Plan: Revive HTTP API and Beam UI
Goal
Restore the OSS HTTP layer and Beam UI that currently live in
/home/naro/src/github.com/contenox/enterprise/oss-backup2, without regressing
the current runtime CLI, engine, ACP, reasoning, HITL, or model-provider work.
The migration source is oss-backup2, not the old pre-trim OSS commit. The
backup is closer to the current architecture: it already has contenox serve,
ACP dual mode, Beam SPA serving, auth, file/VFS-style endpoints, HITL approvals,
terminal sessions, provider setup, task events, MCP lifecycle, and chat routes.
Current divergence snapshot
Checked against current OSS runtime:
- Current module path:
github.com/contenox/runtime - Backup module path:
github.com/contenox/contenox - Current Go package count: 56
- Backup Go package count: 81, excluding
node_modules - Filtered source comparison, excluding
.git,node_modules,dist,bin, andtmp:- 261 common files
- 181 current-only files
- 561 backup-only files
- 193 common files differ
- Backup UI source count: 371 files under
packages/beamandpackages/ui, excludingnode_modulesanddist - Backup route registrations: about 99
net/httproute registrations
Current OSS removed these HTTP/UI pieces:
apiframeworkruntime/serverapiruntime/internal/*apiruntime/internal/authruntime/internal/vaultruntime/internal/webruntime/providerserviceruntime/taskchainserviceruntime/terminalserviceruntime/terminalstoreruntime/vfsserviceruntime/vfsstorepackages/beampackages/uiapitests- OpenAPI generator/docs assets
Current OSS has also moved ahead in core runtime APIs:
hitlservicenow usesPolicySource, notvfsservice.Serviceenginesvc.Confighas tenant/policy fields and liveSetupStatusruntime/internal/modelrepo,runtime/internal/llmrepo,runtime/internal/ollamatokenizer, andruntime/internal/runtimestatemoved to public runtime packagescontenoxcli.BuildEngineno longer takes a VFS argument- CLI has newer
setup,cache,acpx, model capability, reasoning, and thinking support that must not be overwritten
Migration rules
- Port, do not bulk overwrite current runtime code.
- Rewrite imports from
github.com/contenox/contenoxtogithub.com/contenox/runtime. - Restore generated or dependency-heavy assets only when the phase needs them.
Do not restore
node_modules. - Keep every phase buildable before starting the next phase.
- Prefer additive packages until the HTTP surface compiles; avoid changing core engine behavior unless a restored route cannot work otherwise.
- Keep
oss-backup2read-only. It is the reference snapshot. - Treat OSS
serveas a trusted local server / local LLM gateway by default: no backup vault, no multi-user account stack, and no VFS abstraction unless a later product requirement makes one necessary.
Execution status
- Phase 0 complete: baseline and restore manifest created.
- Phase 1 complete:
apiframeworkplus health/version server foundation restored;go test ./...passed. - Phase 2 complete:
contenox serveskeleton restored with CORS/request-id, root health/version, and CLI command registration;go test ./...and live health/version smoke passed. - Phase 3 complete: core API route packages restored under
/api, wired to the current SQLite DB, bus, runtime state, tools provider, MCP worker lifecycle, setup status, and embedded OpenAPI placeholder. - Phase 4 complete: local token gating and provider setup API restored without backup vault/account dependencies.
- Phase 5 complete: local filesystem, taskchain, and HITL policy APIs restored
without VFS;
go test ./...and live local smoke passed. - Phase 6 complete: HTTP chat, request-scoped task-event SSE, and approval response API restored against current agent/chat/HITL services.
- Phase 7 complete: terminal session metadata store, PTY service, websocket
bridge, route mounting, local
servedefault enablement, and idle reaper lifecycle restored for the local HTTP server. - Phase 8 skipped by product decision:
serveremains a local HTTP/UI server, not a dual HTTP + ACP stdio mode. Existingcontenox acpandcontenox acpxcommands remain the ACP entry points. - Phase 9 complete: Beam and
@contenox/uisource restored, adapted to the current local HTTP API, built into an embedded SPA, and mounted bycontenox serveat/. - Phase 9.1 complete: setup readiness now uses one shared runtime state between
engine, doctor-equivalent checks, and HTTP; Beam refresh runs a real backend
reconciliation; terminal routes and the
local_shelltool are enabled by default on loopbackserve. - Phase 10 complete: API smoke tests restored selectively under
apitests, wired tomake test-api, and run against an isolated temporary HOME/workspace/DB with no real provider credentials required by default.
Phase 0: Baseline and restore map
Work
- Capture current git status and leave unrelated user changes alone.
- Create a restore manifest listing every backup package/file to be copied or adapted.
- Classify each backup package into one of:
- direct restore with import rewrite
- restore with current-runtime API adaptation
- defer until UI phase
- obsolete because current runtime replaced it
- Decide exact endpoint groups for the first HTTP milestone.
Validation checkpoints
git status --shortshows only expected documentation or migration work.go list ./...still succeeds before code changes.- Restore manifest identifies the owner phase for all of these backup paths:
apiframeworkruntime/serverapiruntime/internal/*apiruntime/providerserviceruntime/taskchainserviceruntime/terminalserviceruntime/vfsserviceruntime/internal/webpackages/beampackages/ui
- No source files are copied during this phase.
Phase 1: HTTP foundation, no product routes
Work
- Restore
apiframeworkwith the module import rewrite. - Restore
runtime/serverapionly enough to expose:GET /healthGET /version- a not-found root handler for API muxes
- Use
runtime/versionfor version data. Do not resurrectapiframework/version.goas a second version source. - Add a small
serverapi.ConfigandLoadConfigcompatible with the backupservecommand, but keep unused fields harmless. - Add minimal unit tests for health/version handlers.
Validation checkpoints
go test ./apiframework ./runtime/serverapigo test ./...- A local
httptestverifies:GET /healthreturns success JSONGET /versionincludes runtime version, node id, and tenancy- unknown API root returns the framework not-found error shape
- No CLI command is registered yet.
Phase 2: contenox serve skeleton
Work
- Port
runtime/contenoxcli/serve_cmd.goas a skeleton. - Register
servein currentrootCmdwithout dropping newer commands:setup,cache,acpx, model capability, reasoning, and current ACP logic must stay intact. - Add
servetoreservedSubcommands. - Start only a plain HTTP mux with health/version and CORS/request-id middleware.
- Bind
127.0.0.1:32123by default, withADDRandPORToverrides. - Defer auth, API route groups, ACP dual mode, and UI serving to later phases.
Validation checkpoints
go test ./runtime/contenoxcli ./runtime/serverapi ./apiframeworkgo test ./...go run ./cmd/contenox servestarts and prints the listening URL.curl http://127.0.0.1:32123/healthsucceeds.contenox --helpincludesserve.- Existing default command injection still works:
contenox --helpshows root helpcontenox chat --helpworkscontenox run --helpworks- arbitrary prompt input still maps to
run
Phase 3: Core API route groups
Work
Restore route packages that mostly target current existing services:
runtime/internal/backendapiruntime/internal/modelregistryapiruntime/internal/setupapiruntime/internal/toolsapiruntime/internal/mcpserverapiruntime/internal/taskeventsapiruntime/internal/openapidocs
Adapt imports and service references:
- Use current
runtime/runtimestate, not backupruntime/internal/runtimestate. - Use current
runtime/modelrepo,runtime/llmrepo, andruntime/ollamatokenizerpackage locations where needed. - Keep current
tools.NewPersistentReposignature with tracker support. - Keep current
stateservice.New(state, db, workspaceID)signature.
Wire these groups into serverapi.New, behind /api in serve.
Validation checkpoints
go test ./runtime/internal/backendapi ./runtime/internal/modelregistryapi ./runtime/internal/setupapi ./runtime/internal/toolsapi ./runtime/internal/mcpserverapi ./runtime/internal/taskeventsapigo test ./runtime/serverapi ./runtime/contenoxcligo test ./...contenox serveexposes, at minimum:GET /api/stateGET /api/modelsGET /api/model-registryGET /api/tools/localGET /api/mcp-serversGET /api/setup-statusGET /api/openapi.json
- API responses use current runtime state and do not panic on an empty database.
Validation results
Completed in Phase 3:
go test ./runtime/internal/backendapi ./runtime/internal/modelregistryapi ./runtime/internal/setupapi ./runtime/internal/toolsapi ./runtime/internal/mcpserverapi ./runtime/internal/taskeventsapigo test ./runtime/serverapi ./runtime/contenoxcligo test ./...- Built
/tmp/contenox-phase3-smokefrom./cmd/contenox. - Live smoke on an isolated data directory verified:
GET /healthGET /versionGET /api/stateGET /api/modelsGET /api/model-registryGET /api/tools/localGET /api/mcp-serversGET /api/setup-statusGET /api/openapi.json
Phase 4: Local security and provider setup
Work
- Treat
contenox serveas a trusted local process by default. The primary safety boundary is loopback binding (127.0.0.1) plus explicit user intent when changingADDR. - Do not restore
runtime/internal/vaultin this phase. - Do not restore the backup multi-user account/JWT setup by default. Revisit only if Beam needs browser-session state beyond what local development needs.
- Add an optional local API token gate:
- no token required when
ADDRis loopback andTOKENis unset - if
TOKENis set, require bearer auth for mutating/apiroutes - if
ADDRis non-loopback, requireTOKENor fail startup - health/version stay unauthenticated
- no token required when
- Restore/adapt provider setup routes only where they improve the local setup UX.
- Provider setup must use current runtime concepts:
- current backend/model schema
- current CLI config keys
api-key-envreferences as the preferred secret path- existing backend records for local persistence when the user explicitly enters a literal key
- If durable encrypted secret storage becomes necessary later, design a small local secret-store phase separately. Do not pull in the backup vault as a prerequisite for the local gateway.
Validation checkpoints
go test ./runtime/internal/providerapi ./runtime/providerservicego test ./runtime/serverapi ./runtime/contenoxcligo test ./...- Fresh local DB flow:
GET /api/setup-status- provider configure/status/list endpoints round trip against current backend and CLI config records
- configured provider appears in
GET /api/backendsor equivalent current setup surface
- Loopback behavior:
- no token required by default for local read routes
TOKENset causes protected/apicalls without bearer auth to return401- non-loopback
ADDRwithoutTOKENfails startup with a clear error
- Health/version remain reachable without auth.
- Provider configure/delete round trips do not corrupt existing CLI backend records.
Validation results
Completed in Phase 4:
go test ./runtime/providerservice ./runtime/internal/providerapi ./runtime/serverapi ./runtime/contenoxcligo test ./...- Built
/tmp/contenox-phase4-smokefrom./cmd/contenox. - Startup guard verified:
ADDR=0.0.0.0withoutTOKENfails before listening.
- Live smoke on an isolated data directory with
TOKEN=secretverified:- unauthenticated
GET /api/providers/openai/statussucceeds - unauthenticated
POST /api/providers/ollama/configurereturns401 - authenticated
POST /api/providers/ollama/configuresucceeds GET /api/providers/configsshows configured OllamaGET /api/backendsshows the configured backendGET /api/openapi.jsonincludes provider paths
- unauthenticated
Phase 5: Local file, taskchain, and HITL policy APIs
Work
- Add
runtime/localfileserviceas a direct local filesystem service rooted at the workspace directory. It must reject absolute paths, traversal, NUL bytes, and symlink escapes. - Add
runtime/taskchainservicebacked bylocalfileservice, rooted at the workspace.contenoxdirectory. - Restore/adapt these route packages:
runtime/internal/localfileapiruntime/internal/taskchainapiruntime/internal/hitlpolicyapi
- Keep HITL policy core behavior on the current
hitlservice.PolicySource. The HTTP route only reads and writes policy JSON files under.contenox. - Wire
contenox serveso project file routes point at the workspace root and taskchain/policy routes point at.contenox. - Do not restore
runtime/vfsservice,runtime/vfsstore, orruntime/internal/vfsapifor the local-only OSS server.
Validation checkpoints
go test ./runtime/localfileservice ./runtime/taskchainservice ./runtime/internal/localfileapi ./runtime/internal/taskchainapi ./runtime/internal/hitlpolicyapi ./runtime/serverapi ./runtime/contenoxcligo test ./...- File API smoke:
- create folder
- upload/create file
- list files
- get metadata
- update file
- rename/move file
- download file
- delete file
- Taskchain API smoke:
- list taskchains from
.contenox - create a chain
- update it
- fetch it
- delete it
- list taskchains from
- HITL policy API smoke:
- list policies
- create/update/get/delete a policy
- CLI HITL behavior remains unchanged for
contenox runandcontenox chat.
Validation results
go test ./runtime/localfileservice ./runtime/taskchainservice ./runtime/internal/localfileapi ./runtime/internal/taskchainapi ./runtime/internal/hitlpolicyapi ./runtime/serverapi ./runtime/contenoxcligo test ./...- Built
/tmp/contenox-phase5-smokefrom./cmd/contenox. - Live smoke on an isolated workspace with
TOKEN=secretverified:- create folder, create file, list directory, get metadata, update content, move file, download file, delete file, and delete folder
- unauthenticated mutating file request returns
401 - create/update/list/fetch/delete taskchain from
.contenox - create/update/list/fetch/delete HITL policy from
.contenox GET /api/openapi.jsonincludes file, taskchain, and HITL policy paths
Phase 6: Chat, approvals, and task-event streaming
Work
- Restore
runtime/internal/internalchatapi. - Restore
runtime/internal/approvalapi. - Wire HTTP chat through current
agentservice,chatservice.Manager, andenginesvc.Build. - Use current
hitlservice.New/NewWithDefaultPolicywith filesystem-backedPolicySource. - Ensure HTTP chat can run with:
- default model/provider from CLI config
- default chain ref from
.contenox - task events published through the same bus as CLI runs
- Ensure approval events can be answered through
/api/approvals/{approvalId}.
Validation checkpoints
go test ./runtime/internal/internalchatapi ./runtime/internal/approvalapi ./runtime/chatservice ./runtime/agentservicego test ./runtime/taskengine ./runtime/hitlservicego test ./...- With a fake/mock provider or existing local backend:
- create chat session
- send message
- read chat history
- stream task events
- trigger a HITL approval
- approve/deny via API
- observe the task continue or fail as expected
- Existing CLI chat/session tests still pass.
Validation results
go test ./runtime/internal/internalchatapi ./runtime/internal/approvalapi ./runtime/chatservice ./runtime/agentservice ./runtime/taskengine ./runtime/hitlservice ./runtime/serverapi ./runtime/contenoxcli- New route tests cover:
- create/list chat sessions
- send a chat request through a fake agent and chain service
- read persisted chat history from SQLite
- resolve a real pending
hitlserviceapproval throughPOST /approvals/{approvalId}
- Built
/tmp/contenox-phase6-smokefrom./cmd/contenox. - Live smoke on an isolated workspace with
TOKEN=secretand a no-op.contenox/default-chain.jsonverified:POST /api/chatscreates a sessionGET /api/chatslists the sessionPOST /api/chats/{id}/chatexecutes the default chain without provider credentialsGET /api/chats/{id}returns persisted historyGET /api/task-events?requestId=...streams request-scoped chain/step events when the chat request uses the sameX-Request-IDPOST /api/approvals/not-therereturns404- unauthenticated mutating chat request returns
401 GET /api/openapi.jsonincludes chat, approval, and task-event paths
Phase 7: Terminal service and websocket route
Work
- Restore
runtime/terminalstore. - Restore
runtime/terminalservice. - Restore
runtime/internal/terminalapi. - Enable terminal routes by default for local
serve. - Keep
TERMINAL_ENABLED=falseas the explicit opt-out. - Require terminal tokens only when
serveitself is token-protected; non-loopback binds still fail startup withoutTOKEN. - Default
TERMINAL_ALLOWED_ROOTto the workspace root when terminal is enabled fromserve. - Preserve cross-platform files:
- Unix create/attach/resize
- Windows create/attach/resize
- Re-enable idle reaping loop only when terminal is enabled.
Validation checkpoints
go test ./runtime/terminalstore ./runtime/terminalservice ./runtime/internal/terminalapigo test ./...- Default
contenox serveon loopback:- terminal routes are registered
- idle reaper loop runs
TERMINAL_ENABLED=false contenox serve:- terminal routes are not registered
- no idle reaper loop runs
TERMINAL_ALLOWED_ROOT=$(pwd) contenox serve:- create session
- attach websocket
- send input
- resize
- delete/close session
- Attempting to start a terminal outside allowed root is rejected.
Validation results
go test ./runtime/terminalstore ./runtime/terminalservice ./runtime/internal/terminalapi ./runtime/serverapi ./runtime/contenoxcligo test ./...- Built
/tmp/contenox-phase7-smokefrom./cmd/contenox. - Live smoke on an isolated workspace with
TOKEN=secretverified:POST /api/terminal/sessionscreates a PTY-backed shell session.GET /api/terminal/sessionslists the active session.GET /api/terminal/sessions/{id}returns metadata.PATCH /api/terminal/sessions/{id}updates persisted geometry and resizes the local PTY.GET /api/terminal/sessions/{id}/wsattaches to the shell; sending a command over websocket returned the expected marker output.- Websocket attach accepts
?token=..., which browser clients can supply whenTOKENis configured. DELETE /api/terminal/sessions/{id}closes the session.- Attempting to create a session with
cwdoutside the workspace root returns400. - Unauthenticated terminal requests return
401whenTOKENis set. - Non-loopback
ADDRwithoutTOKENfails startup before listening. GET /api/openapi.jsonincludes terminal paths and versionphase-7.
- Live smoke with terminal disabled verified:
GET /api/terminal/sessionsreturns404.
Phase 8: ACP dual mode in serve (skipped)
Work
- Do not port backup
serve --acpbehavior. - Keep current ACP command behavior intact; do not copy older ACP code over it.
- Keep
servefocused on local HTTP API and, later, the local UI. - Treat Beam/UI as a browser client of the local HTTP server, not as an ACP dual-mode desktop launch path.
Validation checkpoints
go test ./runtime/acpsvc ./runtime/contenoxcli ./runtime/serverapigo test ./...- Existing
contenox acpandcontenox acpxtests still pass. contenox serve --helpdoes not advertise--acp.- No new ACP stdio lifecycle is added to
serve.
Phase 9: Beam and UI package restore
Work
- Restore
packages/uisource and package manifests. - Restore
packages/beamsource and package manifests. - Do not restore
node_modules. - Do not restore stale
distas source of truth. - Use the HTTP-first strategy: Beam is a same-origin browser client of
contenox serve; no ACP dual mode and no backup account/vault login stack. - Update frontend API base paths and payloads to match current
/apiroutes: path-based local files, local identity, optional local token storage, current terminal websocket paths, currentexecute_config.tools/tools_policies, and current task handlers. - Add the missing
POST /api/tasksroute for UI prompt execution, backed by the currentagentservice.Promptpath. - Keep current product names and route labels consistent with current CLI concepts: chains, sessions, models, providers, tools, MCP, HITL, setup.
- Rebuild Beam with current API contracts.
- Restore
runtime/internal/webembed/SPA handler after a realdistexists and mount it after/api/inserveso API routes keep priority. - Add Makefile targets for:
- install UI deps
- build UI
- embed/verify UI
Validation checkpoints
npm ciinpackages/uinpm ciinpackages/beamnpm testwhere package scripts existnpm run buildinpackages/uinpm run buildinpackages/beamgo test ./runtime/internal/web ./runtime/contenoxcli ./runtime/serverapigo test ./...contenox serveloads the SPA at/.- Direct SPA navigation works, for example
/chatsor current Beam route equivalent. /api/*requests are never swallowed by the SPA fallback.- Browser smoke:
- login/setup screen renders
- backends/providers screen loads
- chat screen loads
- files/taskchains screen loads
- terminal panel hides or disables itself when terminal is disabled
Validation results
npm ciinpackages/uinpm run buildinpackages/uinpm ciinpackages/beamnpm run buildinpackages/beamnpm testinpackages/beammake verify-ui-embedgo test ./runtime/internal/taskexecapi ./runtime/internal/web ./runtime/serverapi ./runtime/contenoxcligo test ./...go build -o /tmp/contenox-phase9-smoke ./cmd/contenox- Beam production build emitted
runtime/internal/web/beam/distwith 25 files. runtime/internal/webunit test verifies/and deep-link SPA fallback.- Focused Go tests verify the restored
/tasksroute and server route wiring. - Live smoke on an isolated workspace verified:
GET /returns the embedded Beam HTML shell.GET /chat/smokefalls back to the Beam HTML shell.GET /api/healthreturns API JSON, not the SPA fallback.
- Generated dependency directories (
packages/*/node_modules,packages/ui/dist) were removed after validation.
Phase 9.1: Unified setup status and local shell default
Work
- Remove the second runtime-state instance from
contenox serve. - Make
enginesvc.Buildown or accept the runtime state and expose the state it actually reconciles. - Wire HTTP route dependencies to
engine.State, so/api/setup-status,/api/state,/api/models, and setup readiness observe the same backend cycle that the engine/doctor path uses. - Add
POST /api/setup/refreshto run one backend reconciliation cycle and return the updated setup readiness result. - Update Beam onboarding Refresh to call
/api/setup/refreshinstead of only invalidating a stale client cache. - Update Beam setup copy so it describes explicit refresh, not an automatic 10-second background scan.
- Enable terminal routes by default for local loopback
serve; keepTERMINAL_ENABLED=falseas the opt-out. - Enable the
local_shelltool by default forserve; keep--shell=falseas the opt-out.
Validation checkpoints
go test ./runtime/enginesvc ./runtime/stateservice ./runtime/internal/setupapi ./runtime/serverapi ./runtime/contenoxcligo test ./...npm testinpackages/beamnpm run buildinpackages/beam- Live local smoke:
GET /api/setup-statusreads the engine-owned runtime state.POST /api/setup/refreshruns a backend cycle and returns setup status.- Beam health Refresh updates the setup status cache from the refresh response.
- Default
contenox serveexposes/api/terminal/sessionson loopback. - Default
contenox serveregisters thelocal_shelltool. TERMINAL_ENABLED=false contenox servehides terminal routes.contenox serve --shell=falsedoes not register thelocal_shelltool.- Non-loopback
ADDRwithoutTOKENstill fails startup.
Validation results
go test ./runtime/enginesvc ./runtime/stateservice ./runtime/internal/setupapi ./runtime/serverapi ./runtime/contenoxclinpm ciinpackages/uinpm run buildinpackages/uinpm ciinpackages/beamnpm testinpackages/beamnpm run buildinpackages/beammake verify-ui-embedgo test ./...- Built
/tmp/contenox-phase9_1-smokefrom./cmd/contenox. - Live smoke on the existing configured local runtime verified:
GET /api/setup-statusreturns the same configured defaults and backend health shape ascontenox doctor: 6 registered backends, 5 reachable, and the invalid OpenAI key reported as the single backend error.POST /api/setup/refreshruns a backend reconciliation and returns the same updated setup status.- Default loopback
contenox serveexposesGET /api/terminal/sessionswithout requiringTOKEN. - Default
contenox serveregisterslocal_shellinGET /api/tools/local. TERMINAL_ENABLED=false contenox servereturns404for terminal routes.contenox serve --shell=falseomitslocal_shellfromGET /api/tools/local.ADDR=0.0.0.0withoutTOKENfails startup before listening.
- Generated dependency directories (
packages/*/node_modules,packages/ui/dist) were removed after validation.
Phase 10: API tests and OpenAPI contract
Work
- Restore
apitestsselectively. Do not restore obsolete tests for APIs that are intentionally deferred or removed. - Restore
tools/openapi-genonly if the OpenAPI generation path is still useful for the current API. Otherwise, preserve embeddedopenapi.jsonas a generated artifact with an explicit regeneration command. - Add tests for current behavior that the backup did not know about:
- reasoning/thinking model fields where exposed
- tenant/workspace ID behavior
- current HITL policy source behavior
- current setup readiness behavior
- Make API tests run against
contenox servewith an isolated temporary HOME, workspace, and DB.
Validation checkpoints
go test ./...make test-api- OpenAPI document includes every registered route group.
- OpenAPI smoke:
/api/openapi.jsonis valid JSON/api/docsserves documentation UI- route count in generated/openapi docs is close to actual registered route count, with documented exclusions only
- API tests must not require real OpenAI/Gemini/Ollama credentials.
Phase 11: End-to-end release readiness
Work
- Run full Go, API, and UI suites.
- Run manual
servesmoke on a clean workspace. - Validate build/release packaging does not accidentally ship
node_modules. - Validate binary size impact from embedded Beam.
- Update user docs for
contenox serve, auth/setup, and local UI. - Decide whether
serveis advertised as stable, preview, or hidden.
Validation checkpoints
go test ./...make test-apinpm run buildfor UI packagesgo build ./cmd/contenox- Clean workspace smoke:
contenox initcontenox serve- open UI
- configure optional local token if serving beyond loopback
- configure provider or local backend
- pass setup readiness
- send chat
- observe task events
- edit/list files
- edit/list taskchains
git status --shortcontains only intended source, docs, and generated assets.
Suggested branch strategy
Use small branches that align with the phases:
http-foundationserve-skeletonapi-core-routesapi-auth-providerapi-local-files-taskchainsapi-chat-hitl-eventsapi-terminalserve-acp-dualbeam-ui-restoreapi-contract-tests
Each branch should be mergeable on its own and should leave go test ./...
green unless the branch is explicitly UI-only and documents why Go is unchanged.
First implementation target
The first concrete milestone is intentionally small:
contenox serve
GET /health
GET /version
GET /api/health or equivalent mux health check
go test ./...
After this works, add route groups one at a time. This keeps the migration from turning into a single unreviewable copy of the backup tree.