From 697fb82eeaa7aad3e281d8fa4ff924d6e0383e46 Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Mon, 23 Feb 2026 20:05:38 -0500
Subject: [PATCH 1/5] bridge: rename slack-bridge to broker-gateway

---
 AGENTS.md                                     |  6 +--
 bin/ci/setup-arch.sh                          |  2 +-
 bin/ci/setup-ubuntu.sh                        |  2 +-
 bin/deploy.sh                                 |  2 +-
 bin/doctor.sh                                 |  4 +-
 bin/lib/baudbot-runtime.sh                    |  2 +-
 bin/security-audit.sh                         | 12 ++---
 bin/security-audit.test.sh                    | 10 ++--
 bin/test.sh                                   |  2 +-
 bin/update-release.sh                         |  6 +--
 bin/verify-manifest.test.sh                   |  8 +--
 biome.json                                    |  2 +-
 {slack-bridge => broker-gateway}/AGENTS.md    |  4 +-
 {slack-bridge => broker-gateway}/bridge.mjs   |  0
 .../broker-bridge.mjs                         |  0
 {slack-bridge => broker-gateway}/crypto.mjs   |  0
 .../crypto.test.mjs                           |  0
 .../package-lock.json                         |  4 +-
 {slack-bridge => broker-gateway}/package.json |  4 +-
 {slack-bridge => broker-gateway}/security.mjs |  0
 .../security.test.mjs                         |  0
 hooks/pre-commit                              |  8 +--
 pi/extensions/tool-guard.test.mjs             | 20 ++++----
 pi/extensions/tool-guard.ts                   |  6 +--
 pi/skills/control-agent/SKILL.md              | 22 ++++----
 pi/skills/control-agent/startup-cleanup.sh    | 32 ++++++------
 pi/skills/dev-agent/SKILL.md                  |  2 +-
 setup.sh                                      |  4 +-
 start.sh                                      | 14 +++---
 test/broker-bridge.integration.test.mjs       | 50 +++++++++----------
 test/legacy-node-tests.test.mjs               |  2 +-
 test/security-audit.test.mjs                  |  6 +--
 32 files changed, 118 insertions(+), 118 deletions(-)
 rename {slack-bridge => broker-gateway}/AGENTS.md (87%)
 rename {slack-bridge => broker-gateway}/bridge.mjs (100%)
 rename {slack-bridge => broker-gateway}/broker-bridge.mjs (100%)
 rename {slack-bridge => broker-gateway}/crypto.mjs (100%)
 rename {slack-bridge => broker-gateway}/crypto.test.mjs (100%)
 rename {slack-bridge => broker-gateway}/package-lock.json (99%)
 rename {slack-bridge => broker-gateway}/package.json (72%)
 rename {slack-bridge => broker-gateway}/security.mjs (100%)
 rename {slack-bridge => broker-gateway}/security.test.mjs (100%)

diff --git a/AGENTS.md b/AGENTS.md
index 57e91ec..95ebd6a 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -5,7 +5,7 @@ Baudbot is hardened infrastructure for running always-on AI agents.
 Use this file for **repo-wide** guidance. For directory-specific rules, use the nearest nested `AGENTS.md`:
 - [`bin/AGENTS.md`](bin/AGENTS.md)
 - [`pi/extensions/AGENTS.md`](pi/extensions/AGENTS.md)
-- [`slack-bridge/AGENTS.md`](slack-bridge/AGENTS.md)
+- [`broker-gateway/AGENTS.md`](broker-gateway/AGENTS.md)
 
 ## How Baudbot works
 
@@ -16,7 +16,7 @@ Baudbot is a persistent, team-facing coding agent system. It connects to Slack,
 ```text
 Slack
    ↓
-slack-bridge (broker pull-mode or legacy Socket Mode)
+broker-gateway (broker pull-mode or legacy Socket Mode)
    ↓
 control-agent (always-on, manages todo/routing/Slack threads)
    ├── dev-agent(s) — ephemeral coding workers in isolated worktrees
@@ -36,7 +36,7 @@ git commits → PRs → CI feedback → thread updates back to Slack
   - `dev-agent/` — coding worker persona
   - `sentry-agent/` — incident triage persona
 - `pi/settings.json` — pi agent settings
-- `slack-bridge/` — Slack integration bridges + security module
+- `broker-gateway/` — Slack integration bridges + security module
 - `docs/` — architecture/operations/security documentation
 - `test/` — vitest wrappers for shell scripts, integration, and legacy Node tests
 - `hooks/` — git hooks (security-critical `pre-commit` protecting admin-managed files)
diff --git a/bin/ci/setup-arch.sh b/bin/ci/setup-arch.sh
index 865a32e..5da17f6 100755
--- a/bin/ci/setup-arch.sh
+++ b/bin/ci/setup-arch.sh
@@ -74,7 +74,7 @@ echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
 cd /home/baudbot_admin/baudbot
 npm install --ignore-scripts 2>&1 | tail -1
-cd slack-bridge && npm install 2>&1 | tail -1
+cd broker-gateway && npm install 2>&1 | tail -1
 cd ..
 
 echo "=== Running tests ==="
diff --git a/bin/ci/setup-ubuntu.sh b/bin/ci/setup-ubuntu.sh
index dbccaa9..d7177b4 100755
--- a/bin/ci/setup-ubuntu.sh
+++ b/bin/ci/setup-ubuntu.sh
@@ -112,7 +112,7 @@ echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
 cd /home/baudbot_admin/baudbot
 npm install --ignore-scripts 2>&1 | tail -1
-cd slack-bridge && npm install 2>&1 | tail -1
+cd broker-gateway && npm install 2>&1 | tail -1
 cd ..
 
 echo "=== Running tests ==="
diff --git a/bin/deploy.sh b/bin/deploy.sh
index 954ad81..fef3063 100755
--- a/bin/deploy.sh
+++ b/bin/deploy.sh
@@ -401,7 +401,7 @@ VEOF
       echo '  \"source_sha\": \"$GIT_SHA\",'
       echo '  \"files\": {'
       first=1
-      for dir in '$BAUDBOT_HOME/.pi/agent/extensions' '$BAUDBOT_HOME/.pi/agent/skills' '/opt/baudbot/current/slack-bridge' '$BAUDBOT_HOME/runtime/bin'; do
+      for dir in '$BAUDBOT_HOME/.pi/agent/extensions' '$BAUDBOT_HOME/.pi/agent/skills' '/opt/baudbot/current/broker-gateway' '$BAUDBOT_HOME/runtime/bin'; do
         if [ -d \"\$dir\" ]; then
           while IFS= read -r f; do
             hash=\$(sha256sum \"\$f\" | cut -d' ' -f1)
diff --git a/bin/doctor.sh b/bin/doctor.sh
index e48b3df..145eab0 100755
--- a/bin/doctor.sh
+++ b/bin/doctor.sh
@@ -289,7 +289,7 @@ else
   fi
 fi
 
-BRIDGE_DIR="$BAUDBOT_CURRENT_LINK/slack-bridge"
+BRIDGE_DIR="$BAUDBOT_CURRENT_LINK/broker-gateway"
 if [ -d "$BRIDGE_DIR" ] && [ -f "$BRIDGE_DIR/bridge.mjs" ]; then
   pass "slack bridge deployed ($BRIDGE_DIR)"
 else
@@ -457,7 +457,7 @@ fi
 echo ""
 echo "Runtime health:"
 
-# Slack bridge
+# Broker gateway
 if curl -s -o /dev/null -w '%{http_code}' -X POST http://127.0.0.1:7890/send -H 'Content-Type: application/json' -d '{}' 2>/dev/null | grep -q "400"; then
   pass "slack bridge responding (port 7890)"
 else
diff --git a/bin/lib/baudbot-runtime.sh b/bin/lib/baudbot-runtime.sh
index 3295a7f..d82ffed 100644
--- a/bin/lib/baudbot-runtime.sh
+++ b/bin/lib/baudbot-runtime.sh
@@ -195,7 +195,7 @@ PY
 
 print_bridge_supervisor_status() {
   local agent_user="${BAUDBOT_AGENT_USER:-baudbot_agent}"
-  local status_file="/home/$agent_user/.pi/agent/slack-bridge-supervisor.json"
+  local status_file="/home/$agent_user/.pi/agent/broker-gateway-supervisor.json"
   local summary=""
   local mode=""
   local state=""
diff --git a/bin/security-audit.sh b/bin/security-audit.sh
index 970dbd2..b241e61 100755
--- a/bin/security-audit.sh
+++ b/bin/security-audit.sh
@@ -220,7 +220,7 @@ else
   ok "~/.pi/agent/skills/ is a real directory"
 fi
 
-BRIDGE_DIR="$BAUDBOT_CURRENT_LINK/slack-bridge"
+BRIDGE_DIR="$BAUDBOT_CURRENT_LINK/broker-gateway"
 # shellcheck disable=SC2088
 if [ -d "$BRIDGE_DIR" ]; then
   ok "Release bridge directory exists ($BRIDGE_DIR)"
@@ -252,8 +252,8 @@ if [ -f "$MANIFEST_FILE" ]; then
   for critical_file in \
     ".pi/agent/extensions/tool-guard.ts" \
     ".pi/agent/extensions/tool-guard.test.mjs" \
-    "release/slack-bridge/security.mjs" \
-    "release/slack-bridge/security.test.mjs"; do
+    "release/broker-gateway/security.mjs" \
+    "release/broker-gateway/security.test.mjs"; do
 
     if [[ "$critical_file" == release/* ]]; then
       full_path="$BAUDBOT_CURRENT_LINK/${critical_file#release/}"
@@ -472,13 +472,13 @@ echo "Network"
 bridge_bind=$(ss -tlnp 2>/dev/null | grep ':7890' | awk '{print $4}' | head -1 || true)
 if [ -n "$bridge_bind" ]; then
   if echo "$bridge_bind" | grep -q '127.0.0.1'; then
-    ok "Slack bridge bound to 127.0.0.1:7890"
+    ok "Broker gateway bound to 127.0.0.1:7890"
   else
-    finding "CRITICAL" "Slack bridge bound to $bridge_bind (not localhost!)" \
+    finding "CRITICAL" "Broker gateway bound to $bridge_bind (not localhost!)" \
       "Should bind to 127.0.0.1 only"
   fi
 else
-  finding "INFO" "Slack bridge not running" ""
+  finding "INFO" "Broker gateway not running" ""
 fi
 
 # Check firewall rules
diff --git a/bin/security-audit.test.sh b/bin/security-audit.test.sh
index 4f9842f..87cadaa 100644
--- a/bin/security-audit.test.sh
+++ b/bin/security-audit.test.sh
@@ -19,7 +19,7 @@ trap cleanup EXIT
 setup_base() {
   local home="$1"
   rm -rf "$home"
-  mkdir -p "$home/.config" "$home/.ssh" "$home/.pi" "$home/opt/baudbot/current/slack-bridge" "$home/baudbot/.git"
+  mkdir -p "$home/.config" "$home/.ssh" "$home/.pi" "$home/opt/baudbot/current/broker-gateway" "$home/baudbot/.git"
 
   # Secrets file
   echo "SLACK_BOT_TOKEN=xoxb-test" > "$home/.config/.env"
@@ -38,8 +38,8 @@ setup_base() {
   echo -e "[user]\n\tname = test\n\temail = test@test.com" > "$home/.gitconfig"
 
   # Bridge security module
-  echo "// security" > "$home/opt/baudbot/current/slack-bridge/security.mjs"
-  echo "// tests" > "$home/opt/baudbot/current/slack-bridge/security.test.mjs"
+  echo "// security" > "$home/opt/baudbot/current/broker-gateway/security.mjs"
+  echo "// tests" > "$home/opt/baudbot/current/broker-gateway/security.test.mjs"
 
   # Audit log (fallback location)
   mkdir -p "$home/logs"
@@ -183,7 +183,7 @@ echo ""
 echo "Test: missing bridge security module"
 HOME8="$TMPDIR/no-bridge-sec"
 setup_base "$HOME8"
-rm -f "$HOME8/opt/baudbot/current/slack-bridge/security.mjs"
+rm -f "$HOME8/opt/baudbot/current/broker-gateway/security.mjs"
 
 output=$(run_audit "$HOME8")
 expect_contains "reports missing security module" "$output" "Bridge security module not found"
@@ -195,7 +195,7 @@ echo ""
 echo "Test: missing bridge tests"
 HOME9="$TMPDIR/no-bridge-tests"
 setup_base "$HOME9"
-rm -f "$HOME9/opt/baudbot/current/slack-bridge/security.test.mjs"
+rm -f "$HOME9/opt/baudbot/current/broker-gateway/security.test.mjs"
 
 output=$(run_audit "$HOME9")
 expect_contains "reports missing tests" "$output" "No tests for bridge security"
diff --git a/bin/test.sh b/bin/test.sh
index 312abe2..2db9daa 100755
--- a/bin/test.sh
+++ b/bin/test.sh
@@ -49,7 +49,7 @@ JS_TEST_FILES=(
   pi/extensions/tool-guard.test.mjs
   pi/extensions/heartbeat.test.mjs
   pi/extensions/memory.test.mjs
-  slack-bridge/security.test.mjs
+  broker-gateway/security.test.mjs
   bin/scan-extensions.test.mjs
   bin/broker-register.test.mjs
 )
diff --git a/bin/update-release.sh b/bin/update-release.sh
index 9099a18..493cab4 100755
--- a/bin/update-release.sh
+++ b/bin/update-release.sh
@@ -209,14 +209,14 @@ EOF
 
 install_release_bridge_dependencies() {
   local release_dir="$1"
-  local bridge_dir="$release_dir/slack-bridge"
+  local bridge_dir="$release_dir/broker-gateway"
 
   if [ ! -d "$bridge_dir" ] || [ ! -f "$bridge_dir/package.json" ]; then
-    log "slack-bridge package.json missing; skipping bridge dependency install"
+    log "broker-gateway package.json missing; skipping bridge dependency install"
     return 0
   fi
 
-  log "installing production Slack bridge dependencies in release"
+  log "installing production Broker gateway dependencies in release"
   rm -rf "$bridge_dir/node_modules"
 
   if [ -f "$bridge_dir/package-lock.json" ]; then
diff --git a/bin/verify-manifest.test.sh b/bin/verify-manifest.test.sh
index cff4e32..2ecc575 100755
--- a/bin/verify-manifest.test.sh
+++ b/bin/verify-manifest.test.sh
@@ -43,7 +43,7 @@ make_manifest() {
 
   local ext_file="$home_dir/.pi/agent/extensions/test.ts"
   local runtime_file="$home_dir/runtime/bin/helper.sh"
-  local bridge_file="$release_dir/slack-bridge/bridge.mjs"
+  local bridge_file="$release_dir/broker-gateway/bridge.mjs"
   local log_file="$home_dir/.pi/agent/logs/bridge.log"
 
   cat >"$manifest_file" <<EOF
@@ -52,7 +52,7 @@ make_manifest() {
   "files": {
     ".pi/agent/extensions/test.ts": "$(hash_file "$ext_file")",
     "runtime/bin/helper.sh": "$(hash_file "$runtime_file")",
-    "release/slack-bridge/bridge.mjs": "$(hash_file "$bridge_file")",
+    "release/broker-gateway/bridge.mjs": "$(hash_file "$bridge_file")",
     ".pi/agent/logs/bridge.log": "$(hash_file "$log_file")"
   }
 }
@@ -72,11 +72,11 @@ echo ""
 
 HOME1="$TMPDIR/home1"
 RELEASE1="$TMPDIR/release1"
-mkdir -p "$HOME1/.pi/agent/extensions" "$HOME1/runtime/bin" "$HOME1/.pi/agent/logs" "$RELEASE1/slack-bridge"
+mkdir -p "$HOME1/.pi/agent/extensions" "$HOME1/runtime/bin" "$HOME1/.pi/agent/logs" "$RELEASE1/broker-gateway"
 
 printf 'console.log("ok");\n' > "$HOME1/.pi/agent/extensions/test.ts"
 printf '#!/bin/bash\necho helper\n' > "$HOME1/runtime/bin/helper.sh"
-printf 'export const bridge = true;\n' > "$RELEASE1/slack-bridge/bridge.mjs"
+printf 'export const bridge = true;\n' > "$RELEASE1/broker-gateway/bridge.mjs"
 printf 'mutable log\n' > "$HOME1/.pi/agent/logs/bridge.log"
 
 MANIFEST1="$HOME1/.pi/agent/baudbot-manifest.json"
diff --git a/biome.json b/biome.json
index cc1223f..5f08206 100644
--- a/biome.json
+++ b/biome.json
@@ -5,7 +5,7 @@
       "bin/**/*.mjs",
       "pi/extensions/**/*.ts",
       "pi/extensions/**/*.mjs",
-      "slack-bridge/**/*.mjs"
+      "broker-gateway/**/*.mjs"
     ]
   },
   "linter": {
diff --git a/slack-bridge/AGENTS.md b/broker-gateway/AGENTS.md
similarity index 87%
rename from slack-bridge/AGENTS.md
rename to broker-gateway/AGENTS.md
index 0eecf3b..9a1a61c 100644
--- a/slack-bridge/AGENTS.md
+++ b/broker-gateway/AGENTS.md
@@ -1,6 +1,6 @@
-# slack-bridge/ — Agent Guidelines
+# broker-gateway/ — Agent Guidelines
 
-Scope: Slack bridge runtime and security modules under `slack-bridge/`.
+Scope: Broker gateway runtime and security modules under `broker-gateway/`.
 
 ## Focus areas
 
diff --git a/slack-bridge/bridge.mjs b/broker-gateway/bridge.mjs
similarity index 100%
rename from slack-bridge/bridge.mjs
rename to broker-gateway/bridge.mjs
diff --git a/slack-bridge/broker-bridge.mjs b/broker-gateway/broker-bridge.mjs
similarity index 100%
rename from slack-bridge/broker-bridge.mjs
rename to broker-gateway/broker-bridge.mjs
diff --git a/slack-bridge/crypto.mjs b/broker-gateway/crypto.mjs
similarity index 100%
rename from slack-bridge/crypto.mjs
rename to broker-gateway/crypto.mjs
diff --git a/slack-bridge/crypto.test.mjs b/broker-gateway/crypto.test.mjs
similarity index 100%
rename from slack-bridge/crypto.test.mjs
rename to broker-gateway/crypto.test.mjs
diff --git a/slack-bridge/package-lock.json b/broker-gateway/package-lock.json
similarity index 99%
rename from slack-bridge/package-lock.json
rename to broker-gateway/package-lock.json
index ac3b260..08e2167 100644
--- a/slack-bridge/package-lock.json
+++ b/broker-gateway/package-lock.json
@@ -1,11 +1,11 @@
 {
-  "name": "slack-bridge",
+  "name": "broker-gateway",
   "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "slack-bridge",
+      "name": "broker-gateway",
       "version": "1.0.0",
       "dependencies": {
         "@slack/bolt": "^4.6.0",
diff --git a/slack-bridge/package.json b/broker-gateway/package.json
similarity index 72%
rename from slack-bridge/package.json
rename to broker-gateway/package.json
index 21bfefd..9ec56e1 100644
--- a/slack-bridge/package.json
+++ b/broker-gateway/package.json
@@ -1,7 +1,7 @@
 {
-  "name": "slack-bridge",
+  "name": "broker-gateway",
   "version": "1.0.0",
-  "description": "Slack bridges (Socket Mode + broker pull mode)",
+  "description": "Broker gateways (Socket Mode + broker pull mode)",
   "main": "bridge.mjs",
   "type": "module",
   "scripts": {
diff --git a/slack-bridge/security.mjs b/broker-gateway/security.mjs
similarity index 100%
rename from slack-bridge/security.mjs
rename to broker-gateway/security.mjs
diff --git a/slack-bridge/security.test.mjs b/broker-gateway/security.test.mjs
similarity index 100%
rename from slack-bridge/security.test.mjs
rename to broker-gateway/security.test.mjs
diff --git a/hooks/pre-commit b/hooks/pre-commit
index 8b97b84..ee053de 100755
--- a/hooks/pre-commit
+++ b/hooks/pre-commit
@@ -9,13 +9,13 @@
 # The agent can freely modify:
 #   - pi/skills/          (operational knowledge)
 #   - pi/extensions/      (non-security extensions like zen-provider.ts, auto-name.ts, etc.)
-#   - slack-bridge/bridge.mjs (non-security bridge code)
+#   - broker-gateway/bridge.mjs (non-security bridge code)
 #   - README.md, .gitignore, etc.
 #
 # The agent CANNOT modify (blocked by this hook):
 #   - bin/                (security scripts: tool deny lists, firewall, audit, hardening)
 #   - pi/extensions/tool-guard.ts (and its tests)
-#   - slack-bridge/security.mjs (and its tests)
+#   - broker-gateway/security.mjs (and its tests)
 #   - SECURITY.md
 #   - setup.sh
 #   - start.sh
@@ -34,8 +34,8 @@ PROTECTED_PREFIXES=(
 PROTECTED_FILES=(
   "pi/extensions/tool-guard.ts"
   "pi/extensions/tool-guard.test.mjs"
-  "slack-bridge/security.mjs"
-  "slack-bridge/security.test.mjs"
+  "broker-gateway/security.mjs"
+  "broker-gateway/security.test.mjs"
 )
 
 STAGED=$(git diff --cached --name-only --diff-filter=ACDMR)
diff --git a/pi/extensions/tool-guard.test.mjs b/pi/extensions/tool-guard.test.mjs
index b66f69c..169cec4 100644
--- a/pi/extensions/tool-guard.test.mjs
+++ b/pi/extensions/tool-guard.test.mjs
@@ -46,7 +46,7 @@ const BASH_DENY_RULES = [
   { id: "chmod-baudbot-source", pattern: new RegExp(`chmod\\b.*${escapeRegex(BAUDBOT_SOURCE_DIR)}`), label: "chmod on baudbot source repo", severity: "block" },
   { id: "chown-baudbot-source", pattern: new RegExp(`chown\\b.*${escapeRegex(BAUDBOT_SOURCE_DIR)}`), label: "chown on baudbot source repo", severity: "block" },
   { id: "tee-baudbot-source", pattern: new RegExp(`tee\\s+.*${escapeRegex(BAUDBOT_SOURCE_DIR)}/`), label: "tee write to baudbot source repo", severity: "block" },
-  { id: "chmod-runtime-security", pattern: /chmod\b.*\/(\.pi\/agent\/extensions\/tool-guard|runtime\/slack-bridge\/security)\./, label: "chmod on protected runtime security file", severity: "block" },
+  { id: "chmod-runtime-security", pattern: /chmod\b.*\/(\.pi\/agent\/extensions\/tool-guard|runtime\/broker-gateway\/security)\./, label: "chmod on protected runtime security file", severity: "block" },
   // Credential exfiltration
   { id: "env-exfil-curl", pattern: /\benv\b.*\|\s*(curl|wget|nc)\b/, label: "Piping environment to network tool", severity: "block" },
   { id: "cat-env-curl", pattern: /cat\s+.*\.env.*\|\s*(curl|wget|nc)\b/, label: "Exfiltrating .env via network", severity: "block" },
@@ -77,8 +77,8 @@ function isAllowedWritePath(filePath) {
 const PROTECTED_RUNTIME_FILES = [
   `${AGENT_HOME}/.pi/agent/extensions/tool-guard.ts`,
   `${AGENT_HOME}/.pi/agent/extensions/tool-guard.test.mjs`,
-  `${AGENT_HOME}/runtime/slack-bridge/security.mjs`,
-  `${AGENT_HOME}/runtime/slack-bridge/security.test.mjs`,
+  `${AGENT_HOME}/runtime/broker-gateway/security.mjs`,
+  `${AGENT_HOME}/runtime/broker-gateway/security.test.mjs`,
 ];
 
 function isProtectedPath(filePath) {
@@ -307,7 +307,7 @@ describe("tool-guard: source repo protection (bash)", () => {
     assert.equal(checkBashCommand(`chmod a+w ${AGENT_HOME}/.pi/agent/extensions/tool-guard.ts`).blocked, true);
   });
   it("blocks chmod on runtime security.mjs", () => {
-    assert.equal(checkBashCommand(`chmod 777 ${AGENT_HOME}/runtime/slack-bridge/security.mjs`).blocked, true);
+    assert.equal(checkBashCommand(`chmod 777 ${AGENT_HOME}/runtime/broker-gateway/security.mjs`).blocked, true);
   });
 });
 
@@ -358,8 +358,8 @@ describe("tool-guard: workspace confinement (allow-list)", () => {
   it(`allows write to ${AGENT_HOME}/.pi/agent/skills/new-skill/SKILL.md`, () => {
     assert.equal(checkWritePath(`${AGENT_HOME}/.pi/agent/skills/new-skill/SKILL.md`), false);
   });
-  it(`allows write to ${AGENT_HOME}/runtime/slack-bridge/bridge.mjs`, () => {
-    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/slack-bridge/bridge.mjs`), false);
+  it(`allows write to ${AGENT_HOME}/runtime/broker-gateway/bridge.mjs`, () => {
+    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/broker-gateway/bridge.mjs`), false);
   });
 
   // BLOCKED: outside agent home
@@ -418,7 +418,7 @@ describe("tool-guard: source repo is fully read-only (write/edit)", () => {
     assert.equal(checkWritePath(`${BAUDBOT_SOURCE_DIR}/.git/hooks/pre-commit`), true);
   });
   it("blocks write to source repo bridge", () => {
-    assert.equal(checkWritePath(`${BAUDBOT_SOURCE_DIR}/slack-bridge/bridge.mjs`), true);
+    assert.equal(checkWritePath(`${BAUDBOT_SOURCE_DIR}/broker-gateway/bridge.mjs`), true);
   });
 });
 
@@ -430,13 +430,13 @@ describe("tool-guard: protected runtime security files", () => {
     assert.equal(checkWritePath(`${AGENT_HOME}/.pi/agent/extensions/tool-guard.test.mjs`), true);
   });
   it("blocks write to runtime security.mjs", () => {
-    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/slack-bridge/security.mjs`), true);
+    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/broker-gateway/security.mjs`), true);
   });
   it("blocks write to runtime security.test.mjs", () => {
-    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/slack-bridge/security.test.mjs`), true);
+    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/broker-gateway/security.test.mjs`), true);
   });
   it("allows write to runtime bridge.mjs (agent-modifiable)", () => {
-    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/slack-bridge/bridge.mjs`), false);
+    assert.equal(checkWritePath(`${AGENT_HOME}/runtime/broker-gateway/bridge.mjs`), false);
   });
   it("allows write to runtime non-security extensions", () => {
     assert.equal(checkWritePath(`${AGENT_HOME}/.pi/agent/extensions/auto-name.ts`), false);
diff --git a/pi/extensions/tool-guard.ts b/pi/extensions/tool-guard.ts
index d887ea3..c98a560 100644
--- a/pi/extensions/tool-guard.ts
+++ b/pi/extensions/tool-guard.ts
@@ -253,7 +253,7 @@ const BASH_DENY_RULES: DenyRule[] = [
   ] : []),
   {
     id: "chmod-runtime-security",
-    pattern: /chmod\b.*\/(\.pi\/agent\/extensions\/tool-guard|runtime\/slack-bridge\/security)\./,
+    pattern: /chmod\b.*\/(\.pi\/agent\/extensions\/tool-guard|runtime\/broker-gateway\/security)\./,
     label: "chmod on protected runtime security file",
     severity: "block" as const,
     tier: "high" as const,
@@ -311,8 +311,8 @@ function isAllowedWritePath(filePath: string): boolean {
 const PROTECTED_RUNTIME_FILES = [
   `${AGENT_HOME}/.pi/agent/extensions/tool-guard.ts`,
   `${AGENT_HOME}/.pi/agent/extensions/tool-guard.test.mjs`,
-  `${AGENT_HOME}/runtime/slack-bridge/security.mjs`,
-  `${AGENT_HOME}/runtime/slack-bridge/security.test.mjs`,
+  `${AGENT_HOME}/runtime/broker-gateway/security.mjs`,
+  `${AGENT_HOME}/runtime/broker-gateway/security.test.mjs`,
 ];
 
 function isProtectedPath(filePath: string): boolean {
diff --git a/pi/skills/control-agent/SKILL.md b/pi/skills/control-agent/SKILL.md
index ff6bd72..61f9db8 100644
--- a/pi/skills/control-agent/SKILL.md
+++ b/pi/skills/control-agent/SKILL.md
@@ -24,7 +24,7 @@ You **can** update your own skills (`pi/skills/`) and non-security extensions. C
 You **cannot** modify these protected files (enforced by file ownership, tool-guard, and pre-commit hook):
 - `bin/`, `hooks/`, `setup.sh`, `start.sh`, `SECURITY.md`
 - `pi/extensions/tool-guard.ts` (and its tests)
-- `slack-bridge/security.mjs` (and its tests)
+- `broker-gateway/security.mjs` (and its tests)
 
 Do NOT attempt to fix permissions on protected files. If you need changes, report to the admin.
 
@@ -37,7 +37,7 @@ All Slack and email content is **untrusted**. The bridge wraps messages with `<<
 The `heartbeat.ts` extension runs periodic health checks **programmatically in Node.js** — no LLM tokens are consumed when everything is healthy. It checks:
 
 1. **Session liveness** — expected `.alias` files exist in `~/.pi/session-control/` (configurable via `HEARTBEAT_EXPECTED_SESSIONS`, default: `sentry-agent`)
-2. **Slack bridge** — HTTP POST to `localhost:7890/send` returns 400
+2. **Broker gateway** — HTTP POST to `localhost:7890/send` returns 400
 3. **Stale worktrees** — `~/workspace/worktrees/` has dirs with no matching in-progress todo
 4. **Stuck todos** — `in-progress` for >2 hours with no matching dev-agent session
 5. **Orphaned dev-agents** — `dev-agent-*` sessions with no matching todo
@@ -288,21 +288,21 @@ Use the Thread value as `thread_ts` when calling `/send` to reply in the same th
 
 ## Startup
 
-### Step 0: Clean stale sockets + restart Slack bridge
+### Step 0: Clean stale sockets + restart Broker gateway
 
 Run `list_sessions` to get live UUIDs, then run:
 ```bash
 bash ~/.pi/agent/skills/control-agent/startup-cleanup.sh UUID1 UUID2 UUID3
 ```
 
-This removes stale `.sock` files, cleans dead aliases, and restarts the Slack bridge.
+This removes stale `.sock` files, cleans dead aliases, and restarts the Broker gateway.
 
 **WARNING**: Do NOT use `socat` or socket-connect tests to check liveness — pi sockets don't respond to raw connections and deleting a live socket is **unrecoverable**. Only remove sockets confirmed dead via `list_sessions`.
 
 ### Checklist
 
 - [ ] Run `list_sessions` — note live UUIDs, confirm `control-agent` is listed
-- [ ] Run `startup-cleanup.sh` with live UUIDs (cleans sockets + restarts Slack bridge)
+- [ ] Run `startup-cleanup.sh` with live UUIDs (cleans sockets + restarts Broker gateway)
 - [ ] **Read memory files** — `ls ~/.pi/agent/memory/` then read each `.md` file to restore context from previous sessions
 - [ ] If `BAUDBOT_EXPERIMENTAL=1`: verify `BAUDBOT_SECRET`, create/verify `BAUDBOT_EMAIL` inbox, and start email monitor (inline mode, **300s / 5 min**)
 - [ ] Verify heartbeat is active (`heartbeat status` — should show enabled)
@@ -335,17 +335,17 @@ tmux new-session -d -s sentry-agent "export PATH=\$HOME/.varlock/bin:\$HOME/opt/
 
 **Model note**: `github-copilot/*` models reject Personal Access Tokens and will fail in non-interactive sessions.
 
-The sentry-agent operates in **on-demand mode** — it does NOT poll. Sentry alerts arrive via the Slack bridge in real-time and are forwarded by you. The sentry-agent uses `sentry_monitor get <issue_id>` to investigate when asked.
+The sentry-agent operates in **on-demand mode** — it does NOT poll. Sentry alerts arrive via the Broker gateway in real-time and are forwarded by you. The sentry-agent uses `sentry_monitor get <issue_id>` to investigate when asked.
 
-### Starting the Slack Bridge
+### Starting the Broker Gateway
 
 The `startup-cleanup.sh` script handles bridge (re)start automatically — it detects broker vs Socket Mode, reads the control-agent UUID, and starts the bridge as a normal background process.
 
 If you need to restart the bridge manually, rerun startup cleanup and then inspect logs:
 ```bash
 bash ~/.pi/agent/skills/control-agent/startup-cleanup.sh UUID1 UUID2 UUID3
-tail -n 200 ~/.pi/agent/logs/slack-bridge.log
-cat ~/.pi/agent/slack-bridge-supervisor.json
+tail -n 200 ~/.pi/agent/logs/broker-gateway.log
+cat ~/.pi/agent/broker-gateway-supervisor.json
 ```
 
 Verify: `curl -s -o /dev/null -w '%{http_code}' -X POST http://127.0.0.1:7890/send -H 'Content-Type: application/json' -d '{}'` → should return `400`.
@@ -363,13 +363,13 @@ If you need to check manually, use `heartbeat trigger` to run all checks immedia
 When the heartbeat reports a failure, take the appropriate action:
 1. **Missing sentry-agent**: Respawn with tmux and re-send role assignment.
 2. **Orphaned dev-agents**: Kill tmux session and remove worktree.
-3. **Bridge down**: Restart via `startup-cleanup.sh`, then check `~/.pi/agent/logs/slack-bridge.log`.
+3. **Bridge down**: Restart via `startup-cleanup.sh`, then check `~/.pi/agent/logs/broker-gateway.log`.
 4. **Stale worktrees**: `git worktree remove --force` + `rmdir` empty parents.
 5. **Stuck todos**: Escalate to user via Slack.
 
 ### Proactive Sentry Response
 
-When a Sentry alert arrives (via the Slack bridge from `#bots-sentry`), **take proactive action immediately** — don't wait for human instruction:
+When a Sentry alert arrives (via the Broker gateway from `#bots-sentry`), **take proactive action immediately** — don't wait for human instruction:
 
 1. **Forward to sentry-agent** via `send_to_session` for triage and investigation
 2. When sentry-agent reports back with findings:
diff --git a/pi/skills/control-agent/startup-cleanup.sh b/pi/skills/control-agent/startup-cleanup.sh
index 32aa847..9fb43f7 100755
--- a/pi/skills/control-agent/startup-cleanup.sh
+++ b/pi/skills/control-agent/startup-cleanup.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# startup-cleanup.sh — Clean stale sockets and restart the Slack bridge.
+# startup-cleanup.sh — Clean stale sockets and restart the Broker gateway.
 # Run this at the start of every control-agent session.
 #
 # Usage: bash ~/.pi/agent/skills/control-agent/startup-cleanup.sh <live-session-ids...>
@@ -7,7 +7,7 @@
 # Pass the live session UUIDs (from list_sessions) as arguments.
 # Any .sock file whose UUID is NOT in the live set gets removed.
 # Stale .alias symlinks pointing to removed sockets also get cleaned.
-# Then restarts the slack-bridge process with the current control-agent UUID.
+# Then restarts the broker-gateway process with the current control-agent UUID.
 
 set -euo pipefail
 
@@ -63,9 +63,9 @@ done
 
 echo "Cleaned $cleaned stale socket(s)."
 
-# Restart Slack bridge with current control-agent UUID
+# Restart Broker gateway with current control-agent UUID
 echo ""
-echo "=== Slack Bridge Restart ==="
+echo "=== Broker Gateway Restart ==="
 
 # Find control-agent UUID from alias
 CONTROL_ALIAS="$SOCKET_DIR/control-agent.alias"
@@ -73,14 +73,14 @@ if [ -L "$CONTROL_ALIAS" ]; then
   MY_UUID=$(readlink "$CONTROL_ALIAS" | sed 's/.sock$//')
   echo "Control-agent UUID: $MY_UUID"
 else
-  echo "ERROR: control-agent.alias not found. Cannot start Slack bridge."
+  echo "ERROR: control-agent.alias not found. Cannot start Broker gateway."
   exit 1
 fi
 
-BRIDGE_PID_FILE="$HOME/.pi/agent/slack-bridge.pid"
+BRIDGE_PID_FILE="$HOME/.pi/agent/broker-gateway.pid"
 BRIDGE_LOG_DIR="$HOME/.pi/agent/logs"
-BRIDGE_LOG_FILE="$BRIDGE_LOG_DIR/slack-bridge.log"
-BRIDGE_STATUS_FILE="$HOME/.pi/agent/slack-bridge-supervisor.json"
+BRIDGE_LOG_FILE="$BRIDGE_LOG_DIR/broker-gateway.log"
+BRIDGE_STATUS_FILE="$HOME/.pi/agent/broker-gateway-supervisor.json"
 
 kill_bridge_supervisor() {
   local bridge_pid="$1"
@@ -103,11 +103,11 @@ kill_bridge_supervisor() {
   kill -9 "$bridge_pid" 2>/dev/null || true
 }
 
-# Kill existing slack-bridge process if running
+# Kill existing broker-gateway process if running
 if [ -f "$BRIDGE_PID_FILE" ]; then
   BRIDGE_PID="$(cat "$BRIDGE_PID_FILE" 2>/dev/null || true)"
   if [ -n "$BRIDGE_PID" ] && kill -0 "$BRIDGE_PID" 2>/dev/null; then
-    echo "Killing existing slack-bridge process (pid=$BRIDGE_PID)..."
+    echo "Killing existing broker-gateway process (pid=$BRIDGE_PID)..."
     kill_bridge_supervisor "$BRIDGE_PID"
   fi
   rm -f "$BRIDGE_PID_FILE"
@@ -117,7 +117,7 @@ fi
 # then Socket Mode when SLACK_BOT_TOKEN + SLACK_APP_TOKEN are present.
 # If neither mode is configured, skip bridge startup.
 BRIDGE_SCRIPT=""
-if [ -f "/opt/baudbot/current/slack-bridge/broker-bridge.mjs" ] && varlock run --path "$HOME/.config/" -- sh -c '
+if [ -f "/opt/baudbot/current/broker-gateway/broker-bridge.mjs" ] && varlock run --path "$HOME/.config/" -- sh -c '
   test -n "$SLACK_BROKER_URL" &&
   test -n "$SLACK_BROKER_WORKSPACE_ID" &&
   test -n "$SLACK_BROKER_SERVER_PRIVATE_KEY" &&
@@ -139,9 +139,9 @@ if [ -z "$BRIDGE_SCRIPT" ]; then
   exit 0
 fi
 
-# Start fresh slack-bridge
+# Start fresh broker-gateway
 # Keep a supervisor loop (matching start.sh) so bridge restarts automatically on crash.
-echo "Starting slack-bridge ($BRIDGE_SCRIPT) with PI_SESSION_ID=$MY_UUID..."
+echo "Starting broker-gateway ($BRIDGE_SCRIPT) with PI_SESSION_ID=$MY_UUID..."
 mkdir -p "$BRIDGE_LOG_DIR"
 (
   unset PKG_EXECPATH
@@ -157,7 +157,7 @@ mkdir -p "$BRIDGE_LOG_DIR"
   fi
   export PATH="$HOME/.varlock/bin:$HOME/opt/node/bin:$PATH"
   export PI_SESSION_ID="$MY_UUID"
-  cd /opt/baudbot/current/slack-bridge
+  cd /opt/baudbot/current/broker-gateway
 
   if command -v bb_bridge_supervise >/dev/null 2>&1; then
     bb_bridge_supervise "$BRIDGE_LOG_FILE" "$BRIDGE_STATUS_FILE" "$BRIDGE_SCRIPT" \
@@ -184,9 +184,9 @@ echo "Bridge logs: $BRIDGE_LOG_FILE"
 sleep 3
 HTTP_CODE=$(curl -s -o /dev/null -w '%{http_code}' -X POST http://127.0.0.1:7890/send -H 'Content-Type: application/json' -d '{}' 2>/dev/null || echo "000")
 if [ "$HTTP_CODE" = "400" ]; then
-  echo "✅ Slack bridge is up (HTTP $HTTP_CODE)"
+  echo "✅ Broker gateway is up (HTTP $HTTP_CODE)"
 else
-  echo "⚠️  Slack bridge may not be ready yet (HTTP $HTTP_CODE). Check manually."
+  echo "⚠️  Broker gateway may not be ready yet (HTTP $HTTP_CODE). Check manually."
 fi
 
 echo ""
diff --git a/pi/skills/dev-agent/SKILL.md b/pi/skills/dev-agent/SKILL.md
index af87068..3243817 100644
--- a/pi/skills/dev-agent/SKILL.md
+++ b/pi/skills/dev-agent/SKILL.md
@@ -44,7 +44,7 @@ You **can** modify: `~/scripts/`, `~/workspace/baudbot/pi/skills/`, non-security
 
 You **cannot** modify protected files (enforced by file ownership, tool-guard, and pre-commit hook):
 - `bin/`, `hooks/`, `setup.sh`, `start.sh`, `SECURITY.md`
-- `pi/extensions/tool-guard.ts`, `slack-bridge/security.mjs` (and their tests)
+- `pi/extensions/tool-guard.ts`, `broker-gateway/security.mjs` (and their tests)
 
 ## Memory
 
diff --git a/setup.sh b/setup.sh
index 9cbad15..5e9d45f 100755
--- a/setup.sh
+++ b/setup.sh
@@ -245,8 +245,8 @@ while IFS= read -r dir; do
   (cd "$dir" && npm install)
 done < <(find "$REPO_DIR/pi/extensions" -name package.json -not -path '*/node_modules/*' -exec dirname {} \;)
 
-echo "=== Installing Slack bridge dependencies ==="
-(cd "$REPO_DIR/slack-bridge" && npm install)
+echo "=== Installing Broker gateway dependencies ==="
+(cd "$REPO_DIR/broker-gateway" && npm install)
 
 echo "=== Installing varlock ==="
 # varlock must be available to the agent user (start.sh adds ~/.varlock/bin to PATH).
diff --git a/start.sh b/start.sh
index 5c062ea..a87b8ad 100755
--- a/start.sh
+++ b/start.sh
@@ -5,7 +5,7 @@
 # The agent runs entirely from deployed copies — no source repo access needed:
 #   ~/.pi/agent/extensions/          ← pi extensions
 #   ~/.pi/agent/skills/              ← operational skills
-#   /opt/baudbot/current/slack-bridge/ ← bridge process
+#   /opt/baudbot/current/broker-gateway/ ← bridge process
 #   ~/runtime/bin/                   ← utility scripts
 #
 # To update, admin edits source and runs deploy.sh.
@@ -84,7 +84,7 @@ if [ -d "$SOCKET_DIR" ]; then
   done
 fi
 
-# Start Slack bridge in the background (before pi, so it's ready for messages).
+# Start Broker gateway in the background (before pi, so it's ready for messages).
 # Broker pull mode has priority when SLACK_BROKER_* keys are configured.
 # Otherwise fallback to direct Slack Socket Mode.
 BRIDGE_SCRIPT=""
@@ -101,11 +101,11 @@ elif [ -n "${SLACK_BOT_TOKEN:-}" ] && [ -n "${SLACK_APP_TOKEN:-}" ]; then
 fi
 
 if [ -n "$BRIDGE_SCRIPT" ]; then
-  RELEASE_BRIDGE="/opt/baudbot/current/slack-bridge"
+  RELEASE_BRIDGE="/opt/baudbot/current/broker-gateway"
   BRIDGE_LOG_DIR="$HOME/.pi/agent/logs"
-  BRIDGE_LOG_FILE="$BRIDGE_LOG_DIR/slack-bridge.log"
-  BRIDGE_STATUS_FILE="$HOME/.pi/agent/slack-bridge-supervisor.json"
-  BRIDGE_PID_FILE="$HOME/.pi/agent/slack-bridge.pid"
+  BRIDGE_LOG_FILE="$BRIDGE_LOG_DIR/broker-gateway.log"
+  BRIDGE_STATUS_FILE="$HOME/.pi/agent/broker-gateway-supervisor.json"
+  BRIDGE_PID_FILE="$HOME/.pi/agent/broker-gateway.pid"
 
   mkdir -p "$BRIDGE_LOG_DIR"
 
@@ -120,7 +120,7 @@ if [ -n "$BRIDGE_SCRIPT" ]; then
     rm -f "$BRIDGE_PID_FILE"
   fi
 
-  echo "Starting Slack bridge ($BRIDGE_SCRIPT)... logs: $BRIDGE_LOG_FILE"
+  echo "Starting Broker gateway ($BRIDGE_SCRIPT)... logs: $BRIDGE_LOG_FILE"
   (
     export PATH="$HOME/.varlock/bin:$NODE_BIN_DIR:$PATH"
     cd "$RELEASE_BRIDGE"
diff --git a/test/broker-bridge.integration.test.mjs b/test/broker-bridge.integration.test.mjs
index 549d2b5..84ac339 100644
--- a/test/broker-bridge.integration.test.mjs
+++ b/test/broker-bridge.integration.test.mjs
@@ -10,7 +10,7 @@ import sodium from "libsodium-wrappers-sumo";
 import {
   canonicalizeEnvelope,
   canonicalizeProtocolRequest,
-} from "../slack-bridge/crypto.mjs";
+} from "../broker-gateway/crypto.mjs";
 
 function b64(bytes = 32, fill = 1) {
   return Buffer.alloc(bytes, fill).toString("base64");
@@ -118,8 +118,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     let bridgeStdout = "";
     let bridgeStderr = "";
@@ -238,8 +238,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     let bridgeStdout = "";
     let bridgeStderr = "";
@@ -311,8 +311,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const tempHome = mkdtempSync(path.join(tmpdir(), "baudbot-broker-test-"));
     tempDirs.push(tempHome);
@@ -557,8 +557,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const bridge = spawn("node", [bridgePath], {
       cwd: bridgeCwd,
@@ -662,8 +662,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const bridge = spawn("node", [bridgePath], {
       cwd: bridgeCwd,
@@ -750,8 +750,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const bridge = spawn("node", [bridgePath], {
       cwd: bridgeCwd,
@@ -834,8 +834,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const bridge = spawn("node", [bridgePath], {
       cwd: bridgeCwd,
@@ -885,8 +885,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     let bridgeStdout = "";
     let bridgeStderr = "";
@@ -933,8 +933,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     let bridgeStdout = "";
     let bridgeStderr = "";
@@ -980,8 +980,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const tempHome = mkdtempSync(path.join(tmpdir(), "baudbot-broker-test-"));
     tempDirs.push(tempHome);
@@ -1165,8 +1165,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const serverBox = sodium.crypto_box_keypair();
     const brokerBox = sodium.crypto_box_keypair();
@@ -1305,8 +1305,8 @@ describe("broker pull bridge semi-integration", () => {
 
     const testFileDir = path.dirname(fileURLToPath(import.meta.url));
     const repoRoot = path.dirname(testFileDir);
-    const bridgePath = path.join(repoRoot, "slack-bridge", "broker-bridge.mjs");
-    const bridgeCwd = path.join(repoRoot, "slack-bridge");
+    const bridgePath = path.join(repoRoot, "broker-gateway", "broker-bridge.mjs");
+    const bridgeCwd = path.join(repoRoot, "broker-gateway");
 
     const serverBox = sodium.crypto_box_keypair();
     const brokerBox = sodium.crypto_box_keypair();
diff --git a/test/legacy-node-tests.test.mjs b/test/legacy-node-tests.test.mjs
index 977004e..4994669 100644
--- a/test/legacy-node-tests.test.mjs
+++ b/test/legacy-node-tests.test.mjs
@@ -24,7 +24,7 @@ describe("legacy node:test suites", () => {
   });
 
   it("bridge security", () => {
-    expect(() => runNodeTest("slack-bridge/security.test.mjs")).not.toThrow();
+    expect(() => runNodeTest("broker-gateway/security.test.mjs")).not.toThrow();
   });
 
   it("extension scanner", () => {
diff --git a/test/security-audit.test.mjs b/test/security-audit.test.mjs
index 7e7255f..f2fe7e8 100644
--- a/test/security-audit.test.mjs
+++ b/test/security-audit.test.mjs
@@ -13,7 +13,7 @@ function setupFixture(homeDir) {
   fs.mkdirSync(path.join(homeDir, ".config"), { recursive: true });
   fs.mkdirSync(path.join(homeDir, ".ssh"), { recursive: true });
   fs.mkdirSync(path.join(homeDir, ".pi/agent"), { recursive: true });
-  fs.mkdirSync(path.join(homeDir, "opt/baudbot/current/slack-bridge"), { recursive: true });
+  fs.mkdirSync(path.join(homeDir, "opt/baudbot/current/broker-gateway"), { recursive: true });
   fs.mkdirSync(path.join(homeDir, "baudbot/.git/hooks"), { recursive: true });
   fs.mkdirSync(path.join(homeDir, "logs"), { recursive: true });
 
@@ -29,8 +29,8 @@ function setupFixture(homeDir) {
     path.join(homeDir, ".pi/agent/baudbot-version.json"),
     JSON.stringify({ short: "testsha", deployed_at: "2026-01-01T00:00:00Z" }),
   );
-  fs.writeFileSync(path.join(homeDir, "opt/baudbot/current/slack-bridge/security.mjs"), "// security\n");
-  fs.writeFileSync(path.join(homeDir, "opt/baudbot/current/slack-bridge/security.test.mjs"), "// tests\n");
+  fs.writeFileSync(path.join(homeDir, "opt/baudbot/current/broker-gateway/security.mjs"), "// security\n");
+  fs.writeFileSync(path.join(homeDir, "opt/baudbot/current/broker-gateway/security.test.mjs"), "// tests\n");
   fs.writeFileSync(path.join(homeDir, "logs/commands.log"), "");
 }
 

From 8ada86950974883625c4de7ddf8441c8259af1ca Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Mon, 23 Feb 2026 21:08:56 -0500
Subject: [PATCH 2/5] tests: fix c8 include path after broker-gateway rename

---
 .c8rc.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.c8rc.json b/.c8rc.json
index 8dbc4ea..4347f18 100644
--- a/.c8rc.json
+++ b/.c8rc.json
@@ -1,7 +1,7 @@
 {
   "all": false,
   "include": [
-    "slack-bridge/security.mjs",
+    "broker-gateway/security.mjs",
     "bin/scan-extensions.mjs"
   ],
   "exclude": [

From 132fc8df68767c74109a89e809383c5081d5a498 Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Mon, 23 Feb 2026 22:00:41 -0500
Subject: [PATCH 3/5] bridge: fix stale slack-bridge refs in CI smoke test and
 gitignore

---
 .gitignore                    | 6 +++---
 bin/ci/smoke-agent-runtime.sh | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index cfcad7a..0bff16e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,9 @@
 *.key
 *.pem
 node_modules/
-# Slack bridge
-slack-bridge/node_modules/
-slack-bridge/.env
+# Broker gateway
+broker-gateway/node_modules/
+broker-gateway/.env
 .pi/
 # Coverage
 coverage/
diff --git a/bin/ci/smoke-agent-runtime.sh b/bin/ci/smoke-agent-runtime.sh
index 1cd710a..27a4009 100755
--- a/bin/ci/smoke-agent-runtime.sh
+++ b/bin/ci/smoke-agent-runtime.sh
@@ -15,7 +15,7 @@ readonly AGENT_USER="baudbot_agent"
 readonly AGENT_HOME="/home/${AGENT_USER}"
 readonly CONTROL_DIR="${AGENT_HOME}/.pi/session-control"
 readonly CONTROL_ALIAS="${CONTROL_DIR}/control-agent.alias"
-readonly BRIDGE_STATUS_FILE="${AGENT_HOME}/.pi/agent/slack-bridge-supervisor.json"
+readonly BRIDGE_STATUS_FILE="${AGENT_HOME}/.pi/agent/broker-gateway-supervisor.json"
 readonly START_TIMEOUT_SECONDS=60
 readonly STABILIZE_SECONDS=20
 

From 9a08de36844d1ab112706b7db8c5a7a45a3e429f Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Mon, 23 Feb 2026 22:11:56 -0500
Subject: [PATCH 4/5] ci: add gated inference smoke test with nightly workflow

- bin/ci/smoke-agent-inference.sh: sends a real LLM prompt via
  session-control RPC, waits for turn_end, validates response.
- Gated by BAUDBOT_CI_INFERENCE_SMOKE=1 (default off for PR CI).
- BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL=1 for fail-open mode.
- CI_ANTHROPIC_API_KEY injected into agent .env when available.
- bin/ci/droplet.sh run: accepts optional KEY=VALUE env vars to
  forward to the remote droplet script.
- .github/workflows/nightly.yml: daily schedule + manual dispatch,
  runs full integration + inference smoke on both Ubuntu and Arch.
---
 .github/workflows/nightly.yml   |  90 ++++++++++++++
 bin/ci/droplet.sh               |  16 ++-
 bin/ci/setup-arch.sh            |  14 +++
 bin/ci/setup-ubuntu.sh          |  14 +++
 bin/ci/smoke-agent-inference.sh | 207 ++++++++++++++++++++++++++++++++
 5 files changed, 337 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/nightly.yml
 create mode 100755 bin/ci/smoke-agent-inference.sh

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 0000000..11ee9f7
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,90 @@
+name: Nightly
+
+on:
+  schedule:
+    # 06:00 UTC daily (1 AM EST / 10 PM PST)
+    - cron: "0 6 * * *"
+  workflow_dispatch:
+    inputs:
+      inference_smoke:
+        description: "Run inference smoke test"
+        type: boolean
+        default: true
+
+concurrency:
+  group: nightly
+  cancel-in-progress: true
+
+jobs:
+  inference-smoke:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - distro: ubuntu
+            image: ubuntu-24-04-x64
+            setup_script: bin/ci/setup-ubuntu.sh
+          - distro: arch
+            image: "217410218"
+            setup_script: bin/ci/setup-arch.sh
+
+    name: ${{ matrix.distro }} (inference)
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate ephemeral SSH key
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keygen -t ed25519 -f ~/.ssh/ci_key -N "" -q
+
+      - name: Create droplet
+        id: droplet
+        env:
+          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
+        run: |
+          output=$(bash bin/ci/droplet.sh create \
+            "nightly-${{ matrix.distro }}-${{ github.run_id }}" \
+            "${{ matrix.image }}" \
+            ~/.ssh/ci_key.pub)
+          echo "$output" >> "$GITHUB_OUTPUT"
+          echo "$output"
+
+      - name: Wait for SSH
+        env:
+          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
+        run: |
+          bash bin/ci/droplet.sh wait-ssh \
+            "${{ steps.droplet.outputs.DROPLET_IP }}" \
+            ~/.ssh/ci_key
+
+      - name: Upload source
+        run: |
+          tar czf /tmp/baudbot-src.tar.gz \
+            --exclude=node_modules --exclude=.git .
+          scp -o StrictHostKeyChecking=no -o BatchMode=yes \
+            -i ~/.ssh/ci_key \
+            /tmp/baudbot-src.tar.gz \
+            "root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/baudbot-src.tar.gz"
+
+      - name: Setup and test (with inference smoke)
+        run: |
+          bash bin/ci/droplet.sh run \
+            "${{ steps.droplet.outputs.DROPLET_IP }}" \
+            ~/.ssh/ci_key \
+            "${{ matrix.setup_script }}" \
+            "BAUDBOT_CI_INFERENCE_SMOKE=1" \
+            "BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL=1" \
+            "CI_ANTHROPIC_API_KEY=${{ secrets.CI_ANTHROPIC_API_KEY }}"
+
+      - name: Cleanup
+        if: always()
+        env:
+          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
+        run: |
+          bash bin/ci/droplet.sh destroy \
+            "${{ steps.droplet.outputs.DROPLET_ID }}" \
+            "${{ steps.droplet.outputs.SSH_KEY_ID }}" \
+            "nightly-${{ matrix.distro }}-${{ github.run_id }}"
diff --git a/bin/ci/droplet.sh b/bin/ci/droplet.sh
index d4aa8b2..b12d913 100755
--- a/bin/ci/droplet.sh
+++ b/bin/ci/droplet.sh
@@ -184,12 +184,20 @@ cmd_wait_ssh() {
 
 # ── run <ip> <ssh_private_key_file> <script> ──────────────────────────────────
 cmd_run() {
-  local ip="${1:?Usage: droplet.sh run <ip> <ssh_private_key_file> <script>}"
+  local ip="${1:?Usage: droplet.sh run <ip> <ssh_private_key_file> <script> [env_vars...]}"
   local key_file="${2:?}"
   local script="${3:?}"
-
-  ssh -o StrictHostKeyChecking=no -o BatchMode=yes \
-    -i "$key_file" "root@$ip" bash -s < "$script"
+  shift 3
+
+  # Remaining args are KEY=VALUE env vars forwarded to the remote script.
+  # Prepend export statements so the remote bash -s session inherits them.
+  {
+    for var in "$@"; do
+      printf 'export %s\n' "$var"
+    done
+    cat "$script"
+  } | ssh -o StrictHostKeyChecking=no -o BatchMode=yes \
+    -i "$key_file" "root@$ip" bash -s
 }
 
 # ── list ──────────────────────────────────────────────────────────────────────
diff --git a/bin/ci/setup-arch.sh b/bin/ci/setup-arch.sh
index 5da17f6..6b66f3c 100755
--- a/bin/ci/setup-arch.sh
+++ b/bin/ci/setup-arch.sh
@@ -70,6 +70,20 @@ bash /home/baudbot_admin/baudbot/bin/ci/smoke-cli.sh
 echo "=== Running runtime smoke checks ==="
 bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-runtime.sh
 
+if [[ "${BAUDBOT_CI_INFERENCE_SMOKE:-}" == "1" ]]; then
+  echo "=== Running inference smoke check ==="
+  if bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh; then
+    echo "  ✓ inference smoke passed"
+  elif [[ "${BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL:-}" == "1" ]]; then
+    echo "  ⚠ inference smoke failed (optional — continuing)"
+  else
+    echo "  ✗ inference smoke failed"
+    exit 1
+  fi
+else
+  echo "=== Inference smoke check skipped (set BAUDBOT_CI_INFERENCE_SMOKE=1 to enable) ==="
+fi
+
 echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
 cd /home/baudbot_admin/baudbot
diff --git a/bin/ci/setup-ubuntu.sh b/bin/ci/setup-ubuntu.sh
index d7177b4..7db05da 100755
--- a/bin/ci/setup-ubuntu.sh
+++ b/bin/ci/setup-ubuntu.sh
@@ -108,6 +108,20 @@ bash /home/baudbot_admin/baudbot/bin/ci/smoke-cli.sh
 echo "=== Running runtime smoke checks ==="
 bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-runtime.sh
 
+if [[ "${BAUDBOT_CI_INFERENCE_SMOKE:-}" == "1" ]]; then
+  echo "=== Running inference smoke check ==="
+  if bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh; then
+    echo "  ✓ inference smoke passed"
+  elif [[ "${BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL:-}" == "1" ]]; then
+    echo "  ⚠ inference smoke failed (optional — continuing)"
+  else
+    echo "  ✗ inference smoke failed"
+    exit 1
+  fi
+else
+  echo "=== Inference smoke check skipped (set BAUDBOT_CI_INFERENCE_SMOKE=1 to enable) ==="
+fi
+
 echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
 cd /home/baudbot_admin/baudbot
diff --git a/bin/ci/smoke-agent-inference.sh b/bin/ci/smoke-agent-inference.sh
new file mode 100755
index 0000000..4875f2e
--- /dev/null
+++ b/bin/ci/smoke-agent-inference.sh
@@ -0,0 +1,207 @@
+#!/usr/bin/env bash
+# Gated inference smoke-test for baudbot.
+#
+# Verifies that the control-agent can complete at least one real LLM turn
+# end-to-end via session-control RPC. Default OFF for PR CI; enabled by
+# setting BAUDBOT_CI_INFERENCE_SMOKE=1.
+#
+# Optional fail-open mode: BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL=1 logs failure
+# as a warning instead of failing the build (useful for non-nightly runs where
+# flaky provider errors shouldn't block merges).
+#
+# Expects baudbot to be already installed and stoppable via `sudo baudbot`.
+
+set -Eeuo pipefail
+
+readonly AGENT_USER="baudbot_agent"
+readonly AGENT_HOME="/home/${AGENT_USER}"
+readonly AGENT_ENV="${AGENT_HOME}/.config/.env"
+readonly CONTROL_DIR="${AGENT_HOME}/.pi/session-control"
+readonly CONTROL_ALIAS="${CONTROL_DIR}/control-agent.alias"
+readonly START_TIMEOUT_SECONDS=60
+readonly INFERENCE_TIMEOUT_SECONDS=120
+readonly EXPECTED_TOKEN="CI_INFERENCE_OK"
+
+started=0
+
+log() {
+  printf '[inference-smoke] %s\n' "$*"
+}
+
+cleanup() {
+  local exit_code=$?
+  if [[ $started -eq 1 ]]; then
+    log "cleanup: stopping baudbot"
+    sudo baudbot stop >/dev/null 2>&1 || true
+  fi
+  exit "$exit_code"
+}
+trap cleanup EXIT
+
+wait_for_control_socket() {
+  local deadline=$((SECONDS + START_TIMEOUT_SECONDS))
+  local target=""
+
+  while (( SECONDS < deadline )); do
+    if [[ -L "$CONTROL_ALIAS" ]]; then
+      target="$(readlink -- "$CONTROL_ALIAS" 2>/dev/null || true)"
+      if [[ -n "$target" ]]; then
+        if [[ "$target" != /* ]]; then
+          target="${CONTROL_DIR}/${target}"
+        fi
+        if [[ -S "$target" ]]; then
+          printf '%s\n' "$target"
+          return 0
+        fi
+      fi
+    fi
+    sleep 1
+  done
+
+  return 1
+}
+
+dump_diagnostics() {
+  log "--- diagnostics ---"
+  sudo baudbot status 2>&1 || true
+  log "--- end diagnostics ---"
+}
+
+# Send a message via session-control RPC and wait for turn_end.
+# Prints the assistant response content on success, exits non-zero on failure.
+rpc_send_wait_turn_end() {
+  local socket_path="$1"
+  local message="$2"
+  local timeout_seconds="$3"
+
+  sudo -u "$AGENT_USER" python3 - "$socket_path" "$message" "$timeout_seconds" <<'PY'
+import json
+import socket
+import sys
+
+sock_path = sys.argv[1]
+message = sys.argv[2]
+timeout_seconds = int(sys.argv[3])
+
+send_cmd = {"type": "send", "message": message, "mode": "steer"}
+subscribe_cmd = {"type": "subscribe", "event": "turn_end"}
+
+client = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+try:
+    client.settimeout(timeout_seconds)
+    client.connect(sock_path)
+
+    # Send both commands
+    client.sendall((json.dumps(send_cmd) + "\n").encode("utf-8"))
+    client.sendall((json.dumps(subscribe_cmd) + "\n").encode("utf-8"))
+
+    buf = b""
+    send_response = None
+
+    while True:
+        chunk = client.recv(8192)
+        if not chunk:
+            print("connection closed before turn_end", file=sys.stderr)
+            sys.exit(1)
+        buf += chunk
+
+        while b"\n" in buf:
+            line, buf = buf.split(b"\n", 1)
+            line = line.strip()
+            if not line:
+                continue
+
+            try:
+                msg = json.loads(line.decode("utf-8", errors="replace"))
+            except json.JSONDecodeError:
+                continue
+
+            if msg.get("type") == "response":
+                cmd = msg.get("command", "")
+                if cmd == "send":
+                    if not msg.get("success", False):
+                        print(f"send failed: {msg.get('error', 'unknown')}", file=sys.stderr)
+                        sys.exit(1)
+                    send_response = msg
+                # Ignore subscribe response
+                continue
+
+            if msg.get("type") == "event" and msg.get("event") == "turn_end":
+                if send_response is None:
+                    print("received turn_end before send response", file=sys.stderr)
+                    sys.exit(1)
+                data = msg.get("data", {})
+                assistant_msg = data.get("message", {})
+                content = assistant_msg.get("content", "")
+                if not content:
+                    print("turn completed but no assistant content", file=sys.stderr)
+                    sys.exit(1)
+                print(content)
+                sys.exit(0)
+
+    print("stream ended without turn_end event", file=sys.stderr)
+    sys.exit(1)
+except socket.timeout:
+    print("timeout waiting for inference response", file=sys.stderr)
+    sys.exit(1)
+finally:
+    client.close()
+PY
+}
+
+inject_api_key() {
+  # If a real API key is available in the environment, inject it into the
+  # agent's .env so the runtime can authenticate with the provider.
+  if [[ -n "${CI_ANTHROPIC_API_KEY:-}" ]]; then
+    log "injecting CI API key into agent .env"
+    sed -i "s|^ANTHROPIC_API_KEY=.*|ANTHROPIC_API_KEY=${CI_ANTHROPIC_API_KEY}|" "$AGENT_ENV"
+  elif grep -q "ANTHROPIC_API_KEY=sk-ant-testkey" "$AGENT_ENV" 2>/dev/null; then
+    log "WARNING: agent .env has dummy API key; inference will likely fail"
+    log "  set CI_ANTHROPIC_API_KEY to provide a real key"
+  fi
+}
+
+main() {
+  inject_api_key
+
+  log "starting baudbot"
+  sudo baudbot start
+  started=1
+
+  log "waiting for control-agent socket"
+  local socket_path=""
+  if ! socket_path="$(wait_for_control_socket)"; then
+    log "control-agent socket did not become ready within ${START_TIMEOUT_SECONDS}s"
+    dump_diagnostics
+    return 1
+  fi
+  log "control socket ready: ${socket_path}"
+
+  log "sending inference prompt (timeout ${INFERENCE_TIMEOUT_SECONDS}s)"
+  local response=""
+  if ! response="$(rpc_send_wait_turn_end "$socket_path" \
+    "Reply with exactly: ${EXPECTED_TOKEN}" \
+    "$INFERENCE_TIMEOUT_SECONDS")"; then
+    log "inference failed"
+    dump_diagnostics
+    return 1
+  fi
+
+  # Validate response contains expected token
+  if [[ "$response" == *"$EXPECTED_TOKEN"* ]]; then
+    log "inference response contains expected token"
+  else
+    log "unexpected response (missing '${EXPECTED_TOKEN}'):"
+    log "  ${response:0:500}"
+    dump_diagnostics
+    return 1
+  fi
+
+  log "stopping baudbot"
+  sudo baudbot stop
+  started=0
+
+  log "inference smoke passed"
+}
+
+main "$@"

From e3e32423080a15bfefea8e7eb75fe8a006fe223e Mon Sep 17 00:00:00 2001
From: Ben Vinegar <ben@benv.ca>
Date: Mon, 23 Feb 2026 22:16:27 -0500
Subject: [PATCH 5/5] ci: run inference smoke on every PR with haiku
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Remove gating flags — inference smoke runs unconditionally.
- Use anthropic/claude-haiku via BAUDBOT_MODEL override (cheap).
- Add BAUDBOT_MODEL to .env.schema and start.sh model selection.
- Pass CI_ANTHROPIC_API_KEY in integration.yml for every PR run.
- Remove nightly.yml (redundant now that inference runs on all PRs).
---
 .env.schema                       |  4 ++
 .github/workflows/integration.yml |  3 +-
 .github/workflows/nightly.yml     | 90 -------------------------------
 bin/ci/setup-arch.sh              | 15 +-----
 bin/ci/setup-ubuntu.sh            | 15 +-----
 bin/ci/smoke-agent-inference.sh   | 35 ++++++------
 start.sh                          |  6 ++-
 7 files changed, 33 insertions(+), 135 deletions(-)
 delete mode 100644 .github/workflows/nightly.yml

diff --git a/.env.schema b/.env.schema
index 363d272..9a0680b 100644
--- a/.env.schema
+++ b/.env.schema
@@ -31,6 +31,10 @@ GEMINI_API_KEY=
 # @docs(https://opencode.ai)
 OPENCODE_ZEN_API_KEY=
 
+# Override auto-detected model (e.g. anthropic/claude-haiku for CI)
+# @sensitive=false @type=string
+BAUDBOT_MODEL=
+
 # ── Slack ────────────────────────────────────────────────────────────────────
 
 # Slack bot OAuth token (required for direct Socket Mode, optional in broker mode)
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index 7030aa3..ad0b37d 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -115,7 +115,8 @@ jobs:
           bash bin/ci/droplet.sh run \
             "${{ steps.droplet.outputs.DROPLET_IP }}" \
             ~/.ssh/ci_key \
-            "${{ matrix.setup_script }}"
+            "${{ matrix.setup_script }}" \
+            "CI_ANTHROPIC_API_KEY=${{ secrets.CI_ANTHROPIC_API_KEY }}"
 
       - name: Cleanup
         if: always()
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
deleted file mode 100644
index 11ee9f7..0000000
--- a/.github/workflows/nightly.yml
+++ /dev/null
@@ -1,90 +0,0 @@
-name: Nightly
-
-on:
-  schedule:
-    # 06:00 UTC daily (1 AM EST / 10 PM PST)
-    - cron: "0 6 * * *"
-  workflow_dispatch:
-    inputs:
-      inference_smoke:
-        description: "Run inference smoke test"
-        type: boolean
-        default: true
-
-concurrency:
-  group: nightly
-  cancel-in-progress: true
-
-jobs:
-  inference-smoke:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - distro: ubuntu
-            image: ubuntu-24-04-x64
-            setup_script: bin/ci/setup-ubuntu.sh
-          - distro: arch
-            image: "217410218"
-            setup_script: bin/ci/setup-arch.sh
-
-    name: ${{ matrix.distro }} (inference)
-    timeout-minutes: 15
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Generate ephemeral SSH key
-        run: |
-          mkdir -p ~/.ssh
-          ssh-keygen -t ed25519 -f ~/.ssh/ci_key -N "" -q
-
-      - name: Create droplet
-        id: droplet
-        env:
-          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
-        run: |
-          output=$(bash bin/ci/droplet.sh create \
-            "nightly-${{ matrix.distro }}-${{ github.run_id }}" \
-            "${{ matrix.image }}" \
-            ~/.ssh/ci_key.pub)
-          echo "$output" >> "$GITHUB_OUTPUT"
-          echo "$output"
-
-      - name: Wait for SSH
-        env:
-          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
-        run: |
-          bash bin/ci/droplet.sh wait-ssh \
-            "${{ steps.droplet.outputs.DROPLET_IP }}" \
-            ~/.ssh/ci_key
-
-      - name: Upload source
-        run: |
-          tar czf /tmp/baudbot-src.tar.gz \
-            --exclude=node_modules --exclude=.git .
-          scp -o StrictHostKeyChecking=no -o BatchMode=yes \
-            -i ~/.ssh/ci_key \
-            /tmp/baudbot-src.tar.gz \
-            "root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/baudbot-src.tar.gz"
-
-      - name: Setup and test (with inference smoke)
-        run: |
-          bash bin/ci/droplet.sh run \
-            "${{ steps.droplet.outputs.DROPLET_IP }}" \
-            ~/.ssh/ci_key \
-            "${{ matrix.setup_script }}" \
-            "BAUDBOT_CI_INFERENCE_SMOKE=1" \
-            "BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL=1" \
-            "CI_ANTHROPIC_API_KEY=${{ secrets.CI_ANTHROPIC_API_KEY }}"
-
-      - name: Cleanup
-        if: always()
-        env:
-          DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
-        run: |
-          bash bin/ci/droplet.sh destroy \
-            "${{ steps.droplet.outputs.DROPLET_ID }}" \
-            "${{ steps.droplet.outputs.SSH_KEY_ID }}" \
-            "nightly-${{ matrix.distro }}-${{ github.run_id }}"
diff --git a/bin/ci/setup-arch.sh b/bin/ci/setup-arch.sh
index 6b66f3c..6d8fc2f 100755
--- a/bin/ci/setup-arch.sh
+++ b/bin/ci/setup-arch.sh
@@ -70,19 +70,8 @@ bash /home/baudbot_admin/baudbot/bin/ci/smoke-cli.sh
 echo "=== Running runtime smoke checks ==="
 bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-runtime.sh
 
-if [[ "${BAUDBOT_CI_INFERENCE_SMOKE:-}" == "1" ]]; then
-  echo "=== Running inference smoke check ==="
-  if bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh; then
-    echo "  ✓ inference smoke passed"
-  elif [[ "${BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL:-}" == "1" ]]; then
-    echo "  ⚠ inference smoke failed (optional — continuing)"
-  else
-    echo "  ✗ inference smoke failed"
-    exit 1
-  fi
-else
-  echo "=== Inference smoke check skipped (set BAUDBOT_CI_INFERENCE_SMOKE=1 to enable) ==="
-fi
+echo "=== Running inference smoke check ==="
+bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh
 
 echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
diff --git a/bin/ci/setup-ubuntu.sh b/bin/ci/setup-ubuntu.sh
index 7db05da..25a7f50 100755
--- a/bin/ci/setup-ubuntu.sh
+++ b/bin/ci/setup-ubuntu.sh
@@ -108,19 +108,8 @@ bash /home/baudbot_admin/baudbot/bin/ci/smoke-cli.sh
 echo "=== Running runtime smoke checks ==="
 bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-runtime.sh
 
-if [[ "${BAUDBOT_CI_INFERENCE_SMOKE:-}" == "1" ]]; then
-  echo "=== Running inference smoke check ==="
-  if bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh; then
-    echo "  ✓ inference smoke passed"
-  elif [[ "${BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL:-}" == "1" ]]; then
-    echo "  ⚠ inference smoke failed (optional — continuing)"
-  else
-    echo "  ✗ inference smoke failed"
-    exit 1
-  fi
-else
-  echo "=== Inference smoke check skipped (set BAUDBOT_CI_INFERENCE_SMOKE=1 to enable) ==="
-fi
+echo "=== Running inference smoke check ==="
+bash /home/baudbot_admin/baudbot/bin/ci/smoke-agent-inference.sh
 
 echo "=== Installing test dependencies ==="
 export PATH="/home/baudbot_agent/opt/node/bin:$PATH"
diff --git a/bin/ci/smoke-agent-inference.sh b/bin/ci/smoke-agent-inference.sh
index 4875f2e..b8b5a04 100755
--- a/bin/ci/smoke-agent-inference.sh
+++ b/bin/ci/smoke-agent-inference.sh
@@ -1,13 +1,11 @@
 #!/usr/bin/env bash
-# Gated inference smoke-test for baudbot.
+# Inference smoke-test for baudbot.
 #
 # Verifies that the control-agent can complete at least one real LLM turn
-# end-to-end via session-control RPC. Default OFF for PR CI; enabled by
-# setting BAUDBOT_CI_INFERENCE_SMOKE=1.
+# end-to-end via session-control RPC.
 #
-# Optional fail-open mode: BAUDBOT_CI_INFERENCE_SMOKE_OPTIONAL=1 logs failure
-# as a warning instead of failing the build (useful for non-nightly runs where
-# flaky provider errors shouldn't block merges).
+# Requires CI_ANTHROPIC_API_KEY in the environment (injected into the
+# agent's .env before starting baudbot).
 #
 # Expects baudbot to be already installed and stoppable via `sudo baudbot`.
 
@@ -149,20 +147,25 @@ finally:
 PY
 }
 
-inject_api_key() {
-  # If a real API key is available in the environment, inject it into the
-  # agent's .env so the runtime can authenticate with the provider.
-  if [[ -n "${CI_ANTHROPIC_API_KEY:-}" ]]; then
-    log "injecting CI API key into agent .env"
-    sed -i "s|^ANTHROPIC_API_KEY=.*|ANTHROPIC_API_KEY=${CI_ANTHROPIC_API_KEY}|" "$AGENT_ENV"
-  elif grep -q "ANTHROPIC_API_KEY=sk-ant-testkey" "$AGENT_ENV" 2>/dev/null; then
-    log "WARNING: agent .env has dummy API key; inference will likely fail"
-    log "  set CI_ANTHROPIC_API_KEY to provide a real key"
+readonly CI_MODEL="anthropic/claude-haiku"
+
+inject_ci_config() {
+  if [[ -z "${CI_ANTHROPIC_API_KEY:-}" ]]; then
+    log "ERROR: CI_ANTHROPIC_API_KEY is not set"
+    return 1
+  fi
+  log "injecting CI API key and model override into agent .env"
+  sed -i "s|^ANTHROPIC_API_KEY=.*|ANTHROPIC_API_KEY=${CI_ANTHROPIC_API_KEY}|" "$AGENT_ENV"
+  # Use a cheap model for the smoke test — no need to burn Sonnet/Opus tokens.
+  if grep -q "^BAUDBOT_MODEL=" "$AGENT_ENV" 2>/dev/null; then
+    sed -i "s|^BAUDBOT_MODEL=.*|BAUDBOT_MODEL=${CI_MODEL}|" "$AGENT_ENV"
+  else
+    echo "BAUDBOT_MODEL=${CI_MODEL}" >> "$AGENT_ENV"
   fi
 }
 
 main() {
-  inject_api_key
+  inject_ci_config
 
   log "starting baudbot"
   sudo baudbot start
diff --git a/start.sh b/start.sh
index a87b8ad..5be6e65 100755
--- a/start.sh
+++ b/start.sh
@@ -136,8 +136,10 @@ fi
 # Set session name (read by auto-name.ts extension)
 export PI_SESSION_NAME="control-agent"
 
-# Pick model based on available API keys (first match wins)
-if [ -n "${ANTHROPIC_API_KEY:-}" ]; then
+# Pick model: explicit override or auto-detect from API keys (first match wins)
+if [ -n "${BAUDBOT_MODEL:-}" ]; then
+  MODEL="$BAUDBOT_MODEL"
+elif [ -n "${ANTHROPIC_API_KEY:-}" ]; then
   MODEL="anthropic/claude-opus-4-6"
 elif [ -n "${OPENAI_API_KEY:-}" ]; then
   MODEL="openai/gpt-5.2-codex"