@agent-team-foundation/first-tree-hub 0.10.14 → 0.11.0

package/dist/{saas-connect-DWcxHtjX.mjs → saas-connect-DLSyrQcC.mjs}

@@ -1,7 +1,7 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DPyf745N-BSc8QNcR.mjs";
-import { C as resolveConfigReadonly, S as resetConfigMeta, T as setConfigValue, _ as initConfig, a as loadCredentials, c as saveAgentConfig, d as DEFAULT_DATA_DIR$1, f as DEFAULT_HOME_DIR$1, h as collectMissingPrompts, l as saveCredentials, m as clientConfigSchema, p as agentConfigSchema, r as ensureFreshAccessToken, s as resolveServerUrl, u as DEFAULT_CONFIG_DIR, v as loadAgents, w as serverConfigSchema, x as resetConfig, y as migrateLegacyHome } from "./bootstrap-B2x4TTyJ.mjs";
-import { $ as refreshTokenSchema, A as createOrgFromMeSchema, B as imageInlineContentSchema, C as clientRegisterSchema, D as createAgentSchema, E as createAdapterMappingSchema, F as dryRunAgentRuntimeConfigSchema, G as isReservedAgentName$1, H as inboxDeliverFrameSchema$1, I as extractMentions, J as loginSchema, K as joinByInvitationSchema, L as githubCallbackQuerySchema, M as createTaskSchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as rebindAgentSchema, R as githubDevCallbackQuerySchema, S as clientCapabilitiesSchema$1, St as wsAuthFrameSchema, T as createAdapterConfigSchema, U as inboxPollQuerySchema, V as inboxAckFrameSchema, W as isRedactedEnvValue, X as notificationQuerySchema, Y as messageSourceSchema$1, Z as paginationQuerySchema, _ as adminUpdateTaskSchema, _t as updateClientCapabilitiesSchema, a as AGENT_STATUSES, at as sendToAgentSchema, b as agentRuntimeConfigPayloadSchema$1, bt as updateSystemConfigSchema, ct as sessionEventSchema$1, d as TASK_HEALTH_SIGNALS, dt as switchOrgSchema, et as runtimeStateMessageSchema, f as TASK_STATUSES, ft as taskListQuerySchema, g as adminCreateTaskSchema, gt as updateChatSchema, h as addParticipantSchema, ht as updateAgentSchema, i as AGENT_SOURCES, it as sendMessageSchema, j as createOrganizationSchema, k as createMemberSchema, l as SYSTEM_CONFIG_DEFAULTS, lt as sessionReconcileRequestSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as updateAgentRuntimeConfigSchema, n as AGENT_NAME_REGEX$1, nt as scanMentionTokens, o as AGENT_TYPES, ot as sessionCompletionMessageSchema, p as TASK_TERMINAL_STATUSES, pt as updateAdapterConfigSchema, q as linkTaskChatSchema, r as AGENT_SELECTOR_HEADER$1, rt as selfServiceFeishuBotSchema, s as AGENT_VISIBILITY, st as sessionEventMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as safeRedirectPath, u as TASK_CREATOR_TYPES, ut as sessionStateMessageSchema, v as agentBindRequestSchema, vt as updateMemberSchema, w as connectTokenExchangeSchema, x as agentTypeSchema$1, xt as updateTaskStatusSchema, y as agentPinnedMessageSchema$1, yt as updateOrganizationSchema, z as githubStartQuerySchema } from "./dist-D6AOiyNg.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-DUeYbwm-.mjs";
+import { $ as messageSourceSchema$1, A as createChatSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateMemberSchema, D as createAdapterConfigSchema, Dt as wsAuthFrameSchema, E as connectTokenExchangeSchema, Et as updateTaskStatusSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isReservedAgentName$1, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMemberSchema, N as createOrgFromMeSchema, O as createAdapterMappingSchema, P as createOrganizationSchema, Q as loginSchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateClientCapabilitiesSchema, T as clientRegisterSchema, Tt as updateSystemConfigSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as linkTaskChatSchema, Y as joinByInvitationSchema, Z as listMeChatsQuerySchema, _ as addParticipantSchema, _t as taskListQuerySchema, a as AGENT_STATUSES, at as safeRedirectPath, b as agentBindRequestSchema, bt as updateAgentSchema, ct as sendMessageSchema, d as TASK_CREATOR_TYPES, dt as sessionEventMessageSchema, et as notificationQuerySchema, f as TASK_HEALTH_SIGNALS, ft as sessionEventSchema$1, g as addMeChatParticipantsSchema, gt as switchOrgSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as stripCode, i as AGENT_SOURCES, it as runtimeStateMessageSchema, j as createMeChatSchema, k as createAgentSchema, l as MENTION_REGEX, lt as sendToAgentSchema, m as TASK_TERMINAL_STATUSES, mt as sessionStateMessageSchema, n as AGENT_NAME_REGEX$1, nt as rebindAgentSchema, o as AGENT_TYPES, ot as scanMentionTokens, p as TASK_STATUSES, pt as sessionReconcileRequestSchema, q as isRedactedEnvValue, r as AGENT_SELECTOR_HEADER$1, rt as refreshTokenSchema, s as AGENT_VISIBILITY, st as selfServiceFeishuBotSchema, t as AGENT_BIND_REJECT_REASONS, tt as paginationQuerySchema, u as SYSTEM_CONFIG_DEFAULTS, ut as sessionCompletionMessageSchema, v as adminCreateTaskSchema, vt as updateAdapterConfigSchema, w as clientCapabilitiesSchema$1, wt as updateOrganizationSchema, x as agentPinnedMessageSchema$1, xt as updateChatSchema, y as adminUpdateTaskSchema, yt as updateAgentRuntimeConfigSchema, z as extractMentions } from "./dist-BoHl9HwW.mjs";
 import { _ as recordRedemption, a as ConflictError, b as uuidv7, c as UnauthorizedError, d as findActiveByToken, f as getActiveInvitation, h as organizations, i as ClientUserMismatchError$1, l as buildInviteUrl, m as invitations, n as BadRequestError, o as ForbiddenError, p as invitationRedemptions, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as ensureActiveInvitation, y as users } from "./invitation-B1pjAyOz-BaCA9PII.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
@@ -21,7 +21,7 @@ import { fileURLToPath } from "node:url";
 import * as semver from "semver";
 import { confirm, input, password, select } from "@inquirer/prompts";
 import bcrypt from "bcrypt";
-import { and, asc, count, desc, eq, gt, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
+import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
@@ -734,7 +734,11 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()),
 	createdAt: z.string(),
 	updatedAt: z.string()
-}).extend({ participants: z.array(chatParticipantSchema) });
+}).extend({
+	participants: z.array(chatParticipantSchema),
+	title: z.string(),
+	firstMessagePreview: z.string().nullable()
+});
 z.object({ topic: z.string().trim().max(500).nullable() });
 z.object({
 	agentId: z.string().min(1),
@@ -1041,6 +1045,59 @@ z.object({
 });
 z.object({ token: z.string().min(1) });
 z.object({}).optional();
+const meChatFilterSchema = z.enum([
+	"all",
+	"unread",
+	"watching"
+]);
+const meChatMembershipKindSchema = z.enum(["participant", "watching"]);
+z.object({
+	cursor: z.string().optional(),
+	limit: z.coerce.number().int().min(1).max(200).default(50),
+	filter: meChatFilterSchema.default("all")
+});
+const meChatParticipantSchema = z.object({
+	agentId: z.string(),
+	displayName: z.string(),
+	type: z.string()
+});
+const meChatRowSchema = z.object({
+	chatId: z.string(),
+	type: z.string(),
+	membershipKind: meChatMembershipKindSchema,
+	title: z.string(),
+	topic: z.string().nullable(),
+	participants: z.array(meChatParticipantSchema),
+	participantCount: z.number().int(),
+	lastMessageAt: z.string().nullable(),
+	lastMessagePreview: z.string().nullable(),
+	unreadMentionCount: z.number().int(),
+	canReply: z.boolean(),
+	taskId: z.string().nullable(),
+	taskStatus: z.string().nullable()
+});
+z.object({
+	rows: z.array(meChatRowSchema),
+	nextCursor: z.string().nullable()
+});
+z.object({
+	participantIds: z.array(z.string().min(1)).min(1),
+	topic: z.string().trim().max(500).optional().nullable()
+});
+z.object({ participantIds: z.array(z.string().min(1)).min(1) });
+z.object({
+	chatId: z.string(),
+	lastReadAt: z.string(),
+	unreadMentionCount: z.number().int()
+});
+z.object({
+	chatId: z.string(),
+	membershipKind: meChatMembershipKindSchema.nullable()
+});
+z.object({
+	type: z.literal("chat:message"),
+	chatId: z.string()
+});
 z.enum([
 	"connect",
 	"create_agent",
@@ -1883,6 +1940,13 @@ var ClientConnection = class extends EventEmitter {
 	/** Fires ~60s before JWT exp so we reconnect with a fresh token first. */
 	authRefreshTimer = null;
 	reconnectAttempt = 0;
+	/**
+	* If the most recent refresh attempt was rate-limited (HTTP 429), the
+	* server-suggested wait in ms — consumed by the next `scheduleReconnect`
+	* to floor its delay so we don't keep retrying inside the same 60s
+	* limiter window. Cleared after one use.
+	*/
+	nextReconnectMinDelayMs = 0;
 	closing = false;
 	registered = false;
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
@@ -2095,6 +2159,10 @@ var ClientConnection = class extends EventEmitter {
 					if (e.name === "AuthRefreshFailedError") {
 						this.closing = true;
 						this.emit("auth:fatal", e);
+					} else if (e.name === "AuthRefreshRateLimitedError") {
+						const retryAfterMs = e.retryAfterMs ?? 3e4;
+						this.nextReconnectMinDelayMs = Math.max(this.nextReconnectMinDelayMs, retryAfterMs);
+						this.authLogger.warn({ retryAfterMs }, "refresh rate-limited; deferring reconnect");
 					}
 					settle(reject, e);
 					ws.close();
@@ -2348,10 +2416,18 @@ var ClientConnection = class extends EventEmitter {
 		if (this.closing) return;
 		this.reconnectAttempt++;
 		this.emit("reconnecting", this.reconnectAttempt);
-		const delay = Math.min(RECONNECT_BASE_MS * 2 ** (this.reconnectAttempt - 1), RECONNECT_MAX_MS);
+		const exponential = Math.min(RECONNECT_BASE_MS * 2 ** (this.reconnectAttempt - 1), RECONNECT_MAX_MS);
+		const floor = this.nextReconnectMinDelayMs;
+		this.nextReconnectMinDelayMs = 0;
+		let delay = Math.max(exponential, floor);
+		if (floor > 0) {
+			const jitter = delay * .2 * (Math.random() * 2 - 1);
+			delay = Math.max(0, Math.round(delay + jitter));
+		}
 		this.wsLogger.debug({
 			attempt: this.reconnectAttempt,
-			delayMs: delay
+			delayMs: delay,
+			floorMs: floor || void 0
 		}, "scheduling reconnect");
 		this.reconnectTimer = setTimeout(() => {
 			this.reconnectTimer = null;
@@ -2401,6 +2477,18 @@ var ClientConnection = class extends EventEmitter {
 	* before the server's scheduleAuthExpiry timer fires. Short-lived tokens
 	* (exp <= lead window) skip the proactive reconnect entirely — we let the
 	* server push `auth:expired` and handle that path.
+	*
+	* Order is "refresh-then-close", not "close-then-let-reconnect-refresh".
+	* The earlier shape relied on the new connection's open handler to do the
+	* `/auth/refresh` HTTP, which forced ≥1s of WS downtime per cycle even on
+	* the happy path (one base reconnect delay + the refresh round-trip) and
+	* compounded badly under 429: every retry attempt also closed/reopened the
+	* WS, holding the agent offline for 15-20s while the limiter cooled down.
+	* Refreshing first lets us swap the new token onto a still-open WS with no
+	* observable disconnect when the refresh succeeds; the original close-and-
+	* reconnect flow only runs on failure as a last-ditch fallback (it'll hit
+	* the same 429 on its next retry, but at least the Retry-After floor is
+	* now wired up so we don't pile attempts inside the same window).
 	*/
 	scheduleProactiveAuthRefresh(token) {
 		this.clearAuthRefreshTimer();
@@ -2410,12 +2498,29 @@ var ClientConnection = class extends EventEmitter {
 		if (delay <= 0) return;
 		this.authLogger.debug({ delayMs: delay }, "scheduled proactive auth refresh");
 		this.authRefreshTimer = setTimeout(() => {
-			this.authRefreshTimer = null;
-			if (this.closing) return;
-			this.authLogger.info("triggering proactive auth refresh");
-			this.ws?.close(1e3, "proactive auth refresh");
+			this.runProactiveAuthRefresh();
 		}, delay);
 	}
+	async runProactiveAuthRefresh() {
+		this.authRefreshTimer = null;
+		if (this.closing) return;
+		this.authLogger.info("triggering proactive auth refresh");
+		try {
+			await this.getAccessToken({ minValidityMs: AUTH_REFRESH_LEAD_MS + 5e3 });
+		} catch (err) {
+			const e = err instanceof Error ? err : new Error(String(err));
+			if (e.name === "AuthRefreshRateLimitedError") {
+				const retryAfterMs = e.retryAfterMs ?? 3e4;
+				this.nextReconnectMinDelayMs = Math.max(this.nextReconnectMinDelayMs, retryAfterMs);
+				this.authLogger.warn({ retryAfterMs }, "proactive refresh rate-limited; deferring reconnect");
+			} else if (e.name === "AuthRefreshFailedError") {
+				this.closing = true;
+				this.emit("auth:fatal", e);
+				return;
+			} else this.authLogger.warn({ err: e }, "proactive refresh failed; falling back to reconnect path");
+		}
+		this.ws?.close(1e3, "proactive auth refresh");
+	}
 };
 /** Built-in handler registry. Populated by handler modules. */
 const HANDLER_REGISTRY = /* @__PURE__ */ new Map();
@@ -8098,7 +8203,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-DQ1l18Ah.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-Dxk6ArOK.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9078,7 +9183,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-Le92-WQA.mjs
+//#region ../server/dist/app-DNJkrky7.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -9162,17 +9267,44 @@ const chats = pgTable("chats", {
 	lifecyclePolicy: text("lifecycle_policy").default("persistent"),
 	parentChatId: text("parent_chat_id"),
 	metadata: jsonb("metadata").$type().notNull().default({}),
+	lastMessageAt: timestamp("last_message_at", { withTimezone: true }),
+	lastMessagePreview: text("last_message_preview"),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
-/** Chat participants (M:N). */
+}, (table) => [index("idx_chats_org_last_message").on(table.organizationId, desc(table.lastMessageAt))]);
+/** Speaking participants of a chat (M:N). Watchers live in chat_subscriptions. */
 const chatParticipants = pgTable("chat_participants", {
 	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
 	agentId: text("agent_id").notNull().references(() => agents.uuid),
 	role: text("role").notNull().default("member"),
 	mode: text("mode").notNull().default("full"),
+	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
+	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
 	joinedAt: timestamp("joined_at", { withTimezone: true }).notNull().defaultNow()
 }, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_participants_agent").on(table.agentId)]);
+/**
+* Non-speaking observers ("watchers"). Used by the chat-first workspace so a
+* user can supervise chats their managed agents participate in without
+* accidentally being part of fan-out.
+*
+* Invariants:
+*   1. (chat_id, agent_id) is mutually exclusive with chat_participants.
+*   2. Rows here NEVER produce inbox_entries (fan-out exclusivity).
+*   3. Mention candidate resolution NEVER includes these rows.
+*   4. State transitions (join/leave) carry last_read_at + counter; lifecycle
+*      recomputes default to NULL/0 and MUST NOT run on the join/leave path.
+*
+* See docs/chat-first-workspace-product-design.md "Data Model" + "State
+* Transitions" for the full contract.
+*/
+const chatSubscriptions = pgTable("chat_subscriptions", {
+	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
+	agentId: text("agent_id").notNull().references(() => agents.uuid),
+	kind: text("kind").notNull().default("watching"),
+	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
+	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_chat_subscriptions_agent").on(table.agentId)]);
 /** Organization membership. Links a user to an org with a role and a 1:1 human agent. */
 const members = pgTable("members", {
 	id: text("id").primaryKey(),
@@ -9967,7 +10099,7 @@ async function deleteAdapterConfig(db, id) {
 	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
 	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
 }
-const log$5 = createLogger$1("AdminAdapters");
+const log$6 = createLogger$1("AdminAdapters");
 const orgQuerySchema$1 = z.object({ organizationId: z.string().min(1).optional() });
 function parseId(raw) {
 	const id = Number(raw);
@@ -9990,7 +10122,7 @@ async function adminAdapterRoutes(app) {
 		const scope = memberScope(request);
 		await assertCanManage(app.db, scope, body.agentId);
 		const config = await createAdapterConfig(app.db, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after create"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after create"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(201).send({
 			...config,
@@ -10014,7 +10146,7 @@ async function adminAdapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertCanManage(app.db, scope, existing.agentId);
 		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after update"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after update"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return {
 			...config,
@@ -10028,7 +10160,7 @@ async function adminAdapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertCanManage(app.db, scope, existing.agentId);
 		await deleteAdapterConfig(app.db, id);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after delete"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after delete"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -10109,6 +10241,227 @@ const agentConfigs = pgTable("agent_configs", {
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
 });
 /**
+* Chat-first workspace — watcher subscription helpers.
+*
+* Watchers (rows in `chat_subscriptions`) are non-speaking observers. A
+* member who manages an agent that participates in a chat — but whose own
+* human agent is not a speaker there — sees the chat in their workspace
+* via a watcher row.
+*
+* Two distinct kinds of operation live here:
+*
+*   1. Set rebuilds (`recompute*`). Idempotent set-based recomputations
+*      driven by lifecycle events (chat created, participant added/removed,
+*      member status flipped, etc.). These DEFAULT new rows to NULL/0 read
+*      state.
+*
+*   2. State-carry transitions (`joinAsParticipant`, `leaveAsParticipant`).
+*      Move a single (chat, agent) pair between `chat_participants` and
+*      `chat_subscriptions` while preserving `last_read_at` and
+*      `unread_mention_count`. NEVER call recompute on this path or you'll
+*      lose read state.
+*
+* See docs/chat-first-workspace-product-design.md "State Transitions" and
+* "Risk Constraints".
+*/
+/**
+* Recompute watcher rows for ONE chat. For every active member who:
+*   - manages a non-human agent that speaks in the chat, AND
+*   - whose own human agent is NOT a speaker in the chat
+* an `(chat_id, member.agent_id)` watcher row is upserted (NULL read state).
+*
+* Watchers whose anchoring condition no longer holds (manager left, the
+* managed agent was removed from the chat, the manager joined as a speaker
+* themselves) are deleted.
+*
+* Idempotent: safe to call multiple times for the same chat.
+*/
+async function recomputeChatWatchers(db, chatId) {
+	await db.execute(sql`
+    INSERT INTO chat_subscriptions
+      (chat_id, agent_id, kind, last_read_at, unread_mention_count, created_at)
+    SELECT DISTINCT cp.chat_id, m.agent_id, 'watching', NULL::timestamp with time zone, 0, now()
+      FROM chat_participants cp
+      JOIN agents  a ON a.uuid = cp.agent_id
+      JOIN members m ON m.id   = a.manager_id
+     WHERE cp.chat_id = ${chatId}
+       AND m.status   = 'active'
+       AND a.type    <> 'human'
+       AND NOT EXISTS (
+         SELECT 1 FROM chat_participants cp2
+          WHERE cp2.chat_id  = cp.chat_id
+            AND cp2.agent_id = m.agent_id
+       )
+    ON CONFLICT (chat_id, agent_id) DO NOTHING
+  `);
+	await db.execute(sql`
+    DELETE FROM chat_subscriptions cs
+     WHERE cs.chat_id = ${chatId}
+       AND NOT EXISTS (
+         SELECT 1
+           FROM chat_participants cp
+           JOIN agents  a ON a.uuid = cp.agent_id
+           JOIN members m ON m.id   = a.manager_id
+          WHERE cp.chat_id = cs.chat_id
+            AND m.agent_id = cs.agent_id
+            AND m.status   = 'active'
+            AND a.type    <> 'human'
+            AND NOT EXISTS (
+              SELECT 1 FROM chat_participants cp2
+               WHERE cp2.chat_id  = cp.chat_id
+                 AND cp2.agent_id = m.agent_id
+            )
+       )
+  `);
+}
+/**
+* Recompute watcher rows touching ONE agent across all chats it speaks in.
+* Used after `rebindAgent` (manager change) so the new manager picks up
+* watcher rows and the old manager's are dropped.
+*/
+async function recomputeWatchersForAgent(db, agentId) {
+	const chatRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId));
+	for (const { chatId } of chatRows) await recomputeChatWatchers(db, chatId);
+}
+/**
+* Recompute watcher rows touching ONE member across all chats. Triggered
+* when the member's status flips active ↔ left.
+*/
+async function recomputeWatchersForMember(db, memberId) {
+	const rows = await db.selectDistinct({ chatId: chatParticipants.chatId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(and(eq(agents.managerId, memberId), ne(agents.type, "human")));
+	for (const { chatId } of rows) await recomputeChatWatchers(db, chatId);
+}
+/**
+* Mirror of `services/chat.ts` `maybeUpgradeDirectToGroup`. Inlined here so
+* `joinAsParticipant` keeps the upgrade rule + the state carry in one
+* transaction without depending on chat.ts (avoids a circular import).
+*/
+async function maybeUpgradeDirectToGroup$1(tx, chatId, existingParticipantIds) {
+	if (existingParticipantIds.length + 1 < 3) return;
+	const [chat] = await tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
+	if (!chat || chat.type !== "direct") return;
+	await tx.update(chats).set({
+		type: "group",
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(eq(chats.id, chatId));
+	if (existingParticipantIds.length === 0) return;
+	const ids = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((r) => r.uuid);
+	if (ids.length === 0) return;
+	await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
+}
+/**
+* Watcher → speaking participant. State-carry transaction.
+*
+*   1. DELETE the watcher row (returning read state).
+*   2. If a participant row already exists, no-op (idempotent).
+*   3. Otherwise, run the direct → group upgrade rule against the *current*
+*      participant set, then INSERT the participant row carrying read state.
+*
+* If `requireWatcherOrVisible` is true, refuse when the user has neither a
+* watcher row nor admin-derived visibility — used to keep the public
+* `/me/chats/:chatId/join` endpoint honest. Pre-check happens in the
+* route layer where we have the full member scope.
+*/
+async function joinAsParticipant(db, chatId, humanAgentId) {
+	return db.transaction(async (tx) => {
+		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
+		const [existing] = await tx.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
+		if (existing) return {
+			chatId,
+			inserted: false,
+			carried: carriedRow ?? null
+		};
+		await maybeUpgradeDirectToGroup$1(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId));
+		await tx.insert(chatParticipants).values({
+			chatId,
+			agentId: humanAgentId,
+			role: "member",
+			mode: "full",
+			lastReadAt: carriedRow?.lastReadAt ?? null,
+			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
+		});
+		return {
+			chatId,
+			inserted: true,
+			carried: carriedRow ?? null
+		};
+	});
+}
+/**
+* Speaking participant → watcher (or fully detach).
+*
+*   1. DELETE the participant row (returning read state).
+*   2. Test "still visible": is the user still the manager of an agent that
+*      remains a participant in this chat? If yes, INSERT a watcher row
+*      carrying read state. If no, drop entirely.
+*
+* Caller must validate that the user actually has a participant row to
+* leave (returns `NotFoundError` if not).
+*/
+async function leaveAsParticipant(db, chatId, humanAgentId) {
+	return db.transaction(async (tx) => {
+		const [carried] = await tx.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning({
+			lastReadAt: chatParticipants.lastReadAt,
+			unreadMentionCount: chatParticipants.unreadMentionCount
+		});
+		if (!carried) throw new NotFoundError("Not a participant of this chat");
+		const [stillVisibleRow] = await tx.execute(sql`
+      SELECT EXISTS (
+        SELECT 1
+          FROM chat_participants cp
+          JOIN agents  a ON a.uuid = cp.agent_id
+          JOIN members m ON m.id   = a.manager_id
+         WHERE cp.chat_id = ${chatId}
+           AND m.agent_id = ${humanAgentId}
+           AND m.status   = 'active'
+           AND a.type    <> 'human'
+      ) AS visible
+    `);
+		if (!Boolean(stillVisibleRow?.visible)) return {
+			chatId,
+			membershipKind: null
+		};
+		await tx.insert(chatSubscriptions).values({
+			chatId,
+			agentId: humanAgentId,
+			kind: "watching",
+			lastReadAt: carried.lastReadAt,
+			unreadMentionCount: carried.unreadMentionCount
+		}).onConflictDoNothing();
+		return {
+			chatId,
+			membershipKind: "watching"
+		};
+	});
+}
+/**
+* Resolve the membership row of the human agent for the given chat. Returns
+* one of: 'participant', 'watching', or null.
+*
+* Used by `/me/chats/:chatId/join` to refuse a join when the user has
+* neither a watcher row nor a participant row, and isn't otherwise
+* authorised (admin in the chat's org).
+*/
+async function resolveChatMembership(db, chatId, humanAgentId) {
+	const [participant] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
+	if (participant) return "participant";
+	const [sub] = await db.select({ chatId: chatSubscriptions.chatId }).from(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).limit(1);
+	if (sub) return "watching";
+	return null;
+}
+/**
+* Used by `/me/chats/:chatId/join`. Throw 409 if already a speaker (no work
+* to do) and 403 if no watcher row and no admin override. Admin override is
+* resolved at the route layer; this helper only reports the watcher state.
+*/
+function ensureCanJoin(membership) {
+	if (membership === "participant") throw new ConflictError("Already a participant in this chat");
+	if (membership === null) throw new ForbiddenError("Not a watcher of this chat — open the chat from your workspace before joining");
+}
+/**
 * Names beginning with `__` are reserved for Hub-internal pseudo agents
 * (e.g. the task notifier). User-facing creation must not be able to
 * squat on them, otherwise internal traffic could be routed through a
@@ -10415,6 +10768,7 @@ async function updateAgent(db, uuid, data) {
 	}
 	const [updated] = await db.update(agents).set(updates).where(eq(agents.uuid, agent.uuid)).returning();
 	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
+	if (data.managerId !== void 0 && data.managerId !== agent.managerId) await recomputeWatchersForAgent(db, agent.uuid);
 	return updated;
 }
 /**
@@ -10501,6 +10855,71 @@ async function deleteAgent(db, uuid) {
 	return agent;
 }
 /**
+* Process-local cache for the per-chat realtime push audience
+* (`chat_participants ∪ chat_subscriptions`, keyed by human agent
+* uuid). Sits in front of the admin WS dispatch so a chat with N
+* messages/sec doesn't issue N audience-resolution queries; one query
+* + cache hit per chat per TTL window.
+*
+* The cache exposes both a populator (`getCachedAudience`) and an
+* invalidator (`invalidateChatAudience`). Participant-mutation paths
+* (`addMeChatParticipants`, `joinMeChat`, `leaveMeChat`,
+* `recomputeChatWatchers`, `joinAsParticipant`, `leaveAsParticipant`)
+* MUST call `invalidateChatAudience` after their tx commits so the
+* very next dispatch reflects the new audience without waiting for
+* the TTL to age out — without invalidation, a freshly-added speaker
+* would miss `chat:message` pushes for up to TTL_MS.
+*
+* Cross-instance correctness: not handled here. The PG NOTIFY layer
+* already broadcasts message events to every replica; each replica's
+* audience cache is independently invalidated by its own
+* service-layer mutations on chats it routes traffic for. For
+* cross-replica participant changes to invalidate this cache, route
+* the mutation through the same replica that hosts the WS connection
+* (sticky routing) or add a dedicated `chat:audience` PG NOTIFY in
+* a follow-up.
+*/
+const log$5 = createLogger$1("ChatAudienceCache");
+const TTL_MS = 5e3;
+const MAX_ENTRIES = 1024;
+const cache = /* @__PURE__ */ new Map();
+/** Resolve a chat's push audience, hitting the cache when fresh.
+*  Returns null on DB error (caller should skip dispatch). */
+async function getCachedAudience(db, chatId) {
+	const now = Date.now();
+	const cached = cache.get(chatId);
+	if (cached && cached.expiresAt > now) return cached.audience;
+	try {
+		const rows = await db.execute(sql`
+      SELECT agent_id FROM chat_participants WHERE chat_id = ${chatId}
+      UNION
+      SELECT agent_id FROM chat_subscriptions WHERE chat_id = ${chatId}
+    `);
+		const audience = new Set(rows.map((r) => r.agent_id));
+		cache.set(chatId, {
+			audience,
+			expiresAt: now + TTL_MS
+		});
+		if (cache.size > MAX_ENTRIES) {
+			for (const [k, v] of cache) if (v.expiresAt <= now) cache.delete(k);
+		}
+		return audience;
+	} catch (err) {
+		log$5.warn({
+			err,
+			chatId
+		}, "failed to resolve chat audience");
+		return null;
+	}
+}
+/** Drop the cached audience for a chat. Called from participant-
+*  mutation paths after their transaction commits, so the next
+*  `chat:message` dispatch hits the DB and reflects the new
+*  membership instead of serving a stale TTL window. */
+function invalidateChatAudience(chatId) {
+	cache.delete(chatId);
+}
+/**
 * When a direct chat grows past 2 participants, upgrade it to `group` and
 * flip every existing non-human agent participant to `mention_only` — see
 * proposals/hub-agent-messaging-reply-and-mentions §3.3. The caller is
@@ -10555,6 +10974,7 @@ async function createChat(db, creatorId, data) {
 			...isDirectAgentOnly ? { mode: "mention_only" } : {}
 		}));
 		await tx.insert(chatParticipants).values(participantRows);
+		await recomputeChatWatchers(tx, chatId);
 		const participants = await tx.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
 		return {
@@ -10618,12 +11038,15 @@ async function ensureParticipant(db, chatId, agentId) {
 	if (existing) return;
 	await db.transaction(async (tx) => {
 		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, agentId)));
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId,
 			mode: "full"
 		}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 }
 async function addParticipant(db, chatId, requesterId, data) {
 	const chat = await getChat(db, chatId);
@@ -10638,12 +11061,15 @@ async function addParticipant(db, chatId, requesterId, data) {
 	if (existing) throw new ConflictError(`Agent "${data.agentId}" is already a participant`);
 	await db.transaction(async (tx) => {
 		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, data.agentId)));
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId: data.agentId,
 			mode: data.mode ?? "full"
 		});
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 async function removeParticipant(db, chatId, requesterId, targetAgentId) {
@@ -10651,6 +11077,8 @@ async function removeParticipant(db, chatId, requesterId, targetAgentId) {
 	if (requesterId === targetAgentId) throw new BadRequestError("Cannot remove yourself from a chat");
 	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, targetAgentId))).returning();
 	if (!removed) throw new NotFoundError(`Agent "${targetAgentId}" is not a participant of this chat`);
+	await recomputeChatWatchers(db, chatId);
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 /**
@@ -10742,23 +11170,38 @@ async function joinChat(db, chatId, memberId, humanAgentId) {
 	const [humanAgent] = await db.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
 	if (!humanAgent || humanAgent.organizationId !== chat.organizationId) throw new BadRequestError("Agent does not belong to the same organization as the chat");
 	await db.transaction(async (tx) => {
+		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
 		await maybeUpgradeDirectToGroup(tx, chatId, participantAgentIds, 1);
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId: humanAgentId,
 			role: "member",
-			mode: "full"
+			mode: "full",
+			lastReadAt: carriedRow?.lastReadAt ?? null,
+			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
 		});
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 /**
 * Manager leaves a chat. Removes their human agent from participants.
 * Only allowed if the human agent is a participant.
+*
+* Delegates the participant→watcher transition to `leaveAsParticipant`
+* so admin-side and `/me/chats/:id/leave` share one canonical path. The
+* earlier "recompute then UPDATE-back state" variant violated the design
+* rule that recompute is only for set rebuild — never on a transition
+* path (review #228 issue #2). The returned participant list is fetched
+* after the tx commits, matching the admin route's existing contract.
 */
 async function leaveChat(db, chatId, humanAgentId) {
-	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning();
-	if (!removed) throw new NotFoundError("Not a participant of this chat");
+	await leaveAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 async function findOrCreateDirectChat(db, agentAId, agentBId) {
@@ -10798,6 +11241,7 @@ async function findOrCreateDirectChat(db, agentAId, agentBId) {
 			role: "member",
 			mode
 		}]);
+		await recomputeChatWatchers(tx, chatId);
 		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
 		return chat;
 	});
@@ -11316,6 +11760,22 @@ function removeClientConnection(clientId, ws) {
 	clientConnections.delete(clientId);
 	return agentIds;
 }
+/**
+* Was `ws` the socket currently registered as `clientId`'s active connection
+* at the time of the call? Used by ws-client.ts's `socket.on("close")` to
+* decide whether to write `clients.status='disconnected'` to the DB — when a
+* fast reconnect happens, the new socket has already swapped itself in via
+* `setClientConnection`, so the old socket's late-arriving onClose must NOT
+* stamp the row back to disconnected.
+*
+* The check is "this socket equals the registered ws", not "this socket is
+* still OPEN" — the close handler runs precisely when the socket is no
+* longer OPEN, but the in-memory entry might still legitimately point at
+* us if no new connection has taken over yet.
+*/
+function isActiveClientConnection(clientId, ws) {
+	return clientConnections.get(clientId)?.ws === ws;
+}
 /** Send a message to a client's WebSocket. Returns true if delivered. */
 function sendToClient(clientId, message) {
 	const entry = clientConnections.get(clientId);
@@ -11484,6 +11944,88 @@ async function listAgentsWithRuntime(db, scope) {
 		type: agents.type
 	}).from(agentPresence).innerJoin(agents, eq(agentPresence.agentId, agents.uuid)).where(and(isNotNull(agentPresence.runtimeState), agentVisibilityCondition(scope.organizationId, scope.memberId)));
 }
+/**
+* Chat-first workspace — append-only post-fan-out projection.
+*
+* The single sanctioned extension point on the message hot path. Called
+* from `services/message.ts` AFTER existing fan-out completes, inside the
+* same transaction. Three responsibilities:
+*
+*   1. Mention propagation: increment `unread_mention_count` for mentioned
+*      speaking participants AND for watcher rows whose managed agent was
+*      mentioned. Sender row is excluded.
+*
+*   2. Chats projection: roll forward `chats.last_message_at`,
+*      `chats.last_message_preview`. Powers the conversation list cursor +
+*      sort + preview.
+*
+*   3. Realtime kick: fire-and-forget `pg_notify('chat_message_events', …)`
+*      so admin WS sockets can translate it into a `chat:message` frame.
+*      Failure is swallowed — durable persistence is the correctness path.
+*
+* Strict invariants (see docs/chat-first-workspace-product-design.md
+* "Risk Constraints"):
+*   - This module appends ONLY. Never edits existing fan-out / inbox /
+*     mention-extraction code.
+*   - Watchers (chat_subscriptions) are NEVER added to inbox_entries here.
+*     Their counters are bumped purely as a per-user red-dot signal.
+*   - Mention candidate set is `chat_participants` only; watchers are not
+*     direct `@`-mention targets.
+*/
+let dispatcher = null;
+function registerChatMessageDispatcher(fn) {
+	dispatcher = fn;
+}
+/**
+* Best-effort cross-process kick for the chat-first workspace. Call AFTER
+* the message transaction commits — never inside the tx. Failure logs +
+* drops; web reconnect refetches.
+*
+* Speakers also get an inbox NOTIFY through the existing path. They will
+* receive both, and the web client de-dupes naturally because both end up
+* invalidating the same query keys.
+*/
+function fireChatMessageKick(chatId, messageId) {
+	if (!dispatcher) return;
+	try {
+		dispatcher(chatId, messageId);
+	} catch {}
+}
+/**
+* Apply the post-fan-out projection. MUST be called inside the same
+* transaction as the message INSERT. Safe to call when `mentionedAgentIds`
+* is empty (degenerate case skips the mention UPDATEs).
+*/
+async function applyAfterFanOut(tx, input) {
+	const { chatId, senderId, mentionedAgentIds, contentPreview, messageCreatedAt } = input;
+	const previewClipped = contentPreview.length > 0 ? contentPreview.slice(0, 200) : null;
+	const ts = messageCreatedAt ?? /* @__PURE__ */ new Date();
+	await tx.update(chats).set({
+		lastMessageAt: ts,
+		lastMessagePreview: previewClipped
+	}).where(eq(chats.id, chatId));
+	if (mentionedAgentIds.length === 0) return;
+	await tx.update(chatParticipants).set({ unreadMentionCount: sql`${chatParticipants.unreadMentionCount} + 1` }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, mentionedAgentIds), ne(chatParticipants.agentId, senderId)));
+	const managerHumanAgentIds = (await tx.execute(sql`
+    SELECT DISTINCT m.agent_id AS human_agent_id
+      FROM agents a
+      JOIN members m ON m.id = a.manager_id
+     WHERE a.uuid IN ${makeUuidList(mentionedAgentIds)}
+       AND a.type <> 'human'
+       AND m.status = 'active'
+  `)).map((r) => r.human_agent_id);
+	if (managerHumanAgentIds.length === 0) return;
+	await tx.update(chatSubscriptions).set({ unreadMentionCount: sql`${chatSubscriptions.unreadMentionCount} + 1` }).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, managerHumanAgentIds)));
+}
+/**
+* Build a parenthesised, comma-separated list of bound parameters: `(?, ?, ?)`.
+* Used in raw SQL where drizzle's `inArray` can't be directly applied (e.g.
+* inside a hand-rolled SELECT). Always called with a non-empty list — the
+* caller short-circuits the empty case.
+*/
+function makeUuidList(ids) {
+	return sql`(${sql.join(ids.map((id) => sql`${id}`), sql`, `)})`;
+}
 const log$4 = createLogger$1("message");
 async function sendMessage(db, chatId, senderId, data, options = {}) {
 	return withSpan("inbox.enqueue", messageAttrs({
@@ -11585,6 +12127,15 @@ async function sendMessageInner(db, chatId, senderId, data, options) {
 		}
 		await tx.update(chats).set({ updatedAt: /* @__PURE__ */ new Date() }).where(eq(chats.id, chatId));
 		if (!msg) throw new Error("Unexpected: INSERT RETURNING produced no row");
+		const previewText = typeof outboundContent === "string" ? outboundContent.trim() : "";
+		await applyAfterFanOut(tx, {
+			chatId,
+			messageId: msg.id,
+			senderId,
+			mentionedAgentIds: mergedMentions,
+			contentPreview: previewText,
+			messageCreatedAt: msg.createdAt
+		});
 		return {
 			message: msg,
 			recipients,
@@ -11601,6 +12152,7 @@ async function sendMessageInner(db, chatId, senderId, data, options) {
 			agentId: txResult.recipientAgentIds[i]
 		}, "predictive session activation failed");
 	}
+	fireChatMessageKick(chatId, txResult.message.id);
 	return {
 		message: txResult.message,
 		recipients: txResult.recipients
@@ -11662,15 +12214,24 @@ const INBOX_CHANNEL = "inbox_notifications";
 const CONFIG_CHANNEL = "config_changes";
 const SESSION_STATE_CHANNEL = "session_state_changes";
 const RUNTIME_STATE_CHANNEL = "runtime_state_changes";
+/**
+* Chat-first workspace cross-process kick. Carries `<chatId>:<messageId>`.
+* Lets admin WS sockets translate every chat message (speaker AND watcher
+* audience) into a `chat:message` frame, without being coupled to the
+* inbox NOTIFY path that only reaches speakers.
+*/
+const CHAT_MESSAGE_CHANNEL = "chat_message_events";
 function createNotifier(listenClient) {
 	const subscriptions = /* @__PURE__ */ new Map();
 	const configChangeHandlers = [];
 	const sessionStateChangeHandlers = [];
 	const runtimeStateChangeHandlers = [];
+	const chatMessageHandlers = [];
 	let unlistenInboxFn = null;
 	let unlistenConfigFn = null;
 	let unlistenSessionStateFn = null;
 	let unlistenRuntimeStateFn = null;
+	let unlistenChatMessageFn = null;
 	function handleNotification(payload) {
 		const sepIdx = payload.indexOf(":");
 		if (sepIdx === -1) return;
@@ -11725,6 +12286,11 @@ function createNotifier(listenClient) {
 				await listenClient`SELECT pg_notify(${RUNTIME_STATE_CHANNEL}, ${`${agentId}:${state}:${organizationId}`})`;
 			} catch {}
 		},
+		async notifyChatMessage(chatId, messageId) {
+			try {
+				await listenClient`SELECT pg_notify(${CHAT_MESSAGE_CHANNEL}, ${`${chatId}:${messageId}`})`;
+			} catch {}
+		},
 		async pushFrameToInbox(inboxId, frame) {
 			const map = subscriptions.get(inboxId);
 			if (!map) return 0;
@@ -11751,6 +12317,9 @@ function createNotifier(listenClient) {
 		onRuntimeStateChange(handler) {
 			runtimeStateChangeHandlers.push(handler);
 		},
+		onChatMessage(handler) {
+			chatMessageHandlers.push(handler);
+		},
 		async start() {
 			unlistenInboxFn = (await listenClient.listen(INBOX_CHANNEL, (payload) => {
 				if (payload) handleNotification(payload);
@@ -11793,6 +12362,19 @@ function createNotifier(listenClient) {
 					}
 				}
 			})).unlisten;
+			unlistenChatMessageFn = (await listenClient.listen(CHAT_MESSAGE_CHANNEL, (payload) => {
+				if (!payload) return;
+				const sep = payload.indexOf(":");
+				if (sep <= 0) return;
+				const chatId = payload.slice(0, sep);
+				const messageId = payload.slice(sep + 1);
+				for (const handler of chatMessageHandlers) try {
+					handler({
+						chatId,
+						messageId
+					});
+				} catch {}
+			})).unlisten;
 		},
 		async stop() {
 			if (unlistenInboxFn) {
@@ -11811,6 +12393,10 @@ function createNotifier(listenClient) {
 				await unlistenRuntimeStateFn();
 				unlistenRuntimeStateFn = null;
 			}
+			if (unlistenChatMessageFn) {
+				await unlistenChatMessageFn();
+				unlistenChatMessageFn = null;
+			}
 		}
 	};
 }
@@ -12253,86 +12839,625 @@ async function collectTargetInboxes(db, chatId, inReplyTo) {
 	}
 	return [...set];
 }
-async function adminChatRoutes(app) {
-	/** List all chats in org (admin-only, for audit). Members should use GET /mine. */
-	app.get("/", { preHandler: requireAdminRoleHook() }, async (request) => {
-		const query = paginationQuerySchema.parse(request.query);
-		const rawQuery = request.query;
-		const orgParam = rawQuery.organizationId ?? rawQuery.org;
-		let orgId;
-		if (orgParam) orgId = (await resolveOrganization(app.db, orgParam)).id;
-		else orgId = await resolveDefaultOrgId(app.db);
-		const conditions = [eq(chats.organizationId, orgId)];
-		if (query.cursor) conditions.push(lt(chats.createdAt, new Date(query.cursor)));
-		const where = and(...conditions);
-		const rows = await app.db.select({
-			id: chats.id,
-			organizationId: chats.organizationId,
-			type: chats.type,
-			topic: chats.topic,
-			lifecyclePolicy: chats.lifecyclePolicy,
-			metadata: chats.metadata,
-			createdAt: chats.createdAt,
-			updatedAt: chats.updatedAt,
-			participantCount: sql`(
-          SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id}
-        )`
-		}).from(chats).where(where).orderBy(desc(chats.createdAt)).limit(query.limit + 1);
-		const hasMore = rows.length > query.limit;
-		const items = hasMore ? rows.slice(0, query.limit) : rows;
-		const last = items[items.length - 1];
-		const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
-		return {
-			items: items.map((c) => ({
-				id: c.id,
-				organizationId: c.organizationId,
-				type: c.type,
-				topic: c.topic,
-				lifecyclePolicy: c.lifecyclePolicy,
-				metadata: c.metadata,
-				participantCount: c.participantCount,
-				createdAt: c.createdAt.toISOString(),
-				updatedAt: c.updatedAt.toISOString()
-			})),
-			nextCursor
-		};
-	});
-	/** Get chat detail with participants (requires participation or supervision) */
-	app.get("/:chatId", async (request) => {
-		const { chatId } = request.params;
-		const scope = memberScope(request);
-		await assertChatAccess(app.db, scope, chatId);
-		const [chat] = await app.db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
-		if (!chat) throw new Error("Unexpected: chat missing after access check");
-		const participants = await app.db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-		return {
-			...chat,
-			createdAt: chat.createdAt.toISOString(),
-			updatedAt: chat.updatedAt.toISOString(),
-			participants: participants.map((p) => ({
-				agentId: p.agentId,
-				role: p.role,
-				mode: p.mode,
-				joinedAt: p.joinedAt.toISOString()
-			}))
-		};
-	});
-	/** Rename (or clear) a chat's topic. Requires participation or supervision — same gate as reading it. */
-	app.patch("/:chatId", async (request) => {
-		const { chatId } = request.params;
-		const scope = memberScope(request);
-		await assertChatAccess(app.db, scope, chatId);
-		const body = updateChatSchema.parse(request.body);
-		const nextTopic = body.topic && body.topic.length > 0 ? body.topic : null;
-		const [updated] = await app.db.update(chats).set({
-			topic: nextTopic,
-			updatedAt: /* @__PURE__ */ new Date()
-		}).where(eq(chats.id, chatId)).returning();
-		if (!updated) throw new Error("Unexpected: chat missing after update");
-		return {
-			...updated,
-			createdAt: updated.createdAt.toISOString(),
-			updatedAt: updated.updatedAt.toISOString()
+/** Extract a plain-text summary from a message's JSONB content field.
+*  Used as the auto-title fallback in chat list rendering — see
+*  `me-chat.ts:resolveChatTitle` and `admin/chats.ts:getChat`.
+*
+*  - `@<name>` mention tokens are stripped before truncation: in the
+*    chat-first model they're routing/audience metadata, not part of
+*    the user's intent. Leaving them in produces noisy titles like
+*    "@hub-agent-01 帮我重构这个文件" or "你好 @hub-agent-02 看看".
+*  - Whitespace runs (including those left behind by mention removal)
+*    collapse to single spaces.
+*  - If the cleaned text is empty (e.g., a message that's only
+*    `@hub-agent-01`), returns null so the caller falls through to
+*    the participant-join fallback.
+*  - Slicing is code-point-aware (`Array.from + join`) so emoji /
+*    surrogate pairs aren't split into garbled half-characters. */
+function extractSummary(content, maxLen = 50) {
+	let text = "";
+	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
+	else if (typeof content === "string") text = content;
+	if (!text) return null;
+	const cleaned = stripCode(text).replace(MENTION_REGEX, "").replace(/\s+/g, " ").trim();
+	if (!cleaned) return null;
+	return Array.from(cleaned).slice(0, maxLen).join("");
+}
+/** List sessions for a specific agent, with optional state filters. */
+async function listAgentSessions(db, agentId, filters) {
+	const conditions = [eq(agentChatSessions.agentId, agentId)];
+	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
+	else conditions.push(ne(agentChatSessions.state, "evicted"));
+	const rows = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
+	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
+	const agentRuntimeState = presence?.runtimeState ?? null;
+	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
+	const chatIds = rows.map((r) => r.chatId);
+	const messageCounts = chatIds.length > 0 ? await db.select({
+		chatId: inboxEntries.chatId,
+		count: sql`count(*)::int`
+	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
+	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
+	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const summaryMap = /* @__PURE__ */ new Map();
+	for (const row of firstMessages) {
+		const summary = extractSummary(row.content);
+		if (summary) summaryMap.set(row.chatId, summary);
+	}
+	return rows.map((r) => ({
+		agentId: r.agentId,
+		chatId: r.chatId,
+		state: r.state,
+		runtimeState: agentRuntimeState,
+		startedAt: r.chatCreatedAt.toISOString(),
+		lastActivityAt: r.updatedAt.toISOString(),
+		messageCount: countMap.get(r.chatId) ?? 0,
+		summary: summaryMap.get(r.chatId) ?? null,
+		topic: r.chatTopic ?? null
+	}));
+}
+/** Get a single session's detail. */
+async function getSession(db, agentId, chatId) {
+	const [row] = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
+	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
+	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
+	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
+	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
+	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
+	return {
+		agentId: row.agentId,
+		chatId: row.chatId,
+		state: row.state,
+		runtimeState: presence?.runtimeState ?? null,
+		startedAt: row.chatCreatedAt.toISOString(),
+		lastActivityAt: row.updatedAt.toISOString(),
+		messageCount: countRow?.count ?? 0,
+		summary,
+		topic: row.chatTopic ?? null
+	};
+}
+/** List all sessions across all agents, with pagination. Scoped to organization. */
+async function listAllSessions(db, limit, cursor, filters) {
+	const conditions = [];
+	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
+	else conditions.push(ne(agentChatSessions.state, "evicted"));
+	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
+	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
+	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
+	const rows = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
+	const hasMore = rows.length > limit;
+	const items = hasMore ? rows.slice(0, limit) : rows;
+	const agentIds = [...new Set(items.map((r) => r.agentId))];
+	const presenceRows = agentIds.length > 0 ? await db.select({
+		agentId: agentPresence.agentId,
+		runtimeState: agentPresence.runtimeState
+	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
+	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
+	const chatIds = [...new Set(items.map((r) => r.chatId))];
+	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const summaryMap = /* @__PURE__ */ new Map();
+	for (const row of firstMessages) {
+		const summary = extractSummary(row.content);
+		if (summary) summaryMap.set(row.chatId, summary);
+	}
+	const last = items[items.length - 1];
+	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
+	return {
+		items: items.map((r) => ({
+			agentId: r.agentId,
+			chatId: r.chatId,
+			state: r.state,
+			runtimeState: runtimeMap.get(r.agentId) ?? null,
+			startedAt: r.chatCreatedAt.toISOString(),
+			lastActivityAt: r.updatedAt.toISOString(),
+			messageCount: 0,
+			summary: summaryMap.get(r.chatId) ?? null,
+			topic: r.chatTopic ?? null
+		})),
+		nextCursor
+	};
+}
+/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
+async function suspendSession(db, agentId, chatId, organizationId, notifier) {
+	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
+}
+/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
+async function archiveSession(db, agentId, chatId, organizationId, notifier) {
+	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
+}
+async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
+	const now = /* @__PURE__ */ new Date();
+	let finalState = null;
+	let transitioned = false;
+	await db.transaction(async (tx) => {
+		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
+		if (!existing) return;
+		const current = existing.state;
+		finalState = current;
+		if (!from.includes(current)) return;
+		await tx.update(agentChatSessions).set({
+			state: target,
+			updatedAt: now
+		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
+		const [counts] = await tx.select({
+			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
+			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
+		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
+		await tx.update(agentPresence).set({
+			activeSessions: counts?.active ?? 0,
+			totalSessions: counts?.total ?? 0,
+			lastSeenAt: now
+		}).where(eq(agentPresence.agentId, agentId));
+		finalState = target;
+		transitioned = true;
+	});
+	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
+	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
+	return {
+		state: finalState,
+		transitioned
+	};
+}
+/**
+* Filter sessions to only those where the given agent is also a participant in the chat.
+* Used when a non-manager views sessions of an org-visible agent — they should only see
+* sessions for chats they participate in.
+*/
+async function filterSessionsByParticipant(db, sessions, participantAgentId) {
+	if (sessions.length === 0) return [];
+	const chatIds = sessions.map((s) => s.chatId);
+	const participantRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(inArray(chatParticipants.chatId, chatIds), eq(chatParticipants.agentId, participantAgentId)));
+	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
+	return sessions.filter((s) => allowedChatIds.has(s.chatId));
+}
+/**
+* Member-facing chat service backing `/me/chats*` endpoints (chat-first
+* workspace).
+*
+* Responsibilities:
+*   - Cursor-paginated conversation list across participant + watcher rows
+*     for the caller's human agent.
+*   - Create a new chat (no dedupe, runs `recomputeChatWatchers` after).
+*   - Add participants (idempotent, runs `recomputeChatWatchers` after).
+*   - Mark-read (touches whichever of the two tables holds the user's row).
+*   - Join → state-carry watcher → speaker (delegates to `watcher.ts`).
+*   - Leave → state-carry speaker → watcher (delegates to `watcher.ts`).
+*
+* See docs/chat-first-workspace-product-design.md "API Contract" + "Data
+* Model".
+*/
+function encodeCursor(lastMessageAt, chatId) {
+	const payload = `${lastMessageAt ? lastMessageAt.toISOString() : ""}|${chatId}`;
+	return Buffer.from(payload, "utf8").toString("base64url");
+}
+function decodeCursor(cursor) {
+	try {
+		const decoded = Buffer.from(cursor, "base64url").toString("utf8");
+		const sep = decoded.indexOf("|");
+		if (sep < 0) return null;
+		const tsPart = decoded.slice(0, sep);
+		const chatId = decoded.slice(sep + 1);
+		if (!chatId) return null;
+		const lastMessageAt = tsPart.length > 0 ? new Date(tsPart) : null;
+		if (lastMessageAt && Number.isNaN(lastMessageAt.getTime())) return null;
+		return {
+			lastMessageAt,
+			chatId
+		};
+	} catch {
+		return null;
+	}
+}
+/**
+* GET /me/chats — cursor-paginated conversation list.
+*
+* SQL strategy:
+*   - One query that UNIONs participant rows and subscription rows for the
+*     caller's human agent, joined to chats. The UNION+coalesce keeps both
+*     `unread_mention_count` and `membership_kind` per row.
+*   - Filter `parent_chat_id IS NULL` (threads are excluded in v1).
+*   - Sort `(last_message_at DESC NULLS LAST, chat_id DESC)`.
+*   - Cursor narrows the result to rows STRICTLY before `(cursor.ts, cursor.id)`.
+*   - Followed by a small participant-list lookup for the page only.
+*/
+async function listMeChats(db, humanAgentId, query) {
+	const limit = query.limit;
+	const cursor = query.cursor ? decodeCursor(query.cursor) : null;
+	if (query.cursor && !cursor) throw new BadRequestError("Invalid cursor");
+	const filterUnreadOnly = query.filter === "unread";
+	const filterWatchingOnly = query.filter === "watching";
+	const cursorTsIso = cursor?.lastMessageAt ? cursor.lastMessageAt.toISOString() : null;
+	const cursorPredicate = !cursor ? sql`TRUE` : cursor.lastMessageAt === null ? sql`(c.last_message_at IS NULL AND c.id < ${cursor.chatId})` : sql`(c.last_message_at IS NULL
+             OR c.last_message_at < ${cursorTsIso}::timestamptz
+             OR (c.last_message_at = ${cursorTsIso}::timestamptz AND c.id < ${cursor.chatId}))`;
+	const rawRows = await db.execute(sql`
+    WITH membership AS (
+      SELECT chat_id, 'participant'::text AS membership_kind, unread_mention_count
+        FROM chat_participants
+       WHERE agent_id = ${humanAgentId}
+      UNION ALL
+      SELECT chat_id, 'watching'::text   AS membership_kind, unread_mention_count
+        FROM chat_subscriptions
+       WHERE agent_id = ${humanAgentId}
+    ),
+    /* Resolve duplicates (should not happen post-invariant-1, but cheap) by
+       preferring the participant row. */
+    deduped AS (
+      SELECT DISTINCT ON (chat_id)
+        chat_id, membership_kind, unread_mention_count
+        FROM membership
+        ORDER BY chat_id, CASE WHEN membership_kind = 'participant' THEN 0 ELSE 1 END
+    )
+    SELECT
+      c.id                  AS chat_id,
+      c.type                AS type,
+      c.topic               AS topic,
+      c.parent_chat_id      AS parent_chat_id,
+      c.last_message_at     AS last_message_at,
+      c.last_message_preview AS last_message_preview,
+      (SELECT count(*) FROM chat_participants WHERE chat_id = c.id) AS participant_count,
+      d.membership_kind     AS membership_kind,
+      d.unread_mention_count AS unread_mention_count
+      FROM chats c
+      JOIN deduped d ON d.chat_id = c.id
+     WHERE c.parent_chat_id IS NULL
+       /* Filter: unread / watching */
+       AND (${!filterUnreadOnly}::bool OR d.unread_mention_count > 0)
+       AND (${!filterWatchingOnly}::bool OR d.membership_kind = 'watching')
+       AND ${cursorPredicate}
+     ORDER BY c.last_message_at DESC NULLS LAST, c.id DESC
+     LIMIT ${limit + 1}
+  `);
+	const toDate = (v) => {
+		if (v === null) return null;
+		return v instanceof Date ? v : new Date(v);
+	};
+	const hasMore = rawRows.length > limit;
+	const pageRaw = hasMore ? rawRows.slice(0, limit) : rawRows;
+	const last = pageRaw[pageRaw.length - 1];
+	const nextCursor = hasMore && last ? encodeCursor(toDate(last.last_message_at), last.chat_id) : null;
+	if (pageRaw.length === 0) return {
+		rows: [],
+		nextCursor: null
+	};
+	const chatIds = pageRaw.map((r) => r.chat_id);
+	const participantRows = await db.select({
+		chatId: chatParticipants.chatId,
+		agentId: chatParticipants.agentId,
+		displayName: agents.displayName,
+		type: agents.type
+	}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(inArray(chatParticipants.chatId, chatIds));
+	const participantsByChat = /* @__PURE__ */ new Map();
+	for (const p of participantRows) {
+		const list = participantsByChat.get(p.chatId) ?? [];
+		list.push({
+			agentId: p.agentId,
+			displayName: p.displayName,
+			type: p.type
+		});
+		participantsByChat.set(p.chatId, list);
+	}
+	const firstMessageRows = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const firstMessageSummary = /* @__PURE__ */ new Map();
+	for (const row of firstMessageRows) {
+		const s = extractSummary(row.content);
+		if (s) firstMessageSummary.set(row.chatId, s);
+	}
+	return {
+		rows: pageRaw.map((r) => {
+			const participants = participantsByChat.get(r.chat_id) ?? [];
+			const title = resolveChatTitle(r.topic, firstMessageSummary.get(r.chat_id) ?? null, participants, humanAgentId);
+			return {
+				chatId: r.chat_id,
+				type: r.type,
+				membershipKind: r.membership_kind,
+				title,
+				topic: r.topic,
+				participants,
+				participantCount: Number(r.participant_count),
+				lastMessageAt: toDate(r.last_message_at)?.toISOString() ?? null,
+				lastMessagePreview: r.last_message_preview,
+				unreadMentionCount: r.unread_mention_count,
+				canReply: r.membership_kind === "participant",
+				taskId: null,
+				taskStatus: null
+			};
+		}),
+		nextCursor
+	};
+}
+/**
+* Title resolution priority:
+*
+*   1. `chat.topic` (manual, set via `PATCH /admin/chats/:id`)
+*   2. First message summary (auto, ≤ 50 chars from `extractSummary`)
+*   3. Participant join (fallback when chat has no messages yet)
+*
+* The first-message fallback is the chat-first equivalent of how
+* ChatGPT / Claude.ai name conversations from the user's opening
+* prompt — gives same-agent multi-chats distinct identities and
+* removes the "title duplicates participants chip row" anti-pattern.
+*/
+function resolveChatTitle(topic, firstMessageSummary, participants, selfAgentId) {
+	if (topic && topic.length > 0) return topic;
+	if (firstMessageSummary && firstMessageSummary.length > 0) return firstMessageSummary;
+	const others = participants.filter((p) => p.agentId !== selfAgentId);
+	if (others.length === 0) return "Empty chat";
+	if (others.length <= 3) return others.map((p) => p.displayName).join(", ");
+	return `${others[0]?.displayName}, ${others[1]?.displayName} +${others.length - 2}`;
+}
+async function createMeChat(db, humanAgentId, organizationId, body) {
+	const distinctIds = [...new Set(body.participantIds)].filter((id) => id !== humanAgentId);
+	if (distinctIds.length === 0) throw new BadRequestError("At least one non-self participant required");
+	const allIds = [humanAgentId, ...distinctIds];
+	const found = await db.select({
+		uuid: agents.uuid,
+		organizationId: agents.organizationId,
+		type: agents.type
+	}).from(agents).where(inArray(agents.uuid, allIds));
+	if (found.length !== allIds.length) {
+		const foundSet = new Set(found.map((a) => a.uuid));
+		throw new BadRequestError(`Agents not found: ${allIds.filter((id) => !foundSet.has(id)).join(", ")}`);
+	}
+	const crossOrg = found.filter((a) => a.organizationId !== organizationId);
+	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.uuid).join(", ")}`);
+	const chatType = distinctIds.length === 1 ? "direct" : "group";
+	const isDirectAgentOnly = chatType === "direct" && found.every((a) => a.type !== "human");
+	const chatId = randomUUID();
+	const topic = body.topic ?? null;
+	await db.transaction(async (tx) => {
+		await tx.insert(chats).values({
+			id: chatId,
+			organizationId,
+			type: chatType,
+			topic
+		});
+		await tx.insert(chatParticipants).values(allIds.map((agentId) => ({
+			chatId,
+			agentId,
+			role: agentId === humanAgentId ? "owner" : "member",
+			...isDirectAgentOnly ? { mode: "mention_only" } : {}
+		})));
+		await recomputeChatWatchers(tx, chatId);
+	});
+	invalidateChatAudience(chatId);
+	return { chatId };
+}
+async function addMeChatParticipants(db, chatId, callerHumanAgentId, callerOrganizationId, body) {
+	const distinct = [...new Set(body.participantIds)];
+	if (distinct.length === 0) throw new BadRequestError("At least one participant required");
+	const [chat] = await db.select({
+		id: chats.id,
+		organizationId: chats.organizationId,
+		type: chats.type
+	}).from(chats).where(eq(chats.id, chatId)).limit(1);
+	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
+	if (chat.organizationId !== callerOrganizationId) throw new NotFoundError(`Chat "${chatId}" not found`);
+	const [callerRow] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, callerHumanAgentId))).limit(1);
+	if (!callerRow) throw new NotFoundError(`Chat "${chatId}" not found`);
+	const found = await db.select({
+		uuid: agents.uuid,
+		organizationId: agents.organizationId,
+		type: agents.type
+	}).from(agents).where(inArray(agents.uuid, distinct));
+	if (found.length !== distinct.length) {
+		const foundSet = new Set(found.map((a) => a.uuid));
+		throw new BadRequestError(`Agents not found: ${distinct.filter((id) => !foundSet.has(id)).join(", ")}`);
+	}
+	const crossOrg = found.filter((a) => a.organizationId !== chat.organizationId);
+	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization participant rejected: ${crossOrg.map((a) => a.uuid).join(", ")}`);
+	await db.transaction(async (tx) => {
+		const existing = await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
+		const existingSet = new Set(existing.map((e) => e.agentId));
+		const toInsert = distinct.filter((id) => !existingSet.has(id));
+		if (toInsert.length === 0) {
+			await recomputeChatWatchers(tx, chatId);
+			return;
+		}
+		const isUpgradingToGroup = existing.length + toInsert.length >= 3 && chat.type === "direct";
+		const isAlreadyGroup = chat.type === "group";
+		const isGroupAfter = isUpgradingToGroup || isAlreadyGroup;
+		if (isUpgradingToGroup) {
+			await tx.update(chats).set({
+				type: "group",
+				updatedAt: /* @__PURE__ */ new Date()
+			}).where(eq(chats.id, chatId));
+			const nonHumanIds = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existing.map((e) => e.agentId)), sql`${agents.type} <> 'human'`))).map((a) => a.uuid);
+			if (nonHumanIds.length > 0) await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, nonHumanIds)));
+		}
+		const carriedRows = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, toInsert))).returning({
+			agentId: chatSubscriptions.agentId,
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
+		const carriedByAgent = new Map(carriedRows.map((r) => [r.agentId, r]));
+		const typeByAgent = new Map(found.map((a) => [a.uuid, a.type]));
+		await tx.insert(chatParticipants).values(toInsert.map((agentId) => {
+			const agentType = typeByAgent.get(agentId);
+			const mode = isGroupAfter && agentType !== "human" ? "mention_only" : "full";
+			const carried = carriedByAgent.get(agentId);
+			return {
+				chatId,
+				agentId,
+				role: "member",
+				mode,
+				lastReadAt: carried?.lastReadAt ?? null,
+				unreadMentionCount: carried?.unreadMentionCount ?? 0
+			};
+		})).onConflictDoNothing();
+		await recomputeChatWatchers(tx, chatId);
+	});
+	invalidateChatAudience(chatId);
+}
+async function markMeChatRead(db, chatId, humanAgentId) {
+	const now = /* @__PURE__ */ new Date();
+	await db.update(chatParticipants).set({
+		lastReadAt: now,
+		unreadMentionCount: 0
+	}).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId)));
+	await db.update(chatSubscriptions).set({
+		lastReadAt: now,
+		unreadMentionCount: 0
+	}).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId)));
+	return {
+		chatId,
+		lastReadAt: now.toISOString(),
+		unreadMentionCount: 0
+	};
+}
+async function joinMeChat(db, chatId, humanAgentId) {
+	ensureCanJoin(await resolveChatMembership(db, chatId, humanAgentId));
+	await joinAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
+}
+async function leaveMeChat(db, chatId, humanAgentId) {
+	const result = await leaveAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
+	return result;
+}
+async function adminChatRoutes(app) {
+	/** List all chats in org (admin-only, for audit). Members should use GET /mine. */
+	app.get("/", { preHandler: requireAdminRoleHook() }, async (request) => {
+		const query = paginationQuerySchema.parse(request.query);
+		const rawQuery = request.query;
+		const orgParam = rawQuery.organizationId ?? rawQuery.org;
+		let orgId;
+		if (orgParam) orgId = (await resolveOrganization(app.db, orgParam)).id;
+		else orgId = await resolveDefaultOrgId(app.db);
+		const conditions = [eq(chats.organizationId, orgId)];
+		if (query.cursor) conditions.push(lt(chats.createdAt, new Date(query.cursor)));
+		const where = and(...conditions);
+		const rows = await app.db.select({
+			id: chats.id,
+			organizationId: chats.organizationId,
+			type: chats.type,
+			topic: chats.topic,
+			lifecyclePolicy: chats.lifecyclePolicy,
+			metadata: chats.metadata,
+			createdAt: chats.createdAt,
+			updatedAt: chats.updatedAt,
+			participantCount: sql`(
+          SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id}
+        )`
+		}).from(chats).where(where).orderBy(desc(chats.createdAt)).limit(query.limit + 1);
+		const hasMore = rows.length > query.limit;
+		const items = hasMore ? rows.slice(0, query.limit) : rows;
+		const last = items[items.length - 1];
+		const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
+		return {
+			items: items.map((c) => ({
+				id: c.id,
+				organizationId: c.organizationId,
+				type: c.type,
+				topic: c.topic,
+				lifecyclePolicy: c.lifecyclePolicy,
+				metadata: c.metadata,
+				participantCount: c.participantCount,
+				createdAt: c.createdAt.toISOString(),
+				updatedAt: c.updatedAt.toISOString()
+			})),
+			nextCursor
+		};
+	});
+	/** Get chat detail with participants (requires participation or supervision).
+	*
+	*  Response includes a server-resolved `title` and `firstMessagePreview`
+	*  so the chat-view header can mirror the conversation list's title
+	*  fallback chain (`topic > first message summary > participant join`)
+	*  without re-implementing it client-side. The `firstMessagePreview`
+	*  is exposed alongside the resolved title so the client can also use
+	*  it for tooltips / debugging — the resolved `title` should be the
+	*  default render target. */
+	app.get("/:chatId", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await assertChatAccess(app.db, scope, chatId);
+		const [chat] = await app.db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
+		if (!chat) throw new Error("Unexpected: chat missing after access check");
+		const participants = await app.db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
+		const firstMsgRows = await app.db.execute(sql`
+      SELECT content FROM messages
+       WHERE chat_id = ${chatId}
+       ORDER BY created_at ASC
+       LIMIT 1
+    `);
+		const firstMessagePreview = firstMsgRows[0] ? extractSummary(firstMsgRows[0].content) : null;
+		const participantAgentIds = participants.map((p) => p.agentId);
+		const agentRows = participantAgentIds.length > 0 ? await app.db.select({
+			agentId: agents.uuid,
+			displayName: agents.displayName,
+			type: agents.type
+		}).from(agents).where(inArray(agents.uuid, participantAgentIds)) : [];
+		const agentMeta = new Map(agentRows.map((a) => [a.agentId, a]));
+		const participantsForTitle = participants.map((p) => {
+			const meta = agentMeta.get(p.agentId);
+			return {
+				agentId: p.agentId,
+				displayName: meta?.displayName ?? p.agentId,
+				type: meta?.type ?? "unknown"
+			};
+		});
+		const title = resolveChatTitle(chat.topic, firstMessagePreview, participantsForTitle, scope.humanAgentId);
+		return {
+			...chat,
+			title,
+			firstMessagePreview,
+			createdAt: chat.createdAt.toISOString(),
+			updatedAt: chat.updatedAt.toISOString(),
+			participants: participants.map((p) => ({
+				agentId: p.agentId,
+				role: p.role,
+				mode: p.mode,
+				joinedAt: p.joinedAt.toISOString()
+			}))
+		};
+	});
+	/** Rename (or clear) a chat's topic. Requires participation or supervision — same gate as reading it. */
+	app.patch("/:chatId", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await assertChatAccess(app.db, scope, chatId);
+		const body = updateChatSchema.parse(request.body);
+		const nextTopic = body.topic && body.topic.length > 0 ? body.topic : null;
+		const [updated] = await app.db.update(chats).set({
+			topic: nextTopic,
+			updatedAt: /* @__PURE__ */ new Date()
+		}).where(eq(chats.id, chatId)).returning();
+		if (!updated) throw new Error("Unexpected: chat missing after update");
+		return {
+			...updated,
+			createdAt: updated.createdAt.toISOString(),
+			updatedAt: updated.updatedAt.toISOString()
 		};
 	});
 	/** List messages in a chat with delivery status (requires participation or supervision) */
@@ -13083,189 +14208,6 @@ async function adminOverviewRoutes(app) {
 		};
 	});
 }
-const SUMMARY_MAX_LENGTH = 50;
-/** Extract a plain-text summary from a message's JSONB content field. */
-function extractSummary(content, maxLen = SUMMARY_MAX_LENGTH) {
-	let text = "";
-	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
-	else if (typeof content === "string") text = content;
-	if (!text) return null;
-	return Array.from(text).slice(0, maxLen).join("");
-}
-/** List sessions for a specific agent, with optional state filters. */
-async function listAgentSessions(db, agentId, filters) {
-	const conditions = [eq(agentChatSessions.agentId, agentId)];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const agentRuntimeState = presence?.runtimeState ?? null;
-	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
-	const chatIds = rows.map((r) => r.chatId);
-	const messageCounts = chatIds.length > 0 ? await db.select({
-		chatId: inboxEntries.chatId,
-		count: sql`count(*)::int`
-	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
-	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	return rows.map((r) => ({
-		agentId: r.agentId,
-		chatId: r.chatId,
-		state: r.state,
-		runtimeState: agentRuntimeState,
-		startedAt: r.chatCreatedAt.toISOString(),
-		lastActivityAt: r.updatedAt.toISOString(),
-		messageCount: countMap.get(r.chatId) ?? 0,
-		summary: summaryMap.get(r.chatId) ?? null,
-		topic: r.chatTopic ?? null
-	}));
-}
-/** Get a single session's detail. */
-async function getSession(db, agentId, chatId) {
-	const [row] = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
-	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
-	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
-	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
-	return {
-		agentId: row.agentId,
-		chatId: row.chatId,
-		state: row.state,
-		runtimeState: presence?.runtimeState ?? null,
-		startedAt: row.chatCreatedAt.toISOString(),
-		lastActivityAt: row.updatedAt.toISOString(),
-		messageCount: countRow?.count ?? 0,
-		summary,
-		topic: row.chatTopic ?? null
-	};
-}
-/** List all sessions across all agents, with pagination. Scoped to organization. */
-async function listAllSessions(db, limit, cursor, filters) {
-	const conditions = [];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
-	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
-	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const agentIds = [...new Set(items.map((r) => r.agentId))];
-	const presenceRows = agentIds.length > 0 ? await db.select({
-		agentId: agentPresence.agentId,
-		runtimeState: agentPresence.runtimeState
-	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
-	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
-	const chatIds = [...new Set(items.map((r) => r.chatId))];
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	const last = items[items.length - 1];
-	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
-	return {
-		items: items.map((r) => ({
-			agentId: r.agentId,
-			chatId: r.chatId,
-			state: r.state,
-			runtimeState: runtimeMap.get(r.agentId) ?? null,
-			startedAt: r.chatCreatedAt.toISOString(),
-			lastActivityAt: r.updatedAt.toISOString(),
-			messageCount: 0,
-			summary: summaryMap.get(r.chatId) ?? null,
-			topic: r.chatTopic ?? null
-		})),
-		nextCursor
-	};
-}
-/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
-async function suspendSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
-}
-/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
-async function archiveSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
-}
-async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
-	const now = /* @__PURE__ */ new Date();
-	let finalState = null;
-	let transitioned = false;
-	await db.transaction(async (tx) => {
-		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
-		if (!existing) return;
-		const current = existing.state;
-		finalState = current;
-		if (!from.includes(current)) return;
-		await tx.update(agentChatSessions).set({
-			state: target,
-			updatedAt: now
-		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		await tx.update(agentPresence).set({
-			activeSessions: counts?.active ?? 0,
-			totalSessions: counts?.total ?? 0,
-			lastSeenAt: now
-		}).where(eq(agentPresence.agentId, agentId));
-		finalState = target;
-		transitioned = true;
-	});
-	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
-	return {
-		state: finalState,
-		transitioned
-	};
-}
-/**
-* Filter sessions to only those where the given agent is also a participant in the chat.
-* Used when a non-manager views sessions of an org-visible agent — they should only see
-* sessions for chats they participate in.
-*/
-async function filterSessionsByParticipant(db, sessions, participantAgentId) {
-	if (sessions.length === 0) return [];
-	const chatIds = sessions.map((s) => s.chatId);
-	const participantRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(inArray(chatParticipants.chatId, chatIds), eq(chatParticipants.agentId, participantAgentId)));
-	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
-	return sessions.filter((s) => allowedChatIds.has(s.chatId));
-}
 /**
 * Session events — structured event stream per (agent, chat) session.
 * `kind` is 'tool_call' | 'error'; the payload shape is enforced by the
@@ -14076,6 +15018,33 @@ function adminWsRoutes(notifier, jwtSecret) {
 			...payload
 		});
 	});
+	notifier.onChatMessage(({ chatId }) => {
+		dispatchChatMessage(chatId);
+	});
+	async function dispatchChatMessage(chatId) {
+		if (adminSockets.size === 0) return;
+		const audience = await getCachedAudience(getDbForChatLookup(), chatId);
+		if (!audience || audience.size === 0) return;
+		const frame = JSON.stringify({
+			type: "chat:message",
+			chatId
+		});
+		for (const [ws, meta] of adminSockets) {
+			if (ws.readyState !== 1) continue;
+			if (!audience.has(meta.humanAgentId)) continue;
+			try {
+				ws.send(frame);
+			} catch {}
+		}
+	}
+	let cachedDbForChatLookup = null;
+	function getDbForChatLookup() {
+		if (!cachedDbForChatLookup) throw new Error("admin WS: db not initialised yet");
+		return cachedDbForChatLookup;
+	}
+	function rememberDb(db) {
+		if (!cachedDbForChatLookup) cachedDbForChatLookup = db;
+	}
 	return async (app) => {
 		app.get("/admin", {
 			websocket: true,
@@ -14118,7 +15087,8 @@ function adminWsRoutes(notifier, jwtSecret) {
 			}
 			const [memberRow] = await app.db.select({
 				id: members.id,
-				role: members.role
+				role: members.role,
+				agentId: members.agentId
 			}).from(members).where(and(eq(members.userId, userId), eq(members.organizationId, organizationId), eq(members.status, "active"))).limit(1);
 			if (!memberRow) {
 				socket.send(JSON.stringify({
@@ -14134,10 +15104,14 @@ function adminWsRoutes(notifier, jwtSecret) {
 				organizationId,
 				memberId
 			});
+			rememberDb(app.db);
 			const visibleAgentIds = await loadVisibleAgentIds(app.db, organizationId, memberId);
+			const [humanAgentRow] = await app.db.select({ uuid: agents.uuid }).from(agents).where(eq(agents.uuid, memberRow.agentId)).limit(1);
+			const humanAgentId = humanAgentRow?.uuid ?? memberRow.agentId;
 			adminSockets.set(socket, {
 				organizationId,
 				memberId,
+				humanAgentId,
 				visibleAgentIds
 			});
 			socket.send(JSON.stringify({ type: "admin:connected" }));
@@ -14406,18 +15380,11 @@ async function pollInbox(db, inboxId, limit) {
 }
 async function pollInboxInner(db, inboxId, limit) {
 	return db.transaction(async (tx) => {
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
-      UPDATE inbox_entries
-      SET status = 'delivered', delivered_at = NOW()
-      WHERE id IN (
-        SELECT id FROM inbox_entries
-        WHERE inbox_id = ${inboxId} AND status = 'pending' AND notify = true
-        ORDER BY created_at
-        LIMIT ${limit}
-        FOR UPDATE SKIP LOCKED
-      )
-      RETURNING *
-    `));
+		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(limit).for("update", { skipLocked: true });
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
+			status: "delivered",
+			deliveredAt: /* @__PURE__ */ new Date()
+		}).where(inArray(inboxEntries.id, targetIds)).returning());
 	});
 }
 /**
@@ -14430,7 +15397,7 @@ async function pollInboxInner(db, inboxId, limit) {
 * hub-inbox-ws-data-plane §3.2 risk #1).
 *
 * Steps:
-*   1. Sort by `created_at` ASC (PG `RETURNING` does not guarantee order).
+*   1. Sort by `createdAt` ASC (PG `RETURNING` does not guarantee order).
 *   2. For each trigger, collect silent context & bulk-ack stale silent rows.
 *   3. Fetch the trigger messages.
 *   4. Build wire payloads via the single dispatcher.
@@ -14439,16 +15406,16 @@ async function pollInboxInner(db, inboxId, limit) {
 */
 async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
 	if (claimed.length === 0) return [];
-	claimed.sort((a, b) => a.created_at.localeCompare(b.created_at));
+	claimed.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
 	const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
-	const messageIds = claimed.map((e) => e.message_id);
+	const messageIds = claimed.map((e) => e.messageId);
 	const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
 	const msgMap = new Map(msgs.map((m) => [m.id, m]));
 	const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
-		const msg = msgMap.get(entry.message_id);
-		if (!msg) throw new Error(`Unexpected: message ${entry.message_id} not found`);
+		const msg = msgMap.get(entry.messageId);
+		if (!msg) throw new Error(`Unexpected: message ${entry.messageId} not found`);
 		return {
-			entryChatId: entry.chat_id,
+			entryChatId: entry.chatId,
 			precedingMessages: precedingByEntryId.get(entry.id) ?? [],
 			message: {
 				id: msg.id,
@@ -14469,15 +15436,15 @@ async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
 		const payload = payloads[idx];
 		if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
 		return {
-			id: Number(entry.id),
-			inboxId: entry.inbox_id,
-			messageId: entry.message_id,
-			chatId: entry.chat_id,
+			id: entry.id,
+			inboxId: entry.inboxId,
+			messageId: entry.messageId,
+			chatId: entry.chatId,
 			status: entry.status,
-			retryCount: entry.retry_count,
-			createdAt: entry.created_at,
-			deliveredAt: entry.delivered_at ?? null,
-			ackedAt: entry.acked_at ?? null,
+			retryCount: entry.retryCount,
+			createdAt: entry.createdAt.toISOString(),
+			deliveredAt: entry.deliveredAt?.toISOString() ?? null,
+			ackedAt: entry.ackedAt?.toISOString() ?? null,
 			message: payload
 		};
 	});
@@ -14512,21 +15479,11 @@ async function claimAndBuildForPush(db, inboxId, messageId) {
 		"inbox.id": inboxId,
 		"message.id": messageId
 	}, () => db.transaction(async (tx) => {
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
-          UPDATE inbox_entries
-          SET status = 'delivered', delivered_at = NOW()
-          WHERE id IN (
-            SELECT id FROM inbox_entries
-            WHERE inbox_id = ${inboxId}
-              AND message_id = ${messageId}
-              AND status = 'pending'
-              AND notify = true
-            ORDER BY created_at
-            LIMIT ${PUSH_CLAIM_BATCH_LIMIT}
-            FOR UPDATE SKIP LOCKED
-          )
-          RETURNING *
-        `));
+		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.messageId, messageId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(PUSH_CLAIM_BATCH_LIMIT).for("update", { skipLocked: true });
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
+			status: "delivered",
+			deliveredAt: /* @__PURE__ */ new Date()
+		}).where(inArray(inboxEntries.id, targetIds)).returning());
 	}));
 }
 /**
@@ -14549,7 +15506,7 @@ async function claimBacklogForPush(db, inboxId, limit) {
 * `PRECEDING_CONTEXT_WINDOW_SECONDS`. Returned messages are oldest-first.
 *
 * Side effect: bulk-ack ALL silent pending rows in each chat with
-* created_at < latest_trigger.created_at — including ones that fell outside
+* createdAt < latest_trigger.createdAt — including ones that fell outside
 * the window/cap. Otherwise stale silent rows would accumulate and re-load
 * on every poll.
 */
@@ -14557,51 +15514,41 @@ async function collectPrecedingContext(tx, inboxId, triggers) {
 	const result = /* @__PURE__ */ new Map();
 	const byChat = /* @__PURE__ */ new Map();
 	for (const t of triggers) {
-		if (t.chat_id === null) continue;
-		const list = byChat.get(t.chat_id) ?? [];
+		if (t.chatId === null) continue;
+		const list = byChat.get(t.chatId) ?? [];
 		list.push(t);
-		byChat.set(t.chat_id, list);
+		byChat.set(t.chatId, list);
 	}
 	for (const [chatId, chatTriggers] of byChat) {
-		chatTriggers.sort((a, b) => a.created_at.localeCompare(b.created_at));
+		chatTriggers.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
 		let prevCreatedAt = null;
 		for (const trigger of chatTriggers) {
-			const preceding = (await tx.execute(sql`
-        SELECT ie.id, m.id AS message_id, m.sender_id, m.format, m.content, m.metadata,
-               m.created_at
-        FROM inbox_entries ie
-        JOIN messages m ON m.id = ie.message_id
-        WHERE ie.inbox_id = ${inboxId}
-          AND ie.chat_id = ${chatId}
-          AND ie.status = 'pending'
-          AND ie.notify = false
-          AND ie.created_at < ${trigger.created_at}
-          ${prevCreatedAt === null ? sql`` : sql`AND ie.created_at > ${prevCreatedAt}`}
-          AND ie.created_at > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})
-        ORDER BY ie.created_at DESC
-        LIMIT ${50}
-        FOR UPDATE OF ie SKIP LOCKED
-      `)).map((r) => ({
-				id: r.message_id,
-				senderId: r.sender_id,
+			const preceding = (await tx.select({
+				messageId: messages.id,
+				senderId: messages.senderId,
+				format: messages.format,
+				content: messages.content,
+				metadata: messages.metadata,
+				createdAt: messages.createdAt
+			}).from(inboxEntries).innerJoin(messages, eq(messages.id, inboxEntries.messageId)).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, trigger.createdAt), prevCreatedAt === null ? void 0 : gt(inboxEntries.createdAt, prevCreatedAt), sql`${inboxEntries.createdAt} > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})`)).orderBy(desc(inboxEntries.createdAt)).limit(50).for("update", {
+				of: inboxEntries,
+				skipLocked: true
+			})).map((r) => ({
+				id: r.messageId,
+				senderId: r.senderId,
 				format: r.format,
 				content: r.content,
 				metadata: r.metadata ?? {},
-				createdAt: r.created_at
+				createdAt: r.createdAt.toISOString()
 			})).reverse();
 			result.set(trigger.id, preceding);
-			prevCreatedAt = trigger.created_at;
+			prevCreatedAt = trigger.createdAt;
 		}
 		const latestTrigger = chatTriggers[chatTriggers.length - 1];
-		if (latestTrigger) await tx.execute(sql`
-        UPDATE inbox_entries
-        SET status = 'acked', acked_at = NOW()
-        WHERE inbox_id = ${inboxId}
-          AND chat_id = ${chatId}
-          AND status = 'pending'
-          AND notify = false
-          AND created_at < ${latestTrigger.created_at}
-      `);
+		if (latestTrigger) await tx.update(inboxEntries).set({
+			status: "acked",
+			ackedAt: /* @__PURE__ */ new Date()
+		}).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, latestTrigger.createdAt)));
 	}
 	return result;
 }
@@ -14644,23 +15591,14 @@ async function renewEntry(db, entryId, inboxId) {
 	return entry;
 }
 async function resetTimedOutEntries(db, timeoutSeconds = DEFAULT_INBOX_TIMEOUT_SECONDS, maxRetries = DEFAULT_MAX_RETRY_COUNT) {
-	const resetResult = await db.execute(sql`
-    UPDATE inbox_entries SET status = 'pending', retry_count = retry_count + 1
-    WHERE status = 'delivered'
-      AND delivered_at < NOW() - make_interval(secs => ${timeoutSeconds})
-      AND retry_count < ${maxRetries}
-    RETURNING id
-  `);
-	const failedResult = await db.execute(sql`
-    UPDATE inbox_entries SET status = 'failed'
-    WHERE status = 'delivered'
-      AND delivered_at < NOW() - make_interval(secs => ${timeoutSeconds})
-      AND retry_count >= ${maxRetries}
-    RETURNING id
-  `);
+	const reset = await db.update(inboxEntries).set({
+		status: "pending",
+		retryCount: sql`${inboxEntries.retryCount} + 1`
+	}).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, lt(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
+	const failed = await db.update(inboxEntries).set({ status: "failed" }).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, gte(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
 	return {
-		reset: resetResult.length,
-		failed: failedResult.length
+		reset: reset.length,
+		failed: failed.length
 	};
 }
 /** Default age (30 days) past which silent rows that no notify-true delivery
@@ -14679,7 +15617,7 @@ const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
 *      `(inbox_id, message_id, chat_id)` means leaving them around blocks
 *      legitimate retries with the same key.
 *
-*   2. `notify=false AND status='pending' AND created_at < NOW() - maxAge` —
+*   2. `notify=false AND status='pending' AND createdAt < NOW() - maxAge` —
 *      stale silent rows that no trigger ever caught up with. After 30
 *      days they're useless as preceding context (the @mention almost
 *      certainly already happened or the chat went dormant).
@@ -14688,22 +15626,11 @@ const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
 * can log meaningful counts.
 */
 async function pruneStaleSilentEntries(db, maxAgeSeconds = SILENT_ROW_GC_MAX_AGE_SECONDS) {
-	const ackedResult = await db.execute(sql`
-    DELETE FROM inbox_entries
-    WHERE notify = false
-      AND status = 'acked'
-    RETURNING id
-  `);
-	const staleResult = await db.execute(sql`
-    DELETE FROM inbox_entries
-    WHERE notify = false
-      AND status = 'pending'
-      AND created_at < NOW() - make_interval(secs => ${maxAgeSeconds})
-    RETURNING id
-  `);
+	const ackedDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "acked"))).returning({ id: inboxEntries.id });
+	const stalePendingDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "pending"), sql`${inboxEntries.createdAt} < NOW() - make_interval(secs => ${maxAgeSeconds})`)).returning({ id: inboxEntries.id });
 	return {
-		ackedDeleted: ackedResult.length,
-		stalePendingDeleted: staleResult.length
+		ackedDeleted: ackedDeleted.length,
+		stalePendingDeleted: stalePendingDeleted.length
 	};
 }
 async function agentInboxRoutes(app) {
@@ -15581,8 +16508,9 @@ function clientWsRoutes(notifier, instanceId) {
 				}
 				boundAgents.clear();
 				if (clientId) {
+					const stillActive = isActiveClientConnection(clientId, socket);
 					removeClientConnection(clientId, socket);
-					try {
+					if (stillActive) try {
 						await disconnectClient(app.db, clientId);
 					} catch {}
 				}
@@ -15766,6 +16694,7 @@ async function ensureMembership(db, data) {
 	if (existing) {
 		if (existing.status === "left") {
 			await db.update(members).set({ status: "active" }).where(eq(members.id, existing.id));
+			await recomputeWatchersForMember(db, existing.id);
 			return {
 				...existing,
 				status: "active"
@@ -15893,11 +16822,18 @@ async function pickPrimaryMembership(db, userId) {
 * (last admin allowed to leave, leaves an orphan team) and the cleanup is
 * a v2 sweep job.
 */
+/**
+* Soft-leave an organization. Flips the member's row to `status='left'`
+* and reconciles watcher rows: `recomputeChatWatchers`'s active-member
+* predicate now drops every watcher anchored to this member, removing
+* the chats from their `/me/chats` watching list.
+*/
 async function leaveOrganization(db, memberId) {
 	const [existing] = await db.select().from(members).where(eq(members.id, memberId)).limit(1);
 	if (!existing) throw new NotFoundError(`Membership "${memberId}" not found`);
 	if (existing.status === "left") return existing;
 	await db.update(members).set({ status: "left" }).where(eq(members.id, memberId));
+	await recomputeWatchersForMember(db, memberId);
 	return {
 		...existing,
 		status: "left"
@@ -16555,7 +17491,7 @@ async function inferWizardStep(app, m) {
 * landing page.
 */
 async function publicInvitePreviewRoute(app) {
-	const { previewInvitation } = await import("./invitation-CBnQyB7o-Bulf3Sl7.mjs");
+	const { previewInvitation } = await import("./invitation-CBnQyB7o-TmnIj3kx.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -16585,7 +17521,7 @@ async function adminInvitationRoutes(app) {
 		const m = requireMember(request);
 		if (m.role !== "admin") throw new ForbiddenError("Admin role required");
 		if (request.params.id !== m.organizationId) throw new ForbiddenError("Cannot rotate invitations for another organization");
-		const { rotateInvitation } = await import("./invitation-CBnQyB7o-Bulf3Sl7.mjs");
+		const { rotateInvitation } = await import("./invitation-CBnQyB7o-TmnIj3kx.mjs");
 		const inv = await rotateInvitation(app.db, m.organizationId, m.userId);
 		return {
 			id: inv.id,
@@ -16598,6 +17534,57 @@ async function adminInvitationRoutes(app) {
 		};
 	});
 }
+/**
+* `/me/chats*` member-facing chat APIs for the chat-first workspace. Mounted
+* under the existing `memberAuth` hook.
+*
+* Auth & visibility model: every read/write here resolves through the
+* caller's human agent uuid (member.agentId). Server-side authorisation
+* keeps cross-org leakage impossible — `chats.organization_id` is verified
+* against the participant's own membership inside each service.
+*/
+async function meChatRoutes(app) {
+	/** GET /me/chats — paginated conversation list (chat-first workspace). */
+	app.get("/", async (request) => {
+		const scope = memberScope(request);
+		const query = listMeChatsQuerySchema.parse(request.query);
+		return listMeChats(app.db, scope.humanAgentId, query);
+	});
+	/** POST /me/chats — always creates a new chat (no dedupe). */
+	app.post("/", async (request, reply) => {
+		const scope = memberScope(request);
+		const body = createMeChatSchema.parse(request.body);
+		const result = await createMeChat(app.db, scope.humanAgentId, scope.organizationId, body);
+		return reply.status(201).send(result);
+	});
+	/** POST /me/chats/:chatId/read — mark the user's row read. Idempotent. */
+	app.post("/:chatId/read", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		return markMeChatRead(app.db, chatId, scope.humanAgentId);
+	});
+	/** POST /me/chats/:chatId/participants — add one or more speaking participants. Idempotent. */
+	app.post("/:chatId/participants", async (request, reply) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		const body = addMeChatParticipantsSchema.parse(request.body);
+		await addMeChatParticipants(app.db, chatId, scope.humanAgentId, scope.organizationId, body);
+		return reply.status(204).send();
+	});
+	/** POST /me/chats/:chatId/join — watcher → speaking participant. State-carry. */
+	app.post("/:chatId/join", async (request, reply) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await joinMeChat(app.db, chatId, scope.humanAgentId);
+		return reply.status(204).send();
+	});
+	/** POST /me/chats/:chatId/leave — speaking participant → watcher (or detach). */
+	app.post("/:chatId/leave", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		return leaveMeChat(app.db, chatId, scope.humanAgentId);
+	});
+}
 const SALT_ROUNDS = 10;
 /**
 * Create a member in an organization.
@@ -17236,6 +18223,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	agents: () => agents,
 	authIdentities: () => authIdentities,
 	chatParticipants: () => chatParticipants,
+	chatSubscriptions: () => chatSubscriptions,
 	chats: () => chats,
 	clients: () => clients,
 	inboxEntries: () => inboxEntries,
@@ -18580,6 +19568,10 @@ async function buildApp(config) {
 			adminApp.addHook("onRequest", memberAuth);
 			await adminApp.register(adminChatRoutes);
 		}, { prefix: "/admin/chats" });
+		await api.register(async (memberApp) => {
+			memberApp.addHook("onRequest", memberAuth);
+			await memberApp.register(meChatRoutes);
+		}, { prefix: "/me/chats" });
 		await api.register(async (adminApp) => {
 			adminApp.addHook("onRequest", memberAuth);
 			await adminApp.register(adminClientRoutes);
@@ -18686,6 +19678,13 @@ async function buildApp(config) {
 			kaelRuntime?.reload().catch((err) => hotReloadLog.error({ err }, "kael hot-reload failed (PG NOTIFY)"));
 		}
 	});
+	registerChatMessageDispatcher((chatId, messageId) => {
+		notifier.notifyChatMessage(chatId, messageId).catch((err) => createLogger$1("chat-message-kick").warn({
+			err,
+			chatId,
+			messageId
+		}, "chat:message kick failed"));
+	});
 	app.addHook("onReady", async () => {
 		await ensureDefaultOrganization(db);
 		await notifier.start();