whale-code 6.4.0

package/dist/server/index.js

@@ -0,0 +1,2427 @@
+// server/index.ts — Unified Node.js agent server for Fly.io
+// All CLI optimizations: prompt caching, retry, loop detection, parallel tools,
+// model-aware context management, cost tracking, compaction block handling
+//
+// Shares agent-core with CLI via src/shared/agent-core.ts
+import http from "node:http";
+import { randomUUID, timingSafeEqual, createHash } from "node:crypto";
+import Anthropic from "@anthropic-ai/sdk";
+import { createLogger } from "./lib/logger.js";
+const log = createLogger("server");
+import { getMaxOutputTokens, sanitizeError, } from "../shared/agent-core.js";
+import { MODELS } from "../shared/constants.js";
+import { handleProxy } from "./proxy-handlers.js";
+import { handleNodeRoutes, setNodeAgentInvoker } from "./handlers/nodes.js";
+import { handleTranscribe } from "./handlers/transcription.js";
+import { handleBillingRoutes, incrementUsage, checkPlanLimits } from "./handlers/billing.js";
+import { generateCompaction } from "./lib/compaction-service.js";
+import { initLocalAgentGateway, shutdownGateway as shutdownAgentGateway, getGatewayStats } from "./local-agent-gateway.js";
+import { initSupabase, getServiceClient, createUserClient } from "./lib/supabase-client.js";
+import { loadCheckpoint, markOrphaned } from "./lib/session-checkpoint.js";
+import { rateLimiter } from "./lib/rate-limiter.js";
+import { sanitizeAndLog } from "./lib/prompt-sanitizer.js";
+import { processWorkflowSteps, processWaitingSteps, handleWebhookIngestion, executeInlineChain, setToolExecutor, setAgentExecutor, setTokenBroadcaster, setStepErrorBroadcaster, verifyGuestApprovalSignature, initWorkerPool, getPoolStats, shutdownPool, processScheduleTriggers, enforceWorkflowTimeouts, processEventTriggers, cleanupOrphanedSteps, processDlqRetries } from "./handlers/workflows.js";
+import { runServerAgentLoop } from "./lib/server-agent-loop.js";
+import { loadTools, loadUserTools, getToolsForAgent, executeTool, loadAgentConfig, setExtendedToolsCache, getExtendedToolsIndex, flushAuditLogs, } from "./tool-router.js";
+import pg from "pg";
+// ============================================================================
+// PROCESS ERROR HANDLERS
+// ============================================================================
+process.on("unhandledRejection", (reason, _promise) => {
+    log.error({ err: reason }, "unhandled rejection");
+});
+process.on("uncaughtException", (err) => {
+    log.fatal({ err }, "uncaught exception");
+    process.exit(1);
+});
+// ============================================================================
+// ENV CONFIG
+// ============================================================================
+const PORT = parseInt(process.env.PORT || "8080", 10);
+const SUPABASE_URL = process.env.SUPABASE_URL;
+const SUPABASE_SERVICE_ROLE_KEY = process.env.SUPABASE_SERVICE_ROLE_KEY;
+const SERVICE_ROLE_JWT = process.env.SERVICE_ROLE_JWT || "";
+const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+const ALLOWED_ORIGINS = (process.env.ALLOWED_ORIGINS || "http://localhost:3000,http://127.0.0.1:3000").split(",").map(s => s.trim());
+const FLY_INTERNAL_SECRET = process.env.FLY_INTERNAL_SECRET || "";
+// ============================================================================
+// READINESS STATE
+// ============================================================================
+let pgListenReady = false;
+let workerPoolReady = false;
+function isReady() {
+    return workerPoolReady; // PG listen is optional (SSE only)
+}
+// Webchat agent invoker — set later to avoid circular deps (same as node agent invoker)
+let webchatAgentInvoker = null;
+// ============================================================================
+// RATE LIMITING — Phase 7.2 token-bucket (see lib/rate-limiter.ts)
+// ============================================================================
+/** Check IP rate limit and send 429 with proper headers if exceeded */
+function sendIpRateLimit(res, ip, headers) {
+    const result = rateLimiter.checkRequest(`ip:${ip}`, "unauthenticated");
+    if (result.allowed)
+        return false; // not rate-limited
+    res.writeHead(429, {
+        "Retry-After": String(Math.ceil(result.retryAfterMs / 1000) || 1),
+        "X-RateLimit-Remaining": "0",
+        "Content-Type": "application/json",
+        ...headers,
+    });
+    res.end(JSON.stringify({ error: "Too many requests" }));
+    return true; // was rate-limited
+}
+// Agent chat rate limiting — per-store + global concurrent cap
+const agentChatLimiter = new Map();
+const AGENT_CHAT_MAX_PER_MIN = 60;
+const AGENT_CHAT_MAX_CONCURRENT = 10;
+let agentChatConcurrent = 0;
+// Periodically clean up stale entries from agentChatLimiter to prevent unbounded Map growth
+setInterval(() => {
+    const now = Date.now();
+    for (const [key, entry] of agentChatLimiter) {
+        if (now - entry.windowStart > 120_000) {
+            agentChatLimiter.delete(key);
+        }
+    }
+}, 60_000);
+function checkAgentChatRateLimit(storeId) {
+    // Concurrent check
+    if (agentChatConcurrent >= AGENT_CHAT_MAX_CONCURRENT) {
+        return { allowed: false, error: "Too many concurrent agent sessions. Please wait." };
+    }
+    // Per-store per-minute check
+    const now = Date.now();
+    let entry = agentChatLimiter.get(storeId);
+    if (!entry || now - entry.windowStart > 60_000) {
+        entry = { count: 0, windowStart: now };
+        agentChatLimiter.set(storeId, entry);
+    }
+    entry.count++;
+    if (entry.count > AGENT_CHAT_MAX_PER_MIN) {
+        return { allowed: false, error: `Rate limit exceeded: ${AGENT_CHAT_MAX_PER_MIN}/min for agent chat` };
+    }
+    return { allowed: true };
+}
+// Timing-safe secret comparison to prevent timing attacks
+// Hash both values to fixed length before comparing — avoids leaking secret length
+function safeCompare(a, b) {
+    if (!a || !b)
+        return false;
+    const hashA = createHash("sha256").update(a).digest();
+    const hashB = createHash("sha256").update(b).digest();
+    return timingSafeEqual(hashA, hashB);
+}
+// Tool registry, user tools, executor, and agent loader are in ./tool-router.ts
+// ============================================================================
+// CORS
+// ============================================================================
+function getCorsHeaders(origin) {
+    const headers = {
+        "X-Content-Type-Options": "nosniff",
+        "X-Frame-Options": "DENY",
+        "X-XSS-Protection": "0",
+        "Referrer-Policy": "strict-origin-when-cross-origin",
+    };
+    if (ALLOWED_ORIGINS.includes("*")) {
+        headers["Access-Control-Allow-Origin"] = "*";
+    }
+    else if (origin && ALLOWED_ORIGINS.includes(origin)) {
+        headers["Access-Control-Allow-Origin"] = origin;
+        headers["Vary"] = "Origin";
+    }
+    // If origin doesn't match, no CORS header = browser blocks the request
+    headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS";
+    headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization, X-Store-Id";
+    return headers;
+}
+// ============================================================================
+// PHASE 3: SSE STREAMING — real-time workflow run progress
+// ============================================================================
+// Map<runId, Set<ServerResponse>> for multiplexing SSE clients
+const sseClients = new Map();
+const MAX_SSE_CLIENTS_PER_RUN = 10;
+const MAX_SSE_TOTAL_CLIENTS = 100;
+/** Safe SSE write — returns false and calls cleanup if the connection is dead */
+function safeSseWrite(res, data, cleanup) {
+    try {
+        if (res.destroyed || res.writableEnded) {
+            cleanup();
+            return false;
+        }
+        res.write(data);
+        return true;
+    }
+    catch {
+        cleanup();
+        return false;
+    }
+}
+function sendWorkflowSSE(res, data) {
+    try {
+        if (res.destroyed || res.writableEnded)
+            return;
+        res.write(`data: ${JSON.stringify(data)}\n\n`);
+    }
+    catch { /* client disconnected — benign */ }
+}
+function broadcastToRun(runId, data) {
+    const clients = sseClients.get(runId);
+    if (!clients?.size)
+        return;
+    // H6 FIX: Prune dead connections during broadcast
+    for (const res of clients) {
+        if (res.destroyed || res.writableEnded) {
+            clients.delete(res);
+            continue;
+        }
+        sendWorkflowSSE(res, data);
+    }
+    if (clients.size === 0)
+        sseClients.delete(runId);
+}
+function getTotalSseClients() {
+    let total = 0;
+    for (const clients of sseClients.values())
+        total += clients.size;
+    return total;
+}
+// H6 FIX: Periodic stale connection cleanup (every 60s)
+const sseCleanupInterval = setInterval(() => {
+    for (const [rid, clients] of sseClients) {
+        for (const res of clients) {
+            if (res.destroyed || res.writableEnded) {
+                clients.delete(res);
+            }
+        }
+        if (clients.size === 0)
+            sseClients.delete(rid);
+    }
+}, 60_000);
+// pg LISTEN for real-time notifications
+const DATABASE_URL = process.env.DATABASE_URL || "";
+let pgClient = null;
+let pgReconnectAttempts = 0;
+const MAX_PG_RECONNECT_DELAY = 10_000; // 10s max — keep SSE reconnect snappy
+async function setupPgListen() {
+    if (!DATABASE_URL) {
+        log.info("DATABASE_URL not set — SSE streaming disabled, using worker-only mode");
+        return;
+    }
+    try {
+        // Strip sslmode from URL (pg v8 treats sslmode=require as verify-full) and set ssl manually
+        const cleanUrl = DATABASE_URL.replace(/[?&]sslmode=[^&]*/g, "").replace(/\?$/, "");
+        pgClient = new pg.Client({ connectionString: cleanUrl, ssl: { rejectUnauthorized: false } });
+        await pgClient.connect();
+        await pgClient.query("LISTEN workflow_step_event");
+        await pgClient.query("LISTEN workflow_run_event");
+        await pgClient.query("LISTEN workflow_step_pending");
+        await pgClient.query("LISTEN workflow_event");
+        await pgClient.query("LISTEN automation_event");
+        // Reset reconnect counter on successful connection
+        pgReconnectAttempts = 0;
+        pgListenReady = true;
+        // Debounced event trigger processing — fires at most once per 100ms
+        let eventTriggerTimer = null;
+        function debouncedEventProcess() {
+            if (eventTriggerTimer)
+                return;
+            eventTriggerTimer = setTimeout(async () => {
+                eventTriggerTimer = null;
+                try {
+                    const sb = getServiceClient();
+                    const count = await processEventTriggers(sb);
+                    if (count > 0)
+                        log.info({ count }, "instant event processing");
+                }
+                catch (err) {
+                    log.error({ err: err.message }, "event trigger processing error");
+                }
+            }, 100);
+        }
+        pgClient.on("notification", (msg) => {
+            if (!msg.payload)
+                return;
+            try {
+                const data = JSON.parse(msg.payload);
+                // Automation event — trigger immediate processing
+                if (msg.channel === "automation_event") {
+                    debouncedEventProcess();
+                    return;
+                }
+                const runId = data.run_id;
+                if (!runId)
+                    return;
+                if (msg.channel === "workflow_step_event") {
+                    broadcastToRun(runId, { type: "step_update", ...data });
+                }
+                else if (msg.channel === "workflow_run_event") {
+                    broadcastToRun(runId, { type: "run_update", ...data });
+                }
+                else if (msg.channel === "workflow_event") {
+                    broadcastToRun(runId, { type: "event", event_type: data.event_type, ...data });
+                }
+                else if (msg.channel === "workflow_step_pending") {
+                    // Phase 3.1: NOTIFY-driven step execution — immediate pickup (~50ms vs 5s polling)
+                    const sb = getServiceClient();
+                    processWorkflowSteps(sb, 1).catch((err) => {
+                        log.error({ err: err.message, runId }, "NOTIFY-driven step processing failed");
+                    });
+                }
+            }
+            catch (err) {
+                log.error({ err: err.message }, "failed to parse pg notification");
+            }
+        });
+        pgClient.on("error", (err) => {
+            log.error({ err: err.message }, "pg-listen connection error");
+            pgClient = null;
+            // Reconnect with exponential backoff
+            pgReconnectAttempts++;
+            const delay = Math.min(1000 * Math.pow(2, pgReconnectAttempts - 1), MAX_PG_RECONNECT_DELAY);
+            log.warn({ delayMs: delay, attempt: pgReconnectAttempts }, "pg-listen reconnecting");
+            setTimeout(() => setupPgListen(), delay);
+        });
+        log.info("pg-listen active on workflow_step_event, workflow_run_event, workflow_step_pending, workflow_event, automation_event");
+    }
+    catch (err) {
+        log.error({ err: err.message }, "pg-listen failed to connect");
+        pgClient = null;
+        // Reconnect with exponential backoff on initial connection failure too
+        pgReconnectAttempts++;
+        const delay = Math.min(1000 * Math.pow(2, pgReconnectAttempts - 1), MAX_PG_RECONNECT_DELAY);
+        log.warn({ delayMs: delay, attempt: pgReconnectAttempts }, "pg-listen reconnecting");
+        setTimeout(() => setupPgListen(), delay);
+    }
+}
+// ============================================================================
+// HELPERS
+// ============================================================================
+function getAnthropicClient(agent) {
+    const key = agent.api_key || ANTHROPIC_API_KEY;
+    return new Anthropic({ apiKey: key, timeout: 5 * 60 * 1000 }); // 5 min for tool-heavy requests
+}
+function sendSSE(res, event) {
+    try {
+        if (res.destroyed || res.writableEnded)
+            return;
+        res.write(`data: ${JSON.stringify(event)}\n\n`);
+    }
+    catch { /* client disconnected — benign */ }
+}
+function jsonResponse(res, status, data, corsHeaders) {
+    res.writeHead(status, { "Content-Type": "application/json", ...corsHeaders });
+    res.end(JSON.stringify(data));
+}
+async function readBody(req) {
+    // 50MB limit — proxy requests include full conversation history with base64 images
+    const MAX_BODY = 52_428_800;
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let size = 0;
+        let rejected = false;
+        req.on("data", (chunk) => {
+            size += chunk.length;
+            if (size > MAX_BODY && !rejected) {
+                rejected = true;
+                // Drain remaining data instead of destroying socket (avoids Fly proxy 502)
+                req.resume();
+                reject(new Error("Request body too large (max 50MB)"));
+                return;
+            }
+            if (!rejected)
+                chunks.push(chunk);
+        });
+        req.on("end", () => { if (!rejected)
+            resolve(Buffer.concat(chunks).toString("utf8")); });
+        req.on("error", reject);
+    });
+}
+// ============================================================================
+// HISTORY COMPACTION
+// ============================================================================
+/**
+ * Compact conversation history to fit within a total character budget.
+ *
+ * Does NOT truncate individual messages or tool results — Anthropic's
+ * context_management API handles clearing old tool uses (clear_tool_uses_20250919)
+ * and compacting context (compact_20260112) when the context window grows.
+ *
+ * This function only enforces a total budget by walking newest→oldest and
+ * dropping the oldest messages that don't fit.
+ */
+function compactHistory(history, maxHistoryChars) {
+    if (!history?.length)
+        return [];
+    let totalChars = 0;
+    const compacted = [];
+    for (let i = history.length - 1; i >= 0; i--) {
+        const msg = history[i];
+        const msgChars = JSON.stringify(msg.content).length;
+        if (totalChars + msgChars > maxHistoryChars)
+            break;
+        totalChars += msgChars;
+        compacted.unshift(msg);
+    }
+    // Ensure starts with user message
+    while (compacted.length > 0 && compacted[0].role !== "user")
+        compacted.shift();
+    return compacted;
+}
+// ============================================================================
+// SHARED AGENT HELPERS — used by both SSE chat and channel agent paths
+// ============================================================================
+/** Build the full system prompt for an agent. Both SSE chat and channel paths
+ *  call this so the prompt logic is never duplicated. */
+async function buildAgentSystemPrompt(supabase, agent, storeId, message, tools, opts) {
+    // --- STATIC portion (cache-friendly, same across conversations) ---
+    // Sanitize the DB-stored agent system prompt to prevent injection attacks
+    const rawAgentPrompt = agent.system_prompt || "You are a helpful assistant.";
+    let systemPrompt = sanitizeAndLog(rawAgentPrompt, "buildAgentSystemPrompt", { agentId: agent.id });
+    if (storeId)
+        systemPrompt += `\n\nYou are operating for store_id: ${storeId}. Always include this in tool calls that require it.`;
+    if (!agent.can_modify)
+        systemPrompt += "\n\nIMPORTANT: You have read-only access. Do not attempt to modify any data.";
+    if (agent.tone && agent.tone !== "professional")
+        systemPrompt += `\n\nTone: Respond in a ${agent.tone} tone.`;
+    if (agent.verbosity === "concise")
+        systemPrompt += "\n\nBe concise — short answers, minimal explanation.";
+    else if (agent.verbosity === "verbose")
+        systemPrompt += "\n\nBe thorough — provide detailed answers with full context.";
+    if (agent.context_config) {
+        const ctx = agent.context_config;
+        if (ctx.includeLocations && ctx.locationIds?.length)
+            systemPrompt += `\n\nFocus on these locations: ${ctx.locationIds.join(", ")}`;
+        if (ctx.includeCustomers && ctx.customerSegments?.length)
+            systemPrompt += `\n\nFocus on these customer segments: ${ctx.customerSegments.join(", ")}`;
+    }
+    // Tool manifest — core tools (full schemas already loaded)
+    const toolNames = tools.map(t => t.name);
+    systemPrompt += `\n\n## Available Tools\nYou have ${toolNames.length} core tools available in this session:\n${toolNames.join(", ")}\n\nFor local machine operations, use the \`local_agent\` tool (exec, tools, discover actions). For cloud security tools, use \`kali\`. Do NOT reference CLI-local tools like read_file, write_file, edit_file, glob, grep, run_command — those are not available in this environment.`;
+    // Extended tools index — names + one-line descriptions only (saves ~20K tokens)
+    const extendedTools = opts?.extendedTools || [];
+    if (extendedTools.length > 0) {
+        systemPrompt += `\n\n## Extended Tools (call discover_tools to activate)\nThese tools are available but not loaded yet. Call \`discover_tools\` with the tool name(s) before using them:\n`;
+        for (const t of extendedTools) {
+            // First sentence only for compact display
+            const shortDesc = t.description.split(".")[0];
+            systemPrompt += `- **${t.name}**: ${shortDesc}\n`;
+        }
+    }
+    // --- DYNAMIC portion (changes per conversation, prepended to user message) ---
+    const dynamicParts = [];
+    // Client-provided session context (SSE chat sends this from SwiftUI/web)
+    if (opts?.clientContext && typeof opts.clientContext === "object") {
+        const context = opts.clientContext;
+        const ctxParts = [];
+        if (context.storeName)
+            ctxParts.push(`Store: ${context.storeName}`);
+        if (context.locationName) {
+            let loc = `Location: ${context.locationName}`;
+            if (context.locationAddress)
+                loc += ` (${context.locationAddress})`;
+            if (context.locationType)
+                loc += ` [${context.locationType}]`;
+            ctxParts.push(loc);
+        }
+        if (context.userName) {
+            ctxParts.push(`User: ${context.userName}${opts.userEmail ? ` (${opts.userEmail})` : ""}`);
+        }
+        else if (opts.userEmail) {
+            ctxParts.push(`User: ${opts.userEmail}`);
+        }
+        if (context.conversationType) {
+            ctxParts.push(`Channel: ${context.conversationTitle || context.conversationType} (${context.conversationType})`);
+        }
+        if (ctxParts.length) {
+            dynamicParts.push(`## Current Session Context\n${ctxParts.join("\n")}`);
+        }
+    }
+    // Parallel DB lookups: customer fetch + memory recall
+    const customerPromise = (opts?.senderContext?.customerId && storeId)
+        ? Promise.resolve(supabase.from("v_store_customers")
+            .select("first_name, last_name, email, phone, loyalty_tier, total_orders, total_spent, lifetime_value")
+            .eq("id", opts.senderContext.customerId).eq("store_id", storeId).single()).then(({ data }) => data).catch(() => null)
+        : Promise.resolve(null);
+    const memoryPromise = storeId
+        ? Promise.resolve(supabase.rpc("recall_memory", {
+            p_agent_id: agent.id,
+            p_query: message.substring(0, 200),
+            p_type: null,
+            p_limit: 5,
+        })).then(({ data }) => data).catch((err) => { log.warn({ err: err.message }, "memory recall failed"); return null; })
+        : Promise.resolve(null);
+    const [cust, memories] = await Promise.all([customerPromise, memoryPromise]);
+    // Channel-specific customer context injection
+    if (cust && opts?.senderContext?.customerId) {
+        dynamicParts.push(`## Current Customer\nName: ${cust.first_name} ${cust.last_name}\nEmail: ${cust.email || "N/A"}\nPhone: ${cust.phone || "N/A"}\nLoyalty: ${cust.loyalty_tier || "None"}\nOrders: ${cust.total_orders || 0}\nSpent: $${(cust.total_spent || 0).toFixed(2)}\nCustomer ID: ${opts.senderContext.customerId}`);
+    }
+    else if (opts?.senderContext) {
+        const sc = opts.senderContext;
+        dynamicParts.push(`## Sender\nID: ${sc.senderId}\nName: ${sc.senderName || "Unknown"}\nChannel: ${sc.channelType || "unknown"}${sc.channelName ? ` (${sc.channelName})` : ""}\n(No customer record matched — use CRM tools to look them up if needed)`);
+    }
+    // Memory recall — inject relevant memories (capped at 5, 100 chars each)
+    if (memories?.length) {
+        const memBlock = memories.map((m) => `- [${m.memory_type}] ${m.key}: ${JSON.stringify(m.value).substring(0, 100)}`).join("\n");
+        dynamicParts.push(`## Agent Memory\nRelevant memories from previous conversations:\n${memBlock}`);
+    }
+    const dynamicContext = dynamicParts.join("\n\n");
+    return { systemPrompt, dynamicContext };
+}
+/** Persist everything after an agent turn — messages, audit, memory, cost.
+ *  Called by both SSE chat and channel paths so nothing is ever missed. */
+async function persistAgentTurn(supabase, agent, opts) {
+    const { conversationId, storeId, agentId, agentModel, traceId, message, result, source, chatStartTime, chatEndTime, userId, userEmail, senderContext } = opts;
+    // ── Persist user + assistant messages to ai_messages ──
+    try {
+        await supabase.from("ai_messages").insert([
+            {
+                conversation_id: conversationId, role: "user",
+                content: [{ type: "text", text: message }],
+                token_count: Math.ceil(message.length / 4),
+            },
+            {
+                conversation_id: conversationId, role: "assistant",
+                content: [{ type: "text", text: result.finalText || "" }],
+                is_tool_use: result.toolCallCount > 0,
+                tool_names: result.toolsUsed?.length ? result.toolsUsed : null,
+                token_count: result.tokens.input + result.tokens.output,
+            },
+        ]);
+    }
+    catch (err) {
+        log.error({ err: err.message }, "message persist failed");
+    }
+    // ── Update conversation metadata ──
+    try {
+        await supabase.from("ai_conversations").update({
+            metadata: {
+                agentName: agent.name,
+                source,
+                model: agentModel,
+                lastTurnTokens: result.tokens.input + result.tokens.output,
+                lastToolCalls: result.toolCallCount,
+                lastDurationMs: chatEndTime - chatStartTime,
+                // Channel-specific (null when SSE chat — that's fine, no clutter)
+                ...(senderContext ? {
+                    channel_type: senderContext.channelType || null,
+                    channel_id: senderContext.channelId || null,
+                    channel_name: senderContext.channelName || null,
+                    sender_id: senderContext.senderId || null,
+                    customer_id: senderContext.customerId || null,
+                    customer_name: senderContext.customerName || null,
+                } : {}),
+            },
+        }).eq("id", conversationId);
+    }
+    catch (err) {
+        log.error({ err: err.message }, "conversation update failed");
+    }
+    // ── Audit log: user message ──
+    try {
+        await supabase.from("audit_logs").insert({
+            action: "chat.user_message",
+            severity: "info",
+            store_id: storeId || null,
+            resource_type: "chat_message",
+            resource_id: agentId,
+            request_id: traceId,
+            conversation_id: conversationId,
+            user_id: userId || null,
+            user_email: userEmail || null,
+            source,
+            details: {
+                message_preview: message.substring(0, 200),
+                agent_id: agentId,
+                model: agentModel,
+                conversation_id: conversationId,
+                ...(senderContext ? {
+                    channel_type: senderContext.channelType || null,
+                    sender_id: senderContext.senderId || null,
+                    customer_id: senderContext.customerId || null,
+                } : {}),
+            },
+        });
+    }
+    catch (err) {
+        log.error({ err: err.message }, "audit user_message failed");
+    }
+    // ── Audit log: assistant response (OTEL-enriched) ──
+    try {
+        const spanBytes = new Uint8Array(8);
+        crypto.getRandomValues(spanBytes);
+        const spanId = Array.from(spanBytes).map(b => b.toString(16).padStart(2, "0")).join("");
+        await supabase.from("audit_logs").insert({
+            action: "chat.assistant_response",
+            severity: "info",
+            store_id: storeId || null,
+            resource_type: "chat_message",
+            resource_id: agentId,
+            request_id: traceId,
+            conversation_id: conversationId,
+            duration_ms: chatEndTime - chatStartTime,
+            user_id: userId || null,
+            user_email: userEmail || null,
+            source,
+            input_tokens: result.tokens.input,
+            output_tokens: result.tokens.output,
+            total_cost: result.costUsd,
+            model: agentModel,
+            trace_id: traceId,
+            span_id: spanId,
+            span_kind: "INTERNAL",
+            service_name: "agent-server",
+            status_code: "OK",
+            start_time: new Date(chatStartTime).toISOString(),
+            end_time: new Date(chatEndTime).toISOString(),
+            details: {
+                response_preview: (result.finalText || "").substring(0, 500),
+                agent_id: agentId,
+                model: agentModel,
+                "gen_ai.request.model": agentModel,
+                "gen_ai.usage.input_tokens": result.tokens.input,
+                "gen_ai.usage.output_tokens": result.tokens.output,
+                "gen_ai.usage.cache_creation_tokens": result.tokens.cacheCreation || 0,
+                "gen_ai.usage.cache_read_tokens": result.tokens.cacheRead || 0,
+                "gen_ai.usage.cost": result.costUsd,
+                turn_count: result.turnCount || 1,
+                tool_calls: result.toolCallCount,
+                tool_names: result.toolsUsed,
+                conversation_id: conversationId,
+                session_cost_usd: result.costUsd,
+                cache_creation_tokens: result.tokens.cacheCreation || 0,
+                cache_read_tokens: result.tokens.cacheRead || 0,
+                // Cache efficiency metrics
+                cache_hit_rate: result.tokens.input > 0
+                    ? Math.round((result.tokens.cacheRead || 0) / ((result.tokens.cacheRead || 0) + result.tokens.input) * 10000) / 100
+                    : 0,
+                cache_cost_savings_pct: result.tokens.input > 0 && (result.tokens.cacheRead || 0) > 0
+                    ? Math.round((result.tokens.cacheRead || 0) * 0.9 / ((result.tokens.cacheRead || 0) + result.tokens.input) * 10000) / 100
+                    : 0,
+                loop_detector_stats: result.loopDetectorStats || null,
+                // Per-turn token breakdowns for cost attribution
+                turns: result.turns || [],
+                // Channel-specific telemetry — fully dynamic
+                ...(senderContext ? {
+                    channel_type: senderContext.channelType || null,
+                    channel_id: senderContext.channelId || null,
+                    channel_name: senderContext.channelName || null,
+                    sender_id: senderContext.senderId || null,
+                    customer_id: senderContext.customerId || null,
+                    customer_name: senderContext.customerName || null,
+                } : {}),
+            },
+        });
+    }
+    catch (err) {
+        log.error({ err: err.message }, "audit assistant_response failed");
+    }
+    // ── Memory extraction — awaited with retry ──
+    if (storeId && result.finalText && result.finalText.length > 50) {
+        try {
+            await extractAndStoreMemories(supabase, getAnthropicClient(agent), agentId, storeId, message, result.finalText);
+        }
+        catch (err1) {
+            // Retry once after 2s
+            try {
+                await new Promise(r => setTimeout(r, 2000));
+                await extractAndStoreMemories(supabase, getAnthropicClient(agent), agentId, storeId, message, result.finalText);
+            }
+            catch (err2) {
+                log.error({ err: err2.message }, "memory extract failed after retry");
+                await supabase.from("audit_logs").insert({
+                    action: "memory.extraction_failed", severity: "warning",
+                    store_id: storeId || null, resource_type: "agent_memory",
+                    resource_id: agentId, conversation_id: conversationId,
+                    details: { error: err2.message, user_message_preview: message.substring(0, 100) },
+                }).then(() => { });
+            }
+        }
+    }
+    // ── Cost budget tracking — awaited with retry ──
+    if (storeId && result.costUsd > 0) {
+        try {
+            await updateCostBudgets(supabase, storeId, agentId, result.costUsd);
+        }
+        catch (err1) {
+            try {
+                await new Promise(r => setTimeout(r, 1000));
+                await updateCostBudgets(supabase, storeId, agentId, result.costUsd);
+            }
+            catch (err2) {
+                log.error({ err: err2.message }, "cost budget update failed after retry");
+                // Flag conversation metadata so budget sync can be reconciled later
+                await supabase.from("ai_conversations").update({
+                    metadata: { budget_sync_failed: true, failed_cost_usd: result.costUsd },
+                }).eq("id", conversationId).then(() => { });
+            }
+        }
+    }
+}
+// ============================================================================
+// AGENT CHAT HANDLER
+// ============================================================================
+async function handleAgentChat(req, res, supabase, body, user, isServiceRole, token, corsHeaders) {
+    const { agentId, message, conversationHistory, source, conversationId, context, attachments } = body;
+    let storeId = body.storeId;
+    if (!agentId || !message) {
+        jsonResponse(res, 400, { error: "agentId and message required" }, corsHeaders);
+        return;
+    }
+    if (typeof message === "string" && message.length > 100_000) {
+        jsonResponse(res, 400, { error: "Message too long (max 100K characters)" }, corsHeaders);
+        return;
+    }
+    // Fallback: resolve user's store when storeId not provided in request
+    if (!storeId && user?.id && !isServiceRole) {
+        try {
+            const { data: userStores } = await supabase
+                .from("user_stores")
+                .select("store_id")
+                .eq("user_id", user.id)
+                .limit(1);
+            if (userStores?.length) {
+                storeId = userStores[0].store_id;
+                log.info({ userId: user.id, storeId }, "resolved user store");
+            }
+        }
+        catch (err) {
+            log.error({ err }, "store resolution error");
+        }
+    }
+    log.info({ storeId: storeId || "NONE", source: body.source || "unknown", isServiceRole, userId: user?.id || body.userId || "NONE" }, "agent-chat request");
+    // Fallback: resolve store from body.userId for service-role requests (e.g. WhaleChat app)
+    if (!storeId && !user?.id && body.userId && isServiceRole) {
+        try {
+            const { data: userStores } = await supabase
+                .from("user_stores")
+                .select("store_id")
+                .eq("user_id", body.userId)
+                .limit(1);
+            if (userStores?.length) {
+                storeId = userStores[0].store_id;
+                log.info({ userId: body.userId, storeId }, "resolved userId store");
+            }
+        }
+        catch (err) {
+            log.error({ err }, "store resolution error");
+        }
+    }
+    // Verify store access (skip for service_role)
+    if (storeId && !isServiceRole) {
+        const userClient = createUserClient(SUPABASE_URL, process.env.SUPABASE_ANON_KEY || "", token);
+        const { data: storeAccess, error: storeErr } = await userClient
+            .from("stores").select("id").eq("id", storeId).limit(1);
+        if (storeErr || !storeAccess?.length) {
+            jsonResponse(res, 403, { error: "Access denied to store" }, corsHeaders);
+            return;
+        }
+    }
+    // Agent chat rate limiting — per-store + concurrent cap
+    const rateLimitStoreId = storeId || agentId; // fallback to agentId if no store
+    const rateCheck = checkAgentChatRateLimit(rateLimitStoreId);
+    if (!rateCheck.allowed) {
+        res.writeHead(429, { "Content-Type": "application/json", ...corsHeaders });
+        res.end(JSON.stringify({ error: rateCheck.error }));
+        return;
+    }
+    agentChatConcurrent++;
+    try {
+        const userId = user?.id || body.userId || "";
+        const userEmail = user?.email || body.userEmail || null;
+        const agent = await loadAgentConfig(supabase, agentId, storeId || undefined);
+        if (!agent) {
+            jsonResponse(res, 404, { error: "Agent not found" }, corsHeaders);
+            return;
+        }
+        const { core: coreTools, extended: extendedTools } = await loadTools(supabase);
+        setExtendedToolsCache(extendedTools); // Populate discover_tools handler cache
+        const { rows: userToolRows, defs: userToolDefs } = storeId
+            ? await loadUserTools(supabase, storeId)
+            : { rows: [], defs: [] };
+        const tools = getToolsForAgent(agent, coreTools, userToolDefs);
+        const traceId = randomUUID();
+        const agentModel = agent.model || MODELS.SONNET;
+        // Resolve or create conversation
+        let activeConversationId;
+        if (conversationId) {
+            activeConversationId = conversationId;
+        }
+        else {
+            let conv = await supabase
+                .from("ai_conversations")
+                .insert({
+                store_id: storeId || null,
+                user_id: userId || null,
+                agent_id: agentId,
+                title: message.substring(0, 100),
+                metadata: { agentName: agent.name, source: source || "whale_chat" },
+            })
+                .select("id")
+                .single();
+            if (conv.error) {
+                log.error({ err: conv.error.message, details: conv.error.details, hint: conv.error.hint, storeId, userId, agentId }, "conversation create failed");
+                // Retry without user_id (may be FK constraint)
+                conv = await supabase
+                    .from("ai_conversations")
+                    .insert({
+                    store_id: storeId || null,
+                    agent_id: agentId,
+                    title: message.substring(0, 100),
+                    metadata: { agentName: agent.name, source: source || "whale_chat", userId, userEmail },
+                })
+                    .select("id")
+                    .single();
+                if (conv.error) {
+                    log.error({ err: conv.error.message, details: conv.error.details, hint: conv.error.hint }, "conversation retry create failed");
+                }
+            }
+            activeConversationId = conv.data?.id || randomUUID();
+            log.info({ conversationId: activeConversationId, fromDb: !!conv.data?.id }, "conversation resolved");
+        }
+        // Build system prompt — shared helper ensures SSE chat + channel paths are identical
+        const { systemPrompt, dynamicContext } = await buildAgentSystemPrompt(supabase, agent, storeId, message, tools, {
+            clientContext: context, userId, userEmail, extendedTools: getExtendedToolsIndex(),
+        });
+        const anthropic = getAnthropicClient(agent);
+        const ctxCfg = agent.context_config;
+        const MAX_HISTORY_CHARS = ctxCfg?.max_history_chars || 400_000;
+        // Build user message — multi-modal if image attachments present
+        let userContent;
+        if (attachments?.length) {
+            const contentBlocks = [];
+            for (const att of attachments) {
+                if (att.type === "image" && att.media_type && att.data) {
+                    contentBlocks.push({
+                        type: "image",
+                        source: { type: "base64", media_type: att.media_type, data: att.data },
+                    });
+                }
+            }
+            contentBlocks.push({ type: "text", text: message });
+            userContent = contentBlocks;
+        }
+        else {
+            userContent = message;
+        }
+        // Prepend dynamic context to user message to keep system prompt static (cache-friendly)
+        const contextPrefix = dynamicContext ? `[Context]\n${dynamicContext}\n\n[User Message]\n` : "";
+        const finalUserContent = typeof userContent === "string"
+            ? contextPrefix + userContent
+            : [...(contextPrefix ? [{ type: "text", text: contextPrefix }] : []), ...userContent];
+        const messages = [
+            ...compactHistory(conversationHistory || [], MAX_HISTORY_CHARS),
+            { role: "user", content: finalUserContent },
+        ];
+        // Start SSE stream
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+            ...corsHeaders,
+        });
+        // Client disconnect detection
+        let clientDisconnected = false;
+        req.on("close", () => { clientDisconnected = true; });
+        const maxDurationMs = 5 * 60 * 1000;
+        const startedAt = Date.now();
+        const chatStartTime = Date.now();
+        try {
+            const result = await runServerAgentLoop({
+                anthropic,
+                supabase,
+                model: agentModel,
+                systemPrompt,
+                messages,
+                tools,
+                extendedTools,
+                maxTurns: agent.max_tool_calls || 10,
+                temperature: agent.temperature ?? 0.7,
+                maxTokens: getMaxOutputTokens(agentModel, agent.max_tokens),
+                storeId,
+                traceId,
+                userId,
+                userEmail,
+                source,
+                conversationId: activeConversationId,
+                agentId,
+                executeTool: async (toolName, args, sourceOverride, onToolProgress) => {
+                    const toolArgs = { ...args };
+                    if (!toolArgs.store_id && storeId)
+                        toolArgs.store_id = storeId;
+                    return executeTool(supabase, toolName, toolArgs, storeId, traceId, userId, userEmail, sourceOverride || source, activeConversationId, userToolRows, agentId, onToolProgress, true);
+                },
+                onToolProgress: (name, progress) => sendSSE(res, { type: "tool_progress", name, progress }),
+                onText: (text) => sendSSE(res, { type: "text", text }),
+                onToolStart: (name, input) => {
+                    // Only send when input is available — deduplicates streaming double-fire
+                    // (sse-parser fires onToolStart twice: once on content_block_start without input,
+                    // once on content_block_stop with parsed input)
+                    if (input !== undefined) {
+                        sendSSE(res, { type: "tool_start", name, input });
+                    }
+                },
+                onToolResult: (name, success, r) => sendSSE(res, { type: "tool_result", name, success, result: r }),
+                onSubagentProgress: (evt) => {
+                    sendSSE(res, { type: "subagent", subagentId: evt.subagentId, subagentEvent: evt.event, name: evt.toolName });
+                },
+                clientDisconnected: { get value() { return clientDisconnected; } },
+                startedAt,
+                maxDurationMs,
+            });
+            // Send usage SSE
+            sendSSE(res, {
+                type: "usage",
+                usage: {
+                    input_tokens: result.tokens.input,
+                    output_tokens: result.tokens.output,
+                    cache_creation_tokens: result.tokens.cacheCreation,
+                    cache_read_tokens: result.tokens.cacheRead,
+                    cost_usd: result.costUsd,
+                },
+            });
+            // Persist everything — shared helper ensures SSE chat + channel paths are identical
+            await persistAgentTurn(supabase, agent, {
+                conversationId: activeConversationId,
+                storeId, agentId, agentModel, traceId, message, result,
+                source: source || "whale_chat",
+                chatStartTime, chatEndTime: Date.now(),
+                userId, userEmail,
+            });
+            sendSSE(res, { type: "done", conversationId: activeConversationId });
+        }
+        catch (err) {
+            sendSSE(res, { type: "error", error: sanitizeError(err) });
+        }
+        res.end();
+    }
+    finally {
+        agentChatConcurrent--;
+    }
+}
+// ============================================================================
+// MEMORY EXTRACTION — extract key facts after agent conversation
+// ============================================================================
+async function extractAndStoreMemories(supabase, anthropic, agentId, storeId, userMessage, assistantResponse) {
+    const extraction = await anthropic.messages.create({
+        model: "claude-haiku-4-5-20251001",
+        max_tokens: 500,
+        system: `Extract key facts worth remembering from this conversation turn.
+Return JSON array: [{"key": "short_key", "value": {"detail": "..."}, "type": "short_term|long_term|entity"}]
+Rules:
+- Only extract genuinely useful facts (preferences, decisions, corrections, entities)
+- "entity" for people/businesses/products mentioned
+- "long_term" for preferences, patterns, decisions
+- "short_term" for context that may expire
+- Return [] if nothing worth remembering
+- Max 3 items per turn`,
+        messages: [{
+                role: "user",
+                content: `User: ${userMessage.substring(0, 500)}\n\nAssistant: ${assistantResponse.substring(0, 1000)}`
+            }],
+    });
+    const text = extraction.content.find(b => b.type === "text")?.text || "[]";
+    const match = text.match(/\[[\s\S]*\]/);
+    if (!match)
+        return;
+    let items;
+    try {
+        items = JSON.parse(match[0]);
+    }
+    catch {
+        return; // Malformed JSON from extraction
+    }
+    for (const item of items.slice(0, 3)) {
+        if (!item.key)
+            continue;
+        await supabase.rpc("store_memory", {
+            p_agent_id: agentId,
+            p_store_id: storeId,
+            p_type: item.type || "short_term",
+            p_key: item.key,
+            p_value: item.value || {},
+        });
+    }
+}
+// ============================================================================
+// COST BUDGET TRACKING — increment active budgets after each conversation
+// ============================================================================
+// P0 FIX: Atomic cost budget increment via RPC (fixes TOCTOU race on concurrent updates)
+async function updateCostBudgets(supabase, storeId, agentId, costUsd) {
+    const { error } = await supabase.rpc("increment_cost_budget", {
+        p_store_id: storeId,
+        p_agent_id: agentId,
+        p_cost_usd: costUsd,
+    });
+    if (error) {
+        console.error("[cost-budget] increment_cost_budget RPC failed:", error.message);
+    }
+}
+// ============================================================================
+// HTTP SERVER
+// ============================================================================
+// Connection tracking for graceful shutdown draining
+let activeRequests = 0;
+const server = http.createServer(async (req, res) => {
+    activeRequests++;
+    res.on("close", () => { activeRequests--; });
+    const origin = req.headers.origin || "";
+    const corsHeaders = getCorsHeaders(origin);
+    // Health check — readiness-aware for Fly.io
+    if (req.method === "GET" && (req.url === "/" || req.url === "/health")) {
+        const ready = isReady();
+        const status = ready ? 200 : 503;
+        const agentStats = getGatewayStats();
+        jsonResponse(res, status, {
+            status: ready ? "ok" : "starting",
+            version: process.env.npm_package_version || "6.0.0",
+            uptime: Math.floor(process.uptime()),
+            pg_listen: pgListenReady,
+            worker_pool: workerPoolReady,
+            local_agents: agentStats.total_agents,
+        }, corsHeaders);
+        return;
+    }
+    // CORS preflight
+    if (req.method === "OPTIONS") {
+        res.writeHead(204, corsHeaders);
+        res.end();
+        return;
+    }
+    const url = new URL(req.url || "/", `http://${req.headers.host || "localhost"}`);
+    const pathname = url.pathname;
+    // ================================================================
+    // Phase 3: SSE stream for workflow run progress
+    // GET /workflows/runs/:id/stream
+    // ================================================================
+    if (req.method === "GET" && pathname.match(/^\/workflows\/runs\/[a-f0-9-]+\/stream$/)) {
+        const runId = pathname.split("/")[3];
+        // Auth check
+        const authHeader = req.headers.authorization;
+        const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+        const isInternal = safeCompare(token, FLY_INTERNAL_SECRET) || safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+        if (!isInternal && !token) {
+            jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+            return;
+        }
+        if (!isInternal) {
+            const sb = getServiceClient();
+            const { data: { user: authUser }, error: authError } = await sb.auth.getUser(token);
+            if (authError || !authUser) {
+                jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                return;
+            }
+            // P1 FIX: Verify user belongs to the run's store (prevent cross-store SSE snooping)
+            const { data: sseRun } = await sb.from("workflow_runs")
+                .select("store_id").eq("id", runId).single();
+            if (sseRun) {
+                const { data: membership } = await sb.from("store_members")
+                    .select("id").eq("store_id", sseRun.store_id).eq("user_id", authUser.id).single();
+                if (!membership) {
+                    jsonResponse(res, 403, { error: "Not authorized to view this run" }, corsHeaders);
+                    return;
+                }
+            }
+        }
+        // H6 FIX: Enforce per-run and total client limits
+        const existingClients = sseClients.get(runId)?.size || 0;
+        if (existingClients >= MAX_SSE_CLIENTS_PER_RUN) {
+            jsonResponse(res, 429, { error: "Too many SSE clients for this run" }, corsHeaders);
+            return;
+        }
+        if (getTotalSseClients() >= MAX_SSE_TOTAL_CLIENTS) {
+            jsonResponse(res, 429, { error: "Too many total SSE connections" }, corsHeaders);
+            return;
+        }
+        // Start SSE stream
+        res.writeHead(200, {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+            ...corsHeaders,
+        });
+        // Send snapshot
+        const sb = getServiceClient();
+        const { data: run } = await sb.from("workflow_runs")
+            .select("id, workflow_id, status, trigger_type, current_step_key, error_message, error_step_key, started_at, completed_at, duration_ms")
+            .eq("id", runId).single();
+        const { data: stepRuns } = await sb.from("workflow_step_runs")
+            .select("id, step_key, step_type, status, error_message, duration_ms, started_at, completed_at")
+            .eq("run_id", runId).order("created_at", { ascending: true });
+        sendWorkflowSSE(res, { type: "snapshot", run, steps: stepRuns || [] });
+        // Register client
+        if (!sseClients.has(runId))
+            sseClients.set(runId, new Set());
+        sseClients.get(runId).add(res);
+        // Cleanup on disconnect
+        const cleanup = () => {
+            clearInterval(heartbeat);
+            const clients = sseClients.get(runId);
+            if (clients) {
+                clients.delete(res);
+                if (clients.size === 0)
+                    sseClients.delete(runId);
+            }
+        };
+        // Heartbeat — uses safeSseWrite so dead connections are cleaned up immediately
+        const heartbeat = setInterval(() => {
+            if (!safeSseWrite(res, `: heartbeat\n\n`, cleanup)) {
+                clearInterval(heartbeat);
+            }
+        }, 15_000);
+        req.on("close", cleanup);
+        req.on("error", cleanup);
+        return;
+    }
+    // ================================================================
+    // Guest approval — signed URL, no auth required (GET)
+    // GET /approvals/guest/:id?action=approve&expires=...&sig=...
+    // ================================================================
+    const guestApprovalMatch = pathname.match(/^\/approvals\/guest\/([a-f0-9-]+)$/);
+    if (guestApprovalMatch && req.method === "GET") {
+        const clientIp = req.headers["x-forwarded-for"]?.toString().split(",")[0]?.trim() || req.socket.remoteAddress || "unknown";
+        if (sendIpRateLimit(res, clientIp, corsHeaders))
+            return;
+        const stepRunId = guestApprovalMatch[1];
+        const urlParams = new URL(req.url || "", `http://${req.headers.host}`).searchParams;
+        const action = urlParams.get("action") || "";
+        const expires = urlParams.get("expires") || "";
+        const sig = urlParams.get("sig") || "";
+        if (!action || !expires || !sig) {
+            jsonResponse(res, 400, { error: "Missing action, expires, or sig parameter" }, corsHeaders);
+            return;
+        }
+        if (new Date(expires) < new Date()) {
+            jsonResponse(res, 410, { error: "This approval link has expired" }, corsHeaders);
+            return;
+        }
+        if (!verifyGuestApprovalSignature(stepRunId, action, expires, sig)) {
+            jsonResponse(res, 403, { error: "Invalid signature" }, corsHeaders);
+            return;
+        }
+        const guestSupabase = getServiceClient();
+        const { data: approval } = await guestSupabase.from("workflow_approval_requests")
+            .select("id, store_id, run_id, status").eq("step_run_id", stepRunId).limit(1);
+        if (!approval?.length) {
+            jsonResponse(res, 404, { error: "Approval not found" }, corsHeaders);
+            return;
+        }
+        if (approval[0].status !== "pending") {
+            jsonResponse(res, 409, { error: `Approval already ${approval[0].status}` }, corsHeaders);
+            return;
+        }
+        const isApprove = action === "approve" || action === "approved";
+        const { data: guestResult, error: guestErr } = await guestSupabase.rpc("respond_to_approval", {
+            p_approval_id: approval[0].id,
+            p_store_id: approval[0].store_id,
+            p_response: isApprove ? "approved" : "rejected",
+            p_response_data: { guest: true, action },
+            p_responded_by: null,
+        });
+        if (guestErr) {
+            jsonResponse(res, 500, { success: false, error: guestErr.message }, corsHeaders);
+            return;
+        }
+        if (guestResult?.success && approval[0].run_id) {
+            try {
+                await executeInlineChain(guestSupabase, approval[0].run_id);
+            }
+            catch (err) {
+                log.error({ err: err.message, runId: approval[0].run_id }, "inline chain failed after guest approval");
+            }
+        }
+        res.writeHead(200, { "Content-Type": "text/html", ...corsHeaders });
+        res.end(`<!DOCTYPE html><html><body style="font-family:system-ui;text-align:center;padding:40px">
+      <h2>${isApprove ? "Approved" : "Rejected"}</h2>
+      <p>Your response has been recorded. You can close this window.</p>
+    </body></html>`);
+        return;
+    }
+    // ================================================================
+    // Webchat — anonymous access for embedded chat widgets
+    // POST /webchat/channels/:id/messages  — send message (+ agent auto-reply)
+    // GET  /webchat/channels/:id/history   — load conversation history
+    // GET  /webchat/widget.js              — serve compiled widget JS
+    // ================================================================
+    // Webchat CORS: allow any origin (widget is embedded on customer sites)
+    const webchatCors = { ...corsHeaders, "Access-Control-Allow-Origin": "*" };
+    const webchatMsgMatch = pathname.match(/^\/webchat\/channels\/([a-f0-9-]+)\/messages$/);
+    if (webchatMsgMatch && req.method === "POST") {
+        const clientIp = req.headers["x-forwarded-for"]?.toString().split(",")[0]?.trim() || req.socket.remoteAddress || "unknown";
+        if (sendIpRateLimit(res, clientIp, webchatCors))
+            return;
+        let rawBody;
+        try {
+            rawBody = await readBody(req);
+        }
+        catch {
+            jsonResponse(res, 413, { error: "Request body too large" }, webchatCors);
+            return;
+        }
+        const channelId = webchatMsgMatch[1];
+        let wcBody;
+        try {
+            wcBody = JSON.parse(rawBody);
+        }
+        catch {
+            jsonResponse(res, 400, { error: "Invalid JSON" }, webchatCors);
+            return;
+        }
+        if (!wcBody.content || typeof wcBody.content !== "string") {
+            jsonResponse(res, 400, { error: "content (string) is required" }, webchatCors);
+            return;
+        }
+        if (wcBody.content.length > 5000) {
+            jsonResponse(res, 400, { error: "Message too long (max 5000 characters)" }, webchatCors);
+            return;
+        }
+        const supabase = getServiceClient();
+        // Verify channel exists and is a webchat channel
+        const { data: channel } = await supabase
+            .from("channels")
+            .select("id, store_id, node_id, agent_id, type, config")
+            .eq("id", channelId)
+            .eq("type", "webchat")
+            .single();
+        if (!channel) {
+            jsonResponse(res, 404, { error: "Webchat channel not found" }, webchatCors);
+            return;
+        }
+        // Rate limit per store (best-effort)
+        try {
+            const planCheck = await checkPlanLimits(supabase, channel.store_id, "message");
+            if (!planCheck.allowed) {
+                jsonResponse(res, 429, { error: planCheck.reason || "Plan limit reached" }, webchatCors);
+                return;
+            }
+        }
+        catch { /* billing tables may not exist yet */ }
+        const senderId = wcBody.sender_id || "anonymous";
+        // Resolve conversation: reuse if sender had activity < 30 min ago, else new UUID
+        let conversationId = wcBody.conversation_id || "";
+        if (!conversationId) {
+            const thirtyMinAgo = new Date(Date.now() - 30 * 60 * 1000).toISOString();
+            const { data: recent } = await supabase
+                .from("channel_messages")
+                .select("conversation_id")
+                .eq("channel_id", channelId)
+                .eq("sender_id", senderId)
+                .gt("created_at", thirtyMinAgo)
+                .not("conversation_id", "is", null)
+                .order("created_at", { ascending: false })
+                .limit(1);
+            conversationId = (recent?.length && recent[0].conversation_id) || randomUUID();
+        }
+        // Insert inbound message
+        const { data: message, error: msgErr } = await supabase
+            .from("channel_messages")
+            .insert({
+            store_id: channel.store_id,
+            channel_id: channelId,
+            direction: "inbound",
+            sender_id: senderId,
+            sender_name: wcBody.sender_name || "Visitor",
+            content: wcBody.content,
+            content_type: "text",
+            metadata: { source: "webchat", ip: clientIp, widget_version: "1.0.0" },
+            agent_id: channel.agent_id,
+            conversation_id: conversationId,
+        })
+            .select("id, direction, content, conversation_id, created_at")
+            .single();
+        if (msgErr) {
+            jsonResponse(res, 500, { error: msgErr.message }, webchatCors);
+            return;
+        }
+        // Track usage + channel stats (best-effort)
+        incrementUsage(supabase, channel.store_id, { messages_in: 1 }).catch(() => { });
+        try {
+            await supabase.rpc("increment_channel_stats", { p_channel_id: channelId });
+        }
+        catch { /* ok */ }
+        // Auto-invoke agent if assigned
+        let agentResponse = null;
+        if (channel.agent_id && webchatAgentInvoker) {
+            try {
+                const result = await webchatAgentInvoker(supabase, channel.agent_id, wcBody.content, channel.store_id, conversationId);
+                if (result.success && result.response) {
+                    const { data: outMsg } = await supabase
+                        .from("channel_messages")
+                        .insert({
+                        store_id: channel.store_id,
+                        channel_id: channelId,
+                        direction: "outbound",
+                        sender_id: "agent",
+                        sender_name: "AI Agent",
+                        content: result.response,
+                        content_type: "text",
+                        metadata: { agent_id: channel.agent_id, auto_response: true, source: "webchat" },
+                        agent_id: channel.agent_id,
+                        conversation_id: conversationId,
+                    })
+                        .select("id, direction, content, conversation_id, created_at")
+                        .single();
+                    agentResponse = outMsg;
+                    incrementUsage(supabase, channel.store_id, { messages_out: 1, agent_invocations: 1 }).catch(() => { });
+                }
+            }
+            catch (err) {
+                log.error({ err: err.message }, "webchat agent error");
+            }
+        }
+        jsonResponse(res, 201, { success: true, message, agent_response: agentResponse, conversation_id: conversationId }, webchatCors);
+        return;
+    }
+    // GET /webchat/channels/:id/history — load conversation history for widget
+    const webchatHistoryMatch = pathname.match(/^\/webchat\/channels\/([a-f0-9-]+)\/history$/);
+    if (webchatHistoryMatch && req.method === "GET") {
+        const clientIp = req.headers["x-forwarded-for"]?.toString().split(",")[0]?.trim() || req.socket.remoteAddress || "unknown";
+        if (sendIpRateLimit(res, clientIp, webchatCors))
+            return;
+        const channelId = webchatHistoryMatch[1];
+        const params = url.searchParams;
+        const senderId = params.get("sender_id") || "";
+        const reqConvId = params.get("conversation_id") || "";
+        if (!senderId) {
+            jsonResponse(res, 400, { error: "sender_id query parameter required" }, webchatCors);
+            return;
+        }
+        const supabase = getServiceClient();
+        // Verify channel is webchat type
+        const { data: wcChannel } = await supabase
+            .from("channels")
+            .select("id, type")
+            .eq("id", channelId)
+            .eq("type", "webchat")
+            .single();
+        if (!wcChannel) {
+            jsonResponse(res, 404, { error: "Webchat channel not found" }, webchatCors);
+            return;
+        }
+        // Get messages — by conversation_id if available, or by sender
+        // P0 FIX: Always filter by sender_id to prevent cross-sender data leak
+        let query = supabase
+            .from("channel_messages")
+            .select("id, direction, sender_id, sender_name, content, content_type, created_at")
+            .eq("channel_id", channelId);
+        // P0 FIX: Validate senderId against strict pattern to prevent PostgREST filter injection
+        // Only allow alphanumeric characters, hyphens, and underscores (blocks .eq., .neq., dots, etc.)
+        if (!/^[a-zA-Z0-9_-]+$/.test(senderId)) {
+            jsonResponse(res, 400, { error: "Invalid sender_id format" }, webchatCors);
+            return;
+        }
+        if (reqConvId) {
+            // P0 FIX: Use parameterized .in() filter instead of string interpolation in .or()
+            query = query.eq("conversation_id", reqConvId)
+                .in("sender_id", [senderId, "agent"]);
+        }
+        else {
+            query = query.in("sender_id", [senderId, "agent"]);
+        }
+        const { data: messages, error: histErr } = await query
+            .order("created_at", { ascending: true })
+            .limit(50);
+        if (histErr) {
+            jsonResponse(res, 500, { error: histErr.message }, webchatCors);
+            return;
+        }
+        jsonResponse(res, 200, { success: true, messages: messages || [] }, webchatCors);
+        return;
+    }
+    // GET /webchat/widget.js — serve compiled widget JavaScript
+    if (pathname === "/webchat/widget.js" && req.method === "GET") {
+        const fs = await import("node:fs");
+        const path = await import("node:path");
+        // Try multiple possible locations for the built widget file
+        const possiblePaths = [
+            path.join(import.meta.dirname || __dirname, "../../dist/webchat/widget.js"),
+            path.join(import.meta.dirname || __dirname, "../../../dist/webchat/widget.js"),
+            path.join(process.cwd(), "dist/webchat/widget.js"),
+        ];
+        let widgetJs = null;
+        for (const p of possiblePaths) {
+            try {
+                widgetJs = fs.readFileSync(p, "utf-8");
+                break;
+            }
+            catch { /* try next */ }
+        }
+        if (widgetJs) {
+            res.writeHead(200, {
+                "Content-Type": "application/javascript",
+                "Cache-Control": "public, max-age=3600",
+                ...webchatCors,
+            });
+            res.end(widgetJs);
+        }
+        else {
+            res.writeHead(200, {
+                "Content-Type": "application/javascript",
+                ...webchatCors,
+            });
+            res.end('console.warn("[WhaleChat] Widget JS not built. Run: npx esbuild src/webchat/widget.ts --bundle --minify --outfile=dist/webchat/widget.js");');
+        }
+        return;
+    }
+    // ================================================================
+    // Billing & Usage routes
+    // ================================================================
+    if (pathname.startsWith("/usage") || pathname.startsWith("/billing/")) {
+        const authHeader = req.headers.authorization;
+        const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+        if (!token) {
+            req.resume();
+            jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+            return;
+        }
+        let rawBody;
+        try {
+            rawBody = await readBody(req);
+        }
+        catch {
+            jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+            return;
+        }
+        let billingBody = null;
+        try {
+            if (rawBody)
+                billingBody = JSON.parse(rawBody);
+        }
+        catch {
+            jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+            return;
+        }
+        const supabase = getServiceClient();
+        // Extract userId from JWT for checkout/portal endpoints
+        let billingUserId;
+        try {
+            const payload = JSON.parse(Buffer.from(token.split(".")[1], "base64url").toString());
+            billingUserId = payload.sub;
+        }
+        catch { /* not a JWT — service role key */ }
+        const result = await handleBillingRoutes(pathname, req.method || "GET", billingBody, supabase, {
+            userId: billingUserId,
+            isServiceRole: safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT),
+        });
+        if (result) {
+            jsonResponse(res, result.status, result.body, corsHeaders);
+        }
+        else {
+            jsonResponse(res, 404, { error: `No route: ${req.method} ${pathname}` }, corsHeaders);
+        }
+        return;
+    }
+    // ================================================================
+    // Node & Channel management routes (supports GET, POST, PUT, DELETE)
+    // Must be before the method gate since GET /channels/:id/messages is valid
+    // ================================================================
+    if (pathname.startsWith("/nodes") || pathname.startsWith("/channels")) {
+        const authHeader = req.headers.authorization;
+        const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+        if (!token) {
+            req.resume();
+            jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+            return;
+        }
+        let rawBody;
+        try {
+            rawBody = await readBody(req);
+        }
+        catch {
+            jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+            return;
+        }
+        let nodeBody = null;
+        try {
+            if (rawBody)
+                nodeBody = JSON.parse(rawBody);
+        }
+        catch {
+            jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+            return;
+        }
+        const supabase = getServiceClient();
+        let userId;
+        const isServiceRole = safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+        if (!isServiceRole) {
+            const { data: { user: authUser } } = await supabase.auth.getUser(token);
+            if (authUser)
+                userId = authUser.id;
+        }
+        const result = await handleNodeRoutes(pathname, req.method || "GET", nodeBody, supabase, {
+            userId,
+            isServiceRole,
+            rawToken: token,
+        }, url.searchParams);
+        if (result) {
+            jsonResponse(res, result.status, result.body, corsHeaders);
+        }
+        else {
+            jsonResponse(res, 404, { error: `No route: ${req.method} ${pathname}` }, corsHeaders);
+        }
+        return;
+    }
+    if (req.method !== "POST" && req.method !== "DELETE" && req.method !== "PUT") {
+        jsonResponse(res, 405, { error: "Method not allowed" }, corsHeaders);
+        return;
+    }
+    try {
+        // ================================================================
+        // Phase 4.2: Resume conversation from checkpoint
+        // POST /conversations/:id/resume
+        // ================================================================
+        const resumeMatch = pathname.match(/^\/conversations\/([a-f0-9-]+)\/resume$/);
+        if (resumeMatch && req.method === "POST") {
+            const convId = resumeMatch[1];
+            const authHeader = req.headers.authorization;
+            const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            const isInternal = safeCompare(token, FLY_INTERNAL_SECRET) || safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+            if (!isInternal && !token) {
+                jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            if (!isInternal) {
+                const { data: { user: authUser }, error: authError } = await supabase.auth.getUser(token);
+                if (authError || !authUser) {
+                    jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                    return;
+                }
+            }
+            // Drain the request body (even if we don't use it) to prevent Fly proxy stalls
+            try {
+                await readBody(req);
+            }
+            catch { /* body not needed */ }
+            const checkpoint = await loadCheckpoint(supabase, convId);
+            if (!checkpoint) {
+                jsonResponse(res, 404, { error: "No checkpoint found for this conversation" }, corsHeaders);
+                return;
+            }
+            // Parse messages back from serialized form
+            let parsedMessages;
+            try {
+                parsedMessages = JSON.parse(checkpoint.messages);
+            }
+            catch {
+                jsonResponse(res, 422, { error: "Checkpoint messages corrupted" }, corsHeaders);
+                return;
+            }
+            jsonResponse(res, 200, {
+                success: true,
+                conversation_id: checkpoint.conversation_id,
+                turn: checkpoint.turn,
+                messages: parsedMessages,
+                tokens_used: checkpoint.tokens_used,
+                cost_so_far: checkpoint.cost_so_far,
+                tools_used: checkpoint.tools_used,
+                checkpointed_at: checkpoint.created_at,
+            }, corsHeaders);
+            return;
+        }
+        // ================================================================
+        // Phase 2: Approval response endpoint
+        // POST /approvals/:id/respond
+        // ================================================================
+        const approvalMatch = pathname.match(/^\/approvals\/([a-f0-9-]+)\/respond$/);
+        if (approvalMatch) {
+            const approvalId = approvalMatch[1];
+            const authHeader = req.headers.authorization;
+            const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            const isInternal = safeCompare(token, FLY_INTERNAL_SECRET) || safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+            if (!isInternal && !token) {
+                jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            let userId = null;
+            if (!isInternal) {
+                const { data: { user: authUser }, error: authError } = await supabase.auth.getUser(token);
+                if (authError || !authUser) {
+                    jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                    return;
+                }
+                userId = authUser.id;
+            }
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+                return;
+            }
+            let body;
+            try {
+                body = JSON.parse(rawBody);
+            }
+            catch {
+                jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+                return;
+            }
+            if (!body.status) {
+                jsonResponse(res, 400, { error: "status required (approved/rejected)" }, corsHeaders);
+                return;
+            }
+            // Get store_id from approval
+            const { data: approval } = await supabase.from("workflow_approval_requests")
+                .select("store_id, run_id").eq("id", approvalId).single();
+            if (!approval) {
+                jsonResponse(res, 404, { error: "Approval not found" }, corsHeaders);
+                return;
+            }
+            // P1 FIX: Verify user has access to the approval's store
+            if (!isInternal && userId) {
+                const { data: approvalMembership } = await supabase.from("store_members")
+                    .select("id").eq("store_id", approval.store_id).eq("user_id", userId).single();
+                if (!approvalMembership) {
+                    jsonResponse(res, 403, { error: "Not authorized to respond to this approval" }, corsHeaders);
+                    return;
+                }
+            }
+            const { data: result, error } = await supabase.rpc("respond_to_approval", {
+                p_approval_id: approvalId,
+                p_store_id: approval.store_id,
+                p_response: body.status,
+                p_response_data: body.response_data || {},
+                p_responded_by: userId || body.responded_by || null,
+            });
+            if (error) {
+                jsonResponse(res, 500, { success: false, error: error.message }, corsHeaders);
+                return;
+            }
+            // Inline resume — execute next step immediately
+            if (result?.success && approval.run_id) {
+                try {
+                    await executeInlineChain(supabase, approval.run_id);
+                }
+                catch (err) {
+                    log.error({ err: err.message }, "inline chain failed after approval");
+                }
+            }
+            jsonResponse(res, result?.success ? 200 : 422, result, corsHeaders);
+            return;
+        }
+        // ================================================================
+        // Waitpoint completion — API endpoint
+        // POST /waitpoints/:token/complete
+        // ================================================================
+        const waitpointMatch = pathname.match(/^\/waitpoints\/([a-f0-9-]+)\/complete$/);
+        if (waitpointMatch) {
+            const token = waitpointMatch[1];
+            const authHeader = req.headers.authorization;
+            const authToken = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            const isInternal = safeCompare(authToken, FLY_INTERNAL_SECRET) || safeCompare(authToken, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(authToken, SERVICE_ROLE_JWT);
+            if (!isInternal && !authToken) {
+                jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+                return;
+            }
+            let body;
+            try {
+                body = JSON.parse(rawBody || "{}");
+            }
+            catch {
+                jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+                return;
+            }
+            // Find waitpoint
+            const { data: wp } = await supabase.from("waitpoint_tokens")
+                .select("id, run_id, step_run_id, store_id, expires_at, status")
+                .eq("token", token).single();
+            if (!wp) {
+                jsonResponse(res, 404, { error: "Waitpoint token not found" }, corsHeaders);
+                return;
+            }
+            if (wp.status === "completed") {
+                jsonResponse(res, 409, { error: "Waitpoint already completed" }, corsHeaders);
+                return;
+            }
+            if (new Date(wp.expires_at) < new Date()) {
+                jsonResponse(res, 410, { error: "Waitpoint expired" }, corsHeaders);
+                return;
+            }
+            // Complete it
+            await supabase.from("waitpoint_tokens").update({
+                status: "completed", completion_data: body.data || {}, completed_at: new Date().toISOString(),
+            }).eq("id", wp.id);
+            await supabase.from("workflow_step_runs").update({
+                status: "pending", input: { waitpoint_completed: true, waitpoint_data: body.data || {} },
+            }).eq("id", wp.step_run_id).eq("status", "waiting");
+            // Inline resume
+            try {
+                await executeInlineChain(supabase, wp.run_id);
+            }
+            catch (err) {
+                log.error({ err: err.message, runId: wp.run_id }, "inline chain failed after waitpoint");
+            }
+            jsonResponse(res, 200, { success: true, run_id: wp.run_id }, corsHeaders);
+            return;
+        }
+        // ================================================================
+        // Webhook ingestion — no auth required (uses HMAC verification)
+        // POST /webhooks/:slug
+        // ================================================================
+        const webhookMatch = pathname.match(/^\/webhooks\/([a-zA-Z0-9_-]+)$/);
+        if (webhookMatch) {
+            const whClientIp = req.headers["x-forwarded-for"]?.toString().split(",")[0]?.trim() || req.socket.remoteAddress || "unknown";
+            if (sendIpRateLimit(res, whClientIp, corsHeaders))
+                return;
+            const slug = webhookMatch[1];
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            const headers = {};
+            for (const [k, v] of Object.entries(req.headers)) {
+                if (typeof v === "string")
+                    headers[k] = v;
+            }
+            const result = await handleWebhookIngestion(supabase, slug, rawBody, headers);
+            // Phase 1: Inline execution for webhook-triggered workflows
+            if (result.body.run_id && result.status === 200) {
+                try {
+                    await executeInlineChain(supabase, result.body.run_id);
+                }
+                catch (err) {
+                    log.error({ err: err.message }, "webhook inline chain error");
+                }
+            }
+            jsonResponse(res, result.status, result.body, corsHeaders);
+            return;
+        }
+        // ================================================================
+        // Fire event — service-role or internal auth
+        // POST /events
+        // ================================================================
+        if (pathname === "/events") {
+            const authHeader = req.headers.authorization;
+            const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            const isInternal = safeCompare(token, FLY_INTERNAL_SECRET) || safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+            if (!isInternal && !token) {
+                jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            // Verify user auth if not internal
+            if (!isInternal) {
+                const { data: { user: authUser }, error: authError } = await supabase.auth.getUser(token);
+                if (authError || !authUser) {
+                    jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                    return;
+                }
+            }
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+                return;
+            }
+            let body;
+            try {
+                body = JSON.parse(rawBody || "{}");
+            }
+            catch {
+                jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+                return;
+            }
+            if (!body.store_id || !body.event_type) {
+                jsonResponse(res, 400, { error: "store_id and event_type required" }, corsHeaders);
+                return;
+            }
+            // Idempotency: if client provides idempotency_key, check for duplicate
+            if (body.idempotency_key) {
+                const { data: existing } = await supabase.from("workflow_events")
+                    .select("id")
+                    .eq("idempotency_key", body.idempotency_key)
+                    .limit(1);
+                if (existing && existing.length > 0) {
+                    jsonResponse(res, 200, { success: true, event_id: existing[0].id, deduplicated: true }, corsHeaders);
+                    return;
+                }
+            }
+            const { data: eventId, error: fireErr } = await supabase.rpc("fire_event", {
+                p_store_id: body.store_id,
+                p_event_type: body.event_type,
+                p_event_payload: body.payload || {},
+                p_source: body.source || "api",
+            });
+            if (fireErr) {
+                jsonResponse(res, 500, { success: false, error: fireErr.message }, corsHeaders);
+            }
+            else {
+                jsonResponse(res, 200, { success: true, event_id: eventId }, corsHeaders);
+            }
+            return;
+        }
+        // ================================================================
+        // Internal workflow processing — verified by internal secret
+        // POST /workflows/process
+        // ================================================================
+        if (pathname === "/workflows/process") {
+            const authHeader = req.headers.authorization;
+            const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            if (!FLY_INTERNAL_SECRET || (!safeCompare(token, FLY_INTERNAL_SECRET) && !safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) && !safeCompare(token, SERVICE_ROLE_JWT))) {
+                jsonResponse(res, 401, { error: "Unauthorized" }, corsHeaders);
+                return;
+            }
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                rawBody = "{}";
+            }
+            let body;
+            try {
+                body = JSON.parse(rawBody || "{}");
+            }
+            catch {
+                jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            const result = await processWorkflowSteps(supabase, body.batch_size || 10);
+            jsonResponse(res, 200, { success: true, ...result }, corsHeaders);
+            return;
+        }
+        // ================================================================
+        // Start workflow run — service-role or user auth
+        // POST /workflows/start
+        // ================================================================
+        if (pathname === "/workflows/start") {
+            const authHeader = req.headers.authorization;
+            const token = authHeader?.startsWith("Bearer ") ? authHeader.substring(7) : "";
+            const isInternal = safeCompare(token, FLY_INTERNAL_SECRET) || safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+            if (!isInternal && !token) {
+                jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+                return;
+            }
+            const supabase = getServiceClient();
+            // Verify user auth if not internal
+            if (!isInternal) {
+                const { data: { user: authUser }, error: authError } = await supabase.auth.getUser(token);
+                if (authError || !authUser) {
+                    jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                    return;
+                }
+            }
+            let rawBody;
+            try {
+                rawBody = await readBody(req);
+            }
+            catch {
+                jsonResponse(res, 413, { error: "Request body too large" }, corsHeaders);
+                return;
+            }
+            let body;
+            try {
+                body = JSON.parse(rawBody);
+            }
+            catch {
+                jsonResponse(res, 400, { error: "Invalid JSON" }, corsHeaders);
+                return;
+            }
+            // P0 FIX: Verify the workflow belongs to the requesting store before starting a run
+            if (body.workflow_id && body.store_id) {
+                const { data: wfOwner, error: wfOwnerErr } = await supabase
+                    .from("workflows")
+                    .select("id")
+                    .eq("id", body.workflow_id)
+                    .eq("store_id", body.store_id)
+                    .single();
+                if (wfOwnerErr || !wfOwner) {
+                    jsonResponse(res, 403, { error: "Workflow does not belong to this store" }, corsHeaders);
+                    return;
+                }
+            }
+            const { data, error } = await supabase.rpc("start_workflow_run", {
+                p_workflow_id: body.workflow_id,
+                p_store_id: body.store_id,
+                p_trigger_type: body.trigger_type || "api",
+                p_trigger_payload: body.trigger_payload || {},
+                p_idempotency_key: body.idempotency_key || null,
+            });
+            if (error) {
+                jsonResponse(res, 500, { success: false, error: error.message }, corsHeaders);
+            }
+            else {
+                // Phase 4: Set version_id if workflow has a published version
+                // Phase 1: Inline execution for API-triggered workflows
+                if (data?.success && data.run_id && !data.deduplicated) {
+                    try {
+                        const { data: wf } = await supabase.from("workflows")
+                            .select("published_version_id").eq("id", body.workflow_id).single();
+                        if (wf?.published_version_id) {
+                            await supabase.from("workflow_runs").update({ version_id: wf.published_version_id }).eq("id", data.run_id);
+                        }
+                        await executeInlineChain(supabase, data.run_id);
+                    }
+                    catch (err) {
+                        log.error({ err: err.message }, "start-inline chain error");
+                    }
+                }
+                jsonResponse(res, data?.success ? 200 : 422, data, corsHeaders);
+            }
+            return;
+        }
+        // ================================================================
+        // Standard auth gate for all other POST routes
+        // ================================================================
+        log.info({ method: req.method, path: pathname, contentLength: req.headers["content-length"] || "?" }, "request");
+        const authHeader = req.headers.authorization;
+        if (!authHeader?.startsWith("Bearer ")) {
+            req.resume(); // drain body to avoid Fly proxy stall
+            jsonResponse(res, 401, { error: "Missing authorization" }, corsHeaders);
+            return;
+        }
+        // Read body FIRST — before async auth calls (getUser, rate_limit).
+        // Node.js request streams are paused until consumed. If we do async network
+        // calls before reading, the TCP receive buffer fills up and Fly's proxy
+        // stalls with "error writing a body to connection" on large requests.
+        let rawBody;
+        try {
+            rawBody = await readBody(req);
+        }
+        catch {
+            jsonResponse(res, 413, { error: "Request body too large (max 50MB)" }, corsHeaders);
+            return;
+        }
+        const token = authHeader.substring(7);
+        const supabase = getServiceClient();
+        // Check service-role key
+        let user = null;
+        const isServiceRole = safeCompare(token, SUPABASE_SERVICE_ROLE_KEY) || safeCompare(token, SERVICE_ROLE_JWT);
+        if (!isServiceRole) {
+            try {
+                const { data: { user: authUser }, error: authError, } = await supabase.auth.getUser(token);
+                if (authError || !authUser) {
+                    jsonResponse(res, 401, { error: "Invalid or expired token" }, corsHeaders);
+                    return;
+                }
+                user = authUser;
+            }
+            catch (authErr) {
+                log.error({ err: authErr.message }, "auth getUser failed");
+                jsonResponse(res, 502, { error: "Auth service unavailable, please retry" }, corsHeaders);
+                return;
+            }
+        }
+        // Phase 7.2: In-memory token-bucket rate limiting (fast, before Supabase RPC)
+        {
+            const tier = isServiceRole ? "serviceRole" : user ? "authenticated" : "unauthenticated";
+            const rateLimitKey = user ? `user:${user.id}` : `ip:${req.socket.remoteAddress || "unknown"}`;
+            const memResult = rateLimiter.checkRequest(rateLimitKey, tier);
+            if (!memResult.allowed) {
+                res.writeHead(429, {
+                    "Retry-After": String(Math.ceil(memResult.retryAfterMs / 1000)),
+                    "X-RateLimit-Remaining": "0",
+                    "X-RateLimit-Bucket": memResult.bucket,
+                    "Content-Type": "application/json",
+                    ...corsHeaders,
+                });
+                res.end(JSON.stringify({ error: "Rate limit exceeded" }));
+                return;
+            }
+        }
+        // Persistent rate limiting via Supabase RPC (secondary check, skip for service-role) — 100 req/60s
+        if (user) {
+            const { data: rl } = await supabase.rpc("check_rate_limit", {
+                p_user_id: user.id,
+                p_window_seconds: 60,
+                p_max_requests: 100,
+            });
+            if (rl?.[0] && !rl[0].allowed) {
+                res.writeHead(429, {
+                    "Retry-After": String(rl[0].retry_after_seconds),
+                    "X-RateLimit-Remaining": "0",
+                    "Content-Type": "application/json",
+                    ...corsHeaders,
+                });
+                res.end(JSON.stringify({ error: "Rate limit exceeded" }));
+                return;
+            }
+        }
+        let body;
+        try {
+            body = JSON.parse(rawBody);
+        }
+        catch {
+            jsonResponse(res, 400, { error: "Invalid JSON in request body" }, corsHeaders);
+            return;
+        }
+        // Anthropic API proxy mode
+        if (body.mode === "proxy") {
+            await handleProxy(res, body, corsHeaders);
+            return;
+        }
+        // Audio transcription mode (OpenAI Whisper)
+        if (body.mode === "transcribe") {
+            const { audio_base64, media_type, store_id } = body;
+            if (!audio_base64 || !media_type) {
+                jsonResponse(res, 400, { error: "audio_base64 and media_type required" }, corsHeaders);
+                return;
+            }
+            const sid = store_id || body.storeId;
+            if (!sid) {
+                jsonResponse(res, 400, { error: "store_id required for transcription (needed to resolve OpenAI API key)" }, corsHeaders);
+                return;
+            }
+            const result = await handleTranscribe(supabase, sid, audio_base64, media_type);
+            jsonResponse(res, result.success ? 200 : 422, result, corsHeaders);
+            return;
+        }
+        // Conversation compaction mode (Haiku summarization for non-Anthropic providers)
+        if (body.mode === "compact") {
+            const { messages: compactMessages, system_prompt } = body;
+            if (!compactMessages || !Array.isArray(compactMessages) || !system_prompt) {
+                jsonResponse(res, 400, { error: "messages (array) and system_prompt required" }, corsHeaders);
+                return;
+            }
+            const anthropic = new Anthropic({ apiKey: ANTHROPIC_API_KEY });
+            // Sanitize user-provided system prompt before passing to compaction
+            const sanitizedCompactPrompt = sanitizeAndLog(system_prompt, "compactionEndpoint");
+            const compactionResult = await generateCompaction({
+                anthropic,
+                messages: compactMessages,
+                systemPrompt: sanitizedCompactPrompt,
+            });
+            jsonResponse(res, compactionResult.success ? 200 : 422, {
+                success: compactionResult.success,
+                compaction_content: compactionResult.content,
+                error: compactionResult.error,
+            }, corsHeaders);
+            return;
+        }
+        // Direct tool execution mode
+        if (body.mode === "tool") {
+            const { tool_name, args, store_id, conversation_id, trace_id } = body;
+            if (!tool_name) {
+                jsonResponse(res, 400, { error: "tool_name required" }, corsHeaders);
+                return;
+            }
+            // Phase 7.2: Per-tool rate limiting
+            const toolUserId = user?.id || body.userId || "anon";
+            const toolLimit = rateLimiter.checkToolLimit(toolUserId, tool_name);
+            if (!toolLimit.allowed) {
+                res.writeHead(429, {
+                    "Retry-After": String(Math.ceil(toolLimit.retryAfterMs / 1000)),
+                    "X-RateLimit-Remaining": "0",
+                    "X-RateLimit-Bucket": toolLimit.bucket,
+                    "Content-Type": "application/json",
+                    ...corsHeaders,
+                });
+                res.end(JSON.stringify({ error: `Tool rate limit exceeded for ${tool_name}` }));
+                return;
+            }
+            // Load user tools if this is a user_tool__ prefixed call
+            let utRows;
+            if (tool_name.startsWith("user_tool__") && store_id) {
+                const { rows } = await loadUserTools(supabase, store_id);
+                utRows = rows;
+            }
+            const result = await executeTool(supabase, tool_name, (args || {}), store_id || undefined, trace_id || undefined, user?.id || body.userId || null, user?.email || body.userEmail || null, body.source || "whale-code", conversation_id || undefined, utRows);
+            // Always 200 for tool results — success/failure is in the JSON body.
+            // HTTP 500 causes MCP clients to throw before reading the error message.
+            jsonResponse(res, 200, result, corsHeaders);
+            return;
+        }
+        // Streaming tool execution mode (NDJSON) — for tools with live progress (kali, etc.)
+        if (body.mode === "tool_stream") {
+            const { tool_name, args, store_id } = body;
+            if (!tool_name) {
+                jsonResponse(res, 400, { error: "tool_name required" }, corsHeaders);
+                return;
+            }
+            // Phase 7.2: Per-tool rate limiting (stream mode)
+            const streamToolUserId = user?.id || body.userId || "anon";
+            const streamToolLimit = rateLimiter.checkToolLimit(streamToolUserId, tool_name);
+            if (!streamToolLimit.allowed) {
+                res.writeHead(429, {
+                    "Retry-After": String(Math.ceil(streamToolLimit.retryAfterMs / 1000)),
+                    "X-RateLimit-Remaining": "0",
+                    "X-RateLimit-Bucket": streamToolLimit.bucket,
+                    "Content-Type": "application/json",
+                    ...corsHeaders,
+                });
+                res.end(JSON.stringify({ error: `Tool rate limit exceeded for ${tool_name}` }));
+                return;
+            }
+            res.writeHead(200, {
+                "Content-Type": "application/x-ndjson",
+                "Transfer-Encoding": "chunked",
+                ...corsHeaders,
+            });
+            const onToolProgress = (_name, progress) => {
+                try {
+                    res.write(JSON.stringify({ type: "progress", progress }) + "\n");
+                }
+                catch { /* client disconnected */ }
+            };
+            try {
+                const result = await executeTool(supabase, tool_name, (args || {}), store_id || undefined, body.trace_id || undefined, user?.id || body.userId || null, user?.email || body.userEmail || null, body.source || "whale-code-stream", body.conversation_id || undefined, undefined, undefined, onToolProgress);
+                res.write(JSON.stringify({ type: "result", ...result }) + "\n");
+            }
+            catch (err) {
+                res.write(JSON.stringify({ type: "result", success: false, error: sanitizeError(err) }) + "\n");
+            }
+            res.end();
+            return;
+        }
+        // Agent chat mode (SSE)
+        await handleAgentChat(req, res, supabase, body, user, isServiceRole, token, corsHeaders);
+    }
+    catch (err) {
+        if (!res.headersSent) {
+            jsonResponse(res, 500, { error: sanitizeError(err) }, corsHeaders);
+        }
+    }
+});
+// Inject tool executor into workflow engine (avoids circular dependency)
+setToolExecutor((supabase, toolName, args, storeId, traceId) => {
+    // Store boundary validation: prevent workflows from accessing other stores
+    if (args.store_id && args.store_id !== storeId) {
+        return Promise.resolve({ success: false, error: "Store boundary violation: workflow cannot access other stores" });
+    }
+    args.store_id = storeId; // Force the workflow's store
+    return executeTool(supabase, toolName, args, storeId, traceId, null, null, "workflow_engine");
+});
+// Inject agent executor for "agent" step type in workflows
+setAgentExecutor(async (supabase, agentId, prompt, storeId, maxTurns = 5, onToken, traceId) => {
+    const agent = await loadAgentConfig(supabase, agentId, storeId);
+    if (!agent)
+        return { success: false, error: `Agent ${agentId} not found` };
+    // Workflow agents get all tools (no lazy loading — they run headless)
+    const { all: allTools } = await loadTools(supabase);
+    const { rows: userToolRows, defs: userToolDefs } = await loadUserTools(supabase, storeId);
+    const tools = getToolsForAgent(agent, allTools, userToolDefs);
+    const agentModel = agent.model || MODELS.SONNET;
+    // Sanitize the DB-stored agent system prompt to prevent injection attacks
+    const rawWorkflowPrompt = agent.system_prompt || "You are a helpful assistant.";
+    let systemPrompt = sanitizeAndLog(rawWorkflowPrompt, "workflowAgentExecutor", { agentId });
+    systemPrompt += `\n\nYou are operating for store_id: ${storeId}. Always include this in tool calls that require it.`;
+    if (!agent.can_modify)
+        systemPrompt += "\n\nIMPORTANT: You have read-only access.";
+    if (agent.tone && agent.tone !== "professional")
+        systemPrompt += `\n\nTone: ${agent.tone}`;
+    if (agent.verbosity === "concise")
+        systemPrompt += "\n\nBe concise.";
+    try {
+        const result = await runServerAgentLoop({
+            anthropic: getAnthropicClient(agent),
+            supabase,
+            model: agentModel,
+            systemPrompt,
+            messages: [{ role: "user", content: prompt }],
+            tools,
+            maxTurns,
+            temperature: agent.temperature ?? 0.7,
+            storeId,
+            source: "workflow_agent",
+            agentId,
+            traceId,
+            executeTool: async (toolName, args) => {
+                const toolArgs = { ...args };
+                if (!toolArgs.store_id)
+                    toolArgs.store_id = storeId;
+                return executeTool(supabase, toolName, toolArgs, storeId, traceId, null, null, "workflow_agent", undefined, userToolRows, agentId, undefined, true);
+            },
+            enableStreaming: !!onToken,
+            onText: onToken || undefined,
+            maxDurationMs: 2 * 60 * 1000,
+        });
+        return { success: true, response: result.finalText || "(no response)" };
+    }
+    catch (err) {
+        return { success: false, error: sanitizeError(err) };
+    }
+});
+// Inject token broadcaster for real-time agent step streaming
+setTokenBroadcaster((runId, stepKey, token) => {
+    broadcastToRun(runId, { type: "agent_token", run_id: runId, step_key: stepKey, token });
+});
+// Inject step error broadcaster for real-time workflow error surfacing
+setStepErrorBroadcaster((runId, data) => {
+    broadcastToRun(runId, data);
+});
+// Shared agent invoker — used by channel messages, webchat, and any source
+// Uses shared helpers so it's IDENTICAL to CLI chat — same prompt, tools, memory, persistence, audit
+async function invokeAgentForChannel(supabase, agentId, message, storeId, conversationId, senderContext) {
+    const agent = await loadAgentConfig(supabase, agentId, storeId);
+    if (!agent)
+        return { success: false, error: `Agent ${agentId} not found` };
+    const { core: coreTools, extended: extendedTools } = await loadTools(supabase);
+    setExtendedToolsCache(extendedTools);
+    const { rows: userToolRows, defs: userToolDefs } = await loadUserTools(supabase, storeId);
+    const tools = getToolsForAgent(agent, coreTools, userToolDefs);
+    const agentModel = agent.model || MODELS.SONNET;
+    // Build system prompt — shared helper, identical to SSE chat
+    const { systemPrompt, dynamicContext } = await buildAgentSystemPrompt(supabase, agent, storeId, message, tools, { senderContext, extendedTools: getExtendedToolsIndex() });
+    // Update ai_conversations with agent_id (fire-and-forget)
+    if (conversationId) {
+        Promise.resolve(supabase.from("ai_conversations").update({ agent_id: agentId }).eq("id", conversationId).is("agent_id", null)).catch(() => { });
+    }
+    // Load conversation history with size-based compaction (same as SSE chat)
+    const ctxCfg = agent.context_config;
+    const MAX_HISTORY_CHARS = ctxCfg?.max_history_chars || 400_000;
+    let loadedHistory = [];
+    if (conversationId) {
+        try {
+            const { data: history } = await supabase
+                .from("ai_messages")
+                .select("role, content")
+                .eq("conversation_id", conversationId)
+                .order("created_at", { ascending: true })
+                .limit(50);
+            if (history?.length) {
+                const raw = [];
+                for (const m of history) {
+                    if (m.role === "user" || m.role === "assistant") {
+                        raw.push({ role: m.role, content: m.content });
+                    }
+                }
+                loadedHistory = compactHistory(raw, MAX_HISTORY_CHARS);
+            }
+        }
+        catch { /* history not critical */ }
+    }
+    // Prepend dynamic context to user message to keep system prompt static (cache-friendly)
+    const contextPrefix = dynamicContext ? `[Context]\n${dynamicContext}\n\n[User Message]\n` : "";
+    const finalMessage = contextPrefix + message;
+    const messages = [...loadedHistory, { role: "user", content: finalMessage }];
+    const traceId = randomUUID();
+    const chatStartTime = Date.now();
+    try {
+        const result = await runServerAgentLoop({
+            anthropic: getAnthropicClient(agent),
+            supabase,
+            model: agentModel,
+            systemPrompt,
+            messages,
+            tools,
+            extendedTools,
+            maxTurns: Math.min(agent.max_tool_calls || 10, 15),
+            temperature: agent.temperature ?? 0.7,
+            storeId,
+            source: "channel_agent",
+            agentId,
+            traceId,
+            conversationId,
+            executeTool: async (toolName, args) => {
+                const toolArgs = { ...args };
+                if (!toolArgs.store_id)
+                    toolArgs.store_id = storeId;
+                // Pass sender context as user identity so node-triggered tool calls aren't anonymous
+                const senderUserId = senderContext?.customerId || null;
+                const senderUserLabel = senderContext?.customerName || senderContext?.senderName
+                    || (senderContext?.senderId ? `${senderContext.channelType}:${senderContext.senderId}` : null);
+                return executeTool(supabase, toolName, toolArgs, storeId, traceId, senderUserId, senderUserLabel, "channel_agent", conversationId, userToolRows, agentId, undefined, true);
+            },
+            enableStreaming: false,
+            maxDurationMs: 2 * 60 * 1000,
+        });
+        // Persist everything — shared helper, identical to SSE chat
+        await persistAgentTurn(supabase, agent, {
+            conversationId, storeId, agentId, agentModel, traceId, message, result,
+            source: "channel_agent",
+            chatStartTime, chatEndTime: Date.now(),
+            userId: senderContext?.customerId || undefined,
+            userEmail: senderContext?.customerName || senderContext?.senderName
+                || (senderContext?.senderId ? `${senderContext.channelType}:${senderContext.senderId}` : undefined),
+            senderContext,
+        });
+        return { success: true, response: result.finalText || "(no response)" };
+    }
+    catch (err) {
+        return { success: false, error: err.message };
+    }
+}
+// Wire both channel and webchat to the same invoker
+setNodeAgentInvoker(invokeAgentForChannel);
+webchatAgentInvoker = invokeAgentForChannel;
+// ============================================================================
+// PERSISTENT WORKFLOW WORKER LOOP (5-second interval)
+// ============================================================================
+// Phase 3.1: Increased from 5s to 15s — NOTIFY-driven execution handles the fast path
+// Worker loop is now a safety net for missed notifications
+const BASE_WORKER_INTERVAL_MS = 15_000;
+const MAX_WORKER_INTERVAL_MS = 60_000;
+let workerRunning = false;
+let consecutiveErrors = 0;
+let currentWorkerInterval = BASE_WORKER_INTERVAL_MS;
+async function workflowWorkerLoop() {
+    if (workerRunning)
+        return; // Prevent concurrent runs
+    workerRunning = true;
+    try {
+        const supabase = getServiceClient();
+        const [stepResult, waitingResolved] = await Promise.all([
+            processWorkflowSteps(supabase, 10),
+            processWaitingSteps(supabase),
+            Promise.resolve(supabase.rpc("expire_pending_waitpoints")).then(() => { }).catch(e => log.warn({ err: e.message }, "expire_pending_waitpoints failed")), // Non-fatal
+        ]);
+        // Schedule triggers + timeout enforcement + event triggers + orphan cleanup + DLQ retries
+        const [scheduled, timedOut, eventsProcessed, orphansCleaned, dlqRetried] = await Promise.all([
+            processScheduleTriggers(supabase).catch(e => { log.warn({ err: e.message }, "processScheduleTriggers failed"); return 0; }),
+            enforceWorkflowTimeouts(supabase).catch(e => { log.warn({ err: e.message }, "enforceWorkflowTimeouts failed"); return 0; }),
+            processEventTriggers(supabase).catch(e => { log.warn({ err: e.message }, "processEventTriggers failed"); return 0; }),
+            cleanupOrphanedSteps(supabase).catch(e => { log.warn({ err: e.message }, "cleanupOrphanedSteps failed"); return 0; }),
+            processDlqRetries(supabase).catch(e => { log.warn({ err: e.message }, "processDlqRetries failed"); return 0; }),
+        ]);
+        if (stepResult.processed > 0 || waitingResolved > 0 || scheduled > 0 || timedOut > 0 || eventsProcessed > 0 || stepResult.reclaimed > 0 || orphansCleaned > 0 || dlqRetried > 0) {
+            log.info({ processed: stepResult.processed, errors: stepResult.errors, reclaimed: stepResult.reclaimed || 0, waiting: waitingResolved, scheduled, timedOut, events: eventsProcessed, orphans: orphansCleaned, dlqRetries: dlqRetried }, "worker tick");
+        }
+        // Reset backoff on success
+        if (consecutiveErrors > 0) {
+            consecutiveErrors = 0;
+            if (currentWorkerInterval !== BASE_WORKER_INTERVAL_MS) {
+                currentWorkerInterval = BASE_WORKER_INTERVAL_MS;
+                clearInterval(workerInterval);
+                workerInterval = setInterval(workflowWorkerLoop, currentWorkerInterval);
+                log.info({ intervalMs: currentWorkerInterval }, "worker interval reset after recovery");
+            }
+        }
+    }
+    catch (err) {
+        consecutiveErrors++;
+        log.error({ err: sanitizeError(err), consecutiveErrors }, "worker error");
+        // Exponential backoff: 5s → 10s → 20s → 40s → 60s (cap)
+        if (consecutiveErrors >= 3) {
+            const newInterval = Math.min(BASE_WORKER_INTERVAL_MS * Math.pow(2, consecutiveErrors - 2), MAX_WORKER_INTERVAL_MS);
+            if (newInterval !== currentWorkerInterval) {
+                currentWorkerInterval = newInterval;
+                clearInterval(workerInterval);
+                workerInterval = setInterval(workflowWorkerLoop, currentWorkerInterval);
+                log.warn({ intervalMs: currentWorkerInterval, consecutiveErrors }, "worker interval increased due to repeated errors");
+            }
+        }
+    }
+    finally {
+        workerRunning = false;
+    }
+}
+let workerInterval = setInterval(workflowWorkerLoop, BASE_WORKER_INTERVAL_MS);
+// Initialize shared Supabase client with retry logic before server starts
+initSupabase(SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY);
+server.listen(PORT, () => {
+    log.info({ port: PORT, supabaseUrl: SUPABASE_URL, runtime: process.version, workerIntervalMs: BASE_WORKER_INTERVAL_MS }, "server listening");
+    // Initialize code worker pool for fast code step execution
+    try {
+        initWorkerPool();
+        const stats = getPoolStats();
+        log.info({ workers: stats.total }, "code worker pool initialized");
+        workerPoolReady = true;
+    }
+    catch (err) {
+        log.error({ err: err.message }, "worker pool init failed");
+    }
+    // Initialize local agent WebSocket gateway
+    try {
+        initLocalAgentGateway(server);
+    }
+    catch (err) {
+        log.error({ err: err.message }, "local-agent gateway init failed");
+    }
+    // Phase 3: Start pg LISTEN for real-time SSE streaming
+    setupPgListen().catch((err) => {
+        log.error({ err: err.message }, "pg-listen setup failed");
+    });
+    // Phase 4.2: Mark orphaned conversations as resumable
+    const serverBootTime = new Date();
+    markOrphaned(getServiceClient(), serverBootTime)
+        .then((count) => {
+        if (count > 0)
+            log.info({ count }, "orphaned conversations marked resumable");
+    })
+        .catch((err) => {
+        log.warn({ err: err.message }, "markOrphaned failed (table may not exist yet)");
+    });
+});
+// ============================================================================
+// GRACEFUL SHUTDOWN
+// ============================================================================
+async function gracefulShutdown(signal) {
+    log.info({ signal, activeRequests }, "received shutdown signal, shutting down gracefully");
+    // 1. Stop accepting new connections
+    server.close(() => {
+        log.info("HTTP server closed");
+    });
+    // 2. Clear workflow worker intervals
+    clearInterval(workerInterval);
+    clearInterval(sseCleanupInterval);
+    // 3. Close all SSE client connections
+    for (const [, clients] of sseClients) {
+        for (const res of clients) {
+            try {
+                res.end();
+            }
+            catch { /* client already disconnected — benign */ }
+        }
+        clients.clear();
+    }
+    sseClients.clear();
+    // 3b. P1 FIX: Flush audit log buffer before shutdown (prevents data loss on crash)
+    try {
+        const sb = getServiceClient();
+        await flushAuditLogs(sb);
+        log.info("audit log buffer flushed");
+    }
+    catch (err) {
+        log.error({ err: err.message }, "audit log flush error");
+    }
+    // 4. Shut down code worker pool
+    try {
+        shutdownPool();
+        log.info("worker pool shut down");
+    }
+    catch (err) {
+        log.error({ err: err.message }, "worker pool shutdown error");
+    }
+    // 4b. Shut down local agent gateway
+    try {
+        shutdownAgentGateway();
+    }
+    catch (err) {
+        log.error({ err: err.message }, "agent gateway shutdown error");
+    }
+    // 4c. Shut down rate limiter
+    rateLimiter.shutdown();
+    // 5. Close pg LISTEN connection
+    if (pgClient) {
+        pgClient.end().catch(() => { });
+        pgClient = null;
+        log.info("pg LISTEN connection closed");
+    }
+    // 6. Wait for active requests to drain (up to 25 seconds)
+    const drainStart = Date.now();
+    const drainInterval = setInterval(() => {
+        if (activeRequests <= 0 || Date.now() - drainStart > 25_000) {
+            clearInterval(drainInterval);
+            log.info({ activeRequests }, "drain complete, exiting");
+            process.exit(activeRequests > 0 ? 1 : 0);
+        }
+        log.info({ activeRequests }, "waiting for active requests to drain...");
+    }, 1000);
+    // 7. Force exit after 30 seconds if graceful shutdown hangs (increased from 10s)
+    setTimeout(() => {
+        log.fatal({ activeRequests }, "graceful shutdown timed out after 30s, forcing exit");
+        process.exit(1);
+    }, 30_000).unref();
+}
+process.on("SIGTERM", () => gracefulShutdown("SIGTERM"));
+process.on("SIGINT", () => gracefulShutdown("SIGINT"));