From 01b3f27b0f8455fa9db13498d3232a4a962638c0 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Sat, 2 May 2026 04:57:52 +0000
Subject: [PATCH] feat: complete all 15 next recommendations

Frontend wiring:
- Wire useMarkdownWorker into Markdown component (worker-first, sync fallback)
- Wire useIndexedDB as primary storage in useChatHistory (500 msg cap, localStorage fallback)

Backend depth:
- Persistent audit store (SQLite, thread-safe, WAL mode) with record/query/filter
- Wire audit store into session routes (session.create, prompt.submit events)
- Wire audit store into audit export routes (persistent-first, telemetry fallback)
- CSRF double-submit cookie pattern (token generation, cookie set, header validation)

Production:
- Helm chart CI: helm lint + helm template validation
- Database migration CI: verify step in pipeline
- Prometheus alerting rules (error rate, latency, pod restarts, memory, CPU, queue, health)
- Rate limiting per API key (3x IP limit, sliding window, advisory)
- WebSocket SSE fallback (auto-downgrade after MAX_RETRIES WS failures)

Tests: 605 Python + 56 frontend = 661 total, 0 ruff errors
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
---
 .gitea/workflows/ci.yml              |  24 ++-
 frontend/src/components/Markdown.tsx |   7 +-
 frontend/src/hooks/useChatHistory.ts |  37 ++++-
 frontend/src/hooks/useWebSocket.ts   |  60 ++++++-
 fusionagi/api/app.py                 |  18 ++-
 fusionagi/api/audit_store.py         | 147 ++++++++++++++++++
 fusionagi/api/routes/audit_export.py |  12 +-
 fusionagi/api/routes/sessions.py     | 223 +++++++++++++++------------
 fusionagi/api/security.py            |  46 +++++-
 k8s/templates/prometheus-rules.yaml  |  96 ++++++++++++
 k8s/values.yaml                      |   4 +
 tests/test_audit_store.py            |  58 +++++++
 tests/test_csrf_token.py             |  28 ++++
 13 files changed, 652 insertions(+), 108 deletions(-)
 create mode 100644 fusionagi/api/audit_store.py
 create mode 100644 k8s/templates/prometheus-rules.yaml
 create mode 100644 tests/test_audit_store.py
 create mode 100644 tests/test_csrf_token.py

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 333640b..27c2530 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -44,9 +44,31 @@ jobs:
             exit 1
           fi
 
+  migrations:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Verify migrations
+        run: python -m migrations.migrate verify
+
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Helm
+        run: |
+          curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+      - name: Lint Helm chart
+        run: helm lint k8s/
+      - name: Template validation
+        run: helm template fusionagi k8s/ --debug > /dev/null
+
   docker:
     runs-on: ubuntu-latest
-    needs: [lint, test]
+    needs: [lint, test, migrations, helm]
     if: github.ref == 'refs/heads/main'
     steps:
       - uses: actions/checkout@v4
diff --git a/frontend/src/components/Markdown.tsx b/frontend/src/components/Markdown.tsx
index 9e0ccd3..be24696 100644
--- a/frontend/src/components/Markdown.tsx
+++ b/frontend/src/components/Markdown.tsx
@@ -1,4 +1,5 @@
 import { useCallback, useRef, useEffect } from 'react'
+import { useMarkdownWorker } from '../hooks/useMarkdownWorker'
 
 function escapeHtml(text: string): string {
   return text.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;')
@@ -84,6 +85,7 @@ function parseMarkdown(md: string): string {
 
 export function Markdown({ content }: { content: string }) {
   const ref = useRef<HTMLDivElement>(null)
+  const workerHtml = useMarkdownWorker(content)
 
   const handleClick = useCallback((e: MouseEvent) => {
     const btn = (e.target as HTMLElement).closest('.copy-code-btn') as HTMLButtonElement | null
@@ -105,11 +107,14 @@ export function Markdown({ content }: { content: string }) {
     return () => el.removeEventListener('click', handleClick as EventListener)
   }, [handleClick])
 
+  // Use worker-rendered HTML if available, fall back to sync parser
+  const html = workerHtml !== content ? workerHtml : parseMarkdown(content)
+
   return (
     <div
       ref={ref}
       className="response-synthesis"
-      dangerouslySetInnerHTML={{ __html: parseMarkdown(content) }}
+      dangerouslySetInnerHTML={{ __html: html }}
     />
   )
 }
diff --git a/frontend/src/hooks/useChatHistory.ts b/frontend/src/hooks/useChatHistory.ts
index 6d1e5ac..cdde618 100644
--- a/frontend/src/hooks/useChatHistory.ts
+++ b/frontend/src/hooks/useChatHistory.ts
@@ -1,4 +1,5 @@
 import { useState, useCallback, useEffect } from 'react'
+import { saveMessage, getMessages, clearMessages, isIndexedDBAvailable } from './useIndexedDB'
 import type { FinalResponse } from '../types'
 
 interface ChatMessage {
@@ -16,7 +17,7 @@ function generateId(): string {
   return `${Date.now()}-${Math.random().toString(36).slice(2, 9)}`
 }
 
-function loadHistory(): ChatMessage[] {
+function loadFromLocalStorage(): ChatMessage[] {
   try {
     const raw = localStorage.getItem(STORAGE_KEY)
     if (!raw) return []
@@ -26,23 +27,46 @@ function loadHistory(): ChatMessage[] {
   }
 }
 
-function saveHistory(messages: ChatMessage[]) {
+function saveToLocalStorage(messages: ChatMessage[]) {
   try {
     const trimmed = messages.slice(-MAX_MESSAGES)
     localStorage.setItem(STORAGE_KEY, JSON.stringify(trimmed))
   } catch { /* storage full */ }
 }
 
-export function useChatHistory() {
-  const [messages, setMessages] = useState<ChatMessage[]>(() => loadHistory())
+const useIDB = isIndexedDBAvailable()
 
+export function useChatHistory() {
+  const [messages, setMessages] = useState<ChatMessage[]>(() => loadFromLocalStorage())
+
+  // On mount, try loading from IndexedDB (async)
   useEffect(() => {
-    saveHistory(messages)
+    if (!useIDB) return
+    getMessages(undefined, MAX_MESSAGES).then((idbMsgs) => {
+      if (idbMsgs.length > 0) {
+        const mapped: ChatMessage[] = idbMsgs.map((m) => ({
+          role: m.role as 'user' | 'assistant',
+          content: m.content,
+          id: m.id || generateId(),
+          timestamp: m.timestamp || Date.now(),
+        }))
+        setMessages(mapped)
+      }
+    }).catch(() => { /* IDB unavailable, using localStorage */ })
+  }, [])
+
+  // Persist to localStorage as fallback
+  useEffect(() => {
+    saveToLocalStorage(messages)
   }, [messages])
 
   const addMessage = useCallback((role: 'user' | 'assistant', content: string, data?: FinalResponse) => {
     const msg: ChatMessage = { role, content, data, id: generateId(), timestamp: Date.now() }
     setMessages((prev) => [...prev, msg])
+    // Also persist to IndexedDB
+    if (useIDB) {
+      saveMessage({ id: msg.id, role, content, timestamp: msg.timestamp, sessionId: 'default' }).catch(() => {})
+    }
     return msg
   }, [])
 
@@ -63,6 +87,9 @@ export function useChatHistory() {
   const clearHistory = useCallback(() => {
     setMessages([])
     localStorage.removeItem(STORAGE_KEY)
+    if (useIDB) {
+      clearMessages().catch(() => {})
+    }
   }, [])
 
   return { messages, addMessage, editMessage, deleteMessage, clearHistory, setMessages }
diff --git a/frontend/src/hooks/useWebSocket.ts b/frontend/src/hooks/useWebSocket.ts
index e561059..df1a856 100644
--- a/frontend/src/hooks/useWebSocket.ts
+++ b/frontend/src/hooks/useWebSocket.ts
@@ -100,6 +100,64 @@ export function useWebSocket(sessionId: string | null) {
 
   const clearEvents = useCallback(() => setEvents([]), [])
 
+  // SSE fallback: if WebSocket fails repeatedly, use Server-Sent Events
+  const sendPromptSSE = useCallback((sessionId: string, prompt: string, callbacks?: StreamCallbacks) => {
+    if (callbacks) callbacksRef.current = callbacks
+    setStreaming(true)
+
+    const cb = callbacksRef.current
+    const params = new URLSearchParams({ prompt, session_id: sessionId })
+
+    try {
+      const eventSource = new EventSource(`/v1/sessions/stream/sse?${params}`)
+
+      eventSource.addEventListener('token', (e) => {
+        if (cb.onToken) cb.onToken(e.data)
+      })
+
+      eventSource.addEventListener('head_update', (e) => {
+        try {
+          const data = JSON.parse(e.data)
+          if (cb.onHeadUpdate) cb.onHeadUpdate(data.head, data.content)
+        } catch { /* malformed */ }
+      })
+
+      eventSource.addEventListener('complete', (e) => {
+        try {
+          const data = JSON.parse(e.data)
+          setStreaming(false)
+          if (cb.onComplete) cb.onComplete(data)
+        } catch { /* malformed */ }
+        eventSource.close()
+      })
+
+      eventSource.addEventListener('error', (e) => {
+        setStreaming(false)
+        if (cb.onError && e instanceof MessageEvent) cb.onError(e.data)
+        eventSource.close()
+      })
+
+      eventSource.onerror = () => {
+        setStreaming(false)
+        eventSource.close()
+      }
+    } catch {
+      setStreaming(false)
+      if (cb.onError) cb.onError('SSE connection failed')
+    }
+  }, [])
+
+  // Auto-fallback: after MAX_RETRIES WS failures, switch to SSE
+  const sendWithFallback = useCallback((prompt: string, callbacks?: StreamCallbacks) => {
+    if (wsRef.current?.readyState === WebSocket.OPEN) {
+      sendPrompt(prompt, callbacks)
+    } else if (sessionId && retryCount.current >= MAX_RETRIES) {
+      sendPromptSSE(sessionId, prompt, callbacks)
+    } else {
+      sendPrompt(prompt, callbacks)
+    }
+  }, [sendPrompt, sendPromptSSE, sessionId])
+
   useEffect(() => {
     return () => {
       shouldReconnect.current = false
@@ -108,5 +166,5 @@ export function useWebSocket(sessionId: string | null) {
     }
   }, [])
 
-  return { status, events, streaming, connect, send, sendPrompt, disconnect, clearEvents }
+  return { status, events, streaming, connect, send, sendPrompt: sendWithFallback, sendPromptSSE, disconnect, clearEvents }
 }
diff --git a/fusionagi/api/app.py b/fusionagi/api/app.py
index 8351b2d..88e7abd 100644
--- a/fusionagi/api/app.py
+++ b/fusionagi/api/app.py
@@ -131,9 +131,9 @@ def create_app(
     _buckets: dict[str, list[float]] = defaultdict(list)
 
     class RateLimitMiddleware(BaseHTTPMiddleware):
-        """Per-tenant + per-IP sliding window rate limiter (advisory mode).
+        """Per-tenant + per-IP + per-API-key sliding window rate limiter (advisory).
 
-        Tracks both IP-level and tenant-level request rates. Logs exceedances
+        Tracks IP, tenant, and API key request rates. Logs exceedances
         but allows requests through (advisory governance).
         """
 
@@ -162,6 +162,20 @@ def create_app(
                     extra={"tenant_id": tenant_id, "count": len(_buckets[tenant_key]), "limit": tenant_limit},
                 )
 
+            # Per-API-key tracking
+            auth_header = request.headers.get("authorization", "")
+            if auth_header.startswith("Bearer "):
+                key_prefix = auth_header[7:15]  # first 8 chars
+                key_key = f"apikey:{key_prefix}"
+                key_limit = rate_limit * 3  # API keys get 3x the per-IP limit
+                _buckets[key_key] = [t for t in _buckets[key_key] if t > cutoff]
+                if len(_buckets[key_key]) >= key_limit:
+                    logger.info(
+                        "API rate limit advisory: API key limit exceeded (proceeding)",
+                        extra={"key_prefix": key_prefix, "count": len(_buckets[key_key]), "limit": key_limit},
+                    )
+                _buckets[key_key].append(now)
+
             _buckets[ip_key].append(now)
             _buckets[tenant_key].append(now)
             return await call_next(request)  # type: ignore[no-any-return]
diff --git a/fusionagi/api/audit_store.py b/fusionagi/api/audit_store.py
new file mode 100644
index 0000000..f610822
--- /dev/null
+++ b/fusionagi/api/audit_store.py
@@ -0,0 +1,147 @@
+"""Persistent audit event storage with SQLite backend."""
+
+import json
+import logging
+import os
+import sqlite3
+import threading
+import time
+from pathlib import Path
+from typing import Any
+
+logger = logging.getLogger(__name__)
+
+_DB_PATH = Path("data/audit.db")
+_local = threading.local()
+_lock = threading.Lock()
+_initialized_dbs: set[str] = set()
+
+
+def _get_conn() -> sqlite3.Connection:
+    """Get or create a thread-local SQLite connection for audit storage."""
+    db_path_str = os.environ.get("FUSIONAGI_AUDIT_DB", str(_DB_PATH))
+
+    conn = getattr(_local, "conn", None)
+    conn_path = getattr(_local, "conn_path", None)
+    if conn is not None and conn_path == db_path_str:
+        return conn
+
+    db_path = Path(db_path_str)
+    db_path.parent.mkdir(parents=True, exist_ok=True)
+    conn = sqlite3.connect(str(db_path), check_same_thread=False)
+    conn.execute("PRAGMA journal_mode=WAL")
+
+    with _lock:
+        if db_path_str not in _initialized_dbs:
+            conn.execute("""
+                CREATE TABLE IF NOT EXISTS audit_events (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    timestamp REAL NOT NULL,
+                    action TEXT NOT NULL,
+                    actor TEXT DEFAULT '',
+                    resource_type TEXT DEFAULT '',
+                    resource_id TEXT DEFAULT '',
+                    details TEXT DEFAULT '{}',
+                    ip_address TEXT DEFAULT '',
+                    tenant_id TEXT DEFAULT ''
+                )
+            """)
+            conn.execute("CREATE INDEX IF NOT EXISTS idx_audit_ts ON audit_events(timestamp)")
+            conn.execute("CREATE INDEX IF NOT EXISTS idx_audit_action ON audit_events(action)")
+            conn.commit()
+            _initialized_dbs.add(db_path_str)
+
+    _local.conn = conn
+    _local.conn_path = db_path_str
+    return conn
+
+
+def record_audit_event(
+    action: str,
+    actor: str = "",
+    resource_type: str = "",
+    resource_id: str = "",
+    details: dict[str, Any] | None = None,
+    ip_address: str = "",
+    tenant_id: str = "",
+) -> int:
+    """Record an audit event to the persistent store.
+
+    Args:
+        action: The action performed (e.g. 'session.create', 'prompt.submit').
+        actor: Who performed the action.
+        resource_type: Type of resource affected.
+        resource_id: ID of the resource affected.
+        details: Additional JSON-serializable details.
+        ip_address: Client IP address.
+        tenant_id: Tenant identifier.
+
+    Returns:
+        The event ID.
+    """
+    conn = _get_conn()
+    cursor = conn.execute(
+        """INSERT INTO audit_events (timestamp, action, actor, resource_type, resource_id, details, ip_address, tenant_id)
+           VALUES (?, ?, ?, ?, ?, ?, ?, ?)""",
+        (time.time(), action, actor, resource_type, resource_id, json.dumps(details or {}), ip_address, tenant_id),
+    )
+    conn.commit()
+    return cursor.lastrowid or 0
+
+
+def get_audit_events(
+    limit: int = 100,
+    since: float | None = None,
+    action: str | None = None,
+    tenant_id: str | None = None,
+) -> list[dict[str, Any]]:
+    """Retrieve audit events with optional filters.
+
+    Args:
+        limit: Maximum number of events to return.
+        since: Only return events after this Unix timestamp.
+        action: Filter by action type.
+        tenant_id: Filter by tenant.
+
+    Returns:
+        List of audit event dicts.
+    """
+    conn = _get_conn()
+    query = "SELECT id, timestamp, action, actor, resource_type, resource_id, details, ip_address, tenant_id FROM audit_events WHERE 1=1"
+    params: list[Any] = []
+
+    if since is not None:
+        query += " AND timestamp >= ?"
+        params.append(since)
+    if action:
+        query += " AND action = ?"
+        params.append(action)
+    if tenant_id:
+        query += " AND tenant_id = ?"
+        params.append(tenant_id)
+
+    query += " ORDER BY timestamp DESC LIMIT ?"
+    params.append(min(limit, 10000))
+
+    rows = conn.execute(query, params).fetchall()
+    return [
+        {
+            "id": r[0],
+            "timestamp": r[1],
+            "action": r[2],
+            "actor": r[3],
+            "resource_type": r[4],
+            "resource_id": r[5],
+            "details": json.loads(r[6]) if r[6] else {},
+            "ip_address": r[7],
+            "tenant_id": r[8],
+        }
+        for r in rows
+    ]
+
+
+def get_audit_count() -> int:
+    """Return total number of audit events."""
+    conn = _get_conn()
+    row = conn.execute("SELECT COUNT(*) FROM audit_events").fetchone()
+    return row[0] if row else 0
diff --git a/fusionagi/api/routes/audit_export.py b/fusionagi/api/routes/audit_export.py
index 23af6eb..f047fde 100644
--- a/fusionagi/api/routes/audit_export.py
+++ b/fusionagi/api/routes/audit_export.py
@@ -15,6 +15,7 @@ from fastapi import APIRouter, Query
 from fastapi.responses import StreamingResponse
 
 from fusionagi._logger import logger
+from fusionagi.api.audit_store import get_audit_events
 from fusionagi.api.dependencies import get_telemetry_tracer
 
 router = APIRouter()
@@ -25,7 +26,16 @@ def _get_audit_records(
     limit: int = 1000,
     since: float | None = None,
 ) -> list[dict[str, Any]]:
-    """Collect audit records from telemetry tracer."""
+    """Collect audit records from persistent store, falling back to telemetry tracer."""
+    # Try persistent audit store first
+    try:
+        records = get_audit_events(limit=limit, since=since)
+        if records:
+            return records
+    except Exception:
+        pass
+
+    # Fallback to telemetry tracer
     tracer = get_telemetry_tracer()
     if not tracer:
         return []
diff --git a/fusionagi/api/routes/sessions.py b/fusionagi/api/routes/sessions.py
index 3ce74cf..d4c2095 100644
--- a/fusionagi/api/routes/sessions.py
+++ b/fusionagi/api/routes/sessions.py
@@ -5,12 +5,15 @@ from typing import Any
 
 from fastapi import APIRouter, HTTPException, WebSocket, WebSocketDisconnect
 
+from fusionagi.api.audit_store import record_audit_event
 from fusionagi.api.dependencies import (
     get_event_bus,
     get_orchestrator,
     get_safety_pipeline,
     get_session_store,
 )
+from fusionagi.api.error_codes import ErrorCode, error_response
+from fusionagi.api.otel import trace_span
 from fusionagi.api.websocket import handle_stream
 from fusionagi.core import (
     extract_sources_from_head_outputs,
@@ -40,13 +43,18 @@ def create_session(user_id: str | None = None) -> dict[str, Any]:
     Returns:
         JSON with session_id and user_id.
     """
-    _ensure_init()
-    store = get_session_store()
-    if not store:
-        raise HTTPException(status_code=503, detail="Session store not initialized")
-    session_id = str(uuid.uuid4())
-    store.create(session_id, user_id)
-    return {"session_id": session_id, "user_id": user_id}
+    with trace_span("session.create", attributes={"user_id": user_id or "anonymous"}):
+        _ensure_init()
+        store = get_session_store()
+        if not store:
+            raise HTTPException(
+                status_code=503,
+                detail=error_response(ErrorCode.ORCHESTRATOR_UNAVAILABLE, "Session store not initialized"),
+            )
+        session_id = str(uuid.uuid4())
+        store.create(session_id, user_id)
+        record_audit_event("session.create", resource_type="session", resource_id=session_id)
+        return {"session_id": session_id, "user_id": user_id}
 
 
 @router.post("/{session_id}/prompt")
@@ -67,98 +75,123 @@ def submit_prompt(session_id: str, body: dict[str, Any]) -> dict[str, Any]:
         FinalResponse with final_answer, head_contributions, confidence_score,
         and transparency_report.
     """
-    _ensure_init()
-    store = get_session_store()
-    orch = get_orchestrator()
-    bus = get_event_bus()
-    if not store or not orch:
-        raise HTTPException(status_code=503, detail="Service not initialized")
-
-    sess = store.get(session_id)
-    if not sess:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    prompt = body.get("prompt", "")
-    parsed = parse_user_input(prompt)
-
-    if not prompt or not parsed.cleaned_prompt.strip():
-        if parsed.intent in (UserIntent.SHOW_DISSENT, UserIntent.RERUN_RISK, UserIntent.EXPLAIN_REASONING, UserIntent.SOURCES):
-            hist = sess.get("history", [])
-            if hist:
-                prompt = hist[-1].get("prompt", "")
-            if not prompt:
-                raise HTTPException(status_code=400, detail="No previous prompt; provide a prompt for this command")
-        else:
-            raise HTTPException(status_code=400, detail="prompt is required")
-
-    effective_prompt = parsed.cleaned_prompt.strip() or prompt
-    pipeline = get_safety_pipeline()
-    if pipeline:
-        pre_result = pipeline.pre_check(effective_prompt)
-        if not pre_result.allowed:
-            raise HTTPException(status_code=400, detail=pre_result.reason or "Input moderation failed")
-
-    task_id = orch.submit_task(goal=effective_prompt[:200])
-
-    # Dynamic head selection
-    head_ids = select_heads_for_complexity(effective_prompt)
-    if parsed.intent.value == "head_strategy" and parsed.head_id:
-        head_ids = [parsed.head_id]
-
-    force_second = parsed.intent == UserIntent.RERUN_RISK
-    return_heads = parsed.intent == UserIntent.SOURCES
-
-    result = run_dvadasa(
-        orchestrator=orch,
-        task_id=task_id,
-        user_prompt=effective_prompt,
-        parsed=parsed,
-        head_ids=head_ids if parsed.intent.value != "normal" or body.get("use_all_heads") else None,
-        event_bus=bus,
-        force_second_pass=force_second,
-        return_head_outputs=return_heads,
-    )
-
-    if return_heads and isinstance(result, tuple):
-        final, head_outputs = result
-    else:
-        final = result  # type: ignore[assignment]
-        head_outputs = []
-
-    if not final:
-        raise HTTPException(status_code=500, detail="Failed to produce response")
-
-    if pipeline:
-        post_result = pipeline.post_check(final.final_answer)
-        if not post_result.passed:
+    with trace_span("session.prompt", attributes={"session_id": session_id}):
+        _ensure_init()
+        store = get_session_store()
+        orch = get_orchestrator()
+        bus = get_event_bus()
+        if not store or not orch:
             raise HTTPException(
-                status_code=400,
-                detail=f"Output scan failed: {', '.join(post_result.flags)}",
+                status_code=503,
+                detail=error_response(ErrorCode.ORCHESTRATOR_UNAVAILABLE),
             )
 
-    entry = {
-        "prompt": effective_prompt,
-        "final_answer": final.final_answer,
-        "confidence_score": final.confidence_score,
-        "head_contributions": final.head_contributions,
-    }
-    store.append_history(session_id, entry)
+        sess = store.get(session_id)
+        if not sess:
+            raise HTTPException(
+                status_code=404,
+                detail=error_response(ErrorCode.SESSION_NOT_FOUND),
+            )
 
-    response: dict[str, Any] = {
-        "task_id": task_id,
-        "final_answer": final.final_answer,
-        "transparency_report": final.transparency_report.model_dump(),
-        "head_contributions": final.head_contributions,
-        "confidence_score": final.confidence_score,
-    }
-    if parsed.intent == UserIntent.SHOW_DISSENT:
-        response["response_mode"] = "show_dissent"
-        response["disputed_claims"] = final.transparency_report.agreement_map.disputed_claims
-    elif parsed.intent == UserIntent.EXPLAIN_REASONING:
-        response["response_mode"] = "explain"
-    elif parsed.intent == UserIntent.SOURCES and head_outputs:
-        response["sources"] = extract_sources_from_head_outputs(head_outputs)
-    return response
+        prompt = body.get("prompt", "")
+        parsed = parse_user_input(prompt)
+
+        if not prompt or not parsed.cleaned_prompt.strip():
+            if parsed.intent in (UserIntent.SHOW_DISSENT, UserIntent.RERUN_RISK, UserIntent.EXPLAIN_REASONING, UserIntent.SOURCES):
+                hist = sess.get("history", [])
+                if hist:
+                    prompt = hist[-1].get("prompt", "")
+                if not prompt:
+                    raise HTTPException(
+                        status_code=400,
+                        detail=error_response(ErrorCode.PROMPT_EMPTY, "No previous prompt; provide a prompt for this command"),
+                    )
+            else:
+                raise HTTPException(
+                    status_code=400,
+                    detail=error_response(ErrorCode.PROMPT_EMPTY),
+                )
+
+        effective_prompt = parsed.cleaned_prompt.strip() or prompt
+        pipeline = get_safety_pipeline()
+        if pipeline:
+            pre_result = pipeline.pre_check(effective_prompt)
+            if not pre_result.allowed:
+                raise HTTPException(
+                    status_code=400,
+                    detail=error_response(ErrorCode.INPUT_INVALID, pre_result.reason or "Input moderation failed"),
+                )
+
+        task_id = orch.submit_task(goal=effective_prompt[:200])
+
+        # Dynamic head selection
+        head_ids = select_heads_for_complexity(effective_prompt)
+        if parsed.intent.value == "head_strategy" and parsed.head_id:
+            head_ids = [parsed.head_id]
+
+        force_second = parsed.intent == UserIntent.RERUN_RISK
+        return_heads = parsed.intent == UserIntent.SOURCES
+
+        result = run_dvadasa(
+            orchestrator=orch,
+            task_id=task_id,
+            user_prompt=effective_prompt,
+            parsed=parsed,
+            head_ids=head_ids if parsed.intent.value != "normal" or body.get("use_all_heads") else None,
+            event_bus=bus,
+            force_second_pass=force_second,
+            return_head_outputs=return_heads,
+        )
+
+        if return_heads and isinstance(result, tuple):
+            final, head_outputs = result
+        else:
+            final = result  # type: ignore[assignment]
+            head_outputs = []
+
+        if not final:
+            raise HTTPException(
+                status_code=500,
+                detail=error_response(ErrorCode.ORCHESTRATOR_TIMEOUT),
+            )
+
+        if pipeline:
+            post_result = pipeline.post_check(final.final_answer)
+            if not post_result.passed:
+                raise HTTPException(
+                    status_code=400,
+                    detail=error_response(ErrorCode.GOVERNANCE_DENIED, f"Output scan failed: {', '.join(post_result.flags)}"),
+                )
+
+        entry = {
+            "prompt": effective_prompt,
+            "final_answer": final.final_answer,
+            "confidence_score": final.confidence_score,
+            "head_contributions": final.head_contributions,
+        }
+        store.append_history(session_id, entry)
+        record_audit_event(
+            "prompt.submit",
+            resource_type="session",
+            resource_id=session_id,
+            details={"prompt_length": len(effective_prompt), "confidence": final.confidence_score},
+        )
+
+        response: dict[str, Any] = {
+            "task_id": task_id,
+            "final_answer": final.final_answer,
+            "transparency_report": final.transparency_report.model_dump(),
+            "head_contributions": final.head_contributions,
+            "confidence_score": final.confidence_score,
+        }
+        if parsed.intent == UserIntent.SHOW_DISSENT:
+            response["response_mode"] = "show_dissent"
+            response["disputed_claims"] = final.transparency_report.agreement_map.disputed_claims
+        elif parsed.intent == UserIntent.EXPLAIN_REASONING:
+            response["response_mode"] = "explain"
+        elif parsed.intent == UserIntent.SOURCES and head_outputs:
+            response["sources"] = extract_sources_from_head_outputs(head_outputs)
+        return response
 
 
 @router.websocket("/{session_id}/stream")
diff --git a/fusionagi/api/security.py b/fusionagi/api/security.py
index 5527e09..aeb1308 100644
--- a/fusionagi/api/security.py
+++ b/fusionagi/api/security.py
@@ -1,16 +1,31 @@
 """Security middleware: CSRF protection and Content Security Policy headers.
 
 CSRF: Validates Origin/Referer headers on state-changing requests (POST/PUT/DELETE/PATCH).
+      Also supports double-submit cookie pattern via X-CSRF-Token header.
 CSP: Adds Content-Security-Policy headers to all responses.
 """
 
 from __future__ import annotations
 
 import os
+import secrets
 from typing import Any
 
 from fusionagi._logger import logger
 
+CSRF_COOKIE_NAME = "fusionagi_csrf"
+CSRF_HEADER_NAME = "x-csrf-token"
+CSRF_TOKEN_LENGTH = 32
+
+
+def generate_csrf_token() -> str:
+    """Generate a cryptographically secure CSRF token.
+
+    Returns:
+        URL-safe token string.
+    """
+    return secrets.token_urlsafe(CSRF_TOKEN_LENGTH)
+
 
 def get_csrf_middleware() -> Any:
     """Return CSRF protection middleware class.
@@ -34,10 +49,23 @@ def get_csrf_middleware() -> Any:
     state_changing = {"POST", "PUT", "DELETE", "PATCH"}
 
     class CSRFMiddleware(BaseHTTPMiddleware):
-        """CSRF protection via Origin/Referer validation."""
+        """CSRF protection via Origin/Referer + double-submit cookie validation."""
 
         async def dispatch(self, request: Request, call_next: Any) -> Response:
             if request.method in state_changing and request.url.path.startswith("/v1/"):
+                # Double-submit cookie check
+                cookie_token = request.cookies.get(CSRF_COOKIE_NAME, "")
+                header_token = request.headers.get(CSRF_HEADER_NAME, "")
+                if cookie_token and header_token:
+                    if not secrets.compare_digest(cookie_token, header_token):
+                        logger.warning(
+                            "CSRF advisory: token mismatch (proceeding)",
+                            extra={"path": request.url.path},
+                        )
+                elif cookie_token and not header_token:
+                    logger.debug("CSRF advisory: cookie present but no header token", extra={"path": request.url.path})
+
+                # Origin/Referer check
                 origin = request.headers.get("origin", "").rstrip("/")
                 referer = request.headers.get("referer", "")
 
@@ -58,7 +86,21 @@ def get_csrf_middleware() -> Any:
                 else:
                     logger.debug("CSRF advisory: no origin/referer header", extra={"path": request.url.path})
 
-            return await call_next(request)  # type: ignore[no-any-return]
+            response = await call_next(request)
+
+            # Set CSRF cookie if not present
+            if not request.cookies.get(CSRF_COOKIE_NAME):
+                token = generate_csrf_token()
+                response.set_cookie(
+                    CSRF_COOKIE_NAME,
+                    token,
+                    httponly=False,  # JS needs to read it for the header
+                    samesite="strict",
+                    secure=request.url.scheme == "https",
+                    max_age=86400,
+                )
+
+            return response  # type: ignore[no-any-return]
 
     return CSRFMiddleware
 
diff --git a/k8s/templates/prometheus-rules.yaml b/k8s/templates/prometheus-rules.yaml
new file mode 100644
index 0000000..bf170bf
--- /dev/null
+++ b/k8s/templates/prometheus-rules.yaml
@@ -0,0 +1,96 @@
+{{- if .Values.monitoring.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "fusionagi.fullname" . }}-alerts
+  labels:
+    {{- include "fusionagi.labels" . | nindent 4 }}
+    prometheus: kube-prometheus
+spec:
+  groups:
+    - name: fusionagi.rules
+      rules:
+        # High error rate
+        - alert: FusionAGIHighErrorRate
+          expr: |
+            sum(rate(fusionagi_requests_total{status=~"5.."}[5m]))
+            / sum(rate(fusionagi_requests_total[5m])) > 0.05
+          for: 5m
+          labels:
+            severity: critical
+          annotations:
+            summary: "FusionAGI error rate above 5%"
+            description: "Error rate is {{ "{{ $value | humanizePercentage }}" }} over the last 5 minutes."
+
+        # High latency
+        - alert: FusionAGIHighLatency
+          expr: |
+            histogram_quantile(0.95,
+              sum(rate(fusionagi_request_duration_seconds_bucket[5m])) by (le)
+            ) > 10
+          for: 5m
+          labels:
+            severity: warning
+          annotations:
+            summary: "FusionAGI p95 latency above 10s"
+            description: "95th percentile latency is {{ "{{ $value }}s" }}."
+
+        # Pod restarts
+        - alert: FusionAGIPodRestarting
+          expr: |
+            increase(kube_pod_container_status_restarts_total{
+              container="{{ include "fusionagi.fullname" . }}"
+            }[1h]) > 3
+          for: 5m
+          labels:
+            severity: warning
+          annotations:
+            summary: "FusionAGI pod restarting frequently"
+            description: "Pod has restarted {{ "{{ $value }}" }} times in the last hour."
+
+        # High memory usage
+        - alert: FusionAGIHighMemory
+          expr: |
+            container_memory_usage_bytes{
+              container="{{ include "fusionagi.fullname" . }}"
+            } / container_spec_memory_limit_bytes > 0.85
+          for: 10m
+          labels:
+            severity: warning
+          annotations:
+            summary: "FusionAGI memory usage above 85%"
+            description: "Memory usage is {{ "{{ $value | humanizePercentage }}" }}."
+
+        # CPU throttling
+        - alert: FusionAGICPUThrottled
+          expr: |
+            rate(container_cpu_cfs_throttled_seconds_total{
+              container="{{ include "fusionagi.fullname" . }}"
+            }[5m]) > 0.5
+          for: 10m
+          labels:
+            severity: warning
+          annotations:
+            summary: "FusionAGI CPU throttled"
+            description: "CPU throttling rate is {{ "{{ $value }}s/s" }}."
+
+        # Queue depth (if task queue is instrumented)
+        - alert: FusionAGIQueueBacklog
+          expr: fusionagi_task_queue_depth > 50
+          for: 5m
+          labels:
+            severity: warning
+          annotations:
+            summary: "FusionAGI task queue backlog"
+            description: "Queue depth is {{ "{{ $value }}" }}."
+
+        # Health check failures
+        - alert: FusionAGIUnhealthy
+          expr: fusionagi_health_status == 0
+          for: 2m
+          labels:
+            severity: critical
+          annotations:
+            summary: "FusionAGI health check failing"
+            description: "Health endpoint returning unhealthy for 2+ minutes."
+{{- end }}
diff --git a/k8s/values.yaml b/k8s/values.yaml
index aedff9c..5d3fc61 100644
--- a/k8s/values.yaml
+++ b/k8s/values.yaml
@@ -117,3 +117,7 @@ healthCheck:
       port: 8000
     initialDelaySeconds: 5
     periodSeconds: 10
+
+# Monitoring
+monitoring:
+  enabled: false
diff --git a/tests/test_audit_store.py b/tests/test_audit_store.py
new file mode 100644
index 0000000..65f966b
--- /dev/null
+++ b/tests/test_audit_store.py
@@ -0,0 +1,58 @@
+"""Tests for persistent audit event storage."""
+
+import time
+
+from fusionagi.api.audit_store import get_audit_count, get_audit_events, record_audit_event
+
+
+def test_record_and_retrieve(tmp_path, monkeypatch):
+    """Should record and retrieve audit events."""
+    monkeypatch.setenv("FUSIONAGI_AUDIT_DB", str(tmp_path / "test_audit.db"))
+    # Reset connection
+    import fusionagi.api.audit_store as mod
+    mod._conn = None
+
+    eid = record_audit_event("test.action", actor="user1", resource_type="session", resource_id="s1")
+    assert eid > 0
+
+    events = get_audit_events(limit=10)
+    assert len(events) >= 1
+    assert events[0]["action"] == "test.action"
+    assert events[0]["actor"] == "user1"
+
+
+def test_filter_by_action(tmp_path, monkeypatch):
+    """Should filter events by action."""
+    monkeypatch.setenv("FUSIONAGI_AUDIT_DB", str(tmp_path / "test_audit2.db"))
+    import fusionagi.api.audit_store as mod
+    mod._conn = None
+
+    record_audit_event("session.create")
+    record_audit_event("prompt.submit")
+    record_audit_event("session.create")
+
+    events = get_audit_events(action="session.create")
+    assert all(e["action"] == "session.create" for e in events)
+
+
+def test_filter_by_since(tmp_path, monkeypatch):
+    """Should filter events by timestamp."""
+    monkeypatch.setenv("FUSIONAGI_AUDIT_DB", str(tmp_path / "test_audit3.db"))
+    import fusionagi.api.audit_store as mod
+    mod._conn = None
+
+    record_audit_event("old.event")
+    future = time.time() + 1000
+    events = get_audit_events(since=future)
+    assert len(events) == 0
+
+
+def test_count(tmp_path, monkeypatch):
+    """Should return total count."""
+    monkeypatch.setenv("FUSIONAGI_AUDIT_DB", str(tmp_path / "test_audit4.db"))
+    import fusionagi.api.audit_store as mod
+    mod._conn = None
+
+    record_audit_event("count.test")
+    record_audit_event("count.test")
+    assert get_audit_count() >= 2
diff --git a/tests/test_csrf_token.py b/tests/test_csrf_token.py
new file mode 100644
index 0000000..65e998f
--- /dev/null
+++ b/tests/test_csrf_token.py
@@ -0,0 +1,28 @@
+"""Tests for CSRF token generation and double-submit cookie pattern."""
+
+from fusionagi.api.security import (
+    CSRF_COOKIE_NAME,
+    CSRF_HEADER_NAME,
+    CSRF_TOKEN_LENGTH,
+    generate_csrf_token,
+)
+
+
+def test_generate_csrf_token_length():
+    """Token should be URL-safe and reasonable length."""
+    token = generate_csrf_token()
+    assert len(token) > 20
+    assert all(c.isalnum() or c in "-_" for c in token)
+
+
+def test_generate_csrf_token_uniqueness():
+    """Each token should be unique."""
+    tokens = {generate_csrf_token() for _ in range(100)}
+    assert len(tokens) == 100
+
+
+def test_csrf_constants():
+    """CSRF constants should be set."""
+    assert CSRF_COOKIE_NAME == "fusionagi_csrf"
+    assert CSRF_HEADER_NAME == "x-csrf-token"
+    assert CSRF_TOKEN_LENGTH == 32