@agent-team-foundation/first-tree-hub 0.10.14 → 0.11.0

package/dist/{bootstrap-B2x4TTyJ.mjs → bootstrap-DUeYbwm-.mjs}

@@ -3,7 +3,7 @@ import { o as logFormatSchema, s as logLevelSchema } from "./logger-core-BTmvdfl
 import { z } from "zod";
 import { dirname, join } from "node:path";
 import { homedir } from "node:os";
-import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
+import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, statSync, unlinkSync, writeFileSync } from "node:fs";
 import { randomBytes } from "node:crypto";
 import { parse, stringify } from "yaml";
 //#region ../shared/dist/config/index.mjs
@@ -650,6 +650,7 @@ const serverConfigSchema = defineConfig({
 //#region src/core/bootstrap.ts
 var bootstrap_exports = /* @__PURE__ */ __exportAll({
 	AuthRefreshFailedError: () => AuthRefreshFailedError,
+	AuthRefreshRateLimitedError: () => AuthRefreshRateLimitedError,
 	ensureFreshAccessToken: () => ensureFreshAccessToken,
 	ensureFreshAdminToken: () => ensureFreshAdminToken,
 	loadCredentials: () => loadCredentials,
@@ -706,6 +707,39 @@ var AuthRefreshFailedError = class extends Error {
 	}
 };
 /**
+* Thrown when `/auth/refresh` returns 429. Carries the server-suggested
+* retry-after (or a sane default) so the WS reconnect loop can wait at
+* least that long instead of pounding the limiter inside the same window
+* with its default 1/2/4/8s exponential backoff — which would just keep
+* the rate-limit bucket full and stretch the outage. Defaults to 30s when
+* the server omits the header.
+*/
+var AuthRefreshRateLimitedError = class extends Error {
+	retryAfterMs;
+	constructor(retryAfterMs, message) {
+		super(message ?? `Refresh request rate-limited; retry after ${Math.round(retryAfterMs / 1e3)}s.`);
+		this.name = "AuthRefreshRateLimitedError";
+		this.retryAfterMs = retryAfterMs;
+	}
+};
+/**
+* Parse an HTTP `Retry-After` header. Accepts either an integer seconds
+* value (the form fastify-rate-limit emits) or an RFC 7231 HTTP-date.
+* Returns ms, or `null` when the header is absent / malformed.
+*/
+function parseRetryAfterMs(header) {
+	if (!header) return null;
+	const trimmed = header.trim();
+	const seconds = Number(trimmed);
+	if (Number.isFinite(seconds) && seconds >= 0) return seconds * 1e3;
+	const date = Date.parse(trimmed);
+	if (Number.isFinite(date)) {
+		const delta = date - Date.now();
+		return delta > 0 ? delta : 0;
+	}
+	return null;
+}
+/**
 * In-flight refresh promise. Multiple callers (WS handshake, proactive
 * refresh timer, every SDK request) can see an expired token within the same
 * millisecond — without dedupe each would fire an independent `/auth/refresh`
@@ -747,6 +781,7 @@ async function ensureFreshAccessToken(opts) {
 			signal: AbortSignal.timeout(1e4)
 		});
 		if (res.status === 401) throw new AuthRefreshFailedError("Refresh token rejected by server. Re-run `first-tree-hub connect <token>` (get a fresh token from the Web Computers page → New Connection).");
+		if (res.status === 429) throw new AuthRefreshRateLimitedError(parseRetryAfterMs(res.headers.get("retry-after")) ?? 3e4);
 		if (!res.ok) throw new Error(`Refresh request failed with status ${res.status}.`);
 		const data = await res.json();
 		saveCredentials({
@@ -775,13 +810,34 @@ function isTokenStale(token, minValidityMs) {
 		return true;
 	}
 }
-/** Persist credentials to disk. */
+/**
+* Persist credentials to disk atomically.
+*
+* Plain `writeFileSync` opens with `O_TRUNC` then writes — between those
+* calls the file is empty, and a concurrent `loadCredentials()` (e.g. a
+* background daemon refreshing while the user runs a foreground CLI command)
+* reads "" → `JSON.parse` throws → we fall back to "no credentials" and
+* surface a misleading "run `client connect` again" error. write-to-temp +
+* rename gives readers an all-or-nothing view: they see the old file or the
+* new file, never a half-written one. Server-side the sliding-window design
+* already accepts last-writer-wins semantics for the refresh token itself
+* (see auth service comment), so atomicity at the file level is enough.
+*/
 function saveCredentials(creds) {
 	mkdirSync(dirname(CREDENTIALS_PATH), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), { mode: 384 });
+	const tmp = `${CREDENTIALS_PATH}.tmp.${process.pid}`;
+	try {
+		writeFileSync(tmp, JSON.stringify(creds, null, 2), { mode: 384 });
+		renameSync(tmp, CREDENTIALS_PATH);
+	} catch (err) {
+		try {
+			unlinkSync(tmp);
+		} catch {}
+		throw err;
+	}
 }
 /**
 * Load persisted credentials saved by the `connect` command.
@@ -808,4 +864,4 @@ function saveAgentConfig(agentName, agentId, runtime) {
 	return agentDir;
 }
 //#endregion
-export { resolveConfigReadonly as C, resetConfigMeta as S, setConfigValue as T, initConfig as _, loadCredentials as a, readConfigFile as b, saveAgentConfig as c, DEFAULT_DATA_DIR as d, DEFAULT_HOME_DIR as f, getConfigValue as g, collectMissingPrompts as h, ensureFreshAdminToken as i, saveCredentials as l, clientConfigSchema as m, bootstrap_exports as n, resolveAccessToken as o, agentConfigSchema as p, ensureFreshAccessToken as r, resolveServerUrl as s, AuthRefreshFailedError as t, DEFAULT_CONFIG_DIR as u, loadAgents as v, serverConfigSchema as w, resetConfig as x, migrateLegacyHome as y };
+export { resetConfigMeta as C, setConfigValue as E, resetConfig as S, serverConfigSchema as T, getConfigValue as _, ensureFreshAdminToken as a, migrateLegacyHome as b, resolveServerUrl as c, DEFAULT_CONFIG_DIR as d, DEFAULT_DATA_DIR as f, collectMissingPrompts as g, clientConfigSchema as h, ensureFreshAccessToken as i, saveAgentConfig as l, agentConfigSchema as m, AuthRefreshRateLimitedError as n, loadCredentials as o, DEFAULT_HOME_DIR as p, bootstrap_exports as r, resolveAccessToken as s, AuthRefreshFailedError as t, saveCredentials as u, initConfig as v, resolveConfigReadonly as w, readConfigFile as x, loadAgents as y };

package/dist/cli/index.mjs

@@ -1,10 +1,10 @@
 #!/usr/bin/env node
 import "../observability-DPyf745N-BSc8QNcR.mjs";
-import { $ as findStaleAliases, A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, I as checkWebSocket, L as printResults, M as checkNodeVersion, N as checkServerConfig, O as checkBackgroundService, P as checkServerHealth, R as reconcileAgentConfigs, S as saveOnboardState, T as migrateLocalAgentDirs, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, _t as probeCapabilities, a as declineUpdate, at as fail, b as onboardCheck, c as detectInstallMode, ct as print, d as startServer, dt as ClientOrgMismatchError, et as formatStaleReason, f as COMMAND_VERSION, ft as ClientUserMismatchError, g as promptAddAgent, gt as cleanWorkspaces, h as isInteractive, ht as SessionRegistry, i as createExecuteUpdate, it as resolveReplyToFromEnv, j as checkDocker, k as checkClientConfig, l as fetchLatestVersion, lt as setJsonMode, m as uploadClientCapabilities, mt as SdkError, nt as createOwner, o as promptUpdate, ot as success, p as reconcileLocalRuntimeProviders, pt as FirstTreeHubSDK, r as registerSaaSConnectCommand, s as PACKAGE_NAME, tt as removeLocalAgent, u as installGlobalLatest, v as formatCheckReport, vt as applyClientLoggerConfig, w as createApiNameResolver, x as onboardCreate, y as loadOnboardState, yt as configureClientLoggerForService, z as getClientServiceStatus } from "../saas-connect-DWcxHtjX.mjs";
+import { $ as findStaleAliases, A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, I as checkWebSocket, L as printResults, M as checkNodeVersion, N as checkServerConfig, O as checkBackgroundService, P as checkServerHealth, R as reconcileAgentConfigs, S as saveOnboardState, T as migrateLocalAgentDirs, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, _t as probeCapabilities, a as declineUpdate, at as fail, b as onboardCheck, c as detectInstallMode, ct as print, d as startServer, dt as ClientOrgMismatchError, et as formatStaleReason, f as COMMAND_VERSION, ft as ClientUserMismatchError, g as promptAddAgent, gt as cleanWorkspaces, h as isInteractive, ht as SessionRegistry, i as createExecuteUpdate, it as resolveReplyToFromEnv, j as checkDocker, k as checkClientConfig, l as fetchLatestVersion, lt as setJsonMode, m as uploadClientCapabilities, mt as SdkError, nt as createOwner, o as promptUpdate, ot as success, p as reconcileLocalRuntimeProviders, pt as FirstTreeHubSDK, r as registerSaaSConnectCommand, s as PACKAGE_NAME, tt as removeLocalAgent, u as installGlobalLatest, v as formatCheckReport, vt as applyClientLoggerConfig, w as createApiNameResolver, x as onboardCreate, y as loadOnboardState, yt as configureClientLoggerForService, z as getClientServiceStatus } from "../saas-connect-DLSyrQcC.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as resolveConfigReadonly, S as resetConfigMeta, T as setConfigValue, _ as initConfig, a as loadCredentials, b as readConfigFile, c as saveAgentConfig, d as DEFAULT_DATA_DIR, f as DEFAULT_HOME_DIR, g as getConfigValue, i as ensureFreshAdminToken, l as saveCredentials, m as clientConfigSchema, p as agentConfigSchema, r as ensureFreshAccessToken, s as resolveServerUrl, u as DEFAULT_CONFIG_DIR, v as loadAgents, w as serverConfigSchema, x as resetConfig } from "../bootstrap-B2x4TTyJ.mjs";
-import "../dist-D6AOiyNg.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-DQ1l18Ah.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-DUeYbwm-.mjs";
+import "../dist-BoHl9HwW.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-Dxk6ArOK.mjs";
 import "../invitation-B1pjAyOz-BaCA9PII.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync } from "node:fs";
@@ -1608,13 +1608,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-B2x4TTyJ.mjs").then((n) => n.n);
+		const { resolveServerUrl } = await import("../bootstrap-DUeYbwm-.mjs").then((n) => n.r);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-B2x4TTyJ.mjs").then((n) => n.n);
+	const { loadCredentials } = await import("../bootstrap-DUeYbwm-.mjs").then((n) => n.r);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });

package/dist/{dist-D6AOiyNg.mjs → dist-BoHl9HwW.mjs}

@@ -1,6 +1,13 @@
 import { z } from "zod";
 //#region ../shared/dist/index.mjs
 const MENTION_REGEX = /(?<![A-Za-z0-9_.@-])@([A-Za-z0-9][A-Za-z0-9_-]{0,63})\b/g;
+/**
+* Strip Markdown code regions (fenced + inline) so identifier-shaped
+* tokens inside code (`@param`, `@staticmethod`, etc.) don't get
+* misclassified as mentions. Shared between `extractMentions` (routing)
+* and `extractSummary` (auto-title) so they agree on what counts as a
+* "real" mention vs a code reference.
+*/
 function stripCode(content) {
 	return content.replace(/```[\s\S]*?```/g, "").replace(/~~~[\s\S]*?~~~/g, "").replace(/`[^`\n]+`/g, "");
 }
@@ -577,7 +584,11 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()),
 	createdAt: z.string(),
 	updatedAt: z.string()
-}).extend({ participants: z.array(chatParticipantSchema) });
+}).extend({
+	participants: z.array(chatParticipantSchema),
+	title: z.string(),
+	firstMessagePreview: z.string().nullable()
+});
 const updateChatSchema = z.object({ topic: z.string().trim().max(500).nullable() });
 const addParticipantSchema = z.object({
 	agentId: z.string().min(1),
@@ -876,6 +887,59 @@ z.object({
 /** Body for joining via invite token. */
 const joinByInvitationSchema = z.object({ token: z.string().min(1) });
 z.object({}).optional();
+const meChatFilterSchema = z.enum([
+	"all",
+	"unread",
+	"watching"
+]);
+const meChatMembershipKindSchema = z.enum(["participant", "watching"]);
+const listMeChatsQuerySchema = z.object({
+	cursor: z.string().optional(),
+	limit: z.coerce.number().int().min(1).max(200).default(50),
+	filter: meChatFilterSchema.default("all")
+});
+const meChatParticipantSchema = z.object({
+	agentId: z.string(),
+	displayName: z.string(),
+	type: z.string()
+});
+const meChatRowSchema = z.object({
+	chatId: z.string(),
+	type: z.string(),
+	membershipKind: meChatMembershipKindSchema,
+	title: z.string(),
+	topic: z.string().nullable(),
+	participants: z.array(meChatParticipantSchema),
+	participantCount: z.number().int(),
+	lastMessageAt: z.string().nullable(),
+	lastMessagePreview: z.string().nullable(),
+	unreadMentionCount: z.number().int(),
+	canReply: z.boolean(),
+	taskId: z.string().nullable(),
+	taskStatus: z.string().nullable()
+});
+z.object({
+	rows: z.array(meChatRowSchema),
+	nextCursor: z.string().nullable()
+});
+const createMeChatSchema = z.object({
+	participantIds: z.array(z.string().min(1)).min(1),
+	topic: z.string().trim().max(500).optional().nullable()
+});
+const addMeChatParticipantsSchema = z.object({ participantIds: z.array(z.string().min(1)).min(1) });
+z.object({
+	chatId: z.string(),
+	lastReadAt: z.string(),
+	unreadMentionCount: z.number().int()
+});
+z.object({
+	chatId: z.string(),
+	membershipKind: meChatMembershipKindSchema.nullable()
+});
+z.object({
+	type: z.literal("chat:message"),
+	chatId: z.string()
+});
 z.enum([
 	"connect",
 	"create_agent",
@@ -1325,4 +1389,4 @@ z.object({
 	capabilities: serverCapabilitiesSchema.optional()
 }).passthrough();
 //#endregion
-export { refreshTokenSchema as $, createOrgFromMeSchema as A, imageInlineContentSchema as B, clientRegisterSchema as C, createAgentSchema as D, createAdapterMappingSchema as E, dryRunAgentRuntimeConfigSchema as F, isReservedAgentName as G, inboxDeliverFrameSchema as H, extractMentions as I, loginSchema as J, joinByInvitationSchema as K, githubCallbackQuerySchema as L, createTaskSchema as M, defaultRuntimeConfigPayload as N, createChatSchema as O, delegateFeishuUserSchema as P, rebindAgentSchema as Q, githubDevCallbackQuerySchema as R, clientCapabilitiesSchema as S, wsAuthFrameSchema as St, createAdapterConfigSchema as T, inboxPollQuerySchema as U, inboxAckFrameSchema as V, isRedactedEnvValue as W, notificationQuerySchema as X, messageSourceSchema as Y, paginationQuerySchema as Z, adminUpdateTaskSchema as _, updateClientCapabilitiesSchema as _t, AGENT_STATUSES as a, sendToAgentSchema as at, agentRuntimeConfigPayloadSchema as b, updateSystemConfigSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, sessionEventSchema as ct, TASK_HEALTH_SIGNALS as d, switchOrgSchema as dt, runtimeStateMessageSchema as et, TASK_STATUSES as f, taskListQuerySchema as ft, adminCreateTaskSchema as g, updateChatSchema as gt, addParticipantSchema as h, updateAgentSchema as ht, AGENT_SOURCES as i, sendMessageSchema as it, createOrganizationSchema as j, createMemberSchema as k, SYSTEM_CONFIG_DEFAULTS as l, sessionReconcileRequestSchema as lt, WS_AUTH_FRAME_TIMEOUT_MS as m, updateAgentRuntimeConfigSchema as mt, AGENT_NAME_REGEX as n, scanMentionTokens as nt, AGENT_TYPES as o, sessionCompletionMessageSchema as ot, TASK_TERMINAL_STATUSES as p, updateAdapterConfigSchema as pt, linkTaskChatSchema as q, AGENT_SELECTOR_HEADER as r, selfServiceFeishuBotSchema as rt, AGENT_VISIBILITY as s, sessionEventMessageSchema as st, AGENT_BIND_REJECT_REASONS as t, safeRedirectPath as tt, TASK_CREATOR_TYPES as u, sessionStateMessageSchema as ut, agentBindRequestSchema as v, updateMemberSchema as vt, connectTokenExchangeSchema as w, agentTypeSchema as x, updateTaskStatusSchema as xt, agentPinnedMessageSchema as y, updateOrganizationSchema as yt, githubStartQuerySchema as z };
+export { messageSourceSchema as $, createChatSchema as A, githubCallbackQuerySchema as B, agentTypeSchema as C, updateMemberSchema as Ct, createAdapterConfigSchema as D, wsAuthFrameSchema as Dt, connectTokenExchangeSchema as E, updateTaskStatusSchema as Et, createTaskSchema as F, inboxDeliverFrameSchema as G, githubStartQuerySchema as H, defaultRuntimeConfigPayload as I, isReservedAgentName as J, inboxPollQuerySchema as K, delegateFeishuUserSchema as L, createMemberSchema as M, createOrgFromMeSchema as N, createAdapterMappingSchema as O, createOrganizationSchema as P, loginSchema as Q, dryRunAgentRuntimeConfigSchema as R, agentRuntimeConfigPayloadSchema as S, updateClientCapabilitiesSchema as St, clientRegisterSchema as T, updateSystemConfigSchema as Tt, imageInlineContentSchema as U, githubDevCallbackQuerySchema as V, inboxAckFrameSchema as W, linkTaskChatSchema as X, joinByInvitationSchema as Y, listMeChatsQuerySchema as Z, addParticipantSchema as _, taskListQuerySchema as _t, AGENT_STATUSES as a, safeRedirectPath as at, agentBindRequestSchema as b, updateAgentSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, sendMessageSchema as ct, TASK_CREATOR_TYPES as d, sessionEventMessageSchema as dt, notificationQuerySchema as et, TASK_HEALTH_SIGNALS as f, sessionEventSchema as ft, addMeChatParticipantsSchema as g, switchOrgSchema as gt, WS_AUTH_FRAME_TIMEOUT_MS as h, stripCode as ht, AGENT_SOURCES as i, runtimeStateMessageSchema as it, createMeChatSchema as j, createAgentSchema as k, MENTION_REGEX as l, sendToAgentSchema as lt, TASK_TERMINAL_STATUSES as m, sessionStateMessageSchema as mt, AGENT_NAME_REGEX as n, rebindAgentSchema as nt, AGENT_TYPES as o, scanMentionTokens as ot, TASK_STATUSES as p, sessionReconcileRequestSchema as pt, isRedactedEnvValue as q, AGENT_SELECTOR_HEADER as r, refreshTokenSchema as rt, AGENT_VISIBILITY as s, selfServiceFeishuBotSchema as st, AGENT_BIND_REJECT_REASONS as t, paginationQuerySchema as tt, SYSTEM_CONFIG_DEFAULTS as u, sessionCompletionMessageSchema as ut, adminCreateTaskSchema as v, updateAdapterConfigSchema as vt, clientCapabilitiesSchema as w, updateOrganizationSchema as wt, agentPinnedMessageSchema as x, updateChatSchema as xt, adminUpdateTaskSchema as y, updateAgentRuntimeConfigSchema as yt, extractMentions as z };

package/dist/drizzle/0030_chat_first_workspace.sql

@@ -0,0 +1,129 @@
+-- Chat-first workspace foundation. See docs/chat-first-workspace-product-design.md
+-- for the contract this migration implements.
+--
+-- Three structural changes + one data backfill:
+--   1. chats: add last_message_at + last_message_preview projection columns
+--      and (organization_id, last_message_at DESC) index. Powers GET /me/chats
+--      cursor pagination + sort.
+--   2. chat_participants: add last_read_at + unread_mention_count columns.
+--      The chat-first workspace per-user read cursor and red-dot counter
+--      live with the participation row that owns them; no separate read-state
+--      table.
+--   3. chat_subscriptions (NEW): non-speaking observers ("watchers"). Stays
+--      strictly disjoint from chat_participants — invariant 1 in the design.
+--      ON DELETE CASCADE so dropping a chat tears down its watchers too.
+--   4. Backfill (single statement each):
+--      - chats projection from messages, using DISTINCT ON to avoid the
+--        per-row correlated subquery that would lock messages for minutes
+--        on large tables.
+--      - chat_subscriptions for every active manager whose managed non-human
+--        agent already participates in a chat the manager themselves does
+--        not speak in. Exactly the rows recomputeChatWatchers would create
+--        on first run, but in one bulk INSERT.
+--
+-- chat_participants.last_read_at + unread_mention_count default to NULL/0,
+-- which is the desired "treat all existing chats as already read" behavior
+-- on the workspace upgrade.
+
+ALTER TABLE "chats"
+  ADD COLUMN IF NOT EXISTS "last_message_at" timestamp with time zone,
+  ADD COLUMN IF NOT EXISTS "last_message_preview" text;
+
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "idx_chats_org_last_message"
+  ON "chats" ("organization_id", "last_message_at" DESC);
+
+--> statement-breakpoint
+ALTER TABLE "chat_participants"
+  ADD COLUMN IF NOT EXISTS "last_read_at" timestamp with time zone,
+  ADD COLUMN IF NOT EXISTS "unread_mention_count" integer NOT NULL DEFAULT 0;
+
+--> statement-breakpoint
+CREATE TABLE IF NOT EXISTS "chat_subscriptions" (
+  "chat_id" text NOT NULL,
+  "agent_id" text NOT NULL,
+  "kind" text NOT NULL DEFAULT 'watching',
+  "last_read_at" timestamp with time zone,
+  "unread_mention_count" integer NOT NULL DEFAULT 0,
+  "created_at" timestamp with time zone NOT NULL DEFAULT now(),
+  CONSTRAINT "chat_subscriptions_chat_id_fkey"
+    FOREIGN KEY ("chat_id") REFERENCES "chats"("id") ON DELETE CASCADE,
+  -- Intentionally NO ON DELETE clause on the agent FK. `services/agent.ts:
+  -- deleteAgent` is soft-only (UPDATE status='deleted', name=NULL — never
+  -- DELETE), so the row stays. Adding CASCADE would be dead code today and
+  -- silently legitimise a future hard-delete path; default RESTRICT instead
+  -- pins the soft-delete convention at the schema layer — any future caller
+  -- that tries a hard DELETE FROM agents will be forced to clean up
+  -- subscriptions explicitly. (asymmetry with chat_id FK is intentional —
+  -- chats can be hard-deleted by admin, agents cannot.)
+  CONSTRAINT "chat_subscriptions_agent_id_fkey"
+    FOREIGN KEY ("agent_id") REFERENCES "agents"("uuid"),
+  CONSTRAINT "chat_subscriptions_pkey"
+    PRIMARY KEY ("chat_id", "agent_id")
+);
+
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "idx_chat_subscriptions_agent"
+  ON "chat_subscriptions" ("agent_id");
+
+--> statement-breakpoint
+-- Backfill projection: one INSERT-shaped UPDATE driven by a DISTINCT ON
+-- subquery so messages is touched once. Avoids the correlated subquery
+-- variant that runs two scans per chat row.
+--
+-- Preview must match `chat-projection.ts:applyAfterFanOut`'s live-write
+-- semantics: a clean unquoted string for text messages, NULL for
+-- structured content (file / image / etc.). `content::text` would
+-- serialize JSONB to wire form (with quotes for strings, `{...}` for
+-- objects), producing visible inconsistency between backfilled and
+-- live-written rows. `jsonb_typeof` + `#>> '{}'` extracts the bare
+-- string only when content is a JSON string; otherwise NULL (B3 in
+-- PR review). `trim()` mirrors `outboundContent.trim()` in
+-- `chat-projection.ts:applyAfterFanOut` so leading whitespace doesn't
+-- visually jump on the first live overwrite.
+WITH last_msg AS (
+  SELECT DISTINCT ON ("chat_id")
+    "chat_id",
+    "created_at",
+    CASE
+      WHEN jsonb_typeof("content") = 'string'
+        THEN LEFT(trim("content" #>> '{}'), 200)
+      ELSE NULL
+    END AS "preview"
+  FROM "messages"
+  ORDER BY "chat_id", "created_at" DESC
+)
+UPDATE "chats" c
+   SET "last_message_at" = lm."created_at",
+       "last_message_preview" = lm."preview"
+  FROM last_msg lm
+ WHERE c."id" = lm."chat_id";
+
+--> statement-breakpoint
+-- Watcher backfill: every active member whose managed (non-human) agent
+-- participates in a chat where the member's own human agent is NOT a
+-- speaking participant. Idempotent via ON CONFLICT.
+--
+-- The explicit NULL casts are required: PostgreSQL infers a bare NULL in a
+-- VALUES/SELECT list as `text`, which then fails to coerce to the target
+-- columns (timestamptz / integer respectively).
+INSERT INTO "chat_subscriptions"
+  ("chat_id", "agent_id", "kind", "last_read_at", "unread_mention_count", "created_at")
+SELECT DISTINCT
+       cp."chat_id",
+       m."agent_id",
+       'watching',
+       NULL::timestamp with time zone,
+       0,
+       now()
+  FROM "chat_participants" cp
+  JOIN "agents"  a ON a."uuid" = cp."agent_id"
+  JOIN "members" m ON m."id"   = a."manager_id"
+ WHERE m."status" = 'active'
+   AND a."type" <> 'human'
+   AND NOT EXISTS (
+     SELECT 1 FROM "chat_participants" cp2
+      WHERE cp2."chat_id" = cp."chat_id"
+        AND cp2."agent_id" = m."agent_id"
+   )
+ON CONFLICT ("chat_id", "agent_id") DO NOTHING;

package/dist/drizzle/meta/_journal.json

@@ -211,6 +211,13 @@
       "when": 1777766400000,
       "tag": "0029_direct_agent_only_mention_only",
       "breakpoints": true
+    },
+    {
+      "idx": 30,
+      "version": "7",
+      "when": 1777852800000,
+      "tag": "0030_chat_first_workspace",
+      "breakpoints": true
     }
   ]
 }

package/dist/{feishu-DQ1l18Ah.mjs → feishu-Dxk6ArOK.mjs}

@@ -1,5 +1,5 @@
 import { d as __exportAll } from "./esm-CYu4tXXn.mjs";
-import { r as AGENT_SELECTOR_HEADER } from "./dist-D6AOiyNg.mjs";
+import { r as AGENT_SELECTOR_HEADER } from "./dist-BoHl9HwW.mjs";
 //#region src/core/feishu.ts
 var feishu_exports = /* @__PURE__ */ __exportAll({
 	bindFeishuBot: () => bindFeishuBot,

package/dist/index.mjs

@@ -1,8 +1,8 @@
 import "./observability-DPyf745N-BSc8QNcR.mjs";
-import { A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, H as resolveCliInvocation, I as checkWebSocket, J as isDockerAvailable, K as uninstallClientService, L as printResults, M as checkNodeVersion, N as checkServerConfig, P as checkServerHealth, Q as rotateClientIdWithBackup, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, b as onboardCheck, d as startServer, g as promptAddAgent, h as isInteractive, j as checkDocker, k as checkClientConfig, mt as SdkError, n as deriveHubUrlFromToken, nt as createOwner, pt as FirstTreeHubSDK, q as ensurePostgres, rt as hasUser, st as blank, t as HubUrlDerivationError, ut as status, v as formatCheckReport, x as onboardCreate, z as getClientServiceStatus } from "./saas-connect-DWcxHtjX.mjs";
+import { A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, H as resolveCliInvocation, I as checkWebSocket, J as isDockerAvailable, K as uninstallClientService, L as printResults, M as checkNodeVersion, N as checkServerConfig, P as checkServerHealth, Q as rotateClientIdWithBackup, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, b as onboardCheck, d as startServer, g as promptAddAgent, h as isInteractive, j as checkDocker, k as checkClientConfig, mt as SdkError, n as deriveHubUrlFromToken, nt as createOwner, pt as FirstTreeHubSDK, q as ensurePostgres, rt as hasUser, st as blank, t as HubUrlDerivationError, ut as status, v as formatCheckReport, x as onboardCreate, z as getClientServiceStatus } from "./saas-connect-DLSyrQcC.mjs";
 import "./logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { i as ensureFreshAdminToken, o as resolveAccessToken, r as ensureFreshAccessToken, s as resolveServerUrl, t as AuthRefreshFailedError } from "./bootstrap-B2x4TTyJ.mjs";
-import "./dist-D6AOiyNg.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-DQ1l18Ah.mjs";
+import { a as ensureFreshAdminToken, c as resolveServerUrl, i as ensureFreshAccessToken, n as AuthRefreshRateLimitedError, s as resolveAccessToken, t as AuthRefreshFailedError } from "./bootstrap-DUeYbwm-.mjs";
+import "./dist-BoHl9HwW.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-Dxk6ArOK.mjs";
 import "./invitation-B1pjAyOz-BaCA9PII.mjs";
-export { AuthRefreshFailedError, ClientRuntime, FirstTreeHubSDK, HubUrlDerivationError, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, deriveHubUrlFromToken, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, restartClientService, rotateClientIdWithBackup, runHomeMigration, runMigrations, startClientService, startServer, status, stopClientService, stopPostgres, uninstallClientService };
+export { AuthRefreshFailedError, AuthRefreshRateLimitedError, ClientRuntime, FirstTreeHubSDK, HubUrlDerivationError, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, deriveHubUrlFromToken, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, restartClientService, rotateClientIdWithBackup, runHomeMigration, runMigrations, startClientService, startServer, status, stopClientService, stopPostgres, uninstallClientService };

package/dist/{invitation-CBnQyB7o-Bulf3Sl7.mjs → invitation-CBnQyB7o-TmnIj3kx.mjs}

@@ -1,3 +1,3 @@
-import "./dist-D6AOiyNg.mjs";
+import "./dist-BoHl9HwW.mjs";
 import { g as previewInvitation, v as rotateInvitation } from "./invitation-B1pjAyOz-BaCA9PII.mjs";
 export { previewInvitation, rotateInvitation };