existing.length > Server.MAX_WEBHOOK_PAYLOADS) {
+                                existing.length = Server.MAX_WEBHOOK_PAYLOADS;
+                            }
+                            this.webhookPayloads.set(hookPath, existing);
+                        }
                         res.writeHead(status, { "Content-Type": "application/json" });
                         res.end(JSON.stringify(result));
                     })();
                 });
                 return;
             }
-            // ── Gmail / Connections endpoints ───────────────────────────────────────
-            if (parsedUrl.pathname === "/connections" && req.method === "GET") {
-                void (async () => {
-                    const { handleConnectionsList } = await import("./connectors/gmail.js");
-                    const result = await handleConnectionsList();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/gmail/auth" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleGmailAuthRedirect } = await import("./connectors/gmail.js");
-                    const result = handleGmailAuthRedirect();
-                    if (result.redirect) {
-                        res.writeHead(302, { Location: result.redirect });
-                        res.end();
-                    }
-                    else {
-                        res.writeHead(result.status, {
-                            "Content-Type": result.contentType ?? "application/json",
-                        });
-                        res.end(result.body);
-                    }
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/gmail/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleGmailCallback } = await import("./connectors/gmail.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleGmailCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "text/html",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/gmail" &&
-                req.method === "DELETE") {
-                void (async () => {
-                    const { handleGmailDisconnect } = await import("./connectors/gmail.js");
-                    const result = await handleGmailDisconnect();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/gmail/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleGmailTest } = await import("./connectors/gmail.js");
-                    const result = await handleGmailTest();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            // ── GitHub MCP connector routes ─────────────────────────────────────
-            if (parsedUrl.pathname === "/connections/github/auth" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleGithubAuthorize } = await import("./connectors/github.js");
-                    const result = await handleGithubAuthorize();
-                    if (result.redirect) {
-                        res.writeHead(302, { Location: result.redirect });
-                        res.end();
-                    }
-                    else {
-                        res.writeHead(result.status, {
-                            "Content-Type": result.contentType ?? "application/json",
-                        });
-                        res.end(result.body);
-                    }
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/github/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleGithubTest } = await import("./connectors/github.js");
-                    const result = await handleGithubTest();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/github" &&
-                req.method === "DELETE") {
-                void (async () => {
-                    const { handleGithubDisconnect } = await import("./connectors/github.js");
-                    const result = await handleGithubDisconnect();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            // ── Sentry MCP connector routes ─────────────────────────────────────
-            if (parsedUrl.pathname === "/connections/sentry/auth" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleSentryAuthorize } = await import("./connectors/sentry.js");
-                    const result = await handleSentryAuthorize();
-                    if (result.redirect) {
-                        res.writeHead(302, { Location: result.redirect });
-                        res.end();
-                    }
-                    else {
-                        res.writeHead(result.status, {
-                            "Content-Type": result.contentType ?? "application/json",
-                        });
-                        res.end(result.body);
-                    }
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/sentry/callback" &&
+            if (parsedUrl.pathname?.startsWith("/webhook-payloads/") &&
                 req.method === "GET") {
-                void (async () => {
-                    const { handleSentryCallback } = await import("./connectors/sentry.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleSentryCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/sentry/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleSentryTest } = await import("./connectors/sentry.js");
-                    const result = await handleSentryTest();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/sentry" &&
-                req.method === "DELETE") {
-                void (async () => {
-                    const { handleSentryDisconnect } = await import("./connectors/sentry.js");
-                    const result = await handleSentryDisconnect();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            // ── Linear MCP connector routes ─────────────────────────────────────
-            if (parsedUrl.pathname === "/connections/linear/auth" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleLinearAuthorize } = await import("./connectors/linear.js");
-                    const result = await handleLinearAuthorize();
-                    if (result.redirect) {
-                        res.writeHead(302, { Location: result.redirect });
-                        res.end();
-                    }
-                    else {
-                        res.writeHead(result.status, {
-                            "Content-Type": result.contentType ?? "application/json",
-                        });
-                        res.end(result.body);
-                    }
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/linear/callback" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleLinearCallback } = await import("./connectors/linear.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleLinearCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/linear/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleLinearTest } = await import("./connectors/linear.js");
-                    const result = await handleLinearTest();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/linear" &&
-                req.method === "DELETE") {
-                void (async () => {
-                    const { handleLinearDisconnect } = await import("./connectors/linear.js");
-                    const result = await handleLinearDisconnect();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
+                const hookPath = parsedUrl.pathname.substring("/webhook-payloads".length);
+                const entries = this.webhookPayloads.get(hookPath) ?? [];
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ path: hookPath, entries }));
                 return;
             }
-            // ── Slack connector routes ──────────────────────────────────────
-            if ((parsedUrl.pathname === "/connections/slack/auth" || parsedUrl.pathname === "/connections/slack/authorize") &&
-                req.method === "GET") {
-                const { handleSlackAuthorize } = await import("./connectors/slack.js");
-                const result = handleSlackAuthorize();
-                if (result.redirect) {
-                    res.writeHead(302, { Location: result.redirect });
-                    res.end();
+            // Activity-based automation suggestions (Phase 3 §4). Read-only
+            // pattern-mining over the running bridge's activity log + recipe
+            // run history. Same logic the `patchwork suggest` CLI calls — this
+            // exposes it to the dashboard so suggestions live where users look.
+            if (parsedUrl.pathname === "/suggestions" && req.method === "GET") {
+                if (!this.activityLog) {
+                    res.writeHead(503, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        error: "activity log not wired — bridge probably not in a configuration that records activity",
+                    }));
+                    return;
                 }
-                else {
-                    res.writeHead(result.status, { "Content-Type": result.contentType ?? "application/json" });
-                    res.end(result.body);
+                const sinceDaysParam = parsedUrl.searchParams?.get("sinceDays");
+                const sinceDays = sinceDaysParam !== null && sinceDaysParam !== undefined
+                    ? Number.parseInt(sinceDaysParam, 10)
+                    : undefined;
+                const { computeAutomationSuggestions } = await import("./automationSuggestions.js");
+                const opts = {
+                    activityLog: this.activityLog,
+                };
+                if (this.recipeRunLog)
+                    opts.recipeRunLog = this.recipeRunLog;
+                if (sinceDays !== undefined && Number.isFinite(sinceDays)) {
+                    opts.activitySinceMs = sinceDays * 24 * 60 * 60 * 1000;
                 }
+                const suggestions = computeAutomationSuggestions(opts);
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({
+                    suggestions,
+                    generatedAt: new Date().toISOString(),
+                }));
                 return;
             }
-            if (parsedUrl.pathname === "/connections/slack/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleSlackTest } = await import("./connectors/slack.js");
-                    const result = await handleSlackTest();
-                    res.writeHead(result.status, { "Content-Type": result.contentType ?? "application/json" });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/slack" &&
-                req.method === "DELETE") {
-                const { handleSlackDisconnect } = await import("./connectors/slack.js");
-                const result = handleSlackDisconnect();
-                res.writeHead(result.status, { "Content-Type": result.contentType ?? "application/json" });
-                res.end(result.body);
-                return;
-            }
-            // ── Google Calendar routes ──────────────────────────────────────
-            if (parsedUrl.pathname === "/connections/google-calendar/auth" &&
-                req.method === "GET") {
-                void (async () => {
-                    const { handleCalendarAuthRedirect } = await import("./connectors/googleCalendar.js");
-                    const result = handleCalendarAuthRedirect();
-                    if (result.redirect) {
-                        res.writeHead(302, { Location: result.redirect });
-                        res.end();
-                    }
-                    else {
-                        res.writeHead(result.status, {
-                            "Content-Type": result.contentType ?? "application/json",
-                        });
-                        res.end(result.body);
-                    }
-                })();
+            // Approval insights — aggregate approval-decision history for Phase 3 §3
+            // passive risk personalization. Read-only; no state changes.
+            if (parsedUrl.pathname === "/approval-insights" && req.method === "GET") {
+                if (!this.activityLog) {
+                    res.writeHead(503, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        error: "activity log not wired",
+                    }));
+                    return;
+                }
+                const { computeApprovalInsights } = await import("./approvalInsights.js");
+                const result = computeApprovalInsights(this.activityLog);
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify(result));
                 return;
             }
-            if (parsedUrl.pathname === "/connections/google-calendar/callback" &&
+            // Decision replay — Phase 3 §2. Re-evaluates historical approval
+            // decisions against the current CC policy. Read-only; no side effects.
+            if (parsedUrl.pathname === "/approval-insights/replay" &&
                 req.method === "GET") {
-                void (async () => {
-                    const { handleCalendarCallback } = await import("./connectors/googleCalendar.js");
-                    const code = parsedUrl.searchParams.get("code");
-                    const state = parsedUrl.searchParams.get("state");
-                    const error = parsedUrl.searchParams.get("error");
-                    const result = await handleCalendarCallback(code, state, error);
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/google-calendar/test" &&
-                req.method === "POST") {
-                void (async () => {
-                    const { handleCalendarTest } = await import("./connectors/googleCalendar.js");
-                    const result = await handleCalendarTest();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            if (parsedUrl.pathname === "/connections/google-calendar" &&
-                req.method === "DELETE") {
-                void (async () => {
-                    const { handleCalendarDisconnect } = await import("./connectors/googleCalendar.js");
-                    const result = await handleCalendarDisconnect();
-                    res.writeHead(result.status, {
-                        "Content-Type": result.contentType ?? "application/json",
-                    });
-                    res.end(result.body);
-                })();
-                return;
-            }
-            // ── Inbox routes ────────────────────────────────────────────────────
-            if (parsedUrl.pathname === "/inbox" && req.method === "GET") {
-                void (async () => {
-                    try {
-                        const { readdir, readFile, stat } = await import("node:fs/promises");
-                        const { existsSync } = await import("node:fs");
-                        const inboxDir = path.join(os.homedir(), ".patchwork", "inbox");
-                        if (!existsSync(inboxDir)) {
-                            res.writeHead(200, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ items: [] }));
-                            return;
-                        }
-                        const files = (await readdir(inboxDir)).filter((f) => f.endsWith(".md"));
-                        const items = await Promise.all(files.map(async (name) => {
-                            const filePath = path.join(inboxDir, name);
-                            const [content, stats] = await Promise.all([
-                                readFile(filePath, "utf8"),
-                                stat(filePath),
-                            ]);
-                            const stripped = content
-                                .split("\n")
-                                .filter((l) => !l.startsWith("#"))
-                                .join("\n")
-                                .trim();
-                            return {
-                                name,
-                                path: filePath,
-                                modifiedAt: stats.mtime.toISOString(),
-                                preview: stripped.slice(0, 200),
-                            };
-                        }));
-                        items.sort((a, b) => new Date(b.modifiedAt).getTime() -
-                            new Date(a.modifiedAt).getTime());
-                        res.writeHead(200, { "Content-Type": "application/json" });
-                        res.end(JSON.stringify({ items }));
-                    }
-                    catch (err) {
-                        res.writeHead(500, { "Content-Type": "application/json" });
-                        res.end(JSON.stringify({
-                            error: err instanceof Error ? err.message : String(err),
-                        }));
-                    }
-                })();
-                return;
-            }
-            const inboxFileMatch = parsedUrl.pathname?.match(/^\/inbox\/([^/]+\.md)$/);
-            if (inboxFileMatch && req.method === "GET") {
-                void (async () => {
-                    try {
-                        const { readFile, stat } = await import("node:fs/promises");
-                        const filename = decodeURIComponent(inboxFileMatch[1] ?? "");
-                        // Prevent path traversal — filename must not contain directory separators
-                        if (filename.includes("/") || filename.includes("\\")) {
-                            res.writeHead(400, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ error: "Invalid filename" }));
-                            return;
-                        }
-                        const filePath = path.join(os.homedir(), ".patchwork", "inbox", filename);
-                        const [content, stats] = await Promise.all([
-                            readFile(filePath, "utf8"),
-                            stat(filePath),
-                        ]);
-                        res.writeHead(200, { "Content-Type": "application/json" });
-                        res.end(JSON.stringify({
-                            name: filename,
-                            content,
-                            modifiedAt: stats.mtime.toISOString(),
-                        }));
-                    }
-                    catch (err) {
-                        const code = err.code;
-                        if (code === "ENOENT") {
-                            res.writeHead(404, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ error: "Not found" }));
-                        }
-                        else {
-                            res.writeHead(500, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({
-                                error: err instanceof Error ? err.message : String(err),
-                            }));
-                        }
-                    }
-                })();
-                return;
-            }
-            // ── End inbox routes ─────────────────────────────────────────────────
-            if (parsedUrl.pathname === "/recipes/run" && req.method === "POST") {
-                const chunks = [];
-                req.on("data", (c) => chunks.push(c));
-                req.on("end", () => {
-                    void (async () => {
-                        try {
-                            const body = Buffer.concat(chunks).toString("utf-8");
-                            const parsed = JSON.parse(body || "{}");
-                            const name = parsed.name;
-                            const vars = parsed.vars &&
-                                typeof parsed.vars === "object" &&
-                                !Array.isArray(parsed.vars)
-                                ? parsed.vars
-                                : undefined;
-                            if (typeof name !== "string" || !name) {
-                                res.writeHead(400, { "Content-Type": "application/json" });
-                                res.end(JSON.stringify({ ok: false, error: "name required" }));
-                                return;
-                            }
-                            if (!this.runRecipeFn) {
-                                res.writeHead(503, { "Content-Type": "application/json" });
-                                res.end(JSON.stringify({
-                                    ok: false,
-                                    error: "Recipe execution unavailable — requires --claude-driver subprocess",
-                                }));
-                                return;
-                            }
-                            const result = await this.runRecipeFn(name, vars);
-                            res.writeHead(result.ok ? 200 : 400, {
-                                "Content-Type": "application/json",
-                            });
-                            res.end(JSON.stringify(result));
-                        }
-                        catch {
-                            res.writeHead(400, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ ok: false, error: "Invalid JSON body" }));
-                        }
-                    })();
+                if (!this.activityLog) {
+                    res.writeHead(503, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({ error: "activity log not wired" }));
+                    return;
+                }
+                const sinceDaysParam = parsedUrl.searchParams?.get("sinceDays");
+                const sinceDays = sinceDaysParam !== null && sinceDaysParam !== undefined
+                    ? Number.parseInt(sinceDaysParam, 10)
+                    : 7;
+                const sinceMs = Number.isFinite(sinceDays)
+                    ? Date.now() - sinceDays * 24 * 60 * 60 * 1000
+                    : 0;
+                const { computeDecisionReplay } = await import("./decisionReplay.js");
+                const result = computeDecisionReplay(this.activityLog, {
+                    workspace: process.cwd(),
+                    sinceMs,
                 });
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify(result));
                 return;
             }
-            if (parsedUrl.pathname === "/runs" && req.method === "GET") {
-                try {
-                    const sp = parsedUrl.searchParams;
-                    const limitRaw = sp.get("limit");
-                    const afterRaw = sp.get("after");
-                    const trigger = sp.get("trigger");
-                    const status = sp.get("status");
-                    const recipe = sp.get("recipe");
-                    const limit = limitRaw ? Number.parseInt(limitRaw, 10) : Number.NaN;
-                    const after = afterRaw ? Number.parseInt(afterRaw, 10) : Number.NaN;
-                    const runs = this.runsFn?.({
-                        ...(Number.isFinite(limit) && { limit }),
-                        ...(trigger && { trigger }),
-                        ...(status && { status }),
-                        ...(recipe && { recipe }),
-                        ...(Number.isFinite(after) && { after }),
-                    }) ?? [];
-                    res.writeHead(200, { "Content-Type": "application/json" });
-                    res.end(JSON.stringify({ runs }));
+            // Rule explanation — returns which CC permission rule matched a tool call
+            // and why approval was required. Phase 1 §2 Delegation Policy UX.
+            if (parsedUrl.pathname === "/approval-insights/explain" &&
+                req.method === "GET") {
+                const tool = parsedUrl.searchParams?.get("tool") ?? "";
+                const specifier = parsedUrl.searchParams?.get("specifier") ?? undefined;
+                if (!tool) {
+                    res.writeHead(400, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({ error: "tool param required" }));
+                    return;
                 }
-                catch (err) {
-                    res.writeHead(500, { "Content-Type": "application/json" });
-                    res.end(JSON.stringify({
-                        error: err instanceof Error ? err.message : String(err),
-                    }));
+                const { loadCcPermissionsAttributed, explainRules } = await import("./ccPermissions.js");
+                // Cache rules for 30 s — loadCcPermissionsAttributed walks the
+                // filesystem and this endpoint can be polled by the dashboard.
+                const now = Date.now();
+                if (!this._explainRulesCache ||
+                    now - this._explainRulesCache.at > 30_000) {
+                    this._explainRulesCache = {
+                        at: now,
+                        rules: loadCcPermissionsAttributed(process.cwd()),
+                    };
                 }
+                const explanation = explainRules(tool, specifier || undefined, this._explainRulesCache.rules);
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ tool, specifier: specifier ?? null, explanation }));
                 return;
             }
-            if (req.url === "/recipes" && req.method === "POST") {
-                const chunks = [];
-                req.on("data", (c) => chunks.push(c));
-                req.on("end", () => {
-                    try {
-                        const body = Buffer.concat(chunks).toString("utf-8");
-                        const draft = JSON.parse(body || "{}");
-                        if (typeof draft.name !== "string" || !draft.name) {
-                            res.writeHead(400, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({ ok: false, error: "name required" }));
-                            return;
-                        }
-                        if (!this.saveRecipeFn) {
-                            res.writeHead(503, { "Content-Type": "application/json" });
-                            res.end(JSON.stringify({
-                                ok: false,
-                                error: "Recipe saving unavailable",
-                            }));
-                            return;
-                        }
-                        const result = this.saveRecipeFn(draft);
-                        res.writeHead(result.ok ? 201 : 400, {
-                            "Content-Type": "application/json",
-                        });
-                        res.end(JSON.stringify(result));
-                    }
-                    catch {
-                        res.writeHead(400, { "Content-Type": "application/json" });
-                        res.end(JSON.stringify({ ok: false, error: "Invalid JSON body" }));
-                    }
-                });
+            // Reversible-refactoring surface — list active staged transactions
+            // (Phase 1 §3 dashboard ask). Read-only metadata for the dashboard
+            // /transactions page; no file contents leave the bridge.
+            if (parsedUrl.pathname === "/transactions" && req.method === "GET") {
+                const { listActiveTransactions } = await import("./tools/transaction.js");
+                const transactions = listActiveTransactions();
+                res.writeHead(200, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({ transactions }));
                 return;
             }
-            if (req.url === "/recipes" && req.method === "GET") {
-                try {
-                    const data = this.recipesFn?.() ?? { recipesDir: null, recipes: [] };
-                    res.writeHead(200, { "Content-Type": "application/json" });
-                    res.end(JSON.stringify(data));
-                }
-                catch (err) {
-                    res.writeHead(500, { "Content-Type": "application/json" });
-                    res.end(JSON.stringify({
-                        error: err instanceof Error ? err.message : String(err),
-                    }));
-                }
+            // Discard-only — we deliberately do NOT expose commit via HTTP because
+            // the commit handler needs per-workspace context wired through
+            // createTransactionTools(). Rollback is pure-memory and workspace-
+            // agnostic, safe to expose. Commit from the agent side via MCP.
+            if (parsedUrl.pathname?.match(/^\/transactions\/[^/]+\/rollback$/) &&
+                req.method === "POST") {
+                const id = parsedUrl.pathname.split("/")[2] ?? "";
+                const { rollbackTransactionById } = await import("./tools/transaction.js");
+                const ok = id !== "" && rollbackTransactionById(id);
+                res.writeHead(ok ? 200 : 404, { "Content-Type": "application/json" });
+                res.end(JSON.stringify(ok
+                    ? { ok: true, transactionId: id }
+                    : { ok: false, error: "transaction not found" }));
+                return;
+            }
+            // ── Connector routes (extracted to src/connectorRoutes.ts) ──────────
+            if (tryHandleConnectorRoute(req, res, parsedUrl)) {
+                return;
+            }
+            // ── Inbox routes (extracted to src/inboxRoutes.ts) ───────────────────
+            if (tryHandleInboxRoute(req, res, parsedUrl)) {
+                return;
+            }
+            // ── Recipe / runs / templates routes (extracted to src/recipeRoutes.ts) ─
+            if (tryHandleRecipeRoute(req, res, parsedUrl, {
+                setRecipeTrustFn: this.setRecipeTrustFn,
+                generateRecipeFn: this.generateRecipeFn,
+                recipesFn: this.recipesFn,
+                loadRecipeContentFn: this.loadRecipeContentFn,
+                saveRecipeContentFn: this.saveRecipeContentFn,
+                deleteRecipeContentFn: this.deleteRecipeContentFn,
+                duplicateRecipeFn: this.duplicateRecipeFn,
+                promoteRecipeVariantFn: this.promoteRecipeVariantFn,
+                lintRecipeContentFn: this.lintRecipeContentFn,
+                saveRecipeFn: this.saveRecipeFn,
+                setRecipeEnabledFn: this.setRecipeEnabledFn,
+                runsFn: this.runsFn,
+                runDetailFn: this.runDetailFn,
+                runPlanFn: this.runPlanFn,
+                runReplayFn: this.runReplayFn,
+                runRecipeFn: this.runRecipeFn,
+            })) {
                 return;
             }
             const sessionDetailMatch = /^\/sessions\/([A-Za-z0-9-]+)$/.exec(parsedUrl.pathname);
@@ -1286,8 +975,11 @@ export class Server extends EventEmitter {
                 req.on("end", () => {
                     try {
                         const body = JSON.parse(Buffer.concat(chunks).toString("utf-8"));
-                        const raw = body.webhookUrl?.trim() ?? "";
-                        if (raw !== "" && !/^https:\/\/.+/.test(raw)) {
+                        const hasWebhookUpdate = body.webhookUrl !== undefined;
+                        const raw = hasWebhookUpdate
+                            ? (body.webhookUrl?.trim() ?? "")
+                            : undefined;
+                        if (raw !== undefined && raw !== "" && !/^https:\/\/.+/.test(raw)) {
                             res.writeHead(400, { "Content-Type": "application/json" });
                             res.end(JSON.stringify({ error: "webhookUrl must be HTTPS" }));
                             return;
@@ -1306,19 +998,112 @@ export class Server extends EventEmitter {
                         const configPath = patchworkConfigPath();
                         const cfg = loadPatchworkConfig(configPath);
                         cfg.dashboard = {
-                            port: cfg.dashboard?.port ?? 3000,
+                            port: cfg.dashboard?.port ?? 3200,
                             requireApproval: cfg.dashboard?.requireApproval ?? ["high"],
                             pushNotifications: cfg.dashboard?.pushNotifications ?? false,
-                            webhookUrl: raw || undefined,
+                            webhookUrl: hasWebhookUpdate
+                                ? raw || undefined
+                                : cfg.dashboard?.webhookUrl,
                         };
                         if (gateRaw !== undefined) {
                             cfg.approvalGate = gateRaw;
                             this.approvalGate = gateRaw;
                         }
+                        // h10 toggle: must be boolean if present. Persists to
+                        // ~/.patchwork/config.json AND live-mutates the Server
+                        // field so the next /approvals POST honors it without
+                        // needing a bridge restart.
+                        if (body.enableTimeOfDayAnomaly !== undefined) {
+                            if (typeof body.enableTimeOfDayAnomaly !== "boolean") {
+                                res.writeHead(400, { "Content-Type": "application/json" });
+                                res.end(JSON.stringify({
+                                    error: "enableTimeOfDayAnomaly must be a boolean",
+                                }));
+                                return;
+                            }
+                            cfg.enableTimeOfDayAnomaly = body.enableTimeOfDayAnomaly;
+                            this.enableTimeOfDayAnomaly = body.enableTimeOfDayAnomaly;
+                        }
+                        const driverRaw = body.driver;
+                        if (driverRaw !== undefined) {
+                            const validDrivers = [
+                                "subprocess",
+                                "api",
+                                "openai",
+                                "grok",
+                                "gemini",
+                                "none",
+                            ];
+                            if (!validDrivers.includes(driverRaw)) {
+                                res.writeHead(400, { "Content-Type": "application/json" });
+                                res.end(JSON.stringify({
+                                    error: `driver must be one of: ${validDrivers.join(", ")}`,
+                                }));
+                                return;
+                            }
+                            const driver = driverRaw;
+                            cfg.driver = driver;
+                            saveBridgeConfigDriver(driver, this.bridgeConfigPath);
+                        }
+                        if (body.model !== undefined) {
+                            const validModels = [
+                                "claude",
+                                "openai",
+                                "gemini",
+                                "grok",
+                                "local",
+                            ];
+                            if (!validModels.includes(body.model)) {
+                                res.writeHead(400, { "Content-Type": "application/json" });
+                                res.end(JSON.stringify({
+                                    error: `model must be one of: ${validModels.join(", ")}`,
+                                }));
+                                return;
+                            }
+                            cfg.model = body.model;
+                            if (body.model === "local") {
+                                if (body.localEndpoint !== undefined)
+                                    cfg.localEndpoint = body.localEndpoint.trim() || undefined;
+                                if (body.localModel !== undefined)
+                                    cfg.localModel = body.localModel.trim() || undefined;
+                            }
+                        }
+                        if (body.apiKey) {
+                            const { provider, key } = body.apiKey;
+                            const validProviders = ["anthropic", "openai", "google", "xai"];
+                            if (!validProviders.includes(provider) ||
+                                typeof key !== "string") {
+                                res.writeHead(400, { "Content-Type": "application/json" });
+                                res.end(JSON.stringify({ error: "Invalid apiKey provider or key" }));
+                                return;
+                            }
+                            cfg.apiKeys = { ...cfg.apiKeys, [provider]: key || undefined };
+                        }
                         savePatchworkConfig(cfg, configPath);
-                        this.approvalWebhookUrl = raw || undefined;
+                        if (hasWebhookUpdate) {
+                            this.approvalWebhookUrl = raw || undefined;
+                        }
+                        if (body.pushServiceUrl !== undefined) {
+                            const pushUrl = body.pushServiceUrl.trim();
+                            if (pushUrl && !pushUrl.startsWith("https://")) {
+                                res.writeHead(400, { "Content-Type": "application/json" });
+                                res.end(JSON.stringify({ error: "pushServiceUrl must be HTTPS" }));
+                                return;
+                            }
+                            this.pushServiceUrl = pushUrl || undefined;
+                        }
+                        if (body.pushServiceToken !== undefined) {
+                            this.pushServiceToken = body.pushServiceToken.trim() || undefined;
+                        }
+                        if (body.pushServiceBaseUrl !== undefined) {
+                            this.pushServiceBaseUrl =
+                                body.pushServiceBaseUrl.trim() || undefined;
+                        }
+                        const restartRequired = driverRaw !== undefined ||
+                            body.apiKey !== undefined ||
+                            body.model !== undefined;
                         res.writeHead(200, { "Content-Type": "application/json" });
-                        res.end(JSON.stringify({ ok: true }));
+                        res.end(JSON.stringify({ ok: true, restartRequired }));
                     }
                     catch (err) {
                         res.writeHead(400, { "Content-Type": "application/json" });
@@ -1382,6 +1167,11 @@ export class Server extends EventEmitter {
                 }
                 return;
             }
+            // SSE stream for live approval queue updates.
+            if (parsedUrl.pathname === "/approvals/stream" && req.method === "GET") {
+                handleApprovalsStream(res, { queue: getApprovalQueue() }, parsedUrl.searchParams.get("session"));
+                return;
+            }
             // Patchwork approval surface — PreToolUse hook + dashboard approve/reject.
             // Bearer auth already checked above.
             if (parsedUrl.pathname === "/approvals" ||
@@ -1407,6 +1197,7 @@ export class Server extends EventEmitter {
                             path: parsedUrl.pathname,
                             body: parsedBody,
                             query: parsedUrl.searchParams,
+                            approvalToken: req.headers["x-approval-token"],
                         }, {
                             queue: getApprovalQueue(),
                             workspace: process.cwd(),
@@ -1414,6 +1205,18 @@ export class Server extends EventEmitter {
                             onDecision: this.onApprovalDecision,
                             webhookUrl: this.approvalWebhookUrl,
                             approvalGate: this.approvalGate,
+                            pushServiceUrl: this.pushServiceUrl,
+                            pushServiceToken: this.pushServiceToken,
+                            pushServiceBaseUrl: this.pushServiceBaseUrl,
+                            activityLog: this.activityLog,
+                            // RecipeRunLog satisfies RecipeRunQuerier structurally
+                            // — the cast bridges TS contravariance: RecipeRunQuerier's
+                            // narrow query interface (`status?: string`) is deliberately
+                            // loose so tests can mock it; RecipeRunLog's stricter
+                            // RunStatus union is a strict subset and fails the param
+                            // contravariance check despite being safe at runtime.
+                            recipeRunLog: this.recipeRunLog,
+                            enableTimeOfDayAnomaly: this.enableTimeOfDayAnomaly,
                         });
                         res.writeHead(result.status, {
                             "Content-Type": "application/json",