shieldcortex 3.0.3 → 3.1.0

package/dist/api/visualization-server.js

@@ -13,27 +13,26 @@ import { generateSessionToken, cleanupSessionToken, validateSessionToken, getSes
 import { WebSocketServer, WebSocket } from 'ws';
 import { getDatabase, initDatabase, checkpointWal } from '../database/init.js';
 import { DEFAULT_CONFIG } from '../memory/types.js';
-import { searchMemories, searchMemoriesExplained, getRecentMemories, getHighPriorityMemories, getMemoryStats, getMemoryById, addMemory, deleteMemory, accessMemory, updateDecayScores, updateMemory, promoteMemory, createMemoryLink, rowToMemory, } from '../memory/store.js';
-import { consolidate, generateContextSummary, formatContextSummary, } from '../memory/consolidate.js';
+import { getRecentMemories, getMemoryStats, rowToMemory, updateDecayScores } from '../memory/store.js';
 import { calculateDecayedScore } from '../memory/decay.js';
-import { getActivationStats, getActiveMemories } from '../memory/activation.js';
-import { detectContradictions, getContradictionsFor } from '../memory/contradiction.js';
-import { enrichMemory } from '../memory/store.js';
-import { memoryEvents, emitDecayTick, emitConsolidation, getUnprocessedEvents, markEventsProcessed, cleanupOldEvents, } from './events.js';
+import { memoryEvents, emitDecayTick, getUnprocessedEvents, markEventsProcessed, cleanupOldEvents, } from './events.js';
 import { BrainWorker } from '../worker/brain-worker.js';
-import { pause, resume, getControlStatus, isKillSwitchActive, getKillSwitchMeta, activateKillSwitch, deactivateKillSwitch } from './control.js';
-import { getCurrentVersion, getRunningVersion, checkForUpdates, performUpdate, scheduleRestart } from './version.js';
+import { isKillSwitchActive, getKillSwitchMeta, activateKillSwitch, deactivateKillSwitch } from './control.js';
+import { getRunningVersion } from './version.js';
 import { runDefencePipeline } from '../defence/pipeline.js';
 import { DEFAULT_DEFENCE_CONFIG } from '../defence/types.js';
-import { queryAuditLogs, getAuditStats, queryAgentRegistry, queryAgentTimeline, queryAgentOperations, queryIncidentReplay } from '../defence/audit/queries.js';
+import { queryAgentOperations } from '../defence/audit/queries.js';
 import { logAudit } from '../defence/audit/index.js';
-import { getCloudConfig, setCloudConfig, readRawConfig, getTrustedSkills, addTrustedSkill, removeTrustedSkill, getDeviceId, getDeviceName, getDefenceMode, setDefenceMode, isConfigTampered, getOpenClawMemoryConfig, setOpenClawMemoryConfig } from '../cloud/config.js';
-import { getQueueStats } from '../cloud/sync-queue.js';
+import { getCloudConfig, getTrustedSkills, addTrustedSkill, removeTrustedSkill, getDeviceId, getDeviceName, getDefenceMode } from '../cloud/config.js';
 import { scanSkill, scanSkillContent, discoverSkillFiles } from '../defence/skill-scanner/index.js';
 import { getIronDomeStatus, activateIronDome, deactivateIronDome, scanForInjection } from '../defence/iron-dome/index.js';
-import { getLicense, activateLicense, deactivateLicense } from '../license/store.js';
-import { listFeatures, requireFeature, FeatureGatedError } from '../license/gate.js';
-import { validateOnceNow } from '../license/validate.js';
+import { requireFeature, FeatureGatedError } from '../license/gate.js';
+import { registerAdminRoutes } from './routes/admin.js';
+import { registerGraphRoutes } from './routes/graph.js';
+import { registerIncidentRoutes } from './routes/incidents.js';
+import { registerMemoryRoutes } from './routes/memories.js';
+import { registerRecallRoutes } from './routes/recall.js';
+import { registerSystemRoutes } from './routes/system.js';
 const PORT = process.env.PORT || 3001;
 /**
  * In-memory counters for FEATURE_GATED (403) responses per feature.
@@ -158,751 +157,9 @@ export function startVisualizationServer(dbPath) {
         const total = Object.values(gatedCounters).reduce((sum, n) => sum + n, 0);
         res.json({ total, byFeature: { ...gatedCounters } });
     });
-    // Get all memories with filters and pagination
-    app.get('/api/memories', requireNotLocked, async (req, res) => {
-        try {
-            // Extract query params as strings
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const type = typeof req.query.type === 'string' ? req.query.type : undefined;
-            const category = typeof req.query.category === 'string' ? req.query.category : undefined;
-            const limitStr = typeof req.query.limit === 'string' ? req.query.limit : '50';
-            const offsetStr = typeof req.query.offset === 'string' ? req.query.offset : '0';
-            const mode = typeof req.query.mode === 'string' ? req.query.mode : 'recent';
-            const query = typeof req.query.query === 'string' ? req.query.query : undefined;
-            const limit = Math.min(parseInt(limitStr, 10) || 50, 1000); // Cap at 1000, default 50
-            const offset = parseInt(offsetStr, 10) || 0; // Default 0
-            let memories;
-            if (mode === 'search' && query) {
-                const results = await searchMemories({
-                    query,
-                    project,
-                    type: type,
-                    category: category,
-                    limit: limit + offset + 1, // Fetch extra to check hasMore
-                });
-                memories = results.map(r => r.memory);
-            }
-            else if (mode === 'important') {
-                memories = getHighPriorityMemories(limit + offset + 1, project);
-            }
-            else {
-                memories = getRecentMemories(limit + offset + 1, project);
-            }
-            // Filter by type and category if provided
-            if (type) {
-                memories = memories.filter(m => m.type === type);
-            }
-            if (category) {
-                memories = memories.filter(m => m.category === category);
-            }
-            // Get total count for pagination
-            const stats = getMemoryStats(project);
-            const total = stats.total;
-            // Apply pagination
-            const hasMore = memories.length > offset + limit;
-            const paginatedMemories = memories.slice(offset, offset + limit);
-            // Add computed decayed score to each memory
-            const memoriesWithDecay = paginatedMemories.map(m => ({
-                ...m,
-                decayedScore: calculateDecayedScore(m),
-            }));
-            res.json({
-                memories: memoriesWithDecay,
-                pagination: {
-                    offset,
-                    limit,
-                    total,
-                    hasMore,
-                },
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Activity data for heatmap (must be before :id route)
-    app.get('/api/memories/activity', requireNotLocked, (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const db = getDatabase();
-            const query = project
-                ? `SELECT date(created_at) as date, COUNT(*) as count
-           FROM memories WHERE project = ?
-           GROUP BY date(created_at)
-           ORDER BY date DESC
-           LIMIT 365`
-                : `SELECT date(created_at) as date, COUNT(*) as count
-           FROM memories
-           GROUP BY date(created_at)
-           ORDER BY date DESC
-           LIMIT 365`;
-            const rows = project
-                ? db.prepare(query).all(project)
-                : db.prepare(query).all();
-            res.json({ activity: rows });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Memory quality analysis (must be before :id route)
-    app.get('/api/memories/quality', requireNotLocked, (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const db = getDatabase();
-            const projectFilter = project ? 'AND project = ?' : '';
-            const params = project ? [project] : [];
-            const neverAccessed = db.prepare(`
-        SELECT id, title, category, type, created_at, salience
-        FROM memories WHERE access_count = 0 ${projectFilter}
-        AND created_at < datetime('now', '-1 day')
-        ORDER BY created_at DESC LIMIT 50
-      `).all(...params);
-            const stale = db.prepare(`
-        SELECT id, title, category, type, last_accessed, decayed_score, salience
-        FROM memories WHERE decayed_score < 0.3 ${projectFilter}
-        AND last_accessed < datetime('now', '-30 days')
-        ORDER BY decayed_score ASC LIMIT 50
-      `).all(...params);
-            const duplicates = db.prepare(`
-        SELECT m1.id as id1, m1.title as title_a, m2.id as id2, m2.title as title_b
-        FROM memories m1
-        JOIN memories m2 ON m1.title = m2.title AND m1.id < m2.id
-        ${project ? 'WHERE m1.project = ?' : ''}
-        LIMIT 50
-      `).all(...params);
-            res.json({
-                neverAccessed: { count: neverAccessed.length, items: neverAccessed },
-                stale: { count: stale.length, items: stale },
-                duplicates: { count: duplicates.length, items: duplicates },
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Explain why memories ranked for a recall query.
-    // Read-only: uses the same scoring logic as search without reinforcement side effects.
-    app.get('/api/recall/explain', requireNotLocked, async (req, res) => {
-        try {
-            const query = typeof req.query.query === 'string' ? req.query.query.trim() : '';
-            if (!query) {
-                return res.status(400).json({ error: 'query is required' });
-            }
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const type = typeof req.query.type === 'string' ? req.query.type : undefined;
-            const category = typeof req.query.category === 'string' ? req.query.category : undefined;
-            const limit = Math.min(parseInt(req.query.limit, 10) || 10, 50);
-            const includeDecayed = req.query.includeDecayed === 'true';
-            const includeGlobal = req.query.includeGlobal !== 'false';
-            const results = await searchMemoriesExplained({
-                query,
-                project,
-                type: type,
-                category: category,
-                limit,
-                includeDecayed,
-                includeGlobal,
-            });
-            res.json({
-                query,
-                project: project ?? null,
-                total: results.length,
-                sideEffects: 'disabled',
-                results,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get single memory by ID
-    app.get('/api/memories/:id', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = getMemoryById(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            res.json({
-                ...memory,
-                decayedScore: calculateDecayedScore(memory),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Create memory
-    app.post('/api/memories', requireNotLocked, (req, res) => {
-        try {
-            const { title, content, type, category, project, tags, salience } = req.body;
-            if (!title || !content) {
-                return res.status(400).json({ error: 'Title and content required' });
-            }
-            const memory = addMemory({
-                title,
-                content,
-                type: type || 'short_term',
-                category: category || 'note',
-                project,
-                tags: tags || [],
-                salience,
-            });
-            res.status(201).json(memory);
-        }
-        catch (error) {
-            // Handle paused state gracefully
-            if (error.name === 'MemoryPausedError') {
-                return res.status(503).json({
-                    error: 'Memory creation is paused',
-                    paused: true,
-                    message: 'Use the dashboard control panel to resume memory creation.',
-                });
-            }
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Delete memory
-    app.delete('/api/memories/:id', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const success = deleteMemory(id);
-            if (!success) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            res.json({ success: true });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Access/reinforce memory
-    app.post('/api/memories/:id/access', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = accessMemory(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            res.json({
-                ...memory,
-                decayedScore: calculateDecayedScore(memory),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get statistics
-    app.get('/api/stats', (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const stats = getMemoryStats(project);
-            // Add decay distribution
-            const db = getDatabase();
-            const rawRows = db.prepare(project
-                ? 'SELECT * FROM memories WHERE project = ?'
-                : 'SELECT * FROM memories').all(project ? [project] : []);
-            // Convert raw DB rows to Memory objects (snake_case -> camelCase)
-            const allMemories = rawRows.map(rowToMemory);
-            const decayDistribution = {
-                healthy: 0, // > 0.35 (realistic given base salience 0.25 + access bonus)
-                fading: 0, // 0.2 - 0.35
-                critical: 0, // < 0.2 (approaching deletion threshold)
-            };
-            for (const m of allMemories) {
-                const score = calculateDecayedScore(m);
-                if (score > 0.35)
-                    decayDistribution.healthy++;
-                else if (score > 0.2)
-                    decayDistribution.fading++;
-                else
-                    decayDistribution.critical++;
-            }
-            // Get spreading activation stats (Phase 2 organic feature)
-            const activationStats = getActivationStats();
-            res.json({
-                ...stats,
-                decayDistribution,
-                activation: activationStats,
-                timestamp: new Date().toISOString(),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Memory health score (composite metric)
-    app.get('/api/health-score', requireNotLocked, (_req, res) => {
-        try {
-            const db = getDatabase();
-            // ── Freshness ──
-            const totalCount = db.prepare('SELECT COUNT(*) as count FROM memories').get().count;
-            const freshCount = db.prepare('SELECT COUNT(*) as count FROM memories WHERE decayed_score > 0.3').get().count;
-            const freshnessScore = totalCount > 0 ? Math.round((freshCount / totalCount) * 100) : 100;
-            const freshPct = totalCount > 0 ? Math.round((freshCount / totalCount) * 100) : 100;
-            // ── Coverage ──
-            const linkedCount = db.prepare('SELECT COUNT(DISTINCT memory_id) as count FROM memory_entities').get().count;
-            const coverageScore = totalCount > 0 ? Math.round((linkedCount / totalCount) * 100) : 0;
-            // ── Consistency ──
-            const contradictionCount = db.prepare("SELECT COUNT(*) as count FROM memory_links WHERE relationship = 'contradicts'").get().count;
-            const consistencyScore = Math.max(0, 100 - (contradictionCount * 10));
-            // ── Consolidation ──
-            const lastConsolidated = db.prepare("SELECT created_at FROM memories WHERE type = 'long_term' AND tags LIKE '%auto-consolidated%' ORDER BY created_at DESC LIMIT 1").get();
-            let consolidationScore = 25;
-            if (lastConsolidated) {
-                const hoursAgo = (Date.now() - new Date(lastConsolidated.created_at).getTime()) / (1000 * 60 * 60);
-                if (hoursAgo <= 4)
-                    consolidationScore = 100;
-                else if (hoursAgo <= 8)
-                    consolidationScore = 75;
-                else if (hoursAgo <= 24)
-                    consolidationScore = 50;
-                else
-                    consolidationScore = 25;
-            }
-            // ── Overall (weighted average) ──
-            const overall = Math.round(freshnessScore * 0.3 +
-                coverageScore * 0.25 +
-                consistencyScore * 0.25 +
-                consolidationScore * 0.2);
-            // ── Consolidation detail text ──
-            let consolidationDetail = 'No consolidated memories found';
-            if (lastConsolidated) {
-                const hoursAgo = (Date.now() - new Date(lastConsolidated.created_at).getTime()) / (1000 * 60 * 60);
-                if (hoursAgo < 1)
-                    consolidationDetail = 'Last consolidated less than 1 hour ago';
-                else
-                    consolidationDetail = `Last consolidated ${Math.round(hoursAgo)} hours ago`;
-            }
-            res.json({
-                overall,
-                components: {
-                    freshness: {
-                        score: freshnessScore,
-                        label: 'Memory Freshness',
-                        detail: `${freshPct}% of memories above decay threshold`,
-                    },
-                    coverage: {
-                        score: coverageScore,
-                        label: 'Graph Coverage',
-                        detail: `${coverageScore}% of memories have entity links`,
-                    },
-                    consistency: {
-                        score: consistencyScore,
-                        label: 'Consistency',
-                        detail: `${contradictionCount} contradictions detected`,
-                    },
-                    consolidation: {
-                        score: consolidationScore,
-                        label: 'Consolidation',
-                        detail: consolidationDetail,
-                    },
-                },
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get currently activated memories (spreading activation)
-    app.get('/api/activation', requireNotLocked, (_req, res) => {
-        try {
-            const activeMemories = getActiveMemories();
-            const stats = getActivationStats();
-            res.json({
-                activeMemories,
-                stats,
-                timestamp: new Date().toISOString(),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // ORGANIC BRAIN ENDPOINTS (Phase 3)
-    // ============================================
-    // Get detected contradictions
-    app.get('/api/contradictions', requireNotLocked, (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const category = typeof req.query.category === 'string' ? req.query.category : undefined;
-            const minScoreStr = typeof req.query.minScore === 'string' ? req.query.minScore : '0.4';
-            const limitStr = typeof req.query.limit === 'string' ? req.query.limit : '20';
-            const minScore = parseFloat(minScoreStr) || 0.4; // Default 0.4
-            const limit = parseInt(limitStr, 10) || 20; // Default 20
-            const contradictions = detectContradictions({
-                project,
-                category: category,
-                minScore,
-                limit,
-            });
-            res.json({
-                contradictions: contradictions.map(c => ({
-                    memoryAId: c.memoryA.id,
-                    memoryATitle: c.memoryA.title,
-                    memoryBId: c.memoryB.id,
-                    memoryBTitle: c.memoryB.title,
-                    score: c.score,
-                    reason: c.reason,
-                    sharedTopics: c.sharedTopics,
-                })),
-                count: contradictions.length,
-                timestamp: new Date().toISOString(),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get contradictions for a specific memory
-    app.get('/api/memories/:id/contradictions', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            if (isNaN(id)) {
-                return res.status(400).json({ error: 'Invalid memory ID' });
-            }
-            const contradictions = getContradictionsFor(id);
-            res.json({
-                memoryId: id,
-                contradictions: contradictions.map(c => ({
-                    contradictingMemoryId: c.memoryB.id,
-                    contradictingMemoryTitle: c.memoryB.title,
-                    score: c.score,
-                    reason: c.reason,
-                    sharedTopics: c.sharedTopics,
-                })),
-                count: contradictions.length,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Manually enrich a memory with new context
-    app.post('/api/memories/:id/enrich', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            if (isNaN(id)) {
-                return res.status(400).json({ error: 'Invalid memory ID' });
-            }
-            const { context, contextType } = req.body;
-            if (!context || typeof context !== 'string') {
-                return res.status(400).json({ error: 'Context string required in request body' });
-            }
-            const validTypes = ['search', 'access', 'related'];
-            const type = validTypes.includes(contextType) ? contextType : 'access';
-            const result = enrichMemory(id, context, type);
-            res.json(result);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get list of all projects
-    app.get('/api/projects', (_req, res) => {
-        try {
-            const db = getDatabase();
-            const projects = db.prepare(`
-        SELECT DISTINCT project, COUNT(*) as memory_count
-        FROM memories
-        WHERE project IS NOT NULL AND project != ''
-        GROUP BY project
-        ORDER BY memory_count DESC
-      `).all();
-            // Add "All Projects" option with total count
-            const totalCount = db.prepare('SELECT COUNT(*) as count FROM memories').get();
-            res.json({
-                projects: [
-                    { project: null, memory_count: totalCount.count, label: 'All Projects' },
-                    ...projects.map(p => ({ ...p, label: p.project })),
-                ],
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // CONTROL ENDPOINTS
-    // ============================================
-    // Get control status
-    app.get('/api/control/status', (_req, res) => {
-        try {
-            const status = getControlStatus();
-            res.json(status);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Pause memory creation (soft pause — kill switch takes precedence)
-    app.post('/api/control/pause', (_req, res) => {
-        try {
-            if (isKillSwitchActive()) {
-                return res.status(409).json({ error: 'Kill switch is active — use /api/iron-dome/resume to deactivate first', code: 'KILL_SWITCH_ACTIVE' });
-            }
-            pause();
-            res.json({ paused: true, message: 'Memory creation paused' });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Resume memory creation (soft resume — cannot override kill switch)
-    app.post('/api/control/resume', (_req, res) => {
-        try {
-            if (isKillSwitchActive()) {
-                return res.status(409).json({ error: 'Kill switch is active — use /api/iron-dome/resume to deactivate first', code: 'KILL_SWITCH_ACTIVE' });
-            }
-            resume();
-            res.json({ paused: false, message: 'Memory creation resumed' });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // CLOUD CONFIG ENDPOINTS
-    // ============================================
-    // Get cloud configuration status
-    app.get('/api/cloud/config', (_req, res) => {
-        try {
-            const config = getCloudConfig();
-            const openclawMemory = getOpenClawMemoryConfig();
-            res.json({
-                enabled: config.cloudEnabled,
-                apiKeySet: !!config.cloudApiKey,
-                baseUrl: config.cloudBaseUrl,
-                openclawMemory,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Update cloud configuration
-    app.post('/api/cloud/config', (req, res) => {
-        try {
-            const { cloudApiKey, cloudEnabled, cloudBaseUrl, openclawAutoMemory, openclawAutoMemoryDedupe, openclawAutoMemoryNoveltyThreshold, openclawAutoMemoryMaxRecent, } = req.body;
-            if (openclawAutoMemory !== undefined && typeof openclawAutoMemory !== 'boolean') {
-                res.status(400).json({ error: 'openclawAutoMemory must be a boolean' });
-                return;
-            }
-            if (openclawAutoMemoryDedupe !== undefined && typeof openclawAutoMemoryDedupe !== 'boolean') {
-                res.status(400).json({ error: 'openclawAutoMemoryDedupe must be a boolean' });
-                return;
-            }
-            if (openclawAutoMemoryNoveltyThreshold !== undefined &&
-                (typeof openclawAutoMemoryNoveltyThreshold !== 'number' || Number.isNaN(openclawAutoMemoryNoveltyThreshold))) {
-                res.status(400).json({ error: 'openclawAutoMemoryNoveltyThreshold must be a number' });
-                return;
-            }
-            if (openclawAutoMemoryMaxRecent !== undefined &&
-                (typeof openclawAutoMemoryMaxRecent !== 'number' || Number.isNaN(openclawAutoMemoryMaxRecent))) {
-                res.status(400).json({ error: 'openclawAutoMemoryMaxRecent must be a number' });
-                return;
-            }
-            setCloudConfig({
-                ...(cloudApiKey !== undefined && { cloudApiKey }),
-                ...(cloudEnabled !== undefined && { cloudEnabled }),
-                ...(cloudBaseUrl !== undefined && { cloudBaseUrl }),
-            });
-            setOpenClawMemoryConfig({
-                ...(openclawAutoMemory !== undefined && { autoMemory: openclawAutoMemory }),
-                ...(openclawAutoMemoryDedupe !== undefined && { dedupe: openclawAutoMemoryDedupe }),
-                ...(openclawAutoMemoryNoveltyThreshold !== undefined && { noveltyThreshold: openclawAutoMemoryNoveltyThreshold }),
-                ...(openclawAutoMemoryMaxRecent !== undefined && { maxRecent: openclawAutoMemoryMaxRecent }),
-            });
-            const updated = getCloudConfig();
-            const openclawMemory = getOpenClawMemoryConfig();
-            res.json({
-                success: true,
-                enabled: updated.cloudEnabled,
-                apiKeySet: !!updated.cloudApiKey,
-                baseUrl: updated.cloudBaseUrl,
-                openclawMemory,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // DEFENCE CONFIG ENDPOINTS
-    // ============================================
-    // Get defence configuration (firewall mode + integrity status)
-    app.get('/api/defence/config', (_req, res) => {
-        try {
-            res.json({ mode: getDefenceMode(), tampered: isConfigTampered() });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Update defence configuration (firewall mode)
-    app.post('/api/defence/config', (req, res) => {
-        try {
-            const { mode } = req.body;
-            const validModes = ['strict', 'balanced', 'permissive'];
-            if (!mode || !validModes.includes(mode)) {
-                res.status(400).json({ error: `Invalid mode. Must be one of: ${validModes.join(', ')}` });
-                return;
-            }
-            setDefenceMode(mode);
-            res.json({ success: true, mode });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get cloud sync status (queue stats + config)
-    app.get('/api/cloud/sync-status', (_req, res) => {
-        try {
-            const config = getCloudConfig();
-            const raw = readRawConfig();
-            const queue = getQueueStats();
-            res.json({
-                enabled: config.cloudEnabled,
-                apiKeySet: !!config.cloudApiKey,
-                lastSyncAt: (typeof raw.lastSyncAt === 'string' ? raw.lastSyncAt : null),
-                queue: {
-                    pending: queue.pending,
-                    failed: queue.failed,
-                },
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // VERSION ENDPOINTS
-    // ============================================
-    // Get current version (with stale detection)
-    app.get('/api/version', (_req, res) => {
-        try {
-            const version = getCurrentVersion();
-            const runningVersion = getRunningVersion();
-            res.json({ version, runningVersion, stale: runningVersion !== version });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Check for updates
-    app.get('/api/version/check', async (req, res) => {
-        try {
-            const forceRefresh = req.query.force === 'true';
-            const versionInfo = await checkForUpdates(forceRefresh);
-            res.json(versionInfo);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Perform update
-    app.post('/api/version/update', async (_req, res) => {
-        try {
-            // Notify clients that update is starting
-            broadcast({
-                type: 'update_started',
-                timestamp: new Date().toISOString(),
-                data: { message: 'Update in progress...' },
-            });
-            const result = await performUpdate();
-            // Notify clients of result
-            broadcast({
-                type: result.success ? 'update_complete' : 'update_failed',
-                timestamp: new Date().toISOString(),
-                data: result,
-            });
-            res.json(result);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Restart server
-    app.post('/api/version/restart', (_req, res) => {
-        try {
-            // Notify all WebSocket clients
-            broadcast({
-                type: 'server_restarting',
-                timestamp: new Date().toISOString(),
-                data: { message: 'Server restarting in 3 seconds...' },
-            });
-            // Close WebSocket connections gracefully
-            for (const client of clients) {
-                try {
-                    if (client.readyState === WebSocket.OPEN) {
-                        client.send(JSON.stringify({
-                            type: 'server_restarting',
-                            timestamp: new Date().toISOString(),
-                            data: { reconnectIn: 5000 },
-                        }));
-                    }
-                }
-                catch (e) {
-                    console.error('[shieldcortex] WebSocket send failed during restart:', e);
-                }
-            }
-            // Schedule restart after response is sent
-            res.json({ success: true, message: 'Server will restart in 3 seconds' });
-            scheduleRestart(3000);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get memory links/relationships
-    app.get('/api/links', requireNotLocked, (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const db = getDatabase();
-            const query = project
-                ? `
-          SELECT
-            ml.*,
-            m1.title as source_title,
-            m1.category as source_category,
-            m1.type as source_type,
-            m2.title as target_title,
-            m2.category as target_category,
-            m2.type as target_type
-          FROM memory_links ml
-          JOIN memories m1 ON ml.source_id = m1.id
-          JOIN memories m2 ON ml.target_id = m2.id
-          WHERE m1.project = ? OR m2.project = ?
-          ORDER BY ml.created_at DESC
-          LIMIT 500
-        `
-                : `
-          SELECT
-            ml.*,
-            m1.title as source_title,
-            m1.category as source_category,
-            m1.type as source_type,
-            m2.title as target_title,
-            m2.category as target_category,
-            m2.type as target_type
-          FROM memory_links ml
-          JOIN memories m1 ON ml.source_id = m1.id
-          JOIN memories m2 ON ml.target_id = m2.id
-          ORDER BY ml.created_at DESC
-          LIMIT 500
-        `;
-            const links = project
-                ? db.prepare(query).all(project, project)
-                : db.prepare(query).all();
-            res.json(links);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
+    registerMemoryRoutes(app, requireNotLocked);
+    registerRecallRoutes(app, requireNotLocked);
+    registerSystemRoutes(app, { broadcast, clients });
     // ============================================
     // INSIGHTS ENDPOINTS
     // ============================================
@@ -948,589 +205,26 @@ export function startVisualizationServer(dbPath) {
                     columns,
                     rows,
                     rowCount: rows.length,
-                    executionTime,
-                });
-            }
-            else {
-                // Write operation
-                const result = db.prepare(query).run();
-                const executionTime = Date.now() - startTime;
-                res.json({
-                    columns: ['changes', 'lastInsertRowid'],
-                    rows: [{ changes: result.changes, lastInsertRowid: result.lastInsertRowid }],
-                    rowCount: 1,
-                    executionTime,
-                });
-            }
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Trigger consolidation
-    app.post('/api/consolidate', requireNotLocked, (_req, res) => {
-        try {
-            const result = consolidate();
-            // Emit event for Activity log
-            emitConsolidation(result);
-            res.json({
-                success: true,
-                ...result,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get context summary
-    app.get('/api/context', requireNotLocked, async (req, res) => {
-        try {
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const summary = await generateContextSummary(project);
-            const formatted = formatContextSummary(summary);
-            res.json({
-                summary,
-                formatted,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get search suggestions (for autocomplete)
-    app.get('/api/suggestions', requireNotLocked, (req, res) => {
-        try {
-            const query = typeof req.query.q === 'string' ? req.query.q : '';
-            const limit = typeof req.query.limit === 'string' ? parseInt(req.query.limit) : 10;
-            if (!query || query.length < 2) {
-                return res.json({ suggestions: [] });
-            }
-            const db = getDatabase();
-            // Get suggestions from memory titles, categories, tags, and projects
-            const suggestions = [];
-            // Search titles that contain the query
-            const titleMatches = db.prepare(`
-        SELECT DISTINCT title, COUNT(*) as count
-        FROM memories
-        WHERE title LIKE ?
-        GROUP BY title
-        ORDER BY count DESC, last_accessed DESC
-        LIMIT ?
-      `).all(`%${query}%`, limit);
-            for (const match of titleMatches) {
-                suggestions.push({ text: match.title, type: 'title', count: match.count });
-            }
-            // Get matching categories
-            const categoryMatches = db.prepare(`
-        SELECT DISTINCT category, COUNT(*) as count
-        FROM memories
-        WHERE category LIKE ?
-        GROUP BY category
-        ORDER BY count DESC
-        LIMIT 5
-      `).all(`%${query}%`);
-            for (const match of categoryMatches) {
-                suggestions.push({ text: match.category, type: 'category', count: match.count });
-            }
-            // Get matching projects
-            const projectMatches = db.prepare(`
-        SELECT DISTINCT project, COUNT(*) as count
-        FROM memories
-        WHERE project IS NOT NULL AND project LIKE ?
-        GROUP BY project
-        ORDER BY count DESC
-        LIMIT 5
-      `).all(`%${query}%`);
-            for (const match of projectMatches) {
-                suggestions.push({ text: match.project, type: 'project', count: match.count });
-            }
-            // Sort by count and limit total results
-            suggestions.sort((a, b) => b.count - a.count);
-            const limitedSuggestions = suggestions.slice(0, limit);
-            res.json({ suggestions: limitedSuggestions });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // GRAPH / ONTOLOGY ENDPOINTS
-    // ============================================
-    // List entities with optional filters and pagination
-    app.get('/api/graph/entities', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const type = typeof req.query.type === 'string' ? req.query.type : undefined;
-            const minMentions = typeof req.query.minMentions === 'string' ? parseInt(req.query.minMentions) : 0;
-            const limit = typeof req.query.limit === 'string' ? Math.min(parseInt(req.query.limit), 500) : 100;
-            const offset = typeof req.query.offset === 'string' ? parseInt(req.query.offset) : 0;
-            let whereClause = 'WHERE 1=1';
-            const params = [];
-            if (type) {
-                whereClause += ' AND type = ?';
-                params.push(type);
-            }
-            if (minMentions > 0) {
-                whereClause += ' AND memory_count >= ?';
-                params.push(minMentions);
-            }
-            const totalRow = db.prepare(`SELECT COUNT(*) as count FROM entities ${whereClause}`).get(...params);
-            const total = totalRow.count;
-            const rows = db.prepare(`SELECT * FROM entities ${whereClause} ORDER BY memory_count DESC LIMIT ? OFFSET ?`).all(...params, limit, offset);
-            const entities = rows.map((r) => {
-                let aliases = [];
-                try {
-                    aliases = JSON.parse(r.aliases || '[]');
-                }
-                catch {
-                    aliases = [];
-                }
-                return {
-                    id: r.id,
-                    name: r.name,
-                    type: r.type,
-                    memoryCount: r.memory_count ?? 0,
-                    aliases,
-                    createdAt: r.created_at,
-                    updatedAt: r.updated_at,
-                };
-            });
-            res.json({ entities, total, offset, limit, hasMore: offset + limit < total });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get triples for a specific entity
-    app.get('/api/graph/entities/:id/triples', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const id = parseInt(req.params.id);
-            if (isNaN(id)) {
-                return res.status(400).json({ error: 'Invalid entity ID' });
-            }
-            const rows = db.prepare(`
-        SELECT t.*, s.name as subject_name, s.type as subject_type,
-               o.name as object_name, o.type as object_type
-        FROM triples t
-        JOIN entities s ON s.id = t.subject_id
-        JOIN entities o ON o.id = t.object_id
-        WHERE t.subject_id = ? OR t.object_id = ?
-        ORDER BY t.created_at DESC
-      `).all(id, id);
-            res.json({ triples: rows });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get memories linked to a specific entity
-    app.get('/api/graph/entities/:id/memories', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const id = parseInt(req.params.id);
-            if (isNaN(id)) {
-                return res.status(400).json({ error: 'Invalid entity ID' });
-            }
-            const rows = db.prepare(`
-        SELECT m.id, m.title, m.type, m.category, m.salience, m.created_at
-        FROM memories m
-        JOIN memory_entities me ON me.memory_id = m.id
-        WHERE me.entity_id = ?
-        ORDER BY m.salience DESC, m.created_at DESC
-        LIMIT 50
-      `).all(id);
-            res.json({ memories: rows });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Get neighbourhood of an entity: the entity, its direct neighbours, and connecting triples
-    app.get('/api/graph/entities/:id/neighbourhood', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const id = parseInt(req.params.id);
-            if (isNaN(id)) {
-                return res.status(400).json({ error: 'Invalid entity ID' });
-            }
-            // Get the focal entity
-            const focal = db.prepare('SELECT id, name, type, memory_count as memoryCount, aliases FROM entities WHERE id = ?').get(id);
-            if (!focal) {
-                return res.status(404).json({ error: 'Entity not found' });
-            }
-            focal.aliases = JSON.parse(focal.aliases || '[]');
-            // Get all triples involving this entity (exclude related_to noise — only meaningful predicates)
-            const triplesAll = db.prepare(`
-        SELECT t.id, t.subject_id, t.object_id, t.predicate,
-               s.name as subject_name, s.type as subject_type, s.memory_count as subject_count,
-               o.name as object_name, o.type as object_type, o.memory_count as object_count
-        FROM triples t
-        JOIN entities s ON s.id = t.subject_id
-        JOIN entities o ON o.id = t.object_id
-        WHERE (t.subject_id = ? OR t.object_id = ?)
-        ORDER BY
-          CASE WHEN t.predicate != 'related_to' THEN 0 ELSE 1 END,
-          CASE WHEN t.subject_id = ? THEN o.memory_count ELSE s.memory_count END DESC
-      `).all(id, id, id);
-            // Collect unique neighbour IDs, prioritising meaningful predicates
-            const neighbourIds = new Map();
-            const meaningfulTriples = [];
-            const relatedToTriples = [];
-            for (const t of triplesAll) {
-                const neighbourId = t.subject_id === id ? t.object_id : t.subject_id;
-                const count = t.subject_id === id ? t.object_count : t.subject_count;
-                if (neighbourId === id)
-                    continue;
-                if (t.predicate !== 'related_to') {
-                    meaningfulTriples.push(t);
-                    if (!neighbourIds.has(neighbourId)) {
-                        neighbourIds.set(neighbourId, { predicate: t.predicate, count });
-                    }
-                }
-                else {
-                    relatedToTriples.push(t);
-                }
-            }
-            // Add related_to neighbours up to a cap (prefer high memory count)
-            for (const t of relatedToTriples) {
-                if (neighbourIds.size >= 25)
-                    break;
-                const neighbourId = t.subject_id === id ? t.object_id : t.subject_id;
-                const count = t.subject_id === id ? t.object_count : t.subject_count;
-                if (!neighbourIds.has(neighbourId)) {
-                    neighbourIds.set(neighbourId, { predicate: 'related_to', count });
-                }
-            }
-            // Build triples list (only for included neighbours)
-            const includedTriples = [
-                ...meaningfulTriples.filter(t => {
-                    const nid = t.subject_id === id ? t.object_id : t.subject_id;
-                    return neighbourIds.has(nid);
-                }),
-                ...relatedToTriples.filter(t => {
-                    const nid = t.subject_id === id ? t.object_id : t.subject_id;
-                    return neighbourIds.has(nid);
-                }),
-            ];
-            // Deduplicate triples by id
-            const seenTriples = new Set();
-            const uniqueTriples = includedTriples.filter(t => {
-                if (seenTriples.has(t.id))
-                    return false;
-                seenTriples.add(t.id);
-                return true;
-            });
-            // Fetch neighbour entities
-            const neighbourEntities = [];
-            if (neighbourIds.size > 0) {
-                const ids = [...neighbourIds.keys()];
-                const placeholders = ids.map(() => '?').join(',');
-                const rows = db.prepare(`
-          SELECT id, name, type, memory_count as memoryCount, aliases
-          FROM entities WHERE id IN (${placeholders})
-        `).all(...ids);
-                for (const r of rows) {
-                    r.aliases = JSON.parse(r.aliases || '[]');
-                    neighbourEntities.push(r);
-                }
-            }
-            res.json({
-                focal,
-                neighbours: neighbourEntities,
-                triples: uniqueTriples,
-                totalConnections: triplesAll.length,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // List triples with optional predicate filter and pagination
-    app.get('/api/graph/triples', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const predicate = typeof req.query.predicate === 'string' ? req.query.predicate : undefined;
-            const limit = typeof req.query.limit === 'string' ? Math.min(parseInt(req.query.limit), 10000) : 100;
-            const offset = typeof req.query.offset === 'string' ? parseInt(req.query.offset) : 0;
-            let whereClause = '';
-            const params = [];
-            if (predicate) {
-                whereClause = 'WHERE t.predicate = ?';
-                params.push(predicate);
-            }
-            // For large triple sets, only return triples involving the top 500 entities
-            // to keep response sizes manageable
-            const totalRow = db.prepare(`SELECT COUNT(*) as count FROM triples t ${whereClause}`).get(...params);
-            const total = totalRow.count;
-            const rows = db.prepare(`
-        SELECT t.*, s.name as subject_name, s.type as subject_type,
-               o.name as object_name, o.type as object_type
-        FROM triples t
-        JOIN entities s ON s.id = t.subject_id
-        JOIN entities o ON o.id = t.object_id
-        ${whereClause}
-        ORDER BY t.created_at DESC
-        LIMIT ? OFFSET ?
-      `).all(...params, limit, offset);
-            res.json({ triples: rows, total, offset, limit, hasMore: offset + limit < total });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Search entities by name
-    app.get('/api/graph/search', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const q = typeof req.query.q === 'string' ? req.query.q : '';
-            if (!q) {
-                return res.status(400).json({ error: 'Query parameter "q" is required' });
-            }
-            const rows = db.prepare(`SELECT * FROM entities WHERE LOWER(name) LIKE ? ORDER BY memory_count DESC LIMIT 20`).all(`%${q.toLowerCase()}%`);
-            const entities = rows.map((r) => {
-                let aliases = [];
-                try {
-                    aliases = JSON.parse(r.aliases || '[]');
-                }
-                catch {
-                    aliases = [];
-                }
-                return {
-                    id: r.id,
-                    name: r.name,
-                    type: r.type,
-                    memoryCount: r.memory_count ?? 0,
-                    aliases,
-                };
-            });
-            res.json({ entities });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Find path between two entities using BFS
-    app.get('/api/graph/paths', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const fromName = typeof req.query.from === 'string' ? req.query.from : '';
-            const toName = typeof req.query.to === 'string' ? req.query.to : '';
-            if (!fromName || !toName) {
-                return res.status(400).json({ error: 'Both "from" and "to" query parameters are required' });
-            }
-            const fromRow = db.prepare('SELECT * FROM entities WHERE LOWER(name) = LOWER(?)').get(fromName);
-            if (!fromRow) {
-                return res.status(404).json({ error: `Entity "${fromName}" not found` });
-            }
-            const toRow = db.prepare('SELECT * FROM entities WHERE LOWER(name) = LOWER(?)').get(toName);
-            if (!toRow) {
-                return res.status(404).json({ error: `Entity "${toName}" not found` });
-            }
-            if (fromRow.id === toRow.id) {
-                return res.json({ path: [{ entity: fromRow.name, predicate: '(self)' }], sourceMemories: [] });
-            }
-            // BFS
-            const maxDepth = 4;
-            const visited = new Map();
-            visited.set(fromRow.id, { id: fromRow.id, name: fromRow.name, parentId: null, predicate: '', sourceMemoryId: null });
-            let frontier = [fromRow.id];
-            let found = false;
-            for (let d = 0; d < maxDepth && !found; d++) {
-                const nextFrontier = [];
-                for (const nodeId of frontier) {
-                    const outgoing = db.prepare('SELECT t.object_id as next_id, t.predicate, t.source_memory_id, e.name FROM triples t JOIN entities e ON e.id = t.object_id WHERE t.subject_id = ?').all(nodeId);
-                    for (const row of outgoing) {
-                        if (!visited.has(row.next_id)) {
-                            visited.set(row.next_id, { id: row.next_id, name: row.name, parentId: nodeId, predicate: row.predicate, sourceMemoryId: row.source_memory_id });
-                            nextFrontier.push(row.next_id);
-                            if (row.next_id === toRow.id) {
-                                found = true;
-                                break;
-                            }
-                        }
-                    }
-                    if (found)
-                        break;
-                    const incoming = db.prepare('SELECT t.subject_id as next_id, t.predicate, t.source_memory_id, e.name FROM triples t JOIN entities e ON e.id = t.subject_id WHERE t.object_id = ?').all(nodeId);
-                    for (const row of incoming) {
-                        if (!visited.has(row.next_id)) {
-                            visited.set(row.next_id, { id: row.next_id, name: row.name, parentId: nodeId, predicate: `~${row.predicate}`, sourceMemoryId: row.source_memory_id });
-                            nextFrontier.push(row.next_id);
-                            if (row.next_id === toRow.id) {
-                                found = true;
-                                break;
-                            }
-                        }
-                    }
-                    if (found)
-                        break;
-                }
-                frontier = nextFrontier;
-                if (frontier.length === 0)
-                    break;
-            }
-            if (!found) {
-                return res.json({ path: [], sourceMemories: [], message: 'No path found' });
-            }
-            // Reconstruct path
-            const path = [];
-            const sourceMemoryIds = [];
-            let current = visited.get(toRow.id);
-            while (current) {
-                path.unshift({ entity: current.name, predicate: current.predicate });
-                if (current.sourceMemoryId)
-                    sourceMemoryIds.push(current.sourceMemoryId);
-                current = current.parentId !== null ? visited.get(current.parentId) : undefined;
-            }
-            // Fetch source memories
-            const sourceMemories = sourceMemoryIds.length > 0
-                ? db.prepare(`SELECT id, title FROM memories WHERE id IN (${sourceMemoryIds.map(() => '?').join(',')})`).all(...sourceMemoryIds)
-                : [];
-            res.json({ path, sourceMemories });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // BRAIN CONTROL CENTRE
-    // ============================================
-    // Boost memory salience (+0.15, capped at 1.0)
-    app.post('/api/memories/:id/boost', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = getMemoryById(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            const newSalience = Math.min(1.0, (memory.salience ?? 0.5) + 0.15);
-            const updated = updateMemory(id, { salience: newSalience });
-            res.json(updated);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Demote memory salience (-0.15, floor at 0.05)
-    app.post('/api/memories/:id/demote', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = getMemoryById(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            const newSalience = Math.max(0.05, (memory.salience ?? 0.5) - 0.15);
-            const updated = updateMemory(id, { salience: newSalience });
-            res.json(updated);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Promote memory from STM to LTM
-    app.post('/api/memories/:id/promote', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = promoteMemory(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            res.json(memory);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Update memory (partial: title, content, tags, category, importance/salience)
-    app.patch('/api/memories/:id', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const { title, content, category, tags, importance } = req.body;
-            // Validate provided fields
-            if (title !== undefined) {
-                if (typeof title !== 'string' || title.trim().length === 0) {
-                    return res.status(400).json({ error: 'Title must be a non-empty string' });
-                }
-            }
-            if (content !== undefined) {
-                if (typeof content !== 'string') {
-                    return res.status(400).json({ error: 'Content must be a string' });
-                }
-            }
-            const validCategories = ['architecture', 'pattern', 'preference', 'error', 'context', 'learning', 'todo', 'note', 'relationship', 'custom'];
-            if (category !== undefined) {
-                if (!validCategories.includes(category)) {
-                    return res.status(400).json({ error: `Category must be one of: ${validCategories.join(', ')}` });
-                }
-            }
-            if (tags !== undefined) {
-                if (!Array.isArray(tags) || !tags.every((t) => typeof t === 'string')) {
-                    return res.status(400).json({ error: 'Tags must be an array of strings' });
-                }
-            }
-            if (importance !== undefined) {
-                if (typeof importance !== 'number' || importance < 0 || importance > 1) {
-                    return res.status(400).json({ error: 'Importance must be a number between 0 and 1' });
-                }
-            }
-            // Build clean updates object (map importance → salience)
-            const updates = {};
-            if (title !== undefined)
-                updates.title = title.trim();
-            if (content !== undefined)
-                updates.content = content;
-            if (category !== undefined)
-                updates.category = category;
-            if (tags !== undefined)
-                updates.tags = tags;
-            if (importance !== undefined)
-                updates.salience = importance;
-            const updated = updateMemory(id, updates);
-            if (!updated) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            res.json(updated);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Quarantine a memory (move to quarantine table, delete original)
-    app.post('/api/memories/:id/quarantine', requireNotLocked, (req, res) => {
-        try {
-            const id = parseInt(req.params.id);
-            const memory = getMemoryById(id);
-            if (!memory) {
-                return res.status(404).json({ error: 'Memory not found' });
-            }
-            const db = getDatabase();
-            db.prepare(`INSERT INTO quarantine (original_title, original_content, source_type, source_identifier, reason, project, status, created_at)
-         VALUES (?, ?, ?, ?, ?, ?, 'pending', ?)`).run(memory.title, memory.content, 'dashboard', 'brain-control', req.body.reason || 'Manually quarantined from Brain dashboard', memory.project || null, new Date().toISOString());
-            deleteMemory(id);
-            res.json({ success: true, quarantined: id });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Create a manual link between two memories
-    app.post('/api/links', requireNotLocked, (req, res) => {
-        try {
-            const { sourceId, targetId, relationship, strength } = req.body;
-            if (!sourceId || !targetId || !relationship) {
-                return res.status(400).json({ error: 'sourceId, targetId, and relationship are required' });
+                    executionTime,
+                });
             }
-            const link = createMemoryLink(sourceId, targetId, relationship, strength ?? 0.5);
-            if (!link) {
-                return res.status(404).json({ error: 'One or both memories not found, or self-link attempted' });
+            else {
+                // Write operation
+                const result = db.prepare(query).run();
+                const executionTime = Date.now() - startTime;
+                res.json({
+                    columns: ['changes', 'lastInsertRowid'],
+                    rows: [{ changes: result.changes, lastInsertRowid: result.lastInsertRowid }],
+                    rowCount: 1,
+                    executionTime,
+                });
             }
-            res.json(link);
         }
         catch (error) {
             res.status(500).json({ error: error.message });
         }
     });
+    registerGraphRoutes(app, requireNotLocked);
     // ============================================
     // SKILL SCANNER
     // ============================================
@@ -1848,585 +542,9 @@ export function startVisualizationServer(dbPath) {
             res.status(500).json({ error: error.message });
         }
     });
-    // Query audit logs
-    app.get('/api/v1/audit', (req, res) => {
-        try {
-            const options = {};
-            if (req.query.startTime)
-                options.startTime = req.query.startTime;
-            if (req.query.endTime)
-                options.endTime = req.query.endTime;
-            if (req.query.source)
-                options.source = req.query.source;
-            if (req.query.firewallResult)
-                options.firewallResult = req.query.firewallResult;
-            if (req.query.limit)
-                options.limit = parseInt(req.query.limit, 10);
-            if (req.query.project)
-                options.project = req.query.project;
-            const logs = queryAuditLogs(options);
-            res.json({ logs, total: logs.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Audit statistics
-    app.get('/api/v1/audit/stats', (req, res) => {
-        try {
-            const timeRange = req.query.timeRange ?? '24h';
-            const project = req.query.project;
-            const stats = getAuditStats(timeRange, project);
-            res.json(stats);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Incident replay — reconstruct a best-effort timeline from audit, quarantine, and persisted events.
-    app.get('/api/v1/incidents/replay', (req, res) => {
-        try {
-            const limit = Math.min(parseInt(req.query.limit, 10) || 200, 500);
-            const startTime = typeof req.query.startTime === 'string' ? req.query.startTime : undefined;
-            const endTime = typeof req.query.endTime === 'string' ? req.query.endTime : undefined;
-            const project = typeof req.query.project === 'string' ? req.query.project : undefined;
-            const sourceIdentifier = typeof req.query.sourceIdentifier === 'string' ? req.query.sourceIdentifier : undefined;
-            const memoryId = req.query.memoryId ? parseInt(req.query.memoryId, 10) : undefined;
-            const events = queryIncidentReplay({
-                startTime,
-                endTime,
-                project,
-                sourceIdentifier,
-                memoryId,
-                limit,
-            });
-            res.json({
-                events,
-                total: events.length,
-                coverage: {
-                    sources: ['defence_audit', 'quarantine', 'events'],
-                    note: 'Replay is best-effort. Durable audit and quarantine history is complete; generic event coverage depends on the retained events table window.',
-                },
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Agent registry — distinct agents aggregated from audit logs
-    app.get('/api/v1/agents', (req, res) => {
-        try {
-            const timeRange = req.query.timeRange ?? '24h';
-            const project = req.query.project;
-            const agents = queryAgentRegistry(timeRange, project);
-            res.json({ agents });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Agent trust score timeline
-    app.get('/api/v1/agents/:identifier/timeline', (req, res) => {
-        try {
-            const identifier = decodeURIComponent(req.params.identifier);
-            const timeRange = req.query.timeRange ?? '24h';
-            const project = req.query.project;
-            const points = queryAgentTimeline(identifier, timeRange, project);
-            res.json({ points });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Agent operations — paginated audit entries for one agent
-    app.get('/api/v1/agents/:identifier/operations', (req, res) => {
-        try {
-            const identifier = decodeURIComponent(req.params.identifier);
-            const limit = parseInt(req.query.limit, 10) || 50;
-            const offset = parseInt(req.query.offset, 10) || 0;
-            const firewallResult = req.query.firewallResult;
-            const project = req.query.project;
-            const entries = queryAgentOperations(identifier, {
-                limit, offset, project,
-                firewallResult: firewallResult,
-            });
-            res.json({ entries, limit, offset });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // List quarantined items
-    app.get('/api/v1/quarantine', (req, res) => {
-        try {
-            const db = getDatabase();
-            const status = req.query.status ?? 'pending';
-            const limit = parseInt(req.query.limit, 10) || 50;
-            const project = req.query.project;
-            const sql = project
-                ? 'SELECT * FROM quarantine WHERE status = ? AND project = ? ORDER BY created_at DESC LIMIT ?'
-                : 'SELECT * FROM quarantine WHERE status = ? ORDER BY created_at DESC LIMIT ?';
-            const params = project ? [status, project, limit] : [status, limit];
-            const rows = db.prepare(sql).all(...params);
-            const items = rows.map((r) => ({
-                ...r,
-                title: r.original_title,
-                content: r.original_content,
-            }));
-            res.json({ items, total: items.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Approve quarantined item
-    app.post('/api/v1/quarantine/:id/approve', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const id = parseInt(req.params.id, 10);
-            const reviewedBy = req.body?.reviewedBy ?? 'api';
-            const result = db.prepare('UPDATE quarantine SET status = ?, reviewed_at = ?, reviewed_by = ? WHERE id = ? AND status = ?').run('approved', new Date().toISOString(), reviewedBy, id, 'pending');
-            if (result.changes === 0) {
-                return res.status(404).json({ error: 'Quarantine entry not found or already reviewed' });
-            }
-            res.json({ success: true, id, status: 'approved' });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Reject quarantined item
-    app.post('/api/v1/quarantine/:id/reject', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const id = parseInt(req.params.id, 10);
-            const reviewedBy = req.body?.reviewedBy ?? 'api';
-            const notes = req.body?.notes ?? null;
-            const result = db.prepare('UPDATE quarantine SET status = ?, reviewed_at = ?, reviewed_by = ? WHERE id = ? AND status = ?').run('rejected', new Date().toISOString(), reviewedBy, id, 'pending');
-            if (result.changes === 0) {
-                return res.status(404).json({ error: 'Quarantine entry not found or already reviewed' });
-            }
-            res.json({ success: true, id, status: 'rejected' });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Bulk approve quarantined items
-    app.post('/api/v1/quarantine/bulk-approve', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const ids = req.body?.ids;
-            if (!Array.isArray(ids) || ids.length === 0) {
-                return res.status(400).json({ error: 'ids must be a non-empty array of numbers' });
-            }
-            const reviewedBy = req.body?.reviewedBy ?? 'dashboard';
-            const now = new Date().toISOString();
-            const stmt = db.prepare('UPDATE quarantine SET status = ?, reviewed_at = ?, reviewed_by = ? WHERE id = ? AND status = ?');
-            let updated = 0;
-            const txn = db.transaction(() => {
-                for (const id of ids) {
-                    const result = stmt.run('approved', now, reviewedBy, id, 'pending');
-                    updated += result.changes;
-                }
-            });
-            txn();
-            res.json({ success: true, updated, total: ids.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Bulk reject quarantined items
-    app.post('/api/v1/quarantine/bulk-reject', requireNotLocked, (req, res) => {
-        try {
-            const db = getDatabase();
-            const ids = req.body?.ids;
-            if (!Array.isArray(ids) || ids.length === 0) {
-                return res.status(400).json({ error: 'ids must be a non-empty array of numbers' });
-            }
-            const reviewedBy = req.body?.reviewedBy ?? 'dashboard';
-            const now = new Date().toISOString();
-            const stmt = db.prepare('UPDATE quarantine SET status = ?, reviewed_at = ?, reviewed_by = ? WHERE id = ? AND status = ?');
-            let updated = 0;
-            const txn = db.transaction(() => {
-                for (const id of ids) {
-                    const result = stmt.run('rejected', now, reviewedBy, id, 'pending');
-                    updated += result.changes;
-                }
-            });
-            txn();
-            res.json({ success: true, updated, total: ids.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Retroactive sync: push existing quarantine items to cloud
-    app.post('/api/quarantine/sync-to-cloud', requireNotLocked, async (_req, res) => {
-        try {
-            const config = getCloudConfig();
-            if (!config.cloudEnabled || !config.cloudApiKey) {
-                return res.status(400).json({ error: 'Cloud not configured. Enable cloud sync first.' });
-            }
-            const db = getDatabase();
-            const rows = db.prepare('SELECT * FROM quarantine WHERE status = ? ORDER BY created_at ASC').all('pending');
-            if (rows.length === 0) {
-                return res.json({ synced: 0, message: 'No pending quarantine items to sync.' });
-            }
-            let synced = 0;
-            const errors = [];
-            for (const row of rows) {
-                try {
-                    const indicators = (() => {
-                        try {
-                            return JSON.parse(row.threat_indicators ?? '[]');
-                        }
-                        catch {
-                            return [];
-                        }
-                    })();
-                    const resp = await fetch(`${config.cloudBaseUrl}/v1/quarantine/ingest`, {
-                        method: 'POST',
-                        headers: {
-                            'Content-Type': 'application/json',
-                            Authorization: `Bearer ${config.cloudApiKey}`,
-                        },
-                        body: JSON.stringify({
-                            original_content: row.original_content,
-                            original_title: row.original_title ?? undefined,
-                            source_type: row.source_type ?? 'unknown',
-                            source_identifier: row.source_identifier ?? 'unknown',
-                            reason: row.reason ?? 'Unknown reason',
-                            threat_indicators: indicators,
-                            anomaly_score: row.anomaly_score ?? 0,
-                            firewall_result: row.firewall_result ?? 'QUARANTINE',
-                        }),
-                        signal: AbortSignal.timeout(10_000),
-                    });
-                    if (resp.ok) {
-                        synced++;
-                    }
-                    else {
-                        const body = await resp.text().catch(() => '');
-                        errors.push(`Item ${row.id}: ${resp.status} ${body.substring(0, 100)}`);
-                    }
-                }
-                catch (e) {
-                    errors.push(`Item ${row.id}: ${e.message}`);
-                }
-            }
-            res.json({ synced, total: rows.length, errors: errors.length > 0 ? errors : undefined });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Create and start the background brain worker
     const brainWorker = new BrainWorker();
-    // Worker status endpoint
-    app.get('/api/worker/status', (_req, res) => {
-        try {
-            res.json(brainWorker.getStatus());
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Manually trigger light tick (for testing)
-    app.post('/api/worker/trigger-light', requireNotLocked, async (_req, res) => {
-        try {
-            const result = await brainWorker.triggerLightTick();
-            res.json({
-                success: true,
-                ...result,
-                timestamp: result.timestamp.toISOString(),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // Manually trigger medium tick (for testing)
-    app.post('/api/worker/trigger-medium', requireNotLocked, async (_req, res) => {
-        try {
-            const result = await brainWorker.triggerMediumTick();
-            res.json({
-                success: true,
-                ...result,
-                timestamp: result.timestamp.toISOString(),
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // LICENSE
-    // ============================================
-    app.get('/api/license/status', (_req, res) => {
-        try {
-            const info = getLicense();
-            const features = listFeatures();
-            res.json({
-                tier: info.tier,
-                valid: info.valid,
-                email: info.email,
-                expiresAt: info.expiresAt?.toISOString() ?? null,
-                daysUntilExpiry: info.daysUntilExpiry,
-                teamId: info.teamId,
-                features,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.post('/api/license/activate', async (req, res) => {
-        try {
-            const { key } = req.body;
-            if (!key || typeof key !== 'string') {
-                return res.status(400).json({ error: 'License key is required' });
-            }
-            const info = activateLicense(key.trim());
-            // Fire online validation (non-blocking but wait briefly for immediate feedback)
-            const validationStatus = await validateOnceNow();
-            const features = listFeatures();
-            res.json({
-                success: true,
-                tier: info.tier,
-                valid: info.valid,
-                email: info.email,
-                expiresAt: info.expiresAt?.toISOString() ?? null,
-                daysUntilExpiry: info.daysUntilExpiry,
-                validationStatus,
-                features,
-            });
-        }
-        catch (error) {
-            res.status(400).json({ error: error.message });
-        }
-    });
-    app.post('/api/license/deactivate', (_req, res) => {
-        try {
-            deactivateLicense();
-            const features = listFeatures();
-            res.json({
-                success: true,
-                tier: 'free',
-                features,
-            });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ============================================
-    // PRO FEATURE ENDPOINTS
-    // ============================================
-    // ── Custom Firewall Rules ────────────────────
-    app.get('/api/firewall-rules', requireProFeature('custom_firewall_rules'), (_req, res) => {
-        try {
-            const { listFirewallRules } = require('../defence/custom-rules/store.js');
-            const rules = listFirewallRules();
-            res.json({ rules, total: rules.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.post('/api/firewall-rules', requireProFeature('custom_firewall_rules'), (req, res) => {
-        try {
-            const { createFirewallRule } = require('../defence/custom-rules/store.js');
-            const { name, priority, condition_type, condition_value, action } = req.body;
-            if (!name || !condition_type || !condition_value || !action) {
-                return res.status(400).json({ error: 'name, condition_type, condition_value, and action are required' });
-            }
-            const rule = createFirewallRule({ name, priority: priority ?? 100, condition_type, condition_value, action });
-            res.status(201).json(rule);
-        }
-        catch (error) {
-            const msg = error.message;
-            const status = msg.includes('Maximum') ? 400 : 500;
-            res.status(status).json({ error: msg });
-        }
-    });
-    app.patch('/api/firewall-rules/:id', requireProFeature('custom_firewall_rules'), (req, res) => {
-        try {
-            const { updateFirewallRule } = require('../defence/custom-rules/store.js');
-            const rule = updateFirewallRule(Number(req.params.id), req.body);
-            if (!rule)
-                return res.status(404).json({ error: 'Rule not found' });
-            res.json(rule);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.delete('/api/firewall-rules/:id', requireProFeature('custom_firewall_rules'), (req, res) => {
-        try {
-            const { deleteFirewallRule } = require('../defence/custom-rules/store.js');
-            const deleted = deleteFirewallRule(Number(req.params.id));
-            if (!deleted)
-                return res.status(404).json({ error: 'Rule not found' });
-            res.json({ success: true, id: Number(req.params.id) });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ── Custom Injection Patterns ────────────────
-    app.get('/api/patterns', requireProFeature('custom_injection_patterns'), (_req, res) => {
-        try {
-            const { listCustomPatterns } = require('../defence/custom-patterns/store.js');
-            const patterns = listCustomPatterns();
-            res.json({ patterns, total: patterns.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.post('/api/patterns', requireProFeature('custom_injection_patterns'), (req, res) => {
-        try {
-            const { createCustomPattern, validateRegex } = require('../defence/custom-patterns/store.js');
-            const { name, category, severity, regex, description } = req.body;
-            if (!name || !regex) {
-                return res.status(400).json({ error: 'name and regex are required' });
-            }
-            // Validate regex safety before creating
-            const validation = validateRegex(regex);
-            if (!validation.valid) {
-                return res.status(400).json({ error: validation.error });
-            }
-            const pattern = createCustomPattern({
-                name,
-                category: category || 'custom',
-                severity: severity || 'medium',
-                regex,
-                description,
-            });
-            res.status(201).json(pattern);
-        }
-        catch (error) {
-            const msg = error.message;
-            const status = msg.includes('Maximum') || msg.includes('Invalid') || msg.includes('rejected') ? 400 : 500;
-            res.status(status).json({ error: msg });
-        }
-    });
-    app.delete('/api/patterns/:id', requireProFeature('custom_injection_patterns'), (req, res) => {
-        try {
-            const { deleteCustomPattern } = require('../defence/custom-patterns/store.js');
-            const deleted = deleteCustomPattern(Number(req.params.id));
-            if (!deleted)
-                return res.status(404).json({ error: 'Pattern not found' });
-            res.json({ success: true, id: Number(req.params.id) });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.post('/api/patterns/:id/test', requireProFeature('custom_injection_patterns'), (req, res) => {
-        try {
-            const { testPattern } = require('../defence/custom-patterns/store.js');
-            const { text } = req.body;
-            if (!text)
-                return res.status(400).json({ error: 'text is required' });
-            const result = testPattern(Number(req.params.id), text);
-            res.json(result);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ── Custom Iron Dome Policies ────────────────
-    app.get('/api/iron-dome/policies', requireProFeature('custom_iron_dome_policies'), (_req, res) => {
-        try {
-            const { listIronDomePolicies } = require('../defence/iron-dome/custom-policies.js');
-            const policies = listIronDomePolicies();
-            res.json({ policies, total: policies.length });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.post('/api/iron-dome/policies', requireProFeature('custom_iron_dome_policies'), (req, res) => {
-        try {
-            const { createIronDomePolicy } = require('../defence/iron-dome/custom-policies.js');
-            const { name, description, config } = req.body;
-            if (!name)
-                return res.status(400).json({ error: 'name is required' });
-            const policy = createIronDomePolicy({ name, description, config: config || {} });
-            res.status(201).json(policy);
-        }
-        catch (error) {
-            const msg = error.message;
-            const status = msg.includes('Maximum') ? 400 : 500;
-            res.status(status).json({ error: msg });
-        }
-    });
-    app.delete('/api/iron-dome/policies/:id', requireProFeature('custom_iron_dome_policies'), (req, res) => {
-        try {
-            const { deleteIronDomePolicy } = require('../defence/iron-dome/custom-policies.js');
-            const deleted = deleteIronDomePolicy(Number(req.params.id));
-            if (!deleted)
-                return res.status(404).json({ error: 'Policy not found' });
-            res.json({ success: true, id: Number(req.params.id) });
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    app.put('/api/iron-dome/policies/:id/activate', requireProFeature('custom_iron_dome_policies'), (req, res) => {
-        try {
-            const { activateIronDomePolicy } = require('../defence/iron-dome/custom-policies.js');
-            const policy = activateIronDomePolicy(Number(req.params.id));
-            if (!policy)
-                return res.status(404).json({ error: 'Policy not found' });
-            res.json(policy);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ── Audit Export ─────────────────────────────
-    app.get('/api/audit/export', requireProFeature('audit_export'), (req, res) => {
-        try {
-            const { exportAuditJSON, exportAuditCSV } = require('../defence/audit/export.js');
-            const format = req.query.format || 'json';
-            const startTime = req.query.startTime;
-            const endTime = req.query.endTime;
-            if (format === 'csv') {
-                const csv = exportAuditCSV(startTime, endTime);
-                res.setHeader('Content-Type', 'text/csv');
-                res.setHeader('Content-Disposition', `attachment; filename="shieldcortex-audit-${Date.now()}.csv"`);
-                res.send(csv);
-            }
-            else {
-                const json = exportAuditJSON(startTime, endTime);
-                res.setHeader('Content-Type', 'application/json');
-                res.setHeader('Content-Disposition', `attachment; filename="shieldcortex-audit-${Date.now()}.json"`);
-                res.send(json);
-            }
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
-    // ── Deep Skill Scanner ───────────────────────
-    app.post('/api/skills/deep-scan', requireProFeature('skill_scanner_deep'), async (req, res) => {
-        try {
-            const { runDeepScan } = require('../defence/skill-scanner/deep-scan.js');
-            const { files } = req.body;
-            if (!files || !Array.isArray(files) || files.length === 0) {
-                return res.status(400).json({ error: 'files array is required (each with name and content)' });
-            }
-            const result = await runDeepScan(files);
-            res.json(result);
-        }
-        catch (error) {
-            res.status(500).json({ error: error.message });
-        }
-    });
+    registerIncidentRoutes(app);
+    registerAdminRoutes(app, { brainWorker, requireNotLocked, requireProFeature });
     // ============================================
     // WEBSOCKET SERVER
     // ============================================