@agent-team-foundation/first-tree-hub 0.10.3 → 0.10.4

package/dist/{saas-connect-3p-vBkuY.mjs → saas-connect-2puW1r3r.mjs}

@@ -1,8 +1,8 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DPyf745N-BSc8QNcR.mjs";
-import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue, x as resetConfigMeta } from "./bootstrap-CBAVWQUT.mjs";
-import { $ as safeRedirectPath, A as createOrgFromMeSchema, B as imageInlineContentSchema, C as clientRegisterSchema, D as createAgentSchema, E as createAdapterMappingSchema, F as dryRunAgentRuntimeConfigSchema, G as linkTaskChatSchema, H as isRedactedEnvValue, I as extractMentions, J as notificationQuerySchema, K as loginSchema, L as githubCallbackQuerySchema, M as createTaskSchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as runtimeStateMessageSchema, R as githubDevCallbackQuerySchema, S as clientCapabilitiesSchema$1, T as createAdapterConfigSchema, U as isReservedAgentName$1, V as inboxPollQuerySchema, W as joinByInvitationSchema, X as rebindAgentSchema, Y as paginationQuerySchema, Z as refreshTokenSchema, _ as adminUpdateTaskSchema, _t as updateOrganizationSchema, a as AGENT_STATUSES, at as sessionEventMessageSchema, b as agentRuntimeConfigPayloadSchema$1, bt as wsAuthFrameSchema, ct as sessionStateMessageSchema, d as TASK_HEALTH_SIGNALS, dt as updateAdapterConfigSchema, et as scanMentionTokens, f as TASK_STATUSES, ft as updateAgentRuntimeConfigSchema, g as adminCreateTaskSchema, gt as updateMemberSchema, h as addParticipantSchema, ht as updateClientCapabilitiesSchema, i as AGENT_SOURCES, it as sessionCompletionMessageSchema, j as createOrganizationSchema, k as createMemberSchema, l as SYSTEM_CONFIG_DEFAULTS, lt as switchOrgSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as updateChatSchema, n as AGENT_NAME_REGEX$1, nt as sendMessageSchema, o as AGENT_TYPES, ot as sessionEventSchema$1, p as TASK_TERMINAL_STATUSES, pt as updateAgentSchema, q as messageSourceSchema$1, r as AGENT_SELECTOR_HEADER$1, rt as sendToAgentSchema, s as AGENT_VISIBILITY, st as sessionReconcileRequestSchema, t as AGENT_BIND_REJECT_REASONS, tt as selfServiceFeishuBotSchema, u as TASK_CREATOR_TYPES, ut as taskListQuerySchema, v as agentBindRequestSchema, vt as updateSystemConfigSchema, w as connectTokenExchangeSchema, x as agentTypeSchema$1, y as agentPinnedMessageSchema$1, yt as updateTaskStatusSchema, z as githubStartQuerySchema } from "./dist-DUCelK3Z.mjs";
-import { a as ForbiddenError, c as buildInviteUrl, d as getActiveInvitation, f as invitationRedemptions, g as recordRedemption, i as ConflictError, l as ensureActiveInvitation, m as organizations, n as BadRequestError, o as NotFoundError, p as invitations, r as ClientOrgMismatchError$1, s as UnauthorizedError, t as AppError, u as findActiveByToken, v as users, y as uuidv7 } from "./invitation-C_zAhB8x-8Khychlu.mjs";
+import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue, x as resetConfigMeta } from "./bootstrap-jx5nN1qZ.mjs";
+import { $ as refreshTokenSchema, A as createOrgFromMeSchema, B as imageInlineContentSchema, C as clientRegisterSchema, D as createAgentSchema, E as createAdapterMappingSchema, F as dryRunAgentRuntimeConfigSchema, G as isReservedAgentName$1, H as inboxDeliverFrameSchema$1, I as extractMentions, J as loginSchema, K as joinByInvitationSchema, L as githubCallbackQuerySchema, M as createTaskSchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as rebindAgentSchema, R as githubDevCallbackQuerySchema, S as clientCapabilitiesSchema$1, St as wsAuthFrameSchema, T as createAdapterConfigSchema, U as inboxPollQuerySchema, V as inboxAckFrameSchema, W as isRedactedEnvValue, X as notificationQuerySchema, Y as messageSourceSchema$1, Z as paginationQuerySchema, _ as adminUpdateTaskSchema, _t as updateClientCapabilitiesSchema, a as AGENT_STATUSES, at as sendToAgentSchema, b as agentRuntimeConfigPayloadSchema$1, bt as updateSystemConfigSchema, ct as sessionEventSchema$1, d as TASK_HEALTH_SIGNALS, dt as switchOrgSchema, et as runtimeStateMessageSchema, f as TASK_STATUSES, ft as taskListQuerySchema, g as adminCreateTaskSchema, gt as updateChatSchema, h as addParticipantSchema, ht as updateAgentSchema, i as AGENT_SOURCES, it as sendMessageSchema, j as createOrganizationSchema, k as createMemberSchema, l as SYSTEM_CONFIG_DEFAULTS, lt as sessionReconcileRequestSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as updateAgentRuntimeConfigSchema, n as AGENT_NAME_REGEX$1, nt as scanMentionTokens, o as AGENT_TYPES, ot as sessionCompletionMessageSchema, p as TASK_TERMINAL_STATUSES, pt as updateAdapterConfigSchema, q as linkTaskChatSchema, r as AGENT_SELECTOR_HEADER$1, rt as selfServiceFeishuBotSchema, s as AGENT_VISIBILITY, st as sessionEventMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as safeRedirectPath, u as TASK_CREATOR_TYPES, ut as sessionStateMessageSchema, v as agentBindRequestSchema, vt as updateMemberSchema, w as connectTokenExchangeSchema, x as agentTypeSchema$1, xt as updateTaskStatusSchema, y as agentPinnedMessageSchema$1, yt as updateOrganizationSchema, z as githubStartQuerySchema } from "./dist-CbX9mUVH.mjs";
+import { a as ForbiddenError, c as buildInviteUrl, d as getActiveInvitation, f as invitationRedemptions, g as recordRedemption, i as ConflictError, l as ensureActiveInvitation, m as organizations, n as BadRequestError, o as NotFoundError, p as invitations, r as ClientOrgMismatchError$1, s as UnauthorizedError, t as AppError, u as findActiveByToken, v as users, y as uuidv7 } from "./invitation-BljIolbO-DLeHfURd.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { delimiter, dirname, isAbsolute, join, resolve } from "node:path";
@@ -754,11 +754,21 @@ z.object({
 	lastSeenAt: z.string(),
 	metadata: z.record(z.string(), z.unknown()).nullable()
 });
+/**
+* Optional opt-in flags the client carries on `client:register` to advertise
+* which negotiable wire-protocol features it implements. Distinct from
+* `clientCapabilitiesSchema` (per-runtime-provider availability — different
+* concept). Older clients omit the field; the server treats every unset flag
+* as `false` and falls back to the legacy path. See proposal
+* hub-inbox-ws-data-plane §3.6.
+*/
+const clientWireCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
 z.object({
 	clientId: z.string().min(1).max(100),
 	hostname: z.string().max(100).optional(),
 	os: z.string().max(50).optional(),
-	sdkVersion: z.string().max(50).optional()
+	sdkVersion: z.string().max(50).optional(),
+	wireCapabilities: clientWireCapabilitiesSchema.optional()
 });
 const capabilityStateSchema = z.enum([
 	"ok",
@@ -968,11 +978,37 @@ z.object({
 	ackedAt: z.string().nullable()
 }).extend({ message: clientMessageSchema });
 z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
+/**
+* server → client: a single inbox entry pushed over the active WS connection,
+* replacing the legacy `new_message` doorbell + HTTP `/inbox` poll round-trip.
+*
+* `entryId` is the server-side `inbox_entries.id` the client must echo back
+* in `inbox:ack`. `message` is exactly what the legacy poll path returned —
+* `clientMessageSchema` already carries `precedingMessages`, so the client-
+* side dispatch logic is reused verbatim (see proposal
+* hub-inbox-ws-data-plane §3.1).
+*
+* `.passthrough()` so a forward-rolling server may extend the frame without
+* breaking older clients that validate strictly. Older clients drop unknown
+* fields silently.
+*/
+const inboxDeliverFrameSchema = z.object({
+	type: z.literal("inbox:deliver"),
+	entryId: z.number().int().nonnegative(),
+	inboxId: z.string().min(1),
+	chatId: z.string().nullable(),
+	message: clientMessageSchema
+}).passthrough();
+z.object({
+	type: z.literal("inbox:ack"),
+	entryId: z.number().int().nonnegative()
+});
 z.object({
 	organizationId: z.string(),
 	organizationName: z.string(),
 	organizationDisplayName: z.string(),
-	role: z.string()
+	role: z.string(),
+	expiresAt: z.string().nullable()
 });
 z.object({
 	id: z.string(),
@@ -1343,6 +1379,13 @@ z.object({
 	token: z.string().min(1)
 });
 /**
+* Negotiable wire-protocol features the server advertises in its `welcome`
+* frame. Older clients drop the `capabilities` field silently because the
+* frame is `.passthrough()`. New clients gate optional code paths on it —
+* absent ⇒ feature off, never assumed.
+*/
+const serverCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
+/**
 * Advisory frame sent server → client immediately after `auth:ok`. It carries
 * the Command-package version the server was bundled with, so the client can
 * detect version drift on startup and on each reconnect. `.passthrough()` so
@@ -1352,7 +1395,8 @@ z.object({
 const serverWelcomeFrameSchema = z.object({
 	type: z.literal("server:welcome"),
 	serverCommandVersion: z.string().min(1),
-	serverTimeMs: z.number().int().nonnegative()
+	serverTimeMs: z.number().int().nonnegative(),
+	capabilities: serverCapabilitiesSchema.optional()
 }).passthrough();
 /** Declare a config field with a Zod schema and optional metadata. */
 function field(schema, options) {
@@ -1488,6 +1532,7 @@ defineConfig({
 		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
 		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" })
 	}),
+	inbox: optional({ maxInFlightPerAgent: field(z.number().int().min(1).max(1024).default(32), { env: "FIRST_TREE_HUB_INBOX_MAX_IN_FLIGHT_PER_AGENT" }) }),
 	kael: optional({
 		endpoint: field(z.string(), { env: "KAEL_ENDPOINT" }),
 		apiKey: field(z.string(), {
@@ -1731,6 +1776,17 @@ const RECONNECT_MAX_MS = 3e4;
 const WS_CONNECT_TIMEOUT_MS = 1e4;
 const HEARTBEAT_INTERVAL_MS = 3e4;
 /**
+* Client-side opt-in for the WS inbox data plane. Gates BOTH the
+* `wireCapabilities.wsInboxDeliver` flag we declare on `client:register`
+* AND how we interpret the server's welcome capability — without this AND,
+* a future client kill-switch could land in a half-state where we tell the
+* server "no thanks" but still treat welcome's `wsInboxDeliver:true` as
+* authoritative and stop the 5s HTTP poll, leaving messages stuck if a
+* NOTIFY ever drops. Hard-coded `true` for now; flip to a config knob if
+* you need a runtime kill-switch.
+*/
+const WS_INBOX_DELIVER_OPT_IN = true;
+/**
 * Unified-user-token C5: reconnect PROACTIVELY this many ms before the JWT's
 * `exp` claim so the client rotates to a fresh JWT without ever hitting the
 * server-side `auth:expired` push. The provider's next `getAccessToken()` call
@@ -1782,6 +1838,15 @@ var ClientConnection = class extends EventEmitter {
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
 	welcomeFramesReceived = 0;
 	/**
+	* Whether the most recent `server:welcome` frame advertised
+	* `capabilities.wsInboxDeliver`. The runtime (AgentSlot) reads this
+	* (via {@link supportsWsInboxDeliver}) to decide whether to keep the
+	* legacy 5s HTTP poll or rely entirely on `inbox:deliver` push frames.
+	* Re-evaluated on every reconnect — the welcome frame is the source of
+	* truth, never assumed sticky across connections.
+	*/
+	wsInboxDeliverActive = false;
+	/**
 	* Last handshake error, stashed for the `close` handler to surface a typed
 	* reason (e.g. {@link ClientOrgMismatchError}) instead of a generic
 	* "closed before ready" when `connect()` is pending.
@@ -1817,6 +1882,30 @@ var ClientConnection = class extends EventEmitter {
 	get agents() {
 		return this.boundAgents;
 	}
+	/**
+	* True when the current connection's `server:welcome` advertised
+	* `capabilities.wsInboxDeliver` — meaning the server will push
+	* `inbox:deliver` frames and accept `inbox:ack` frames over this WS.
+	* Resets to false on every reconnect until the new welcome arrives.
+	*/
+	get supportsWsInboxDeliver() {
+		return this.wsInboxDeliverActive;
+	}
+	/**
+	* Ack a delivered inbox entry over the WS data plane. Replaces the legacy
+	* `sdk.ack()` HTTP call when the connection has negotiated
+	* `wsInboxDeliver`. Safe to call when the WS is closed — the frame is
+	* dropped silently and the entry will time out and re-deliver on
+	* reconnect, mirroring how the legacy timeout reaper handles HTTP
+	* ack-loss.
+	*/
+	sendInboxAck(entryId) {
+		if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
+		this.ws.send(JSON.stringify({
+			type: "inbox:ack",
+			entryId
+		}));
+	}
 	async connect() {
 		this.closing = false;
 		await this.openWebSocket();
@@ -1968,6 +2057,7 @@ var ClientConnection = class extends EventEmitter {
 				this.clearAuthRefreshTimer();
 				const wasRegistered = this.registered;
 				this.registered = false;
+				this.wsInboxDeliverActive = false;
 				this.rejectAllPendingBinds("WebSocket closed");
 				if (!settled) {
 					this.wsLogger.warn({ code }, "closed before ready");
@@ -1999,7 +2089,8 @@ var ClientConnection = class extends EventEmitter {
 				clientId: this.clientId,
 				hostname: hostname(),
 				os: platform(),
-				sdkVersion: this.sdkVersion
+				sdkVersion: this.sdkVersion,
+				wireCapabilities: { wsInboxDeliver: WS_INBOX_DELIVER_OPT_IN }
 			}));
 			return;
 		}
@@ -2009,6 +2100,7 @@ var ClientConnection = class extends EventEmitter {
 				this.wsLogger.warn({ issues: parsed.error.issues.map((i) => i.message) }, "ignoring malformed server:welcome frame");
 				return;
 			}
+			this.wsInboxDeliverActive = parsed.data.capabilities?.wsInboxDeliver === true && WS_INBOX_DELIVER_OPT_IN;
 			const isReconnect = this.welcomeFramesReceived > 0;
 			this.welcomeFramesReceived++;
 			this.emit("server:welcome", {
@@ -2153,6 +2245,25 @@ var ClientConnection = class extends EventEmitter {
 			else this.emit("agent:message", inboxId, msg);
 			return;
 		}
+		if (type === "inbox:deliver") {
+			const parsed = inboxDeliverFrameSchema.safeParse(msg);
+			if (!parsed.success) {
+				this.wsLogger.warn({
+					issues: parsed.error.issues.map((i) => ({
+						path: i.path.join("."),
+						code: i.code,
+						message: i.message
+					})),
+					frameKeys: Object.keys(msg),
+					messageKeys: msg.message && typeof msg.message === "object" ? Object.keys(msg.message) : null
+				}, "malformed inbox:deliver frame — dropping");
+				return;
+			}
+			const emit = () => this.emit("inbox:deliver", parsed.data.inboxId, parsed.data);
+			if (this.pendingImageWrites.size > 0) Promise.all([...this.pendingImageWrites]).finally(emit);
+			else emit();
+			return;
+		}
 		if (type === "error") {
 			const errorMsg = msg.message;
 			const ref = msg.ref;
@@ -4878,11 +4989,19 @@ var SessionManager = class {
 		this.lastReportedStates.set(chatId, state);
 		this.config.onStateChange(chatId, state);
 	}
-	/** ACK an inbox entry — delayed until handler starts processing. */
+	/**
+	* ACK an inbox entry — delayed until handler starts processing.
+	*
+	* Routes through `config.ackEntry` when set (WS push path) or falls back to
+	* `sdk.ack` (HTTP poll path). One ack per entry, one channel per slot —
+	* mixing channels in one slot would leak the server's per-agent in-flight
+	* counter (proposal hub-inbox-ws-data-plane §3.5).
+	*/
 	async ackEntry(entryId, chatId) {
 		if (entryId === void 0) return;
 		try {
-			await this.config.sdk.ack(entryId);
+			if (this.config.ackEntry) await this.config.ackEntry(entryId);
+			else await this.config.sdk.ack(entryId);
 		} catch {
 			this.config.log.warn({
 				chatId,
@@ -5033,6 +5152,12 @@ var AgentSlot = class {
 	pollingTimer = null;
 	reconcileTimer = null;
 	listeners = [];
+	/**
+	* The inbox this slot's agent owns — used to filter `inbox:deliver`
+	* frames addressed to other agents on the same client. Captured at
+	* `start()` from `sdk.register()`.
+	*/
+	inboxId = null;
 	constructor(config) {
 		this.config = config;
 		this.logger = createLogger("slot").child({
@@ -5075,9 +5200,19 @@ var AgentSlot = class {
 			this.logger.error({ err }, "failed to fetch agent config — bind aborted");
 			throw new Error(`Hub unreachable while loading agent config: ${msg}`);
 		}
+		this.inboxId = agent.inboxId;
 		const onMessage = (agentId) => {
 			if (agentId === this.config.agentId) this.pullAndDispatch();
 		};
+		const onInboxDeliver = (inboxId, frame) => {
+			if (inboxId !== this.inboxId) return;
+			this.dispatchPushedFrame(frame).catch((err) => {
+				this.logger.warn({
+					err,
+					entryId: frame.entryId
+				}, "inbox:deliver dispatch error");
+			});
+		};
 		const onBound = (boundAgent) => {
 			if (boundAgent.agentId === this.config.agentId) {
 				this.fullStateSync();
@@ -5088,11 +5223,15 @@ var AgentSlot = class {
 			if (result.agentId === this.config.agentId && this.sessionManager) this.sessionManager.applyStaleChatIds(result.staleChatIds);
 		};
 		this.clientConnection.on("agent:message", onMessage);
+		this.clientConnection.on("inbox:deliver", onInboxDeliver);
 		this.clientConnection.on("agent:bound", onBound);
 		this.clientConnection.on("session:reconcile:result", onReconcileResult);
 		this.listeners.push({
 			event: "agent:message",
 			fn: onMessage
+		}, {
+			event: "inbox:deliver",
+			fn: onInboxDeliver
 		}, {
 			event: "agent:bound",
 			fn: onBound
@@ -5108,6 +5247,10 @@ var AgentSlot = class {
 				agentId: this.config.agentId
 			})
 		});
+		const ackEntry = this.clientConnection.supportsWsInboxDeliver ? (entryId) => {
+			this.clientConnection.sendInboxAck(entryId);
+			return Promise.resolve();
+		} : void 0;
 		this.sessionManager = new SessionManager({
 			session: this.config.session,
 			concurrency: this.config.concurrency,
@@ -5129,6 +5272,7 @@ var AgentSlot = class {
 			log: this.logger,
 			registryPath,
 			agentConfigCache: this.agentConfigCache,
+			ackEntry,
 			onStateChange: (chatId, state) => this.reportSessionState(chatId, state),
 			onRuntimeStateChange: (state) => this.reportRuntimeState(state),
 			onSessionEvent: (chatId, event) => this.reportSessionEvent(chatId, event),
@@ -5162,6 +5306,7 @@ var AgentSlot = class {
 			this.reconcileTimer = null;
 		}
 		for (const entry of this.listeners) if (entry.event === "agent:message") this.clientConnection.off(entry.event, entry.fn);
+		else if (entry.event === "inbox:deliver") this.clientConnection.off(entry.event, entry.fn);
 		else if (entry.event === "agent:bound") this.clientConnection.off(entry.event, entry.fn);
 		else if (entry.event === "session:reconcile:result") this.clientConnection.off(entry.event, entry.fn);
 		else this.clientConnection.off(entry.event, entry.fn);
@@ -5189,11 +5334,47 @@ var AgentSlot = class {
 		if (runtimeState) this.clientConnection.reportRuntimeState(this.config.agentId, runtimeState);
 	}
 	startPolling() {
+		if (this.clientConnection.supportsWsInboxDeliver) {
+			this.logger.info("WS inbox data plane active — skipping 5s HTTP poll");
+			return;
+		}
 		this.pollingTimer = setInterval(() => {
 			this.pullAndDispatch();
 		}, 5e3);
 		this.pullAndDispatch();
 	}
+	/**
+	* Translate an `inbox:deliver` push frame into the {@link InboxEntryWithMessage}
+	* shape `SessionManager.dispatch` expects, then dispatch.
+	*
+	* Ack happens INSIDE `dispatch` via the `ackEntry` callback we pinned at
+	* construction time — for push slots that's `clientConnection.sendInboxAck`,
+	* for poll slots it stays the legacy `sdk.ack`. Sending an additional ack
+	* here would double-ack: HTTP first (`delivered → acked`) followed by a
+	* WS frame the server can no longer match against any `delivered` row,
+	* which leaks the server's per-agent in-flight counter and stalls push
+	* after `inboxMaxInFlightPerAgent` messages.
+	*
+	* Dispatch errors propagate up; the entry stays `delivered` server-side
+	* and the 300s timeout reaper rolls it back to `pending` for replay
+	* (proposal §3.7).
+	*/
+	async dispatchPushedFrame(frame) {
+		if (!this.sessionManager) return;
+		const entry = {
+			id: frame.entryId,
+			inboxId: frame.inboxId,
+			messageId: frame.message.id,
+			chatId: frame.chatId,
+			status: "delivered",
+			retryCount: 0,
+			createdAt: frame.message.createdAt,
+			deliveredAt: (/* @__PURE__ */ new Date()).toISOString(),
+			ackedAt: null,
+			message: frame.message
+		};
+		await this.sessionManager.dispatch(entry);
+	}
 	startReconcileLoop() {
 		const intervalSec = this.config.session.reconcile_interval_seconds ?? 300;
 		this.reconcileTimer = setInterval(() => this.reconcileNow(), intervalSec * 1e3);
@@ -7371,7 +7552,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-Boy3n8CT.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-DvjRZMdZ.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -8351,7 +8532,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-D-aIvdiQ.mjs
+//#region ../server/dist/app-fbgPnPWI.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -10718,27 +10899,31 @@ function createNotifier(listenClient) {
 		const messageId = payload.slice(sepIdx + 1);
 		const sockets = subscriptions.get(inboxId);
 		if (!sockets) return;
-		const data = JSON.stringify({
+		const doorbellFrame = JSON.stringify({
 			type: "new_message",
 			inboxId,
 			messageId
 		});
-		for (const ws of sockets) if (ws.readyState === ws.OPEN) ws.send(data);
+		for (const [ws, pushHandler] of sockets) {
+			if (ws.readyState !== ws.OPEN) continue;
+			if (pushHandler) Promise.resolve(pushHandler(messageId)).catch(() => {});
+			else ws.send(doorbellFrame);
+		}
 	}
 	return {
-		subscribe(inboxId, ws) {
-			let set = subscriptions.get(inboxId);
-			if (!set) {
-				set = /* @__PURE__ */ new Set();
-				subscriptions.set(inboxId, set);
+		subscribe(inboxId, ws, pushHandler) {
+			let map = subscriptions.get(inboxId);
+			if (!map) {
+				map = /* @__PURE__ */ new Map();
+				subscriptions.set(inboxId, map);
 			}
-			set.add(ws);
+			map.set(ws, pushHandler ?? null);
 		},
 		unsubscribe(inboxId, ws) {
-			const set = subscriptions.get(inboxId);
-			if (set) {
-				set.delete(ws);
-				if (set.size === 0) subscriptions.delete(inboxId);
+			const map = subscriptions.get(inboxId);
+			if (map) {
+				map.delete(ws);
+				if (map.size === 0) subscriptions.delete(inboxId);
 			}
 		},
 		async notify(inboxId, messageId) {
@@ -10762,11 +10947,11 @@ function createNotifier(listenClient) {
 			} catch {}
 		},
 		async pushFrameToInbox(inboxId, frame) {
-			const sockets = subscriptions.get(inboxId);
-			if (!sockets) return 0;
+			const map = subscriptions.get(inboxId);
+			if (!map) return 0;
 			let queued = 0;
 			const pending = [];
-			for (const ws of sockets) {
+			for (const ws of map.keys()) {
 				if (ws.readyState !== ws.OPEN) continue;
 				pending.push(new Promise((resolve) => {
 					ws.send(frame, (err) => {
@@ -13206,8 +13391,8 @@ async function pollInbox(db, inboxId, limit) {
 	}, () => pollInboxInner(db, inboxId, limit));
 }
 async function pollInboxInner(db, inboxId, limit) {
-	return await db.transaction(async (tx) => {
-		const claimed = await tx.execute(sql`
+	return db.transaction(async (tx) => {
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
       UPDATE inbox_entries
       SET status = 'delivered', delivered_at = NOW()
       WHERE id IN (
@@ -13218,53 +13403,132 @@ async function pollInboxInner(db, inboxId, limit) {
         FOR UPDATE SKIP LOCKED
       )
       RETURNING *
-    `);
-		if (claimed.length === 0) return [];
-		claimed.sort((a, b) => a.created_at.localeCompare(b.created_at));
-		const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
-		const messageIds = claimed.map((e) => e.message_id);
-		const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
-		const msgMap = new Map(msgs.map((m) => [m.id, m]));
-		const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
-			const msg = msgMap.get(entry.message_id);
-			if (!msg) throw new Error(`Unexpected: message ${entry.message_id} not found`);
-			return {
-				entryChatId: entry.chat_id,
-				precedingMessages: precedingByEntryId.get(entry.id) ?? [],
-				message: {
-					id: msg.id,
-					chatId: msg.chatId,
-					senderId: msg.senderId,
-					format: msg.format,
-					content: msg.content,
-					metadata: msg.metadata,
-					replyToInbox: msg.replyToInbox,
-					replyToChat: msg.replyToChat,
-					inReplyTo: msg.inReplyTo,
-					source: msg.source,
-					createdAt: msg.createdAt.toISOString()
-				}
-			};
-		}));
-		return claimed.map((entry, idx) => {
-			const payload = payloads[idx];
-			if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
-			return {
-				id: entry.id,
-				inboxId: entry.inbox_id,
-				messageId: entry.message_id,
-				chatId: entry.chat_id,
-				status: entry.status,
-				retryCount: entry.retry_count,
-				createdAt: entry.created_at,
-				deliveredAt: entry.delivered_at ?? null,
-				ackedAt: entry.acked_at ?? null,
-				message: payload
-			};
-		});
+    `));
 	});
 }
 /**
+* Shared payload assembler for already-claimed `inbox_entries` rows.
+*
+* Both the HTTP poll path (`pollInbox`) and the WS push path
+* (`claimAndBuildForPush`) call this with rows they have just `UPDATE`d to
+* `status='delivered'`. Keeping the silent-context bundling in one place is
+* the only way to keep the two paths from drifting (proposal
+* hub-inbox-ws-data-plane §3.2 risk #1).
+*
+* Steps:
+*   1. Sort by `created_at` ASC (PG `RETURNING` does not guarantee order).
+*   2. For each trigger, collect silent context & bulk-ack stale silent rows.
+*   3. Fetch the trigger messages.
+*   4. Build wire payloads via the single dispatcher.
+*
+* Returns `[]` if `claimed` is empty.
+*/
+async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
+	if (claimed.length === 0) return [];
+	claimed.sort((a, b) => a.created_at.localeCompare(b.created_at));
+	const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
+	const messageIds = claimed.map((e) => e.message_id);
+	const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
+	const msgMap = new Map(msgs.map((m) => [m.id, m]));
+	const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
+		const msg = msgMap.get(entry.message_id);
+		if (!msg) throw new Error(`Unexpected: message ${entry.message_id} not found`);
+		return {
+			entryChatId: entry.chat_id,
+			precedingMessages: precedingByEntryId.get(entry.id) ?? [],
+			message: {
+				id: msg.id,
+				chatId: msg.chatId,
+				senderId: msg.senderId,
+				format: msg.format,
+				content: msg.content,
+				metadata: msg.metadata,
+				replyToInbox: msg.replyToInbox,
+				replyToChat: msg.replyToChat,
+				inReplyTo: msg.inReplyTo,
+				source: msg.source,
+				createdAt: msg.createdAt.toISOString()
+			}
+		};
+	}));
+	return claimed.map((entry, idx) => {
+		const payload = payloads[idx];
+		if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
+		return {
+			id: Number(entry.id),
+			inboxId: entry.inbox_id,
+			messageId: entry.message_id,
+			chatId: entry.chat_id,
+			status: entry.status,
+			retryCount: entry.retry_count,
+			createdAt: entry.created_at,
+			deliveredAt: entry.delivered_at ?? null,
+			ackedAt: entry.acked_at ?? null,
+			message: payload
+		};
+	});
+}
+/**
+* Realistic upper bound on rows a single NOTIFY references. The unique
+* constraint `(inbox_id, message_id, chat_id)` caps a `(inbox, message)`
+* pair at one row per chatId; the only way to exceed 1 today is the replyTo
+* cross-chat path (`message.ts` writes a second row keyed by the original's
+* `replyToChat`). 8 leaves headroom for any future fan-out variant without
+* requiring a schema change here.
+*/
+const PUSH_CLAIM_BATCH_LIMIT = 8;
+/**
+* WS-push path: atomically claim every pending entry the just-fired
+* `NOTIFY (inboxId:messageId)` references and assemble their wire payloads.
+*
+* Returns `[]` if no row matches — benign race with HTTP poll or another
+* server instance that already claimed the entry. NOTIFY is fire-and-forget
+* (proposal §3.2).
+*
+* Why an array, not a single row: `sendMessage` can write **two** rows for
+* the same `(inbox, messageId)` pair when the recipient is both a chat
+* participant and the `replyToInbox` of an earlier message — the unique key
+* is `(inbox_id, message_id, chat_id)`, so the rows differ by chatId. The
+* old `LIMIT 1` shape would only push the first; the second sat `pending`
+* until reconnect. Aligning with `pollInboxInner`'s `LIMIT N` shape closes
+* that gap and keeps push/poll behaviour interchangeable.
+*/
+async function claimAndBuildForPush(db, inboxId, messageId) {
+	return withSpan("inbox.deliver.push", {
+		"inbox.id": inboxId,
+		"message.id": messageId
+	}, () => db.transaction(async (tx) => {
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
+          UPDATE inbox_entries
+          SET status = 'delivered', delivered_at = NOW()
+          WHERE id IN (
+            SELECT id FROM inbox_entries
+            WHERE inbox_id = ${inboxId}
+              AND message_id = ${messageId}
+              AND status = 'pending'
+              AND notify = true
+            ORDER BY created_at
+            LIMIT ${PUSH_CLAIM_BATCH_LIMIT}
+            FOR UPDATE SKIP LOCKED
+          )
+          RETURNING *
+        `));
+	}));
+}
+/**
+* WS-push backlog path: on agent rebind (or once an in-flight slot frees up
+* after an ack), drain up to `limit` pending `notify=true` entries oldest-
+* first and assemble wire payloads. Identical claim shape to the HTTP poll
+* path — they are intentionally interchangeable so a hot-path bug fixed in
+* one shows up in the other (proposal §3.3 / §3.5).
+*/
+async function claimBacklogForPush(db, inboxId, limit) {
+	return withSpan("inbox.deliver.backlog", {
+		"inbox.id": inboxId,
+		"inbox.backlog.limit": limit
+	}, () => pollInboxInner(db, inboxId, limit));
+}
+/**
 * Per claimed trigger: SELECT silent (notify=false) pending rows in the same
 * chat that occurred between the previous trigger in this batch (or beginning
 * of time) and this trigger, capped by `PRECEDING_CONTEXT_MAX_ENTRIES` and
@@ -13340,6 +13604,26 @@ async function ackEntry$2(db, entryId, inboxId) {
 		return entry;
 	});
 }
+/**
+* Ack a delivered entry from the WS data plane, scoped to the inboxes the
+* connected socket has bound. Returns the acked row on success, `null` if no
+* row matches — a benign outcome the caller should ignore (the entry may
+* have already been acked, timed out, or never belonged to this socket).
+*
+* Distinct from {@link ackEntry} so the WS path can ack without trusting an
+* `inboxId` from the wire — only entries whose `inboxId` is in `inboxIds`
+* are eligible. Empty `inboxIds` short-circuits to `null`.
+*/
+async function ackEntryByIdForBoundAgents(db, entryId, inboxIds) {
+	if (inboxIds.length === 0) return null;
+	return withSpan("inbox.ack.ws", { [FIRST_TREE_HUB_ATTR.INBOX_ENTRY_ID]: String(entryId) }, async () => {
+		const [entry] = await db.update(inboxEntries).set({
+			status: "acked",
+			ackedAt: /* @__PURE__ */ new Date()
+		}).where(and(eq(inboxEntries.id, entryId), inArray(inboxEntries.inboxId, inboxIds), eq(inboxEntries.status, "delivered"))).returning();
+		return entry ?? null;
+	});
+}
 async function renewEntry(db, entryId, inboxId) {
 	const [entry] = await db.update(inboxEntries).set({ deliveredAt: /* @__PURE__ */ new Date() }).where(and(eq(inboxEntries.id, entryId), eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "delivered"))).returning();
 	if (!entry) throw new NotFoundError("Inbox entry not found or not in delivered status");
@@ -13588,6 +13872,27 @@ async function agentTaskRoutes(app) {
 		return getTaskHealth(app.db, request.params.taskId, identity.organizationId);
 	});
 }
+/**
+* Default per-agent in-flight cap when `server.inbox.maxInFlightPerAgent` is
+* unset. Mirrors the schema default so a hub running without an explicit
+* `inbox` block still gets reasonable backpressure once `wsDataPlane` is
+* flipped on. See proposal hub-inbox-ws-data-plane §3.5.
+*/
+const DEFAULT_INBOX_MAX_IN_FLIGHT_PER_AGENT = 32;
+/**
+* Hard cap on entries scanned in a single backlog drain so a recovering
+* client doesn't trigger an arbitrarily large transaction or burst of
+* frames. Anything beyond this stays `pending` and gets picked up by
+* subsequent post-ack drains. Same constant covers both the agent:bound
+* recovery path and the post-ack top-up.
+*
+* Lower than proposal §3.3's 500 on purpose: the actual limit per drain is
+* `min(remainingInFlightBudget, INBOX_BACKLOG_BATCH_LIMIT)`, so with a
+* default cap of 32 the drain SQL never asks for more than ~32 anyway.
+* Subsequent NOTIFYs and post-ack top-ups continue draining without a
+* single-transaction megabatch.
+*/
+const INBOX_BACKLOG_BATCH_LIMIT = 50;
 const wsMessageSchema = z.object({
 	type: z.string(),
 	agentId: z.string().optional(),
@@ -13632,6 +13937,7 @@ function sendRejected(socket, ref, reason) {
 function clientWsRoutes(notifier, instanceId) {
 	return async (app) => {
 		const jwtSecretBytes = new TextEncoder().encode(app.config.secrets.jwtSecret);
+		const inboxMaxInFlightPerAgent = app.config.inbox?.maxInFlightPerAgent ?? DEFAULT_INBOX_MAX_IN_FLIGHT_PER_AGENT;
 		app.get("/client", {
 			websocket: true,
 			config: { otel: false }
@@ -13641,6 +13947,157 @@ function clientWsRoutes(notifier, instanceId) {
 			let clientId = null;
 			let authExpiryTimer = null;
 			const boundAgents = /* @__PURE__ */ new Map();
+			/**
+			* Whether the connected client opted into the WS inbox data plane via
+			* `client:register.wireCapabilities.wsInboxDeliver`. Set per-socket
+			* because client SDKs are upgraded independently — an old client
+			* connecting to a new server must keep receiving the legacy
+			* `new_message` doorbell + HTTP poll path (proposal §3.6).
+			*/
+			let clientWantsWsInboxDeliver = false;
+			/**
+			* Per-agent in-flight `inbox:deliver` counter for backpressure. Lives on
+			* the socket — when the WS closes it goes with it; that's intentional,
+			* because re-counting on a fresh connection would bias the cap against
+			* a healthy reconnect (proposal §3.5).
+			*/
+			const inboxInFlight = /* @__PURE__ */ new Map();
+			function pushUseWsDataPlane() {
+				return clientWantsWsInboxDeliver;
+			}
+			/**
+			* Returns `false` when the socket has already moved out of `OPEN` —
+			* the only failure mode the caller can observe synchronously.
+			*
+			* Note: `ws.send` is fire-and-forget; a buffered frame that fails
+			* to actually flush (TCP slow-close, internal queue full) does NOT
+			* surface here. That class of loss is recovered by the 300s timeout
+			* reaper rolling the entry back to `pending` (§3.7). If you ever
+			* need flush-level confirmation, switch to the `ws.send(frame, cb)`
+			* callback form (see `notifier.ts pushFrameToInbox`).
+			*/
+			function sendInboxDeliverFrame(entry) {
+				if (socket.readyState !== socket.OPEN) return false;
+				const frame = {
+					type: "inbox:deliver",
+					entryId: entry.id,
+					inboxId: entry.inboxId,
+					chatId: entry.chatId,
+					message: entry.message
+				};
+				const validated = inboxDeliverFrameSchema$1.safeParse(frame);
+				if (!validated.success) app.log.error({
+					entryId: entry.id,
+					inboxId: entry.inboxId,
+					issues: validated.error.issues.map((i) => ({
+						path: i.path.join("."),
+						code: i.code,
+						message: i.message
+					}))
+				}, "inbox:deliver frame failed self-validation — wire shape drift");
+				socket.send(JSON.stringify(frame));
+				return true;
+			}
+			/**
+			* Build the per-socket push handler bound to a specific agent. Closes
+			* over `agentId`, `inboxId`, the socket, and the in-flight counter.
+			*
+			* Backpressure: when the agent is at-cap we drop the NOTIFY (entry
+			* stays `pending` server-side) and a debug log records the drop so
+			* staging can correlate "messages slow" reports against cap hits.
+			* The dropped row is replayed by `drainBacklogForAgent` once an ack
+			* frees a slot, or by the next NOTIFY when we're back below cap (§3.5).
+			*
+			* Multi-row claims: a single `(inboxId, messageId)` pair can map to
+			* more than one `inbox_entries` row (replyTo cross-chat case writes
+			* a second row with a different chatId). We push every row claimed
+			* by this NOTIFY in one go — see `claimAndBuildForPush`.
+			*
+			* The cap is intentionally **soft**: claim happens after the gate
+			* check, so an N>1 claim can nudge in-flight slightly past
+			* `inboxMaxInFlightPerAgent`. N is bounded by the
+			* `(inbox_id, message_id, chat_id)` unique constraint (≤2 today),
+			* so worst-case overshoot is small and the memory headroom in §3.5's
+			* 64MB estimate covers it.
+			*/
+			function makeInboxPushHandler(agentId, inboxId) {
+				return async (messageId) => {
+					const current = inboxInFlight.get(agentId) ?? 0;
+					if (current >= inboxMaxInFlightPerAgent) {
+						app.log.debug({
+							agentId,
+							inboxId,
+							messageId,
+							inFlightCount: current,
+							cap: inboxMaxInFlightPerAgent
+						}, "inbox push: at cap, dropping NOTIFY (will replay via post-ack drain)");
+						return;
+					}
+					let entries;
+					try {
+						entries = await claimAndBuildForPush(app.db, inboxId, messageId);
+					} catch (err) {
+						app.log.error({
+							err,
+							inboxId,
+							messageId,
+							agentId
+						}, "claimAndBuildForPush failed");
+						return;
+					}
+					if (entries.length === 0) return;
+					for (const entry of entries) {
+						inboxInFlight.set(agentId, (inboxInFlight.get(agentId) ?? 0) + 1);
+						if (!sendInboxDeliverFrame(entry)) {
+							inboxInFlight.set(agentId, Math.max(0, (inboxInFlight.get(agentId) ?? 1) - 1));
+							return;
+						}
+					}
+				};
+			}
+			/**
+			* Drain up to `INBOX_BACKLOG_BATCH_LIMIT` pending entries for an agent
+			* over the current WS, capped by the remaining in-flight budget so a
+			* full drain stays within the per-agent backpressure cap (§3.3, §3.5).
+			*
+			* Used in two places:
+			*   1. Right after `agent:bound` — covers reconnects where NOTIFYs
+			*      were dropped while the socket was offline.
+			*   2. Right after an `inbox:ack` — top up the in-flight slot just
+			*      freed, in case the previous NOTIFY was dropped at-cap.
+			*
+			* The cap is **soft**: this function reads `slotsFree` once before the
+			* `claimBacklogForPush` round-trip, and a NOTIFY-driven push handler
+			* may increment the counter concurrently. In the worst case in-flight
+			* temporarily exceeds the cap by the number of concurrent pushes. With
+			* the default cap of 32 and N ≤ 2 per push handler invocation, the
+			* memory headroom in §3.5's 64MB estimate covers this.
+			*/
+			async function drainBacklogForAgent(agentId, inboxId) {
+				if (socket.readyState !== socket.OPEN) return;
+				const slotsFree = inboxMaxInFlightPerAgent - (inboxInFlight.get(agentId) ?? 0);
+				if (slotsFree <= 0) return;
+				const limit = Math.min(slotsFree, INBOX_BACKLOG_BATCH_LIMIT);
+				let entries;
+				try {
+					entries = await claimBacklogForPush(app.db, inboxId, limit);
+				} catch (err) {
+					app.log.error({
+						err,
+						agentId,
+						inboxId,
+						limit
+					}, "claimBacklogForPush failed");
+					return;
+				}
+				for (const entry of entries) {
+					inboxInFlight.set(agentId, (inboxInFlight.get(agentId) ?? 0) + 1);
+					if (!sendInboxDeliverFrame(entry)) {
+						inboxInFlight.set(agentId, Math.max(0, (inboxInFlight.get(agentId) ?? 1) - 1));
+						return;
+					}
+				}
+			}
 			const sessionOpQueues = /* @__PURE__ */ new Map();
 			function chainSessionOp(agentId, chatId, op) {
 				const key = `${agentId}:${chatId}`;
@@ -13745,7 +14202,8 @@ function clientWsRoutes(notifier, instanceId) {
 						socket.send(JSON.stringify({
 							type: "server:welcome",
 							serverCommandVersion: app.commandVersion,
-							serverTimeMs: Date.now()
+							serverTimeMs: Date.now(),
+							capabilities: { wsInboxDeliver: true }
 						}));
 					} catch (err) {
 						const message = err instanceof Error ? err.message : "auth failure";
@@ -13762,6 +14220,7 @@ function clientWsRoutes(notifier, instanceId) {
 					try {
 						if (type === "client:register") {
 							const data = clientRegisterSchema.parse(msg);
+							clientWantsWsInboxDeliver = data.wireCapabilities?.wsInboxDeliver === true;
 							try {
 								await registerClient(app.db, {
 									clientId: data.clientId,
@@ -13885,7 +14344,9 @@ function clientWsRoutes(notifier, instanceId) {
 								agentId: agent.id,
 								inboxId: agent.inboxId
 							});
-							notifier.subscribe(agent.inboxId, socket);
+							const wsPushActive = pushUseWsDataPlane();
+							if (wsPushActive) notifier.subscribe(agent.inboxId, socket, makeInboxPushHandler(agent.id, agent.inboxId));
+							else notifier.subscribe(agent.inboxId, socket);
 							socket.send(JSON.stringify({
 								type: "agent:bound",
 								ref,
@@ -13893,6 +14354,12 @@ function clientWsRoutes(notifier, instanceId) {
 								displayName: agent.displayName,
 								agentType: agent.type
 							}));
+							if (wsPushActive) drainBacklogForAgent(agent.id, agent.inboxId).catch((err) => {
+								app.log.error({
+									err,
+									agentId: agent.id
+								}, "post-bind backlog drain crashed");
+							});
 						} else if (type === "agent:unbind") {
 							const agentId = parsed.data.agentId;
 							if (!agentId || !boundAgents.has(agentId)) {
@@ -13907,6 +14374,7 @@ function clientWsRoutes(notifier, instanceId) {
 							await unbindAgent(app.db, agentId);
 							unbindAgentFromClient(agentId);
 							boundAgents.delete(agentId);
+							inboxInFlight.delete(agentId);
 							socket.send(JSON.stringify({
 								type: "agent:unbound",
 								agentId
@@ -14008,6 +14476,35 @@ function clientWsRoutes(notifier, instanceId) {
 							}
 							const payload = sessionCompletionMessageSchema.parse(msg);
 							if (shouldNotify(agentId, `session_completed:${payload.chatId}`)) notifyAgentEvent(app.db, agentId, "session_completed", "low", payload.chatId).catch(() => {});
+						} else if (type === "inbox:ack") {
+							const payloadResult = inboxAckFrameSchema.safeParse(msg);
+							if (!payloadResult.success) {
+								socket.send(JSON.stringify({
+									type: "error",
+									message: "Malformed inbox:ack frame"
+								}));
+								return;
+							}
+							const { entryId } = payloadResult.data;
+							try {
+								const ackedEntry = await ackEntryByIdForBoundAgents(app.db, entryId, [...boundAgents.values()].map((a) => a.inboxId));
+								if (!ackedEntry) return;
+								const owner = [...boundAgents.values()].find((a) => a.inboxId === ackedEntry.inboxId);
+								if (owner) {
+									inboxInFlight.set(owner.agentId, Math.max(0, (inboxInFlight.get(owner.agentId) ?? 1) - 1));
+									drainBacklogForAgent(owner.agentId, owner.inboxId).catch((err) => {
+										app.log.error({
+											err,
+											agentId: owner.agentId
+										}, "post-ack backlog drain crashed");
+									});
+								}
+							} catch (err) {
+								app.log.error({
+									err,
+									entryId
+								}, "inbox:ack handling failed");
+							}
 						} else if (type === "heartbeat") {
 							if (clientId) {
 								await heartbeatClient(app.db, clientId);
@@ -14396,19 +14893,20 @@ function sanitizeAgentName(login) {
 	return login.toLowerCase().replace(/[^a-z0-9_-]/g, "-").replace(/^-+|-+$/g, "").slice(0, 60) || "user";
 }
 /**
-* Create a fresh "personal team" org for a brand-new user, plus the
-* matching admin membership + 1:1 human agent. Slug strategy:
+* Create a fresh default team org for a brand-new user, plus the matching
+* admin membership + 1:1 human agent. Slug strategy:
 *
-*   - First try: `${login}-personal`
+*   - First try: `${login}` (lowercased, sanitized)
 *   - On collision: append a 4-char hex disambiguator
 *
-* The display name is `{user}'s Personal Team` so it reads sensibly in the
-* UI; the user can rename via Settings later (proposal §"Personal team
-* visual降级").
+* Display name is the user's GitHub real name (or login as fallback). No
+* "Personal Team" suffix — the user might invite teammates later, and we
+* don't want a label that reads like a private sandbox to be the team name
+* other members see. Users rename freely via Settings.
 */
 async function createPersonalTeam(db, input) {
-	const baseSlug = sanitizeOrgSlug(`${input.loginSeed}-personal`);
-	const displayName = `${input.userDisplayName}'s Personal Team`;
+	const baseSlug = sanitizeOrgSlug(input.loginSeed);
+	const displayName = input.userDisplayName;
 	const orgId = uuidv7();
 	return {
 		organizationId: orgId,
@@ -15098,7 +15596,7 @@ async function inferWizardStep(app, m) {
 * landing page.
 */
 async function publicInvitePreviewRoute(app) {
-	const { previewInvitation } = await import("./invitation-BTlGMy0o-Coj07kYi.mjs");
+	const { previewInvitation } = await import("./invitation-D3feYxet-366MNOor.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -15128,7 +15626,7 @@ async function adminInvitationRoutes(app) {
 		const m = requireMember(request);
 		if (m.role !== "admin") throw new ForbiddenError("Admin role required");
 		if (request.params.id !== m.organizationId) throw new ForbiddenError("Cannot rotate invitations for another organization");
-		const { rotateInvitation } = await import("./invitation-BTlGMy0o-Coj07kYi.mjs");
+		const { rotateInvitation } = await import("./invitation-D3feYxet-366MNOor.mjs");
 		const inv = await rotateInvitation(app.db, m.organizationId, m.userId);
 		return {
 			id: inv.id,