collavre 0.20.3 → 0.22.0

data/app/controllers/collavre/api/v1/base_controller.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Api
+    module V1
+      class BaseController < ActionController::API
+        before_action :authenticate!
+
+        private
+
+        def authenticate!
+          token = extract_bearer_token
+          if token.blank?
+            render json: { error: "Missing authentication token" }, status: :unauthorized
+            return
+          end
+
+          access_token = Doorkeeper::AccessToken.by_token(token)
+          unless access_token&.accessible?
+            render json: { error: "Invalid authentication token" }, status: :unauthorized
+            return
+          end
+
+          user = Collavre::User.find_by(id: access_token.resource_owner_id)
+          unless user
+            render json: { error: "User not found" }, status: :unauthorized
+            return
+          end
+
+          Collavre::Current.user = user
+        end
+
+        def extract_bearer_token
+          auth_header = request.headers["Authorization"]
+          return nil unless auth_header&.start_with?("Bearer ")
+
+          auth_header.sub("Bearer ", "")
+        end
+
+        def current_user
+          Collavre::Current.user
+        end
+      end
+    end
+  end
+end

data/app/controllers/collavre/application_controller.rb

@@ -9,8 +9,35 @@ module Collavre
     # of sync with the session cookie and POSTs fail with 422.
     after_action :set_csrf_token_header
 
+    before_action :redirect_authenticated_root_to_home
+
     private
 
+    # If the original request was for "/" and the user is signed in,
+    # honor SystemSetting.home_page_path_authenticated by redirecting.
+    # The middleware preserves "/" as a stable URL for unauthenticated
+    # visitors; authenticated users get a real URL change so the address
+    # bar reflects state.
+    #
+    # Loop safety: the env flag is only set when PATH_INFO == "/" hits
+    # the middleware. Direct visits to the redirect target never trip it,
+    # so comparing request.path to target would be wrong here — when both
+    # home_page_path and home_page_path_authenticated resolve to the same
+    # path, the middleware has already rewritten request.path to that
+    # target while the browser URL is still "/", and we must still
+    # redirect so the address bar reflects state.
+    def redirect_authenticated_root_to_home
+      return unless request.get? || request.head?
+      return unless request.env["collavre.root_request"]
+      return unless authenticated?
+
+      target = SystemSetting.home_page_path_authenticated
+      return if target.blank?
+      return if target == "/"
+
+      redirect_to target
+    end
+
     def set_csrf_token_header
       return unless protect_against_forgery?
 

data/app/controllers/collavre/attachments_controller.rb

@@ -8,7 +8,7 @@ module Collavre
         return head :forbidden
       end
 
-      blob.purge
+      purge_unless_referenced(blob)
       head :no_content
     rescue ActiveRecord::RecordNotFound
       head :not_found
@@ -19,10 +19,38 @@ module Collavre
 
     private
 
+    # A blob can be shared across creatives (description HTML copied between
+    # them). The editor fires this DELETE for removed nodes after its PATCH, so
+    # purging unconditionally could delete a blob another creative still
+    # references, 404-ing its description. Only purge a true orphan.
+    def purge_unless_referenced(blob)
+      signed_id = blob.signed_id
+      pattern = "%#{ActiveRecord::Base.sanitize_sql_like(signed_id)}%"
+
+      return if Creative.where("description LIKE ?", pattern).exists?
+      return if ActiveStorage::Attachment.where(blob_id: blob.id).exists?
+
+      blob.purge
+    end
+
     def authorized_to_purge?(blob)
       return false unless Current.user
 
-      attachment_owned_by_current_user?(blob) || editable_creative_reference?(blob)
+      attachment_owned_by_current_user?(blob) ||
+        editable_creative_reference?(blob) ||
+        orphan_blob?(blob)
+    end
+
+    # Authorize purging a true orphan (attached to nothing, in no description).
+    # Covers a node removed before its blob was ever attached (removed-then-save,
+    # so reconcile never sees it), which can prove neither ownership nor a
+    # writable reference and would otherwise 403, stranding the blob. Safe: any
+    # in-use blob still fails this check. Mirrors purge_unless_referenced.
+    def orphan_blob?(blob)
+      pattern = "%#{ActiveRecord::Base.sanitize_sql_like(blob.signed_id)}%"
+
+      !ActiveStorage::Attachment.where(blob_id: blob.id).exists? &&
+        !Creative.where("description LIKE ?", pattern).exists?
     end
 
     def attachment_owned_by_current_user?(blob)

data/app/controllers/collavre/channels_controller.rb

@@ -0,0 +1,23 @@
+module Collavre
+  class ChannelsController < ApplicationController
+    include Collavre::CreativePermissionGuard
+
+    before_action :set_channel
+    before_action :require_creative_write!
+
+    def destroy
+      @channel.dismiss!
+      head :no_content
+    end
+
+    private
+
+    def set_channel
+      # Look up among not-yet-dismissed channels (active OR detached). The X
+      # button must work on detached chips too — those linger so the user can
+      # still see the final merge/close badge until they choose to clear it.
+      @channel = Channel.not_dismissed.find(params[:id])
+      @creative = @channel.topic.creative.effective_origin
+    end
+  end
+end

data/app/controllers/collavre/comments_controller.rb

@@ -6,7 +6,7 @@ module Collavre
     include Collavre::Comments::BatchOperations
 
     before_action :set_creative
-    before_action :set_comment, only: [ :destroy, :show, :update, :convert, :approve, :update_action, :download_images, :remove_image ]
+    before_action :set_comment, only: [ :destroy, :show, :update, :convert, :approve, :deny, :update_action, :download_images, :remove_image ]
 
     def fullscreen
       # Render the creative index page with comments popup auto-opened in fullscreen.

data/app/controllers/collavre/creatives/attachments_controller.rb

@@ -0,0 +1,79 @@
+module Collavre
+  module Creatives
+    # Bearer-only multipart upload endpoint for agents/CLI. Creates an
+    # ActiveStorage blob from the uploaded bytes, embeds the matching node into
+    # the Creative's description, and lets after_save reconcile attach it to
+    # creative.files. No server-local paths, no session/CSRF.
+    class AttachmentsController < Collavre::ApplicationController
+      include Collavre::PublicAssetsHelper
+
+      allow_unauthenticated_access
+      skip_forgery_protection
+      before_action :authenticate_bearer!
+
+      def create
+        creative = Collavre::Creative.find_by(id: params[:creative_id])
+        return render(json: { error: "Creative not found" }, status: :not_found) unless creative
+
+        unless creative.has_permission?(Current.user, :write)
+          return render(json: { error: "No write permission" }, status: :forbidden)
+        end
+
+        unless creative.attachments_embeddable?
+          return render(json: { error: "Cannot attach files to GitHub-synced content" }, status: :unprocessable_entity)
+        end
+
+        file = params[:file]
+        return render(json: { error: "No file provided" }, status: :unprocessable_entity) unless file.respond_to?(:read)
+
+        io = file.to_io
+        content_type = resolved_content_type(file, io)
+        io.rewind
+        blob = ActiveStorage::Blob.create_and_upload!(
+          io: io,
+          filename: file.original_filename,
+          content_type: content_type
+        )
+
+        creative.embed_attachment_blob!(blob)
+
+        render json: {
+          signed_id: blob.signed_id,
+          filename: blob.filename.to_s,
+          content_type: blob.content_type,
+          byte_size: blob.byte_size,
+          url: public_asset_url(blob)
+        }
+      end
+
+      private
+
+      # The bundled `collavre` CLI sends application/octet-stream for every part,
+      # so treat octet-stream (and blank) as "unknown" and sniff via Marcel —
+      # otherwise png/mp4 render as generic download links, not inline media.
+      def resolved_content_type(file, io)
+        declared = file.content_type.presence
+        return declared if declared && declared != "application/octet-stream"
+
+        Marcel::MimeType.for(io, name: file.original_filename).presence ||
+          "application/octet-stream"
+      end
+
+      # Resolve a Doorkeeper bearer token to Current.user. The MCP middleware
+      # only does this for /mcp paths, so this endpoint authenticates itself.
+      def authenticate_bearer!
+        token_string = Doorkeeper::OAuth::Token.from_request(
+          request, *Doorkeeper.configuration.access_token_methods
+        )
+        token = Doorkeeper::AccessToken.by_token(token_string) if token_string.present?
+        user = Collavre::User.find_by(id: token.resource_owner_id) if token&.accessible?
+
+        if user
+          Current.user = user
+        else
+          render json: { error: "Unauthorized" }, status: :unauthorized
+        end
+      end
+    end
+  end
+end

data/app/controllers/collavre/creatives_controller.rb

@@ -118,6 +118,7 @@ module Collavre
 
           trigger_loop_data = @creative.data&.dig("trigger", "loop")
           parent_trigger_enabled = @creative.parent&.drop_trigger_enabled? || false
+          can_edit = @creative.has_permission?(Current.user, :write)
 
           etag = [
             "creative",
@@ -132,7 +133,9 @@ module Collavre
             "trigger_v3",
             trigger_loop_data&.dig("state"),
             trigger_loop_data&.dig("current_iteration"),
-            parent_trigger_enabled
+            parent_trigger_enabled,
+            "can_edit",
+            can_edit
           ].join(":")
 
           if stale?(etag: etag, last_modified: last_modified, public: false)
@@ -142,6 +145,13 @@ module Collavre
             else
                       @creative.ancestors.count + 1
             end
+            sanitized_data = @creative.effective_origin(Set.new).data
+            # markdown_source is exposed via the top-level `markdown_source:` field for writers;
+            # exclude it from the editable `data` payload so the metadata YAML editor can't
+            # round-trip a stale copy back into data["markdown_source"] on update_metadata.
+            if sanitized_data.is_a?(Hash) && sanitized_data.key?("markdown_source")
+              sanitized_data = sanitized_data.except("markdown_source")
+            end
             render json: {
               id: @creative.id,
               description: @creative.effective_description,
@@ -153,10 +163,12 @@ module Collavre
               depth: depth,
               prompt: @creative.prompt_for(Current.user),
               has_children: children_count > 0,
-              data: @creative.effective_origin(Set.new).data,
+              data: sanitized_data,
+              content_type: effective.data&.dig("content_type"),
+              markdown_source: can_edit ? effective.data&.dig("markdown_source") : nil,
               trigger_loop: trigger_loop_data,
               is_trigger_task: parent_trigger_enabled,
-              can_edit: @creative.has_permission?(Current.user, :write)
+              can_edit: can_edit
             }
           end
         end
@@ -190,7 +202,16 @@ module Collavre
       @creative = result.creative
 
       if result.success?
-        render json: { id: @creative.id }
+        # Expose the post-rewrite markdown source so the client can sync its
+        # textarea after the server replaces inline data: URIs with blob paths,
+        # matching the update endpoint contract. Without this, a freshly created
+        # markdown creative with a pasted data: URI would re-import the blob on
+        # the next keystroke save.
+        render json: {
+          id: @creative.id,
+          content_type: @creative.data&.dig("content_type"),
+          markdown_source: @creative.data&.dig("markdown_source")
+        }
       else
         render json: { errors: result.errors }, status: :unprocessable_entity
       end
@@ -259,8 +280,17 @@ module Collavre
               id: base.id,
               progress: base.progress,
               progress_html: view_context.render_creative_progress(base),
-              has_children: base.children.exists?
+              has_children: base.children.exists?,
+              content_type: base.data&.dig("content_type")
             }
+            # Expose the post-rewrite markdown source so the client can sync its
+            # textarea after the server replaces inline data: URIs with blob paths.
+            # Gated on write permission so a read-only share recipient moving a
+            # linked creative (parent_id-only PATCH bypasses the origin_changes
+            # write check) cannot read the origin's raw Markdown source.
+            if @creative.has_permission?(Current.user, :write)
+              response_data[:markdown_source] = base.data&.dig("markdown_source")
+            end
             # Build ancestor chain for progress updates (closure_tree: 1 SELECT via hierarchy table)
             ancestor_records = base.ancestors.order(:id)
             if ancestor_records.any?
@@ -359,6 +389,20 @@ module Collavre
         render json: { error: "Invalid JSON: #{e.message}" }, status: :unprocessable_entity
         return
       end
+      unless new_data.is_a?(Hash)
+        render json: { error: t("collavre.creatives.errors.metadata_must_be_object") }, status: :unprocessable_entity
+        return
+      end
+      # Reserved markdown fields are not editable via metadata; preserve current values so a stale
+      # YAML payload from the metadata popup can't overwrite a concurrent markdown edit.
+      current_data = creative.data || {}
+      %w[markdown_source content_type].each do |key|
+        if current_data.key?(key)
+          new_data[key] = current_data[key]
+        else
+          new_data.delete(key)
+        end
+      end
       previous_enabled = creative.drop_trigger_enabled?
 
       if creative.update(data: new_data)
@@ -499,7 +543,7 @@ module Collavre
       end
 
       def creative_params
-        params.require(:creative).permit(:description, :progress, :parent_id, :sequence, :origin_id)
+        params.require(:creative).permit(:description, :progress, :parent_id, :sequence, :origin_id, :markdown_source, :content_type_input)
       end
 
       def any_filter_active?
@@ -519,12 +563,102 @@ module Collavre
 
       def serialize_creatives(collection)
         if params[:simple].present?
-          collection.map { |c| { id: c.id, description: c.effective_description(nil, false), progress: c.progress } }
+          # Preload origins so effective_origin (used per linked-shell row in both
+          # children_presence_set and the origin_id mapping below) resolves from
+          # memory instead of firing a query per shell. Only browse can hold shells;
+          # search is scoped to origin_id: nil, so this is a no-op there.
+          ActiveRecord::Associations::Preloader.new(records: collection.to_a, associations: :origin).call
+          children_ids = children_presence_set(collection)
+          searching = params[:search].present?
+          breadcrumbs = searching ? ::Creatives::BreadcrumbResolver.new(collection.map(&:id), user: Current.user, include_archived: params[:show_archived].present?).call : {}
+          # For hits routed through a linked shell, the path to expand in the
+          # user's own tree (local folders -> shell) so a breadcrumb jump can
+          # reach a shell nested under a collapsed folder.
+          reveal_paths = searching ? ::Creatives::RevealPathResolver.new(collection.map(&:id), user: Current.user, include_archived: params[:show_archived].present?).call : {}
+          collection.map do |c|
+            item = {
+              id: c.id,
+              description: c.effective_description(nil, false),
+              progress: c.progress,
+              has_children: children_ids.include?(c.id)
+            }
+            reveal = reveal_paths[c.id]
+            path = breadcrumbs[c.id]
+            if path.present?
+              item[:path] = mask_unreachable_crumbs(path, reveal)
+            end
+            item[:reveal_path] = reveal if reveal.present?
+            # For linked shells, expose the effective origin id so the picker can
+            # map a search breadcrumb (origin ids) back to the rendered shell node.
+            item[:origin_id] = c.effective_origin.id if c.origin_id
+            item
+          end
         else
           collection.map { |c| { id: c.id, description: c.effective_description, progress: c.progress } }
         end
       end
 
+      # A breadcrumb jump expands the tree from a rendered root (or, for a shared
+      # subtree, a linked shell) down to the clicked crumb. If an ancestor above a
+      # crumb is itself unrenderable (unreadable, or archived while archived rows
+      # aren't shown) and no linked shell re-roots the path at/below it, the
+      # descendant can't be expanded either — so mask it too. BreadcrumbResolver
+      # masks the unrenderable ancestor itself; this masks everything downstream of
+      # it on the plain origin chain, matching exactly what the tree can render.
+      #
+      # `reveal` is RevealPathResolver's per-origin map: a crumb whose origin id is
+      # a key re-roots navigation through its own shell (the client anchors at the
+      # nearest reveal entry at/above the clicked crumb), so it clears the block for
+      # itself and its descendants regardless of an archived/unreadable origin
+      # above it.
+      def mask_unreachable_crumbs(path, reveal)
+        blocked = false
+        path.map do |crumb|
+          if reveal&.key?(crumb[:id])
+            blocked = false
+            crumb
+          elsif crumb[:restricted]
+            blocked = true
+            crumb
+          elsif blocked
+            crumb.merge(restricted: true, description: nil)
+          else
+            crumb
+          end
+        end
+      end
+
+      # Batched "does this node have a child the user can actually browse to?"
+      # lookup so the picker tree renders expand toggles without an N+1.
+      #
+      # Must match exactly what expanding the node shows (IndexQuery#handle_id_query
+      # -> children_with_permission, minus archived unless show_archived), or the
+      # toggle either hides a reachable subtree or opens to an empty branch (and
+      # leaks that hidden children exist). Two alignments are needed:
+      #   1. Linked shells (origin_id set) store children under the effective
+      #      origin (redirect_parent_to_origin + children->origin migration), so
+      #      resolve each row to its effective origin before the lookup.
+      #   2. Apply the same archived + read-permission filters as the browse path.
+      def children_presence_set(collection)
+        return Set.new if collection.empty?
+
+        origin_id_by_id = collection.to_h { |c| [ c.id, c.effective_origin.id ] }
+
+        candidates = Creative.where(parent_id: origin_id_by_id.values.uniq)
+        candidates = candidates.where(archived_at: nil) unless params[:show_archived]
+        child_rows = candidates.pluck(:id, :parent_id) # [child_id, origin_id]
+        return Set.new if child_rows.empty?
+
+        readable = ::Creatives::PermissionFilter
+          .new(user: Current.user).readable_ids(child_rows.map(&:first)).to_set
+        origins_with_visible_children = child_rows
+          .each_with_object(Set.new) { |(child_id, origin_id), set| set << origin_id if readable.include?(child_id) }
+
+        collection.each_with_object(Set.new) do |c, set|
+          set << c.id if origins_with_visible_children.include?(origin_id_by_id[c.id])
+        end
+      end
+
       def reorderer
         @reorderer ||= ::Creatives::Reorderer.new(user: Current.user)
       end

data/app/controllers/collavre/landing_controller.rb

@@ -0,0 +1,8 @@
+module Collavre
+  class LandingController < ApplicationController
+    allow_unauthenticated_access
+
+    def show
+    end
+  end
+end

data/app/controllers/collavre/public_assets_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Collavre
+  # Serves ActiveStorage blobs through a CDN-friendly path:
+  #   /public-assets/blobs/:signed_id/*filename
+  #
+  # The signed_id is the only capability — no auth required. This makes the URL
+  # safe to embed in landing pages and other publicly-rendered HTML. CloudFront
+  # caches by full URL, so rotating signed_id (re-attach) invalidates effectively.
+  class PublicAssetsController < ActionController::Base
+    include ActiveStorage::SetCurrent
+    include ActiveStorage::Streaming
+
+    PUBLIC_CACHE_CONTROL = "public, max-age=31536000, immutable"
+
+    def show
+      blob = ActiveStorage::Blob.find_signed!(params[:signed_id])
+      response.headers["Cache-Control"] = PUBLIC_CACHE_CONTROL
+      send_blob_stream blob, disposition: "inline"
+    rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveRecord::RecordNotFound
+      head :not_found
+    end
+  end
+end

data/app/controllers/collavre/tasks_controller.rb

@@ -10,21 +10,29 @@ module Collavre
         return head :forbidden
       end
 
-      unless %w[running pending queued pending_approval].include?(task.status)
+      unless %w[running pending queued pending_approval delegated].include?(task.status)
         return head :unprocessable_entity
       end
 
+      was_delegated = task.status == "delegated"
       task.update!(status: "cancelled")
 
-      abort_openclaw_session(task)
+      # Delegated tasks have no active worker to run the ensure-block release,
+      # so free the agent slot and drain the topic queue here.
+      if was_delegated && task.agent
+        Collavre::Orchestration::ResourceTracker.for(task.agent).release!(task.id)
+        Collavre::Orchestration::AgentOrchestrator.dequeue_next_for_topic(task.topic_id, task.creative_id)
+      end
+
+      abort_agent_session(task)
 
       head :ok
     end
 
     private
 
-    def abort_openclaw_session(task)
-      Collavre::OpenclawAbortService.call(agent: task.agent, task: task)
+    def abort_agent_session(task)
+      Collavre::AgentSessionAbort.call(agent: task.agent, task: task)
     end
   end
 end

data/app/controllers/collavre/topics_controller.rb

@@ -3,7 +3,7 @@ module Collavre
     include Collavre::CreativePermissionGuard
 
     before_action :set_creative
-    before_action :require_creative_read!, only: %i[next_name]
+    before_action :require_creative_read!, only: %i[next_name channel_chips]
     before_action :require_creative_admin!, only: %i[update destroy move reorder]
     before_action :require_creative_write!, only: %i[create archive unarchive set_primary_agent]
 
@@ -12,8 +12,15 @@ module Collavre
       can_manage = @creative.has_permission?(Current.user, :admin) || is_owner
       can_create_topic = can_manage || @creative.has_permission?(Current.user, :write)
 
-      active_topics = @creative.topics.active.order(:created_at).to_a
-      preload_primary_agents(active_topics)
+      # Eagerly ensure Main (and System for inboxes) exist BEFORE loading
+      # active_topics. Otherwise the first inbox visit sees no System topic in
+      # the sidebar, and when a later notification creates it via
+      # find_or_create_by!, the unread badge appears but the user has no way to
+      # open the topic.
+      main_topic = @creative.main_topic(fallback_user: Current.user)
+      system_topic = @creative.inbox? ? @creative.system_topic(fallback_user: Current.user) : nil
+
+      active_topics = @creative.topics.active.includes(primary_agent: { avatar_attachment: :blob }).order(:created_at).to_a
       archived_topics = @creative.topics.archived.order(:created_at)
 
       last_topic_id = if Current.user
@@ -22,8 +29,8 @@ module Collavre
                           .pick(:last_topic_id)
       end
 
-      system_topic_id = @creative.inbox? ? @creative.topics.find_by(name: Creative::SYSTEM_TOPIC_NAME)&.id : nil
-      main_topic_id = @creative.main_topic(fallback_user: Current.user).id
+      system_topic_id = system_topic&.id
+      main_topic_id = main_topic.id
 
       render json: {
         topics: active_topics.map { |t| topic_json(t) },
@@ -33,7 +40,8 @@ module Collavre
         last_topic_id: last_topic_id,
         is_inbox: @creative.inbox?,
         system_topic_id: system_topic_id,
-        main_topic_id: main_topic_id
+        main_topic_id: main_topic_id,
+        effective_creative_id: @creative.id
       }
     end
 
@@ -73,6 +81,11 @@ module Collavre
       render json: { name: generate_next_topic_name }
     end
 
+    def channel_chips
+      topic = @creative.topics.find(params[:id])
+      render partial: "collavre/comments/channel_chips", locals: { topic: topic }
+    end
+
     def update
       topic = @creative.topics.find(params[:id])
 
@@ -92,8 +105,23 @@ module Collavre
       end
 
       topic_id = topic.id
+      topic_name = topic.name
       topic.destroy
 
+      # Best-effort orphaned-cron notice. Must never break the core deletion:
+      # if it raises, swallow + log so broadcast/head still run.
+      begin
+        Collavre::Topics::OrphanedCronNotifier.new(
+          topic_id: topic_id,
+          topic_name: topic_name
+        ).call
+      rescue StandardError => e
+        Rails.logger.error(
+          "[TopicsController#destroy] OrphanedCronNotifier failed for topic " \
+          "#{topic_id}: #{e.class} #{e.message}"
+        )
+      end
+
       broadcast_topic_event("deleted", topic_id: topic_id)
       head :no_content
     end
@@ -194,32 +222,10 @@ module Collavre
       "#{prefix}#{next_number}"
     end
 
-    # Batch-load primary agents for all topics to avoid N+1 queries
-    def preload_primary_agents(topics)
-      topic_ids = topics.map(&:id)
-      return if topic_ids.empty?
-
-      policies = OrchestratorPolicy.where(
-        policy_type: "arbitration",
-        scope_type: "Topic",
-        scope_id: topic_ids
-      ).index_by { |p| p.scope_id.to_i }
-
-      agent_ids = policies.values.filter_map { |p| p.config&.dig("primary_agent_id") }
-      agents = agent_ids.present? ? User.where(id: agent_ids).includes(avatar_attachment: :blob).index_by(&:id) : {}
-
-      topics.each do |topic|
-        policy = policies[topic.id]
-        agent_id = policy&.config&.dig("primary_agent_id")
-        topic.instance_variable_set(:@_primary_agent, agents&.dig(agent_id))
-      end
-    end
-
     def topic_json(topic)
       data = topic.slice(:id, :name, :source_topic_id)
-      agent = topic.instance_variable_get(:@_primary_agent) || topic.primary_agent
-      if agent
-        data[:primary_agent] = agent_json(agent)
+      if topic.primary_agent
+        data[:primary_agent] = agent_json(topic.primary_agent)
       end
       data
     end