@agent-team-foundation/first-tree-hub 0.11.3 → 0.11.5

package/dist/{saas-connect-gcT6Q10z.mjs → saas-connect-CO554S-V.mjs}

@@ -1,12 +1,12 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
 import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, f as messageAttrs, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-gw1ODB_o.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-D4rdqM2F.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C_K2CKXC.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as notificationQuerySchema, A as createChatSchema, B as githubDevCallbackQuerySchema, Ct as updateTaskStatusSchema, D as createAdapterConfigSchema, E as contextTreeSnapshotSchema, F as defaultRuntimeConfigPayload, G as inboxPollQuerySchema, H as imageInlineContentSchema, I as delegateFeishuUserSchema, J as joinByInvitationSchema, K as isRedactedEnvValue, L as dryRunAgentRuntimeConfigSchema, M as createMemberSchema, N as createOrgFromMeSchema, O as createAdapterMappingSchema, P as createTaskSchema, Q as messageSourceSchema$1, R as extractMentions, S as agentTypeSchema$1, St as updateOrganizationSchema, T as connectTokenExchangeSchema, U as inboxAckFrameSchema, V as githubStartQuerySchema, W as inboxDeliverFrameSchema$1, X as listMeChatsQuerySchema, Y as linkTaskChatSchema, Z as loginSchema, _ as adminCreateTaskSchema, _t as updateAgentRuntimeConfigSchema, a as AGENT_STATUSES, at as scanMentionTokens, b as agentPinnedMessageSchema$1, bt as updateClientCapabilitiesSchema, ct as sendToAgentSchema, d as TASK_HEALTH_SIGNALS, dt as sessionEventSchema$1, et as paginationQuerySchema, f as TASK_STATUSES, ft as sessionReconcileRequestSchema, g as addParticipantSchema, gt as updateAdapterConfigSchema, h as addMeChatParticipantsSchema, ht as taskListQuerySchema, i as AGENT_SOURCES, it as safeRedirectPath, j as createMeChatSchema, k as createAgentSchema, l as MENTION_REGEX, lt as sessionCompletionMessageSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as stripCode, n as AGENT_NAME_REGEX$1, nt as refreshTokenSchema, o as AGENT_TYPES, ot as selfServiceFeishuBotSchema, p as TASK_TERMINAL_STATUSES, pt as sessionStateMessageSchema, q as isReservedAgentName$1, r as AGENT_SELECTOR_HEADER$1, rt as runtimeStateMessageSchema, s as AGENT_VISIBILITY, st as sendMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as rebindAgentSchema, u as TASK_CREATOR_TYPES, ut as sessionEventMessageSchema, v as adminUpdateTaskSchema, vt as updateAgentSchema, w as clientRegisterSchema, wt as wsAuthFrameSchema, x as agentRuntimeConfigPayloadSchema$1, xt as updateMemberSchema, y as agentBindRequestSchema, yt as updateChatSchema, z as githubCallbackQuerySchema } from "./dist-BAqGZkco.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-BmyRwN0Y-Dad3eV8F.mjs";
-import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-CLdRbuml-BRtalKpQ.mjs";
+import { $ as loginSchema, A as createAgentSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateChatSchema, D as contextTreeSnapshotSchema, Dt as updateTaskStatusSchema, E as connectTokenExchangeSchema, Et as updateOrganizationSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as wsAuthFrameSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateAgentSchema, T as clientRegisterSchema, Tt as updateMemberSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionStateMessageSchema, a as AGENT_STATUSES, at as rebindAgentSchema, b as agentBindRequestSchema, bt as updateAdapterConfigSchema, ct as safeRedirectPath, d as TASK_CREATOR_TYPES, dt as sendMessageSchema, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as sendToAgentSchema, g as addMeChatParticipantsSchema, gt as sessionReconcileRequestSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionEventSchema$1, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, k as createAdapterMappingSchema, l as MENTION_REGEX, lt as scanMentionTokens, m as TASK_TERMINAL_STATUSES, mt as sessionEventMessageSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, ot as refreshTokenSchema, p as TASK_STATUSES, pt as sessionCompletionMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as runtimeStateMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as selfServiceFeishuBotSchema, v as adminCreateTaskSchema, vt as stripCode, wt as updateClientCapabilitiesSchema, x as agentPinnedMessageSchema$1, xt as updateAgentRuntimeConfigSchema, y as adminUpdateTaskSchema, yt as taskListQuerySchema, z as extractMentions } from "./dist-CfvCT4E0.mjs";
+import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
+import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-DqdGiggm-NQoGZ2vM.mjs";
 import { n as init_esm, r as trace, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Dnn5gGGX-DXryyvRG.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Bg0TRiyx-BsZH4GCS.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -16,7 +16,7 @@ import { EventEmitter } from "node:events";
 import { closeSync, copyFileSync, existsSync, mkdirSync, openSync, readFileSync, readdirSync, realpathSync, renameSync, rmSync, statSync, unlinkSync, watch, writeFileSync, writeSync } from "node:fs";
 import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import WebSocket from "ws";
-import { mkdir, readFile, readdir, stat, writeFile } from "node:fs/promises";
+import { chmod, mkdir, readFile, readdir, rm, stat, writeFile } from "node:fs/promises";
 import { parse, stringify } from "yaml";
 import { query } from "@anthropic-ai/claude-agent-sdk";
 import { execFile, execFileSync, execSync, spawn, spawnSync } from "node:child_process";
@@ -371,160 +371,6 @@ z.object({
 	connected: z.boolean(),
 	lastActiveAt: z.string().nullable()
 });
-const presenceStatusSchema = z.enum(["online", "offline"]);
-const runtimeStateSchema = z.enum([
-	"idle",
-	"working",
-	"blocked",
-	"error"
-]);
-z.enum([
-	"active",
-	"suspended",
-	"evicted"
-]);
-/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
-const clientSessionStateSchema = z.enum(["active", "suspended"]);
-z.object({
-	chatId: z.string().min(1),
-	state: clientSessionStateSchema
-});
-z.object({ runtimeState: runtimeStateSchema });
-z.object({
-	agentId: z.string().min(1),
-	runtimeType: z.string().max(50),
-	runtimeVersion: z.string().max(50).optional()
-});
-z.enum([
-	"wrong_client",
-	"not_owned",
-	"agent_suspended",
-	"wrong_org",
-	"unknown_agent",
-	"runtime_provider_mismatch"
-]);
-/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
-const AGENT_SELECTOR_HEADER = "x-agent-id";
-z.object({
-	agentId: z.string(),
-	status: presenceStatusSchema,
-	connectedAt: z.string().nullable(),
-	lastSeenAt: z.string(),
-	clientId: z.string().nullable().optional(),
-	runtimeType: z.string().nullable().optional(),
-	runtimeVersion: z.string().nullable().optional(),
-	runtimeState: runtimeStateSchema.nullable().optional(),
-	activeSessions: z.number().int().nullable().optional(),
-	totalSessions: z.number().int().nullable().optional(),
-	runtimeUpdatedAt: z.string().nullable().optional()
-});
-z.object({
-	total: z.number().int(),
-	running: z.number().int(),
-	byState: z.object({
-		idle: z.number().int(),
-		working: z.number().int(),
-		blocked: z.number().int(),
-		error: z.number().int()
-	}),
-	clients: z.number().int()
-});
-const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
-const agentTypeSchema = z.enum([
-	"human",
-	"personal_assistant",
-	"autonomous_agent"
-]);
-const agentVisibilitySchema = z.enum(["private", "organization"]);
-const agentSourceSchema = z.enum(["admin-api", "portal"]);
-z.enum(["active", "suspended"]);
-/**
-* Agent-name rules (see docs/agent-naming-design.md §3.1):
-*   - Lowercase ASCII slug, hyphens + underscores allowed.
-*   - Must start with alphanumeric: `-` / `_` as first char collide with
-*     CLI flag parsing and markdown list syntax.
-*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
-*     @-mentioned in chat. Older rows created under the previous 1–100
-*     regex are grandfathered; the tight rule only gates new creates.
-*/
-const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
-const RESERVED_AGENT_NAMES_SET = new Set([
-	"admin",
-	"agent",
-	"first-tree",
-	"hub",
-	"me",
-	"null",
-	"system",
-	"undefined"
-]);
-function isReservedAgentName(name) {
-	return RESERVED_AGENT_NAMES_SET.has(name);
-}
-z.object({
-	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
-	type: agentTypeSchema,
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).optional(),
-	organizationId: z.string().min(1).max(100).optional(),
-	source: agentSourceSchema.optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().optional(),
-	clientId: z.string().min(1).max(100).optional(),
-	runtimeProvider: runtimeProviderSchema.optional()
-});
-z.object({
-	type: agentTypeSchema.optional(),
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).nullable().optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().nullable().optional(),
-	clientId: z.string().min(1).max(100).nullable().optional()
-});
-z.object({
-	clientId: z.string().min(1).max(100),
-	runtimeProvider: runtimeProviderSchema,
-	force: z.boolean().optional()
-});
-z.object({
-	uuid: z.string(),
-	name: z.string().nullable(),
-	organizationId: z.string(),
-	type: agentTypeSchema,
-	displayName: z.string(),
-	delegateMention: z.string().nullable(),
-	inboxId: z.string(),
-	status: z.string(),
-	source: z.string().nullable().optional(),
-	visibility: agentVisibilitySchema,
-	metadata: z.record(z.string(), z.unknown()),
-	managerId: z.string().nullable(),
-	clientId: z.string().nullable(),
-	runtimeProvider: runtimeProviderSchema,
-	presenceStatus: presenceStatusSchema.optional(),
-	createdAt: z.string(),
-	updatedAt: z.string()
-});
-z.object({
-	repo: z.string().nullable(),
-	branch: z.string().nullable()
-});
-/**
-* Server → client WebSocket frame announcing that an agent has just been
-* pinned to the connected client (either created with `clientId` or bound via
-* PATCH NULL → ID). The client can auto-register a local config from this so
-* the operator doesn't have to run `first-tree-hub agent add` manually.
-*/
-const agentPinnedMessageSchema = z.object({
-	type: z.literal("agent:pinned"),
-	agentId: z.string(),
-	name: z.string().nullable(),
-	displayName: z.string(),
-	agentType: agentTypeSchema,
-	runtimeProvider: runtimeProviderSchema
-});
 /**
 * Agent runtime configuration.
 *
@@ -665,11 +511,31 @@ const agentRuntimeConfigSchema = z.object({
 	updatedAt: z.string(),
 	updatedBy: z.string()
 });
+/**
+* Write-side shape with no `.default()` per field.
+*
+* `agentRuntimeConfigPayloadShape` carries `.default()` on every field for the
+* read path (so legacy DB rows parse cleanly). On the PATCH side those defaults
+* are actively harmful: Zod 4's `.partial()` makes a field optional but keeps
+* the inner `ZodDefault`, so a body like `{ mcpServers: [...] }` parses to a
+* fully-populated patch where the omitted fields are filled with their
+* defaults — the service layer's `patch.x ?? current.x` then sees a truthy
+* default and *replaces* the user's saved value with empty. Mirroring the 5
+* fields here without defaults keeps "field absent" → `undefined` in the
+* parsed patch, which is what the merge logic expects.
+*/
+const agentRuntimeConfigPatchShape = z.object({
+	prompt: promptConfigSchema,
+	model: z.string(),
+	mcpServers: z.array(mcpServerSchema),
+	env: z.array(envEntrySchema),
+	gitRepos: z.array(gitRepoSchema)
+}).partial();
 z.object({
 	expectedVersion: z.number().int().positive(),
-	payload: agentRuntimeConfigPayloadShape.partial()
+	payload: agentRuntimeConfigPatchShape
 });
-z.object({ payload: agentRuntimeConfigPayloadShape.partial() });
+z.object({ payload: agentRuntimeConfigPatchShape });
 z.object({
 	current: agentRuntimeConfigSchema,
 	next: agentRuntimeConfigPayloadSchema,
@@ -694,6 +560,161 @@ function deriveRepoLocalPath(url) {
 	if (!trimmed) return "";
 	return ((trimmed.split(/[?#]/)[0] ?? "").split(/[/:]/).filter(Boolean).pop() ?? "").replace(/\.git$/i, "");
 }
+const presenceStatusSchema = z.enum(["online", "offline"]);
+const runtimeStateSchema = z.enum([
+	"idle",
+	"working",
+	"blocked",
+	"error"
+]);
+z.enum([
+	"active",
+	"suspended",
+	"evicted"
+]);
+/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
+const clientSessionStateSchema = z.enum(["active", "suspended"]);
+z.object({
+	chatId: z.string().min(1),
+	state: clientSessionStateSchema
+});
+z.object({ runtimeState: runtimeStateSchema });
+z.object({
+	agentId: z.string().min(1),
+	runtimeType: z.string().max(50),
+	runtimeVersion: z.string().max(50).optional()
+});
+z.enum([
+	"wrong_client",
+	"not_owned",
+	"agent_suspended",
+	"wrong_org",
+	"unknown_agent",
+	"runtime_provider_mismatch"
+]);
+/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
+const AGENT_SELECTOR_HEADER = "x-agent-id";
+z.object({
+	agentId: z.string(),
+	status: presenceStatusSchema,
+	connectedAt: z.string().nullable(),
+	lastSeenAt: z.string(),
+	clientId: z.string().nullable().optional(),
+	runtimeType: z.string().nullable().optional(),
+	runtimeVersion: z.string().nullable().optional(),
+	runtimeState: runtimeStateSchema.nullable().optional(),
+	activeSessions: z.number().int().nullable().optional(),
+	totalSessions: z.number().int().nullable().optional(),
+	runtimeUpdatedAt: z.string().nullable().optional()
+});
+z.object({
+	total: z.number().int(),
+	running: z.number().int(),
+	byState: z.object({
+		idle: z.number().int(),
+		working: z.number().int(),
+		blocked: z.number().int(),
+		error: z.number().int()
+	}),
+	clients: z.number().int()
+});
+const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
+const agentTypeSchema = z.enum([
+	"human",
+	"personal_assistant",
+	"autonomous_agent"
+]);
+const agentVisibilitySchema = z.enum(["private", "organization"]);
+const agentSourceSchema = z.enum(["admin-api", "portal"]);
+z.enum(["active", "suspended"]);
+/**
+* Agent-name rules (see docs/agent-naming-design.md §3.1):
+*   - Lowercase ASCII slug, hyphens + underscores allowed.
+*   - Must start with alphanumeric: `-` / `_` as first char collide with
+*     CLI flag parsing and markdown list syntax.
+*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
+*     @-mentioned in chat. Older rows created under the previous 1–100
+*     regex are grandfathered; the tight rule only gates new creates.
+*/
+const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
+const RESERVED_AGENT_NAMES_SET = new Set([
+	"admin",
+	"agent",
+	"first-tree",
+	"hub",
+	"me",
+	"null",
+	"system",
+	"undefined"
+]);
+function isReservedAgentName(name) {
+	return RESERVED_AGENT_NAMES_SET.has(name);
+}
+z.object({
+	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
+	type: agentTypeSchema,
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).optional(),
+	organizationId: z.string().min(1).max(100).optional(),
+	source: agentSourceSchema.optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().optional(),
+	clientId: z.string().min(1).max(100).optional(),
+	runtimeProvider: runtimeProviderSchema.optional(),
+	gitRepos: z.array(gitRepoSchema).optional()
+});
+z.object({
+	type: agentTypeSchema.optional(),
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).nullable().optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().nullable().optional(),
+	clientId: z.string().min(1).max(100).nullable().optional()
+});
+z.object({
+	clientId: z.string().min(1).max(100),
+	runtimeProvider: runtimeProviderSchema,
+	force: z.boolean().optional()
+});
+z.object({
+	uuid: z.string(),
+	name: z.string().nullable(),
+	organizationId: z.string(),
+	type: agentTypeSchema,
+	displayName: z.string(),
+	delegateMention: z.string().nullable(),
+	inboxId: z.string(),
+	status: z.string(),
+	source: z.string().nullable().optional(),
+	visibility: agentVisibilitySchema,
+	metadata: z.record(z.string(), z.unknown()),
+	managerId: z.string().nullable(),
+	clientId: z.string().nullable(),
+	runtimeProvider: runtimeProviderSchema,
+	presenceStatus: presenceStatusSchema.optional(),
+	createdAt: z.string(),
+	updatedAt: z.string()
+});
+z.object({
+	repo: z.string().nullable(),
+	branch: z.string().nullable()
+});
+/**
+* Server → client WebSocket frame announcing that an agent has just been
+* pinned to the connected client (either created with `clientId` or bound via
+* PATCH NULL → ID). The client can auto-register a local config from this so
+* the operator doesn't have to run `first-tree-hub agent add` manually.
+*/
+const agentPinnedMessageSchema = z.object({
+	type: z.literal("agent:pinned"),
+	agentId: z.string(),
+	name: z.string().nullable(),
+	displayName: z.string(),
+	agentType: agentTypeSchema,
+	runtimeProvider: runtimeProviderSchema
+});
 z.object({
 	username: z.string().min(1),
 	password: z.string().min(1)
@@ -1217,6 +1238,37 @@ z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/),
 	displayName: z.string().min(1).max(200)
 });
+z.object({ dismissed: z.boolean().optional() });
+/**
+* Body for `POST /me/onboarding/events`. The web SPA reports key
+* milestones so the server can log them as a single funnel-trackable
+* stream alongside server-emitted events (`team_created`, `dismissed`).
+*
+* Server emits:
+*   - `team_created`           — at OAuth callback when joinPath === "solo"
+*   - `dismissed`              — when PATCH /me/onboarding flips dismissed
+*
+* Web reports:
+*   - `team_renamed`           — Step 1 user changed the auto-named team
+*   - `agent_created`          — Step 2 successfully created the agent
+*   - `tree_chat_started`      — Step 3 [Yes, set it up] succeeded
+*   - `tree_intro_dismissed`   — Step 3 [I'll do it later] clicked
+*/
+const onboardingEventNameSchema = z.enum([
+	"team_renamed",
+	"agent_created",
+	"tree_chat_started",
+	"tree_intro_dismissed"
+]);
+z.object({
+	event: onboardingEventNameSchema,
+	attrs: z.record(z.string(), z.union([
+		z.string(),
+		z.number(),
+		z.boolean(),
+		z.null()
+	])).optional()
+});
 z.object({
 	id: z.string(),
 	organizationId: z.string(),
@@ -1285,13 +1337,78 @@ z.object({
 	code: z.string().min(1),
 	state: z.string().min(1)
 });
-z.object({
-	githubId: z.string().min(1),
-	login: z.string().min(1),
-	email: z.string().email().optional(),
-	displayName: z.string().optional(),
-	next: z.string().max(256).optional()
+z.object({
+	githubId: z.string().min(1),
+	login: z.string().min(1),
+	email: z.string().email().optional(),
+	displayName: z.string().optional(),
+	next: z.string().max(256).optional()
+});
+/**
+* Per-organization settings — schemas, namespaces, and the registry that
+* dispatches `(orgId, namespace)` lookups to the right validator.
+*
+* Each namespace has three schemas:
+*   - `storage` — what is persisted in `organization_settings.value`. For
+*     namespaces with secrets, the storage schema names the *cipher* field
+*     (e.g. `webhookSecretCipher`); plaintext never touches the row.
+*   - `input`   — what the admin API accepts in PUT bodies. For namespaces
+*     with secrets, `webhookSecret` is plaintext; the service layer
+*     encrypts it before merging into storage.
+*   - `output`  — what GET returns. Secrets are replaced by a boolean
+*     `…Configured` flag — plaintext is never echoed.
+*
+* Adding a new per-org config group:
+*   1. Define three schemas (storage / input / output).
+*   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
+*   3. Done. No DB migration, no new API route.
+*/
+const orgContextTreeRepoUrlSchema = z.string().url().refine((value) => {
+	try {
+		return new URL(value).protocol === "https:";
+	} catch {
+		return false;
+	}
+}, { message: "Context Tree repo URL must use HTTPS." }).refine((value) => {
+	try {
+		const url = new URL(value);
+		return url.username.length === 0 && url.password.length === 0;
+	} catch {
+		return false;
+	}
+}, { message: "Context Tree repo URL must not include credentials." });
+const orgContextTreeStorageSchema = z.object({
+	repo: orgContextTreeRepoUrlSchema.optional(),
+	branch: z.string().default("main")
+});
+const orgContextTreeInputSchema = z.object({
+	repo: orgContextTreeRepoUrlSchema.nullish(),
+	branch: z.string().min(1).nullish()
+});
+const orgContextTreeOutputSchema = z.object({
+	repo: z.string().optional(),
+	branch: z.string().optional()
 });
+const orgGithubIntegrationStorageSchema = z.object({ webhookSecretCipher: z.string().optional() });
+const orgGithubIntegrationInputSchema = z.object({ webhookSecret: z.string().min(1).nullish() });
+const orgGithubIntegrationOutputSchema = z.object({
+	webhookSecretConfigured: z.boolean(),
+	webhookUrl: z.string()
+});
+const ORG_SETTINGS_NAMESPACES = {
+	context_tree: {
+		storage: orgContextTreeStorageSchema,
+		input: orgContextTreeInputSchema,
+		output: orgContextTreeOutputSchema
+	},
+	github_integration: {
+		storage: orgGithubIntegrationStorageSchema,
+		input: orgGithubIntegrationInputSchema,
+		output: orgGithubIntegrationOutputSchema
+	}
+};
+const ORG_SETTINGS_NAMESPACE_KEYS = Object.keys(ORG_SETTINGS_NAMESPACES);
+z.enum(ORG_SETTINGS_NAMESPACE_KEYS);
 const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/, "Must start with a letter or digit and contain only lowercase alphanumeric and hyphens").refine((v) => !UUID_PATTERN.test(v), "Name must not be a UUID format"),
@@ -1684,21 +1801,13 @@ defineConfig({
 		refreshTokenExpiry: field(z.string().default("30d"), { env: "FIRST_TREE_HUB_AUTH_REFRESH_TOKEN_EXPIRY" }),
 		connectTokenExpiry: field(z.string().default("10m"), { env: "FIRST_TREE_HUB_AUTH_CONNECT_TOKEN_EXPIRY" })
 	},
-	contextTree: optional({
-		repo: field(z.string().optional(), {
-			env: "FIRST_TREE_HUB_CONTEXT_TREE_REPO",
-			prompt: { message: "Context Tree repo URL (e.g. https://github.com/org/first-tree):" }
-		}),
-		localPath: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_PATH" }),
-		branch: field(z.string().default("main"))
-	}),
-	github: {
-		webhookSecret: field(z.string().optional(), {
-			env: "FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET",
+	contextTreeSync: optional({
+		githubToken: field(z.string(), {
+			env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN",
 			secret: true
 		}),
-		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
-	},
+		githubTokenRepos: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN_REPOS" })
+	}),
 	oauth: optional({ github: optional({
 		clientId: field(z.string(), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_ID" }),
 		clientSecret: field(z.string(), {
@@ -7820,6 +7929,12 @@ function printResults(results) {
 }
 //#endregion
 //#region src/core/migrate.ts
+function sslOptions$1(url) {
+	try {
+		if (new URL(url).hostname.endsWith(".rds.amazonaws.com")) return { ssl: { rejectUnauthorized: false } };
+	} catch {}
+	return {};
+}
 /**
 * Resolve the drizzle migrations directory.
 * 1. npm install: embedded at dist/drizzle/ (relative to the built CLI)
@@ -7853,14 +7968,21 @@ function validateJournalOrder(migrationsFolder) {
 async function runMigrations(databaseUrl) {
 	const migrationsFolder = resolveMigrationsFolder();
 	validateJournalOrder(migrationsFolder);
-	const client = postgres(databaseUrl, { max: 1 });
+	const ssl = sslOptions$1(databaseUrl);
+	const client = postgres(databaseUrl, {
+		max: 1,
+		...ssl
+	});
 	const db = drizzle(client);
 	try {
 		await migrate(db, { migrationsFolder });
 	} finally {
 		await client.end();
 	}
-	const countClient = postgres(databaseUrl, { max: 1 });
+	const countClient = postgres(databaseUrl, {
+		max: 1,
+		...ssl
+	});
 	try {
 		return (await countClient`
       SELECT count(*)::int AS count
@@ -8254,7 +8376,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-Th_-ivJ7.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-DbSvp9UH.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9467,7 +9589,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-EvpSNDM6.mjs
+//#region ../server/dist/app--DB1keQE.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -10977,29 +11099,33 @@ async function createAgent(db, data, options = {}) {
 	}
 	const resolvedDisplayName = data.displayName?.trim() || name || "Unnamed Agent";
 	try {
-		const [agent] = await db.insert(agents).values({
-			uuid,
-			name,
-			organizationId: orgId,
-			type: data.type,
-			displayName: resolvedDisplayName,
-			delegateMention: data.delegateMention ?? null,
-			inboxId,
-			source: data.source ?? null,
-			visibility: data.visibility ?? defaultVisibility(data.type),
-			metadata: data.metadata ?? {},
-			managerId,
-			clientId,
-			runtimeProvider
-		}).returning();
-		if (!agent) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		await db.insert(agentConfigs).values({
-			agentId: agent.uuid,
-			version: 1,
-			payload: defaultRuntimeConfigPayload(runtimeProvider),
-			updatedBy: "system"
-		}).onConflictDoNothing();
-		return agent;
+		return await db.transaction(async (tx) => {
+			const [row] = await tx.insert(agents).values({
+				uuid,
+				name,
+				organizationId: orgId,
+				type: data.type,
+				displayName: resolvedDisplayName,
+				delegateMention: data.delegateMention ?? null,
+				inboxId,
+				source: data.source ?? null,
+				visibility: data.visibility ?? defaultVisibility(data.type),
+				metadata: data.metadata ?? {},
+				managerId,
+				clientId,
+				runtimeProvider
+			}).returning();
+			if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
+			const initialPayload = defaultRuntimeConfigPayload(runtimeProvider);
+			if (data.gitRepos && data.gitRepos.length > 0) initialPayload.gitRepos = data.gitRepos;
+			await tx.insert(agentConfigs).values({
+				agentId: row.uuid,
+				version: 1,
+				payload: initialPayload,
+				updatedBy: "system"
+			}).onConflictDoNothing();
+			return row;
+		});
 	} catch (err) {
 		if ((err?.code ?? err?.cause?.code ?? "") === "23505" && name) throw new ConflictError(`Agent name "${name}" already exists in organization "${orgId}"`);
 		throw err;
@@ -14655,11 +14781,21 @@ const authIdentities = pgTable("auth_identities", {
 * treats it as a plain string and rejects every password — that's the
 * intended behaviour: SaaS users cannot fall back to password login.
 */
-async function findOrCreateUserFromGithub(db, profile) {
-	const [existing] = await db.select({ userId: authIdentities.userId }).from(authIdentities).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId))).limit(1);
+async function findOrCreateUserFromGithub(db, profile, opts = {}) {
+	const [existing] = await db.select({
+		userId: authIdentities.userId,
+		metadata: authIdentities.metadata
+	}).from(authIdentities).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId))).limit(1);
 	if (existing) {
-		if (profile.email) await db.update(authIdentities).set({
-			email: profile.email,
+		const patch = {};
+		if (profile.email) patch.email = profile.email;
+		if (opts.encryptedAccessToken) patch.metadata = {
+			...existing.metadata ?? {},
+			accessToken: opts.encryptedAccessToken,
+			login: profile.login
+		};
+		if (Object.keys(patch).length > 0) await db.update(authIdentities).set({
+			...patch,
 			updatedAt: /* @__PURE__ */ new Date()
 		}).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId)));
 		return { userId: existing.userId };
@@ -14675,6 +14811,8 @@ async function findOrCreateUserFromGithub(db, profile) {
 			displayName: profile.displayName?.trim() || profile.login,
 			avatarUrl: profile.avatarUrl ?? null
 		});
+		const metadata = { login: profile.login };
+		if (opts.encryptedAccessToken) metadata.accessToken = opts.encryptedAccessToken;
 		await tx.insert(authIdentities).values({
 			id: uuidv7(),
 			userId,
@@ -14682,7 +14820,7 @@ async function findOrCreateUserFromGithub(db, profile) {
 			identifier: profile.githubId,
 			email: profile.email,
 			verifiedAt: /* @__PURE__ */ new Date(),
-			metadata: { login: profile.login }
+			metadata
 		});
 	});
 	return { userId };
@@ -14764,13 +14902,57 @@ async function exchangeCodeForProfile(config, code, redirectUri, opts = {}) {
 		}
 	}
 	return {
-		githubId: String(user.id),
-		login: user.login,
-		email,
-		displayName: user.name ?? null,
-		avatarUrl: user.avatar_url ?? null
+		profile: {
+			githubId: String(user.id),
+			login: user.login,
+			email,
+			displayName: user.name ?? null,
+			avatarUrl: user.avatar_url ?? null
+		},
+		accessToken: tokenJson.access_token
 	};
 }
+/**
+* Thrown when GitHub's API returns a non-2xx for a token-scoped call.
+* Carries the HTTP status so callers can distinguish auth failures (401 /
+* 403 — typically a stale token or a missing scope after we expanded to
+* `repo`) from transient upstream errors.
+*/
+var GithubApiError = class extends Error {
+	constructor(status, message) {
+		super(message);
+		this.status = status;
+		this.name = "GithubApiError";
+	}
+};
+/**
+* Fetch the authenticated user's accessible repositories. Used by the
+* Step 2 repo picker. Walks paginated GitHub API responses up to the cap.
+*/
+async function listUserRepos(accessToken, opts = {}) {
+	const fetcher = opts.fetcher ?? fetch;
+	const perPage = opts.perPage ?? 100;
+	const maxPages = opts.maxPages ?? 3;
+	const out = [];
+	for (let page = 1; page <= maxPages; page++) {
+		const res = await fetcher(`https://api.github.com/user/repos?affiliation=owner,collaborator,organization_member&sort=pushed&per_page=${perPage}&page=${page}`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/vnd.github+json"
+		} });
+		if (!res.ok) throw new GithubApiError(res.status, `GitHub repo list failed (${res.status})`);
+		const rows = await res.json();
+		for (const r of rows) out.push({
+			fullName: r.full_name,
+			cloneUrl: r.clone_url,
+			htmlUrl: r.html_url,
+			private: r.private,
+			defaultBranch: r.default_branch ?? null,
+			pushedAt: r.pushed_at ?? null
+		});
+		if (rows.length < perPage) break;
+	}
+	return out;
+}
 /** Insert (or reactivate) a `members` row for `userId` in `organizationId`. */
 async function ensureMembership(db, data) {
 	const [existing] = await db.select().from(members).where(and(eq(members.userId, data.userId), eq(members.organizationId, data.organizationId))).limit(1);
@@ -14823,14 +15005,15 @@ function sanitizeAgentName(login) {
 *   - First try: `${login}` (lowercased, sanitized)
 *   - On collision: append a 4-char hex disambiguator
 *
-* Display name is the user's GitHub real name (or login as fallback). No
-* "Personal Team" suffix — the user might invite teammates later, and we
-* don't want a label that reads like a private sandbox to be the team name
-* other members see. Users rename freely via Settings.
+* Default team display name is `${login}'s team` (set by the caller — see
+* docs/new-user-onboarding-design.md §5.5). Reads as "this is a collective
+* space" from day one so a later teammate-invite doesn't surface a label
+* that looks like a private sandbox. Users can rename via Step 1 of the
+* onboarding flow or Settings.
 */
 async function createPersonalTeam(db, input) {
 	const baseSlug = sanitizeOrgSlug(input.loginSeed);
-	const displayName = input.userDisplayName;
+	const displayName = input.teamDisplayName;
 	const orgId = uuidv7();
 	return {
 		organizationId: orgId,
@@ -15087,7 +15270,7 @@ async function githubOauthRoutes(app) {
 			client_id: oauthCfg.clientId,
 			redirect_uri: redirectUri,
 			state: token,
-			scope: "read:user user:email",
+			scope: "read:user user:email repo",
 			allow_signup: "true"
 		});
 		return reply.redirect(`https://github.com/login/oauth/authorize?${params}`, 302);
@@ -15111,17 +15294,20 @@ async function githubOauthRoutes(app) {
 		}));
 		const redirectUri = `${resolvePublicUrl(app, request)}/api/v1/auth/github/callback`;
 		let profile;
+		let accessToken;
 		try {
-			profile = await exchangeCodeForProfile({
+			const result = await exchangeCodeForProfile({
 				clientId: oauthCfg.clientId,
 				clientSecret: oauthCfg.clientSecret
 			}, code, redirectUri);
+			profile = result.profile;
+			accessToken = result.accessToken;
 		} catch (err) {
 			const msg = err instanceof Error ? err.message : "GitHub exchange failed";
 			app.log.warn({ err }, "github oauth code exchange failed");
 			return reply.status(401).send({ error: msg });
 		}
-		return completeOauthFlow(app, request, reply, profile, next);
+		return completeOauthFlow(app, request, reply, profile, next, accessToken);
 	});
 	app.get("/dev-callback", async (request, reply) => {
 		if (process.env.NODE_ENV === "production") return reply.status(404).send({ error: "Not found" });
@@ -15133,11 +15319,12 @@ async function githubOauthRoutes(app) {
 			email: params.email ?? null,
 			displayName: params.displayName ?? params.login,
 			avatarUrl: null
-		}, next);
+		}, next, process.env.DEV_GITHUB_PAT?.trim() || null);
 	});
 }
-async function completeOauthFlow(app, request, reply, profile, next) {
-	const { userId } = await findOrCreateUserFromGithub(app.db, profile);
+async function completeOauthFlow(app, request, reply, profile, next, rawAccessToken) {
+	const encryptedAccessToken = rawAccessToken ? encryptValue(rawAccessToken, app.config.secrets.encryptionKey) : void 0;
+	const { userId } = await findOrCreateUserFromGithub(app.db, profile, { encryptedAccessToken });
 	let joinPath = "returning";
 	const inviteMatch = /^\/invite\/([^/?#]+)/.exec(next);
 	let resolved = false;
@@ -15163,14 +15350,21 @@ async function completeOauthFlow(app, request, reply, profile, next) {
 		next = "/";
 	} else if (await pickPrimaryMembership(app.db, userId)) resolved = true;
 	else {
-		await createPersonalTeam(app.db, {
+		const personal = await createPersonalTeam(app.db, {
 			userId,
 			loginSeed: profile.login,
+			teamDisplayName: `${profile.login}'s team`,
 			userDisplayName: profile.displayName?.trim() || profile.login
 		});
 		joinPath = "solo";
 		resolved = true;
 		next = "/";
+		app.log.info({
+			event: "onboarding.team_created",
+			userId,
+			organizationId: personal.organizationId,
+			source: "oauth-bootstrap"
+		}, "onboarding funnel: team auto-created at OAuth bootstrap");
 	}
 	if (!resolved) return reply.status(500).send({ error: "Failed to resolve membership" });
 	const tokens = await signTokensForUser(app.config.secrets.jwtSecret, userId, app.config.auth);
@@ -15218,10 +15412,18 @@ async function authRoutes(app) {
 		return reply.send(result);
 	});
 }
-async function bootstrapConfigRoutes(app) {
-	/** Public endpoint — returns bootstrap prerequisites for CLI auto-discovery. */
-	app.get("/config", async () => {
-		return { allowedOrg: app.config.github.allowedOrg ?? null };
+async function bootstrapConfigRoutes(_app) {
+	/**
+	* Public endpoint — returns bootstrap prerequisites for CLI auto-discovery.
+	*
+	* `allowedOrg` used to surface here from the global `github.allowedOrg`
+	* config; it is now a per-org setting (see issue #255). A public bootstrap
+	* endpoint can't resolve an org without a caller, so the field is
+	* surfaced as `null` and consumers should fetch the per-org value via
+	* `/api/v1/orgs/:orgId/settings/github_integration` after auth.
+	*/
+	_app.get("/config", async () => {
+		return { allowedOrg: null };
 	});
 }
 /** Extract a plain-text summary from a message's JSONB content field.
@@ -15990,12 +16192,212 @@ async function clientRoutes(app) {
 		});
 	});
 }
+/**
+* Per-organization settings, keyed by `(organization_id, namespace)`.
+*
+* One row holds an entire group of related config as a JSONB blob — schema
+* for each namespace lives in `@agent-team-foundation/first-tree-hub-shared`
+* (`ORG_SETTINGS_NAMESPACES`) and is enforced by the service layer on every
+* read/write. Adding a new config group means registering a new namespace +
+* Zod schema in shared; the DB does not change.
+*
+* `version` is reserved for future optimistic locking (PUT with If-Match)
+* and is currently set unconditionally. We keep it on the table from day
+* one so tightening to compare-and-swap later is a code-only change.
+*
+* Sensitive fields inside `value` (e.g. `github_integration.webhookSecret`)
+* are AES-256-GCM-encrypted at the service layer using `crypto.ts`'s
+* `encryptValue` / `decryptValue` — same pattern as `adapter_configs`.
+*/
+const organizationSettings = pgTable("organization_settings", {
+	organizationId: text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+	namespace: text("namespace").notNull(),
+	value: jsonb("value").$type().notNull().default({}),
+	version: integer("version").notNull().default(0),
+	updatedBy: text("updated_by").references(() => users.id, { onDelete: "set null" }),
+	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
+}, (table) => [primaryKey({ columns: [table.organizationId, table.namespace] }), index("idx_org_settings_namespace").on(table.namespace)]);
+/**
+* Per-organization settings, keyed by `(organizationId, namespace)`. The
+* registry of valid namespaces and their storage / input / output schemas
+* lives in `@agent-team-foundation/first-tree-hub-shared`.
+*
+* Read path:  storage row → decrypt secrets → output (mask)
+* Write path: input → validate → encrypt secrets → merge with current storage → upsert (in tx)
+*
+* The generic getter returns the masked output. Callers needing plaintext
+* for a specific secret use a purpose-built helper (e.g.
+* `getDecryptedGithubWebhookSecret`) rather than the generic storage shape
+* — this avoids a `…Cipher` field name silently holding plaintext at
+* call-sites and limits secret exposure to one explicit code path per
+* secret. (#4)
+*/
+function assertNamespace(ns) {
+	if (!isOrgSettingNamespace(ns)) throw new BadRequestError(`Unknown organization-settings namespace: "${ns}"`);
+}
+async function fetchStorageRow(db, orgId, namespace) {
+	const [row] = await db.select({ value: organizationSettings.value }).from(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace))).limit(1);
+	if (!row) return null;
+	return ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse(row.value);
+}
+function emptyStorage(namespace) {
+	return ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse({});
+}
+function ensureEncrypted(value, encryptionKey) {
+	return isEncryptedValue(value) ? value : encryptValue(value, encryptionKey);
+}
+/**
+* Merge a validated input into the current storage row for a namespace.
+* Secret fields are encrypted here.
+*
+* Input semantics per nullish field:
+*   `undefined` → unchanged
+*   `null`      → cleared
+*   value       → set / replace (already validated as non-empty by the input schema)
+*/
+function applyInputDelta(namespace, current, input, encryptionKey) {
+	if (namespace === "context_tree") {
+		const cur = current;
+		const inp = input;
+		return {
+			repo: inp.repo === void 0 ? cur.repo : inp.repo ?? void 0,
+			branch: inp.branch === void 0 ? cur.branch : inp.branch ?? "main"
+		};
+	}
+	if (namespace === "github_integration") {
+		const cur = current;
+		const inp = input;
+		return { webhookSecretCipher: inp.webhookSecret === void 0 ? cur.webhookSecretCipher : inp.webhookSecret === null ? void 0 : ensureEncrypted(inp.webhookSecret, encryptionKey) };
+	}
+	return namespace;
+}
+/**
+* Project the storage row into the API output for a namespace, masking
+* any secret fields. `webhookUrl` for `github_integration` is left as an
+* empty string here — the route layer enriches it with the resolved
+* `server.publicUrl` (the service stays config-agnostic).
+*/
+function toOutput(namespace, storage) {
+	if (namespace === "context_tree") {
+		const s = storage;
+		return {
+			repo: s.repo,
+			branch: s.branch
+		};
+	}
+	if (namespace === "github_integration") {
+		const s = storage;
+		return {
+			webhookSecretConfigured: typeof s.webhookSecretCipher === "string" && s.webhookSecretCipher.length > 0,
+			webhookUrl: ""
+		};
+	}
+	return namespace;
+}
+/**
+* Read a setting masked for the API. Missing rows → namespace defaults
+* (parse `{}` against the storage schema).
+*/
+async function getOrgSetting(db, orgId, namespace) {
+	assertNamespace(namespace);
+	return toOutput(namespace, await fetchStorageRow(db, orgId, namespace) ?? emptyStorage(namespace));
+}
+/**
+* Read the per-org Context Tree binding for server-internal consumers
+* (`/context-tree/info`, snapshot service). No secrets in this namespace,
+* so the storage shape is safe to expose directly. Missing row → defaults.
+*/
+async function getOrgContextTree(db, orgId) {
+	return await fetchStorageRow(db, orgId, "context_tree") ?? emptyStorage("context_tree");
+}
+/**
+* Decrypt and return the plaintext GitHub webhook secret for an org.
+* Returns `null` when the org has not configured one. The only intended
+* caller is the webhook route's signature verifier — the result must
+* never leak through HTTP responses or logs. (#4)
+*/
+async function getDecryptedGithubWebhookSecret(db, orgId, encryptionKey) {
+	const cipher = (await fetchStorageRow(db, orgId, "github_integration"))?.webhookSecretCipher;
+	if (!cipher) return null;
+	return isEncryptedValue(cipher) ? decryptValue(cipher, encryptionKey) : cipher;
+}
+/**
+* Upsert a setting. Returns the masked output of the resulting row.
+*
+* The fetch + merge + upsert sequence runs inside a single transaction so
+* two concurrent admin writes can't both base their delta on the same
+* pre-image and silently lose each other's fields. Optimistic locking
+* (the `version` column) remains reserved for a future If-Match flip.
+* (#6)
+*/
+async function putOrgSetting(db, orgId, namespace, rawInput, options) {
+	assertNamespace(namespace);
+	const input = ORG_SETTINGS_NAMESPACES$1[namespace].input.parse(rawInput);
+	return db.transaction(async (tx) => {
+		const txDb = tx;
+		const [org] = await txDb.select({ id: organizations.id }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
+		if (!org) throw new NotFoundError(`Organization "${orgId}" not found`);
+		const merged = applyInputDelta(namespace, await fetchStorageRow(txDb, orgId, namespace) ?? emptyStorage(namespace), input, options.encryptionKey);
+		const validated = ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse(merged);
+		await tx.insert(organizationSettings).values({
+			organizationId: orgId,
+			namespace,
+			value: validated,
+			version: 1,
+			updatedBy: options.updatedBy,
+			updatedAt: /* @__PURE__ */ new Date()
+		}).onConflictDoUpdate({
+			target: [organizationSettings.organizationId, organizationSettings.namespace],
+			set: {
+				value: validated,
+				version: sql`${organizationSettings.version} + 1`,
+				updatedBy: options.updatedBy,
+				updatedAt: /* @__PURE__ */ new Date()
+			}
+		});
+		return toOutput(namespace, validated);
+	});
+}
+/**
+* Delete a namespace row; subsequent GETs return defaults.
+*/
+async function deleteOrgSetting(db, orgId, namespace) {
+	assertNamespace(namespace);
+	await db.delete(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace)));
+}
+/**
+* Resolve the caller's "primary org" — the earliest-joined active
+* membership for the given user. Used by user-scoped routes that
+* historically didn't take an `:orgId` (e.g. `/context-tree/info`) so
+* the SDK call shape doesn't have to change while the per-tenant lookup
+* still happens correctly.
+*
+* Returns `null` for users with no active membership. Tightening to
+* "explicit org selector" is a future change-once-multi-org-clients-arrive
+* concern. (#7)
+*/
+async function resolveUserPrimaryOrgId(db, userId) {
+	const [row] = await db.select({ organizationId: members.organizationId }).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))).orderBy(asc(members.createdAt)).limit(1);
+	return row?.organizationId ?? null;
+}
 async function contextTreeInfoRoutes(app) {
-	/** Public endpoint — returns Context Tree repo metadata for CLI auto-discovery. */
-	app.get("/info", async () => {
+	/**
+	* Class A — `/api/v1/context-tree/info`. Returns the caller's
+	* organization-scoped Context Tree binding for CLI auto-discovery.
+	* Responds with `{ repo: null, branch: null }` when the user is not in
+	* any org or the org hasn't configured a tree yet.
+	*/
+	app.get("/info", async (request) => {
+		const { userId } = requireUser(request);
+		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
+		if (!orgId) return {
+			repo: null,
+			branch: null
+		};
+		const tree = await getOrgContextTree(app.db, orgId);
 		return {
-			repo: app.config.contextTree?.repo ?? null,
-			branch: app.config.contextTree?.branch ?? null
+			repo: tree.repo ?? null,
+			branch: tree.branch ?? null
 		};
 	});
 }
@@ -16008,8 +16410,11 @@ const MAX_MARKDOWN_FILES = 1e3;
 const MAX_MARKDOWN_FILE_BYTES = 512 * 1024;
 const SNAPSHOT_CACHE_TTL_MS = 3e4;
 const GIT_TIMEOUT_MS = 5e3;
+const GIT_SYNC_TIMEOUT_MS = 12e4;
 const GIT_MAX_BUFFER = 10 * 1024 * 1024;
 const GIT_LOG_RECORD_SEPARATOR = "";
+const REMOTE_SYNC_TTL_MS = 6e4;
+const REMOTE_FAILURE_TTL_MS = 3e4;
 const CONTEXT_TREE_SNAPSHOT_WINDOWS = {
 	ONE_DAY: "1d",
 	SEVEN_DAYS: "7d",
@@ -16021,10 +16426,14 @@ const WINDOW_DAYS = {
 	"30d": 30
 };
 const snapshotCache = /* @__PURE__ */ new Map();
-async function getContextTreeSnapshot(config, window = CONTEXT_TREE_SNAPSHOT_WINDOWS.SEVEN_DAYS) {
-	const repo = config.contextTree?.repo ?? null;
-	const branch = config.contextTree?.branch ?? null;
-	const resolved = resolveContextTreeRoot(repo, config.contextTree?.localPath);
+const remoteSyncPromises = /* @__PURE__ */ new Map();
+const remoteLastSyncedAt = /* @__PURE__ */ new Map();
+const remoteLastSyncWarnings = /* @__PURE__ */ new Map();
+const remoteLastFailures = /* @__PURE__ */ new Map();
+async function getContextTreeSnapshot(binding, window = CONTEXT_TREE_SNAPSHOT_WINDOWS.SEVEN_DAYS) {
+	const repo = binding.repo ?? null;
+	const branch = binding.branch ?? null;
+	const resolved = await resolveContextTreeRoot(repo, binding.localPath, branch, binding.githubToken);
 	if (!resolved.root) return unavailableSnapshot(repo, branch, resolved.reason);
 	const now = (/* @__PURE__ */ new Date()).toISOString();
 	try {
@@ -16034,14 +16443,13 @@ async function getContextTreeSnapshot(config, window = CONTEXT_TREE_SNAPSHOT_WIN
 			"--abbrev-ref",
 			"HEAD"
 		]);
-		if (branch && actualBranch && actualBranch !== branch) return unavailableSnapshot(repo, actualBranch, `Context Tree checkout is on branch "${actualBranch}", but server config expects "${branch}".`);
+		if (branch && actualBranch && actualBranch !== branch) return unavailableSnapshot(repo, actualBranch, `Context Tree checkout is on branch "${actualBranch}", but the configured Context Tree branch is "${branch}".`);
 		const comparisonBaseCommit = await comparisonBaseForWindow(resolved.root, window);
 		const cacheKey = snapshotCacheKey(resolved.root, actualBranch ?? branch, headCommit, comparisonBaseCommit, window);
 		const cached = snapshotCache.get(cacheKey);
-		if (cached && cached.expiresAt > Date.now()) return {
-			...cached.snapshot,
-			syncedAt: now
-		};
+		if (cached && cached.expiresAt > Date.now()) {
+			if (!(cached.snapshot.snapshotStatus === "stale" && !resolved.staleReason)) return withSnapshotStatus(cached.snapshot, now, statusWarningFromResolved(resolved.staleReason, null));
+		}
 		const tree = buildTree(await readMarkdownFiles(resolved.root));
 		const diffResult = comparisonBaseCommit ? await readDiffEntries(resolved.root, comparisonBaseCommit, headCommit) : {
 			entries: [],
@@ -16051,18 +16459,14 @@ async function getContextTreeSnapshot(config, window = CONTEXT_TREE_SNAPSHOT_WIN
 		const nodesWithGhosts = addRemovedGhostNodes(applyChangesToNodes(tree.nodes, changes), changes);
 		const summary = summarizeChanges(changes);
 		const updates = buildUpdates(changes, nodesWithGhosts);
-		const statusWarning = contextStatusWarning(diffResult.truncated);
+		const statusWarning = statusWarningFromResolved(resolved.staleReason, diffResult.truncated);
 		const snapshot = {
 			repo,
 			branch: actualBranch ?? branch,
 			headCommit,
 			syncedAt: now,
-			snapshotStatus: "active",
-			contextStatus: {
-				label: statusWarning ? "Team context needs attention" : "Team context is current",
-				detail: statusWarning ?? "Agents have a synced team context snapshot available.",
-				severity: statusWarning ? "warning" : "ok"
-			},
+			snapshotStatus: statusWarning?.stale ? "stale" : "active",
+			contextStatus: contextStatus(statusWarning),
 			summary,
 			updates,
 			nodes: nodesWithGhosts,
@@ -16087,31 +16491,249 @@ function snapshotCacheKey(root, branch, headCommit, comparisonBase, window) {
 		window
 	].join(":");
 }
-function contextStatusWarning(truncated) {
-	if (truncated) return `Showing the first ${MAX_DIFF_ENTRIES} changed files.`;
+function statusWarningFromResolved(staleReason, truncated) {
+	if (staleReason) return {
+		detail: `${staleReason}${truncated ? ` Showing the first ${MAX_DIFF_ENTRIES} changed files.` : ""}`,
+		stale: true
+	};
+	if (truncated) return {
+		detail: `Showing the first ${MAX_DIFF_ENTRIES} changed files.`,
+		stale: false
+	};
 	return null;
 }
-function resolveContextTreeRoot(repo, localPath) {
-	const candidate = localPath && localPath.trim().length > 0 ? localPath : repo;
-	if (!candidate) return {
+async function resolveContextTreeRoot(repo, localPath, branch, githubToken) {
+	if (localPath && localPath.trim().length > 0) {
+		const root = resolveLocalPath(localPath);
+		if (existsSync(root)) return {
+			root,
+			reason: "ok",
+			staleReason: null
+		};
+		return {
+			root: null,
+			reason: `Context Tree checkout not found at ${root}.`,
+			staleReason: null
+		};
+	}
+	if (!repo) return {
 		root: null,
-		reason: "Context Tree is not configured."
+		reason: "Context Tree is not configured.",
+		staleReason: null
 	};
-	const normalized = candidate.startsWith("file://") ? candidate.slice(7) : candidate;
-	const root = isAbsolute(normalized) ? normalize(normalized) : resolve(process.cwd(), normalized);
+	if (isRemoteRepo(repo)) {
+		const resolvedBranch = branch ?? "main";
+		if (!isSafeBranchName(resolvedBranch)) return {
+			root: null,
+			reason: `Configured Context Tree branch "${resolvedBranch}" is invalid.`,
+			staleReason: null
+		};
+		try {
+			const materialized = await materializeRemoteContextTree(repo, resolvedBranch, void 0, githubToken);
+			return {
+				root: materialized.root,
+				reason: "ok",
+				staleReason: materialized.staleReason
+			};
+		} catch (error) {
+			return {
+				root: null,
+				reason: `Hub could not sync the configured Context Tree repo. Check repo access and branch "${resolvedBranch}". ${errorMessage(error)}`,
+				staleReason: null
+			};
+		}
+	}
+	const root = resolveLocalPath(repo);
 	if (existsSync(root)) return {
 		root,
-		reason: "ok"
+		reason: "ok",
+		staleReason: null
 	};
-	if (/^https?:\/\//.test(normalized) || /^[^/]+\/[^/]+$/.test(normalized)) return {
+	return {
 		root: null,
-		reason: "Context Tree repo is configured as a remote URL. Set FIRST_TREE_HUB_CONTEXT_TREE_PATH to a readable local checkout for this version."
+		reason: `Context Tree checkout not found at ${root}.`,
+		staleReason: null
+	};
+}
+function resolveLocalPath(value) {
+	const normalized = value.startsWith("file://") ? value.slice(7) : value;
+	return isAbsolute(normalized) ? normalize(normalized) : resolve(process.cwd(), normalized);
+}
+function isRemoteRepo(value) {
+	return /^https?:\/\//.test(value) || /^file:\/\//.test(value) || /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/.test(value);
+}
+function normalizeRemoteRepoUrl(value) {
+	if (/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/.test(value)) return `https://github.com/${value}`;
+	return value;
+}
+function managedContextTreeCacheRoot() {
+	return join(DEFAULT_DATA_DIR$1, "context-tree-repos");
+}
+function managedContextTreePath(repoUrl, branch, cacheRoot = managedContextTreeCacheRoot()) {
+	return join(cacheRoot, createHash("sha256").update(`${repoUrl}\0${branch}`).digest("hex"));
+}
+async function materializeRemoteContextTree(repo, branch, cacheRoot = managedContextTreeCacheRoot(), githubToken) {
+	const repoUrl = normalizeRemoteRepoUrl(repo);
+	const root = managedContextTreePath(repoUrl, branch, cacheRoot);
+	const lastSyncedAt = remoteLastSyncedAt.get(root);
+	if (lastSyncedAt && Date.now() - lastSyncedAt < REMOTE_SYNC_TTL_MS && existsSync(join(root, ".git"))) return {
+		root,
+		staleReason: remoteLastSyncWarnings.get(root) ?? null
+	};
+	const lastFailure = remoteLastFailures.get(root);
+	if (lastFailure && Date.now() - lastFailure.failedAt < REMOTE_FAILURE_TTL_MS && !existsSync(join(root, ".git"))) throw new Error(lastFailure.reason);
+	const existing = remoteSyncPromises.get(root);
+	if (existing) return {
+		root,
+		staleReason: (await existing).staleReason
+	};
+	const syncPromise = syncRemoteContextTree(repoUrl, branch, root, cacheRoot, githubToken);
+	remoteSyncPromises.set(root, syncPromise);
+	try {
+		const syncResult = await syncPromise;
+		remoteLastSyncedAt.set(root, Date.now());
+		remoteLastFailures.delete(root);
+		if (syncResult.staleReason) remoteLastSyncWarnings.set(root, syncResult.staleReason);
+		else remoteLastSyncWarnings.delete(root);
+		return {
+			root,
+			staleReason: syncResult.staleReason
+		};
+	} catch (error) {
+		if (!existsSync(join(root, ".git"))) remoteLastFailures.set(root, {
+			failedAt: Date.now(),
+			reason: `Previous Context Tree sync failed recently. ${errorMessage(error)}`
+		});
+		throw error;
+	} finally {
+		remoteSyncPromises.delete(root);
+	}
+}
+async function syncRemoteContextTree(repoUrl, branch, root, cacheRoot, githubToken) {
+	await mkdir(cacheRoot, { recursive: true });
+	const env = await gitAuthEnv(repoUrl, cacheRoot, githubToken);
+	if (!existsSync(join(root, ".git"))) {
+		await rm(root, {
+			recursive: true,
+			force: true
+		});
+		await gitOutput(cacheRoot, [
+			"clone",
+			"--branch",
+			branch,
+			"--single-branch",
+			repoUrl,
+			root
+		], {
+			timeout: GIT_SYNC_TIMEOUT_MS,
+			env,
+			disableHooks: true
+		});
+		return { staleReason: null };
+	}
+	try {
+		await gitOutput(root, [
+			"remote",
+			"set-url",
+			"origin",
+			repoUrl
+		], {
+			timeout: GIT_TIMEOUT_MS,
+			disableHooks: true
+		});
+		await gitOutput(root, [
+			"fetch",
+			"origin",
+			branch,
+			"--prune"
+		], {
+			timeout: GIT_SYNC_TIMEOUT_MS,
+			env,
+			disableHooks: true
+		});
+		await gitOutput(root, [
+			"checkout",
+			"-B",
+			branch,
+			`origin/${branch}`
+		], {
+			timeout: GIT_TIMEOUT_MS,
+			disableHooks: true
+		});
+		return { staleReason: null };
+	} catch (error) {
+		if (existsSync(join(root, ".git"))) return { staleReason: `Showing the last synced Context Tree snapshot because Hub could not refresh the configured repo. ${errorMessage(error)}` };
+		throw error;
+	}
+}
+async function gitAuthEnv(repoUrl, cacheRoot, githubToken) {
+	if (!githubToken || !isGithubHttpsRepo(repoUrl)) return void 0;
+	const askpassPath = join(cacheRoot, ".tools", "git-askpass.sh");
+	if (!existsSync(askpassPath)) {
+		await mkdir(dirname(askpassPath), { recursive: true });
+		await writeFile(askpassPath, [
+			"#!/bin/sh",
+			"case \"$1\" in",
+			"*Username*) printf \"%s\\n\" \"$GIT_USERNAME\" ;;",
+			"*) printf \"%s\\n\" \"$GIT_PASSWORD\" ;;",
+			"esac",
+			""
+		].join("\n"), "utf8");
+		await chmod(askpassPath, 448);
+	}
+	return {
+		...process.env,
+		GIT_ASKPASS: askpassPath,
+		GIT_TERMINAL_PROMPT: "0",
+		GIT_USERNAME: "x-access-token",
+		GIT_PASSWORD: githubToken
+	};
+}
+function isGithubHttpsRepo(repoUrl) {
+	try {
+		const url = new URL(repoUrl);
+		return url.protocol === "https:" && url.hostname.toLowerCase() === "github.com";
+	} catch {
+		return false;
+	}
+}
+function contextStatus(warning) {
+	if (warning?.stale) return {
+		label: "Team context is stale",
+		detail: warning.detail,
+		severity: "warning"
+	};
+	if (warning) return {
+		label: "Team context needs attention",
+		detail: warning.detail,
+		severity: "warning"
 	};
 	return {
-		root: null,
-		reason: `Context Tree checkout not found at ${root}.`
+		label: "Team context is current",
+		detail: "Agents have a synced team context snapshot available.",
+		severity: "ok"
+	};
+}
+function withSnapshotStatus(snapshot, syncedAt, warning) {
+	return {
+		...snapshot,
+		syncedAt,
+		snapshotStatus: warning?.stale ? "stale" : snapshot.snapshotStatus,
+		contextStatus: warning ? contextStatus(warning) : snapshot.contextStatus
 	};
 }
+function isSafeBranchName(branch) {
+	if (branch.startsWith("-")) return false;
+	if (branch.includes("..") || branch.includes("@{") || branch.includes("\\")) return false;
+	return /^[A-Za-z0-9._/-]+$/.test(branch);
+}
+function errorMessage(error) {
+	if (!(error instanceof Error) || error.message.trim().length === 0) return "";
+	return redactSecret(error.message.trim().split("\n")[0] ?? "");
+}
+function redactSecret(message) {
+	return message.replace(/(https?:\/\/)[^/@\s]+@/g, "$1[redacted]@").replace(/\bghp_[A-Za-z0-9_]+/g, "[redacted]").replace(/\bgithub_pat_[A-Za-z0-9_]+/g, "[redacted]");
+}
 function unavailableSnapshot(repo, branch, detail) {
 	return {
 		repo,
@@ -16136,11 +16758,16 @@ function unavailableSnapshot(repo, branch, detail) {
 		changes: []
 	};
 }
-async function gitOutput(cwd, args) {
-	const { stdout } = await execFileAsync("git", args, {
+async function gitOutput(cwd, args, options) {
+	const { stdout } = await execFileAsync("git", options?.disableHooks ? [
+		"-c",
+		"core.hooksPath=/dev/null",
+		...args
+	] : args, {
 		cwd,
-		timeout: GIT_TIMEOUT_MS,
-		maxBuffer: GIT_MAX_BUFFER
+		timeout: options?.timeout ?? GIT_TIMEOUT_MS,
+		maxBuffer: GIT_MAX_BUFFER,
+		env: options?.env
 	});
 	return stdout.trim();
 }
@@ -16696,10 +17323,42 @@ async function contextTreeSnapshotRoutes(app) {
 		keyGenerator: (request) => request.user?.userId ?? request.ip
 	} } }, async (request) => {
 		const query = querySchema.parse(request.query);
-		const snapshot = await getContextTreeSnapshot(app.config, query.window ?? "7d");
+		const { userId } = requireUser(request);
+		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
+		const binding = orgId ? await getOrgContextTree(app.db, orgId) : {};
+		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		const snapshot = await getContextTreeSnapshot({
+			...binding,
+			githubToken
+		}, query.window ?? "7d");
 		return contextTreeSnapshotSchema.parse(snapshot);
 	});
 }
+function contextTreeGithubTokenForRepo(repo, syncConfig) {
+	if (!repo || !syncConfig?.githubToken) return void 0;
+	const repoKey = githubRepoKey(repo);
+	if (!repoKey) return void 0;
+	return new Set((syncConfig.githubTokenRepos ?? "").split(",").map((entry) => normalizeGithubRepoKey(entry)).filter((entry) => entry !== null)).has(repoKey) ? syncConfig.githubToken : void 0;
+}
+function githubRepoKey(value) {
+	const shorthand = normalizeGithubRepoKey(value);
+	if (shorthand) return shorthand;
+	let url;
+	try {
+		url = new URL(value);
+	} catch {
+		return null;
+	}
+	if (url.protocol !== "https:" || url.hostname.toLowerCase() !== "github.com") return null;
+	if (url.username || url.password) return null;
+	return normalizeGithubRepoKey(url.pathname.replace(/^\/+/, ""));
+}
+function normalizeGithubRepoKey(value) {
+	const trimmed = value.trim().replace(/^\/+/, "").replace(/\.git$/i, "");
+	const match = /^([A-Za-z0-9_.-]+)\/([A-Za-z0-9_.-]+)$/.exec(trimmed);
+	if (!match) return null;
+	return `${match[1]?.toLowerCase()}/${match[2]?.toLowerCase()}`;
+}
 /**
 * Resolve the client IP for rate-limit attribution.
 *
@@ -16801,7 +17460,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-DWlyNb8x-D3zjZSwI.mjs");
+	const { previewInvitation } = await import("./invitation-C299fxkP-BR-niZyp.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -16824,7 +17483,8 @@ async function meRoutes(app) {
 			id: users.id,
 			username: users.username,
 			displayName: users.displayName,
-			avatarUrl: users.avatarUrl
+			avatarUrl: users.avatarUrl,
+			onboardingDismissedAt: users.onboardingDismissedAt
 		}).from(users).where(eq(users.id, userId)).limit(1);
 		const memberships = await listActiveMemberships(app.db, userId);
 		const defaultMembership = pickDefaultMembership(memberships.map((m) => ({
@@ -16839,7 +17499,7 @@ async function meRoutes(app) {
 				if (inv) inviteUrl = buildInviteUrl(resolvePublicUrl(app, request), inv.token);
 			}
 		}
-		const wizardStep = await inferWizardStep(app, userId);
+		const onboardingStep = await inferOnboardingStep(app, userId);
 		return {
 			user: user ?? null,
 			defaultOrganizationId: defaultOrgId,
@@ -16850,11 +17510,93 @@ async function meRoutes(app) {
 				role: mb.role,
 				agentId: mb.agentId
 			})),
-			wizard: { step: wizardStep },
+			onboarding: {
+				step: onboardingStep,
+				dismissedAt: user?.onboardingDismissedAt ? user.onboardingDismissedAt.toISOString() : null
+			},
 			inviteUrl
 		};
 	});
 	/**
+	* PATCH /me/onboarding — currently the only mutable field is
+	* `dismissed`, set when the user clicks `✕` on the onboarding stepper.
+	* Stamping NOW() server-side avoids client-clock skew. Idempotent: a
+	* second PATCH leaves the original timestamp in place.
+	*
+	* See docs/new-user-onboarding-design.md §8.4.
+	*/
+	app.patch("/me/onboarding", async (request, reply) => {
+		const { userId } = requireUser(request);
+		const body = patchOnboardingSchema.parse(request.body);
+		if (body.dismissed === true) {
+			if ((await app.db.update(users).set({ onboardingDismissedAt: /* @__PURE__ */ new Date() }).where(and(eq(users.id, userId), isNull(users.onboardingDismissedAt))).returning({ id: users.id })).length > 0) app.log.info({
+				event: "onboarding.dismissed",
+				userId
+			}, "onboarding funnel: stepper dismissed");
+		} else if (body.dismissed === false) await app.db.update(users).set({ onboardingDismissedAt: null }).where(eq(users.id, userId));
+		const [u] = await app.db.select({ onboardingDismissedAt: users.onboardingDismissedAt }).from(users).where(eq(users.id, userId)).limit(1);
+		return reply.status(200).send({ dismissedAt: u?.onboardingDismissedAt ? u.onboardingDismissedAt.toISOString() : null });
+	});
+	/**
+	* POST /me/onboarding/events — web-side onboarding funnel reporter.
+	* Server-side milestones (`team_created` at OAuth, `dismissed` on PATCH)
+	* are emitted directly; this endpoint surfaces the web-driven ones into
+	* the same log stream so a single funnel query covers the full flow.
+	* Body shape is enum-validated so the server won't log arbitrary names.
+	*
+	* Rate-limited to keep a buggy or hostile authenticated tab from
+	* flooding the log stream. The cap is generous relative to legitimate
+	* funnel traffic (≤ 4 events per onboarding pass).
+	*/
+	app.post("/me/onboarding/events", { config: { rateLimit: {
+		max: 60,
+		timeWindow: "1 minute"
+	} } }, async (request, reply) => {
+		const { userId } = requireUser(request);
+		const body = onboardingEventSchema.parse(request.body);
+		app.log.info({
+			...body.attrs ?? {},
+			event: `onboarding.${body.event}`,
+			userId
+		}, `onboarding funnel: ${body.event}`);
+		return reply.status(204).send();
+	});
+	/**
+	* GET /me/github/repos — list the caller's accessible GitHub repos. Used
+	* by the Step 2 onboarding repo picker. The OAuth access token was
+	* captured at sign-in (encrypted at rest in `auth_identities.metadata`)
+	* so this endpoint avoids a second redirect.
+	*
+	* 503 if the user has no GitHub identity bound or the token wasn't
+	* captured (e.g. dev-callback sign-in or pre-redesign user). The web
+	* client falls back to a "Reconnect GitHub" hint in that case.
+	*/
+	app.get("/me/github/repos", async (request, reply) => {
+		const { userId } = requireUser(request);
+		const [identity] = await app.db.select({ metadata: authIdentities.metadata }).from(authIdentities).where(and(eq(authIdentities.userId, userId), eq(authIdentities.provider, "github"))).limit(1);
+		const encrypted = identity?.metadata && typeof identity.metadata === "object" && "accessToken" in identity.metadata ? identity.metadata.accessToken : void 0;
+		if (typeof encrypted !== "string" || !encrypted) return reply.status(503).send({ error: "GitHub access token unavailable — please reconnect your account" });
+		let token;
+		try {
+			token = decryptValue(encrypted, app.config.secrets.encryptionKey);
+		} catch {
+			return reply.status(503).send({ error: "GitHub access token could not be decoded — please reconnect" });
+		}
+		try {
+			return { repos: await listUserRepos(token) };
+		} catch (err) {
+			app.log.warn({
+				err,
+				userId
+			}, "list github repos failed");
+			if (err instanceof GithubApiError && (err.status === 401 || err.status === 403)) return reply.status(403).send({
+				error: "GitHub access token is missing the `repo` scope. Please reconnect your GitHub account.",
+				code: "scope_missing"
+			});
+			return reply.status(502).send({ error: "Couldn't reach GitHub. Try again, or reconnect your GitHub account." });
+		}
+	});
+	/**
 	* POST /me/connect-tokens — short-lived connect token for the CLI.
 	* The token now carries only `sub = userId`; the CLI rejoins via
 	* `exchangeConnectToken` which probes `members` realtime.
@@ -16898,7 +17640,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-By1K4VVT-C5K7WZo6.mjs");
+		const { listMyPinnedAgents } = await import("./client-D_TRJFZY-LbgJF47t.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -17004,24 +17746,24 @@ async function meRoutes(app) {
 		return reply.status(204).send();
 	});
 	/**
-	* GET /me/wizard-step — bare endpoint for clients that don't want the
-	* full /me payload. Same logic as inferWizardStep below.
+	* GET /me/onboarding-step — bare endpoint for clients that don't want the
+	* full /me payload. Same logic as inferOnboardingStep below.
 	*/
-	app.get("/me/wizard-step", async (request) => {
+	app.get("/me/onboarding-step", async (request) => {
 		const { userId } = requireUser(request);
-		return { step: await inferWizardStep(app, userId) };
+		return { step: await inferOnboardingStep(app, userId) };
 	});
 }
 /**
-* Infer the onboarding wizard step from the *user-level* facts:
+* Infer the onboarding step from the *user-level* facts:
 *   - has at least one client → past "connect"
 *   - manages at least one non-human active agent (any org) → past "create_agent"
 *
 * Critically: the join from agents → members → userId means a user with
-* memberships across multiple orgs has the wizard satisfied as soon as ANY
+* memberships across multiple orgs has onboarding satisfied as soon as ANY
 * org has a non-human agent — matching the user-level mental model.
 */
-async function inferWizardStep(app, userId) {
+async function inferOnboardingStep(app, userId) {
 	const [hasClient] = await app.db.select({ id: clients.id }).from(clients).where(eq(clients.userId, userId)).limit(1);
 	if (!hasClient) return "connect";
 	const [hasAgent] = await app.db.select({ uuid: agents.uuid }).from(agents).innerJoin(members, eq(members.id, agents.managerId)).where(and(eq(members.userId, userId), eq(members.status, "active"), ne(agents.type, "human"), eq(agents.status, "active"))).limit(1);
@@ -17621,6 +18363,64 @@ async function orgSessionRoutes(app) {
 		});
 	});
 }
+/**
+* Class B — `/api/v1/orgs/:orgId/settings/:namespace`.
+*
+* Generic per-org settings surface. The `:namespace` URL parameter is
+* dispatched against `ORG_SETTINGS_NAMESPACES` (in the shared package);
+* adding a new config group only requires registering it there — no new
+* route file.
+*
+* All three verbs are admin-only. Even GET, because the masked output
+* still leaks "configured / not-configured" booleans for secret fields,
+* which we don't want to expose to non-admin members.
+*/
+async function orgSettingsRoutes(app) {
+	app.get("/:namespace", async (request) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		return enrichOutput(namespace, await getOrgSetting(app.db, scope.organizationId, namespace), scope.organizationId, app.config.server.publicUrl);
+	});
+	app.put("/:namespace", { config: { otelRecordBody: true } }, async (request) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		return enrichOutput(namespace, await putOrgSetting(app.db, scope.organizationId, namespace, request.body, {
+			updatedBy: scope.userId,
+			encryptionKey: app.config.secrets.encryptionKey
+		}), scope.organizationId, app.config.server.publicUrl);
+	});
+	app.delete("/:namespace", async (request, reply) => {
+		const scope = await requireOrgAdmin(request, app.db);
+		const namespace = parseNamespace(request.params.namespace);
+		await deleteOrgSetting(app.db, scope.organizationId, namespace);
+		reply.status(204).send();
+	});
+}
+function parseNamespace(raw) {
+	if (!isOrgSettingNamespace(raw)) throw new BadRequestError(`Unknown organization-settings namespace: "${raw}"`);
+	return raw;
+}
+/**
+* Resolve namespace-specific server-config-derived fields. The service
+* layer stays config-agnostic — namespace knowledge that needs `app.config`
+* lives here. Currently only `github_integration.webhookUrl` qualifies.
+*
+* If `server.publicUrl` is unset on the Hub, `webhookUrl` is left as `""`
+* so the UI can render a "contact your site administrator" notice rather
+* than fall back to `window.location.origin` (which is wrong behind a
+* reverse proxy). (#12)
+*/
+function enrichOutput(namespace, out, orgId, publicUrl) {
+	if (namespace === "github_integration") {
+		const o = out;
+		const webhookUrl = publicUrl ? `${publicUrl.replace(/\/+$/, "")}/api/v1/webhooks/github/${orgId}` : "";
+		return {
+			...o,
+			webhookUrl
+		};
+	}
+	return out;
+}
 function dispatch$1(notifier, result) {
 	if (!result) return;
 	notifyRecipients(notifier, result.recipients, result.message.id);
@@ -17920,16 +18720,15 @@ function verifySignature(secret, rawBody, signatureHeader) {
 	const receivedBuf = Buffer.from(signatureHeader, "utf8");
 	if (expectedBuf.length !== receivedBuf.length || !timingSafeEqual(expectedBuf, receivedBuf)) throw new UnauthorizedError("Invalid webhook signature");
 }
-async function ensureGitHubAdapterAgent(db) {
-	const defaultOrgId = await resolveDefaultOrgId(db);
-	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, defaultOrgId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
+async function ensureGitHubAdapterAgent(db, organizationId) {
+	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
 	if (existing) return existing.uuid;
 	try {
 		return (await createAgent(db, {
 			name: GITHUB_ADAPTER_ID,
 			type: "autonomous_agent",
 			displayName: "GitHub Adapter",
-			organizationId: defaultOrgId,
+			organizationId,
 			metadata: {
 				source: "github",
 				managed: true
@@ -17937,19 +18736,19 @@ async function ensureGitHubAdapterAgent(db) {
 		})).uuid;
 	} catch (err) {
 		if (err instanceof ConflictError) {
-			const [created] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, defaultOrgId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
+			const [created] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.name, GITHUB_ADAPTER_ID))).limit(1);
 			if (created) return created.uuid;
 		}
 		throw err;
 	}
 }
-async function findTargetAgent(db, repoFullName) {
+async function findTargetAgent(db, organizationId, repoFullName) {
 	const allAgents = await db.select({
 		id: agents.uuid,
 		name: agents.name,
 		metadata: agents.metadata,
 		type: agents.type
-	}).from(agents).where(eq(agents.status, "active"));
+	}).from(agents).where(and(eq(agents.organizationId, organizationId), eq(agents.status, "active")));
 	for (const agent of allAgents) {
 		if (agent.name === GITHUB_ADAPTER_ID) continue;
 		const meta = agent.metadata;
@@ -17983,14 +18782,14 @@ function extractMentions$1(text) {
 * For each mentioned user who has delegate_mention configured,
 * send a card message from the mentioned user to their delegate.
 */
-async function routeMentionDelegations(app, mentionedNames, ctx) {
+async function routeMentionDelegations(app, organizationId, mentionedNames, ctx) {
 	if (mentionedNames.length === 0) return 0;
 	const delegates = await app.db.select({
 		id: agents.uuid,
 		name: agents.name,
 		delegateMention: agents.delegateMention,
 		status: agents.status
-	}).from(agents).where(and(inArray(agents.name, mentionedNames), isNotNull(agents.delegateMention)));
+	}).from(agents).where(and(eq(agents.organizationId, organizationId), inArray(agents.name, mentionedNames), isNotNull(agents.delegateMention)));
 	let routed = 0;
 	for (const agent of delegates) {
 		if (agent.status !== "active" || !agent.delegateMention) continue;
@@ -18078,13 +18877,14 @@ async function githubWebhookRoutes(app) {
 	app.addContentTypeParser("application/json", { parseAs: "buffer" }, (_request, body, done) => {
 		done(null, body);
 	});
-	const webhookSecret = app.config.github.webhookSecret;
 	const webhookMax = app.config.rateLimit?.webhookMax ?? 60;
-	app.post("/github", { config: { rateLimit: {
+	app.post("/github/:orgId", { config: { rateLimit: {
 		max: webhookMax,
 		timeWindow: "1 minute"
 	} } }, async (request, reply) => {
-		if (!webhookSecret) return reply.status(501).send({ error: "GitHub webhook is not configured. Set FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET to enable." });
+		const { orgId } = request.params;
+		const webhookSecret = await getDecryptedGithubWebhookSecret(app.db, orgId, app.config.secrets.encryptionKey);
+		if (!webhookSecret) return reply.status(501).send({ error: "GitHub webhook is not configured for this organization. An admin must set the webhook secret in Team settings." });
 		const rawBody = request.body;
 		if (!Buffer.isBuffer(rawBody)) throw new BadRequestError("Expected raw body buffer");
 		const signatureHeader = request.headers["x-hub-signature-256"];
@@ -18102,12 +18902,12 @@ async function githubWebhookRoutes(app) {
 			ok: true,
 			event: "ping"
 		});
-		if (eventType === "issues") return handleIssuesEvent(app, eventType, payload, reply);
-		if (eventType === "issue_comment") return handleIssueCommentEvent(app, eventType, payload, reply);
+		if (eventType === "issues") return handleIssuesEvent(app, orgId, eventType, payload, reply);
+		if (eventType === "issue_comment") return handleIssueCommentEvent(app, orgId, eventType, payload, reply);
 		let mentionsRouted = 0;
 		const allowedActions = MENTION_ACTIONS[eventType];
 		const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
-		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, eventType, payload);
+		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
 		return reply.status(200).send({
 			ok: true,
 			event: eventType,
@@ -18261,10 +19061,10 @@ function extractEventContext(eventType, payload) {
 * Run mention delegation for a given event type and payload.
 * Only called after action gating confirms this is a "new content" event.
 */
-async function handleMentionDelegation(app, eventType, payload) {
+async function handleMentionDelegation(app, organizationId, eventType, payload) {
 	const mentions = extractMentions$1(extractEventText(eventType, payload));
 	const mentionCtx = extractEventContext(eventType, payload);
-	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, mentions, mentionCtx);
+	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, organizationId, mentions, mentionCtx);
 	return 0;
 }
 /** Actions that represent new/changed content (worth scanning for @mentions). */
@@ -18278,9 +19078,9 @@ const MENTION_ACTIONS = {
 	discussion_comment: ["created"],
 	commit_comment: ["created"]
 };
-async function handleIssuesEvent(app, eventType, payload, reply) {
+async function handleIssuesEvent(app, organizationId, eventType, payload, reply) {
 	const data = parseIssuesPayload(payload);
-	if (MENTION_ACTIONS.issues?.includes(data.action)) await handleMentionDelegation(app, eventType, payload);
+	if (MENTION_ACTIONS.issues?.includes(data.action)) await handleMentionDelegation(app, organizationId, eventType, payload);
 	if (![
 		"opened",
 		"edited",
@@ -18291,7 +19091,7 @@ async function handleIssuesEvent(app, eventType, payload, reply) {
 		action: data.action,
 		handled: false
 	});
-	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db), findTargetAgent(app.db, data.repository.full_name)]);
+	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db, organizationId), findTargetAgent(app.db, organizationId, data.repository.full_name)]);
 	if (!targetAgentId) {
 		log$1.warn({
 			repo: data.repository.full_name,
@@ -18337,16 +19137,16 @@ async function handleIssuesEvent(app, eventType, payload, reply) {
 		routed: true
 	});
 }
-async function handleIssueCommentEvent(app, eventType, payload, reply) {
+async function handleIssueCommentEvent(app, organizationId, eventType, payload, reply) {
 	const data = parseIssueCommentPayload(payload);
-	if (MENTION_ACTIONS.issue_comment?.includes(data.action)) await handleMentionDelegation(app, eventType, payload);
+	if (MENTION_ACTIONS.issue_comment?.includes(data.action)) await handleMentionDelegation(app, organizationId, eventType, payload);
 	if (data.action !== "created") return reply.status(200).send({
 		ok: true,
 		event: "issue_comment",
 		action: data.action,
 		handled: false
 	});
-	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db), findTargetAgent(app.db, data.repository.full_name)]);
+	const [senderId, targetAgentId] = await Promise.all([ensureGitHubAdapterAgent(app.db, organizationId), findTargetAgent(app.db, organizationId, data.repository.full_name)]);
 	if (!targetAgentId) {
 		log$1.warn({
 			repo: data.repository.full_name,
@@ -18416,6 +19216,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	members: () => members,
 	messages: () => messages,
 	notifications: () => notifications,
+	organizationSettings: () => organizationSettings,
 	organizations: () => organizations,
 	serverInstances: () => serverInstances,
 	sessionEvents: () => sessionEvents,
@@ -18424,10 +19225,16 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	users: () => users
 });
 function connectDatabase(url) {
-	const client = postgres(url);
+	const client = postgres(url, sslOptions(url));
 	const db = drizzle(client, { schema: schema_exports });
 	return Object.assign(db, { end: () => client.end() });
 }
+function sslOptions(url) {
+	try {
+		if (new URL(url).hostname.endsWith(".rds.amazonaws.com")) return { ssl: { rejectUnauthorized: false } };
+	} catch {}
+	return {};
+}
 /**
 * Agent-scoped HTTP authentication hook. Must run **after** userAuthHook
 * so `request.user` is populated.
@@ -19802,7 +20609,10 @@ async function buildApp(config) {
 	const commandVersion = resolveCommandVersion(config.commandVersion);
 	app.decorate("commandVersion", commandVersion);
 	app.log.info({ commandVersion }, "Hub server advertising command version");
-	const listenClient = postgres(config.database.url, { max: 1 });
+	const listenClient = postgres(config.database.url, {
+		max: 1,
+		...sslOptions(config.database.url)
+	});
 	const notifier = createNotifier(listenClient);
 	await app.register(websocket, { options: { maxPayload: config.ws?.maxPayload ?? 65536 } });
 	const corsOrigin = config.cors?.origin;
@@ -19887,9 +20697,9 @@ async function buildApp(config) {
 		await api.register(authRoutes, { prefix: "/auth" });
 		await api.register(githubOauthRoutes, { prefix: "/auth/github" });
 		await api.register(publicInvitationRoutes, { prefix: "/invitations" });
-		await api.register(contextTreeInfoRoutes, { prefix: "/context-tree" });
 		await api.register(bootstrapConfigRoutes, { prefix: "/bootstrap" });
 		await api.register(userScope("contextTreeScope", async (scope) => {
+			await scope.register(contextTreeInfoRoutes);
 			await scope.register(contextTreeSnapshotRoutes);
 		}), { prefix: "/context-tree" });
 		await api.register(userScope("meRoutesScope", async (scope) => {
@@ -19910,6 +20720,7 @@ async function buildApp(config) {
 			await scope.register(orgClientRoutes, { prefix: "/clients" });
 			await scope.register(orgInvitationRoutes, { prefix: "/invitations" });
 			await scope.register(orgMemberRoutes, { prefix: "/members" });
+			await scope.register(orgSettingsRoutes, { prefix: "/settings" });
 		}), { prefix: "/orgs/:orgId" });
 		await api.register(orgWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/orgs/:orgId/ws" });
 		await api.register(userScope("resourcesScope", async (scope) => {