npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.10.15 → 0.11.0 - Mend

@agent-team-foundation/first-tree-hub 0.10.15 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/cli/index.mjs +3 -3
package/dist/{dist-D6AOiyNg.mjs → dist-BoHl9HwW.mjs} +66 -2
package/dist/drizzle/0030_chat_first_workspace.sql +129 -0
package/dist/drizzle/meta/_journal.json +7 -0
package/dist/{feishu-DQ1l18Ah.mjs → feishu-Dxk6ArOK.mjs} +1 -1
package/dist/index.mjs +3 -3
package/dist/{invitation-CBnQyB7o-Bulf3Sl7.mjs → invitation-CBnQyB7o-TmnIj3kx.mjs} +1 -1
package/dist/{saas-connect-CebXWFF-.mjs → saas-connect-DLSyrQcC.mjs} +1275 -294
package/dist/web/assets/index-BxGzfDTS.js +383 -0
package/dist/web/assets/{index-BQda2sqe.js → index-COflQOwF.js} +1 -1
package/dist/web/assets/{index-CKoTjI0J.css → index-DDqPt6PI.css} +1 -1
package/dist/web/index.html +2 -2
package/package.json +1 -1
package/dist/web/assets/index-C7yW7sWI.js +0 -388

package/dist/{saas-connect-CebXWFF-.mjs → saas-connect-DLSyrQcC.mjs} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DPyf745N-BSc8QNcR.mjs";
 import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-DUeYbwm-.mjs";
-import { $ as refreshTokenSchema, A as createOrgFromMeSchema, B as imageInlineContentSchema, C as clientRegisterSchema, D as createAgentSchema, E as createAdapterMappingSchema, F as dryRunAgentRuntimeConfigSchema, G as isReservedAgentName$1, H as inboxDeliverFrameSchema$1, I as extractMentions, J as loginSchema, K as joinByInvitationSchema, L as githubCallbackQuerySchema, M as createTaskSchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as rebindAgentSchema, R as githubDevCallbackQuerySchema, S as clientCapabilitiesSchema$1, St as wsAuthFrameSchema, T as createAdapterConfigSchema, U as inboxPollQuerySchema, V as inboxAckFrameSchema, W as isRedactedEnvValue, X as notificationQuerySchema, Y as messageSourceSchema$1, Z as paginationQuerySchema, _ as adminUpdateTaskSchema, _t as updateClientCapabilitiesSchema, a as AGENT_STATUSES, at as sendToAgentSchema, b as agentRuntimeConfigPayloadSchema$1, bt as updateSystemConfigSchema, ct as sessionEventSchema$1, d as TASK_HEALTH_SIGNALS, dt as switchOrgSchema, et as runtimeStateMessageSchema, f as TASK_STATUSES, ft as taskListQuerySchema, g as adminCreateTaskSchema, gt as updateChatSchema, h as addParticipantSchema, ht as updateAgentSchema, i as AGENT_SOURCES, it as sendMessageSchema, j as createOrganizationSchema, k as createMemberSchema, l as SYSTEM_CONFIG_DEFAULTS, lt as sessionReconcileRequestSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as updateAgentRuntimeConfigSchema, n as AGENT_NAME_REGEX$1, nt as scanMentionTokens, o as AGENT_TYPES, ot as sessionCompletionMessageSchema, p as TASK_TERMINAL_STATUSES, pt as updateAdapterConfigSchema, q as linkTaskChatSchema, r as AGENT_SELECTOR_HEADER$1, rt as selfServiceFeishuBotSchema, s as AGENT_VISIBILITY, st as sessionEventMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as safeRedirectPath, u as TASK_CREATOR_TYPES, ut as sessionStateMessageSchema, v as agentBindRequestSchema, vt as updateMemberSchema, w as connectTokenExchangeSchema, x as agentTypeSchema$1, xt as updateTaskStatusSchema, y as agentPinnedMessageSchema$1, yt as updateOrganizationSchema, z as githubStartQuerySchema } from "./dist-D6AOiyNg.mjs";
+import { $ as messageSourceSchema$1, A as createChatSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateMemberSchema, D as createAdapterConfigSchema, Dt as wsAuthFrameSchema, E as connectTokenExchangeSchema, Et as updateTaskStatusSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isReservedAgentName$1, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMemberSchema, N as createOrgFromMeSchema, O as createAdapterMappingSchema, P as createOrganizationSchema, Q as loginSchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateClientCapabilitiesSchema, T as clientRegisterSchema, Tt as updateSystemConfigSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as linkTaskChatSchema, Y as joinByInvitationSchema, Z as listMeChatsQuerySchema, _ as addParticipantSchema, _t as taskListQuerySchema, a as AGENT_STATUSES, at as safeRedirectPath, b as agentBindRequestSchema, bt as updateAgentSchema, ct as sendMessageSchema, d as TASK_CREATOR_TYPES, dt as sessionEventMessageSchema, et as notificationQuerySchema, f as TASK_HEALTH_SIGNALS, ft as sessionEventSchema$1, g as addMeChatParticipantsSchema, gt as switchOrgSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as stripCode, i as AGENT_SOURCES, it as runtimeStateMessageSchema, j as createMeChatSchema, k as createAgentSchema, l as MENTION_REGEX, lt as sendToAgentSchema, m as TASK_TERMINAL_STATUSES, mt as sessionStateMessageSchema, n as AGENT_NAME_REGEX$1, nt as rebindAgentSchema, o as AGENT_TYPES, ot as scanMentionTokens, p as TASK_STATUSES, pt as sessionReconcileRequestSchema, q as isRedactedEnvValue, r as AGENT_SELECTOR_HEADER$1, rt as refreshTokenSchema, s as AGENT_VISIBILITY, st as selfServiceFeishuBotSchema, t as AGENT_BIND_REJECT_REASONS, tt as paginationQuerySchema, u as SYSTEM_CONFIG_DEFAULTS, ut as sessionCompletionMessageSchema, v as adminCreateTaskSchema, vt as updateAdapterConfigSchema, w as clientCapabilitiesSchema$1, wt as updateOrganizationSchema, x as agentPinnedMessageSchema$1, xt as updateChatSchema, y as adminUpdateTaskSchema, yt as updateAgentRuntimeConfigSchema, z as extractMentions } from "./dist-BoHl9HwW.mjs";
 import { _ as recordRedemption, a as ConflictError, b as uuidv7, c as UnauthorizedError, d as findActiveByToken, f as getActiveInvitation, h as organizations, i as ClientUserMismatchError$1, l as buildInviteUrl, m as invitations, n as BadRequestError, o as ForbiddenError, p as invitationRedemptions, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as ensureActiveInvitation, y as users } from "./invitation-B1pjAyOz-BaCA9PII.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
@@ -734,7 +734,11 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()),
 	createdAt: z.string(),
 	updatedAt: z.string()
-}).extend({ participants: z.array(chatParticipantSchema) });
+}).extend({
+	participants: z.array(chatParticipantSchema),
+	title: z.string(),
+	firstMessagePreview: z.string().nullable()
+});
 z.object({ topic: z.string().trim().max(500).nullable() });
 z.object({
 	agentId: z.string().min(1),
@@ -1041,6 +1045,59 @@ z.object({
 });
 z.object({ token: z.string().min(1) });
 z.object({}).optional();
+const meChatFilterSchema = z.enum([
+	"all",
+	"unread",
+	"watching"
+]);
+const meChatMembershipKindSchema = z.enum(["participant", "watching"]);
+z.object({
+	cursor: z.string().optional(),
+	limit: z.coerce.number().int().min(1).max(200).default(50),
+	filter: meChatFilterSchema.default("all")
+});
+const meChatParticipantSchema = z.object({
+	agentId: z.string(),
+	displayName: z.string(),
+	type: z.string()
+});
+const meChatRowSchema = z.object({
+	chatId: z.string(),
+	type: z.string(),
+	membershipKind: meChatMembershipKindSchema,
+	title: z.string(),
+	topic: z.string().nullable(),
+	participants: z.array(meChatParticipantSchema),
+	participantCount: z.number().int(),
+	lastMessageAt: z.string().nullable(),
+	lastMessagePreview: z.string().nullable(),
+	unreadMentionCount: z.number().int(),
+	canReply: z.boolean(),
+	taskId: z.string().nullable(),
+	taskStatus: z.string().nullable()
+});
+z.object({
+	rows: z.array(meChatRowSchema),
+	nextCursor: z.string().nullable()
+});
+z.object({
+	participantIds: z.array(z.string().min(1)).min(1),
+	topic: z.string().trim().max(500).optional().nullable()
+});
+z.object({ participantIds: z.array(z.string().min(1)).min(1) });
+z.object({
+	chatId: z.string(),
+	lastReadAt: z.string(),
+	unreadMentionCount: z.number().int()
+});
+z.object({
+	chatId: z.string(),
+	membershipKind: meChatMembershipKindSchema.nullable()
+});
+z.object({
+	type: z.literal("chat:message"),
+	chatId: z.string()
+});
 z.enum([
 	"connect",
 	"create_agent",
@@ -8146,7 +8203,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-DQ1l18Ah.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-Dxk6ArOK.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9126,7 +9183,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-DFDhctwC.mjs
+//#region ../server/dist/app-DNJkrky7.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -9210,17 +9267,44 @@ const chats = pgTable("chats", {
 	lifecyclePolicy: text("lifecycle_policy").default("persistent"),
 	parentChatId: text("parent_chat_id"),
 	metadata: jsonb("metadata").$type().notNull().default({}),
+	lastMessageAt: timestamp("last_message_at", { withTimezone: true }),
+	lastMessagePreview: text("last_message_preview"),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
-/** Chat participants (M:N). */
+}, (table) => [index("idx_chats_org_last_message").on(table.organizationId, desc(table.lastMessageAt))]);
+/** Speaking participants of a chat (M:N). Watchers live in chat_subscriptions. */
 const chatParticipants = pgTable("chat_participants", {
 	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
 	agentId: text("agent_id").notNull().references(() => agents.uuid),
 	role: text("role").notNull().default("member"),
 	mode: text("mode").notNull().default("full"),
+	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
+	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
 	joinedAt: timestamp("joined_at", { withTimezone: true }).notNull().defaultNow()
 }, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_participants_agent").on(table.agentId)]);
+/**
+* Non-speaking observers ("watchers"). Used by the chat-first workspace so a
+* user can supervise chats their managed agents participate in without
+* accidentally being part of fan-out.
+*
+* Invariants:
+*   1. (chat_id, agent_id) is mutually exclusive with chat_participants.
+*   2. Rows here NEVER produce inbox_entries (fan-out exclusivity).
+*   3. Mention candidate resolution NEVER includes these rows.
+*   4. State transitions (join/leave) carry last_read_at + counter; lifecycle
+*      recomputes default to NULL/0 and MUST NOT run on the join/leave path.
+*
+* See docs/chat-first-workspace-product-design.md "Data Model" + "State
+* Transitions" for the full contract.
+*/
+const chatSubscriptions = pgTable("chat_subscriptions", {
+	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
+	agentId: text("agent_id").notNull().references(() => agents.uuid),
+	kind: text("kind").notNull().default("watching"),
+	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
+	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_chat_subscriptions_agent").on(table.agentId)]);
 /** Organization membership. Links a user to an org with a role and a 1:1 human agent. */
 const members = pgTable("members", {
 	id: text("id").primaryKey(),
@@ -10015,7 +10099,7 @@ async function deleteAdapterConfig(db, id) {
 	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
 	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
 }
-const log$5 = createLogger$1("AdminAdapters");
+const log$6 = createLogger$1("AdminAdapters");
 const orgQuerySchema$1 = z.object({ organizationId: z.string().min(1).optional() });
 function parseId(raw) {
 	const id = Number(raw);
@@ -10038,7 +10122,7 @@ async function adminAdapterRoutes(app) {
 		const scope = memberScope(request);
 		await assertCanManage(app.db, scope, body.agentId);
 		const config = await createAdapterConfig(app.db, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after create"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after create"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(201).send({
 			...config,
@@ -10062,7 +10146,7 @@ async function adminAdapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertCanManage(app.db, scope, existing.agentId);
 		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after update"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after update"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return {
 			...config,
@@ -10076,7 +10160,7 @@ async function adminAdapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertCanManage(app.db, scope, existing.agentId);
 		await deleteAdapterConfig(app.db, id);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after delete"));
+		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after delete"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -10157,6 +10241,227 @@ const agentConfigs = pgTable("agent_configs", {
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
 });
 /**
+* Chat-first workspace — watcher subscription helpers.
+*
+* Watchers (rows in `chat_subscriptions`) are non-speaking observers. A
+* member who manages an agent that participates in a chat — but whose own
+* human agent is not a speaker there — sees the chat in their workspace
+* via a watcher row.
+*
+* Two distinct kinds of operation live here:
+*
+*   1. Set rebuilds (`recompute*`). Idempotent set-based recomputations
+*      driven by lifecycle events (chat created, participant added/removed,
+*      member status flipped, etc.). These DEFAULT new rows to NULL/0 read
+*      state.
+*
+*   2. State-carry transitions (`joinAsParticipant`, `leaveAsParticipant`).
+*      Move a single (chat, agent) pair between `chat_participants` and
+*      `chat_subscriptions` while preserving `last_read_at` and
+*      `unread_mention_count`. NEVER call recompute on this path or you'll
+*      lose read state.
+*
+* See docs/chat-first-workspace-product-design.md "State Transitions" and
+* "Risk Constraints".
+*/
+/**
+* Recompute watcher rows for ONE chat. For every active member who:
+*   - manages a non-human agent that speaks in the chat, AND
+*   - whose own human agent is NOT a speaker in the chat
+* an `(chat_id, member.agent_id)` watcher row is upserted (NULL read state).
+*
+* Watchers whose anchoring condition no longer holds (manager left, the
+* managed agent was removed from the chat, the manager joined as a speaker
+* themselves) are deleted.
+*
+* Idempotent: safe to call multiple times for the same chat.
+*/
+async function recomputeChatWatchers(db, chatId) {
+	await db.execute(sql`
+    INSERT INTO chat_subscriptions
+      (chat_id, agent_id, kind, last_read_at, unread_mention_count, created_at)
+    SELECT DISTINCT cp.chat_id, m.agent_id, 'watching', NULL::timestamp with time zone, 0, now()
+      FROM chat_participants cp
+      JOIN agents  a ON a.uuid = cp.agent_id
+      JOIN members m ON m.id   = a.manager_id
+     WHERE cp.chat_id = ${chatId}
+       AND m.status   = 'active'
+       AND a.type    <> 'human'
+       AND NOT EXISTS (
+         SELECT 1 FROM chat_participants cp2
+          WHERE cp2.chat_id  = cp.chat_id
+            AND cp2.agent_id = m.agent_id
+       )
+    ON CONFLICT (chat_id, agent_id) DO NOTHING
+  `);
+	await db.execute(sql`
+    DELETE FROM chat_subscriptions cs
+     WHERE cs.chat_id = ${chatId}
+       AND NOT EXISTS (
+         SELECT 1
+           FROM chat_participants cp
+           JOIN agents  a ON a.uuid = cp.agent_id
+           JOIN members m ON m.id   = a.manager_id
+          WHERE cp.chat_id = cs.chat_id
+            AND m.agent_id = cs.agent_id
+            AND m.status   = 'active'
+            AND a.type    <> 'human'
+            AND NOT EXISTS (
+              SELECT 1 FROM chat_participants cp2
+               WHERE cp2.chat_id  = cp.chat_id
+                 AND cp2.agent_id = m.agent_id
+            )
+       )
+  `);
+}
+/**
+* Recompute watcher rows touching ONE agent across all chats it speaks in.
+* Used after `rebindAgent` (manager change) so the new manager picks up
+* watcher rows and the old manager's are dropped.
+*/
+async function recomputeWatchersForAgent(db, agentId) {
+	const chatRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId));
+	for (const { chatId } of chatRows) await recomputeChatWatchers(db, chatId);
+}
+/**
+* Recompute watcher rows touching ONE member across all chats. Triggered
+* when the member's status flips active ↔ left.
+*/
+async function recomputeWatchersForMember(db, memberId) {
+	const rows = await db.selectDistinct({ chatId: chatParticipants.chatId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(and(eq(agents.managerId, memberId), ne(agents.type, "human")));
+	for (const { chatId } of rows) await recomputeChatWatchers(db, chatId);
+}
+/**
+* Mirror of `services/chat.ts` `maybeUpgradeDirectToGroup`. Inlined here so
+* `joinAsParticipant` keeps the upgrade rule + the state carry in one
+* transaction without depending on chat.ts (avoids a circular import).
+*/
+async function maybeUpgradeDirectToGroup$1(tx, chatId, existingParticipantIds) {
+	if (existingParticipantIds.length + 1 < 3) return;
+	const [chat] = await tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
+	if (!chat || chat.type !== "direct") return;
+	await tx.update(chats).set({
+		type: "group",
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(eq(chats.id, chatId));
+	if (existingParticipantIds.length === 0) return;
+	const ids = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((r) => r.uuid);
+	if (ids.length === 0) return;
+	await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
+}
+/**
+* Watcher → speaking participant. State-carry transaction.
+*
+*   1. DELETE the watcher row (returning read state).
+*   2. If a participant row already exists, no-op (idempotent).
+*   3. Otherwise, run the direct → group upgrade rule against the *current*
+*      participant set, then INSERT the participant row carrying read state.
+*
+* If `requireWatcherOrVisible` is true, refuse when the user has neither a
+* watcher row nor admin-derived visibility — used to keep the public
+* `/me/chats/:chatId/join` endpoint honest. Pre-check happens in the
+* route layer where we have the full member scope.
+*/
+async function joinAsParticipant(db, chatId, humanAgentId) {
+	return db.transaction(async (tx) => {
+		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
+		const [existing] = await tx.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
+		if (existing) return {
+			chatId,
+			inserted: false,
+			carried: carriedRow ?? null
+		};
+		await maybeUpgradeDirectToGroup$1(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId));
+		await tx.insert(chatParticipants).values({
+			chatId,
+			agentId: humanAgentId,
+			role: "member",
+			mode: "full",
+			lastReadAt: carriedRow?.lastReadAt ?? null,
+			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
+		});
+		return {
+			chatId,
+			inserted: true,
+			carried: carriedRow ?? null
+		};
+	});
+}
+/**
+* Speaking participant → watcher (or fully detach).
+*
+*   1. DELETE the participant row (returning read state).
+*   2. Test "still visible": is the user still the manager of an agent that
+*      remains a participant in this chat? If yes, INSERT a watcher row
+*      carrying read state. If no, drop entirely.
+*
+* Caller must validate that the user actually has a participant row to
+* leave (returns `NotFoundError` if not).
+*/
+async function leaveAsParticipant(db, chatId, humanAgentId) {
+	return db.transaction(async (tx) => {
+		const [carried] = await tx.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning({
+			lastReadAt: chatParticipants.lastReadAt,
+			unreadMentionCount: chatParticipants.unreadMentionCount
+		});
+		if (!carried) throw new NotFoundError("Not a participant of this chat");
+		const [stillVisibleRow] = await tx.execute(sql`
+      SELECT EXISTS (
+        SELECT 1
+          FROM chat_participants cp
+          JOIN agents  a ON a.uuid = cp.agent_id
+          JOIN members m ON m.id   = a.manager_id
+         WHERE cp.chat_id = ${chatId}
+           AND m.agent_id = ${humanAgentId}
+           AND m.status   = 'active'
+           AND a.type    <> 'human'
+      ) AS visible
+    `);
+		if (!Boolean(stillVisibleRow?.visible)) return {
+			chatId,
+			membershipKind: null
+		};
+		await tx.insert(chatSubscriptions).values({
+			chatId,
+			agentId: humanAgentId,
+			kind: "watching",
+			lastReadAt: carried.lastReadAt,
+			unreadMentionCount: carried.unreadMentionCount
+		}).onConflictDoNothing();
+		return {
+			chatId,
+			membershipKind: "watching"
+		};
+	});
+}
+/**
+* Resolve the membership row of the human agent for the given chat. Returns
+* one of: 'participant', 'watching', or null.
+*
+* Used by `/me/chats/:chatId/join` to refuse a join when the user has
+* neither a watcher row nor a participant row, and isn't otherwise
+* authorised (admin in the chat's org).
+*/
+async function resolveChatMembership(db, chatId, humanAgentId) {
+	const [participant] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
+	if (participant) return "participant";
+	const [sub] = await db.select({ chatId: chatSubscriptions.chatId }).from(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).limit(1);
+	if (sub) return "watching";
+	return null;
+}
+/**
+* Used by `/me/chats/:chatId/join`. Throw 409 if already a speaker (no work
+* to do) and 403 if no watcher row and no admin override. Admin override is
+* resolved at the route layer; this helper only reports the watcher state.
+*/
+function ensureCanJoin(membership) {
+	if (membership === "participant") throw new ConflictError("Already a participant in this chat");
+	if (membership === null) throw new ForbiddenError("Not a watcher of this chat — open the chat from your workspace before joining");
+}
+/**
 * Names beginning with `__` are reserved for Hub-internal pseudo agents
 * (e.g. the task notifier). User-facing creation must not be able to
 * squat on them, otherwise internal traffic could be routed through a
@@ -10463,6 +10768,7 @@ async function updateAgent(db, uuid, data) {
 	}
 	const [updated] = await db.update(agents).set(updates).where(eq(agents.uuid, agent.uuid)).returning();
 	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
+	if (data.managerId !== void 0 && data.managerId !== agent.managerId) await recomputeWatchersForAgent(db, agent.uuid);
 	return updated;
 }
 /**
@@ -10549,6 +10855,71 @@ async function deleteAgent(db, uuid) {
 	return agent;
 }
 /**
+* Process-local cache for the per-chat realtime push audience
+* (`chat_participants ∪ chat_subscriptions`, keyed by human agent
+* uuid). Sits in front of the admin WS dispatch so a chat with N
+* messages/sec doesn't issue N audience-resolution queries; one query
+* + cache hit per chat per TTL window.
+*
+* The cache exposes both a populator (`getCachedAudience`) and an
+* invalidator (`invalidateChatAudience`). Participant-mutation paths
+* (`addMeChatParticipants`, `joinMeChat`, `leaveMeChat`,
+* `recomputeChatWatchers`, `joinAsParticipant`, `leaveAsParticipant`)
+* MUST call `invalidateChatAudience` after their tx commits so the
+* very next dispatch reflects the new audience without waiting for
+* the TTL to age out — without invalidation, a freshly-added speaker
+* would miss `chat:message` pushes for up to TTL_MS.
+*
+* Cross-instance correctness: not handled here. The PG NOTIFY layer
+* already broadcasts message events to every replica; each replica's
+* audience cache is independently invalidated by its own
+* service-layer mutations on chats it routes traffic for. For
+* cross-replica participant changes to invalidate this cache, route
+* the mutation through the same replica that hosts the WS connection
+* (sticky routing) or add a dedicated `chat:audience` PG NOTIFY in
+* a follow-up.
+*/
+const log$5 = createLogger$1("ChatAudienceCache");
+const TTL_MS = 5e3;
+const MAX_ENTRIES = 1024;
+const cache = /* @__PURE__ */ new Map();
+/** Resolve a chat's push audience, hitting the cache when fresh.
+*  Returns null on DB error (caller should skip dispatch). */
+async function getCachedAudience(db, chatId) {
+	const now = Date.now();
+	const cached = cache.get(chatId);
+	if (cached && cached.expiresAt > now) return cached.audience;
+	try {
+		const rows = await db.execute(sql`
+      SELECT agent_id FROM chat_participants WHERE chat_id = ${chatId}
+      UNION
+      SELECT agent_id FROM chat_subscriptions WHERE chat_id = ${chatId}
+    `);
+		const audience = new Set(rows.map((r) => r.agent_id));
+		cache.set(chatId, {
+			audience,
+			expiresAt: now + TTL_MS
+		});
+		if (cache.size > MAX_ENTRIES) {
+			for (const [k, v] of cache) if (v.expiresAt <= now) cache.delete(k);
+		}
+		return audience;
+	} catch (err) {
+		log$5.warn({
+			err,
+			chatId
+		}, "failed to resolve chat audience");
+		return null;
+	}
+}
+/** Drop the cached audience for a chat. Called from participant-
+*  mutation paths after their transaction commits, so the next
+*  `chat:message` dispatch hits the DB and reflects the new
+*  membership instead of serving a stale TTL window. */
+function invalidateChatAudience(chatId) {
+	cache.delete(chatId);
+}
+/**
 * When a direct chat grows past 2 participants, upgrade it to `group` and
 * flip every existing non-human agent participant to `mention_only` — see
 * proposals/hub-agent-messaging-reply-and-mentions §3.3. The caller is
@@ -10603,6 +10974,7 @@ async function createChat(db, creatorId, data) {
 			...isDirectAgentOnly ? { mode: "mention_only" } : {}
 		}));
 		await tx.insert(chatParticipants).values(participantRows);
+		await recomputeChatWatchers(tx, chatId);
 		const participants = await tx.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
 		return {
@@ -10666,12 +11038,15 @@ async function ensureParticipant(db, chatId, agentId) {
 	if (existing) return;
 	await db.transaction(async (tx) => {
 		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, agentId)));
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId,
 			mode: "full"
 		}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 }
 async function addParticipant(db, chatId, requesterId, data) {
 	const chat = await getChat(db, chatId);
@@ -10686,12 +11061,15 @@ async function addParticipant(db, chatId, requesterId, data) {
 	if (existing) throw new ConflictError(`Agent "${data.agentId}" is already a participant`);
 	await db.transaction(async (tx) => {
 		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, data.agentId)));
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId: data.agentId,
 			mode: data.mode ?? "full"
 		});
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 async function removeParticipant(db, chatId, requesterId, targetAgentId) {
@@ -10699,6 +11077,8 @@ async function removeParticipant(db, chatId, requesterId, targetAgentId) {
 	if (requesterId === targetAgentId) throw new BadRequestError("Cannot remove yourself from a chat");
 	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, targetAgentId))).returning();
 	if (!removed) throw new NotFoundError(`Agent "${targetAgentId}" is not a participant of this chat`);
+	await recomputeChatWatchers(db, chatId);
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 /**
@@ -10790,23 +11170,38 @@ async function joinChat(db, chatId, memberId, humanAgentId) {
 	const [humanAgent] = await db.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
 	if (!humanAgent || humanAgent.organizationId !== chat.organizationId) throw new BadRequestError("Agent does not belong to the same organization as the chat");
 	await db.transaction(async (tx) => {
+		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
 		await maybeUpgradeDirectToGroup(tx, chatId, participantAgentIds, 1);
 		await tx.insert(chatParticipants).values({
 			chatId,
 			agentId: humanAgentId,
 			role: "member",
-			mode: "full"
+			mode: "full",
+			lastReadAt: carriedRow?.lastReadAt ?? null,
+			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
 		});
+		await recomputeChatWatchers(tx, chatId);
 	});
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 /**
 * Manager leaves a chat. Removes their human agent from participants.
 * Only allowed if the human agent is a participant.
+*
+* Delegates the participant→watcher transition to `leaveAsParticipant`
+* so admin-side and `/me/chats/:id/leave` share one canonical path. The
+* earlier "recompute then UPDATE-back state" variant violated the design
+* rule that recompute is only for set rebuild — never on a transition
+* path (review #228 issue #2). The returned participant list is fetched
+* after the tx commits, matching the admin route's existing contract.
 */
 async function leaveChat(db, chatId, humanAgentId) {
-	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning();
-	if (!removed) throw new NotFoundError("Not a participant of this chat");
+	await leaveAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 async function findOrCreateDirectChat(db, agentAId, agentBId) {
@@ -10846,6 +11241,7 @@ async function findOrCreateDirectChat(db, agentAId, agentBId) {
 			role: "member",
 			mode
 		}]);
+		await recomputeChatWatchers(tx, chatId);
 		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
 		return chat;
 	});
@@ -11548,6 +11944,88 @@ async function listAgentsWithRuntime(db, scope) {
 		type: agents.type
 	}).from(agentPresence).innerJoin(agents, eq(agentPresence.agentId, agents.uuid)).where(and(isNotNull(agentPresence.runtimeState), agentVisibilityCondition(scope.organizationId, scope.memberId)));
 }
+/**
+* Chat-first workspace — append-only post-fan-out projection.
+*
+* The single sanctioned extension point on the message hot path. Called
+* from `services/message.ts` AFTER existing fan-out completes, inside the
+* same transaction. Three responsibilities:
+*
+*   1. Mention propagation: increment `unread_mention_count` for mentioned
+*      speaking participants AND for watcher rows whose managed agent was
+*      mentioned. Sender row is excluded.
+*
+*   2. Chats projection: roll forward `chats.last_message_at`,
+*      `chats.last_message_preview`. Powers the conversation list cursor +
+*      sort + preview.
+*
+*   3. Realtime kick: fire-and-forget `pg_notify('chat_message_events', …)`
+*      so admin WS sockets can translate it into a `chat:message` frame.
+*      Failure is swallowed — durable persistence is the correctness path.
+*
+* Strict invariants (see docs/chat-first-workspace-product-design.md
+* "Risk Constraints"):
+*   - This module appends ONLY. Never edits existing fan-out / inbox /
+*     mention-extraction code.
+*   - Watchers (chat_subscriptions) are NEVER added to inbox_entries here.
+*     Their counters are bumped purely as a per-user red-dot signal.
+*   - Mention candidate set is `chat_participants` only; watchers are not
+*     direct `@`-mention targets.
+*/
+let dispatcher = null;
+function registerChatMessageDispatcher(fn) {
+	dispatcher = fn;
+}
+/**
+* Best-effort cross-process kick for the chat-first workspace. Call AFTER
+* the message transaction commits — never inside the tx. Failure logs +
+* drops; web reconnect refetches.
+*
+* Speakers also get an inbox NOTIFY through the existing path. They will
+* receive both, and the web client de-dupes naturally because both end up
+* invalidating the same query keys.
+*/
+function fireChatMessageKick(chatId, messageId) {
+	if (!dispatcher) return;
+	try {
+		dispatcher(chatId, messageId);
+	} catch {}
+}
+/**
+* Apply the post-fan-out projection. MUST be called inside the same
+* transaction as the message INSERT. Safe to call when `mentionedAgentIds`
+* is empty (degenerate case skips the mention UPDATEs).
+*/
+async function applyAfterFanOut(tx, input) {
+	const { chatId, senderId, mentionedAgentIds, contentPreview, messageCreatedAt } = input;
+	const previewClipped = contentPreview.length > 0 ? contentPreview.slice(0, 200) : null;
+	const ts = messageCreatedAt ?? /* @__PURE__ */ new Date();
+	await tx.update(chats).set({
+		lastMessageAt: ts,
+		lastMessagePreview: previewClipped
+	}).where(eq(chats.id, chatId));
+	if (mentionedAgentIds.length === 0) return;
+	await tx.update(chatParticipants).set({ unreadMentionCount: sql`${chatParticipants.unreadMentionCount} + 1` }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, mentionedAgentIds), ne(chatParticipants.agentId, senderId)));
+	const managerHumanAgentIds = (await tx.execute(sql`
+    SELECT DISTINCT m.agent_id AS human_agent_id
+      FROM agents a
+      JOIN members m ON m.id = a.manager_id
+     WHERE a.uuid IN ${makeUuidList(mentionedAgentIds)}
+       AND a.type <> 'human'
+       AND m.status = 'active'
+  `)).map((r) => r.human_agent_id);
+	if (managerHumanAgentIds.length === 0) return;
+	await tx.update(chatSubscriptions).set({ unreadMentionCount: sql`${chatSubscriptions.unreadMentionCount} + 1` }).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, managerHumanAgentIds)));
+}
+/**
+* Build a parenthesised, comma-separated list of bound parameters: `(?, ?, ?)`.
+* Used in raw SQL where drizzle's `inArray` can't be directly applied (e.g.
+* inside a hand-rolled SELECT). Always called with a non-empty list — the
+* caller short-circuits the empty case.
+*/
+function makeUuidList(ids) {
+	return sql`(${sql.join(ids.map((id) => sql`${id}`), sql`, `)})`;
+}
 const log$4 = createLogger$1("message");
 async function sendMessage(db, chatId, senderId, data, options = {}) {
 	return withSpan("inbox.enqueue", messageAttrs({
@@ -11649,6 +12127,15 @@ async function sendMessageInner(db, chatId, senderId, data, options) {
 		}
 		await tx.update(chats).set({ updatedAt: /* @__PURE__ */ new Date() }).where(eq(chats.id, chatId));
 		if (!msg) throw new Error("Unexpected: INSERT RETURNING produced no row");
+		const previewText = typeof outboundContent === "string" ? outboundContent.trim() : "";
+		await applyAfterFanOut(tx, {
+			chatId,
+			messageId: msg.id,
+			senderId,
+			mentionedAgentIds: mergedMentions,
+			contentPreview: previewText,
+			messageCreatedAt: msg.createdAt
+		});
 		return {
 			message: msg,
 			recipients,
@@ -11665,6 +12152,7 @@ async function sendMessageInner(db, chatId, senderId, data, options) {
 			agentId: txResult.recipientAgentIds[i]
 		}, "predictive session activation failed");
 	}
+	fireChatMessageKick(chatId, txResult.message.id);
 	return {
 		message: txResult.message,
 		recipients: txResult.recipients
@@ -11726,15 +12214,24 @@ const INBOX_CHANNEL = "inbox_notifications";
 const CONFIG_CHANNEL = "config_changes";
 const SESSION_STATE_CHANNEL = "session_state_changes";
 const RUNTIME_STATE_CHANNEL = "runtime_state_changes";
+/**
+* Chat-first workspace cross-process kick. Carries `<chatId>:<messageId>`.
+* Lets admin WS sockets translate every chat message (speaker AND watcher
+* audience) into a `chat:message` frame, without being coupled to the
+* inbox NOTIFY path that only reaches speakers.
+*/
+const CHAT_MESSAGE_CHANNEL = "chat_message_events";
 function createNotifier(listenClient) {
 	const subscriptions = /* @__PURE__ */ new Map();
 	const configChangeHandlers = [];
 	const sessionStateChangeHandlers = [];
 	const runtimeStateChangeHandlers = [];
+	const chatMessageHandlers = [];
 	let unlistenInboxFn = null;
 	let unlistenConfigFn = null;
 	let unlistenSessionStateFn = null;
 	let unlistenRuntimeStateFn = null;
+	let unlistenChatMessageFn = null;
 	function handleNotification(payload) {
 		const sepIdx = payload.indexOf(":");
 		if (sepIdx === -1) return;
@@ -11789,6 +12286,11 @@ function createNotifier(listenClient) {
 				await listenClient`SELECT pg_notify(${RUNTIME_STATE_CHANNEL}, ${`${agentId}:${state}:${organizationId}`})`;
 			} catch {}
 		},
+		async notifyChatMessage(chatId, messageId) {
+			try {
+				await listenClient`SELECT pg_notify(${CHAT_MESSAGE_CHANNEL}, ${`${chatId}:${messageId}`})`;
+			} catch {}
+		},
 		async pushFrameToInbox(inboxId, frame) {
 			const map = subscriptions.get(inboxId);
 			if (!map) return 0;
@@ -11815,6 +12317,9 @@ function createNotifier(listenClient) {
 		onRuntimeStateChange(handler) {
 			runtimeStateChangeHandlers.push(handler);
 		},
+		onChatMessage(handler) {
+			chatMessageHandlers.push(handler);
+		},
 		async start() {
 			unlistenInboxFn = (await listenClient.listen(INBOX_CHANNEL, (payload) => {
 				if (payload) handleNotification(payload);
@@ -11857,6 +12362,19 @@ function createNotifier(listenClient) {
 					}
 				}
 			})).unlisten;
+			unlistenChatMessageFn = (await listenClient.listen(CHAT_MESSAGE_CHANNEL, (payload) => {
+				if (!payload) return;
+				const sep = payload.indexOf(":");
+				if (sep <= 0) return;
+				const chatId = payload.slice(0, sep);
+				const messageId = payload.slice(sep + 1);
+				for (const handler of chatMessageHandlers) try {
+					handler({
+						chatId,
+						messageId
+					});
+				} catch {}
+			})).unlisten;
 		},
 		async stop() {
 			if (unlistenInboxFn) {
@@ -11875,6 +12393,10 @@ function createNotifier(listenClient) {
 				await unlistenRuntimeStateFn();
 				unlistenRuntimeStateFn = null;
 			}
+			if (unlistenChatMessageFn) {
+				await unlistenChatMessageFn();
+				unlistenChatMessageFn = null;
+			}
 		}
 	};
 }
@@ -12317,101 +12839,640 @@ async function collectTargetInboxes(db, chatId, inReplyTo) {
 	}
 	return [...set];
 }
-async function adminChatRoutes(app) {
-	/** List all chats in org (admin-only, for audit). Members should use GET /mine. */
-	app.get("/", { preHandler: requireAdminRoleHook() }, async (request) => {
-		const query = paginationQuerySchema.parse(request.query);
-		const rawQuery = request.query;
-		const orgParam = rawQuery.organizationId ?? rawQuery.org;
-		let orgId;
-		if (orgParam) orgId = (await resolveOrganization(app.db, orgParam)).id;
-		else orgId = await resolveDefaultOrgId(app.db);
-		const conditions = [eq(chats.organizationId, orgId)];
-		if (query.cursor) conditions.push(lt(chats.createdAt, new Date(query.cursor)));
-		const where = and(...conditions);
-		const rows = await app.db.select({
-			id: chats.id,
-			organizationId: chats.organizationId,
-			type: chats.type,
-			topic: chats.topic,
-			lifecyclePolicy: chats.lifecyclePolicy,
-			metadata: chats.metadata,
-			createdAt: chats.createdAt,
-			updatedAt: chats.updatedAt,
-			participantCount: sql`(
-          SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id}
-        )`
-		}).from(chats).where(where).orderBy(desc(chats.createdAt)).limit(query.limit + 1);
-		const hasMore = rows.length > query.limit;
-		const items = hasMore ? rows.slice(0, query.limit) : rows;
-		const last = items[items.length - 1];
-		const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
-		return {
-			items: items.map((c) => ({
-				id: c.id,
-				organizationId: c.organizationId,
-				type: c.type,
-				topic: c.topic,
-				lifecyclePolicy: c.lifecyclePolicy,
-				metadata: c.metadata,
-				participantCount: c.participantCount,
-				createdAt: c.createdAt.toISOString(),
-				updatedAt: c.updatedAt.toISOString()
-			})),
-			nextCursor
-		};
-	});
-	/** Get chat detail with participants (requires participation or supervision) */
-	app.get("/:chatId", async (request) => {
-		const { chatId } = request.params;
-		const scope = memberScope(request);
-		await assertChatAccess(app.db, scope, chatId);
-		const [chat] = await app.db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
-		if (!chat) throw new Error("Unexpected: chat missing after access check");
-		const participants = await app.db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-		return {
-			...chat,
-			createdAt: chat.createdAt.toISOString(),
-			updatedAt: chat.updatedAt.toISOString(),
-			participants: participants.map((p) => ({
-				agentId: p.agentId,
-				role: p.role,
-				mode: p.mode,
-				joinedAt: p.joinedAt.toISOString()
-			}))
-		};
-	});
-	/** Rename (or clear) a chat's topic. Requires participation or supervision — same gate as reading it. */
-	app.patch("/:chatId", async (request) => {
-		const { chatId } = request.params;
-		const scope = memberScope(request);
-		await assertChatAccess(app.db, scope, chatId);
-		const body = updateChatSchema.parse(request.body);
-		const nextTopic = body.topic && body.topic.length > 0 ? body.topic : null;
-		const [updated] = await app.db.update(chats).set({
-			topic: nextTopic,
-			updatedAt: /* @__PURE__ */ new Date()
-		}).where(eq(chats.id, chatId)).returning();
-		if (!updated) throw new Error("Unexpected: chat missing after update");
-		return {
-			...updated,
-			createdAt: updated.createdAt.toISOString(),
-			updatedAt: updated.updatedAt.toISOString()
-		};
-	});
-	/** List messages in a chat with delivery status (requires participation or supervision) */
-	app.get("/:chatId/messages", async (request) => {
-		const { chatId } = request.params;
-		const scope = memberScope(request);
-		await assertChatAccess(app.db, scope, chatId);
-		const query = paginationQuerySchema.parse(request.query);
-		const where = query.cursor ? and(eq(messages.chatId, chatId), lt(messages.createdAt, new Date(query.cursor))) : eq(messages.chatId, chatId);
-		const rows = await app.db.select({
-			id: messages.id,
-			chatId: messages.chatId,
-			senderId: messages.senderId,
-			format: messages.format,
-			content: messages.content,
+/** Extract a plain-text summary from a message's JSONB content field.
+*  Used as the auto-title fallback in chat list rendering — see
+*  `me-chat.ts:resolveChatTitle` and `admin/chats.ts:getChat`.
+*
+*  - `@<name>` mention tokens are stripped before truncation: in the
+*    chat-first model they're routing/audience metadata, not part of
+*    the user's intent. Leaving them in produces noisy titles like
+*    "@hub-agent-01 帮我重构这个文件" or "你好 @hub-agent-02 看看".
+*  - Whitespace runs (including those left behind by mention removal)
+*    collapse to single spaces.
+*  - If the cleaned text is empty (e.g., a message that's only
+*    `@hub-agent-01`), returns null so the caller falls through to
+*    the participant-join fallback.
+*  - Slicing is code-point-aware (`Array.from + join`) so emoji /
+*    surrogate pairs aren't split into garbled half-characters. */
+function extractSummary(content, maxLen = 50) {
+	let text = "";
+	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
+	else if (typeof content === "string") text = content;
+	if (!text) return null;
+	const cleaned = stripCode(text).replace(MENTION_REGEX, "").replace(/\s+/g, " ").trim();
+	if (!cleaned) return null;
+	return Array.from(cleaned).slice(0, maxLen).join("");
+}
+/** List sessions for a specific agent, with optional state filters. */
+async function listAgentSessions(db, agentId, filters) {
+	const conditions = [eq(agentChatSessions.agentId, agentId)];
+	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
+	else conditions.push(ne(agentChatSessions.state, "evicted"));
+	const rows = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
+	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
+	const agentRuntimeState = presence?.runtimeState ?? null;
+	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
+	const chatIds = rows.map((r) => r.chatId);
+	const messageCounts = chatIds.length > 0 ? await db.select({
+		chatId: inboxEntries.chatId,
+		count: sql`count(*)::int`
+	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
+	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
+	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const summaryMap = /* @__PURE__ */ new Map();
+	for (const row of firstMessages) {
+		const summary = extractSummary(row.content);
+		if (summary) summaryMap.set(row.chatId, summary);
+	}
+	return rows.map((r) => ({
+		agentId: r.agentId,
+		chatId: r.chatId,
+		state: r.state,
+		runtimeState: agentRuntimeState,
+		startedAt: r.chatCreatedAt.toISOString(),
+		lastActivityAt: r.updatedAt.toISOString(),
+		messageCount: countMap.get(r.chatId) ?? 0,
+		summary: summaryMap.get(r.chatId) ?? null,
+		topic: r.chatTopic ?? null
+	}));
+}
+/** Get a single session's detail. */
+async function getSession(db, agentId, chatId) {
+	const [row] = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
+	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
+	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
+	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
+	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
+	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
+	return {
+		agentId: row.agentId,
+		chatId: row.chatId,
+		state: row.state,
+		runtimeState: presence?.runtimeState ?? null,
+		startedAt: row.chatCreatedAt.toISOString(),
+		lastActivityAt: row.updatedAt.toISOString(),
+		messageCount: countRow?.count ?? 0,
+		summary,
+		topic: row.chatTopic ?? null
+	};
+}
+/** List all sessions across all agents, with pagination. Scoped to organization. */
+async function listAllSessions(db, limit, cursor, filters) {
+	const conditions = [];
+	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
+	else conditions.push(ne(agentChatSessions.state, "evicted"));
+	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
+	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
+	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
+	const rows = await db.select({
+		agentId: agentChatSessions.agentId,
+		chatId: agentChatSessions.chatId,
+		state: agentChatSessions.state,
+		updatedAt: agentChatSessions.updatedAt,
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
+	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
+	const hasMore = rows.length > limit;
+	const items = hasMore ? rows.slice(0, limit) : rows;
+	const agentIds = [...new Set(items.map((r) => r.agentId))];
+	const presenceRows = agentIds.length > 0 ? await db.select({
+		agentId: agentPresence.agentId,
+		runtimeState: agentPresence.runtimeState
+	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
+	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
+	const chatIds = [...new Set(items.map((r) => r.chatId))];
+	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const summaryMap = /* @__PURE__ */ new Map();
+	for (const row of firstMessages) {
+		const summary = extractSummary(row.content);
+		if (summary) summaryMap.set(row.chatId, summary);
+	}
+	const last = items[items.length - 1];
+	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
+	return {
+		items: items.map((r) => ({
+			agentId: r.agentId,
+			chatId: r.chatId,
+			state: r.state,
+			runtimeState: runtimeMap.get(r.agentId) ?? null,
+			startedAt: r.chatCreatedAt.toISOString(),
+			lastActivityAt: r.updatedAt.toISOString(),
+			messageCount: 0,
+			summary: summaryMap.get(r.chatId) ?? null,
+			topic: r.chatTopic ?? null
+		})),
+		nextCursor
+	};
+}
+/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
+async function suspendSession(db, agentId, chatId, organizationId, notifier) {
+	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
+}
+/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
+async function archiveSession(db, agentId, chatId, organizationId, notifier) {
+	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
+}
+async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
+	const now = /* @__PURE__ */ new Date();
+	let finalState = null;
+	let transitioned = false;
+	await db.transaction(async (tx) => {
+		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
+		if (!existing) return;
+		const current = existing.state;
+		finalState = current;
+		if (!from.includes(current)) return;
+		await tx.update(agentChatSessions).set({
+			state: target,
+			updatedAt: now
+		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
+		const [counts] = await tx.select({
+			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
+			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
+		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
+		await tx.update(agentPresence).set({
+			activeSessions: counts?.active ?? 0,
+			totalSessions: counts?.total ?? 0,
+			lastSeenAt: now
+		}).where(eq(agentPresence.agentId, agentId));
+		finalState = target;
+		transitioned = true;
+	});
+	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
+	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
+	return {
+		state: finalState,
+		transitioned
+	};
+}
+/**
+* Filter sessions to only those where the given agent is also a participant in the chat.
+* Used when a non-manager views sessions of an org-visible agent — they should only see
+* sessions for chats they participate in.
+*/
+async function filterSessionsByParticipant(db, sessions, participantAgentId) {
+	if (sessions.length === 0) return [];
+	const chatIds = sessions.map((s) => s.chatId);
+	const participantRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(inArray(chatParticipants.chatId, chatIds), eq(chatParticipants.agentId, participantAgentId)));
+	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
+	return sessions.filter((s) => allowedChatIds.has(s.chatId));
+}
+/**
+* Member-facing chat service backing `/me/chats*` endpoints (chat-first
+* workspace).
+*
+* Responsibilities:
+*   - Cursor-paginated conversation list across participant + watcher rows
+*     for the caller's human agent.
+*   - Create a new chat (no dedupe, runs `recomputeChatWatchers` after).
+*   - Add participants (idempotent, runs `recomputeChatWatchers` after).
+*   - Mark-read (touches whichever of the two tables holds the user's row).
+*   - Join → state-carry watcher → speaker (delegates to `watcher.ts`).
+*   - Leave → state-carry speaker → watcher (delegates to `watcher.ts`).
+*
+* See docs/chat-first-workspace-product-design.md "API Contract" + "Data
+* Model".
+*/
+function encodeCursor(lastMessageAt, chatId) {
+	const payload = `${lastMessageAt ? lastMessageAt.toISOString() : ""}|${chatId}`;
+	return Buffer.from(payload, "utf8").toString("base64url");
+}
+function decodeCursor(cursor) {
+	try {
+		const decoded = Buffer.from(cursor, "base64url").toString("utf8");
+		const sep = decoded.indexOf("|");
+		if (sep < 0) return null;
+		const tsPart = decoded.slice(0, sep);
+		const chatId = decoded.slice(sep + 1);
+		if (!chatId) return null;
+		const lastMessageAt = tsPart.length > 0 ? new Date(tsPart) : null;
+		if (lastMessageAt && Number.isNaN(lastMessageAt.getTime())) return null;
+		return {
+			lastMessageAt,
+			chatId
+		};
+	} catch {
+		return null;
+	}
+}
+/**
+* GET /me/chats — cursor-paginated conversation list.
+*
+* SQL strategy:
+*   - One query that UNIONs participant rows and subscription rows for the
+*     caller's human agent, joined to chats. The UNION+coalesce keeps both
+*     `unread_mention_count` and `membership_kind` per row.
+*   - Filter `parent_chat_id IS NULL` (threads are excluded in v1).
+*   - Sort `(last_message_at DESC NULLS LAST, chat_id DESC)`.
+*   - Cursor narrows the result to rows STRICTLY before `(cursor.ts, cursor.id)`.
+*   - Followed by a small participant-list lookup for the page only.
+*/
+async function listMeChats(db, humanAgentId, query) {
+	const limit = query.limit;
+	const cursor = query.cursor ? decodeCursor(query.cursor) : null;
+	if (query.cursor && !cursor) throw new BadRequestError("Invalid cursor");
+	const filterUnreadOnly = query.filter === "unread";
+	const filterWatchingOnly = query.filter === "watching";
+	const cursorTsIso = cursor?.lastMessageAt ? cursor.lastMessageAt.toISOString() : null;
+	const cursorPredicate = !cursor ? sql`TRUE` : cursor.lastMessageAt === null ? sql`(c.last_message_at IS NULL AND c.id < ${cursor.chatId})` : sql`(c.last_message_at IS NULL
+             OR c.last_message_at < ${cursorTsIso}::timestamptz
+             OR (c.last_message_at = ${cursorTsIso}::timestamptz AND c.id < ${cursor.chatId}))`;
+	const rawRows = await db.execute(sql`
+    WITH membership AS (
+      SELECT chat_id, 'participant'::text AS membership_kind, unread_mention_count
+        FROM chat_participants
+       WHERE agent_id = ${humanAgentId}
+      UNION ALL
+      SELECT chat_id, 'watching'::text   AS membership_kind, unread_mention_count
+        FROM chat_subscriptions
+       WHERE agent_id = ${humanAgentId}
+    ),
+    /* Resolve duplicates (should not happen post-invariant-1, but cheap) by
+       preferring the participant row. */
+    deduped AS (
+      SELECT DISTINCT ON (chat_id)
+        chat_id, membership_kind, unread_mention_count
+        FROM membership
+        ORDER BY chat_id, CASE WHEN membership_kind = 'participant' THEN 0 ELSE 1 END
+    )
+    SELECT
+      c.id                  AS chat_id,
+      c.type                AS type,
+      c.topic               AS topic,
+      c.parent_chat_id      AS parent_chat_id,
+      c.last_message_at     AS last_message_at,
+      c.last_message_preview AS last_message_preview,
+      (SELECT count(*) FROM chat_participants WHERE chat_id = c.id) AS participant_count,
+      d.membership_kind     AS membership_kind,
+      d.unread_mention_count AS unread_mention_count
+      FROM chats c
+      JOIN deduped d ON d.chat_id = c.id
+     WHERE c.parent_chat_id IS NULL
+       /* Filter: unread / watching */
+       AND (${!filterUnreadOnly}::bool OR d.unread_mention_count > 0)
+       AND (${!filterWatchingOnly}::bool OR d.membership_kind = 'watching')
+       AND ${cursorPredicate}
+     ORDER BY c.last_message_at DESC NULLS LAST, c.id DESC
+     LIMIT ${limit + 1}
+  `);
+	const toDate = (v) => {
+		if (v === null) return null;
+		return v instanceof Date ? v : new Date(v);
+	};
+	const hasMore = rawRows.length > limit;
+	const pageRaw = hasMore ? rawRows.slice(0, limit) : rawRows;
+	const last = pageRaw[pageRaw.length - 1];
+	const nextCursor = hasMore && last ? encodeCursor(toDate(last.last_message_at), last.chat_id) : null;
+	if (pageRaw.length === 0) return {
+		rows: [],
+		nextCursor: null
+	};
+	const chatIds = pageRaw.map((r) => r.chat_id);
+	const participantRows = await db.select({
+		chatId: chatParticipants.chatId,
+		agentId: chatParticipants.agentId,
+		displayName: agents.displayName,
+		type: agents.type
+	}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(inArray(chatParticipants.chatId, chatIds));
+	const participantsByChat = /* @__PURE__ */ new Map();
+	for (const p of participantRows) {
+		const list = participantsByChat.get(p.chatId) ?? [];
+		list.push({
+			agentId: p.agentId,
+			displayName: p.displayName,
+			type: p.type
+		});
+		participantsByChat.set(p.chatId, list);
+	}
+	const firstMessageRows = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const firstMessageSummary = /* @__PURE__ */ new Map();
+	for (const row of firstMessageRows) {
+		const s = extractSummary(row.content);
+		if (s) firstMessageSummary.set(row.chatId, s);
+	}
+	return {
+		rows: pageRaw.map((r) => {
+			const participants = participantsByChat.get(r.chat_id) ?? [];
+			const title = resolveChatTitle(r.topic, firstMessageSummary.get(r.chat_id) ?? null, participants, humanAgentId);
+			return {
+				chatId: r.chat_id,
+				type: r.type,
+				membershipKind: r.membership_kind,
+				title,
+				topic: r.topic,
+				participants,
+				participantCount: Number(r.participant_count),
+				lastMessageAt: toDate(r.last_message_at)?.toISOString() ?? null,
+				lastMessagePreview: r.last_message_preview,
+				unreadMentionCount: r.unread_mention_count,
+				canReply: r.membership_kind === "participant",
+				taskId: null,
+				taskStatus: null
+			};
+		}),
+		nextCursor
+	};
+}
+/**
+* Title resolution priority:
+*
+*   1. `chat.topic` (manual, set via `PATCH /admin/chats/:id`)
+*   2. First message summary (auto, ≤ 50 chars from `extractSummary`)
+*   3. Participant join (fallback when chat has no messages yet)
+*
+* The first-message fallback is the chat-first equivalent of how
+* ChatGPT / Claude.ai name conversations from the user's opening
+* prompt — gives same-agent multi-chats distinct identities and
+* removes the "title duplicates participants chip row" anti-pattern.
+*/
+function resolveChatTitle(topic, firstMessageSummary, participants, selfAgentId) {
+	if (topic && topic.length > 0) return topic;
+	if (firstMessageSummary && firstMessageSummary.length > 0) return firstMessageSummary;
+	const others = participants.filter((p) => p.agentId !== selfAgentId);
+	if (others.length === 0) return "Empty chat";
+	if (others.length <= 3) return others.map((p) => p.displayName).join(", ");
+	return `${others[0]?.displayName}, ${others[1]?.displayName} +${others.length - 2}`;
+}
+async function createMeChat(db, humanAgentId, organizationId, body) {
+	const distinctIds = [...new Set(body.participantIds)].filter((id) => id !== humanAgentId);
+	if (distinctIds.length === 0) throw new BadRequestError("At least one non-self participant required");
+	const allIds = [humanAgentId, ...distinctIds];
+	const found = await db.select({
+		uuid: agents.uuid,
+		organizationId: agents.organizationId,
+		type: agents.type
+	}).from(agents).where(inArray(agents.uuid, allIds));
+	if (found.length !== allIds.length) {
+		const foundSet = new Set(found.map((a) => a.uuid));
+		throw new BadRequestError(`Agents not found: ${allIds.filter((id) => !foundSet.has(id)).join(", ")}`);
+	}
+	const crossOrg = found.filter((a) => a.organizationId !== organizationId);
+	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.uuid).join(", ")}`);
+	const chatType = distinctIds.length === 1 ? "direct" : "group";
+	const isDirectAgentOnly = chatType === "direct" && found.every((a) => a.type !== "human");
+	const chatId = randomUUID();
+	const topic = body.topic ?? null;
+	await db.transaction(async (tx) => {
+		await tx.insert(chats).values({
+			id: chatId,
+			organizationId,
+			type: chatType,
+			topic
+		});
+		await tx.insert(chatParticipants).values(allIds.map((agentId) => ({
+			chatId,
+			agentId,
+			role: agentId === humanAgentId ? "owner" : "member",
+			...isDirectAgentOnly ? { mode: "mention_only" } : {}
+		})));
+		await recomputeChatWatchers(tx, chatId);
+	});
+	invalidateChatAudience(chatId);
+	return { chatId };
+}
+async function addMeChatParticipants(db, chatId, callerHumanAgentId, callerOrganizationId, body) {
+	const distinct = [...new Set(body.participantIds)];
+	if (distinct.length === 0) throw new BadRequestError("At least one participant required");
+	const [chat] = await db.select({
+		id: chats.id,
+		organizationId: chats.organizationId,
+		type: chats.type
+	}).from(chats).where(eq(chats.id, chatId)).limit(1);
+	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
+	if (chat.organizationId !== callerOrganizationId) throw new NotFoundError(`Chat "${chatId}" not found`);
+	const [callerRow] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, callerHumanAgentId))).limit(1);
+	if (!callerRow) throw new NotFoundError(`Chat "${chatId}" not found`);
+	const found = await db.select({
+		uuid: agents.uuid,
+		organizationId: agents.organizationId,
+		type: agents.type
+	}).from(agents).where(inArray(agents.uuid, distinct));
+	if (found.length !== distinct.length) {
+		const foundSet = new Set(found.map((a) => a.uuid));
+		throw new BadRequestError(`Agents not found: ${distinct.filter((id) => !foundSet.has(id)).join(", ")}`);
+	}
+	const crossOrg = found.filter((a) => a.organizationId !== chat.organizationId);
+	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization participant rejected: ${crossOrg.map((a) => a.uuid).join(", ")}`);
+	await db.transaction(async (tx) => {
+		const existing = await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
+		const existingSet = new Set(existing.map((e) => e.agentId));
+		const toInsert = distinct.filter((id) => !existingSet.has(id));
+		if (toInsert.length === 0) {
+			await recomputeChatWatchers(tx, chatId);
+			return;
+		}
+		const isUpgradingToGroup = existing.length + toInsert.length >= 3 && chat.type === "direct";
+		const isAlreadyGroup = chat.type === "group";
+		const isGroupAfter = isUpgradingToGroup || isAlreadyGroup;
+		if (isUpgradingToGroup) {
+			await tx.update(chats).set({
+				type: "group",
+				updatedAt: /* @__PURE__ */ new Date()
+			}).where(eq(chats.id, chatId));
+			const nonHumanIds = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existing.map((e) => e.agentId)), sql`${agents.type} <> 'human'`))).map((a) => a.uuid);
+			if (nonHumanIds.length > 0) await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, nonHumanIds)));
+		}
+		const carriedRows = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, toInsert))).returning({
+			agentId: chatSubscriptions.agentId,
+			lastReadAt: chatSubscriptions.lastReadAt,
+			unreadMentionCount: chatSubscriptions.unreadMentionCount
+		});
+		const carriedByAgent = new Map(carriedRows.map((r) => [r.agentId, r]));
+		const typeByAgent = new Map(found.map((a) => [a.uuid, a.type]));
+		await tx.insert(chatParticipants).values(toInsert.map((agentId) => {
+			const agentType = typeByAgent.get(agentId);
+			const mode = isGroupAfter && agentType !== "human" ? "mention_only" : "full";
+			const carried = carriedByAgent.get(agentId);
+			return {
+				chatId,
+				agentId,
+				role: "member",
+				mode,
+				lastReadAt: carried?.lastReadAt ?? null,
+				unreadMentionCount: carried?.unreadMentionCount ?? 0
+			};
+		})).onConflictDoNothing();
+		await recomputeChatWatchers(tx, chatId);
+	});
+	invalidateChatAudience(chatId);
+}
+async function markMeChatRead(db, chatId, humanAgentId) {
+	const now = /* @__PURE__ */ new Date();
+	await db.update(chatParticipants).set({
+		lastReadAt: now,
+		unreadMentionCount: 0
+	}).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId)));
+	await db.update(chatSubscriptions).set({
+		lastReadAt: now,
+		unreadMentionCount: 0
+	}).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId)));
+	return {
+		chatId,
+		lastReadAt: now.toISOString(),
+		unreadMentionCount: 0
+	};
+}
+async function joinMeChat(db, chatId, humanAgentId) {
+	ensureCanJoin(await resolveChatMembership(db, chatId, humanAgentId));
+	await joinAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
+}
+async function leaveMeChat(db, chatId, humanAgentId) {
+	const result = await leaveAsParticipant(db, chatId, humanAgentId);
+	invalidateChatAudience(chatId);
+	return result;
+}
+async function adminChatRoutes(app) {
+	/** List all chats in org (admin-only, for audit). Members should use GET /mine. */
+	app.get("/", { preHandler: requireAdminRoleHook() }, async (request) => {
+		const query = paginationQuerySchema.parse(request.query);
+		const rawQuery = request.query;
+		const orgParam = rawQuery.organizationId ?? rawQuery.org;
+		let orgId;
+		if (orgParam) orgId = (await resolveOrganization(app.db, orgParam)).id;
+		else orgId = await resolveDefaultOrgId(app.db);
+		const conditions = [eq(chats.organizationId, orgId)];
+		if (query.cursor) conditions.push(lt(chats.createdAt, new Date(query.cursor)));
+		const where = and(...conditions);
+		const rows = await app.db.select({
+			id: chats.id,
+			organizationId: chats.organizationId,
+			type: chats.type,
+			topic: chats.topic,
+			lifecyclePolicy: chats.lifecyclePolicy,
+			metadata: chats.metadata,
+			createdAt: chats.createdAt,
+			updatedAt: chats.updatedAt,
+			participantCount: sql`(
+          SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id}
+        )`
+		}).from(chats).where(where).orderBy(desc(chats.createdAt)).limit(query.limit + 1);
+		const hasMore = rows.length > query.limit;
+		const items = hasMore ? rows.slice(0, query.limit) : rows;
+		const last = items[items.length - 1];
+		const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
+		return {
+			items: items.map((c) => ({
+				id: c.id,
+				organizationId: c.organizationId,
+				type: c.type,
+				topic: c.topic,
+				lifecyclePolicy: c.lifecyclePolicy,
+				metadata: c.metadata,
+				participantCount: c.participantCount,
+				createdAt: c.createdAt.toISOString(),
+				updatedAt: c.updatedAt.toISOString()
+			})),
+			nextCursor
+		};
+	});
+	/** Get chat detail with participants (requires participation or supervision).
+	*
+	*  Response includes a server-resolved `title` and `firstMessagePreview`
+	*  so the chat-view header can mirror the conversation list's title
+	*  fallback chain (`topic > first message summary > participant join`)
+	*  without re-implementing it client-side. The `firstMessagePreview`
+	*  is exposed alongside the resolved title so the client can also use
+	*  it for tooltips / debugging — the resolved `title` should be the
+	*  default render target. */
+	app.get("/:chatId", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await assertChatAccess(app.db, scope, chatId);
+		const [chat] = await app.db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
+		if (!chat) throw new Error("Unexpected: chat missing after access check");
+		const participants = await app.db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
+		const firstMsgRows = await app.db.execute(sql`
+      SELECT content FROM messages
+       WHERE chat_id = ${chatId}
+       ORDER BY created_at ASC
+       LIMIT 1
+    `);
+		const firstMessagePreview = firstMsgRows[0] ? extractSummary(firstMsgRows[0].content) : null;
+		const participantAgentIds = participants.map((p) => p.agentId);
+		const agentRows = participantAgentIds.length > 0 ? await app.db.select({
+			agentId: agents.uuid,
+			displayName: agents.displayName,
+			type: agents.type
+		}).from(agents).where(inArray(agents.uuid, participantAgentIds)) : [];
+		const agentMeta = new Map(agentRows.map((a) => [a.agentId, a]));
+		const participantsForTitle = participants.map((p) => {
+			const meta = agentMeta.get(p.agentId);
+			return {
+				agentId: p.agentId,
+				displayName: meta?.displayName ?? p.agentId,
+				type: meta?.type ?? "unknown"
+			};
+		});
+		const title = resolveChatTitle(chat.topic, firstMessagePreview, participantsForTitle, scope.humanAgentId);
+		return {
+			...chat,
+			title,
+			firstMessagePreview,
+			createdAt: chat.createdAt.toISOString(),
+			updatedAt: chat.updatedAt.toISOString(),
+			participants: participants.map((p) => ({
+				agentId: p.agentId,
+				role: p.role,
+				mode: p.mode,
+				joinedAt: p.joinedAt.toISOString()
+			}))
+		};
+	});
+	/** Rename (or clear) a chat's topic. Requires participation or supervision — same gate as reading it. */
+	app.patch("/:chatId", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await assertChatAccess(app.db, scope, chatId);
+		const body = updateChatSchema.parse(request.body);
+		const nextTopic = body.topic && body.topic.length > 0 ? body.topic : null;
+		const [updated] = await app.db.update(chats).set({
+			topic: nextTopic,
+			updatedAt: /* @__PURE__ */ new Date()
+		}).where(eq(chats.id, chatId)).returning();
+		if (!updated) throw new Error("Unexpected: chat missing after update");
+		return {
+			...updated,
+			createdAt: updated.createdAt.toISOString(),
+			updatedAt: updated.updatedAt.toISOString()
+		};
+	});
+	/** List messages in a chat with delivery status (requires participation or supervision) */
+	app.get("/:chatId/messages", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await assertChatAccess(app.db, scope, chatId);
+		const query = paginationQuerySchema.parse(request.query);
+		const where = query.cursor ? and(eq(messages.chatId, chatId), lt(messages.createdAt, new Date(query.cursor))) : eq(messages.chatId, chatId);
+		const rows = await app.db.select({
+			id: messages.id,
+			chatId: messages.chatId,
+			senderId: messages.senderId,
+			format: messages.format,
+			content: messages.content,
 			metadata: messages.metadata,
 			replyToInbox: messages.replyToInbox,
 			replyToChat: messages.replyToChat,
@@ -13147,189 +14208,6 @@ async function adminOverviewRoutes(app) {
 		};
 	});
 }
-const SUMMARY_MAX_LENGTH = 50;
-/** Extract a plain-text summary from a message's JSONB content field. */
-function extractSummary(content, maxLen = SUMMARY_MAX_LENGTH) {
-	let text = "";
-	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
-	else if (typeof content === "string") text = content;
-	if (!text) return null;
-	return Array.from(text).slice(0, maxLen).join("");
-}
-/** List sessions for a specific agent, with optional state filters. */
-async function listAgentSessions(db, agentId, filters) {
-	const conditions = [eq(agentChatSessions.agentId, agentId)];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const agentRuntimeState = presence?.runtimeState ?? null;
-	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
-	const chatIds = rows.map((r) => r.chatId);
-	const messageCounts = chatIds.length > 0 ? await db.select({
-		chatId: inboxEntries.chatId,
-		count: sql`count(*)::int`
-	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
-	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	return rows.map((r) => ({
-		agentId: r.agentId,
-		chatId: r.chatId,
-		state: r.state,
-		runtimeState: agentRuntimeState,
-		startedAt: r.chatCreatedAt.toISOString(),
-		lastActivityAt: r.updatedAt.toISOString(),
-		messageCount: countMap.get(r.chatId) ?? 0,
-		summary: summaryMap.get(r.chatId) ?? null,
-		topic: r.chatTopic ?? null
-	}));
-}
-/** Get a single session's detail. */
-async function getSession(db, agentId, chatId) {
-	const [row] = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
-	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
-	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
-	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
-	return {
-		agentId: row.agentId,
-		chatId: row.chatId,
-		state: row.state,
-		runtimeState: presence?.runtimeState ?? null,
-		startedAt: row.chatCreatedAt.toISOString(),
-		lastActivityAt: row.updatedAt.toISOString(),
-		messageCount: countRow?.count ?? 0,
-		summary,
-		topic: row.chatTopic ?? null
-	};
-}
-/** List all sessions across all agents, with pagination. Scoped to organization. */
-async function listAllSessions(db, limit, cursor, filters) {
-	const conditions = [];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
-	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
-	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const agentIds = [...new Set(items.map((r) => r.agentId))];
-	const presenceRows = agentIds.length > 0 ? await db.select({
-		agentId: agentPresence.agentId,
-		runtimeState: agentPresence.runtimeState
-	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
-	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
-	const chatIds = [...new Set(items.map((r) => r.chatId))];
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	const last = items[items.length - 1];
-	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
-	return {
-		items: items.map((r) => ({
-			agentId: r.agentId,
-			chatId: r.chatId,
-			state: r.state,
-			runtimeState: runtimeMap.get(r.agentId) ?? null,
-			startedAt: r.chatCreatedAt.toISOString(),
-			lastActivityAt: r.updatedAt.toISOString(),
-			messageCount: 0,
-			summary: summaryMap.get(r.chatId) ?? null,
-			topic: r.chatTopic ?? null
-		})),
-		nextCursor
-	};
-}
-/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
-async function suspendSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
-}
-/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
-async function archiveSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
-}
-async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
-	const now = /* @__PURE__ */ new Date();
-	let finalState = null;
-	let transitioned = false;
-	await db.transaction(async (tx) => {
-		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
-		if (!existing) return;
-		const current = existing.state;
-		finalState = current;
-		if (!from.includes(current)) return;
-		await tx.update(agentChatSessions).set({
-			state: target,
-			updatedAt: now
-		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		await tx.update(agentPresence).set({
-			activeSessions: counts?.active ?? 0,
-			totalSessions: counts?.total ?? 0,
-			lastSeenAt: now
-		}).where(eq(agentPresence.agentId, agentId));
-		finalState = target;
-		transitioned = true;
-	});
-	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
-	return {
-		state: finalState,
-		transitioned
-	};
-}
-/**
-* Filter sessions to only those where the given agent is also a participant in the chat.
-* Used when a non-manager views sessions of an org-visible agent — they should only see
-* sessions for chats they participate in.
-*/
-async function filterSessionsByParticipant(db, sessions, participantAgentId) {
-	if (sessions.length === 0) return [];
-	const chatIds = sessions.map((s) => s.chatId);
-	const participantRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(inArray(chatParticipants.chatId, chatIds), eq(chatParticipants.agentId, participantAgentId)));
-	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
-	return sessions.filter((s) => allowedChatIds.has(s.chatId));
-}
 /**
 * Session events — structured event stream per (agent, chat) session.
 * `kind` is 'tool_call' | 'error'; the payload shape is enforced by the
@@ -14140,6 +15018,33 @@ function adminWsRoutes(notifier, jwtSecret) {
 			...payload
 		});
 	});
+	notifier.onChatMessage(({ chatId }) => {
+		dispatchChatMessage(chatId);
+	});
+	async function dispatchChatMessage(chatId) {
+		if (adminSockets.size === 0) return;
+		const audience = await getCachedAudience(getDbForChatLookup(), chatId);
+		if (!audience || audience.size === 0) return;
+		const frame = JSON.stringify({
+			type: "chat:message",
+			chatId
+		});
+		for (const [ws, meta] of adminSockets) {
+			if (ws.readyState !== 1) continue;
+			if (!audience.has(meta.humanAgentId)) continue;
+			try {
+				ws.send(frame);
+			} catch {}
+		}
+	}
+	let cachedDbForChatLookup = null;
+	function getDbForChatLookup() {
+		if (!cachedDbForChatLookup) throw new Error("admin WS: db not initialised yet");
+		return cachedDbForChatLookup;
+	}
+	function rememberDb(db) {
+		if (!cachedDbForChatLookup) cachedDbForChatLookup = db;
+	}
 	return async (app) => {
 		app.get("/admin", {
 			websocket: true,
@@ -14182,7 +15087,8 @@ function adminWsRoutes(notifier, jwtSecret) {
 			}
 			const [memberRow] = await app.db.select({
 				id: members.id,
-				role: members.role
+				role: members.role,
+				agentId: members.agentId
 			}).from(members).where(and(eq(members.userId, userId), eq(members.organizationId, organizationId), eq(members.status, "active"))).limit(1);
 			if (!memberRow) {
 				socket.send(JSON.stringify({
@@ -14198,10 +15104,14 @@ function adminWsRoutes(notifier, jwtSecret) {
 				organizationId,
 				memberId
 			});
+			rememberDb(app.db);
 			const visibleAgentIds = await loadVisibleAgentIds(app.db, organizationId, memberId);
+			const [humanAgentRow] = await app.db.select({ uuid: agents.uuid }).from(agents).where(eq(agents.uuid, memberRow.agentId)).limit(1);
+			const humanAgentId = humanAgentRow?.uuid ?? memberRow.agentId;
 			adminSockets.set(socket, {
 				organizationId,
 				memberId,
+				humanAgentId,
 				visibleAgentIds
 			});
 			socket.send(JSON.stringify({ type: "admin:connected" }));
@@ -15784,6 +16694,7 @@ async function ensureMembership(db, data) {
 	if (existing) {
 		if (existing.status === "left") {
 			await db.update(members).set({ status: "active" }).where(eq(members.id, existing.id));
+			await recomputeWatchersForMember(db, existing.id);
 			return {
 				...existing,
 				status: "active"
@@ -15911,11 +16822,18 @@ async function pickPrimaryMembership(db, userId) {
 * (last admin allowed to leave, leaves an orphan team) and the cleanup is
 * a v2 sweep job.
 */
+/**
+* Soft-leave an organization. Flips the member's row to `status='left'`
+* and reconciles watcher rows: `recomputeChatWatchers`'s active-member
+* predicate now drops every watcher anchored to this member, removing
+* the chats from their `/me/chats` watching list.
+*/
 async function leaveOrganization(db, memberId) {
 	const [existing] = await db.select().from(members).where(eq(members.id, memberId)).limit(1);
 	if (!existing) throw new NotFoundError(`Membership "${memberId}" not found`);
 	if (existing.status === "left") return existing;
 	await db.update(members).set({ status: "left" }).where(eq(members.id, memberId));
+	await recomputeWatchersForMember(db, memberId);
 	return {
 		...existing,
 		status: "left"
@@ -16573,7 +17491,7 @@ async function inferWizardStep(app, m) {
 * landing page.
 */
 async function publicInvitePreviewRoute(app) {
-	const { previewInvitation } = await import("./invitation-CBnQyB7o-Bulf3Sl7.mjs");
+	const { previewInvitation } = await import("./invitation-CBnQyB7o-TmnIj3kx.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -16603,7 +17521,7 @@ async function adminInvitationRoutes(app) {
 		const m = requireMember(request);
 		if (m.role !== "admin") throw new ForbiddenError("Admin role required");
 		if (request.params.id !== m.organizationId) throw new ForbiddenError("Cannot rotate invitations for another organization");
-		const { rotateInvitation } = await import("./invitation-CBnQyB7o-Bulf3Sl7.mjs");
+		const { rotateInvitation } = await import("./invitation-CBnQyB7o-TmnIj3kx.mjs");
 		const inv = await rotateInvitation(app.db, m.organizationId, m.userId);
 		return {
 			id: inv.id,
@@ -16616,6 +17534,57 @@ async function adminInvitationRoutes(app) {
 		};
 	});
 }
+/**
+* `/me/chats*` member-facing chat APIs for the chat-first workspace. Mounted
+* under the existing `memberAuth` hook.
+*
+* Auth & visibility model: every read/write here resolves through the
+* caller's human agent uuid (member.agentId). Server-side authorisation
+* keeps cross-org leakage impossible — `chats.organization_id` is verified
+* against the participant's own membership inside each service.
+*/
+async function meChatRoutes(app) {
+	/** GET /me/chats — paginated conversation list (chat-first workspace). */
+	app.get("/", async (request) => {
+		const scope = memberScope(request);
+		const query = listMeChatsQuerySchema.parse(request.query);
+		return listMeChats(app.db, scope.humanAgentId, query);
+	});
+	/** POST /me/chats — always creates a new chat (no dedupe). */
+	app.post("/", async (request, reply) => {
+		const scope = memberScope(request);
+		const body = createMeChatSchema.parse(request.body);
+		const result = await createMeChat(app.db, scope.humanAgentId, scope.organizationId, body);
+		return reply.status(201).send(result);
+	});
+	/** POST /me/chats/:chatId/read — mark the user's row read. Idempotent. */
+	app.post("/:chatId/read", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		return markMeChatRead(app.db, chatId, scope.humanAgentId);
+	});
+	/** POST /me/chats/:chatId/participants — add one or more speaking participants. Idempotent. */
+	app.post("/:chatId/participants", async (request, reply) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		const body = addMeChatParticipantsSchema.parse(request.body);
+		await addMeChatParticipants(app.db, chatId, scope.humanAgentId, scope.organizationId, body);
+		return reply.status(204).send();
+	});
+	/** POST /me/chats/:chatId/join — watcher → speaking participant. State-carry. */
+	app.post("/:chatId/join", async (request, reply) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		await joinMeChat(app.db, chatId, scope.humanAgentId);
+		return reply.status(204).send();
+	});
+	/** POST /me/chats/:chatId/leave — speaking participant → watcher (or detach). */
+	app.post("/:chatId/leave", async (request) => {
+		const { chatId } = request.params;
+		const scope = memberScope(request);
+		return leaveMeChat(app.db, chatId, scope.humanAgentId);
+	});
+}
 const SALT_ROUNDS = 10;
 /**
 * Create a member in an organization.
@@ -17254,6 +18223,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	agents: () => agents,
 	authIdentities: () => authIdentities,
 	chatParticipants: () => chatParticipants,
+	chatSubscriptions: () => chatSubscriptions,
 	chats: () => chats,
 	clients: () => clients,
 	inboxEntries: () => inboxEntries,
@@ -18598,6 +19568,10 @@ async function buildApp(config) {
 			adminApp.addHook("onRequest", memberAuth);
 			await adminApp.register(adminChatRoutes);
 		}, { prefix: "/admin/chats" });
+		await api.register(async (memberApp) => {
+			memberApp.addHook("onRequest", memberAuth);
+			await memberApp.register(meChatRoutes);
+		}, { prefix: "/me/chats" });
 		await api.register(async (adminApp) => {
 			adminApp.addHook("onRequest", memberAuth);
 			await adminApp.register(adminClientRoutes);
@@ -18704,6 +19678,13 @@ async function buildApp(config) {
 			kaelRuntime?.reload().catch((err) => hotReloadLog.error({ err }, "kael hot-reload failed (PG NOTIFY)"));
 		}
 	});
+	registerChatMessageDispatcher((chatId, messageId) => {
+		notifier.notifyChatMessage(chatId, messageId).catch((err) => createLogger$1("chat-message-kick").warn({
+			err,
+			chatId,
+			messageId
+		}, "chat:message kick failed"));
+	});
 	app.addHook("onReady", async () => {
 		await ensureDefaultOrganization(db);
 		await notifier.start();