fix(web): add ReactQueryProvider to root layout for Mission Control

Mission Control components (AuditLogDrawer, GlobalAgentRoster, PanelControls)
use @tanstack/react-query hooks but no QueryClientProvider existed in the
layout tree. This caused a crash: 'No QueryClient set, use QueryClientProvider'.

Added ReactQueryProvider wrapper in apps/web/src/providers/ and wired it into
the root layout above ErrorBoundary/AuthProvider so all routes have access.

apps/web/src/app/api/orchestrator/[...path]/route.ts

@@ -1,93 +0,0 @@
-import { type NextRequest, NextResponse } from "next/server";
-
-const DEFAULT_ORCHESTRATOR_URL = "http://localhost:3001";
-
-function getOrchestratorUrl(): string {
-  return (
-    process.env.ORCHESTRATOR_URL ??
-    process.env.NEXT_PUBLIC_ORCHESTRATOR_URL ??
-    process.env.NEXT_PUBLIC_API_URL ??
-    DEFAULT_ORCHESTRATOR_URL
-  );
-}
-
-/**
- * Generic catch-all proxy for orchestrator API routes.
- *
- * Forwards any request to /api/orchestrator/<path> → ORCHESTRATOR_URL/<path>
- * with the ORCHESTRATOR_API_KEY injected server-side so it never reaches the browser.
- *
- * Supports GET, POST, PATCH, DELETE, PUT.
- *
- * Example:
- *   GET  /api/orchestrator/mission-control/sessions
- *     → GET ORCHESTRATOR_URL/api/mission-control/sessions
- *   POST /api/orchestrator/mission-control/sessions/abc/kill
- *     → POST ORCHESTRATOR_URL/api/mission-control/sessions/abc/kill
- */
-async function proxyToOrchestrator(
-  request: NextRequest,
-  context: { params: Promise<{ path: string[] }> }
-): Promise<NextResponse> {
-  const orchestratorApiKey = process.env.ORCHESTRATOR_API_KEY;
-  if (!orchestratorApiKey) {
-    return NextResponse.json(
-      { error: "ORCHESTRATOR_API_KEY is not configured on the web server." },
-      { status: 503 }
-    );
-  }
-
-  const { path } = await context.params;
-  const upstreamPath = `/${path.join("/")}`;
-  const search = request.nextUrl.search;
-  const upstreamUrl = `${getOrchestratorUrl()}${upstreamPath}${search}`;
-
-  const controller = new AbortController();
-  const timeout = setTimeout(() => {
-    controller.abort();
-  }, 30_000);
-
-  try {
-    const headers: Record<string, string> = {
-      "X-API-Key": orchestratorApiKey,
-    };
-
-    const contentType = request.headers.get("Content-Type");
-    if (contentType) {
-      headers["Content-Type"] = contentType;
-    }
-
-    const hasBody = request.method !== "GET" && request.method !== "HEAD";
-    const body = hasBody ? await request.text() : null;
-
-    const upstream = await fetch(upstreamUrl, {
-      method: request.method,
-      headers,
-      ...(body !== null ? { body } : {}),
-      cache: "no-store",
-      signal: controller.signal,
-    });
-
-    const responseText = await upstream.text();
-    return new NextResponse(responseText, {
-      status: upstream.status,
-      headers: {
-        "Content-Type": upstream.headers.get("Content-Type") ?? "application/json",
-      },
-    });
-  } catch (error) {
-    const message =
-      error instanceof Error && error.name === "AbortError"
-        ? "Orchestrator request timed out."
-        : "Unable to reach orchestrator.";
-    return NextResponse.json({ error: message }, { status: 502 });
-  } finally {
-    clearTimeout(timeout);
-  }
-}
-
-export const GET = proxyToOrchestrator;
-export const POST = proxyToOrchestrator;
-export const PATCH = proxyToOrchestrator;
-export const PUT = proxyToOrchestrator;
-export const DELETE = proxyToOrchestrator;

apps/web/src/components/mission-control/AuditLogDrawer.tsx

@@ -158,9 +158,7 @@ async function fetchAuditLog(
   }
 
   try {
-    return await apiGet<AuditLogResponse>(
+    return await apiGet<AuditLogResponse>(`/api/mission-control/audit-log?${params.toString()}`);
-      `/api/orchestrator/api/mission-control/audit-log?${params.toString()}`
-    );
   } catch (error) {
     if (isRateLimitError(error)) {
       return createEmptyAuditLogResponse(page, "Rate limited - retrying...");

apps/web/src/components/mission-control/BargeInInput.test.tsx

@@ -59,12 +59,9 @@ describe("BargeInInput", (): void => {
     await user.click(screen.getByRole("button", { name: "Send" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/session-1/inject", {
-        "/api/orchestrator/api/mission-control/sessions/session-1/inject",
-        {
         content: "execute plan",
-        }
+      });
-      );
     });
 
     expect(onSent).toHaveBeenCalledTimes(1);
@@ -86,18 +83,12 @@ describe("BargeInInput", (): void => {
 
     const calls = mockApiPost.mock.calls as [string, unknown?][];
 
-    expect(calls[0]).toEqual([
+    expect(calls[0]).toEqual(["/api/mission-control/sessions/session-2/pause", undefined]);
-      "/api/orchestrator/api/mission-control/sessions/session-2/pause",
-      undefined,
-    ]);
     expect(calls[1]).toEqual([
-      "/api/orchestrator/api/mission-control/sessions/session-2/inject",
+      "/api/mission-control/sessions/session-2/inject",
       { content: "hello world" },
     ]);
-    expect(calls[2]).toEqual([
+    expect(calls[2]).toEqual(["/api/mission-control/sessions/session-2/resume", undefined]);
-      "/api/orchestrator/api/mission-control/sessions/session-2/resume",
-      undefined,
-    ]);
   });
 
   it("submits with Enter and does not submit on Shift+Enter", async (): Promise<void> => {
@@ -114,12 +105,9 @@ describe("BargeInInput", (): void => {
     fireEvent.keyDown(textarea, { key: "Enter", code: "Enter", shiftKey: false });
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/session-3/inject", {
-        "/api/orchestrator/api/mission-control/sessions/session-3/inject",
-        {
         content: "first",
-        }
+      });
-      );
     });
   });
 

apps/web/src/components/mission-control/BargeInInput.tsx

@@ -39,7 +39,7 @@ export function BargeInInput({ sessionId, onSent }: BargeInInputProps): React.JS
     }
 
     const encodedSessionId = encodeURIComponent(sessionId);
-    const baseEndpoint = `/api/orchestrator/api/mission-control/sessions/${encodedSessionId}`;
+    const baseEndpoint = `/api/mission-control/sessions/${encodedSessionId}`;
     let didPause = false;
     let didInject = false;
 

apps/web/src/components/mission-control/GlobalAgentRoster.test.tsx

@@ -177,12 +177,9 @@ describe("GlobalAgentRoster", (): void => {
     fireEvent.click(screen.getByRole("button", { name: "Kill session killme12" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/killme123456/kill", {
-        "/api/orchestrator/api/mission-control/sessions/killme123456/kill",
-        {
         force: false,
-        }
+      });
-      );
     });
   });
 

apps/web/src/components/mission-control/GlobalAgentRoster.tsx

@@ -83,7 +83,7 @@ function groupByProvider(sessions: MissionControlSession[]): ProviderSessionGrou
 
 async function fetchSessions(): Promise<MissionControlSession[]> {
   const payload = await apiGet<MissionControlSession[] | SessionsPayload>(
-    "/api/orchestrator/api/mission-control/sessions"
+    "/api/mission-control/sessions"
   );
   return Array.isArray(payload) ? payload : payload.sessions;
 }
@@ -118,12 +118,9 @@ export function GlobalAgentRoster({
 
   const killMutation = useMutation({
     mutationFn: async (sessionId: string): Promise<string> => {
-      await apiPost<{ message: string }>(
+      await apiPost<{ message: string }>(`/api/mission-control/sessions/${sessionId}/kill`, {
-        `/api/orchestrator/api/mission-control/sessions/${sessionId}/kill`,
-        {
         force: false,
-        }
+      });
-      );
       return sessionId;
     },
     onSuccess: (): void => {

apps/web/src/components/mission-control/KillAllDialog.test.tsx

@@ -112,20 +112,14 @@ describe("KillAllDialog", (): void => {
     await user.click(screen.getByRole("button", { name: "Kill All Agents" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/internal-1/kill", {
-        "/api/orchestrator/api/mission-control/sessions/internal-1/kill",
-        {
         force: true,
-        }
+      });
-      );
     });
 
-    expect(mockApiPost).not.toHaveBeenCalledWith(
+    expect(mockApiPost).not.toHaveBeenCalledWith("/api/mission-control/sessions/external-1/kill", {
-      "/api/orchestrator/api/mission-control/sessions/external-1/kill",
-      {
       force: true,
-      }
+    });
-    );
     expect(onComplete).toHaveBeenCalledTimes(1);
   });
 
@@ -147,18 +141,12 @@ describe("KillAllDialog", (): void => {
     await user.click(screen.getByRole("button", { name: "Kill All Agents" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/internal-2/kill", {
-        "/api/orchestrator/api/mission-control/sessions/internal-2/kill",
-        {
         force: true,
-        }
+      });
-      );
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/external-2/kill", {
-      expect(mockApiPost).toHaveBeenCalledWith(
-        "/api/orchestrator/api/mission-control/sessions/external-2/kill",
-        {
         force: true,
-        }
+      });
-      );
     });
   });
 

apps/web/src/components/mission-control/KillAllDialog.tsx

@@ -96,12 +96,9 @@ export function KillAllDialog({ sessions, onComplete }: KillAllDialogProps): Rea
 
     const killRequests = targetSessions.map(async (session) => {
       try {
-        await apiPost<{ message: string }>(
+        await apiPost<{ message: string }>(`/api/mission-control/sessions/${session.id}/kill`, {
-          `/api/orchestrator/api/mission-control/sessions/${session.id}/kill`,
-          {
           force: true,
-          }
+        });
-        );
         return true;
       } catch {
         return false;

apps/web/src/components/mission-control/PanelControls.test.tsx

@@ -89,7 +89,7 @@ describe("PanelControls", (): void => {
 
     await waitFor((): void => {
       expect(mockApiPost).toHaveBeenCalledWith(
-        "/api/orchestrator/api/mission-control/sessions/session%20with%20space/pause",
+        "/api/mission-control/sessions/session%20with%20space/pause",
         undefined
       );
     });
@@ -114,12 +114,9 @@ describe("PanelControls", (): void => {
     await user.click(screen.getByRole("button", { name: "Confirm" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/session-4/kill", {
-        "/api/orchestrator/api/mission-control/sessions/session-4/kill",
-        {
         force: false,
-        }
+      });
-      );
     });
 
     expect(onStatusChange).toHaveBeenCalledWith("killed");
@@ -140,12 +137,9 @@ describe("PanelControls", (): void => {
     await user.click(screen.getByRole("button", { name: "Confirm" }));
 
     await waitFor((): void => {
-      expect(mockApiPost).toHaveBeenCalledWith(
+      expect(mockApiPost).toHaveBeenCalledWith("/api/mission-control/sessions/session-5/kill", {
-        "/api/orchestrator/api/mission-control/sessions/session-5/kill",
-        {
         force: true,
-        }
+      });
-      );
     });
 
     expect(onStatusChange).toHaveBeenCalledWith("killed");

apps/web/src/components/mission-control/PanelControls.tsx

@@ -50,23 +50,23 @@ export function PanelControls({
       switch (action) {
         case "pause":
           await apiPost<{ message: string }>(
-            `/api/orchestrator/api/mission-control/sessions/${encodeURIComponent(sessionId)}/pause`
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/pause`
           );
           return { nextStatus: "paused" };
         case "resume":
           await apiPost<{ message: string }>(
-            `/api/orchestrator/api/mission-control/sessions/${encodeURIComponent(sessionId)}/resume`
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/resume`
           );
           return { nextStatus: "active" };
         case "graceful-kill":
           await apiPost<{ message: string }>(
-            `/api/orchestrator/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
             { force: false }
           );
           return { nextStatus: "killed" };
         case "force-kill":
           await apiPost<{ message: string }>(
-            `/api/orchestrator/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
+            `/api/mission-control/sessions/${encodeURIComponent(sessionId)}/kill`,
             { force: true }
           );
           return { nextStatus: "killed" };

docker-compose.swarm.portainer.yml

@@ -316,8 +316,6 @@ services:
       SANDBOX_ENABLED: "true"
       # API key for authenticating requests from the web proxy
       ORCHESTRATOR_API_KEY: ${ORCHESTRATOR_API_KEY}
-      # Prisma database connection (uses the shared openbrain postgres)
-      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@openbrain_brain-db:5432/${POSTGRES_DB:-mosaic}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - orchestrator_workspace:/workspace
@@ -333,7 +331,6 @@ services:
       start_period: 40s
     networks:
       - internal
-      - openbrain-brain-internal
     cap_drop:
       - ALL
     cap_add:
@@ -406,7 +403,6 @@ services:
     networks:
       - internal
       - traefik-public
-      - openbrain-brain-internal
     deploy:
       restart_policy:
         condition: on-failure