From 4daf382819f87145cb00092958729814b0d85b5d Mon Sep 17 00:00:00 2001
From: AlexanderWhitestone
 <8633216+AlexanderWhitestone@users.noreply.github.com>
Date: Tue, 24 Feb 2026 12:58:19 -0500
Subject: [PATCH] security: fix L402 macaroon forgery and XSS in templates

---
 apply_security_fixes.py                       |  183 ++
 coverage.xml                                  | 2222 +++++++++++++++++
 src/dashboard/templates/briefing.html         |    2 +-
 src/dashboard/templates/marketplace.html      |    8 +-
 .../partials/approval_card_single.html        |    6 +-
 .../templates/partials/chat_message.html      |    6 +-
 src/dashboard/templates/partials/history.html |    6 +-
 src/timmy_serve/l402_proxy.py                 |   38 +-
 tests/test_security_regression.py             |   75 +
 9 files changed, 2522 insertions(+), 24 deletions(-)
 create mode 100644 apply_security_fixes.py
 create mode 100644 coverage.xml
 create mode 100644 tests/test_security_regression.py

diff --git a/apply_security_fixes.py b/apply_security_fixes.py
new file mode 100644
index 0000000..2f4420c
--- /dev/null
+++ b/apply_security_fixes.py
@@ -0,0 +1,183 @@
+import os
+
+def fix_l402_proxy():
+    path = "src/timmy_serve/l402_proxy.py"
+    with open(path, "r") as f:
+        content = f.read()
+    
+    # 1. Add hmac_secret to Macaroon dataclass
+    old_dataclass = "@dataclass\nclass Macaroon:\n    \"\"\"Simplified HMAC-based macaroon for L402 authentication.\"\"\"\n    identifier: str  # payment_hash\n    signature: str   # HMAC signature\n    location: str = \"timmy-time\"\n    version: int = 1"
+    new_dataclass = "@dataclass\nclass Macaroon:\n    \"\"\"Simplified HMAC-based macaroon for L402 authentication.\"\"\"\n    identifier: str  # payment_hash\n    signature: str   # HMAC signature\n    location: str = \"timmy-time\"\n    version: int = 1\n    hmac_secret: str = \"\"  # Added for multi-key support"
+    content = content.replace(old_dataclass, new_dataclass)
+
+    # 2. Update _MACAROON_SECRET logic
+    old_secret_logic = """_MACAROON_SECRET_DEFAULT = "timmy-macaroon-secret"
+_MACAROON_SECRET_RAW = os.environ.get("L402_MACAROON_SECRET", _MACAROON_SECRET_DEFAULT)
+_MACAROON_SECRET = _MACAROON_SECRET_RAW.encode()
+
+if _MACAROON_SECRET_RAW == _MACAROON_SECRET_DEFAULT:
+    logger.warning(
+        "SEC: L402_MACAROON_SECRET is using the default value — set a unique "
+        "secret in .env before deploying to production."
+    )"""
+    new_secret_logic = """_MACAROON_SECRET_DEFAULT = "timmy-macaroon-secret"
+_MACAROON_SECRET_RAW = os.environ.get("L402_MACAROON_SECRET", _MACAROON_SECRET_DEFAULT)
+_MACAROON_SECRET = _MACAROON_SECRET_RAW.encode()
+
+_HMAC_SECRET_DEFAULT = "timmy-hmac-secret"
+_HMAC_SECRET_RAW = os.environ.get("L402_HMAC_SECRET", _HMAC_SECRET_DEFAULT)
+_HMAC_SECRET = _HMAC_SECRET_RAW.encode()
+
+if _MACAROON_SECRET_RAW == _MACAROON_SECRET_DEFAULT or _HMAC_SECRET_RAW == _HMAC_SECRET_DEFAULT:
+    logger.warning(
+        "SEC: L402 secrets are using default values — set L402_MACAROON_SECRET "
+        "and L402_HMAC_SECRET in .env before deploying to production."
+    )"""
+    content = content.replace(old_secret_logic, new_secret_logic)
+
+    # 3. Update _sign to use the two-key derivation
+    old_sign = """def _sign(identifier: str) -> str:
+    \"\"\"Create an HMAC signature for a macaroon identifier.\"\"\"
+    return hmac.new(_MACAROON_SECRET, identifier.encode(), hashlib.sha256).hexdigest()"""
+    new_sign = """def _sign(identifier: str, hmac_secret: Optional[str] = None) -> str:
+    \"\"\"Create an HMAC signature for a macaroon identifier using two-key derivation.
+    
+    The base macaroon secret is used to derive a key-specific secret from the
+    hmac_secret, which is then used to sign the identifier. This prevents
+    macaroon forgery if the hmac_secret is known but the base secret is not.
+    \"\"\"
+    key = hmac.new(
+        _MACAROON_SECRET, 
+        (hmac_secret or _HMAC_SECRET_RAW).encode(), 
+        hashlib.sha256
+    ).digest()
+    return hmac.new(key, identifier.encode(), hashlib.sha256).hexdigest()"""
+    content = content.replace(old_sign, new_sign)
+
+    # 4. Update create_l402_challenge
+    old_create = """    invoice = payment_handler.create_invoice(amount_sats, memo)
+    signature = _sign(invoice.payment_hash)
+    macaroon = Macaroon(
+        identifier=invoice.payment_hash,
+        signature=signature,
+    )"""
+    new_create = """    invoice = payment_handler.create_invoice(amount_sats, memo)
+    hmac_secret = _HMAC_SECRET_RAW
+    signature = _sign(invoice.payment_hash, hmac_secret)
+    macaroon = Macaroon(
+        identifier=invoice.payment_hash,
+        signature=signature,
+        hmac_secret=hmac_secret,
+    )"""
+    content = content.replace(old_create, new_create)
+
+    # 5. Update Macaroon.serialize and deserialize
+    old_serialize = """    def serialize(self) -> str:
+        \"\"\"Encode the macaroon as a base64 string.\"\"\"
+        raw = f"{self.version}:{self.location}:{self.identifier}:{self.signature}"
+        return base64.urlsafe_b64encode(raw.encode()).decode()"""
+    new_serialize = """    def serialize(self) -> str:
+        \"\"\"Encode the macaroon as a base64 string.\"\"\"
+        raw = f"{self.version}:{self.location}:{self.identifier}:{self.signature}:{self.hmac_secret}"
+        return base64.urlsafe_b64encode(raw.encode()).decode()"""
+    content = content.replace(old_serialize, new_serialize)
+
+    old_deserialize = """    @classmethod
+    def deserialize(cls, token: str) -> Optional["Macaroon"]:
+        \"\"\"Decode a base64 macaroon string.\"\"\"
+        try:
+            raw = base64.urlsafe_b64decode(token.encode()).decode()
+            parts = raw.split(":")
+            if len(parts) != 4:
+                return None
+            return cls(
+                version=int(parts[0]),
+                location=parts[1],
+                identifier=parts[2],
+                signature=parts[3],
+            )
+        except Exception:
+            return None"""
+    new_deserialize = """    @classmethod
+    def deserialize(cls, token: str) -> Optional["Macaroon"]:
+        \"\"\"Decode a base64 macaroon string.\"\"\"
+        try:
+            raw = base64.urlsafe_b64decode(token.encode()).decode()
+            parts = raw.split(":")
+            if len(parts) < 4:
+                return None
+            return cls(
+                version=int(parts[0]),
+                location=parts[1],
+                identifier=parts[2],
+                signature=parts[3],
+                hmac_secret=parts[4] if len(parts) > 4 else "",
+            )
+        except Exception:
+            return None"""
+    content = content.replace(old_deserialize, new_deserialize)
+
+    # 6. Update verify_l402_token
+    old_verify_sig = """    # Check HMAC signature
+    expected_sig = _sign(macaroon.identifier)
+    if not hmac.compare_digest(macaroon.signature, expected_sig):"""
+    new_verify_sig = """    # Check HMAC signature
+    expected_sig = _sign(macaroon.identifier, macaroon.hmac_secret)
+    if not hmac.compare_digest(macaroon.signature, expected_sig):"""
+    content = content.replace(old_verify_sig, new_verify_sig)
+
+    with open(path, "w") as f:
+        f.write(content)
+
+def fix_xss():
+    # Fix chat_message.html
+    path = "src/dashboard/templates/partials/chat_message.html"
+    with open(path, "r") as f:
+        content = f.read()
+    content = content.replace("{{ user_message }}", "{{ user_message | e }}")
+    content = content.replace("{{ response }}", "{{ response | e }}")
+    content = content.replace("{{ error }}", "{{ error | e }}")
+    with open(path, "w") as f:
+        f.write(content)
+
+    # Fix history.html
+    path = "src/dashboard/templates/partials/history.html"
+    with open(path, "r") as f:
+        content = f.read()
+    content = content.replace("{{ msg.content }}", "{{ msg.content | e }}")
+    with open(path, "w") as f:
+        f.write(content)
+
+    # Fix briefing.html
+    path = "src/dashboard/templates/briefing.html"
+    with open(path, "r") as f:
+        content = f.read()
+    content = content.replace("{{ briefing.summary }}", "{{ briefing.summary | e }}")
+    with open(path, "w") as f:
+        f.write(content)
+
+    # Fix approval_card_single.html
+    path = "src/dashboard/templates/partials/approval_card_single.html"
+    with open(path, "r") as f:
+        content = f.read()
+    content = content.replace("{{ item.title }}", "{{ item.title | e }}")
+    content = content.replace("{{ item.description }}", "{{ item.description | e }}")
+    content = content.replace("{{ item.proposed_action }}", "{{ item.proposed_action | e }}")
+    with open(path, "w") as f:
+        f.write(content)
+
+    # Fix marketplace.html
+    path = "src/dashboard/templates/marketplace.html"
+    with open(path, "r") as f:
+        content = f.read()
+    content = content.replace("{{ agent.name }}", "{{ agent.name | e }}")
+    content = content.replace("{{ agent.role }}", "{{ agent.role | e }}")
+    content = content.replace("{{ agent.description or 'No description' }}", "{{ (agent.description or 'No description') | e }}")
+    content = content.replace("{{ cap.strip() }}", "{{ cap.strip() | e }}")
+    with open(path, "w") as f:
+        f.write(content)
+
+if __name__ == "__main__":
+    fix_l402_proxy()
+    fix_xss()
+    print("Security fixes applied successfully.")
diff --git a/coverage.xml b/coverage.xml
new file mode 100644
index 0000000..6a8d2dd
--- /dev/null
+++ b/coverage.xml
@@ -0,0 +1,2222 @@
+<?xml version="1.0" ?>
+<coverage version="7.13.4" timestamp="1771784194481" lines-valid="1910" lines-covered="1652" line-rate="0.8649" branches-covered="0" branches-valid="0" branch-rate="0" complexity="0">
+	<!-- Generated by coverage.py: https://coverage.readthedocs.io/en/7.13.4 -->
+	<!-- Based on https://raw.githubusercontent.com/cobertura/web/master/htdocs/xml/coverage-04.dtd -->
+	<sources>
+		<source>/home/ubuntu/Timmy-time-dashboard/src</source>
+	</sources>
+	<packages>
+		<package name="." line-rate="1" branch-rate="0" complexity="0">
+			<classes>
+				<class name="config.py" filename="config.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="3" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="38" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="dashboard" line-rate="0.8778" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="dashboard/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="app.py" filename="dashboard/app.py" complexity="0" line-rate="0.8611" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="2" hits="1"/>
+						<line number="3" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="49" hits="0"/>
+						<line number="50" hits="0"/>
+						<line number="51" hits="0"/>
+						<line number="52" hits="0"/>
+						<line number="53" hits="0"/>
+						<line number="54" hits="0"/>
+						<line number="56" hits="0"/>
+						<line number="57" hits="0"/>
+						<line number="58" hits="0"/>
+						<line number="60" hits="0"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="90" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="108" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="112" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="115" hits="1"/>
+					</lines>
+				</class>
+				<class name="store.py" filename="dashboard/store.py" complexity="0" line-rate="0.9444" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="5" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="0"/>
+						<line number="31" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="dashboard.routes" line-rate="0.8508" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="dashboard/routes/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="agents.py" filename="dashboard/routes/agents.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="2" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="5" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="69" hits="1"/>
+					</lines>
+				</class>
+				<class name="briefing.py" filename="dashboard/routes/briefing.py" complexity="0" line-rate="0.6" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="28" hits="0"/>
+						<line number="29" hits="0"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="39" hits="0"/>
+						<line number="40" hits="0"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="50" hits="0"/>
+						<line number="51" hits="0"/>
+						<line number="52" hits="0"/>
+						<line number="53" hits="0"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="63" hits="0"/>
+						<line number="64" hits="0"/>
+						<line number="65" hits="0"/>
+						<line number="66" hits="0"/>
+					</lines>
+				</class>
+				<class name="health.py" filename="dashboard/routes/health.py" complexity="0" line-rate="0.7391" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="2" hits="1"/>
+						<line number="3" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="5" hits="1"/>
+						<line number="7" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="15" hits="0"/>
+						<line number="16" hits="0"/>
+						<line number="17" hits="0"/>
+						<line number="18" hits="0"/>
+						<line number="19" hits="0"/>
+						<line number="20" hits="0"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+					</lines>
+				</class>
+				<class name="marketplace.py" filename="dashboard/routes/marketplace.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="83" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="112" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="125" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="131" hits="1"/>
+						<line number="132" hits="1"/>
+					</lines>
+				</class>
+				<class name="mobile.py" filename="dashboard/routes/mobile.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+					</lines>
+				</class>
+				<class name="mobile_test.py" filename="dashboard/routes/mobile_test.py" complexity="0" line-rate="0.6923" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="247" hits="1"/>
+						<line number="248" hits="1"/>
+						<line number="250" hits="0"/>
+						<line number="251" hits="0"/>
+						<line number="252" hits="0"/>
+						<line number="253" hits="0"/>
+					</lines>
+				</class>
+				<class name="swarm.py" filename="dashboard/routes/swarm.py" complexity="0" line-rate="0.9583" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="64" hits="0"/>
+						<line number="65" hits="0"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="90" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="105" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="121" hits="1"/>
+					</lines>
+				</class>
+				<class name="swarm_ws.py" filename="dashboard/routes/swarm_ws.py" complexity="0" line-rate="0.4118" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="22" hits="0"/>
+						<line number="23" hits="0"/>
+						<line number="24" hits="0"/>
+						<line number="26" hits="0"/>
+						<line number="28" hits="0"/>
+						<line number="29" hits="0"/>
+						<line number="30" hits="0"/>
+						<line number="31" hits="0"/>
+						<line number="32" hits="0"/>
+						<line number="33" hits="0"/>
+					</lines>
+				</class>
+				<class name="telegram.py" filename="dashboard/routes/telegram.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="3" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="48" hits="1"/>
+					</lines>
+				</class>
+				<class name="voice.py" filename="dashboard/routes/voice.py" complexity="0" line-rate="0.6" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="7" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="37" hits="0"/>
+						<line number="38" hits="0"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="44" hits="0"/>
+						<line number="45" hits="0"/>
+						<line number="46" hits="0"/>
+						<line number="47" hits="0"/>
+						<line number="48" hits="0"/>
+						<line number="49" hits="0"/>
+						<line number="50" hits="0"/>
+						<line number="51" hits="0"/>
+					</lines>
+				</class>
+				<class name="voice_enhanced.py" filename="dashboard/routes/voice_enhanced.py" complexity="0" line-rate="0.9189" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="0"/>
+						<line number="74" hits="0"/>
+						<line number="75" hits="0"/>
+						<line number="77" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="notifications" line-rate="0.8873" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="notifications/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="push.py" filename="notifications/push.py" complexity="0" line-rate="0.8873" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="0"/>
+						<line number="66" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="0"/>
+						<line number="70" hits="0"/>
+						<line number="72" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="76" hits="0"/>
+						<line number="77" hits="0"/>
+						<line number="81" hits="0"/>
+						<line number="86" hits="0"/>
+						<line number="87" hits="0"/>
+						<line number="89" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="108" hits="1"/>
+						<line number="109" hits="1"/>
+						<line number="110" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="112" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="123" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="134" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="139" hits="1"/>
+						<line number="145" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="self_tdd" line-rate="0.4688" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="self_tdd/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="watchdog.py" filename="self_tdd/watchdog.py" complexity="0" line-rate="0.4688" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="44" hits="0"/>
+						<line number="45" hits="0"/>
+						<line number="47" hits="0"/>
+						<line number="48" hits="0"/>
+						<line number="49" hits="0"/>
+						<line number="50" hits="0"/>
+						<line number="52" hits="0"/>
+						<line number="53" hits="0"/>
+						<line number="54" hits="0"/>
+						<line number="56" hits="0"/>
+						<line number="57" hits="0"/>
+						<line number="59" hits="0"/>
+						<line number="60" hits="0"/>
+						<line number="62" hits="0"/>
+						<line number="63" hits="0"/>
+						<line number="66" hits="1"/>
+						<line number="67" hits="0"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="0"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="shortcuts" line-rate="1" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="shortcuts/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="siri.py" filename="shortcuts/siri.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="67" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="swarm" line-rate="0.9192" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="swarm/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="agent_runner.py" filename="swarm/agent_runner.py" complexity="0" line-rate="0.9643" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="0"/>
+					</lines>
+				</class>
+				<class name="bidder.py" filename="swarm/bidder.py" complexity="0" line-rate="0.8793" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="0"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="70" hits="0"/>
+						<line number="71" hits="0"/>
+						<line number="72" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="0"/>
+						<line number="78" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="0"/>
+						<line number="83" hits="0"/>
+						<line number="84" hits="0"/>
+						<line number="86" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="1"/>
+					</lines>
+				</class>
+				<class name="comms.py" filename="swarm/comms.py" complexity="0" line-rate="0.7746" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="0"/>
+						<line number="60" hits="0"/>
+						<line number="61" hits="0"/>
+						<line number="62" hits="0"/>
+						<line number="63" hits="0"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="0"/>
+						<line number="83" hits="0"/>
+						<line number="84" hits="0"/>
+						<line number="85" hits="0"/>
+						<line number="86" hits="0"/>
+						<line number="89" hits="1"/>
+						<line number="90" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="0"/>
+						<line number="93" hits="0"/>
+						<line number="95" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="0"/>
+						<line number="99" hits="0"/>
+						<line number="100" hits="0"/>
+						<line number="101" hits="0"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="109" hits="1"/>
+						<line number="110" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="122" hits="1"/>
+						<line number="123" hits="1"/>
+					</lines>
+				</class>
+				<class name="coordinator.py" filename="swarm/coordinator.py" complexity="0" line-rate="0.9151" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="81" hits="0"/>
+						<line number="82" hits="0"/>
+						<line number="83" hits="0"/>
+						<line number="84" hits="0"/>
+						<line number="86" hits="0"/>
+						<line number="87" hits="0"/>
+						<line number="89" hits="0"/>
+						<line number="90" hits="0"/>
+						<line number="95" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="105" hits="1"/>
+						<line number="113" hits="1"/>
+						<line number="124" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="127" hits="1"/>
+						<line number="133" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="137" hits="1"/>
+						<line number="138" hits="1"/>
+						<line number="139" hits="0"/>
+						<line number="140" hits="1"/>
+						<line number="141" hits="1"/>
+						<line number="142" hits="1"/>
+						<line number="143" hits="1"/>
+						<line number="149" hits="1"/>
+						<line number="151" hits="1"/>
+						<line number="152" hits="1"/>
+						<line number="153" hits="1"/>
+						<line number="154" hits="1"/>
+						<line number="163" hits="1"/>
+						<line number="170" hits="1"/>
+						<line number="171" hits="1"/>
+						<line number="172" hits="1"/>
+						<line number="174" hits="1"/>
+						<line number="175" hits="1"/>
+						<line number="176" hits="1"/>
+						<line number="177" hits="1"/>
+						<line number="179" hits="1"/>
+						<line number="185" hits="1"/>
+						<line number="186" hits="1"/>
+						<line number="187" hits="1"/>
+						<line number="188" hits="1"/>
+						<line number="193" hits="1"/>
+						<line number="194" hits="1"/>
+						<line number="196" hits="1"/>
+						<line number="197" hits="1"/>
+						<line number="202" hits="1"/>
+						<line number="203" hits="1"/>
+						<line number="204" hits="1"/>
+						<line number="206" hits="1"/>
+						<line number="208" hits="1"/>
+						<line number="209" hits="1"/>
+						<line number="210" hits="1"/>
+						<line number="211" hits="1"/>
+						<line number="212" hits="1"/>
+						<line number="218" hits="1"/>
+						<line number="219" hits="1"/>
+						<line number="220" hits="1"/>
+						<line number="221" hits="1"/>
+						<line number="223" hits="1"/>
+						<line number="224" hits="1"/>
+						<line number="226" hits="1"/>
+						<line number="227" hits="1"/>
+						<line number="231" hits="1"/>
+						<line number="233" hits="1"/>
+						<line number="234" hits="1"/>
+						<line number="235" hits="1"/>
+						<line number="248" hits="1"/>
+					</lines>
+				</class>
+				<class name="manager.py" filename="swarm/manager.py" complexity="0" line-rate="0.8361" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="0"/>
+						<line number="28" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="0"/>
+						<line number="55" hits="0"/>
+						<line number="56" hits="0"/>
+						<line number="57" hits="0"/>
+						<line number="58" hits="0"/>
+						<line number="60" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="0"/>
+						<line number="70" hits="0"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="84" hits="1"/>
+						<line number="85" hits="0"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="0"/>
+						<line number="90" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+					</lines>
+				</class>
+				<class name="persona_node.py" filename="swarm/persona_node.py" complexity="0" line-rate="0.9474" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="74" hits="0"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="93" hits="0"/>
+						<line number="95" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+					</lines>
+				</class>
+				<class name="personas.py" filename="swarm/personas.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="12" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="133" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="138" hits="1"/>
+						<line number="140" hits="1"/>
+					</lines>
+				</class>
+				<class name="registry.py" filename="swarm/registry.py" complexity="0" line-rate="0.9844" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="83" hits="1"/>
+						<line number="84" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="0"/>
+						<line number="107" hits="1"/>
+						<line number="110" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="121" hits="1"/>
+						<line number="122" hits="1"/>
+						<line number="123" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="134" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="136" hits="1"/>
+					</lines>
+				</class>
+				<class name="stats.py" filename="swarm/stats.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="83" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="105" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="127" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="131" hits="1"/>
+						<line number="136" hits="1"/>
+						<line number="139" hits="1"/>
+						<line number="140" hits="1"/>
+					</lines>
+				</class>
+				<class name="swarm_node.py" filename="swarm/swarm_node.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="70" hits="1"/>
+					</lines>
+				</class>
+				<class name="tasks.py" filename="swarm/tasks.py" complexity="0" line-rate="0.973" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="121" hits="1"/>
+						<line number="122" hits="0"/>
+						<line number="123" hits="0"/>
+						<line number="125" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="127" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="131" hits="1"/>
+						<line number="132" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="136" hits="1"/>
+						<line number="137" hits="1"/>
+						<line number="138" hits="1"/>
+						<line number="139" hits="1"/>
+						<line number="140" hits="1"/>
+						<line number="141" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="telegram_bot" line-rate="0.6237" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="telegram_bot/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="bot.py" filename="telegram_bot/bot.py" complexity="0" line-rate="0.6237" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="0"/>
+						<line number="28" hits="0"/>
+						<line number="29" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="0"/>
+						<line number="59" hits="0"/>
+						<line number="61" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="83" hits="1"/>
+						<line number="84" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="0"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="103" hits="0"/>
+						<line number="104" hits="0"/>
+						<line number="105" hits="0"/>
+						<line number="107" hits="0"/>
+						<line number="108" hits="0"/>
+						<line number="112" hits="0"/>
+						<line number="113" hits="0"/>
+						<line number="114" hits="0"/>
+						<line number="116" hits="0"/>
+						<line number="117" hits="0"/>
+						<line number="118" hits="0"/>
+						<line number="120" hits="0"/>
+						<line number="121" hits="0"/>
+						<line number="122" hits="0"/>
+						<line number="123" hits="0"/>
+						<line number="124" hits="0"/>
+						<line number="125" hits="0"/>
+						<line number="127" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="131" hits="1"/>
+						<line number="132" hits="1"/>
+						<line number="133" hits="1"/>
+						<line number="134" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="136" hits="0"/>
+						<line number="137" hits="0"/>
+						<line number="139" hits="1"/>
+						<line number="143" hits="1"/>
+						<line number="144" hits="0"/>
+						<line number="149" hits="1"/>
+						<line number="150" hits="0"/>
+						<line number="151" hits="0"/>
+						<line number="152" hits="0"/>
+						<line number="153" hits="0"/>
+						<line number="154" hits="0"/>
+						<line number="155" hits="0"/>
+						<line number="156" hits="0"/>
+						<line number="157" hits="0"/>
+						<line number="158" hits="0"/>
+						<line number="159" hits="0"/>
+						<line number="163" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="timmy" line-rate="0.866" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="timmy/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="agent.py" filename="timmy/agent.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="3" hits="1"/>
+						<line number="4" hits="1"/>
+						<line number="5" hits="1"/>
+						<line number="7" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="65" hits="1"/>
+					</lines>
+				</class>
+				<class name="approvals.py" filename="timmy/approvals.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="84" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="123" hits="1"/>
+						<line number="125" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="133" hits="1"/>
+						<line number="135" hits="1"/>
+						<line number="136" hits="1"/>
+						<line number="139" hits="1"/>
+						<line number="140" hits="1"/>
+						<line number="143" hits="1"/>
+						<line number="144" hits="1"/>
+						<line number="145" hits="1"/>
+						<line number="148" hits="1"/>
+						<line number="149" hits="1"/>
+						<line number="152" hits="1"/>
+						<line number="154" hits="1"/>
+						<line number="155" hits="1"/>
+						<line number="158" hits="1"/>
+						<line number="159" hits="1"/>
+						<line number="160" hits="1"/>
+						<line number="163" hits="1"/>
+						<line number="165" hits="1"/>
+						<line number="166" hits="1"/>
+						<line number="169" hits="1"/>
+						<line number="170" hits="1"/>
+						<line number="171" hits="1"/>
+						<line number="174" hits="1"/>
+						<line number="176" hits="1"/>
+						<line number="177" hits="1"/>
+						<line number="178" hits="1"/>
+						<line number="182" hits="1"/>
+						<line number="183" hits="1"/>
+						<line number="184" hits="1"/>
+						<line number="185" hits="1"/>
+					</lines>
+				</class>
+				<class name="backends.py" filename="timmy/backends.py" complexity="0" line-rate="0.963" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="74" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="108" hits="1"/>
+						<line number="109" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="113" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="121" hits="1"/>
+						<line number="123" hits="1"/>
+						<line number="124" hits="1"/>
+						<line number="125" hits="1"/>
+						<line number="127" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="131" hits="1"/>
+						<line number="132" hits="1"/>
+						<line number="133" hits="1"/>
+						<line number="134" hits="0"/>
+						<line number="135" hits="0"/>
+					</lines>
+				</class>
+				<class name="briefing.py" filename="timmy/briefing.py" complexity="0" line-rate="0.75" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="105" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="115" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="126" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="132" hits="0"/>
+						<line number="133" hits="0"/>
+						<line number="134" hits="0"/>
+						<line number="136" hits="0"/>
+						<line number="138" hits="0"/>
+						<line number="143" hits="0"/>
+						<line number="148" hits="0"/>
+						<line number="153" hits="0"/>
+						<line number="155" hits="0"/>
+						<line number="156" hits="0"/>
+						<line number="157" hits="0"/>
+						<line number="158" hits="0"/>
+						<line number="159" hits="0"/>
+						<line number="160" hits="0"/>
+						<line number="161" hits="0"/>
+						<line number="163" hits="0"/>
+						<line number="164" hits="0"/>
+						<line number="165" hits="0"/>
+						<line number="166" hits="0"/>
+						<line number="169" hits="1"/>
+						<line number="171" hits="1"/>
+						<line number="172" hits="1"/>
+						<line number="173" hits="1"/>
+						<line number="175" hits="1"/>
+						<line number="176" hits="1"/>
+						<line number="177" hits="1"/>
+						<line number="178" hits="0"/>
+						<line number="179" hits="0"/>
+						<line number="180" hits="0"/>
+						<line number="181" hits="0"/>
+						<line number="182" hits="0"/>
+						<line number="183" hits="0"/>
+						<line number="184" hits="0"/>
+						<line number="185" hits="0"/>
+						<line number="192" hits="1"/>
+						<line number="195" hits="1"/>
+						<line number="196" hits="1"/>
+						<line number="198" hits="1"/>
+						<line number="200" hits="1"/>
+						<line number="202" hits="1"/>
+						<line number="204" hits="1"/>
+						<line number="205" hits="1"/>
+						<line number="206" hits="1"/>
+						<line number="207" hits="1"/>
+						<line number="209" hits="1"/>
+						<line number="211" hits="1"/>
+						<line number="212" hits="1"/>
+						<line number="214" hits="1"/>
+						<line number="215" hits="1"/>
+						<line number="217" hits="1"/>
+						<line number="230" hits="1"/>
+						<line number="231" hits="1"/>
+						<line number="232" hits="1"/>
+						<line number="233" hits="1"/>
+						<line number="234" hits="1"/>
+						<line number="241" hits="1"/>
+						<line number="243" hits="1"/>
+						<line number="251" hits="1"/>
+						<line number="252" hits="1"/>
+						<line number="253" hits="1"/>
+						<line number="255" hits="1"/>
+						<line number="257" hits="1"/>
+						<line number="258" hits="1"/>
+						<line number="260" hits="1"/>
+						<line number="261" hits="1"/>
+						<line number="262" hits="1"/>
+						<line number="268" hits="1"/>
+						<line number="270" hits="1"/>
+						<line number="271" hits="1"/>
+						<line number="272" hits="1"/>
+						<line number="273" hits="1"/>
+						<line number="274" hits="1"/>
+						<line number="275" hits="1"/>
+						<line number="276" hits="1"/>
+						<line number="277" hits="1"/>
+						<line number="283" hits="1"/>
+						<line number="285" hits="0"/>
+						<line number="286" hits="0"/>
+						<line number="287" hits="0"/>
+						<line number="288" hits="0"/>
+						<line number="300" hits="0"/>
+						<line number="301" hits="0"/>
+						<line number="302" hits="0"/>
+						<line number="306" hits="1"/>
+					</lines>
+				</class>
+				<class name="cli.py" filename="timmy/cli.py" complexity="0" line-rate="0.7619" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="3" hits="1"/>
+						<line number="5" hits="1"/>
+						<line number="6" hits="1"/>
+						<line number="8" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="32" hits="0"/>
+						<line number="33" hits="0"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="43" hits="0"/>
+						<line number="44" hits="0"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="0"/>
+					</lines>
+				</class>
+				<class name="prompts.py" filename="timmy/prompts.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="1" hits="1"/>
+						<line number="11" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="timmy_serve" line-rate="0.8231" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="timmy_serve/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="cli.py" filename="timmy_serve/cli.py" complexity="0" line-rate="0.9688" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="13" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="31" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="33" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="62" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="67" hits="0"/>
+					</lines>
+				</class>
+				<class name="inter_agent.py" filename="timmy_serve/inter_agent.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="48" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="61" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="65" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="77" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="84" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="93" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="105" hits="1"/>
+					</lines>
+				</class>
+				<class name="l402_proxy.py" filename="timmy_serve/l402_proxy.py" complexity="0" line-rate="0.8966" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="46" hits="1"/>
+						<line number="47" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="56" hits="0"/>
+						<line number="57" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="67" hits="1"/>
+						<line number="69" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="87" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="108" hits="1"/>
+						<line number="109" hits="0"/>
+						<line number="110" hits="0"/>
+						<line number="113" hits="1"/>
+						<line number="114" hits="0"/>
+						<line number="117" hits="1"/>
+						<line number="118" hits="0"/>
+						<line number="119" hits="0"/>
+						<line number="121" hits="1"/>
+						<line number="122" hits="1"/>
+					</lines>
+				</class>
+				<class name="payment_handler.py" filename="timmy_serve/payment_handler.py" complexity="0" line-rate="0.9683" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="41" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="45" hits="1"/>
+						<line number="52" hits="1"/>
+						<line number="53" hits="1"/>
+						<line number="54" hits="1"/>
+						<line number="55" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="60" hits="1"/>
+						<line number="63" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="90" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="98" hits="0"/>
+						<line number="100" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="103" hits="1"/>
+						<line number="104" hits="0"/>
+						<line number="105" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="108" hits="1"/>
+						<line number="109" hits="1"/>
+						<line number="110" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="113" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="116" hits="1"/>
+						<line number="117" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="124" hits="1"/>
+					</lines>
+				</class>
+				<class name="voice_tts.py" filename="timmy_serve/voice_tts.py" complexity="0" line-rate="0.4118" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="8" hits="1"/>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="15" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="23" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="0"/>
+						<line number="30" hits="0"/>
+						<line number="31" hits="0"/>
+						<line number="32" hits="0"/>
+						<line number="33" hits="0"/>
+						<line number="34" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="39" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="44" hits="0"/>
+						<line number="45" hits="0"/>
+						<line number="46" hits="0"/>
+						<line number="48" hits="0"/>
+						<line number="49" hits="0"/>
+						<line number="50" hits="0"/>
+						<line number="51" hits="0"/>
+						<line number="52" hits="0"/>
+						<line number="53" hits="0"/>
+						<line number="54" hits="0"/>
+						<line number="56" hits="0"/>
+						<line number="57" hits="0"/>
+						<line number="59" hits="1"/>
+						<line number="61" hits="0"/>
+						<line number="62" hits="0"/>
+						<line number="63" hits="0"/>
+						<line number="64" hits="0"/>
+						<line number="65" hits="0"/>
+						<line number="66" hits="0"/>
+						<line number="67" hits="0"/>
+						<line number="68" hits="0"/>
+						<line number="70" hits="1"/>
+						<line number="71" hits="0"/>
+						<line number="72" hits="0"/>
+						<line number="73" hits="0"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="0"/>
+						<line number="77" hits="0"/>
+						<line number="78" hits="0"/>
+						<line number="80" hits="1"/>
+						<line number="82" hits="0"/>
+						<line number="83" hits="0"/>
+						<line number="84" hits="0"/>
+						<line number="85" hits="0"/>
+						<line number="86" hits="0"/>
+						<line number="90" hits="0"/>
+						<line number="91" hits="0"/>
+						<line number="93" hits="1"/>
+						<line number="94" hits="0"/>
+						<line number="95" hits="0"/>
+						<line number="99" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="voice" line-rate="1" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="voice/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="nlu.py" filename="voice/nlu.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="17" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="19" hits="1"/>
+						<line number="20" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="27" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="30" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="68" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="83" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="90" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="96" hits="1"/>
+						<line number="97" hits="1"/>
+						<line number="98" hits="1"/>
+						<line number="100" hits="1"/>
+						<line number="101" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="104" hits="1"/>
+						<line number="110" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="121" hits="1"/>
+						<line number="124" hits="1"/>
+						<line number="125" hits="1"/>
+						<line number="128" hits="1"/>
+						<line number="129" hits="1"/>
+						<line number="130" hits="1"/>
+						<line number="132" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+		<package name="websocket" line-rate="0.9697" branch-rate="0" complexity="0">
+			<classes>
+				<class name="__init__.py" filename="websocket/__init__.py" complexity="0" line-rate="1" branch-rate="0">
+					<methods/>
+					<lines/>
+				</class>
+				<class name="handler.py" filename="websocket/handler.py" complexity="0" line-rate="0.9697" branch-rate="0">
+					<methods/>
+					<lines>
+						<line number="9" hits="1"/>
+						<line number="10" hits="1"/>
+						<line number="11" hits="1"/>
+						<line number="12" hits="1"/>
+						<line number="13" hits="1"/>
+						<line number="14" hits="1"/>
+						<line number="16" hits="1"/>
+						<line number="18" hits="1"/>
+						<line number="21" hits="1"/>
+						<line number="22" hits="1"/>
+						<line number="24" hits="1"/>
+						<line number="25" hits="1"/>
+						<line number="26" hits="1"/>
+						<line number="28" hits="1"/>
+						<line number="29" hits="1"/>
+						<line number="32" hits="1"/>
+						<line number="35" hits="1"/>
+						<line number="36" hits="1"/>
+						<line number="37" hits="1"/>
+						<line number="38" hits="1"/>
+						<line number="40" hits="1"/>
+						<line number="42" hits="1"/>
+						<line number="43" hits="1"/>
+						<line number="44" hits="1"/>
+						<line number="49" hits="1"/>
+						<line number="50" hits="1"/>
+						<line number="51" hits="1"/>
+						<line number="52" hits="0"/>
+						<line number="53" hits="0"/>
+						<line number="55" hits="1"/>
+						<line number="57" hits="1"/>
+						<line number="58" hits="1"/>
+						<line number="59" hits="1"/>
+						<line number="64" hits="1"/>
+						<line number="66" hits="1"/>
+						<line number="71" hits="1"/>
+						<line number="72" hits="1"/>
+						<line number="73" hits="1"/>
+						<line number="75" hits="1"/>
+						<line number="76" hits="1"/>
+						<line number="78" hits="1"/>
+						<line number="79" hits="1"/>
+						<line number="80" hits="1"/>
+						<line number="81" hits="1"/>
+						<line number="82" hits="1"/>
+						<line number="85" hits="1"/>
+						<line number="86" hits="1"/>
+						<line number="88" hits="1"/>
+						<line number="89" hits="1"/>
+						<line number="91" hits="1"/>
+						<line number="92" hits="1"/>
+						<line number="94" hits="1"/>
+						<line number="95" hits="1"/>
+						<line number="99" hits="1"/>
+						<line number="102" hits="1"/>
+						<line number="106" hits="1"/>
+						<line number="107" hits="1"/>
+						<line number="111" hits="1"/>
+						<line number="114" hits="1"/>
+						<line number="118" hits="1"/>
+						<line number="119" hits="1"/>
+						<line number="120" hits="1"/>
+						<line number="122" hits="1"/>
+						<line number="123" hits="1"/>
+						<line number="124" hits="1"/>
+						<line number="128" hits="1"/>
+					</lines>
+				</class>
+			</classes>
+		</package>
+	</packages>
+</coverage>
diff --git a/src/dashboard/templates/briefing.html b/src/dashboard/templates/briefing.html
index 711a2d9..5d98f02 100644
--- a/src/dashboard/templates/briefing.html
+++ b/src/dashboard/templates/briefing.html
@@ -22,7 +22,7 @@
   <div class="card mc-panel briefing-summary mb-5">
     <div class="card-header mc-panel-header">// TIMMY&rsquo;S REPORT</div>
     <div class="card-body p-4">
-      <div class="briefing-prose">{{ briefing.summary }}</div>
+      <div class="briefing-prose">{{ briefing.summary | e }}</div>
     </div>
   </div>
 
diff --git a/src/dashboard/templates/marketplace.html b/src/dashboard/templates/marketplace.html
index 081dfcd..244aae6 100644
--- a/src/dashboard/templates/marketplace.html
+++ b/src/dashboard/templates/marketplace.html
@@ -20,13 +20,13 @@
             <div class="agent-avatar">{{ agent.name[0] }}</div>
             <div class="agent-info">
                 <div class="agent-name">
-                    {{ agent.name }}
+                    {{ agent.name | e }}
                     <span style="font-size: 0.75rem; font-weight: 400;
                                  color: var(--text-muted); margin-left: 8px;">
-                        {{ agent.role }}
+                        {{ agent.role | e }}
                     </span>
                 </div>
-                <div class="agent-meta">{{ agent.description or 'No description' }}</div>
+                <div class="agent-meta">{{ (agent.description or 'No description') | e }}</div>
                 <div class="agent-meta" style="margin-top: 4px;">
                     <span class="badge badge-{{ 'success' if agent.status == 'idle'
                                                 else 'warning' if agent.status == 'busy'
@@ -36,7 +36,7 @@
                     </span>
                     {% if agent.capabilities %}
                         {% for cap in agent.capabilities.split(',') %}
-                        <span class="badge badge-secondary" style="margin-left: 4px;">{{ cap.strip() }}</span>
+                        <span class="badge badge-secondary" style="margin-left: 4px;">{{ cap.strip() | e }}</span>
                         {% endfor %}
                     {% endif %}
                 </div>
diff --git a/src/dashboard/templates/partials/approval_card_single.html b/src/dashboard/templates/partials/approval_card_single.html
index 2a30388..db0d7e3 100644
--- a/src/dashboard/templates/partials/approval_card_single.html
+++ b/src/dashboard/templates/partials/approval_card_single.html
@@ -1,10 +1,10 @@
 <div class="approval-card {{ item.status }}" id="approval-{{ item.id }}">
   <div class="d-flex justify-content-between align-items-start mb-1">
-    <div class="approval-card-title">{{ item.title }}</div>
+    <div class="approval-card-title">{{ item.title | e }}</div>
     <span class="impact-badge impact-{{ item.impact }}">{{ item.impact }}</span>
   </div>
-  <div class="approval-card-desc">{{ item.description }}</div>
-  <div class="approval-card-action">&#x25B6; {{ item.proposed_action }}</div>
+  <div class="approval-card-desc">{{ item.description | e }}</div>
+  <div class="approval-card-action">&#x25B6; {{ item.proposed_action | e }}</div>
 
   {% if item.status == "pending" %}
   <div class="approval-actions">
diff --git a/src/dashboard/templates/partials/chat_message.html b/src/dashboard/templates/partials/chat_message.html
index 9620da2..5d48134 100644
--- a/src/dashboard/templates/partials/chat_message.html
+++ b/src/dashboard/templates/partials/chat_message.html
@@ -1,15 +1,15 @@
 <div class="chat-message user">
   <div class="msg-meta">YOU // {{ timestamp }}</div>
-  <div class="msg-body">{{ user_message }}</div>
+  <div class="msg-body">{{ user_message | e }}</div>
 </div>
 {% if response %}
 <div class="chat-message agent">
   <div class="msg-meta">TIMMY // {{ timestamp }}</div>
-  <div class="msg-body">{{ response }}</div>
+  <div class="msg-body">{{ response | e }}</div>
 </div>
 {% elif error %}
 <div class="chat-message error-msg">
   <div class="msg-meta">SYSTEM // {{ timestamp }}</div>
-  <div class="msg-body">{{ error }}</div>
+  <div class="msg-body">{{ error | e }}</div>
 </div>
 {% endif %}
diff --git a/src/dashboard/templates/partials/history.html b/src/dashboard/templates/partials/history.html
index 2c4bbc2..26165d5 100644
--- a/src/dashboard/templates/partials/history.html
+++ b/src/dashboard/templates/partials/history.html
@@ -3,17 +3,17 @@
     {% if msg.role == "user" %}
     <div class="chat-message user">
       <div class="msg-meta">YOU // {{ msg.timestamp }}</div>
-      <div class="msg-body">{{ msg.content }}</div>
+      <div class="msg-body">{{ msg.content | e }}</div>
     </div>
     {% elif msg.role == "agent" %}
     <div class="chat-message agent">
       <div class="msg-meta">TIMMY // {{ msg.timestamp }}</div>
-      <div class="msg-body">{{ msg.content }}</div>
+      <div class="msg-body">{{ msg.content | e }}</div>
     </div>
     {% else %}
     <div class="chat-message error-msg">
       <div class="msg-meta">SYSTEM // {{ msg.timestamp }}</div>
-      <div class="msg-body">{{ msg.content }}</div>
+      <div class="msg-body">{{ msg.content | e }}</div>
     </div>
     {% endif %}
   {% endfor %}
diff --git a/src/timmy_serve/l402_proxy.py b/src/timmy_serve/l402_proxy.py
index ba35c4e..461aa51 100644
--- a/src/timmy_serve/l402_proxy.py
+++ b/src/timmy_serve/l402_proxy.py
@@ -26,10 +26,14 @@ _MACAROON_SECRET_DEFAULT = "timmy-macaroon-secret"
 _MACAROON_SECRET_RAW = os.environ.get("L402_MACAROON_SECRET", _MACAROON_SECRET_DEFAULT)
 _MACAROON_SECRET = _MACAROON_SECRET_RAW.encode()
 
-if _MACAROON_SECRET_RAW == _MACAROON_SECRET_DEFAULT:
+_HMAC_SECRET_DEFAULT = "timmy-hmac-secret"
+_HMAC_SECRET_RAW = os.environ.get("L402_HMAC_SECRET", _HMAC_SECRET_DEFAULT)
+_HMAC_SECRET = _HMAC_SECRET_RAW.encode()
+
+if _MACAROON_SECRET_RAW == _MACAROON_SECRET_DEFAULT or _HMAC_SECRET_RAW == _HMAC_SECRET_DEFAULT:
     logger.warning(
-        "SEC: L402_MACAROON_SECRET is using the default value — set a unique "
-        "secret in .env before deploying to production."
+        "SEC: L402 secrets are using default values — set L402_MACAROON_SECRET "
+        "and L402_HMAC_SECRET in .env before deploying to production."
     )
 
 
@@ -40,10 +44,11 @@ class Macaroon:
     signature: str   # HMAC signature
     location: str = "timmy-time"
     version: int = 1
+    hmac_secret: str = ""  # Added for multi-key support
 
     def serialize(self) -> str:
         """Encode the macaroon as a base64 string."""
-        raw = f"{self.version}:{self.location}:{self.identifier}:{self.signature}"
+        raw = f"{self.version}:{self.location}:{self.identifier}:{self.signature}:{self.hmac_secret}"
         return base64.urlsafe_b64encode(raw.encode()).decode()
 
     @classmethod
@@ -52,21 +57,32 @@ class Macaroon:
         try:
             raw = base64.urlsafe_b64decode(token.encode()).decode()
             parts = raw.split(":")
-            if len(parts) != 4:
+            if len(parts) < 4:
                 return None
             return cls(
                 version=int(parts[0]),
                 location=parts[1],
                 identifier=parts[2],
                 signature=parts[3],
+                hmac_secret=parts[4] if len(parts) > 4 else "",
             )
         except Exception:
             return None
 
 
-def _sign(identifier: str) -> str:
-    """Create an HMAC signature for a macaroon identifier."""
-    return hmac.new(_MACAROON_SECRET, identifier.encode(), hashlib.sha256).hexdigest()
+def _sign(identifier: str, hmac_secret: Optional[str] = None) -> str:
+    """Create an HMAC signature for a macaroon identifier using two-key derivation.
+    
+    The base macaroon secret is used to derive a key-specific secret from the
+    hmac_secret, which is then used to sign the identifier. This prevents
+    macaroon forgery if the hmac_secret is known but the base secret is not.
+    """
+    key = hmac.new(
+        _MACAROON_SECRET, 
+        (hmac_secret or _HMAC_SECRET_RAW).encode(), 
+        hashlib.sha256
+    ).digest()
+    return hmac.new(key, identifier.encode(), hashlib.sha256).hexdigest()
 
 
 def create_l402_challenge(amount_sats: int, memo: str = "API access") -> dict:
@@ -78,10 +94,12 @@ def create_l402_challenge(amount_sats: int, memo: str = "API access") -> dict:
       - payment_hash: for tracking payment status
     """
     invoice = payment_handler.create_invoice(amount_sats, memo)
-    signature = _sign(invoice.payment_hash)
+    hmac_secret = _HMAC_SECRET_RAW
+    signature = _sign(invoice.payment_hash, hmac_secret)
     macaroon = Macaroon(
         identifier=invoice.payment_hash,
         signature=signature,
+        hmac_secret=hmac_secret,
     )
     logger.info("L402 challenge created: %d sats — %s", amount_sats, memo)
     return {
@@ -104,7 +122,7 @@ def verify_l402_token(token: str, preimage: Optional[str] = None) -> bool:
         return False
 
     # Check HMAC signature
-    expected_sig = _sign(macaroon.identifier)
+    expected_sig = _sign(macaroon.identifier, macaroon.hmac_secret)
     if not hmac.compare_digest(macaroon.signature, expected_sig):
         logger.warning("L402: signature mismatch")
         return False
diff --git a/tests/test_security_regression.py b/tests/test_security_regression.py
new file mode 100644
index 0000000..94df9b6
--- /dev/null
+++ b/tests/test_security_regression.py
@@ -0,0 +1,75 @@
+import hmac
+import hashlib
+import base64
+import pytest
+from timmy_serve.l402_proxy import create_l402_challenge, verify_l402_token, Macaroon, _sign
+
+def test_l402_macaroon_forgery_prevention():
+    """Test that knowing the hmac_secret is not enough to forge a macaroon.
+    
+    The forgery attempt uses the same hmac_secret found in a valid macaroon
+    but doesn't know the server's internal _MACAROON_SECRET.
+    """
+    # 1. Create a valid challenge
+    challenge = create_l402_challenge(100, "valid")
+    valid_token = challenge["macaroon"]
+    
+    # 2. Extract components from the valid macaroon
+    valid_mac = Macaroon.deserialize(valid_token)
+    assert valid_mac is not None
+    
+    # 3. Attempt to forge a macaroon for a different (unpaid) identifier
+    # but using the same hmac_secret and the same signing logic a naive 
+    # attacker might assume (if it was just hmac(hmac_secret, identifier)).
+    fake_identifier = "forged-payment-hash"
+    
+    # Naive forgery attempt:
+    fake_signature = hmac.new(
+        valid_mac.hmac_secret.encode(), 
+        fake_identifier.encode(), 
+        hashlib.sha256
+    ).hexdigest()
+    
+    fake_mac = Macaroon(
+        identifier=fake_identifier,
+        signature=fake_signature,
+        hmac_secret=valid_mac.hmac_secret,
+        version=valid_mac.version,
+        location=valid_mac.location
+    )
+    fake_token = fake_mac.serialize()
+    
+    # 4. Verification should fail because the server uses two-key derivation
+    assert verify_l402_token(fake_token) is False
+
+def test_xss_protection_in_templates():
+    """Verify that templates now use the escape filter for user-controlled content."""
+    templates_to_check = [
+        ("src/dashboard/templates/partials/chat_message.html", "{{ user_message | e }}"),
+        ("src/dashboard/templates/partials/history.html", "{{ msg.content | e }}"),
+        ("src/dashboard/templates/briefing.html", "{{ briefing.summary | e }}"),
+        ("src/dashboard/templates/partials/approval_card_single.html", "{{ item.title | e }}"),
+        ("src/dashboard/templates/marketplace.html", "{{ agent.name | e }}"),
+    ]
+    
+    for path, expected_snippet in templates_to_check:
+        with open(path, "r") as f:
+            content = f.read()
+            assert expected_snippet in content, f"XSS fix missing in {path}"
+
+def test_macaroon_serialization_v2():
+    """Test that the new serialization format includes the hmac_secret."""
+    mac = Macaroon(identifier="id", signature="sig", hmac_secret="secret")
+    serialized = mac.serialize()
+    
+    # Decode manually to check parts
+    raw = base64.urlsafe_b64decode(serialized.encode()).decode()
+    parts = raw.split(":")
+    assert len(parts) == 5
+    assert parts[2] == "id"
+    assert parts[3] == "sig"
+    assert parts[4] == "secret"
+    
+    # Test deserialization
+    restored = Macaroon.deserialize(serialized)
+    assert restored.hmac_secret == "secret"