@agent-team-foundation/first-tree-hub 0.11.4 → 0.12.0

package/dist/{saas-connect-CVoRK0Ex.mjs → saas-connect-Drn9g6cR.mjs}

@@ -1,12 +1,12 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, f as messageAttrs, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-gw1ODB_o.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-D-Yf8yOc.mjs";
+import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C_K2CKXC.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as loginSchema, A as createAgentSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateMemberSchema, D as contextTreeSnapshotSchema, E as connectTokenExchangeSchema, Et as wsAuthFrameSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateClientCapabilitiesSchema, T as clientRegisterSchema, Tt as updateTaskStatusSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as taskListQuerySchema, a as AGENT_STATUSES, at as runtimeStateMessageSchema, b as agentBindRequestSchema, bt as updateAgentSchema, ct as selfServiceFeishuBotSchema, d as TASK_CREATOR_TYPES, dt as sessionCompletionMessageSchema, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as sessionEventMessageSchema, g as addMeChatParticipantsSchema, gt as stripCode, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionStateMessageSchema, i as AGENT_SOURCES, it as refreshTokenSchema, j as createChatSchema, k as createAdapterMappingSchema, l as MENTION_REGEX, lt as sendMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sessionReconcileRequestSchema, n as AGENT_NAME_REGEX$1, nt as paginationQuerySchema, o as AGENT_TYPES, ot as safeRedirectPath, p as TASK_STATUSES, pt as sessionEventSchema$1, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as rebindAgentSchema, s as AGENT_VISIBILITY, st as scanMentionTokens, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as sendToAgentSchema, v as adminCreateTaskSchema, vt as updateAdapterConfigSchema, wt as updateOrganizationSchema, x as agentPinnedMessageSchema$1, xt as updateChatSchema, y as adminUpdateTaskSchema, yt as updateAgentRuntimeConfigSchema, z as extractMentions } from "./dist-ClFs4WMj.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-BmyRwN0Y-Dad3eV8F.mjs";
-import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-CLdRbuml-svTO0Eat.mjs";
-import { n as init_esm, r as trace, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Dnn5gGGX-DXryyvRG.mjs";
+import { $ as loginSchema, A as createAgentSchema, At as updateTaskStatusSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateAdapterConfigSchema, D as contextTreeSnapshotSchema, Dt as updateClientCapabilitiesSchema, E as connectTokenExchangeSchema, Et as updateChatSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as updateMemberSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as taskListQuerySchema, T as clientRegisterSchema, Tt as updateAgentSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionEventSchema$1, a as AGENT_STATUSES, b as agentBindRequestSchema, bt as stripCode, ct as refreshTokenSchema, d as TASK_CREATOR_TYPES, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as selfServiceFeishuBotSchema, g as addMeChatParticipantsSchema, gt as sessionEventMessageSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionCompletionMessageSchema, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, jt as wsAuthFrameSchema, k as createAdapterMappingSchema, kt as updateOrganizationSchema, l as MENTION_REGEX, lt as runtimeStateMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sendToAgentSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, p as TASK_STATUSES, pt as sendMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as rebindAgentSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as safeRedirectPath, v as adminCreateTaskSchema, vt as sessionReconcileRequestSchema, wt as updateAgentRuntimeConfigSchema, x as agentPinnedMessageSchema$1, xt as submitQuestionAnswerSchema, y as adminUpdateTaskSchema, yt as sessionStateMessageSchema } from "./dist-UOZ6vMUW.mjs";
+import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
+import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { $ as pendingQuestions, A as heartbeatClient, B as listAgentsWithRuntime, C as findOrCreateDirectChat, D as getClient, E as getChatDetail, F as joinChat, G as listClientsForOrgAdmin, H as listChats, I as leaveAsParticipant, J as markStaleAgents, K as listMessages, L as leaveChat, M as inboxEntries, N as invalidateChatAudience, O as getOnlineCount, P as joinAsParticipant, Q as notifyRecipients, R as listActiveAgentsPinnedToClient, S as ensureParticipant$1, T as getCachedAudience, U as listChatsForMember, V as listChatParticipantsWithNames, W as listClients, X as members, Y as markSupersededByChat, Z as messages, _ as createNotifier, _t as updateClientCapabilities, a as agents, at as removeParticipant, b as editMessage, c as bindAgent, ct as retireClient, d as chats, dt as serverInstances, et as recomputeChatWatchers, f as claimClient, ft as setOffline, g as createChat, gt as unbindAgent, h as clients, ht as touchAgent, i as agentVisibilityCondition, it as registerClient, j as heartbeatInstance, k as getPresence, l as chatParticipants, lt as sendMessage, m as cleanupStalePresence, mt as submitAnswer, n as agentChatSessions, nt as recomputeWatchersForMember, o as assertClientOwner, ot as resetActivity, p as cleanupStaleClients, pt as setRuntimeState, r as agentPresence, rt as registerChatMessageDispatcher, s as assertParticipant, st as resolveChatMembership, t as addParticipant, tt as recomputeWatchersForAgent, u as chatSubscriptions, ut as sendToAgent$1, v as deriveAuthState, vt as upsertSessionState, w as getActivityOverview, x as ensureCanJoin, y as disconnectClient, z as listAgentsManagedByUser } from "./client-BPUdUaZT-CyCrpCTP.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Bg0TRiyx-BsZH4GCS.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -16,7 +16,7 @@ import { EventEmitter } from "node:events";
 import { closeSync, copyFileSync, existsSync, mkdirSync, openSync, readFileSync, readdirSync, realpathSync, renameSync, rmSync, statSync, unlinkSync, watch, writeFileSync, writeSync } from "node:fs";
 import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import WebSocket from "ws";
-import { mkdir, readFile, readdir, stat, writeFile } from "node:fs/promises";
+import { chmod, mkdir, readFile, readdir, rm, stat, writeFile } from "node:fs/promises";
 import { parse, stringify } from "yaml";
 import { query } from "@anthropic-ai/claude-agent-sdk";
 import { execFile, execFileSync, execSync, spawn, spawnSync } from "node:child_process";
@@ -29,7 +29,7 @@ import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne,
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
-import { bigserial, boolean, index, integer, jsonb, pgTable, primaryKey, serial, text, timestamp, unique, uniqueIndex } from "drizzle-orm/pg-core";
+import { boolean, index, integer, jsonb, pgTable, primaryKey, serial, text, timestamp, unique, uniqueIndex } from "drizzle-orm/pg-core";
 import { SignJWT, jwtVerify } from "jose";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
@@ -371,160 +371,6 @@ z.object({
 	connected: z.boolean(),
 	lastActiveAt: z.string().nullable()
 });
-const presenceStatusSchema = z.enum(["online", "offline"]);
-const runtimeStateSchema = z.enum([
-	"idle",
-	"working",
-	"blocked",
-	"error"
-]);
-z.enum([
-	"active",
-	"suspended",
-	"evicted"
-]);
-/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
-const clientSessionStateSchema = z.enum(["active", "suspended"]);
-z.object({
-	chatId: z.string().min(1),
-	state: clientSessionStateSchema
-});
-z.object({ runtimeState: runtimeStateSchema });
-z.object({
-	agentId: z.string().min(1),
-	runtimeType: z.string().max(50),
-	runtimeVersion: z.string().max(50).optional()
-});
-z.enum([
-	"wrong_client",
-	"not_owned",
-	"agent_suspended",
-	"wrong_org",
-	"unknown_agent",
-	"runtime_provider_mismatch"
-]);
-/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
-const AGENT_SELECTOR_HEADER = "x-agent-id";
-z.object({
-	agentId: z.string(),
-	status: presenceStatusSchema,
-	connectedAt: z.string().nullable(),
-	lastSeenAt: z.string(),
-	clientId: z.string().nullable().optional(),
-	runtimeType: z.string().nullable().optional(),
-	runtimeVersion: z.string().nullable().optional(),
-	runtimeState: runtimeStateSchema.nullable().optional(),
-	activeSessions: z.number().int().nullable().optional(),
-	totalSessions: z.number().int().nullable().optional(),
-	runtimeUpdatedAt: z.string().nullable().optional()
-});
-z.object({
-	total: z.number().int(),
-	running: z.number().int(),
-	byState: z.object({
-		idle: z.number().int(),
-		working: z.number().int(),
-		blocked: z.number().int(),
-		error: z.number().int()
-	}),
-	clients: z.number().int()
-});
-const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
-const agentTypeSchema = z.enum([
-	"human",
-	"personal_assistant",
-	"autonomous_agent"
-]);
-const agentVisibilitySchema = z.enum(["private", "organization"]);
-const agentSourceSchema = z.enum(["admin-api", "portal"]);
-z.enum(["active", "suspended"]);
-/**
-* Agent-name rules (see docs/agent-naming-design.md §3.1):
-*   - Lowercase ASCII slug, hyphens + underscores allowed.
-*   - Must start with alphanumeric: `-` / `_` as first char collide with
-*     CLI flag parsing and markdown list syntax.
-*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
-*     @-mentioned in chat. Older rows created under the previous 1–100
-*     regex are grandfathered; the tight rule only gates new creates.
-*/
-const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
-const RESERVED_AGENT_NAMES_SET = new Set([
-	"admin",
-	"agent",
-	"first-tree",
-	"hub",
-	"me",
-	"null",
-	"system",
-	"undefined"
-]);
-function isReservedAgentName(name) {
-	return RESERVED_AGENT_NAMES_SET.has(name);
-}
-z.object({
-	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
-	type: agentTypeSchema,
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).optional(),
-	organizationId: z.string().min(1).max(100).optional(),
-	source: agentSourceSchema.optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().optional(),
-	clientId: z.string().min(1).max(100).optional(),
-	runtimeProvider: runtimeProviderSchema.optional()
-});
-z.object({
-	type: agentTypeSchema.optional(),
-	displayName: z.string().min(1).max(200).optional(),
-	delegateMention: z.string().max(100).nullable().optional(),
-	visibility: agentVisibilitySchema.optional(),
-	metadata: z.record(z.string(), z.unknown()).optional(),
-	managerId: z.string().nullable().optional(),
-	clientId: z.string().min(1).max(100).nullable().optional()
-});
-z.object({
-	clientId: z.string().min(1).max(100),
-	runtimeProvider: runtimeProviderSchema,
-	force: z.boolean().optional()
-});
-z.object({
-	uuid: z.string(),
-	name: z.string().nullable(),
-	organizationId: z.string(),
-	type: agentTypeSchema,
-	displayName: z.string(),
-	delegateMention: z.string().nullable(),
-	inboxId: z.string(),
-	status: z.string(),
-	source: z.string().nullable().optional(),
-	visibility: agentVisibilitySchema,
-	metadata: z.record(z.string(), z.unknown()),
-	managerId: z.string().nullable(),
-	clientId: z.string().nullable(),
-	runtimeProvider: runtimeProviderSchema,
-	presenceStatus: presenceStatusSchema.optional(),
-	createdAt: z.string(),
-	updatedAt: z.string()
-});
-z.object({
-	repo: z.string().nullable(),
-	branch: z.string().nullable()
-});
-/**
-* Server → client WebSocket frame announcing that an agent has just been
-* pinned to the connected client (either created with `clientId` or bound via
-* PATCH NULL → ID). The client can auto-register a local config from this so
-* the operator doesn't have to run `first-tree-hub agent add` manually.
-*/
-const agentPinnedMessageSchema = z.object({
-	type: z.literal("agent:pinned"),
-	agentId: z.string(),
-	name: z.string().nullable(),
-	displayName: z.string(),
-	agentType: agentTypeSchema,
-	runtimeProvider: runtimeProviderSchema
-});
 /**
 * Agent runtime configuration.
 *
@@ -665,11 +511,31 @@ const agentRuntimeConfigSchema = z.object({
 	updatedAt: z.string(),
 	updatedBy: z.string()
 });
+/**
+* Write-side shape with no `.default()` per field.
+*
+* `agentRuntimeConfigPayloadShape` carries `.default()` on every field for the
+* read path (so legacy DB rows parse cleanly). On the PATCH side those defaults
+* are actively harmful: Zod 4's `.partial()` makes a field optional but keeps
+* the inner `ZodDefault`, so a body like `{ mcpServers: [...] }` parses to a
+* fully-populated patch where the omitted fields are filled with their
+* defaults — the service layer's `patch.x ?? current.x` then sees a truthy
+* default and *replaces* the user's saved value with empty. Mirroring the 5
+* fields here without defaults keeps "field absent" → `undefined` in the
+* parsed patch, which is what the merge logic expects.
+*/
+const agentRuntimeConfigPatchShape = z.object({
+	prompt: promptConfigSchema,
+	model: z.string(),
+	mcpServers: z.array(mcpServerSchema),
+	env: z.array(envEntrySchema),
+	gitRepos: z.array(gitRepoSchema)
+}).partial();
 z.object({
 	expectedVersion: z.number().int().positive(),
-	payload: agentRuntimeConfigPayloadShape.partial()
+	payload: agentRuntimeConfigPatchShape
 });
-z.object({ payload: agentRuntimeConfigPayloadShape.partial() });
+z.object({ payload: agentRuntimeConfigPatchShape });
 z.object({
 	current: agentRuntimeConfigSchema,
 	next: agentRuntimeConfigPayloadSchema,
@@ -694,6 +560,161 @@ function deriveRepoLocalPath(url) {
 	if (!trimmed) return "";
 	return ((trimmed.split(/[?#]/)[0] ?? "").split(/[/:]/).filter(Boolean).pop() ?? "").replace(/\.git$/i, "");
 }
+const presenceStatusSchema = z.enum(["online", "offline"]);
+const runtimeStateSchema = z.enum([
+	"idle",
+	"working",
+	"blocked",
+	"error"
+]);
+z.enum([
+	"active",
+	"suspended",
+	"evicted"
+]);
+/** Wire-level states a client may report. `evicted` from a stale client is rejected. */
+const clientSessionStateSchema = z.enum(["active", "suspended"]);
+z.object({
+	chatId: z.string().min(1),
+	state: clientSessionStateSchema
+});
+z.object({ runtimeState: runtimeStateSchema });
+z.object({
+	agentId: z.string().min(1),
+	runtimeType: z.string().max(50),
+	runtimeVersion: z.string().max(50).optional()
+});
+z.enum([
+	"wrong_client",
+	"not_owned",
+	"agent_suspended",
+	"wrong_org",
+	"unknown_agent",
+	"runtime_provider_mismatch"
+]);
+/** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
+const AGENT_SELECTOR_HEADER = "x-agent-id";
+z.object({
+	agentId: z.string(),
+	status: presenceStatusSchema,
+	connectedAt: z.string().nullable(),
+	lastSeenAt: z.string(),
+	clientId: z.string().nullable().optional(),
+	runtimeType: z.string().nullable().optional(),
+	runtimeVersion: z.string().nullable().optional(),
+	runtimeState: runtimeStateSchema.nullable().optional(),
+	activeSessions: z.number().int().nullable().optional(),
+	totalSessions: z.number().int().nullable().optional(),
+	runtimeUpdatedAt: z.string().nullable().optional()
+});
+z.object({
+	total: z.number().int(),
+	running: z.number().int(),
+	byState: z.object({
+		idle: z.number().int(),
+		working: z.number().int(),
+		blocked: z.number().int(),
+		error: z.number().int()
+	}),
+	clients: z.number().int()
+});
+const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
+const agentTypeSchema = z.enum([
+	"human",
+	"personal_assistant",
+	"autonomous_agent"
+]);
+const agentVisibilitySchema = z.enum(["private", "organization"]);
+const agentSourceSchema = z.enum(["admin-api", "portal"]);
+z.enum(["active", "suspended"]);
+/**
+* Agent-name rules (see docs/agent-naming-design.md §3.1):
+*   - Lowercase ASCII slug, hyphens + underscores allowed.
+*   - Must start with alphanumeric: `-` / `_` as first char collide with
+*     CLI flag parsing and markdown list syntax.
+*   - 1–64 chars — aligned with `MENTION_REGEX` so any valid name can be
+*     @-mentioned in chat. Older rows created under the previous 1–100
+*     regex are grandfathered; the tight rule only gates new creates.
+*/
+const AGENT_NAME_REGEX = /^[a-z0-9][a-z0-9_-]{0,63}$/;
+const RESERVED_AGENT_NAMES_SET = new Set([
+	"admin",
+	"agent",
+	"first-tree",
+	"hub",
+	"me",
+	"null",
+	"system",
+	"undefined"
+]);
+function isReservedAgentName(name) {
+	return RESERVED_AGENT_NAMES_SET.has(name);
+}
+z.object({
+	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
+	type: agentTypeSchema,
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).optional(),
+	organizationId: z.string().min(1).max(100).optional(),
+	source: agentSourceSchema.optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().optional(),
+	clientId: z.string().min(1).max(100).optional(),
+	runtimeProvider: runtimeProviderSchema.optional(),
+	gitRepos: z.array(gitRepoSchema).optional()
+});
+z.object({
+	type: agentTypeSchema.optional(),
+	displayName: z.string().min(1).max(200).optional(),
+	delegateMention: z.string().max(100).nullable().optional(),
+	visibility: agentVisibilitySchema.optional(),
+	metadata: z.record(z.string(), z.unknown()).optional(),
+	managerId: z.string().nullable().optional(),
+	clientId: z.string().min(1).max(100).nullable().optional()
+});
+z.object({
+	clientId: z.string().min(1).max(100),
+	runtimeProvider: runtimeProviderSchema,
+	force: z.boolean().optional()
+});
+z.object({
+	uuid: z.string(),
+	name: z.string().nullable(),
+	organizationId: z.string(),
+	type: agentTypeSchema,
+	displayName: z.string(),
+	delegateMention: z.string().nullable(),
+	inboxId: z.string(),
+	status: z.string(),
+	source: z.string().nullable().optional(),
+	visibility: agentVisibilitySchema,
+	metadata: z.record(z.string(), z.unknown()),
+	managerId: z.string().nullable(),
+	clientId: z.string().nullable(),
+	runtimeProvider: runtimeProviderSchema,
+	presenceStatus: presenceStatusSchema.optional(),
+	createdAt: z.string(),
+	updatedAt: z.string()
+});
+z.object({
+	repo: z.string().nullable(),
+	branch: z.string().nullable()
+});
+/**
+* Server → client WebSocket frame announcing that an agent has just been
+* pinned to the connected client (either created with `clientId` or bound via
+* PATCH NULL → ID). The client can auto-register a local config from this so
+* the operator doesn't have to run `first-tree-hub agent add` manually.
+*/
+const agentPinnedMessageSchema = z.object({
+	type: z.literal("agent:pinned"),
+	agentId: z.string(),
+	name: z.string().nullable(),
+	displayName: z.string(),
+	agentType: agentTypeSchema,
+	runtimeProvider: runtimeProviderSchema
+});
 z.object({
 	username: z.string().min(1),
 	password: z.string().min(1)
@@ -994,7 +1015,9 @@ const messageFormatSchema = z.enum([
 	"card",
 	"reference",
 	"file",
-	"task"
+	"task",
+	"question",
+	"question_answer"
 ]);
 z.object({
 	format: messageFormatSchema.default("text"),
@@ -1217,6 +1240,37 @@ z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/),
 	displayName: z.string().min(1).max(200)
 });
+z.object({ dismissed: z.boolean().optional() });
+/**
+* Body for `POST /me/onboarding/events`. The web SPA reports key
+* milestones so the server can log them as a single funnel-trackable
+* stream alongside server-emitted events (`team_created`, `dismissed`).
+*
+* Server emits:
+*   - `team_created`           — at OAuth callback when joinPath === "solo"
+*   - `dismissed`              — when PATCH /me/onboarding flips dismissed
+*
+* Web reports:
+*   - `team_renamed`           — Step 1 user changed the auto-named team
+*   - `agent_created`          — Step 2 successfully created the agent
+*   - `tree_chat_started`      — Step 3 [Yes, set it up] succeeded
+*   - `tree_intro_dismissed`   — Step 3 [I'll do it later] clicked
+*/
+const onboardingEventNameSchema = z.enum([
+	"team_renamed",
+	"agent_created",
+	"tree_chat_started",
+	"tree_intro_dismissed"
+]);
+z.object({
+	event: onboardingEventNameSchema,
+	attrs: z.record(z.string(), z.union([
+		z.string(),
+		z.number(),
+		z.boolean(),
+		z.null()
+	])).optional()
+});
 z.object({
 	id: z.string(),
 	organizationId: z.string(),
@@ -1311,12 +1365,26 @@ z.object({
 *   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
 *   3. Done. No DB migration, no new API route.
 */
+const httpsRepoUrlSchema = z.string().url().refine((value) => {
+	try {
+		return new URL(value).protocol === "https:";
+	} catch {
+		return false;
+	}
+}, { message: "Repo URL must use HTTPS." }).refine((value) => {
+	try {
+		const url = new URL(value);
+		return url.username.length === 0 && url.password.length === 0;
+	} catch {
+		return false;
+	}
+}, { message: "Repo URL must not include credentials." });
 const orgContextTreeStorageSchema = z.object({
-	repo: z.string().url().optional(),
+	repo: httpsRepoUrlSchema.optional(),
 	branch: z.string().default("main")
 });
 const orgContextTreeInputSchema = z.object({
-	repo: z.string().url().min(1).nullish(),
+	repo: httpsRepoUrlSchema.nullish(),
 	branch: z.string().min(1).nullish()
 });
 const orgContextTreeOutputSchema = z.object({
@@ -1329,16 +1397,36 @@ const orgGithubIntegrationOutputSchema = z.object({
 	webhookSecretConfigured: z.boolean(),
 	webhookUrl: z.string()
 });
+const orgSourceReposStorageSchema = z.object({ repos: z.array(z.object({
+	url: httpsRepoUrlSchema,
+	defaultBranch: z.string().optional()
+})).default([]) });
+const orgSourceReposInputSchema = z.object({ repos: z.array(z.object({
+	url: httpsRepoUrlSchema,
+	defaultBranch: z.string().min(1).optional()
+})).optional() });
+const orgSourceReposOutputSchema = z.object({ repos: z.array(z.object({
+	url: z.string(),
+	defaultBranch: z.string().optional()
+})) });
 const ORG_SETTINGS_NAMESPACES = {
 	context_tree: {
 		storage: orgContextTreeStorageSchema,
 		input: orgContextTreeInputSchema,
-		output: orgContextTreeOutputSchema
+		output: orgContextTreeOutputSchema,
+		readPolicy: "member"
 	},
 	github_integration: {
 		storage: orgGithubIntegrationStorageSchema,
 		input: orgGithubIntegrationInputSchema,
-		output: orgGithubIntegrationOutputSchema
+		output: orgGithubIntegrationOutputSchema,
+		readPolicy: "admin"
+	},
+	source_repos: {
+		storage: orgSourceReposStorageSchema,
+		input: orgSourceReposInputSchema,
+		output: orgSourceReposOutputSchema,
+		readPolicy: "member"
 	}
 };
 const ORG_SETTINGS_NAMESPACE_KEYS = Object.keys(ORG_SETTINGS_NAMESPACES);
@@ -1377,6 +1465,78 @@ z.object({
 	organizationId: z.string(),
 	agents: z.record(z.string(), z.array(pulseBucketSchema).length(32))
 });
+/**
+* Structured ask-user payloads bridged from the Claude Agent SDK
+* `AskUserQuestion` tool to Hub messages.
+*
+* Shape mirrors the SDK 0.2.84 input/output verbatim so the client
+* runtime adapter can pass `updatedInput` straight through. See
+* verify scripts under `packages/client/tmp-verify/` for the live
+* matrix this was validated against.
+*
+* Lifecycle:
+*  1. Agent emits a `format: "question"` message — its `content` is a
+*     `QuestionMessageContent` carrying `correlationId` + `questions[]`.
+*  2. User picks options in the Web UI and POSTs answers; server writes
+*     a `format: "question_answer"` message — its `content` is a
+*     `QuestionAnswerMessageContent` referencing the same `correlationId`.
+*  3. Client runtime resolves the in-flight `canUseTool` promise with the
+*     answers, and the SDK feeds them back to the model.
+*
+* `pending → answered → superseded` runtime status lives in a separate
+* server table (`pending_questions`) and is not part of the message —
+* messages are immutable once written.
+*/
+/**
+* Single option inside a question. `preview` is rich content rendered above
+* the label — the SDK's tool input emits it as `string | undefined` (the
+* field is omitted when the model didn't generate any preview content), so
+* we accept undefined / null / string and normalise downstream renderers
+* to treat all three the same way.
+*/
+const questionOptionSchema = z.object({
+	label: z.string().min(1),
+	description: z.string(),
+	preview: z.string().nullable().optional()
+});
+/**
+* One question. `header` is a chip-style short tag. The SDK schema docs
+* describe ≤12 chars but in practice the model occasionally emits
+* slightly longer headers; we keep the rule loose (≤24) so a stylistic
+* regression doesn't fail-closed at canUseTool and abandon the entire
+* tool call. The UI truncates visually if needed.
+*/
+const questionItemSchema = z.object({
+	question: z.string().min(1),
+	header: z.string().min(1).max(24),
+	options: z.array(questionOptionSchema).min(2).max(4),
+	multiSelect: z.boolean()
+});
+/** Session-level preview format hint. Mirrors `toolConfig.askUserQuestion.previewFormat`. */
+const questionPreviewFormatSchema = z.enum(["html", "markdown"]).nullable();
+z.object({
+	correlationId: z.string().min(1),
+	questions: z.array(questionItemSchema).min(1).max(4),
+	previewFormat: questionPreviewFormatSchema,
+	allowFreeText: z.boolean()
+});
+/**
+* Content payload for a message whose `format === "question_answer"`.
+*
+* `answers` is keyed by `QuestionItem.question` text. For `multiSelect` questions
+* the value is a `, `-joined string of selected labels (matches SDK convention).
+* For free-text answers the value is the user's raw input.
+*/
+const questionAnswerMessageContentSchema = z.object({
+	correlationId: z.string().min(1),
+	answers: z.record(z.string().min(1), z.string())
+});
+z.object({ answers: z.record(z.string().min(1), z.string()) });
+z.enum([
+	"pending",
+	"answered",
+	"superseded"
+]);
 const sessionEventKind = z.enum([
 	"tool_call",
 	"error",
@@ -1735,6 +1895,13 @@ defineConfig({
 		refreshTokenExpiry: field(z.string().default("30d"), { env: "FIRST_TREE_HUB_AUTH_REFRESH_TOKEN_EXPIRY" }),
 		connectTokenExpiry: field(z.string().default("10m"), { env: "FIRST_TREE_HUB_AUTH_CONNECT_TOKEN_EXPIRY" })
 	},
+	contextTreeSync: optional({
+		githubToken: field(z.string(), {
+			env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN",
+			secret: true
+		}),
+		githubTokenRepos: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN_REPOS" })
+	}),
 	oauth: optional({ github: optional({
 		clientId: field(z.string(), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_ID" }),
 		clientSecret: field(z.string(), {
@@ -3398,6 +3565,85 @@ function cleanWorkspaces(workspaceRoot, activeChatIds, ttlMs = DEFAULT_WORKSPACE
 	}
 	return removed;
 }
+const pending = /* @__PURE__ */ new Map();
+/**
+* Register a Promise that will resolve when the matching `question_answer`
+* message arrives. Same `correlationId` re-registration is treated as the
+* SDK retrying — the previous entry is rejected as superseded so its
+* `canUseTool` callback unblocks.
+*/
+function registerPendingQuestion(args) {
+	const { correlationId, agentId, chatId } = args;
+	const existing = pending.get(correlationId);
+	if (existing) existing.resolve({
+		status: "denied",
+		reason: "Question re-registered with the same correlation id."
+	});
+	return new Promise((resolve) => {
+		pending.set(correlationId, {
+			agentId,
+			chatId,
+			registeredAt: Date.now(),
+			resolve
+		});
+	});
+}
+/**
+* Best-effort resolve. Called by the inbox dispatcher when a
+* `format: "question_answer"` message arrives. Returns `true` when an entry
+* matched (so the caller knows it can ack + skip normal session routing),
+* `false` when there was no waiter (stale answer, e.g. session resumed after
+* the bridge was already cleaned up).
+*
+* Schema validation lives here too — a malformed answer payload is logged
+* (well, `false` returned and the dispatcher emits a warn) but never throws.
+*/
+function tryResolveQuestionAnswer(content) {
+	const parsed = questionAnswerMessageContentSchema.safeParse(content);
+	if (!parsed.success) return false;
+	const entry = pending.get(parsed.data.correlationId);
+	if (!entry) return false;
+	pending.delete(parsed.data.correlationId);
+	entry.resolve({
+		status: "answered",
+		answers: parsed.data.answers
+	});
+	return true;
+}
+/** Cleanup hook used by handler.shutdown() to fail-fast every in-flight question. */
+function rejectPendingForAgent(agentId, reason) {
+	let count = 0;
+	for (const [correlationId, entry] of pending) {
+		if (entry.agentId !== agentId) continue;
+		pending.delete(correlationId);
+		entry.resolve({
+			status: "denied",
+			reason
+		});
+		count++;
+	}
+	return count;
+}
+/**
+* Silent cleanup for `handler.suspend()`. Removes pending entries WITHOUT
+* resolving the Promise — the SDK process is being torn down anyway, and
+* resolving would unblock the canUseTool callback whose return value the
+* SDK then writes to a now-closed transport (the symptom: 'ProcessTransport
+* is not ready for writing' uncaught). The orphaned Promise stack frame is
+* GC'd alongside the SDK process exit. When the user eventually answers,
+* SessionManager.dispatch sees no matching waiter (`tryResolveQuestionAnswer`
+* returns false) and routes the answer message through the normal dispatch
+* path so the suspended session resumes with the answer as fresh input.
+*/
+function clearPendingForAgent(agentId) {
+	let count = 0;
+	for (const [correlationId, entry] of pending) {
+		if (entry.agentId !== agentId) continue;
+		pending.delete(correlationId);
+		count++;
+	}
+	return count;
+}
 /**
 * Resolve which Claude Code binary the SDK should spawn.
 *
@@ -3753,6 +3999,90 @@ const createClaudeCodeHandler = (config) => {
 		recordAppliedPayload(sessionCtx);
 		consumerDone = consumeOutput(sessionCtx);
 	}
+	/**
+	* Build the SDK `canUseTool` callback for this session. Auto-allows every
+	* tool except `AskUserQuestion`, which we route through the Hub's inbox:
+	*
+	*   1. Validate the SDK's question shape against the shared Zod schema (so
+	*      a malformed model output can't smuggle bad data into Hub messages).
+	*   2. Send a `format: "question"` message via the agent SDK — this hits
+	*      the server's `sendMessage` path which writes the `pending_questions`
+	*      lifecycle row in the same transaction (see commit 2).
+	*   3. Register a Promise keyed on the SDK `toolUseID`. The matching
+	*      `question_answer` message arrives over the inbox WS / poll path
+	*      and SessionManager.dispatch resolves the Promise (commit 2 wired
+	*      the answer route + supersede hooks; SessionManager wiring lives
+	*      in this commit).
+	*   4. Map the bridge result to `PermissionResult`: `answered` →
+	*      `{ behavior: "allow", updatedInput: { questions, answers } }`,
+	*      `denied` → `{ behavior: "deny", message }` so the model abandons
+	*      the call instead of looping.
+	*
+	* `bypassPermissions` mode still calls `canUseTool` for `AskUserQuestion`
+	* specifically — verified by `tmp-verify/verify.mjs` cases A through G.
+	*/
+	function buildAskUserCanUseTool(sessionCtx) {
+		return async (toolName, input, options) => {
+			if (toolName !== "AskUserQuestion") return {
+				behavior: "allow",
+				updatedInput: input
+			};
+			const parsed = z.object({ questions: z.array(questionItemSchema).min(1).max(4) }).safeParse(input);
+			if (!parsed.success) {
+				sessionCtx.log(`AskUserQuestion: malformed input — ${parsed.error.message.slice(0, 200)}`);
+				return {
+					behavior: "deny",
+					message: "AskUserQuestion input did not validate; abandon the question and pick a different tool or answer."
+				};
+			}
+			const correlationId = options.toolUseID;
+			const questions = parsed.data.questions;
+			const questionContent = {
+				correlationId,
+				questions,
+				previewFormat: "html",
+				allowFreeText: true
+			};
+			try {
+				await sessionCtx.sdk.sendMessage(sessionCtx.chatId, {
+					format: "question",
+					content: questionContent
+				});
+			} catch (err) {
+				const reason = err instanceof Error ? err.message : String(err);
+				sessionCtx.log(`AskUserQuestion: failed to publish question — ${reason}`);
+				return {
+					behavior: "deny",
+					message: `Hub could not publish the question (${reason}); abandon the call.`
+				};
+			}
+			sessionCtx.log(`AskUserQuestion: published correlationId=${correlationId}; awaiting user answer`);
+			const result = await registerPendingQuestion({
+				correlationId,
+				agentId: sessionCtx.agent.agentId,
+				chatId: sessionCtx.chatId
+			});
+			if (options.signal.aborted) return {
+				behavior: "deny",
+				message: "AskUserQuestion aborted before an answer arrived."
+			};
+			if (result.status === "denied") {
+				sessionCtx.log(`AskUserQuestion: denied correlationId=${correlationId} reason=${result.reason}`);
+				return {
+					behavior: "deny",
+					message: result.reason
+				};
+			}
+			sessionCtx.log(`AskUserQuestion: answered correlationId=${correlationId}`);
+			return {
+				behavior: "allow",
+				updatedInput: {
+					questions,
+					answers: result.answers
+				}
+			};
+		};
+	}
 	/** Rebuild query and input controller without starting a new consumer loop (used for retry within the existing loop). */
 	function respawnQuery(sessionId, sessionCtx) {
 		buildQuery(sessionId, sessionCtx, sessionId);
@@ -3785,6 +4115,8 @@ const createClaudeCodeHandler = (config) => {
 				allowDangerouslySkipPermissions: true,
 				settingSources: ["user", "project"],
 				env: buildEnv(sessionCtx),
+				canUseTool: buildAskUserCanUseTool(sessionCtx),
+				toolConfig: { askUserQuestion: { previewFormat: "html" } },
 				...claudeCodeExecutable ? { pathToClaudeCodeExecutable: claudeCodeExecutable } : {},
 				...payload?.model ? { model: payload.model } : {},
 				...payload?.prompt.append ? { systemPrompt: {
@@ -4047,6 +4379,11 @@ const createClaudeCodeHandler = (config) => {
 		},
 		async suspend() {
 			ctx?.log("Suspending session");
+			const sessionCtx = ctx;
+			if (sessionCtx) {
+				const dropped = clearPendingForAgent(sessionCtx.agent.agentId);
+				if (dropped > 0) sessionCtx.log(`Cleared ${dropped} pending AskUserQuestion entries on suspend`);
+			}
 			if (inputController) {
 				inputController.end();
 				inputController = null;
@@ -4064,6 +4401,10 @@ const createClaudeCodeHandler = (config) => {
 		async shutdown() {
 			const sessionCtx = ctx;
 			await handler.suspend();
+			if (sessionCtx) {
+				const dropped = rejectPendingForAgent(sessionCtx.agent.agentId, "Session shutting down.");
+				if (dropped > 0) sessionCtx.log(`Rejected ${dropped} pending AskUserQuestion entries during shutdown`);
+			}
 			if (sessionCtx) await cleanupGitWorktrees(sessionCtx);
 			if (cwd) {
 				try {
@@ -4742,8 +5083,34 @@ function resolveSenderLabel(senderId, participants) {
 * Async because the participant list may need a server round-trip on first
 * use; subsequent messages in the same session hit the cache.
 */
+/**
+* Convert a SessionMessage's payload to a plain-text snippet the LLM can
+* read as user input. Most formats are already strings; the special case
+* is `question_answer` — when an answer arrives AFTER the SDK process was
+* suspended, SessionManager.dispatch routes it through the normal path,
+* and we need to render the structured `{correlationId, answers}` payload
+* as readable English so the resumed Claude turn can act on it.
+*/
+function renderForLLM(message) {
+	if (message.format === "question_answer" && message.content && typeof message.content === "object") {
+		const c = message.content;
+		if (c.answers && typeof c.answers === "object") {
+			const lines = [];
+			for (const [question, answer] of Object.entries(c.answers)) {
+				lines.push(`Q: ${question}`);
+				lines.push(`A: ${answer}`);
+			}
+			return [
+				"[The user has answered an earlier AskUserQuestion you raised. Continue the task using their answers below; do NOT call AskUserQuestion again for the same questions.]",
+				"",
+				...lines
+			].join("\n");
+		}
+	}
+	return typeof message.content === "string" ? message.content : JSON.stringify(message.content);
+}
 async function formatInboundContent(message, participants) {
-	const rawContent = typeof message.content === "string" ? message.content : JSON.stringify(message.content);
+	const rawContent = renderForLLM(message);
 	const preceding = message.precedingMessages ?? [];
 	let header = "";
 	if (preceding.length > 0) {
@@ -4946,6 +5313,16 @@ var SessionManager = class {
 	async dispatch(entry) {
 		const chatId = entry.chatId ?? entry.message.chatId;
 		const messageId = entry.message.id;
+		if (entry.message.format === "question_answer") {
+			if (tryResolveQuestionAnswer(entry.message.content)) {
+				await this.ackEntry(entry.id, chatId);
+				return;
+			}
+			this.config.log.info({
+				chatId,
+				messageId
+			}, "question_answer with no live bridge waiter — resuming session with answer as input");
+		}
 		const dedupKey = `${chatId}:${messageId}`;
 		if (this.deduplicator.isDuplicate(dedupKey)) {
 			this.config.log.debug({
@@ -8303,7 +8680,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-AI3pwmqN.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-C6qlhju2.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9516,7 +9893,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-B8Ncyl76.mjs
+//#region ../server/dist/app-CVe_gn9M.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -9540,53 +9917,6 @@ const adapterAgentMappings = pgTable("adapter_agent_mappings", {
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
 }, (table) => [unique("uq_adapter_agent_mapping").on(table.platform, table.externalUserId)]);
-/** Communication container. All messages between agents flow within a Chat. */
-const chats = pgTable("chats", {
-	id: text("id").primaryKey(),
-	organizationId: text("organization_id").notNull().references(() => organizations.id),
-	type: text("type").notNull().default("direct"),
-	topic: text("topic"),
-	lifecyclePolicy: text("lifecycle_policy").default("persistent"),
-	parentChatId: text("parent_chat_id"),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	lastMessageAt: timestamp("last_message_at", { withTimezone: true }),
-	lastMessagePreview: text("last_message_preview"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [index("idx_chats_org_last_message").on(table.organizationId, desc(table.lastMessageAt))]);
-/** Speaking participants of a chat (M:N). Watchers live in chat_subscriptions. */
-const chatParticipants = pgTable("chat_participants", {
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	role: text("role").notNull().default("member"),
-	mode: text("mode").notNull().default("full"),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	joinedAt: timestamp("joined_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_participants_agent").on(table.agentId)]);
-/**
-* Non-speaking observers ("watchers"). Used by the chat-first workspace so a
-* user can supervise chats their managed agents participate in without
-* accidentally being part of fan-out.
-*
-* Invariants:
-*   1. (chat_id, agent_id) is mutually exclusive with chat_participants.
-*   2. Rows here NEVER produce inbox_entries (fan-out exclusivity).
-*   3. Mention candidate resolution NEVER includes these rows.
-*   4. State transitions (join/leave) carry last_read_at + counter; lifecycle
-*      recomputes default to NULL/0 and MUST NOT run on the join/leave path.
-*
-* See docs/chat-first-workspace-product-design.md "Data Model" + "State
-* Transitions" for the full contract.
-*/
-const chatSubscriptions = pgTable("chat_subscriptions", {
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	kind: text("kind").notNull().default("watching"),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_chat_subscriptions_agent").on(table.agentId)]);
 /**
 * Tasks — lightweight work units. Process descriptors, not tickets.
 * Immutable status state machine: pending → assigned → working → (completed | failed | cancelled).
@@ -9986,705 +10316,92 @@ async function createAdapterConfig(db, data, encryptionKey) {
 	const encrypted = encryptCredentials(data.credentials, key);
 	try {
 		const [row] = await db.insert(adapterConfigs).values({
-			platform: data.platform,
-			agentId: data.agentId,
-			credentials: encrypted,
-			status: data.status ?? "active"
-		}).returning();
-		if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		return toResponse(row);
-	} catch (err) {
-		if ((err?.code ?? err?.cause?.code ?? "") === "23505") throw new ConflictError(`Agent "${data.agentId}" already has a ${data.platform} adapter config`);
-		throw err;
-	}
-}
-async function updateAdapterConfig(db, id, data, encryptionKey) {
-	const setClause = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.agentId !== void 0) {
-		await validateAgentId(db, data.agentId);
-		setClause.agentId = data.agentId;
-	}
-	if (data.status !== void 0) setClause.status = data.status;
-	if (data.credentials !== void 0) {
-		const key = requireEncryptionKey(encryptionKey);
-		setClause.credentials = encryptCredentials(data.credentials, key);
-	}
-	const [row] = await db.update(adapterConfigs).set(setClause).where(eq(adapterConfigs.id, id)).returning();
-	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
-	return toResponse(row);
-}
-async function deleteAdapterConfig(db, id) {
-	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
-	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
-}
-const log$7 = createLogger$1("Adapters");
-function parseId(raw) {
-	const id = Number(raw);
-	if (!Number.isInteger(id) || id <= 0) throw new BadRequestError(`Invalid adapter ID: "${raw}"`);
-	return id;
-}
-/** Class C — `/api/v1/adapters/:id`. */
-async function adapterRoutes(app) {
-	app.get("/:id", async (request) => {
-		const { userId } = requireUser(request);
-		const id = parseId(request.params.id);
-		const config = await getAdapterConfig(app.db, id);
-		await assertAgentManageableByUser(app.db, userId, config.agentId);
-		return {
-			...config,
-			createdAt: config.createdAt.toISOString(),
-			updatedAt: config.updatedAt.toISOString()
-		};
-	});
-	app.patch("/:id", { config: { otelRecordBody: true } }, async (request) => {
-		const { userId } = requireUser(request);
-		const id = parseId(request.params.id);
-		const body = updateAdapterConfigSchema.parse(request.body);
-		const existing = await getAdapterConfig(app.db, id);
-		await assertAgentManageableByUser(app.db, userId, existing.agentId);
-		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after update"));
-		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
-		return {
-			...config,
-			createdAt: config.createdAt.toISOString(),
-			updatedAt: config.updatedAt.toISOString()
-		};
-	});
-	app.delete("/:id", async (request, reply) => {
-		const { userId } = requireUser(request);
-		const id = parseId(request.params.id);
-		const existing = await getAdapterConfig(app.db, id);
-		await assertAgentManageableByUser(app.db, userId, existing.agentId);
-		await deleteAdapterConfig(app.db, id);
-		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after delete"));
-		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
-		return reply.status(204).send();
-	});
-}
-/**
-* Pull the agent identity populated by `agentSelectorHook` off the
-* request. The hook runs before any handler and assigns `request.agent`,
-* but the optional shape is what fastify exposes to consumers — narrowing
-* it here keeps every Class D handler clean of `if (!request.agent)`.
-*/
-function requireAgent(request) {
-	const agent = request.agent;
-	if (!agent) throw new UnauthorizedError("Agent authentication required");
-	return agent;
-}
-/**
-* Process-local cache for the per-chat realtime push audience
-* (`chat_participants ∪ chat_subscriptions`, keyed by human agent
-* uuid). Sits in front of the admin WS dispatch so a chat with N
-* messages/sec doesn't issue N audience-resolution queries; one query
-* + cache hit per chat per TTL window.
-*
-* The cache exposes both a populator (`getCachedAudience`) and an
-* invalidator (`invalidateChatAudience`). Participant-mutation paths
-* (`addMeChatParticipants`, `joinMeChat`, `leaveMeChat`,
-* `recomputeChatWatchers`, `joinAsParticipant`, `leaveAsParticipant`)
-* MUST call `invalidateChatAudience` after their tx commits so the
-* very next dispatch reflects the new audience without waiting for
-* the TTL to age out — without invalidation, a freshly-added speaker
-* would miss `chat:message` pushes for up to TTL_MS.
-*
-* Cross-instance correctness: not handled here. The PG NOTIFY layer
-* already broadcasts message events to every replica; each replica's
-* audience cache is independently invalidated by its own
-* service-layer mutations on chats it routes traffic for. For
-* cross-replica participant changes to invalidate this cache, route
-* the mutation through the same replica that hosts the WS connection
-* (sticky routing) or add a dedicated `chat:audience` PG NOTIFY in
-* a follow-up.
-*/
-const log$6 = createLogger$1("ChatAudienceCache");
-const TTL_MS = 5e3;
-const MAX_ENTRIES = 1024;
-const cache = /* @__PURE__ */ new Map();
-/** Resolve a chat's push audience, hitting the cache when fresh.
-*  Returns null on DB error (caller should skip dispatch). */
-async function getCachedAudience(db, chatId) {
-	const now = Date.now();
-	const cached = cache.get(chatId);
-	if (cached && cached.expiresAt > now) return cached.audience;
-	try {
-		const rows = await db.execute(sql`
-      SELECT agent_id FROM chat_participants WHERE chat_id = ${chatId}
-      UNION
-      SELECT agent_id FROM chat_subscriptions WHERE chat_id = ${chatId}
-    `);
-		const audience = new Set(rows.map((r) => r.agent_id));
-		cache.set(chatId, {
-			audience,
-			expiresAt: now + TTL_MS
-		});
-		if (cache.size > MAX_ENTRIES) {
-			for (const [k, v] of cache) if (v.expiresAt <= now) cache.delete(k);
-		}
-		return audience;
-	} catch (err) {
-		log$6.warn({
-			err,
-			chatId
-		}, "failed to resolve chat audience");
-		return null;
-	}
-}
-/** Drop the cached audience for a chat. Called from participant-
-*  mutation paths after their transaction commits, so the next
-*  `chat:message` dispatch hits the DB and reflects the new
-*  membership instead of serving a stale TTL window. */
-function invalidateChatAudience(chatId) {
-	cache.delete(chatId);
-}
-/**
-* Chat-first workspace — watcher subscription helpers.
-*
-* Watchers (rows in `chat_subscriptions`) are non-speaking observers. A
-* member who manages an agent that participates in a chat — but whose own
-* human agent is not a speaker there — sees the chat in their workspace
-* via a watcher row.
-*
-* Two distinct kinds of operation live here:
-*
-*   1. Set rebuilds (`recompute*`). Idempotent set-based recomputations
-*      driven by lifecycle events (chat created, participant added/removed,
-*      member status flipped, etc.). These DEFAULT new rows to NULL/0 read
-*      state.
-*
-*   2. State-carry transitions (`joinAsParticipant`, `leaveAsParticipant`).
-*      Move a single (chat, agent) pair between `chat_participants` and
-*      `chat_subscriptions` while preserving `last_read_at` and
-*      `unread_mention_count`. NEVER call recompute on this path or you'll
-*      lose read state.
-*
-* See docs/chat-first-workspace-product-design.md "State Transitions" and
-* "Risk Constraints".
-*/
-/**
-* Recompute watcher rows for ONE chat. For every active member who:
-*   - manages a non-human agent that speaks in the chat, AND
-*   - whose own human agent is NOT a speaker in the chat
-* an `(chat_id, member.agent_id)` watcher row is upserted (NULL read state).
-*
-* Watchers whose anchoring condition no longer holds (manager left, the
-* managed agent was removed from the chat, the manager joined as a speaker
-* themselves) are deleted.
-*
-* Idempotent: safe to call multiple times for the same chat.
-*/
-async function recomputeChatWatchers(db, chatId) {
-	await db.execute(sql`
-    INSERT INTO chat_subscriptions
-      (chat_id, agent_id, kind, last_read_at, unread_mention_count, created_at)
-    SELECT DISTINCT cp.chat_id, m.agent_id, 'watching', NULL::timestamp with time zone, 0, now()
-      FROM chat_participants cp
-      JOIN agents  a ON a.uuid = cp.agent_id
-      JOIN members m ON m.id   = a.manager_id
-     WHERE cp.chat_id = ${chatId}
-       AND m.status   = 'active'
-       AND a.type    <> 'human'
-       AND NOT EXISTS (
-         SELECT 1 FROM chat_participants cp2
-          WHERE cp2.chat_id  = cp.chat_id
-            AND cp2.agent_id = m.agent_id
-       )
-    ON CONFLICT (chat_id, agent_id) DO NOTHING
-  `);
-	await db.execute(sql`
-    DELETE FROM chat_subscriptions cs
-     WHERE cs.chat_id = ${chatId}
-       AND NOT EXISTS (
-         SELECT 1
-           FROM chat_participants cp
-           JOIN agents  a ON a.uuid = cp.agent_id
-           JOIN members m ON m.id   = a.manager_id
-          WHERE cp.chat_id = cs.chat_id
-            AND m.agent_id = cs.agent_id
-            AND m.status   = 'active'
-            AND a.type    <> 'human'
-            AND NOT EXISTS (
-              SELECT 1 FROM chat_participants cp2
-               WHERE cp2.chat_id  = cp.chat_id
-                 AND cp2.agent_id = m.agent_id
-            )
-       )
-  `);
-}
-/**
-* Recompute watcher rows touching ONE agent across all chats it speaks in.
-* Used after `rebindAgent` (manager change) so the new manager picks up
-* watcher rows and the old manager's are dropped.
-*/
-async function recomputeWatchersForAgent(db, agentId) {
-	const chatRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId));
-	for (const { chatId } of chatRows) await recomputeChatWatchers(db, chatId);
-}
-/**
-* Recompute watcher rows touching ONE member across all chats. Triggered
-* when the member's status flips active ↔ left.
-*/
-async function recomputeWatchersForMember(db, memberId) {
-	const rows = await db.selectDistinct({ chatId: chatParticipants.chatId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(and(eq(agents.managerId, memberId), ne(agents.type, "human")));
-	for (const { chatId } of rows) await recomputeChatWatchers(db, chatId);
-}
-/**
-* Mirror of `services/chat.ts` `maybeUpgradeDirectToGroup`. Inlined here so
-* `joinAsParticipant` keeps the upgrade rule + the state carry in one
-* transaction without depending on chat.ts (avoids a circular import).
-*/
-async function maybeUpgradeDirectToGroup$1(tx, chatId, existingParticipantIds) {
-	if (existingParticipantIds.length + 1 < 3) return;
-	const [chat] = await tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat || chat.type !== "direct") return;
-	await tx.update(chats).set({
-		type: "group",
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(chats.id, chatId));
-	if (existingParticipantIds.length === 0) return;
-	const ids = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((r) => r.uuid);
-	if (ids.length === 0) return;
-	await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
-}
-/**
-* Watcher → speaking participant. State-carry transaction.
-*
-*   1. DELETE the watcher row (returning read state).
-*   2. If a participant row already exists, no-op (idempotent).
-*   3. Otherwise, run the direct → group upgrade rule against the *current*
-*      participant set, then INSERT the participant row carrying read state.
-*
-* If `requireWatcherOrVisible` is true, refuse when the user has neither a
-* watcher row nor admin-derived visibility — used to keep the public
-* `/me/chats/:chatId/join` endpoint honest. Pre-check happens in the
-* route layer where we have the full member scope.
-*/
-async function joinAsParticipant(db, chatId, humanAgentId) {
-	return db.transaction(async (tx) => {
-		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
-			lastReadAt: chatSubscriptions.lastReadAt,
-			unreadMentionCount: chatSubscriptions.unreadMentionCount
-		});
-		const [existing] = await tx.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
-		if (existing) return {
-			chatId,
-			inserted: false,
-			carried: carriedRow ?? null
-		};
-		await maybeUpgradeDirectToGroup$1(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId));
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId: humanAgentId,
-			role: "member",
-			mode: "full",
-			lastReadAt: carriedRow?.lastReadAt ?? null,
-			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
-		});
-		return {
-			chatId,
-			inserted: true,
-			carried: carriedRow ?? null
-		};
-	});
-}
-/**
-* Speaking participant → watcher (or fully detach).
-*
-*   1. DELETE the participant row (returning read state).
-*   2. Test "still visible": is the user still the manager of an agent that
-*      remains a participant in this chat? If yes, INSERT a watcher row
-*      carrying read state. If no, drop entirely.
-*
-* Caller must validate that the user actually has a participant row to
-* leave (returns `NotFoundError` if not).
-*/
-async function leaveAsParticipant(db, chatId, humanAgentId) {
-	return db.transaction(async (tx) => {
-		const [carried] = await tx.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning({
-			lastReadAt: chatParticipants.lastReadAt,
-			unreadMentionCount: chatParticipants.unreadMentionCount
-		});
-		if (!carried) throw new NotFoundError("Not a participant of this chat");
-		const [stillVisibleRow] = await tx.execute(sql`
-      SELECT EXISTS (
-        SELECT 1
-          FROM chat_participants cp
-          JOIN agents  a ON a.uuid = cp.agent_id
-          JOIN members m ON m.id   = a.manager_id
-         WHERE cp.chat_id = ${chatId}
-           AND m.agent_id = ${humanAgentId}
-           AND m.status   = 'active'
-           AND a.type    <> 'human'
-      ) AS visible
-    `);
-		if (!Boolean(stillVisibleRow?.visible)) return {
-			chatId,
-			membershipKind: null
-		};
-		await tx.insert(chatSubscriptions).values({
-			chatId,
-			agentId: humanAgentId,
-			kind: "watching",
-			lastReadAt: carried.lastReadAt,
-			unreadMentionCount: carried.unreadMentionCount
-		}).onConflictDoNothing();
-		return {
-			chatId,
-			membershipKind: "watching"
-		};
-	});
-}
-/**
-* Resolve the membership row of the human agent for the given chat. Returns
-* one of: 'participant', 'watching', or null.
-*
-* Used by `/me/chats/:chatId/join` to refuse a join when the user has
-* neither a watcher row nor a participant row, and isn't otherwise
-* authorised (admin in the chat's org).
-*/
-async function resolveChatMembership(db, chatId, humanAgentId) {
-	const [participant] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
-	if (participant) return "participant";
-	const [sub] = await db.select({ chatId: chatSubscriptions.chatId }).from(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).limit(1);
-	if (sub) return "watching";
-	return null;
-}
-/**
-* Used by `/me/chats/:chatId/join`. Throw 409 if already a speaker (no work
-* to do) and 403 if no watcher row and no admin override. Admin override is
-* resolved at the route layer; this helper only reports the watcher state.
-*/
-function ensureCanJoin(membership) {
-	if (membership === "participant") throw new ConflictError("Already a participant in this chat");
-	if (membership === null) throw new ForbiddenError("Not a watcher of this chat — open the chat from your workspace before joining");
-}
-/**
-* When a direct chat grows past 2 participants, upgrade it to `group` and
-* flip every existing non-human agent participant to `mention_only` — see
-* proposals/hub-agent-messaging-reply-and-mentions §3.3. The caller is
-* expected to insert the new participant AFTER this runs, so the "existing"
-* set excludes them.
-*
-* Idempotent: if the chat is already a group, no-op.
-*/
-async function maybeUpgradeDirectToGroup(db, chatId, existingParticipantIds, newParticipantCount) {
-	if (existingParticipantIds.length + newParticipantCount < 3) return;
-	const [chat] = await db.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat || chat.type !== "direct") return;
-	await db.update(chats).set({
-		type: "group",
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(chats.id, chatId));
-	if (existingParticipantIds.length === 0) return;
-	const ids = (await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((a) => a.uuid);
-	if (ids.length === 0) return;
-	await db.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
-}
-async function createChat(db, creatorId, data) {
-	const chatId = randomUUID();
-	const allParticipantIds = new Set([creatorId, ...data.participantIds]);
-	const existingAgents = await db.select({
-		id: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, [...allParticipantIds]));
-	if (existingAgents.length !== allParticipantIds.size) {
-		const found = new Set(existingAgents.map((a) => a.id));
-		throw new BadRequestError(`Agents not found: ${[...allParticipantIds].filter((id) => !found.has(id)).join(", ")}`);
-	}
-	const creator = existingAgents.find((a) => a.id === creatorId);
-	if (!creator) throw new Error("Unexpected: creator not in existingAgents");
-	const orgId = creator.organizationId;
-	const crossOrg = existingAgents.filter((a) => a.organizationId !== orgId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.id).join(", ")}`);
-	const isDirectAgentOnly = data.type === "direct" && existingAgents.every((a) => a.type !== "human");
-	return db.transaction(async (tx) => {
-		const [chat] = await tx.insert(chats).values({
-			id: chatId,
-			organizationId: orgId,
-			type: data.type,
-			topic: data.topic ?? null,
-			metadata: data.metadata ?? {}
-		}).returning();
-		const participantRows = [...allParticipantIds].map((agentId) => ({
-			chatId,
-			agentId,
-			role: agentId === creatorId ? "owner" : "member",
-			...isDirectAgentOnly ? { mode: "mention_only" } : {}
-		}));
-		await tx.insert(chatParticipants).values(participantRows);
-		await recomputeChatWatchers(tx, chatId);
-		const participants = await tx.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		return {
-			...chat,
-			participants
-		};
-	});
-}
-async function getChat(db, chatId) {
-	const [chat] = await db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
-	return chat;
-}
-async function getChatDetail(db, chatId) {
-	const chat = await getChat(db, chatId);
-	const participants = await db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-	return {
-		...chat,
-		participants
-	};
-}
-async function listChats(db, agentId, limit, cursor) {
-	const chatIds = (await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId))).map((r) => r.chatId);
-	if (chatIds.length === 0) return {
-		items: [],
-		nextCursor: null
-	};
-	const where = cursor ? and(inArray(chats.id, chatIds), lt(chats.updatedAt, new Date(cursor))) : inArray(chats.id, chatIds);
-	const rows = await db.select().from(chats).where(where).orderBy(desc(chats.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.updatedAt.toISOString() : null
-	};
-}
-/**
-* List participants of a chat with their agent names — used by the client
-* runtime to resolve `@<name>` mentions against the authoritative participant
-* set (see proposals/hub-agent-messaging-reply-and-mentions §4).
-*/
-async function listChatParticipantsWithNames(db, chatId) {
-	return await db.select({
-		agentId: chatParticipants.agentId,
-		role: chatParticipants.role,
-		mode: chatParticipants.mode,
-		joinedAt: chatParticipants.joinedAt,
-		name: agents.name,
-		displayName: agents.displayName,
-		type: agents.type
-	}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
-}
-async function assertParticipant(db, chatId, agentId) {
-	const [row] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
-	if (!row) throw new ForbiddenError("Not a participant of this chat");
-}
-/** Ensure an agent is a participant of a chat. Silently adds them if not already. */
-async function ensureParticipant$1(db, chatId, agentId) {
-	const [existing] = await db.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
-	if (existing) return;
-	await db.transaction(async (tx) => {
-		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
-		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, agentId)));
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId,
-			mode: "full"
-		}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-}
-async function addParticipant(db, chatId, requesterId, data) {
-	const chat = await getChat(db, chatId);
-	await assertParticipant(db, chatId, requesterId);
-	const [targetAgent] = await db.select({
-		id: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, data.agentId)).limit(1);
-	if (!targetAgent) throw new NotFoundError(`Agent "${data.agentId}" not found`);
-	if (targetAgent.organizationId !== chat.organizationId) throw new BadRequestError("Cannot add agent from different organization");
-	const [existing] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, data.agentId))).limit(1);
-	if (existing) throw new ConflictError(`Agent "${data.agentId}" is already a participant`);
-	await db.transaction(async (tx) => {
-		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
-		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, data.agentId)));
-		await tx.insert(chatParticipants).values({
-			chatId,
+			platform: data.platform,
 			agentId: data.agentId,
-			mode: data.mode ?? "full"
-		});
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-async function removeParticipant(db, chatId, requesterId, targetAgentId) {
-	await assertParticipant(db, chatId, requesterId);
-	if (requesterId === targetAgentId) throw new BadRequestError("Cannot remove yourself from a chat");
-	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, targetAgentId))).returning();
-	if (!removed) throw new NotFoundError(`Agent "${targetAgentId}" is not a participant of this chat`);
-	await recomputeChatWatchers(db, chatId);
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
+			credentials: encrypted,
+			status: data.status ?? "active"
+		}).returning();
+		if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
+		return toResponse(row);
+	} catch (err) {
+		if ((err?.code ?? err?.cause?.code ?? "") === "23505") throw new ConflictError(`Agent "${data.agentId}" already has a ${data.platform} adapter config`);
+		throw err;
+	}
 }
-/**
-* List chats visible to a member, grouped by agent.
-* A member sees chats where:
-*   1. Their human agent is a participant, OR
-*   2. Any agent they manage (managerId = memberId) is a participant (supervision)
-*/
-async function listChatsForMember(db, memberId, humanAgentId) {
-	const managedAgents = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		type: agents.type,
-		displayName: agents.displayName
-	}).from(agents).where(eq(agents.managerId, memberId));
-	const agentMap = /* @__PURE__ */ new Map();
-	for (const a of managedAgents) agentMap.set(a.uuid, a);
-	if (!agentMap.has(humanAgentId)) {
-		const [ha] = await db.select({
-			uuid: agents.uuid,
-			name: agents.name,
-			type: agents.type,
-			displayName: agents.displayName
-		}).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
-		if (ha) agentMap.set(ha.uuid, ha);
+async function updateAdapterConfig(db, id, data, encryptionKey) {
+	const setClause = { updatedAt: /* @__PURE__ */ new Date() };
+	if (data.agentId !== void 0) {
+		await validateAgentId(db, data.agentId);
+		setClause.agentId = data.agentId;
 	}
-	const agentIds = [...agentMap.keys()];
-	if (agentIds.length === 0) return [];
-	const participations = await db.select({
-		chatId: chatParticipants.chatId,
-		agentId: chatParticipants.agentId,
-		role: chatParticipants.role,
-		mode: chatParticipants.mode
-	}).from(chatParticipants).where(inArray(chatParticipants.agentId, agentIds));
-	if (participations.length === 0) return [];
-	const chatIds = [...new Set(participations.map((p) => p.chatId))];
-	const agentChatMap = /* @__PURE__ */ new Map();
-	for (const p of participations) {
-		const list = agentChatMap.get(p.agentId) ?? [];
-		list.push(p.chatId);
-		agentChatMap.set(p.agentId, list);
-	}
-	const chatRows = await db.select({
-		id: chats.id,
-		type: chats.type,
-		topic: chats.topic,
-		metadata: chats.metadata,
-		createdAt: chats.createdAt,
-		updatedAt: chats.updatedAt,
-		participantCount: sql`(SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id})`
-	}).from(chats).where(inArray(chats.id, chatIds)).orderBy(desc(chats.updatedAt));
-	const chatMap = new Map(chatRows.map((c) => [c.id, c]));
-	const humanParticipantChatIds = new Set(participations.filter((p) => p.agentId === humanAgentId).map((p) => p.chatId));
-	const result = [];
-	for (const [agentId, agentChatIds] of agentChatMap) {
-		const agentInfo = agentMap.get(agentId);
-		if (!agentInfo) continue;
-		const agentChats = agentChatIds.map((chatId) => {
-			const chat = chatMap.get(chatId);
-			if (!chat) return null;
-			const isSupervisionOnly = agentId !== humanAgentId && !humanParticipantChatIds.has(chatId);
-			return {
-				id: chat.id,
-				type: chat.type,
-				topic: chat.topic,
-				participantCount: chat.participantCount,
-				isSupervisionOnly,
-				createdAt: chat.createdAt.toISOString(),
-				updatedAt: chat.updatedAt.toISOString()
-			};
-		}).filter((c) => c !== null);
-		if (agentChats.length > 0) result.push({
-			agent: agentInfo,
-			chats: agentChats
-		});
+	if (data.status !== void 0) setClause.status = data.status;
+	if (data.credentials !== void 0) {
+		const key = requireEncryptionKey(encryptionKey);
+		setClause.credentials = encryptCredentials(data.credentials, key);
 	}
-	return result;
+	const [row] = await db.update(adapterConfigs).set(setClause).where(eq(adapterConfigs.id, id)).returning();
+	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
+	return toResponse(row);
 }
-/**
-* Manager joins a chat. Adds their human agent as a participant.
-* Requires the member to have supervision rights (manages at least one existing participant).
-*/
-async function joinChat(db, chatId, memberId, humanAgentId) {
-	const chat = await getChat(db, chatId);
-	const participantAgentIds = (await db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId);
-	if (participantAgentIds.length === 0) throw new NotFoundError("Chat has no participants");
-	if (participantAgentIds.includes(humanAgentId)) throw new ConflictError("Already a participant in this chat");
-	if ((await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, participantAgentIds), eq(agents.managerId, memberId)))).length === 0) throw new ForbiddenError("You can only join chats where you manage at least one participant");
-	const [humanAgent] = await db.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
-	if (!humanAgent || humanAgent.organizationId !== chat.organizationId) throw new BadRequestError("Agent does not belong to the same organization as the chat");
-	await db.transaction(async (tx) => {
-		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
-			lastReadAt: chatSubscriptions.lastReadAt,
-			unreadMentionCount: chatSubscriptions.unreadMentionCount
-		});
-		await maybeUpgradeDirectToGroup(tx, chatId, participantAgentIds, 1);
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId: humanAgentId,
-			role: "member",
-			mode: "full",
-			lastReadAt: carriedRow?.lastReadAt ?? null,
-			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
-		});
-		await recomputeChatWatchers(tx, chatId);
+async function deleteAdapterConfig(db, id) {
+	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
+	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
+}
+const log$5 = createLogger$1("Adapters");
+function parseId(raw) {
+	const id = Number(raw);
+	if (!Number.isInteger(id) || id <= 0) throw new BadRequestError(`Invalid adapter ID: "${raw}"`);
+	return id;
+}
+/** Class C — `/api/v1/adapters/:id`. */
+async function adapterRoutes(app) {
+	app.get("/:id", async (request) => {
+		const { userId } = requireUser(request);
+		const id = parseId(request.params.id);
+		const config = await getAdapterConfig(app.db, id);
+		await assertAgentManageableByUser(app.db, userId, config.agentId);
+		return {
+			...config,
+			createdAt: config.createdAt.toISOString(),
+			updatedAt: config.updatedAt.toISOString()
+		};
+	});
+	app.patch("/:id", { config: { otelRecordBody: true } }, async (request) => {
+		const { userId } = requireUser(request);
+		const id = parseId(request.params.id);
+		const body = updateAdapterConfigSchema.parse(request.body);
+		const existing = await getAdapterConfig(app.db, id);
+		await assertAgentManageableByUser(app.db, userId, existing.agentId);
+		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after update"));
+		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
+		return {
+			...config,
+			createdAt: config.createdAt.toISOString(),
+			updatedAt: config.updatedAt.toISOString()
+		};
+	});
+	app.delete("/:id", async (request, reply) => {
+		const { userId } = requireUser(request);
+		const id = parseId(request.params.id);
+		const existing = await getAdapterConfig(app.db, id);
+		await assertAgentManageableByUser(app.db, userId, existing.agentId);
+		await deleteAdapterConfig(app.db, id);
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after delete"));
+		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
+		return reply.status(204).send();
 	});
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
 /**
-* Manager leaves a chat. Removes their human agent from participants.
-* Only allowed if the human agent is a participant.
-*
-* Delegates the participant→watcher transition to `leaveAsParticipant`
-* so admin-side and `/me/chats/:id/leave` share one canonical path. The
-* earlier "recompute then UPDATE-back state" variant violated the design
-* rule that recompute is only for set rebuild — never on a transition
-* path (review #228 issue #2). The returned participant list is fetched
-* after the tx commits, matching the admin route's existing contract.
+* Pull the agent identity populated by `agentSelectorHook` off the
+* request. The hook runs before any handler and assigns `request.agent`,
+* but the optional shape is what fastify exposes to consumers — narrowing
+* it here keeps every Class D handler clean of `if (!request.agent)`.
 */
-async function leaveChat(db, chatId, humanAgentId) {
-	await leaveAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-async function findOrCreateDirectChat(db, agentAId, agentBId) {
-	const aChats = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentAId));
-	const bChats = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentBId));
-	const bChatIds = new Set(bChats.map((r) => r.chatId));
-	const commonChatIds = aChats.map((r) => r.chatId).filter((id) => bChatIds.has(id));
-	if (commonChatIds.length > 0) {
-		const directChats = await db.select().from(chats).where(and(inArray(chats.id, commonChatIds), eq(chats.type, "direct")));
-		if (directChats.length > 0 && directChats[0]) return directChats[0];
-	}
-	const ends = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, [agentAId, agentBId]));
-	const agentA = ends.find((a) => a.uuid === agentAId);
-	if (!agentA) throw new NotFoundError(`Agent "${agentAId}" not found`);
-	const agentB = ends.find((a) => a.uuid === agentBId);
-	if (!agentB) throw new NotFoundError(`Agent "${agentBId}" not found`);
-	const mode = agentA.type !== "human" && agentB.type !== "human" ? "mention_only" : "full";
-	const chatId = randomUUID();
-	return db.transaction(async (tx) => {
-		const [chat] = await tx.insert(chats).values({
-			id: chatId,
-			organizationId: agentA.organizationId,
-			type: "direct"
-		}).returning();
-		await tx.insert(chatParticipants).values([{
-			chatId,
-			agentId: agentAId,
-			role: "member",
-			mode
-		}, {
-			chatId,
-			agentId: agentBId,
-			role: "member",
-			mode
-		}]);
-		await recomputeChatWatchers(tx, chatId);
-		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		return chat;
-	});
+function requireAgent(request) {
+	const agent = request.agent;
+	if (!agent) throw new UnauthorizedError("Agent authentication required");
+	return agent;
 }
 function serializeChat(chat) {
 	return {
@@ -10793,46 +10510,6 @@ const agentConfigs = pgTable("agent_configs", {
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
 });
 /**
-* Shared access-control primitives. Most route-level gating now lives in
-* `scope/require-*.ts` — this module is reduced to two helpers that need
-* SQL building blocks reused across routes and tests:
-*
-*   - `agentVisibilityCondition` — WHERE clause for "agents visible to a
-*     member" (org-visible OR managerId = the caller's member). Composed
-*     into list queries that already select from `agents`.
-*   - `listAgentsManagedByUser` — cross-org list of agents personally
-*     managed by a user; powers the CLI `agent list --remote` view.
-*
-* Visibility is the same for all roles — admin sees the same set as a
-* regular member. Admin privilege is expressed through manageability
-* (`requireAgentAccess(..., "manage")`), not visibility.
-*/
-/**
-* SQL WHERE conditions for agents visible to a member.
-*   target org + not deleted + (organization-visible OR managerId = caller's member)
-*/
-function agentVisibilityCondition(orgId, memberId) {
-	return and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED), or(eq(agents.visibility, AGENT_VISIBILITY.ORGANIZATION), eq(agents.managerId, memberId)));
-}
-/**
-* Cross-org listing helper for "agents I personally manage". Used by the
-* CLI `agent list --remote` view — JOINs `agents → members.id` and filters
-* by `members.user_id`.
-*/
-async function listAgentsManagedByUser(db, userId) {
-	return db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		displayName: agents.displayName,
-		type: agents.type,
-		organizationId: agents.organizationId,
-		inboxId: agents.inboxId,
-		visibility: agents.visibility,
-		runtimeProvider: agents.runtimeProvider,
-		clientId: agents.clientId
-	}).from(agents).innerJoin(members, eq(agents.managerId, members.id)).where(and(eq(members.userId, userId), eq(members.status, "active"), ne(agents.status, AGENT_STATUSES.DELETED)));
-}
-/**
 * Resolve the UUID of the "default" organization. Internal use only —
 * webhooks, fallbacks, etc. The HTTP API layer no longer falls back to
 * the JWT default org.
@@ -11026,29 +10703,33 @@ async function createAgent(db, data, options = {}) {
 	}
 	const resolvedDisplayName = data.displayName?.trim() || name || "Unnamed Agent";
 	try {
-		const [agent] = await db.insert(agents).values({
-			uuid,
-			name,
-			organizationId: orgId,
-			type: data.type,
-			displayName: resolvedDisplayName,
-			delegateMention: data.delegateMention ?? null,
-			inboxId,
-			source: data.source ?? null,
-			visibility: data.visibility ?? defaultVisibility(data.type),
-			metadata: data.metadata ?? {},
-			managerId,
-			clientId,
-			runtimeProvider
-		}).returning();
-		if (!agent) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		await db.insert(agentConfigs).values({
-			agentId: agent.uuid,
-			version: 1,
-			payload: defaultRuntimeConfigPayload(runtimeProvider),
-			updatedBy: "system"
-		}).onConflictDoNothing();
-		return agent;
+		return await db.transaction(async (tx) => {
+			const [row] = await tx.insert(agents).values({
+				uuid,
+				name,
+				organizationId: orgId,
+				type: data.type,
+				displayName: resolvedDisplayName,
+				delegateMention: data.delegateMention ?? null,
+				inboxId,
+				source: data.source ?? null,
+				visibility: data.visibility ?? defaultVisibility(data.type),
+				metadata: data.metadata ?? {},
+				managerId,
+				clientId,
+				runtimeProvider
+			}).returning();
+			if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
+			const initialPayload = defaultRuntimeConfigPayload(runtimeProvider);
+			if (data.gitRepos && data.gitRepos.length > 0) initialPayload.gitRepos = data.gitRepos;
+			await tx.insert(agentConfigs).values({
+				agentId: row.uuid,
+				version: 1,
+				payload: initialPayload,
+				updatedBy: "system"
+			}).onConflictDoNothing();
+			return row;
+		});
 	} catch (err) {
 		if ((err?.code ?? err?.cause?.code ?? "") === "23505" && name) throw new ConflictError(`Agent name "${name}" already exists in organization "${orgId}"`);
 		throw err;
@@ -11271,7 +10952,7 @@ async function deleteAgent(db, uuid) {
 	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
 	return agent;
 }
-const log$5 = createLogger$1("AgentFeishuBot");
+const log$4 = createLogger$1("AgentFeishuBot");
 async function agentFeishuBotRoutes(app) {
 	/**
 	* PUT /agent/me/feishu-bot
@@ -11299,7 +10980,7 @@ async function agentFeishuBotRoutes(app) {
 			},
 			status: "active"
 		}, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service bind"));
+		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service bind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(current ? 200 : 201).send({
 			...config,
@@ -11316,7 +10997,7 @@ async function agentFeishuBotRoutes(app) {
 		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
 		if (!current) return reply.status(204).send();
 		await deleteAdapterConfig(app.db, current.id);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service unbind"));
+		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service unbind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -11337,20 +11018,6 @@ const adapterChatMappings = pgTable("adapter_chat_mappings", {
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
 });
-/** Messages. Immutable after creation. Each message belongs to exactly one Chat. */
-const messages = pgTable("messages", {
-	id: text("id").primaryKey(),
-	chatId: text("chat_id").notNull().references(() => chats.id),
-	senderId: text("sender_id").notNull(),
-	format: text("format").notNull(),
-	content: jsonb("content").$type().notNull(),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	replyToInbox: text("reply_to_inbox"),
-	replyToChat: text("reply_to_chat"),
-	inReplyTo: text("in_reply_to"),
-	source: text("source"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [index("idx_messages_chat_time").on(table.chatId, table.createdAt), index("idx_messages_in_reply_to").on(table.inReplyTo)]);
 /** Cross-reference between internal messages and external platform message IDs. */
 const adapterMessageReferences = pgTable("adapter_message_references", {
 	id: serial("id").primaryKey(),
@@ -11541,24 +11208,6 @@ async function agentFeishuUserRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-/** Delivery queue (envelope). One entry per recipient created during message fan-out. Uses SKIP LOCKED for concurrent-safe consumption. */
-const inboxEntries = pgTable("inbox_entries", {
-	id: bigserial("id", { mode: "number" }).primaryKey(),
-	inboxId: text("inbox_id").notNull(),
-	messageId: text("message_id").notNull().references(() => messages.id),
-	chatId: text("chat_id"),
-	status: text("status").notNull().default("pending"),
-	notify: boolean("notify").notNull().default(true),
-	retryCount: integer("retry_count").notNull().default(0),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	deliveredAt: timestamp("delivered_at", { withTimezone: true }),
-	ackedAt: timestamp("acked_at", { withTimezone: true })
-}, (table) => [
-	unique("uq_inbox_delivery").on(table.inboxId, table.messageId, table.chatId),
-	index("idx_inbox_pending").on(table.inboxId, table.createdAt),
-	index("idx_inbox_pending_notify").on(table.inboxId, table.createdAt).where(sql`status = 'pending' AND notify = true`),
-	index("idx_inbox_chat_silent").on(table.inboxId, table.chatId, table.notify, table.status)
-]);
 function normaliseSource(source) {
 	if (source === null) return null;
 	const parsed = messageSourceSchema$1.safeParse(source);
@@ -11956,622 +11605,43 @@ async function prepareImageOutbound(db, notifier, chatId, data) {
 	const parsed = imageInlineContentSchema.safeParse(data.content);
 	if (!parsed.success) return data;
 	const inline = parsed.data;
-	const imageId = inline.imageId ?? randomUUID();
-	const frame = {
-		type: "image_payload",
-		imageId,
-		chatId,
-		base64: inline.data,
-		mimeType: inline.mimeType,
-		filename: inline.filename,
-		...inline.size !== void 0 ? { size: inline.size } : {}
-	};
-	const serialised = JSON.stringify(frame);
-	const inboxIds = await collectTargetInboxes(db, chatId, data.inReplyTo);
-	for (const inboxId of inboxIds) notifier.pushFrameToInbox(inboxId, serialised).catch(() => {});
-	const ref = {
-		imageId,
-		mimeType: inline.mimeType,
-		filename: inline.filename,
-		...inline.size !== void 0 ? { size: inline.size } : {}
-	};
-	return {
-		...data,
-		content: ref
-	};
-}
-/**
-* Mirror `sendMessage`'s fan-out set: every participant of the current
-* chat, plus the original requester's inbox when this message is a cross-
-* chat reply (see `services/message.ts` replyTo routing).
-*/
-async function collectTargetInboxes(db, chatId, inReplyTo) {
-	const participants = await db.select({ inboxId: agents.inboxId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
-	const set = new Set(participants.map((p) => p.inboxId));
-	if (inReplyTo) {
-		const [original] = await db.select({ replyToInbox: messages.replyToInbox }).from(messages).where(eq(messages.id, inReplyTo)).limit(1);
-		if (original?.replyToInbox) set.add(original.replyToInbox);
-	}
-	return [...set];
-}
-/** Per-session state snapshot. One row per (agent, chat) pair, upserted on each session:state message. */
-const agentChatSessions = pgTable("agent_chat_sessions", {
-	agentId: text("agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	state: text("state").notNull(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.agentId, table.chatId] })]);
-/**
-* Upsert session state + refresh presence aggregates + NOTIFY.
-*
-* `agent_chat_sessions.(agent_id, chat_id)` is a single-row "current session
-* state" cache, not a session history log. A new runtime session starting on
-* the same (agent, chat) pair MUST overwrite whatever ended before — including
-* an `evicted` row left by a previous terminate. The previous "revival
-* defense" conflated two concerns: "this runtime session ended" (which is
-* what `evicted` actually means) and "this chat is permanently archived for
-* this agent" (a chat-level decision that should live on `chats`, not here).
-* See proposals/hub-agent-messaging-reply-and-mentions §M2-session-lifecycle.
-*
-* Presence row contract: this function tolerates a missing `agent_presence`
-* row by using `INSERT ... ON CONFLICT DO UPDATE`. The predictive-write path
-* (sendMessage on first message) may target an agent whose client has never
-* bound, so a prior `update agent_presence ... where agentId` would silently
-* drop the activeSessions/totalSessions refresh. See PR #198 review §2.
-*/
-async function upsertSessionState(db, agentId, chatId, state, organizationId, notifier, options) {
-	const now = /* @__PURE__ */ new Date();
-	let wrote = false;
-	await db.transaction(async (tx) => {
-		await tx.insert(agentChatSessions).values({
-			agentId,
-			chatId,
-			state,
-			updatedAt: now
-		}).onConflictDoUpdate({
-			target: [agentChatSessions.agentId, agentChatSessions.chatId],
-			set: {
-				state,
-				updatedAt: now
-			},
-			setWhere: ne(agentChatSessions.state, state)
-		});
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		const activeSessions = counts?.active ?? 0;
-		const totalSessions = counts?.total ?? 0;
-		const presenceSet = options?.touchPresenceLastSeen ?? true ? {
-			activeSessions,
-			totalSessions,
-			lastSeenAt: now
-		} : {
-			activeSessions,
-			totalSessions
-		};
-		await tx.insert(agentPresence).values({
-			agentId,
-			activeSessions,
-			totalSessions
-		}).onConflictDoUpdate({
-			target: [agentPresence.agentId],
-			set: presenceSet
-		});
-		wrote = true;
-	});
-	if (wrote && notifier) notifier.notifySessionStateChange(agentId, chatId, state, organizationId).catch(() => {});
-}
-async function resetActivity(db, agentId) {
-	const now = /* @__PURE__ */ new Date();
-	await db.update(agentPresence).set({
-		runtimeState: "idle",
-		runtimeUpdatedAt: now
-	}).where(eq(agentPresence.agentId, agentId));
-}
-async function getActivityOverview(db) {
-	const [agentCounts] = await db.select({
-		total: sql`count(*)::int`,
-		running: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} IS NOT NULL)::int`,
-		idle: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'idle')::int`,
-		working: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'working')::int`,
-		blocked: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'blocked')::int`,
-		error: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'error')::int`
-	}).from(agentPresence);
-	const [clientCounts] = await db.select({ count: sql`count(*)::int` }).from(clients).where(eq(clients.status, "connected"));
-	return {
-		total: agentCounts?.total ?? 0,
-		running: agentCounts?.running ?? 0,
-		byState: {
-			idle: agentCounts?.idle ?? 0,
-			working: agentCounts?.working ?? 0,
-			blocked: agentCounts?.blocked ?? 0,
-			error: agentCounts?.error ?? 0
-		},
-		clients: clientCounts?.count ?? 0
-	};
-}
-/**
-* List agents with active runtime state.
-* When scope is provided, filters to agents visible to the member.
-*/
-async function listAgentsWithRuntime(db, scope) {
-	if (!scope) return db.select().from(agentPresence).where(isNotNull(agentPresence.runtimeState));
-	return db.select({
-		agentId: agentPresence.agentId,
-		status: agentPresence.status,
-		instanceId: agentPresence.instanceId,
-		connectedAt: agentPresence.connectedAt,
-		lastSeenAt: agentPresence.lastSeenAt,
-		clientId: agentPresence.clientId,
-		runtimeType: agentPresence.runtimeType,
-		runtimeVersion: agentPresence.runtimeVersion,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions,
-		totalSessions: agentPresence.totalSessions,
-		runtimeUpdatedAt: agentPresence.runtimeUpdatedAt,
-		type: agents.type
-	}).from(agentPresence).innerJoin(agents, eq(agentPresence.agentId, agents.uuid)).where(and(isNotNull(agentPresence.runtimeState), agentVisibilityCondition(scope.organizationId, scope.memberId)));
-}
-/**
-* Chat-first workspace — append-only post-fan-out projection.
-*
-* The single sanctioned extension point on the message hot path. Called
-* from `services/message.ts` AFTER existing fan-out completes, inside the
-* same transaction. Three responsibilities:
-*
-*   1. Mention propagation: increment `unread_mention_count` for mentioned
-*      speaking participants AND for watcher rows whose managed agent was
-*      mentioned. Sender row is excluded.
-*
-*   2. Chats projection: roll forward `chats.last_message_at`,
-*      `chats.last_message_preview`. Powers the conversation list cursor +
-*      sort + preview.
-*
-*   3. Realtime kick: fire-and-forget `pg_notify('chat_message_events', …)`
-*      so admin WS sockets can translate it into a `chat:message` frame.
-*      Failure is swallowed — durable persistence is the correctness path.
-*
-* Strict invariants (see docs/chat-first-workspace-product-design.md
-* "Risk Constraints"):
-*   - This module appends ONLY. Never edits existing fan-out / inbox /
-*     mention-extraction code.
-*   - Watchers (chat_subscriptions) are NEVER added to inbox_entries here.
-*     Their counters are bumped purely as a per-user red-dot signal.
-*   - Mention candidate set is `chat_participants` only; watchers are not
-*     direct `@`-mention targets.
-*/
-let dispatcher = null;
-function registerChatMessageDispatcher(fn) {
-	dispatcher = fn;
-}
-/**
-* Best-effort cross-process kick for the chat-first workspace. Call AFTER
-* the message transaction commits — never inside the tx. Failure logs +
-* drops; web reconnect refetches.
-*
-* Speakers also get an inbox NOTIFY through the existing path. They will
-* receive both, and the web client de-dupes naturally because both end up
-* invalidating the same query keys.
-*/
-function fireChatMessageKick(chatId, messageId) {
-	if (!dispatcher) return;
-	try {
-		dispatcher(chatId, messageId);
-	} catch {}
-}
-/**
-* Apply the post-fan-out projection. MUST be called inside the same
-* transaction as the message INSERT. Safe to call when `mentionedAgentIds`
-* is empty (degenerate case skips the mention UPDATEs).
-*/
-async function applyAfterFanOut(tx, input) {
-	const { chatId, senderId, mentionedAgentIds, contentPreview, messageCreatedAt } = input;
-	const previewClipped = contentPreview.length > 0 ? contentPreview.slice(0, 200) : null;
-	const ts = messageCreatedAt ?? /* @__PURE__ */ new Date();
-	await tx.update(chats).set({
-		lastMessageAt: ts,
-		lastMessagePreview: previewClipped
-	}).where(eq(chats.id, chatId));
-	if (mentionedAgentIds.length === 0) return;
-	await tx.update(chatParticipants).set({ unreadMentionCount: sql`${chatParticipants.unreadMentionCount} + 1` }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, mentionedAgentIds), ne(chatParticipants.agentId, senderId)));
-	const managerHumanAgentIds = (await tx.execute(sql`
-    SELECT DISTINCT m.agent_id AS human_agent_id
-      FROM agents a
-      JOIN members m ON m.id = a.manager_id
-     WHERE a.uuid IN ${makeUuidList(mentionedAgentIds)}
-       AND a.type <> 'human'
-       AND m.status = 'active'
-  `)).map((r) => r.human_agent_id);
-	if (managerHumanAgentIds.length === 0) return;
-	await tx.update(chatSubscriptions).set({ unreadMentionCount: sql`${chatSubscriptions.unreadMentionCount} + 1` }).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, managerHumanAgentIds)));
-}
-/**
-* Build a parenthesised, comma-separated list of bound parameters: `(?, ?, ?)`.
-* Used in raw SQL where drizzle's `inArray` can't be directly applied (e.g.
-* inside a hand-rolled SELECT). Always called with a non-empty list — the
-* caller short-circuits the empty case.
-*/
-function makeUuidList(ids) {
-	return sql`(${sql.join(ids.map((id) => sql`${id}`), sql`, `)})`;
-}
-const log$4 = createLogger$1("message");
-async function sendMessage(db, chatId, senderId, data, options = {}) {
-	return withSpan("inbox.enqueue", messageAttrs({
+	const imageId = inline.imageId ?? randomUUID();
+	const frame = {
+		type: "image_payload",
+		imageId,
 		chatId,
-		senderAgentId: senderId,
-		source: data.source ?? void 0
-	}), () => sendMessageInner(db, chatId, senderId, data, options));
-}
-async function sendMessageInner(db, chatId, senderId, data, options) {
-	const txResult = await db.transaction(async (tx) => {
-		const [participants, [chatRow], [senderRow]] = await Promise.all([
-			tx.select({
-				agentId: chatParticipants.agentId,
-				inboxId: agents.inboxId,
-				mode: chatParticipants.mode,
-				name: agents.name
-			}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId)),
-			tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1),
-			tx.select({
-				inboxId: agents.inboxId,
-				organizationId: agents.organizationId
-			}).from(agents).where(eq(agents.uuid, senderId)).limit(1)
-		]);
-		const chatType = chatRow?.type ?? null;
-		if (!senderRow) throw new NotFoundError(`Sender agent "${senderId}" not found`);
-		if (data.replyToInbox !== void 0 && data.replyToInbox !== null) {
-			if (senderRow.inboxId !== data.replyToInbox) throw new BadRequestError("replyToInbox must reference the sender's own inbox");
-		}
-		const incomingMeta = data.metadata ?? {};
-		const explicitMentionsRaw = incomingMeta.mentions;
-		const explicitMentions = Array.isArray(explicitMentionsRaw) ? explicitMentionsRaw.filter((m) => typeof m === "string") : [];
-		const contentText = typeof data.content === "string" ? data.content : "";
-		const resolved = contentText ? extractMentions(contentText, participants) : [];
-		const mergedMentions = [...new Set([...explicitMentions, ...resolved])];
-		const metadataToStore = mergedMentions.length > 0 ? {
-			...incomingMeta,
-			mentions: mergedMentions
-		} : incomingMeta;
-		if (options.enforceGroupMention && chatType === "group") {
-			if (mergedMentions.filter((id) => id !== senderId).length === 0) throw new BadRequestError("Sending to a group chat requires an explicit @mention. Use `agent send <name>` to message a single agent, or @<name> in the content to address one or more group members.");
-		}
-		let outboundContent = data.content;
-		if (options.normalizeMentionsInContent && typeof outboundContent === "string") {
-			const present = new Set(scanMentionTokens(outboundContent));
-			const missingNames = [];
-			for (const id of mergedMentions) {
-				if (id === senderId) continue;
-				const p = participants.find((q) => q.agentId === id);
-				if (!p?.name) continue;
-				if (present.has(p.name.toLowerCase())) continue;
-				missingNames.push(p.name);
-			}
-			if (missingNames.length > 0) {
-				const prefix = missingNames.map((n) => `@${n}`).join(" ");
-				outboundContent = outboundContent.length > 0 ? `${prefix} ${outboundContent}` : prefix;
-			}
-		}
-		const messageId = randomUUID();
-		const [msg] = await tx.insert(messages).values({
-			id: messageId,
-			chatId,
-			senderId,
-			format: data.format,
-			content: outboundContent,
-			metadata: metadataToStore,
-			replyToInbox: data.replyToInbox ?? null,
-			replyToChat: data.replyToChat ?? null,
-			inReplyTo: data.inReplyTo ?? null,
-			source: data.source ?? null
-		}).returning();
-		const mentionSet = new Set(mergedMentions);
-		const fanout = participants.filter((p) => p.agentId !== senderId).map((p) => ({
-			agentId: p.agentId,
-			inboxId: p.inboxId,
-			notify: p.mode !== "mention_only" || mentionSet.has(p.agentId)
-		}));
-		if (fanout.length > 0) await tx.insert(inboxEntries).values(fanout.map((f) => ({
-			inboxId: f.inboxId,
-			messageId,
-			chatId,
-			notify: f.notify
-		})));
-		const notified = fanout.filter((f) => f.notify);
-		const recipients = notified.map((f) => f.inboxId);
-		const recipientAgentIds = notified.map((f) => f.agentId);
-		if (data.inReplyTo) {
-			const [original] = await tx.select({
-				replyToInbox: messages.replyToInbox,
-				replyToChat: messages.replyToChat
-			}).from(messages).where(eq(messages.id, data.inReplyTo)).limit(1);
-			if (original?.replyToInbox && original?.replyToChat) {
-				await tx.insert(inboxEntries).values({
-					inboxId: original.replyToInbox,
-					messageId,
-					chatId: original.replyToChat
-				}).onConflictDoNothing();
-				if (!recipients.includes(original.replyToInbox)) recipients.push(original.replyToInbox);
-			}
-		}
-		await tx.update(chats).set({ updatedAt: /* @__PURE__ */ new Date() }).where(eq(chats.id, chatId));
-		if (!msg) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		const previewText = typeof outboundContent === "string" ? outboundContent.trim() : "";
-		await applyAfterFanOut(tx, {
-			chatId,
-			messageId: msg.id,
-			senderId,
-			mentionedAgentIds: mergedMentions,
-			contentPreview: previewText,
-			messageCreatedAt: msg.createdAt
-		});
-		return {
-			message: msg,
-			recipients,
-			recipientAgentIds,
-			organizationId: senderRow.organizationId
-		};
-	});
-	const settled = await Promise.allSettled(txResult.recipientAgentIds.map((agentId) => upsertSessionState(db, agentId, chatId, "active", txResult.organizationId, void 0, { touchPresenceLastSeen: false })));
-	for (let i = 0; i < settled.length; i++) {
-		const r = settled[i];
-		if (r?.status === "rejected") log$4.error({
-			err: r.reason,
-			chatId,
-			agentId: txResult.recipientAgentIds[i]
-		}, "predictive session activation failed");
-	}
-	fireChatMessageKick(chatId, txResult.message.id);
-	return {
-		message: txResult.message,
-		recipients: txResult.recipients
+		base64: inline.data,
+		mimeType: inline.mimeType,
+		filename: inline.filename,
+		...inline.size !== void 0 ? { size: inline.size } : {}
 	};
-}
-async function sendToAgent$1(db, senderUuid, targetName, data) {
-	const [sender] = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, senderUuid)).limit(1);
-	if (!sender) throw new NotFoundError(`Agent "${senderUuid}" not found`);
-	const [target] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, sender.organizationId), eq(agents.name, targetName), ne(agents.status, "deleted"))).limit(1);
-	if (!target) throw new NotFoundError(`Agent "${targetName}" not found${/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(targetName) ? " — `agent send` expects an agent NAME, not a uuid. Run `first-tree-hub agent list` to see available names." : ""}`);
-	const chat = await findOrCreateDirectChat(db, senderUuid, target.uuid);
-	const incomingMeta = data.metadata ?? {};
-	const existingMentionsRaw = incomingMeta.mentions;
-	const existingMentions = Array.isArray(existingMentionsRaw) ? existingMentionsRaw.filter((m) => typeof m === "string") : [];
-	const mergedMentions = existingMentions.includes(target.uuid) ? existingMentions : [...existingMentions, target.uuid];
-	const metadata = {
-		...incomingMeta,
-		mentions: mergedMentions
+	const serialised = JSON.stringify(frame);
+	const inboxIds = await collectTargetInboxes(db, chatId, data.inReplyTo);
+	for (const inboxId of inboxIds) notifier.pushFrameToInbox(inboxId, serialised).catch(() => {});
+	const ref = {
+		imageId,
+		mimeType: inline.mimeType,
+		filename: inline.filename,
+		...inline.size !== void 0 ? { size: inline.size } : {}
 	};
-	return sendMessage(db, chat.id, senderUuid, {
-		format: data.format,
-		content: data.content,
-		metadata,
-		replyToInbox: data.replyToInbox,
-		replyToChat: data.replyToChat,
-		source: data.source
-	}, { normalizeMentionsInContent: true });
-}
-async function editMessage(db, chatId, messageId, senderId, data) {
-	const [msg] = await db.select().from(messages).where(eq(messages.id, messageId)).limit(1);
-	if (!msg) throw new NotFoundError(`Message "${messageId}" not found`);
-	if (msg.chatId !== chatId) throw new NotFoundError(`Message "${messageId}" not found in this chat`);
-	if (msg.senderId !== senderId) throw new ForbiddenError("Only the sender can edit a message");
-	const setClause = {};
-	if (data.format !== void 0) setClause.format = data.format;
-	if (data.content !== void 0) setClause.content = data.content;
-	const meta = msg.metadata ?? {};
-	meta.editedAt = (/* @__PURE__ */ new Date()).toISOString();
-	setClause.metadata = meta;
-	const [updated] = await db.update(messages).set(setClause).where(eq(messages.id, messageId)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return updated;
-}
-async function listMessages(db, chatId, limit, cursor) {
-	const where = cursor ? and(eq(messages.chatId, chatId), lt(messages.createdAt, new Date(cursor))) : eq(messages.chatId, chatId);
-	const rows = await db.select().from(messages).where(where).orderBy(desc(messages.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
 	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
+		...data,
+		content: ref
 	};
 }
-const INBOX_CHANNEL = "inbox_notifications";
-const CONFIG_CHANNEL = "config_changes";
-const SESSION_STATE_CHANNEL = "session_state_changes";
-const RUNTIME_STATE_CHANNEL = "runtime_state_changes";
 /**
-* Chat-first workspace cross-process kick. Carries `<chatId>:<messageId>`.
-* Lets admin WS sockets translate every chat message (speaker AND watcher
-* audience) into a `chat:message` frame, without being coupled to the
-* inbox NOTIFY path that only reaches speakers.
+* Mirror `sendMessage`'s fan-out set: every participant of the current
+* chat, plus the original requester's inbox when this message is a cross-
+* chat reply (see `services/message.ts` replyTo routing).
 */
-const CHAT_MESSAGE_CHANNEL = "chat_message_events";
-function createNotifier(listenClient) {
-	const subscriptions = /* @__PURE__ */ new Map();
-	const configChangeHandlers = [];
-	const sessionStateChangeHandlers = [];
-	const runtimeStateChangeHandlers = [];
-	const chatMessageHandlers = [];
-	let unlistenInboxFn = null;
-	let unlistenConfigFn = null;
-	let unlistenSessionStateFn = null;
-	let unlistenRuntimeStateFn = null;
-	let unlistenChatMessageFn = null;
-	function handleNotification(payload) {
-		const sepIdx = payload.indexOf(":");
-		if (sepIdx === -1) return;
-		const inboxId = payload.slice(0, sepIdx);
-		const messageId = payload.slice(sepIdx + 1);
-		const sockets = subscriptions.get(inboxId);
-		if (!sockets) return;
-		const doorbellFrame = JSON.stringify({
-			type: "new_message",
-			inboxId,
-			messageId
-		});
-		for (const [ws, pushHandler] of sockets) {
-			if (ws.readyState !== ws.OPEN) continue;
-			if (pushHandler) Promise.resolve(pushHandler(messageId)).catch(() => {});
-			else ws.send(doorbellFrame);
-		}
+async function collectTargetInboxes(db, chatId, inReplyTo) {
+	const participants = await db.select({ inboxId: agents.inboxId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
+	const set = new Set(participants.map((p) => p.inboxId));
+	if (inReplyTo) {
+		const [original] = await db.select({ replyToInbox: messages.replyToInbox }).from(messages).where(eq(messages.id, inReplyTo)).limit(1);
+		if (original?.replyToInbox) set.add(original.replyToInbox);
 	}
-	return {
-		subscribe(inboxId, ws, pushHandler) {
-			let map = subscriptions.get(inboxId);
-			if (!map) {
-				map = /* @__PURE__ */ new Map();
-				subscriptions.set(inboxId, map);
-			}
-			map.set(ws, pushHandler ?? null);
-		},
-		unsubscribe(inboxId, ws) {
-			const map = subscriptions.get(inboxId);
-			if (map) {
-				map.delete(ws);
-				if (map.size === 0) subscriptions.delete(inboxId);
-			}
-		},
-		async notify(inboxId, messageId) {
-			try {
-				await listenClient`SELECT pg_notify(${INBOX_CHANNEL}, ${`${inboxId}:${messageId}`})`;
-			} catch {}
-		},
-		async notifyConfigChange(configType) {
-			try {
-				await listenClient`SELECT pg_notify(${CONFIG_CHANNEL}, ${configType})`;
-			} catch {}
-		},
-		async notifySessionStateChange(agentId, chatId, state, organizationId) {
-			try {
-				await listenClient`SELECT pg_notify(${SESSION_STATE_CHANNEL}, ${`${agentId}:${chatId}:${state}:${organizationId}`})`;
-			} catch {}
-		},
-		async notifyRuntimeStateChange(agentId, state, organizationId) {
-			try {
-				await listenClient`SELECT pg_notify(${RUNTIME_STATE_CHANNEL}, ${`${agentId}:${state}:${organizationId}`})`;
-			} catch {}
-		},
-		async notifyChatMessage(chatId, messageId) {
-			try {
-				await listenClient`SELECT pg_notify(${CHAT_MESSAGE_CHANNEL}, ${`${chatId}:${messageId}`})`;
-			} catch {}
-		},
-		async pushFrameToInbox(inboxId, frame) {
-			const map = subscriptions.get(inboxId);
-			if (!map) return 0;
-			let queued = 0;
-			const pending = [];
-			for (const ws of map.keys()) {
-				if (ws.readyState !== ws.OPEN) continue;
-				pending.push(new Promise((resolve) => {
-					ws.send(frame, (err) => {
-						if (!err) queued += 1;
-						resolve();
-					});
-				}));
-			}
-			await Promise.all(pending);
-			return queued;
-		},
-		onConfigChange(handler) {
-			configChangeHandlers.push(handler);
-		},
-		onSessionStateChange(handler) {
-			sessionStateChangeHandlers.push(handler);
-		},
-		onRuntimeStateChange(handler) {
-			runtimeStateChangeHandlers.push(handler);
-		},
-		onChatMessage(handler) {
-			chatMessageHandlers.push(handler);
-		},
-		async start() {
-			unlistenInboxFn = (await listenClient.listen(INBOX_CHANNEL, (payload) => {
-				if (payload) handleNotification(payload);
-			})).unlisten;
-			unlistenConfigFn = (await listenClient.listen(CONFIG_CHANNEL, (payload) => {
-				if (payload) for (const handler of configChangeHandlers) handler(payload);
-			})).unlisten;
-			unlistenSessionStateFn = (await listenClient.listen(SESSION_STATE_CHANNEL, (payload) => {
-				if (payload) {
-					const firstSep = payload.indexOf(":");
-					const secondSep = payload.indexOf(":", firstSep + 1);
-					const thirdSep = payload.indexOf(":", secondSep + 1);
-					if (firstSep > 0 && secondSep > firstSep && thirdSep > secondSep) {
-						const agentId = payload.slice(0, firstSep);
-						const chatId = payload.slice(firstSep + 1, secondSep);
-						const state = payload.slice(secondSep + 1, thirdSep);
-						const organizationId = payload.slice(thirdSep + 1);
-						for (const handler of sessionStateChangeHandlers) handler({
-							agentId,
-							chatId,
-							state,
-							organizationId
-						});
-					}
-				}
-			})).unlisten;
-			unlistenRuntimeStateFn = (await listenClient.listen(RUNTIME_STATE_CHANNEL, (payload) => {
-				if (payload) {
-					const firstSep = payload.indexOf(":");
-					const secondSep = payload.indexOf(":", firstSep + 1);
-					if (firstSep > 0 && secondSep > firstSep) {
-						const agentId = payload.slice(0, firstSep);
-						const state = payload.slice(firstSep + 1, secondSep);
-						const organizationId = payload.slice(secondSep + 1);
-						for (const handler of runtimeStateChangeHandlers) handler({
-							agentId,
-							state,
-							organizationId
-						});
-					}
-				}
-			})).unlisten;
-			unlistenChatMessageFn = (await listenClient.listen(CHAT_MESSAGE_CHANNEL, (payload) => {
-				if (!payload) return;
-				const sep = payload.indexOf(":");
-				if (sep <= 0) return;
-				const chatId = payload.slice(0, sep);
-				const messageId = payload.slice(sep + 1);
-				for (const handler of chatMessageHandlers) try {
-					handler({
-						chatId,
-						messageId
-					});
-				} catch {}
-			})).unlisten;
-		},
-		async stop() {
-			if (unlistenInboxFn) {
-				await unlistenInboxFn();
-				unlistenInboxFn = null;
-			}
-			if (unlistenConfigFn) {
-				await unlistenConfigFn();
-				unlistenConfigFn = null;
-			}
-			if (unlistenSessionStateFn) {
-				await unlistenSessionStateFn();
-				unlistenSessionStateFn = null;
-			}
-			if (unlistenRuntimeStateFn) {
-				await unlistenRuntimeStateFn();
-				unlistenRuntimeStateFn = null;
-			}
-			if (unlistenChatMessageFn) {
-				await unlistenChatMessageFn();
-				unlistenChatMessageFn = null;
-			}
-		}
-	};
-}
-/** Fire-and-forget: notify all recipients that a new message is available. */
-function notifyRecipients(notifier, recipients, messageId) {
-	for (const inboxId of recipients) notifier.notify(inboxId, messageId).catch(() => {});
+	return [...set];
 }
 const log$3 = createLogger$1("AgentMessages");
 const editMessageSchema = z.object({
@@ -14704,11 +13774,21 @@ const authIdentities = pgTable("auth_identities", {
 * treats it as a plain string and rejects every password — that's the
 * intended behaviour: SaaS users cannot fall back to password login.
 */
-async function findOrCreateUserFromGithub(db, profile) {
-	const [existing] = await db.select({ userId: authIdentities.userId }).from(authIdentities).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId))).limit(1);
+async function findOrCreateUserFromGithub(db, profile, opts = {}) {
+	const [existing] = await db.select({
+		userId: authIdentities.userId,
+		metadata: authIdentities.metadata
+	}).from(authIdentities).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId))).limit(1);
 	if (existing) {
-		if (profile.email) await db.update(authIdentities).set({
-			email: profile.email,
+		const patch = {};
+		if (profile.email) patch.email = profile.email;
+		if (opts.encryptedAccessToken) patch.metadata = {
+			...existing.metadata ?? {},
+			accessToken: opts.encryptedAccessToken,
+			login: profile.login
+		};
+		if (Object.keys(patch).length > 0) await db.update(authIdentities).set({
+			...patch,
 			updatedAt: /* @__PURE__ */ new Date()
 		}).where(and(eq(authIdentities.provider, "github"), eq(authIdentities.identifier, profile.githubId)));
 		return { userId: existing.userId };
@@ -14724,6 +13804,8 @@ async function findOrCreateUserFromGithub(db, profile) {
 			displayName: profile.displayName?.trim() || profile.login,
 			avatarUrl: profile.avatarUrl ?? null
 		});
+		const metadata = { login: profile.login };
+		if (opts.encryptedAccessToken) metadata.accessToken = opts.encryptedAccessToken;
 		await tx.insert(authIdentities).values({
 			id: uuidv7(),
 			userId,
@@ -14731,7 +13813,7 @@ async function findOrCreateUserFromGithub(db, profile) {
 			identifier: profile.githubId,
 			email: profile.email,
 			verifiedAt: /* @__PURE__ */ new Date(),
-			metadata: { login: profile.login }
+			metadata
 		});
 	});
 	return { userId };
@@ -14813,13 +13895,57 @@ async function exchangeCodeForProfile(config, code, redirectUri, opts = {}) {
 		}
 	}
 	return {
-		githubId: String(user.id),
-		login: user.login,
-		email,
-		displayName: user.name ?? null,
-		avatarUrl: user.avatar_url ?? null
+		profile: {
+			githubId: String(user.id),
+			login: user.login,
+			email,
+			displayName: user.name ?? null,
+			avatarUrl: user.avatar_url ?? null
+		},
+		accessToken: tokenJson.access_token
 	};
 }
+/**
+* Thrown when GitHub's API returns a non-2xx for a token-scoped call.
+* Carries the HTTP status so callers can distinguish auth failures (401 /
+* 403 — typically a stale token or a missing scope after we expanded to
+* `repo`) from transient upstream errors.
+*/
+var GithubApiError = class extends Error {
+	constructor(status, message) {
+		super(message);
+		this.status = status;
+		this.name = "GithubApiError";
+	}
+};
+/**
+* Fetch the authenticated user's accessible repositories. Used by the
+* Step 2 repo picker. Walks paginated GitHub API responses up to the cap.
+*/
+async function listUserRepos(accessToken, opts = {}) {
+	const fetcher = opts.fetcher ?? fetch;
+	const perPage = opts.perPage ?? 100;
+	const maxPages = opts.maxPages ?? 3;
+	const out = [];
+	for (let page = 1; page <= maxPages; page++) {
+		const res = await fetcher(`https://api.github.com/user/repos?affiliation=owner,collaborator,organization_member&sort=pushed&per_page=${perPage}&page=${page}`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/vnd.github+json"
+		} });
+		if (!res.ok) throw new GithubApiError(res.status, `GitHub repo list failed (${res.status})`);
+		const rows = await res.json();
+		for (const r of rows) out.push({
+			fullName: r.full_name,
+			cloneUrl: r.clone_url,
+			htmlUrl: r.html_url,
+			private: r.private,
+			defaultBranch: r.default_branch ?? null,
+			pushedAt: r.pushed_at ?? null
+		});
+		if (rows.length < perPage) break;
+	}
+	return out;
+}
 /** Insert (or reactivate) a `members` row for `userId` in `organizationId`. */
 async function ensureMembership(db, data) {
 	const [existing] = await db.select().from(members).where(and(eq(members.userId, data.userId), eq(members.organizationId, data.organizationId))).limit(1);
@@ -14872,14 +13998,15 @@ function sanitizeAgentName(login) {
 *   - First try: `${login}` (lowercased, sanitized)
 *   - On collision: append a 4-char hex disambiguator
 *
-* Display name is the user's GitHub real name (or login as fallback). No
-* "Personal Team" suffix — the user might invite teammates later, and we
-* don't want a label that reads like a private sandbox to be the team name
-* other members see. Users rename freely via Settings.
+* Default team display name is `${login}'s team` (set by the caller — see
+* docs/new-user-onboarding-design.md §5.5). Reads as "this is a collective
+* space" from day one so a later teammate-invite doesn't surface a label
+* that looks like a private sandbox. Users can rename via Step 1 of the
+* onboarding flow or Settings.
 */
 async function createPersonalTeam(db, input) {
 	const baseSlug = sanitizeOrgSlug(input.loginSeed);
-	const displayName = input.userDisplayName;
+	const displayName = input.teamDisplayName;
 	const orgId = uuidv7();
 	return {
 		organizationId: orgId,
@@ -15136,7 +14263,7 @@ async function githubOauthRoutes(app) {
 			client_id: oauthCfg.clientId,
 			redirect_uri: redirectUri,
 			state: token,
-			scope: "read:user user:email",
+			scope: "read:user user:email repo",
 			allow_signup: "true"
 		});
 		return reply.redirect(`https://github.com/login/oauth/authorize?${params}`, 302);
@@ -15160,17 +14287,20 @@ async function githubOauthRoutes(app) {
 		}));
 		const redirectUri = `${resolvePublicUrl(app, request)}/api/v1/auth/github/callback`;
 		let profile;
+		let accessToken;
 		try {
-			profile = await exchangeCodeForProfile({
+			const result = await exchangeCodeForProfile({
 				clientId: oauthCfg.clientId,
 				clientSecret: oauthCfg.clientSecret
 			}, code, redirectUri);
+			profile = result.profile;
+			accessToken = result.accessToken;
 		} catch (err) {
 			const msg = err instanceof Error ? err.message : "GitHub exchange failed";
 			app.log.warn({ err }, "github oauth code exchange failed");
 			return reply.status(401).send({ error: msg });
 		}
-		return completeOauthFlow(app, request, reply, profile, next);
+		return completeOauthFlow(app, request, reply, profile, next, accessToken);
 	});
 	app.get("/dev-callback", async (request, reply) => {
 		if (process.env.NODE_ENV === "production") return reply.status(404).send({ error: "Not found" });
@@ -15182,11 +14312,12 @@ async function githubOauthRoutes(app) {
 			email: params.email ?? null,
 			displayName: params.displayName ?? params.login,
 			avatarUrl: null
-		}, next);
+		}, next, process.env.DEV_GITHUB_PAT?.trim() || null);
 	});
 }
-async function completeOauthFlow(app, request, reply, profile, next) {
-	const { userId } = await findOrCreateUserFromGithub(app.db, profile);
+async function completeOauthFlow(app, request, reply, profile, next, rawAccessToken) {
+	const encryptedAccessToken = rawAccessToken ? encryptValue(rawAccessToken, app.config.secrets.encryptionKey) : void 0;
+	const { userId } = await findOrCreateUserFromGithub(app.db, profile, { encryptedAccessToken });
 	let joinPath = "returning";
 	const inviteMatch = /^\/invite\/([^/?#]+)/.exec(next);
 	let resolved = false;
@@ -15212,14 +14343,21 @@ async function completeOauthFlow(app, request, reply, profile, next) {
 		next = "/";
 	} else if (await pickPrimaryMembership(app.db, userId)) resolved = true;
 	else {
-		await createPersonalTeam(app.db, {
+		const personal = await createPersonalTeam(app.db, {
 			userId,
 			loginSeed: profile.login,
+			teamDisplayName: `${profile.login}'s team`,
 			userDisplayName: profile.displayName?.trim() || profile.login
 		});
 		joinPath = "solo";
 		resolved = true;
 		next = "/";
+		app.log.info({
+			event: "onboarding.team_created",
+			userId,
+			organizationId: personal.organizationId,
+			source: "oauth-bootstrap"
+		}, "onboarding funnel: team auto-created at OAuth bootstrap");
 	}
 	if (!resolved) return reply.status(500).send({ error: "Failed to resolve membership" });
 	const tokens = await signTokensForUser(app.config.secrets.jwtSecret, userId, app.config.auth);
@@ -15457,6 +14595,7 @@ async function transitionSessionState(db, agentId, chatId, target, from, organiz
 			totalSessions: counts?.total ?? 0,
 			lastSeenAt: now
 		}).where(eq(agentPresence.agentId, agentId));
+		if (target === "evicted") await markSupersededByChat(tx, chatId, "chat_archived");
 		finalState = target;
 		transitioned = true;
 	});
@@ -15943,6 +15082,28 @@ async function chatRoutes(app) {
 			createdAt: result.message.createdAt.toISOString()
 		});
 	});
+	/**
+	* POST /chats/:chatId/questions/:correlationId/answer — submit an answer
+	* to a pending agent-emitted question. Caller speaks as their human agent;
+	* the answer is fanned out as a `format=question_answer` message back to
+	* the original agent's inbox so the in-flight `canUseTool` callback can
+	* resolve. Returns 409 if already answered or superseded.
+	*/
+	app.post("/:chatId/questions/:correlationId/answer", { config: { otelRecordBody: false } }, async (request, reply) => {
+		const { scope } = await requireChatAccess(request, app.db);
+		const body = submitQuestionAnswerSchema.parse(request.body);
+		await ensureParticipant$1(app.db, request.params.chatId, scope.humanAgentId);
+		const result = await submitAnswer(app.db, app.notifier, {
+			correlationId: request.params.correlationId,
+			chatId: request.params.chatId,
+			submitterAgentId: scope.humanAgentId,
+			answers: body.answers
+		});
+		return reply.status(201).send({
+			correlationId: request.params.correlationId,
+			messageId: result.messageId
+		});
+	});
 	/** POST /chats/:chatId/read — chat-first-workspace read cursor. Idempotent. */
 	app.post("/:chatId/read", async (request) => {
 		const { scope } = await requireChatAccess(request, app.db);
@@ -16124,6 +15285,11 @@ function applyInputDelta(namespace, current, input, encryptionKey) {
 		const inp = input;
 		return { webhookSecretCipher: inp.webhookSecret === void 0 ? cur.webhookSecretCipher : inp.webhookSecret === null ? void 0 : ensureEncrypted(inp.webhookSecret, encryptionKey) };
 	}
+	if (namespace === "source_repos") {
+		const cur = current;
+		const inp = input;
+		return { repos: inp.repos === void 0 ? cur.repos : inp.repos };
+	}
 	return namespace;
 }
 /**
@@ -16147,6 +15313,7 @@ function toOutput(namespace, storage) {
 			webhookUrl: ""
 		};
 	}
+	if (namespace === "source_repos") return { repos: storage.repos };
 	return namespace;
 }
 /**
@@ -16265,8 +15432,11 @@ const MAX_MARKDOWN_FILES = 1e3;
 const MAX_MARKDOWN_FILE_BYTES = 512 * 1024;
 const SNAPSHOT_CACHE_TTL_MS = 3e4;
 const GIT_TIMEOUT_MS = 5e3;
+const GIT_SYNC_TIMEOUT_MS = 12e4;
 const GIT_MAX_BUFFER = 10 * 1024 * 1024;
 const GIT_LOG_RECORD_SEPARATOR = "";
+const REMOTE_SYNC_TTL_MS = 6e4;
+const REMOTE_FAILURE_TTL_MS = 3e4;
 const CONTEXT_TREE_SNAPSHOT_WINDOWS = {
 	ONE_DAY: "1d",
 	SEVEN_DAYS: "7d",
@@ -16278,10 +15448,14 @@ const WINDOW_DAYS = {
 	"30d": 30
 };
 const snapshotCache = /* @__PURE__ */ new Map();
+const remoteSyncPromises = /* @__PURE__ */ new Map();
+const remoteLastSyncedAt = /* @__PURE__ */ new Map();
+const remoteLastSyncWarnings = /* @__PURE__ */ new Map();
+const remoteLastFailures = /* @__PURE__ */ new Map();
 async function getContextTreeSnapshot(binding, window = CONTEXT_TREE_SNAPSHOT_WINDOWS.SEVEN_DAYS) {
 	const repo = binding.repo ?? null;
 	const branch = binding.branch ?? null;
-	const resolved = resolveContextTreeRoot(repo, binding.localPath);
+	const resolved = await resolveContextTreeRoot(repo, binding.localPath, branch, binding.githubToken);
 	if (!resolved.root) return unavailableSnapshot(repo, branch, resolved.reason);
 	const now = (/* @__PURE__ */ new Date()).toISOString();
 	try {
@@ -16291,14 +15465,13 @@ async function getContextTreeSnapshot(binding, window = CONTEXT_TREE_SNAPSHOT_WI
 			"--abbrev-ref",
 			"HEAD"
 		]);
-		if (branch && actualBranch && actualBranch !== branch) return unavailableSnapshot(repo, actualBranch, `Context Tree checkout is on branch "${actualBranch}", but server config expects "${branch}".`);
+		if (branch && actualBranch && actualBranch !== branch) return unavailableSnapshot(repo, actualBranch, `Context Tree checkout is on branch "${actualBranch}", but the configured Context Tree branch is "${branch}".`);
 		const comparisonBaseCommit = await comparisonBaseForWindow(resolved.root, window);
 		const cacheKey = snapshotCacheKey(resolved.root, actualBranch ?? branch, headCommit, comparisonBaseCommit, window);
 		const cached = snapshotCache.get(cacheKey);
-		if (cached && cached.expiresAt > Date.now()) return {
-			...cached.snapshot,
-			syncedAt: now
-		};
+		if (cached && cached.expiresAt > Date.now()) {
+			if (!(cached.snapshot.snapshotStatus === "stale" && !resolved.staleReason)) return withSnapshotStatus(cached.snapshot, now, statusWarningFromResolved(resolved.staleReason, null));
+		}
 		const tree = buildTree(await readMarkdownFiles(resolved.root));
 		const diffResult = comparisonBaseCommit ? await readDiffEntries(resolved.root, comparisonBaseCommit, headCommit) : {
 			entries: [],
@@ -16308,18 +15481,14 @@ async function getContextTreeSnapshot(binding, window = CONTEXT_TREE_SNAPSHOT_WI
 		const nodesWithGhosts = addRemovedGhostNodes(applyChangesToNodes(tree.nodes, changes), changes);
 		const summary = summarizeChanges(changes);
 		const updates = buildUpdates(changes, nodesWithGhosts);
-		const statusWarning = contextStatusWarning(diffResult.truncated);
+		const statusWarning = statusWarningFromResolved(resolved.staleReason, diffResult.truncated);
 		const snapshot = {
 			repo,
 			branch: actualBranch ?? branch,
 			headCommit,
 			syncedAt: now,
-			snapshotStatus: "active",
-			contextStatus: {
-				label: statusWarning ? "Team context needs attention" : "Team context is current",
-				detail: statusWarning ?? "Agents have a synced team context snapshot available.",
-				severity: statusWarning ? "warning" : "ok"
-			},
+			snapshotStatus: statusWarning?.stale ? "stale" : "active",
+			contextStatus: contextStatus(statusWarning),
 			summary,
 			updates,
 			nodes: nodesWithGhosts,
@@ -16344,31 +15513,249 @@ function snapshotCacheKey(root, branch, headCommit, comparisonBase, window) {
 		window
 	].join(":");
 }
-function contextStatusWarning(truncated) {
-	if (truncated) return `Showing the first ${MAX_DIFF_ENTRIES} changed files.`;
+function statusWarningFromResolved(staleReason, truncated) {
+	if (staleReason) return {
+		detail: `${staleReason}${truncated ? ` Showing the first ${MAX_DIFF_ENTRIES} changed files.` : ""}`,
+		stale: true
+	};
+	if (truncated) return {
+		detail: `Showing the first ${MAX_DIFF_ENTRIES} changed files.`,
+		stale: false
+	};
 	return null;
 }
-function resolveContextTreeRoot(repo, localPath) {
-	const candidate = localPath && localPath.trim().length > 0 ? localPath : repo;
-	if (!candidate) return {
+async function resolveContextTreeRoot(repo, localPath, branch, githubToken) {
+	if (localPath && localPath.trim().length > 0) {
+		const root = resolveLocalPath(localPath);
+		if (existsSync(root)) return {
+			root,
+			reason: "ok",
+			staleReason: null
+		};
+		return {
+			root: null,
+			reason: `Context Tree checkout not found at ${root}.`,
+			staleReason: null
+		};
+	}
+	if (!repo) return {
 		root: null,
-		reason: "Context Tree is not configured."
+		reason: "Context Tree is not configured.",
+		staleReason: null
 	};
-	const normalized = candidate.startsWith("file://") ? candidate.slice(7) : candidate;
-	const root = isAbsolute(normalized) ? normalize(normalized) : resolve(process.cwd(), normalized);
+	if (isRemoteRepo(repo)) {
+		const resolvedBranch = branch ?? "main";
+		if (!isSafeBranchName(resolvedBranch)) return {
+			root: null,
+			reason: `Configured Context Tree branch "${resolvedBranch}" is invalid.`,
+			staleReason: null
+		};
+		try {
+			const materialized = await materializeRemoteContextTree(repo, resolvedBranch, void 0, githubToken);
+			return {
+				root: materialized.root,
+				reason: "ok",
+				staleReason: materialized.staleReason
+			};
+		} catch (error) {
+			return {
+				root: null,
+				reason: `Hub could not sync the configured Context Tree repo. Check repo access and branch "${resolvedBranch}". ${errorMessage(error)}`,
+				staleReason: null
+			};
+		}
+	}
+	const root = resolveLocalPath(repo);
 	if (existsSync(root)) return {
 		root,
-		reason: "ok"
+		reason: "ok",
+		staleReason: null
 	};
-	if (/^https?:\/\//.test(normalized) || /^[^/]+\/[^/]+$/.test(normalized)) return {
+	return {
 		root: null,
-		reason: "Context Tree repo is configured as a remote URL. Set FIRST_TREE_HUB_CONTEXT_TREE_PATH to a readable local checkout for this version."
+		reason: `Context Tree checkout not found at ${root}.`,
+		staleReason: null
+	};
+}
+function resolveLocalPath(value) {
+	const normalized = value.startsWith("file://") ? value.slice(7) : value;
+	return isAbsolute(normalized) ? normalize(normalized) : resolve(process.cwd(), normalized);
+}
+function isRemoteRepo(value) {
+	return /^https?:\/\//.test(value) || /^file:\/\//.test(value) || /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/.test(value);
+}
+function normalizeRemoteRepoUrl(value) {
+	if (/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/.test(value)) return `https://github.com/${value}`;
+	return value;
+}
+function managedContextTreeCacheRoot() {
+	return join(DEFAULT_DATA_DIR$1, "context-tree-repos");
+}
+function managedContextTreePath(repoUrl, branch, cacheRoot = managedContextTreeCacheRoot()) {
+	return join(cacheRoot, createHash("sha256").update(`${repoUrl}\0${branch}`).digest("hex"));
+}
+async function materializeRemoteContextTree(repo, branch, cacheRoot = managedContextTreeCacheRoot(), githubToken) {
+	const repoUrl = normalizeRemoteRepoUrl(repo);
+	const root = managedContextTreePath(repoUrl, branch, cacheRoot);
+	const lastSyncedAt = remoteLastSyncedAt.get(root);
+	if (lastSyncedAt && Date.now() - lastSyncedAt < REMOTE_SYNC_TTL_MS && existsSync(join(root, ".git"))) return {
+		root,
+		staleReason: remoteLastSyncWarnings.get(root) ?? null
+	};
+	const lastFailure = remoteLastFailures.get(root);
+	if (lastFailure && Date.now() - lastFailure.failedAt < REMOTE_FAILURE_TTL_MS && !existsSync(join(root, ".git"))) throw new Error(lastFailure.reason);
+	const existing = remoteSyncPromises.get(root);
+	if (existing) return {
+		root,
+		staleReason: (await existing).staleReason
+	};
+	const syncPromise = syncRemoteContextTree(repoUrl, branch, root, cacheRoot, githubToken);
+	remoteSyncPromises.set(root, syncPromise);
+	try {
+		const syncResult = await syncPromise;
+		remoteLastSyncedAt.set(root, Date.now());
+		remoteLastFailures.delete(root);
+		if (syncResult.staleReason) remoteLastSyncWarnings.set(root, syncResult.staleReason);
+		else remoteLastSyncWarnings.delete(root);
+		return {
+			root,
+			staleReason: syncResult.staleReason
+		};
+	} catch (error) {
+		if (!existsSync(join(root, ".git"))) remoteLastFailures.set(root, {
+			failedAt: Date.now(),
+			reason: `Previous Context Tree sync failed recently. ${errorMessage(error)}`
+		});
+		throw error;
+	} finally {
+		remoteSyncPromises.delete(root);
+	}
+}
+async function syncRemoteContextTree(repoUrl, branch, root, cacheRoot, githubToken) {
+	await mkdir(cacheRoot, { recursive: true });
+	const env = await gitAuthEnv(repoUrl, cacheRoot, githubToken);
+	if (!existsSync(join(root, ".git"))) {
+		await rm(root, {
+			recursive: true,
+			force: true
+		});
+		await gitOutput(cacheRoot, [
+			"clone",
+			"--branch",
+			branch,
+			"--single-branch",
+			repoUrl,
+			root
+		], {
+			timeout: GIT_SYNC_TIMEOUT_MS,
+			env,
+			disableHooks: true
+		});
+		return { staleReason: null };
+	}
+	try {
+		await gitOutput(root, [
+			"remote",
+			"set-url",
+			"origin",
+			repoUrl
+		], {
+			timeout: GIT_TIMEOUT_MS,
+			disableHooks: true
+		});
+		await gitOutput(root, [
+			"fetch",
+			"origin",
+			branch,
+			"--prune"
+		], {
+			timeout: GIT_SYNC_TIMEOUT_MS,
+			env,
+			disableHooks: true
+		});
+		await gitOutput(root, [
+			"checkout",
+			"-B",
+			branch,
+			`origin/${branch}`
+		], {
+			timeout: GIT_TIMEOUT_MS,
+			disableHooks: true
+		});
+		return { staleReason: null };
+	} catch (error) {
+		if (existsSync(join(root, ".git"))) return { staleReason: `Showing the last synced Context Tree snapshot because Hub could not refresh the configured repo. ${errorMessage(error)}` };
+		throw error;
+	}
+}
+async function gitAuthEnv(repoUrl, cacheRoot, githubToken) {
+	if (!githubToken || !isGithubHttpsRepo(repoUrl)) return void 0;
+	const askpassPath = join(cacheRoot, ".tools", "git-askpass.sh");
+	if (!existsSync(askpassPath)) {
+		await mkdir(dirname(askpassPath), { recursive: true });
+		await writeFile(askpassPath, [
+			"#!/bin/sh",
+			"case \"$1\" in",
+			"*Username*) printf \"%s\\n\" \"$GIT_USERNAME\" ;;",
+			"*) printf \"%s\\n\" \"$GIT_PASSWORD\" ;;",
+			"esac",
+			""
+		].join("\n"), "utf8");
+		await chmod(askpassPath, 448);
+	}
+	return {
+		...process.env,
+		GIT_ASKPASS: askpassPath,
+		GIT_TERMINAL_PROMPT: "0",
+		GIT_USERNAME: "x-access-token",
+		GIT_PASSWORD: githubToken
+	};
+}
+function isGithubHttpsRepo(repoUrl) {
+	try {
+		const url = new URL(repoUrl);
+		return url.protocol === "https:" && url.hostname.toLowerCase() === "github.com";
+	} catch {
+		return false;
+	}
+}
+function contextStatus(warning) {
+	if (warning?.stale) return {
+		label: "Team context is stale",
+		detail: warning.detail,
+		severity: "warning"
+	};
+	if (warning) return {
+		label: "Team context needs attention",
+		detail: warning.detail,
+		severity: "warning"
 	};
 	return {
-		root: null,
-		reason: `Context Tree checkout not found at ${root}.`
+		label: "Team context is current",
+		detail: "Agents have a synced team context snapshot available.",
+		severity: "ok"
+	};
+}
+function withSnapshotStatus(snapshot, syncedAt, warning) {
+	return {
+		...snapshot,
+		syncedAt,
+		snapshotStatus: warning?.stale ? "stale" : snapshot.snapshotStatus,
+		contextStatus: warning ? contextStatus(warning) : snapshot.contextStatus
 	};
 }
+function isSafeBranchName(branch) {
+	if (branch.startsWith("-")) return false;
+	if (branch.includes("..") || branch.includes("@{") || branch.includes("\\")) return false;
+	return /^[A-Za-z0-9._/-]+$/.test(branch);
+}
+function errorMessage(error) {
+	if (!(error instanceof Error) || error.message.trim().length === 0) return "";
+	return redactSecret(error.message.trim().split("\n")[0] ?? "");
+}
+function redactSecret(message) {
+	return message.replace(/(https?:\/\/)[^/@\s]+@/g, "$1[redacted]@").replace(/\bghp_[A-Za-z0-9_]+/g, "[redacted]").replace(/\bgithub_pat_[A-Za-z0-9_]+/g, "[redacted]");
+}
 function unavailableSnapshot(repo, branch, detail) {
 	return {
 		repo,
@@ -16393,11 +15780,16 @@ function unavailableSnapshot(repo, branch, detail) {
 		changes: []
 	};
 }
-async function gitOutput(cwd, args) {
-	const { stdout } = await execFileAsync("git", args, {
+async function gitOutput(cwd, args, options) {
+	const { stdout } = await execFileAsync("git", options?.disableHooks ? [
+		"-c",
+		"core.hooksPath=/dev/null",
+		...args
+	] : args, {
 		cwd,
-		timeout: GIT_TIMEOUT_MS,
-		maxBuffer: GIT_MAX_BUFFER
+		timeout: options?.timeout ?? GIT_TIMEOUT_MS,
+		maxBuffer: GIT_MAX_BUFFER,
+		env: options?.env
 	});
 	return stdout.trim();
 }
@@ -16955,10 +16347,40 @@ async function contextTreeSnapshotRoutes(app) {
 		const query = querySchema.parse(request.query);
 		const { userId } = requireUser(request);
 		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
-		const snapshot = await getContextTreeSnapshot(orgId ? await getOrgContextTree(app.db, orgId) : {}, query.window ?? "7d");
+		const binding = orgId ? await getOrgContextTree(app.db, orgId) : {};
+		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		const snapshot = await getContextTreeSnapshot({
+			...binding,
+			githubToken
+		}, query.window ?? "7d");
 		return contextTreeSnapshotSchema.parse(snapshot);
 	});
 }
+function contextTreeGithubTokenForRepo(repo, syncConfig) {
+	if (!repo || !syncConfig?.githubToken) return void 0;
+	const repoKey = githubRepoKey(repo);
+	if (!repoKey) return void 0;
+	return new Set((syncConfig.githubTokenRepos ?? "").split(",").map((entry) => normalizeGithubRepoKey(entry)).filter((entry) => entry !== null)).has(repoKey) ? syncConfig.githubToken : void 0;
+}
+function githubRepoKey(value) {
+	const shorthand = normalizeGithubRepoKey(value);
+	if (shorthand) return shorthand;
+	let url;
+	try {
+		url = new URL(value);
+	} catch {
+		return null;
+	}
+	if (url.protocol !== "https:" || url.hostname.toLowerCase() !== "github.com") return null;
+	if (url.username || url.password) return null;
+	return normalizeGithubRepoKey(url.pathname.replace(/^\/+/, ""));
+}
+function normalizeGithubRepoKey(value) {
+	const trimmed = value.trim().replace(/^\/+/, "").replace(/\.git$/i, "");
+	const match = /^([A-Za-z0-9_.-]+)\/([A-Za-z0-9_.-]+)$/.exec(trimmed);
+	if (!match) return null;
+	return `${match[1]?.toLowerCase()}/${match[2]?.toLowerCase()}`;
+}
 /**
 * Resolve the client IP for rate-limit attribution.
 *
@@ -17060,7 +16482,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-DWlyNb8x-BvXubk24.mjs");
+	const { previewInvitation } = await import("./invitation-C299fxkP-KyCNax4T.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -17083,7 +16505,8 @@ async function meRoutes(app) {
 			id: users.id,
 			username: users.username,
 			displayName: users.displayName,
-			avatarUrl: users.avatarUrl
+			avatarUrl: users.avatarUrl,
+			onboardingDismissedAt: users.onboardingDismissedAt
 		}).from(users).where(eq(users.id, userId)).limit(1);
 		const memberships = await listActiveMemberships(app.db, userId);
 		const defaultMembership = pickDefaultMembership(memberships.map((m) => ({
@@ -17098,7 +16521,7 @@ async function meRoutes(app) {
 				if (inv) inviteUrl = buildInviteUrl(resolvePublicUrl(app, request), inv.token);
 			}
 		}
-		const wizardStep = await inferWizardStep(app, userId);
+		const onboardingStep = await inferOnboardingStep(app, userId);
 		return {
 			user: user ?? null,
 			defaultOrganizationId: defaultOrgId,
@@ -17109,11 +16532,93 @@ async function meRoutes(app) {
 				role: mb.role,
 				agentId: mb.agentId
 			})),
-			wizard: { step: wizardStep },
+			onboarding: {
+				step: onboardingStep,
+				dismissedAt: user?.onboardingDismissedAt ? user.onboardingDismissedAt.toISOString() : null
+			},
 			inviteUrl
 		};
 	});
 	/**
+	* PATCH /me/onboarding — currently the only mutable field is
+	* `dismissed`, set when the user clicks `✕` on the onboarding stepper.
+	* Stamping NOW() server-side avoids client-clock skew. Idempotent: a
+	* second PATCH leaves the original timestamp in place.
+	*
+	* See docs/new-user-onboarding-design.md §8.4.
+	*/
+	app.patch("/me/onboarding", async (request, reply) => {
+		const { userId } = requireUser(request);
+		const body = patchOnboardingSchema.parse(request.body);
+		if (body.dismissed === true) {
+			if ((await app.db.update(users).set({ onboardingDismissedAt: /* @__PURE__ */ new Date() }).where(and(eq(users.id, userId), isNull(users.onboardingDismissedAt))).returning({ id: users.id })).length > 0) app.log.info({
+				event: "onboarding.dismissed",
+				userId
+			}, "onboarding funnel: stepper dismissed");
+		} else if (body.dismissed === false) await app.db.update(users).set({ onboardingDismissedAt: null }).where(eq(users.id, userId));
+		const [u] = await app.db.select({ onboardingDismissedAt: users.onboardingDismissedAt }).from(users).where(eq(users.id, userId)).limit(1);
+		return reply.status(200).send({ dismissedAt: u?.onboardingDismissedAt ? u.onboardingDismissedAt.toISOString() : null });
+	});
+	/**
+	* POST /me/onboarding/events — web-side onboarding funnel reporter.
+	* Server-side milestones (`team_created` at OAuth, `dismissed` on PATCH)
+	* are emitted directly; this endpoint surfaces the web-driven ones into
+	* the same log stream so a single funnel query covers the full flow.
+	* Body shape is enum-validated so the server won't log arbitrary names.
+	*
+	* Rate-limited to keep a buggy or hostile authenticated tab from
+	* flooding the log stream. The cap is generous relative to legitimate
+	* funnel traffic (≤ 4 events per onboarding pass).
+	*/
+	app.post("/me/onboarding/events", { config: { rateLimit: {
+		max: 60,
+		timeWindow: "1 minute"
+	} } }, async (request, reply) => {
+		const { userId } = requireUser(request);
+		const body = onboardingEventSchema.parse(request.body);
+		app.log.info({
+			...body.attrs ?? {},
+			event: `onboarding.${body.event}`,
+			userId
+		}, `onboarding funnel: ${body.event}`);
+		return reply.status(204).send();
+	});
+	/**
+	* GET /me/github/repos — list the caller's accessible GitHub repos. Used
+	* by the Step 2 onboarding repo picker. The OAuth access token was
+	* captured at sign-in (encrypted at rest in `auth_identities.metadata`)
+	* so this endpoint avoids a second redirect.
+	*
+	* 503 if the user has no GitHub identity bound or the token wasn't
+	* captured (e.g. dev-callback sign-in or pre-redesign user). The web
+	* client falls back to a "Reconnect GitHub" hint in that case.
+	*/
+	app.get("/me/github/repos", async (request, reply) => {
+		const { userId } = requireUser(request);
+		const [identity] = await app.db.select({ metadata: authIdentities.metadata }).from(authIdentities).where(and(eq(authIdentities.userId, userId), eq(authIdentities.provider, "github"))).limit(1);
+		const encrypted = identity?.metadata && typeof identity.metadata === "object" && "accessToken" in identity.metadata ? identity.metadata.accessToken : void 0;
+		if (typeof encrypted !== "string" || !encrypted) return reply.status(503).send({ error: "GitHub access token unavailable — please reconnect your account" });
+		let token;
+		try {
+			token = decryptValue(encrypted, app.config.secrets.encryptionKey);
+		} catch {
+			return reply.status(503).send({ error: "GitHub access token could not be decoded — please reconnect" });
+		}
+		try {
+			return { repos: await listUserRepos(token) };
+		} catch (err) {
+			app.log.warn({
+				err,
+				userId
+			}, "list github repos failed");
+			if (err instanceof GithubApiError && (err.status === 401 || err.status === 403)) return reply.status(403).send({
+				error: "GitHub access token is missing the `repo` scope. Please reconnect your GitHub account.",
+				code: "scope_missing"
+			});
+			return reply.status(502).send({ error: "Couldn't reach GitHub. Try again, or reconnect your GitHub account." });
+		}
+	});
+	/**
 	* POST /me/connect-tokens — short-lived connect token for the CLI.
 	* The token now carries only `sub = userId`; the CLI rejoins via
 	* `exchangeConnectToken` which probes `members` realtime.
@@ -17157,7 +16662,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-By1K4VVT-DuI6EnSh.mjs");
+		const { listMyPinnedAgents } = await import("./client-BhCtO2df-BGOu-rRN.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -17263,24 +16768,24 @@ async function meRoutes(app) {
 		return reply.status(204).send();
 	});
 	/**
-	* GET /me/wizard-step — bare endpoint for clients that don't want the
-	* full /me payload. Same logic as inferWizardStep below.
+	* GET /me/onboarding-step — bare endpoint for clients that don't want the
+	* full /me payload. Same logic as inferOnboardingStep below.
 	*/
-	app.get("/me/wizard-step", async (request) => {
+	app.get("/me/onboarding-step", async (request) => {
 		const { userId } = requireUser(request);
-		return { step: await inferWizardStep(app, userId) };
+		return { step: await inferOnboardingStep(app, userId) };
 	});
 }
 /**
-* Infer the onboarding wizard step from the *user-level* facts:
+* Infer the onboarding step from the *user-level* facts:
 *   - has at least one client → past "connect"
 *   - manages at least one non-human active agent (any org) → past "create_agent"
 *
 * Critically: the join from agents → members → userId means a user with
-* memberships across multiple orgs has the wizard satisfied as soon as ANY
+* memberships across multiple orgs has onboarding satisfied as soon as ANY
 * org has a non-human agent — matching the user-level mental model.
 */
-async function inferWizardStep(app, userId) {
+async function inferOnboardingStep(app, userId) {
 	const [hasClient] = await app.db.select({ id: clients.id }).from(clients).where(eq(clients.userId, userId)).limit(1);
 	if (!hasClient) return "connect";
 	const [hasAgent] = await app.db.select({ uuid: agents.uuid }).from(agents).innerJoin(members, eq(members.id, agents.managerId)).where(and(eq(members.userId, userId), eq(members.status, "active"), ne(agents.type, "human"), eq(agents.status, "active"))).limit(1);
@@ -17888,14 +17393,18 @@ async function orgSessionRoutes(app) {
 * adding a new config group only requires registering it there — no new
 * route file.
 *
-* All three verbs are admin-only. Even GET, because the masked output
-* still leaks "configured / not-configured" booleans for secret fields,
-* which we don't want to expose to non-admin members.
+* GET gating is per-namespace via `readPolicy` in the registry: namespaces
+* with no secret fields (`context_tree`, `source_repos`) are readable by
+* any active org member, so an invitee can see what tree and repos the
+* team is bound to before joining the chat. Namespaces whose masked output
+* still leaks a `…Configured` boolean (`github_integration`) stay
+* admin-only. PUT and DELETE are always admin-only regardless of
+* namespace — non-admins must never mutate org-wide config.
 */
 async function orgSettingsRoutes(app) {
 	app.get("/:namespace", async (request) => {
-		const scope = await requireOrgAdmin(request, app.db);
 		const namespace = parseNamespace(request.params.namespace);
+		const scope = ORG_SETTINGS_NAMESPACES$1[namespace].readPolicy === "member" ? await requireOrgMembership(request, app.db) : await requireOrgAdmin(request, app.db);
 		return enrichOutput(namespace, await getOrgSetting(app.db, scope.organizationId, namespace), scope.organizationId, app.config.server.publicUrl);
 	});
 	app.put("/:namespace", { config: { otelRecordBody: true } }, async (request) => {
@@ -18735,6 +18244,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	notifications: () => notifications,
 	organizationSettings: () => organizationSettings,
 	organizations: () => organizations,
+	pendingQuestions: () => pendingQuestions,
 	serverInstances: () => serverInstances,
 	sessionEvents: () => sessionEvents,
 	taskChats: () => taskChats,
@@ -20396,7 +19906,7 @@ async function startServer(options) {
 		instanceId: `srv_${randomUUID().slice(0, 8)}`,
 		commandVersion: COMMAND_VERSION
 	};
-	const { initTelemetry, shutdownTelemetry } = await import("./observability-CYsdAcoF.mjs");
+	const { initTelemetry, shutdownTelemetry } = await import("./observability-eLA9iNK_.mjs");
 	await initTelemetry(serverConfig.observability.tracing, config.instanceId);
 	const app = await buildApp(config);
 	const SHUTDOWN_FORCE_EXIT_MS = 8e3;