feat: wire dispatch execution and device import flows

src/app/api/device-heartbeat/route.ts

@@ -13,6 +13,16 @@ export async function POST(request: NextRequest) {
     quota5h?: number;
     quota7d?: number;
     projects?: string[];
+    projectCandidates?: Array<{
+      folderName?: string;
+      folderRef?: string;
+      threadId?: string;
+      threadDisplayName?: string;
+      codexFolderRef?: string;
+      codexThreadRef?: string;
+      lastActiveAt?: string;
+      suggestedImport?: boolean;
+    }>;
     endpoint?: string;
   };
 
@@ -38,6 +48,21 @@ export async function POST(request: NextRequest) {
     quota5h: body.quota5h ?? 0,
     quota7d: body.quota7d ?? 0,
     projects: body.projects,
+    projectCandidates: (body.projectCandidates ?? []).filter(
+      (candidate) =>
+        candidate.folderName?.trim() &&
+        candidate.threadId?.trim() &&
+        candidate.threadDisplayName?.trim(),
+    ) as Array<{
+      folderName: string;
+      folderRef?: string;
+      threadId: string;
+      threadDisplayName: string;
+      codexFolderRef?: string;
+      codexThreadRef?: string;
+      lastActiveAt?: string;
+      suggestedImport?: boolean;
+    }>,
     endpoint: body.endpoint,
   });
 

src/app/api/v1/devices/[deviceId]/import-draft/apply/route.ts

@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireRequestSession } from "@/lib/boss-auth";
+import { applyDeviceImportResolution } from "@/lib/boss-data";
+
+export async function POST(
+  request: NextRequest,
+  context: { params: Promise<{ deviceId: string }> },
+) {
+  const session = await requireRequestSession(request);
+  if (!session) {
+    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+  }
+
+  const { deviceId } = await context.params;
+
+  try {
+    const result = await applyDeviceImportResolution({
+      deviceId,
+      appliedBy: session.account,
+    });
+    return NextResponse.json({ ok: true, ...result });
+  } catch (error) {
+    return NextResponse.json(
+      { ok: false, message: error instanceof Error ? error.message : "UNKNOWN_ERROR" },
+      { status: 400 },
+    );
+  }
+}

src/app/api/v1/devices/[deviceId]/import-draft/review/route.ts

@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireRequestSession } from "@/lib/boss-auth";
+import { resolveDeviceImportDraft } from "@/lib/boss-data";
+
+export async function POST(
+  request: NextRequest,
+  context: { params: Promise<{ deviceId: string }> },
+) {
+  const session = await requireRequestSession(request);
+  if (!session) {
+    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+  }
+
+  const { deviceId } = await context.params;
+
+  try {
+    const result = await resolveDeviceImportDraft({
+      deviceId,
+      reviewedBy: session.account,
+    });
+    return NextResponse.json({ ok: true, ...result });
+  } catch (error) {
+    return NextResponse.json(
+      { ok: false, message: error instanceof Error ? error.message : "UNKNOWN_ERROR" },
+      { status: 400 },
+    );
+  }
+}

src/app/api/v1/devices/[deviceId]/import-draft/route.ts

@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireRequestSession } from "@/lib/boss-auth";
+import { getLatestDeviceImportDraft } from "@/lib/boss-data";
+
+export async function GET(
+  request: NextRequest,
+  context: { params: Promise<{ deviceId: string }> },
+) {
+  const session = await requireRequestSession(request);
+  if (!session) {
+    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+  }
+
+  const { deviceId } = await context.params;
+  const result = await getLatestDeviceImportDraft(deviceId);
+  return NextResponse.json({ ok: true, ...result });
+}

src/app/api/v1/devices/[deviceId]/import-draft/select/route.ts

@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from "next/server";
+import { requireRequestSession } from "@/lib/boss-auth";
+import { selectDeviceImportCandidates } from "@/lib/boss-data";
+
+export async function POST(
+  request: NextRequest,
+  context: { params: Promise<{ deviceId: string }> },
+) {
+  const session = await requireRequestSession(request);
+  if (!session) {
+    return NextResponse.json({ ok: false, message: "UNAUTHORIZED" }, { status: 401 });
+  }
+
+  const body = (await request.json().catch(() => ({}))) as {
+    selectedCandidateIds?: string[];
+  };
+  const { deviceId } = await context.params;
+
+  try {
+    const draft = await selectDeviceImportCandidates({
+      deviceId,
+      selectedCandidateIds: body.selectedCandidateIds ?? [],
+      selectedBy: session.account,
+    });
+    return NextResponse.json({ ok: true, draft });
+  } catch (error) {
+    return NextResponse.json(
+      { ok: false, message: error instanceof Error ? error.message : "UNKNOWN_ERROR" },
+      { status: 400 },
+    );
+  }
+}

src/app/api/v1/master-agent/tasks/[taskId]/complete/route.ts

@@ -12,6 +12,10 @@ export async function POST(
     replyBody?: string;
     errorMessage?: string;
     requestId?: string;
+    dispatchExecutionId?: string;
+    targetProjectId?: string;
+    targetThreadId?: string;
+    rawThreadReply?: string;
   };
 
   if (!body.deviceId?.trim()) {
@@ -33,6 +37,10 @@ export async function POST(
       replyBody: body.replyBody,
       errorMessage: body.errorMessage,
       requestId: body.requestId,
+      dispatchExecutionId: body.dispatchExecutionId,
+      targetProjectId: body.targetProjectId,
+      targetThreadId: body.targetThreadId,
+      rawThreadReply: body.rawThreadReply,
     });
     return NextResponse.json({ ok: true, task });
   } catch (error) {