From a1a37c77f6fa3894a2f7a7b301a26c2284d93cee Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Mon, 2 Mar 2026 09:33:31 -0600
Subject: [PATCH 1/2] fix(api): add missing /orchestrator/health and
 /orchestrator/events/recent endpoints

- Added GET /orchestrator/health for widget health checks
- Added GET /orchestrator/events/recent for recent agent events
- Widgets were calling endpoints that returned 404
---
 .../orchestrator/orchestrator.controller.ts   | 98 ++++++++++++++++++-
 1 file changed, 97 insertions(+), 1 deletion(-)

diff --git a/apps/api/src/orchestrator/orchestrator.controller.ts b/apps/api/src/orchestrator/orchestrator.controller.ts
index e17d403..3cd25ac 100644
--- a/apps/api/src/orchestrator/orchestrator.controller.ts
+++ b/apps/api/src/orchestrator/orchestrator.controller.ts
@@ -1,4 +1,4 @@
-import { Controller, Get, Res, UseGuards } from "@nestjs/common";
+import { Controller, Get, Query, Res, UseGuards } from "@nestjs/common";
 import { AgentStatus } from "@prisma/client";
 import type { Response } from "express";
 import { AuthGuard } from "../auth/guards/auth.guard";
@@ -6,6 +6,7 @@ import { PrismaService } from "../prisma/prisma.service";
 
 const AGENT_POLL_INTERVAL_MS = 5_000;
 const SSE_HEARTBEAT_MS = 15_000;
+const DEFAULT_EVENTS_LIMIT = 25;
 
 interface OrchestratorAgentDto {
   id: string;
@@ -15,6 +16,26 @@ interface OrchestratorAgentDto {
   createdAt: Date;
 }
 
+interface OrchestratorEventDto {
+  type: string;
+  timestamp: string;
+  agentId?: string;
+  taskId?: string;
+  data?: Record<string, unknown>;
+}
+
+interface OrchestratorHealthDto {
+  status: "healthy" | "degraded" | "unhealthy";
+  database: "connected" | "disconnected";
+  agents: {
+    total: number;
+    working: number;
+    idle: number;
+    errored: number;
+  };
+  timestamp: string;
+}
+
 @Controller("orchestrator")
 @UseGuards(AuthGuard)
 export class OrchestratorController {
@@ -25,6 +46,81 @@ export class OrchestratorController {
     return this.fetchActiveAgents();
   }
 
+  @Get("events/recent")
+  async getRecentEvents(
+    @Query("limit") limit?: string
+  ): Promise<{ events: OrchestratorEventDto[] }> {
+    const eventsLimit = limit ? parseInt(limit, 10) : DEFAULT_EVENTS_LIMIT;
+    const safeLimit = Math.min(Math.max(eventsLimit, 1), 100);
+
+    // Fetch recent agent activity to derive events
+    const agents = await this.prisma.agent.findMany({
+      where: {
+        status: {
+          not: AgentStatus.TERMINATED,
+        },
+      },
+      orderBy: {
+        createdAt: "desc",
+      },
+      take: safeLimit,
+    });
+
+    // Derive events from agent status changes
+    const events: OrchestratorEventDto[] = agents.map((agent) => ({
+      type: `agent:${agent.status.toLowerCase()}`,
+      timestamp: agent.createdAt.toISOString(),
+      agentId: agent.id,
+      data: {
+        name: agent.name,
+        role: agent.role,
+        model: agent.model,
+      },
+    }));
+
+    return { events };
+  }
+
+  @Get("health")
+  async getHealth(): Promise<OrchestratorHealthDto> {
+    let databaseConnected = false;
+    let agents: OrchestratorAgentDto[] = [];
+
+    try {
+      // Check database connectivity
+      await this.prisma.$queryRaw`SELECT 1`;
+      databaseConnected = true;
+
+      // Get agent counts
+      agents = await this.fetchActiveAgents();
+    } catch {
+      databaseConnected = false;
+    }
+
+    const working = agents.filter((a) => a.status === AgentStatus.WORKING).length;
+    const idle = agents.filter((a) => a.status === AgentStatus.IDLE).length;
+    const errored = agents.filter((a) => a.status === AgentStatus.ERROR).length;
+
+    let status: OrchestratorHealthDto["status"] = "healthy";
+    if (!databaseConnected) {
+      status = "unhealthy";
+    } else if (errored > 0) {
+      status = "degraded";
+    }
+
+    return {
+      status,
+      database: databaseConnected ? "connected" : "disconnected",
+      agents: {
+        total: agents.length,
+        working,
+        idle,
+        errored,
+      },
+      timestamp: new Date().toISOString(),
+    };
+  }
+
   @Get("events")
   async streamEvents(@Res() res: Response): Promise<void> {
     res.setHeader("Content-Type", "text/event-stream");
-- 
2.49.1


From da9dbd7827d424acaaa106ca8ca47930916c5e2d Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Mon, 2 Mar 2026 11:41:10 -0600
Subject: [PATCH 2/2] ci: add auto-deploy to Docker Swarm after CI passes

---
 .woodpecker/ci.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index ed65fd4..14d3c13 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -337,3 +337,35 @@ steps:
       - security-trivy-api
       - security-trivy-orchestrator
       - security-trivy-web
+
+  # ─── Deploy to Docker Swarm (main only) ─────────────────────
+
+  deploy-swarm:
+    image: alpine:3
+    environment:
+      SSH_PRIVATE_KEY:
+        from_secret: ssh_private_key
+      SSH_KNOWN_HOSTS:
+        from_secret: ssh_known_hosts
+    commands:
+      - apk add --no-cache openssh-client
+      - |
+        set -e
+        # Setup SSH
+        mkdir -p ~/.ssh
+        echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+        chmod 600 ~/.ssh/known_hosts
+        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+
+        # Deploy to swarm
+        echo "🚀 Deploying to Docker Swarm..."
+        ssh -o StrictHostKeyChecking=no mosaic@10.1.1.45 \
+          "cd /opt/mosaic-stack && \
+           docker login git.mosaicstack.dev -u \$(echo \$GITEA_USER) -p \$GITEA_TOKEN || true && \
+           docker stack deploy -c docker-compose.yml mosaic"
+    when:
+      - branch: [main]
+        event: [push, manual, tag]
+    depends_on:
+      - link-packages
-- 
2.49.1