Task Queue system:
- New /tasks page with three-column layout (Pending/Active/Completed)
- Full CRUD API at /api/tasks with approve/veto/modify/pause/cancel/retry
- SQLite persistence in task_queue table
- WebSocket live updates via ws_manager
- Create task modal with agent assignment and priority
- Auto-approve rules for low-risk tasks
- HTMX polling for real-time column updates
- HOME TASK buttons now link to task queue with agent pre-selected
- MARKET HIRE buttons link to task queue with agent pre-selected
Work Order system:
- External submission API for agents/users (POST /work-orders/submit)
- Risk scoring and configurable auto-execution thresholds
- Dashboard at /work-orders/queue with approve/reject/execute flow
- Integration with swarm task system for execution
UI & Dashboard bug fixes:
- EVENTS: add startup event so page is never empty
- LEDGER: fix empty filter params in URL
- MISSION CONTROL: LLM backend and model now read from /health
- MISSION CONTROL: agent count fallback to /swarm/agents
- SWARM: HTMX fallback loads initial data if WebSocket is slow
- MEMORY: add edit/delete buttons for personal facts
- UPGRADES: add empty state guidance with links
- BRIEFING: add regenerate button and POST /briefing/regenerate endpoint
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix swarm_live.html WebSocket URL from /swarm/ws to /swarm/live
(matching the actual endpoint in swarm_ws.py)
- Update handleMessage() to process individual swarm events
(agent_joined, task_posted, bid_submitted, task_assigned, etc.)
in addition to bulk state snapshots
- Add refreshStats() helper that fetches /swarm REST endpoint to
update stat counters after each event
- Add GET /swarm/live page route to render the swarm_live.html template
- Add SWARM and MOBILE navigation links to base.html header
(fixes UX-01: /mobile route not in desktop nav)
Replace all innerHTML string interpolation with safe DOM methods
(createElement, textContent, appendChild) to prevent script injection
from user chat messages and WebSocket agent data.
Fixes: XSS-01, XSS-02
- Add QUALITY_ANALYSIS.md — 10-point architect review covering
architecture coherence, completeness (~35-40% vs vision), mobile UX,
security, test coverage, code quality, and DX
- Fix P0 XSS: mobile.html chat input now uses DOM textContent instead
of innerHTML string interpolation with raw user input
- Fix P0 XSS: swarm_live.html agent/auction rendering rewritten with
safe DOM methods (_t/_el helpers) — no more ${agent.name} in innerHTML
- Add M7xx test category (4 new tests) covering XSS prevention assertions;
total suite now 232 passing (was 228)
- HITL session guide included in analysis with step-by-step phone test
instructions and critical scenario priority ordering
https://claude.ai/code/session_0183Nzcy7TMqjrAopnTtygds
