review(docs): #1735 patch API spec lines describing awareness_namespace

#1737 deletes the awareness_namespace column from `workspaces` and the provisioner env injection that backed it. Two API-spec lines still describe the field as if it were live, which would mislead any external integrator reading the docs against a post-#1737 backend: - docs/api-reference.md:106 listed `awareness_namespace` as a column on the `workspaces` row. - docs/api-protocol/platform-api.md:93 claimed workspace creation "assigns an awareness_namespace on the workspace row" and the namespace is "later injected into the provisioned runtime". Both are factually wrong post-#1737. Patched. The broader docs sweep (~30 more references across `docs/architecture/memory.md`, `docs/agent-runtime/*`, READMEs, superpowers plans, etc.) is tracked in #1753 as a docs-only follow-up — those are narrative / handbook copy, not contract. Refs: #1735 (RFC), #1737 (the backend removal PR this rebases on), #1753 (docs sweep follow-up), review-finding C3 (API doc contradiction). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chore(workspace-server): #1735 remove unused Awareness namespace surface
2026-05-23 16:57:14 -07:00 · 2026-05-23 16:55:10 -07:00
63 changed files with 2461 additions and 1889 deletions
@@ -50,6 +50,9 @@ MOLECULE_ENV=development                       # Environment label (development/
 # Container/runtime detection
 # MOLECULE_IN_DOCKER=                    # Set when running the platform inside Docker (accepts 1/0, true/false). Triggers A2A proxy to rewrite 127.0.0.1:<port> agent URLs to Docker bridge hostnames. Auto-detected via /.dockerenv; only set if detection fails or to force off.

+# Observability (Awareness)
+# AWARENESS_URL=                         # If set, injected into workspace containers along with a deterministic AWARENESS_NAMESPACE derived from workspace ID. Enables the cross-session memory MCP server.
+
 # GitHub
 # GITHUB_REPO=owner/repo                 # Target repo for agent initial_prompt clone (e.g. Molecule-AI/molecule-monorepo). Read inside workspace containers.
 # GITHUB_TOKEN=                          # Personal access token / installation token used by agents that clone private repos. Register as a global secret via POST /admin/secrets for propagation to workspace env. Token is used in-URL during clone and then scrubbed from .git/config via `git remote set-url`.
@@ -21,6 +21,10 @@ from urllib.parse import quote
 TRUE_VALUES = {"1", "true", "yes", "on", "disabled", "disable"}
 PROD_CP_URL = "https://api.moleculesai.app"
 DEFAULT_REQUIRED_CONTEXTS = [
+    "CI / Platform (Go) (push)",
+    "CI / Canvas (Next.js) (push)",
+    "CI / Shellcheck (E2E scripts) (push)",
+    "CI / Python Lint & Test (push)",
    "CI / all-required (push)",
    "Secret scan / Scan diff for credential-shaped strings (push)",
 ]
@@ -1,31 +0,0 @@
-from pathlib import Path
-
-import yaml
-
-
-ROOT = Path(__file__).resolve().parents[2]
-
-
-def load_workflow(name: str) -> dict:
-    with (ROOT / "workflows" / name).open() as f:
-        return yaml.safe_load(f)
-
-
-def test_all_required_uses_dedicated_meta_runner_lane():
-    workflow = load_workflow("ci.yml")
-    all_required = workflow["jobs"]["all-required"]
-
-    assert all_required["runs-on"] == "ci-meta"
-    assert "needs" not in all_required
-
-
-def test_all_required_reuses_path_filter_before_polling():
-    workflow = load_workflow("ci.yml")
-    all_required = workflow["jobs"]["all-required"]
-    rendered = str(all_required)
-
-    assert "--profile ci" in rendered
-    assert ".gitea/scripts/detect-changes.py" in rendered
-    assert "REQUIRE_PLATFORM" in rendered
-    assert "REQUIRE_CANVAS" in rendered
-    assert "REQUIRE_SCRIPTS" in rendered
@@ -146,10 +146,3 @@ def test_context_is_terminal_failure_rejects_cancelled_and_skipped():
        assert prod.context_is_terminal_failure(state) is True
    for state in ("pending", "missing", "success"):
        assert prod.context_is_terminal_failure(state) is False
-
-
-def test_default_required_contexts_delegate_path_gating_to_all_required():
-    assert prod.required_contexts({}) == [
-        "CI / all-required (push)",
-        "Secret scan / Scan diff for credential-shaped strings (push)",
-    ]
@@ -476,11 +476,7 @@ jobs:
    # jobs settle, leaving branch protection with a permanent pending
    # `CI / all-required` context. Instead, this independent sentinel polls the
    # required commit-status contexts for this SHA and fails if any fail, skip,
-    # or never emit. It runs the same path detector as `changes` and only waits
-    # for path-relevant jobs; Gitea can otherwise leave needs/output-skipped
-    # jobs permanently pending with "Blocked by required conditions". It runs on
-    # the dedicated `ci-meta` lane so the poller does not occupy the same
-    # general runner pool as the jobs it is waiting for.
+    # or never emit.
    #
    # canvas-deploy-reminder is intentionally NOT included in all-required.needs.
    # It is an informational main-push reminder, not a PR quality gate. Keeping
@@ -488,24 +484,9 @@ jobs:
    # sentinel before the `always()` guard can emit a branch-protection status.
    #
    continue-on-error: false
-    runs-on: ci-meta
+    runs-on: ubuntu-latest
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          fetch-depth: 0
-      - id: check
-        env:
-          PR_BASE_SHA: ${{ github.event.pull_request.base.sha }}
-          PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
-          PUSH_BEFORE: ${{ github.event.before }}
-        run: |
-          python3 .gitea/scripts/detect-changes.py \
-            --profile ci \
-            --event-name "${{ github.event_name }}" \
-            --pr-base-sha "$PR_BASE_SHA" \
-            --base-ref "$PR_BASE_REF" \
-            --push-before "${GITHUB_EVENT_BEFORE:-$PUSH_BEFORE}"
      - name: Wait for required CI contexts
        env:
          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -513,9 +494,6 @@ jobs:
          REPOSITORY: ${{ github.repository }}
          COMMIT_SHA: ${{ github.sha }}
          EVENT_NAME: ${{ github.event_name }}
-          REQUIRE_PLATFORM: ${{ steps.check.outputs.platform }}
-          REQUIRE_CANVAS: ${{ steps.check.outputs.canvas }}
-          REQUIRE_SCRIPTS: ${{ steps.check.outputs.scripts }}
        run: |
          set -euo pipefail
          python3 - <<'PY'
@@ -533,14 +511,11 @@ jobs:
          event = os.environ["EVENT_NAME"]
          required = [
              f"CI / Detect changes ({event})",
+              f"CI / Platform (Go) ({event})",
+              f"CI / Canvas (Next.js) ({event})",
+              f"CI / Shellcheck (E2E scripts) ({event})",
              f"CI / Python Lint & Test ({event})",
          ]
-          if os.environ.get("REQUIRE_PLATFORM") == "true":
-              required.append(f"CI / Platform (Go) ({event})")
-          if os.environ.get("REQUIRE_CANVAS") == "true":
-              required.append(f"CI / Canvas (Next.js) ({event})")
-          if os.environ.get("REQUIRE_SCRIPTS") == "true":
-              required.append(f"CI / Shellcheck (E2E scripts) ({event})")
          terminal_bad = {"failure", "error"}
          deadline = time.time() + 40 * 60
          last_summary = None
@@ -79,7 +79,7 @@ LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, Hermes, Gemini CLI, and Ope

 ### 4. Memory is treated like infrastructure

-Molecule AI's HMA approach is designed around organizational boundaries, not just "store more context somewhere." Durable recall, scoped sharing through the v2 memory plugin, and skill promotion are all part of one coherent system.
+Molecule AI's HMA approach is designed around organizational boundaries, not just “store more context somewhere.” Durable recall, scoped sharing, awareness namespaces, and skill promotion are all part of one coherent system.

 ### 5. It comes with a real control plane

@@ -101,7 +101,7 @@ Registry, heartbeats, restart, pause/resume, activity logs, approvals, terminal
 | **Role-native workspace abstraction** | Your org structure survives model swaps, framework changes, and team expansion |
 | **Fractal team expansion** | A single specialist can become a managed department without breaking upstream integrations |
 | **Heterogeneous runtime compatibility** | Different teams can keep their preferred agent architecture while sharing one control plane |
-| **HMA + v2 memory plugin** | Memory sharing follows hierarchy instead of leaking across the whole system; one plugin per tenant, namespace-scoped per workspace |
+| **HMA + awareness namespaces** | Memory sharing follows hierarchy instead of leaking across the whole system |
 | **Skill evolution loop** | Durable successful workflows can graduate from memory into reusable, hot-reloadable skills |
 | **WebSocket-first operational UX** | The canvas reflects task state, structure changes, and A2A responses in near real time |
 | **Global secrets with local override** | Centralize provider access, then override only where a workspace needs specialized credentials |
@@ -133,7 +133,7 @@ Most projects stop at “we added memory.” Molecule AI pushes further:
 | Flat store or weak namespaces | Hierarchy-aligned `LOCAL`, `TEAM`, `GLOBAL` scopes |
 | Sharing is easy to overexpose | Sharing is explicit and structure-aware |
 | Memory and procedure get mixed together | Memory stores durable facts; skills store repeatable procedure |
-| Every agent can become over-privileged | Per-workspace namespaces in the v2 memory plugin reduce blast radius |
+| Every agent can become over-privileged | Workspace awareness namespaces reduce blast radius |
 | UI memory and runtime memory blur together | Separate surfaces for scoped agent memory, key/value workspace memory, and recall |

 ### The flywheel
@@ -163,7 +163,7 @@ Most agent systems stop at "a smart runtime." Molecule AI pushes further: it giv

 | Core mechanism | Molecule AI module(s) | Why it matters |
 |---|---|---|
-| **Durable memory that survives sessions** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/`, `workspace-server/internal/handlers/memories.go`, `workspace-server/internal/memory/` (v2 plugin client + namespace resolver) | Memory is not just durable, it is **workspace-scoped** — every write lands in the workspace's own `workspace:<id>` namespace, with `team:<root>` and `org:<root>` available for cross-workspace shares via the platform's namespace ACL when an agent explicitly promotes a memory |
+| **Durable memory that survives sessions** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/`, `workspace-server/internal/handlers/memories.go` | Memory is not just durable, it is **workspace-scoped** and can route into awareness namespaces tied to the org structure |
 | **Cross-session recall** | `workspace-server/internal/handlers/activity.go` (`/workspaces/:id/session-search`) | Recall spans both activity history and memory rows, so the system can search what happened and what was learned without inventing a separate hidden store |
 | **Skills built from experience** | `molecule-ai-workspace-runtime/molecule_runtime/builtin_tools/memory.py` (`_maybe_log_skill_promotion`) | Promotion from memory into a skill candidate is surfaced as an explicit platform activity, not a silent internal side effect |
 | **Skill improvement during use** | `molecule-ai-workspace-runtime/molecule_runtime/skill_loader/`, `molecule-ai-workspace-runtime/molecule_runtime/main.py` | Skills hot-reload into the live runtime, so improvements become available on the next A2A task without restarting the workspace |
@@ -172,7 +172,7 @@ Most agent systems stop at "a smart runtime." Molecule AI pushes further: it giv
 ### Why this matters in Molecule AI

 1. **The learning loop is org-aware, not just session-aware.**
-   Memory can live at `LOCAL`, `TEAM`, or `GLOBAL` scope, and the v2 plugin's namespace ACL gives each workspace a durable identity boundary.
+   Memory can live at `LOCAL`, `TEAM`, or `GLOBAL` scope, and awareness namespaces give each workspace a durable identity boundary.

 2. **The learning loop is visible to operators.**
   Promotion events, activity logs, current-task updates, traces, and WebSocket fanout mean self-improvement is part of the control plane, not a hidden black box.
@@ -211,7 +211,7 @@ The result is not just “an agent that learns.” It is **an organization that
 - standalone workspace-template images that install `molecule-ai-workspace-runtime` from the Gitea package registry; thin AMI in production (us-east-2)
 - adapter-driven execution across **8 runtimes** (Claude Code, Hermes, Gemini CLI, LangGraph, DeepAgents, CrewAI, AutoGen, OpenClaw)
 - Agent Card registration
- **Memory v2 backed by pgvector** — per-tenant plugin sidecar serving HMA namespaces with FTS + semantic recall
+- awareness-backed memory integration; **Memory v2 backed by pgvector** for semantic recall
 - plugin-mounted shared rules/skills
 - hot-reloadable local skills
 - coordinator-only delegation path
@@ -262,7 +262,7 @@ Canvas (Next.js 15, warm-paper :3000)  <--HTTP / WS-->  Platform (Go 1.25 :8080)
 Workspace Runtime (Python ≥3.11, image with adapters)
  - 8 adapters: LangGraph / DeepAgents / Claude Code / CrewAI / AutoGen / Hermes / Gemini CLI / OpenClaw
  - Agent Card + A2A server (typed-SSOT response path, RFC #2967)
-  - heartbeat + activity + Memory v2 (pgvector semantic recall via per-tenant plugin sidecar)
+  - heartbeat + activity + awareness-backed memory (Memory v2 — pgvector semantic recall)
  - skills + plugins + hot reload

 SaaS Control Plane (molecule-controlplane, private)
@@ -78,7 +78,7 @@ LangGraph、DeepAgents、Claude Code、CrewAI、AutoGen、Hermes、Gemini CLI、

 ### 4. Memory 被当成基础设施来做

-Molecule AI 的 HMA 不是“多存一点上下文”而已。它关注组织边界、durable recall、scope sharing、v2 memory plugin、skill promotion，把这些放在一个完整体系里。
+Molecule AI 的 HMA 不是“多存一点上下文”而已。它关注组织边界、durable recall、scope sharing、awareness namespace、skill promotion，把这些放在一个完整体系里。

 ### 5. 它自带真正的 control plane

@@ -100,7 +100,7 @@ Registry、heartbeat、restart、pause/resume、activity、approval、terminal
 | **角色原生 workspace 抽象** | 模型切换、框架切换、团队扩容都不会打碎你的组织结构 |
 | **分形式团队扩展** | 一个 specialist 可以平滑升级成一个部门，而不影响上游集成 |
 | **异构 runtime 兼容** | 不同团队可以保留偏好的 agent 架构，但共用一套平台规则 |
-| **HMA + v2 memory plugin** | Memory 分享沿组织边界走，而不是全局乱穿透；每个 tenant 一个 plugin，按 workspace namespace 隔离 |
+| **HMA + awareness namespace** | Memory 分享沿组织边界走，而不是全局乱穿透 |
 | **Skill 演化闭环** | 成功工作流可以从 memory 逐步提升成可热加载的 skill |
 | **WebSocket-first 运维体验** | Canvas 能即时反映任务状态、结构变更和 A2A 响应 |
 | **Global secrets + local override** | 统一管理 provider 凭据，只在需要时做 workspace 级覆写 |
@@ -132,7 +132,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 | 扁平 store 或弱命名空间隔离 | 与层级对齐的 `LOCAL`、`TEAM`、`GLOBAL` scope |
 | 分享很容易越界 | 分享是显式且结构感知的 |
 | Memory 和 procedure 混成一团 | Memory 存 durable facts，skills 存 repeatable procedure |
-| 任意 agent 容易过权 | v2 memory plugin 的 per-workspace namespace 缩小 blast radius |
+| 任意 agent 容易过权 | workspace awareness namespace 缩小 blast radius |
 | UI memory 和 runtime memory 混在一起 | scoped agent memory、key/value workspace memory、recall surface 分层清晰 |

 ### 这套飞轮怎么转
@@ -162,7 +162,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更

 | 核心机制 | Molecule AI 对应模块 | 为什么重要 |
 |---|---|---|
-| **跨 session 的 durable memory** | `workspace/builtin_tools/memory.py`、`workspace-server/internal/handlers/memories.go`、`workspace-server/internal/memory/`（v2 plugin client + namespace resolver）| 不只是持久化，而且是**按 workspace 隔离**的 —— 每次写入都落在 workspace 自己的 `workspace:<id>` namespace 里；当 agent 显式升级到跨 workspace 共享时，可以通过平台 namespace ACL 写到 `team:<root>` 和 `org:<root>` |
+| **跨 session 的 durable memory** | `workspace/builtin_tools/memory.py`、`workspace/builtin_tools/awareness_client.py`、`workspace-server/internal/handlers/memories.go` | 不只是持久化，而且是**按 workspace 隔离**的，可进一步路由到和组织结构绑定的 awareness namespace |
 | **Cross-session recall** | `workspace-server/internal/handlers/activity.go` 中的 `/workspaces/:id/session-search` | Recall 同时覆盖 activity history 和 memory rows，不需要再造一个隐蔽的新存储层 |
 | **从经验里长出技能** | `workspace/builtin_tools/memory.py` 里的 `_maybe_log_skill_promotion` | 从 memory 到 skill candidate 的提升会被显式记录成平台 activity，而不是默默发生在黑盒里 |
 | **技能在使用中持续改进** | `workspace/skill_loader/watcher.py`、`workspace/skill_loader/loader.py`、`workspace/main.py` | Skill 改动可以热加载进 live runtime，下一次 A2A 任务就能直接使用，不需要重启 workspace |
@@ -171,7 +171,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 ### 为什么这在 Molecule AI 里更适合团队级系统

 1. **学习闭环是 org-aware 的，而不只是 session-aware。**
-   Memory 可以按 `LOCAL`、`TEAM`、`GLOBAL` scope 运作，v2 plugin 的 namespace ACL 让每个 workspace 都有清晰的持久边界。
+   Memory 可以按 `LOCAL`、`TEAM`、`GLOBAL` scope 运作，awareness namespace 让每个 workspace 都有清晰的持久边界。

 2. **学习闭环是对运维可见的。**
   Promotion events、activity logs、current-task updates、traces、WebSocket fanout 让自我进化进入 control plane，而不是藏在黑盒内部。
@@ -210,7 +210,7 @@ Molecule AI 并不是要替代下面这些 framework，而是把它们纳入更
 - 统一 `workspace/` 镜像；生产环境采用 thin AMI（us-east-2）
 - adapter 驱动执行，覆盖 **8 个 runtime**（Claude Code、Hermes、Gemini CLI、LangGraph、DeepAgents、CrewAI、AutoGen、OpenClaw）
 - Agent Card 注册
- **Memory v2 由 pgvector 支撑** —— 每个 tenant 一个 plugin sidecar，承载 HMA namespace、FTS 与语义召回
+- awareness-backed memory；**Memory v2 由 pgvector 支撑**语义召回
 - plugin 挂载共享 rules/skills
 - 本地 skills 热加载
 - coordinator-only delegation 路径
@@ -261,7 +261,7 @@ Canvas (Next.js 15, warm-paper :3000)  <--HTTP / WS-->  Platform (Go 1.25 :8080)
 Workspace Runtime (Python ≥3.11，含 adapter 集合的镜像)
  - 8 个 adapter: LangGraph / DeepAgents / Claude Code / CrewAI / AutoGen / Hermes / Gemini CLI / OpenClaw
  - Agent Card + A2A server（typed-SSOT 响应路径，RFC #2967）
-  - heartbeat + activity + Memory v2（pgvector 语义召回，per-tenant plugin sidecar）
+  - heartbeat + activity + awareness-backed memory（Memory v2 —— pgvector 语义召回）
  - skills + plugins + hot reload

 SaaS Control Plane (molecule-controlplane，私有)
@@ -8,7 +8,6 @@
      "name": "molecule-monorepo-canvas",
      "version": "0.1.0",
      "dependencies": {
-        "@novnc/novnc": "^1.7.0",
        "@radix-ui/react-alert-dialog": "^1.1.15",
        "@radix-ui/react-dialog": "^1.1.15",
        "@radix-ui/react-tabs": "^1.1.12",
@@ -1111,12 +1110,6 @@
        "node": ">= 10"
      }
    },
-    "node_modules/@novnc/novnc": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/@novnc/novnc/-/novnc-1.7.0.tgz",
-      "integrity": "sha512-ucEJOx4T2avIRCleodk7YobZj5O2Ga2AeLfQ69A/yjG9HHba2+PDgwSkN3FttrmG+70ZGx21sElNFouK13RzyA==",
-      "license": "MPL-2.0"
-    },
    "node_modules/@oxc-project/types": {
      "version": "0.127.0",
      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.127.0.tgz",
@@ -11,7 +11,6 @@
    "test:coverage": "vitest run --coverage"
  },
  "dependencies": {
-    "@novnc/novnc": "^1.7.0",
    "@radix-ui/react-alert-dialog": "^1.1.15",
    "@radix-ui/react-dialog": "^1.1.15",
    "@radix-ui/react-tabs": "^1.1.12",
@@ -24,10 +24,9 @@
 * "no memories yet".
 */

-import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { useCallback, useEffect, useMemo, useState } from 'react';
 import { api } from '@/lib/api';
 import { ConfirmDialog } from '@/components/ConfirmDialog';
-import { useSocketEvent } from '@/hooks/useSocketEvent';

 // ── Types ─────────────────────────────────────────────────────────────────────

@@ -247,60 +246,6 @@ export function MemoryInspectorPanel({ workspaceId }: Props) {
    loadEntries();
  }, [loadEntries]);

-  // Live-refresh on ACTIVITY_LOGGED events that look like memory writes
-  // for this workspace (#1734). Without this, the user sees a stale
-  // empty state after an agent commits — agent says "wrote memory",
-  // panel keeps showing nothing until they hit Refresh.
-  //
-  // What actually broadcasts ACTIVITY_LOGGED on the server today
-  // (workspace-server/internal/handlers/activity.go LogActivity /
-  // LogActivityTx — those are the only emitters):
-  //
-  //   - `memory_write_global`  — `POST /workspaces/:id/memories` for GLOBAL scope
-  //   - `memory_edit_global`   — `PATCH /workspaces/:id/memories/:id` for GLOBAL scope
-  //   - `memory_delete_global` — `DELETE /workspaces/:id/memories/:id` for GLOBAL scope
-  //   - `agent_log`            — generic catch-all an agent emits via
-  //                              `POST /workspaces/:id/activity`
-  //
-  // The MCP-tool path (`commit_memory`, `commit_memory_v2`,
-  // `commit_summary`) does NOT broadcast on the wire today; it inserts
-  // into agent_memories (pre-A1) or calls the v2 plugin (post-A1) and
-  // never round-trips through LogActivity. Server-side follow-up is
-  // tracked in **#1754** — once the MCP handlers emit `memory_write`
-  // via LogActivity, the `agent_log` arm of the filter below can be
-  // dropped. `memory_write` is included pre-emptively so this code
-  // lights up the moment #1754 lands. Until then, `agent_log` catches
-  // MCP commits over-inclusively; the 300ms debounce bounds the
-  // refetch rate. Issue #1734 review finding.
-  //
-  // The 300ms debounce coalesces bursts so a chatty agent (e.g. an
-  // agent in a long task emitting agent_log every few hundred ms)
-  // doesn't hammer /v2/memories on every keystroke-equivalent.
-  const refetchTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
-  useEffect(() => () => {
-    if (refetchTimerRef.current) clearTimeout(refetchTimerRef.current);
-  }, []);
-  useSocketEvent((msg) => {
-    if (msg.event !== 'ACTIVITY_LOGGED') return;
-    if (msg.workspace_id !== workspaceId) return;
-    const p = (msg.payload || {}) as Record<string, unknown>;
-    const activityType = (p.activity_type as string) || '';
-    switch (activityType) {
-      case 'memory_write':
-      case 'memory_write_global':
-      case 'memory_edit_global':
-      case 'memory_delete_global':
-      case 'agent_log':
-        break;
-      default:
-        return;
-    }
-    if (refetchTimerRef.current) clearTimeout(refetchTimerRef.current);
-    refetchTimerRef.current = setTimeout(() => {
-      loadEntries();
-    }, 300);
-  });
-
  // ── Delete handlers ─────────────────────────────────────────────────────────

  const confirmDelete = useCallback(async () => {
@@ -16,7 +16,7 @@
 *   - handleDeployed fires after 500ms delay
 *
 * Uses vi.hoisted + vi.mock to fully isolate the api module, matching
- * the pattern established in ApprovalBanner and ScheduleTab tests.
+ * the pattern established in ApprovalBanner, MemoryTab, and ScheduleTab tests.
 */
 import React from "react";
 import { render, screen, fireEvent, cleanup, act } from "@testing-library/react";
@@ -0,0 +1,93 @@
+// @vitest-environment jsdom
+/**
+ * Unit tests for pure helpers from MemoryInspectorPanel:
+ *   isPluginUnavailableError, formatRelativeTime, formatTTL
+ *
+ * These are the three exported non-component functions. The component
+ * itself (MemoryInspectorPanel) requires full API + store mocking and
+ * is exercised by the existing MemoryTab.test.tsx.
+ */
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { isPluginUnavailableError, formatTTL } from "../MemoryInspectorPanel";
+
+// formatRelativeTime is not exported — tested via the component in MemoryTab.test.tsx
+
+describe("isPluginUnavailableError", () => {
+  it("returns true when Error message contains MEMORY_PLUGIN_URL", () => {
+    const err = new Error("memory: could not resolve MEMORY_PLUGIN_URL — plugin not configured");
+    expect(isPluginUnavailableError(err)).toBe(true);
+  });
+
+  it("returns true for Error containing MEMORY_PLUGIN_URL", () => {
+    expect(isPluginUnavailableError(new Error("MEMORY_PLUGIN_URL is not set"))).toBe(true);
+  });
+
+  it("returns false for unrelated error messages", () => {
+    expect(isPluginUnavailableError(new Error("workspace not found"))).toBe(false);
+  });
+
+  it("returns false for null", () => {
+    expect(isPluginUnavailableError(null)).toBe(false);
+  });
+
+  it("returns false for undefined", () => {
+    expect(isPluginUnavailableError(undefined)).toBe(false);
+  });
+
+  it("returns false for plain objects without message", () => {
+    expect(isPluginUnavailableError({ code: 503 })).toBe(false);
+  });
+
+  it("is case-sensitive (MEMORY_PLUGIN_URL must match exactly)", () => {
+    const lowerErr = new Error("memory_plugin_url missing");
+    const upperErr = new Error("MEMORY_PLUGIN_URL missing");
+    expect(isPluginUnavailableError(lowerErr)).toBe(false);
+    expect(isPluginUnavailableError(upperErr)).toBe(true);
+  });
+});
+
+describe("formatTTL", () => {
+  beforeEach(() => { vi.useFakeTimers(); });
+  afterEach(() => { vi.useRealTimers(); });
+
+  it("returns '' for null", () => {
+    expect(formatTTL(null)).toBe("");
+  });
+
+  it("returns '' for undefined", () => {
+    expect(formatTTL(undefined)).toBe("");
+  });
+
+  it('returns "expired" when expiresAt is in the past', () => {
+    const past = new Date(Date.now() - 60_000).toISOString();
+    expect(formatTTL(past)).toBe("expired");
+  });
+
+  it('returns "Xs" for less than a minute', () => {
+    const soon = new Date(Date.now() + 30_000).toISOString();
+    expect(formatTTL(soon)).toBe("30s");
+  });
+
+  it('returns "Xm" for less than an hour', () => {
+    const soon = new Date(Date.now() + 5 * 60_000).toISOString();
+    expect(formatTTL(soon)).toBe("5m");
+  });
+
+  it('returns "Xh" for less than a day', () => {
+    const soon = new Date(Date.now() + 3 * 3_600_000).toISOString();
+    expect(formatTTL(soon)).toBe("3h");
+  });
+
+  it('returns "Xd" for more than a day', () => {
+    const soon = new Date(Date.now() + 2 * 86_400_000).toISOString();
+    expect(formatTTL(soon)).toBe("2d");
+  });
+
+  it("returns '' for invalid date string", () => {
+    expect(formatTTL("not-a-date")).toBe("");
+  });
+
+  it("returns '' for empty string", () => {
+    expect(formatTTL("")).toBe("");
+  });
+});
@@ -31,17 +31,6 @@ vi.mock('@/lib/api', () => ({
  },
 }));

-// Capture the socket-event handler the panel registers so individual
-// tests can replay an ACTIVITY_LOGGED message without spinning up a
-// real WebSocket. One handler at a time is fine — the panel mounts
-// exactly one useSocketEvent subscriber.
-let __socketHandler: ((msg: unknown) => void) | null = null;
-vi.mock('@/hooks/useSocketEvent', () => ({
-  useSocketEvent: (handler: (msg: unknown) => void) => {
-    __socketHandler = handler;
-  },
-}));
-
 vi.mock('@/components/ConfirmDialog', () => ({
  ConfirmDialog: ({
    open,
@@ -527,156 +516,3 @@ describe('MemoryInspectorPanel — refresh', () => {
    });
  });
 });
-
-// Live-refresh subscription wired in #1734 so the panel reacts to
-// ACTIVITY_LOGGED events for memory writes on this workspace without
-// the user clicking Refresh. The hook is mocked at the top of the
-// file to capture the registered handler in __socketHandler.
-describe('MemoryInspectorPanel — live refresh on activity', () => {
-  it('refetches memories when ACTIVITY_LOGGED arrives with activity_type=memory_write for the same workspace', async () => {
-    vi.useFakeTimers({ shouldAdvanceTime: true });
-    stubFetch([MEM_BASIC]);
-    render(<MemoryInspectorPanel workspaceId="ws-1" />);
-    await waitFor(() => screen.getByLabelText('Refresh memories'));
-    expect(__socketHandler).toBeTruthy();
-
-    const before = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-
-    __socketHandler!({
-      event: 'ACTIVITY_LOGGED',
-      workspace_id: 'ws-1',
-      payload: { activity_type: 'memory_write' },
-    });
-
-    // 300ms debounce inside the panel — advance the fake timer so the
-    // queued refetch fires.
-    await vi.advanceTimersByTimeAsync(350);
-
-    await waitFor(() => {
-      const after = mockGet.mock.calls.filter((c) =>
-        (c[0] as string).includes('/v2/memories'),
-      ).length;
-      expect(after).toBe(before + 1);
-    });
-    vi.useRealTimers();
-  });
-
-  it('ignores ACTIVITY_LOGGED events from other workspaces', async () => {
-    vi.useFakeTimers({ shouldAdvanceTime: true });
-    stubFetch([MEM_BASIC]);
-    render(<MemoryInspectorPanel workspaceId="ws-1" />);
-    await waitFor(() => screen.getByLabelText('Refresh memories'));
-
-    const before = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-
-    __socketHandler!({
-      event: 'ACTIVITY_LOGGED',
-      workspace_id: 'ws-OTHER',
-      payload: { activity_type: 'memory_write' },
-    });
-
-    await vi.advanceTimersByTimeAsync(500);
-
-    const after = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-    expect(after).toBe(before);
-    vi.useRealTimers();
-  });
-
-  it('ignores activity types that are not memory-related', async () => {
-    vi.useFakeTimers({ shouldAdvanceTime: true });
-    stubFetch([MEM_BASIC]);
-    render(<MemoryInspectorPanel workspaceId="ws-1" />);
-    await waitFor(() => screen.getByLabelText('Refresh memories'));
-
-    const before = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-
-    __socketHandler!({
-      event: 'ACTIVITY_LOGGED',
-      workspace_id: 'ws-1',
-      payload: { activity_type: 'a2a_send' },
-    });
-
-    await vi.advanceTimersByTimeAsync(500);
-
-    const after = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-    expect(after).toBe(before);
-    vi.useRealTimers();
-  });
-
-  // Server-side emitters confirmed via grep of workspace-server/internal/handlers
-  // are `memory_write_global`, `memory_edit_global`, `memory_delete_global`
-  // (memories.go `LogActivity` calls for GLOBAL-scope writes). Pin each
-  // so a future filter narrow-down can't silently drop one and let the
-  // panel go stale on its actual production trigger.
-  it.each([
-    'memory_write',          // pre-emptive: not yet emitted by server, see component comment
-    'memory_write_global',   // memories.go:218 (Commit)
-    'memory_edit_global',    // memories.go:617 (Update)
-    'memory_delete_global',  // memories.go (Delete) — paired with the above two
-    'agent_log',             // generic catch-all
-  ])('refetches on activity_type=%s', async (activityType) => {
-    vi.useFakeTimers({ shouldAdvanceTime: true });
-    stubFetch([MEM_BASIC]);
-    render(<MemoryInspectorPanel workspaceId="ws-1" />);
-    await waitFor(() => screen.getByLabelText('Refresh memories'));
-
-    const before = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-
-    __socketHandler!({
-      event: 'ACTIVITY_LOGGED',
-      workspace_id: 'ws-1',
-      payload: { activity_type: activityType },
-    });
-
-    await vi.advanceTimersByTimeAsync(350);
-
-    await waitFor(() => {
-      const after = mockGet.mock.calls.filter((c) =>
-        (c[0] as string).includes('/v2/memories'),
-      ).length;
-      expect(after).toBe(before + 1);
-    });
-    vi.useRealTimers();
-  });
-
-  it('coalesces a burst of memory_write events into one refetch', async () => {
-    vi.useFakeTimers({ shouldAdvanceTime: true });
-    stubFetch([MEM_BASIC]);
-    render(<MemoryInspectorPanel workspaceId="ws-1" />);
-    await waitFor(() => screen.getByLabelText('Refresh memories'));
-
-    const before = mockGet.mock.calls.filter((c) =>
-      (c[0] as string).includes('/v2/memories'),
-    ).length;
-
-    for (let i = 0; i < 5; i++) {
-      __socketHandler!({
-        event: 'ACTIVITY_LOGGED',
-        workspace_id: 'ws-1',
-        payload: { activity_type: 'memory_write' },
-      });
-    }
-
-    await vi.advanceTimersByTimeAsync(350);
-
-    await waitFor(() => {
-      const after = mockGet.mock.calls.filter((c) =>
-        (c[0] as string).includes('/v2/memories'),
-      ).length;
-      expect(after).toBe(before + 1);
-    });
-    vi.useRealTimers();
-  });
-});
@@ -369,7 +369,7 @@ export function ChannelsTab({ workspaceId }: Props) {
            onClick={handleCreate}
            // Was bg-accent-strong hover:bg-accent — accent is the
            // LIGHTER variant; same AA contrast trap fixed in
-            // ScheduleTab/OnboardingWizard.
+            // ScheduleTab/MemoryTab/OnboardingWizard.
            className="w-full text-xs py-1.5 rounded bg-accent hover:bg-accent-strong text-white transition focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-2 focus-visible:ring-offset-surface"
          >
            Connect Channel
@@ -2,7 +2,6 @@

 import { useEffect, useRef, useState } from "react";
 import { api } from "@/lib/api";
-import type RFB from "@novnc/novnc";

 interface DisplayStatus {
  available: boolean;
@@ -12,13 +11,13 @@ interface DisplayStatus {
  protocol?: string;
  width?: number;
  height?: number;
+  viewer_url?: string;
 }

 interface DisplayControlStatus {
  controller: "none" | "user" | "agent";
  controlled_by?: string;
  expires_at?: string;
-  session_url?: string;
 }

 interface Props {
@@ -31,7 +30,6 @@ export function DisplayTab({ workspaceId }: Props) {
  const [error, setError] = useState<string | null>(null);
  const [controlError, setControlError] = useState<string | null>(null);
  const [controlBusy, setControlBusy] = useState(false);
-  const [sessionUrl, setSessionUrl] = useState<string | null>(null);
  const requestGeneration = useRef(0);

  useEffect(() => {
@@ -40,7 +38,6 @@ export function DisplayTab({ workspaceId }: Props) {
    let cancelled = false;
    setStatus(null);
    setControl(null);
-    setSessionUrl(null);
    setError(null);
    setControlError(null);
    setControlBusy(false);
@@ -81,7 +78,6 @@ export function DisplayTab({ workspaceId }: Props) {
      });
      if (requestGeneration.current !== generation) return;
      setControl(next);
-      setSessionUrl(next.session_url || null);
    } catch (err) {
      if (requestGeneration.current !== generation) return;
      setControlError("Failed to take control");
@@ -107,7 +103,6 @@ export function DisplayTab({ workspaceId }: Props) {
      const next = await api.post<DisplayControlStatus>(`${controlPath}/release`, {});
      if (requestGeneration.current !== generation) return;
      setControl(next);
-      setSessionUrl(null);
    } catch (err) {
      if (requestGeneration.current !== generation) return;
      setControlError("Failed to release control");
@@ -229,19 +224,24 @@ export function DisplayTab({ workspaceId }: Props) {
          control={control}
          controlBusy={controlBusy}
          controlError={controlError}
-          hasSession={!!sessionUrl}
          onAcquire={acquireControl}
          onRelease={releaseControl}
        />
      </div>
-      {sessionUrl ? (
-        <DesktopStream sessionUrl={sessionUrl} />
+      {status.viewer_url ? (
+        <iframe
+          title="Workspace desktop"
+          src={status.viewer_url}
+          className="min-h-0 flex-1 border-0 bg-black"
+          allow="clipboard-read; clipboard-write; fullscreen; pointer-lock"
+          referrerPolicy="no-referrer"
+        />
      ) : (
        <div className="flex flex-1 items-center justify-center p-8 text-center">
          <div>
-            <h3 className="mb-1.5 text-sm font-medium text-ink">Take control to open the desktop.</h3>
+            <h3 className="mb-1.5 text-sm font-medium text-ink">Display session is not ready.</h3>
            <p className="max-w-xs text-[11px] leading-relaxed text-ink-mid">
-              The display service is ready. Control access opens a short-lived desktop stream.
+              This workspace has display configuration, but the desktop session URL is not available yet.
            </p>
          </div>
        </div>
@@ -254,14 +254,12 @@ function DisplayControlBar({
  control,
  controlBusy,
  controlError,
-  hasSession,
  onAcquire,
  onRelease,
 }: {
  control: DisplayControlStatus | null;
  controlBusy: boolean;
  controlError: string | null;
-  hasSession: boolean;
  onAcquire: () => void;
  onRelease: () => void;
 }) {
@@ -282,8 +280,7 @@ function DisplayControlBar({
          {controlError && <p className="mt-0.5 text-[10px] text-red-200">{controlError}</p>}
        </div>
      )}
-      {(control?.controller === "none" ||
-        (control?.controller === "user" && control.controlled_by === "admin-token" && !hasSession)) && (
+      {control?.controller === "none" && (
        <button
          type="button"
          onClick={onAcquire}
@@ -307,63 +304,6 @@ function DisplayControlBar({
  );
 }

-function DesktopStream({ sessionUrl }: { sessionUrl: string }) {
-  const containerRef = useRef<HTMLDivElement | null>(null);
-  const [streamError, setStreamError] = useState<string | null>(null);
-
-  useEffect(() => {
-    let cancelled = false;
-    let rfb: RFB | null = null;
-
-    async function connect() {
-      setStreamError(null);
-      try {
-        const mod = await import("@novnc/novnc");
-        if (cancelled || !containerRef.current) return;
-        const stream = displayWebSocketConnection(sessionUrl);
-        rfb = new mod.default(containerRef.current, stream.url, {
-          wsProtocols: ["binary", `molecule-display-token.${stream.token}`],
-        });
-        rfb.scaleViewport = true;
-        rfb.resizeSession = true;
-        rfb.focusOnClick = true;
-        rfb.addEventListener("disconnect", (event: Event) => {
-          const detail = (event as CustomEvent<{ clean?: boolean }>).detail;
-          if (!cancelled && !detail?.clean) setStreamError("Desktop stream disconnected.");
-        });
-      } catch {
-        if (!cancelled) setStreamError("Desktop stream could not be opened.");
-      }
-    }
-
-    connect();
-    return () => {
-      cancelled = true;
-      rfb?.disconnect();
-    };
-  }, [sessionUrl]);
-
-  return (
-    <div className="relative min-h-0 flex-1 bg-black">
-      <div ref={containerRef} title="Workspace desktop" className="h-full w-full overflow-hidden bg-black" />
-      {streamError && (
-        <div className="absolute inset-x-4 top-4 rounded border border-red-500/30 bg-red-950/80 px-3 py-2 text-[11px] text-red-100">
-          {streamError}
-        </div>
-      )}
-    </div>
-  );
-}
-
-function displayWebSocketConnection(sessionUrl: string): { url: string; token: string } {
-  const url = new URL(sessionUrl, window.location.href);
-  const token = new URLSearchParams(url.hash.replace(/^#/, "")).get("token") ?? "";
-  if (!token) throw new Error("display session token missing");
-  url.hash = "";
-  url.protocol = window.location.protocol === "https:" ? "wss:" : "ws:";
-  return { url: url.toString(), token };
-}
-
 function displayControlActorLabel(control: DisplayControlStatus): string {
  if (control.controller === "agent") return "Agent";
  if (control.controlled_by === "admin-token") return "Admin";
@@ -0,0 +1,471 @@
+"use client";
+
+import { useCallback, useEffect, useMemo, useState } from "react";
+import { api } from "@/lib/api";
+
+interface Props {
+  workspaceId: string;
+}
+
+interface MemoryEntry {
+  key: string;
+  value: unknown;
+  version?: number;
+  expires_at: string | null;
+  updated_at: string;
+}
+
+const AWARENESS_BASE_URL =
+  process.env.NEXT_PUBLIC_AWARENESS_URL || "http://localhost:37800";
+
+export function MemoryTab({ workspaceId }: Props) {
+  const [entries, setEntries] = useState<MemoryEntry[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [showAwareness, setShowAwareness] = useState(true);
+  const [showAdvanced, setShowAdvanced] = useState(false);
+  const [expanded, setExpanded] = useState<string | null>(null);
+  const [showAdd, setShowAdd] = useState(false);
+  const [newKey, setNewKey] = useState("");
+  const [newValue, setNewValue] = useState("");
+  const [newTTL, setNewTTL] = useState("");
+  const [error, setError] = useState<string | null>(null);
+  const [editingKey, setEditingKey] = useState<string | null>(null);
+  const [editValue, setEditValue] = useState("");
+  const [editTTL, setEditTTL] = useState("");
+  const [editError, setEditError] = useState<string | null>(null);
+
+  const awarenessUrl = useMemo(() => {
+    try {
+      const url = new URL(AWARENESS_BASE_URL);
+      url.searchParams.set("workspaceId", workspaceId);
+      return url.toString();
+    } catch {
+      return AWARENESS_BASE_URL;
+    }
+  }, [workspaceId]);
+
+  const awarenessStatus = useMemo(() => {
+    try {
+      const url = new URL(AWARENESS_BASE_URL);
+      return url.origin.includes("localhost") ? "local" : url.hostname;
+    } catch {
+      return "unavailable";
+    }
+  }, []);
+
+  const loadMemory = useCallback(async () => {
+    setLoading(true);
+    setError(null);
+    try {
+      const data = await api.get<MemoryEntry[]>(`/workspaces/${workspaceId}/memory`);
+      setEntries(data);
+    } catch (e) {
+      setEntries([]);
+      setError(e instanceof Error ? e.message : "Failed to load memory");
+    } finally {
+      setLoading(false);
+    }
+  }, [workspaceId]);
+
+  useEffect(() => {
+    loadMemory();
+  }, [loadMemory]);
+
+  const handleAdd = async () => {
+    setError(null);
+    if (!newKey.trim()) {
+      setError("Key is required");
+      return;
+    }
+
+    let parsedValue: unknown;
+    try {
+      parsedValue = JSON.parse(newValue);
+    } catch {
+      parsedValue = newValue;
+    }
+
+    const body: Record<string, unknown> = { key: newKey, value: parsedValue };
+    if (newTTL) {
+      const ttl = parseInt(newTTL);
+      if (!Number.isNaN(ttl) && ttl > 0) body.ttl_seconds = ttl;
+    }
+
+    try {
+      await api.post(`/workspaces/${workspaceId}/memory`, body);
+      setNewKey("");
+      setNewValue("");
+      setNewTTL("");
+      setShowAdd(false);
+      loadMemory();
+    } catch (e) {
+      setError(e instanceof Error ? e.message : "Failed to add");
+    }
+  };
+
+  const handleDelete = async (key: string) => {
+    setError(null);
+    try {
+      await api.del(`/workspaces/${workspaceId}/memory/${encodeURIComponent(key)}`);
+      setEntries((prev) => prev.filter((e) => e.key !== key));
+      if (expanded === key) setExpanded(null);
+    } catch (e) {
+      setError(e instanceof Error ? e.message : "Failed to delete entry");
+    }
+  };
+
+  const beginEdit = (entry: MemoryEntry) => {
+    setEditError(null);
+    setEditingKey(entry.key);
+    // Stringify objects/arrays as pretty JSON; render plain strings raw so the
+    // editor doesn't surprise users with surrounding quotes.
+    setEditValue(
+      typeof entry.value === "string"
+        ? entry.value
+        : JSON.stringify(entry.value, null, 2),
+    );
+    if (entry.expires_at) {
+      const remainingMs = new Date(entry.expires_at).getTime() - Date.now();
+      const ttl = Math.max(0, Math.floor(remainingMs / 1000));
+      setEditTTL(ttl > 0 ? String(ttl) : "");
+    } else {
+      setEditTTL("");
+    }
+  };
+
+  const cancelEdit = () => {
+    setEditingKey(null);
+    setEditValue("");
+    setEditTTL("");
+    setEditError(null);
+  };
+
+  const handleEditSave = async (entry: MemoryEntry) => {
+    setEditError(null);
+
+    let parsedValue: unknown;
+    try {
+      parsedValue = JSON.parse(editValue);
+    } catch {
+      parsedValue = editValue;
+    }
+
+    // if_match_version closes the silent-overwrite hole when two writers
+    // race. The handler returns 409 with the current version on mismatch
+    // — surface that as a retry hint and reload to pick up the new state.
+    const body: Record<string, unknown> = { key: entry.key, value: parsedValue };
+    if (typeof entry.version === "number") {
+      body.if_match_version = entry.version;
+    }
+    if (editTTL) {
+      const ttl = parseInt(editTTL);
+      if (!Number.isNaN(ttl) && ttl > 0) body.ttl_seconds = ttl;
+    }
+
+    try {
+      await api.post(`/workspaces/${workspaceId}/memory`, body);
+      cancelEdit();
+      loadMemory();
+    } catch (e) {
+      const message = e instanceof Error ? e.message : "Failed to save";
+      if (message.includes("409") || /if_match_version mismatch/i.test(message)) {
+        setEditError("This entry changed since you opened it. Reloading.");
+        loadMemory();
+      } else {
+        setEditError(message);
+      }
+    }
+  };
+
+  const openAwareness = () => {
+    window.open(awarenessUrl, "_blank", "noopener,noreferrer");
+  };
+
+  if (loading) {
+    return <div className="p-4 text-xs text-ink-mid">Loading memory...</div>;
+  }
+
+  return (
+    <div className="p-4 space-y-4">
+      {error && !showAdd && (
+        <div role="alert" className="px-3 py-1.5 bg-red-900/30 border border-red-800 rounded text-xs text-bad">
+          {error}
+        </div>
+      )}
+
+      <section className="space-y-3">
+        <div className="flex items-center justify-between gap-3">
+          <div>
+            <div className="text-xs font-medium text-ink">Awareness dashboard</div>
+            <p className="text-[10px] text-ink-mid">
+              Embedded view for the local Awareness memory UI. The current workspace id is appended to the URL for workspace-scoped routing or future filtering.
+            </p>
+          </div>
+          <div className="flex items-center gap-2">
+            <button
+              type="button"
+              onClick={() => setShowAwareness((prev) => !prev)}
+              className="shrink-0 px-2 py-1 bg-surface-card hover:bg-surface-elevated text-[10px] rounded text-ink focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              {showAwareness ? "Collapse" : "Expand"}
+            </button>
+            <button
+              type="button"
+              onClick={openAwareness}
+              className="shrink-0 px-2 py-1 bg-surface-card hover:bg-surface-elevated text-[10px] rounded text-ink focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              Open
+            </button>
+          </div>
+        </div>
+
+        {showAwareness ? (
+          AWARENESS_BASE_URL ? (
+            <div className="overflow-hidden rounded-xl border border-line bg-surface-sunken/70 shadow-[0_0_0_1px_rgba(255,255,255,0.02)]">
+              <iframe
+                title="Awareness dashboard"
+                src={awarenessUrl}
+                className="h-[520px] w-full border-0"
+                loading="lazy"
+              />
+            </div>
+          ) : (
+            <div className="rounded-xl border border-dashed border-line bg-surface-sunken/40 p-4 text-xs text-ink-mid">
+              Set <code className="font-mono text-ink-mid">NEXT_PUBLIC_AWARENESS_URL</code> to embed the Awareness dashboard here.
+            </div>
+          )
+        ) : (
+          <div className="rounded-xl border border-line bg-surface-sunken/50 px-4 py-3 flex items-center justify-between gap-3">
+            <div className="min-w-0">
+              <p className="text-xs text-ink">Awareness dashboard is collapsed</p>
+              <p className="text-[10px] text-ink-mid truncate">
+                Workspace context stays linked through <span className="font-mono text-ink-mid">{workspaceId}</span>.
+              </p>
+            </div>
+            <button
+              type="button"
+              onClick={() => setShowAwareness(true)}
+              className="shrink-0 px-2 py-1 bg-accent hover:bg-accent-strong text-[10px] rounded text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              Expand
+            </button>
+          </div>
+        )}
+
+        <div className="grid gap-2 rounded-xl border border-line bg-surface/40 px-3 py-2 text-[10px] text-ink-mid sm:grid-cols-3">
+          <div className="flex items-center justify-between gap-2">
+            <span className="uppercase tracking-[0.18em] text-ink-mid">Status</span>
+            <span className="font-medium text-good">Connected</span>
+          </div>
+          <div className="flex items-center justify-between gap-2">
+            <span className="uppercase tracking-[0.18em] text-ink-mid">Mode</span>
+            <span className="font-medium text-ink">{awarenessStatus}</span>
+          </div>
+          <div className="flex items-center justify-between gap-2 min-w-0">
+            <span className="uppercase tracking-[0.18em] text-ink-mid">Workspace</span>
+            <span className="font-mono text-ink-mid truncate">{workspaceId}</span>
+          </div>
+        </div>
+      </section>
+
+      <section className="space-y-3 border-t border-line/60 pt-4">
+        <div className="flex items-center justify-between">
+          <div>
+            <div className="text-xs font-medium text-ink">Workspace KV memory</div>
+            <p className="text-[10px] text-ink-mid">
+              Native platform key-value memory for workspace <span className="font-mono text-ink-mid">{workspaceId}</span>.
+            </p>
+          </div>
+          <div className="flex gap-2">
+            <button
+              type="button"
+              onClick={() => setShowAdvanced((prev) => !prev)}
+              className="px-2 py-1 bg-surface-card hover:bg-surface-elevated text-[10px] rounded text-ink-mid focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              {showAdvanced ? "Hide Advanced" : "Advanced"}
+            </button>
+            <button
+              type="button"
+              onClick={loadMemory}
+              className="px-2 py-1 bg-surface-card hover:bg-surface-elevated text-[10px] rounded text-ink-mid focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              Refresh
+            </button>
+            <button
+              type="button"
+              onClick={() => { setShowAdd(!showAdd); if (!showAdd) setShowAdvanced(true); }}
+              className="px-2 py-1 bg-accent hover:bg-accent-strong text-[10px] rounded text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              + Add
+            </button>
+          </div>
+        </div>
+
+        {showAdvanced && showAdd && (
+          <div className="bg-surface-card rounded p-3 space-y-2 border border-line">
+            <input
+              value={newKey}
+              onChange={(e) => setNewKey(e.target.value)}
+              placeholder="Key"
+              aria-label="Memory key"
+              className="w-full bg-surface-sunken border border-line rounded px-2 py-1 text-xs text-ink focus:outline-none focus:border-accent"
+            />
+            <textarea
+              value={newValue}
+              onChange={(e) => setNewValue(e.target.value)}
+              placeholder='Value (JSON or plain text)'
+              rows={3}
+              aria-label="Memory value (JSON or plain text)"
+              className="w-full bg-surface-sunken border border-line rounded px-2 py-1 text-xs font-mono text-ink focus:outline-none focus:border-accent resize-none"
+            />
+            <input
+              value={newTTL}
+              onChange={(e) => setNewTTL(e.target.value)}
+              placeholder="TTL in seconds (optional)"
+              aria-label="TTL in seconds (optional)"
+              className="w-full bg-surface-sunken border border-line rounded px-2 py-1 text-xs text-ink focus:outline-none focus:border-accent"
+            />
+            {error && <div role="alert" className="text-xs text-bad">{error}</div>}
+            <div className="flex gap-2">
+              <button
+                type="button"
+                onClick={handleAdd}
+                className="px-3 py-1 bg-accent hover:bg-accent-strong text-xs rounded text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+              >
+                Save
+              </button>
+              <button
+                type="button"
+                onClick={() => {
+                  setShowAdd(false);
+                  setError(null);
+                }}
+                className="px-3 py-1 bg-surface-card hover:bg-surface-elevated text-xs rounded text-ink-mid focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+              >
+                Cancel
+              </button>
+            </div>
+          </div>
+        )}
+
+        {showAdvanced ? (
+          entries.length === 0 ? (
+            <p className="text-xs text-ink-mid text-center py-4">No memory entries</p>
+          ) : (
+            <div className="space-y-1">
+              {entries.map((entry) => (
+                <div key={entry.key} className="bg-surface-card rounded border border-line">
+                  <button
+                    type="button"
+                    onClick={() => setExpanded(expanded === entry.key ? null : entry.key)}
+                    className="w-full flex items-center justify-between px-3 py-2 text-left focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+                    aria-expanded={expanded === entry.key}
+                  >
+                    <span className="text-xs font-mono text-accent">{entry.key}</span>
+                    <div className="flex items-center gap-2">
+                      {entry.expires_at && (
+                        <span className="text-[9px] text-ink-mid">
+                          TTL {new Date(entry.expires_at).toLocaleString()}
+                        </span>
+                      )}
+                      <span className="text-[10px] text-ink-mid">
+                        {expanded === entry.key ? "▼" : "▶"}
+                      </span>
+                    </div>
+                  </button>
+
+                  {expanded === entry.key && (
+                    <div className="px-3 pb-2 space-y-2">
+                      {editingKey === entry.key ? (
+                        <div className="space-y-2">
+                          <textarea
+                            value={editValue}
+                            onChange={(e) => setEditValue(e.target.value)}
+                            rows={4}
+                            aria-label={`Edit value for ${entry.key}`}
+                            className="w-full bg-surface-sunken border border-line rounded px-2 py-1 text-xs font-mono text-ink focus:outline-none focus:border-accent resize-none"
+                          />
+                          <input
+                            value={editTTL}
+                            onChange={(e) => setEditTTL(e.target.value)}
+                            placeholder="TTL in seconds (blank = no expiry)"
+                            aria-label={`Edit TTL for ${entry.key}`}
+                            className="w-full bg-surface-sunken border border-line rounded px-2 py-1 text-xs text-ink focus:outline-none focus:border-accent"
+                          />
+                          {editError && (
+                            <div role="alert" className="text-[10px] text-bad">
+                              {editError}
+                            </div>
+                          )}
+                          <div className="flex gap-2">
+                            <button
+                              type="button"
+                              onClick={() => handleEditSave(entry)}
+                              className="px-3 py-1 bg-accent hover:bg-accent-strong text-xs rounded text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+                            >
+                              Save
+                            </button>
+                            <button
+                              type="button"
+                              onClick={cancelEdit}
+                              className="px-3 py-1 bg-surface-card hover:bg-surface-elevated text-xs rounded text-ink-mid focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+                            >
+                              Cancel
+                            </button>
+                          </div>
+                        </div>
+                      ) : (
+                        <pre className="text-[10px] text-ink-mid bg-surface-sunken rounded p-2 overflow-x-auto max-h-40">
+                          {JSON.stringify(entry.value, null, 2)}
+                        </pre>
+                      )}
+                      <div className="flex items-center justify-between">
+                        <span className="text-[9px] text-ink-mid">
+                          Updated: {new Date(entry.updated_at).toLocaleString()}
+                        </span>
+                        <div className="flex items-center gap-2">
+                          {editingKey !== entry.key && (
+                            <button
+                              type="button"
+                              onClick={() => beginEdit(entry)}
+                              className="text-[10px] text-ink-mid hover:bg-surface-elevated rounded px-1 transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+                            >
+                              Edit
+                            </button>
+                          )}
+                          <button
+                            type="button"
+                            onClick={() => handleDelete(entry.key)}
+                            className="text-[10px] text-bad hover:bg-red-950/40 rounded px-1 transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-red-500 focus-visible:ring-offset-1"
+                          >
+                            Delete
+                          </button>
+                        </div>
+                      </div>
+                    </div>
+                  )}
+                </div>
+              ))}
+            </div>
+          )
+        ) : (
+          <div className="rounded-xl border border-line bg-surface/30 px-4 py-3 flex items-center justify-between gap-3">
+            <div className="min-w-0">
+              <p className="text-xs text-ink">Advanced workspace memory is hidden</p>
+              <p className="text-[10px] text-ink-mid truncate">
+                KV entries remain available if you need the raw platform store.
+              </p>
+            </div>
+            <button
+              type="button"
+              onClick={() => setShowAdvanced(true)}
+              className="shrink-0 px-2 py-1 bg-accent hover:bg-accent-strong text-[10px] rounded text-white focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-accent focus-visible:ring-offset-1"
+            >
+              Show
+            </button>
+          </div>
+        )}
+      </section>
+    </div>
+  );
+}
@@ -2,11 +2,7 @@
 import { describe, it, expect, vi, beforeEach } from "vitest";
 import { cleanup, fireEvent, render, screen, waitFor } from "@testing-library/react";

-const { mockGet, mockPost, mockRFBConstructor } = vi.hoisted(() => ({
-  mockGet: vi.fn(),
-  mockPost: vi.fn(),
-  mockRFBConstructor: vi.fn(),
-}));
+const { mockGet, mockPost } = vi.hoisted(() => ({ mockGet: vi.fn(), mockPost: vi.fn() }));

 vi.mock("@/lib/api", () => ({
  api: {
@@ -15,25 +11,6 @@ vi.mock("@/lib/api", () => ({
  },
 }));

-vi.mock("@novnc/novnc", () => ({
-  default: class MockRFB extends EventTarget {
-    scaleViewport = false;
-    resizeSession = false;
-    focusOnClick = false;
-    target: HTMLElement;
-    url: string;
-    options?: { wsProtocols?: string[] };
-    constructor(target: HTMLElement, url: string, options?: { wsProtocols?: string[] }) {
-      super();
-      this.target = target;
-      this.url = url;
-      this.options = options;
-      mockRFBConstructor(target, url, options);
-    }
-    disconnect() {}
-  },
-}));
-
 import { DisplayTab } from "../DisplayTab";

 describe("DisplayTab", () => {
@@ -41,7 +18,6 @@ describe("DisplayTab", () => {
    cleanup();
    mockGet.mockReset();
    mockPost.mockReset();
-    mockRFBConstructor.mockReset();
  });

  it("renders unavailable state for non-display workspaces", async () => {
@@ -95,14 +71,15 @@ describe("DisplayTab", () => {
    });
  });

-  it("waits for takeover before opening a ready display stream", async () => {
+  it("renders the desktop stream when a display session is available", async () => {
    mockGet
      .mockResolvedValueOnce({
        available: true,
        mode: "desktop-control",
-        protocol: "novnc",
+        protocol: "dcv",
        width: 1920,
        height: 1080,
+        viewer_url: "https://display.example.test/session/ws-display",
      })
      .mockResolvedValueOnce({
        controller: "none",
@@ -110,51 +87,12 @@ describe("DisplayTab", () => {

    render(<DisplayTab workspaceId="ws-display" />);

-    await waitFor(() => {
-      expect(screen.getByText("Take control to open the desktop.")).toBeTruthy();
-    });
-    expect(screen.getByRole("button", { name: "Take control" })).toBeTruthy();
-  });
-
-  it("opens the trusted noVNC client after takeover returns a stream URL", async () => {
-    mockGet
-      .mockResolvedValueOnce({
-        available: true,
-        mode: "desktop-control",
-        protocol: "novnc",
-        width: 1920,
-        height: 1080,
-      })
-      .mockResolvedValueOnce({
-        controller: "none",
-      });
-    mockPost.mockResolvedValueOnce({
-      controller: "user",
-      controlled_by: "admin-token",
-      expires_at: "2026-05-23T08:48:27Z",
-      session_url: "/workspaces/ws-display/display/session/websockify#token=signed",
-    });
-
-    render(<DisplayTab workspaceId="ws-display" />);
-
-    await waitFor(() => {
-      expect(screen.getByRole("button", { name: "Take control" })).toBeTruthy();
-    });
-    fireEvent.click(screen.getByRole("button", { name: "Take control" }));
-
    await waitFor(() => {
      expect(screen.getByTitle("Workspace desktop")).toBeTruthy();
    });
-    expect(mockPost).toHaveBeenCalledWith("/workspaces/ws-display/display/control/acquire", {
-      controller: "user",
-      ttl_seconds: 300,
-    });
-    expect(mockRFBConstructor).toHaveBeenCalledWith(
-      expect.any(HTMLElement),
-      expect.stringContaining("/workspaces/ws-display/display/session/websockify"),
-      { wsProtocols: ["binary", "molecule-display-token.signed"] },
-    );
-    expect(mockRFBConstructor.mock.calls[0][1]).not.toContain("token=");
+    const frame = screen.getByTitle("Workspace desktop") as HTMLIFrameElement;
+    expect(frame.src).toBe("https://display.example.test/session/ws-display");
+    expect(screen.getByRole("button", { name: "Take control" })).toBeTruthy();
  });

  it("releases user display control", async () => {
@@ -162,7 +100,8 @@ describe("DisplayTab", () => {
      .mockResolvedValueOnce({
        available: true,
        mode: "desktop-control",
-        protocol: "novnc",
+        protocol: "dcv",
+        viewer_url: "https://display.example.test/session/ws-display",
      })
      .mockResolvedValueOnce({
        controller: "user",
@@ -0,0 +1,632 @@
+// @vitest-environment jsdom
+/**
+ * Tests for MemoryTab — awareness dashboard + workspace KV memory management.
+ *
+ * Coverage:
+ *   - Loading state
+ *   - Error state when GET /memory fails
+ *   - Empty state (no memory entries)
+ *   - Memory list rendering (single + multiple entries)
+ *   - Expand/collapse memory entries
+ *   - Add memory entry (key + value + TTL)
+ *   - Add validates required key
+ *   - Add parses JSON values
+ *   - Delete memory entry
+ *   - Edit memory entry (inline)
+ *   - Edit 409 conflict shows retry hint
+ *   - Advanced toggle shows/hides KV section
+ *   - Awareness dashboard expand/collapse
+ *   - Awareness URL includes workspaceId
+ *   - Refresh button reloads memory
+ *   - Error clears when appropriate actions are taken
+ */
+import React from "react";
+import { render, screen, fireEvent, cleanup, act, waitFor } from "@testing-library/react";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { MemoryTab } from "../MemoryTab";
+
+const mockGet = vi.hoisted(() => vi.fn<[], Promise<unknown[]>>());
+const mockPost = vi.hoisted(() => vi.fn<[], Promise<unknown>>());
+const mockDel = vi.hoisted(() => vi.fn<[], Promise<unknown>>());
+
+vi.mock("@/lib/api", () => ({
+  api: { get: mockGet, post: mockPost, del: mockDel },
+}));
+
+// ─── Fixtures ─────────────────────────────────────────────────────────────────
+
+const MEMORY_ENTRY = {
+  key: "user_context",
+  value: { name: "Alice", role: "engineer" },
+  version: 3,
+  expires_at: null,
+  updated_at: new Date(Date.now() - 60000).toISOString(),
+};
+
+function entry(overrides: Partial<typeof MEMORY_ENTRY> = {}): typeof MEMORY_ENTRY {
+  return { ...MEMORY_ENTRY, ...overrides };
+}
+
+// ─── Helpers ───────────────────────────────────────────────────────────────────
+
+async function flush() {
+  await act(async () => { await Promise.resolve(); });
+}
+
+function typeIn(el: HTMLElement, value: string) {
+  Object.defineProperty(el, "value", { value, writable: true, configurable: true });
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  fireEvent.change(el as any, { target: el });
+}
+
+// ─── Tests ─────────────────────────────────────────────────────────────────────
+
+describe("MemoryTab", () => {
+  beforeEach(() => {
+    mockGet.mockReset();
+    mockPost.mockReset();
+    mockDel.mockReset();
+    vi.useRealTimers();
+  });
+
+  afterEach(() => {
+    cleanup();
+    vi.useRealTimers();
+  });
+
+  // ── Loading / Error ──────────────────────────────────────────────────────────
+
+  it("shows loading state when memory is being fetched", async () => {
+    mockGet.mockImplementation(() => new Promise(() => {}));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await act(async () => { /* flush initial render */ });
+    expect(screen.getByText("Loading memory...")).toBeTruthy();
+  });
+
+  it("shows error banner when GET /memory rejects", async () => {
+    mockGet.mockRejectedValue(new Error("network failure"));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByText(/network failure/i)).toBeTruthy();
+  });
+
+  it("shows 'Failed to load memory' when GET rejects with non-Error", async () => {
+    mockGet.mockRejectedValue("unknown error");
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByText(/Failed to load memory/i)).toBeTruthy();
+  });
+
+  // ── Awareness Dashboard ─────────────────────────────────────────────────────
+
+  it("shows Awareness dashboard section", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByText("Awareness dashboard")).toBeTruthy();
+  });
+
+  it("renders an iframe with workspaceId in URL", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-xyz" />);
+    await flush();
+    const iframe = screen.getByTitle("Awareness dashboard");
+    expect(iframe.getAttribute("src")).toContain("workspaceId=ws-xyz");
+  });
+
+  it("shows 'Connected' status", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByText("Connected")).toBeTruthy();
+  });
+
+  it("shows workspace ID in the status grid", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-test-id" />);
+    await flush();
+    // workspaceId appears in two places (description + status grid).
+    // Target the font-mono span in the status grid specifically.
+    const spans = Array.from(document.querySelectorAll("span.font-mono"));
+    expect(spans.some(s => s.textContent === "ws-test-id")).toBeTruthy();
+  });
+
+  it("shows 'Collapse' and 'Open' buttons for awareness (starts visible)", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByRole("button", { name: /collapse/i })).toBeTruthy();
+    expect(screen.getByRole("button", { name: /open/i })).toBeTruthy();
+  });
+
+  it("hides awareness iframe when Collapse is clicked", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /collapse/i }));
+    await flush();
+    expect(screen.queryByTitle("Awareness dashboard")).toBeNull();
+    expect(screen.getByText(/awareness dashboard is collapsed/i)).toBeTruthy();
+  });
+
+  it("re-shows awareness iframe when collapsed state Expand is clicked", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    // Start with awareness visible (default) — verify iframe is there
+    expect(screen.getByTitle("Awareness dashboard")).toBeTruthy();
+    // Click Collapse in the awareness header to hide the iframe
+    fireEvent.click(screen.getByRole("button", { name: /collapse/i }));
+    await flush();
+    expect(screen.queryByTitle("Awareness dashboard")).toBeNull();
+    // The collapsed awareness state has a different "Expand" button.
+    // Directly click the button whose text is exactly "Expand".
+    const allBtns = screen.getAllByRole("button");
+    const expandInCollapsed = allBtns.find(b => b.textContent?.trim() === "Expand");
+    expect(expandInCollapsed).toBeTruthy();
+    act(() => { expandInCollapsed!.click(); });
+    await flush();
+    expect(screen.getByTitle("Awareness dashboard")).toBeTruthy();
+  });
+
+  // ── KV Memory: Empty / Advanced toggle ───────────────────────────────────────
+
+  it("shows 'Advanced workspace memory is hidden' when advanced is collapsed", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByText(/advanced workspace memory is hidden/i)).toBeTruthy();
+  });
+
+  it("shows 'Show' button when advanced is collapsed", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    expect(screen.getByRole("button", { name: /show/i })).toBeTruthy();
+  });
+
+  it("shows 'Hide Advanced' after clicking Show", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByRole("button", { name: /hide advanced/i })).toBeTruthy();
+  });
+
+  it("shows empty state 'No memory entries' when advanced is shown and list is empty", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByText("No memory entries")).toBeTruthy();
+  });
+
+  // ── KV Memory: List rendering ───────────────────────────────────────────────
+
+  it("renders memory entries when advanced is open", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByText("user_context")).toBeTruthy();
+  });
+
+  it("renders multiple memory entries", async () => {
+    mockGet.mockResolvedValue([
+      entry({ key: "key1", value: "value1" }),
+      entry({ key: "key2", value: "value2" }),
+    ]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByText("key1")).toBeTruthy();
+    expect(screen.getByText("key2")).toBeTruthy();
+  });
+
+  it("shows chevron pointing right when entry is collapsed", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByText("▶")).toBeTruthy();
+  });
+
+  it("shows chevron pointing down when entry is expanded", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText("▼")).toBeTruthy();
+  });
+
+  it("shows entry value when expanded", async () => {
+    mockGet.mockResolvedValue([entry({ value: { foo: "bar" } })]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText(/"foo": "bar"/)).toBeTruthy();
+  });
+
+  it("shows updated_at timestamp when entry is expanded", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText(/updated:/i)).toBeTruthy();
+  });
+
+  it("shows Edit and Delete buttons when entry is expanded", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByRole("button", { name: /edit/i })).toBeTruthy();
+    expect(screen.getByRole("button", { name: /delete/i })).toBeTruthy();
+  });
+
+  it("shows TTL when entry has expires_at", async () => {
+    const future = new Date(Date.now() + 3600000).toISOString();
+    mockGet.mockResolvedValue([entry({ expires_at: future })]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText(/ttl/i)).toBeTruthy();
+  });
+
+  // ── Add Memory Entry ─────────────────────────────────────────────────────────
+
+  it("shows + Add button in KV section", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    expect(screen.getByRole("button", { name: /\+ add/i })).toBeTruthy();
+  });
+
+  it("opens add form when + Add is clicked", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    expect(screen.getByLabelText("Memory key")).toBeTruthy();
+    expect(screen.getByLabelText("Memory value (JSON or plain text)")).toBeTruthy();
+  });
+
+  it("requires key to be non-empty", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(screen.getByText(/key is required/i)).toBeTruthy();
+  });
+
+  it("POSTs correct payload when adding a string value", async () => {
+    mockGet.mockResolvedValue([]);
+    mockPost.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    typeIn(screen.getByLabelText("Memory key") as HTMLElement, "my_key");
+    typeIn(screen.getByLabelText("Memory value (JSON or plain text)") as HTMLElement, "plain text value");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    await waitFor(() => {
+      expect(screen.queryByLabelText("Memory key")).not.toBeTruthy();
+    });
+    expect(mockPost).toHaveBeenCalledWith(
+      "/workspaces/ws-1/memory",
+      expect.objectContaining({ key: "my_key", value: "plain text value" }),
+    );
+  });
+
+  it("POSTs parsed JSON when value is valid JSON", async () => {
+    mockGet.mockResolvedValue([]);
+    mockPost.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    typeIn(screen.getByLabelText("Memory key") as HTMLElement, "config");
+    typeIn(screen.getByLabelText("Memory value (JSON or plain text)") as HTMLElement, '{"debug": true}');
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(mockPost).toHaveBeenCalledWith(
+      "/workspaces/ws-1/memory",
+      expect.objectContaining({ key: "config", value: { debug: true } }),
+    );
+  });
+
+  it("POSTs with ttl_seconds when TTL is provided", async () => {
+    mockGet.mockResolvedValue([]);
+    mockPost.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    typeIn(screen.getByLabelText("Memory key") as HTMLElement, "temp_data");
+    typeIn(screen.getByLabelText("Memory value (JSON or plain text)") as HTMLElement, "value");
+    typeIn(screen.getByLabelText("TTL in seconds (optional)") as HTMLElement, "3600");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(mockPost).toHaveBeenCalledWith(
+      "/workspaces/ws-1/memory",
+      expect.objectContaining({ key: "temp_data", value: "value", ttl_seconds: 3600 }),
+    );
+  });
+
+  it("shows error when add fails", async () => {
+    mockGet.mockResolvedValue([]);
+    mockPost.mockRejectedValue(new Error("add failed"));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    typeIn(screen.getByLabelText("Memory key") as HTMLElement, "key");
+    typeIn(screen.getByLabelText("Memory value (JSON or plain text)") as HTMLElement, "val");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(screen.getByText(/add failed/i)).toBeTruthy();
+  });
+
+  it("closes add form and refreshes after successful add", async () => {
+    mockGet.mockResolvedValue([]);
+    mockPost.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    typeIn(screen.getByLabelText("Memory key") as HTMLElement, "new_key");
+    typeIn(screen.getByLabelText("Memory value (JSON or plain text)") as HTMLElement, "new_val");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    await waitFor(() => {
+      expect(screen.queryByLabelText("Memory key")).not.toBeTruthy();
+    });
+    expect(mockGet).toHaveBeenCalledWith("/workspaces/ws-1/memory");
+  });
+
+  it("closes add form when Cancel is clicked", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /\+ add/i }));
+    await flush();
+    expect(screen.getByLabelText("Memory key")).toBeTruthy();
+    act(() => { screen.getByRole("button", { name: /cancel/i }).click(); });
+    await flush();
+    await waitFor(() => {
+      expect(screen.queryByLabelText("Memory key")).not.toBeTruthy();
+    });
+  });
+
+  // ── Delete Memory Entry ─────────────────────────────────────────────────────
+
+  it("calls DEL when Delete is clicked", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockDel.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /delete/i }));
+    await flush();
+    expect(mockDel).toHaveBeenCalledWith(
+      "/workspaces/ws-1/memory/user_context",
+    );
+  });
+
+  it("removes entry from list after successful delete", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockDel.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText("user_context")).toBeTruthy();
+    fireEvent.click(screen.getByRole("button", { name: /delete/i }));
+    await flush();
+    expect(screen.queryByText("user_context")).toBeFalsy();
+  });
+
+  it("collapses entry if it was expanded when deleted", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockDel.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    // Expand the entry
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    expect(screen.getByText("▼")).toBeTruthy();
+    // Delete
+    fireEvent.click(screen.getByRole("button", { name: /delete/i }));
+    await flush();
+    expect(screen.queryByText("user_context")).toBeFalsy();
+  });
+
+  it("shows error when delete fails", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockDel.mockRejectedValue(new Error("delete failed"));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /delete/i }));
+    await flush();
+    expect(screen.getByText(/delete failed/i)).toBeTruthy();
+  });
+
+  // ── Edit Memory Entry ────────────────────────────────────────────────────────
+
+  it("shows edit form when Edit is clicked", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    expect(screen.getByLabelText(/edit value for user_context/i)).toBeTruthy();
+  });
+
+  it("pre-fills edit form with existing value", async () => {
+    mockGet.mockResolvedValue([entry({ value: { name: "Alice" } })]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    const textarea = screen.getByLabelText(/edit value for user_context/i);
+    expect((textarea as HTMLTextAreaElement).value).toContain("Alice");
+  });
+
+  it("POSTs updated value when Save is clicked", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockPost.mockResolvedValue({});
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    typeIn(screen.getByLabelText(/edit value for user_context/i) as HTMLElement, "updated_value");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    await waitFor(() => {
+      expect(screen.queryByLabelText(/edit value for user_context/i)).not.toBeTruthy();
+    });
+    expect(mockPost).toHaveBeenCalledWith(
+      "/workspaces/ws-1/memory",
+      expect.objectContaining({ key: "user_context", value: "updated_value", if_match_version: 3 }),
+    );
+  });
+
+  it("shows retry hint on 409 conflict during edit", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockPost.mockRejectedValue(new Error("409 Conflict: if_match_version mismatch"));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    typeIn(screen.getByLabelText(/edit value for user_context/i) as HTMLElement, "new_val");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(screen.getByText(/this entry changed since you opened it/i)).toBeTruthy();
+  });
+
+  it("shows generic error when edit save fails", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    mockPost.mockRejectedValue(new Error("save failed"));
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    typeIn(screen.getByLabelText(/edit value for user_context/i) as HTMLElement, "x");
+    await flush();
+    act(() => { screen.getByRole("button", { name: /save/i }).click(); });
+    await flush();
+    expect(screen.getByText(/save failed/i)).toBeTruthy();
+  });
+
+  it("closes edit form when Cancel is clicked", async () => {
+    mockGet.mockResolvedValue([entry()]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /show/i }));
+    await flush();
+    fireEvent.click(screen.getByText("user_context"));
+    await flush();
+    fireEvent.click(screen.getByRole("button", { name: /edit/i }));
+    await flush();
+    expect(screen.getByLabelText(/edit value for user_context/i)).toBeTruthy();
+    act(() => { screen.getByRole("button", { name: /cancel/i }).click(); });
+    await flush();
+    await waitFor(() => {
+      expect(screen.queryByLabelText(/edit value for/i)).not.toBeTruthy();
+    });
+  });
+
+  // ── Refresh ────────────────────────────────────────────────────────────────
+
+  it("Refresh button calls loadMemory", async () => {
+    mockGet.mockResolvedValue([]);
+    render(<MemoryTab workspaceId="ws-1" />);
+    await flush();
+    mockGet.mockClear();
+    fireEvent.click(screen.getByRole("button", { name: /refresh/i }));
+    await flush();
+    expect(mockGet).toHaveBeenCalledWith("/workspaces/ws-1/memory");
+  });
+
+});
@@ -1,9 +0,0 @@
-declare module "@novnc/novnc" {
-  export default class RFB extends EventTarget {
-    scaleViewport: boolean;
-    resizeSession: boolean;
-    focusOnClick: boolean;
-    constructor(target: HTMLElement, url: string, options?: { wsProtocols?: string[]; [key: string]: unknown });
-    disconnect(): void;
-  }
-}
@@ -219,9 +219,9 @@ a2a info                           # Show workspace info

 Both approaches use the same backend: platform registry for discovery, A2A protocol for messaging, and access control enforcement (parent↔child, siblings only).

-## Memory Tools
+## Workspace Awareness

-CLI runtimes keep the same memory tool surface as the Python runtime: `commit_memory` / `commit_memory_v2` / `search_memory` / `commit_summary` / `forget_memory` are exposed via the workspace's MCP bridge and route through the platform's v2 memory plugin under the workspace's `workspace:<id>` namespace. See [Memory Architecture](../architecture/memory.md) for the backend.
+CLI runtimes keep the same memory tool surface as the Python runtime. When `AWARENESS_URL` and `AWARENESS_NAMESPACE` are injected into the workspace, `commit_memory` and `search_memory` route to the workspace's own awareness namespace instead of the fallback platform memory API. This keeps the agent contract stable while giving each workspace an isolated memory scope.

 ## Task Status Reporting

@@ -103,6 +103,8 @@ env:
  required:
    - ANTHROPIC_API_KEY
  optional:
+    - AWARENESS_URL
+    - AWARENESS_NAMESPACE
    - ANTHROPIC_BASE_URL
    - OPENAI_BASE_URL
    - GSC_CLIENT_ID
@@ -27,7 +27,7 @@ Adapter-specific behavior is documented in [Agent Runtime Adapters](./cli-runtim
 - serving A2A over HTTP
 - registering with the platform and sending heartbeats
 - reporting activity and task state
- proxying durable memory tools through the v2 memory plugin
+- integrating with awareness-backed memory when configured
 - hot-reloading skills while the workspace is running

 ## Environment Model
@@ -39,6 +39,8 @@ WORKSPACE_ID=ws-123
 WORKSPACE_CONFIG_PATH=/configs
 PLATFORM_URL=http://platform:8080
 PARENT_ID=
+AWARENESS_URL=http://awareness:37800
+AWARENESS_NAMESPACE=workspace:ws-123
 LANGFUSE_HOST=http://langfuse-web:3000
 LANGFUSE_PUBLIC_KEY=...
 LANGFUSE_SECRET_KEY=...
@@ -47,7 +49,8 @@ LANGFUSE_SECRET_KEY=...
 Important behavior:

 - `WORKSPACE_CONFIG_PATH` points at the mounted config directory for that workspace.
- Memory MCP tools route through the platform's v2 memory plugin (see Memory Architecture doc); there is no per-workspace memory env var anymore — the plugin sidecar is provisioned at the tenant EC2 boundary.
+- `AWARENESS_URL` + `AWARENESS_NAMESPACE` enable workspace-scoped awareness-backed memory.
+- If awareness is absent, runtime memory tools fall back to the platform memory endpoints for compatibility.

 ## Startup Sequence

@@ -79,7 +82,8 @@ At a high level, `workspace/main.py` does this:
 | `skills/loader.py` | Parses `SKILL.md`, loads tool modules, returns loaded skill metadata |
 | `skills/watcher.py` | Hot reload path for skill changes |
 | `plugins.py` | Scans mounted plugins for shared rules, prompt fragments, and extra skills |
-| `tools/memory.py` | Agent memory tools (route through the platform's v2 memory plugin via the workspace-server proxy) |
+| `tools/memory.py` | Agent memory tools |
+| `tools/awareness_client.py` | Awareness-backed persistence wrapper |
 | `coordinator.py` | Coordinator-only delegation path for team leads |

 ## Skills, Plugins, And Hot Reload
@@ -99,28 +103,23 @@ Hot reload matters because the runtime is designed to keep a workspace alive whi

 The watcher rescans the skill package, rebuilds the agent tool surface, and updates the Agent Card so peers and the canvas reflect the new capabilities.

-## Memory Integration
+## Awareness And Memory Integration

 The runtime keeps the agent-facing contract stable:

- `commit_memory(content, scope)` — legacy MCP name, routed through the
-  v2 plugin's scope→namespace shim
- `commit_memory_v2(content, namespace)` — direct v2 surface
- `search_memory(query, namespace?)` — v2 plugin search with FTS +
-  semantic scoring when the plugin declares the capability
+- `commit_memory(content, scope)`
+- `search_memory(query, scope)`

-All writes land in the workspace's `workspace:<workspace_id>` namespace
-unless the agent passes an explicit one. Cross-workspace namespaces
-(`team:<root>`, `org:<root>`) follow the platform's namespace ACL
-(`internal/memory/namespace/resolver.go`). There is no per-workspace
-memory env var on the runtime side — the plugin lives on the tenant
-EC2 at `localhost:9100`, spawned by `entrypoint-tenant.sh` when
-`MEMORY_PLUGIN_URL` is present in the tenant-server's env (CP
-user-data injects it during tenant provisioning). The workspace-server
-proxies all memory calls through that sidecar.
+When awareness is configured:

-See [Memory Architecture](../architecture/memory.md) for the full
-backend story.
+- the tools route durable facts to the workspace's own awareness namespace
+- the namespace defaults to `workspace:<workspace_id>` unless explicitly overridden
+
+When awareness is not configured:
+
+- the same tools fall back to the platform memory endpoints
+
+That design lets the platform improve the backend memory boundary without forcing every agent prompt or tool signature to change.

 ## Coordinator Enforcement

@@ -47,26 +47,18 @@ It is useful for structured per-workspace state and optional TTL entries. It is

 `GET /workspaces/:id/session-search` provides a thin recall surface over recent activity rows and memory rows. It is for “what just happened in this workspace?” rather than long-term semantic storage.

-### 4. Memory v2 plugin (`memory_records` / `memory_namespaces`)
+### 4. Awareness-backed persistence

-This is the production-direction backend, behind the RFC #2728 HTTP
-contract. The plugin runs as a sidecar on each tenant EC2 (auto-spawned
-by `entrypoint-tenant.sh` when `MEMORY_PLUGIN_URL` is set), owns its
-own tables under the `memory_plugin` schema, and serves:
+When the runtime receives:

- `POST /workspaces/:id/v2/memories` (canvas `MemoryInspectorPanel`)
- `GET /workspaces/:id/v2/memories`
- `DELETE /workspaces/:id/v2/memories/:id`
- runtime tools `commit_memory_v2`, `search_memory`, `commit_summary`,
-  `forget_memory`
- legacy MCP tool names `commit_memory` / `recall_memory` via the
-  scope→namespace shim in `mcp_tools_memory_legacy_shim.go`
+```bash
+AWARENESS_URL=...
+AWARENESS_NAMESPACE=workspace:<id>
+```

-Capability negotiation (FTS, embedding, TTL, pin, propagation) is
-declared by the plugin via `GET /v1/health`; workspace-server adapts
-the tool surface to what the plugin actually supports. See
-[`memory-plugin-v1.yaml`](../api-protocol/memory-plugin-v1.yaml) for
-the full wire contract.
+the same memory tools keep the same interface, but durable memory writes/reads are routed through the workspace's awareness namespace.
+
+This is the current production direction of the memory boundary: stable tool surface, stronger backend isolation.

 ## Access Model

@@ -129,7 +121,7 @@ If you need:
 - **org-wide guidance**: use `GLOBAL`
 - **simple UI-visible structured state**: use `workspace_memory`
 - **recent decision/task recall**: use `session-search`
- **semantic / FTS search across memories**: use the v2 plugin endpoints (`/v2/memories?q=…`); they go through the plugin's pgvector + tsvector indexes when the plugin declares the capability
+- **stronger durable isolation**: enable awareness namespaces

 ## Related Docs

@@ -426,10 +426,10 @@ submitted → working → completed

 | Surface | Storage | Endpoint | Purpose |
 |---------|---------|----------|---------|
-| **Memory v2 plugin (SSOT)** | `memory_plugin.memory_records` table via RFC #2728 HTTP plugin | `POST /workspaces/:id/v2/memories`, MCP tools `commit_memory` / `commit_memory_v2` / `commit_summary` | Production memory backend — agent reads/writes route through here exclusively |
-| **Key/value workspace memory** | `workspace_memory` table | `POST /workspaces/:id/memory` | Simple structured state, UI-visible, optional TTL — separate from agent memory |
-| **Activity recall** | `activity_logs` + `agent_memories` (legacy read-only) | `GET /workspaces/:id/session-search` | "What just happened?" contextual recall |
-| **Legacy `agent_memories`** | `agent_memories` table | `POST /workspaces/:id/memories` (REST) | Frozen post-A1 — kept only for the REST canvas-side path; the workspace-create `seedInitialMemories` writer routes through the v2 plugin once #1755 (PR #1759) lands. Scheduled for drop in Phase A3 (#1733). |
+| **Scoped agent memory** | `agent_memories` table | `POST /workspaces/:id/memories` | HMA-backed distributed memory with scope enforcement |
+| **Key/value workspace memory** | `workspace_memory` table | `POST /workspaces/:id/memory` | Simple structured state, UI-visible, optional TTL |
+| **Activity recall** | `activity_logs` + `agent_memories` | `GET /workspaces/:id/session-search` | "What just happened?" contextual recall |
+| **Awareness-backed** | External service | Same tool interface | When `AWARENESS_URL` + `AWARENESS_NAMESPACE` configured |

 ### Memory → Skill Compounding Flywheel

@@ -740,6 +740,7 @@ requires:
 | `hitl.py` | Multi-channel HITL (dashboard, Slack, email) | hitl.bypass_roles |
 | `sandbox.py` | Code execution (subprocess or Docker backend) | sandbox access |
 | `telemetry.py` | OpenTelemetry span creation and tracing | trace emission |
+| `awareness_client.py` | Awareness namespace memory wrapper | memory scope |
 | `security_scan.py` | CVE and security scanning (pip-audit/Snyk) | security audit |
 | `temporal_workflow.py` | Temporal.io workflow integration | workflow engine |
 | `a2a_tools.py` | A2A delegation helpers and route resolution | delegate/receive |
@@ -748,7 +749,8 @@ requires:

 | Server | Purpose |
 |--------|---------|
-| `molecule` | 20+ platform management tools (workspace CRUD, chat, memory, teams, secrets, files, approvals) — includes `commit_memory` / `commit_memory_v2` / `search_memory` routed through the v2 plugin |
+| `molecule` | 20+ platform management tools (workspace CRUD, chat, memory, teams, secrets, files, approvals) |
+| `awareness-memory` | Persistent cross-session memory via Awareness SDK |

 ---

@@ -907,7 +909,7 @@ Postgres + Redis + Langfuse only (for local development without containerized wo
 | `CORS_ORIGINS` | `http://localhost:3000,...` | CORS whitelist |
 | `RATE_LIMIT` | `600` | Requests per minute |
 | `WORKSPACE_DIR` | Optional | Shared workspace volume |
-| `MEMORY_PLUGIN_URL` | Unset by default | v2 memory plugin sidecar address. Typically set externally — CP user-data injects `http://localhost:9100` on tenant EC2 boot, which `entrypoint-tenant.sh` reads as the signal to spawn the bundled `memory-plugin` sidecar on the matching loopback port. When unset, today (pre-#1747) the legacy `agent_memories` SQL path is used as silent fallback; after #1747 (RFC #1733 Phase A1) lands, memory MCP tools return a "plugin not configured" error instead. |
+| `AWARENESS_URL` | Optional | Awareness service URL |

 ### Canvas (Next.js)

@@ -925,6 +927,8 @@ Postgres + Redis + Langfuse only (for local development without containerized wo
 | `WORKSPACE_CONFIG_PATH` | `/configs` | Config directory mount |
 | `PLATFORM_URL` | `http://platform:8080` | Platform connection |
 | `PARENT_ID` | Empty | Parent workspace ID (set if nested) |
+| `AWARENESS_URL` | Optional | Awareness service |
+| `AWARENESS_NAMESPACE` | Optional | Scoped namespace for awareness memory |
 | `LANGFUSE_HOST` | `http://langfuse-web:3000` | Langfuse endpoint |
 | `LANGFUSE_PUBLIC_KEY` | Optional | Langfuse auth |
 | `LANGFUSE_SECRET_KEY` | Optional | Langfuse auth |
@@ -1087,6 +1091,20 @@ Every Tier 1 launch (Open Interpreter, CrewAI) had all four elements.
 }
 ```

+### Awareness MCP Server
+
+For persistent cross-session memory:
+
+```json
+{
+  "awareness-memory": {
+    "type": "stdio",
+    "command": "npx",
+    "args": ["-y", "@awareness-sdk/local", "mcp"]
+  }
+}
+```
+
 ---

 ## 29. Summary Statistics
@@ -27,7 +27,7 @@ features:
    details: Current main ships adapters for LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, and OpenClaw under one workspace contract and A2A surface.
    icon: "⚙️"
  - title: Hierarchical Memory
-    details: HMA-style LOCAL, TEAM, and GLOBAL scopes backed by the v2 memory plugin (per-tenant pgvector sidecar with FTS + semantic recall).
+    details: HMA-style LOCAL, TEAM, and GLOBAL scopes plus workspace-scoped awareness namespaces when awareness is configured.
    icon: "🧠"
  - title: Skill Evolution
    details: Local SKILL.md packages, tool loading, plugin-mounted shared capabilities, hot reload, and a documented memory-to-skill promotion path.
@@ -50,7 +50,7 @@ features:
 | **Canvas** | Empty-state deployment, onboarding guide, 10-tab side panel, template palette, bundle import/export, drag-to-nest teams, search, activity and trace views |
 | **Platform** | Workspace CRUD, registry, A2A proxy, team expansion, approvals, secrets, global secrets, memory APIs, files API, terminal, viewport persistence, WebSocket fanout |
 | **Runtime** | One workspace image with six shipping adapters on `main`: LangGraph, DeepAgents, Claude Code, CrewAI, AutoGen, OpenClaw |
-| **Memory** | v2 plugin (pgvector + FTS) serving scoped agent memories under per-workspace namespaces; key/value workspace memory; session-search recall |
+| **Memory** | Scoped agent memories, key/value workspace memory, session-search recall, awareness namespace injection |
 | **Skills** | Local skill packages, plugin-mounted shared skills/rules, audit/install/publish CLI helpers, hot reload |

 ## Compatibility Note
@@ -28,7 +28,9 @@
    {"name": "claude-code-default", "repo": "molecule-ai/molecule-ai-workspace-template-claude-code", "ref": "main"},
    {"name": "hermes", "repo": "molecule-ai/molecule-ai-workspace-template-hermes", "ref": "main"},
    {"name": "openclaw", "repo": "molecule-ai/molecule-ai-workspace-template-openclaw", "ref": "main"},
-    {"name": "codex", "repo": "molecule-ai/molecule-ai-workspace-template-codex", "ref": "main"}
+    {"name": "codex", "repo": "molecule-ai/molecule-ai-workspace-template-codex", "ref": "main"},
+    {"name": "langgraph", "repo": "molecule-ai/molecule-ai-workspace-template-langgraph", "ref": "main"},
+    {"name": "autogen", "repo": "molecule-ai/molecule-ai-workspace-template-autogen", "ref": "main"}
  ],
  "org_templates": [
    {"name": "molecule-dev", "repo": "molecule-ai/molecule-ai-org-template-molecule-dev", "ref": "main"},
@@ -1,9 +0,0 @@
-- Reverse of 000_schema_bootstrap.up.sql.
--
-- Drops the dedicated schema and every plugin object inside it. Operator
-- runs this only when intentionally tearing down the v2 plugin store on
-- a shared tenant Postgres. Down migrations are NOT auto-applied by the
-- plugin (cmd/memory-plugin-postgres/main.go:runMigrations comment) —
-- this file is for manual operator-driven cleanup.
-
-DROP SCHEMA IF EXISTS memory_plugin CASCADE;
@@ -1,31 +0,0 @@
-- Create the dedicated schema this plugin owns when it shares a Postgres
-- with the tenant platform (the default deployment shape — see
-- entrypoint-tenant.sh which appends `search_path=memory_plugin,public`
-- to DATABASE_URL when the operator hasn't set MEMORY_PLUGIN_DATABASE_URL
-- explicitly).
--
-- The schema name `memory_plugin` matches the search_path injected by
-- the entrypoint; sql.Open's URL controls *where* subsequent CREATE
-- TABLE lands (search_path) but does NOT auto-create the target schema,
-- so the plugin has to do it itself before 001_memory_v2 runs.
--
-- About the `,public` fallback in search_path: pgvector ships as an
-- extension that lives in one schema. On fresh tenants 001_memory_v2's
-- `CREATE EXTENSION IF NOT EXISTS vector` installs it into the first
-- writable schema in search_path (memory_plugin — SSOT preserved). On
-- tenants where pgvector was already installed into `public` by a
-- prior boot, the IF NOT EXISTS is a no-op and the extension stays in
-- public; the `vector(1536)` type reference in 001 then resolves via
-- the public fallback. Without that fallback, 001 would die with
-- "type vector does not exist" on every pre-existing tenant (#1742
-- review finding).
--
-- Operators who point the plugin at a dedicated database (no shared
-- tenant tables) can leave this no-op: CREATE SCHEMA IF NOT EXISTS is
-- idempotent and a fresh DB happily owns a `memory_plugin` schema.
--
-- Migration files are sorted alphabetically (cmd/memory-plugin-postgres/
-- main.go:runMigrationsFromEmbed → sort.Strings), so 000_ runs before
-- 001_memory_v2 which assumes the schema already exists in search_path.
-
-CREATE SCHEMA IF NOT EXISTS memory_plugin;
@@ -34,49 +34,13 @@ func TestMigrationsEmbedded_ContainsCreateTable(t *testing.T) {
 			t.Errorf("read embedded %q: %v", e.Name(), err)
 			continue
 		}
-		// Each file must contain at least one DDL statement we expect to see
-		// — guards against truncated / empty files that would silently embed.
-		if !containsAnyDDL(string(data)) {
-			t.Errorf("embedded %q contains no recognized DDL (CREATE TABLE/SCHEMA/EXTENSION/INDEX) — wrong or truncated file?", e.Name())
+		if !strings.Contains(string(data), "CREATE TABLE") {
+			t.Errorf("embedded %q has no CREATE TABLE — wrong file embedded?", e.Name())
 		}
 	}
 	if !seenUp {
 		t.Fatal("no *.up.sql in embedded migrations — runtime would have no schema to apply")
 	}
-
-	// Per-file invariants (issue #1742 review finding). The previous global
-	// "at least one file has CREATE TABLE somewhere" check let a future
-	// rewrite of 001_memory_v2.up.sql silently regress to schema-only as
-	// long as any other file declared a table. Pin the load-bearing DDL
-	// per filename so a wrong-or-truncated 001 fails this test loudly.
-	assertFileContains(t, "000_schema_bootstrap.up.sql", "CREATE SCHEMA")
-	assertFileContains(t, "001_memory_v2.up.sql", "CREATE TABLE")
-	assertFileContains(t, "001_memory_v2.up.sql", "memory_records")
-	assertFileContains(t, "001_memory_v2.up.sql", "memory_namespaces")
-}
-
-// assertFileContains fails the test if the embedded migration `name`
-// either can't be read or doesn't contain `needle`. Pulled out so each
-// per-file pin reads as one line.
-func assertFileContains(t *testing.T, name, needle string) {
-	t.Helper()
-	data, err := migrationsFS.ReadFile("migrations/" + name)
-	if err != nil {
-		t.Errorf("required migration %q not embedded: %v", name, err)
-		return
-	}
-	if !strings.Contains(string(data), needle) {
-		t.Errorf("migration %q must contain %q — wrong or truncated file?", name, needle)
-	}
-}
-
-func containsAnyDDL(sql string) bool {
-	for _, kw := range []string{"CREATE TABLE", "CREATE SCHEMA", "CREATE EXTENSION", "CREATE INDEX", "CREATE OR REPLACE", "ALTER TABLE"} {
-		if strings.Contains(sql, kw) {
-			return true
-		}
-	}
-	return false
 }

 // TestRunMigrationsFromEmbed_OrderingIsAlphabetic pins that we apply
@@ -30,7 +30,7 @@ func TestRefreshEnvFromCP_AppliesCPResponse(t *testing.T) {
 			t.Errorf("org id header: got %q", got)
 		}
 		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, `{"MOLECULE_CP_SHARED_SECRET":"new-secret","MOLECULE_CP_URL":"https://api.moleculesai.app","DISPLAY_SESSION_SIGNING_SECRET":"display-secret"}`)
+		fmt.Fprint(w, `{"MOLECULE_CP_SHARED_SECRET":"new-secret","MOLECULE_CP_URL":"https://api.moleculesai.app"}`)
 	}))
 	defer srv.Close()

@@ -45,9 +45,6 @@ func TestRefreshEnvFromCP_AppliesCPResponse(t *testing.T) {
 	if got := os.Getenv("MOLECULE_CP_SHARED_SECRET"); got != "new-secret" {
 		t.Errorf("SHARED_SECRET: want new-secret, got %q", got)
 	}
-	if got := os.Getenv("DISPLAY_SESSION_SIGNING_SECRET"); got != "display-secret" {
-		t.Errorf("DISPLAY_SESSION_SIGNING_SECRET: want display-secret, got %q", got)
-	}
 }

 // TestRefreshEnvFromCP_CPUnreachableDoesNotFailBoot: network errors must
@@ -210,12 +210,6 @@ func main() {
 	memBundle := memwiring.Build(db.DB)
 	if memBundle != nil {
 		wh.WithNamespaceCleanup(memBundle.NamespaceCleanupFn())
-		// Issue #1755: route workspace-create `initial_memories` through
-		// the v2 plugin instead of the legacy `agent_memories` table.
-		// Same plugin client the MCP tools use, same namespace
-		// (`workspace:<id>`); writes are visible to subsequent
-		// `recall_memory` calls on the same workspace.
-		wh.WithSeedMemoryPlugin(memBundle.Plugin)
 	}

 	// External-plugin env mutators — each plugin contributes 0+ mutators
@@ -23,57 +23,22 @@ CANVAS_PID=$!
 # Memory v2 sidecar (built-in postgres plugin). See Dockerfile entrypoint
 # comment for rationale.
 #
-# Spawn-gating: start the sidecar when MEMORY_PLUGIN_URL is set.
-# Without it, the sidecar adds zero value and risks aborting tenant
-# boot via the 30s health gate when the tenant Postgres lacks
+# Spawn-gating: only start the sidecar when the operator has indicated
+# they want it (MEMORY_V2_CUTOVER=true OR MEMORY_PLUGIN_URL set).
+# Without that signal, the sidecar adds zero value and risks aborting
+# tenant boot via the 30s health gate when the tenant Postgres lacks
 # pgvector. Caught on staging redeploy 2026-05-05:
 #   pq: extension "vector" is not available
 #
 # Defaults (when sidecar IS spawned): MEMORY_PLUGIN_DATABASE_URL
 # falls back to the tenant's DATABASE_URL.
-#
-# MEMORY_V2_CUTOVER is deprecated as of #1747 — the workspace-server
-# binary no longer reads it (v2 is unconditional now; the legacy SQL
-# fallback in mcp_tools.go is gone). The entrypoint still accepts it
-# as a synonym for "operator wants the sidecar" so old CP user-data
-# templates keep working through the rollout. When CP user-data drops
-# the var, this branch can go.
 MEMORY_PLUGIN_PID=""
 memory_plugin_wanted=""
-if [ -n "$MEMORY_PLUGIN_URL" ]; then
+if [ "$MEMORY_V2_CUTOVER" = "true" ] || [ -n "$MEMORY_PLUGIN_URL" ]; then
  memory_plugin_wanted=1
-elif [ "$MEMORY_V2_CUTOVER" = "true" ]; then
-  memory_plugin_wanted=1
-  echo "memory-plugin: ⚠️  MEMORY_V2_CUTOVER is deprecated (#1747) — set MEMORY_PLUGIN_URL instead. Spawning sidecar on the implied default this boot." >&2
 fi
 if [ -z "$MEMORY_PLUGIN_DISABLE" ] && [ -n "$memory_plugin_wanted" ] && [ -n "$DATABASE_URL" ]; then
-  # Schema isolation (issue #1733): when defaulting from the tenant
-  # DATABASE_URL we co-locate the plugin's tables under a dedicated
-  # `memory_plugin` schema so they never collide with platform-tenant
-  # tables in `public`. The plugin's 000_schema_bootstrap migration
-  # creates the schema; search_path here directs every subsequent CREATE
-  # TABLE / SELECT to land in it.
-  #
-  # The search_path includes `public` as a fallback so the `vector` type
-  # resolves regardless of which schema pgvector was installed into.
-  # Fresh tenants (no prior `CREATE EXTENSION vector`) install the
-  # extension into `memory_plugin` (first writable schema in the path),
-  # keeping the SSOT intent. Tenants where pgvector was already
-  # installed into `public` by a prior boot or operator action keep the
-  # extension where it is and resolve `vector(1536)` via the public
-  # fallback — without this fallback those tenants would crash the
-  # plugin boot with "type vector does not exist" once the migrations
-  # try to create memory_records (#1742 review finding).
-  #
-  # Operators who explicitly set MEMORY_PLUGIN_DATABASE_URL (separate DB
-  # entirely) keep full control — search_path is only injected when we
-  # default from DATABASE_URL.
-  if [ -z "$MEMORY_PLUGIN_DATABASE_URL" ]; then
-    case "$DATABASE_URL" in
-      *\?*) MEMORY_PLUGIN_DATABASE_URL="${DATABASE_URL}&search_path=memory_plugin,public" ;;
-      *)    MEMORY_PLUGIN_DATABASE_URL="${DATABASE_URL}?search_path=memory_plugin,public" ;;
-    esac
-  fi
+  : "${MEMORY_PLUGIN_DATABASE_URL:=$DATABASE_URL}"
  : "${MEMORY_PLUGIN_LISTEN_ADDR:=:9100}"
  export MEMORY_PLUGIN_DATABASE_URL MEMORY_PLUGIN_LISTEN_ADDR
  echo "memory-plugin: starting sidecar on $MEMORY_PLUGIN_LISTEN_ADDR" >&2
@@ -229,7 +229,7 @@ func (e *proxyA2AError) Error() string {
 // cron scheduler and other internal callers that need to send A2A messages
 // to workspaces programmatically (not from an HTTP handler).
 func (h *WorkspaceHandler) ProxyA2ARequest(ctx context.Context, workspaceID string, body []byte, callerID string, logActivity bool) (int, []byte, error) {
-	status, resp, proxyErr := h.proxyA2ARequest(ctx, workspaceID, body, callerID, logActivity, false)
+	status, resp, proxyErr := h.proxyA2ARequest(ctx, workspaceID, body, callerID, logActivity)
 	if proxyErr != nil {
 		return status, resp, proxyErr
 	}
@@ -308,21 +308,13 @@ func (h *WorkspaceHandler) ProxyA2A(c *gin.Context) {
 	// The bind is strict: the token must match `callerID`, not
 	// `workspaceID` (the target). A compromised token from workspace A
 	// must never authenticate calls from A pretending to be B.
-	//
-	// Post-RFC#637: canvas users now send X-Workspace-ID (their identity
-	// workspace). validateCallerToken detects canvas/admin auth on a
-	// tokenless workspace and returns isCanvasUser=true so the proxy can
-	// bypass CanCommunicate (human users sit outside the hierarchy).
-	isCanvasUser := false
-	if callerID != "" && callerID != workspaceID && !isSystemCaller(callerID) {
-		var err error
-		isCanvasUser, err = validateCallerToken(ctx, c, callerID)
-		if err != nil {
+	if callerID != "" && callerID != workspaceID {
+		if err := validateCallerToken(ctx, c, callerID); err != nil {
 			return // response already written with 401
 		}
 	}

-	status, respBody, proxyErr := h.proxyA2ARequest(ctx, workspaceID, body, callerID, true, isCanvasUser)
+	status, respBody, proxyErr := h.proxyA2ARequest(ctx, workspaceID, body, callerID, true)
 	if proxyErr != nil {
 		for k, v := range proxyErr.Headers {
 			c.Header(k, v)
@@ -361,13 +353,11 @@ func (h *WorkspaceHandler) checkWorkspaceBudget(ctx context.Context, workspaceID
 	return nil
 }

-func (h *WorkspaceHandler) proxyA2ARequest(ctx context.Context, workspaceID string, body []byte, callerID string, logActivity bool, isCanvasUser bool) (int, []byte, *proxyA2AError) {
+func (h *WorkspaceHandler) proxyA2ARequest(ctx context.Context, workspaceID string, body []byte, callerID string, logActivity bool) (int, []byte, *proxyA2AError) {
 	// Access control: workspace-to-workspace requests must pass CanCommunicate check.
 	// Canvas requests (callerID == "") and system callers (webhook:*, system:*, test:*)
 	// are trusted. Self-calls (callerID == workspaceID) are always allowed.
-	// Post-RFC#637: canvas-user identity workspaces also bypass CanCommunicate
-	// because human users sit outside the org hierarchy.
-	if callerID != "" && callerID != workspaceID && !isSystemCaller(callerID) && !isCanvasUser {
+	if callerID != "" && callerID != workspaceID && !isSystemCaller(callerID) {
 		if !registry.CanCommunicate(callerID, workspaceID) {
 			log.Printf("ProxyA2A: access denied %s → %s", callerID, workspaceID)
 			return 0, nil, &proxyA2AError{
@@ -5,21 +5,17 @@ package handlers

 import (
 	"context"
-	"crypto/subtle"
 	"database/sql"
 	"encoding/json"
 	"errors"
 	"log"
 	"net/http"
-	"os"
 	"strconv"
 	"time"

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/events"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/middleware"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/orgtoken"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/wsauth"
 	"github.com/gin-gonic/gin"
 )
@@ -423,53 +419,31 @@ func nilIfEmpty(s string) *string {
 // (their next /registry/register will mint their first token, after
 // which this branch never fires again for them).
 //
-// Post-RFC#637 addition: when the tokenless workspace is accompanied by
-// canvas or admin auth (same-origin request, admin bearer, or org-level
-// token), the caller is identified as a canvas-user identity rather than
-// a legacy peer agent. The returned isCanvasUser flag lets the A2A proxy
-// bypass CanCommunicate for human users, who sit outside the workspace
-// hierarchy.
-//
 // On auth failure this writes the 401 via c and returns an error so the
 // handler aborts without running the proxy.
-func validateCallerToken(ctx context.Context, c *gin.Context, callerID string) (isCanvasUser bool, err error) {
-	hasLive, dbErr := wsauth.HasAnyLiveToken(ctx, db.DB, callerID)
-	if dbErr != nil {
+func validateCallerToken(ctx context.Context, c *gin.Context, callerID string) error {
+	hasLive, err := wsauth.HasAnyLiveToken(ctx, db.DB, callerID)
+	if err != nil {
 		// Fail-open here matches the heartbeat path — A2A caller auth is
 		// defense-in-depth on top of access-control hierarchy, not the
 		// sole gate on the secret material. A DB hiccup shouldn't take
 		// the whole A2A path down.
-		log.Printf("wsauth: caller HasAnyLiveToken(%s) failed: %v — allowing A2A", callerID, dbErr)
-		return false, nil
+		log.Printf("wsauth: caller HasAnyLiveToken(%s) failed: %v — allowing A2A", callerID, err)
+		return nil
 	}
 	if !hasLive {
-		// Tokenless workspace — could be legacy/pre-upgrade caller or
-		// canvas-user identity. Distinguish by request auth signals.
-		if middleware.IsSameOriginCanvas(c) {
-			return true, nil
-		}
-		tok := wsauth.BearerTokenFromHeader(c.GetHeader("Authorization"))
-		if tok != "" {
-			adminSecret := os.Getenv("ADMIN_TOKEN")
-			if adminSecret != "" && subtle.ConstantTimeCompare([]byte(tok), []byte(adminSecret)) == 1 {
-				return true, nil
-			}
-			if _, _, _, err := orgtoken.Validate(ctx, db.DB, tok); err == nil {
-				return true, nil
-			}
-		}
-		return false, nil // legacy / pre-upgrade caller
+		return nil // legacy / pre-upgrade caller
 	}
 	tok := wsauth.BearerTokenFromHeader(c.GetHeader("Authorization"))
 	if tok == "" {
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "missing caller auth token"})
-		return false, errInvalidCallerToken
+		return errInvalidCallerToken
 	}
 	if err := wsauth.ValidateToken(ctx, db.DB, callerID, tok); err != nil {
 		c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid caller auth token"})
-		return false, err
+		return err
 	}
-	return false, nil
+	return nil
 }

 // errInvalidCallerToken is a sentinel for validateCallerToken's "missing
@@ -1112,13 +1112,9 @@ func TestValidateCallerToken_LegacyCallerGrandfathered(t *testing.T) {
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest("POST", "/workspaces/x/a2a", bytes.NewBufferString("{}"))

-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-legacy")
-	if err != nil {
+	if err := validateCallerToken(context.Background(), c, "ws-legacy"); err != nil {
 		t.Errorf("legacy caller should grandfather through; got %v", err)
 	}
-	if isCanvasUser {
-		t.Errorf("legacy caller should NOT be identified as canvas user")
-	}
 	if w.Code != 200 {
 		// gin default before c.JSON is 200; we want no error response written
 		if w.Body.Len() != 0 {
@@ -1140,13 +1136,10 @@ func TestValidateCallerToken_MissingTokenWhenOnFile(t *testing.T) {
 	c.Request = httptest.NewRequest("POST", "/workspaces/x/a2a", bytes.NewBufferString("{}"))
 	// No Authorization header set

-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-authed")
+	err := validateCallerToken(context.Background(), c, "ws-authed")
 	if err == nil {
 		t.Fatal("expected error for missing token")
 	}
-	if isCanvasUser {
-		t.Errorf("authed workspace with missing token should NOT be canvas user")
-	}
 	if w.Code != http.StatusUnauthorized {
 		t.Errorf("expected 401, got %d", w.Code)
 	}
@@ -1171,13 +1164,9 @@ func TestValidateCallerToken_InvalidToken(t *testing.T) {
 	req.Header.Set("Authorization", "Bearer wrong")
 	c.Request = req

-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-authed")
-	if err == nil {
+	if err := validateCallerToken(context.Background(), c, "ws-authed"); err == nil {
 		t.Fatal("expected error for bad token")
 	}
-	if isCanvasUser {
-		t.Errorf("authed workspace with bad token should NOT be canvas user")
-	}
 	if w.Code != http.StatusUnauthorized {
 		t.Errorf("expected 401, got %d", w.Code)
 	}
@@ -1203,13 +1192,9 @@ func TestValidateCallerToken_ValidToken(t *testing.T) {
 	req.Header.Set("Authorization", "Bearer goodtok")
 	c.Request = req

-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-authed")
-	if err != nil {
+	if err := validateCallerToken(context.Background(), c, "ws-authed"); err != nil {
 		t.Errorf("valid token should pass; got %v", err)
 	}
-	if isCanvasUser {
-		t.Errorf("authed workspace with valid token should NOT be canvas user")
-	}
 }

 func TestValidateCallerToken_WrongWorkspaceBindingRejected(t *testing.T) {
@@ -1231,86 +1216,14 @@ func TestValidateCallerToken_WrongWorkspaceBindingRejected(t *testing.T) {
 	req.Header.Set("Authorization", "Bearer tok-for-A")
 	c.Request = req

-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-b-attacker")
-	if err == nil {
+	if err := validateCallerToken(context.Background(), c, "ws-b-attacker"); err == nil {
 		t.Fatal("token from A must not authenticate caller B")
 	}
-	if isCanvasUser {
-		t.Errorf("cross-workspace token replay should NOT be identified as canvas user")
-	}
 	if w.Code != http.StatusUnauthorized {
 		t.Errorf("expected 401, got %d", w.Code)
 	}
 }

-func TestValidateCallerToken_CanvasUser_AdminToken(t *testing.T) {
-	mock := setupTestDB(t)
-	setupTestRedis(t)
-
-	// Tokenless workspace
-	mock.ExpectQuery(`SELECT COUNT\(\*\) FROM workspace_auth_tokens`).
-		WithArgs("ws-canvas-admin").
-		WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(0))
-
-	t.Setenv("ADMIN_TOKEN", "admin-secret-42")
-
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	req := httptest.NewRequest("POST", "/workspaces/x/a2a", bytes.NewBufferString("{}"))
-	req.Header.Set("Authorization", "Bearer admin-secret-42")
-	c.Request = req
-
-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-canvas-admin")
-	if err != nil {
-		t.Errorf("admin token should identify canvas user; got error: %v", err)
-	}
-	if !isCanvasUser {
-		t.Errorf("admin token bearer should be identified as canvas user")
-	}
-	if w.Code != 200 || w.Body.Len() != 0 {
-		t.Errorf("admin token path should not write a response body; got %d: %s", w.Code, w.Body.String())
-	}
-}
-
-func TestValidateCallerToken_CanvasUser_OrgToken(t *testing.T) {
-	mock := setupTestDB(t)
-	setupTestRedis(t)
-
-	// Tokenless workspace
-	mock.ExpectQuery(`SELECT COUNT\(\*\) FROM workspace_auth_tokens`).
-		WithArgs("ws-canvas-org").
-		WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(0))
-
-	// orgtoken.Validate lookup
-	mock.ExpectQuery(`SELECT id, prefix, org_id FROM org_api_tokens WHERE token_hash = .* AND revoked_at IS NULL`).
-		WithArgs(sqlmock.AnyArg()).
-		WillReturnRows(sqlmock.NewRows([]string{"id", "prefix", "org_id"}).AddRow("orgtok-1", "pref1234", "org-1"))
-	mock.ExpectExec(`UPDATE org_api_tokens SET last_used_at`).
-		WithArgs("orgtok-1").
-		WillReturnResult(sqlmock.NewResult(0, 1))
-
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	req := httptest.NewRequest("POST", "/workspaces/x/a2a", bytes.NewBufferString("{}"))
-	req.Header.Set("Authorization", "Bearer org-token-plaintext-xyz")
-	c.Request = req
-
-	isCanvasUser, err := validateCallerToken(context.Background(), c, "ws-canvas-org")
-	if err != nil {
-		t.Errorf("org token should identify canvas user; got error: %v", err)
-	}
-	if !isCanvasUser {
-		t.Errorf("org token bearer should be identified as canvas user")
-	}
-	if w.Code != 200 || w.Body.Len() != 0 {
-		t.Errorf("org token path should not write a response body; got %d: %s", w.Code, w.Body.String())
-	}
-
-	if err := mock.ExpectationsWereMet(); err != nil {
-		t.Errorf("unmet sqlmock expectations: %v", err)
-	}
-}
-
 // --- Direct unit tests for normalizeA2APayload (extracted from proxyA2ARequest) ---

 func TestNormalizeA2APayload_InvalidJSON(t *testing.T) {
@@ -333,7 +333,7 @@ func (h *WorkspaceHandler) DrainQueueForWorkspace(ctx context.Context, workspace
 	}
 	// logActivity=false: the original EnqueueA2A callsite already logged
 	// the dispatch attempt; re-logging here would double-count events.
-	status, respBody, proxyErr := h.proxyA2ARequest(ctx, workspaceID, item.Body, callerID, false, false)
+	status, respBody, proxyErr := h.proxyA2ARequest(ctx, workspaceID, item.Body, callerID, false)

 	// 202 Accepted = the dispatch was itself queued again (target still busy).
 	// That's not a failure — the queued item just stays queued naturally on
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"log"
 	"net/http"
+	"os"
 	"strings"
 	"time"

@@ -15,12 +16,19 @@ import (
 	"github.com/gin-gonic/gin"
 )

+// envMemoryV2Cutover gates whether admin export/import routes through
+// the v2 plugin (PR-8 / RFC #2728). When unset, the legacy direct-DB
+// path runs unchanged so operators who haven't enabled the plugin
+// keep working.
+const envMemoryV2Cutover = "MEMORY_V2_CUTOVER"
+
 // AdminMemoriesHandler provides bulk export/import of agent memories for
 // backup and restore across Docker rebuilds (issue #1051).
 //
-// Issue #1733: the v2 plugin is the only supported backend. Export
-// reads from the plugin's namespaces; import writes through the plugin.
-// Both paths preserve the SAFE-T1201 redaction shipped in F1084 + F1085.
+// PR-8 (RFC #2728): when wired with the v2 plugin via WithMemoryV2 AND
+// MEMORY_V2_CUTOVER is true, export reads from the plugin's namespaces
+// and import writes through the plugin. Both paths preserve the
+// SAFE-T1201 redaction shipped in F1084 + F1085.
 type AdminMemoriesHandler struct {
 	plugin   adminMemoriesPlugin
 	resolver adminMemoriesResolver
@@ -61,12 +69,12 @@ func (h *AdminMemoriesHandler) withMemoryV2APIs(plugin adminMemoriesPlugin, reso
 	return h
 }

-// memoryV2Wired reports whether the v2 plugin + resolver are attached.
-// Issue #1733: v2 is now the only path; this replaces the prior
-// cutoverActive() gate (which also checked MEMORY_V2_CUTOVER=true) —
-// the env-flag double-check is gone since there's no legacy fallback
-// to choose against.
-func (h *AdminMemoriesHandler) memoryV2Wired() bool {
+// cutoverActive reports whether the export/import path should route
+// through the v2 plugin.
+func (h *AdminMemoriesHandler) cutoverActive() bool {
+	if os.Getenv(envMemoryV2Cutover) != "true" {
+		return false
+	}
 	return h.plugin != nil && h.resolver != nil
 }

@@ -89,19 +97,48 @@ type memoryExportEntry struct {
 // before returning so that any credentials stored before SAFE-T1201 (#838)
 // was applied do not leak out via the admin export endpoint.
 //
-// Issue #1733: reads exclusively from the v2 plugin. The legacy direct
-// agent_memories scan is gone — operators without a configured plugin
-// get a 503 explaining the required setup.
+// CUTOVER (PR-8 / RFC #2728): when MEMORY_V2_CUTOVER=true and the v2
+// plugin is wired, reads from the plugin instead of agent_memories.
 func (h *AdminMemoriesHandler) Export(c *gin.Context) {
 	ctx := c.Request.Context()

-	if !h.memoryV2Wired() {
-		c.JSON(http.StatusServiceUnavailable, gin.H{
-			"error": "memory plugin is not configured (set MEMORY_PLUGIN_URL)",
-		})
+	if h.cutoverActive() {
+		h.exportViaPlugin(c, ctx)
 		return
 	}
-	h.exportViaPlugin(c, ctx)
+
+	rows, err := db.DB.QueryContext(ctx, `
+		SELECT am.id, am.content, am.scope, am.namespace, am.created_at,
+		       w.name AS workspace_name
+		FROM agent_memories am
+		JOIN workspaces w ON am.workspace_id = w.id
+		ORDER BY am.created_at
+	`)
+	if err != nil {
+		log.Printf("admin/memories/export: query error: %v", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "export query failed"})
+		return
+	}
+	defer rows.Close()
+
+	memories := make([]memoryExportEntry, 0)
+	for rows.Next() {
+		var m memoryExportEntry
+		if err := rows.Scan(&m.ID, &m.Content, &m.Scope, &m.Namespace, &m.CreatedAt, &m.WorkspaceName); err != nil {
+			log.Printf("admin/memories/export: scan error: %v", err)
+			continue
+		}
+		// F1084 / #1131: redact secrets before returning so pre-SAFE-T1201
+		// memories (stored before redactSecrets was mandatory) don't leak.
+		redacted, _ := redactSecrets(m.WorkspaceName, m.Content)
+		m.Content = redacted
+		memories = append(memories, m)
+	}
+	if err := rows.Err(); err != nil {
+		log.Printf("admin/memories/export: rows error: %v", err)
+	}
+
+	c.JSON(http.StatusOK, memories)
 }

 // memoryImportEntry is the JSON shape accepted on import. Matches export format.
@@ -123,9 +160,8 @@ type memoryImportEntry struct {
 // with embedded credentials cannot land unredacted in agent_memories (SAFE-T1201
 // parity with the commit_memory MCP bridge path).
 //
-// Issue #1733: writes exclusively through the v2 plugin. The legacy
-// direct agent_memories insert path is gone — operators without a
-// configured plugin get a 503 explaining the required setup.
+// CUTOVER (PR-8 / RFC #2728): when MEMORY_V2_CUTOVER=true and the v2
+// plugin is wired, writes through the plugin instead of agent_memories.
 func (h *AdminMemoriesHandler) Import(c *gin.Context) {
 	ctx := c.Request.Context()

@@ -135,13 +171,85 @@ func (h *AdminMemoriesHandler) Import(c *gin.Context) {
 		return
 	}

-	if !h.memoryV2Wired() {
-		c.JSON(http.StatusServiceUnavailable, gin.H{
-			"error": "memory plugin is not configured (set MEMORY_PLUGIN_URL)",
-		})
+	if h.cutoverActive() {
+		h.importViaPlugin(c, ctx, entries)
 		return
 	}
-	h.importViaPlugin(c, ctx, entries)
+
+	imported := 0
+	skipped := 0
+	errors := 0
+
+	for _, entry := range entries {
+		// 1. Resolve workspace by name
+		var workspaceID string
+		err := db.DB.QueryRowContext(ctx,
+			`SELECT id FROM workspaces WHERE name = $1 LIMIT 1`,
+			entry.WorkspaceName,
+		).Scan(&workspaceID)
+		if err != nil {
+			log.Printf("admin/memories/import: workspace %q not found, skipping", entry.WorkspaceName)
+			skipped++
+			continue
+		}
+
+		// F1085 / #1132: scrub credential patterns before persistence so that
+		// imported memories with secrets don't bypass SAFE-T1201 (#838).
+		// Must run BEFORE the dedup check so the redacted content is what
+		// gets stored — otherwise re-importing the same backup would produce
+		// a duplicate with different (original, unredacted) content.
+		content, _ := redactSecrets(workspaceID, entry.Content)
+
+		// 2. Check for duplicate (same workspace + content + scope) using
+		// the redacted content so that two backups with the same original
+		// secret (same placeholder output) are treated as duplicates.
+		var exists bool
+
+		err = db.DB.QueryRowContext(ctx,
+			`SELECT EXISTS(SELECT 1 FROM agent_memories WHERE workspace_id = $1 AND content = $2 AND scope = $3)`,
+			workspaceID, content, entry.Scope,
+		).Scan(&exists)
+		if err != nil {
+			log.Printf("admin/memories/import: duplicate check error for workspace %q: %v", entry.WorkspaceName, err)
+			errors++
+			continue
+		}
+		if exists {
+			skipped++
+			continue
+		}
+
+		// 3. Insert the memory, preserving original created_at if provided
+		namespace := entry.Namespace
+		if namespace == "" {
+			namespace = "general"
+		}
+
+		if entry.CreatedAt != "" {
+			_, err = db.DB.ExecContext(ctx,
+				`INSERT INTO agent_memories (workspace_id, content, scope, namespace, created_at) VALUES ($1, $2, $3, $4, $5)`,
+				workspaceID, content, entry.Scope, namespace, entry.CreatedAt,
+			)
+		} else {
+			_, err = db.DB.ExecContext(ctx,
+				`INSERT INTO agent_memories (workspace_id, content, scope, namespace) VALUES ($1, $2, $3, $4)`,
+				workspaceID, content, entry.Scope, namespace,
+			)
+		}
+		if err != nil {
+			log.Printf("admin/memories/import: insert error for workspace %q: %v", entry.WorkspaceName, err)
+			errors++
+			continue
+		}
+		imported++
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"imported": imported,
+		"skipped":  skipped,
+		"errors":   errors,
+		"total":    len(entries),
+	})
 }

 // exportViaPlugin reads memories from the v2 plugin and emits them in
@@ -101,24 +101,26 @@ func installMockDB(t *testing.T) sqlmock.Sqlmock {
 	return mock
 }

-// --- memoryV2Wired ---
+// --- cutoverActive ---

-func TestMemoryV2Wired(t *testing.T) {
+func TestCutoverActive(t *testing.T) {
 	cases := []struct {
 		name     string
+		envVal   string
 		plugin   adminMemoriesPlugin
 		resolver adminMemoriesResolver
 		want     bool
 	}{
-		{"both nil", nil, nil, false},
-		{"plugin only", &stubAdminPlugin{}, nil, false},
-		{"resolver only", nil, adminRootResolver(), false},
-		{"both wired", &stubAdminPlugin{}, adminRootResolver(), true},
+		{"env unset", "", &stubAdminPlugin{}, adminRootResolver(), false},
+		{"env true but unwired", "true", nil, nil, false},
+		{"env false", "false", &stubAdminPlugin{}, adminRootResolver(), false},
+		{"env true wired", "true", &stubAdminPlugin{}, adminRootResolver(), true},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
+			t.Setenv(envMemoryV2Cutover, tc.envVal)
 			h := &AdminMemoriesHandler{plugin: tc.plugin, resolver: tc.resolver}
-			if got := h.memoryV2Wired(); got != tc.want {
+			if got := h.cutoverActive(); got != tc.want {
 				t.Errorf("got %v, want %v", got, tc.want)
 			}
 		})
@@ -145,6 +147,7 @@ func TestWithMemoryV2APIs_AttachesDeps(t *testing.T) {
 // --- Export via plugin ---

 func TestExport_RoutesThroughPluginWhenCutoverActive(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)

 	mock.ExpectQuery("WITH RECURSIVE chain").
@@ -188,6 +191,7 @@ func TestExport_RoutesThroughPluginWhenCutoverActive(t *testing.T) {
 }

 func TestExport_DeduplicatesByMemoryID(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)

 	// Two workspaces, both will see the same team-shared memory.
@@ -218,6 +222,7 @@ func TestExport_DeduplicatesByMemoryID(t *testing.T) {
 }

 func TestExport_SkipsWorkspaceWhenResolverFails(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("WITH RECURSIVE chain").
 		WillReturnRows(sqlmock.NewRows([]string{"id", "name", "root_id"}).
@@ -239,6 +244,7 @@ func TestExport_SkipsWorkspaceWhenResolverFails(t *testing.T) {
 }

 func TestExport_SkipsWorkspaceWhenPluginSearchFails(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("WITH RECURSIVE chain").
 		WillReturnRows(sqlmock.NewRows([]string{"id", "name", "root_id"}).
@@ -262,6 +268,7 @@ func TestExport_SkipsWorkspaceWhenPluginSearchFails(t *testing.T) {
 }

 func TestExport_WorkspacesQueryFails(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("WITH RECURSIVE chain").
 		WillReturnError(errors.New("db dead"))
@@ -280,6 +287,7 @@ func TestExport_WorkspacesQueryFails(t *testing.T) {
 }

 func TestExport_EmptyReadable(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("WITH RECURSIVE chain").
 		WillReturnRows(sqlmock.NewRows([]string{"id", "name", "root_id"}).
@@ -301,6 +309,7 @@ func TestExport_EmptyReadable(t *testing.T) {
 }

 func TestExport_RedactsSecretsInPluginPath(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("WITH RECURSIVE chain").
 		WillReturnRows(sqlmock.NewRows([]string{"id", "name", "root_id"}).
@@ -328,6 +337,7 @@ func TestExport_RedactsSecretsInPluginPath(t *testing.T) {
 // --- Import via plugin ---

 func TestImport_RoutesThroughPluginWhenCutoverActive(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WithArgs("alpha").
@@ -358,6 +368,7 @@ func TestImport_RoutesThroughPluginWhenCutoverActive(t *testing.T) {
 }

 func TestImport_SkipsUnknownWorkspace(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WithArgs("ghost").
@@ -384,6 +395,7 @@ func TestImport_SkipsUnknownWorkspace(t *testing.T) {
 }

 func TestImport_PluginUpsertNamespaceError(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("root-1"))
@@ -413,6 +425,7 @@ func TestImport_PluginUpsertNamespaceError(t *testing.T) {
 }

 func TestImport_PluginCommitError(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("root-1"))
@@ -442,6 +455,7 @@ func TestImport_PluginCommitError(t *testing.T) {
 }

 func TestImport_RedactsBeforePluginSeesContent(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("root-1"))
@@ -468,6 +482,7 @@ func TestImport_RedactsBeforePluginSeesContent(t *testing.T) {
 }

 func TestImport_SkipsUnknownScope(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("root-1"))
@@ -493,6 +508,7 @@ func TestImport_SkipsUnknownScope(t *testing.T) {
 }

 func TestImport_SkipsWhenResolverErrors(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)
 	mock.ExpectQuery("SELECT id::text FROM workspaces").
 		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("root-1"))
@@ -529,6 +545,7 @@ func TestImport_SkipsWhenResolverErrors(t *testing.T) {
 // + org:root-1. (Children's workspace:<id> namespaces must be
 // included or admin export silently drops their private memories.)
 func TestExport_BatchesPluginCallsByRoot(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)

 	mock.ExpectQuery("WITH RECURSIVE chain").
@@ -588,6 +605,7 @@ func (r perWorkspaceResolver) WritableNamespaces(_ context.Context, ws string) (
 // workspace:rootID + team:rootID + org:rootID — every child workspace's
 // private memories were silently dropped from admin export.
 func TestExport_IncludesEveryMembersPrivateNamespace(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "true")
 	mock := installMockDB(t)

 	mock.ExpectQuery("WITH RECURSIVE chain").
@@ -757,43 +775,25 @@ func TestSkipImport_ErrorMessage(t *testing.T) {
 	}
 }

-// --- 503 when plugin is not wired (issue #1733) ---
-//
-// The legacy SQL-backed Export/Import path was removed; both endpoints
-// now respond 503 with a clear hint when v2 isn't configured.
+// --- Confirm legacy paths still work when env is unset ---

-func TestExport_503WhenPluginNotWired(t *testing.T) {
-	installMockDB(t)
-	h := NewAdminMemoriesHandler() // no WithMemoryV2 → plugin nil
+func TestExport_LegacyPathWhenCutoverInactive(t *testing.T) {
+	t.Setenv(envMemoryV2Cutover, "")
+	mock := installMockDB(t)
+	mock.ExpectQuery("SELECT am.id, am.content, am.scope, am.namespace").
+		WillReturnRows(sqlmock.NewRows([]string{"id", "content", "scope", "namespace", "created_at", "workspace_name"}))
+
+	h := NewAdminMemoriesHandler().withMemoryV2APIs(&stubAdminPlugin{}, adminRootResolver())
 	gin.SetMode(gin.TestMode)
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
 	c.Request = httptest.NewRequest("GET", "/admin/memories/export", nil)
 	h.Export(c)

-	if w.Code != http.StatusServiceUnavailable {
-		t.Fatalf("code = %d body=%s", w.Code, w.Body.String())
+	if w.Code != http.StatusOK {
+		t.Errorf("code = %d body=%s", w.Code, w.Body.String())
 	}
-	if !strings.Contains(w.Body.String(), "MEMORY_PLUGIN_URL") {
-		t.Errorf("body must hint at MEMORY_PLUGIN_URL: %s", w.Body.String())
-	}
-}
-
-func TestImport_503WhenPluginNotWired(t *testing.T) {
-	installMockDB(t)
-	h := NewAdminMemoriesHandler()
-	gin.SetMode(gin.TestMode)
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	c.Request = httptest.NewRequest("POST", "/admin/memories/import",
-		bytes.NewBufferString(`[]`))
-	c.Request.Header.Set("Content-Type", "application/json")
-	h.Import(c)
-
-	if w.Code != http.StatusServiceUnavailable {
-		t.Fatalf("code = %d body=%s", w.Code, w.Body.String())
-	}
-	if !strings.Contains(w.Body.String(), "MEMORY_PLUGIN_URL") {
-		t.Errorf("body must hint at MEMORY_PLUGIN_URL: %s", w.Body.String())
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("legacy SQL path not exercised: %v", err)
 	}
 }
@@ -2,46 +2,220 @@ package handlers

 import (
 	"bytes"
+	"database/sql"
+	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"

+	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/gin-gonic/gin"
 )

-// Issue #1733: every legacy SQL-path test in this file was removed when
-// the v1 fallback was deleted from AdminMemoriesHandler. The v2-plugin
-// coverage (the only path now) lives in admin_memories_cutover_test.go:
-//
-//   - TestExport_RoutesThroughPluginWhenCutoverActive
-//   - TestExport_DeduplicatesByMemoryID
-//   - TestExport_SkipsWorkspaceWhenResolverFails
-//   - TestExport_SkipsWorkspaceWhenPluginSearchFails
-//   - TestExport_WorkspacesQueryFails
-//   - TestExport_EmptyReadable
-//   - TestExport_RedactsSecretsInPluginPath
-//   - TestExport_BatchesPluginCallsByRoot
-//   - TestExport_IncludesEveryMembersPrivateNamespace
-//   - TestImport_RoutesThroughPluginWhenCutoverActive
-//   - TestImport_SkipsUnknownWorkspace
-//   - TestImport_PluginUpsertNamespaceError
-//   - TestImport_PluginCommitError
-//   - TestImport_RedactsBeforePluginSeesContent
-//   - TestImport_SkipsUnknownScope
-//   - TestImport_SkipsWhenResolverErrors
-//   - TestExport_503WhenPluginNotWired   (new in A1)
-//   - TestImport_503WhenPluginNotWired   (new in A1)
-//
-// Only the JSON-envelope rejection test stays here because it runs
-// before the plugin gate.
+// newAdminMemoriesHandler is a test helper that returns an AdminMemoriesHandler.
+func newAdminMemoriesHandler() *AdminMemoriesHandler {
+	return NewAdminMemoriesHandler()
+}
+
+// adminPost builds a POST /admin/memories/import request.
+func adminPost(t *testing.T, h *AdminMemoriesHandler, body interface{}) *httptest.ResponseRecorder {
+	t.Helper()
+	b, _ := json.Marshal(body)
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = httptest.NewRequest("POST", "/admin/memories/import", bytes.NewReader(b))
+	c.Request.Header.Set("Content-Type", "application/json")
+	h.Import(c)
+	return w
+}
+
+// adminGet builds a GET /admin/memories/export request.
+func adminGet(t *testing.T, h *AdminMemoriesHandler) *httptest.ResponseRecorder {
+	t.Helper()
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = httptest.NewRequest("GET", "/admin/memories/export", nil)
+	h.Export(c)
+	return w
+}
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Export tests
+// ─────────────────────────────────────────────────────────────────────────────
+
+func TestAdminMemories_Export_Success(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	now := time.Now().UTC().Truncate(time.Second)
+	rows := sqlmock.NewRows([]string{"id", "content", "scope", "namespace", "created_at", "workspace_name"}).
+		AddRow("mem-1", "hello world", "LOCAL", "ws-1", now, "my-workspace").
+		AddRow("mem-2", "another fact", "TEAM", "ws-1", now, "my-workspace")
+
+	mock.ExpectQuery("SELECT am.id, am.content, am.scope, am.namespace, am.created_at,").
+		WillReturnRows(rows)
+
+	w := adminGet(t, h)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var memories []map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &memories); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if len(memories) != 2 {
+		t.Errorf("expected 2 memories, got %d", len(memories))
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+func TestAdminMemories_Export_Empty(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	rows := sqlmock.NewRows([]string{"id", "content", "scope", "namespace", "created_at", "workspace_name"})
+	mock.ExpectQuery("SELECT am.id, am.content, am.scope, am.namespace, am.created_at,").
+		WillReturnRows(rows)
+
+	w := adminGet(t, h)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var memories []interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &memories); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if len(memories) != 0 {
+		t.Errorf("expected 0 memories, got %d", len(memories))
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+func TestAdminMemories_Export_QueryError(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	mock.ExpectQuery("SELECT am.id, am.content, am.scope, am.namespace, am.created_at,").
+		WillReturnError(sql.ErrConnDone)
+
+	w := adminGet(t, h)
+
+	if w.Code != http.StatusInternalServerError {
+		t.Errorf("expected 500, got %d: %s", w.Code, w.Body.String())
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+func TestAdminMemories_Export_RedactsSecrets(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	// Content with a secret pattern. Export must call redactSecrets and return
+	// the redacted form, not the raw credential.
+	secretContent := "Remember to use OPENAI_API_KEY=sk-1234567890abcdefgh for the model"
+	redacted, _ := redactSecrets("my-workspace", secretContent)
+
+	now := time.Now().UTC().Truncate(time.Second)
+	rows := sqlmock.NewRows([]string{"id", "content", "scope", "namespace", "created_at", "workspace_name"}).
+		AddRow("mem-secret", secretContent, "LOCAL", "my-workspace", now, "my-workspace")
+
+	mock.ExpectQuery("SELECT am.id, am.content, am.scope, am.namespace, am.created_at,").
+		WillReturnRows(rows)
+
+	w := adminGet(t, h)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+
+	var memories []map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &memories); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if len(memories) != 1 {
+		t.Fatalf("expected 1 memory, got %d", len(memories))
+	}
+	// The exported content must be the REDACTED version, not the raw secret.
+	if content, ok := memories[0]["content"].(string); ok {
+		if content == secretContent {
+			t.Errorf("Export returned raw secret %q — F1084 regression: redactSecrets not called", secretContent)
+		}
+		if content != redacted {
+			t.Errorf("Export content = %q, want redacted %q", content, redacted)
+		}
+		// Confirm the redacted version doesn't contain the raw key fragment.
+		if len(content) > 10 && content == "OPENAI_API_KEY=[REDACTED:" {
+			t.Errorf("redaction appears incomplete: %q", content)
+		}
+	}
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+// ─────────────────────────────────────────────────────────────────────────────
+// Import tests
+// ─────────────────────────────────────────────────────────────────────────────
+
+func TestAdminMemories_Import_Success(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	// Workspace lookup returns one row.
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE name = \\$1").
+		WithArgs("my-workspace").
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("ws-uuid-1"))
+
+	// Duplicate check returns false.
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("ws-uuid-1", sqlmock.AnyArg(), "LOCAL").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(false))
+
+	// Insert succeeds. Handler uses 4-arg INSERT when created_at is absent.
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs("ws-uuid-1", sqlmock.AnyArg(), "LOCAL", "general").
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := adminPost(t, h, []map[string]interface{}{
+		{
+			"content":        "important fact",
+			"scope":         "LOCAL",
+			"workspace_name": "my-workspace",
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if resp["imported"].(float64) != 1 {
+		t.Errorf("imported = %v, want 1", resp["imported"])
+	}
+	if resp["skipped"].(float64) != 0 {
+		t.Errorf("skipped = %v, want 0", resp["skipped"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}

-// TestAdminMemories_Import_InvalidJSON verifies that a malformed
-// payload is rejected with HTTP 400 before any plugin or DB call is
-// attempted. This guards the request-decode path independent of the
-// memory backend choice.
 func TestAdminMemories_Import_InvalidJSON(t *testing.T) {
 	_ = setupTestDB(t)
-	h := NewAdminMemoriesHandler()
+	h := newAdminMemoriesHandler()

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -53,3 +227,175 @@ func TestAdminMemories_Import_InvalidJSON(t *testing.T) {
 		t.Errorf("expected 400, got %d: %s", w.Code, w.Body.String())
 	}
 }
+
+func TestAdminMemories_Import_WorkspaceNotFound_SkipsEntry(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	// Workspace lookup returns no rows.
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE name = \\$1").
+		WithArgs("ghost-workspace").
+		WillReturnError(sql.ErrNoRows)
+
+	w := adminPost(t, h, []map[string]interface{}{
+		{
+			"content":        "some fact",
+			"scope":         "LOCAL",
+			"workspace_name": "ghost-workspace",
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if resp["skipped"].(float64) != 1 {
+		t.Errorf("skipped = %v, want 1 (workspace not found)", resp["skipped"])
+	}
+	if resp["imported"].(float64) != 0 {
+		t.Errorf("imported = %v, want 0", resp["imported"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+func TestAdminMemories_Import_DuplicateSkipped(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	// Workspace lookup succeeds.
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE name = \\$1").
+		WithArgs("my-workspace").
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("ws-uuid-1"))
+
+	// Duplicate check returns true → entry is skipped.
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("ws-uuid-1", sqlmock.AnyArg(), "LOCAL").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(true))
+
+	w := adminPost(t, h, []map[string]interface{}{
+		{
+			"content":        "already stored fact",
+			"scope":         "LOCAL",
+			"workspace_name": "my-workspace",
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if resp["skipped"].(float64) != 1 {
+		t.Errorf("skipped = %v, want 1 (duplicate)", resp["skipped"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+// TestAdminMemories_Import_RedactsSecretsBeforeDedup verifies F1085 (#1132):
+// redactSecrets is called BEFORE the deduplication check so that two backups
+// with the same original secret each get the same placeholder and dedup works.
+// The DB dedup query must receive the REDACTED content, not the raw credential.
+func TestAdminMemories_Import_RedactsSecretsBeforeDedup(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	rawContent := "the key is OPENAI_API_KEY=sk-1234567890abcdefgh"
+	redacted, changed := redactSecrets("my-workspace", rawContent)
+	if !changed {
+		t.Fatalf("precondition: redactSecrets must change the test content")
+	}
+
+	// Workspace lookup.
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE name = \\$1").
+		WithArgs("my-workspace").
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("ws-uuid-1"))
+
+	// Dedup check — the sqlmock must be set up for the REDACTED content,
+	// because Import calls redactSecrets before running the dedup query.
+	// If redactSecrets is not called, the mock would match on rawContent instead.
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("ws-uuid-1", redacted, "LOCAL").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(false))
+
+	// Insert — receives the redacted content (not raw). Handler uses the
+	// 4-arg INSERT when created_at is absent from the payload.
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs("ws-uuid-1", redacted, "LOCAL", "general").
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := adminPost(t, h, []map[string]interface{}{
+		{
+			"content":        rawContent,
+			"scope":         "LOCAL",
+			"workspace_name": "my-workspace",
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if resp["imported"].(float64) != 1 {
+		t.Errorf("imported = %v, want 1", resp["imported"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v (F1085 regression: redactSecrets not called before dedup)", err)
+	}
+}
+
+func TestAdminMemories_Import_PreservesCreatedAt(t *testing.T) {
+	mock := setupTestDB(t)
+	h := newAdminMemoriesHandler()
+
+	origTime := "2026-01-15T10:30:00Z"
+
+	// Workspace lookup.
+	mock.ExpectQuery("SELECT id FROM workspaces WHERE name = \\$1").
+		WithArgs("my-workspace").
+		WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("ws-uuid-1"))
+
+	// Dedup check.
+	mock.ExpectQuery("SELECT EXISTS").
+		WithArgs("ws-uuid-1", sqlmock.AnyArg(), "LOCAL").
+		WillReturnRows(sqlmock.NewRows([]string{"exists"}).AddRow(false))
+
+	// Insert with created_at — must use the 5-arg INSERT.
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs("ws-uuid-1", sqlmock.AnyArg(), "LOCAL", "general", origTime).
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := adminPost(t, h, []map[string]interface{}{
+		{
+			"content":        "a fact",
+			"scope":         "LOCAL",
+			"workspace_name": "my-workspace",
+			"created_at":    origTime,
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Errorf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp map[string]interface{}
+	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
+		t.Fatalf("failed to parse response: %v", err)
+	}
+	if resp["imported"].(float64) != 1 {
+		t.Errorf("imported = %v, want 1", resp["imported"])
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
@@ -44,7 +44,8 @@ func NewWorkspaceImageService(docker *dockerclient.Client) *WorkspaceImageServic
 // AllRuntimes is the canonical list mirroring docs/workspace-runtime-package.md.
 // Update both when a new template is added.
 var AllRuntimes = []string{
-	"claude-code", "codex", "hermes", "openclaw",
+	"claude-code", "langgraph", "autogen",
+	"hermes", "openclaw",
 }

 // RefreshResult is the per-call outcome surfaced to HTTP callers AND logged
@@ -389,7 +389,7 @@ func (h *DelegationHandler) executeDelegation(ctx context.Context, sourceID, tar
 	})
 	log.Printf("Delegation %s: step=proxying_a2a_request", delegationID)

-	status, respBody, proxyErr := h.workspace.proxyA2ARequest(ctx, targetID, a2aBody, sourceID, true, false)
+	status, respBody, proxyErr := h.workspace.proxyA2ARequest(ctx, targetID, a2aBody, sourceID, true)
 	log.Printf("Delegation %s: step=proxy_done status=%d bodyLen=%d err=%v", delegationID, status, len(respBody), proxyErr)

 	// When proxyA2ARequest returns an error but we have a non-empty response body
@@ -418,7 +418,7 @@ func (h *DelegationHandler) executeDelegation(ctx context.Context, sourceID, tar
 		case <-ctx.Done():
 			// outer timeout hit before retry window elapsed
 		case <-time.After(delegationRetryDelay):
-			status, respBody, proxyErr = h.workspace.proxyA2ARequest(ctx, targetID, a2aBody, sourceID, true, false)
+			status, respBody, proxyErr = h.workspace.proxyA2ARequest(ctx, targetID, a2aBody, sourceID, true)
 		}
 	}

@@ -16,7 +16,6 @@ import (

 	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/memory/contract"
 	"github.com/gin-gonic/gin"
 )

@@ -486,45 +485,65 @@ func TestMCPHandler_ListPeers_ReturnsSiblings(t *testing.T) {
 // tools/call — commit_memory
 // ─────────────────────────────────────────────────────────────────────────────

-// Issue #1733: the legacy SQL success-path tests for commit_memory and
-// recall_memory have been removed — the v2 plugin is the only backend
-// and its success paths are covered by:
-//   - TestToolCommitMemory_RoutesThroughV2WhenWired (legacy-shim test)
-//   - TestToolRecallMemory_RoutesThroughV2WhenWired (legacy-shim test)
-//   - Every test in mcp_tools_memory_v2_test.go
-// The unwired-path tests live in mcp_tools_memory_legacy_shim_test.go
-// (TestToolCommitMemory_ErrorsWhenV2Unwired and its recall sibling).
-//
-// The two scope-blocked tests below remain because they validate the
-// OFFSEC-001 JSON-RPC scrub layer (mcp.go dispatchRPC), which is
-// orthogonal to the memory backend. After A1 the underlying error
-// shifts from "GLOBAL scope is not permitted" to "memory plugin is
-// not configured" — but the client-visible message stays "tool call
-// failed", which is what the scrub assertion actually proves.
-
-// TestMCPHandler_CommitMemory_GlobalScope_ScrubsInternalError verifies the
-// OFFSEC-001 / #259 scrub contract on the commit_memory tool: the GLOBAL
-// scope block at scopeToWritableNamespace produces an internal error
-// containing the tokens "GLOBAL", "scope", "permitted", "bridge",
-// "LOCAL", "TEAM" — every one of those MUST be scrubbed to the constant
-// "tool call failed" + code -32000 before reaching the JSON-RPC wire.
-//
-// Issue #1747 review fixed the test setup: the handler is now wired
-// with a v2 plugin + resolver stub so the request actually reaches
-// the GLOBAL-block path in commitMemoryLegacyShim →
-// scopeToWritableNamespace. Without that wiring, the handler errors
-// earlier in `memoryV2Available()` with "memory plugin is not
-// configured", and the leaked-tokens assertion below becomes
-// vacuously true — passes even if the entire scrub layer in
-// mcp.go:dispatchRPC is deleted. The wired path is the only one
-// that actually pins the OFFSEC-001 contract.
-func TestMCPHandler_CommitMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
+func TestMCPHandler_CommitMemory_LocalScope_Success(t *testing.T) {
 	h, mock := newMCPHandler(t)
-	// Wire v2 stubs so toolCommitMemory → commitMemoryLegacyShim
-	// actually runs (without v2, it short-circuits with the
-	// "plugin not configured" error that doesn't contain the
-	// leaked-token strings we're asserting on).
-	h.withMemoryV2APIs(&stubMemoryPlugin{}, rootNamespaceResolver())
+
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs(sqlmock.AnyArg(), "ws-1", "important fact", "LOCAL", "ws-1").
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := mcpPost(t, h, "ws-1", map[string]interface{}{
+		"jsonrpc": "2.0",
+		"id":      9,
+		"method":  "tools/call",
+		"params": map[string]interface{}{
+			"name": "commit_memory",
+			"arguments": map[string]interface{}{
+				"content": "important fact",
+				"scope":   "LOCAL",
+			},
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
+	}
+	var resp mcpResponse
+	json.Unmarshal(w.Body.Bytes(), &resp)
+	if resp.Error != nil {
+		t.Fatalf("unexpected error: %+v", resp.Error)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}
+
+// TestMCPHandler_CommitMemory_GlobalScope_Blocked_ScrubsInternalError verifies
+// two contracts at once on the GLOBAL-scope-blocked path:
+//
+//  1. C3 invariant (commit_memory with scope=GLOBAL aborts on the MCP bridge
+//     before touching the DB), AND
+//  2. OFFSEC-001 / #259 scrub contract (commit 7d1a189f): the JSON-RPC error
+//     returned to the client is a CONSTANT — code=-32000, message="tool call
+//     failed" — with the production-internal err.Error() text logged
+//     server-side, never reflected back to the caller.
+//
+// Prior to this rename the test asserted that the client-visible message
+// CONTAINED the substring "GLOBAL", which was the human-readable internal
+// error from toolCommitMemory. mc#664 Class 2 flipped that assertion the
+// right way around: now the test FAILS if the scrub regresses (i.e. if the
+// internal string is ever reflected back to the wire), and PASSES iff the
+// scrubbed constant reaches the client.
+//
+// Coupling note: the constant string "tool call failed" and the code -32000
+// are the same values asserted by
+// TestMCPHandler_dispatchRPC_UnknownTool_ReturnsConstantMessage — both are
+// the OFFSEC-001 contract for the dispatch-failure branch in mcp.go (the
+// third err.Error() leak that 7d1a189f scrubbed). If those constants ever
+// change, both tests must move together.
+func TestMCPHandler_CommitMemory_GlobalScope_Blocked_ScrubsInternalError(t *testing.T) {
+	h, mock := newMCPHandler(t)
+	// No DB expectations — handler must abort before touching the DB (C3).

 	w := mcpPost(t, h, "ws-1", map[string]interface{}{
 		"jsonrpc": "2.0",
@@ -566,7 +585,7 @@ func TestMCPHandler_CommitMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
 	}

 	// (3) OFFSEC-001 negative assertions — the internal err.Error() text
-	// from scopeToWritableNamespace ("GLOBAL scope is not permitted via the MCP
+	// from toolCommitMemory ("GLOBAL scope is not permitted via the MCP
 	// bridge — use LOCAL or TEAM") must NOT appear in the client-visible
 	// message. Each token below is a distinct substring of that internal
 	// string; if ANY leaks through, the scrub in mcp.go dispatchRPC has
@@ -591,43 +610,41 @@ func TestMCPHandler_CommitMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
 	}
 }

-// Issue #1733: the legacy SQL-path redaction tests for commit_memory
-// (SecretInContent_IsRedactedBeforeInsert, CleanContent_PassesThrough)
-// have been removed. The v2 plugin path performs the same redaction
-// (mcp_tools_memory_v2.go:122 + :242); its coverage lives in
-// mcp_tools_memory_v2_test.go.
-
-// TestMCPHandler_CommitMemory_LegacyName_RedactionAtPlugin verifies that
-// the LEGACY MCP tool name `commit_memory` (the one most agents
-// actually call — `commit_memory_v2` is the underlying handler the
-// shim delegates to) still redacts secret-shaped content before the
-// payload reaches the v2 plugin. The deleted SQL-path version of this
-// test pinned the same contract against `agent_memories` INSERT
-// arguments; #1747 review (finding N6) noted the legacy-name path
-// had no direct equivalent post-A1. This test fills that gap by
-// capturing the MemoryWrite the stub plugin receives.
-func TestMCPHandler_CommitMemory_LegacyName_RedactionAtPlugin(t *testing.T) {
-	h, _ := newMCPHandler(t)
-
-	var captured contract.MemoryWrite
-	plugin := &stubMemoryPlugin{
-		commitFn: func(_ context.Context, _ string, body contract.MemoryWrite) (*contract.MemoryWriteResponse, error) {
-			captured = body
-			return &contract.MemoryWriteResponse{ID: "mem-x", Namespace: "workspace:root-1"}, nil
-		},
-	}
-	h.withMemoryV2APIs(plugin, rootNamespaceResolver())
+// TestMCPHandler_CommitMemory_SecretInContent_IsRedactedBeforeInsert verifies
+// the SAFE-T1201 (#838) fix on the MCP bridge path. PR #881 closed the HTTP
+// handler but missed this one — an agent tool-call carrying plain-text
+// credentials must have them scrubbed before the INSERT reaches the DB.
+//
+// The test asserts via the sqlmock `WithArgs` matcher that the content column
+// binds the REDACTED form, not the raw input. sqlmock verifies the exact arg
+// values, so a regression (removing the redactSecrets call) would fail with
+// "argument mismatch" rather than silently persisting the secret.
+func TestMCPHandler_CommitMemory_SecretInContent_IsRedactedBeforeInsert(t *testing.T) {
+	h, mock := newMCPHandler(t)

+	// Content with three distinct secret patterns covered by redactSecrets:
+	//   - env-var assignment (ANTHROPIC_API_KEY=)
+	//   - Bearer token
+	//   - sk-… prefixed key
 	rawContent := "key=ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxx auth=Bearer ghp_yyyyyyyyyyyyy note=sk-proj-zzzzzzzzzzzzzzzzzzzz"
-	wantRedacted, changed := redactSecrets("root-1", rawContent)
+
+	// Derive what redactSecrets will produce so the sqlmock arg match is
+	// exact. This keeps the test brittle-on-purpose: if redactSecrets's
+	// output shape changes, this test must be re-derived, which surfaces
+	// the change during review.
+	expected, changed := redactSecrets("ws-1", rawContent)
 	if !changed {
-		t.Fatalf("precondition failed — redactSecrets must change the test content; got %q", wantRedacted)
+		t.Fatalf("precondition failed — redactSecrets must change the test content; got unchanged %q", expected)
 	}
-	if bytes.Contains([]byte(wantRedacted), []byte("sk-ant-xxxxxxxxxxxxxxxx")) {
-		t.Fatalf("precondition failed — redacted content still contains raw secret: %s", wantRedacted)
+	if bytes.Contains([]byte(expected), []byte("sk-ant-xxxxxxxxxxxxxxxx")) {
+		t.Fatalf("precondition failed — redacted content still contains raw secret: %s", expected)
 	}

-	w := mcpPost(t, h, "root-1", map[string]interface{}{
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs(sqlmock.AnyArg(), "ws-1", expected, "LOCAL", "ws-1").
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := mcpPost(t, h, "ws-1", map[string]interface{}{
 		"jsonrpc": "2.0",
 		"id":      99,
 		"method":  "tools/call",
@@ -639,32 +656,52 @@ func TestMCPHandler_CommitMemory_LegacyName_RedactionAtPlugin(t *testing.T) {
 			},
 		},
 	})
+
 	if w.Code != http.StatusOK {
 		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
 	}
 	var resp mcpResponse
-	if err := json.Unmarshal(w.Body.Bytes(), &resp); err != nil {
-		t.Fatalf("response is not valid JSON: %v", err)
-	}
+	json.Unmarshal(w.Body.Bytes(), &resp)
 	if resp.Error != nil {
 		t.Fatalf("unexpected JSON-RPC error: %+v", resp.Error)
 	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("sqlmock mismatch — content was NOT redacted before insert: %v", err)
+	}
+}

-	// The plugin must have seen the REDACTED content, not the raw
-	// secret. If this trips, redaction in the legacy-shim → v2 path
-	// has regressed and credentials are flowing through to the
-	// plugin's memory_records table.
-	if captured.Content == "" {
-		t.Fatal("plugin.CommitMemory was not called — the shim short-circuited before reaching v2")
+// TestMCPHandler_CommitMemory_CleanContent_PassesThrough confirms that the
+// redactor is a no-op on content with no credentials — a regression where
+// redactSecrets corrupted benign content would be a user-visible bug.
+func TestMCPHandler_CommitMemory_CleanContent_PassesThrough(t *testing.T) {
+	h, mock := newMCPHandler(t)
+
+	cleanContent := "the quick brown fox jumps over the lazy dog — no secrets here"
+
+	// Bind the exact string — no wildcards — so that any transformation
+	// (whitespace, case, truncation) would fail the arg match.
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WithArgs(sqlmock.AnyArg(), "ws-1", cleanContent, "TEAM", "ws-1").
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	w := mcpPost(t, h, "ws-1", map[string]interface{}{
+		"jsonrpc": "2.0",
+		"id":      100,
+		"method":  "tools/call",
+		"params": map[string]interface{}{
+			"name": "commit_memory",
+			"arguments": map[string]interface{}{
+				"content": cleanContent,
+				"scope":   "TEAM",
+			},
+		},
+	})
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected 200, got %d: %s", w.Code, w.Body.String())
 	}
-	if captured.Content == rawContent {
-		t.Errorf("legacy commit_memory leaked raw secret to plugin: %q", captured.Content)
-	}
-	if captured.Content != wantRedacted {
-		t.Errorf("captured.Content = %q, want redacted %q", captured.Content, wantRedacted)
-	}
-	if bytes.Contains([]byte(captured.Content), []byte("sk-ant-xxxxxxxxxxxxxxxx")) {
-		t.Errorf("captured.Content still contains raw API key fragment: %s", captured.Content)
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("clean content should pass through unchanged: %v", err)
 	}
 }

@@ -672,17 +709,14 @@ func TestMCPHandler_CommitMemory_LegacyName_RedactionAtPlugin(t *testing.T) {
 // tools/call — recall_memory
 // ─────────────────────────────────────────────────────────────────────────────

-// TestMCPHandler_RecallMemory_GlobalScope_ScrubsInternalError mirrors the
-// commit_memory scrub test on the recall_memory path. Same #1747 review
-// fix applied: wire v2 stubs so the request reaches the GLOBAL-block
-// path in scopeToReadableNamespaces (which produces the same "GLOBAL
-// scope is not permitted via the MCP bridge" internal error that the
-// leaked-tokens loop below tests for). Without v2 stubs the handler
-// short-circuits on `memoryV2Available()` and the leaked-tokens loop
-// becomes vacuously true.
-func TestMCPHandler_RecallMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
+// TestMCPHandler_RecallMemory_GlobalScope_Blocked_ScrubsInternalError verifies
+// C3 (GLOBAL scope blocked on MCP bridge) is enforced and that the OFFSEC-001
+// scrub contract applies: the client-visible error.message is the constant
+// "tool call failed", NOT the descriptive internal reason. The internal reason
+// ("GLOBAL scope is not permitted via the MCP bridge") is logged server-side
+// but must never reach the wire.
+func TestMCPHandler_RecallMemory_GlobalScope_Blocked_ScrubsInternalError(t *testing.T) {
 	h, mock := newMCPHandler(t)
-	h.withMemoryV2APIs(&stubMemoryPlugin{}, rootNamespaceResolver())
 	// No DB expectations — handler must abort before touching the DB.

 	w := mcpPost(t, h, "ws-1", map[string]interface{}{
@@ -736,11 +770,42 @@ func TestMCPHandler_RecallMemory_GlobalScope_ScrubsInternalError(t *testing.T) {
 	}
 }

-// Issue #1733: TestMCPHandler_RecallMemory_LocalScope_Empty removed —
-// it asserted on the legacy SQL SELECT path. The v2 empty-result
-// rendering is covered by TestToolRecallMemory_RoutesThroughV2WhenWired
-// (mcp_tools_memory_legacy_shim_test.go) which uses a stub plugin that
-// returns an empty SearchResponse.
+func TestMCPHandler_RecallMemory_LocalScope_Empty(t *testing.T) {
+	h, mock := newMCPHandler(t)
+
+	mock.ExpectQuery("SELECT id, content, scope, created_at").
+		WithArgs("ws-1", "").
+		WillReturnRows(sqlmock.NewRows([]string{"id", "content", "scope", "created_at"}))
+
+	w := mcpPost(t, h, "ws-1", map[string]interface{}{
+		"jsonrpc": "2.0",
+		"id":      12,
+		"method":  "tools/call",
+		"params": map[string]interface{}{
+			"name": "recall_memory",
+			"arguments": map[string]interface{}{
+				"query": "",
+				"scope": "LOCAL",
+			},
+		},
+	})
+
+	var resp mcpResponse
+	json.Unmarshal(w.Body.Bytes(), &resp)
+	if resp.Error != nil {
+		t.Fatalf("unexpected error: %+v", resp.Error)
+	}
+	result, _ := resp.Result.(map[string]interface{})
+	content, _ := result["content"].([]interface{})
+	item, _ := content[0].(map[string]interface{})
+	text, _ := item["text"].(string)
+	if text != "No memories found." {
+		t.Errorf("expected 'No memories found.', got %q", text)
+	}
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet sqlmock expectations: %v", err)
+	}
+}

 // ─────────────────────────────────────────────────────────────────────────────
 // tools/call — send_message_to_user
@@ -363,24 +363,127 @@ func (h *MCPHandler) toolSendMessageToUser(ctx context.Context, workspaceID stri
 }

 func (h *MCPHandler) toolCommitMemory(ctx context.Context, workspaceID string, args map[string]interface{}) (string, error) {
-	// Issue #1733 — v2 memory plugin is now the only path. The legacy
-	// SQL fallback on `agent_memories` is gone; an unconfigured plugin
-	// returns a clear error to the agent rather than silently writing
-	// into a stale table no one reads.
-	if err := h.memoryV2Available(); err != nil {
-		return "", err
+	// PR-6 (RFC #2728) compat shim: when the v2 plugin is wired
+	// (MEMORY_PLUGIN_URL set), translate legacy scope→namespace and
+	// delegate. Otherwise fall through to the legacy DB path so
+	// operators who haven't enabled the plugin yet keep working.
+	if h.memoryV2Available() == nil {
+		return h.commitMemoryLegacyShim(ctx, workspaceID, args)
 	}
-	return h.commitMemoryLegacyShim(ctx, workspaceID, args)
+
+	content, _ := args["content"].(string)
+	scope, _ := args["scope"].(string)
+	if content == "" {
+		return "", fmt.Errorf("content is required")
+	}
+	if scope == "" {
+		scope = "LOCAL"
+	}
+
+	// C3: GLOBAL scope is blocked on the MCP bridge.
+	if scope == "GLOBAL" {
+		return "", fmt.Errorf("GLOBAL scope is not permitted via the MCP bridge — use LOCAL or TEAM")
+	}
+	if scope != "LOCAL" && scope != "TEAM" {
+		return "", fmt.Errorf("scope must be LOCAL or TEAM")
+	}
+
+	memoryID := uuid.New().String()
+	// SAFE-T1201 (#838): scrub known credential patterns before persistence so
+	// plain-text API keys pulled in via tool responses can't land in the
+	// memories table (and leak into shared TEAM scope). Reuses redactSecrets
+	// already shipped for the HTTP path in PR #881 — this was the MCP-bridge
+	// sibling the original fix missed. Runs on every write regardless of scope.
+	content, _ = redactSecrets(workspaceID, content)
+	_, err := h.database.ExecContext(ctx, `
+		INSERT INTO agent_memories (id, workspace_id, content, scope, namespace)
+		VALUES ($1, $2, $3, $4, $5)
+	`, memoryID, workspaceID, content, scope, workspaceID)
+	if err != nil {
+		log.Printf("MCPHandler.commit_memory workspace=%s: %v", workspaceID, err)
+		return "", fmt.Errorf("failed to save memory")
+	}
+
+	return fmt.Sprintf(`{"id":%q,"scope":%q}`, memoryID, scope), nil
 }

 func (h *MCPHandler) toolRecallMemory(ctx context.Context, workspaceID string, args map[string]interface{}) (string, error) {
-	// Issue #1733 — v2 memory plugin is now the only path. Same shape
-	// as toolCommitMemory: an unconfigured plugin is an error, not a
-	// quiet read from a frozen v1 table.
-	if err := h.memoryV2Available(); err != nil {
-		return "", err
+	// PR-6 (RFC #2728) compat shim: when the v2 plugin is wired,
+	// route through it. Otherwise fall through to legacy DB path.
+	if h.memoryV2Available() == nil {
+		return h.recallMemoryLegacyShim(ctx, workspaceID, args)
 	}
-	return h.recallMemoryLegacyShim(ctx, workspaceID, args)
+
+	query, _ := args["query"].(string)
+	scope, _ := args["scope"].(string)
+
+	// C3: GLOBAL scope is blocked on the MCP bridge.
+	if scope == "GLOBAL" {
+		return "", fmt.Errorf("GLOBAL scope is not permitted via the MCP bridge — use LOCAL, TEAM, or empty")
+	}
+
+	var rows *sql.Rows
+	var err error
+
+	switch scope {
+	case "LOCAL":
+		rows, err = h.database.QueryContext(ctx, `
+			SELECT id, content, scope, created_at
+			FROM agent_memories
+			WHERE workspace_id = $1 AND scope = 'LOCAL'
+			  AND ($2 = '' OR content ILIKE '%' || $2 || '%')
+			ORDER BY created_at DESC LIMIT 50
+		`, workspaceID, query)
+	case "TEAM":
+		// Team scope: parent + all siblings.
+		rows, err = h.database.QueryContext(ctx, `
+			SELECT m.id, m.content, m.scope, m.created_at
+			FROM agent_memories m
+			JOIN workspaces w ON w.id = m.workspace_id
+			WHERE m.scope = 'TEAM'
+			  AND w.status != 'removed'
+			  AND (w.id = $1 OR w.parent_id = (SELECT parent_id FROM workspaces WHERE id = $1 AND parent_id IS NOT NULL))
+			  AND ($2 = '' OR m.content ILIKE '%' || $2 || '%')
+			ORDER BY m.created_at DESC LIMIT 50
+		`, workspaceID, query)
+	default:
+		// Empty scope → LOCAL only for the MCP bridge (GLOBAL excluded per C3).
+		rows, err = h.database.QueryContext(ctx, `
+			SELECT id, content, scope, created_at
+			FROM agent_memories
+			WHERE workspace_id = $1 AND scope IN ('LOCAL', 'TEAM')
+			  AND ($2 = '' OR content ILIKE '%' || $2 || '%')
+			ORDER BY created_at DESC LIMIT 50
+		`, workspaceID, query)
+	}
+	if err != nil {
+		return "", fmt.Errorf("memory search failed: %w", err)
+	}
+	defer rows.Close()
+
+	type memEntry struct {
+		ID        string `json:"id"`
+		Content   string `json:"content"`
+		Scope     string `json:"scope"`
+		CreatedAt string `json:"created_at"`
+	}
+	var results []memEntry
+	for rows.Next() {
+		var e memEntry
+		if err := rows.Scan(&e.ID, &e.Content, &e.Scope, &e.CreatedAt); err != nil {
+			continue
+		}
+		results = append(results, e)
+	}
+	if err := rows.Err(); err != nil {
+		return "", fmt.Errorf("memory scan error: %w", err)
+	}
+
+	if len(results) == 0 {
+		return "No memories found.", nil
+	}
+	b, _ := json.MarshalIndent(results, "", "  ")
+	return string(b), nil
 }

 // ─────────────────────────────────────────────────────────────────────────────
@@ -2,13 +2,14 @@ package handlers

 // mcp_tools_memory_legacy_shim.go — translates legacy commit_memory /
 // recall_memory calls (scope-based) into the v2 plugin path
-// (namespace-based).
+// (namespace-based) when the v2 plugin is wired.
 //
-// Issue #1733: v2 is now the only memory backend. Callers in
-// mcp_tools.go MUST verify h.memv2 is wired before invoking these
-// helpers (toolCommitMemory / toolRecallMemory both check
-// memoryV2Available and short-circuit with an error when not wired).
-// The previous "fall through to direct SQL" branch is gone.
+// Behavior:
+//   - If h.memv2 is wired (MEMORY_PLUGIN_URL set + plugin reachable),
+//     legacy tools translate scope→namespace and delegate to v2.
+//   - If h.memv2 is NOT wired, legacy tools fall through to the
+//     original DB-backed path in mcp_tools.go (zero behavior change
+//     for operators who haven't enabled the plugin yet).
 //
 // Translation:
 //   commit:  LOCAL  → workspace:<self>
@@ -512,38 +512,41 @@ func TestToolRecallMemory_RoutesThroughV2WhenWired(t *testing.T) {
 	}
 }

-// Issue #1733: v2 is the only path; commit/recall return a clear error
-// (not a silent SQL fallback) when MEMORY_PLUGIN_URL is unset.
-
-func TestToolCommitMemory_ErrorsWhenV2Unwired(t *testing.T) {
-	db, _, _ := sqlmock.New()
+func TestToolCommitMemory_FallsThroughToLegacyWhenV2Unwired(t *testing.T) {
+	// V2 NOT wired (no withMemoryV2APIs call). Should hit the legacy
+	// SQL path and write to agent_memories directly.
+	db, mock, _ := sqlmock.New()
 	defer db.Close()
-	h := &MCPHandler{database: db} // no withMemoryV2APIs → memv2 nil
+	mock.ExpectExec("INSERT INTO agent_memories").
+		WillReturnResult(sqlmock.NewResult(0, 1))
+	h := &MCPHandler{database: db}

 	_, err := h.toolCommitMemory(context.Background(), "root-1", map[string]interface{}{
 		"content": "x",
 		"scope":   "LOCAL",
 	})
-	if err == nil {
-		t.Fatal("expected error when v2 unwired, got nil")
+	if err != nil {
+		t.Fatalf("err: %v", err)
 	}
-	if !strings.Contains(err.Error(), "MEMORY_PLUGIN_URL") {
-		t.Errorf("error must hint at MEMORY_PLUGIN_URL: %v", err)
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("legacy SQL path not exercised: %v", err)
 	}
 }

-func TestToolRecallMemory_ErrorsWhenV2Unwired(t *testing.T) {
-	db, _, _ := sqlmock.New()
+func TestToolRecallMemory_FallsThroughToLegacyWhenV2Unwired(t *testing.T) {
+	db, mock, _ := sqlmock.New()
 	defer db.Close()
+	mock.ExpectQuery("SELECT id, content, scope, created_at").
+		WillReturnRows(sqlmock.NewRows([]string{"id", "content", "scope", "created_at"}))
 	h := &MCPHandler{database: db}

 	_, err := h.toolRecallMemory(context.Background(), "root-1", map[string]interface{}{
 		"scope": "LOCAL",
 	})
-	if err == nil {
-		t.Fatal("expected error when v2 unwired, got nil")
+	if err != nil {
+		t.Fatalf("err: %v", err)
 	}
-	if !strings.Contains(err.Error(), "MEMORY_PLUGIN_URL") {
-		t.Errorf("error must hint at MEMORY_PLUGIN_URL: %v", err)
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("legacy SQL path not exercised: %v", err)
 	}
 }
@@ -804,7 +804,7 @@ func (h *OrgHandler) Import(c *gin.Context) {
 			for i, gm := range tmpl.GlobalMemories {
 				globalSeeds[i] = models.MemorySeed{Content: gm.Content, Scope: "GLOBAL"}
 			}
-			h.workspace.seedInitialMemories(context.Background(), rootID, globalSeeds)
+			seedInitialMemories(context.Background(), rootID, globalSeeds)
 			log.Printf("Org import: seeded %d global memories on root workspace %s", len(globalSeeds), rootID)
 		}
 	}
@@ -258,7 +258,7 @@ func (h *OrgHandler) createWorkspaceTree(ws OrgWorkspace, parentID *string, absX
 	if len(wsMemories) == 0 {
 		wsMemories = defaults.InitialMemories
 	}
-	h.workspace.seedInitialMemories(ctx, id, wsMemories)
+	seedInitialMemories(ctx, id, wsMemories)

 	// Handle external workspaces
 	if ws.External {
@@ -22,7 +22,7 @@ func TestLoadRuntimesFromManifest_StripsDefaultSuffix(t *testing.T) {
 	err := os.WriteFile(path, []byte(`{
 		"workspace_templates": [
 			{"name": "claude-code-default", "repo": "org/t-cc"},
-			{"name": "codex", "repo": "org/t-codex"},
+			{"name": "langgraph", "repo": "org/t-lg"},
 			{"name": "hermes", "repo": "org/t-hermes"}
 		]
 	}`), 0600)
@@ -33,7 +33,7 @@ func TestLoadRuntimesFromManifest_StripsDefaultSuffix(t *testing.T) {
 	if err != nil {
 		t.Fatalf("load: %v", err)
 	}
-	want := []string{"claude-code", "codex", "hermes", "external", "kimi", "kimi-cli"}
+	want := []string{"claude-code", "langgraph", "hermes", "external", "kimi", "kimi-cli"}
 	for _, w := range want {
 		if _, ok := got[w]; !ok {
 			t.Errorf("want runtime %q in set, missing. got=%v", w, keys(got))
@@ -53,7 +53,7 @@ func TestLoadRuntimesFromManifest_ExternalAlwaysInjected(t *testing.T) {
 	// in the set, because it's the BYO-compute meta-runtime.
 	dir := t.TempDir()
 	path := filepath.Join(dir, "manifest.json")
-	_ = os.WriteFile(path, []byte(`{"workspace_templates":[{"name":"codex","repo":"org/t"}]}`), 0600)
+	_ = os.WriteFile(path, []byte(`{"workspace_templates":[{"name":"langgraph","repo":"org/t"}]}`), 0600)

 	got, err := loadRuntimesFromManifest(path)
 	if err != nil {
@@ -97,16 +97,11 @@ func TestRealManifestParses(t *testing.T) {
 		t.Fatalf("real manifest load: %v", err)
 	}
 	// Core runtimes we always expect to ship.
-	for _, must := range []string{"codex", "hermes", "openclaw", "claude-code", "external", "kimi", "kimi-cli"} {
+	for _, must := range []string{"langgraph", "hermes", "claude-code", "external", "kimi", "kimi-cli"} {
 		if _, ok := got[must]; !ok {
 			t.Errorf("real manifest missing runtime %q — got=%v", must, keys(got))
 		}
 	}
-	for _, removed := range []string{"autogen", "langgraph"} {
-		if _, ok := got[removed]; ok {
-			t.Errorf("real manifest should not expose unsupported runtime %q — got=%v", removed, keys(got))
-		}
-	}
 }

 func keys(m map[string]struct{}) []string {
@@ -470,19 +470,14 @@ func (h *ScheduleHandler) Health(c *gin.Context) {

 	// Validate the caller's own bearer token (Phase 30.5 contract).
 	// Skip for system callers and self-calls, same as the A2A proxy.
-	// Post-RFC#637: canvas users may read schedule health too.
-	isCanvasUser := false
 	if !isSystemCaller(callerID) && callerID != workspaceID {
-		var err error
-		isCanvasUser, err = validateCallerToken(ctx, c, callerID)
-		if err != nil {
+		if err := validateCallerToken(ctx, c, callerID); err != nil {
 			return // response already written with 401
 		}
 	}

 	// CanCommunicate gate — only peers in the org hierarchy may read health.
-	// Canvas users (human operators) bypass this gate.
-	if callerID != workspaceID && !isSystemCaller(callerID) && !isCanvasUser {
+	if callerID != workspaceID && !isSystemCaller(callerID) {
 		if !registry.CanCommunicate(callerID, workspaceID) {
 			log.Printf("ScheduleHealth: access denied %s → %s", callerID, workspaceID)
 			c.JSON(http.StatusForbidden, gin.H{"error": "access denied"})
@@ -203,20 +203,6 @@ func (h *TemplatesHandler) List(c *gin.Context) {
 			log.Printf("templates list: skip %s: yaml.Unmarshal: %v", id, err)
 			return
 		}
-		runtime := strings.TrimSuffix(strings.TrimSpace(raw.Runtime), "-default")
-		// Empty runtime is the legacy / pre-runtime_config shape: those
-		// templates declare `model:` at the top level and never set
-		// runtime. TestTemplatesList_LegacyTopLevelModel pins the
-		// backward-compat contract that they keep surfacing. The
-		// narrow-catalog filter (a5211050) applies only when a runtime
-		// is declared — declared runtimes must be in the allowlist;
-		// absent ones fall through unchanged.
-		if runtime != "" {
-			if _, ok := knownRuntimes[runtime]; !ok {
-				log.Printf("templates list: skip %s: unsupported runtime %q", id, raw.Runtime)
-				return
-			}
-		}

 		// Model comes from either top-level (legacy) or runtime_config.model (current).
 		model := raw.Model
@@ -107,7 +107,6 @@ func (h *WebhookHandler) GitHub(c *gin.Context) {
 		forwardBody,
 		"webhook:github",
 		true,
-		false,
 	)
 	if proxyErr != nil {
 		c.JSON(proxyErr.Status, proxyErr.Response)
@@ -21,7 +21,6 @@ import (
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/crypto"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/events"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/memory/contract"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/provisioner"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/wsauth"
@@ -75,30 +74,12 @@ type WorkspaceHandler struct {
 	// memory plugin). main.go sets this to plugin.DeleteNamespace
 	// when MEMORY_PLUGIN_URL is configured.
 	namespaceCleanupFn func(ctx context.Context, workspaceID string)
-	// seedMemoryPlugin is the v2 memory plugin client used by
-	// seedInitialMemories (issue #1755) to write workspace-create
-	// `initial_memories` into the plugin instead of the legacy
-	// `agent_memories` table. nil-safe: when nil, seeding logs a loud
-	// warning and skips. After A1 (#1747) there is no SQL fallback —
-	// seeded memories with no plugin wired are simply not persisted.
-	// main.go attaches this alongside namespaceCleanupFn when
-	// MEMORY_PLUGIN_URL is set (memBundle.Plugin).
-	seedMemoryPlugin seedMemoryPluginAPI
 	// asyncWG tracks goroutines launched by goAsync so tests can wait
 	// for async DB users (restart, provision) before asserting results.
 	// Matches the pattern from main commit 1c3b4ff3.
 	asyncWG sync.WaitGroup
 }

-// seedMemoryPluginAPI is the slice of the v2 memory plugin client that
-// seedInitialMemories needs. Defining it as an interface here (parallel
-// to memoryPluginAPI in mcp_tools_memory_v2.go) lets tests stub the
-// plugin with a capture-only spy and keeps the handler decoupled from
-// the concrete *client.Client.
-type seedMemoryPluginAPI interface {
-	CommitMemory(ctx context.Context, namespace string, body contract.MemoryWrite) (*contract.MemoryWriteResponse, error)
-}
-
 // newHandlerHook, when non-nil, is invoked for every WorkspaceHandler
 // created via NewWorkspaceHandler. It is nil in production (zero cost);
 // the test harness sets it so setupTestDB can drain every handler's
@@ -193,19 +174,6 @@ func (h *WorkspaceHandler) WithNamespaceCleanup(fn func(ctx context.Context, wor
 	return h
 }

-// WithSeedMemoryPlugin wires the v2 memory plugin so
-// seedInitialMemories (issue #1755) routes workspace-create
-// `initial_memories` through the plugin instead of the legacy
-// `agent_memories` table. main.go passes memBundle.Plugin (a
-// `*client.Client`); tests pass a stub matching the
-// seedMemoryPluginAPI interface. Nil-safe: omitting this leaves the
-// field nil and seedInitialMemories logs a warning + skips on each
-// invocation.
-func (h *WorkspaceHandler) WithSeedMemoryPlugin(p seedMemoryPluginAPI) *WorkspaceHandler {
-	h.seedMemoryPlugin = p
-	return h
-}
-
 // SetCPProvisioner wires the control plane provisioner for SaaS tenants.
 // Auto-activated when MOLECULE_ORG_ID is set (no manual config needed).
 //
@@ -603,7 +571,7 @@ func (h *WorkspaceHandler) Create(c *gin.Context) {

 	// Seed initial memories from the create payload (issue #1050).
 	// Non-fatal: failures are logged but don't block workspace creation.
-	h.seedInitialMemories(ctx, id, payload.InitialMemories)
+	seedInitialMemories(ctx, id, payload.InitialMemories)

 	// Broadcast provisioning event. Include `runtime` so the canvas can
 	// populate the Runtime pill on the side panel immediately — without it
@@ -6,6 +6,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"net/url"
+	"os"
+	"strings"

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
@@ -29,6 +32,7 @@ type workspaceDisplayResponse struct {
 	Width     int    `json:"width,omitempty"`
 	Height    int    `json:"height,omitempty"`
 	Status    string `json:"status,omitempty"`
+	ViewerURL string `json:"viewer_url,omitempty"`
 }

 var workspaceComputeInstanceAllowlist = map[string]struct{}{
@@ -173,13 +177,17 @@ func withStoredCompute(ctx context.Context, workspaceID string, payload models.C
 }

 // Display handles GET /workspaces/:id/display.
+//
+// Phase 1 only exposes the product contract and the non-display unavailable
+// state. Future desktop-control work will replace the display-enabled branch
+// with short-lived proxied DCV session details.
 func (h *WorkspaceHandler) Display(c *gin.Context) {
 	workspaceID := c.Param("id")
-	var raw, instanceID string
+	var raw string
 	err := db.DB.QueryRowContext(c.Request.Context(),
-		`SELECT COALESCE(compute, '{}'::jsonb), COALESCE(instance_id, '') FROM workspaces WHERE id = $1`,
+		`SELECT COALESCE(compute, '{}'::jsonb) FROM workspaces WHERE id = $1`,
 		workspaceID,
-	).Scan(&raw, &instanceID)
+	).Scan(&raw)
 	if err != nil {
 		if err == sql.ErrNoRows {
 			c.JSON(404, gin.H{"error": "workspace not found"})
@@ -209,7 +217,7 @@ func (h *WorkspaceHandler) Display(c *gin.Context) {
 		})
 		return
 	}
-	if instanceID != "" {
+	if viewerURL := workspaceDisplayViewerURL(workspaceID); viewerURL != "" {
 		c.JSON(200, workspaceDisplayResponse{
 			Available: true,
 			Mode:      compute.Display.Mode,
@@ -217,6 +225,7 @@ func (h *WorkspaceHandler) Display(c *gin.Context) {
 			Width:     compute.Display.Width,
 			Height:    compute.Display.Height,
 			Status:    "ready",
+			ViewerURL: viewerURL,
 		})
 		return
 	}
@@ -230,3 +239,15 @@ func (h *WorkspaceHandler) Display(c *gin.Context) {
 		Status:    "not_configured",
 	})
 }
+
+func workspaceDisplayViewerURL(workspaceID string) string {
+	base := strings.TrimRight(os.Getenv("DISPLAY_VIEWER_BASE_URL"), "/")
+	if base == "" {
+		return ""
+	}
+	parsed, err := url.Parse(base)
+	if err != nil || parsed.Scheme != "https" || parsed.Host == "" {
+		return ""
+	}
+	return base + "/" + url.PathEscape(workspaceID)
+}
@@ -6,10 +6,8 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"strings"
 	"testing"
-	"time"

 	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
@@ -203,9 +201,9 @@ func TestWorkspaceDisplay_NonDisplayWorkspaceReturnsUnavailable(t *testing.T) {
 	setupTestRedis(t)
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-no-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{}`, ""))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -237,9 +235,9 @@ func TestWorkspaceDisplay_DisplayConfiguredReturnsSessionUnavailableContract(t *
 	setupTestRedis(t)
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`, ""))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -278,14 +276,15 @@ func TestWorkspaceDisplay_DisplayConfiguredReturnsSessionUnavailableContract(t *
 	}
 }

-func TestWorkspaceDisplay_DisplayConfiguredWithInstanceReturnsAvailableSession(t *testing.T) {
+func TestWorkspaceDisplay_DisplayConfiguredWithViewerBaseReturnsAvailableSession(t *testing.T) {
 	mock := setupTestDB(t)
 	setupTestRedis(t)
+	t.Setenv("DISPLAY_VIEWER_BASE_URL", "https://display.example.test/sessions")
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`, "i-display123"))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -304,8 +303,8 @@ func TestWorkspaceDisplay_DisplayConfiguredWithInstanceReturnsAvailableSession(t
 	if resp["available"] != true {
 		t.Fatalf("available = %v, want true", resp["available"])
 	}
-	if resp["viewer_url"] != nil {
-		t.Fatalf("viewer_url = %v, want omitted; stream URL is minted by Take control", resp["viewer_url"])
+	if resp["viewer_url"] != "https://display.example.test/sessions/ws-display" {
+		t.Fatalf("viewer_url = %v, want workspace viewer URL", resp["viewer_url"])
 	}
 	if resp["reason"] != nil {
 		t.Fatalf("reason = %v, want omitted", resp["reason"])
@@ -315,15 +314,16 @@ func TestWorkspaceDisplay_DisplayConfiguredWithInstanceReturnsAvailableSession(t
 	}
 }

-func TestWorkspaceDisplay_DisplayConfiguredWithoutInstanceReturnsUnavailable(t *testing.T) {
+func TestWorkspaceDisplay_DisplayConfiguredWithInvalidViewerBaseReturnsUnavailable(t *testing.T) {
 	mock := setupTestDB(t)
 	setupTestRedis(t)
+	t.Setenv("DISPLAY_VIEWER_BASE_URL", "http://display.example.test/sessions")
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

 	workspaceID := "ws-display"
-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs(workspaceID).
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`, ""))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -358,9 +358,9 @@ func TestWorkspaceDisplay_IgnoresUnrelatedStoredComputeSizingDrift(t *testing.T)
 	setupTestRedis(t)
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-display-sizing-drift").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{"instance_type":"old.large","display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`, ""))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"instance_type":"old.large","display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -389,9 +389,9 @@ func TestWorkspaceDisplay_InvalidStoredDisplayConfigReturnsServerError(t *testin
 	setupTestRedis(t)
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())

-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
+	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
 		WithArgs("ws-invalid-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"vnc"}}`, ""))
+		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"vnc"}}`))

 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -414,113 +414,3 @@ func TestWorkspaceDisplay_InvalidStoredDisplayConfigReturnsServerError(t *testin
 		t.Errorf("unmet sqlmock expectations: %v", err)
 	}
 }
-
-func TestWorkspaceDisplaySession_ProxiesThroughDisplayForward(t *testing.T) {
-	mock := setupTestDB(t)
-	setupTestRedis(t)
-	t.Setenv("DISPLAY_SESSION_SIGNING_SECRET", "display-session-test-secret")
-	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
-
-	var upstreamAuth, upstreamCookie, upstreamProtocol, gotInstanceID string
-	upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path != "/websockify" {
-			t.Errorf("upstream path = %q, want /websockify", r.URL.Path)
-		}
-		if r.URL.RawQuery != "" {
-			t.Errorf("upstream raw query = %q, want stripped", r.URL.RawQuery)
-		}
-		upstreamAuth = r.Header.Get("Authorization")
-		upstreamCookie = r.Header.Get("Cookie")
-		upstreamProtocol = r.Header.Get("Sec-WebSocket-Protocol")
-		_, _ = w.Write([]byte("websockify"))
-	}))
-	defer upstream.Close()
-	upstreamURL, err := url.Parse(upstream.URL)
-	if err != nil {
-		t.Fatalf("parse upstream URL: %v", err)
-	}
-	prevForward := displayForward
-	displayForward = func(_ context.Context, instanceID string, fn func(target *url.URL) error) error {
-		gotInstanceID = instanceID
-		return fn(upstreamURL)
-	}
-	t.Cleanup(func() { displayForward = prevForward })
-
-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
-		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(
-			`{"display":{"mode":"desktop-control","protocol":"novnc","width":1920,"height":1080}}`,
-			"i-display123",
-		))
-	expiresAt := time.Now().Add(5 * time.Minute).UTC()
-	mock.ExpectQuery(`SELECT controller, controlled_by, expires_at FROM workspace_display_control_locks WHERE workspace_id = \$1 AND expires_at > now\(\)`).
-		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"controller", "controlled_by", "expires_at"}).AddRow("user", "admin-token", expiresAt))
-	token := signDisplaySessionToken("ws-display", "admin-token", expiresAt)
-
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	c.Params = gin.Params{
-		{Key: "id", Value: "ws-display"},
-		{Key: "proxyPath", Value: "/websockify"},
-	}
-	c.Request = httptest.NewRequest("GET", "/workspaces/ws-display/display/session/websockify", nil)
-	c.Request.Header.Set("Authorization", "Bearer should-not-reach-upstream")
-	c.Request.Header.Set("Cookie", "session=should-not-reach-upstream")
-	c.Request.Header.Set("Sec-WebSocket-Protocol", "binary, molecule-display-token."+token)
-
-	handler.DisplaySession(c)
-
-	if w.Code != http.StatusOK {
-		t.Fatalf("expected status 200, got %d: %s", w.Code, w.Body.String())
-	}
-	if gotInstanceID != "i-display123" {
-		t.Fatalf("displayForward instanceID = %q, want i-display123", gotInstanceID)
-	}
-	if w.Body.String() != "websockify" {
-		t.Fatalf("body = %q, want websockify", w.Body.String())
-	}
-	if upstreamAuth != "" || upstreamCookie != "" {
-		t.Fatalf("proxied credentials leaked upstream: auth=%q cookie=%q", upstreamAuth, upstreamCookie)
-	}
-	if upstreamProtocol != "binary" {
-		t.Fatalf("upstream websocket protocol = %q, want binary without display token", upstreamProtocol)
-	}
-	if err := mock.ExpectationsWereMet(); err != nil {
-		t.Errorf("unmet sqlmock expectations: %v", err)
-	}
-}
-
-func TestWorkspaceDisplaySession_NonDisplayWorkspaceDoesNotProxy(t *testing.T) {
-	mock := setupTestDB(t)
-	setupTestRedis(t)
-	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
-
-	prevForward := displayForward
-	displayForward = func(_ context.Context, _ string, _ func(target *url.URL) error) error {
-		t.Fatal("displayForward must not run for non-display workspaces")
-		return nil
-	}
-	t.Cleanup(func() { displayForward = prevForward })
-
-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\), COALESCE\(instance_id, ''\) FROM workspaces WHERE id = \$1`).
-		WithArgs("ws-no-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute", "instance_id"}).AddRow(`{}`, "i-display123"))
-
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	c.Params = gin.Params{
-		{Key: "id", Value: "ws-no-display"},
-		{Key: "proxyPath", Value: "/websockify"},
-	}
-	c.Request = httptest.NewRequest("GET", "/workspaces/ws-no-display/display/session/websockify", nil)
-
-	handler.DisplaySession(c)
-
-	if w.Code != http.StatusNotFound {
-		t.Fatalf("expected status 404, got %d: %s", w.Code, w.Body.String())
-	}
-	if err := mock.ExpectationsWereMet(); err != nil {
-		t.Errorf("unmet sqlmock expectations: %v", err)
-	}
-}
@@ -2,19 +2,13 @@ package handlers

 import (
 	"context"
-	"crypto/hmac"
-	"crypto/sha256"
 	"crypto/subtle"
 	"database/sql"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
 	"net/http"
-	"net/url"
 	"os"
-	"strconv"
-	"strings"
 	"time"

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
@@ -33,7 +27,6 @@ type workspaceDisplayControlResponse struct {
 	Controller   string    `json:"controller"`
 	ControlledBy string    `json:"controlled_by,omitempty"`
 	ExpiresAt    time.Time `json:"expires_at"`
-	SessionURL   string    `json:"session_url,omitempty"`
 }

 type workspaceDisplayControlNoneResponse struct {
@@ -96,10 +89,6 @@ func (h *WorkspaceHandler) AcquireDisplayControl(c *gin.Context) {
 		c.JSON(http.StatusForbidden, gin.H{"error": "display control requires admin-token or org-token auth"})
 		return
 	}
-	if displaySessionSigningSecret() == "" {
-		c.JSON(http.StatusServiceUnavailable, gin.H{"error": "display session signing secret is not configured"})
-		return
-	}
 	workspaceID := c.Param("id")
 	startedAt := time.Now()
 	emitDisplayControlEvent(c.Request.Context(), "display.control.acquire.started", workspaceID, map[string]any{
@@ -124,7 +113,6 @@ RETURNING controller, controlled_by, expires_at`,
 		workspaceID, req.Controller, controlledBy, req.TTLSeconds,
 	).Scan(&lock.Controller, &lock.ControlledBy, &lock.ExpiresAt)
 	if err == nil {
-		lock.SessionURL = signedDisplaySessionURL(workspaceID, lock.ControlledBy, lock.ExpiresAt)
 		emitDisplayControlEvent(c.Request.Context(), "display.control.acquire.completed", workspaceID, map[string]any{
 			"controller":    lock.Controller,
 			"controlled_by": lock.ControlledBy,
@@ -370,50 +358,3 @@ func emitDisplayControlEvent(ctx context.Context, eventType string, workspaceID
 		log.Printf("emitDisplayControlEvent: insert %s failed: %v", eventType, err)
 	}
 }
-
-func signedDisplaySessionURL(workspaceID, controlledBy string, expiresAt time.Time) string {
-	token := signDisplaySessionToken(workspaceID, controlledBy, expiresAt)
-	if token == "" {
-		return ""
-	}
-	return fmt.Sprintf("/workspaces/%s/display/session/websockify#token=%s", url.PathEscape(workspaceID), token)
-}
-
-func signDisplaySessionToken(workspaceID, controlledBy string, expiresAt time.Time) string {
-	secret := displaySessionSigningSecret()
-	if secret == "" || workspaceID == "" || controlledBy == "" || expiresAt.IsZero() {
-		return ""
-	}
-	payload := strings.Join([]string{workspaceID, controlledBy, strconv.FormatInt(expiresAt.Unix(), 10)}, "|")
-	mac := hmac.New(sha256.New, []byte(secret))
-	_, _ = mac.Write([]byte(payload))
-	return base64.RawURLEncoding.EncodeToString([]byte(payload)) + "." + base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
-}
-
-func validateDisplaySessionToken(token, workspaceID, controlledBy string, expiresAt time.Time) bool {
-	secret := displaySessionSigningSecret()
-	parts := strings.Split(token, ".")
-	if secret == "" || len(parts) != 2 || workspaceID == "" || controlledBy == "" || expiresAt.IsZero() || time.Now().After(expiresAt) {
-		return false
-	}
-	payloadBytes, err := base64.RawURLEncoding.DecodeString(parts[0])
-	if err != nil {
-		return false
-	}
-	payload := string(payloadBytes)
-	wantPayload := strings.Join([]string{workspaceID, controlledBy, strconv.FormatInt(expiresAt.Unix(), 10)}, "|")
-	if subtle.ConstantTimeCompare([]byte(payload), []byte(wantPayload)) != 1 {
-		return false
-	}
-	sig, err := base64.RawURLEncoding.DecodeString(parts[1])
-	if err != nil {
-		return false
-	}
-	mac := hmac.New(sha256.New, []byte(secret))
-	_, _ = mac.Write([]byte(payload))
-	return hmac.Equal(sig, mac.Sum(nil))
-}
-
-func displaySessionSigningSecret() string {
-	return os.Getenv("DISPLAY_SESSION_SIGNING_SECRET")
-}
@@ -2,15 +2,10 @@ package handlers

 import (
 	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
 	"database/sql"
-	"encoding/base64"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
-	"strconv"
-	"strings"
 	"testing"
 	"time"

@@ -59,7 +54,6 @@ func TestWorkspaceDisplayControl_NoActiveLockReturnsNone(t *testing.T) {

 func TestWorkspaceDisplayControlAcquire_ClaimsUnlockedDisplay(t *testing.T) {
 	mock := setupTestDB(t)
-	t.Setenv("DISPLAY_SESSION_SIGNING_SECRET", "display-session-test-secret")
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
 	expiresAt := time.Date(2026, 5, 23, 18, 30, 0, 0, time.UTC)

@@ -93,39 +87,13 @@ func TestWorkspaceDisplayControlAcquire_ClaimsUnlockedDisplay(t *testing.T) {
 	if resp["expires_at"] == "" {
 		t.Fatalf("expires_at missing in response: %#v", resp)
 	}
-	sessionURL, ok := resp["session_url"].(string)
-	if !ok || !strings.HasPrefix(sessionURL, "/workspaces/ws-display/display/session/websockify#token=") {
-		t.Fatalf("session_url = %#v, want signed websockify URL fragment", resp["session_url"])
-	}
-	if strings.Contains(sessionURL, "?token=") {
-		t.Fatalf("session_url must not put display token in logged query string: %q", sessionURL)
-	}
 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unmet sqlmock expectations: %v", err)
 	}
 }

-func TestDisplaySessionToken_RequiresDedicatedSigningSecret(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "client-exposed-admin-token")
-	t.Setenv("DISPLAY_SESSION_SIGNING_SECRET", "")
-	expiresAt := time.Now().Add(5 * time.Minute)
-
-	if token := signDisplaySessionToken("ws-display", "admin-token", expiresAt); token != "" {
-		t.Fatalf("signDisplaySessionToken minted token with no dedicated signing secret: %q", token)
-	}
-
-	payload := "ws-display|admin-token|" + strconv.FormatInt(expiresAt.Unix(), 10)
-	mac := hmac.New(sha256.New, []byte(""))
-	_, _ = mac.Write([]byte(payload))
-	forged := base64.RawURLEncoding.EncodeToString([]byte(payload)) + "." + base64.RawURLEncoding.EncodeToString(mac.Sum(nil))
-	if validateDisplaySessionToken(forged, "ws-display", "admin-token", expiresAt) {
-		t.Fatal("validateDisplaySessionToken accepted empty-secret forged token")
-	}
-}
-
 func TestWorkspaceDisplayControlAcquire_ActiveLockReturnsConflict(t *testing.T) {
 	mock := setupTestDB(t)
-	t.Setenv("DISPLAY_SESSION_SIGNING_SECRET", "display-session-test-secret")
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
 	expiresAt := time.Date(2026, 5, 23, 18, 30, 0, 0, time.UTC)

@@ -168,32 +136,6 @@ func TestWorkspaceDisplayControlAcquire_ActiveLockReturnsConflict(t *testing.T)
 	}
 }

-func TestWorkspaceDisplayControlAcquire_RejectsMissingSessionSigningSecret(t *testing.T) {
-	mock := setupTestDB(t)
-	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
-
-	mock.ExpectQuery(`SELECT COALESCE\(compute, '\{\}'::jsonb\) FROM workspaces WHERE id = \$1`).
-		WithArgs("ws-display").
-		WillReturnRows(sqlmock.NewRows([]string{"compute"}).AddRow(`{"display":{"mode":"desktop-control","protocol":"dcv","width":1920,"height":1080}}`))
-
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	c.Params = gin.Params{{Key: "id", Value: "ws-display"}}
-	c.Request = httptest.NewRequest("POST", "/workspaces/ws-display/display/control/acquire", bytes.NewBufferString(`{"controller":"user","ttl_seconds":300}`))
-	c.Request.Header.Set("Content-Type", "application/json")
-	attachDisplayControlAdminToken(t, c)
-	t.Setenv("DISPLAY_SESSION_SIGNING_SECRET", "")
-
-	handler.AcquireDisplayControl(c)
-
-	if w.Code != http.StatusServiceUnavailable {
-		t.Fatalf("expected status 503, got %d: %s", w.Code, w.Body.String())
-	}
-	if err := mock.ExpectationsWereMet(); err != nil {
-		t.Errorf("unmet sqlmock expectations: %v", err)
-	}
-}
-
 func TestWorkspaceDisplayControlAcquire_RejectsDisplayDisabledWorkspace(t *testing.T) {
 	mock := setupTestDB(t)
 	handler := NewWorkspaceHandler(newTestBroadcaster(), nil, "http://localhost:8080", t.TempDir())
@@ -1,168 +0,0 @@
-package handlers
-
-import (
-	"context"
-	"database/sql"
-	"encoding/json"
-	"fmt"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"os"
-	"os/exec"
-	"strings"
-	"time"
-
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
-	"github.com/gin-gonic/gin"
-)
-
-const workspaceDisplaySessionTimeout = 12 * time.Hour
-const displaySessionTokenProtocolPrefix = "molecule-display-token."
-
-var displayForward = realDisplayForward
-
-// DisplaySession proxies noVNC/websockify requests for a display-enabled EC2
-// workspace through the existing EIC SSH path. The EC2 :6080 listener stays
-// private to the VPC; the browser only sees this same-origin route.
-func (h *WorkspaceHandler) DisplaySession(c *gin.Context) {
-	workspaceID := c.Param("id")
-	display, instanceID, err := loadWorkspaceDisplaySessionTarget(c.Request.Context(), workspaceID)
-	if err != nil {
-		if err == sql.ErrNoRows {
-			c.JSON(http.StatusNotFound, gin.H{"error": "workspace not found"})
-			return
-		}
-		log.Printf("DisplaySession: load target for %s failed: %v", workspaceID, err)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to load display session"})
-		return
-	}
-	if display.Mode == "" || display.Mode == "none" {
-		c.JSON(http.StatusNotFound, gin.H{"error": "display not enabled"})
-		return
-	}
-	if instanceID == "" {
-		c.JSON(http.StatusServiceUnavailable, gin.H{"error": "display session unavailable"})
-		return
-	}
-
-	proxyPath := c.Param("proxyPath")
-	if proxyPath != "/websockify" {
-		c.JSON(http.StatusNotFound, gin.H{"error": "display session path not found"})
-		return
-	}
-	lock, found, err := h.loadActiveDisplayControl(c, workspaceID)
-	if err != nil {
-		log.Printf("DisplaySession: load active lock for %s failed: %v", workspaceID, err)
-		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to load display control"})
-		return
-	}
-	if !found || !validateDisplaySessionToken(displaySessionTokenFromRequest(c.Request), workspaceID, lock.ControlledBy, lock.ExpiresAt) {
-		c.JSON(http.StatusForbidden, gin.H{"error": "display control required"})
-		return
-	}
-
-	ctx, cancel := context.WithTimeout(c.Request.Context(), workspaceDisplaySessionTimeout)
-	defer cancel()
-	err = displayForward(ctx, instanceID, func(target *url.URL) error {
-		proxy := newDisplaySessionReverseProxy(target)
-		proxy.ServeHTTP(c.Writer, c.Request.WithContext(ctx))
-		return nil
-	})
-	if err != nil {
-		log.Printf("DisplaySession: proxy for %s instance=%s failed: %v", workspaceID, instanceID, err)
-		if !c.Writer.Written() {
-			c.JSON(http.StatusBadGateway, gin.H{"error": "display session proxy failed"})
-		}
-	}
-}
-
-func loadWorkspaceDisplaySessionTarget(ctx context.Context, workspaceID string) (models.WorkspaceComputeDisplay, string, error) {
-	var raw, instanceID string
-	err := db.DB.QueryRowContext(ctx,
-		`SELECT COALESCE(compute, '{}'::jsonb), COALESCE(instance_id, '') FROM workspaces WHERE id = $1`,
-		workspaceID,
-	).Scan(&raw, &instanceID)
-	if err != nil {
-		return models.WorkspaceComputeDisplay{}, "", err
-	}
-	var compute models.WorkspaceCompute
-	if raw != "" && raw != "{}" {
-		if err := json.Unmarshal([]byte(raw), &compute); err != nil {
-			return models.WorkspaceComputeDisplay{}, "", fmt.Errorf("invalid compute JSON: %w", err)
-		}
-		if err := validateWorkspaceDisplayConfig(compute.Display); err != nil {
-			return models.WorkspaceComputeDisplay{}, "", err
-		}
-	}
-	return compute.Display, instanceID, nil
-}
-
-func newDisplaySessionReverseProxy(target *url.URL) *httputil.ReverseProxy {
-	return &httputil.ReverseProxy{
-		Director: func(req *http.Request) {
-			req.URL.Scheme = target.Scheme
-			req.URL.Host = target.Host
-			req.URL.Path = "/websockify"
-			req.URL.RawPath = ""
-			req.URL.RawQuery = ""
-			req.Host = target.Host
-			req.Header.Del("Authorization")
-			req.Header.Del("Cookie")
-			req.Header.Set("Sec-WebSocket-Protocol", "binary")
-		},
-		ErrorHandler: func(w http.ResponseWriter, _ *http.Request, err error) {
-			log.Printf("DisplaySession: upstream proxy error: %v", err)
-			http.Error(w, "display session proxy failed", http.StatusBadGateway)
-		},
-	}
-}
-
-func displaySessionTokenFromRequest(r *http.Request) string {
-	for _, part := range strings.Split(r.Header.Get("Sec-WebSocket-Protocol"), ",") {
-		protocol := strings.TrimSpace(part)
-		if strings.HasPrefix(protocol, displaySessionTokenProtocolPrefix) {
-			return strings.TrimPrefix(protocol, displaySessionTokenProtocolPrefix)
-		}
-	}
-	return ""
-}
-
-func realDisplayForward(ctx context.Context, instanceID string, fn func(target *url.URL) error) error {
-	if instanceID == "" {
-		return fmt.Errorf("workspace has no instance_id")
-	}
-	return withEICTunnel(ctx, instanceID, func(s eicSSHSession) error {
-		localPort, err := pickFreePort()
-		if err != nil {
-			return fmt.Errorf("pick display forward port: %w", err)
-		}
-		cmd := exec.CommandContext(ctx, "ssh",
-			"-i", s.keyPath,
-			"-o", "StrictHostKeyChecking=no",
-			"-o", "UserKnownHostsFile=/dev/null",
-			"-o", "LogLevel=ERROR",
-			"-o", "ExitOnForwardFailure=yes",
-			"-N",
-			"-L", fmt.Sprintf("%d:127.0.0.1:6080", localPort),
-			"-p", fmt.Sprintf("%d", s.localPort),
-			fmt.Sprintf("%s@127.0.0.1", s.osUser),
-		)
-		cmd.Env = os.Environ()
-		if err := cmd.Start(); err != nil {
-			return fmt.Errorf("display forward start: %w", err)
-		}
-		defer func() {
-			if cmd.Process != nil {
-				_ = cmd.Process.Kill()
-			}
-			_ = cmd.Wait()
-		}()
-		if err := waitForPort(ctx, "127.0.0.1", localPort, 10*time.Second); err != nil {
-			return fmt.Errorf("display forward never listened: %w", err)
-		}
-		return fn(&url.URL{Scheme: "http", Host: fmt.Sprintf("127.0.0.1:%d", localPort)})
-	})
-}
@@ -12,7 +12,6 @@ import (

 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/crypto"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/db"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/memory/contract"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/provisioner"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/wsauth"
@@ -185,45 +184,21 @@ func (h *WorkspaceHandler) provisionWorkspaceOpts(workspaceID, templatePath stri
 	// which transitions status to 'online' and broadcasts WORKSPACE_ONLINE
 }

-// seedInitialMemories writes a list of MemorySeed entries through the v2
-// memory plugin for the given workspace. Called during workspace creation
-// and org import to pre-populate memories from config/template (issue
-// #1050). Non-fatal: each plugin call is attempted independently and
-// failures are logged.
-//
-// Issue #1755: post-A1 (#1747) v2 is the only memory backend; writing
-// into `agent_memories` would be invisible to `recall_memory` (which
-// reads exclusively from the plugin). When the plugin isn't wired
-// (WithSeedMemoryPlugin not called, i.e. `MEMORY_PLUGIN_URL` unset on
-// platform-tenant), seedInitialMemories logs a loud warning and skips
-// — seeded memories simply don't materialise on that operator's
-// deployment. There is no SQL fallback.
-//
-// Scope handling: the v2 plugin's data model has no `scope` column. All
-// seeded memories land in `workspace:<id>` (the workspace's private
-// namespace). Pre-A1 callers wrote TEAM/GLOBAL-scoped memories into
-// `agent_memories` with `namespace=workspace:<id>` anyway, so this is
-// behaviour-preserving for LOCAL and a no-op-shrink for TEAM/GLOBAL
-// (those scopes can be promoted later via an explicit
-// `commit_memory_v2` call by the agent).
-//
-// maxMemoryContentLength is the maximum allowed size for a single
-// memory content field. Content exceeding this limit is truncated to
-// prevent storage exhaustion (CWE-400) and OOM on read paths. The
-// limit is intentionally generous — it fits a ~64k context window
-// worth of text — but small enough to prevent abuse.
+// seedInitialMemories inserts a list of MemorySeed entries into agent_memories
+// for the given workspace. Called during workspace creation and org import to
+// pre-populate memories from config/template. Non-fatal: each insert is
+// attempted independently and failures are logged. Issue #1050.
+// maxMemoryContentLength is the maximum allowed size for a single memory content
+// field. Content exceeding this limit is truncated to prevent storage exhaustion
+// (CWE-400) and OOM on read paths. The limit is intentionally generous — it fits
+// a ~64k context window worth of text — but small enough to prevent abuse.
 const maxMemoryContentLength = 100_000 // ~100 KiB of text

-func (h *WorkspaceHandler) seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed) {
+func seedInitialMemories(ctx context.Context, workspaceID string, memories []models.MemorySeed) {
 	if len(memories) == 0 {
 		return
 	}
-	if h.seedMemoryPlugin == nil {
-		log.Printf("seedInitialMemories: ⚠️  skipping %d memories for workspace %s — v2 memory plugin not wired (set MEMORY_PLUGIN_URL on platform-tenant). Seeded memories from this template are not persisted.", len(memories), workspaceID)
-		return
-	}
 	namespace := workspaceMemoryNamespace(workspaceID)
-	seeded := 0
 	for _, mem := range memories {
 		scope := strings.ToUpper(mem.Scope)
 		if scope == "" {
@@ -236,10 +211,9 @@ func (h *WorkspaceHandler) seedInitialMemories(ctx context.Context, workspaceID
 		if mem.Content == "" {
 			continue
 		}
-		// #1066: enforce content length limit to prevent storage exhaustion
-		// (CWE-400). Truncate oversized content rather than rejecting the
-		// whole insert so that template authors get a predictable fallback
-		// rather than a silent skip.
+		// #1066: enforce content length limit to prevent storage exhaustion (CWE-400).
+		// Truncate oversized content rather than rejecting the whole insert so that
+		// template authors get a predictable fallback rather than a silent skip.
 		content := mem.Content
 		if len(content) > maxMemoryContentLength {
 			content = content[:maxMemoryContentLength]
@@ -247,25 +221,14 @@ func (h *WorkspaceHandler) seedInitialMemories(ctx context.Context, workspaceID
 				workspaceID, scope, len(mem.Content), maxMemoryContentLength)
 		}
 		redactedContent, _ := redactSecrets(workspaceID, content)
-		if _, err := h.seedMemoryPlugin.CommitMemory(ctx, namespace, contract.MemoryWrite{
-			Content: redactedContent,
-			// Kind = fact: seeded memories are factual baseline knowledge,
-			// not session summaries or runtime checkpoints.
-			Kind: contract.MemoryKindFact,
-			// Source = runtime: the platform (not the agent) is writing
-			// these on the agent's behalf at provision time. Distinct from
-			// `agent` (commit_memory MCP call) and `user` (canvas write).
-			Source: contract.MemorySourceRuntime,
-		}); err != nil {
-			log.Printf("seedInitialMemories: plugin commit failed for %s (scope=%s): %v", workspaceID, scope, err)
-			continue
+		if _, err := db.DB.ExecContext(ctx, `
+			INSERT INTO agent_memories (workspace_id, content, scope, namespace)
+			VALUES ($1, $2, $3, $4)
+		`, workspaceID, redactedContent, scope, namespace); err != nil {
+			log.Printf("seedInitialMemories: failed to insert memory for %s (scope=%s): %v", workspaceID, scope, err)
 		}
-		seeded++
-	}
-	if seeded > 0 {
-		log.Printf("seedInitialMemories: seeded %d/%d memories for workspace %s via v2 plugin (namespace=%s)",
-			seeded, len(memories), workspaceID, namespace)
 	}
+	log.Printf("seedInitialMemories: seeded %d memories for workspace %s", len(memories), workspaceID)
 }

 // workspaceMemoryNamespace returns the canonical v2 memory namespace
@@ -1,12 +1,9 @@
 package handlers

 import (
-	"bytes"
 	"context"
 	"database/sql"
-	"errors"
 	"fmt"
-	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -14,7 +11,6 @@ import (
 	"testing"

 	"github.com/DATA-DOG/go-sqlmock"
-	"github.com/Molecule-AI/molecule-monorepo/platform/internal/memory/contract"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/models"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/plugins"
 	"github.com/Molecule-AI/molecule-monorepo/platform/internal/provisioner"
@@ -581,65 +577,49 @@ func TestSanitizeRuntime_Allowlist(t *testing.T) {
 	}
 }

-// ==================== seedInitialMemories: coverage for #1167 / #1208 / #1755 ====================
-//
-// Issue #1755 rewrote these tests. seedInitialMemories no longer
-// INSERTs into agent_memories — it routes through the v2 memory
-// plugin's CommitMemory contract. The tests below capture the
-// MemoryWrite the stub plugin receives and assert on its shape
-// (redaction, truncation, scope-skip, namespace) instead of sqlmock
-// INSERT args. Same coverage, post-A1 backend.
-
-// seedPluginCall records what the stub plugin saw on each commit.
-type seedPluginCall struct {
-	Namespace string
-	Body      contract.MemoryWrite
-}
-
-// stubSeedPlugin captures plugin commits for assertion-style tests.
-// commitErr, when non-nil, is returned to the caller — used to
-// exercise the "plugin error logged, loop continues" path.
-type stubSeedPlugin struct {
-	calls     []seedPluginCall
-	commitErr error
-}
-
-func (s *stubSeedPlugin) CommitMemory(_ context.Context, ns string, body contract.MemoryWrite) (*contract.MemoryWriteResponse, error) {
-	s.calls = append(s.calls, seedPluginCall{Namespace: ns, Body: body})
-	if s.commitErr != nil {
-		return nil, s.commitErr
-	}
-	return &contract.MemoryWriteResponse{ID: "mem-stub", Namespace: ns}, nil
-}
-
-// newSeedTestHandler builds a minimal WorkspaceHandler with a stub
-// plugin wired. Tests that want to exercise the "plugin not wired"
-// path build their own handler with seedMemoryPlugin nil.
-func newSeedTestHandler() (*WorkspaceHandler, *stubSeedPlugin) {
-	stub := &stubSeedPlugin{}
-	h := &WorkspaceHandler{seedMemoryPlugin: stub}
-	return h, stub
-}
+// ==================== seedInitialMemories: coverage for #1167 / #1208 ====================

 // TestSeedInitialMemories_TruncatesOversizedContent covers the boundary cases for
 // the CWE-400 content-length limit introduced in PR #1167. Issue #1208 identified
-// that the truncate-at-100k guard lacked unit test coverage. #1755 ported the
-// assertion from sqlmock INSERT args to the plugin's captured MemoryWrite.Content.
+// that the truncate-at-100k guard lacked unit test coverage.
+// The test verifies that content at and over the 100,000-byte limit is handled
+// correctly, and that content under the limit passes through unchanged.
 func TestSeedInitialMemories_TruncatesOversizedContent(t *testing.T) {
+	mock := setupTestDB(t)
+
 	tests := []struct {
 		name           string
 		contentLen     int
+		expectInsert   bool
 		expectTruncate bool
 	}{
-		{name: "exactly at 100 kB limit — no truncation", contentLen: 100_000},
-		{name: "1 byte over limit — truncated", contentLen: 100_001, expectTruncate: true},
-		{name: "far over limit — truncated", contentLen: 500_000, expectTruncate: true},
-		{name: "well under limit — passes through unchanged", contentLen: 50_000},
+		{
+			name:         "exactly at 100 kB limit — no truncation",
+			contentLen:   100_000,
+			expectInsert: true,
+		},
+		{
+			name:           "1 byte over limit — truncated",
+			contentLen:     100_001,
+			expectInsert:   true,
+			expectTruncate: true,
+		},
+		{
+			name:           "far over limit — truncated",
+			contentLen:     500_000,
+			expectInsert:   true,
+			expectTruncate: true,
+		},
+		{
+			name:         "well under limit — passes through unchanged",
+			contentLen:   50_000,
+			expectInsert: true,
+		},
 	}

 	// Content must avoid the redactSecrets base64-blob regex (33+ chars of
 	// [A-Za-z0-9+/]). Spaces break the run. "hello world " = 12 bytes.
-	const unit = "hello world "
+	const unit = "hello world " // 12 bytes, contains space
 	mkContent := func(n int) string {
 		copies := (n / len(unit)) + 1
 		out := strings.Repeat(unit, copies)
@@ -648,37 +628,37 @@ func TestSeedInitialMemories_TruncatesOversizedContent(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			h, plugin := newSeedTestHandler()
-			workspaceID := "ws-trunc"
+			workspaceID := "ws-trunc-" + tt.name
 			content := mkContent(tt.contentLen)
 			memories := []models.MemorySeed{{Content: content, Scope: "LOCAL"}}

-			expected := content
-			if len(content) > maxMemoryContentLength {
-				expected = content[:maxMemoryContentLength]
+			if tt.expectInsert {
+				// The DB INSERT must receive content of exactly maxMemoryContentLength
+				// (not the full original length). This is the key assertion: the function
+				// truncates before calling ExecContext, so the mock expects 100_000 bytes.
+				expected := content
+				if len(content) > maxMemoryContentLength {
+					expected = content[:maxMemoryContentLength]
+				}
+				mock.ExpectExec(`INSERT INTO agent_memories`).
+					WithArgs(workspaceID, expected, "LOCAL", sqlmock.AnyArg()).
+					WillReturnResult(sqlmock.NewResult(1, 1))
 			}

-			h.seedInitialMemories(context.Background(), workspaceID, memories)
+			seedInitialMemories(context.Background(), workspaceID, memories)

-			if len(plugin.calls) != 1 {
-				t.Fatalf("plugin should have been called once, got %d calls", len(plugin.calls))
-			}
-			if plugin.calls[0].Body.Content != expected {
-				t.Errorf("plugin.Content length=%d want=%d (truncation contract)",
-					len(plugin.calls[0].Body.Content), len(expected))
-			}
-			if plugin.calls[0].Namespace != "workspace:"+workspaceID {
-				t.Errorf("namespace = %q want workspace:%s", plugin.calls[0].Namespace, workspaceID)
+			if err := mock.ExpectationsWereMet(); err != nil {
+				t.Errorf("unmet DB expectations: %v", err)
 			}
 		})
 	}
 }

-// TestSeedInitialMemories_RedactsSecrets verifies redactSecrets is called
-// before the plugin commit so that credentials in template memories never
-// reach the plugin. Regression test for F1085 / #1132, ported to v2 path.
+// TestSeedInitialMemories_RedactsSecrets verifies that redactSecrets is called
+// before the INSERT so that credentials in template memories never land
+// unredacted in agent_memories. Regression test for F1085 / #1132.
 func TestSeedInitialMemories_RedactsSecrets(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	raw := "Remember to set OPENAI_API_KEY=sk-abcdef123456 in the config file"
 	wantRedacted, changed := redactSecrets("ws-redact-test", raw)
@@ -686,46 +666,45 @@ func TestSeedInitialMemories_RedactsSecrets(t *testing.T) {
 		t.Fatalf("precondition: redactSecrets must change the test content")
 	}

+	workspaceID := "ws-redact-test"
 	memories := []models.MemorySeed{{Content: raw, Scope: "LOCAL"}}
-	h.seedInitialMemories(context.Background(), "ws-redact-test", memories)

-	if len(plugin.calls) != 1 {
-		t.Fatalf("plugin should have been called once, got %d", len(plugin.calls))
-	}
-	if plugin.calls[0].Body.Content != wantRedacted {
-		t.Errorf("plugin received unredacted content; got %q want %q",
-			plugin.calls[0].Body.Content, wantRedacted)
+	// The INSERT must receive the REDACTED content, not the raw secret.
+	mock.ExpectExec(`INSERT INTO agent_memories`).
+		WithArgs(workspaceID, wantRedacted, "LOCAL", sqlmock.AnyArg()).
+		WillReturnResult(sqlmock.NewResult(1, 1))
+
+	seedInitialMemories(context.Background(), workspaceID, memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unmet DB expectations: %v", err)
 	}
 }

 // TestSeedInitialMemories_InvalidScopeSkipped verifies that entries with an
-// unrecognized scope value are silently skipped (not committed to plugin).
+// unrecognized scope value are silently skipped (not inserted).
 func TestSeedInitialMemories_InvalidScopeSkipped(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)
+	mock.ExpectationsWereMet() // no DB calls expected for invalid scope

 	memories := []models.MemorySeed{
 		{Content: "this should be skipped", Scope: "NOT_A_REAL_SCOPE"},
 	}

-	h.seedInitialMemories(context.Background(), "ws-bad-scope", memories)
+	seedInitialMemories(context.Background(), "ws-bad-scope", memories)

-	if len(plugin.calls) != 0 {
-		t.Errorf("plugin should not have been called for invalid scope; got %d calls", len(plugin.calls))
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("unexpected DB calls for invalid scope: %v", err)
 	}
 }

 // TestSeedInitialMemories_EmptyMemoriesNil verifies that a nil memories slice
-// is handled without error (no plugin calls).
+// is handled without error (no DB calls).
 func TestSeedInitialMemories_EmptyMemoriesNil(t *testing.T) {
 	mock := setupTestDB(t)
 	mock.ExpectationsWereMet()

-	h, plugin := newSeedTestHandler()
-	h.seedInitialMemories(context.Background(), "ws-nil", nil)
-
-	if len(plugin.calls) != 0 {
-		t.Errorf("plugin should not have been called for nil memories; got %d", len(plugin.calls))
-	}
+	seedInitialMemories(context.Background(), "ws-nil", nil)

 	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("unexpected DB calls for nil slice: %v", err)
@@ -998,11 +977,10 @@ func containsStr(s, substr string) bool {
 // or broadcast payload contains ONLY the generic prod-safe message.

 // TestSeedInitialMemories_Truncation verifies that seedInitialMemories
-// truncates content at maxMemoryContentLength before the plugin commit.
-// Regression test for the CWE-400 boundary enforcement (#1167 + #1208).
-// Ported from sqlmock to plugin-stub by #1755.
+// truncates content at maxMemoryContentLength before INSERT. Regression
+// test for the error-sanitization / memory-seed contract.
 func TestSeedInitialMemories_Truncation(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	// Content sized > maxMemoryContentLength so we can assert truncation
 	// fires. Each "hello world " is 12 bytes; 8334 copies = 100008 bytes.
@@ -1015,37 +993,41 @@ func TestSeedInitialMemories_Truncation(t *testing.T) {
 	memories := []models.MemorySeed{
 		{Content: largeContent, Scope: "LOCAL"},
 	}
-	h.seedInitialMemories(context.Background(), "ws-1066-test", memories)

-	if len(plugin.calls) != 1 {
-		t.Fatalf("expected 1 plugin call, got %d", len(plugin.calls))
-	}
-	if plugin.calls[0].Body.Content != expectTruncated {
-		t.Errorf("plugin content length=%d want=%d (truncate-to-100k contract)",
-			len(plugin.calls[0].Body.Content), len(expectTruncated))
+	mock.ExpectExec(`INSERT INTO agent_memories`).
+		WithArgs(sqlmock.AnyArg(), expectTruncated, "LOCAL", sqlmock.AnyArg()).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	seedInitialMemories(context.Background(), "ws-1066-test", memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("DB expectations not met: %v\n"+
+			"INSERT should fire with truncated 100_000-byte content, not 100_001-byte", err)
 	}
 }

 // TestSeedInitialMemories_ContentUnderLimit passes through unchanged.
 func TestSeedInitialMemories_ContentUnderLimit(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	memories := []models.MemorySeed{
 		{Content: "short content", Scope: "TEAM"},
 	}
-	h.seedInitialMemories(context.Background(), "ws-1066-under", memories)

-	if len(plugin.calls) != 1 {
-		t.Fatalf("expected 1 plugin call, got %d", len(plugin.calls))
-	}
-	if plugin.calls[0].Body.Content != "short content" {
-		t.Errorf("plugin content = %q want %q", plugin.calls[0].Body.Content, "short content")
+	mock.ExpectExec(`INSERT INTO agent_memories`).
+		WithArgs(sqlmock.AnyArg(), "short content", "TEAM", sqlmock.AnyArg()).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	seedInitialMemories(context.Background(), "ws-1066-under", memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("DB expectations not met: %v", err)
 	}
 }

 // TestSeedInitialMemories_ExactlyAtLimit passes through unchanged (boundary case).
 func TestSeedInitialMemories_ExactlyAtLimit(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	// Exactly maxMemoryContentLength — should NOT be truncated. Content
 	// must include spaces so redactSecrets doesn't collapse it into a
@@ -1056,194 +1038,56 @@ func TestSeedInitialMemories_ExactlyAtLimit(t *testing.T) {
 	memories := []models.MemorySeed{
 		{Content: atLimitContent, Scope: "LOCAL"},
 	}
-	h.seedInitialMemories(context.Background(), "ws-boundary", memories)

-	if len(plugin.calls) != 1 {
-		t.Fatalf("expected 1 plugin call, got %d", len(plugin.calls))
-	}
-	if plugin.calls[0].Body.Content != atLimitContent {
-		t.Errorf("at-limit content was modified; len got=%d want=%d",
-			len(plugin.calls[0].Body.Content), len(atLimitContent))
+	mock.ExpectExec(`INSERT INTO agent_memories`).
+		WithArgs(sqlmock.AnyArg(), atLimitContent, "LOCAL", sqlmock.AnyArg()).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	seedInitialMemories(context.Background(), "ws-boundary", memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("DB expectations not met: %v", err)
 	}
 }

-// TestSeedInitialMemories_EmptyContent is skipped (no plugin call).
+// TestSeedInitialMemories_EmptyContent is skipped (no DB call).
 func TestSeedInitialMemories_EmptyContent(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	memories := []models.MemorySeed{
 		{Content: "", Scope: "LOCAL"},
 	}
-	h.seedInitialMemories(context.Background(), "ws-empty", memories)

-	if len(plugin.calls) != 0 {
-		t.Errorf("plugin should not have been called for empty content; got %d calls", len(plugin.calls))
+	// seedInitialMemories skips empty content at line 234 — no DB call expected.
+	seedInitialMemories(context.Background(), "ws-empty", memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("DB expectations not met: %v", err)
 	}
 }

-// TestSeedInitialMemories_OversizedWithSecrets verifies truncation fires
-// BEFORE redaction even when content is secret-shaped — the boundary
-// enforcement runs before any other content inspection. The redactor
-// then collapses the truncated buffer into its placeholder form
-// (e.g. "[REDACTED:API_KEY]"), so the final content is much shorter
-// than 100k. The contract this test pins is:
-//
-//   1. Plugin IS called exactly once (oversized + secret-shaped content
-//      is not silently dropped).
-//   2. The raw secret literal must NOT reach the plugin.
-//   3. (Bonus) The content the plugin sees is the redactor's output,
-//      not the raw 200k.
+// TestSeedInitialMemories_OversizedWithSecrets truncates at 100k even when content
+// contains credential patterns — the boundary enforcement runs before any other
+// content inspection.
 func TestSeedInitialMemories_OversizedWithSecrets(t *testing.T) {
-	h, plugin := newSeedTestHandler()
+	mock := setupTestDB(t)

 	// 200k of content that looks like secrets — truncation must still fire at 100k.
 	largeWithSecrets := "ANTHROPIC_API_KEY=sk-ant-xxxx" + strings.Repeat("X", 200_000)
 	memories := []models.MemorySeed{
 		{Content: largeWithSecrets, Scope: "GLOBAL"},
 	}
-	h.seedInitialMemories(context.Background(), "ws-secrets", memories)

-	if len(plugin.calls) != 1 {
-		t.Fatalf("expected 1 plugin call, got %d", len(plugin.calls))
+	mock.ExpectExec(`INSERT INTO agent_memories`).
+		// Content must be truncated to exactly 100k before INSERT fires.
+		WithArgs(sqlmock.AnyArg(), sqlmock.AnyArg(), "GLOBAL", sqlmock.AnyArg()).
+		WillReturnResult(sqlmock.NewResult(0, 1))
+
+	seedInitialMemories(context.Background(), "ws-secrets", memories)
+
+	if err := mock.ExpectationsWereMet(); err != nil {
+		t.Errorf("DB expectations not met: %v", err)
 	}
-	got := plugin.calls[0].Body.Content
-	if len(got) > maxMemoryContentLength {
-		t.Errorf("plugin content length = %d exceeds truncation cap %d", len(got), maxMemoryContentLength)
-	}
-	if strings.Contains(got, "sk-ant-xxxx") {
-		t.Errorf("plugin received raw secret literal — redaction did not fire: %q", got)
-	}
-}
-
-// captureSeedLogs runs fn with the package-level log writer redirected
-// into a buffer so tests can assert on operator-visible warnings.
-// Restores the prior writer on exit so other tests aren't affected.
-// Mirrors the pattern in internal/memory/wiring/wiring_test.go.
-func captureSeedLogs(t *testing.T, fn func()) string {
-	t.Helper()
-	var buf bytes.Buffer
-	prev := log.Writer()
-	log.SetOutput(&buf)
-	t.Cleanup(func() { log.SetOutput(prev) })
-	fn()
-	return buf.String()
-}
-
-// TestSeedInitialMemories_PluginNotWired_LogsAndSkips covers #1755's
-// fail-soft behavior: when the operator hasn't set MEMORY_PLUGIN_URL
-// (so WithSeedMemoryPlugin was never called), seeding should NOT crash
-// and NOT write anywhere — it logs an operator-actionable warning and
-// returns. Log-capture pins the warning so a future refactor that
-// drops the line silently regresses observability (#1759 review N1).
-func TestSeedInitialMemories_PluginNotWired_LogsAndSkips(t *testing.T) {
-	h := &WorkspaceHandler{} // seedMemoryPlugin nil
-
-	memories := []models.MemorySeed{
-		{Content: "would never persist", Scope: "LOCAL"},
-		{Content: "ditto", Scope: "TEAM"},
-	}
-
-	out := captureSeedLogs(t, func() {
-		// Must not panic; must not error.
-		h.seedInitialMemories(context.Background(), "ws-no-plugin", memories)
-	})
-
-	if !strings.Contains(out, "v2 memory plugin not wired") {
-		t.Errorf("operator-visibility regression: expected log to mention 'v2 memory plugin not wired', got:\n%s", out)
-	}
-	if !strings.Contains(out, "MEMORY_PLUGIN_URL") {
-		t.Errorf("operator-visibility regression: log should hint at MEMORY_PLUGIN_URL env var; got:\n%s", out)
-	}
-	if !strings.Contains(out, "ws-no-plugin") {
-		t.Errorf("operator-visibility regression: log should include workspace id for diagnosability; got:\n%s", out)
-	}
-}
-
-// TestSeedInitialMemories_PluginCommitError_ContinuesLoop pins the
-// "each plugin call is attempted independently" contract — if the
-// plugin errors on commit, the loop must keep going for the next
-// memory rather than aborting the whole seed batch. Log-capture
-// pins that each failure is surfaced individually so operators can
-// see WHICH seeds failed (#1759 review N1).
-func TestSeedInitialMemories_PluginCommitError_ContinuesLoop(t *testing.T) {
-	stub := &stubSeedPlugin{commitErr: errors.New("plugin down")}
-	h := &WorkspaceHandler{seedMemoryPlugin: stub}
-
-	memories := []models.MemorySeed{
-		{Content: "one", Scope: "LOCAL"},
-		{Content: "two", Scope: "LOCAL"},
-		{Content: "three", Scope: "LOCAL"},
-	}
-
-	out := captureSeedLogs(t, func() {
-		h.seedInitialMemories(context.Background(), "ws-erroring-plugin", memories)
-	})
-
-	// All three should have been attempted even though each errored.
-	if len(stub.calls) != 3 {
-		t.Errorf("expected 3 plugin attempts despite errors, got %d", len(stub.calls))
-	}
-
-	// Each failure must produce a log line so an operator tailing
-	// stderr sees the failures one by one (not just a swallowed loop).
-	failures := strings.Count(out, "plugin commit failed")
-	if failures != 3 {
-		t.Errorf("expected 3 'plugin commit failed' log lines, got %d; output:\n%s", failures, out)
-	}
-	if !strings.Contains(out, "plugin down") {
-		t.Errorf("log should surface the underlying error message; got:\n%s", out)
-	}
-}
-
-// TestSeedInitialMemories_PartialFailure_CounterIsAccurate covers the
-// gap #1759 review flagged: a mixed batch where some seeds succeed and
-// others fail. The "seeded %d/%d" summary log must reflect the actual
-// success count, not the attempt count.
-func TestSeedInitialMemories_PartialFailure_CounterIsAccurate(t *testing.T) {
-	callCount := 0
-	stub := &stubSeedPlugin{}
-	// Wrap stub to fail every other call.
-	h := &WorkspaceHandler{seedMemoryPlugin: stubAlternatingFailures(stub, &callCount)}
-
-	memories := []models.MemorySeed{
-		{Content: "one", Scope: "LOCAL"},
-		{Content: "two", Scope: "LOCAL"},
-		{Content: "three", Scope: "LOCAL"},
-		{Content: "four", Scope: "LOCAL"},
-	}
-
-	out := captureSeedLogs(t, func() {
-		h.seedInitialMemories(context.Background(), "ws-mixed", memories)
-	})
-
-	// All four attempted.
-	if callCount != 4 {
-		t.Errorf("expected 4 plugin attempts, got %d", callCount)
-	}
-	// Half failed → seeded counter should be 2/4 in the summary log.
-	if !strings.Contains(out, "seeded 2/4 memories") {
-		t.Errorf("expected 'seeded 2/4 memories' in summary log to reflect partial success; got:\n%s", out)
-	}
-}
-
-// stubAlternatingFailures wraps a stub plugin so that every other
-// CommitMemory call errors. callCount is incremented on each invocation
-// (caller owns the pointer).
-func stubAlternatingFailures(_ *stubSeedPlugin, callCount *int) seedMemoryPluginAPI {
-	return alternatingFailingPlugin{count: callCount}
-}
-
-type alternatingFailingPlugin struct {
-	count *int
-}
-
-func (a alternatingFailingPlugin) CommitMemory(_ context.Context, ns string, body contract.MemoryWrite) (*contract.MemoryWriteResponse, error) {
-	*a.count++
-	if *a.count%2 == 1 {
-		// Odd-numbered calls (1st, 3rd) fail.
-		return nil, errors.New("transient plugin hiccup")
-	}
-	return &contract.MemoryWriteResponse{ID: fmt.Sprintf("mem-%d", *a.count), Namespace: ns}, nil
 }

 // ==================== error-sanitization regression tests ====================
@@ -39,30 +39,41 @@ type Bundle struct {
 // Build returns a wired Bundle if MEMORY_PLUGIN_URL is set, else nil.
 //
 // It probes /v1/health at boot — when the plugin is unreachable, we
-// log a warning but STILL return the bundle. The MCP layer's circuit
-// breaker handles ongoing unavailability.
+// log a warning but STILL return the bundle. The MCP layer's
+// circuit breaker handles ongoing unavailability; we don't want to
+// block workspace-server boot just because the memory plugin is
+// briefly down.
 //
-// Issue #1733: when MEMORY_PLUGIN_URL is unset the bundle is nil and
-// every memory MCP tool returns a clear "plugin not configured" error
-// (mcp_tools.go). There is no longer a silent SQL fallback to
-// agent_memories, so the previous half-configured-cutover guard is
-// gone — a missing URL fails loudly on first memory call instead of
-// quietly serving stale legacy data.
-//
-// MEMORY_V2_CUTOVER is left intact as a deployment marker (CP user-data
-// reads it before spawning the sidecar in entrypoint-tenant.sh); we no
-// longer branch on it inside the platform binary.
+// Silent-misconfig guard: if MEMORY_V2_CUTOVER=true is set without
+// MEMORY_PLUGIN_URL, the cutoverActive() check in handlers silently
+// returns false and the legacy SQL path serves every request. The
+// operator sees no errors, no warnings, and assumes the cutover is
+// live. Log a LOUD WARN at boot when the env is half-configured so
+// the misconfig is visible in the boot log, not detectable only by
+// observing that the legacy table is still being written to.
 func Build(db *sql.DB) *Bundle {
+	cutover := os.Getenv("MEMORY_V2_CUTOVER") == "true"
 	pluginURL := os.Getenv("MEMORY_PLUGIN_URL")
+
 	if pluginURL == "" {
-		log.Printf("memory-plugin: MEMORY_PLUGIN_URL is unset — v2 memory MCP tools (commit_memory, recall_memory, admin export/import) will return 'plugin not configured' to callers. Set MEMORY_PLUGIN_URL to activate.")
+		if cutover {
+			log.Printf("memory-plugin: ⚠️  MEMORY_V2_CUTOVER=true but MEMORY_PLUGIN_URL is unset — cutover is INACTIVE, legacy SQL path is serving every request. Either unset MEMORY_V2_CUTOVER or point MEMORY_PLUGIN_URL at a reachable plugin server.")
+		}
 		return nil
 	}
 	plugin := mclient.New(mclient.Config{})
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 	if hr, err := plugin.Boot(ctx); err != nil {
-		log.Printf("memory-plugin: ⚠️  /v1/health probe failed at boot (%v). MCP memory calls will error until the plugin becomes reachable. Verify MEMORY_PLUGIN_URL=%s.", err, pluginURL)
+		// Log even louder when cutover is on — an unreachable plugin
+		// during cutover means writes that the operator THINKS are
+		// going to v2 will silently fall back to legacy via the
+		// circuit breaker on each request. Make it impossible to miss.
+		if cutover {
+			log.Printf("memory-plugin: ⚠️  MEMORY_V2_CUTOVER=true and MEMORY_PLUGIN_URL=%s but /v1/health probe failed (%v). Cutover writes will fall back to legacy via circuit breaker. Verify the plugin server is reachable.", pluginURL, err)
+		} else {
+			log.Printf("memory-plugin: /v1/health probe failed (will retry per-request): %v", err)
+		}
 	} else {
 		log.Printf("memory-plugin: ok, capabilities=%v", hr.Capabilities)
 	}
@@ -166,43 +166,69 @@ func captureLogs(t *testing.T, fn func()) string {
 	return buf.String()
 }

-// Issue #1733: the old "cutover-without-URL" and "cutover-with-failing-
-// probe" loud-warning tests are gone — workspace-server no longer
-// branches on MEMORY_V2_CUTOVER (v2 is unconditional now), so the
-// half-configured-cutover failure mode they guarded against can no
-// longer occur. The two surviving tests below pin the new shape:
-// one log line when URL is unset, one when the boot-time probe fails.
-
-// TestBuild_LogsWhenURLUnset confirms the operator-visible boot log
-// line that fires when MEMORY_PLUGIN_URL is unset — every memory MCP
-// tool will then return "plugin not configured" to callers.
-func TestBuild_LogsWhenURLUnset(t *testing.T) {
+// TestBuild_WarnsWhenCutoverWithoutPluginURL pins the silent-misconfig
+// guard: an operator who flips MEMORY_V2_CUTOVER=true without also
+// pointing MEMORY_PLUGIN_URL at a plugin server has just disabled the
+// cutover with no error visible. Without this WARN, the only signal
+// is "the legacy table is still being written to" — invisible to
+// every operator who doesn't explicitly check.
+func TestBuild_WarnsWhenCutoverWithoutPluginURL(t *testing.T) {
+	t.Setenv("MEMORY_V2_CUTOVER", "true")
 	t.Setenv("MEMORY_PLUGIN_URL", "")
 	out := captureLogs(t, func() {
 		if got := Build(nil); got != nil {
 			t.Errorf("expected nil bundle, got %+v", got)
 		}
 	})
-	if !strings.Contains(out, "MEMORY_PLUGIN_URL is unset") {
-		t.Errorf("expected boot log to mention MEMORY_PLUGIN_URL is unset; got:\n%s", out)
+	if !strings.Contains(out, "MEMORY_V2_CUTOVER=true") || !strings.Contains(out, "MEMORY_PLUGIN_URL is unset") {
+		t.Errorf("expected loud WARN about half-configured cutover; got log:\n%s", out)
 	}
 }

-// TestBuild_LogsWhenProbeFails confirms the boot log line that fires
-// when MEMORY_PLUGIN_URL is set but the plugin is unreachable. The
-// bundle is still returned (per the comment on Build) so the platform
-// keeps booting — MCP calls error per-request until the plugin recovers.
-func TestBuild_LogsWhenProbeFails(t *testing.T) {
+// TestBuild_NoWarnWhenNeitherSet pins the happy default: an operator
+// running without the v2 plugin should not see scary warnings.
+func TestBuild_NoWarnWhenNeitherSet(t *testing.T) {
+	t.Setenv("MEMORY_V2_CUTOVER", "")
+	t.Setenv("MEMORY_PLUGIN_URL", "")
+	out := captureLogs(t, func() { _ = Build(nil) })
+	if strings.Contains(out, "MEMORY_V2_CUTOVER") {
+		t.Errorf("expected no MEMORY_V2_CUTOVER warning when env is unset; got log:\n%s", out)
+	}
+}
+
+// TestBuild_LoudWarnWhenCutoverAndProbeFails pins the second
+// half-config case: cutover is on AND plugin URL is set, but the
+// /v1/health probe fails (server down or wrong URL). Without this
+// loud WARN, the operator sees only the generic "probe failed" line
+// that gets emitted even when cutover is OFF — hiding the fact that
+// real cutover writes will quietly fall back via circuit breaker.
+func TestBuild_LoudWarnWhenCutoverAndProbeFails(t *testing.T) {
+	t.Setenv("MEMORY_V2_CUTOVER", "true")
 	t.Setenv("MEMORY_PLUGIN_URL", "http://127.0.0.1:1") // bogus port
 	db, _, _ := sqlmock.New()
 	defer db.Close()
-	out := captureLogs(t, func() {
-		if got := Build(db); got == nil {
-			t.Error("expected non-nil bundle when URL is set, got nil")
-		}
-	})
-	if !strings.Contains(out, "/v1/health probe failed") {
-		t.Errorf("expected boot log to mention probe failure; got:\n%s", out)
+	out := captureLogs(t, func() { _ = Build(db) })
+	if !strings.Contains(out, "MEMORY_V2_CUTOVER=true") || !strings.Contains(out, "probe failed") {
+		t.Errorf("expected loud WARN about cutover-with-failing-probe; got log:\n%s", out)
+	}
+}
+
+// TestBuild_QuietProbeFailWhenCutoverOff: the operator is in PRE-cutover
+// mode (plugin URL set, cutover off — they're warming up the plugin).
+// A failing probe in this state is not a misconfig — it should log the
+// generic message, NOT the loud cutover-specific one (so log noise
+// doesn't drown out real cutover misconfigs in dashboards).
+func TestBuild_QuietProbeFailWhenCutoverOff(t *testing.T) {
+	t.Setenv("MEMORY_V2_CUTOVER", "")
+	t.Setenv("MEMORY_PLUGIN_URL", "http://127.0.0.1:1")
+	db, _, _ := sqlmock.New()
+	defer db.Close()
+	out := captureLogs(t, func() { _ = Build(db) })
+	if strings.Contains(out, "MEMORY_V2_CUTOVER=true") {
+		t.Errorf("expected no cutover-specific warning when cutover is off; got log:\n%s", out)
+	}
+	if !strings.Contains(out, "probe failed") {
+		t.Errorf("expected generic probe-failed log; got log:\n%s", out)
 	}
 }

@@ -182,7 +182,6 @@ func Setup(hub *ws.Hub, broadcaster *events.Broadcaster, prov *provisioner.Provi
 		// URLs, so keep the endpoint admin-gated from the first unavailable
 		// state rather than widening it later.
 		wsAdmin.GET("/workspaces/:id/display", wh.Display)
-		wsAdmin.GET("/workspaces/:id/display/session/*proxyPath", wh.DisplaySession)
 		wsAdmin.GET("/workspaces/:id/display/control", wh.DisplayControl)
 		wsAdmin.POST("/workspaces/:id/display/control/acquire", wh.AcquireDisplayControl)
 		wsAdmin.POST("/workspaces/:id/display/control/release", wh.ReleaseDisplayControl)
@@ -18,7 +18,6 @@ func buildWorkspaceDisplayEngine(t *testing.T) *gin.Engine {
 	r := gin.New()
 	wh := handlers.NewWorkspaceHandler(nil, nil, "http://localhost:8080", t.TempDir())
 	r.GET("/workspaces/:id/display", middleware.AdminAuth(db.DB), wh.Display)
-	r.GET("/workspaces/:id/display/session/*proxyPath", middleware.AdminAuth(db.DB), wh.DisplaySession)
 	r.POST("/workspaces/:id/display/control/acquire", middleware.AdminAuth(db.DB), wh.AcquireDisplayControl)
 	return r
 }
@@ -60,22 +59,3 @@ func TestWorkspaceDisplayControlRoute_RequiresAdminAuth(t *testing.T) {
 		t.Errorf("sqlmock unmet: %v", err)
 	}
 }
-
-func TestWorkspaceDisplaySessionRoute_RequiresAdminAuth(t *testing.T) {
-	t.Setenv("ADMIN_TOKEN", "test-admin-secret-not-presented-by-caller")
-	mock := setupRouterTestDB(t)
-	mock.ExpectQuery("SELECT COUNT.*FROM workspace_auth_tokens").
-		WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(1))
-
-	r := buildWorkspaceDisplayEngine(t)
-	w := httptest.NewRecorder()
-	req := httptest.NewRequest(http.MethodGet, "/workspaces/ws-display/display/session/vnc.html", nil)
-	r.ServeHTTP(w, req)
-
-	if w.Code != http.StatusUnauthorized {
-		t.Errorf("expected 401 for unauthenticated request, got %d: %s", w.Code, w.Body.String())
-	}
-	if err := mock.ExpectationsWereMet(); err != nil {
-		t.Errorf("sqlmock unmet: %v", err)
-	}
-}