diff --git a/crates/miroir-core/src/anti_entropy.rs b/crates/miroir-core/src/anti_entropy.rs
index dc472de..92fb4ab 100644
--- a/crates/miroir-core/src/anti_entropy.rs
+++ b/crates/miroir-core/src/anti_entropy.rs
@@ -18,6 +18,7 @@
 use crate::cdc::ORIGIN_ANTIENTROPY;
 use crate::error::{MiroirError, Result};
 use crate::migration::{MigrationConfig, MigrationError};
+#[cfg(feature = "peer-discovery")]
 use crate::mode_a_coordinator::ModeACoordinator;
 use crate::router::assign_shard_in_group;
 use crate::scatter::{FetchDocumentsRequest, FetchDocumentsResponse, NodeClient, WriteRequest};
@@ -163,6 +164,7 @@ pub struct AntiEntropyReconciler<C: NodeClient> {
     /// Metrics callback.
     metrics_callback: Option<AntiEntropyMetricsCallback>,
     /// Mode A coordinator for shard-partitioned ownership (plan §14.5).
+    #[cfg(feature = "peer-discovery")]
     mode_a_coordinator: Option<Arc<ModeACoordinator>>,
 }
 
@@ -180,6 +182,7 @@ impl<C: NodeClient> AntiEntropyReconciler<C> {
             current_pass: Arc::new(RwLock::new(None)),
             node_client,
             metrics_callback: None,
+            #[cfg(feature = "peer-discovery")]
             mode_a_coordinator: None,
         }
     }
@@ -192,6 +195,7 @@ impl<C: NodeClient> AntiEntropyReconciler<C> {
     /// # Parameters
     ///
     /// - `coordinator`: Mode A coordinator that determines shard ownership
+    #[cfg(feature = "peer-discovery")]
     pub fn with_mode_a(mut self, coordinator: Arc<ModeACoordinator>) -> Self {
         self.mode_a_coordinator = Some(coordinator);
         self
@@ -556,35 +560,53 @@ impl<C: NodeClient> AntiEntropyReconciler<C> {
 
         // Determine which shards to scan
         let all_shards: Vec<u32> = (0..shard_count).collect();
-        let shards_to_scan = if let Some(ref coordinator) = self.mode_a_coordinator {
-            // Mode A scaling: filter to rendezvous-owned shards (plan §14.5)
-            // Uses rendezvous hashing: owns(s, p) = p == top1_by_score(hash(s || pid) for pid in peers)
-            let mut owned = Vec::new();
-            for shard_id in all_shards {
-                let shard_str = shard_id.to_string();
-                match coordinator.owns_shard(&shard_str).await {
-                    Ok(true) => owned.push(shard_id),
-                    Ok(false) => continue, // Not owned by this pod
-                    Err(e) => {
-                        warn!(
-                            shard_id,
-                            error = %e,
-                            "Failed to check shard ownership, skipping"
-                        );
-                        continue;
+        let shards_to_scan = {
+            #[cfg(feature = "peer-discovery")]
+            {
+                if let Some(ref coordinator) = self.mode_a_coordinator {
+                    // Mode A scaling: filter to rendezvous-owned shards (plan §14.5)
+                    // Uses rendezvous hashing: owns(s, p) = p == top1_by_score(hash(s || pid) for pid in peers)
+                    let mut owned = Vec::new();
+                    for shard_id in all_shards {
+                        let shard_str = shard_id.to_string();
+                        match coordinator.owns_shard(&shard_str).await {
+                            Ok(true) => owned.push(shard_id),
+                            Ok(false) => continue, // Not owned by this pod
+                            Err(e) => {
+                                warn!(
+                                    shard_id,
+                                    error = %e,
+                                    "Failed to check shard ownership, skipping"
+                                );
+                                continue;
+                            }
+                        }
                     }
+                    owned
+                } else if self.config.shards_per_pass == 0 {
+                    // Scan all shards (single-pod deployment or Mode A disabled)
+                    all_shards
+                } else {
+                    // Scan a subset (for throttling)
+                    all_shards
+                        .into_iter()
+                        .take(self.config.shards_per_pass as usize)
+                        .collect()
+                }
+            }
+            #[cfg(not(feature = "peer-discovery"))]
+            {
+                if self.config.shards_per_pass == 0 {
+                    // Scan all shards
+                    all_shards
+                } else {
+                    // Scan a subset (for throttling)
+                    all_shards
+                        .into_iter()
+                        .take(self.config.shards_per_pass as usize)
+                        .collect()
                 }
             }
-            owned
-        } else if self.config.shards_per_pass == 0 {
-            // Scan all shards (single-pod deployment or Mode A disabled)
-            all_shards
-        } else {
-            // Scan a subset (for throttling)
-            all_shards
-                .into_iter()
-                .take(self.config.shards_per_pass as usize)
-                .collect()
         };
 
         info!(
diff --git a/crates/miroir-core/src/canary.rs b/crates/miroir-core/src/canary.rs
index d95f722..aeebb7b 100644
--- a/crates/miroir-core/src/canary.rs
+++ b/crates/miroir-core/src/canary.rs
@@ -4,9 +4,10 @@
 //! Each canary ID is rendezvous-owned by exactly one pod per interval, ensuring
 //! no duplicate canary runs across the cluster.
 
+#[cfg(feature = "peer-discovery")]
+use crate::mode_a_coordinator::ModeACoordinator;
 use crate::{
     error::{MiroirError, Result},
-    mode_a_coordinator::ModeACoordinator,
     task_store::{CanaryRow, NewCanary, NewCanaryRun, TaskStore},
 };
 use serde::{Deserialize, Serialize};
@@ -119,6 +120,7 @@ pub struct CanaryRunner {
     metrics_emitter: MetricsEmitter,
     settings_version_checker: SettingsVersionChecker,
     /// Mode A coordinator for partitioning canary execution (plan §14.5).
+    #[cfg(feature = "peer-discovery")]
     mode_a_coordinator: Option<Arc<ModeACoordinator>>,
 }
 
@@ -139,6 +141,7 @@ impl CanaryRunner {
             search_executor,
             metrics_emitter,
             settings_version_checker,
+            #[cfg(feature = "peer-discovery")]
             mode_a_coordinator: None,
         }
     }
@@ -147,6 +150,7 @@ impl CanaryRunner {
     ///
     /// When enabled, each pod only runs canaries where it wins the rendezvous
     /// score for the canary ID: `top1_by_score(hash(canary_id || pid) for pid in peers)`.
+    #[cfg(feature = "peer-discovery")]
     pub fn with_mode_a(mut self, coordinator: Arc<ModeACoordinator>) -> Self {
         self.mode_a_coordinator = Some(coordinator);
         self
@@ -177,6 +181,7 @@ impl CanaryRunner {
             }
 
             // Mode A coordination: only run canaries owned by this pod
+            #[cfg(feature = "peer-discovery")]
             if let Some(ref coordinator) = self.mode_a_coordinator {
                 let owns_canary = coordinator.owns_task(&canary.id).await.unwrap_or(true); // Default to true if no coordinator
                 if !owns_canary {
@@ -471,6 +476,7 @@ impl CanaryRunner {
             search_executor: self.search_executor.clone(),
             metrics_emitter: self.metrics_emitter.clone(),
             settings_version_checker: self.settings_version_checker.clone(),
+            #[cfg(feature = "peer-discovery")]
             mode_a_coordinator: self.mode_a_coordinator.clone(),
         }
     }
diff --git a/crates/miroir-core/src/cdc.rs b/crates/miroir-core/src/cdc.rs
index d3e748c..ec0a607 100644
--- a/crates/miroir-core/src/cdc.rs
+++ b/crates/miroir-core/src/cdc.rs
@@ -211,7 +211,12 @@ impl CdcInternalQueue {
     }
 
     /// Persist a cursor for a sink/index combination.
-    pub async fn persist_cursor(&self, sink_name: &str, index: &str, seq: u64) -> Result<(), CdcError> {
+    pub async fn persist_cursor(
+        &self,
+        sink_name: &str,
+        index: &str,
+        seq: u64,
+    ) -> Result<(), CdcError> {
         if let Some(ref store) = self.task_store {
             let cursor = NewCdcCursor {
                 sink_name: sink_name.to_string(),
@@ -1017,8 +1022,15 @@ impl CdcManager {
     }
 
     /// Persist a cursor for a sink/index combination.
-    pub async fn persist_cursor(&self, sink_name: &str, index: &str, seq: u64) -> Result<(), CdcError> {
-        self.internal_queue.persist_cursor(sink_name, index, seq).await
+    pub async fn persist_cursor(
+        &self,
+        sink_name: &str,
+        index: &str,
+        seq: u64,
+    ) -> Result<(), CdcError> {
+        self.internal_queue
+            .persist_cursor(sink_name, index, seq)
+            .await
     }
 
     /// Get the persisted cursor for a sink/index combination.
@@ -1261,7 +1273,7 @@ mod tests {
             enabled: true,
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, None, None);
+        let manager = CdcManager::with_metrics(config, None, None, None);
 
         let event = CdcEvent {
             mtask_id: "mtask-123".into(),
@@ -1287,7 +1299,7 @@ mod tests {
             emit_internal_writes: false,
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, None, None);
+        let manager = CdcManager::with_metrics(config, None, None, None);
 
         // Internal write should be suppressed
         let event = CdcEvent {
@@ -1330,7 +1342,7 @@ mod tests {
             emit_internal_writes: false,
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, Some(callback), None);
+        let manager = CdcManager::with_metrics(config, Some(callback), None, None);
 
         let event = CdcEvent {
             mtask_id: "mtask-123".into(),
@@ -1367,7 +1379,7 @@ mod tests {
             emit_ttl_deletes: false,
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, Some(callback), None);
+        let manager = CdcManager::with_metrics(config, Some(callback), None, None);
 
         // Test all suppressible origins
         let origins = vec!["antientropy", "reshard_backfill", "rollover", "ttl_expire"];
@@ -1411,7 +1423,7 @@ mod tests {
             emit_internal_writes: true, // Enable internal writes
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, Some(callback), None);
+        let manager = CdcManager::with_metrics(config, Some(callback), None, None);
 
         let event = CdcEvent {
             mtask_id: "mtask-123".into(),
@@ -1449,7 +1461,7 @@ mod tests {
             emit_ttl_deletes: false,
             ..Default::default()
         };
-        let manager = CdcManager::with_metrics(config, Some(callback), None);
+        let manager = CdcManager::with_metrics(config, Some(callback), None, None);
 
         // Client write has no origin tag
         let event = CdcEvent {
diff --git a/crates/miroir-core/src/rebalancer.rs b/crates/miroir-core/src/rebalancer.rs
index cb345ec..cf9451f 100644
--- a/crates/miroir-core/src/rebalancer.rs
+++ b/crates/miroir-core/src/rebalancer.rs
@@ -1064,19 +1064,20 @@ impl Rebalancer {
         // Step 1: Mark group as draining (queries stop routing immediately)
         {
             let mut topo = self.topology.write().await;
-            let group = topo.group_mut(request.group_id);
 
-            let Some(grp) = group else {
-                return Err(RebalancerError::GroupNotFound(request.group_id));
-            };
-
-            // Check if this is the last group
+            // Check if this is the last group (before getting mutable reference to group)
             if topo.groups().count() <= 1 {
                 return Err(RebalancerError::InvalidState(
                     "cannot remove the last replica group".into(),
                 ));
             }
 
+            let group = topo.group_mut(request.group_id);
+
+            let Some(grp) = group else {
+                return Err(RebalancerError::GroupNotFound(request.group_id));
+            };
+
             // Check if group is already draining
             if grp.is_draining() {
                 // Group is already draining, proceed to removal if force=true
diff --git a/crates/miroir-core/src/task.rs b/crates/miroir-core/src/task.rs
index 194d98e..1b376c9 100644
--- a/crates/miroir-core/src/task.rs
+++ b/crates/miroir-core/src/task.rs
@@ -239,127 +239,3 @@ mod tests {
         assert!(tasks.is_empty());
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_stub_task_registry_register() {
-        let registry = StubTaskRegistry;
-        let mut node_tasks = HashMap::new();
-        node_tasks.insert("node1".to_string(), 123);
-
-        let task = registry.register(node_tasks).unwrap();
-        assert!(!task.miroir_id.is_empty());
-        assert_eq!(task.status, TaskStatus::Enqueued);
-        assert!(task.node_tasks.is_empty());
-        assert!(task.error.is_none());
-    }
-
-    #[test]
-    fn test_stub_task_registry_get() {
-        let registry = StubTaskRegistry;
-        let result = registry.get("test-id").unwrap();
-        assert!(result.is_none());
-    }
-
-    #[test]
-    fn test_stub_task_registry_update_status() {
-        let registry = StubTaskRegistry;
-        let result = registry.update_status("test-id", TaskStatus::Succeeded);
-        assert!(result.is_ok());
-    }
-
-    #[test]
-    fn test_stub_task_registry_update_node_task() {
-        let registry = StubTaskRegistry;
-        let result = registry.update_node_task("test-id", "node1", NodeTaskStatus::Succeeded);
-        assert!(result.is_ok());
-    }
-
-    #[test]
-    fn test_stub_task_registry_list() {
-        let registry = StubTaskRegistry;
-        let filter = TaskFilter::default();
-        let result = registry.list(filter).unwrap();
-        assert!(result.is_empty());
-    }
-
-    #[test]
-    fn test_task_status_equality() {
-        assert_eq!(TaskStatus::Enqueued, TaskStatus::Enqueued);
-        assert_ne!(TaskStatus::Enqueued, TaskStatus::Processing);
-        assert_ne!(TaskStatus::Succeeded, TaskStatus::Failed);
-    }
-
-    #[test]
-    fn test_node_task_status_equality() {
-        assert_eq!(NodeTaskStatus::Enqueued, NodeTaskStatus::Enqueued);
-        assert_ne!(NodeTaskStatus::Processing, NodeTaskStatus::Succeeded);
-        assert_ne!(NodeTaskStatus::Failed, NodeTaskStatus::Succeeded);
-    }
-
-    #[test]
-    fn test_task_filter_default() {
-        let filter = TaskFilter::default();
-        assert!(filter.status.is_none());
-        assert!(filter.node_id.is_none());
-        assert!(filter.limit.is_none());
-        assert!(filter.offset.is_none());
-    }
-
-    #[test]
-    fn test_task_filter_with_fields() {
-        let filter = TaskFilter {
-            status: Some(TaskStatus::Processing),
-            node_id: Some("node1".to_string()),
-            limit: Some(10),
-            offset: Some(5),
-        };
-        assert_eq!(filter.status, Some(TaskStatus::Processing));
-        assert_eq!(filter.node_id, Some("node1".to_string()));
-        assert_eq!(filter.limit, Some(10));
-        assert_eq!(filter.offset, Some(5));
-    }
-
-    #[test]
-    fn test_miroir_task_creation() {
-        let mut node_tasks = HashMap::new();
-        node_tasks.insert(
-            "node1".to_string(),
-            NodeTask {
-                task_uid: 123,
-                status: NodeTaskStatus::Enqueued,
-            },
-        );
-
-        let task = MiroirTask {
-            miroir_id: "test-id".to_string(),
-            created_at: 1234567890,
-            status: TaskStatus::Processing,
-            node_tasks,
-            error: None,
-        };
-
-        assert_eq!(task.miroir_id, "test-id");
-        assert_eq!(task.created_at, 1234567890);
-        assert_eq!(task.status, TaskStatus::Processing);
-        assert_eq!(task.node_tasks.len(), 1);
-        assert!(task.error.is_none());
-    }
-
-    #[test]
-    fn test_miroir_task_with_error() {
-        let task = MiroirTask {
-            miroir_id: "failed-task".to_string(),
-            created_at: 0,
-            status: TaskStatus::Failed,
-            node_tasks: HashMap::new(),
-            error: Some("Something went wrong".to_string()),
-        };
-
-        assert_eq!(task.status, TaskStatus::Failed);
-        assert_eq!(task.error, Some("Something went wrong".to_string()));
-    }
-}
diff --git a/crates/miroir-core/src/task_store/mod.rs b/crates/miroir-core/src/task_store/mod.rs
index aa3941a..4ac4c4c 100644
--- a/crates/miroir-core/src/task_store/mod.rs
+++ b/crates/miroir-core/src/task_store/mod.rs
@@ -1,17 +1,6 @@
-//! Task store: unified persistence layer for Miroir (plan §4).
-//!
-//! This module provides a trait-based abstraction over two backends:
-//! - SQLite: single-replica, file-based persistence
-//! - Redis: multi-replica, distributed persistence
-//!
-//! Every table in plan §4 is represented here, enabling cross-cutting features
-//! like §13 advanced capabilities and §14 HA mode.
-
 #[cfg(feature = "redis-store")]
 mod redis;
 mod sqlite;
-pub mod error;
-pub mod schema;
 
 #[cfg(feature = "redis-store")]
 pub use redis::{RedisPool, RedisTaskStore, SearchUiScopedKey};
@@ -20,41 +9,40 @@ pub use sqlite::SqliteTaskStore;
 use crate::Result;
 use std::collections::HashMap;
 
-/// Per-table store operations covering tables 1–15 from plan §4.
-#[async_trait::async_trait]
+/// Per-table store operations covering tables 1–14 from plan §4.
 pub trait TaskStore: Send + Sync {
     // --- Lifecycle ---
 
     /// Run idempotent migrations for all tables. Safe to call on every startup.
-    async fn migrate(&self) -> Result<()>;
+    fn migrate(&self) -> Result<()>;
 
     // --- Table 1: tasks ---
 
     /// Insert a new task row.
-    async fn insert_task(&self, task: &NewTask) -> Result<()>;
+    fn insert_task(&self, task: &NewTask) -> Result<()>;
 
     /// Get a task by miroir_id.
-    async fn get_task(&self, miroir_id: &str) -> Result<Option<TaskRow>>;
+    fn get_task(&self, miroir_id: &str) -> Result<Option<TaskRow>>;
 
     /// Update a task's status.
-    async fn update_task_status(&self, miroir_id: &str, status: &str) -> Result<bool>;
+    fn update_task_status(&self, miroir_id: &str, status: &str) -> Result<bool>;
 
     /// Update a node task within a task's node_tasks JSON.
-    async fn update_node_task(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<bool>;
+    fn update_node_task(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<bool>;
 
     /// Set the error field on a task.
-    async fn set_task_error(&self, miroir_id: &str, error: &str) -> Result<bool>;
+    fn set_task_error(&self, miroir_id: &str, error: &str) -> Result<bool>;
 
     /// List tasks with optional status filter and pagination.
-    async fn list_tasks(&self, filter: &TaskFilter) -> Result<Vec<TaskRow>>;
+    fn list_tasks(&self, filter: &TaskFilter) -> Result<Vec<TaskRow>>;
 
     /// Prune terminal tasks older than `cutoff_ms` (created_at < cutoff_ms
     /// AND status IN (succeeded, failed, canceled)). Returns number deleted.
     /// Limited to `batch_size` rows per call.
-    async fn prune_tasks(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize>;
+    fn prune_tasks(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize>;
 
     /// List terminal tasks older than `cutoff_ms` with pagination (Mode A support).
-    async fn list_terminal_tasks_batch(
+    fn list_terminal_tasks_batch(
         &self,
         cutoff_ms: i64,
         offset: i64,
@@ -62,15 +50,15 @@ pub trait TaskStore: Send + Sync {
     ) -> Result<Vec<TaskRow>>;
 
     /// Delete tasks by miroir_id in a batch (Mode A support).
-    async fn delete_tasks_batch(&self, miroir_ids: &[&str]) -> Result<usize>;
+    fn delete_tasks_batch(&self, miroir_ids: &[&str]) -> Result<usize>;
 
     /// Count total rows in the tasks table (for the miroir_task_registry_size gauge).
-    async fn task_count(&self) -> Result<u64>;
+    fn task_count(&self) -> Result<u64>;
 
     // --- Table 2: node_settings_version ---
 
     /// Upsert a settings version for (index_uid, node_id).
-    async fn upsert_node_settings_version(
+    fn upsert_node_settings_version(
         &self,
         index_uid: &str,
         node_id: &str,
@@ -79,7 +67,7 @@ pub trait TaskStore: Send + Sync {
     ) -> Result<()>;
 
     /// Get the settings version for (index_uid, node_id).
-    async fn get_node_settings_version(
+    fn get_node_settings_version(
         &self,
         index_uid: &str,
         node_id: &str,
@@ -88,79 +76,79 @@ pub trait TaskStore: Send + Sync {
     // --- Table 3: aliases ---
 
     /// Create a new alias.
-    async fn create_alias(&self, alias: &NewAlias) -> Result<()>;
+    fn create_alias(&self, alias: &NewAlias) -> Result<()>;
 
     /// Get an alias by name.
-    async fn get_alias(&self, name: &str) -> Result<Option<AliasRow>>;
+    fn get_alias(&self, name: &str) -> Result<Option<AliasRow>>;
 
     /// Flip a single alias to a new current_uid, recording history.
-    async fn flip_alias(&self, name: &str, new_uid: &str, history_retention: usize) -> Result<bool>;
+    fn flip_alias(&self, name: &str, new_uid: &str, history_retention: usize) -> Result<bool>;
 
     /// Delete an alias.
-    async fn delete_alias(&self, name: &str) -> Result<bool>;
+    fn delete_alias(&self, name: &str) -> Result<bool>;
 
     /// List all aliases.
-    async fn list_aliases(&self) -> Result<Vec<AliasRow>>;
+    fn list_aliases(&self) -> Result<Vec<AliasRow>>;
 
     // --- Table 4: sessions ---
 
     /// Create or replace a session.
-    async fn upsert_session(&self, session: &SessionRow) -> Result<()>;
+    fn upsert_session(&self, session: &SessionRow) -> Result<()>;
 
     /// Get a session by id.
-    async fn get_session(&self, session_id: &str) -> Result<Option<SessionRow>>;
+    fn get_session(&self, session_id: &str) -> Result<Option<SessionRow>>;
 
     /// Delete expired sessions.
-    async fn delete_expired_sessions(&self, now_ms: i64) -> Result<usize>;
+    fn delete_expired_sessions(&self, now_ms: i64) -> Result<usize>;
 
     // --- Table 5: idempotency_cache ---
 
     /// Insert an idempotency cache entry.
-    async fn insert_idempotency_entry(&self, entry: &IdempotencyEntry) -> Result<()>;
+    fn insert_idempotency_entry(&self, entry: &IdempotencyEntry) -> Result<()>;
 
     /// Look up an idempotency entry by key.
-    async fn get_idempotency_entry(&self, key: &str) -> Result<Option<IdempotencyEntry>>;
+    fn get_idempotency_entry(&self, key: &str) -> Result<Option<IdempotencyEntry>>;
 
     /// Delete expired entries.
-    async fn delete_expired_idempotency_entries(&self, now_ms: i64) -> Result<usize>;
+    fn delete_expired_idempotency_entries(&self, now_ms: i64) -> Result<usize>;
 
     // --- Table 6: jobs ---
 
     /// Insert a new job.
-    async fn insert_job(&self, job: &NewJob) -> Result<()>;
+    fn insert_job(&self, job: &NewJob) -> Result<()>;
 
     /// Get a job by id.
-    async fn get_job(&self, id: &str) -> Result<Option<JobRow>>;
+    fn get_job(&self, id: &str) -> Result<Option<JobRow>>;
 
     /// Claim a queued job (CAS: only if still queued).
-    async fn claim_job(&self, id: &str, claimed_by: &str, claim_expires_at: i64) -> Result<bool>;
+    fn claim_job(&self, id: &str, claimed_by: &str, claim_expires_at: i64) -> Result<bool>;
 
     /// Update job state and progress.
-    async fn update_job_progress(&self, id: &str, state: &str, progress: &str) -> Result<bool>;
+    fn update_job_progress(&self, id: &str, state: &str, progress: &str) -> Result<bool>;
 
     /// Renew a job claim (heartbeat).
-    async fn renew_job_claim(&self, id: &str, claim_expires_at: i64) -> Result<bool>;
+    fn renew_job_claim(&self, id: &str, claim_expires_at: i64) -> Result<bool>;
 
     /// List jobs by state.
-    async fn list_jobs_by_state(&self, state: &str) -> Result<Vec<JobRow>>;
+    fn list_jobs_by_state(&self, state: &str) -> Result<Vec<JobRow>>;
 
     /// Count jobs by state (for HPA queue depth metric).
-    async fn count_jobs_by_state(&self, state: &str) -> Result<u64>;
+    fn count_jobs_by_state(&self, state: &str) -> Result<u64>;
 
     /// List jobs with expired claims (for reclamation).
-    async fn list_expired_claims(&self, now_ms: i64) -> Result<Vec<JobRow>>;
+    fn list_expired_claims(&self, now_ms: i64) -> Result<Vec<JobRow>>;
 
     /// List all chunks for a parent job.
-    async fn list_jobs_by_parent(&self, parent_job_id: &str) -> Result<Vec<JobRow>>;
+    fn list_jobs_by_parent(&self, parent_job_id: &str) -> Result<Vec<JobRow>>;
 
     /// Reclaim an expired job claim (reset to queued and clear claim fields).
-    async fn reclaim_job_claim(&self, id: &str, state: &str, progress: &str) -> Result<bool>;
+    fn reclaim_job_claim(&self, id: &str, state: &str, progress: &str) -> Result<bool>;
 
     // --- Table 7: leader_lease ---
 
     /// Try to acquire a leader lease (CAS: only if expired or held by us).
     /// `now_ms` is the current time for expiry comparison.
-    async fn try_acquire_leader_lease(
+    fn try_acquire_leader_lease(
         &self,
         scope: &str,
         holder: &str,
@@ -169,113 +157,113 @@ pub trait TaskStore: Send + Sync {
     ) -> Result<bool>;
 
     /// Renew a leader lease we already hold.
-    async fn renew_leader_lease(&self, scope: &str, holder: &str, expires_at: i64) -> Result<bool>;
+    fn renew_leader_lease(&self, scope: &str, holder: &str, expires_at: i64) -> Result<bool>;
 
     /// Get current lease holder for a scope.
-    async fn get_leader_lease(&self, scope: &str) -> Result<Option<LeaderLeaseRow>>;
+    fn get_leader_lease(&self, scope: &str) -> Result<Option<LeaderLeaseRow>>;
 
     // --- Table 8: canaries ---
 
     /// Create or update a canary.
-    async fn upsert_canary(&self, canary: &NewCanary) -> Result<()>;
+    fn upsert_canary(&self, canary: &NewCanary) -> Result<()>;
 
     /// Get a canary by id.
-    async fn get_canary(&self, id: &str) -> Result<Option<CanaryRow>>;
+    fn get_canary(&self, id: &str) -> Result<Option<CanaryRow>>;
 
     /// List all canaries.
-    async fn list_canaries(&self) -> Result<Vec<CanaryRow>>;
+    fn list_canaries(&self) -> Result<Vec<CanaryRow>>;
 
     /// Delete a canary.
-    async fn delete_canary(&self, id: &str) -> Result<bool>;
+    fn delete_canary(&self, id: &str) -> Result<bool>;
 
     // --- Table 9: canary_runs ---
 
     /// Insert a canary run (auto-prunes to run_history_per_canary).
-    async fn insert_canary_run(&self, run: &NewCanaryRun, run_history_limit: usize) -> Result<()>;
+    fn insert_canary_run(&self, run: &NewCanaryRun, run_history_limit: usize) -> Result<()>;
 
     /// Get runs for a canary, most recent first.
-    async fn get_canary_runs(&self, canary_id: &str, limit: usize) -> Result<Vec<CanaryRunRow>>;
+    fn get_canary_runs(&self, canary_id: &str, limit: usize) -> Result<Vec<CanaryRunRow>>;
 
     // --- Table 10: cdc_cursors ---
 
     /// Upsert a CDC cursor for (sink_name, index_uid).
-    async fn upsert_cdc_cursor(&self, cursor: &NewCdcCursor) -> Result<()>;
+    fn upsert_cdc_cursor(&self, cursor: &NewCdcCursor) -> Result<()>;
 
     /// Get a CDC cursor by (sink_name, index_uid).
-    async fn get_cdc_cursor(&self, sink_name: &str, index_uid: &str) -> Result<Option<CdcCursorRow>>;
+    fn get_cdc_cursor(&self, sink_name: &str, index_uid: &str) -> Result<Option<CdcCursorRow>>;
 
     /// List all CDC cursors for a sink.
-    async fn list_cdc_cursors(&self, sink_name: &str) -> Result<Vec<CdcCursorRow>>;
+    fn list_cdc_cursors(&self, sink_name: &str) -> Result<Vec<CdcCursorRow>>;
 
     // --- Table 11: tenant_map ---
 
     /// Insert a tenant mapping.
-    async fn insert_tenant_mapping(&self, mapping: &NewTenantMapping) -> Result<()>;
+    fn insert_tenant_mapping(&self, mapping: &NewTenantMapping) -> Result<()>;
 
     /// Get tenant mapping by API key hash.
-    async fn get_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<Option<TenantMapRow>>;
+    fn get_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<Option<TenantMapRow>>;
 
     /// Delete a tenant mapping.
-    async fn delete_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<bool>;
+    fn delete_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<bool>;
 
     // --- Table 12: rollover_policies ---
 
     /// Create or update a rollover policy.
-    async fn upsert_rollover_policy(&self, policy: &NewRolloverPolicy) -> Result<()>;
+    fn upsert_rollover_policy(&self, policy: &NewRolloverPolicy) -> Result<()>;
 
     /// Get a rollover policy by name.
-    async fn get_rollover_policy(&self, name: &str) -> Result<Option<RolloverPolicyRow>>;
+    fn get_rollover_policy(&self, name: &str) -> Result<Option<RolloverPolicyRow>>;
 
     /// List all rollover policies.
-    async fn list_rollover_policies(&self) -> Result<Vec<RolloverPolicyRow>>;
+    fn list_rollover_policies(&self) -> Result<Vec<RolloverPolicyRow>>;
 
     /// Delete a rollover policy.
-    async fn delete_rollover_policy(&self, name: &str) -> Result<bool>;
+    fn delete_rollover_policy(&self, name: &str) -> Result<bool>;
 
     // --- Table 13: search_ui_config ---
 
     /// Set search UI config for an index.
-    async fn upsert_search_ui_config(&self, config: &NewSearchUiConfig) -> Result<()>;
+    fn upsert_search_ui_config(&self, config: &NewSearchUiConfig) -> Result<()>;
 
     /// Get search UI config for an index.
-    async fn get_search_ui_config(&self, index_uid: &str) -> Result<Option<SearchUiConfigRow>>;
+    fn get_search_ui_config(&self, index_uid: &str) -> Result<Option<SearchUiConfigRow>>;
 
     /// Delete search UI config for an index.
-    async fn delete_search_ui_config(&self, index_uid: &str) -> Result<bool>;
+    fn delete_search_ui_config(&self, index_uid: &str) -> Result<bool>;
 
     // --- Table 14: admin_sessions ---
 
     /// Create an admin session.
-    async fn insert_admin_session(&self, session: &NewAdminSession) -> Result<()>;
+    fn insert_admin_session(&self, session: &NewAdminSession) -> Result<()>;
 
     /// Get an admin session by id.
-    async fn get_admin_session(&self, session_id: &str) -> Result<Option<AdminSessionRow>>;
+    fn get_admin_session(&self, session_id: &str) -> Result<Option<AdminSessionRow>>;
 
     /// Revoke a session (logout).
-    async fn revoke_admin_session(&self, session_id: &str) -> Result<bool>;
+    fn revoke_admin_session(&self, session_id: &str) -> Result<bool>;
 
     /// Delete expired and revoked sessions (lazy eviction + pruner).
-    async fn delete_expired_admin_sessions(&self, now_ms: i64) -> Result<usize>;
+    fn delete_expired_admin_sessions(&self, now_ms: i64) -> Result<usize>;
 
     // --- Table 15: mode_b_operations ---
 
     /// Create or update a Mode B operation state.
-    async fn upsert_mode_b_operation(&self, operation: &ModeBOperation) -> Result<()>;
+    fn upsert_mode_b_operation(&self, operation: &ModeBOperation) -> Result<()>;
 
     /// Get a Mode B operation by ID.
-    async fn get_mode_b_operation(&self, operation_id: &str) -> Result<Option<ModeBOperation>>;
+    fn get_mode_b_operation(&self, operation_id: &str) -> Result<Option<ModeBOperation>>;
 
     /// Get the active Mode B operation for a scope (if any).
-    async fn get_mode_b_operation_by_scope(&self, scope: &str) -> Result<Option<ModeBOperation>>;
+    fn get_mode_b_operation_by_scope(&self, scope: &str) -> Result<Option<ModeBOperation>>;
 
     /// List Mode B operations by type and/or status.
-    async fn list_mode_b_operations(&self, filter: &ModeBOperationFilter) -> Result<Vec<ModeBOperation>>;
+    fn list_mode_b_operations(&self, filter: &ModeBOperationFilter) -> Result<Vec<ModeBOperation>>;
 
     /// Delete a Mode B operation.
-    async fn delete_mode_b_operation(&self, operation_id: &str) -> Result<bool>;
+    fn delete_mode_b_operation(&self, operation_id: &str) -> Result<bool>;
 
     /// Delete old completed Mode B operations.
-    async fn prune_mode_b_operations(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize>;
+    fn prune_mode_b_operations(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize>;
 }
 
 // --- Row types ---
diff --git a/crates/miroir-core/src/task_store/redis.rs b/crates/miroir-core/src/task_store/redis.rs
index 58bb5d1..f7bfb5a 100644
--- a/crates/miroir-core/src/task_store/redis.rs
+++ b/crates/miroir-core/src/task_store/redis.rs
@@ -1,991 +1,3280 @@
-//! Redis backend for the task store.
+//! Redis-backed TaskStore implementation (plan §4 "Redis mode (HA)").
+//!
+//! This module implements the TaskStore trait using Redis as the backend.
+//! Each SQLite table is mapped to a Redis keyspace as specified in plan §4.
 
-use super::error::{Result, TaskStoreError};
-use super::schema::*;
-use super::TaskStore;
-use redis::AsyncCommands;
-use sha2::{Digest, Sha256};
+use crate::task_store::*;
+use crate::MiroirError;
+use crate::Result;
+use std::collections::HashMap;
 use std::sync::Arc;
+use std::time::SystemTime;
+use tokio::sync::Mutex;
 
-/// Hash an API key using SHA256 and return as hex string for Redis key.
-#[allow(dead_code)]
-fn hash_api_key(api_key: &str) -> String {
-    let mut hasher = Sha256::new();
-    hasher.update(api_key.as_bytes());
-    format!("{:x}", hasher.finalize())
-}
+use ::redis::aio::ConnectionManager;
+use ::redis::{
+    pipe, AsyncCommands, Client, ExistenceCheck, FromRedisValue, Pipeline, SetExpiry, SetOptions,
+    Value,
+};
+use futures_util::StreamExt;
 
-/// Redis connection pool wrapper for CDC and other components.
+/// Redis connection pool wrapper.
+#[derive(Clone)]
 pub struct RedisPool {
-    /// Connection manager (shared via Arc<Mutex<>> for async access).
-    pub manager: Arc<tokio::sync::Mutex<redis::aio::MultiplexedConnection>>,
-    /// Redis client for creating new connections if needed.
-    client: Arc<redis::Client>,
+    /// Connection manager for async operations (shared across clones)
+    pub(crate) manager: Arc<Mutex<ConnectionManager>>,
 }
 
 impl RedisPool {
-    /// Create a new Redis connection pool.
+    /// Create a new Redis pool from a connection URL.
     pub async fn new(url: &str) -> Result<Self> {
-        let client = redis::Client::open(url)?;
+        let client = Client::open(url).map_err(|e| MiroirError::Redis(e.to_string()))?;
         let conn = client
-            .get_multiplexed_async_connection()
+            .get_connection_manager()
             .await
-            .map_err(Into::into)?;
+            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
         Ok(Self {
-            manager: Arc::new(tokio::sync::Mutex::new(conn)),
-            client: Arc::new(client),
+            manager: Arc::new(Mutex::new(conn)),
         })
     }
 
-    /// Get a connection from the pool.
-    pub async fn get_conn(&self) -> Result<redis::aio::MultiplexedConnection> {
-        self.client
-            .get_multiplexed_async_connection()
+    /// Execute a pipeline and return its query result.
+    pub async fn pipeline_query<R>(&self, pipe: &mut Pipeline) -> Result<R>
+    where
+        R: FromRedisValue,
+    {
+        let mut conn = self.manager.lock().await;
+        pipe.query_async(&mut *conn)
             .await
-            .map_err(Into::into)
+            .map_err(|e| MiroirError::Redis(e.to_string()))
+    }
+
+    /// Block on an async future using a dedicated runtime.
+    /// Spawns a dedicated thread with its own single-threaded runtime to avoid
+    /// "cannot start a runtime from within a runtime" panics when called from
+    /// within an existing tokio runtime (e.g., in tests).
+    fn block_on<F>(&self, future: F) -> F::Output
+    where
+        F: std::future::Future + Send + 'static,
+        F::Output: Send + 'static,
+    {
+        // Spawn a dedicated thread to run the async future
+        // This avoids conflicts with any existing tokio runtime
+        std::thread::spawn(move || {
+            let rt = tokio::runtime::Builder::new_current_thread()
+                .enable_all()
+                .build()
+                .expect("Failed to create runtime in thread");
+            rt.block_on(future)
+        })
+        .join()
+        .unwrap_or_else(|_| panic!("block_on thread panicked"))
     }
 }
 
-/// Redis task store implementation.
+/// Redis-backed TaskStore.
+#[derive(Clone)]
 pub struct RedisTaskStore {
-    client: Arc<redis::Client>,
+    /// Redis connection pool
+    pool: RedisPool,
+    /// Key prefix for all Miroir keys
+    key_prefix: String,
 }
 
 impl RedisTaskStore {
-    /// Create a new Redis task store.
-    pub async fn new(url: &str) -> Result<Self> {
-        let client = redis::Client::open(url)?;
-        let store = Self {
-            client: Arc::new(client),
-        };
-        Ok(store)
+    /// Open a Redis task store from a connection URL.
+    pub async fn open(url: &str) -> Result<Self> {
+        let pool = RedisPool::new(url).await?;
+        Ok(Self {
+            pool,
+            key_prefix: "miroir".into(),
+        })
     }
 
-    /// Get a connection from the pool.
-    async fn get_conn(&self) -> Result<redis::aio::MultiplexedConnection> {
-        self.client
-            .get_multiplexed_async_connection()
-            .await
-            .map_err(Into::into)
+    /// Return the key prefix used by this store.
+    pub fn key_prefix(&self) -> &str {
+        &self.key_prefix
     }
 
-    /// Generate a Redis key for a table.
-    fn table_key(&self, table: &str, id: &str) -> String {
-        format!("miroir:{table}:{id}")
+    /// Generate a fully-qualified Redis key.
+    fn key(&self, parts: &[&str]) -> String {
+        format!("{}:{}", self.key_prefix, parts.join(":"))
     }
 
-    /// Generate a Redis key for a table's index.
-    fn index_key(&self, table: &str) -> String {
-        format!("miroir:{table}:_index")
+    /// Helper: run an async future using the dedicated runtime.
+    fn block_on<F>(&self, future: F) -> F::Output
+    where
+        F: std::future::Future + Send + 'static,
+        F::Output: Send + 'static,
+    {
+        self.pool.block_on(future)
+    }
+
+    /// Helper: parse a hash row into a TaskRow.
+    fn task_from_hash(miroir_id: String, fields: &HashMap<String, Value>) -> Result<TaskRow> {
+        let created_at = get_field_i64(fields, "created_at")?;
+        let status = get_field_string(fields, "status")?;
+        let node_tasks_json = get_field_string(fields, "node_tasks")?;
+        let node_tasks: HashMap<String, u64> = serde_json::from_str(&node_tasks_json)
+            .map_err(|e| MiroirError::TaskStore(format!("invalid node_tasks JSON: {e}")))?;
+        let error = opt_field(fields, "error");
+        let started_at = opt_field_i64(fields, "started_at");
+        let finished_at = opt_field_i64(fields, "finished_at");
+        let index_uid = opt_field(fields, "index_uid");
+        let task_type = opt_field(fields, "task_type");
+        let node_errors_json = opt_field(fields, "node_errors").unwrap_or_else(|| "{}".to_string());
+        let node_errors: HashMap<String, String> = serde_json::from_str(&node_errors_json)
+            .map_err(|e| MiroirError::TaskStore(format!("invalid node_errors JSON: {e}")))?;
+
+        Ok(TaskRow {
+            miroir_id,
+            created_at,
+            status,
+            node_tasks,
+            error,
+            started_at,
+            finished_at,
+            index_uid,
+            task_type,
+            node_errors,
+        })
+    }
+
+    /// Helper: parse canary hash row.
+    fn canary_from_hash(id: String, fields: &HashMap<String, Value>) -> Result<CanaryRow> {
+        Ok(CanaryRow {
+            id,
+            name: get_field_string(fields, "name")?,
+            index_uid: get_field_string(fields, "index_uid")?,
+            interval_s: get_field_i64(fields, "interval_s")?,
+            query_json: get_field_string(fields, "query_json")?,
+            assertions_json: get_field_string(fields, "assertions_json")?,
+            enabled: get_field_i64(fields, "enabled")? != 0,
+            created_at: get_field_i64(fields, "created_at")?,
+        })
+    }
+
+    /// Helper: parse alias hash row.
+    fn alias_row_from_hash(name: String, fields: &HashMap<String, Value>) -> Result<AliasRow> {
+        let target_uids_json =
+            opt_field(fields, "target_uids").unwrap_or_else(|| "null".to_string());
+        let target_uids: Option<Vec<String>> =
+            if target_uids_json == "null" {
+                None
+            } else {
+                Some(serde_json::from_str(&target_uids_json).map_err(|e| {
+                    MiroirError::TaskStore(format!("invalid target_uids JSON: {e}"))
+                })?)
+            };
+        let history_json = get_field_string(fields, "history")?;
+        let history: Vec<AliasHistoryEntry> = serde_json::from_str(&history_json)
+            .map_err(|e| MiroirError::TaskStore(format!("invalid history JSON: {e}")))?;
+
+        Ok(AliasRow {
+            name,
+            kind: get_field_string(fields, "kind")?,
+            current_uid: opt_field(fields, "current_uid"),
+            target_uids,
+            version: get_field_i64(fields, "version")?,
+            created_at: get_field_i64(fields, "created_at")?,
+            history,
+        })
     }
 }
 
-#[async_trait::async_trait]
+/// Helper: get a string field from a Redis hash.
+fn get_field_string(fields: &HashMap<String, Value>, key: &str) -> Result<String> {
+    fields
+        .get(key)
+        .and_then(|v| match v {
+            Value::BulkString(bytes) => std::str::from_utf8(bytes).ok().map(String::from),
+            Value::Int(i) => Some(i.to_string()),
+            Value::SimpleString(s) => Some(s.clone()),
+            _ => None,
+        })
+        .ok_or_else(|| MiroirError::TaskStore(format!("missing field: {key}")))
+}
+
+/// Helper: get an i64 field from a Redis hash.
+fn get_field_i64(fields: &HashMap<String, Value>, key: &str) -> Result<i64> {
+    fields
+        .get(key)
+        .and_then(|v| match v {
+            Value::Int(i) => Some(*i),
+            Value::BulkString(bytes) => std::str::from_utf8(bytes)
+                .ok()
+                .and_then(|s| s.parse::<i64>().ok()),
+            Value::SimpleString(s) => s.parse::<i64>().ok(),
+            _ => None,
+        })
+        .ok_or_else(|| MiroirError::TaskStore(format!("missing or invalid field: {key}")))
+}
+
+/// Helper: convert optional field to Option<String>.
+fn opt_field(fields: &HashMap<String, Value>, key: &str) -> Option<String> {
+    fields.get(key).and_then(|v| match v {
+        Value::BulkString(bytes) => std::str::from_utf8(bytes).ok().map(String::from),
+        Value::Int(i) => Some(i.to_string()),
+        Value::SimpleString(s) => Some(s.clone()),
+        _ => None,
+    })
+}
+
+/// Helper: convert optional field to Option<i64>.
+fn opt_field_i64(fields: &HashMap<String, Value>, key: &str) -> Option<i64> {
+    fields.get(key).and_then(|v| match v {
+        Value::Int(i) => Some(*i),
+        Value::BulkString(bytes) => std::str::from_utf8(bytes)
+            .ok()
+            .and_then(|s| s.parse::<i64>().ok()),
+        Value::SimpleString(s) => s.parse::<i64>().ok(),
+        _ => None,
+    })
+}
+
+fn now_ms() -> i64 {
+    SystemTime::now()
+        .duration_since(SystemTime::UNIX_EPOCH)
+        .unwrap()
+        .as_millis() as i64
+}
+
+// ---------------------------------------------------------------------------
+// TaskStore trait implementation
+// ---------------------------------------------------------------------------
+
 impl TaskStore for RedisTaskStore {
-    async fn initialize(&self) -> Result<()> {
-        let mut conn = self.get_conn().await?;
+    fn migrate(&self) -> Result<()> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let version_key = format!("{}:schema_version", key_prefix);
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let current: Option<i64> = conn
+                .get(&version_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        // Set schema version
-        let version_key = "miroir:schema_version";
-        let current_version: Option<i64> = conn.get(version_key).await?;
+            let binary_version = crate::schema_migrations::build_registry().max_version();
 
-        if current_version.is_none() {
-            conn.set::<_, _, ()>(version_key, SCHEMA_VERSION).await?;
-        } else if current_version != Some(SCHEMA_VERSION) {
-            return Err(TaskStoreError::InvalidData(format!(
-                "schema version mismatch: expected {}, got {}",
-                SCHEMA_VERSION,
-                current_version.unwrap()
-            )));
-        }
-
-        Ok(())
-    }
-
-    async fn schema_version(&self) -> Result<i64> {
-        let mut conn = self.get_conn().await?;
-        let version: i64 = conn.get("miroir:schema_version").await?;
-        Ok(version)
-    }
-
-    async fn task_insert(&self, task: &Task) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("tasks", &task.miroir_id);
-
-        // Serialize task
-        let data = serde_json::to_string(task)?;
-
-        // Store task data
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        // Add to index
-        let index_key = self.index_key("tasks");
-        conn.sadd::<_, _, ()>(&index_key, &task.miroir_id).await?;
-
-        Ok(())
-    }
-
-    async fn task_get(&self, miroir_id: &str) -> Result<Option<Task>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("tasks", miroir_id);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let task: Task = serde_json::from_str(&d)?;
-                Ok(Some(task))
+            // Validate that store version is not ahead of binary
+            if let Some(v) = current {
+                if v > binary_version {
+                    return Err(MiroirError::SchemaVersionAhead {
+                        store_version: v,
+                        binary_version,
+                    });
+                }
             }
-            None => Ok(None),
-        }
+
+            // Record or update schema version to match binary
+            // Redis doesn't need SQL migrations (no tables), but we track
+            // version for compatibility with SQLite and to enable the
+            // version-ahead safety check on rollback.
+            let _: () = conn
+                .set(&version_key, binary_version)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(())
+        })
     }
 
-    async fn task_update_status(&self, miroir_id: &str, status: TaskStatus) -> Result<()> {
-        let mut task = self
-            .task_get(miroir_id)
-            .await?
-            .ok_or_else(|| TaskStoreError::NotFound(miroir_id.to_string()))?;
-        task.status = status;
-        self.task_insert(&task).await
+    // --- Table 1: tasks ---
+
+    fn insert_task(&self, task: &NewTask) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let task = task.clone();
+        let key = format!("{}:tasks:{}", key_prefix, task.miroir_id);
+        let index_key = format!("{}:tasks:_index", key_prefix);
+        let created_at_str = task.created_at.to_string();
+
+        self.block_on(async move {
+            let node_tasks_json = serde_json::to_string(&task.node_tasks)?;
+            let node_errors_json = serde_json::to_string(&task.node_errors)?;
+
+            let mut pipe = pipe();
+            pipe.hset_multiple(
+                &key,
+                &[
+                    ("miroir_id", task.miroir_id.as_str()),
+                    ("created_at", created_at_str.as_str()),
+                    ("status", task.status.as_str()),
+                    ("node_tasks", node_tasks_json.as_str()),
+                    ("node_errors", node_errors_json.as_str()),
+                ],
+            );
+            if let Some(ref error) = task.error {
+                pipe.hset(&key, "error", error);
+            }
+            if let Some(started_at) = task.started_at {
+                pipe.hset(&key, "started_at", started_at);
+            }
+            if let Some(finished_at) = task.finished_at {
+                pipe.hset(&key, "finished_at", finished_at);
+            }
+            if let Some(ref index_uid) = task.index_uid {
+                pipe.hset(&key, "index_uid", index_uid);
+            }
+            if let Some(ref task_type) = task.task_type {
+                pipe.hset(&key, "task_type", task_type);
+            }
+            pipe.sadd(&index_key, &task.miroir_id);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
     }
 
-    async fn task_update_node(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<()> {
-        let mut task = self
-            .task_get(miroir_id)
-            .await?
-            .ok_or_else(|| TaskStoreError::NotFound(miroir_id.to_string()))?;
-        task.node_tasks.insert(node_id.to_string(), task_uid);
-        self.task_insert(&task).await
+    fn get_task(&self, miroir_id: &str) -> Result<Option<TaskRow>> {
+        let manager = self.pool.manager.clone();
+        let key = self.key(&["tasks", miroir_id]);
+        let miroir_id = miroir_id.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(Self::task_from_hash(miroir_id, &fields)?))
+            }
+        })
     }
 
-    async fn task_list(&self, filter: &TaskFilter) -> Result<Vec<Task>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("tasks");
+    fn update_task_status(&self, miroir_id: &str, status: &str) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key = self.key(&["tasks", miroir_id]);
+        let status = status.to_string();
 
-        // Get all task IDs from index
-        let all_ids: Vec<String> = conn.smembers(&index_key).await?;
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let exists: bool = conn
+                .hexists(&key, "miroir_id")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .hset(&key, "status", &status)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(true)
+        })
+    }
+
+    fn update_node_task(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key = self.key(&["tasks", miroir_id]);
+        let node_id = node_id.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let node_tasks_json: Option<String> = conn
+                .hget(&key, "node_tasks")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let Some(json) = node_tasks_json else {
+                return Ok(false);
+            };
+
+            let mut map: HashMap<String, u64> = serde_json::from_str(&json)
+                .map_err(|e| MiroirError::TaskStore(format!("invalid node_tasks JSON: {e}")))?;
+            map.insert(node_id, task_uid);
+            let updated = serde_json::to_string(&map)?;
+
+            let _: () = conn
+                .hset(&key, "node_tasks", &updated)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(true)
+        })
+    }
+
+    fn set_task_error(&self, miroir_id: &str, error: &str) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key = self.key(&["tasks", miroir_id]);
+        let error = error.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let exists: bool = conn
+                .hexists(&key, "miroir_id")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .hset(&key, "error", &error)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(true)
+        })
+    }
+
+    fn list_tasks(&self, filter: &TaskFilter) -> Result<Vec<TaskRow>> {
+        let manager = self.pool.manager.clone();
+        let index_key = self.key(&["tasks", "_index"]);
+        let status_filter = filter.status.clone();
+        let index_uid_filter = filter.index_uid.clone();
+        let task_type_filter = filter.task_type.clone();
+        let limit = filter.limit;
+        let offset = filter.offset;
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let all_ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut tasks = Vec::new();
+            for miroir_id in all_ids {
+                let key = format!("{}:tasks:{}", key_prefix, miroir_id);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if fields.is_empty() {
+                    continue;
+                }
+
+                let task = Self::task_from_hash(miroir_id, &fields)?;
 
-        let mut tasks = Vec::new();
-        for id in all_ids {
-            if let Some(task) = self.task_get(&id).await? {
                 // Apply filters
-                if let Some(status) = filter.status {
-                    if task.status != status {
+                if let Some(ref status) = status_filter {
+                    if &task.status != status {
                         continue;
                     }
                 }
+                if let Some(ref index_uid) = index_uid_filter {
+                    if task.index_uid.as_ref() != Some(index_uid) {
+                        continue;
+                    }
+                }
+                if let Some(ref task_type) = task_type_filter {
+                    if task.task_type.as_ref() != Some(task_type) {
+                        continue;
+                    }
+                }
+
                 tasks.push(task);
             }
-        }
 
-        // Sort by created_at descending
-        tasks.sort_by(|a, b| b.created_at.cmp(&a.created_at));
+            // Sort by created_at DESC
+            tasks.sort_by(|a, b| b.created_at.cmp(&a.created_at));
 
-        // Apply limit/offset
-        let offset = filter.offset.unwrap_or(0);
-        let limit = filter.limit.unwrap_or(tasks.len());
+            // Apply pagination
+            if let Some(offset) = offset {
+                if offset < tasks.len() {
+                    tasks.drain(0..offset);
+                } else {
+                    tasks.clear();
+                }
+            }
+            if let Some(limit) = limit {
+                tasks.truncate(limit);
+            }
 
-        Ok(tasks.into_iter().skip(offset).take(limit).collect())
+            Ok(tasks)
+        })
     }
 
-    async fn node_settings_version_get(&self, index: &str, node_id: &str) -> Result<Option<i64>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("node_settings_version", &format!("{index}:{node_id}"));
+    fn prune_tasks(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize> {
+        let manager = self.pool.manager.clone();
+        let pool = self.pool.clone();
+        let index_key = self.key(&["tasks", "_index"]);
+        let key_prefix = self.key_prefix.clone();
 
-        let version: Option<i64> = conn.get(&key).await?;
-        Ok(version)
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let all_ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let terminal_statuses = ["succeeded", "failed", "canceled"];
+            let mut to_delete = Vec::new();
+
+            for miroir_id in all_ids.into_iter().take(batch_size as usize) {
+                let key = format!("{}:tasks:{}", key_prefix, miroir_id);
+
+                // Use a pipeline to get both fields atomically
+                let mut p = pipe();
+                p.hget(&key, "created_at");
+                p.hget(&key, "status");
+                let result: (Option<String>, Option<String>) = pool.pipeline_query(&mut p).await?;
+
+                if let (Some(created_at_str), Some(status)) = result {
+                    let created_at: i64 = created_at_str
+                        .parse()
+                        .map_err(|e| MiroirError::TaskStore(format!("invalid created_at: {e}")))?;
+                    if created_at < cutoff_ms && terminal_statuses.contains(&status.as_str()) {
+                        to_delete.push(miroir_id);
+                    }
+                }
+            }
+
+            if to_delete.is_empty() {
+                return Ok(0);
+            }
+
+            // Delete tasks and remove from index
+            let mut pipe = pipe();
+            for miroir_id in &to_delete {
+                let key = format!("{}:tasks:{}", key_prefix, miroir_id);
+                pipe.del(&key);
+                pipe.srem(&index_key, miroir_id);
+            }
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(to_delete.len())
+        })
     }
 
-    async fn node_settings_version_set(
+    fn list_terminal_tasks_batch(
         &self,
-        index: &str,
+        cutoff_ms: i64,
+        offset: i64,
+        limit: i64,
+    ) -> Result<Vec<TaskRow>> {
+        let pool = self.pool.clone();
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let terminal_statuses = ["succeeded", "failed", "canceled"];
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let index_key = format!("{}:tasks:_index", key_prefix);
+            let all_ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut results = Vec::new();
+            let mut skipped = 0;
+            let mut added = 0;
+
+            for miroir_id in all_ids {
+                if added >= limit {
+                    break;
+                }
+                let key = format!("{}:tasks:{}", key_prefix, miroir_id);
+
+                // Get created_at and status
+                let mut p = pipe();
+                p.hget(&key, "created_at");
+                p.hget(&key, "status");
+                let result: (Option<String>, Option<String>) = pool
+                    .pipeline_query(&mut p)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if let (Some(created_at_str), Some(status)) = result {
+                    if !terminal_statuses.contains(&status.as_str()) {
+                        continue;
+                    }
+                    let created_at: i64 = created_at_str
+                        .parse()
+                        .map_err(|e| MiroirError::TaskStore(format!("invalid created_at: {e}")))?;
+
+                    if created_at >= cutoff_ms {
+                        continue;
+                    }
+
+                    if skipped < offset {
+                        skipped += 1;
+                        continue;
+                    }
+
+                    // Get full task
+                    let fields: HashMap<String, Value> = conn
+                        .hgetall(&key)
+                        .await
+                        .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                    if fields.is_empty() {
+                        continue;
+                    }
+
+                    // Construct TaskRow from fields
+                    let created_at = get_field_i64(&fields, "created_at")?;
+                    let status = get_field_string(&fields, "status")?;
+                    let node_tasks_json = get_field_string(&fields, "node_tasks")?;
+                    let node_tasks: HashMap<String, u64> = serde_json::from_str(&node_tasks_json)
+                        .map_err(|e| {
+                        MiroirError::TaskStore(format!("invalid node_tasks JSON: {e}"))
+                    })?;
+                    let error = opt_field(&fields, "error");
+                    let started_at = opt_field_i64(&fields, "started_at");
+                    let finished_at = opt_field_i64(&fields, "finished_at");
+                    let index_uid = opt_field(&fields, "index_uid");
+                    let task_type = opt_field(&fields, "task_type");
+                    let node_errors_json =
+                        opt_field(&fields, "node_errors").unwrap_or_else(|| "{}".to_string());
+                    let node_errors: HashMap<String, String> =
+                        serde_json::from_str(&node_errors_json).map_err(|e| {
+                            MiroirError::TaskStore(format!("invalid node_errors JSON: {e}"))
+                        })?;
+
+                    results.push(TaskRow {
+                        miroir_id,
+                        created_at,
+                        status,
+                        node_tasks,
+                        error,
+                        started_at,
+                        finished_at,
+                        index_uid,
+                        task_type,
+                        node_errors,
+                    });
+                    added += 1;
+                }
+            }
+
+            Ok(results)
+        })
+    }
+
+    fn delete_tasks_batch(&self, miroir_ids: &[&str]) -> Result<usize> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_key = format!("{}:tasks:_index", key_prefix);
+        let ids: Vec<String> = miroir_ids.iter().map(|s| s.to_string()).collect();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            for miroir_id in &ids {
+                let key = format!("{}:tasks:{}", key_prefix, miroir_id);
+                pipe.del(&key);
+                pipe.srem(&index_key, miroir_id);
+            }
+            pool.pipeline_query::<()>(&mut pipe)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(ids.len())
+        })
+    }
+
+    fn task_count(&self) -> Result<u64> {
+        let manager = self.pool.manager.clone();
+        let index_key = self.key(&["tasks", "_index"]);
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let count: u64 = conn
+                .scard(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(count)
+        })
+    }
+
+    // --- Table 2: node_settings_version ---
+
+    fn upsert_node_settings_version(
+        &self,
+        index_uid: &str,
         node_id: &str,
         version: i64,
+        updated_at: i64,
     ) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("node_settings_version", &format!("{index}:{node_id}"));
-        let now = chrono::Utc::now().timestamp_millis() as u64;
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let node_id = node_id.to_string();
+        let key = format!(
+            "{}:node_settings_version:{}:{}",
+            key_prefix, index_uid, node_id
+        );
+        let index_key = format!("{}:node_settings_version:_index", key_prefix);
 
-        // Store version with timestamp
-        let data = serde_json::json!({
-            "version": version,
-            "updated_at": now,
-        });
-        conn.set::<_, _, ()>(&key, data.to_string()).await?;
+        self.block_on(async move {
+            let version_str = version.to_string();
+            let updated_at_str = updated_at.to_string();
+            let index_value = format!("{}:{}", index_uid, node_id);
 
-        Ok(())
+            let mut pipe = pipe();
+            pipe.hset_multiple(
+                &key,
+                &[
+                    ("index_uid", index_uid.as_str()),
+                    ("node_id", node_id.as_str()),
+                    ("version", version_str.as_str()),
+                    ("updated_at", updated_at_str.as_str()),
+                ],
+            );
+            pipe.sadd(&index_key, index_value);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
     }
 
-    async fn alias_upsert(&self, alias: &Alias) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("aliases", &alias.name);
-
-        let data = serde_json::to_string(alias)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        // Add to index
-        let index_key = self.index_key("aliases");
-        conn.sadd::<_, _, ()>(&index_key, &alias.name).await?;
-
-        Ok(())
-    }
-
-    async fn alias_get(&self, name: &str) -> Result<Option<Alias>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("aliases", name);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let alias: Alias = serde_json::from_str(&d)?;
-                Ok(Some(alias))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn alias_delete(&self, name: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("aliases", name);
-        let index_key = self.index_key("aliases");
-
-        conn.del::<_, ()>(&key).await?;
-        conn.srem::<_, _, ()>(&index_key, name).await?;
-
-        Ok(())
-    }
-
-    async fn alias_list(&self) -> Result<Vec<Alias>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("aliases");
-
-        let all_names: Vec<String> = conn.smembers(&index_key).await?;
-
-        let mut aliases = Vec::new();
-        for name in all_names {
-            if let Some(alias) = self.alias_get(&name).await? {
-                aliases.push(alias);
-            }
-        }
-
-        Ok(aliases)
-    }
-
-    async fn session_upsert(&self, session: &Session) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("sessions", &session.session_id);
-
-        let data = serde_json::to_string(session)?;
-        // Calculate TTL in seconds from the ttl field (Unix millis)
-        let now = chrono::Utc::now().timestamp_millis() as u64;
-        let ttl_seconds = if session.ttl > now {
-            (session.ttl - now) / 1000
-        } else {
-            1 // Minimum 1 second
-        };
-        conn.set_ex::<_, _, ()>(&key, data, ttl_seconds).await?;
-
-        Ok(())
-    }
-
-    async fn session_get(&self, session_id: &str) -> Result<Option<Session>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("sessions", session_id);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let session: Session = serde_json::from_str(&d)?;
-                Ok(Some(session))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn session_delete(&self, session_id: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("sessions", session_id);
-        conn.del::<_, ()>(&key).await?;
-        Ok(())
-    }
-
-    async fn session_delete_by_index(&self, _index: &str) -> Result<()> {
-        // This is expensive in Redis - we need to scan all sessions
-        // For now, we'll return an error to discourage this pattern
-        Err(TaskStoreError::InvalidData(
-            "session_delete_by_index is not efficient in Redis mode".to_string(),
-        ))
-    }
-
-    async fn idempotency_check(&self, key: &str) -> Result<Option<IdempotencyEntry>> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = self.table_key("idempotency_cache", key);
-
-        let data: Option<String> = conn.get(&redis_key).await?;
-        match data {
-            Some(d) => {
-                let entry: IdempotencyEntry = serde_json::from_str(&d)?;
-                Ok(Some(entry))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn idempotency_record(&self, entry: &IdempotencyEntry) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = self.table_key("idempotency_cache", &entry.key);
-
-        let data = serde_json::to_string(entry)?;
-        // Set with 1 hour expiration
-        conn.set_ex::<_, _, ()>(&redis_key, data, 3600).await?;
-
-        Ok(())
-    }
-
-    async fn idempotency_prune(&self, _before_ts: u64) -> Result<u64> {
-        // Redis handles expiration automatically via TTL
-        Ok(0)
-    }
-
-    async fn job_enqueue(&self, job: &Job) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("jobs", &job.id);
-
-        let data = serde_json::to_string(job)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        // Add to enqueued queue
-        conn.rpush::<_, _, ()>("miroir:jobs:enqueued", &job.id)
-            .await?;
-
-        Ok(())
-    }
-
-    async fn job_dequeue(&self, worker_id: &str) -> Result<Option<Job>> {
-        let mut conn = self.get_conn().await?;
-
-        // Pop from enqueued queue (pop single element)
-        let job_id: Option<String> = conn.lpop("miroir:jobs:enqueued", None).await?;
-
-        if let Some(job_id) = job_id {
-            // Get the job
-            let mut job = self
-                .job_get(&job_id)
-                .await?
-                .ok_or_else(|| TaskStoreError::NotFound(job_id.clone()))?;
-
-            // Update state
-            job.state = JobState::InProgress;
-            job.claimed_by = Some(worker_id.to_string());
-            job.claim_expires_at = Some(chrono::Utc::now().timestamp_millis() as u64 + 300000); // 5 min lease
-
-            // Save updated job
-            self.job_enqueue(&job).await?;
-
-            // Remove from enqueued queue (we already popped it)
-            conn.lrem::<_, _, ()>("miroir:jobs:enqueued", 1, &job_id)
-                .await?;
-
-            Ok(Some(job))
-        } else {
-            Ok(None)
-        }
-    }
-
-    async fn job_update_status(
+    fn get_node_settings_version(
         &self,
-        job_id: &str,
-        status: JobState,
-        result: Option<&str>,
-    ) -> Result<()> {
-        let mut job = self
-            .job_get(job_id)
-            .await?
-            .ok_or_else(|| TaskStoreError::NotFound(job_id.to_string()))?;
-
-        job.state = status;
-
-        // Update progress with result if provided
-        if let Some(r) = result {
-            job.progress = r.to_string();
-        }
-
-        // Clear claim when terminal
-        if matches!(status, JobState::Completed | JobState::Failed) {
-            job.claimed_by = None;
-            job.claim_expires_at = None;
-        }
-
-        self.job_enqueue(&job).await?;
-        Ok(())
-    }
-
-    async fn job_get(&self, job_id: &str) -> Result<Option<Job>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("jobs", job_id);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let job: Job = serde_json::from_str(&d)?;
-                Ok(Some(job))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn job_list(&self, status: Option<JobState>, limit: usize) -> Result<Vec<Job>> {
-        // Get all job IDs from the enqueued queue
-        let mut conn = self.get_conn().await?;
-        let all_ids: Vec<String> = conn.lrange("miroir:jobs:enqueued", 0, -1).await?;
-
-        let mut jobs = Vec::new();
-        for id in all_ids {
-            if let Some(job) = self.job_get(&id).await? {
-                if status.is_none() || Some(job.state) == status {
-                    jobs.push(job);
-                }
-            }
-        }
-
-        // Sort by ID (as proxy for time) and limit
-        jobs.sort_by(|a, b| b.id.cmp(&a.id));
-        jobs.truncate(limit);
-
-        Ok(jobs)
-    }
-
-    async fn leader_lease_acquire(&self, lease: &LeaderLease) -> Result<bool> {
-        let mut conn = self.get_conn().await?;
-        let key = "miroir:leader_lease";
-
-        // Calculate TTL from expires_at to now
-        let now = chrono::Utc::now().timestamp_millis() as u64;
-        let ttl = if lease.expires_at > now {
-            (lease.expires_at - now) / 1000
-        } else {
-            1 // Minimum 1 second
-        };
-        #[allow(clippy::cast_possible_truncation)]
-        let ttl_usize = ttl as usize;
-
-        // Use the options API to set with NX and EX
-        let acquired: bool = redis::cmd("SET")
-            .arg(key)
-            .arg(serde_json::to_string(lease)?)
-            .arg("NX")
-            .arg("EX")
-            .arg(ttl_usize)
-            .query_async(&mut conn)
-            .await?;
-
-        Ok(acquired)
-    }
-
-    async fn leader_lease_release(&self, _lease_id: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        conn.del::<_, ()>("miroir:leader_lease").await?;
-        Ok(())
-    }
-
-    async fn leader_lease_get(&self) -> Result<Option<LeaderLease>> {
-        let mut conn = self.get_conn().await?;
-        let data: Option<String> = conn.get("miroir:leader_lease").await?;
-
-        match data {
-            Some(d) => {
-                let lease: LeaderLease = serde_json::from_str(&d)?;
-                Ok(Some(lease))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn canary_upsert(&self, canary: &Canary) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("canaries", &canary.name);
-
-        let data = serde_json::to_string(canary)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        let index_key = self.index_key("canaries");
-        conn.sadd::<_, _, ()>(&index_key, &canary.name).await?;
-
-        Ok(())
-    }
-
-    async fn canary_get(&self, name: &str) -> Result<Option<Canary>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("canaries", name);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let canary: Canary = serde_json::from_str(&d)?;
-                Ok(Some(canary))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn canary_delete(&self, name: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("canaries", name);
-        let index_key = self.index_key("canaries");
-
-        conn.del::<_, ()>(&key).await?;
-        conn.srem::<_, _, ()>(&index_key, name).await?;
-
-        Ok(())
-    }
-
-    async fn canary_list(&self) -> Result<Vec<Canary>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("canaries");
-
-        let all_names: Vec<String> = conn.smembers(&index_key).await?;
-
-        let mut canaries = Vec::new();
-        for name in all_names {
-            if let Some(canary) = self.canary_get(&name).await? {
-                canaries.push(canary);
-            }
-        }
-
-        Ok(canaries)
-    }
-
-    async fn canary_run_insert(&self, run: &CanaryRun) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        // Use canary_id:ran_at as the unique key for the run
-        let run_key = format!("{}:{}", run.canary_id, run.ran_at);
-        let key = self.table_key("canary_runs", &run_key);
-
-        let data = serde_json::to_string(run)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        // Add to canary-specific runs list
-        let canary_runs_key = format!("miroir:canary_runs:{}:index", run.canary_id);
-        conn.lpush::<_, _, ()>(&canary_runs_key, &run_key).await?;
-
-        Ok(())
-    }
-
-    async fn canary_run_list(&self, canary_name: &str, limit: usize) -> Result<Vec<CanaryRun>> {
-        let mut conn = self.get_conn().await?;
-        let canary_runs_key = format!("miroir:canary_runs:{canary_name}:index");
-
-        let run_ids: Vec<String> = conn.lrange(&canary_runs_key, 0, limit as isize - 1).await?;
-
-        let mut runs = Vec::new();
-        for run_id in run_ids {
-            let key = self.table_key("canary_runs", &run_id);
-            let data: Option<String> = conn.get(&key).await?;
-
-            if let Some(d) = data {
-                if let Ok(run) = serde_json::from_str::<CanaryRun>(&d) {
-                    runs.push(run);
-                }
-            }
-        }
-
-        Ok(runs)
-    }
-
-    async fn canary_run_prune(&self, _before_ts: u64) -> Result<u64> {
-        // Redis would need a different approach for pruning
-        // For now, rely on TTL
-        Ok(0)
-    }
-
-    async fn cdc_cursor_get(&self, sink: &str, index: &str) -> Result<Option<CdcCursor>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("cdc_cursors", &format!("{sink}:{index}"));
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let cursor: CdcCursor = serde_json::from_str(&d)?;
-                Ok(Some(cursor))
-            }
-            None => Ok(None),
-        }
-    }
-
-    async fn cdc_cursor_set(&self, cursor: &CdcCursor) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key(
-            "cdc_cursors",
-            &format!("{}:{}", cursor.sink_name, cursor.index_uid),
+        index_uid: &str,
+        node_id: &str,
+    ) -> Result<Option<NodeSettingsVersionRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let node_id = node_id.to_string();
+        let key = format!(
+            "{}:node_settings_version:{}:{}",
+            key_prefix, index_uid, node_id
         );
 
-        let data = serde_json::to_string(cursor)?;
-        conn.set::<_, _, ()>(&key, data).await?;
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        Ok(())
-    }
-
-    async fn cdc_cursor_list(&self, _sink: &str) -> Result<Vec<CdcCursor>> {
-        // This requires scanning, which is expensive
-        // For now, return empty list
-        Ok(Vec::new())
-    }
-
-    async fn tenant_upsert(&self, tenant: &Tenant) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        // Convert hash bytes to hex string for Redis key
-        let key_hex = hex::encode(&tenant.api_key_hash);
-        let key = self.table_key("tenant_map", &key_hex);
-
-        let data = serde_json::to_string(tenant)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        let index_key = self.index_key("tenant_map");
-        conn.sadd::<_, _, ()>(&index_key, &key_hex).await?;
-
-        Ok(())
-    }
-
-    async fn tenant_get(&self, api_key: &str) -> Result<Option<Tenant>> {
-        let mut conn = self.get_conn().await?;
-        // Hash the API key and convert to hex for lookup
-        use std::hash::Hasher;
-        use twox_hash::XxHash64;
-        let mut hasher = XxHash64::with_seed(0);
-        hasher.write(api_key.as_bytes());
-        let hash = hasher.finish();
-        let key_hex = format!("{hash:016x}");
-        let key = self.table_key("tenant_map", &key_hex);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let tenant: Tenant = serde_json::from_str(&d)?;
-                Ok(Some(tenant))
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(NodeSettingsVersionRow {
+                    index_uid: index_uid.to_string(),
+                    node_id: node_id.to_string(),
+                    version: get_field_i64(&fields, "version")?,
+                    updated_at: get_field_i64(&fields, "updated_at")?,
+                }))
             }
-            None => Ok(None),
-        }
+        })
     }
 
-    async fn tenant_delete(&self, api_key: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        // Hash the API key and convert to hex for lookup
-        use std::hash::Hasher;
-        use twox_hash::XxHash64;
-        let mut hasher = XxHash64::with_seed(0);
-        hasher.write(api_key.as_bytes());
-        let hash = hasher.finish();
-        let key_hex = format!("{hash:016x}");
-        let key = self.table_key("tenant_map", &key_hex);
-        let index_key = self.index_key("tenant_map");
+    // --- Table 3: aliases ---
 
-        conn.del::<_, ()>(&key).await?;
-        conn.srem::<_, _, ()>(&index_key, &key_hex).await?;
+    fn create_alias(&self, alias: &NewAlias) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = alias.name.clone();
+        let kind = alias.kind.clone();
+        let target_uids_json = alias
+            .target_uids
+            .as_ref()
+            .map(|uids| serde_json::to_string(uids))
+            .transpose()?
+            .unwrap_or_default();
+        let history_json = serde_json::to_string(&alias.history)?;
+        let version_str = alias.version.to_string();
+        let created_at_str = alias.created_at.to_string();
+        let current_uid = alias.current_uid.clone();
+        let has_target_uids = alias.target_uids.is_some();
+        let key = format!("{}:aliases:{}", key_prefix, name);
+        let index_key = format!("{}:aliases:_index", key_prefix);
 
-        Ok(())
-    }
-
-    async fn tenant_list(&self) -> Result<Vec<Tenant>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("tenant_map");
-
-        let all_keys: Vec<String> = conn.smembers(&index_key).await?;
-
-        let mut tenants = Vec::new();
-        for key in all_keys {
-            if let Some(tenant) = self.tenant_get(&key).await? {
-                tenants.push(tenant);
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset_multiple(
+                &key,
+                &[
+                    ("name", name.as_str()),
+                    ("kind", kind.as_str()),
+                    ("version", version_str.as_str()),
+                    ("created_at", created_at_str.as_str()),
+                    ("history", history_json.as_str()),
+                ],
+            );
+            if let Some(ref current_uid) = current_uid {
+                pipe.hset(&key, "current_uid", current_uid);
             }
-        }
-
-        Ok(tenants)
-    }
-
-    async fn rollover_policy_upsert(&self, policy: &RolloverPolicy) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("rollover_policies", &policy.name);
-
-        let data = serde_json::to_string(policy)?;
-        conn.set::<_, _, ()>(&key, data).await?;
-
-        let index_key = self.index_key("rollover_policies");
-        conn.sadd::<_, _, ()>(&index_key, &policy.name).await?;
-
-        Ok(())
-    }
-
-    async fn rollover_policy_get(&self, name: &str) -> Result<Option<RolloverPolicy>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("rollover_policies", name);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let policy: RolloverPolicy = serde_json::from_str(&d)?;
-                Ok(Some(policy))
+            if has_target_uids {
+                pipe.hset(&key, "target_uids", &target_uids_json);
             }
-            None => Ok(None),
-        }
+            pipe.sadd(&index_key, &name);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
     }
 
-    async fn rollover_policy_delete(&self, name: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("rollover_policies", name);
-        let index_key = self.index_key("rollover_policies");
+    fn get_alias(&self, name: &str) -> Result<Option<AliasRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = name.to_string();
+        let key = format!("{}:aliases:{}", key_prefix, name);
 
-        conn.del::<_, ()>(&key).await?;
-        conn.srem::<_, _, ()>(&index_key, name).await?;
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        Ok(())
-    }
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                let history_json = get_field_string(&fields, "history")?;
+                let history: Vec<AliasHistoryEntry> = serde_json::from_str(&history_json)
+                    .map_err(|e| MiroirError::TaskStore(format!("invalid history JSON: {e}")))?;
 
-    async fn rollover_policy_list(&self) -> Result<Vec<RolloverPolicy>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("rollover_policies");
+                let target_uids = opt_field(&fields, "target_uids")
+                    .map(|json| {
+                        serde_json::from_str(&json).map_err(|e| {
+                            MiroirError::TaskStore(format!("invalid target_uids JSON: {e}"))
+                        })
+                    })
+                    .transpose()?;
 
-        let all_names: Vec<String> = conn.smembers(&index_key).await?;
-
-        let mut policies = Vec::new();
-        for name in all_names {
-            if let Some(policy) = self.rollover_policy_get(&name).await? {
-                policies.push(policy);
+                Ok(Some(AliasRow {
+                    name: name.clone(),
+                    kind: get_field_string(&fields, "kind")?,
+                    current_uid: opt_field(&fields, "current_uid"),
+                    target_uids,
+                    version: get_field_i64(&fields, "version")?,
+                    created_at: get_field_i64(&fields, "created_at")?,
+                    history,
+                }))
             }
-        }
-
-        Ok(policies)
+        })
     }
 
-    async fn search_ui_config_upsert(&self, config: &SearchUiConfig) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("search_ui_config", &config.index_uid);
+    fn flip_alias(&self, name: &str, new_uid: &str, history_retention: usize) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = name.to_string();
+        let new_uid = new_uid.to_string();
+        let key = format!("{}:aliases:{}", key_prefix, name);
 
-        let data = serde_json::to_string(config)?;
-        conn.set::<_, _, ()>(&key, data).await?;
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        let index_key = self.index_key("search_ui_config");
-        conn.sadd::<_, _, ()>(&index_key, &config.index_uid).await?;
-
-        Ok(())
-    }
-
-    async fn search_ui_config_get(&self, index: &str) -> Result<Option<SearchUiConfig>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("search_ui_config", index);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let config: SearchUiConfig = serde_json::from_str(&d)?;
-                Ok(Some(config))
+            if fields.is_empty() {
+                return Ok(false);
             }
-            None => Ok(None),
-        }
-    }
 
-    async fn search_ui_config_delete(&self, index: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("search_ui_config", index);
-        let index_key = self.index_key("search_ui_config");
+            let old_uid = opt_field(&fields, "current_uid").unwrap_or_default();
+            let old_version = get_field_i64(&fields, "version")?;
+            let history_json = get_field_string(&fields, "history")?;
+            let mut history: Vec<AliasHistoryEntry> = serde_json::from_str(&history_json)
+                .map_err(|e| MiroirError::TaskStore(format!("invalid history JSON: {e}")))?;
 
-        conn.del::<_, ()>(&key).await?;
-        conn.srem::<_, _, ()>(&index_key, index).await?;
-
-        Ok(())
-    }
-
-    async fn search_ui_config_list(&self) -> Result<Vec<SearchUiConfig>> {
-        let mut conn = self.get_conn().await?;
-        let index_key = self.index_key("search_ui_config");
-
-        let all_indices: Vec<String> = conn.smembers(&index_key).await?;
-
-        let mut configs = Vec::new();
-        for index in all_indices {
-            if let Some(config) = self.search_ui_config_get(&index).await? {
-                configs.push(config);
+            if !old_uid.is_empty() {
+                history.push(AliasHistoryEntry {
+                    uid: old_uid,
+                    flipped_at: now_ms(),
+                });
             }
-        }
-
-        Ok(configs)
-    }
-
-    async fn admin_session_upsert(&self, session: &AdminSession) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("admin_sessions", &session.session_id);
-
-        let data = serde_json::to_string(session)?;
-        conn.set_ex::<_, _, ()>(&key, data, (session.expires_at - session.created_at) / 1000)
-            .await?;
-
-        Ok(())
-    }
-
-    async fn admin_session_get(&self, session_id: &str) -> Result<Option<AdminSession>> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("admin_sessions", session_id);
-
-        let data: Option<String> = conn.get(&key).await?;
-        match data {
-            Some(d) => {
-                let session: AdminSession = serde_json::from_str(&d)?;
-                Ok(Some(session))
+            while history.len() > history_retention {
+                history.remove(0);
             }
-            None => Ok(None),
-        }
+
+            let new_history_json = serde_json::to_string(&history)?;
+            let new_version_str = (old_version + 1).to_string();
+
+            // Use pipeline_query for the atomic update
+            let mut pipe = pipe();
+            pipe.hset(&key, "current_uid", &new_uid);
+            pipe.hset(&key, "version", &new_version_str);
+            pipe.hset(&key, "history", &new_history_json);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
     }
 
-    async fn admin_session_delete(&self, session_id: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = self.table_key("admin_sessions", session_id);
-        conn.del::<_, ()>(&key).await?;
-        Ok(())
+    fn delete_alias(&self, name: &str) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = name.to_string();
+        let key = format!("{}:aliases:{}", key_prefix, name);
+        let index_key = format!("{}:aliases:_index", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let mut pipe = pipe();
+            pipe.del(&key);
+            pipe.srem(&index_key, &name);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
     }
 
-    async fn admin_session_revoke(&self, session_id: &str) -> Result<()> {
-        let mut session = self
-            .admin_session_get(session_id)
-            .await?
-            .ok_or_else(|| TaskStoreError::NotFound(session_id.to_string()))?;
+    fn list_aliases(&self) -> Result<Vec<AliasRow>> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_key = format!("{}:aliases:_index", key_prefix);
 
-        session.revoked = 1;
-        self.admin_session_upsert(&session).await?;
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
 
-        // Publish to Pub/Sub for instant propagation
-        let mut conn = self.get_conn().await?;
-        let _: usize = conn
-            .publish("miroir:admin_session:revoked", session_id)
-            .await?;
+            // Get all alias names from the index set
+            let names: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        Ok(())
+            let mut result = Vec::new();
+            for name in names {
+                let key = format!("{}:aliases:{}", key_prefix, name);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    result.push(Self::alias_row_from_hash(name, &fields)?);
+                }
+            }
+
+            Ok(result)
+        })
     }
 
-    async fn admin_session_is_revoked(&self, session_id: &str) -> Result<bool> {
-        if let Some(session) = self.admin_session_get(session_id).await? {
-            Ok(session.revoked != 0)
-        } else {
-            Ok(false)
-        }
+    // --- Table 4: sessions ---
+
+    fn upsert_session(&self, session: &SessionRow) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let session = session.clone();
+        let key = format!("{}:session:{}", key_prefix, session.session_id);
+        let ttl_seconds = ((session.ttl - now_ms()) / 1000).max(0) as u64;
+
+        self.block_on(async move {
+            let min_settings_version_str = session.min_settings_version.to_string();
+            let ttl_str = session.ttl.to_string();
+
+            let mut pipe = pipe();
+            pipe.hset(&key, "session_id", &session.session_id);
+            pipe.hset(&key, "min_settings_version", &min_settings_version_str);
+            pipe.hset(&key, "ttl", &ttl_str);
+            pipe.expire(&key, ttl_seconds as i64);
+
+            if let Some(ref mtask_id) = session.last_write_mtask_id {
+                pipe.hset(&key, "last_write_mtask_id", mtask_id);
+            }
+            if let Some(at) = session.last_write_at {
+                pipe.hset(&key, "last_write_at", at.to_string());
+            }
+            if let Some(group) = session.pinned_group {
+                pipe.hset(&key, "pinned_group", group.to_string());
+            }
+
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(())
+        })
     }
 
-    // Redis-specific operations
+    fn get_session(&self, session_id: &str) -> Result<Option<SessionRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let session_id = session_id.to_string();
+        let key = format!("{}:session:{}", key_prefix, session_id);
 
-    async fn ratelimit_increment(
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(SessionRow {
+                    session_id: session_id.clone(),
+                    last_write_mtask_id: opt_field(&fields, "last_write_mtask_id"),
+                    last_write_at: opt_field_i64(&fields, "last_write_at"),
+                    pinned_group: opt_field_i64(&fields, "pinned_group"),
+                    min_settings_version: get_field_i64(&fields, "min_settings_version")?,
+                    ttl: get_field_i64(&fields, "ttl")?,
+                }))
+            }
+        })
+    }
+
+    fn delete_expired_sessions(&self, _now_ms: i64) -> Result<usize> {
+        // Redis handles session expiration via EXPIRE — no manual pruning needed.
+        // Return 0 for compatibility.
+        Ok(0)
+    }
+
+    // --- Table 5: idempotency_cache ---
+
+    fn insert_idempotency_entry(&self, entry: &IdempotencyEntry) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let entry = entry.clone();
+        let key = format!("{}:idemp:{}", key_prefix, entry.key);
+        let ttl_seconds = ((entry.expires_at - now_ms()) / 1000).max(0) as u64;
+
+        // Store body_sha256 as hex string for Redis compatibility
+        let body_sha256_hex = hex::encode(&entry.body_sha256);
+        let expires_at_str = entry.expires_at.to_string();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "key", &entry.key);
+            pipe.hset(&key, "body_sha256", &body_sha256_hex);
+            pipe.hset(&key, "miroir_task_id", &entry.miroir_task_id);
+            pipe.hset(&key, "expires_at", &expires_at_str);
+            pipe.expire(&key, ttl_seconds as i64);
+
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(())
+        })
+    }
+
+    fn get_idempotency_entry(&self, key: &str) -> Result<Option<IdempotencyEntry>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let key = key.to_string();
+        let redis_key = format!("{}:idemp:{}", key_prefix, key);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&redis_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                let body_sha256_hex = get_field_string(&fields, "body_sha256")?;
+                let body_sha256 = hex::decode(&body_sha256_hex)
+                    .map_err(|e| MiroirError::TaskStore(format!("invalid body_sha256 hex: {e}")))?;
+
+                Ok(Some(IdempotencyEntry {
+                    key: key.clone(),
+                    body_sha256,
+                    miroir_task_id: get_field_string(&fields, "miroir_task_id")?,
+                    expires_at: get_field_i64(&fields, "expires_at")?,
+                }))
+            }
+        })
+    }
+
+    fn delete_expired_idempotency_entries(&self, _now_ms: i64) -> Result<usize> {
+        // Redis handles expiration via EXPIRE — no manual pruning needed.
+        Ok(0)
+    }
+
+    // --- Table 6: jobs ---
+
+    fn insert_job(&self, job: &NewJob) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let job = job.clone();
+        let key = format!("{}:jobs:{}", key_prefix, job.id);
+        let queued_key = format!("{}:jobs:_queued", key_prefix);
+        let index_key = format!("{}:jobs:_index", key_prefix);
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+
+            // Prepare fields with owned strings for numeric values
+            let mut owned_fields: Vec<(String, String)> = Vec::new();
+
+            if let Some(chunk_index) = job.chunk_index {
+                owned_fields.push(("chunk_index".to_string(), chunk_index.to_string()));
+            }
+            if let Some(total_chunks) = job.total_chunks {
+                owned_fields.push(("total_chunks".to_string(), total_chunks.to_string()));
+            }
+            owned_fields.push(("created_at".to_string(), job.created_at.to_string()));
+
+            let mut fields = vec![
+                ("id", job.id.as_str()),
+                ("type", job.type_.as_str()),
+                ("params", job.params.as_str()),
+                ("state", job.state.as_str()),
+                ("progress", job.progress.as_str()),
+            ];
+
+            // Add chunking fields if present
+            if let Some(ref parent_job_id) = job.parent_job_id {
+                fields.push(("parent_job_id", parent_job_id.as_str()));
+            }
+
+            // Add owned fields as references
+            for (key, val) in &owned_fields {
+                fields.push((key.as_str(), val.as_str()));
+            }
+
+            pipe.hset_multiple(&key, &fields);
+            pipe.sadd(&index_key, &job.id);
+            if job.state == "queued" {
+                pipe.sadd(&queued_key, &job.id);
+            }
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    fn get_job(&self, id: &str) -> Result<Option<JobRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let key = format!("{}:jobs:{}", key_prefix, id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(JobRow {
+                    id: id.clone(),
+                    type_: get_field_string(&fields, "type")?,
+                    params: get_field_string(&fields, "params")?,
+                    state: get_field_string(&fields, "state")?,
+                    claimed_by: opt_field(&fields, "claimed_by"),
+                    claim_expires_at: opt_field_i64(&fields, "claim_expires_at"),
+                    progress: get_field_string(&fields, "progress")?,
+                    parent_job_id: opt_field(&fields, "parent_job_id"),
+                    chunk_index: opt_field_i64(&fields, "chunk_index"),
+                    total_chunks: opt_field_i64(&fields, "total_chunks"),
+                    created_at: opt_field_i64(&fields, "created_at"),
+                }))
+            }
+        })
+    }
+
+    fn claim_job(&self, id: &str, claimed_by: &str, claim_expires_at: i64) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let claimed_by = claimed_by.to_string();
+        let key = format!("{}:jobs:{}", key_prefix, id);
+        let queued_key = format!("{}:jobs:_queued", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            // Check if state is 'queued'
+            let state: Option<String> = conn
+                .hget(&key, "state")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if state.as_deref() != Some("queued") {
+                return Ok(false);
+            }
+
+            let mut pipe = pipe();
+            pipe.hset(&key, "claimed_by", &claimed_by);
+            pipe.hset(&key, "claim_expires_at", claim_expires_at.to_string());
+            pipe.hset(&key, "state", "in_progress");
+            pipe.srem(&queued_key, &id);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
+    }
+
+    fn update_job_progress(&self, id: &str, state: &str, progress: &str) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let state = state.to_string();
+        let progress = progress.to_string();
+        let key = format!("{}:jobs:{}", key_prefix, id);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+            let exists: bool = conn
+                .hexists(&key, "id")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let mut pipe = pipe();
+            pipe.hset(&key, "state", &state);
+            pipe.hset(&key, "progress", &progress);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
+    }
+
+    fn renew_job_claim(&self, id: &str, claim_expires_at: i64) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let key = format!("{}:jobs:{}", key_prefix, id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let claimed_by: Option<String> = conn
+                .hget(&key, "claimed_by")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if claimed_by.is_none() {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .hset(&key, "claim_expires_at", claim_expires_at.to_string())
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(true)
+        })
+    }
+
+    fn list_jobs_by_state(&self, state: &str) -> Result<Vec<JobRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let state = state.to_string();
+
+        self.block_on(async move {
+            let mut result = Vec::new();
+            let mut conn = manager.lock().await;
+
+            // Use the _index set for O(cardinality) iteration (no SCAN).
+            let index_key = format!("{}:jobs:_index", key_prefix);
+            let ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            for id in ids {
+                let key = format!("{}:jobs:{}", key_prefix, id);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    if let Ok(job_state) = get_field_string(&fields, "state") {
+                        if job_state == state {
+                            result.push(JobRow {
+                                id,
+                                type_: get_field_string(&fields, "type")?,
+                                params: get_field_string(&fields, "params")?,
+                                state: job_state,
+                                claimed_by: opt_field(&fields, "claimed_by"),
+                                claim_expires_at: opt_field_i64(&fields, "claim_expires_at"),
+                                progress: get_field_string(&fields, "progress")?,
+                                parent_job_id: opt_field(&fields, "parent_job_id"),
+                                chunk_index: opt_field_i64(&fields, "chunk_index"),
+                                total_chunks: opt_field_i64(&fields, "total_chunks"),
+                                created_at: opt_field_i64(&fields, "created_at"),
+                            });
+                        }
+                    }
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    fn count_jobs_by_state(&self, state: &str) -> Result<u64> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let state = state.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // For queued state, use the _queued set for O(1) count
+            // This is used for HPA queue depth metric per plan §14.4
+            if state == "queued" {
+                let queued_key = format!("{}:jobs:_queued", key_prefix);
+                let count: u64 = conn
+                    .scard(&queued_key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                return Ok(count);
+            }
+
+            // For other states, iterate through _index and count by state
+            // This is O(n) but acceptable for non-queued states which are
+            // typically few (only actively running jobs)
+            let index_key = format!("{}:jobs:_index", key_prefix);
+            let ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut count = 0u64;
+            for id in ids {
+                let key = format!("{}:jobs:{}", key_prefix, id);
+                let job_state: Option<String> = conn
+                    .hget(&key, "state")
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                if job_state.as_deref() == Some(&state) {
+                    count += 1;
+                }
+            }
+
+            Ok(count)
+        })
+    }
+
+    fn list_expired_claims(&self, now_ms: i64) -> Result<Vec<JobRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let mut result = Vec::new();
+            let mut conn = manager.lock().await;
+
+            // Use the _index set for O(cardinality) iteration
+            let index_key = format!("{}:jobs:_index", key_prefix);
+            let ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            for id in ids {
+                let key = format!("{}:jobs:{}", key_prefix, id);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    if let Ok(job_state) = get_field_string(&fields, "state") {
+                        if job_state == "in_progress" {
+                            let claim_expires_at = opt_field_i64(&fields, "claim_expires_at");
+                            if let Some(expires_at) = claim_expires_at {
+                                if expires_at < now_ms {
+                                    result.push(JobRow {
+                                        id,
+                                        type_: get_field_string(&fields, "type")?,
+                                        params: get_field_string(&fields, "params")?,
+                                        state: job_state,
+                                        claimed_by: opt_field(&fields, "claimed_by"),
+                                        claim_expires_at: opt_field_i64(
+                                            &fields,
+                                            "claim_expires_at",
+                                        ),
+                                        progress: get_field_string(&fields, "progress")?,
+                                        parent_job_id: opt_field(&fields, "parent_job_id"),
+                                        chunk_index: opt_field_i64(&fields, "chunk_index"),
+                                        total_chunks: opt_field_i64(&fields, "total_chunks"),
+                                        created_at: opt_field_i64(&fields, "created_at"),
+                                    });
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    fn list_jobs_by_parent(&self, parent_job_id: &str) -> Result<Vec<JobRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let parent_job_id = parent_job_id.to_string();
+
+        self.block_on(async move {
+            let mut result = Vec::new();
+            let mut conn = manager.lock().await;
+
+            // Use the _index set for iteration
+            let index_key = format!("{}:jobs:_index", key_prefix);
+            let ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            for id in ids {
+                let key = format!("{}:jobs:{}", key_prefix, id);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    let parent = opt_field(&fields, "parent_job_id");
+                    if parent.as_ref() == Some(&parent_job_id) {
+                        result.push(JobRow {
+                            id,
+                            type_: get_field_string(&fields, "type")?,
+                            params: get_field_string(&fields, "params")?,
+                            state: get_field_string(&fields, "state")?,
+                            claimed_by: opt_field(&fields, "claimed_by"),
+                            claim_expires_at: opt_field_i64(&fields, "claim_expires_at"),
+                            progress: get_field_string(&fields, "progress")?,
+                            parent_job_id: opt_field(&fields, "parent_job_id"),
+                            chunk_index: opt_field_i64(&fields, "chunk_index"),
+                            total_chunks: opt_field_i64(&fields, "total_chunks"),
+                            created_at: opt_field_i64(&fields, "created_at"),
+                        });
+                    }
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    fn reclaim_job_claim(&self, id: &str, state: &str, progress: &str) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let state = state.to_string();
+        let progress = progress.to_string();
+        let key = format!("{}:jobs:{}", key_prefix, id);
+        let queued_key = format!("{}:jobs:_queued", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            let mut pipe = pipe();
+            pipe.hset(&key, "state", &state);
+            pipe.hset(&key, "progress", &progress);
+            pipe.hdel(&key, "claimed_by");
+            pipe.hdel(&key, "claim_expires_at");
+            pipe.sadd(&queued_key, &id);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
+    }
+
+    // --- Table 7: leader_lease ---
+
+    fn try_acquire_leader_lease(
         &self,
-        key: &str,
-        window_s: u64,
-        _limit: u64,
-    ) -> Result<(u64, u64)> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:ratelimit:{key}");
+        scope: &str,
+        holder: &str,
+        expires_at: i64,
+        now_ms: i64,
+    ) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let scope = scope.to_string();
+        let holder = holder.to_string();
+        let key = format!("{}:lease:{}", key_prefix, scope);
+        let ttl_seconds = ((expires_at - now_ms) / 1000).max(1) as u64;
 
-        // Increment and get TTL
-        let count: u64 = conn.incr(&redis_key, 1).await?;
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
 
-        if count == 1 {
-            // First request in window - set expiration
-            conn.expire::<_, ()>(&redis_key, window_s as i64).await?;
-        }
+            // SET NX EX — only set if not exists
+            let acquired: bool = {
+                let opts = SetOptions::default()
+                    .conditional_set(ExistenceCheck::NX)
+                    .with_expiration(SetExpiry::EX(ttl_seconds));
+                conn.set_options(&key, &holder, opts).await
+            }
+            .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        let ttl: i64 = conn.ttl(&redis_key).await?;
+            if acquired {
+                return Ok(true);
+            }
 
-        Ok((count, ttl.max(0) as u64))
+            // Check if we can steal the lease (expired or we hold it)
+            let current_holder: Option<String> = conn
+                .get(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            match current_holder {
+                Some(h) if h == holder => {
+                    // We hold it — renew
+                    let opts = SetOptions::default()
+                        .conditional_set(ExistenceCheck::XX)
+                        .with_expiration(SetExpiry::EX(ttl_seconds));
+                    let _: () = conn
+                        .set_options(&key, &holder, opts)
+                        .await
+                        .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                    Ok(true)
+                }
+                Some(_) => {
+                    // Someone else holds it — check expiry using TTL
+                    let ttl: i64 = conn
+                        .ttl(&key)
+                        .await
+                        .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                    // TTL of -2 means key doesn't exist, -1 means no expiry
+                    if ttl == -2 || (ttl >= 0 && ttl <= (expires_at - now_ms) / 1000) {
+                        // Lease has expired — try to steal it
+                        let opts = SetOptions::default()
+                            .conditional_set(ExistenceCheck::NX)
+                            .with_expiration(SetExpiry::EX(ttl_seconds));
+                        let acquired: bool = conn
+                            .set_options(&key, &holder, opts)
+                            .await
+                            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                        Ok(acquired)
+                    } else {
+                        Ok(false)
+                    }
+                }
+                None => {
+                    // Key doesn't exist — acquire
+                    let opts = SetOptions::default()
+                        .conditional_set(ExistenceCheck::NX)
+                        .with_expiration(SetExpiry::EX(ttl_seconds));
+                    let acquired: bool = conn
+                        .set_options(&key, &holder, opts)
+                        .await
+                        .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                    Ok(acquired)
+                }
+            }
+        })
     }
 
-    async fn ratelimit_set_backoff(&self, key: &str, duration_s: u64) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:ratelimit:backoff:{key}");
-        conn.set_ex::<_, _, ()>(&redis_key, "1", duration_s).await?;
-        Ok(())
+    fn renew_leader_lease(&self, scope: &str, holder: &str, expires_at: i64) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let scope = scope.to_string();
+        let holder = holder.to_string();
+        let key = format!("{}:lease:{}", key_prefix, scope);
+        let ttl_seconds = ((expires_at - now_ms()) / 1000).max(1) as u64;
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // SET XX EX — only set if exists (we hold it)
+            let opts = SetOptions::default()
+                .conditional_set(ExistenceCheck::XX)
+                .with_expiration(SetExpiry::EX(ttl_seconds));
+            let renewed: bool = conn
+                .set_options(&key, &holder, opts)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(renewed)
+        })
     }
 
-    async fn ratelimit_check_backoff(&self, key: &str) -> Result<Option<u64>> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:ratelimit:backoff:{key}");
+    fn get_leader_lease(&self, scope: &str) -> Result<Option<LeaderLeaseRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let scope = scope.to_string();
+        let key = format!("{}:lease:{}", key_prefix, scope);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let holder: Option<String> = conn
+                .get(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let Some(holder) = holder else {
+                return Ok(None);
+            };
+
+            // Get TTL to compute expires_at
+            let ttl: i64 = conn
+                .ttl(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let expires_at = if ttl == -1 {
+                // No expiry set
+                i64::MAX
+            } else if ttl >= 0 {
+                now_ms() + ttl * 1000
+            } else {
+                // Key doesn't exist or expired
+                return Ok(None);
+            };
+
+            Ok(Some(LeaderLeaseRow {
+                scope: scope.clone(),
+                holder,
+                expires_at,
+            }))
+        })
+    }
+
+    // --- Tables 8-14: Feature-flagged tables ---
+
+    // --- Table 8: canaries ---
+
+    fn upsert_canary(&self, canary: &NewCanary) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let canary = canary.clone();
+        let key = format!("{}:canary:{}", key_prefix, canary.id);
+        let index_key = format!("{}:canary:_index", key_prefix);
+
+        let interval_s_str = canary.interval_s.to_string();
+        let enabled_str = (canary.enabled as i64).to_string();
+        let created_at_str = canary.created_at.to_string();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset_multiple(
+                &key,
+                &[
+                    ("id", canary.id.as_str()),
+                    ("name", canary.name.as_str()),
+                    ("index_uid", canary.index_uid.as_str()),
+                    ("interval_s", interval_s_str.as_str()),
+                    ("query_json", canary.query_json.as_str()),
+                    ("assertions_json", canary.assertions_json.as_str()),
+                    ("enabled", enabled_str.as_str()),
+                    ("created_at", created_at_str.as_str()),
+                ],
+            );
+            pipe.sadd(&index_key, &canary.id);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    fn get_canary(&self, id: &str) -> Result<Option<CanaryRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let key = format!("{}:canary:{}", key_prefix, id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(Self::canary_from_hash(id.clone(), &fields)?))
+            }
+        })
+    }
+
+    fn list_canaries(&self) -> Result<Vec<CanaryRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let index_key = format!("{}:canary:_index", key_prefix);
+            let mut conn = manager.lock().await;
+            let ids: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut result = Vec::new();
+            for id in ids {
+                let key = format!("{}:canary:{}", key_prefix, id);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    result.push(Self::canary_from_hash(id, &fields)?);
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    fn delete_canary(&self, id: &str) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = id.to_string();
+        let key = format!("{}:canary:{}", key_prefix, id);
+        let index_key = format!("{}:canary:_index", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let mut pipe = pipe();
+            pipe.del(&key);
+            pipe.srem(&index_key, &id);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
+    }
+
+    // --- Table 9: canary_runs ---
+
+    fn insert_canary_run(&self, run: &NewCanaryRun, run_history_limit: usize) -> Result<()> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let run = run.clone();
+        let key = format!("{}:canary_runs:{}", key_prefix, run.canary_id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // Add new run to sorted set (score = ran_at)
+            let value = serde_json::to_string(&run)?;
+            let _: () = conn
+                .zadd(&key, run.ran_at, value)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Trim to keep only the most recent N runs using ZREMRANGEBYRANK
+            let start = 0isize;
+            let end = -(run_history_limit as isize) - 1;
+            let _: () = conn
+                .zremrangebyrank(&key, start, end)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(())
+        })
+    }
+
+    fn get_canary_runs(&self, canary_id: &str, limit: usize) -> Result<Vec<CanaryRunRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let canary_id = canary_id.to_string();
+        let key = format!("{}:canary_runs:{}", key_prefix, canary_id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // Get runs in descending order by ran_at (most recent first)
+            let values: Vec<String> = conn
+                .zrevrange(&key, 0, (limit as isize) - 1)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut result = Vec::new();
+            for value in values {
+                let run: NewCanaryRun = serde_json::from_str(&value)
+                    .map_err(|e| MiroirError::TaskStore(format!("invalid canary_run JSON: {e}")))?;
+                result.push(CanaryRunRow {
+                    canary_id: canary_id.clone(),
+                    ran_at: run.ran_at,
+                    status: run.status,
+                    latency_ms: run.latency_ms,
+                    failed_assertions_json: run.failed_assertions_json,
+                });
+            }
+
+            Ok(result)
+        })
+    }
+
+    // --- Table 10: cdc_cursors ---
+
+    fn upsert_cdc_cursor(&self, cursor: &NewCdcCursor) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let cursor = cursor.clone();
+        let key = format!(
+            "{}:cdc_cursor:{}:{}",
+            key_prefix, cursor.sink_name, cursor.index_uid
+        );
+        let index_key = format!("{}:cdc_cursor:_index:{}", key_prefix, cursor.sink_name);
+        let index_value = format!("{}:{}", cursor.sink_name, cursor.index_uid);
+
+        let last_event_seq_str = cursor.last_event_seq.to_string();
+        let updated_at_str = cursor.updated_at.to_string();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "sink_name", &cursor.sink_name);
+            pipe.hset(&key, "index_uid", &cursor.index_uid);
+            pipe.hset(&key, "last_event_seq", &last_event_seq_str);
+            pipe.hset(&key, "updated_at", &updated_at_str);
+            pipe.sadd(&index_key, &index_value);
+
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(())
+        })
+    }
+
+    fn get_cdc_cursor(&self, sink_name: &str, index_uid: &str) -> Result<Option<CdcCursorRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let sink_name = sink_name.to_string();
+        let index_uid = index_uid.to_string();
+        let key = format!("{}:cdc_cursor:{}:{}", key_prefix, sink_name, index_uid);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(CdcCursorRow {
+                    sink_name: sink_name.clone(),
+                    index_uid: index_uid.clone(),
+                    last_event_seq: get_field_i64(&fields, "last_event_seq")?,
+                    updated_at: get_field_i64(&fields, "updated_at")?,
+                }))
+            }
+        })
+    }
+
+    fn list_cdc_cursors(&self, sink_name: &str) -> Result<Vec<CdcCursorRow>> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let sink_name = sink_name.to_string();
+        let index_key = format!("{}:cdc_cursor:_index:{}", key_prefix, sink_name);
+
+        self.block_on(async move {
+            // Use the _index set for O(cardinality) iteration (no SCAN).
+            let members: Vec<String> = pool
+                .manager
+                .lock()
+                .await
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut result = Vec::new();
+            let mut conn = pool.manager.lock().await;
+            for member in members {
+                // member format: "sink_name:index_uid"
+                let parts: Vec<&str> = member.splitn(2, ':').collect();
+                let idx = match parts.get(1) {
+                    Some(idx) => idx.to_string(),
+                    None => continue,
+                };
+                let key = format!("{}:cdc_cursor:{}:{}", key_prefix, sink_name, idx);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    result.push(CdcCursorRow {
+                        sink_name: sink_name.clone(),
+                        index_uid: get_field_string(&fields, "index_uid")?,
+                        last_event_seq: get_field_i64(&fields, "last_event_seq")?,
+                        updated_at: get_field_i64(&fields, "updated_at")?,
+                    });
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    // --- Table 11: tenant_map ---
+
+    fn insert_tenant_mapping(&self, mapping: &NewTenantMapping) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let api_key_hash = mapping.api_key_hash.clone();
+        let tenant_id = mapping.tenant_id.clone();
+        let group_id = mapping.group_id;
+        let hex_hash = hex::encode(&api_key_hash);
+        let key = format!("{}:tenant_map:{}", key_prefix, hex_hash);
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "tenant_id", &tenant_id);
+            if let Some(gid) = group_id {
+                pipe.hset(&key, "group_id", gid);
+            }
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(())
+        })
+    }
+
+    fn get_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<Option<TenantMapRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let api_key_hash = api_key_hash.to_vec();
+        let hex_hash = hex::encode(&api_key_hash);
+        let key = format!("{}:tenant_map:{}", key_prefix, hex_hash);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(TenantMapRow {
+                    api_key_hash: api_key_hash.clone(),
+                    tenant_id: get_field_string(&fields, "tenant_id")?,
+                    group_id: opt_field_i64(&fields, "group_id"),
+                }))
+            }
+        })
+    }
+
+    fn delete_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let api_key_hash = api_key_hash.to_vec();
+        let hex_hash = hex::encode(&api_key_hash);
+        let key = format!("{}:tenant_map:{}", key_prefix, hex_hash);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .del(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(true)
+        })
+    }
+
+    // --- Table 12: rollover_policies ---
+
+    fn upsert_rollover_policy(&self, policy: &NewRolloverPolicy) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let policy = policy.clone();
+        let key = format!("{}:rollover:{}", key_prefix, policy.name);
+        let index_key = format!("{}:rollover:_index", key_prefix);
+        let enabled_str = (policy.enabled as i64).to_string();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset_multiple(
+                &key,
+                &[
+                    ("name", policy.name.as_str()),
+                    ("write_alias", policy.write_alias.as_str()),
+                    ("read_alias", policy.read_alias.as_str()),
+                    ("pattern", policy.pattern.as_str()),
+                    ("triggers_json", policy.triggers_json.as_str()),
+                    ("retention_json", policy.retention_json.as_str()),
+                    ("template_json", policy.template_json.as_str()),
+                    ("enabled", enabled_str.as_str()),
+                ],
+            );
+            pipe.sadd(&index_key, &policy.name);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    fn get_rollover_policy(&self, name: &str) -> Result<Option<RolloverPolicyRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = name.to_string();
+        let key = format!("{}:rollover:{}", key_prefix, name);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(RolloverPolicyRow {
+                    name: name.clone(),
+                    write_alias: get_field_string(&fields, "write_alias")?,
+                    read_alias: get_field_string(&fields, "read_alias")?,
+                    pattern: get_field_string(&fields, "pattern")?,
+                    triggers_json: get_field_string(&fields, "triggers_json")?,
+                    retention_json: get_field_string(&fields, "retention_json")?,
+                    template_json: get_field_string(&fields, "template_json")?,
+                    enabled: get_field_i64(&fields, "enabled")? != 0,
+                }))
+            }
+        })
+    }
+
+    fn list_rollover_policies(&self) -> Result<Vec<RolloverPolicyRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let index_key = format!("{}:rollover:_index", key_prefix);
+            let mut conn = manager.lock().await;
+            let names: Vec<String> = conn
+                .smembers(&index_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut result = Vec::new();
+            for name in names {
+                let key = format!("{}:rollover:{}", key_prefix, name);
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if !fields.is_empty() {
+                    result.push(RolloverPolicyRow {
+                        name: name.clone(),
+                        write_alias: get_field_string(&fields, "write_alias")?,
+                        read_alias: get_field_string(&fields, "read_alias")?,
+                        pattern: get_field_string(&fields, "pattern")?,
+                        triggers_json: get_field_string(&fields, "triggers_json")?,
+                        retention_json: get_field_string(&fields, "retention_json")?,
+                        template_json: get_field_string(&fields, "template_json")?,
+                        enabled: get_field_i64(&fields, "enabled")? != 0,
+                    });
+                }
+            }
+
+            Ok(result)
+        })
+    }
+
+    fn delete_rollover_policy(&self, name: &str) -> Result<bool> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let name = name.to_string();
+        let key = format!("{}:rollover:{}", key_prefix, name);
+        let index_key = format!("{}:rollover:_index", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let mut pipe = pipe();
+            pipe.del(&key);
+            pipe.srem(&index_key, &name);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(true)
+        })
+    }
+
+    // --- Table 13: search_ui_config ---
+
+    fn upsert_search_ui_config(&self, config: &NewSearchUiConfig) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let config = config.clone();
+        let key = format!("{}:search_ui_config:{}", key_prefix, config.index_uid);
+        let updated_at_str = config.updated_at.to_string();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "index_uid", &config.index_uid);
+            pipe.hset(&key, "config_json", &config.config_json);
+            pipe.hset(&key, "updated_at", &updated_at_str);
+
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok(())
+        })
+    }
+
+    fn get_search_ui_config(&self, index_uid: &str) -> Result<Option<SearchUiConfigRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let key = format!("{}:search_ui_config:{}", key_prefix, index_uid);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(SearchUiConfigRow {
+                    index_uid: index_uid.clone(),
+                    config_json: get_field_string(&fields, "config_json")?,
+                    updated_at: get_field_i64(&fields, "updated_at")?,
+                }))
+            }
+        })
+    }
+
+    fn delete_search_ui_config(&self, index_uid: &str) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let key = format!("{}:search_ui_config:{}", key_prefix, index_uid);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .del(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(true)
+        })
+    }
+
+    // --- Table 14: admin_sessions ---
+
+    fn insert_admin_session(&self, session: &NewAdminSession) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let session = session.clone();
+        let key = format!("{}:admin_session:{}", key_prefix, session.session_id);
+        let ttl_seconds = ((session.expires_at - now_ms()) / 1000).max(0) as u64;
+
+        let created_at_str = session.created_at.to_string();
+        let expires_at_str = session.expires_at.to_string();
+        let revoked_str = "0";
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "session_id", &session.session_id);
+            pipe.hset(&key, "csrf_token", &session.csrf_token);
+            pipe.hset(&key, "admin_key_hash", &session.admin_key_hash);
+            pipe.hset(&key, "created_at", &created_at_str);
+            pipe.hset(&key, "expires_at", &expires_at_str);
+            pipe.hset(&key, "revoked", revoked_str);
+            pipe.expire(&key, ttl_seconds as i64);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            let mut conn = pool.manager.lock().await;
+            if let Some(ref ua) = session.user_agent {
+                let _: () = conn
+                    .hset(&key, "user_agent", ua)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+            if let Some(ref ip) = session.source_ip {
+                let _: () = conn
+                    .hset(&key, "source_ip", ip)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+
+            Ok(())
+        })
+    }
+
+    fn get_admin_session(&self, session_id: &str) -> Result<Option<AdminSessionRow>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let session_id = session_id.to_string();
+        let key = format!("{}:admin_session:{}", key_prefix, session_id);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(AdminSessionRow {
+                    session_id: session_id.clone(),
+                    csrf_token: get_field_string(&fields, "csrf_token")?,
+                    admin_key_hash: get_field_string(&fields, "admin_key_hash")?,
+                    created_at: get_field_i64(&fields, "created_at")?,
+                    expires_at: get_field_i64(&fields, "expires_at")?,
+                    revoked: get_field_i64(&fields, "revoked")? != 0,
+                    user_agent: opt_field(&fields, "user_agent"),
+                    source_ip: opt_field(&fields, "source_ip"),
+                }))
+            }
+        })
+    }
+
+    fn revoke_admin_session(&self, session_id: &str) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let session_id = session_id.to_string();
+        let key = format!("{}:admin_session:{}", key_prefix, session_id);
+        let channel = format!("{}:admin_session:revoked", key_prefix);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            let exists: bool = conn
+                .hexists(&key, "session_id")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !exists {
+                return Ok(false);
+            }
+
+            let _: () = conn
+                .hset(&key, "revoked", 1i64)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Publish to revoked channel for immediate invalidation across pods
+            let _: () = conn
+                .publish(&channel, &session_id)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(true)
+        })
+    }
+
+    fn delete_expired_admin_sessions(&self, _now_ms: i64) -> Result<usize> {
+        // Redis handles session expiration via EXPIRE — no manual pruning needed.
+        // In Redis mode, sessions are garbage-collected automatically.
+        Ok(0)
+    }
+
+    // --- Table 15: mode_b_operations ---
+
+    fn upsert_mode_b_operation(&self, operation: &ModeBOperation) -> Result<()> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let op = operation.clone();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let key = format!("{}:mode_b_ops:{}", key_prefix, op.operation_id);
+
+            // Store as Redis hash
+            let mut items: Vec<(&str, String)> = vec![
+                ("operation_id", op.operation_id.clone()),
+                ("operation_type", op.operation_type.clone()),
+                ("scope", op.scope.clone()),
+                ("phase", op.phase.clone()),
+                ("phase_started_at", op.phase_started_at.to_string()),
+                ("created_at", op.created_at.to_string()),
+                ("updated_at", op.updated_at.to_string()),
+                ("state_json", op.state_json.clone()),
+                ("status", op.status.clone()),
+            ];
+            if let Some(ref error) = op.error {
+                items.push(("error", error.clone()));
+            }
+            if let Some(ref index_uid) = op.index_uid {
+                items.push(("index_uid", index_uid.clone()));
+            }
+            if let Some(old_shards) = op.old_shards {
+                items.push(("old_shards", old_shards.to_string()));
+            }
+            if let Some(target_shards) = op.target_shards {
+                items.push(("target_shards", target_shards.to_string()));
+            }
+            if let Some(ref shadow_index) = op.shadow_index {
+                items.push(("shadow_index", shadow_index.clone()));
+            }
+            if let Some(documents_backfilled) = op.documents_backfilled {
+                items.push(("documents_backfilled", documents_backfilled.to_string()));
+            }
+            if let Some(total_documents) = op.total_documents {
+                items.push(("total_documents", total_documents.to_string()));
+            }
+
+            // Store the hash
+            conn.hset_multiple(&key, &items)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Add to scope index
+            let scope_key = format!("{}:mode_b_ops_scope:{}", key_prefix, op.scope);
+            conn.set(&scope_key, &op.operation_id)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(())
+        })
+    }
+
+    fn get_mode_b_operation(&self, operation_id: &str) -> Result<Option<ModeBOperation>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = operation_id.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let key = format!("{}:mode_b_ops:{}", key_prefix, id);
+
+            // Check if key exists
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            if !exists {
+                return Ok(None);
+            }
+
+            // Get all fields
+            let map: std::collections::HashMap<String, String> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(Some(ModeBOperation {
+                operation_id: map.get("operation_id").cloned().unwrap_or_default(),
+                operation_type: map.get("operation_type").cloned().unwrap_or_default(),
+                scope: map.get("scope").cloned().unwrap_or_default(),
+                phase: map.get("phase").cloned().unwrap_or_default(),
+                phase_started_at: map
+                    .get("phase_started_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                created_at: map
+                    .get("created_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                updated_at: map
+                    .get("updated_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                state_json: map.get("state_json").cloned().unwrap_or_default(),
+                error: map.get("error").cloned(),
+                status: map.get("status").cloned().unwrap_or_default(),
+                index_uid: map.get("index_uid").cloned(),
+                old_shards: map.get("old_shards").and_then(|v| v.parse().ok()),
+                target_shards: map.get("target_shards").and_then(|v| v.parse().ok()),
+                shadow_index: map.get("shadow_index").cloned(),
+                documents_backfilled: map.get("documents_backfilled").and_then(|v| v.parse().ok()),
+                total_documents: map.get("total_documents").and_then(|v| v.parse().ok()),
+            }))
+        })
+    }
+
+    fn get_mode_b_operation_by_scope(&self, scope: &str) -> Result<Option<ModeBOperation>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let scope = scope.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let scope_key = format!("{}:mode_b_ops_scope:{}", key_prefix, scope);
+
+            // Get operation ID from scope index
+            let operation_id: Option<String> = conn
+                .get(&scope_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let Some(id) = operation_id else {
+                return Ok(None);
+            };
+
+            // Get the operation
+            let key = format!("{}:mode_b_ops:{}", key_prefix, id);
+            let exists: bool = conn
+                .exists(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            if !exists {
+                return Ok(None);
+            }
+
+            // Get all fields
+            let map: std::collections::HashMap<String, String> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            Ok(Some(ModeBOperation {
+                operation_id: map.get("operation_id").cloned().unwrap_or_default(),
+                operation_type: map.get("operation_type").cloned().unwrap_or_default(),
+                scope: map.get("scope").cloned().unwrap_or_default(),
+                phase: map.get("phase").cloned().unwrap_or_default(),
+                phase_started_at: map
+                    .get("phase_started_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                created_at: map
+                    .get("created_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                updated_at: map
+                    .get("updated_at")
+                    .and_then(|v| v.parse().ok())
+                    .unwrap_or(0),
+                state_json: map.get("state_json").cloned().unwrap_or_default(),
+                error: map.get("error").cloned(),
+                status: map.get("status").cloned().unwrap_or_default(),
+                index_uid: map.get("index_uid").cloned(),
+                old_shards: map.get("old_shards").and_then(|v| v.parse().ok()),
+                target_shards: map.get("target_shards").and_then(|v| v.parse().ok()),
+                shadow_index: map.get("shadow_index").cloned(),
+                documents_backfilled: map.get("documents_backfilled").and_then(|v| v.parse().ok()),
+                total_documents: map.get("total_documents").and_then(|v| v.parse().ok()),
+            }))
+        })
+    }
+
+    fn list_mode_b_operations(&self, filter: &ModeBOperationFilter) -> Result<Vec<ModeBOperation>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let filter = filter.clone();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // Scan for mode_b_ops keys
+            let pattern = format!("{}:mode_b_ops:*", key_prefix);
+            let keys: Vec<String> = conn
+                .keys(&pattern)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut results = Vec::new();
+
+            for key in keys {
+                let map: std::collections::HashMap<String, String> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                let op = ModeBOperation {
+                    operation_id: map.get("operation_id").cloned().unwrap_or_default(),
+                    operation_type: map.get("operation_type").cloned().unwrap_or_default(),
+                    scope: map.get("scope").cloned().unwrap_or_default(),
+                    phase: map.get("phase").cloned().unwrap_or_default(),
+                    phase_started_at: map
+                        .get("phase_started_at")
+                        .and_then(|v| v.parse().ok())
+                        .unwrap_or(0),
+                    created_at: map
+                        .get("created_at")
+                        .and_then(|v| v.parse().ok())
+                        .unwrap_or(0),
+                    updated_at: map
+                        .get("updated_at")
+                        .and_then(|v| v.parse().ok())
+                        .unwrap_or(0),
+                    state_json: map.get("state_json").cloned().unwrap_or_default(),
+                    error: map.get("error").cloned(),
+                    status: map.get("status").cloned().unwrap_or_default(),
+                    index_uid: map.get("index_uid").cloned(),
+                    old_shards: map.get("old_shards").and_then(|v| v.parse().ok()),
+                    target_shards: map.get("target_shards").and_then(|v| v.parse().ok()),
+                    shadow_index: map.get("shadow_index").cloned(),
+                    documents_backfilled: map
+                        .get("documents_backfilled")
+                        .and_then(|v| v.parse().ok()),
+                    total_documents: map.get("total_documents").and_then(|v| v.parse().ok()),
+                };
+
+                // Apply filters
+                if let Some(ref op_type) = filter.operation_type {
+                    if &op.operation_type != op_type {
+                        continue;
+                    }
+                }
+                if let Some(ref scope) = filter.scope {
+                    if &op.scope != scope {
+                        continue;
+                    }
+                }
+                if let Some(ref status) = filter.status {
+                    if &op.status != status {
+                        continue;
+                    }
+                }
+
+                results.push(op);
+            }
+
+            // Sort by updated_at descending
+            results.sort_by(|a, b| b.updated_at.cmp(&a.updated_at));
+
+            // Apply limit and offset
+            if let Some(offset) = filter.offset {
+                if offset < results.len() {
+                    results = results.into_iter().skip(offset).collect();
+                } else {
+                    results.clear();
+                }
+            }
+            if let Some(limit) = filter.limit {
+                results.truncate(limit);
+            }
+
+            Ok(results)
+        })
+    }
+
+    fn delete_mode_b_operation(&self, operation_id: &str) -> Result<bool> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let id = operation_id.to_string();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let key = format!("{}:mode_b_ops:{}", key_prefix, id);
+
+            // Get scope for cleanup
+            let scope: Option<String> = conn
+                .hget(&key, "scope")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Delete the operation
+            let _: () = conn
+                .del(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            let deleted = true; // If we got here, deletion succeeded
+
+            // Clean up scope index
+            if let Some(s) = scope {
+                let scope_key = format!("{}:mode_b_ops_scope:{}", key_prefix, s);
+                let _: () = conn
+                    .del(&scope_key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+
+            Ok(deleted)
+        })
+    }
+
+    fn prune_mode_b_operations(&self, cutoff_ms: i64, _batch_size: u32) -> Result<usize> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // Scan for mode_b_ops keys
+            let pattern = format!("{}:mode_b_ops:*", key_prefix);
+            let keys: Vec<String> = conn
+                .keys(&pattern)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let mut deleted = 0;
+
+            for key in keys {
+                let status: Option<String> = conn
+                    .hget(&key, "status")
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                let updated_at_raw: Option<String> = conn
+                    .hget(&key, "updated_at")
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                let updated_at: Option<i64> = updated_at_raw.and_then(|v| v.parse().ok());
+
+                if let (Some(s), Some(ts)) = (status, updated_at) {
+                    if (s == "completed" || s == "failed") && ts < cutoff_ms {
+                        // Delete the operation
+                        let _: () = conn
+                            .del(&key)
+                            .await
+                            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                        deleted += 1;
+                    }
+                }
+            }
+
+            Ok(deleted)
+        })
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Extra Redis-specific keys (plan §4 footnotes)
+// ---------------------------------------------------------------------------
+
+impl RedisTaskStore {
+    // --- Rate limiting: search_ui ---
+
+    /// Check and increment rate limit counter for search UI access.
+    /// Returns (allowed, remaining_requests, reset_after_seconds).
+    pub fn check_rate_limit_searchui(
+        &self,
+        ip: &str,
+        limit: u64,
+        window_seconds: u64,
+    ) -> Result<(bool, u64, i64)> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let ip = ip.to_string();
+        let key = format!("{}:ratelimit:searchui:{}", key_prefix, ip);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+
+            // Get current count
+            let current: Option<u64> = conn
+                .get(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Get TTL
+            let ttl: i64 = conn
+                .ttl(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let count = current.unwrap_or(0);
+
+            // Check if limit exceeded
+            if count >= limit {
+                return Ok((false, 0, ttl.max(0)));
+            }
+
+            // Increment counter
+            let new_count: u64 = conn
+                .incr(&key, 1)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Set expiry on first request
+            if count == 0 {
+                let _: () = conn
+                    .expire(&key, window_seconds as i64)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+
+            Ok((true, limit.saturating_sub(new_count), ttl.max(0)))
+        })
+    }
+
+    // --- Rate limiting: admin_login ---
+
+    /// Check admin login rate limit and exponential backoff.
+    /// Returns (allowed, wait_seconds).
+    pub fn check_rate_limit_admin_login(
+        &self,
+        ip: &str,
+        limit: u64,
+        window_seconds: u64,
+    ) -> Result<(bool, Option<u64>)> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let ip = ip.to_string();
+        let backoff_key = format!("{}:ratelimit:adminlogin:backoff:{}", key_prefix, ip);
+        let key = format!("{}:ratelimit:adminlogin:{}", key_prefix, ip);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            // Check if we're in backoff mode
+            let backoff_fields: HashMap<String, Value> = conn
+                .hgetall(&backoff_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if !backoff_fields.is_empty() {
+                let next_allowed_at = get_field_i64(&backoff_fields, "next_allowed_at")?;
+                let now = now_ms();
+                if next_allowed_at > now {
+                    let wait_seconds = ((next_allowed_at - now) / 1000) as u64;
+                    return Ok((false, Some(wait_seconds)));
+                }
+                // Backoff expired, clear it
+                let _: () = conn
+                    .del(&backoff_key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+
+            // Check standard rate limit
+            let current: Option<u64> = conn
+                .get(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let count = current.unwrap_or(0);
+
+            // Check if limit exceeded
+            if count >= limit {
+                return Ok((false, None));
+            }
+
+            // Increment counter
+            let mut pipe = pipe();
+            pipe.incr(&key, 1);
+            pipe.expire(&key, window_seconds as i64);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok((true, None))
+        })
+    }
+
+    /// Record a failed admin login attempt and return backoff if triggered.
+    /// Returns Some(wait_seconds) if backoff was triggered, None otherwise.
+    pub fn record_failure_admin_login(
+        &self,
+        ip: &str,
+        failed_threshold: u32,
+        backoff_start_minutes: u64,
+        backoff_max_hours: u64,
+    ) -> Result<Option<u64>> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let ip = ip.to_string();
+        let backoff_key = format!("{}:ratelimit:adminlogin:backoff:{}", key_prefix, ip);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            // Check if already in backoff
+            let backoff_fields: HashMap<String, Value> = conn
+                .hgetall(&backoff_key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let current_failed: u64 = if backoff_fields.is_empty() {
+                0
+            } else {
+                get_field_i64(&backoff_fields, "failed_count")? as u64
+            };
+
+            let new_failed = current_failed + 1;
+
+            // Check if we should enter backoff mode
+            if new_failed >= failed_threshold as u64 {
+                let backoff_exponent =
+                    (new_failed.saturating_sub(failed_threshold as u64) as u32).min(7);
+                let backoff_minutes = backoff_start_minutes * (1u64 << backoff_exponent);
+                let backoff_seconds = (backoff_minutes * 60).min(backoff_max_hours * 3600);
+
+                let now = now_ms();
+                let next_allowed_at = now + (backoff_seconds as i64 * 1000);
+
+                let mut pipe = pipe();
+                pipe.hset(&backoff_key, "failed_count", new_failed as i64);
+                pipe.hset(&backoff_key, "next_allowed_at", next_allowed_at);
+                pipe.expire(&backoff_key, (backoff_seconds as i64 + 60) as i64);
+                pool.pipeline_query::<()>(&mut pipe).await?;
+
+                return Ok(Some(backoff_seconds));
+            }
+
+            // Just update the failed count
+            let _: () = conn
+                .hset(&backoff_key, "failed_count", new_failed as i64)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
 
-        let exists: bool = conn.exists(&redis_key).await?;
-        if exists {
-            let ttl: i64 = conn.ttl(&redis_key).await?;
-            Ok(Some(ttl.max(0) as u64))
-        } else {
             Ok(None)
-        }
+        })
     }
 
-    async fn cdc_overflow_check(&self, sink: &str) -> Result<bool> {
-        let mut conn = self.get_conn().await?;
-        let key = format!("miroir:cdc:overflow:{sink}");
-        let exists: bool = conn.exists(&key).await?;
-        Ok(exists)
+    /// Reset admin login rate limit on successful login.
+    pub fn reset_rate_limit_admin_login(&self, ip: &str) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let ip = ip.to_string();
+        let key = format!("{}:ratelimit:adminlogin:{}", key_prefix, ip);
+        let backoff_key = format!("{}:ratelimit:adminlogin:backoff:{}", key_prefix, ip);
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.del(&key);
+            pipe.del(&backoff_key);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
     }
 
-    async fn cdc_overflow_size(&self, sink: &str) -> Result<u64> {
-        let mut conn = self.get_conn().await?;
-        let key = format!("miroir:cdc:overflow:{sink}");
-        let size: u64 = conn.strlen(&key).await?;
-        Ok(size)
+    // --- search_ui rate limit ---
+
+    /// Check search UI rate limit for a given IP.
+    /// Returns (allowed, wait_seconds).
+    /// Uses a simple INCR + EXPIRE pattern for sliding window.
+    pub fn check_rate_limit_search_ui(
+        &self,
+        ip: &str,
+        limit: u64,
+        window_seconds: u64,
+    ) -> Result<(bool, Option<u64>)> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let ip = ip.to_string();
+        let key = format!("{}:ratelimit:searchui:{}", key_prefix, ip);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            // Check current count
+            let current: Option<u64> = conn
+                .get(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            let count = current.unwrap_or(0);
+
+            // Check if limit exceeded
+            if count >= limit {
+                return Ok((false, None));
+            }
+
+            // Increment counter and set expiry
+            let mut pipe = pipe();
+            pipe.incr(&key, 1);
+            pipe.expire(&key, window_seconds as i64);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok((true, None))
+        })
     }
 
-    async fn cdc_overflow_append(&self, sink: &str, data: &[u8]) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = format!("miroir:cdc:overflow:{sink}");
+    // --- search_ui_scoped_key ---
 
-        // Check if appending would exceed 1 GiB limit
-        let current_size: u64 = conn.strlen(&key).await?;
-        if current_size + data.len() as u64 > 1_073_741_824 {
-            return Err(TaskStoreError::InvalidData(
-                "CDC overflow buffer would exceed 1 GiB limit".to_string(),
-            ));
+    /// Get the current scoped key for an index.
+    pub fn get_search_ui_scoped_key(&self, index_uid: &str) -> Result<Option<SearchUiScopedKey>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let key = format!("{}:search_ui_scoped_key:{}", key_prefix, index_uid);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let fields: HashMap<String, Value> = conn
+                .hgetall(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            if fields.is_empty() {
+                Ok(None)
+            } else {
+                Ok(Some(SearchUiScopedKey {
+                    index_uid: index_uid.clone(),
+                    primary_key: get_field_string(&fields, "primary_key")?,
+                    primary_uid: get_field_string(&fields, "primary_uid")?,
+                    previous_key: opt_field(&fields, "previous_key"),
+                    previous_uid: opt_field(&fields, "previous_uid"),
+                    rotated_at: get_field_i64(&fields, "rotated_at")?,
+                    generation: get_field_i64(&fields, "generation")?,
+                }))
+            }
+        })
+    }
+
+    /// Set a new scoped key generation.
+    pub fn set_search_ui_scoped_key(&self, key: &SearchUiScopedKey) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let key_value = key.clone();
+        let redis_key = format!(
+            "{}:search_ui_scoped_key:{}",
+            key_prefix, key_value.index_uid
+        );
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&redis_key, "index_uid", &key_value.index_uid);
+            pipe.hset(&redis_key, "primary_key", &key_value.primary_key);
+            pipe.hset(&redis_key, "primary_uid", &key_value.primary_uid);
+            pipe.hset(&redis_key, "rotated_at", key_value.rotated_at);
+            pipe.hset(&redis_key, "generation", key_value.generation);
+            match key_value.previous_key {
+                Some(ref v) => {
+                    pipe.hset(&redis_key, "previous_key", v);
+                }
+                None => {
+                    pipe.hdel(&redis_key, "previous_key");
+                }
+            }
+            match key_value.previous_uid {
+                Some(ref v) => {
+                    pipe.hset(&redis_key, "previous_uid", v);
+                }
+                None => {
+                    pipe.hdel(&redis_key, "previous_uid");
+                }
+            }
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    /// Record a pod's observation of a scoped key generation.
+    pub fn observe_search_ui_scoped_key(
+        &self,
+        pod_id: &str,
+        index_uid: &str,
+        generation: i64,
+    ) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let pod_id = pod_id.to_string();
+        let index_uid = index_uid.to_string();
+        let key = format!(
+            "{}:search_ui_scoped_key_observed:{}:{}",
+            key_prefix, pod_id, index_uid
+        );
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hset(&key, "generation", generation);
+            pipe.hset(&key, "observed_at", now_ms());
+            pipe.expire(&key, 60);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    /// Check if all live pods have observed a given generation.
+    /// Returns (all_observed, unobserved_pods).
+    pub fn check_scoped_key_observation(
+        &self,
+        index_uid: &str,
+        generation: i64,
+        live_pods: &[String],
+    ) -> Result<(bool, Vec<String>)> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let live_pods = live_pods.to_vec();
+
+        self.block_on(async move {
+            let mut unobserved = Vec::new();
+            let mut conn = manager.lock().await;
+
+            for pod_id in &live_pods {
+                let key = format!(
+                    "{}:search_ui_scoped_key_observed:{}:{}",
+                    key_prefix, pod_id, index_uid
+                );
+                let fields: HashMap<String, Value> = conn
+                    .hgetall(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                if fields.is_empty() {
+                    unobserved.push(pod_id.clone());
+                } else {
+                    let pod_gen = get_field_i64(&fields, "generation")?;
+                    if pod_gen != generation {
+                        unobserved.push(pod_id.clone());
+                    }
+                }
+            }
+
+            Ok((unobserved.is_empty(), unobserved))
+        })
+    }
+
+    /// Clear the previous_uid field from a scoped key hash (after revocation).
+    pub fn clear_scoped_key_previous(&self, index_uid: &str) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let index_uid = index_uid.to_string();
+        let redis_key = format!("{}:search_ui_scoped_key:{}", key_prefix, index_uid);
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.hdel(&redis_key, "previous_uid");
+            pipe.hdel(&redis_key, "previous_key");
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    /// Register this pod as alive. Uses a Sorted Set with timestamp scores
+    /// so we can query for recently-active pods.
+    pub fn register_pod_presence(&self, pod_id: &str) -> Result<()> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let pod_id = pod_id.to_string();
+        let key = format!("{}:live_pods", key_prefix);
+        let now = now_ms();
+
+        self.block_on(async move {
+            let mut pipe = pipe();
+            pipe.zadd(&key, &pod_id, now);
+            // Expire the whole set after 5 minutes to prevent unbounded growth.
+            // Active pods continuously refresh, so this just cleans up after total shutdown.
+            pipe.expire(&key, 300);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+            Ok(())
+        })
+    }
+
+    /// Get the list of pods that have registered presence within the last 120 seconds.
+    pub fn get_live_pods(&self) -> Result<Vec<String>> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let key = format!("{}:live_pods", key_prefix);
+        let cutoff = now_ms() - 120_000; // 120 seconds ago
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let pods: Vec<String> = conn
+                .zrangebyscore(&key, cutoff, "+inf")
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(pods)
+        })
+    }
+
+    /// List all index UIDs that have scoped keys in Redis.
+    pub fn list_scoped_key_indexes(&self) -> Result<Vec<String>> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+
+        self.block_on(async move {
+            let pattern = format!("{}:search_ui_scoped_key:*", key_prefix);
+            let mut conn = pool.manager.lock().await;
+
+            let mut indexes = Vec::new();
+            let mut cursor: u64 = 0;
+            loop {
+                let (new_cursor, keys): (u64, Vec<String>) = ::redis::cmd("SCAN")
+                    .arg(cursor)
+                    .arg("MATCH")
+                    .arg(&pattern)
+                    .arg("COUNT")
+                    .arg(100)
+                    .query_async(&mut *conn)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                for key in keys {
+                    // Extract index_uid from the key: "miroir:search_ui_scoped_key:<index>"
+                    if let Some(idx) = key.rsplit(':').next() {
+                        indexes.push(idx.to_string());
+                    }
+                }
+
+                cursor = new_cursor;
+                if cursor == 0 {
+                    break;
+                }
+            }
+
+            Ok(indexes)
+        })
+    }
+
+    // --- CDC overflow buffer ---
+
+    /// Append to the CDC overflow buffer for a sink.
+    /// Uses LPUSH + LTRIM to keep the list bounded by byte budget.
+    /// Returns (current_element_count, was_trimmed).
+    pub fn cdc_overflow_append(
+        &self,
+        sink_name: &str,
+        data: &[u8],
+        max_bytes: usize,
+    ) -> Result<(usize, bool)> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let sink_name = sink_name.to_string();
+        let data = data.to_vec();
+        let key = format!("{}:cdc:overflow:{}", key_prefix, sink_name);
+        let bytes_key = format!("{}:cdc:overflow_bytes:{}", key_prefix, sink_name);
+        let data_len = data.len();
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+
+            // Read tracked byte size (atomic counter in a separate key)
+            let tracked_bytes: i64 = conn.get(&bytes_key).await.unwrap_or(None).unwrap_or(0);
+
+            let new_bytes = tracked_bytes + data_len as i64;
+            let mut trimmed = false;
+
+            // If adding this event exceeds the budget, trim from the tail (oldest)
+            // until we are back under budget.
+            if new_bytes > max_bytes as i64 {
+                let current_len: i64 = conn
+                    .llen(&key)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+                // Estimate elements to keep: proportional to remaining budget.
+                if current_len > 0 && tracked_bytes > 0 {
+                    let avg_element_bytes = tracked_bytes as f64 / current_len as f64;
+                    let keep = ((max_bytes as f64) / avg_element_bytes).floor() as isize;
+                    if keep > 0 {
+                        let _: () = conn
+                            .ltrim(&key, 0, keep - 1)
+                            .await
+                            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                    } else {
+                        let _: () = conn
+                            .del(&key)
+                            .await
+                            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+                    }
+                }
+                trimmed = true;
+            }
+
+            // LPUSH new element to the head (newest first)
+            let _: () = conn
+                .lpush(&key, &data)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Update byte counter: recompute from LLEN * average or just add
+            // the new element's bytes (exact enough for overflow purposes).
+            let final_count: i64 = conn
+                .llen(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // If we trimmed, recompute tracked bytes from scratch; otherwise add.
+            let new_tracked = if trimmed {
+                // Approximate: element_count * new_element_bytes is a rough
+                // lower bound.  For a tighter number we'd need LRANGE + sum,
+                // but for overflow budgeting this is sufficient.
+                (final_count as f64 * data_len as f64) as i64
+            } else {
+                tracked_bytes + data_len as i64
+            };
+
+            let mut pipe = pipe();
+            pipe.set(&bytes_key, new_tracked);
+            pool.pipeline_query::<()>(&mut pipe).await?;
+
+            Ok((final_count as usize, trimmed))
+        })
+    }
+
+    /// Pop from the tail of the CDC overflow buffer (oldest element, FIFO order).
+    pub fn cdc_overflow_pop(&self, sink_name: &str) -> Result<Option<Vec<u8>>> {
+        let pool = self.pool.clone();
+        let key_prefix = self.key_prefix.clone();
+        let sink_name = sink_name.to_string();
+        let key = format!("{}:cdc:overflow:{}", key_prefix, sink_name);
+        let bytes_key = format!("{}:cdc:overflow_bytes:{}", key_prefix, sink_name);
+
+        self.block_on(async move {
+            let mut conn = pool.manager.lock().await;
+            let data: Option<Vec<u8>> = conn
+                .rpop(&key, None)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+            // Adjust tracked byte counter
+            if let Some(ref d) = data {
+                let tracked: i64 = conn.get(&bytes_key).await.unwrap_or(None).unwrap_or(0);
+                let adjusted = (tracked - d.len() as i64).max(0);
+                let _: () = conn
+                    .set(&bytes_key, adjusted)
+                    .await
+                    .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            }
+
+            Ok(data)
+        })
+    }
+
+    /// Get the current element count of the CDC overflow buffer (LLEN).
+    pub fn cdc_overflow_size(&self, sink_name: &str) -> Result<usize> {
+        let manager = self.pool.manager.clone();
+        let key_prefix = self.key_prefix.clone();
+        let sink_name = sink_name.to_string();
+        let key = format!("{}:cdc:overflow:{}", key_prefix, sink_name);
+
+        self.block_on(async move {
+            let mut conn = manager.lock().await;
+            let len: i64 = conn
+                .llen(&key)
+                .await
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            Ok(len as usize)
+        })
+    }
+
+    /// Subscribe to the admin session revocation Pub/Sub channel.
+    /// Calls `on_revoked` for each session ID published.
+    /// This runs indefinitely until the connection drops.
+    pub async fn subscribe_session_revocations<F>(
+        url: &str,
+        key_prefix: &str,
+        on_revoked: F,
+    ) -> Result<()>
+    where
+        F: Fn(String) + Send + 'static,
+    {
+        let client = Client::open(url).map_err(|e| MiroirError::Redis(e.to_string()))?;
+        let mut conn = client
+            .get_async_pubsub()
+            .await
+            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+        let channel = format!("{}:admin_session:revoked", key_prefix);
+        conn.subscribe(&channel)
+            .await
+            .map_err(|e| MiroirError::Redis(e.to_string()))?;
+
+        let mut stream = conn.on_message();
+        while let Some(msg) = stream.next().await {
+            let payload: String = msg
+                .get_payload()
+                .map_err(|e| MiroirError::Redis(e.to_string()))?;
+            on_revoked(payload);
         }
 
-        conn.append::<_, _, ()>(&key, data).await?;
         Ok(())
     }
-
-    async fn cdc_overflow_clear(&self, sink: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let key = format!("miroir:cdc:overflow:{sink}");
-        conn.del::<_, ()>(&key).await?;
-        Ok(())
-    }
-
-    async fn scoped_key_set(&self, index: &str, key: &str, expires_at: u64) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:search_ui_scoped_key:{index}");
-
-        let ttl = (expires_at - chrono::Utc::now().timestamp_millis() as u64) / 1000;
-        conn.set_ex::<_, _, ()>(&redis_key, key, ttl).await?;
-
-        Ok(())
-    }
-
-    async fn scoped_key_get(&self, index: &str) -> Result<Option<String>> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:search_ui_scoped_key:{index}");
-
-        let key: Option<String> = conn.get(&redis_key).await?;
-        Ok(key)
-    }
-
-    async fn scoped_key_observe(&self, pod: &str, index: &str, key: &str) -> Result<()> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:search_ui_scoped_key_observed:{pod}:{index}");
-
-        conn.set::<_, _, ()>(&redis_key, key).await?;
-        Ok(())
-    }
-
-    async fn scoped_key_has_observed(&self, pod: &str, index: &str, key: &str) -> Result<bool> {
-        let mut conn = self.get_conn().await?;
-        let redis_key = format!("miroir:search_ui_scoped_key_observed:{pod}:{index}");
-
-        let current: Option<String> = conn.get(&redis_key).await?;
-        Ok(current.as_deref() == Some(key))
-    }
-
-    async fn health_check(&self) -> Result<bool> {
-        let mut conn = self.get_conn().await?;
-        redis::cmd("PING").query_async::<_, ()>(&mut conn).await?;
-        Ok(true)
-    }
 }
 
 // --- Extra types for Redis-specific functionality ---
@@ -1005,3 +3294,1625 @@ pub struct SearchUiScopedKey {
     pub rotated_at: i64,
     pub generation: i64,
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_key_generation() {
+        // Test key generation helper directly
+        fn test_key(prefix: &str, parts: &[&str]) -> String {
+            format!("{}:{}", prefix, parts.join(":"))
+        }
+        assert_eq!(
+            test_key("miroir", &["tasks", "task-1"]),
+            "miroir:tasks:task-1"
+        );
+        assert_eq!(
+            test_key("miroir", &["lease", "scope-1"]),
+            "miroir:lease:scope-1"
+        );
+        assert_eq!(
+            test_key("miroir", &["canary_runs", "canary-1"]),
+            "miroir:canary_runs:canary-1"
+        );
+    }
+
+    #[test]
+    fn test_now_ms() {
+        let now = now_ms();
+        assert!(now > 0);
+    }
+
+    // ------------------------------------------------------------------------
+    // testcontainers-based integration tests
+    // ------------------------------------------------------------------------
+
+    #[cfg(feature = "redis-store")]
+    mod integration {
+        use super::*;
+        use testcontainers::runners::AsyncRunner;
+        use testcontainers_modules::redis::Redis;
+
+        /// Helper to set up a Redis container and return the store.
+        async fn setup_redis_store() -> (RedisTaskStore, String) {
+            let redis = Redis::default();
+            let node = redis.start().await.expect("Failed to start Redis");
+            let port = node
+                .get_host_port_ipv4(6379)
+                .await
+                .expect("Failed to get Redis port");
+            let url = format!("redis://localhost:{port}");
+            let store = RedisTaskStore::open(&url)
+                .await
+                .expect("Failed to open Redis store");
+            (store, url)
+        }
+
+        #[tokio::test]
+        async fn test_redis_migrate() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+        }
+
+        #[tokio::test]
+        async fn test_redis_tasks_crud() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert a task
+            let mut node_tasks = HashMap::new();
+            node_tasks.insert("node-0".to_string(), 42u64);
+            let task = NewTask {
+                miroir_id: "task-1".to_string(),
+                created_at: now_ms(),
+                status: "queued".to_string(),
+                node_tasks,
+                error: None,
+                started_at: None,
+                finished_at: None,
+                index_uid: None,
+                task_type: None,
+                node_errors: HashMap::new(),
+            };
+            store.insert_task(&task).expect("Insert should succeed");
+
+            // Get the task
+            let retrieved = store.get_task("task-1").expect("Get should succeed");
+            assert!(retrieved.is_some());
+            let retrieved = retrieved.unwrap();
+            assert_eq!(retrieved.miroir_id, "task-1");
+            assert_eq!(retrieved.status, "queued");
+
+            // Update status
+            store
+                .update_task_status("task-1", "running")
+                .expect("Update should succeed");
+            let updated = store
+                .get_task("task-1")
+                .expect("Get should succeed")
+                .unwrap();
+            assert_eq!(updated.status, "running");
+
+            // Update node task
+            store
+                .update_node_task("task-1", "node-1", 123)
+                .expect("Update node task should succeed");
+            let with_node = store
+                .get_task("task-1")
+                .expect("Get should succeed")
+                .unwrap();
+            assert_eq!(with_node.node_tasks.get("node-1"), Some(&123));
+
+            // Set error
+            store
+                .set_task_error("task-1", "test error")
+                .expect("Set error should succeed");
+            let with_error = store
+                .get_task("task-1")
+                .expect("Get should succeed")
+                .unwrap();
+            assert_eq!(with_error.error.as_deref(), Some("test error"));
+
+            // List tasks
+            let tasks = store
+                .list_tasks(&TaskFilter::default())
+                .expect("List should succeed");
+            assert_eq!(tasks.len(), 1);
+
+            // Task count
+            let count = store.task_count().expect("Count should succeed");
+            assert_eq!(count, 1);
+
+            // Prune tasks (no old tasks, so 0 deleted)
+            let deleted = store
+                .prune_tasks(now_ms() - 10000, 100)
+                .expect("Prune should succeed");
+            assert_eq!(deleted, 0);
+        }
+
+        #[tokio::test]
+        async fn test_redis_leader_lease() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let scope = "test-scope";
+            let holder = "pod-1";
+            let expires_at = now_ms() + 10000;
+
+            // Try to acquire lease
+            let acquired = store
+                .try_acquire_leader_lease(scope, holder, expires_at, now_ms())
+                .expect("Acquire should succeed");
+            assert!(acquired);
+
+            // Get lease
+            let lease = store
+                .get_leader_lease(scope)
+                .expect("Get should succeed")
+                .expect("Lease should exist");
+            assert_eq!(lease.holder, holder);
+
+            // Renew lease
+            let new_expires = now_ms() + 20000;
+            assert!(store
+                .renew_leader_lease(scope, holder, new_expires)
+                .expect("Renew should succeed"));
+
+            // Another pod tries to acquire (should fail)
+            let other_acquired = store
+                .try_acquire_leader_lease(scope, "pod-2", new_expires, now_ms())
+                .expect("Second acquire should succeed but return false");
+            assert!(!other_acquired);
+        }
+
+        #[tokio::test]
+        async fn test_redis_lease_race() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Simulate two pods racing for the same lease
+            let scope = "race-scope";
+            let expires_at = now_ms() + 10000;
+
+            // Spawn two concurrent tasks trying to acquire
+            let store1 = store.clone();
+            let store2 = store.clone();
+
+            let handle1 = tokio::spawn(async move {
+                store1
+                    .try_acquire_leader_lease(scope, "pod-1", expires_at, now_ms())
+                    .expect("Pod 1 acquire should succeed")
+            });
+
+            let handle2 = tokio::spawn(async move {
+                store2
+                    .try_acquire_leader_lease(scope, "pod-2", expires_at, now_ms())
+                    .expect("Pod 2 acquire should succeed")
+            });
+
+            let (acquired1, acquired2) = tokio::join!(handle1, handle2);
+            let acquired1 = acquired1.expect("Pod 1 task should succeed");
+            let acquired2 = acquired2.expect("Pod 2 task should succeed");
+
+            // Exactly one should win
+            assert!(
+                acquired1 ^ acquired2,
+                "Exactly one pod should acquire the lease, got pod1={}, pod2={}",
+                acquired1,
+                acquired2
+            );
+
+            // Verify only one holder
+            let lease = store
+                .get_leader_lease(scope)
+                .expect("Get should succeed")
+                .expect("Lease should exist");
+            assert!((lease.holder == "pod-1") ^ (lease.holder == "pod-2"));
+        }
+
+        /// Memory budget test: verify Redis RSS stays under plan §14.7 targets.
+        /// Target: ~100 bytes per task + overhead, 10k tasks < ~2 MB RSS.
+        #[tokio::test]
+        async fn test_redis_memory_budget() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert 10k tasks
+            let count = 10_000;
+            for i in 0..count {
+                let mut node_tasks = HashMap::new();
+                node_tasks.insert(format!("node-{}", i % 10), i as u64);
+                let task = NewTask {
+                    miroir_id: format!("task-{}", i),
+                    created_at: now_ms(),
+                    status: if i % 3 == 0 { "succeeded" } else { "queued" }.to_string(),
+                    node_tasks,
+                    error: if i % 10 == 0 {
+                        Some("test error".to_string())
+                    } else {
+                        None
+                    },
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                };
+                store.insert_task(&task).expect("Insert should succeed");
+            }
+
+            // Insert 1k idempotency entries
+            for i in 0..1_000 {
+                let entry = IdempotencyEntry {
+                    key: format!("idemp-{}", i),
+                    body_sha256: vec![0u8; 32],
+                    miroir_task_id: format!("task-{}", i),
+                    expires_at: now_ms() + 3600_000,
+                };
+                store
+                    .insert_idempotency_entry(&entry)
+                    .expect("Insert idempotency should succeed");
+            }
+
+            // Insert 1k sessions
+            for i in 0..1_000 {
+                let session = SessionRow {
+                    session_id: format!("session-{}", i),
+                    last_write_mtask_id: Some(format!("task-{}", i)),
+                    last_write_at: Some(now_ms()),
+                    pinned_group: Some(i as i64),
+                    min_settings_version: 1,
+                    ttl: now_ms() + 3600_000,
+                };
+                store
+                    .upsert_session(&session)
+                    .expect("Insert session should succeed");
+            }
+
+            // Verify counts
+            let task_count = store.task_count().expect("Task count should succeed");
+            assert_eq!(task_count, count as u64, "Should have all tasks");
+
+            // Note: Actual Redis RSS measurement requires Redis INFO command or
+            // external monitoring (e.g., docker stats). This test verifies the
+            // workload can be created; in production, miroir_cdc_redis_memory_bytes
+            // would alert if exceeding budget.
+            // Plan §14.7 target: < 2 MB RSS for this workload.
+        }
+
+        /// Pub/Sub test: verify session revocation via subscriber within 100ms.
+        #[tokio::test]
+        async fn test_redis_pubsub_session_invalidation() {
+            let (store, url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let revoked = Arc::new(std::sync::Mutex::new(Vec::<String>::new()));
+            let revoked_clone = revoked.clone();
+
+            // Start subscriber in background
+            let sub_handle = tokio::spawn(async move {
+                let _ = RedisTaskStore::subscribe_session_revocations(
+                    &url,
+                    "miroir",
+                    move |session_id: String| {
+                        revoked_clone.lock().unwrap().push(session_id);
+                    },
+                )
+                .await;
+            });
+
+            // Give subscriber time to connect
+            tokio::time::sleep(tokio::time::Duration::from_millis(100)).await;
+
+            // Create and revoke a session
+            let session = NewAdminSession {
+                session_id: "pubsub-test-session".to_string(),
+                csrf_token: "csrf".to_string(),
+                admin_key_hash: "hash".to_string(),
+                created_at: now_ms(),
+                expires_at: now_ms() + 3600_000,
+                user_agent: None,
+                source_ip: None,
+            };
+            store
+                .insert_admin_session(&session)
+                .expect("Insert should succeed");
+
+            let start = std::time::Instant::now();
+            store
+                .revoke_admin_session("pubsub-test-session")
+                .expect("Revoke should succeed");
+
+            // Wait for subscriber to receive the message (must be < 100ms)
+            let deadline = tokio::time::Duration::from_millis(200);
+            loop {
+                let received = revoked.lock().unwrap();
+                if received.len() == 1 && received[0] == "pubsub-test-session" {
+                    break;
+                }
+                drop(received);
+                if start.elapsed() > deadline {
+                    panic!("Pub/Sub message not received within 200ms");
+                }
+                tokio::time::sleep(tokio::time::Duration::from_millis(10)).await;
+            }
+
+            let elapsed = start.elapsed();
+            assert!(elapsed < deadline, "Propagation took {:?}", elapsed);
+
+            sub_handle.abort();
+        }
+
+        // --- Rate limiting: search_ui with EXPIRE ---
+
+        #[tokio::test]
+        async fn test_redis_rate_limit_searchui() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let ip = "192.168.1.1";
+            let limit = 3u64;
+            let window_seconds = 60u64;
+
+            // First request: allowed
+            let (allowed, remaining, _) = store
+                .check_rate_limit_searchui(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(allowed);
+            assert_eq!(remaining, 2);
+
+            // Second request: allowed
+            let (allowed, remaining, _) = store
+                .check_rate_limit_searchui(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(allowed);
+            assert_eq!(remaining, 1);
+
+            // Third request: allowed
+            let (allowed, remaining, _) = store
+                .check_rate_limit_searchui(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(allowed);
+            assert_eq!(remaining, 0);
+
+            // Fourth request: blocked
+            let (allowed, _, reset_after) = store
+                .check_rate_limit_searchui(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(!allowed, "Should be rate limited");
+            assert!(reset_after > 0, "Should have TTL remaining");
+
+            // Verify key has EXPIRE set (TTL should be > 0)
+            let key = "miroir:ratelimit:searchui:192.168.1.1";
+            let mut conn = store.pool.manager.lock().await;
+            let ttl: i64 = conn.ttl(key).await.expect("TTL should work");
+            assert!(
+                ttl > 0,
+                "Rate limit key should have EXPIRE set, got TTL={}",
+                ttl
+            );
+            assert!(
+                ttl <= window_seconds as i64,
+                "TTL should not exceed window, got {}",
+                ttl
+            );
+        }
+
+        // --- Rate limiting: admin_login with backoff ---
+
+        #[tokio::test]
+        async fn test_redis_rate_limit_admin_login() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let ip = "10.0.0.1";
+            let limit = 3u64;
+            let window_seconds = 60u64;
+
+            // First 3 attempts: allowed
+            for _ in 0..3 {
+                let (allowed, wait) = store
+                    .check_rate_limit_admin_login(ip, limit, window_seconds)
+                    .expect("Check should succeed");
+                assert!(allowed);
+                assert!(wait.is_none());
+            }
+
+            // Fourth attempt: rate limited
+            let (allowed, _) = store
+                .check_rate_limit_admin_login(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(!allowed);
+
+            // Record failures to trigger backoff
+            let _ = store.record_failure_admin_login(ip, 3, 1, 24);
+
+            // Next login should be in backoff
+            let (allowed, wait) = store
+                .check_rate_limit_admin_login(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(!allowed, "Should be in backoff");
+            assert!(wait.is_some(), "Should have wait time");
+
+            // Reset on success
+            store
+                .reset_rate_limit_admin_login(ip)
+                .expect("Reset should succeed");
+
+            // Should be allowed again
+            let (allowed, wait) = store
+                .check_rate_limit_admin_login(ip, limit, window_seconds)
+                .expect("Check should succeed");
+            assert!(allowed, "Should be allowed after reset");
+            assert!(wait.is_none());
+        }
+
+        // --- CDC overflow buffer ---
+
+        #[tokio::test]
+        async fn test_redis_cdc_overflow() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let sink = "test-sink";
+            let event = b"{\"type\":\"insert\",\"index\":\"logs\"}";
+            let max_bytes = 200; // ~3 events at 42 bytes each
+
+            // Append events
+            let (count, trimmed) = store
+                .cdc_overflow_append(sink, event, max_bytes)
+                .expect("Append should succeed");
+            assert_eq!(count, 1);
+            assert!(!trimmed);
+
+            let (count, trimmed) = store
+                .cdc_overflow_append(sink, event, max_bytes)
+                .expect("Append should succeed");
+            assert_eq!(count, 2);
+            assert!(!trimmed);
+
+            let (count, _trimmed) = store
+                .cdc_overflow_append(sink, event, max_bytes)
+                .expect("Append should succeed");
+            assert!(count >= 3);
+            // May or may not trim depending on exact byte count
+
+            // Size should match LLEN
+            let size = store.cdc_overflow_size(sink).expect("Size should succeed");
+            assert!(size > 0, "Overflow buffer should have elements");
+
+            // Pop should return oldest event (FIFO)
+            let popped = store.cdc_overflow_pop(sink).expect("Pop should succeed");
+            assert!(popped.is_some());
+            assert_eq!(popped.unwrap().as_slice(), event);
+
+            // Size should decrease
+            let new_size = store.cdc_overflow_size(sink).expect("Size should succeed");
+            assert_eq!(new_size, size - 1);
+        }
+
+        #[tokio::test]
+        async fn test_redis_cdc_overflow_trim() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let sink = "trim-sink";
+            let event = b"short"; // 5 bytes per event
+            let max_bytes = 20; // room for ~4 events
+
+            // Fill beyond budget
+            for _ in 0..10 {
+                let _ = store
+                    .cdc_overflow_append(sink, event, max_bytes)
+                    .expect("Append should succeed");
+            }
+
+            let size = store.cdc_overflow_size(sink).expect("Size should succeed");
+            assert!(size <= 10, "Should be bounded, got {}", size);
+
+            // After enough appends the buffer should have been trimmed
+            // (it won't grow unbounded beyond the byte budget)
+        }
+
+        // --- Scoped key coordination ---
+
+        #[tokio::test]
+        async fn test_redis_scoped_key_observation() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let index_uid = "products";
+
+            // Set a scoped key
+            let key = SearchUiScopedKey {
+                index_uid: index_uid.to_string(),
+                primary_key: "key-abc".to_string(),
+                primary_uid: "uid-abc".to_string(),
+                previous_key: None,
+                previous_uid: None,
+                rotated_at: now_ms(),
+                generation: 1,
+            };
+            store
+                .set_search_ui_scoped_key(&key)
+                .expect("Set should succeed");
+
+            // Get it back
+            let retrieved = store
+                .get_search_ui_scoped_key(index_uid)
+                .expect("Get should succeed")
+                .expect("Key should exist");
+            assert_eq!(retrieved.primary_uid, "uid-abc");
+            assert_eq!(retrieved.generation, 1);
+
+            // Pod-1 observes generation 1
+            store
+                .observe_search_ui_scoped_key("pod-1", index_uid, 1)
+                .expect("Observe should succeed");
+
+            // Pod-2 observes generation 1
+            store
+                .observe_search_ui_scoped_key("pod-2", index_uid, 1)
+                .expect("Observe should succeed");
+
+            // Check observation — all observed
+            let (all, unobserved) = store
+                .check_scoped_key_observation(index_uid, 1, &["pod-1".into(), "pod-2".into()])
+                .expect("Check should succeed");
+            assert!(all, "All pods should have observed");
+            assert!(unobserved.is_empty());
+
+            // Pod-3 hasn't observed
+            let (all, unobserved) = store
+                .check_scoped_key_observation(
+                    index_uid,
+                    1,
+                    &["pod-1".into(), "pod-2".into(), "pod-3".into()],
+                )
+                .expect("Check should succeed");
+            assert!(!all, "Pod-3 hasn't observed");
+            assert!(unobserved.contains(&"pod-3".to_string()));
+
+            // Clear previous
+            let key2 = SearchUiScopedKey {
+                index_uid: index_uid.to_string(),
+                primary_key: "key-def".to_string(),
+                primary_uid: "uid-def".to_string(),
+                previous_key: Some("key-abc".to_string()),
+                previous_uid: Some("uid-abc".to_string()),
+                rotated_at: now_ms(),
+                generation: 2,
+            };
+            store
+                .set_search_ui_scoped_key(&key2)
+                .expect("Set gen2 should succeed");
+            store
+                .clear_scoped_key_previous(index_uid)
+                .expect("Clear should succeed");
+
+            let retrieved = store
+                .get_search_ui_scoped_key(index_uid)
+                .expect("Get should succeed")
+                .expect("Key should exist");
+            assert!(retrieved.previous_uid.is_none());
+            assert!(retrieved.previous_key.is_none());
+
+            // List indexes
+            let indexes = store
+                .list_scoped_key_indexes()
+                .expect("List should succeed");
+            assert!(indexes.contains(&index_uid.to_string()));
+        }
+
+        // --- Table 2: node_settings_version tests ---
+
+        #[tokio::test]
+        async fn test_redis_node_settings_version() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert
+            store
+                .upsert_node_settings_version("idx-1", "node-0", 5, 1000)
+                .expect("Upsert should succeed");
+            let row = store
+                .get_node_settings_version("idx-1", "node-0")
+                .expect("Get should succeed")
+                .expect("Row should exist");
+            assert_eq!(row.version, 5);
+            assert_eq!(row.updated_at, 1000);
+
+            // Upsert (update)
+            store
+                .upsert_node_settings_version("idx-1", "node-0", 7, 2000)
+                .expect("Upsert should succeed");
+            let row = store
+                .get_node_settings_version("idx-1", "node-0")
+                .expect("Get should succeed")
+                .expect("Row should exist");
+            assert_eq!(row.version, 7);
+
+            // Missing
+            assert!(store
+                .get_node_settings_version("idx-1", "node-99")
+                .expect("Get should succeed")
+                .is_none());
+        }
+
+        // --- Table 3: aliases tests ---
+
+        #[tokio::test]
+        async fn test_redis_aliases_single() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Create single alias
+            store
+                .create_alias(&NewAlias {
+                    name: "prod-logs".to_string(),
+                    kind: "single".to_string(),
+                    current_uid: Some("uid-v1".to_string()),
+                    target_uids: None,
+                    version: 1,
+                    created_at: 1000,
+                    history: vec![],
+                })
+                .expect("Create should succeed");
+
+            let alias = store
+                .get_alias("prod-logs")
+                .expect("Get should succeed")
+                .expect("Alias should exist");
+            assert_eq!(alias.current_uid.as_deref(), Some("uid-v1"));
+            assert_eq!(alias.version, 1);
+
+            // Flip
+            assert!(store
+                .flip_alias("prod-logs", "uid-v2", 10)
+                .expect("Flip should succeed"));
+            let alias = store
+                .get_alias("prod-logs")
+                .expect("Get should succeed")
+                .expect("Alias should exist");
+            assert_eq!(alias.current_uid.as_deref(), Some("uid-v2"));
+            assert_eq!(alias.version, 2);
+            assert_eq!(alias.history.len(), 1);
+
+            // Flip with retention trim
+            for uid in ["uid-v3", "uid-v4", "uid-v5"] {
+                store
+                    .flip_alias("prod-logs", uid, 2)
+                    .expect("Flip should succeed");
+            }
+            let alias = store
+                .get_alias("prod-logs")
+                .expect("Get should succeed")
+                .expect("Alias should exist");
+            assert_eq!(alias.history.len(), 2); // retention = 2
+
+            // Delete
+            assert!(store
+                .delete_alias("prod-logs")
+                .expect("Delete should succeed"));
+            assert!(store
+                .get_alias("prod-logs")
+                .expect("Get should succeed")
+                .is_none());
+        }
+
+        #[tokio::test]
+        async fn test_redis_aliases_multi() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            store
+                .create_alias(&NewAlias {
+                    name: "search-all".to_string(),
+                    kind: "multi".to_string(),
+                    current_uid: None,
+                    target_uids: Some(vec!["uid-a".to_string(), "uid-b".to_string()]),
+                    version: 1,
+                    created_at: 1000,
+                    history: vec![],
+                })
+                .expect("Create should succeed");
+
+            let alias = store
+                .get_alias("search-all")
+                .expect("Get should succeed")
+                .expect("Alias should exist");
+            assert_eq!(alias.kind, "multi");
+            assert!(alias.current_uid.is_none());
+            assert_eq!(
+                alias.target_uids.unwrap(),
+                vec!["uid-a".to_string(), "uid-b".to_string()]
+            );
+        }
+
+        // --- Table 4: sessions tests ---
+
+        #[tokio::test]
+        async fn test_redis_sessions() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let session = SessionRow {
+                session_id: "sess-1".to_string(),
+                last_write_mtask_id: Some("task-1".to_string()),
+                last_write_at: Some(1000),
+                pinned_group: Some(2),
+                min_settings_version: 5,
+                ttl: now_ms() + 60000, // expires in 60s
+            };
+            store
+                .upsert_session(&session)
+                .expect("Upsert should succeed");
+
+            let got = store
+                .get_session("sess-1")
+                .expect("Get should succeed")
+                .expect("Session should exist");
+            assert_eq!(got.last_write_mtask_id.as_deref(), Some("task-1"));
+            assert_eq!(got.pinned_group, Some(2));
+
+            // Upsert (update)
+            let updated = SessionRow {
+                session_id: "sess-1".to_string(),
+                last_write_mtask_id: Some("task-2".to_string()),
+                last_write_at: Some(1500),
+                pinned_group: None,
+                min_settings_version: 6,
+                ttl: now_ms() + 120000,
+            };
+            store
+                .upsert_session(&updated)
+                .expect("Upsert should succeed");
+            let got = store
+                .get_session("sess-1")
+                .expect("Get should succeed")
+                .expect("Session should exist");
+            assert_eq!(got.last_write_mtask_id.as_deref(), Some("task-2"));
+
+            // Redis handles expiration automatically - delete_expired_sessions returns 0
+            let deleted = store
+                .delete_expired_sessions(now_ms())
+                .expect("Delete expired should succeed");
+            assert_eq!(deleted, 0);
+        }
+
+        #[tokio::test]
+        async fn test_redis_sessions_expire() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Create a session with a short TTL (1 second)
+            let session = SessionRow {
+                session_id: "sess-expire".to_string(),
+                last_write_mtask_id: Some("task-1".to_string()),
+                last_write_at: Some(now_ms()),
+                pinned_group: Some(1),
+                min_settings_version: 1,
+                ttl: now_ms() + 1000, // expires in 1 second
+            };
+            store
+                .upsert_session(&session)
+                .expect("Upsert should succeed");
+
+            // Verify session exists immediately
+            let got = store
+                .get_session("sess-expire")
+                .expect("Get should succeed")
+                .expect("Session should exist immediately after creation");
+            assert_eq!(got.session_id, "sess-expire");
+
+            // Verify EXPIRE is set on the key (TTL should be > 0)
+            let key = "miroir:session:sess-expire";
+            let mut conn = store.pool.manager.lock().await;
+            let ttl: i64 = conn.ttl(key).await.expect("TTL should work");
+            assert!(
+                ttl > 0,
+                "Session key should have EXPIRE set, got TTL={}",
+                ttl
+            );
+            assert!(
+                ttl <= 2,
+                "TTL should be approximately 1 second, got {}",
+                ttl
+            );
+            drop(conn);
+
+            // Wait for expiration (2 seconds to be safe, allowing for Redis timing granularity)
+            tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
+
+            // Verify session is gone after expiration
+            let got = store
+                .get_session("sess-expire")
+                .expect("Get should succeed");
+            assert!(
+                got.is_none(),
+                "Session should be expired and gone after TTL"
+            );
+        }
+
+        // --- Table 5: idempotency tests ---
+
+        #[tokio::test]
+        async fn test_redis_idempotency() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let sha = vec![0u8; 32];
+            store
+                .insert_idempotency_entry(&IdempotencyEntry {
+                    key: "req-abc".to_string(),
+                    body_sha256: sha.clone(),
+                    miroir_task_id: "task-1".to_string(),
+                    expires_at: now_ms() + 3600000,
+                })
+                .expect("Insert should succeed");
+
+            let entry = store
+                .get_idempotency_entry("req-abc")
+                .expect("Get should succeed")
+                .expect("Entry should exist");
+            assert_eq!(entry.body_sha256, sha);
+            assert_eq!(entry.miroir_task_id, "task-1");
+
+            // Missing
+            assert!(store
+                .get_idempotency_entry("nope")
+                .expect("Get should succeed")
+                .is_none());
+
+            // Redis handles expiration automatically - delete_expired returns 0
+            let deleted = store
+                .delete_expired_idempotency_entries(now_ms())
+                .expect("Delete expired should succeed");
+            assert_eq!(deleted, 0);
+        }
+
+        // --- Table 6: jobs tests ---
+
+        #[tokio::test]
+        async fn test_redis_jobs() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            store
+                .insert_job(&NewJob {
+                    id: "job-1".to_string(),
+                    type_: "dump_import".to_string(),
+                    params: r#"{"index": "logs"}"#.to_string(),
+                    state: "queued".to_string(),
+                    progress: "{}".to_string(),
+                    parent_job_id: None,
+                    chunk_index: None,
+                    total_chunks: None,
+                    created_at: 1000,
+                })
+                .expect("Insert should succeed");
+
+            let job = store
+                .get_job("job-1")
+                .expect("Get should succeed")
+                .expect("Job should exist");
+            assert_eq!(job.state, "queued");
+            assert!(job.claimed_by.is_none());
+
+            // Claim
+            assert!(store
+                .claim_job("job-1", "pod-a", now_ms() + 10000)
+                .expect("Claim should succeed"));
+            let job = store
+                .get_job("job-1")
+                .expect("Get should succeed")
+                .expect("Job should exist");
+            assert_eq!(job.state, "in_progress");
+            assert_eq!(job.claimed_by.as_deref(), Some("pod-a"));
+
+            // Cannot double-claim
+            assert!(!store
+                .claim_job("job-1", "pod-b", now_ms() + 20000)
+                .expect("Claim should fail"));
+
+            // Update progress
+            assert!(store
+                .update_job_progress("job-1", "in_progress", r#"{"bytes": 1024}"#)
+                .expect("Update progress should succeed"));
+
+            // Renew claim
+            assert!(store
+                .renew_job_claim("job-1", now_ms() + 30000)
+                .expect("Renew should succeed"));
+
+            // Complete
+            assert!(store
+                .update_job_progress("job-1", "completed", r#"{"bytes": 4096}"#)
+                .expect("Update to completed should succeed"));
+
+            // List by state
+            store
+                .insert_job(&NewJob {
+                    id: "job-2".to_string(),
+                    type_: "test".to_string(),
+                    params: "{}".to_string(),
+                    state: "queued".to_string(),
+                    progress: "{}".to_string(),
+                    parent_job_id: None,
+                    chunk_index: None,
+                    total_chunks: None,
+                    created_at: 2000,
+                })
+                .expect("Insert job-2 should succeed");
+
+            let queued = store
+                .list_jobs_by_state("queued")
+                .expect("List queued should succeed");
+            assert_eq!(queued.len(), 1);
+            assert_eq!(queued[0].id, "job-2");
+
+            let in_progress = store
+                .list_jobs_by_state("in_progress")
+                .expect("List in_progress should succeed");
+            assert_eq!(in_progress.len(), 1);
+            assert_eq!(in_progress[0].id, "job-1");
+        }
+
+        // --- Table 8: canaries tests ---
+
+        #[tokio::test]
+        async fn test_redis_canaries() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert a canary
+            store
+                .upsert_canary(&NewCanary {
+                    id: "canary-1".to_string(),
+                    name: "Search health check".to_string(),
+                    index_uid: "logs".to_string(),
+                    interval_s: 60,
+                    query_json: r#"{"q": "error"}"#.to_string(),
+                    assertions_json: r#"[{"type": "min_hits", "value": 1}]"#.to_string(),
+                    enabled: true,
+                    created_at: 1000,
+                })
+                .expect("Upsert should succeed");
+
+            // Get the canary
+            let canary = store
+                .get_canary("canary-1")
+                .expect("Get should succeed")
+                .expect("Canary should exist");
+            assert_eq!(canary.id, "canary-1");
+            assert_eq!(canary.name, "Search health check");
+            assert!(canary.enabled);
+
+            // List all canaries
+            let canaries = store.list_canaries().expect("List should succeed");
+            assert_eq!(canaries.len(), 1);
+
+            // Upsert (update)
+            store
+                .upsert_canary(&NewCanary {
+                    id: "canary-1".to_string(),
+                    name: "Updated health check".to_string(),
+                    index_uid: "logs".to_string(),
+                    interval_s: 120,
+                    query_json: r#"{"q": "error"}"#.to_string(),
+                    assertions_json: r#"[{"type": "min_hits", "value": 1}]"#.to_string(),
+                    enabled: false,
+                    created_at: 1000,
+                })
+                .expect("Update should succeed");
+
+            let canary = store
+                .get_canary("canary-1")
+                .expect("Get should succeed")
+                .expect("Canary should exist");
+            assert_eq!(canary.name, "Updated health check");
+            assert!(!canary.enabled);
+
+            // Delete
+            assert!(store
+                .delete_canary("canary-1")
+                .expect("Delete should succeed"));
+            assert!(store
+                .get_canary("canary-1")
+                .expect("Get should succeed")
+                .is_none());
+
+            // Delete non-existent
+            assert!(!store
+                .delete_canary("no-such-canary")
+                .expect("Delete non-existent should fail"));
+        }
+
+        // --- Table 9: canary_runs tests ---
+
+        #[tokio::test]
+        async fn test_redis_canary_runs() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert 5 runs with history limit of 3
+            for i in 0..5 {
+                store
+                    .insert_canary_run(
+                        &NewCanaryRun {
+                            canary_id: "canary-1".to_string(),
+                            ran_at: 1000 + i * 100,
+                            status: if i == 2 { "fail" } else { "pass" }.to_string(),
+                            latency_ms: 50 + i * 10,
+                            failed_assertions_json: if i == 2 {
+                                Some(
+                                    r#"[{"assertion": "min_hits", "reason": "no hits"}]"#
+                                        .to_string(),
+                                )
+                            } else {
+                                None
+                            },
+                        },
+                        3,
+                    )
+                    .expect("Insert run should succeed");
+            }
+
+            // Only the 3 most recent runs should remain
+            let runs = store
+                .get_canary_runs("canary-1", 10)
+                .expect("Get runs should succeed");
+            assert_eq!(runs.len(), 3);
+            // Runs are ordered by ran_at DESC
+            assert_eq!(runs[0].ran_at, 1400);
+            assert_eq!(runs[2].status, "fail");
+
+            // Test limit parameter
+            let runs = store
+                .get_canary_runs("canary-1", 2)
+                .expect("Get runs with limit should succeed");
+            assert_eq!(runs.len(), 2);
+
+            // Empty for non-existent canary
+            let runs = store
+                .get_canary_runs("no-such-canary", 10)
+                .expect("Get runs for non-existent should succeed");
+            assert!(runs.is_empty());
+        }
+
+        // --- Table 10: cdc_cursors tests ---
+
+        #[tokio::test]
+        async fn test_redis_cdc_cursors() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert a cursor
+            store
+                .upsert_cdc_cursor(&NewCdcCursor {
+                    sink_name: "elasticsearch".to_string(),
+                    index_uid: "logs".to_string(),
+                    last_event_seq: 12345,
+                    updated_at: 2000,
+                })
+                .expect("Upsert should succeed");
+
+            // Get the cursor
+            let cursor = store
+                .get_cdc_cursor("elasticsearch", "logs")
+                .expect("Get should succeed")
+                .expect("Cursor should exist");
+            assert_eq!(cursor.sink_name, "elasticsearch");
+            assert_eq!(cursor.last_event_seq, 12345);
+
+            // List all cursors for a sink
+            store
+                .upsert_cdc_cursor(&NewCdcCursor {
+                    sink_name: "elasticsearch".to_string(),
+                    index_uid: "metrics".to_string(),
+                    last_event_seq: 67890,
+                    updated_at: 2500,
+                })
+                .expect("Upsert second cursor should succeed");
+
+            let cursors = store
+                .list_cdc_cursors("elasticsearch")
+                .expect("List should succeed");
+            assert_eq!(cursors.len(), 2);
+
+            // Upsert (update)
+            store
+                .upsert_cdc_cursor(&NewCdcCursor {
+                    sink_name: "elasticsearch".to_string(),
+                    index_uid: "logs".to_string(),
+                    last_event_seq: 13000,
+                    updated_at: 3000,
+                })
+                .expect("Update should succeed");
+
+            let cursor = store
+                .get_cdc_cursor("elasticsearch", "logs")
+                .expect("Get should succeed")
+                .expect("Cursor should exist");
+            assert_eq!(cursor.last_event_seq, 13000);
+
+            // Composite PK: different sink shouldn't exist
+            assert!(store
+                .get_cdc_cursor("elasticsearch", "nonexistent")
+                .expect("Get should succeed")
+                .is_none());
+            assert!(store
+                .get_cdc_cursor("unknown_sink", "logs")
+                .expect("Get should succeed")
+                .is_none());
+        }
+
+        // --- Table 11: tenant_map tests ---
+
+        #[tokio::test]
+        async fn test_redis_tenant_map() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let api_key_hash = vec![1u8; 32];
+
+            // Insert
+            store
+                .insert_tenant_mapping(&NewTenantMapping {
+                    api_key_hash: api_key_hash.clone(),
+                    tenant_id: "acme-corp".to_string(),
+                    group_id: Some(2),
+                })
+                .expect("Insert should succeed");
+
+            // Get
+            let mapping = store
+                .get_tenant_mapping(&api_key_hash)
+                .expect("Get should succeed")
+                .expect("Mapping should exist");
+            assert_eq!(mapping.tenant_id, "acme-corp");
+            assert_eq!(mapping.group_id, Some(2));
+
+            // Missing
+            let unknown_hash = vec![99u8; 32];
+            assert!(store
+                .get_tenant_mapping(&unknown_hash)
+                .expect("Get should succeed")
+                .is_none());
+
+            // Delete
+            assert!(store
+                .delete_tenant_mapping(&api_key_hash)
+                .expect("Delete should succeed"));
+            assert!(store
+                .get_tenant_mapping(&api_key_hash)
+                .expect("Get should succeed")
+                .is_none());
+
+            // Nullable group_id
+            let hash2 = vec![2u8; 32];
+            store
+                .insert_tenant_mapping(&NewTenantMapping {
+                    api_key_hash: hash2.clone(),
+                    tenant_id: "default-tenant".to_string(),
+                    group_id: None,
+                })
+                .expect("Insert with null group_id should succeed");
+
+            let mapping = store
+                .get_tenant_mapping(&hash2)
+                .expect("Get should succeed")
+                .expect("Mapping should exist");
+            assert_eq!(mapping.tenant_id, "default-tenant");
+            assert_eq!(mapping.group_id, None);
+        }
+
+        // --- Table 12: rollover_policies tests ---
+
+        #[tokio::test]
+        async fn test_redis_rollover_policies() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert
+            store
+                .upsert_rollover_policy(&NewRolloverPolicy {
+                    name: "daily-logs".to_string(),
+                    write_alias: "logs-write".to_string(),
+                    read_alias: "logs-read".to_string(),
+                    pattern: "logs-{YYYY-MM-DD}".to_string(),
+                    triggers_json: r#"{"max_age": "1d", "max_docs": 1000000}"#.to_string(),
+                    retention_json: r#"{"keep_indexes": 30}"#.to_string(),
+                    template_json: r#"{"primary_key": "id", "settings_ref": "logs-template"}"#
+                        .to_string(),
+                    enabled: true,
+                })
+                .expect("Upsert should succeed");
+
+            // Get
+            let policy = store
+                .get_rollover_policy("daily-logs")
+                .expect("Get should succeed")
+                .expect("Policy should exist");
+            assert_eq!(policy.name, "daily-logs");
+            assert_eq!(policy.write_alias, "logs-write");
+            assert!(policy.enabled);
+
+            // List
+            let policies = store.list_rollover_policies().expect("List should succeed");
+            assert_eq!(policies.len(), 1);
+
+            // Upsert (update)
+            store
+                .upsert_rollover_policy(&NewRolloverPolicy {
+                    name: "daily-logs".to_string(),
+                    write_alias: "logs-write".to_string(),
+                    read_alias: "logs-read".to_string(),
+                    pattern: "logs-{YYYY-MM-DD}".to_string(),
+                    triggers_json: r#"{"max_age": "1d", "max_docs": 2000000}"#.to_string(),
+                    retention_json: r#"{"keep_indexes": 30}"#.to_string(),
+                    template_json: r#"{"primary_key": "id", "settings_ref": "logs-template"}"#
+                        .to_string(),
+                    enabled: false,
+                })
+                .expect("Update should succeed");
+
+            let policy = store
+                .get_rollover_policy("daily-logs")
+                .expect("Get should succeed")
+                .expect("Policy should exist");
+            assert!(!policy.enabled);
+
+            // Delete
+            assert!(store
+                .delete_rollover_policy("daily-logs")
+                .expect("Delete should succeed"));
+            assert!(store
+                .get_rollover_policy("daily-logs")
+                .expect("Get should succeed")
+                .is_none());
+        }
+
+        // --- Table 13: search_ui_config tests ---
+
+        #[tokio::test]
+        async fn test_redis_search_ui_config() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            let config_json = r#"{"title": "Product Search", "facets": ["category", "price"], "sort": ["relevance", "price_asc"]}"#;
+
+            // Insert
+            store
+                .upsert_search_ui_config(&NewSearchUiConfig {
+                    index_uid: "products".to_string(),
+                    config_json: config_json.to_string(),
+                    updated_at: 5000,
+                })
+                .expect("Upsert should succeed");
+
+            // Get
+            let config = store
+                .get_search_ui_config("products")
+                .expect("Get should succeed")
+                .expect("Config should exist");
+            assert_eq!(config.index_uid, "products");
+            assert_eq!(config.config_json, config_json);
+
+            // Upsert (update)
+            let updated_json = r#"{"title": "Product Search V2", "facets": ["category"]}"#;
+            store
+                .upsert_search_ui_config(&NewSearchUiConfig {
+                    index_uid: "products".to_string(),
+                    config_json: updated_json.to_string(),
+                    updated_at: 6000,
+                })
+                .expect("Update should succeed");
+
+            let config = store
+                .get_search_ui_config("products")
+                .expect("Get should succeed")
+                .expect("Config should exist");
+            assert_eq!(config.config_json, updated_json);
+            assert_eq!(config.updated_at, 6000);
+
+            // Delete
+            assert!(store
+                .delete_search_ui_config("products")
+                .expect("Delete should succeed"));
+            assert!(store
+                .get_search_ui_config("products")
+                .expect("Get should succeed")
+                .is_none());
+        }
+
+        // --- Table 14: admin_sessions tests ---
+
+        #[tokio::test]
+        async fn test_redis_admin_sessions() {
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Insert
+            store
+                .insert_admin_session(&NewAdminSession {
+                    session_id: "sess-admin-1".to_string(),
+                    csrf_token: "csrf-token-abc123".to_string(),
+                    admin_key_hash: "hash-of-admin-key".to_string(),
+                    created_at: 7000,
+                    expires_at: now_ms() + 3600000,
+                    user_agent: Some("Mozilla/5.0".to_string()),
+                    source_ip: Some("192.168.1.100".to_string()),
+                })
+                .expect("Insert should succeed");
+
+            // Get
+            let session = store
+                .get_admin_session("sess-admin-1")
+                .expect("Get should succeed")
+                .expect("Session should exist");
+            assert_eq!(session.session_id, "sess-admin-1");
+            assert_eq!(session.csrf_token, "csrf-token-abc123");
+            assert!(!session.revoked);
+
+            // Revoke
+            assert!(store
+                .revoke_admin_session("sess-admin-1")
+                .expect("Revoke should succeed"));
+            let session = store
+                .get_admin_session("sess-admin-1")
+                .expect("Get should succeed")
+                .expect("Session should exist");
+            assert!(session.revoked);
+
+            // Nullable fields
+            store
+                .insert_admin_session(&NewAdminSession {
+                    session_id: "sess-minimal".to_string(),
+                    csrf_token: "csrf".to_string(),
+                    admin_key_hash: "hash".to_string(),
+                    created_at: 1000,
+                    expires_at: now_ms() + 3600000,
+                    user_agent: None,
+                    source_ip: None,
+                })
+                .expect("Insert minimal session should succeed");
+
+            let session = store
+                .get_admin_session("sess-minimal")
+                .expect("Get should succeed")
+                .expect("Session should exist");
+            assert!(session.user_agent.is_none());
+            assert!(session.source_ip.is_none());
+
+            // Redis handles expiration automatically - delete_expired returns 0
+            let deleted = store
+                .delete_expired_admin_sessions(now_ms())
+                .expect("Delete expired should succeed");
+            assert_eq!(deleted, 0);
+        }
+
+        // --- Comprehensive trait behavior test ---
+
+        #[tokio::test]
+        async fn test_redis_taskstore_trait_completeness() {
+            // This test ensures all TaskStore trait methods are callable
+            // and behave consistently with the SQLite implementation.
+            let (store, _url) = setup_redis_store().await;
+            store.migrate().expect("Migration should succeed");
+
+            // Test tasks
+            let mut node_tasks = HashMap::new();
+            node_tasks.insert("node-1".to_string(), 123u64);
+            store
+                .insert_task(&NewTask {
+                    miroir_id: "task-trait-test".to_string(),
+                    created_at: now_ms(),
+                    status: "queued".to_string(),
+                    node_tasks: node_tasks.clone(),
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .expect("insert_task should work");
+
+            let task = store
+                .get_task("task-trait-test")
+                .expect("get_task should work")
+                .expect("task should exist");
+            assert_eq!(task.node_tasks, node_tasks);
+
+            // Test update operations
+            assert!(store
+                .update_task_status("task-trait-test", "running")
+                .expect("update_task_status should work"));
+            assert!(store
+                .update_node_task("task-trait-test", "node-2", 456)
+                .expect("update_node_task should work"));
+            assert!(store
+                .set_task_error("task-trait-test", "test error")
+                .expect("set_task_error should work"));
+
+            // Test list and filter
+            let tasks = store
+                .list_tasks(&TaskFilter {
+                    status: Some("running".to_string()),
+                    index_uid: None,
+                    task_type: None,
+                    limit: Some(10),
+                    offset: None,
+                })
+                .expect("list_tasks should work");
+            assert_eq!(tasks.len(), 1);
+
+            // Test count
+            let count = store.task_count().expect("task_count should work");
+            assert_eq!(count, 1);
+
+            // Test prune
+            let pruned = store
+                .prune_tasks(now_ms() - 1000, 100)
+                .expect("prune_tasks should work");
+            assert_eq!(pruned, 0); // our task is recent
+
+            // Test leader lease
+            let scope = "trait-test-scope";
+            assert!(store
+                .try_acquire_leader_lease(scope, "pod-1", now_ms() + 10000, now_ms())
+                .expect("try_acquire_leader_lease should work"));
+            assert!(store
+                .renew_leader_lease(scope, "pod-1", now_ms() + 20000)
+                .expect("renew_leader_lease should work"));
+
+            let lease = store
+                .get_leader_lease(scope)
+                .expect("get_leader_lease should work")
+                .expect("lease should exist");
+            assert_eq!(lease.holder, "pod-1");
+
+            // Test job
+            store
+                .insert_job(&NewJob {
+                    id: "job-trait-test".to_string(),
+                    type_: "test".to_string(),
+                    params: "{}".to_string(),
+                    state: "queued".to_string(),
+                    progress: "{}".to_string(),
+                    parent_job_id: None,
+                    chunk_index: None,
+                    total_chunks: None,
+                    created_at: 3000,
+                })
+                .expect("insert_job should work");
+
+            let job = store
+                .get_job("job-trait-test")
+                .expect("get_job should work")
+                .expect("job should exist");
+            assert_eq!(job.state, "queued");
+        }
+
+        // Note: proptest doesn't support async tests directly.
+        // The SQLite backend has comprehensive proptest coverage for all operations.
+        // The Redis integration tests below verify the async operations work correctly.
+    }
+
+    // --- Unit tests that don't require testcontainers ---
+
+    #[test]
+    fn test_search_ui_scoped_key_type() {
+        // Verify SearchUiScopedKey can be constructed and has expected fields
+        let key = SearchUiScopedKey {
+            index_uid: "test-index".to_string(),
+            primary_key: "pk-abc".to_string(),
+            primary_uid: "primary-123".to_string(),
+            previous_key: Some("ppk-def".to_string()),
+            previous_uid: Some("previous-456".to_string()),
+            rotated_at: 1234567890,
+            generation: 5,
+        };
+        assert_eq!(key.index_uid, "test-index");
+        assert_eq!(key.primary_uid, "primary-123");
+        assert_eq!(key.previous_uid.as_deref(), Some("previous-456"));
+        assert_eq!(key.rotated_at, 1234567890);
+        assert_eq!(key.generation, 5);
+    }
+
+    #[test]
+    fn test_redis_helper_functions() {
+        // Test the helper functions directly
+        let mut fields = std::collections::HashMap::new();
+        fields.insert(
+            "name".to_string(),
+            redis::Value::BulkString(b"test-name".to_vec()),
+        );
+        fields.insert("version".to_string(), redis::Value::Int(42));
+        fields.insert("enabled".to_string(), redis::Value::Int(1));
+
+        // get_field_string
+        let name = get_field_string(&fields, "name").expect("Should get name");
+        assert_eq!(name, "test-name");
+
+        // get_field_i64
+        let version = get_field_i64(&fields, "version").expect("Should get version");
+        assert_eq!(version, 42);
+
+        // opt_field
+        let maybe_name = opt_field(&fields, "name");
+        assert_eq!(maybe_name.as_deref(), Some("test-name"));
+
+        // Missing field
+        assert!(get_field_string(&fields, "missing").is_err());
+
+        // opt_field for missing field
+        assert!(opt_field(&fields, "missing").is_none());
+    }
+
+    #[test]
+    fn test_task_from_hash() {
+        let mut fields = std::collections::HashMap::new();
+        fields.insert(
+            "miroir_id".to_string(),
+            redis::Value::BulkString(b"task-1".to_vec()),
+        );
+        fields.insert("created_at".to_string(), redis::Value::Int(1000));
+        fields.insert(
+            "status".to_string(),
+            redis::Value::BulkString(b"queued".to_vec()),
+        );
+        fields.insert(
+            "node_tasks".to_string(),
+            redis::Value::BulkString(br#"{"node-1":123}"#.to_vec()),
+        );
+        // error field is optional
+
+        let task = RedisTaskStore::task_from_hash("task-1".to_string(), &fields)
+            .expect("Should parse task");
+        assert_eq!(task.miroir_id, "task-1");
+        assert_eq!(task.created_at, 1000);
+        assert_eq!(task.status, "queued");
+        assert_eq!(task.node_tasks.get("node-1"), Some(&123));
+        assert!(task.error.is_none());
+    }
+
+    #[test]
+    fn test_canary_from_hash() {
+        let mut fields = std::collections::HashMap::new();
+        fields.insert(
+            "id".to_string(),
+            redis::Value::BulkString(b"canary-1".to_vec()),
+        );
+        fields.insert(
+            "name".to_string(),
+            redis::Value::BulkString(b"Test Canary".to_vec()),
+        );
+        fields.insert(
+            "index_uid".to_string(),
+            redis::Value::BulkString(b"logs".to_vec()),
+        );
+        fields.insert("interval_s".to_string(), redis::Value::Int(60));
+        fields.insert(
+            "query_json".to_string(),
+            redis::Value::BulkString(br#"{"q":"test"}"#.to_vec()),
+        );
+        fields.insert(
+            "assertions_json".to_string(),
+            redis::Value::BulkString(b"[]".to_vec()),
+        );
+        fields.insert("enabled".to_string(), redis::Value::Int(1));
+        fields.insert("created_at".to_string(), redis::Value::Int(1000));
+
+        let canary = RedisTaskStore::canary_from_hash("canary-1".to_string(), &fields)
+            .expect("Should parse canary");
+        assert_eq!(canary.id, "canary-1");
+        assert_eq!(canary.name, "Test Canary");
+        assert_eq!(canary.index_uid, "logs");
+        assert_eq!(canary.interval_s, 60);
+        assert!(canary.enabled);
+    }
+}
diff --git a/crates/miroir-core/src/task_store/sqlite.rs b/crates/miroir-core/src/task_store/sqlite.rs
index 7901466..ad5d306 100644
--- a/crates/miroir-core/src/task_store/sqlite.rs
+++ b/crates/miroir-core/src/task_store/sqlite.rs
@@ -1,1025 +1,1101 @@
-//! SQLite backend for the task store.
-
-use super::error::{Result, TaskStoreError};
-use super::schema::{
-    AdminSession, Alias, Canary, CanaryRun, CdcCursor, IdempotencyEntry, Job, JobState,
-    LeaderLease, RolloverPolicy, SearchUiConfig, Session, Task, TaskFilter, TaskStatus, Tenant,
-    SCHEMA_VERSION,
-};
-use super::TaskStore;
-use rusqlite::Connection;
-use std::collections::HashMap;
+use crate::schema_migrations::{build_registry, MigrationRegistry};
+use crate::task_store::*;
+use crate::Result;
+use rusqlite::{params, Connection, OptionalExtension};
 use std::path::Path;
-use std::sync::{Arc, Mutex};
+use std::sync::Mutex;
 
-// Legacy compatibility types for trait signature
-#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, PartialEq, Eq)]
-pub struct NodeTask {
-    pub task_uid: u64,
-    pub status: NodeTaskStatus,
+/// Get the migration registry for this binary.
+fn registry() -> &'static MigrationRegistry {
+    use std::sync::OnceLock;
+    static REGISTRY: OnceLock<MigrationRegistry> = OnceLock::new();
+    REGISTRY.get_or_init(|| build_registry())
 }
 
-#[derive(Debug, Clone, Copy, serde::Serialize, serde::Deserialize, PartialEq, Eq)]
-pub enum NodeTaskStatus {
-    Enqueued,
-    Processing,
-    Succeeded,
-    Failed,
-}
-
-// Legacy JobStatus for trait compatibility
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum JobStatus {
-    Enqueued,
-    Processing,
-    Succeeded,
-    Failed,
-    Canceled,
-}
-
-/// Convert a String parse error to a rusqlite error.
-fn parse_error<E: std::fmt::Display>(e: E) -> rusqlite::Error {
-    rusqlite::Error::ToSqlConversionFailure(Box::new(ParseError(e.to_string())))
-}
-
-/// Wrapper for String errors to implement std::error::Error.
-#[derive(Debug)]
-struct ParseError(String);
-
-impl std::fmt::Display for ParseError {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.0)
-    }
-}
-
-impl std::error::Error for ParseError {}
-
-/// SQLite task store implementation.
-#[derive(Clone)]
 pub struct SqliteTaskStore {
-    conn: Arc<Mutex<Connection>>,
+    conn: Mutex<Connection>,
 }
 
 impl SqliteTaskStore {
-    /// Create a new SQLite task store.
-    pub async fn new<P: AsRef<Path>>(path: P) -> Result<Self> {
+    /// Open (or create) the SQLite database at `path`, configure WAL + busy_timeout.
+    pub fn open(path: &Path) -> Result<Self> {
         let conn = Connection::open(path)?;
-        let store = Self {
-            conn: Arc::new(Mutex::new(conn)),
-        };
-        Ok(store)
+        Self::configure(&conn)?;
+        Ok(Self {
+            conn: Mutex::new(conn),
+        })
     }
 
-    /// Execute a SQL statement with parameters.
-    fn execute(&self, sql: &str, params: &[&dyn rusqlite::ToSql]) -> Result<usize> {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        conn.execute(sql, params).map_err(Into::into)
+    /// Open an in-memory database (for tests and single-pod dev).
+    pub fn open_in_memory() -> Result<Self> {
+        let conn = Connection::open_in_memory()?;
+        Self::configure(&conn)?;
+        Ok(Self {
+            conn: Mutex::new(conn),
+        })
     }
 
-    /// Query a single row.
-    fn query_row<T, F>(&self, sql: &str, params: &[&dyn rusqlite::ToSql], f: F) -> Result<T>
-    where
-        F: FnOnce(&rusqlite::Row) -> rusqlite::Result<T>,
-    {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        conn.query_row(sql, params, f).map_err(Into::into)
+    fn configure(conn: &Connection) -> Result<()> {
+        conn.execute_batch("PRAGMA journal_mode = WAL; PRAGMA busy_timeout = 5000;")?;
+        Ok(())
     }
 
-    /// Prepare and execute a query, returning all rows.
-    fn query_map<T, F>(&self, sql: &str, params: &[&dyn rusqlite::ToSql], f: F) -> Result<Vec<T>>
-    where
-        F: FnMut(&rusqlite::Row) -> rusqlite::Result<T>,
-    {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        let mut stmt = conn.prepare(sql)?;
-        let rows: std::result::Result<Vec<_>, _> = stmt.query_map(params, f)?.collect();
-        Ok(rows?)
+    fn run_migration(conn: &Connection) -> Result<()> {
+        // Create schema_versions first so we can query it
+        conn.execute_batch(
+            "CREATE TABLE IF NOT EXISTS schema_versions (
+                version INTEGER PRIMARY KEY,
+                applied_at INTEGER NOT NULL
+            );",
+        )?;
+
+        let current: Option<i64> = conn
+            .query_row("SELECT MAX(version) FROM schema_versions", [], |row| {
+                row.get(0)
+            })
+            .optional()?
+            .flatten();
+
+        let current_version = current.unwrap_or(0);
+
+        // Validate that the store version is not ahead of the binary version
+        registry().validate_version(current_version)?;
+
+        // Apply pending migrations
+        let pending = registry().pending_migrations(current_version);
+        for migration in pending {
+            conn.execute_batch(migration.sql)?;
+            conn.execute(
+                "INSERT INTO schema_versions (version, applied_at) VALUES (?1, ?2)",
+                params![migration.version, now_ms()],
+            )?;
+        }
+
+        Ok(())
+    }
+
+    // --- Table 1: tasks helpers ---
+
+    fn task_row_from_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<TaskRow> {
+        let node_tasks_json: String = row.get(3)?;
+        let node_tasks: HashMap<String, u64> = serde_json::from_str(&node_tasks_json)
+            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
+        let node_errors_json: String = row.get(9)?;
+        let node_errors: HashMap<String, String> = serde_json::from_str(&node_errors_json)
+            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
+        Ok(TaskRow {
+            miroir_id: row.get(0)?,
+            created_at: row.get(1)?,
+            status: row.get(2)?,
+            node_tasks,
+            error: row.get(4)?,
+            started_at: row.get(5)?,
+            finished_at: row.get(6)?,
+            index_uid: row.get(7)?,
+            task_type: row.get(8)?,
+            node_errors,
+        })
+    }
+
+    // --- Table 3: aliases helpers ---
+
+    fn alias_row_from_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<AliasRow> {
+        let target_uids_json: Option<String> = row.get(3)?;
+        let target_uids: Option<Vec<String>> = target_uids_json
+            .as_deref()
+            .map(serde_json::from_str)
+            .transpose()
+            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
+        let history_json: String = row.get(6)?;
+        let history: Vec<AliasHistoryEntry> = serde_json::from_str(&history_json)
+            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
+        Ok(AliasRow {
+            name: row.get(0)?,
+            kind: row.get(1)?,
+            current_uid: row.get(2)?,
+            target_uids,
+            version: row.get(4)?,
+            created_at: row.get(5)?,
+            history,
+        })
     }
 }
 
-#[async_trait::async_trait]
 impl TaskStore for SqliteTaskStore {
-    async fn initialize(&self) -> Result<()> {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
+    fn migrate(&self) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        Self::run_migration(&conn)?;
+        Ok(())
+    }
 
-        // Enable WAL mode for better concurrency
-        // Use query_row because PRAGMA journal_mode returns the new mode
-        let _mode: String = conn.query_row(
-            "PRAGMA journal_mode=WAL",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| row.get(0),
-        )?;
+    // --- Table 1: tasks ---
 
-        // Set busy timeout to avoid deadlock on concurrent writes
-        // Use query_row because PRAGMA busy_timeout returns the value that was set
-        let _timeout: i64 = conn.query_row(
-            "PRAGMA busy_timeout=5000",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| row.get(0),
-        )?;
-
-        // Create schema_version table
+    fn insert_task(&self, task: &NewTask) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        let node_tasks_json = serde_json::to_string(&task.node_tasks)?;
+        let node_errors_json = serde_json::to_string(&task.node_errors)?;
         conn.execute(
-            "CREATE TABLE IF NOT EXISTS schema_version (
-                version INTEGER NOT NULL
-            )",
-            &[] as &[&dyn rusqlite::ToSql],
+            "INSERT INTO tasks (miroir_id, created_at, status, node_tasks, error, started_at, finished_at, index_uid, task_type, node_errors)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)",
+            params![
+                task.miroir_id,
+                task.created_at,
+                task.status,
+                node_tasks_json,
+                task.error,
+                task.started_at,
+                task.finished_at,
+                task.index_uid,
+                task.task_type,
+                node_errors_json,
+            ],
         )?;
+        Ok(())
+    }
 
-        // Check current version
-        let current_version: Option<i64> = conn
+    fn get_task(&self, miroir_id: &str) -> Result<Option<TaskRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT version FROM schema_version",
-                &[] as &[&dyn rusqlite::ToSql],
+                "SELECT miroir_id, created_at, status, node_tasks, error, started_at, finished_at, index_uid, task_type, node_errors
+                 FROM tasks WHERE miroir_id = ?1",
+                params![miroir_id],
+                Self::task_row_from_row,
+            )
+            .optional()?)
+    }
+
+    fn update_task_status(&self, miroir_id: &str, status: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "UPDATE tasks SET status = ?1 WHERE miroir_id = ?2",
+            params![status, miroir_id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn update_node_task(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        // Read-modify-write on node_tasks JSON
+        let tx = conn.unchecked_transaction()?;
+        let existing: Option<String> = tx
+            .query_row(
+                "SELECT node_tasks FROM tasks WHERE miroir_id = ?1",
+                params![miroir_id],
                 |row| row.get(0),
             )
-            .ok();
-
-        if current_version.is_none() {
-            // Initialize schema
-            Self::init_schema(&conn)?;
-            conn.execute(
-                "INSERT INTO schema_version (version) VALUES (1)",
-                &[] as &[&dyn rusqlite::ToSql],
-            )?;
-        } else if current_version != Some(SCHEMA_VERSION) {
-            return Err(TaskStoreError::InvalidData(format!(
-                "schema version mismatch: expected {}, got {}",
-                SCHEMA_VERSION,
-                current_version.unwrap()
-            )));
-        }
-
-        Ok(())
-    }
-
-    async fn schema_version(&self) -> Result<i64> {
-        self.query_row(
-            "SELECT version FROM schema_version",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| row.get(0),
-        )
-    }
-
-    async fn task_insert(&self, task: &Task) -> Result<()> {
-        let node_tasks_json = serde_json::to_string(&task.node_tasks)?;
-        self.execute(
-            "INSERT INTO tasks (miroir_id, created_at, status, node_tasks, error)
-             VALUES (?1, ?2, ?3, ?4, ?5)",
-            &[
-                &task.miroir_id as &dyn rusqlite::ToSql,
-                &task.created_at,
-                &task.status.to_string(),
-                &node_tasks_json,
-                &task.error.as_deref().unwrap_or(""),
-            ] as &[&dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn task_get(&self, miroir_id: &str) -> Result<Option<Task>> {
-        let result: Option<Task> = self
-            .query_row(
-                "SELECT miroir_id, created_at, status, node_tasks, error FROM tasks WHERE miroir_id = ?1",
-                &[&miroir_id as &dyn rusqlite::ToSql],
-                |row| {
-                    let node_tasks_json: String = row.get(3)?;
-                    let node_tasks: HashMap<String, u64> = serde_json::from_str(&node_tasks_json).map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-                    Ok(Task {
-                        miroir_id: row.get(0)?,
-                        created_at: row.get(1)?,
-                        status: row.get::<_, String>(2)?.parse().map_err(|e| {
-                            parse_error(e)
-                        })?,
-                        node_tasks,
-                        error: {
-                            let error: String = row.get(4)?;
-                            if error.is_empty() { None } else { Some(error) }
-                        },
-                    })
-                },
-            )
-            .ok();
-        Ok(result)
-    }
-
-    async fn task_update_status(&self, miroir_id: &str, status: TaskStatus) -> Result<()> {
-        self.execute(
-            "UPDATE tasks SET status = ?1 WHERE miroir_id = ?2",
-            &[
-                &status.to_string() as &dyn rusqlite::ToSql,
-                &miroir_id as &dyn rusqlite::ToSql,
-            ],
-        )?;
-        Ok(())
-    }
-
-    async fn task_update_node(&self, miroir_id: &str, node_id: &str, task_uid: u64) -> Result<()> {
-        // Get the task, update node_tasks (store only task_uid), and write back
-        let mut task = self
-            .task_get(miroir_id)
-            .await?
-            .ok_or_else(|| TaskStoreError::NotFound(miroir_id.to_string()))?;
-        task.node_tasks.insert(node_id.to_string(), task_uid);
-        let node_tasks_json = serde_json::to_string(&task.node_tasks)?;
-        self.execute(
+            .optional()?;
+        let Some(json) = existing else {
+            return Ok(false);
+        };
+        let mut map: HashMap<String, u64> = serde_json::from_str(&json)?;
+        map.insert(node_id.to_string(), task_uid);
+        let updated = serde_json::to_string(&map)?;
+        let rows = tx.execute(
             "UPDATE tasks SET node_tasks = ?1 WHERE miroir_id = ?2",
-            &[
-                &node_tasks_json as &dyn rusqlite::ToSql,
-                &miroir_id as &dyn rusqlite::ToSql,
-            ],
+            params![updated, miroir_id],
         )?;
-        Ok(())
+        tx.commit()?;
+        Ok(rows > 0)
     }
 
-    async fn task_list(&self, filter: &TaskFilter) -> Result<Vec<Task>> {
-        let mut sql =
-            "SELECT miroir_id, created_at, status, node_tasks, error FROM tasks".to_string();
-        let mut params = Vec::new();
-        let mut wheres = Vec::new();
+    fn set_task_error(&self, miroir_id: &str, error: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "UPDATE tasks SET error = ?1 WHERE miroir_id = ?2",
+            params![error, miroir_id],
+        )?;
+        Ok(rows > 0)
+    }
 
-        if let Some(status) = filter.status {
-            wheres.push("status = ?".to_string());
-            params.push(status.to_string());
+    #[allow(unused_assignments)]
+    fn list_tasks(&self, filter: &TaskFilter) -> Result<Vec<TaskRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut sql = "SELECT miroir_id, created_at, status, node_tasks, error, started_at, finished_at, index_uid, task_type, node_errors FROM tasks"
+            .to_string();
+        let mut conditions = Vec::new();
+        let mut param_idx = 1;
+        let mut param_values: Vec<Box<dyn rusqlite::types::ToSql>> = Vec::new();
+
+        if let Some(ref status) = filter.status {
+            conditions.push(format!("status = ?{param_idx}"));
+            param_values.push(Box::new(status.clone()));
+            param_idx += 1;
         }
-
-        if !wheres.is_empty() {
+        if let Some(ref index_uid) = filter.index_uid {
+            conditions.push(format!("index_uid = ?{param_idx}"));
+            param_values.push(Box::new(index_uid.clone()));
+            param_idx += 1;
+        }
+        if let Some(ref task_type) = filter.task_type {
+            conditions.push(format!("task_type = ?{param_idx}"));
+            param_values.push(Box::new(task_type.clone()));
+            param_idx += 1;
+        }
+        if !conditions.is_empty() {
             sql.push_str(" WHERE ");
-            sql.push_str(&wheres.join(" AND "));
+            sql.push_str(&conditions.join(" AND "));
         }
-
         sql.push_str(" ORDER BY created_at DESC");
-
         if let Some(limit) = filter.limit {
             sql.push_str(&format!(" LIMIT {limit}"));
         }
-
         if let Some(offset) = filter.offset {
             sql.push_str(&format!(" OFFSET {offset}"));
         }
 
-        let params_refs: Vec<&dyn rusqlite::ToSql> =
-            params.iter().map(|s| s as &dyn rusqlite::ToSql).collect();
-
-        self.query_map(&sql, &params_refs, |row| {
-            let node_tasks_json: String = row.get(3)?;
-            let node_tasks: HashMap<String, u64> = serde_json::from_str(&node_tasks_json)
-                .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-            Ok(Task {
-                miroir_id: row.get(0)?,
-                created_at: row.get(1)?,
-                status: row.get::<_, String>(2)?.parse().map_err(parse_error)?,
-                node_tasks,
-                error: {
-                    let error: String = row.get(4)?;
-                    if error.is_empty() {
-                        None
-                    } else {
-                        Some(error)
-                    }
-                },
-            })
-        })
+        let params_refs: Vec<&dyn rusqlite::types::ToSql> =
+            param_values.iter().map(|p| p.as_ref()).collect();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(params_refs.as_slice(), Self::task_row_from_row)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
     }
 
-    async fn node_settings_version_get(&self, index: &str, node_id: &str) -> Result<Option<i64>> {
-        let version: Option<i64> = self
-            .query_row(
-                "SELECT version FROM node_settings_version WHERE index_uid = ?1 AND node_id = ?2",
-                &[
-                    &index as &dyn rusqlite::ToSql,
-                    &node_id as &dyn rusqlite::ToSql,
-                ],
-                |row| row.get(0),
-            )
-            .ok();
-        Ok(version)
-    }
+    // --- Table 2: node_settings_version ---
 
-    async fn node_settings_version_set(
+    fn upsert_node_settings_version(
         &self,
-        index: &str,
+        index_uid: &str,
         node_id: &str,
         version: i64,
+        updated_at: i64,
     ) -> Result<()> {
-        let now = chrono::Utc::now().timestamp_millis() as u64;
-        self.execute(
-            "INSERT OR REPLACE INTO node_settings_version (index_uid, node_id, version, updated_at)
-             VALUES (?1, ?2, ?3, ?4)",
-            &[
-                &index as &dyn rusqlite::ToSql,
-                &node_id as &dyn rusqlite::ToSql,
-                &version as &dyn rusqlite::ToSql,
-                &now as &dyn rusqlite::ToSql,
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO node_settings_version (index_uid, node_id, version, updated_at)
+             VALUES (?1, ?2, ?3, ?4)
+             ON CONFLICT(index_uid, node_id) DO UPDATE SET version = ?3, updated_at = ?4",
+            params![index_uid, node_id, version, updated_at],
+        )?;
+        Ok(())
+    }
+
+    fn get_node_settings_version(
+        &self,
+        index_uid: &str,
+        node_id: &str,
+    ) -> Result<Option<NodeSettingsVersionRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
+            .query_row(
+                "SELECT index_uid, node_id, version, updated_at
+                 FROM node_settings_version WHERE index_uid = ?1 AND node_id = ?2",
+                params![index_uid, node_id],
+                |row| {
+                    Ok(NodeSettingsVersionRow {
+                        index_uid: row.get(0)?,
+                        node_id: row.get(1)?,
+                        version: row.get(2)?,
+                        updated_at: row.get(3)?,
+                    })
+                },
+            )
+            .optional()?)
+    }
+
+    // --- Table 3: aliases ---
+
+    fn create_alias(&self, alias: &NewAlias) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        let target_uids_json = alias
+            .target_uids
+            .as_ref()
+            .map(|uids| serde_json::to_string(uids))
+            .transpose()?;
+        let history_json = serde_json::to_string(&alias.history)?;
+        conn.execute(
+            "INSERT INTO aliases (name, kind, current_uid, target_uids, version, created_at, history)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)",
+            params![
+                alias.name,
+                alias.kind,
+                alias.current_uid,
+                target_uids_json,
+                alias.version,
+                alias.created_at,
+                history_json,
             ],
         )?;
         Ok(())
     }
 
-    async fn alias_upsert(&self, alias: &Alias) -> Result<()> {
-        let history_json = serde_json::to_string(&alias.history)?;
-        self.execute(
-            "INSERT OR REPLACE INTO aliases (name, kind, current_uid, target_uids, version, created_at, history)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)",
-            &[
-                &alias.name as &dyn rusqlite::ToSql,
-                &alias.kind.to_string(),
-                &alias.current_uid.as_deref().unwrap_or(""),
-                &serde_json::to_string(&alias.target_uids)?,
-                &alias.version,
-                &alias.created_at,
-                &history_json,
-            ] as &[&dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn alias_get(&self, name: &str) -> Result<Option<Alias>> {
-        let result: Option<Alias> = self
+    fn get_alias(&self, name: &str) -> Result<Option<AliasRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
                 "SELECT name, kind, current_uid, target_uids, version, created_at, history
                  FROM aliases WHERE name = ?1",
-                &[&name as &dyn rusqlite::ToSql],
-                |row| {
-                    let target_uids_json: String = row.get(3)?;
-                    // Handle null case for single-target aliases
-                    let target_uids: Option<Vec<String>> = if target_uids_json == "null" || target_uids_json.is_empty() {
-                        None
-                    } else {
-                        let parsed: Vec<String> = serde_json::from_str(&target_uids_json)
-                            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-                        Some(parsed)
-                    };
-                    let history_json: String = row.get(6)?;
-                    let history: Vec<super::schema::AliasHistoryEntry> =
-                        serde_json::from_str(&history_json)
-                            .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-                    Ok(Alias {
-                        name: row.get(0)?,
-                        kind: row.get::<_, String>(1)?.parse().map_err(parse_error)?,
-                        current_uid: {
-                            let uid: String = row.get(2)?;
-                            if uid.is_empty() {
-                                None
-                            } else {
-                                Some(uid)
-                            }
-                        },
-                        target_uids,
-                        version: row.get(4)?,
-                        created_at: row.get(5)?,
-                        history,
-                    })
-                },
+                params![name],
+                Self::alias_row_from_row,
             )
-            .ok();
+            .optional()?)
+    }
+
+    fn flip_alias(&self, name: &str, new_uid: &str, history_retention: usize) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let tx = conn.unchecked_transaction()?;
+
+        // Read current
+        let existing: Option<(String, i64, String)> = tx
+            .query_row(
+                "SELECT current_uid, version, history FROM aliases WHERE name = ?1 AND kind = 'single'",
+                params![name],
+                |row| Ok((row.get(0)?, row.get(1)?, row.get(2)?)),
+            )
+            .optional()?;
+        let Some((old_uid, old_version, history_json)) = existing else {
+            return Ok(false);
+        };
+
+        // Build new history
+        let mut history: Vec<AliasHistoryEntry> = serde_json::from_str(&history_json)?;
+        if !old_uid.is_empty() {
+            history.push(AliasHistoryEntry {
+                uid: old_uid,
+                flipped_at: now_ms(),
+            });
+        }
+        // Enforce retention bound
+        while history.len() > history_retention {
+            history.remove(0);
+        }
+
+        let new_history_json = serde_json::to_string(&history)?;
+        let new_version = old_version + 1;
+
+        let rows = tx.execute(
+            "UPDATE aliases SET current_uid = ?1, version = ?2, history = ?3 WHERE name = ?4",
+            params![new_uid, new_version, new_history_json, name],
+        )?;
+        tx.commit()?;
+        Ok(rows > 0)
+    }
+
+    fn delete_alias(&self, name: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute("DELETE FROM aliases WHERE name = ?1", params![name])?;
+        Ok(rows > 0)
+    }
+
+    fn list_aliases(&self) -> Result<Vec<AliasRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT name, kind, current_uid, target_uids, version, created_at, history
+             FROM aliases",
+        )?;
+        let rows = stmt.query_map([], Self::alias_row_from_row)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
         Ok(result)
     }
 
-    async fn alias_delete(&self, name: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM aliases WHERE name = ?1",
-            &[&name as &dyn rusqlite::ToSql],
+    // --- Table 4: sessions ---
+
+    fn upsert_session(&self, session: &SessionRow) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO sessions (session_id, last_write_mtask_id, last_write_at, pinned_group, min_settings_version, ttl)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6)
+             ON CONFLICT(session_id) DO UPDATE SET
+                last_write_mtask_id = ?2,
+                last_write_at = ?3,
+                pinned_group = ?4,
+                min_settings_version = ?5,
+                ttl = ?6",
+            params![
+                session.session_id,
+                session.last_write_mtask_id,
+                session.last_write_at,
+                session.pinned_group,
+                session.min_settings_version,
+                session.ttl,
+            ],
         )?;
         Ok(())
     }
 
-    async fn alias_list(&self) -> Result<Vec<Alias>> {
-        self.query_map(
-            "SELECT name, kind, current_uid, target_uids, version, created_at, history FROM aliases",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| {
-                let target_uids_json: String = row.get(3)?;
-                // Handle null case for single-target aliases
-                let target_uids: Option<Vec<String>> = if target_uids_json == "null" || target_uids_json.is_empty() {
-                    None
-                } else {
-                    let parsed: Vec<String> = serde_json::from_str(&target_uids_json).map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-                    Some(parsed)
-                };
-                let history_json: String = row.get(6)?;
-                let history: Vec<super::schema::AliasHistoryEntry> =
-                    serde_json::from_str(&history_json)
-                        .map_err(|e| rusqlite::Error::ToSqlConversionFailure(Box::new(e)))?;
-                Ok(Alias {
-                    name: row.get(0)?,
-                    kind: row.get::<_, String>(1)?.parse().map_err(|e| {
-                        parse_error(e)
-                    })?,
-                    current_uid: {
-                        let uid: String = row.get(2)?;
-                        if uid.is_empty() { None } else { Some(uid) }
-                    },
-                    target_uids,
-                    version: row.get(4)?,
-                    created_at: row.get(5)?,
-                    history,
-                })
-            },
-        )
-    }
-
-    async fn session_upsert(&self, session: &Session) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO sessions (session_id, last_write_mtask_id, last_write_at, pinned_group, min_settings_version, ttl)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
-            &[
-                &session.session_id as &dyn rusqlite::ToSql,
-                &session.last_write_mtask_id.as_deref().unwrap_or(""),
-                &session.last_write_at.map(|v| v as i64).unwrap_or(0),
-                &session.pinned_group,
-                &session.min_settings_version,
-                &(session.ttl as i64),
-            ] as &[&dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn session_get(&self, session_id: &str) -> Result<Option<Session>> {
-        let result: Option<Session> = self
+    fn get_session(&self, session_id: &str) -> Result<Option<SessionRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
                 "SELECT session_id, last_write_mtask_id, last_write_at, pinned_group, min_settings_version, ttl
                  FROM sessions WHERE session_id = ?1",
-                &[&session_id as &dyn rusqlite::ToSql],
+                params![session_id],
                 |row| {
-                    Ok(Session {
+                    Ok(SessionRow {
                         session_id: row.get(0)?,
-                        last_write_mtask_id: {
-                            let id: String = row.get(1)?;
-                            if id.is_empty() { None } else { Some(id) }
-                        },
-                        last_write_at: {
-                            let at: i64 = row.get(2)?;
-                            if at == 0 { None } else { Some(at as u64) }
-                        },
+                        last_write_mtask_id: row.get(1)?,
+                        last_write_at: row.get(2)?,
                         pinned_group: row.get(3)?,
                         min_settings_version: row.get(4)?,
                         ttl: row.get(5)?,
                     })
                 },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn session_delete(&self, session_id: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM sessions WHERE session_id = ?1",
-            &[&session_id as &dyn rusqlite::ToSql],
-        )?;
-        Ok(())
+    fn delete_expired_sessions(&self, now_ms: i64) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute("DELETE FROM sessions WHERE ttl < ?1", params![now_ms])?;
+        Ok(rows)
     }
 
-    async fn session_delete_by_index(&self, _index: &str) -> Result<()> {
-        // This method is no longer applicable with the new schema
-        // as sessions don't have an 'index' field anymore
-        Ok(())
-    }
+    // --- Table 5: idempotency_cache ---
 
-    async fn idempotency_check(&self, key: &str) -> Result<Option<IdempotencyEntry>> {
-        let result: Option<IdempotencyEntry> = self
-            .query_row(
-                "SELECT key, body_sha256, miroir_task_id, expires_at FROM idempotency_cache WHERE key = ?1",
-                &[&key as &dyn rusqlite::ToSql],
-                |row| Ok(IdempotencyEntry {
-                    key: row.get(0)?,
-                    body_sha256: row.get(1)?,
-                    miroir_task_id: row.get(2)?,
-                    expires_at: row.get(3)?,
-                }),
-            )
-            .ok();
-        Ok(result)
-    }
-
-    async fn idempotency_record(&self, entry: &IdempotencyEntry) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO idempotency_cache (key, body_sha256, miroir_task_id, expires_at)
+    fn insert_idempotency_entry(&self, entry: &IdempotencyEntry) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO idempotency_cache (key, body_sha256, miroir_task_id, expires_at)
              VALUES (?1, ?2, ?3, ?4)",
-            &[
-                &entry.key as &dyn rusqlite::ToSql,
-                &entry.body_sha256 as &dyn rusqlite::ToSql,
-                &entry.miroir_task_id as &dyn rusqlite::ToSql,
-                &entry.expires_at as &dyn rusqlite::ToSql,
-            ] as &[&dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn idempotency_prune(&self, before_ts: u64) -> Result<u64> {
-        let count = self.execute(
-            "DELETE FROM idempotency_cache WHERE expires_at < ?1",
-            &[&before_ts as &dyn rusqlite::ToSql],
-        )?;
-        Ok(count as u64)
-    }
-
-    async fn job_enqueue(&self, job: &Job) -> Result<()> {
-        self.execute(
-            "INSERT INTO jobs (id, type, params, state, claimed_by, claim_expires_at, progress)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7)",
-            &[
-                &job.id as &dyn rusqlite::ToSql,
-                &job.job_type,
-                &job.params,
-                &job.state.to_string(),
-                &job.claimed_by.as_deref().unwrap_or(""),
-                &job.claim_expires_at.map(|v| v as i64).unwrap_or(0),
-                &job.progress,
-            ] as &[&dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn job_dequeue(&self, worker_id: &str) -> Result<Option<Job>> {
-        // Start a transaction
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        let tx = conn.unchecked_transaction()?;
-
-        let now = chrono::Utc::now().timestamp_millis() as u64;
-        let expires_at = now + (5 * 60 * 1000); // 5 minutes from now
-
-        // Find and claim a job
-        let job_id: Option<String> = tx
-            .query_row(
-                "SELECT id FROM jobs WHERE state = 'queued' ORDER BY id ASC LIMIT 1",
-                [],
-                |row| row.get(0),
-            )
-            .ok();
-
-        if let Some(ref job_id) = job_id {
-            tx.execute(
-                "UPDATE jobs SET state = 'in_progress', claimed_by = ?1, claim_expires_at = ?2 WHERE id = ?3",
-                [
-                    &worker_id as &dyn rusqlite::ToSql,
-                    &expires_at as &dyn rusqlite::ToSql,
-                    job_id as &dyn rusqlite::ToSql,
-                ],
-            )?;
-
-            // Fetch the updated job
-            let job: Job = tx.query_row(
-                "SELECT id, type, params, state, claimed_by, claim_expires_at, progress
-                 FROM jobs WHERE id = ?1",
-                [job_id as &dyn rusqlite::ToSql],
-                |row| {
-                    Ok(Job {
-                        id: row.get(0)?,
-                        job_type: row.get(1)?,
-                        params: row.get(2)?,
-                        state: row.get::<_, String>(3)?.parse().map_err(parse_error)?,
-                        claimed_by: {
-                            let claimed: String = row.get(4)?;
-                            if claimed.is_empty() {
-                                None
-                            } else {
-                                Some(claimed)
-                            }
-                        },
-                        claim_expires_at: {
-                            let expires: i64 = row.get(5)?;
-                            if expires == 0 {
-                                None
-                            } else {
-                                Some(expires as u64)
-                            }
-                        },
-                        progress: row.get(6)?,
-                    })
-                },
-            )?;
-
-            tx.commit()?;
-            Ok(Some(job))
-        } else {
-            tx.commit()?;
-            Ok(None)
-        }
-    }
-
-    async fn job_update_status(
-        &self,
-        job_id: &str,
-        status: JobState,
-        result: Option<&str>,
-    ) -> Result<()> {
-        self.execute(
-            "UPDATE jobs SET state = ?1, progress = ?2 WHERE id = ?3",
-            &[
-                &status.to_string(),
-                &result.unwrap_or("").to_string(),
-                &job_id as &dyn rusqlite::ToSql,
+            params![
+                entry.key,
+                entry.body_sha256,
+                entry.miroir_task_id,
+                entry.expires_at,
             ],
         )?;
         Ok(())
     }
 
-    async fn job_get(&self, job_id: &str) -> Result<Option<Job>> {
-        let result: Option<Job> = self
+    fn get_idempotency_entry(&self, key: &str) -> Result<Option<IdempotencyEntry>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT id, type, params, state, claimed_by, claim_expires_at, progress
-                 FROM jobs WHERE id = ?1",
-                &[&job_id as &dyn rusqlite::ToSql],
+                "SELECT key, body_sha256, miroir_task_id, expires_at
+                 FROM idempotency_cache WHERE key = ?1",
+                params![key],
                 |row| {
-                    Ok(Job {
-                        id: row.get(0)?,
-                        job_type: row.get(1)?,
-                        params: row.get(2)?,
-                        state: row.get::<_, String>(3)?.parse().map_err(parse_error)?,
-                        claimed_by: {
-                            let claimed: String = row.get(4)?;
-                            if claimed.is_empty() {
-                                None
-                            } else {
-                                Some(claimed)
-                            }
-                        },
-                        claim_expires_at: {
-                            let expires: i64 = row.get(5)?;
-                            if expires == 0 {
-                                None
-                            } else {
-                                Some(expires as u64)
-                            }
-                        },
-                        progress: row.get(6)?,
+                    Ok(IdempotencyEntry {
+                        key: row.get(0)?,
+                        body_sha256: row.get(1)?,
+                        miroir_task_id: row.get(2)?,
+                        expires_at: row.get(3)?,
                     })
                 },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn job_list(&self, status: Option<JobState>, limit: usize) -> Result<Vec<Job>> {
-        let mut sql =
-            "SELECT id, type, params, state, claimed_by, claim_expires_at, progress FROM jobs"
-                .to_string();
-
-        if status.is_some() {
-            sql.push_str(" WHERE state = ?");
-        }
-
-        sql.push_str(&format!(" ORDER BY id DESC LIMIT {limit}"));
-
-        let status_str: Option<String> = status.map(|s| s.to_string());
-        let params: Vec<&dyn rusqlite::ToSql> = match &status_str {
-            Some(s) => vec![s],
-            None => vec![],
-        };
-
-        self.query_map(&sql, &params, |row| {
-            Ok(Job {
-                id: row.get(0)?,
-                job_type: row.get(1)?,
-                params: row.get(2)?,
-                state: row.get::<_, String>(3)?.parse().map_err(parse_error)?,
-                claimed_by: {
-                    let claimed: String = row.get(4)?;
-                    if claimed.is_empty() {
-                        None
-                    } else {
-                        Some(claimed)
-                    }
-                },
-                claim_expires_at: {
-                    let expires: i64 = row.get(5)?;
-                    if expires == 0 {
-                        None
-                    } else {
-                        Some(expires as u64)
-                    }
-                },
-                progress: row.get(6)?,
-            })
-        })
+    fn delete_expired_idempotency_entries(&self, now_ms: i64) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "DELETE FROM idempotency_cache WHERE expires_at < ?1",
+            params![now_ms],
+        )?;
+        Ok(rows)
     }
 
-    async fn leader_lease_acquire(&self, lease: &LeaderLease) -> Result<bool> {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        let tx = conn.unchecked_transaction()?;
+    // --- Table 6: jobs ---
 
-        let now = chrono::Utc::now().timestamp_millis() as u64;
-
-        // Check if there's an existing valid lease for this scope
-        let existing: Option<(String, u64)> = tx
-            .query_row(
-                "SELECT scope, expires_at FROM leader_lease WHERE scope = ?1 AND expires_at > ?2",
-                [&lease.scope as &dyn rusqlite::ToSql, &now as &dyn rusqlite::ToSql],
-                |row| Ok((row.get(0)?, row.get(1)?)),
-            )
-            .ok();
-
-        let acquired = if existing.is_some() {
-            false
-        } else {
-            tx.execute(
-                "INSERT OR REPLACE INTO leader_lease (scope, holder, expires_at)
-                 VALUES (?1, ?2, ?3)",
-                [
-                    &lease.scope as &dyn rusqlite::ToSql,
-                    &lease.holder,
-                    &lease.expires_at,
-                ],
-            )?;
-            true
-        };
-
-        tx.commit()?;
-        Ok(acquired)
-    }
-
-    async fn leader_lease_release(&self, scope: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM leader_lease WHERE scope = ?1",
-            &[&scope as &dyn rusqlite::ToSql],
+    fn insert_job(&self, job: &NewJob) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO jobs (id, type, params, state, claimed_by, claim_expires_at, progress, parent_job_id, chunk_index, total_chunks, created_at)
+             VALUES (?1, ?2, ?3, ?4, NULL, NULL, ?5, ?6, ?7, ?8, ?9)",
+            params![
+                job.id,
+                job.type_,
+                job.params,
+                job.state,
+                job.progress,
+                job.parent_job_id,
+                job.chunk_index,
+                job.total_chunks,
+                job.created_at,
+            ],
         )?;
         Ok(())
     }
 
-    async fn leader_lease_get(&self) -> Result<Option<LeaderLease>> {
-        let result: Option<LeaderLease> = self
+    fn get_job(&self, id: &str) -> Result<Option<JobRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT scope, holder, expires_at FROM leader_lease LIMIT 1",
-                &[] as &[&dyn rusqlite::ToSql],
+                "SELECT id, type, params, state, claimed_by, claim_expires_at, progress, parent_job_id, chunk_index, total_chunks, created_at
+                 FROM jobs WHERE id = ?1",
+                params![id],
                 |row| {
-                    Ok(LeaderLease {
+                    Ok(JobRow {
+                        id: row.get(0)?,
+                        type_: row.get(1)?,
+                        params: row.get(2)?,
+                        state: row.get(3)?,
+                        claimed_by: row.get(4)?,
+                        claim_expires_at: row.get(5)?,
+                        progress: row.get(6)?,
+                        parent_job_id: row.get(7)?,
+                        chunk_index: row.get(8)?,
+                        total_chunks: row.get(9)?,
+                        created_at: row.get(10)?,
+                    })
+                },
+            )
+            .optional()?)
+    }
+
+    fn claim_job(&self, id: &str, claimed_by: &str, claim_expires_at: i64) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        // CAS: only claim if state is 'queued' (unclaimed)
+        let rows = conn.execute(
+            "UPDATE jobs SET claimed_by = ?1, claim_expires_at = ?2, state = 'in_progress'
+             WHERE id = ?3 AND state = 'queued'",
+            params![claimed_by, claim_expires_at, id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn update_job_progress(&self, id: &str, state: &str, progress: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "UPDATE jobs SET state = ?1, progress = ?2 WHERE id = ?3",
+            params![state, progress, id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn renew_job_claim(&self, id: &str, claim_expires_at: i64) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "UPDATE jobs SET claim_expires_at = ?1 WHERE id = ?2 AND claimed_by IS NOT NULL",
+            params![claim_expires_at, id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn list_jobs_by_state(&self, state: &str) -> Result<Vec<JobRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT id, type, params, state, claimed_by, claim_expires_at, progress, parent_job_id, chunk_index, total_chunks, created_at
+             FROM jobs WHERE state = ?1",
+        )?;
+        let rows = stmt.query_map(params![state], |row| {
+            Ok(JobRow {
+                id: row.get(0)?,
+                type_: row.get(1)?,
+                params: row.get(2)?,
+                state: row.get(3)?,
+                claimed_by: row.get(4)?,
+                claim_expires_at: row.get(5)?,
+                progress: row.get(6)?,
+                parent_job_id: row.get(7)?,
+                chunk_index: row.get(8)?,
+                total_chunks: row.get(9)?,
+                created_at: row.get(10)?,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    fn count_jobs_by_state(&self, state: &str) -> Result<u64> {
+        let conn = self.conn.lock().unwrap();
+        let count: i64 = conn.query_row(
+            "SELECT COUNT(*) FROM jobs WHERE state = ?1",
+            params![state],
+            |row| row.get(0),
+        )?;
+        Ok(count as u64)
+    }
+
+    fn list_expired_claims(&self, now_ms: i64) -> Result<Vec<JobRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT id, type, params, state, claimed_by, claim_expires_at, progress, parent_job_id, chunk_index, total_chunks, created_at
+             FROM jobs WHERE state = 'in_progress' AND claim_expires_at < ?1",
+        )?;
+        let rows = stmt.query_map(params![now_ms], |row| {
+            Ok(JobRow {
+                id: row.get(0)?,
+                type_: row.get(1)?,
+                params: row.get(2)?,
+                state: row.get(3)?,
+                claimed_by: row.get(4)?,
+                claim_expires_at: row.get(5)?,
+                progress: row.get(6)?,
+                parent_job_id: row.get(7)?,
+                chunk_index: row.get(8)?,
+                total_chunks: row.get(9)?,
+                created_at: row.get(10)?,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    fn list_jobs_by_parent(&self, parent_job_id: &str) -> Result<Vec<JobRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT id, type, params, state, claimed_by, claim_expires_at, progress, parent_job_id, chunk_index, total_chunks, created_at
+             FROM jobs WHERE parent_job_id = ?1",
+        )?;
+        let rows = stmt.query_map(params![parent_job_id], |row| {
+            Ok(JobRow {
+                id: row.get(0)?,
+                type_: row.get(1)?,
+                params: row.get(2)?,
+                state: row.get(3)?,
+                claimed_by: row.get(4)?,
+                claim_expires_at: row.get(5)?,
+                progress: row.get(6)?,
+                parent_job_id: row.get(7)?,
+                chunk_index: row.get(8)?,
+                total_chunks: row.get(9)?,
+                created_at: row.get(10)?,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    fn reclaim_job_claim(&self, id: &str, state: &str, progress: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "UPDATE jobs SET state = ?1, progress = ?2, claimed_by = NULL, claim_expires_at = NULL
+             WHERE id = ?3",
+            params![state, progress, id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    // --- Table 7: leader_lease ---
+
+    fn try_acquire_leader_lease(
+        &self,
+        scope: &str,
+        holder: &str,
+        expires_at: i64,
+        now_ms: i64,
+    ) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let existing: Option<LeaderLeaseRow> = conn
+            .query_row(
+                "SELECT scope, holder, expires_at FROM leader_lease WHERE scope = ?1",
+                params![scope],
+                |row| {
+                    Ok(LeaderLeaseRow {
                         scope: row.get(0)?,
                         holder: row.get(1)?,
                         expires_at: row.get(2)?,
                     })
                 },
             )
-            .ok();
+            .optional()?;
+
+        match existing {
+            None => {
+                conn.execute(
+                    "INSERT INTO leader_lease (scope, holder, expires_at) VALUES (?1, ?2, ?3)",
+                    params![scope, holder, expires_at],
+                )?;
+                Ok(true)
+            }
+            Some(lease) if lease.holder == holder || lease.expires_at <= now_ms => {
+                let rows = conn.execute(
+                    "UPDATE leader_lease SET holder = ?1, expires_at = ?2 WHERE scope = ?3",
+                    params![holder, expires_at, scope],
+                )?;
+                Ok(rows > 0)
+            }
+            Some(_) => Ok(false),
+        }
+    }
+
+    fn renew_leader_lease(&self, scope: &str, holder: &str, expires_at: i64) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        // Only renew if we still hold the lease AND it's not expired
+        let rows = conn.execute(
+            "UPDATE leader_lease SET expires_at = ?1 WHERE scope = ?2 AND holder = ?3 AND expires_at > ?4",
+            params![expires_at, scope, holder, now_ms()],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn get_leader_lease(&self, scope: &str) -> Result<Option<LeaderLeaseRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
+            .query_row(
+                "SELECT scope, holder, expires_at FROM leader_lease WHERE scope = ?1",
+                params![scope],
+                |row| {
+                    Ok(LeaderLeaseRow {
+                        scope: row.get(0)?,
+                        holder: row.get(1)?,
+                        expires_at: row.get(2)?,
+                    })
+                },
+            )
+            .optional()?)
+    }
+
+    // --- Tables 8-14: Feature-flagged tables ---
+
+    fn prune_tasks(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        // SQLite doesn't support LIMIT in DELETE directly, so use a subquery
+        let rows = conn.execute(
+            "DELETE FROM tasks WHERE rowid IN (
+                SELECT rowid FROM tasks
+                WHERE created_at < ?1 AND status IN ('succeeded', 'failed', 'canceled')
+                LIMIT ?2
+            )",
+            params![cutoff_ms, batch_size],
+        )?;
+        Ok(rows)
+    }
+
+    fn list_terminal_tasks_batch(
+        &self,
+        cutoff_ms: i64,
+        offset: i64,
+        limit: i64,
+    ) -> Result<Vec<TaskRow>> {
+        let conn = self.conn.lock().unwrap();
+        let sql = "SELECT miroir_id, created_at, status, node_tasks, error, started_at, finished_at, index_uid, task_type, node_errors
+                   FROM tasks
+                   WHERE created_at < ?1 AND status IN ('succeeded', 'failed', 'canceled')
+                   ORDER BY created_at DESC
+                   LIMIT ?2 OFFSET ?3";
+        let mut stmt = conn.prepare(sql)?;
+        let rows = stmt.query_map(params![cutoff_ms, limit, offset], Self::task_row_from_row)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
         Ok(result)
     }
 
-    async fn canary_upsert(&self, canary: &Canary) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO canaries (id, name, index_uid, interval_s, query_json, assertions_json, enabled, created_at)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)",
-            &[
-                &canary.id as &dyn rusqlite::ToSql,
-                &canary.name,
-                &canary.index_uid,
-                &canary.interval_s,
-                &canary.query_json,
-                &canary.assertions_json,
-                &canary.enabled,
-                &canary.created_at,
+    fn delete_tasks_batch(&self, miroir_ids: &[&str]) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        let mut sql = "DELETE FROM tasks WHERE miroir_id IN (".to_string();
+        for (i, _) in miroir_ids.iter().enumerate() {
+            if i > 0 {
+                sql.push_str(", ");
+            }
+            sql.push_str(&format!("?{}", i + 1));
+        }
+        sql.push(')');
+
+        // Build IN clause dynamically and execute for each ID
+        // (SQLite doesn't support array binding directly)
+        let mut total_deleted = 0;
+        for miroir_id in miroir_ids {
+            let delete_sql = "DELETE FROM tasks WHERE miroir_id = ?1";
+            let rows = conn.execute(delete_sql, [&*miroir_id])?;
+            total_deleted += rows;
+        }
+        Ok(total_deleted)
+    }
+
+    fn task_count(&self) -> Result<u64> {
+        let conn = self.conn.lock().unwrap();
+        let count: i64 = conn.query_row("SELECT COUNT(*) FROM tasks", [], |row| row.get(0))?;
+        Ok(count as u64)
+    }
+
+    // --- Table 8: canaries ---
+
+    fn upsert_canary(&self, canary: &NewCanary) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO canaries (id, name, index_uid, interval_s, query_json, assertions_json, enabled, created_at)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)
+             ON CONFLICT(id) DO UPDATE SET
+                name = ?2,
+                index_uid = ?3,
+                interval_s = ?4,
+                query_json = ?5,
+                assertions_json = ?6,
+                enabled = ?7",
+            params![
+                canary.id,
+                canary.name,
+                canary.index_uid,
+                canary.interval_s,
+                canary.query_json,
+                canary.assertions_json,
+                canary.enabled as i64,
+                canary.created_at,
             ],
         )?;
         Ok(())
     }
 
-    async fn canary_get(&self, name: &str) -> Result<Option<Canary>> {
-        let result: Option<Canary> = self
+    fn get_canary(&self, id: &str) -> Result<Option<CanaryRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
                 "SELECT id, name, index_uid, interval_s, query_json, assertions_json, enabled, created_at
-                 FROM canaries WHERE name = ?1",
-                &[&name as &dyn rusqlite::ToSql],
-                |row| Ok(Canary {
-                    id: row.get(0)?,
-                    name: row.get(1)?,
-                    index_uid: row.get(2)?,
-                    interval_s: row.get(3)?,
-                    query_json: row.get(4)?,
-                    assertions_json: row.get(5)?,
-                    enabled: row.get(6)?,
-                    created_at: row.get(7)?,
-                }),
+                 FROM canaries WHERE id = ?1",
+                params![id],
+                |row| {
+                    Ok(CanaryRow {
+                        id: row.get(0)?,
+                        name: row.get(1)?,
+                        index_uid: row.get(2)?,
+                        interval_s: row.get(3)?,
+                        query_json: row.get(4)?,
+                        assertions_json: row.get(5)?,
+                        enabled: row.get::<_, i64>(6)? != 0,
+                        created_at: row.get(7)?,
+                    })
+                },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn canary_delete(&self, name: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM canaries WHERE name = ?1",
-            &[&name as &dyn rusqlite::ToSql],
+    fn list_canaries(&self) -> Result<Vec<CanaryRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT id, name, index_uid, interval_s, query_json, assertions_json, enabled, created_at
+             FROM canaries",
         )?;
-        Ok(())
-    }
-
-    async fn canary_list(&self) -> Result<Vec<Canary>> {
-        self.query_map(
-            "SELECT id, name, index_uid, interval_s, query_json, assertions_json, enabled, created_at FROM canaries",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| Ok(Canary {
+        let rows = stmt.query_map([], |row| {
+            Ok(CanaryRow {
                 id: row.get(0)?,
                 name: row.get(1)?,
                 index_uid: row.get(2)?,
                 interval_s: row.get(3)?,
                 query_json: row.get(4)?,
                 assertions_json: row.get(5)?,
-                enabled: row.get(6)?,
+                enabled: row.get::<_, i64>(6)? != 0,
                 created_at: row.get(7)?,
-            }),
-        )
-    }
-
-    async fn canary_run_insert(&self, run: &CanaryRun) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO canary_runs (canary_id, ran_at, status, latency_ms, failed_assertions_json)
-             VALUES (?1, ?2, ?3, ?4, ?5)",
-            &[
-                &run.canary_id as &dyn rusqlite::ToSql,
-                &run.ran_at,
-                &run.status.to_string(),
-                &run.latency_ms,
-                &run.failed_assertions_json.as_deref().unwrap_or(""),
-            ],
-        )?;
-        Ok(())
-    }
-
-    async fn canary_run_list(&self, canary_name: &str, limit: usize) -> Result<Vec<CanaryRun>> {
-        self.query_map(
-            &format!(
-                "SELECT canary_id, ran_at, status, latency_ms, failed_assertions_json
-                 FROM canary_runs WHERE canary_id = ?1 ORDER BY ran_at DESC LIMIT {limit}"
-            ),
-            &[&canary_name as &dyn rusqlite::ToSql],
-            |row| {
-                Ok(CanaryRun {
-                    canary_id: row.get(0)?,
-                    ran_at: row.get(1)?,
-                    status: row.get::<_, String>(2)?.parse().map_err(parse_error)?,
-                    latency_ms: row.get(3)?,
-                    failed_assertions_json: {
-                        let json: String = row.get(4)?;
-                        if json.is_empty() {
-                            None
-                        } else {
-                            Some(json)
-                        }
-                    },
-                })
-            },
-        )
-    }
-
-    async fn canary_run_prune(&self, before_ts: u64) -> Result<u64> {
-        let count = self.execute(
-            "DELETE FROM canary_runs WHERE ran_at < ?1",
-            &[&before_ts as &dyn rusqlite::ToSql],
-        )?;
-        Ok(count as u64)
-    }
-
-    async fn cdc_cursor_get(&self, sink: &str, index: &str) -> Result<Option<CdcCursor>> {
-        let result: Option<CdcCursor> = self
-            .query_row(
-                "SELECT sink_name, index_uid, last_event_seq, updated_at FROM cdc_cursors WHERE sink_name = ?1 AND index_uid = ?2",
-                &[&sink as &dyn rusqlite::ToSql, &index as &dyn rusqlite::ToSql],
-                |row| Ok(CdcCursor {
-                    sink_name: row.get(0)?,
-                    index_uid: row.get(1)?,
-                    last_event_seq: row.get(2)?,
-                    updated_at: row.get(3)?,
-                }),
-            )
-            .ok();
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
         Ok(result)
     }
 
-    async fn cdc_cursor_set(&self, cursor: &CdcCursor) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO cdc_cursors (sink_name, index_uid, last_event_seq, updated_at)
-             VALUES (?1, ?2, ?3, ?4)",
-            &[
-                &cursor.sink_name as &dyn rusqlite::ToSql,
-                &cursor.index_uid,
-                &cursor.last_event_seq,
-                &cursor.updated_at,
+    fn delete_canary(&self, id: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute("DELETE FROM canaries WHERE id = ?1", params![id])?;
+        Ok(rows > 0)
+    }
+
+    // --- Table 9: canary_runs ---
+
+    fn insert_canary_run(&self, run: &NewCanaryRun, run_history_limit: usize) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        let tx = conn.unchecked_transaction()?;
+
+        // Insert the new run
+        tx.execute(
+            "INSERT INTO canary_runs (canary_id, ran_at, status, latency_ms, failed_assertions_json)
+             VALUES (?1, ?2, ?3, ?4, ?5)",
+            params![
+                run.canary_id,
+                run.ran_at,
+                run.status,
+                run.latency_ms,
+                run.failed_assertions_json,
+            ],
+        )?;
+
+        // Prune old runs to stay within the history limit
+        // We want to keep only the most recent N runs (where N = run_history_limit)
+        // Delete any runs that are NOT among the N most recent
+        let limit = run_history_limit as i64;
+        tx.execute(
+            "DELETE FROM canary_runs
+             WHERE canary_id = ?1
+               AND ran_at NOT IN (
+                   SELECT ran_at
+                   FROM canary_runs
+                   WHERE canary_id = ?1
+                   ORDER BY ran_at DESC
+                   LIMIT ?2
+               )",
+            params![run.canary_id, limit],
+        )?;
+
+        tx.commit()?;
+        Ok(())
+    }
+
+    fn get_canary_runs(&self, canary_id: &str, limit: usize) -> Result<Vec<CanaryRunRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT canary_id, ran_at, status, latency_ms, failed_assertions_json
+             FROM canary_runs
+             WHERE canary_id = ?1
+             ORDER BY ran_at DESC
+             LIMIT ?2",
+        )?;
+        let rows = stmt.query_map(params![canary_id, limit as i64], |row| {
+            Ok(CanaryRunRow {
+                canary_id: row.get(0)?,
+                ran_at: row.get(1)?,
+                status: row.get(2)?,
+                latency_ms: row.get(3)?,
+                failed_assertions_json: row.get(4)?,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    // --- Table 10: cdc_cursors ---
+
+    fn upsert_cdc_cursor(&self, cursor: &NewCdcCursor) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO cdc_cursors (sink_name, index_uid, last_event_seq, updated_at)
+             VALUES (?1, ?2, ?3, ?4)
+             ON CONFLICT(sink_name, index_uid) DO UPDATE SET
+                last_event_seq = ?3,
+                updated_at = ?4",
+            params![
+                cursor.sink_name,
+                cursor.index_uid,
+                cursor.last_event_seq,
+                cursor.updated_at,
             ],
         )?;
         Ok(())
     }
 
-    async fn cdc_cursor_list(&self, sink: &str) -> Result<Vec<CdcCursor>> {
-        self.query_map(
-            "SELECT sink_name, index_uid, last_event_seq, updated_at FROM cdc_cursors WHERE sink_name = ?1",
-            &[&sink as &dyn rusqlite::ToSql],
-            |row| {
-                Ok(CdcCursor {
-                    sink_name: row.get(0)?,
-                    index_uid: row.get(1)?,
-                    last_event_seq: row.get(2)?,
-                    updated_at: row.get(3)?,
-                })
-            },
-        )
+    fn get_cdc_cursor(&self, sink_name: &str, index_uid: &str) -> Result<Option<CdcCursorRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
+            .query_row(
+                "SELECT sink_name, index_uid, last_event_seq, updated_at
+                 FROM cdc_cursors WHERE sink_name = ?1 AND index_uid = ?2",
+                params![sink_name, index_uid],
+                |row| {
+                    Ok(CdcCursorRow {
+                        sink_name: row.get(0)?,
+                        index_uid: row.get(1)?,
+                        last_event_seq: row.get(2)?,
+                        updated_at: row.get(3)?,
+                    })
+                },
+            )
+            .optional()?)
     }
 
-    async fn tenant_upsert(&self, tenant: &Tenant) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO tenant_map (api_key_hash, tenant_id, group_id)
+    fn list_cdc_cursors(&self, sink_name: &str) -> Result<Vec<CdcCursorRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
+            "SELECT sink_name, index_uid, last_event_seq, updated_at
+             FROM cdc_cursors WHERE sink_name = ?1",
+        )?;
+        let rows = stmt.query_map(params![sink_name], |row| {
+            Ok(CdcCursorRow {
+                sink_name: row.get(0)?,
+                index_uid: row.get(1)?,
+                last_event_seq: row.get(2)?,
+                updated_at: row.get(3)?,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    // --- Table 11: tenant_map ---
+
+    fn insert_tenant_mapping(&self, mapping: &NewTenantMapping) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO tenant_map (api_key_hash, tenant_id, group_id)
              VALUES (?1, ?2, ?3)",
-            &[
-                &tenant.api_key_hash as &dyn rusqlite::ToSql,
-                &tenant.tenant_id,
-                &tenant.group_id,
+            params![
+                mapping.api_key_hash.as_slice(),
+                mapping.tenant_id,
+                mapping.group_id,
             ],
         )?;
         Ok(())
     }
 
-    async fn tenant_get(&self, api_key: &str) -> Result<Option<Tenant>> {
-        use sha2::Digest;
-        let mut hasher = sha2::Sha256::new();
-        hasher.update(api_key.as_bytes());
-        let api_key_hash: Vec<u8> = hasher.finalize().to_vec();
-
-        let result: Option<Tenant> = self
+    fn get_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<Option<TenantMapRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
                 "SELECT api_key_hash, tenant_id, group_id
                  FROM tenant_map WHERE api_key_hash = ?1",
-                &[&api_key_hash as &dyn rusqlite::ToSql],
+                params![api_key_hash],
                 |row| {
-                    Ok(Tenant {
+                    Ok(TenantMapRow {
                         api_key_hash: row.get(0)?,
                         tenant_id: row.get(1)?,
                         group_id: row.get(2)?,
                     })
                 },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn tenant_delete(&self, api_key: &str) -> Result<()> {
-        use sha2::Digest;
-        let mut hasher = sha2::Sha256::new();
-        hasher.update(api_key.as_bytes());
-        let api_key_hash: Vec<u8> = hasher.finalize().to_vec();
-
-        self.execute(
+    fn delete_tenant_mapping(&self, api_key_hash: &[u8]) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
             "DELETE FROM tenant_map WHERE api_key_hash = ?1",
-            &[&api_key_hash as &dyn rusqlite::ToSql],
+            params![api_key_hash],
         )?;
-        Ok(())
+        Ok(rows > 0)
     }
 
-    async fn tenant_list(&self) -> Result<Vec<Tenant>> {
-        self.query_map(
-            "SELECT api_key_hash, tenant_id, group_id FROM tenant_map",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| {
-                Ok(Tenant {
-                    api_key_hash: row.get(0)?,
-                    tenant_id: row.get(1)?,
-                    group_id: row.get(2)?,
-                })
-            },
-        )
-    }
+    // --- Table 12: rollover_policies ---
 
-    async fn rollover_policy_upsert(&self, policy: &RolloverPolicy) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO rollover_policies
-             (name, write_alias, read_alias, pattern, triggers_json, retention_json, template_json, enabled)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)",
-            &[
-                &policy.name as &dyn rusqlite::ToSql,
-                &policy.write_alias,
-                &policy.read_alias,
-                &policy.pattern,
-                &policy.triggers_json,
-                &policy.retention_json,
-                &policy.template_json,
-                &policy.enabled,
+    fn upsert_rollover_policy(&self, policy: &NewRolloverPolicy) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO rollover_policies (name, write_alias, read_alias, pattern, triggers_json, retention_json, template_json, enabled)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)
+             ON CONFLICT(name) DO UPDATE SET
+                write_alias = ?2,
+                read_alias = ?3,
+                pattern = ?4,
+                triggers_json = ?5,
+                retention_json = ?6,
+                template_json = ?7,
+                enabled = ?8",
+            params![
+                policy.name,
+                policy.write_alias,
+                policy.read_alias,
+                policy.pattern,
+                policy.triggers_json,
+                policy.retention_json,
+                policy.template_json,
+                policy.enabled as i64,
             ],
         )?;
         Ok(())
     }
 
-    async fn rollover_policy_get(&self, name: &str) -> Result<Option<RolloverPolicy>> {
-        let result: Option<RolloverPolicy> = self
+    fn get_rollover_policy(&self, name: &str) -> Result<Option<RolloverPolicyRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
                 "SELECT name, write_alias, read_alias, pattern, triggers_json, retention_json, template_json, enabled
                  FROM rollover_policies WHERE name = ?1",
-                &[&name as &dyn rusqlite::ToSql],
+                params![name],
                 |row| {
-                    Ok(RolloverPolicy {
+                    Ok(RolloverPolicyRow {
                         name: row.get(0)?,
                         write_alias: row.get(1)?,
                         read_alias: row.get(2)?,
@@ -1027,455 +1103,1958 @@ impl TaskStore for SqliteTaskStore {
                         triggers_json: row.get(4)?,
                         retention_json: row.get(5)?,
                         template_json: row.get(6)?,
-                        enabled: row.get(7)?,
+                        enabled: row.get::<_, i64>(7)? != 0,
                     })
                 },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn rollover_policy_delete(&self, name: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM rollover_policies WHERE name = ?1",
-            &[&name as &dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn rollover_policy_list(&self) -> Result<Vec<RolloverPolicy>> {
-        self.query_map(
+    fn list_rollover_policies(&self) -> Result<Vec<RolloverPolicyRow>> {
+        let conn = self.conn.lock().unwrap();
+        let mut stmt = conn.prepare(
             "SELECT name, write_alias, read_alias, pattern, triggers_json, retention_json, template_json, enabled
              FROM rollover_policies",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| {
-                Ok(RolloverPolicy {
-                    name: row.get(0)?,
-                    write_alias: row.get(1)?,
-                    read_alias: row.get(2)?,
-                    pattern: row.get(3)?,
-                    triggers_json: row.get(4)?,
-                    retention_json: row.get(5)?,
-                    template_json: row.get(6)?,
-                    enabled: row.get(7)?,
-                })
-            },
-        )
+        )?;
+        let rows = stmt.query_map([], |row| {
+            Ok(RolloverPolicyRow {
+                name: row.get(0)?,
+                write_alias: row.get(1)?,
+                read_alias: row.get(2)?,
+                pattern: row.get(3)?,
+                triggers_json: row.get(4)?,
+                retention_json: row.get(5)?,
+                template_json: row.get(6)?,
+                enabled: row.get::<_, i64>(7)? != 0,
+            })
+        })?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
     }
 
-    async fn search_ui_config_upsert(&self, config: &SearchUiConfig) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO search_ui_config (index_uid, config_json, updated_at)
-             VALUES (?1, ?2, ?3)",
-            &[
-                &config.index_uid as &dyn rusqlite::ToSql,
-                &config.config_json,
-                &config.updated_at,
-            ],
+    fn delete_rollover_policy(&self, name: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "DELETE FROM rollover_policies WHERE name = ?1",
+            params![name],
+        )?;
+        Ok(rows > 0)
+    }
+
+    // --- Table 13: search_ui_config ---
+
+    fn upsert_search_ui_config(&self, config: &NewSearchUiConfig) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO search_ui_config (index_uid, config_json, updated_at)
+             VALUES (?1, ?2, ?3)
+             ON CONFLICT(index_uid) DO UPDATE SET
+                config_json = ?2,
+                updated_at = ?3",
+            params![config.index_uid, config.config_json, config.updated_at],
         )?;
         Ok(())
     }
 
-    async fn search_ui_config_get(&self, index_uid: &str) -> Result<Option<SearchUiConfig>> {
-        let result: Option<SearchUiConfig> = self
+    fn get_search_ui_config(&self, index_uid: &str) -> Result<Option<SearchUiConfigRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT index_uid, config_json, updated_at FROM search_ui_config WHERE index_uid = ?1",
-                &[&index_uid as &dyn rusqlite::ToSql],
-                |row| Ok(SearchUiConfig {
-                    index_uid: row.get(0)?,
-                    config_json: row.get(1)?,
-                    updated_at: row.get(2)?,
-                }),
+                "SELECT index_uid, config_json, updated_at
+                 FROM search_ui_config WHERE index_uid = ?1",
+                params![index_uid],
+                |row| {
+                    Ok(SearchUiConfigRow {
+                        index_uid: row.get(0)?,
+                        config_json: row.get(1)?,
+                        updated_at: row.get(2)?,
+                    })
+                },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn search_ui_config_delete(&self, index_uid: &str) -> Result<()> {
-        self.execute(
+    fn delete_search_ui_config(&self, index_uid: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
             "DELETE FROM search_ui_config WHERE index_uid = ?1",
-            &[&index_uid as &dyn rusqlite::ToSql],
+            params![index_uid],
         )?;
-        Ok(())
+        Ok(rows > 0)
     }
 
-    async fn search_ui_config_list(&self) -> Result<Vec<SearchUiConfig>> {
-        self.query_map(
-            "SELECT index_uid, config_json, updated_at FROM search_ui_config",
-            &[] as &[&dyn rusqlite::ToSql],
-            |row| {
-                Ok(SearchUiConfig {
-                    index_uid: row.get(0)?,
-                    config_json: row.get(1)?,
-                    updated_at: row.get(2)?,
-                })
-            },
-        )
-    }
+    // --- Table 14: admin_sessions ---
 
-    async fn admin_session_upsert(&self, session: &AdminSession) -> Result<()> {
-        self.execute(
-            "INSERT OR REPLACE INTO admin_sessions (session_id, csrf_token, admin_key_hash, created_at, expires_at, revoked, user_agent, source_ip)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)",
-            &[
-                &session.session_id as &dyn rusqlite::ToSql,
-                &session.csrf_token,
-                &session.admin_key_hash,
-                &session.created_at,
-                &session.expires_at,
-                &session.revoked,
-                &session.user_agent.as_deref(),
-                &session.source_ip.as_deref(),
+    fn insert_admin_session(&self, session: &NewAdminSession) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO admin_sessions (session_id, csrf_token, admin_key_hash, created_at, expires_at, revoked, user_agent, source_ip)
+             VALUES (?1, ?2, ?3, ?4, ?5, 0, ?6, ?7)",
+            params![
+                session.session_id,
+                session.csrf_token,
+                session.admin_key_hash,
+                session.created_at,
+                session.expires_at,
+                session.user_agent,
+                session.source_ip,
             ],
         )?;
         Ok(())
     }
 
-    async fn admin_session_get(&self, session_id: &str) -> Result<Option<AdminSession>> {
-        let result: Option<AdminSession> = self
+    fn get_admin_session(&self, session_id: &str) -> Result<Option<AdminSessionRow>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT session_id, csrf_token, admin_key_hash, created_at, expires_at, revoked, user_agent, source_ip FROM admin_sessions WHERE session_id = ?1",
-                &[&session_id as &dyn rusqlite::ToSql],
-                |row| Ok(AdminSession {
-                    session_id: row.get(0)?,
-                    csrf_token: row.get(1)?,
-                    admin_key_hash: row.get(2)?,
-                    created_at: row.get(3)?,
-                    expires_at: row.get(4)?,
-                    revoked: row.get(5)?,
-                    user_agent: row.get(6)?,
-                    source_ip: row.get(7)?,
-                }),
+                "SELECT session_id, csrf_token, admin_key_hash, created_at, expires_at, revoked, user_agent, source_ip
+                 FROM admin_sessions WHERE session_id = ?1",
+                params![session_id],
+                |row| {
+                    Ok(AdminSessionRow {
+                        session_id: row.get(0)?,
+                        csrf_token: row.get(1)?,
+                        admin_key_hash: row.get(2)?,
+                        created_at: row.get(3)?,
+                        expires_at: row.get(4)?,
+                        revoked: row.get::<_, i64>(5)? != 0,
+                        user_agent: row.get(6)?,
+                        source_ip: row.get(7)?,
+                    })
+                },
             )
-            .ok();
-        Ok(result)
+            .optional()?)
     }
 
-    async fn admin_session_delete(&self, session_id: &str) -> Result<()> {
-        self.execute(
-            "DELETE FROM admin_sessions WHERE session_id = ?1",
-            &[&session_id as &dyn rusqlite::ToSql],
-        )?;
-        Ok(())
-    }
-
-    async fn admin_session_revoke(&self, session_id: &str) -> Result<()> {
-        self.execute(
+    fn revoke_admin_session(&self, session_id: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
             "UPDATE admin_sessions SET revoked = 1 WHERE session_id = ?1",
-            &[&session_id as &dyn rusqlite::ToSql],
+            params![session_id],
+        )?;
+        Ok(rows > 0)
+    }
+
+    fn delete_expired_admin_sessions(&self, now_ms: i64) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "DELETE FROM admin_sessions WHERE expires_at < ?1",
+            params![now_ms],
+        )?;
+        Ok(rows)
+    }
+
+    // --- Table 15: mode_b_operations ---
+
+    fn upsert_mode_b_operation(&self, operation: &ModeBOperation) -> Result<()> {
+        let conn = self.conn.lock().unwrap();
+        conn.execute(
+            "INSERT INTO mode_b_operations (
+                operation_id, operation_type, scope, phase, phase_started_at,
+                created_at, updated_at, state_json, error, status,
+                index_uid, old_shards, target_shards, shadow_index,
+                documents_backfilled, total_documents
+            ) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13, ?14, ?15, ?16)
+            ON CONFLICT(operation_id) DO UPDATE SET
+                phase = ?4,
+                phase_started_at = ?5,
+                updated_at = ?7,
+                state_json = ?8,
+                error = ?9,
+                status = ?10,
+                index_uid = ?11,
+                old_shards = ?12,
+                target_shards = ?13,
+                shadow_index = ?14,
+                documents_backfilled = ?15,
+                total_documents = ?16",
+            params![
+                &operation.operation_id,
+                &operation.operation_type,
+                &operation.scope,
+                &operation.phase,
+                operation.phase_started_at,
+                operation.created_at,
+                operation.updated_at,
+                &operation.state_json,
+                &operation.error,
+                &operation.status,
+                &operation.index_uid,
+                operation.old_shards,
+                operation.target_shards,
+                &operation.shadow_index,
+                operation.documents_backfilled,
+                operation.total_documents,
+            ],
         )?;
         Ok(())
     }
 
-    async fn admin_session_is_revoked(&self, session_id: &str) -> Result<bool> {
-        let revoked: Option<bool> = self
+    fn get_mode_b_operation(&self, operation_id: &str) -> Result<Option<ModeBOperation>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
             .query_row(
-                "SELECT revoked FROM admin_sessions WHERE session_id = ?1",
-                &[&session_id as &dyn rusqlite::ToSql],
-                |row| row.get(0),
+                "SELECT operation_id, operation_type, scope, phase, phase_started_at,
+                        created_at, updated_at, state_json, error, status,
+                        index_uid, old_shards, target_shards, shadow_index,
+                        documents_backfilled, total_documents
+                 FROM mode_b_operations WHERE operation_id = ?1",
+                params![operation_id],
+                |row| {
+                    Ok(ModeBOperation {
+                        operation_id: row.get(0)?,
+                        operation_type: row.get(1)?,
+                        scope: row.get(2)?,
+                        phase: row.get(3)?,
+                        phase_started_at: row.get(4)?,
+                        created_at: row.get(5)?,
+                        updated_at: row.get(6)?,
+                        state_json: row.get(7)?,
+                        error: row.get(8)?,
+                        status: row.get(9)?,
+                        index_uid: row.get(10)?,
+                        old_shards: row.get(11)?,
+                        target_shards: row.get(12)?,
+                        shadow_index: row.get(13)?,
+                        documents_backfilled: row.get(14)?,
+                        total_documents: row.get(15)?,
+                    })
+                },
             )
-            .ok();
-        Ok(revoked.unwrap_or(false))
+            .optional()?)
     }
 
-    // Redis-only operations (not supported in SQLite mode)
-    async fn ratelimit_increment(
-        &self,
-        _key: &str,
-        _window_s: u64,
-        _limit: u64,
-    ) -> Result<(u64, u64)> {
-        Err(TaskStoreError::InvalidData(
-            "rate limiting requires Redis backend".to_string(),
-        ))
+    fn get_mode_b_operation_by_scope(&self, scope: &str) -> Result<Option<ModeBOperation>> {
+        let conn = self.conn.lock().unwrap();
+        Ok(conn
+            .query_row(
+                "SELECT operation_id, operation_type, scope, phase, phase_started_at,
+                        created_at, updated_at, state_json, error, status,
+                        index_uid, old_shards, target_shards, shadow_index,
+                        documents_backfilled, total_documents
+                 FROM mode_b_operations WHERE scope = ?1
+                 ORDER BY updated_at DESC LIMIT 1",
+                params![scope],
+                |row| {
+                    Ok(ModeBOperation {
+                        operation_id: row.get(0)?,
+                        operation_type: row.get(1)?,
+                        scope: row.get(2)?,
+                        phase: row.get(3)?,
+                        phase_started_at: row.get(4)?,
+                        created_at: row.get(5)?,
+                        updated_at: row.get(6)?,
+                        state_json: row.get(7)?,
+                        error: row.get(8)?,
+                        status: row.get(9)?,
+                        index_uid: row.get(10)?,
+                        old_shards: row.get(11)?,
+                        target_shards: row.get(12)?,
+                        shadow_index: row.get(13)?,
+                        documents_backfilled: row.get(14)?,
+                        total_documents: row.get(15)?,
+                    })
+                },
+            )
+            .optional()?)
     }
 
-    async fn ratelimit_set_backoff(&self, _key: &str, _duration_s: u64) -> Result<()> {
-        Err(TaskStoreError::InvalidData(
-            "rate limiting requires Redis backend".to_string(),
-        ))
+    fn list_mode_b_operations(&self, filter: &ModeBOperationFilter) -> Result<Vec<ModeBOperation>> {
+        let conn = self.conn.lock().unwrap();
+        let mut query = "SELECT operation_id, operation_type, scope, phase, phase_started_at,
+                        created_at, updated_at, state_json, error, status,
+                        index_uid, old_shards, target_shards, shadow_index,
+                        documents_backfilled, total_documents
+                 FROM mode_b_operations"
+            .to_string();
+        let mut wheres = Vec::new();
+        let mut params = Vec::new();
+
+        if let Some(op_type) = &filter.operation_type {
+            wheres.push("operation_type = ?");
+            params.push(op_type.as_str());
+        }
+        if let Some(scope) = &filter.scope {
+            wheres.push("scope = ?");
+            params.push(scope.as_str());
+        }
+        if let Some(status) = &filter.status {
+            wheres.push("status = ?");
+            params.push(status.as_str());
+        }
+
+        if !wheres.is_empty() {
+            query.push_str(" WHERE ");
+            query.push_str(&wheres.join(" AND "));
+        }
+
+        query.push_str(" ORDER BY updated_at DESC");
+
+        if let Some(limit) = filter.limit {
+            query.push_str(&format!(" LIMIT {}", limit));
+        }
+        if let Some(offset) = filter.offset {
+            query.push_str(&format!(" OFFSET {}", offset));
+        }
+
+        let mut stmt = conn.prepare(&query)?;
+        let param_refs: Vec<&dyn rusqlite::ToSql> =
+            params.iter().map(|p| p as &dyn rusqlite::ToSql).collect();
+
+        let mut results = Vec::new();
+        let rows = stmt.query_map(param_refs.as_slice(), |row| {
+            Ok(ModeBOperation {
+                operation_id: row.get(0)?,
+                operation_type: row.get(1)?,
+                scope: row.get(2)?,
+                phase: row.get(3)?,
+                phase_started_at: row.get(4)?,
+                created_at: row.get(5)?,
+                updated_at: row.get(6)?,
+                state_json: row.get(7)?,
+                error: row.get(8)?,
+                status: row.get(9)?,
+                index_uid: row.get(10)?,
+                old_shards: row.get(11)?,
+                target_shards: row.get(12)?,
+                shadow_index: row.get(13)?,
+                documents_backfilled: row.get(14)?,
+                total_documents: row.get(15)?,
+            })
+        })?;
+
+        for row in rows {
+            results.push(row?);
+        }
+
+        Ok(results)
     }
 
-    async fn ratelimit_check_backoff(&self, _key: &str) -> Result<Option<u64>> {
-        Err(TaskStoreError::InvalidData(
-            "rate limiting requires Redis backend".to_string(),
-        ))
+    fn delete_mode_b_operation(&self, operation_id: &str) -> Result<bool> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "DELETE FROM mode_b_operations WHERE operation_id = ?1",
+            params![operation_id],
+        )?;
+        Ok(rows > 0)
     }
 
-    async fn cdc_overflow_check(&self, _sink: &str) -> Result<bool> {
-        Err(TaskStoreError::InvalidData(
-            "CDC overflow requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn cdc_overflow_size(&self, _sink: &str) -> Result<u64> {
-        Err(TaskStoreError::InvalidData(
-            "CDC overflow requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn cdc_overflow_append(&self, _sink: &str, _data: &[u8]) -> Result<()> {
-        Err(TaskStoreError::InvalidData(
-            "CDC overflow requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn cdc_overflow_clear(&self, _sink: &str) -> Result<()> {
-        Err(TaskStoreError::InvalidData(
-            "CDC overflow requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn scoped_key_set(&self, _index: &str, _key: &str, _expires_at: u64) -> Result<()> {
-        Err(TaskStoreError::InvalidData(
-            "scoped key rotation requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn scoped_key_get(&self, _index: &str) -> Result<Option<String>> {
-        Err(TaskStoreError::InvalidData(
-            "scoped key rotation requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn scoped_key_observe(&self, _pod: &str, _index: &str, _key: &str) -> Result<()> {
-        Err(TaskStoreError::InvalidData(
-            "scoped key rotation requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn scoped_key_has_observed(&self, _pod: &str, _index: &str, _key: &str) -> Result<bool> {
-        Err(TaskStoreError::InvalidData(
-            "scoped key rotation requires Redis backend".to_string(),
-        ))
-    }
-
-    async fn health_check(&self) -> Result<bool> {
-        let conn = self
-            .conn
-            .lock()
-            .map_err(|e| TaskStoreError::Internal(e.to_string()))?;
-        // Execute a simple query to check if the database is responsive
-        let _: Option<i64> = conn.query_row("SELECT 1", [], |row| row.get(0)).ok();
-        Ok(true)
+    fn prune_mode_b_operations(&self, cutoff_ms: i64, batch_size: u32) -> Result<usize> {
+        let conn = self.conn.lock().unwrap();
+        let rows = conn.execute(
+            "DELETE FROM mode_b_operations WHERE rowid IN (
+                SELECT rowid FROM mode_b_operations
+                WHERE updated_at < ?1 AND status IN ('completed', 'failed')
+                LIMIT ?2
+            )",
+            params![cutoff_ms, batch_size],
+        )?;
+        Ok(rows)
     }
 }
 
-impl SqliteTaskStore {
-    /// Initialize the database schema (plan §4 tables 1-7).
-    fn init_schema(conn: &Connection) -> Result<()> {
-        // Table 1: Tasks
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS tasks (
-                miroir_id   TEXT PRIMARY KEY,
-                created_at  INTEGER NOT NULL,
-                status      TEXT NOT NULL,
-                node_tasks  TEXT NOT NULL,
-                error       TEXT
-            )",
-            [],
-        )?;
-
-        // Table 2: Node settings version
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS node_settings_version (
-                index_uid   TEXT NOT NULL,
-                node_id     TEXT NOT NULL,
-                version     INTEGER NOT NULL,
-                updated_at  INTEGER NOT NULL,
-                PRIMARY KEY (index_uid, node_id)
-            )",
-            [],
-        )?;
-
-        // Table 3: Aliases
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS aliases (
-                name          TEXT PRIMARY KEY,
-                kind          TEXT NOT NULL,
-                current_uid   TEXT,
-                target_uids   TEXT,
-                version       INTEGER NOT NULL,
-                created_at    INTEGER NOT NULL,
-                history       TEXT NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 4: Sessions
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS sessions (
-                session_id            TEXT PRIMARY KEY,
-                last_write_mtask_id   TEXT,
-                last_write_at         INTEGER,
-                pinned_group          INTEGER,
-                min_settings_version  INTEGER NOT NULL,
-                ttl                   INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 5: Idempotency cache
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS idempotency_cache (
-                key              TEXT PRIMARY KEY,
-                body_sha256      BLOB NOT NULL,
-                miroir_task_id   TEXT NOT NULL,
-                expires_at       INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 6: Jobs
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS jobs (
-                id                 TEXT PRIMARY KEY,
-                type               TEXT NOT NULL,
-                params             TEXT NOT NULL,
-                state              TEXT NOT NULL,
-                claimed_by         TEXT,
-                claim_expires_at   INTEGER,
-                progress           TEXT NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 7: Leader lease
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS leader_lease (
-                scope        TEXT PRIMARY KEY,
-                holder       TEXT NOT NULL,
-                expires_at   INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 8: Canaries
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS canaries (
-                id TEXT PRIMARY KEY,
-                name TEXT NOT NULL,
-                index_uid TEXT NOT NULL,
-                interval_s INTEGER NOT NULL,
-                query_json TEXT NOT NULL,
-                assertions_json TEXT NOT NULL,
-                enabled INTEGER NOT NULL,
-                created_at INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 9: Canary runs
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS canary_runs (
-                canary_id TEXT NOT NULL,
-                ran_at INTEGER NOT NULL,
-                status TEXT NOT NULL,
-                latency_ms INTEGER NOT NULL,
-                failed_assertions_json TEXT,
-                PRIMARY KEY (canary_id, ran_at)
-            )",
-            [],
-        )?;
-
-        // Table 10: CDC cursors
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS cdc_cursors (
-                sink_name TEXT NOT NULL,
-                index_uid TEXT NOT NULL,
-                last_event_seq INTEGER NOT NULL,
-                updated_at INTEGER NOT NULL,
-                PRIMARY KEY (sink_name, index_uid)
-            )",
-            [],
-        )?;
-
-        // Table 11: Tenant map
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS tenant_map (
-                api_key_hash BLOB PRIMARY KEY,
-                tenant_id TEXT NOT NULL,
-                group_id INTEGER
-            )",
-            [],
-        )?;
-
-        // Table 12: Rollover policies
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS rollover_policies (
-                name TEXT PRIMARY KEY,
-                write_alias TEXT NOT NULL,
-                read_alias TEXT NOT NULL,
-                pattern TEXT NOT NULL,
-                triggers_json TEXT NOT NULL,
-                retention_json TEXT NOT NULL,
-                template_json TEXT NOT NULL,
-                enabled INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 13: Search UI config
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS search_ui_config (
-                index_uid TEXT PRIMARY KEY,
-                config_json TEXT NOT NULL,
-                updated_at INTEGER NOT NULL
-            )",
-            [],
-        )?;
-
-        // Table 14: Admin sessions
-        conn.execute(
-            "CREATE TABLE IF NOT EXISTS admin_sessions (
-                session_id TEXT PRIMARY KEY,
-                csrf_token TEXT NOT NULL,
-                admin_key_hash TEXT NOT NULL,
-                created_at INTEGER NOT NULL,
-                expires_at INTEGER NOT NULL,
-                revoked INTEGER NOT NULL DEFAULT 0,
-                user_agent TEXT,
-                source_ip TEXT
-            )",
-            [],
-        )?;
-
-        // Index for admin_sessions expiration queries (plan §4 table 14)
-        conn.execute(
-            "CREATE INDEX IF NOT EXISTS admin_sessions_expires ON admin_sessions(expires_at)",
-            [],
-        )?;
-
-        Ok(())
-    }
+fn now_ms() -> i64 {
+    std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap()
+        .as_millis() as i64
 }
 
-// Note: Display and FromStr for TaskStatus, AliasKind, JobState, and CanaryRunStatus
-// are defined in schema.rs to avoid duplicate implementations
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::collections::HashMap;
+    use std::fs;
 
-impl std::fmt::Display for JobStatus {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        match self {
-            Self::Enqueued => write!(f, "Enqueued"),
-            Self::Processing => write!(f, "Processing"),
-            Self::Succeeded => write!(f, "Succeeded"),
-            Self::Failed => write!(f, "Failed"),
-            Self::Canceled => write!(f, "Canceled"),
+    fn test_store() -> SqliteTaskStore {
+        let store = SqliteTaskStore::open_in_memory().unwrap();
+        store.migrate().unwrap();
+        store
+    }
+
+    // --- Table 1: tasks ---
+
+    #[test]
+    fn task_crud_round_trip() {
+        let store = test_store();
+        let mut node_tasks = HashMap::new();
+        node_tasks.insert("node-0".to_string(), 42u64);
+        node_tasks.insert("node-1".to_string(), 17u64);
+
+        let new_task = NewTask {
+            miroir_id: "test-task-1".to_string(),
+            created_at: 1000,
+            status: "enqueued".to_string(),
+            node_tasks: node_tasks.clone(),
+            error: None,
+            started_at: None,
+            finished_at: None,
+            index_uid: None,
+            task_type: None,
+            node_errors: HashMap::new(),
+        };
+        store.insert_task(&new_task).unwrap();
+
+        let task = store.get_task("test-task-1").unwrap().unwrap();
+        assert_eq!(task.miroir_id, "test-task-1");
+        assert_eq!(task.status, "enqueued");
+        assert_eq!(task.node_tasks, node_tasks);
+        assert!(task.error.is_none());
+
+        // Update status
+        assert!(store
+            .update_task_status("test-task-1", "processing")
+            .unwrap());
+        let task = store.get_task("test-task-1").unwrap().unwrap();
+        assert_eq!(task.status, "processing");
+
+        // Update node task
+        assert!(store.update_node_task("test-task-1", "node-0", 99).unwrap());
+        let task = store.get_task("test-task-1").unwrap().unwrap();
+        assert_eq!(task.node_tasks.get("node-0"), Some(&99u64));
+        assert_eq!(task.node_tasks.get("node-1"), Some(&17u64));
+
+        // Set error
+        assert!(store.set_task_error("test-task-1", "boom").unwrap());
+        let task = store.get_task("test-task-1").unwrap().unwrap();
+        assert_eq!(task.error.as_deref(), Some("boom"));
+
+        // Missing task
+        assert!(store.get_task("no-such-task").unwrap().is_none());
+        assert!(!store.update_task_status("no-such-task", "failed").unwrap());
+    }
+
+    #[test]
+    fn task_list_with_filter() {
+        let store = test_store();
+
+        for i in 0..5 {
+            let mut nt = HashMap::new();
+            nt.insert("node-0".to_string(), i as u64);
+            store
+                .insert_task(&NewTask {
+                    miroir_id: format!("task-{i}"),
+                    created_at: i as i64 * 1000,
+                    status: if i < 3 { "enqueued" } else { "succeeded" }.to_string(),
+                    node_tasks: nt,
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .unwrap();
+        }
+
+        // All tasks
+        let all = store.list_tasks(&TaskFilter::default()).unwrap();
+        assert_eq!(all.len(), 5);
+
+        // Filter by status
+        let enqueued = store
+            .list_tasks(&TaskFilter {
+                status: Some("enqueued".to_string()),
+                ..Default::default()
+            })
+            .unwrap();
+        assert_eq!(enqueued.len(), 3);
+
+        // With limit + offset
+        let page = store
+            .list_tasks(&TaskFilter {
+                limit: Some(2),
+                offset: Some(1),
+                ..Default::default()
+            })
+            .unwrap();
+        assert_eq!(page.len(), 2);
+    }
+
+    // --- Table 2: node_settings_version ---
+
+    #[test]
+    fn node_settings_version_upsert_and_get() {
+        let store = test_store();
+
+        // Insert
+        store
+            .upsert_node_settings_version("idx-1", "node-0", 5, 1000)
+            .unwrap();
+        let row = store
+            .get_node_settings_version("idx-1", "node-0")
+            .unwrap()
+            .unwrap();
+        assert_eq!(row.version, 5);
+        assert_eq!(row.updated_at, 1000);
+
+        // Upsert (update)
+        store
+            .upsert_node_settings_version("idx-1", "node-0", 7, 2000)
+            .unwrap();
+        let row = store
+            .get_node_settings_version("idx-1", "node-0")
+            .unwrap()
+            .unwrap();
+        assert_eq!(row.version, 7);
+        assert_eq!(row.updated_at, 2000);
+
+        // Missing
+        assert!(store
+            .get_node_settings_version("idx-1", "node-99")
+            .unwrap()
+            .is_none());
+    }
+
+    // --- Table 3: aliases ---
+
+    #[test]
+    fn alias_single_crud_and_flip() {
+        let store = test_store();
+
+        store
+            .create_alias(&NewAlias {
+                name: "prod-logs".to_string(),
+                kind: "single".to_string(),
+                current_uid: Some("uid-v1".to_string()),
+                target_uids: None,
+                version: 1,
+                created_at: 1000,
+                history: vec![],
+            })
+            .unwrap();
+
+        let alias = store.get_alias("prod-logs").unwrap().unwrap();
+        assert_eq!(alias.current_uid.as_deref(), Some("uid-v1"));
+        assert_eq!(alias.version, 1);
+
+        // Flip
+        assert!(store.flip_alias("prod-logs", "uid-v2", 10).unwrap());
+        let alias = store.get_alias("prod-logs").unwrap().unwrap();
+        assert_eq!(alias.current_uid.as_deref(), Some("uid-v2"));
+        assert_eq!(alias.version, 2);
+        assert_eq!(alias.history.len(), 1);
+        assert_eq!(alias.history[0].uid, "uid-v1");
+
+        // Flip again
+        assert!(store.flip_alias("prod-logs", "uid-v3", 2).unwrap());
+        let alias = store.get_alias("prod-logs").unwrap().unwrap();
+        assert_eq!(alias.history.len(), 2); // retention = 2, so both kept
+
+        // Flip once more — retention should trim
+        assert!(store.flip_alias("prod-logs", "uid-v4", 2).unwrap());
+        let alias = store.get_alias("prod-logs").unwrap().unwrap();
+        assert_eq!(alias.history.len(), 2); // trimmed to 2
+
+        // Delete
+        assert!(store.delete_alias("prod-logs").unwrap());
+        assert!(store.get_alias("prod-logs").unwrap().is_none());
+    }
+
+    #[test]
+    fn alias_multi_target() {
+        let store = test_store();
+
+        store
+            .create_alias(&NewAlias {
+                name: "search-all".to_string(),
+                kind: "multi".to_string(),
+                current_uid: None,
+                target_uids: Some(vec!["uid-a".to_string(), "uid-b".to_string()]),
+                version: 1,
+                created_at: 1000,
+                history: vec![],
+            })
+            .unwrap();
+
+        let alias = store.get_alias("search-all").unwrap().unwrap();
+        assert_eq!(alias.kind, "multi");
+        assert_eq!(
+            alias.target_uids.unwrap(),
+            vec!["uid-a".to_string(), "uid-b".to_string()]
+        );
+    }
+
+    // --- Table 4: sessions ---
+
+    #[test]
+    fn session_upsert_get_and_expire() {
+        let store = test_store();
+
+        let session = SessionRow {
+            session_id: "sess-1".to_string(),
+            last_write_mtask_id: Some("task-1".to_string()),
+            last_write_at: Some(1000),
+            pinned_group: Some(2),
+            min_settings_version: 5,
+            ttl: 2000,
+        };
+        store.upsert_session(&session).unwrap();
+
+        let got = store.get_session("sess-1").unwrap().unwrap();
+        assert_eq!(got.last_write_mtask_id.as_deref(), Some("task-1"));
+        assert_eq!(got.pinned_group, Some(2));
+        assert_eq!(got.min_settings_version, 5);
+
+        // Upsert (update)
+        let updated = SessionRow {
+            session_id: "sess-1".to_string(),
+            last_write_mtask_id: Some("task-2".to_string()),
+            last_write_at: Some(1500),
+            pinned_group: None,
+            min_settings_version: 6,
+            ttl: 2500,
+        };
+        store.upsert_session(&updated).unwrap();
+        let got = store.get_session("sess-1").unwrap().unwrap();
+        assert_eq!(got.last_write_mtask_id.as_deref(), Some("task-2"));
+        assert!(got.pinned_group.is_none());
+
+        // Create expired session
+        store
+            .upsert_session(&SessionRow {
+                session_id: "sess-old".to_string(),
+                last_write_mtask_id: None,
+                last_write_at: None,
+                pinned_group: None,
+                min_settings_version: 1,
+                ttl: 500, // expired
+            })
+            .unwrap();
+
+        let deleted = store.delete_expired_sessions(1000).unwrap();
+        assert_eq!(deleted, 1);
+        assert!(store.get_session("sess-old").unwrap().is_none());
+        assert!(store.get_session("sess-1").unwrap().is_some());
+    }
+
+    // --- Table 5: idempotency_cache ---
+
+    #[test]
+    fn idempotency_crud_and_expire() {
+        let store = test_store();
+
+        let sha = vec![0u8; 32]; // dummy 32-byte hash
+        store
+            .insert_idempotency_entry(&IdempotencyEntry {
+                key: "req-abc".to_string(),
+                body_sha256: sha.clone(),
+                miroir_task_id: "task-1".to_string(),
+                expires_at: 5000,
+            })
+            .unwrap();
+
+        let entry = store.get_idempotency_entry("req-abc").unwrap().unwrap();
+        assert_eq!(entry.body_sha256, sha);
+        assert_eq!(entry.miroir_task_id, "task-1");
+
+        // Missing
+        assert!(store.get_idempotency_entry("nope").unwrap().is_none());
+
+        // Expire
+        store
+            .insert_idempotency_entry(&IdempotencyEntry {
+                key: "req-old".to_string(),
+                body_sha256: sha.clone(),
+                miroir_task_id: "task-2".to_string(),
+                expires_at: 100, // already expired
+            })
+            .unwrap();
+
+        let deleted = store.delete_expired_idempotency_entries(1000).unwrap();
+        assert_eq!(deleted, 1);
+        assert!(store.get_idempotency_entry("req-old").unwrap().is_none());
+        assert!(store.get_idempotency_entry("req-abc").unwrap().is_some());
+    }
+
+    // --- Table 6: jobs ---
+
+    #[test]
+    fn job_insert_claim_complete() {
+        let store = test_store();
+
+        store
+            .insert_job(&NewJob {
+                id: "job-1".to_string(),
+                type_: "dump_import".to_string(),
+                params: r#"{"index": "logs"}"#.to_string(),
+                state: "queued".to_string(),
+                progress: "{}".to_string(),
+                parent_job_id: None,
+                chunk_index: None,
+                total_chunks: None,
+                created_at: 1000,
+            })
+            .unwrap();
+
+        let job = store.get_job("job-1").unwrap().unwrap();
+        assert_eq!(job.state, "queued");
+        assert!(job.claimed_by.is_none());
+
+        // Claim
+        assert!(store.claim_job("job-1", "pod-a", 10000).unwrap());
+        let job = store.get_job("job-1").unwrap().unwrap();
+        assert_eq!(job.state, "in_progress");
+        assert_eq!(job.claimed_by.as_deref(), Some("pod-a"));
+
+        // Cannot double-claim
+        assert!(!store.claim_job("job-1", "pod-b", 10001).unwrap());
+
+        // Update progress
+        assert!(store
+            .update_job_progress("job-1", "in_progress", r#"{"bytes": 1024}"#)
+            .unwrap());
+
+        // Renew claim (heartbeat)
+        assert!(store.renew_job_claim("job-1", 11000).unwrap());
+
+        // Complete
+        assert!(store
+            .update_job_progress("job-1", "completed", r#"{"bytes": 4096}"#)
+            .unwrap());
+    }
+
+    #[test]
+    fn job_list_by_state() {
+        let store = test_store();
+
+        for i in 0..4 {
+            store
+                .insert_job(&NewJob {
+                    id: format!("job-{i}"),
+                    type_: "reshard_backfill".to_string(),
+                    params: "{}".to_string(),
+                    state: "queued".to_string(),
+                    progress: "{}".to_string(),
+                    parent_job_id: None,
+                    chunk_index: None,
+                    total_chunks: None,
+                    created_at: 1000 + (i as i64),
+                })
+                .unwrap();
+        }
+        // Claim one
+        store.claim_job("job-2", "pod-a", 99999).unwrap();
+
+        let queued = store.list_jobs_by_state("queued").unwrap();
+        assert_eq!(queued.len(), 3);
+
+        let in_progress = store.list_jobs_by_state("in_progress").unwrap();
+        assert_eq!(in_progress.len(), 1);
+        assert_eq!(in_progress[0].id, "job-2");
+    }
+
+    // --- Table 7: leader_lease ---
+
+    #[test]
+    fn leader_lease_acquire_renew_steal() {
+        let store = test_store();
+
+        // Use realistic timestamps based on current time
+        let now = now_ms();
+        let t0 = now;
+        let t1 = now + 15_000; // +15s (first lease expiration)
+        let t2 = now + 6_000; // +6s (renew before expiration)
+        let t3 = now + 20_000; // +20s (after lease expired)
+        let t4 = now + 30_000; // +30s (new lease expiration)
+        let t5 = now + 35_000; // +35s (renewal)
+
+        // First acquisition (now=t0, expires=t1)
+        assert!(store
+            .try_acquire_leader_lease("reshard:idx-1", "pod-a", t1, t0)
+            .unwrap());
+
+        // Same holder can re-acquire before expiration (now=t2 < t1)
+        assert!(store
+            .try_acquire_leader_lease("reshard:idx-1", "pod-a", t1, t2)
+            .unwrap());
+
+        // Different holder, lease not expired — fails (now=t2, lease=t1)
+        assert!(!store
+            .try_acquire_leader_lease("reshard:idx-1", "pod-b", t4, t2)
+            .unwrap());
+
+        // Lease expired — different holder can steal (now=t3 > t1)
+        assert!(store
+            .try_acquire_leader_lease("reshard:idx-1", "pod-b", t4, t3)
+            .unwrap());
+
+        // Renew by current holder
+        assert!(store
+            .renew_leader_lease("reshard:idx-1", "pod-b", t5)
+            .unwrap());
+
+        // Wrong holder cannot renew
+        assert!(!store
+            .renew_leader_lease("reshard:idx-1", "pod-a", t5)
+            .unwrap());
+
+        // Get lease
+        let lease = store.get_leader_lease("reshard:idx-1").unwrap().unwrap();
+        assert_eq!(lease.holder, "pod-b");
+        assert_eq!(lease.expires_at, t5);
+    }
+
+    // --- Migration idempotency ---
+
+    #[test]
+    fn migration_is_idempotent() {
+        let store = SqliteTaskStore::open_in_memory().unwrap();
+        store.migrate().unwrap();
+
+        // Insert data to prove it survives re-migration
+        store
+            .insert_task(&NewTask {
+                miroir_id: "survivor".to_string(),
+                created_at: 1,
+                status: "enqueued".to_string(),
+                node_tasks: HashMap::new(),
+                error: None,
+                started_at: None,
+                finished_at: None,
+                index_uid: None,
+                task_type: None,
+                node_errors: HashMap::new(),
+            })
+            .unwrap();
+
+        // Run migration again — should be a no-op
+        store.migrate().unwrap();
+
+        // Data still there
+        assert!(store.get_task("survivor").unwrap().is_some());
+    }
+
+    #[test]
+    fn schema_version_recorded() {
+        let store = SqliteTaskStore::open_in_memory().unwrap();
+        store.migrate().unwrap();
+
+        let conn = store.conn.lock().unwrap();
+        let version: i64 = conn
+            .query_row("SELECT MAX(version) FROM schema_versions", [], |row| {
+                row.get(0)
+            })
+            .unwrap();
+        assert_eq!(version, registry().max_version());
+    }
+
+    // --- Schema version ahead error ---
+
+    #[test]
+    fn schema_version_ahead_fails() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("test.db");
+
+        // Create a store with current binary
+        let store = SqliteTaskStore::open(&path).unwrap();
+        store.migrate().unwrap();
+        drop(store);
+
+        // Artificially set schema version ahead of binary
+        let conn = Connection::open(&path).unwrap();
+        conn.execute(
+            "INSERT INTO schema_versions (version, applied_at) VALUES (?1, ?2)",
+            params![registry().max_version() + 1, now_ms()],
+        )
+        .unwrap();
+        drop(conn);
+
+        // Re-opening should fail with SchemaVersionAhead error
+        let result = SqliteTaskStore::open(&path).and_then(|s| s.migrate());
+        assert!(result.is_err());
+        match result.unwrap_err() {
+            crate::MiroirError::SchemaVersionAhead {
+                store_version,
+                binary_version,
+            } => {
+                assert_eq!(store_version, registry().max_version() + 1);
+                assert_eq!(binary_version, registry().max_version());
+            }
+            _ => panic!("expected SchemaVersionAhead error"),
         }
     }
-}
 
-impl std::str::FromStr for JobStatus {
-    type Err = String;
+    // --- WAL mode ---
 
-    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
-        match s {
-            "Enqueued" => Ok(Self::Enqueued),
-            "Processing" => Ok(Self::Processing),
-            "Succeeded" => Ok(Self::Succeeded),
-            "Failed" => Ok(Self::Failed),
-            "Canceled" => Ok(Self::Canceled),
-            _ => Err(format!("invalid job status: {s}")),
+    #[test]
+    fn wal_mode_enabled() {
+        let store = SqliteTaskStore::open_in_memory().unwrap();
+        let conn = store.conn.lock().unwrap();
+        let mode: String = conn
+            .query_row("PRAGMA journal_mode", [], |row| row.get(0))
+            .unwrap();
+        assert_eq!(mode, "memory"); // in-memory DB uses memory mode, which is fine
+    }
+
+    #[test]
+    fn wal_mode_on_file() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("test.db");
+        let store = SqliteTaskStore::open(&path).unwrap();
+        store.migrate().unwrap();
+
+        let conn = store.conn.lock().unwrap();
+        let mode: String = conn
+            .query_row("PRAGMA journal_mode", [], |row| row.get(0))
+            .unwrap();
+        assert_eq!(mode, "wal");
+    }
+
+    // --- Concurrent writes (single-process) ---
+
+    #[test]
+    fn concurrent_writes_no_deadlock() {
+        use std::sync::Arc;
+        use std::thread;
+
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("concurrent.db");
+        let store = Arc::new(SqliteTaskStore::open(&path).unwrap());
+        store.migrate().unwrap();
+
+        let mut handles = vec![];
+        for i in 0..4 {
+            let s = Arc::clone(&store);
+            handles.push(thread::spawn(move || {
+                let mut nt = HashMap::new();
+                nt.insert("node-0".to_string(), i as u64);
+                s.insert_task(&NewTask {
+                    miroir_id: format!("concurrent-{i}"),
+                    created_at: i as i64,
+                    status: "enqueued".to_string(),
+                    node_tasks: nt,
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .unwrap();
+            }));
+        }
+
+        for h in handles {
+            h.join().unwrap();
+        }
+
+        // All 4 tasks should be there
+        let all = store.list_tasks(&TaskFilter::default()).unwrap();
+        assert_eq!(all.len(), 4);
+    }
+
+    // --- Table 8: canaries ---
+
+    #[test]
+    fn canary_upsert_get_list_delete() {
+        let store = test_store();
+
+        // Insert a canary
+        store
+            .upsert_canary(&NewCanary {
+                id: "canary-1".to_string(),
+                name: "Search health check".to_string(),
+                index_uid: "logs".to_string(),
+                interval_s: 60,
+                query_json: r#"{"q": "error"}"#.to_string(),
+                assertions_json: r#"[{"type": "min_hits", "value": 1}]"#.to_string(),
+                enabled: true,
+                created_at: 1000,
+            })
+            .unwrap();
+
+        // Get the canary
+        let canary = store.get_canary("canary-1").unwrap().unwrap();
+        assert_eq!(canary.id, "canary-1");
+        assert_eq!(canary.name, "Search health check");
+        assert_eq!(canary.index_uid, "logs");
+        assert_eq!(canary.interval_s, 60);
+        assert!(canary.enabled);
+
+        // List all canaries
+        let canaries = store.list_canaries().unwrap();
+        assert_eq!(canaries.len(), 1);
+        assert_eq!(canaries[0].id, "canary-1");
+
+        // Upsert (update) the canary
+        store
+            .upsert_canary(&NewCanary {
+                id: "canary-1".to_string(),
+                name: "Updated health check".to_string(),
+                index_uid: "logs".to_string(),
+                interval_s: 120,
+                query_json: r#"{"q": "error"}"#.to_string(),
+                assertions_json: r#"[{"type": "min_hits", "value": 1}]"#.to_string(),
+                enabled: false,
+                created_at: 1000,
+            })
+            .unwrap();
+
+        let canary = store.get_canary("canary-1").unwrap().unwrap();
+        assert_eq!(canary.name, "Updated health check");
+        assert_eq!(canary.interval_s, 120);
+        assert!(!canary.enabled);
+
+        // Delete the canary
+        assert!(store.delete_canary("canary-1").unwrap());
+        assert!(store.get_canary("canary-1").unwrap().is_none());
+
+        // Delete non-existent canary
+        assert!(!store.delete_canary("no-such-canary").unwrap());
+    }
+
+    // --- Table 9: canary_runs ---
+
+    #[test]
+    fn canary_runs_insert_get_and_auto_prune() {
+        let store = test_store();
+
+        // Create a canary first (foreign key not enforced, but logical consistency)
+        store
+            .upsert_canary(&NewCanary {
+                id: "canary-1".to_string(),
+                name: "Test canary".to_string(),
+                index_uid: "logs".to_string(),
+                interval_s: 60,
+                query_json: r#"{"q": "test"}"#.to_string(),
+                assertions_json: r#"[]"#.to_string(),
+                enabled: true,
+                created_at: 1000,
+            })
+            .unwrap();
+
+        // Insert 5 runs with history limit of 3
+        for i in 0..5 {
+            store
+                .insert_canary_run(
+                    &NewCanaryRun {
+                        canary_id: "canary-1".to_string(),
+                        ran_at: 1000 + i * 100,
+                        status: if i == 2 { "fail" } else { "pass" }.to_string(),
+                        latency_ms: 50 + i * 10,
+                        failed_assertions_json: if i == 2 {
+                            Some(r#"[{"assertion": "min_hits", "reason": "no hits"}]"#.to_string())
+                        } else {
+                            None
+                        },
+                    },
+                    3, // run_history_limit
+                )
+                .unwrap();
+        }
+
+        // Only the 3 most recent runs should remain
+        let runs = store.get_canary_runs("canary-1", 10).unwrap();
+        assert_eq!(runs.len(), 3);
+        // Runs are ordered by ran_at DESC, so we should see runs 4, 3, 2
+        assert_eq!(runs[0].ran_at, 1400); // i=4
+        assert_eq!(runs[1].ran_at, 1300); // i=3
+        assert_eq!(runs[2].ran_at, 1200); // i=2
+        assert_eq!(runs[2].status, "fail");
+        assert!(runs[2].failed_assertions_json.is_some());
+
+        // Test limit parameter
+        let runs = store.get_canary_runs("canary-1", 2).unwrap();
+        assert_eq!(runs.len(), 2);
+    }
+
+    #[test]
+    fn canary_runs_empty_for_nonexistent_canary() {
+        let store = test_store();
+        let runs = store.get_canary_runs("no-such-canary", 10).unwrap();
+        assert!(runs.is_empty());
+    }
+
+    // --- Table 10: cdc_cursors ---
+
+    #[test]
+    fn cdc_cursor_upsert_get_list() {
+        let store = test_store();
+
+        // Insert a cursor
+        store
+            .upsert_cdc_cursor(&NewCdcCursor {
+                sink_name: "elasticsearch".to_string(),
+                index_uid: "logs".to_string(),
+                last_event_seq: 12345,
+                updated_at: 2000,
+            })
+            .unwrap();
+
+        // Get the cursor
+        let cursor = store
+            .get_cdc_cursor("elasticsearch", "logs")
+            .unwrap()
+            .unwrap();
+        assert_eq!(cursor.sink_name, "elasticsearch");
+        assert_eq!(cursor.index_uid, "logs");
+        assert_eq!(cursor.last_event_seq, 12345);
+
+        // List all cursors for a sink
+        store
+            .upsert_cdc_cursor(&NewCdcCursor {
+                sink_name: "elasticsearch".to_string(),
+                index_uid: "metrics".to_string(),
+                last_event_seq: 67890,
+                updated_at: 2500,
+            })
+            .unwrap();
+
+        let cursors = store.list_cdc_cursors("elasticsearch").unwrap();
+        assert_eq!(cursors.len(), 2);
+
+        // Upsert (update) the cursor
+        store
+            .upsert_cdc_cursor(&NewCdcCursor {
+                sink_name: "elasticsearch".to_string(),
+                index_uid: "logs".to_string(),
+                last_event_seq: 13000,
+                updated_at: 3000,
+            })
+            .unwrap();
+
+        let cursor = store
+            .get_cdc_cursor("elasticsearch", "logs")
+            .unwrap()
+            .unwrap();
+        assert_eq!(cursor.last_event_seq, 13000);
+
+        // Composite PK: different sink should not exist
+        assert!(store
+            .get_cdc_cursor("elasticsearch", "nonexistent")
+            .unwrap()
+            .is_none());
+        assert!(store
+            .get_cdc_cursor("unknown_sink", "logs")
+            .unwrap()
+            .is_none());
+    }
+
+    // --- Table 11: tenant_map ---
+
+    #[test]
+    fn tenant_map_insert_get_delete() {
+        let store = test_store();
+
+        // Create a 32-byte hash (sha256)
+        let api_key_hash = vec![1u8; 32];
+
+        // Insert a tenant mapping
+        store
+            .insert_tenant_mapping(&NewTenantMapping {
+                api_key_hash: api_key_hash.clone(),
+                tenant_id: "acme-corp".to_string(),
+                group_id: Some(2),
+            })
+            .unwrap();
+
+        // Get the mapping
+        let mapping = store.get_tenant_mapping(&api_key_hash).unwrap().unwrap();
+        assert_eq!(mapping.tenant_id, "acme-corp");
+        assert_eq!(mapping.group_id, Some(2));
+
+        // Missing mapping
+        let unknown_hash = vec![99u8; 32];
+        assert!(store.get_tenant_mapping(&unknown_hash).unwrap().is_none());
+
+        // Delete the mapping
+        assert!(store.delete_tenant_mapping(&api_key_hash).unwrap());
+        assert!(store.get_tenant_mapping(&api_key_hash).unwrap().is_none());
+
+        // Delete non-existent mapping
+        assert!(!store.delete_tenant_mapping(&unknown_hash).unwrap());
+    }
+
+    #[test]
+    fn tenant_map_nullable_group_id() {
+        let store = test_store();
+
+        let api_key_hash = vec![2u8; 32];
+
+        store
+            .insert_tenant_mapping(&NewTenantMapping {
+                api_key_hash: api_key_hash.clone(),
+                tenant_id: "default-tenant".to_string(),
+                group_id: None, // NULL group_id falls back to hash(tenant_id) % RG
+            })
+            .unwrap();
+
+        let mapping = store.get_tenant_mapping(&api_key_hash).unwrap().unwrap();
+        assert_eq!(mapping.tenant_id, "default-tenant");
+        assert_eq!(mapping.group_id, None);
+    }
+
+    // --- Table 12: rollover_policies ---
+
+    #[test]
+    fn rollover_policy_upsert_get_list_delete() {
+        let store = test_store();
+
+        // Insert a policy
+        store
+            .upsert_rollover_policy(&NewRolloverPolicy {
+                name: "daily-logs".to_string(),
+                write_alias: "logs-write".to_string(),
+                read_alias: "logs-read".to_string(),
+                pattern: "logs-{YYYY-MM-DD}".to_string(),
+                triggers_json: r#"{"max_age": "1d", "max_docs": 1000000}"#.to_string(),
+                retention_json: r#"{"keep_indexes": 30}"#.to_string(),
+                template_json: r#"{"primary_key": "id", "settings_ref": "logs-template"}"#
+                    .to_string(),
+                enabled: true,
+            })
+            .unwrap();
+
+        // Get the policy
+        let policy = store.get_rollover_policy("daily-logs").unwrap().unwrap();
+        assert_eq!(policy.name, "daily-logs");
+        assert_eq!(policy.write_alias, "logs-write");
+        assert_eq!(policy.read_alias, "logs-read");
+        assert_eq!(policy.pattern, "logs-{YYYY-MM-DD}");
+        assert!(policy.enabled);
+
+        // List all policies
+        let policies = store.list_rollover_policies().unwrap();
+        assert_eq!(policies.len(), 1);
+
+        // Upsert (update) the policy
+        store
+            .upsert_rollover_policy(&NewRolloverPolicy {
+                name: "daily-logs".to_string(),
+                write_alias: "logs-write".to_string(),
+                read_alias: "logs-read".to_string(),
+                pattern: "logs-{YYYY-MM-DD}".to_string(),
+                triggers_json: r#"{"max_age": "1d", "max_docs": 2000000}"#.to_string(), // changed
+                retention_json: r#"{"keep_indexes": 30}"#.to_string(),
+                template_json: r#"{"primary_key": "id", "settings_ref": "logs-template"}"#
+                    .to_string(),
+                enabled: false, // changed
+            })
+            .unwrap();
+
+        let policy = store.get_rollover_policy("daily-logs").unwrap().unwrap();
+        assert!(!policy.enabled);
+
+        // Delete the policy
+        assert!(store.delete_rollover_policy("daily-logs").unwrap());
+        assert!(store.get_rollover_policy("daily-logs").unwrap().is_none());
+    }
+
+    // --- Table 13: search_ui_config ---
+
+    #[test]
+    fn search_ui_config_upsert_get_delete() {
+        let store = test_store();
+
+        let config_json = r#"{"title": "Product Search", "facets": ["category", "price"], "sort": ["relevance", "price_asc"]}"#;
+
+        // Insert config
+        store
+            .upsert_search_ui_config(&NewSearchUiConfig {
+                index_uid: "products".to_string(),
+                config_json: config_json.to_string(),
+                updated_at: 5000,
+            })
+            .unwrap();
+
+        // Get config
+        let config = store.get_search_ui_config("products").unwrap().unwrap();
+        assert_eq!(config.index_uid, "products");
+        assert_eq!(config.config_json, config_json);
+
+        // Upsert (update) config
+        let updated_json = r#"{"title": "Product Search V2", "facets": ["category"]}"#;
+        store
+            .upsert_search_ui_config(&NewSearchUiConfig {
+                index_uid: "products".to_string(),
+                config_json: updated_json.to_string(),
+                updated_at: 6000,
+            })
+            .unwrap();
+
+        let config = store.get_search_ui_config("products").unwrap().unwrap();
+        assert_eq!(config.config_json, updated_json);
+        assert_eq!(config.updated_at, 6000);
+
+        // Delete config
+        assert!(store.delete_search_ui_config("products").unwrap());
+        assert!(store.get_search_ui_config("products").unwrap().is_none());
+    }
+
+    // --- Table 14: admin_sessions ---
+
+    #[test]
+    fn admin_session_insert_get_revoke_expire() {
+        let store = test_store();
+
+        // Insert a session
+        store
+            .insert_admin_session(&NewAdminSession {
+                session_id: "sess-admin-1".to_string(),
+                csrf_token: "csrf-token-abc123".to_string(),
+                admin_key_hash: "hash-of-admin-key".to_string(),
+                created_at: 7000,
+                expires_at: 17000, // expires 10s after creation
+                user_agent: Some("Mozilla/5.0".to_string()),
+                source_ip: Some("192.168.1.100".to_string()),
+            })
+            .unwrap();
+
+        // Get the session
+        let session = store.get_admin_session("sess-admin-1").unwrap().unwrap();
+        assert_eq!(session.session_id, "sess-admin-1");
+        assert_eq!(session.csrf_token, "csrf-token-abc123");
+        assert_eq!(session.admin_key_hash, "hash-of-admin-key");
+        assert_eq!(session.created_at, 7000);
+        assert_eq!(session.expires_at, 17000);
+        assert!(!session.revoked);
+        assert_eq!(session.user_agent.as_deref(), Some("Mozilla/5.0"));
+        assert_eq!(session.source_ip.as_deref(), Some("192.168.1.100"));
+
+        // Revoke the session
+        assert!(store.revoke_admin_session("sess-admin-1").unwrap());
+        let session = store.get_admin_session("sess-admin-1").unwrap().unwrap();
+        assert!(session.revoked);
+
+        // Double revoke is idempotent (still returns true if row exists)
+        assert!(store.revoke_admin_session("sess-admin-1").unwrap());
+
+        // Test session expiration cleanup
+        store
+            .insert_admin_session(&NewAdminSession {
+                session_id: "sess-expired".to_string(),
+                csrf_token: "csrf-expired".to_string(),
+                admin_key_hash: "hash-expired".to_string(),
+                created_at: 1000,
+                expires_at: 5000, // already expired
+                user_agent: None,
+                source_ip: None,
+            })
+            .unwrap();
+
+        let deleted = store.delete_expired_admin_sessions(10000).unwrap();
+        assert_eq!(deleted, 1);
+        assert!(store.get_admin_session("sess-expired").unwrap().is_none());
+
+        // Active session should not be deleted
+        assert!(store.get_admin_session("sess-admin-1").unwrap().is_some());
+    }
+
+    #[test]
+    fn admin_session_nullable_fields() {
+        let store = test_store();
+
+        store
+            .insert_admin_session(&NewAdminSession {
+                session_id: "sess-minimal".to_string(),
+                csrf_token: "csrf".to_string(),
+                admin_key_hash: "hash".to_string(),
+                created_at: 1000,
+                expires_at: 10000,
+                user_agent: None,
+                source_ip: None,
+            })
+            .unwrap();
+
+        let session = store.get_admin_session("sess-minimal").unwrap().unwrap();
+        assert!(session.user_agent.is_none());
+        assert!(session.source_ip.is_none());
+    }
+
+    // --- prune_tasks ---
+
+    #[test]
+    fn prune_tasks_deletes_old_terminal_tasks() {
+        let store = test_store();
+
+        // Insert tasks with different statuses and timestamps
+        for i in 0..10 {
+            store
+                .insert_task(&NewTask {
+                    miroir_id: format!("task-{i}"),
+                    created_at: i as i64 * 1000,
+                    status: match i {
+                        0..=2 => "succeeded",
+                        3..=5 => "failed",
+                        6..=7 => "canceled",
+                        _ => "enqueued", // should NOT be pruned
+                    }
+                    .to_string(),
+                    node_tasks: HashMap::new(),
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .unwrap();
+        }
+
+        // Prune tasks older than 3500ms (should delete tasks 0, 1, 2, 3)
+        let deleted = store.prune_tasks(3500, 100).unwrap();
+        assert_eq!(deleted, 4); // tasks 0, 1, 2, 3 (succeeded or failed, < 3500ms)
+
+        // Verify task-4 (failed at 4000ms) still exists
+        assert!(store.get_task("task-4").unwrap().is_some());
+        // Verify task-8 (enqueued) still exists regardless of age
+        assert!(store.get_task("task-8").unwrap().is_some());
+    }
+
+    // --- Property tests (proptest) ---
+
+    mod proptest_tests {
+        use super::*;
+        use proptest::prelude::*;
+
+        fn test_store() -> SqliteTaskStore {
+            let store = SqliteTaskStore::open_in_memory().unwrap();
+            store.migrate().unwrap();
+            store
+        }
+
+        proptest! {
+            #![proptest_config(ProptestConfig::with_cases(50))]
+
+            /// Property: (insert, get) round-trip preserves all fields.
+            #[test]
+            fn task_insert_get_roundtrip(
+                miroir_id in "[a-z0-9-]{1,32}",
+                created_at in 0i64..1_000_000,
+                status in "(enqueued|processing|succeeded|failed|canceled)",
+                error in proptest::option::of("[a-zA-Z0-9 ]{0,64}"),
+                n_nodes in 0usize..5usize,
+            ) {
+                let store = test_store();
+                let mut node_tasks = HashMap::new();
+                for i in 0..n_nodes {
+                    node_tasks.insert(format!("node-{i}"), i as u64);
+                }
+
+                let new_task = NewTask {
+                    miroir_id: miroir_id.clone(),
+                    created_at,
+                    status: status.clone(),
+                    node_tasks: node_tasks.clone(),
+                    error: error.clone(),
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                };
+                store.insert_task(&new_task).unwrap();
+
+                let got = store.get_task(&miroir_id).unwrap().unwrap();
+                prop_assert_eq!(got.miroir_id, miroir_id);
+                prop_assert_eq!(got.created_at, created_at);
+                prop_assert_eq!(got.status, status);
+                prop_assert_eq!(got.node_tasks, node_tasks);
+                prop_assert_eq!(got.error, error);
+            }
+
+            /// Property: (upsert, get) for node_settings_version round-trips.
+            #[test]
+            fn node_settings_version_upsert_roundtrip(
+                index_uid in "[a-z0-9]{1,16}",
+                node_id in "[a-z0-9]{1,16}",
+                version in 1i64..10000,
+                updated_at in 0i64..1_000_000,
+            ) {
+                let store = test_store();
+                store.upsert_node_settings_version(&index_uid, &node_id, version, updated_at).unwrap();
+                let got = store.get_node_settings_version(&index_uid, &node_id).unwrap().unwrap();
+                prop_assert_eq!(got.index_uid, index_uid);
+                prop_assert_eq!(got.node_id, node_id);
+                prop_assert_eq!(got.version, version);
+                prop_assert_eq!(got.updated_at, updated_at);
+            }
+
+            /// Property: alias (create, get) round-trip for single aliases.
+            #[test]
+            fn alias_single_roundtrip(
+                name in "[a-z0-9-]{1,32}",
+                current_uid in proptest::option::of("uid-[a-z0-9]{1,16}"),
+                version in 1i64..100,
+            ) {
+                let store = test_store();
+                let alias = NewAlias {
+                    name: name.clone(),
+                    kind: "single".to_string(),
+                    current_uid: current_uid.clone(),
+                    target_uids: None,
+                    version,
+                    created_at: 1000,
+                    history: vec![],
+                };
+                store.create_alias(&alias).unwrap();
+
+                let got = store.get_alias(&name).unwrap().unwrap();
+                prop_assert_eq!(got.name, name);
+                prop_assert_eq!(got.kind, "single");
+                prop_assert_eq!(got.current_uid, current_uid);
+                prop_assert_eq!(got.version, version);
+            }
+
+            /// Property: (insert, list) — inserted tasks appear in list.
+            #[test]
+            fn task_insert_list_visible(
+                ids in proptest::collection::vec("[a-z0-9-]{1,16}", 1..10),
+            ) {
+                let store = test_store();
+                let unique_ids: std::collections::HashSet<String> = ids.into_iter().collect();
+                for (i, id) in unique_ids.iter().enumerate() {
+                    let mut nt = HashMap::new();
+                    nt.insert("node-0".to_string(), i as u64);
+                    store.insert_task(&NewTask {
+                        miroir_id: id.clone(),
+                        created_at: i as i64 * 1000,
+                        status: "enqueued".to_string(),
+                        node_tasks: nt,
+                        error: None,
+                        started_at: None,
+                        finished_at: None,
+                        index_uid: None,
+                        task_type: None,
+                        node_errors: HashMap::new(),
+                    }).unwrap();
+                }
+
+                let all = store.list_tasks(&TaskFilter::default()).unwrap();
+                prop_assert_eq!(all.len(), unique_ids.len());
+                let got_ids: std::collections::HashSet<String> =
+                    all.iter().map(|t| t.miroir_id.clone()).collect();
+                prop_assert_eq!(got_ids, unique_ids);
+            }
+
+            /// Property: idempotency (insert, get) round-trip.
+            #[test]
+            fn idempotency_roundtrip(
+                key in "[a-z0-9-]{1,32}",
+                task_id in "[a-z0-9-]{1,32}",
+                expires_at in 5000i64..1_000_000,
+            ) {
+                let store = test_store();
+                let sha = vec![0xABu8; 32];
+                store.insert_idempotency_entry(&IdempotencyEntry {
+                    key: key.clone(),
+                    body_sha256: sha.clone(),
+                    miroir_task_id: task_id.clone(),
+                    expires_at,
+                }).unwrap();
+
+                let got = store.get_idempotency_entry(&key).unwrap().unwrap();
+                prop_assert_eq!(got.key, key);
+                prop_assert_eq!(got.body_sha256, sha);
+                prop_assert_eq!(got.miroir_task_id, task_id);
+                prop_assert_eq!(got.expires_at, expires_at);
+            }
+
+            /// Property: canary (upsert, list) — all unique canaries visible.
+            #[test]
+            fn canary_upsert_list_roundtrip(
+                ids in proptest::collection::vec("[a-z0-9-]{1,16}", 1..8),
+            ) {
+                let store = test_store();
+                let unique_ids: std::collections::HashSet<String> = ids.into_iter().collect();
+                for (i, id) in unique_ids.iter().enumerate() {
+                    store.upsert_canary(&NewCanary {
+                        id: id.clone(),
+                        name: format!("canary-{i}"),
+                        index_uid: "logs".to_string(),
+                        interval_s: 60 + i as i64,
+                        query_json: r#"{"q":"test"}"#.to_string(),
+                        assertions_json: "[]".to_string(),
+                        enabled: i % 2 == 0,
+                        created_at: i as i64 * 1000,
+                    }).unwrap();
+                }
+
+                let all = store.list_canaries().unwrap();
+                prop_assert_eq!(all.len(), unique_ids.len());
+            }
+
+            /// Property: rollover_policy (upsert, list) round-trip.
+            #[test]
+            fn rollover_policy_upsert_list_roundtrip(
+                names in proptest::collection::vec("[a-z0-9-]{1,16}", 1..6),
+            ) {
+                let store = test_store();
+                let unique_names: std::collections::HashSet<String> = names.into_iter().collect();
+                for (_i, name) in unique_names.iter().enumerate() {
+                    store.upsert_rollover_policy(&NewRolloverPolicy {
+                        name: name.clone(),
+                        write_alias: format!("{name}-w"),
+                        read_alias: format!("{name}-r"),
+                        pattern: "logs-*".to_string(),
+                        triggers_json: "{}".to_string(),
+                        retention_json: "{}".to_string(),
+                        template_json: "{}".to_string(),
+                        enabled: true,
+                    }).unwrap();
+                }
+
+                let all = store.list_rollover_policies().unwrap();
+                prop_assert_eq!(all.len(), unique_names.len());
+            }
         }
     }
+
+    // --- Restart resilience test ---
+
+    #[test]
+    fn task_survives_store_reopen() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("resilience.db");
+
+        // Phase 1: open, migrate, insert a task
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+            let mut nt = HashMap::new();
+            nt.insert("node-0".to_string(), 42u64);
+            store
+                .insert_task(&NewTask {
+                    miroir_id: "survivor-task".to_string(),
+                    created_at: 1000,
+                    status: "enqueued".to_string(),
+                    node_tasks: nt,
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .unwrap();
+            // Drop store — simulates pod shutdown
+        }
+
+        // Phase 2: reopen the same database file
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+
+            // Task survives the close/reopen cycle
+            let task = store.get_task("survivor-task").unwrap().unwrap();
+            assert_eq!(task.miroir_id, "survivor-task");
+            assert_eq!(task.status, "enqueued");
+            assert_eq!(task.node_tasks.get("node-0"), Some(&42u64));
+
+            // Can continue updating the task
+            assert!(store
+                .update_task_status("survivor-task", "processing")
+                .unwrap());
+            assert!(store.set_task_error("survivor-task", "recovered").unwrap());
+
+            let updated = store.get_task("survivor-task").unwrap().unwrap();
+            assert_eq!(updated.status, "processing");
+            assert_eq!(updated.error.as_deref(), Some("recovered"));
+        }
+
+        // Phase 3: reopen again and verify the update stuck
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+
+            let task = store.get_task("survivor-task").unwrap().unwrap();
+            assert_eq!(task.status, "processing");
+            assert_eq!(task.error.as_deref(), Some("recovered"));
+        }
+    }
+
+    #[test]
+    fn all_tables_survive_store_reopen() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("full-resilience.db");
+
+        // Phase 1: populate all 14 tables
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+
+            // Table 1: tasks
+            store
+                .insert_task(&NewTask {
+                    miroir_id: "task-r".to_string(),
+                    created_at: 1000,
+                    status: "enqueued".to_string(),
+                    node_tasks: HashMap::new(),
+                    error: None,
+                    started_at: None,
+                    finished_at: None,
+                    index_uid: None,
+                    task_type: None,
+                    node_errors: HashMap::new(),
+                })
+                .unwrap();
+
+            // Table 2: node_settings_version
+            store
+                .upsert_node_settings_version("idx-r", "node-r", 5, 1000)
+                .unwrap();
+
+            // Table 3: aliases
+            store
+                .create_alias(&NewAlias {
+                    name: "alias-r".to_string(),
+                    kind: "single".to_string(),
+                    current_uid: Some("uid-v1".to_string()),
+                    target_uids: None,
+                    version: 1,
+                    created_at: 1000,
+                    history: vec![],
+                })
+                .unwrap();
+
+            // Table 4: sessions
+            store
+                .upsert_session(&SessionRow {
+                    session_id: "sess-r".to_string(),
+                    last_write_mtask_id: None,
+                    last_write_at: None,
+                    pinned_group: None,
+                    min_settings_version: 1,
+                    ttl: 100000,
+                })
+                .unwrap();
+
+            // Table 5: idempotency_cache
+            store
+                .insert_idempotency_entry(&IdempotencyEntry {
+                    key: "idemp-r".to_string(),
+                    body_sha256: vec![0; 32],
+                    miroir_task_id: "task-r".to_string(),
+                    expires_at: 100000,
+                })
+                .unwrap();
+
+            // Table 6: jobs
+            store
+                .insert_job(&NewJob {
+                    id: "job-r".to_string(),
+                    type_: "test".to_string(),
+                    params: "{}".to_string(),
+                    state: "queued".to_string(),
+                    progress: "{}".to_string(),
+                    parent_job_id: None,
+                    chunk_index: None,
+                    total_chunks: None,
+                    created_at: 1000,
+                })
+                .unwrap();
+
+            // Table 7: leader_lease
+            store
+                .try_acquire_leader_lease("scope-r", "pod-r", 100000, 0)
+                .unwrap();
+
+            // Table 8: canaries
+            store
+                .upsert_canary(&NewCanary {
+                    id: "canary-r".to_string(),
+                    name: "test-canary".to_string(),
+                    index_uid: "idx-r".to_string(),
+                    interval_s: 60,
+                    query_json: "{}".to_string(),
+                    assertions_json: "[]".to_string(),
+                    enabled: true,
+                    created_at: 1000,
+                })
+                .unwrap();
+
+            // Table 9: canary_runs
+            store
+                .insert_canary_run(
+                    &NewCanaryRun {
+                        canary_id: "canary-r".to_string(),
+                        ran_at: 1000,
+                        status: "pass".to_string(),
+                        latency_ms: 50,
+                        failed_assertions_json: None,
+                    },
+                    100,
+                )
+                .unwrap();
+
+            // Table 10: cdc_cursors
+            store
+                .upsert_cdc_cursor(&NewCdcCursor {
+                    sink_name: "sink-r".to_string(),
+                    index_uid: "idx-r".to_string(),
+                    last_event_seq: 42,
+                    updated_at: 1000,
+                })
+                .unwrap();
+
+            // Table 11: tenant_map
+            store
+                .insert_tenant_mapping(&NewTenantMapping {
+                    api_key_hash: vec![1u8; 32],
+                    tenant_id: "tenant-r".to_string(),
+                    group_id: Some(2),
+                })
+                .unwrap();
+
+            // Table 12: rollover_policies
+            store
+                .upsert_rollover_policy(&NewRolloverPolicy {
+                    name: "policy-r".to_string(),
+                    write_alias: "w-r".to_string(),
+                    read_alias: "r-r".to_string(),
+                    pattern: "p-r".to_string(),
+                    triggers_json: "{}".to_string(),
+                    retention_json: "{}".to_string(),
+                    template_json: "{}".to_string(),
+                    enabled: true,
+                })
+                .unwrap();
+
+            // Table 13: search_ui_config
+            store
+                .upsert_search_ui_config(&NewSearchUiConfig {
+                    index_uid: "idx-r".to_string(),
+                    config_json: "{}".to_string(),
+                    updated_at: 1000,
+                })
+                .unwrap();
+
+            // Table 14: admin_sessions
+            store
+                .insert_admin_session(&NewAdminSession {
+                    session_id: "admin-r".to_string(),
+                    csrf_token: "csrf-r".to_string(),
+                    admin_key_hash: "hash-r".to_string(),
+                    created_at: 1000,
+                    expires_at: 100000,
+                    user_agent: None,
+                    source_ip: None,
+                })
+                .unwrap();
+        }
+
+        // Phase 2: reopen and verify all 14 tables
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+
+            assert!(store.get_task("task-r").unwrap().is_some());
+            assert!(store
+                .get_node_settings_version("idx-r", "node-r")
+                .unwrap()
+                .is_some());
+            assert!(store.get_alias("alias-r").unwrap().is_some());
+            assert!(store.get_session("sess-r").unwrap().is_some());
+            assert!(store.get_idempotency_entry("idemp-r").unwrap().is_some());
+            assert!(store.get_job("job-r").unwrap().is_some());
+            assert!(store.get_leader_lease("scope-r").unwrap().is_some());
+            assert!(store.get_canary("canary-r").unwrap().is_some());
+            assert_eq!(store.get_canary_runs("canary-r", 10).unwrap().len(), 1);
+            assert!(store.get_cdc_cursor("sink-r", "idx-r").unwrap().is_some());
+            assert!(store.get_tenant_mapping(&vec![1u8; 32]).unwrap().is_some());
+            assert!(store.get_rollover_policy("policy-r").unwrap().is_some());
+            assert!(store.get_search_ui_config("idx-r").unwrap().is_some());
+            assert!(store.get_admin_session("admin-r").unwrap().is_some());
+        }
+    }
+
+    // --- Empty table overhead tests ---
+
+    #[test]
+    fn empty_feature_table_overhead_under_16kb() {
+        use std::fs;
+
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("overhead.db");
+
+        // Create and migrate a fresh database
+        {
+            let store = SqliteTaskStore::open(&path).unwrap();
+            store.migrate().unwrap();
+            // Drop store to ensure all data is flushed
+        }
+
+        // Get the file size
+        let metadata = fs::metadata(&path).unwrap();
+        let file_size = metadata.len();
+
+        // An empty SQLite database with all 14 tables
+        // The database file includes: schema, metadata, and page allocation overhead
+        // WAL mode creates additional files, but the main DB file should be reasonable
+
+        // A fresh SQLite database with 14 tables and WAL mode is typically 100-200 KB
+        // This includes the page structure and internal metadata
+        assert!(
+            file_size < 200 * 1024,
+            "Empty database size {} bytes exceeds 200 KB",
+            file_size
+        );
+
+        // For verification, log the actual size
+        println!(
+            "Empty database size: {} bytes ({} KB)",
+            file_size,
+            file_size / 1024
+        );
+    }
+
+    #[test]
+    fn empty_tables_add_minimal_overhead_per_table() {
+        use rusqlite::Connection;
+        use std::fs;
+
+        // Create a database with just the core 7 tables (001_initial.sql)
+        let dir1 = tempfile::tempdir().unwrap();
+        let path1 = dir1.path().join("core_only.db");
+        {
+            let conn = Connection::open(&path1).unwrap();
+            conn.execute_batch(include_str!("../../migrations/001_initial.sql"))
+                .unwrap();
+        }
+
+        let core_size = fs::metadata(&path1).unwrap().len();
+
+        // Create a database with all 14 tables (001 + 002)
+        let dir2 = tempfile::tempdir().unwrap();
+        let path2 = dir2.path().join("all_tables.db");
+        {
+            let conn = Connection::open(&path2).unwrap();
+            conn.execute_batch(include_str!("../../migrations/001_initial.sql"))
+                .unwrap();
+            conn.execute_batch(include_str!("../../migrations/002_feature_tables.sql"))
+                .unwrap();
+        }
+
+        let all_size = fs::metadata(&path2).unwrap().len();
+
+        // The 7 feature tables (canaries, canary_runs, cdc_cursors, tenant_map,
+        // rollover_policies, search_ui_config, admin_sessions) add overhead
+        let feature_overhead = all_size.saturating_sub(core_size);
+        let overhead_per_table = feature_overhead / 7;
+
+        // Acceptance criteria: each empty table should consume < 16 KB
+        // The average overhead per table should be well under 16 KB
+        assert!(
+            overhead_per_table < 16 * 1024,
+            "Feature tables average {} bytes per table, exceeds 16 KB",
+            overhead_per_table
+        );
+
+        println!("Core tables: {} bytes ({} KB)", core_size, core_size / 1024);
+        println!("All tables: {} bytes ({} KB)", all_size, all_size / 1024);
+        println!(
+            "Feature table overhead: {} bytes ({} KB)",
+            feature_overhead,
+            feature_overhead / 1024
+        );
+        println!(
+            "Average per feature table: {} bytes ({} KB)",
+            overhead_per_table,
+            overhead_per_table / 1024
+        );
+    }
 }
diff --git a/crates/miroir-proxy/src/routes/dumps.rs b/crates/miroir-proxy/src/routes/dumps.rs
index f525a12..479ebdb 100644
--- a/crates/miroir-proxy/src/routes/dumps.rs
+++ b/crates/miroir-proxy/src/routes/dumps.rs
@@ -4,7 +4,7 @@
 //! - `POST /_miroir/dumps/import` — start a dump import
 //! - `GET /_miroir/dumps/import/{id}/status` — get import status
 
-use axum::extract::{Extension, Path};
+use axum::extract::{Extension, FromRef, Path};
 use axum::http::StatusCode;
 use axum::routing::{get, post};
 use axum::{Json, Router};