Void-Homelab/docs/superpowers/plans/2026-05-31-void-v2-plan2-api-and-shell.md

Void 2.0 — Plan 2: Core REST API + Void UI Shell

Goal: Expose all Plan 1 repos as a REST API and ship the Cradle-themed Void UI shell on top.

Architecture: Thin Express routes in lib/api/routes/ call the existing lib/db/repos/ (no raw SQL in routes). Shared zod-validate + error middleware. Static SPA in public/ consumed by the bearer-protected /api/*. Agent bearer auth composes with owner. FTS-only search; vector search is Plan 3. Capture endpoints + jobs surface are Plan 3+.

Tech stack: Express 5, zod 4 (already in deps), supertest 7, vanilla ES modules in browser, marked.js (CDN) for markdown render. No new server deps beyond marked if we choose to vendor it.

Out of scope (deferred):

• Vector/RRF search (needs embeddings — Plan 3)
• Capture endpoints (/api/capture/*) and /api/jobs (needs pg-boss — Plan 3)
• MCP server (Plan 5)
• Sacred Valley gridstack widgets (Plan 6) — ship a placeholder card
• E2E Playwright tests (Plan 8 sweep)

---

File structure

lib/api/
  index.js                      # registers routers onto app
  errors.js                     # NotFoundError, ValidationError, asyncWrap, errorMiddleware
  validate.js                   # validate({ body?, params?, query? }) using zod
  pagination.js                 # parsePagination(req) → { limit, offset }
  middleware/
    agent_auth.js               # bearer → agent actor; composes with ownerOnly
  routes/
    spaces.js
    projects.js
    tasks.js
    pages.js
    refs.js
    resources.js
    source_docs.js
    conversations.js
    messages.js
    agents.js
    tags.js
    links.js
    pending_changes.js
    audit.js
    search.js

public/
  index.html                    # SPA shell
  style.css                     # blackflame palette + three-column layout
  app.js                        # bootstrap, router, fetch wrapper (auth header)
  router.js                     # hash router
  api.js                        # typed-ish wrappers over fetch
  components/
    sidebar.js
    topbar.js
    rightrail.js
    markdown_editor.js
  views/
    space.js
    project.js
    page.js
    reference.js
    resource.js
    search.js
    inbox.js
    sacred_valley.js            # placeholder
    home.js                     # landing fallback
  vendor/
    marked.min.js               # vendored, no CDN at runtime

tests/api/
  helpers.js                    # createApp + auth headers + reset/migrate
  spaces.test.js
  projects.test.js
  tasks.test.js
  pages.test.js
  refs.test.js
  resources.test.js
  source_docs.test.js
  conversations.test.js
  messages.test.js
  agents.test.js
  tags.test.js
  links.test.js
  pending_changes.test.js
  audit.test.js
  search.test.js
  agent_auth.test.js
  validate.test.js
  errors.test.js

server.js shrinks: build app, mount static, mount /api router from lib/api/index.js. Drop the inline /api/spaces smoke route.

---

Conventions (apply to every route task)

1. TDD always. Write the failing supertest test first. Run it red. Then write the route. Run it green. Commit.
2. Route file shape:

   import { Router } from 'express';
   import * as repo from '../../db/repos/<name>.js';
   import { validate } from '../validate.js';
   import { asyncWrap } from '../errors.js';
   import { z } from 'zod';
   export const router = Router();
   

3. No raw SQL in routes — every data access is repo.fn(...).
4. Mutations pass req.actor to the repo.
5. Errors: throw new NotFoundError(...) / new ValidationError(...). The shared error middleware shapes them as {error:{code,message,details?}}. Use asyncWrap or rely on Express 5's native promise handling (already default in 5.2).
6. Pagination: all GET list endpoints accept ?limit=&offset= via parsePagination. Default limit=50, max 200.
7. Status codes: 201 for create, 200 for read/update, 204 for delete, 400 for validation errors, 401 for unauthenticated, 403 for capability deny, 404 not found, 409 for conflicts.
8. Test file shape: import tests/api/helpers.js's setup() which calls resetDb + migrateUp + returns { app, ownerHeaders }. Each test seeds the minimum it needs (e.g. one space) via repos, then hits the route.
9. Commit per task with message feat(api): <entity> routes or feat(ui): <view> etc.

---

Task list

Phase A — Plumbing

Task 1: Error + validation + pagination plumbing

Files: create lib/api/errors.js, lib/api/validate.js, lib/api/pagination.js, lib/api/index.js; create tests/api/helpers.js, tests/api/errors.test.js, tests/api/validate.test.js.

• errors.js: export classes NotFoundError, ValidationError, ConflictError, ForbiddenError each with .code and .status; export errorMiddleware(err, req, res, next) that maps known errors to {error:{code,message,details?}} with correct status, logs unknowns at 500.
• validate.js: validate({ body, params, query }) returns middleware that runs the relevant zod schemas, on parse failure throws ValidationError with zod's error.issues as details.
• pagination.js: parsePagination(req, { defaultLimit=50, max=200 }) → { limit, offset }, throws ValidationError if out of range.
• lib/api/index.js: exports mountApi(app) that mounts an /api router (initially empty) under ownerOnly. We'll register each route module here in later tasks.
• Update server.js to call mountApi(app) and remove the inline /api/spaces route. The existing server smoke test must keep passing — it should now route through the new spaces router (added in Task 2). Until then, expect that test to break — fix it in Task 2.

Tests: validate.test exercises happy + zod failure; errors.test exercises the middleware status mapping and JSON shape.

Commit: feat(api): error + validate + pagination plumbing.

Task 2: Spaces routes

Files: create lib/api/routes/spaces.js, tests/api/spaces.test.js. Register router in lib/api/index.js.

Endpoints:

• GET /api/spaces → repo.list()
• POST /api/spaces body {slug,name,description?,theme?} → repo.create(body, req.actor); 201
• GET /api/spaces/:id → repo.getById; 404 if missing
• GET /api/spaces/by-slug/:slug → repo.getBySlug; 404 if missing
• PATCH /api/spaces/:id partial body → repo.update
• DELETE /api/spaces/:id → repo.del; 204

Tests: list empty → []; create → 201 + record exists in DB; create with bad slug → 400 + zod details; get unknown id → 404; patch updates; delete then get → 404. Re-enable existing tests/server.test.js expectations (the [] smoke should now serve from this router).

Commit: feat(api): spaces routes.

Task 3: Projects routes

Files: lib/api/routes/projects.js, tests/api/projects.test.js.

Endpoints:

• GET /api/spaces/:space_id/projects?status= → repo.listBySpace
• POST /api/spaces/:space_id/projects body {slug,name,description?,status?,started_at?}
• GET /api/projects/:id
• PATCH /api/projects/:id
• DELETE /api/projects/:id

Tests: list filter by status; create rejects unknown space (FK error → map to 400 with code invalid_space); patch flips status to done (does not auto-set completed_at — that's a client/UI concern, mirroring repo behavior). Verify completed_at only changes when caller passes it.

Commit: feat(api): projects routes.

Task 4: Tasks routes

Files: lib/api/routes/tasks.js, tests/api/tasks.test.js.

Endpoints:

• GET /api/spaces/:space_id/tasks?status= → repo.listBySpace
• GET /api/projects/:project_id/tasks → repo.listByProject
• POST /api/spaces/:space_id/tasks body {project_id?,title,body?,priority?,due_at?,position?}
• GET /api/tasks/:id
• PATCH /api/tasks/:id
• DELETE /api/tasks/:id

Tests: create sibling task (no project_id); create child task (project_id present); listByProject ordered by position NULLS LAST, created_at; patch with status:'done' sets completed_at.

Commit: feat(api): tasks routes.

Task 5: Pages routes (+ revisions, backlinks)

Files: lib/api/routes/pages.js, tests/api/pages.test.js.

Endpoints:

• GET /api/spaces/:space_id/pages → repo.listBySpace
• POST /api/spaces/:space_id/pages body {slug,title,body_md?,parent_id?}
• GET /api/pages/:id
• GET /api/spaces/:space_id/pages/by-slug/:slug
• PATCH /api/pages/:id
• DELETE /api/pages/:id
• GET /api/pages/:id/revisions → repo.listRevisions
• GET /api/pages/:id/backlinks → links.listTo('page', id) joined with the source entity's title for display (route does the join via repos: read each from_type/from_id and resolve title)

Tests: create with body_md writes a revision; update body_md adds a revision; revisions ordered desc; backlinks returns rows when a entity_links row points at the page.

Commit: feat(api): pages routes.

Task 6: Refs routes

Files: lib/api/routes/refs.js, tests/api/refs.test.js.

Endpoints:

• GET /api/refs?space_id=&kind=&limit=&offset= → repo.list
• POST /api/refs body matches repo.create (all FIELDS whitelist)
• GET /api/refs/:id
• PATCH /api/refs/:id
• DELETE /api/refs/:id
• POST /api/refs/upsert body must include space_id+source_kind+external_id → repo.upsertByExternal

Tests: list with kind=url filter; upsert twice with same external_id returns the same row id with updated fields; pagination caps at 200.

Commit: feat(api): refs routes.

Task 7: Resources routes (+ deps)

Files: lib/api/routes/resources.js, tests/api/resources.test.js.

Endpoints:

• GET /api/spaces/:space_id/resources → repo.listBySpace
• POST /api/spaces/:space_id/resources body matches resource FIELDS
• GET /api/resources/:id
• PATCH /api/resources/:id
• DELETE /api/resources/:id
• POST /api/resources/:id/dependencies body {depends_on, kind?} → repo.addDependency; 400 on self-dep
• GET /api/resources/:id/dependencies → repo.listDependencies
• DELETE /api/resources/:id/dependencies/:dep_id → repo.removeDependency
• GET /api/resources/:id/source-docs → source_docs.listByResource
• GET /api/resources/:id/changes → audit.listForEntity('resource', id) — the resource change history is the audit log filtered to that resource

Tests: dependency create rejects self; cross-space dependency rejected by composite FK → mapped to 400 with cross_space code; listing dependencies returns the right rows; changes endpoint returns audit entries (create + each patch).

Commit: feat(api): resources routes.

Task 8: Source docs routes

Files: lib/api/routes/source_docs.js, tests/api/source_docs.test.js.

Endpoints:

• POST /api/resources/:resource_id/source-docs body matches source_docs FIELDS (minus resource_id, taken from URL)
• GET /api/source-docs/:id
• PATCH /api/source-docs/:id
• DELETE /api/source-docs/:id
• POST /api/source-docs/:id/resync — stub for now: returns 202 {queued:true, note:"workers land in Plan 3"}. Behind a feature flag check if (process.env.ENABLE_RESYNC === 'true') → 503 otherwise. Document in the route comment that this hooks into pg-boss in Plan 3.

Tests: create requires resource_id from URL; resync returns 202/503 based on env.

Commit: feat(api): source-docs routes.

Phase B — Agents + auth

Task 9: Agent bearer auth middleware

Files: create lib/api/middleware/agent_auth.js, tests/api/agent_auth.test.js. Modify lib/api/index.js.

agent_auth.js exports agentOrOwner(req, res, next):

1. Read Authorization: Bearer <token> (401 if absent).
2. If token equals OWNER_TOKEN → req.actor = { kind:'user', id:null }; next().
3. Else agents.verifyToken(token):
   • null → 401.
   • row → req.actor = { kind:'agent', id:row.id, capabilities:row.capabilities, scopes:row.scopes }; next().

lib/api/index.js: swap ownerOnly for agentOrOwner on the /api router. Owner tests continue to pass (same token path). New agent token tests pass.

Tests: missing header → 401; wrong token → 401; owner token → 200 + actor.kind='user'; valid agent token → 200 + actor.kind='agent'; revoked agent token → 401.

Commit: feat(api): agent bearer auth.

Task 10: Capability enforcement on mutating routes

Files: modify lib/auth/capability.js if needed; add helper lib/api/cap.js; add tests tests/api/capability_routes.test.js.

Add requireWrite(entity_type) middleware that calls canAct(req.actor, 'write', entity_type):

• allow → next().
• suggest → divert: write the operation into pending_changes instead of running it, return 202 {pending:true, change_id}. The handler still needs to know what payload to record. Strategy: middleware attaches a req.divertToPending(payloadFactory) helper the route calls just before invoking the repo. If req.actor.kind === 'agent' and tier is suggest, route does await pending_changes.create({agent_id, entity_type, entity_id, action, payload, reason}) and returns 202.
• deny → 403.

For Plan 2, apply to: POST/PATCH/DELETE on pages, refs, resources, source_docs, projects, tasks, tags, links. (Read endpoints stay open to any authed agent.) agents writes are owner-only regardless (a hard req.actor.kind === 'user' check, 403 otherwise).

Tests: agent at suggest tier POSTing a page → 202 + pending row exists; agent at allow tier POSTing a page → 201 + page row exists; agent at deny tier → 403; agent attempting POST /api/agents → 403.

Commit: feat(api): capability enforcement on writes.

Task 11: Agents routes

Files: lib/api/routes/agents.js, tests/api/agents.test.js.

All endpoints owner-only (see Task 10 rule). Endpoints:

• GET /api/agents → repo.list
• POST /api/agents body matches FIELDS → repo.create
• GET /api/agents/:id
• PATCH /api/agents/:id/capabilities body {capabilities, scopes} → repo.setCapabilities
• POST /api/agents/:id/tokens body {label?} → repo.createToken; response {id, token} (plaintext shown once — document in comment)
• DELETE /api/agent-tokens/:token_id → repo.revokeToken

Tests: token mint returns plaintext; mint then auth-as-agent works; revoke then auth fails.

Commit: feat(api): agents routes + token mgmt.

Phase C — Cross-cutting

Task 12: Conversations + messages routes

Files: lib/api/routes/conversations.js, lib/api/routes/messages.js, tests/api/conversations.test.js, tests/api/messages.test.js.

Conversations:

• GET /api/conversations?limit=&offset= → repo.list
• POST /api/conversations → repo.create
• GET /api/conversations/:id
• PATCH /api/conversations/:id/status body {status} → repo.setStatus
• PATCH /api/conversations/:id/summary body {summary} → repo.setSummary

Messages:

• GET /api/conversations/:conversation_id/messages?limit= → messages.listByConversation
• POST /api/conversations/:conversation_id/messages body {role,body,agent_id?,metadata?} → messages.append

Tests: append message, list returns it ordered; setSummary flips status to summarized.

Commit: feat(api): conversations + messages routes.

Task 13: Tags routes

Files: lib/api/routes/tags.js, tests/api/tags.test.js.

Endpoints:

• GET /api/tags → tags.list
• POST /api/tags body {name, description?, color?} → tags.upsert
• POST /api/<entity_type>/:entity_id/tags body {tag_id} → tags.attach; 204
• DELETE /api/<entity_type>/:entity_id/tags/:tag_id → tags.detach; 204
• GET /api/<entity_type>/:entity_id/tags → tags.listForEntity

Allow entity_type values: space|project|task|page|ref|resource|source_doc|conversation. Validate via zod enum.

Tests: upsert idempotent; attach idempotent on conflict; listForEntity returns tags sorted by name.

Commit: feat(api): tags routes.

Task 14: Entity links routes

Files: lib/api/routes/links.js, tests/api/links.test.js.

Endpoints:

• POST /api/links body {from_type,from_id,to_type,to_id,relation?} → links.create
• GET /api/links/from/:type/:id → links.listFrom
• GET /api/links/to/:type/:id → links.listTo
• DELETE /api/links/:id → links.remove

Tests: create twice with same tuple returns same row (ON CONFLICT path); list from/to.

Commit: feat(api): links routes.

Task 15: Pending-changes + audit routes

Files: lib/api/routes/pending_changes.js, lib/api/routes/audit.js, tests/api/pending_changes.test.js, tests/api/audit.test.js.

Pending changes (owner-only):

• GET /api/pending-changes?limit= → pending_changes.listPending
• POST /api/pending-changes/:id/approve → load row; dispatch by entity_type+action through the same repo (pages.create, refs.update, etc.) using req.actor (the approving user); mark row approved. Single dispatch helper applyPendingChange(row, actor) lives in lib/api/routes/pending_changes.js and uses a small switch table mapping entity_type → repo module.
• POST /api/pending-changes/:id/reject → mark rejected.

Audit (owner-only):

• GET /api/audit/entity/:type/:id?limit= → audit.listForEntity
• GET /api/audit/actor?actor_kind=&actor_id=&limit= → audit.listByActor

Tests: agent at suggest POSTs a page (from Task 10) → owner approves → page now exists, pending row is approved, audit log shows the create with actor_kind='user' (the approver). Reject test marks row rejected, no entity created.

Commit: feat(api): pending-changes + audit routes.

Phase D — Search

Task 16: FTS search endpoint

Files: create lib/db/repos/search.js, lib/api/routes/search.js, tests/repos/search.test.js, tests/api/search.test.js.

search.fts({q, space_id?, kinds?, limit, offset}) runs tsvector @@ plainto_tsquery against four sources unioned with a kind discriminator:

• pages — fts column already exists in migration 002 (fts_tsv); fall back to to_tsvector('english', title || ' ' || coalesce(body_md,'')) if not.
• refs — uses refs.fts_tsv from migration 002.
• source_docs — to_tsvector('english', name || ' ' || coalesce(body_text,'')).
• messages — uses messages.fts_tsv from migration 004.

Each branch returns {kind, id, space_id, title_or_snippet, rank}. Final SELECT orders by ts_rank desc and applies limit/offset. kinds filter restricts which branches run.

Endpoint:

• GET /api/search?q=&space_id=&kinds=page,ref&limit=&offset= → results grouped client-side; server returns flat array with kind discriminator.

Tests (repo): seed 1 page + 1 ref + 1 source_doc + 1 message containing the word "blackflame", search for "blackflame" returns 4 hits, kinds filter narrows correctly. Tests (api): 401 without auth, 200 with results.

Vector search and RRF are explicitly deferred to Plan 3 — add a TODO comment in search.js linking to the spec section.

Commit: feat(api): unified FTS search.

Phase E — Void UI shell

Task 17: Static serving + shell HTML/CSS + SPA bootstrap

Files: create public/index.html, public/style.css, public/app.js, public/router.js, public/api.js. Modify server.js to app.use(express.static('public')) BEFORE the /api mount and ABOVE the 404 catch-all.

index.html: three-column flex layout: <aside id="sidebar">, <main id="main">, <aside id="rightrail">. Header bar <header id="topbar">. Loads app.js as <script type="module">.

style.css: blackflame palette — copy variables from Void 1.x (/project/src/void/public/css/ if accessible) or define minimum:

:root {
  --bg: #0a0a0e;
  --panel: #14141c;
  --border: #2a2a36;
  --text: #e8e6ed;
  --muted: #888094;
  --accent: #ff4f2e;       /* blackflame */
  --accent-dim: #7a2716;
}

Three-column grid: grid-template-columns: 280px 1fr 360px. Right rail collapsible to 40px. Top bar 48px height. Use system font stack + Cinzel or Cormorant via Google Fonts link for headings (Cradle aesthetic). Document the choice with a comment.

router.js: hash-based router (#/space/:id, #/project/:id, #/page/:id, #/ref/:id, #/resource/:id, #/search?q=, #/inbox, #/sacred-valley, #/). Exports route(handler), navigate(hash), current().

api.js: thin fetch wrapper that reads owner token from localStorage.void_token. On 401, prompts for token via a modal. Methods: api.get, api.post, api.patch, api.del.

app.js: bootstrap — mount sidebar + topbar + rightrail, register all views via router (most as views/home.js stub initially), render current route.

Tests: smoke tests/server.test.js — GET / returns 200 + content-type text/html. (Don't deep-test the SPA here.)

Commit: feat(ui): static shell + router + api wrapper.

Task 18: Sidebar + topbar components

Files: public/components/sidebar.js, public/components/topbar.js, public/components/rightrail.js.

sidebar.js:

• Top section: Spaces tree — api.get('/api/spaces'), render as collapsible list. Each space header expands to show projects (api.get('/api/spaces/:id/projects') lazy on click). Drag-reorder deferred — render in static order for now.
• Bottom section: global links — Sacred Valley, Agents, Inbox (badge with pending count from api.get('/api/pending-changes') length), Resources (placeholder route), Search.

topbar.js:

• Universal capture button (placeholder: opens a modal that says "Capture lands in Plan 3" — proves the surface).
• Global search input (Enter → router.navigate('#/search?q=' + encoded)).
• Pending bell with count from same poll the sidebar uses (share state via a tiny public/state.js event bus).
• User/agent toggle (placeholder; owner-only for now).

rightrail.js: collapsible panel with a "Chat lands in Plan 5" placeholder + collapse toggle. Persist collapsed state in localStorage.void_rail_collapsed.

Tests: none — visual review only. Note this in the task block.

Commit: feat(ui): sidebar + topbar + rightrail components.

Task 19: Space view + Project view + Home

Files: public/views/space.js, public/views/project.js, public/views/home.js.

home.js: "Recent activity" — calls api.get('/api/audit/actor?limit=20') and renders entity-typed rows linking to their detail view.

space.js: header (name, description), three columns: Projects list, Recent tasks (api.get('/api/spaces/:id/tasks?status=todo')), Recent refs/pages. Each item is a hash-link.

project.js: header (name, status, started/completed), Tasks list with inline status toggle (PATCH on click), Pages list, Refs list, "Add task" inline form.

Tests: none (visual). After this task, manually verify: create a Space via curl, navigate UI, click through.

Commit: feat(ui): space + project + home views.

Task 20: Page editor + Reference detail

Files: public/views/page.js, public/views/reference.js, public/components/markdown_editor.js, public/vendor/marked.min.js (vendor from npm marked package).

markdown_editor.js: split pane — textarea on left, rendered preview on right via marked.parse(value). Save button calls api.patch('/api/pages/:id', {body_md}). Show last revision timestamp.

page.js: header (title, slug), markdown editor, attachments list (read-only for now), backlinks panel calling /api/pages/:id/backlinks.

reference.js: media block (image preview if kind=image, embed if kind=video, link if kind=url), AI summary block (ref.summary), metadata table, tag list with attach/detach controls, linked-from list (/api/links/to/ref/:id).

Tests: none (visual). Manually: create a page via API, edit + save in UI, confirm revision count increments via API.

Commit: feat(ui): page editor + reference detail.

Task 21: Resource detail + Inbox

Files: public/views/resource.js, public/views/inbox.js.

resource.js: status header with runtime_type/host/url/status badge, dependencies list (with add via a small inline form), Source Docs list, runbook pages list (entity_links of kind runbook), change history (/api/resources/:id/changes).

inbox.js: list of pending changes grouped by agent, each item shows entity type icon, action, reason, JSON diff (preformatted), Approve and Reject buttons that call the respective endpoints and re-fetch. On approve, navigate to the resulting entity if the response carries entity_id.

Tests: none (visual). Manually create a fake pending change via API and approve it through the UI.

Commit: feat(ui): resource + inbox views.

Task 22: Search + Sacred Valley placeholder + version bump + CHANGELOG

Files: public/views/search.js, public/views/sacred_valley.js, CHANGELOG.md, package.json, lib/db/migrate.js (if version constant lives elsewhere — check first).

search.js: reads ?q from hash, calls /api/search?q=..., renders results grouped by kind, sidebar filters for kinds and space_id. Empty state suggests typing.

sacred_valley.js: one placeholder card "Sacred Valley — widgets ported in Plan 6" with a screenshot of the Void 1.x dashboard linked. Keep the route registered so the sidebar link works.

Bump package.json version to 2.0.0-alpha.2; same in server.js VERSION constant.

Add CHANGELOG entry under ## [2.0.0-alpha.2] — 2026-MM-DD listing all 14 route groups, FTS search, UI shell, sidebar/topbar/rightrail, six views, agent bearer auth + capability dispatch on writes.

Tests: update tests/server.test.js version assertion to match. Re-run full suite — should still be green.

Commit: chore: version 2.0.0-alpha.2 + changelog.

---

Verification at end of plan

cd /project/src/void-v2
npm test                                    # all plan 1 tests + new api tests green
npm run migrate                             # no-op
OWNER_TOKEN=test npm start &
sleep 1
curl -s localhost:3000/health
curl -s -H "Authorization: Bearer test" localhost:3000/api/spaces
curl -s -H "Authorization: Bearer test" \
  -H "Content-Type: application/json" \
  -d '{"slug":"home","name":"Home"}' \
  localhost:3000/api/spaces                 # 201
# browser: http://localhost:3000/  → SPA loads, set token, see Home space
kill %1

Manual UI smoke (record outcome in docs/plan-2-complete.md):

1. Set token in modal → token persists in localStorage.
2. Create space "Home" via UI → space appears in sidebar.
3. Create project → appears in space view.
4. Create page → editor opens, edit + save → revision count increments via API check.
5. Navigate #/search?q=home → space title shows up.
6. Create pending-change via API → bell shows badge → approve via Inbox → entity created.

What's left after Plan 2

• Plan 3: capture pipeline (pg-boss, Karakeep webhook, URL/YouTube/PDF/image workers, embeddings)
• Plan 4: heavy ingest (Whisper, Tesseract, OCR) and void-workers Python service
• Plan 5: MCP server (stdio + HTTP/SSE) + Cradle agent runtime + right-rail chat
• Plan 6: Sacred Valley widgets ported into UI
• Plan 7: Void 1.x / BookStack / Karakeep / auto-memory migrations
• Plan 8: E2E Playwright + CI + tighten security follow-ups (drop SUPERUSER, fileParallelism revisit, polymorphic space_id question)