@agent-team-foundation/first-tree-hub 0.11.2 → 0.11.4

package/dist/{saas-connect-Df2CVAGp.mjs → saas-connect-CVoRK0Ex.mjs}

@@ -1,11 +1,12 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { C as withSpan, D as require_pino, E as redactUrl, S as startWsConnectionSpan, T as FIRST_TREE_HUB_ATTR, a as createLogger$1, b as stampOrgScope, d as observabilityPlugin, g as setWsConnectionAttrs, i as bodyCaptureOnSendHook, l as messageAttrs, m as rootLogger$1, n as applyLoggerConfig, o as currentTraceId, p as reportErrorToRoot, r as attachRequestContext, s as endWsConnectionSpan, t as adapterAttrs, v as stampAgentResource, w as withWsMessageSpan, y as stampChatResource } from "./observability-C3nY6Jcz-Bk7FX689.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-B-FRMuvL.mjs";
-import { $ as notificationQuerySchema, A as createChatSchema, B as githubDevCallbackQuerySchema, Ct as updateTaskStatusSchema, D as createAdapterConfigSchema, E as contextTreeSnapshotSchema, F as defaultRuntimeConfigPayload, G as inboxPollQuerySchema, H as imageInlineContentSchema, I as delegateFeishuUserSchema, J as joinByInvitationSchema, K as isRedactedEnvValue, L as dryRunAgentRuntimeConfigSchema, M as createMemberSchema, N as createOrgFromMeSchema, O as createAdapterMappingSchema, P as createTaskSchema, Q as messageSourceSchema$1, R as extractMentions, S as agentTypeSchema$1, St as updateOrganizationSchema, T as connectTokenExchangeSchema, U as inboxAckFrameSchema, V as githubStartQuerySchema, W as inboxDeliverFrameSchema$1, X as listMeChatsQuerySchema, Y as linkTaskChatSchema, Z as loginSchema, _ as adminCreateTaskSchema, _t as updateAgentRuntimeConfigSchema, a as AGENT_STATUSES, at as scanMentionTokens, b as agentPinnedMessageSchema$1, bt as updateClientCapabilitiesSchema, ct as sendToAgentSchema, d as TASK_HEALTH_SIGNALS, dt as sessionEventSchema$1, et as paginationQuerySchema, f as TASK_STATUSES, ft as sessionReconcileRequestSchema, g as addParticipantSchema, gt as updateAdapterConfigSchema, h as addMeChatParticipantsSchema, ht as taskListQuerySchema, i as AGENT_SOURCES, it as safeRedirectPath, j as createMeChatSchema, k as createAgentSchema, l as MENTION_REGEX, lt as sessionCompletionMessageSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as stripCode, n as AGENT_NAME_REGEX$1, nt as refreshTokenSchema, o as AGENT_TYPES, ot as selfServiceFeishuBotSchema, p as TASK_TERMINAL_STATUSES, pt as sessionStateMessageSchema, q as isReservedAgentName$1, r as AGENT_SELECTOR_HEADER$1, rt as runtimeStateMessageSchema, s as AGENT_VISIBILITY, st as sendMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as rebindAgentSchema, u as TASK_CREATOR_TYPES, ut as sessionEventMessageSchema, v as adminUpdateTaskSchema, vt as updateAgentSchema, w as clientRegisterSchema, wt as wsAuthFrameSchema, x as agentRuntimeConfigPayloadSchema$1, xt as updateMemberSchema, y as agentBindRequestSchema, yt as updateChatSchema, z as githubCallbackQuerySchema } from "./dist-FuUBFTEB.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-BmyRwN0Y-CIZZ_sDc.mjs";
-import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-CLdRbuml-B416INrm.mjs";
-import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Dnn5gGGX-Ce7zbZpn.mjs";
+import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, f as messageAttrs, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-gw1ODB_o.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-D-Yf8yOc.mjs";
+import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
+import { $ as loginSchema, A as createAgentSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateMemberSchema, D as contextTreeSnapshotSchema, E as connectTokenExchangeSchema, Et as wsAuthFrameSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateClientCapabilitiesSchema, T as clientRegisterSchema, Tt as updateTaskStatusSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as taskListQuerySchema, a as AGENT_STATUSES, at as runtimeStateMessageSchema, b as agentBindRequestSchema, bt as updateAgentSchema, ct as selfServiceFeishuBotSchema, d as TASK_CREATOR_TYPES, dt as sessionCompletionMessageSchema, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as sessionEventMessageSchema, g as addMeChatParticipantsSchema, gt as stripCode, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionStateMessageSchema, i as AGENT_SOURCES, it as refreshTokenSchema, j as createChatSchema, k as createAdapterMappingSchema, l as MENTION_REGEX, lt as sendMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sessionReconcileRequestSchema, n as AGENT_NAME_REGEX$1, nt as paginationQuerySchema, o as AGENT_TYPES, ot as safeRedirectPath, p as TASK_STATUSES, pt as sessionEventSchema$1, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as rebindAgentSchema, s as AGENT_VISIBILITY, st as scanMentionTokens, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as sendToAgentSchema, v as adminCreateTaskSchema, vt as updateAdapterConfigSchema, wt as updateOrganizationSchema, x as agentPinnedMessageSchema$1, xt as updateChatSchema, y as adminUpdateTaskSchema, yt as updateAgentRuntimeConfigSchema, z as extractMentions } from "./dist-ClFs4WMj.mjs";
+import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-BmyRwN0Y-Dad3eV8F.mjs";
+import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-CLdRbuml-svTO0Eat.mjs";
+import { n as init_esm, r as trace, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Dnn5gGGX-DXryyvRG.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -29,12 +30,12 @@ import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
 import { bigserial, boolean, index, integer, jsonb, pgTable, primaryKey, serial, text, timestamp, unique, uniqueIndex } from "drizzle-orm/pg-core";
+import { SignJWT, jwtVerify } from "jose";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
 import fastifyStatic from "@fastify/static";
 import websocket from "@fastify/websocket";
 import Fastify from "fastify";
-import { SignJWT, jwtVerify } from "jose";
 import { promisify } from "node:util";
 import matter from "gray-matter";
 import { Client, EventDispatcher, LoggerLevel, WSClient } from "@larksuiteoapi/node-sdk";
@@ -1291,6 +1292,57 @@ z.object({
 	displayName: z.string().optional(),
 	next: z.string().max(256).optional()
 });
+/**
+* Per-organization settings — schemas, namespaces, and the registry that
+* dispatches `(orgId, namespace)` lookups to the right validator.
+*
+* Each namespace has three schemas:
+*   - `storage` — what is persisted in `organization_settings.value`. For
+*     namespaces with secrets, the storage schema names the *cipher* field
+*     (e.g. `webhookSecretCipher`); plaintext never touches the row.
+*   - `input`   — what the admin API accepts in PUT bodies. For namespaces
+*     with secrets, `webhookSecret` is plaintext; the service layer
+*     encrypts it before merging into storage.
+*   - `output`  — what GET returns. Secrets are replaced by a boolean
+*     `…Configured` flag — plaintext is never echoed.
+*
+* Adding a new per-org config group:
+*   1. Define three schemas (storage / input / output).
+*   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
+*   3. Done. No DB migration, no new API route.
+*/
+const orgContextTreeStorageSchema = z.object({
+	repo: z.string().url().optional(),
+	branch: z.string().default("main")
+});
+const orgContextTreeInputSchema = z.object({
+	repo: z.string().url().min(1).nullish(),
+	branch: z.string().min(1).nullish()
+});
+const orgContextTreeOutputSchema = z.object({
+	repo: z.string().optional(),
+	branch: z.string().optional()
+});
+const orgGithubIntegrationStorageSchema = z.object({ webhookSecretCipher: z.string().optional() });
+const orgGithubIntegrationInputSchema = z.object({ webhookSecret: z.string().min(1).nullish() });
+const orgGithubIntegrationOutputSchema = z.object({
+	webhookSecretConfigured: z.boolean(),
+	webhookUrl: z.string()
+});
+const ORG_SETTINGS_NAMESPACES = {
+	context_tree: {
+		storage: orgContextTreeStorageSchema,
+		input: orgContextTreeInputSchema,
+		output: orgContextTreeOutputSchema
+	},
+	github_integration: {
+		storage: orgGithubIntegrationStorageSchema,
+		input: orgGithubIntegrationInputSchema,
+		output: orgGithubIntegrationOutputSchema
+	}
+};
+const ORG_SETTINGS_NAMESPACE_KEYS = Object.keys(ORG_SETTINGS_NAMESPACES);
+z.enum(ORG_SETTINGS_NAMESPACE_KEYS);
 const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/, "Must start with a letter or digit and contain only lowercase alphanumeric and hyphens").refine((v) => !UUID_PATTERN.test(v), "Name must not be a UUID format"),
@@ -1683,21 +1735,6 @@ defineConfig({
 		refreshTokenExpiry: field(z.string().default("30d"), { env: "FIRST_TREE_HUB_AUTH_REFRESH_TOKEN_EXPIRY" }),
 		connectTokenExpiry: field(z.string().default("10m"), { env: "FIRST_TREE_HUB_AUTH_CONNECT_TOKEN_EXPIRY" })
 	},
-	contextTree: optional({
-		repo: field(z.string().optional(), {
-			env: "FIRST_TREE_HUB_CONTEXT_TREE_REPO",
-			prompt: { message: "Context Tree repo URL (e.g. https://github.com/org/first-tree):" }
-		}),
-		localPath: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_PATH" }),
-		branch: field(z.string().default("main"))
-	}),
-	github: {
-		webhookSecret: field(z.string().optional(), {
-			env: "FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET",
-			secret: true
-		}),
-		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
-	},
 	oauth: optional({ github: optional({
 		clientId: field(z.string(), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_ID" }),
 		clientSecret: field(z.string(), {
@@ -1808,10 +1845,12 @@ var FirstTreeHubSDK = class {
 	_baseUrl;
 	getAccessToken;
 	_agentId;
+	_userAgent;
 	constructor(config) {
 		this._baseUrl = config.serverUrl.replace(/\/+$/, "");
 		this.getAccessToken = config.getAccessToken;
 		this._agentId = config.agentId;
+		this._userAgent = config.userAgent;
 	}
 	/** Server base URL (without trailing slash). */
 	get serverUrl() {
@@ -1863,7 +1902,12 @@ var FirstTreeHubSDK = class {
 	async isHubReachable(timeoutMs = 3e3) {
 		try {
 			const url = `${this._baseUrl}/api/v1/health`;
-			return (await fetch(url, { signal: AbortSignal.timeout(timeoutMs) })).ok;
+			const headers = {};
+			if (this._userAgent) headers["User-Agent"] = this._userAgent;
+			return (await fetch(url, {
+				signal: AbortSignal.timeout(timeoutMs),
+				headers
+			})).ok;
 		} catch {
 			return false;
 		}
@@ -1922,6 +1966,7 @@ var FirstTreeHubSDK = class {
 		const url = `${this._baseUrl}${path}`;
 		const headers = { Authorization: `Bearer ${await this.getAccessToken()}` };
 		if (this._agentId) headers[AGENT_SELECTOR_HEADER] = this._agentId;
+		if (this._userAgent) headers["User-Agent"] = this._userAgent;
 		if (init?.body) headers["Content-Type"] = "application/json";
 		const timeout = AbortSignal.timeout(FETCH_TIMEOUT_MS);
 		const signal = init?.signal ? AbortSignal.any([init.signal, timeout]) : timeout;
@@ -2031,6 +2076,7 @@ var ClientConnection = class extends EventEmitter {
 	clientId;
 	serverUrl;
 	sdkVersion;
+	userAgent;
 	getAccessToken;
 	ws = null;
 	wsConnectTimer = null;
@@ -2084,6 +2130,7 @@ var ClientConnection = class extends EventEmitter {
 		this.clientId = config.clientId ?? process.env.FIRST_TREE_HUB_CLIENT_ID ?? `client_${randomUUID().slice(0, 8)}`;
 		this.serverUrl = config.serverUrl.replace(/\/+$/, "");
 		this.sdkVersion = config.sdkVersion;
+		this.userAgent = config.userAgent;
 		this.getAccessToken = config.getAccessToken;
 		this.wsLogger = createLogger("ws").child({ clientId: this.clientId });
 		this.authLogger = createLogger("auth").child({ clientId: this.clientId });
@@ -2225,7 +2272,7 @@ var ClientConnection = class extends EventEmitter {
 		return new Promise((resolve, reject) => {
 			const wsUrl = `${this.serverUrl.replace(/^http/, "ws")}/api/v1/agent/ws/client`;
 			this.wsLogger.info({ url: wsUrl }, "connecting");
-			const ws = new WebSocket(wsUrl);
+			const ws = new WebSocket(wsUrl, this.userAgent ? { headers: { "User-Agent": this.userAgent } } : void 0);
 			let settled = false;
 			const settle = (fn, value) => {
 				if (settled) return;
@@ -2376,7 +2423,8 @@ var ClientConnection = class extends EventEmitter {
 				const sdk = new FirstTreeHubSDK({
 					serverUrl: this.serverUrl,
 					getAccessToken: this.getAccessToken,
-					agentId
+					agentId,
+					userAgent: this.userAgent
 				});
 				const agent = {
 					agentId,
@@ -6062,71 +6110,6 @@ function sleep(ms) {
 	return new Promise((resolve) => setTimeout(resolve, ms));
 }
 //#endregion
-//#region src/core/output.ts
-/**
-* Print layer — the only place CLI code should write to stdout/stderr.
-*
-* Contract:
-* - `print.result(data)` / `print.fail(...)` emit machine-readable JSON on
-*   stdout / stderr respectively. Scripts pipe into `jq` and expect a clean
-*   envelope, so nothing else may touch stdout.
-* - `print.status` / `print.check` / `print.blank` / `print.line` are
-*   human-friendly and go to stderr so they never pollute a redirected stdout.
-*   In `--json` mode they are silenced — scripted consumers only care about
-*   the envelope.
-*/
-let jsonMode = false;
-function setJsonMode(enabled) {
-	jsonMode = enabled;
-}
-function result(data) {
-	process.stdout.write(`${JSON.stringify({
-		ok: true,
-		data
-	})}\n`);
-}
-function fail$1(code, message, exitCode = 1) {
-	process.stderr.write(`${JSON.stringify({
-		ok: false,
-		error: {
-			code,
-			message
-		}
-	})}\n`);
-	process.exit(exitCode);
-}
-function status(label, message) {
-	if (jsonMode) return;
-	process.stderr.write(`  ${label.padEnd(20)} ${message}\n`);
-}
-function check(pass, label, detail = "") {
-	if (jsonMode) return;
-	const icon = pass ? "✓" : "✗";
-	const tail = detail ? ` ${detail}` : "";
-	process.stderr.write(`  ${icon} ${label.padEnd(22)}${tail}\n`);
-}
-function blank() {
-	if (jsonMode) return;
-	process.stderr.write("\n");
-}
-/**
-* Generic stderr writer for pre-formatted human text (multi-line tables,
-* interactive prompts). Prefer `status` / `check` when the text fits; this
-* exists so the `--json` mode gate can silence arbitrary human chatter.
-*/
-function line(text) {
-	if (jsonMode) return;
-	process.stderr.write(text);
-}
-const print = {
-	result,
-	fail: fail$1,
-	status,
-	check,
-	blank,
-	line
-};
-//#endregion
 //#region src/cli/output.ts
 /**
 * CLI output re-exports. The underlying implementation lives in
@@ -6491,6 +6474,7 @@ var ClientRuntime = class {
 			serverUrl,
 			clientId,
 			sdkVersion: options.currentVersion,
+			userAgent: CLI_USER_AGENT,
 			getAccessToken: (opts) => ensureFreshAccessToken(opts)
 		});
 		registerBuiltinHandlers();
@@ -7645,7 +7629,7 @@ async function checkServerHealth() {
 	const port = get(config, "server.port") ?? 8e3;
 	const url = `http://${host}:${port}/healthz`;
 	try {
-		const res = await fetch(url, { signal: AbortSignal.timeout(3e3) });
+		const res = await cliFetch(url, { signal: AbortSignal.timeout(3e3) });
 		if (res.ok) return {
 			label: "Server Health",
 			ok: true,
@@ -7696,7 +7680,7 @@ async function checkServerReachable() {
 		detail: "not configured (FIRST_TREE_HUB_SERVER_URL or config file)"
 	};
 	try {
-		const res = await fetch(`${serverUrl}/healthz`, { signal: AbortSignal.timeout(5e3) });
+		const res = await cliFetch(`${serverUrl}/healthz`, { signal: AbortSignal.timeout(5e3) });
 		if (res.ok) return {
 			label: "Server URL",
 			ok: true,
@@ -7841,7 +7825,7 @@ async function checkWebSocket() {
 	};
 	const wsUrl = serverUrl.replace(/^http/, "ws");
 	try {
-		if ((await fetch(`${serverUrl}/healthz`, { signal: AbortSignal.timeout(3e3) })).ok) return {
+		if ((await cliFetch(`${serverUrl}/healthz`, { signal: AbortSignal.timeout(3e3) })).ok) return {
 			label: "WebSocket",
 			ok: true,
 			detail: `${wsUrl} (server reachable)`
@@ -7872,6 +7856,12 @@ function printResults(results) {
 }
 //#endregion
 //#region src/core/migrate.ts
+function sslOptions$1(url) {
+	try {
+		if (new URL(url).hostname.endsWith(".rds.amazonaws.com")) return { ssl: { rejectUnauthorized: false } };
+	} catch {}
+	return {};
+}
 /**
 * Resolve the drizzle migrations directory.
 * 1. npm install: embedded at dist/drizzle/ (relative to the built CLI)
@@ -7905,14 +7895,21 @@ function validateJournalOrder(migrationsFolder) {
 async function runMigrations(databaseUrl) {
 	const migrationsFolder = resolveMigrationsFolder();
 	validateJournalOrder(migrationsFolder);
-	const client = postgres(databaseUrl, { max: 1 });
+	const ssl = sslOptions$1(databaseUrl);
+	const client = postgres(databaseUrl, {
+		max: 1,
+		...ssl
+	});
 	const db = drizzle(client);
 	try {
 		await migrate(db, { migrationsFolder });
 	} finally {
 		await client.end();
 	}
-	const countClient = postgres(databaseUrl, { max: 1 });
+	const countClient = postgres(databaseUrl, {
+		max: 1,
+		...ssl
+	});
 	try {
 		return (await countClient`
       SELECT count(*)::int AS count
@@ -7931,7 +7928,7 @@ function createApiNameResolver(serverUrl, getAccessToken) {
 		if (cache) return cache;
 		const token = await getAccessToken();
 		const map = /* @__PURE__ */ new Map();
-		const res = await fetch(`${serverUrl}/api/v1/me/managed-agents`, {
+		const res = await cliFetch(`${serverUrl}/api/v1/me/managed-agents`, {
 			method: "GET",
 			headers: { Authorization: `Bearer ${token}` },
 			signal: AbortSignal.timeout(1e4)
@@ -8163,7 +8160,7 @@ async function onboardCheck(args) {
 			value: serverUrl
 		});
 		try {
-			const res = await fetch(`${serverUrl}/api/v1/health`);
+			const res = await cliFetch(`${serverUrl}/api/v1/health`);
 			items.push({
 				key: "server_reachable",
 				label: "Server reachable",
@@ -8235,7 +8232,7 @@ function formatCheckReport(items) {
 	return lines.join("\n");
 }
 async function resolveDefaultOrgId$1(serverUrl, accessToken) {
-	const res = await fetch(`${serverUrl}/api/v1/me`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/me`, {
 		headers: { Authorization: `Bearer ${accessToken}` },
 		signal: AbortSignal.timeout(1e4)
 	});
@@ -8247,7 +8244,7 @@ async function resolveDefaultOrgId$1(serverUrl, accessToken) {
 	throw new Error("Multiple organizations — pass --org explicitly to onboard");
 }
 async function createAgentViaAdmin(serverUrl, accessToken, orgId, body) {
-	const res = await fetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(orgId)}/agents`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(orgId)}/agents`, {
 		method: "POST",
 		headers: {
 			Authorization: `Bearer ${accessToken}`,
@@ -8306,7 +8303,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-GvFABWW5.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-AI3pwmqN.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -8406,7 +8403,7 @@ async function promptAddAgent(opts = {}) {
 		validate: (v) => v.length > 0 ? true : "Agent UUID is required"
 	});
 	const token = await ensureFreshAccessToken();
-	const res = await fetch(`${serverUrl}/api/v1/agents/${encodeURIComponent(agentId)}`, {
+	const res = await cliFetch(`${serverUrl}/api/v1/agents/${encodeURIComponent(agentId)}`, {
 		headers: { Authorization: `Bearer ${token}` },
 		signal: AbortSignal.timeout(1e4)
 	});
@@ -8478,7 +8475,7 @@ function setNestedByDot(obj, dotPath, value) {
 * value (the in-band repair path catches any remaining drift on first bind).
 */
 async function reconcileLocalRuntimeProviders(opts) {
-	const res = await fetch(`${opts.serverUrl}/api/v1/me/pinned-agents`, { headers: { Authorization: `Bearer ${opts.accessToken}` } });
+	const res = await cliFetch(`${opts.serverUrl}/api/v1/me/pinned-agents`, { headers: { Authorization: `Bearer ${opts.accessToken}` } });
 	if (!res.ok) throw new Error(`hub returned ${res.status} on /clients/me/agents`);
 	const items = await res.json();
 	const byAgentId = new Map(items.map((it) => [it.agentId, it]));
@@ -8518,7 +8515,7 @@ async function reconcileLocalRuntimeProviders(opts) {
 * client startup since capabilities only matter for UI / admin checks.
 */
 async function uploadClientCapabilities(opts) {
-	const res = await fetch(`${opts.serverUrl}/api/v1/clients/${encodeURIComponent(opts.clientId)}/capabilities`, {
+	const res = await cliFetch(`${opts.serverUrl}/api/v1/clients/${encodeURIComponent(opts.clientId)}/capabilities`, {
 		method: "PATCH",
 		headers: {
 			Authorization: `Bearer ${opts.accessToken}`,
@@ -9519,7 +9516,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-Cbgqlj0e.mjs
+//#region ../server/dist/app-B8Ncyl76.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -13653,8 +13650,12 @@ function clientWsRoutes(notifier, instanceId) {
 	return async (app) => {
 		const jwtSecretBytes = new TextEncoder().encode(app.config.secrets.jwtSecret);
 		const inboxMaxInFlightPerAgent = app.config.inbox?.maxInFlightPerAgent ?? DEFAULT_INBOX_MAX_IN_FLIGHT_PER_AGENT;
-		app.get("/client", { websocket: true }, async (socket) => {
-			startWsConnectionSpan(socket);
+		app.get("/client", { websocket: true }, async (socket, request) => {
+			const ua = request.headers["user-agent"];
+			startWsConnectionSpan(socket, {
+				remoteIp: request.ip,
+				userAgent: typeof ua === "string" ? ua.slice(0, 200) : void 0
+			});
 			let session = null;
 			let jwtDefaultOrgId = null;
 			let clientId = null;
@@ -14566,8 +14567,12 @@ async function refreshAccessToken(db, refreshToken, jwtSecretKey, expiries) {
 	try {
 		const { payload: p } = await jwtVerify(refreshToken, secret);
 		payload = p;
-	} catch {
-		throw new UnauthorizedError("Invalid or expired refresh token", { "auth.refresh.reason": "jwt_verify_failed" });
+	} catch (err) {
+		const untrusted = decodeJwtForTrace(refreshToken);
+		throw new UnauthorizedError("Invalid or expired refresh token", {
+			"auth.refresh.reason": classifyJoseError(err),
+			...untrustedAttrs("auth.refresh", untrusted)
+		});
 	}
 	if (payload.type !== "refresh" || !payload.sub) throw new UnauthorizedError("Invalid token type", {
 		"auth.refresh.reason": "wrong_token_type",
@@ -14618,10 +14623,17 @@ async function exchangeConnectToken(db, connectToken, jwtSecretKey, expiries) {
 	try {
 		const { payload: p } = await jwtVerify(connectToken, secret);
 		payload = p;
-	} catch {
-		throw new UnauthorizedError("Invalid or expired connect token");
+	} catch (err) {
+		const untrusted = decodeJwtForTrace(connectToken);
+		throw new UnauthorizedError("Invalid or expired connect token", {
+			"auth.connect.reason": classifyJoseError(err),
+			...untrustedAttrs("auth.connect", untrusted)
+		});
 	}
-	if (payload.type !== "connect" || !payload.sub) throw new UnauthorizedError("Invalid token type — expected connect token");
+	if (payload.type !== "connect" || !payload.sub) throw new UnauthorizedError("Invalid token type — expected connect token", {
+		"auth.connect.reason": "wrong_token_type",
+		"auth.connect.actual_type": String(payload.type ?? "<missing>")
+	});
 	const jti = payload.jti;
 	if (jti) {
 		if (consumedConnectJtis.has(jti)) throw new UnauthorizedError("Connect token has already been used");
@@ -15255,10 +15267,18 @@ async function authRoutes(app) {
 		return reply.send(result);
 	});
 }
-async function bootstrapConfigRoutes(app) {
-	/** Public endpoint — returns bootstrap prerequisites for CLI auto-discovery. */
-	app.get("/config", async () => {
-		return { allowedOrg: app.config.github.allowedOrg ?? null };
+async function bootstrapConfigRoutes(_app) {
+	/**
+	* Public endpoint — returns bootstrap prerequisites for CLI auto-discovery.
+	*
+	* `allowedOrg` used to surface here from the global `github.allowedOrg`
+	* config; it is now a per-org setting (see issue #255). A public bootstrap
+	* endpoint can't resolve an org without a caller, so the field is
+	* surfaced as `null` and consumers should fetch the per-org value via
+	* `/api/v1/orgs/:orgId/settings/github_integration` after auth.
+	*/
+	_app.get("/config", async () => {
+		return { allowedOrg: null };
 	});
 }
 /** Extract a plain-text summary from a message's JSONB content field.
@@ -16027,12 +16047,212 @@ async function clientRoutes(app) {
 		});
 	});
 }
+/**
+* Per-organization settings, keyed by `(organization_id, namespace)`.
+*
+* One row holds an entire group of related config as a JSONB blob — schema
+* for each namespace lives in `@agent-team-foundation/first-tree-hub-shared`
+* (`ORG_SETTINGS_NAMESPACES`) and is enforced by the service layer on every
+* read/write. Adding a new config group means registering a new namespace +
+* Zod schema in shared; the DB does not change.
+*
+* `version` is reserved for future optimistic locking (PUT with If-Match)
+* and is currently set unconditionally. We keep it on the table from day
+* one so tightening to compare-and-swap later is a code-only change.
+*
+* Sensitive fields inside `value` (e.g. `github_integration.webhookSecret`)
+* are AES-256-GCM-encrypted at the service layer using `crypto.ts`'s
+* `encryptValue` / `decryptValue` — same pattern as `adapter_configs`.
+*/
+const organizationSettings = pgTable("organization_settings", {
+	organizationId: text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+	namespace: text("namespace").notNull(),
+	value: jsonb("value").$type().notNull().default({}),
+	version: integer("version").notNull().default(0),
+	updatedBy: text("updated_by").references(() => users.id, { onDelete: "set null" }),
+	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
+}, (table) => [primaryKey({ columns: [table.organizationId, table.namespace] }), index("idx_org_settings_namespace").on(table.namespace)]);
+/**
+* Per-organization settings, keyed by `(organizationId, namespace)`. The
+* registry of valid namespaces and their storage / input / output schemas
+* lives in `@agent-team-foundation/first-tree-hub-shared`.
+*
+* Read path:  storage row → decrypt secrets → output (mask)
+* Write path: input → validate → encrypt secrets → merge with current storage → upsert (in tx)
+*
+* The generic getter returns the masked output. Callers needing plaintext
+* for a specific secret use a purpose-built helper (e.g.
+* `getDecryptedGithubWebhookSecret`) rather than the generic storage shape
+* — this avoids a `…Cipher` field name silently holding plaintext at
+* call-sites and limits secret exposure to one explicit code path per
+* secret. (#4)
+*/
+function assertNamespace(ns) {
+	if (!isOrgSettingNamespace(ns)) throw new BadRequestError(`Unknown organization-settings namespace: "${ns}"`);
+}
+async function fetchStorageRow(db, orgId, namespace) {
+	const [row] = await db.select({ value: organizationSettings.value }).from(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace))).limit(1);
+	if (!row) return null;
+	return ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse(row.value);
+}
+function emptyStorage(namespace) {
+	return ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse({});
+}
+function ensureEncrypted(value, encryptionKey) {
+	return isEncryptedValue(value) ? value : encryptValue(value, encryptionKey);
+}
+/**
+* Merge a validated input into the current storage row for a namespace.
+* Secret fields are encrypted here.
+*
+* Input semantics per nullish field:
+*   `undefined` → unchanged
+*   `null`      → cleared
+*   value       → set / replace (already validated as non-empty by the input schema)
+*/
+function applyInputDelta(namespace, current, input, encryptionKey) {
+	if (namespace === "context_tree") {
+		const cur = current;
+		const inp = input;
+		return {
+			repo: inp.repo === void 0 ? cur.repo : inp.repo ?? void 0,
+			branch: inp.branch === void 0 ? cur.branch : inp.branch ?? "main"
+		};
+	}
+	if (namespace === "github_integration") {
+		const cur = current;
+		const inp = input;
+		return { webhookSecretCipher: inp.webhookSecret === void 0 ? cur.webhookSecretCipher : inp.webhookSecret === null ? void 0 : ensureEncrypted(inp.webhookSecret, encryptionKey) };
+	}
+	return namespace;
+}
+/**
+* Project the storage row into the API output for a namespace, masking
+* any secret fields. `webhookUrl` for `github_integration` is left as an
+* empty string here — the route layer enriches it with the resolved
+* `server.publicUrl` (the service stays config-agnostic).
+*/
+function toOutput(namespace, storage) {
+	if (namespace === "context_tree") {
+		const s = storage;
+		return {
+			repo: s.repo,
+			branch: s.branch
+		};
+	}
+	if (namespace === "github_integration") {
+		const s = storage;
+		return {
+			webhookSecretConfigured: typeof s.webhookSecretCipher === "string" && s.webhookSecretCipher.length > 0,
+			webhookUrl: ""
+		};
+	}
+	return namespace;
+}
+/**
+* Read a setting masked for the API. Missing rows → namespace defaults
+* (parse `{}` against the storage schema).
+*/
+async function getOrgSetting(db, orgId, namespace) {
+	assertNamespace(namespace);
+	return toOutput(namespace, await fetchStorageRow(db, orgId, namespace) ?? emptyStorage(namespace));
+}
+/**
+* Read the per-org Context Tree binding for server-internal consumers
+* (`/context-tree/info`, snapshot service). No secrets in this namespace,
+* so the storage shape is safe to expose directly. Missing row → defaults.
+*/
+async function getOrgContextTree(db, orgId) {
+	return await fetchStorageRow(db, orgId, "context_tree") ?? emptyStorage("context_tree");
+}
+/**
+* Decrypt and return the plaintext GitHub webhook secret for an org.
+* Returns `null` when the org has not configured one. The only intended
+* caller is the webhook route's signature verifier — the result must
+* never leak through HTTP responses or logs. (#4)
+*/
+async function getDecryptedGithubWebhookSecret(db, orgId, encryptionKey) {
+	const cipher = (await fetchStorageRow(db, orgId, "github_integration"))?.webhookSecretCipher;
+	if (!cipher) return null;
+	return isEncryptedValue(cipher) ? decryptValue(cipher, encryptionKey) : cipher;
+}
+/**
+* Upsert a setting. Returns the masked output of the resulting row.
+*
+* The fetch + merge + upsert sequence runs inside a single transaction so
+* two concurrent admin writes can't both base their delta on the same
+* pre-image and silently lose each other's fields. Optimistic locking
+* (the `version` column) remains reserved for a future If-Match flip.
+* (#6)
+*/
+async function putOrgSetting(db, orgId, namespace, rawInput, options) {
+	assertNamespace(namespace);
+	const input = ORG_SETTINGS_NAMESPACES$1[namespace].input.parse(rawInput);
+	return db.transaction(async (tx) => {
+		const txDb = tx;
+		const [org] = await txDb.select({ id: organizations.id }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
+		if (!org) throw new NotFoundError(`Organization "${orgId}" not found`);
+		const merged = applyInputDelta(namespace, await fetchStorageRow(txDb, orgId, namespace) ?? emptyStorage(namespace), input, options.encryptionKey);
+		const validated = ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse(merged);
+		await tx.insert(organizationSettings).values({
+			organizationId: orgId,
+			namespace,
+			value: validated,
+			version: 1,
+			updatedBy: options.updatedBy,
+			updatedAt: /* @__PURE__ */ new Date()
+		}).onConflictDoUpdate({
+			target: [organizationSettings.organizationId, organizationSettings.namespace],
+			set: {
+				value: validated,
+				version: sql`${organizationSettings.version} + 1`,
+				updatedBy: options.updatedBy,
+				updatedAt: /* @__PURE__ */ new Date()
+			}
+		});
+		return toOutput(namespace, validated);
+	});
+}
+/**
+* Delete a namespace row; subsequent GETs return defaults.
+*/
+async function deleteOrgSetting(db, orgId, namespace) {
+	assertNamespace(namespace);
+	await db.delete(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace)));
+}
+/**
+* Resolve the caller's "primary org" — the earliest-joined active
+* membership for the given user. Used by user-scoped routes that
+* historically didn't take an `:orgId` (e.g. `/context-tree/info`) so
+* the SDK call shape doesn't have to change while the per-tenant lookup
+* still happens correctly.
+*
+* Returns `null` for users with no active membership. Tightening to
+* "explicit org selector" is a future change-once-multi-org-clients-arrive
+* concern. (#7)
+*/
+async function resolveUserPrimaryOrgId(db, userId) {
+	const [row] = await db.select({ organizationId: members.organizationId }).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))).orderBy(asc(members.createdAt)).limit(1);
+	return row?.organizationId ?? null;
+}
 async function contextTreeInfoRoutes(app) {
-	/** Public endpoint — returns Context Tree repo metadata for CLI auto-discovery. */
-	app.get("/info", async () => {
+	/**
+	* Class A — `/api/v1/context-tree/info`. Returns the caller's
+	* organization-scoped Context Tree binding for CLI auto-discovery.
+	* Responds with `{ repo: null, branch: null }` when the user is not in
+	* any org or the org hasn't configured a tree yet.
+	*/
+	app.get("/info", async (request) => {
+		const { userId } = requireUser(request);
+		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
+		if (!orgId) return {
+			repo: null,
+			branch: null
+		};
+		const tree = await getOrgContextTree(app.db, orgId);
 		return {
-			repo: app.config.contextTree?.repo ?? null,
-			branch: app.config.contextTree?.branch ?? null
+			repo: tree.repo ?? null,
+			branch: tree.branch ?? null
 		};
 	});
 }
@@ -16058,10 +16278,10 @@ const WINDOW_DAYS = {
 	"30d": 30
 };
 const snapshotCache = /* @__PURE__ */ new Map();
-async function getContextTreeSnapshot(config, window = CONTEXT_TREE_SNAPSHOT_WINDOWS.SEVEN_DAYS) {
-	const repo = config.contextTree?.repo ?? null;
-	const branch = config.contextTree?.branch ?? null;
-	const resolved = resolveContextTreeRoot(repo, config.contextTree?.localPath);
+async function getContextTreeSnapshot(binding, window = CONTEXT_TREE_SNAPSHOT_WINDOWS.SEVEN_DAYS) {
+	const repo = binding.repo ?? null;
+	const branch = binding.branch ?? null;
+	const resolved = resolveContextTreeRoot(repo, binding.localPath);
 	if (!resolved.root) return unavailableSnapshot(repo, branch, resolved.reason);
 	const now = (/* @__PURE__ */ new Date()).toISOString();
 	try {
@@ -16733,7 +16953,9 @@ async function contextTreeSnapshotRoutes(app) {
 		keyGenerator: (request) => request.user?.userId ?? request.ip
 	} } }, async (request) => {
 		const query = querySchema.parse(request.query);
-		const snapshot = await getContextTreeSnapshot(app.config, query.window ?? "7d");
+		const { userId } = requireUser(request);
+		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
+		const snapshot = await getContextTreeSnapshot(orgId ? await getOrgContextTree(app.db, orgId) : {}, query.window ?? "7d");
 		return contextTreeSnapshotSchema.parse(snapshot);
 	});
 }
@@ -16838,7 +17060,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-DWlyNb8x-BEgoZ9k1.mjs");
+	const { previewInvitation } = await import("./invitation-DWlyNb8x-BvXubk24.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -16935,7 +17157,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-By1K4VVT-nVOhsXBy.mjs");
+		const { listMyPinnedAgents } = await import("./client-By1K4VVT-DuI6EnSh.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -17658,6 +17880,64 @@ async function orgSessionRoutes(app) {
 		});
 	});
 }
+/**
+* Class B — `/api/v1/orgs/:orgId/settings/:namespace`.
+*
+* Generic per-org settings surface. The `:namespace` URL parameter is
+* dispatched against `ORG_SETTINGS_NAMESPACES` (in the shared package);
+* adding a new config group only requires registering it there — no new
+* route file.
+*
+* All three verbs are admin-only. Even GET, because the masked output
+* still leaks "configured / not-configured" booleans for secret fields,
+* which we don't want to expose to non-admin members.
+*/
+async function orgSettingsRoutes(app) {
+	app.get("/:namespace", async (request) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		return enrichOutput(namespace, await getOrgSetting(app.db, scope.organizationId, namespace), scope.organizationId, app.config.server.publicUrl);
+	});
+	app.put("/:namespace", { config: { otelRecordBody: true } }, async (request) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		return enrichOutput(namespace, await putOrgSetting(app.db, scope.organizationId, namespace, request.body, {
+			updatedBy: scope.userId,
+			encryptionKey: app.config.secrets.encryptionKey
+		}), scope.organizationId, app.config.server.publicUrl);
+	});
+	app.delete("/:namespace", async (request, reply) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		await deleteOrgSetting(app.db, scope.organizationId, namespace);
+		reply.status(204).send();
+	});
+}
+function parseNamespace(raw) {
+	if (!isOrgSettingNamespace(raw)) throw new BadRequestError(`Unknown organization-settings namespace: "${raw}"`);
+	return raw;
+}
+/**
+* Resolve namespace-specific server-config-derived fields. The service
+* layer stays config-agnostic — namespace knowledge that needs `app.config`
+* lives here. Currently only `github_integration.webhookUrl` qualifies.
+*
+* If `server.publicUrl` is unset on the Hub, `webhookUrl` is left as `""`
+* so the UI can render a "contact your site administrator" notice rather
+* than fall back to `window.location.origin` (which is wrong behind a
+* reverse proxy). (#12)
+*/
+function enrichOutput(namespace, out, orgId, publicUrl) {
+	if (namespace === "github_integration") {
+		const o = out;
+		const webhookUrl = publicUrl ? `${publicUrl.replace(/\/+$/, "")}/api/v1/webhooks/github/${orgId}` : "";
+		return {
+			...o,
+			webhookUrl
+		};
+	}
+	return out;
+}
 function dispatch$1(notifier, result) {
 	if (!result) return;
 	notifyRecipients(notifier, result.recipients, result.message.id);
@@ -17760,7 +18040,11 @@ function orgWsRoutes(notifier, jwtSecret) {
 	}
 	return async (app) => {
 		app.get("/", { websocket: true }, async (socket, request) => {
-			startWsConnectionSpan(socket, { remoteIp: request.ip });
+			const ua = request.headers["user-agent"];
+			startWsConnectionSpan(socket, {
+				remoteIp: request.ip,
+				userAgent: typeof ua === "string" ? ua.slice(0, 200) : void 0
+			});
 			const orgIdFromPath = request.params.orgId;
 			const token = request.query.token;
 			if (!token || !orgIdFromPath) {
@@ -17953,16 +18237,15 @@ function verifySignature(secret, rawBody, signatureHeader) {
 	const receivedBuf = Buffer.from(signatureHeader, "utf8");
 	if (expectedBuf.length !== receivedBuf.length || !timingSafeEqual(expectedBuf, receivedBuf)) throw new UnauthorizedError("Invalid webhook signature");
 }
-async function ensureGitHubAdapterAgent(db) {
-	const defaultOrgId = await resolveDefaultOrgId(db);
-	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, defaultOrgId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
+async function ensureGitHubAdapterAgent(db, organizationId) {
+	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
 	if (existing) return existing.uuid;
 	try {
 		return (await createAgent(db, {
 			name: GITHUB_ADAPTER_ID,
 			type: "autonomous_agent",
 			displayName: "GitHub Adapter",
-			organizationId: defaultOrgId,
+			organizationId,
 			metadata: {
 				source: "github",
 				managed: true
@@ -17970,19 +18253,19 @@ async function ensureGitHubAdapterAgent(db) {
 		})).uuid;
 	} catch (err) {
 		if (err instanceof ConflictError) {
-			const [created] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, defaultOrgId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
+			const [created] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
 			if (created) return created.uuid;
 		}
 		throw err;
 	}
 }
-async function findTargetAgent(db, repoFullName) {
+async function findTargetAgent(db, organizationId, repoFullName) {
 	const allAgents = await db.select({
 		id: agents.uuid,
 		name: agents.name,
 		metadata: agents.metadata,
 		type: agents.type
-	}).from(agents).where(eq(agents.status, "active"));
+	}).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.status, "active")));
 	for (const agent of allAgents) {
 		if (agent.name === GITHUB_ADAPTER_ID) continue;
 		const meta = agent.metadata;
@@ -18016,14 +18299,14 @@ function extractMentions$1(text) {
 * For each mentioned user who has delegate_mention configured,
 * send a card message from the mentioned user to their delegate.
 */
-async function routeMentionDelegations(app, mentionedNames, ctx) {
+async function routeMentionDelegations(app, organizationId, mentionedNames, ctx) {
 	if (mentionedNames.length === 0) return 0;
 	const delegates = await app.db.select({
 		id: agents.uuid,
 		name: agents.name,
 		delegateMention: agents.delegateMention,
 		status: agents.status
-	}).from(agents).where(and(inArray(agents.name, mentionedNames), isNotNull(agents.delegateMention)));
+	}).from(agents).where(and(eq(agents.organizationId, organizationId), inArray(agents.name, mentionedNames), isNotNull(agents.delegateMention)));
 	let routed = 0;
 	for (const agent of delegates) {
 		if (agent.status !== "active" || !agent.delegateMention) continue;
@@ -18111,13 +18394,14 @@ async function githubWebhookRoutes(app) {
 	app.addContentTypeParser("application/json", { parseAs: "buffer" }, (_request, body, done) => {
 		done(null, body);
 	});
-	const webhookSecret = app.config.github.webhookSecret;
 	const webhookMax = app.config.rateLimit?.webhookMax ?? 60;
-	app.post("/github", { config: { rateLimit: {
+	app.post("/github/:orgId", { config: { rateLimit: {
 		max: webhookMax,
 		timeWindow: "1 minute"
 	} } }, async (request, reply) => {
-		if (!webhookSecret) return reply.status(501).send({ error: "GitHub webhook is not configured. Set FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET to enable." });
+		const { orgId } = request.params;
+		const webhookSecret = await getDecryptedGithubWebhookSecret(app.db, orgId, app.config.secrets.encryptionKey);
+		if (!webhookSecret) return reply.status(501).send({ error: "GitHub webhook is not configured for this organization. An admin must set the webhook secret in Team settings." });
 		const rawBody = request.body;
 		if (!Buffer.isBuffer(rawBody)) throw new BadRequestError("Expected raw body buffer");
 		const signatureHeader = request.headers["x-hub-signature-256"];
@@ -18135,12 +18419,12 @@ async function githubWebhookRoutes(app) {
 			ok: true,
 			event: "ping"
 		});
-		if (eventType === "issues") return handleIssuesEvent(app, eventType, payload, reply);
-		if (eventType === "issue_comment") return handleIssueCommentEvent(app, eventType, payload, reply);
+		if (eventType === "issues") return handleIssuesEvent(app, orgId, eventType, payload, reply);
+		if (eventType === "issue_comment") return handleIssueCommentEvent(app, orgId, eventType, payload, reply);
 		let mentionsRouted = 0;
 		const allowedActions = MENTION_ACTIONS[eventType];
 		const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
-		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, eventType, payload);
+		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
 		return reply.status(200).send({
 			ok: true,
 			event: eventType,
@@ -18294,10 +18578,10 @@ function extractEventContext(eventType, payload) {
 * Run mention delegation for a given event type and payload.
 * Only called after action gating confirms this is a "new content" event.
 */
-async function handleMentionDelegation(app, eventType, payload) {
+async function handleMentionDelegation(app, organizationId, eventType, payload) {
 	const mentions = extractMentions$1(extractEventText(eventType, payload));
 	const mentionCtx = extractEventContext(eventType, payload);
-	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, mentions, mentionCtx);
+	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, organizationId, mentions, mentionCtx);
 	return 0;
 }
 /** Actions that represent new/changed content (worth scanning for @mentions). */
@@ -18311,9 +18595,9 @@ const MENTION_ACTIONS = {
 	discussion_comment: ["created"],
 	commit_comment: ["created"]
 };
-async function handleIssuesEvent(app, eventType, payload, reply) {
+async function handleIssuesEvent(app, organizationId, eventType, payload, reply) {
 	const data = parseIssuesPayload(payload);
-	if (MENTION_ACTIONS.issues?.includes(data.action)) await handleMentionDelegation(app, eventType, payload);
+	if (MENTION_ACTIONS.issues?.includes(data.action)) await handleMentionDelegation(app, organizationId, eventType, payload);
 	if (![
 		"opened",
 		"edited",
@@ -18324,7 +18608,7 @@ async function handleIssuesEvent(app, eventType, payload, reply) {
 		action: data.action,
 		handled: false
 	});
-	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db), findTargetAgent(app.db, data.repository.full_name)]);
+	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db, organizationId), findTargetAgent(app.db, organizationId, data.repository.full_name)]);
 	if (!targetAgentId) {
 		log$1.warn({
 			repo: data.repository.full_name,
@@ -18370,16 +18654,16 @@ async function handleIssuesEvent(app, eventType, payload, reply) {
 		routed: true
 	});
 }
-async function handleIssueCommentEvent(app, eventType, payload, reply) {
+async function handleIssueCommentEvent(app, organizationId, eventType, payload, reply) {
 	const data = parseIssueCommentPayload(payload);
-	if (MENTION_ACTIONS.issue_comment?.includes(data.action)) await handleMentionDelegation(app, eventType, payload);
+	if (MENTION_ACTIONS.issue_comment?.includes(data.action)) await handleMentionDelegation(app, organizationId, eventType, payload);
 	if (data.action !== "created") return reply.status(200).send({
 		ok: true,
 		event: "issue_comment",
 		action: data.action,
 		handled: false
 	});
-	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db), findTargetAgent(app.db, data.repository.full_name)]);
+	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db, organizationId), findTargetAgent(app.db, organizationId, data.repository.full_name)]);
 	if (!targetAgentId) {
 		log$1.warn({
 			repo: data.repository.full_name,
@@ -18449,6 +18733,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	members: () => members,
 	messages: () => messages,
 	notifications: () => notifications,
+	organizationSettings: () => organizationSettings,
 	organizations: () => organizations,
 	serverInstances: () => serverInstances,
 	sessionEvents: () => sessionEvents,
@@ -18457,10 +18742,16 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	users: () => users
 });
 function connectDatabase(url) {
-	const client = postgres(url);
+	const client = postgres(url, sslOptions(url));
 	const db = drizzle(client, { schema: schema_exports });
 	return Object.assign(db, { end: () => client.end() });
 }
+function sslOptions(url) {
+	try {
+		if (new URL(url).hostname.endsWith(".rds.amazonaws.com")) return { ssl: { rejectUnauthorized: false } };
+	} catch {}
+	return {};
+}
 /**
 * Agent-scoped HTTP authentication hook. Must run **after** userAuthHook
 * so `request.user` is populated.
@@ -18531,8 +18822,12 @@ function userAuthHook(db, jwtSecret) {
 		try {
 			const { payload: p } = await jwtVerify(token, secret);
 			payload = p;
-		} catch {
-			throw new UnauthorizedError("Invalid or expired token", { "auth.failure_reason": "jwt_verify_failed" });
+		} catch (err) {
+			const untrusted = decodeJwtForTrace(token);
+			throw new UnauthorizedError("Invalid or expired token", {
+				"auth.failure_reason": classifyJoseError(err),
+				...untrustedAttrs("auth", untrusted)
+			});
 		}
 		if (payload.type !== "access" || !payload.sub) throw new UnauthorizedError("Invalid token type", {
 			"auth.failure_reason": "wrong_token_type",
@@ -19736,7 +20031,7 @@ function createPulseAggregator(options) {
 * Returning a string (rather than undefined) keeps the welcome frame well-
 * formed — the client treats the value advisorily.
 */
-function resolveCommandVersion$1(injected) {
+function resolveCommandVersion(injected) {
 	if (injected && injected.trim().length > 0) return injected;
 	try {
 		const pkg = createRequire(import.meta.url)("../package.json");
@@ -19828,10 +20123,13 @@ async function buildApp(config) {
 	const db = connectDatabase(config.database.url);
 	app.decorate("db", db);
 	app.decorate("config", config);
-	const commandVersion = resolveCommandVersion$1(config.commandVersion);
+	const commandVersion = resolveCommandVersion(config.commandVersion);
 	app.decorate("commandVersion", commandVersion);
 	app.log.info({ commandVersion }, "Hub server advertising command version");
-	const listenClient = postgres(config.database.url, { max: 1 });
+	const listenClient = postgres(config.database.url, {
+		max: 1,
+		...sslOptions(config.database.url)
+	});
 	const notifier = createNotifier(listenClient);
 	await app.register(websocket, { options: { maxPayload: config.ws?.maxPayload ?? 65536 } });
 	const corsOrigin = config.cors?.origin;
@@ -19843,7 +20141,8 @@ async function buildApp(config) {
 	await app.register(rateLimit, {
 		max: config.rateLimit?.max ?? 100,
 		timeWindow: "1 minute",
-		hook: "preHandler"
+		hook: "preHandler",
+		errorResponseBuilder: buildRateLimitError
 	});
 	app.addHook("onSend", bodyCaptureOnSendHook);
 	const userAuth = userAuthHook(db, config.secrets.jwtSecret);
@@ -19915,9 +20214,9 @@ async function buildApp(config) {
 		await api.register(authRoutes, { prefix: "/auth" });
 		await api.register(githubOauthRoutes, { prefix: "/auth/github" });
 		await api.register(publicInvitationRoutes, { prefix: "/invitations" });
-		await api.register(contextTreeInfoRoutes, { prefix: "/context-tree" });
 		await api.register(bootstrapConfigRoutes, { prefix: "/bootstrap" });
 		await api.register(userScope("contextTreeScope", async (scope) => {
+			await scope.register(contextTreeInfoRoutes);
 			await scope.register(contextTreeSnapshotRoutes);
 		}), { prefix: "/context-tree" });
 		await api.register(userScope("meRoutesScope", async (scope) => {
@@ -19938,6 +20237,7 @@ async function buildApp(config) {
 			await scope.register(orgClientRoutes, { prefix: "/clients" });
 			await scope.register(orgInvitationRoutes, { prefix: "/invitations" });
 			await scope.register(orgMemberRoutes, { prefix: "/members" });
+			await scope.register(orgSettingsRoutes, { prefix: "/settings" });
 		}), { prefix: "/orgs/:orgId" });
 		await api.register(orgWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/orgs/:orgId/ws" });
 		await api.register(userScope("resourcesScope", async (scope) => {
@@ -20042,58 +20342,6 @@ async function buildApp(config) {
 	return app;
 }
 //#endregion
-//#region src/core/version.ts
-/**
-* Version of the consumer-facing `@agent-team-foundation/first-tree-hub`
-* package. Read once at module load so the CLI, client runtime, and server
-* bootstrap all quote the same string.
-*
-* Path-based lookups (`require("../../package.json")`) do not survive the
-* tsdown bundle: the source lives at `src/core/version.ts` but every
-* emitted chunk lands in `dist/` — shifting the relative depth by one and
-* pointing at `packages/package.json` instead of our own manifest (the
-* v0.9.1 "Cannot find module ../../package.json" crash). Walk up from this
-* module's URL and accept the first `package.json` whose `name` matches, so
-* dev runs (`tsx src/cli/index.ts`) and the published bundle
-* (`dist/cli/index.mjs`) both resolve the same file.
-*/
-const PACKAGE_NAME$1 = "@agent-team-foundation/first-tree-hub";
-/**
-* Sentinel returned when the walker exhausts every parent directory without
-* finding our manifest. Deliberately NOT valid SemVer so the client-side
-* `UpdateManager` drops into its `semver.valid(current) === false` warn-and-
-* skip branch instead of treating it as `< target` and triggering a spurious
-* self-update loop (the scenario where the startup crash this module fixes
-* would otherwise quietly reincarnate as repeated `npm install -g @latest`).
-*/
-const UNRESOLVED_VERSION = "unknown";
-/**
-* Exported for tests. Walks up from `moduleUrl`'s directory looking for a
-* `package.json` whose `name` field equals {@link PACKAGE_NAME}. Returns
-* {@link UNRESOLVED_VERSION} as a last-resort fallback so the CLI never
-* crashes on a missing manifest.
-*/
-function resolveCommandVersion(moduleUrl = import.meta.url) {
-	let dir = dirname(fileURLToPath(moduleUrl));
-	for (let i = 0; i < 10; i++) {
-		try {
-			const pkg = JSON.parse(readFileSync(resolve(dir, "package.json"), "utf8"));
-			if (pkg.name === PACKAGE_NAME$1 && typeof pkg.version === "string" && pkg.version.length > 0) return pkg.version;
-		} catch (err) {
-			const code = err.code;
-			if (code !== "ENOENT" && code !== "ENOTDIR") {
-				const message = err instanceof Error ? err.message : String(err);
-				print.line(`[first-tree-hub] warning: could not read ${dir}/package.json: ${message}\n`);
-			}
-		}
-		const parent = dirname(dir);
-		if (parent === dir) break;
-		dir = parent;
-	}
-	return UNRESOLVED_VERSION;
-}
-const COMMAND_VERSION = resolveCommandVersion();
-//#endregion
 //#region src/core/server.ts
 /**
 * Full server start orchestration:
@@ -20148,7 +20396,7 @@ async function startServer(options) {
 		instanceId: `srv_${randomUUID().slice(0, 8)}`,
 		commandVersion: COMMAND_VERSION
 	};
-	const { initTelemetry, shutdownTelemetry } = await import("./observability-DttujCqj.mjs");
+	const { initTelemetry, shutdownTelemetry } = await import("./observability-CYsdAcoF.mjs");
 	await initTelemetry(serverConfig.observability.tracing, config.instanceId);
 	const app = await buildApp(config);
 	const SHUTDOWN_FORCE_EXIT_MS = 8e3;
@@ -20509,7 +20757,7 @@ async function promptReplaceOrCancel(newMemberId) {
 	}) === "replace" ? "proceed" : "cancel";
 }
 async function exchangeToken(url, token) {
-	const res = await fetch(`${url}/api/v1/auth/connect-token`, {
+	const res = await cliFetch(`${url}/api/v1/auth/connect-token`, {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
 		body: JSON.stringify({ token }),
@@ -20621,4 +20869,4 @@ function registerSaaSConnectCommand(program) {
 	});
 }
 //#endregion
-export { findStaleAliases as $, checkDatabase as A, installClientService as B, runHomeMigration as C, checkAgentConfigs as D, runMigrations as E, checkServerReachable as F, stopClientService as G, resolveCliInvocation as H, checkWebSocket as I, isDockerAvailable as J, uninstallClientService as K, printResults as L, checkNodeVersion as M, checkServerConfig as N, checkBackgroundService as O, checkServerHealth as P, rotateClientIdWithBackup as Q, reconcileAgentConfigs as R, saveOnboardState as S, migrateLocalAgentDirs as T, restartClientService as U, isServiceSupported as V, startClientService as W, ClientRuntime as X, stopPostgres as Y, handleClientOrgMismatch as Z, promptMissingFields as _, probeCapabilities as _t, declineUpdate as a, fail as at, onboardCheck as b, detectInstallMode as c, print as ct, startServer as d, ClientOrgMismatchError as dt, formatStaleReason as et, COMMAND_VERSION as f, ClientUserMismatchError as ft, promptAddAgent as g, cleanWorkspaces as gt, isInteractive as h, SessionRegistry as ht, createExecuteUpdate as i, resolveReplyToFromEnv as it, checkDocker as j, checkClientConfig as k, fetchLatestVersion as l, setJsonMode as lt, uploadClientCapabilities as m, SdkError as mt, deriveHubUrlFromToken as n, createOwner as nt, promptUpdate as o, success as ot, reconcileLocalRuntimeProviders as p, FirstTreeHubSDK as pt, ensurePostgres as q, registerSaaSConnectCommand as r, hasUser as rt, PACKAGE_NAME as s, blank as st, HubUrlDerivationError as t, removeLocalAgent as tt, installGlobalLatest as u, status as ut, formatCheckReport as v, applyClientLoggerConfig as vt, createApiNameResolver as w, onboardCreate as x, loadOnboardState as y, configureClientLoggerForService as yt, getClientServiceStatus as z };
+export { formatStaleReason as $, checkDocker as A, isServiceSupported as B, createApiNameResolver as C, checkBackgroundService as D, checkAgentConfigs as E, checkWebSocket as F, uninstallClientService as G, restartClientService as H, printResults as I, stopPostgres as J, ensurePostgres as K, reconcileAgentConfigs as L, checkServerConfig as M, checkServerHealth as N, checkClientConfig as O, checkServerReachable as P, findStaleAliases as Q, getClientServiceStatus as R, runHomeMigration as S, runMigrations as T, startClientService as U, resolveCliInvocation as V, stopClientService as W, handleClientOrgMismatch as X, ClientRuntime as Y, rotateClientIdWithBackup as Z, formatCheckReport as _, declineUpdate as a, success as at, onboardCreate as b, detectInstallMode as c, FirstTreeHubSDK as ct, startServer as d, cleanWorkspaces as dt, removeLocalAgent as et, reconcileLocalRuntimeProviders as f, probeCapabilities as ft, promptMissingFields as g, promptAddAgent as h, createExecuteUpdate as i, fail as it, checkNodeVersion as j, checkDatabase as k, fetchLatestVersion as l, SdkError as lt, isInteractive as m, configureClientLoggerForService as mt, deriveHubUrlFromToken as n, hasUser as nt, promptUpdate as o, ClientOrgMismatchError as ot, uploadClientCapabilities as p, applyClientLoggerConfig as pt, isDockerAvailable as q, registerSaaSConnectCommand as r, resolveReplyToFromEnv as rt, PACKAGE_NAME as s, ClientUserMismatchError as st, HubUrlDerivationError as t, createOwner as tt, installGlobalLatest as u, SessionRegistry as ut, loadOnboardState as v, migrateLocalAgentDirs as w, saveOnboardState as x, onboardCheck as y, installClientService as z };