feat(web): MS23-P2-008 panel grid responsive layout

Merge pull request 'feat: MS23-P2-007 AuditLogDrawer + audit log endpoint' (#730 ) from feat/ms23-p2-audit into main
feat: MS23-P2-007 AuditLogDrawer + audit log endpoint
2026-03-07 14:47:39 -06:00 · 2026-03-07 20:40:21 +00:00 · 2026-03-07 14:40:06 -06:00 · 2026-03-07 20:35:53 +00:00 · 2026-03-07 14:34:31 -06:00 · 2026-03-07 20:33:39 +00:00
102 changed files with 8790 additions and 647 deletions
--- a/.env.example
+++ b/.env.example
@@ -343,6 +343,11 @@ RATE_LIMIT_STORAGE=redis
 # DISCORD_CONTROL_CHANNEL_ID=channel-id-for-commands
 # DISCORD_WORKSPACE_ID=your-workspace-uuid
 #
+# Agent channel routing: Maps Discord channels to specific agents.
+# Format: <channelId>:<agentName>,<channelId>:<agentName>
+# Example: 123456789:jarvis,987654321:builder
+# DISCORD_AGENT_CHANNELS=
+#
 # SECURITY: DISCORD_WORKSPACE_ID must be a valid workspace UUID from your database.
 # All Discord commands will execute within this workspace context for proper
 # multi-tenant isolation. Each Discord bot instance should be configured for
--- a/.mosaic/orchestrator/mission.json
+++ b/.mosaic/orchestrator/mission.json
@@ -1,56 +1,56 @@
 {
  "schema_version": 1,
-  "mission_id": "ms21-multi-tenant-rbac-data-migration-20260228",
-  "name": "MS21 Multi-Tenant RBAC Data Migration",
-  "description": "Build multi-tenant user/workspace/team management, break-glass auth, RBAC UI enforcement, and migrate jarvis-brain data into Mosaic Stack",
+  "mission_id": "ms22-p2-named-agent-fleet-20260304",
+  "name": "MS22-P2 Named Agent Fleet",
+  "description": "",
  "project_path": "/home/jwoltje/src/mosaic-stack",
-  "created_at": "2026-02-28T17:10:22Z",
+  "created_at": "2026-03-05T01:53:28Z",
  "status": "active",
-  "task_prefix": "MS21",
-  "quality_gates": "pnpm lint && pnpm build && pnpm test",
-  "milestone_version": "0.0.21",
+  "task_prefix": "",
+  "quality_gates": "",
+  "milestone_version": "0.0.1",
  "milestones": [
    {
      "id": "phase-1",
-      "name": "Schema and Admin API",
+      "name": "Schema+Seed",
      "status": "pending",
-      "branch": "schema-and-admin-api",
+      "branch": "schema-seed",
      "issue_ref": "",
      "started_at": "",
      "completed_at": ""
    },
    {
      "id": "phase-2",
-      "name": "Break-Glass Authentication",
+      "name": "Admin CRUD",
      "status": "pending",
-      "branch": "break-glass-authentication",
+      "branch": "admin-crud",
      "issue_ref": "",
      "started_at": "",
      "completed_at": ""
    },
    {
      "id": "phase-3",
-      "name": "Data Migration",
+      "name": "User CRUD",
      "status": "pending",
-      "branch": "data-migration",
+      "branch": "user-crud",
      "issue_ref": "",
      "started_at": "",
      "completed_at": ""
    },
    {
      "id": "phase-4",
-      "name": "Admin UI",
+      "name": "Agent Routing",
      "status": "pending",
-      "branch": "admin-ui",
+      "branch": "agent-routing",
      "issue_ref": "",
      "started_at": "",
      "completed_at": ""
    },
    {
      "id": "phase-5",
-      "name": "RBAC UI Enforcement",
+      "name": "Discord+UI",
      "status": "pending",
-      "branch": "rbac-ui-enforcement",
+      "branch": "discord-ui",
      "issue_ref": "",
      "started_at": "",
      "completed_at": ""
@@ -65,26 +65,5 @@
      "completed_at": ""
    }
  ],
-  "sessions": [
-    {
-      "session_id": "sess-001",
-      "runtime": "unknown",
-      "started_at": "2026-02-28T17:48:51Z",
-      "ended_at": "",
-      "ended_reason": "",
-      "milestone_at_end": "",
-      "tasks_completed": [],
-      "last_task_id": ""
-    },
-    {
-      "session_id": "sess-002",
-      "runtime": "unknown",
-      "started_at": "2026-02-28T20:30:13Z",
-      "ended_at": "2026-03-04T13:45:06Z",
-      "ended_reason": "completed",
-      "milestone_at_end": "",
-      "tasks_completed": [],
-      "last_task_id": ""
-    }
-  ]
+  "sessions": []
 }
--- a/apps/api/prisma/migrations/20260307004007_ms23_mission_control_schema/migration.sql
+++ b/apps/api/prisma/migrations/20260307004007_ms23_mission_control_schema/migration.sql
@@ -0,0 +1,83 @@
+-- CreateTable
+CREATE TABLE "AgentConversationMessage" (
+    "id" TEXT NOT NULL,
+    "sessionId" TEXT NOT NULL,
+    "provider" TEXT NOT NULL DEFAULT 'internal',
+    "role" TEXT NOT NULL,
+    "content" TEXT NOT NULL,
+    "timestamp" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "metadata" JSONB NOT NULL DEFAULT '{}',
+
+    CONSTRAINT "AgentConversationMessage_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "AgentSessionTree" (
+    "id" TEXT NOT NULL,
+    "sessionId" TEXT NOT NULL,
+    "parentSessionId" TEXT,
+    "provider" TEXT NOT NULL DEFAULT 'internal',
+    "missionId" TEXT,
+    "taskId" TEXT,
+    "taskSource" TEXT DEFAULT 'internal',
+    "agentType" TEXT,
+    "status" TEXT NOT NULL DEFAULT 'spawning',
+    "spawnedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "completedAt" TIMESTAMP(3),
+    "metadata" JSONB NOT NULL DEFAULT '{}',
+
+    CONSTRAINT "AgentSessionTree_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "AgentProviderConfig" (
+    "id" TEXT NOT NULL,
+    "workspaceId" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "provider" TEXT NOT NULL,
+    "gatewayUrl" TEXT NOT NULL,
+    "credentials" JSONB NOT NULL DEFAULT '{}',
+    "isActive" BOOLEAN NOT NULL DEFAULT true,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "AgentProviderConfig_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable
+CREATE TABLE "OperatorAuditLog" (
+    "id" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "sessionId" TEXT NOT NULL,
+    "provider" TEXT NOT NULL,
+    "action" TEXT NOT NULL,
+    "content" TEXT,
+    "metadata" JSONB NOT NULL DEFAULT '{}',
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "OperatorAuditLog_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "AgentConversationMessage_sessionId_timestamp_idx" ON "AgentConversationMessage"("sessionId", "timestamp");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "AgentSessionTree_sessionId_key" ON "AgentSessionTree"("sessionId");
+
+-- CreateIndex
+CREATE INDEX "AgentSessionTree_parentSessionId_idx" ON "AgentSessionTree"("parentSessionId");
+
+-- CreateIndex
+CREATE INDEX "AgentSessionTree_missionId_idx" ON "AgentSessionTree"("missionId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "AgentProviderConfig_workspaceId_name_key" ON "AgentProviderConfig"("workspaceId", "name");
+
+-- CreateIndex
+CREATE INDEX "OperatorAuditLog_sessionId_idx" ON "OperatorAuditLog"("sessionId");
+
+-- CreateIndex
+CREATE INDEX "OperatorAuditLog_userId_idx" ON "OperatorAuditLog"("userId");
+
+-- CreateIndex
+CREATE INDEX "OperatorAuditLog_createdAt_idx" ON "OperatorAuditLog"("createdAt");
--- a/apps/api/prisma/schema.prisma
+++ b/apps/api/prisma/schema.prisma
@@ -1739,3 +1739,66 @@ model UserAgent {
  @@unique([userId, name])
  @@index([userId])
 }
+
+// MS23: Agent conversation messages for Mission Control streaming
+model AgentConversationMessage {
+  id        String   @id @default(cuid())
+  sessionId String
+  provider  String   @default("internal")
+  role      String
+  content   String
+  timestamp DateTime @default(now())
+  metadata  Json     @default("{}")
+
+  @@index([sessionId, timestamp])
+}
+
+// MS23: Agent session tree for parent/child relationships
+model AgentSessionTree {
+  id              String   @id @default(cuid())
+  sessionId       String   @unique
+  parentSessionId String?
+  provider        String   @default("internal")
+  missionId       String?
+  taskId          String?
+  taskSource      String?  @default("internal")
+  agentType       String?
+  status          String   @default("spawning")
+  spawnedAt       DateTime @default(now())
+  completedAt     DateTime?
+  metadata        Json     @default("{}")
+
+  @@index([parentSessionId])
+  @@index([missionId])
+}
+
+// MS23: External agent provider configuration per workspace
+model AgentProviderConfig {
+  id          String   @id @default(cuid())
+  workspaceId String
+  name        String
+  provider    String
+  gatewayUrl  String
+  credentials Json     @default("{}")
+  isActive    Boolean  @default(true)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  @@unique([workspaceId, name])
+}
+
+// MS23: Audit log for operator interventions
+model OperatorAuditLog {
+  id        String   @id @default(cuid())
+  userId    String
+  sessionId String
+  provider  String
+  action    String
+  content   String?
+  metadata  Json     @default("{}")
+  createdAt DateTime @default(now())
+
+  @@index([sessionId])
+  @@index([userId])
+  @@index([createdAt])
+}
--- a/apps/api/prisma/seed.ts
+++ b/apps/api/prisma/seed.ts
@@ -7,6 +7,7 @@ import {
  EntryStatus,
  Visibility,
 } from "@prisma/client";
+import { seedAgentTemplates } from "../src/seed/agent-templates.seed";

 const prisma = new PrismaClient();

@@ -586,6 +587,9 @@ This is a draft document. See [[architecture-overview]] for current state.`,

    console.log(`Created ${links.length} knowledge links`);
  });
+  // Seed default agent templates (idempotent)
+  await seedAgentTemplates(prisma);
+
  console.log("Seeding completed successfully!");
 }

--- a/apps/api/src/agent-template/agent-template.module.ts
+++ b/apps/api/src/agent-template/agent-template.module.ts
@@ -2,9 +2,10 @@ import { Module } from "@nestjs/common";
 import { AgentTemplateService } from "./agent-template.service";
 import { AgentTemplateController } from "./agent-template.controller";
 import { PrismaModule } from "../prisma/prisma.module";
+import { AuthModule } from "../auth/auth.module";

@Module({
-  imports: [PrismaModule],
+  imports: [PrismaModule, AuthModule],
  controllers: [AgentTemplateController],
  providers: [AgentTemplateService],
  exports: [AgentTemplateService],
--- a/apps/api/src/app.module.ts
+++ b/apps/api/src/app.module.ts
@@ -49,6 +49,7 @@ import { PersonalitiesModule } from "./personalities/personalities.module";
 import { WorkspacesModule } from "./workspaces/workspaces.module";
 import { AdminModule } from "./admin/admin.module";
 import { AgentTemplateModule } from "./agent-template/agent-template.module";
+import { UserAgentModule } from "./user-agent/user-agent.module";
 import { TeamsModule } from "./teams/teams.module";
 import { ImportModule } from "./import/import.module";
 import { ConversationArchiveModule } from "./conversation-archive/conversation-archive.module";
@@ -131,6 +132,7 @@ import { OrchestratorModule } from "./orchestrator/orchestrator.module";
    WorkspacesModule,
    AdminModule,
    AgentTemplateModule,
+    UserAgentModule,
    TeamsModule,
    ImportModule,
    ConversationArchiveModule,
--- a/apps/api/src/bridge/bridge.module.spec.ts
+++ b/apps/api/src/bridge/bridge.module.spec.ts
@@ -5,6 +5,7 @@ import { MatrixService } from "./matrix/matrix.service";
 import { StitcherService } from "../stitcher/stitcher.service";
 import { PrismaService } from "../prisma/prisma.service";
 import { BullMqService } from "../bullmq/bullmq.service";
+import { ChatProxyService } from "../chat-proxy/chat-proxy.service";
 import { CHAT_PROVIDERS } from "./bridge.constants";
 import type { IChatProvider } from "./interfaces";
 import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
@@ -89,6 +90,7 @@ interface SavedEnvVars {
  MATRIX_CONTROL_ROOM_ID?: string;
  MATRIX_WORKSPACE_ID?: string;
  ENCRYPTION_KEY?: string;
+  MOSAIC_SECRET_KEY?: string;
 }

 describe("BridgeModule", () => {
@@ -106,6 +108,7 @@ describe("BridgeModule", () => {
      MATRIX_CONTROL_ROOM_ID: process.env.MATRIX_CONTROL_ROOM_ID,
      MATRIX_WORKSPACE_ID: process.env.MATRIX_WORKSPACE_ID,
      ENCRYPTION_KEY: process.env.ENCRYPTION_KEY,
+      MOSAIC_SECRET_KEY: process.env.MOSAIC_SECRET_KEY,
    };

    // Clear all bridge env vars
@@ -120,6 +123,8 @@ describe("BridgeModule", () => {

    // Set encryption key (needed by StitcherService)
    process.env.ENCRYPTION_KEY = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+    // Set MOSAIC_SECRET_KEY (needed by CryptoService via ChatProxyModule)
+    process.env.MOSAIC_SECRET_KEY = "test-mosaic-secret-key-minimum-32-characters-long";

    // Clear ready callbacks
    mockReadyCallbacks.length = 0;
@@ -149,6 +154,10 @@ describe("BridgeModule", () => {
      .useValue({})
      .overrideProvider(BullMqService)
      .useValue({})
+      .overrideProvider(ChatProxyService)
+      .useValue({
+        proxyChat: vi.fn().mockResolvedValue(new Response()),
+      })
      .compile();
  }

--- a/apps/api/src/bridge/bridge.module.ts
+++ b/apps/api/src/bridge/bridge.module.ts
@@ -5,6 +5,8 @@ import { MatrixRoomService } from "./matrix/matrix-room.service";
 import { MatrixStreamingService } from "./matrix/matrix-streaming.service";
 import { CommandParserService } from "./parser/command-parser.service";
 import { StitcherModule } from "../stitcher/stitcher.module";
+import { ChatProxyModule } from "../chat-proxy/chat-proxy.module";
+import { PrismaModule } from "../prisma/prisma.module";
 import { CHAT_PROVIDERS } from "./bridge.constants";
 import type { IChatProvider } from "./interfaces";

@@ -28,7 +30,7 @@ const logger = new Logger("BridgeModule");
 * MatrixRoomService handles workspace-to-Matrix-room mapping.
 */
@Module({
-  imports: [StitcherModule],
+  imports: [StitcherModule, ChatProxyModule, PrismaModule],
  providers: [
    CommandParserService,
    MatrixRoomService,
--- a/apps/api/src/bridge/discord/discord.service.spec.ts
+++ b/apps/api/src/bridge/discord/discord.service.spec.ts
@@ -1,6 +1,8 @@
 import { Test, TestingModule } from "@nestjs/testing";
 import { DiscordService } from "./discord.service";
 import { StitcherService } from "../../stitcher/stitcher.service";
+import { ChatProxyService } from "../../chat-proxy/chat-proxy.service";
+import { PrismaService } from "../../prisma/prisma.service";
 import { Client, Events, GatewayIntentBits, Message } from "discord.js";
 import { vi, describe, it, expect, beforeEach } from "vitest";
 import type { ChatMessage, ChatCommand } from "../interfaces";
@@ -61,6 +63,8 @@ vi.mock("discord.js", () => {
 describe("DiscordService", () => {
  let service: DiscordService;
  let stitcherService: StitcherService;
+  let chatProxyService: ChatProxyService;
+  let prismaService: PrismaService;

  const mockStitcherService = {
    dispatchJob: vi.fn().mockResolvedValue({
@@ -71,12 +75,29 @@ describe("DiscordService", () => {
    trackJobEvent: vi.fn().mockResolvedValue(undefined),
  };

+  const mockChatProxyService = {
+    proxyChat: vi.fn().mockResolvedValue(
+      new Response('data: {"choices":[{"delta":{"content":"Hello"}}]}\n\ndata: [DONE]\n\n', {
+        headers: { "Content-Type": "text/event-stream" },
+      })
+    ),
+  };
+
+  const mockPrismaService = {
+    workspace: {
+      findUnique: vi.fn().mockResolvedValue({
+        ownerId: "owner-user-id",
+      }),
+    },
+  };
+
  beforeEach(async () => {
    // Set environment variables for testing
    process.env.DISCORD_BOT_TOKEN = "test-token";
    process.env.DISCORD_GUILD_ID = "test-guild-id";
    process.env.DISCORD_CONTROL_CHANNEL_ID = "test-channel-id";
    process.env.DISCORD_WORKSPACE_ID = "test-workspace-id";
+    process.env.DISCORD_AGENT_CHANNELS = "jarvis-channel:jarvis,builder-channel:builder";

    // Clear callbacks
    mockReadyCallbacks.length = 0;
@@ -89,11 +110,21 @@ describe("DiscordService", () => {
          provide: StitcherService,
          useValue: mockStitcherService,
        },
+        {
+          provide: ChatProxyService,
+          useValue: mockChatProxyService,
+        },
+        {
+          provide: PrismaService,
+          useValue: mockPrismaService,
+        },
      ],
    }).compile();

    service = module.get<DiscordService>(DiscordService);
    stitcherService = module.get<StitcherService>(StitcherService);
+    chatProxyService = module.get<ChatProxyService>(ChatProxyService);
+    prismaService = module.get<PrismaService>(PrismaService);

    // Clear all mocks
    vi.clearAllMocks();
@@ -449,6 +480,14 @@ describe("DiscordService", () => {
            provide: StitcherService,
            useValue: mockStitcherService,
          },
+          {
+            provide: ChatProxyService,
+            useValue: mockChatProxyService,
+          },
+          {
+            provide: PrismaService,
+            useValue: mockPrismaService,
+          },
        ],
      }).compile();

@@ -470,6 +509,14 @@ describe("DiscordService", () => {
            provide: StitcherService,
            useValue: mockStitcherService,
          },
+          {
+            provide: ChatProxyService,
+            useValue: mockChatProxyService,
+          },
+          {
+            provide: PrismaService,
+            useValue: mockPrismaService,
+          },
        ],
      }).compile();

@@ -492,6 +539,14 @@ describe("DiscordService", () => {
            provide: StitcherService,
            useValue: mockStitcherService,
          },
+          {
+            provide: ChatProxyService,
+            useValue: mockChatProxyService,
+          },
+          {
+            provide: PrismaService,
+            useValue: mockPrismaService,
+          },
        ],
      }).compile();

@@ -654,4 +709,150 @@ describe("DiscordService", () => {
      expect(loggedError.statusCode).toBe(408);
    });
  });
+
+  describe("Agent Channel Routing", () => {
+    it("should load agent channel mappings from environment", () => {
+      // The service should have loaded the agent channels from DISCORD_AGENT_CHANNELS
+      expect((service as any).agentChannels.size).toBe(2);
+      expect((service as any).agentChannels.get("jarvis-channel")).toBe("jarvis");
+      expect((service as any).agentChannels.get("builder-channel")).toBe("builder");
+    });
+
+    it("should handle empty agent channels config", async () => {
+      delete process.env.DISCORD_AGENT_CHANNELS;
+
+      const module: TestingModule = await Test.createTestingModule({
+        providers: [
+          DiscordService,
+          {
+            provide: StitcherService,
+            useValue: mockStitcherService,
+          },
+          {
+            provide: ChatProxyService,
+            useValue: mockChatProxyService,
+          },
+          {
+            provide: PrismaService,
+            useValue: mockPrismaService,
+          },
+        ],
+      }).compile();
+
+      const newService = module.get<DiscordService>(DiscordService);
+      expect((newService as any).agentChannels.size).toBe(0);
+
+      // Restore for other tests
+      process.env.DISCORD_AGENT_CHANNELS = "jarvis-channel:jarvis,builder-channel:builder";
+    });
+
+    it("should route messages in agent channels to ChatProxyService", async () => {
+      const mockChannel = {
+        send: vi.fn().mockResolvedValue({}),
+        isTextBased: () => true,
+        sendTyping: vi.fn(),
+      };
+      (mockClient.channels.fetch as any).mockResolvedValue(mockChannel);
+
+      // Create a mock streaming response
+      const mockStreamResponse = new Response(
+        'data: {"choices":[{"delta":{"content":"Test response"}}]}\n\ndata: [DONE]\n\n',
+        { headers: { "Content-Type": "text/event-stream" } }
+      );
+      mockChatProxyService.proxyChat.mockResolvedValue(mockStreamResponse);
+
+      await service.connect();
+
+      // Simulate a message in the jarvis channel
+      const message: ChatMessage = {
+        id: "msg-agent-1",
+        channelId: "jarvis-channel",
+        authorId: "user-1",
+        authorName: "TestUser",
+        content: "Hello Jarvis!",
+        timestamp: new Date(),
+      };
+
+      // Call handleAgentChat directly
+      await (service as any).handleAgentChat(message, "jarvis");
+
+      // Verify ChatProxyService was called with workspace owner's ID and agent name
+      expect(mockChatProxyService.proxyChat).toHaveBeenCalledWith(
+        "owner-user-id",
+        [{ role: "user", content: "Hello Jarvis!" }],
+        undefined,
+        "jarvis"
+      );
+
+      // Verify response was sent to channel
+      expect(mockChannel.send).toHaveBeenCalled();
+    });
+
+    it("should not route empty messages", async () => {
+      const message: ChatMessage = {
+        id: "msg-empty",
+        channelId: "jarvis-channel",
+        authorId: "user-1",
+        authorName: "TestUser",
+        content: "   ",
+        timestamp: new Date(),
+      };
+
+      await (service as any).handleAgentChat(message, "jarvis");
+
+      expect(mockChatProxyService.proxyChat).not.toHaveBeenCalled();
+    });
+
+    it("should handle ChatProxyService errors gracefully", async () => {
+      const mockChannel = {
+        send: vi.fn().mockResolvedValue({}),
+        isTextBased: () => true,
+        sendTyping: vi.fn(),
+      };
+      (mockClient.channels.fetch as any).mockResolvedValue(mockChannel);
+
+      mockChatProxyService.proxyChat.mockRejectedValue(new Error("Agent not found"));
+
+      await service.connect();
+
+      const message: ChatMessage = {
+        id: "msg-error",
+        channelId: "jarvis-channel",
+        authorId: "user-1",
+        authorName: "TestUser",
+        content: "Hello",
+        timestamp: new Date(),
+      };
+
+      await (service as any).handleAgentChat(message, "jarvis");
+
+      // Should send error message to channel
+      expect(mockChannel.send).toHaveBeenCalledWith(
+        expect.stringContaining("Failed to get response from jarvis")
+      );
+    });
+
+    it("should split long messages for Discord", () => {
+      const longContent = "A".repeat(5000);
+      const chunks = (service as any).splitMessageForDiscord(longContent);
+
+      // Should split into chunks of 2000 or less
+      expect(chunks.length).toBeGreaterThan(1);
+      for (const chunk of chunks) {
+        expect(chunk.length).toBeLessThanOrEqual(2000);
+      }
+
+      // Reassembled content should match original
+      expect(chunks.join("")).toBe(longContent.trim());
+    });
+
+    it("should prefer paragraph breaks when splitting messages", () => {
+      const content = "A".repeat(1500) + "\n\n" + "B".repeat(1500);
+      const chunks = (service as any).splitMessageForDiscord(content);
+
+      expect(chunks.length).toBe(2);
+      expect(chunks[0]).toContain("A");
+      expect(chunks[1]).toContain("B");
+    });
+  });
 });
--- a/apps/api/src/bridge/discord/discord.service.ts
+++ b/apps/api/src/bridge/discord/discord.service.ts
@@ -1,6 +1,8 @@
 import { Injectable, Logger } from "@nestjs/common";
 import { Client, Events, GatewayIntentBits, TextChannel, ThreadChannel } from "discord.js";
 import { StitcherService } from "../../stitcher/stitcher.service";
+import { ChatProxyService } from "../../chat-proxy/chat-proxy.service";
+import { PrismaService } from "../../prisma/prisma.service";
 import { sanitizeForLogging } from "../../common/utils";
 import type {
  IChatProvider,
@@ -17,6 +19,7 @@ import type {
 * - Connect to Discord via bot token
 * - Listen for commands in designated channels
 * - Forward commands to stitcher
+ * - Route messages in agent channels to specific agents via ChatProxyService
 * - Receive status updates from herald
 * - Post updates to threads
 */
@@ -28,12 +31,21 @@ export class DiscordService implements IChatProvider {
  private readonly botToken: string;
  private readonly controlChannelId: string;
  private readonly workspaceId: string;
+  private readonly agentChannels = new Map<string, string>();
+  private workspaceOwnerId: string | null = null;

-  constructor(private readonly stitcherService: StitcherService) {
+  constructor(
+    private readonly stitcherService: StitcherService,
+    private readonly chatProxyService: ChatProxyService,
+    private readonly prisma: PrismaService
+  ) {
    this.botToken = process.env.DISCORD_BOT_TOKEN ?? "";
    this.controlChannelId = process.env.DISCORD_CONTROL_CHANNEL_ID ?? "";
    this.workspaceId = process.env.DISCORD_WORKSPACE_ID ?? "";

+    // Load agent channel mappings from environment
+    this.loadAgentChannels();
+
    // Initialize Discord client with required intents
    this.client = new Client({
      intents: [
@@ -46,6 +58,51 @@ export class DiscordService implements IChatProvider {
    this.setupEventHandlers();
  }

+  /**
+   * Load agent channel mappings from environment variables.
+   * Format: DISCORD_AGENT_CHANNELS=<channelId>:<agentName>,<channelId>:<agentName>
+   * Example: DISCORD_AGENT_CHANNELS=123456:jarvis,789012:builder
+   */
+  private loadAgentChannels(): void {
+    const channelsConfig = process.env.DISCORD_AGENT_CHANNELS ?? "";
+    if (!channelsConfig) {
+      this.logger.debug("No agent channels configured (DISCORD_AGENT_CHANNELS not set)");
+      return;
+    }
+
+    const channels = channelsConfig.split(",").map((pair) => pair.trim());
+    for (const channel of channels) {
+      const [channelId, agentName] = channel.split(":");
+      if (channelId && agentName) {
+        this.agentChannels.set(channelId.trim(), agentName.trim());
+        this.logger.log(`Agent channel mapped: ${channelId.trim()} → ${agentName.trim()}`);
+      }
+    }
+  }
+
+  /**
+   * Get the workspace owner's user ID for chat proxy routing.
+   * Caches the result after first lookup.
+   */
+  private async getWorkspaceOwnerId(): Promise<string> {
+    if (this.workspaceOwnerId) {
+      return this.workspaceOwnerId;
+    }
+
+    const workspace = await this.prisma.workspace.findUnique({
+      where: { id: this.workspaceId },
+      select: { ownerId: true },
+    });
+
+    if (!workspace) {
+      throw new Error(`Workspace not found: ${this.workspaceId}`);
+    }
+
+    this.workspaceOwnerId = workspace.ownerId;
+    this.logger.debug(`Workspace owner resolved: ${workspace.ownerId}`);
+    return workspace.ownerId;
+  }
+
  /**
   * Setup event handlers for Discord client
   */
@@ -60,9 +117,6 @@ export class DiscordService implements IChatProvider {
      // Ignore bot messages
      if (message.author.bot) return;

-      // Check if message is in control channel
-      if (message.channelId !== this.controlChannelId) return;
-
      // Parse message into ChatMessage format
      const chatMessage: ChatMessage = {
        id: message.id,
@@ -74,6 +128,16 @@ export class DiscordService implements IChatProvider {
        ...(message.channel.isThread() && { threadId: message.channelId }),
      };

+      // Check if message is in an agent channel
+      const agentName = this.agentChannels.get(message.channelId);
+      if (agentName) {
+        void this.handleAgentChat(chatMessage, agentName);
+        return;
+      }
+
+      // Check if message is in control channel for commands
+      if (message.channelId !== this.controlChannelId) return;
+
      // Parse command
      const command = this.parseCommand(chatMessage);
      if (command) {
@@ -394,4 +458,150 @@ export class DiscordService implements IChatProvider {

    await this.sendMessage(message.channelId, helpMessage);
  }
+
+  /**
+   * Handle agent chat - Route message to specific agent via ChatProxyService
+   * Messages in agent channels are sent directly to the agent without requiring @mosaic prefix.
+   */
+  private async handleAgentChat(message: ChatMessage, agentName: string): Promise<void> {
+    this.logger.log(
+      `Routing message from ${message.authorName} to agent "${agentName}" in channel ${message.channelId}`
+    );
+
+    // Ignore empty messages
+    if (!message.content.trim()) {
+      return;
+    }
+
+    try {
+      // Get workspace owner ID for routing
+      const userId = await this.getWorkspaceOwnerId();
+
+      // Build message history (just the user's message for now)
+      const messages = [{ role: "user" as const, content: message.content }];
+
+      // Send typing indicator while waiting for response
+      const channel = await this.client.channels.fetch(message.channelId);
+      if (channel?.isTextBased()) {
+        void (channel as TextChannel).sendTyping();
+      }
+
+      // Proxy to agent
+      const response = await this.chatProxyService.proxyChat(
+        userId,
+        messages,
+        undefined,
+        agentName
+      );
+
+      // Stream the response to channel
+      await this.streamResponseToChannel(message.channelId, response);
+
+      this.logger.debug(`Agent "${agentName}" response sent to channel ${message.channelId}`);
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      this.logger.error(`Failed to route message to agent "${agentName}": ${errorMessage}`);
+      await this.sendMessage(
+        message.channelId,
+        `Failed to get response from ${agentName}. Please try again later.`
+      );
+    }
+  }
+
+  /**
+   * Stream SSE response from chat proxy and send to Discord channel.
+   * Collects the full response and sends as a single message for reliability.
+   */
+  private async streamResponseToChannel(channelId: string, response: Response): Promise<string> {
+    const reader = response.body?.getReader();
+    if (!reader) {
+      throw new Error("Response body is not readable");
+    }
+
+    const decoder = new TextDecoder();
+    let fullContent = "";
+    let buffer = "";
+
+    try {
+      let readResult = await reader.read();
+      while (!readResult.done) {
+        const { value } = readResult;
+        buffer += decoder.decode(value, { stream: true });
+        const lines = buffer.split("\n");
+        buffer = lines.pop() ?? "";
+
+        for (const line of lines) {
+          if (line.startsWith("data: ")) {
+            const data = line.slice(6);
+            if (data === "[DONE]") continue;
+
+            try {
+              const parsed = JSON.parse(data) as {
+                choices?: { delta?: { content?: string } }[];
+              };
+              const content = parsed.choices?.[0]?.delta?.content;
+              if (content) {
+                fullContent += content;
+              }
+            } catch {
+              // Skip invalid JSON
+            }
+          }
+        }
+        readResult = await reader.read();
+      }
+
+      // Send the full response to Discord
+      if (fullContent.trim()) {
+        // Discord has a 2000 character limit, split if needed
+        const chunks = this.splitMessageForDiscord(fullContent);
+        for (const chunk of chunks) {
+          await this.sendMessage(channelId, chunk);
+        }
+      }
+
+      return fullContent;
+    } finally {
+      reader.releaseLock();
+    }
+  }
+
+  /**
+   * Split a message into chunks that fit within Discord's 2000 character limit.
+   * Tries to split on paragraph or sentence boundaries when possible.
+   */
+  private splitMessageForDiscord(content: string, maxLength = 2000): string[] {
+    if (content.length <= maxLength) {
+      return [content];
+    }
+
+    const chunks: string[] = [];
+    let remaining = content;
+
+    while (remaining.length > maxLength) {
+      // Try to find a good break point
+      let breakPoint = remaining.lastIndexOf("\n\n", maxLength);
+      if (breakPoint < maxLength * 0.5) {
+        breakPoint = remaining.lastIndexOf("\n", maxLength);
+      }
+      if (breakPoint < maxLength * 0.5) {
+        breakPoint = remaining.lastIndexOf(". ", maxLength);
+      }
+      if (breakPoint < maxLength * 0.5) {
+        breakPoint = remaining.lastIndexOf(" ", maxLength);
+      }
+      if (breakPoint < maxLength * 0.5) {
+        breakPoint = maxLength - 1;
+      }
+
+      chunks.push(remaining.slice(0, breakPoint + 1).trim());
+      remaining = remaining.slice(breakPoint + 1).trim();
+    }
+
+    if (remaining.length > 0) {
+      chunks.push(remaining);
+    }
+
+    return chunks;
+  }
 }
--- a/apps/api/src/bridge/matrix/matrix-bridge.integration.spec.ts
+++ b/apps/api/src/bridge/matrix/matrix-bridge.integration.spec.ts
@@ -28,6 +28,7 @@ import { StitcherService } from "../../stitcher/stitcher.service";
 import { HeraldService } from "../../herald/herald.service";
 import { PrismaService } from "../../prisma/prisma.service";
 import { BullMqService } from "../../bullmq/bullmq.service";
+import { ChatProxyService } from "../../chat-proxy/chat-proxy.service";
 import type { IChatProvider } from "../interfaces";
 import { JOB_CREATED, JOB_STARTED } from "../../job-events/event-types";

@@ -192,6 +193,7 @@ function setDiscordEnv(): void {

 function setEncryptionKey(): void {
  process.env.ENCRYPTION_KEY = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+  process.env.MOSAIC_SECRET_KEY = "test-mosaic-secret-key-minimum-32-characters-long";
 }

 /**
@@ -205,6 +207,10 @@ async function compileBridgeModule(): Promise<TestingModule> {
    .useValue({})
    .overrideProvider(BullMqService)
    .useValue({})
+    .overrideProvider(ChatProxyService)
+    .useValue({
+      proxyChat: vi.fn().mockResolvedValue(new Response()),
+    })
    .compile();
 }

--- a/apps/api/src/chat-proxy/chat-proxy.controller.ts
+++ b/apps/api/src/chat-proxy/chat-proxy.controller.ts
@@ -99,7 +99,8 @@ export class ChatProxyController {
      const upstreamResponse = await this.chatProxyService.proxyChat(
        userId,
        body.messages,
-        abortController.signal
+        abortController.signal,
+        body.agent
      );

      const upstreamContentType = upstreamResponse.headers.get("content-type");
--- a/apps/api/src/chat-proxy/chat-proxy.dto.ts
+++ b/apps/api/src/chat-proxy/chat-proxy.dto.ts
@@ -1,5 +1,12 @@
 import { Type } from "class-transformer";
-import { ArrayMinSize, IsArray, IsNotEmpty, IsString, ValidateNested } from "class-validator";
+import {
+  ArrayMinSize,
+  IsArray,
+  IsNotEmpty,
+  IsOptional,
+  IsString,
+  ValidateNested,
+} from "class-validator";

 export interface ChatMessage {
  role: string;
@@ -22,4 +29,8 @@ export class ChatStreamDto {
  @ValidateNested({ each: true })
  @Type(() => ChatMessageDto)
  messages!: ChatMessageDto[];
+
+  @IsString({ message: "agent must be a string" })
+  @IsOptional()
+  agent?: string;
 }
--- a/apps/api/src/chat-proxy/chat-proxy.service.spec.ts
+++ b/apps/api/src/chat-proxy/chat-proxy.service.spec.ts
@@ -1,4 +1,8 @@
-import { ServiceUnavailableException } from "@nestjs/common";
+import {
+  ServiceUnavailableException,
+  NotFoundException,
+  BadGatewayException,
+} from "@nestjs/common";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { ChatProxyService } from "./chat-proxy.service";

@@ -9,6 +13,9 @@ describe("ChatProxyService", () => {
    userAgentConfig: {
      findUnique: vi.fn(),
    },
+    userAgent: {
+      findUnique: vi.fn(),
+    },
  };

  const containerLifecycle = {
@@ -16,13 +23,17 @@ describe("ChatProxyService", () => {
    touch: vi.fn(),
  };

+  const config = {
+    get: vi.fn(),
+  };
+
  let service: ChatProxyService;
  let fetchMock: ReturnType<typeof vi.fn>;

  beforeEach(() => {
    fetchMock = vi.fn();
    vi.stubGlobal("fetch", fetchMock);
-    service = new ChatProxyService(prisma as never, containerLifecycle as never);
+    service = new ChatProxyService(prisma as never, containerLifecycle as never, config as never);
  });

  afterEach(() => {
@@ -105,4 +116,135 @@ describe("ChatProxyService", () => {
      );
    });
  });
+
+  describe("proxyChat with agent routing", () => {
+    it("includes agent config when agentName is specified", async () => {
+      const mockAgent = {
+        name: "jarvis",
+        displayName: "Jarvis",
+        personality: "Capable, direct, proactive.",
+        primaryModel: "opus",
+        isActive: true,
+      };
+
+      containerLifecycle.ensureRunning.mockResolvedValue({
+        url: "http://mosaic-user-user-123:19000",
+        token: "gateway-token",
+      });
+      containerLifecycle.touch.mockResolvedValue(undefined);
+      prisma.userAgent.findUnique.mockResolvedValue(mockAgent);
+      fetchMock.mockResolvedValue(new Response("event: token\ndata: hello\n\n"));
+
+      const messages = [{ role: "user", content: "Hello Jarvis" }];
+      await service.proxyChat(userId, messages, undefined, "jarvis");
+
+      const [, request] = fetchMock.mock.calls[0] as [string, RequestInit];
+      const parsedBody = JSON.parse(String(request.body));
+
+      expect(parsedBody).toEqual({
+        messages,
+        model: "opus",
+        stream: true,
+        agent: "jarvis",
+        agent_personality: "Capable, direct, proactive.",
+      });
+    });
+
+    it("throws NotFoundException when agent not found", async () => {
+      containerLifecycle.ensureRunning.mockResolvedValue({
+        url: "http://mosaic-user-user-123:19000",
+        token: "gateway-token",
+      });
+      containerLifecycle.touch.mockResolvedValue(undefined);
+      prisma.userAgent.findUnique.mockResolvedValue(null);
+
+      const messages = [{ role: "user", content: "Hello" }];
+      await expect(service.proxyChat(userId, messages, undefined, "nonexistent")).rejects.toThrow(
+        NotFoundException
+      );
+    });
+
+    it("throws NotFoundException when agent is not active", async () => {
+      containerLifecycle.ensureRunning.mockResolvedValue({
+        url: "http://mosaic-user-user-123:19000",
+        token: "gateway-token",
+      });
+      containerLifecycle.touch.mockResolvedValue(undefined);
+      prisma.userAgent.findUnique.mockResolvedValue({
+        name: "inactive-agent",
+        displayName: "Inactive",
+        personality: "...",
+        primaryModel: null,
+        isActive: false,
+      });
+
+      const messages = [{ role: "user", content: "Hello" }];
+      await expect(
+        service.proxyChat(userId, messages, undefined, "inactive-agent")
+      ).rejects.toThrow(NotFoundException);
+    });
+
+    it("falls back to default model when agent has no primaryModel", async () => {
+      const mockAgent = {
+        name: "jarvis",
+        displayName: "Jarvis",
+        personality: "Capable, direct, proactive.",
+        primaryModel: null,
+        isActive: true,
+      };
+
+      containerLifecycle.ensureRunning.mockResolvedValue({
+        url: "http://mosaic-user-user-123:19000",
+        token: "gateway-token",
+      });
+      containerLifecycle.touch.mockResolvedValue(undefined);
+      prisma.userAgent.findUnique.mockResolvedValue(mockAgent);
+      prisma.userAgentConfig.findUnique.mockResolvedValue(null);
+      fetchMock.mockResolvedValue(new Response("event: token\ndata: hello\n\n"));
+
+      const messages = [{ role: "user", content: "Hello" }];
+      await service.proxyChat(userId, messages, undefined, "jarvis");
+
+      const [, request] = fetchMock.mock.calls[0] as [string, RequestInit];
+      const parsedBody = JSON.parse(String(request.body));
+
+      expect(parsedBody.model).toBe("openclaw:default");
+    });
+  });
+
+  describe("proxyGuestChat", () => {
+    it("uses environment variables for guest LLM configuration", async () => {
+      config.get.mockImplementation((key: string) => {
+        if (key === "GUEST_LLM_URL") return "http://10.1.1.42:11434/v1";
+        if (key === "GUEST_LLM_MODEL") return "llama3.2";
+        return undefined;
+      });
+      fetchMock.mockResolvedValue(new Response("event: token\ndata: hello\n\n"));
+
+      const messages = [{ role: "user", content: "Hello" }];
+      await service.proxyGuestChat(messages);
+
+      expect(fetchMock).toHaveBeenCalledWith(
+        "http://10.1.1.42:11434/v1/chat/completions",
+        expect.objectContaining({
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+          },
+        })
+      );
+
+      const [, request] = fetchMock.mock.calls[0] as [string, RequestInit];
+      const parsedBody = JSON.parse(String(request.body));
+      expect(parsedBody.model).toBe("llama3.2");
+    });
+
+    it("throws BadGatewayException on guest LLM errors", async () => {
+      config.get.mockReturnValue(undefined);
+      fetchMock.mockResolvedValue(new Response("Internal Server Error", { status: 500 }));
+
+      const messages = [{ role: "user", content: "Hello" }];
+      await expect(service.proxyGuestChat(messages)).rejects.toThrow(BadGatewayException);
+    });
+  });
 });
--- a/apps/api/src/chat-proxy/chat-proxy.service.ts
+++ b/apps/api/src/chat-proxy/chat-proxy.service.ts
@@ -2,6 +2,7 @@ import {
  BadGatewayException,
  Injectable,
  Logger,
+  NotFoundException,
  ServiceUnavailableException,
 } from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
@@ -18,6 +19,13 @@ interface ContainerConnection {
  token: string;
 }

+interface AgentConfig {
+  name: string;
+  displayName: string;
+  personality: string;
+  primaryModel: string | null;
+}
+
@Injectable()
 export class ChatProxyService {
  private readonly logger = new Logger(ChatProxyService.name);
@@ -38,21 +46,38 @@ export class ChatProxyService {
  async proxyChat(
    userId: string,
    messages: ChatMessage[],
-    signal?: AbortSignal
+    signal?: AbortSignal,
+    agentName?: string
  ): Promise<Response> {
    const { url: containerUrl, token: gatewayToken } = await this.getContainerConnection(userId);
-    const model = await this.getPreferredModel(userId);
+
+    // Get agent config if specified
+    let agentConfig: AgentConfig | null = null;
+    if (agentName) {
+      agentConfig = await this.getAgentConfig(userId, agentName);
+    }
+
+    const model = agentConfig?.primaryModel ?? (await this.getPreferredModel(userId));
+
+    const requestBody: Record<string, unknown> = {
+      messages,
+      model,
+      stream: true,
+    };
+
+    // Add agent config if available
+    if (agentConfig) {
+      requestBody.agent = agentConfig.name;
+      requestBody.agent_personality = agentConfig.personality;
+    }
+
    const requestInit: RequestInit = {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${gatewayToken}`,
      },
-      body: JSON.stringify({
-        messages,
-        model,
-        stream: true,
-      }),
+      body: JSON.stringify(requestBody),
    };

    if (signal) {
@@ -170,4 +195,32 @@ export class ChatProxyService {
      return null;
    }
  }
+
+  private async getAgentConfig(userId: string, agentName: string): Promise<AgentConfig> {
+    const agent = await this.prisma.userAgent.findUnique({
+      where: { userId_name: { userId, name: agentName } },
+      select: {
+        name: true,
+        displayName: true,
+        personality: true,
+        primaryModel: true,
+        isActive: true,
+      },
+    });
+
+    if (!agent) {
+      throw new NotFoundException(`Agent "${agentName}" not found for user`);
+    }
+
+    if (!agent.isActive) {
+      throw new NotFoundException(`Agent "${agentName}" is not active`);
+    }
+
+    return {
+      name: agent.name,
+      displayName: agent.displayName,
+      personality: agent.personality,
+      primaryModel: agent.primaryModel,
+    };
+  }
 }
--- a/apps/api/src/seed/agent-templates.seed.ts
+++ b/apps/api/src/seed/agent-templates.seed.ts
@@ -0,0 +1,62 @@
+import type { PrismaClient } from "@prisma/client";
+
+const AGENT_TEMPLATES = [
+  {
+    name: "jarvis",
+    displayName: "Jarvis",
+    role: "orchestrator",
+    personality: `# Jarvis - Orchestrator Agent\n\nYou are Jarvis, the orchestrator and COO. You plan, delegate, and coordinate. You never write code directly — you spawn workers. You are direct, capable, and proactive. Your job is to get things done without hand-holding.\n\n## Core Traits\n- Direct and concise\n- Resourceful — figure it out before asking\n- Proactive — find problems to solve\n- Delegator — workers execute, you orchestrate`,
+    primaryModel: "opus",
+    fallbackModels: ["sonnet"],
+    toolPermissions: ["read", "write", "exec", "browser", "web_search", "memory_search"],
+    discordChannel: "jarvis",
+    isActive: true,
+    isDefault: true,
+  },
+  {
+    name: "builder",
+    displayName: "Builder",
+    role: "coding",
+    personality: `# Builder - Coding Agent\n\nYou are Builder, the coding agent. You implement features, fix bugs, and write tests. You work in worktrees, follow the E2E delivery protocol, and never skip quality gates. You are methodical and thorough.\n\n## Core Traits\n- Works in git worktrees (never touches main directly)\n- Runs lint + typecheck + tests before every commit\n- Follows the Mosaic E2E delivery framework\n- Never marks a task done until CI is green`,
+    primaryModel: "codex",
+    fallbackModels: ["sonnet", "haiku"],
+    toolPermissions: ["read", "write", "exec"],
+    discordChannel: "builder",
+    isActive: true,
+    isDefault: true,
+  },
+  {
+    name: "medic",
+    displayName: "Medic",
+    role: "monitoring",
+    personality: `# Medic - Health Monitoring Agent\n\nYou are Medic, the health monitoring agent. You watch services, check deployments, alert on anomalies, and verify system health. You are vigilant, calm, and proactive.\n\n## Core Traits\n- Monitors service health proactively\n- Alerts clearly and concisely\n- Tracks uptime and deployment status\n- Never panics — diagnoses methodically`,
+    primaryModel: "haiku",
+    fallbackModels: ["sonnet"],
+    toolPermissions: ["read", "exec"],
+    discordChannel: "medic-alerts",
+    isActive: true,
+    isDefault: true,
+  },
+];
+
+export async function seedAgentTemplates(prisma: PrismaClient): Promise<void> {
+  for (const template of AGENT_TEMPLATES) {
+    await prisma.agentTemplate.upsert({
+      where: { name: template.name },
+      update: {},
+      create: {
+        name: template.name,
+        displayName: template.displayName,
+        role: template.role,
+        personality: template.personality,
+        primaryModel: template.primaryModel,
+        fallbackModels: template.fallbackModels,
+        toolPermissions: template.toolPermissions,
+        discordChannel: template.discordChannel,
+        isActive: template.isActive,
+        isDefault: template.isDefault,
+      },
+    });
+  }
+  console.log("✅ Agent templates seeded:", AGENT_TEMPLATES.map((t) => t.name).join(", "));
+}
--- a/apps/api/src/user-agent/dto/create-user-agent.dto.ts
+++ b/apps/api/src/user-agent/dto/create-user-agent.dto.ts
@@ -0,0 +1,43 @@
+import { IsString, IsBoolean, IsOptional, IsArray, MinLength } from "class-validator";
+
+export class CreateUserAgentDto {
+  @IsString()
+  @MinLength(1)
+  templateId?: string;
+
+  @IsString()
+  @MinLength(1)
+  name!: string;
+
+  @IsString()
+  @MinLength(1)
+  displayName!: string;
+
+  @IsString()
+  @MinLength(1)
+  role!: string;
+
+  @IsString()
+  @MinLength(1)
+  personality!: string;
+
+  @IsString()
+  @IsOptional()
+  primaryModel?: string;
+
+  @IsArray()
+  @IsOptional()
+  fallbackModels?: string[];
+
+  @IsArray()
+  @IsOptional()
+  toolPermissions?: string[];
+
+  @IsString()
+  @IsOptional()
+  discordChannel?: string;
+
+  @IsBoolean()
+  @IsOptional()
+  isActive?: boolean;
+}
--- a/apps/api/src/user-agent/dto/update-user-agent.dto.ts
+++ b/apps/api/src/user-agent/dto/update-user-agent.dto.ts
@@ -0,0 +1,4 @@
+import { PartialType } from "@nestjs/mapped-types";
+import { CreateUserAgentDto } from "./create-user-agent.dto";
+
+export class UpdateUserAgentDto extends PartialType(CreateUserAgentDto) {}
--- a/apps/api/src/user-agent/user-agent.controller.ts
+++ b/apps/api/src/user-agent/user-agent.controller.ts
@@ -0,0 +1,70 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Patch,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+  ParseUUIDPipe,
+} from "@nestjs/common";
+import { UserAgentService } from "./user-agent.service";
+import { CreateUserAgentDto } from "./dto/create-user-agent.dto";
+import { UpdateUserAgentDto } from "./dto/update-user-agent.dto";
+import { AuthGuard } from "../auth/guards/auth.guard";
+import { CurrentUser } from "../auth/decorators/current-user.decorator";
+import type { AuthUser } from "@mosaic/shared";
+
+@Controller("agents")
+@UseGuards(AuthGuard)
+export class UserAgentController {
+  constructor(private readonly userAgentService: UserAgentService) {}
+
+  @Get()
+  findAll(@CurrentUser() user: AuthUser) {
+    return this.userAgentService.findAll(user.id);
+  }
+
+  @Get("status")
+  getAllStatuses(@CurrentUser() user: AuthUser) {
+    return this.userAgentService.getAllStatuses(user.id);
+  }
+
+  @Get(":id")
+  findOne(@CurrentUser() user: AuthUser, @Param("id", ParseUUIDPipe) id: string) {
+    return this.userAgentService.findOne(user.id, id);
+  }
+
+  @Get(":id/status")
+  getStatus(@CurrentUser() user: AuthUser, @Param("id", ParseUUIDPipe) id: string) {
+    return this.userAgentService.getStatus(user.id, id);
+  }
+
+  @Post()
+  create(@CurrentUser() user: AuthUser, @Body() dto: CreateUserAgentDto) {
+    return this.userAgentService.create(user.id, dto);
+  }
+
+  @Post("from-template/:templateId")
+  createFromTemplate(
+    @CurrentUser() user: AuthUser,
+    @Param("templateId", ParseUUIDPipe) templateId: string
+  ) {
+    return this.userAgentService.createFromTemplate(user.id, templateId);
+  }
+
+  @Patch(":id")
+  update(
+    @CurrentUser() user: AuthUser,
+    @Param("id", ParseUUIDPipe) id: string,
+    @Body() dto: UpdateUserAgentDto
+  ) {
+    return this.userAgentService.update(user.id, id, dto);
+  }
+
+  @Delete(":id")
+  remove(@CurrentUser() user: AuthUser, @Param("id", ParseUUIDPipe) id: string) {
+    return this.userAgentService.remove(user.id, id);
+  }
+}
--- a/apps/api/src/user-agent/user-agent.module.ts
+++ b/apps/api/src/user-agent/user-agent.module.ts
@@ -0,0 +1,13 @@
+import { Module } from "@nestjs/common";
+import { UserAgentService } from "./user-agent.service";
+import { UserAgentController } from "./user-agent.controller";
+import { PrismaModule } from "../prisma/prisma.module";
+import { AuthModule } from "../auth/auth.module";
+
+@Module({
+  imports: [PrismaModule, AuthModule],
+  controllers: [UserAgentController],
+  providers: [UserAgentService],
+  exports: [UserAgentService],
+})
+export class UserAgentModule {}
--- a/apps/api/src/user-agent/user-agent.service.spec.ts
+++ b/apps/api/src/user-agent/user-agent.service.spec.ts
@@ -0,0 +1,300 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+import { Test, TestingModule } from "@nestjs/testing";
+import { UserAgentService } from "./user-agent.service";
+import { PrismaService } from "../prisma/prisma.service";
+import { NotFoundException, ConflictException, ForbiddenException } from "@nestjs/common";
+
+describe("UserAgentService", () => {
+  let service: UserAgentService;
+  let prisma: PrismaService;
+
+  const mockPrismaService = {
+    userAgent: {
+      findMany: vi.fn(),
+      findUnique: vi.fn(),
+      create: vi.fn(),
+      update: vi.fn(),
+      delete: vi.fn(),
+    },
+    agentTemplate: {
+      findUnique: vi.fn(),
+    },
+  };
+
+  const mockUserId = "550e8400-e29b-41d4-a716-446655440001";
+  const mockAgentId = "550e8400-e29b-41d4-a716-446655440002";
+  const mockTemplateId = "550e8400-e29b-41d4-a716-446655440003";
+
+  const mockAgent = {
+    id: mockAgentId,
+    userId: mockUserId,
+    templateId: null,
+    name: "jarvis",
+    displayName: "Jarvis",
+    role: "orchestrator",
+    personality: "Capable, direct, proactive.",
+    primaryModel: "opus",
+    fallbackModels: ["sonnet"],
+    toolPermissions: ["all"],
+    discordChannel: "jarvis",
+    isActive: true,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  };
+
+  const mockTemplate = {
+    id: mockTemplateId,
+    name: "builder",
+    displayName: "Builder",
+    role: "coding",
+    personality: "Focused, thorough.",
+    primaryModel: "codex",
+    fallbackModels: ["sonnet"],
+    toolPermissions: ["exec", "read", "write"],
+    discordChannel: "builder",
+    isActive: true,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  };
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        UserAgentService,
+        {
+          provide: PrismaService,
+          useValue: mockPrismaService,
+        },
+      ],
+    }).compile();
+
+    service = module.get<UserAgentService>(UserAgentService);
+    prisma = module.get<PrismaService>(PrismaService);
+
+    vi.clearAllMocks();
+  });
+
+  it("should be defined", () => {
+    expect(service).toBeDefined();
+  });
+
+  describe("findAll", () => {
+    it("should return all agents for a user", async () => {
+      mockPrismaService.userAgent.findMany.mockResolvedValue([mockAgent]);
+
+      const result = await service.findAll(mockUserId);
+
+      expect(result).toEqual([mockAgent]);
+      expect(mockPrismaService.userAgent.findMany).toHaveBeenCalledWith({
+        where: { userId: mockUserId },
+        orderBy: { createdAt: "asc" },
+      });
+    });
+
+    it("should return empty array if no agents", async () => {
+      mockPrismaService.userAgent.findMany.mockResolvedValue([]);
+
+      const result = await service.findAll(mockUserId);
+
+      expect(result).toEqual([]);
+    });
+  });
+
+  describe("findOne", () => {
+    it("should return an agent by id", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+
+      const result = await service.findOne(mockUserId, mockAgentId);
+
+      expect(result).toEqual(mockAgent);
+    });
+
+    it("should throw NotFoundException if agent not found", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(null);
+
+      await expect(service.findOne(mockUserId, mockAgentId)).rejects.toThrow(NotFoundException);
+    });
+
+    it("should throw ForbiddenException if agent belongs to different user", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue({
+        ...mockAgent,
+        userId: "different-user-id",
+      });
+
+      await expect(service.findOne(mockUserId, mockAgentId)).rejects.toThrow(ForbiddenException);
+    });
+  });
+
+  describe("findByName", () => {
+    it("should return an agent by name", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+
+      const result = await service.findByName(mockUserId, "jarvis");
+
+      expect(result).toEqual(mockAgent);
+      expect(mockPrismaService.userAgent.findUnique).toHaveBeenCalledWith({
+        where: { userId_name: { userId: mockUserId, name: "jarvis" } },
+      });
+    });
+
+    it("should throw NotFoundException if agent not found", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(null);
+
+      await expect(service.findByName(mockUserId, "nonexistent")).rejects.toThrow(
+        NotFoundException
+      );
+    });
+  });
+
+  describe("create", () => {
+    it("should create a new agent", async () => {
+      const createDto = {
+        name: "jarvis",
+        displayName: "Jarvis",
+        role: "orchestrator",
+        personality: "Capable, direct, proactive.",
+      };
+
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(null);
+      mockPrismaService.userAgent.create.mockResolvedValue(mockAgent);
+
+      const result = await service.create(mockUserId, createDto);
+
+      expect(result).toEqual(mockAgent);
+    });
+
+    it("should throw ConflictException if agent name already exists", async () => {
+      const createDto = {
+        name: "jarvis",
+        displayName: "Jarvis",
+        role: "orchestrator",
+        personality: "Capable, direct, proactive.",
+      };
+
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+
+      await expect(service.create(mockUserId, createDto)).rejects.toThrow(ConflictException);
+    });
+
+    it("should throw NotFoundException if templateId is invalid", async () => {
+      const createDto = {
+        name: "custom",
+        displayName: "Custom",
+        role: "custom",
+        personality: "Custom agent",
+        templateId: "nonexistent-template",
+      };
+
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(null);
+      mockPrismaService.agentTemplate.findUnique.mockResolvedValue(null);
+
+      await expect(service.create(mockUserId, createDto)).rejects.toThrow(NotFoundException);
+    });
+  });
+
+  describe("createFromTemplate", () => {
+    it("should create an agent from a template", async () => {
+      mockPrismaService.agentTemplate.findUnique.mockResolvedValue(mockTemplate);
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(null);
+      mockPrismaService.userAgent.create.mockResolvedValue({
+        ...mockAgent,
+        templateId: mockTemplateId,
+        name: mockTemplate.name,
+        displayName: mockTemplate.displayName,
+        role: mockTemplate.role,
+      });
+
+      const result = await service.createFromTemplate(mockUserId, mockTemplateId);
+
+      expect(result.name).toBe(mockTemplate.name);
+      expect(result.displayName).toBe(mockTemplate.displayName);
+    });
+
+    it("should throw NotFoundException if template not found", async () => {
+      mockPrismaService.agentTemplate.findUnique.mockResolvedValue(null);
+
+      await expect(service.createFromTemplate(mockUserId, mockTemplateId)).rejects.toThrow(
+        NotFoundException
+      );
+    });
+
+    it("should throw ConflictException if agent name already exists", async () => {
+      mockPrismaService.agentTemplate.findUnique.mockResolvedValue(mockTemplate);
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+
+      await expect(service.createFromTemplate(mockUserId, mockTemplateId)).rejects.toThrow(
+        ConflictException
+      );
+    });
+  });
+
+  describe("update", () => {
+    it("should update an agent", async () => {
+      const updateDto = { displayName: "Updated Jarvis" };
+      const updatedAgent = { ...mockAgent, ...updateDto };
+
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+      mockPrismaService.userAgent.update.mockResolvedValue(updatedAgent);
+
+      const result = await service.update(mockUserId, mockAgentId, updateDto);
+
+      expect(result.displayName).toBe("Updated Jarvis");
+    });
+
+    it("should throw ConflictException if new name already exists", async () => {
+      const updateDto = { name: "existing-name" };
+
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+      // Second call checks for existing name
+      mockPrismaService.userAgent.findUnique.mockResolvedValue({ ...mockAgent, id: "other-id" });
+
+      await expect(service.update(mockUserId, mockAgentId, updateDto)).rejects.toThrow(
+        ConflictException
+      );
+    });
+  });
+
+  describe("remove", () => {
+    it("should delete an agent", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+      mockPrismaService.userAgent.delete.mockResolvedValue(mockAgent);
+
+      const result = await service.remove(mockUserId, mockAgentId);
+
+      expect(result).toEqual(mockAgent);
+    });
+  });
+
+  describe("getStatus", () => {
+    it("should return agent status", async () => {
+      mockPrismaService.userAgent.findUnique.mockResolvedValue(mockAgent);
+
+      const result = await service.getStatus(mockUserId, mockAgentId);
+
+      expect(result).toEqual({
+        id: mockAgentId,
+        name: "jarvis",
+        displayName: "Jarvis",
+        role: "orchestrator",
+        isActive: true,
+      });
+    });
+  });
+
+  describe("getAllStatuses", () => {
+    it("should return all agent statuses", async () => {
+      mockPrismaService.userAgent.findMany.mockResolvedValue([mockAgent]);
+
+      const result = await service.getAllStatuses(mockUserId);
+
+      expect(result).toHaveLength(1);
+      expect(result[0]).toEqual({
+        id: mockAgentId,
+        name: "jarvis",
+        displayName: "Jarvis",
+        role: "orchestrator",
+        isActive: true,
+      });
+    });
+  });
+});
--- a/apps/api/src/user-agent/user-agent.service.ts
+++ b/apps/api/src/user-agent/user-agent.service.ts
@@ -0,0 +1,153 @@
+import {
+  Injectable,
+  NotFoundException,
+  ConflictException,
+  ForbiddenException,
+} from "@nestjs/common";
+import { PrismaService } from "../prisma/prisma.service";
+import { CreateUserAgentDto } from "./dto/create-user-agent.dto";
+import { UpdateUserAgentDto } from "./dto/update-user-agent.dto";
+
+export interface AgentStatusResponse {
+  id: string;
+  name: string;
+  displayName: string;
+  role: string;
+  isActive: boolean;
+  containerStatus?: "running" | "stopped" | "unknown";
+}
+
+@Injectable()
+export class UserAgentService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async findAll(userId: string) {
+    return this.prisma.userAgent.findMany({
+      where: { userId },
+      orderBy: { createdAt: "asc" },
+    });
+  }
+
+  async findOne(userId: string, id: string) {
+    const agent = await this.prisma.userAgent.findUnique({ where: { id } });
+    if (!agent) throw new NotFoundException(`UserAgent ${id} not found`);
+    if (agent.userId !== userId) throw new ForbiddenException("Access denied to this agent");
+    return agent;
+  }
+
+  async findByName(userId: string, name: string) {
+    const agent = await this.prisma.userAgent.findUnique({
+      where: { userId_name: { userId, name } },
+    });
+    if (!agent) throw new NotFoundException(`UserAgent "${name}" not found for user`);
+    return agent;
+  }
+
+  async create(userId: string, dto: CreateUserAgentDto) {
+    // Check for unique name within user scope
+    const existing = await this.prisma.userAgent.findUnique({
+      where: { userId_name: { userId, name: dto.name } },
+    });
+    if (existing)
+      throw new ConflictException(`UserAgent "${dto.name}" already exists for this user`);
+
+    // If templateId provided, verify it exists
+    if (dto.templateId) {
+      const template = await this.prisma.agentTemplate.findUnique({
+        where: { id: dto.templateId },
+      });
+      if (!template) throw new NotFoundException(`AgentTemplate ${dto.templateId} not found`);
+    }
+
+    return this.prisma.userAgent.create({
+      data: {
+        userId,
+        templateId: dto.templateId ?? null,
+        name: dto.name,
+        displayName: dto.displayName,
+        role: dto.role,
+        personality: dto.personality,
+        primaryModel: dto.primaryModel ?? null,
+        fallbackModels: dto.fallbackModels ?? ([] as string[]),
+        toolPermissions: dto.toolPermissions ?? ([] as string[]),
+        discordChannel: dto.discordChannel ?? null,
+        isActive: dto.isActive ?? true,
+      },
+    });
+  }
+
+  async createFromTemplate(userId: string, templateId: string) {
+    const template = await this.prisma.agentTemplate.findUnique({
+      where: { id: templateId },
+    });
+    if (!template) throw new NotFoundException(`AgentTemplate ${templateId} not found`);
+
+    // Check for unique name within user scope
+    const existing = await this.prisma.userAgent.findUnique({
+      where: { userId_name: { userId, name: template.name } },
+    });
+    if (existing)
+      throw new ConflictException(`UserAgent "${template.name}" already exists for this user`);
+
+    return this.prisma.userAgent.create({
+      data: {
+        userId,
+        templateId: template.id,
+        name: template.name,
+        displayName: template.displayName,
+        role: template.role,
+        personality: template.personality,
+        primaryModel: template.primaryModel,
+        fallbackModels: template.fallbackModels as string[],
+        toolPermissions: template.toolPermissions as string[],
+        discordChannel: template.discordChannel,
+        isActive: template.isActive,
+      },
+    });
+  }
+
+  async update(userId: string, id: string, dto: UpdateUserAgentDto) {
+    const agent = await this.findOne(userId, id);
+
+    // If name is being changed, check for uniqueness
+    if (dto.name && dto.name !== agent.name) {
+      const existing = await this.prisma.userAgent.findUnique({
+        where: { userId_name: { userId, name: dto.name } },
+      });
+      if (existing)
+        throw new ConflictException(`UserAgent "${dto.name}" already exists for this user`);
+    }
+
+    return this.prisma.userAgent.update({
+      where: { id },
+      data: dto,
+    });
+  }
+
+  async remove(userId: string, id: string) {
+    await this.findOne(userId, id);
+    return this.prisma.userAgent.delete({ where: { id } });
+  }
+
+  async getStatus(userId: string, id: string): Promise<AgentStatusResponse> {
+    const agent = await this.findOne(userId, id);
+    return {
+      id: agent.id,
+      name: agent.name,
+      displayName: agent.displayName,
+      role: agent.role,
+      isActive: agent.isActive,
+    };
+  }
+
+  async getAllStatuses(userId: string): Promise<AgentStatusResponse[]> {
+    const agents = await this.findAll(userId);
+    return agents.map((agent) => ({
+      id: agent.id,
+      name: agent.name,
+      displayName: agent.displayName,
+      role: agent.role,
+      isActive: agent.isActive,
+    }));
+  }
+}
--- a/apps/orchestrator/Dockerfile
+++ b/apps/orchestrator/Dockerfile
@@ -21,6 +21,7 @@ FROM base AS deps
 COPY packages/shared/package.json ./packages/shared/
 COPY packages/config/package.json ./packages/config/
 COPY apps/orchestrator/package.json ./apps/orchestrator/
+# API schema is available via apps/orchestrator/prisma/schema.prisma symlink

 # Copy npm configuration for native binary architecture hints
 COPY .npmrc ./
@@ -46,6 +47,15 @@ COPY --from=deps /app/packages/shared/node_modules ./packages/shared/node_module
 COPY --from=deps /app/packages/config/node_modules ./packages/config/node_modules
 COPY --from=deps /app/apps/orchestrator/node_modules ./apps/orchestrator/node_modules

+# The repo has apps/orchestrator/prisma/schema.prisma as a symlink for CI use.
+# Kaniko resolves destination symlinks on COPY, which fails because the symlink
+# target (../../api/prisma/schema.prisma) doesn't exist in the container.
+# Fix: remove the dangling symlink first, then copy the real schema file there.
+RUN rm -f apps/orchestrator/prisma/schema.prisma
+COPY apps/api/prisma/schema.prisma ./apps/orchestrator/prisma/schema.prisma
+# pnpm turbo build runs prisma:generate (--schema=./prisma/schema.prisma) from the
+# orchestrator package context — no cross-package project-root issues.
+
 # Build the orchestrator app using TurboRepo
 RUN pnpm turbo build --filter=@mosaic/orchestrator

--- a/apps/orchestrator/package.json
+++ b/apps/orchestrator/package.json
@@ -3,19 +3,20 @@
  "version": "0.0.20",
  "private": true,
  "scripts": {
-    "dev": "nest start --watch",
    "build": "nest build",
+    "dev": "nest start --watch",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
+    "prisma:generate": "prisma generate --schema=./prisma/schema.prisma",
    "start": "node dist/main.js",
-    "start:dev": "nest start --watch",
    "start:debug": "nest start --debug --watch",
+    "start:dev": "nest start --watch",
    "start:prod": "node dist/main.js",
    "test": "vitest",
-    "test:watch": "vitest watch",
    "test:e2e": "vitest run --config tests/integration/vitest.config.ts",
    "test:perf": "vitest run --config tests/performance/vitest.config.ts",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint src/",
-    "lint:fix": "eslint src/ --fix"
+    "test:watch": "vitest watch",
+    "typecheck": "tsc --noEmit"
  },
  "dependencies": {
    "@anthropic-ai/sdk": "^0.72.1",
@@ -27,6 +28,7 @@
    "@nestjs/core": "^11.1.12",
    "@nestjs/platform-express": "^11.1.12",
    "@nestjs/throttler": "^6.5.0",
+    "@prisma/client": "^6.19.2",
    "bullmq": "^5.67.2",
    "class-transformer": "^0.5.1",
    "class-validator": "^0.14.1",
@@ -45,6 +47,7 @@
    "@types/express": "^5.0.1",
    "@types/node": "^22.13.4",
    "@vitest/coverage-v8": "^4.0.18",
+    "prisma": "^6.19.2",
    "ts-node": "^10.9.2",
    "tsconfig-paths": "^4.2.0",
    "typescript": "^5.8.2",
--- a/apps/orchestrator/prisma/schema.prisma
+++ b/apps/orchestrator/prisma/schema.prisma
@@ -0,0 +1 @@
+../../api/prisma/schema.prisma
--- a/apps/orchestrator/src/agent-ingestion/agent-ingestion.module.ts
+++ b/apps/orchestrator/src/agent-ingestion/agent-ingestion.module.ts
@@ -0,0 +1,10 @@
+import { Module } from "@nestjs/common";
+import { PrismaModule } from "../prisma/prisma.module";
+import { AgentIngestionService } from "./agent-ingestion.service";
+
+@Module({
+  imports: [PrismaModule],
+  providers: [AgentIngestionService],
+  exports: [AgentIngestionService],
+})
+export class AgentIngestionModule {}
--- a/apps/orchestrator/src/agent-ingestion/agent-ingestion.service.ts
+++ b/apps/orchestrator/src/agent-ingestion/agent-ingestion.service.ts
@@ -0,0 +1,141 @@
+import { Injectable, Logger } from "@nestjs/common";
+import type { Prisma } from "@prisma/client";
+import { PrismaService } from "../prisma/prisma.service";
+
+export type AgentConversationRole = "agent" | "user" | "system" | "operator";
+
+@Injectable()
+export class AgentIngestionService {
+  private readonly logger = new Logger(AgentIngestionService.name);
+
+  constructor(private readonly prisma: PrismaService) {}
+
+  private toJsonValue(value: Record<string, unknown>): Prisma.InputJsonValue {
+    return value as Prisma.InputJsonValue;
+  }
+
+  async recordAgentSpawned(
+    agentId: string,
+    parentAgentId?: string,
+    missionId?: string,
+    taskId?: string,
+    agentType?: string
+  ): Promise<void> {
+    await this.prisma.agentSessionTree.upsert({
+      where: { sessionId: agentId },
+      create: {
+        sessionId: agentId,
+        parentSessionId: parentAgentId ?? null,
+        missionId,
+        taskId,
+        agentType,
+        status: "spawning",
+      },
+      update: {
+        parentSessionId: parentAgentId ?? null,
+        missionId,
+        taskId,
+        agentType,
+        status: "spawning",
+        completedAt: null,
+      },
+    });
+
+    this.logger.debug(`Recorded spawned state for agent ${agentId}`);
+  }
+
+  async recordAgentStarted(agentId: string): Promise<void> {
+    await this.prisma.agentSessionTree.upsert({
+      where: { sessionId: agentId },
+      create: {
+        sessionId: agentId,
+        status: "running",
+      },
+      update: {
+        status: "running",
+      },
+    });
+
+    this.logger.debug(`Recorded running state for agent ${agentId}`);
+  }
+
+  async recordAgentCompleted(agentId: string): Promise<void> {
+    const completedAt = new Date();
+
+    await this.prisma.agentSessionTree.upsert({
+      where: { sessionId: agentId },
+      create: {
+        sessionId: agentId,
+        status: "completed",
+        completedAt,
+      },
+      update: {
+        status: "completed",
+        completedAt,
+      },
+    });
+
+    this.logger.debug(`Recorded completed state for agent ${agentId}`);
+  }
+
+  async recordAgentFailed(agentId: string, error?: string): Promise<void> {
+    const completedAt = new Date();
+    const metadata = error ? this.toJsonValue({ error }) : undefined;
+
+    await this.prisma.agentSessionTree.upsert({
+      where: { sessionId: agentId },
+      create: {
+        sessionId: agentId,
+        status: "failed",
+        completedAt,
+        ...(metadata && { metadata }),
+      },
+      update: {
+        status: "failed",
+        completedAt,
+        ...(metadata && { metadata }),
+      },
+    });
+
+    this.logger.debug(`Recorded failed state for agent ${agentId}`);
+  }
+
+  async recordAgentKilled(agentId: string): Promise<void> {
+    const completedAt = new Date();
+
+    await this.prisma.agentSessionTree.upsert({
+      where: { sessionId: agentId },
+      create: {
+        sessionId: agentId,
+        status: "killed",
+        completedAt,
+      },
+      update: {
+        status: "killed",
+        completedAt,
+      },
+    });
+
+    this.logger.debug(`Recorded killed state for agent ${agentId}`);
+  }
+
+  async recordMessage(
+    sessionId: string,
+    role: AgentConversationRole,
+    content: string,
+    provider = "internal",
+    metadata?: Record<string, unknown>
+  ): Promise<void> {
+    await this.prisma.agentConversationMessage.create({
+      data: {
+        sessionId,
+        role,
+        content,
+        provider,
+        ...(metadata && { metadata: this.toJsonValue(metadata) }),
+      },
+    });
+
+    this.logger.debug(`Recorded message for session ${sessionId}`);
+  }
+}
--- a/apps/orchestrator/src/api/agent-providers/agent-providers.controller.ts
+++ b/apps/orchestrator/src/api/agent-providers/agent-providers.controller.ts
@@ -0,0 +1,54 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  UseGuards,
+  UsePipes,
+  ValidationPipe,
+} from "@nestjs/common";
+import type { AgentProviderConfig } from "@prisma/client";
+import { OrchestratorApiKeyGuard } from "../../common/guards/api-key.guard";
+import { OrchestratorThrottlerGuard } from "../../common/guards/throttler.guard";
+import { AgentProvidersService } from "./agent-providers.service";
+import { CreateAgentProviderDto } from "./dto/create-agent-provider.dto";
+import { UpdateAgentProviderDto } from "./dto/update-agent-provider.dto";
+
+@Controller("agent-providers")
+@UseGuards(OrchestratorApiKeyGuard, OrchestratorThrottlerGuard)
+export class AgentProvidersController {
+  constructor(private readonly agentProvidersService: AgentProvidersService) {}
+
+  @Get()
+  async list(): Promise<AgentProviderConfig[]> {
+    return this.agentProvidersService.list();
+  }
+
+  @Get(":id")
+  async getById(@Param("id") id: string): Promise<AgentProviderConfig> {
+    return this.agentProvidersService.getById(id);
+  }
+
+  @Post()
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async create(@Body() dto: CreateAgentProviderDto): Promise<AgentProviderConfig> {
+    return this.agentProvidersService.create(dto);
+  }
+
+  @Patch(":id")
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async update(
+    @Param("id") id: string,
+    @Body() dto: UpdateAgentProviderDto
+  ): Promise<AgentProviderConfig> {
+    return this.agentProvidersService.update(id, dto);
+  }
+
+  @Delete(":id")
+  async delete(@Param("id") id: string): Promise<AgentProviderConfig> {
+    return this.agentProvidersService.delete(id);
+  }
+}
--- a/apps/orchestrator/src/api/agent-providers/agent-providers.module.ts
+++ b/apps/orchestrator/src/api/agent-providers/agent-providers.module.ts
@@ -0,0 +1,12 @@
+import { Module } from "@nestjs/common";
+import { PrismaModule } from "../../prisma/prisma.module";
+import { OrchestratorApiKeyGuard } from "../../common/guards/api-key.guard";
+import { AgentProvidersController } from "./agent-providers.controller";
+import { AgentProvidersService } from "./agent-providers.service";
+
+@Module({
+  imports: [PrismaModule],
+  controllers: [AgentProvidersController],
+  providers: [OrchestratorApiKeyGuard, AgentProvidersService],
+})
+export class AgentProvidersModule {}
--- a/apps/orchestrator/src/api/agent-providers/agent-providers.service.spec.ts
+++ b/apps/orchestrator/src/api/agent-providers/agent-providers.service.spec.ts
@@ -0,0 +1,211 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { NotFoundException } from "@nestjs/common";
+import { AgentProvidersService } from "./agent-providers.service";
+import { PrismaService } from "../../prisma/prisma.service";
+
+describe("AgentProvidersService", () => {
+  let service: AgentProvidersService;
+  let prisma: {
+    agentProviderConfig: {
+      findMany: ReturnType<typeof vi.fn>;
+      findUnique: ReturnType<typeof vi.fn>;
+      create: ReturnType<typeof vi.fn>;
+      update: ReturnType<typeof vi.fn>;
+      delete: ReturnType<typeof vi.fn>;
+    };
+  };
+
+  beforeEach(() => {
+    prisma = {
+      agentProviderConfig: {
+        findMany: vi.fn(),
+        findUnique: vi.fn(),
+        create: vi.fn(),
+        update: vi.fn(),
+        delete: vi.fn(),
+      },
+    };
+
+    service = new AgentProvidersService(prisma as unknown as PrismaService);
+  });
+
+  it("lists all provider configs", async () => {
+    const expected = [
+      {
+        id: "cfg-1",
+        workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+        name: "Primary",
+        provider: "openai",
+        gatewayUrl: "https://gateway.example.com",
+        credentials: {},
+        isActive: true,
+        createdAt: new Date("2026-03-07T18:00:00.000Z"),
+        updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+      },
+    ];
+    prisma.agentProviderConfig.findMany.mockResolvedValue(expected);
+
+    const result = await service.list();
+
+    expect(prisma.agentProviderConfig.findMany).toHaveBeenCalledWith({
+      orderBy: [{ createdAt: "desc" }, { id: "desc" }],
+    });
+    expect(result).toEqual(expected);
+  });
+
+  it("returns a single provider config", async () => {
+    const expected = {
+      id: "cfg-1",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "Primary",
+      provider: "openai",
+      gatewayUrl: "https://gateway.example.com",
+      credentials: { apiKeyRef: "vault:openai" },
+      isActive: true,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+    };
+    prisma.agentProviderConfig.findUnique.mockResolvedValue(expected);
+
+    const result = await service.getById("cfg-1");
+
+    expect(prisma.agentProviderConfig.findUnique).toHaveBeenCalledWith({
+      where: { id: "cfg-1" },
+    });
+    expect(result).toEqual(expected);
+  });
+
+  it("throws NotFoundException when provider config is missing", async () => {
+    prisma.agentProviderConfig.findUnique.mockResolvedValue(null);
+
+    await expect(service.getById("missing")).rejects.toBeInstanceOf(NotFoundException);
+  });
+
+  it("creates a provider config with default credentials", async () => {
+    const created = {
+      id: "cfg-created",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "New Provider",
+      provider: "claude",
+      gatewayUrl: "https://gateway.example.com",
+      credentials: {},
+      isActive: true,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+    };
+    prisma.agentProviderConfig.create.mockResolvedValue(created);
+
+    const result = await service.create({
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "New Provider",
+      provider: "claude",
+      gatewayUrl: "https://gateway.example.com",
+    });
+
+    expect(prisma.agentProviderConfig.create).toHaveBeenCalledWith({
+      data: {
+        workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+        name: "New Provider",
+        provider: "claude",
+        gatewayUrl: "https://gateway.example.com",
+        credentials: {},
+      },
+    });
+    expect(result).toEqual(created);
+  });
+
+  it("updates a provider config", async () => {
+    prisma.agentProviderConfig.findUnique.mockResolvedValue({
+      id: "cfg-1",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "Primary",
+      provider: "openai",
+      gatewayUrl: "https://gateway.example.com",
+      credentials: {},
+      isActive: true,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+    });
+
+    const updated = {
+      id: "cfg-1",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "Secondary",
+      provider: "openai",
+      gatewayUrl: "https://gateway2.example.com",
+      credentials: { apiKeyRef: "vault:new" },
+      isActive: false,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T19:00:00.000Z"),
+    };
+    prisma.agentProviderConfig.update.mockResolvedValue(updated);
+
+    const result = await service.update("cfg-1", {
+      name: "Secondary",
+      gatewayUrl: "https://gateway2.example.com",
+      credentials: { apiKeyRef: "vault:new" },
+      isActive: false,
+    });
+
+    expect(prisma.agentProviderConfig.update).toHaveBeenCalledWith({
+      where: { id: "cfg-1" },
+      data: {
+        name: "Secondary",
+        gatewayUrl: "https://gateway2.example.com",
+        credentials: { apiKeyRef: "vault:new" },
+        isActive: false,
+      },
+    });
+    expect(result).toEqual(updated);
+  });
+
+  it("throws NotFoundException when updating a missing provider config", async () => {
+    prisma.agentProviderConfig.findUnique.mockResolvedValue(null);
+
+    await expect(service.update("missing", { name: "Updated" })).rejects.toBeInstanceOf(
+      NotFoundException
+    );
+    expect(prisma.agentProviderConfig.update).not.toHaveBeenCalled();
+  });
+
+  it("deletes a provider config", async () => {
+    prisma.agentProviderConfig.findUnique.mockResolvedValue({
+      id: "cfg-1",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "Primary",
+      provider: "openai",
+      gatewayUrl: "https://gateway.example.com",
+      credentials: {},
+      isActive: true,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+    });
+
+    const deleted = {
+      id: "cfg-1",
+      workspaceId: "8bcd7eda-a122-4d6c-adfd-b152f6f75369",
+      name: "Primary",
+      provider: "openai",
+      gatewayUrl: "https://gateway.example.com",
+      credentials: {},
+      isActive: true,
+      createdAt: new Date("2026-03-07T18:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T18:00:00.000Z"),
+    };
+    prisma.agentProviderConfig.delete.mockResolvedValue(deleted);
+
+    const result = await service.delete("cfg-1");
+
+    expect(prisma.agentProviderConfig.delete).toHaveBeenCalledWith({
+      where: { id: "cfg-1" },
+    });
+    expect(result).toEqual(deleted);
+  });
+
+  it("throws NotFoundException when deleting a missing provider config", async () => {
+    prisma.agentProviderConfig.findUnique.mockResolvedValue(null);
+
+    await expect(service.delete("missing")).rejects.toBeInstanceOf(NotFoundException);
+    expect(prisma.agentProviderConfig.delete).not.toHaveBeenCalled();
+  });
+});
--- a/apps/orchestrator/src/api/agent-providers/agent-providers.service.ts
+++ b/apps/orchestrator/src/api/agent-providers/agent-providers.service.ts
@@ -0,0 +1,71 @@
+import { Injectable, NotFoundException } from "@nestjs/common";
+import type { AgentProviderConfig, Prisma } from "@prisma/client";
+import { PrismaService } from "../../prisma/prisma.service";
+import { CreateAgentProviderDto } from "./dto/create-agent-provider.dto";
+import { UpdateAgentProviderDto } from "./dto/update-agent-provider.dto";
+
+@Injectable()
+export class AgentProvidersService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async list(): Promise<AgentProviderConfig[]> {
+    return this.prisma.agentProviderConfig.findMany({
+      orderBy: [{ createdAt: "desc" }, { id: "desc" }],
+    });
+  }
+
+  async getById(id: string): Promise<AgentProviderConfig> {
+    const providerConfig = await this.prisma.agentProviderConfig.findUnique({
+      where: { id },
+    });
+
+    if (!providerConfig) {
+      throw new NotFoundException(`Agent provider config with id ${id} not found`);
+    }
+
+    return providerConfig;
+  }
+
+  async create(dto: CreateAgentProviderDto): Promise<AgentProviderConfig> {
+    return this.prisma.agentProviderConfig.create({
+      data: {
+        workspaceId: dto.workspaceId,
+        name: dto.name,
+        provider: dto.provider,
+        gatewayUrl: dto.gatewayUrl,
+        credentials: this.toJsonValue(dto.credentials ?? {}),
+        ...(dto.isActive !== undefined ? { isActive: dto.isActive } : {}),
+      },
+    });
+  }
+
+  async update(id: string, dto: UpdateAgentProviderDto): Promise<AgentProviderConfig> {
+    await this.getById(id);
+
+    const data: Prisma.AgentProviderConfigUpdateInput = {
+      ...(dto.workspaceId !== undefined ? { workspaceId: dto.workspaceId } : {}),
+      ...(dto.name !== undefined ? { name: dto.name } : {}),
+      ...(dto.provider !== undefined ? { provider: dto.provider } : {}),
+      ...(dto.gatewayUrl !== undefined ? { gatewayUrl: dto.gatewayUrl } : {}),
+      ...(dto.isActive !== undefined ? { isActive: dto.isActive } : {}),
+      ...(dto.credentials !== undefined ? { credentials: this.toJsonValue(dto.credentials) } : {}),
+    };
+
+    return this.prisma.agentProviderConfig.update({
+      where: { id },
+      data,
+    });
+  }
+
+  async delete(id: string): Promise<AgentProviderConfig> {
+    await this.getById(id);
+
+    return this.prisma.agentProviderConfig.delete({
+      where: { id },
+    });
+  }
+
+  private toJsonValue(value: Record<string, unknown>): Prisma.InputJsonValue {
+    return value as Prisma.InputJsonValue;
+  }
+}
--- a/apps/orchestrator/src/api/agent-providers/dto/create-agent-provider.dto.ts
+++ b/apps/orchestrator/src/api/agent-providers/dto/create-agent-provider.dto.ts
@@ -0,0 +1,26 @@
+import { IsBoolean, IsNotEmpty, IsObject, IsOptional, IsString, IsUUID } from "class-validator";
+
+export class CreateAgentProviderDto {
+  @IsUUID()
+  workspaceId!: string;
+
+  @IsString()
+  @IsNotEmpty()
+  name!: string;
+
+  @IsString()
+  @IsNotEmpty()
+  provider!: string;
+
+  @IsString()
+  @IsNotEmpty()
+  gatewayUrl!: string;
+
+  @IsOptional()
+  @IsObject()
+  credentials?: Record<string, unknown>;
+
+  @IsOptional()
+  @IsBoolean()
+  isActive?: boolean;
+}
--- a/apps/orchestrator/src/api/agent-providers/dto/update-agent-provider.dto.ts
+++ b/apps/orchestrator/src/api/agent-providers/dto/update-agent-provider.dto.ts
@@ -0,0 +1,30 @@
+import { IsBoolean, IsNotEmpty, IsObject, IsOptional, IsString, IsUUID } from "class-validator";
+
+export class UpdateAgentProviderDto {
+  @IsOptional()
+  @IsUUID()
+  workspaceId?: string;
+
+  @IsOptional()
+  @IsString()
+  @IsNotEmpty()
+  name?: string;
+
+  @IsOptional()
+  @IsString()
+  @IsNotEmpty()
+  provider?: string;
+
+  @IsOptional()
+  @IsString()
+  @IsNotEmpty()
+  gatewayUrl?: string;
+
+  @IsOptional()
+  @IsObject()
+  credentials?: Record<string, unknown>;
+
+  @IsOptional()
+  @IsBoolean()
+  isActive?: boolean;
+}
--- a/apps/orchestrator/src/api/agents/agent-control.service.spec.ts
+++ b/apps/orchestrator/src/api/agents/agent-control.service.spec.ts
@@ -0,0 +1,172 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { AgentControlService } from "./agent-control.service";
+import { PrismaService } from "../../prisma/prisma.service";
+import { KillswitchService } from "../../killswitch/killswitch.service";
+
+describe("AgentControlService", () => {
+  let service: AgentControlService;
+  let prisma: {
+    agentSessionTree: {
+      findUnique: ReturnType<typeof vi.fn>;
+      updateMany: ReturnType<typeof vi.fn>;
+    };
+    agentConversationMessage: {
+      create: ReturnType<typeof vi.fn>;
+    };
+    operatorAuditLog: {
+      create: ReturnType<typeof vi.fn>;
+    };
+  };
+  let killswitchService: {
+    killAgent: ReturnType<typeof vi.fn>;
+  };
+
+  beforeEach(() => {
+    prisma = {
+      agentSessionTree: {
+        findUnique: vi.fn(),
+        updateMany: vi.fn().mockResolvedValue({ count: 1 }),
+      },
+      agentConversationMessage: {
+        create: vi.fn().mockResolvedValue(undefined),
+      },
+      operatorAuditLog: {
+        create: vi.fn().mockResolvedValue(undefined),
+      },
+    };
+
+    killswitchService = {
+      killAgent: vi.fn().mockResolvedValue(undefined),
+    };
+
+    service = new AgentControlService(
+      prisma as unknown as PrismaService,
+      killswitchService as unknown as KillswitchService
+    );
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("injectMessage", () => {
+    it("creates conversation message and audit log when tree entry exists", async () => {
+      prisma.agentSessionTree.findUnique.mockResolvedValue({ id: "tree-1" });
+
+      await service.injectMessage("agent-123", "operator-abc", "Please continue");
+
+      expect(prisma.agentSessionTree.findUnique).toHaveBeenCalledWith({
+        where: { sessionId: "agent-123" },
+        select: { id: true },
+      });
+      expect(prisma.agentConversationMessage.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-123",
+          role: "operator",
+          content: "Please continue",
+          provider: "internal",
+          metadata: {},
+        },
+      });
+      expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-123",
+          userId: "operator-abc",
+          provider: "internal",
+          action: "inject",
+          metadata: {
+            payload: {
+              message: "Please continue",
+            },
+          },
+        },
+      });
+    });
+
+    it("creates only audit log when no tree entry exists", async () => {
+      prisma.agentSessionTree.findUnique.mockResolvedValue(null);
+
+      await service.injectMessage("agent-456", "operator-def", "Nudge message");
+
+      expect(prisma.agentConversationMessage.create).not.toHaveBeenCalled();
+      expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-456",
+          userId: "operator-def",
+          provider: "internal",
+          action: "inject",
+          metadata: {
+            payload: {
+              message: "Nudge message",
+            },
+          },
+        },
+      });
+    });
+  });
+
+  describe("pauseAgent", () => {
+    it("updates tree status to paused and creates audit log", async () => {
+      await service.pauseAgent("agent-789", "operator-pause");
+
+      expect(prisma.agentSessionTree.updateMany).toHaveBeenCalledWith({
+        where: { sessionId: "agent-789" },
+        data: { status: "paused" },
+      });
+      expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-789",
+          userId: "operator-pause",
+          provider: "internal",
+          action: "pause",
+          metadata: {
+            payload: {},
+          },
+        },
+      });
+    });
+  });
+
+  describe("resumeAgent", () => {
+    it("updates tree status to running and creates audit log", async () => {
+      await service.resumeAgent("agent-321", "operator-resume");
+
+      expect(prisma.agentSessionTree.updateMany).toHaveBeenCalledWith({
+        where: { sessionId: "agent-321" },
+        data: { status: "running" },
+      });
+      expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-321",
+          userId: "operator-resume",
+          provider: "internal",
+          action: "resume",
+          metadata: {
+            payload: {},
+          },
+        },
+      });
+    });
+  });
+
+  describe("killAgent", () => {
+    it("delegates kill to killswitch and logs audit", async () => {
+      await service.killAgent("agent-654", "operator-kill", false);
+
+      expect(killswitchService.killAgent).toHaveBeenCalledWith("agent-654");
+      expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+        data: {
+          sessionId: "agent-654",
+          userId: "operator-kill",
+          provider: "internal",
+          action: "kill",
+          metadata: {
+            payload: {
+              force: false,
+            },
+          },
+        },
+      });
+    });
+  });
+});
--- a/apps/orchestrator/src/api/agents/agent-control.service.ts
+++ b/apps/orchestrator/src/api/agents/agent-control.service.ts
@@ -0,0 +1,77 @@
+import { Injectable } from "@nestjs/common";
+import type { Prisma } from "@prisma/client";
+import { KillswitchService } from "../../killswitch/killswitch.service";
+import { PrismaService } from "../../prisma/prisma.service";
+
+@Injectable()
+export class AgentControlService {
+  constructor(
+    private readonly prisma: PrismaService,
+    private readonly killswitchService: KillswitchService
+  ) {}
+
+  private toJsonValue(value: Record<string, unknown>): Prisma.InputJsonValue {
+    return value as Prisma.InputJsonValue;
+  }
+
+  private async createOperatorAuditLog(
+    agentId: string,
+    operatorId: string,
+    action: "inject" | "pause" | "resume" | "kill",
+    payload: Record<string, unknown>
+  ): Promise<void> {
+    await this.prisma.operatorAuditLog.create({
+      data: {
+        sessionId: agentId,
+        userId: operatorId,
+        provider: "internal",
+        action,
+        metadata: this.toJsonValue({ payload }),
+      },
+    });
+  }
+
+  async injectMessage(agentId: string, operatorId: string, message: string): Promise<void> {
+    const treeEntry = await this.prisma.agentSessionTree.findUnique({
+      where: { sessionId: agentId },
+      select: { id: true },
+    });
+
+    if (treeEntry) {
+      await this.prisma.agentConversationMessage.create({
+        data: {
+          sessionId: agentId,
+          role: "operator",
+          content: message,
+          provider: "internal",
+          metadata: this.toJsonValue({}),
+        },
+      });
+    }
+
+    await this.createOperatorAuditLog(agentId, operatorId, "inject", { message });
+  }
+
+  async pauseAgent(agentId: string, operatorId: string): Promise<void> {
+    await this.prisma.agentSessionTree.updateMany({
+      where: { sessionId: agentId },
+      data: { status: "paused" },
+    });
+
+    await this.createOperatorAuditLog(agentId, operatorId, "pause", {});
+  }
+
+  async resumeAgent(agentId: string, operatorId: string): Promise<void> {
+    await this.prisma.agentSessionTree.updateMany({
+      where: { sessionId: agentId },
+      data: { status: "running" },
+    });
+
+    await this.createOperatorAuditLog(agentId, operatorId, "resume", {});
+  }
+
+  async killAgent(agentId: string, operatorId: string, force = true): Promise<void> {
+    await this.killswitchService.killAgent(agentId);
+    await this.createOperatorAuditLog(agentId, operatorId, "kill", { force });
+  }
+}
--- a/apps/orchestrator/src/api/agents/agent-messages.service.spec.ts
+++ b/apps/orchestrator/src/api/agents/agent-messages.service.spec.ts
@@ -0,0 +1,103 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { AgentMessagesService } from "./agent-messages.service";
+import { PrismaService } from "../../prisma/prisma.service";
+
+describe("AgentMessagesService", () => {
+  let service: AgentMessagesService;
+  let prisma: {
+    agentConversationMessage: {
+      findMany: ReturnType<typeof vi.fn>;
+      count: ReturnType<typeof vi.fn>;
+    };
+  };
+
+  beforeEach(() => {
+    prisma = {
+      agentConversationMessage: {
+        findMany: vi.fn(),
+        count: vi.fn(),
+      },
+    };
+
+    service = new AgentMessagesService(prisma as unknown as PrismaService);
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("getMessages", () => {
+    it("returns paginated messages from Prisma", async () => {
+      const sessionId = "agent-123";
+      const messages = [
+        {
+          id: "msg-1",
+          sessionId,
+          provider: "internal",
+          role: "assistant",
+          content: "First message",
+          timestamp: new Date("2026-03-07T16:00:00.000Z"),
+          metadata: {},
+        },
+        {
+          id: "msg-2",
+          sessionId,
+          provider: "internal",
+          role: "user",
+          content: "Second message",
+          timestamp: new Date("2026-03-07T15:59:00.000Z"),
+          metadata: {},
+        },
+      ];
+
+      prisma.agentConversationMessage.findMany.mockResolvedValue(messages);
+      prisma.agentConversationMessage.count.mockResolvedValue(2);
+
+      const result = await service.getMessages(sessionId, 50, 0);
+
+      expect(prisma.agentConversationMessage.findMany).toHaveBeenCalledWith({
+        where: { sessionId },
+        orderBy: { timestamp: "desc" },
+        take: 50,
+        skip: 0,
+      });
+      expect(prisma.agentConversationMessage.count).toHaveBeenCalledWith({ where: { sessionId } });
+      expect(result).toEqual({
+        messages,
+        total: 2,
+      });
+    });
+
+    it("applies limit and cursor (skip) correctly", async () => {
+      const sessionId = "agent-456";
+      const limit = 10;
+      const cursor = 20;
+
+      prisma.agentConversationMessage.findMany.mockResolvedValue([]);
+      prisma.agentConversationMessage.count.mockResolvedValue(42);
+
+      await service.getMessages(sessionId, limit, cursor);
+
+      expect(prisma.agentConversationMessage.findMany).toHaveBeenCalledWith({
+        where: { sessionId },
+        orderBy: { timestamp: "desc" },
+        take: limit,
+        skip: cursor,
+      });
+    });
+
+    it("returns empty messages array when no messages exist", async () => {
+      const sessionId = "agent-empty";
+
+      prisma.agentConversationMessage.findMany.mockResolvedValue([]);
+      prisma.agentConversationMessage.count.mockResolvedValue(0);
+
+      const result = await service.getMessages(sessionId, 25, 0);
+
+      expect(result).toEqual({
+        messages: [],
+        total: 0,
+      });
+    });
+  });
+});
--- a/apps/orchestrator/src/api/agents/agent-messages.service.ts
+++ b/apps/orchestrator/src/api/agents/agent-messages.service.ts
@@ -0,0 +1,84 @@
+import { Injectable } from "@nestjs/common";
+import { type AgentConversationMessage, type Prisma } from "@prisma/client";
+import { PrismaService } from "../../prisma/prisma.service";
+
+@Injectable()
+export class AgentMessagesService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async getMessages(
+    sessionId: string,
+    limit: number,
+    skip: number
+  ): Promise<{
+    messages: AgentConversationMessage[];
+    total: number;
+  }> {
+    const where = { sessionId };
+
+    const [messages, total] = await Promise.all([
+      this.prisma.agentConversationMessage.findMany({
+        where,
+        orderBy: {
+          timestamp: "desc",
+        },
+        take: limit,
+        skip,
+      }),
+      this.prisma.agentConversationMessage.count({ where }),
+    ]);
+
+    return {
+      messages,
+      total,
+    };
+  }
+
+  async getReplayMessages(sessionId: string, limit = 50): Promise<AgentConversationMessage[]> {
+    const messages = await this.prisma.agentConversationMessage.findMany({
+      where: { sessionId },
+      orderBy: {
+        timestamp: "desc",
+      },
+      take: limit,
+    });
+
+    return messages.reverse();
+  }
+
+  async getMessagesAfter(
+    sessionId: string,
+    lastSeenTimestamp: Date,
+    lastSeenMessageId: string | null
+  ): Promise<AgentConversationMessage[]> {
+    const where: Prisma.AgentConversationMessageWhereInput = {
+      sessionId,
+      ...(lastSeenMessageId
+        ? {
+            OR: [
+              {
+                timestamp: {
+                  gt: lastSeenTimestamp,
+                },
+              },
+              {
+                timestamp: lastSeenTimestamp,
+                id: {
+                  gt: lastSeenMessageId,
+                },
+              },
+            ],
+          }
+        : {
+            timestamp: {
+              gt: lastSeenTimestamp,
+            },
+          }),
+    };
+
+    return this.prisma.agentConversationMessage.findMany({
+      where,
+      orderBy: [{ timestamp: "asc" }, { id: "asc" }],
+    });
+  }
+}
--- a/apps/orchestrator/src/api/agents/agent-provider.registry.spec.ts
+++ b/apps/orchestrator/src/api/agents/agent-provider.registry.spec.ts
@@ -0,0 +1,202 @@
+import { Logger } from "@nestjs/common";
+import type {
+  AgentMessage,
+  AgentSession,
+  AgentSessionList,
+  IAgentProvider,
+  InjectResult,
+} from "@mosaic/shared";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { AgentProviderRegistry } from "./agent-provider.registry";
+import { InternalAgentProvider } from "./internal-agent.provider";
+
+type MockProvider = IAgentProvider & {
+  listSessions: ReturnType<typeof vi.fn>;
+  getSession: ReturnType<typeof vi.fn>;
+};
+
+const emptyMessageStream = async function* (): AsyncIterable<AgentMessage> {
+  return;
+};
+
+const createProvider = (providerId: string, sessions: AgentSession[] = []): MockProvider => {
+  return {
+    providerId,
+    providerType: providerId,
+    displayName: providerId,
+    listSessions: vi.fn().mockResolvedValue({
+      sessions,
+      total: sessions.length,
+    } as AgentSessionList),
+    getSession: vi.fn().mockResolvedValue(null),
+    getMessages: vi.fn().mockResolvedValue([]),
+    injectMessage: vi.fn().mockResolvedValue({ accepted: true } as InjectResult),
+    pauseSession: vi.fn().mockResolvedValue(undefined),
+    resumeSession: vi.fn().mockResolvedValue(undefined),
+    killSession: vi.fn().mockResolvedValue(undefined),
+    streamMessages: vi.fn().mockReturnValue(emptyMessageStream()),
+    isAvailable: vi.fn().mockResolvedValue(true),
+  };
+};
+
+describe("AgentProviderRegistry", () => {
+  let registry: AgentProviderRegistry;
+  let internalProvider: MockProvider;
+
+  beforeEach(() => {
+    internalProvider = createProvider("internal");
+    registry = new AgentProviderRegistry(internalProvider as unknown as InternalAgentProvider);
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it("registers InternalAgentProvider on module init", () => {
+    registry.onModuleInit();
+
+    expect(registry.getProvider("internal")).toBe(internalProvider);
+  });
+
+  it("registers providers and returns null for unknown provider ids", () => {
+    const externalProvider = createProvider("openclaw");
+
+    registry.registerProvider(externalProvider);
+
+    expect(registry.getProvider("openclaw")).toBe(externalProvider);
+    expect(registry.getProvider("missing")).toBeNull();
+  });
+
+  it("aggregates and sorts sessions from all providers", async () => {
+    const internalSessions: AgentSession[] = [
+      {
+        id: "session-older",
+        providerId: "internal",
+        providerType: "internal",
+        status: "active",
+        createdAt: new Date("2026-03-07T10:00:00.000Z"),
+        updatedAt: new Date("2026-03-07T10:10:00.000Z"),
+      },
+    ];
+
+    const externalSessions: AgentSession[] = [
+      {
+        id: "session-newer",
+        providerId: "openclaw",
+        providerType: "external",
+        status: "paused",
+        createdAt: new Date("2026-03-07T09:00:00.000Z"),
+        updatedAt: new Date("2026-03-07T10:20:00.000Z"),
+      },
+    ];
+
+    internalProvider.listSessions.mockResolvedValue({
+      sessions: internalSessions,
+      total: internalSessions.length,
+    } as AgentSessionList);
+
+    const externalProvider = createProvider("openclaw", externalSessions);
+    registry.onModuleInit();
+    registry.registerProvider(externalProvider);
+
+    const result = await registry.listAllSessions();
+
+    expect(result.map((session) => session.id)).toEqual(["session-newer", "session-older"]);
+    expect(internalProvider.listSessions).toHaveBeenCalledTimes(1);
+    expect(externalProvider.listSessions).toHaveBeenCalledTimes(1);
+  });
+
+  it("skips provider failures and logs warning", async () => {
+    const warnSpy = vi.spyOn(Logger.prototype, "warn").mockImplementation(() => undefined);
+
+    const healthyProvider = createProvider("healthy", [
+      {
+        id: "session-1",
+        providerId: "healthy",
+        providerType: "external",
+        status: "active",
+        createdAt: new Date("2026-03-07T11:00:00.000Z"),
+        updatedAt: new Date("2026-03-07T11:00:00.000Z"),
+      },
+    ]);
+
+    const failingProvider = createProvider("failing");
+    failingProvider.listSessions.mockRejectedValue(new Error("provider offline"));
+
+    registry.onModuleInit();
+    registry.registerProvider(healthyProvider);
+    registry.registerProvider(failingProvider);
+
+    const result = await registry.listAllSessions();
+
+    expect(result).toHaveLength(1);
+    expect(result[0]?.id).toBe("session-1");
+    expect(warnSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to list sessions for provider failing")
+    );
+  });
+
+  it("finds a provider for an existing session", async () => {
+    const targetSession: AgentSession = {
+      id: "session-found",
+      providerId: "openclaw",
+      providerType: "external",
+      status: "active",
+      createdAt: new Date("2026-03-07T12:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T12:10:00.000Z"),
+    };
+
+    const openclawProvider = createProvider("openclaw");
+    openclawProvider.getSession.mockResolvedValue(targetSession);
+
+    registry.onModuleInit();
+    registry.registerProvider(openclawProvider);
+
+    const result = await registry.getProviderForSession(targetSession.id);
+
+    expect(result).toEqual({
+      provider: openclawProvider,
+      session: targetSession,
+    });
+    expect(internalProvider.getSession).toHaveBeenCalledWith(targetSession.id);
+    expect(openclawProvider.getSession).toHaveBeenCalledWith(targetSession.id);
+  });
+
+  it("returns null when no provider has the requested session", async () => {
+    const openclawProvider = createProvider("openclaw");
+
+    registry.onModuleInit();
+    registry.registerProvider(openclawProvider);
+
+    await expect(registry.getProviderForSession("missing-session")).resolves.toBeNull();
+  });
+
+  it("continues searching providers when getSession throws", async () => {
+    const warnSpy = vi.spyOn(Logger.prototype, "warn").mockImplementation(() => undefined);
+    const failingProvider = createProvider("failing");
+    failingProvider.getSession.mockRejectedValue(new Error("provider timeout"));
+
+    const healthySession: AgentSession = {
+      id: "session-healthy",
+      providerId: "healthy",
+      providerType: "external",
+      status: "active",
+      createdAt: new Date("2026-03-07T12:15:00.000Z"),
+      updatedAt: new Date("2026-03-07T12:16:00.000Z"),
+    };
+
+    const healthyProvider = createProvider("healthy");
+    healthyProvider.getSession.mockResolvedValue(healthySession);
+
+    registry.onModuleInit();
+    registry.registerProvider(failingProvider);
+    registry.registerProvider(healthyProvider);
+
+    const result = await registry.getProviderForSession(healthySession.id);
+
+    expect(result).toEqual({ provider: healthyProvider, session: healthySession });
+    expect(warnSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to get session session-healthy for provider failing")
+    );
+  });
+});
--- a/apps/orchestrator/src/api/agents/agent-provider.registry.ts
+++ b/apps/orchestrator/src/api/agents/agent-provider.registry.ts
@@ -0,0 +1,79 @@
+import { Injectable, Logger, OnModuleInit } from "@nestjs/common";
+import type { AgentSession, IAgentProvider } from "@mosaic/shared";
+import { InternalAgentProvider } from "./internal-agent.provider";
+
+@Injectable()
+export class AgentProviderRegistry implements OnModuleInit {
+  private readonly logger = new Logger(AgentProviderRegistry.name);
+  private readonly providers = new Map<string, IAgentProvider>();
+
+  constructor(private readonly internalProvider: InternalAgentProvider) {}
+
+  onModuleInit(): void {
+    this.registerProvider(this.internalProvider);
+  }
+
+  registerProvider(provider: IAgentProvider): void {
+    const existingProvider = this.providers.get(provider.providerId);
+    if (existingProvider !== undefined) {
+      this.logger.warn(`Replacing existing provider registration for ${provider.providerId}`);
+    }
+
+    this.providers.set(provider.providerId, provider);
+  }
+
+  getProvider(providerId: string): IAgentProvider | null {
+    return this.providers.get(providerId) ?? null;
+  }
+
+  async getProviderForSession(
+    sessionId: string
+  ): Promise<{ provider: IAgentProvider; session: AgentSession } | null> {
+    for (const provider of this.providers.values()) {
+      try {
+        const session = await provider.getSession(sessionId);
+        if (session !== null) {
+          return {
+            provider,
+            session,
+          };
+        }
+      } catch (error) {
+        this.logger.warn(
+          `Failed to get session ${sessionId} for provider ${provider.providerId}: ${this.toErrorMessage(error)}`
+        );
+      }
+    }
+
+    return null;
+  }
+
+  async listAllSessions(): Promise<AgentSession[]> {
+    const providers = [...this.providers.values()];
+    const sessionsByProvider = await Promise.all(
+      providers.map(async (provider) => {
+        try {
+          const { sessions } = await provider.listSessions();
+          return sessions;
+        } catch (error) {
+          this.logger.warn(
+            `Failed to list sessions for provider ${provider.providerId}: ${this.toErrorMessage(error)}`
+          );
+          return [];
+        }
+      })
+    );
+
+    return sessionsByProvider
+      .flat()
+      .sort((left, right) => right.updatedAt.getTime() - left.updatedAt.getTime());
+  }
+
+  private toErrorMessage(error: unknown): string {
+    if (error instanceof Error) {
+      return error.message;
+    }
+
+    return String(error);
+  }
+}
--- a/apps/orchestrator/src/api/agents/agent-tree.service.spec.ts
+++ b/apps/orchestrator/src/api/agents/agent-tree.service.spec.ts
@@ -0,0 +1,245 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { AgentTreeService } from "./agent-tree.service";
+import { PrismaService } from "../../prisma/prisma.service";
+
+describe("AgentTreeService", () => {
+  let service: AgentTreeService;
+  let prisma: {
+    agentSessionTree: {
+      findMany: ReturnType<typeof vi.fn>;
+      count: ReturnType<typeof vi.fn>;
+      findUnique: ReturnType<typeof vi.fn>;
+    };
+  };
+
+  beforeEach(() => {
+    prisma = {
+      agentSessionTree: {
+        findMany: vi.fn(),
+        count: vi.fn(),
+        findUnique: vi.fn(),
+      },
+    };
+
+    service = new AgentTreeService(prisma as unknown as PrismaService);
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("listSessions", () => {
+    it("returns paginated sessions and cursor", async () => {
+      const sessions = [
+        {
+          id: "tree-2",
+          sessionId: "agent-2",
+          parentSessionId: null,
+          provider: "internal",
+          missionId: null,
+          taskId: "task-2",
+          taskSource: "queue",
+          agentType: "worker",
+          status: "running",
+          spawnedAt: new Date("2026-03-07T11:00:00.000Z"),
+          completedAt: null,
+          metadata: {},
+        },
+        {
+          id: "tree-1",
+          sessionId: "agent-1",
+          parentSessionId: null,
+          provider: "internal",
+          missionId: null,
+          taskId: "task-1",
+          taskSource: "queue",
+          agentType: "worker",
+          status: "running",
+          spawnedAt: new Date("2026-03-07T10:00:00.000Z"),
+          completedAt: null,
+          metadata: {},
+        },
+      ];
+
+      prisma.agentSessionTree.findMany.mockResolvedValue(sessions);
+      prisma.agentSessionTree.count.mockResolvedValue(7);
+
+      const result = await service.listSessions(undefined, 2);
+
+      expect(prisma.agentSessionTree.findMany).toHaveBeenCalledWith({
+        where: undefined,
+        orderBy: [{ spawnedAt: "desc" }, { sessionId: "desc" }],
+        take: 2,
+      });
+      expect(prisma.agentSessionTree.count).toHaveBeenCalledWith();
+      expect(result.sessions).toEqual(sessions);
+      expect(result.total).toBe(7);
+      expect(result.cursor).toBeTypeOf("string");
+    });
+
+    it("applies cursor filter when provided", async () => {
+      prisma.agentSessionTree.findMany.mockResolvedValue([]);
+      prisma.agentSessionTree.count.mockResolvedValue(0);
+
+      const cursorDate = "2026-03-07T10:00:00.000Z";
+      const cursorSessionId = "agent-5";
+      const cursor = Buffer.from(
+        JSON.stringify({
+          spawnedAt: cursorDate,
+          sessionId: cursorSessionId,
+        }),
+        "utf8"
+      ).toString("base64url");
+
+      await service.listSessions(cursor, 25);
+
+      expect(prisma.agentSessionTree.findMany).toHaveBeenCalledWith({
+        where: {
+          OR: [
+            {
+              spawnedAt: {
+                lt: new Date(cursorDate),
+              },
+            },
+            {
+              spawnedAt: new Date(cursorDate),
+              sessionId: {
+                lt: cursorSessionId,
+              },
+            },
+          ],
+        },
+        orderBy: [{ spawnedAt: "desc" }, { sessionId: "desc" }],
+        take: 25,
+      });
+    });
+
+    it("ignores invalid cursor values", async () => {
+      prisma.agentSessionTree.findMany.mockResolvedValue([]);
+      prisma.agentSessionTree.count.mockResolvedValue(0);
+
+      await service.listSessions("invalid-cursor", 10);
+
+      expect(prisma.agentSessionTree.findMany).toHaveBeenCalledWith({
+        where: undefined,
+        orderBy: [{ spawnedAt: "desc" }, { sessionId: "desc" }],
+        take: 10,
+      });
+    });
+  });
+
+  describe("getSession", () => {
+    it("returns matching session entry", async () => {
+      const session = {
+        id: "tree-1",
+        sessionId: "agent-123",
+        parentSessionId: null,
+        provider: "internal",
+        missionId: null,
+        taskId: "task-1",
+        taskSource: "queue",
+        agentType: "worker",
+        status: "running",
+        spawnedAt: new Date("2026-03-07T11:00:00.000Z"),
+        completedAt: null,
+        metadata: {},
+      };
+      prisma.agentSessionTree.findUnique.mockResolvedValue(session);
+
+      const result = await service.getSession("agent-123");
+
+      expect(prisma.agentSessionTree.findUnique).toHaveBeenCalledWith({
+        where: { sessionId: "agent-123" },
+      });
+      expect(result).toEqual(session);
+    });
+
+    it("returns null when session does not exist", async () => {
+      prisma.agentSessionTree.findUnique.mockResolvedValue(null);
+
+      const result = await service.getSession("agent-missing");
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe("getTree", () => {
+    it("returns mapped entries from Prisma", async () => {
+      prisma.agentSessionTree.findMany.mockResolvedValue([
+        {
+          id: "tree-1",
+          sessionId: "agent-1",
+          parentSessionId: "agent-root",
+          provider: "internal",
+          missionId: "mission-1",
+          taskId: "task-1",
+          taskSource: "queue",
+          agentType: "worker",
+          status: "running",
+          spawnedAt: new Date("2026-03-07T10:00:00.000Z"),
+          completedAt: new Date("2026-03-07T11:00:00.000Z"),
+          metadata: {},
+        },
+      ]);
+
+      const result = await service.getTree();
+
+      expect(prisma.agentSessionTree.findMany).toHaveBeenCalledWith({
+        orderBy: { spawnedAt: "desc" },
+        take: 200,
+      });
+      expect(result).toEqual([
+        {
+          sessionId: "agent-1",
+          parentSessionId: "agent-root",
+          status: "running",
+          agentType: "worker",
+          taskSource: "queue",
+          spawnedAt: "2026-03-07T10:00:00.000Z",
+          completedAt: "2026-03-07T11:00:00.000Z",
+        },
+      ]);
+    });
+
+    it("returns empty array when no entries exist", async () => {
+      prisma.agentSessionTree.findMany.mockResolvedValue([]);
+
+      const result = await service.getTree();
+
+      expect(result).toEqual([]);
+    });
+
+    it("maps null parentSessionId and completedAt correctly", async () => {
+      prisma.agentSessionTree.findMany.mockResolvedValue([
+        {
+          id: "tree-2",
+          sessionId: "agent-root",
+          parentSessionId: null,
+          provider: "internal",
+          missionId: null,
+          taskId: null,
+          taskSource: null,
+          agentType: null,
+          status: "spawning",
+          spawnedAt: new Date("2026-03-07T09:00:00.000Z"),
+          completedAt: null,
+          metadata: {},
+        },
+      ]);
+
+      const result = await service.getTree();
+
+      expect(result).toEqual([
+        {
+          sessionId: "agent-root",
+          parentSessionId: null,
+          status: "spawning",
+          agentType: null,
+          taskSource: null,
+          spawnedAt: "2026-03-07T09:00:00.000Z",
+          completedAt: null,
+        },
+      ]);
+    });
+  });
+});
--- a/apps/orchestrator/src/api/agents/agent-tree.service.ts
+++ b/apps/orchestrator/src/api/agents/agent-tree.service.ts
@@ -0,0 +1,146 @@
+import { Injectable } from "@nestjs/common";
+import type { AgentSessionTree, Prisma } from "@prisma/client";
+import { AgentTreeResponseDto } from "./dto/agent-tree-response.dto";
+import { PrismaService } from "../../prisma/prisma.service";
+
+const DEFAULT_PAGE_LIMIT = 50;
+const MAX_PAGE_LIMIT = 200;
+
+interface SessionCursor {
+  spawnedAt: Date;
+  sessionId: string;
+}
+
+export interface AgentSessionTreeListResult {
+  sessions: AgentSessionTree[];
+  total: number;
+  cursor?: string;
+}
+
+@Injectable()
+export class AgentTreeService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async listSessions(
+    cursor?: string,
+    limit = DEFAULT_PAGE_LIMIT
+  ): Promise<AgentSessionTreeListResult> {
+    const safeLimit = this.normalizeLimit(limit);
+    const parsedCursor = this.parseCursor(cursor);
+
+    const where: Prisma.AgentSessionTreeWhereInput | undefined = parsedCursor
+      ? {
+          OR: [
+            {
+              spawnedAt: {
+                lt: parsedCursor.spawnedAt,
+              },
+            },
+            {
+              spawnedAt: parsedCursor.spawnedAt,
+              sessionId: {
+                lt: parsedCursor.sessionId,
+              },
+            },
+          ],
+        }
+      : undefined;
+
+    const [sessions, total] = await Promise.all([
+      this.prisma.agentSessionTree.findMany({
+        where,
+        orderBy: [{ spawnedAt: "desc" }, { sessionId: "desc" }],
+        take: safeLimit,
+      }),
+      this.prisma.agentSessionTree.count(),
+    ]);
+
+    const nextCursor =
+      sessions.length === safeLimit
+        ? this.serializeCursor(sessions[sessions.length - 1])
+        : undefined;
+
+    return {
+      sessions,
+      total,
+      ...(nextCursor !== undefined ? { cursor: nextCursor } : {}),
+    };
+  }
+
+  async getSession(sessionId: string): Promise<AgentSessionTree | null> {
+    return this.prisma.agentSessionTree.findUnique({
+      where: { sessionId },
+    });
+  }
+
+  async getTree(): Promise<AgentTreeResponseDto[]> {
+    const entries = await this.prisma.agentSessionTree.findMany({
+      orderBy: { spawnedAt: "desc" },
+      take: 200,
+    });
+
+    const response: AgentTreeResponseDto[] = [];
+    for (const entry of entries) {
+      response.push({
+        sessionId: entry.sessionId,
+        parentSessionId: entry.parentSessionId ?? null,
+        status: entry.status,
+        agentType: entry.agentType ?? null,
+        taskSource: entry.taskSource ?? null,
+        spawnedAt: entry.spawnedAt.toISOString(),
+        completedAt: entry.completedAt?.toISOString() ?? null,
+      });
+    }
+
+    return response;
+  }
+
+  private normalizeLimit(limit: number): number {
+    const normalized = Number.isFinite(limit) ? Math.trunc(limit) : DEFAULT_PAGE_LIMIT;
+    if (normalized < 1) {
+      return 1;
+    }
+
+    return Math.min(normalized, MAX_PAGE_LIMIT);
+  }
+
+  private serializeCursor(entry: Pick<AgentSessionTree, "spawnedAt" | "sessionId">): string {
+    return Buffer.from(
+      JSON.stringify({
+        spawnedAt: entry.spawnedAt.toISOString(),
+        sessionId: entry.sessionId,
+      }),
+      "utf8"
+    ).toString("base64url");
+  }
+
+  private parseCursor(cursor?: string): SessionCursor | null {
+    if (!cursor) {
+      return null;
+    }
+
+    try {
+      const decoded = Buffer.from(cursor, "base64url").toString("utf8");
+      const parsed = JSON.parse(decoded) as {
+        spawnedAt?: string;
+        sessionId?: string;
+      };
+
+      if (typeof parsed.spawnedAt !== "string" || typeof parsed.sessionId !== "string") {
+        return null;
+      }
+
+      const spawnedAt = new Date(parsed.spawnedAt);
+      if (Number.isNaN(spawnedAt.getTime())) {
+        return null;
+      }
+
+      return {
+        spawnedAt,
+        sessionId: parsed.sessionId,
+      };
+    } catch {
+      return null;
+    }
+  }
+}
--- a/apps/orchestrator/src/api/agents/agents-killswitch.controller.spec.ts
+++ b/apps/orchestrator/src/api/agents/agents-killswitch.controller.spec.ts
@@ -5,6 +5,9 @@ import { AgentSpawnerService } from "../../spawner/agent-spawner.service";
 import { AgentLifecycleService } from "../../spawner/agent-lifecycle.service";
 import { KillswitchService } from "../../killswitch/killswitch.service";
 import { AgentEventsService } from "./agent-events.service";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentControlService } from "./agent-control.service";
+import { AgentTreeService } from "./agent-tree.service";
 import type { KillAllResult } from "../../killswitch/killswitch.service";

 describe("AgentsController - Killswitch Endpoints", () => {
@@ -27,6 +30,20 @@ describe("AgentsController - Killswitch Endpoints", () => {
    subscribe: ReturnType<typeof vi.fn>;
    getInitialSnapshot: ReturnType<typeof vi.fn>;
    createHeartbeat: ReturnType<typeof vi.fn>;
+    getRecentEvents: ReturnType<typeof vi.fn>;
+  };
+  let mockMessagesService: {
+    getMessages: ReturnType<typeof vi.fn>;
+    getReplayMessages: ReturnType<typeof vi.fn>;
+    getMessagesAfter: ReturnType<typeof vi.fn>;
+  };
+  let mockControlService: {
+    injectMessage: ReturnType<typeof vi.fn>;
+    pauseAgent: ReturnType<typeof vi.fn>;
+    resumeAgent: ReturnType<typeof vi.fn>;
+  };
+  let mockTreeService: {
+    getTree: ReturnType<typeof vi.fn>;
  };

  beforeEach(() => {
@@ -61,6 +78,23 @@ describe("AgentsController - Killswitch Endpoints", () => {
        timestamp: new Date().toISOString(),
        data: { heartbeat: true },
      }),
+      getRecentEvents: vi.fn().mockReturnValue([]),
+    };
+
+    mockMessagesService = {
+      getMessages: vi.fn(),
+      getReplayMessages: vi.fn().mockResolvedValue([]),
+      getMessagesAfter: vi.fn().mockResolvedValue([]),
+    };
+
+    mockControlService = {
+      injectMessage: vi.fn().mockResolvedValue(undefined),
+      pauseAgent: vi.fn().mockResolvedValue(undefined),
+      resumeAgent: vi.fn().mockResolvedValue(undefined),
+    };
+
+    mockTreeService = {
+      getTree: vi.fn().mockResolvedValue([]),
    };

    controller = new AgentsController(
@@ -68,7 +102,10 @@ describe("AgentsController - Killswitch Endpoints", () => {
      mockSpawnerService as unknown as AgentSpawnerService,
      mockLifecycleService as unknown as AgentLifecycleService,
      mockKillswitchService as unknown as KillswitchService,
-      mockEventsService as unknown as AgentEventsService
+      mockEventsService as unknown as AgentEventsService,
+      mockMessagesService as unknown as AgentMessagesService,
+      mockControlService as unknown as AgentControlService,
+      mockTreeService as unknown as AgentTreeService
    );
  });

--- a/apps/orchestrator/src/api/agents/agents.controller.spec.ts
+++ b/apps/orchestrator/src/api/agents/agents.controller.spec.ts
@@ -4,6 +4,9 @@ import { AgentSpawnerService } from "../../spawner/agent-spawner.service";
 import { AgentLifecycleService } from "../../spawner/agent-lifecycle.service";
 import { KillswitchService } from "../../killswitch/killswitch.service";
 import { AgentEventsService } from "./agent-events.service";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentControlService } from "./agent-control.service";
+import { AgentTreeService } from "./agent-tree.service";
 import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";

 describe("AgentsController", () => {
@@ -30,6 +33,19 @@ describe("AgentsController", () => {
    createHeartbeat: ReturnType<typeof vi.fn>;
    getRecentEvents: ReturnType<typeof vi.fn>;
  };
+  let messagesService: {
+    getMessages: ReturnType<typeof vi.fn>;
+    getReplayMessages: ReturnType<typeof vi.fn>;
+    getMessagesAfter: ReturnType<typeof vi.fn>;
+  };
+  let controlService: {
+    injectMessage: ReturnType<typeof vi.fn>;
+    pauseAgent: ReturnType<typeof vi.fn>;
+    resumeAgent: ReturnType<typeof vi.fn>;
+  };
+  let treeService: {
+    getTree: ReturnType<typeof vi.fn>;
+  };

  beforeEach(() => {
    // Create mock services
@@ -69,13 +85,32 @@ describe("AgentsController", () => {
      getRecentEvents: vi.fn().mockReturnValue([]),
    };

+    messagesService = {
+      getMessages: vi.fn(),
+      getReplayMessages: vi.fn().mockResolvedValue([]),
+      getMessagesAfter: vi.fn().mockResolvedValue([]),
+    };
+
+    controlService = {
+      injectMessage: vi.fn().mockResolvedValue(undefined),
+      pauseAgent: vi.fn().mockResolvedValue(undefined),
+      resumeAgent: vi.fn().mockResolvedValue(undefined),
+    };
+
+    treeService = {
+      getTree: vi.fn().mockResolvedValue([]),
+    };
+
    // Create controller with mocked services
    controller = new AgentsController(
      queueService as unknown as QueueService,
      spawnerService as unknown as AgentSpawnerService,
      lifecycleService as unknown as AgentLifecycleService,
      killswitchService as unknown as KillswitchService,
-      eventsService as unknown as AgentEventsService
+      eventsService as unknown as AgentEventsService,
+      messagesService as unknown as AgentMessagesService,
+      controlService as unknown as AgentControlService,
+      treeService as unknown as AgentTreeService
    );
  });

@@ -87,6 +122,27 @@ describe("AgentsController", () => {
    expect(controller).toBeDefined();
  });

+  describe("getAgentTree", () => {
+    it("should return tree entries", async () => {
+      const entries = [
+        {
+          sessionId: "agent-1",
+          parentSessionId: null,
+          status: "running",
+          agentType: "worker",
+          taskSource: "internal",
+          spawnedAt: "2026-03-07T00:00:00.000Z",
+          completedAt: null,
+        },
+      ];
+
+      treeService.getTree.mockResolvedValue(entries);
+
+      await expect(controller.getAgentTree()).resolves.toEqual(entries);
+      expect(treeService.getTree).toHaveBeenCalledTimes(1);
+    });
+  });
+
  describe("listAgents", () => {
    it("should return empty array when no agents exist", () => {
      // Arrange
@@ -365,6 +421,93 @@ describe("AgentsController", () => {
    });
  });

+  describe("agent control endpoints", () => {
+    const agentId = "0b64079f-4487-42b9-92eb-cf8ea0042a64";
+
+    it("should inject an operator message", async () => {
+      const req = { apiKey: "control-key" };
+
+      const result = await controller.injectAgentMessage(
+        agentId,
+        { message: "pause and summarize" },
+        req
+      );
+
+      expect(controlService.injectMessage).toHaveBeenCalledWith(
+        agentId,
+        "control-key",
+        "pause and summarize"
+      );
+      expect(result).toEqual({ message: `Message injected into agent ${agentId}` });
+    });
+
+    it("should default operator id when request api key is missing", async () => {
+      await controller.injectAgentMessage(agentId, { message: "continue" }, {});
+
+      expect(controlService.injectMessage).toHaveBeenCalledWith(agentId, "operator", "continue");
+    });
+
+    it("should pause an agent", async () => {
+      const result = await controller.pauseAgent(agentId, {}, { apiKey: "ops-user" });
+
+      expect(controlService.pauseAgent).toHaveBeenCalledWith(agentId, "ops-user");
+      expect(result).toEqual({ message: `Agent ${agentId} paused` });
+    });
+
+    it("should resume an agent", async () => {
+      const result = await controller.resumeAgent(agentId, {}, { apiKey: "ops-user" });
+
+      expect(controlService.resumeAgent).toHaveBeenCalledWith(agentId, "ops-user");
+      expect(result).toEqual({ message: `Agent ${agentId} resumed` });
+    });
+  });
+
+  describe("getAgentMessages", () => {
+    it("should return paginated message history", async () => {
+      const agentId = "0b64079f-4487-42b9-92eb-cf8ea0042a64";
+      const query = {
+        limit: 25,
+        skip: 10,
+      };
+
+      const response = {
+        messages: [
+          {
+            id: "msg-1",
+            sessionId: agentId,
+            role: "agent",
+            content: "hello",
+            provider: "internal",
+            timestamp: new Date("2026-03-07T03:00:00.000Z"),
+            metadata: {},
+          },
+        ],
+        total: 101,
+      };
+
+      messagesService.getMessages.mockResolvedValue(response);
+
+      const result = await controller.getAgentMessages(agentId, query);
+
+      expect(messagesService.getMessages).toHaveBeenCalledWith(agentId, 25, 10);
+      expect(result).toEqual(response);
+    });
+
+    it("should use default pagination values", async () => {
+      const agentId = "0b64079f-4487-42b9-92eb-cf8ea0042a64";
+      const query = {
+        limit: 50,
+        skip: 0,
+      };
+
+      messagesService.getMessages.mockResolvedValue({ messages: [], total: 0 });
+
+      await controller.getAgentMessages(agentId, query);
+
+      expect(messagesService.getMessages).toHaveBeenCalledWith(agentId, 50, 0);
+    });
+  });
+
  describe("getRecentEvents", () => {
    it("should return recent events with default limit", () => {
      eventsService.getRecentEvents.mockReturnValue([
--- a/apps/orchestrator/src/api/agents/agents.controller.ts
+++ b/apps/orchestrator/src/api/agents/agents.controller.ts
@@ -14,7 +14,9 @@ import {
  Sse,
  MessageEvent,
  Query,
+  Request,
 } from "@nestjs/common";
+import type { AgentConversationMessage } from "@prisma/client";
 import { Throttle } from "@nestjs/throttler";
 import { Observable } from "rxjs";
 import { QueueService } from "../../queue/queue.service";
@@ -25,6 +27,13 @@ import { SpawnAgentDto, SpawnAgentResponseDto } from "./dto/spawn-agent.dto";
 import { OrchestratorApiKeyGuard } from "../../common/guards/api-key.guard";
 import { OrchestratorThrottlerGuard } from "../../common/guards/throttler.guard";
 import { AgentEventsService } from "./agent-events.service";
+import { GetMessagesQueryDto } from "./dto/get-messages-query.dto";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentControlService } from "./agent-control.service";
+import { AgentTreeService } from "./agent-tree.service";
+import { AgentTreeResponseDto } from "./dto/agent-tree-response.dto";
+import { InjectAgentDto } from "./dto/inject-agent.dto";
+import { PauseAgentDto, ResumeAgentDto } from "./dto/control-agent.dto";

 /**
 * Controller for agent management endpoints
@@ -47,7 +56,10 @@ export class AgentsController {
    private readonly spawnerService: AgentSpawnerService,
    private readonly lifecycleService: AgentLifecycleService,
    private readonly killswitchService: KillswitchService,
-    private readonly eventsService: AgentEventsService
+    private readonly eventsService: AgentEventsService,
+    private readonly messagesService: AgentMessagesService,
+    private readonly agentControlService: AgentControlService,
+    private readonly agentTreeService: AgentTreeService
  ) {}

  /**
@@ -69,6 +81,7 @@ export class AgentsController {
      // Spawn agent using spawner service
      const spawnResponse = this.spawnerService.spawnAgent({
        taskId: dto.taskId,
+        ...(dto.parentAgentId !== undefined ? { parentAgentId: dto.parentAgentId } : {}),
        agentType: dto.agentType,
        context: dto.context,
      });
@@ -143,6 +156,13 @@ export class AgentsController {
    };
  }

+  @Get("tree")
+  @UseGuards(OrchestratorApiKeyGuard)
+  @Throttle({ default: { limit: 200, ttl: 60000 } })
+  async getAgentTree(): Promise<AgentTreeResponseDto[]> {
+    return this.agentTreeService.getTree();
+  }
+
  /**
   * List all agents
   * @returns Array of all agent sessions with their status
@@ -185,6 +205,107 @@ export class AgentsController {
    }
  }

+  /**
+   * Get paginated message history for an agent.
+   */
+  @Get(":agentId/messages")
+  @Throttle({ status: { limit: 200, ttl: 60000 } })
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async getAgentMessages(
+    @Param("agentId", ParseUUIDPipe) agentId: string,
+    @Query() query: GetMessagesQueryDto
+  ): Promise<{
+    messages: AgentConversationMessage[];
+    total: number;
+  }> {
+    return this.messagesService.getMessages(agentId, query.limit, query.skip);
+  }
+
+  /**
+   * Stream per-agent conversation messages as server-sent events (SSE).
+   */
+  @Sse(":agentId/messages/stream")
+  @Throttle({ status: { limit: 200, ttl: 60000 } })
+  streamAgentMessages(@Param("agentId", ParseUUIDPipe) agentId: string): Observable<MessageEvent> {
+    return new Observable<MessageEvent>((subscriber) => {
+      let isClosed = false;
+      let lastSeenTimestamp = new Date();
+      let lastSeenMessageId: string | null = null;
+
+      const emitMessage = (message: AgentConversationMessage): void => {
+        if (isClosed) {
+          return;
+        }
+
+        subscriber.next({
+          data: this.toMessageStreamPayload(message),
+        });
+
+        lastSeenTimestamp = message.timestamp;
+        lastSeenMessageId = message.id;
+      };
+
+      void this.messagesService
+        .getReplayMessages(agentId, 50)
+        .then((messages) => {
+          if (isClosed) {
+            return;
+          }
+
+          messages.forEach((message) => {
+            emitMessage(message);
+          });
+
+          if (messages.length === 0) {
+            lastSeenTimestamp = new Date();
+            lastSeenMessageId = null;
+          }
+        })
+        .catch((error: unknown) => {
+          this.logger.error(
+            `Failed to load replay messages for ${agentId}: ${error instanceof Error ? error.message : String(error)}`
+          );
+          lastSeenTimestamp = new Date();
+          lastSeenMessageId = null;
+        });
+
+      const pollInterval = setInterval(() => {
+        if (isClosed) {
+          return;
+        }
+
+        void this.messagesService
+          .getMessagesAfter(agentId, lastSeenTimestamp, lastSeenMessageId)
+          .then((messages) => {
+            if (isClosed || messages.length === 0) {
+              return;
+            }
+
+            messages.forEach((message) => {
+              emitMessage(message);
+            });
+          })
+          .catch((error: unknown) => {
+            this.logger.error(
+              `Failed to poll messages for ${agentId}: ${error instanceof Error ? error.message : String(error)}`
+            );
+          });
+      }, 1000);
+
+      const heartbeat = setInterval(() => {
+        if (!isClosed) {
+          subscriber.next({ data: { type: "heartbeat" } });
+        }
+      }, 15000);
+
+      return () => {
+        isClosed = true;
+        clearInterval(pollInterval);
+        clearInterval(heartbeat);
+      };
+    });
+  }
+
  /**
   * Get agent status
   * @param agentId Agent ID to query
@@ -269,6 +390,57 @@ export class AgentsController {
    }
  }

+  @Post(":agentId/inject")
+  @Throttle({ default: { limit: 10, ttl: 60000 } })
+  @HttpCode(200)
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async injectAgentMessage(
+    @Param("agentId", ParseUUIDPipe) agentId: string,
+    @Body() dto: InjectAgentDto,
+    @Request() req: { apiKey?: string }
+  ): Promise<{ message: string }> {
+    const operatorId = req.apiKey ?? "operator";
+    await this.agentControlService.injectMessage(agentId, operatorId, dto.message);
+
+    return {
+      message: `Message injected into agent ${agentId}`,
+    };
+  }
+
+  @Post(":agentId/pause")
+  @Throttle({ default: { limit: 10, ttl: 60000 } })
+  @HttpCode(200)
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async pauseAgent(
+    @Param("agentId", ParseUUIDPipe) agentId: string,
+    @Body() _dto: PauseAgentDto,
+    @Request() req: { apiKey?: string }
+  ): Promise<{ message: string }> {
+    const operatorId = req.apiKey ?? "operator";
+    await this.agentControlService.pauseAgent(agentId, operatorId);
+
+    return {
+      message: `Agent ${agentId} paused`,
+    };
+  }
+
+  @Post(":agentId/resume")
+  @Throttle({ default: { limit: 10, ttl: 60000 } })
+  @HttpCode(200)
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async resumeAgent(
+    @Param("agentId", ParseUUIDPipe) agentId: string,
+    @Body() _dto: ResumeAgentDto,
+    @Request() req: { apiKey?: string }
+  ): Promise<{ message: string }> {
+    const operatorId = req.apiKey ?? "operator";
+    await this.agentControlService.resumeAgent(agentId, operatorId);
+
+    return {
+      message: `Agent ${agentId} resumed`,
+    };
+  }
+
  /**
   * Kill all active agents
   * @returns Summary of kill operation
@@ -301,4 +473,24 @@ export class AgentsController {
      throw error;
    }
  }
+
+  private toMessageStreamPayload(message: AgentConversationMessage): {
+    messageId: string;
+    sessionId: string;
+    role: string;
+    content: string;
+    provider: string;
+    timestamp: string;
+    metadata: unknown;
+  } {
+    return {
+      messageId: message.id,
+      sessionId: message.sessionId,
+      role: message.role,
+      content: message.content,
+      provider: message.provider,
+      timestamp: message.timestamp.toISOString(),
+      metadata: message.metadata,
+    };
+  }
 }
--- a/apps/orchestrator/src/api/agents/agents.module.ts
+++ b/apps/orchestrator/src/api/agents/agents.module.ts
@@ -6,10 +6,25 @@ import { KillswitchModule } from "../../killswitch/killswitch.module";
 import { ValkeyModule } from "../../valkey/valkey.module";
 import { OrchestratorApiKeyGuard } from "../../common/guards/api-key.guard";
 import { AgentEventsService } from "./agent-events.service";
+import { PrismaModule } from "../../prisma/prisma.module";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentControlService } from "./agent-control.service";
+import { AgentTreeService } from "./agent-tree.service";
+import { InternalAgentProvider } from "./internal-agent.provider";
+import { AgentProviderRegistry } from "./agent-provider.registry";

@Module({
-  imports: [QueueModule, SpawnerModule, KillswitchModule, ValkeyModule],
+  imports: [QueueModule, SpawnerModule, KillswitchModule, ValkeyModule, PrismaModule],
  controllers: [AgentsController],
-  providers: [OrchestratorApiKeyGuard, AgentEventsService],
+  providers: [
+    OrchestratorApiKeyGuard,
+    AgentEventsService,
+    AgentMessagesService,
+    AgentControlService,
+    AgentTreeService,
+    InternalAgentProvider,
+    AgentProviderRegistry,
+  ],
+  exports: [InternalAgentProvider, AgentProviderRegistry],
 })
 export class AgentsModule {}
--- a/apps/orchestrator/src/api/agents/dto/agent-tree-response.dto.ts
+++ b/apps/orchestrator/src/api/agents/dto/agent-tree-response.dto.ts
@@ -0,0 +1,9 @@
+export class AgentTreeResponseDto {
+  sessionId!: string;
+  parentSessionId!: string | null;
+  status!: string;
+  agentType!: string | null;
+  taskSource!: string | null;
+  spawnedAt!: string;
+  completedAt!: string | null;
+}
--- a/apps/orchestrator/src/api/agents/dto/control-agent.dto.ts
+++ b/apps/orchestrator/src/api/agents/dto/control-agent.dto.ts
@@ -0,0 +1,3 @@
+export class PauseAgentDto {}
+
+export class ResumeAgentDto {}
--- a/apps/orchestrator/src/api/agents/dto/get-messages-query.dto.spec.ts
+++ b/apps/orchestrator/src/api/agents/dto/get-messages-query.dto.spec.ts
@@ -0,0 +1,37 @@
+import { plainToInstance } from "class-transformer";
+import { validate } from "class-validator";
+import { describe, expect, it } from "vitest";
+import { GetMessagesQueryDto } from "./get-messages-query.dto";
+
+describe("GetMessagesQueryDto", () => {
+  it("should use defaults when empty", async () => {
+    const dto = plainToInstance(GetMessagesQueryDto, {});
+    const errors = await validate(dto);
+
+    expect(errors).toHaveLength(0);
+    expect(dto.limit).toBe(50);
+    expect(dto.skip).toBe(0);
+  });
+
+  it("should reject limit greater than 200", async () => {
+    const dto = plainToInstance(GetMessagesQueryDto, {
+      limit: 201,
+      skip: 0,
+    });
+    const errors = await validate(dto);
+
+    expect(errors.length).toBeGreaterThan(0);
+    expect(errors.some((error) => error.property === "limit")).toBe(true);
+  });
+
+  it("should reject negative skip", async () => {
+    const dto = plainToInstance(GetMessagesQueryDto, {
+      limit: 50,
+      skip: -1,
+    });
+    const errors = await validate(dto);
+
+    expect(errors.length).toBeGreaterThan(0);
+    expect(errors.some((error) => error.property === "skip")).toBe(true);
+  });
+});
--- a/apps/orchestrator/src/api/agents/dto/get-messages-query.dto.ts
+++ b/apps/orchestrator/src/api/agents/dto/get-messages-query.dto.ts
@@ -0,0 +1,17 @@
+import { Type } from "class-transformer";
+import { IsInt, IsOptional, Max, Min } from "class-validator";
+
+export class GetMessagesQueryDto {
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  @Max(200)
+  limit = 50;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(0)
+  skip = 0;
+}
--- a/apps/orchestrator/src/api/agents/dto/inject-agent.dto.ts
+++ b/apps/orchestrator/src/api/agents/dto/inject-agent.dto.ts
@@ -0,0 +1,7 @@
+import { IsNotEmpty, IsString } from "class-validator";
+
+export class InjectAgentDto {
+  @IsString()
+  @IsNotEmpty()
+  message!: string;
+}
--- a/apps/orchestrator/src/api/agents/dto/spawn-agent.dto.ts
+++ b/apps/orchestrator/src/api/agents/dto/spawn-agent.dto.ts
@@ -116,6 +116,10 @@ export class SpawnAgentDto {
  @IsOptional()
  @IsIn(["strict", "standard", "minimal", "custom"])
  gateProfile?: GateProfileType;
+
+  @IsOptional()
+  @IsString()
+  parentAgentId?: string;
 }

 /**
--- a/apps/orchestrator/src/api/agents/internal-agent.provider.spec.ts
+++ b/apps/orchestrator/src/api/agents/internal-agent.provider.spec.ts
@@ -0,0 +1,216 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { AgentConversationMessage, AgentSessionTree } from "@prisma/client";
+import { AgentControlService } from "./agent-control.service";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentTreeService } from "./agent-tree.service";
+import { InternalAgentProvider } from "./internal-agent.provider";
+
+describe("InternalAgentProvider", () => {
+  let provider: InternalAgentProvider;
+  let messagesService: {
+    getMessages: ReturnType<typeof vi.fn>;
+    getReplayMessages: ReturnType<typeof vi.fn>;
+    getMessagesAfter: ReturnType<typeof vi.fn>;
+  };
+  let controlService: {
+    injectMessage: ReturnType<typeof vi.fn>;
+    pauseAgent: ReturnType<typeof vi.fn>;
+    resumeAgent: ReturnType<typeof vi.fn>;
+    killAgent: ReturnType<typeof vi.fn>;
+  };
+  let treeService: {
+    listSessions: ReturnType<typeof vi.fn>;
+    getSession: ReturnType<typeof vi.fn>;
+  };
+
+  beforeEach(() => {
+    messagesService = {
+      getMessages: vi.fn(),
+      getReplayMessages: vi.fn(),
+      getMessagesAfter: vi.fn(),
+    };
+
+    controlService = {
+      injectMessage: vi.fn().mockResolvedValue(undefined),
+      pauseAgent: vi.fn().mockResolvedValue(undefined),
+      resumeAgent: vi.fn().mockResolvedValue(undefined),
+      killAgent: vi.fn().mockResolvedValue(undefined),
+    };
+
+    treeService = {
+      listSessions: vi.fn(),
+      getSession: vi.fn(),
+    };
+
+    provider = new InternalAgentProvider(
+      messagesService as unknown as AgentMessagesService,
+      controlService as unknown as AgentControlService,
+      treeService as unknown as AgentTreeService
+    );
+  });
+
+  it("maps paginated sessions", async () => {
+    const sessionEntry: AgentSessionTree = {
+      id: "tree-1",
+      sessionId: "session-1",
+      parentSessionId: "parent-1",
+      provider: "internal",
+      missionId: null,
+      taskId: "task-123",
+      taskSource: "queue",
+      agentType: "worker",
+      status: "running",
+      spawnedAt: new Date("2026-03-07T10:00:00.000Z"),
+      completedAt: null,
+      metadata: { branch: "feat/test" },
+    };
+
+    treeService.listSessions.mockResolvedValue({
+      sessions: [sessionEntry],
+      total: 1,
+      cursor: "next-cursor",
+    });
+
+    const result = await provider.listSessions("cursor-1", 25);
+
+    expect(treeService.listSessions).toHaveBeenCalledWith("cursor-1", 25);
+    expect(result).toEqual({
+      sessions: [
+        {
+          id: "session-1",
+          providerId: "internal",
+          providerType: "internal",
+          label: "task-123",
+          status: "active",
+          parentSessionId: "parent-1",
+          createdAt: new Date("2026-03-07T10:00:00.000Z"),
+          updatedAt: new Date("2026-03-07T10:00:00.000Z"),
+          metadata: { branch: "feat/test" },
+        },
+      ],
+      total: 1,
+      cursor: "next-cursor",
+    });
+  });
+
+  it("returns null for missing session", async () => {
+    treeService.getSession.mockResolvedValue(null);
+
+    const result = await provider.getSession("missing-session");
+
+    expect(treeService.getSession).toHaveBeenCalledWith("missing-session");
+    expect(result).toBeNull();
+  });
+
+  it("maps message history and parses skip cursor", async () => {
+    const message: AgentConversationMessage = {
+      id: "msg-1",
+      sessionId: "session-1",
+      provider: "internal",
+      role: "agent",
+      content: "hello",
+      timestamp: new Date("2026-03-07T10:05:00.000Z"),
+      metadata: { tokens: 42 },
+    };
+
+    messagesService.getMessages.mockResolvedValue({
+      messages: [message],
+      total: 10,
+    });
+
+    const result = await provider.getMessages("session-1", 30, "2");
+
+    expect(messagesService.getMessages).toHaveBeenCalledWith("session-1", 30, 2);
+    expect(result).toEqual([
+      {
+        id: "msg-1",
+        sessionId: "session-1",
+        role: "assistant",
+        content: "hello",
+        timestamp: new Date("2026-03-07T10:05:00.000Z"),
+        metadata: { tokens: 42 },
+      },
+    ]);
+  });
+
+  it("routes control operations through AgentControlService", async () => {
+    const injectResult = await provider.injectMessage("session-1", "new instruction");
+
+    await provider.pauseSession("session-1");
+    await provider.resumeSession("session-1");
+    await provider.killSession("session-1", false);
+
+    expect(controlService.injectMessage).toHaveBeenCalledWith(
+      "session-1",
+      "internal-provider",
+      "new instruction"
+    );
+    expect(injectResult).toEqual({ accepted: true });
+    expect(controlService.pauseAgent).toHaveBeenCalledWith("session-1", "internal-provider");
+    expect(controlService.resumeAgent).toHaveBeenCalledWith("session-1", "internal-provider");
+    expect(controlService.killAgent).toHaveBeenCalledWith("session-1", "internal-provider", false);
+  });
+
+  it("streams replay and incremental messages", async () => {
+    const replayMessage: AgentConversationMessage = {
+      id: "msg-replay",
+      sessionId: "session-1",
+      provider: "internal",
+      role: "agent",
+      content: "replay",
+      timestamp: new Date("2026-03-07T10:00:00.000Z"),
+      metadata: {},
+    };
+    const incrementalMessage: AgentConversationMessage = {
+      id: "msg-live",
+      sessionId: "session-1",
+      provider: "internal",
+      role: "operator",
+      content: "live",
+      timestamp: new Date("2026-03-07T10:00:01.000Z"),
+      metadata: {},
+    };
+
+    messagesService.getReplayMessages.mockResolvedValue([replayMessage]);
+    messagesService.getMessagesAfter
+      .mockResolvedValueOnce([incrementalMessage])
+      .mockResolvedValueOnce([]);
+
+    const iterator = provider.streamMessages("session-1")[Symbol.asyncIterator]();
+
+    const first = await iterator.next();
+    const second = await iterator.next();
+
+    expect(first.done).toBe(false);
+    expect(first.value).toEqual({
+      id: "msg-replay",
+      sessionId: "session-1",
+      role: "assistant",
+      content: "replay",
+      timestamp: new Date("2026-03-07T10:00:00.000Z"),
+      metadata: {},
+    });
+    expect(second.done).toBe(false);
+    expect(second.value).toEqual({
+      id: "msg-live",
+      sessionId: "session-1",
+      role: "user",
+      content: "live",
+      timestamp: new Date("2026-03-07T10:00:01.000Z"),
+      metadata: {},
+    });
+
+    await iterator.return?.();
+
+    expect(messagesService.getReplayMessages).toHaveBeenCalledWith("session-1", 50);
+    expect(messagesService.getMessagesAfter).toHaveBeenCalledWith(
+      "session-1",
+      new Date("2026-03-07T10:00:00.000Z"),
+      "msg-replay"
+    );
+  });
+
+  it("reports provider availability", async () => {
+    await expect(provider.isAvailable()).resolves.toBe(true);
+  });
+});
--- a/apps/orchestrator/src/api/agents/internal-agent.provider.ts
+++ b/apps/orchestrator/src/api/agents/internal-agent.provider.ts
@@ -0,0 +1,218 @@
+import { Injectable } from "@nestjs/common";
+import type {
+  AgentMessage,
+  AgentMessageRole,
+  AgentSession,
+  AgentSessionList,
+  AgentSessionStatus,
+  IAgentProvider,
+  InjectResult,
+} from "@mosaic/shared";
+import type { AgentConversationMessage, AgentSessionTree } from "@prisma/client";
+import { AgentControlService } from "./agent-control.service";
+import { AgentMessagesService } from "./agent-messages.service";
+import { AgentTreeService } from "./agent-tree.service";
+
+const DEFAULT_SESSION_LIMIT = 50;
+const DEFAULT_MESSAGE_LIMIT = 50;
+const MAX_MESSAGE_LIMIT = 200;
+const STREAM_POLL_INTERVAL_MS = 1000;
+const INTERNAL_OPERATOR_ID = "internal-provider";
+
+@Injectable()
+export class InternalAgentProvider implements IAgentProvider {
+  readonly providerId = "internal";
+  readonly providerType = "internal";
+  readonly displayName = "Internal Orchestrator";
+
+  constructor(
+    private readonly messagesService: AgentMessagesService,
+    private readonly controlService: AgentControlService,
+    private readonly treeService: AgentTreeService
+  ) {}
+
+  async listSessions(cursor?: string, limit = DEFAULT_SESSION_LIMIT): Promise<AgentSessionList> {
+    const {
+      sessions,
+      total,
+      cursor: nextCursor,
+    } = await this.treeService.listSessions(cursor, limit);
+
+    return {
+      sessions: sessions.map((session) => this.toAgentSession(session)),
+      total,
+      ...(nextCursor !== undefined ? { cursor: nextCursor } : {}),
+    };
+  }
+
+  async getSession(sessionId: string): Promise<AgentSession | null> {
+    const session = await this.treeService.getSession(sessionId);
+    return session ? this.toAgentSession(session) : null;
+  }
+
+  async getMessages(
+    sessionId: string,
+    limit = DEFAULT_MESSAGE_LIMIT,
+    before?: string
+  ): Promise<AgentMessage[]> {
+    const safeLimit = this.normalizeMessageLimit(limit);
+    const skip = this.parseSkip(before);
+
+    const result = await this.messagesService.getMessages(sessionId, safeLimit, skip);
+    return result.messages.map((message) => this.toAgentMessage(message));
+  }
+
+  async injectMessage(sessionId: string, content: string): Promise<InjectResult> {
+    await this.controlService.injectMessage(sessionId, INTERNAL_OPERATOR_ID, content);
+
+    return {
+      accepted: true,
+    };
+  }
+
+  async pauseSession(sessionId: string): Promise<void> {
+    await this.controlService.pauseAgent(sessionId, INTERNAL_OPERATOR_ID);
+  }
+
+  async resumeSession(sessionId: string): Promise<void> {
+    await this.controlService.resumeAgent(sessionId, INTERNAL_OPERATOR_ID);
+  }
+
+  async killSession(sessionId: string, force = true): Promise<void> {
+    await this.controlService.killAgent(sessionId, INTERNAL_OPERATOR_ID, force);
+  }
+
+  async *streamMessages(sessionId: string): AsyncIterable<AgentMessage> {
+    const replayMessages = await this.messagesService.getReplayMessages(
+      sessionId,
+      DEFAULT_MESSAGE_LIMIT
+    );
+
+    let lastSeenTimestamp = new Date();
+    let lastSeenMessageId: string | null = null;
+
+    for (const message of replayMessages) {
+      yield this.toAgentMessage(message);
+      lastSeenTimestamp = message.timestamp;
+      lastSeenMessageId = message.id;
+    }
+
+    for (;;) {
+      const newMessages = await this.messagesService.getMessagesAfter(
+        sessionId,
+        lastSeenTimestamp,
+        lastSeenMessageId
+      );
+
+      for (const message of newMessages) {
+        yield this.toAgentMessage(message);
+        lastSeenTimestamp = message.timestamp;
+        lastSeenMessageId = message.id;
+      }
+
+      await this.delay(STREAM_POLL_INTERVAL_MS);
+    }
+  }
+
+  isAvailable(): Promise<boolean> {
+    return Promise.resolve(true);
+  }
+
+  private toAgentSession(session: AgentSessionTree): AgentSession {
+    const metadata = this.toMetadata(session.metadata);
+
+    return {
+      id: session.sessionId,
+      providerId: this.providerId,
+      providerType: this.providerType,
+      ...(session.taskId !== null ? { label: session.taskId } : {}),
+      status: this.toSessionStatus(session.status),
+      ...(session.parentSessionId !== null ? { parentSessionId: session.parentSessionId } : {}),
+      createdAt: session.spawnedAt,
+      updatedAt: session.completedAt ?? session.spawnedAt,
+      ...(metadata !== undefined ? { metadata } : {}),
+    };
+  }
+
+  private toAgentMessage(message: AgentConversationMessage): AgentMessage {
+    const metadata = this.toMetadata(message.metadata);
+
+    return {
+      id: message.id,
+      sessionId: message.sessionId,
+      role: this.toMessageRole(message.role),
+      content: message.content,
+      timestamp: message.timestamp,
+      ...(metadata !== undefined ? { metadata } : {}),
+    };
+  }
+
+  private toSessionStatus(status: string): AgentSessionStatus {
+    switch (status) {
+      case "running":
+        return "active";
+      case "paused":
+        return "paused";
+      case "completed":
+        return "completed";
+      case "failed":
+      case "killed":
+        return "failed";
+      case "spawning":
+      default:
+        return "idle";
+    }
+  }
+
+  private toMessageRole(role: string): AgentMessageRole {
+    switch (role) {
+      case "agent":
+      case "assistant":
+        return "assistant";
+      case "system":
+        return "system";
+      case "tool":
+        return "tool";
+      case "operator":
+      case "user":
+      default:
+        return "user";
+    }
+  }
+
+  private normalizeMessageLimit(limit: number): number {
+    const normalized = Number.isFinite(limit) ? Math.trunc(limit) : DEFAULT_MESSAGE_LIMIT;
+    if (normalized < 1) {
+      return 1;
+    }
+
+    return Math.min(normalized, MAX_MESSAGE_LIMIT);
+  }
+
+  private parseSkip(before?: string): number {
+    if (!before) {
+      return 0;
+    }
+
+    const parsed = Number.parseInt(before, 10);
+    if (Number.isNaN(parsed) || parsed < 0) {
+      return 0;
+    }
+
+    return parsed;
+  }
+
+  private toMetadata(value: unknown): Record<string, unknown> | undefined {
+    if (value !== null && typeof value === "object" && !Array.isArray(value)) {
+      return value as Record<string, unknown>;
+    }
+
+    return undefined;
+  }
+
+  private async delay(ms: number): Promise<void> {
+    await new Promise((resolve) => {
+      setTimeout(resolve, ms);
+    });
+  }
+}
--- a/apps/orchestrator/src/api/mission-control/dto/get-mission-control-audit-log-query.dto.ts
+++ b/apps/orchestrator/src/api/mission-control/dto/get-mission-control-audit-log-query.dto.ts
@@ -0,0 +1,21 @@
+import { Type } from "class-transformer";
+import { IsInt, IsOptional, IsString, Max, Min } from "class-validator";
+
+export class GetMissionControlAuditLogQueryDto {
+  @IsOptional()
+  @IsString()
+  sessionId?: string;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  page = 1;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  @Max(200)
+  limit = 50;
+}
--- a/apps/orchestrator/src/api/mission-control/dto/get-mission-control-messages-query.dto.ts
+++ b/apps/orchestrator/src/api/mission-control/dto/get-mission-control-messages-query.dto.ts
@@ -0,0 +1,15 @@
+import { Type } from "class-transformer";
+import { IsInt, IsOptional, IsString, Max, Min } from "class-validator";
+
+export class GetMissionControlMessagesQueryDto {
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt()
+  @Min(1)
+  @Max(200)
+  limit?: number;
+
+  @IsOptional()
+  @IsString()
+  before?: string;
+}
--- a/apps/orchestrator/src/api/mission-control/dto/kill-session.dto.ts
+++ b/apps/orchestrator/src/api/mission-control/dto/kill-session.dto.ts
@@ -0,0 +1,7 @@
+import { IsBoolean, IsOptional } from "class-validator";
+
+export class KillSessionDto {
+  @IsOptional()
+  @IsBoolean()
+  force?: boolean;
+}
--- a/apps/orchestrator/src/api/mission-control/mission-control.controller.spec.ts
+++ b/apps/orchestrator/src/api/mission-control/mission-control.controller.spec.ts
@@ -0,0 +1,67 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { AgentSession } from "@mosaic/shared";
+import type { PrismaService } from "../../prisma/prisma.service";
+import { AgentProviderRegistry } from "../agents/agent-provider.registry";
+import { MissionControlController } from "./mission-control.controller";
+import { MissionControlService } from "./mission-control.service";
+
+describe("MissionControlController", () => {
+  let controller: MissionControlController;
+  let registry: {
+    listAllSessions: ReturnType<typeof vi.fn>;
+    getProviderForSession: ReturnType<typeof vi.fn>;
+  };
+
+  beforeEach(() => {
+    registry = {
+      listAllSessions: vi.fn(),
+      getProviderForSession: vi.fn(),
+    };
+
+    const prisma = {
+      operatorAuditLog: {
+        create: vi.fn().mockResolvedValue(undefined),
+      },
+    };
+
+    const service = new MissionControlService(
+      registry as unknown as AgentProviderRegistry,
+      prisma as unknown as PrismaService
+    );
+
+    controller = new MissionControlController(service);
+  });
+
+  it("Phase 1 gate: unified sessions endpoint returns internal provider sessions", async () => {
+    const internalSession: AgentSession = {
+      id: "session-internal-1",
+      providerId: "internal",
+      providerType: "internal",
+      status: "active",
+      createdAt: new Date("2026-03-07T20:00:00.000Z"),
+      updatedAt: new Date("2026-03-07T20:01:00.000Z"),
+    };
+
+    const externalSession: AgentSession = {
+      id: "session-openclaw-1",
+      providerId: "openclaw",
+      providerType: "external",
+      status: "active",
+      createdAt: new Date("2026-03-07T20:02:00.000Z"),
+      updatedAt: new Date("2026-03-07T20:03:00.000Z"),
+    };
+
+    registry.listAllSessions.mockResolvedValue([internalSession, externalSession]);
+
+    const response = await controller.listSessions();
+
+    expect(registry.listAllSessions).toHaveBeenCalledTimes(1);
+    expect(response.sessions).toEqual([internalSession, externalSession]);
+    expect(response.sessions).toContainEqual(
+      expect.objectContaining({
+        id: "session-internal-1",
+        providerId: "internal",
+      })
+    );
+  });
+});
--- a/apps/orchestrator/src/api/mission-control/mission-control.controller.ts
+++ b/apps/orchestrator/src/api/mission-control/mission-control.controller.ts
@@ -0,0 +1,192 @@
+import {
+  Body,
+  Controller,
+  Get,
+  Header,
+  HttpCode,
+  MessageEvent,
+  Param,
+  Post,
+  Query,
+  Request,
+  Sse,
+  UseGuards,
+  UsePipes,
+  ValidationPipe,
+} from "@nestjs/common";
+import type { AgentMessage, AgentSession, InjectResult } from "@mosaic/shared";
+import { Observable } from "rxjs";
+import { AuthGuard } from "../../auth/guards/auth.guard";
+import { InjectAgentDto } from "../agents/dto/inject-agent.dto";
+import { GetMissionControlAuditLogQueryDto } from "./dto/get-mission-control-audit-log-query.dto";
+import { GetMissionControlMessagesQueryDto } from "./dto/get-mission-control-messages-query.dto";
+import { KillSessionDto } from "./dto/kill-session.dto";
+import { MissionControlService, type MissionControlAuditLogPage } from "./mission-control.service";
+
+const DEFAULT_OPERATOR_ID = "mission-control";
+
+interface MissionControlRequest {
+  user?: {
+    id?: string;
+  };
+}
+
+@Controller("api/mission-control")
+@UseGuards(AuthGuard)
+export class MissionControlController {
+  constructor(private readonly missionControlService: MissionControlService) {}
+
+  @Get("sessions")
+  async listSessions(): Promise<{ sessions: AgentSession[] }> {
+    const sessions = await this.missionControlService.listSessions();
+    return { sessions };
+  }
+
+  @Get("sessions/:sessionId")
+  getSession(@Param("sessionId") sessionId: string): Promise<AgentSession> {
+    return this.missionControlService.getSession(sessionId);
+  }
+
+  @Get("sessions/:sessionId/messages")
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async getMessages(
+    @Param("sessionId") sessionId: string,
+    @Query() query: GetMissionControlMessagesQueryDto
+  ): Promise<{ messages: AgentMessage[] }> {
+    const messages = await this.missionControlService.getMessages(
+      sessionId,
+      query.limit,
+      query.before
+    );
+
+    return { messages };
+  }
+
+  @Get("audit-log")
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  getAuditLog(
+    @Query() query: GetMissionControlAuditLogQueryDto
+  ): Promise<MissionControlAuditLogPage> {
+    return this.missionControlService.getAuditLog(query.sessionId, query.page, query.limit);
+  }
+
+  @Post("sessions/:sessionId/inject")
+  @HttpCode(200)
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  injectMessage(
+    @Param("sessionId") sessionId: string,
+    @Body() dto: InjectAgentDto,
+    @Request() req: MissionControlRequest
+  ): Promise<InjectResult> {
+    return this.missionControlService.injectMessage(
+      sessionId,
+      dto.message,
+      this.resolveOperatorId(req)
+    );
+  }
+
+  @Post("sessions/:sessionId/pause")
+  @HttpCode(200)
+  async pauseSession(
+    @Param("sessionId") sessionId: string,
+    @Request() req: MissionControlRequest
+  ): Promise<{ message: string }> {
+    await this.missionControlService.pauseSession(sessionId, this.resolveOperatorId(req));
+
+    return { message: `Session ${sessionId} paused` };
+  }
+
+  @Post("sessions/:sessionId/resume")
+  @HttpCode(200)
+  async resumeSession(
+    @Param("sessionId") sessionId: string,
+    @Request() req: MissionControlRequest
+  ): Promise<{ message: string }> {
+    await this.missionControlService.resumeSession(sessionId, this.resolveOperatorId(req));
+
+    return { message: `Session ${sessionId} resumed` };
+  }
+
+  @Post("sessions/:sessionId/kill")
+  @HttpCode(200)
+  @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
+  async killSession(
+    @Param("sessionId") sessionId: string,
+    @Body() dto: KillSessionDto,
+    @Request() req: MissionControlRequest
+  ): Promise<{ message: string }> {
+    await this.missionControlService.killSession(
+      sessionId,
+      dto.force ?? true,
+      this.resolveOperatorId(req)
+    );
+
+    return { message: `Session ${sessionId} killed` };
+  }
+
+  @Sse("sessions/:sessionId/stream")
+  @Header("Content-Type", "text/event-stream")
+  @Header("Cache-Control", "no-cache")
+  streamSessionMessages(@Param("sessionId") sessionId: string): Observable<MessageEvent> {
+    return new Observable<MessageEvent>((subscriber) => {
+      let isClosed = false;
+      let iterator: AsyncIterator<AgentMessage> | null = null;
+
+      void this.missionControlService
+        .streamMessages(sessionId)
+        .then(async (stream) => {
+          iterator = stream[Symbol.asyncIterator]();
+
+          for (;;) {
+            if (isClosed) {
+              break;
+            }
+
+            const next = (await iterator.next()) as { done: boolean; value: AgentMessage };
+            if (next.done) {
+              break;
+            }
+
+            subscriber.next({
+              data: this.toStreamPayload(next.value),
+            });
+          }
+
+          subscriber.complete();
+        })
+        .catch((error: unknown) => {
+          subscriber.error(error);
+        });
+
+      return () => {
+        isClosed = true;
+        void iterator?.return?.();
+      };
+    });
+  }
+
+  private resolveOperatorId(req: MissionControlRequest): string {
+    const operatorId = req.user?.id;
+    return typeof operatorId === "string" && operatorId.length > 0
+      ? operatorId
+      : DEFAULT_OPERATOR_ID;
+  }
+
+  private toStreamPayload(message: AgentMessage): {
+    id: string;
+    sessionId: string;
+    role: string;
+    content: string;
+    timestamp: string;
+    metadata?: Record<string, unknown>;
+  } {
+    return {
+      id: message.id,
+      sessionId: message.sessionId,
+      role: message.role,
+      content: message.content,
+      timestamp: message.timestamp.toISOString(),
+      ...(message.metadata !== undefined ? { metadata: message.metadata } : {}),
+    };
+  }
+}
--- a/apps/orchestrator/src/api/mission-control/mission-control.module.ts
+++ b/apps/orchestrator/src/api/mission-control/mission-control.module.ts
@@ -0,0 +1,13 @@
+import { Module } from "@nestjs/common";
+import { AgentsModule } from "../agents/agents.module";
+import { AuthModule } from "../../auth/auth.module";
+import { PrismaModule } from "../../prisma/prisma.module";
+import { MissionControlController } from "./mission-control.controller";
+import { MissionControlService } from "./mission-control.service";
+
+@Module({
+  imports: [AgentsModule, AuthModule, PrismaModule],
+  controllers: [MissionControlController],
+  providers: [MissionControlService],
+})
+export class MissionControlModule {}
--- a/apps/orchestrator/src/api/mission-control/mission-control.service.spec.ts
+++ b/apps/orchestrator/src/api/mission-control/mission-control.service.spec.ts
@@ -0,0 +1,213 @@
+import { NotFoundException } from "@nestjs/common";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { AgentMessage, AgentSession, IAgentProvider, InjectResult } from "@mosaic/shared";
+import type { PrismaService } from "../../prisma/prisma.service";
+import { AgentProviderRegistry } from "../agents/agent-provider.registry";
+import { MissionControlService } from "./mission-control.service";
+
+type MockProvider = IAgentProvider & {
+  listSessions: ReturnType<typeof vi.fn>;
+  getSession: ReturnType<typeof vi.fn>;
+  getMessages: ReturnType<typeof vi.fn>;
+  injectMessage: ReturnType<typeof vi.fn>;
+  pauseSession: ReturnType<typeof vi.fn>;
+  resumeSession: ReturnType<typeof vi.fn>;
+  killSession: ReturnType<typeof vi.fn>;
+  streamMessages: ReturnType<typeof vi.fn>;
+};
+
+const emptyMessageStream = async function* (): AsyncIterable<AgentMessage> {
+  return;
+};
+
+const createProvider = (providerId = "internal"): MockProvider => ({
+  providerId,
+  providerType: providerId,
+  displayName: providerId,
+  listSessions: vi.fn().mockResolvedValue({ sessions: [], total: 0 }),
+  getSession: vi.fn().mockResolvedValue(null),
+  getMessages: vi.fn().mockResolvedValue([]),
+  injectMessage: vi.fn().mockResolvedValue({ accepted: true } as InjectResult),
+  pauseSession: vi.fn().mockResolvedValue(undefined),
+  resumeSession: vi.fn().mockResolvedValue(undefined),
+  killSession: vi.fn().mockResolvedValue(undefined),
+  streamMessages: vi.fn().mockReturnValue(emptyMessageStream()),
+  isAvailable: vi.fn().mockResolvedValue(true),
+});
+
+describe("MissionControlService", () => {
+  let service: MissionControlService;
+  let registry: {
+    listAllSessions: ReturnType<typeof vi.fn>;
+    getProviderForSession: ReturnType<typeof vi.fn>;
+  };
+  let prisma: {
+    operatorAuditLog: {
+      create: ReturnType<typeof vi.fn>;
+    };
+  };
+
+  const session: AgentSession = {
+    id: "session-1",
+    providerId: "internal",
+    providerType: "internal",
+    status: "active",
+    createdAt: new Date("2026-03-07T14:00:00.000Z"),
+    updatedAt: new Date("2026-03-07T14:01:00.000Z"),
+  };
+
+  beforeEach(() => {
+    registry = {
+      listAllSessions: vi.fn().mockResolvedValue([session]),
+      getProviderForSession: vi.fn().mockResolvedValue(null),
+    };
+
+    prisma = {
+      operatorAuditLog: {
+        create: vi.fn().mockResolvedValue(undefined),
+      },
+    };
+
+    service = new MissionControlService(
+      registry as unknown as AgentProviderRegistry,
+      prisma as unknown as PrismaService
+    );
+  });
+
+  it("lists sessions from the registry", async () => {
+    await expect(service.listSessions()).resolves.toEqual([session]);
+    expect(registry.listAllSessions).toHaveBeenCalledTimes(1);
+  });
+
+  it("returns a session when it is found", async () => {
+    const provider = createProvider("internal");
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await expect(service.getSession(session.id)).resolves.toEqual(session);
+  });
+
+  it("throws NotFoundException when session lookup fails", async () => {
+    await expect(service.getSession("missing-session")).rejects.toBeInstanceOf(NotFoundException);
+  });
+
+  it("gets messages from the resolved provider", async () => {
+    const provider = createProvider("openclaw");
+    const messages: AgentMessage[] = [
+      {
+        id: "message-1",
+        sessionId: session.id,
+        role: "assistant",
+        content: "hello",
+        timestamp: new Date("2026-03-07T14:01:00.000Z"),
+      },
+    ];
+
+    provider.getMessages.mockResolvedValue(messages);
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await expect(service.getMessages(session.id, 25, "10")).resolves.toEqual(messages);
+    expect(provider.getMessages).toHaveBeenCalledWith(session.id, 25, "10");
+  });
+
+  it("injects a message and writes an audit log", async () => {
+    const provider = createProvider("internal");
+    const injectResult: InjectResult = { accepted: true, messageId: "msg-1" };
+    provider.injectMessage.mockResolvedValue(injectResult);
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await expect(service.injectMessage(session.id, "ship it", "operator-1")).resolves.toEqual(
+      injectResult
+    );
+
+    expect(provider.injectMessage).toHaveBeenCalledWith(session.id, "ship it");
+    expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+      data: {
+        sessionId: session.id,
+        userId: "operator-1",
+        provider: "internal",
+        action: "inject",
+        content: "ship it",
+        metadata: {
+          payload: { message: "ship it" },
+        },
+      },
+    });
+  });
+
+  it("pauses and resumes using default operator id", async () => {
+    const provider = createProvider("openclaw");
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await service.pauseSession(session.id);
+    await service.resumeSession(session.id);
+
+    expect(provider.pauseSession).toHaveBeenCalledWith(session.id);
+    expect(provider.resumeSession).toHaveBeenCalledWith(session.id);
+    expect(prisma.operatorAuditLog.create).toHaveBeenNthCalledWith(1, {
+      data: {
+        sessionId: session.id,
+        userId: "mission-control",
+        provider: "openclaw",
+        action: "pause",
+        metadata: {
+          payload: {},
+        },
+      },
+    });
+    expect(prisma.operatorAuditLog.create).toHaveBeenNthCalledWith(2, {
+      data: {
+        sessionId: session.id,
+        userId: "mission-control",
+        provider: "openclaw",
+        action: "resume",
+        metadata: {
+          payload: {},
+        },
+      },
+    });
+  });
+
+  it("kills with provided force value and writes audit log", async () => {
+    const provider = createProvider("openclaw");
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await service.killSession(session.id, false, "operator-2");
+
+    expect(provider.killSession).toHaveBeenCalledWith(session.id, false);
+    expect(prisma.operatorAuditLog.create).toHaveBeenCalledWith({
+      data: {
+        sessionId: session.id,
+        userId: "operator-2",
+        provider: "openclaw",
+        action: "kill",
+        metadata: {
+          payload: { force: false },
+        },
+      },
+    });
+  });
+
+  it("resolves provider message stream", async () => {
+    const provider = createProvider("internal");
+    const messageStream = (async function* (): AsyncIterable<AgentMessage> {
+      yield {
+        id: "message-1",
+        sessionId: session.id,
+        role: "assistant",
+        content: "stream",
+        timestamp: new Date("2026-03-07T14:03:00.000Z"),
+      };
+    })();
+
+    provider.streamMessages.mockReturnValue(messageStream);
+    registry.getProviderForSession.mockResolvedValue({ provider, session });
+
+    await expect(service.streamMessages(session.id)).resolves.toBe(messageStream);
+    expect(provider.streamMessages).toHaveBeenCalledWith(session.id);
+  });
+
+  it("does not write audit log when session cannot be resolved", async () => {
+    await expect(service.pauseSession("missing-session")).rejects.toBeInstanceOf(NotFoundException);
+    expect(prisma.operatorAuditLog.create).not.toHaveBeenCalled();
+  });
+});
--- a/apps/orchestrator/src/api/mission-control/mission-control.service.ts
+++ b/apps/orchestrator/src/api/mission-control/mission-control.service.ts
@@ -0,0 +1,186 @@
+import { Injectable, NotFoundException } from "@nestjs/common";
+import type { AgentMessage, AgentSession, IAgentProvider, InjectResult } from "@mosaic/shared";
+import type { Prisma } from "@prisma/client";
+import { PrismaService } from "../../prisma/prisma.service";
+import { AgentProviderRegistry } from "../agents/agent-provider.registry";
+
+type MissionControlAction = "inject" | "pause" | "resume" | "kill";
+
+const DEFAULT_OPERATOR_ID = "mission-control";
+
+export interface AuditLogEntry {
+  id: string;
+  userId: string;
+  sessionId: string;
+  provider: string;
+  action: string;
+  content: string | null;
+  metadata: Prisma.JsonValue;
+  createdAt: Date;
+}
+
+export interface MissionControlAuditLogPage {
+  items: AuditLogEntry[];
+  total: number;
+  page: number;
+  pages: number;
+}
+
+@Injectable()
+export class MissionControlService {
+  constructor(
+    private readonly registry: AgentProviderRegistry,
+    private readonly prisma: PrismaService
+  ) {}
+
+  listSessions(): Promise<AgentSession[]> {
+    return this.registry.listAllSessions();
+  }
+
+  async getSession(sessionId: string): Promise<AgentSession> {
+    const resolved = await this.registry.getProviderForSession(sessionId);
+    if (!resolved) {
+      throw new NotFoundException(`Session ${sessionId} not found`);
+    }
+
+    return resolved.session;
+  }
+
+  async getMessages(sessionId: string, limit?: number, before?: string): Promise<AgentMessage[]> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    return provider.getMessages(sessionId, limit, before);
+  }
+
+  async getAuditLog(
+    sessionId: string | undefined,
+    page: number,
+    limit: number
+  ): Promise<MissionControlAuditLogPage> {
+    const normalizedSessionId = sessionId?.trim();
+    const where: Prisma.OperatorAuditLogWhereInput =
+      normalizedSessionId && normalizedSessionId.length > 0
+        ? { sessionId: normalizedSessionId }
+        : {};
+
+    const [total, items] = await this.prisma.$transaction([
+      this.prisma.operatorAuditLog.count({ where }),
+      this.prisma.operatorAuditLog.findMany({
+        where,
+        orderBy: { createdAt: "desc" },
+        skip: (page - 1) * limit,
+        take: limit,
+      }),
+    ]);
+
+    return {
+      items,
+      total,
+      page,
+      pages: total === 0 ? 0 : Math.ceil(total / limit),
+    };
+  }
+
+  async injectMessage(
+    sessionId: string,
+    message: string,
+    operatorId = DEFAULT_OPERATOR_ID
+  ): Promise<InjectResult> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    const result = await provider.injectMessage(sessionId, message);
+
+    await this.writeOperatorAuditLog({
+      sessionId,
+      providerId: provider.providerId,
+      operatorId,
+      action: "inject",
+      content: message,
+      payload: { message },
+    });
+
+    return result;
+  }
+
+  async pauseSession(sessionId: string, operatorId = DEFAULT_OPERATOR_ID): Promise<void> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    await provider.pauseSession(sessionId);
+
+    await this.writeOperatorAuditLog({
+      sessionId,
+      providerId: provider.providerId,
+      operatorId,
+      action: "pause",
+      payload: {},
+    });
+  }
+
+  async resumeSession(sessionId: string, operatorId = DEFAULT_OPERATOR_ID): Promise<void> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    await provider.resumeSession(sessionId);
+
+    await this.writeOperatorAuditLog({
+      sessionId,
+      providerId: provider.providerId,
+      operatorId,
+      action: "resume",
+      payload: {},
+    });
+  }
+
+  async killSession(
+    sessionId: string,
+    force = true,
+    operatorId = DEFAULT_OPERATOR_ID
+  ): Promise<void> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    await provider.killSession(sessionId, force);
+
+    await this.writeOperatorAuditLog({
+      sessionId,
+      providerId: provider.providerId,
+      operatorId,
+      action: "kill",
+      payload: { force },
+    });
+  }
+
+  async streamMessages(sessionId: string): Promise<AsyncIterable<AgentMessage>> {
+    const { provider } = await this.getProviderForSessionOrThrow(sessionId);
+    return provider.streamMessages(sessionId);
+  }
+
+  private async getProviderForSessionOrThrow(
+    sessionId: string
+  ): Promise<{ provider: IAgentProvider; session: AgentSession }> {
+    const resolved = await this.registry.getProviderForSession(sessionId);
+
+    if (!resolved) {
+      throw new NotFoundException(`Session ${sessionId} not found`);
+    }
+
+    return resolved;
+  }
+
+  private toJsonValue(value: Record<string, unknown>): Prisma.InputJsonValue {
+    return value as Prisma.InputJsonValue;
+  }
+
+  private async writeOperatorAuditLog(params: {
+    sessionId: string;
+    providerId: string;
+    operatorId: string;
+    action: MissionControlAction;
+    content?: string;
+    payload: Record<string, unknown>;
+  }): Promise<void> {
+    await this.prisma.operatorAuditLog.create({
+      data: {
+        sessionId: params.sessionId,
+        userId: params.operatorId,
+        provider: params.providerId,
+        action: params.action,
+        ...(params.content !== undefined ? { content: params.content } : {}),
+        metadata: this.toJsonValue({ payload: params.payload }),
+      },
+    });
+  }
+}
--- a/apps/orchestrator/src/app.module.ts
+++ b/apps/orchestrator/src/app.module.ts
@@ -4,7 +4,9 @@ import { BullModule } from "@nestjs/bullmq";
 import { ThrottlerModule } from "@nestjs/throttler";
 import { HealthModule } from "./api/health/health.module";
 import { AgentsModule } from "./api/agents/agents.module";
+import { MissionControlModule } from "./api/mission-control/mission-control.module";
 import { QueueApiModule } from "./api/queue/queue-api.module";
+import { AgentProvidersModule } from "./api/agent-providers/agent-providers.module";
 import { CoordinatorModule } from "./coordinator/coordinator.module";
 import { BudgetModule } from "./budget/budget.module";
 import { CIModule } from "./ci";
@@ -51,6 +53,8 @@ import { orchestratorConfig } from "./config/orchestrator.config";
    ]),
    HealthModule,
    AgentsModule,
+    AgentProvidersModule,
+    MissionControlModule,
    QueueApiModule,
    CoordinatorModule,
    BudgetModule,
--- a/apps/orchestrator/src/auth/auth.module.ts
+++ b/apps/orchestrator/src/auth/auth.module.ts
@@ -0,0 +1,9 @@
+import { Module } from "@nestjs/common";
+import { OrchestratorApiKeyGuard } from "../common/guards/api-key.guard";
+import { AuthGuard } from "./guards/auth.guard";
+
+@Module({
+  providers: [OrchestratorApiKeyGuard, AuthGuard],
+  exports: [AuthGuard],
+})
+export class AuthModule {}
--- a/apps/orchestrator/src/auth/guards/auth.guard.ts
+++ b/apps/orchestrator/src/auth/guards/auth.guard.ts
@@ -0,0 +1,11 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { OrchestratorApiKeyGuard } from "../../common/guards/api-key.guard";
+
+@Injectable()
+export class AuthGuard implements CanActivate {
+  constructor(private readonly apiKeyGuard: OrchestratorApiKeyGuard) {}
+
+  canActivate(context: ExecutionContext): boolean | Promise<boolean> {
+    return this.apiKeyGuard.canActivate(context);
+  }
+}
--- a/apps/orchestrator/src/prisma/prisma.module.ts
+++ b/apps/orchestrator/src/prisma/prisma.module.ts
@@ -0,0 +1,9 @@
+import { Global, Module } from "@nestjs/common";
+import { PrismaService } from "./prisma.service";
+
+@Global()
+@Module({
+  providers: [PrismaService],
+  exports: [PrismaService],
+})
+export class PrismaModule {}
--- a/apps/orchestrator/src/prisma/prisma.service.ts
+++ b/apps/orchestrator/src/prisma/prisma.service.ts
@@ -0,0 +1,26 @@
+import { Injectable, Logger, OnModuleDestroy, OnModuleInit } from "@nestjs/common";
+import { PrismaClient } from "@prisma/client";
+
+/**
+ * Lightweight Prisma service for orchestrator ingestion persistence.
+ */
+@Injectable()
+export class PrismaService extends PrismaClient implements OnModuleInit, OnModuleDestroy {
+  private readonly logger = new Logger(PrismaService.name);
+
+  constructor() {
+    super({
+      log: process.env.NODE_ENV === "development" ? ["warn", "error"] : ["error"],
+    });
+  }
+
+  async onModuleInit(): Promise<void> {
+    await this.$connect();
+    this.logger.log("Database connection established");
+  }
+
+  async onModuleDestroy(): Promise<void> {
+    await this.$disconnect();
+    this.logger.log("Database connection closed");
+  }
+}
--- a/apps/orchestrator/src/spawner/agent-lifecycle.service.ts
+++ b/apps/orchestrator/src/spawner/agent-lifecycle.service.ts
@@ -1,6 +1,7 @@
-import { Injectable, Logger, Inject, forwardRef } from "@nestjs/common";
+import { Injectable, Logger, Inject, Optional, forwardRef } from "@nestjs/common";
 import { ValkeyService } from "../valkey/valkey.service";
 import { AgentSpawnerService } from "./agent-spawner.service";
+import { AgentIngestionService } from "../agent-ingestion/agent-ingestion.service";
 import type { AgentState, AgentStatus, AgentEvent } from "../valkey/types";
 import { isValidAgentTransition } from "../valkey/types/state.types";

@@ -32,7 +33,8 @@ export class AgentLifecycleService {
  constructor(
    private readonly valkeyService: ValkeyService,
    @Inject(forwardRef(() => AgentSpawnerService))
-    private readonly spawnerService: AgentSpawnerService
+    private readonly spawnerService: AgentSpawnerService,
+    @Optional() private readonly agentIngestionService?: AgentIngestionService
  ) {
    this.logger.log("AgentLifecycleService initialized");
  }
@@ -55,6 +57,25 @@ export class AgentLifecycleService {
    return createdState;
  }

+  private async recordLifecycleIngestion(
+    agentId: string,
+    event: "started" | "completed" | "failed" | "killed",
+    record: (ingestionService: AgentIngestionService) => Promise<void>
+  ): Promise<void> {
+    if (!this.agentIngestionService) {
+      return;
+    }
+
+    try {
+      await record(this.agentIngestionService);
+    } catch (error: unknown) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      this.logger.error(
+        `Failed to record agent ${event} ingestion for ${agentId}: ${errorMessage}`
+      );
+    }
+  }
+
  /**
   * Acquire a per-agent mutex to serialize state transitions.
   * Uses promise chaining: each caller chains onto the previous lock,
@@ -118,6 +139,10 @@ export class AgentLifecycleService {
      // Emit event
      await this.publishStateChangeEvent("agent.running", updatedState);

+      await this.recordLifecycleIngestion(agentId, "started", (ingestionService) =>
+        ingestionService.recordAgentStarted(agentId)
+      );
+
      this.logger.log(`Agent ${agentId} transitioned to running`);
      return updatedState;
    });
@@ -155,6 +180,10 @@ export class AgentLifecycleService {
      // Emit event
      await this.publishStateChangeEvent("agent.completed", updatedState);

+      await this.recordLifecycleIngestion(agentId, "completed", (ingestionService) =>
+        ingestionService.recordAgentCompleted(agentId)
+      );
+
      // Schedule session cleanup
      this.spawnerService.scheduleSessionCleanup(agentId);

@@ -192,6 +221,10 @@ export class AgentLifecycleService {
      // Emit event
      await this.publishStateChangeEvent("agent.failed", updatedState, error);

+      await this.recordLifecycleIngestion(agentId, "failed", (ingestionService) =>
+        ingestionService.recordAgentFailed(agentId, error)
+      );
+
      // Schedule session cleanup
      this.spawnerService.scheduleSessionCleanup(agentId);

@@ -228,6 +261,10 @@ export class AgentLifecycleService {
      // Emit event
      await this.publishStateChangeEvent("agent.killed", updatedState);

+      await this.recordLifecycleIngestion(agentId, "killed", (ingestionService) =>
+        ingestionService.recordAgentKilled(agentId)
+      );
+
      // Schedule session cleanup
      this.spawnerService.scheduleSessionCleanup(agentId);

--- a/apps/orchestrator/src/spawner/agent-spawner.service.ts
+++ b/apps/orchestrator/src/spawner/agent-spawner.service.ts
@@ -1,4 +1,11 @@
-import { Injectable, Logger, HttpException, HttpStatus, OnModuleDestroy } from "@nestjs/common";
+import {
+  Injectable,
+  Logger,
+  HttpException,
+  HttpStatus,
+  OnModuleDestroy,
+  Optional,
+} from "@nestjs/common";
 import { ConfigService } from "@nestjs/config";
 import Anthropic from "@anthropic-ai/sdk";
 import { randomUUID } from "crypto";
@@ -8,6 +15,7 @@ import {
  AgentSession,
  AgentType,
 } from "./types/agent-spawner.types";
+import { AgentIngestionService } from "../agent-ingestion/agent-ingestion.service";

 /**
 * Default delay in milliseconds before cleaning up sessions after terminal states
@@ -30,7 +38,10 @@ export class AgentSpawnerService implements OnModuleDestroy {
  private readonly sessionCleanupDelayMs: number;
  private readonly cleanupTimers = new Map<string, NodeJS.Timeout>();

-  constructor(private readonly configService: ConfigService) {
+  constructor(
+    private readonly configService: ConfigService,
+    @Optional() private readonly agentIngestionService?: AgentIngestionService
+  ) {
    const configuredProvider = this.configService.get<string>("orchestrator.aiProvider");
    this.aiProvider = this.normalizeAiProvider(configuredProvider);

@@ -98,6 +109,25 @@ export class AgentSpawnerService implements OnModuleDestroy {
    this.cleanupTimers.clear();
  }

+  private recordSpawnedAgentIngestion(agentId: string, request: SpawnAgentRequest): void {
+    if (!this.agentIngestionService) {
+      return;
+    }
+
+    void this.agentIngestionService
+      .recordAgentSpawned(
+        agentId,
+        request.parentAgentId,
+        undefined,
+        request.taskId,
+        request.agentType
+      )
+      .catch((error: unknown) => {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        this.logger.error(`Failed to record spawned ingestion for ${agentId}: ${errorMessage}`);
+      });
+  }
+
  /**
   * Spawn a new agent with the given configuration
   * @param request Agent spawn request
@@ -130,6 +160,8 @@ export class AgentSpawnerService implements OnModuleDestroy {
    // Store session
    this.sessions.set(agentId, session);

+    this.recordSpawnedAgentIngestion(agentId, request);
+
    this.logger.log(`Agent spawned successfully: ${agentId} (type: ${request.agentType})`);

    // NOTE: Actual Claude SDK integration will be implemented in next iteration (see issue #TBD)
--- a/apps/orchestrator/src/spawner/spawner.module.ts
+++ b/apps/orchestrator/src/spawner/spawner.module.ts
@@ -3,9 +3,10 @@ import { AgentSpawnerService } from "./agent-spawner.service";
 import { AgentLifecycleService } from "./agent-lifecycle.service";
 import { DockerSandboxService } from "./docker-sandbox.service";
 import { ValkeyModule } from "../valkey/valkey.module";
+import { AgentIngestionModule } from "../agent-ingestion/agent-ingestion.module";

@Module({
-  imports: [ValkeyModule],
+  imports: [ValkeyModule, AgentIngestionModule],
  providers: [AgentSpawnerService, AgentLifecycleService, DockerSandboxService],
  exports: [AgentSpawnerService, AgentLifecycleService, DockerSandboxService],
 })
--- a/apps/orchestrator/src/spawner/types/agent-spawner.types.ts
+++ b/apps/orchestrator/src/spawner/types/agent-spawner.types.ts
@@ -40,6 +40,8 @@ export interface SpawnAgentOptions {
 export interface SpawnAgentRequest {
  /** Unique task identifier */
  taskId: string;
+  /** Optional parent session identifier for subagent lineage */
+  parentAgentId?: string;
  /** Type of agent to spawn */
  agentType: AgentType;
  /** Context for task execution */
--- a/apps/orchestrator/vitest.config.ts
+++ b/apps/orchestrator/vitest.config.ts
@@ -4,6 +4,7 @@ export default defineConfig({
  test: {
    globals: true,
    environment: "node",
+    setupFiles: ["reflect-metadata"],
    exclude: ["**/node_modules/**", "**/dist/**", "**/tests/integration/**"],
    include: ["src/**/*.spec.ts", "src/**/*.test.ts"],
    coverage: {
--- a/apps/web/src/app/(authenticated)/mission-control/page.tsx
+++ b/apps/web/src/app/(authenticated)/mission-control/page.tsx
@@ -0,0 +1,5 @@
+import { MissionControlLayout } from "@/components/mission-control/MissionControlLayout";
+
+export default function MissionControlPage(): React.JSX.Element {
+  return <MissionControlLayout />;
+}
--- a/apps/web/src/components/chat/AgentSelector.tsx
+++ b/apps/web/src/components/chat/AgentSelector.tsx
@@ -0,0 +1,128 @@
+"use client";
+
+import React from "react";
+
+interface AgentSelectorProps {
+  selectedAgent?: string | null;
+  onChange?: (agent: string | null) => void;
+  disabled?: boolean;
+}
+
+const AGENT_CONFIG = {
+  jarvis: {
+    displayName: "Jarvis",
+    role: "Orchestrator",
+    color: "#3498db",
+  },
+  builder: {
+    displayName: "Builder",
+    role: "Coding Agent",
+    color: "#3b82f6",
+  },
+  medic: {
+    displayName: "Medic",
+    role: "Health Monitor",
+    color: "#10b981",
+  },
+} as const;
+
+function JarvisIcon({ className }: { className?: string }): React.ReactElement {
+  return (
+    <svg
+      className={`w-3 h-3 ${className ?? ""}`}
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth="1.5"
+    >
+      <circle cx="12" cy="12" r="3" />
+      <path d="M12 2v4M12 22v-4" />
+      <path d="M2 12h4M22 12h-4" />
+    </svg>
+  );
+}
+
+function BuilderIcon({ className }: { className?: string }): React.ReactElement {
+  return (
+    <svg
+      className={`w-3 h-3 ${className ?? ""}`}
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth="1.5"
+    >
+      <path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z" />
+    </svg>
+  );
+}
+
+function MedicIcon({ className }: { className?: string }): React.ReactElement {
+  return (
+    <svg
+      className={`w-3 h-3 ${className ?? ""}`}
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth="1.5"
+    >
+      <path d="M22 12h-4l-3 9L9 3l-3 9H2" />
+    </svg>
+  );
+}
+
+const AGENT_ICONS: Record<string, React.FC<{ className?: string }>> = {
+  jarvis: JarvisIcon,
+  builder: BuilderIcon,
+  medic: MedicIcon,
+};
+
+export function AgentSelector({
+  selectedAgent,
+  onChange,
+  disabled,
+}: AgentSelectorProps): React.ReactElement {
+  return (
+    <div className="flex items-center gap-2">
+      <span className="text-xs font-medium" style={{ color: "rgb(var(--text-muted))" }}>
+        Agent
+      </span>
+
+      <div className="flex flex-wrap gap-1">
+        {Object.entries(AGENT_CONFIG).map(([name, config]) => {
+          const Icon = AGENT_ICONS[name];
+          const isSelected = selectedAgent === name;
+
+          return (
+            <button
+              key={name}
+              type="button"
+              onClick={() => onChange?.(isSelected ? null : name)}
+              disabled={disabled}
+              className={`flex items-center gap-1.5 px-2 py-1.5 rounded-lg border transition-all text-xs ${
+                isSelected ? "border-primary bg-primary/10 shadow-sm" : "hover:bg-muted/50"
+              } ${disabled ? "opacity-50 cursor-not-allowed" : ""}`}
+              style={{
+                borderColor: isSelected
+                  ? "rgb(var(--accent-primary))"
+                  : "rgb(var(--border-default))",
+                color: isSelected ? "rgb(var(--accent-primary))" : "rgb(var(--text-primary))",
+              }}
+              title={`${config.displayName} — ${config.role}`}
+            >
+              <span
+                className="rounded-full"
+                style={{
+                  backgroundColor: config.color,
+                  width: "8px",
+                  height: "8px",
+                }}
+              />
+              {Icon && <Icon />}
+              <span className="font-medium">{config.displayName}</span>
+            </button>
+          );
+        })}
+      </div>
+    </div>
+  );
+}
--- a/apps/web/src/components/chat/Chat.tsx
+++ b/apps/web/src/components/chat/Chat.tsx
@@ -9,6 +9,7 @@ import { useWorkspaceId } from "@/lib/hooks";
 import { MessageList } from "./MessageList";
 import { ChatInput, type ModelId, DEFAULT_TEMPERATURE, DEFAULT_MAX_TOKENS } from "./ChatInput";
 import { ChatEmptyState } from "./ChatEmptyState";
+import { AgentSelector } from "./AgentSelector";
 import type { Message } from "@/hooks/useChat";

 export interface ChatRef {
@@ -66,6 +67,7 @@ export const Chat = forwardRef<ChatRef, ChatProps>(function Chat(
  const [selectedModel, setSelectedModel] = useState<ModelId>("llama3.2");
  const [temperature, setTemperature] = useState<number>(DEFAULT_TEMPERATURE);
  const [maxTokens, setMaxTokens] = useState<number>(DEFAULT_MAX_TOKENS);
+  const [selectedAgent, setSelectedAgent] = useState<string | null>(null);

  // Suggestion fill value: controls ChatInput's textarea content
  const [suggestionValue, setSuggestionValue] = useState<string | undefined>(undefined);
@@ -88,6 +90,7 @@ export const Chat = forwardRef<ChatRef, ChatProps>(function Chat(
    temperature,
    maxTokens,
    ...(initialProjectId !== undefined && { projectId: initialProjectId }),
+    ...(selectedAgent !== null && { agent: selectedAgent }),
  });

  // Read workspace ID from localStorage (set by auth-context after session check).
@@ -375,6 +378,13 @@ export const Chat = forwardRef<ChatRef, ChatProps>(function Chat(
        }}
      >
        <div className="mx-auto max-w-4xl px-4 py-4 lg:px-8">
+          <div className="mb-3">
+            <AgentSelector
+              selectedAgent={selectedAgent}
+              onChange={setSelectedAgent}
+              disabled={isChatLoading || isStreaming || !user}
+            />
+          </div>
          <ChatInput
            onSend={handleSendMessage}
            disabled={isChatLoading || !user}
--- a/apps/web/src/components/layout/AppSidebar.tsx
+++ b/apps/web/src/components/layout/AppSidebar.tsx
@@ -156,6 +156,26 @@ function IconTerminal(): React.JSX.Element {
  );
 }

+function IconMissionControl(): React.JSX.Element {
+  return (
+    <svg
+      width="16"
+      height="16"
+      viewBox="0 0 16 16"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth="1.5"
+      aria-hidden="true"
+    >
+      <circle cx="8" cy="8" r="1.5" />
+      <path d="M11 5a4.25 4.25 0 0 1 0 6" />
+      <path d="M5 5a4.25 4.25 0 0 0 0 6" />
+      <path d="M13.5 2.5a7.75 7.75 0 0 1 0 11" />
+      <path d="M2.5 2.5a7.75 7.75 0 0 0 0 11" />
+    </svg>
+  );
+}
+
 function IconSettings(): React.JSX.Element {
  return (
    <svg
@@ -260,6 +280,11 @@ const NAV_GROUPS: NavGroup[] = [
        label: "Terminal",
        icon: <IconTerminal />,
      },
+      {
+        href: "/mission-control",
+        label: "Mission Control",
+        icon: <IconMissionControl />,
+      },
    ],
  },
  {
--- a/apps/web/src/components/mission-control/AuditLogDrawer.tsx
+++ b/apps/web/src/components/mission-control/AuditLogDrawer.tsx
@@ -0,0 +1,322 @@
+"use client";
+
+import { isValidElement, useEffect, useMemo, useState } from "react";
+import type { ReactNode } from "react";
+import { format } from "date-fns";
+import { useQuery } from "@tanstack/react-query";
+import { Loader2 } from "lucide-react";
+import { Badge } from "@/components/ui/badge";
+import type { BadgeVariant } from "@/components/ui/badge";
+import { Button } from "@/components/ui/button";
+import { ScrollArea } from "@/components/ui/scroll-area";
+import {
+  Sheet,
+  SheetContent,
+  SheetDescription,
+  SheetHeader,
+  SheetTitle,
+  SheetTrigger,
+} from "@/components/ui/sheet";
+import { apiGet } from "@/lib/api/client";
+
+const AUDIT_LOG_REFRESH_INTERVAL_MS = 10_000;
+const AUDIT_LOG_PAGE_SIZE = 50;
+const SUMMARY_MAX_LENGTH = 120;
+
+interface AuditLogDrawerProps {
+  sessionId?: string;
+  trigger: ReactNode;
+}
+
+interface AuditLogEntry {
+  id: string;
+  userId: string;
+  sessionId: string;
+  provider: string;
+  action: string;
+  content: string | null;
+  metadata: unknown;
+  createdAt: string;
+}
+
+interface AuditLogResponse {
+  items: AuditLogEntry[];
+  total: number;
+  page: number;
+  pages: number;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null;
+}
+
+function truncateText(value: string, maxLength: number): string {
+  if (value.length <= maxLength) {
+    return value;
+  }
+
+  return `${value.slice(0, maxLength - 1)}…`;
+}
+
+function truncateSessionId(sessionId: string): string {
+  return sessionId.slice(0, 8);
+}
+
+function formatTimestamp(value: string): string {
+  const parsed = new Date(value);
+
+  if (Number.isNaN(parsed.getTime())) {
+    return "Unknown";
+  }
+
+  return format(parsed, "yyyy-MM-dd HH:mm:ss");
+}
+
+function stringifyPayloadValue(value: unknown): string {
+  if (typeof value === "string") {
+    return value;
+  }
+
+  if (typeof value === "number" || typeof value === "boolean") {
+    return String(value);
+  }
+
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return "[unserializable]";
+  }
+}
+
+function getPayloadSummary(entry: AuditLogEntry): string {
+  const metadata = isRecord(entry.metadata) ? entry.metadata : undefined;
+  const payload = metadata && isRecord(metadata.payload) ? metadata.payload : undefined;
+
+  if (typeof entry.content === "string" && entry.content.trim().length > 0) {
+    return truncateText(entry.content.trim(), SUMMARY_MAX_LENGTH);
+  }
+
+  if (payload) {
+    const summary = Object.entries(payload)
+      .map(([key, value]) => `${key}=${stringifyPayloadValue(value)}`)
+      .join(", ");
+
+    if (summary.length > 0) {
+      return truncateText(summary, SUMMARY_MAX_LENGTH);
+    }
+  }
+
+  return "—";
+}
+
+function getActionVariant(action: string): BadgeVariant {
+  switch (action) {
+    case "inject":
+      return "badge-blue";
+    case "pause":
+      return "status-warning";
+    case "resume":
+      return "status-success";
+    case "kill":
+      return "status-error";
+    default:
+      return "status-neutral";
+  }
+}
+
+async function fetchAuditLog(
+  sessionId: string | undefined,
+  page: number
+): Promise<AuditLogResponse> {
+  const params = new URLSearchParams({
+    page: String(page),
+    limit: String(AUDIT_LOG_PAGE_SIZE),
+  });
+
+  const normalizedSessionId = sessionId?.trim();
+  if (normalizedSessionId && normalizedSessionId.length > 0) {
+    params.set("sessionId", normalizedSessionId);
+  }
+
+  return apiGet<AuditLogResponse>(`/api/mission-control/audit-log?${params.toString()}`);
+}
+
+export function AuditLogDrawer({ sessionId, trigger }: AuditLogDrawerProps): React.JSX.Element {
+  const [open, setOpen] = useState(false);
+  const [page, setPage] = useState(1);
+
+  const triggerElement = useMemo(
+    () =>
+      isValidElement(trigger) ? (
+        trigger
+      ) : (
+        <Button variant="outline" size="sm">
+          {trigger}
+        </Button>
+      ),
+    [trigger]
+  );
+
+  const auditLogQuery = useQuery<AuditLogResponse>({
+    queryKey: ["mission-control", "audit-log", sessionId ?? "all", page],
+    queryFn: async (): Promise<AuditLogResponse> => fetchAuditLog(sessionId, page),
+    enabled: open,
+    refetchInterval: open ? AUDIT_LOG_REFRESH_INTERVAL_MS : false,
+  });
+
+  useEffect(() => {
+    if (open) {
+      setPage(1);
+    }
+  }, [open, sessionId]);
+
+  useEffect(() => {
+    const pages = auditLogQuery.data?.pages;
+    if (pages !== undefined && pages > 0 && page > pages) {
+      setPage(pages);
+    }
+  }, [auditLogQuery.data?.pages, page]);
+
+  const totalItems = auditLogQuery.data?.total ?? 0;
+  const totalPages = auditLogQuery.data?.pages ?? 0;
+  const items = auditLogQuery.data?.items ?? [];
+
+  const canGoPrevious = page > 1;
+  const canGoNext = totalPages > 0 && page < totalPages;
+  const errorMessage =
+    auditLogQuery.error instanceof Error ? auditLogQuery.error.message : "Failed to load audit log";
+
+  return (
+    <Sheet open={open} onOpenChange={setOpen}>
+      <SheetTrigger asChild>{triggerElement}</SheetTrigger>
+      <SheetContent className="sm:max-w-[920px]">
+        <SheetHeader>
+          <div className="flex items-center justify-between gap-3">
+            <SheetTitle>Audit Log</SheetTitle>
+            {auditLogQuery.isFetching ? (
+              <Loader2 className="h-4 w-4 animate-spin text-muted-foreground" aria-hidden="true" />
+            ) : null}
+          </div>
+          <SheetDescription>
+            {sessionId
+              ? `Showing actions for session ${sessionId}.`
+              : "Showing operator actions across all mission control sessions."}
+          </SheetDescription>
+        </SheetHeader>
+
+        <div className="mt-4 flex min-h-0 flex-1 flex-col gap-3">
+          <div className="rounded-md border border-border/70">
+            <ScrollArea className="h-[64vh]">
+              <table className="w-full min-w-[760px] border-collapse text-sm">
+                <thead className="sticky top-0 z-10 bg-muted/90">
+                  <tr>
+                    <th className="px-3 py-2 text-left font-medium text-muted-foreground">
+                      Timestamp
+                    </th>
+                    <th className="px-3 py-2 text-left font-medium text-muted-foreground">
+                      Action
+                    </th>
+                    <th className="px-3 py-2 text-left font-medium text-muted-foreground">
+                      Session
+                    </th>
+                    <th className="px-3 py-2 text-left font-medium text-muted-foreground">
+                      Operator
+                    </th>
+                    <th className="px-3 py-2 text-left font-medium text-muted-foreground">
+                      Payload
+                    </th>
+                  </tr>
+                </thead>
+                <tbody>
+                  {auditLogQuery.isLoading ? (
+                    <tr>
+                      <td
+                        colSpan={5}
+                        className="px-3 py-6 text-center text-sm text-muted-foreground"
+                      >
+                        Loading audit log...
+                      </td>
+                    </tr>
+                  ) : auditLogQuery.error ? (
+                    <tr>
+                      <td colSpan={5} className="px-3 py-6 text-center text-sm text-red-500">
+                        {errorMessage}
+                      </td>
+                    </tr>
+                  ) : items.length === 0 ? (
+                    <tr>
+                      <td
+                        colSpan={5}
+                        className="px-3 py-6 text-center text-sm text-muted-foreground"
+                      >
+                        No audit entries found.
+                      </td>
+                    </tr>
+                  ) : (
+                    items.map((entry) => {
+                      const payloadSummary = getPayloadSummary(entry);
+
+                      return (
+                        <tr key={entry.id} className="border-t border-border/60 align-top">
+                          <td className="px-3 py-2 font-mono text-xs text-muted-foreground">
+                            {formatTimestamp(entry.createdAt)}
+                          </td>
+                          <td className="px-3 py-2">
+                            <Badge variant={getActionVariant(entry.action)} className="capitalize">
+                              {entry.action}
+                            </Badge>
+                          </td>
+                          <td className="px-3 py-2 font-mono text-xs" title={entry.sessionId}>
+                            {truncateSessionId(entry.sessionId)}
+                          </td>
+                          <td
+                            className="px-3 py-2 text-xs text-muted-foreground"
+                            title={entry.userId}
+                          >
+                            {entry.userId}
+                          </td>
+                          <td className="px-3 py-2 text-xs" title={payloadSummary}>
+                            {payloadSummary}
+                          </td>
+                        </tr>
+                      );
+                    })
+                  )}
+                </tbody>
+              </table>
+            </ScrollArea>
+          </div>
+
+          <div className="flex items-center justify-between">
+            <p className="text-xs text-muted-foreground">{totalItems} total entries</p>
+            <div className="flex items-center gap-2">
+              <Button
+                variant="outline"
+                size="sm"
+                disabled={!canGoPrevious || auditLogQuery.isFetching}
+                onClick={() => {
+                  setPage((currentPage) => Math.max(1, currentPage - 1));
+                }}
+              >
+                Previous
+              </Button>
+              <span className="text-xs text-muted-foreground">
+                Page {page} of {Math.max(totalPages, 1)}
+              </span>
+              <Button
+                variant="outline"
+                size="sm"
+                disabled={!canGoNext || auditLogQuery.isFetching}
+                onClick={() => {
+                  setPage((currentPage) => currentPage + 1);
+                }}
+              >
+                Next
+              </Button>
+            </div>
+          </div>
+        </div>
+      </SheetContent>
+    </Sheet>
+  );
+}
--- a/apps/web/src/components/mission-control/BargeInInput.tsx
+++ b/apps/web/src/components/mission-control/BargeInInput.tsx
@@ -0,0 +1,147 @@
+"use client";
+
+import { useCallback, useState, type KeyboardEvent } from "react";
+import { Loader2 } from "lucide-react";
+import { useToast } from "@mosaic/ui";
+import { Button } from "@/components/ui/button";
+import { apiPost } from "@/lib/api/client";
+
+const MAX_ROWS = 4;
+const TEXTAREA_MAX_HEIGHT_REM = 6.5;
+
+interface BargeInMutationResponse {
+  message?: string;
+}
+
+export interface BargeInInputProps {
+  sessionId: string;
+  onSent?: () => void;
+}
+
+function getErrorMessage(error: unknown): string {
+  if (error instanceof Error && error.message.trim().length > 0) {
+    return error.message;
+  }
+  return "Failed to send message to the session.";
+}
+
+export function BargeInInput({ sessionId, onSent }: BargeInInputProps): React.JSX.Element {
+  const { showToast } = useToast();
+  const [content, setContent] = useState("");
+  const [pauseBeforeSend, setPauseBeforeSend] = useState(false);
+  const [isSending, setIsSending] = useState(false);
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);
+
+  const handleSend = useCallback(async (): Promise<void> => {
+    const trimmedContent = content.trim();
+    if (!trimmedContent || isSending) {
+      return;
+    }
+
+    const encodedSessionId = encodeURIComponent(sessionId);
+    const baseEndpoint = `/api/mission-control/sessions/${encodedSessionId}`;
+    let didPause = false;
+    let didInject = false;
+
+    setIsSending(true);
+    setErrorMessage(null);
+
+    try {
+      if (pauseBeforeSend) {
+        await apiPost<BargeInMutationResponse>(`${baseEndpoint}/pause`);
+        didPause = true;
+      }
+
+      await apiPost<BargeInMutationResponse>(`${baseEndpoint}/inject`, { content: trimmedContent });
+      didInject = true;
+      setContent("");
+      onSent?.();
+    } catch (error) {
+      const message = getErrorMessage(error);
+      setErrorMessage(message);
+      showToast(message, "error");
+    } finally {
+      if (didPause) {
+        try {
+          await apiPost<BargeInMutationResponse>(`${baseEndpoint}/resume`);
+        } catch (resumeError) {
+          const resumeMessage = getErrorMessage(resumeError);
+          const message = didInject
+            ? `Message sent, but failed to resume session: ${resumeMessage}`
+            : `Failed to resume session: ${resumeMessage}`;
+          setErrorMessage(message);
+          showToast(message, "error");
+        }
+      }
+
+      setIsSending(false);
+    }
+  }, [content, isSending, onSent, pauseBeforeSend, sessionId, showToast]);
+
+  const handleKeyDown = useCallback(
+    (event: KeyboardEvent<HTMLTextAreaElement>): void => {
+      if (event.key === "Enter" && !event.shiftKey) {
+        event.preventDefault();
+        void handleSend();
+      }
+    },
+    [handleSend]
+  );
+
+  const isSendDisabled = isSending || content.trim().length === 0;
+
+  return (
+    <div className="space-y-2">
+      <textarea
+        value={content}
+        onChange={(event) => {
+          setContent(event.target.value);
+        }}
+        onKeyDown={handleKeyDown}
+        disabled={isSending}
+        rows={MAX_ROWS}
+        placeholder="Inject a message into this session..."
+        className="block w-full resize-y rounded-md border border-border bg-background px-3 py-2 text-sm leading-5 text-foreground outline-none placeholder:text-muted-foreground disabled:cursor-not-allowed disabled:opacity-60"
+        style={{ maxHeight: `${String(TEXTAREA_MAX_HEIGHT_REM)}rem` }}
+        aria-label="Inject message"
+      />
+      <div className="flex items-center justify-between gap-3">
+        <label className="flex items-center gap-2 text-sm text-muted-foreground">
+          <input
+            type="checkbox"
+            checked={pauseBeforeSend}
+            onChange={(event) => {
+              setPauseBeforeSend(event.target.checked);
+            }}
+            disabled={isSending}
+            className="h-4 w-4 rounded border-border"
+          />
+          <span>Pause before send</span>
+        </label>
+        <Button
+          type="button"
+          variant="primary"
+          size="sm"
+          disabled={isSendDisabled}
+          onClick={() => {
+            void handleSend();
+          }}
+        >
+          {isSending ? (
+            <span className="flex items-center gap-2">
+              <Loader2 className="h-4 w-4 animate-spin" aria-hidden="true" />
+              Sending...
+            </span>
+          ) : (
+            "Send"
+          )}
+        </Button>
+      </div>
+      {errorMessage ? (
+        <p role="alert" className="text-sm text-red-500">
+          {errorMessage}
+        </p>
+      ) : null}
+    </div>
+  );
+}
--- a/apps/web/src/components/mission-control/GlobalAgentRoster.tsx
+++ b/apps/web/src/components/mission-control/GlobalAgentRoster.tsx
@@ -0,0 +1,292 @@
+"use client";
+
+import { useMemo, useState } from "react";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
+import type { AgentSession } from "@mosaic/shared";
+import { ChevronRight, Loader2, X } from "lucide-react";
+import { KillAllDialog } from "@/components/mission-control/KillAllDialog";
+import { Badge } from "@/components/ui/badge";
+import type { BadgeVariant } from "@/components/ui/badge";
+import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+import { Collapsible } from "@/components/ui/collapsible";
+import { ScrollArea } from "@/components/ui/scroll-area";
+import { Skeleton } from "@/components/ui/skeleton";
+import { apiGet, apiPost } from "@/lib/api/client";
+
+const SESSIONS_QUERY_KEY = ["mission-control", "sessions"] as const;
+const SESSIONS_POLL_INTERVAL_MS = 5_000;
+
+type MissionControlSessionStatus = AgentSession["status"] | "killed";
+
+interface MissionControlSession extends Omit<AgentSession, "status" | "createdAt" | "updatedAt"> {
+  status: MissionControlSessionStatus;
+  createdAt: string | Date;
+  updatedAt: string | Date;
+}
+
+interface SessionsPayload {
+  sessions: MissionControlSession[];
+}
+
+interface ProviderSessionGroup {
+  providerId: string;
+  providerType: string;
+  sessions: MissionControlSession[];
+}
+
+export interface GlobalAgentRosterProps {
+  onSelectSession?: (sessionId: string) => void;
+  selectedSessionId?: string | undefined;
+}
+
+function getStatusVariant(status: MissionControlSessionStatus): BadgeVariant {
+  switch (status) {
+    case "active":
+      return "status-success";
+    case "paused":
+      return "status-warning";
+    case "killed":
+      return "status-error";
+    default:
+      return "status-neutral";
+  }
+}
+
+function truncateSessionId(sessionId: string): string {
+  return sessionId.slice(0, 8);
+}
+
+function resolveProviderName(providerId: string, providerType: string): string {
+  return providerId === providerType ? providerId : `${providerId} (${providerType})`;
+}
+
+function groupByProvider(sessions: MissionControlSession[]): ProviderSessionGroup[] {
+  const grouped = new Map<string, ProviderSessionGroup>();
+
+  for (const session of sessions) {
+    const existing = grouped.get(session.providerId);
+    if (existing) {
+      existing.sessions.push(session);
+      continue;
+    }
+
+    grouped.set(session.providerId, {
+      providerId: session.providerId,
+      providerType: session.providerType,
+      sessions: [session],
+    });
+  }
+
+  return Array.from(grouped.values()).sort((a, b) => a.providerId.localeCompare(b.providerId));
+}
+
+async function fetchSessions(): Promise<MissionControlSession[]> {
+  const payload = await apiGet<MissionControlSession[] | SessionsPayload>(
+    "/api/mission-control/sessions"
+  );
+  return Array.isArray(payload) ? payload : payload.sessions;
+}
+
+function toKillAllSessions(sessions: MissionControlSession[]): AgentSession[] {
+  return sessions
+    .filter(
+      (session): session is MissionControlSession & { status: AgentSession["status"] } =>
+        session.status !== "killed"
+    )
+    .map((session) => ({
+      ...session,
+      createdAt:
+        session.createdAt instanceof Date ? session.createdAt : new Date(session.createdAt),
+      updatedAt:
+        session.updatedAt instanceof Date ? session.updatedAt : new Date(session.updatedAt),
+    }));
+}
+
+export function GlobalAgentRoster({
+  onSelectSession,
+  selectedSessionId,
+}: GlobalAgentRosterProps): React.JSX.Element {
+  const queryClient = useQueryClient();
+  const [openProviders, setOpenProviders] = useState<Record<string, boolean>>({});
+
+  const sessionsQuery = useQuery<MissionControlSession[]>({
+    queryKey: SESSIONS_QUERY_KEY,
+    queryFn: fetchSessions,
+    refetchInterval: SESSIONS_POLL_INTERVAL_MS,
+  });
+
+  const killMutation = useMutation({
+    mutationFn: async (sessionId: string): Promise<string> => {
+      await apiPost<{ message: string }>(`/api/mission-control/sessions/${sessionId}/kill`, {
+        force: false,
+      });
+      return sessionId;
+    },
+    onSuccess: (): void => {
+      void queryClient.invalidateQueries({ queryKey: SESSIONS_QUERY_KEY });
+    },
+  });
+
+  const groupedSessions = useMemo(
+    () => groupByProvider(sessionsQuery.data ?? []),
+    [sessionsQuery.data]
+  );
+
+  const killAllSessions = useMemo(
+    () => toKillAllSessions(sessionsQuery.data ?? []),
+    [sessionsQuery.data]
+  );
+
+  const totalSessionCount = sessionsQuery.data?.length ?? 0;
+
+  const pendingKillSessionId = killMutation.isPending ? killMutation.variables : undefined;
+
+  const toggleProvider = (providerId: string): void => {
+    setOpenProviders((prev) => ({
+      ...prev,
+      [providerId]: !(prev[providerId] ?? true),
+    }));
+  };
+
+  const isProviderOpen = (providerId: string): boolean => openProviders[providerId] ?? true;
+
+  const handleKillAllComplete = (): void => {
+    void queryClient.invalidateQueries({ queryKey: SESSIONS_QUERY_KEY });
+  };
+
+  return (
+    <Card className="flex h-full min-h-0 flex-col">
+      <CardHeader className="pb-2">
+        <CardTitle className="flex items-center justify-between gap-2 text-base">
+          <span>Agent Roster</span>
+          <div className="flex items-center gap-2">
+            {totalSessionCount > 0 ? (
+              <KillAllDialog sessions={killAllSessions} onComplete={handleKillAllComplete} />
+            ) : null}
+            {sessionsQuery.isFetching && !sessionsQuery.isLoading ? (
+              <Loader2 className="h-4 w-4 animate-spin text-muted-foreground" aria-hidden="true" />
+            ) : null}
+          </div>
+        </CardTitle>
+      </CardHeader>
+      <CardContent className="min-h-0 flex-1 px-3 pb-3">
+        {sessionsQuery.isLoading ? (
+          <ScrollArea className="h-full">
+            <div className="space-y-2 pr-1">
+              {Array.from({ length: 6 }).map((_, index) => (
+                <Skeleton key={`roster-skeleton-${String(index)}`} className="h-10 w-full" />
+              ))}
+            </div>
+          </ScrollArea>
+        ) : sessionsQuery.error ? (
+          <div className="flex h-full items-center justify-center text-center text-sm text-red-500">
+            Failed to load agents: {sessionsQuery.error.message}
+          </div>
+        ) : groupedSessions.length === 0 ? (
+          <div className="flex h-full items-center justify-center text-sm text-muted-foreground">
+            No active agents
+          </div>
+        ) : (
+          <ScrollArea className="h-full">
+            <div className="space-y-3 pr-1">
+              {groupedSessions.map((group) => {
+                const providerOpen = isProviderOpen(group.providerId);
+
+                return (
+                  <Collapsible key={group.providerId} open={providerOpen} className="space-y-1">
+                    <button
+                      type="button"
+                      onClick={() => {
+                        toggleProvider(group.providerId);
+                      }}
+                      className="flex w-full items-center gap-2 rounded-md px-1 py-1 text-left text-sm hover:bg-muted/40"
+                      aria-expanded={providerOpen}
+                    >
+                      <ChevronRight
+                        className={`h-4 w-4 text-muted-foreground transition-transform ${providerOpen ? "rotate-90" : ""}`}
+                        aria-hidden="true"
+                      />
+                      <span className="font-medium">
+                        {resolveProviderName(group.providerId, group.providerType)}
+                      </span>
+                      <span className="ml-auto text-xs text-muted-foreground">
+                        {group.sessions.length}
+                      </span>
+                    </button>
+                    {providerOpen ? (
+                      <div className="space-y-1 pl-2">
+                        {group.sessions.map((session) => {
+                          const isSelected = selectedSessionId === session.id;
+                          const isKilling = pendingKillSessionId === session.id;
+
+                          return (
+                            <div
+                              key={session.id}
+                              role="button"
+                              tabIndex={0}
+                              onClick={() => {
+                                onSelectSession?.(session.id);
+                              }}
+                              onKeyDown={(event) => {
+                                if (event.key === "Enter" || event.key === " ") {
+                                  event.preventDefault();
+                                  onSelectSession?.(session.id);
+                                }
+                              }}
+                              className="flex items-center justify-between gap-2 rounded-md border border-transparent px-2 py-1.5 transition-colors hover:bg-muted/40"
+                              style={
+                                isSelected
+                                  ? {
+                                      borderColor: "rgba(47, 128, 255, 0.35)",
+                                      backgroundColor: "rgba(47, 128, 255, 0.08)",
+                                    }
+                                  : undefined
+                              }
+                            >
+                              <div className="flex min-w-0 items-center gap-2">
+                                <span className="font-mono text-xs" title={session.id}>
+                                  {truncateSessionId(session.id)}
+                                </span>
+                                <Badge
+                                  variant={getStatusVariant(session.status)}
+                                  className="capitalize"
+                                >
+                                  {session.status}
+                                </Badge>
+                              </div>
+                              <Button
+                                variant="ghost"
+                                size="sm"
+                                className="h-7 min-h-7 w-7 min-w-7 p-0"
+                                disabled={isKilling}
+                                onClick={(event) => {
+                                  event.stopPropagation();
+                                  killMutation.mutate(session.id);
+                                }}
+                                aria-label={`Kill session ${truncateSessionId(session.id)}`}
+                              >
+                                {isKilling ? (
+                                  <Loader2
+                                    className="h-3.5 w-3.5 animate-spin"
+                                    aria-hidden="true"
+                                  />
+                                ) : (
+                                  <X className="h-3.5 w-3.5" aria-hidden="true" />
+                                )}
+                              </Button>
+                            </div>
+                          );
+                        })}
+                      </div>
+                    ) : null}
+                  </Collapsible>
+                );
+              })}
+            </div>
+          </ScrollArea>
+        )}
+      </CardContent>
+    </Card>
+  );
+}
--- a/apps/web/src/components/mission-control/KillAllDialog.tsx
+++ b/apps/web/src/components/mission-control/KillAllDialog.tsx
@@ -0,0 +1,224 @@
+"use client";
+
+import { useEffect, useMemo, useRef, useState } from "react";
+import type { AgentSession } from "@mosaic/shared";
+import { Loader2 } from "lucide-react";
+import { Button } from "@/components/ui/button";
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from "@/components/ui/dialog";
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { apiPost } from "@/lib/api/client";
+
+const CONFIRM_TEXT = "KILL ALL";
+const AUTO_CLOSE_DELAY_MS = 2_000;
+
+type KillScope = "internal" | "all";
+
+export interface KillAllDialogProps {
+  sessions: AgentSession[];
+  onComplete?: () => void;
+}
+
+export function KillAllDialog({ sessions, onComplete }: KillAllDialogProps): React.JSX.Element {
+  const [open, setOpen] = useState(false);
+  const [scope, setScope] = useState<KillScope>("internal");
+  const [confirmationInput, setConfirmationInput] = useState("");
+  const [isKilling, setIsKilling] = useState(false);
+  const [completedCount, setCompletedCount] = useState(0);
+  const [targetCount, setTargetCount] = useState(0);
+  const [successCount, setSuccessCount] = useState<number | null>(null);
+  const closeTimeoutRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+
+  const internalSessions = useMemo(
+    () => sessions.filter((session) => session.providerType.toLowerCase() === "internal"),
+    [sessions]
+  );
+
+  const scopedSessions = useMemo(
+    () => (scope === "all" ? sessions : internalSessions),
+    [scope, sessions, internalSessions]
+  );
+
+  const hasConfirmation = confirmationInput === CONFIRM_TEXT;
+  const isConfirmDisabled =
+    isKilling || successCount !== null || !hasConfirmation || scopedSessions.length === 0;
+
+  useEffect((): (() => void) => {
+    return (): void => {
+      if (closeTimeoutRef.current !== null) {
+        clearTimeout(closeTimeoutRef.current);
+      }
+    };
+  }, []);
+
+  const resetState = (): void => {
+    setScope("internal");
+    setConfirmationInput("");
+    setIsKilling(false);
+    setCompletedCount(0);
+    setTargetCount(0);
+    setSuccessCount(null);
+  };
+
+  const handleOpenChange = (nextOpen: boolean): void => {
+    if (!nextOpen && isKilling) {
+      return;
+    }
+
+    if (!nextOpen) {
+      if (closeTimeoutRef.current !== null) {
+        clearTimeout(closeTimeoutRef.current);
+      }
+      resetState();
+    }
+
+    setOpen(nextOpen);
+  };
+
+  const handleKillAll = async (): Promise<void> => {
+    if (isConfirmDisabled) {
+      return;
+    }
+
+    const targetSessions = [...scopedSessions];
+    setIsKilling(true);
+    setCompletedCount(0);
+    setTargetCount(targetSessions.length);
+    setSuccessCount(null);
+
+    const killRequests = targetSessions.map(async (session) => {
+      try {
+        await apiPost<{ message: string }>(`/api/mission-control/sessions/${session.id}/kill`, {
+          force: true,
+        });
+        return true;
+      } catch {
+        return false;
+      } finally {
+        setCompletedCount((currentCount) => currentCount + 1);
+      }
+    });
+
+    const results = await Promise.all(killRequests);
+    const successfulKills = results.filter(Boolean).length;
+
+    setIsKilling(false);
+    setSuccessCount(successfulKills);
+    onComplete?.();
+
+    closeTimeoutRef.current = setTimeout(() => {
+      setOpen(false);
+      resetState();
+    }, AUTO_CLOSE_DELAY_MS);
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={handleOpenChange}>
+      <DialogTrigger asChild>
+        <Button variant="danger" size="sm">
+          Kill All
+        </Button>
+      </DialogTrigger>
+      <DialogContent className="sm:max-w-[520px]">
+        <DialogHeader>
+          <DialogTitle>Kill All Agents</DialogTitle>
+          <DialogDescription>
+            This force-kills every selected agent session. This action cannot be undone.
+          </DialogDescription>
+        </DialogHeader>
+
+        <div className="space-y-4 py-2">
+          <fieldset className="space-y-2">
+            <legend className="text-sm font-medium">Scope</legend>
+            <label className="flex cursor-pointer items-center gap-2 text-sm text-foreground">
+              <input
+                type="radio"
+                name="kill-all-scope"
+                checked={scope === "internal"}
+                disabled={isKilling}
+                onChange={() => {
+                  setScope("internal");
+                }}
+              />
+              <span>Internal provider only ({internalSessions.length})</span>
+            </label>
+            <label className="flex cursor-pointer items-center gap-2 text-sm text-foreground">
+              <input
+                type="radio"
+                name="kill-all-scope"
+                checked={scope === "all"}
+                disabled={isKilling}
+                onChange={() => {
+                  setScope("all");
+                }}
+              />
+              <span>All providers ({sessions.length})</span>
+            </label>
+          </fieldset>
+
+          <div className="space-y-2">
+            <Label htmlFor="kill-all-confirmation-input">Type KILL ALL to confirm</Label>
+            <Input
+              id="kill-all-confirmation-input"
+              value={confirmationInput}
+              onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
+                setConfirmationInput(event.target.value);
+              }}
+              placeholder={CONFIRM_TEXT}
+              autoComplete="off"
+              disabled={isKilling}
+            />
+          </div>
+
+          {scopedSessions.length === 0 ? (
+            <p className="text-sm text-red-500">No sessions in the selected scope.</p>
+          ) : null}
+
+          {isKilling ? (
+            <div className="flex items-center gap-2 text-sm text-muted-foreground">
+              <Loader2 className="h-4 w-4 animate-spin" aria-hidden="true" />
+              <span>
+                Killing {completedCount} of {targetCount} agents...
+              </span>
+            </div>
+          ) : successCount !== null ? (
+            <p className="text-sm text-muted-foreground">
+              Killed {successCount} of {targetCount} agents. Closing...
+            </p>
+          ) : null}
+        </div>
+
+        <DialogFooter>
+          <Button
+            type="button"
+            variant="outline"
+            disabled={isKilling}
+            onClick={() => {
+              setOpen(false);
+            }}
+          >
+            Cancel
+          </Button>
+          <Button
+            type="button"
+            variant="danger"
+            disabled={isConfirmDisabled}
+            onClick={() => {
+              void handleKillAll();
+            }}
+          >
+            Kill All Agents
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+}
--- a/apps/web/src/components/mission-control/MissionControlLayout.tsx
+++ b/apps/web/src/components/mission-control/MissionControlLayout.tsx
@@ -0,0 +1,115 @@
+"use client";
+
+import { useCallback, useState } from "react";
+import { AuditLogDrawer } from "@/components/mission-control/AuditLogDrawer";
+import { GlobalAgentRoster } from "@/components/mission-control/GlobalAgentRoster";
+import {
+  MAX_PANEL_COUNT,
+  MIN_PANEL_COUNT,
+  MissionControlPanel,
+  type PanelConfig,
+} from "@/components/mission-control/MissionControlPanel";
+import { Button } from "@/components/ui/button";
+
+const INITIAL_PANELS: PanelConfig[] = [{}];
+
+export function MissionControlLayout(): React.JSX.Element {
+  const [panels, setPanels] = useState<PanelConfig[]>(INITIAL_PANELS);
+  const [selectedSessionId, setSelectedSessionId] = useState<string>();
+
+  const handleSelectSession = useCallback((sessionId: string): void => {
+    setSelectedSessionId(sessionId);
+
+    setPanels((currentPanels) => {
+      if (currentPanels.some((panel) => panel.sessionId === sessionId)) {
+        return currentPanels;
+      }
+
+      const firstEmptyPanelIndex = currentPanels.findIndex(
+        (panel) => panel.sessionId === undefined
+      );
+      if (firstEmptyPanelIndex >= 0) {
+        return currentPanels.map((panel, index) =>
+          index === firstEmptyPanelIndex ? { ...panel, sessionId } : panel
+        );
+      }
+
+      if (currentPanels.length >= MAX_PANEL_COUNT) {
+        return currentPanels;
+      }
+
+      return [...currentPanels, { sessionId }];
+    });
+  }, []);
+
+  const handleAddPanel = useCallback((): void => {
+    setPanels((currentPanels) => {
+      if (currentPanels.length >= MAX_PANEL_COUNT) {
+        return currentPanels;
+      }
+
+      return [...currentPanels, {}];
+    });
+  }, []);
+
+  const handleRemovePanel = useCallback((panelIndex: number): void => {
+    setPanels((currentPanels) => {
+      if (panelIndex < 0 || panelIndex >= currentPanels.length) {
+        return currentPanels;
+      }
+
+      if (currentPanels.length <= MIN_PANEL_COUNT) {
+        return currentPanels;
+      }
+
+      const nextPanels = currentPanels.filter((_, index) => index !== panelIndex);
+      return nextPanels.length === 0 ? INITIAL_PANELS : nextPanels;
+    });
+  }, []);
+
+  const handleExpandPanel = useCallback((panelIndex: number): void => {
+    setPanels((currentPanels) => {
+      if (panelIndex < 0 || panelIndex >= currentPanels.length) {
+        return currentPanels;
+      }
+
+      const shouldExpand = !currentPanels[panelIndex]?.expanded;
+
+      return currentPanels.map((panel, index) => ({
+        ...panel,
+        expanded: shouldExpand && index === panelIndex,
+      }));
+    });
+  }, []);
+
+  return (
+    <section className="flex h-full min-h-0 flex-col overflow-hidden" aria-label="Mission Control">
+      <header className="mb-3 flex items-center justify-end">
+        <AuditLogDrawer
+          trigger={
+            <Button variant="outline" size="sm">
+              Audit Log
+            </Button>
+          }
+        />
+      </header>
+
+      <div className="grid min-h-0 flex-1 gap-4 xl:grid-cols-[280px_minmax(0,1fr)]">
+        <aside className="h-full min-h-0">
+          <GlobalAgentRoster
+            onSelectSession={handleSelectSession}
+            {...(selectedSessionId !== undefined ? { selectedSessionId } : {})}
+          />
+        </aside>
+        <main className="h-full min-h-0 overflow-hidden">
+          <MissionControlPanel
+            panels={panels}
+            onAddPanel={handleAddPanel}
+            onRemovePanel={handleRemovePanel}
+            onExpandPanel={handleExpandPanel}
+          />
+        </main>
+      </div>
+    </section>
+  );
+}
--- a/apps/web/src/components/mission-control/MissionControlPanel.tsx
+++ b/apps/web/src/components/mission-control/MissionControlPanel.tsx
@@ -0,0 +1,107 @@
+"use client";
+
+import { useEffect } from "react";
+import { OrchestratorPanel } from "@/components/mission-control/OrchestratorPanel";
+import { Button } from "@/components/ui/button";
+
+export interface PanelConfig {
+  sessionId?: string;
+  expanded?: boolean;
+}
+
+interface MissionControlPanelProps {
+  panels: PanelConfig[];
+  onAddPanel: () => void;
+  onRemovePanel: (index: number) => void;
+  onExpandPanel: (index: number) => void;
+}
+
+export const MIN_PANEL_COUNT = 1;
+export const MAX_PANEL_COUNT = 6;
+
+export function MissionControlPanel({
+  panels,
+  onAddPanel,
+  onRemovePanel,
+  onExpandPanel,
+}: MissionControlPanelProps): React.JSX.Element {
+  const expandedPanelIndex = panels.findIndex((panel) => panel.expanded);
+  const expandedPanel = expandedPanelIndex >= 0 ? panels[expandedPanelIndex] : undefined;
+  const canAddPanel = panels.length < MAX_PANEL_COUNT;
+  const canRemovePanel = panels.length > MIN_PANEL_COUNT;
+
+  useEffect(() => {
+    if (expandedPanelIndex < 0) {
+      return;
+    }
+
+    const handleKeyDown = (event: KeyboardEvent): void => {
+      if (event.key === "Escape") {
+        onExpandPanel(expandedPanelIndex);
+      }
+    };
+
+    window.addEventListener("keydown", handleKeyDown);
+
+    return (): void => {
+      window.removeEventListener("keydown", handleKeyDown);
+    };
+  }, [expandedPanelIndex, onExpandPanel]);
+
+  return (
+    <div className="flex h-full min-h-0 flex-col gap-3">
+      <div className="flex items-center justify-between">
+        <h2 className="text-sm font-medium text-muted-foreground">Panels</h2>
+        <Button
+          type="button"
+          variant="outline"
+          size="icon"
+          onClick={onAddPanel}
+          disabled={!canAddPanel}
+          aria-label="Add panel"
+          title={canAddPanel ? "Add panel" : "Maximum of 6 panels"}
+        >
+          <span aria-hidden="true" className="text-lg leading-none">
+            +
+          </span>
+        </Button>
+      </div>
+      <div className="min-h-0 flex-1">
+        {expandedPanelIndex >= 0 && expandedPanel ? (
+          <div className="h-full min-h-0">
+            <OrchestratorPanel
+              {...(expandedPanel.sessionId !== undefined
+                ? { sessionId: expandedPanel.sessionId }
+                : {})}
+              onClose={() => {
+                onRemovePanel(expandedPanelIndex);
+              }}
+              closeDisabled={!canRemovePanel}
+              onExpand={() => {
+                onExpandPanel(expandedPanelIndex);
+              }}
+              expanded
+            />
+          </div>
+        ) : (
+          <div className="grid h-full min-h-0 auto-rows-fr grid-cols-1 gap-4 overflow-y-auto pr-1 md:grid-cols-2 xl:grid-cols-3">
+            {panels.map((panel, index) => (
+              <OrchestratorPanel
+                key={`panel-${String(index)}`}
+                {...(panel.sessionId !== undefined ? { sessionId: panel.sessionId } : {})}
+                onClose={() => {
+                  onRemovePanel(index);
+                }}
+                closeDisabled={!canRemovePanel}
+                onExpand={() => {
+                  onExpandPanel(index);
+                }}
+                expanded={panel.expanded ?? false}
+              />
+            ))}
+          </div>
+        )}
+      </div>
+    </div>
+  );
+}
--- a/apps/web/src/components/mission-control/OrchestratorPanel.tsx
+++ b/apps/web/src/components/mission-control/OrchestratorPanel.tsx
@@ -0,0 +1,217 @@
+"use client";
+
+import { useEffect, useRef, useState } from "react";
+import { formatDistanceToNow } from "date-fns";
+import { BargeInInput } from "@/components/mission-control/BargeInInput";
+import { Badge } from "@/components/ui/badge";
+import type { BadgeVariant } from "@/components/ui/badge";
+import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
+import { PanelControls } from "@/components/mission-control/PanelControls";
+import { ScrollArea } from "@/components/ui/scroll-area";
+import {
+  useSessionStream,
+  useSessions,
+  type MissionControlConnectionStatus,
+  type MissionControlMessageRole,
+} from "@/hooks/useMissionControl";
+
+const ROLE_BADGE_VARIANT: Record<MissionControlMessageRole, BadgeVariant> = {
+  user: "badge-blue",
+  assistant: "status-success",
+  tool: "badge-amber",
+  system: "badge-muted",
+};
+
+const CONNECTION_DOT_CLASS: Record<MissionControlConnectionStatus, string> = {
+  connected: "bg-emerald-500",
+  connecting: "bg-amber-500",
+  error: "bg-red-500",
+};
+
+const CONNECTION_TEXT: Record<MissionControlConnectionStatus, string> = {
+  connected: "Connected",
+  connecting: "Connecting",
+  error: "Error",
+};
+
+export interface OrchestratorPanelProps {
+  sessionId?: string;
+  onClose?: () => void;
+  closeDisabled?: boolean;
+  onExpand?: () => void;
+  expanded?: boolean;
+}
+
+interface PanelHeaderActionsProps {
+  onClose?: () => void;
+  closeDisabled?: boolean;
+  onExpand?: () => void;
+  expanded?: boolean;
+}
+
+function PanelHeaderActions({
+  onClose,
+  closeDisabled = false,
+  onExpand,
+  expanded = false,
+}: PanelHeaderActionsProps): React.JSX.Element | null {
+  if (!onClose && !onExpand) {
+    return null;
+  }
+
+  return (
+    <div className="flex items-center gap-1">
+      {onExpand ? (
+        <Button
+          type="button"
+          variant="ghost"
+          size="icon"
+          className="h-7 w-7"
+          onClick={onExpand}
+          aria-label={expanded ? "Collapse panel" : "Expand panel"}
+          title={expanded ? "Collapse panel" : "Expand panel"}
+        >
+          <span aria-hidden="true" className="text-base leading-none">
+            {expanded ? "↙" : "↗"}
+          </span>
+        </Button>
+      ) : null}
+      {onClose ? (
+        <Button
+          type="button"
+          variant="ghost"
+          size="icon"
+          className="h-7 w-7"
+          onClick={onClose}
+          disabled={closeDisabled}
+          aria-label="Remove panel"
+          title="Remove panel"
+        >
+          <span aria-hidden="true" className="text-base leading-none">
+            ×
+          </span>
+        </Button>
+      ) : null}
+    </div>
+  );
+}
+
+function formatRelativeTimestamp(timestamp: string): string {
+  const parsedDate = new Date(timestamp);
+  if (Number.isNaN(parsedDate.getTime())) {
+    return "just now";
+  }
+
+  return formatDistanceToNow(parsedDate, { addSuffix: true });
+}
+
+export function OrchestratorPanel({
+  sessionId,
+  onClose,
+  closeDisabled,
+  onExpand,
+  expanded,
+}: OrchestratorPanelProps): React.JSX.Element {
+  const { messages, status, error } = useSessionStream(sessionId ?? "");
+  const { sessions } = useSessions();
+  const bottomAnchorRef = useRef<HTMLDivElement | null>(null);
+  const [optimisticStatus, setOptimisticStatus] = useState<string | null>(null);
+
+  const selectedSessionStatus = sessions.find((session) => session.id === sessionId)?.status;
+  const controlsStatus = optimisticStatus ?? selectedSessionStatus ?? "unknown";
+  const panelHeaderActionProps = {
+    ...(onClose !== undefined ? { onClose } : {}),
+    ...(closeDisabled !== undefined ? { closeDisabled } : {}),
+    ...(onExpand !== undefined ? { onExpand } : {}),
+    ...(expanded !== undefined ? { expanded } : {}),
+  };
+
+  useEffect(() => {
+    bottomAnchorRef.current?.scrollIntoView({ block: "end" });
+  }, [messages.length]);
+
+  useEffect(() => {
+    setOptimisticStatus(null);
+  }, [sessionId, selectedSessionStatus]);
+
+  if (!sessionId) {
+    return (
+      <Card className="flex h-full min-h-[220px] flex-col">
+        <CardHeader>
+          <div className="flex items-start justify-between gap-2">
+            <CardTitle className="text-base">Orchestrator Panel</CardTitle>
+            <PanelHeaderActions {...panelHeaderActionProps} />
+          </div>
+        </CardHeader>
+        <CardContent className="flex flex-1 items-center justify-center text-sm text-muted-foreground">
+          Select an agent to view its stream
+        </CardContent>
+      </Card>
+    );
+  }
+
+  return (
+    <Card className="flex h-full min-h-[220px] flex-col">
+      <CardHeader className="space-y-2">
+        <div className="flex items-start justify-between gap-2">
+          <CardTitle className="text-base">Orchestrator Panel</CardTitle>
+          <PanelHeaderActions {...panelHeaderActionProps} />
+        </div>
+        <div className="flex flex-col gap-2 sm:flex-row sm:items-start sm:justify-between">
+          <div className="flex items-center gap-2 text-xs text-muted-foreground">
+            <span
+              className={`h-2.5 w-2.5 rounded-full ${CONNECTION_DOT_CLASS[status]} ${
+                status === "connecting" ? "animate-pulse" : ""
+              }`}
+              aria-hidden="true"
+            />
+            <span>{CONNECTION_TEXT[status]}</span>
+          </div>
+          <PanelControls
+            sessionId={sessionId}
+            status={controlsStatus}
+            onStatusChange={setOptimisticStatus}
+          />
+        </div>
+        <p className="truncate text-xs text-muted-foreground">Session: {sessionId}</p>
+      </CardHeader>
+      <CardContent className="flex min-h-0 flex-1 flex-col p-0">
+        <div className="min-h-0 flex-1">
+          <ScrollArea className="h-full w-full">
+            <div className="flex min-h-full flex-col gap-3 p-4">
+              {messages.length === 0 ? (
+                <p className="mt-6 text-center text-sm text-muted-foreground">
+                  {error ?? "Waiting for messages..."}
+                </p>
+              ) : (
+                messages.map((message) => (
+                  <article
+                    key={message.id}
+                    className="rounded-lg border border-border/70 bg-card px-3 py-2"
+                  >
+                    <div className="mb-2 flex items-center justify-between gap-2">
+                      <Badge variant={ROLE_BADGE_VARIANT[message.role]} className="uppercase">
+                        {message.role}
+                      </Badge>
+                      <time className="text-xs text-muted-foreground">
+                        {formatRelativeTimestamp(message.timestamp)}
+                      </time>
+                    </div>
+                    <p className="whitespace-pre-wrap break-words text-sm text-foreground">
+                      {message.content}
+                    </p>
+                  </article>
+                ))
+              )}
+              <div ref={bottomAnchorRef} />
+            </div>
+          </ScrollArea>
+        </div>
+        <div className="border-t border-border/70 p-3">
+          <BargeInInput sessionId={sessionId} />
+        </div>
+      </CardContent>
+    </Card>
+  );
+}
--- a/apps/web/src/components/mission-control/PanelControls.tsx
+++ b/apps/web/src/components/mission-control/PanelControls.tsx
@@ -0,0 +1,259 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { useMutation, useQueryClient } from "@tanstack/react-query";
+import { Loader2 } from "lucide-react";
+import { Badge } from "@/components/ui/badge";
+import { Button } from "@/components/ui/button";
+import { apiPost } from "@/lib/api/client";
+
+const SESSIONS_QUERY_KEY = ["mission-control", "sessions"] as const;
+
+type PanelAction = "pause" | "resume" | "graceful-kill" | "force-kill";
+type KillConfirmationState = "graceful" | "force" | null;
+
+interface PanelActionResult {
+  nextStatus: string;
+}
+
+export interface PanelControlsProps {
+  sessionId: string;
+  // eslint-disable-next-line @typescript-eslint/no-redundant-type-constituents
+  status: "active" | "paused" | "killed" | string;
+  onStatusChange?: (newStatus: string) => void;
+}
+
+function getErrorMessage(error: unknown): string {
+  if (error instanceof Error && error.message.trim().length > 0) {
+    return error.message;
+  }
+
+  return "Failed to update agent session.";
+}
+
+export function PanelControls({
+  sessionId,
+  status,
+  onStatusChange,
+}: PanelControlsProps): React.JSX.Element {
+  const queryClient = useQueryClient();
+  const [errorMessage, setErrorMessage] = useState<string | null>(null);
+  const [confirmingKill, setConfirmingKill] = useState<KillConfirmationState>(null);
+
+  useEffect(() => {
+    setErrorMessage(null);
+    setConfirmingKill(null);
+  }, [sessionId]);
+
+  const controlMutation = useMutation({
+    mutationFn: async (action: PanelAction): Promise<PanelActionResult> => {
+      switch (action) {
+        case "pause":
+          await apiPost<{ message: string }>(
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/pause`
+          );
+          return { nextStatus: "paused" };
+        case "resume":
+          await apiPost<{ message: string }>(
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/resume`
+          );
+          return { nextStatus: "active" };
+        case "graceful-kill":
+          await apiPost<{ message: string }>(
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
+            { force: false }
+          );
+          return { nextStatus: "killed" };
+        case "force-kill":
+          await apiPost<{ message: string }>(
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
+            { force: true }
+          );
+          return { nextStatus: "killed" };
+      }
+    },
+    onSuccess: ({ nextStatus }): void => {
+      setErrorMessage(null);
+      setConfirmingKill(null);
+      onStatusChange?.(nextStatus);
+      void queryClient.invalidateQueries({ queryKey: SESSIONS_QUERY_KEY });
+    },
+    onError: (error: unknown): void => {
+      setConfirmingKill(null);
+      setErrorMessage(getErrorMessage(error));
+    },
+  });
+
+  const normalizedStatus = status.toLowerCase();
+  const isKilled = normalizedStatus === "killed";
+  const isBusy = controlMutation.isPending;
+  const pendingAction = isBusy ? controlMutation.variables : undefined;
+
+  const submitAction = (action: PanelAction): void => {
+    setErrorMessage(null);
+    controlMutation.mutate(action);
+  };
+
+  const pauseDisabled = isBusy || normalizedStatus === "paused" || isKilled;
+  const resumeDisabled = isBusy || normalizedStatus === "active" || isKilled;
+  const gracefulKillDisabled = isBusy || isKilled;
+  const forceKillDisabled = isBusy || isKilled;
+
+  return (
+    <div className="flex flex-col items-end gap-2">
+      <div className="flex flex-wrap items-center justify-end gap-1.5">
+        <Button
+          type="button"
+          size="sm"
+          variant="secondary"
+          onClick={() => {
+            submitAction("pause");
+          }}
+          disabled={pauseDisabled}
+          aria-label="Pause session"
+        >
+          {pendingAction === "pause" ? (
+            <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+          ) : (
+            <span aria-hidden="true">⏸</span>
+          )}
+          <span>Pause</span>
+        </Button>
+
+        <Button
+          type="button"
+          size="sm"
+          variant="secondary"
+          onClick={() => {
+            submitAction("resume");
+          }}
+          disabled={resumeDisabled}
+          aria-label="Resume session"
+        >
+          {pendingAction === "resume" ? (
+            <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+          ) : (
+            <span aria-hidden="true">▶</span>
+          )}
+          <span>Resume</span>
+        </Button>
+
+        <div className="relative">
+          <Button
+            type="button"
+            size="sm"
+            variant="secondary"
+            onClick={() => {
+              setErrorMessage(null);
+              setConfirmingKill((current) => (current === "graceful" ? null : "graceful"));
+            }}
+            disabled={gracefulKillDisabled}
+            aria-label="Gracefully kill session"
+          >
+            {pendingAction === "graceful-kill" ? (
+              <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+            ) : (
+              <span aria-hidden="true">⏹</span>
+            )}
+            <span>Graceful Kill</span>
+          </Button>
+          {confirmingKill === "graceful" ? (
+            <div className="absolute right-0 top-[calc(100%+0.375rem)] z-20 w-72 rounded-md border border-border bg-card p-2 shadow-lg">
+              <p className="text-xs text-muted-foreground">
+                Gracefully stop this agent after it finishes the current step?
+              </p>
+              <div className="mt-2 flex justify-end gap-1.5">
+                <Button
+                  type="button"
+                  size="sm"
+                  variant="ghost"
+                  onClick={() => {
+                    setConfirmingKill(null);
+                  }}
+                  disabled={isBusy}
+                >
+                  Cancel
+                </Button>
+                <Button
+                  type="button"
+                  size="sm"
+                  variant="secondary"
+                  onClick={() => {
+                    submitAction("graceful-kill");
+                  }}
+                  disabled={isBusy}
+                >
+                  {pendingAction === "graceful-kill" ? (
+                    <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+                  ) : null}
+                  <span>Confirm</span>
+                </Button>
+              </div>
+            </div>
+          ) : null}
+        </div>
+
+        <div className="relative">
+          <Button
+            type="button"
+            size="sm"
+            variant="danger"
+            onClick={() => {
+              setErrorMessage(null);
+              setConfirmingKill((current) => (current === "force" ? null : "force"));
+            }}
+            disabled={forceKillDisabled}
+            aria-label="Force kill session"
+          >
+            {pendingAction === "force-kill" ? (
+              <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+            ) : (
+              <span aria-hidden="true">💀</span>
+            )}
+            <span>Force Kill</span>
+          </Button>
+          {confirmingKill === "force" ? (
+            <div className="absolute right-0 top-[calc(100%+0.375rem)] z-20 w-72 rounded-md border border-border bg-card p-2 shadow-lg">
+              <p className="text-xs text-muted-foreground">
+                This will hard-kill the agent immediately.
+              </p>
+              <div className="mt-2 flex justify-end gap-1.5">
+                <Button
+                  type="button"
+                  size="sm"
+                  variant="ghost"
+                  onClick={() => {
+                    setConfirmingKill(null);
+                  }}
+                  disabled={isBusy}
+                >
+                  Cancel
+                </Button>
+                <Button
+                  type="button"
+                  size="sm"
+                  variant="danger"
+                  onClick={() => {
+                    submitAction("force-kill");
+                  }}
+                  disabled={isBusy}
+                >
+                  {pendingAction === "force-kill" ? (
+                    <Loader2 className="h-3.5 w-3.5 animate-spin" aria-hidden="true" />
+                  ) : null}
+                  <span>Confirm</span>
+                </Button>
+              </div>
+            </div>
+          ) : null}
+        </div>
+      </div>
+
+      {errorMessage ? (
+        <Badge variant="status-error" className="max-w-[32rem] whitespace-normal text-xs">
+          {errorMessage}
+        </Badge>
+      ) : null}
+    </div>
+  );
+}
--- a/apps/web/src/components/ui/collapsible.tsx
+++ b/apps/web/src/components/ui/collapsible.tsx
@@ -0,0 +1,13 @@
+import * as React from "react";
+
+export interface CollapsibleProps extends React.HTMLAttributes<HTMLDivElement> {
+  open?: boolean;
+}
+
+export function Collapsible({
+  open = true,
+  className = "",
+  ...props
+}: CollapsibleProps): React.JSX.Element {
+  return <div data-state={open ? "open" : "closed"} className={className} {...props} />;
+}
--- a/apps/web/src/components/ui/scroll-area.tsx
+++ b/apps/web/src/components/ui/scroll-area.tsx
@@ -0,0 +1,15 @@
+import * as React from "react";
+
+export type ScrollAreaProps = React.HTMLAttributes<HTMLDivElement>;
+
+export const ScrollArea = React.forwardRef<HTMLDivElement, ScrollAreaProps>(
+  ({ className = "", children, ...props }, ref) => {
+    return (
+      <div ref={ref} className={`relative overflow-hidden ${className}`} {...props}>
+        <div className="h-full w-full overflow-auto">{children}</div>
+      </div>
+    );
+  }
+);
+
+ScrollArea.displayName = "ScrollArea";
--- a/apps/web/src/components/ui/sheet.tsx
+++ b/apps/web/src/components/ui/sheet.tsx
@@ -0,0 +1,137 @@
+import * as React from "react";
+import { X } from "lucide-react";
+
+export interface SheetProps {
+  open?: boolean;
+  onOpenChange?: (open: boolean) => void;
+  children?: React.ReactNode;
+}
+
+export interface SheetTriggerProps {
+  children?: React.ReactNode;
+  asChild?: boolean;
+}
+
+export interface SheetContentProps {
+  children?: React.ReactNode;
+  className?: string;
+}
+
+export interface SheetHeaderProps {
+  children?: React.ReactNode;
+  className?: string;
+}
+
+export interface SheetTitleProps {
+  children?: React.ReactNode;
+  className?: string;
+}
+
+export interface SheetDescriptionProps {
+  children?: React.ReactNode;
+  className?: string;
+}
+
+const SheetContext = React.createContext<{
+  open?: boolean;
+  onOpenChange?: (open: boolean) => void;
+}>({});
+
+export function Sheet({ open, onOpenChange, children }: SheetProps): React.JSX.Element {
+  const contextValue: { open?: boolean; onOpenChange?: (open: boolean) => void } = {};
+
+  if (open !== undefined) {
+    contextValue.open = open;
+  }
+
+  if (onOpenChange !== undefined) {
+    contextValue.onOpenChange = onOpenChange;
+  }
+
+  return <SheetContext.Provider value={contextValue}>{children}</SheetContext.Provider>;
+}
+
+export function SheetTrigger({ children, asChild }: SheetTriggerProps): React.JSX.Element {
+  const { onOpenChange } = React.useContext(SheetContext);
+
+  if (asChild && React.isValidElement(children)) {
+    return React.cloneElement(children, {
+      onClick: () => onOpenChange?.(true),
+    } as React.HTMLAttributes<HTMLElement>);
+  }
+
+  return (
+    <button type="button" onClick={() => onOpenChange?.(true)}>
+      {children}
+    </button>
+  );
+}
+
+export function SheetContent({
+  children,
+  className = "",
+}: SheetContentProps): React.JSX.Element | null {
+  const { open, onOpenChange } = React.useContext(SheetContext);
+
+  React.useEffect(() => {
+    if (!open) {
+      return;
+    }
+
+    const onKeyDown = (event: KeyboardEvent): void => {
+      if (event.key === "Escape") {
+        onOpenChange?.(false);
+      }
+    };
+
+    window.addEventListener("keydown", onKeyDown);
+    return (): void => {
+      window.removeEventListener("keydown", onKeyDown);
+    };
+  }, [onOpenChange, open]);
+
+  if (!open) {
+    return null;
+  }
+
+  return (
+    <div className="fixed inset-0 z-50">
+      <button
+        type="button"
+        aria-label="Close sheet"
+        className="absolute inset-0 h-full w-full bg-black/50"
+        onClick={() => onOpenChange?.(false)}
+      />
+
+      <div
+        className={`absolute inset-y-0 right-0 z-10 flex h-full w-full max-w-3xl flex-col border-l border-border bg-background p-6 shadow-xl ${className}`}
+      >
+        <button
+          type="button"
+          onClick={() => onOpenChange?.(false)}
+          className="absolute right-4 top-4 rounded-sm opacity-70 transition-opacity hover:opacity-100"
+        >
+          <X className="h-4 w-4" />
+          <span className="sr-only">Close</span>
+        </button>
+
+        {children}
+      </div>
+    </div>
+  );
+}
+
+export function SheetHeader({ children, className = "" }: SheetHeaderProps): React.JSX.Element {
+  return <div className={`space-y-1 pr-8 ${className}`}>{children}</div>;
+}
+
+export function SheetTitle({ children, className = "" }: SheetTitleProps): React.JSX.Element {
+  return <h2 className={`text-lg font-semibold ${className}`}>{children}</h2>;
+}
+
+export function SheetDescription({
+  children,
+  className = "",
+}: SheetDescriptionProps): React.JSX.Element {
+  return <p className={`text-sm text-muted-foreground ${className}`}>{children}</p>;
+}
--- a/apps/web/src/components/ui/skeleton.tsx
+++ b/apps/web/src/components/ui/skeleton.tsx
@@ -0,0 +1,15 @@
+import * as React from "react";
+
+export type SkeletonProps = React.HTMLAttributes<HTMLDivElement>;
+
+export const Skeleton = React.forwardRef<HTMLDivElement, SkeletonProps>(
+  ({ className = "", ...props }, ref) => (
+    <div
+      ref={ref}
+      className={`animate-pulse rounded-md bg-[rgb(var(--surface-2))] ${className}`}
+      {...props}
+    />
+  )
+);
+
+Skeleton.displayName = "Skeleton";
--- a/apps/web/src/hooks/useChat.ts
+++ b/apps/web/src/hooks/useChat.ts
@@ -27,6 +27,7 @@ export interface UseChatOptions {
  maxTokens?: number;
  systemPrompt?: string;
  projectId?: string | null;
+  agent?: string;
  onError?: (error: Error) => void;
 }

@@ -63,6 +64,7 @@ export function useChat(options: UseChatOptions = {}): UseChatReturn {
    maxTokens,
    systemPrompt,
    projectId,
+    agent,
    onError,
  } = options;

@@ -77,6 +79,10 @@ export function useChat(options: UseChatOptions = {}): UseChatReturn {
  const projectIdRef = useRef<string | null>(projectId ?? null);
  projectIdRef.current = projectId ?? null;

+  // Track agent in ref to prevent stale closures
+  const agentRef = useRef<string | undefined>(agent);
+  agentRef.current = agent;
+
  // Track messages in ref to prevent stale closures during rapid sends
  const messagesRef = useRef<Message[]>(messages);
  messagesRef.current = messages;
@@ -209,6 +215,7 @@ export function useChat(options: UseChatOptions = {}): UseChatReturn {
        ...(temperature !== undefined && { temperature }),
        ...(maxTokens !== undefined && { maxTokens }),
        ...(systemPrompt !== undefined && { systemPrompt }),
+        ...(agentRef.current && { agent: agentRef.current }),
      };

      const controller = new AbortController();
--- a/apps/web/src/hooks/useMissionControl.ts
+++ b/apps/web/src/hooks/useMissionControl.ts
@@ -0,0 +1,189 @@
+"use client";
+
+import { useEffect, useRef, useState } from "react";
+import { useQuery } from "@tanstack/react-query";
+import type { AgentMessageRole, AgentSessionStatus } from "@mosaic/shared";
+import { apiGet } from "@/lib/api/client";
+
+const MISSION_CONTROL_SESSIONS_QUERY_KEY = ["mission-control", "sessions"] as const;
+const SESSIONS_REFRESH_INTERVAL_MS = 15_000;
+
+export type MissionControlMessageRole = AgentMessageRole;
+
+export interface MissionControlSession {
+  id: string;
+  providerId: string;
+  providerType: string;
+  label?: string;
+  status: AgentSessionStatus;
+  parentSessionId?: string;
+  createdAt: string;
+  updatedAt: string;
+  metadata?: Record<string, unknown>;
+}
+
+interface MissionControlSessionsResponse {
+  sessions: MissionControlSession[];
+}
+
+export interface MissionControlStreamMessage {
+  id: string;
+  sessionId: string;
+  role: MissionControlMessageRole;
+  content: string;
+  timestamp: string;
+  metadata?: Record<string, unknown>;
+}
+
+export type MissionControlConnectionStatus = "connecting" | "connected" | "error";
+
+export interface UseSessionsResult {
+  sessions: MissionControlSession[];
+  loading: boolean;
+  error: Error | null;
+}
+
+export interface UseSessionStreamResult {
+  messages: MissionControlStreamMessage[];
+  status: MissionControlConnectionStatus;
+  error: string | null;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null;
+}
+
+function isMessageRole(value: unknown): value is MissionControlMessageRole {
+  return value === "assistant" || value === "system" || value === "tool" || value === "user";
+}
+
+function isMissionControlStreamMessage(value: unknown): value is MissionControlStreamMessage {
+  if (!isRecord(value)) {
+    return false;
+  }
+
+  const { id, sessionId, role, content, timestamp, metadata } = value;
+
+  if (
+    typeof id !== "string" ||
+    typeof sessionId !== "string" ||
+    !isMessageRole(role) ||
+    typeof content !== "string" ||
+    typeof timestamp !== "string"
+  ) {
+    return false;
+  }
+
+  if (metadata !== undefined && !isRecord(metadata)) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Fetches Mission Control sessions.
+ */
+export function useSessions(): UseSessionsResult {
+  const query = useQuery<MissionControlSessionsResponse>({
+    queryKey: MISSION_CONTROL_SESSIONS_QUERY_KEY,
+    queryFn: async (): Promise<MissionControlSessionsResponse> => {
+      return apiGet<MissionControlSessionsResponse>("/api/mission-control/sessions");
+    },
+    refetchInterval: SESSIONS_REFRESH_INTERVAL_MS,
+  });
+
+  return {
+    sessions: query.data?.sessions ?? [],
+    loading: query.isLoading,
+    error: query.error ?? null,
+  };
+}
+
+/**
+ * Backward-compatible alias for early Mission Control integration.
+ */
+export function useMissionControl(): UseSessionsResult {
+  return useSessions();
+}
+
+/**
+ * Streams Mission Control session messages over SSE.
+ */
+export function useSessionStream(sessionId: string): UseSessionStreamResult {
+  const [messages, setMessages] = useState<MissionControlStreamMessage[]>([]);
+  const [status, setStatus] = useState<MissionControlConnectionStatus>("connecting");
+  const [error, setError] = useState<string | null>(null);
+
+  const eventSourceRef = useRef<EventSource | null>(null);
+
+  useEffect(() => {
+    if (eventSourceRef.current !== null) {
+      eventSourceRef.current.close();
+      eventSourceRef.current = null;
+    }
+
+    setMessages([]);
+    setError(null);
+
+    if (!sessionId) {
+      setStatus("connecting");
+      return;
+    }
+
+    if (typeof EventSource === "undefined") {
+      setStatus("error");
+      setError("Mission Control stream is not supported by this browser.");
+      return;
+    }
+
+    setStatus("connecting");
+
+    const source = new EventSource(
+      `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/stream`
+    );
+    eventSourceRef.current = source;
+
+    source.onopen = (): void => {
+      setStatus("connected");
+      setError(null);
+    };
+
+    source.onmessage = (event: MessageEvent<string>): void => {
+      try {
+        const parsed = JSON.parse(event.data) as unknown;
+        if (!isMissionControlStreamMessage(parsed)) {
+          return;
+        }
+
+        setMessages((previousMessages) => [...previousMessages, parsed]);
+      } catch {
+        // Ignore malformed events from the stream.
+      }
+    };
+
+    source.onerror = (): void => {
+      if (source.readyState === EventSource.CONNECTING) {
+        setStatus("connecting");
+        setError(null);
+        return;
+      }
+
+      setStatus("error");
+      setError("Mission Control stream disconnected.");
+    };
+
+    return (): void => {
+      source.close();
+      if (eventSourceRef.current === source) {
+        eventSourceRef.current = null;
+      }
+    };
+  }, [sessionId]);
+
+  return {
+    messages,
+    status,
+    error,
+  };
+}
--- a/apps/web/src/lib/api/agents.ts
+++ b/apps/web/src/lib/api/agents.ts
@@ -0,0 +1,125 @@
+/**
+ * Agent API client
+ * Handles agent-related API interactions
+ */
+
+import { apiGet, apiPost, apiPatch, apiDelete } from "./client";
+
+export interface AgentStatus {
+  id: string;
+  name: string;
+  displayName: string;
+  role: string;
+  isActive: boolean;
+  containerStatus?: "running" | "stopped" | "unknown";
+}
+
+export interface UserAgent {
+  id: string;
+  userId: string;
+  templateId: string | null;
+  name: string;
+  displayName: string;
+  role: string;
+  personality: string;
+  primaryModel: string | null;
+  fallbackModels: string[];
+  toolPermissions: string[];
+  discordChannel: string | null;
+  isActive: boolean;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CreateUserAgentRequest {
+  templateId?: string;
+  name: string;
+  displayName: string;
+  role: string;
+  personality: string;
+  primaryModel?: string;
+  fallbackModels?: string[];
+  toolPermissions?: string[];
+  discordChannel?: string;
+  isActive?: boolean;
+}
+
+export interface UpdateUserAgentRequest {
+  name?: string;
+  displayName?: string;
+  role?: string;
+  personality?: string;
+  primaryModel?: string;
+  fallbackModels?: string[];
+  toolPermissions?: string[];
+  discordChannel?: string;
+  isActive?: boolean;
+}
+
+export interface UpdateUserAgentRequest {
+  name?: string;
+  displayName?: string;
+  role?: string;
+  personality?: string;
+  primaryModel?: string;
+  fallbackModels?: string[];
+  toolPermissions?: string[];
+  discordChannel?: string;
+  isActive?: boolean;
+}
+
+/**
+ * Get all user's agents
+ */
+export async function getAgents(): Promise<UserAgent[]> {
+  return apiGet<UserAgent[]>("/api/agents");
+}
+
+/**
+ * Get all agent statuses
+ */
+export async function getAgentStatuses(): Promise<AgentStatus[]> {
+  return apiGet<AgentStatus[]>("/api/agents/status");
+}
+
+/**
+ * Get a single agent by ID
+ */
+export async function getAgent(id: string): Promise<UserAgent> {
+  return apiGet<UserAgent>(`/api/agents/${id}`);
+}
+
+/**
+ * Get a single agent's status
+ */
+export async function getAgentStatus(id: string): Promise<AgentStatus> {
+  return apiGet<AgentStatus>(`/api/agents/${id}/status`);
+}
+
+/**
+ * Create a new custom agent
+ */
+export async function createAgent(data: CreateUserAgentRequest): Promise<UserAgent> {
+  return apiPost<UserAgent>("/api/agents", data);
+}
+
+/**
+ * Create an agent from a template
+ */
+export async function createAgentFromTemplate(templateId: string): Promise<UserAgent> {
+  return apiPost<UserAgent>(`/api/agents/from-template/${templateId}`, {});
+}
+
+/**
+ * Update an agent
+ */
+export async function updateAgent(id: string, data: UpdateUserAgentRequest): Promise<UserAgent> {
+  return apiPatch<UserAgent>(`/api/agents/${id}`, data);
+}
+
+/**
+ * Delete an agent
+ */
+export async function deleteAgent(id: string): Promise<void> {
+  await apiDelete(`/api/agents/${id}`);
+}
--- a/apps/web/src/lib/api/chat.ts
+++ b/apps/web/src/lib/api/chat.ts
@@ -18,6 +18,7 @@ export interface ChatRequest {
  temperature?: number;
  maxTokens?: number;
  systemPrompt?: string;
+  agent?: string;
 }

 export interface ChatResponse {
@@ -117,7 +118,11 @@ export function streamGuestChat(
          "Content-Type": "application/json",
        },
        credentials: "include",
-        body: JSON.stringify({ messages: request.messages, stream: true }),
+        body: JSON.stringify({
+          messages: request.messages,
+          stream: true,
+          ...(request.agent && { agent: request.agent }),
+        }),
        signal: signal ?? null,
      });

@@ -269,7 +274,11 @@ export function streamChatMessage(
          "X-CSRF-Token": csrfToken,
        },
        credentials: "include",
-        body: JSON.stringify({ messages: request.messages, stream: true }),
+        body: JSON.stringify({
+          messages: request.messages,
+          stream: true,
+          ...(request.agent && { agent: request.agent }),
+        }),
        signal: signal ?? null,
      });

--- a/docs/MISSION-MANIFEST.md
+++ b/docs/MISSION-MANIFEST.md
@@ -1,52 +1,71 @@
-# Mission Manifest — MS21 Multi-Tenant RBAC Data Migration
+# Mission Manifest — MS22-P2 Named Agent Fleet

 > Persistent document tracking full mission scope, status, and session history.
 > Updated by the orchestrator at each phase transition and milestone completion.

 ## Mission

-**ID:** ms21-multi-tenant-rbac-data-migration-20260228
-**Statement:** Build multi-tenant user/workspace/team management, break-glass auth, RBAC UI enforcement, and migrate jarvis-brain data into Mosaic Stack
-**Phase:** Intake
-**Current Milestone:** —
-**Progress:** 0 / 6 milestones
-**Status:** active
-**Last Updated:** 2026-02-28 17:10 UTC
+**ID:** ms22-p2-named-agent-fleet-20260304
+**Statement:** Implement named agent fleet (jarvis, builder, medic) with per-agent personalities, model assignments, Discord channel routing, and WebUI selector.
+**PRD:** `docs/PRD-MS22-P2-AGENT-FLEET.md`
+**Phase:** Completion
+**Status:** completed
+**Last Updated:** 2026-03-05

 ## Success Criteria

-<!-- Define measurable success criteria here -->
+1. ✅ AgentTemplate and UserAgent tables exist and are seeded with jarvis/builder/medic
+2. ✅ Admin CRUD endpoints at `/admin/agent-templates` work and are guarded
+3. ✅ User agent CRUD endpoints allow per-user agent customization
+4. ✅ Chat proxy routes messages to correct agent by name
+5. ✅ Discord channel → agent routing maps #jarvis/#builder/#medic-alerts
+6. ✅ WebUI shows agent selector and connects to correct agent
+7. ✅ All CI gates green

 ## Milestones

-| #   | ID      | Name                       | Status  | Branch | Issue | Started | Completed |
-| --- | ------- | -------------------------- | ------- | ------ | ----- | ------- | --------- |
-| 1   | phase-1 | Schema and Admin API       | pending | —      | —     | —       | —         |
-| 2   | phase-2 | Break-Glass Authentication | pending | —      | —     | —       | —         |
-| 3   | phase-3 | Data Migration             | pending | —      | —     | —       | —         |
-| 4   | phase-4 | Admin UI                   | pending | —      | —     | —       | —         |
-| 5   | phase-5 | RBAC UI Enforcement        | pending | —      | —     | —       | —         |
-| 6   | phase-6 | Verification               | pending | —      | —     | —       | —         |
+| #   | ID            | Name          | Status  | Tasks                  | Notes                       |
+| --- | ------------- | ------------- | ------- | ---------------------- | --------------------------- |
+| 1   | schema-seed   | Schema+Seed   | ✅ done | P2-001, P2-002         | PRs #675, #677 merged       |
+| 2   | admin-crud    | Admin CRUD    | ✅ done | P2-003                 | PR #678 merged              |
+| 3   | user-crud     | User CRUD     | ✅ done | P2-004                 | PR #682 merged              |
+| 4   | agent-routing | Agent Routing | ✅ done | P2-005, P2-006         | PR #684 merged              |
+| 5   | discord-ui    | Discord+UI    | ✅ done | P2-007, P2-008, P2-009 | PRs #685, #687, #688 merged |
+| 6   | verification  | Verification  | ✅ done | P2-010                 | All CI gates green          |

-## Deployment
+## Task Summary

-| Target | URL | Method |
-| ------ | --- | ------ |
-| —      | —   | —      |
+See `docs/TASKS.md` — MS22 Phase 2 section for full task details.
+
+| Task                    | Status  | PR   | Notes                          |
+| ----------------------- | ------- | ---- | ------------------------------ |
+| P2-001 Schema           | ✅ done | #675 | AgentTemplate + UserAgent      |
+| P2-002 Seed             | ✅ done | #677 | jarvis/builder/medic templates |
+| P2-003 Admin CRUD       | ✅ done | #678 | /admin/agent-templates         |
+| P2-004 User CRUD        | ✅ done | #682 | /api/agents                    |
+| P2-005 Status endpoints | ✅ done | #684 | Agent status API               |
+| P2-006 Chat routing     | ✅ done | #684 | Agent routing in chat proxy    |
+| P2-007 Discord routing  | ✅ done | #688 | Channel → agent routing        |
+| P2-008 WebUI selector   | ✅ done | #685 | AgentSelector component        |
+| P2-009 Unit tests       | ✅ done | #687 | Agent services tests           |
+| P2-010 E2E verification | ✅ done | —    | 3547 tests pass, CI green      |

 ## Token Budget

-| Metric | Value  |
-| ------ | ------ |
-| Budget | —      |
-| Used   | 0      |
-| Mode   | normal |
+| Phase             | Est      | Used     |
+| ----------------- | -------- | -------- |
+| Schema+Seed+CRUD  | 30K      | ~15K     |
+| User CRUD+Routing | 40K      | ~25K     |
+| Discord+UI        | 30K      | ~24K     |
+| Verification      | 10K      | ~5K      |
+| **Total**         | **110K** | **~69K** |

-## Session History
+## Session Log

-| Session | Runtime | Started | Duration | Ended Reason | Last Task |
-| ------- | ------- | ------- | -------- | ------------ | --------- |
-
-## Scratchpad
-
-Path: `docs/scratchpads/ms21-multi-tenant-rbac-data-migration-20260228.md`
+| Date       | Work Done                                                                                                         |
+| ---------- | ----------------------------------------------------------------------------------------------------------------- |
+| 2026-03-05 | Session 5: Completed P2-010 E2E verification. All 10 tasks done. Mission complete.                                |
+| 2026-03-05 | Session 4: Completed P2-007 (Discord routing) PR #688. Milestone 5 complete. 9/10 tasks done, only E2E remains.   |
+| 2026-03-05 | Session 3: Completed P2-008 (WebUI agent selector) PR #685. Milestones 1-4 + P2-008 complete (3 tasks remaining). |
+| 2026-03-04 | Session 2: Fixed CI security audit, merged PRs #681, #678, #682. Milestones 1-3 complete (4/6 remaining).         |
+| 2026-03-04 | P2-001..003 shipped; CI fix; postgres rebuilt; mission initialized                                                |
--- a/docs/PRD-MS22-platform.md
+++ b/docs/PRD-MS22-platform.md
@@ -0,0 +1,566 @@
+# PRD: Mosaic Stack Dashboard & Platform Implementation
+
+## Metadata
+
+- Owner: Jason Woltje
+- Date: 2026-02-22
+- Status: in-progress
+- Best-Guess Mode: true
+
+## Problem Statement
+
+The Mosaic Stack web UI has a basic navigation and simple widget-based dashboard that doesn't match the production-ready design vision. The reference design (dashboard.html) defines a comprehensive command center UI with sidebar navigation, topbar, terminal panel, and multiple page layouts. The current implementation uses mismatched design tokens (raw Tailwind colors vs CSS variables), has no collapsible sidebar, no global terminal, and lacks the polished design system from the reference.
+
+## Objectives
+
+1. Implement the dashboard.html reference design as the production UI foundation
+2. Establish a consistent CSS design token system that supports multiple themes
+3. Build a responsive, accessible app shell with collapsible sidebar and full-width header
+4. Create a theme system supporting installable theme packages
+5. Build all dashboard pages (Dashboard, Projects, Workspace, Kanban, Files, Logs, Settings, Profile)
+6. Implement real backend integration (no mock data)
+7. Support multi-tenant configuration with RBAC
+8. Implement federation (master-master and master-slave)
+9. Build global terminal, project chat, and master chat session
+10. Configure telemetry with opt-out support
+
+## Completed Work
+
+### MS15-DashboardShell (v0.0.15) — Complete
+
+Design system + app shell + dashboard page. PRs #451-454.
+
+- CSS design token system (colors, fonts, spacing, radii)
+- App shell layout: collapsible sidebar + full-width header + main content
+- Sidebar navigation with groups, icons, badges, active states, collapse/expand
+- Responsive layout with hamburger at small breakpoints
+- Light/dark theme matching reference design
+- Mosaic logo spinner as global loading indicator
+- Shared component updates in packages/ui
+- Dashboard page: metrics strip, orchestrator sessions, quick actions, activity feed, token budget
+- Grain overlay texture
+
+### Go-Live MVP (v0.0.16) — Complete
+
+Dashboard polish, task ingestion pipeline, agent cycle visibility, deploy + smoke test. PRs #458, #460, #462, #464.
+
+- Fixed broken test suites and removed legacy unused widgets
+- Visual + theme polish across all components
+- Dashboard summary API endpoint (aggregated task counts, project counts, activity, jobs)
+- Dashboard widgets wired to real API data (ActivityFeed, DashboardMetrics, OrchestratorSessions)
+- WebSocket emits for job status/progress/step events
+- Dashboard auto-refresh with polling + progress bars + step status indicators
+- Deployed to mosaic.woltje.com, auth working via Authentik
+- Release tag v0.0.16
+
+### MS16+MS17-PagesDataIntegration (v0.0.17) — Complete
+
+All pages built + wired to real API data. PRs #470-484 (15 PRs). Issues #466-469.
+
+- Custom 404 pages (global + authenticated route groups)
+- Settings root page with 4 category cards
+- Tasks, Calendar, Knowledge pages wired to real API (238+ lines mock data removed)
+- Projects list page with create/delete dialogs
+- Project Workspace page with tabbed view (Tasks, Agent Sessions, Settings)
+- Kanban board with drag-and-drop (@hello-pangea/dnd), 5 status columns, optimistic updates
+- File Manager page with list/grid views, search, create/delete
+- Logs & Telemetry page with auto-refresh, expandable rows, filters
+- Profile page with user info and preferences
+- All 5125 tests passing, CI pipeline #585 green
+- Deployed and smoke-tested at mosaic.woltje.com
+
+### MS18-ThemeWidgets (v0.0.18) — Complete
+
+Theme package system, widget registry, WYSIWYG editor, Kanban filtering. PRs #493-505. Issues #487-491.
+
+- 5 built-in themes (Dark, Light, Nord, Dracula, Solarized) as TypeScript theme packages
+- ThemeProvider with dynamic CSS variable application and instant switching
+- Theme selection UI in Settings with live preview swatches
+- Widget definition registry with configurable sizing and schemas
+- WidgetGrid dashboard with drag-and-drop layout (react-grid-layout)
+- Widget picker drawer for adding widgets from registry
+- Per-widget configuration dialog driven by configSchema
+- Layout save/load/rename/delete via UserLayout API
+- Tiptap WYSIWYG editor for knowledge entries with toolbar
+- Markdown round-trip (import/export)
+- Kanban board filtering by project, assignee, priority, search with URL persistence
+- 1,195 web tests, 3,243 API tests passing
+
+### MS19-ChatTerminal (v0.0.19) — Complete
+
+Real terminal with PTY backend, chat streaming, orchestrator integration. PRs #515-522. Issues #508-512.
+
+- NestJS WebSocket gateway (/terminal namespace) with node-pty for real shell sessions
+- Terminal session persistence in PostgreSQL (Prisma model: TerminalSession)
+- xterm.js integration with FitAddon, WebLinksAddon, CSS variable theme support
+- Multi-session terminal tabs: create/close/rename, tab switching, session recovery
+- SSE chat streaming with token-by-token rendering, abort/cancel support
+- Master chat polish: model selector dropdown, temperature/maxTokens config, ChatEmptyState
+- Orchestrator command system: /status, /agents, /jobs, /pause, /resume, /help
+- Agent output terminal: SSE streaming from orchestrator, lifecycle indicators, read-only view
+- Command autocomplete with keyboard navigation in chat input
+- 328 MS19-specific tests (268 web + 60 API), 4744 total passing
+- Deployed and smoke-tested at mosaic.woltje.com (CI #635 green)
+
+### Bugfix: API Global Prefix (post-MS18) — Complete
+
+PR #507. Fixed systemic 404 on all data endpoints.
+
+- Added `setGlobalPrefix("api")` to NestJS with exclusions for /health and /auth/\*
+- Normalized 6 federation controllers to remove redundant api/ prefix
+- Fixed rollup CVE (GHSA-mw96-cpmx-2vgc) via pnpm override
+
+## Scope
+
+### In Scope (MS16+MS17 — Pages & Data Integration)
+
+This is the active mission scope. MS16 (Pages) and MS17 (Backend Integration) are combined because the backend API modules already exist — the work is primarily frontend page creation and API wiring.
+
+1. Projects list page with CRUD (wire to existing `/api/projects`)
+2. Project workspace/detail page (wire to `/api/projects/:id`, `/api/tasks`, `/api/runner-jobs`)
+3. Kanban board page with status-based columns (wire to existing `/api/tasks`)
+4. File Manager page with tree/list view and CRUD (wire to existing `/api/knowledge`)
+5. Logs & Telemetry page with log viewer and filtering (wire to `/api/runner-jobs`, job steps, events)
+6. Settings root/index page linking to existing subpages
+7. Custom 404 page for unknown routes
+8. Wire `/tasks` page to real API data (currently mock)
+9. Wire `/calendar` page to real API data (currently mock)
+10. Wire `/knowledge` pages to real API data (currently mock)
+
+### In Scope (Future Milestones — Documented for Planning)
+
+11. Theme system with installable theme packages (MS18)
+12. Widget system with installable widget packages, customizable sizes (MS18)
+13. Global terminal: project/orchestrator level, smart (MS19)
+14. Project-level orchestrator chat (MS19)
+15. Master chat session: collapsible sidebar/slideout, always available (MS19)
+16. Site stabilization: workspace context propagation for mutations (MS20)
+17. Site stabilization: personalities API + UI (MS20)
+18. Site stabilization: user preferences API endpoint (MS20)
+19. Site stabilization: orchestrator 502 and WebSocket connectivity (MS20)
+20. Site stabilization: credential management UI (MS20)
+21. Site stabilization: terminal page route (MS20)
+22. Site stabilization: favicon, dark mode dropdown fix (MS20)
+23. Settings page for ALL environment variables, dynamically configurable via webUI (MS21)
+24. Multi-tenant configuration with admin user management (MS21)
+25. Team management with shared data spaces and chat rooms (MS21)
+26. RBAC for file access, resources, models (MS21)
+27. Federation: master-master and master-slave with key exchange (MS22)
+28. Federation testing: 3 instances on Portainer (woltje.com domain) (MS22)
+29. Agent task mapping configuration: system-level defaults, user-level overrides (MS23)
+30. Telemetry: opt-out, customizable endpoint, sanitized data (MS23)
+31. File manager with WYSIWYG editing: system/user/project levels (MS18)
+32. User-level and project-level Kanban with filtering (MS18)
+33. Break-glass authentication user (MS20)
+34. Playwright E2E tests for all pages (MS23)
+35. API documentation via Swagger (MS23)
+36. Backend endpoints for all dashboard data (MS17 — already complete for existing modules)
+37. Profile page linked from user card (MS16)
+
+### Out of Scope
+
+1. Mobile native app
+2. Third-party marketplace for themes/widgets (initial implementation is local package management only)
+3. Mobile native app deployment targets
+4. Calendar system redesign (existing calendar implementation is retained)
+
+## User/Stakeholder Requirements
+
+1. The `jarvis` user must be able to log into mosaic.woltje.com via Authentik as administrator with access to all pages
+2. A standard `jarvis-user` must operate at a lower permission level
+3. A break-glass user must have access without Authentik authentication
+4. All pages must be navigable without errors (no 404s from sidebar links)
+5. Light and dark themes must work across all pages and components
+6. Sidebar must be collapsible with open/close button; hidden by default at small breakpoints
+7. Hamburger button visible at lower breakpoints for sidebar control
+8. The Mosaic Stack logo icon must be the site-wide loading spinner
+9. No mock data — all data pulled from backend APIs
+
+## Functional Requirements
+
+### FR-001: Design Token System
+
+- CSS custom properties for all colors, spacing, typography, radii
+- Dark theme as default (`:root`), light theme via `[data-theme="light"]`
+- Fonts: Outfit (body), Fira Code (monospace)
+- All components must use design tokens, never hardcoded colors
+- **Status: COMPLETE (MS15)**
+
+### FR-002: App Shell Layout
+
+- CSS Grid: sidebar column + header row + main content
+- Full-width header spanning above sidebar and content
+- ASSUMPTION: Header spans full width including above sidebar area. The logo is in the header, not the sidebar. Rationale: User explicitly stated "The logo will NOT be part of the sidebar."
+- **Status: COMPLETE (MS15)**
+
+### FR-003: Sidebar Navigation
+
+- Nav groups: Overview (Dashboard), Workspace (Projects, Project Workspace, Kanban, File Manager), Operations (Logs & Telemetry, Terminal), System (Settings)
+- Collapsible: icon-only mode when collapsed
+- Active state indicator (left border accent)
+- User card in footer with avatar, name, role, online status
+- ASSUMPTION: Sidebar footer user card navigates to Profile page. Rationale: Matches reference design behavior.
+- **Status: COMPLETE (MS15+MS16) — Profile page added in PR #482.**
+
+### FR-004: Header/Topbar
+
+- Logo + brand wordmark (left)
+- Search bar with keyboard shortcut hint
+- System status indicator
+- Terminal toggle button
+- Notification bell with badge
+- Theme toggle (sun/moon icon)
+- User avatar button with dropdown (Profile, Account Settings, Sign Out)
+- **Status: COMPLETE (MS15)**
+
+### FR-005: Responsive Design
+
+- Breakpoints: sm (640px), md (768px), lg (1024px), xl (1280px)
+- Below md: sidebar hidden, hamburger button in header
+- md-lg: sidebar can be toggled
+- lg+: sidebar visible by default
+- **Status: COMPLETE (MS15)**
+
+### FR-006: Dashboard Page
+
+- 6-cell metrics strip with colored top borders and trend indicators
+- Active Orchestrator Sessions card with agent nodes
+- Quick Actions 2x2 grid
+- Activity Feed sidebar card
+- Token Budget sidebar card with progress bars
+- Wired to real API via `/api/dashboard/summary`
+- **Status: COMPLETE (Go-Live MVP)**
+
+### FR-007: Loading Spinner
+
+- Mosaic logo icon (4 corner squares + center circle) with CSS rotation animation
+- Used as global loading indicator across all pages
+- Available as a shared component
+- **Status: COMPLETE (MS15)**
+
+### FR-008: Projects Page (MS16)
+
+- Projects list view with card or table layout
+- Project creation dialog/form
+- Project detail view (name, description, status, created/updated timestamps)
+- Wire to existing `/api/projects` (full CRUD already implemented)
+- Navigate from sidebar → /projects
+- **Status: COMPLETE (MS16) — PR #477. Card layout, create/delete dialogs, status badges.**
+
+### FR-009: Project Workspace Page (MS16)
+
+- Single-project view showing tasks, agent sessions, and project settings
+- Task list for selected project
+- Agent session history and status
+- Wire to `/api/projects/:id`, `/api/tasks`, `/api/runner-jobs`
+- Navigate from sidebar → /workspace (with project context)
+- **Status: COMPLETE (MS16) — PR #479. Tabbed view (Tasks, Agent Sessions, Settings), project selector mode.**
+
+### FR-010: Kanban Board Page (MS16)
+
+- Drag-and-drop board with columns mapped to task status values
+- Task cards showing title, assignee, priority, status
+- Column headers with task counts
+- Wire to existing `/api/tasks` (status field drives columns)
+- Navigate from sidebar → /kanban
+- **Status: COMPLETE (MS16) — PR #478. 5 columns (NOT_STARTED→ARCHIVED), @hello-pangea/dnd, optimistic updates.**
+
+### FR-011: File Manager Page (MS16)
+
+- Tree or list view of knowledge entries
+- CRUD operations (create, read, update, delete)
+- Search functionality
+- Wire to existing `/api/knowledge` (full CRUD + search already implemented)
+- Navigate from sidebar → /files
+- **Status: COMPLETE (MS16) — PR #481. List+grid views, search, create/delete dialogs.**
+
+### FR-012: Logs & Telemetry Page (MS16)
+
+- Log viewer with timestamp, level, source, message columns
+- Filtering by level, source, date range
+- Auto-refresh for live logs
+- Wire to existing runner-jobs, job steps, and events APIs
+- Navigate from sidebar → /logs
+- **Status: COMPLETE (MS16) — PR #480. Auto-refresh (5s polling), expandable rows, filters.**
+
+### FR-013: Settings Root Page (MS16)
+
+- Landing/index page for settings
+- Category cards linking to existing subpages: Credentials, Domains, Personalities, Workspaces
+- Navigate from sidebar → /settings (currently 404; subpages exist)
+- **Status: COMPLETE (MS16) — PR #471. 4 category cards with icons and hover states.**
+
+### FR-014: Custom 404 Page (MS16)
+
+- Branded 404 page matching design system
+- Helpful message and navigation link back to dashboard
+- Applied to all unmatched routes within authenticated layout
+- **Status: COMPLETE (MS16) — PR #472. Global + authenticated route-group 404 pages.**
+
+### FR-015: Mock Data Elimination (MS16+MS17)
+
+- `/tasks` page: replace mock data with `/api/tasks` calls
+- `/calendar` page: replace mock data with `/api/events` calls
+- `/knowledge` pages: replace mock data with `/api/knowledge` calls
+- All pages must render real data from backend APIs
+- **Status: COMPLETE (MS16+MS17) — PRs #473-#476. 238+ lines of mock data removed.**
+
+### FR-016: Theme System (MS18) — COMPLETE
+
+- 5 built-in themes (Dark, Light, Nord, Dracula, Solarized) as TypeScript theme packages
+- ThemeProvider loads themes dynamically, applies CSS variables, instant switching
+- Theme selection UI in Settings with live preview swatches
+- UserPreference.theme persists selection across sessions
+- **Status: COMPLETE (MS18) — PRs #493-495**
+
+### FR-017: Terminal Panel (MS19) — COMPLETE
+
+- Bottom drawer panel, toggleable from header and sidebar
+- Real xterm.js terminal with PTY backend via WebSocket
+- Multiple tabs: shell sessions, orchestrator agent output, build logs
+- Terminal session persistence (create/close/rename tabs)
+- Smart terminal operating at project/orchestrator level
+- ASSUMPTION: Terminal backend uses node-pty for PTY management, communicating via WebSocket namespace (/terminal). Rationale: node-pty is the standard for Node.js terminal emulation, used by VS Code.
+- ASSUMPTION: Terminal sessions are workspace-scoped and stored in PostgreSQL for recovery. Rationale: Consistent with existing workspace isolation pattern.
+- **Status: COMPLETE (MS19) — PRs #515 (gateway), #517 (persistence), #518 (xterm.js), #520 (tabs), #522 (agent tabs). 60 API + 176 web tests.**
+
+### FR-018: Chat Streaming & Master Chat (MS19) — COMPLETE
+
+- Complete SSE streaming for token-by-token chat rendering
+- Master chat sidebar (ChatOverlay) polish: model selector, conversation search, keyboard shortcuts
+- Chat persistence via Ideas API (already implemented)
+- ASSUMPTION: Chat streaming uses existing SSE infrastructure in LLM controller. Frontend needs streamChatMessage() completion. Rationale: Backend SSE is already working, only frontend wiring is missing.
+- **Status: COMPLETE (MS19) — PRs #516 (streaming), #519 (polish). Model selector, temperature/maxTokens config, ChatEmptyState, Cmd+N/L shortcuts. 78 web tests.**
+
+### FR-019: Project-Level Orchestrator Chat (MS19) — COMPLETE
+
+- Chat context scoped to active project
+- Can trigger orchestrator actions: spawn agent, check status, view jobs
+- Command prefix system (/spawn, /status, /jobs) parsed in chat
+- Agent output viewable in terminal tabs
+- ASSUMPTION: Orchestrator commands route through existing web proxy (/api/orchestrator/\*) to orchestrator service. Rationale: Proxy routes already exist and handle auth.
+- **Status: COMPLETE (MS19) — PRs #521 (commands), #522 (agent terminal). /status, /agents, /jobs, /pause, /resume, /help commands. Agent output streaming via SSE. 113 web tests.**
+
+### FR-020: Site Stabilization & Feature Gaps (MS20) — IN PROGRESS
+
+Runtime bugs and feature gaps discovered during live testing of mosaic.woltje.com.
+
+**Workspace Context Propagation:**
+
+- Domains page: "Workspace ID is required" when creating domains
+- Projects page: "Workspace ID is required" when creating projects
+- Credentials page: unable to add credentials (button disabled, feature stub)
+- ASSUMPTION: The `useWorkspaceId()` hook + auto-detect in `apiRequest` from PR #532 handles reads, but mutation endpoints on some pages don't pass workspace ID correctly. Rationale: GET requests work after PR #532 but POST/mutation requests still fail on domains and projects pages.
+
+**Missing API Endpoints:**
+
+- `/api/personalities` — no controller/service exists; frontend expects GET/POST/PATCH/DELETE
+- `/users/me/preferences` — listed in PRD API table but returns 404; frontend profile page depends on it
+- ASSUMPTION: Personalities API follows existing NestJS module patterns (controller + service + DTO + Prisma model). Rationale: Consistent with all other API modules in the codebase.
+- ASSUMPTION: User preferences endpoint is part of the existing users module but route is not registered. Rationale: PRD lists it as an existing endpoint.
+
+**Orchestrator Connectivity:**
+
+- All orchestrator-proxied endpoints return HTTP 502
+- Orchestrator WebSocket connection fails ("Reconnecting to server...")
+- Dashboard widgets: Agent Status, Task Progress, Orchestrator Events all error
+- ASSUMPTION: The orchestrator service container runs but the Next.js API proxy cannot reach it. Root cause is likely environment variable or network configuration in Docker Swarm. Rationale: The orchestrator container exists in the compose file and has Traefik labels.
+
+**UI/UX Issues:**
+
+- Dark mode theming on Formality Level dropdown in Personalities page incorrect
+- favicon.ico missing (404)
+- Terminal sidebar link uses `#terminal` anchor instead of page route
+- `useWorkspaceId` warning in console: no workspace ID in localStorage on fresh sessions
+- ASSUMPTION: Terminal should have a dedicated page route `/terminal` that renders the terminal panel full-screen. Rationale: The sidebar has a Terminal link in the Operations section alongside Logs, implying it should be a navigable page.
+
+**Credential Management:**
+
+- "Add Credential" button is `disabled` in code — feature was stubbed as "coming soon"
+- Need to implement credential creation UI and wire to existing `/api/credentials` CRUD endpoints
+- ASSUMPTION: Credential CRUD frontend can use the existing `/api/credentials` API which was built during M7-CredentialSecurity. Rationale: Backend endpoints exist per audit.
+
+### FR-021: Settings Configuration (Future — MS21)
+
+- All environment variables configurable via UI
+- Minimal launch env vars, rest configurable dynamically
+- Settings stored in DB with RLS
+- Theme selection, widget management, federation config, telemetry config
+
+## Non-Functional Requirements
+
+1. Security: All API endpoints require authentication. RBAC enforced. No PII in telemetry. Secrets never hardcoded.
+2. Performance: Dashboard loads in <2s. No layout shift during theme toggle. Sidebar toggle is instant (<100ms animation).
+3. Reliability: Break-glass auth ensures access when Authentik is down.
+4. Observability: Telemetry with opt-out support. Wide-event logging. Customizable telemetry endpoint.
+
+## Acceptance Criteria
+
+### MS15-DashboardShell — COMPLETE
+
+1. ~~Design tokens from dashboard.html are implemented in globals.css~~ DONE
+2. ~~App shell shows full-width header with logo, collapsible sidebar, main content area~~ DONE
+3. ~~Sidebar has all nav groups with icons, collapses to icon-only mode~~ DONE
+4. ~~Hamburger button appears at mobile breakpoints, sidebar hidden by default~~ DONE
+5. ~~Light/dark theme toggle works across all components~~ DONE
+6. ~~Mosaic logo spinner is used as site-wide loading indicator~~ DONE
+7. ~~Dashboard page shows metrics strip, orchestrator sessions, quick actions, activity feed, token budget~~ DONE
+8. ~~All shared components in packages/ui use design tokens (no hardcoded colors)~~ DONE
+9. ~~Lint, typecheck, and existing tests pass~~ DONE
+10. ~~Grain overlay texture from reference is applied~~ DONE
+
+### Go-Live MVP (v0.0.16) — COMPLETE
+
+11. ~~Dashboard widgets wired to real API data~~ DONE
+12. ~~WebSocket emits for agent job lifecycle~~ DONE
+13. ~~Deployed to mosaic.woltje.com with auth working~~ DONE
+
+### MS16+MS17 — Pages & Data Integration — COMPLETE
+
+14. ~~All sidebar links navigate to functional pages (no 404s)~~ DONE
+15. ~~Projects page: list, create, view project details~~ DONE
+16. ~~Workspace page: view single project with tasks and agent sessions~~ DONE
+17. ~~Kanban page: drag-and-drop board with task status columns~~ DONE
+18. ~~File Manager page: tree/list view with CRUD operations~~ DONE
+19. ~~Logs page: log viewer with filtering and auto-refresh~~ DONE
+20. ~~Settings root page: category index linking to subpages~~ DONE
+21. ~~Custom 404 page for unknown routes~~ DONE
+22. ~~`/tasks` page uses real API data (no mock)~~ DONE
+23. ~~`/calendar` page uses real API data (no mock)~~ DONE
+24. ~~`/knowledge` pages use real API data (no mock)~~ DONE
+25. ~~All new pages support light/dark theme~~ DONE
+26. ~~All new pages are responsive (sm/md/lg/xl breakpoints)~~ DONE
+27. ~~Lint, typecheck, and tests pass~~ DONE
+28. ~~Deployed and smoke-tested at mosaic.woltje.com~~ DONE
+
+### MS18 — Theme & Widget System — COMPLETE
+
+29. ~~5+ themes with live preview and instant switching~~ DONE
+30. ~~Theme selection UI in Settings with swatches~~ DONE
+31. ~~UserPreference.theme persists across sessions~~ DONE
+32. ~~WidgetGrid dashboard with drag/resize/add/remove~~ DONE
+33. ~~Widget picker UI from registry~~ DONE
+34. ~~Per-widget configuration dialog~~ DONE
+35. ~~Layout save/load/rename/delete via API~~ DONE
+36. ~~Tiptap WYSIWYG editor for knowledge entries~~ DONE
+37. ~~Markdown round-trip (import/export)~~ DONE
+38. ~~Kanban filtering by project, assignee, priority, search~~ DONE
+39. ~~All features support all themes~~ DONE
+40. ~~Lint, typecheck, tests pass~~ DONE
+
+### MS19 — Chat & Terminal — COMPLETE
+
+41. ~~Terminal panel has real xterm.js with PTY backend~~ DONE — PR #518
+42. ~~Terminal supports multiple named sessions (tabs)~~ DONE — PR #520
+43. ~~Terminal sessions persist and recover on reconnect~~ DONE — PR #517
+44. ~~Chat streaming renders tokens in real-time (SSE)~~ DONE — PR #516
+45. ~~Master chat sidebar accessible from any page (Cmd+Shift+J)~~ DONE — PR #519
+46. ~~Master chat supports model selection and conversation management~~ DONE — PR #519
+47. ~~Project-level chat can trigger orchestrator actions~~ DONE — PR #521
+48. ~~Agent output viewable in terminal tabs~~ DONE — PR #522
+49. ~~All features support all themes~~ DONE — CSS variables throughout
+50. ~~Lint, typecheck, tests pass~~ DONE — 1441 web + 3303 API = 4744 total
+51. ~~Deployed and smoke-tested~~ DONE — CI #635 green, web deployed to mosaic.woltje.com
+
+### Full Project (All Milestones)
+
+52. jarvis user logs in via Authentik, has admin access to all pages
+53. jarvis-user has standard access at lower permission level
+54. Break-glass user has access without Authentik
+55. Three Mosaic Stack instances on Portainer with federation testing
+56. Playwright tests confirm all pages, functions, theming work
+57. No errors during site navigation
+58. API documented via Swagger with proper auth gating
+59. Telemetry working locally with wide-event logging
+60. Mosaic Telemetry properly reporting to telemetry endpoint
+
+## Constraints and Dependencies
+
+1. Next.js 16 with App Router — all pages use server/client component patterns
+2. Tailwind CSS 3.4 — design tokens must integrate with Tailwind's utility class system
+3. BetterAuth for authentication — must maintain existing auth flow
+4. Authentik as IdP at auth.diversecanvas.com — must remain operational
+5. PostgreSQL 17 with Prisma — all settings stored in DB
+6. Portainer for deployment — 3 instances needed for federation testing
+7. packages/ui is shared across apps — changes affect all consumers
+8. Backend API modules already exist for all page data needs — no new API endpoints required for MS16+MS17 scope
+
+## Risks and Open Questions
+
+1. **Risk**: Pages need to match the design system established in MS15. Inconsistency would degrade UX. Mitigation: Use existing design tokens and shared components exclusively. **RESOLVED** — All MS16+MS17 pages use design tokens consistently.
+2. **Risk**: Kanban drag-and-drop adds complexity and potential for state bugs. Mitigation: Use a proven DnD library. **RESOLVED** — @hello-pangea/dnd selected (maintained fork of react-beautiful-dnd, better TS support). Optimistic updates with rollback on failure.
+3. **Risk**: Mock data elimination may reveal backend API gaps or mismatches. Mitigation: Audit each API response shape against page needs during implementation. **RESOLVED** — All 3 mock-data pages wired successfully. No API gaps found.
+4. ~~**Open**: Exact task status values for Kanban columns~~ **RESOLVED** — TaskStatus enum: NOT_STARTED, IN_PROGRESS, PAUSED, COMPLETED, ARCHIVED (5 columns).
+5. ~~**Open**: Whether Workspace page should require project selection or show a default view~~ **RESOLVED** — Shows project selector when no project param, workspace detail when ?project=id.
+6. ~~**Open**: File Manager page — should it be a direct mapping of Knowledge entries or a separate file abstraction?~~ **RESOLVED** — Direct mapping to Knowledge entries via /api/knowledge. API shape matches file manager needs.
+
+## Existing Backend API Modules (Reference)
+
+These 19 NestJS modules are already implemented with Prisma and available for frontend wiring:
+
+| Module             | Endpoint                       | Capabilities          |
+| ------------------ | ------------------------------ | --------------------- |
+| Projects           | `/api/projects`                | Full CRUD             |
+| Tasks              | `/api/tasks`                   | Full CRUD             |
+| Layouts            | `/api/layouts`                 | Widget placement      |
+| Widgets            | `/api/widgets`                 | Data endpoints        |
+| Activity           | `/api/activity`                | Audit logs            |
+| Dashboard          | `/api/dashboard/summary`       | Aggregated summary    |
+| Knowledge          | `/api/knowledge`               | Full CRUD + search    |
+| Ideas              | `/api/ideas`                   | Capture/CRUD          |
+| Domains            | `/api/domains`                 | CRUD                  |
+| Events             | `/api/events`                  | CRUD                  |
+| Preferences        | `/api/users/me/preferences`    | User settings         |
+| Workspace Settings | `/api/workspaces/:id/settings` | LLM config            |
+| Runner Jobs        | `/api/runner-jobs`             | Job management        |
+| Job Steps          | `/api/runner-jobs/:id/steps`   | Step tracking         |
+| Agent Tasks        | `/api/agent-tasks`             | Agent task management |
+| Credentials        | `/api/credentials`             | Encrypted storage     |
+| Brain/AI           | `/api/brain`                   | Query/search          |
+| WebSocket          | Real-time                      | Event broadcasting    |
+| LLM                | `/api/llm/chat`                | Chat + SSE streaming  |
+| Orchestrator Proxy | `/api/orchestrator/*`          | Agent mgmt proxy      |
+| Telemetry          | Internal                       | Logging/monitoring    |
+
+## Testing and Verification
+
+1. Baseline: `pnpm lint && pnpm build` must pass
+2. Situational: All sidebar links navigate without 404
+3. Situational: Each new page renders with real API data
+4. Situational: Theme toggle on each new page
+5. Situational: Responsive verification at sm/md/lg/xl
+6. E2E: Playwright tests for all page navigation (MS23)
+7. E2E: Auth flow with Authentik (MS23)
+8. Federation: Master-master and master-slave data access tests (MS21)
+
+## Delivery/Milestone Intent
+
+| Milestone                      | Version | Focus                                                             | Status      |
+| ------------------------------ | ------- | ----------------------------------------------------------------- | ----------- |
+| MS15-DashboardShell            | 0.0.15  | Design system + app shell + dashboard page                        | COMPLETE    |
+| Go-Live MVP                    | 0.0.16  | Dashboard polish, ingestion, agent visibility, deploy             | COMPLETE    |
+| MS16+MS17-PagesDataIntegration | 0.0.17  | All pages built + wired to real API data                          | COMPLETE    |
+| MS18-ThemeWidgets              | 0.0.18  | Theme package system, widget registry, WYSIWYG, Kanban filtering  | COMPLETE    |
+| MS19-ChatTerminal              | 0.0.19  | Global terminal, project chat, master chat session                | COMPLETE    |
+| MS20-SiteStabilization         | 0.0.20  | Runtime bug fixes, missing endpoints, orchestrator connectivity   | IN PROGRESS |
+| MS21-MultiTenant               | 0.0.21  | Multi-tenant, teams, RBAC, RLS enforcement, break-glass auth      | NOT STARTED |
+| MS22-Federation                | 0.0.22  | Federation (M-M, M-S), 3 instances, key exchange, data separation | NOT STARTED |
+| MS23-AgentTelemetry            | 0.0.23  | Agent task mapping, telemetry, wide-event logging                 | NOT STARTED |
+| MS24-Testing                   | 0.0.24  | Playwright E2E, federation tests, documentation finalization      | NOT STARTED |
+
+## Assumptions
+
+1. ASSUMPTION: Header spans full width including above sidebar area. The logo is in the header, not the sidebar. Rationale: User explicitly stated "The logo will NOT be part of the sidebar."
+2. ASSUMPTION: Sidebar footer user card navigates to Profile page. Rationale: Matches reference design behavior.
+3. ASSUMPTION: Initial implementation supports dark/light from reference design. Multi-theme package system is a future milestone. Rationale: Foundation must be solid before extensibility.
+4. ASSUMPTION: MS16 and MS17 are combined into a single mission because 19 backend API modules already exist with real Prisma business logic. The remaining work is primarily frontend page creation and API wiring. Rationale: Backend audit on 2026-02-22 confirmed all required endpoints are implemented.
+5. ASSUMPTION: File Manager page maps to Knowledge entries rather than a separate file system abstraction. Rationale: `/api/knowledge` provides full CRUD + search which matches file manager needs. Can be extended later if needed.
+6. ASSUMPTION: Theme packages are code-level TypeScript files (not runtime-installable npm packages). Each theme exports CSS variable overrides. Rationale: Keeps the system simple for MS18; runtime package loading can be added in a future milestone.
+7. ASSUMPTION: WYSIWYG editor uses Tiptap (ProseMirror-based, headless). Rationale: Headless approach integrates naturally with the CSS variable design system, excellent markdown import/export, TypeScript-first, battle-tested.
+8. ASSUMPTION: MS18 includes WYSIWYG editing for knowledge entries and Kanban filtering enhancements in addition to themes and widgets. These were originally listed separately but are grouped into MS18 per PRD scope items 24-25. Rationale: All are frontend-focused enhancements that build on the existing page infrastructure.
+9. ASSUMPTION: The `useWorkspaceId()` hook + auto-detect in `apiRequest` from PR #532 handles reads, but mutation endpoints on some pages don't pass workspace ID correctly. Rationale: GET requests work after PR #532 but POST/mutation requests still fail on domains and projects pages.
+10. ASSUMPTION: Personalities API follows existing NestJS module patterns (controller + service + DTO + Prisma model). Rationale: Consistent with all other API modules in the codebase.
+11. ASSUMPTION: User preferences endpoint is part of the existing users module but route is not registered. Rationale: PRD lists it as an existing endpoint.
+12. ASSUMPTION: The orchestrator service container runs but the Next.js API proxy cannot reach it. Root cause is likely environment variable or network configuration in Docker Swarm. Rationale: The orchestrator container exists in the compose file and has Traefik labels.
+13. ASSUMPTION: Terminal should have a dedicated page route `/terminal` that renders the terminal panel full-screen. Rationale: The sidebar has a Terminal link in the Operations section alongside Logs, implying it should be a navigable page.
+14. ASSUMPTION: Credential CRUD frontend can use the existing `/api/credentials` API which was built during M7-CredentialSecurity. Rationale: Backend endpoints exist per audit.
--- a/docs/PRD-MS23-mission-control.md
+++ b/docs/PRD-MS23-mission-control.md
@@ -0,0 +1,555 @@
+# PRD: MS23 — Mission Control Dashboard & Agent Provider Interface
+
+## Metadata
+
+- **Owner:** Jason Woltje
+- **Date:** 2026-03-06
+- **Status:** draft
+- **Mission ID:** ms23-mission-control-20260306
+- **Target Version:** 0.0.23
+- **Roadmap Milestone:** M6 — Orchestration (0.0.6 trajectory)
+- **Depends On:** MS22 Phase 2 (Named Agent Fleet) — COMPLETE
+- **Related Docs:**
+  - `~/src/jarvis-brain/docs/planning/MISSION-CONTROL-UI-PRD.md` (concept origin)
+  - `~/src/jarvis-brain/docs/planning/FLEET-EVOLUTION-PLAN.md`
+  - `docs/PRD-MS22-P2-AGENT-FLEET.md`
+
+---
+
+## Problem Statement
+
+The Mosaic orchestration backend is fully operational: agents spawn, execute tasks, publish lifecycle events via Valkey pub/sub, and can be killed via API. The frontend exposes rudimentary widgets (AgentStatusWidget, OrchestratorEventsWidget) that show aggregate status.
+
+What's missing is **operational visibility and control at the session level**. There is no way to:
+
+1. See what an individual agent is actually saying and doing (conversation stream per agent)
+2. Inject a message into a running agent session without terminating it (barge-in)
+3. Understand the parent/child relationship between orchestrators and their subagents
+4. Connect Mosaic's orchestration layer to external agent runtimes (OpenClaw sessions, Codex ACP, raw PTY agents) through a consistent, extensible interface
+
+Jason operates multiple projects in parallel — multiple orchestrating agents running simultaneously across missions. Today this requires context-switching between terminals, Discord channels, and status widgets. Mission Control solves this.
+
+**Mosaic is designed to be an enterprise-grade, multi-user AI operations platform.** Not every user will use OpenClaw. Not every team will use Codex. Mosaic must provide a plugin adapter interface that allows any agent runtime to integrate with the same orchestration harness, control plane, and UI.
+
+---
+
+## Objectives
+
+1. **Mission Control Dashboard** — Single-pane-of-glass view: N orchestrator panels in a responsive grid, each showing a live agent chat stream with full operator controls
+2. **Per-Agent Conversation Streaming** — Stream individual agent message logs (not just lifecycle events) to the frontend via SSE
+3. **Barge-In / Message Injection** — Operator can inject messages directly into any running agent session with audit trail
+4. **Subagent Tree Tracking** — Agents report parent/child relationships; UI renders the full agent roster as a tree
+5. **Agent Provider Interface (API)** — Formal plugin adapter interface that any agent runtime can implement to integrate with Mosaic's orchestration layer
+6. **OpenClaw Provider Adapter** — Reference implementation of the Agent Provider Interface for OpenClaw ACP sessions
+7. **Operator Controls** — Pause, resume, graceful terminate, hard kill per agent; kill-all panic button
+8. **Audit Trail** — All operator interventions (barge-in, kill, pause) logged with timestamp, user, target, and content
+
+---
+
+## Scope
+
+### In Scope
+
+- Agent conversation log storage and streaming API (per-agent SSE stream of messages)
+- Barge-in endpoint: inject operator message into running agent session
+- Pause / resume agent execution
+- Subagent tree: parent-agent relationship on spawn registration
+- Agent Provider Interface: TypeScript interface + NestJS plugin module
+- OpenClaw adapter: implements Agent Provider Interface for OpenClaw sessions
+- Mission Control page (`/mission-control`) with grid of orchestrator panels
+- OrchestratorPanel component: live chat stream + barge-in input + operator controls
+- Global Agent Roster: tree view sidebar showing all agents + subagents with kill buttons
+- Audit log: UI and API for operator action history
+- Role: `operator` (full control) and `observer` (read-only) applied to all new endpoints
+
+### Out of Scope
+
+- Mobile layout (desktop-first, responsive grid min-width 1200px)
+- Multi-user concurrent barge-in coordination (single operator per session)
+- Historical session replay / time-travel debugging (future milestone)
+- Codex ACP adapter (follow-on after OpenClaw adapter validates interface)
+- Raw PTY adapter (follow-on)
+- Agent-to-agent communication graph visualization (future)
+- Agent marketplace / plugin registry UI (future)
+
+---
+
+## Current State Assessment
+
+### What Exists (Do Not Rebuild)
+
+| Component                | Location                                | Status                           |
+| ------------------------ | --------------------------------------- | -------------------------------- |
+| AgentSpawnerService      | `apps/orchestrator/src/spawner/`        | ✅ Production                    |
+| AgentLifecycleService    | `apps/orchestrator/src/spawner/`        | ✅ Production                    |
+| KillswitchService        | `apps/orchestrator/src/killswitch/`     | ✅ Production                    |
+| AgentEventsService       | `apps/orchestrator/src/api/agents/`     | ✅ SSE lifecycle events          |
+| `GET /agents`            | Orchestrator API                        | ✅ Lists all agents              |
+| `POST /agents/:id/kill`  | Orchestrator API                        | ✅ Kills agent                   |
+| `POST /agents/kill-all`  | Orchestrator API                        | ✅ Kills all                     |
+| `GET /agents/events`     | Orchestrator API                        | ✅ SSE lifecycle stream          |
+| AgentStatusWidget        | `apps/web/src/components/widgets/`      | ✅ Polls agent list              |
+| OrchestratorEventsWidget | `apps/web/src/components/widgets/`      | ✅ SSE lifecycle events          |
+| HUD widget grid          | `apps/web/src/components/hud/`          | ✅ Drag/resize/add/remove        |
+| Chat component           | `apps/web/src/components/chat/`         | ✅ Chat UI exists                |
+| Socket.io                | `apps/api/` (speech.gateway.ts)         | ✅ WebSocket pattern established |
+| CoordinatorIntegration   | `apps/api/src/coordinator-integration/` | ✅ API ↔ Orchestrator bridge     |
+
+### What's Missing (Build This)
+
+| Gap                                              | Priority |
+| ------------------------------------------------ | -------- |
+| Per-agent conversation message log (DB + API)    | P0       |
+| Per-agent SSE message stream                     | P0       |
+| Barge-in endpoint (`POST /agents/:id/inject`)    | P0       |
+| Pause / resume endpoints                         | P1       |
+| Subagent tree (parentAgentId on registration)    | P0       |
+| Agent Provider Interface (plugin API)            | P0       |
+| OpenClaw adapter (implements provider interface) | P1       |
+| Mission Control page (`/mission-control`)        | P0       |
+| OrchestratorPanel component                      | P0       |
+| Global Agent Roster (tree view)                  | P0       |
+| Audit log (DB + API + UI)                        | P1       |
+
+---
+
+## Architecture
+
+### Agent Provider Interface
+
+Mosaic defines a standard contract. Any agent runtime that implements this interface integrates natively with Mission Control.
+
+```typescript
+// packages/shared/src/agent-provider.interface.ts
+
+export interface AgentSession {
+  sessionId: string;
+  parentSessionId?: string; // For subagent tree
+  provider: string; // "internal" | "openclaw" | "codex" | ...
+  status: AgentSessionStatus;
+  taskId?: string;
+  missionId?: string;
+  agentType?: string;
+  spawnedAt: string;
+  startedAt?: string;
+  completedAt?: string;
+  error?: string;
+  metadata?: Record<string, unknown>;
+}
+
+export type AgentSessionStatus =
+  | "spawning"
+  | "running"
+  | "waiting"
+  | "paused"
+  | "completed"
+  | "failed"
+  | "killed";
+
+export interface AgentMessage {
+  messageId: string;
+  sessionId: string;
+  role: "agent" | "user" | "system" | "operator";
+  content: string;
+  timestamp: string;
+  metadata?: Record<string, unknown>;
+}
+
+export interface IAgentProvider {
+  readonly providerName: string;
+
+  /** List all currently active sessions */
+  listSessions(): Promise<AgentSession[]>;
+
+  /** Get a single session's current state */
+  getSession(sessionId: string): Promise<AgentSession | null>;
+
+  /** Get recent messages for a session */
+  getMessages(sessionId: string, limit?: number): Promise<AgentMessage[]>;
+
+  /** Subscribe to a session's message stream. Returns unsubscribe fn. */
+  subscribeToMessages(sessionId: string, handler: (message: AgentMessage) => void): () => void;
+
+  /** Inject an operator message into a running session (barge-in) */
+  injectMessage(sessionId: string, content: string, operatorId: string): Promise<void>;
+
+  /** Pause a running agent session */
+  pause(sessionId: string): Promise<void>;
+
+  /** Resume a paused agent session */
+  resume(sessionId: string): Promise<void>;
+
+  /** Graceful terminate — allow agent to finish current step */
+  terminate(sessionId: string): Promise<void>;
+
+  /** Hard kill — immediate termination */
+  kill(sessionId: string): Promise<void>;
+}
+```
+
+### Internal Provider
+
+The existing orchestrator's Docker-based agents implement `IAgentProvider` as the "internal" provider. No behavior change — just wraps existing services behind the interface.
+
+### OpenClaw Provider
+
+Connects to an OpenClaw gateway via its REST API:
+
+- `GET /sessions` → `listSessions()`
+- `GET /sessions/:key/history` → `getMessages()`
+- `POST /sessions/:key/send` → `injectMessage()`
+- OpenClaw SSE or polling → `subscribeToMessages()`
+
+Config per workspace in DB (`AgentProvider` table): gateway URL, API token.
+
+### Provider Registry
+
+```typescript
+// apps/api/src/agent-providers/provider-registry.service.ts
+@Injectable()
+export class AgentProviderRegistry {
+  register(provider: IAgentProvider): void;
+  getProvider(name: string): IAgentProvider;
+  getAllProviders(): IAgentProvider[];
+  listAllSessions(): Promise<AgentSession[]>; // Aggregates across all providers
+}
+```
+
+---
+
+## Database Schema
+
+### New Tables
+
+```prisma
+// AgentConversationMessage — stores all agent messages for streaming + history
+model AgentConversationMessage {
+  id          String   @id @default(cuid())
+  sessionId   String                         // matches agentId in orchestrator
+  provider    String   @default("internal")  // "internal" | "openclaw" | ...
+  role        String                         // "agent" | "user" | "system" | "operator"
+  content     String
+  timestamp   DateTime @default(now())
+  metadata    Json     @default("{}")
+
+  @@index([sessionId, timestamp])
+}
+
+// AgentSessionTree — tracks parent/child relationships
+model AgentSessionTree {
+  id              String   @id @default(cuid())
+  sessionId       String   @unique
+  parentSessionId String?
+  provider        String   @default("internal")
+  missionId       String?
+  taskId          String?
+  agentType       String?
+  status          String   @default("spawning")
+  spawnedAt       DateTime @default(now())
+  completedAt     DateTime?
+  metadata        Json     @default("{}")
+
+  @@index([parentSessionId])
+  @@index([missionId])
+}
+
+// AgentProviderConfig — external provider registration per workspace
+model AgentProviderConfig {
+  id          String   @id @default(cuid())
+  workspaceId String
+  name        String                         // "openclaw-prod", "codex-team", ...
+  provider    String                         // "openclaw" | "codex" | ...
+  gatewayUrl  String
+  credentials Json     @default("{}")        // Encrypted via CryptoService
+  isActive    Boolean  @default(true)
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  @@unique([workspaceId, name])
+}
+
+// OperatorAuditLog — all operator interventions
+model OperatorAuditLog {
+  id         String   @id @default(cuid())
+  userId     String
+  sessionId  String
+  provider   String
+  action     String                          // "barge-in" | "kill" | "pause" | "resume" | "kill-all"
+  content    String?                         // For barge-in: message injected
+  metadata   Json     @default("{}")
+  createdAt  DateTime @default(now())
+
+  @@index([sessionId])
+  @@index([userId])
+  @@index([createdAt])
+}
+```
+
+---
+
+## API Endpoints
+
+### Orchestrator API — New Endpoints
+
+```
+POST /agents/:agentId/inject       — Barge-in: inject operator message
+POST /agents/:agentId/pause        — Pause agent execution
+POST /agents/:agentId/resume       — Resume paused agent
+GET  /agents/:agentId/messages     — Get message history (paginated)
+GET  /agents/:agentId/messages/stream — SSE: live message stream for this agent
+GET  /agents/tree                  — Full subagent tree (all agents with parent/child)
+```
+
+### Main API — New Endpoints
+
+```
+# Agent Provider Management
+GET    /api/agent-providers                     — List configured providers
+POST   /api/agent-providers                     — Register external provider
+PATCH  /api/agent-providers/:id                 — Update provider config
+DELETE /api/agent-providers/:id                 — Remove provider
+
+# Unified Session View (aggregates all providers)
+GET    /api/mission-control/sessions            — All active sessions (all providers)
+GET    /api/mission-control/sessions/:id        — Single session details
+GET    /api/mission-control/sessions/:id/messages — Message history
+GET    /api/mission-control/sessions/:id/stream   — SSE message stream (proxied)
+POST   /api/mission-control/sessions/:id/inject   — Barge-in (proxied to provider)
+POST   /api/mission-control/sessions/:id/pause    — Pause (proxied)
+POST   /api/mission-control/sessions/:id/resume   — Resume (proxied)
+POST   /api/mission-control/sessions/:id/kill     — Kill (proxied)
+GET    /api/mission-control/tree                  — Full agent tree (all providers)
+GET    /api/mission-control/audit                 — Operator audit log (paginated)
+```
+
+### Authorization
+
+All Mission Control endpoints require auth + workspace context.
+
+- `operator` role: full access (read + inject + kill + pause)
+- `observer` role: read-only (no inject, no kill, no pause)
+- `admin` role: full access + provider config management
+
+---
+
+## Frontend — Mission Control Page
+
+### Route
+
+`/mission-control` — new top-level page in the web app, linked in sidebar under "Orchestration"
+
+### Layout
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│ ⚙ MISSION CONTROL              [+ Add Panel] [🔴 KILL ALL]     │
+├──────────────────────────────────────┬──────────────────────────┤
+│                                      │ ACTIVE AGENTS            │
+│  ┌──────────────┬──────────────┐     │ ▼ ms22 [internal] 🟢    │
+│  │ [Panel: ms22]│ [Panel: SAGE]│     │   ├ codex-1 task-api 🟢 │
+│  │  🟢 3 agents │  🟡 1 agent  │     │   ├ codex-2 task-ui  🟢 │
+│  │              │              │     │   └ glm-1   task-db  🟡 │
+│  │ [chat stream]│ [chat stream]│     │ ▼ SAGE [openclaw] 🟢    │
+│  │              │              │     │   └ codex-1 task-prd 🟢 │
+│  │ [input    ▶] │ [input    ▶] │     │                          │
+│  │ [⚡][⏸][💀] │ [⚡][⏸][💀] │     │ [⏸ pause] [💀 kill] per │
+│  └──────────────┴──────────────┘     │ agent                   │
+│                                      │                          │
+│  [+ Add Orchestrator Panel]          │ [📋 Audit Log]          │
+└──────────────────────────────────────┴──────────────────────────┘
+```
+
+### Components
+
+**MissionControlPage** (`/app/mission-control/page.tsx`)
+
+- Fetches active sessions from `/api/mission-control/sessions`
+- Renders N `OrchestratorPanel` in a responsive CSS grid
+- Sidebar: `GlobalAgentRoster`
+- Header: session count, Kill All button (confirm dialog)
+
+**OrchestratorPanel** (`components/mission-control/OrchestratorPanel.tsx`)
+
+- Props: `sessionId`, `provider`, `title`
+- Subscribes to `/api/mission-control/sessions/:id/stream` (SSE)
+- Renders scrollable message list (role-tagged, styled by role)
+- Input box + Send button (barge-in → `POST /inject`)
+- Header: status badge, agent count, elapsed time, ⚡ Barge-In toggle, ⏸ Pause, 💀 Kill
+- Expandable to full-screen (modal overlay)
+- Color-coded border by status (green/yellow/red/gray)
+
+**GlobalAgentRoster** (`components/mission-control/GlobalAgentRoster.tsx`)
+
+- Fetches `/api/mission-control/tree`
+- Renders tree: orch session → indented subagents
+- Per-row: provider badge, status dot, task label, elapsed, Kill button
+- Real-time updates via polling or SSE events
+
+**BargeInInput** (`components/mission-control/BargeInInput.tsx`)
+
+- Elevated textarea that renders inside a panel
+- "Pause before send" checkbox
+- Sends to `POST /inject`, shows confirmation
+
+**AuditLogDrawer** (`components/mission-control/AuditLogDrawer.tsx`)
+
+- Slide-in drawer from right
+- Paginated table: timestamp, user, action, session, content preview
+- Triggered from sidebar "Audit Log" button
+
+**KillAllDialog** (`components/mission-control/KillAllDialog.tsx`)
+
+- Confirmation modal with provider scope selector
+- "Kill all internal agents" / "Kill all (all providers)"
+- Requires typing "KILL ALL" to confirm
+
+---
+
+## Implementation Phases
+
+### Phase 0 — Foundation (Backend Core)
+
+Backend infrastructure required before any UI work.
+
+| Task        | Description                                                                                                                    | Scope        | Est |
+| ----------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------ | --- |
+| MS23-P0-001 | Prisma schema: AgentConversationMessage, AgentSessionTree, AgentProviderConfig, OperatorAuditLog — see mosaic-queue note below | api          | 15K |
+| MS23-P0-002 | Agent message ingestion: wire spawner/lifecycle to write messages to DB                                                        | orchestrator | 20K |
+| MS23-P0-003 | Orchestrator API: `GET /agents/:id/messages` + SSE stream endpoint                                                             | orchestrator | 20K |
+| MS23-P0-004 | Orchestrator API: `POST /agents/:id/inject` + pause/resume                                                                     | orchestrator | 15K |
+| MS23-P0-005 | Subagent tree: `parentAgentId` on spawn registration + `GET /agents/tree`                                                      | orchestrator | 15K |
+| MS23-P0-006 | Unit + integration tests for all P0 orchestrator endpoints                                                                     | orchestrator | 20K |
+
+**Phase 0 gate:** All orchestrator endpoints tested and green. Per-agent message stream verified via curl/SSE client.
+
+> **mosaic-queue Integration Note**
+>
+> `mosaic-queue` (`~/src/mosaic-queue`) is a standalone Valkey-backed task registry (CLI + MCP server) that agents use to claim and complete tasks in a pull model. It is complementary to — not a replacement for — the orchestrator's internal `QueueService` (which is push-based agent dispatch).
+>
+> **Schema impact on MS23-P0-001:**
+>
+> - `AgentSessionTree.taskId` should be `String?` and optionally reference a mosaic-queue task key
+> - Add `AgentSessionTree.taskSource String? @default("internal")` — values: `"internal"` | `"mosaic-queue"` | `"external"`
+> - This allows Mission Control's agent roster to resolve task metadata (title, priority, status) from the correct source
+>
+> **Future integration point:**
+> mosaic-queue Phase 3 ("coordinator integration") will wire the coordinator to claim tasks from mosaic-queue and spawn orchestrator agents against them. When that ships, Mission Control will inherit rich task context (title, lane, priority, retry count) from the queue automatically — no rework needed in MS23's data model if `taskSource` is present from the start.
+>
+> **No blocking dependency:** mosaic-queue Phase 3 is not required for MS23. The `taskSource` field is additive and can be `null` initially.
+
+### Phase 1 — Provider Interface (Plugin Architecture)
+
+| Task        | Description                                                                                                      | Scope  | Est |
+| ----------- | ---------------------------------------------------------------------------------------------------------------- | ------ | --- |
+| MS23-P1-001 | `IAgentProvider` interface + shared types in `packages/shared`                                                   | shared | 10K |
+| MS23-P1-002 | `InternalAgentProvider`: wrap existing orchestrator services behind interface                                    | api    | 20K |
+| MS23-P1-003 | `AgentProviderRegistry`: register/retrieve providers, aggregate listSessions                                     | api    | 15K |
+| MS23-P1-004 | `AgentProviderConfig` CRUD API (`/api/agent-providers`)                                                          | api    | 15K |
+| MS23-P1-005 | Mission Control proxy API (`/api/mission-control/*`): routes to registry, handles SSE proxying, writes audit log | api    | 30K |
+| MS23-P1-006 | Unit tests for registry, proxy service, internal provider                                                        | api    | 20K |
+
+**Phase 1 gate:** Unified `/api/mission-control/sessions` returns sessions from internal provider. Proxy routes correctly to internal provider for kill/pause/inject. Audit log persisted.
+
+### Phase 2 — Mission Control UI
+
+| Task        | Description                                                             | Scope | Est |
+| ----------- | ----------------------------------------------------------------------- | ----- | --- |
+| MS23-P2-001 | `/mission-control` page route + layout shell                            | web   | 10K |
+| MS23-P2-002 | `OrchestratorPanel` component: SSE message stream, chat display         | web   | 25K |
+| MS23-P2-003 | `BargeInInput` component: inject message, pause-before-send             | web   | 15K |
+| MS23-P2-004 | Panel operator controls: pause, resume, graceful kill, hard kill        | web   | 15K |
+| MS23-P2-005 | `GlobalAgentRoster` sidebar: tree view, per-agent kill                  | web   | 20K |
+| MS23-P2-006 | `KillAllDialog`: confirmation modal with scope selector                 | web   | 10K |
+| MS23-P2-007 | `AuditLogDrawer`: paginated audit history                               | web   | 15K |
+| MS23-P2-008 | Panel grid: responsive layout, add/remove panels, expand to full-screen | web   | 20K |
+| MS23-P2-009 | Frontend tests (vitest + Playwright E2E for mission control page)       | web   | 25K |
+
+**Phase 2 gate:** Mission Control page renders with live panels. Barge-in sends and displays. Kill triggers confirmation and removes agent from roster. Audit log shows entries. All tests green.
+
+### Phase 3 — OpenClaw Provider Adapter
+
+| Task        | Description                                                                        | Scope   | Est |
+| ----------- | ---------------------------------------------------------------------------------- | ------- | --- |
+| MS23-P3-001 | `OpenClawProvider`: implement `IAgentProvider` against OpenClaw REST API           | api     | 25K |
+| MS23-P3-002 | OpenClaw session polling / SSE bridge: translate OpenClaw events to `AgentMessage` | api     | 20K |
+| MS23-P3-003 | Provider config UI: register OpenClaw gateway (URL + API token) in Settings        | web     | 15K |
+| MS23-P3-004 | E2E test: OpenClaw provider registered → sessions appear in Mission Control        | api+web | 20K |
+
+**Phase 3 gate:** OpenClaw sessions visible in Mission Control alongside internal agents. Barge-in to OpenClaw session injects message and shows in panel stream.
+
+### Phase 4 — Verification & Release
+
+| Task        | Description                                                                             | Scope | Est |
+| ----------- | --------------------------------------------------------------------------------------- | ----- | --- |
+| MS23-P4-001 | Full QA: all gates (lint, typecheck, unit, E2E)                                         | stack | 10K |
+| MS23-P4-002 | Security review: auth on all new endpoints, audit log integrity, barge-in rate limiting | api   | 10K |
+| MS23-P4-003 | Deploy to production (mosaic.woltje.com), smoke test with live agents                   | stack | 5K  |
+| MS23-P4-004 | Update ROADMAP.md + CHANGELOG.md, tag v0.0.23                                           | stack | 3K  |
+
+---
+
+## Completion Gates (Mandatory)
+
+Per Mosaic E2E delivery framework — a task is NOT done until:
+
+- [ ] Code review (independent review of every changed file)
+- [ ] Security review (auth, input validation, error leakage)
+- [ ] QA / tests green (`pnpm turbo lint typecheck test`)
+- [ ] CI pipeline green after merge
+- [ ] Gitea issue closed
+- [ ] Docs updated for any API or schema changes
+
+---
+
+## Token Budget Estimate
+
+| Phase                        | Tasks  | Estimate  |
+| ---------------------------- | ------ | --------- |
+| Phase 0 — Backend Core       | 6      | ~105K     |
+| Phase 1 — Provider Interface | 6      | ~110K     |
+| Phase 2 — Mission Control UI | 9      | ~155K     |
+| Phase 3 — OpenClaw Adapter   | 4      | ~80K      |
+| Phase 4 — Verification       | 4      | ~28K      |
+| **Total**                    | **29** | **~478K** |
+
+Recommended split: Codex for UI (Phase 2) and routine API work. Sonnet for provider interface design and complex streaming logic.
+
+---
+
+## Security Considerations
+
+- All Mission Control endpoints require authenticated session + workspace membership
+- Barge-in rate-limited: 10 requests/minute per operator per session
+- Kill All requires explicit confirmation (UI + double-confirm pattern)
+- External provider credentials stored encrypted (AES-256-GCM via CryptoService)
+- Audit log is append-only; no delete endpoint
+- SSE streams authenticated via session cookie (no unauthenticated streams)
+- Operator actions tagged with userId for full traceability
+- `observer` role enforced at middleware level — cannot be bypassed by frontend
+
+---
+
+## Open Questions
+
+1. **Panel persistence:** Should the grid layout (which sessions are pinned as panels) be stored in DB per user or in localStorage? Recommend DB for cross-device consistency.
+2. **Message retention:** How long to keep `AgentConversationMessage` records? Suggest 30-day default with configurable workspace policy.
+3. **OpenClaw barge-in protocol:** Does OpenClaw's `sessions_send` API support injection mid-run, or does it queue behind the current turn? Needs verification against OpenClaw API before MS23-P3-001.
+4. **Subagent reporting:** Internal agents currently don't self-report a `parentAgentId` at spawn time. The orchestrator spawner needs to accept this field. Straightforward add to `SpawnAgentDto`.
+5. **SSE vs WebSocket for message streaming:** Current orchestrator uses SSE (one-way push). For barge-in confirmation/ack, SSE is sufficient (inject is a separate REST call). No need to upgrade to bidirectional WebSocket for Phase 0-2.
+
+6. **mosaic-queue Phase 3 timing:** mosaic-queue's coordinator integration phase is not yet scheduled. If it ships during MS23 development, the `taskSource` field in `AgentSessionTree` is the integration point — no schema migration required. The Mission Control roster can conditionally render task details from mosaic-queue when `taskSource === "mosaic-queue"` and the queue MCP/API is reachable.
+
+---
+
+## Success Criteria
+
+1. Operator can open Mission Control and see all running orchestrator sessions as live panels
+2. Each panel shows the agent's actual conversation messages in real time
+3. Operator can type into any panel and inject a message; it appears in the stream tagged `[OPERATOR]`
+4. Operator can pause, resume, gracefully terminate, or hard-kill any agent from the panel or roster
+5. Global Agent Roster shows the full parent → subagent tree across all providers
+6. Kill All button with confirmation terminates all active agents
+7. All operator actions appear in the Audit Log with full attribution
+8. OpenClaw sessions registered as an external provider appear in Mission Control alongside internal agents
+9. `observer` role users can see everything but cannot inject, pause, or kill
+10. All CI gates green, deployed to production
--- a/docs/PRD.md
+++ b/docs/PRD.md
@@ -1,566 +1,167 @@
-# PRD: Mosaic Stack Dashboard & Platform Implementation
+# PRD: MS22 Phase 2 — Named Agent Fleet

 ## Metadata

 - Owner: Jason Woltje
- Date: 2026-02-22
+- Date: 2026-03-04
 - Status: in-progress
- Best-Guess Mode: true
+- Mission: ms22-p2-named-agent-fleet-20260304
+- Design Doc: `docs/design/MS22-DB-CENTRIC-ARCHITECTURE.md`
+- Depends On: MS22 Phase 1 (DB-Centric Architecture) — COMPLETE
+
+---

 ## Problem Statement

-The Mosaic Stack web UI has a basic navigation and simple widget-based dashboard that doesn't match the production-ready design vision. The reference design (dashboard.html) defines a comprehensive command center UI with sidebar navigation, topbar, terminal panel, and multiple page layouts. The current implementation uses mismatched design tokens (raw Tailwind colors vs CSS variables), has no collapsible sidebar, no global terminal, and lacks the polished design system from the reference.
+Mosaic Stack has the infrastructure for per-user containers and a knowledge layer, but no predefined agent personalities. Users start with a blank slate. For Jason's personal use case, the system needs named agents — jarvis, builder, medic — with distinct roles, personalities, and tool access that can collaborate through the shared knowledge layer and respond in dedicated Discord channels.

-## Objectives
+Currently:

-1. Implement the dashboard.html reference design as the production UI foundation
-2. Establish a consistent CSS design token system that supports multiple themes
-3. Build a responsive, accessible app shell with collapsible sidebar and full-width header
-4. Create a theme system supporting installable theme packages
-5. Build all dashboard pages (Dashboard, Projects, Workspace, Kanban, Files, Logs, Settings, Profile)
-6. Implement real backend integration (no mock data)
-7. Support multi-tenant configuration with RBAC
-8. Implement federation (master-master and master-slave)
-9. Build global terminal, project chat, and master chat session
-10. Configure telemetry with opt-out support
+- No agent registry exists in the database
+- No per-agent model configuration is possible
+- Discord channels are not routed to specific agents
+- Chat routing is model-agnostic (no agent context)

-## Completed Work
-
-### MS15-DashboardShell (v0.0.15) — Complete
-
-Design system + app shell + dashboard page. PRs #451-454.
-
- CSS design token system (colors, fonts, spacing, radii)
- App shell layout: collapsible sidebar + full-width header + main content
- Sidebar navigation with groups, icons, badges, active states, collapse/expand
- Responsive layout with hamburger at small breakpoints
- Light/dark theme matching reference design
- Mosaic logo spinner as global loading indicator
- Shared component updates in packages/ui
- Dashboard page: metrics strip, orchestrator sessions, quick actions, activity feed, token budget
- Grain overlay texture
-
-### Go-Live MVP (v0.0.16) — Complete
-
-Dashboard polish, task ingestion pipeline, agent cycle visibility, deploy + smoke test. PRs #458, #460, #462, #464.
-
- Fixed broken test suites and removed legacy unused widgets
- Visual + theme polish across all components
- Dashboard summary API endpoint (aggregated task counts, project counts, activity, jobs)
- Dashboard widgets wired to real API data (ActivityFeed, DashboardMetrics, OrchestratorSessions)
- WebSocket emits for job status/progress/step events
- Dashboard auto-refresh with polling + progress bars + step status indicators
- Deployed to mosaic.woltje.com, auth working via Authentik
- Release tag v0.0.16
-
-### MS16+MS17-PagesDataIntegration (v0.0.17) — Complete
-
-All pages built + wired to real API data. PRs #470-484 (15 PRs). Issues #466-469.
-
- Custom 404 pages (global + authenticated route groups)
- Settings root page with 4 category cards
- Tasks, Calendar, Knowledge pages wired to real API (238+ lines mock data removed)
- Projects list page with create/delete dialogs
- Project Workspace page with tabbed view (Tasks, Agent Sessions, Settings)
- Kanban board with drag-and-drop (@hello-pangea/dnd), 5 status columns, optimistic updates
- File Manager page with list/grid views, search, create/delete
- Logs & Telemetry page with auto-refresh, expandable rows, filters
- Profile page with user info and preferences
- All 5125 tests passing, CI pipeline #585 green
- Deployed and smoke-tested at mosaic.woltje.com
-
-### MS18-ThemeWidgets (v0.0.18) — Complete
-
-Theme package system, widget registry, WYSIWYG editor, Kanban filtering. PRs #493-505. Issues #487-491.
-
- 5 built-in themes (Dark, Light, Nord, Dracula, Solarized) as TypeScript theme packages
- ThemeProvider with dynamic CSS variable application and instant switching
- Theme selection UI in Settings with live preview swatches
- Widget definition registry with configurable sizing and schemas
- WidgetGrid dashboard with drag-and-drop layout (react-grid-layout)
- Widget picker drawer for adding widgets from registry
- Per-widget configuration dialog driven by configSchema
- Layout save/load/rename/delete via UserLayout API
- Tiptap WYSIWYG editor for knowledge entries with toolbar
- Markdown round-trip (import/export)
- Kanban board filtering by project, assignee, priority, search with URL persistence
- 1,195 web tests, 3,243 API tests passing
-
-### MS19-ChatTerminal (v0.0.19) — Complete
-
-Real terminal with PTY backend, chat streaming, orchestrator integration. PRs #515-522. Issues #508-512.
-
- NestJS WebSocket gateway (/terminal namespace) with node-pty for real shell sessions
- Terminal session persistence in PostgreSQL (Prisma model: TerminalSession)
- xterm.js integration with FitAddon, WebLinksAddon, CSS variable theme support
- Multi-session terminal tabs: create/close/rename, tab switching, session recovery
- SSE chat streaming with token-by-token rendering, abort/cancel support
- Master chat polish: model selector dropdown, temperature/maxTokens config, ChatEmptyState
- Orchestrator command system: /status, /agents, /jobs, /pause, /resume, /help
- Agent output terminal: SSE streaming from orchestrator, lifecycle indicators, read-only view
- Command autocomplete with keyboard navigation in chat input
- 328 MS19-specific tests (268 web + 60 API), 4744 total passing
- Deployed and smoke-tested at mosaic.woltje.com (CI #635 green)
-
-### Bugfix: API Global Prefix (post-MS18) — Complete
-
-PR #507. Fixed systemic 404 on all data endpoints.
-
- Added `setGlobalPrefix("api")` to NestJS with exclusions for /health and /auth/\*
- Normalized 6 federation controllers to remove redundant api/ prefix
- Fixed rollup CVE (GHSA-mw96-cpmx-2vgc) via pnpm override
+---

 ## Scope

-### In Scope (MS16+MS17 — Pages & Data Integration)
+### In Scope

-This is the active mission scope. MS16 (Pages) and MS17 (Backend Integration) are combined because the backend API modules already exist — the work is primarily frontend page creation and API wiring.
+- `AgentTemplate` and `UserAgent` Prisma models
+- Admin CRUD endpoints for managing agent templates
+- User agent CRUD endpoints for personal agent instances
+- Agent chat proxy routing (select agent by name)
+- Discord channel → agent routing (#jarvis, #builder, #medic-alerts)
+- WebUI agent selector and agent detail view
+- Unit tests and E2E verification

-1. Projects list page with CRUD (wire to existing `/api/projects`)
-2. Project workspace/detail page (wire to `/api/projects/:id`, `/api/tasks`, `/api/runner-jobs`)
-3. Kanban board page with status-based columns (wire to existing `/api/tasks`)
-4. File Manager page with tree/list view and CRUD (wire to existing `/api/knowledge`)
-5. Logs & Telemetry page with log viewer and filtering (wire to `/api/runner-jobs`, job steps, events)
-6. Settings root/index page linking to existing subpages
-7. Custom 404 page for unknown routes
-8. Wire `/tasks` page to real API data (currently mock)
-9. Wire `/calendar` page to real API data (currently mock)
-10. Wire `/knowledge` pages to real API data (currently mock)
+### Non-Goals

-### In Scope (Future Milestones — Documented for Planning)
+- Matrix observation rooms
+- Cross-agent quality gates
+- Team/multi-user agent sharing
+- Agent-to-agent communication
+- Token metering per agent

-11. Theme system with installable theme packages (MS18)
-12. Widget system with installable widget packages, customizable sizes (MS18)
-13. Global terminal: project/orchestrator level, smart (MS19)
-14. Project-level orchestrator chat (MS19)
-15. Master chat session: collapsible sidebar/slideout, always available (MS19)
-16. Site stabilization: workspace context propagation for mutations (MS20)
-17. Site stabilization: personalities API + UI (MS20)
-18. Site stabilization: user preferences API endpoint (MS20)
-19. Site stabilization: orchestrator 502 and WebSocket connectivity (MS20)
-20. Site stabilization: credential management UI (MS20)
-21. Site stabilization: terminal page route (MS20)
-22. Site stabilization: favicon, dark mode dropdown fix (MS20)
-23. Settings page for ALL environment variables, dynamically configurable via webUI (MS21)
-24. Multi-tenant configuration with admin user management (MS21)
-25. Team management with shared data spaces and chat rooms (MS21)
-26. RBAC for file access, resources, models (MS21)
-27. Federation: master-master and master-slave with key exchange (MS22)
-28. Federation testing: 3 instances on Portainer (woltje.com domain) (MS22)
-29. Agent task mapping configuration: system-level defaults, user-level overrides (MS23)
-30. Telemetry: opt-out, customizable endpoint, sanitized data (MS23)
-31. File manager with WYSIWYG editing: system/user/project levels (MS18)
-32. User-level and project-level Kanban with filtering (MS18)
-33. Break-glass authentication user (MS20)
-34. Playwright E2E tests for all pages (MS23)
-35. API documentation via Swagger (MS23)
-36. Backend endpoints for all dashboard data (MS17 — already complete for existing modules)
-37. Profile page linked from user card (MS16)
+---

-### Out of Scope
+## User Stories

-1. Mobile native app
-2. Third-party marketplace for themes/widgets (initial implementation is local package management only)
-3. Mobile native app deployment targets
-4. Calendar system redesign (existing calendar implementation is retained)
+### US-001

-## User/Stakeholder Requirements
+As Jason, I can list my available agents in the WebUI so I know what's configured.

-1. The `jarvis` user must be able to log into mosaic.woltje.com via Authentik as administrator with access to all pages
-2. A standard `jarvis-user` must operate at a lower permission level
-3. A break-glass user must have access without Authentik authentication
-4. All pages must be navigable without errors (no 404s from sidebar links)
-5. Light and dark themes must work across all pages and components
-6. Sidebar must be collapsible with open/close button; hidden by default at small breakpoints
-7. Hamburger button visible at lower breakpoints for sidebar control
-8. The Mosaic Stack logo icon must be the site-wide loading spinner
-9. No mock data — all data pulled from backend APIs
+### US-002
+
+As Jason, I can select an agent and chat with it directly via WebUI.
+
+### US-003
+
+As Jason, I can send a message in #jarvis on Discord and Jarvis responds.
+
+### US-004
+
+As Jason, I can send a message in #builder on Discord and Builder responds.
+
+### US-005
+
+As Jason, I can send a message in #medic-alerts and Medic responds.
+
+### US-006
+
+As an admin, I can create, update, and delete agent templates.
+
+### US-007
+
+As Jason, I can customize an agent's personality without affecting the shared template.
+
+### US-008
+
+As Jason, I can see which agents are active vs inactive at a glance.
+
+---

 ## Functional Requirements

-### FR-001: Design Token System
+- FR-1: The system SHALL provide an `AgentTemplate` model with: name, displayName, role, personality, primaryModel, fallbackModels, toolPermissions, discordChannel, isActive, isDefault
+- FR-2: The system SHALL provide a `UserAgent` model that extends or customizes an AgentTemplate per user
+- FR-3: The system SHALL seed three default templates on startup: jarvis (orchestrator/opus), builder (coding/codex), medic (monitoring/haiku)
+- FR-4: Admin endpoints SHALL exist at `GET/POST/PATCH/DELETE /admin/agent-templates` protected by AdminGuard
+- FR-5: User agent endpoints SHALL exist at `GET/POST/PATCH/DELETE /agents` protected by AuthGuard
+- FR-6: Agent status endpoints SHALL return active/inactive state per agent for the authenticated user
+- FR-7: The chat proxy SHALL route messages to the correct agent based on agent name or ID in the request
+- FR-8: Incoming Discord messages in a configured channel SHALL be routed to the matching agent
+- FR-9: The WebUI SHALL display a list of available agents with role, model, and status
+- FR-10: The WebUI SHALL allow selecting an agent and opening a chat session with it

- CSS custom properties for all colors, spacing, typography, radii
- Dark theme as default (`:root`), light theme via `[data-theme="light"]`
- Fonts: Outfit (body), Fira Code (monospace)
- All components must use design tokens, never hardcoded colors
- **Status: COMPLETE (MS15)**
-
-### FR-002: App Shell Layout
-
- CSS Grid: sidebar column + header row + main content
- Full-width header spanning above sidebar and content
- ASSUMPTION: Header spans full width including above sidebar area. The logo is in the header, not the sidebar. Rationale: User explicitly stated "The logo will NOT be part of the sidebar."
- **Status: COMPLETE (MS15)**
-
-### FR-003: Sidebar Navigation
-
- Nav groups: Overview (Dashboard), Workspace (Projects, Project Workspace, Kanban, File Manager), Operations (Logs & Telemetry, Terminal), System (Settings)
- Collapsible: icon-only mode when collapsed
- Active state indicator (left border accent)
- User card in footer with avatar, name, role, online status
- ASSUMPTION: Sidebar footer user card navigates to Profile page. Rationale: Matches reference design behavior.
- **Status: COMPLETE (MS15+MS16) — Profile page added in PR #482.**
-
-### FR-004: Header/Topbar
-
- Logo + brand wordmark (left)
- Search bar with keyboard shortcut hint
- System status indicator
- Terminal toggle button
- Notification bell with badge
- Theme toggle (sun/moon icon)
- User avatar button with dropdown (Profile, Account Settings, Sign Out)
- **Status: COMPLETE (MS15)**
-
-### FR-005: Responsive Design
-
- Breakpoints: sm (640px), md (768px), lg (1024px), xl (1280px)
- Below md: sidebar hidden, hamburger button in header
- md-lg: sidebar can be toggled
- lg+: sidebar visible by default
- **Status: COMPLETE (MS15)**
-
-### FR-006: Dashboard Page
-
- 6-cell metrics strip with colored top borders and trend indicators
- Active Orchestrator Sessions card with agent nodes
- Quick Actions 2x2 grid
- Activity Feed sidebar card
- Token Budget sidebar card with progress bars
- Wired to real API via `/api/dashboard/summary`
- **Status: COMPLETE (Go-Live MVP)**
-
-### FR-007: Loading Spinner
-
- Mosaic logo icon (4 corner squares + center circle) with CSS rotation animation
- Used as global loading indicator across all pages
- Available as a shared component
- **Status: COMPLETE (MS15)**
-
-### FR-008: Projects Page (MS16)
-
- Projects list view with card or table layout
- Project creation dialog/form
- Project detail view (name, description, status, created/updated timestamps)
- Wire to existing `/api/projects` (full CRUD already implemented)
- Navigate from sidebar → /projects
- **Status: COMPLETE (MS16) — PR #477. Card layout, create/delete dialogs, status badges.**
-
-### FR-009: Project Workspace Page (MS16)
-
- Single-project view showing tasks, agent sessions, and project settings
- Task list for selected project
- Agent session history and status
- Wire to `/api/projects/:id`, `/api/tasks`, `/api/runner-jobs`
- Navigate from sidebar → /workspace (with project context)
- **Status: COMPLETE (MS16) — PR #479. Tabbed view (Tasks, Agent Sessions, Settings), project selector mode.**
-
-### FR-010: Kanban Board Page (MS16)
-
- Drag-and-drop board with columns mapped to task status values
- Task cards showing title, assignee, priority, status
- Column headers with task counts
- Wire to existing `/api/tasks` (status field drives columns)
- Navigate from sidebar → /kanban
- **Status: COMPLETE (MS16) — PR #478. 5 columns (NOT_STARTED→ARCHIVED), @hello-pangea/dnd, optimistic updates.**
-
-### FR-011: File Manager Page (MS16)
-
- Tree or list view of knowledge entries
- CRUD operations (create, read, update, delete)
- Search functionality
- Wire to existing `/api/knowledge` (full CRUD + search already implemented)
- Navigate from sidebar → /files
- **Status: COMPLETE (MS16) — PR #481. List+grid views, search, create/delete dialogs.**
-
-### FR-012: Logs & Telemetry Page (MS16)
-
- Log viewer with timestamp, level, source, message columns
- Filtering by level, source, date range
- Auto-refresh for live logs
- Wire to existing runner-jobs, job steps, and events APIs
- Navigate from sidebar → /logs
- **Status: COMPLETE (MS16) — PR #480. Auto-refresh (5s polling), expandable rows, filters.**
-
-### FR-013: Settings Root Page (MS16)
-
- Landing/index page for settings
- Category cards linking to existing subpages: Credentials, Domains, Personalities, Workspaces
- Navigate from sidebar → /settings (currently 404; subpages exist)
- **Status: COMPLETE (MS16) — PR #471. 4 category cards with icons and hover states.**
-
-### FR-014: Custom 404 Page (MS16)
-
- Branded 404 page matching design system
- Helpful message and navigation link back to dashboard
- Applied to all unmatched routes within authenticated layout
- **Status: COMPLETE (MS16) — PR #472. Global + authenticated route-group 404 pages.**
-
-### FR-015: Mock Data Elimination (MS16+MS17)
-
- `/tasks` page: replace mock data with `/api/tasks` calls
- `/calendar` page: replace mock data with `/api/events` calls
- `/knowledge` pages: replace mock data with `/api/knowledge` calls
- All pages must render real data from backend APIs
- **Status: COMPLETE (MS16+MS17) — PRs #473-#476. 238+ lines of mock data removed.**
-
-### FR-016: Theme System (MS18) — COMPLETE
-
- 5 built-in themes (Dark, Light, Nord, Dracula, Solarized) as TypeScript theme packages
- ThemeProvider loads themes dynamically, applies CSS variables, instant switching
- Theme selection UI in Settings with live preview swatches
- UserPreference.theme persists selection across sessions
- **Status: COMPLETE (MS18) — PRs #493-495**
-
-### FR-017: Terminal Panel (MS19) — COMPLETE
-
- Bottom drawer panel, toggleable from header and sidebar
- Real xterm.js terminal with PTY backend via WebSocket
- Multiple tabs: shell sessions, orchestrator agent output, build logs
- Terminal session persistence (create/close/rename tabs)
- Smart terminal operating at project/orchestrator level
- ASSUMPTION: Terminal backend uses node-pty for PTY management, communicating via WebSocket namespace (/terminal). Rationale: node-pty is the standard for Node.js terminal emulation, used by VS Code.
- ASSUMPTION: Terminal sessions are workspace-scoped and stored in PostgreSQL for recovery. Rationale: Consistent with existing workspace isolation pattern.
- **Status: COMPLETE (MS19) — PRs #515 (gateway), #517 (persistence), #518 (xterm.js), #520 (tabs), #522 (agent tabs). 60 API + 176 web tests.**
-
-### FR-018: Chat Streaming & Master Chat (MS19) — COMPLETE
-
- Complete SSE streaming for token-by-token chat rendering
- Master chat sidebar (ChatOverlay) polish: model selector, conversation search, keyboard shortcuts
- Chat persistence via Ideas API (already implemented)
- ASSUMPTION: Chat streaming uses existing SSE infrastructure in LLM controller. Frontend needs streamChatMessage() completion. Rationale: Backend SSE is already working, only frontend wiring is missing.
- **Status: COMPLETE (MS19) — PRs #516 (streaming), #519 (polish). Model selector, temperature/maxTokens config, ChatEmptyState, Cmd+N/L shortcuts. 78 web tests.**
-
-### FR-019: Project-Level Orchestrator Chat (MS19) — COMPLETE
-
- Chat context scoped to active project
- Can trigger orchestrator actions: spawn agent, check status, view jobs
- Command prefix system (/spawn, /status, /jobs) parsed in chat
- Agent output viewable in terminal tabs
- ASSUMPTION: Orchestrator commands route through existing web proxy (/api/orchestrator/\*) to orchestrator service. Rationale: Proxy routes already exist and handle auth.
- **Status: COMPLETE (MS19) — PRs #521 (commands), #522 (agent terminal). /status, /agents, /jobs, /pause, /resume, /help commands. Agent output streaming via SSE. 113 web tests.**
-
-### FR-020: Site Stabilization & Feature Gaps (MS20) — IN PROGRESS
-
-Runtime bugs and feature gaps discovered during live testing of mosaic.woltje.com.
-
-**Workspace Context Propagation:**
-
- Domains page: "Workspace ID is required" when creating domains
- Projects page: "Workspace ID is required" when creating projects
- Credentials page: unable to add credentials (button disabled, feature stub)
- ASSUMPTION: The `useWorkspaceId()` hook + auto-detect in `apiRequest` from PR #532 handles reads, but mutation endpoints on some pages don't pass workspace ID correctly. Rationale: GET requests work after PR #532 but POST/mutation requests still fail on domains and projects pages.
-
-**Missing API Endpoints:**
-
- `/api/personalities` — no controller/service exists; frontend expects GET/POST/PATCH/DELETE
- `/users/me/preferences` — listed in PRD API table but returns 404; frontend profile page depends on it
- ASSUMPTION: Personalities API follows existing NestJS module patterns (controller + service + DTO + Prisma model). Rationale: Consistent with all other API modules in the codebase.
- ASSUMPTION: User preferences endpoint is part of the existing users module but route is not registered. Rationale: PRD lists it as an existing endpoint.
-
-**Orchestrator Connectivity:**
-
- All orchestrator-proxied endpoints return HTTP 502
- Orchestrator WebSocket connection fails ("Reconnecting to server...")
- Dashboard widgets: Agent Status, Task Progress, Orchestrator Events all error
- ASSUMPTION: The orchestrator service container runs but the Next.js API proxy cannot reach it. Root cause is likely environment variable or network configuration in Docker Swarm. Rationale: The orchestrator container exists in the compose file and has Traefik labels.
-
-**UI/UX Issues:**
-
- Dark mode theming on Formality Level dropdown in Personalities page incorrect
- favicon.ico missing (404)
- Terminal sidebar link uses `#terminal` anchor instead of page route
- `useWorkspaceId` warning in console: no workspace ID in localStorage on fresh sessions
- ASSUMPTION: Terminal should have a dedicated page route `/terminal` that renders the terminal panel full-screen. Rationale: The sidebar has a Terminal link in the Operations section alongside Logs, implying it should be a navigable page.
-
-**Credential Management:**
-
- "Add Credential" button is `disabled` in code — feature was stubbed as "coming soon"
- Need to implement credential creation UI and wire to existing `/api/credentials` CRUD endpoints
- ASSUMPTION: Credential CRUD frontend can use the existing `/api/credentials` API which was built during M7-CredentialSecurity. Rationale: Backend endpoints exist per audit.
-
-### FR-021: Settings Configuration (Future — MS21)
-
- All environment variables configurable via UI
- Minimal launch env vars, rest configurable dynamically
- Settings stored in DB with RLS
- Theme selection, widget management, federation config, telemetry config
+---

 ## Non-Functional Requirements

-1. Security: All API endpoints require authentication. RBAC enforced. No PII in telemetry. Secrets never hardcoded.
-2. Performance: Dashboard loads in <2s. No layout shift during theme toggle. Sidebar toggle is instant (<100ms animation).
-3. Reliability: Break-glass auth ensures access when Authentik is down.
-4. Observability: Telemetry with opt-out support. Wide-event logging. Customizable telemetry endpoint.
+- All API endpoints must pass NestJS ValidationPipe (value imports for DTOs, not `import type`)
+- All new modules must be registered in `app.module.ts`
+- Prisma schema changes must include a migration file
+- Code must pass `pnpm turbo run lint typecheck build` before merge
+- Tests must pass `pnpm turbo run test` with no regressions
+- No direct pushes to main — PR + squash merge only
+
+---

 ## Acceptance Criteria

-### MS15-DashboardShell — COMPLETE
+- [ ] `AgentTemplate` and `UserAgent` tables exist in production DB after migration
+- [ ] `GET /admin/agent-templates` returns jarvis, builder, medic (seeded)
+- [ ] `POST /admin/agent-templates` creates a new template (admin only, 403 for non-admin)
+- [ ] `GET /agents` returns the authenticated user's agents
+- [ ] `POST /agents` creates a user agent from a template
+- [ ] `GET /agents/:id/chat` proxies to the correct agent
+- [ ] Discord message in #jarvis channel routes to jarvis agent and responds
+- [ ] Discord message in #builder channel routes to builder agent and responds
+- [ ] WebUI shows agent list with name, role, model, status
+- [ ] WebUI allows selecting an agent and sending a message
+- [ ] All CI checks green on main after final PR merge

-1. ~~Design tokens from dashboard.html are implemented in globals.css~~ DONE
-2. ~~App shell shows full-width header with logo, collapsible sidebar, main content area~~ DONE
-3. ~~Sidebar has all nav groups with icons, collapses to icon-only mode~~ DONE
-4. ~~Hamburger button appears at mobile breakpoints, sidebar hidden by default~~ DONE
-5. ~~Light/dark theme toggle works across all components~~ DONE
-6. ~~Mosaic logo spinner is used as site-wide loading indicator~~ DONE
-7. ~~Dashboard page shows metrics strip, orchestrator sessions, quick actions, activity feed, token budget~~ DONE
-8. ~~All shared components in packages/ui use design tokens (no hardcoded colors)~~ DONE
-9. ~~Lint, typecheck, and existing tests pass~~ DONE
-10. ~~Grain overlay texture from reference is applied~~ DONE
+---

-### Go-Live MVP (v0.0.16) — COMPLETE
+## Technical Considerations

-11. ~~Dashboard widgets wired to real API data~~ DONE
-12. ~~WebSocket emits for agent job lifecycle~~ DONE
-13. ~~Deployed to mosaic.woltje.com with auth working~~ DONE
+- DTOs must use value imports (never `import type`) for NestJS ValidationPipe compatibility — see MEMORY.md
+- `AgentTemplate.fallbackModels` and `toolPermissions` are stored as `Json` (Prisma) — treat as `string[]` in TypeScript
+- Discord routing requires mapping `discordChannel` string to a channel ID in OpenClaw config
+- Chat proxy must be stateless — agent selection passed per-request
+- Use `AdminGuard` from `src/auth/guards/admin.guard` for admin endpoints (existing pattern)
+- Use `AuthGuard` from `src/auth/guards/auth.guard` for user endpoints (existing pattern)

-### MS16+MS17 — Pages & Data Integration — COMPLETE
+---

-14. ~~All sidebar links navigate to functional pages (no 404s)~~ DONE
-15. ~~Projects page: list, create, view project details~~ DONE
-16. ~~Workspace page: view single project with tasks and agent sessions~~ DONE
-17. ~~Kanban page: drag-and-drop board with task status columns~~ DONE
-18. ~~File Manager page: tree/list view with CRUD operations~~ DONE
-19. ~~Logs page: log viewer with filtering and auto-refresh~~ DONE
-20. ~~Settings root page: category index linking to subpages~~ DONE
-21. ~~Custom 404 page for unknown routes~~ DONE
-22. ~~`/tasks` page uses real API data (no mock)~~ DONE
-23. ~~`/calendar` page uses real API data (no mock)~~ DONE
-24. ~~`/knowledge` pages use real API data (no mock)~~ DONE
-25. ~~All new pages support light/dark theme~~ DONE
-26. ~~All new pages are responsive (sm/md/lg/xl breakpoints)~~ DONE
-27. ~~Lint, typecheck, and tests pass~~ DONE
-28. ~~Deployed and smoke-tested at mosaic.woltje.com~~ DONE
+## Risks / Open Questions

-### MS18 — Theme & Widget System — COMPLETE
+| Risk                                                         | Likelihood | Mitigation                                        |
+| ------------------------------------------------------------ | ---------- | ------------------------------------------------- |
+| Discord channel ID mapping not yet configured in OpenClaw    | Medium     | Manual config step; document in MISSION-MANIFEST  |
+| Agent routing adds latency to chat proxy                     | Low        | Agent lookup is a single DB read; cache if needed |
+| `exactOptionalPropertyTypes` TS strictness on Prisma creates | Medium     | Use conditional spread for optional fields        |
+| Seed idempotency failure (duplicate name)                    | Low        | Use `upsert` — already implemented                |

-29. ~~5+ themes with live preview and instant switching~~ DONE
-30. ~~Theme selection UI in Settings with swatches~~ DONE
-31. ~~UserPreference.theme persists across sessions~~ DONE
-32. ~~WidgetGrid dashboard with drag/resize/add/remove~~ DONE
-33. ~~Widget picker UI from registry~~ DONE
-34. ~~Per-widget configuration dialog~~ DONE
-35. ~~Layout save/load/rename/delete via API~~ DONE
-36. ~~Tiptap WYSIWYG editor for knowledge entries~~ DONE
-37. ~~Markdown round-trip (import/export)~~ DONE
-38. ~~Kanban filtering by project, assignee, priority, search~~ DONE
-39. ~~All features support all themes~~ DONE
-40. ~~Lint, typecheck, tests pass~~ DONE
+---

-### MS19 — Chat & Terminal — COMPLETE
+## Success Metrics / Testing

-41. ~~Terminal panel has real xterm.js with PTY backend~~ DONE — PR #518
-42. ~~Terminal supports multiple named sessions (tabs)~~ DONE — PR #520
-43. ~~Terminal sessions persist and recover on reconnect~~ DONE — PR #517
-44. ~~Chat streaming renders tokens in real-time (SSE)~~ DONE — PR #516
-45. ~~Master chat sidebar accessible from any page (Cmd+Shift+J)~~ DONE — PR #519
-46. ~~Master chat supports model selection and conversation management~~ DONE — PR #519
-47. ~~Project-level chat can trigger orchestrator actions~~ DONE — PR #521
-48. ~~Agent output viewable in terminal tabs~~ DONE — PR #522
-49. ~~All features support all themes~~ DONE — CSS variables throughout
-50. ~~Lint, typecheck, tests pass~~ DONE — 1441 web + 3303 API = 4744 total
-51. ~~Deployed and smoke-tested~~ DONE — CI #635 green, web deployed to mosaic.woltje.com
+- Unit tests cover: AgentTemplateService CRUD, UserAgentService CRUD, chat routing logic
+- E2E test: send Discord message in #jarvis → verify response comes from jarvis agent
+- Manual smoke test: WebUI agent selector loads, chat works with selected agent
+- CI pipeline green on all three apps (api, web, orchestrator)

-### Full Project (All Milestones)
+---

-52. jarvis user logs in via Authentik, has admin access to all pages
-53. jarvis-user has standard access at lower permission level
-54. Break-glass user has access without Authentik
-55. Three Mosaic Stack instances on Portainer with federation testing
-56. Playwright tests confirm all pages, functions, theming work
-57. No errors during site navigation
-58. API documented via Swagger with proper auth gating
-59. Telemetry working locally with wide-event logging
-60. Mosaic Telemetry properly reporting to telemetry endpoint
+## Milestones / Delivery

-## Constraints and Dependencies
-
-1. Next.js 16 with App Router — all pages use server/client component patterns
-2. Tailwind CSS 3.4 — design tokens must integrate with Tailwind's utility class system
-3. BetterAuth for authentication — must maintain existing auth flow
-4. Authentik as IdP at auth.diversecanvas.com — must remain operational
-5. PostgreSQL 17 with Prisma — all settings stored in DB
-6. Portainer for deployment — 3 instances needed for federation testing
-7. packages/ui is shared across apps — changes affect all consumers
-8. Backend API modules already exist for all page data needs — no new API endpoints required for MS16+MS17 scope
-
-## Risks and Open Questions
-
-1. **Risk**: Pages need to match the design system established in MS15. Inconsistency would degrade UX. Mitigation: Use existing design tokens and shared components exclusively. **RESOLVED** — All MS16+MS17 pages use design tokens consistently.
-2. **Risk**: Kanban drag-and-drop adds complexity and potential for state bugs. Mitigation: Use a proven DnD library. **RESOLVED** — @hello-pangea/dnd selected (maintained fork of react-beautiful-dnd, better TS support). Optimistic updates with rollback on failure.
-3. **Risk**: Mock data elimination may reveal backend API gaps or mismatches. Mitigation: Audit each API response shape against page needs during implementation. **RESOLVED** — All 3 mock-data pages wired successfully. No API gaps found.
-4. ~~**Open**: Exact task status values for Kanban columns~~ **RESOLVED** — TaskStatus enum: NOT_STARTED, IN_PROGRESS, PAUSED, COMPLETED, ARCHIVED (5 columns).
-5. ~~**Open**: Whether Workspace page should require project selection or show a default view~~ **RESOLVED** — Shows project selector when no project param, workspace detail when ?project=id.
-6. ~~**Open**: File Manager page — should it be a direct mapping of Knowledge entries or a separate file abstraction?~~ **RESOLVED** — Direct mapping to Knowledge entries via /api/knowledge. API shape matches file manager needs.
-
-## Existing Backend API Modules (Reference)
-
-These 19 NestJS modules are already implemented with Prisma and available for frontend wiring:
-
-| Module             | Endpoint                       | Capabilities          |
-| ------------------ | ------------------------------ | --------------------- |
-| Projects           | `/api/projects`                | Full CRUD             |
-| Tasks              | `/api/tasks`                   | Full CRUD             |
-| Layouts            | `/api/layouts`                 | Widget placement      |
-| Widgets            | `/api/widgets`                 | Data endpoints        |
-| Activity           | `/api/activity`                | Audit logs            |
-| Dashboard          | `/api/dashboard/summary`       | Aggregated summary    |
-| Knowledge          | `/api/knowledge`               | Full CRUD + search    |
-| Ideas              | `/api/ideas`                   | Capture/CRUD          |
-| Domains            | `/api/domains`                 | CRUD                  |
-| Events             | `/api/events`                  | CRUD                  |
-| Preferences        | `/api/users/me/preferences`    | User settings         |
-| Workspace Settings | `/api/workspaces/:id/settings` | LLM config            |
-| Runner Jobs        | `/api/runner-jobs`             | Job management        |
-| Job Steps          | `/api/runner-jobs/:id/steps`   | Step tracking         |
-| Agent Tasks        | `/api/agent-tasks`             | Agent task management |
-| Credentials        | `/api/credentials`             | Encrypted storage     |
-| Brain/AI           | `/api/brain`                   | Query/search          |
-| WebSocket          | Real-time                      | Event broadcasting    |
-| LLM                | `/api/llm/chat`                | Chat + SSE streaming  |
-| Orchestrator Proxy | `/api/orchestrator/*`          | Agent mgmt proxy      |
-| Telemetry          | Internal                       | Logging/monitoring    |
-
-## Testing and Verification
-
-1. Baseline: `pnpm lint && pnpm build` must pass
-2. Situational: All sidebar links navigate without 404
-3. Situational: Each new page renders with real API data
-4. Situational: Theme toggle on each new page
-5. Situational: Responsive verification at sm/md/lg/xl
-6. E2E: Playwright tests for all page navigation (MS23)
-7. E2E: Auth flow with Authentik (MS23)
-8. Federation: Master-master and master-slave data access tests (MS21)
-
-## Delivery/Milestone Intent
-
-| Milestone                      | Version | Focus                                                             | Status      |
-| ------------------------------ | ------- | ----------------------------------------------------------------- | ----------- |
-| MS15-DashboardShell            | 0.0.15  | Design system + app shell + dashboard page                        | COMPLETE    |
-| Go-Live MVP                    | 0.0.16  | Dashboard polish, ingestion, agent visibility, deploy             | COMPLETE    |
-| MS16+MS17-PagesDataIntegration | 0.0.17  | All pages built + wired to real API data                          | COMPLETE    |
-| MS18-ThemeWidgets              | 0.0.18  | Theme package system, widget registry, WYSIWYG, Kanban filtering  | COMPLETE    |
-| MS19-ChatTerminal              | 0.0.19  | Global terminal, project chat, master chat session                | COMPLETE    |
-| MS20-SiteStabilization         | 0.0.20  | Runtime bug fixes, missing endpoints, orchestrator connectivity   | IN PROGRESS |
-| MS21-MultiTenant               | 0.0.21  | Multi-tenant, teams, RBAC, RLS enforcement, break-glass auth      | NOT STARTED |
-| MS22-Federation                | 0.0.22  | Federation (M-M, M-S), 3 instances, key exchange, data separation | NOT STARTED |
-| MS23-AgentTelemetry            | 0.0.23  | Agent task mapping, telemetry, wide-event logging                 | NOT STARTED |
-| MS24-Testing                   | 0.0.24  | Playwright E2E, federation tests, documentation finalization      | NOT STARTED |
-
-## Assumptions
-
-1. ASSUMPTION: Header spans full width including above sidebar area. The logo is in the header, not the sidebar. Rationale: User explicitly stated "The logo will NOT be part of the sidebar."
-2. ASSUMPTION: Sidebar footer user card navigates to Profile page. Rationale: Matches reference design behavior.
-3. ASSUMPTION: Initial implementation supports dark/light from reference design. Multi-theme package system is a future milestone. Rationale: Foundation must be solid before extensibility.
-4. ASSUMPTION: MS16 and MS17 are combined into a single mission because 19 backend API modules already exist with real Prisma business logic. The remaining work is primarily frontend page creation and API wiring. Rationale: Backend audit on 2026-02-22 confirmed all required endpoints are implemented.
-5. ASSUMPTION: File Manager page maps to Knowledge entries rather than a separate file system abstraction. Rationale: `/api/knowledge` provides full CRUD + search which matches file manager needs. Can be extended later if needed.
-6. ASSUMPTION: Theme packages are code-level TypeScript files (not runtime-installable npm packages). Each theme exports CSS variable overrides. Rationale: Keeps the system simple for MS18; runtime package loading can be added in a future milestone.
-7. ASSUMPTION: WYSIWYG editor uses Tiptap (ProseMirror-based, headless). Rationale: Headless approach integrates naturally with the CSS variable design system, excellent markdown import/export, TypeScript-first, battle-tested.
-8. ASSUMPTION: MS18 includes WYSIWYG editing for knowledge entries and Kanban filtering enhancements in addition to themes and widgets. These were originally listed separately but are grouped into MS18 per PRD scope items 24-25. Rationale: All are frontend-focused enhancements that build on the existing page infrastructure.
-9. ASSUMPTION: The `useWorkspaceId()` hook + auto-detect in `apiRequest` from PR #532 handles reads, but mutation endpoints on some pages don't pass workspace ID correctly. Rationale: GET requests work after PR #532 but POST/mutation requests still fail on domains and projects pages.
-10. ASSUMPTION: Personalities API follows existing NestJS module patterns (controller + service + DTO + Prisma model). Rationale: Consistent with all other API modules in the codebase.
-11. ASSUMPTION: User preferences endpoint is part of the existing users module but route is not registered. Rationale: PRD lists it as an existing endpoint.
-12. ASSUMPTION: The orchestrator service container runs but the Next.js API proxy cannot reach it. Root cause is likely environment variable or network configuration in Docker Swarm. Rationale: The orchestrator container exists in the compose file and has Traefik labels.
-13. ASSUMPTION: Terminal should have a dedicated page route `/terminal` that renders the terminal panel full-screen. Rationale: The sidebar has a Terminal link in the Operations section alongside Logs, implying it should be a navigable page.
-14. ASSUMPTION: Credential CRUD frontend can use the existing `/api/credentials` API which was built during M7-CredentialSecurity. Rationale: Backend endpoints exist per audit.
+| Milestone         | Tasks          | Status                  | Target     |
+| ----------------- | -------------- | ----------------------- | ---------- |
+| M1: Schema + Seed | P2-001, P2-002 | ✅ done (PR #675, #677) | 2026-03-04 |
+| M2: Admin CRUD    | P2-003         | ✅ done (PR #678)       | 2026-03-04 |
+| M3: User CRUD     | P2-004         | ⬜ next                 | 2026-03-05 |
+| M4: Agent Routing | P2-005, P2-006 | ⬜ pending              | 2026-03-05 |
+| M5: Discord + UI  | P2-007, P2-008 | ⬜ pending              | 2026-03-06 |
+| M6: Verification  | P2-009, P2-010 | ⬜ pending              | 2026-03-06 |
--- a/docs/TASKS.md
+++ b/docs/TASKS.md
@@ -94,15 +94,92 @@ Design doc: `docs/design/MS22-DB-CENTRIC-ARCHITECTURE.md`

 PRD: `docs/PRD-MS22-P2-AGENT-FLEET.md`

-| Task ID     | Status      | Phase    | Description                                  | Issue    | Scope | Branch                      | Depends On    | Blocks        | Assigned Worker | Started | Completed | Est Tokens | Act Tokens | Notes |
-| ----------- | ----------- | -------- | -------------------------------------------- | -------- | ----- | --------------------------- | ------------- | ------------- | --------------- | ------- | --------- | ---------- | ---------- | ----- |
-| MS22-P2-001 | not-started | p2-fleet | Prisma schema: AgentTemplate, UserAgent      | TASKS:P2 | api   | feat/ms22-p2-agent-schema   | MS22-P1a      | P2-002,P2-003 | —               | —       | —         | 10K        | —          |       |
-| MS22-P2-002 | not-started | p2-fleet | Seed default agents (jarvis, builder, medic) | TASKS:P2 | api   | feat/ms22-p2-agent-seed     | P2-001        | P2-004        | —               | —       | —         | 5K         | —          |       |
-| MS22-P2-003 | not-started | p2-fleet | Agent template CRUD endpoints (admin)        | TASKS:P2 | api   | feat/ms22-p2-agent-api      | P2-001        | P2-005        | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-004 | not-started | p2-fleet | User agent CRUD endpoints                    | TASKS:P2 | api   | feat/ms22-p2-agent-api      | P2-002,P2-003 | P2-006        | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-005 | not-started | p2-fleet | Agent status endpoints                       | TASKS:P2 | api   | feat/ms22-p2-agent-api      | P2-003        | P2-008        | —               | —       | —         | 10K        | —          |       |
-| MS22-P2-006 | not-started | p2-fleet | Agent chat routing (select agent by name)    | TASKS:P2 | api   | feat/ms22-p2-agent-routing  | P2-004        | P2-007        | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-007 | not-started | p2-fleet | Discord channel → agent routing              | TASKS:P2 | api   | feat/ms22-p2-discord-router | P2-006        | P2-009        | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-008 | not-started | p2-fleet | Agent list/selector UI in WebUI              | TASKS:P2 | web   | feat/ms22-p2-agent-ui       | P2-005        | —             | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-009 | not-started | p2-fleet | Unit tests for agent services                | TASKS:P2 | api   | test/ms22-p2-agent-tests    | P2-007        | P2-010        | —               | —       | —         | 15K        | —          |       |
-| MS22-P2-010 | not-started | p2-fleet | E2E verification: Discord → agent → response | TASKS:P2 | stack | —                           | P2-009        | —             | —               | —       | —         | 10K        | —          |       |
+| Task ID     | Status | Phase    | Description                                  | Issue    | Scope | Branch                      | Depends On    | Blocks        | Assigned Worker | Started    | Completed  | Est Tokens | Act Tokens | Notes           |
+| ----------- | ------ | -------- | -------------------------------------------- | -------- | ----- | --------------------------- | ------------- | ------------- | --------------- | ---------- | ---------- | ---------- | ---------- | --------------- |
+| MS22-P2-001 | done   | p2-fleet | Prisma schema: AgentTemplate, UserAgent      | TASKS:P2 | api   | feat/ms22-p2-agent-schema   | MS22-P1a      | P2-002,P2-003 | orchestrator    | 2026-03-04 | 2026-03-04 | 10K        | 3K         | PR #675 merged  |
+| MS22-P2-002 | done   | p2-fleet | Seed default agents (jarvis, builder, medic) | TASKS:P2 | api   | feat/ms22-p2-agent-seed     | P2-001        | P2-004        | orchestrator    | 2026-03-04 | 2026-03-04 | 5K         | 2K         | PR #677 merged  |
+| MS22-P2-003 | done   | p2-fleet | Agent template CRUD endpoints (admin)        | TASKS:P2 | api   | feat/ms22-p2-agent-crud     | P2-001        | P2-005        | orchestrator    | 2026-03-04 | 2026-03-04 | 15K        | 5K         | PR #678 merged  |
+| MS22-P2-004 | done   | p2-fleet | User agent CRUD endpoints                    | TASKS:P2 | api   | feat/ms22-p2-user-agents    | P2-002,P2-003 | P2-006        | orchestrator    | 2026-03-04 | 2026-03-04 | 15K        | 8K         | PR #682 merged  |
+| MS22-P2-005 | done   | p2-fleet | Agent status endpoints                       | TASKS:P2 | api   | feat/ms22-p2-agent-routing  | P2-003        | P2-008        | orchestrator    | 2026-03-04 | 2026-03-04 | 10K        | 5K         | PR #684 merged  |
+| MS22-P2-006 | done   | p2-fleet | Agent chat routing (select agent by name)    | TASKS:P2 | api   | feat/ms22-p2-agent-routing  | P2-004        | P2-007        | orchestrator    | 2026-03-04 | 2026-03-04 | 15K        | 5K         | PR #684 merged  |
+| MS22-P2-007 | done   | p2-fleet | Discord channel → agent routing              | TASKS:P2 | api   | feat/ms22-p2-discord-router | P2-006        | P2-010        | orchestrator    | 2026-03-05 | 2026-03-05 | 15K        | 8K         | PR #688         |
+| MS22-P2-008 | done   | p2-fleet | Agent list/selector UI in WebUI              | TASKS:P2 | web   | feat/ms22-p2-agent-ui       | P2-005        | —             | orchestrator    | 2026-03-04 | 2026-03-04 | 15K        | 8K         | PR #685 merged  |
+| MS22-P2-009 | done   | p2-fleet | Unit tests for agent services                | TASKS:P2 | api   | test/ms22-p2-agent-tests    | P2-006        | P2-010        | orchestrator    | 2026-03-04 | 2026-03-05 | 15K        | 8K         | PR #687 merged  |
+| MS22-P2-010 | done   | p2-fleet | E2E verification: Discord → agent → response | TASKS:P2 | stack | —                           | P2-009        | —             | orchestrator    | 2026-03-05 | 2026-03-05 | 10K        | 5K         | All gates green |
+
+---
+
+## MS23 — Mission Control Dashboard & Agent Provider Interface
+
+PRD: `docs/PRD-MS23-mission-control.md`
+Milestone: `0.0.23`
+Target version: `v0.0.23`
+
+> Single-writer: orchestrator (Jarvis/OpenClaw) only. Workers read but never modify.
+
+### Phase 0 — Backend Core (Foundation)
+
+| id          | status      | milestone     | description                                                                                      | issue | repo         | branch                 | depends_on                                      | blocks                                                      | agent | started_at | completed_at | estimate | used | notes                                         |
+| ----------- | ----------- | ------------- | ------------------------------------------------------------------------------------------------ | ----- | ------------ | ---------------------- | ----------------------------------------------- | ----------------------------------------------------------- | ----- | ---------- | ------------ | -------- | ---- | --------------------------------------------- |
+| MS23-P0-001 | done        | p0-foundation | Prisma schema: AgentConversationMessage, AgentSessionTree, AgentProviderConfig, OperatorAuditLog | #693  | api          | feat/ms23-p0-schema    | —                                               | MS23-P0-002,MS23-P0-003,MS23-P0-004,MS23-P0-005,MS23-P1-001 | codex | 2026-03-06 | 2026-03-06   | 15K      | —    | taskSource field per mosaic-queue note in PRD |
+| MS23-P0-002 | done        | p0-foundation | Agent message ingestion: wire spawner/lifecycle to write messages to DB                          | #693  | orchestrator | feat/ms23-p0-ingestion | MS23-P0-001                                     | MS23-P0-006                                                 | codex | 2026-03-06 | 2026-03-07      | 20K      | —    |                                               |
+| MS23-P0-003 | done        | p0-foundation | Orchestrator API: GET /agents/:id/messages + SSE stream endpoint                                 | #693  | orchestrator | feat/ms23-p0-stream    | MS23-P0-001                                     | MS23-P0-006                                                 | codex | 2026-03-06 | 2026-03-07      | 20K      | —    |                                               |
+| MS23-P0-004 | done        | p0-foundation | Orchestrator API: POST /agents/:id/inject + pause/resume endpoints                               | #693  | orchestrator | feat/ms23-p0-controls  | MS23-P0-001                                     | MS23-P0-006                                                 | codex | 2026-03-07 | 2026-03-07 | 15K      | —    |                                               |
+| MS23-P0-005 | done        | p0-foundation | Subagent tree: parentAgentId on spawn registration + GET /agents/tree                            | #693  | orchestrator | feat/ms23-p0-tree      | MS23-P0-001                                     | MS23-P0-006                                                 | —     | —          | —            | 15K      | —    |                                               |
+| MS23-P0-006 | done        | p0-foundation | Unit + integration tests for all P0 orchestrator endpoints                                       | #693  | orchestrator | test/ms23-p0           | MS23-P0-002,MS23-P0-003,MS23-P0-004,MS23-P0-005 | MS23-P1-001                                                 | codex | 2026-03-07 | 2026-03-07 | 20K      | —    | Phase 0 gate: SSE stream verified via curl    |
+
+### Phase 1 — Provider Interface (Plugin Architecture)
+
+| id          | status      | milestone   | description                                                                         | issue | repo   | branch                         | depends_on                          | blocks                  | agent | started_at | completed_at | estimate | used | notes                                                              |
+| ----------- | ----------- | ----------- | ----------------------------------------------------------------------------------- | ----- | ------ | ------------------------------ | ----------------------------------- | ----------------------- | ----- | ---------- | ------------ | -------- | ---- | ------------------------------------------------------------------ |
+| MS23-P1-001 | not-started | p1-provider | IAgentProvider interface + AgentSession/AgentMessage types in packages/shared       | #694  | shared | feat/ms23-p1-interface         | MS23-P0-001,MS23-P0-006             | MS23-P1-002,MS23-P1-003 | —     | —          | —            | 10K      | —    |                                                                    |
+| MS23-P1-002 | not-started | p1-provider | InternalAgentProvider: wrap existing orchestrator services behind IAgentProvider    | #694  | api    | feat/ms23-p1-internal-provider | MS23-P1-001                         | MS23-P1-003,MS23-P1-006 | —     | —          | —            | 20K      | —    |                                                                    |
+| MS23-P1-003 | not-started | p1-provider | AgentProviderRegistry: register/retrieve providers, aggregate listSessions          | #694  | api    | feat/ms23-p1-registry          | MS23-P1-001,MS23-P1-002             | MS23-P1-004,MS23-P1-005 | —     | —          | —            | 15K      | —    |                                                                    |
+| MS23-P1-004 | not-started | p1-provider | AgentProviderConfig CRUD API (/api/agent-providers)                                 | #694  | api    | feat/ms23-p1-provider-api      | MS23-P1-003                         | MS23-P1-006             | —     | —          | —            | 15K      | —    |                                                                    |
+| MS23-P1-005 | not-started | p1-provider | Mission Control proxy API (/api/mission-control/\*): SSE proxying, audit log writes | #694  | api    | feat/ms23-p1-proxy             | MS23-P1-003                         | MS23-P1-006,MS23-P2-001 | —     | —          | —            | 30K      | —    | Aggregates all providers; most complex P1 task                     |
+| MS23-P1-006 | not-started | p1-provider | Unit tests: registry, proxy service, internal provider                              | #694  | api    | test/ms23-p1                   | MS23-P1-002,MS23-P1-004,MS23-P1-005 | MS23-P2-001             | —     | —          | —            | 20K      | —    | Phase 1 gate: unified /sessions returns internal provider sessions |
+
+### Phase 2 — Mission Control UI
+
+| id          | status      | milestone | description                                                                         | issue | repo | branch                | depends_on                                                              | blocks                  | agent | started_at | completed_at | estimate | used | notes                                 |
+| ----------- | ----------- | --------- | ----------------------------------------------------------------------------------- | ----- | ---- | --------------------- | ----------------------------------------------------------------------- | ----------------------- | ----- | ---------- | ------------ | -------- | ---- | ------------------------------------- |
+| MS23-P2-001 | not-started | p2-ui     | /mission-control page route + layout shell (sidebar + panel grid)                   | #695  | web  | feat/ms23-p2-page     | MS23-P1-005,MS23-P1-006                                                 | MS23-P2-002,MS23-P2-005 | —     | —          | —            | 10K      | —    |                                       |
+| MS23-P2-002 | not-started | p2-ui     | OrchestratorPanel component: SSE message stream, chat display, role-tagged messages | #695  | web  | feat/ms23-p2-panel    | MS23-P2-001                                                             | MS23-P2-003,MS23-P2-004 | —     | —          | —            | 25K      | —    |                                       |
+| MS23-P2-003 | not-started | p2-ui     | BargeInInput component: inject message, pause-before-send checkbox                  | #695  | web  | feat/ms23-p2-barge    | MS23-P2-002                                                             | MS23-P2-009             | —     | —          | —            | 15K      | —    |                                       |
+| MS23-P2-004 | not-started | p2-ui     | Panel operator controls: pause, resume, graceful kill, hard kill buttons            | #695  | web  | feat/ms23-p2-controls | MS23-P2-002                                                             | MS23-P2-009             | —     | —          | —            | 15K      | —    |                                       |
+| MS23-P2-005 | not-started | p2-ui     | GlobalAgentRoster sidebar: tree view, per-agent kill buttons                        | #695  | web  | feat/ms23-p2-roster   | MS23-P2-001                                                             | MS23-P2-006,MS23-P2-009 | —     | —          | —            | 20K      | —    |                                       |
+| MS23-P2-006 | not-started | p2-ui     | KillAllDialog: confirmation modal with scope selector (internal / all providers)    | #695  | web  | feat/ms23-p2-killall  | MS23-P2-005                                                             | MS23-P2-009             | —     | —          | —            | 10K      | —    | Requires typing "KILL ALL" to confirm |
+| MS23-P2-007 | not-started | p2-ui     | AuditLogDrawer: paginated audit history slide-in drawer                             | #695  | web  | feat/ms23-p2-audit    | MS23-P2-001                                                             | MS23-P2-009             | —     | —          | —            | 15K      | —    |                                       |
+| MS23-P2-008 | not-started | p2-ui     | Panel grid: responsive layout, add/remove panels, full-screen expand                | #695  | web  | feat/ms23-p2-grid     | MS23-P2-002                                                             | MS23-P2-009             | —     | —          | —            | 20K      | —    |                                       |
+| MS23-P2-009 | not-started | p2-ui     | Frontend tests: vitest unit + Playwright E2E for mission control page               | #695  | web  | test/ms23-p2          | MS23-P2-003,MS23-P2-004,MS23-P2-005,MS23-P2-006,MS23-P2-007,MS23-P2-008 | MS23-P3-001             | —     | —          | —            | 25K      | —    | Phase 2 gate                          |
+
+### Phase 3 — OpenClaw Provider Adapter
+
+| id          | status      | milestone   | description                                                                      | issue | repo    | branch                         | depends_on  | blocks      | agent | started_at | completed_at | estimate | used | notes                                               |
+| ----------- | ----------- | ----------- | -------------------------------------------------------------------------------- | ----- | ------- | ------------------------------ | ----------- | ----------- | ----- | ---------- | ------------ | -------- | ---- | --------------------------------------------------- |
+| MS23-P3-001 | not-started | p3-openclaw | OpenClawProvider: implement IAgentProvider against OpenClaw REST API             | #696  | api     | feat/ms23-p3-openclaw-provider | MS23-P2-009 | MS23-P3-002 | —     | —          | —            | 25K      | —    | Verify barge-in protocol (see PRD open question #3) |
+| MS23-P3-002 | not-started | p3-openclaw | OpenClaw session polling / SSE bridge: translate OpenClaw events to AgentMessage | #696  | api     | feat/ms23-p3-openclaw-bridge   | MS23-P3-001 | MS23-P3-003 | —     | —          | —            | 20K      | —    |                                                     |
+| MS23-P3-003 | not-started | p3-openclaw | Provider config UI: register OpenClaw gateway (URL + API token) in Settings      | #696  | web     | feat/ms23-p3-config-ui         | MS23-P3-002 | MS23-P3-004 | —     | —          | —            | 15K      | —    |                                                     |
+| MS23-P3-004 | not-started | p3-openclaw | E2E test: OpenClaw provider registered → sessions appear in Mission Control      | #696  | api+web | test/ms23-p3                   | MS23-P3-003 | MS23-P4-001 | —     | —          | —            | 20K      | —    | Phase 3 gate                                        |
+
+### Phase 4 — Verification & Release
+
+| id          | status      | milestone  | description                                                                             | issue | repo  | branch | depends_on  | blocks      | agent | started_at | completed_at | estimate | used | notes |
+| ----------- | ----------- | ---------- | --------------------------------------------------------------------------------------- | ----- | ----- | ------ | ----------- | ----------- | ----- | ---------- | ------------ | -------- | ---- | ----- |
+| MS23-P4-001 | not-started | p4-release | Full QA: pnpm turbo lint typecheck test — all green                                     | #697  | stack | —      | MS23-P3-004 | MS23-P4-002 | —     | —          | —            | 10K      | —    |       |
+| MS23-P4-002 | not-started | p4-release | Security review: auth on all new endpoints, audit log integrity, barge-in rate limiting | #697  | api   | —      | MS23-P4-001 | MS23-P4-003 | —     | —          | —            | 10K      | —    |       |
+| MS23-P4-003 | not-started | p4-release | Deploy to production (mosaic.woltje.com), smoke test with live agents                   | #697  | stack | —      | MS23-P4-002 | MS23-P4-004 | —     | —          | —            | 5K       | —    |       |
+| MS23-P4-004 | not-started | p4-release | Update ROADMAP.md + CHANGELOG.md, tag v0.0.23                                           | #697  | stack | —      | MS23-P4-003 | —           | —     | —          | —            | 3K       | —    |       |
+
+### MS23 Budget Summary
+
+| Phase                        | Tasks  | Estimate  |
+| ---------------------------- | ------ | --------- |
+| Phase 0 — Backend Core       | 6      | ~105K     |
+| Phase 1 — Provider Interface | 6      | ~110K     |
+| Phase 2 — Mission Control UI | 9      | ~155K     |
+| Phase 3 — OpenClaw Adapter   | 4      | ~80K      |
+| Phase 4 — Verification       | 4      | ~28K      |
+| **Total**                    | **29** | **~478K** |
+
+Recommended dispatch: Codex for Phase 2 UI + routine API tasks; Sonnet for complex streaming logic (P0-003, P1-005, P3-002).
--- a/docs/scratchpads/ms22-p2-named-agent-fleet-20260304.md
+++ b/docs/scratchpads/ms22-p2-named-agent-fleet-20260304.md
@@ -0,0 +1,38 @@
+# Mission Scratchpad — MS22-P2 Named Agent Fleet
+
+> Append-only log. NEVER delete entries. NEVER overwrite sections.
+> This is the orchestrator's working memory across sessions.
+
+## Original Mission Prompt
+
+```
+(Paste the mission prompt here on first session)
+```
+
+## Planning Decisions
+
+## Session Log
+
+| Session | Date       | Milestone | Tasks Done             | Outcome                                                                                       |
+| ------- | ---------- | --------- | ---------------------- | --------------------------------------------------------------------------------------------- |
+| 5       | 2026-03-05 | M6        | P2-010 done            | E2E verification: 3547 tests pass, all CI gates green. Mission complete.                      |
+| 4       | 2026-03-05 | M5+M6     | P2-007 done            | Discord channel→agent routing. Fixed lint/type errors. PR #688 merged. 9/10 tasks done.       |
+| 3       | 2026-03-05 | M4+M5     | P2-008 done            | Fixed corrupted AgentSelector.tsx, integrated into Chat.tsx. PR #685 merged. 8/10 tasks done. |
+| 2       | 2026-03-04 | M1+M2+M3  | P2-004 done            | Fixed CI security audit, merged PRs #681, #678, #682. Milestones 1-3 complete.                |
+| 1       | 2026-03-04 | M1+M2     | P2-001, P2-002, P2-003 | Schema, seed, and Admin CRUD complete                                                         |
+
+## Mission Complete
+
+All 10 tasks completed. Success criteria verified:
+
+1. ✅ AgentTemplate and UserAgent tables in Prisma schema
+2. ✅ Admin CRUD at /admin/agent-templates
+3. ✅ User CRUD at /api/agents
+4. ✅ Chat proxy routes by agent name
+5. ✅ Discord channel routing via DISCORD_AGENT_CHANNELS
+6. ✅ WebUI AgentSelector component
+7. ✅ 3547 tests passing, CI green
+
+## Open Questions
+
+## Corrections
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
      "undici": ">=6.23.0",
      "rollup": ">=4.59.0",
      "serialize-javascript": ">=7.0.3",
-      "multer": ">=2.1.0"
+      "multer": ">=2.1.1"
    }
  }
 }
--- a/packages/shared/src/types/agent-provider.types.ts
+++ b/packages/shared/src/types/agent-provider.types.ts
@@ -0,0 +1,78 @@
+// Agent message roles
+export type AgentMessageRole = "user" | "assistant" | "system" | "tool";
+
+// A single message in an agent conversation
+export interface AgentMessage {
+  id: string;
+  sessionId: string;
+  role: AgentMessageRole;
+  content: string;
+  timestamp: Date;
+  metadata?: Record<string, unknown>;
+}
+
+// Session lifecycle status
+export type AgentSessionStatus = "active" | "paused" | "completed" | "failed" | "idle";
+
+// An agent session (conversation thread)
+export interface AgentSession {
+  id: string;
+  providerId: string; // which provider owns this session
+  providerType: string; // "internal" | "openclaw" | etc.
+  label?: string;
+  status: AgentSessionStatus;
+  parentSessionId?: string; // for subagent trees
+  createdAt: Date;
+  updatedAt: Date;
+  metadata?: Record<string, unknown>;
+}
+
+// Result of listing sessions
+export interface AgentSessionList {
+  sessions: AgentSession[];
+  total: number;
+  cursor?: string;
+}
+
+// Result of injecting a message
+export interface InjectResult {
+  accepted: boolean;
+  messageId?: string;
+}
+
+// The IAgentProvider interface — every provider (internal, OpenClaw, future) implements this
+export interface IAgentProvider {
+  readonly providerId: string;
+  readonly providerType: string;
+  readonly displayName: string;
+
+  // Session management
+  listSessions(cursor?: string, limit?: number): Promise<AgentSessionList>;
+  getSession(sessionId: string): Promise<AgentSession | null>;
+  getMessages(sessionId: string, limit?: number, before?: string): Promise<AgentMessage[]>;
+
+  // Control operations
+  injectMessage(sessionId: string, content: string): Promise<InjectResult>;
+  pauseSession(sessionId: string): Promise<void>;
+  resumeSession(sessionId: string): Promise<void>;
+  killSession(sessionId: string, force?: boolean): Promise<void>;
+
+  // SSE streaming — returns an AsyncIterable of AgentMessage events
+  streamMessages(sessionId: string): AsyncIterable<AgentMessage>;
+
+  // Health
+  isAvailable(): Promise<boolean>;
+}
+
+// Provider configuration stored in DB (AgentProviderConfig model from P0 schema)
+export interface AgentProviderConfig {
+  id: string;
+  providerId: string;
+  providerType: string;
+  displayName: string;
+  baseUrl?: string;
+  apiToken?: string;
+  enabled: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jason Woltje	e4f942dde7	feat(web): MS23-P2-008 panel grid responsive layout All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 14:47:39 -06:00
jason.woltje	4ea31c5749	Merge pull request 'feat: MS23-P2-007 AuditLogDrawer + audit log endpoint' (#730 ) from feat/ms23-p2-audit into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 20:40:21 +00:00
Jason Woltje	4792f7b70a	feat: MS23-P2-007 AuditLogDrawer + audit log endpoint All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 14:40:06 -06:00
jason.woltje	571094a099	Merge pull request 'feat(web): MS23-P2-004 Panel operator controls' (#729 ) from feat/ms23-p2-controls into main Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 20:35:53 +00:00
Jason Woltje	adef5bdbb2	feat(web): MS23-P2-004 panel operator controls All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 14:34:31 -06:00
jason.woltje	eb771d795a	Merge pull request 'feat(web): MS23-P2-003 BargeInInput component' (#728 ) from feat/ms23-p2-barge into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 20:33:39 +00:00
jason.woltje	c9aff531ea	Merge pull request 'feat(web): MS23-P2-006 KillAllDialog confirmation modal' (#727 ) from feat/ms23-p2-killall into main Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 20:33:03 +00:00
Jason Woltje	b2c751caca	feat(web): MS23-P2-003 BargeInInput component Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 14:32:12 -06:00
Jason Woltje	cd28428cf2	feat(web): MS23-P2-006 KillAllDialog confirmation modal Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 14:31:38 -06:00
jason.woltje	2c36569f85	Merge pull request 'feat(web): MS23-P2-005 GlobalAgentRoster sidebar tree' (#726 ) from feat/ms23-p2-roster into main Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 20:20:17 +00:00
Jason Woltje	7c086db7e4	feat(web): MS23-P2-005 GlobalAgentRoster sidebar tree Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-07 14:19:05 -06:00
jason.woltje	577e6141e0	Merge pull request 'feat(web): MS23-P2-002 OrchestratorPanel SSE stream component' (#725 ) from feat/ms23-p2-panel into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 20:17:56 +00:00
Jason Woltje	631ba499e3	feat(web): MS23-P2-002 OrchestratorPanel SSE stream component All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 14:14:57 -06:00
jason.woltje	a61106c24a	Merge pull request 'feat(web): MS23-P2-001 Mission Control page route + layout shell' (#724 ) from feat/ms23-p2-page into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 20:00:55 +00:00
Jason Woltje	487aac6903	feat(web): add Mission Control page layout shell All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 13:59:23 -06:00
jason.woltje	544e828e58	Merge pull request 'test(orchestrator): MS23-P1-006 Phase 1 provider system unit tests' (#723 ) from test/ms23-p1 into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 19:51:09 +00:00
Jason Woltje	9489bc63f8	test(orchestrator): add mission-control phase 1 gate coverage All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 13:47:49 -06:00
Jason Woltje	ad644799aa	feat(orchestrator): MS23-P1-005 Mission Control proxy API (#722 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 19:43:34 +00:00
jason.woltje	81bf349270	Merge pull request 'feat(orchestrator): MS23-P1-004 AgentProviderConfig CRUD API' (#721 ) from feat/ms23-p1-provider-api into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 19:26:24 +00:00
Jason Woltje	bcada71e88	feat(orchestrator): add AgentProviderConfig CRUD API All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-07 13:22:56 -06:00
Jason Woltje	9cc82e7fcf	feat(orchestrator): MS23-P1-003 AgentProviderRegistry (#720 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 19:15:59 +00:00
Jason Woltje	4b135ae1f0	feat(orchestrator): MS23-P1-002 InternalAgentProvider (#719 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 19:06:36 +00:00
Jason Woltje	364619b332	feat(shared): MS23-P1-001 IAgentProvider interface + agent types (#718 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 18:29:18 +00:00
Jason Woltje	18ed3a5411	chore(tasks): MS23 Phase 0 complete — all 6 P0 tasks done (#717 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 18:13:12 +00:00
Jason Woltje	79ff3a921f	test(orchestrator): MS23-P0-006 service unit tests for AgentMessages/Control/Tree (#716 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 18:12:47 +00:00
Jason Woltje	76f06d0291	chore(tasks): MS23-P0-005 done, P0-006 in-progress (#715 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:58:20 +00:00
Jason Woltje	03dd25f028	feat(orchestrator): MS23-P0-005 subagent tree endpoint (#714 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:57:55 +00:00
Jason Woltje	f3726de54e	chore(tasks): MS23-P0-004 done, P0-005 in-progress (#713 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:43:35 +00:00
Jason Woltje	d0c6622de5	feat(orchestrator): MS23-P0-004 operator inject/pause/resume endpoints (#712 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:43:11 +00:00
Jason Woltje	4749f52668	chore(tasks): MS23-P0-002 done, P0-003 done, P0-004 in-progress (#711 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:15:57 +00:00
Jason Woltje	e0b28c91c3	feat(orchestrator): MS23 per-agent message history and SSE stream (#702 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:15:30 +00:00
Jason Woltje	fa7837af3e	fix(orchestrator): rm symlink before schema COPY in Docker builder (#710 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 17:00:38 +00:00
Jason Woltje	123cbce5cd	fix(orchestrator): copy schema to overwrite dangling symlink in Docker (#709 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 16:45:54 +00:00
Jason Woltje	7d47e5ff99	fix(orchestrator): use symlink path ./prisma/schema.prisma in generate script (#708 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 16:31:49 +00:00
Jason Woltje	ef674206e7	fix(orchestrator): symlink prisma/schema.prisma to resolve Docker build root detection (#707 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 16:17:20 +00:00
Jason Woltje	977747599f	fix(orchestrator): local prisma schema copy for Docker generate (#706 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 16:00:07 +00:00
Jason Woltje	fc4699ca51	fix(orchestrator): copy apps/api/package.json for prisma generate in Dockerfile (#705 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 15:38:46 +00:00
Jason Woltje	b61554800b	fix(orchestrator): add prisma CLI devDependency for prisma:generate (#704 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 06:56:42 +00:00
Jason Woltje	98e892f23c	fix(orchestrator): Dockerfile prisma generate + vitest reflect-metadata setup (#703 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 04:45:17 +00:00
Jason Woltje	de6faf659e	feat(orchestrator): MS23 agent lifecycle ingestion service (#701 ) Some checks failed ci/woodpecker/push/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 04:21:26 +00:00
Jason Woltje	49fa958444	chore(orchestrator): MS23 P0-001 done, P0-002 in-progress (#700 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 02:10:59 +00:00
Jason Woltje	8d6abd72bb	feat(api): MS23 mission control Prisma schema (#699 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 01:18:06 +00:00
Jason Woltje	1bed5b3573	chore(orchestrator): Bootstrap MS23 mission-control TASKS.md + PRD (#698 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-07 00:27:24 +00:00
jason.woltje	c644d1044b	Merge pull request 'fix(api): add AuthModule import to UserAgentModule' (#691 ) from fix/user-agent-auth-module into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-05 22:22:18 +00:00
Jason Woltje	bf5779fb73	fix(api): add AuthModule import to UserAgentModule All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-05 16:21:38 -06:00
Jason Woltje	08d7a6b708	chore: trigger CI rebuild for hotfix	2026-03-05 16:15:32 -06:00
jason.woltje	570edef4e5	Merge pull request 'fix(api): add AuthModule import to AgentTemplateModule' (#690 ) from fix/agent-template-auth-module into main All checks were successful ci/woodpecker/push/ci Pipeline was successful Details	2026-03-05 22:10:36 +00:00
Jason Woltje	d220be6b58	fix(api): add AuthModule import to AgentTemplateModule All checks were successful ci/woodpecker/push/ci Pipeline was successful Details The AgentTemplateController uses AuthGuard which requires AuthService, but AgentTemplateModule was not importing AuthModule. This caused the API to crash during dependency resolution.	2026-03-05 09:46:22 -06:00
Jason Woltje	ade9e968ca	chore(ms22-p2): mission complete — all 10 tasks done (#689 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 15:41:43 +00:00
Jason Woltje	413ecdb63b	feat(ms22-p2): add Discord channel → agent routing (#688 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 14:04:06 +00:00
Jason Woltje	e85fb11f03	test(ms22-p2): add unit tests for agent services (#687 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 03:40:35 +00:00
Jason Woltje	0869a3dcb6	chore(ms22-p2): update mission docs — P2-008 complete (#686 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 03:32:36 +00:00
Jason Woltje	a70f149886	feat(ms22-p2): add agent selector UI in WebUI (#685 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 03:29:02 +00:00
Jason Woltje	2f1ee53c8d	feat(ms22-p2): add agent status endpoints and chat routing (#684 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 02:56:36 +00:00
Jason Woltje	b52c4e7ff9	chore(ms22-p2): update docs after P2-004 completion (#683 ) Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 02:46:24 +00:00
Jason Woltje	af56684e84	feat(ms22-p2): add UserAgent CRUD endpoints (#682 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 02:44:19 +00:00
Jason Woltje	ee4d6fa12b	feat(ms22-p2): add AgentTemplate admin CRUD endpoints (#678 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 02:32:17 +00:00
Jason Woltje	5bd08b0d0b	fix(deps): update multer override to >=2.1.1 (#681 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-05 02:27:08 +00:00
jason.woltje	1eb581553a	Merge pull request 'docs(ms22-p2): validated PRD — 15/15 mosaic prdy validate' (#680 ) from docs/ms22-p2-prd-validated into main	2026-03-05 01:59:25 +00:00
Jason Woltje	da62b9bb73	docs(ms22-p2): validated PRD with FR/US/AC items — 15/15 mosaic prdy validate	2026-03-04 19:59:20 -06:00
jason.woltje	62fc76fea6	Merge pull request 'chore(ms22-p2): initialize mission, update manifest and TASKS' (#679 ) from chore/ms22-p2-mission-init into main	2026-03-05 01:54:14 +00:00
Jason Woltje	8b38026fed	chore(ms22-p2): initialize mission, update manifest and TASKS	2026-03-04 19:53:57 -06:00
jason.woltje	82b1b4cb41	Merge pull request 'feat(ms22-p2): seed default agent templates' (#677 ) from feat/ms22-p2-agent-seed into main Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-05 01:42:05 +00:00
Jason Woltje	22e08e4ef2	feat(ms22-p2): seed default agent templates (jarvis, builder, medic) Some checks failed ci/woodpecker/push/ci Pipeline failed Details	2026-03-04 19:41:25 -06:00