@agent-team-foundation/first-tree-hub 0.11.4 → 0.11.5

package/dist/{bootstrap-D-Yf8yOc.mjs → bootstrap-C_K2CKXC.mjs}

@@ -569,6 +569,13 @@ const serverConfigSchema = defineConfig({
 		refreshTokenExpiry: field(z.string().default("30d"), { env: "FIRST_TREE_HUB_AUTH_REFRESH_TOKEN_EXPIRY" }),
 		connectTokenExpiry: field(z.string().default("10m"), { env: "FIRST_TREE_HUB_AUTH_CONNECT_TOKEN_EXPIRY" })
 	},
+	contextTreeSync: optional({
+		githubToken: field(z.string(), {
+			env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN",
+			secret: true
+		}),
+		githubTokenRepos: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN_REPOS" })
+	}),
 	oauth: optional({ github: optional({
 		clientId: field(z.string(), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_ID" }),
 		clientSecret: field(z.string(), {

package/dist/cli/index.mjs

@@ -1,15 +1,15 @@
 #!/usr/bin/env node
 import "../observability-BAScT_5S-gw1ODB_o.mjs";
-import { $ as formatStaleReason, A as checkDocker, B as isServiceSupported, C as createApiNameResolver, D as checkBackgroundService, E as checkAgentConfigs, F as checkWebSocket, H as restartClientService, I as printResults, J as stopPostgres, L as reconcileAgentConfigs, M as checkServerConfig, N as checkServerHealth, O as checkClientConfig, P as checkServerReachable, Q as findStaleAliases, R as getClientServiceStatus, S as runHomeMigration, T as runMigrations, U as startClientService, W as stopClientService, X as handleClientOrgMismatch, Y as ClientRuntime, _ as formatCheckReport, a as declineUpdate, at as success, b as onboardCreate, c as detectInstallMode, ct as FirstTreeHubSDK, d as startServer, dt as cleanWorkspaces, et as removeLocalAgent, f as reconcileLocalRuntimeProviders, ft as probeCapabilities, g as promptMissingFields, h as promptAddAgent, i as createExecuteUpdate, it as fail, j as checkNodeVersion, k as checkDatabase, l as fetchLatestVersion, lt as SdkError, m as isInteractive, mt as configureClientLoggerForService, o as promptUpdate, ot as ClientOrgMismatchError, p as uploadClientCapabilities, pt as applyClientLoggerConfig, r as registerSaaSConnectCommand, rt as resolveReplyToFromEnv, s as PACKAGE_NAME, st as ClientUserMismatchError, tt as createOwner, u as installGlobalLatest, ut as SessionRegistry, v as loadOnboardState, w as migrateLocalAgentDirs, x as saveOnboardState, y as onboardCheck, z as installClientService } from "../saas-connect-CVoRK0Ex.mjs";
+import { $ as formatStaleReason, A as checkDocker, B as isServiceSupported, C as createApiNameResolver, D as checkBackgroundService, E as checkAgentConfigs, F as checkWebSocket, H as restartClientService, I as printResults, J as stopPostgres, L as reconcileAgentConfigs, M as checkServerConfig, N as checkServerHealth, O as checkClientConfig, P as checkServerReachable, Q as findStaleAliases, R as getClientServiceStatus, S as runHomeMigration, T as runMigrations, U as startClientService, W as stopClientService, X as handleClientOrgMismatch, Y as ClientRuntime, _ as formatCheckReport, a as declineUpdate, at as success, b as onboardCreate, c as detectInstallMode, ct as FirstTreeHubSDK, d as startServer, dt as cleanWorkspaces, et as removeLocalAgent, f as reconcileLocalRuntimeProviders, ft as probeCapabilities, g as promptMissingFields, h as promptAddAgent, i as createExecuteUpdate, it as fail, j as checkNodeVersion, k as checkDatabase, l as fetchLatestVersion, lt as SdkError, m as isInteractive, mt as configureClientLoggerForService, o as promptUpdate, ot as ClientOrgMismatchError, p as uploadClientCapabilities, pt as applyClientLoggerConfig, r as registerSaaSConnectCommand, rt as resolveReplyToFromEnv, s as PACKAGE_NAME, st as ClientUserMismatchError, tt as createOwner, u as installGlobalLatest, ut as SessionRegistry, v as loadOnboardState, w as migrateLocalAgentDirs, x as saveOnboardState, y as onboardCheck, z as installClientService } from "../saas-connect-CO554S-V.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-D-Yf8yOc.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-C_K2CKXC.mjs";
 import { a as print, n as CLI_USER_AGENT, o as setJsonMode, r as COMMAND_VERSION, t as cliFetch } from "../cli-fetch--tiwKm5S.mjs";
-import "../dist-ClFs4WMj.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-AI3pwmqN.mjs";
-import "../errors-BmyRwN0Y-Dad3eV8F.mjs";
-import "../client-CLdRbuml-svTO0Eat.mjs";
+import "../dist-CfvCT4E0.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-DbSvp9UH.mjs";
+import "../errors-CF5evtJt-B0NTIVPt.mjs";
+import "../client-DqdGiggm-NQoGZ2vM.mjs";
 import "../src-aJMV60mR.mjs";
-import "../invitation-Dnn5gGGX-DXryyvRG.mjs";
+import "../invitation-Bg0TRiyx-BsZH4GCS.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync } from "node:fs";
 import * as semver from "semver";
@@ -1670,13 +1670,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-D-Yf8yOc.mjs").then((n) => n.r);
+		const { resolveServerUrl } = await import("../bootstrap-C_K2CKXC.mjs").then((n) => n.r);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-D-Yf8yOc.mjs").then((n) => n.r);
+	const { loadCredentials } = await import("../bootstrap-C_K2CKXC.mjs").then((n) => n.r);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });
@@ -1798,6 +1798,67 @@ function registerOnboardCommand(program) {
 	});
 }
 //#endregion
+//#region src/commands/org.ts
+/**
+* `first-tree-hub org` — organization-level operations.
+*
+* Today this only ships `bind-tree`, called by Step 3 onboarding agents
+* after they create a fresh context-tree GitHub repo so the Hub records
+* the binding in the org's `context_tree` settings namespace. The verb
+* mirrors first-tree CLI's own `tree bind` vocabulary so agents reading
+* "bind-tree" know what it means without translation. See
+* docs/new-user-onboarding-design.md §7.4 (Path B).
+*/
+function registerOrgCommands(program) {
+	program.command("org").description("Organization-level operations").command("bind-tree").description("Bind the caller's organization to a context-tree GitHub URL").argument("<url>", "GitHub URL of the context-tree repository (https://github.com/...)").option("--org <orgId>", "Override the org to bind. Defaults to your selected/default org via /me.").action(async (rawUrl, options) => {
+		try {
+			const url = rawUrl.trim();
+			if (!url) fail("INVALID_URL", "URL must not be empty", 2);
+			try {
+				const parsed = new URL(url);
+				if (parsed.protocol !== "https:" && parsed.protocol !== "http:") fail("INVALID_URL", `URL scheme must be http or https (got ${parsed.protocol})`, 2);
+			} catch {
+				fail("INVALID_URL", `"${url}" is not a valid URL`, 2);
+			}
+			const serverUrl = resolveServerUrl();
+			const accessToken = await ensureFreshAccessToken();
+			const orgId = options.org?.trim() || await resolveDefaultOrgId(serverUrl, accessToken);
+			const res = await fetch(`${serverUrl}/api/v1/orgs/${encodeURIComponent(orgId)}/settings/context_tree`, {
+				method: "PUT",
+				headers: {
+					Authorization: `Bearer ${accessToken}`,
+					"Content-Type": "application/json"
+				},
+				body: JSON.stringify({ repo: url })
+			});
+			if (!res.ok) {
+				const text = await res.text().catch(() => "");
+				fail("PUT_FAILED", `hub returned ${res.status} on PUT /orgs/${orgId}/settings/context_tree: ${text.slice(0, 256)}`, 1);
+			}
+			print.status("•", `Bound organization to context-tree at ${url}`);
+			success({
+				orgId,
+				repo: url
+			});
+		} catch (err) {
+			fail("UNEXPECTED", err instanceof Error ? err.message : String(err), 1);
+		}
+	});
+}
+async function resolveDefaultOrgId(serverUrl, accessToken) {
+	const res = await fetch(`${serverUrl}/api/v1/me`, {
+		headers: { Authorization: `Bearer ${accessToken}` },
+		signal: AbortSignal.timeout(1e4)
+	});
+	if (!res.ok) fail("ME_FAILED", `hub returned ${res.status} on /me`, 1);
+	const me = await res.json();
+	const memberships = me.memberships ?? [];
+	if (me.defaultOrganizationId && memberships.some((m) => m.organizationId === me.defaultOrganizationId)) return me.defaultOrganizationId;
+	if (memberships.length === 1 && memberships[0]) return memberships[0].organizationId;
+	if (memberships.length === 0) fail("NO_ORG", "You don't belong to any organization", 1);
+	fail("AMBIGUOUS_ORG", "Multiple organizations — pass --org <orgId> explicitly or set a default in the web UI first", 1);
+}
+//#endregion
 //#region src/commands/server.ts
 function registerServerCommands(program) {
 	const server = program.command("server").description("Manage First Tree Hub server");
@@ -1990,6 +2051,7 @@ registerAgentCommands(program);
 registerConfigCommands(program);
 registerUpdateCommand(program);
 registerOnboardCommand(program);
+registerOrgCommands(program);
 program.parse();
 //#endregion
 export {};

package/dist/client-D_TRJFZY-LbgJF47t.mjs

@@ -0,0 +1,4 @@
+import "./dist-CfvCT4E0.mjs";
+import "./errors-CF5evtJt-B0NTIVPt.mjs";
+import { y as listMyPinnedAgents } from "./client-DqdGiggm-NQoGZ2vM.mjs";
+export { listMyPinnedAgents };

package/dist/{client-CLdRbuml-svTO0Eat.mjs → client-DqdGiggm-NQoGZ2vM.mjs}

@@ -1,8 +1,8 @@
-import { w as clientCapabilitiesSchema } from "./dist-ClFs4WMj.mjs";
-import { a as ConflictError, i as ClientUserMismatchError, l as organizations, n as BadRequestError, s as NotFoundError, u as users } from "./errors-BmyRwN0Y-Dad3eV8F.mjs";
+import { w as clientCapabilitiesSchema } from "./dist-CfvCT4E0.mjs";
+import { a as ConflictError, i as ClientUserMismatchError, l as organizations, n as BadRequestError, s as NotFoundError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
 import { and, eq, inArray, ne, sql } from "drizzle-orm";
 import { index, integer, jsonb, pgTable, text, timestamp, unique } from "drizzle-orm/pg-core";
-//#region ../server/dist/client-CLdRbuml.mjs
+//#region ../server/dist/client-DqdGiggm.mjs
 /**
 * Client connections. A client is a single SDK process (AgentRuntime) that may
 * host multiple agents. From the unified-user-token milestone on, a client is

package/dist/{dist-ClFs4WMj.mjs → dist-CfvCT4E0.mjs}

@@ -137,195 +137,6 @@ z.object({
 	connected: z.boolean(),
 	lastActiveAt: z.string().nullable()
 });
-const presenceStatusSchema = z.enum(["online", "offline"]);
-const runtimeStateSchema = z.enum([
-	"idle",
-	"working",
-	"blocked",
-	"error"
-]);
-z.enum([
-	"active",
-	"suspended",
-	"evicted"
-]);
-/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
-const clientSessionStateSchema = z.enum(["active", "suspended"]);
-const sessionStateMessageSchema = z.object({
-	chatId: z.string().min(1),
-	state: clientSessionStateSchema
-});
-/** Client-reported runtime state override (client → server, per-agent). */
-const runtimeStateMessageSchema = z.object({ runtimeState: runtimeStateSchema });
-const agentBindRequestSchema = z.object({
-	agentId: z.string().min(1),
-	runtimeType: z.string().max(50),
-	runtimeVersion: z.string().max(50).optional()
-});
-const AGENT_BIND_REJECT_REASONS = {
-	WRONG_CLIENT: "wrong_client",
-	NOT_OWNED: "not_owned",
-	AGENT_SUSPENDED: "agent_suspended",
-	WRONG_ORG: "wrong_org",
-	UNKNOWN_AGENT: "unknown_agent",
-	RUNTIME_PROVIDER_MISMATCH: "runtime_provider_mismatch"
-};
-z.enum([
-	"wrong_client",
-	"not_owned",
-	"agent_suspended",
-	"wrong_org",
-	"unknown_agent",
-	"runtime_provider_mismatch"
-]);
-/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
-const AGENT_SELECTOR_HEADER = "x-agent-id";
-z.object({
-	agentId: z.string(),
-	status: presenceStatusSchema,
-	connectedAt: z.string().nullable(),
-	lastSeenAt: z.string(),
-	clientId: z.string().nullable().optional(),
-	runtimeType: z.string().nullable().optional(),
-	runtimeVersion: z.string().nullable().optional(),
-	runtimeState: runtimeStateSchema.nullable().optional(),
-	activeSessions: z.number().int().nullable().optional(),
-	totalSessions: z.number().int().nullable().optional(),
-	runtimeUpdatedAt: z.string().nullable().optional()
-});
-z.object({
-	total: z.number().int(),
-	running: z.number().int(),
-	byState: z.object({
-		idle: z.number().int(),
-		working: z.number().int(),
-		blocked: z.number().int(),
-		error: z.number().int()
-	}),
-	clients: z.number().int()
-});
-const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
-const DEFAULT_RUNTIME_PROVIDER = "claude-code";
-const AGENT_TYPES = {
-	HUMAN: "human",
-	PERSONAL_ASSISTANT: "personal_assistant",
-	AUTONOMOUS_AGENT: "autonomous_agent"
-};
-const agentTypeSchema = z.enum([
-	"human",
-	"personal_assistant",
-	"autonomous_agent"
-]);
-const AGENT_VISIBILITY = {
-	PRIVATE: "private",
-	ORGANIZATION: "organization"
-};
-const agentVisibilitySchema = z.enum(["private", "organization"]);
-const AGENT_STATUSES = {
-	ACTIVE: "active",
-	SUSPENDED: "suspended",
-	DELETED: "deleted"
-};
-const AGENT_SOURCES = {
-	ADMIN_API: "admin-api",
-	PORTAL: "portal"
-};
-const agentSourceSchema = z.enum(["admin-api", "portal"]);
-z.enum(["active", "suspended"]);
-/**
-* Agent-name rules (see docs/agent-naming-design.md §3.1):
-*   - Lowercase ASCII slug, hyphens + underscores allowed.
-*   - Must start with alphanumeric: `-` / `_` as first char collide with
-*     CLI flag parsing and markdown list syntax.
-*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
-*     @-mentioned in chat. Older rows created under the previous 1–100
-*     regex are grandfathered; the tight rule only gates new creates.
-*/
-const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
-const RESERVED_AGENT_NAMES_SET = new Set([
-	"admin",
-	"agent",
-	"first-tree",
-	"hub",
-	"me",
-	"null",
-	"system",
-	"undefined"
-]);
-function isReservedAgentName(name) {
-	return RESERVED_AGENT_NAMES_SET.has(name);
-}
-const createAgentSchema = z.object({
-	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
-	type: agentTypeSchema,
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).optional(),
-	organizationId: z.string().min(1).max(100).optional(),
-	source: agentSourceSchema.optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().optional(),
-	clientId: z.string().min(1).max(100).optional(),
-	runtimeProvider: runtimeProviderSchema.optional()
-});
-const updateAgentSchema = z.object({
-	type: agentTypeSchema.optional(),
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).nullable().optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().nullable().optional(),
-	clientId: z.string().min(1).max(100).nullable().optional()
-});
-/**
-* Service-level rebind input. Admin / owner re-binds an agent to a new
-* client and/or a new runtime provider in one atomic operation.
-*
-* `force` bypasses the capability-match check (e.g. when the client is
-* offline and capabilities are stale).
-*/
-const rebindAgentSchema = z.object({
-	clientId: z.string().min(1).max(100),
-	runtimeProvider: runtimeProviderSchema,
-	force: z.boolean().optional()
-});
-z.object({
-	uuid: z.string(),
-	name: z.string().nullable(),
-	organizationId: z.string(),
-	type: agentTypeSchema,
-	displayName: z.string(),
-	delegateMention: z.string().nullable(),
-	inboxId: z.string(),
-	status: z.string(),
-	source: z.string().nullable().optional(),
-	visibility: agentVisibilitySchema,
-	metadata: z.record(z.string(), z.unknown()),
-	managerId: z.string().nullable(),
-	clientId: z.string().nullable(),
-	runtimeProvider: runtimeProviderSchema,
-	presenceStatus: presenceStatusSchema.optional(),
-	createdAt: z.string(),
-	updatedAt: z.string()
-});
-z.object({
-	repo: z.string().nullable(),
-	branch: z.string().nullable()
-});
-/**
-* Server → client WebSocket frame announcing that an agent has just been
-* pinned to the connected client (either created with `clientId` or bound via
-* PATCH NULL → ID). The client can auto-register a local config from this so
-* the operator doesn't have to run `first-tree-hub agent add` manually.
-*/
-const agentPinnedMessageSchema = z.object({
-	type: z.literal("agent:pinned"),
-	agentId: z.string(),
-	name: z.string().nullable(),
-	displayName: z.string(),
-	agentType: agentTypeSchema,
-	runtimeProvider: runtimeProviderSchema
-});
 /**
 * Agent runtime configuration.
 *
@@ -500,6 +311,26 @@ const agentRuntimeConfigSchema = z.object({
 	updatedBy: z.string()
 });
 /**
+* Write-side shape with no `.default()` per field.
+*
+* `agentRuntimeConfigPayloadShape` carries `.default()` on every field for the
+* read path (so legacy DB rows parse cleanly). On the PATCH side those defaults
+* are actively harmful: Zod 4's `.partial()` makes a field optional but keeps
+* the inner `ZodDefault`, so a body like `{ mcpServers: [...] }` parses to a
+* fully-populated patch where the omitted fields are filled with their
+* defaults — the service layer's `patch.x ?? current.x` then sees a truthy
+* default and *replaces* the user's saved value with empty. Mirroring the 5
+* fields here without defaults keeps "field absent" → `undefined` in the
+* parsed patch, which is what the merge logic expects.
+*/
+const agentRuntimeConfigPatchShape = z.object({
+	prompt: promptConfigSchema,
+	model: z.string(),
+	mcpServers: z.array(mcpServerSchema),
+	env: z.array(envEntrySchema),
+	gitRepos: z.array(gitRepoSchema)
+}).partial();
+/**
 * Patch payload for PATCH /api/v1/admin/agents/:uuid/config.
 *
 * - `expectedVersion` enforces optimistic locking; mismatch → 409.
@@ -507,9 +338,9 @@ const agentRuntimeConfigSchema = z.object({
 */
 const updateAgentRuntimeConfigSchema = z.object({
 	expectedVersion: z.number().int().positive(),
-	payload: agentRuntimeConfigPayloadShape.partial()
+	payload: agentRuntimeConfigPatchShape
 });
-const dryRunAgentRuntimeConfigSchema = z.object({ payload: agentRuntimeConfigPayloadShape.partial() });
+const dryRunAgentRuntimeConfigSchema = z.object({ payload: agentRuntimeConfigPatchShape });
 z.object({
 	current: agentRuntimeConfigSchema,
 	next: agentRuntimeConfigPayloadSchema,
@@ -538,6 +369,196 @@ function deriveRepoLocalPath(url) {
 	if (!trimmed) return "";
 	return ((trimmed.split(/[?#]/)[0] ?? "").split(/[/:]/).filter(Boolean).pop() ?? "").replace(/\.git$/i, "");
 }
+const presenceStatusSchema = z.enum(["online", "offline"]);
+const runtimeStateSchema = z.enum([
+	"idle",
+	"working",
+	"blocked",
+	"error"
+]);
+z.enum([
+	"active",
+	"suspended",
+	"evicted"
+]);
+/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
+const clientSessionStateSchema = z.enum(["active", "suspended"]);
+const sessionStateMessageSchema = z.object({
+	chatId: z.string().min(1),
+	state: clientSessionStateSchema
+});
+/** Client-reported runtime state override (client → server, per-agent). */
+const runtimeStateMessageSchema = z.object({ runtimeState: runtimeStateSchema });
+const agentBindRequestSchema = z.object({
+	agentId: z.string().min(1),
+	runtimeType: z.string().max(50),
+	runtimeVersion: z.string().max(50).optional()
+});
+const AGENT_BIND_REJECT_REASONS = {
+	WRONG_CLIENT: "wrong_client",
+	NOT_OWNED: "not_owned",
+	AGENT_SUSPENDED: "agent_suspended",
+	WRONG_ORG: "wrong_org",
+	UNKNOWN_AGENT: "unknown_agent",
+	RUNTIME_PROVIDER_MISMATCH: "runtime_provider_mismatch"
+};
+z.enum([
+	"wrong_client",
+	"not_owned",
+	"agent_suspended",
+	"wrong_org",
+	"unknown_agent",
+	"runtime_provider_mismatch"
+]);
+/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
+const AGENT_SELECTOR_HEADER = "x-agent-id";
+z.object({
+	agentId: z.string(),
+	status: presenceStatusSchema,
+	connectedAt: z.string().nullable(),
+	lastSeenAt: z.string(),
+	clientId: z.string().nullable().optional(),
+	runtimeType: z.string().nullable().optional(),
+	runtimeVersion: z.string().nullable().optional(),
+	runtimeState: runtimeStateSchema.nullable().optional(),
+	activeSessions: z.number().int().nullable().optional(),
+	totalSessions: z.number().int().nullable().optional(),
+	runtimeUpdatedAt: z.string().nullable().optional()
+});
+z.object({
+	total: z.number().int(),
+	running: z.number().int(),
+	byState: z.object({
+		idle: z.number().int(),
+		working: z.number().int(),
+		blocked: z.number().int(),
+		error: z.number().int()
+	}),
+	clients: z.number().int()
+});
+const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
+const DEFAULT_RUNTIME_PROVIDER = "claude-code";
+const AGENT_TYPES = {
+	HUMAN: "human",
+	PERSONAL_ASSISTANT: "personal_assistant",
+	AUTONOMOUS_AGENT: "autonomous_agent"
+};
+const agentTypeSchema = z.enum([
+	"human",
+	"personal_assistant",
+	"autonomous_agent"
+]);
+const AGENT_VISIBILITY = {
+	PRIVATE: "private",
+	ORGANIZATION: "organization"
+};
+const agentVisibilitySchema = z.enum(["private", "organization"]);
+const AGENT_STATUSES = {
+	ACTIVE: "active",
+	SUSPENDED: "suspended",
+	DELETED: "deleted"
+};
+const AGENT_SOURCES = {
+	ADMIN_API: "admin-api",
+	PORTAL: "portal"
+};
+const agentSourceSchema = z.enum(["admin-api", "portal"]);
+z.enum(["active", "suspended"]);
+/**
+* Agent-name rules (see docs/agent-naming-design.md §3.1):
+*   - Lowercase ASCII slug, hyphens + underscores allowed.
+*   - Must start with alphanumeric: `-` / `_` as first char collide with
+*     CLI flag parsing and markdown list syntax.
+*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
+*     @-mentioned in chat. Older rows created under the previous 1–100
+*     regex are grandfathered; the tight rule only gates new creates.
+*/
+const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
+const RESERVED_AGENT_NAMES_SET = new Set([
+	"admin",
+	"agent",
+	"first-tree",
+	"hub",
+	"me",
+	"null",
+	"system",
+	"undefined"
+]);
+function isReservedAgentName(name) {
+	return RESERVED_AGENT_NAMES_SET.has(name);
+}
+const createAgentSchema = z.object({
+	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
+	type: agentTypeSchema,
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).optional(),
+	organizationId: z.string().min(1).max(100).optional(),
+	source: agentSourceSchema.optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().optional(),
+	clientId: z.string().min(1).max(100).optional(),
+	runtimeProvider: runtimeProviderSchema.optional(),
+	gitRepos: z.array(gitRepoSchema).optional()
+});
+const updateAgentSchema = z.object({
+	type: agentTypeSchema.optional(),
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).nullable().optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().nullable().optional(),
+	clientId: z.string().min(1).max(100).nullable().optional()
+});
+/**
+* Service-level rebind input. Admin / owner re-binds an agent to a new
+* client and/or a new runtime provider in one atomic operation.
+*
+* `force` bypasses the capability-match check (e.g. when the client is
+* offline and capabilities are stale).
+*/
+const rebindAgentSchema = z.object({
+	clientId: z.string().min(1).max(100),
+	runtimeProvider: runtimeProviderSchema,
+	force: z.boolean().optional()
+});
+z.object({
+	uuid: z.string(),
+	name: z.string().nullable(),
+	organizationId: z.string(),
+	type: agentTypeSchema,
+	displayName: z.string(),
+	delegateMention: z.string().nullable(),
+	inboxId: z.string(),
+	status: z.string(),
+	source: z.string().nullable().optional(),
+	visibility: agentVisibilitySchema,
+	metadata: z.record(z.string(), z.unknown()),
+	managerId: z.string().nullable(),
+	clientId: z.string().nullable(),
+	runtimeProvider: runtimeProviderSchema,
+	presenceStatus: presenceStatusSchema.optional(),
+	createdAt: z.string(),
+	updatedAt: z.string()
+});
+z.object({
+	repo: z.string().nullable(),
+	branch: z.string().nullable()
+});
+/**
+* Server → client WebSocket frame announcing that an agent has just been
+* pinned to the connected client (either created with `clientId` or bound via
+* PATCH NULL → ID). The client can auto-register a local config from this so
+* the operator doesn't have to run `first-tree-hub agent add` manually.
+*/
+const agentPinnedMessageSchema = z.object({
+	type: z.literal("agent:pinned"),
+	agentId: z.string(),
+	name: z.string().nullable(),
+	displayName: z.string(),
+	agentType: agentTypeSchema,
+	runtimeProvider: runtimeProviderSchema
+});
 const loginSchema = z.object({
 	username: z.string().min(1),
 	password: z.string().min(1)
@@ -1054,6 +1075,43 @@ const createOrgFromMeSchema = z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/),
 	displayName: z.string().min(1).max(200)
 });
+/**
+* Body for `PATCH /me/onboarding`. v1 only mutates `dismissed` — true to
+* hide the onboarding stepper (server stamps `users.onboarding_dismissed_at
+* = NOW()`), false to restore it. See docs/new-user-onboarding-design.md
+* §8.4.
+*/
+const patchOnboardingSchema = z.object({ dismissed: z.boolean().optional() });
+/**
+* Body for `POST /me/onboarding/events`. The web SPA reports key
+* milestones so the server can log them as a single funnel-trackable
+* stream alongside server-emitted events (`team_created`, `dismissed`).
+*
+* Server emits:
+*   - `team_created`           — at OAuth callback when joinPath === "solo"
+*   - `dismissed`              — when PATCH /me/onboarding flips dismissed
+*
+* Web reports:
+*   - `team_renamed`           — Step 1 user changed the auto-named team
+*   - `agent_created`          — Step 2 successfully created the agent
+*   - `tree_chat_started`      — Step 3 [Yes, set it up] succeeded
+*   - `tree_intro_dismissed`   — Step 3 [I'll do it later] clicked
+*/
+const onboardingEventNameSchema = z.enum([
+	"team_renamed",
+	"agent_created",
+	"tree_chat_started",
+	"tree_intro_dismissed"
+]);
+const onboardingEventSchema = z.object({
+	event: onboardingEventNameSchema,
+	attrs: z.record(z.string(), z.union([
+		z.string(),
+		z.number(),
+		z.boolean(),
+		z.null()
+	])).optional()
+});
 z.object({
 	id: z.string(),
 	organizationId: z.string(),
@@ -1159,12 +1217,26 @@ const githubDevCallbackQuerySchema = z.object({
 *   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
 *   3. Done. No DB migration, no new API route.
 */
+const orgContextTreeRepoUrlSchema = z.string().url().refine((value) => {
+	try {
+		return new URL(value).protocol === "https:";
+	} catch {
+		return false;
+	}
+}, { message: "Context Tree repo URL must use HTTPS." }).refine((value) => {
+	try {
+		const url = new URL(value);
+		return url.username.length === 0 && url.password.length === 0;
+	} catch {
+		return false;
+	}
+}, { message: "Context Tree repo URL must not include credentials." });
 const orgContextTreeStorageSchema = z.object({
-	repo: z.string().url().optional(),
+	repo: orgContextTreeRepoUrlSchema.optional(),
 	branch: z.string().default("main")
 });
 const orgContextTreeInputSchema = z.object({
-	repo: z.string().url().min(1).nullish(),
+	repo: orgContextTreeRepoUrlSchema.nullish(),
 	branch: z.string().min(1).nullish()
 });
 const orgContextTreeOutputSchema = z.object({
@@ -1521,4 +1593,4 @@ z.object({
 	capabilities: serverCapabilitiesSchema.optional()
 }).passthrough();
 //#endregion
-export { loginSchema as $, createAgentSchema as A, githubCallbackQuerySchema as B, agentTypeSchema as C, updateMemberSchema as Ct, contextTreeSnapshotSchema as D, connectTokenExchangeSchema as E, wsAuthFrameSchema as Et, createTaskSchema as F, inboxDeliverFrameSchema as G, githubStartQuerySchema as H, defaultRuntimeConfigPayload as I, isRedactedEnvValue as J, inboxPollQuerySchema as K, delegateFeishuUserSchema as L, createMeChatSchema as M, createMemberSchema as N, createAdapterConfigSchema as O, createOrgFromMeSchema as P, listMeChatsQuerySchema as Q, dryRunAgentRuntimeConfigSchema as R, agentRuntimeConfigPayloadSchema as S, updateClientCapabilitiesSchema as St, clientRegisterSchema as T, updateTaskStatusSchema as Tt, imageInlineContentSchema as U, githubDevCallbackQuerySchema as V, inboxAckFrameSchema as W, joinByInvitationSchema as X, isReservedAgentName as Y, linkTaskChatSchema as Z, addParticipantSchema as _, taskListQuerySchema as _t, AGENT_STATUSES as a, runtimeStateMessageSchema as at, agentBindRequestSchema as b, updateAgentSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, selfServiceFeishuBotSchema as ct, TASK_CREATOR_TYPES as d, sessionCompletionMessageSchema as dt, messageSourceSchema as et, TASK_HEALTH_SIGNALS as f, sessionEventMessageSchema as ft, addMeChatParticipantsSchema as g, stripCode as gt, WS_AUTH_FRAME_TIMEOUT_MS as h, sessionStateMessageSchema as ht, AGENT_SOURCES as i, refreshTokenSchema as it, createChatSchema as j, createAdapterMappingSchema as k, MENTION_REGEX as l, sendMessageSchema as lt, TASK_TERMINAL_STATUSES as m, sessionReconcileRequestSchema as mt, AGENT_NAME_REGEX as n, paginationQuerySchema as nt, AGENT_TYPES as o, safeRedirectPath as ot, TASK_STATUSES as p, sessionEventSchema as pt, isOrgSettingNamespace as q, AGENT_SELECTOR_HEADER as r, rebindAgentSchema as rt, AGENT_VISIBILITY as s, scanMentionTokens as st, AGENT_BIND_REJECT_REASONS as t, notificationQuerySchema as tt, ORG_SETTINGS_NAMESPACES as u, sendToAgentSchema as ut, adminCreateTaskSchema as v, updateAdapterConfigSchema as vt, clientCapabilitiesSchema as w, updateOrganizationSchema as wt, agentPinnedMessageSchema as x, updateChatSchema as xt, adminUpdateTaskSchema as y, updateAgentRuntimeConfigSchema as yt, extractMentions as z };
+export { loginSchema as $, createAgentSchema as A, githubCallbackQuerySchema as B, agentTypeSchema as C, updateChatSchema as Ct, contextTreeSnapshotSchema as D, updateTaskStatusSchema as Dt, connectTokenExchangeSchema as E, updateOrganizationSchema as Et, createTaskSchema as F, inboxDeliverFrameSchema as G, githubStartQuerySchema as H, defaultRuntimeConfigPayload as I, isRedactedEnvValue as J, inboxPollQuerySchema as K, delegateFeishuUserSchema as L, createMeChatSchema as M, createMemberSchema as N, createAdapterConfigSchema as O, wsAuthFrameSchema as Ot, createOrgFromMeSchema as P, listMeChatsQuerySchema as Q, dryRunAgentRuntimeConfigSchema as R, agentRuntimeConfigPayloadSchema as S, updateAgentSchema as St, clientRegisterSchema as T, updateMemberSchema as Tt, imageInlineContentSchema as U, githubDevCallbackQuerySchema as V, inboxAckFrameSchema as W, joinByInvitationSchema as X, isReservedAgentName as Y, linkTaskChatSchema as Z, addParticipantSchema as _, sessionStateMessageSchema as _t, AGENT_STATUSES as a, rebindAgentSchema as at, agentBindRequestSchema as b, updateAdapterConfigSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, safeRedirectPath as ct, TASK_CREATOR_TYPES as d, sendMessageSchema as dt, messageSourceSchema as et, TASK_HEALTH_SIGNALS as f, sendToAgentSchema as ft, addMeChatParticipantsSchema as g, sessionReconcileRequestSchema as gt, WS_AUTH_FRAME_TIMEOUT_MS as h, sessionEventSchema as ht, AGENT_SOURCES as i, patchOnboardingSchema as it, createChatSchema as j, createAdapterMappingSchema as k, MENTION_REGEX as l, scanMentionTokens as lt, TASK_TERMINAL_STATUSES as m, sessionEventMessageSchema as mt, AGENT_NAME_REGEX as n, onboardingEventSchema as nt, AGENT_TYPES as o, refreshTokenSchema as ot, TASK_STATUSES as p, sessionCompletionMessageSchema as pt, isOrgSettingNamespace as q, AGENT_SELECTOR_HEADER as r, paginationQuerySchema as rt, AGENT_VISIBILITY as s, runtimeStateMessageSchema as st, AGENT_BIND_REJECT_REASONS as t, notificationQuerySchema as tt, ORG_SETTINGS_NAMESPACES as u, selfServiceFeishuBotSchema as ut, adminCreateTaskSchema as v, stripCode as vt, clientCapabilitiesSchema as w, updateClientCapabilitiesSchema as wt, agentPinnedMessageSchema as x, updateAgentRuntimeConfigSchema as xt, adminUpdateTaskSchema as y, taskListQuerySchema as yt, extractMentions as z };

package/dist/drizzle/0033_onboarding_dismissed_at.sql

@@ -0,0 +1,13 @@
+-- Onboarding stepper dismissal flag. Decoupled from the server-side
+-- `onboardingStep` enum so the stepper keeps rendering across all three
+-- UI steps (server-side onboardingStep flips to `completed` at the end of
+-- Step 2; Step 3 is purely client-driven and the stepper must keep
+-- showing during the tree-init chat).
+--
+-- See docs/new-user-onboarding-design.md §8.
+--
+-- NULL  → stepper renders
+-- value → user clicked the `✕`; stepper unmounts. Irreversible from UI v1.
+
+ALTER TABLE "users"
+  ADD COLUMN IF NOT EXISTS "onboarding_dismissed_at" timestamp with time zone;