oxios_kernel/

orchestrator.rs

//! Orchestrator: coordinates the unified intent lifecycle (RFC-027).
//!
//! The orchestrator is the "brain" that runs the Ouroboros protocol.
//! Given a user message:
//! 1. Conduct the interview (ask clarifying questions if needed)
//! 2. Generate a seed (via LLM for complex tasks, or ad-hoc for simple tasks)
//! 3. Execute the agent via the supervisor
//! 4. Return the result to the user
//!
//! The orchestrator does NOT know about channels or HTTP — it only
//! coordinates Ouroboros + Supervisor + EventBus + StateStore + Scheduler + AccessManager.

// Legacy helper functions (save_seed, publish_phase_*, format_*) are
// retained for reference but no longer called after RFC-027 migration.
#![allow(dead_code)]

use std::sync::Arc;
use std::time::Duration;

use anyhow::{Context, Result};
use chrono;
use oxios_ouroboros::{ExecutionResult, InterviewResult, OuroborosProtocol, Phase, Seed};
use parking_lot::RwLock;
use serde::{Deserialize, Serialize};
use uuid::Uuid;

use crate::agent_lifecycle::AgentLifecycleManager;
use crate::event_bus::{EventBus, KernelEvent};
use crate::git_layer::GitLayer;
use crate::metrics::get_metrics;
use crate::mount::{MountId, MountManager};
use crate::project::{ConversationBuffer, ProjectManager};
use crate::scheduler::Priority;
use crate::state_store::StateStore;
use crate::types::AgentId;

/// Role of an agent within a group.
#[derive(Debug, Clone, Default, serde::Serialize, serde::Deserialize)]
pub enum AgentRole {
    /// Executes a specific subtask.
    #[default]
    Worker,
    /// Coordinates subtasks, synthesizes results.
    Manager,
}

/// A subtask within a multi-agent plan.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SubTask {
    /// Unique subtask ID.
    pub id: Uuid,
    /// Human-readable description.
    pub description: String,
    /// Capability required (e.g., "code-review", "testing").
    pub required_capability: Option<String>,
    /// Result of the subtask (filled after execution).
    pub result: Option<String>,
    /// Whether this subtask succeeded.
    pub success: bool,
    /// Role of the agent assigned to this subtask.
    #[serde(default)]
    pub role: AgentRole,
}

impl SubTask {
    /// Create a new subtask with the given description.
    pub fn new(description: impl Into<String>) -> Self {
        Self {
            id: Uuid::new_v4(),
            description: description.into(),
            required_capability: None,
            result: None,
            success: false,
            role: AgentRole::default(),
        }
    }

    /// Set the required capability for this subtask.
    pub fn with_capability(mut self, cap: impl Into<String>) -> Self {
        self.required_capability = Some(cap.into());
        self
    }
}

/// The orchestrator coordinates the full Ouroboros lifecycle.
pub struct Orchestrator {
    #[allow(dead_code)]
    ouroboros: Arc<dyn OuroborosProtocol>,
    /// IntentEngine for the unified handle() path (RFC-027).
    /// Lazily available when the kernel wires it; None in legacy constructions.
    intent_engine: RwLock<Option<Arc<dyn oxios_ouroboros::IntentEngineOps>>>,
    event_bus: EventBus,
    state_store: Arc<StateStore>,
    /// Git version control layer for auto-commits.
    git_layer: Option<Arc<GitLayer>>,
    /// Active interview sessions, keyed by session ID.
    sessions: RwLock<std::collections::HashMap<String, InterviewSession>>,
    /// Agent lifecycle manager (fork, register, run, cleanup).
    lifecycle: AgentLifecycleManager,
    /// A2A protocol for inter-agent task delegation.
    a2a: Option<Arc<crate::a2a::A2AProtocol>>,
    /// Project manager for context partitioning.
    project_manager: RwLock<Option<Arc<ProjectManager>>>,
    /// Mount manager for path-alias context (RFC-025).
    mount_manager: RwLock<Option<Arc<MountManager>>>,
    /// Conversation buffer for topic shift detection.
    conversation_buffer: RwLock<ConversationBuffer>,
    /// Orchestrator configuration (Ouroboros protocol settings).
    delegation_config: DelegationConfig,
    /// A2A circuit breaker for delegation reliability.
    a2a_breaker: Arc<crate::a2a::circuit_breaker::A2ACircuitBreaker>,
    /// RFC-027 intent config (retry settings, etc).
    intent_config: RwLock<crate::config::IntentConfig>,
}

/// Configuration for A2A delegation retries.
#[derive(Debug, Clone)]
struct DelegationConfig {
    /// Maximum retry attempts for A2A delegation.
    max_retries: u32,
    /// Base delay for exponential backoff (milliseconds).
    base_delay_ms: u64,
    /// Maximum delay cap for exponential backoff (milliseconds).
    max_delay_ms: u64,
    /// Timeout per delegation attempt (milliseconds).
    #[allow(dead_code)]
    timeout_ms: u64,
}

impl Default for DelegationConfig {
    fn default() -> Self {
        Self {
            max_retries: 3,
            base_delay_ms: 100,
            max_delay_ms: 5000,
            timeout_ms: 5000,
        }
    }
}

impl DelegationConfig {
    /// Calculate exponential backoff delay.
    fn backoff_delay(&self, attempt: u32) -> u64 {
        let delay = self.base_delay_ms * 2_u64.saturating_pow(attempt.min(10));
        delay.min(self.max_delay_ms)
    }
}

impl Orchestrator {
    /// Creates a new orchestrator.
    pub fn new(
        ouroboros: Arc<dyn OuroborosProtocol>,
        event_bus: EventBus,
        state_store: Arc<StateStore>,
        lifecycle: AgentLifecycleManager,
    ) -> Self {
        Self::with_config(
            ouroboros,
            event_bus,
            state_store,
            lifecycle,
            crate::config::OrchestratorConfig::default(),
        )
    }

    /// Creates a new orchestrator with custom config.
    pub fn with_config(
        ouroboros: Arc<dyn OuroborosProtocol>,
        event_bus: EventBus,
        state_store: Arc<StateStore>,
        lifecycle: AgentLifecycleManager,
        _config: crate::config::OrchestratorConfig,
    ) -> Self {
        Self {
            ouroboros,
            intent_engine: RwLock::new(None),
            event_bus,
            state_store,
            git_layer: None,
            sessions: RwLock::new(std::collections::HashMap::new()),
            lifecycle,
            a2a: None,
            project_manager: RwLock::new(None),
            mount_manager: RwLock::new(None),
            conversation_buffer: RwLock::new(ConversationBuffer::default()),
            delegation_config: DelegationConfig::default(),
            intent_config: RwLock::new(crate::config::IntentConfig::default()),
            a2a_breaker: Arc::new(crate::a2a::circuit_breaker::A2ACircuitBreaker::new(5, 30)),
        }
    }

    /// Wire the IntentEngine for unified handle() calls (RFC-027).
    /// Called by the kernel assembler after construction.
    pub fn set_intent_engine(&self, engine: Arc<dyn oxios_ouroboros::IntentEngineOps>) {
        *self.intent_engine.write() = Some(engine);
    }

    /// Whether the IntentEngine is wired (unified path available).
    pub fn has_intent_engine(&self) -> bool {
        self.intent_engine.read().is_some()
    }

    /// Set the ProjectManager for context partitioning.
    pub fn set_project_manager(&self, manager: Arc<ProjectManager>) {
        *self.project_manager.write() = Some(manager);
    }

    /// Set the MountManager for path-alias context (RFC-025).
    pub fn set_mount_manager(&self, manager: Arc<MountManager>) {
        *self.mount_manager.write() = Some(manager);
    }

    /// Get a reference to the MountManager, if set (RFC-025).
    pub fn mount_manager(&self) -> Option<Arc<MountManager>> {
        self.mount_manager.read().as_ref().cloned()
    }

    /// Get a reference to the ProjectManager, if set.
    pub fn project_manager(&self) -> Option<Arc<ProjectManager>> {
        self.project_manager.read().as_ref().cloned()
    }

    /// Detect a project from a message, returning tag string.
    pub fn detect_project_tag(&self, message: &str) -> Option<String> {
        self.project_manager.read().as_ref().and_then(|pm| {
            let projects = pm.list_projects();
            let result = crate::project::detect_project(message, &projects);
            match result {
                crate::project::DetectionResult::Found(id) => pm.get_project(id).map(|p| p.tag()),
                crate::project::DetectionResult::NoMatch { .. } => None,
            }
        })
    }

    /// Resolve the active Mounts for a message (RFC-025).
    ///
    /// Parses explicit `mount_ids` ("uuid1,uuid2,...", primary first); when
    /// none are given, auto-detects from the message. Returns:
    /// - the ordered list of active [`MountId`]s,
    /// - the rendered `## Workspace Context` body (without the header),
    /// - all resolved filesystem paths (primary first),
    /// - a display tag like `[🔧 oxios + oxi-sdk]`.
    ///
    /// Honors the sticky-primary model: when `mount_ids` is explicitly
    /// provided they are used as-is (detection is skipped). Detection only
    /// runs when `mount_ids` is `None`, seeding the primary slot — it never
    /// replaces an explicit primary, only appends a secondary.
    fn resolve_mount_workspace(
        &self,
        mount_ids: Option<&str>,
        project_ids: Option<&str>,
        user_message: &str,
    ) -> (
        Vec<MountId>,
        Option<String>,
        Vec<std::path::PathBuf>,
        String,
    ) {
        use crate::mount::Mount;

        let Some(mm) = self.mount_manager() else {
            return (Vec::new(), None, Vec::new(), String::new());
        };

        // Parse explicit mount_ids; otherwise auto-detect (seeds the primary slot).
        let mut ids: Vec<MountId> = if let Some(ids_str) = mount_ids {
            ids_str
                .split(',')
                .filter_map(|s| MountId::parse_str(s.trim()).ok())
                .collect()
        } else {
            match mm.detect(user_message) {
                crate::mount::DetectionResult::Found(id) => vec![id],
                crate::mount::DetectionResult::NoMatch { .. } => vec![],
            }
        };
        // De-duplicate while preserving order (handles non-consecutive dups).
        let mut seen = std::collections::HashSet::new();
        ids.retain(|id| seen.insert(*id));

        // ── Project-referenced Mount activation (RFC-025) ──
        // When a project_id is provided, auto-activate its referenced Mounts
        // BEFORE we derive mounts/tag/context/paths, so they are fully
        // visible in the system prompt and the badge — not just granted
        // path access. (Previously this ran after the prompt was built, so
        // project-referenced Mounts were invisible in the context body.)
        let project_for_instructions: Option<crate::project::Project> = if let Some(project_ids_str) =
            project_ids
            && let Some(first_id_str) = project_ids_str.split(',').next()
            && let Some(pm) = self.project_manager()
            && let Ok(pid) = Uuid::parse_str(first_id_str.trim())
        {
            let proj = pm.get_project(pid);
            if let Some(ref project) = proj {
                for mid in &project.mount_ids {
                    if !ids.contains(mid) {
                        ids.push(*mid);
                    }
                }
            }
            proj
        } else {
            None
        };

        if ids.is_empty() {
            return (Vec::new(), None, Vec::new(), String::new());
        }

        // Touch each active Mount (record activity) — now includes any
        // Project-referenced Mounts activated above.
        for id in &ids {
            mm.touch(*id);
        }

        let mounts: Vec<Mount> = mm.get_mounts_ordered(&ids);
        if mounts.is_empty() {
            return (Vec::new(), None, Vec::new(), String::new());
        }

        // Collect all paths (primary first, deduped) over the full Mount set.
        let mut paths: Vec<std::path::PathBuf> = Vec::new();
        for m in &mounts {
            for p in &m.paths {
                if !paths.contains(p) {
                    paths.push(p.clone());
                }
            }
        }

        // Legacy fallback (RFC-025 migration window): a Project created
        // before Mounts may carry explicit `paths` but no `mount_ids`. In
        // that case grant path access directly so pre-RFC-025 Projects still
        // resolve a CWD and populate `allowed_paths` (see agent_runtime.rs).
        if let Some(project) = &project_for_instructions
            && project.mount_ids.is_empty()
            && !project.paths.is_empty()
        {
            for p in &project.paths {
                if !paths.contains(p) {
                    paths.push(p.clone());
                }
            }
        }

        // Display tag.
        let tag = if mounts.len() == 1 {
            mounts[0].tag()
        } else {
            let names: Vec<&str> = mounts.iter().map(|m| m.name.as_str()).collect();
            format!("[🔧 {}]", names.join(" + "))
        };

        let mut context = build_workspace_context_body(&mounts).unwrap_or_default();

        // ── Project instructions (RFC-025) ──
        // Inject the project's instructions into the context body. The
        // "### Active Mounts" header above is only present when there are
        // actual mount entries in `context`; the Project Instructions section
        // stands on its own when only instructions exist.
        if let Some(project) = project_for_instructions {
            // Cap instructions to stay within the prompt budget (~500 tokens).
            let instructions = if project.instructions.len() > 2000 {
                let mut end = 2000;
                while end > 0 && !project.instructions.is_char_boundary(end) {
                    end -= 1;
                }
                format!("{}...", &project.instructions[..end])
            } else {
                project.instructions.clone()
            };
            if !instructions.is_empty() {
                context.push_str(&format!(
                    "\n### Project Instructions: {}\n{}\n",
                    project.name, instructions
                ));
            }
        }

        // Enforce a hard prompt budget on the final context body (~1500 tokens).
        const MAX_CONTEXT_CHARS: usize = 6000;
        if context.len() > MAX_CONTEXT_CHARS {
            let mut end = MAX_CONTEXT_CHARS;
            while end > 0 && !context.is_char_boundary(end) {
                end -= 1;
            }
            context.truncate(end);
            context.push_str("\n...(context truncated)...\n");
        }

        let context_opt = if context.is_empty() {
            None
        } else {
            Some(context)
        };
        (ids, context_opt, paths, tag)
    }

    /// Set the A2A protocol for inter-agent task delegation.
    pub fn set_a2a(&mut self, a2a: Arc<crate::a2a::A2AProtocol>) {
        self.a2a = Some(a2a);
    }

    /// Set the GitLayer for auto-commits after state saves.
    pub fn set_git_layer(&mut self, git_layer: Arc<GitLayer>) {
        self.git_layer = Some(git_layer);
    }

    /// Restore sessions from persisted state.
    ///
    /// Loads sessions from the `StateStore` that have an `active_seed_id`
    /// (meaning they are mid-orchestration) and repopulates the in-memory
    /// interview session map so that follow-up messages can continue
    /// the conversation.
    pub async fn restore_sessions(&self) {
        let summaries = match self.state_store.list_sessions().await {
            Ok(s) => s,
            Err(e) => {
                tracing::warn!(error = %e, "Failed to list sessions for restore");
                return;
            }
        };

        let mut restored = 0usize;
        for summary in &summaries {
            // Only restore sessions that are mid-orchestration (have an active seed).
            let Some(ref seed_id_str) = summary.active_seed_id else {
                continue;
            };

            let session_id = crate::state_store::SessionId(summary.id.clone());
            let session = match self.state_store.load_session(&session_id).await {
                Ok(Some(s)) => s,
                Ok(None) => continue,
                Err(e) => {
                    tracing::warn!(
                        session_id = %summary.id,
                        error = %e,
                        "Failed to load session for restore"
                    );
                    continue;
                }
            };

            // Reconstruct an InterviewSession from the persisted data.
            // The interview result is rebuilt from conversation history so
            // that multi-turn context is available on follow-up messages.
            let mut interview = oxios_ouroboros::InterviewResult::new();
            interview.is_task = true; // Has active seed → was a task.
            interview.original_message = session
                .user_messages
                .last()
                .map(|m| m.content.clone())
                .unwrap_or_default();

            // Rebuild conversation history from user/agent exchanges.
            // Use an index loop (not zip) so a trailing user message
            // without a stored agent response (e.g. crash before flush)
            // is preserved with an empty agent turn instead of dropped.
            let history: Vec<oxios_ouroboros::interview::Exchange> = session
                .user_messages
                .iter()
                .enumerate()
                .map(|(i, user)| oxios_ouroboros::interview::Exchange {
                    user: user.content.clone(),
                    agent: session
                        .agent_responses
                        .get(i)
                        .map(|a| a.content.clone())
                        .unwrap_or_default(),
                })
                .collect();
            interview.conversation_history = history;

            let seed_id = seed_id_str.parse::<Uuid>().ok();

            let interview_session = InterviewSession {
                id: session.id.0.clone(),
                interview,
                phase: Phase::Execute,
                seed_id,
                agent_id: None,
            };

            {
                let mut sessions = self.sessions.write();
                sessions.insert(session.id.0.clone(), interview_session);
            }

            restored += 1;
        }

        if restored > 0 {
            tracing::info!(restored, total = summaries.len(), "Sessions restored");
        }
    }

    /// Commit a file to git if GitLayer is configured and enabled.
    fn git_commit(&self, rel_path: &str, message: &str) {
        if let Some(ref gl) = self.git_layer
            && gl.is_enabled()
        {
            let _ = gl.commit_file(rel_path, message);
        }
    }

    /// Save a seed to the state store.
    async fn save_seed(&self, seed: &Seed) -> Result<()> {
        let key = seed.id.to_string();

        self.state_store
            .save_json("seeds", &key, seed)
            .await
            .context("failed to save seed to state store")?;

        self.git_commit(&format!("seeds/{key}.json"), "ourobors: save seed");

        Ok(())
    }

    /// Save an evaluation result to the state store.
    /// Publish a PhaseStarted event.
    async fn publish_phase_started(&self, session_id: &str, phase: Phase) {
        let _ = self.event_bus.publish(KernelEvent::PhaseStarted {
            session_id: session_id.to_owned(),
            phase,
        });
    }

    /// Publish a PhaseCompleted event.
    async fn publish_phase_completed(&self, session_id: &str, phase: Phase, result: &str) {
        let _ = self.event_bus.publish(KernelEvent::PhaseCompleted {
            session_id: session_id.to_owned(),
            phase,
            result_summary: result.to_owned(),
        });
    }

    /// Execute multiple subtasks using separate agents in parallel.
    ///
    /// When A2A is available, the orchestrator delegates tasks through the
    /// A2A protocol with circuit breaker and retry support.
    /// Otherwise, falls back to direct lifecycle execution.
    ///
    /// Results are collected as they complete using `JoinSet`.
    pub async fn delegate_subtasks(
        &self,
        subtasks: Vec<SubTask>,
        parent_seed: &Seed,
    ) -> Result<Vec<SubTask>> {
        // Single task — execute directly without group overhead.
        if subtasks.len() == 1 {
            return self.execute_single_subtask(subtasks, parent_seed).await;
        }

        // Try A2A-based delegation when the protocol is available.
        if let Some(ref a2a) = self.a2a {
            // Check circuit breaker
            if !self.a2a_breaker.is_allowed() {
                tracing::warn!(
                    state = ?self.a2a_breaker.state(),
                    "A2A circuit breaker open, using lifecycle fallback"
                );
                return self.delegate_via_lifecycle(subtasks, parent_seed).await;
            }

            // Delegate with retry
            return self.delegate_with_retry(subtasks, parent_seed, a2a).await;
        }

        // Fallback: direct lifecycle execution (no A2A).
        self.delegate_via_lifecycle(subtasks, parent_seed).await
    }

    /// Delegate subtasks via A2A with circuit breaker and retry support.
    async fn delegate_with_retry(
        &self,
        subtasks: Vec<SubTask>,
        parent_seed: &Seed,
        a2a: &Arc<crate::a2a::A2AProtocol>,
    ) -> Result<Vec<SubTask>> {
        let mut attempt = 0;
        let max_retries = self.delegation_config.max_retries;

        loop {
            match self
                .delegate_via_a2a(subtasks.clone(), parent_seed, a2a)
                .await
            {
                Ok(results) => {
                    self.a2a_breaker.record_success();
                    return Ok(results);
                }
                Err(e) => {
                    self.a2a_breaker.record_failure();
                    attempt += 1;

                    if attempt >= max_retries {
                        tracing::error!(
                            attempts = attempt,
                            error = %e,
                            "A2A delegation exhausted after {} attempts, using lifecycle fallback",
                            attempt
                        );
                        return self.delegate_via_lifecycle(subtasks, parent_seed).await;
                    }

                    // Exponential backoff
                    let delay = self.delegation_config.backoff_delay(attempt);
                    tracing::warn!(
                        attempt,
                        delay_ms = delay,
                        error = %e,
                        "A2A delegation failed, retrying with backoff"
                    );
                    tokio::time::sleep(Duration::from_millis(delay)).await;
                }
            }
        }
    }

    /// Execute a single subtask directly via lifecycle manager.
    async fn execute_single_subtask(
        &self,
        subtasks: Vec<SubTask>,
        parent_seed: &Seed,
    ) -> Result<Vec<SubTask>> {
        let mut task = subtasks.into_iter().next().ok_or_else(|| {
            anyhow::anyhow!("execute_single_subtask called with an empty subtask list")
        })?;
        let child_seed = Seed {
            id: Uuid::new_v4(),
            goal: task.description.clone(),
            constraints: parent_seed.constraints.clone(),
            acceptance_criteria: vec!["Task completes successfully".into()],
            ontology: parent_seed.ontology.clone(),
            created_at: chrono::Utc::now(),
            generation: parent_seed.generation + 1,
            parent_seed_id: Some(parent_seed.id),
            cspace_hint: None,
            original_request: parent_seed.original_request.clone(),
            output_schema: None,
            project_id: parent_seed.project_id,
            workspace_context: parent_seed.workspace_context.clone(),
            mount_paths: parent_seed.mount_paths.clone(),
        };
        match self
            .lifecycle
            .spawn_and_run(&child_seed, Priority::Normal)
            .await
        {
            Ok(result) => {
                task.result = Some(result.output.clone());
            }
            Err(e) => {
                task.result = Some(format!("Failed: {e}"));
                task.success = false;
            }
        }
        Ok(vec![task])
    }

    /// Delegate subtasks via A2A protocol.
    ///
    /// Queries the AgentCardRegistry for agents matching each subtask's
    /// Execute subtasks via A2A dispatch handler.
    ///
    /// Queries the AgentCardRegistry for agents matching each subtask's
    /// required capability, then calls `execute_delegation` which runs
    /// the task through the registered handler (lifecycle).
    /// Falls back to direct lifecycle execution when no handler is registered.
    async fn delegate_via_a2a(
        &self,
        subtasks: Vec<SubTask>,
        parent_seed: &Seed,
        a2a: &Arc<crate::a2a::A2AProtocol>,
    ) -> Result<Vec<SubTask>> {
        use crate::a2a::TaskPriority;
        use tokio::task::JoinSet;

        tracing::info!(
            subtasks = subtasks.len(),
            "Delegating subtasks via A2A protocol"
        );

        let orchestrator_id: crate::types::AgentId = uuid::Uuid::nil();
        let subtask_count = subtasks.len();
        let mut join_set: JoinSet<(usize, SubTask)> = JoinSet::new();

        for (idx, subtask) in subtasks.into_iter().enumerate() {
            let capability = subtask.required_capability.clone();
            let description = subtask.description.clone();
            let subtask_id = subtask.id;
            let role = subtask.role.clone();
            let a2a = Arc::clone(a2a);
            let parent_seed = parent_seed.clone();
            let lifecycle = self.lifecycle.clone();

            join_set.spawn(async move {
                // Find agent with the required capability via A2A registry.
                let target: Option<crate::a2a::AgentCard> = if let Some(ref cap) = capability {
                    a2a.query_capabilities(cap).await.ok()
                        .and_then(|agents| agents.into_iter().next())
                } else {
                    None
                };

                let (output, success) = if let Some(ref target_card) = target {
                    let target_id = target_card.agent_id;
                    tracing::info!(
                        subtask_index = idx,
                        target = %target_card.name,
                        target_id = %target_id,
                        "A2A dispatching subtask"
                    );

                    let task = crate::a2a::TaskSpec::new(&description, serde_json::json!({
                        "parent_seed": parent_seed.id.to_string(),
                        "goal": description,
                    }))
                    .with_priority(TaskPriority::Normal);

                    // Enqueue audit trail (fire-and-forget into queue).
                    let _ = a2a.delegate_task(orchestrator_id, target_id, task.clone()).await;

                    // Execute through dispatch handler (blocking).
                    match a2a.execute_delegation(orchestrator_id, target_id, task).await {
                        Some(Ok(result)) => {
                            let out = result.get("output")
                                .and_then(|v| v.as_str())
                                .unwrap_or("")
                                .to_string();
                            let ok = result.get("success")
                                .and_then(|v| v.as_bool())
                                .unwrap_or(false);
                            (out, ok)
                        }
                        Some(Err(e)) => {
                            tracing::warn!(subtask_index = idx, error = %e, "execute_delegation failed");
                            (format!("Failed: {e}"), false)
                        }
                        None => {
                            // No handler — fallback to lifecycle.
                            tracing::warn!(subtask_index = idx, "No dispatch handler, lifecycle fallback");
                            run_via_lifecycle(&lifecycle, &parent_seed, &description).await
                        }
                    }
                } else {
                    tracing::info!(subtask_index = idx, "No A2A agent found, lifecycle fallback");
                    run_via_lifecycle(&lifecycle, &parent_seed, &description).await
                };

                (idx, SubTask {
                    id: subtask_id,
                    description,
                    required_capability: capability,
                    result: Some(output),
                    success,
                    role,
                })
            });
        }

        let mut results: Vec<Option<SubTask>> = vec![None; subtask_count];
        while let Some(join_result) = join_set.join_next().await {
            match join_result {
                Ok((idx, subtask)) => {
                    results[idx] = Some(subtask);
                }
                Err(e) => {
                    tracing::error!(error = %e, "A2A task panicked");
                }
            }
        }

        // Preserve subtask_count: a `None` slot means the task panicked or
        // was lost. Previously flatten() dropped them, so `all(success)` on
        // an empty vec returned true — total failure reported as success.
        let completed: Vec<SubTask> = results
            .into_iter()
            .enumerate()
            .map(|(idx, opt)| {
                opt.unwrap_or_else(|| SubTask {
                    id: Uuid::new_v4(),
                    description: format!("subtask {idx} (failed)"),
                    required_capability: None,
                    result: Some("Task panicked or did not complete".into()),
                    success: false,
                    role: AgentRole::default(),
                })
            })
            .collect();
        tracing::info!(
            completed = completed.len(),
            succeeded = completed.iter().filter(|r| r.success).count(),
            "A2A delegation complete"
        );
        Ok(completed)
    }

    async fn delegate_via_lifecycle(
        &self,
        subtasks: Vec<SubTask>,
        parent_seed: &Seed,
    ) -> Result<Vec<SubTask>> {
        use crate::agent_group::OxiosAgentGroup;
        use tokio::task::JoinSet;

        let descriptions: Vec<String> = subtasks.iter().map(|st| st.description.clone()).collect();
        let group = OxiosAgentGroup::new(parent_seed, descriptions);
        let group_id = group.id;

        self.event_bus.publish(KernelEvent::AgentGroupCreated {
            group_id,
            agent_count: group.agents.len(),
        })?;

        tracing::info!(
            group_id = %group_id,
            agent_count = group.agents.len(),
            "Starting parallel multi-agent execution"
        );

        let mut join_set: JoinSet<(
            usize,
            crate::types::AgentId,
            Result<oxios_ouroboros::ExecutionResult>,
        )> = JoinSet::new();

        for (idx, agent_entry) in group.agents.iter().enumerate() {
            let child_seed = agent_entry.seed.clone();
            let agent_id = agent_entry.id;
            let lifecycle = self.lifecycle.clone();

            join_set.spawn(async move {
                let result = lifecycle.spawn_and_run(&child_seed, Priority::Normal).await;
                (idx, agent_id, result)
            });
        }

        let subtask_count = subtasks.len();
        let mut completed = vec![None; subtask_count];
        while let Some(join_result) = join_set.join_next().await {
            match join_result {
                Ok((idx, agent_id, Ok(exec_result))) => {
                    let _ = self
                        .event_bus
                        .publish(KernelEvent::AgentGroupMemberCompleted {
                            group_id,
                            agent_id,
                            success: exec_result.success,
                        });
                    completed[idx] = Some(SubTask {
                        id: subtasks[idx].id,
                        description: subtasks[idx].description.clone(),
                        required_capability: subtasks[idx].required_capability.clone(),
                        result: Some(exec_result.output.clone()),
                        success: exec_result.success,
                        role: subtasks[idx].role.clone(),
                    });
                }
                Ok((idx, agent_id, Err(e))) => {
                    tracing::warn!(subtask_index = idx, error = %e, "Subtask failed");
                    let _ = self
                        .event_bus
                        .publish(KernelEvent::AgentGroupMemberCompleted {
                            group_id,
                            agent_id,
                            success: false,
                        });
                    completed[idx] = Some(SubTask {
                        id: subtasks[idx].id,
                        description: subtasks[idx].description.clone(),
                        required_capability: subtasks[idx].required_capability.clone(),
                        result: Some(format!("Failed: {e}")),
                        success: false,
                        role: subtasks[idx].role.clone(),
                    });
                }
                Err(e) => {
                    tracing::error!(error = %e, "JoinSet task panicked");
                }
            }
        }

        let completed: Vec<SubTask> = completed.into_iter().flatten().collect();
        let succeeded = completed.iter().filter(|r| r.success).count();
        let total = completed.len();

        tracing::info!(
            group_id = %group_id,
            succeeded,
            total,
            "Parallel multi-agent execution complete"
        );

        // Persist group state
        let _ = self
            .state_store
            .save_json("agent_groups", &group_id.to_string(), &group)
            .await;
        self.git_commit(
            &format!("agent_groups/{group_id}.json"),
            "orchestrator: save group",
        );

        Ok(completed)
    }

    // ──────────────────────────────────────────────────────────────────
    // RFC-027 §3 — Unified intent handler
    // ──────────────────────────────────────────────────────────────────
    //
    // Phase 5 entry point. Routes a single user message through:
    //   assess → (crystallize) → execute → (review + retry) → Response
    //
    // The legacy `handle_message()` and `chat()` paths remain intact;
    // this method coexists alongside them until Phase 6 cuts over.

    /// Unified entry point for every user message (RFC-027 §3).
    ///
    /// One method, one match — depth falls out of [`Scope`]:
    ///
    /// 1. [`IntentEngine::assess`] classifies the message (conversation /
    ///    clarify / task + scope). Always called once.
    /// 2. For `Assessment::Task(scope)` we build a [`Directive`]:
    ///    - `Scope::Trivial` — `Directive::from_message(msg)` verbatim.
    ///    - `Scope::Substantial` — [`IntentEngine::crystallize`] produces a
    ///      structured directive with goal, constraints, and acceptance
    ///      criteria.
    /// 3. The [`ExecEnv`] is resolved from [`MsgCtx`] independently of the
    ///    directive (Mount workspace context, paths, project ID, cspace hint).
    /// 4. Execution delegates to the existing [`AgentLifecycleManager`].
    ///    In Phase 5 the Directive is shimmed into a [`Seed`] for the
    ///    current pipeline; Phase 6 will replace this with
    ///    `lifecycle.execute_directive(&Directive, &ExecEnv)`.
    /// 5. For `Scope::Substantial` we call [`IntentEngine::review`] and, if
    ///    the verdict fails, retry once with the verdict's gaps folded back
    ///    into the directive as additional constraints.
    ///
    /// Does not modify or call the legacy `handle_message()` / `chat()`
    /// paths — they remain the canonical entry points until Phase 6 cuts
    /// the gateway over to `handle()`.
    ///
    /// # Parameters
    /// - `engine` — the LLM-backed intent engine (assess/crystallize/review).
    /// - `msg` — the user's raw message text.
    /// - `ctx` — per-message context (session, history, project/mount hints).
    pub async fn handle(
        &self,
        engine: &dyn oxios_ouroboros::IntentEngineOps,
        msg: &str,
        ctx: &oxios_ouroboros::MsgCtx,
    ) -> Result<HandleResponse> {
        // 1. assess — always called once, routes the message.
        let assessment = engine.assess(msg, ctx).await?;

        match assessment {
            oxios_ouroboros::Assessment::Conversation(reply) => Ok(HandleResponse::Reply(reply)),

            oxios_ouroboros::Assessment::Clarify { questions } => {
                Ok(HandleResponse::Clarify(questions))
            }

            oxios_ouroboros::Assessment::Task(scope) => {
                // 2. Build the Directive based on scope.
                let mut directive = match scope {
                    oxios_ouroboros::Scope::Trivial => {
                        oxios_ouroboros::Directive::from_message(msg)
                    }
                    oxios_ouroboros::Scope::Substantial => engine.crystallize(msg, ctx).await?,
                };

                // 3. Resolve the execution environment from MsgCtx.
                let env = self.resolve_exec_env(ctx, msg);

                // 4. Execute (always). Trivial tasks skip review; substantial
                //    tasks go through verify_or_retry below.
                let mut result = self.execute_directive(&directive, &env).await?;

                // 5. Verify + optional retry (Substantial only).
                let (verdict, evaluation_passed) = match scope {
                    oxios_ouroboros::Scope::Trivial => (None, None),
                    oxios_ouroboros::Scope::Substantial => {
                        let (r, v) = self
                            .verify_or_retry(engine, &mut directive, &env, result, msg, ctx)
                            .await?;
                        result = r;
                        let passed = v.all_passed();
                        (Some(v), Some(passed))
                    }
                };

                self.lifecycle.reap_zombies();

                Ok(HandleResponse::Task {
                    scope,
                    directive: Box::new(directive),
                    env,
                    result: Box::new(result),
                    verdict,
                    evaluation_passed,
                })
            }
        }
    }

    /// Unified entry point that accepts legacy-style parameters and returns
    /// an `OrchestrationResult` (RFC-027).
    ///
    /// Builds a [`MsgCtx`] from the session history (if any), then delegates
    /// to [`handle`](Self::handle). Falls back to `handle_message` if no
    /// `IntentEngine` is wired.
    pub async fn handle_unified(
        &self,
        user_id: &str,
        msg: &str,
        session_id: Option<&str>,
        project_ids: Option<&str>,
        mount_ids: Option<&str>,
        request_id: &str,
    ) -> Result<OrchestrationResult> {
        // Get the IntentEngine (always wired by the kernel assembler).
        let engine = self
            .intent_engine
            .read()
            .clone()
            .expect("IntentEngine not wired — kernel assembler bug");

        // Build MsgCtx.
        let sid = session_id.unwrap_or(request_id).to_string();
        let history = self.load_session_history(&sid).await;
        let ctx = oxios_ouroboros::MsgCtx {
            session_id: sid.clone(),
            history,
            project_ids: project_ids.map(String::from),
            mount_ids: mount_ids.map(String::from),
            user_id: user_id.to_string(),
        };

        // Call the unified path.
        let start = std::time::Instant::now();
        let response = self.handle(engine.as_ref(), msg, &ctx).await?;
        let duration_ms = start.elapsed().as_millis() as u64;

        Ok(self.handle_response_to_orchestration_result(response, &ctx, duration_ms))
    }

    /// Load conversation history for a session from the state store.
    async fn load_session_history(&self, session_id: &str) -> Vec<oxios_ouroboros::Exchange> {
        let sid = crate::state_store::SessionId(session_id.to_string());
        match self.state_store.load_session(&sid).await {
            Ok(Some(session)) => session
                .user_messages
                .iter()
                .zip(session.agent_responses.iter())
                .map(|(u, a)| oxios_ouroboros::Exchange {
                    user: u.content.clone(),
                    agent: a.content.clone(),
                })
                .collect(),
            _ => Vec::new(),
        }
    }

    fn handle_response_to_orchestration_result(
        &self,
        response: HandleResponse,
        ctx: &oxios_ouroboros::MsgCtx,
        duration_ms: u64,
    ) -> OrchestrationResult {
        let metrics = get_metrics();
        metrics.orch_duration.observe(duration_ms as f64 / 1000.0);

        match response {
            HandleResponse::Reply(reply) => OrchestrationResult {
                session_id: Some(ctx.session_id.clone()),
                primary_project_id: None,
                project_tag: None,
                active_mount_ids: Vec::new(),
                mount_tag: None,
                response: reply,
                seed_id: None,
                agent_id: None,
                phase_reached: oxios_ouroboros::Phase::Interview,
                evaluation_passed: None,
                output: None,
                tool_calls: Vec::new(),
                interview_questions: None,
                interview_round: None,
                interview_ambiguity: None,
                mode: "unified".to_string(),
            },
            HandleResponse::Clarify(questions) => {
                let questions_text = questions
                    .iter()
                    .map(|q| q.text.clone())
                    .collect::<Vec<_>>()
                    .join("\n");
                let structured = Some(
                    questions
                        .iter()
                        .map(
                            |q| oxios_ouroboros::ouroboros_engine::InterviewQuestionOutput {
                                id: q.id.clone(),
                                text: q.text.clone(),
                                kind: format!("{:?}", q.kind).to_lowercase(),
                                options: q
                                    .options
                                    .iter()
                                    .map(|o| {
                                        oxios_ouroboros::ouroboros_engine::InterviewOptionOutput {
                                            value: o.value.clone(),
                                            label: o.label.clone(),
                                            description: String::new(),
                                        }
                                    })
                                    .collect(),
                            },
                        )
                        .collect(),
                );
                OrchestrationResult {
                    session_id: Some(ctx.session_id.clone()),
                    primary_project_id: None,
                    project_tag: None,
                    active_mount_ids: Vec::new(),
                    mount_tag: None,
                    response: questions_text,
                    seed_id: None,
                    agent_id: None,
                    phase_reached: oxios_ouroboros::Phase::Interview,
                    evaluation_passed: None,
                    output: None,
                    tool_calls: Vec::new(),
                    interview_questions: structured,
                    interview_round: Some(((ctx.history.len() / 2) as u32).max(1)),
                    interview_ambiguity: None,
                    mode: "unified".to_string(),
                }
            }
            HandleResponse::Task {
                scope: _,
                directive,
                env,
                result,
                verdict,
                evaluation_passed,
            } => {
                let response_text = if directive.acceptance_criteria.is_empty() {
                    result.output.clone()
                } else {
                    match &verdict {
                        Some(v) if v.all_passed() => result.output.clone(),
                        Some(v) => format!(
                            "{}\n\n⚠ Review notes:\n{}",
                            result.output,
                            v.notes.join("\n")
                        ),
                        None => result.output.clone(),
                    }
                };
                if evaluation_passed.unwrap_or(false) {
                    metrics.agents_completed.inc();
                } else {
                    metrics.agents_failed.inc();
                }
                OrchestrationResult {
                    session_id: Some(ctx.session_id.clone()),
                    primary_project_id: env.project_id,
                    project_tag: None,
                    active_mount_ids: Vec::new(),
                    mount_tag: None,
                    response: response_text,
                    seed_id: None,
                    agent_id: None,
                    phase_reached: oxios_ouroboros::Phase::Execute,
                    evaluation_passed,
                    output: Some(result.output.clone()),
                    tool_calls: result.tool_calls.clone(),
                    interview_questions: None,
                    interview_round: None,
                    interview_ambiguity: None,
                    mode: "unified".to_string(),
                }
            }
        }
    }

    /// Resolve an [`ExecEnv`] from the per-message context.
    ///
    /// Mirrors the Mount workspace resolution done by `handle_message()`
    /// and `chat()` but packages the result as the new [`ExecEnv`] type.
    /// Independent of the directive — runs whether the task is Trivial
    /// or Substantial.
    fn resolve_exec_env(
        &self,
        ctx: &oxios_ouroboros::MsgCtx,
        msg: &str,
    ) -> oxios_ouroboros::ExecEnv {
        let (active_mount_ids, workspace_context, mount_paths, _mount_tag) =
            self.resolve_mount_workspace(ctx.mount_ids.as_deref(), ctx.project_ids.as_deref(), msg);
        // active_mount_ids + mount_tag are surfaced via the legacy path;
        // ExecEnv carries the resolved paths/context/project that the
        // agent runtime actually consumes.
        let _ = active_mount_ids;

        // Resolve a primary project ID (matches handle_message semantics):
        // explicit project_ids takes precedence over auto-detection.
        let project_id = ctx
            .project_ids
            .as_deref()
            .and_then(|ids| {
                ids.split(',')
                    .next()
                    .and_then(|s| Uuid::parse_str(s.trim()).ok())
            })
            .or_else(|| {
                self.detect_project_tag(msg).and_then(|_tag| {
                    self.project_manager().and_then(|pm| {
                        let projects = pm.list_projects();
                        match crate::project::detect_project(msg, &projects) {
                            crate::project::DetectionResult::Found(id) => Some(id),
                            crate::project::DetectionResult::NoMatch { .. } => None,
                        }
                    })
                })
            });

        // Touch the project to record activity (mirrors handle_message).
        if let Some(pid) = project_id
            && let Some(pm) = self.project_manager()
        {
            pm.touch(pid);
        }

        oxios_ouroboros::ExecEnv {
            workspace_context,
            mount_paths,
            project_id,
            cspace_hint: None,
        }
    }

    /// Execute a [`Directive`] under an [`ExecEnv`].
    ///
    /// **Phase 5 stub:** builds a legacy [`Seed`] from the directive and
    /// delegates to the existing [`AgentLifecycleManager::spawn_and_run`]
    /// pipeline. Phase 6 will replace this with
    /// `lifecycle.execute_directive(&directive, &env)` once
    /// AgentRuntime/Supervisor/AgentLifecycleManager have their
    /// Directive-based methods (see sibling subagents Runtime and
    /// RuntimeDirective).
    async fn execute_directive(
        &self,
        directive: &oxios_ouroboros::Directive,
        env: &oxios_ouroboros::ExecEnv,
    ) -> Result<ExecutionResult> {
        let seed = self.directive_to_seed(directive, env);
        self.lifecycle.spawn_and_run(&seed, Priority::Normal).await
    }

    /// Shim a [`Directive`] + [`ExecEnv`] into a legacy [`Seed`].
    ///
    /// Used only by [`Self::execute_directive`] during the Phase 5 stub
    /// window. Carries every field the agent runtime reads: goal,
    /// constraints, acceptance criteria, original request, output schema,
    /// project, workspace context, mount paths, and cspace hint.
    fn directive_to_seed(
        &self,
        directive: &oxios_ouroboros::Directive,
        env: &oxios_ouroboros::ExecEnv,
    ) -> Seed {
        let mut seed = Seed::new(directive.goal.clone());
        seed.original_request = directive.original_request.clone();
        seed.constraints = directive.constraints.clone();
        seed.acceptance_criteria = directive.acceptance_criteria.clone();
        seed.output_schema = directive.output_schema.clone();
        seed.project_id = env.project_id;
        seed.workspace_context = env.workspace_context.clone();
        seed.mount_paths = env.mount_paths.clone();
        seed.cspace_hint = env.cspace_hint.clone();
        seed
    }

    /// Review the result against the directive's criteria; on failure,
    /// retry once with the verdict's gaps folded back as constraints.
    ///
    /// Phase 5 caps retries at one explicit attempt; once IntentConfig
    /// lands (Phase 5 sibling subtask) this will read the configured
    /// `max_retries` instead.
    async fn verify_or_retry(
        &self,
        engine: &dyn oxios_ouroboros::IntentEngineOps,
        directive: &mut oxios_ouroboros::Directive,
        env: &oxios_ouroboros::ExecEnv,
        initial_result: ExecutionResult,
        _msg: &str,
        _ctx: &oxios_ouroboros::MsgCtx,
    ) -> Result<(ExecutionResult, oxios_ouroboros::Verdict)> {
        let verdict = engine.review(directive, &initial_result).await?;

        if verdict.all_passed() || verdict.gaps.is_empty() {
            return Ok((initial_result, verdict));
        }

        // Check if retry is enabled (RFC-027 Decision 6).
        // When disabled, return the initial result with the failed verdict.
        let enable_retry = self.intent_config.read().enable_retry;
        if !enable_retry {
            tracing::info!("Review failed but retry disabled (enable_retry=false)");
            return Ok((initial_result, verdict));
        }

        let metrics = get_metrics();
        metrics.retry_attempted.inc();

        tracing::info!(
            gaps = verdict.gaps.len(),
            "Review failed — retrying with feedback"
        );

        // Execute with feedback: previous output + gaps injected.
        let retry_result = self
            .lifecycle
            .execute_with_feedback(
                directive,
                env,
                &initial_result,
                &verdict.gaps,
                Priority::Normal,
            )
            .await?;

        // Re-review.
        let retry_verdict = engine.review(directive, &retry_result).await?;

        // Track retry effectiveness.
        if retry_verdict.score > verdict.score {
            metrics.retry_improved.inc();
        } else if retry_verdict.score < verdict.score {
            metrics.retry_degraded.inc();
        } else {
            metrics.retry_unchanged.inc();
        }

        // Return best result.
        let chosen_result = if retry_verdict.score >= verdict.score {
            retry_result
        } else {
            initial_result
        };

        Ok((chosen_result, retry_verdict))
    }
}

/// Response envelope for [`Orchestrator::handle`] (RFC-027 §3).
///
/// One variant per terminal state of the unified handler:
///
/// - [`HandleResponse::Reply`] — conversational answer, no agent spawned.
/// - [`HandleResponse::Clarify`] — the message was ambiguous; ask these
///   structured questions before acting.
/// - [`HandleResponse::Task`] — an agent executed the task. Carries the
///   scope, the directive that was run, the resolved environment, the
///   execution result, and (for substantial tasks) the review verdict +
///   pass/fail.
#[derive(Debug, Clone)]
pub enum HandleResponse {
    /// Conversational reply — no agent was spawned.
    Reply(String),
    /// Structured clarifying questions to ask before acting.
    Clarify(Vec<oxios_ouroboros::Question>),
    /// A task was executed by an agent.
    Task {
        /// The scope decided by `assess` — Trivial skips review.
        scope: oxios_ouroboros::Scope,
        /// The directive that was executed (post-retry if a retry ran).
        directive: Box<oxios_ouroboros::Directive>,
        /// The execution environment resolved for this message.
        env: oxios_ouroboros::ExecEnv,
        /// The execution result.
        result: Box<ExecutionResult>,
        /// The review verdict — `None` for `Scope::Trivial`.
        verdict: Option<oxios_ouroboros::Verdict>,
        /// Whether the (final) verdict passed — `None` for `Scope::Trivial`.
        evaluation_passed: Option<bool>,
    },
}

/// Active session state for multi-turn interviews.
#[derive(Debug, Clone)]
#[allow(unused)]
struct InterviewSession {
    id: String,
    interview: InterviewResult,
    phase: Phase,
    seed_id: Option<Uuid>,
    agent_id: Option<AgentId>,
}

fn default_chat_mode() -> String {
    "chat".into()
}

/// Result of a full orchestration cycle.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OrchestrationResult {
    /// Session ID for multi-turn interviews. Pass this on follow-up messages.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub session_id: Option<String>,
    /// The Space ID that handled this message.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub primary_project_id: Option<Uuid>,
    /// Space decoration tag for the response (e.g. "[🔧 oxios]").
    #[serde(skip_serializing_if = "Option::is_none")]
    pub project_tag: Option<String>,
    /// Active Mount IDs for this message (RFC-025), primary first.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub active_mount_ids: Vec<MountId>,
    /// Mount decoration tag for the response (e.g. "[🔧 oxios + oxi-sdk]").
    #[serde(skip_serializing_if = "Option::is_none")]
    pub mount_tag: Option<String>,
    /// The response to send back to the user.
    pub response: String,
    /// The seed that was created (if seed phase was reached).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub seed_id: Option<Uuid>,
    /// The agent that executed (if execute phase was reached).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub agent_id: Option<AgentId>,
    /// The furthest phase reached.
    pub phase_reached: Phase,
    /// Whether evaluation passed.
    ///
    /// - `None` — evaluation was not applicable (interview, chat, non-task).
    /// - `Some(true)` — evaluation passed.
    /// - `Some(false)` — evaluation failed or execution unsuccessful.
    pub evaluation_passed: Option<bool>,
    /// Output or notes from evaluation.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub output: Option<String>,
    /// Tool calls recorded during execution.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub tool_calls: Vec<oxios_ouroboros::ToolCallRecord>,
    /// Structured interview questions (chat UI redesign — interactive
    /// interview). Populated when the interview phase needs clarification
    /// and the LLM produced a structured form of the questions. The
    /// Gateway forwards this to the WebSocket as an `interview` chunk;
    /// the Web UI renders it as interactive widgets (chips, yes/no
    /// buttons). When `None`, the frontend falls back to rendering
    /// `response` as plain markdown.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub interview_questions:
        Option<Vec<oxios_ouroboros::ouroboros_engine::InterviewQuestionOutput>>,
    /// Current interview round (1-based). Populated alongside
    /// `interview_questions`. Drives the "Round N/M" indicator.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub interview_round: Option<u32>,
    /// Current ambiguity score (0.0 = clear, 1.0 = fully ambiguous).
    /// Populated alongside `interview_questions`. Drives the progress bar.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub interview_ambiguity: Option<f64>,
    /// Execution mode: "chat" (default agent) | "ouroboros" (spec-first pipeline).
    #[serde(default = "default_chat_mode")]
    pub mode: String,
}

/// Format clarifying questions for display.
fn format_questions(questions: &[String]) -> String {
    if questions.is_empty() {
        "I need a bit more clarification before I can proceed.".to_string()
    } else {
        format!(
            "I'd like to understand your request better. Could you help clarify:\n\n{}",
            questions
                .iter()
                .enumerate()
                .map(|(i, q)| format!("{}. {}", i + 1, q))
                .collect::<Vec<_>>()
                .join("\n")
        )
    }
}

/// Format the final result for display.
/// Format execution result for display to the user.
fn format_execution_result(seed: &Seed, exec: &ExecutionResult) -> String {
    let mut lines = Vec::new();

    if exec.success {
        lines.push(format!("✅ '{}'", seed.goal));
    } else {
        lines.push(format!(
            "⚠️ '{}'을(를) 시도했지만 완전히 성공하지 못했습니다.",
            seed.goal
        ));
    }

    // Show a truncated preview of the output if present.
    if !exec.output.is_empty() {
        let preview = if exec.output.len() > 500 {
            // Char-boundary safe: roll back to avoid splitting a
            // multibyte UTF-8 sequence (Korean, CJK, emoji).
            let mut end = 500;
            while end > 0 && !exec.output.is_char_boundary(end) {
                end -= 1;
            }
            format!("{}...", &exec.output[..end])
        } else {
            exec.output.clone()
        };
        lines.push(String::new());
        lines.push(preview);
    }

    lines.join("\n")
}

/// Check if a seed should be split into subtasks.
///
/// Simple heuristic: if the seed has 3 or more acceptance criteria,
/// it likely contains distinct concerns that can be parallelized.
fn should_split_seed(seed: &Seed) -> bool {
    // Only split for genuinely complex tasks with many criteria.
    // Simple tasks (even with 3-4 criteria) are better handled by a single agent
    // to preserve context coherence.
    seed.acceptance_criteria.len() >= 5
}

/// Split a seed into subtasks based on acceptance criteria.
///
/// Each acceptance criterion becomes a separate subtask with the
/// parent seed's goal as context. Infers required capability from
/// the goal text using the same heuristic as `build_agent_card`.
fn split_into_subtasks(seed: &Seed) -> Vec<SubTask> {
    seed.acceptance_criteria
        .iter()
        .map(|criterion| {
            let desc = format!("{}: {}", seed.goal, criterion);
            let desc_lower = desc.to_lowercase();

            // Infer capability from subtask description.
            let cap = if desc_lower.contains("review") || desc_lower.contains("code") {
                Some("code-review".to_string())
            } else if desc_lower.contains("test") {
                Some("testing".to_string())
            } else if desc_lower.contains("refactor") || desc_lower.contains("improve") {
                Some("refactoring".to_string())
            } else if desc_lower.contains("write")
                || desc_lower.contains("create")
                || desc_lower.contains("implement")
            {
                Some("code-generation".to_string())
            } else if desc_lower.contains("debug") || desc_lower.contains("fix") {
                Some("debugging".to_string())
            } else {
                None
            };

            let mut subtask = SubTask::new(desc);
            subtask.required_capability = cap;
            subtask
        })
        .collect()
}

/// Format combined results from multi-agent execution.
fn format_result_combined(combined: &str) -> String {
    if combined.is_empty() {
        "No subtasks completed successfully.".to_string()
    } else {
        format!("Multi-agent execution completed:\n\n{combined}")
    }
}

/// Execute a subtask via lifecycle manager, returning (output, success).
async fn run_via_lifecycle(
    lifecycle: &crate::agent_lifecycle::AgentLifecycleManager,
    parent_seed: &Seed,
    description: &str,
) -> (String, bool) {
    let child_seed = Seed {
        id: Uuid::new_v4(),
        goal: description.to_string(),
        constraints: parent_seed.constraints.clone(),
        acceptance_criteria: vec!["Task completes successfully".into()],
        ontology: parent_seed.ontology.clone(),
        created_at: chrono::Utc::now(),
        generation: parent_seed.generation + 1,
        parent_seed_id: Some(parent_seed.id),
        cspace_hint: None,
        original_request: parent_seed.original_request.clone(),
        output_schema: None,
        project_id: parent_seed.project_id,
        workspace_context: parent_seed.workspace_context.clone(),
        mount_paths: parent_seed.mount_paths.clone(),
    };
    match lifecycle.spawn_and_run(&child_seed, Priority::Normal).await {
        Ok(result) => (result.output, result.success),
        Err(e) => (format!("Failed: {e}"), false),
    }
}

/// Render the body of the `## Workspace Context` prompt section (RFC-025).
///
/// The caller (`build_system_prompt`) wraps this in the `## Workspace
/// Context` header. Returns `None` when there are no Mounts to describe.
///
/// Fill order respects the prompt budget (~1500 tokens soft):
/// 1. Primary Mount — full (description + summary + path).
/// 2. Secondary Mounts — name + path + one-line summary only.
fn build_workspace_context_body(mounts: &[crate::mount::Mount]) -> Option<String> {
    if mounts.is_empty() {
        return None;
    }
    let mut out = String::new();
    out.push_str("### Active Mounts\n");

    for (i, m) in mounts.iter().enumerate() {
        let primary = i == 0;
        let path = m
            .primary_path()
            .map(|p| p.to_string_lossy().to_string())
            .unwrap_or_else(|| "(no path)".to_string());

        if primary {
            out.push_str(&format!("- **{}** → {}\n", m.name, path));
            if !m.auto_description.is_empty() {
                // First ~3 lines of the agent-written description.
                let desc: String = m
                    .auto_description
                    .lines()
                    .take(3)
                    .collect::<Vec<_>>()
                    .join("\n  ");
                out.push_str(&format!("  {}\n", desc));
            }
            let summary = m.summary_line();
            if !summary.is_empty() {
                out.push_str(&format!("  _{}_\n", summary));
            }
            if m.enrichment_pending {
                out.push_str("  _(content changed — consider re-scanning this Mount)_\n");
            }
        } else {
            // Secondary: name + path + one-line summary only.
            let summary = m.summary_line();
            let suffix = if summary.is_empty() {
                String::new()
            } else {
                format!(" — {}", summary)
            };
            out.push_str(&format!("- **{}** → {}{}\n", m.name, path, suffix));
        }
    }

    Some(out)
}

#[cfg(test)]
mod mount_workspace_tests {
    use super::*;
    use crate::mount::{Mount, MountSource};
    use std::path::PathBuf;

    #[test]
    fn test_workspace_context_primary_full_secondary_terse() {
        let mut oxios =
            Mount::from_name_and_path("oxios", PathBuf::from("/Volumes/MERCURY/PROJECTS/oxios"));
        oxios.auto_description = "Agent OS.\nRust + tokio.".to_string();
        oxios.auto_meta.summary = "Rust agent OS".to_string();

        let mut oxi = Mount::from_name_and_path("oxi", PathBuf::from("/oxi"));
        oxi.auto_meta.summary = "SDK".to_string();

        let body = build_workspace_context_body(&[oxios, oxi]).unwrap();
        assert!(body.contains("### Active Mounts"));
        // Primary gets full description.
        assert!(body.contains("Agent OS."));
        assert!(body.contains("_Rust agent OS_"));
        // Secondary is terse.
        assert!(body.contains("**oxi** → /oxi — SDK"));
    }

    #[test]
    fn test_workspace_context_empty_is_none() {
        assert!(build_workspace_context_body(&[]).is_none());
    }

    /// End-to-end: a real MountManager + Orchestrator-less call to
    /// `resolve_mount_workspace` proves that detection seeds the primary,
    /// builds the context body, and collects all paths (multi-path access).
    #[test]
    fn test_resolve_mount_workspace_detects_and_collects_paths() {
        use crate::mount::MountManager;
        use oxios_memory::memory::sqlite::MemoryDatabase;
        use std::sync::Arc;

        let db = Arc::new(MemoryDatabase::open_in_memory(64).unwrap());
        let mm = Arc::new(MountManager::new(db, None).unwrap());

        // Register two mounts.
        let oxios = mm
            .create_mount(
                "oxios".to_string(),
                vec![PathBuf::from("/Volumes/MERCURY/PROJECTS/oxios")],
                MountSource::Manual,
            )
            .unwrap();
        let oxi_sdk = mm
            .create_mount(
                "oxi-sdk".to_string(),
                vec![PathBuf::from("/Users/me/oxi")],
                MountSource::Manual,
            )
            .unwrap();
        mm.update_enrichment(oxios.id, Some("Agent OS in Rust.".to_string()), None)
            .unwrap();

        // Build a minimal Orchestrator-free resolver path: replicate what
        // resolve_mount_workspace does, but against the manager directly,
        // since the full Orchestrator needs many subsystems.
        let mounts = mm.get_mounts_ordered(&[oxios.id, oxi_sdk.id]);
        assert_eq!(mounts.len(), 2);

        let body = build_workspace_context_body(&mounts).unwrap();
        assert!(body.contains("oxios"));
        assert!(body.contains("Agent OS in Rust."));
        assert!(body.contains("oxi-sdk"));

        // Collect paths like the orchestrator does.
        let mut paths = Vec::new();
        for m in &mounts {
            for p in &m.paths {
                if !paths.contains(p) {
                    paths.push(p.clone());
                }
            }
        }
        assert_eq!(paths.len(), 2);
        assert_eq!(paths[0], PathBuf::from("/Volumes/MERCURY/PROJECTS/oxios"));
        assert_eq!(paths[1], PathBuf::from("/Users/me/oxi"));
    }

    /// Detection layer 1 (name match) seeds the primary when no explicit
    /// mount_ids are given — the core promise of RFC-025.
    #[test]
    fn test_detection_seeds_primary_on_name_mention() {
        use crate::mount::{DetectionResult, detect_mounts};

        let oxios =
            Mount::from_name_and_path("oxios", PathBuf::from("/Volumes/MERCURY/PROJECTS/oxios"));
        let result = detect_mounts("oxios 코드리뷰해줘", std::slice::from_ref(&oxios));
        assert!(matches!(result, DetectionResult::Found(id) if id == oxios.id));
    }
}