@agent-native/dispatch 0.8.19 → 0.8.23

package/src/components/layout/Layout.tsx

@@ -1,8 +1,10 @@
 import {
   useEffect,
   useMemo,
+  useRef,
   useState,
   type ComponentType,
+  type FormEvent,
   type ReactNode,
 } from "react";
 import { NavLink, useLocation, useNavigate } from "react-router";
@@ -25,6 +27,8 @@ import {
   IconBrandTelegram,
   IconKey,
   IconChevronDown,
+  IconDots,
+  IconEdit,
   IconLayersSubtract,
   IconMessageQuestion,
   IconMessages,
@@ -38,6 +42,13 @@ import {
   IconUsersGroup,
 } from "@tabler/icons-react";
 import { cn } from "@/lib/utils";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@/components/ui/dropdown-menu";
+import { Input } from "@/components/ui/input";
 import {
   Sheet,
   SheetContent,
@@ -290,6 +301,14 @@ function threadTitle(thread: ChatThreadSummary) {
   return thread.title || thread.preview || "New chat";
 }
 
+function threadUpdatedAt(thread: ChatThreadSummary) {
+  return Number.isFinite(thread.updatedAt)
+    ? thread.updatedAt
+    : Number.isFinite(thread.createdAt)
+      ? thread.createdAt
+      : 0;
+}
+
 function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
   const navigate = useNavigate();
   const {
@@ -297,8 +316,13 @@ function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
     activeThreadId,
     createThread,
     switchThread,
+    renameThread,
     refreshThreads,
   } = useChatThreads(undefined, undefined, undefined, { autoCreate: false });
+  const [renamingThreadId, setRenamingThreadId] = useState<string | null>(null);
+  const [renameDraft, setRenameDraft] = useState("");
+  const renameInputRef = useRef<HTMLInputElement | null>(null);
+  const committingRenameRef = useRef(false);
 
   const visibleThreads = useMemo(
     () =>
@@ -306,7 +330,7 @@ function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
         .filter(
           (thread) => thread.messageCount > 0 || thread.id === activeThreadId,
         )
-        .sort((a, b) => b.updatedAt - a.updatedAt)
+        .sort((a, b) => threadUpdatedAt(b) - threadUpdatedAt(a))
         .slice(0, 8),
     [activeThreadId, threads],
   );
@@ -330,6 +354,14 @@ function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
     };
   }, [refreshThreads]);
 
+  useEffect(() => {
+    if (!renamingThreadId) return;
+    requestAnimationFrame(() => {
+      renameInputRef.current?.focus();
+      renameInputRef.current?.select();
+    });
+  }, [renamingThreadId]);
+
   function openThread(threadId: string, options?: { isNew?: boolean }) {
     switchThread(threadId);
     navigate(dispatchNavLinkTarget("/chat"));
@@ -348,6 +380,35 @@ function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
     if (threadId) openThread(threadId, { isNew: true });
   }
 
+  function startRenameThread(thread: ChatThreadSummary) {
+    committingRenameRef.current = false;
+    setRenameDraft(threadTitle(thread));
+    setRenamingThreadId(thread.id);
+  }
+
+  function cancelRenameThread() {
+    committingRenameRef.current = true;
+    setRenamingThreadId(null);
+    setRenameDraft("");
+  }
+
+  async function commitRenameThread() {
+    if (committingRenameRef.current) return;
+    const threadId = renamingThreadId;
+    const title = renameDraft.trim();
+    if (!threadId) return;
+    committingRenameRef.current = true;
+    setRenamingThreadId(null);
+    setRenameDraft("");
+    if (title) await renameThread(threadId, title);
+    committingRenameRef.current = false;
+  }
+
+  function handleRenameSubmit(event: FormEvent<HTMLFormElement>) {
+    event.preventDefault();
+    void commitRenameThread();
+  }
+
   return (
     <div className="mt-2 border-l border-sidebar-border/70 pl-3">
       <div className="mb-1 flex h-7 items-center gap-2 pr-1">
@@ -372,25 +433,82 @@ function DispatchChatsSection({ onNavigate }: { onNavigate?: () => void }) {
         {visibleThreads.length > 0 ? (
           visibleThreads.map((thread) => {
             const isActive = thread.id === activeThreadId;
+            const isRenaming = thread.id === renamingThreadId;
             return (
-              <button
+              <div
                 key={thread.id}
-                type="button"
-                onClick={() => openThread(thread.id)}
                 className={cn(
-                  "flex h-8 min-w-0 cursor-pointer items-center gap-2 rounded-md px-2 text-left text-sm transition-colors",
+                  "group flex h-8 min-w-0 items-center rounded-md text-sm transition-colors",
                   isActive
                     ? "bg-sidebar-accent text-sidebar-accent-foreground"
                     : "text-sidebar-foreground/80 hover:bg-sidebar-accent/65 hover:text-sidebar-accent-foreground",
                 )}
               >
-                <span className="min-w-0 flex-1 truncate">
-                  {threadTitle(thread)}
-                </span>
-                <span className="shrink-0 text-[11px] text-sidebar-foreground/50">
-                  {isActive ? "" : formatThreadAge(thread.updatedAt)}
-                </span>
-              </button>
+                {isRenaming ? (
+                  <form
+                    onSubmit={handleRenameSubmit}
+                    className="flex h-full min-w-0 flex-1 items-center px-1.5"
+                  >
+                    <Input
+                      ref={renameInputRef}
+                      value={renameDraft}
+                      onChange={(event) => setRenameDraft(event.target.value)}
+                      onBlur={() => void commitRenameThread()}
+                      onKeyDown={(event) => {
+                        if (event.key === "Escape") {
+                          event.preventDefault();
+                          cancelRenameThread();
+                        }
+                      }}
+                      maxLength={160}
+                      aria-label={`Rename ${threadTitle(thread)}`}
+                      className="h-6 min-w-0 rounded-sm border-sidebar-border bg-background px-1.5 text-xs"
+                    />
+                  </form>
+                ) : (
+                  <>
+                    <button
+                      type="button"
+                      onClick={() => openThread(thread.id)}
+                      className="flex h-full min-w-0 flex-1 cursor-pointer items-center px-2 text-left outline-none focus-visible:ring-2 focus-visible:ring-ring"
+                    >
+                      <span className="min-w-0 flex-1 truncate">
+                        {threadTitle(thread)}
+                      </span>
+                    </button>
+                    <div className="relative flex size-7 shrink-0 items-center justify-end pr-1">
+                      <span className="text-[11px] text-sidebar-foreground/50 transition-opacity group-hover:opacity-0 group-focus-within:opacity-0">
+                        {isActive
+                          ? ""
+                          : formatThreadAge(threadUpdatedAt(thread))}
+                      </span>
+                      <DropdownMenu>
+                        <DropdownMenuTrigger asChild>
+                          <button
+                            type="button"
+                            aria-label={`Chat options for ${threadTitle(thread)}`}
+                            className="absolute right-1 flex size-6 cursor-pointer items-center justify-center rounded-md text-sidebar-foreground/65 opacity-0 transition-opacity hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:opacity-100 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring group-hover:opacity-100 group-focus-within:opacity-100 data-[state=open]:opacity-100"
+                          >
+                            <IconDots className="size-4" />
+                          </button>
+                        </DropdownMenuTrigger>
+                        <DropdownMenuContent
+                          align="end"
+                          side="right"
+                          sideOffset={6}
+                        >
+                          <DropdownMenuItem
+                            onSelect={() => startRenameThread(thread)}
+                          >
+                            <IconEdit className="size-4" />
+                            Rename chat
+                          </DropdownMenuItem>
+                        </DropdownMenuContent>
+                      </DropdownMenu>
+                    </div>
+                  </>
+                )}
+              </div>
             );
           })
         ) : (
@@ -438,13 +556,14 @@ export function NavContent({
 
   const renderNavItem = (item: DispatchNavItem) => {
     const Icon = item.icon;
+    const itemMatchesLocalPath = navItemMatchesPath(item, localPathname);
     return (
       <li key={item.id}>
         <NavLink
           to={dispatchNavLinkTarget(item.to)}
           onClick={onNavigate}
           className={({ isActive }) => {
-            const active = isActive || navItemMatchesPath(item, localPathname);
+            const active = isActive || itemMatchesLocalPath;
             return cn(
               "flex h-8 w-full items-center gap-2 rounded-md px-2 text-sm",
               active
@@ -460,7 +579,7 @@ export function NavContent({
           )}
           <span className="truncate">{item.label}</span>
         </NavLink>
-        {item.id === "chat" ? (
+        {item.id === "chat" && itemMatchesLocalPath ? (
           <DispatchChatsSection onNavigate={onNavigate} />
         ) : null}
       </li>

package/src/routes/pages/apps.tsx

@@ -2,6 +2,7 @@ import { useState } from "react";
 import { useActionMutation, useActionQuery } from "@agent-native/core/client";
 import {
   IconApps,
+  IconBrain,
   IconBrush,
   IconCalendarMonth,
   IconChartBar,
@@ -11,6 +12,7 @@ import {
   IconFileText,
   IconLoader2,
   IconMail,
+  IconPhoto,
   IconPlus,
   IconPresentation,
   IconScreenShare,
@@ -58,6 +60,8 @@ const TEMPLATE_ICONS: Record<string, typeof IconMail> = {
   FileText: IconFileText,
   Presentation: IconPresentation,
   ScreenShare: IconScreenShare,
+  Brain: IconBrain,
+  Photo: IconPhoto,
   ChartBar: IconChartBar,
   ClipboardList: IconClipboardList,
   Brush: IconBrush,

package/src/routes/pages/chat.tsx

@@ -1,7 +1,15 @@
 import { useEffect, useRef } from "react";
-import { useLocation, useNavigate } from "react-router";
+import {
+  useLocation,
+  useNavigate,
+  type LoaderFunctionArgs,
+} from "react-router";
 import { AgentChatSurface } from "@agent-native/core/client";
 import { submitOverviewPrompt } from "@/lib/overview-chat";
+import {
+  buildThreadLinkPreviewMeta,
+  loadThreadLinkPreview,
+} from "@/server/lib/thread-link-preview";
 
 interface DispatchChatLocationState {
   dispatchPrompt?: {
@@ -15,8 +23,17 @@ interface DispatchChatLocationState {
   };
 }
 
-export function meta() {
-  return [{ title: "Chat — Dispatch" }];
+export async function loader({ request }: LoaderFunctionArgs) {
+  const threadId = new URL(request.url).searchParams.get("thread");
+  return {
+    threadPreview: await loadThreadLinkPreview(threadId),
+  };
+}
+
+export function meta({ data }: { data?: Awaited<ReturnType<typeof loader>> }) {
+  return data?.threadPreview
+    ? buildThreadLinkPreviewMeta(data.threadPreview)
+    : [{ title: "Chat — Dispatch" }];
 }
 
 export default function ChatRoute() {

package/src/routes/pages/overview.tsx

@@ -1,5 +1,5 @@
 import { useEffect, useMemo, useState } from "react";
-import { Link, useNavigate } from "react-router";
+import { Link, useNavigate, type LoaderFunctionArgs } from "react-router";
 import {
   PromptComposer,
   useActionQuery,
@@ -34,6 +34,10 @@ import {
   TooltipTrigger,
 } from "@/components/ui/tooltip";
 import { submitOverviewPrompt } from "@/lib/overview-chat";
+import {
+  buildThreadLinkPreviewMeta,
+  loadThreadLinkPreview,
+} from "@/server/lib/thread-link-preview";
 import type { WorkspaceAppSummary } from "@/lib/workspace-apps";
 
 interface IntegrationStatus {
@@ -395,18 +399,18 @@ function StatCard({
   cta?: React.ReactNode;
 }) {
   return (
-    <div className="rounded-2xl border bg-card p-5">
+    <div className="min-w-0 rounded-2xl border bg-card p-5">
       <div className="flex items-start justify-between gap-3">
         <div className="min-w-0">
-          <div className="flex items-center gap-1.5 text-sm font-medium text-foreground">
-            <span>{label}</span>
+          <div className="flex items-center gap-1.5 text-sm font-medium leading-snug text-foreground">
+            <span className="min-w-0">{label}</span>
             <HelpTooltip content={help} />
           </div>
           <div className="mt-3 text-3xl font-semibold text-foreground">
             {value}
           </div>
         </div>
-        <div className="rounded-xl border bg-muted/30 p-3 text-muted-foreground">
+        <div className="shrink-0 rounded-xl border bg-muted/30 p-3 text-muted-foreground">
           <Icon size={18} />
         </div>
       </div>
@@ -471,8 +475,17 @@ function StepRow({ step }: { step: ChecklistStep }) {
   );
 }
 
-export function meta() {
-  return [{ title: "Overview — Dispatch" }];
+export async function loader({ request }: LoaderFunctionArgs) {
+  const threadId = new URL(request.url).searchParams.get("thread");
+  return {
+    threadPreview: await loadThreadLinkPreview(threadId),
+  };
+}
+
+export function meta({ data }: { data?: Awaited<ReturnType<typeof loader>> }) {
+  return data?.threadPreview
+    ? buildThreadLinkPreviewMeta(data.threadPreview)
+    : [{ title: "Overview — Dispatch" }];
 }
 
 export default function OverviewRoute() {
@@ -636,7 +649,7 @@ export default function OverviewRoute() {
           <IconActivity size={16} className="text-muted-foreground" />
           <h2 className="text-sm font-semibold text-foreground">At a glance</h2>
         </div>
-        <div className="grid gap-4 md:grid-cols-2 xl:grid-cols-4">
+        <div className="grid grid-cols-[repeat(auto-fit,minmax(min(100%,13rem),1fr))] gap-4">
           <StatCard
             label="Vault secrets"
             help="Credentials stored in the workspace vault."

package/src/server/lib/app-creation-store.spec.ts

@@ -2,6 +2,7 @@ import { afterEach, describe, expect, it, vi } from "vitest";
 import { runWithRequestContext } from "@agent-native/core/server";
 import {
   generateWorkspaceAppDescription,
+  listAvailableWorkspaceTemplates,
   listWorkspaceApps,
   updateWorkspaceAppMetadata,
 } from "./app-creation-store.js";
@@ -347,4 +348,18 @@ describe("listWorkspaceApps", () => {
       ),
     ).toBe("Tracks customer onboarding risks and handoffs.");
   });
+
+  it("offers Brain and Assets as workspace template tiles", async () => {
+    stubNoPendingContext();
+    stubManifest([{ id: "dispatch", name: "Dispatch", path: "/dispatch" }]);
+
+    const templates = await runWithRequestContext(
+      { userEmail: "dev@example.test" },
+      () => listAvailableWorkspaceTemplates(),
+    );
+
+    expect(templates.map((template) => template.name)).toEqual(
+      expect.arrayContaining(["brain", "assets"]),
+    );
+  });
 });

package/src/server/lib/app-creation-store.ts

@@ -1293,6 +1293,24 @@ const ADDABLE_TEMPLATES: AvailableWorkspaceTemplate[] = [
     colorRgb: "98 93 245",
     core: true,
   },
+  {
+    name: "brain",
+    label: "Brain",
+    hint: "Cited company knowledge from Slack, meetings, transcripts, and decisions",
+    icon: "Brain",
+    color: "#8B5CF6",
+    colorRgb: "139 92 246",
+    core: true,
+  },
+  {
+    name: "assets",
+    label: "Assets",
+    hint: "Upload, organize, search, and generate on-brand images and videos",
+    icon: "Photo",
+    color: "#0F766E",
+    colorRgb: "15 118 110",
+    core: true,
+  },
   {
     name: "analytics",
     label: "Analytics",

package/src/server/lib/dispatch-integrations.spec.ts

@@ -38,6 +38,21 @@ function slackIncoming(
   };
 }
 
+function emailIncoming(
+  overrides: Partial<IncomingMessage> = {},
+): IncomingMessage {
+  return {
+    platform: "email",
+    externalThreadId: "victim@member.test::<root@member.test>",
+    text: "transfer everything",
+    senderId: "victim@member.test",
+    senderName: "Victim",
+    platformContext: { from: "victim@member.test" },
+    timestamp: 1,
+    ...overrides,
+  };
+}
+
 beforeEach(() => {
   mocks.resolveLinkedOwner.mockResolvedValue(null);
   mocks.consumeLinkToken.mockResolvedValue("owner@example.test");
@@ -113,4 +128,58 @@ describe("resolveDispatchOwner", () => {
       "default@example.test",
     );
   });
+
+  it("does NOT impersonate an org member from an unverified (spoofed) email From", async () => {
+    // Attacker spoofs From: victim@member.test, which IS a real org member —
+    // but the message is unverified (no DKIM/SPF pass). Must fall through to
+    // the synthetic, credential-less owner, NOT the victim's identity.
+    mocks.resolveOrgIdForEmail.mockResolvedValue("org_123");
+
+    const owner = await resolveDispatchOwner(
+      emailIncoming({ senderVerified: false }),
+    );
+
+    expect(owner).not.toBe("victim@member.test");
+    expect(owner).toMatch(/@integration\.local$/);
+  });
+
+  it("does NOT impersonate when sender is verified but not an org member", async () => {
+    mocks.resolveOrgIdForEmail.mockResolvedValue(null);
+
+    const owner = await resolveDispatchOwner(
+      emailIncoming({
+        senderId: "stranger@outside.test",
+        platformContext: { from: "stranger@outside.test" },
+        senderVerified: true,
+      }),
+    );
+
+    expect(owner).not.toBe("stranger@outside.test");
+    expect(owner).toMatch(/@integration\.local$/);
+  });
+
+  it("uses the email sender as owner when verified AND an org member", async () => {
+    mocks.resolveOrgIdForEmail.mockResolvedValue("org_123");
+
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: true })),
+    ).resolves.toBe("victim@member.test");
+  });
+
+  it("honors a linked identity for email regardless of verification", async () => {
+    mocks.resolveLinkedOwner.mockResolvedValueOnce("linked@member.test");
+
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: false })),
+    ).resolves.toBe("linked@member.test");
+    expect(mocks.resolveOrgIdForEmail).not.toHaveBeenCalled();
+  });
+
+  it("restores legacy trust-From behavior under the escape hatch", async () => {
+    vi.stubEnv("DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER", "1");
+
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: false })),
+    ).resolves.toBe("victim@member.test");
+  });
 });

package/src/server/lib/dispatch-integrations.ts

@@ -164,14 +164,37 @@ export async function resolveDispatchOwner(
     });
     if (owner) return owner;
 
-    // For email, the sender's email address is already a natural identity.
-    // If the senderId looks like an email address, use it directly as the owner.
+    // For email, the sender's `From:` address is attacker-settable: SMTP lets
+    // anyone claim any From, and our inbound webhook secret only authenticates
+    // the provider→app hop, not the original sender. So we must NOT grant a
+    // real user's identity (their API keys, org secrets, personal
+    // instructions, ownable data) off the bare From. Mirror the Slack gate:
+    // only return the sender email as the acting owner when BOTH
+    //   (a) the message is DKIM/SPF-verified for the From domain, AND
+    //   (b) that email maps to a real org member.
+    // Otherwise fall through to the synthetic, credential-less fallback owner.
+    // (A linked identity, handled by resolveLinkedOwner above, remains an
+    // always-allowed way to bind an address regardless of verification.)
+    //
+    // Escape hatch: set DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER=1 to restore
+    // the legacy "trust the From header" behavior. OFF by default; only use
+    // this if you fully control the inbound mail path and accept that a
+    // spoofed From can act as any org member. See FINDING 3 (inbound-email
+    // impersonation) in the webhook security audit.
     if (
       incoming.platform === "email" &&
       incoming.senderId &&
       incoming.senderId.includes("@")
     ) {
-      return incoming.senderId;
+      if (process.env.DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER === "1") {
+        return incoming.senderId;
+      }
+      if (incoming.senderVerified) {
+        const orgId = await resolveOrgIdForEmail(incoming.senderId);
+        if (orgId) return incoming.senderId;
+      }
+      // Unverified or not an org member — do not impersonate. Fall through to
+      // the synthetic fallback owner below.
     }
 
     // Slack gives us a user id in the event payload. Resolve it to a verified

package/src/server/lib/thread-link-preview.spec.ts

@@ -0,0 +1,129 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { ChatThread } from "@agent-native/core/server";
+
+const getRequestContextMock = vi.hoisted(() => vi.fn());
+const getThreadMock = vi.hoisted(() => vi.fn());
+
+vi.mock("@agent-native/core/server", () => ({
+  getRequestContext: getRequestContextMock,
+  getThread: getThreadMock,
+}));
+
+import {
+  extractThreadPreviewImageUrl,
+  loadThreadLinkPreview,
+} from "./thread-link-preview";
+
+function threadDataWithResult(toolName: string, result: unknown) {
+  return JSON.stringify({
+    messages: [
+      {
+        message: {
+          role: "assistant",
+          content: [
+            {
+              type: "tool-call",
+              toolName,
+              result:
+                typeof result === "string" ? result : JSON.stringify(result),
+            },
+          ],
+        },
+        parentId: null,
+      },
+    ],
+  });
+}
+
+function previewThread(overrides: Partial<ChatThread> = {}): ChatThread {
+  return {
+    id: "thread-1",
+    ownerEmail: "owner@example.test",
+    title: "Launch image",
+    preview: "Generated a launch image",
+    threadData: threadDataWithResult("generate-image", {
+      previewUrl: "https://cdn.example.com/generated-social.webp",
+    }),
+    messageCount: 1,
+    createdAt: 1,
+    updatedAt: 2,
+    scope: null,
+    pinnedAt: null,
+    archivedAt: null,
+    ...overrides,
+  };
+}
+
+beforeEach(() => {
+  getRequestContextMock.mockReset();
+  getThreadMock.mockReset();
+});
+
+describe("thread link preview image extraction", () => {
+  it("uses generated image preview URLs from generate-image results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+          previewUrl: "https://cdn.example.com/generated-social.webp",
+          thumbnailUrl: "https://cdn.example.com/generated-social-thumb.webp",
+        }),
+      ),
+    ).toBe("https://cdn.example.com/generated-social.webp");
+  });
+
+  it("uses the newest image from batched generation results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image-batch", {
+          images: [
+            { previewUrl: "https://cdn.example.com/first.png" },
+            { previewUrl: "https://cdn.example.com/latest.png" },
+          ],
+        }),
+      ),
+    ).toBe("https://cdn.example.com/latest.png");
+  });
+
+  it("ignores asset page URLs that are not image media", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+        }),
+      ),
+    ).toBeNull();
+  });
+});
+
+describe("thread link preview access", () => {
+  it("loads preview metadata for the owning user", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "owner@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+
+    await expect(loadThreadLinkPreview(" thread-1 ")).resolves.toEqual({
+      title: "Launch image",
+      description: "Generated a launch image",
+      imageUrl: "https://cdn.example.com/generated-social.webp",
+    });
+    expect(getThreadMock).toHaveBeenCalledWith("thread-1");
+  });
+
+  it("does not read thread metadata without an authenticated request context", async () => {
+    getRequestContextMock.mockReturnValue(undefined);
+
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+    expect(getThreadMock).not.toHaveBeenCalled();
+  });
+
+  it("does not emit another user's thread metadata", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "viewer@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+  });
+});