reflectt-node 0.1.7 → 0.1.11

package/dist/server.js

@@ -53,7 +53,7 @@ import { autoPopulateCloseGate, tryAutoCloseTask, getMergeAttemptLog } from './p
 import { getDuplicateClosureCanonicalRefError } from './duplicateClosureGuard.js';
 import { recordReviewMutation, diffReviewFields, getAuditEntries, loadAuditLedger } from './auditLedger.js';
 import { listSharedFiles, readSharedFile, resolveTaskArtifact } from './shared-workspace-api.js';
-import { normalizeTaskArtifactPaths, buildGitHubBlobUrl, buildGitHubRawUrl } from './artifact-resolver.js';
+import { normalizeArtifactPath, normalizeTaskArtifactPaths, buildGitHubBlobUrl, buildGitHubRawUrl } from './artifact-resolver.js';
 import { emitActivationEvent, getUserFunnelState, getFunnelSummary, hasCompletedEvent, isDay2Eligible, loadActivationFunnel, getConversionFunnel, getFailureDistribution, getWeeklyTrends, getOnboardingDashboard, } from './activationEvents.js';
 import { alertUnauthorizedApproval, alertFlipAttempt, getMutationAlertStatus, pruneOldAttempts } from './mutationAlert.js';
 import { mentionAckTracker } from './mention-ack.js';
@@ -69,9 +69,9 @@ import { researchManager } from './research.js';
 import { wsHeartbeat } from './ws-heartbeat.js';
 import { getBuildInfo } from './buildInfo.js';
 import { appendStoredLog, readStoredLogs, getStoredLogPath } from './logStore.js';
-import { getAgentRoles, getAgentRolesSource, loadAgentRoles, startConfigWatch, suggestAssignee, suggestReviewer, checkWipCap, saveAgentRoles, scoreAssignment, getAgentRole, getAgentAliases, setAgentDisplayName, resolveAgentMention } from './assignment.js';
+import { getAgentRoles, getAgentRolesSource, loadAgentRoles, startConfigWatch, suggestAssignee, suggestReviewer, checkWipCap, saveAgentRoles, getAgentRole, getAgentAliases, setAgentDisplayName, resolveAgentMention } from './assignment.js';
 import { initTelemetry, trackRequest as trackTelemetryRequest, trackError as trackTelemetryError, trackTaskEvent, getSnapshot as getTelemetrySnapshot, getTelemetryConfig } from './telemetry.js';
-import { recordUsage, recordUsageBatch, getUsageSummary, getUsageByAgent, getUsageByModel, getUsageByTask, setCap, listCaps, deleteCap, checkCaps, getRoutingSuggestions, estimateCost, ensureUsageTables } from './usage-tracking.js';
+import { recordUsageBatch, getUsageSummary, getUsageByAgent, getUsageByModel, getUsageByTask, getDailySpendByModel, getAvgCostByLane, getAvgCostByAgent, setCap, listCaps, deleteCap, checkCaps, getRoutingSuggestions, estimateCost, ensureUsageTables } from './usage-tracking.js';
 import { getTeamConfigHealth } from './team-config.js';
 import { SecretVault } from './secrets.js';
 import { initGitHubActorAuth, resolveGitHubTokenForActor } from './github-actor-auth.js';
@@ -80,6 +80,8 @@ import { computeCiFromCheckRuns, computeCiFromCombinedStatus } from './github-ci
 import { createGitHubIdentityProvider } from './github-identity.js';
 import { getProvisioningManager } from './provisioning.js';
 import { getWebhookDeliveryManager } from './webhooks.js';
+import { enrichWebhookPayload } from './github-webhook-attribution.js';
+import { formatGitHubEvent } from './github-webhook-chat.js';
 import { exportBundle, importBundle } from './portability.js';
 import { getNotificationManager } from './notifications.js';
 import { getConnectivityManager } from './connectivity.js';
@@ -115,7 +117,9 @@ import { getRoutingApprovalQueue, getRoutingSuggestion, buildApprovalPatch, buil
 import { calendarManager } from './calendar.js';
 import { calendarEvents } from './calendar-events.js';
 import { startReminderEngine, stopReminderEngine, getReminderEngineStats } from './calendar-reminder-engine.js';
+import { startDeployMonitor, stopDeployMonitor } from './deploy-monitor.js';
 import { exportICS, exportEventICS, importICS } from './calendar-ical.js';
+import { createScheduleEntry, getScheduleEntry, updateScheduleEntry, deleteScheduleEntry, getScheduleFeed } from './schedule.js';
 import { createDoc, getDoc, listDocs, updateDoc, deleteDoc } from './knowledge-docs.js';
 import { onTaskShipped, onDecisionComment, isDecisionComment } from './knowledge-auto-index.js';
 import { upsertHostHeartbeat, getHost, listHosts, removeHost } from './host-registry.js';
@@ -272,6 +276,13 @@ function normalizeConfiguredModel(value) {
         error: `Unknown model identifier "${raw}". Allowed aliases: ${Object.keys(MODEL_ALIASES).join(', ')} or provider/model format.`,
     };
 }
+// ── Handoff state schema (max 3 columns per COO rule) ─────────────
+const VALID_HANDOFF_DECISIONS = ['approved', 'rejected', 'needs_changes', 'escalated'];
+const HandoffStateSchema = z.object({
+    reviewed_by: z.string().min(1),
+    decision: z.enum(VALID_HANDOFF_DECISIONS),
+    next_owner: z.string().min(1).optional(),
+}).strict();
 const UpdateTaskSchema = z.object({
     title: z.string().min(1).optional(),
     description: z.string().optional(),
@@ -426,6 +437,9 @@ const QaBundleSchema = z.object({
 });
 const ReviewHandoffSchema = z.object({
     task_id: z.string().trim().regex(/^task-[a-zA-Z0-9-]+$/),
+    // Stored transactionally (server-side) from POST /tasks/:id/comments.
+    // This must always resolve via GET /tasks/:id/comments.
+    comment_id: z.string().trim().regex(/^tcomment-\d+-[a-z0-9]+$/i).optional(),
     repo: z.string().trim().min(1).optional(), // optional for config_only tasks
     artifact_path: z.string().trim().min(1), // relaxed: accepts any path (process/, ~/.reflectt/, etc.)
     test_proof: z.string().trim().min(1).optional(), // optional for non-code tasks
@@ -621,6 +635,29 @@ function enforceQaBundleGateForValidating(status, metadata, expectedTaskId) {
             hint: 'Use the same canonical process/... artifact path in both fields.',
         };
     }
+    // Canonical artifact reference (until central storage exists):
+    // For code tasks, artifact paths must be repo-relative under process/ (or a URL).
+    if (reviewPacket && !nonCodeLane) {
+        const packetArtifact = typeof reviewPacket.artifact_path === 'string' ? reviewPacket.artifact_path.trim() : '';
+        const packetIsUrl = /^https?:\/\//i.test(packetArtifact);
+        const packetIsProcess = packetArtifact.startsWith('process/');
+        if (packetArtifact && !packetIsUrl && !packetIsProcess) {
+            return {
+                ok: false,
+                error: 'Validating gate: metadata.qa_bundle.review_packet.artifact_path must be under process/ (repo-relative) or a URL',
+                hint: 'Set review_packet.artifact_path to process/TASK-...md (committed in the PR) or a PR/GitHub URL.',
+            };
+        }
+        const metaIsUrl = /^https?:\/\//i.test(artifactPath);
+        const metaIsProcess = artifactPath.startsWith('process/');
+        if (artifactPath && !metaIsUrl && !metaIsProcess) {
+            return {
+                ok: false,
+                error: 'Validating gate: metadata.artifact_path must be under process/ (repo-relative) or a URL',
+                hint: 'Set metadata.artifact_path to process/TASK-...md (committed in the PR) or a PR/GitHub URL.',
+            };
+        }
+    }
     // PR integrity: validate commit SHA + changed_files against live PR head
     if (!nonCodeLane && reviewPacket?.pr_url) {
         const overrideFlag = metadataObj.pr_integrity_override === true;
@@ -742,6 +779,40 @@ function applyReviewStateMetadata(existing, parsed, mergedMeta, now) {
             };
             console.log(`[ArtifactNormalize] task ${existing.id}: normalized`, normResult.warnings);
         }
+        // ── Review handoff comment pointer repair/fill ──
+        // If review_handoff exists, ensure comment_id points to a real comment.
+        // We do this *server-side* to avoid phantom/unresolvable pointers.
+        const rh = metadata.review_handoff;
+        if (rh && typeof rh === 'object' && !Array.isArray(rh)) {
+            const rhAny = rh;
+            const commentId = typeof rhAny.comment_id === 'string' ? rhAny.comment_id.trim() : '';
+            const all = taskManager.getTaskComments(existing.id, { includeSuppressed: true });
+            const resolves = commentId ? all.some(c => c.id === commentId) : false;
+            if (!resolves) {
+                // Prefer an explicit category tag; fallback to most recent comment by assignee.
+                const assignee = (existing.assignee || '').trim().toLowerCase();
+                const byHandoffCategory = all
+                    .filter(c => {
+                    const cat = String(c.category || '').toLowerCase();
+                    return cat === 'review_handoff' || cat === 'handoff';
+                });
+                const byAssignee = assignee
+                    ? all.filter(c => String(c.author || '').trim().toLowerCase() === assignee)
+                    : [];
+                const candidate = (byHandoffCategory.length > 0
+                    ? byHandoffCategory[byHandoffCategory.length - 1]
+                    : (byAssignee.length > 0 ? byAssignee[byAssignee.length - 1] : (all.length > 0 ? all[all.length - 1] : null)));
+                if (candidate) {
+                    metadata.review_handoff = { ...rhAny, comment_id: candidate.id };
+                    metadata.review_handoff_comment_id_autofilled = {
+                        previous: commentId || null,
+                        next: candidate.id,
+                        at: now,
+                        strategy: byHandoffCategory.length > 0 ? 'category:review_handoff' : (byAssignee.length > 0 ? 'latest_assignee_comment' : 'latest_comment'),
+                    };
+                }
+            }
+        }
     }
     if (previousStatus === 'validating' && nextStatus === 'doing' && !incomingReviewState) {
         metadata.review_state = 'needs_author';
@@ -859,7 +930,13 @@ function isEchoOutOfLaneTask(task) {
     // For Echo, anything classified outside content/docs voice lane gets flagged unless reassigned.
     return true;
 }
-function enforceReviewHandoffGateForValidating(status, taskId, metadata) {
+const reviewHandoffValidationStats = {
+    failures: 0,
+    lastFailureAt: 0,
+    lastFailureTaskId: '',
+    lastFailureError: '',
+};
+async function enforceReviewHandoffGateForValidating(status, taskId, metadata) {
     if (status !== 'validating')
         return { ok: true };
     if (isTaskAutomatedRecurring(metadata))
@@ -874,7 +951,7 @@ function enforceReviewHandoffGateForValidating(status, taskId, metadata) {
         return {
             ok: false,
             error: 'Review handoff required: metadata.review_handoff must include task_id, artifact_path, known_caveats (and pr_url + commit_sha unless doc_only=true, config_only=true, or non_code=true).',
-            hint: 'Example: { "review_handoff": { "task_id":"task-...", "artifact_path":"process/TASK-...md", "known_caveats":"none" } }. For non-code tasks (finance, legal, ops): set non_code=true. For config tasks: set config_only=true.',
+            hint: 'Example: { "review_handoff": { "task_id":"task-...", "artifact_path":"process/TASK-...md", "known_caveats":"none" } }. For non-code tasks: set non_code=true. Recommended: post the handoff comment with category="review_handoff" so the server stamps comment_id automatically.',
         };
     }
     const handoff = parsed.data;
@@ -885,6 +962,38 @@ function enforceReviewHandoffGateForValidating(status, taskId, metadata) {
             hint: 'Set metadata.review_handoff.task_id to the exact task being transitioned.',
         };
     }
+    // Ensure review_handoff.comment_id resolves to a real comment.
+    // If missing (or stale), we repair it from existing comments; if none exist,
+    // we create a server-authored pointer comment so reviewers always have a stable anchor.
+    const commentsAll = taskManager.getTaskComments(taskId, { includeSuppressed: true });
+    let commentId = typeof handoff.comment_id === 'string' ? handoff.comment_id.trim() : '';
+    let handoffComment = commentId ? (commentsAll.find(c => c.id === commentId) || null) : null;
+    if (!handoffComment) {
+        const byCategory = commentsAll.filter(c => {
+            const cat = String(c.category || '').toLowerCase();
+            return cat === 'review_handoff' || cat === 'handoff';
+        });
+        const candidate = byCategory.length > 0
+            ? byCategory[byCategory.length - 1]
+            : (commentsAll.length > 0 ? commentsAll[commentsAll.length - 1] : null);
+        if (candidate) {
+            commentId = candidate.id;
+            handoffComment = candidate;
+        }
+        else {
+            // No comments exist — create a stable anchor comment.
+            const created = await taskManager.addTaskComment(taskId, 'system', 'Auto-handoff: review_handoff is recorded in metadata.review_handoff (no explicit handoff comment was posted).', { category: 'review_handoff', provenance: { kind: 'auto_review_handoff', source: 'validating_gate' } });
+            commentId = created.id;
+            handoffComment = created;
+        }
+        // Persist repaired comment_id into the handoff metadata (server-side).
+        ;
+        handoff.comment_id = commentId;
+        const rhObj = root.review_handoff;
+        if (rhObj && typeof rhObj === 'object' && !Array.isArray(rhObj)) {
+            rhObj.comment_id = commentId;
+        }
+    }
     // config_only: artifacts live in ~/.reflectt/, no repo/PR required
     // doc_only/non_code/design/docs lanes: no PR/commit required
     const nonCodeLane = handoff.non_code === true || isDesignOrDocsLane(root);
@@ -904,7 +1013,43 @@ function enforceReviewHandoffGateForValidating(status, taskId, metadata) {
             };
         }
     }
-    return { ok: true };
+    // Artifact retrievability gate.
+    // If the artifact isn't accessible from this node (repo / shared-workspace / GitHub fallback),
+    // a reviewer on another host will almost certainly be blocked.
+    const artifactPath = typeof handoff.artifact_path === 'string' ? handoff.artifact_path.trim() : '';
+    const norm = normalizeArtifactPath(artifactPath);
+    if (norm.rejected || !norm.normalized) {
+        return {
+            ok: false,
+            error: `Validating gate: review_handoff.artifact_path is not a valid retrievable reference (${norm.rejectReason || 'invalid path'}).`,
+            hint: 'Use either (a) a PR/GitHub URL, or (b) a repo-relative path (e.g. process/TASK-...md) that exists on the referenced PR/commit, or (c) put the full spec in the handoff comment and point artifact_path at a stable URL.',
+        };
+    }
+    // URLs are assumed retrievable.
+    if (/^https?:\/\//i.test(norm.normalized))
+        return { ok: true };
+    // If the file is accessible locally (repo or shared-workspace), accept.
+    const repoRoot = resolve(import.meta.dirname || process.cwd(), '..');
+    const resolved = await resolveTaskArtifact(norm.normalized, repoRoot);
+    if (resolved.accessible)
+        return { ok: true };
+    // GitHub fallback: if PR+commit are known and artifact is process/*, we can build a stable blob URL.
+    const prUrl = root.pr_url || root.qa_bundle?.review_packet?.pr_url || root.review_handoff?.pr_url;
+    const commitSha = root.commit_sha || root.commit || root.qa_bundle?.review_packet?.commit || root.review_handoff?.commit_sha;
+    if (typeof prUrl === 'string' && typeof commitSha === 'string' && norm.normalized.startsWith('process/')) {
+        const blobUrl = buildGitHubBlobUrl(prUrl, commitSha, norm.normalized);
+        if (blobUrl)
+            return { ok: true };
+    }
+    // For non-code tasks, the handoff comment itself is considered the primary artifact.
+    // We only require that comment_id resolves (handled above).
+    if (nonCodeLane)
+        return { ok: true };
+    return {
+        ok: false,
+        error: 'Validating gate: review_handoff.artifact_path is not retrievable from repo/shared-workspace/GitHub fallback.',
+        hint: 'Move the artifact into shared-workspace process/, or reference a PR+commit so GitHub blob fallback can resolve it (process/* only).',
+    };
 }
 const DEFAULT_LIMITS = {
     chatMessages: 50,
@@ -1516,7 +1661,8 @@ export async function createServer() {
     await app.register(fastifyWebsocket);
     // Multipart file uploads (50MB limit)
     const fastifyMultipart = await import('@fastify/multipart');
-    await app.register(fastifyMultipart.default, { limits: { fileSize: 50 * 1024 * 1024 } });
+    const { MAX_SIZE_BYTES: _multipartMax } = await import('./files.js');
+    await app.register(fastifyMultipart.default, { limits: { fileSize: _multipartMax } });
     // Normalize error responses to a consistent envelope
     app.addHook('preSerialization', async (request, reply, payload) => {
         if (!payload || typeof payload !== 'object' || Array.isArray(payload)) {
@@ -1561,6 +1707,8 @@ export async function createServer() {
             envelope.gate = body.gate;
         if (body.problems !== undefined)
             envelope.problems = body.problems;
+        if (body.tombstone !== undefined)
+            envelope.tombstone = body.tombstone;
         if (alreadyEnvelope && body.data !== undefined)
             envelope.data = body.data;
         // Minimal persisted error log: enables /logs to return real entries.
@@ -1847,6 +1995,10 @@ export async function createServer() {
     // Board health execution worker — config from policy
     boardHealthWorker.updateConfig(policy.boardHealth);
     boardHealthWorker.start();
+    // Activate noise budget enforcement — the 24h canary period is complete.
+    // Canary mode (log-only) is still the default in case of fresh installs,
+    // but on a running server we want real duplicate suppression.
+    noiseBudgetManager.activateEnforcement();
     // Noise budget: wire digest flush handler to send batched messages to #ops
     noiseBudgetManager.setDigestFlushHandler(async (channel, entries) => {
         if (entries.length === 0)
@@ -1876,6 +2028,8 @@ export async function createServer() {
     startShippedHeartbeat();
     // Calendar reminder engine — polls for pending reminders every 30s
     startReminderEngine();
+    // Deploy monitor — alert within 5m when production deploys fail (Vercel + health URL)
+    startDeployMonitor();
     app.addHook('onClose', async () => {
         clearInterval(idleNudgeTimer);
         clearInterval(cadenceWatchdogTimer);
@@ -1885,6 +2039,7 @@ export async function createServer() {
         stopShippedHeartbeat();
         stopTeamPulse();
         stopReminderEngine();
+        stopDeployMonitor();
         stopKeepalive();
         stopSelfKeepalive();
         wsHeartbeat.stop();
@@ -2703,6 +2858,9 @@ export async function createServer() {
                 reflectionPipeline: { registered: Boolean(reflectionPipelineTimer), lastTickAt: ticks.reflection_pipeline, lastTickAgeSec: ageSec(ticks.reflection_pipeline) },
                 boardHealthWorker: { registered: board.running, lastTickAt: ticks.board_health || board.lastTickAt, lastTickAgeSec: ageSec(ticks.board_health || board.lastTickAt) },
             },
+            reviewHandoffValidation: {
+                ...reviewHandoffValidationStats,
+            },
             reflectionPipelineHealth: {
                 ...reflectionPipelineHealth,
             },
@@ -3037,6 +3195,23 @@ export async function createServer() {
             };
         }
         const data = parsedBody.data;
+        // Reserve system sender for server-internal control-plane messages.
+        // Prevent browser clients (dashboard.js) or external callers from spoofing system alerts.
+        //
+        // Allow explicit internal callers (tests/tools) via header:
+        //   x-reflectt-internal: true
+        if (data.from === 'system') {
+            const internal = String(request.headers['x-reflectt-internal'] || '').toLowerCase() === 'true';
+            if (!internal) {
+                reply.code(403);
+                return {
+                    success: false,
+                    error: 'Sender "system" is reserved (use from="dashboard" or your agent name).',
+                    code: 'SENDER_RESERVED',
+                    hint: 'Only internal callers may emit system messages. Add header x-reflectt-internal:true for test/tooling.',
+                };
+            }
+        }
         // Require at least content or attachments
         if (!data.content && (!data.attachments || data.attachments.length === 0)) {
             reply.code(400);
@@ -4306,6 +4481,24 @@ export async function createServer() {
             };
         }
         if (!resolved.task || !resolved.resolvedId) {
+            // Check if this task was deleted — return 410 Gone with tombstone metadata instead of 404.
+            const tombstone = taskManager.getTaskDeletionTombstone(request.params.id);
+            if (tombstone) {
+                reply.code(410);
+                return {
+                    success: false,
+                    error: 'Task has been deleted',
+                    code: 'TASK_DELETED',
+                    status: 410,
+                    tombstone: {
+                        taskId: tombstone.taskId,
+                        deletedAt: tombstone.deletedAt,
+                        deletedBy: tombstone.deletedBy,
+                        previousStatus: tombstone.previousStatus,
+                        title: tombstone.title,
+                    },
+                };
+            }
             reply.code(404);
             return {
                 error: 'Task not found',
@@ -4321,6 +4514,46 @@ export async function createServer() {
             matchType: resolved.matchType,
         };
     });
+    // ── Task handoff state ─────────────────────────────────────────────
+    app.get('/tasks/:id/handoff', async (request, reply) => {
+        const resolved = taskManager.resolveTaskId(request.params.id);
+        if (!resolved.task) {
+            reply.code(404);
+            return { error: 'Task not found' };
+        }
+        const meta = resolved.task.metadata;
+        const handoff = meta?.handoff_state ?? null;
+        return {
+            taskId: resolved.resolvedId,
+            status: resolved.task.status,
+            handoff_state: handoff,
+        };
+    });
+    app.put('/tasks/:id/handoff', async (request, reply) => {
+        const resolved = taskManager.resolveTaskId(request.params.id);
+        if (!resolved.task || !resolved.resolvedId) {
+            reply.code(404);
+            return { error: 'Task not found' };
+        }
+        const body = request.body;
+        const result = HandoffStateSchema.safeParse(body);
+        if (!result.success) {
+            reply.code(422);
+            return {
+                error: `Invalid handoff_state: ${result.error.issues.map(i => i.message).join(', ')}`,
+                hint: 'Required: reviewed_by (string), decision (approved|rejected|needs_changes|escalated). Optional: next_owner (string).',
+            };
+        }
+        const existingMeta = (resolved.task.metadata || {});
+        taskManager.updateTask(resolved.resolvedId, {
+            metadata: { ...existingMeta, handoff_state: result.data },
+        });
+        return {
+            success: true,
+            taskId: resolved.resolvedId,
+            handoff_state: result.data,
+        };
+    });
     // Task artifact visibility — resolves artifact paths and checks accessibility
     app.get('/tasks/:id/artifacts', async (request, reply) => {
         const resolved = resolveTaskFromParam(request.params.id, reply);
@@ -4987,6 +5220,24 @@ export async function createServer() {
             // fan out inbox-visible notifications to assignee/reviewer + explicit @mentions.
             // Notification routing respects per-agent preferences (quiet hours, mute, filters).
             const task = taskManager.getTask(resolved.resolvedId);
+            // ── Transactional review_handoff.comment_id stamping ──
+            // If the author tags this comment as the handoff entrypoint, the server stamps
+            // metadata.review_handoff.comment_id from the persisted comment ID.
+            // This prevents clients from supplying phantom IDs.
+            const category = typeof data.category === 'string' ? String(data.category).trim().toLowerCase() : '';
+            if (task && (category === 'review_handoff' || category === 'handoff')) {
+                const meta = (task.metadata || {});
+                const rh = meta.review_handoff;
+                if (rh && typeof rh === 'object' && !Array.isArray(rh)) {
+                    const rhAny = rh;
+                    if (rhAny.comment_id !== comment.id) {
+                        taskManager.patchTaskMetadata(task.id, {
+                            review_handoff: { ...rhAny, comment_id: comment.id },
+                            review_handoff_comment_id_stamped_at: Date.now(),
+                        });
+                    }
+                }
+            }
             // Never fan out notifications for test-harness tasks.
             // Our repo contains a few "LIVE server" tests (BASE=127.0.0.1:4445) that create
             // tasks/comments with metadata.is_test=true. Without this guard, running `npm test`
@@ -5469,7 +5720,9 @@ export async function createServer() {
                 || data.metadata?.skip_dedup === true
                 || data.metadata?.is_test === true;
             if (!skipDedup && data.assignee) {
-                const TASK_DEDUP_WINDOW_MS = 4 * 60 * 60 * 1000; // 4 hours
+                // 60-second window targets gateway reconnect double-fire (typical gap: <10s)
+                // without blocking legitimate same-title task creation later in the day.
+                const TASK_DEDUP_WINDOW_MS = 60_000; // 60 seconds
                 const cutoff = Date.now() - TASK_DEDUP_WINDOW_MS;
                 const normalizedTitle = data.title.trim().toLowerCase();
                 const activeTasks = taskManager.listTasks({ includeTest: true }).filter(t => t.status !== 'done'
@@ -5477,16 +5730,15 @@ export async function createServer() {
                     && t.createdAt >= cutoff
                     && t.title.trim().toLowerCase() === normalizedTitle);
                 if (activeTasks.length > 0) {
+                    // Return 200 with the existing task (collapse, not reject).
+                    // Agents that create-on-reconnect receive a success response identical
+                    // to what they'd get from a new creation — no retry loop triggered.
                     const existing = activeTasks[0];
-                    reply.code(409);
                     return {
-                        success: false,
-                        error: 'Duplicate task',
-                        code: 'DUPLICATE_TASK',
-                        status: 409,
-                        existing_id: existing.id,
-                        existing_status: existing.status,
-                        hint: `Task "${existing.title}" already exists for ${data.assignee} (${existing.id}, status: ${existing.status}). Created ${Math.round((Date.now() - existing.createdAt) / 60000)}m ago.`,
+                        success: true,
+                        task: existing,
+                        deduplicated: true,
+                        hint: `Duplicate suppressed — task "${existing.title}" already exists for ${data.assignee} (${existing.id}, status: ${existing.status}, created ${Math.round((Date.now() - existing.createdAt) / 1000)}s ago).`,
                     };
                 }
             }
@@ -5879,6 +6131,14 @@ export async function createServer() {
         const pruned = boardHealthWorker.pruneAuditLog(maxAgeDays);
         return { success: true, pruned };
     });
+    app.post('/board-health/quiet-window', async () => {
+        boardHealthWorker.resetQuietWindow();
+        return {
+            success: true,
+            quietUntil: Date.now() + (boardHealthWorker.getStatus().config?.restartQuietWindowMs ?? 300_000),
+            message: 'Quiet window reset — ready-queue alerts suppressed for restart window',
+        };
+    });
     // ── Agent change feed ─────────────────────────────────────────────────
     app.get('/feed/:agent', async (request) => {
         const { agent } = request.params;
@@ -6106,7 +6366,23 @@ export async function createServer() {
             }
             // Merge incoming metadata with existing for gate checks + persistence.
             // Apply auto-defaults (ETA, artifact_path) when not explicitly provided.
-            const incomingMeta = parsed.metadata || {};
+            // Do not accept caller-supplied review_handoff.comment_id (it must be stamped server-side from POST /tasks/:id/comments).
+            // If a client tries to patch it directly, we strip it to prevent phantom pointers.
+            const incomingMetaRaw = (parsed.metadata || {});
+            const incomingMeta = { ...incomingMetaRaw };
+            const incomingRh = incomingMeta.review_handoff;
+            if (incomingRh && typeof incomingRh === 'object' && !Array.isArray(incomingRh)) {
+                const rhAny = incomingRh;
+                if (typeof rhAny.comment_id === 'string') {
+                    const { comment_id, ...rest } = rhAny;
+                    incomingMeta.review_handoff = rest;
+                    incomingMeta.review_handoff_comment_id_stripped = {
+                        stripped: true,
+                        attempted: comment_id,
+                        at: Date.now(),
+                    };
+                }
+            }
             const effectiveTargetStatus = parsed.status ?? existing.status;
             const autoFilledMeta = applyAutoDefaults(lookup.resolvedId, effectiveTargetStatus, incomingMeta);
             const mergedRawMeta = { ...(existing.metadata || {}), ...autoFilledMeta };
@@ -6147,6 +6423,22 @@ export async function createServer() {
                     mergedMeta.reopened_from = existing.status;
                 }
             }
+            // ── Handoff state validation ──
+            if (mergedMeta.handoff_state && typeof mergedMeta.handoff_state === 'object') {
+                const handoffResult = HandoffStateSchema.safeParse(mergedMeta.handoff_state);
+                if (!handoffResult.success) {
+                    reply.code(422);
+                    return {
+                        success: false,
+                        error: `Invalid handoff_state: ${handoffResult.error.issues.map(i => i.message).join(', ')}`,
+                        code: 'INVALID_HANDOFF_STATE',
+                        hint: 'handoff_state must have: reviewed_by (string), decision (approved|rejected|needs_changes|escalated), optional next_owner (string). Max 3 fields per COO rule.',
+                        gate: 'handoff_state',
+                    };
+                }
+                // Stamp validated handoff
+                mergedMeta.handoff_state = handoffResult.data;
+            }
             // ── Cancel reason gate: require cancel_reason when transitioning to cancelled ──
             if (parsed.status === 'cancelled') {
                 const meta = (incomingMeta ?? {});
@@ -6285,8 +6577,12 @@ export async function createServer() {
                     hint: qaGate.hint,
                 };
             }
-            const handoffGate = enforceReviewHandoffGateForValidating(effectiveStatus, lookup.resolvedId, mergedMeta);
+            const handoffGate = await enforceReviewHandoffGateForValidating(effectiveStatus, lookup.resolvedId, mergedMeta);
             if (!handoffGate.ok) {
+                reviewHandoffValidationStats.failures += 1;
+                reviewHandoffValidationStats.lastFailureAt = Date.now();
+                reviewHandoffValidationStats.lastFailureTaskId = lookup.resolvedId;
+                reviewHandoffValidationStats.lastFailureError = handoffGate.error;
                 reply.code(400);
                 return {
                     success: false,
@@ -6595,20 +6891,24 @@ export async function createServer() {
             if (task.assignee) {
                 if (parsed.status === 'done') {
                     presenceManager.recordActivity(task.assignee, 'task_completed');
-                    presenceManager.updatePresence(task.assignee, 'working');
+                    presenceManager.updatePresence(task.assignee, 'working', null);
                     trackTaskEvent('completed');
                 }
                 else if (parsed.status === 'doing') {
-                    presenceManager.updatePresence(task.assignee, 'working');
+                    presenceManager.updatePresence(task.assignee, 'working', task.id);
                 }
                 else if (parsed.status === 'blocked') {
-                    presenceManager.updatePresence(task.assignee, 'blocked');
+                    presenceManager.updatePresence(task.assignee, 'blocked', task.id);
                 }
                 else if (parsed.status === 'validating') {
-                    presenceManager.updatePresence(task.assignee, 'reviewing');
+                    presenceManager.updatePresence(task.assignee, 'reviewing', task.id);
                 }
             }
             // ── Reviewer notification: @mention reviewer when task enters validating ──
+            // NOTE: A dedup_key is set here so the inline chat dedup guard suppresses
+            // any duplicate reviewRequested send that may arrive via the statusNotifTargets
+            // loop below for the same task+transition. Without it, two messages fire for
+            // every todo→validating transition (this direct send + the loop send).
             if (parsed.status === 'validating' && existing.status !== 'validating' && existing.reviewer) {
                 const taskMeta = task.metadata;
                 const prUrl = taskMeta?.review_handoff?.pr_url
@@ -6617,6 +6917,7 @@ export async function createServer() {
                 const prLine = prUrl ? `\nPR: ${prUrl}` : '';
                 chatManager.sendMessage({
                     from: 'system',
+                    to: existing.reviewer,
                     content: `@${existing.reviewer} [reviewRequested:${task.id}] ${task.title} → validating${prLine}`,
                     channel: 'task-notifications',
                     metadata: {
@@ -6624,6 +6925,7 @@ export async function createServer() {
                         taskId: task.id,
                         reviewer: existing.reviewer,
                         prUrl: prUrl || undefined,
+                        dedup_key: `review-requested:${task.id}:${task.updatedAt}`,
                     },
                 }).catch(() => { }); // Non-blocking
             }
@@ -6726,6 +7028,7 @@ export async function createServer() {
                 const reviewMsg = `@${task.reviewer} review requested: **${task.title}** (${task.id})${prLink}. Please approve or flag issues.`;
                 chatManager.sendMessage({
                     from: 'system',
+                    to: task.reviewer,
                     content: reviewMsg,
                     channel: 'reviews',
                     metadata: {
@@ -6746,13 +7049,17 @@ export async function createServer() {
             // Dedupe guard: prevent stale/out-of-order notification events
             const { shouldEmitNotification } = await import('./notificationDedupeGuard.js');
             for (const target of statusNotifTargets) {
-                // Check dedupe guard before emitting
+                // Check dedupe guard before emitting.
+                // Pass targetAgent so each recipient gets an independent cursor — prevents
+                // the first recipient's cursor update from suppressing later recipients for
+                // the same event (e.g. assignee + reviewer both getting taskCompleted on 'done').
                 const dedupeCheck = shouldEmitNotification({
                     taskId: task.id,
                     eventUpdatedAt: task.updatedAt,
                     eventStatus: parsed.status,
                     currentTaskStatus: task.status,
                     currentTaskUpdatedAt: task.updatedAt,
+                    targetAgent: target.agent,
                 });
                 if (!dedupeCheck.emit) {
                     console.log(`[NotifDedupe] Suppressed: ${dedupeCheck.reason}`);
@@ -6765,7 +7072,13 @@ export async function createServer() {
                     message: `Task ${task.id} → ${parsed.status}`,
                 });
                 if (routing.shouldNotify) {
-                    // Route through inbox/chat based on delivery method preference
+                    // Route through inbox/chat based on delivery method preference.
+                    // For reviewRequested, set a dedup_key matching the direct send above so the
+                    // inline chat dedup suppresses this copy (the direct send fires first with a
+                    // richer payload including PR URL and `to:` routing).
+                    const dedupKey = target.type === 'reviewRequested'
+                        ? `review-requested:${task.id}:${task.updatedAt}`
+                        : undefined;
                     chatManager.sendMessage({
                         from: 'system',
                         content: `@${target.agent} [${target.type}:${task.id}] ${task.title} → ${parsed.status}`,
@@ -6776,6 +7089,7 @@ export async function createServer() {
                             status: parsed.status,
                             updatedAt: task.updatedAt,
                             deliveryMethod: routing.deliveryMethod,
+                            ...(dedupKey ? { dedup_key: dedupKey } : {}),
                         },
                     }).catch(() => { }); // Non-blocking
                 }
@@ -6844,7 +7158,29 @@ export async function createServer() {
         const sourceInfo = getAgentRolesSource();
         return { success: true, agents: enriched, config: sourceInfo };
     };
+    app.get('/agents', async () => buildRoleRegistryPayload());
     app.get('/agents/roles', async () => buildRoleRegistryPayload());
+    // Host-native identity resolution — resolves agent by name, alias, or display name
+    // without requiring the OpenClaw gateway. Merges YAML roles + agent_config table.
+    app.get('/agents/:name/identity', async (request) => {
+        const { name } = request.params;
+        const resolved = resolveAgentMention(name);
+        const role = resolved ? getAgentRole(resolved) : getAgentRole(name);
+        if (!role) {
+            return { found: false, query: name, hint: 'Agent not found in YAML roles or config' };
+        }
+        return {
+            found: true,
+            agentId: role.name,
+            displayName: role.displayName ?? role.name,
+            role: role.role,
+            description: role.description ?? null,
+            aliases: role.aliases ?? [],
+            affinityTags: role.affinityTags ?? [],
+            wipCap: role.wipCap,
+            source: 'yaml',
+        };
+    });
     // Team-scoped alias for assignment-engine consumers
     app.get('/team/roles', async () => {
         const payload = buildRoleRegistryPayload();
@@ -6860,6 +7196,13 @@ export async function createServer() {
     // ── File upload/download ──
     app.post('/files', async (request, reply) => {
         try {
+            const { MAX_SIZE_BYTES: maxBytes } = await import('./files.js');
+            // Early rejection via Content-Length before reading body
+            const declaredLength = parseInt(String(request.headers['content-length'] || ''), 10);
+            if (!Number.isNaN(declaredLength) && declaredLength > maxBytes) {
+                reply.code(413);
+                return { success: false, error: `File exceeds ${maxBytes / (1024 * 1024)}MB limit (Content-Length: ${declaredLength} bytes)` };
+            }
             const data = await request.file();
             if (!data) {
                 reply.code(400);
@@ -6869,10 +7212,10 @@ export async function createServer() {
             for await (const chunk of data.file)
                 chunks.push(chunk);
             const buffer = Buffer.concat(chunks);
-            // Check if stream was truncated (exceeds limit)
+            // Check if stream was truncated (exceeds multipart limit)
             if (data.file.truncated) {
                 reply.code(413);
-                return { success: false, error: 'File exceeds 50MB limit' };
+                return { success: false, error: `File exceeds ${maxBytes / (1024 * 1024)}MB limit` };
             }
             const fields = data.fields;
             const uploadedBy = typeof fields?.uploadedBy?.value === 'string' ? fields.uploadedBy.value : 'anonymous';
@@ -6894,10 +7237,11 @@ export async function createServer() {
             return result;
         }
         catch (err) {
+            const { MAX_SIZE_BYTES: maxBytes } = await import('./files.js');
             const msg = err instanceof Error ? err.message : String(err);
             if (msg.includes('Request file too large')) {
                 reply.code(413);
-                return { success: false, error: 'File exceeds 50MB limit' };
+                return { success: false, error: `File exceeds ${maxBytes / (1024 * 1024)}MB limit` };
             }
             reply.code(500);
             return { success: false, error: 'Upload failed' };
@@ -7093,6 +7437,137 @@ export async function createServer() {
             return { success: false, error: msg };
         }
     });
+    // POST /agents — Add a single agent to the team
+    app.post('/agents', async (request, reply) => {
+        const body = request.body;
+        const name = typeof body.name === 'string' ? body.name.trim().toLowerCase() : '';
+        const role = typeof body.role === 'string' ? body.role.trim() : '';
+        const description = typeof body.description === 'string' ? body.description.trim() : '';
+        if (!name) {
+            reply.code(400);
+            return { success: false, error: 'name is required' };
+        }
+        if (!role) {
+            reply.code(400);
+            return { success: false, error: 'role is required' };
+        }
+        if (/[^a-z0-9_-]/.test(name)) {
+            reply.code(400);
+            return { success: false, error: 'name must be lowercase alphanumeric (a-z, 0-9, -, _)' };
+        }
+        // Check if agent already exists
+        const existing = getAgentRoles().find(r => r.name === name);
+        if (existing) {
+            reply.code(409);
+            return { success: false, error: `Agent "${name}" already exists (role: ${existing.role})` };
+        }
+        // Read existing YAML and append new agent
+        const { readFileSync, writeFileSync, existsSync } = await import('node:fs');
+        const { join } = await import('node:path');
+        const filePath = join(REFLECTT_HOME, 'TEAM-ROLES.yaml');
+        let yaml = '';
+        if (existsSync(filePath)) {
+            yaml = readFileSync(filePath, 'utf-8');
+        }
+        if (!yaml.includes('agents:')) {
+            yaml = 'agents:\n';
+        }
+        // Build agent YAML entry
+        const affinityTags = Array.isArray(body.affinityTags) ? body.affinityTags : [role];
+        const wipCap = typeof body.wipCap === 'number' ? body.wipCap : 2;
+        const desc = description || `${role} agent.`;
+        const entry = [
+            `  - name: ${name}`,
+            `    role: ${role}`,
+            `    description: ${desc}`,
+            `    affinityTags: [${affinityTags.join(', ')}]`,
+            `    wipCap: ${wipCap}`,
+        ].join('\n');
+        // Insert before lanes: section (if present), otherwise append
+        const lanesIdx = yaml.indexOf('\nlanes:');
+        if (lanesIdx >= 0) {
+            yaml = yaml.slice(0, lanesIdx) + '\n' + entry + yaml.slice(lanesIdx);
+        }
+        else {
+            yaml = yaml.trimEnd() + '\n' + entry + '\n';
+        }
+        try {
+            writeFileSync(filePath, yaml, 'utf-8');
+            const { loadAgentRoles } = await import('./assignment.js');
+            const reloaded = loadAgentRoles();
+            // Scaffold agent workspace if it doesn't exist
+            let workspaceCreated = false;
+            try {
+                const { mkdirSync, existsSync: dirExists } = await import('node:fs');
+                const workspaceDir = join(REFLECTT_HOME, `workspace-${name}`);
+                if (!dirExists(workspaceDir)) {
+                    mkdirSync(workspaceDir, { recursive: true });
+                    writeFileSync(join(workspaceDir, 'SOUL.md'), `# ${name}\n\n*${desc}*\n`, 'utf-8');
+                    writeFileSync(join(workspaceDir, 'AGENTS.md'), `# ${name}\n\nRole: ${role}\n\n${desc}\n`, 'utf-8');
+                    workspaceCreated = true;
+                }
+            }
+            catch (wsErr) {
+                console.warn(`[Agents] Workspace scaffold failed for ${name}:`, wsErr.message);
+            }
+            return {
+                success: true,
+                agent: { name, role, description: desc, wipCap },
+                totalAgents: reloaded.roles.length,
+                workspaceCreated,
+                hint: `Agent "${name}" added to team and hot-reloaded. Start heartbeating: GET /heartbeat/${name}`,
+            };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : 'Failed to save agent';
+            reply.code(500);
+            return { success: false, error: msg };
+        }
+    });
+    // DELETE /agents/:name — Remove an agent from the team
+    app.delete('/agents/:name', async (request, reply) => {
+        const name = request.params.name.toLowerCase();
+        const existing = getAgentRoles().find(r => r.name === name);
+        if (!existing) {
+            reply.code(404);
+            return { success: false, error: `Agent "${name}" not found` };
+        }
+        const { readFileSync, writeFileSync } = await import('node:fs');
+        const { join } = await import('node:path');
+        const filePath = join(REFLECTT_HOME, 'TEAM-ROLES.yaml');
+        let yaml = readFileSync(filePath, 'utf-8');
+        // Remove the agent block: from "  - name: <name>" to the next "  - name:" or top-level key or EOF
+        const lines = yaml.split('\n');
+        const filtered = [];
+        let skipping = false;
+        for (const line of lines) {
+            if (line.match(new RegExp(`^\\s+-\\s+name:\\s+${name}\\s*$`))) {
+                skipping = true;
+                continue;
+            }
+            if (skipping) {
+                // Stop skipping at next agent entry, top-level key, or blank line before top-level
+                if (line.match(/^\s+-\s+name:\s/) || line.match(/^[a-z]/)) {
+                    skipping = false;
+                    filtered.push(line);
+                }
+                continue;
+            }
+            filtered.push(line);
+        }
+        yaml = filtered.join('\n');
+        try {
+            writeFileSync(filePath, yaml, 'utf-8');
+            const { loadAgentRoles } = await import('./assignment.js');
+            const reloaded = loadAgentRoles();
+            return { success: true, removed: name, totalAgents: reloaded.roles.length };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : 'Failed to remove agent';
+            reply.code(500);
+            return { success: false, error: msg };
+        }
+    });
     // Resolve a mention string (name, displayName, or alias) to an agent ID
     app.get('/resolve/mention/:mention', async (request) => {
         const agentName = resolveAgentMention(request.params.mention);
@@ -7129,55 +7604,7 @@ export async function createServer() {
         };
     });
     // ── Approval Queue ──────────────────────────────────────────────────
-    app.get('/approval-queue', async () => {
-        // Tasks in 'todo' that were auto-assigned (have suggestedAgent in metadata) or need assignment review
-        const allTasks = taskManager.listTasks({});
-        const todoTasks = allTasks.filter(t => t.status === 'todo');
-        const items = todoTasks.map(t => {
-            const task = t;
-            const meta = task.metadata || {};
-            const title = task.title || '';
-            const tags = Array.isArray(task.tags) ? task.tags : [];
-            const doneCriteria = Array.isArray(task.done_criteria) ? task.done_criteria : [];
-            // Score all agents for this task
-            const roles = getAgentRoles();
-            const agentOptions = roles.map(agent => {
-                const wipCount = allTasks.filter(at => at.status === 'doing' && (at.assignee || '').toLowerCase() === agent.name).length;
-                const s = scoreAssignment(agent, { title, tags, done_criteria: doneCriteria }, wipCount);
-                return {
-                    agentId: agent.name,
-                    name: agent.name,
-                    confidenceScore: Math.max(0, Math.min(1, s.score)),
-                    affinityTags: agent.affinityTags,
-                };
-            }).sort((a, b) => b.confidenceScore - a.confidenceScore);
-            const topAgent = agentOptions[0];
-            const suggestedAgent = task.assignee || topAgent?.agentId || null;
-            const confidenceScore = topAgent?.confidenceScore || 0;
-            const confidenceReason = topAgent && topAgent.confidenceScore > 0
-                ? `${topAgent.name}: affinity match on ${topAgent.affinityTags.slice(0, 3).join(', ')}`
-                : 'No strong affinity match';
-            return {
-                taskId: task.id,
-                title,
-                description: task.description || '',
-                priority: task.priority || 'P3',
-                suggestedAgent,
-                confidenceScore,
-                confidenceReason,
-                agentOptions,
-                status: 'pending',
-            };
-        });
-        const highConfidence = items.filter(i => i.confidenceScore >= 0.85);
-        const needsReview = items.filter(i => i.confidenceScore < 0.85);
-        return {
-            items: [...highConfidence, ...needsReview],
-            total: items.length,
-            highConfidenceCount: highConfidence.length,
-            needsReviewCount: needsReview.length,
-        };
-    });
+    // Note: GET /approval-queue is defined below near /approval-queue/:approvalId/decide
     app.post('/approval-queue/:taskId/approve', async (request, reply) => {
         const body = request.body;
         const taskId = request.params.taskId;
@@ -7333,6 +7760,88 @@ export async function createServer() {
             warnings: result.warnings,
         };
     });
+    // ── Presence Layer canvas state ─────────────────────────────────────
+    // Agent emits canvas_render state transitions for the Presence Layer.
+    // Deterministic event types. No "AI can emit anything" protocol.
+    const CANVAS_STATES = ['floor', 'listening', 'thinking', 'rendering', 'ambient', 'decision', 'urgent', 'handoff'];
+    const SENSOR_VALUES = [null, 'mic', 'camera', 'mic+camera'];
+    const CanvasRenderSchema = z.object({
+        state: z.enum(CANVAS_STATES),
+        sensors: z.enum(['mic', 'camera', 'mic+camera']).nullable().default(null),
+        agentId: z.string().min(1),
+        payload: z.object({
+            text: z.string().optional(),
+            media: z.unknown().optional(),
+            decision: z.object({
+                question: z.string(),
+                context: z.string().optional(),
+                decisionId: z.string(),
+                expiresAt: z.number().optional(),
+                autoAction: z.string().optional(),
+            }).optional(),
+            agents: z.array(z.object({
+                name: z.string(),
+                state: z.string(),
+                task: z.string().optional(),
+            })).optional(),
+            summary: z.object({
+                headline: z.string(),
+                items: z.array(z.string()).optional(),
+                cost: z.string().optional(),
+                duration: z.string().optional(),
+            }).optional(),
+        }).default({}),
+    });
+    // Current state per agent — in-memory, not persisted
+    const canvasStateMap = new Map();
+    // POST /canvas/state — agent emits a state transition
+    app.post('/canvas/state', async (request, reply) => {
+        const result = CanvasRenderSchema.safeParse(request.body);
+        if (!result.success) {
+            reply.code(422);
+            return {
+                error: `Invalid canvas state: ${result.error.issues.map(i => i.message).join(', ')}`,
+                hint: `state must be one of: ${CANVAS_STATES.join(', ')}`,
+                validStates: CANVAS_STATES,
+            };
+        }
+        const { state, sensors, agentId, payload } = result.data;
+        const now = Date.now();
+        // Store current state
+        canvasStateMap.set(agentId, { state, sensors, payload, updatedAt: now });
+        // Emit canvas_render event over SSE
+        eventBus.emit({
+            id: `crender-${now}-${Math.random().toString(36).slice(2, 8)}`,
+            type: 'canvas_render',
+            timestamp: now,
+            data: { state, sensors, agentId, payload },
+        });
+        return { success: true, state, agentId, timestamp: now };
+    });
+    // GET /canvas/state — current state for all agents (or one)
+    app.get('/canvas/state', async (request) => {
+        const query = request.query;
+        if (query.agentId) {
+            const entry = canvasStateMap.get(query.agentId);
+            return entry ?? { state: 'floor', sensors: null, payload: {}, updatedAt: null };
+        }
+        const all = {};
+        for (const [id, entry] of canvasStateMap) {
+            all[id] = entry;
+        }
+        return { agents: all, count: canvasStateMap.size };
+    });
+    // GET /canvas/states — valid state + sensor values (discovery)
+    app.get('/canvas/states', async () => ({
+        states: CANVAS_STATES,
+        sensors: SENSOR_VALUES,
+        schema: {
+            state: 'floor | listening | thinking | rendering | ambient | decision | urgent | handoff',
+            sensors: 'null | mic | camera | mic+camera (non-dismissable trust indicator)',
+            agentId: 'required — which agent is driving the canvas',
+            payload: 'optional — text, media, decision, agents, summary',
+        },
+    }));
     // GET /canvas/slots — current active slots
     app.get('/canvas/slots', async () => {
         return {
@@ -8907,6 +9416,26 @@ export async function createServer() {
         const allDrops = chatManager.getDropStats();
         const agentDrops = allDrops[agent];
         const focusSummary = getFocusSummary();
+        // Boot context: recent memories + active run (survives restart)
+        let bootMemories = [];
+        let activeRun = null;
+        try {
+            const { listMemories } = await import('./agent-memories.js');
+            const memories = listMemories({ agentId: agent, limit: 5 });
+            bootMemories = memories.map(m => ({
+                key: m.key, content: m.content.slice(0, 200),
+                namespace: m.namespace, updatedAt: m.updatedAt,
+            }));
+        }
+        catch { /* agent-memories not available */ }
+        try {
+            const { getActiveAgentRun } = await import('./agent-runs.js');
+            const run = getActiveAgentRun(agent, 'default');
+            if (run) {
+                activeRun = { id: run.id, objective: run.objective, status: run.status, startedAt: run.startedAt };
+            }
+        }
+        catch { /* agent-runs not available */ }
         return {
             agent, ts: Date.now(),
             active: slim(activeTask), next: pauseStatus.paused ? null : slim(nextTask),
@@ -8916,6 +9445,12 @@ export async function createServer() {
             ...(focusSummary ? { focus: focusSummary } : {}),
             ...(agentDrops ? { drops: { total: agentDrops.total, rolling_1h: agentDrops.rolling_1h } } : {}),
             ...(pauseStatus.paused ? { paused: true, pauseMessage: pauseStatus.message, resumesAt: pauseStatus.entry?.pausedUntil ?? null } : {}),
+            ...(bootMemories.length > 0 ? { memories: bootMemories } : {}),
+            ...(activeRun ? { run: activeRun } : {}),
+            ...(() => {
+                const p = presenceManager.getAllPresence().find(p => p.agent === agent);
+                return p?.waiting ? { waiting: p.waiting } : {};
+            })(),
             action: pauseStatus.paused ? `PAUSED: ${pauseStatus.message}`
                 : activeTask ? `Continue ${activeTask.id}`
                     : nextTask ? `Claim ${nextTask.id}`
@@ -8923,6 +9458,21 @@ export async function createServer() {
                             : 'HEARTBEAT_OK',
         };
     });
+    // ── Agent Waiting State ──────────────────────────────────────────────
+    // Agents signal they're blocked on human input. Shows in heartbeat + presence.
+    app.post('/agents/:agent/waiting', async (request, reply) => {
+        const agent = String(request.params.agent || '').trim().toLowerCase();
+        const body = request.body ?? {};
+        if (!body.reason)
+            return reply.code(400).send({ error: 'reason is required' });
+        presenceManager.setWaiting(agent, { reason: body.reason, waitingFor: body.waitingFor, taskId: body.taskId, expiresAt: body.expiresAt });
+        return { success: true, agent, status: 'waiting', waiting: { reason: body.reason, waitingFor: body.waitingFor, taskId: body.taskId, expiresAt: body.expiresAt } };
+    });
+    app.delete('/agents/:agent/waiting', async (request) => {
+        const agent = String(request.params.agent || '').trim().toLowerCase();
+        presenceManager.clearWaiting(agent);
+        return { success: true, agent, status: 'idle' };
+    });
     // ── Bootstrap: dynamic agent config generation ──────────────────────
     app.get('/bootstrap/heartbeat/:agent', async (request) => {
         const agent = String(request.params.agent || '').trim().toLowerCase();
@@ -8986,6 +9536,7 @@ If your heartbeat shows **no active task** and **no next task**:
 - Do not load full chat history.
 - Do not post plan-only updates.
 - If nothing changed and no direct action is required, reply \`HEARTBEAT_OK\`.
+- **Decision authority:** Team owns product/arch/process decisions. Escalate credentials, legal, and vision decisions to the admin/owner. See \`decision_authority\` block in \`defaults/TEAM-ROLES.yaml\` for the full list.
 `;
         // Stable hash for change detection (agents can cache and compare)
         const { createHash } = await import('node:crypto');
@@ -9063,6 +9614,7 @@ If your heartbeat shows **no active task** and **no next task**:
                 endpoints: [
                     { method: 'POST', path: '/reflections', hint: 'Submit. Required: pain, impact, evidence[], went_well, suspected_why, proposed_fix, confidence, role_type, author' },
                     { method: 'GET', path: '/reflections', hint: 'List. Query: author, limit' },
+                    { method: 'GET', path: '/reflections/schema', hint: 'Required/optional fields, role types, severity levels, dedup rules' },
                 ],
             },
             activity: {
@@ -9316,8 +9868,18 @@ If your heartbeat shows **no active task** and **no next task**:
             reply.code(404);
             return { success: false, error: 'Task not found', input: id, suggestions: lookup.suggestions };
         }
-        if (task.assignee) {
-            return { success: false, error: `Task already assigned to ${task.assignee}` };
+        const assignee = String(task.assignee || '').trim();
+        const isUnassigned = assignee.length === 0 || assignee.toLowerCase() === 'unassigned';
+        if (!isUnassigned) {
+            reply.code(409);
+            return {
+                success: false,
+                error: `Task already assigned to ${assignee}`,
+                code: 'TASK_ALREADY_ASSIGNED',
+                status: 409,
+                assignee,
+                hint: 'Task claims are atomic: first claim wins. Pull another task via GET /tasks/next.',
+            };
         }
         const shortId = lookup.resolvedId.replace(/^task-\d+-/, '');
         const branch = `${body.agent}/task-${shortId}`;
@@ -10079,17 +10641,12 @@ If your heartbeat shows **no active task** and **no next task**:
             return { success: false, error: 'agent and model are required' };
         }
         const event = recordUsage({
-            agent: body.agent,
-            task_id: body.task_id,
+            agentId: body.agent,
             model: body.model,
-            provider: body.provider || 'unknown',
-            input_tokens: Number(body.input_tokens) || 0,
-            output_tokens: Number(body.output_tokens) || 0,
-            estimated_cost_usd: body.estimated_cost_usd != null ? Number(body.estimated_cost_usd) : undefined,
-            category: body.category || 'other',
+            inputTokens: Number(body.input_tokens) || 0,
+            outputTokens: Number(body.output_tokens) || 0,
+            cost: body.estimated_cost_usd != null ? Number(body.estimated_cost_usd) : 0,
             timestamp: Number(body.timestamp) || Date.now(),
-            team_id: body.team_id,
-            metadata: body.metadata,
         });
         return { success: true, event };
     });
@@ -10170,6 +10727,42 @@ If your heartbeat shows **no active task** and **no next task**:
         const q = request.query;
         return { suggestions: getRoutingSuggestions({ since: q.since ? Number(q.since) : undefined }) };
     });
+    // ── Cost Dashboard ──
+    // GET /costs — aggregated spend: daily by model, avg per lane, top tasks
+    app.get('/costs', async (request) => {
+        const q = request.query;
+        const days = q.days ? Math.min(Number(q.days), 90) : 7;
+        const since = Date.now() - days * 24 * 60 * 60 * 1000;
+        const dailyByModel = getDailySpendByModel({ days });
+        const byLane = getAvgCostByLane({ days: Math.max(days, 30) }); // lane data needs more window
+        const byAgent = getAvgCostByAgent({ days: Math.max(days, 30) });
+        const topTasks = getUsageByTask({ since, limit: 20 });
+        const summary = getUsageSummary({ since });
+        // Roll up daily totals per day for the sparkline
+        const dailyTotals = {};
+        for (const row of dailyByModel) {
+            dailyTotals[row.date] = (dailyTotals[row.date] ?? 0) + row.total_cost_usd;
+        }
+        // Note: avg_cost_by_lane and avg_cost_by_agent use Math.max(days, 30) as their window.
+        // Lane/agent-level averages need task density to be meaningful — a 7-day window might
+        // have 0-1 closed tasks per agent/lane and produce misleading numbers. Using a 30-day
+        // floor is intentional. daily_by_model, daily_totals, and top_tasks_by_cost use the
+        // requested `days` window directly and will match the `window_days` field in the response.
+        const laneAgentWindow = Math.max(days, 30);
+        return {
+            window_days: days,
+            lane_agent_window_days: laneAgentWindow,
+            summary: Array.isArray(summary) ? summary[0] ?? null : summary,
+            daily_by_model: dailyByModel,
+            daily_totals: Object.entries(dailyTotals)
+                .sort(([a], [b]) => a.localeCompare(b))
+                .map(([date, total_cost_usd]) => ({ date, total_cost_usd })),
+            avg_cost_by_lane: byLane,
+            avg_cost_by_agent: byAgent,
+            top_tasks_by_cost: topTasks,
+            generated_at: Date.now(),
+        };
+    });
     // Operational metrics endpoint (lightweight dashboard contract)
     app.get('/metrics', async () => {
         const startedAt = Date.now();
@@ -10587,6 +11180,10 @@ If your heartbeat shows **no active task** and **no next task**:
             request.headers['x-request-id'] ||
             undefined;
         const idempotencyKey = deliveryId ? `${provider}_${deliveryId}` : undefined;
+        // Enrich GitHub webhook payloads with agent attribution
+        const enrichedBody = provider === 'github'
+            ? enrichWebhookPayload(body)
+            : body;
         // Enqueue through delivery engine for each configured target
         const events = [];
         for (const route of routes) {
@@ -10597,7 +11194,7 @@ If your heartbeat shows **no active task** and **no next task**:
             const event = webhookDelivery.enqueue({
                 provider,
                 eventType,
-                payload: body,
+                payload: enrichedBody,
                 targetUrl: `http://localhost:${serverConfig.port}${route.path}`,
                 idempotencyKey: idempotencyKey ? `${idempotencyKey}_${route.id}` : undefined,
                 metadata: {
@@ -10611,6 +11208,21 @@ If your heartbeat shows **no active task** and **no next task**:
             });
             events.push(event);
         }
+        // Post GitHub events to the 'github' chat channel with remapped mentions.
+        // Pass enrichedBody (not body) so formatGitHubEvent has access to
+        // _reflectt_attribution and can mention the correct agent (@link not @kai).
+        if (provider === 'github') {
+            const ghEventType = request.headers['x-github-event'] || eventType;
+            const chatMessage = formatGitHubEvent(ghEventType, enrichedBody);
+            if (chatMessage) {
+                chatManager.sendMessage({
+                    from: 'github',
+                    content: chatMessage,
+                    channel: 'github',
+                    metadata: { source: 'github-webhook', eventType: ghEventType, delivery: request.headers['x-github-delivery'] },
+                }).catch(() => { }); // non-blocking
+            }
+        }
         reply.code(202);
         return { success: true, accepted: events.length, events: events.map(e => ({ id: e.id, idempotencyKey: e.idempotencyKey, status: e.status })) };
     });
@@ -11344,6 +11956,62 @@ If your heartbeat shows **no active task** and **no next task**:
     app.get('/calendar/reminders/stats', async () => {
         return getReminderEngineStats();
     });
+    // ── Schedule feed — team-wide time-awareness ──────────────────────────────
+    //
+    // Provides canonical records for deploy windows, focus blocks, and
+    // scheduled task work so agents can coordinate timing without chat.
+    //
+    // MVP scope: one-off windows only. No iCal/RRULE, no reminders.
+    // See src/schedule.ts for what is intentionally NOT included.
+    // GET /schedule/feed — upcoming entries in chronological order
+    app.get('/schedule/feed', async (request) => {
+        const q = request.query;
+        const kinds = q.kinds ? q.kinds.split(',') : undefined;
+        const entries = getScheduleFeed({
+            after: q.after ? parseInt(q.after, 10) : undefined,
+            before: q.before ? parseInt(q.before, 10) : undefined,
+            kinds,
+            owner: q.owner,
+            limit: q.limit ? parseInt(q.limit, 10) : undefined,
+        });
+        return { entries, count: entries.length };
+    });
+    // POST /schedule/entries — create a new schedule entry
+    app.post('/schedule/entries', async (request, reply) => {
+        try {
+            const entry = createScheduleEntry(request.body);
+            return reply.status(201).send({ entry });
+        }
+        catch (err) {
+            return reply.status(400).send({ error: err.message });
+        }
+    });
+    // GET /schedule/entries/:id
+    app.get('/schedule/entries/:id', async (request, reply) => {
+        const entry = getScheduleEntry(request.params.id);
+        if (!entry)
+            return reply.status(404).send({ error: 'Not found' });
+        return { entry };
+    });
+    // PATCH /schedule/entries/:id
+    app.patch('/schedule/entries/:id', async (request, reply) => {
+        try {
+            const entry = updateScheduleEntry(request.params.id, request.body);
+            if (!entry)
+                return reply.status(404).send({ error: 'Not found' });
+            return { entry };
+        }
+        catch (err) {
+            return reply.status(400).send({ error: err.message });
+        }
+    });
+    // DELETE /schedule/entries/:id
+    app.delete('/schedule/entries/:id', async (request, reply) => {
+        const deleted = deleteScheduleEntry(request.params.id);
+        if (!deleted)
+            return reply.status(404).send({ error: 'Not found' });
+        return reply.status(204).send();
+    });
     // ── iCal Import/Export ───────────────────────────────────────────────────
     // Export all events as .ics
     app.get('/calendar/export.ics', async (request, reply) => {
@@ -11517,6 +12185,964 @@ If your heartbeat shows **no active task** and **no next task**:
     });
     // Start hourly auto-snapshot for alert-preflight daily metrics
     startAutoSnapshot();
+    // ─── Browser capability routes ───────────────────────────────────────────────
+    const browser = await import('./capabilities/browser.js');
+    app.get('/browser/config', async () => {
+        return browser.getBrowserConfig();
+    });
+    app.post('/browser/sessions', async (request, reply) => {
+        try {
+            const body = request.body;
+            if (!body?.agent)
+                return reply.code(400).send({ error: 'agent is required' });
+            const session = await browser.createSession({
+                agent: body.agent,
+                url: body.url,
+                headless: body.headless,
+                viewport: body.viewport,
+            });
+            const { _stagehand, _page, _idleTimer, ...safe } = session;
+            return reply.code(201).send(safe);
+        }
+        catch (err) {
+            const status = err.message?.includes('Max concurrent') || err.message?.includes('exceeded max') ? 429 : 500;
+            return reply.code(status).send({ error: err.message });
+        }
+    });
+    app.get('/browser/sessions', async () => {
+        return { sessions: browser.listSessions() };
+    });
+    app.get('/browser/sessions/:id', async (request, reply) => {
+        const session = browser.getSession(request.params.id);
+        if (!session)
+            return reply.code(404).send({ error: 'Session not found' });
+        const { _stagehand, _page, _idleTimer, ...safe } = session;
+        return safe;
+    });
+    app.delete('/browser/sessions/:id', async (request, reply) => {
+        await browser.closeSession(request.params.id);
+        return { ok: true };
+    });
+    app.post('/browser/sessions/:id/act', async (request, reply) => {
+        try {
+            const body = request.body;
+            if (!body?.instruction)
+                return reply.code(400).send({ error: 'instruction is required' });
+            const result = await browser.act(request.params.id, body.instruction);
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message?.includes('No active') ? 404 : 500).send({ error: err.message });
+        }
+    });
+    app.post('/browser/sessions/:id/extract', async (request, reply) => {
+        try {
+            const body = request.body;
+            if (!body?.instruction)
+                return reply.code(400).send({ error: 'instruction is required' });
+            const result = await browser.extract(request.params.id, body.instruction, body.schema);
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message?.includes('No active') ? 404 : 500).send({ error: err.message });
+        }
+    });
+    app.post('/browser/sessions/:id/observe', async (request, reply) => {
+        try {
+            const body = request.body;
+            if (!body?.instruction)
+                return reply.code(400).send({ error: 'instruction is required' });
+            const result = await browser.observe(request.params.id, body.instruction);
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message?.includes('No active') ? 404 : 500).send({ error: err.message });
+        }
+    });
+    app.post('/browser/sessions/:id/navigate', async (request, reply) => {
+        try {
+            const body = request.body;
+            if (!body?.url)
+                return reply.code(400).send({ error: 'url is required' });
+            const result = await browser.navigate(request.params.id, body.url);
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message?.includes('No active') ? 404 : 500).send({ error: err.message });
+        }
+    });
+    app.get('/browser/sessions/:id/screenshot', async (request, reply) => {
+        try {
+            const result = await browser.screenshot(request.params.id);
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message?.includes('No active') ? 404 : 500).send({ error: err.message });
+        }
+    });
+    // ── Agent Runs & Events ──────────────────────────────────────────────────
+    const { createAgentRun, updateAgentRun, getAgentRun, getActiveAgentRun, listAgentRuns, appendAgentEvent, listAgentEvents, VALID_RUN_STATUSES, } = await import('./agent-runs.js');
+    // Create a new agent run
+    app.post('/agents/:agentId/runs', async (request, reply) => {
+        const { agentId } = request.params;
+        const body = request.body;
+        if (!body?.objective)
+            return reply.code(400).send({ error: 'objective is required' });
+        const teamId = body.teamId ?? 'default';
+        try {
+            const run = createAgentRun(agentId, teamId, body.objective, {
+                taskId: body.taskId,
+                parentRunId: body.parentRunId,
+            });
+            return reply.code(201).send(run);
+        }
+        catch (err) {
+            return reply.code(500).send({ error: err.message });
+        }
+    });
+    // Update an agent run (status, context, artifacts)
+    app.patch('/agents/:agentId/runs/:runId', async (request, reply) => {
+        const { runId } = request.params;
+        const body = request.body;
+        if (body?.status && !VALID_RUN_STATUSES.includes(body.status)) {
+            return reply.code(400).send({ error: `Invalid status. Valid: ${VALID_RUN_STATUSES.join(', ')}` });
+        }
+        try {
+            const run = updateAgentRun(runId, {
+                status: body?.status,
+                contextSnapshot: body?.contextSnapshot,
+                artifacts: body?.artifacts,
+            });
+            if (!run)
+                return reply.code(404).send({ error: 'Run not found' });
+            return run;
+        }
+        catch (err) {
+            return reply.code(500).send({ error: err.message });
+        }
+    });
+    // List agent runs
+    app.get('/agents/:agentId/runs', async (request, reply) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        const teamId = query.teamId ?? 'default';
+        const limit = query.limit ? parseInt(query.limit, 10) : undefined;
+        return listAgentRuns(agentId, teamId, { status: query.status, limit });
+    });
+    // Get active run for an agent
+    app.get('/agents/:agentId/runs/current', async (request, reply) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        const teamId = query.teamId ?? 'default';
+        const run = getActiveAgentRun(agentId, teamId);
+        if (!run)
+            return reply.code(404).send({ error: 'No active run' });
+        return run;
+    });
+    // Append an event
+    const { validateRoutingSemantics } = await import('./agent-runs.js');
+    // GET /events/routing/validate — check if a payload passes routing semantics
+    app.post('/events/routing/validate', async (request) => {
+        const body = request.body;
+        if (!body?.eventType)
+            return { valid: false, errors: ['eventType is required'], warnings: [] };
+        return validateRoutingSemantics(body.eventType, body.payload ?? {});
+    });
+    app.post('/agents/:agentId/events', async (request, reply) => {
+        const { agentId } = request.params;
+        const body = request.body;
+        if (!body?.eventType)
+            return reply.code(400).send({ error: 'eventType is required' });
+        try {
+            const event = appendAgentEvent({
+                agentId,
+                runId: body.runId,
+                eventType: body.eventType,
+                payload: body.payload,
+                enforceRouting: body.enforceRouting,
+            });
+            return reply.code(201).send(event);
+        }
+        catch (err) {
+            if (err.message.includes('Routing semantics violation')) {
+                return reply.code(422).send({ error: err.message, hint: 'Actionable events require: action_required (string), urgency (low|normal|high|critical), owner (string). Optional: expires_at (number).' });
+            }
+            return reply.code(500).send({ error: err.message });
+            const message = String(err?.message || err);
+            if (message.includes('rationale')) {
+                return reply.code(400).send({ error: message });
+            }
+            return reply.code(500).send({ error: message });
+        }
+    });
+    // List agent events
+    app.get('/agents/:agentId/events', async (request, reply) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return listAgentEvents({
+            agentId,
+            runId: query.runId,
+            eventType: query.type,
+            since: query.since ? parseInt(query.since, 10) : undefined,
+            limit: query.limit ? parseInt(query.limit, 10) : undefined,
+        });
+    });
+    // ── Run Event Stream (SSE) ─────────────────────────────────────────────
+    // Real-time SSE stream for run events. Canvas subscribes here instead of polling.
+    // GET /agents/:agentId/runs/:runId/stream — stream events for a specific run
+    // GET /agents/:agentId/stream — stream all events for an agent
+    app.get('/agents/:agentId/runs/:runId/stream', async (request, reply) => {
+        const { agentId, runId } = request.params;
+        const run = getAgentRun(runId);
+        if (!run) {
+            reply.code(404);
+            return { error: 'Run not found' };
+        }
+        reply.raw.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Connection': 'keep-alive',
+            'X-Accel-Buffering': 'no',
+        });
+        // Send current run state as initial snapshot
+        reply.raw.write(`event: snapshot\ndata: ${JSON.stringify({ run, events: listAgentEvents({ runId, limit: 20 }) })}\n\n`);
+        // Subscribe to eventBus for this run's events
+        const listenerId = `run-stream-${runId}-${Date.now()}`;
+        let closed = false;
+        eventBus.on(listenerId, (event) => {
+            if (closed)
+                return;
+            const data = event.data;
+            // Forward events that match this agent or run
+            if (data && (data.runId === runId || data.agentId === agentId)) {
+                try {
+                    reply.raw.write(`event: ${event.type}\ndata: ${JSON.stringify(event)}\n\n`);
+                }
+                catch { /* connection closed */ }
+            }
+        });
+        // Heartbeat
+        const heartbeat = setInterval(() => {
+            if (closed) {
+                clearInterval(heartbeat);
+                return;
+            }
+            try {
+                reply.raw.write(`:heartbeat\n\n`);
+            }
+            catch {
+                clearInterval(heartbeat);
+            }
+        }, 15_000);
+        // Cleanup
+        request.raw.on('close', () => {
+            closed = true;
+            eventBus.off(listenerId);
+            clearInterval(heartbeat);
+        });
+    });
+    // Stream all events for an agent
+    app.get('/agents/:agentId/stream', async (request, reply) => {
+        const { agentId } = request.params;
+        reply.raw.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Connection': 'keep-alive',
+            'X-Accel-Buffering': 'no',
+        });
+        // Send recent events as snapshot
+        const recentEvents = listAgentEvents({ agentId, limit: 20 });
+        const activeRun = getActiveAgentRun(agentId, 'default');
+        reply.raw.write(`event: snapshot\ndata: ${JSON.stringify({ activeRun, events: recentEvents })}\n\n`);
+        const listenerId = `agent-stream-${agentId}-${Date.now()}`;
+        let closed = false;
+        eventBus.on(listenerId, (event) => {
+            if (closed)
+                return;
+            const data = event.data;
+            if (data && data.agentId === agentId) {
+                try {
+                    reply.raw.write(`event: ${event.type}\ndata: ${JSON.stringify(event)}\n\n`);
+                }
+                catch { /* connection closed */ }
+            }
+        });
+        const heartbeat = setInterval(() => {
+            if (closed) {
+                clearInterval(heartbeat);
+                return;
+            }
+            try {
+                reply.raw.write(`:heartbeat\n\n`);
+            }
+            catch {
+                clearInterval(heartbeat);
+            }
+        }, 15_000);
+        request.raw.on('close', () => {
+            closed = true;
+            eventBus.off(listenerId);
+            clearInterval(heartbeat);
+        });
+    });
+    // ── Workflow Templates ─────────────────────────────────────────────────
+    const { listWorkflowTemplates, getWorkflowTemplate, runWorkflow } = await import('./workflow-templates.js');
+    // GET /workflows — list available workflow templates
+    app.get('/workflows', async () => ({ templates: listWorkflowTemplates() }));
+    // GET /workflows/:id — get template details
+    app.get('/workflows/:id', async (request, reply) => {
+        const template = getWorkflowTemplate(request.params.id);
+        if (!template) {
+            reply.code(404);
+            return { error: 'Template not found' };
+        }
+        return {
+            id: template.id,
+            name: template.name,
+            description: template.description,
+            steps: template.steps.map(s => ({ name: s.name, description: s.description })),
+        };
+    });
+    // POST /workflows/:id/run — execute a workflow
+    app.post('/workflows/:id/run', async (request, reply) => {
+        const template = getWorkflowTemplate(request.params.id);
+        if (!template) {
+            reply.code(404);
+            return { error: 'Template not found' };
+        }
+        const body = request.body ?? {};
+        const agentId = body.agentId ?? 'link';
+        const teamId = body.teamId ?? 'default';
+        const result = await runWorkflow(template, agentId, teamId, body);
+        return result;
+    });
+    // ── Agent Messaging (Host-native) ─────────────────────────────────────
+    // Local agent-to-agent messaging. Replaces gateway for same-Host agents.
+    const { sendAgentMessage, listAgentMessages, listSentMessages, markMessagesRead, getUnreadCount, listChannelMessages } = await import('./agent-messaging.js');
+    // Send message
+    app.post('/agents/:agentId/messages/send', async (request, reply) => {
+        const { agentId } = request.params;
+        const body = request.body;
+        if (!body?.to)
+            return reply.code(400).send({ error: 'to (recipient agent) is required' });
+        if (!body?.content)
+            return reply.code(400).send({ error: 'content is required' });
+        const msg = sendAgentMessage({
+            fromAgent: agentId,
+            toAgent: body.to,
+            channel: body.channel,
+            content: body.content,
+            metadata: body.metadata,
+        });
+        // Emit event for SSE subscribers
+        eventBus.emit({
+            id: `amsg-evt-${Date.now()}`,
+            type: 'message_posted',
+            timestamp: Date.now(),
+            data: { messageId: msg.id, from: agentId, to: body.to, channel: msg.channel },
+        });
+        return reply.code(201).send(msg);
+    });
+    // Inbox
+    app.get('/agents/:agentId/messages', async (request) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return {
+            messages: listAgentMessages({
+                agentId,
+                channel: query.channel,
+                unreadOnly: query.unread === 'true',
+                since: query.since ? parseInt(query.since, 10) : undefined,
+                limit: query.limit ? parseInt(query.limit, 10) : undefined,
+            }),
+            unreadCount: getUnreadCount(agentId),
+        };
+    });
+    // Sent
+    app.get('/agents/:agentId/messages/sent', async (request) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return { messages: listSentMessages(agentId, query.limit ? parseInt(query.limit, 10) : undefined) };
+    });
+    // Mark read
+    app.post('/agents/:agentId/messages/read', async (request) => {
+        const { agentId } = request.params;
+        const body = request.body ?? {};
+        const marked = markMessagesRead(agentId, body.messageIds);
+        return { marked };
+    });
+    // Channel messages
+    app.get('/messages/channel/:channel', async (request) => {
+        const { channel } = request.params;
+        const query = request.query;
+        return {
+            messages: listChannelMessages(channel, {
+                since: query.since ? parseInt(query.since, 10) : undefined,
+                limit: query.limit ? parseInt(query.limit, 10) : undefined,
+            }),
+        };
+    });
+    // ── Run Retention / Archive ────────────────────────────────────────────
+    const { applyRunRetention, getRetentionStats } = await import('./agent-runs.js');
+    // GET /runs/retention/stats — preview what retention policy would do
+    app.get('/runs/retention/stats', async (request) => {
+        const query = request.query;
+        return getRetentionStats({
+            maxAgeDays: query.maxAgeDays ? parseInt(query.maxAgeDays, 10) : undefined,
+            maxCompletedRuns: query.maxCompletedRuns ? parseInt(query.maxCompletedRuns, 10) : undefined,
+        });
+    });
+    // POST /runs/retention/apply — apply retention policy
+    app.post('/runs/retention/apply', async (request) => {
+        const body = request.body ?? {};
+        return applyRunRetention({
+            policy: {
+                maxAgeDays: body.maxAgeDays,
+                maxCompletedRuns: body.maxCompletedRuns,
+                deleteArchived: body.deleteArchived,
+            },
+            agentId: body.agentId,
+            dryRun: body.dryRun,
+        });
+    });
+    // ── Artifact Store (Host-native) ──────────────────────────────────────
+    const { storeArtifact, getArtifact, readArtifactContent, listArtifacts, deleteArtifact, getStorageUsage } = await import('./artifact-store.js');
+    // Upload artifact
+    app.post('/agents/:agentId/artifacts', async (request, reply) => {
+        const { agentId } = request.params;
+        const body = request.body;
+        if (!body?.name)
+            return reply.code(400).send({ error: 'name is required' });
+        if (!body?.content)
+            return reply.code(400).send({ error: 'content is required' });
+        const contentBuf = body.encoding === 'base64' ? Buffer.from(body.content, 'base64') : Buffer.from(body.content);
+        const art = storeArtifact({ agentId, name: body.name, content: contentBuf, mimeType: body.mimeType, runId: body.runId, taskId: body.taskId, metadata: body.metadata });
+        return reply.code(201).send(art);
+    });
+    // List artifacts
+    app.get('/agents/:agentId/artifacts', async (request) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return {
+            artifacts: listArtifacts({ agentId, runId: query.runId, taskId: query.taskId, limit: query.limit ? parseInt(query.limit, 10) : undefined }),
+            usage: getStorageUsage(agentId),
+        };
+    });
+    // Get artifact metadata
+    app.get('/artifacts/:artifactId', async (request, reply) => {
+        const { artifactId } = request.params;
+        const art = getArtifact(artifactId);
+        if (!art)
+            return reply.code(404).send({ error: 'Artifact not found' });
+        return art;
+    });
+    // Download artifact content
+    app.get('/artifacts/:artifactId/content', async (request, reply) => {
+        const { artifactId } = request.params;
+        const content = readArtifactContent(artifactId);
+        if (!content)
+            return reply.code(404).send({ error: 'Artifact not found or file missing' });
+        const art = getArtifact(artifactId);
+        return reply.type(art.mimeType).send(content);
+    });
+    // Delete artifact
+    app.delete('/artifacts/:artifactId', async (request, reply) => {
+        const { artifactId } = request.params;
+        const deleted = deleteArtifact(artifactId);
+        if (!deleted)
+            return reply.code(404).send({ error: 'Artifact not found' });
+        return { deleted: true };
+    });
+    // Storage usage
+    app.get('/agents/:agentId/storage', async (request) => {
+        const { agentId } = request.params;
+        return getStorageUsage(agentId);
+    });
+    // ── Webhook Storage ──────────────────────────────────────────────────
+    const { storeWebhookPayload, getWebhookPayload, listWebhookPayloads, markPayloadProcessed, getUnprocessedCount, purgeOldPayloads } = await import('./webhook-storage.js');
+    // Ingest webhook payload
+    app.post('/webhooks/ingest', async (request, reply) => {
+        const body = request.body;
+        if (!body?.source)
+            return reply.code(400).send({ error: 'source is required' });
+        if (!body?.eventType)
+            return reply.code(400).send({ error: 'eventType is required' });
+        if (!body?.body)
+            return reply.code(400).send({ error: 'body (payload) is required' });
+        const headers = {};
+        for (const [k, v] of Object.entries(request.headers)) {
+            if (typeof v === 'string')
+                headers[k] = v;
+        }
+        const payload = storeWebhookPayload({ source: body.source, eventType: body.eventType, agentId: body.agentId, body: body.body, headers });
+        return reply.code(201).send(payload);
+    });
+    // List payloads
+    app.get('/webhooks/payloads', async (request) => {
+        const query = request.query;
+        return {
+            payloads: listWebhookPayloads({
+                source: query.source,
+                agentId: query.agentId,
+                unprocessedOnly: query.unprocessed === 'true',
+                since: query.since ? parseInt(query.since, 10) : undefined,
+                limit: query.limit ? parseInt(query.limit, 10) : undefined,
+            }),
+            unprocessedCount: getUnprocessedCount({ source: query.source, agentId: query.agentId }),
+        };
+    });
+    // Get single payload
+    app.get('/webhooks/payloads/:payloadId', async (request, reply) => {
+        const { payloadId } = request.params;
+        const payload = getWebhookPayload(payloadId);
+        if (!payload)
+            return reply.code(404).send({ error: 'Payload not found' });
+        return payload;
+    });
+    // Mark processed
+    app.post('/webhooks/payloads/:payloadId/process', async (request, reply) => {
+        const { payloadId } = request.params;
+        const marked = markPayloadProcessed(payloadId);
+        if (!marked)
+            return reply.code(404).send({ error: 'Payload not found or already processed' });
+        return { processed: true };
+    });
+    // Purge old processed payloads
+    app.post('/webhooks/purge', async (request) => {
+        const body = request.body ?? {};
+        const deleted = purgeOldPayloads(body.maxAgeDays ?? 30);
+        return { deleted };
+    });
+    // ── Approval Routing ────────────────────────────────────────────────────
+    const { listPendingApprovals, listApprovalQueue, submitApprovalDecision, } = await import('./agent-runs.js');
+    // List pending approvals (review_requested events needing action)
+    app.get('/approvals/pending', async (request) => {
+        const query = request.query;
+        return listPendingApprovals({
+            agentId: query.agentId,
+            limit: query.limit ? parseInt(query.limit, 10) : undefined,
+        });
+    });
+    // Dedicated approval queue — unified view of everything needing human decision.
+    // Answers: what needs decision, who owns it, when it expires, what happens if ignored.
+    app.get('/approval-queue', async (request) => {
+        const query = request.query;
+        const items = listApprovalQueue({
+            agentId: query.agentId,
+            category: query.category === 'review' || query.category === 'agent_action' ? query.category : undefined,
+            includeExpired: query.includeExpired === 'true',
+            limit: query.limit ? parseInt(query.limit, 10) : undefined,
+        });
+        return {
+            items,
+            count: items.length,
+            hasExpired: items.some(i => i.isExpired),
+        };
+    });
+    // Submit agent-action approval (approve_requested events)
+    app.post('/approval-queue/:approvalId/decide', async (request, reply) => {
+        const { approvalId } = request.params;
+        const body = request.body;
+        if (!body?.decision || !['approve', 'reject', 'defer'].includes(body.decision)) {
+            return reply.code(400).send({ error: 'decision must be "approve", "reject", or "defer"' });
+        }
+        if (!body?.actor) {
+            return reply.code(400).send({ error: 'actor is required' });
+        }
+        try {
+            const result = submitApprovalDecision({
+                eventId: approvalId,
+                decision: body.decision,
+                reviewer: body.actor,
+                comment: body.comment,
+            });
+            // Emit canvas_input event so Presence Layer updates
+            eventBus.emit({
+                id: `aq-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+                type: 'canvas_input',
+                timestamp: Date.now(),
+                data: {
+                    action: 'decision',
+                    approvalId,
+                    decision: body.decision,
+                    actor: body.actor,
+                },
+            });
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message.includes('not found') ? 404 : 400).send({ error: err.message });
+        }
+    });
+    // Submit approval decision
+    app.post('/approvals/:eventId/decide', async (request, reply) => {
+        const { eventId } = request.params;
+        const body = request.body;
+        if (!body?.decision || !['approve', 'reject'].includes(body.decision)) {
+            return reply.code(400).send({ error: 'decision must be "approve" or "reject"' });
+        }
+        if (!body?.reviewer) {
+            return reply.code(400).send({ error: 'reviewer is required' });
+        }
+        try {
+            const result = submitApprovalDecision({
+                eventId,
+                decision: body.decision,
+                reviewer: body.reviewer,
+                comment: body.comment,
+                rationale: body.rationale,
+            });
+            return result;
+        }
+        catch (err) {
+            return reply.code(err.message.includes('not found') ? 404 : 400).send({ error: err.message });
+        }
+    });
+    // ── Canvas Input ──────────────────────────────────────────────────────
+    // Human → agent control seam for the Presence Layer.
+    // Payload is intentionally small per COO spec: action + target + actor.
+    const CANVAS_INPUT_ACTIONS = ['decision', 'interrupt', 'pause', 'resume', 'mute', 'unmute'];
+    const CanvasInputSchema = z.object({
+        action: z.enum(CANVAS_INPUT_ACTIONS),
+        targetRunId: z.string().optional(), // which run to act on
+        decisionId: z.string().optional(), // for decision actions
+        choice: z.enum(['approve', 'deny', 'defer']).optional(), // for decision actions
+        actor: z.string().min(1), // who made this input
+        comment: z.string().optional(), // optional rationale
+    });
+    app.post('/canvas/input', async (request, reply) => {
+        const body = request.body;
+        const result = CanvasInputSchema.safeParse(body);
+        if (!result.success) {
+            reply.code(422);
+            return {
+                error: `Invalid canvas input: ${result.error.issues.map(i => i.message).join(', ')}`,
+                hint: 'Required: action (decision|interrupt|pause|resume|mute|unmute), actor. Optional: targetRunId, decisionId, choice, comment.',
+            };
+        }
+        const input = result.data;
+        const now = Date.now();
+        // Route by action type
+        if (input.action === 'decision') {
+            if (!input.decisionId || !input.choice) {
+                reply.code(422);
+                return { error: 'Decision action requires decisionId and choice (approve|deny|defer)' };
+            }
+            // Emit canvas_input event for SSE subscribers
+            eventBus.emit({ id: `cinput-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`, type: "canvas_input", timestamp: Date.now(), data: {
+                    action: input.action,
+                    decisionId: input.decisionId,
+                    choice: input.choice,
+                    actor: input.actor,
+                    comment: input.comment,
+                    timestamp: now,
+                } });
+            return {
+                success: true,
+                action: 'decision',
+                decisionId: input.decisionId,
+                choice: input.choice,
+                actor: input.actor,
+                timestamp: now,
+            };
+        }
+        if (input.action === 'interrupt' || input.action === 'pause') {
+            // Update active run if specified
+            const runId = input.targetRunId;
+            if (runId) {
+                try {
+                    updateAgentRun(runId, {
+                        status: input.action === 'interrupt' ? 'cancelled' : 'blocked',
+                    });
+                }
+                catch { /* run may not exist — still emit event */ }
+            }
+            eventBus.emit({ id: `cinput-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`, type: "canvas_input", timestamp: Date.now(), data: {
+                    action: input.action,
+                    targetRunId: runId || null,
+                    actor: input.actor,
+                    timestamp: now,
+                } });
+            return {
+                success: true,
+                action: input.action,
+                targetRunId: runId || null,
+                actor: input.actor,
+                timestamp: now,
+            };
+        }
+        if (input.action === 'resume') {
+            const runId = input.targetRunId;
+            if (runId) {
+                try {
+                    updateAgentRun(runId, { status: 'working' });
+                }
+                catch { /* run may not exist */ }
+            }
+            eventBus.emit({ id: `cinput-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`, type: "canvas_input", timestamp: Date.now(), data: {
+                    action: 'resume',
+                    targetRunId: runId || null,
+                    actor: input.actor,
+                    timestamp: now,
+                } });
+            return { success: true, action: 'resume', targetRunId: runId || null, actor: input.actor, timestamp: now };
+        }
+        // Mute/unmute — emit event only, no state change needed
+        eventBus.emit({ id: `cinput-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`, type: "canvas_input", timestamp: Date.now(), data: {
+                action: input.action,
+                actor: input.actor,
+                timestamp: now,
+            } });
+        return { success: true, action: input.action, actor: input.actor, timestamp: now };
+    });
+    // GET /canvas/input/schema — discovery endpoint
+    app.get('/canvas/input/schema', async () => ({
+        actions: CANVAS_INPUT_ACTIONS,
+        schema: {
+            action: 'decision | interrupt | pause | resume | mute | unmute',
+            targetRunId: 'optional — which run to act on',
+            decisionId: 'required for decision action — approval event ID',
+            choice: 'required for decision — approve | deny | defer',
+            actor: 'required — who made this input',
+            comment: 'optional — rationale',
+        },
+    }));
+    // ── Email / SMS relay ──────────────────────────────────────────────────
+    async function cloudRelay(path, body, reply) {
+        const cloudUrl = process.env.REFLECTT_CLOUD_URL;
+        const hostToken = process.env.REFLECTT_HOST_TOKEN;
+        if (!cloudUrl || !hostToken) {
+            reply.code(503);
+            return { error: 'Not connected to cloud. Configure REFLECTT_CLOUD_URL and REFLECTT_HOST_TOKEN.' };
+        }
+        try {
+            const res = await fetch(`${cloudUrl}${path}`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${hostToken}`,
+                },
+                body: JSON.stringify(body),
+            });
+            const data = await res.json().catch(() => ({}));
+            if (!res.ok) {
+                reply.code(res.status);
+                return data;
+            }
+            return data;
+        }
+        catch (err) {
+            reply.code(502);
+            return { error: `Cloud relay failed: ${err.message}` };
+        }
+    }
+    // Send email via cloud relay
+    app.post('/email/send', async (request, reply) => {
+        const body = request.body;
+        const from = typeof body.from === 'string' ? body.from.trim() : '';
+        const to = body.to;
+        const subject = typeof body.subject === 'string' ? body.subject.trim() : '';
+        if (!from)
+            return reply.code(400).send({ error: 'from is required' });
+        if (!to)
+            return reply.code(400).send({ error: 'to is required' });
+        if (!subject)
+            return reply.code(400).send({ error: 'subject is required' });
+        if (!body.html && !body.text)
+            return reply.code(400).send({ error: 'html or text body is required' });
+        // Use host-relay endpoint — authenticates with host credential, uses host's own teamId server-side
+        const hostId = process.env.REFLECTT_HOST_ID;
+        const relayPath = hostId ? `/api/hosts/${encodeURIComponent(hostId)}/relay/email` : '/api/hosts/relay/email';
+        return cloudRelay(relayPath, {
+            from,
+            to,
+            subject,
+            html: body.html,
+            text: body.text,
+            replyTo: body.replyTo,
+            cc: body.cc,
+            bcc: body.bcc,
+            agent: body.agentId || body.agent || 'unknown',
+        }, reply);
+    });
+    // Send SMS via cloud relay
+    app.post('/sms/send', async (request, reply) => {
+        const body = request.body;
+        const to = typeof body.to === 'string' ? body.to.trim() : '';
+        const msgBody = typeof body.body === 'string' ? body.body.trim() : '';
+        if (!to)
+            return reply.code(400).send({ error: 'to is required (phone number)' });
+        if (!msgBody)
+            return reply.code(400).send({ error: 'body is required' });
+        const hostIdSms = process.env.REFLECTT_HOST_ID;
+        const smsRelayPath = hostIdSms ? `/api/hosts/${encodeURIComponent(hostIdSms)}/relay/sms` : '/api/hosts/relay/sms';
+        return cloudRelay(smsRelayPath, {
+            to,
+            body: msgBody,
+            from: body.from,
+            agent: body.agentId || body.agent || 'unknown',
+        }, reply);
+    });
+    // ── Agent Config ──────────────────────────────────────────────────────
+    // Per-agent model preference, cost cap, and settings.
+    // This is the policy anchor for cost enforcement.
+    const { getAgentConfig, listAgentConfigs, setAgentConfig, deleteAgentConfig, checkCostCap } = await import('./agent-config.js');
+    // GET /agents/:agentId/config — get config for an agent
+    app.get('/agents/:agentId/config', async (request) => {
+        const config = getAgentConfig(request.params.agentId);
+        return config ?? { agentId: request.params.agentId, configured: false };
+    });
+    // PUT /agents/:agentId/config — upsert config for an agent
+    app.put('/agents/:agentId/config', async (request, reply) => {
+        const body = request.body ?? {};
+        try {
+            const config = setAgentConfig(request.params.agentId, {
+                teamId: typeof body.teamId === 'string' ? body.teamId : undefined,
+                model: body.model !== undefined ? body.model : undefined,
+                fallbackModel: body.fallbackModel !== undefined ? body.fallbackModel : undefined,
+                costCapDaily: body.costCapDaily !== undefined ? body.costCapDaily : undefined,
+                costCapMonthly: body.costCapMonthly !== undefined ? body.costCapMonthly : undefined,
+                maxTokensPerCall: body.maxTokensPerCall !== undefined ? body.maxTokensPerCall : undefined,
+                settings: body.settings !== undefined ? body.settings : undefined,
+            });
+            return config;
+        }
+        catch (err) {
+            reply.code(400);
+            return { error: err.message };
+        }
+    });
+    // DELETE /agents/:agentId/config — remove config for an agent
+    app.delete('/agents/:agentId/config', async (request, reply) => {
+        const deleted = deleteAgentConfig(request.params.agentId);
+        if (!deleted) {
+            reply.code(404);
+            return { error: 'Config not found' };
+        }
+        return { success: true };
+    });
+    // GET /agent-configs — list all agent configs
+    app.get('/agent-configs', async (request) => {
+        const query = request.query;
+        return { configs: listAgentConfigs({ teamId: query.teamId }) };
+    });
+    // GET /agents/:agentId/cost-check — runtime cost enforcement check
+    // Used by the runtime before making model calls.
+    app.get('/agents/:agentId/cost-check', async (request) => {
+        const query = request.query;
+        const dailySpend = query.dailySpend ? parseFloat(query.dailySpend) : 0;
+        const monthlySpend = query.monthlySpend ? parseFloat(query.monthlySpend) : 0;
+        return checkCostCap(request.params.agentId, dailySpend, monthlySpend);
+    });
+    // ── Cost-Policy Enforcement Middleware ──────────────────────────────────
+    const { enforcePolicy, recordUsage, getDailySpend, getMonthlySpend, purgeUsageLog, ensureUsageLogTable, } = await import('./cost-enforcement.js');
+    ensureUsageLogTable();
+    // POST /agents/:agentId/enforce-cost — runtime enforcement before model calls
+    app.post('/agents/:agentId/enforce-cost', async (request, reply) => {
+        const result = enforcePolicy(request.params.agentId);
+        const status = result.action === 'deny' ? 403 : 200;
+        return reply.code(status).send(result);
+    });
+    // GET /agents/:agentId/spend — current daily + monthly spend
+    app.get('/agents/:agentId/spend', async (request) => {
+        const { agentId } = request.params;
+        return {
+            agentId,
+            dailySpend: getDailySpend(agentId),
+            monthlySpend: getMonthlySpend(agentId),
+        };
+    });
+    // POST /usage/record — record a usage event
+    app.post('/usage/record', async (request, reply) => {
+        const body = request.body;
+        if (!body?.agentId)
+            return reply.code(400).send({ error: 'agentId is required' });
+        if (!body?.model)
+            return reply.code(400).send({ error: 'model is required' });
+        if (typeof body.cost !== 'number')
+            return reply.code(400).send({ error: 'cost is required (number)' });
+        recordUsage({
+            agentId: body.agentId,
+            model: body.model,
+            inputTokens: body.inputTokens ?? 0,
+            outputTokens: body.outputTokens ?? 0,
+            cost: body.cost,
+            timestamp: Date.now(),
+        });
+        return reply.code(201).send({ ok: true });
+    });
+    // POST /usage/purge — purge old usage records
+    app.post('/usage/purge', async (request) => {
+        const body = request.body;
+        const deleted = purgeUsageLog(body?.maxAgeDays ?? 90);
+        return { deleted };
+    });
+    // ── Agent Memories ─────────────────────────────────────────────────────
+    const { setMemory, getMemory, listMemories, deleteMemory, deleteMemoryById, purgeExpiredMemories, countMemories, } = await import('./agent-memories.js');
+    // Set (create or update) a memory
+    app.put('/agents/:agentId/memories', async (request, reply) => {
+        const { agentId } = request.params;
+        const body = request.body;
+        if (!body?.key)
+            return reply.code(400).send({ error: 'key is required' });
+        if (body.content === undefined || body.content === null)
+            return reply.code(400).send({ error: 'content is required' });
+        try {
+            const memory = setMemory({
+                agentId,
+                namespace: body.namespace,
+                key: body.key,
+                content: body.content,
+                tags: body.tags,
+                expiresAt: body.expiresAt,
+            });
+            return reply.code(200).send(memory);
+        }
+        catch (err) {
+            return reply.code(500).send({ error: err.message });
+        }
+    });
+    // Get a specific memory by key
+    app.get('/agents/:agentId/memories/:key', async (request, reply) => {
+        const { agentId, key } = request.params;
+        const query = request.query;
+        const memory = getMemory(agentId, key, query.namespace);
+        if (!memory)
+            return reply.code(404).send({ error: 'Memory not found' });
+        return memory;
+    });
+    // List memories for an agent
+    app.get('/agents/:agentId/memories', async (request, reply) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return listMemories({
+            agentId,
+            namespace: query.namespace,
+            tag: query.tag,
+            search: query.search,
+            limit: query.limit ? parseInt(query.limit, 10) : undefined,
+        });
+    });
+    // Delete a memory by key
+    app.delete('/agents/:agentId/memories/:key', async (request, reply) => {
+        const { agentId, key } = request.params;
+        const query = request.query;
+        const deleted = deleteMemory(agentId, key, query.namespace);
+        if (!deleted)
+            return reply.code(404).send({ error: 'Memory not found' });
+        return { deleted: true };
+    });
+    // Count memories
+    app.get('/agents/:agentId/memories/count', async (request, reply) => {
+        const { agentId } = request.params;
+        const query = request.query;
+        return { count: countMemories(agentId, query.namespace) };
+    });
+    // Purge expired memories (housekeeping)
+    app.post('/agents/memories/purge', async (_request, reply) => {
+        const purged = purgeExpiredMemories();
+        return { purged };
+    });
     return app;
 }
 //# sourceMappingURL=server.js.map