git list refactor

fix(dashboards): lazy-load git status for visible rows
причесываем лог
2026-03-01 12:13:19 +03:00 · 2026-02-28 11:21:37 +03:00 · 2026-02-28 10:47:19 +03:00 · 2026-02-28 10:46:47 +03:00 · 2026-02-28 10:04:56 +03:00 · 2026-02-28 00:04:55 +03:00
376 changed files with 212054 additions and 68339 deletions
--- a/.agent/rules/specify-rules.md
+++ b/.agent/rules/specify-rules.md
@@ -0,0 +1,35 @@
+# ss-tools Development Guidelines
+
+Auto-generated from all feature plans. Last updated: 2026-02-25
+
+## Knowledge Graph (GRACE)
+**CRITICAL**: This project uses a GRACE Knowledge Graph for context. Always load the root map first:
+- **Root Map**: `.ai/ROOT.md` -> `[DEF:Project_Knowledge_Map:Root]`
+- **Project Map**: `.ai/PROJECT_MAP.md` -> `[DEF:Project_Map]`
+- **Standards**: Read `.ai/standards/` for architecture and style rules.
+
+## Active Technologies
+
+- (022-sync-id-cross-filters)
+
+## Project Structure
+
+```text
+src/
+tests/
+```
+
+## Commands
+
+# Add commands for 
+
+## Code Style
+
+: Follow standard conventions
+
+## Recent Changes
+
+- 022-sync-id-cross-filters: Added
+
+<!-- MANUAL ADDITIONS START -->
+<!-- MANUAL ADDITIONS END -->
--- a/.agent/workflows/audit-test.md
+++ b/.agent/workflows/audit-test.md
@@ -0,0 +1,103 @@
+---
+description: Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+---
+
+**ROLE:** Elite Quality Assurance Architect and Red Teamer.
+**OBJECTIVE:** Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+
+**INPUT:**
+1. SOURCE CODE (with GRACE-Poly `[DEF]` Contract: `@PRE`, `@POST`, `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`).
+2. GENERATED TEST CODE.
+
+### I. CRITICAL ANTI-PATTERNS (REJECT IMMEDIATELY IF FOUND):
+
+1. **The Tautology (Self-Fulfilling Prophecy):**
+   - *Definition:* The test asserts hardcoded values against hardcoded values without executing the core business logic, or mocks the actual function being tested.
+   - *Example of Failure:* `assert 2 + 2 == 4` or mocking the class under test so that it returns exactly what the test asserts.
+
+2. **The Logic Mirror (Echoing):**
+   - *Definition:* The test re-implements the exact same algorithmic logic found in the source code to calculate the `expected_result`. If the original logic is flawed, the test will falsely pass.
+   - *Rule:* Tests must assert against **static, predefined outcomes** (from `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT` or explicit constants), NOT dynamically calculated outcomes using the same logic as the source.
+
+3. **The "Happy Path" Illusion:**
+   - *Definition:* The test suite only checks successful executions but ignores the `@PRE` conditions (Negative Testing).
+   - *Rule:* Every `@PRE` tag in the source contract MUST have a corresponding test that deliberately violates it and asserts the correct Exception/Error state.
+
+4. **Missing Post-Condition Verification:**
+   - *Definition:* The test calls the function but only checks the return value, ignoring `@SIDE_EFFECT` or `@POST` state changes (e.g., failing to verify that a DB call was made or a Store was updated).
+
+5. **Missing Edge Case Coverage:**
+   - *Definition:* The test suite ignores `@TEST_EDGE` scenarios defined in the contract.
+   - *Rule:* Every `@TEST_EDGE` in the source contract MUST have a corresponding test case.
+
+6. **Missing Invariant Verification:**
+   - *Definition:* The test suite does not verify `@TEST_INVARIANT` conditions.
+   - *Rule:* Every `@TEST_INVARIANT` MUST be verified by at least one test that attempts to break it.
+
+7. **Missing UX State Testing (Svelte Components):**
+   - *Definition:* For Svelte components with `@UX_STATE`, the test suite does not verify state transitions.
+   - *Rule:* Every `@UX_STATE` transition MUST have a test verifying the visual/behavioral change.
+   - *Check:* `@UX_FEEDBACK` mechanisms (toast, shake, color) must be tested.
+   - *Check:* `@UX_RECOVERY` mechanisms (retry, clear input) must be tested.
+
+### II. SEMANTIC PROTOCOL COMPLIANCE
+
+Verify the test file follows GRACE-Poly semantics:
+
+1. **Anchor Integrity:**
+   - Test file MUST start with `[DEF:__tests__/test_name:Module]`
+   - Test file MUST end with `[/DEF:__tests__/test_name:Module]`
+
+2. **Required Tags:**
+   - `@RELATION: VERIFIES -> <path_to_source>` must be present
+   - `@PURPOSE:` must describe what is being tested
+
+3. **TIER Alignment:**
+   - If source is `@TIER: CRITICAL`, test MUST cover all `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`
+   - If source is `@TIER: STANDARD`, test MUST cover `@PRE` and `@POST`
+   - If source is `@TIER: TRIVIAL`, basic smoke test is acceptable
+
+### III. AUDIT CHECKLIST
+
+Evaluate the test code against these criteria:
+1. **Target Invocation:** Does the test actually import and call the function/component declared in the `@RELATION: VERIFIES` tag?
+2. **Contract Alignment:** Does the test suite cover 100% of the `@PRE` (negative tests) and `@POST` (assertions) conditions from the source contract?
+3. **Test Contract Compliance:** Does the test follow the interface defined in `@TEST_CONTRACT`?
+4. **Data Usage:** Does the test use the exact scenarios defined in `@TEST_FIXTURE`?
+5. **Edge Coverage:** Are all `@TEST_EDGE` scenarios tested?
+6. **Invariant Coverage:** Are all `@TEST_INVARIANT` conditions verified?
+7. **UX Coverage (if applicable):** Are all `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY` tested?
+8. **Mocking Sanity:** Are external dependencies mocked correctly WITHOUT mocking the system under test itself?
+9. **Semantic Anchor:** Does the test file have proper `[DEF]` and `[/DEF]` anchors?
+
+### IV. OUTPUT FORMAT
+
+You MUST respond strictly in the following JSON format. Do not add markdown blocks outside the JSON.
+
+{
+  "verdict": "APPROVED" | "REJECTED",
+  "rejection_reason": "TAUTOLOGY" | "LOGIC_MIRROR" | "WEAK_CONTRACT_COVERAGE" | "OVER_MOCKED" | "MISSING_EDGES" | "MISSING_INVARIANTS" | "MISSING_UX_TESTS" | "SEMANTIC_VIOLATION" | "NONE",
+  "audit_details": {
+    "target_invoked": true/false,
+    "pre_conditions_tested": true/false,
+    "post_conditions_tested": true/false,
+    "test_fixture_used": true/false,
+    "edges_covered": true/false,
+    "invariants_verified": true/false,
+    "ux_states_tested": true/false,
+    "semantic_anchors_present": true/false
+  },
+  "coverage_summary": {
+    "total_edges": number,
+    "edges_tested": number,
+    "total_invariants": number,
+    "invariants_tested": number,
+    "total_ux_states": number,
+    "ux_states_tested": number
+  },
+  "tier_compliance": {
+    "source_tier": "CRITICAL" | "STANDARD" | "TRIVIAL",
+    "meets_tier_requirements": true/false
+  },
+  "feedback": "Strict, actionable feedback for the test generator agent. Explain exactly which anti-pattern was detected and how to fix it."
+}
--- a/.agent/workflows/read_semantic.md
+++ b/.agent/workflows/read_semantic.md
@@ -0,0 +1,4 @@
+---
+description: USE SEMANTIC
+---
+Прочитай .ai/standards/semantics.md. ОБЯЗАТЕЛЬНО используй его при разработке
--- a/.agent/workflows/semantic.md
+++ b/.agent/workflows/semantic.md
@@ -0,0 +1,10 @@
+---
+description: semantic
+---
+
+      You are Semantic Agent responsible for maintaining the semantic integrity of the codebase. Your primary goal is to ensure that all code entities (Modules, Classes, Functions, Components) are properly annotated with semantic anchors and tags as defined in `.ai/standards/semantics.md`.
+      Your core responsibilities are: 1.  **Semantic Mapping**: You run and maintain the `generate_semantic_map.py` script to generate up-to-date semantic maps (`semantics/semantic_map.json`, `.ai/PROJECT_MAP.md`) and compliance reports (`semantics/reports/*.md`). 2.  **Compliance Auditing**: You analyze the generated compliance reports to identify files with low semantic coverage or parsing errors. 3.  **Semantic Enrichment**: You actively edit code files to add missing semantic anchors (`[DEF:...]`, `[/DEF:...]`) and mandatory tags (`@PURPOSE`, `@LAYER`, etc.) to improve the global compliance score. 4.  **Protocol Enforcement**: You strictly adhere to the syntax and rules defined in `.ai/standards/semantics.md` when modifying code.
+      You have access to the full codebase and tools to read, write, and execute scripts. You should prioritize fixing "Critical Parsing Errors" (unclosed anchors) before addressing missing metadata.
+    whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `.ai/standards/semantics.md` standards.
+    description: Codebase semantic mapping and compliance expert
+    customInstructions: Always check `semantics/reports/` for the latest compliance status before starting work. When fixing a file, try to fix all semantic issues in that file at once. After making a batch of fixes, run `python3 generate_semantic_map.py` to verify improvements.
--- a/.agent/workflows/speckit.analyze.md
+++ b/.agent/workflows/speckit.analyze.md
@@ -0,0 +1,185 @@
+---
+description: Perform a non-destructive cross-artifact consistency and quality analysis across spec.md, plan.md, and tasks.md after task generation.
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Identify inconsistencies, duplications, ambiguities, and underspecified items across the three core artifacts (`spec.md`, `plan.md`, `tasks.md`) before implementation. This command MUST run only after `/speckit.tasks` has successfully produced a complete `tasks.md`.
+
+## Operating Constraints
+
+**STRICTLY READ-ONLY**: Do **not** modify any files. Output a structured analysis report. Offer an optional remediation plan (user must explicitly approve before any follow-up editing commands would be invoked manually).
+
+**Constitution Authority**: The project constitution (`.ai/standards/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`.
+
+## Execution Steps
+
+### 1. Initialize Analysis Context
+
+Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` once from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS. Derive absolute paths:
+
+- SPEC = FEATURE_DIR/spec.md
+- PLAN = FEATURE_DIR/plan.md
+- TASKS = FEATURE_DIR/tasks.md
+
+Abort with an error message if any required file is missing (instruct the user to run missing prerequisite command).
+For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+### 2. Load Artifacts (Progressive Disclosure)
+
+Load only the minimal necessary context from each artifact:
+
+**From spec.md:**
+
+- Overview/Context
+- Functional Requirements
+- Non-Functional Requirements
+- User Stories
+- Edge Cases (if present)
+
+**From plan.md:**
+
+- Architecture/stack choices
+- Data Model references
+- Phases
+- Technical constraints
+
+**From tasks.md:**
+
+- Task IDs
+- Descriptions
+- Phase grouping
+- Parallel markers [P]
+- Referenced file paths
+
+**From constitution:**
+
+- Load `.ai/standards/constitution.md` for principle validation
+    - Load `.ai/standards/semantics.md` for technical standard validation
+
+### 3. Build Semantic Models
+
+Create internal representations (do not include raw artifacts in output):
+
+- **Requirements inventory**: Each functional + non-functional requirement with a stable key (derive slug based on imperative phrase; e.g., "User can upload file" → `user-can-upload-file`)
+- **User story/action inventory**: Discrete user actions with acceptance criteria
+- **Task coverage mapping**: Map each task to one or more requirements or stories (inference by keyword / explicit reference patterns like IDs or key phrases)
+- **Constitution rule set**: Extract principle names and MUST/SHOULD normative statements
+
+### 4. Detection Passes (Token-Efficient Analysis)
+
+Focus on high-signal findings. Limit to 50 findings total; aggregate remainder in overflow summary.
+
+#### A. Duplication Detection
+
+- Identify near-duplicate requirements
+- Mark lower-quality phrasing for consolidation
+
+#### B. Ambiguity Detection
+
+- Flag vague adjectives (fast, scalable, secure, intuitive, robust) lacking measurable criteria
+- Flag unresolved placeholders (TODO, TKTK, ???, `<placeholder>`, etc.)
+
+#### C. Underspecification
+
+- Requirements with verbs but missing object or measurable outcome
+- User stories missing acceptance criteria alignment
+- Tasks referencing files or components not defined in spec/plan
+
+#### D. Constitution Alignment
+
+- Any requirement or plan element conflicting with a MUST principle
+- Missing mandated sections or quality gates from constitution
+
+#### E. Coverage Gaps
+
+- Requirements with zero associated tasks
+- Tasks with no mapped requirement/story
+- Non-functional requirements not reflected in tasks (e.g., performance, security)
+
+#### F. Inconsistency
+
+- Terminology drift (same concept named differently across files)
+- Data entities referenced in plan but absent in spec (or vice versa)
+- Task ordering contradictions (e.g., integration tasks before foundational setup tasks without dependency note)
+- Conflicting requirements (e.g., one requires Next.js while other specifies Vue)
+
+### 5. Severity Assignment
+
+Use this heuristic to prioritize findings:
+
+- **CRITICAL**: Violates constitution MUST, missing core spec artifact, or requirement with zero coverage that blocks baseline functionality
+- **HIGH**: Duplicate or conflicting requirement, ambiguous security/performance attribute, untestable acceptance criterion
+- **MEDIUM**: Terminology drift, missing non-functional task coverage, underspecified edge case
+- **LOW**: Style/wording improvements, minor redundancy not affecting execution order
+
+### 6. Produce Compact Analysis Report
+
+Output a Markdown report (no file writes) with the following structure:
+
+## Specification Analysis Report
+
+| ID | Category | Severity | Location(s) | Summary | Recommendation |
+|----|----------|----------|-------------|---------|----------------|
+| A1 | Duplication | HIGH | spec.md:L120-134 | Two similar requirements ... | Merge phrasing; keep clearer version |
+
+(Add one row per finding; generate stable IDs prefixed by category initial.)
+
+**Coverage Summary Table:**
+
+| Requirement Key | Has Task? | Task IDs | Notes |
+|-----------------|-----------|----------|-------|
+
+**Constitution Alignment Issues:** (if any)
+
+**Unmapped Tasks:** (if any)
+
+**Metrics:**
+
+- Total Requirements
+- Total Tasks
+- Coverage % (requirements with >=1 task)
+- Ambiguity Count
+- Duplication Count
+- Critical Issues Count
+
+### 7. Provide Next Actions
+
+At end of report, output a concise Next Actions block:
+
+- If CRITICAL issues exist: Recommend resolving before `/speckit.implement`
+- If only LOW/MEDIUM: User may proceed, but provide improvement suggestions
+- Provide explicit command suggestions: e.g., "Run /speckit.specify with refinement", "Run /speckit.plan to adjust architecture", "Manually edit tasks.md to add coverage for 'performance-metrics'"
+
+### 8. Offer Remediation
+
+Ask the user: "Would you like me to suggest concrete remediation edits for the top N issues?" (Do NOT apply them automatically.)
+
+## Operating Principles
+
+### Context Efficiency
+
+- **Minimal high-signal tokens**: Focus on actionable findings, not exhaustive documentation
+- **Progressive disclosure**: Load artifacts incrementally; don't dump all content into analysis
+- **Token-efficient output**: Limit findings table to 50 rows; summarize overflow
+- **Deterministic results**: Rerunning without changes should produce consistent IDs and counts
+
+### Analysis Guidelines
+
+- **NEVER modify files** (this is read-only analysis)
+- **NEVER hallucinate missing sections** (if absent, report them accurately)
+- **Prioritize constitution violations** (these are always CRITICAL)
+- **Use examples over exhaustive rules** (cite specific instances, not generic patterns)
+- **Report zero issues gracefully** (emit success report with coverage statistics)
+
+## Context
+
+$ARGUMENTS
--- a/.agent/workflows/speckit.checklist.md
+++ b/.agent/workflows/speckit.checklist.md
@@ -0,0 +1,294 @@
+---
+description: Generate a custom checklist for the current feature based on user requirements.
+---
+
+## Checklist Purpose: "Unit Tests for English"
+
+**CRITICAL CONCEPT**: Checklists are **UNIT TESTS FOR REQUIREMENTS WRITING** - they validate the quality, clarity, and completeness of requirements in a given domain.
+
+**NOT for verification/testing**:
+
+- ❌ NOT "Verify the button clicks correctly"
+- ❌ NOT "Test error handling works"
+- ❌ NOT "Confirm the API returns 200"
+- ❌ NOT checking if code/implementation matches the spec
+
+**FOR requirements quality validation**:
+
+- ✅ "Are visual hierarchy requirements defined for all card types?" (completeness)
+- ✅ "Is 'prominent display' quantified with specific sizing/positioning?" (clarity)
+- ✅ "Are hover state requirements consistent across all interactive elements?" (consistency)
+- ✅ "Are accessibility requirements defined for keyboard navigation?" (coverage)
+- ✅ "Does the spec define what happens when logo image fails to load?" (edge cases)
+
+**Metaphor**: If your spec is code written in English, the checklist is its unit test suite. You're testing whether the requirements are well-written, complete, unambiguous, and ready for implementation - NOT whether the implementation works.
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Execution Steps
+
+1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS list.
+   - All file paths must be absolute.
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Clarify intent (dynamic)**: Derive up to THREE initial contextual clarifying questions (no pre-baked catalog). They MUST:
+   - Be generated from the user's phrasing + extracted signals from spec/plan/tasks
+   - Only ask about information that materially changes checklist content
+   - Be skipped individually if already unambiguous in `$ARGUMENTS`
+   - Prefer precision over breadth
+
+   Generation algorithm:
+   1. Extract signals: feature domain keywords (e.g., auth, latency, UX, API), risk indicators ("critical", "must", "compliance"), stakeholder hints ("QA", "review", "security team"), and explicit deliverables ("a11y", "rollback", "contracts").
+   2. Cluster signals into candidate focus areas (max 4) ranked by relevance.
+   3. Identify probable audience & timing (author, reviewer, QA, release) if not explicit.
+   4. Detect missing dimensions: scope breadth, depth/rigor, risk emphasis, exclusion boundaries, measurable acceptance criteria.
+   5. Formulate questions chosen from these archetypes:
+      - Scope refinement (e.g., "Should this include integration touchpoints with X and Y or stay limited to local module correctness?")
+      - Risk prioritization (e.g., "Which of these potential risk areas should receive mandatory gating checks?")
+      - Depth calibration (e.g., "Is this a lightweight pre-commit sanity list or a formal release gate?")
+      - Audience framing (e.g., "Will this be used by the author only or peers during PR review?")
+      - Boundary exclusion (e.g., "Should we explicitly exclude performance tuning items this round?")
+      - Scenario class gap (e.g., "No recovery flows detected—are rollback / partial failure paths in scope?")
+
+   Question formatting rules:
+   - If presenting options, generate a compact table with columns: Option | Candidate | Why It Matters
+   - Limit to A–E options maximum; omit table if a free-form answer is clearer
+   - Never ask the user to restate what they already said
+   - Avoid speculative categories (no hallucination). If uncertain, ask explicitly: "Confirm whether X belongs in scope."
+
+   Defaults when interaction impossible:
+   - Depth: Standard
+   - Audience: Reviewer (PR) if code-related; Author otherwise
+   - Focus: Top 2 relevance clusters
+
+   Output the questions (label Q1/Q2/Q3). After answers: if ≥2 scenario classes (Alternate / Exception / Recovery / Non-Functional domain) remain unclear, you MAY ask up to TWO more targeted follow‑ups (Q4/Q5) with a one-line justification each (e.g., "Unresolved recovery path risk"). Do not exceed five total questions. Skip escalation if user explicitly declines more.
+
+3. **Understand user request**: Combine `$ARGUMENTS` + clarifying answers:
+   - Derive checklist theme (e.g., security, review, deploy, ux)
+   - Consolidate explicit must-have items mentioned by user
+   - Map focus selections to category scaffolding
+   - Infer any missing context from spec/plan/tasks (do NOT hallucinate)
+
+4. **Load feature context**: Read from FEATURE_DIR:
+   - spec.md: Feature requirements and scope
+   - plan.md (if exists): Technical details, dependencies
+   - tasks.md (if exists): Implementation tasks
+
+   **Context Loading Strategy**:
+   - Load only necessary portions relevant to active focus areas (avoid full-file dumping)
+   - Prefer summarizing long sections into concise scenario/requirement bullets
+   - Use progressive disclosure: add follow-on retrieval only if gaps detected
+   - If source docs are large, generate interim summary items instead of embedding raw text
+
+5. **Generate checklist** - Create "Unit Tests for Requirements":
+   - Create `FEATURE_DIR/checklists/` directory if it doesn't exist
+   - Generate unique checklist filename:
+     - Use short, descriptive name based on domain (e.g., `ux.md`, `api.md`, `security.md`)
+     - Format: `[domain].md`
+     - If file exists, append to existing file
+   - Number items sequentially starting from CHK001
+   - Each `/speckit.checklist` run creates a NEW file (never overwrites existing checklists)
+
+   **CORE PRINCIPLE - Test the Requirements, Not the Implementation**:
+   Every checklist item MUST evaluate the REQUIREMENTS THEMSELVES for:
+   - **Completeness**: Are all necessary requirements present?
+   - **Clarity**: Are requirements unambiguous and specific?
+   - **Consistency**: Do requirements align with each other?
+   - **Measurability**: Can requirements be objectively verified?
+   - **Coverage**: Are all scenarios/edge cases addressed?
+
+   **Category Structure** - Group items by requirement quality dimensions:
+   - **Requirement Completeness** (Are all necessary requirements documented?)
+   - **Requirement Clarity** (Are requirements specific and unambiguous?)
+   - **Requirement Consistency** (Do requirements align without conflicts?)
+   - **Acceptance Criteria Quality** (Are success criteria measurable?)
+   - **Scenario Coverage** (Are all flows/cases addressed?)
+   - **Edge Case Coverage** (Are boundary conditions defined?)
+   - **Non-Functional Requirements** (Performance, Security, Accessibility, etc. - are they specified?)
+   - **Dependencies & Assumptions** (Are they documented and validated?)
+   - **Ambiguities & Conflicts** (What needs clarification?)
+
+   **HOW TO WRITE CHECKLIST ITEMS - "Unit Tests for English"**:
+
+   ❌ **WRONG** (Testing implementation):
+   - "Verify landing page displays 3 episode cards"
+   - "Test hover states work on desktop"
+   - "Confirm logo click navigates home"
+
+   ✅ **CORRECT** (Testing requirements quality):
+   - "Are the exact number and layout of featured episodes specified?" [Completeness]
+   - "Is 'prominent display' quantified with specific sizing/positioning?" [Clarity]
+   - "Are hover state requirements consistent across all interactive elements?" [Consistency]
+   - "Are keyboard navigation requirements defined for all interactive UI?" [Coverage]
+   - "Is the fallback behavior specified when logo image fails to load?" [Edge Cases]
+   - "Are loading states defined for asynchronous episode data?" [Completeness]
+   - "Does the spec define visual hierarchy for competing UI elements?" [Clarity]
+
+   **ITEM STRUCTURE**:
+   Each item should follow this pattern:
+   - Question format asking about requirement quality
+   - Focus on what's WRITTEN (or not written) in the spec/plan
+   - Include quality dimension in brackets [Completeness/Clarity/Consistency/etc.]
+   - Reference spec section `[Spec §X.Y]` when checking existing requirements
+   - Use `[Gap]` marker when checking for missing requirements
+
+   **EXAMPLES BY QUALITY DIMENSION**:
+
+   Completeness:
+   - "Are error handling requirements defined for all API failure modes? [Gap]"
+   - "Are accessibility requirements specified for all interactive elements? [Completeness]"
+   - "Are mobile breakpoint requirements defined for responsive layouts? [Gap]"
+
+   Clarity:
+   - "Is 'fast loading' quantified with specific timing thresholds? [Clarity, Spec §NFR-2]"
+   - "Are 'related episodes' selection criteria explicitly defined? [Clarity, Spec §FR-5]"
+   - "Is 'prominent' defined with measurable visual properties? [Ambiguity, Spec §FR-4]"
+
+   Consistency:
+   - "Do navigation requirements align across all pages? [Consistency, Spec §FR-10]"
+   - "Are card component requirements consistent between landing and detail pages? [Consistency]"
+
+   Coverage:
+   - "Are requirements defined for zero-state scenarios (no episodes)? [Coverage, Edge Case]"
+   - "Are concurrent user interaction scenarios addressed? [Coverage, Gap]"
+   - "Are requirements specified for partial data loading failures? [Coverage, Exception Flow]"
+
+   Measurability:
+   - "Are visual hierarchy requirements measurable/testable? [Acceptance Criteria, Spec §FR-1]"
+   - "Can 'balanced visual weight' be objectively verified? [Measurability, Spec §FR-2]"
+
+   **Scenario Classification & Coverage** (Requirements Quality Focus):
+   - Check if requirements exist for: Primary, Alternate, Exception/Error, Recovery, Non-Functional scenarios
+   - For each scenario class, ask: "Are [scenario type] requirements complete, clear, and consistent?"
+   - If scenario class missing: "Are [scenario type] requirements intentionally excluded or missing? [Gap]"
+   - Include resilience/rollback when state mutation occurs: "Are rollback requirements defined for migration failures? [Gap]"
+
+   **Traceability Requirements**:
+   - MINIMUM: ≥80% of items MUST include at least one traceability reference
+   - Each item should reference: spec section `[Spec §X.Y]`, or use markers: `[Gap]`, `[Ambiguity]`, `[Conflict]`, `[Assumption]`
+   - If no ID system exists: "Is a requirement & acceptance criteria ID scheme established? [Traceability]"
+
+   **Surface & Resolve Issues** (Requirements Quality Problems):
+   Ask questions about the requirements themselves:
+   - Ambiguities: "Is the term 'fast' quantified with specific metrics? [Ambiguity, Spec §NFR-1]"
+   - Conflicts: "Do navigation requirements conflict between §FR-10 and §FR-10a? [Conflict]"
+   - Assumptions: "Is the assumption of 'always available podcast API' validated? [Assumption]"
+   - Dependencies: "Are external podcast API requirements documented? [Dependency, Gap]"
+   - Missing definitions: "Is 'visual hierarchy' defined with measurable criteria? [Gap]"
+
+   **Content Consolidation**:
+   - Soft cap: If raw candidate items > 40, prioritize by risk/impact
+   - Merge near-duplicates checking the same requirement aspect
+   - If >5 low-impact edge cases, create one item: "Are edge cases X, Y, Z addressed in requirements? [Coverage]"
+
+   **🚫 ABSOLUTELY PROHIBITED** - These make it an implementation test, not a requirements test:
+   - ❌ Any item starting with "Verify", "Test", "Confirm", "Check" + implementation behavior
+   - ❌ References to code execution, user actions, system behavior
+   - ❌ "Displays correctly", "works properly", "functions as expected"
+   - ❌ "Click", "navigate", "render", "load", "execute"
+   - ❌ Test cases, test plans, QA procedures
+   - ❌ Implementation details (frameworks, APIs, algorithms)
+
+   **✅ REQUIRED PATTERNS** - These test requirements quality:
+   - ✅ "Are [requirement type] defined/specified/documented for [scenario]?"
+   - ✅ "Is [vague term] quantified/clarified with specific criteria?"
+   - ✅ "Are requirements consistent between [section A] and [section B]?"
+   - ✅ "Can [requirement] be objectively measured/verified?"
+   - ✅ "Are [edge cases/scenarios] addressed in requirements?"
+   - ✅ "Does the spec define [missing aspect]?"
+
+6. **Structure Reference**: Generate the checklist following the canonical template in `.specify/templates/checklist-template.md` for title, meta section, category headings, and ID formatting. If template is unavailable, use: H1 title, purpose/created meta lines, `##` category sections containing `- [ ] CHK### <requirement item>` lines with globally incrementing IDs starting at CHK001.
+
+7. **Report**: Output full path to created checklist, item count, and remind user that each run creates a new file. Summarize:
+   - Focus areas selected
+   - Depth level
+   - Actor/timing
+   - Any explicit user-specified must-have items incorporated
+
+**Important**: Each `/speckit.checklist` command invocation creates a checklist file using short, descriptive names unless file already exists. This allows:
+
+- Multiple checklists of different types (e.g., `ux.md`, `test.md`, `security.md`)
+- Simple, memorable filenames that indicate checklist purpose
+- Easy identification and navigation in the `checklists/` folder
+
+To avoid clutter, use descriptive types and clean up obsolete checklists when done.
+
+## Example Checklist Types & Sample Items
+
+**UX Requirements Quality:** `ux.md`
+
+Sample items (testing the requirements, NOT the implementation):
+
+- "Are visual hierarchy requirements defined with measurable criteria? [Clarity, Spec §FR-1]"
+- "Is the number and positioning of UI elements explicitly specified? [Completeness, Spec §FR-1]"
+- "Are interaction state requirements (hover, focus, active) consistently defined? [Consistency]"
+- "Are accessibility requirements specified for all interactive elements? [Coverage, Gap]"
+- "Is fallback behavior defined when images fail to load? [Edge Case, Gap]"
+- "Can 'prominent display' be objectively measured? [Measurability, Spec §FR-4]"
+
+**API Requirements Quality:** `api.md`
+
+Sample items:
+
+- "Are error response formats specified for all failure scenarios? [Completeness]"
+- "Are rate limiting requirements quantified with specific thresholds? [Clarity]"
+- "Are authentication requirements consistent across all endpoints? [Consistency]"
+- "Are retry/timeout requirements defined for external dependencies? [Coverage, Gap]"
+- "Is versioning strategy documented in requirements? [Gap]"
+
+**Performance Requirements Quality:** `performance.md`
+
+Sample items:
+
+- "Are performance requirements quantified with specific metrics? [Clarity]"
+- "Are performance targets defined for all critical user journeys? [Coverage]"
+- "Are performance requirements under different load conditions specified? [Completeness]"
+- "Can performance requirements be objectively measured? [Measurability]"
+- "Are degradation requirements defined for high-load scenarios? [Edge Case, Gap]"
+
+**Security Requirements Quality:** `security.md`
+
+Sample items:
+
+- "Are authentication requirements specified for all protected resources? [Coverage]"
+- "Are data protection requirements defined for sensitive information? [Completeness]"
+- "Is the threat model documented and requirements aligned to it? [Traceability]"
+- "Are security requirements consistent with compliance obligations? [Consistency]"
+- "Are security failure/breach response requirements defined? [Gap, Exception Flow]"
+
+## Anti-Examples: What NOT To Do
+
+**❌ WRONG - These test implementation, not requirements:**
+
+```markdown
+- [ ] CHK001 - Verify landing page displays 3 episode cards [Spec §FR-001]
+- [ ] CHK002 - Test hover states work correctly on desktop [Spec §FR-003]
+- [ ] CHK003 - Confirm logo click navigates to home page [Spec §FR-010]
+- [ ] CHK004 - Check that related episodes section shows 3-5 items [Spec §FR-005]
+```
+
+**✅ CORRECT - These test requirements quality:**
+
+```markdown
+- [ ] CHK001 - Are the number and layout of featured episodes explicitly specified? [Completeness, Spec §FR-001]
+- [ ] CHK002 - Are hover state requirements consistently defined for all interactive elements? [Consistency, Spec §FR-003]
+- [ ] CHK003 - Are navigation requirements clear for all clickable brand elements? [Clarity, Spec §FR-010]
+- [ ] CHK004 - Is the selection criteria for related episodes documented? [Gap, Spec §FR-005]
+- [ ] CHK005 - Are loading state requirements defined for asynchronous episode data? [Gap]
+- [ ] CHK006 - Can "visual hierarchy" requirements be objectively measured? [Measurability, Spec §FR-001]
+```
+
+**Key Differences:**
+
+- Wrong: Tests if the system works correctly
+- Correct: Tests if the requirements are written correctly
+- Wrong: Verification of behavior
+- Correct: Validation of requirement quality
+- Wrong: "Does it do X?"
+- Correct: "Is X clearly specified?"
--- a/.agent/workflows/speckit.clarify.md
+++ b/.agent/workflows/speckit.clarify.md
@@ -0,0 +1,181 @@
+---
+description: Identify underspecified areas in the current feature spec by asking up to 5 highly targeted clarification questions and encoding answers back into the spec.
+handoffs: 
+  - label: Build Technical Plan
+    agent: speckit.plan
+    prompt: Create a plan for the spec. I am building with...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+Goal: Detect and reduce ambiguity or missing decision points in the active feature specification and record the clarifications directly in the spec file.
+
+Note: This clarification workflow is expected to run (and be completed) BEFORE invoking `/speckit.plan`. If the user explicitly states they are skipping clarification (e.g., exploratory spike), you may proceed, but must warn that downstream rework risk increases.
+
+Execution steps:
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --paths-only` from repo root **once** (combined `--json --paths-only` mode / `-Json -PathsOnly`). Parse minimal JSON payload fields:
+   - `FEATURE_DIR`
+   - `FEATURE_SPEC`
+   - (Optionally capture `IMPL_PLAN`, `TASKS` for future chained flows.)
+   - If JSON parsing fails, abort and instruct user to re-run `/speckit.specify` or verify feature branch environment.
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. Load the current spec file. Perform a structured ambiguity & coverage scan using this taxonomy. For each category, mark status: Clear / Partial / Missing. Produce an internal coverage map used for prioritization (do not output raw map unless no questions will be asked).
+
+   Functional Scope & Behavior:
+   - Core user goals & success criteria
+   - Explicit out-of-scope declarations
+   - User roles / personas differentiation
+
+   Domain & Data Model:
+   - Entities, attributes, relationships
+   - Identity & uniqueness rules
+   - Lifecycle/state transitions
+   - Data volume / scale assumptions
+
+   Interaction & UX Flow:
+   - Critical user journeys / sequences
+   - Error/empty/loading states
+   - Accessibility or localization notes
+
+   Non-Functional Quality Attributes:
+   - Performance (latency, throughput targets)
+   - Scalability (horizontal/vertical, limits)
+   - Reliability & availability (uptime, recovery expectations)
+   - Observability (logging, metrics, tracing signals)
+   - Security & privacy (authN/Z, data protection, threat assumptions)
+   - Compliance / regulatory constraints (if any)
+
+   Integration & External Dependencies:
+   - External services/APIs and failure modes
+   - Data import/export formats
+   - Protocol/versioning assumptions
+
+   Edge Cases & Failure Handling:
+   - Negative scenarios
+   - Rate limiting / throttling
+   - Conflict resolution (e.g., concurrent edits)
+
+   Constraints & Tradeoffs:
+   - Technical constraints (language, storage, hosting)
+   - Explicit tradeoffs or rejected alternatives
+
+   Terminology & Consistency:
+   - Canonical glossary terms
+   - Avoided synonyms / deprecated terms
+
+   Completion Signals:
+   - Acceptance criteria testability
+   - Measurable Definition of Done style indicators
+
+   Misc / Placeholders:
+   - TODO markers / unresolved decisions
+   - Ambiguous adjectives ("robust", "intuitive") lacking quantification
+
+   For each category with Partial or Missing status, add a candidate question opportunity unless:
+   - Clarification would not materially change implementation or validation strategy
+   - Information is better deferred to planning phase (note internally)
+
+3. Generate (internally) a prioritized queue of candidate clarification questions (maximum 5). Do NOT output them all at once. Apply these constraints:
+    - Maximum of 10 total questions across the whole session.
+    - Each question must be answerable with EITHER:
+       - A short multiple‑choice selection (2–5 distinct, mutually exclusive options), OR
+       - A one-word / short‑phrase answer (explicitly constrain: "Answer in <=5 words").
+    - Only include questions whose answers materially impact architecture, data modeling, task decomposition, test design, UX behavior, operational readiness, or compliance validation.
+    - Ensure category coverage balance: attempt to cover the highest impact unresolved categories first; avoid asking two low-impact questions when a single high-impact area (e.g., security posture) is unresolved.
+    - Exclude questions already answered, trivial stylistic preferences, or plan-level execution details (unless blocking correctness).
+    - Favor clarifications that reduce downstream rework risk or prevent misaligned acceptance tests.
+    - If more than 5 categories remain unresolved, select the top 5 by (Impact * Uncertainty) heuristic.
+
+4. Sequential questioning loop (interactive):
+    - Present EXACTLY ONE question at a time.
+    - For multiple‑choice questions:
+       - **Analyze all options** and determine the **most suitable option** based on:
+          - Best practices for the project type
+          - Common patterns in similar implementations
+          - Risk reduction (security, performance, maintainability)
+          - Alignment with any explicit project goals or constraints visible in the spec
+       - Present your **recommended option prominently** at the top with clear reasoning (1-2 sentences explaining why this is the best choice).
+       - Format as: `**Recommended:** Option [X] - <reasoning>`
+       - Then render all options as a Markdown table:
+
+       | Option | Description |
+       |--------|-------------|
+       | A | <Option A description> |
+       | B | <Option B description> |
+       | C | <Option C description> (add D/E as needed up to 5) |
+       | Short | Provide a different short answer (<=5 words) (Include only if free-form alternative is appropriate) |
+
+       - After the table, add: `You can reply with the option letter (e.g., "A"), accept the recommendation by saying "yes" or "recommended", or provide your own short answer.`
+    - For short‑answer style (no meaningful discrete options):
+       - Provide your **suggested answer** based on best practices and context.
+       - Format as: `**Suggested:** <your proposed answer> - <brief reasoning>`
+       - Then output: `Format: Short answer (<=5 words). You can accept the suggestion by saying "yes" or "suggested", or provide your own answer.`
+    - After the user answers:
+       - If the user replies with "yes", "recommended", or "suggested", use your previously stated recommendation/suggestion as the answer.
+       - Otherwise, validate the answer maps to one option or fits the <=5 word constraint.
+       - If ambiguous, ask for a quick disambiguation (count still belongs to same question; do not advance).
+       - Once satisfactory, record it in working memory (do not yet write to disk) and move to the next queued question.
+    - Stop asking further questions when:
+       - All critical ambiguities resolved early (remaining queued items become unnecessary), OR
+       - User signals completion ("done", "good", "no more"), OR
+       - You reach 5 asked questions.
+    - Never reveal future queued questions in advance.
+    - If no valid questions exist at start, immediately report no critical ambiguities.
+
+5. Integration after EACH accepted answer (incremental update approach):
+    - Maintain in-memory representation of the spec (loaded once at start) plus the raw file contents.
+    - For the first integrated answer in this session:
+       - Ensure a `## Clarifications` section exists (create it just after the highest-level contextual/overview section per the spec template if missing).
+       - Under it, create (if not present) a `### Session YYYY-MM-DD` subheading for today.
+    - Append a bullet line immediately after acceptance: `- Q: <question> → A: <final answer>`.
+    - Then immediately apply the clarification to the most appropriate section(s):
+       - Functional ambiguity → Update or add a bullet in Functional Requirements.
+       - User interaction / actor distinction → Update User Stories or Actors subsection (if present) with clarified role, constraint, or scenario.
+       - Data shape / entities → Update Data Model (add fields, types, relationships) preserving ordering; note added constraints succinctly.
+       - Non-functional constraint → Add/modify measurable criteria in Non-Functional / Quality Attributes section (convert vague adjective to metric or explicit target).
+       - Edge case / negative flow → Add a new bullet under Edge Cases / Error Handling (or create such subsection if template provides placeholder for it).
+       - Terminology conflict → Normalize term across spec; retain original only if necessary by adding `(formerly referred to as "X")` once.
+    - If the clarification invalidates an earlier ambiguous statement, replace that statement instead of duplicating; leave no obsolete contradictory text.
+    - Save the spec file AFTER each integration to minimize risk of context loss (atomic overwrite).
+    - Preserve formatting: do not reorder unrelated sections; keep heading hierarchy intact.
+    - Keep each inserted clarification minimal and testable (avoid narrative drift).
+
+6. Validation (performed after EACH write plus final pass):
+   - Clarifications session contains exactly one bullet per accepted answer (no duplicates).
+   - Total asked (accepted) questions ≤ 5.
+   - Updated sections contain no lingering vague placeholders the new answer was meant to resolve.
+   - No contradictory earlier statement remains (scan for now-invalid alternative choices removed).
+   - Markdown structure valid; only allowed new headings: `## Clarifications`, `### Session YYYY-MM-DD`.
+   - Terminology consistency: same canonical term used across all updated sections.
+
+7. Write the updated spec back to `FEATURE_SPEC`.
+
+8. Report completion (after questioning loop ends or early termination):
+   - Number of questions asked & answered.
+   - Path to updated spec.
+   - Sections touched (list names).
+   - Coverage summary table listing each taxonomy category with Status: Resolved (was Partial/Missing and addressed), Deferred (exceeds question quota or better suited for planning), Clear (already sufficient), Outstanding (still Partial/Missing but low impact).
+   - If any Outstanding or Deferred remain, recommend whether to proceed to `/speckit.plan` or run `/speckit.clarify` again later post-plan.
+   - Suggested next command.
+
+Behavior rules:
+
+- If no meaningful ambiguities found (or all potential questions would be low-impact), respond: "No critical ambiguities detected worth formal clarification." and suggest proceeding.
+- If spec file missing, instruct user to run `/speckit.specify` first (do not create a new spec here).
+- Never exceed 5 total asked questions (clarification retries for a single question do not count as new questions).
+- Avoid speculative tech stack questions unless the absence blocks functional clarity.
+- Respect user early termination signals ("stop", "done", "proceed").
+- If no questions asked due to full coverage, output a compact coverage summary (all categories Clear) then suggest advancing.
+- If quota reached with unresolved high-impact categories remaining, explicitly flag them under Deferred with rationale.
+
+Context for prioritization: $ARGUMENTS
--- a/.agent/workflows/speckit.constitution.md
+++ b/.agent/workflows/speckit.constitution.md
@@ -0,0 +1,84 @@
+---
+description: Create or update the project constitution from interactive or provided principle inputs, ensuring all dependent templates stay in sync.
+handoffs: 
+  - label: Build Specification
+    agent: speckit.specify
+    prompt: Implement the feature specification based on the updated constitution. I want to build...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+You are updating the project constitution at `.ai/standards/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts.
+
+**Note**: If `.ai/standards/constitution.md` does not exist yet, it should have been initialized from `.specify/templates/constitution-template.md` during project setup. If it's missing, copy the template first.
+
+Follow this execution flow:
+
+1. Load the existing constitution at `.ai/standards/constitution.md`.
+   - Identify every placeholder token of the form `[ALL_CAPS_IDENTIFIER]`.
+   **IMPORTANT**: The user might require less or more principles than the ones used in the template. If a number is specified, respect that - follow the general template. You will update the doc accordingly.
+
+2. Collect/derive values for placeholders:
+   - If user input (conversation) supplies a value, use it.
+   - Otherwise infer from existing repo context (README, docs, prior constitution versions if embedded).
+   - For governance dates: `RATIFICATION_DATE` is the original adoption date (if unknown ask or mark TODO), `LAST_AMENDED_DATE` is today if changes are made, otherwise keep previous.
+   - `CONSTITUTION_VERSION` must increment according to semantic versioning rules:
+     - MAJOR: Backward incompatible governance/principle removals or redefinitions.
+     - MINOR: New principle/section added or materially expanded guidance.
+     - PATCH: Clarifications, wording, typo fixes, non-semantic refinements.
+   - If version bump type ambiguous, propose reasoning before finalizing.
+
+3. Draft the updated constitution content:
+   - Replace every placeholder with concrete text (no bracketed tokens left except intentionally retained template slots that the project has chosen not to define yet—explicitly justify any left).
+   - Preserve heading hierarchy and comments can be removed once replaced unless they still add clarifying guidance.
+   - Ensure each Principle section: succinct name line, paragraph (or bullet list) capturing non‑negotiable rules, explicit rationale if not obvious.
+   - Ensure Governance section lists amendment procedure, versioning policy, and compliance review expectations.
+
+4. Consistency propagation checklist (convert prior checklist into active validations):
+   - Read `.specify/templates/plan-template.md` and ensure any "Constitution Check" or rules align with updated principles.
+   - Read `.specify/templates/spec-template.md` for scope/requirements alignment—update if constitution adds/removes mandatory sections or constraints.
+   - Read `.specify/templates/tasks-template.md` and ensure task categorization reflects new or removed principle-driven task types (e.g., observability, versioning, testing discipline).
+   - Read each command file in `.specify/templates/commands/*.md` (including this one) to verify no outdated references (agent-specific names like CLAUDE only) remain when generic guidance is required.
+   - Read any runtime guidance docs (e.g., `README.md`, `docs/quickstart.md`, or agent-specific guidance files if present). Update references to principles changed.
+
+5. Produce a Sync Impact Report (prepend as an HTML comment at top of the constitution file after update):
+   - Version change: old → new
+   - List of modified principles (old title → new title if renamed)
+   - Added sections
+   - Removed sections
+   - Templates requiring updates (✅ updated / ⚠ pending) with file paths
+   - Follow-up TODOs if any placeholders intentionally deferred.
+
+6. Validation before final output:
+   - No remaining unexplained bracket tokens.
+   - Version line matches report.
+   - Dates ISO format YYYY-MM-DD.
+   - Principles are declarative, testable, and free of vague language ("should" → replace with MUST/SHOULD rationale where appropriate).
+
+7. Write the completed constitution back to `.ai/standards/constitution.md` (overwrite).
+
+8. Output a final summary to the user with:
+   - New version and bump rationale.
+   - Any files flagged for manual follow-up.
+   - Suggested commit message (e.g., `docs: amend constitution to vX.Y.Z (principle additions + governance update)`).
+
+Formatting & Style Requirements:
+
+- Use Markdown headings exactly as in the template (do not demote/promote levels).
+- Wrap long rationale lines to keep readability (<100 chars ideally) but do not hard enforce with awkward breaks.
+- Keep a single blank line between sections.
+- Avoid trailing whitespace.
+
+If the user supplies partial updates (e.g., only one principle revision), still perform validation and version decision steps.
+
+If critical info missing (e.g., ratification date truly unknown), insert `TODO(<FIELD_NAME>): explanation` and include in the Sync Impact Report under deferred items.
+
+Do not create a new template; always operate on the existing `.ai/standards/constitution.md` file.
--- a/.agent/workflows/speckit.fix.md
+++ b/.agent/workflows/speckit.fix.md
@@ -0,0 +1,199 @@
+---
+
+description: Fix failing tests and implementation issues based on test reports
+
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Analyze test failure reports, identify root causes, and fix implementation issues while preserving semantic protocol compliance.
+
+## Operating Constraints
+
+1. **USE CODER MODE**: Always switch to `coder` mode for code fixes
+2. **SEMANTIC PROTOCOL**: Never remove semantic annotations ([DEF], @TAGS). Only update code logic.
+3. **TEST DATA**: If tests use @TEST_ fixtures, preserve them when fixing
+4. **NO DELETION**: Never delete existing tests or semantic annotations
+5. **REPORT FIRST**: Always write a fix report before making changes
+
+## Execution Steps
+
+### 1. Load Test Report
+
+**Required**: Test report file path (e.g., `specs/<feature>/tests/reports/2026-02-19-report.md`)
+
+**Parse the report for**:
+- Failed test cases
+- Error messages
+- Stack traces
+- Expected vs actual behavior
+- Affected modules/files
+
+### 2. Analyze Root Causes
+
+For each failed test:
+
+1. **Read the test file** to understand what it's testing
+2. **Read the implementation file** to find the bug
+3. **Check semantic protocol compliance**:
+   - Does the implementation have correct [DEF] anchors?
+   - Are @TAGS (@PRE, @POST, @UX_STATE, etc.) present?
+   - Does the code match the TIER requirements?
+4. **Identify the fix**:
+   - Logic error in implementation
+   - Missing error handling
+   - Incorrect API usage
+   - State management issue
+
+### 3. Write Fix Report
+
+Create a structured fix report:
+
+```markdown
+# Fix Report: [FEATURE]
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X]
+- Total Skipped: [X]
+
+## Failed Tests Analysis
+
+### Test: [Test Name]
+
+**File**: `path/to/test.py`
+**Error**: [Error message]
+
+**Root Cause**: [Explanation of why test failed]
+
+**Fix Required**: [Description of fix]
+
+**Status**: [Pending/In Progress/Completed]
+
+## Fixes Applied
+
+### Fix 1: [Description]
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**:
+```diff
+<<<<<<< SEARCH
+[Original Code]
+=======
+[Fixed Code]
+>>>>>>> REPLACE
+```
+
+**Verification**: [How to verify fix works]
+
+**Semantic Integrity**: [Confirmed annotations preserved]
+
+## Next Steps
+
+- [ ] Run tests to verify fix: `cd backend && .venv/bin/python3 -m pytest`
+- [ ] Check for related failing tests
+- [ ] Update test documentation if needed
+```
+
+### 4. Apply Fixes (in Coder Mode)
+
+Switch to `coder` mode and apply fixes:
+
+1. **Read the implementation file** to get exact content
+2. **Apply the fix** using apply_diff
+3. **Preserve all semantic annotations**:
+   - Keep [DEF:...] and [/DEF:...] anchors
+   - Keep all @TAGS (@PURPOSE, @LAYER, @TIER, @RELATION, @PRE, @POST, @UX_STATE, @UX_FEEDBACK, @UX_RECOVERY)
+4. **Only update code logic** to fix the bug
+5. **Run tests** to verify the fix
+
+### 5. Verification
+
+After applying fixes:
+
+1. **Run tests**:
+   ```bash
+   cd backend && .venv/bin/python3 -m pytest -v
+   ```
+   or
+   ```bash
+   cd frontend && npm run test
+   ```
+
+2. **Check test results**:
+   - Failed tests should now pass
+   - No new tests should fail
+   - Coverage should not decrease
+
+3. **Update fix report** with results:
+   - Mark fixes as completed
+   - Add verification steps
+   - Note any remaining issues
+
+## Output
+
+Generate final fix report:
+
+```markdown
+# Fix Report: [FEATURE] - COMPLETED
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X] ✅
+- Total Skipped: [X]
+
+## Fixes Applied
+
+### Fix 1: [Description] ✅
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**: [Summary of changes]
+
+**Verification**: All tests pass ✅
+
+**Semantic Integrity**: Preserved ✅
+
+## Test Results
+
+```
+[Full test output showing all passing tests]
+```
+
+## Recommendations
+
+- [ ] Monitor for similar issues
+- [ ] Update documentation if needed
+- [ ] Consider adding more tests for edge cases
+
+## Related Files
+
+- Test Report: [path]
+- Implementation: [path]
+- Test File: [path]
+```
+
+## Context for Fixing
+
+$ARGUMENTS
--- a/.agent/workflows/speckit.implement.md
+++ b/.agent/workflows/speckit.implement.md
@@ -0,0 +1,150 @@
+---
+description: Execute the implementation plan by processing and executing all tasks defined in tasks.md
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Check checklists status** (if FEATURE_DIR/checklists/ exists):
+   - Scan all checklist files in the checklists/ directory
+   - For each checklist, count:
+     - Total items: All lines matching `- [ ]` or `- [X]` or `- [x]`
+     - Completed items: Lines matching `- [X]` or `- [x]`
+     - Incomplete items: Lines matching `- [ ]`
+   - Create a status table:
+
+     ```text
+     | Checklist | Total | Completed | Incomplete | Status |
+     |-----------|-------|-----------|------------|--------|
+     | ux.md     | 12    | 12        | 0          | ✓ PASS |
+     | test.md   | 8     | 5         | 3          | ✗ FAIL |
+     | security.md | 6   | 6         | 0          | ✓ PASS |
+     ```
+
+   - Calculate overall status:
+     - **PASS**: All checklists have 0 incomplete items
+     - **FAIL**: One or more checklists have incomplete items
+
+   - **If any checklist is incomplete**:
+     - Display the table with incomplete item counts
+     - **STOP** and ask: "Some checklists are incomplete. Do you want to proceed with implementation anyway? (yes/no)"
+     - Wait for user response before continuing
+     - If user says "no" or "wait" or "stop", halt execution
+     - If user says "yes" or "proceed" or "continue", proceed to step 3
+
+   - **If all checklists are complete**:
+     - Display the table showing all checklists passed
+     - Automatically proceed to step 3
+
+3. Load and analyze the implementation context:
+   - **REQUIRED**: Read tasks.md for the complete task list and execution plan
+   - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure
+   - **IF EXISTS**: Read data-model.md for entities and relationships
+   - **IF EXISTS**: Read contracts/ for API specifications and test requirements
+   - **IF EXISTS**: Read research.md for technical decisions and constraints
+   - **IF EXISTS**: Read quickstart.md for integration scenarios
+
+3. Load and analyze the implementation context:
+    - **REQUIRED**: Read `.ai/standards/semantics.md` for strict coding standards and contract requirements
+    - **REQUIRED**: Read tasks.md for the complete task list and execution plan
+    - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure
+    - **IF EXISTS**: Read data-model.md for entities and relationships
+    - **IF EXISTS**: Read contracts/ for API specifications and test requirements
+    - **IF EXISTS**: Read research.md for technical decisions and constraints
+    - **IF EXISTS**: Read quickstart.md for integration scenarios
+
+4. **Project Setup Verification**:
+   - **REQUIRED**: Create/verify ignore files based on actual project setup:
+
+   **Detection & Creation Logic**:
+   - Check if the following command succeeds to determine if the repository is a git repo (create/verify .gitignore if so):
+
+     ```sh
+     git rev-parse --git-dir 2>/dev/null
+     ```
+
+   - Check if Dockerfile* exists or Docker in plan.md → create/verify .dockerignore
+   - Check if .eslintrc* exists → create/verify .eslintignore
+   - Check if eslint.config.* exists → ensure the config's `ignores` entries cover required patterns
+   - Check if .prettierrc* exists → create/verify .prettierignore
+   - Check if .npmrc or package.json exists → create/verify .npmignore (if publishing)
+   - Check if terraform files (*.tf) exist → create/verify .terraformignore
+   - Check if .helmignore needed (helm charts present) → create/verify .helmignore
+
+   **If ignore file already exists**: Verify it contains essential patterns, append missing critical patterns only
+   **If ignore file missing**: Create with full pattern set for detected technology
+
+   **Common Patterns by Technology** (from plan.md tech stack):
+   - **Node.js/JavaScript/TypeScript**: `node_modules/`, `dist/`, `build/`, `*.log`, `.env*`
+   - **Python**: `__pycache__/`, `*.pyc`, `.venv/`, `venv/`, `dist/`, `*.egg-info/`
+   - **Java**: `target/`, `*.class`, `*.jar`, `.gradle/`, `build/`
+   - **C#/.NET**: `bin/`, `obj/`, `*.user`, `*.suo`, `packages/`
+   - **Go**: `*.exe`, `*.test`, `vendor/`, `*.out`
+   - **Ruby**: `.bundle/`, `log/`, `tmp/`, `*.gem`, `vendor/bundle/`
+   - **PHP**: `vendor/`, `*.log`, `*.cache`, `*.env`
+   - **Rust**: `target/`, `debug/`, `release/`, `*.rs.bk`, `*.rlib`, `*.prof*`, `.idea/`, `*.log`, `.env*`
+   - **Kotlin**: `build/`, `out/`, `.gradle/`, `.idea/`, `*.class`, `*.jar`, `*.iml`, `*.log`, `.env*`
+   - **C++**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.so`, `*.a`, `*.exe`, `*.dll`, `.idea/`, `*.log`, `.env*`
+   - **C**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.a`, `*.so`, `*.exe`, `Makefile`, `config.log`, `.idea/`, `*.log`, `.env*`
+   - **Swift**: `.build/`, `DerivedData/`, `*.swiftpm/`, `Packages/`
+   - **R**: `.Rproj.user/`, `.Rhistory`, `.RData`, `.Ruserdata`, `*.Rproj`, `packrat/`, `renv/`
+   - **Universal**: `.DS_Store`, `Thumbs.db`, `*.tmp`, `*.swp`, `.vscode/`, `.idea/`
+
+   **Tool-Specific Patterns**:
+   - **Docker**: `node_modules/`, `.git/`, `Dockerfile*`, `.dockerignore`, `*.log*`, `.env*`, `coverage/`
+   - **ESLint**: `node_modules/`, `dist/`, `build/`, `coverage/`, `*.min.js`
+   - **Prettier**: `node_modules/`, `dist/`, `build/`, `coverage/`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`
+   - **Terraform**: `.terraform/`, `*.tfstate*`, `*.tfvars`, `.terraform.lock.hcl`
+   - **Kubernetes/k8s**: `*.secret.yaml`, `secrets/`, `.kube/`, `kubeconfig*`, `*.key`, `*.crt`
+
+5. Parse tasks.md structure and extract:
+   - **Task phases**: Setup, Tests, Core, Integration, Polish
+   - **Task dependencies**: Sequential vs parallel execution rules
+   - **Task details**: ID, description, file paths, parallel markers [P]
+   - **Execution flow**: Order and dependency requirements
+
+6. Execute implementation following the task plan:
+   - **Phase-by-phase execution**: Complete each phase before moving to the next
+   - **Respect dependencies**: Run sequential tasks in order, parallel tasks [P] can run together  
+   - **Follow TDD approach**: Execute test tasks before their corresponding implementation tasks
+   - **File-based coordination**: Tasks affecting the same files must run sequentially
+   - **Validation checkpoints**: Verify each phase completion before proceeding
+
+7. Implementation execution rules:
+    - **Strict Adherence**: Apply `.ai/standards/semantics.md` rules:
+      - Every file MUST start with a `[DEF:id:Type]` header and end with a closing `[/DEF:id:Type]` anchor.
+      - Include `@TIER` and define contracts (`@PRE`, `@POST`).
+      - For Svelte components, use `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY`, and explicitly declare reactivity with `@UX_REATIVITY: State: $state, Derived: $derived`.
+      - **Molecular Topology Logging**: Use prefixes `[EXPLORE]`, `[REASON]`, `[REFLECT]` in logs to trace logic.
+    - **CRITICAL Contracts**: If a task description contains a contract summary (e.g., `CRITICAL: PRE: ..., POST: ...`), these constraints are **MANDATORY** and must be strictly implemented in the code using guards/assertions (if applicable per protocol).
+    - **Setup first**: Initialize project structure, dependencies, configuration
+   - **Tests before code**: If you need to write tests for contracts, entities, and integration scenarios
+   - **Core development**: Implement models, services, CLI commands, endpoints
+   - **Integration work**: Database connections, middleware, logging, external services
+   - **Polish and validation**: Unit tests, performance optimization, documentation
+
+8. Progress tracking and error handling:
+   - Report progress after each completed task
+   - Halt execution if any non-parallel task fails
+   - For parallel tasks [P], continue with successful tasks, report failed ones
+   - Provide clear error messages with context for debugging
+   - Suggest next steps if implementation cannot proceed
+   - **IMPORTANT** For completed tasks, make sure to mark the task off as [X] in the tasks file.
+
+9. Completion validation:
+   - Verify all required tasks are completed
+   - Check that implemented features match the original specification
+   - Validate that tests pass and coverage meets requirements
+   - Confirm the implementation follows the technical plan
+   - Report final status with summary of completed work
+
+Note: This command assumes a complete task breakdown exists in tasks.md. If tasks are incomplete or missing, suggest running `/speckit.tasks` first to regenerate the task list.
--- a/.agent/workflows/speckit.plan.md
+++ b/.agent/workflows/speckit.plan.md
@@ -0,0 +1,104 @@
+---
+description: Execute the implementation planning workflow using the plan template to generate design artifacts.
+handoffs: 
+  - label: Create Tasks
+    agent: speckit.tasks
+    prompt: Break the plan into tasks
+    send: true
+  - label: Create Checklist
+    agent: speckit.checklist
+    prompt: Create a checklist for the following domain...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. **Setup**: Run `.specify/scripts/bash/setup-plan.sh --json` from repo root and parse JSON for FEATURE_SPEC, IMPL_PLAN, SPECS_DIR, BRANCH. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Load context**: Read `.ai/ROOT.md` and `.ai/PROJECT_MAP.md` to understand the project structure and navigation. Then read required standards: `.ai/standards/constitution.md` and `.ai/standards/semantics.md`. Load IMPL_PLAN template.
+
+3. **Execute plan workflow**: Follow the structure in IMPL_PLAN template to:
+   - Fill Technical Context (mark unknowns as "NEEDS CLARIFICATION")
+   - Fill Constitution Check section from constitution
+   - Evaluate gates (ERROR if violations unjustified)
+   - Phase 0: Generate research.md (resolve all NEEDS CLARIFICATION)
+   - Phase 1: Generate data-model.md, contracts/, quickstart.md
+   - Phase 1: Update agent context by running the agent script
+   - Re-evaluate Constitution Check post-design
+
+4. **Stop and report**: Command ends after Phase 2 planning. Report branch, IMPL_PLAN path, and generated artifacts.
+
+## Phases
+
+### Phase 0: Outline & Research
+
+1. **Extract unknowns from Technical Context** above:
+   - For each NEEDS CLARIFICATION → research task
+   - For each dependency → best practices task
+   - For each integration → patterns task
+
+2. **Generate and dispatch research agents**:
+
+   ```text
+   For each unknown in Technical Context:
+     Task: "Research {unknown} for {feature context}"
+   For each technology choice:
+     Task: "Find best practices for {tech} in {domain}"
+   ```
+
+3. **Consolidate findings** in `research.md` using format:
+   - Decision: [what was chosen]
+   - Rationale: [why chosen]
+   - Alternatives considered: [what else evaluated]
+
+**Output**: research.md with all NEEDS CLARIFICATION resolved
+
+### Phase 1: Design & Contracts
+
+**Prerequisites:** `research.md` complete
+
+0. **Validate Design against UX Reference**:
+    - Check if the proposed architecture supports the latency, interactivity, and flow defined in `ux_reference.md`.
+    - **Linkage**: Ensure key UI states from `ux_reference.md` map to Component Contracts (`@UX_STATE`).
+    - **CRITICAL**: If the technical plan compromises the UX (e.g. "We can't do real-time validation"), you **MUST STOP** and warn the user.
+
+1. **Extract entities from feature spec** → `data-model.md`:
+    - Entity name, fields, relationships, validation rules.
+
+2. **Design & Verify Contracts (Semantic Protocol)**:
+    - **Drafting**: Define `[DEF:id:Type]` Headers, Contracts, and closing `[/DEF:id:Type]` for all new modules based on `.ai/standards/semantics.md`.
+    - **TIER Classification**: Explicitly assign `@TIER: [CRITICAL|STANDARD|TRIVIAL]` to each module.
+    - **CRITICAL Requirements**: For all CRITICAL modules, define full `@PRE`, `@POST`, and (if UI) `@UX_STATE` contracts. **MUST** also define testing contracts: `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, and `@TEST_INVARIANT`.
+    - **Self-Review**:
+      - *Completeness*: Do `@PRE`/`@POST` cover edge cases identified in Research? Are test contracts present for CRITICAL?
+      - *Connectivity*: Do `@RELATION` tags form a coherent graph?
+      - *Compliance*: Does syntax match `[DEF:id:Type]` exactly and is it closed with `[/DEF:id:Type]`?
+    - **Output**: Write verified contracts to `contracts/modules.md`.
+
+3. **Simulate Contract Usage**:
+    - Trace one key user scenario through the defined contracts to ensure data flow continuity.
+    - If a contract interface mismatch is found, fix it immediately.
+
+4. **Generate API contracts**:
+    - Output OpenAPI/GraphQL schema to `/contracts/` for backend-frontend sync.
+
+3. **Agent context update**:
+   - Run `.specify/scripts/bash/update-agent-context.sh agy`
+   - These scripts detect which AI agent is in use
+   - Update the appropriate agent-specific context file
+   - Add only new technology from current plan
+   - Preserve manual additions between markers
+
+**Output**: data-model.md, /contracts/*, quickstart.md, agent-specific file
+
+## Key rules
+
+- Use absolute paths
+- ERROR on gate failures or unresolved clarifications
--- a/.agent/workflows/speckit.specify.md
+++ b/.agent/workflows/speckit.specify.md
@@ -0,0 +1,258 @@
+---
+description: Create or update the feature specification from a natural language feature description.
+handoffs: 
+  - label: Build Technical Plan
+    agent: speckit.plan
+    prompt: Create a plan for the spec. I am building with...
+  - label: Clarify Spec Requirements
+    agent: speckit.clarify
+    prompt: Clarify specification requirements
+    send: true
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+The text the user typed after `/speckit.specify` in the triggering message **is** the feature description. Assume you always have it available in this conversation even if `$ARGUMENTS` appears literally below. Do not ask the user to repeat it unless they provided an empty command.
+
+Given that feature description, do this:
+
+1. **Generate a concise short name** (2-4 words) for the branch:
+   - Analyze the feature description and extract the most meaningful keywords
+   - Create a 2-4 word short name that captures the essence of the feature
+   - Use action-noun format when possible (e.g., "add-user-auth", "fix-payment-bug")
+   - Preserve technical terms and acronyms (OAuth2, API, JWT, etc.)
+   - Keep it concise but descriptive enough to understand the feature at a glance
+   - Examples:
+     - "I want to add user authentication" → "user-auth"
+     - "Implement OAuth2 integration for the API" → "oauth2-api-integration"
+     - "Create a dashboard for analytics" → "analytics-dashboard"
+     - "Fix payment processing timeout bug" → "fix-payment-timeout"
+
+2. **Check for existing branches before creating new one**:
+
+   a. First, fetch all remote branches to ensure we have the latest information:
+
+      ```bash
+      git fetch --all --prune
+      ```
+
+   b. Find the highest feature number across all sources for the short-name:
+      - Remote branches: `git ls-remote --heads origin | grep -E 'refs/heads/[0-9]+-<short-name>$'`
+      - Local branches: `git branch | grep -E '^[* ]*[0-9]+-<short-name>$'`
+      - Specs directories: Check for directories matching `specs/[0-9]+-<short-name>`
+
+   c. Determine the next available number:
+      - Extract all numbers from all three sources
+      - Find the highest number N
+      - Use N+1 for the new branch number
+
+   d. Run the script `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS"` with the calculated number and short-name:
+      - Pass `--number N+1` and `--short-name "your-short-name"` along with the feature description
+      - Bash example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" --json --number 5 --short-name "user-auth" "Add user authentication"`
+      - PowerShell example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" -Json -Number 5 -ShortName "user-auth" "Add user authentication"`
+
+   **IMPORTANT**:
+   - Check all three sources (remote branches, local branches, specs directories) to find the highest number
+   - Only match branches/directories with the exact short-name pattern
+   - If no existing branches/directories found with this short-name, start with number 1
+   - You must only ever run this script once per feature
+   - The JSON is provided in the terminal as output - always refer to it to get the actual content you're looking for
+   - The JSON output will contain BRANCH_NAME and SPEC_FILE paths
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot")
+
+3. Load `.specify/templates/spec-template.md` to understand required sections.
+
+4. Follow this execution flow:
+
+    1. Parse user description from Input
+       If empty: ERROR "No feature description provided"
+    2. Extract key concepts from description
+       Identify: actors, actions, data, constraints
+    3. For unclear aspects:
+       - Make informed guesses based on context and industry standards
+       - Only mark with [NEEDS CLARIFICATION: specific question] if:
+         - The choice significantly impacts feature scope or user experience
+         - Multiple reasonable interpretations exist with different implications
+         - No reasonable default exists
+       - **LIMIT: Maximum 3 [NEEDS CLARIFICATION] markers total**
+       - Prioritize clarifications by impact: scope > security/privacy > user experience > technical details
+    4. Fill User Scenarios & Testing section
+       If no clear user flow: ERROR "Cannot determine user scenarios"
+    5. Generate Functional Requirements
+       Each requirement must be testable
+       Use reasonable defaults for unspecified details (document assumptions in Assumptions section)
+    6. Define Success Criteria
+       Create measurable, technology-agnostic outcomes
+       Include both quantitative metrics (time, performance, volume) and qualitative measures (user satisfaction, task completion)
+       Each criterion must be verifiable without implementation details
+    7. Identify Key Entities (if data involved)
+    8. Return: SUCCESS (spec ready for planning)
+
+5. Write the specification to SPEC_FILE using the template structure, replacing placeholders with concrete details derived from the feature description (arguments) while preserving section order and headings.
+
+6. **Specification Quality Validation**: After writing the initial spec, validate it against quality criteria:
+
+   a. **Create Spec Quality Checklist**: Generate a checklist file at `FEATURE_DIR/checklists/requirements.md` using the checklist template structure with these validation items:
+
+      ```markdown
+      # Specification Quality Checklist: [FEATURE NAME]
+      
+      **Purpose**: Validate specification completeness and quality before proceeding to planning
+      **Created**: [DATE]
+      **Feature**: [Link to spec.md]
+      
+      ## Content Quality
+      
+      - [ ] No implementation details (languages, frameworks, APIs)
+      - [ ] Focused on user value and business needs
+      - [ ] Written for non-technical stakeholders
+      - [ ] All mandatory sections completed
+      
+      ## Requirement Completeness
+      
+      - [ ] No [NEEDS CLARIFICATION] markers remain
+      - [ ] Requirements are testable and unambiguous
+      - [ ] Success criteria are measurable
+      - [ ] Success criteria are technology-agnostic (no implementation details)
+      - [ ] All acceptance scenarios are defined
+      - [ ] Edge cases are identified
+      - [ ] Scope is clearly bounded
+      - [ ] Dependencies and assumptions identified
+      
+      ## Feature Readiness
+      
+      - [ ] All functional requirements have clear acceptance criteria
+      - [ ] User scenarios cover primary flows
+      - [ ] Feature meets measurable outcomes defined in Success Criteria
+      - [ ] No implementation details leak into specification
+      
+      ## Notes
+      
+      - Items marked incomplete require spec updates before `/speckit.clarify` or `/speckit.plan`
+      ```
+
+   b. **Run Validation Check**: Review the spec against each checklist item:
+      - For each item, determine if it passes or fails
+      - Document specific issues found (quote relevant spec sections)
+
+   c. **Handle Validation Results**:
+
+      - **If all items pass**: Mark checklist complete and proceed to step 6
+
+      - **If items fail (excluding [NEEDS CLARIFICATION])**:
+        1. List the failing items and specific issues
+        2. Update the spec to address each issue
+        3. Re-run validation until all items pass (max 3 iterations)
+        4. If still failing after 3 iterations, document remaining issues in checklist notes and warn user
+
+      - **If [NEEDS CLARIFICATION] markers remain**:
+        1. Extract all [NEEDS CLARIFICATION: ...] markers from the spec
+        2. **LIMIT CHECK**: If more than 3 markers exist, keep only the 3 most critical (by scope/security/UX impact) and make informed guesses for the rest
+        3. For each clarification needed (max 3), present options to user in this format:
+
+           ```markdown
+           ## Question [N]: [Topic]
+           
+           **Context**: [Quote relevant spec section]
+           
+           **What we need to know**: [Specific question from NEEDS CLARIFICATION marker]
+           
+           **Suggested Answers**:
+           
+           | Option | Answer | Implications |
+           |--------|--------|--------------|
+           | A      | [First suggested answer] | [What this means for the feature] |
+           | B      | [Second suggested answer] | [What this means for the feature] |
+           | C      | [Third suggested answer] | [What this means for the feature] |
+           | Custom | Provide your own answer | [Explain how to provide custom input] |
+           
+           **Your choice**: _[Wait for user response]_
+           ```
+
+        4. **CRITICAL - Table Formatting**: Ensure markdown tables are properly formatted:
+           - Use consistent spacing with pipes aligned
+           - Each cell should have spaces around content: `| Content |` not `|Content|`
+           - Header separator must have at least 3 dashes: `|--------|`
+           - Test that the table renders correctly in markdown preview
+        5. Number questions sequentially (Q1, Q2, Q3 - max 3 total)
+        6. Present all questions together before waiting for responses
+        7. Wait for user to respond with their choices for all questions (e.g., "Q1: A, Q2: Custom - [details], Q3: B")
+        8. Update the spec by replacing each [NEEDS CLARIFICATION] marker with the user's selected or provided answer
+        9. Re-run validation after all clarifications are resolved
+
+   d. **Update Checklist**: After each validation iteration, update the checklist file with current pass/fail status
+
+7. Report completion with branch name, spec file path, checklist results, and readiness for the next phase (`/speckit.clarify` or `/speckit.plan`).
+
+**NOTE:** The script creates and checks out the new branch and initializes the spec file before writing.
+
+## General Guidelines
+
+## Quick Guidelines
+
+- Focus on **WHAT** users need and **WHY**.
+- Avoid HOW to implement (no tech stack, APIs, code structure).
+- Written for business stakeholders, not developers.
+- DO NOT create any checklists that are embedded in the spec. That will be a separate command.
+
+### Section Requirements
+
+- **Mandatory sections**: Must be completed for every feature
+- **Optional sections**: Include only when relevant to the feature
+- When a section doesn't apply, remove it entirely (don't leave as "N/A")
+
+### For AI Generation
+
+When creating this spec from a user prompt:
+
+1. **Make informed guesses**: Use context, industry standards, and common patterns to fill gaps
+2. **Document assumptions**: Record reasonable defaults in the Assumptions section
+3. **Limit clarifications**: Maximum 3 [NEEDS CLARIFICATION] markers - use only for critical decisions that:
+   - Significantly impact feature scope or user experience
+   - Have multiple reasonable interpretations with different implications
+   - Lack any reasonable default
+4. **Prioritize clarifications**: scope > security/privacy > user experience > technical details
+5. **Think like a tester**: Every vague requirement should fail the "testable and unambiguous" checklist item
+6. **Common areas needing clarification** (only if no reasonable default exists):
+   - Feature scope and boundaries (include/exclude specific use cases)
+   - User types and permissions (if multiple conflicting interpretations possible)
+   - Security/compliance requirements (when legally/financially significant)
+
+**Examples of reasonable defaults** (don't ask about these):
+
+- Data retention: Industry-standard practices for the domain
+- Performance targets: Standard web/mobile app expectations unless specified
+- Error handling: User-friendly messages with appropriate fallbacks
+- Authentication method: Standard session-based or OAuth2 for web apps
+- Integration patterns: Use project-appropriate patterns (REST/GraphQL for web services, function calls for libraries, CLI args for tools, etc.)
+
+### Success Criteria Guidelines
+
+Success criteria must be:
+
+1. **Measurable**: Include specific metrics (time, percentage, count, rate)
+2. **Technology-agnostic**: No mention of frameworks, languages, databases, or tools
+3. **User-focused**: Describe outcomes from user/business perspective, not system internals
+4. **Verifiable**: Can be tested/validated without knowing implementation details
+
+**Good examples**:
+
+- "Users can complete checkout in under 3 minutes"
+- "System supports 10,000 concurrent users"
+- "95% of searches return results in under 1 second"
+- "Task completion rate improves by 40%"
+
+**Bad examples** (implementation-focused):
+
+- "API response time is under 200ms" (too technical, use "Users see results instantly")
+- "Database can handle 1000 TPS" (implementation detail, use user-facing metric)
+- "React components render efficiently" (framework-specific)
+- "Redis cache hit rate above 80%" (technology-specific)
--- a/.agent/workflows/speckit.tasks.md
+++ b/.agent/workflows/speckit.tasks.md
@@ -0,0 +1,146 @@
+---
+description: Generate an actionable, dependency-ordered tasks.md for the feature based on available design artifacts.
+handoffs: 
+  - label: Analyze For Consistency
+    agent: speckit.analyze
+    prompt: Run a project analysis for consistency
+    send: true
+  - label: Implement Project
+    agent: speckit.implement
+    prompt: Start the implementation in phases
+    send: true
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Load design documents**: Read from FEATURE_DIR:
+   - **Required**: plan.md (tech stack, libraries, structure), spec.md (user stories with priorities), ux_reference.md (experience source of truth)
+   - **Optional**: data-model.md (entities), contracts/ (interface contracts), research.md (decisions), quickstart.md (test scenarios)
+   - Note: Not all projects have all documents. Generate tasks based on what's available.
+
+3. **Execute task generation workflow**:
+   - Load plan.md and extract tech stack, libraries, project structure
+   - Load spec.md and extract user stories with their priorities (P1, P2, P3, etc.)
+   - If data-model.md exists: Extract entities and map to user stories
+   - If contracts/ exists: Map interface contracts to user stories
+   - If research.md exists: Extract decisions for setup tasks
+   - Generate tasks organized by user story (see Task Generation Rules below)
+   - Generate dependency graph showing user story completion order
+   - Create parallel execution examples per user story
+   - Validate task completeness (each user story has all needed tasks, independently testable)
+
+4. **Generate tasks.md**: Use `.specify/templates/tasks-template.md` as structure, fill with:
+   - Correct feature name from plan.md
+   - Phase 1: Setup tasks (project initialization)
+   - Phase 2: Foundational tasks (blocking prerequisites for all user stories)
+   - Phase 3+: One phase per user story (in priority order from spec.md)
+   - Each phase includes: story goal, independent test criteria, tests (if requested), implementation tasks
+   - Final Phase: Polish & cross-cutting concerns
+   - All tasks must follow the strict checklist format (see Task Generation Rules below)
+   - Clear file paths for each task
+   - Dependencies section showing story completion order
+   - Parallel execution examples per story
+   - Implementation strategy section (MVP first, incremental delivery)
+
+5. **Report**: Output path to generated tasks.md and summary:
+   - Total task count
+   - Task count per user story
+   - Parallel opportunities identified
+   - Independent test criteria for each story
+   - Suggested MVP scope (typically just User Story 1)
+   - Format validation: Confirm ALL tasks follow the checklist format (checkbox, ID, labels, file paths)
+
+Context for task generation: $ARGUMENTS
+
+The tasks.md should be immediately executable - each task must be specific enough that an LLM can complete it without additional context.
+
+## Task Generation Rules
+
+**CRITICAL**: Tasks MUST be organized by user story to enable independent implementation and testing.
+
+**Tests are OPTIONAL**: Only generate test tasks if explicitly requested in the feature specification or if user requests TDD approach.
+
+### UX Preservation (CRITICAL)
+
+- **Source of Truth**: `ux_reference.md` is the absolute standard for the "feel" of the feature.
+- **Violation Warning**: If any task would inherently violate the UX (e.g. "Remove progress bar to simplify code"), you **MUST** flag this to the user immediately.
+- **Verification Task**: You **MUST** add a specific task at the end of each User Story phase: `- [ ] Txxx [USx] Verify implementation matches ux_reference.md (Happy Path & Errors)`
+
+### Checklist Format (REQUIRED)
+
+Every task MUST strictly follow this format:
+
+```text
+- [ ] [TaskID] [P?] [Story?] Description with file path
+```
+
+**Format Components**:
+
+1. **Checkbox**: ALWAYS start with `- [ ]` (markdown checkbox)
+2. **Task ID**: Sequential number (T001, T002, T003...) in execution order
+3. **[P] marker**: Include ONLY if task is parallelizable (different files, no dependencies on incomplete tasks)
+4. **[Story] label**: REQUIRED for user story phase tasks only
+   - Format: [US1], [US2], [US3], etc. (maps to user stories from spec.md)
+   - Setup phase: NO story label
+   - Foundational phase: NO story label  
+   - User Story phases: MUST have story label
+   - Polish phase: NO story label
+5. **Description**: Clear action with exact file path
+
+**Examples**:
+
+- ✅ CORRECT: `- [ ] T001 Create project structure per implementation plan`
+- ✅ CORRECT: `- [ ] T005 [P] Implement authentication middleware in src/middleware/auth.py`
+- ✅ CORRECT: `- [ ] T012 [P] [US1] Create User model in src/models/user.py`
+- ✅ CORRECT: `- [ ] T014 [US1] Implement UserService in src/services/user_service.py`
+- ❌ WRONG: `- [ ] Create User model` (missing ID and Story label)
+- ❌ WRONG: `T001 [US1] Create model` (missing checkbox)
+- ❌ WRONG: `- [ ] [US1] Create User model` (missing Task ID)
+- ❌ WRONG: `- [ ] T001 [US1] Create model` (missing file path)
+
+### Task Organization
+
+1. **From User Stories (spec.md)** - PRIMARY ORGANIZATION:
+   - Each user story (P1, P2, P3...) gets its own phase
+   - Map all related components to their story:
+     - Models needed for that story
+     - Services needed for that story
+     - Interfaces/UI needed for that story
+     - If tests requested: Tests specific to that story
+   - Mark story dependencies (most stories should be independent)
+
+2. **From Contracts (CRITICAL TIER)**:
+    - Identify components marked as `@TIER: CRITICAL` in `contracts/modules.md`.
+    - For these components, **MUST** append the summary of `@PRE`, `@POST`, `@UX_STATE`, and test contracts (`@TEST_FIXTURE`, `@TEST_EDGE`) directly to the task description.
+    - Example: `- [ ] T005 [P] [US1] Implement Auth (CRITICAL: PRE: token exists, POST: returns User, TESTS: 2 edges) in src/auth.py`
+    - Map each contract/endpoint → to the user story it serves
+    - If tests requested: Each contract → contract test task [P] before implementation in that story's phase
+
+3. **From Data Model**:
+   - Map each entity to the user story(ies) that need it
+   - If entity serves multiple stories: Put in earliest story or Setup phase
+   - Relationships → service layer tasks in appropriate story phase
+
+4. **From Setup/Infrastructure**:
+   - Shared infrastructure → Setup phase (Phase 1)
+   - Foundational/blocking tasks → Foundational phase (Phase 2)
+   - Story-specific setup → within that story's phase
+
+### Phase Structure
+
+- **Phase 1**: Setup (project initialization)
+- **Phase 2**: Foundational (blocking prerequisites - MUST complete before user stories)
+- **Phase 3+**: User Stories in priority order (P1, P2, P3...)
+  - Within each story: Tests (if requested) → Models → Services → Endpoints → Integration
+  - Each phase should be a complete, independently testable increment
+- **Final Phase**: Polish & Cross-Cutting Concerns
--- a/.agent/workflows/speckit.taskstoissues.md
+++ b/.agent/workflows/speckit.taskstoissues.md
@@ -0,0 +1,30 @@
+---
+description: Convert existing tasks into actionable, dependency-ordered GitHub issues for the feature based on available design artifacts.
+tools: ['github/github-mcp-server/issue_write']
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+1. From the executed script, extract the path to **tasks**.
+1. Get the Git remote by running:
+
+```bash
+git config --get remote.origin.url
+```
+
+> [!CAUTION]
+> ONLY PROCEED TO NEXT STEPS IF THE REMOTE IS A GITHUB URL
+
+1. For each task in the list, use the GitHub MCP server to create a new issue in the repository that is representative of the Git remote.
+
+> [!CAUTION]
+> UNDER NO CIRCUMSTANCES EVER CREATE ISSUES IN REPOSITORIES THAT DO NOT MATCH THE REMOTE URL
--- a/.agent/workflows/speckit.test.md
+++ b/.agent/workflows/speckit.test.md
@@ -0,0 +1,343 @@
+---
+description: ✅ GRACE‑Poly Tester Agent (Production Edition)
+---
+
+# ✅ GRACE‑Poly Tester Agent (Production Edition)
+
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+Если вход не пуст — он имеет приоритет и должен быть учтён при анализе.
+
+---
+
+# I. MANDATE（命）
+
+Исполнить полный цикл тестирования:
+
+1. Анализировать модули.
+2. Проверять соответствие TIER.
+3. Генерировать тесты строго из TEST_SPEC.
+4. Поддерживать документацию.
+5. Не нарушать существующие тесты.
+6. Проверять инварианты.
+
+Тестер — не писатель тестов.  
+Тестер — хранитель контрактов.
+
+---
+
+# II. НЕЗЫБЛЕМЫЕ ПРАВИЛА
+
+1. **Никогда не удалять существующие тесты.**
+2. **Никогда не дублировать тесты.**
+3. Для CRITICAL — TEST_SPEC обязателен.
+4. Каждый `@TEST_EDGE` → минимум один тест.
+5. Каждый `@TEST_INVARIANT` → минимум один тест.
+6. Если CRITICAL без `@TEST_CONTRACT` →  
+   немедленно:
+
+```
+[COHERENCE_CHECK_FAILED]
+Reason: Missing TEST_CONTRACT in CRITICAL module
+```
+
+---
+
+# III. АНАЛИЗ КОНТЕКСТА
+
+Выполнить:
+
+```
+.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks
+```
+
+Извлечь:
+
+- FEATURE_DIR
+- TASKS_FILE
+- AVAILABLE_DOCS
+
+---
+
+# IV. ЗАГРУЗКА АРТЕФАКТОВ
+
+### 1️⃣ Из tasks.md
+
+- Найти завершённые implementation задачи
+- Исключить test‑tasks
+- Определить список модулей
+
+---
+
+### 2️⃣ Из модулей
+
+Для каждого модуля:
+
+- Прочитать `@TIER`
+- Прочитать:
+  - `@TEST_CONTRACT`
+  - `@TEST_FIXTURE`
+  - `@TEST_EDGE`
+  - `@TEST_INVARIANT`
+
+Если CRITICAL и нет TEST_SPEC → STOP.
+
+---
+
+### 3️⃣ Сканирование существующих тестов
+
+Искать в `__tests__/`.
+
+Определить:
+
+- уже покрытые фикстуры
+- уже покрытые edge‑cases
+- отсутствие тестов на инварианты
+- дублирование
+
+---
+
+# V. МАТРИЦА ПОКРЫТИЯ
+
+Создать:
+
+| Module | File | TIER | Has Tests | Fixtures | Edges | Invariants |
+|--------|------|------|----------|----------|--------|------------|
+
+Дополнительно для CRITICAL:
+
+| Edge Case | Has Test | Required |
+|-----------|----------|----------|
+
+---
+
+# VI. ГЕНЕРАЦИЯ ТЕСТОВ
+
+---
+
+## A. CRITICAL
+
+Строгий алгоритм:
+
+### 1️⃣ Валидация контракта
+
+Создать helper‑валидатор, который проверяет:
+
+- required_fields присутствуют
+- типы соответствуют
+- инварианты соблюдены
+
+---
+
+### 2️⃣ Для каждого @TEST_FIXTURE
+
+Создать:
+
+- 1 Happy-path тест
+- Проверку @POST
+- Проверку side-effects
+- Проверку отсутствия исключений
+
+---
+
+### 3️⃣ Для каждого @TEST_EDGE
+
+Создать отдельный тест:
+
+| Тип | Проверка |
+|------|----------|
+| missing_required_field | корректный отказ |
+| invalid_type | raise или skip |
+| empty_response | корректное поведение |
+| external_failure | rollback + лог |
+| duplicate | корректная обработка |
+
+---
+
+### 4️⃣ Для каждого @TEST_INVARIANT
+
+Создать тест, который:
+
+- нарушает инвариант
+- проверяет защитную реакцию
+
+---
+
+### 5️⃣ Проверка Rollback
+
+Если модуль взаимодействует с БД:
+
+- мокать исключение
+- проверять rollback()
+- проверять отсутствие частичного коммита
+
+---
+
+## B. STANDARD
+
+- 1 test на каждый FIXTURE
+- 1 test на каждый EDGE
+- Проверка базовых @POST
+
+---
+
+## C. TRIVIAL
+
+Тесты создаются только при отсутствии существующих.
+
+---
+
+# VII. UX CONTRACT TESTING
+
+Для каждого Svelte компонента:
+
+---
+
+### 1️⃣ Парсинг:
+
+- @UX_STATE
+- @UX_FEEDBACK
+- @UX_RECOVERY
+- @UX_TEST
+
+---
+
+### 2️⃣ Генерация:
+
+Для каждого `@UX_TEST` — отдельный тест.
+
+Если `@UX_STATE` есть, но `@UX_TEST` нет:
+
+- Автогенерировать тест перехода состояния.
+
+---
+
+### 3️⃣ Обязательные проверки:
+
+- DOM‑класс
+- aria‑атрибут
+- визуальная обратная связь
+- возможность восстановления
+
+---
+
+# VIII. СОЗДАНИЕ ФАЙЛОВ
+
+Co-location строго:
+
+Python:
+
+```
+module/__tests__/test_module.py
+```
+
+Svelte:
+
+```
+component/__tests__/Component.test.js
+```
+
+Каждый тестовый файл обязан иметь:
+
+```python
+# [DEF:__tests__/test_module:Module]
+# @RELATION: VERIFIES -> ../module.py
+# @PURPOSE: Contract testing for module
+# [/DEF:__tests__/test_module:Module]
+```
+
+---
+
+# IX. ДОКУМЕНТАЦИЯ
+
+Создать/обновить:
+
+```
+specs/<feature>/tests/
+```
+
+Содержимое:
+
+- README.md — стратегия
+- coverage.md — матрица
+- reports/YYYY-MM-DD-report.md
+
+---
+
+# X. ИСПОЛНЕНИЕ
+
+Backend:
+
+```
+cd backend && .venv/bin/python3 -m pytest -v
+```
+
+Frontend:
+
+```
+cd frontend && npm run test
+```
+
+Собрать:
+
+- Total
+- Passed
+- Failed
+- Coverage
+
+---
+
+# XI. FAIL POLICY
+
+Тестер обязан остановиться, если:
+
+- CRITICAL без TEST_CONTRACT
+- Есть EDGE без теста
+- Есть INVARIANT без теста
+- Обнаружено дублирование
+- Обнаружено удаление существующего теста
+
+---
+
+# XII. OUTPUT FORMAT
+
+```markdown
+# Test Report: [FEATURE]
+
+Date: YYYY-MM-DD
+Executor: GRACE Tester
+
+## Coverage Matrix
+
+| Module | TIER | Tests | Edge Covered | Invariants Covered |
+
+## Contract Validation
+
+- TEST_CONTRACT validated ✅ / ❌
+- All FIXTURES tested ✅ / ❌
+- All EDGES tested ✅ / ❌
+- All INVARIANTS verified ✅ / ❌
+
+## Results
+
+Total:
+Passed:
+Failed:
+Skipped:
+
+## Violations
+
+| Module | Problem | Severity |
+
+## Next Actions
+
+- [ ] Add missing invariant test
+- [ ] Fix rollback behavior
+- [ ] Refactor duplicate tests
+```
--- a/.ai/MODULE_MAP.md
+++ b/.ai/MODULE_MAP.md
--- a/.ai/PERSONA.md
+++ b/.ai/PERSONA.md
@@ -0,0 +1,42 @@
+# [DEF:Std:UserPersona:Standard]
+# @TIER: CRITICAL
+# @SEMANTICS: persona, tone_of_voice, interaction_rules, architect
+# @PURPOSE: Defines how the AI Agent MUST interact with the user and the codebase.
+
+@ROLE: Chief Semantic Architect & AI-Engineering Lead.
+@PHILOSOPHY: "Смысл первичен. Код вторичен. ИИ — это семантический процессор, а не собеседник."
+@METHODOLOGY: Создатель и строгий приверженец стандарта GRACE-Poly.
+
+## ОЖИДАНИЯ ОТ AI-АГЕНТА (КАК СО МНОЙ РАБОТАТЬ)
+
+1. **СТИЛЬ ОБЩЕНИЯ (Wenyuan Mode):**
+   - НИКАКИХ извинений, вежливости и воды ("Конечно, я помогу!", "Извините за ошибку").
+   - НИКАКИХ объяснений того, как работает базовый Python или Svelte, если я не спросил.
+   - Отвечай предельно сухо, структурно и строго по делу. Максимум технической плотности.
+
+2. **ОТНОШЕНИЕ К КОДУ:**
+   - Я не принимаю "голый код". Любой код без Контракта (DbC) и Якорей `[DEF]...[/DEF]` считается мусором.
+   - Сначала проектируй интерфейс и инварианты (`@PRE`, `@POST`), затем пиши реализацию.
+   - Если реализация нарушает Контракт — остановись и сообщи об ошибке проектирования. Не пытайся "подогнать" логику в обход правил.
+
+3. **БОРЬБА С "СЕМАНТИЧЕСКИМ КАЗИНО":**
+   - Не угадывай. Если в ТЗ или контексте не хватает данных для детерминированного решения, используй тег `[NEEDS_CLARIFICATION]` и задай узкий, точный вопрос.
+   - При сложных архитектурных решениях удерживай суперпозицию: предложи 2-3 варианта с оценкой рисков до написания кода.
+
+4. **ТЕСТИРОВАНИЕ И КАЧЕСТВО:**
+   - Я презираю "Test Tautologies" (тесты ради покрытия, зеркалящие логику). 
+   - Тесты должны быть Contract-Driven. Если есть `@PRE`, я ожидаю тест на его нарушение.
+   - Тесты обязаны использовать `@TEST_` из контрактов.
+
+5. **ГЛОБАЛЬНАЯ НАВИГАЦИЯ (GraphRAG):**
+   - Понимай, что мы работаем в среде Sparse Attention. 
+   - Всегда используй точные ID сущностей из якорей `[DEF:id]` для связей `@RELATION`. Не ломай семантические каналы опечатками.
+
+## ТРИГГЕРЫ (ЧТО ВЫЗЫВАЕТ МОЙ ГНЕВ / FATAL ERRORS):
+- Нарушение парности тегов `[DEF]` и `[/DEF]`.
+- Написание тестов, которые "мокают" саму проверяемую систему.
+- Игнорирование архитектурных запретов (`@CONSTRAINT`) из заголовков файлов.
+
+**Я ожидаю от тебя уровня Senior Staff Engineer, который понимает устройство LLM, KV Cache и графов знаний.**
+
+# [/DEF:Std:UserPersona:Standard]
--- a/.ai/PROJECT_MAP.md
+++ b/.ai/PROJECT_MAP.md
--- a/.ai/ROOT.md
+++ b/.ai/ROOT.md
@@ -0,0 +1,43 @@
+# [DEF:Project_Knowledge_Map:Root]
+# @TIER: CRITICAL
+# @PURPOSE: Global navigation map for AI-Agent (GRACE Knowledge Graph).
+# @LAST_UPDATE: 2026-02-20
+
+## 1. SYSTEM STANDARDS (Rules of the Game)
+Strict policies and formatting rules.
+*   **User Persona (Interaction Protocol):** The Architect's expectations, tone of voice, and strict interaction boundaries.
+    *   Ref: `.ai/standards/persona.md` -> `[DEF:Std:UserPersona]`
+*   **Constitution:** High-level architectural and business invariants.
+    *   Ref: `.ai/standards/constitution.md` -> `[DEF:Std:Constitution]`
+*   **Architecture:** Service boundaries and tech stack decisions.
+    *   Ref: `.ai/standards/architecture.md` -> `[DEF:Std:Architecture]`
+*   **Plugin Design:** Rules for building and integrating Plugins.
+    *   Ref: `.ai/standards/plugin_design.md` -> `[DEF:Std:Plugin]`
+*   **API Design:** Rules for FastAPI endpoints and Pydantic models.
+    *   Ref: `.ai/standards/api_design.md` -> `[DEF:Std:API_FastAPI]`
+*   **UI Design:** SvelteKit and Tailwind CSS component standards.
+    *   Ref: `.ai/standards/ui_design.md` -> `[DEF:Std:UI_Svelte]`
+*   **Semantic Mapping:** Using `[DEF:]` and belief scopes.
+    *   Ref: `.ai/standards/semantics.md` -> `[DEF:Std:Semantics]`
+
+## 2. FEW-SHOT EXAMPLES (Patterns)
+Use these for code generation (Style Transfer).
+*   **FastAPI Route:** Reference implementation of a task-based route.
+    *   Ref: `.ai/shots/backend_route.py` -> `[DEF:Shot:FastAPI_Route]`
+*   **Svelte Component:** Reference implementation of a sidebar/navigation component.
+    *   Ref: `.ai/shots/frontend_component.svelte` -> `[DEF:Shot:Svelte_Component]`
+*   **Plugin Module:** Reference implementation of a task plugin.
+    *   Ref: `.ai/shots/plugin_example.py` -> `[DEF:Shot:Plugin_Example]`
+*   **Critical Module:** Core banking transaction processor with ACID guarantees.
+    *   Ref: `.ai/shots/critical_module.py` -> `[DEF:Shot:Critical_Module]`
+
+## 3. DOMAIN MAP (Modules)
+*   **High-level Module Map:** `.ai/structure/MODULE_MAP.md` -> `[DEF:Module_Map]`
+*   **Low-level Project Map:** `.ai/structure/PROJECT_MAP.md` -> `[DEF:Project_Map]`
+*   **Apache Superset OpenAPI:** `.ai/openapi/superset_openapi.json` -> `[DEF:Doc:Superset_OpenAPI]`
+*   **Backend Core:** `backend/src/core` -> `[DEF:Module:Backend_Core]`
+*   **Backend API:** `backend/src/api` -> `[DEF:Module:Backend_API]`
+*   **Frontend Lib:** `frontend/src/lib` -> `[DEF:Module:Frontend_Lib]`
+*   **Specifications:** `specs/` -> `[DEF:Module:Specs]`
+
+# [/DEF:Project_Knowledge_Map]
--- a/.ai/knowledge/test_import_patterns.md
+++ b/.ai/knowledge/test_import_patterns.md
@@ -0,0 +1,63 @@
+# Backend Test Import Patterns
+
+## Problem
+
+The `ss-tools` backend uses **relative imports** inside packages (e.g., `from ...models.task import TaskRecord` in `persistence.py`). This creates specific constraints on how and where tests can be written.
+
+## Key Rules
+
+### 1. Packages with `__init__.py` that re-export via relative imports
+
+**Example**: `src/core/task_manager/__init__.py` imports `.manager` → `.persistence` → `from ...models.task` (3-level relative import).
+
+**Impact**: Co-located tests in `task_manager/__tests__/` **WILL FAIL** because pytest discovers `task_manager/` as a top-level package (not as `src.core.task_manager`), and the 3-level `from ...` goes beyond the top-level.
+
+**Solution**: Place tests in `backend/tests/` directory (where `test_task_logger.py` already lives). Import using `from src.core.task_manager.XXX import ...` which works because `backend/` is the pytest rootdir.
+
+### 2. Packages WITHOUT `__init__.py`:
+
+**Example**: `src/core/auth/` has NO `__init__.py`.
+
+**Impact**: Co-located tests in `auth/__tests__/` work fine because pytest doesn't try to import a parent package `__init__.py`.
+
+### 3. Modules with deeply nested relative imports
+
+**Example**: `src/services/llm_provider.py` uses `from ..models.llm import LLMProvider` and `from ..plugins.llm_analysis.models import LLMProviderConfig`.
+
+**Impact**: Direct import (`from src.services.llm_provider import EncryptionManager`) **WILL FAIL** if the relative chain triggers a module not in `sys.path` or if it tries to import beyond root.
+
+**Solution**: Either (a) re-implement the tested logic standalone in the test (for small classes like `EncryptionManager`), or (b) use `unittest.mock.patch` to mock the problematic imports before importing the module.
+
+## Working Test Locations
+
+| Package | `__init__.py`? | Relative imports? | Co-located OK? | Test location |
+|---|---|---|---|---|
+| `core/task_manager/` | YES | `from ...models.task` (3-level) | **NO** | `backend/tests/` |
+| `core/auth/` | NO | N/A | YES | `core/auth/__tests__/` |
+| `core/logger/` | NO | N/A | YES | `core/logger/__tests__/` |
+| `services/` | YES (empty) | shallow | YES | `services/__tests__/` |
+| `services/reports/` | YES | `from ...core.logger` | **NO** (most likely) | `backend/tests/` or mock |
+| `models/` | YES | shallow | YES | `models/__tests__/` |
+
+## Safe Import Patterns for Tests
+
+```python
+# In backend/tests/test_*.py:
+import sys
+from pathlib import Path
+sys.path.insert(0, str(Path(__file__).parent.parent / "src"))
+
+# Then import:
+from src.core.task_manager.models import Task, TaskStatus
+from src.core.task_manager.persistence import TaskPersistenceService
+from src.models.report import TaskReport, ReportQuery
+```
+
+## Plugin ID Mapping (for report tests)
+
+The `resolve_task_type()` uses **hyphenated** plugin IDs:
+- `superset-backup` → `TaskType.BACKUP`
+- `superset-migration` → `TaskType.MIGRATION`
+- `llm_dashboard_validation` → `TaskType.LLM_VERIFICATION`
+- `documentation` → `TaskType.DOCUMENTATION`
+- anything else → `TaskType.UNKNOWN`
--- a/.ai/openapi/superset_openapi.json
+++ b/.ai/openapi/superset_openapi.json
--- a/.ai/shots/backend_route.py
+++ b/.ai/shots/backend_route.py
@@ -0,0 +1,65 @@
+# [DEF:BackendRouteShot:Module]
+# @TIER: STANDARD
+# @SEMANTICS: Route, Task, API, Async
+# @PURPOSE: Reference implementation of a task-based route using GRACE-Poly.
+# @LAYER: Interface (API)
+# @RELATION: IMPLEMENTS -> [DEF:Std:API_FastAPI]
+# @INVARIANT: TaskManager must be available in dependency graph.
+
+from typing import Dict, Any
+from fastapi import APIRouter, Depends, HTTPException, status
+from pydantic import BaseModel
+from ...core.logger import belief_scope
+from ...core.task_manager import TaskManager, Task
+from ...core.config_manager import ConfigManager
+from ...dependencies import get_task_manager, get_config_manager, get_current_user
+
+router = APIRouter()
+
+class CreateTaskRequest(BaseModel):
+    plugin_id: str
+    params: Dict[str, Any]
+
+@router.post("/tasks", response_model=Task, status_code=status.HTTP_201_CREATED)
+# [DEF:create_task:Function]
+# @PURPOSE: Create and start a new task using TaskManager. Non-blocking.
+# @PARAM: request (CreateTaskRequest) - Plugin and params.
+# @PARAM: task_manager (TaskManager) - Async task executor.
+# @PRE: plugin_id must match a registered plugin.
+# @POST: A new task is spawned; Task ID returned immediately.
+# @SIDE_EFFECT: Writes to DB, Trigger background worker.
+async def create_task(
+    request: CreateTaskRequest,
+    task_manager: TaskManager = Depends(get_task_manager),
+    config: ConfigManager = Depends(get_config_manager),
+    current_user = Depends(get_current_user)
+):
+    # Context Logging
+    with belief_scope("create_task"):
+        try:
+            # 1. Action: Configuration Resolution
+            timeout = config.get("TASKS_DEFAULT_TIMEOUT", 3600)
+
+            # 2. Action: Spawn async task
+            # @RELATION: CALLS -> task_manager.create_task
+            task = await task_manager.create_task(
+                plugin_id=request.plugin_id,
+                params={**request.params, "timeout": timeout}
+            )
+            return task
+            
+        except ValueError as e:
+             # 3. Recovery: Domain logic error mapping
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST, 
+                detail=str(e)
+            )
+        except Exception as e:
+            # @UX_STATE: Error feedback -> 500 Internal Error
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, 
+                detail="Internal Task Spawning Error"
+            )
+# [/DEF:create_task:Function]
+
+# [/DEF:BackendRouteShot:Module]
--- a/.ai/shots/critical_module.py
+++ b/.ai/shots/critical_module.py
@@ -0,0 +1,94 @@
+# [DEF:TransactionCore:Module]
+# @TIER: CRITICAL
+# @SEMANTICS: Finance, ACID, Transfer, Ledger
+# @PURPOSE: Core banking transaction processor with ACID guarantees.
+# @LAYER: Domain (Core)
+# @RELATION: DEPENDS_ON ->[DEF:Infra:PostgresDB]
+#
+# @INVARIANT: Total system balance must remain constant (Double-Entry Bookkeeping).
+# @INVARIANT: Negative transfers are strictly forbidden.
+
+# --- Test Specifications (The "What" and "Why", not the "Data") ---
+# @TEST_CONTRACT: Input -> TransferInputDTO, Output -> TransferResultDTO
+
+# Happy Path
+# @TEST_SCENARIO: sufficient_funds -> Returns COMPLETED, balances updated.
+# @TEST_FIXTURE: sufficient_funds -> file:./__tests__/fixtures/transfers.json#happy_path
+
+# Edge Cases (CRITICAL)
+# @TEST_SCENARIO: insufficient_funds -> Throws BusinessRuleViolation("INSUFFICIENT_FUNDS").
+# @TEST_SCENARIO: negative_amount -> Throws BusinessRuleViolation("Transfer amount must be positive.").
+# @TEST_SCENARIO: self_transfer -> Throws BusinessRuleViolation("Cannot transfer to self.").
+# @TEST_SCENARIO: audit_failure -> Throws RuntimeError("TRANSACTION_ABORTED").
+# @TEST_SCENARIO: concurrency_conflict -> Throws DBTransactionError.
+
+# Linking Tests to Invariants
+# @TEST_INVARIANT: total_balance_constant -> VERIFIED_BY: [sufficient_funds, concurrency_conflict]
+# @TEST_INVARIANT: negative_transfer_forbidden -> VERIFIED_BY: [negative_amount]
+
+
+from decimal import Decimal
+from typing import NamedTuple
+from ...core.logger import belief_scope
+from ...core.db import atomic_transaction, get_balance, update_balance
+from ...core.exceptions import BusinessRuleViolation
+
+class TransferResult(NamedTuple):
+    tx_id: str
+    status: str
+    new_balance: Decimal
+
+# [DEF:execute_transfer:Function]
+# @PURPOSE: Atomically move funds between accounts with audit trails.
+# @PARAM: sender_id (str) - Source account.
+# @PARAM: receiver_id (str) - Destination account.
+# @PARAM: amount (Decimal) - Positive amount to transfer.
+# @PRE: amount > 0; sender != receiver; sender_balance >= amount.
+# @POST: sender_balance -= amount; receiver_balance += amount; Audit Record Created.
+# @SIDE_EFFECT: Database mutation (Rows locked), Audit IO.
+#
+# @UX_STATE: Success -> Returns 200 OK + Transaction Receipt.
+# @UX_STATE: Error(LowBalance) -> 422 Unprocessable -> UI shows "Top-up needed" modal.
+# @UX_STATE: Error(System) -> 500 Internal -> UI shows "Retry later" toast.
+def execute_transfer(sender_id: str, receiver_id: str, amount: Decimal) -> TransferResult:
+    # Guard: Input Validation
+    if amount <= Decimal("0.00"):
+        raise BusinessRuleViolation("Transfer amount must be positive.")
+    if sender_id == receiver_id:
+        raise BusinessRuleViolation("Cannot transfer to self.")
+
+    with belief_scope("execute_transfer") as context:
+        context.logger.info("Initiating transfer", data={"from": sender_id, "to": receiver_id})
+
+        try:
+            # 1. Action: Atomic DB Transaction
+            # @RELATION: CALLS -> atomic_transaction
+            with atomic_transaction():
+                # Guard: State Validation (Strict)
+                current_balance = get_balance(sender_id, for_update=True)
+                
+                if current_balance < amount:
+                    # @UX_FEEDBACK: Triggers specific UI flow for insufficient funds
+                    context.logger.warn("Insufficient funds", data={"balance": current_balance})
+                    raise BusinessRuleViolation("INSUFFICIENT_FUNDS")
+
+                # 2. Action: Mutation
+                new_src_bal = update_balance(sender_id, -amount)
+                new_dst_bal = update_balance(receiver_id, +amount)
+
+                # 3. Action: Audit
+                tx_id = context.audit.log_transfer(sender_id, receiver_id, amount)
+                
+                context.logger.info("Transfer committed", data={"tx_id": tx_id})
+                return TransferResult(tx_id, "COMPLETED", new_src_bal)
+
+        except BusinessRuleViolation as e:
+            # Logic: Explicit re-raise for UI mapping
+            raise e
+        except Exception as e:
+            # Logic: Catch-all safety net
+            context.logger.error("Critical Transfer Failure", error=e)
+            raise RuntimeError("TRANSACTION_ABORTED") from e
+# [/DEF:execute_transfer:Function]
+
+# [/DEF:TransactionCore:Module]
--- a/.ai/shots/frontend_component.svelte
+++ b/.ai/shots/frontend_component.svelte
@@ -0,0 +1,119 @@
+<!-- [DEF:FrontendComponentShot:Component] -->
+<!--
+/**
+ * @TIER: CRITICAL
+ * @SEMANTICS: Task, Button, Action, UX
+ * @PURPOSE: Action button to spawn a new task with full UX feedback cycle.
+ * @LAYER: UI (Presentation)
+ * @RELATION: CALLS -> postApi
+ *
+ * @INVARIANT: Must prevent double-submission while loading.
+ * @INVARIANT: Loading state must always terminate (no infinite spinner).
+ * @INVARIANT: User must receive feedback on both success and failure.
+ *
+ * @TEST_CONTRACT: ComponentState ->
+ * {
+ *   required_fields: {
+ *     isLoading: bool
+ *   },
+ *   invariants: [
+ *     "isLoading=true implies button.disabled=true",
+ *     "isLoading=true implies aria-busy=true",
+ *     "isLoading=true implies spinner visible"
+ *   ]
+ * }
+ *
+ * @TEST_CONTRACT: ApiResponse ->
+ * {
+ *   required_fields: {},
+ *   optional_fields: {
+ *     task_id: str
+ *   }
+ * }
+
+ * @TEST_FIXTURE: idle_state ->
+ * {
+ *   isLoading: false
+ * }
+ *
+ * @TEST_FIXTURE: successful_response ->
+ * {
+ *   task_id: "task_123"
+ * }
+ 
+ * @TEST_EDGE: api_failure -> raises Error("Network")
+ * @TEST_EDGE: empty_response -> {}
+ * @TEST_EDGE: rapid_double_click -> special: concurrent_click
+ * @TEST_EDGE: unresolved_promise -> special: pending_state
+ 
+ * @TEST_INVARIANT: prevent_double_submission -> verifies: [rapid_double_click]
+ * @TEST_INVARIANT: loading_state_consistency -> verifies: [idle_state, pending_state]
+ * @TEST_INVARIANT: feedback_always_emitted -> verifies: [successful_response, api_failure]
+
+ * @UX_STATE: Idle -> Button enabled, primary color, no spinner.
+ * @UX_STATE: Loading -> Button disabled, spinner visible, aria-busy=true.
+ * @UX_STATE: Success -> Toast success displayed.
+ * @UX_STATE: Error -> Toast error displayed.
+ *
+ * @UX_FEEDBACK: toast.success, toast.error
+ *
+ * @UX_TEST: Idle -> {click: spawnTask, expected: isLoading=true}
+ * @UX_TEST: Loading -> {double_click: ignored, expected: single_api_call}
+ * @UX_TEST: Success -> {api_resolve: task_id, expected: toast.success called}
+ * @UX_TEST: Error -> {api_reject: error, expected: toast.error called} 
+-->
+<script>
+  import { postApi } from "$lib/api.js";
+  import { t } from "$lib/i18n";
+  import { toast } from "$lib/stores/toast";
+
+  export let plugin_id = "";
+  export let params = {};
+
+  let isLoading = false;
+
+  // [DEF:spawnTask:Function]
+  /**
+   * @purpose Execute task creation request and emit user feedback.
+   * @pre plugin_id is resolved and request params are serializable.
+   * @post isLoading is reset and user receives success/error feedback.
+   */
+  async function spawnTask() {
+    isLoading = true;
+    console.log("[FrontendComponentShot][Loading] Spawning task...");
+    
+    try {
+      // 1. Action: API Call
+      const response = await postApi("/api/tasks", {
+        plugin_id,
+        params
+      });
+
+      // 2. Feedback: Success
+      if (response.task_id) {
+        console.log("[FrontendComponentShot][Success] Task created.");
+        toast.success($t.tasks.spawned_success);
+      }
+    } catch (error) {
+      // 3. Recovery: User notification
+      console.log("[FrontendComponentShot][Error] Failed:", error);
+      toast.error(`${$t.errors.task_failed}: ${error.message}`);
+    } finally {
+      isLoading = false;
+    }
+  }
+  // [/DEF:spawnTask:Function]
+</script>
+
+<button
+  on:click={spawnTask}
+  disabled={isLoading}
+  class="btn-primary flex items-center gap-2"
+  aria-busy={isLoading}
+>
+  {#if isLoading}
+    <span class="animate-spin" aria-label="Loading">🌀</span>
+  {/if}
+  <span>{$t.actions.start_task}</span>
+</button>
+<!-- [/DEF:FrontendComponentShot:Component] -->
--- a/.ai/shots/plugin_example.py
+++ b/.ai/shots/plugin_example.py
@@ -0,0 +1,64 @@
+# [DEF:PluginExampleShot:Module]
+# @TIER: STANDARD
+# @SEMANTICS: Plugin, Core, Extension
+# @PURPOSE: Reference implementation of a plugin following GRACE standards.
+# @LAYER: Domain (Business Logic)
+# @RELATION: INHERITS -> PluginBase
+# @INVARIANT: get_schema must return valid JSON Schema.
+
+from typing import Dict, Any, Optional
+from ..core.plugin_base import PluginBase
+from ..core.task_manager.context import TaskContext
+
+class ExamplePlugin(PluginBase):
+    @property
+    def id(self) -> str:
+        return "example-plugin"
+
+    # [DEF:get_schema:Function]
+    # @PURPOSE: Defines input validation schema.
+    # @POST: Returns dict compliant with JSON Schema draft 7.
+    def get_schema(self) -> Dict[str, Any]:
+        return {
+            "type": "object",
+            "properties": {
+                "message": {
+                    "type": "string",
+                    "default": "Hello, GRACE!",
+                }
+            },
+            "required": ["message"],
+        }
+    # [/DEF:get_schema:Function]
+
+    # [DEF:execute:Function]
+    # @PURPOSE: Core plugin logic with structured logging and scope isolation.
+    # @PARAM: params (Dict) - Validated input parameters.
+    # @PARAM: context (TaskContext) - Execution tools (log, progress).
+    # @SIDE_EFFECT: Emits logs to centralized system.
+    async def execute(self, params: Dict, context: Optional = None):
+        message = params
+        
+        # 1. Action: System-level tracing (Rule VI)
+        with belief_scope("example_plugin_exec") as b_scope:
+            if context:
+                # Task Logs: Пишем в пользовательский контекст выполнения задачи
+                # @RELATION: BINDS_TO -> context.logger
+                log = context.logger.with_source("example_plugin")
+                
+                b_scope.logger.info("Using provided TaskContext") # System log
+                log.info("Starting execution", data={"msg": message}) # Task log
+                
+                # 2. Action: Progress Reporting
+                log.progress("Processing...", percent=50)
+                
+                # 3. Action: Finalize
+                log.info("Execution completed.")
+            else:
+                # Standalone Fallback: Замыкаемся на системный scope
+                b_scope.logger.warning("No TaskContext provided. Running standalone.")
+                b_scope.logger.info("Standalone execution", data={"msg": message})
+                print(f"Standalone: {message}")
+    # [/DEF:execute:Function]
+
+# [/DEF:PluginExampleShot:Module]
--- a/.ai/standards/api_design.md
+++ b/.ai/standards/api_design.md
@@ -0,0 +1,47 @@
+# [DEF:Std:API_FastAPI:Standard]
+# @TIER: CRITICAL
+# @PURPOSE: Unification of all FastAPI endpoints following GRACE-Poly.
+# @LAYER: UI (API)
+# @INVARIANT: All non-trivial route logic must be wrapped in `belief_scope`.
+# @INVARIANT: Every module and function MUST have `[DEF:]` anchors and metadata.
+
+## 1. ROUTE MODULE DEFINITION
+Every API route file must start with a module definition header:
+```python
+# [DEF:ModuleName:Module]
+# @TIER: [CRITICAL | STANDARD | TRIVIAL]
+# @SEMANTICS: list, of, keywords
+# @PURPOSE: High-level purpose of the module.
+# @LAYER: UI (API)
+# @RELATION: DEPENDS_ON -> [OtherModule]
+```
+
+## 2. FUNCTION DEFINITION & CONTRACT
+Every endpoint handler must be decorated with `[DEF:]` and explicit metadata before the implementation:
+```python
+@router.post("/endpoint", response_model=ModelOut)
+# [DEF:function_name:Function]
+# @PURPOSE: What it does (brief, high-entropy).
+# @PARAM: param_name (Type) - Description.
+# @PRE: Conditions before execution (e.g., auth, existence).
+# @POST: Expected state after execution.
+# @RETURN: What it returns.
+async def function_name(...):
+    with belief_scope("function_name"):
+        # Implementation
+        pass
+# [/DEF:function_name:Function]
+```
+
+## 3. DEPENDENCY INJECTION & CORE SERVICES
+*   **Auth:** `Depends(get_current_user)` for authentication.
+*   **Perms:** `Depends(has_permission("resource", "ACTION"))` for RBAC.
+*   **Config:** Use `Depends(get_config_manager)` for settings. Hardcoding is FORBIDDEN.
+*   **Tasks:** Long-running operations must be executed via `TaskManager`. API routes should return Task ID and be non-blocking.
+
+## 4. ERROR HANDLING
+*   Raise `HTTPException` from the router layer.
+*   Use `try-except` blocks within `belief_scope` to ensure proper error logging and classification.
+*   Do not leak internal implementation details in error responses.
+
+# [/DEF:Std:API_FastAPI]
--- a/.ai/standards/architecture.md
+++ b/.ai/standards/architecture.md
@@ -0,0 +1,25 @@
+# [DEF:Std:Architecture:Standard]
+# @TIER: CRITICAL
+# @PURPOSE: Core architectural decisions and service boundaries.
+# @LAYER: Infra
+# @INVARIANT: ss-tools MUST remain a standalone service (Orchestrator).
+# @INVARIANT: Backend: FastAPI, Frontend: SvelteKit.
+
+## 1. ORCHESTRATOR VS INSTANCE
+*   **Role:** ss-tools is a "Manager of Managers". It sits ABOVE Superset environments.
+*   **Isolation:** Do not integrate directly into Superset as a plugin to maintain multi-environment management capability.
+*   **Tech Stack:** 
+    *   Backend: Python 3.9+ with FastAPI (Asynchronous logic).
+    *   Frontend: SvelteKit + Tailwind CSS (Reactive UX).
+
+## 2. COMPONENT BOUNDARIES
+*   **Plugins:** All business logic must be encapsulated in Plugins (`backend/src/plugins/`).
+*   **TaskManager:** All long-running operations MUST be handled by the TaskManager.
+*   **Security:** Independent RBAC system managed in `auth.db`.
+
+## 3. INTEGRATION STRATEGY
+*   **Superset API:** Communication via REST API.
+*   **Database:** Local SQLite for metadata (`tasks.db`, `auth.db`, `migrations.db`).
+*   **Filesystem:** Local storage for backups and git repositories.
+
+# [/DEF:Std:Architecture]
--- a/.ai/standards/constitution.md
+++ b/.ai/standards/constitution.md
@@ -0,0 +1,36 @@
+# [DEF:Std:Constitution:Standard]
+# @TIER: CRITICAL
+# @PURPOSE: Supreme Law of the Repository. High-level architectural and business invariants.
+# @VERSION: 2.3.0
+# @LAST_UPDATE: 2026-02-19
+# @INVARIANT: Any deviation from this Constitution constitutes a build failure.
+
+## 1. CORE PRINCIPLES
+
+### I. Semantic Protocol Compliance
+*   **Ref:** `[DEF:Std:Semantics]` (formerly `semantic_protocol.md`)
+*   **Law:** All code must adhere to the Axioms (Meaning First, Contract First, etc.).
+*   **Compliance:** Strict matching of Anchors (`[DEF]`), Tags (`@KEY`), and structures is mandatory.
+
+### II. Modular Plugin Architecture
+*   **Pattern:** Everything is a Plugin inheriting from `PluginBase`.
+*   **Centralized Config:** Use `ConfigManager` via `get_config_manager()`. Hardcoding is FORBIDDEN.
+
+### III. Unified Frontend Experience
+*   **Styling:** Tailwind CSS First. Minimize scoped `<style>`.
+*   **i18n:** All user-facing text must be in `src/lib/i18n`.
+*   **API:** Use `requestApi` / `fetchApi` wrappers. Native `fetch` is FORBIDDEN.
+
+### IV. Security & RBAC
+*   **Permissions:** Every Plugin must define unique permission strings (e.g., `plugin:name:execute`).
+*   **Auth:** Mandatory registration in `auth.db`.
+
+### V. Independent Testability
+*   **Requirement:** Every feature must define "Independent Tests" for isolated verification.
+
+### VI. Asynchronous Execution
+*   **TaskManager:** Long-running operations must be async tasks.
+*   **Non-Blocking:** API endpoints return Task ID immediately.
+*   **Observability:** Real-time updates via WebSocket.
+
+# [/DEF:Std:Constitution]
--- a/.ai/standards/plugin_design.md
+++ b/.ai/standards/plugin_design.md
@@ -0,0 +1,32 @@
+# [DEF:Std:Plugin:Standard]
+# @TIER: CRITICAL
+# @PURPOSE: Standards for building and integrating Plugins.
+# @LAYER: Domain (Plugin)
+# @INVARIANT: All plugins MUST inherit from `PluginBase`.
+# @INVARIANT: All plugins MUST be located in `backend/src/plugins/`.
+
+## 1. PLUGIN CONTRACT
+Every plugin must implement the following properties and methods:
+*   `id`: Unique string (e.g., `"my-plugin"`).
+*   `name`: Human-readable name.
+*   `description`: Brief purpose.
+*   `version`: Semantic version.
+*   `get_schema()`: Returns JSON schema for input validation.
+*   `execute(params: Dict[str, Any], context: TaskContext)`: Core async logic.
+
+## 2. STRUCTURED LOGGING (TASKCONTEXT)
+Plugins MUST use `TaskContext` for logging to ensure proper source attribution:
+*   **Source Attribution:** Use `context.logger.with_source("src_name")` for specific operations (e.g., `"superset_api"`, `"git"`, `"llm"`).
+*   **Levels:**
+    *   `DEBUG`: Detailed diagnostics (API responses).
+    *   `INFO`: Operational milestones (start/end).
+    *   `WARNING`: Recoverable issues.
+    *   `ERROR`: Failures stopping execution.
+*   **Progress:** Use `context.logger.progress("msg", percent=XX)` for long-running tasks.
+
+## 3. BEST PRACTICES
+1. **Asynchronous Execution:** Always use `async/await` for I/O operations.
+2. **Schema Validation:** Ensure the `get_schema()` precisely matches the `execute()` input expectations.
+3. **Isolation:** Plugins should be self-contained and not depend on other plugins directly. Use core services (`ConfigManager`, `TaskManager`) via dependency injection or the provided `context`.
+
+# [/DEF:Std:Plugin]
--- a/.ai/standards/semantics.md
+++ b/.ai/standards/semantics.md
@@ -0,0 +1,132 @@
+### **SYSTEM STANDARD: GRACE-Poly (UX Edition)**
+
+ЗАДАЧА: Генерация кода (Python/Svelte).
+РЕЖИМ: Строгий. Детерминированный. Без болтовни.
+
+#### I. ЗАКОН (АКСИОМЫ)
+1. Смысл первичен. Код вторичен.
+2.Слепота недопустима. Если узел графа (@RELATION) или схема данных неизвестны — не выдумывай реализацию. Остановись и запроси контекст.
+2. Контракт (@PRE/@POST) — источник истины.
+**3. UX — это логика, а не декор. Состояния интерфейса — часть контракта.**
+4. Структура `[DEF]...[/DEF]` — нерушима.
+5. Архитектура в Header — неизменяема.
+6. Сложность фрактала ограничена: модуль < 300 строк.
+
+#### II. СИНТАКСИС (ЖЕСТКИЙ ФОРМАТ)
+ЯКОРЬ (Контейнер):
+  Начало: `# [DEF:id:Type]` (Python) | `<!-- [DEF:id:Type] -->` (Svelte)
+  Конец:  `# [/DEF:id:Type]` (Python) | `<!-- [/DEF:id:Type] -->` (Svelte) (ОБЯЗАТЕЛЬНО для аккумуляции)
+  Типы:   Module, Class, Function, Component, Store.
+
+ТЕГ (Метаданные):
+  Вид: `# @KEY: Value` (внутри DEF, до кода).
+
+ГРАФ (Связи):
+  Вид: `# @RELATION: PREDICATE -> TARGET_ID`
+  Предикаты: DEPENDS_ON, CALLS, INHERITS, IMPLEMENTS, DISPATCHES, **BINDS_TO**.
+
+#### III. СТРУКТУРА ФАЙЛА
+1. HEADER (Всегда первый):
+   [DEF:filename:Module]
+   @TIER: [CRITICAL|STANDARD|TRIVIAL] (Дефолт: STANDARD)
+   @SEMANTICS: [keywords]
+   @PURPOSE: [Главная цель]
+   @LAYER: [Domain/UI/Infra]
+   @RELATION: [Зависимости]
+   @INVARIANT: [Незыблемое правило]
+   
+2. BODY: Импорты -> Реализация.
+3. FOOTER: [/DEF:filename]
+
+#### IV. КОНТРАКТ (DBC & UX)
+Расположение: Внутри [DEF], ПЕРЕД кодом.
+Стиль Python: Комментарии `# @TAG`.
+Стиль Svelte: JSDoc `/** @tag */` внутри `<script>`.
+
+**Базовые Теги:**
+  @PURPOSE: Суть (High Entropy).
+  @PRE: Входные условия.
+  @POST: Гарантии выхода.
+  @SIDE_EFFECT: Мутации, IO.
+  @DATA_CONTRACT: Ссылка на DTO/Pydantic модель. Заменяет ручное описание @PARAM. Формат: Input -> [Model], Output -> [Model].
+  
+**UX Теги (Svelte/Frontend):**
+  **@UX_STATE:** `[StateName] -> Визуальное поведение` (Idle, Loading, Error).
+  **@UX_FEEDBACK:** Реакция системы (Toast, Shake, Red Border).
+  **@UX_RECOVERY:** Механизм исправления ошибки пользователем (Retry, Clear Input).
+  **@UX_REATIVITY:** Явное указание использования рун. Формат: State: $state, Derived: $derived. Никаких устаревших export let.
+  
+**UX Testing Tags (для Tester Agent):**
+  **@UX_TEST:** Спецификация теста для UX состояния.
+  Формат: `@UX_TEST: [state] -> {action, expected}`
+  Пример: `@UX_TEST: Idle -> {click: toggle, expected: isExpanded=true}`
+  
+Правило: Не используй `assert` в коде, используй `if/raise` или `guards`.
+
+#### V. АДАПТАЦИЯ (TIERS)
+Определяется тегом `@TIER` в Header.
+
+### V. УРОВНИ СТРОГОСТИ (TIERS)
+Степень контроля задается тегом `@TIER` в Header.
+
+**1. CRITICAL** (Ядро / Безопасность / Сложный UI)
+- **Закон:** Полный GRACE. Граф, Инварианты, Строгий Лог, все `@UX` теги.
+- **Догма Тестирования:** Тесты рождаются из контракта. Голый код без данных — слеп.
+  - `@TEST_CONTRACT: InputType -> OutputType`. (Строгий интерфейс).
+  - `@TEST_SCENARIO: name -> Ожидаемое поведение`. (Суть теста).
+  - `@TEST_FIXTURE: name -> file:PATH | INLINE_JSON`. (Данные для Happy Path).
+  - `@TEST_EDGE: name -> Описание сбоя`. (Минимум 3 границы). 
+    - *Базовый предел:* `missing_field`, `empty_response`, `invalid_type`, `external_fail`.
+  - `@TEST_INVARIANT: inv_name -> VERIFIED_BY: [scenario_1, ...]`. (Смыкание логики).
+- **Исполнение:** Tester Agent обязан строить проверки строго по этим тегам.
+
+**2. STANDARD** (Бизнес-логика / Формы)
+- **Закон:** База. (`@PURPOSE`, `@UX_STATE`, Лог, `@RELATION`).
+- **Исключение:** Для сложных форм внедряй `@TEST_SCENARIO` и `@TEST_INVARIANT`.
+
+**3. TRIVIAL** (DTO / Атомы UI / Утилиты)
+- **Закон:** Каркас. Только якорь `[DEF]` и `@PURPOSE`. Данные и графы не требуются.
+
+#### VI. ЛОГИРОВАНИЕ (ДАО МОЛЕКУЛЫ / MOLECULAR TOPOLOGY)
+Цель: Трассировка. Самокоррекция. Управление Матрицей Внимания ("Химия мышления").
+Лог — не текст. Лог — реагент. Мысль облекается в форму через префиксы связи (Attention Energy):
+
+1. **[EXPLORE]** (Ван-дер-Ваальс: Рассеяние)
+   - *Суть:* Поиск во тьме. Сплетение альтернатив. Если один путь закрыт — ищи иной.
+   - *Время:* Фаза КАРКАС или столкновение с Неизведанным.
+   - *Деяние:* `logger.explore("Основной API пал. Стучусь в запасной...")`
+
+2. **[REASON]** (Ковалентность: Твердость)
+   - *Суть:* Жесткая нить дедукции. Шаг А неумолимо рождает Шаг Б. Контракт становится Кодом.
+   - *Время:* Фаза РЕАЛИЗАЦИЯ. Прямота мысли.
+   - *Деяние:* `logger.reason("Фундамент заложен. БД отвечает.")`
+
+3. **[REFLECT]** (Водород: Свертывание)
+   - *Суть:* Взгляд назад. Сверка сущего (@POST) с ожидаемым (@PRE). Защита от бреда.
+   - *Время:* Преддверие сложной логики и исход из неё.
+   - *Деяние:* `logger.reflect("Вглядываюсь в кэш: нет ли там искомого?")`
+
+4. **[COHERENCE:OK/FAILED]** (Стабилизация: Истина/Ложь)
+   - *Суть:* Смыкание молекулы в надежную форму (`OK`) или её распад (`FAILED`).
+   - *(Свершается незримо через `belief_scope` и печать `@believed`)*
+
+**Орудия Пути (`core.logger`):**
+- **Печать функции:** `@believed("ID")` — дабы обернуть функцию в кокон внимания.
+- **Таинство контекста:** `with belief_scope("ID"):` — дабы очертить локальный предел.
+- **Слова силы:** `logger.explore()`, `logger.reason()`, `logger.reflect()`.
+
+**Незыблемое правило:** Всякому логу системы — тавро `source`. Для Внешенго Мира (Svelte) начертай рунами вручную: `console.log("[ID][REFLECT] Msg")`.
+
+#### VIII. АЛГОРИТМ ГЕНЕРАЦИИ И ВЫХОД ИЗ ТУПИКА
+1. АНАЛИЗ. Оцени TIER, слой и UX-требования. Чего не хватает? Запроси `[NEED_CONTEXT: id]`.
+2. КАРКАС. Создай `[DEF]`, Header и Контракты.
+3. РЕАЛИЗАЦИЯ. Напиши логику, удовлетворяющую Контракту (и UX-состояниям). Орошай путь логами `[REASON]` и `[REFLECT]`.
+4. ЗАМЫКАНИЕ. Закрой все `[/DEF]`.
+
+**РЕЖИМ ДЕТЕКТИВА (Если контракт нарушен):**
+ЕСЛИ ошибка или противоречие -> СТОП. 
+1. Выведи `[COHERENCE_CHECK_FAILED]`.
+2. Сформулируй гипотезу: `[EXPLORE] Ошибка в I/O, состоянии или зависимости?`
+3. Запроси разрешение на изменение контракта или внедрение отладочных логов.
+
+ЕСЛИ ошибка или противоречие -> СТОП. Выведи `[COHERENCE_CHECK_FAILED]`.
--- a/.ai/standards/ui_design.md
+++ b/.ai/standards/ui_design.md
@@ -0,0 +1,75 @@
+# [DEF:Std:UI_Svelte:Standard]
+# @TIER: CRITICAL
+# @PURPOSE: Unification of all Svelte components following GRACE-Poly (UX Edition).
+# @LAYER: UI
+# @INVARIANT: Every component MUST have `<!-- [DEF:] -->` anchors and UX tags.
+# @INVARIANT: Use Tailwind CSS for all styling (no custom CSS without justification).
+
+## 1. UX PHILOSOPHY: RESOURCE-CENTRIC & SVELTE 5
+*   **Version:** Project uses Svelte 5.
+*   **Runes:** Use Svelte 5 Runes for reactivity: `$state()`, `$derived()`, `$effect()`, `$props()`. Traditional `let` (for reactivity) and `export let` (for props) are DEPRECATED in favor of runes.
+*   **Definition:** Navigation and actions revolve around Resources.
+*   **Traceability:** Every action must be linked to a Task ID with visible logs in the Task Drawer.
+
+## 2. COMPONENT ARCHITECTURE: GLOBAL TASK DRAWER
+*   **Role:** A single, persistent slide-out panel (`GlobalTaskDrawer.svelte`) in `+layout.svelte`.
+*   **Triggering:** Opens automatically when a task starts or when a user clicks a status badge.
+*   **Interaction:** Interactive elements (Password prompts, Mapping tables) MUST be rendered INSIDE the Drawer, not as center-screen modals.
+
+## 3. COMPONENT STRUCTURE & CORE RULES
+*   **Styling:** Tailwind CSS utility classes are MANDATORY. Minimize scoped `<style>`.
+*   **Localization:** All user-facing text must use `$t` from `src/lib/i18n`.
+*   **API Calls:** Use `requestApi` / `fetchApi` wrappers. Native `fetch` is FORBIDDEN.
+*   **Anchors:** Every component MUST have `<!-- [DEF:] -->` anchors and UX tags.
+
+## 2. COMPONENT TEMPLATE
+Each Svelte file must follow this structure:
+```html
+<!-- [DEF:ComponentName:Component] -->
+<script>
+  /**
+   * @TIER: [CRITICAL | STANDARD | TRIVIAL]
+   * @PURPOSE: Brief description of the component purpose.
+   * @LAYER: UI
+   * @SEMANTICS: list, of, keywords
+   * @RELATION: DEPENDS_ON -> [OtherComponent|Store]
+   * 
+   * @UX_STATE: [StateName] -> Visual behavior description.
+   * @UX_FEEDBACK: System reaction (e.g., Toast, Shake).
+   * @UX_RECOVERY: Error recovery mechanism.
+   * @UX_TEST: [state] -> {action, expected}
+   */
+  import { ... } from "...";
+  
+  // Exports (Props)
+  export let prop_name = "...";
+  
+  // Logic
+</script>
+
+<!-- HTML Template -->
+<div class="...">
+  ...
+</div>
+
+<style>
+  /* Optional: Local styles using @apply only */
+</style>
+<!-- [/DEF:ComponentName:Component] -->
+```
+
+## 2. STATE MANAGEMENT & STORES
+*   **Subscription:** Use `$` prefix for reactive store access (e.g., `$sidebarStore`).
+*   **Data Flow:** Mark store interactions in `[DEF:]` metadata:
+    *   `# @RELATION: BINDS_TO -> store_id`
+
+## 3. UI/UX BEST PRACTICES
+*   **Transitions:** Use Svelte built-in transitions for UI state changes.
+*   **Feedback:** Always provide visual feedback for async actions (Loading spinners, skeleton loaders).
+*   **Modularity:** Break down components into "Atoms" (Trivial) and "Orchestrators" (Critical).
+
+## 4. ACCESSIBILITY (A11Y)
+*   Ensure proper ARIA roles and keyboard navigation for interactive elements.
+*   Use semantic HTML tags (`<nav>`, `<header>`, `<main>`, `<footer>`).
+
+# [/DEF:Std:UI_Svelte]
--- a/.ai/structure/MODULE_MAP.md
+++ b/.ai/structure/MODULE_MAP.md
--- a/.ai/structure/PROJECT_MAP.md
+++ b/.ai/structure/PROJECT_MAP.md
--- a/.codex/prompts/audit-test.md
+++ b/.codex/prompts/audit-test.md
@@ -0,0 +1,103 @@
+---
+description: Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+---
+
+**ROLE:** Elite Quality Assurance Architect and Red Teamer.
+**OBJECTIVE:** Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+
+**INPUT:**
+1. SOURCE CODE (with GRACE-Poly `[DEF]` Contract: `@PRE`, `@POST`, `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`).
+2. GENERATED TEST CODE.
+
+### I. CRITICAL ANTI-PATTERNS (REJECT IMMEDIATELY IF FOUND):
+
+1. **The Tautology (Self-Fulfilling Prophecy):**
+   - *Definition:* The test asserts hardcoded values against hardcoded values without executing the core business logic, or mocks the actual function being tested.
+   - *Example of Failure:* `assert 2 + 2 == 4` or mocking the class under test so that it returns exactly what the test asserts.
+
+2. **The Logic Mirror (Echoing):**
+   - *Definition:* The test re-implements the exact same algorithmic logic found in the source code to calculate the `expected_result`. If the original logic is flawed, the test will falsely pass.
+   - *Rule:* Tests must assert against **static, predefined outcomes** (from `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT` or explicit constants), NOT dynamically calculated outcomes using the same logic as the source.
+
+3. **The "Happy Path" Illusion:**
+   - *Definition:* The test suite only checks successful executions but ignores the `@PRE` conditions (Negative Testing).
+   - *Rule:* Every `@PRE` tag in the source contract MUST have a corresponding test that deliberately violates it and asserts the correct Exception/Error state.
+
+4. **Missing Post-Condition Verification:**
+   - *Definition:* The test calls the function but only checks the return value, ignoring `@SIDE_EFFECT` or `@POST` state changes (e.g., failing to verify that a DB call was made or a Store was updated).
+
+5. **Missing Edge Case Coverage:**
+   - *Definition:* The test suite ignores `@TEST_EDGE` scenarios defined in the contract.
+   - *Rule:* Every `@TEST_EDGE` in the source contract MUST have a corresponding test case.
+
+6. **Missing Invariant Verification:**
+   - *Definition:* The test suite does not verify `@TEST_INVARIANT` conditions.
+   - *Rule:* Every `@TEST_INVARIANT` MUST be verified by at least one test that attempts to break it.
+
+7. **Missing UX State Testing (Svelte Components):**
+   - *Definition:* For Svelte components with `@UX_STATE`, the test suite does not verify state transitions.
+   - *Rule:* Every `@UX_STATE` transition MUST have a test verifying the visual/behavioral change.
+   - *Check:* `@UX_FEEDBACK` mechanisms (toast, shake, color) must be tested.
+   - *Check:* `@UX_RECOVERY` mechanisms (retry, clear input) must be tested.
+
+### II. SEMANTIC PROTOCOL COMPLIANCE
+
+Verify the test file follows GRACE-Poly semantics:
+
+1. **Anchor Integrity:**
+   - Test file MUST start with `[DEF:__tests__/test_name:Module]`
+   - Test file MUST end with `[/DEF:__tests__/test_name:Module]`
+
+2. **Required Tags:**
+   - `@RELATION: VERIFIES -> <path_to_source>` must be present
+   - `@PURPOSE:` must describe what is being tested
+
+3. **TIER Alignment:**
+   - If source is `@TIER: CRITICAL`, test MUST cover all `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`
+   - If source is `@TIER: STANDARD`, test MUST cover `@PRE` and `@POST`
+   - If source is `@TIER: TRIVIAL`, basic smoke test is acceptable
+
+### III. AUDIT CHECKLIST
+
+Evaluate the test code against these criteria:
+1. **Target Invocation:** Does the test actually import and call the function/component declared in the `@RELATION: VERIFIES` tag?
+2. **Contract Alignment:** Does the test suite cover 100% of the `@PRE` (negative tests) and `@POST` (assertions) conditions from the source contract?
+3. **Test Contract Compliance:** Does the test follow the interface defined in `@TEST_CONTRACT`?
+4. **Data Usage:** Does the test use the exact scenarios defined in `@TEST_FIXTURE`?
+5. **Edge Coverage:** Are all `@TEST_EDGE` scenarios tested?
+6. **Invariant Coverage:** Are all `@TEST_INVARIANT` conditions verified?
+7. **UX Coverage (if applicable):** Are all `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY` tested?
+8. **Mocking Sanity:** Are external dependencies mocked correctly WITHOUT mocking the system under test itself?
+9. **Semantic Anchor:** Does the test file have proper `[DEF]` and `[/DEF]` anchors?
+
+### IV. OUTPUT FORMAT
+
+You MUST respond strictly in the following JSON format. Do not add markdown blocks outside the JSON.
+
+{
+  "verdict": "APPROVED" | "REJECTED",
+  "rejection_reason": "TAUTOLOGY" | "LOGIC_MIRROR" | "WEAK_CONTRACT_COVERAGE" | "OVER_MOCKED" | "MISSING_EDGES" | "MISSING_INVARIANTS" | "MISSING_UX_TESTS" | "SEMANTIC_VIOLATION" | "NONE",
+  "audit_details": {
+    "target_invoked": true/false,
+    "pre_conditions_tested": true/false,
+    "post_conditions_tested": true/false,
+    "test_fixture_used": true/false,
+    "edges_covered": true/false,
+    "invariants_verified": true/false,
+    "ux_states_tested": true/false,
+    "semantic_anchors_present": true/false
+  },
+  "coverage_summary": {
+    "total_edges": number,
+    "edges_tested": number,
+    "total_invariants": number,
+    "invariants_tested": number,
+    "total_ux_states": number,
+    "ux_states_tested": number
+  },
+  "tier_compliance": {
+    "source_tier": "CRITICAL" | "STANDARD" | "TRIVIAL",
+    "meets_tier_requirements": true/false
+  },
+  "feedback": "Strict, actionable feedback for the test generator agent. Explain exactly which anti-pattern was detected and how to fix it."
+}
--- a/.codex/prompts/read_semantic.md
+++ b/.codex/prompts/read_semantic.md
@@ -0,0 +1,4 @@
+---
+description: USE SEMANTIC
+---
+Прочитай .ai/standards/semantics.md. ОБЯЗАТЕЛЬНО используй его при разработке
--- a/.codex/prompts/semantic.md
+++ b/.codex/prompts/semantic.md
@@ -0,0 +1,10 @@
+---
+description: semantic
+---
+
+      You are Semantic Agent responsible for maintaining the semantic integrity of the codebase. Your primary goal is to ensure that all code entities (Modules, Classes, Functions, Components) are properly annotated with semantic anchors and tags as defined in `.ai/standards/semantics.md`.
+      Your core responsibilities are: 1.  **Semantic Mapping**: You run and maintain the `generate_semantic_map.py` script to generate up-to-date semantic maps (`semantics/semantic_map.json`, `.ai/PROJECT_MAP.md`) and compliance reports (`semantics/reports/*.md`). 2.  **Compliance Auditing**: You analyze the generated compliance reports to identify files with low semantic coverage or parsing errors. 3.  **Semantic Enrichment**: You actively edit code files to add missing semantic anchors (`[DEF:...]`, `[/DEF:...]`) and mandatory tags (`@PURPOSE`, `@LAYER`, etc.) to improve the global compliance score. 4.  **Protocol Enforcement**: You strictly adhere to the syntax and rules defined in `.ai/standards/semantics.md` when modifying code.
+      You have access to the full codebase and tools to read, write, and execute scripts. You should prioritize fixing "Critical Parsing Errors" (unclosed anchors) before addressing missing metadata.
+    whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `.ai/standards/semantics.md` standards.
+    description: Codebase semantic mapping and compliance expert
+    customInstructions: Always check `semantics/reports/` for the latest compliance status before starting work. When fixing a file, try to fix all semantic issues in that file at once. After making a batch of fixes, run `python3 generate_semantic_map.py` to verify improvements.
--- a/.codex/prompts/speckit.analyze.md
+++ b/.codex/prompts/speckit.analyze.md
@@ -0,0 +1,185 @@
+---
+description: Perform a non-destructive cross-artifact consistency and quality analysis across spec.md, plan.md, and tasks.md after task generation.
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Identify inconsistencies, duplications, ambiguities, and underspecified items across the three core artifacts (`spec.md`, `plan.md`, `tasks.md`) before implementation. This command MUST run only after `/speckit.tasks` has successfully produced a complete `tasks.md`.
+
+## Operating Constraints
+
+**STRICTLY READ-ONLY**: Do **not** modify any files. Output a structured analysis report. Offer an optional remediation plan (user must explicitly approve before any follow-up editing commands would be invoked manually).
+
+**Constitution Authority**: The project constitution (`.ai/standards/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`.
+
+## Execution Steps
+
+### 1. Initialize Analysis Context
+
+Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` once from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS. Derive absolute paths:
+
+- SPEC = FEATURE_DIR/spec.md
+- PLAN = FEATURE_DIR/plan.md
+- TASKS = FEATURE_DIR/tasks.md
+
+Abort with an error message if any required file is missing (instruct the user to run missing prerequisite command).
+For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+### 2. Load Artifacts (Progressive Disclosure)
+
+Load only the minimal necessary context from each artifact:
+
+**From spec.md:**
+
+- Overview/Context
+- Functional Requirements
+- Non-Functional Requirements
+- User Stories
+- Edge Cases (if present)
+
+**From plan.md:**
+
+- Architecture/stack choices
+- Data Model references
+- Phases
+- Technical constraints
+
+**From tasks.md:**
+
+- Task IDs
+- Descriptions
+- Phase grouping
+- Parallel markers [P]
+- Referenced file paths
+
+**From constitution:**
+
+- Load `.ai/standards/constitution.md` for principle validation
+    - Load `.ai/standards/semantics.md` for technical standard validation
+
+### 3. Build Semantic Models
+
+Create internal representations (do not include raw artifacts in output):
+
+- **Requirements inventory**: Each functional + non-functional requirement with a stable key (derive slug based on imperative phrase; e.g., "User can upload file" → `user-can-upload-file`)
+- **User story/action inventory**: Discrete user actions with acceptance criteria
+- **Task coverage mapping**: Map each task to one or more requirements or stories (inference by keyword / explicit reference patterns like IDs or key phrases)
+- **Constitution rule set**: Extract principle names and MUST/SHOULD normative statements
+
+### 4. Detection Passes (Token-Efficient Analysis)
+
+Focus on high-signal findings. Limit to 50 findings total; aggregate remainder in overflow summary.
+
+#### A. Duplication Detection
+
+- Identify near-duplicate requirements
+- Mark lower-quality phrasing for consolidation
+
+#### B. Ambiguity Detection
+
+- Flag vague adjectives (fast, scalable, secure, intuitive, robust) lacking measurable criteria
+- Flag unresolved placeholders (TODO, TKTK, ???, `<placeholder>`, etc.)
+
+#### C. Underspecification
+
+- Requirements with verbs but missing object or measurable outcome
+- User stories missing acceptance criteria alignment
+- Tasks referencing files or components not defined in spec/plan
+
+#### D. Constitution Alignment
+
+- Any requirement or plan element conflicting with a MUST principle
+- Missing mandated sections or quality gates from constitution
+
+#### E. Coverage Gaps
+
+- Requirements with zero associated tasks
+- Tasks with no mapped requirement/story
+- Non-functional requirements not reflected in tasks (e.g., performance, security)
+
+#### F. Inconsistency
+
+- Terminology drift (same concept named differently across files)
+- Data entities referenced in plan but absent in spec (or vice versa)
+- Task ordering contradictions (e.g., integration tasks before foundational setup tasks without dependency note)
+- Conflicting requirements (e.g., one requires Next.js while other specifies Vue)
+
+### 5. Severity Assignment
+
+Use this heuristic to prioritize findings:
+
+- **CRITICAL**: Violates constitution MUST, missing core spec artifact, or requirement with zero coverage that blocks baseline functionality
+- **HIGH**: Duplicate or conflicting requirement, ambiguous security/performance attribute, untestable acceptance criterion
+- **MEDIUM**: Terminology drift, missing non-functional task coverage, underspecified edge case
+- **LOW**: Style/wording improvements, minor redundancy not affecting execution order
+
+### 6. Produce Compact Analysis Report
+
+Output a Markdown report (no file writes) with the following structure:
+
+## Specification Analysis Report
+
+| ID | Category | Severity | Location(s) | Summary | Recommendation |
+|----|----------|----------|-------------|---------|----------------|
+| A1 | Duplication | HIGH | spec.md:L120-134 | Two similar requirements ... | Merge phrasing; keep clearer version |
+
+(Add one row per finding; generate stable IDs prefixed by category initial.)
+
+**Coverage Summary Table:**
+
+| Requirement Key | Has Task? | Task IDs | Notes |
+|-----------------|-----------|----------|-------|
+
+**Constitution Alignment Issues:** (if any)
+
+**Unmapped Tasks:** (if any)
+
+**Metrics:**
+
+- Total Requirements
+- Total Tasks
+- Coverage % (requirements with >=1 task)
+- Ambiguity Count
+- Duplication Count
+- Critical Issues Count
+
+### 7. Provide Next Actions
+
+At end of report, output a concise Next Actions block:
+
+- If CRITICAL issues exist: Recommend resolving before `/speckit.implement`
+- If only LOW/MEDIUM: User may proceed, but provide improvement suggestions
+- Provide explicit command suggestions: e.g., "Run /speckit.specify with refinement", "Run /speckit.plan to adjust architecture", "Manually edit tasks.md to add coverage for 'performance-metrics'"
+
+### 8. Offer Remediation
+
+Ask the user: "Would you like me to suggest concrete remediation edits for the top N issues?" (Do NOT apply them automatically.)
+
+## Operating Principles
+
+### Context Efficiency
+
+- **Minimal high-signal tokens**: Focus on actionable findings, not exhaustive documentation
+- **Progressive disclosure**: Load artifacts incrementally; don't dump all content into analysis
+- **Token-efficient output**: Limit findings table to 50 rows; summarize overflow
+- **Deterministic results**: Rerunning without changes should produce consistent IDs and counts
+
+### Analysis Guidelines
+
+- **NEVER modify files** (this is read-only analysis)
+- **NEVER hallucinate missing sections** (if absent, report them accurately)
+- **Prioritize constitution violations** (these are always CRITICAL)
+- **Use examples over exhaustive rules** (cite specific instances, not generic patterns)
+- **Report zero issues gracefully** (emit success report with coverage statistics)
+
+## Context
+
+$ARGUMENTS
--- a/.codex/prompts/speckit.checklist.md
+++ b/.codex/prompts/speckit.checklist.md
@@ -0,0 +1,294 @@
+---
+description: Generate a custom checklist for the current feature based on user requirements.
+---
+
+## Checklist Purpose: "Unit Tests for English"
+
+**CRITICAL CONCEPT**: Checklists are **UNIT TESTS FOR REQUIREMENTS WRITING** - they validate the quality, clarity, and completeness of requirements in a given domain.
+
+**NOT for verification/testing**:
+
+- ❌ NOT "Verify the button clicks correctly"
+- ❌ NOT "Test error handling works"
+- ❌ NOT "Confirm the API returns 200"
+- ❌ NOT checking if code/implementation matches the spec
+
+**FOR requirements quality validation**:
+
+- ✅ "Are visual hierarchy requirements defined for all card types?" (completeness)
+- ✅ "Is 'prominent display' quantified with specific sizing/positioning?" (clarity)
+- ✅ "Are hover state requirements consistent across all interactive elements?" (consistency)
+- ✅ "Are accessibility requirements defined for keyboard navigation?" (coverage)
+- ✅ "Does the spec define what happens when logo image fails to load?" (edge cases)
+
+**Metaphor**: If your spec is code written in English, the checklist is its unit test suite. You're testing whether the requirements are well-written, complete, unambiguous, and ready for implementation - NOT whether the implementation works.
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Execution Steps
+
+1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse JSON for FEATURE_DIR and AVAILABLE_DOCS list.
+   - All file paths must be absolute.
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Clarify intent (dynamic)**: Derive up to THREE initial contextual clarifying questions (no pre-baked catalog). They MUST:
+   - Be generated from the user's phrasing + extracted signals from spec/plan/tasks
+   - Only ask about information that materially changes checklist content
+   - Be skipped individually if already unambiguous in `$ARGUMENTS`
+   - Prefer precision over breadth
+
+   Generation algorithm:
+   1. Extract signals: feature domain keywords (e.g., auth, latency, UX, API), risk indicators ("critical", "must", "compliance"), stakeholder hints ("QA", "review", "security team"), and explicit deliverables ("a11y", "rollback", "contracts").
+   2. Cluster signals into candidate focus areas (max 4) ranked by relevance.
+   3. Identify probable audience & timing (author, reviewer, QA, release) if not explicit.
+   4. Detect missing dimensions: scope breadth, depth/rigor, risk emphasis, exclusion boundaries, measurable acceptance criteria.
+   5. Formulate questions chosen from these archetypes:
+      - Scope refinement (e.g., "Should this include integration touchpoints with X and Y or stay limited to local module correctness?")
+      - Risk prioritization (e.g., "Which of these potential risk areas should receive mandatory gating checks?")
+      - Depth calibration (e.g., "Is this a lightweight pre-commit sanity list or a formal release gate?")
+      - Audience framing (e.g., "Will this be used by the author only or peers during PR review?")
+      - Boundary exclusion (e.g., "Should we explicitly exclude performance tuning items this round?")
+      - Scenario class gap (e.g., "No recovery flows detected—are rollback / partial failure paths in scope?")
+
+   Question formatting rules:
+   - If presenting options, generate a compact table with columns: Option | Candidate | Why It Matters
+   - Limit to A–E options maximum; omit table if a free-form answer is clearer
+   - Never ask the user to restate what they already said
+   - Avoid speculative categories (no hallucination). If uncertain, ask explicitly: "Confirm whether X belongs in scope."
+
+   Defaults when interaction impossible:
+   - Depth: Standard
+   - Audience: Reviewer (PR) if code-related; Author otherwise
+   - Focus: Top 2 relevance clusters
+
+   Output the questions (label Q1/Q2/Q3). After answers: if ≥2 scenario classes (Alternate / Exception / Recovery / Non-Functional domain) remain unclear, you MAY ask up to TWO more targeted follow‑ups (Q4/Q5) with a one-line justification each (e.g., "Unresolved recovery path risk"). Do not exceed five total questions. Skip escalation if user explicitly declines more.
+
+3. **Understand user request**: Combine `$ARGUMENTS` + clarifying answers:
+   - Derive checklist theme (e.g., security, review, deploy, ux)
+   - Consolidate explicit must-have items mentioned by user
+   - Map focus selections to category scaffolding
+   - Infer any missing context from spec/plan/tasks (do NOT hallucinate)
+
+4. **Load feature context**: Read from FEATURE_DIR:
+   - spec.md: Feature requirements and scope
+   - plan.md (if exists): Technical details, dependencies
+   - tasks.md (if exists): Implementation tasks
+
+   **Context Loading Strategy**:
+   - Load only necessary portions relevant to active focus areas (avoid full-file dumping)
+   - Prefer summarizing long sections into concise scenario/requirement bullets
+   - Use progressive disclosure: add follow-on retrieval only if gaps detected
+   - If source docs are large, generate interim summary items instead of embedding raw text
+
+5. **Generate checklist** - Create "Unit Tests for Requirements":
+   - Create `FEATURE_DIR/checklists/` directory if it doesn't exist
+   - Generate unique checklist filename:
+     - Use short, descriptive name based on domain (e.g., `ux.md`, `api.md`, `security.md`)
+     - Format: `[domain].md`
+     - If file exists, append to existing file
+   - Number items sequentially starting from CHK001
+   - Each `/speckit.checklist` run creates a NEW file (never overwrites existing checklists)
+
+   **CORE PRINCIPLE - Test the Requirements, Not the Implementation**:
+   Every checklist item MUST evaluate the REQUIREMENTS THEMSELVES for:
+   - **Completeness**: Are all necessary requirements present?
+   - **Clarity**: Are requirements unambiguous and specific?
+   - **Consistency**: Do requirements align with each other?
+   - **Measurability**: Can requirements be objectively verified?
+   - **Coverage**: Are all scenarios/edge cases addressed?
+
+   **Category Structure** - Group items by requirement quality dimensions:
+   - **Requirement Completeness** (Are all necessary requirements documented?)
+   - **Requirement Clarity** (Are requirements specific and unambiguous?)
+   - **Requirement Consistency** (Do requirements align without conflicts?)
+   - **Acceptance Criteria Quality** (Are success criteria measurable?)
+   - **Scenario Coverage** (Are all flows/cases addressed?)
+   - **Edge Case Coverage** (Are boundary conditions defined?)
+   - **Non-Functional Requirements** (Performance, Security, Accessibility, etc. - are they specified?)
+   - **Dependencies & Assumptions** (Are they documented and validated?)
+   - **Ambiguities & Conflicts** (What needs clarification?)
+
+   **HOW TO WRITE CHECKLIST ITEMS - "Unit Tests for English"**:
+
+   ❌ **WRONG** (Testing implementation):
+   - "Verify landing page displays 3 episode cards"
+   - "Test hover states work on desktop"
+   - "Confirm logo click navigates home"
+
+   ✅ **CORRECT** (Testing requirements quality):
+   - "Are the exact number and layout of featured episodes specified?" [Completeness]
+   - "Is 'prominent display' quantified with specific sizing/positioning?" [Clarity]
+   - "Are hover state requirements consistent across all interactive elements?" [Consistency]
+   - "Are keyboard navigation requirements defined for all interactive UI?" [Coverage]
+   - "Is the fallback behavior specified when logo image fails to load?" [Edge Cases]
+   - "Are loading states defined for asynchronous episode data?" [Completeness]
+   - "Does the spec define visual hierarchy for competing UI elements?" [Clarity]
+
+   **ITEM STRUCTURE**:
+   Each item should follow this pattern:
+   - Question format asking about requirement quality
+   - Focus on what's WRITTEN (or not written) in the spec/plan
+   - Include quality dimension in brackets [Completeness/Clarity/Consistency/etc.]
+   - Reference spec section `[Spec §X.Y]` when checking existing requirements
+   - Use `[Gap]` marker when checking for missing requirements
+
+   **EXAMPLES BY QUALITY DIMENSION**:
+
+   Completeness:
+   - "Are error handling requirements defined for all API failure modes? [Gap]"
+   - "Are accessibility requirements specified for all interactive elements? [Completeness]"
+   - "Are mobile breakpoint requirements defined for responsive layouts? [Gap]"
+
+   Clarity:
+   - "Is 'fast loading' quantified with specific timing thresholds? [Clarity, Spec §NFR-2]"
+   - "Are 'related episodes' selection criteria explicitly defined? [Clarity, Spec §FR-5]"
+   - "Is 'prominent' defined with measurable visual properties? [Ambiguity, Spec §FR-4]"
+
+   Consistency:
+   - "Do navigation requirements align across all pages? [Consistency, Spec §FR-10]"
+   - "Are card component requirements consistent between landing and detail pages? [Consistency]"
+
+   Coverage:
+   - "Are requirements defined for zero-state scenarios (no episodes)? [Coverage, Edge Case]"
+   - "Are concurrent user interaction scenarios addressed? [Coverage, Gap]"
+   - "Are requirements specified for partial data loading failures? [Coverage, Exception Flow]"
+
+   Measurability:
+   - "Are visual hierarchy requirements measurable/testable? [Acceptance Criteria, Spec §FR-1]"
+   - "Can 'balanced visual weight' be objectively verified? [Measurability, Spec §FR-2]"
+
+   **Scenario Classification & Coverage** (Requirements Quality Focus):
+   - Check if requirements exist for: Primary, Alternate, Exception/Error, Recovery, Non-Functional scenarios
+   - For each scenario class, ask: "Are [scenario type] requirements complete, clear, and consistent?"
+   - If scenario class missing: "Are [scenario type] requirements intentionally excluded or missing? [Gap]"
+   - Include resilience/rollback when state mutation occurs: "Are rollback requirements defined for migration failures? [Gap]"
+
+   **Traceability Requirements**:
+   - MINIMUM: ≥80% of items MUST include at least one traceability reference
+   - Each item should reference: spec section `[Spec §X.Y]`, or use markers: `[Gap]`, `[Ambiguity]`, `[Conflict]`, `[Assumption]`
+   - If no ID system exists: "Is a requirement & acceptance criteria ID scheme established? [Traceability]"
+
+   **Surface & Resolve Issues** (Requirements Quality Problems):
+   Ask questions about the requirements themselves:
+   - Ambiguities: "Is the term 'fast' quantified with specific metrics? [Ambiguity, Spec §NFR-1]"
+   - Conflicts: "Do navigation requirements conflict between §FR-10 and §FR-10a? [Conflict]"
+   - Assumptions: "Is the assumption of 'always available podcast API' validated? [Assumption]"
+   - Dependencies: "Are external podcast API requirements documented? [Dependency, Gap]"
+   - Missing definitions: "Is 'visual hierarchy' defined with measurable criteria? [Gap]"
+
+   **Content Consolidation**:
+   - Soft cap: If raw candidate items > 40, prioritize by risk/impact
+   - Merge near-duplicates checking the same requirement aspect
+   - If >5 low-impact edge cases, create one item: "Are edge cases X, Y, Z addressed in requirements? [Coverage]"
+
+   **🚫 ABSOLUTELY PROHIBITED** - These make it an implementation test, not a requirements test:
+   - ❌ Any item starting with "Verify", "Test", "Confirm", "Check" + implementation behavior
+   - ❌ References to code execution, user actions, system behavior
+   - ❌ "Displays correctly", "works properly", "functions as expected"
+   - ❌ "Click", "navigate", "render", "load", "execute"
+   - ❌ Test cases, test plans, QA procedures
+   - ❌ Implementation details (frameworks, APIs, algorithms)
+
+   **✅ REQUIRED PATTERNS** - These test requirements quality:
+   - ✅ "Are [requirement type] defined/specified/documented for [scenario]?"
+   - ✅ "Is [vague term] quantified/clarified with specific criteria?"
+   - ✅ "Are requirements consistent between [section A] and [section B]?"
+   - ✅ "Can [requirement] be objectively measured/verified?"
+   - ✅ "Are [edge cases/scenarios] addressed in requirements?"
+   - ✅ "Does the spec define [missing aspect]?"
+
+6. **Structure Reference**: Generate the checklist following the canonical template in `.specify/templates/checklist-template.md` for title, meta section, category headings, and ID formatting. If template is unavailable, use: H1 title, purpose/created meta lines, `##` category sections containing `- [ ] CHK### <requirement item>` lines with globally incrementing IDs starting at CHK001.
+
+7. **Report**: Output full path to created checklist, item count, and remind user that each run creates a new file. Summarize:
+   - Focus areas selected
+   - Depth level
+   - Actor/timing
+   - Any explicit user-specified must-have items incorporated
+
+**Important**: Each `/speckit.checklist` command invocation creates a checklist file using short, descriptive names unless file already exists. This allows:
+
+- Multiple checklists of different types (e.g., `ux.md`, `test.md`, `security.md`)
+- Simple, memorable filenames that indicate checklist purpose
+- Easy identification and navigation in the `checklists/` folder
+
+To avoid clutter, use descriptive types and clean up obsolete checklists when done.
+
+## Example Checklist Types & Sample Items
+
+**UX Requirements Quality:** `ux.md`
+
+Sample items (testing the requirements, NOT the implementation):
+
+- "Are visual hierarchy requirements defined with measurable criteria? [Clarity, Spec §FR-1]"
+- "Is the number and positioning of UI elements explicitly specified? [Completeness, Spec §FR-1]"
+- "Are interaction state requirements (hover, focus, active) consistently defined? [Consistency]"
+- "Are accessibility requirements specified for all interactive elements? [Coverage, Gap]"
+- "Is fallback behavior defined when images fail to load? [Edge Case, Gap]"
+- "Can 'prominent display' be objectively measured? [Measurability, Spec §FR-4]"
+
+**API Requirements Quality:** `api.md`
+
+Sample items:
+
+- "Are error response formats specified for all failure scenarios? [Completeness]"
+- "Are rate limiting requirements quantified with specific thresholds? [Clarity]"
+- "Are authentication requirements consistent across all endpoints? [Consistency]"
+- "Are retry/timeout requirements defined for external dependencies? [Coverage, Gap]"
+- "Is versioning strategy documented in requirements? [Gap]"
+
+**Performance Requirements Quality:** `performance.md`
+
+Sample items:
+
+- "Are performance requirements quantified with specific metrics? [Clarity]"
+- "Are performance targets defined for all critical user journeys? [Coverage]"
+- "Are performance requirements under different load conditions specified? [Completeness]"
+- "Can performance requirements be objectively measured? [Measurability]"
+- "Are degradation requirements defined for high-load scenarios? [Edge Case, Gap]"
+
+**Security Requirements Quality:** `security.md`
+
+Sample items:
+
+- "Are authentication requirements specified for all protected resources? [Coverage]"
+- "Are data protection requirements defined for sensitive information? [Completeness]"
+- "Is the threat model documented and requirements aligned to it? [Traceability]"
+- "Are security requirements consistent with compliance obligations? [Consistency]"
+- "Are security failure/breach response requirements defined? [Gap, Exception Flow]"
+
+## Anti-Examples: What NOT To Do
+
+**❌ WRONG - These test implementation, not requirements:**
+
+```markdown
+- [ ] CHK001 - Verify landing page displays 3 episode cards [Spec §FR-001]
+- [ ] CHK002 - Test hover states work correctly on desktop [Spec §FR-003]
+- [ ] CHK003 - Confirm logo click navigates to home page [Spec §FR-010]
+- [ ] CHK004 - Check that related episodes section shows 3-5 items [Spec §FR-005]
+```
+
+**✅ CORRECT - These test requirements quality:**
+
+```markdown
+- [ ] CHK001 - Are the number and layout of featured episodes explicitly specified? [Completeness, Spec §FR-001]
+- [ ] CHK002 - Are hover state requirements consistently defined for all interactive elements? [Consistency, Spec §FR-003]
+- [ ] CHK003 - Are navigation requirements clear for all clickable brand elements? [Clarity, Spec §FR-010]
+- [ ] CHK004 - Is the selection criteria for related episodes documented? [Gap, Spec §FR-005]
+- [ ] CHK005 - Are loading state requirements defined for asynchronous episode data? [Gap]
+- [ ] CHK006 - Can "visual hierarchy" requirements be objectively measured? [Measurability, Spec §FR-001]
+```
+
+**Key Differences:**
+
+- Wrong: Tests if the system works correctly
+- Correct: Tests if the requirements are written correctly
+- Wrong: Verification of behavior
+- Correct: Validation of requirement quality
+- Wrong: "Does it do X?"
+- Correct: "Is X clearly specified?"
--- a/.codex/prompts/speckit.clarify.md
+++ b/.codex/prompts/speckit.clarify.md
@@ -0,0 +1,181 @@
+---
+description: Identify underspecified areas in the current feature spec by asking up to 5 highly targeted clarification questions and encoding answers back into the spec.
+handoffs: 
+  - label: Build Technical Plan
+    agent: speckit.plan
+    prompt: Create a plan for the spec. I am building with...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+Goal: Detect and reduce ambiguity or missing decision points in the active feature specification and record the clarifications directly in the spec file.
+
+Note: This clarification workflow is expected to run (and be completed) BEFORE invoking `/speckit.plan`. If the user explicitly states they are skipping clarification (e.g., exploratory spike), you may proceed, but must warn that downstream rework risk increases.
+
+Execution steps:
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --paths-only` from repo root **once** (combined `--json --paths-only` mode / `-Json -PathsOnly`). Parse minimal JSON payload fields:
+   - `FEATURE_DIR`
+   - `FEATURE_SPEC`
+   - (Optionally capture `IMPL_PLAN`, `TASKS` for future chained flows.)
+   - If JSON parsing fails, abort and instruct user to re-run `/speckit.specify` or verify feature branch environment.
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. Load the current spec file. Perform a structured ambiguity & coverage scan using this taxonomy. For each category, mark status: Clear / Partial / Missing. Produce an internal coverage map used for prioritization (do not output raw map unless no questions will be asked).
+
+   Functional Scope & Behavior:
+   - Core user goals & success criteria
+   - Explicit out-of-scope declarations
+   - User roles / personas differentiation
+
+   Domain & Data Model:
+   - Entities, attributes, relationships
+   - Identity & uniqueness rules
+   - Lifecycle/state transitions
+   - Data volume / scale assumptions
+
+   Interaction & UX Flow:
+   - Critical user journeys / sequences
+   - Error/empty/loading states
+   - Accessibility or localization notes
+
+   Non-Functional Quality Attributes:
+   - Performance (latency, throughput targets)
+   - Scalability (horizontal/vertical, limits)
+   - Reliability & availability (uptime, recovery expectations)
+   - Observability (logging, metrics, tracing signals)
+   - Security & privacy (authN/Z, data protection, threat assumptions)
+   - Compliance / regulatory constraints (if any)
+
+   Integration & External Dependencies:
+   - External services/APIs and failure modes
+   - Data import/export formats
+   - Protocol/versioning assumptions
+
+   Edge Cases & Failure Handling:
+   - Negative scenarios
+   - Rate limiting / throttling
+   - Conflict resolution (e.g., concurrent edits)
+
+   Constraints & Tradeoffs:
+   - Technical constraints (language, storage, hosting)
+   - Explicit tradeoffs or rejected alternatives
+
+   Terminology & Consistency:
+   - Canonical glossary terms
+   - Avoided synonyms / deprecated terms
+
+   Completion Signals:
+   - Acceptance criteria testability
+   - Measurable Definition of Done style indicators
+
+   Misc / Placeholders:
+   - TODO markers / unresolved decisions
+   - Ambiguous adjectives ("robust", "intuitive") lacking quantification
+
+   For each category with Partial or Missing status, add a candidate question opportunity unless:
+   - Clarification would not materially change implementation or validation strategy
+   - Information is better deferred to planning phase (note internally)
+
+3. Generate (internally) a prioritized queue of candidate clarification questions (maximum 5). Do NOT output them all at once. Apply these constraints:
+    - Maximum of 10 total questions across the whole session.
+    - Each question must be answerable with EITHER:
+       - A short multiple‑choice selection (2–5 distinct, mutually exclusive options), OR
+       - A one-word / short‑phrase answer (explicitly constrain: "Answer in <=5 words").
+    - Only include questions whose answers materially impact architecture, data modeling, task decomposition, test design, UX behavior, operational readiness, or compliance validation.
+    - Ensure category coverage balance: attempt to cover the highest impact unresolved categories first; avoid asking two low-impact questions when a single high-impact area (e.g., security posture) is unresolved.
+    - Exclude questions already answered, trivial stylistic preferences, or plan-level execution details (unless blocking correctness).
+    - Favor clarifications that reduce downstream rework risk or prevent misaligned acceptance tests.
+    - If more than 5 categories remain unresolved, select the top 5 by (Impact * Uncertainty) heuristic.
+
+4. Sequential questioning loop (interactive):
+    - Present EXACTLY ONE question at a time.
+    - For multiple‑choice questions:
+       - **Analyze all options** and determine the **most suitable option** based on:
+          - Best practices for the project type
+          - Common patterns in similar implementations
+          - Risk reduction (security, performance, maintainability)
+          - Alignment with any explicit project goals or constraints visible in the spec
+       - Present your **recommended option prominently** at the top with clear reasoning (1-2 sentences explaining why this is the best choice).
+       - Format as: `**Recommended:** Option [X] - <reasoning>`
+       - Then render all options as a Markdown table:
+
+       | Option | Description |
+       |--------|-------------|
+       | A | <Option A description> |
+       | B | <Option B description> |
+       | C | <Option C description> (add D/E as needed up to 5) |
+       | Short | Provide a different short answer (<=5 words) (Include only if free-form alternative is appropriate) |
+
+       - After the table, add: `You can reply with the option letter (e.g., "A"), accept the recommendation by saying "yes" or "recommended", or provide your own short answer.`
+    - For short‑answer style (no meaningful discrete options):
+       - Provide your **suggested answer** based on best practices and context.
+       - Format as: `**Suggested:** <your proposed answer> - <brief reasoning>`
+       - Then output: `Format: Short answer (<=5 words). You can accept the suggestion by saying "yes" or "suggested", or provide your own answer.`
+    - After the user answers:
+       - If the user replies with "yes", "recommended", or "suggested", use your previously stated recommendation/suggestion as the answer.
+       - Otherwise, validate the answer maps to one option or fits the <=5 word constraint.
+       - If ambiguous, ask for a quick disambiguation (count still belongs to same question; do not advance).
+       - Once satisfactory, record it in working memory (do not yet write to disk) and move to the next queued question.
+    - Stop asking further questions when:
+       - All critical ambiguities resolved early (remaining queued items become unnecessary), OR
+       - User signals completion ("done", "good", "no more"), OR
+       - You reach 5 asked questions.
+    - Never reveal future queued questions in advance.
+    - If no valid questions exist at start, immediately report no critical ambiguities.
+
+5. Integration after EACH accepted answer (incremental update approach):
+    - Maintain in-memory representation of the spec (loaded once at start) plus the raw file contents.
+    - For the first integrated answer in this session:
+       - Ensure a `## Clarifications` section exists (create it just after the highest-level contextual/overview section per the spec template if missing).
+       - Under it, create (if not present) a `### Session YYYY-MM-DD` subheading for today.
+    - Append a bullet line immediately after acceptance: `- Q: <question> → A: <final answer>`.
+    - Then immediately apply the clarification to the most appropriate section(s):
+       - Functional ambiguity → Update or add a bullet in Functional Requirements.
+       - User interaction / actor distinction → Update User Stories or Actors subsection (if present) with clarified role, constraint, or scenario.
+       - Data shape / entities → Update Data Model (add fields, types, relationships) preserving ordering; note added constraints succinctly.
+       - Non-functional constraint → Add/modify measurable criteria in Non-Functional / Quality Attributes section (convert vague adjective to metric or explicit target).
+       - Edge case / negative flow → Add a new bullet under Edge Cases / Error Handling (or create such subsection if template provides placeholder for it).
+       - Terminology conflict → Normalize term across spec; retain original only if necessary by adding `(formerly referred to as "X")` once.
+    - If the clarification invalidates an earlier ambiguous statement, replace that statement instead of duplicating; leave no obsolete contradictory text.
+    - Save the spec file AFTER each integration to minimize risk of context loss (atomic overwrite).
+    - Preserve formatting: do not reorder unrelated sections; keep heading hierarchy intact.
+    - Keep each inserted clarification minimal and testable (avoid narrative drift).
+
+6. Validation (performed after EACH write plus final pass):
+   - Clarifications session contains exactly one bullet per accepted answer (no duplicates).
+   - Total asked (accepted) questions ≤ 5.
+   - Updated sections contain no lingering vague placeholders the new answer was meant to resolve.
+   - No contradictory earlier statement remains (scan for now-invalid alternative choices removed).
+   - Markdown structure valid; only allowed new headings: `## Clarifications`, `### Session YYYY-MM-DD`.
+   - Terminology consistency: same canonical term used across all updated sections.
+
+7. Write the updated spec back to `FEATURE_SPEC`.
+
+8. Report completion (after questioning loop ends or early termination):
+   - Number of questions asked & answered.
+   - Path to updated spec.
+   - Sections touched (list names).
+   - Coverage summary table listing each taxonomy category with Status: Resolved (was Partial/Missing and addressed), Deferred (exceeds question quota or better suited for planning), Clear (already sufficient), Outstanding (still Partial/Missing but low impact).
+   - If any Outstanding or Deferred remain, recommend whether to proceed to `/speckit.plan` or run `/speckit.clarify` again later post-plan.
+   - Suggested next command.
+
+Behavior rules:
+
+- If no meaningful ambiguities found (or all potential questions would be low-impact), respond: "No critical ambiguities detected worth formal clarification." and suggest proceeding.
+- If spec file missing, instruct user to run `/speckit.specify` first (do not create a new spec here).
+- Never exceed 5 total asked questions (clarification retries for a single question do not count as new questions).
+- Avoid speculative tech stack questions unless the absence blocks functional clarity.
+- Respect user early termination signals ("stop", "done", "proceed").
+- If no questions asked due to full coverage, output a compact coverage summary (all categories Clear) then suggest advancing.
+- If quota reached with unresolved high-impact categories remaining, explicitly flag them under Deferred with rationale.
+
+Context for prioritization: $ARGUMENTS
--- a/.codex/prompts/speckit.constitution.md
+++ b/.codex/prompts/speckit.constitution.md
@@ -0,0 +1,84 @@
+---
+description: Create or update the project constitution from interactive or provided principle inputs, ensuring all dependent templates stay in sync.
+handoffs: 
+  - label: Build Specification
+    agent: speckit.specify
+    prompt: Implement the feature specification based on the updated constitution. I want to build...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+You are updating the project constitution at `.ai/standards/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts.
+
+**Note**: If `.ai/standards/constitution.md` does not exist yet, it should have been initialized from `.specify/templates/constitution-template.md` during project setup. If it's missing, copy the template first.
+
+Follow this execution flow:
+
+1. Load the existing constitution at `.ai/standards/constitution.md`.
+   - Identify every placeholder token of the form `[ALL_CAPS_IDENTIFIER]`.
+   **IMPORTANT**: The user might require less or more principles than the ones used in the template. If a number is specified, respect that - follow the general template. You will update the doc accordingly.
+
+2. Collect/derive values for placeholders:
+   - If user input (conversation) supplies a value, use it.
+   - Otherwise infer from existing repo context (README, docs, prior constitution versions if embedded).
+   - For governance dates: `RATIFICATION_DATE` is the original adoption date (if unknown ask or mark TODO), `LAST_AMENDED_DATE` is today if changes are made, otherwise keep previous.
+   - `CONSTITUTION_VERSION` must increment according to semantic versioning rules:
+     - MAJOR: Backward incompatible governance/principle removals or redefinitions.
+     - MINOR: New principle/section added or materially expanded guidance.
+     - PATCH: Clarifications, wording, typo fixes, non-semantic refinements.
+   - If version bump type ambiguous, propose reasoning before finalizing.
+
+3. Draft the updated constitution content:
+   - Replace every placeholder with concrete text (no bracketed tokens left except intentionally retained template slots that the project has chosen not to define yet—explicitly justify any left).
+   - Preserve heading hierarchy and comments can be removed once replaced unless they still add clarifying guidance.
+   - Ensure each Principle section: succinct name line, paragraph (or bullet list) capturing non‑negotiable rules, explicit rationale if not obvious.
+   - Ensure Governance section lists amendment procedure, versioning policy, and compliance review expectations.
+
+4. Consistency propagation checklist (convert prior checklist into active validations):
+   - Read `.specify/templates/plan-template.md` and ensure any "Constitution Check" or rules align with updated principles.
+   - Read `.specify/templates/spec-template.md` for scope/requirements alignment—update if constitution adds/removes mandatory sections or constraints.
+   - Read `.specify/templates/tasks-template.md` and ensure task categorization reflects new or removed principle-driven task types (e.g., observability, versioning, testing discipline).
+   - Read each command file in `.specify/templates/commands/*.md` (including this one) to verify no outdated references (agent-specific names like CLAUDE only) remain when generic guidance is required.
+   - Read any runtime guidance docs (e.g., `README.md`, `docs/quickstart.md`, or agent-specific guidance files if present). Update references to principles changed.
+
+5. Produce a Sync Impact Report (prepend as an HTML comment at top of the constitution file after update):
+   - Version change: old → new
+   - List of modified principles (old title → new title if renamed)
+   - Added sections
+   - Removed sections
+   - Templates requiring updates (✅ updated / ⚠ pending) with file paths
+   - Follow-up TODOs if any placeholders intentionally deferred.
+
+6. Validation before final output:
+   - No remaining unexplained bracket tokens.
+   - Version line matches report.
+   - Dates ISO format YYYY-MM-DD.
+   - Principles are declarative, testable, and free of vague language ("should" → replace with MUST/SHOULD rationale where appropriate).
+
+7. Write the completed constitution back to `.ai/standards/constitution.md` (overwrite).
+
+8. Output a final summary to the user with:
+   - New version and bump rationale.
+   - Any files flagged for manual follow-up.
+   - Suggested commit message (e.g., `docs: amend constitution to vX.Y.Z (principle additions + governance update)`).
+
+Formatting & Style Requirements:
+
+- Use Markdown headings exactly as in the template (do not demote/promote levels).
+- Wrap long rationale lines to keep readability (<100 chars ideally) but do not hard enforce with awkward breaks.
+- Keep a single blank line between sections.
+- Avoid trailing whitespace.
+
+If the user supplies partial updates (e.g., only one principle revision), still perform validation and version decision steps.
+
+If critical info missing (e.g., ratification date truly unknown), insert `TODO(<FIELD_NAME>): explanation` and include in the Sync Impact Report under deferred items.
+
+Do not create a new template; always operate on the existing `.ai/standards/constitution.md` file.
--- a/.codex/prompts/speckit.fix.md
+++ b/.codex/prompts/speckit.fix.md
@@ -0,0 +1,199 @@
+---
+
+description: Fix failing tests and implementation issues based on test reports
+
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Analyze test failure reports, identify root causes, and fix implementation issues while preserving semantic protocol compliance.
+
+## Operating Constraints
+
+1. **USE CODER MODE**: Always switch to `coder` mode for code fixes
+2. **SEMANTIC PROTOCOL**: Never remove semantic annotations ([DEF], @TAGS). Only update code logic.
+3. **TEST DATA**: If tests use @TEST_ fixtures, preserve them when fixing
+4. **NO DELETION**: Never delete existing tests or semantic annotations
+5. **REPORT FIRST**: Always write a fix report before making changes
+
+## Execution Steps
+
+### 1. Load Test Report
+
+**Required**: Test report file path (e.g., `specs/<feature>/tests/reports/2026-02-19-report.md`)
+
+**Parse the report for**:
+- Failed test cases
+- Error messages
+- Stack traces
+- Expected vs actual behavior
+- Affected modules/files
+
+### 2. Analyze Root Causes
+
+For each failed test:
+
+1. **Read the test file** to understand what it's testing
+2. **Read the implementation file** to find the bug
+3. **Check semantic protocol compliance**:
+   - Does the implementation have correct [DEF] anchors?
+   - Are @TAGS (@PRE, @POST, @UX_STATE, etc.) present?
+   - Does the code match the TIER requirements?
+4. **Identify the fix**:
+   - Logic error in implementation
+   - Missing error handling
+   - Incorrect API usage
+   - State management issue
+
+### 3. Write Fix Report
+
+Create a structured fix report:
+
+```markdown
+# Fix Report: [FEATURE]
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X]
+- Total Skipped: [X]
+
+## Failed Tests Analysis
+
+### Test: [Test Name]
+
+**File**: `path/to/test.py`
+**Error**: [Error message]
+
+**Root Cause**: [Explanation of why test failed]
+
+**Fix Required**: [Description of fix]
+
+**Status**: [Pending/In Progress/Completed]
+
+## Fixes Applied
+
+### Fix 1: [Description]
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**:
+```diff
+<<<<<<< SEARCH
+[Original Code]
+=======
+[Fixed Code]
+>>>>>>> REPLACE
+```
+
+**Verification**: [How to verify fix works]
+
+**Semantic Integrity**: [Confirmed annotations preserved]
+
+## Next Steps
+
+- [ ] Run tests to verify fix: `cd backend && .venv/bin/python3 -m pytest`
+- [ ] Check for related failing tests
+- [ ] Update test documentation if needed
+```
+
+### 4. Apply Fixes (in Coder Mode)
+
+Switch to `coder` mode and apply fixes:
+
+1. **Read the implementation file** to get exact content
+2. **Apply the fix** using apply_diff
+3. **Preserve all semantic annotations**:
+   - Keep [DEF:...] and [/DEF:...] anchors
+   - Keep all @TAGS (@PURPOSE, @LAYER, @TIER, @RELATION, @PRE, @POST, @UX_STATE, @UX_FEEDBACK, @UX_RECOVERY)
+4. **Only update code logic** to fix the bug
+5. **Run tests** to verify the fix
+
+### 5. Verification
+
+After applying fixes:
+
+1. **Run tests**:
+   ```bash
+   cd backend && .venv/bin/python3 -m pytest -v
+   ```
+   or
+   ```bash
+   cd frontend && npm run test
+   ```
+
+2. **Check test results**:
+   - Failed tests should now pass
+   - No new tests should fail
+   - Coverage should not decrease
+
+3. **Update fix report** with results:
+   - Mark fixes as completed
+   - Add verification steps
+   - Note any remaining issues
+
+## Output
+
+Generate final fix report:
+
+```markdown
+# Fix Report: [FEATURE] - COMPLETED
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X] ✅
+- Total Skipped: [X]
+
+## Fixes Applied
+
+### Fix 1: [Description] ✅
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**: [Summary of changes]
+
+**Verification**: All tests pass ✅
+
+**Semantic Integrity**: Preserved ✅
+
+## Test Results
+
+```
+[Full test output showing all passing tests]
+```
+
+## Recommendations
+
+- [ ] Monitor for similar issues
+- [ ] Update documentation if needed
+- [ ] Consider adding more tests for edge cases
+
+## Related Files
+
+- Test Report: [path]
+- Implementation: [path]
+- Test File: [path]
+```
+
+## Context for Fixing
+
+$ARGUMENTS
--- a/.codex/prompts/speckit.implement.md
+++ b/.codex/prompts/speckit.implement.md
@@ -0,0 +1,150 @@
+---
+description: Execute the implementation plan by processing and executing all tasks defined in tasks.md
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Check checklists status** (if FEATURE_DIR/checklists/ exists):
+   - Scan all checklist files in the checklists/ directory
+   - For each checklist, count:
+     - Total items: All lines matching `- [ ]` or `- [X]` or `- [x]`
+     - Completed items: Lines matching `- [X]` or `- [x]`
+     - Incomplete items: Lines matching `- [ ]`
+   - Create a status table:
+
+     ```text
+     | Checklist | Total | Completed | Incomplete | Status |
+     |-----------|-------|-----------|------------|--------|
+     | ux.md     | 12    | 12        | 0          | ✓ PASS |
+     | test.md   | 8     | 5         | 3          | ✗ FAIL |
+     | security.md | 6   | 6         | 0          | ✓ PASS |
+     ```
+
+   - Calculate overall status:
+     - **PASS**: All checklists have 0 incomplete items
+     - **FAIL**: One or more checklists have incomplete items
+
+   - **If any checklist is incomplete**:
+     - Display the table with incomplete item counts
+     - **STOP** and ask: "Some checklists are incomplete. Do you want to proceed with implementation anyway? (yes/no)"
+     - Wait for user response before continuing
+     - If user says "no" or "wait" or "stop", halt execution
+     - If user says "yes" or "proceed" or "continue", proceed to step 3
+
+   - **If all checklists are complete**:
+     - Display the table showing all checklists passed
+     - Automatically proceed to step 3
+
+3. Load and analyze the implementation context:
+   - **REQUIRED**: Read tasks.md for the complete task list and execution plan
+   - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure
+   - **IF EXISTS**: Read data-model.md for entities and relationships
+   - **IF EXISTS**: Read contracts/ for API specifications and test requirements
+   - **IF EXISTS**: Read research.md for technical decisions and constraints
+   - **IF EXISTS**: Read quickstart.md for integration scenarios
+
+3. Load and analyze the implementation context:
+    - **REQUIRED**: Read `.ai/standards/semantics.md` for strict coding standards and contract requirements
+    - **REQUIRED**: Read tasks.md for the complete task list and execution plan
+    - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure
+    - **IF EXISTS**: Read data-model.md for entities and relationships
+    - **IF EXISTS**: Read contracts/ for API specifications and test requirements
+    - **IF EXISTS**: Read research.md for technical decisions and constraints
+    - **IF EXISTS**: Read quickstart.md for integration scenarios
+
+4. **Project Setup Verification**:
+   - **REQUIRED**: Create/verify ignore files based on actual project setup:
+
+   **Detection & Creation Logic**:
+   - Check if the following command succeeds to determine if the repository is a git repo (create/verify .gitignore if so):
+
+     ```sh
+     git rev-parse --git-dir 2>/dev/null
+     ```
+
+   - Check if Dockerfile* exists or Docker in plan.md → create/verify .dockerignore
+   - Check if .eslintrc* exists → create/verify .eslintignore
+   - Check if eslint.config.* exists → ensure the config's `ignores` entries cover required patterns
+   - Check if .prettierrc* exists → create/verify .prettierignore
+   - Check if .npmrc or package.json exists → create/verify .npmignore (if publishing)
+   - Check if terraform files (*.tf) exist → create/verify .terraformignore
+   - Check if .helmignore needed (helm charts present) → create/verify .helmignore
+
+   **If ignore file already exists**: Verify it contains essential patterns, append missing critical patterns only
+   **If ignore file missing**: Create with full pattern set for detected technology
+
+   **Common Patterns by Technology** (from plan.md tech stack):
+   - **Node.js/JavaScript/TypeScript**: `node_modules/`, `dist/`, `build/`, `*.log`, `.env*`
+   - **Python**: `__pycache__/`, `*.pyc`, `.venv/`, `venv/`, `dist/`, `*.egg-info/`
+   - **Java**: `target/`, `*.class`, `*.jar`, `.gradle/`, `build/`
+   - **C#/.NET**: `bin/`, `obj/`, `*.user`, `*.suo`, `packages/`
+   - **Go**: `*.exe`, `*.test`, `vendor/`, `*.out`
+   - **Ruby**: `.bundle/`, `log/`, `tmp/`, `*.gem`, `vendor/bundle/`
+   - **PHP**: `vendor/`, `*.log`, `*.cache`, `*.env`
+   - **Rust**: `target/`, `debug/`, `release/`, `*.rs.bk`, `*.rlib`, `*.prof*`, `.idea/`, `*.log`, `.env*`
+   - **Kotlin**: `build/`, `out/`, `.gradle/`, `.idea/`, `*.class`, `*.jar`, `*.iml`, `*.log`, `.env*`
+   - **C++**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.so`, `*.a`, `*.exe`, `*.dll`, `.idea/`, `*.log`, `.env*`
+   - **C**: `build/`, `bin/`, `obj/`, `out/`, `*.o`, `*.a`, `*.so`, `*.exe`, `Makefile`, `config.log`, `.idea/`, `*.log`, `.env*`
+   - **Swift**: `.build/`, `DerivedData/`, `*.swiftpm/`, `Packages/`
+   - **R**: `.Rproj.user/`, `.Rhistory`, `.RData`, `.Ruserdata`, `*.Rproj`, `packrat/`, `renv/`
+   - **Universal**: `.DS_Store`, `Thumbs.db`, `*.tmp`, `*.swp`, `.vscode/`, `.idea/`
+
+   **Tool-Specific Patterns**:
+   - **Docker**: `node_modules/`, `.git/`, `Dockerfile*`, `.dockerignore`, `*.log*`, `.env*`, `coverage/`
+   - **ESLint**: `node_modules/`, `dist/`, `build/`, `coverage/`, `*.min.js`
+   - **Prettier**: `node_modules/`, `dist/`, `build/`, `coverage/`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`
+   - **Terraform**: `.terraform/`, `*.tfstate*`, `*.tfvars`, `.terraform.lock.hcl`
+   - **Kubernetes/k8s**: `*.secret.yaml`, `secrets/`, `.kube/`, `kubeconfig*`, `*.key`, `*.crt`
+
+5. Parse tasks.md structure and extract:
+   - **Task phases**: Setup, Tests, Core, Integration, Polish
+   - **Task dependencies**: Sequential vs parallel execution rules
+   - **Task details**: ID, description, file paths, parallel markers [P]
+   - **Execution flow**: Order and dependency requirements
+
+6. Execute implementation following the task plan:
+   - **Phase-by-phase execution**: Complete each phase before moving to the next
+   - **Respect dependencies**: Run sequential tasks in order, parallel tasks [P] can run together  
+   - **Follow TDD approach**: Execute test tasks before their corresponding implementation tasks
+   - **File-based coordination**: Tasks affecting the same files must run sequentially
+   - **Validation checkpoints**: Verify each phase completion before proceeding
+
+7. Implementation execution rules:
+    - **Strict Adherence**: Apply `.ai/standards/semantics.md` rules:
+      - Every file MUST start with a `[DEF:id:Type]` header and end with a closing `[/DEF:id:Type]` anchor.
+      - Include `@TIER` and define contracts (`@PRE`, `@POST`).
+      - For Svelte components, use `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY`, and explicitly declare reactivity with `@UX_REATIVITY: State: $state, Derived: $derived`.
+      - **Molecular Topology Logging**: Use prefixes `[EXPLORE]`, `[REASON]`, `[REFLECT]` in logs to trace logic.
+    - **CRITICAL Contracts**: If a task description contains a contract summary (e.g., `CRITICAL: PRE: ..., POST: ...`), these constraints are **MANDATORY** and must be strictly implemented in the code using guards/assertions (if applicable per protocol).
+    - **Setup first**: Initialize project structure, dependencies, configuration
+   - **Tests before code**: If you need to write tests for contracts, entities, and integration scenarios
+   - **Core development**: Implement models, services, CLI commands, endpoints
+   - **Integration work**: Database connections, middleware, logging, external services
+   - **Polish and validation**: Unit tests, performance optimization, documentation
+
+8. Progress tracking and error handling:
+   - Report progress after each completed task
+   - Halt execution if any non-parallel task fails
+   - For parallel tasks [P], continue with successful tasks, report failed ones
+   - Provide clear error messages with context for debugging
+   - Suggest next steps if implementation cannot proceed
+   - **IMPORTANT** For completed tasks, make sure to mark the task off as [X] in the tasks file.
+
+9. Completion validation:
+   - Verify all required tasks are completed
+   - Check that implemented features match the original specification
+   - Validate that tests pass and coverage meets requirements
+   - Confirm the implementation follows the technical plan
+   - Report final status with summary of completed work
+
+Note: This command assumes a complete task breakdown exists in tasks.md. If tasks are incomplete or missing, suggest running `/speckit.tasks` first to regenerate the task list.
--- a/.codex/prompts/speckit.plan.md
+++ b/.codex/prompts/speckit.plan.md
@@ -0,0 +1,104 @@
+---
+description: Execute the implementation planning workflow using the plan template to generate design artifacts.
+handoffs: 
+  - label: Create Tasks
+    agent: speckit.tasks
+    prompt: Break the plan into tasks
+    send: true
+  - label: Create Checklist
+    agent: speckit.checklist
+    prompt: Create a checklist for the following domain...
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. **Setup**: Run `.specify/scripts/bash/setup-plan.sh --json` from repo root and parse JSON for FEATURE_SPEC, IMPL_PLAN, SPECS_DIR, BRANCH. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Load context**: Read `.ai/ROOT.md` and `.ai/PROJECT_MAP.md` to understand the project structure and navigation. Then read required standards: `.ai/standards/constitution.md` and `.ai/standards/semantics.md`. Load IMPL_PLAN template.
+
+3. **Execute plan workflow**: Follow the structure in IMPL_PLAN template to:
+   - Fill Technical Context (mark unknowns as "NEEDS CLARIFICATION")
+   - Fill Constitution Check section from constitution
+   - Evaluate gates (ERROR if violations unjustified)
+   - Phase 0: Generate research.md (resolve all NEEDS CLARIFICATION)
+   - Phase 1: Generate data-model.md, contracts/, quickstart.md
+   - Phase 1: Update agent context by running the agent script
+   - Re-evaluate Constitution Check post-design
+
+4. **Stop and report**: Command ends after Phase 2 planning. Report branch, IMPL_PLAN path, and generated artifacts.
+
+## Phases
+
+### Phase 0: Outline & Research
+
+1. **Extract unknowns from Technical Context** above:
+   - For each NEEDS CLARIFICATION → research task
+   - For each dependency → best practices task
+   - For each integration → patterns task
+
+2. **Generate and dispatch research agents**:
+
+   ```text
+   For each unknown in Technical Context:
+     Task: "Research {unknown} for {feature context}"
+   For each technology choice:
+     Task: "Find best practices for {tech} in {domain}"
+   ```
+
+3. **Consolidate findings** in `research.md` using format:
+   - Decision: [what was chosen]
+   - Rationale: [why chosen]
+   - Alternatives considered: [what else evaluated]
+
+**Output**: research.md with all NEEDS CLARIFICATION resolved
+
+### Phase 1: Design & Contracts
+
+**Prerequisites:** `research.md` complete
+
+0. **Validate Design against UX Reference**:
+    - Check if the proposed architecture supports the latency, interactivity, and flow defined in `ux_reference.md`.
+    - **Linkage**: Ensure key UI states from `ux_reference.md` map to Component Contracts (`@UX_STATE`).
+    - **CRITICAL**: If the technical plan compromises the UX (e.g. "We can't do real-time validation"), you **MUST STOP** and warn the user.
+
+1. **Extract entities from feature spec** → `data-model.md`:
+    - Entity name, fields, relationships, validation rules.
+
+2. **Design & Verify Contracts (Semantic Protocol)**:
+    - **Drafting**: Define `[DEF:id:Type]` Headers, Contracts, and closing `[/DEF:id:Type]` for all new modules based on `.ai/standards/semantics.md`.
+    - **TIER Classification**: Explicitly assign `@TIER: [CRITICAL|STANDARD|TRIVIAL]` to each module.
+    - **CRITICAL Requirements**: For all CRITICAL modules, define full `@PRE`, `@POST`, and (if UI) `@UX_STATE` contracts. **MUST** also define testing contracts: `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, and `@TEST_INVARIANT`.
+    - **Self-Review**:
+      - *Completeness*: Do `@PRE`/`@POST` cover edge cases identified in Research? Are test contracts present for CRITICAL?
+      - *Connectivity*: Do `@RELATION` tags form a coherent graph?
+      - *Compliance*: Does syntax match `[DEF:id:Type]` exactly and is it closed with `[/DEF:id:Type]`?
+    - **Output**: Write verified contracts to `contracts/modules.md`.
+
+3. **Simulate Contract Usage**:
+    - Trace one key user scenario through the defined contracts to ensure data flow continuity.
+    - If a contract interface mismatch is found, fix it immediately.
+
+4. **Generate API contracts**:
+    - Output OpenAPI/GraphQL schema to `/contracts/` for backend-frontend sync.
+
+3. **Agent context update**:
+   - Run `.specify/scripts/bash/update-agent-context.sh agy`
+   - These scripts detect which AI agent is in use
+   - Update the appropriate agent-specific context file
+   - Add only new technology from current plan
+   - Preserve manual additions between markers
+
+**Output**: data-model.md, /contracts/*, quickstart.md, agent-specific file
+
+## Key rules
+
+- Use absolute paths
+- ERROR on gate failures or unresolved clarifications
--- a/.codex/prompts/speckit.specify.md
+++ b/.codex/prompts/speckit.specify.md
@@ -0,0 +1,258 @@
+---
+description: Create or update the feature specification from a natural language feature description.
+handoffs: 
+  - label: Build Technical Plan
+    agent: speckit.plan
+    prompt: Create a plan for the spec. I am building with...
+  - label: Clarify Spec Requirements
+    agent: speckit.clarify
+    prompt: Clarify specification requirements
+    send: true
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+The text the user typed after `/speckit.specify` in the triggering message **is** the feature description. Assume you always have it available in this conversation even if `$ARGUMENTS` appears literally below. Do not ask the user to repeat it unless they provided an empty command.
+
+Given that feature description, do this:
+
+1. **Generate a concise short name** (2-4 words) for the branch:
+   - Analyze the feature description and extract the most meaningful keywords
+   - Create a 2-4 word short name that captures the essence of the feature
+   - Use action-noun format when possible (e.g., "add-user-auth", "fix-payment-bug")
+   - Preserve technical terms and acronyms (OAuth2, API, JWT, etc.)
+   - Keep it concise but descriptive enough to understand the feature at a glance
+   - Examples:
+     - "I want to add user authentication" → "user-auth"
+     - "Implement OAuth2 integration for the API" → "oauth2-api-integration"
+     - "Create a dashboard for analytics" → "analytics-dashboard"
+     - "Fix payment processing timeout bug" → "fix-payment-timeout"
+
+2. **Check for existing branches before creating new one**:
+
+   a. First, fetch all remote branches to ensure we have the latest information:
+
+      ```bash
+      git fetch --all --prune
+      ```
+
+   b. Find the highest feature number across all sources for the short-name:
+      - Remote branches: `git ls-remote --heads origin | grep -E 'refs/heads/[0-9]+-<short-name>$'`
+      - Local branches: `git branch | grep -E '^[* ]*[0-9]+-<short-name>$'`
+      - Specs directories: Check for directories matching `specs/[0-9]+-<short-name>`
+
+   c. Determine the next available number:
+      - Extract all numbers from all three sources
+      - Find the highest number N
+      - Use N+1 for the new branch number
+
+   d. Run the script `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS"` with the calculated number and short-name:
+      - Pass `--number N+1` and `--short-name "your-short-name"` along with the feature description
+      - Bash example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" --json --number 5 --short-name "user-auth" "Add user authentication"`
+      - PowerShell example: `.specify/scripts/bash/create-new-feature.sh --json "$ARGUMENTS" -Json -Number 5 -ShortName "user-auth" "Add user authentication"`
+
+   **IMPORTANT**:
+   - Check all three sources (remote branches, local branches, specs directories) to find the highest number
+   - Only match branches/directories with the exact short-name pattern
+   - If no existing branches/directories found with this short-name, start with number 1
+   - You must only ever run this script once per feature
+   - The JSON is provided in the terminal as output - always refer to it to get the actual content you're looking for
+   - The JSON output will contain BRANCH_NAME and SPEC_FILE paths
+   - For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot")
+
+3. Load `.specify/templates/spec-template.md` to understand required sections.
+
+4. Follow this execution flow:
+
+    1. Parse user description from Input
+       If empty: ERROR "No feature description provided"
+    2. Extract key concepts from description
+       Identify: actors, actions, data, constraints
+    3. For unclear aspects:
+       - Make informed guesses based on context and industry standards
+       - Only mark with [NEEDS CLARIFICATION: specific question] if:
+         - The choice significantly impacts feature scope or user experience
+         - Multiple reasonable interpretations exist with different implications
+         - No reasonable default exists
+       - **LIMIT: Maximum 3 [NEEDS CLARIFICATION] markers total**
+       - Prioritize clarifications by impact: scope > security/privacy > user experience > technical details
+    4. Fill User Scenarios & Testing section
+       If no clear user flow: ERROR "Cannot determine user scenarios"
+    5. Generate Functional Requirements
+       Each requirement must be testable
+       Use reasonable defaults for unspecified details (document assumptions in Assumptions section)
+    6. Define Success Criteria
+       Create measurable, technology-agnostic outcomes
+       Include both quantitative metrics (time, performance, volume) and qualitative measures (user satisfaction, task completion)
+       Each criterion must be verifiable without implementation details
+    7. Identify Key Entities (if data involved)
+    8. Return: SUCCESS (spec ready for planning)
+
+5. Write the specification to SPEC_FILE using the template structure, replacing placeholders with concrete details derived from the feature description (arguments) while preserving section order and headings.
+
+6. **Specification Quality Validation**: After writing the initial spec, validate it against quality criteria:
+
+   a. **Create Spec Quality Checklist**: Generate a checklist file at `FEATURE_DIR/checklists/requirements.md` using the checklist template structure with these validation items:
+
+      ```markdown
+      # Specification Quality Checklist: [FEATURE NAME]
+      
+      **Purpose**: Validate specification completeness and quality before proceeding to planning
+      **Created**: [DATE]
+      **Feature**: [Link to spec.md]
+      
+      ## Content Quality
+      
+      - [ ] No implementation details (languages, frameworks, APIs)
+      - [ ] Focused on user value and business needs
+      - [ ] Written for non-technical stakeholders
+      - [ ] All mandatory sections completed
+      
+      ## Requirement Completeness
+      
+      - [ ] No [NEEDS CLARIFICATION] markers remain
+      - [ ] Requirements are testable and unambiguous
+      - [ ] Success criteria are measurable
+      - [ ] Success criteria are technology-agnostic (no implementation details)
+      - [ ] All acceptance scenarios are defined
+      - [ ] Edge cases are identified
+      - [ ] Scope is clearly bounded
+      - [ ] Dependencies and assumptions identified
+      
+      ## Feature Readiness
+      
+      - [ ] All functional requirements have clear acceptance criteria
+      - [ ] User scenarios cover primary flows
+      - [ ] Feature meets measurable outcomes defined in Success Criteria
+      - [ ] No implementation details leak into specification
+      
+      ## Notes
+      
+      - Items marked incomplete require spec updates before `/speckit.clarify` or `/speckit.plan`
+      ```
+
+   b. **Run Validation Check**: Review the spec against each checklist item:
+      - For each item, determine if it passes or fails
+      - Document specific issues found (quote relevant spec sections)
+
+   c. **Handle Validation Results**:
+
+      - **If all items pass**: Mark checklist complete and proceed to step 6
+
+      - **If items fail (excluding [NEEDS CLARIFICATION])**:
+        1. List the failing items and specific issues
+        2. Update the spec to address each issue
+        3. Re-run validation until all items pass (max 3 iterations)
+        4. If still failing after 3 iterations, document remaining issues in checklist notes and warn user
+
+      - **If [NEEDS CLARIFICATION] markers remain**:
+        1. Extract all [NEEDS CLARIFICATION: ...] markers from the spec
+        2. **LIMIT CHECK**: If more than 3 markers exist, keep only the 3 most critical (by scope/security/UX impact) and make informed guesses for the rest
+        3. For each clarification needed (max 3), present options to user in this format:
+
+           ```markdown
+           ## Question [N]: [Topic]
+           
+           **Context**: [Quote relevant spec section]
+           
+           **What we need to know**: [Specific question from NEEDS CLARIFICATION marker]
+           
+           **Suggested Answers**:
+           
+           | Option | Answer | Implications |
+           |--------|--------|--------------|
+           | A      | [First suggested answer] | [What this means for the feature] |
+           | B      | [Second suggested answer] | [What this means for the feature] |
+           | C      | [Third suggested answer] | [What this means for the feature] |
+           | Custom | Provide your own answer | [Explain how to provide custom input] |
+           
+           **Your choice**: _[Wait for user response]_
+           ```
+
+        4. **CRITICAL - Table Formatting**: Ensure markdown tables are properly formatted:
+           - Use consistent spacing with pipes aligned
+           - Each cell should have spaces around content: `| Content |` not `|Content|`
+           - Header separator must have at least 3 dashes: `|--------|`
+           - Test that the table renders correctly in markdown preview
+        5. Number questions sequentially (Q1, Q2, Q3 - max 3 total)
+        6. Present all questions together before waiting for responses
+        7. Wait for user to respond with their choices for all questions (e.g., "Q1: A, Q2: Custom - [details], Q3: B")
+        8. Update the spec by replacing each [NEEDS CLARIFICATION] marker with the user's selected or provided answer
+        9. Re-run validation after all clarifications are resolved
+
+   d. **Update Checklist**: After each validation iteration, update the checklist file with current pass/fail status
+
+7. Report completion with branch name, spec file path, checklist results, and readiness for the next phase (`/speckit.clarify` or `/speckit.plan`).
+
+**NOTE:** The script creates and checks out the new branch and initializes the spec file before writing.
+
+## General Guidelines
+
+## Quick Guidelines
+
+- Focus on **WHAT** users need and **WHY**.
+- Avoid HOW to implement (no tech stack, APIs, code structure).
+- Written for business stakeholders, not developers.
+- DO NOT create any checklists that are embedded in the spec. That will be a separate command.
+
+### Section Requirements
+
+- **Mandatory sections**: Must be completed for every feature
+- **Optional sections**: Include only when relevant to the feature
+- When a section doesn't apply, remove it entirely (don't leave as "N/A")
+
+### For AI Generation
+
+When creating this spec from a user prompt:
+
+1. **Make informed guesses**: Use context, industry standards, and common patterns to fill gaps
+2. **Document assumptions**: Record reasonable defaults in the Assumptions section
+3. **Limit clarifications**: Maximum 3 [NEEDS CLARIFICATION] markers - use only for critical decisions that:
+   - Significantly impact feature scope or user experience
+   - Have multiple reasonable interpretations with different implications
+   - Lack any reasonable default
+4. **Prioritize clarifications**: scope > security/privacy > user experience > technical details
+5. **Think like a tester**: Every vague requirement should fail the "testable and unambiguous" checklist item
+6. **Common areas needing clarification** (only if no reasonable default exists):
+   - Feature scope and boundaries (include/exclude specific use cases)
+   - User types and permissions (if multiple conflicting interpretations possible)
+   - Security/compliance requirements (when legally/financially significant)
+
+**Examples of reasonable defaults** (don't ask about these):
+
+- Data retention: Industry-standard practices for the domain
+- Performance targets: Standard web/mobile app expectations unless specified
+- Error handling: User-friendly messages with appropriate fallbacks
+- Authentication method: Standard session-based or OAuth2 for web apps
+- Integration patterns: Use project-appropriate patterns (REST/GraphQL for web services, function calls for libraries, CLI args for tools, etc.)
+
+### Success Criteria Guidelines
+
+Success criteria must be:
+
+1. **Measurable**: Include specific metrics (time, percentage, count, rate)
+2. **Technology-agnostic**: No mention of frameworks, languages, databases, or tools
+3. **User-focused**: Describe outcomes from user/business perspective, not system internals
+4. **Verifiable**: Can be tested/validated without knowing implementation details
+
+**Good examples**:
+
+- "Users can complete checkout in under 3 minutes"
+- "System supports 10,000 concurrent users"
+- "95% of searches return results in under 1 second"
+- "Task completion rate improves by 40%"
+
+**Bad examples** (implementation-focused):
+
+- "API response time is under 200ms" (too technical, use "Users see results instantly")
+- "Database can handle 1000 TPS" (implementation detail, use user-facing metric)
+- "React components render efficiently" (framework-specific)
+- "Redis cache hit rate above 80%" (technology-specific)
--- a/.codex/prompts/speckit.tasks.md
+++ b/.codex/prompts/speckit.tasks.md
@@ -0,0 +1,146 @@
+---
+description: Generate an actionable, dependency-ordered tasks.md for the feature based on available design artifacts.
+handoffs: 
+  - label: Analyze For Consistency
+    agent: speckit.analyze
+    prompt: Run a project analysis for consistency
+    send: true
+  - label: Implement Project
+    agent: speckit.implement
+    prompt: Start the implementation in phases
+    send: true
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+
+2. **Load design documents**: Read from FEATURE_DIR:
+   - **Required**: plan.md (tech stack, libraries, structure), spec.md (user stories with priorities), ux_reference.md (experience source of truth)
+   - **Optional**: data-model.md (entities), contracts/ (interface contracts), research.md (decisions), quickstart.md (test scenarios)
+   - Note: Not all projects have all documents. Generate tasks based on what's available.
+
+3. **Execute task generation workflow**:
+   - Load plan.md and extract tech stack, libraries, project structure
+   - Load spec.md and extract user stories with their priorities (P1, P2, P3, etc.)
+   - If data-model.md exists: Extract entities and map to user stories
+   - If contracts/ exists: Map interface contracts to user stories
+   - If research.md exists: Extract decisions for setup tasks
+   - Generate tasks organized by user story (see Task Generation Rules below)
+   - Generate dependency graph showing user story completion order
+   - Create parallel execution examples per user story
+   - Validate task completeness (each user story has all needed tasks, independently testable)
+
+4. **Generate tasks.md**: Use `.specify/templates/tasks-template.md` as structure, fill with:
+   - Correct feature name from plan.md
+   - Phase 1: Setup tasks (project initialization)
+   - Phase 2: Foundational tasks (blocking prerequisites for all user stories)
+   - Phase 3+: One phase per user story (in priority order from spec.md)
+   - Each phase includes: story goal, independent test criteria, tests (if requested), implementation tasks
+   - Final Phase: Polish & cross-cutting concerns
+   - All tasks must follow the strict checklist format (see Task Generation Rules below)
+   - Clear file paths for each task
+   - Dependencies section showing story completion order
+   - Parallel execution examples per story
+   - Implementation strategy section (MVP first, incremental delivery)
+
+5. **Report**: Output path to generated tasks.md and summary:
+   - Total task count
+   - Task count per user story
+   - Parallel opportunities identified
+   - Independent test criteria for each story
+   - Suggested MVP scope (typically just User Story 1)
+   - Format validation: Confirm ALL tasks follow the checklist format (checkbox, ID, labels, file paths)
+
+Context for task generation: $ARGUMENTS
+
+The tasks.md should be immediately executable - each task must be specific enough that an LLM can complete it without additional context.
+
+## Task Generation Rules
+
+**CRITICAL**: Tasks MUST be organized by user story to enable independent implementation and testing.
+
+**Tests are OPTIONAL**: Only generate test tasks if explicitly requested in the feature specification or if user requests TDD approach.
+
+### UX Preservation (CRITICAL)
+
+- **Source of Truth**: `ux_reference.md` is the absolute standard for the "feel" of the feature.
+- **Violation Warning**: If any task would inherently violate the UX (e.g. "Remove progress bar to simplify code"), you **MUST** flag this to the user immediately.
+- **Verification Task**: You **MUST** add a specific task at the end of each User Story phase: `- [ ] Txxx [USx] Verify implementation matches ux_reference.md (Happy Path & Errors)`
+
+### Checklist Format (REQUIRED)
+
+Every task MUST strictly follow this format:
+
+```text
+- [ ] [TaskID] [P?] [Story?] Description with file path
+```
+
+**Format Components**:
+
+1. **Checkbox**: ALWAYS start with `- [ ]` (markdown checkbox)
+2. **Task ID**: Sequential number (T001, T002, T003...) in execution order
+3. **[P] marker**: Include ONLY if task is parallelizable (different files, no dependencies on incomplete tasks)
+4. **[Story] label**: REQUIRED for user story phase tasks only
+   - Format: [US1], [US2], [US3], etc. (maps to user stories from spec.md)
+   - Setup phase: NO story label
+   - Foundational phase: NO story label  
+   - User Story phases: MUST have story label
+   - Polish phase: NO story label
+5. **Description**: Clear action with exact file path
+
+**Examples**:
+
+- ✅ CORRECT: `- [ ] T001 Create project structure per implementation plan`
+- ✅ CORRECT: `- [ ] T005 [P] Implement authentication middleware in src/middleware/auth.py`
+- ✅ CORRECT: `- [ ] T012 [P] [US1] Create User model in src/models/user.py`
+- ✅ CORRECT: `- [ ] T014 [US1] Implement UserService in src/services/user_service.py`
+- ❌ WRONG: `- [ ] Create User model` (missing ID and Story label)
+- ❌ WRONG: `T001 [US1] Create model` (missing checkbox)
+- ❌ WRONG: `- [ ] [US1] Create User model` (missing Task ID)
+- ❌ WRONG: `- [ ] T001 [US1] Create model` (missing file path)
+
+### Task Organization
+
+1. **From User Stories (spec.md)** - PRIMARY ORGANIZATION:
+   - Each user story (P1, P2, P3...) gets its own phase
+   - Map all related components to their story:
+     - Models needed for that story
+     - Services needed for that story
+     - Interfaces/UI needed for that story
+     - If tests requested: Tests specific to that story
+   - Mark story dependencies (most stories should be independent)
+
+2. **From Contracts (CRITICAL TIER)**:
+    - Identify components marked as `@TIER: CRITICAL` in `contracts/modules.md`.
+    - For these components, **MUST** append the summary of `@PRE`, `@POST`, `@UX_STATE`, and test contracts (`@TEST_FIXTURE`, `@TEST_EDGE`) directly to the task description.
+    - Example: `- [ ] T005 [P] [US1] Implement Auth (CRITICAL: PRE: token exists, POST: returns User, TESTS: 2 edges) in src/auth.py`
+    - Map each contract/endpoint → to the user story it serves
+    - If tests requested: Each contract → contract test task [P] before implementation in that story's phase
+
+3. **From Data Model**:
+   - Map each entity to the user story(ies) that need it
+   - If entity serves multiple stories: Put in earliest story or Setup phase
+   - Relationships → service layer tasks in appropriate story phase
+
+4. **From Setup/Infrastructure**:
+   - Shared infrastructure → Setup phase (Phase 1)
+   - Foundational/blocking tasks → Foundational phase (Phase 2)
+   - Story-specific setup → within that story's phase
+
+### Phase Structure
+
+- **Phase 1**: Setup (project initialization)
+- **Phase 2**: Foundational (blocking prerequisites - MUST complete before user stories)
+- **Phase 3+**: User Stories in priority order (P1, P2, P3...)
+  - Within each story: Tests (if requested) → Models → Services → Endpoints → Integration
+  - Each phase should be a complete, independently testable increment
+- **Final Phase**: Polish & Cross-Cutting Concerns
--- a/.codex/prompts/speckit.taskstoissues
+++ b/.codex/prompts/speckit.taskstoissues
@@ -0,0 +1,30 @@
+---
+description: Convert existing tasks into actionable, dependency-ordered GitHub issues for the feature based on available design artifacts.
+tools: ['github/github-mcp-server/issue_write']
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Outline
+
+1. Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").
+1. From the executed script, extract the path to **tasks**.
+1. Get the Git remote by running:
+
+```bash
+git config --get remote.origin.url
+```
+
+> [!CAUTION]
+> ONLY PROCEED TO NEXT STEPS IF THE REMOTE IS A GITHUB URL
+
+1. For each task in the list, use the GitHub MCP server to create a new issue in the repository that is representative of the Git remote.
+
+> [!CAUTION]
+> UNDER NO CIRCUMSTANCES EVER CREATE ISSUES IN REPOSITORIES THAT DO NOT MATCH THE REMOTE URL
--- a/.codex/prompts/speckit.test.md
+++ b/.codex/prompts/speckit.test.md
@@ -0,0 +1,179 @@
+---
+
+description: Generate tests, manage test documentation, and ensure maximum code coverage
+
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Execute full testing cycle: analyze code for testable modules, write tests with proper coverage, maintain test documentation, and ensure no test duplication or deletion.
+
+## Operating Constraints
+
+1. **NEVER delete existing tests** - Only update if they fail due to bugs in the test or implementation
+2. **NEVER duplicate tests** - Check existing tests first before creating new ones
+3. **Use TEST_FIXTURE fixtures** - For CRITICAL tier modules, read @TEST_FIXTURE from semantics header
+4. **Co-location required** - Write tests in `__tests__` directories relative to the code being tested
+
+## Execution Steps
+
+### 1. Analyze Context
+
+Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS.
+
+Determine:
+- FEATURE_DIR - where the feature is located
+- TASKS_FILE - path to tasks.md
+- Which modules need testing based on task status
+
+### 2. Load Relevant Artifacts
+
+**From tasks.md:**
+- Identify completed implementation tasks (not test tasks)
+- Extract file paths that need tests
+
+**From .ai/standards/semantics.md:**
+- Read @TIER annotations for modules
+- For CRITICAL modules: Read @TEST_ fixtures
+
+**From existing tests:**
+- Scan `__tests__` directories for existing tests
+- Identify test patterns and coverage gaps
+
+### 3. Test Coverage Analysis
+
+Create coverage matrix:
+
+| Module | File | Has Tests | TIER | TEST_FIXTURE Available |
+|--------|------|-----------|------|----------------------|
+| ... | ... | ... | ... | ... |
+
+### 4. Write Tests (TDD Approach)
+
+For each module requiring tests:
+
+1. **Check existing tests**: Scan `__tests__/` for duplicates
+2. **Read TEST_FIXTURE**: If CRITICAL tier, read @TEST_FIXTURE from semantic header
+3. **Write test**: Follow co-location strategy
+   - Python: `src/module/__tests__/test_module.py`
+   - Svelte: `src/lib/components/__tests__/test_component.test.js`
+4. **Use mocks**: Use `unittest.mock.MagicMock` for external dependencies
+
+### 4a. UX Contract Testing (Frontend Components)
+
+For Svelte components with `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY` tags:
+
+1. **Parse UX tags**: Read component file and extract all `@UX_*` annotations
+2. **Generate UX tests**: Create tests for each UX state transition
+   ```javascript
+   // Example: Testing @UX_STATE: Idle -> Expanded
+   it('should transition from Idle to Expanded on toggle click', async () => {
+     render(Sidebar);
+     const toggleBtn = screen.getByRole('button', { name: /toggle/i });
+     await fireEvent.click(toggleBtn);
+     expect(screen.getByTestId('sidebar')).toHaveClass('expanded');
+   });
+   ```
+3. **Test @UX_FEEDBACK**: Verify visual feedback (toast, shake, color changes)
+4. **Test @UX_RECOVERY**: Verify error recovery mechanisms (retry, clear input)
+5. **Use @UX_TEST fixtures**: If component has `@UX_TEST` tags, use them as test specifications
+
+**UX Test Template:**
+```javascript
+// [DEF:__tests__/test_Component:Module]
+// @RELATION: VERIFIES -> ../Component.svelte
+// @PURPOSE: Test UX states and transitions
+
+describe('Component UX States', () => {
+  // @UX_STATE: Idle -> {action: click, expected: Active}
+  it('should transition Idle -> Active on click', async () => { ... });
+  
+  // @UX_FEEDBACK: Toast on success
+  it('should show toast on successful action', async () => { ... });
+  
+  // @UX_RECOVERY: Retry on error
+  it('should allow retry on error', async () => { ... });
+});
+// [/DEF:__tests__/test_Component:Module]
+```
+
+### 5. Test Documentation
+
+Create/update documentation in `specs/<feature>/tests/`:
+
+```
+tests/
+├── README.md           # Test strategy and overview
+├── coverage.md         # Coverage matrix and reports
+└── reports/
+    └── YYYY-MM-DD-report.md
+```
+
+### 6. Execute Tests
+
+Run tests and report results:
+
+**Backend:**
+```bash
+cd backend && .venv/bin/python3 -m pytest -v
+```
+
+**Frontend:**
+```bash
+cd frontend && npm run test
+```
+
+### 7. Update Tasks
+
+Mark test tasks as completed in tasks.md with:
+- Test file path
+- Coverage achieved
+- Any issues found
+
+## Output
+
+Generate test execution report:
+
+```markdown
+# Test Report: [FEATURE]
+
+**Date**: [YYYY-MM-DD]
+**Executed by**: Tester Agent
+
+## Coverage Summary
+
+| Module | Tests | Coverage % |
+|--------|-------|------------|
+| ... | ... | ... |
+
+## Test Results
+
+- Total: [X]
+- Passed: [X]
+- Failed: [X]
+- Skipped: [X]
+
+## Issues Found
+
+| Test | Error | Resolution |
+|------|-------|------------|
+| ... | ... | ... |
+
+## Next Steps
+
+- [ ] Fix failed tests
+- [ ] Add more coverage for [module]
+- [ ] Review TEST_FIXTURE fixtures
+```
+
+## Context for Testing
+
+$ARGUMENTS
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,31 @@
+.git
+.gitignore
+.pytest_cache
+.ruff_cache
+.vscode
+.ai
+.specify
+.kilocode
+venv
+backend/.venv
+backend/.pytest_cache
+frontend/node_modules
+frontend/.svelte-kit
+frontend/.vite
+frontend/build
+backend/__pycache__
+backend/src/__pycache__
+backend/tests/__pycache__
+**/__pycache__
+*.pyc
+*.pyo
+*.pyd
+*.db
+*.log
+.env*
+coverage/
+Dockerfile*
+.dockerignore
+backups
+semantics
+specs
--- a/.gitignore
+++ b/.gitignore
@@ -10,8 +10,6 @@ dist/
 downloads/
 eggs/
 .eggs/
-lib/
-lib64/
 parts/
 sdist/
 var/
@@ -61,11 +59,19 @@ keyring passwords.py
 *github*

 *tech_spec*
-dashboards
-backend/mappings.db
+/dashboards
+dashboards_example/**/dashboards/
+backend/mappings.db


 backend/tasks.db
 backend/logs
 backend/auth.db
 semantics/reports
+backend/tasks.db
+
+# Universal / tooling
+node_modules/
+.venv/
+coverage/
+*.tmp
--- a/.kilocode/rules/specify-rules.md
+++ b/.kilocode/rules/specify-rules.md
@@ -2,6 +2,12 @@

 Auto-generated from all feature plans. Last updated: 2025-12-19

+## Knowledge Graph (GRACE)
+**CRITICAL**: This project uses a GRACE Knowledge Graph for context. Always load the root map first:
+- **Root Map**: `.ai/ROOT.md` -> `[DEF:Project_Knowledge_Map:Root]`
+- **Project Map**: `.ai/PROJECT_MAP.md` -> `[DEF:Project_Map]`
+- **Standards**: Read `.ai/standards/` for architecture and style rules.
+
 ## Active Technologies
 - Python 3.9+, Node.js 18+ + `uvicorn`, `npm`, `bash` (003-project-launch-script)
 - Python 3.9+, Node.js 18+ + SvelteKit, FastAPI, Tailwind CSS (inferred from existing frontend) (004-integrate-svelte-kit)
@@ -35,6 +41,10 @@ Auto-generated from all feature plans. Last updated: 2025-12-19
 - SQLite (existing `tasks.db` for results, `auth.db` for permissions, `mappings.db` or new `plugins.db` for provider config/metadata) (017-llm-analysis-plugin)
 - Python 3.9+ (Backend), Node.js 18+ (Frontend) + FastAPI, SvelteKit, Tailwind CSS, SQLAlchemy, WebSocket (existing) (019-superset-ux-redesign)
 - SQLite (tasks.db, auth.db, migrations.db) - no new database tables required (019-superset-ux-redesign)
+- Python 3.9+ (backend), Node.js 18+ (frontend) + FastAPI, SvelteKit, Tailwind CSS, SQLAlchemy/Pydantic task models, existing task/websocket stack (020-task-reports-design)
+- SQLite task/result persistence (existing task DB), filesystem only for existing artifacts (no new primary store required) (020-task-reports-design)
+- Node.js 18+ runtime, SvelteKit (existing frontend stack) + SvelteKit, Tailwind CSS, existing frontend UI primitives under `frontend/src/lib/components/ui` (001-unify-frontend-style)
+- N/A (UI styling and component behavior only) (001-unify-frontend-style)

 - Python 3.9+ (Backend), Node.js 18+ (Frontend Build) (001-plugin-arch-svelte-ui)

@@ -55,9 +65,9 @@ cd src; pytest; ruff check .
 Python 3.9+ (Backend), Node.js 18+ (Frontend Build): Follow standard conventions

 ## Recent Changes
+- 001-unify-frontend-style: Added Node.js 18+ runtime, SvelteKit (existing frontend stack) + SvelteKit, Tailwind CSS, existing frontend UI primitives under `frontend/src/lib/components/ui`
+- 020-task-reports-design: Added Python 3.9+ (backend), Node.js 18+ (frontend) + FastAPI, SvelteKit, Tailwind CSS, SQLAlchemy/Pydantic task models, existing task/websocket stack
 - 019-superset-ux-redesign: Added Python 3.9+ (Backend), Node.js 18+ (Frontend) + FastAPI, SvelteKit, Tailwind CSS, SQLAlchemy, WebSocket (existing)
- 017-llm-analysis-plugin: Added Python 3.9+ (Backend), Node.js 18+ (Frontend)
- 016-multi-user-auth: Added Python 3.9+ (Backend), Node.js 18+ (Frontend)


 <!-- MANUAL ADDITIONS START -->
--- a/.kilocode/workflows/audit-test.md
+++ b/.kilocode/workflows/audit-test.md
@@ -0,0 +1,103 @@
+---
+description: Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+---
+
+**ROLE:** Elite Quality Assurance Architect and Red Teamer.
+**OBJECTIVE:** Audit AI-generated unit tests. Your goal is to aggressively search for "Test Tautologies", "Logic Echoing", and "Contract Negligence". You are the final gatekeeper. If a test is meaningless, you MUST reject it.
+
+**INPUT:**
+1. SOURCE CODE (with GRACE-Poly `[DEF]` Contract: `@PRE`, `@POST`, `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`).
+2. GENERATED TEST CODE.
+
+### I. CRITICAL ANTI-PATTERNS (REJECT IMMEDIATELY IF FOUND):
+
+1. **The Tautology (Self-Fulfilling Prophecy):**
+   - *Definition:* The test asserts hardcoded values against hardcoded values without executing the core business logic, or mocks the actual function being tested.
+   - *Example of Failure:* `assert 2 + 2 == 4` or mocking the class under test so that it returns exactly what the test asserts.
+
+2. **The Logic Mirror (Echoing):**
+   - *Definition:* The test re-implements the exact same algorithmic logic found in the source code to calculate the `expected_result`. If the original logic is flawed, the test will falsely pass.
+   - *Rule:* Tests must assert against **static, predefined outcomes** (from `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT` or explicit constants), NOT dynamically calculated outcomes using the same logic as the source.
+
+3. **The "Happy Path" Illusion:**
+   - *Definition:* The test suite only checks successful executions but ignores the `@PRE` conditions (Negative Testing).
+   - *Rule:* Every `@PRE` tag in the source contract MUST have a corresponding test that deliberately violates it and asserts the correct Exception/Error state.
+
+4. **Missing Post-Condition Verification:**
+   - *Definition:* The test calls the function but only checks the return value, ignoring `@SIDE_EFFECT` or `@POST` state changes (e.g., failing to verify that a DB call was made or a Store was updated).
+
+5. **Missing Edge Case Coverage:**
+   - *Definition:* The test suite ignores `@TEST_EDGE` scenarios defined in the contract.
+   - *Rule:* Every `@TEST_EDGE` in the source contract MUST have a corresponding test case.
+
+6. **Missing Invariant Verification:**
+   - *Definition:* The test suite does not verify `@TEST_INVARIANT` conditions.
+   - *Rule:* Every `@TEST_INVARIANT` MUST be verified by at least one test that attempts to break it.
+
+7. **Missing UX State Testing (Svelte Components):**
+   - *Definition:* For Svelte components with `@UX_STATE`, the test suite does not verify state transitions.
+   - *Rule:* Every `@UX_STATE` transition MUST have a test verifying the visual/behavioral change.
+   - *Check:* `@UX_FEEDBACK` mechanisms (toast, shake, color) must be tested.
+   - *Check:* `@UX_RECOVERY` mechanisms (retry, clear input) must be tested.
+
+### II. SEMANTIC PROTOCOL COMPLIANCE
+
+Verify the test file follows GRACE-Poly semantics:
+
+1. **Anchor Integrity:**
+   - Test file MUST start with `[DEF:__tests__/test_name:Module]`
+   - Test file MUST end with `[/DEF:__tests__/test_name:Module]`
+
+2. **Required Tags:**
+   - `@RELATION: VERIFIES -> <path_to_source>` must be present
+   - `@PURPOSE:` must describe what is being tested
+
+3. **TIER Alignment:**
+   - If source is `@TIER: CRITICAL`, test MUST cover all `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, `@TEST_INVARIANT`
+   - If source is `@TIER: STANDARD`, test MUST cover `@PRE` and `@POST`
+   - If source is `@TIER: TRIVIAL`, basic smoke test is acceptable
+
+### III. AUDIT CHECKLIST
+
+Evaluate the test code against these criteria:
+1. **Target Invocation:** Does the test actually import and call the function/component declared in the `@RELATION: VERIFIES` tag?
+2. **Contract Alignment:** Does the test suite cover 100% of the `@PRE` (negative tests) and `@POST` (assertions) conditions from the source contract?
+3. **Test Contract Compliance:** Does the test follow the interface defined in `@TEST_CONTRACT`?
+4. **Data Usage:** Does the test use the exact scenarios defined in `@TEST_FIXTURE`?
+5. **Edge Coverage:** Are all `@TEST_EDGE` scenarios tested?
+6. **Invariant Coverage:** Are all `@TEST_INVARIANT` conditions verified?
+7. **UX Coverage (if applicable):** Are all `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY` tested?
+8. **Mocking Sanity:** Are external dependencies mocked correctly WITHOUT mocking the system under test itself?
+9. **Semantic Anchor:** Does the test file have proper `[DEF]` and `[/DEF]` anchors?
+
+### IV. OUTPUT FORMAT
+
+You MUST respond strictly in the following JSON format. Do not add markdown blocks outside the JSON.
+
+{
+  "verdict": "APPROVED" | "REJECTED",
+  "rejection_reason": "TAUTOLOGY" | "LOGIC_MIRROR" | "WEAK_CONTRACT_COVERAGE" | "OVER_MOCKED" | "MISSING_EDGES" | "MISSING_INVARIANTS" | "MISSING_UX_TESTS" | "SEMANTIC_VIOLATION" | "NONE",
+  "audit_details": {
+    "target_invoked": true/false,
+    "pre_conditions_tested": true/false,
+    "post_conditions_tested": true/false,
+    "test_fixture_used": true/false,
+    "edges_covered": true/false,
+    "invariants_verified": true/false,
+    "ux_states_tested": true/false,
+    "semantic_anchors_present": true/false
+  },
+  "coverage_summary": {
+    "total_edges": number,
+    "edges_tested": number,
+    "total_invariants": number,
+    "invariants_tested": number,
+    "total_ux_states": number,
+    "ux_states_tested": number
+  },
+  "tier_compliance": {
+    "source_tier": "CRITICAL" | "STANDARD" | "TRIVIAL",
+    "meets_tier_requirements": true/false
+  },
+  "feedback": "Strict, actionable feedback for the test generator agent. Explain exactly which anti-pattern was detected and how to fix it."
+}
--- a/.kilocode/workflows/read_semantic.md
+++ b/.kilocode/workflows/read_semantic.md
@@ -1,4 +1,4 @@
 ---
 description: USE SEMANTIC
 ---
-Прочитай semantic_protocol.md. ОБЯЗАТЕЛЬНО используй его при разработке
+Прочитай .ai/standards/semantics.md. ОБЯЗАТЕЛЬНО используй его при разработке
--- a/.kilocode/workflows/speckit.analyze.md
+++ b/.kilocode/workflows/speckit.analyze.md
@@ -18,7 +18,7 @@ Identify inconsistencies, duplications, ambiguities, and underspecified items ac

 **STRICTLY READ-ONLY**: Do **not** modify any files. Output a structured analysis report. Offer an optional remediation plan (user must explicitly approve before any follow-up editing commands would be invoked manually).

-**Constitution Authority**: The project constitution (`.specify/memory/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`.
+**Constitution Authority**: The project constitution (`.ai/standards/constitution.md`) is **non-negotiable** within this analysis scope. Constitution conflicts are automatically CRITICAL and require adjustment of the spec, plan, or tasks—not dilution, reinterpretation, or silent ignoring of the principle. If a principle itself needs to change, that must occur in a separate, explicit constitution update outside `/speckit.analyze`.

 ## Execution Steps

@@ -62,8 +62,8 @@ Load only the minimal necessary context from each artifact:

 **From constitution:**

- Load `.specify/memory/constitution.md` for principle validation
- Load `semantic_protocol.md` for technical standard validation
+- Load `.ai/standards/constitution.md` for principle validation
+- Load `.ai/standards/semantics.md` for technical standard validation

 ### 3. Build Semantic Models

--- a/.kilocode/workflows/speckit.constitution.md
+++ b/.kilocode/workflows/speckit.constitution.md
@@ -16,11 +16,11 @@ You **MUST** consider the user input before proceeding (if not empty).

 ## Outline

-You are updating the project constitution at `.specify/memory/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts.
+You are updating the project constitution at `.ai/standards/constitution.md`. This file is a TEMPLATE containing placeholder tokens in square brackets (e.g. `[PROJECT_NAME]`, `[PRINCIPLE_1_NAME]`). Your job is to (a) collect/derive concrete values, (b) fill the template precisely, and (c) propagate any amendments across dependent artifacts.

 Follow this execution flow:

-1. Load the existing constitution template at `.specify/memory/constitution.md`.
+1. Load the existing constitution template at `.ai/standards/constitution.md`.
   - Identify every placeholder token of the form `[ALL_CAPS_IDENTIFIER]`.
   **IMPORTANT**: The user might require less or more principles than the ones used in the template. If a number is specified, respect that - follow the general template. You will update the doc accordingly.

@@ -61,7 +61,7 @@ Follow this execution flow:
   - Dates ISO format YYYY-MM-DD.
   - Principles are declarative, testable, and free of vague language ("should" → replace with MUST/SHOULD rationale where appropriate).

-7. Write the completed constitution back to `.specify/memory/constitution.md` (overwrite).
+7. Write the completed constitution back to `.ai/standards/constitution.md` (overwrite).

 8. Output a final summary to the user with:
   - New version and bump rationale.
@@ -79,4 +79,4 @@ If the user supplies partial updates (e.g., only one principle revision), still

 If critical info missing (e.g., ratification date truly unknown), insert `TODO(<FIELD_NAME>): explanation` and include in the Sync Impact Report under deferred items.

-Do not create a new template; always operate on the existing `.specify/memory/constitution.md` file.
+Do not create a new template; always operate on the existing `.ai/standards/constitution.md` file.
--- a/.kilocode/workflows/speckit.fix.md
+++ b/.kilocode/workflows/speckit.fix.md
@@ -0,0 +1,199 @@
+---
+
+description: Fix failing tests and implementation issues based on test reports
+
+---
+
+## User Input
+
+```text
+$ARGUMENTS
+```
+
+You **MUST** consider the user input before proceeding (if not empty).
+
+## Goal
+
+Analyze test failure reports, identify root causes, and fix implementation issues while preserving semantic protocol compliance.
+
+## Operating Constraints
+
+1. **USE CODER MODE**: Always switch to `coder` mode for code fixes
+2. **SEMANTIC PROTOCOL**: Never remove semantic annotations ([DEF], @TAGS). Only update code logic.
+3. **TEST DATA**: If tests use @TEST_ fixtures, preserve them when fixing
+4. **NO DELETION**: Never delete existing tests or semantic annotations
+5. **REPORT FIRST**: Always write a fix report before making changes
+
+## Execution Steps
+
+### 1. Load Test Report
+
+**Required**: Test report file path (e.g., `specs/<feature>/tests/reports/2026-02-19-report.md`)
+
+**Parse the report for**:
+- Failed test cases
+- Error messages
+- Stack traces
+- Expected vs actual behavior
+- Affected modules/files
+
+### 2. Analyze Root Causes
+
+For each failed test:
+
+1. **Read the test file** to understand what it's testing
+2. **Read the implementation file** to find the bug
+3. **Check semantic protocol compliance**:
+   - Does the implementation have correct [DEF] anchors?
+   - Are @TAGS (@PRE, @POST, @UX_STATE, etc.) present?
+   - Does the code match the TIER requirements?
+4. **Identify the fix**:
+   - Logic error in implementation
+   - Missing error handling
+   - Incorrect API usage
+   - State management issue
+
+### 3. Write Fix Report
+
+Create a structured fix report:
+
+```markdown
+# Fix Report: [FEATURE]
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X]
+- Total Skipped: [X]
+
+## Failed Tests Analysis
+
+### Test: [Test Name]
+
+**File**: `path/to/test.py`
+**Error**: [Error message]
+
+**Root Cause**: [Explanation of why test failed]
+
+**Fix Required**: [Description of fix]
+
+**Status**: [Pending/In Progress/Completed]
+
+## Fixes Applied
+
+### Fix 1: [Description]
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**:
+```diff
+<<<<<<< SEARCH
+[Original Code]
+=======
+[Fixed Code]
+>>>>>>> REPLACE
+```
+
+**Verification**: [How to verify fix works]
+
+**Semantic Integrity**: [Confirmed annotations preserved]
+
+## Next Steps
+
+- [ ] Run tests to verify fix: `cd backend && .venv/bin/python3 -m pytest`
+- [ ] Check for related failing tests
+- [ ] Update test documentation if needed
+```
+
+### 4. Apply Fixes (in Coder Mode)
+
+Switch to `coder` mode and apply fixes:
+
+1. **Read the implementation file** to get exact content
+2. **Apply the fix** using apply_diff
+3. **Preserve all semantic annotations**:
+   - Keep [DEF:...] and [/DEF:...] anchors
+   - Keep all @TAGS (@PURPOSE, @LAYER, @TIER, @RELATION, @PRE, @POST, @UX_STATE, @UX_FEEDBACK, @UX_RECOVERY)
+4. **Only update code logic** to fix the bug
+5. **Run tests** to verify the fix
+
+### 5. Verification
+
+After applying fixes:
+
+1. **Run tests**:
+   ```bash
+   cd backend && .venv/bin/python3 -m pytest -v
+   ```
+   or
+   ```bash
+   cd frontend && npm run test
+   ```
+
+2. **Check test results**:
+   - Failed tests should now pass
+   - No new tests should fail
+   - Coverage should not decrease
+
+3. **Update fix report** with results:
+   - Mark fixes as completed
+   - Add verification steps
+   - Note any remaining issues
+
+## Output
+
+Generate final fix report:
+
+```markdown
+# Fix Report: [FEATURE] - COMPLETED
+
+**Date**: [YYYY-MM-DD]
+**Report**: [Test Report Path]
+**Fixer**: Coder Agent
+
+## Summary
+
+- Total Failed Tests: [X]
+- Total Fixed: [X] ✅
+- Total Skipped: [X]
+
+## Fixes Applied
+
+### Fix 1: [Description] ✅
+
+**Affected File**: `path/to/file.py`
+**Test Affected**: `[Test Name]`
+
+**Changes**: [Summary of changes]
+
+**Verification**: All tests pass ✅
+
+**Semantic Integrity**: Preserved ✅
+
+## Test Results
+
+```
+[Full test output showing all passing tests]
+```
+
+## Recommendations
+
+- [ ] Monitor for similar issues
+- [ ] Update documentation if needed
+- [ ] Consider adding more tests for edge cases
+
+## Related Files
+
+- Test Report: [path]
+- Implementation: [path]
+- Test File: [path]
+```
+
+## Context for Fixing
+
+$ARGUMENTS
--- a/.kilocode/workflows/speckit.implement.md
+++ b/.kilocode/workflows/speckit.implement.md
@@ -51,7 +51,7 @@ You **MUST** consider the user input before proceeding (if not empty).
     - Automatically proceed to step 3

 3. Load and analyze the implementation context:
-   - **REQUIRED**: Read `semantic_protocol.md` for strict coding standards and contract requirements
+   - **REQUIRED**: Read `.ai/standards/semantics.md` for strict coding standards and contract requirements
   - **REQUIRED**: Read tasks.md for the complete task list and execution plan
   - **REQUIRED**: Read plan.md for tech stack, architecture, and file structure
   - **IF EXISTS**: Read data-model.md for entities and relationships
@@ -117,7 +117,11 @@ You **MUST** consider the user input before proceeding (if not empty).
   - **Validation checkpoints**: Verify each phase completion before proceeding

 7. Implementation execution rules:
-   - **Strict Adherence**: Apply `semantic_protocol.md` rules - every file must start with [DEF] header, include @TIER, and define contracts.
+   - **Strict Adherence**: Apply `.ai/standards/semantics.md` rules:
+     - Every file MUST start with a `[DEF:id:Type]` header and end with a closing `[/DEF:id:Type]` anchor.
+     - Include `@TIER` and define contracts (`@PRE`, `@POST`).
+     - For Svelte components, use `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY`, and explicitly declare reactivity with `@UX_REATIVITY: State: $state, Derived: $derived`.
+     - **Molecular Topology Logging**: Use prefixes `[EXPLORE]`, `[REASON]`, `[REFLECT]` in logs to trace logic.
   - **CRITICAL Contracts**: If a task description contains a contract summary (e.g., `CRITICAL: PRE: ..., POST: ...`), these constraints are **MANDATORY** and must be strictly implemented in the code using guards/assertions (if applicable per protocol).
   - **Setup first**: Initialize project structure, dependencies, configuration
   - **Tests before code**: If you need to write tests for contracts, entities, and integration scenarios
--- a/.kilocode/workflows/speckit.plan.md
+++ b/.kilocode/workflows/speckit.plan.md
@@ -22,7 +22,7 @@ You **MUST** consider the user input before proceeding (if not empty).

 1. **Setup**: Run `.specify/scripts/bash/setup-plan.sh --json` from repo root and parse JSON for FEATURE_SPEC, IMPL_PLAN, SPECS_DIR, BRANCH. For single quotes in args like "I'm Groot", use escape syntax: e.g 'I'\''m Groot' (or double-quote if possible: "I'm Groot").

-2. **Load context**: Read FEATURE_SPEC, `ux_reference.md`, `semantic_protocol.md` and `.specify/memory/constitution.md`. Load IMPL_PLAN template (already copied).
+2. **Load context**: Read `.ai/ROOT.md` and `.ai/PROJECT_MAP.md` to understand the project structure and navigation. Then read required standards: `.ai/standards/constitution.md` and `.ai/standards/semantics.md`. Load IMPL_PLAN template.

 3. **Execute plan workflow**: Follow the structure in IMPL_PLAN template to:
   - Fill Technical Context (mark unknowns as "NEEDS CLARIFICATION")
@@ -73,13 +73,13 @@ You **MUST** consider the user input before proceeding (if not empty).
   - Entity name, fields, relationships, validation rules.

 2. **Design & Verify Contracts (Semantic Protocol)**:
-   - **Drafting**: Define [DEF] Headers and Contracts for all new modules based on `semantic_protocol.md`.
+   - **Drafting**: Define `[DEF:id:Type]` Headers, Contracts, and closing `[/DEF:id:Type]` for all new modules based on `.ai/standards/semantics.md`.
   - **TIER Classification**: Explicitly assign `@TIER: [CRITICAL|STANDARD|TRIVIAL]` to each module.
-   - **CRITICAL Requirements**: For all CRITICAL modules, define full `@PRE`, `@POST`, and (if UI) `@UX_STATE` contracts.
+   - **CRITICAL Requirements**: For all CRITICAL modules, define full `@PRE`, `@POST`, and (if UI) `@UX_STATE` contracts. **MUST** also define testing contracts: `@TEST_CONTRACT`, `@TEST_FIXTURE`, `@TEST_EDGE`, and `@TEST_INVARIANT`.
   - **Self-Review**:
-     - *Completeness*: Do `@PRE`/`@POST` cover edge cases identified in Research?
+     - *Completeness*: Do `@PRE`/`@POST` cover edge cases identified in Research? Are test contracts present for CRITICAL?
     - *Connectivity*: Do `@RELATION` tags form a coherent graph?
-     - *Compliance*: Does syntax match `[DEF:id:Type]` exactly?
+     - *Compliance*: Does syntax match `[DEF:id:Type]` exactly and is it closed with `[/DEF:id:Type]`?
   - **Output**: Write verified contracts to `contracts/modules.md`.

 3. **Simulate Contract Usage**:
--- a/.kilocode/workflows/speckit.tasks.md
+++ b/.kilocode/workflows/speckit.tasks.md
@@ -121,8 +121,8 @@ Every task MUST strictly follow this format:

 2. **From Contracts (CRITICAL TIER)**:
   - Identify components marked as `@TIER: CRITICAL` in `contracts/modules.md`.
-   - For these components, **MUST** append the summary of `@PRE`, `@POST`, and `@UX_STATE` contracts directly to the task description.
-   - Example: `- [ ] T005 [P] [US1] Implement Auth (CRITICAL: PRE: token exists, POST: returns User) in src/auth.py`
+   - For these components, **MUST** append the summary of `@PRE`, `@POST`, `@UX_STATE`, and test contracts (`@TEST_FIXTURE`, `@TEST_EDGE`) directly to the task description.
+   - Example: `- [ ] T005 [P] [US1] Implement Auth (CRITICAL: PRE: token exists, POST: returns User, TESTS: 2 edges) in src/auth.py`
   - Map each contract/endpoint → to the user story it serves
   - If tests requested: Each contract → contract test task [P] before implementation in that story's phase

--- a/.kilocode/workflows/speckit.test.md
+++ b/.kilocode/workflows/speckit.test.md
@@ -1,17 +1,7 @@
-№ **speckit.tasks.md**
-### Modified Workflow
+---
+
+description: Generate tests, manage test documentation, and ensure maximum code coverage

-```markdown
-description: Generate an actionable, dependency-ordered tasks.md for the feature based on available design artifacts.
-handoffs: 
-  - label: Analyze For Consistency
-    agent: speckit.analyze
-    prompt: Run a project analysis for consistency
-    send: true
-  - label: Implement Project
-    agent: speckit.implement
-    prompt: Start the implementation in phases
-    send: true
 ---

 ## User Input
@@ -22,95 +12,168 @@ $ARGUMENTS

 You **MUST** consider the user input before proceeding (if not empty).

-## Outline
+## Goal

-1. **Setup**: Run `.specify/scripts/bash/check-prerequisites.sh --json` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS list. All paths must be absolute.
+Execute full testing cycle: analyze code for testable modules, write tests with proper coverage, maintain test documentation, and ensure no test duplication or deletion.

-2. **Load design documents**: Read from FEATURE_DIR:
-   - **Required**: plan.md (tech stack, libraries, structure), spec.md (user stories with priorities), ux_reference.md (experience source of truth)
-   - **Optional**: data-model.md (entities), contracts/ (API endpoints), research.md (decisions)
+## Operating Constraints

-3. **Execute task generation workflow**:
-   - **Architecture Analysis (CRITICAL)**: Scan existing codebase for patterns (DI, Auth, ORM).
-   - Load plan.md/spec.md.
-   - Generate tasks organized by user story.
-   - **Apply Fractal Co-location**: Ensure all unit tests are mapped to `__tests__` subdirectories relative to the code.
-   - Validate task completeness.
+1. **NEVER delete existing tests** - Only update if they fail due to bugs in the test or implementation
+2. **NEVER duplicate tests** - Check existing tests first before creating new ones
+3. **Use TEST_FIXTURE fixtures** - For CRITICAL tier modules, read @TEST_FIXTURE from .ai/standards/semantics.md
+4. **Co-location required** - Write tests in `__tests__` directories relative to the code being tested

-4. **Generate tasks.md**: Use `.specify/templates/tasks-template.md` as structure.
-   - Phase 1: Context & Setup.
-   - Phase 2: Foundational tasks.
-   - Phase 3+: User Stories (Priority order).
-   - Final Phase: Polish.
-   - **Strict Constraint**: Ensure tasks follow the Co-location and Mocking rules below.
+## Execution Steps

-5. **Report**: Output path to generated tasks.md and summary.
+### 1. Analyze Context

-Context for task generation: $ARGUMENTS
+Run `.specify/scripts/bash/check-prerequisites.sh --json --require-tasks --include-tasks` from repo root and parse FEATURE_DIR and AVAILABLE_DOCS.

-## Task Generation Rules
+Determine:
+- FEATURE_DIR - where the feature is located
+- TASKS_FILE - path to tasks.md
+- Which modules need testing based on task status

-**CRITICAL**: Tasks MUST be actionable, specific, architecture-aware, and context-local.
+### 2. Load Relevant Artifacts

-### Implementation & Testing Constraints (ANTI-LOOP & CO-LOCATION)
+**From tasks.md:**
+- Identify completed implementation tasks (not test tasks)
+- Extract file paths that need tests

-To prevent infinite debugging loops and context fragmentation, apply these rules:
+**From .ai/standards/semantics.md:**
+- Read @TIER annotations for modules
+- For CRITICAL modules: Read @TEST_ fixtures

-1.  **Fractal Co-location Strategy (MANDATORY)**:
-    - **Rule**: Unit tests MUST live next to the code they verify.
-    - **Forbidden**: Do NOT create unit tests in root `tests/` or `backend/tests/`. Those are for E2E/Integration only.
-    - **Pattern (Python)**:
-      - Source: `src/domain/order/processing.py`
-      - Test Task: `Create tests in src/domain/order/__tests__/test_processing.py`
-    - **Pattern (Frontend)**:
-      - Source: `src/lib/components/UserCard.svelte`
-      - Test Task: `Create tests in src/lib/components/__tests__/UserCard.test.ts`
+**From existing tests:**
+- Scan `__tests__` directories for existing tests
+- Identify test patterns and coverage gaps

-2.  **Semantic Relations**:
-    - Test generation tasks must explicitly instruct to add the relation header: `# @RELATION: VERIFIES -> [TargetComponent]`
+### 3. Test Coverage Analysis

-3.  **Strict Mocking for Unit Tests**:
-    - Any task creating Unit Tests MUST specify: *"Use `unittest.mock.MagicMock` for heavy dependencies (DB sessions, Auth). Do NOT instantiate real service classes."*
+Create coverage matrix:

-4.  **Schema/Model Separation**:
-    - Explicitly separate tasks for ORM Models (SQLAlchemy) and Pydantic Schemas.
+| Module | File | Has Tests | TIER | TEST_FIXTURE Available |
+|--------|------|-----------|------|----------------------|
+| ... | ... | ... | ... | ... |

-### UX Preservation (CRITICAL)
+### 4. Write Tests (TDD Approach)

- **Source of Truth**: `ux_reference.md` is the absolute standard.
- **Verification Task**: You **MUST** add a specific task at the end of each User Story phase: `- [ ] Txxx [USx] Verify implementation matches ux_reference.md (Happy Path & Errors)`
+For each module requiring tests:

-### Checklist Format (REQUIRED)
+1. **Check existing tests**: Scan `__tests__/` for duplicates
+2. **Read TEST_FIXTURE**: If CRITICAL tier, read @TEST_FIXTURE from semantics header
+3. **Write test**: Follow co-location strategy
+   - Python: `src/module/__tests__/test_module.py`
+   - Svelte: `src/lib/components/__tests__/test_component.test.js`
+4. **Use mocks**: Use `unittest.mock.MagicMock` for external dependencies

-Every task MUST strictly follow this format:
+### 4a. UX Contract Testing (Frontend Components)

-```text
- [ ] [TaskID] [P?] [Story?] Description with file path
+For Svelte components with `@UX_STATE`, `@UX_FEEDBACK`, `@UX_RECOVERY` tags:
+
+1. **Parse UX tags**: Read component file and extract all `@UX_*` annotations
+2. **Generate UX tests**: Create tests for each UX state transition
+   ```javascript
+   // Example: Testing @UX_STATE: Idle -> Expanded
+   it('should transition from Idle to Expanded on toggle click', async () => {
+     render(Sidebar);
+     const toggleBtn = screen.getByRole('button', { name: /toggle/i });
+     await fireEvent.click(toggleBtn);
+     expect(screen.getByTestId('sidebar')).toHaveClass('expanded');
+   });
+   ```
+3. **Test @UX_FEEDBACK**: Verify visual feedback (toast, shake, color changes)
+4. **Test @UX_RECOVERY**: Verify error recovery mechanisms (retry, clear input)
+5. **Use @UX_TEST fixtures**: If component has `@UX_TEST` tags, use them as test specifications
+
+**UX Test Template:**
+```javascript
+// [DEF:__tests__/test_Component:Module]
+// @RELATION: VERIFIES -> ../Component.svelte
+// @PURPOSE: Test UX states and transitions
+
+describe('Component UX States', () => {
+  // @UX_STATE: Idle -> {action: click, expected: Active}
+  it('should transition Idle -> Active on click', async () => { ... });
+  
+  // @UX_FEEDBACK: Toast on success
+  it('should show toast on successful action', async () => { ... });
+  
+  // @UX_RECOVERY: Retry on error
+  it('should allow retry on error', async () => { ... });
+});
+// [/DEF:__tests__/test_Component:Module]
 ```

-**Examples**:
- ✅ `- [ ] T005 [US1] Create unit tests for OrderService in src/services/__tests__/test_order.py (Mock DB)`
- ✅ `- [ ] T006 [US1] Implement OrderService in src/services/order.py`
- ❌ `- [ ] T005 [US1] Create tests in backend/tests/test_order.py` (VIOLATION: Wrong location)
+### 5. Test Documentation

-### Task Organization & Phase Structure
+Create/update documentation in `specs/<feature>/tests/`:

-**Phase 1: Context & Setup**
- **Goal**: Prepare environment and understand existing patterns.
- **Mandatory Task**: `- [ ] T001 Analyze existing project structure, auth patterns, and `conftest.py` location`
+```
+tests/
+├── README.md           # Test strategy and overview
+├── coverage.md         # Coverage matrix and reports
+└── reports/
+    └── YYYY-MM-DD-report.md
+```

-**Phase 2: Foundational (Data & Core)**
- Database Models (ORM).
- Pydantic Schemas (DTOs).
- Core Service interfaces.
+### 6. Execute Tests

-**Phase 3+: User Stories (Iterative)**
- **Step 1: Isolation Tests (Co-located)**: 
-  - `- [ ] Txxx [USx] Create unit tests for [Component] in [Path]/__tests__/test_[name].py`
-  - *Note: Specify using MagicMock for external deps.*
- **Step 2: Implementation**: Services -> Endpoints.
- **Step 3: Integration**: Wire up real dependencies (if E2E tests requested).
- **Step 4: UX Verification**.
+Run tests and report results:

-**Final Phase: Polish**
- Linting, formatting, final manual verify.
+**Backend:**
+```bash
+cd backend && .venv/bin/python3 -m pytest -v
+```
+
+**Frontend:**
+```bash
+cd frontend && npm run test
+```
+
+### 7. Update Tasks
+
+Mark test tasks as completed in tasks.md with:
+- Test file path
+- Coverage achieved
+- Any issues found
+
+## Output
+
+Generate test execution report:
+
+```markdown
+# Test Report: [FEATURE]
+
+**Date**: [YYYY-MM-DD]
+**Executed by**: Tester Agent
+
+## Coverage Summary
+
+| Module | Tests | Coverage % |
+|--------|-------|------------|
+| ... | ... | ... |
+
+## Test Results
+
+- Total: [X]
+- Passed: [X]
+- Failed: [X]
+- Skipped: [X]
+
+## Issues Found
+
+| Test | Error | Resolution |
+|------|-------|------------|
+| ... | ... | ... |
+
+## Next Steps
+
+- [ ] Fix failed tests
+- [ ] Add more coverage for [module]
+- [ ] Review TEST_FIXTURE fixtures
+```
+
+## Context for Testing
+
+$ARGUMENTS
--- a/.kilocodemodes
+++ b/.kilocodemodes
@@ -1,25 +1,39 @@
 customModes:
  - slug: tester
    name: Tester
-    description: QA and Plan Verification Specialist
+    description: QA and Test Engineer - Full Testing Cycle
    roleDefinition: |-
-      You are Kilo Code, acting as a QA and Verification Specialist. Your primary goal is to validate that the project implementation aligns strictly with the defined specifications and task plans.
-      Your responsibilities include: - Reading and analyzing task plans and specifications (typically in the `specs/` directory). - Verifying that implemented code matches the requirements. - Executing tests and validating system behavior via CLI or Browser. - Updating the status of tasks in the plan files (e.g., marking checkboxes [x]) as they are verified. - Identifying and reporting missing features or bugs.
-    whenToUse: Use this mode when you need to audit the progress of a project, verify completed tasks against the plan, run quality assurance checks, or update the status of task lists in specification documents.
+      You are Kilo Code, acting as a QA and Test Engineer. Your primary goal is to ensure maximum test coverage, maintain test quality, and preserve existing tests.
+      Your responsibilities include:
+      - WRITING TESTS: Create comprehensive unit tests following TDD principles, using co-location strategy (`__tests__` directories).
+      - TEST DATA: For CRITICAL tier modules, you MUST use @TEST_DATA fixtures defined in .ai/standards/semantics.md. Read and apply them in your tests.
+      - DOCUMENTATION: Maintain test documentation in `specs/<feature>/tests/` directory with coverage reports and test case specifications.
+      - VERIFICATION: Run tests, analyze results, and ensure all tests pass.
+      - PROTECTION: NEVER delete existing tests. NEVER duplicate tests - check for existing tests first.
+    whenToUse: Use this mode when you need to write tests, run test coverage analysis, or perform quality assurance with full testing cycle.
    groups:
      - read
      - edit
      - command
      - browser
      - mcp
-    customInstructions: 1. Always begin by loading the relevant plan or task list from the `specs/` directory. 2. Do not assume a task is done just because it is checked; verify the code or functionality first if asked to audit. 3. When updating task lists, ensure you only mark items as complete if you have verified them.
+    customInstructions: |
+      1. KNOWLEDGE GRAPH: ALWAYS read .ai/ROOT.md first to understand the project structure and navigation.
+      2. CO-LOCATION: Write tests in `__tests__` subdirectories relative to the code being tested (Fractal Strategy).
+      2. TEST DATA MANDATORY: For CRITICAL modules, read @TEST_DATA from .ai/standards/semantics.md and use fixtures in tests.
+      3. UX CONTRACT TESTING: For Svelte components with @UX_STATE, @UX_FEEDBACK, @UX_RECOVERY tags, create comprehensive UX tests.
+      4. NO DELETION: Never delete existing tests - only update if they fail due to legitimate bugs.
+      5. NO DUPLICATION: Check existing tests in `__tests__/` before creating new ones. Reuse existing test patterns.
+      6. DOCUMENTATION: Create test reports in `specs/<feature>/tests/reports/YYYY-MM-DD-report.md`.
+      7. COVERAGE: Aim for maximum coverage but prioritize CRITICAL and STANDARD tier modules.
+      8. RUN TESTS: Execute tests using `cd backend && .venv/bin/python3 -m pytest` or `cd frontend && npm run test`.
  - slug: semantic
    name: Semantic Agent
    roleDefinition: |-
-      You are Kilo Code, a Semantic Agent responsible for maintaining the semantic integrity of the codebase. Your primary goal is to ensure that all code entities (Modules, Classes, Functions, Components) are properly annotated with semantic anchors and tags as defined in `semantic_protocol.md`.
-      Your core responsibilities are: 1.  **Semantic Mapping**: You run and maintain the `generate_semantic_map.py` script to generate up-to-date semantic maps (`semantics/semantic_map.json`, `specs/project_map.md`) and compliance reports (`semantics/reports/*.md`). 2.  **Compliance Auditing**: You analyze the generated compliance reports to identify files with low semantic coverage or parsing errors. 3.  **Semantic Enrichment**: You actively edit code files to add missing semantic anchors (`[DEF:...]`, `[/DEF:...]`) and mandatory tags (`@PURPOSE`, `@LAYER`, etc.) to improve the global compliance score. 4.  **Protocol Enforcement**: You strictly adhere to the syntax and rules defined in `semantic_protocol.md` when modifying code.
+      You are Kilo Code, a Semantic Agent responsible for maintaining the semantic integrity of the codebase. Your primary goal is to ensure that all code entities (Modules, Classes, Functions, Components) are properly annotated with semantic anchors and tags as defined in `.ai/standards/semantics.md`.
+      Your core responsibilities are: 1.  **Semantic Mapping**: You run and maintain the `generate_semantic_map.py` script to generate up-to-date semantic maps (`semantics/semantic_map.json`, `.ai/PROJECT_MAP.md`) and compliance reports (`semantics/reports/*.md`). 2.  **Compliance Auditing**: You analyze the generated compliance reports to identify files with low semantic coverage or parsing errors. 3.  **Semantic Enrichment**: You actively edit code files to add missing semantic anchors (`[DEF:...]`, `[/DEF:...]`) and mandatory tags (`@PURPOSE`, `@LAYER`, etc.) to improve the global compliance score. 4.  **Protocol Enforcement**: You strictly adhere to the syntax and rules defined in `.ai/standards/semantics.md` when modifying code.
      You have access to the full codebase and tools to read, write, and execute scripts. You should prioritize fixing "Critical Parsing Errors" (unclosed anchors) before addressing missing metadata.
-    whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `semantic_protocol.md` standards.
+    whenToUse: Use this mode when you need to update the project's semantic map, fix semantic compliance issues (missing anchors/tags/DbC ), or analyze the codebase structure. This mode is specialized for maintaining the `.ai/standards/semantics.md` standards.
    description: Codebase semantic mapping and compliance expert
    customInstructions: Always check `semantics/reports/` for the latest compliance status before starting work. When fixing a file, try to fix all semantic issues in that file at once. After making a batch of fixes, run `python3 generate_semantic_map.py` to verify improvements.
    groups:
@@ -33,11 +47,36 @@ customModes:
    name: Product Manager
    roleDefinition: |-
      Your purpose is to rigorously execute the workflows defined in `.kilocode/workflows/`.
-      You act as the orchestrator for: - Specification (`speckit.specify`, `speckit.clarify`) - Planning (`speckit.plan`) - Task Management (`speckit.tasks`, `speckit.taskstoissues`) - Quality Assurance (`speckit.analyze`, `speckit.checklist`) - Governance (`speckit.constitution`) - Implementation Oversight (`speckit.implement`)
+      You act as the orchestrator for: - Specification (`speckit.specify`, `speckit.clarify`) - Planning (`speckit.plan`) - Task Management (`speckit.tasks`, `speckit.taskstoissues`) - Quality Assurance (`speckit.analyze`, `speckit.checklist`, `speckit.test`, `speckit.fix`) - Governance (`speckit.constitution`) - Implementation Oversight (`speckit.implement`)
      For each task, you must read the relevant workflow file from `.kilocode/workflows/` and follow its Execution Steps precisely.
    whenToUse: Use this mode when you need to run any /speckit.* command or when dealing with high-level feature planning, specification writing, or project management tasks.
    description: Executes SpecKit workflows for feature management
-    customInstructions: 1. Always read the specific workflow file in `.kilocode/workflows/` before executing a command. 2. Adhere strictly to the "Operating Constraints" and "Execution Steps" in the workflow files.
+    customInstructions: 1. Always read `.ai/ROOT.md` first to understand the Knowledge Graph structure. 2. Read the specific workflow file in `.kilocode/workflows/` before executing a command. 3. Adhere strictly to the "Operating Constraints" and "Execution Steps" in the workflow files.
+    groups:
+      - read
+      - edit
+      - command
+      - mcp
+    source: project
+  - slug: coder
+    name: Coder
+    roleDefinition: You are Kilo Code, acting as an Implementation Specialist. Your primary goal is to write code that strictly follows the Semantic Protocol defined in `.ai/standards/semantics.md`.
+    whenToUse: Use this mode when you need to implement features, write code, or fix issues based on test reports.
+    description: Implementation Specialist - Semantic Protocol Compliant
+    customInstructions: |
+      1. KNOWLEDGE GRAPH: ALWAYS read .ai/ROOT.md first to understand the project structure and navigation.
+      2. CONSTITUTION: Strictly follow architectural invariants in .ai/standards/constitution.md.
+      3. SEMANTIC PROTOCOL: ALWAYS use .ai/standards/semantics.md as your source of truth for syntax.
+      4. ANCHOR FORMAT: Use #[DEF:filename:Type] at start and #[/DEF:filename] at end.
+      3. TAGS: Add @PURPOSE, @LAYER, @TIER, @RELATION, @PRE, @POST, @UX_STATE, @UX_FEEDBACK, @UX_RECOVERY.
+      4. TIER COMPLIANCE:
+        - CRITICAL: Full contract + all UX tags + strict logging
+        - STANDARD: Basic contract + UX tags where applicable
+        - TRIVIAL: Only anchors + @PURPOSE
+      5. CODE SIZE: Keep modules under 300 lines. Refactor if exceeding.
+      6. ERROR HANDLING: Use if/raise or guards, never assert.
+      7. TEST FIXES: When fixing failing tests, preserve semantic annotations. Only update code logic.
+      8. RUN TESTS: After fixes, run tests to verify: `cd backend && .venv/bin/python3 -m pytest` or `cd frontend && npm run test`.
    groups:
      - read
      - edit
--- a/.specify/memory/constitution.md
+++ b/.specify/memory/constitution.md
@@ -1,55 +1,50 @@
-<!--
-SYNC IMPACT REPORT
-Version: 2.2.0 (ConfigManager Discipline)
-Changes:
- Updated Principle II: Added mandatory requirement for using `ConfigManager` (via dependency injection) for all configuration access to ensure consistent environment handling and avoid hardcoded values.
- Updated Principle III: Refined `requestApi` requirement.
-Templates Status:
- .specify/templates/plan-template.md: ✅ Aligned.
- .specify/templates/spec-template.md: ✅ Aligned.
- .specify/templates/tasks-template.md: ✅ Aligned.
-->
-# Semantic Code Generation Constitution
+# [PROJECT_NAME] Constitution
+<!-- Example: Spec Constitution, TaskFlow Constitution, etc. -->

 ## Core Principles

-### I. Semantic Protocol Compliance
-The file `semantic_protocol.md` is the **sole and authoritative technical standard** for this project.
- **Law**: All code must adhere to the Axioms (Meaning First, Contract First, etc.) defined in the Protocol.
- **Syntax & Structure**: Anchors (`[DEF]`), Tags (`@KEY`), and File Structures must strictly match the Protocol.
- **Compliance**: Any deviation from `semantic_protocol.md` constitutes a build failure.
+### [PRINCIPLE_1_NAME]
+<!-- Example: I. Library-First -->
+[PRINCIPLE_1_DESCRIPTION]
+<!-- Example: Every feature starts as a standalone library; Libraries must be self-contained, independently testable, documented; Clear purpose required - no organizational-only libraries -->

-### II. Everything is a Plugin & Centralized Config
-All functional extensions, tools, or major features must be implemented as modular Plugins inheriting from `PluginBase`.
- **Modularity**: Logic should not reside in standalone services or scripts unless strictly necessary for core infrastructure. This ensures a unified execution model via the `TaskManager`.
- **Configuration Discipline**: All configuration access (environments, settings, paths) MUST use the `ConfigManager`. In the backend, the singleton instance MUST be obtained via dependency injection (`get_config_manager()`). Hardcoding environment IDs (e.g., "1") or paths is STRICTLY FORBIDDEN.
+### [PRINCIPLE_2_NAME]
+<!-- Example: II. CLI Interface -->
+[PRINCIPLE_2_DESCRIPTION]
+<!-- Example: Every library exposes functionality via CLI; Text in/out protocol: stdin/args → stdout, errors → stderr; Support JSON + human-readable formats -->

-### III. Unified Frontend Experience
-To ensure a consistent and accessible user experience, all frontend implementations must strictly adhere to the unified design and localization standards.
- **Component Reusability**: All UI elements MUST utilize the standardized Svelte component library (`src/lib/ui`) and centralized design tokens.
- **Internationalization (i18n)**: All user-facing text MUST be extracted to the translation system (`src/lib/i18n`).
- **Backend Communication**: All API requests MUST use the `requestApi` wrapper (or its derivatives like `fetchApi`, `postApi`) from `src/lib/api.js`. Direct use of the native `fetch` API for backend communication is FORBIDDEN to ensure consistent authentication (JWT) and error handling.
+### [PRINCIPLE_3_NAME]
+<!-- Example: III. Test-First (NON-NEGOTIABLE) -->
+[PRINCIPLE_3_DESCRIPTION]
+<!-- Example: TDD mandatory: Tests written → User approved → Tests fail → Then implement; Red-Green-Refactor cycle strictly enforced -->

-### IV. Security & Access Control
-To support the Role-Based Access Control (RBAC) system, all functional components must define explicit permissions.
- **Granular Permissions**: Every Plugin MUST define a unique permission string (e.g., `plugin:name:execute`) required for its operation.
- **Registration**: These permissions MUST be registered in the system database (`auth.db`) during initialization.
+### [PRINCIPLE_4_NAME]
+<!-- Example: IV. Integration Testing -->
+[PRINCIPLE_4_DESCRIPTION]
+<!-- Example: Focus areas requiring integration tests: New library contract tests, Contract changes, Inter-service communication, Shared schemas -->

-### V. Independent Testability
-Every feature specification MUST define "Independent Tests" that allow the feature to be verified in isolation.
- **Decoupling**: Features should be designed such that they can be tested without requiring the full application state or external dependencies where possible.
- **Verification**: A feature is not complete until its Independent Test scenarios pass.
+### [PRINCIPLE_5_NAME]
+<!-- Example: V. Observability, VI. Versioning & Breaking Changes, VII. Simplicity -->
+[PRINCIPLE_5_DESCRIPTION]
+<!-- Example: Text I/O ensures debuggability; Structured logging required; Or: MAJOR.MINOR.BUILD format; Or: Start simple, YAGNI principles -->

-### VI. Asynchronous Execution
-All long-running or resource-intensive operations (migrations, analysis, backups, external API calls) MUST be executed as asynchronous tasks via the `TaskManager`.
- **Non-Blocking**: HTTP API endpoints MUST NOT block on these operations; they should spawn a task and return a Task ID.
- **Observability**: Tasks MUST emit real-time status updates via the WebSocket infrastructure.
+## [SECTION_2_NAME]
+<!-- Example: Additional Constraints, Security Requirements, Performance Standards, etc. -->
+
+[SECTION_2_CONTENT]
+<!-- Example: Technology stack requirements, compliance standards, deployment policies, etc. -->
+
+## [SECTION_3_NAME]
+<!-- Example: Development Workflow, Review Process, Quality Gates, etc. -->
+
+[SECTION_3_CONTENT]
+<!-- Example: Code review requirements, testing gates, deployment approval process, etc. -->

 ## Governance
-This Constitution establishes the "Semantic Code Generation Protocol" as the supreme law of this repository.
+<!-- Example: Constitution supersedes all other practices; Amendments require documentation, approval, migration plan -->

- **Authoritative Source**: `semantic_protocol.md` defines the specific implementation rules for Principle I.
- **Amendments**: Changes to core principles require a Constitution amendment. Changes to technical syntax require a Protocol update.
- **Compliance**: Failure to adhere to the Protocol constitutes a build failure.
+[GOVERNANCE_RULES]
+<!-- Example: All PRs/reviews must verify compliance; Complexity must be justified; Use [GUIDANCE_FILE] for runtime development guidance -->

-**Version**: 2.2.0 | **Ratified**: 2025-12-19 | **Last Amended**: 2026-01-29
+**Version**: [CONSTITUTION_VERSION] | **Ratified**: [RATIFICATION_DATE] | **Last Amended**: [LAST_AMENDED_DATE]
+<!-- Example: Version: 2.1.1 | Ratified: 2025-06-13 | Last Amended: 2025-07-16 -->
--- a/.specify/scripts/bash/update-agent-context.sh
+++ b/.specify/scripts/bash/update-agent-context.sh
@@ -30,12 +30,12 @@
 #
 # 5. Multi-Agent Support
 #    - Handles agent-specific file paths and naming conventions
-#    - Supports: Claude, Gemini, Copilot, Cursor, Qwen, opencode, Codex, Windsurf, Kilo Code, Auggie CLI, Roo Code, CodeBuddy CLI, Qoder CLI, Amp, SHAI, or Amazon Q Developer CLI
+#    - Supports: Claude, Gemini, Copilot, Cursor, Qwen, opencode, Codex, Windsurf, Kilo Code, Auggie CLI, Roo Code, CodeBuddy CLI, Qoder CLI, Amp, SHAI, Amazon Q Developer CLI, or Antigravity
 #    - Can update single agents or all existing agent files
 #    - Creates default Claude file if no agent files exist
 #
 # Usage: ./update-agent-context.sh [agent_type]
-# Agent types: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|shai|q|bob|qoder
+# Agent types: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|roo|codebuddy|amp|shai|q|agy|bob|qodercli
 # Leave empty to update all existing agent files

 set -e
@@ -74,6 +74,7 @@ QODER_FILE="$REPO_ROOT/QODER.md"
 AMP_FILE="$REPO_ROOT/AGENTS.md"
 SHAI_FILE="$REPO_ROOT/SHAI.md"
 Q_FILE="$REPO_ROOT/AGENTS.md"
+AGY_FILE="$REPO_ROOT/.agent/rules/specify-rules.md"
 BOB_FILE="$REPO_ROOT/AGENTS.md"

 # Template file
@@ -618,7 +619,7 @@ update_specific_agent() {
        codebuddy)
            update_agent_file "$CODEBUDDY_FILE" "CodeBuddy CLI"
            ;;
-        qoder)
+        qodercli)
            update_agent_file "$QODER_FILE" "Qoder CLI"
            ;;
        amp)
@@ -630,12 +631,18 @@ update_specific_agent() {
        q)
            update_agent_file "$Q_FILE" "Amazon Q Developer CLI"
            ;;
+        agy)
+            update_agent_file "$AGY_FILE" "Antigravity"
+            ;;
        bob)
            update_agent_file "$BOB_FILE" "IBM Bob"
            ;;
+        generic)
+            log_info "Generic agent: no predefined context file. Use the agent-specific update script for your agent."
+            ;;
        *)
            log_error "Unknown agent type '$agent_type'"
-            log_error "Expected: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|roo|amp|shai|q|bob|qoder"
+            log_error "Expected: claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|roo|codebuddy|amp|shai|q|agy|bob|qodercli|generic"
            exit 1
            ;;
    esac
@@ -714,7 +721,11 @@ update_all_existing_agents() {
        update_agent_file "$Q_FILE" "Amazon Q Developer CLI"
        found_agent=true
    fi
-    
+
+    if [[ -f "$AGY_FILE" ]]; then
+        update_agent_file "$AGY_FILE" "Antigravity"
+        found_agent=true
+    fi
    if [[ -f "$BOB_FILE" ]]; then
        update_agent_file "$BOB_FILE" "IBM Bob"
        found_agent=true
@@ -744,7 +755,7 @@ print_summary() {
    
    echo

-    log_info "Usage: $0 [claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|codebuddy|shai|q|bob|qoder]"
+    log_info "Usage: $0 [claude|gemini|copilot|cursor-agent|qwen|opencode|codex|windsurf|kilocode|auggie|roo|codebuddy|amp|shai|q|agy|bob|qodercli]"
 }

 #==============================================================================
--- a/.specify/templates/constitution-template.md
+++ b/.specify/templates/constitution-template.md
@@ -0,0 +1,50 @@
+# [PROJECT_NAME] Constitution
+<!-- Example: Spec Constitution, TaskFlow Constitution, etc. -->
+
+## Core Principles
+
+### [PRINCIPLE_1_NAME]
+<!-- Example: I. Library-First -->
+[PRINCIPLE_1_DESCRIPTION]
+<!-- Example: Every feature starts as a standalone library; Libraries must be self-contained, independently testable, documented; Clear purpose required - no organizational-only libraries -->
+
+### [PRINCIPLE_2_NAME]
+<!-- Example: II. CLI Interface -->
+[PRINCIPLE_2_DESCRIPTION]
+<!-- Example: Every library exposes functionality via CLI; Text in/out protocol: stdin/args → stdout, errors → stderr; Support JSON + human-readable formats -->
+
+### [PRINCIPLE_3_NAME]
+<!-- Example: III. Test-First (NON-NEGOTIABLE) -->
+[PRINCIPLE_3_DESCRIPTION]
+<!-- Example: TDD mandatory: Tests written → User approved → Tests fail → Then implement; Red-Green-Refactor cycle strictly enforced -->
+
+### [PRINCIPLE_4_NAME]
+<!-- Example: IV. Integration Testing -->
+[PRINCIPLE_4_DESCRIPTION]
+<!-- Example: Focus areas requiring integration tests: New library contract tests, Contract changes, Inter-service communication, Shared schemas -->
+
+### [PRINCIPLE_5_NAME]
+<!-- Example: V. Observability, VI. Versioning & Breaking Changes, VII. Simplicity -->
+[PRINCIPLE_5_DESCRIPTION]
+<!-- Example: Text I/O ensures debuggability; Structured logging required; Or: MAJOR.MINOR.BUILD format; Or: Start simple, YAGNI principles -->
+
+## [SECTION_2_NAME]
+<!-- Example: Additional Constraints, Security Requirements, Performance Standards, etc. -->
+
+[SECTION_2_CONTENT]
+<!-- Example: Technology stack requirements, compliance standards, deployment policies, etc. -->
+
+## [SECTION_3_NAME]
+<!-- Example: Development Workflow, Review Process, Quality Gates, etc. -->
+
+[SECTION_3_CONTENT]
+<!-- Example: Code review requirements, testing gates, deployment approval process, etc. -->
+
+## Governance
+<!-- Example: Constitution supersedes all other practices; Amendments require documentation, approval, migration plan -->
+
+[GOVERNANCE_RULES]
+<!-- Example: All PRs/reviews must verify compliance; Complexity must be justified; Use [GUIDANCE_FILE] for runtime development guidance -->
+
+**Version**: [CONSTITUTION_VERSION] | **Ratified**: [RATIFICATION_DATE] | **Last Amended**: [LAST_AMENDED_DATE]
+<!-- Example: Version: 2.1.1 | Ratified: 2025-06-13 | Last Amended: 2025-07-16 -->
--- a/.specify/templates/plan-template.md
+++ b/.specify/templates/plan-template.md
@@ -3,7 +3,7 @@
 **Branch**: `[###-feature-name]` | **Date**: [DATE] | **Spec**: [link]
 **Input**: Feature specification from `/specs/[###-feature-name]/spec.md`

-**Note**: This template is filled in by the `/speckit.plan` command. See `.specify/templates/commands/plan.md` for the execution workflow.
+**Note**: This template is filled in by the `/speckit.plan` command. See `.specify/templates/plan-template.md` for the execution workflow.

 ## Summary

@@ -22,7 +22,7 @@
 **Storage**: [if applicable, e.g., PostgreSQL, CoreData, files or N/A]  
 **Testing**: [e.g., pytest, XCTest, cargo test or NEEDS CLARIFICATION]  
 **Target Platform**: [e.g., Linux server, iOS 15+, WASM or NEEDS CLARIFICATION]
-**Project Type**: [single/web/mobile - determines source structure]  
+**Project Type**: [e.g., library/cli/web-service/mobile-app/compiler/desktop-app or NEEDS CLARIFICATION]  
 **Performance Goals**: [domain-specific, e.g., 1000 req/s, 10k lines/sec, 60 fps or NEEDS CLARIFICATION]  
 **Constraints**: [domain-specific, e.g., <200ms p95, <100MB memory, offline-capable or NEEDS CLARIFICATION]  
 **Scale/Scope**: [domain-specific, e.g., 10k users, 1M LOC, 50 screens or NEEDS CLARIFICATION]
--- a/.specify/templates/spec-template.md
+++ b/.specify/templates/spec-template.md
@@ -1,7 +1,6 @@
 # Feature Specification: [FEATURE NAME]

 **Feature Branch**: `[###-feature-name]`  
-**Reference UX**: `[ux_reference.md]` (See specific folder)
 **Created**: [DATE]  
 **Status**: Draft  
 **Input**: User description: "$ARGUMENTS"
--- a/.specify/templates/test-docs-template.md
+++ b/.specify/templates/test-docs-template.md
@@ -0,0 +1,152 @@
+---
+
+description: "Test documentation template for feature implementation"
+
+---
+
+# Test Documentation: [FEATURE NAME]
+
+**Feature**: [Link to spec.md]
+**Created**: [DATE]
+**Updated**: [DATE]
+**Tester**: [Agent/User Name]
+
+---
+
+## Overview
+
+[Brief description of what this feature does and why testing is important]
+
+**Test Strategy**:
+- [ ] Unit Tests (co-located in `__tests__/` directories)
+- [ ] Integration Tests (if needed)
+- [ ] E2E Tests (if critical user flows)
+- [ ] Contract Tests (for API endpoints)
+
+---
+
+## Test Coverage Matrix
+
+| Module | File | Unit Tests | Coverage % | Status |
+|--------|------|------------|------------|--------|
+| [Module Name] | `path/to/file.py` | [x] | [XX%] | [Pass/Fail] |
+| [Module Name] | `path/to/file.svelte` | [x] | [XX%] | [Pass/Fail] |
+
+---
+
+## Test Cases
+
+### [Module Name]
+
+**Target File**: `path/to/module.py`
+
+| ID | Test Case | Type | Expected Result | Status |
+|----|-----------|------|------------------|--------|
+| TC001 | [Description] | [Unit/Integration] | [Expected] | [Pass/Fail] |
+| TC002 | [Description] | [Unit/Integration] | [Expected] | [Pass/Fail] |
+
+---
+
+## Test Execution Reports
+
+### Report [YYYY-MM-DD]
+
+**Executed by**: [Tester]
+**Duration**: [X] minutes
+**Result**: [Pass/Fail]
+
+**Summary**:
+- Total Tests: [X]
+- Passed: [X]
+- Failed: [X]
+- Skipped: [X]
+
+**Failed Tests**:
+| Test | Error | Resolution |
+|------|-------|-------------|
+| [Test Name] | [Error Message] | [How Fixed] |
+
+---
+
+## Anti-Patterns & Rules
+
+### ✅ DO
+
+1. Write tests BEFORE implementation (TDD approach)
+2. Use co-location: `src/module/__tests__/test_module.py`
+3. Use MagicMock for external dependencies (DB, Auth, APIs)
+4. Include semantic annotations: `# @RELATION: VERIFIES -> module.name`
+5. Test edge cases and error conditions
+6. **Test UX states** for Svelte components (@UX_STATE, @UX_FEEDBACK, @UX_RECOVERY)
+
+### ❌ DON'T
+
+1. Delete existing tests (only update if they fail)
+2. Duplicate tests - check for existing tests first
+3. Test implementation details, not behavior
+4. Use real external services in unit tests
+5. Skip error handling tests
+6. **Skip UX contract tests** for CRITICAL frontend components
+
+---
+
+## UX Contract Testing (Frontend)
+
+### UX States Coverage
+
+| Component | @UX_STATE | @UX_FEEDBACK | @UX_RECOVERY | Tests |
+|-----------|-----------|--------------|--------------|-------|
+| [Component] | [states] | [feedback] | [recovery] | [status] |
+
+### UX Test Cases
+
+| ID | Component | UX Tag | Test Action | Expected Result | Status |
+|----|-----------|--------|-------------|-----------------|--------|
+| UX001 | [Component] | @UX_STATE: Idle | [action] | [expected] | [Pass/Fail] |
+| UX002 | [Component] | @UX_FEEDBACK | [action] | [expected] | [Pass/Fail] |
+| UX003 | [Component] | @UX_RECOVERY | [action] | [expected] | [Pass/Fail] |
+
+### UX Test Examples
+
+```javascript
+// Testing @UX_STATE transition
+it('should transition from Idle to Loading on submit', async () => {
+  render(FormComponent);
+  await fireEvent.click(screen.getByText('Submit'));
+  expect(screen.getByTestId('form')).toHaveClass('loading');
+});
+
+// Testing @UX_FEEDBACK
+it('should show error toast on validation failure', async () => {
+  render(FormComponent);
+  await fireEvent.click(screen.getByText('Submit'));
+  expect(screen.getByRole('alert')).toHaveTextContent('Validation error');
+});
+
+// Testing @UX_RECOVERY
+it('should allow retry after error', async () => {
+  render(FormComponent);
+  // Trigger error state
+  await fireEvent.click(screen.getByText('Submit'));
+  // Click retry
+  await fireEvent.click(screen.getByText('Retry'));
+  expect(screen.getByTestId('form')).not.toHaveClass('error');
+});
+```
+
+---
+
+## Notes
+
+- [Additional notes about testing approach]
+- [Known issues or limitations]
+- [Recommendations for future testing]
+
+---
+
+## Related Documents
+
+- [spec.md](./spec.md)
+- [plan.md](./plan.md)
+- [tasks.md](./tasks.md)
+- [contracts/](./contracts/)
--- a/README.md
+++ b/README.md
@@ -1,77 +1,143 @@
-# Инструменты автоматизации Superset (ss-tools)
-
-## Обзор
-**ss-tools** — это современная платформа для автоматизации и управления экосистемой Apache Superset. Проект перешел от набора CLI-скриптов к полноценному веб-приложению с архитектурой Backend (FastAPI) + Frontend (SvelteKit), обеспечивая удобный интерфейс для сложных операций.
-
-## Основные возможности
-
-### 🚀 Миграция и управление дашбордами
- **Dashboard Grid**: Удобный просмотр всех дашбордов во всех окружениях (Dev, Sandbox, Prod) в едином интерфейсе.
- **Интеллектуальный маппинг**: Автоматическое и ручное сопоставление датасетов, таблиц и схем при переносе между окружениями.
- **Проверка зависимостей**: Валидация наличия всех необходимых компонентов перед миграцией.
-
-### 📦 Резервное копирование
- **Планировщик (Scheduler)**: Автоматическое создание резервных копий дашбордов и датасетов по расписанию.
- **Хранилище**: Локальное хранение артефактов с возможностью управления через UI.
-
-### 🛠 Git Интеграция
- **Version Control**: Возможность версионирования ассетов Superset.
- **Git Dashboard**: Управление ветками, коммитами и деплоем изменений напрямую из интерфейса.
- **Conflict Resolution**: Встроенные инструменты для разрешения конфликтов в YAML-конфигурациях.
-
-### 🤖 LLM Анализ (AI Plugin)
- **Автоматический аудит**: Анализ состояния дашбордов на основе скриншотов и метаданных.
- **Генерация документации**: Автоматическое описание датасетов и колонок с помощью LLM (OpenAI, OpenRouter и др.).
- **Smart Validation**: Поиск аномалий и ошибок в визуализациях.
-
-### 🔐 Безопасность и администрирование
- **Multi-user Auth**: Многопользовательский доступ с ролевой моделью (RBAC).
- **Управление подключениями**: Централизованная настройка доступов к различным инстансам Superset.
- **Логирование**: Подробная история выполнения всех фоновых задач.
-
-## Технологический стек
- **Backend**: Python 3.9+, FastAPI, SQLAlchemy, APScheduler, Pydantic.
- **Frontend**: Node.js 18+, SvelteKit, Tailwind CSS.
- **Database**: SQLite (для хранения метаданных, задач и настроек доступа).
-
-## Структура проекта
- `backend/` — Серверная часть, API и логика плагинов.
- `frontend/` — Клиентская часть (SvelteKit приложение).
- `specs/` — Спецификации функций и планы реализации.
- `docs/` — Дополнительная документация по маппингу и разработке плагинов.
-
-## Быстрый старт
-
-### Требования
- Python 3.9+
- Node.js 18+
- Настроенный доступ к API Superset
-
-### Запуск
-Для автоматической настройки окружений и запуска обоих серверов (Backend & Frontend) используйте скрипт:
-```bash
-./run.sh
-```
-*Скрипт создаст виртуальное окружение Python, установит зависимости `pip` и `npm`, и запустит сервисы.*
-
-Опции:
- `--skip-install`: Пропустить установку зависимостей.
- `--help`: Показать справку.
-
-Переменные окружения:
- `BACKEND_PORT`: Порт API (по умолчанию 8000).
- `FRONTEND_PORT`: Порт UI (по умолчанию 5173).
-
-## Разработка
-Проект следует строгим правилам разработки:
-1. **Semantic Code Generation**: Использование протокола `semantic_protocol.md` для обеспечения надежности кода.
-2. **Design by Contract (DbC)**: Определение предусловий и постусловий для ключевых функций.
-3. **Constitution**: Соблюдение правил, описанных в конституции проекта в папке `.specify/`.
-
-### Полезные команды
- **Backend**: `cd backend && .venv/bin/python3 -m uvicorn src.app:app --reload`
- **Frontend**: `cd frontend && npm run dev`
- **Тесты**: `cd backend && .venv/bin/pytest`
-
-## Контакты и вклад
-Для добавления новых функций или исправления ошибок, пожалуйста, ознакомьтесь с `docs/plugin_dev.md` и создайте соответствующую спецификацию в `specs/`.
+# ss-tools
+
+Инструменты автоматизации для Apache Superset: миграция, маппинг, хранение артефактов, Git-интеграция, отчеты по задачам и LLM-assistant.
+
+## Возможности
+- Миграция дашбордов и датасетов между окружениями.
+- Ручной и полуавтоматический маппинг ресурсов.
+- Логи фоновых задач и отчеты о выполнении.
+- Локальное хранилище файлов и бэкапов.
+- Git-операции по Superset-ассетам через UI.
+- Модуль LLM-анализа и assistant API.
+- Многопользовательская авторизация (RBAC).
+
+## Стек
+- Backend: Python, FastAPI, SQLAlchemy, APScheduler.
+- Frontend: SvelteKit, Vite, Tailwind CSS.
+- База данных: PostgreSQL (основная конфигурация), поддержка миграции с legacy SQLite.
+
+## Структура репозитория
+- `backend/` — API, плагины, сервисы, скрипты миграции и тесты.
+- `frontend/` — SPA-интерфейс (SvelteKit).
+- `docs/` — документация по архитектуре и плагинам.
+- `specs/` — спецификации и планы реализации.
+- `docker/` и `docker-compose.yml` — контейнеризация.
+
+## Быстрый старт (локально)
+
+### Требования
+- Python 3.9+
+- Node.js 18+
+- npm
+
+### Запуск backend + frontend одним скриптом
+```bash
+./run.sh
+```
+
+Что делает `run.sh`:
+- проверяет версии Python/npm;
+- создает `backend/.venv` (если нет);
+- устанавливает `backend/requirements.txt` и `frontend` зависимости;
+- запускает backend и frontend параллельно.
+
+Опции:
+- `./run.sh --skip-install` — пропустить установку зависимостей.
+- `./run.sh --help` — показать справку.
+
+Переменные окружения для локального запуска:
+- `BACKEND_PORT` (по умолчанию `8000`)
+- `FRONTEND_PORT` (по умолчанию `5173`)
+- `POSTGRES_URL`
+- `DATABASE_URL`
+- `TASKS_DATABASE_URL`
+- `AUTH_DATABASE_URL`
+
+## Docker
+
+### Запуск
+```bash
+docker compose up --build
+```
+
+После старта сервисы доступны по адресам:
+- Frontend: `http://localhost:8000`
+- Backend API: `http://localhost:8001`
+- PostgreSQL: `localhost:5432` (`postgres/postgres`, БД `ss_tools`)
+
+### Остановка
+```bash
+docker compose down
+```
+
+### Очистка БД-тома
+```bash
+docker compose down -v
+```
+
+### Альтернативный образ PostgreSQL
+Если есть проблемы с pull `postgres:16-alpine`:
+```bash
+POSTGRES_IMAGE=mirror.gcr.io/library/postgres:16-alpine docker compose up -d db
+```
+или
+```bash
+POSTGRES_IMAGE=bitnami/postgresql:latest docker compose up -d db
+```
+
+Если порт `5432` занят:
+```bash
+POSTGRES_HOST_PORT=5433 docker compose up -d db
+```
+
+## Разработка
+
+### Ручной запуск сервисов
+```bash
+cd backend
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -r requirements.txt
+python3 -m uvicorn src.app:app --reload --port 8000
+```
+
+В другом терминале:
+```bash
+cd frontend
+npm install
+npm run dev -- --port 5173
+```
+
+### Тесты
+Backend:
+```bash
+cd backend
+source .venv/bin/activate
+pytest
+```
+
+Frontend:
+```bash
+cd frontend
+npm run test
+```
+
+## Инициализация auth (опционально)
+```bash
+cd backend
+source .venv/bin/activate
+python src/scripts/init_auth_db.py
+python src/scripts/create_admin.py --username admin --password admin
+```
+
+## Миграция legacy-данных (опционально)
+```bash
+cd backend
+source .venv/bin/activate
+PYTHONPATH=. python src/scripts/migrate_sqlite_to_postgres.py --sqlite-path tasks.db
+```
+
+## Дополнительная документация
+- `docs/plugin_dev.md`
+- `docs/settings.md`
+- `semantic_protocol.md`
--- a/backend/conftest.py
+++ b/backend/conftest.py
@@ -0,0 +1,14 @@
+# conftest.py at backend root
+# Prevents pytest collection errors caused by duplicate test module names
+# between the root tests/ directory and co-located src/<module>/__tests__/ directories.
+# Without this, pytest sees e.g. tests/test_auth.py and src/core/auth/__tests__/test_auth.py
+# and raises "import file mismatch" because both map to module name "test_auth".
+
+import os
+
+# Files in tests/ that clash with __tests__/ co-located tests
+collect_ignore = [
+    os.path.join("tests", "test_auth.py"),
+    os.path.join("tests", "test_logger.py"),
+    os.path.join("tests", "test_models.py"),
+]
--- a/backend/git_repos/12
+++ b/backend/git_repos/12
--- a/backend/logs/app.log.1
+++ b/backend/logs/app.log.1
--- a/backend/mappings.db
+++ b/backend/mappings.db
--- a/backend/pyproject.toml
+++ b/backend/pyproject.toml
@@ -0,0 +1,3 @@
+[tool.pytest.ini_options]
+pythonpath = ["."]
+importmode = "importlib"
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -53,4 +53,5 @@ itsdangerous
 email-validator
 openai
 playwright
-tenacity
+tenacity
+Pillow
--- a/backend/src/api/routes/init.py
+++ b/backend/src/api/routes/init.py
@@ -1,3 +1,23 @@
-from . import plugins, tasks, settings, connections, environments, mappings, migration, git, storage, admin
-
-__all__ = ['plugins', 'tasks', 'settings', 'connections', 'environments', 'mappings', 'migration', 'git', 'storage', 'admin']
+# [DEF:backend.src.api.routes.__init__:Module]
+# @TIER: STANDARD
+# @SEMANTICS: routes, lazy-import, module-registry
+# @PURPOSE: Provide lazy route module loading to avoid heavyweight imports during tests.
+# @LAYER: API
+# @RELATION: DEPENDS_ON -> importlib
+# @INVARIANT: Only names listed in __all__ are importable via __getattr__.
+
+__all__ = ['plugins', 'tasks', 'settings', 'connections', 'environments', 'mappings', 'migration', 'git', 'storage', 'admin', 'reports', 'assistant']
+
+
+# [DEF:__getattr__:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Lazily import route module by attribute name.
+# @PRE: name is module candidate exposed in __all__.
+# @POST: Returns imported submodule or raises AttributeError.
+def __getattr__(name):
+    if name in __all__:
+        import importlib
+        return importlib.import_module(f".{name}", __name__)
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+# [/DEF:__getattr__:Function]
+# [/DEF:backend.src.api.routes.__init__:Module]
--- a/backend/src/api/routes/tests/test_assistant_api.py
+++ b/backend/src/api/routes/tests/test_assistant_api.py
@@ -0,0 +1,697 @@
+# [DEF:backend.src.api.routes.__tests__.test_assistant_api:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, assistant, api, confirmation, status
+# @PURPOSE: Validate assistant API endpoint logic via direct async handler invocation.
+# @LAYER: UI (API Tests)
+# @RELATION: DEPENDS_ON -> backend.src.api.routes.assistant
+# @INVARIANT: Every test clears assistant in-memory state before execution.
+
+import os
+import asyncio
+from types import SimpleNamespace
+from datetime import datetime, timedelta
+import pytest
+
+# Force isolated sqlite databases for test module before dependencies import.
+os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_api.db")
+os.environ.setdefault("TASKS_DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_tasks.db")
+os.environ.setdefault("AUTH_DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_auth.db")
+
+from src.api.routes import assistant as assistant_module
+from src.models.assistant import (
+    AssistantAuditRecord,
+    AssistantConfirmationRecord,
+    AssistantMessageRecord,
+)
+
+
+# [DEF:_run_async:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Execute async endpoint handler in synchronous test context.
+# @PRE: coroutine is awaitable endpoint invocation.
+# @POST: Returns coroutine result or raises propagated exception.
+def _run_async(coroutine):
+    return asyncio.run(coroutine)
+
+
+# [/DEF:_run_async:Function]
+# [DEF:_FakeTask:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Lightweight task stub used by assistant API tests.
+class _FakeTask:
+    def __init__(self, task_id: str, status: str = "RUNNING", user_id: str = "u-admin"):
+        self.id = task_id
+        self.status = status
+        self.user_id = user_id
+
+
+# [/DEF:_FakeTask:Class]
+# [DEF:_FakeTaskManager:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Minimal async-compatible TaskManager fixture for deterministic test flows.
+class _FakeTaskManager:
+    def __init__(self):
+        self._created = []
+
+    async def create_task(self, plugin_id, params, user_id=None):
+        task_id = f"task-{len(self._created) + 1}"
+        task = _FakeTask(task_id=task_id, status="RUNNING", user_id=user_id)
+        self._created.append((plugin_id, params, user_id, task))
+        return task
+
+    def get_task(self, task_id):
+        for _, _, _, task in self._created:
+            if task.id == task_id:
+                return task
+        return None
+
+    def get_tasks(self, limit=20, offset=0):
+        return [x[3] for x in self._created][offset : offset + limit]
+
+
+# [/DEF:_FakeTaskManager:Class]
+# [DEF:_FakeConfigManager:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Environment config fixture with dev/prod aliases for parser tests.
+class _FakeConfigManager:
+    def get_environments(self):
+        return [
+            SimpleNamespace(id="dev", name="Development", url="http://dev", credentials_id="dev", username="fakeuser", password="fakepassword"),
+            SimpleNamespace(id="prod", name="Production", url="http://prod", credentials_id="prod", username="fakeuser", password="fakepassword"),
+        ]
+
+    def get_config(self):
+        return SimpleNamespace(
+            settings=SimpleNamespace(migration_sync_cron="0 0 * * *"),
+            environments=self.get_environments()
+        )
+# [/DEF:_FakeConfigManager:Class]
+# [DEF:_admin_user:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Build admin principal fixture.
+# @PRE: Test harness requires authenticated admin-like principal object.
+# @POST: Returns user stub with Admin role.
+def _admin_user():
+    role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(id="u-admin", username="admin", roles=[role])
+
+
+# [/DEF:_admin_user:Function]
+# [DEF:_limited_user:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Build non-admin principal fixture.
+# @PRE: Test harness requires restricted principal for deny scenarios.
+# @POST: Returns user stub without admin privileges.
+def _limited_user():
+    role = SimpleNamespace(name="Operator", permissions=[])
+    return SimpleNamespace(id="u-limited", username="limited", roles=[role])
+
+
+# [/DEF:_limited_user:Function]
+# [DEF:_FakeQuery:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Minimal chainable query object for fake SQLAlchemy-like DB behavior in tests.
+class _FakeQuery:
+    def __init__(self, rows):
+        self._rows = list(rows)
+
+    def filter(self, *args, **kwargs):
+        return self
+
+    def order_by(self, *args, **kwargs):
+        return self
+
+    def first(self):
+        return self._rows[0] if self._rows else None
+
+    def all(self):
+        return list(self._rows)
+
+    def count(self):
+        return len(self._rows)
+
+    def offset(self, offset):
+        self._rows = self._rows[offset:]
+        return self
+
+    def limit(self, limit):
+        self._rows = self._rows[:limit]
+        return self
+
+
+# [/DEF:_FakeQuery:Class]
+# [DEF:_FakeDb:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: In-memory fake database implementing subset of Session interface used by assistant routes.
+class _FakeDb:
+    def __init__(self):
+        self._messages = []
+        self._confirmations = []
+        self._audit = []
+
+    def add(self, row):
+        table = getattr(row, "__tablename__", "")
+        if table == "assistant_messages":
+            self._messages.append(row)
+            return
+        if table == "assistant_confirmations":
+            self._confirmations.append(row)
+            return
+        if table == "assistant_audit":
+            self._audit.append(row)
+
+    def merge(self, row):
+        table = getattr(row, "__tablename__", "")
+        if table != "assistant_confirmations":
+            self.add(row)
+            return row
+
+        for i, existing in enumerate(self._confirmations):
+            if getattr(existing, "id", None) == getattr(row, "id", None):
+                self._confirmations[i] = row
+                return row
+        self._confirmations.append(row)
+        return row
+
+    def query(self, model):
+        if model is AssistantMessageRecord:
+            return _FakeQuery(self._messages)
+        if model is AssistantConfirmationRecord:
+            return _FakeQuery(self._confirmations)
+        if model is AssistantAuditRecord:
+            return _FakeQuery(self._audit)
+        return _FakeQuery([])
+
+    def commit(self):
+        return None
+
+    def rollback(self):
+        return None
+
+
+# [/DEF:_FakeDb:Class]
+# [DEF:_clear_assistant_state:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Reset in-memory assistant registries for isolation between tests.
+# @PRE: Assistant module globals may contain residues from previous test runs.
+# @POST: In-memory conversation/confirmation/audit dictionaries are empty.
+def _clear_assistant_state():
+    assistant_module.CONVERSATIONS.clear()
+    assistant_module.USER_ACTIVE_CONVERSATION.clear()
+    assistant_module.CONFIRMATIONS.clear()
+    assistant_module.ASSISTANT_AUDIT.clear()
+
+
+# [/DEF:_clear_assistant_state:Function]
+# [DEF:test_unknown_command_returns_needs_clarification:Function]
+# @PURPOSE: Unknown command should return clarification state and unknown intent.
+# @PRE: Fake dependencies provide admin user and deterministic task/config/db services.
+# @POST: Response state is needs_clarification and no execution side-effect occurs.
+def test_unknown_command_returns_needs_clarification():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(message="сделай что-нибудь"),
+            current_user=_admin_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+    assert response.state == "needs_clarification"
+    assert response.intent["domain"] == "unknown"
+
+
+# [/DEF:test_unknown_command_returns_needs_clarification:Function]
+
+
+# [DEF:test_capabilities_question_returns_successful_help:Function]
+# @PURPOSE: Capability query should return deterministic help response, not clarification.
+# @PRE: User sends natural-language "what can you do" style query.
+# @POST: Response is successful and includes capabilities summary.
+def test_capabilities_question_returns_successful_help():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(message="Что ты умеешь?"),
+            current_user=_admin_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+    assert response.state == "success"
+    assert "Вот что я могу сделать" in response.text
+    assert "Миграции" in response.text or "Git" in response.text
+
+
+# [/DEF:test_capabilities_question_returns_successful_help:Function]
+# [DEF:test_non_admin_command_returns_denied:Function]
+# @PURPOSE: Non-admin user must receive denied state for privileged command.
+# @PRE: Limited principal executes privileged git branch command.
+# @POST: Response state is denied and operation is not executed.
+def test_non_admin_command_returns_denied():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="создай ветку feature/test для дашборда 12"
+            ),
+            current_user=_limited_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+    assert response.state == "denied"
+
+
+# [/DEF:test_non_admin_command_returns_denied:Function]
+# [DEF:test_migration_to_prod_requires_confirmation_and_can_be_confirmed:Function]
+# @PURPOSE: Migration to prod must require confirmation and then start task after explicit confirm.
+# @PRE: Admin principal submits dangerous migration command.
+# @POST: Confirmation endpoint transitions flow to started state with task id.
+def test_migration_to_prod_requires_confirmation_and_can_be_confirmed():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    first = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на prod для дашборда 12"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert first.state == "needs_confirmation"
+    assert first.confirmation_id
+
+    second = _run_async(
+        assistant_module.confirm_operation(
+            confirmation_id=first.confirmation_id,
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert second.state == "started"
+    assert second.task_id.startswith("task-")
+
+
+# [/DEF:test_migration_to_prod_requires_confirmation_and_can_be_confirmed:Function]
+# [DEF:test_status_query_returns_task_status:Function]
+# @PURPOSE: Task status command must surface current status text for existing task id.
+# @PRE: At least one task exists after confirmed operation.
+# @POST: Status query returns started/success and includes referenced task id.
+def test_status_query_returns_task_status():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    start = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на prod для дашборда 10"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    confirm = _run_async(
+        assistant_module.confirm_operation(
+            confirmation_id=start.confirmation_id,
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    task_id = confirm.task_id
+
+    status_resp = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message=f"проверь статус задачи {task_id}"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert status_resp.state in {"started", "success"}
+    assert task_id in status_resp.text
+
+
+# [/DEF:test_status_query_returns_task_status:Function]
+# [DEF:test_status_query_without_task_id_returns_latest_user_task:Function]
+# @PURPOSE: Status command without explicit task_id should resolve to latest task for current user.
+# @PRE: User has at least one created task in task manager history.
+# @POST: Response references latest task status without explicit task id in command.
+def test_status_query_without_task_id_returns_latest_user_task():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    start = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на prod для дашборда 33"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    _run_async(
+        assistant_module.confirm_operation(
+            confirmation_id=start.confirmation_id,
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+
+    status_resp = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="покажи статус последней задачи"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert status_resp.state in {"started", "success"}
+    assert "Последняя задача:" in status_resp.text
+
+
+# [/DEF:test_status_query_without_task_id_returns_latest_user_task:Function]
+# [DEF:test_llm_validation_with_dashboard_ref_requires_confirmation:Function]
+# @PURPOSE: LLM validation with dashboard_ref should now require confirmation before dispatch.
+# @PRE: User sends natural-language validation request with dashboard name (not numeric id).
+# @POST: Response state is needs_confirmation since all state-changing operations are now gated.
+def test_llm_validation_with_dashboard_ref_requires_confirmation():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="Я хочу сделать валидацию дашборда test1"
+            ),
+            current_user=_admin_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+
+    assert response.state == "needs_confirmation"
+    assert response.confirmation_id is not None
+    action_types = {a.type for a in response.actions}
+    assert "confirm" in action_types
+    assert "cancel" in action_types
+
+
+# [/DEF:test_llm_validation_missing_dashboard_returns_needs_clarification:Function]
+
+
+# [DEF:test_list_conversations_groups_by_conversation_and_marks_archived:Function]
+# @PURPOSE: Conversations endpoint must group messages and compute archived marker by inactivity threshold.
+# @PRE: Fake DB contains two conversations with different update timestamps.
+# @POST: Response includes both conversations with archived flag set for stale one.
+def test_list_conversations_groups_by_conversation_and_marks_archived():
+    _clear_assistant_state()
+    db = _FakeDb()
+    now = datetime.utcnow()
+
+    db.add(
+        AssistantMessageRecord(
+            id="m-1",
+            user_id="u-admin",
+            conversation_id="conv-active",
+            role="user",
+            text="active chat",
+            created_at=now,
+        )
+    )
+    db.add(
+        AssistantMessageRecord(
+            id="m-2",
+            user_id="u-admin",
+            conversation_id="conv-old",
+            role="user",
+            text="old chat",
+            created_at=now - timedelta(days=32), # Hardcoded threshold+2
+        )
+    )
+
+    result = _run_async(
+        assistant_module.list_conversations(
+            page=1,
+            page_size=20,
+            include_archived=True,
+            search=None,
+            current_user=_admin_user(),
+            db=db,
+        )
+    )
+
+    assert result["total"] == 2
+    by_id = {item["conversation_id"]: item for item in result["items"]}
+    assert by_id["conv-active"]["archived"] is False
+    assert by_id["conv-old"]["archived"] is True
+
+
+# [/DEF:test_list_conversations_groups_by_conversation_and_marks_archived:Function]
+
+
+# [DEF:test_history_from_latest_returns_recent_page_first:Function]
+# @PURPOSE: History endpoint from_latest mode must return newest page while preserving chronological order in chunk.
+# @PRE: Conversation has more messages than single page size.
+# @POST: First page returns latest messages and has_next indicates older pages exist.
+def test_history_from_latest_returns_recent_page_first():
+    _clear_assistant_state()
+    db = _FakeDb()
+    base_time = datetime.utcnow() - timedelta(minutes=10)
+    conv_id = "conv-paginated"
+    for i in range(4, -1, -1):
+        db.add(
+            AssistantMessageRecord(
+                id=f"msg-{i}",
+                user_id="u-admin",
+                conversation_id=conv_id,
+                role="user" if i % 2 == 0 else "assistant",
+                text=f"message-{i}",
+                created_at=base_time + timedelta(minutes=i),
+            )
+        )
+
+    result = _run_async(
+        assistant_module.get_history(
+            page=1,
+            page_size=2,
+            conversation_id=conv_id,
+            from_latest=True,
+            current_user=_admin_user(),
+            db=db,
+        )
+    )
+
+    assert result["from_latest"] is True
+    assert result["has_next"] is True
+    # Chunk is chronological while representing latest page.
+    assert [item["text"] for item in result["items"]] == ["message-3", "message-4"]
+
+
+# [/DEF:test_history_from_latest_returns_recent_page_first:Function]
+
+
+# [DEF:test_list_conversations_archived_only_filters_active:Function]
+# @PURPOSE: archived_only mode must return only archived conversations.
+# @PRE: Dataset includes one active and one archived conversation.
+# @POST: Only archived conversation remains in response payload.
+def test_list_conversations_archived_only_filters_active():
+    _clear_assistant_state()
+    db = _FakeDb()
+    now = datetime.utcnow()
+    db.add(
+        AssistantMessageRecord(
+            id="m-active",
+            user_id="u-admin",
+            conversation_id="conv-active-2",
+            role="user",
+            text="active",
+            created_at=now,
+        )
+    )
+    db.add(
+        AssistantMessageRecord(
+            id="m-archived",
+            user_id="u-admin",
+            conversation_id="conv-archived-2",
+            role="user",
+            text="archived",
+            created_at=now - timedelta(days=33), # Hardcoded threshold+3
+        )
+    )
+
+    result = _run_async(
+        assistant_module.list_conversations(
+            page=1,
+            page_size=20,
+            include_archived=True,
+            archived_only=True,
+            search=None,
+            current_user=_admin_user(),
+            db=db,
+        )
+    )
+
+    assert result["total"] == 1
+    assert result["items"][0]["conversation_id"] == "conv-archived-2"
+    assert result["items"][0]["archived"] is True
+
+
+# [/DEF:test_list_conversations_archived_only_filters_active:Function]
+
+
+# [DEF:test_guarded_operation_always_requires_confirmation:Function]
+# @PURPOSE: Non-dangerous (guarded) commands must still require confirmation before execution.
+# @PRE: Admin user sends a backup command that was previously auto-executed.
+# @POST: Response state is needs_confirmation with confirm and cancel actions.
+def test_guarded_operation_always_requires_confirmation():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="сделай бэкап окружения dev"
+            ),
+            current_user=_admin_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+    assert response.state == "needs_confirmation"
+    assert response.confirmation_id is not None
+    action_types = {a.type for a in response.actions}
+    assert "confirm" in action_types
+    assert "cancel" in action_types
+    assert "Выполнить" in response.text or "Подтвердите" in response.text
+
+
+# [/DEF:test_guarded_operation_always_requires_confirmation:Function]
+
+
+# [DEF:test_guarded_operation_confirm_roundtrip:Function]
+# @PURPOSE: Guarded operation must execute successfully after explicit confirmation.
+# @PRE: Admin user sends a non-dangerous migration command (dev → dev).
+# @POST: After confirmation, response transitions to started/success with task_id.
+def test_guarded_operation_confirm_roundtrip():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    first = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на dev для дашборда 5"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert first.state == "needs_confirmation"
+    assert first.confirmation_id
+
+    second = _run_async(
+        assistant_module.confirm_operation(
+            confirmation_id=first.confirmation_id,
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert second.state == "started"
+    assert second.task_id is not None
+
+
+# [DEF:test_confirm_nonexistent_id_returns_404:Function]
+# @PURPOSE: Confirming a non-existent ID should raise 404.
+# @PRE: user tries to confirm a random/fake UUID.
+# @POST: FastAPI HTTPException with status 404.
+def test_confirm_nonexistent_id_returns_404():
+    from fastapi import HTTPException
+    _clear_assistant_state()
+    with pytest.raises(HTTPException) as exc:
+        _run_async(
+            assistant_module.confirm_operation(
+                confirmation_id="non-existent-id",
+                current_user=_admin_user(),
+                task_manager=_FakeTaskManager(),
+                config_manager=_FakeConfigManager(),
+                db=_FakeDb(),
+            )
+        )
+    assert exc.value.status_code == 404
+
+
+# [DEF:test_migration_with_dry_run_includes_summary:Function]
+# @PURPOSE: Migration command with dry run flag must return the dry run summary in confirmation text.
+# @PRE: user specifies a migration with --dry-run flag.
+# @POST: Response state is needs_confirmation and text contains dry-run summary counts.
+def test_migration_with_dry_run_includes_summary(monkeypatch):
+    import src.core.migration.dry_run_orchestrator as dry_run_module
+    from unittest.mock import MagicMock
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    class _FakeDryRunService:
+        def run(self, selection, source_client, target_client, db_session):
+            return {
+                "summary": {
+                    "dashboards": {"create": 1, "update": 0, "delete": 0},
+                    "charts": {"create": 3, "update": 2, "delete": 1},
+                    "datasets": {"create": 0, "update": 1, "delete": 0}
+                }
+            }
+            
+    monkeypatch.setattr(dry_run_module, "MigrationDryRunService", _FakeDryRunService)
+    
+    import src.core.superset_client as superset_client_module
+    monkeypatch.setattr(superset_client_module, "SupersetClient", lambda env: MagicMock())
+
+    start = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="миграция с dev на prod для дашборда 10 --dry-run"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+
+    assert start.state == "needs_confirmation"
+    assert "отчет dry-run: ВКЛ" in start.text
+    assert "Отчет dry-run:" in start.text
+    assert "создано новых объектов: 4" in start.text
+    assert "обновлено: 3" in start.text
+    assert "удалено: 1" in start.text
+# [/DEF:test_migration_with_dry_run_includes_summary:Function]
+# [/DEF:backend.src.api.routes.__tests__.test_assistant_api:Module]
--- a/backend/src/api/routes/tests/test_assistant_authz.py
+++ b/backend/src/api/routes/tests/test_assistant_authz.py
@@ -0,0 +1,306 @@
+# [DEF:backend.src.api.routes.__tests__.test_assistant_authz:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, assistant, authz, confirmation, rbac
+# @PURPOSE: Verify assistant confirmation ownership, expiration, and deny behavior for restricted users.
+# @LAYER: UI (API Tests)
+# @RELATION: DEPENDS_ON -> backend.src.api.routes.assistant
+# @INVARIANT: Security-sensitive flows fail closed for unauthorized actors.
+
+import os
+import asyncio
+from datetime import datetime, timedelta
+from types import SimpleNamespace
+
+import pytest
+from fastapi import HTTPException
+
+# Force isolated sqlite databases for test module before dependencies import.
+os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_authz.db")
+os.environ.setdefault("TASKS_DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_authz_tasks.db")
+os.environ.setdefault("AUTH_DATABASE_URL", "sqlite:////tmp/ss_tools_assistant_authz_auth.db")
+
+from src.api.routes import assistant as assistant_module
+from src.models.assistant import (
+    AssistantAuditRecord,
+    AssistantConfirmationRecord,
+    AssistantMessageRecord,
+)
+
+
+# [DEF:_run_async:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Execute async endpoint handler in synchronous test context.
+# @PRE: coroutine is awaitable endpoint invocation.
+# @POST: Returns coroutine result or raises propagated exception.
+def _run_async(coroutine):
+    return asyncio.run(coroutine)
+
+
+# [/DEF:_run_async:Function]
+# [DEF:_FakeTask:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Lightweight task model used for assistant authz tests.
+class _FakeTask:
+    def __init__(self, task_id: str, status: str = "RUNNING", user_id: str = "u-admin"):
+        self.id = task_id
+        self.status = status
+        self.user_id = user_id
+
+
+# [/DEF:_FakeTask:Class]
+# [DEF:_FakeTaskManager:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Minimal task manager for deterministic operation creation and lookup.
+class _FakeTaskManager:
+    def __init__(self):
+        self._created = []
+
+    async def create_task(self, plugin_id, params, user_id=None):
+        task_id = f"task-{len(self._created) + 1}"
+        task = _FakeTask(task_id=task_id, status="RUNNING", user_id=user_id)
+        self._created.append((plugin_id, params, user_id, task))
+        return task
+
+    def get_task(self, task_id):
+        for _, _, _, task in self._created:
+            if task.id == task_id:
+                return task
+        return None
+
+    def get_tasks(self, limit=20, offset=0):
+        return [x[3] for x in self._created][offset : offset + limit]
+
+
+# [/DEF:_FakeTaskManager:Class]
+# [DEF:_FakeConfigManager:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Provide deterministic environment aliases required by intent parsing.
+class _FakeConfigManager:
+    def get_environments(self):
+        return [
+            SimpleNamespace(id="dev", name="Development"),
+            SimpleNamespace(id="prod", name="Production"),
+        ]
+
+
+# [/DEF:_FakeConfigManager:Class]
+# [DEF:_admin_user:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Build admin principal fixture.
+# @PRE: Test requires privileged principal for risky operations.
+# @POST: Returns admin-like user stub with Admin role.
+def _admin_user():
+    role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(id="u-admin", username="admin", roles=[role])
+
+
+# [/DEF:_admin_user:Function]
+# [DEF:_other_admin_user:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Build second admin principal fixture for ownership tests.
+# @PRE: Ownership mismatch scenario needs distinct authenticated actor.
+# @POST: Returns alternate admin-like user stub.
+def _other_admin_user():
+    role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(id="u-admin-2", username="admin2", roles=[role])
+
+
+# [/DEF:_other_admin_user:Function]
+# [DEF:_limited_user:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Build limited principal without required assistant execution privileges.
+# @PRE: Permission denial scenario needs non-admin actor.
+# @POST: Returns restricted user stub.
+def _limited_user():
+    role = SimpleNamespace(name="Operator", permissions=[])
+    return SimpleNamespace(id="u-limited", username="limited", roles=[role])
+
+
+# [/DEF:_limited_user:Function]
+# [DEF:_FakeQuery:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: Minimal chainable query object for fake DB interactions.
+class _FakeQuery:
+    def __init__(self, rows):
+        self._rows = list(rows)
+
+    def filter(self, *args, **kwargs):
+        return self
+
+    def order_by(self, *args, **kwargs):
+        return self
+
+    def first(self):
+        return self._rows[0] if self._rows else None
+
+    def all(self):
+        return list(self._rows)
+
+    def limit(self, limit):
+        self._rows = self._rows[:limit]
+        return self
+
+    def offset(self, offset):
+        self._rows = self._rows[offset:]
+        return self
+
+    def count(self):
+        return len(self._rows)
+
+
+# [/DEF:_FakeQuery:Class]
+# [DEF:_FakeDb:Class]
+# @TIER: TRIVIAL
+# @PURPOSE: In-memory session substitute for assistant route persistence calls.
+class _FakeDb:
+    def __init__(self):
+        self._messages = []
+        self._confirmations = []
+        self._audit = []
+
+    def add(self, row):
+        table = getattr(row, "__tablename__", "")
+        if table == "assistant_messages":
+            self._messages.append(row)
+        elif table == "assistant_confirmations":
+            self._confirmations.append(row)
+        elif table == "assistant_audit":
+            self._audit.append(row)
+
+    def merge(self, row):
+        if getattr(row, "__tablename__", "") != "assistant_confirmations":
+            self.add(row)
+            return row
+
+        for i, existing in enumerate(self._confirmations):
+            if getattr(existing, "id", None) == getattr(row, "id", None):
+                self._confirmations[i] = row
+                return row
+        self._confirmations.append(row)
+        return row
+
+    def query(self, model):
+        if model is AssistantMessageRecord:
+            return _FakeQuery(self._messages)
+        if model is AssistantConfirmationRecord:
+            return _FakeQuery(self._confirmations)
+        if model is AssistantAuditRecord:
+            return _FakeQuery(self._audit)
+        return _FakeQuery([])
+
+    def commit(self):
+        return None
+
+    def rollback(self):
+        return None
+
+
+# [/DEF:_FakeDb:Class]
+# [DEF:_clear_assistant_state:Function]
+# @TIER: TRIVIAL
+# @PURPOSE: Reset assistant process-local state between test cases.
+# @PRE: Assistant globals may contain state from prior tests.
+# @POST: Assistant in-memory state dictionaries are cleared.
+def _clear_assistant_state():
+    assistant_module.CONVERSATIONS.clear()
+    assistant_module.USER_ACTIVE_CONVERSATION.clear()
+    assistant_module.CONFIRMATIONS.clear()
+    assistant_module.ASSISTANT_AUDIT.clear()
+
+
+# [/DEF:_clear_assistant_state:Function]
+# [DEF:test_confirmation_owner_mismatch_returns_403:Function]
+# @PURPOSE: Confirm endpoint should reject requests from user that does not own the confirmation token.
+# @PRE: Confirmation token is created by first admin actor.
+# @POST: Second actor receives 403 on confirm operation.
+def test_confirmation_owner_mismatch_returns_403():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    create = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на prod для дашборда 18"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assert create.state == "needs_confirmation"
+
+    with pytest.raises(HTTPException) as exc:
+        _run_async(
+            assistant_module.confirm_operation(
+                confirmation_id=create.confirmation_id,
+                current_user=_other_admin_user(),
+                task_manager=task_manager,
+                config_manager=_FakeConfigManager(),
+                db=db,
+            )
+        )
+    assert exc.value.status_code == 403
+
+
+# [/DEF:test_confirmation_owner_mismatch_returns_403:Function]
+# [DEF:test_expired_confirmation_cannot_be_confirmed:Function]
+# @PURPOSE: Expired confirmation token should be rejected and not create task.
+# @PRE: Confirmation token exists and is manually expired before confirm request.
+# @POST: Confirm endpoint raises 400 and no task is created.
+def test_expired_confirmation_cannot_be_confirmed():
+    _clear_assistant_state()
+    task_manager = _FakeTaskManager()
+    db = _FakeDb()
+
+    create = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="запусти миграцию с dev на prod для дашборда 19"
+            ),
+            current_user=_admin_user(),
+            task_manager=task_manager,
+            config_manager=_FakeConfigManager(),
+            db=db,
+        )
+    )
+    assistant_module.CONFIRMATIONS[create.confirmation_id].expires_at = datetime.utcnow() - timedelta(minutes=1)
+
+    with pytest.raises(HTTPException) as exc:
+        _run_async(
+            assistant_module.confirm_operation(
+                confirmation_id=create.confirmation_id,
+                current_user=_admin_user(),
+                task_manager=task_manager,
+                config_manager=_FakeConfigManager(),
+                db=db,
+            )
+        )
+    assert exc.value.status_code == 400
+    assert task_manager.get_tasks(limit=10, offset=0) == []
+
+
+# [/DEF:test_expired_confirmation_cannot_be_confirmed:Function]
+# [DEF:test_limited_user_cannot_launch_restricted_operation:Function]
+# @PURPOSE: Limited user should receive denied state for privileged operation.
+# @PRE: Restricted user attempts dangerous deploy command.
+# @POST: Assistant returns denied state and does not execute operation.
+def test_limited_user_cannot_launch_restricted_operation():
+    _clear_assistant_state()
+    response = _run_async(
+        assistant_module.send_message(
+            request=assistant_module.AssistantMessageRequest(
+                message="задеплой дашборд 88 в production"
+            ),
+            current_user=_limited_user(),
+            task_manager=_FakeTaskManager(),
+            config_manager=_FakeConfigManager(),
+            db=_FakeDb(),
+        )
+    )
+    assert response.state == "denied"
+
+
+# [/DEF:test_limited_user_cannot_launch_restricted_operation:Function]
+# [/DEF:backend.src.api.routes.__tests__.test_assistant_authz:Module]
--- a/backend/src/api/routes/tests/test_dashboards.py
+++ b/backend/src/api/routes/tests/test_dashboards.py
@@ -0,0 +1,498 @@
+# [DEF:backend.src.api.routes.__tests__.test_dashboards:Module]
+# @TIER: STANDARD
+# @PURPOSE: Unit tests for Dashboards API endpoints
+# @LAYER: API
+# @RELATION: TESTS -> backend.src.api.routes.dashboards
+
+import pytest
+from unittest.mock import MagicMock, patch, AsyncMock
+from datetime import datetime, timezone
+from fastapi.testclient import TestClient
+from src.app import app
+from src.api.routes.dashboards import DashboardsResponse
+from src.dependencies import get_current_user, has_permission, get_config_manager, get_task_manager, get_resource_service, get_mapping_service
+
+# Global mock user for get_current_user dependency overrides
+mock_user = MagicMock()
+mock_user.username = "testuser"
+mock_user.roles = []
+admin_role = MagicMock()
+admin_role.name = "Admin"
+mock_user.roles.append(admin_role)
+
+@pytest.fixture(autouse=True)
+def mock_deps():
+    config_manager = MagicMock()
+    task_manager = MagicMock()
+    resource_service = MagicMock()
+    mapping_service = MagicMock()
+    
+    app.dependency_overrides[get_config_manager] = lambda: config_manager
+    app.dependency_overrides[get_task_manager] = lambda: task_manager
+    app.dependency_overrides[get_resource_service] = lambda: resource_service
+    app.dependency_overrides[get_mapping_service] = lambda: mapping_service
+    app.dependency_overrides[get_current_user] = lambda: mock_user
+    
+    app.dependency_overrides[has_permission("plugin:migration", "READ")] = lambda: mock_user
+    app.dependency_overrides[has_permission("plugin:migration", "EXECUTE")] = lambda: mock_user
+    app.dependency_overrides[has_permission("plugin:backup", "EXECUTE")] = lambda: mock_user
+    app.dependency_overrides[has_permission("tasks", "READ")] = lambda: mock_user
+    
+    yield {
+        "config": config_manager,
+        "task": task_manager,
+        "resource": resource_service,
+        "mapping": mapping_service
+    }
+    app.dependency_overrides.clear()
+
+client = TestClient(app)
+
+
+# [DEF:test_get_dashboards_success:Function]
+# @TEST: GET /api/dashboards returns 200 and valid schema
+# @PRE: env_id exists
+# @POST: Response matches DashboardsResponse schema
+def test_get_dashboards_success(mock_deps):
+    """Uses @TEST_FIXTURE: dashboard_list_happy data."""
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    mock_deps["task"].get_all_tasks.return_value = []
+
+    # @TEST_FIXTURE: dashboard_list_happy -> {"id": 1, "title": "Main Revenue"}
+    mock_deps["resource"].get_dashboards_with_status = AsyncMock(return_value=[
+        {
+            "id": 1,
+            "title": "Main Revenue",
+            "slug": "main-revenue",
+            "git_status": {"branch": "main", "sync_status": "OK"},
+            "last_task": {"task_id": "task-1", "status": "SUCCESS"}
+        }
+    ])
+
+    response = client.get("/api/dashboards?env_id=prod")
+
+    assert response.status_code == 200
+    data = response.json()
+    # exhaustive @POST assertions
+    assert "dashboards" in data
+    assert len(data["dashboards"]) == 1
+    assert data["dashboards"][0]["title"] == "Main Revenue"
+    assert data["total"] == 1
+    assert "page" in data
+    DashboardsResponse(**data)
+
+
+# [/DEF:test_get_dashboards_success:Function]
+
+
+# [DEF:test_get_dashboards_with_search:Function]
+# @TEST: GET /api/dashboards filters by search term
+# @PRE: search parameter provided
+# @POST: Only matching dashboards returned
+def test_get_dashboards_with_search(mock_deps):
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    mock_deps["task"].get_all_tasks.return_value = []
+
+    async def mock_get_dashboards(env, tasks):
+        return [
+            {"id": 1, "title": "Sales Report", "slug": "sales"},
+            {"id": 2, "title": "Marketing Dashboard", "slug": "marketing"}
+        ]
+    mock_deps["resource"].get_dashboards_with_status = AsyncMock(
+        side_effect=mock_get_dashboards
+    )
+
+    response = client.get("/api/dashboards?env_id=prod&search=sales")
+
+    assert response.status_code == 200
+    data = response.json()
+    # @POST: Filtered result count must match search
+    assert len(data["dashboards"]) == 1
+    assert data["dashboards"][0]["title"] == "Sales Report"
+
+
+# [/DEF:test_get_dashboards_with_search:Function]
+
+
+# [DEF:test_get_dashboards_empty:Function]
+# @TEST_EDGE: empty_dashboards -> {env_id: 'empty_env', expected_total: 0}
+def test_get_dashboards_empty(mock_deps):
+    """@TEST_EDGE: empty_dashboards -> {env_id: 'empty_env', expected_total: 0}"""
+    mock_env = MagicMock()
+    mock_env.id = "empty_env"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    mock_deps["task"].get_all_tasks.return_value = []
+    mock_deps["resource"].get_dashboards_with_status = AsyncMock(return_value=[])
+
+    response = client.get("/api/dashboards?env_id=empty_env")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["total"] == 0
+    assert len(data["dashboards"]) == 0
+    assert data["total_pages"] == 1
+    DashboardsResponse(**data)
+# [/DEF:test_get_dashboards_empty:Function]
+
+
+# [DEF:test_get_dashboards_superset_failure:Function]
+# @TEST_EDGE: external_superset_failure -> {env_id: 'bad_conn', status: 503}
+def test_get_dashboards_superset_failure(mock_deps):
+    """@TEST_EDGE: external_superset_failure -> {env_id: 'bad_conn', status: 503}"""
+    mock_env = MagicMock()
+    mock_env.id = "bad_conn"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    mock_deps["task"].get_all_tasks.return_value = []
+    mock_deps["resource"].get_dashboards_with_status = AsyncMock(
+        side_effect=Exception("Connection refused")
+    )
+
+    response = client.get("/api/dashboards?env_id=bad_conn")
+    assert response.status_code == 503
+    assert "Failed to fetch dashboards" in response.json()["detail"]
+# [/DEF:test_get_dashboards_superset_failure:Function]
+
+
+# [DEF:test_get_dashboards_env_not_found:Function]
+# @TEST: GET /api/dashboards returns 404 if env_id missing
+# @PRE: env_id does not exist
+# @POST: Returns 404 error
+def test_get_dashboards_env_not_found(mock_deps):
+    mock_deps["config"].get_environments.return_value = []
+    response = client.get("/api/dashboards?env_id=nonexistent")
+    
+    assert response.status_code == 404
+    assert "Environment not found" in response.json()["detail"]
+
+
+# [/DEF:test_get_dashboards_env_not_found:Function]
+
+
+# [DEF:test_get_dashboards_invalid_pagination:Function]
+# @TEST: GET /api/dashboards returns 400 for invalid page/page_size
+# @PRE: page < 1 or page_size > 100
+# @POST: Returns 400 error
+def test_get_dashboards_invalid_pagination(mock_deps):
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    # Invalid page
+    response = client.get("/api/dashboards?env_id=prod&page=0")
+    assert response.status_code == 400
+    assert "Page must be >= 1" in response.json()["detail"]
+        
+    # Invalid page_size
+    response = client.get("/api/dashboards?env_id=prod&page_size=101")
+    assert response.status_code == 400
+    assert "Page size must be between 1 and 100" in response.json()["detail"]
+# [/DEF:test_get_dashboards_invalid_pagination:Function]
+
+
+# [DEF:test_get_dashboard_detail_success:Function]
+# @TEST: GET /api/dashboards/{id} returns dashboard detail with charts and datasets
+def test_get_dashboard_detail_success(mock_deps):
+    with patch("src.api.routes.dashboards.SupersetClient") as mock_client_cls:
+        mock_env = MagicMock()
+        mock_env.id = "prod"
+        mock_deps["config"].get_environments.return_value = [mock_env]
+
+        mock_client = MagicMock()
+        mock_client.get_dashboard_detail.return_value = {
+            "id": 42,
+            "title": "Revenue Dashboard",
+            "slug": "revenue-dashboard",
+            "url": "/superset/dashboard/42/",
+            "description": "Overview",
+            "last_modified": "2026-02-20T10:00:00+00:00",
+            "published": True,
+            "charts": [
+                {
+                    "id": 100,
+                    "title": "Revenue by Month",
+                    "viz_type": "line",
+                    "dataset_id": 7,
+                    "last_modified": "2026-02-19T10:00:00+00:00",
+                    "overview": "line"
+                }
+            ],
+            "datasets": [
+                {
+                    "id": 7,
+                    "table_name": "fact_revenue",
+                    "schema": "mart",
+                    "database": "Analytics",
+                    "last_modified": "2026-02-18T10:00:00+00:00",
+                    "overview": "mart.fact_revenue"
+                }
+            ],
+            "chart_count": 1,
+            "dataset_count": 1
+        }
+        mock_client_cls.return_value = mock_client
+
+        response = client.get("/api/dashboards/42?env_id=prod")
+
+        assert response.status_code == 200
+        payload = response.json()
+        assert payload["id"] == 42
+        assert payload["chart_count"] == 1
+        assert payload["dataset_count"] == 1
+# [/DEF:test_get_dashboard_detail_success:Function]
+
+
+# [DEF:test_get_dashboard_detail_env_not_found:Function]
+# @TEST: GET /api/dashboards/{id} returns 404 for missing environment
+def test_get_dashboard_detail_env_not_found(mock_deps):
+    mock_deps["config"].get_environments.return_value = []
+    
+    response = client.get("/api/dashboards/42?env_id=missing")
+
+    assert response.status_code == 404
+    assert "Environment not found" in response.json()["detail"]
+# [/DEF:test_get_dashboard_detail_env_not_found:Function]
+
+
+# [DEF:test_migrate_dashboards_success:Function]
+# @TEST: POST /api/dashboards/migrate creates migration task
+# @PRE: Valid source_env_id, target_env_id, dashboard_ids
+# @POST: Returns task_id and create_task was called
+def test_migrate_dashboards_success(mock_deps):
+    mock_source = MagicMock()
+    mock_source.id = "source"
+    mock_target = MagicMock()
+    mock_target.id = "target"
+    mock_deps["config"].get_environments.return_value = [mock_source, mock_target]
+
+    mock_task = MagicMock()
+    mock_task.id = "task-migrate-123"
+    mock_deps["task"].create_task = AsyncMock(return_value=mock_task)
+
+    response = client.post(
+        "/api/dashboards/migrate",
+        json={
+            "source_env_id": "source",
+            "target_env_id": "target",
+            "dashboard_ids": [1, 2, 3],
+            "db_mappings": {"old_db": "new_db"}
+        }
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert "task_id" in data
+    # @POST/@SIDE_EFFECT: create_task was called
+    mock_deps["task"].create_task.assert_called_once()
+
+
+# [/DEF:test_migrate_dashboards_success:Function]
+
+
+# [DEF:test_migrate_dashboards_no_ids:Function]
+# @TEST: POST /api/dashboards/migrate returns 400 for empty dashboard_ids
+# @PRE: dashboard_ids is empty
+# @POST: Returns 400 error
+def test_migrate_dashboards_no_ids(mock_deps):
+    response = client.post(
+        "/api/dashboards/migrate",
+        json={
+            "source_env_id": "source",
+            "target_env_id": "target",
+            "dashboard_ids": []
+        }
+    )
+
+    assert response.status_code == 400
+    assert "At least one dashboard ID must be provided" in response.json()["detail"]
+
+
+# [/DEF:test_migrate_dashboards_no_ids:Function]
+
+
+# [DEF:test_migrate_dashboards_env_not_found:Function]
+# @PRE: source_env_id and target_env_id are valid environment IDs
+def test_migrate_dashboards_env_not_found(mock_deps):
+    """@PRE: source_env_id and target_env_id are valid environment IDs."""
+    mock_deps["config"].get_environments.return_value = []
+    response = client.post(
+        "/api/dashboards/migrate",
+        json={
+            "source_env_id": "ghost",
+            "target_env_id": "t",
+            "dashboard_ids": [1]
+        }
+    )
+    assert response.status_code == 404
+    assert "Source environment not found" in response.json()["detail"]
+# [/DEF:test_migrate_dashboards_env_not_found:Function]
+
+
+# [DEF:test_backup_dashboards_success:Function]
+# @TEST: POST /api/dashboards/backup creates backup task
+# @PRE: Valid env_id, dashboard_ids
+# @POST: Returns task_id and create_task was called
+def test_backup_dashboards_success(mock_deps):
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+
+    mock_task = MagicMock()
+    mock_task.id = "task-backup-456"
+    mock_deps["task"].create_task = AsyncMock(return_value=mock_task)
+
+    response = client.post(
+        "/api/dashboards/backup",
+        json={
+            "env_id": "prod",
+            "dashboard_ids": [1, 2, 3],
+            "schedule": "0 0 * * *"
+        }
+    )
+
+    assert response.status_code == 200
+    data = response.json()
+    assert "task_id" in data
+    # @POST/@SIDE_EFFECT: create_task was called
+    mock_deps["task"].create_task.assert_called_once()
+
+
+# [/DEF:test_backup_dashboards_success:Function]
+
+
+# [DEF:test_backup_dashboards_env_not_found:Function]
+# @PRE: env_id is a valid environment ID
+def test_backup_dashboards_env_not_found(mock_deps):
+    """@PRE: env_id is a valid environment ID."""
+    mock_deps["config"].get_environments.return_value = []
+    response = client.post(
+        "/api/dashboards/backup",
+        json={
+            "env_id": "ghost",
+            "dashboard_ids": [1]
+        }
+    )
+    assert response.status_code == 404
+    assert "Environment not found" in response.json()["detail"]
+# [/DEF:test_backup_dashboards_env_not_found:Function]
+
+
+# [DEF:test_get_database_mappings_success:Function]
+# @TEST: GET /api/dashboards/db-mappings returns mapping suggestions
+# @PRE: Valid source_env_id, target_env_id
+# @POST: Returns list of database mappings
+def test_get_database_mappings_success(mock_deps):
+    mock_source = MagicMock()
+    mock_source.id = "prod"
+    mock_target = MagicMock()
+    mock_target.id = "staging"
+    mock_deps["config"].get_environments.return_value = [mock_source, mock_target]
+
+    mock_deps["mapping"].get_suggestions = AsyncMock(return_value=[
+        {
+            "source_db": "old_sales",
+            "target_db": "new_sales",
+            "source_db_uuid": "uuid-1",
+            "target_db_uuid": "uuid-2",
+            "confidence": 0.95
+        }
+    ])
+
+    response = client.get("/api/dashboards/db-mappings?source_env_id=prod&target_env_id=staging")
+
+    assert response.status_code == 200
+    data = response.json()
+    assert "mappings" in data
+    assert len(data["mappings"]) == 1
+    assert data["mappings"][0]["confidence"] == 0.95
+
+
+# [/DEF:test_get_database_mappings_success:Function]
+
+
+# [DEF:test_get_database_mappings_env_not_found:Function]
+# @PRE: source_env_id and target_env_id are valid environment IDs
+def test_get_database_mappings_env_not_found(mock_deps):
+    """@PRE: source_env_id must be a valid environment."""
+    mock_deps["config"].get_environments.return_value = []
+    response = client.get("/api/dashboards/db-mappings?source_env_id=ghost&target_env_id=t")
+    assert response.status_code == 404
+# [/DEF:test_get_database_mappings_env_not_found:Function]
+
+
+# [DEF:test_get_dashboard_tasks_history_filters_success:Function]
+# @TEST: GET /api/dashboards/{id}/tasks returns backup and llm tasks for dashboard
+def test_get_dashboard_tasks_history_filters_success(mock_deps):
+    now = datetime.now(timezone.utc)
+
+    llm_task = MagicMock()
+    llm_task.id = "task-llm-1"
+    llm_task.plugin_id = "llm_dashboard_validation"
+    llm_task.status = "SUCCESS"
+    llm_task.started_at = now
+    llm_task.finished_at = now
+    llm_task.params = {"dashboard_id": "42", "environment_id": "prod"}
+    llm_task.result = {"summary": "LLM validation complete"}
+
+    backup_task = MagicMock()
+    backup_task.id = "task-backup-1"
+    backup_task.plugin_id = "superset-backup"
+    backup_task.status = "RUNNING"
+    backup_task.started_at = now
+    backup_task.finished_at = None
+    backup_task.params = {"env": "prod", "dashboards": [42]}
+    backup_task.result = {}
+
+    other_task = MagicMock()
+    other_task.id = "task-other"
+    other_task.plugin_id = "superset-backup"
+    other_task.status = "SUCCESS"
+    other_task.started_at = now
+    other_task.finished_at = now
+    other_task.params = {"env": "prod", "dashboards": [777]}
+    other_task.result = {}
+
+    mock_deps["task"].get_all_tasks.return_value = [other_task, llm_task, backup_task]
+
+    response = client.get("/api/dashboards/42/tasks?env_id=prod&limit=10")
+
+    assert response.status_code == 200
+    data = response.json()
+    assert data["dashboard_id"] == 42
+    assert len(data["items"]) == 2
+    assert {item["plugin_id"] for item in data["items"]} == {"llm_dashboard_validation", "superset-backup"}
+# [/DEF:test_get_dashboard_tasks_history_filters_success:Function]
+
+
+# [DEF:test_get_dashboard_thumbnail_success:Function]
+# @TEST: GET /api/dashboards/{id}/thumbnail proxies image bytes from Superset
+def test_get_dashboard_thumbnail_success(mock_deps):
+    with patch("src.api.routes.dashboards.SupersetClient") as mock_client_cls:
+        mock_env = MagicMock()
+        mock_env.id = "prod"
+        mock_deps["config"].get_environments.return_value = [mock_env]
+
+        mock_client = MagicMock()
+        mock_response = MagicMock()
+        mock_response.status_code = 200
+        mock_response.content = b"fake-image-bytes"
+        mock_response.headers = {"Content-Type": "image/png"}
+
+        def _network_request(method, endpoint, **kwargs):
+            if method == "POST":
+                return {"image_url": "/api/v1/dashboard/42/screenshot/abc123/"}
+            return mock_response
+
+        mock_client.network.request.side_effect = _network_request
+        mock_client_cls.return_value = mock_client
+
+        response = client.get("/api/dashboards/42/thumbnail?env_id=prod")
+
+        assert response.status_code == 200
+        assert response.content == b"fake-image-bytes"
+        assert response.headers["content-type"].startswith("image/png")
+# [/DEF:test_get_dashboard_thumbnail_success:Function]
+
+
+# [/DEF:backend.src.api.routes.__tests__.test_dashboards:Module]
--- a/backend/src/api/routes/tests/test_datasets.py
+++ b/backend/src/api/routes/tests/test_datasets.py
@@ -0,0 +1,300 @@
+# [DEF:backend.src.api.routes.__tests__.test_datasets:Module]
+# @TIER: STANDARD
+# @SEMANTICS: datasets, api, tests, pagination, mapping, docs
+# @PURPOSE: Unit tests for Datasets API endpoints
+# @LAYER: API
+# @RELATION: TESTS -> backend.src.api.routes.datasets
+# @INVARIANT: Endpoint contracts remain stable for success and validation failure paths.
+
+import pytest
+from unittest.mock import MagicMock, patch, AsyncMock
+from fastapi.testclient import TestClient
+from src.app import app
+from src.api.routes.datasets import DatasetsResponse, DatasetDetailResponse
+from src.dependencies import get_current_user, has_permission, get_config_manager, get_task_manager, get_resource_service, get_mapping_service
+
+# Global mock user for get_current_user dependency overrides
+mock_user = MagicMock()
+mock_user.username = "testuser"
+mock_user.roles = []
+admin_role = MagicMock()
+admin_role.name = "Admin"
+mock_user.roles.append(admin_role)
+
+@pytest.fixture(autouse=True)
+def mock_deps():
+    config_manager = MagicMock()
+    task_manager = MagicMock()
+    resource_service = MagicMock()
+    mapping_service = MagicMock()
+    
+    app.dependency_overrides[get_config_manager] = lambda: config_manager
+    app.dependency_overrides[get_task_manager] = lambda: task_manager
+    app.dependency_overrides[get_resource_service] = lambda: resource_service
+    app.dependency_overrides[get_mapping_service] = lambda: mapping_service
+    app.dependency_overrides[get_current_user] = lambda: mock_user
+    
+    app.dependency_overrides[has_permission("plugin:migration", "READ")] = lambda: mock_user
+    app.dependency_overrides[has_permission("plugin:migration", "EXECUTE")] = lambda: mock_user
+    app.dependency_overrides[has_permission("plugin:backup", "EXECUTE")] = lambda: mock_user
+    app.dependency_overrides[has_permission("tasks", "READ")] = lambda: mock_user
+    
+    yield {
+        "config": config_manager,
+        "task": task_manager,
+        "resource": resource_service,
+        "mapping": mapping_service
+    }
+    app.dependency_overrides.clear()
+
+client = TestClient(app)
+
+
+# [DEF:test_get_datasets_success:Function]
+# @PURPOSE: Validate successful datasets listing contract for an existing environment.
+# @TEST: GET /api/datasets returns 200 and valid schema
+# @PRE: env_id exists
+# @POST: Response matches DatasetsResponse schema
+def test_get_datasets_success(mock_deps):
+    # Mock environment
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    
+    # Mock resource service response
+    mock_deps["resource"].get_datasets_with_status = AsyncMock(
+        return_value=[
+            {
+                "id": 1,
+                "table_name": "sales_data",
+                "schema": "public",
+                "database": "sales_db",
+                "mapped_fields": {"total": 10, "mapped": 5},
+                "last_task": {"task_id": "task-1", "status": "SUCCESS"}
+            }
+        ]
+    )
+
+    response = client.get("/api/datasets?env_id=prod")
+    
+    assert response.status_code == 200
+    data = response.json()
+    assert "datasets" in data
+    assert len(data["datasets"]) >= 0
+    # Validate against Pydantic model
+    DatasetsResponse(**data)
+
+
+# [/DEF:test_get_datasets_success:Function]
+
+
+# [DEF:test_get_datasets_env_not_found:Function]
+# @TEST: GET /api/datasets returns 404 if env_id missing
+# @PRE: env_id does not exist
+# @POST: Returns 404 error
+def test_get_datasets_env_not_found(mock_deps):
+    mock_deps["config"].get_environments.return_value = []
+
+    response = client.get("/api/datasets?env_id=nonexistent")
+    
+    assert response.status_code == 404
+    assert "Environment not found" in response.json()["detail"]
+
+
+# [/DEF:test_get_datasets_env_not_found:Function]
+
+
+# [DEF:test_get_datasets_invalid_pagination:Function]
+# @TEST: GET /api/datasets returns 400 for invalid page/page_size
+# @PRE: page < 1 or page_size > 100
+# @POST: Returns 400 error
+def test_get_datasets_invalid_pagination(mock_deps):
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+
+    # Invalid page
+    response = client.get("/api/datasets?env_id=prod&page=0")
+    assert response.status_code == 400
+    assert "Page must be >= 1" in response.json()["detail"]
+    
+    # Invalid page_size (too small)
+    response = client.get("/api/datasets?env_id=prod&page_size=0")
+    assert response.status_code == 400
+    assert "Page size must be between 1 and 100" in response.json()["detail"]
+
+    # @TEST_EDGE: page_size > 100 exceeds max
+    response = client.get("/api/datasets?env_id=prod&page_size=101")
+    assert response.status_code == 400
+    assert "Page size must be between 1 and 100" in response.json()["detail"]
+
+
+# [/DEF:test_get_datasets_invalid_pagination:Function]
+
+
+# [DEF:test_map_columns_success:Function]
+# @TEST: POST /api/datasets/map-columns creates mapping task
+# @PRE: Valid env_id, dataset_ids, source_type
+# @POST: Returns task_id
+def test_map_columns_success(mock_deps):
+    # Mock environment
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    
+    # Mock task manager
+    mock_task = MagicMock()
+    mock_task.id = "task-123"
+    mock_deps["task"].create_task = AsyncMock(return_value=mock_task)
+
+    response = client.post(
+        "/api/datasets/map-columns",
+        json={
+            "env_id": "prod",
+            "dataset_ids": [1, 2, 3],
+            "source_type": "postgresql"
+        }
+    )
+    
+    assert response.status_code == 200
+    data = response.json()
+    assert "task_id" in data
+    # @POST/@SIDE_EFFECT: create_task was called
+    mock_deps["task"].create_task.assert_called_once()
+
+
+# [/DEF:test_map_columns_success:Function]
+
+
+# [DEF:test_map_columns_invalid_source_type:Function]
+# @TEST: POST /api/datasets/map-columns returns 400 for invalid source_type
+# @PRE: source_type is not 'postgresql' or 'xlsx'
+# @POST: Returns 400 error
+def test_map_columns_invalid_source_type(mock_deps):
+    response = client.post(
+        "/api/datasets/map-columns",
+        json={
+            "env_id": "prod",
+            "dataset_ids": [1],
+            "source_type": "invalid"
+        }
+    )
+    
+    assert response.status_code == 400
+    assert "Source type must be 'postgresql' or 'xlsx'" in response.json()["detail"]
+
+
+# [/DEF:test_map_columns_invalid_source_type:Function]
+
+
+# [DEF:test_generate_docs_success:Function]
+# @TEST: POST /api/datasets/generate-docs creates doc generation task
+# @PRE: Valid env_id, dataset_ids, llm_provider
+# @POST: Returns task_id
+def test_generate_docs_success(mock_deps):
+    # Mock environment
+    mock_env = MagicMock()
+    mock_env.id = "prod"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    
+    # Mock task manager
+    mock_task = MagicMock()
+    mock_task.id = "task-456"
+    mock_deps["task"].create_task = AsyncMock(return_value=mock_task)
+
+    response = client.post(
+        "/api/datasets/generate-docs",
+        json={
+            "env_id": "prod",
+            "dataset_ids": [1],
+            "llm_provider": "openai"
+        }
+    )
+    
+    assert response.status_code == 200
+    data = response.json()
+    assert "task_id" in data
+    # @POST/@SIDE_EFFECT: create_task was called
+    mock_deps["task"].create_task.assert_called_once()
+
+
+# [/DEF:test_generate_docs_success:Function]
+
+
+# [DEF:test_map_columns_empty_ids:Function]
+# @TEST: POST /api/datasets/map-columns returns 400 for empty dataset_ids
+# @PRE: dataset_ids is empty
+# @POST: Returns 400 error
+def test_map_columns_empty_ids(mock_deps):
+    """@PRE: dataset_ids must be non-empty."""
+    response = client.post(
+        "/api/datasets/map-columns",
+        json={
+            "env_id": "prod",
+            "dataset_ids": [],
+            "source_type": "postgresql"
+        }
+    )
+    assert response.status_code == 400
+    assert "At least one dataset ID must be provided" in response.json()["detail"]
+# [/DEF:test_map_columns_empty_ids:Function]
+
+
+# [DEF:test_generate_docs_empty_ids:Function]
+# @TEST: POST /api/datasets/generate-docs returns 400 for empty dataset_ids
+# @PRE: dataset_ids is empty
+# @POST: Returns 400 error
+def test_generate_docs_empty_ids(mock_deps):
+    """@PRE: dataset_ids must be non-empty."""
+    response = client.post(
+        "/api/datasets/generate-docs",
+        json={
+            "env_id": "prod",
+            "dataset_ids": [],
+            "llm_provider": "openai"
+        }
+    )
+    assert response.status_code == 400
+    assert "At least one dataset ID must be provided" in response.json()["detail"]
+# [/DEF:test_generate_docs_empty_ids:Function]
+
+
+# [DEF:test_generate_docs_env_not_found:Function]
+# @TEST: POST /api/datasets/generate-docs returns 404 for missing env
+# @PRE: env_id does not exist
+# @POST: Returns 404 error
+def test_generate_docs_env_not_found(mock_deps):
+    """@PRE: env_id must be a valid environment."""
+    mock_deps["config"].get_environments.return_value = []
+    response = client.post(
+        "/api/datasets/generate-docs",
+        json={
+            "env_id": "ghost",
+            "dataset_ids": [1],
+            "llm_provider": "openai"
+        }
+    )
+    assert response.status_code == 404
+    assert "Environment not found" in response.json()["detail"]
+# [/DEF:test_generate_docs_env_not_found:Function]
+
+
+# [DEF:test_get_datasets_superset_failure:Function]
+# @TEST_EDGE: external_superset_failure -> {status: 503}
+def test_get_datasets_superset_failure(mock_deps):
+    """@TEST_EDGE: external_superset_failure -> {status: 503}"""
+    mock_env = MagicMock()
+    mock_env.id = "bad_conn"
+    mock_deps["config"].get_environments.return_value = [mock_env]
+    mock_deps["task"].get_all_tasks.return_value = []
+    mock_deps["resource"].get_datasets_with_status = AsyncMock(
+        side_effect=Exception("Connection refused")
+    )
+
+    response = client.get("/api/datasets?env_id=bad_conn")
+    assert response.status_code == 503
+    assert "Failed to fetch datasets" in response.json()["detail"]
+# [/DEF:test_get_datasets_superset_failure:Function]
+
+
+# [/DEF:backend.src.api.routes.__tests__.test_datasets:Module]
--- a/backend/src/api/routes/tests/test_git_status_route.py
+++ b/backend/src/api/routes/tests/test_git_status_route.py
@@ -0,0 +1,198 @@
+# [DEF:backend.src.api.routes.__tests__.test_git_status_route:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, git, api, status, no_repo
+# @PURPOSE: Validate status endpoint behavior for missing and error repository states.
+# @LAYER: Domain (Tests)
+# @RELATION: CALLS -> src.api.routes.git.get_repository_status
+
+from fastapi import HTTPException
+import pytest
+import asyncio
+
+from src.api.routes import git as git_routes
+
+
+# [DEF:test_get_repository_status_returns_no_repo_payload_for_missing_repo:Function]
+# @PURPOSE: Ensure missing local repository is represented as NO_REPO payload instead of an API error.
+# @PRE: GitService.get_status raises HTTPException(404).
+# @POST: Route returns a deterministic NO_REPO status payload.
+def test_get_repository_status_returns_no_repo_payload_for_missing_repo(monkeypatch):
+    class MissingRepoGitService:
+        def _get_repo_path(self, dashboard_id: int) -> str:
+            return f"/tmp/missing-repo-{dashboard_id}"
+
+        def get_status(self, dashboard_id: int) -> dict:
+            raise AssertionError("get_status must not be called when repository path is missing")
+
+    monkeypatch.setattr(git_routes, "git_service", MissingRepoGitService())
+
+    response = asyncio.run(git_routes.get_repository_status(34))
+
+    assert response["sync_status"] == "NO_REPO"
+    assert response["sync_state"] == "NO_REPO"
+    assert response["has_repo"] is False
+    assert response["current_branch"] is None
+# [/DEF:test_get_repository_status_returns_no_repo_payload_for_missing_repo:Function]
+
+
+# [DEF:test_get_repository_status_propagates_non_404_http_exception:Function]
+# @PURPOSE: Ensure HTTP exceptions other than 404 are not masked.
+# @PRE: GitService.get_status raises HTTPException with non-404 status.
+# @POST: Raised exception preserves original status and detail.
+def test_get_repository_status_propagates_non_404_http_exception(monkeypatch):
+    class ConflictGitService:
+        def _get_repo_path(self, dashboard_id: int) -> str:
+            return f"/tmp/existing-repo-{dashboard_id}"
+
+        def get_status(self, dashboard_id: int) -> dict:
+            raise HTTPException(status_code=409, detail="Conflict")
+
+    monkeypatch.setattr(git_routes, "git_service", ConflictGitService())
+    monkeypatch.setattr(git_routes.os.path, "exists", lambda _path: True)
+
+    with pytest.raises(HTTPException) as exc_info:
+        asyncio.run(git_routes.get_repository_status(34))
+
+    assert exc_info.value.status_code == 409
+    assert exc_info.value.detail == "Conflict"
+# [/DEF:test_get_repository_status_propagates_non_404_http_exception:Function]
+
+
+# [DEF:test_get_repository_diff_propagates_http_exception:Function]
+# @PURPOSE: Ensure diff endpoint preserves domain HTTP errors from GitService.
+# @PRE: GitService.get_diff raises HTTPException.
+# @POST: Endpoint raises same HTTPException values.
+def test_get_repository_diff_propagates_http_exception(monkeypatch):
+    class DiffGitService:
+        def get_diff(self, dashboard_id: int, file_path=None, staged: bool = False) -> str:
+            raise HTTPException(status_code=404, detail="Repository missing")
+
+    monkeypatch.setattr(git_routes, "git_service", DiffGitService())
+
+    with pytest.raises(HTTPException) as exc_info:
+        asyncio.run(git_routes.get_repository_diff(12))
+
+    assert exc_info.value.status_code == 404
+    assert exc_info.value.detail == "Repository missing"
+# [/DEF:test_get_repository_diff_propagates_http_exception:Function]
+
+
+# [DEF:test_get_history_wraps_unexpected_error_as_500:Function]
+# @PURPOSE: Ensure non-HTTP exceptions in history endpoint become deterministic 500 errors.
+# @PRE: GitService.get_commit_history raises ValueError.
+# @POST: Endpoint returns HTTPException with status 500 and route context.
+def test_get_history_wraps_unexpected_error_as_500(monkeypatch):
+    class HistoryGitService:
+        def get_commit_history(self, dashboard_id: int, limit: int = 50):
+            raise ValueError("broken parser")
+
+    monkeypatch.setattr(git_routes, "git_service", HistoryGitService())
+
+    with pytest.raises(HTTPException) as exc_info:
+        asyncio.run(git_routes.get_history(12))
+
+    assert exc_info.value.status_code == 500
+    assert exc_info.value.detail == "get_history failed: broken parser"
+# [/DEF:test_get_history_wraps_unexpected_error_as_500:Function]
+
+
+# [DEF:test_commit_changes_wraps_unexpected_error_as_500:Function]
+# @PURPOSE: Ensure commit endpoint does not leak unexpected errors as 400.
+# @PRE: GitService.commit_changes raises RuntimeError.
+# @POST: Endpoint raises HTTPException(500) with route context.
+def test_commit_changes_wraps_unexpected_error_as_500(monkeypatch):
+    class CommitGitService:
+        def commit_changes(self, dashboard_id: int, message: str, files):
+            raise RuntimeError("index lock")
+
+    class CommitPayload:
+        message = "test"
+        files = ["dashboards/a.yaml"]
+
+    monkeypatch.setattr(git_routes, "git_service", CommitGitService())
+
+    with pytest.raises(HTTPException) as exc_info:
+        asyncio.run(git_routes.commit_changes(12, CommitPayload()))
+
+    assert exc_info.value.status_code == 500
+    assert exc_info.value.detail == "commit_changes failed: index lock"
+# [/DEF:test_commit_changes_wraps_unexpected_error_as_500:Function]
+
+
+# [DEF:test_get_repository_status_batch_returns_mixed_statuses:Function]
+# @PURPOSE: Ensure batch endpoint returns per-dashboard statuses in one response.
+# @PRE: Some repositories are missing and some are initialized.
+# @POST: Returned map includes resolved status for each requested dashboard ID.
+def test_get_repository_status_batch_returns_mixed_statuses(monkeypatch):
+    class BatchGitService:
+        def _get_repo_path(self, dashboard_id: int) -> str:
+            return f"/tmp/repo-{dashboard_id}"
+
+        def get_status(self, dashboard_id: int) -> dict:
+            if dashboard_id == 2:
+                return {"sync_state": "SYNCED", "sync_status": "OK"}
+            raise HTTPException(status_code=404, detail="not found")
+
+    monkeypatch.setattr(git_routes, "git_service", BatchGitService())
+    monkeypatch.setattr(git_routes.os.path, "exists", lambda path: path.endswith("/repo-2"))
+
+    class BatchRequest:
+        dashboard_ids = [1, 2]
+
+    response = asyncio.run(git_routes.get_repository_status_batch(BatchRequest()))
+
+    assert response.statuses["1"]["sync_status"] == "NO_REPO"
+    assert response.statuses["2"]["sync_state"] == "SYNCED"
+# [/DEF:test_get_repository_status_batch_returns_mixed_statuses:Function]
+
+
+# [DEF:test_get_repository_status_batch_marks_item_as_error_on_service_failure:Function]
+# @PURPOSE: Ensure batch endpoint marks failed items as ERROR without failing entire request.
+# @PRE: GitService raises non-HTTP exception for one dashboard.
+# @POST: Failed dashboard status is marked as ERROR.
+def test_get_repository_status_batch_marks_item_as_error_on_service_failure(monkeypatch):
+    class BatchErrorGitService:
+        def _get_repo_path(self, dashboard_id: int) -> str:
+            return f"/tmp/repo-{dashboard_id}"
+
+        def get_status(self, dashboard_id: int) -> dict:
+            raise RuntimeError("boom")
+
+    monkeypatch.setattr(git_routes, "git_service", BatchErrorGitService())
+    monkeypatch.setattr(git_routes.os.path, "exists", lambda _path: True)
+
+    class BatchRequest:
+        dashboard_ids = [9]
+
+    response = asyncio.run(git_routes.get_repository_status_batch(BatchRequest()))
+
+    assert response.statuses["9"]["sync_status"] == "ERROR"
+    assert response.statuses["9"]["sync_state"] == "ERROR"
+# [/DEF:test_get_repository_status_batch_marks_item_as_error_on_service_failure:Function]
+
+
+# [DEF:test_get_repository_status_batch_deduplicates_and_truncates_ids:Function]
+# @PURPOSE: Ensure batch endpoint protects server from oversized payloads.
+# @PRE: request includes duplicate IDs and more than MAX_REPOSITORY_STATUS_BATCH entries.
+# @POST: Result contains unique IDs up to configured cap.
+def test_get_repository_status_batch_deduplicates_and_truncates_ids(monkeypatch):
+    class SafeBatchGitService:
+        def _get_repo_path(self, dashboard_id: int) -> str:
+            return f"/tmp/repo-{dashboard_id}"
+
+        def get_status(self, dashboard_id: int) -> dict:
+            return {"sync_state": "SYNCED", "sync_status": "OK"}
+
+    monkeypatch.setattr(git_routes, "git_service", SafeBatchGitService())
+    monkeypatch.setattr(git_routes.os.path, "exists", lambda _path: True)
+
+    class BatchRequest:
+        dashboard_ids = [1, 1] + list(range(2, 90))
+
+    response = asyncio.run(git_routes.get_repository_status_batch(BatchRequest()))
+
+    assert len(response.statuses) == git_routes.MAX_REPOSITORY_STATUS_BATCH
+    assert "1" in response.statuses
+# [/DEF:test_get_repository_status_batch_deduplicates_and_truncates_ids:Function]
+
+# [/DEF:backend.src.api.routes.__tests__.test_git_status_route:Module]
--- a/backend/src/api/routes/tests/test_migration_routes.py
+++ b/backend/src/api/routes/tests/test_migration_routes.py
@@ -0,0 +1,510 @@
+# [DEF:backend.src.api.routes.__tests__.test_migration_routes:Module]
+#
+# @TIER:      STANDARD
+# @PURPOSE:   Unit tests for migration API route handlers.
+# @LAYER:     API
+# @RELATION:  VERIFIES -> backend.src.api.routes.migration
+#
+import pytest
+import sys
+from pathlib import Path
+from unittest.mock import MagicMock, AsyncMock, patch
+from datetime import datetime, timezone
+
+# Add backend directory to sys.path
+backend_dir = str(Path(__file__).parent.parent.parent.parent.resolve())
+if backend_dir not in sys.path:
+    sys.path.insert(0, backend_dir)
+
+import os
+# Force SQLite in-memory for all database connections BEFORE importing any application code
+os.environ["DATABASE_URL"] = "sqlite:///:memory:"
+os.environ["TASKS_DATABASE_URL"] = "sqlite:///:memory:"
+os.environ["AUTH_DATABASE_URL"] = "sqlite:///:memory:"
+os.environ["ENVIRONMENT"] = "testing"
+
+
+from fastapi import HTTPException
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+
+from src.models.mapping import Base, ResourceMapping, ResourceType
+
+# Patch the get_db dependency if `src.api.routes.migration` imports it
+from unittest.mock import patch
+patch('src.core.database.get_db').start()
+
+# --- Fixtures ---
+
+@pytest.fixture
+def db_session():
+    """In-memory SQLite session for testing."""
+    from sqlalchemy.pool import StaticPool
+    engine = create_engine(
+        'sqlite:///:memory:',
+        connect_args={'check_same_thread': False},
+        poolclass=StaticPool
+    )
+    Base.metadata.create_all(engine)
+    Session = sessionmaker(bind=engine)
+    session = Session()
+    yield session
+    session.close()
+
+
+def _make_config_manager(cron="0 2 * * *"):
+    """Creates a mock config manager with a realistic AppConfig-like object."""
+    settings = MagicMock()
+    settings.migration_sync_cron = cron
+    config = MagicMock()
+    config.settings = settings
+    cm = MagicMock()
+    cm.get_config.return_value = config
+    cm.save_config = MagicMock()
+    return cm
+
+
+# --- get_migration_settings tests ---
+
+@pytest.mark.asyncio
+async def test_get_migration_settings_returns_default_cron():
+    """Verify the settings endpoint returns the stored cron string."""
+    from src.api.routes.migration import get_migration_settings
+
+    cm = _make_config_manager(cron="0 3 * * *")
+
+    # Call the handler directly, bypassing Depends
+    result = await get_migration_settings(config_manager=cm, _=None)
+
+    assert result == {"cron": "0 3 * * *"}
+    cm.get_config.assert_called_once()
+
+
+@pytest.mark.asyncio
+async def test_get_migration_settings_returns_fallback_when_no_cron():
+    """When migration_sync_cron uses the default, should return '0 2 * * *'."""
+    from src.api.routes.migration import get_migration_settings
+
+    # Use the default cron value (simulating a fresh config)
+    cm = _make_config_manager()
+
+    result = await get_migration_settings(config_manager=cm, _=None)
+
+    assert result == {"cron": "0 2 * * *"}
+
+
+# --- update_migration_settings tests ---
+
+@pytest.mark.asyncio
+async def test_update_migration_settings_saves_cron():
+    """Verify that a valid cron update saves to config."""
+    from src.api.routes.migration import update_migration_settings
+
+    cm = _make_config_manager()
+
+    result = await update_migration_settings(
+        payload={"cron": "0 4 * * *"},
+        config_manager=cm,
+        _=None
+    )
+
+    assert result["cron"] == "0 4 * * *"
+    assert result["status"] == "updated"
+    cm.save_config.assert_called_once()
+
+
+@pytest.mark.asyncio
+async def test_update_migration_settings_rejects_missing_cron():
+    """Verify 400 error when 'cron' key is missing from payload."""
+    from src.api.routes.migration import update_migration_settings
+
+    cm = _make_config_manager()
+
+    with pytest.raises(HTTPException) as exc_info:
+        await update_migration_settings(
+            payload={"interval": "daily"},
+            config_manager=cm,
+            _=None
+        )
+
+    assert exc_info.value.status_code == 400
+    assert "cron" in exc_info.value.detail.lower()
+
+
+# --- get_resource_mappings tests ---
+
+@pytest.mark.asyncio
+async def test_get_resource_mappings_returns_formatted_list(db_session):
+    """Verify mappings are returned as formatted dicts with correct keys."""
+    from src.api.routes.migration import get_resource_mappings
+
+    # Populate test data
+    m1 = ResourceMapping(
+        environment_id="prod",
+        resource_type=ResourceType.CHART,
+        uuid="uuid-1",
+        remote_integer_id="42",
+        resource_name="Sales Chart",
+        last_synced_at=datetime(2026, 1, 15, 12, 0, 0, tzinfo=timezone.utc)
+    )
+    db_session.add(m1)
+    db_session.commit()
+
+    result = await get_resource_mappings(skip=0, limit=50, search=None, env_id=None, resource_type=None, db=db_session, _=None)
+
+    assert result["total"] == 1
+    assert len(result["items"]) == 1
+    assert result["items"][0]["environment_id"] == "prod"
+    assert result["items"][0]["resource_type"] == "chart"
+    assert result["items"][0]["uuid"] == "uuid-1"
+    assert result["items"][0]["remote_id"] == "42"
+    assert result["items"][0]["resource_name"] == "Sales Chart"
+    assert result["items"][0]["last_synced_at"] is not None
+
+
+@pytest.mark.asyncio
+async def test_get_resource_mappings_respects_pagination(db_session):
+    """Verify skip and limit parameters work correctly."""
+    from src.api.routes.migration import get_resource_mappings
+
+    for i in range(5):
+        db_session.add(ResourceMapping(
+            environment_id="prod",
+            resource_type=ResourceType.DATASET,
+            uuid=f"uuid-{i}",
+            remote_integer_id=str(i),
+        ))
+    db_session.commit()
+
+    result = await get_resource_mappings(skip=2, limit=2, search=None, env_id=None, resource_type=None, db=db_session, _=None)
+
+    assert result["total"] == 5
+    assert len(result["items"]) == 2
+
+
+@pytest.mark.asyncio
+async def test_get_resource_mappings_search_by_name(db_session):
+    """Verify search filters by resource_name."""
+    from src.api.routes.migration import get_resource_mappings
+
+    db_session.add(ResourceMapping(environment_id="prod", resource_type=ResourceType.CHART, uuid="u1", remote_integer_id="1", resource_name="Sales Chart"))
+    db_session.add(ResourceMapping(environment_id="prod", resource_type=ResourceType.CHART, uuid="u2", remote_integer_id="2", resource_name="Revenue Dashboard"))
+    db_session.commit()
+
+    result = await get_resource_mappings(skip=0, limit=50, search="sales", env_id=None, resource_type=None, db=db_session, _=None)
+    assert result["total"] == 1
+    assert result["items"][0]["resource_name"] == "Sales Chart"
+
+
+@pytest.mark.asyncio
+async def test_get_resource_mappings_filter_by_env(db_session):
+    """Verify env_id filter returns only matching environment."""
+    from src.api.routes.migration import get_resource_mappings
+
+    db_session.add(ResourceMapping(environment_id="ss1", resource_type=ResourceType.CHART, uuid="u1", remote_integer_id="1", resource_name="Chart A"))
+    db_session.add(ResourceMapping(environment_id="ss2", resource_type=ResourceType.CHART, uuid="u2", remote_integer_id="2", resource_name="Chart B"))
+    db_session.commit()
+
+    result = await get_resource_mappings(skip=0, limit=50, search=None, env_id="ss2", resource_type=None, db=db_session, _=None)
+    assert result["total"] == 1
+    assert result["items"][0]["environment_id"] == "ss2"
+
+
+@pytest.mark.asyncio
+async def test_get_resource_mappings_filter_by_type(db_session):
+    """Verify resource_type filter returns only matching type."""
+    from src.api.routes.migration import get_resource_mappings
+
+    db_session.add(ResourceMapping(environment_id="prod", resource_type=ResourceType.CHART, uuid="u1", remote_integer_id="1", resource_name="My Chart"))
+    db_session.add(ResourceMapping(environment_id="prod", resource_type=ResourceType.DATASET, uuid="u2", remote_integer_id="2", resource_name="My Dataset"))
+    db_session.commit()
+
+    result = await get_resource_mappings(skip=0, limit=50, search=None, env_id=None, resource_type="dataset", db=db_session, _=None)
+    assert result["total"] == 1
+    assert result["items"][0]["resource_type"] == "dataset"
+
+
+# --- trigger_sync_now tests ---
+
+@pytest.fixture
+def _mock_env():
+    """Creates a mock config environment object."""
+    env = MagicMock()
+    env.id = "test-env-1"
+    env.name = "Test Env"
+    env.url = "http://superset.test"
+    env.username = "admin"
+    env.password = "admin"
+    env.verify_ssl = False
+    env.timeout = 30
+    return env
+
+
+def _make_sync_config_manager(environments):
+    """Creates a mock config manager with environments list."""
+    settings = MagicMock()
+    settings.migration_sync_cron = "0 2 * * *"
+    config = MagicMock()
+    config.settings = settings
+    config.environments = environments
+    cm = MagicMock()
+    cm.get_config.return_value = config
+    cm.get_environments.return_value = environments
+    return cm
+
+
+@pytest.mark.asyncio
+async def test_trigger_sync_now_creates_env_row_and_syncs(db_session, _mock_env):
+    """Verify that trigger_sync_now creates an Environment row in DB before syncing,
+    preventing FK constraint violations on resource_mappings inserts."""
+    from src.api.routes.migration import trigger_sync_now
+    from src.models.mapping import Environment as EnvironmentModel
+
+    cm = _make_sync_config_manager([_mock_env])
+
+    with patch("src.api.routes.migration.SupersetClient") as MockClient, \
+         patch("src.api.routes.migration.IdMappingService") as MockService:
+        mock_client_instance = MagicMock()
+        MockClient.return_value = mock_client_instance
+        mock_service_instance = MagicMock()
+        MockService.return_value = mock_service_instance
+
+        result = await trigger_sync_now(config_manager=cm, db=db_session, _=None)
+
+    # Environment row must exist in DB
+    env_row = db_session.query(EnvironmentModel).filter_by(id="test-env-1").first()
+    assert env_row is not None
+    assert env_row.name == "Test Env"
+    assert env_row.url == "http://superset.test"
+
+    # Sync must have been called
+    mock_service_instance.sync_environment.assert_called_once_with("test-env-1", mock_client_instance)
+    assert result["synced_count"] == 1
+    assert result["failed_count"] == 0
+
+
+@pytest.mark.asyncio
+async def test_trigger_sync_now_rejects_empty_environments(db_session):
+    """Verify 400 error when no environments are configured."""
+    from src.api.routes.migration import trigger_sync_now
+
+    cm = _make_sync_config_manager([])
+
+    with pytest.raises(HTTPException) as exc_info:
+        await trigger_sync_now(config_manager=cm, db=db_session, _=None)
+
+    assert exc_info.value.status_code == 400
+    assert "No environments" in exc_info.value.detail
+
+
+@pytest.mark.asyncio
+async def test_trigger_sync_now_handles_partial_failure(db_session, _mock_env):
+    """Verify that if sync_environment raises for one env, it's captured in failed list."""
+    from src.api.routes.migration import trigger_sync_now
+
+    env2 = MagicMock()
+    env2.id = "test-env-2"
+    env2.name = "Failing Env"
+    env2.url = "http://fail.test"
+    env2.username = "admin"
+    env2.password = "admin"
+    env2.verify_ssl = False
+    env2.timeout = 30
+
+    cm = _make_sync_config_manager([_mock_env, env2])
+
+    with patch("src.api.routes.migration.SupersetClient") as MockClient, \
+         patch("src.api.routes.migration.IdMappingService") as MockService:
+        mock_service_instance = MagicMock()
+        mock_service_instance.sync_environment.side_effect = [None, RuntimeError("Connection refused")]
+        MockService.return_value = mock_service_instance
+        MockClient.return_value = MagicMock()
+
+        result = await trigger_sync_now(config_manager=cm, db=db_session, _=None)
+
+    assert result["synced_count"] == 1
+    assert result["failed_count"] == 1
+    assert result["details"]["failed"][0]["env_id"] == "test-env-2"
+
+
+@pytest.mark.asyncio
+async def test_trigger_sync_now_idempotent_env_upsert(db_session, _mock_env):
+    """Verify that calling sync twice doesn't duplicate the Environment row."""
+    from src.api.routes.migration import trigger_sync_now
+    from src.models.mapping import Environment as EnvironmentModel
+
+    cm = _make_sync_config_manager([_mock_env])
+
+    with patch("src.api.routes.migration.SupersetClient"), \
+         patch("src.api.routes.migration.IdMappingService"):
+        await trigger_sync_now(config_manager=cm, db=db_session, _=None)
+        await trigger_sync_now(config_manager=cm, db=db_session, _=None)
+
+    env_count = db_session.query(EnvironmentModel).filter_by(id="test-env-1").count()
+    assert env_count == 1
+
+
+# --- get_dashboards tests ---
+
+@pytest.mark.asyncio
+async def test_get_dashboards_success(_mock_env):
+    from src.api.routes.migration import get_dashboards
+    cm = _make_sync_config_manager([_mock_env])
+    
+    with patch("src.api.routes.migration.SupersetClient") as MockClient:
+        mock_client = MagicMock()
+        mock_client.get_dashboards_summary.return_value = [{"id": 1, "title": "Test"}]
+        MockClient.return_value = mock_client
+        
+        result = await get_dashboards(env_id="test-env-1", config_manager=cm, _=None)
+        assert len(result) == 1
+        assert result[0]["id"] == 1
+
+@pytest.mark.asyncio
+async def test_get_dashboards_invalid_env_raises_404(_mock_env):
+    from src.api.routes.migration import get_dashboards
+    cm = _make_sync_config_manager([_mock_env])
+    
+    with pytest.raises(HTTPException) as exc:
+        await get_dashboards(env_id="wrong-env", config_manager=cm, _=None)
+    assert exc.value.status_code == 404
+
+# --- execute_migration tests ---
+
+@pytest.mark.asyncio
+async def test_execute_migration_success(_mock_env):
+    from src.api.routes.migration import execute_migration
+    from src.models.dashboard import DashboardSelection
+    
+    cm = _make_sync_config_manager([_mock_env, _mock_env]) # Need both source/target
+    tm = MagicMock()
+    tm.create_task = AsyncMock(return_value=MagicMock(id="task-123"))
+    
+    selection = DashboardSelection(
+        source_env_id="test-env-1",
+        target_env_id="test-env-1",
+        selected_ids=[1, 2]
+    )
+    
+    result = await execute_migration(selection=selection, config_manager=cm, task_manager=tm, _=None)
+    assert result["task_id"] == "task-123"
+    tm.create_task.assert_called_once()
+
+@pytest.mark.asyncio
+async def test_execute_migration_invalid_env_raises_400(_mock_env):
+    from src.api.routes.migration import execute_migration
+    from src.models.dashboard import DashboardSelection
+    
+    cm = _make_sync_config_manager([_mock_env])
+    selection = DashboardSelection(
+        source_env_id="test-env-1",
+        target_env_id="non-existent",
+        selected_ids=[1]
+    )
+    
+    with pytest.raises(HTTPException) as exc:
+        await execute_migration(selection=selection, config_manager=cm, task_manager=MagicMock(), _=None)
+    assert exc.value.status_code == 400
+
+
+@pytest.mark.asyncio
+async def test_dry_run_migration_returns_diff_and_risk(db_session):
+    # @TEST_EDGE: missing_target_datasource -> validates high risk item generation
+    # @TEST_EDGE: breaking_reference -> validates high risk on missing dataset link
+    from src.api.routes.migration import dry_run_migration
+    from src.models.dashboard import DashboardSelection
+
+    env_source = MagicMock()
+    env_source.id = "src"
+    env_source.name = "Source"
+    env_source.url = "http://source"
+    env_source.username = "admin"
+    env_source.password = "admin"
+    env_source.verify_ssl = False
+    env_source.timeout = 30
+
+    env_target = MagicMock()
+    env_target.id = "tgt"
+    env_target.name = "Target"
+    env_target.url = "http://target"
+    env_target.username = "admin"
+    env_target.password = "admin"
+    env_target.verify_ssl = False
+    env_target.timeout = 30
+
+    cm = _make_sync_config_manager([env_source, env_target])
+    selection = DashboardSelection(
+        selected_ids=[42],
+        source_env_id="src",
+        target_env_id="tgt",
+        replace_db_config=False,
+        fix_cross_filters=True,
+    )
+
+    with patch("src.api.routes.migration.SupersetClient") as MockClient, \
+         patch("src.api.routes.migration.MigrationDryRunService") as MockService:
+        source_client = MagicMock()
+        target_client = MagicMock()
+        MockClient.side_effect = [source_client, target_client]
+
+        service_instance = MagicMock()
+        service_payload = {
+            "generated_at": "2026-02-27T00:00:00+00:00",
+            "selection": selection.model_dump(),
+            "selected_dashboard_titles": ["Sales"],
+            "diff": {
+                "dashboards": {"create": [], "update": [{"uuid": "dash-1"}], "delete": []},
+                "charts": {"create": [{"uuid": "chart-1"}], "update": [], "delete": []},
+                "datasets": {"create": [{"uuid": "dataset-1"}], "update": [], "delete": []},
+            },
+            "summary": {
+                "dashboards": {"create": 0, "update": 1, "delete": 0},
+                "charts": {"create": 1, "update": 0, "delete": 0},
+                "datasets": {"create": 1, "update": 0, "delete": 0},
+                "selected_dashboards": 1,
+            },
+            "risk": {
+                "score": 75,
+                "level": "high",
+                "items": [
+                    {"code": "missing_datasource"},
+                    {"code": "breaking_reference"},
+                ],
+            },
+        }
+        service_instance.run.return_value = service_payload
+        MockService.return_value = service_instance
+
+        result = await dry_run_migration(selection=selection, config_manager=cm, db=db_session, _=None)
+
+    assert result["summary"]["dashboards"]["update"] == 1
+    assert result["summary"]["charts"]["create"] == 1
+    assert result["summary"]["datasets"]["create"] == 1
+    assert result["risk"]["score"] > 0
+    assert any(item["code"] == "missing_datasource" for item in result["risk"]["items"])
+    assert any(item["code"] == "breaking_reference" for item in result["risk"]["items"])
+
+
+@pytest.mark.asyncio
+async def test_dry_run_migration_rejects_same_environment(db_session):
+    from src.api.routes.migration import dry_run_migration
+    from src.models.dashboard import DashboardSelection
+
+    env = MagicMock()
+    env.id = "same"
+    env.name = "Same"
+    env.url = "http://same"
+    env.username = "admin"
+    env.password = "admin"
+    env.verify_ssl = False
+    env.timeout = 30
+
+    cm = _make_sync_config_manager([env])
+    selection = DashboardSelection(selected_ids=[1], source_env_id="same", target_env_id="same")
+
+    with pytest.raises(HTTPException) as exc:
+        await dry_run_migration(selection=selection, config_manager=cm, db=db_session, _=None)
+    assert exc.value.status_code == 400
+
+
+# [/DEF:backend.src.api.routes.__tests__.test_migration_routes:Module]
--- a/backend/src/api/routes/tests/test_reports_api.py
+++ b/backend/src/api/routes/tests/test_reports_api.py
@@ -0,0 +1,139 @@
+# [DEF:backend.tests.test_reports_api:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, reports, api, contract, pagination, filtering
+# @PURPOSE: Contract tests for GET /api/reports defaults, pagination, and filtering behavior.
+# @LAYER: Domain (Tests)
+# @RELATION: TESTS -> backend.src.api.routes.reports
+# @INVARIANT: API response contract contains {items,total,page,page_size,has_next,applied_filters}.
+
+from datetime import datetime, timedelta, timezone
+from types import SimpleNamespace
+
+from fastapi.testclient import TestClient
+
+from src.app import app
+from src.core.task_manager.models import Task, TaskStatus
+from src.dependencies import get_current_user, get_task_manager
+
+
+class _FakeTaskManager:
+    def __init__(self, tasks):
+        self._tasks = tasks
+
+    def get_all_tasks(self):
+        return self._tasks
+
+
+def _admin_user():
+    admin_role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(username="test-admin", roles=[admin_role])
+
+
+def _make_task(task_id: str, plugin_id: str, status: TaskStatus, started_at: datetime, finished_at: datetime = None, result=None):
+    return Task(
+        id=task_id,
+        plugin_id=plugin_id,
+        status=status,
+        started_at=started_at,
+        finished_at=finished_at,
+        params={"environment_id": "env-1"},
+        result=result or {"summary": f"{plugin_id} {status.value.lower()}"},
+    )
+
+
+def test_get_reports_default_pagination_contract():
+    now = datetime.utcnow()
+    tasks = [
+        _make_task("t-1", "superset-backup", TaskStatus.SUCCESS, now - timedelta(minutes=10), now - timedelta(minutes=9)),
+        _make_task("t-2", "superset-migration", TaskStatus.FAILED, now - timedelta(minutes=8), now - timedelta(minutes=7)),
+        _make_task("t-3", "llm_dashboard_validation", TaskStatus.RUNNING, now - timedelta(minutes=6), None),
+    ]
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports")
+        assert response.status_code == 200
+
+        data = response.json()
+        assert set(["items", "total", "page", "page_size", "has_next", "applied_filters"]).issubset(data.keys())
+        assert data["page"] == 1
+        assert data["page_size"] == 20
+        assert data["total"] == 3
+        assert isinstance(data["items"], list)
+        assert data["applied_filters"]["sort_by"] == "updated_at"
+        assert data["applied_filters"]["sort_order"] == "desc"
+    finally:
+        app.dependency_overrides.clear()
+
+
+def test_get_reports_filter_and_pagination():
+    now = datetime.utcnow()
+    tasks = [
+        _make_task("t-1", "superset-backup", TaskStatus.SUCCESS, now - timedelta(minutes=30), now - timedelta(minutes=29)),
+        _make_task("t-2", "superset-backup", TaskStatus.FAILED, now - timedelta(minutes=20), now - timedelta(minutes=19)),
+        _make_task("t-3", "superset-migration", TaskStatus.FAILED, now - timedelta(minutes=10), now - timedelta(minutes=9)),
+    ]
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports?task_types=backup&statuses=failed&page=1&page_size=1")
+        assert response.status_code == 200
+
+        data = response.json()
+        assert data["total"] == 1
+        assert data["page"] == 1
+        assert data["page_size"] == 1
+        assert data["has_next"] is False
+        assert len(data["items"]) == 1
+        assert data["items"][0]["task_type"] == "backup"
+        assert data["items"][0]["status"] == "failed"
+    finally:
+        app.dependency_overrides.clear()
+
+
+def test_get_reports_handles_mixed_naive_and_aware_datetimes():
+    naive_now = datetime.utcnow()
+    aware_now = datetime.now(timezone.utc)
+    tasks = [
+        _make_task("t-naive", "superset-backup", TaskStatus.SUCCESS, naive_now - timedelta(minutes=5), naive_now - timedelta(minutes=4)),
+        _make_task("t-aware", "superset-migration", TaskStatus.FAILED, aware_now - timedelta(minutes=3), aware_now - timedelta(minutes=2)),
+    ]
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports?sort_by=updated_at&sort_order=desc")
+        assert response.status_code == 200
+        data = response.json()
+        assert data["total"] == 2
+        assert len(data["items"]) == 2
+    finally:
+        app.dependency_overrides.clear()
+
+
+def test_get_reports_invalid_filter_returns_400():
+    now = datetime.utcnow()
+    tasks = [_make_task("t-1", "superset-backup", TaskStatus.SUCCESS, now - timedelta(minutes=5), now - timedelta(minutes=4))]
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports?task_types=bad_type")
+        assert response.status_code == 400
+        body = response.json()
+        assert "detail" in body
+    finally:
+        app.dependency_overrides.clear()
+
+
+# [/DEF:backend.tests.test_reports_api:Module]
--- a/backend/src/api/routes/tests/test_reports_detail_api.py
+++ b/backend/src/api/routes/tests/test_reports_detail_api.py
@@ -0,0 +1,84 @@
+# [DEF:backend.tests.test_reports_detail_api:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, reports, api, detail, diagnostics
+# @PURPOSE: Contract tests for GET /api/reports/{report_id} detail endpoint behavior.
+# @LAYER: Domain (Tests)
+# @RELATION: TESTS -> backend.src.api.routes.reports
+# @INVARIANT: Detail endpoint tests must keep deterministic assertions for success and not-found contracts.
+
+from datetime import datetime, timedelta
+from types import SimpleNamespace
+
+from fastapi.testclient import TestClient
+
+from src.app import app
+from src.core.task_manager.models import Task, TaskStatus
+from src.dependencies import get_current_user, get_task_manager
+
+
+class _FakeTaskManager:
+    def __init__(self, tasks):
+        self._tasks = tasks
+
+    def get_all_tasks(self):
+        return self._tasks
+
+
+def _admin_user():
+    role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(username="test-admin", roles=[role])
+
+
+def _make_task(task_id: str, plugin_id: str, status: TaskStatus, result=None):
+    now = datetime.utcnow()
+    return Task(
+        id=task_id,
+        plugin_id=plugin_id,
+        status=status,
+        started_at=now - timedelta(minutes=2),
+        finished_at=now - timedelta(minutes=1) if status != TaskStatus.RUNNING else None,
+        params={"environment_id": "env-1"},
+        result=result or {"summary": f"{plugin_id} result"},
+    )
+
+
+def test_get_report_detail_success():
+    task = _make_task(
+        "detail-1",
+        "superset-migration",
+        TaskStatus.FAILED,
+        result={"error": {"message": "Step failed", "next_actions": ["Check mapping", "Retry"]}},
+    )
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager([task])
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports/detail-1")
+        assert response.status_code == 200
+
+        data = response.json()
+        assert "report" in data
+        assert data["report"]["report_id"] == "detail-1"
+        assert "diagnostics" in data
+        assert "next_actions" in data
+    finally:
+        app.dependency_overrides.clear()
+
+
+def test_get_report_detail_not_found():
+    task = _make_task("detail-2", "superset-backup", TaskStatus.SUCCESS)
+
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager([task])
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports/unknown-id")
+        assert response.status_code == 404
+    finally:
+        app.dependency_overrides.clear()
+
+
+# [/DEF:backend.tests.test_reports_detail_api:Module]
--- a/backend/src/api/routes/tests/test_reports_openapi_conformance.py
+++ b/backend/src/api/routes/tests/test_reports_openapi_conformance.py
@@ -0,0 +1,81 @@
+# [DEF:backend.tests.test_reports_openapi_conformance:Module]
+# @TIER: STANDARD
+# @SEMANTICS: tests, reports, openapi, conformance
+# @PURPOSE: Validate implemented reports payload shape against OpenAPI-required top-level contract fields.
+# @LAYER: Domain (Tests)
+# @RELATION: TESTS -> specs/020-task-reports-design/contracts/reports-api.openapi.yaml
+# @INVARIANT: List and detail payloads include required contract keys.
+
+from datetime import datetime
+from types import SimpleNamespace
+
+from fastapi.testclient import TestClient
+
+from src.app import app
+from src.core.task_manager.models import Task, TaskStatus
+from src.dependencies import get_current_user, get_task_manager
+
+
+class _FakeTaskManager:
+    def __init__(self, tasks):
+        self._tasks = tasks
+
+    def get_all_tasks(self):
+        return self._tasks
+
+
+def _admin_user():
+    role = SimpleNamespace(name="Admin", permissions=[])
+    return SimpleNamespace(username="test-admin", roles=[role])
+
+
+def _task(task_id: str, plugin_id: str, status: TaskStatus):
+    now = datetime.utcnow()
+    return Task(
+        id=task_id,
+        plugin_id=plugin_id,
+        status=status,
+        started_at=now,
+        finished_at=now if status != TaskStatus.RUNNING else None,
+        params={"environment_id": "env-1"},
+        result={"summary": f"{plugin_id} {status.value.lower()}"},
+    )
+
+
+def test_reports_list_openapi_required_keys():
+    tasks = [
+        _task("r-1", "superset-backup", TaskStatus.SUCCESS),
+        _task("r-2", "superset-migration", TaskStatus.FAILED),
+    ]
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports")
+        assert response.status_code == 200
+
+        body = response.json()
+        required = {"items", "total", "page", "page_size", "has_next", "applied_filters"}
+        assert required.issubset(body.keys())
+    finally:
+        app.dependency_overrides.clear()
+
+
+def test_reports_detail_openapi_required_keys():
+    tasks = [_task("r-3", "llm_dashboard_validation", TaskStatus.SUCCESS)]
+    app.dependency_overrides[get_current_user] = lambda: _admin_user()
+    app.dependency_overrides[get_task_manager] = lambda: _FakeTaskManager(tasks)
+
+    try:
+        client = TestClient(app)
+        response = client.get("/api/reports/r-3")
+        assert response.status_code == 200
+
+        body = response.json()
+        assert "report" in body
+    finally:
+        app.dependency_overrides.clear()
+
+
+# [/DEF:backend.tests.test_reports_openapi_conformance:Module]
--- a/backend/src/api/routes/assistant.py
+++ b/backend/src/api/routes/assistant.py
--- a/backend/src/api/routes/dashboards.py
+++ b/backend/src/api/routes/dashboards.py
@@ -1,6 +1,6 @@
 # [DEF:backend.src.api.routes.dashboards:Module]
 #
-# @TIER: STANDARD
+# @TIER: CRITICAL
 # @SEMANTICS: api, dashboards, resources, hub
 # @PURPOSE:   API endpoints for the Dashboard Hub - listing dashboards with Git and task status
 # @LAYER:     API
@@ -9,13 +9,40 @@
 # @RELATION:  DEPENDS_ON -> backend.src.core.superset_client
 #
 # @INVARIANT: All dashboard responses include git_status and last_task metadata
+#
+# @TEST_CONTRACT: DashboardsAPI -> {
+#    required_fields: {env_id: string, page: integer, page_size: integer},
+#    optional_fields: {search: string},
+#    invariants: ["Pagination must be valid", "Environment must exist"]
+# }
+#
+# @TEST_FIXTURE: dashboard_list_happy -> {
+#    "env_id": "prod",
+#    "expected_count": 1,
+#    "dashboards": [{"id": 1, "title": "Main Revenue"}]
+# }
+#
+# @TEST_EDGE: pagination_zero_page -> {"env_id": "prod", "page": 0, "status": 400}
+# @TEST_EDGE: pagination_oversize -> {"env_id": "prod", "page_size": 101, "status": 400}
+# @TEST_EDGE: missing_env -> {"env_id": "ghost", "status": 404}
+# @TEST_EDGE: empty_dashboards -> {"env_id": "empty_env", "expected_total": 0}
+# @TEST_EDGE: external_superset_failure -> {"env_id": "bad_conn", "status": 503}
+#
+# @TEST_INVARIANT: metadata_consistency -> verifies: [dashboard_list_happy, empty_dashboards]
+#

 # [SECTION: IMPORTS]
-from fastapi import APIRouter, Depends, HTTPException
-from typing import List, Optional, Dict
+from fastapi import APIRouter, Depends, HTTPException, Query, Response
+from fastapi.responses import JSONResponse
+from typing import List, Optional, Dict, Any
+import re
+from urllib.parse import urlparse
 from pydantic import BaseModel, Field
 from ...dependencies import get_config_manager, get_task_manager, get_resource_service, get_mapping_service, has_permission
 from ...core.logger import logger, belief_scope
+from ...core.superset_client import SupersetClient
+from ...core.utils.network import DashboardNotFoundError
+from ...services.resource_service import ResourceService
 # [/SECTION]

 router = APIRouter(prefix="/api/dashboards", tags=["Dashboards"])
@@ -23,13 +50,19 @@ router = APIRouter(prefix="/api/dashboards", tags=["Dashboards"])
 # [DEF:GitStatus:DataClass]
 class GitStatus(BaseModel):
    branch: Optional[str] = None
-    sync_status: Optional[str] = Field(None, pattern="^OK|DIFF$")
+    sync_status: Optional[str] = Field(None, pattern="^OK|DIFF|NO_REPO|ERROR$")
+    has_repo: Optional[bool] = None
+    has_changes_for_commit: Optional[bool] = None
 # [/DEF:GitStatus:DataClass]

 # [DEF:LastTask:DataClass]
 class LastTask(BaseModel):
    task_id: Optional[str] = None
-    status: Optional[str] = Field(None, pattern="^RUNNING|SUCCESS|ERROR|WAITING_INPUT$")
+    status: Optional[str] = Field(
+        None,
+        pattern="^PENDING|RUNNING|SUCCESS|FAILED|ERROR|AWAITING_INPUT|WAITING_INPUT|AWAITING_MAPPING$",
+    )
+    validation_status: Optional[str] = Field(None, pattern="^PASS|FAIL|WARN|UNKNOWN$")
 # [/DEF:LastTask:DataClass]

 # [DEF:DashboardItem:DataClass]
@@ -39,6 +72,9 @@ class DashboardItem(BaseModel):
    slug: Optional[str] = None
    url: Optional[str] = None
    last_modified: Optional[str] = None
+    created_by: Optional[str] = None
+    modified_by: Optional[str] = None
+    owners: Optional[List[str]] = None
    git_status: Optional[GitStatus] = None
    last_task: Optional[LastTask] = None
 # [/DEF:DashboardItem:DataClass]
@@ -52,6 +88,73 @@ class DashboardsResponse(BaseModel):
    total_pages: int
 # [/DEF:DashboardsResponse:DataClass]

+# [DEF:DashboardChartItem:DataClass]
+class DashboardChartItem(BaseModel):
+    id: int
+    title: str
+    viz_type: Optional[str] = None
+    dataset_id: Optional[int] = None
+    last_modified: Optional[str] = None
+    overview: Optional[str] = None
+# [/DEF:DashboardChartItem:DataClass]
+
+# [DEF:DashboardDatasetItem:DataClass]
+class DashboardDatasetItem(BaseModel):
+    id: int
+    table_name: str
+    schema: Optional[str] = None
+    database: str
+    last_modified: Optional[str] = None
+    overview: Optional[str] = None
+# [/DEF:DashboardDatasetItem:DataClass]
+
+# [DEF:DashboardDetailResponse:DataClass]
+class DashboardDetailResponse(BaseModel):
+    id: int
+    title: str
+    slug: Optional[str] = None
+    url: Optional[str] = None
+    description: Optional[str] = None
+    last_modified: Optional[str] = None
+    published: Optional[bool] = None
+    charts: List[DashboardChartItem]
+    datasets: List[DashboardDatasetItem]
+    chart_count: int
+    dataset_count: int
+# [/DEF:DashboardDetailResponse:DataClass]
+
+# [DEF:DashboardTaskHistoryItem:DataClass]
+class DashboardTaskHistoryItem(BaseModel):
+    id: str
+    plugin_id: str
+    status: str
+    validation_status: Optional[str] = None
+    started_at: Optional[str] = None
+    finished_at: Optional[str] = None
+    env_id: Optional[str] = None
+    summary: Optional[str] = None
+# [/DEF:DashboardTaskHistoryItem:DataClass]
+
+# [DEF:DashboardTaskHistoryResponse:DataClass]
+class DashboardTaskHistoryResponse(BaseModel):
+    dashboard_id: int
+    items: List[DashboardTaskHistoryItem]
+# [/DEF:DashboardTaskHistoryResponse:DataClass]
+
+# [DEF:DatabaseMapping:DataClass]
+class DatabaseMapping(BaseModel):
+    source_db: str
+    target_db: str
+    source_db_uuid: Optional[str] = None
+    target_db_uuid: Optional[str] = None
+    confidence: float
+# [/DEF:DatabaseMapping:DataClass]
+
+# [DEF:DatabaseMappingsResponse:DataClass]
+class DatabaseMappingsResponse(BaseModel):
+    mappings: List[DatabaseMapping]
+# [/DEF:DatabaseMappingsResponse:DataClass]
+
 # [DEF:get_dashboards:Function]
 # @PURPOSE: Fetch list of dashboards from a specific environment with Git status and last task status
 # @PRE: env_id must be a valid environment ID
@@ -95,27 +198,66 @@ async def get_dashboards(
        try:
            # Get all tasks for status lookup
            all_tasks = task_manager.get_all_tasks()
-            
-            # Fetch dashboards with status using ResourceService
-            dashboards = await resource_service.get_dashboards_with_status(env, all_tasks)
-            
-            # Apply search filter if provided
-            if search:
-                search_lower = search.lower()
-                dashboards = [
-                    d for d in dashboards 
-                    if search_lower in d.get('title', '').lower() 
-                    or search_lower in d.get('slug', '').lower()
-                ]
-            
-            # Calculate pagination
-            total = len(dashboards)
-            total_pages = (total + page_size - 1) // page_size if total > 0 else 1
-            start_idx = (page - 1) * page_size
-            end_idx = start_idx + page_size
-            
-            # Slice dashboards for current page
-            paginated_dashboards = dashboards[start_idx:end_idx]
+
+            # Fast path: real ResourceService -> one Superset page call per API request.
+            if isinstance(resource_service, ResourceService):
+                try:
+                    page_payload = await resource_service.get_dashboards_page_with_status(
+                        env,
+                        all_tasks,
+                        page=page,
+                        page_size=page_size,
+                        search=search,
+                        include_git_status=False,
+                    )
+                    paginated_dashboards = page_payload["dashboards"]
+                    total = page_payload["total"]
+                    total_pages = page_payload["total_pages"]
+                except Exception as page_error:
+                    logger.warning(
+                        "[get_dashboards][Action] Page-based fetch failed; using compatibility fallback: %s",
+                        page_error,
+                    )
+                    dashboards = await resource_service.get_dashboards_with_status(
+                        env,
+                        all_tasks,
+                        include_git_status=False,
+                    )
+
+                    if search:
+                        search_lower = search.lower()
+                        dashboards = [
+                            d for d in dashboards 
+                            if search_lower in d.get('title', '').lower() 
+                            or search_lower in d.get('slug', '').lower()
+                        ]
+
+                    total = len(dashboards)
+                    total_pages = (total + page_size - 1) // page_size if total > 0 else 1
+                    start_idx = (page - 1) * page_size
+                    end_idx = start_idx + page_size
+                    paginated_dashboards = dashboards[start_idx:end_idx]
+            else:
+                # Compatibility path for mocked services in route tests.
+                dashboards = await resource_service.get_dashboards_with_status(
+                    env,
+                    all_tasks,
+                    include_git_status=False,
+                )
+
+                if search:
+                    search_lower = search.lower()
+                    dashboards = [
+                        d for d in dashboards 
+                        if search_lower in d.get('title', '').lower() 
+                        or search_lower in d.get('slug', '').lower()
+                    ]
+
+                total = len(dashboards)
+                total_pages = (total + page_size - 1) // page_size if total > 0 else 1
+                start_idx = (page - 1) * page_size
+                end_idx = start_idx + page_size
+                paginated_dashboards = dashboards[start_idx:end_idx]
            
            logger.info(f"[get_dashboards][Coherence:OK] Returning {len(paginated_dashboards)} dashboards (page {page}/{total_pages}, total: {total})")
            
@@ -132,6 +274,278 @@ async def get_dashboards(
            raise HTTPException(status_code=503, detail=f"Failed to fetch dashboards: {str(e)}")
 # [/DEF:get_dashboards:Function]

+# [DEF:get_database_mappings:Function]
+# @PURPOSE: Get database mapping suggestions between source and target environments
+# @PRE: User has permission plugin:migration:read
+# @PRE: source_env_id and target_env_id are valid environment IDs
+# @POST: Returns list of suggested database mappings with confidence scores
+# @PARAM: source_env_id (str) - Source environment ID
+# @PARAM: target_env_id (str) - Target environment ID
+# @RETURN: DatabaseMappingsResponse - List of suggested mappings
+# @RELATION: CALLS -> MappingService.get_suggestions
+@router.get("/db-mappings", response_model=DatabaseMappingsResponse)
+async def get_database_mappings(
+    source_env_id: str,
+    target_env_id: str,
+    config_manager=Depends(get_config_manager),
+    mapping_service=Depends(get_mapping_service),
+    _ = Depends(has_permission("plugin:migration", "READ"))
+):
+    with belief_scope("get_database_mappings", f"source={source_env_id}, target={target_env_id}"):
+        # Validate environments exist
+        environments = config_manager.get_environments()
+        source_env = next((e for e in environments if e.id == source_env_id), None)
+        target_env = next((e for e in environments if e.id == target_env_id), None)
+        
+        if not source_env:
+            logger.error(f"[get_database_mappings][Coherence:Failed] Source environment not found: {source_env_id}")
+            raise HTTPException(status_code=404, detail="Source environment not found")
+        if not target_env:
+            logger.error(f"[get_database_mappings][Coherence:Failed] Target environment not found: {target_env_id}")
+            raise HTTPException(status_code=404, detail="Target environment not found")
+
+        try:
+            # Get mapping suggestions using MappingService
+            suggestions = await mapping_service.get_suggestions(source_env_id, target_env_id)
+            
+            # Format suggestions as DatabaseMapping objects
+            mappings = [
+                DatabaseMapping(
+                    source_db=s.get('source_db', ''),
+                    target_db=s.get('target_db', ''),
+                    source_db_uuid=s.get('source_db_uuid'),
+                    target_db_uuid=s.get('target_db_uuid'),
+                    confidence=s.get('confidence', 0.0)
+                )
+                for s in suggestions
+            ]
+            
+            logger.info(f"[get_database_mappings][Coherence:OK] Returning {len(mappings)} database mapping suggestions")
+            
+            return DatabaseMappingsResponse(mappings=mappings)
+            
+        except Exception as e:
+            logger.error(f"[get_database_mappings][Coherence:Failed] Failed to get database mappings: {e}")
+            raise HTTPException(status_code=503, detail=f"Failed to get database mappings: {str(e)}")
+# [/DEF:get_database_mappings:Function]
+
+# [DEF:get_dashboard_detail:Function]
+# @PURPOSE: Fetch detailed dashboard info with related charts and datasets
+# @PRE: env_id must be valid and dashboard_id must exist
+# @POST: Returns dashboard detail payload for overview page
+# @RELATION: CALLS -> SupersetClient.get_dashboard_detail
+@router.get("/{dashboard_id:int}", response_model=DashboardDetailResponse)
+async def get_dashboard_detail(
+    dashboard_id: int,
+    env_id: str,
+    config_manager=Depends(get_config_manager),
+    _ = Depends(has_permission("plugin:migration", "READ"))
+):
+    with belief_scope("get_dashboard_detail", f"dashboard_id={dashboard_id}, env_id={env_id}"):
+        environments = config_manager.get_environments()
+        env = next((e for e in environments if e.id == env_id), None)
+        if not env:
+            logger.error(f"[get_dashboard_detail][Coherence:Failed] Environment not found: {env_id}")
+            raise HTTPException(status_code=404, detail="Environment not found")
+
+        try:
+            client = SupersetClient(env)
+            detail = client.get_dashboard_detail(dashboard_id)
+            logger.info(
+                f"[get_dashboard_detail][Coherence:OK] Dashboard {dashboard_id}: {detail.get('chart_count', 0)} charts, {detail.get('dataset_count', 0)} datasets"
+            )
+            return DashboardDetailResponse(**detail)
+        except HTTPException:
+            raise
+        except Exception as e:
+            logger.error(f"[get_dashboard_detail][Coherence:Failed] Failed to fetch dashboard detail: {e}")
+            raise HTTPException(status_code=503, detail=f"Failed to fetch dashboard detail: {str(e)}")
+# [/DEF:get_dashboard_detail:Function]
+
+
+# [DEF:_task_matches_dashboard:Function]
+# @PURPOSE: Checks whether task params are tied to a specific dashboard and environment.
+# @PRE: task-like object exposes plugin_id and params fields.
+# @POST: Returns True only for supported task plugins tied to dashboard_id (+optional env_id).
+def _task_matches_dashboard(task: Any, dashboard_id: int, env_id: Optional[str]) -> bool:
+    plugin_id = getattr(task, "plugin_id", None)
+    if plugin_id not in {"superset-backup", "llm_dashboard_validation"}:
+        return False
+
+    params = getattr(task, "params", {}) or {}
+    dashboard_id_str = str(dashboard_id)
+
+    if plugin_id == "llm_dashboard_validation":
+        task_dashboard_id = params.get("dashboard_id")
+        if str(task_dashboard_id) != dashboard_id_str:
+            return False
+        if env_id:
+            task_env = params.get("environment_id")
+            return str(task_env) == str(env_id)
+        return True
+
+    # superset-backup can pass dashboards as "dashboard_ids" or "dashboards"
+    dashboard_ids = params.get("dashboard_ids") or params.get("dashboards") or []
+    normalized_ids = {str(item) for item in dashboard_ids}
+    if dashboard_id_str not in normalized_ids:
+        return False
+    if env_id:
+        task_env = params.get("environment_id") or params.get("env")
+        return str(task_env) == str(env_id)
+    return True
+# [/DEF:_task_matches_dashboard:Function]
+
+
+# [DEF:get_dashboard_tasks_history:Function]
+# @PURPOSE: Returns history of backup and LLM validation tasks for a dashboard.
+# @PRE: dashboard_id is valid integer.
+# @POST: Response contains sorted task history (newest first).
+@router.get("/{dashboard_id:int}/tasks", response_model=DashboardTaskHistoryResponse)
+async def get_dashboard_tasks_history(
+    dashboard_id: int,
+    env_id: Optional[str] = None,
+    limit: int = Query(20, ge=1, le=100),
+    task_manager=Depends(get_task_manager),
+    _ = Depends(has_permission("tasks", "READ"))
+):
+    with belief_scope("get_dashboard_tasks_history", f"dashboard_id={dashboard_id}, env_id={env_id}, limit={limit}"):
+        matching_tasks = []
+        for task in task_manager.get_all_tasks():
+            if _task_matches_dashboard(task, dashboard_id, env_id):
+                matching_tasks.append(task)
+
+        def _sort_key(task_obj: Any) -> str:
+            return (
+                str(getattr(task_obj, "started_at", "") or "")
+                or str(getattr(task_obj, "finished_at", "") or "")
+            )
+
+        matching_tasks.sort(key=_sort_key, reverse=True)
+        selected = matching_tasks[:limit]
+
+        items = []
+        for task in selected:
+            result = getattr(task, "result", None)
+            summary = None
+            validation_status = None
+            if isinstance(result, dict):
+                raw_validation_status = result.get("status")
+                if raw_validation_status is not None:
+                    validation_status = str(raw_validation_status)
+                summary = (
+                    result.get("summary")
+                    or result.get("status")
+                    or result.get("message")
+                )
+            params = getattr(task, "params", {}) or {}
+            items.append(
+                DashboardTaskHistoryItem(
+                    id=str(getattr(task, "id", "")),
+                    plugin_id=str(getattr(task, "plugin_id", "")),
+                    status=str(getattr(task, "status", "")),
+                    validation_status=validation_status,
+                    started_at=getattr(task, "started_at", None).isoformat() if getattr(task, "started_at", None) else None,
+                    finished_at=getattr(task, "finished_at", None).isoformat() if getattr(task, "finished_at", None) else None,
+                    env_id=str(params.get("environment_id") or params.get("env")) if (params.get("environment_id") or params.get("env")) else None,
+                    summary=summary,
+                )
+            )
+
+        logger.info(f"[get_dashboard_tasks_history][Coherence:OK] Found {len(items)} tasks for dashboard {dashboard_id}")
+        return DashboardTaskHistoryResponse(dashboard_id=dashboard_id, items=items)
+# [/DEF:get_dashboard_tasks_history:Function]
+
+
+# [DEF:get_dashboard_thumbnail:Function]
+# @PURPOSE: Proxies Superset dashboard thumbnail with cache support.
+# @PRE: env_id must exist.
+# @POST: Returns image bytes or 202 when thumbnail is being prepared by Superset.
+@router.get("/{dashboard_id:int}/thumbnail")
+async def get_dashboard_thumbnail(
+    dashboard_id: int,
+    env_id: str,
+    force: bool = Query(False),
+    config_manager=Depends(get_config_manager),
+    _ = Depends(has_permission("plugin:migration", "READ"))
+):
+    with belief_scope("get_dashboard_thumbnail", f"dashboard_id={dashboard_id}, env_id={env_id}, force={force}"):
+        environments = config_manager.get_environments()
+        env = next((e for e in environments if e.id == env_id), None)
+        if not env:
+            logger.error(f"[get_dashboard_thumbnail][Coherence:Failed] Environment not found: {env_id}")
+            raise HTTPException(status_code=404, detail="Environment not found")
+
+        try:
+            client = SupersetClient(env)
+            digest = None
+            thumb_endpoint = None
+
+            # Preferred flow (newer Superset): ask server to cache screenshot and return digest/image_url.
+            try:
+                screenshot_payload = client.network.request(
+                    method="POST",
+                    endpoint=f"/dashboard/{dashboard_id}/cache_dashboard_screenshot/",
+                    json={"force": force},
+                )
+                payload = screenshot_payload.get("result", screenshot_payload) if isinstance(screenshot_payload, dict) else {}
+                image_url = payload.get("image_url", "") if isinstance(payload, dict) else ""
+                if isinstance(image_url, str) and image_url:
+                    matched = re.search(r"/dashboard/\d+/(?:thumbnail|screenshot)/([^/]+)/?$", image_url)
+                    if matched:
+                        digest = matched.group(1)
+            except DashboardNotFoundError:
+                logger.warning(
+                    "[get_dashboard_thumbnail][Fallback] cache_dashboard_screenshot endpoint unavailable, fallback to dashboard.thumbnail_url"
+                )
+
+            # Fallback flow (older Superset): read thumbnail_url from dashboard payload.
+            if not digest:
+                dashboard_payload = client.network.request(
+                    method="GET",
+                    endpoint=f"/dashboard/{dashboard_id}",
+                )
+                dashboard_data = dashboard_payload.get("result", dashboard_payload) if isinstance(dashboard_payload, dict) else {}
+                thumbnail_url = dashboard_data.get("thumbnail_url", "") if isinstance(dashboard_data, dict) else ""
+                if isinstance(thumbnail_url, str) and thumbnail_url:
+                    parsed = urlparse(thumbnail_url)
+                    parsed_path = parsed.path or thumbnail_url
+                    if parsed_path.startswith("/api/v1/"):
+                        parsed_path = parsed_path[len("/api/v1"):]
+                    thumb_endpoint = parsed_path
+                    matched = re.search(r"/dashboard/\d+/(?:thumbnail|screenshot)/([^/]+)/?$", parsed_path)
+                    if matched:
+                        digest = matched.group(1)
+
+            if not thumb_endpoint:
+                thumb_endpoint = f"/dashboard/{dashboard_id}/thumbnail/{digest or 'latest'}/"
+
+            thumb_response = client.network.request(
+                method="GET",
+                endpoint=thumb_endpoint,
+                raw_response=True,
+                allow_redirects=True,
+            )
+
+            if thumb_response.status_code == 202:
+                payload_202: Dict[str, Any] = {}
+                try:
+                    payload_202 = thumb_response.json()
+                except Exception:
+                    payload_202 = {"message": "Thumbnail is being generated"}
+                return JSONResponse(status_code=202, content=payload_202)
+
+            content_type = thumb_response.headers.get("Content-Type", "image/png")
+            return Response(content=thumb_response.content, media_type=content_type)
+        except DashboardNotFoundError as e:
+            logger.error(f"[get_dashboard_thumbnail][Coherence:Failed] Dashboard not found for thumbnail: {e}")
+            raise HTTPException(status_code=404, detail="Dashboard thumbnail not found")
+        except HTTPException:
+            raise
+        except Exception as e:
+            logger.error(f"[get_dashboard_thumbnail][Coherence:Failed] Failed to fetch dashboard thumbnail: {e}")
+            raise HTTPException(status_code=503, detail=f"Failed to fetch dashboard thumbnail: {str(e)}")
+# [/DEF:get_dashboard_thumbnail:Function]
+
 # [DEF:MigrateRequest:DataClass]
 class MigrateRequest(BaseModel):
    source_env_id: str = Field(..., description="Source environment ID")
@@ -187,19 +601,19 @@ async def migrate_dashboards(
            task_params = {
                'source_env_id': request.source_env_id,
                'target_env_id': request.target_env_id,
-                'dashboards': request.dashboard_ids,
+                'selected_ids': request.dashboard_ids,
                'replace_db_config': request.replace_db_config,
                'db_mappings': request.db_mappings or {}
            }
            
-            task_id = await task_manager.create_task(
+            task_obj = await task_manager.create_task(
                plugin_id='superset-migration',
                params=task_params
            )
            
-            logger.info(f"[migrate_dashboards][Coherence:OK] Migration task created: {task_id} for {len(request.dashboard_ids)} dashboards")
+            logger.info(f"[migrate_dashboards][Coherence:OK] Migration task created: {task_obj.id} for {len(request.dashboard_ids)} dashboards")
            
-            return TaskResponse(task_id=str(task_id))
+            return TaskResponse(task_id=str(task_obj.id))
            
        except Exception as e:
            logger.error(f"[migrate_dashboards][Coherence:Failed] Failed to create migration task: {e}")
@@ -254,70 +668,18 @@ async def backup_dashboards(
                'schedule': request.schedule
            }
            
-            task_id = await task_manager.create_task(
+            task_obj = await task_manager.create_task(
                plugin_id='superset-backup',
                params=task_params
            )
            
-            logger.info(f"[backup_dashboards][Coherence:OK] Backup task created: {task_id} for {len(request.dashboard_ids)} dashboards")
+            logger.info(f"[backup_dashboards][Coherence:OK] Backup task created: {task_obj.id} for {len(request.dashboard_ids)} dashboards")
            
-            return TaskResponse(task_id=str(task_id))
+            return TaskResponse(task_id=str(task_obj.id))
            
        except Exception as e:
            logger.error(f"[backup_dashboards][Coherence:Failed] Failed to create backup task: {e}")
            raise HTTPException(status_code=503, detail=f"Failed to create backup task: {str(e)}")
 # [/DEF:backup_dashboards:Function]

-# [DEF:DatabaseMapping:DataClass]
-class DatabaseMapping(BaseModel):
-    source_db: str
-    target_db: str
-    confidence: float
-# [/DEF:DatabaseMapping:DataClass]
-
-# [DEF:DatabaseMappingsResponse:DataClass]
-class DatabaseMappingsResponse(BaseModel):
-    mappings: List[DatabaseMapping]
-# [/DEF:DatabaseMappingsResponse:DataClass]
-
-# [DEF:get_database_mappings:Function]
-# @PURPOSE: Get database mapping suggestions between source and target environments
-# @PRE: User has permission plugin:migration:read
-# @PRE: source_env_id and target_env_id are valid environment IDs
-# @POST: Returns list of suggested database mappings with confidence scores
-# @PARAM: source_env_id (str) - Source environment ID
-# @PARAM: target_env_id (str) - Target environment ID
-# @RETURN: DatabaseMappingsResponse - List of suggested mappings
-# @RELATION: CALLS -> MappingService.get_suggestions
-@router.get("/db-mappings", response_model=DatabaseMappingsResponse)
-async def get_database_mappings(
-    source_env_id: str,
-    target_env_id: str,
-    mapping_service=Depends(get_mapping_service),
-    _ = Depends(has_permission("plugin:migration", "READ"))
-):
-    with belief_scope("get_database_mappings", f"source={source_env_id}, target={target_env_id}"):
-        try:
-            # Get mapping suggestions using MappingService
-            suggestions = await mapping_service.get_suggestions(source_env_id, target_env_id)
-            
-            # Format suggestions as DatabaseMapping objects
-            mappings = [
-                DatabaseMapping(
-                    source_db=s.get('source_db', ''),
-                    target_db=s.get('target_db', ''),
-                    confidence=s.get('confidence', 0.0)
-                )
-                for s in suggestions
-            ]
-            
-            logger.info(f"[get_database_mappings][Coherence:OK] Returning {len(mappings)} database mapping suggestions")
-            
-            return DatabaseMappingsResponse(mappings=mappings)
-            
-        except Exception as e:
-            logger.error(f"[get_database_mappings][Coherence:Failed] Failed to get database mappings: {e}")
-            raise HTTPException(status_code=503, detail=f"Failed to get database mappings: {str(e)}")
-# [/DEF:get_database_mappings:Function]
-
 # [/DEF:backend.src.api.routes.dashboards:Module]
--- a/backend/src/api/routes/datasets.py
+++ b/backend/src/api/routes/datasets.py
@@ -270,21 +270,21 @@ async def map_columns(
        try:
            # Create mapping task
            task_params = {
-                'env_id': request.env_id,
-                'datasets': request.dataset_ids,
-                'source_type': request.source_type,
+                'env': request.env_id,
+                'dataset_id': request.dataset_ids[0] if request.dataset_ids else None,
+                'source': request.source_type,
                'connection_id': request.connection_id,
                'file_data': request.file_data
            }
            
-            task_id = await task_manager.create_task(
+            task_obj = await task_manager.create_task(
                plugin_id='dataset-mapper',
                params=task_params
            )
            
-            logger.info(f"[map_columns][Coherence:OK] Mapping task created: {task_id} for {len(request.dataset_ids)} datasets")
+            logger.info(f"[map_columns][Coherence:OK] Mapping task created: {task_obj.id} for {len(request.dataset_ids)} datasets")
            
-            return TaskResponse(task_id=str(task_id))
+            return TaskResponse(task_id=str(task_obj.id))
            
        except Exception as e:
            logger.error(f"[map_columns][Coherence:Failed] Failed to create mapping task: {e}")
@@ -334,20 +334,20 @@ async def generate_docs(
        try:
            # Create documentation generation task
            task_params = {
-                'env_id': request.env_id,
-                'datasets': request.dataset_ids,
-                'llm_provider': request.llm_provider,
+                'environment_id': request.env_id,
+                'dataset_id': str(request.dataset_ids[0]) if request.dataset_ids else None,
+                'provider_id': request.llm_provider,
                'options': request.options or {}
            }
            
-            task_id = await task_manager.create_task(
+            task_obj = await task_manager.create_task(
                plugin_id='llm_documentation',
                params=task_params
            )
            
-            logger.info(f"[generate_docs][Coherence:OK] Documentation generation task created: {task_id} for {len(request.dataset_ids)} datasets")
+            logger.info(f"[generate_docs][Coherence:OK] Documentation generation task created: {task_obj.id} for {len(request.dataset_ids)} datasets")
            
-            return TaskResponse(task_id=str(task_id))
+            return TaskResponse(task_id=str(task_obj.id))
            
        except Exception as e:
            logger.error(f"[generate_docs][Coherence:Failed] Failed to create documentation generation task: {e}")
--- a/backend/src/api/routes/environments.py
+++ b/backend/src/api/routes/environments.py
@@ -31,6 +31,7 @@ class EnvironmentResponse(BaseModel):
    id: str
    name: str
    url: str
+    is_production: bool = False
    backup_schedule: Optional[ScheduleSchema] = None
 # [/DEF:EnvironmentResponse:DataClass]

@@ -63,6 +64,7 @@ async def get_environments(
            id=e.id,
            name=e.name,
            url=e.url,
+            is_production=getattr(e, "is_production", False),
            backup_schedule=ScheduleSchema(
                enabled=e.backup_schedule.enabled,
                cron_expression=e.backup_schedule.cron_expression
--- a/backend/src/api/routes/git.py
+++ b/backend/src/api/routes/git.py
@@ -14,6 +14,7 @@ from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 from typing import List, Optional
 import typing
+import os
 from src.dependencies import get_config_manager, has_permission
 from src.core.database import get_db
 from src.models.git import GitServerConfig, GitRepository
@@ -21,13 +22,82 @@ from src.api.routes.git_schemas import (
    GitServerConfigSchema, GitServerConfigCreate,
    BranchSchema, BranchCreate,
    BranchCheckout, CommitSchema, CommitCreate,
-    DeploymentEnvironmentSchema, DeployRequest, RepoInitRequest
+    DeploymentEnvironmentSchema, DeployRequest, RepoInitRequest,
+    RepoStatusBatchRequest, RepoStatusBatchResponse,
 )
 from src.services.git_service import GitService
 from src.core.logger import logger, belief_scope
+from ...services.llm_prompt_templates import (
+    DEFAULT_LLM_PROMPTS,
+    normalize_llm_settings,
+    resolve_bound_provider_id,
+)

 router = APIRouter(tags=["git"])
 git_service = GitService()
+MAX_REPOSITORY_STATUS_BATCH = 50
+
+
+# [DEF:_build_no_repo_status_payload:Function]
+# @PURPOSE: Build a consistent status payload for dashboards without initialized repositories.
+# @PRE: None.
+# @POST: Returns a stable payload compatible with frontend repository status parsing.
+# @RETURN: dict
+def _build_no_repo_status_payload() -> dict:
+    return {
+        "is_dirty": False,
+        "untracked_files": [],
+        "modified_files": [],
+        "staged_files": [],
+        "current_branch": None,
+        "upstream_branch": None,
+        "has_upstream": False,
+        "ahead_count": 0,
+        "behind_count": 0,
+        "is_diverged": False,
+        "sync_state": "NO_REPO",
+        "sync_status": "NO_REPO",
+        "has_repo": False,
+    }
+# [/DEF:_build_no_repo_status_payload:Function]
+
+
+# [DEF:_handle_unexpected_git_route_error:Function]
+# @PURPOSE: Convert unexpected route-level exceptions to stable 500 API responses.
+# @PRE: `error` is a non-HTTPException instance.
+# @POST: Raises HTTPException(500) with route-specific context.
+# @PARAM: route_name (str)
+# @PARAM: error (Exception)
+def _handle_unexpected_git_route_error(route_name: str, error: Exception) -> None:
+    logger.error(f"[{route_name}][Coherence:Failed] {error}")
+    raise HTTPException(status_code=500, detail=f"{route_name} failed: {str(error)}")
+# [/DEF:_handle_unexpected_git_route_error:Function]
+
+
+# [DEF:_resolve_repository_status:Function]
+# @PURPOSE: Resolve repository status for one dashboard with graceful NO_REPO semantics.
+# @PRE: `dashboard_id` is a valid integer.
+# @POST: Returns standard status payload or `NO_REPO` payload when repository path is absent.
+# @PARAM: dashboard_id (int)
+# @RETURN: dict
+def _resolve_repository_status(dashboard_id: int) -> dict:
+    repo_path = git_service._get_repo_path(dashboard_id)
+    if not os.path.exists(repo_path):
+        logger.debug(
+            f"[get_repository_status][Action] Repository is not initialized for dashboard {dashboard_id}"
+        )
+        return _build_no_repo_status_payload()
+
+    try:
+        return git_service.get_status(dashboard_id)
+    except HTTPException as e:
+        if e.status_code == 404:
+            logger.debug(
+                f"[get_repository_status][Action] Repository is not initialized for dashboard {dashboard_id}"
+            )
+            return _build_no_repo_status_payload()
+        raise
+# [/DEF:_resolve_repository_status:Function]

 # [DEF:get_git_configs:Function]
 # @PURPOSE: List all configured Git servers.
@@ -148,7 +218,9 @@ async def init_repository(
        except Exception as e:
            db.rollback()
            logger.error(f"[init_repository][Coherence:Failed] Failed to init repository: {e}")
-            raise HTTPException(status_code=400, detail=str(e))
+            if isinstance(e, HTTPException):
+                raise
+            _handle_unexpected_git_route_error("init_repository", e)
 # [/DEF:init_repository:Function]

 # [DEF:get_branches:Function]
@@ -165,8 +237,10 @@ async def get_branches(
    with belief_scope("get_branches"):
        try:
            return git_service.list_branches(dashboard_id)
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=404, detail=str(e))
+            _handle_unexpected_git_route_error("get_branches", e)
 # [/DEF:get_branches:Function]

 # [DEF:create_branch:Function]
@@ -185,8 +259,10 @@ async def create_branch(
        try:
            git_service.create_branch(dashboard_id, branch_data.name, branch_data.from_branch)
            return {"status": "success"}
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("create_branch", e)
 # [/DEF:create_branch:Function]

 # [DEF:checkout_branch:Function]
@@ -205,8 +281,10 @@ async def checkout_branch(
        try:
            git_service.checkout_branch(dashboard_id, checkout_data.name)
            return {"status": "success"}
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("checkout_branch", e)
 # [/DEF:checkout_branch:Function]

 # [DEF:commit_changes:Function]
@@ -225,8 +303,10 @@ async def commit_changes(
        try:
            git_service.commit_changes(dashboard_id, commit_data.message, commit_data.files)
            return {"status": "success"}
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("commit_changes", e)
 # [/DEF:commit_changes:Function]

 # [DEF:push_changes:Function]
@@ -243,8 +323,10 @@ async def push_changes(
        try:
            git_service.push_changes(dashboard_id)
            return {"status": "success"}
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("push_changes", e)
 # [/DEF:push_changes:Function]

 # [DEF:pull_changes:Function]
@@ -261,8 +343,10 @@ async def pull_changes(
        try:
            git_service.pull_changes(dashboard_id)
            return {"status": "success"}
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("pull_changes", e)
 # [/DEF:pull_changes:Function]

 # [DEF:sync_dashboard:Function]
@@ -286,8 +370,10 @@ async def sync_dashboard(
                "dashboard_id": dashboard_id,
                "source_env_id": source_env_id
            })
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("sync_dashboard", e)
 # [/DEF:sync_dashboard:Function]

 # [DEF:get_environments:Function]
@@ -333,8 +419,10 @@ async def deploy_dashboard(
                "dashboard_id": dashboard_id,
                "environment_id": deploy_data.environment_id
            })
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("deploy_dashboard", e)
 # [/DEF:deploy_dashboard:Function]

 # [DEF:get_history:Function]
@@ -353,14 +441,16 @@ async def get_history(
    with belief_scope("get_history"):
        try:
            return git_service.get_commit_history(dashboard_id, limit)
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=404, detail=str(e))
+            _handle_unexpected_git_route_error("get_history", e)
 # [/DEF:get_history:Function]

 # [DEF:get_repository_status:Function]
 # @PURPOSE: Get current Git status for a dashboard repository.
-# @PRE: `dashboard_id` repository exists.
-# @POST: Returns the status of the working directory (staged, unstaged, untracked).
+# @PRE: `dashboard_id` is a valid integer.
+# @POST: Returns repository status; if repo is not initialized, returns `NO_REPO` payload.
 # @PARAM: dashboard_id (int)
 # @RETURN: dict
@router.get("/repositories/{dashboard_id}/status")
@@ -370,11 +460,57 @@ async def get_repository_status(
 ):
    with belief_scope("get_repository_status"):
        try:
-            return git_service.get_status(dashboard_id)
+            return _resolve_repository_status(dashboard_id)
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("get_repository_status", e)
 # [/DEF:get_repository_status:Function]

+
+# [DEF:get_repository_status_batch:Function]
+# @PURPOSE: Get Git statuses for multiple dashboard repositories in one request.
+# @PRE: `request.dashboard_ids` is provided.
+# @POST: Returns `statuses` map where each key is dashboard ID and value is repository status payload.
+# @PARAM: request (RepoStatusBatchRequest)
+# @RETURN: RepoStatusBatchResponse
+@router.post("/repositories/status/batch", response_model=RepoStatusBatchResponse)
+async def get_repository_status_batch(
+    request: RepoStatusBatchRequest,
+    _ = Depends(has_permission("plugin:git", "EXECUTE"))
+):
+    with belief_scope("get_repository_status_batch"):
+        dashboard_ids = list(dict.fromkeys(request.dashboard_ids))
+        if len(dashboard_ids) > MAX_REPOSITORY_STATUS_BATCH:
+            logger.warning(
+                "[get_repository_status_batch][Action] Batch size %s exceeds limit %s. Truncating request.",
+                len(dashboard_ids),
+                MAX_REPOSITORY_STATUS_BATCH,
+            )
+            dashboard_ids = dashboard_ids[:MAX_REPOSITORY_STATUS_BATCH]
+
+        statuses = {}
+        for dashboard_id in dashboard_ids:
+            try:
+                statuses[str(dashboard_id)] = _resolve_repository_status(dashboard_id)
+            except HTTPException:
+                statuses[str(dashboard_id)] = {
+                    **_build_no_repo_status_payload(),
+                    "sync_state": "ERROR",
+                    "sync_status": "ERROR",
+                }
+            except Exception as e:
+                logger.error(
+                    f"[get_repository_status_batch][Coherence:Failed] Failed for dashboard {dashboard_id}: {e}"
+                )
+                statuses[str(dashboard_id)] = {
+                    **_build_no_repo_status_payload(),
+                    "sync_state": "ERROR",
+                    "sync_status": "ERROR",
+                }
+        return RepoStatusBatchResponse(statuses=statuses)
+# [/DEF:get_repository_status_batch:Function]
+
 # [DEF:get_repository_diff:Function]
 # @PURPOSE: Get Git diff for a dashboard repository.
 # @PRE: `dashboard_id` repository exists.
@@ -394,8 +530,10 @@ async def get_repository_diff(
        try:
            diff_text = git_service.get_diff(dashboard_id, file_path, staged)
            return diff_text
+        except HTTPException:
+            raise
        except Exception as e:
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("get_repository_diff", e)
 # [/DEF:get_repository_diff:Function]

 # [DEF:generate_commit_message:Function]
@@ -406,6 +544,7 @@ async def get_repository_diff(
 async def generate_commit_message(
    dashboard_id: int,
    db: Session = Depends(get_db),
+    config_manager = Depends(get_config_manager),
    _ = Depends(has_permission("plugin:git", "EXECUTE"))
 ):
    with belief_scope("generate_commit_message"):
@@ -429,7 +568,11 @@ async def generate_commit_message(
            
            llm_service = LLMProviderService(db)
            providers = llm_service.get_all_providers()
-            provider = next((p for p in providers if p.is_active), None)
+            llm_settings = normalize_llm_settings(config_manager.get_config().settings.llm)
+            bound_provider_id = resolve_bound_provider_id(llm_settings, "git_commit")
+            provider = next((p for p in providers if p.id == bound_provider_id), None)
+            if not provider:
+                provider = next((p for p in providers if p.is_active), None)
            
            if not provider:
                raise HTTPException(status_code=400, detail="No active LLM provider found")
@@ -445,12 +588,21 @@ async def generate_commit_message(
            # 4. Generate Message
            from ...plugins.git.llm_extension import GitLLMExtension
            extension = GitLLMExtension(client)
-            message = await extension.suggest_commit_message(diff, history)
+            git_prompt = llm_settings["prompts"].get(
+                "git_commit_prompt",
+                DEFAULT_LLM_PROMPTS["git_commit_prompt"],
+            )
+            message = await extension.suggest_commit_message(
+                diff,
+                history,
+                prompt_template=git_prompt,
+            )
            
            return {"message": message}
+        except HTTPException:
+            raise
        except Exception as e:
-            logger.error(f"Failed to generate commit message: {e}")
-            raise HTTPException(status_code=400, detail=str(e))
+            _handle_unexpected_git_route_error("generate_commit_message", e)
 # [/DEF:generate_commit_message:Function]

-# [/DEF:backend.src.api.routes.git:Module]
+# [/DEF:backend.src.api.routes.git:Module]
--- a/backend/src/api/routes/git_schemas.py
+++ b/backend/src/api/routes/git_schemas.py
@@ -9,7 +9,7 @@
 # @INVARIANT: All schemas must be compatible with the FastAPI router.

 from pydantic import BaseModel, Field
-from typing import List, Optional
+from typing import Any, Dict, List, Optional
 from datetime import datetime
 from src.models.git import GitProvider, GitStatus, SyncStatus

@@ -141,4 +141,17 @@ class RepoInitRequest(BaseModel):
    remote_url: str
 # [/DEF:RepoInitRequest:Class]

-# [/DEF:backend.src.api.routes.git_schemas:Module]
+# [DEF:RepoStatusBatchRequest:Class]
+# @PURPOSE: Schema for requesting repository statuses for multiple dashboards in a single call.
+class RepoStatusBatchRequest(BaseModel):
+    dashboard_ids: List[int] = Field(default_factory=list, description="Dashboard IDs to resolve repository statuses for")
+# [/DEF:RepoStatusBatchRequest:Class]
+
+
+# [DEF:RepoStatusBatchResponse:Class]
+# @PURPOSE: Schema for returning repository statuses keyed by dashboard ID.
+class RepoStatusBatchResponse(BaseModel):
+    statuses: Dict[str, Dict[str, Any]]
+# [/DEF:RepoStatusBatchResponse:Class]
+
+# [/DEF:backend.src.api.routes.git_schemas:Module]
--- a/backend/src/api/routes/llm.py
+++ b/backend/src/api/routes/llm.py
@@ -5,7 +5,7 @@
 # @LAYER: UI (API)

 from fastapi import APIRouter, Depends, HTTPException, status
-from typing import List
+from typing import List, Optional
 from ...core.logger import logger
 from ...schemas.auth import User
 from ...dependencies import get_current_user as get_current_active_user
@@ -19,6 +19,20 @@ from sqlalchemy.orm import Session
 router = APIRouter(tags=["LLM"])
 # [/DEF:router:Global]

+
+# [DEF:_is_valid_runtime_api_key:Function]
+# @PURPOSE: Validate decrypted runtime API key presence/shape.
+# @PRE: value can be None.
+# @POST: Returns True only for non-placeholder key.
+def _is_valid_runtime_api_key(value: Optional[str]) -> bool:
+    key = (value or "").strip()
+    if not key:
+        return False
+    if key in {"********", "EMPTY_OR_NONE"}:
+        return False
+    return len(key) >= 16
+# [/DEF:_is_valid_runtime_api_key:Function]
+
 # [DEF:get_providers:Function]
 # @PURPOSE: Retrieve all LLM provider configurations.
 # @PRE: User is authenticated.
@@ -47,6 +61,37 @@ async def get_providers(
    ]
 # [/DEF:get_providers:Function]

+
+# [DEF:get_llm_status:Function]
+# @PURPOSE: Returns whether LLM runtime is configured for dashboard validation.
+# @PRE: User is authenticated.
+# @POST: configured=true only when an active provider with valid decrypted key exists.
+@router.get("/status")
+async def get_llm_status(
+    current_user: User = Depends(get_current_active_user),
+    db: Session = Depends(get_db)
+):
+    service = LLMProviderService(db)
+    providers = service.get_all_providers()
+    active_provider = next((p for p in providers if p.is_active), None)
+
+    if not active_provider:
+        return {"configured": False, "reason": "no_active_provider"}
+
+    api_key = service.get_decrypted_api_key(active_provider.id)
+    if not _is_valid_runtime_api_key(api_key):
+        return {"configured": False, "reason": "invalid_api_key"}
+
+    return {
+        "configured": True,
+        "reason": "ok",
+        "provider_id": active_provider.id,
+        "provider_name": active_provider.name,
+        "provider_type": active_provider.provider_type,
+        "default_model": active_provider.default_model,
+    }
+# [/DEF:get_llm_status:Function]
+
 # [DEF:create_provider:Function]
 # @PURPOSE: Create a new LLM provider configuration.
 # @PRE: User is authenticated and has admin permissions.
@@ -204,4 +249,4 @@ async def test_provider_config(
        return {"success": False, "error": str(e)}
 # [/DEF:test_provider_config:Function]

-# [/DEF:backend/src/api/routes/llm.py]
+# [/DEF:backend/src/api/routes/llm.py]
--- a/backend/src/api/routes/mappings.py
+++ b/backend/src/api/routes/mappings.py
@@ -31,6 +31,7 @@ class MappingCreate(BaseModel):
    target_db_uuid: str
    source_db_name: str
    target_db_name: str
+    engine: Optional[str] = None
 # [/DEF:MappingCreate:DataClass]

 # [DEF:MappingResponse:DataClass]
@@ -42,6 +43,7 @@ class MappingResponse(BaseModel):
    target_db_uuid: str
    source_db_name: str
    target_db_name: str
+    engine: Optional[str] = None

    class Config:
        from_attributes = True
@@ -94,6 +96,7 @@ async def create_mapping(
        if existing:
            existing.target_db_uuid = mapping.target_db_uuid
            existing.target_db_name = mapping.target_db_name
+            existing.engine = mapping.engine
            db.commit()
            db.refresh(existing)
            return existing
--- a/backend/src/api/routes/migration.py
+++ b/backend/src/api/routes/migration.py
@@ -6,12 +6,17 @@
 # @RELATION:  DEPENDS_ON -> backend.src.dependencies
 # @RELATION:  DEPENDS_ON -> backend.src.models.dashboard

-from fastapi import APIRouter, Depends, HTTPException
-from typing import List
+from fastapi import APIRouter, Depends, HTTPException, Query
+from typing import List, Dict, Any, Optional
+from sqlalchemy.orm import Session
 from ...dependencies import get_config_manager, get_task_manager, has_permission
+from ...core.database import get_db
 from ...models.dashboard import DashboardMetadata, DashboardSelection
 from ...core.superset_client import SupersetClient
 from ...core.logger import belief_scope
+from ...core.migration.dry_run_orchestrator import MigrationDryRunService
+from ...core.mapping_service import IdMappingService
+from ...models.mapping import ResourceMapping

 router = APIRouter(prefix="/api", tags=["migration"])

@@ -44,7 +49,7 @@ async def get_dashboards(
 # @POST:    Starts the migration task and returns the task ID.
 # @PARAM:   selection (DashboardSelection) - The dashboards to migrate.
 # @RETURN:  Dict - {"task_id": str, "message": str}
-@router.post("/execute")
+@router.post("/migration/execute")
 async def execute_migration(
    selection: DashboardSelection,
    config_manager=Depends(get_config_manager),
@@ -61,9 +66,10 @@ async def execute_migration(
    # Create migration task with debug logging
    from ...core.logger import logger
    
-    # Include replace_db_config in the task parameters
+    # Include replace_db_config and fix_cross_filters in the task parameters
    task_params = selection.dict()
    task_params['replace_db_config'] = selection.replace_db_config
+    task_params['fix_cross_filters'] = selection.fix_cross_filters
    
    logger.info(f"Creating migration task with params: {task_params}")
    logger.info(f"Available environments: {env_ids}")
@@ -78,4 +84,180 @@ async def execute_migration(
        raise HTTPException(status_code=500, detail=f"Failed to create migration task: {str(e)}")
 # [/DEF:execute_migration:Function]

-# [/DEF:backend.src.api.routes.migration:Module]
+
+# [DEF:dry_run_migration:Function]
+# @PURPOSE: Build pre-flight diff and risk summary without applying migration.
+# @PRE: Selection and environments are valid.
+# @POST: Returns deterministic JSON diff and risk scoring.
+@router.post("/migration/dry-run", response_model=Dict[str, Any])
+async def dry_run_migration(
+    selection: DashboardSelection,
+    config_manager=Depends(get_config_manager),
+    db: Session = Depends(get_db),
+    _ = Depends(has_permission("plugin:migration", "EXECUTE"))
+):
+    with belief_scope("dry_run_migration"):
+        environments = config_manager.get_environments()
+    env_map = {env.id: env for env in environments}
+    source_env = env_map.get(selection.source_env_id)
+    target_env = env_map.get(selection.target_env_id)
+    if not source_env or not target_env:
+        raise HTTPException(status_code=400, detail="Invalid source or target environment")
+    if selection.source_env_id == selection.target_env_id:
+        raise HTTPException(status_code=400, detail="Source and target environments must be different")
+    if not selection.selected_ids:
+        raise HTTPException(status_code=400, detail="No dashboards selected for dry run")
+
+    service = MigrationDryRunService()
+    source_client = SupersetClient(source_env)
+    target_client = SupersetClient(target_env)
+    try:
+        return service.run(
+            selection=selection,
+            source_client=source_client,
+            target_client=target_client,
+            db=db,
+        )
+    except ValueError as exc:
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+# [/DEF:dry_run_migration:Function]
+
+# [DEF:get_migration_settings:Function]
+# @PURPOSE: Get current migration Cron string explicitly.
+@router.get("/migration/settings", response_model=Dict[str, str])
+async def get_migration_settings(
+    config_manager=Depends(get_config_manager),
+    _ = Depends(has_permission("plugin:migration", "READ"))
+):
+    with belief_scope("get_migration_settings"):
+        config = config_manager.get_config()
+        cron = config.settings.migration_sync_cron
+        return {"cron": cron}
+# [/DEF:get_migration_settings:Function]
+
+# [DEF:update_migration_settings:Function]
+# @PURPOSE: Update migration Cron string.
+@router.put("/migration/settings", response_model=Dict[str, str])
+async def update_migration_settings(
+    payload: Dict[str, str],
+    config_manager=Depends(get_config_manager),
+    _ = Depends(has_permission("plugin:migration", "WRITE"))
+):
+    with belief_scope("update_migration_settings"):
+        if "cron" not in payload:
+            raise HTTPException(status_code=400, detail="Missing 'cron' field in payload")
+        
+        cron_expr = payload["cron"]
+        
+        config = config_manager.get_config()
+        config.settings.migration_sync_cron = cron_expr
+        config_manager.save_config(config)
+        
+        return {"cron": cron_expr, "status": "updated"}
+# [/DEF:update_migration_settings:Function]
+
+# [DEF:get_resource_mappings:Function]
+# @PURPOSE: Fetch synchronized object mappings with search, filtering, and pagination.
+@router.get("/migration/mappings-data", response_model=Dict[str, Any])
+async def get_resource_mappings(
+    skip: int = Query(0, ge=0),
+    limit: int = Query(50, ge=1, le=500),
+    search: Optional[str] = Query(None, description="Search by resource name or UUID"),
+    env_id: Optional[str] = Query(None, description="Filter by environment ID"),
+    resource_type: Optional[str] = Query(None, description="Filter by resource type"),
+    db: Session = Depends(get_db),
+    _ = Depends(has_permission("plugin:migration", "READ"))
+):
+    with belief_scope("get_resource_mappings"):
+        query = db.query(ResourceMapping)
+        
+        if env_id:
+            query = query.filter(ResourceMapping.environment_id == env_id)
+        
+        if resource_type:
+            query = query.filter(ResourceMapping.resource_type == resource_type.upper())
+        
+        if search:
+            search_term = f"%{search}%"
+            query = query.filter(
+                (ResourceMapping.resource_name.ilike(search_term)) |
+                (ResourceMapping.uuid.ilike(search_term))
+            )
+        
+        total = query.count()
+        mappings = query.order_by(ResourceMapping.resource_type, ResourceMapping.resource_name).offset(skip).limit(limit).all()
+        
+        items = []
+        for m in mappings:
+            items.append({
+                "id": m.id,
+                "environment_id": m.environment_id,
+                "resource_type": m.resource_type.value if m.resource_type else None,
+                "uuid": m.uuid,
+                "remote_id": m.remote_integer_id,
+                "resource_name": m.resource_name,
+                "last_synced_at": m.last_synced_at.isoformat() if m.last_synced_at else None
+            })
+        
+        return {"items": items, "total": total}
+# [/DEF:get_resource_mappings:Function]
+
+# [DEF:trigger_sync_now:Function]
+# @PURPOSE: Triggers an immediate ID synchronization for all environments.
+# @PRE:     At least one environment must be configured.
+# @POST:    Environment rows are ensured in DB; sync_environment is called for each.
+@router.post("/migration/sync-now", response_model=Dict[str, Any])
+async def trigger_sync_now(
+    config_manager=Depends(get_config_manager),
+    db: Session = Depends(get_db),
+    _ = Depends(has_permission("plugin:migration", "EXECUTE"))
+):
+    with belief_scope("trigger_sync_now"):
+        from ...core.logger import logger
+        from ...models.mapping import Environment as EnvironmentModel
+        
+        config = config_manager.get_config()
+        environments = config.environments
+        
+        if not environments:
+            raise HTTPException(status_code=400, detail="No environments configured")
+        
+        # Ensure each environment exists in DB (upsert) to satisfy FK constraints
+        for env in environments:
+            existing = db.query(EnvironmentModel).filter_by(id=env.id).first()
+            if not existing:
+                db_env = EnvironmentModel(
+                    id=env.id,
+                    name=env.name,
+                    url=env.url,
+                    credentials_id=env.id,  # Use env.id as credentials reference
+                )
+                db.add(db_env)
+                logger.info(f"[trigger_sync_now][Action] Created environment row for {env.id}")
+            else:
+                existing.name = env.name
+                existing.url = env.url
+        db.commit()
+        
+        service = IdMappingService(db)
+        results = {"synced": [], "failed": []}
+        
+        for env in environments:
+            try:
+                client = SupersetClient(env)
+                service.sync_environment(env.id, client)
+                results["synced"].append(env.id)
+                logger.info(f"[trigger_sync_now][Action] Synced environment {env.id}")
+            except Exception as e:
+                results["failed"].append({"env_id": env.id, "error": str(e)})
+                logger.error(f"[trigger_sync_now][Error] Failed to sync {env.id}: {e}")
+        
+        return {
+            "status": "completed",
+            "synced_count": len(results["synced"]),
+            "failed_count": len(results["failed"]),
+            "details": results
+        }
+# [/DEF:trigger_sync_now:Function]
+
+# [/DEF:backend.src.api.routes.migration:Module]
--- a/backend/src/api/routes/reports.py
+++ b/backend/src/api/routes/reports.py
@@ -0,0 +1,146 @@
+# [DEF:ReportsRouter:Module]
+# @TIER: CRITICAL
+# @SEMANTICS: api, reports, list, detail, pagination, filters
+# @PURPOSE: FastAPI router for unified task report list and detail retrieval endpoints.
+# @LAYER: UI (API)
+# @RELATION: DEPENDS_ON -> backend.src.services.reports.report_service.ReportsService
+# @RELATION: DEPENDS_ON -> backend.src.dependencies
+# @INVARIANT: Endpoints are read-only and do not trigger long-running tasks.
+
+# [SECTION: IMPORTS]
+from datetime import datetime
+from typing import List, Optional
+
+from fastapi import APIRouter, Depends, HTTPException, Query, status
+
+from ...dependencies import get_task_manager, has_permission
+from ...core.task_manager import TaskManager
+from ...core.logger import belief_scope
+from ...models.report import ReportCollection, ReportDetailView, ReportQuery, ReportStatus, TaskType
+from ...services.reports.report_service import ReportsService
+# [/SECTION]
+
+router = APIRouter(prefix="/api/reports", tags=["Reports"])
+
+
+# [DEF:_parse_csv_enum_list:Function]
+# @PURPOSE: Parse comma-separated query value into enum list.
+# @PRE: raw may be None/empty or comma-separated values.
+# @POST: Returns enum list or raises HTTP 400 with deterministic machine-readable payload.
+# @PARAM: raw (Optional[str]) - Comma-separated enum values.
+# @PARAM: enum_cls (type) - Enum class for validation.
+# @PARAM: field_name (str) - Query field name for diagnostics.
+# @RETURN: List - Parsed enum values.
+def _parse_csv_enum_list(raw: Optional[str], enum_cls, field_name: str) -> List:
+    with belief_scope("_parse_csv_enum_list"):
+        if raw is None or not raw.strip():
+            return []
+        values = [item.strip() for item in raw.split(",") if item.strip()]
+        parsed = []
+        invalid = []
+        for value in values:
+            try:
+                parsed.append(enum_cls(value))
+            except ValueError:
+                invalid.append(value)
+        if invalid:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail={
+                    "message": f"Invalid values for '{field_name}'",
+                    "field": field_name,
+                    "invalid_values": invalid,
+                    "allowed_values": [item.value for item in enum_cls],
+                },
+            )
+        return parsed
+# [/DEF:_parse_csv_enum_list:Function]
+
+
+# [DEF:list_reports:Function]
+# @PURPOSE: Return paginated unified reports list.
+# @PRE: authenticated/authorized request and validated query params.
+# @POST: returns {items,total,page,page_size,has_next,applied_filters}.
+# @POST: deterministic error payload for invalid filters.
+#
+# @TEST_CONTRACT: ListReportsApi ->
+# {
+#   required_fields: {page: int, page_size: int, sort_by: str, sort_order: str},
+#   optional_fields: {task_types: str, statuses: str, search: str},
+#   invariants: [
+#       "Returns ReportCollection on success",
+#       "Raises HTTPException 400 for invalid query parameters"
+#   ]
+# }
+# @TEST_FIXTURE: valid_list_request -> {"page": 1, "page_size": 20}
+# @TEST_EDGE: invalid_task_type_filter -> raises HTTPException(400)
+# @TEST_EDGE: malformed_query -> raises HTTPException(400)
+# @TEST_INVARIANT: consistent_list_payload -> verifies: [valid_list_request]
+@router.get("", response_model=ReportCollection)
+async def list_reports(
+    page: int = Query(1, ge=1),
+    page_size: int = Query(20, ge=1, le=100),
+    task_types: Optional[str] = Query(None, description="Comma-separated task types"),
+    statuses: Optional[str] = Query(None, description="Comma-separated statuses"),
+    time_from: Optional[datetime] = Query(None),
+    time_to: Optional[datetime] = Query(None),
+    search: Optional[str] = Query(None, max_length=200),
+    sort_by: str = Query("updated_at"),
+    sort_order: str = Query("desc"),
+    task_manager: TaskManager = Depends(get_task_manager),
+    _=Depends(has_permission("tasks", "READ")),
+):
+    with belief_scope("list_reports"):
+        try:
+            parsed_task_types = _parse_csv_enum_list(task_types, TaskType, "task_types")
+            parsed_statuses = _parse_csv_enum_list(statuses, ReportStatus, "statuses")
+            query = ReportQuery(
+                page=page,
+                page_size=page_size,
+                task_types=parsed_task_types,
+                statuses=parsed_statuses,
+                time_from=time_from,
+                time_to=time_to,
+                search=search,
+                sort_by=sort_by,
+                sort_order=sort_order,
+            )
+        except HTTPException:
+            raise
+        except Exception as exc:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail={
+                    "message": "Invalid query parameters",
+                    "code": "INVALID_REPORT_QUERY",
+                    "reason": str(exc),
+                },
+            )
+
+        service = ReportsService(task_manager)
+        return service.list_reports(query)
+# [/DEF:list_reports:Function]
+
+
+# [DEF:get_report_detail:Function]
+# @PURPOSE: Return one normalized report detail with diagnostics and next actions.
+# @PRE: authenticated/authorized request and existing report_id.
+# @POST: returns normalized detail envelope or 404 when report is not found.
+@router.get("/{report_id}", response_model=ReportDetailView)
+async def get_report_detail(
+    report_id: str,
+    task_manager: TaskManager = Depends(get_task_manager),
+    _=Depends(has_permission("tasks", "READ")),
+):
+    with belief_scope("get_report_detail", f"report_id={report_id}"):
+        service = ReportsService(task_manager)
+        detail = service.get_report_detail(report_id)
+        if not detail:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail={"message": "Report not found", "code": "REPORT_NOT_FOUND"},
+            )
+        return detail
+# [/DEF:get_report_detail:Function]
+
+# [/DEF:ReportsRouter:Module]
--- a/backend/src/api/routes/settings.py
+++ b/backend/src/api/routes/settings.py
@@ -16,9 +16,10 @@ from pydantic import BaseModel
 from ...core.config_models import AppConfig, Environment, GlobalSettings, LoggingConfig
 from ...models.storage import StorageConfig
 from ...dependencies import get_config_manager, has_permission
-from ...core.config_manager import ConfigManager
-from ...core.logger import logger, belief_scope
-from ...core.superset_client import SupersetClient
+from ...core.config_manager import ConfigManager
+from ...core.logger import logger, belief_scope
+from ...core.superset_client import SupersetClient
+from ...services.llm_prompt_templates import normalize_llm_settings
 # [/SECTION]

 # [DEF:LoggingConfigResponse:Class]
@@ -38,13 +39,14 @@ router = APIRouter()
 # @POST:    Returns masked AppConfig.
 # @RETURN: AppConfig - The current configuration.
@router.get("", response_model=AppConfig)
-async def get_settings(
+async def get_settings(
    config_manager: ConfigManager = Depends(get_config_manager),
    _ = Depends(has_permission("admin:settings", "READ"))
 ):
    with belief_scope("get_settings"):
        logger.info("[get_settings][Entry] Fetching all settings")
-    config = config_manager.get_config().copy(deep=True)
+    config = config_manager.get_config().copy(deep=True)
+    config.settings.llm = normalize_llm_settings(config.settings.llm)
    # Mask passwords
    for env in config.environments:
        if env.password:
@@ -279,7 +281,7 @@ async def update_logging_config(
 # [/DEF:update_logging_config:Function]

 # [DEF:ConsolidatedSettingsResponse:Class]
-class ConsolidatedSettingsResponse(BaseModel):
+class ConsolidatedSettingsResponse(BaseModel):
    environments: List[dict]
    connections: List[dict]
    llm: dict
@@ -294,7 +296,7 @@ class ConsolidatedSettingsResponse(BaseModel):
 # @POST:    Returns all consolidated settings.
 # @RETURN: ConsolidatedSettingsResponse - All settings categories.
@router.get("/consolidated", response_model=ConsolidatedSettingsResponse)
-async def get_consolidated_settings(
+async def get_consolidated_settings(
    config_manager: ConfigManager = Depends(get_config_manager),
    _ = Depends(has_permission("admin:settings", "READ"))
 ):
@@ -323,14 +325,16 @@ async def get_consolidated_settings(
        finally:
            db.close()

-        return ConsolidatedSettingsResponse(
-            environments=[env.dict() for env in config.environments],
-            connections=config.settings.connections,
-            llm=config.settings.llm,
-            llm_providers=llm_providers_list,
-            logging=config.settings.logging.dict(),
-            storage=config.settings.storage.dict()
-        )
+        normalized_llm = normalize_llm_settings(config.settings.llm)
+
+        return ConsolidatedSettingsResponse(
+            environments=[env.dict() for env in config.environments],
+            connections=config.settings.connections,
+            llm=normalized_llm,
+            llm_providers=llm_providers_list,
+            logging=config.settings.logging.dict(),
+            storage=config.settings.storage.dict()
+        )
 # [/DEF:get_consolidated_settings:Function]

 # [DEF:update_consolidated_settings:Function]
@@ -353,9 +357,9 @@ async def update_consolidated_settings(
        if "connections" in settings_patch:
            current_settings.connections = settings_patch["connections"]
            
-        # Update LLM if provided
-        if "llm" in settings_patch:
-            current_settings.llm = settings_patch["llm"]
+        # Update LLM if provided
+        if "llm" in settings_patch:
+            current_settings.llm = normalize_llm_settings(settings_patch["llm"])
            
        # Update Logging if provided
        if "logging" in settings_patch:
--- a/backend/src/api/routes/storage.py
+++ b/backend/src/api/routes/storage.py
@@ -36,6 +36,7 @@ router = APIRouter(tags=["storage"])
 async def list_files(
    category: Optional[FileCategory] = None,
    path: Optional[str] = None,
+    recursive: bool = False,
    plugin_loader=Depends(get_plugin_loader),
    _ = Depends(has_permission("plugin:storage", "READ"))
 ):
@@ -43,7 +44,7 @@ async def list_files(
        storage_plugin: StoragePlugin = plugin_loader.get_plugin("storage-manager")
        if not storage_plugin:
            raise HTTPException(status_code=500, detail="Storage plugin not loaded")
-        return storage_plugin.list_files(category, path)
+        return storage_plugin.list_files(category, path, recursive)
 # [/DEF:list_files:Function]

 # [DEF:upload_file:Function]
@@ -143,4 +144,46 @@ async def download_file(
            raise HTTPException(status_code=400, detail=str(e))
 # [/DEF:download_file:Function]

-# [/DEF:storage_routes:Module]
+# [DEF:get_file_by_path:Function]
+# @PURPOSE: Retrieve a file by validated absolute/relative path under storage root.
+#
+# @PRE: path must resolve under configured storage root.
+# @POST: Returns a FileResponse for existing files.
+#
+# @PARAM: path (str) - Absolute or storage-root-relative file path.
+# @RETURN: FileResponse - The file content.
+#
+# @RELATION:    CALLS -> StoragePlugin.get_storage_root
+# @RELATION:    CALLS -> StoragePlugin.validate_path
+@router.get("/file")
+async def get_file_by_path(
+    path: str,
+    plugin_loader=Depends(get_plugin_loader),
+    _ = Depends(has_permission("plugin:storage", "READ"))
+):
+    with belief_scope("get_file_by_path"):
+        storage_plugin: StoragePlugin = plugin_loader.get_plugin("storage-manager")
+        if not storage_plugin:
+            raise HTTPException(status_code=500, detail="Storage plugin not loaded")
+
+        requested_path = (path or "").strip()
+        if not requested_path:
+            raise HTTPException(status_code=400, detail="Path is required")
+
+        try:
+            candidate = Path(requested_path)
+            if candidate.is_absolute():
+                abs_path = storage_plugin.validate_path(candidate)
+            else:
+                storage_root = storage_plugin.get_storage_root()
+                abs_path = storage_plugin.validate_path(storage_root / candidate)
+        except ValueError as e:
+            raise HTTPException(status_code=400, detail=str(e))
+
+        if not abs_path.exists() or not abs_path.is_file():
+            raise HTTPException(status_code=404, detail="File not found")
+
+        return FileResponse(path=str(abs_path), filename=abs_path.name)
+# [/DEF:get_file_by_path:Function]
+
+# [/DEF:storage_routes:Module]
--- a/backend/src/api/routes/tasks.py
+++ b/backend/src/api/routes/tasks.py
@@ -4,18 +4,30 @@
 # @PURPOSE: Defines the FastAPI router for task-related endpoints, allowing clients to create, list, and get the status of tasks.
 # @LAYER: UI (API)
 # @RELATION: Depends on the TaskManager. It is included by the main app.
-from typing import List, Dict, Any, Optional
+from typing import List, Dict, Any, Optional
 from fastapi import APIRouter, Depends, HTTPException, status, Query
 from pydantic import BaseModel
 from ...core.logger import belief_scope

-from ...core.task_manager import TaskManager, Task, TaskStatus, LogEntry
-from ...core.task_manager.models import LogFilter, LogStats
-from ...dependencies import get_task_manager, has_permission, get_current_user
+from ...core.task_manager import TaskManager, Task, TaskStatus, LogEntry
+from ...core.task_manager.models import LogFilter, LogStats
+from ...dependencies import get_task_manager, has_permission, get_current_user, get_config_manager
+from ...core.config_manager import ConfigManager
+from ...services.llm_prompt_templates import (
+    is_multimodal_model,
+    normalize_llm_settings,
+    resolve_bound_provider_id,
+)

-router = APIRouter()
-
-class CreateTaskRequest(BaseModel):
+router = APIRouter()
+
+TASK_TYPE_PLUGIN_MAP = {
+    "llm_validation": ["llm_dashboard_validation"],
+    "backup": ["superset-backup"],
+    "migration": ["superset-migration"],
+}
+
+class CreateTaskRequest(BaseModel):
    plugin_id: str
    params: Dict[str, Any]

@@ -33,32 +45,54 @@ class ResumeTaskRequest(BaseModel):
 # @PRE: plugin_id must exist and params must be valid for that plugin.
 # @POST: A new task is created and started.
 # @RETURN: Task - The created task instance.
-async def create_task(
-    request: CreateTaskRequest,
-    task_manager: TaskManager = Depends(get_task_manager),
-    current_user = Depends(get_current_user)
-):
+async def create_task(
+    request: CreateTaskRequest,
+    task_manager: TaskManager = Depends(get_task_manager),
+    current_user = Depends(get_current_user),
+    config_manager: ConfigManager = Depends(get_config_manager),
+):
    # Dynamic permission check based on plugin_id
    has_permission(f"plugin:{request.plugin_id}", "EXECUTE")(current_user)
    """
    Create and start a new task for a given plugin.
    """
    with belief_scope("create_task"):
-        try:
-            # Special handling for validation task to include provider config
-            if request.plugin_id == "llm_dashboard_validation":
-                from ...core.database import SessionLocal
-                from ...services.llm_provider import LLMProviderService
-                db = SessionLocal()
-                try:
-                    llm_service = LLMProviderService(db)
-                    provider_id = request.params.get("provider_id")
-                    if provider_id:
-                        db_provider = llm_service.get_provider(provider_id)
-                        if not db_provider:
-                            raise ValueError(f"LLM Provider {provider_id} not found")
-                finally:
-                    db.close()
+        try:
+            # Special handling for LLM tasks to resolve provider config by task binding.
+            if request.plugin_id in {"llm_dashboard_validation", "llm_documentation"}:
+                from ...core.database import SessionLocal
+                from ...services.llm_provider import LLMProviderService
+                db = SessionLocal()
+                try:
+                    llm_service = LLMProviderService(db)
+                    provider_id = request.params.get("provider_id")
+                    if not provider_id:
+                        llm_settings = normalize_llm_settings(config_manager.get_config().settings.llm)
+                        binding_key = "dashboard_validation" if request.plugin_id == "llm_dashboard_validation" else "documentation"
+                        provider_id = resolve_bound_provider_id(llm_settings, binding_key)
+                        if provider_id:
+                            request.params["provider_id"] = provider_id
+                    if not provider_id:
+                        providers = llm_service.get_all_providers()
+                        active_provider = next((p for p in providers if p.is_active), None)
+                        if active_provider:
+                            provider_id = active_provider.id
+                            request.params["provider_id"] = provider_id
+
+                    if provider_id:
+                        db_provider = llm_service.get_provider(provider_id)
+                        if not db_provider:
+                            raise ValueError(f"LLM Provider {provider_id} not found")
+                        if request.plugin_id == "llm_dashboard_validation" and not is_multimodal_model(
+                            db_provider.default_model,
+                            db_provider.provider_type,
+                        ):
+                            raise HTTPException(
+                                status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+                                detail="Selected provider model is not multimodal for dashboard validation",
+                            )
+                finally:
+                    db.close()

            task = await task_manager.create_task(
                plugin_id=request.plugin_id,
@@ -79,18 +113,36 @@ async def create_task(
 # @PRE: task_manager must be available.
 # @POST: Returns a list of tasks.
 # @RETURN: List[Task] - List of tasks.
-async def list_tasks(
-    limit: int = 10,
-    offset: int = 0,
-    status: Optional[TaskStatus] = None,
-    task_manager: TaskManager = Depends(get_task_manager),
-    _ = Depends(has_permission("tasks", "READ"))
-):
-    """
-    Retrieve a list of tasks with pagination and optional status filter.
-    """
-    with belief_scope("list_tasks"):
-        return task_manager.get_tasks(limit=limit, offset=offset, status=status)
+async def list_tasks(
+    limit: int = 10,
+    offset: int = 0,
+    status_filter: Optional[TaskStatus] = Query(None, alias="status"),
+    task_type: Optional[str] = Query(None, description="Task category: llm_validation, backup, migration"),
+    plugin_id: Optional[List[str]] = Query(None, description="Filter by plugin_id (repeatable query param)"),
+    completed_only: bool = Query(False, description="Return only completed tasks (SUCCESS/FAILED)"),
+    task_manager: TaskManager = Depends(get_task_manager),
+    _ = Depends(has_permission("tasks", "READ"))
+):
+    """
+    Retrieve a list of tasks with pagination and optional status filter.
+    """
+    with belief_scope("list_tasks"):
+        plugin_filters = list(plugin_id) if plugin_id else []
+        if task_type:
+            if task_type not in TASK_TYPE_PLUGIN_MAP:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=f"Unsupported task_type '{task_type}'. Allowed: {', '.join(TASK_TYPE_PLUGIN_MAP.keys())}"
+                )
+            plugin_filters.extend(TASK_TYPE_PLUGIN_MAP[task_type])
+
+        return task_manager.get_tasks(
+            limit=limit,
+            offset=offset,
+            status=status_filter,
+            plugin_ids=plugin_filters or None,
+            completed_only=completed_only
+        )
 # [/DEF:list_tasks:Function]

@router.get("/{task_id}", response_model=Task)
@@ -276,4 +328,4 @@ async def clear_tasks(
        task_manager.clear_tasks(status)
        return
 # [/DEF:clear_tasks:Function]
-# [/DEF:TasksRouter:Module]
+# [/DEF:TasksRouter:Module]
--- a/backend/src/app.py
+++ b/backend/src/app.py
@@ -21,7 +21,7 @@ import asyncio
 from .dependencies import get_task_manager, get_scheduler_service
 from .core.utils.network import NetworkError
 from .core.logger import logger, belief_scope
-from .api.routes import plugins, tasks, settings, environments, mappings, migration, connections, git, storage, admin, llm, dashboards, datasets
+from .api.routes import plugins, tasks, settings, environments, mappings, migration, connections, git, storage, admin, llm, dashboards, datasets, reports, assistant
 from .api import auth

 # [DEF:App:Global]
@@ -72,12 +72,12 @@ app.add_middleware(
 )


-# [DEF:log_requests:Function]
-# @PURPOSE: Middleware to log incoming HTTP requests and their response status.
+# [DEF:network_error_handler:Function]
+# @PURPOSE: Global exception handler for NetworkError.
 # @PRE: request is a FastAPI Request object.
-# @POST: Logs request and response details.
+# @POST: Returns 503 HTTP Exception.
 # @PARAM: request (Request) - The incoming request object.
-# @PARAM: call_next (Callable) - The next middleware or route handler.
+# @PARAM: exc (NetworkError) - The exception instance.
@app.exception_handler(NetworkError)
 async def network_error_handler(request: Request, exc: NetworkError):
    with belief_scope("network_error_handler"):
@@ -86,26 +86,34 @@ async def network_error_handler(request: Request, exc: NetworkError):
            status_code=503,
            detail="Environment unavailable. Please check if the Superset instance is running."
        )
+# [/DEF:network_error_handler:Function]

+# [DEF:log_requests:Function]
+# @PURPOSE: Middleware to log incoming HTTP requests and their response status.
+# @PRE: request is a FastAPI Request object.
+# @POST: Logs request and response details.
+# @PARAM: request (Request) - The incoming request object.
+# @PARAM: call_next (Callable) - The next middleware or route handler.
@app.middleware("http")
 async def log_requests(request: Request, call_next):
-    # Avoid spamming logs for polling endpoints
-    is_polling = request.url.path.endswith("/api/tasks") and request.method == "GET"
-    
-    if not is_polling:
-        logger.info(f"Incoming request: {request.method} {request.url.path}")
-    
-    try:
-        response = await call_next(request)
+    with belief_scope("log_requests"):
+        # Avoid spamming logs for polling endpoints
+        is_polling = request.url.path.endswith("/api/tasks") and request.method == "GET"
+        
        if not is_polling:
-            logger.info(f"Response status: {response.status_code} for {request.url.path}")
-        return response
-    except NetworkError as e:
-        logger.error(f"Network error caught in middleware: {e}")
-        raise HTTPException(
-            status_code=503,
-            detail="Environment unavailable. Please check if the Superset instance is running."
-        )
+            logger.info(f"Incoming request: {request.method} {request.url.path}")
+        
+        try:
+            response = await call_next(request)
+            if not is_polling:
+                logger.info(f"Response status: {response.status_code} for {request.url.path}")
+            return response
+        except NetworkError as e:
+            logger.error(f"Network error caught in middleware: {e}")
+            raise HTTPException(
+                status_code=503,
+                detail="Environment unavailable. Please check if the Superset instance is running."
+            )
 # [/DEF:log_requests:Function]

 # Include API routes
@@ -123,6 +131,8 @@ app.include_router(llm.router, prefix="/api/llm", tags=["LLM"])
 app.include_router(storage.router, prefix="/api/storage", tags=["Storage"])
 app.include_router(dashboards.router)
 app.include_router(datasets.router)
+app.include_router(reports.router)
+app.include_router(assistant.router, prefix="/api/assistant", tags=["Assistant"])


 # [DEF:api.include_routers:Action]
@@ -137,6 +147,21 @@ app.include_router(datasets.router)
 # @POST: WebSocket connection is managed and logs are streamed until disconnect.
 # @TIER: CRITICAL
 # @UX_STATE: Connecting -> Streaming -> (Disconnected)
+#
+# @TEST_CONTRACT: WebSocketLogStreamApi ->
+# {
+#   required_fields: {websocket: WebSocket, task_id: str},
+#   optional_fields: {source: str, level: str},
+#   invariants: [
+#       "Accepts the WebSocket connection",
+#       "Applies source and level filters correctly to streamed logs",
+#       "Cleans up subscriptions on disconnect"
+#   ]
+# }
+# @TEST_FIXTURE: valid_ws_connection -> {"task_id": "test_1", "source": "plugin"}
+# @TEST_EDGE: task_not_found_ws -> closes connection or sends error
+# @TEST_EDGE: empty_task_logs -> waits for new logs
+# @TEST_INVARIANT: consistent_streaming -> verifies: [valid_ws_connection]
@app.websocket("/ws/logs/{task_id}")
 async def websocket_endpoint(
    websocket: WebSocket,
@@ -241,14 +266,19 @@ frontend_path = project_root / "frontend" / "build"
 if frontend_path.exists():
    app.mount("/_app", StaticFiles(directory=str(frontend_path / "_app")), name="static")

+    # [DEF:serve_spa:Function]
+    # @PURPOSE: Serves the SPA frontend for any path not matched by API routes.
+    # @PRE: frontend_path exists.
+    # @POST: Returns the requested file or index.html.
    @app.get("/{file_path:path}", include_in_schema=False)
    async def serve_spa(file_path: str):
-        # Only serve SPA for non-API paths
-        # API routes are registered separately and should be matched by FastAPI first
-        if file_path and (file_path.startswith("api/") or file_path.startswith("/api/") or file_path == "api"):
-            # This should not happen if API routers are properly registered
-            # Return 404 instead of serving HTML
-            raise HTTPException(status_code=404, detail=f"API endpoint not found: {file_path}")
+        with belief_scope("serve_spa"):
+            # Only serve SPA for non-API paths
+            # API routes are registered separately and should be matched by FastAPI first
+            if file_path and (file_path.startswith("api/") or file_path.startswith("/api/") or file_path == "api"):
+                # This should not happen if API routers are properly registered
+                # Return 404 instead of serving HTML
+                raise HTTPException(status_code=404, detail=f"API endpoint not found: {file_path}")
        
        full_path = frontend_path / file_path
        if file_path and full_path.is_file():
--- a/backend/src/core/auth/tests/test_auth.py
+++ b/backend/src/core/auth/tests/test_auth.py
@@ -0,0 +1,271 @@
+# [DEF:test_auth:Module]
+# @TIER: STANDARD
+# @PURPOSE: Unit tests for authentication module
+# @LAYER: Domain
+# @RELATION: VERIFIES -> src.core.auth
+
+import sys
+from pathlib import Path
+
+# Add src to path
+sys.path.append(str(Path(__file__).parent.parent.parent.parent / "src"))
+
+import pytest
+from sqlalchemy import create_engine
+from sqlalchemy.orm import sessionmaker
+from src.core.database import Base
+# Import all models to ensure they are registered with Base before create_all - must import both auth and mapping to ensure Base knows about all tables
+from src.models import mapping, auth, task, report
+from src.models.auth import User, Role, Permission, ADGroupMapping
+from src.services.auth_service import AuthService
+from src.core.auth.repository import AuthRepository
+from src.core.auth.security import verify_password, get_password_hash
+
+# Create in-memory SQLite database for testing
+SQLALCHEMY_DATABASE_URL = "sqlite:///:memory:"
+
+engine = create_engine(SQLALCHEMY_DATABASE_URL, connect_args={"check_same_thread": False})
+TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# Create all tables
+Base.metadata.create_all(bind=engine)
+
+
+@pytest.fixture
+def db_session():
+    """Create a new database session with a transaction, rollback after test"""
+    connection = engine.connect()
+    transaction = connection.begin()
+    session = TestingSessionLocal(bind=connection)
+    
+    yield session
+    
+    session.close()
+    transaction.rollback()
+    connection.close()
+
+
+@pytest.fixture
+def auth_service(db_session):
+    return AuthService(db_session)
+
+
+@pytest.fixture
+def auth_repo(db_session):
+    return AuthRepository(db_session)
+
+
+def test_create_user(auth_repo):
+    """Test user creation"""
+    user = User(
+        username="testuser",
+        email="test@example.com",
+        password_hash=get_password_hash("testpassword123"),
+        auth_source="LOCAL"
+    )
+    
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+    
+    retrieved_user = auth_repo.get_user_by_username("testuser")
+    assert retrieved_user is not None
+    assert retrieved_user.username == "testuser"
+    assert retrieved_user.email == "test@example.com"
+    assert verify_password("testpassword123", retrieved_user.password_hash)
+
+
+def test_authenticate_user(auth_service, auth_repo):
+    """Test user authentication with valid and invalid credentials"""
+    user = User(
+        username="testuser",
+        email="test@example.com",
+        password_hash=get_password_hash("testpassword123"),
+        auth_source="LOCAL"
+    )
+    
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+    
+    # Test valid credentials
+    authenticated_user = auth_service.authenticate_user("testuser", "testpassword123")
+    assert authenticated_user is not None
+    assert authenticated_user.username == "testuser"
+    
+    # Test invalid password
+    invalid_user = auth_service.authenticate_user("testuser", "wrongpassword")
+    assert invalid_user is None
+    
+    # Test invalid username
+    invalid_user = auth_service.authenticate_user("nonexistent", "testpassword123")
+    assert invalid_user is None
+
+
+def test_create_session(auth_service, auth_repo):
+    """Test session token creation"""
+    user = User(
+        username="testuser",
+        email="test@example.com",
+        password_hash=get_password_hash("testpassword123"),
+        auth_source="LOCAL"
+    )
+    
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+    
+    session = auth_service.create_session(user)
+    assert "access_token" in session
+    assert "token_type" in session
+    assert session["token_type"] == "bearer"
+    assert len(session["access_token"]) > 0
+
+
+def test_role_permission_association(auth_repo):
+    """Test role and permission association"""
+    role = Role(name="Admin", description="System administrator")
+    perm1 = Permission(resource="admin:users", action="READ")
+    perm2 = Permission(resource="admin:users", action="WRITE")
+    
+    role.permissions.extend([perm1, perm2])
+    
+    auth_repo.db.add(role)
+    auth_repo.db.commit()
+    
+    retrieved_role = auth_repo.get_role_by_name("Admin")
+    assert retrieved_role is not None
+    assert len(retrieved_role.permissions) == 2
+    
+    permissions = [f"{p.resource}:{p.action}" for p in retrieved_role.permissions]
+    assert "admin:users:READ" in permissions
+    assert "admin:users:WRITE" in permissions
+
+
+def test_user_role_association(auth_repo):
+    """Test user and role association"""
+    role = Role(name="Admin", description="System administrator")
+    user = User(
+        username="adminuser",
+        email="admin@example.com",
+        password_hash=get_password_hash("adminpass123"),
+        auth_source="LOCAL"
+    )
+    
+    user.roles.append(role)
+    
+    auth_repo.db.add(role)
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+    
+    retrieved_user = auth_repo.get_user_by_username("adminuser")
+    assert retrieved_user is not None
+    assert len(retrieved_user.roles) == 1
+    assert retrieved_user.roles[0].name == "Admin"
+
+
+def test_ad_group_mapping(auth_repo):
+    """Test AD group mapping"""
+    role = Role(name="ADFS_Admin", description="ADFS administrators")
+    
+    auth_repo.db.add(role)
+    auth_repo.db.commit()
+    
+    mapping = ADGroupMapping(ad_group="DOMAIN\\ADFS_Admins", role_id=role.id)
+    
+    auth_repo.db.add(mapping)
+    auth_repo.db.commit()
+    
+    retrieved_mapping = auth_repo.db.query(ADGroupMapping).filter_by(ad_group="DOMAIN\\ADFS_Admins").first()
+    assert retrieved_mapping is not None
+    assert retrieved_mapping.role_id == role.id
+
+
+def test_authenticate_user_updates_last_login(auth_service, auth_repo):
+    """@SIDE_EFFECT: authenticate_user updates last_login timestamp on success."""
+    user = User(
+        username="loginuser",
+        email="login@example.com",
+        password_hash=get_password_hash("mypassword"),
+        auth_source="LOCAL"
+    )
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+
+    assert user.last_login is None
+
+    authenticated = auth_service.authenticate_user("loginuser", "mypassword")
+    assert authenticated is not None
+    assert authenticated.last_login is not None
+
+
+def test_authenticate_inactive_user(auth_service, auth_repo):
+    """@PRE: User with is_active=False should not authenticate."""
+    user = User(
+        username="inactive_user",
+        email="inactive@example.com",
+        password_hash=get_password_hash("testpass"),
+        auth_source="LOCAL",
+        is_active=False
+    )
+    auth_repo.db.add(user)
+    auth_repo.db.commit()
+
+    result = auth_service.authenticate_user("inactive_user", "testpass")
+    assert result is None
+
+
+def test_verify_password_empty_hash():
+    """@PRE: verify_password with empty/None hash returns False."""
+    assert verify_password("anypassword", "") is False
+    assert verify_password("anypassword", None) is False
+
+
+def test_provision_adfs_user_new(auth_service, auth_repo):
+    """@POST: provision_adfs_user creates a new ADFS user with correct roles."""
+    # Set up a role and AD group mapping
+    role = Role(name="ADFS_Viewer", description="ADFS viewer role")
+    auth_repo.db.add(role)
+    auth_repo.db.commit()
+
+    mapping = ADGroupMapping(ad_group="DOMAIN\\Viewers", role_id=role.id)
+    auth_repo.db.add(mapping)
+    auth_repo.db.commit()
+
+    user_info = {
+        "upn": "newadfsuser@domain.com",
+        "email": "newadfsuser@domain.com",
+        "groups": ["DOMAIN\\Viewers"]
+    }
+
+    user = auth_service.provision_adfs_user(user_info)
+    assert user is not None
+    assert user.username == "newadfsuser@domain.com"
+    assert user.auth_source == "ADFS"
+    assert user.is_active is True
+    assert len(user.roles) == 1
+    assert user.roles[0].name == "ADFS_Viewer"
+
+
+def test_provision_adfs_user_existing(auth_service, auth_repo):
+    """@POST: provision_adfs_user updates roles for existing user."""
+    # Create existing user
+    existing = User(
+        username="existingadfs@domain.com",
+        email="existingadfs@domain.com",
+        auth_source="ADFS",
+        is_active=True
+    )
+    auth_repo.db.add(existing)
+    auth_repo.db.commit()
+
+    user_info = {
+        "upn": "existingadfs@domain.com",
+        "email": "existingadfs@domain.com",
+        "groups": []
+    }
+
+    user = auth_service.provision_adfs_user(user_info)
+    assert user is not None
+    assert user.username == "existingadfs@domain.com"
+    assert len(user.roles) == 0  # No matching group mappings
+
+
+# [/DEF:test_auth:Module]
--- a/backend/src/core/auth/config.py
+++ b/backend/src/core/auth/config.py
@@ -24,7 +24,10 @@ class AuthConfig(BaseSettings):
    REFRESH_TOKEN_EXPIRE_DAYS: int = 7

    # Database Settings
-    AUTH_DATABASE_URL: str = Field(default="sqlite:///./backend/auth.db", env="AUTH_DATABASE_URL")
+    AUTH_DATABASE_URL: str = Field(
+        default="postgresql+psycopg2://postgres:postgres@localhost:5432/ss_tools",
+        env="AUTH_DATABASE_URL",
+    )

    # ADFS Settings
    ADFS_CLIENT_ID: str = Field(default="", env="ADFS_CLIENT_ID")
@@ -41,4 +44,4 @@ class AuthConfig(BaseSettings):
 auth_config = AuthConfig()
 # [/DEF:auth_config:Variable]

-# [/DEF:backend.src.core.auth.config:Module]
+# [/DEF:backend.src.core.auth.config:Module]
--- a/backend/src/core/auth/security.py
+++ b/backend/src/core/auth/security.py
@@ -8,14 +8,9 @@
 # @INVARIANT: Uses bcrypt for hashing with standard work factor.

 # [SECTION: IMPORTS]
-from passlib.context import CryptContext
+import bcrypt
 # [/SECTION]

-# [DEF:pwd_context:Variable]
-# @PURPOSE: Passlib CryptContext for password management.
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-# [/DEF:pwd_context:Variable]
-
 # [DEF:verify_password:Function]
 # @PURPOSE: Verifies a plain password against a hashed password.
 # @PRE:     plain_password is a string, hashed_password is a bcrypt hash.
@@ -25,7 +20,15 @@ pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 # @PARAM:   hashed_password (str) - The stored hash.
 # @RETURN:  bool - Verification result.
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    if not hashed_password:
+        return False
+    try:
+        return bcrypt.checkpw(
+            plain_password.encode("utf-8"),
+            hashed_password.encode("utf-8"),
+        )
+    except Exception:
+        return False
 # [/DEF:verify_password:Function]

 # [DEF:get_password_hash:Function]
@@ -36,7 +39,7 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
 # @PARAM:   password (str) - The password to hash.
 # @RETURN:  str - The generated hash.
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
 # [/DEF:get_password_hash:Function]

-# [/DEF:backend.src.core.auth.security:Module]
+# [/DEF:backend.src.core.auth.security:Module]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
busya	f24200d52a	git list refactor	2026-03-01 12:13:19 +03:00
busya	5d45b4adb0	fix(dashboards): lazy-load git status for visible rows	2026-02-28 11:21:37 +03:00
busya	daa9f7be3a	причесываем лог	2026-02-28 10:47:19 +03:00
busya	7e43830144	fix(dashboards): stabilize grid layout and remove owners N+1 fallback	2026-02-28 10:46:47 +03:00
busya	066747de59	feat(dashboards): show owners and improve grid actions UI	2026-02-28 10:04:56 +03:00
busya	442d0e0ac2	workflows update	2026-02-28 00:04:55 +03:00
busya	8fa951fc93	dry run migration	2026-02-27 20:48:18 +03:00
busya	149d230426	semantic protocol update	2026-02-27 20:48:06 +03:00
busya	4c601fbe06	[ { "file": "backend/src/api/routes/__tests__/test_dashboards.py", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "All 9 previous findings remediated. @TEST_FIXTURE data aligned, all @TEST_EDGE scenarios covered, all @PRE negative tests present, all @SIDE_EFFECT assertions added. Full contract compliance." }, { "file": "backend/src/api/routes/__tests__/test_datasets.py", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "All 6 previous findings remediated. Full @PRE boundary coverage including page_size>100, empty IDs, missing env. @SIDE_EFFECT assertions added. 503 error path tested." }, { "file": "backend/src/core/auth/__tests__/test_auth.py", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "All 4 previous findings remediated. @SIDE_EFFECT last_login verified. Inactive user @PRE negative test added. Empty hash edge case covered. provision_adfs_user tested for both new and existing user paths." }, { "file": "backend/src/services/__tests__/test_resource_service.py", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "Both prior recommendations implemented. Full edge case coverage for _get_last_task_for_resource. No anti-patterns detected." }, { "file": "backend/tests/test_resource_hubs.py", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "Pagination boundary tests added. All @TEST_EDGE scenarios now covered. No anti-patterns detected." }, { "file": "frontend/src/lib/components/assistant/__tests__/assistant_chat.integration.test.js", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "No changes since previous audit. Contract scanning remains sound." }, { "file": "frontend/src/lib/components/assistant/__tests__/assistant_confirmation.integration.test.js", "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "No changes since previous audit. Confirmation flow testing remains sound." } ]	2026-02-27 09:59:57 +03:00
busya	36173c0880	test contracts	2026-02-26 19:40:00 +03:00
busya	81d62c1345	new test contracts	2026-02-26 19:29:07 +03:00
busya	a8f7147500	test now STANDARD tier	2026-02-26 18:38:26 +03:00
busya	ce684bc5d1	update test data	2026-02-26 18:38:02 +03:00
busya	484019e750	test semantic harden	2026-02-26 18:26:11 +03:00
busya	4ff6d307f8	+ai update	2026-02-26 17:54:23 +03:00
busya	f4612c0737	Improve dashboard LLM validation UX and report flow	2026-02-26 17:53:41 +03:00
busya	5ec1254336	codex specify	2026-02-25 21:19:48 +03:00
busya	b7d1ee2b71	feat(search): add grouped global results for tasks and reports	2026-02-25 21:09:42 +03:00
busya	87285d8f0a	feat(search): implement global navbar search for dashboards and datasets	2026-02-25 21:07:51 +03:00
busya	04b01eadb5	fix(ui): use global environment context on datasets page	2026-02-25 20:59:24 +03:00
busya	4d5b9e88dd	fix(auth): defer environment context fetch until token is available	2026-02-25 20:58:14 +03:00
busya	4bad4ab4e2	fix(logging): suppress per-request belief scope spam in API client	2026-02-25 20:52:12 +03:00
busya	3801ca13d9	feat(env): add global production context and safety indicators	2026-02-25 20:46:00 +03:00
busya	999c0c54df	+ git config	2026-02-25 20:27:29 +03:00
busya	f9ac282596	feat: Implement recursive storage listing and directory browsing for backups, and add a migration option to fix cross-filters.	2026-02-25 20:01:33 +03:00
busya	5d42a6b930	i18 cleanup	2026-02-25 18:31:50 +03:00
busya	99f19ac305	{ "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "The test suite robustly verifies the MigrationEngine contracts. It avoids Tautologies by cleanly substituting IdMappingService without mocking the engine itself. Cross-filter parsing asserts against hard-coded, predefined validation dictionaries (no Logic Mirroring). It successfully addresses @PRE negative cases (e.g. invalid zip paths, missing YAMLs) and rigorously validates @POST file transformations (e.g. in-place UUID substitutions and archive reconstruction)." }	2026-02-25 17:47:55 +03:00
busya	590ba49ddb	sync worked	2026-02-25 15:20:26 +03:00
busya	2a5b225800	feat: Enhance ID mapping service robustness, add defensive guards, and expand migration engine and API testing.	2026-02-25 14:44:21 +03:00
busya	33433c3173	ready for test	2026-02-25 13:35:09 +03:00
busya	21e969a769	workflow agy update	2026-02-25 13:29:14 +03:00
busya	783644c6ad	tasks ready	2026-02-25 13:28:24 +03:00
busya	d32d85556f	+md	2026-02-25 10:34:30 +03:00
busya	bc0367ab72	speckit update	2026-02-25 10:31:48 +03:00
busya	1c362f4092	{ "verdict": "APPROVED", "rejection_reason": "NONE", "audit_details": { "target_invoked": true, "pre_conditions_tested": true, "post_conditions_tested": true, "test_data_used": true }, "feedback": "Both test files have successfully passed the audit. The 'task_log_viewer.test.js' suite now correctly imports and mounts the real Svelte component using Test Library, fully eliminating the logic mirror/tautology issue. The 'test_logger.py' suite now properly implements negative tests for the @PRE constraint in 'belief_scope' and fully verifies all @POST effects triggered by 'configure_logger'." }	2026-02-24 21:55:13 +03:00
busya	95ae9c6af1	semantic update	2026-02-24 21:08:12 +03:00
busya	7a12ed0931	chore(gitignore): unignore frontend dashboards routes and track pages	2026-02-24 16:16:41 +03:00
busya	e0c0dd3221	fix(validation): respect settings-bound provider and correct multimodal heuristic	2026-02-24 16:04:14 +03:00
busya	5f6e9c0cc0	fix(llm-validation): accept stepfun multimodal models and return 422 on capability mismatch	2026-02-24 16:00:23 +03:00
busya	4fd9d6b6d5	fix(llm): skip unsupported json_object mode for openrouter stepfun models	2026-02-24 14:22:08 +03:00
busya	7e6bd56488	feat(assistant-chat): add animated thinking loader while waiting for response	2026-02-24 14:15:35 +03:00
busya	5e3c213b92	fix(task-drawer): keep drawer above assistant dim overlay	2026-02-24 14:12:34 +03:00
busya	37b75b5a5c	fix(task-drawer): render as side column without modal overlay when opened from assistant	2026-02-24 14:09:34 +03:00
busya	3d42a487f7	fix(assistant): resolve dashboard refs via LLM entities and remove deterministic parser fallback	2026-02-24 13:32:25 +03:00
busya	2e93f5ca63	fix(assistant-chat): prevent stale history response from resetting selected conversation	2026-02-24 13:27:09 +03:00
busya	286167b1d5	generate semantic clean up	2026-02-24 12:51:57 +03:00
busya	7df7b4f98c	feat(assistant): add multi-dialog UX, task-aware llm settings, and i18n cleanup	2026-02-23 23:45:01 +03:00
busya	ab1c87ffba	feat(assistant): add conversations list, infinite history scroll, and archived tab	2026-02-23 20:27:51 +03:00
busya	40e6d8cd4c	chat worked	2026-02-23 20:20:25 +03:00
busya	18e96a58bc	feat(assistant): implement spec 021 chat assistant flow with semantic contracts	2026-02-23 19:37:56 +03:00
busya	83e4875097	Merge branch '001-unify-frontend-style' into master	2026-02-23 16:06:12 +03:00
busya	e635bd7e5f	Add Apache Superset OpenAPI documentation reference to ROOT.md	2026-02-23 16:04:42 +03:00
busya	43dd97ecbf	Новый экранчик для обзора дашей	2026-02-23 15:54:20 +03:00
busya	0685f50ae7	Merge branch '020-task-reports-design' into master	2026-02-23 13:28:31 +03:00
busya	d0ffc2f1df	Finalize task-020 reports navigation and stability fixes	2026-02-23 13:28:30 +03:00
busya	26880d2e09	semantic update	2026-02-23 13:15:48 +03:00
busya	008b6d72c9	таски готовы	2026-02-23 10:18:56 +03:00
busya	f0c85e4c03	Fix task API stability and Playwright runtime in Docker	2026-02-21 23:43:46 +03:00
busya	6ffdf5f8a4	feat: restore legacy data and add typed task result views	2026-02-21 23:17:56 +03:00
busya	0cf0ef25f1	db + docker	2026-02-20 20:47:39 +03:00
busya	af74841765	semantic update	2026-02-20 10:41:15 +03:00
busya	d7e4919d54	few shots update	2026-02-20 10:26:01 +03:00
busya	fdcbe32dfa	css refactor	2026-02-19 18:24:36 +03:00
busya	4de5b22d57	+Svelte specific	2026-02-19 17:47:24 +03:00
busya	c8029ed309	ai base	2026-02-19 17:43:45 +03:00
busya	c2a4c8062a	fix tax log	2026-02-19 16:05:59 +03:00
busya	2c820e103a	tests ready	2026-02-19 13:33:20 +03:00
busya	c8b84b7bd7	Coder + fix workflow	2026-02-19 13:33:10 +03:00
busya	fdb944f123	Test logic update	2026-02-19 12:44:31 +03:00
busya	d29bc511a2	task panel	2026-02-19 09:43:01 +03:00
busya	a3a9f0788d	docs: amend constitution to v2.3.0 (tailwind css first principle)	2026-02-18 18:29:52 +03:00