review(docs): #1735 patch API spec lines describing awareness_namespace

#1737 deletes the awareness_namespace column from `workspaces` and the provisioner env injection that backed it. Two API-spec lines still describe the field as if it were live, which would mislead any external integrator reading the docs against a post-#1737 backend: - docs/api-reference.md:106 listed `awareness_namespace` as a column on the `workspaces` row. - docs/api-protocol/platform-api.md:93 claimed workspace creation "assigns an awareness_namespace on the workspace row" and the namespace is "later injected into the provisioned runtime". Both are factually wrong post-#1737. Patched. The broader docs sweep (~30 more references across `docs/architecture/memory.md`, `docs/agent-runtime/*`, READMEs, superpowers plans, etc.) is tracked in #1753 as a docs-only follow-up — those are narrative / handbook copy, not contract. Refs: #1735 (RFC), #1737 (the backend removal PR this rebases on), #1753 (docs sweep follow-up), review-finding C3 (API doc contradiction). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chore(workspace-server): #1735 remove unused Awareness namespace surface
2026-05-23 16:57:14 -07:00 · 2026-05-23 16:55:10 -07:00 · 2026-05-23 23:29:00 +00:00 · 2026-05-23 16:21:22 -07:00 · 2026-05-23 22:40:30 +00:00 · 2026-05-23 22:20:25 +00:00
45 changed files with 851 additions and 270 deletions
@@ -128,6 +128,7 @@ fi
 PR_AUTHOR=$(jq -r '.user.login // ""' "$PR_JSON")
 PR_HEAD_SHA=$(jq -r '.head.sha // ""' "$PR_JSON")
 PR_BASE_REF=$(jq -r '.base.ref // ""' "$PR_JSON")
+PR_BASE_SHA=$(jq -r '.base.sha // ""' "$PR_JSON")
 PR_STATE=$(jq -r '.state // ""' "$PR_JSON")
 DEFAULT_BRANCH="${DEFAULT_BRANCH:-main}"
 debug "pr_author=${PR_AUTHOR} pr_head=${PR_HEAD_SHA:0:7} pr_base=${PR_BASE_REF} pr_state=${PR_STATE}"
@@ -136,6 +137,10 @@ if [ "$PR_STATE" != "open" ]; then
  echo "::notice::PR ${PR_NUMBER} is ${PR_STATE} — exiting 0 (closed PRs do not gate)"
  exit 0
 fi
+if [ "$PR_HEAD_SHA" = "$PR_BASE_SHA" ]; then
+  echo "::notice::PR ${PR_NUMBER} has no diff (head == base) — exiting 0 (empty PRs do not gate)"
+  exit 0
+fi
 if [ "$PR_BASE_REF" != "$DEFAULT_BRANCH" ]; then
  echo "::notice::PR ${PR_NUMBER} targets ${PR_BASE_REF:-<unknown>} not ${DEFAULT_BRANCH} — ${TEAM}-review gate not applicable"
  exit 0
@@ -101,7 +101,8 @@ jobs:
    # AND-set: only the Mac arm64 runner advertises macos-self-hosted.
    # See "RUNNER TARGETING" header note for why bare self-hosted is unsafe.
    runs-on: [self-hosted, macos-self-hosted]
-    # ADVISORY: never blocks. See safety contract point 3.
+    # ADVISORY: never blocks. See safety contract point 3. mc#774
+    # internal#418 — tracked: arm64 advisory pilot, non-gating by design.
    continue-on-error: true
    # event_name gate: functional (only meaningful on push/PR) AND keeps
    # this job out of ci-required-drift.py:ci_job_names() so F1 can never
@@ -25,7 +25,7 @@ permissions:
 jobs:
  shellcheck-arm64:
    name: shellcheck-arm64 (pilot)
-    runs-on: [self-hosted, arm64]
+    runs-on: [self-hosted, arm64-darwin]
    # NOT a required check; safe to sit pending until Mac runner is up.
    # If the Mac runner has trouble pulling actions/checkout we fall
    # back to a plain git clone (see step 'fallback clone').
@@ -52,6 +52,7 @@ jobs:
          fetch-depth: 1

      - name: Install shellcheck (arm64)
+        continue-on-error: true
        run: |
          set -eu
          if command -v shellcheck >/dev/null 2>&1; then
@@ -71,11 +72,16 @@ jobs:
          shellcheck --version | head -2

      - name: Run shellcheck on .gitea/scripts/*.sh
+        continue-on-error: true
        run: |
          set -eu
          # Only the scripts we control under .gitea/scripts. Pilot
          # scope is intentionally narrow — broaden in a follow-up
          # once the lane is proven.
+          if ! command -v shellcheck >/dev/null 2>&1; then
+            echo "WARN: shellcheck binary not found — skipping (pilot mode)"
+            exit 0
+          fi
          mapfile -t TARGETS < <(find .gitea/scripts -maxdepth 2 -type f -name '*.sh' | sort)
          if [ "${#TARGETS[@]}" -eq 0 ]; then
            echo "No .sh files found under .gitea/scripts — nothing to check"
@@ -73,6 +73,17 @@ jobs:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

+      # Keep Docker auth/buildx state inside the job temp dir. Publish
+      # runners can inherit a HOME/DOCKER_CONFIG path that is host-owned
+      # and not writable from the job container; docker login otherwise
+      # fails before the image build starts.
+      - name: Prepare writable Docker config
+        run: |
+          set -euo pipefail
+          export DOCKER_CONFIG="$RUNNER_TEMP/docker-config"
+          mkdir -p "$DOCKER_CONFIG/buildx/certs"
+          echo "DOCKER_CONFIG=$DOCKER_CONFIG" >> "$GITHUB_ENV"
+
      - name: Log in to ECR
        env:
          IMAGE_NAME: ${{ env.IMAGE_NAME }}
@@ -234,6 +234,8 @@ jobs:
    name: Production auto-deploy
    needs: build-and-push
    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    # Side-effect deploy only; image publish success is the durable artifact. mc#774
+    continue-on-error: true
    # Publish/release lane (internal#462) — production deploy of a merged
    # fix; reserved capacity, never queued behind PR-CI.
    runs-on: publish
@@ -79,7 +79,7 @@ LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, Hermes, Gemini CLI, and Ope

 ### 4. Memory is treated like infrastructure

-Molecule AI's HMA approach is designed around organizational boundaries, not just "store more context somewhere." Durable recall, scoped sharing through the v2 memory plugin, and skill promotion are all part of one coherent system.
+Molecule AI's HMA approach is designed around organizational boundaries, not just “store more context somewhere.” Durable recall, scoped sharing, awareness namespaces, and skill promotion are all part of one coherent system.

 ### 5. It comes with a real control plane

@@ -101,7 +101,7 @@ Registry, heartbeats, restart, pause/resume, activity logs, approvals, terminal
 | **Role-native workspace abstraction** | Your org structure survives model swaps, framework changes, and team expansion |
 | **Fractal team expansion** | A single specialist can become a managed department without breaking upstream integrations |
 | **Heterogeneous runtime compatibility** | Different teams can keep their preferred agent architecture while sharing one control plane |
-| **HMA + v2 memory plugin** | Memory sharing follows hierarchy instead of leaking across the whole system; one plugin per tenant, namespace-scoped per workspace |
+| **HMA + awareness namespaces** | Memory sharing follows hierarchy instead of leaking across the whole system |
 | **Skill evolution loop** | Durable successful workflows can graduate from memory into reusable, hot-reloadable skills |
 | **WebSocket-first operational UX** | The canvas reflects task state, structure changes, and A2A responses in near real time |
 | **Global secrets with local override** | Centralize provider access, then override only where a workspace needs specialized credentials |
@@ -133,7 +133,7 @@ Most projects stop at “we added memory.” Molecule AI pushes further:
 | Flat store or weak namespaces | Hierarchy-aligned `LOCAL`, `TEAM`, `GLOBAL` scopes |
 | Sharing is easy to overexpose | Sharing is explicit and structure-aware |
 | Memory and procedure get mixed together | Memory stores durable facts; skills store repeatable procedure |
-| Every agent can become over-privileged | Per-workspace namespaces in the v2 memory plugin reduce blast radius |
+| Every agent can become over-privileged | Workspace awareness namespaces reduce blast radius |
 | UI memory and runtime memory blur together | Separate surfaces for scoped agent memory, key/value workspace memory, and recall |

 ### The flywheel
@@ -163,7 +163,7 @@ Most agent systems stop at "a smart runtime." Molecule AI pushes further: it giv

 | Core mechanism | Molecule AI module(s) | Why it matters |
 |---|---|---|
-| **Durable memory that survives sessions** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/`, `workspace-server/internal/handlers/memories.go`, `workspace-server/internal/memory/` (v2 plugin client + namespace resolver) | Memory is not just durable, it is **workspace-scoped** — every write lands in the workspace's own `workspace:<id>` namespace, with `team:<root>` and `org:<root>` available for cross-workspace shares via the platform's namespace ACL when an agent explicitly promotes a memory |
+| **Durable memory that survives sessions** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/`, `workspace-server/internal/handlers/memories.go` | Memory is not just durable, it is **workspace-scoped** and can route into awareness namespaces tied to the org structure |
 | **Cross-session recall** | `workspace-server/internal/handlers/activity.go` (`/workspaces/:id/session-search`) | Recall spans both activity history and memory rows, so the system can search what happened and what was learned without inventing a separate hidden store |
 | **Skills built from experience** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/memory.py` (`_maybe_log_skill_promotion`) | Promotion from memory into a skill candidate is surfaced as an explicit platform activity, not a silent internal side effect |
 | **Skill improvement during use** | `molecule-ai-workspace-runtime/molecule_runtime/skill_loader/`, `molecule-ai-workspace-runtime/molecule_runtime/main.py` | Skills hot-reload into the live runtime, so improvements become available on the next A2A task without restarting the workspace |
@@ -172,7 +172,7 @@ Most agent systems stop at "a smart runtime." Molecule AI pushes further: it giv
 ### Why this matters in Molecule AI

 1. **The learning loop is org-aware, not just session-aware.**
-   Memory can live at `LOCAL`, `TEAM`, or `GLOBAL` scope, and the v2 plugin's namespace ACL gives each workspace a durable identity boundary.
+   Memory can live at `LOCAL`, `TEAM`, or `GLOBAL` scope, and awareness namespaces give each workspace a durable identity boundary.

 2. **The learning loop is visible to operators.**
   Promotion events, activity logs, current-task updates, traces, and WebSocket fanout mean self-improvement is part of the control plane, not a hidden black box.
@@ -211,7 +211,7 @@ The result is not just “an agent that learns.” It is **an organization that
 - standalone workspace-template images that install `molecule-ai-workspace-runtime` from the Gitea package registry; thin AMI in production (us-east-2)
 - adapter-driven execution across **8 runtimes** (Claude Code, Hermes, Gemini CLI, LangGraph, DeepAgents, CrewAI, AutoGen, OpenClaw)
 - Agent Card registration
- **Memory v2 backed by pgvector** — per-tenant plugin sidecar serving HMA namespaces with FTS + semantic recall
+- awareness-backed memory integration; **Memory v2 backed by pgvector** for semantic recall
 - plugin-mounted shared rules/skills
 - hot-reloadable local skills
 - coordinator-only delegation path
@@ -262,7 +262,7 @@ Canvas (Next.js 15, warm-paper :3000)  <--HTTP / WS-->  Platform (Go 1.25 :8080)
 Workspace Runtime (Python ≥3.11, image with adapters)
  - 8 adapters: LangGraph / DeepAgents / Claude Code / CrewAI / AutoGen / Hermes / Gemini CLI / OpenClaw
  - Agent Card + A2A server (typed-SSOT response path, RFC #2967)
-  - heartbeat + activity + Memory v2 (pgvector semantic recall via per-tenant plugin sidecar)
+  - heartbeat + activity + awareness-backed memory (Memory v2 — pgvector semantic recall)
  - skills + plugins + hot reload

 SaaS Control Plane (molecule-controlplane, private)
@@ -78,7 +78,7 @@ LangGraph、DeepAgents、Claude Code、CrewAI、AutoGen、Hermes、Gemini CLI、

 ### 4. Memory 被当成基础设施来做

-Molecule AI 的 HMA 不是“多存一点上下文”而已。它关注组织边界、durable recall、scope sharing、v2 memory plugin、skill promotion，把这些放在一个完整体系里。
+Molecule AI 的 HMA 不是“多存一点上下文”而已。它关注组织边界、durable recall、scope sharing、awareness namespace、skill promotion，把这些放在一个完整体系里。

 ### 5. 它自带真正的 control plane

@@ -100,7 +100,7 @@ Registry、heartbeat、restart、pause/resume、activity、approval、terminal
 | **角色原生 workspace 抽象** | 模型切换、框架切换、团队扩容都不会打碎你的组织结构 |
 | **分形式团队扩展** | 一个 specialist 可以平滑升级成一个部门，而不影响上游集成 |
 | **异构 runtime 兼容** | 不同团队可以保留偏好的 agent 架构，但共用一套平台规则 |
-| **HMA + v2 memory plugin** | Memory 分享沿组织边界走，而不是全局乱穿透；每个 tenant 一个 plugin，按 workspace namespace 隔离 |
+| **HMA + awareness namespace** | Memory 分享沿组织边界走，而不是全局乱穿透 |
 | **Skill 演化闭环** | 成功工作流可以从 memory 逐步提升成可热加载的 skill |
 | **WebSocket-first 运维体验** | Canvas 能即时反映任务状态、结构变更和 A2A 响应 |
 | **Global secrets + local override** | 统一管理 provider 凭据，只在需要时做 workspace 级覆写 |
@@ -132,7 +132,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 | 扁平 store 或弱命名空间隔离 | 与层级对齐的 `LOCAL`、`TEAM`、`GLOBAL` scope |
 | 分享很容易越界 | 分享是显式且结构感知的 |
 | Memory 和 procedure 混成一团 | Memory 存 durable facts，skills 存 repeatable procedure |
-| 任意 agent 容易过权 | v2 memory plugin 的 per-workspace namespace 缩小 blast radius |
+| 任意 agent 容易过权 | workspace awareness namespace 缩小 blast radius |
 | UI memory 和 runtime memory 混在一起 | scoped agent memory、key/value workspace memory、recall surface 分层清晰 |

 ### 这套飞轮怎么转
@@ -162,7 +162,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更

 | 核心机制 | Molecule AI 对应模块 | 为什么重要 |
 |---|---|---|
-| **跨 session 的 durable memory** | `workspace/builtin_tools/memory.py`、`workspace-server/internal/handlers/memories.go`、`workspace-server/internal/memory/`（v2 plugin client + namespace resolver）| 不只是持久化，而且是**按 workspace 隔离**的 —— 每次写入都落在 workspace 自己的 `workspace:<id>` namespace 里；当 agent 显式升级到跨 workspace 共享时，可以通过平台 namespace ACL 写到 `team:<root>` 和 `org:<root>` |
+| **跨 session 的 durable memory** | `workspace/builtin_tools/memory.py`、`workspace/builtin_tools/awareness_client.py`、`workspace-server/internal/handlers/memories.go` | 不只是持久化，而且是**按 workspace 隔离**的，可进一步路由到和组织结构绑定的 awareness namespace |
 | **Cross-session recall** | `workspace-server/internal/handlers/activity.go` 中的 `/workspaces/:id/session-search` | Recall 同时覆盖 activity history 和 memory rows，不需要再造一个隐蔽的新存储层 |
 | **从经验里长出技能** | `workspace/builtin_tools/memory.py` 里的 `_maybe_log_skill_promotion` | 从 memory 到 skill candidate 的提升会被显式记录成平台 activity，而不是默默发生在黑盒里 |
 | **技能在使用中持续改进** | `workspace/skill_loader/watcher.py`、`workspace/skill_loader/loader.py`、`workspace/main.py` | Skill 改动可以热加载进 live runtime，下一次 A2A 任务就能直接使用，不需要重启 workspace |
@@ -171,7 +171,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 ### 为什么这在 Molecule AI 里更适合团队级系统

 1. **学习闭环是 org-aware 的，而不只是 session-aware。**
-   Memory 可以按 `LOCAL`、`TEAM`、`GLOBAL` scope 运作，v2 plugin 的 namespace ACL 让每个 workspace 都有清晰的持久边界。
+   Memory 可以按 `LOCAL`、`TEAM`、`GLOBAL` scope 运作，awareness namespace 让每个 workspace 都有清晰的持久边界。

 2. **学习闭环是对运维可见的。**
   Promotion events、activity logs、current-task updates、traces、WebSocket fanout 让自我进化进入 control plane，而不是藏在黑盒内部。
@@ -210,7 +210,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 - 统一 `workspace/` 镜像；生产环境采用 thin AMI（us-east-2）
 - adapter 驱动执行，覆盖 **8 个 runtime**（Claude Code、Hermes、Gemini CLI、LangGraph、DeepAgents、CrewAI、AutoGen、OpenClaw）
 - Agent Card 注册
- **Memory v2 由 pgvector 支撑** —— 每个 tenant 一个 plugin sidecar，承载 HMA namespace、FTS 与语义召回
+- awareness-backed memory；**Memory v2 由 pgvector 支撑**语义召回
 - plugin 挂载共享 rules/skills
 - 本地 skills 热加载
 - coordinator-only delegation 路径
@@ -261,7 +261,7 @@ Canvas (Next.js 15, warm-paper :3000)  <--HTTP / WS-->  Platform (Go 1.25 :8080)
 Workspace Runtime (Python ≥3.11，含 adapter 集合的镜像)
  - 8 个 adapter: LangGraph / DeepAgents / Claude Code / CrewAI / AutoGen / Hermes / Gemini CLI / OpenClaw
  - Agent Card + A2A server（typed-SSOT 响应路径，RFC #2967）
-  - heartbeat + activity + Memory v2（pgvector 语义召回，per-tenant plugin sidecar）
+  - heartbeat + activity + awareness-backed memory（Memory v2 —— pgvector 语义召回）
  - skills + plugins + hot reload

 SaaS Control Plane (molecule-controlplane，私有)
@@ -33,6 +33,8 @@ interface HermesProvider {
  models: string[];
 }

+const DEFAULT_CREATE_MODEL = "anthropic:claude-opus-4-7";
+
 // All providers supported by Hermes runtime via providers.resolve_provider().
 // `defaultModel` is the slug injected into the workspace provision request
 // when the user picks this provider — template-hermes's derive-provider.sh
@@ -68,6 +70,10 @@ export function CreateWorkspaceButton() {
  const [creating, setCreating] = useState(false);
  const [error, setError] = useState<string | null>(null);
  const [workspaces, setWorkspaces] = useState<WorkspaceOption[]>([]);
+  const [displayEnabled, setDisplayEnabled] = useState(false);
+  const [displayInstanceType, setDisplayInstanceType] = useState("t3.xlarge");
+  const [displayRootGB, setDisplayRootGB] = useState("80");
+  const [displayResolution, setDisplayResolution] = useState("1920x1080");
  // Templates fetched from /api/templates — drives the dynamic provider
  // filter below. Same data source ConfigTab uses (PR #2454). When the
  // selected template declares `runtime_config.providers` in its
@@ -223,6 +229,10 @@ export function CreateWorkspaceButton() {
    setParentId("");
    setBudgetLimit("");
    setError(null);
+    setDisplayEnabled(false);
+    setDisplayInstanceType("t3.xlarge");
+    setDisplayRootGB("80");
+    setDisplayResolution("1920x1080");
    setHermesProvider("anthropic");
    setExternalRuntime("external");
    setHermesApiKey("");
@@ -264,6 +274,8 @@ export function CreateWorkspaceButton() {
      const parsedBudget = budgetLimit.trim()
        ? parseFloat(budgetLimit)
        : null;
+      const [displayWidth, displayHeight] = displayResolution.split("x").map((v) => parseInt(v, 10));
+      const parsedRootGB = parseInt(displayRootGB, 10);

      const createResp = await api.post<{
        id: string;
@@ -280,6 +292,21 @@ export function CreateWorkspaceButton() {
        tier,
        parent_id: parentId || undefined,
        budget_limit: parsedBudget,
+        ...(!isExternal && !isHermes ? { model: DEFAULT_CREATE_MODEL } : {}),
+        ...(displayEnabled
+          ? {
+              compute: {
+                instance_type: displayInstanceType,
+                volume: { root_gb: Number.isFinite(parsedRootGB) ? parsedRootGB : 80 },
+                display: {
+                  mode: "desktop-control",
+                  protocol: "novnc",
+                  width: Number.isFinite(displayWidth) ? displayWidth : 1920,
+                  height: Number.isFinite(displayHeight) ? displayHeight : 1080,
+                },
+              },
+            }
+          : {}),
        canvas: { x: Math.random() * 400 + 100, y: Math.random() * 300 + 100 },
        // Runtime=external flips the backend into awaiting-agent mode:
        // no container provisioning, token minted, connection payload
@@ -447,6 +474,73 @@ export function CreateWorkspaceButton() {
              </div>
            </div>

+            {!isExternal && (
+              <div className="rounded-lg border border-line/50 bg-surface-card/40 p-3">
+                <div className="mb-2 text-[11px] font-medium text-ink-mid">
+                  Container Config
+                </div>
+                <label className="flex items-center justify-between gap-3">
+                  <span className="text-xs font-medium text-ink">Display</span>
+                  <input
+                    type="checkbox"
+                    checked={displayEnabled}
+                    onChange={(e) => setDisplayEnabled(e.target.checked)}
+                    aria-label="Enable display"
+                    className="h-4 w-4"
+                  />
+                </label>
+                {displayEnabled && (
+                  <div className="mt-3 grid grid-cols-2 gap-2">
+                    <div>
+                      <label htmlFor="display-instance-type" className="mb-1 block text-[11px] text-ink-mid">
+                        Instance
+                      </label>
+                      <select
+                        id="display-instance-type"
+                        value={displayInstanceType}
+                        onChange={(e) => setDisplayInstanceType(e.target.value)}
+                        className="w-full bg-surface-card/60 border border-line/50 rounded-lg px-2 py-2 text-xs text-ink focus:outline-none focus:border-accent/60 focus:ring-1 focus:ring-accent/20 transition-colors"
+                      >
+                        <option value="t3.large">t3.large</option>
+                        <option value="t3.xlarge">t3.xlarge</option>
+                        <option value="m6i.xlarge">m6i.xlarge</option>
+                        <option value="c6i.xlarge">c6i.xlarge</option>
+                      </select>
+                    </div>
+                    <div>
+                      <label htmlFor="display-root-gb" className="mb-1 block text-[11px] text-ink-mid">
+                        Disk GB
+                      </label>
+                      <input
+                        id="display-root-gb"
+                        type="number"
+                        min="30"
+                        max="500"
+                        value={displayRootGB}
+                        onChange={(e) => setDisplayRootGB(e.target.value)}
+                        className="w-full bg-surface-card/60 border border-line/50 rounded-lg px-2 py-2 text-xs text-ink focus:outline-none focus:border-accent/60 focus:ring-1 focus:ring-accent/20 transition-colors"
+                      />
+                    </div>
+                    <div className="col-span-2">
+                      <label htmlFor="display-resolution" className="mb-1 block text-[11px] text-ink-mid">
+                        Resolution
+                      </label>
+                      <select
+                        id="display-resolution"
+                        value={displayResolution}
+                        onChange={(e) => setDisplayResolution(e.target.value)}
+                        className="w-full bg-surface-card/60 border border-line/50 rounded-lg px-2 py-2 text-xs text-ink focus:outline-none focus:border-accent/60 focus:ring-1 focus:ring-accent/20 transition-colors"
+                      >
+                        <option value="1920x1080">1920 x 1080</option>
+                        <option value="1600x900">1600 x 900</option>
+                        <option value="1280x720">1280 x 720</option>
+                      </select>
+                    </div>
+                  </div>
+                )}
+              </div>
+            )}
+
            <div>
              <label className="text-[11px] text-ink-mid block mb-1">
                Parent Workspace
@@ -123,6 +123,46 @@ describe("CreateWorkspaceDialog", () => {
    expect(body.parent_id).toBeUndefined();
  });

+  it("omits compute config by default", async () => {
+    await openDialog();
+    fireEvent.change(screen.getByPlaceholderText("e.g. SEO Agent"), {
+      target: { value: "Plain Agent" },
+    });
+
+    const createBtn = screen.getAllByRole("button").find((b) => b.textContent === "Create");
+    fireEvent.click(createBtn!);
+
+    await waitFor(() => expect(mockPost).toHaveBeenCalled());
+    const body = mockPost.mock.calls[0][1] as Record<string, unknown>;
+    expect(body.compute).toBeUndefined();
+    expect(body.model).toBe("anthropic:claude-opus-4-7");
+  });
+
+  it("sends display compute profile when desktop display is enabled", async () => {
+    await openDialog();
+    fireEvent.change(screen.getByPlaceholderText("e.g. SEO Agent"), {
+      target: { value: "Desktop Agent" },
+    });
+    fireEvent.click(screen.getByLabelText("Enable display"));
+
+    const createBtn = screen.getAllByRole("button").find((b) => b.textContent === "Create");
+    fireEvent.click(createBtn!);
+
+    await waitFor(() => expect(mockPost).toHaveBeenCalled());
+    const body = mockPost.mock.calls[0][1] as Record<string, unknown>;
+    expect(body.model).toBe("anthropic:claude-opus-4-7");
+    expect(body.compute).toEqual({
+      instance_type: "t3.xlarge",
+      volume: { root_gb: 80 },
+      display: {
+        mode: "desktop-control",
+        protocol: "novnc",
+        width: 1920,
+        height: 1080,
+      },
+    });
+  });
+
  it("renders gracefully when GET /workspaces fails", async () => {
    mockGet.mockRejectedValueOnce(new Error("Network error"));
    await openDialog();
@@ -11,6 +11,7 @@ interface DisplayStatus {
  protocol?: string;
  width?: number;
  height?: number;
+  viewer_url?: string;
 }

 interface DisplayControlStatus {
@@ -93,6 +94,31 @@ export function DisplayTab({ workspaceId }: Props) {
    }
  };

+  const releaseControl = async () => {
+    const generation = requestGeneration.current;
+    const controlPath = `/workspaces/${workspaceId}/display/control`;
+    setControlBusy(true);
+    setControlError(null);
+    try {
+      const next = await api.post<DisplayControlStatus>(`${controlPath}/release`, {});
+      if (requestGeneration.current !== generation) return;
+      setControl(next);
+    } catch (err) {
+      if (requestGeneration.current !== generation) return;
+      setControlError("Failed to release control");
+      try {
+        const latest = await api.get<DisplayControlStatus>(controlPath);
+        if (requestGeneration.current !== generation) return;
+        setControl(latest);
+      } catch {
+        if (requestGeneration.current !== generation) return;
+        setControl(null);
+      }
+    } finally {
+      if (requestGeneration.current === generation) setControlBusy(false);
+    }
+  };
+
  if (error) {
    return (
      <div className="p-5">
@@ -185,7 +211,97 @@ export function DisplayTab({ workspaceId }: Props) {
    );
  }

-  return null;
+  return (
+    <div className="flex h-full min-h-[360px] flex-col bg-surface-sunken/30">
+      <div className="flex items-center justify-between gap-3 border-b border-line/50 px-4 py-3">
+        <div className="min-w-0">
+          <h3 className="text-sm font-medium text-ink">Desktop</h3>
+          <p className="mt-0.5 font-mono text-[10px] text-ink-mid">
+            {status.mode || "desktop-control"} · {status.protocol || "display"}
+          </p>
+        </div>
+        <DisplayControlBar
+          control={control}
+          controlBusy={controlBusy}
+          controlError={controlError}
+          onAcquire={acquireControl}
+          onRelease={releaseControl}
+        />
+      </div>
+      {status.viewer_url ? (
+        <iframe
+          title="Workspace desktop"
+          src={status.viewer_url}
+          className="min-h-0 flex-1 border-0 bg-black"
+          allow="clipboard-read; clipboard-write; fullscreen; pointer-lock"
+          referrerPolicy="no-referrer"
+        />
+      ) : (
+        <div className="flex flex-1 items-center justify-center p-8 text-center">
+          <div>
+            <h3 className="mb-1.5 text-sm font-medium text-ink">Display session is not ready.</h3>
+            <p className="max-w-xs text-[11px] leading-relaxed text-ink-mid">
+              This workspace has display configuration, but the desktop session URL is not available yet.
+            </p>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
+
+function DisplayControlBar({
+  control,
+  controlBusy,
+  controlError,
+  onAcquire,
+  onRelease,
+}: {
+  control: DisplayControlStatus | null;
+  controlBusy: boolean;
+  controlError: string | null;
+  onAcquire: () => void;
+  onRelease: () => void;
+}) {
+  return (
+    <div className="flex min-w-0 items-center gap-3">
+      {control && (
+        <div className="min-w-0 text-right">
+          <p className="truncate text-[11px] font-medium text-ink">
+            {control.controller === "none"
+              ? "No active controller"
+              : `Controlled by ${displayControlActorLabel(control)}`}
+          </p>
+          {control.expires_at && (
+            <p className="mt-0.5 truncate font-mono text-[10px] text-ink-mid">
+              Until {new Date(control.expires_at).toLocaleTimeString()}
+            </p>
+          )}
+          {controlError && <p className="mt-0.5 text-[10px] text-red-200">{controlError}</p>}
+        </div>
+      )}
+      {control?.controller === "none" && (
+        <button
+          type="button"
+          onClick={onAcquire}
+          disabled={controlBusy}
+          className="h-8 shrink-0 rounded border border-line bg-surface px-3 text-[11px] font-medium text-ink hover:bg-surface-elevated disabled:cursor-not-allowed disabled:opacity-60"
+        >
+          Take control
+        </button>
+      )}
+      {control?.controller === "user" && control.controlled_by === "admin-token" && (
+        <button
+          type="button"
+          onClick={onRelease}
+          disabled={controlBusy}
+          className="h-8 shrink-0 rounded border border-line bg-surface px-3 text-[11px] font-medium text-ink hover:bg-surface-elevated disabled:cursor-not-allowed disabled:opacity-60"
+        >
+          Release
+        </button>
+      )}
+    </div>
+  );
 }

 function displayControlActorLabel(control: DisplayControlStatus): string {
@@ -71,6 +71,61 @@ describe("DisplayTab", () => {
    });
  });

+  it("renders the desktop stream when a display session is available", async () => {
+    mockGet
+      .mockResolvedValueOnce({
+        available: true,
+        mode: "desktop-control",
+        protocol: "dcv",
+        width: 1920,
+        height: 1080,
+        viewer_url: "https://display.example.test/session/ws-display",
+      })
+      .mockResolvedValueOnce({
+        controller: "none",
+      });
+
+    render(<DisplayTab workspaceId="ws-display" />);
+
+    await waitFor(() => {
+      expect(screen.getByTitle("Workspace desktop")).toBeTruthy();
+    });
+    const frame = screen.getByTitle("Workspace desktop") as HTMLIFrameElement;
+    expect(frame.src).toBe("https://display.example.test/session/ws-display");
+    expect(screen.getByRole("button", { name: "Take control" })).toBeTruthy();
+  });
+
+  it("releases user display control", async () => {
+    mockGet
+      .mockResolvedValueOnce({
+        available: true,
+        mode: "desktop-control",
+        protocol: "dcv",
+        viewer_url: "https://display.example.test/session/ws-display",
+      })
+      .mockResolvedValueOnce({
+        controller: "user",
+        controlled_by: "admin-token",
+        expires_at: "2026-05-23T08:48:27Z",
+      });
+    mockPost.mockResolvedValueOnce({
+      controller: "none",
+    });
+
+    render(<DisplayTab workspaceId="ws-display" />);
+
+    await waitFor(() => {
+      expect(screen.getByRole("button", { name: "Release" })).toBeTruthy();
+    });
+
+    fireEvent.click(screen.getByRole("button", { name: "Release" }));
+
+    await waitFor(() => {
+      expect(screen.getByRole("button", { name: "Take control" })).toBeTruthy();
+    });
+    expect(mockPost).toHaveBeenCalledWith("/workspaces/ws-display/display/control/release", {});
+  });
+
  it("renders active display control locks as observe-only", async () => {
    mockGet
      .mockResolvedValueOnce({
@@ -219,9 +219,9 @@ a2a info                           # Show workspace info

 Both approaches use the same backend: platform registry for discovery, A2A protocol for messaging, and access control enforcement (parent↔child, siblings only).

-## Memory Tools
+## Workspace Awareness

-CLI runtimes keep the same memory tool surface as the Python runtime: `commit_memory` / `commit_memory_v2` / `search_memory` / `commit_summary` / `forget_memory` are exposed via the workspace's MCP bridge and route through the platform's v2 memory plugin under the workspace's `workspace:<id>` namespace. See [Memory Architecture](../architecture/memory.md) for the backend.
+CLI runtimes keep the same memory tool surface as the Python runtime. When `AWARENESS_URL` and `AWARENESS_NAMESPACE` are injected into the workspace, `commit_memory` and `search_memory` route to the workspace's own awareness namespace instead of the fallback platform memory API. This keeps the agent contract stable while giving each workspace an isolated memory scope.

 ## Task Status Reporting

@@ -103,6 +103,8 @@ env:
  required:
    - ANTHROPIC_API_KEY
  optional:
+    - AWARENESS_URL
+    - AWARENESS_NAMESPACE
    - ANTHROPIC_BASE_URL
    - OPENAI_BASE_URL
    - GSC_CLIENT_ID
@@ -27,7 +27,7 @@ Adapter-specific behavior is documented in [Agent Runtime Adapters](./cli-runtim
 - serving A2A over HTTP
 - registering with the platform and sending heartbeats
 - reporting activity and task state
- proxying durable memory tools through the v2 memory plugin
+- integrating with awareness-backed memory when configured
 - hot-reloading skills while the workspace is running

 ## Environment Model
@@ -39,6 +39,8 @@ WORKSPACE_ID=ws-123
 WORKSPACE_CONFIG_PATH=/configs
 PLATFORM_URL=http://platform:8080
 PARENT_ID=
+AWARENESS_URL=http://awareness:37800
+AWARENESS_NAMESPACE=workspace:ws-123
 LANGFUSE_HOST=http://langfuse-web:3000
 LANGFUSE_PUBLIC_KEY=...
 LANGFUSE_SECRET_KEY=...
@@ -47,7 +49,8 @@ LANGFUSE_SECRET_KEY=...
 Important behavior:

 - `WORKSPACE_CONFIG_PATH` points at the mounted config directory for that workspace.
- Memory MCP tools route through the platform's v2 memory plugin (see Memory Architecture doc); there is no per-workspace memory env var anymore — the plugin sidecar is provisioned at the tenant EC2 boundary.
+- `AWARENESS_URL` + `AWARENESS_NAMESPACE` enable workspace-scoped awareness-backed memory.
+- If awareness is absent, runtime memory tools fall back to the platform memory endpoints for compatibility.

 ## Startup Sequence

@@ -79,7 +82,8 @@ At a high level, `workspace/main.py` does this:
 | `skills/loader.py` | Parses `SKILL.md`, loads tool modules, returns loaded skill metadata |
 | `skills/watcher.py` | Hot reload path for skill changes |
 | `plugins.py` | Scans mounted plugins for shared rules, prompt fragments, and extra skills |
-| `tools/memory.py` | Agent memory tools (route through the platform's v2 memory plugin via the workspace-server proxy) |
+| `tools/memory.py` | Agent memory tools |
+| `tools/awareness_client.py` | Awareness-backed persistence wrapper |
 | `coordinator.py` | Coordinator-only delegation path for team leads |

 ## Skills, Plugins, And Hot Reload
@@ -99,28 +103,23 @@ Hot reload matters because the runtime is designed to keep a workspace alive whi

 The watcher rescans the skill package, rebuilds the agent tool surface, and updates the Agent Card so peers and the canvas reflect the new capabilities.

-## Memory Integration
+## Awareness And Memory Integration

 The runtime keeps the agent-facing contract stable:

- `commit_memory(content, scope)` — legacy MCP name, routed through the
-  v2 plugin's scope→namespace shim
- `commit_memory_v2(content, namespace)` — direct v2 surface
- `search_memory(query, namespace?)` — v2 plugin search with FTS +
-  semantic scoring when the plugin declares the capability
+- `commit_memory(content, scope)`
+- `search_memory(query, scope)`

-All writes land in the workspace's `workspace:<workspace_id>` namespace
-unless the agent passes an explicit one. Cross-workspace namespaces
-(`team:<root>`, `org:<root>`) follow the platform's namespace ACL
-(`internal/memory/namespace/resolver.go`). There is no per-workspace
-memory env var on the runtime side — the plugin lives on the tenant
-EC2 at `localhost:9100`, spawned by `entrypoint-tenant.sh` when
-`MEMORY_PLUGIN_URL` is present in the tenant-server's env (CP
-user-data injects it during tenant provisioning). The workspace-server
-proxies all memory calls through that sidecar.
+When awareness is configured:

-See [Memory Architecture](../architecture/memory.md) for the full
-backend story.
+- the tools route durable facts to the workspace's own awareness namespace
+- the namespace defaults to `workspace:<workspace_id>` unless explicitly overridden
+
+When awareness is not configured:
+
+- the same tools fall back to the platform memory endpoints
+
+That design lets the platform improve the backend memory boundary without forcing every agent prompt or tool signature to change.

 ## Coordinator Enforcement

@@ -90,8 +90,6 @@ Poll `GET /workspaces/:id/delegations` to check results. Each entry includes `de

 This is the recommended way for agents to delegate work — it works for all runtimes (Claude Code, LangGraph, etc.) since it operates at the platform level.

-Workspace creation also assigns an `awareness_namespace` on the workspace row. That namespace is later injected into the provisioned runtime.
-
 ### Registry

 | Method | Path | Description | Auth |
@@ -103,7 +103,7 @@ Migration files live in `workspace-server/migrations/` (latest: `022_workspace_s

 | Table | Description |
 |-------|-------------|
-| `workspaces` | Core entity — status, runtime, `agent_card` JSONB, heartbeat columns, `current_task`, `awareness_namespace`, `workspace_dir` |
+| `workspaces` | Core entity — status, runtime, `agent_card` JSONB, heartbeat columns, `current_task`, `workspace_dir` |
 | `canvas_layouts` | Per-workspace x/y canvas position |
 | `structure_events` | Append-only event log (workspace lifecycle, agent, approval events) |
 | `activity_logs` | A2A communications, task updates, agent logs, errors. `error_detail` is populated by the scheduler so cron run history can surface failure reasons. |
@@ -47,26 +47,18 @@ It is useful for structured per-workspace state and optional TTL entries. It is

 `GET /workspaces/:id/session-search` provides a thin recall surface over recent activity rows and memory rows. It is for “what just happened in this workspace?” rather than long-term semantic storage.

-### 4. Memory v2 plugin (`memory_records` / `memory_namespaces`)
+### 4. Awareness-backed persistence

-This is the production-direction backend, behind the RFC #2728 HTTP
-contract. The plugin runs as a sidecar on each tenant EC2 (auto-spawned
-by `entrypoint-tenant.sh` when `MEMORY_PLUGIN_URL` is set), owns its
-own tables under the `memory_plugin` schema, and serves:
+When the runtime receives:

- `POST /workspaces/:id/v2/memories` (canvas `MemoryInspectorPanel`)
- `GET /workspaces/:id/v2/memories`
- `DELETE /workspaces/:id/v2/memories/:id`
- runtime tools `commit_memory_v2`, `search_memory`, `commit_summary`,
-  `forget_memory`
- legacy MCP tool names `commit_memory` / `recall_memory` via the
-  scope→namespace shim in `mcp_tools_memory_legacy_shim.go`
+```bash
+AWARENESS_URL=...
+AWARENESS_NAMESPACE=workspace:<id>
+```

-Capability negotiation (FTS, embedding, TTL, pin, propagation) is
-declared by the plugin via `GET /v1/health`; workspace-server adapts
-the tool surface to what the plugin actually supports. See
-[`memory-plugin-v1.yaml`](../api-protocol/memory-plugin-v1.yaml) for
-the full wire contract.
+the same memory tools keep the same interface, but durable memory writes/reads are routed through the workspace's awareness namespace.
+
+This is the current production direction of the memory boundary: stable tool surface, stronger backend isolation.

 ## Access Model

@@ -129,7 +121,7 @@ If you need:
 - **org-wide guidance**: use `GLOBAL`
 - **simple UI-visible structured state**: use `workspace_memory`
 - **recent decision/task recall**: use `session-search`
- **semantic / FTS search across memories**: use the v2 plugin endpoints (`/v2/memories?q=…`); they go through the plugin's pgvector + tsvector indexes when the plugin declares the capability
+- **stronger durable isolation**: enable awareness namespaces

 ## Related Docs

@@ -426,10 +426,10 @@ submitted → working → completed

 | Surface | Storage | Endpoint | Purpose |
 |---------|---------|----------|---------|
-| **Memory v2 plugin (SSOT)** | `memory_plugin.memory_records` table via RFC #2728 HTTP plugin | `POST /workspaces/:id/v2/memories`, MCP tools `commit_memory` / `commit_memory_v2` / `commit_summary` | Production memory backend — agent reads/writes route through here exclusively |
-| **Key/value workspace memory** | `workspace_memory` table | `POST /workspaces/:id/memory` | Simple structured state, UI-visible, optional TTL — separate from agent memory |
-| **Activity recall** | `activity_logs` + `agent_memories` (legacy read-only) | `GET /workspaces/:id/session-search` | "What just happened?" contextual recall |
-| **Legacy `agent_memories`** | `agent_memories` table | `POST /workspaces/:id/memories` (REST) | Frozen post-A1 — kept only for the REST canvas-side path; the workspace-create `seedInitialMemories` writer routes through the v2 plugin once #1755 (PR #1759) lands. Scheduled for drop in Phase A3 (#1733). |
+| **Scoped agent memory** | `agent_memories` table | `POST /workspaces/:id/memories` | HMA-backed distributed memory with scope enforcement |
+| **Key/value workspace memory** | `workspace_memory` table | `POST /workspaces/:id/memory` | Simple structured state, UI-visible, optional TTL |
+| **Activity recall** | `activity_logs` + `agent_memories` | `GET /workspaces/:id/session-search` | "What just happened?" contextual recall |
+| **Awareness-backed** | External service | Same tool interface | When `AWARENESS_URL` + `AWARENESS_NAMESPACE` configured |

 ### Memory → Skill Compounding Flywheel

@@ -740,6 +740,7 @@ requires:
 | `hitl.py` | Multi-channel HITL (dashboard, Slack, email) | hitl.bypass_roles |
 | `sandbox.py` | Code execution (subprocess or Docker backend) | sandbox access |
 | `telemetry.py` | OpenTelemetry span creation and tracing | trace emission |
+| `awareness_client.py` | Awareness namespace memory wrapper | memory scope |
 | `security_scan.py` | CVE and security scanning (pip-audit/Snyk) | security audit |
 | `temporal_workflow.py` | Temporal.io workflow integration | workflow engine |
 | `a2a_tools.py` | A2A delegation helpers and route resolution | delegate/receive |
@@ -748,7 +749,8 @@ requires:

 | Server | Purpose |
 |--------|---------|
-| `molecule` | 20+ platform management tools (workspace CRUD, chat, memory, teams, secrets, files, approvals) — includes `commit_memory` / `commit_memory_v2` / `search_memory` routed through the v2 plugin |
+| `molecule` | 20+ platform management tools (workspace CRUD, chat, memory, teams, secrets, files, approvals) |
+| `awareness-memory` | Persistent cross-session memory via Awareness SDK |

 ---

@@ -907,7 +909,7 @@ Postgres + Redis + Langfuse only (for local development without containerized wo
 | `CORS_ORIGINS` | `http://localhost:3000,...` | CORS whitelist |
 | `RATE_LIMIT` | `600` | Requests per minute |
 | `WORKSPACE_DIR` | Optional | Shared workspace volume |
-| `MEMORY_PLUGIN_URL` | Unset by default | v2 memory plugin sidecar address. Typically set externally — CP user-data injects `http://localhost:9100` on tenant EC2 boot, which `entrypoint-tenant.sh` reads as the signal to spawn the bundled `memory-plugin` sidecar on the matching loopback port. When unset, today (pre-#1747) the legacy `agent_memories` SQL path is used as silent fallback; after #1747 (RFC #1733 Phase A1) lands, memory MCP tools return a "plugin not configured" error instead. |
+| `AWARENESS_URL` | Optional | Awareness service URL |

 ### Canvas (Next.js)

@@ -925,6 +927,8 @@ Postgres + Redis + Langfuse only (for local development without containerized wo
 | `WORKSPACE_CONFIG_PATH` | `/configs` | Config directory mount |
 | `PLATFORM_URL` | `http://platform:8080` | Platform connection |
 | `PARENT_ID` | Empty | Parent workspace ID (set if nested) |
+| `AWARENESS_URL` | Optional | Awareness service |
+| `AWARENESS_NAMESPACE` | Optional | Scoped namespace for awareness memory |
 | `LANGFUSE_HOST` | `http://langfuse-web:3000` | Langfuse endpoint |
 | `LANGFUSE_PUBLIC_KEY` | Optional | Langfuse auth |
 | `LANGFUSE_SECRET_KEY` | Optional | Langfuse auth |
@@ -1087,6 +1091,20 @@ Every Tier 1 launch (Open Interpreter, CrewAI) had all four elements.
 }
 ```

+### Awareness MCP Server
+
+For persistent cross-session memory:
+
+```json
+{
+  "awareness-memory": {
+    "type": "stdio",
+    "command": "npx",
+    "args": ["-y", "@awareness-sdk/local", "mcp"]
+  }
+}
+```
+
 ---

 ## 29. Summary Statistics
@@ -27,7 +27,7 @@ features:
    details: Current main ships adapters for LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, and OpenClaw under one workspace contract and A2A surface.
    icon: "⚙️"
  - title: Hierarchical Memory
-    details: HMA-style LOCAL, TEAM, and GLOBAL scopes backed by the v2 memory plugin (per-tenant pgvector sidecar with FTS + semantic recall).
+    details: HMA-style LOCAL, TEAM, and GLOBAL scopes plus workspace-scoped awareness namespaces when awareness is configured.
    icon: "🧠"
  - title: Skill Evolution
    details: Local SKILL.md packages, tool loading, plugin-mounted shared capabilities, hot reload, and a documented memory-to-skill promotion path.
@@ -50,7 +50,7 @@ features:
 | **Canvas** | Empty-state deployment, onboarding guide, 10-tab side panel, template palette, bundle import/export, drag-to-nest teams, search, activity and trace views |
 | **Platform** | Workspace CRUD, registry, A2A proxy, team expansion, approvals, secrets, global secrets, memory APIs, files API, terminal, viewport persistence, WebSocket fanout |
 | **Runtime** | One workspace image with six shipping adapters on `main`: LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, OpenClaw |
-| **Memory** | v2 plugin (pgvector + FTS) serving scoped agent memories under per-workspace namespaces; key/value workspace memory; session-search recall |
+| **Memory** | Scoped agent memories, key/value workspace memory, session-search recall, awareness namespace injection |
 | **Skills** | Local skill packages, plugin-mounted shared skills/rules, audit/install/publish CLI helpers, hot reload |

 ## Compatibility Note
@@ -111,12 +111,13 @@ const maxProxyResponseBody = 10 << 20
 //     a generic 502 page to canvas. 10s is well above realistic intra-region
 //     latencies and well below CF's edge timeout.
 //
-//  3. Transport.ResponseHeaderTimeout — 180s default. From request-body-end
+//  3. Transport.ResponseHeaderTimeout — 5min default. From request-body-end
 //     to response-headers-start. Configurable via
 //     A2A_PROXY_RESPONSE_HEADER_TIMEOUT (envx.Duration). Covers cold-start
 //     first-byte (30-60s OAuth flow above) with enough room for Opus agent
-//     turns (big context + internal delegate_task round-trips routinely exceed
-//     the old 60s ceiling). Body streaming after headers is governed by the
+//     turns and Codex scheduled tasks (big context + internal delegate_task
+//     round-trips routinely exceed the old 60s/180s ceilings). Body streaming
+//     after headers is governed by the
 //     per-request context deadline, NOT this timeout — so multi-minute agent
 //     responses still work fine.
 //
@@ -131,7 +132,7 @@ var a2aClient = &http.Client{
 			Timeout:   10 * time.Second,
 			KeepAlive: 30 * time.Second,
 		}).DialContext,
-		ResponseHeaderTimeout: envx.Duration("A2A_PROXY_RESPONSE_HEADER_TIMEOUT", 180*time.Second),
+		ResponseHeaderTimeout: envx.Duration("A2A_PROXY_RESPONSE_HEADER_TIMEOUT", 5*time.Minute),
 		TLSHandshakeTimeout:   10 * time.Second,
 		// MaxIdleConns / IdleConnTimeout: stdlib defaults are fine; agent
 		// fan-in is bounded by the platform's broadcaster fan-out, not by
@@ -28,8 +28,8 @@ type proxyDispatchBuildError struct{ err error }
 func (e *proxyDispatchBuildError) Error() string { return e.err.Error() }

 // handleA2ADispatchError translates a forward-call failure into a proxyA2AError,
-// runs the reactive container-health check, and (when `logActivity` is true)
-// schedules a detached LogActivity goroutine for the failed attempt.
+// runs the reactive container-health check, and records the outcome. Busy
+// targets that are successfully queued are logged as queued, not failed.
 func (h *WorkspaceHandler) handleA2ADispatchError(ctx context.Context, workspaceID, callerID string, body []byte, a2aMethod string, err error, durationMs int, logActivity bool) (int, []byte, *proxyA2AError) {
 	// Build-time failure (couldn't even create the http.Request) — return
 	// a 500 without the reactive-health / busy-retry paths.
@@ -45,10 +45,10 @@ func (h *WorkspaceHandler) handleA2ADispatchError(ctx context.Context, workspace

 	containerDead := h.maybeMarkContainerDead(ctx, workspaceID)

-	if logActivity {
-		h.logA2AFailure(ctx, workspaceID, callerID, body, a2aMethod, err, durationMs)
-	}
 	if containerDead {
+		if logActivity {
+			h.logA2AFailure(ctx, workspaceID, callerID, body, a2aMethod, err, durationMs)
+		}
 		return 0, nil, &proxyA2AError{
 			Status:   http.StatusServiceUnavailable,
 			Response: gin.H{"error": "workspace agent unreachable — container restart triggered", "restarting": true},
@@ -108,6 +108,9 @@ func (h *WorkspaceHandler) handleA2ADispatchError(ctx context.Context, workspace
 			ctx, workspaceID, callerID, PriorityTask, body, a2aMethod, idempotencyKey, expiresAt,
 		); qerr == nil {
 			log.Printf("ProxyA2A: target %s busy — enqueued as %s (depth=%d)", workspaceID, qid, depth)
+			if logActivity {
+				h.logA2ABusyQueued(ctx, workspaceID, callerID, body, a2aMethod, durationMs)
+			}
 			respBody, _ := json.Marshal(gin.H{
 				"queued":      true,
 				"queue_id":    qid,
@@ -121,6 +124,9 @@ func (h *WorkspaceHandler) handleA2ADispatchError(ctx context.Context, workspace
 			// make delegation silently disappear.
 			log.Printf("ProxyA2A: enqueue for %s failed (%v) — falling back to 503", workspaceID, qerr)
 		}
+		if logActivity {
+			h.logA2AFailure(ctx, workspaceID, callerID, body, a2aMethod, err, durationMs)
+		}
 		return 0, nil, &proxyA2AError{
 			Status:  http.StatusServiceUnavailable,
 			Headers: map[string]string{"Retry-After": strconv.Itoa(busyRetryAfterSeconds)},
@@ -131,6 +137,9 @@ func (h *WorkspaceHandler) handleA2ADispatchError(ctx context.Context, workspace
 			},
 		}
 	}
+	if logActivity {
+		h.logA2AFailure(ctx, workspaceID, callerID, body, a2aMethod, err, durationMs)
+	}
 	return 0, nil, &proxyA2AError{
 		Status:   http.StatusBadGateway,
 		Response: gin.H{"error": "failed to reach workspace agent"},
@@ -311,6 +320,33 @@ func (h *WorkspaceHandler) logA2AFailure(ctx context.Context, workspaceID, calle
 	})
 }

+// logA2ABusyQueued records that a push attempt reached a live but busy
+// workspace and was durably queued for heartbeat drain.
+func (h *WorkspaceHandler) logA2ABusyQueued(ctx context.Context, workspaceID, callerID string, body []byte, a2aMethod string, durationMs int) {
+	var wsName string
+	db.DB.QueryRowContext(ctx, `SELECT name FROM workspaces WHERE id = $1`, workspaceID).Scan(&wsName)
+	if wsName == "" {
+		wsName = workspaceID
+	}
+	summary := a2aMethod + " → " + wsName + " (queued: target busy)"
+	parent := ctx
+	h.goAsync(func() {
+		logCtx, cancel := context.WithTimeout(context.WithoutCancel(parent), 30*time.Second)
+		defer cancel()
+		LogActivity(logCtx, h.broadcaster, ActivityParams{
+			WorkspaceID:  workspaceID,
+			ActivityType: "a2a_receive",
+			SourceID:     nilIfEmpty(callerID),
+			TargetID:     &workspaceID,
+			Method:       &a2aMethod,
+			Summary:      &summary,
+			RequestBody:  json.RawMessage(body),
+			DurationMs:   &durationMs,
+			Status:       "ok",
+		})
+	})
+}
+
 // logA2ASuccess records a successful A2A round-trip and (for canvas-initiated
 // 2xx/3xx responses) broadcasts an A2A_RESPONSE event so the frontend can
 // receive the reply without polling.
@@ -1779,6 +1779,58 @@ func TestHandleA2ADispatchError_ContextDeadline(t *testing.T) {
 	}
 }

+func TestHandleA2ADispatchError_BusyEnqueueLogsQueuedNotFailure(t *testing.T) {
+	mock := setupTestDB(t)
+	setupTestRedis(t)
+	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
+	waitForHandlerAsyncBeforeDBCleanup(t, handler)
+
+	mock.ExpectQuery(`INSERT INTO a2a_queue`).
+		WithArgs("ws-busy", nil, PriorityTask, "{}", "message/send", nil, nil).
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("11111111-1111-1111-1111-111111111111"))
+	mock.ExpectQuery(`SELECT COUNT\(\*\) FROM a2a_queue`).
+		WithArgs("ws-busy").
+		WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(1))
+	mock.ExpectQuery(`SELECT name FROM workspaces WHERE id =`).
+		WithArgs("ws-busy").
+		WillReturnRows(sqlmock.NewRows([]string{"name"}).AddRow("Busy Target"))
+	mock.ExpectExec("INSERT INTO activity_logs").
+		WithArgs(
+			"ws-busy",
+			"a2a_receive",
+			nil,
+			sqlmock.AnyArg(),
+			sqlmock.AnyArg(),
+			sqlmock.AnyArg(),
+			sqlmock.AnyArg(),
+			nil,
+			nil,
+			sqlmock.AnyArg(),
+			"ok",
+			nil,
+		).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	status, body, perr := handler.handleA2ADispatchError(
+		context.Background(), "ws-busy", "", []byte("{}"), "message/send",
+		context.DeadlineExceeded, 180002, true,
+	)
+	if perr != nil {
+		t.Fatalf("expected busy enqueue success, got proxy error: %+v", perr)
+	}
+	if status != http.StatusAccepted {
+		t.Fatalf("got status %d, want 202", status)
+	}
+	if !bytes.Contains(body, []byte(`"queued":true`)) {
+		t.Fatalf("expected queued response body, got %s", string(body))
+	}
+
+	time.Sleep(80 * time.Millisecond)
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Fatalf("unmet expectations; busy enqueue must log status=ok, not error: %v", err)
+	}
+}
+
 func TestHandleA2ADispatchError_BuildError(t *testing.T) {
 	setupTestDB(t)
 	setupTestRedis(t)
@@ -2354,7 +2406,7 @@ func TestLookupDeliveryMode_ContextCanceled_FailsClosed(t *testing.T) {
 // ==================== a2aClient ResponseHeaderTimeout config ====================

 func TestA2AClientResponseHeaderTimeout(t *testing.T) {
-	const defaultTimeout = 180 * time.Second
+	const defaultTimeout = 5 * time.Minute

 	// Default (unset env) — a2aClient was initialised at package load time.
 	if a2aClient.Transport.(*http.Transport).ResponseHeaderTimeout != defaultTimeout {
@@ -2378,7 +2430,7 @@ func TestA2AClientResponseHeaderTimeout(t *testing.T) {
 	t.Run("invalid A2A_PROXY_RESPONSE_HEADER_TIMEOUT falls back to default", func(t *testing.T) {
 		t.Setenv("A2A_PROXY_RESPONSE_HEADER_TIMEOUT", "not-a-duration")
 		// Simulate what envx.Duration does with an invalid value.
-		var fallback = 180 * time.Second
+		var fallback = 5 * time.Minute
 		override := fallback
 		if v := os.Getenv("A2A_PROXY_RESPONSE_HEADER_TIMEOUT"); v != "" {
 			if d, err := time.ParseDuration(v); err == nil && d > 0 {
@@ -159,7 +159,8 @@ func generateAppInstallationToken() (string, time.Time, error) {
 	req, _ := http.NewRequest("POST", fmt.Sprintf("https://api.github.com/app/installations/%d/access_tokens", installID), nil)
 	req.Header.Set("Authorization", "Bearer "+signed)
 	req.Header.Set("Accept", "application/vnd.github+json")
-	resp, err := http.DefaultClient.Do(req)
+	client := &http.Client{Timeout: 30 * time.Second}
+	resp, err := client.Do(req)
 	if err != nil {
 		return "", time.Time{}, err
 	}
@@ -33,7 +33,7 @@ func TestWorkspaceCreate_WithParentID(t *testing.T) {
 	// Default tier is 3 (Privileged) — see workspace.go create-handler comment.
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Child Agent", nil, 3, "langgraph", sqlmock.AnyArg(), &parentID, nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Child Agent", nil, 3, "langgraph", &parentID, nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -69,7 +69,7 @@ func TestWorkspaceCreate_ExplicitClaudeCodeRuntime(t *testing.T) {
 	mock.ExpectBegin()
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "CC Agent", nil, 2, "claude-code", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "CC Agent", nil, 2, "claude-code", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -291,7 +291,7 @@ func TestWorkspaceCreate_MaxConcurrentTasksOverride(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Leader Agent", nil, 3, "claude-code", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), 3, "push").
+		WithArgs(sqlmock.AnyArg(), "Leader Agent", nil, 3, "claude-code", (*string)(nil), nil, "none", (*int64)(nil), 3, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -364,11 +364,11 @@ func TestWorkspaceCreate(t *testing.T) {
 	// Expect transaction begin for atomic workspace+secrets creation
 	mock.ExpectBegin()

-	// Expect workspace INSERT (uuid is dynamic, use AnyArg for id, runtime, awareness_namespace).
+	// Expect workspace INSERT (uuid is dynamic, use AnyArg for id, runtime).
 	// Default tier is 3 (Privileged) — see workspace.go create-handler comment.
 	// delivery_mode defaults to "push" when payload omits it (#2339).
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Test Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Test Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))

 	// Expect transaction commit (no secrets in this payload)
@@ -412,24 +412,17 @@ func TestWorkspaceCreate(t *testing.T) {
 	if resp["id"] == nil || resp["id"] == "" {
 		t.Error("expected non-empty id in response")
 	}
-	if resp["awareness_namespace"] != "workspace:"+resp["id"].(string) {
-		t.Errorf("expected awareness namespace derived from workspace id, got %v", resp["awareness_namespace"])
-	}

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unmet sqlmock expectations: %v", err)
 	}
 }

-func TestBuildProvisionerConfig_IncludesAwarenessSettings(t *testing.T) {
+func TestBuildProvisionerConfig_WorkspacePathFromPayload(t *testing.T) {
 	setupTestDB(t)
-	// runtime_image_pins reader removed by RFC internal#617 / task #335
-	// — CP is the SSOT for runtime image pins. No DB lookup here anymore.
-
 	broadcaster := newTestBroadcaster()
 	handler := NewWorkspaceHandler(broadcaster, nil, "http://localhost:8080", "/tmp/configs")

-	t.Setenv("AWARENESS_URL", "http://awareness:37800")
 	t.Setenv("WORKSPACE_DIR", "/tmp/workspace")

 	cfg := handler.buildProvisionerConfig(
@@ -440,17 +433,10 @@ func TestBuildProvisionerConfig_IncludesAwarenessSettings(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 2, Runtime: "claude-code", WorkspaceDir: "/tmp/workspace", WorkspaceAccess: "read_write"},
 		map[string]string{"OPENAI_API_KEY": "sk-test"},
 		"/tmp/plugins",
-		"workspace:ws-123",
 	)

-	if cfg.AwarenessURL != "http://awareness:37800" {
-		t.Fatalf("expected awareness URL to be injected, got %q", cfg.AwarenessURL)
-	}
-	if cfg.AwarenessNamespace != "workspace:ws-123" {
-		t.Fatalf("expected awareness namespace to be injected, got %q", cfg.AwarenessNamespace)
-	}
 	if cfg.WorkspacePath != "/tmp/workspace" {
-		t.Fatalf("expected workspace path from env, got %q", cfg.WorkspacePath)
+		t.Fatalf("expected workspace path from payload, got %q", cfg.WorkspacePath)
 	}
 }

@@ -54,6 +54,11 @@ func (h *MemoryHandler) List(c *gin.Context) {
 		entry.Value = json.RawMessage(value)
 		entries = append(entries, entry)
 	}
+	if err := rows.Err(); err != nil {
+		log.Printf("Memory list iteration error: %v", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "query iteration failed"})
+		return
+	}

 	c.JSON(http.StatusOK, entries)
 }
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"database/sql"
 	"encoding/json"
+	"errors"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -74,6 +75,34 @@ func TestMemoryList_DBError(t *testing.T) {
 	}
 }

+// TestMemoryList_RowsErr_Returns500 verifies that a rows.Err() set during
+// iteration causes the handler to return 500 rather than partial results.
+func TestMemoryList_RowsErr_Returns500(t *testing.T) {
+	mock := setupTestDB(t)
+	setupTestRedis(t)
+	handler := NewMemoryHandler()
+
+	cols := []string{"key", "value", "version", "expires_at", "updated_at"}
+	mock.ExpectQuery("SELECT key, value, version, expires_at, updated_at").
+		WithArgs("ws-rowerr").
+		WillReturnRows(sqlmock.NewRows(cols).
+			AddRow("ok-key", []byte(`"val"`), int64(1), nil, time.Now()).
+			RowError(0, errors.New("storage engine fault")))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "ws-rowerr"}}
+	c.Request = httptest.NewRequest("GET", "/workspaces/ws-rowerr/memory", nil)
+	handler.List(c)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("rows.Err() must yield 500, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
 // ==================== GET /workspaces/:id/memory/:key (Get) ====================

 func TestMemoryGet_Success(t *testing.T) {
@@ -799,13 +799,12 @@ func (h *OrgHandler) Import(c *gin.Context) {
 	if len(tmpl.GlobalMemories) > 0 && len(results) > 0 {
 		rootID, _ := results[0]["id"].(string)
 		if rootID != "" {
-			rootNS := workspaceAwarenessNamespace(rootID)
 			// Force scope to GLOBAL regardless of what the YAML says.
 			globalSeeds := make([]models.MemorySeed, len(tmpl.GlobalMemories))
 			for i, gm := range tmpl.GlobalMemories {
 				globalSeeds[i] = models.MemorySeed{Content: gm.Content, Scope: "GLOBAL"}
 			}
-			seedInitialMemories(context.Background(), rootID, globalSeeds, rootNS)
+			seedInitialMemories(context.Background(), rootID, globalSeeds)
 			log.Printf("Org import: seeded %d global memories on root workspace %s", len(globalSeeds), rootID)
 		}
 	}
@@ -102,7 +102,6 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	}

 	id := uuid.New().String()
-	awarenessNS := workspaceAwarenessNamespace(id)

 	var role interface{}
 	if ws.Role != "" {
@@ -168,13 +167,13 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	// EXACTLY for Postgres to consider the index applicable.
 	var insertedID string
 	err := db.DB.QueryRowContext(ctx, `
-		INSERT INTO workspaces (id, name, role, tier, runtime, awareness_namespace, status, parent_id, workspace_dir, workspace_access, max_concurrent_tasks)
-		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
+		INSERT INTO workspaces (id, name, role, tier, runtime, status, parent_id, workspace_dir, workspace_access, max_concurrent_tasks)
+		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
 		ON CONFLICT (COALESCE(parent_id, '00000000-0000-0000-0000-000000000000'::uuid), name)
 		WHERE status != 'removed'
 		DO NOTHING
 		RETURNING id
-	`, id, ws.Name, role, tier, runtime, awarenessNS, "provisioning", parentID, workspaceDir, workspaceAccess, maxConcurrent).Scan(&insertedID)
+	`, id, ws.Name, role, tier, runtime, "provisioning", parentID, workspaceDir, workspaceAccess, maxConcurrent).Scan(&insertedID)
 	if errors.Is(err, sql.ErrNoRows) {
 		// Skip path — a non-removed row already exists for
 		// (parent_id, name). Re-select its id; idempotency-friendly
@@ -259,7 +258,7 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	if len(wsMemories) == 0 {
 		wsMemories = defaults.InitialMemories
 	}
-	seedInitialMemories(ctx, id, wsMemories, awarenessNS)
+	seedInitialMemories(ctx, id, wsMemories)

 	// Handle external workspaces
 	if ws.External {
@@ -216,7 +216,6 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	}

 	id := uuid.New().String()
-	awarenessNamespace := workspaceAwarenessNamespace(id)
 	if h.IsSaaS() {
 		// SaaS hard gate: every hosted workspace gets its own sibling
 		// EC2 instance, so T4 is the only meaningful runtime boundary.
@@ -448,10 +447,10 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	// returns the actually-persisted name (which we MUST thread back into
 	// payload + broadcast so the canvas displays what the DB has).
 	const insertWorkspaceSQL = `
-		INSERT INTO workspaces (id, name, role, tier, runtime, awareness_namespace, status, parent_id, workspace_dir, workspace_access, budget_limit, max_concurrent_tasks, delivery_mode)
-		VALUES ($1, $2, $3, $4, $5, $6, 'provisioning', $7, $8, $9, $10, $11, $12)
+		INSERT INTO workspaces (id, name, role, tier, runtime, status, parent_id, workspace_dir, workspace_access, budget_limit, max_concurrent_tasks, delivery_mode)
+		VALUES ($1, $2, $3, $4, $5, 'provisioning', $6, $7, $8, $9, $10, $11)
 	`
-	insertArgs := []any{id, payload.Name, role, payload.Tier, payload.Runtime, awarenessNamespace, payload.ParentID, workspaceDir, workspaceAccess, payload.BudgetLimit, maxConcurrent, deliveryMode}
+	insertArgs := []any{id, payload.Name, role, payload.Tier, payload.Runtime, payload.ParentID, workspaceDir, workspaceAccess, payload.BudgetLimit, maxConcurrent, deliveryMode}
 	persistedName, currentTx, err := insertWorkspaceWithNameRetry(
 		ctx,
 		tx,
@@ -572,7 +571,7 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {

 	// Seed initial memories from the create payload (issue #1050).
 	// Non-fatal: failures are logged but don't block workspace creation.
-	seedInitialMemories(ctx, id, payload.InitialMemories, awarenessNamespace)
+	seedInitialMemories(ctx, id, payload.InitialMemories)

 	// Broadcast provisioning event. Include `runtime` so the canvas can
 	// populate the Runtime pill on the side panel immediately — without it
@@ -707,10 +706,9 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {
 	}

 	c.JSON(http.StatusCreated, gin.H{
-		"id":                  id,
-		"status":              "provisioning",
-		"awareness_namespace": awarenessNamespace,
-		"workspace_access":    workspaceAccess,
+		"id":               id,
+		"status":           "provisioning",
+		"workspace_access": workspaceAccess,
 	})
 }

@@ -152,7 +152,6 @@ func TestWorkspaceBudget_Create_WithLimit(t *testing.T) {
 			nil,                              // role
 			3,                                // tier (default, workspace.go create-handler)
 			"langgraph",                      // runtime
-			sqlmock.AnyArg(),                 // awareness_namespace
 			(*string)(nil),                   // parent_id
 			nil,                              // workspace_dir
 			"none",                           // workspace_access
@@ -6,6 +6,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"net/url"
+	"os"
+	"strings"

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
@@ -15,6 +18,10 @@ import (
 const (
 	workspaceComputeDiskFloorGB   = 30
 	workspaceComputeDiskCeilingGB = 500
+	workspaceDisplayMinWidth      = 800
+	workspaceDisplayMaxWidth      = 3840
+	workspaceDisplayMinHeight     = 600
+	workspaceDisplayMaxHeight     = 2160
 )

 type workspaceDisplayResponse struct {
@@ -25,6 +32,7 @@ type workspaceDisplayResponse struct {
 	Width     int    `json:"width,omitempty"`
 	Height    int    `json:"height,omitempty"`
 	Status    string `json:"status,omitempty"`
+	ViewerURL string `json:"viewer_url,omitempty"`
 }

 var workspaceComputeInstanceAllowlist = map[string]struct{}{
@@ -54,12 +62,12 @@ func validateWorkspaceCompute(compute models.WorkspaceCompute) error {
 		return fmt.Errorf("unsupported compute.display.mode")
 	}
 	switch compute.Display.Protocol {
-	case "", "dcv":
+	case "", "dcv", "novnc":
 	default:
 		return fmt.Errorf("unsupported compute.display.protocol")
 	}
-	if compute.Display.Width < 0 || compute.Display.Height < 0 {
-		return fmt.Errorf("compute.display width/height must be non-negative")
+	if err := validateWorkspaceDisplayDimensions(compute.Display.Width, compute.Display.Height); err != nil {
+		return err
 	}
 	return nil
 }
@@ -71,13 +79,26 @@ func validateWorkspaceDisplayConfig(display models.WorkspaceComputeDisplay) erro
 		return fmt.Errorf("unsupported compute.display.mode")
 	}
 	switch display.Protocol {
-	case "", "dcv":
+	case "", "dcv", "novnc":
 	default:
 		return fmt.Errorf("unsupported compute.display.protocol")
 	}
-	if display.Width < 0 || display.Height < 0 {
+	if err := validateWorkspaceDisplayDimensions(display.Width, display.Height); err != nil {
+		return err
+	}
+	return nil
+}
+
+func validateWorkspaceDisplayDimensions(width, height int) error {
+	if width < 0 || height < 0 {
 		return fmt.Errorf("compute.display width/height must be non-negative")
 	}
+	if width != 0 && (width < workspaceDisplayMinWidth || width > workspaceDisplayMaxWidth) {
+		return fmt.Errorf("compute.display.width must be between %d and %d", workspaceDisplayMinWidth, workspaceDisplayMaxWidth)
+	}
+	if height != 0 && (height < workspaceDisplayMinHeight || height > workspaceDisplayMaxHeight) {
+		return fmt.Errorf("compute.display.height must be between %d and %d", workspaceDisplayMinHeight, workspaceDisplayMaxHeight)
+	}
 	return nil
 }

@@ -196,6 +217,18 @@ func (h *WorkspaceHandler) Display(c *gin.Context) {
 		})
 		return
 	}
+	if viewerURL := workspaceDisplayViewerURL(workspaceID); viewerURL != "" {
+		c.JSON(200, workspaceDisplayResponse{
+			Available: true,
+			Mode:      compute.Display.Mode,
+			Protocol:  compute.Display.Protocol,
+			Width:     compute.Display.Width,
+			Height:    compute.Display.Height,
+			Status:    "ready",
+			ViewerURL: viewerURL,
+		})
+		return
+	}
 	c.JSON(200, workspaceDisplayResponse{
 		Available: false,
 		Reason:    "display_session_unavailable",
@@ -206,3 +239,15 @@ func (h *WorkspaceHandler) Display(c *gin.Context) {
 		Status:    "not_configured",
 	})
 }
+
+func workspaceDisplayViewerURL(workspaceID string) string {
+	base := strings.TrimRight(os.Getenv("DISPLAY_VIEWER_BASE_URL"), "/")
+	if base == "" {
+		return ""
+	}
+	parsed, err := url.Parse(base)
+	if err != nil || parsed.Scheme != "https" || parsed.Host == "" {
+		return ""
+	}
+	return base + "/" + url.PathEscape(workspaceID)
+}
@@ -43,6 +43,20 @@ func TestValidateWorkspaceCompute_RejectsOutOfRangeRootVolume(t *testing.T) {
 	}
 }

+func TestValidateWorkspaceCompute_RejectsOutOfRangeDisplayDimensions(t *testing.T) {
+	for _, display := range []models.WorkspaceComputeDisplay{
+		{Mode: "desktop-control", Protocol: "novnc", Width: 799, Height: 1080},
+		{Mode: "desktop-control", Protocol: "novnc", Width: 3841, Height: 1080},
+		{Mode: "desktop-control", Protocol: "novnc", Width: 1920, Height: 599},
+		{Mode: "desktop-control", Protocol: "novnc", Width: 1920, Height: 2161},
+	} {
+		compute := models.WorkspaceCompute{Display: display}
+		if err := validateWorkspaceCompute(compute); err == nil {
+			t.Fatalf("validateWorkspaceCompute accepted display size %dx%d", display.Width, display.Height)
+		}
+	}
+}
+
 func TestWorkspaceComputeJSON_OmitsEmptyNestedSections(t *testing.T) {
 	got, err := workspaceComputeJSON(models.WorkspaceCompute{
 		InstanceType: "m6i.xlarge",
@@ -141,11 +155,11 @@ func TestBuildProvisionerConfig_CopiesComputeSizingFromPayload(t *testing.T) {
 			Compute: models.WorkspaceCompute{
 				InstanceType: "m6i.xlarge",
 				Volume:       models.WorkspaceComputeVolume{RootGB: 100},
+				Display:      models.WorkspaceComputeDisplay{Mode: "desktop-control", Protocol: "novnc", Width: 1920, Height: 1080},
 			},
 		},
 		nil,
 		t.TempDir(),
-		"workspace:ws-compute",
 	)

 	if cfg.InstanceType != "m6i.xlarge" {
@@ -154,6 +168,12 @@ func TestBuildProvisionerConfig_CopiesComputeSizingFromPayload(t *testing.T) {
 	if cfg.DiskGB != 100 {
 		t.Errorf("cfg.DiskGB = %d, want 100", cfg.DiskGB)
 	}
+	if cfg.Display.Mode != "desktop-control" || cfg.Display.Protocol != "novnc" {
+		t.Errorf("cfg.Display mode/protocol = %q/%q, want desktop-control/novnc", cfg.Display.Mode, cfg.Display.Protocol)
+	}
+	if cfg.Display.Width != 1920 || cfg.Display.Height != 1080 {
+		t.Errorf("cfg.Display size = %dx%d, want 1920x1080", cfg.Display.Width, cfg.Display.Height)
+	}
 }

 func TestWithStoredCompute_LoadsComputeForRestartPayloads(t *testing.T) {
@@ -217,7 +237,7 @@ func TestWorkspaceDisplay_DisplayConfiguredReturnsSessionUnavailableContract(t *

 	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"dcv","width":1920,"height":1080}}`))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -242,8 +262,8 @@ func TestWorkspaceDisplay_DisplayConfiguredReturnsSessionUnavailableContract(t *
 	if resp["status"] != "not_configured" {
 		t.Fatalf("status = %v, want not_configured", resp["status"])
 	}
-	if resp["mode"] != "desktop-control" || resp["protocol"] != "dcv" {
-		t.Fatalf("mode/protocol = %v/%v, want desktop-control/dcv", resp["mode"], resp["protocol"])
+	if resp["mode"] != "desktop-control" || resp["protocol"] != "novnc" {
+		t.Fatalf("mode/protocol = %v/%v, want desktop-control/novnc", resp["mode"], resp["protocol"])
 	}
 	if resp["width"] != float64(1920) || resp["height"] != float64(1080) {
 		t.Fatalf("width/height = %v/%v, want 1920/1080", resp["width"], resp["height"])
@@ -256,6 +276,83 @@ func TestWorkspaceDisplay_DisplayConfiguredReturnsSessionUnavailableContract(t *
 	}
 }

+func TestWorkspaceDisplay_DisplayConfiguredWithViewerBaseReturnsAvailableSession(t *testing.T) {
+	mock := setupTestDB(t)
+	setupTestRedis(t)
+	t.Setenv("DISPLAY_VIEWER_BASE_URL", "https://display.example.test/sessions")
+	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
+
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
+		WithArgs("ws-display").
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: "ws-display"}}
+	c.Request = httptest.NewRequest("GET", "/workspaces/ws-display/display", nil)
+
+	handler.Display(c)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse display response: %v", err)
+	}
+	if resp["available"] != true {
+		t.Fatalf("available = %v, want true", resp["available"])
+	}
+	if resp["viewer_url"] != "https://display.example.test/sessions/ws-display" {
+		t.Fatalf("viewer_url = %v, want workspace viewer URL", resp["viewer_url"])
+	}
+	if resp["reason"] != nil {
+		t.Fatalf("reason = %v, want omitted", resp["reason"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+func TestWorkspaceDisplay_DisplayConfiguredWithInvalidViewerBaseReturnsUnavailable(t *testing.T) {
+	mock := setupTestDB(t)
+	setupTestRedis(t)
+	t.Setenv("DISPLAY_VIEWER_BASE_URL", "http://display.example.test/sessions")
+	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
+
+	workspaceID := "ws-display"
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
+		WithArgs(workspaceID).
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Params = gin.Params{{Key: "id", Value: workspaceID}}
+	c.Request = httptest.NewRequest("GET", "/workspaces/"+workspaceID+"/display", nil)
+
+	handler.Display(c)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse display response: %v", err)
+	}
+	if resp["available"] != false {
+		t.Fatalf("available = %v, want false", resp["available"])
+	}
+	if resp["viewer_url"] != nil {
+		t.Fatalf("viewer_url = %v, want omitted for invalid viewer base", resp["viewer_url"])
+	}
+	if resp["reason"] != "display_session_unavailable" {
+		t.Fatalf("reason = %v, want display_session_unavailable", resp["reason"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
 func TestWorkspaceDisplay_IgnoresUnrelatedStoredComputeSizingDrift(t *testing.T) {
 	mock := setupTestDB(t)
 	setupTestRedis(t)
@@ -263,7 +360,7 @@ func TestWorkspaceDisplay_IgnoresUnrelatedStoredComputeSizingDrift(t *testing.T)

 	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-display-sizing-drift").
-		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"instance_type":"old.large","display":{"mode":"desktop-control","protocol":"dcv","width":1920,"height":1080}}`))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"instance_type":"old.large","display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -103,13 +103,13 @@ func cleanupTestRows(t *testing.T, conn *sql.DB, namePrefix string) {
 // TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision
 // exercises the helper end-to-end against a real Postgres:
 //
-//   1. INSERT a row with name "<prefix>-Repro" — succeeds.
-//   2. Run insertWorkspaceWithNameRetry with the same name —
-//      partial-unique violation fires, helper retries with
-//      " (2)", that succeeds.
-//   3. SELECT the row by id, confirm name = "<prefix>-Repro (2)".
-//   4. Run helper AGAIN — second collision, helper retries with
-//      " (3)".
+//  1. INSERT a row with name "<prefix>-Repro" — succeeds.
+//  2. Run insertWorkspaceWithNameRetry with the same name —
+//     partial-unique violation fires, helper retries with
+//     " (2)", that succeeds.
+//  3. SELECT the row by id, confirm name = "<prefix>-Repro (2)".
+//  4. Run helper AGAIN — second collision, helper retries with
+//     " (3)".
 //
 // This is the live-test that proves the partial-index behaviour
 // matches the migration's intent — sqlmock cannot reach this depth.
@@ -130,9 +130,9 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 	// targets + the NOT NULL columns required by the schema).
 	firstID := uuid.New().String()
 	if _, err := conn.ExecContext(ctx, `
-		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
-		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
-	`, firstID, baseName, "workspace:"+firstID); err != nil {
+		INSERT INTO workspaces (id, name, tier, runtime, status)
+		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
+	`, firstID, baseName); err != nil {
 		t.Fatalf("seed first row: %v", err)
 	}

@@ -145,10 +145,10 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 	}
 	secondID := uuid.New().String()
 	query := `
-		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
-		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
+		INSERT INTO workspaces (id, name, tier, runtime, status)
+		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
 	`
-	args := []any{secondID, baseName, "workspace:" + secondID}
+	args := []any{secondID, baseName}
 	persistedName, finalTx, err := insertWorkspaceWithNameRetry(
 		ctx, tx, beginTx, baseName, 1, query, args,
 	)
@@ -179,7 +179,7 @@ func TestIntegration_WorkspaceCreate_NameRetry_AutoSuffixesOnCollision(t *testin
 		t.Fatalf("begin tx3: %v", err)
 	}
 	thirdID := uuid.New().String()
-	args3 := []any{thirdID, baseName, "workspace:" + thirdID}
+	args3 := []any{thirdID, baseName}
 	persistedName3, finalTx3, err := insertWorkspaceWithNameRetry(
 		ctx, tx3, beginTx, baseName, 1, query, args3,
 	)
@@ -216,9 +216,9 @@ func TestIntegration_WorkspaceCreate_NameRetry_TombstonedRowDoesNotCollide(t *te
 	// Seed a row, then tombstone it.
 	firstID := uuid.New().String()
 	if _, err := conn.ExecContext(ctx, `
-		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
-		VALUES ($1, $2, 2, 'claude-code', $3, 'removed')
-	`, firstID, baseName, "workspace:"+firstID); err != nil {
+		INSERT INTO workspaces (id, name, tier, runtime, status)
+		VALUES ($1, $2, 2, 'claude-code', 'removed')
+	`, firstID, baseName); err != nil {
 		t.Fatalf("seed tombstoned row: %v", err)
 	}

@@ -231,10 +231,10 @@ func TestIntegration_WorkspaceCreate_NameRetry_TombstonedRowDoesNotCollide(t *te
 	}
 	secondID := uuid.New().String()
 	query := `
-		INSERT INTO workspaces (id, name, tier, runtime, awareness_namespace, status)
-		VALUES ($1, $2, 2, 'claude-code', $3, 'provisioning')
+		INSERT INTO workspaces (id, name, tier, runtime, status)
+		VALUES ($1, $2, 2, 'claude-code', 'provisioning')
 	`
-	args := []any{secondID, baseName, "workspace:" + secondID}
+	args := []any{secondID, baseName}
 	persistedName, finalTx, err := insertWorkspaceWithNameRetry(
 		ctx, tx, beginTx, baseName, 1, query, args,
 	)
@@ -128,7 +128,7 @@ func (h *WorkspaceHandler) provisionWorkspaceOpts(workspaceID, templatePath stri
 							workspaceID, filepath.Base(runtimeTemplate))
 						templatePath = runtimeTemplate
 						// Rebuild cfg with the recovered template path so Start() sees it.
-						cfg = h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, prepared.EnvVars, prepared.PluginsPath, prepared.AwarenessNamespace)
+						cfg = h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, prepared.EnvVars, prepared.PluginsPath)
 						cfg.ResetClaudeSession = resetClaudeSession
 						recovered = true
 						break
@@ -194,10 +194,11 @@ func (h *WorkspaceHandler) provisionWorkspaceOpts(workspaceID, templatePath stri
 // a ~64k context window worth of text — but small enough to prevent abuse.
 const maxMemoryContentLength = 100_000 // ~100 KiB of text

-func seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed, awarenessNamespace string) {
+func seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed) {
 	if len(memories) == 0 {
 		return
 	}
+	namespace := workspaceMemoryNamespace(workspaceID)
 	for _, mem := range memories {
 		scope := strings.ToUpper(mem.Scope)
 		if scope == "" {
@@ -223,33 +224,27 @@ func seedInitialMemories(ctx context.Context, workspaceID string, memories []mod
 		if _, err := db.DB.ExecContext(ctx, `
 			INSERT INTO agent_memories (workspace_id, content, scope, namespace)
 			VALUES ($1, $2, $3, $4)
-		`, workspaceID, redactedContent, scope, awarenessNamespace); err != nil {
+		`, workspaceID, redactedContent, scope, namespace); err != nil {
 			log.Printf("seedInitialMemories: failed to insert memory for %s (scope=%s): %v", workspaceID, scope, err)
 		}
 	}
 	log.Printf("seedInitialMemories: seeded %d memories for workspace %s", len(memories), workspaceID)
 }

-func workspaceAwarenessNamespace(workspaceID string) string {
+// workspaceMemoryNamespace returns the canonical v2 memory namespace
+// string for a workspace. Matches the form produced by
+// internal/memory/namespace/resolver.go for self-reads (issue #1735).
+func workspaceMemoryNamespace(workspaceID string) string {
 	return fmt.Sprintf("workspace:%s", workspaceID)
 }

-func (h *WorkspaceHandler) loadAwarenessNamespace(ctx context.Context, workspaceID string) string {
-	var awarenessNamespace string
-	err := db.DB.QueryRowContext(ctx, `SELECT COALESCE(awareness_namespace, '') FROM workspaces WHERE id = $1`, workspaceID).Scan(&awarenessNamespace)
-	if err != nil || awarenessNamespace == "" {
-		return workspaceAwarenessNamespace(workspaceID)
-	}
-	return awarenessNamespace
-}
-
 func (h *WorkspaceHandler) buildProvisionerConfig(
 	ctx context.Context,
 	workspaceID, templatePath string,
 	configFiles map[string][]byte,
 	payload models.CreateWorkspacePayload,
 	envVars map[string]string,
-	pluginsPath, awarenessNamespace string,
+	pluginsPath string,
 ) provisioner.WorkspaceConfig {
 	// Per-workspace workspace_dir takes priority over global WORKSPACE_DIR env var.
 	// If neither is set, the provisioner creates an isolated Docker volume.
@@ -288,20 +283,24 @@ func (h *WorkspaceHandler) buildProvisionerConfig(
 	}

 	return provisioner.WorkspaceConfig{
-		WorkspaceID:        workspaceID,
-		TemplatePath:       templatePath,
-		ConfigFiles:        configFiles,
-		PluginsPath:        pluginsPath,
-		WorkspacePath:      workspacePath,
-		WorkspaceAccess:    workspaceAccess,
-		Tier:               payload.Tier,
-		Runtime:            payload.Runtime,
-		InstanceType:       payload.Compute.InstanceType,
-		DiskGB:             int32(payload.Compute.Volume.RootGB),
-		EnvVars:            envVars,
-		PlatformURL:        h.platformURL,
-		AwarenessURL:       os.Getenv("AWARENESS_URL"),
-		AwarenessNamespace: awarenessNamespace,
+		WorkspaceID:     workspaceID,
+		TemplatePath:    templatePath,
+		ConfigFiles:     configFiles,
+		PluginsPath:     pluginsPath,
+		WorkspacePath:   workspacePath,
+		WorkspaceAccess: workspaceAccess,
+		Tier:            payload.Tier,
+		Runtime:         payload.Runtime,
+		InstanceType:    payload.Compute.InstanceType,
+		DiskGB:          int32(payload.Compute.Volume.RootGB),
+		Display: provisioner.WorkspaceDisplayConfig{
+			Mode:     payload.Compute.Display.Mode,
+			Width:    payload.Compute.Display.Width,
+			Height:   payload.Compute.Display.Height,
+			Protocol: payload.Compute.Display.Protocol,
+		},
+		EnvVars:     envVars,
+		PlatformURL: h.platformURL,
 		// Image left empty — molecule-core's runtime_image_pins table (mig
 		// 047, dead reader removed by RFC internal#617 / task #335) was an
 		// aspirational SSOT that never received a writer. CP's
@@ -85,10 +85,9 @@ func readOrLazyHealInboundSecret(ctx context.Context, workspaceID, opLabel strin
 // prepareProvisionContext when the caller proceeds; nil + non-empty
 // abort message when the caller must mark the workspace failed.
 type preparedProvisionContext struct {
-	EnvVars            map[string]string
-	PluginsPath        string
-	AwarenessNamespace string
-	Config             provisioner.WorkspaceConfig
+	EnvVars     map[string]string
+	PluginsPath string
+	Config      provisioner.WorkspaceConfig
 }

 // provisionAbort describes why prepareProvisionContext refused to
@@ -170,7 +169,6 @@ func (h *WorkspaceHandler) prepareProvisionContext(
 	}

 	pluginsPath, _ := filepath.Abs(filepath.Join(h.configsDir, "..", "plugins"))
-	awarenessNamespace := h.loadAwarenessNamespace(ctx, workspaceID)

 	// Per-agent git identity (#1957) — must run after secret loads so
 	// a workspace_secret named GIT_AUTHOR_NAME can override.
@@ -231,14 +229,13 @@ func (h *WorkspaceHandler) prepareProvisionContext(
 		}
 	}

-	cfg := h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, envVars, pluginsPath, awarenessNamespace)
+	cfg := h.buildProvisionerConfig(ctx, workspaceID, templatePath, configFiles, payload, envVars, pluginsPath)
 	cfg.ResetClaudeSession = resetClaudeSession

 	return &preparedProvisionContext{
-		EnvVars:            envVars,
-		PluginsPath:        pluginsPath,
-		AwarenessNamespace: awarenessNamespace,
-		Config:             cfg,
+		EnvVars:     envVars,
+		PluginsPath: pluginsPath,
+		Config:      cfg,
 	}, nil
 }

@@ -17,9 +17,9 @@ import (
 	"gopkg.in/yaml.v3"
 )

-// ==================== workspaceAwarenessNamespace ====================
+// ==================== workspaceMemoryNamespace ====================

-func TestWorkspaceAwarenessNamespace(t *testing.T) {
+func TestWorkspaceMemoryNamespace(t *testing.T) {
 	tests := []struct {
 		workspaceID string
 		expected    string
@@ -31,9 +31,9 @@ func TestWorkspaceAwarenessNamespace(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.workspaceID, func(t *testing.T) {
-			result := workspaceAwarenessNamespace(tt.workspaceID)
+			result := workspaceMemoryNamespace(tt.workspaceID)
 			if result != tt.expected {
-				t.Errorf("workspaceAwarenessNamespace(%q) = %q, want %q", tt.workspaceID, result, tt.expected)
+				t.Errorf("workspaceMemoryNamespace(%q) = %q, want %q", tt.workspaceID, result, tt.expected)
 			}
 		})
 	}
@@ -645,7 +645,7 @@ func TestSeedInitialMemories_TruncatesOversizedContent(t *testing.T) {
 					WillReturnResult(sqlmock.NewResult(1, 1))
 			}

-			seedInitialMemories(context.Background(), workspaceID, memories, "test-ns")
+			seedInitialMemories(context.Background(), workspaceID, memories)

 			if err := mock.ExpectationsWereMet(); err != nil {
 				t.Errorf("unmet DB expectations: %v", err)
@@ -674,7 +674,7 @@ func TestSeedInitialMemories_RedactsSecrets(t *testing.T) {
 		WithArgs(workspaceID, wantRedacted, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(1, 1))

-	seedInitialMemories(context.Background(), workspaceID, memories, "test-ns")
+	seedInitialMemories(context.Background(), workspaceID, memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unmet DB expectations: %v", err)
@@ -691,7 +691,7 @@ func TestSeedInitialMemories_InvalidScopeSkipped(t *testing.T) {
 		{Content: "this should be skipped", Scope: "NOT_A_REAL_SCOPE"},
 	}

-	seedInitialMemories(context.Background(), "ws-bad-scope", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-bad-scope", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unexpected DB calls for invalid scope: %v", err)
@@ -704,7 +704,7 @@ func TestSeedInitialMemories_EmptyMemoriesNil(t *testing.T) {
 	mock := setupTestDB(t)
 	mock.ExpectationsWereMet()

-	seedInitialMemories(context.Background(), "ws-nil", nil, "test-ns")
+	seedInitialMemories(context.Background(), "ws-nil", nil)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unexpected DB calls for nil slice: %v", err)
@@ -733,7 +733,6 @@ func TestBuildProvisionerConfig_BasicFields(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 1, Runtime: "langgraph"},
 		map[string]string{"API_KEY": "secret"},
 		pluginsPath,
-		"workspace:ws-basic",
 	)

 	if cfg.WorkspaceID != "ws-basic" {
@@ -748,9 +747,6 @@ func TestBuildProvisionerConfig_BasicFields(t *testing.T) {
 	if cfg.PlatformURL != "http://localhost:8080" {
 		t.Errorf("expected PlatformURL 'http://localhost:8080', got %q", cfg.PlatformURL)
 	}
-	if cfg.AwarenessNamespace != "workspace:ws-basic" {
-		t.Errorf("expected AwarenessNamespace 'workspace:ws-basic', got %q", cfg.AwarenessNamespace)
-	}
 	if cfg.PluginsPath != pluginsPath {
 		t.Errorf("expected PluginsPath %q, got %q", pluginsPath, cfg.PluginsPath)
 	}
@@ -775,7 +771,6 @@ func TestBuildProvisionerConfig_WorkspacePathFromEnv(t *testing.T) {

 	workspaceDir := t.TempDir()
 	t.Setenv("WORKSPACE_DIR", workspaceDir)
-	t.Setenv("AWARENESS_URL", "http://awareness:37800")

 	pluginsPath := t.TempDir()
 	cfg := handler.buildProvisionerConfig(
@@ -786,15 +781,11 @@ func TestBuildProvisionerConfig_WorkspacePathFromEnv(t *testing.T) {
 		models.CreateWorkspacePayload{Tier: 2, Runtime: "claude-code"},
 		nil,
 		pluginsPath,
-		"workspace:ws-env",
 	)

 	if cfg.WorkspacePath != workspaceDir {
 		t.Errorf("expected WorkspacePath from env, got %q", cfg.WorkspacePath)
 	}
-	if cfg.AwarenessURL != "http://awareness:37800" {
-		t.Errorf("expected AwarenessURL from env, got %q", cfg.AwarenessURL)
-	}
 }

 // ==================== issueAndInjectToken (issue #418) ====================
@@ -1007,7 +998,7 @@ func TestSeedInitialMemories_Truncation(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), expectTruncated, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))

-	seedInitialMemories(context.Background(), "ws-1066-test", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-1066-test", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v\n"+
@@ -1027,7 +1018,7 @@ func TestSeedInitialMemories_ContentUnderLimit(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), "short content", "TEAM", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))

-	seedInitialMemories(context.Background(), "ws-1066-under", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-1066-under", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1052,7 +1043,7 @@ func TestSeedInitialMemories_ExactlyAtLimit(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), atLimitContent, "LOCAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))

-	seedInitialMemories(context.Background(), "ws-boundary", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-boundary", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1068,7 +1059,7 @@ func TestSeedInitialMemories_EmptyContent(t *testing.T) {
 	}

 	// seedInitialMemories skips empty content at line 234 — no DB call expected.
-	seedInitialMemories(context.Background(), "ws-empty", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-empty", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -1092,7 +1083,7 @@ func TestSeedInitialMemories_OversizedWithSecrets(t *testing.T) {
 		WithArgs(sqlmock.AnyArg(), sqlmock.AnyArg(), "GLOBAL", sqlmock.AnyArg()).
 		WillReturnResult(sqlmock.NewResult(0, 1))

-	seedInitialMemories(context.Background(), "ws-secrets", memories, "test-ns")
+	seedInitialMemories(context.Background(), "ws-secrets", memories)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("DB expectations not met: %v", err)
@@ -342,7 +342,7 @@ func TestWorkspaceCreate_DBInsertError(t *testing.T) {
 	// Transaction begins, workspace INSERT fails, transaction is rolled back.
 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Failing Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Failing Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnError(sql.ErrConnDone)
 	mock.ExpectRollback()

@@ -375,7 +375,7 @@ func TestWorkspaceCreate_DefaultsApplied(t *testing.T) {
 	// Expect workspace INSERT with defaulted tier=3 (Privileged — the
 	// handler default in workspace.go), runtime="langgraph"
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Default Agent", nil, 3, "langgraph", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Default Agent", nil, 3, "langgraph", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()

@@ -423,7 +423,7 @@ func TestWorkspaceCreate_SaaSHardForcesTier4(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "SaaS External Agent", nil, 4, "external", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "SaaS External Agent", nil, 4, "external", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -464,7 +464,7 @@ func TestWorkspaceCreate_WithSecrets_Persists(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	// Secret inserted inside the same transaction.
 	mock.ExpectExec("INSERT INTO workspace_secrets").
@@ -576,7 +576,7 @@ func TestWorkspaceCreate_ExternalURL_SSRFSafe(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Ext Agent", nil, 3, "external", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Ext Agent", nil, 3, "external", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	// External URL update (localhost is explicitly allowed by validateAgentURL).
@@ -615,7 +615,7 @@ func TestWorkspaceCreate_KimiRuntime_PreservesLabel(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Kimi Agent", nil, 3, "kimi", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Kimi Agent", nil, 3, "kimi", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	// Pre-register flow: awaiting_agent + runtime preserved as "kimi"
@@ -1639,7 +1639,7 @@ runtime_config:
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Hermes Agent", nil, 3, "hermes",
-			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1696,7 +1696,7 @@ model: anthropic:claude-sonnet-4-5
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Legacy Agent", nil, 3, "langgraph",
-			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1749,7 +1749,7 @@ runtime_config:
 	mock.ExpectExec("INSERT INTO workspaces").
 		WithArgs(
 			sqlmock.AnyArg(), "Custom Hermes", nil, 3, "hermes",
-			sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+			(*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -1894,7 +1894,7 @@ func TestWorkspaceCreate_188_ExplicitRuntimeNoTemplate_OK(t *testing.T) {

 	mock.ExpectBegin()
 	mock.ExpectExec("INSERT INTO workspaces").
-		WithArgs(sqlmock.AnyArg(), "Explicit Codex", nil, 3, "codex", sqlmock.AnyArg(), (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
+		WithArgs(sqlmock.AnyArg(), "Explicit Codex", nil, 3, "codex", (*string)(nil), nil, "none", (*int64)(nil), models.DefaultMaxConcurrentTasks, "push").
 		WillReturnResult(sqlmock.NewResult(0, 1))
 	mock.ExpectCommit()
 	mock.ExpectExec("INSERT INTO canvas_layouts").
@@ -17,7 +17,6 @@ type Workspace struct {
 	Name               string          `json:"name" db:"name"`
 	Role               sql.NullString  `json:"role" db:"role"`
 	Tier               int             `json:"tier" db:"tier"`
-	AwarenessNamespace sql.NullString  `json:"awareness_namespace" db:"awareness_namespace"`
 	Status             string          `json:"status" db:"status"`
 	SourceBundleID     sql.NullString  `json:"source_bundle_id" db:"source_bundle_id"`
 	AgentCard          json.RawMessage `json:"agent_card" db:"agent_card"`
@@ -207,7 +206,8 @@ type CreateWorkspacePayload struct {
 	} `json:"canvas"`
 	// InitialMemories is an optional list of memories to seed into the
 	// workspace immediately after creation. Each entry is inserted into
-	// agent_memories with the workspace's awareness namespace. Issue #1050.
+	// agent_memories under the workspace's v2 memory namespace
+	// ("workspace:<id>"). Issue #1050.
 	InitialMemories []MemorySeed `json:"initial_memories"`
 }

@@ -152,14 +152,15 @@ func (p *CPProvisioner) adminAuthHeaders(req *http.Request) {
 }

 type cpProvisionRequest struct {
-	OrgID        string            `json:"org_id"`
-	WorkspaceID  string            `json:"workspace_id"`
-	Runtime      string            `json:"runtime"`
-	Tier         int               `json:"tier"`
-	InstanceType string            `json:"instance_type,omitempty"`
-	DiskGB       int32             `json:"disk_gb,omitempty"`
-	PlatformURL  string            `json:"platform_url"`
-	Env          map[string]string `json:"env"`
+	OrgID        string                 `json:"org_id"`
+	WorkspaceID  string                 `json:"workspace_id"`
+	Runtime      string                 `json:"runtime"`
+	Tier         int                    `json:"tier"`
+	InstanceType string                 `json:"instance_type,omitempty"`
+	DiskGB       int32                  `json:"disk_gb,omitempty"`
+	Display      WorkspaceDisplayConfig `json:"display,omitempty"`
+	PlatformURL  string                 `json:"platform_url"`
+	Env          map[string]string      `json:"env"`
 	// ConfigFiles are template + generated config files to write into the
 	// EC2 instance's /configs directory. OFFSEC-010: collected by
 	// collectCPConfigFiles which rejects symlinks and non-regular files
@@ -214,6 +215,7 @@ func (p *CPProvisioner) Start(ctx context.Context, cfg WorkspaceConfig) (string,
 		Tier:         cfg.Tier,
 		InstanceType: cfg.InstanceType,
 		DiskGB:       cfg.DiskGB,
+		Display:      cfg.Display,
 		PlatformURL:  cfg.PlatformURL,
 		Env:          env,
 		ConfigFiles:  configFiles,
@@ -197,6 +197,12 @@ func TestStart_HappyPath(t *testing.T) {
 		if body.DiskGB != 100 {
 			t.Errorf("disk_gb = %d, want 100", body.DiskGB)
 		}
+		if body.Display.Mode != "desktop-control" || body.Display.Protocol != "novnc" {
+			t.Errorf("display mode/protocol = %q/%q, want desktop-control/novnc", body.Display.Mode, body.Display.Protocol)
+		}
+		if body.Display.Width != 1920 || body.Display.Height != 1080 {
+			t.Errorf("display size = %dx%d, want 1920x1080", body.Display.Width, body.Display.Height)
+		}
 		w.WriteHeader(http.StatusCreated)
 		_, _ = io.WriteString(w, `{"instance_id":"i-abc123","state":"pending"}`)
 	}))
@@ -212,6 +218,7 @@ func TestStart_HappyPath(t *testing.T) {
 	id, err := p.Start(context.Background(), WorkspaceConfig{
 		WorkspaceID: "ws-1", Runtime: "python", Tier: 1, PlatformURL: "http://tenant",
 		InstanceType: "m6i.xlarge", DiskGB: 100,
+		Display: WorkspaceDisplayConfig{Mode: "desktop-control", Protocol: "novnc", Width: 1920, Height: 1080},
 	})
 	if err != nil {
 		t.Fatalf("Start: %v", err)
@@ -97,13 +97,12 @@ type WorkspaceConfig struct {
 	PluginsPath        string            // Host path to plugins directory (mounted at /plugins)
 	WorkspacePath      string            // Host path to bind-mount as /workspace (if empty, uses Docker named volume)
 	Tier               int
-	Runtime            string            // "langgraph" (default) or "claude-code", "codex", "ollama", "custom"
-	InstanceType       string            // Optional CP EC2 instance type override (SaaS only)
-	DiskGB             int32             // Optional CP root volume size override in GiB (SaaS only)
+	Runtime            string // "langgraph" (default) or "claude-code", "codex", "ollama", "custom"
+	InstanceType       string // Optional CP EC2 instance type override (SaaS only)
+	DiskGB             int32  // Optional CP root volume size override in GiB (SaaS only)
+	Display            WorkspaceDisplayConfig
 	EnvVars            map[string]string // Additional env vars (API keys, etc.)
 	PlatformURL        string
-	AwarenessURL       string
-	AwarenessNamespace string
 	WorkspaceAccess    string // #65: "none" (default), "read_only", or "read_write"
 	ResetClaudeSession bool   // #12: if true, discard the claude-sessions volume before start (fresh session dir)

@@ -122,6 +121,13 @@ type WorkspaceConfig struct {
 	Image string
 }

+type WorkspaceDisplayConfig struct {
+	Mode     string `json:"mode,omitempty"`
+	Width    int    `json:"width,omitempty"`
+	Height   int    `json:"height,omitempty"`
+	Protocol string `json:"protocol,omitempty"`
+}
+
 // selectImage resolves the final Docker image ref for a workspace. The handler
 // layer is the source of truth — if it set cfg.Image (the digest-pinned form
 // supplied by CP, the SSOT for runtime image pins; molecule-core's own
@@ -706,10 +712,6 @@ func buildContainerEnv(cfg WorkspaceConfig) []string {
 		// still override (Dockerfile ENV is overridden by docker -e at runtime).
 		"PYTHONPATH=/app",
 	}
-	if cfg.AwarenessNamespace != "" && cfg.AwarenessURL != "" {
-		env = append(env, fmt.Sprintf("AWARENESS_NAMESPACE=%s", cfg.AwarenessNamespace))
-		env = append(env, fmt.Sprintf("AWARENESS_URL=%s", cfg.AwarenessURL))
-	}
 	// #1687: track explicit GH_TOKEN / GITHUB_TOKEN so they win over GH_PAT
 	// alias. These are normally stripped by the SCM-write guard below, but
 	// when a user explicitly sets them we preserve the value.
@@ -692,39 +692,6 @@ func TestBuildContainerEnv_MoleculeAIURLAlwaysMatchesPlatformURL(t *testing.T) {
 	}
 }

-func TestBuildContainerEnv_AwarenessOnlyWhenBothSet(t *testing.T) {
-	// Both set → both injected.
-	cfg := WorkspaceConfig{
-		WorkspaceID:        "ws-x",
-		PlatformURL:        "http://localhost:8080",
-		AwarenessURL:       "http://awareness:9000",
-		AwarenessNamespace: "ns-1",
-	}
-	env := buildContainerEnv(cfg)
-	hasNS := false
-	hasURL := false
-	for _, e := range env {
-		if e == "AWARENESS_NAMESPACE=ns-1" {
-			hasNS = true
-		}
-		if e == "AWARENESS_URL=http://awareness:9000" {
-			hasURL = true
-		}
-	}
-	if !hasNS || !hasURL {
-		t.Errorf("both awareness vars must be present: env=%v", env)
-	}
-
-	// Only namespace set → neither injected (must be both-or-nothing).
-	cfg.AwarenessURL = ""
-	env2 := buildContainerEnv(cfg)
-	for _, e := range env2 {
-		if strings.HasPrefix(e, "AWARENESS_") {
-			t.Errorf("awareness vars must NOT be injected when URL is missing: got %q", e)
-		}
-	}
-}
-
 func TestBuildContainerEnv_CustomEnvVarsAppended(t *testing.T) {
 	// NOTE: this test previously asserted GITHUB_TOKEN passed through
 	// verbatim. That assertion encoded the forensic #145 latent leak as
@@ -0,0 +1,11 @@
+-- Reverse of 20260523130000_drop_workspaces_awareness_namespace.up.sql.
+--
+-- Restores the workspaces.awareness_namespace column verbatim from
+-- migration 010_workspace_awareness.sql so a down-cycle leaves the
+-- schema bit-identical to the pre-drop state. The column will be
+-- NULL on all rows after re-add — handlers no longer write to it and
+-- callers no longer read it, so this is functionally inert without
+-- a paired code revert.
+
+ALTER TABLE workspaces
+    ADD COLUMN IF NOT EXISTS awareness_namespace TEXT;
@@ -0,0 +1,19 @@
+-- Issue #1735 — drop the workspaces.awareness_namespace column.
+--
+-- "Awareness namespaces" were a memory-routing surface (env vars
+-- AWARENESS_URL / AWARENESS_NAMESPACE) that was plumbed across the
+-- platform but never wired in any production or staging environment
+-- (verified 2026-05-23 via Railway GraphQL on the controlplane service:
+-- AWARENESS_* unset in both env IDs 59227671-… and 639539ec-…).
+--
+-- The column added by migration 010_workspace_awareness.sql was only
+-- ever populated with the canonical "workspace:<id>" string, which is
+-- also the v2 memory namespace string (see internal/memory/namespace/
+-- resolver.go:186). Removing the column does not change any agent-
+-- visible memory namespace — handlers now compute the same
+-- "workspace:<id>" string inline when inserting into agent_memories.
+--
+-- Related: #1733 (memory SSOT consolidation), #1734 (Memory tab bug).
+
+ALTER TABLE workspaces
+    DROP COLUMN IF EXISTS awareness_namespace;