From ab41a743de47249d54368762ce80044f891e7808 Mon Sep 17 00:00:00 2001
From: Mark Kreyman <mark@kreyman.com>
Date: Mon, 13 Apr 2026 07:59:58 -0600
Subject: [PATCH] Fix dispatch 500: add action_fallback + audit key routes to
 discovery

The dispatch controller was missing action_fallback, causing changeset
errors (like FK violations on non-existent agent_id) to crash with
RuntimeError instead of returning 422 via the fallback controller.

Also added rotate-audit-key, bootstrap-audit-key, and audit_public_key
to the route discovery list (previously missing from GET /api/v1/routes).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../controllers/dispatch_controller.ex            |  2 ++
 .../controllers/route_discovery_controller.ex     | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/lib/loopctl_web/controllers/dispatch_controller.ex b/lib/loopctl_web/controllers/dispatch_controller.ex
index 272a96a..418547b 100644
--- a/lib/loopctl_web/controllers/dispatch_controller.ex
+++ b/lib/loopctl_web/controllers/dispatch_controller.ex
@@ -7,6 +7,8 @@ defmodule LoopctlWeb.DispatchController do
 
   alias Loopctl.Dispatches
 
+  action_fallback LoopctlWeb.FallbackController
+
   plug LoopctlWeb.Plugs.RequireRole, [role: :orchestrator] when action in [:create]
   plug LoopctlWeb.Plugs.RequireRole, [role: :agent] when action in [:show, :index]
 
diff --git a/lib/loopctl_web/controllers/route_discovery_controller.ex b/lib/loopctl_web/controllers/route_discovery_controller.ex
index 758139b..c6a3f62 100644
--- a/lib/loopctl_web/controllers/route_discovery_controller.ex
+++ b/lib/loopctl_web/controllers/route_discovery_controller.ex
@@ -21,6 +21,21 @@ defmodule LoopctlWeb.RouteDiscoveryController do
         path: "/api/v1/tenants/me",
         description: "Update current tenant (settings.knowledge_auto_extract, etc.)"
       },
+      %{
+        method: "POST",
+        path: "/api/v1/tenants/:id/rotate-audit-key",
+        description: "Rotate tenant audit signing keypair (requires WebAuthn)"
+      },
+      %{
+        method: "POST",
+        path: "/api/v1/tenants/:id/bootstrap-audit-key",
+        description: "Generate initial audit keypair for legacy tenants (user role + ownership)"
+      },
+      %{
+        method: "GET",
+        path: "/api/v1/tenants/:id/audit_public_key",
+        description: "Public endpoint — tenant Ed25519 audit signing public key (PEM or JWK)"
+      },
 
       # API key management
       %{