@agent-team-foundation/first-tree-hub 0.11.5 → 0.12.2

package/dist/{saas-connect-CO554S-V.mjs → saas-connect-_2M4kfPR.mjs}

@@ -1,11 +1,11 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
-import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, f as messageAttrs, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-gw1ODB_o.mjs";
+import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
 import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C_K2CKXC.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as loginSchema, A as createAgentSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateChatSchema, D as contextTreeSnapshotSchema, Dt as updateTaskStatusSchema, E as connectTokenExchangeSchema, Et as updateOrganizationSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as wsAuthFrameSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as updateAgentSchema, T as clientRegisterSchema, Tt as updateMemberSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionStateMessageSchema, a as AGENT_STATUSES, at as rebindAgentSchema, b as agentBindRequestSchema, bt as updateAdapterConfigSchema, ct as safeRedirectPath, d as TASK_CREATOR_TYPES, dt as sendMessageSchema, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as sendToAgentSchema, g as addMeChatParticipantsSchema, gt as sessionReconcileRequestSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionEventSchema$1, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, k as createAdapterMappingSchema, l as MENTION_REGEX, lt as scanMentionTokens, m as TASK_TERMINAL_STATUSES, mt as sessionEventMessageSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, ot as refreshTokenSchema, p as TASK_STATUSES, pt as sessionCompletionMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as runtimeStateMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as selfServiceFeishuBotSchema, v as adminCreateTaskSchema, vt as stripCode, wt as updateClientCapabilitiesSchema, x as agentPinnedMessageSchema$1, xt as updateAgentRuntimeConfigSchema, y as adminUpdateTaskSchema, yt as taskListQuerySchema, z as extractMentions } from "./dist-CfvCT4E0.mjs";
+import { $ as loginSchema, A as createAgentSchema, At as updateTaskStatusSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateAdapterConfigSchema, D as contextTreeSnapshotSchema, Dt as updateClientCapabilitiesSchema, E as connectTokenExchangeSchema, Et as updateChatSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as updateMemberSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as taskListQuerySchema, T as clientRegisterSchema, Tt as updateAgentSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionEventSchema$1, a as AGENT_STATUSES, b as agentBindRequestSchema, bt as stripCode, ct as refreshTokenSchema, d as TASK_CREATOR_TYPES, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as selfServiceFeishuBotSchema, g as addMeChatParticipantsSchema, gt as sessionEventMessageSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionCompletionMessageSchema, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, jt as wsAuthFrameSchema, k as createAdapterMappingSchema, kt as updateOrganizationSchema, l as MENTION_REGEX, lt as runtimeStateMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sendToAgentSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, p as TASK_STATUSES, pt as sendMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as rebindAgentSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as safeRedirectPath, v as adminCreateTaskSchema, vt as sessionReconcileRequestSchema, wt as updateAgentRuntimeConfigSchema, x as agentPinnedMessageSchema$1, xt as submitQuestionAnswerSchema, y as adminUpdateTaskSchema, yt as sessionStateMessageSchema } from "./dist-DHHd2dar.mjs";
 import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
-import { C as retireClient, D as touchAgent, E as setRuntimeState, O as unbindAgent, S as registerClient, T as setOffline, _ as listClients, a as claimClient, b as markStaleAgents, c as clients, d as getClient, f as getOnlineCount, g as listActiveAgentsPinnedToClient, h as heartbeatInstance, i as bindAgent, k as updateClientCapabilities, l as deriveAuthState, m as heartbeatClient, n as agents, o as cleanupStaleClients, p as getPresence, r as assertClientOwner, s as cleanupStalePresence, t as agentPresence, u as disconnectClient, v as listClientsForOrgAdmin, w as serverInstances, x as members } from "./client-DqdGiggm-NQoGZ2vM.mjs";
-import { n as init_esm, r as trace, t as esm_exports } from "./esm-Ci8E1Gtj.mjs";
+import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
+import { $ as pendingQuestions, A as heartbeatClient, B as listAgentsWithRuntime, C as findOrCreateDirectChat, D as getClient, E as getChatDetail, F as joinChat, G as listClientsForOrgAdmin, H as listChats, I as leaveAsParticipant, J as markStaleAgents, K as listMessages, L as leaveChat, M as inboxEntries, N as invalidateChatAudience, O as getOnlineCount, P as joinAsParticipant, Q as notifyRecipients, R as listActiveAgentsPinnedToClient, S as ensureParticipant$1, T as getCachedAudience, U as listChatsForMember, V as listChatParticipantsWithNames, W as listClients, X as members, Y as markSupersededByChat, Z as messages, _ as createNotifier, _t as updateClientCapabilities, a as agents, at as removeParticipant, b as editMessage, c as bindAgent, ct as retireClient, d as chats, dt as serverInstances, et as recomputeChatWatchers, f as claimClient, ft as setOffline, g as createChat, gt as unbindAgent, h as clients, ht as touchAgent, i as agentVisibilityCondition, it as registerClient, j as heartbeatInstance, k as getPresence, l as chatParticipants, lt as sendMessage, m as cleanupStalePresence, mt as submitAnswer, n as agentChatSessions, nt as recomputeWatchersForMember, o as assertClientOwner, ot as resetActivity, p as cleanupStaleClients, pt as setRuntimeState, r as agentPresence, rt as registerChatMessageDispatcher, s as assertParticipant, st as resolveChatMembership, t as addParticipant, tt as recomputeWatchersForAgent, u as chatSubscriptions, ut as sendToAgent$1, v as deriveAuthState, vt as upsertSessionState, w as getActivityOverview, x as ensureCanJoin, y as disconnectClient, z as listAgentsManagedByUser } from "./client-DHCSQ8kg-DjlSmE9q.mjs";
 import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Bg0TRiyx-BsZH4GCS.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
@@ -29,7 +29,7 @@ import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne,
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
-import { bigserial, boolean, index, integer, jsonb, pgTable, primaryKey, serial, text, timestamp, unique, uniqueIndex } from "drizzle-orm/pg-core";
+import { boolean, index, integer, jsonb, pgTable, primaryKey, serial, text, timestamp, unique, uniqueIndex } from "drizzle-orm/pg-core";
 import { SignJWT, jwtVerify } from "jose";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
@@ -1015,7 +1015,9 @@ const messageFormatSchema = z.enum([
 	"card",
 	"reference",
 	"file",
-	"task"
+	"task",
+	"question",
+	"question_answer"
 ]);
 z.object({
 	format: messageFormatSchema.default("text"),
@@ -1363,26 +1365,51 @@ z.object({
 *   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
 *   3. Done. No DB migration, no new API route.
 */
-const orgContextTreeRepoUrlSchema = z.string().url().refine((value) => {
+const SCP_LIKE_SSH_RE = /^(?:[A-Za-z0-9_.-]+@)?[A-Za-z0-9.-]+:(?!\d+(?:\/|$))[^/:@\s][^:@\s]*$/;
+function isScpLikeSshUrl(value) {
+	if (value.includes("://")) return false;
+	return SCP_LIKE_SSH_RE.test(value);
+}
+const repoUrlSchema = z.string().min(1).superRefine((value, ctx) => {
+	if (isScpLikeSshUrl(value)) return;
+	let url;
 	try {
-		return new URL(value).protocol === "https:";
+		url = new URL(value);
 	} catch {
-		return false;
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must be HTTPS, SSH (ssh://...), or scp-like (git@host:path)."
+		});
+		return;
 	}
-}, { message: "Context Tree repo URL must use HTTPS." }).refine((value) => {
-	try {
-		const url = new URL(value);
-		return url.username.length === 0 && url.password.length === 0;
-	} catch {
-		return false;
+	if (url.protocol !== "https:" && url.protocol !== "ssh:") {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must use HTTPS or SSH."
+		});
+		return;
+	}
+	if (url.password.length > 0) {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must not include credentials."
+		});
+		return;
+	}
+	if (url.protocol === "https:" && url.username.length > 0) {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must not include credentials."
+		});
+		return;
 	}
-}, { message: "Context Tree repo URL must not include credentials." });
+});
 const orgContextTreeStorageSchema = z.object({
-	repo: orgContextTreeRepoUrlSchema.optional(),
+	repo: repoUrlSchema.optional(),
 	branch: z.string().default("main")
 });
 const orgContextTreeInputSchema = z.object({
-	repo: orgContextTreeRepoUrlSchema.nullish(),
+	repo: repoUrlSchema.nullish(),
 	branch: z.string().min(1).nullish()
 });
 const orgContextTreeOutputSchema = z.object({
@@ -1395,16 +1422,36 @@ const orgGithubIntegrationOutputSchema = z.object({
 	webhookSecretConfigured: z.boolean(),
 	webhookUrl: z.string()
 });
+const orgSourceReposStorageSchema = z.object({ repos: z.array(z.object({
+	url: repoUrlSchema,
+	defaultBranch: z.string().optional()
+})).default([]) });
+const orgSourceReposInputSchema = z.object({ repos: z.array(z.object({
+	url: repoUrlSchema,
+	defaultBranch: z.string().min(1).optional()
+})).optional() });
+const orgSourceReposOutputSchema = z.object({ repos: z.array(z.object({
+	url: z.string(),
+	defaultBranch: z.string().optional()
+})) });
 const ORG_SETTINGS_NAMESPACES = {
 	context_tree: {
 		storage: orgContextTreeStorageSchema,
 		input: orgContextTreeInputSchema,
-		output: orgContextTreeOutputSchema
+		output: orgContextTreeOutputSchema,
+		readPolicy: "member"
 	},
 	github_integration: {
 		storage: orgGithubIntegrationStorageSchema,
 		input: orgGithubIntegrationInputSchema,
-		output: orgGithubIntegrationOutputSchema
+		output: orgGithubIntegrationOutputSchema,
+		readPolicy: "admin"
+	},
+	source_repos: {
+		storage: orgSourceReposStorageSchema,
+		input: orgSourceReposInputSchema,
+		output: orgSourceReposOutputSchema,
+		readPolicy: "member"
 	}
 };
 const ORG_SETTINGS_NAMESPACE_KEYS = Object.keys(ORG_SETTINGS_NAMESPACES);
@@ -1443,6 +1490,78 @@ z.object({
 	organizationId: z.string(),
 	agents: z.record(z.string(), z.array(pulseBucketSchema).length(32))
 });
+/**
+* Structured ask-user payloads bridged from the Claude Agent SDK
+* `AskUserQuestion` tool to Hub messages.
+*
+* Shape mirrors the SDK 0.2.84 input/output verbatim so the client
+* runtime adapter can pass `updatedInput` straight through. See
+* verify scripts under `packages/client/tmp-verify/` for the live
+* matrix this was validated against.
+*
+* Lifecycle:
+*  1. Agent emits a `format: "question"` message — its `content` is a
+*     `QuestionMessageContent` carrying `correlationId` + `questions[]`.
+*  2. User picks options in the Web UI and POSTs answers; server writes
+*     a `format: "question_answer"` message — its `content` is a
+*     `QuestionAnswerMessageContent` referencing the same `correlationId`.
+*  3. Client runtime resolves the in-flight `canUseTool` promise with the
+*     answers, and the SDK feeds them back to the model.
+*
+* `pending → answered → superseded` runtime status lives in a separate
+* server table (`pending_questions`) and is not part of the message —
+* messages are immutable once written.
+*/
+/**
+* Single option inside a question. `preview` is rich content rendered above
+* the label — the SDK's tool input emits it as `string | undefined` (the
+* field is omitted when the model didn't generate any preview content), so
+* we accept undefined / null / string and normalise downstream renderers
+* to treat all three the same way.
+*/
+const questionOptionSchema = z.object({
+	label: z.string().min(1),
+	description: z.string(),
+	preview: z.string().nullable().optional()
+});
+/**
+* One question. `header` is a chip-style short tag. The SDK schema docs
+* describe ≤12 chars but in practice the model occasionally emits
+* slightly longer headers; we keep the rule loose (≤24) so a stylistic
+* regression doesn't fail-closed at canUseTool and abandon the entire
+* tool call. The UI truncates visually if needed.
+*/
+const questionItemSchema = z.object({
+	question: z.string().min(1),
+	header: z.string().min(1).max(24),
+	options: z.array(questionOptionSchema).min(2).max(4),
+	multiSelect: z.boolean()
+});
+/** Session-level preview format hint. Mirrors `toolConfig.askUserQuestion.previewFormat`. */
+const questionPreviewFormatSchema = z.enum(["html", "markdown"]).nullable();
+z.object({
+	correlationId: z.string().min(1),
+	questions: z.array(questionItemSchema).min(1).max(4),
+	previewFormat: questionPreviewFormatSchema,
+	allowFreeText: z.boolean()
+});
+/**
+* Content payload for a message whose `format === "question_answer"`.
+*
+* `answers` is keyed by `QuestionItem.question` text. For `multiSelect` questions
+* the value is a `, `-joined string of selected labels (matches SDK convention).
+* For free-text answers the value is the user's raw input.
+*/
+const questionAnswerMessageContentSchema = z.object({
+	correlationId: z.string().min(1),
+	answers: z.record(z.string().min(1), z.string())
+});
+z.object({ answers: z.record(z.string().min(1), z.string()) });
+z.enum([
+	"pending",
+	"answered",
+	"superseded"
+]);
 const sessionEventKind = z.enum([
 	"tool_call",
 	"error",
@@ -2935,8 +3054,65 @@ For content with quotes, \`$\`, backticks, or newlines, prefer stdin to avoid sh
 const DEFAULT_CLONE_TIMEOUT_MS = 300 * 1e3;
 const FETCH_REFSPEC = "+refs/heads/*:refs/remotes/origin/*";
 const SESSION_BRANCH_PREFIX = "hub-session";
+/**
+* Hash a repo URL into the mirror directory name.
+*
+* The hash is computed over a *canonical* form (host + path, lowercased
+* host, no `.git` suffix, no leading/trailing slash, no protocol, no
+* `user@` prefix), so the same upstream repo addressed via any of the
+* accepted forms (HTTPS, `ssh://`, or scp-like) all land in the same
+* mirror dir. That matters because:
+*   - admins may write any of those three forms into `source_repos[].url`
+*     (the schema accepts all of them)
+*   - the `fetchOrigin` fallback below transparently swaps protocols when
+*     credentials are missing — without canonical hashing, the fallback
+*     would silently maintain a second mirror dir
+*
+* Migration cost: pre-existing mirrors created before this change use the
+* raw-URL hash and will be orphaned after the upgrade. `gcMirrors` removes
+* them on the next run; the next fetch repopulates the canonical-keyed
+* mirror. No data loss — mirror is a cache, not state.
+*/
 function hashUrl(url) {
-	return createHash("sha256").update(url).digest("hex").slice(0, 32);
+	return createHash("sha256").update(canonicalizeRepoUrl(url)).digest("hex").slice(0, 32);
+}
+/**
+* Reduce a repo URL to `<host[:port]>/<path-without-.git>`. Used as the
+* input to the mirror dir hash and exposed for unit testing.
+*
+*   `https://github.com/foo/bar.git`         → `github.com/foo/bar`
+*   `git@github.com:foo/bar.git`             → `github.com/foo/bar`
+*   `ssh://git@github.com/foo/bar.git`       → `github.com/foo/bar`
+*   `ssh://git@gitlab.example.com:2222/x/y`  → `gitlab.example.com:2222/x/y`
+*
+* Falls back to the raw input for un-parseable strings — better to keep
+* a stable mirror than to throw mid-bootstrap.
+*/
+function canonicalizeRepoUrl(url) {
+	if (!url.includes("://")) {
+		const m = url.match(/^(?:[A-Za-z0-9_.-]+@)?([A-Za-z0-9.-]+):([^/@:\s][^@:\s]*)$/);
+		const host = m?.[1];
+		const rawPath = m?.[2];
+		if (host && rawPath && !/^\d+(?:\/|$)/.test(rawPath)) {
+			const path = normalizePath(rawPath);
+			return `${host.toLowerCase()}/${path}`;
+		}
+	}
+	try {
+		const parsed = new URL(url);
+		const host = parsed.hostname.toLowerCase();
+		return `${parsed.port === "" || parsed.protocol === "https:" && parsed.port === "443" || parsed.protocol === "ssh:" && parsed.port === "22" ? host : `${host}:${parsed.port}`}/${normalizePath(parsed.pathname)}`;
+	} catch {
+		return url;
+	}
+}
+/**
+* Strip leading slashes, trailing slashes, and a trailing `.git`. Used by
+* `canonicalizeRepoUrl` so that `…/foo/bar`, `…/foo/bar/`, and `…/foo/bar.git`
+* all collapse to the same canonical path (and therefore the same mirror dir).
+*/
+function normalizePath(rawPath) {
+	return rawPath.replace(/^\/+/, "").replace(/\/+$/, "").replace(/\.git$/i, "");
 }
 function shortHash(input) {
 	return createHash("sha256").update(input).digest("hex").slice(0, 8);
@@ -2973,10 +3149,14 @@ function createGitMirrorManager(opts) {
 	}
 	async function git(args, cwd, timeoutMs, env) {
 		const start = Date.now();
+		const finalEnv = {
+			GIT_TERMINAL_PROMPT: "0",
+			...env ?? process.env
+		};
 		return await new Promise((resolveExec, rejectExec) => {
 			const proc = spawn("git", args, {
 				cwd: cwd ?? void 0,
-				env: env ?? process.env,
+				env: finalEnv,
 				stdio: [
 					"ignore",
 					"pipe",
@@ -3020,6 +3200,116 @@ function createGitMirrorManager(opts) {
 		}
 	}
 	/**
+	* `git fetch --prune origin` with one-shot bidirectional protocol fallback.
+	*
+	* Decides direction from `originUrl`'s protocol:
+	*   - HTTPS origin → on credential-shaped failure, retry as SSH
+	*   - SSH   origin → on credential-shaped failure, retry as HTTPS
+	* The fallback fires only when **all** hold:
+	*   1. The first attempt failed with a credential-shaped error in the
+	*      direction-appropriate sense (`isLikelyHttpsAuthFailure` /
+	*      `isLikelySshAuthFailure`). Network failures, missing-ref errors,
+	*      and TLS/host-key surprises propagate as-is — those won't be cured
+	*      by switching transports and silently retrying would mask real bugs.
+	*   2. The origin URL maps to a usable peer-protocol form
+	*      (see `httpsToSshBaseRewrite` / `sshToHttpsBaseRewrite`). Custom
+	*      ports beyond the protocol default disable the rewrite — there's no
+	*      universal mapping between `https://host:8443` and an SSH peer.
+	*
+	* Implementation: the retry uses `git -c url.<peer-base>.insteadOf=<origin-base>`
+	* — git resolves origin's URL through that rewrite for the duration of
+	* one subprocess and never persists anything to disk. The mirror's
+	* `remote.origin.url` stays as configured, so the next fetch starts back
+	* at the original protocol unless this fallback fires again.
+	*/
+	/**
+	* `remote set-head --auto` is a remote-talking op too — under the same
+	* credential rules as `fetch`. If we don't apply the same fallback,
+	* mirrors whose HTTPS creds are missing end up with `refs/remotes/origin/HEAD`
+	* unset, which then breaks `resolveBase()` for callers without an explicit
+	* `ref` (the default-branch lookup throws).
+	*
+	* Strategy mirrors `fetchOrigin`: try the configured protocol first, fall
+	* back to the peer protocol once via `-c url.<peer>.insteadOf=<origin>`.
+	* Returns true on either success, false if both attempts failed (which
+	* mirrors the historical `gitOk` semantics — non-fatal). No `GitMirrorAuthError`
+	* here: callers that need origin/HEAD already get a clear
+	* `GitMirrorError("Cannot resolve default branch …")` if both attempts fail.
+	*/
+	async function setHeadAuto(mirrorPath, originUrl) {
+		if (await gitOk([
+			"remote",
+			"set-head",
+			"origin",
+			"--auto"
+		], mirrorPath, 3e4)) return true;
+		const direction = pickFallbackDirection(originUrl);
+		if (!direction) return false;
+		return await gitOk([
+			"-c",
+			`url.${direction.peerBase}.insteadOf=${direction.originBase}`,
+			"remote",
+			"set-head",
+			"origin",
+			"--auto"
+		], mirrorPath, 3e4);
+	}
+	async function readOriginUrl(mirrorPath) {
+		try {
+			const { stdout } = await git([
+				"config",
+				"--get",
+				"remote.origin.url"
+			], mirrorPath, 1e4);
+			return stdout.trim() || null;
+		} catch {
+			return null;
+		}
+	}
+	async function fetchOrigin(mirrorPath, originUrl) {
+		const direction = pickFallbackDirection(originUrl);
+		try {
+			const { elapsedMs } = await git([
+				"fetch",
+				"--prune",
+				"origin"
+			], mirrorPath, cloneTimeoutMs);
+			return {
+				elapsedMs,
+				usedFallback: false
+			};
+		} catch (primaryErr) {
+			const primaryMessage = primaryErr instanceof Error ? primaryErr.message : String(primaryErr);
+			if (!direction || !direction.shouldRetry(primaryMessage)) throw primaryErr;
+			log?.info({
+				gitUrl: originUrl,
+				fromProtocol: direction.fromProtocol,
+				toProtocol: direction.toProtocol,
+				peerBase: direction.peerBase
+			}, "fetch failed with credential-shaped error; retrying with peer-protocol insteadOf rewrite");
+			try {
+				const { elapsedMs } = await git([
+					"-c",
+					`url.${direction.peerBase}.insteadOf=${direction.originBase}`,
+					"fetch",
+					"--prune",
+					"origin"
+				], mirrorPath, cloneTimeoutMs);
+				log?.info({
+					gitUrl: originUrl,
+					toProtocol: direction.toProtocol
+				}, "protocol-fallback fetch succeeded");
+				return {
+					elapsedMs,
+					usedFallback: true
+				};
+			} catch (peerErr) {
+				const peerMessage = peerErr instanceof Error ? peerErr.message : String(peerErr);
+				throw new GitMirrorAuthError(`Could not fetch ${originUrl} over ${direction.fromProtocol.toUpperCase()} or ${direction.toProtocol.toUpperCase()}. ${direction.fromProtocol.toUpperCase()} attempt failed: ${truncate(primaryMessage)} ${direction.toProtocol.toUpperCase()} retry (${direction.peerBase}) failed: ${truncate(peerMessage)}`);
+			}
+		}
+	}
+	/**
 	* Bring the mirror's config to the invariant expected by this module:
 	* fetch refspec = `+refs/heads/*:refs/remotes/origin/*`, `remote.origin.mirror`
 	* absent, `refs/remotes/origin/HEAD` resolvable.
@@ -3087,17 +3377,8 @@ function createGitMirrorManager(opts) {
 			migrated = true;
 		}
 		if (migrated) {
-			await git([
-				"fetch",
-				"--prune",
-				"origin"
-			], mirrorPath, cloneTimeoutMs);
-			await gitOk([
-				"remote",
-				"set-head",
-				"origin",
-				"--auto"
-			], mirrorPath, 3e4);
+			await fetchOrigin(mirrorPath, url);
+			await setHeadAuto(mirrorPath, url);
 			log?.info({ gitUrl: url }, "mirror config migrated");
 		}
 		return { migrated };
@@ -3127,17 +3408,8 @@ function createGitMirrorManager(opts) {
 			"remote.origin.fetch",
 			FETCH_REFSPEC
 		], mirrorPath, 1e4);
-		await git([
-			"fetch",
-			"--prune",
-			"origin"
-		], mirrorPath, cloneTimeoutMs);
-		await gitOk([
-			"remote",
-			"set-head",
-			"origin",
-			"--auto"
-		], mirrorPath, 3e4);
+		await fetchOrigin(mirrorPath, url);
+		await setHeadAuto(mirrorPath, url);
 	}
 	async function branchExists(mirrorPath, branchName) {
 		return await gitOk([
@@ -3163,6 +3435,21 @@ function createGitMirrorManager(opts) {
 				"--quiet",
 				"refs/remotes/origin/HEAD"
 			], mirrorPath, 1e4)) return "refs/remotes/origin/HEAD";
+			const url = await readOriginUrl(mirrorPath);
+			if (url && await setHeadAuto(mirrorPath, url)) {
+				if (await gitOk([
+					"rev-parse",
+					"--verify",
+					"--quiet",
+					"refs/remotes/origin/HEAD"
+				], mirrorPath, 1e4)) {
+					log?.info({
+						mirrorPath,
+						gitUrl: url
+					}, "origin/HEAD self-healed via setHeadAuto");
+					return "refs/remotes/origin/HEAD";
+				}
+			}
 			throw new GitMirrorError("Cannot resolve default branch: refs/remotes/origin/HEAD is missing. Re-run with an explicit `ref`.");
 		}
 		if (looksLikeCommitSha(ref)) {
@@ -3231,16 +3518,12 @@ function createGitMirrorManager(opts) {
 				const path = mirrorDir(url);
 				if (!existsSync(join(path, "HEAD"))) throw new GitMirrorError(`Cannot fetch — no mirror exists for "${url}"`);
 				try {
-					const { elapsedMs } = await git([
-						"fetch",
-						"--prune",
-						"origin"
-					], path, cloneTimeoutMs);
+					const { elapsedMs } = await fetchOrigin(path, url);
 					return { elapsedMs };
 				} catch (err) {
 					log?.warn({
 						gitUrl: url,
-						errorCode: err instanceof GitMirrorError ? "git-failed" : "unknown",
+						errorCode: err instanceof GitMirrorAuthError ? "auth-failed" : err instanceof GitMirrorTimeoutError ? "timeout" : err instanceof GitMirrorError ? "git-failed" : "unknown",
 						stderr: err instanceof Error ? err.message.slice(0, 1024) : String(err).slice(0, 1024)
 					}, "mirror fetch failed");
 					throw err;
@@ -3378,6 +3661,166 @@ var GitMirrorWorktreeConflictError = class extends GitMirrorError {
 	}
 };
 /**
+* Thrown when both the HTTPS fetch and the SSH fallback fail. The message
+* carries trimmed stderr from both attempts so the operator can see whether
+* the host's HTTPS credentials are missing, the SSH key is missing, or both.
+*/
+var GitMirrorAuthError = class extends GitMirrorError {
+	constructor(message) {
+		super(message);
+		this.name = "GitMirrorAuthError";
+	}
+};
+/**
+* Heuristic for HTTPS-side credential failures. Matches the indicators git
+* itself emits over libcurl / git-credential helpers, regardless of platform.
+*
+* Negative space (intentionally NOT matched): network errors
+* (`Could not resolve host`, `connection refused`), repo errors
+* (`Repository not found`, `couldn't find remote ref`), TLS errors
+* (`SSL certificate problem`). Those won't be cured by switching transports
+* and silently retrying would mask the real bug.
+*
+* Exported for unit testing.
+*/
+function isLikelyHttpsAuthFailure(message) {
+	if (!message) return false;
+	return /could not read Username/i.test(message) || /could not read Password/i.test(message) || /Authentication failed/i.test(message) || /terminal prompts disabled/i.test(message) || /HTTP\s*(?:Basic:\s*)?Access denied/i.test(message) || /\bHTTP[/ ]?(1\.[01]|2|2\.0)?\s*40[13]\b/i.test(message) || /\bfatal:\s*unable to access\b.*\b(401|403)\b/i.test(message) || /\bremote: Invalid username or password\b/i.test(message);
+}
+/**
+* Heuristic for SSH-side credential failures (no key on disk, key not
+* accepted by remote, agent has nothing usable, host key mismatch).
+*
+* Negative space (intentionally NOT matched): SSH-level network errors
+* (`Could not resolve hostname`, `Connection refused`, `Connection timed out`).
+* Those are network reachability issues — switching to HTTPS won't help
+* unless the network policy specifically blocks port 22, which is rare
+* enough that we'd rather surface the original error than guess.
+*
+* Exported for unit testing.
+*/
+function isLikelySshAuthFailure(message) {
+	if (!message) return false;
+	return /Permission denied\s*(?:\(|,)/i.test(message) || /Could not read from remote repository/i.test(message) || /Host key verification failed/i.test(message) || /no matching host key type/i.test(message) || /no mutual signature algorithm/i.test(message);
+}
+/**
+* Map an HTTPS git URL to the `insteadOf` rewrite needed to make git resolve
+* it through SSH. Returns *base* strings (suitable for
+* `git -c url.<sshBase>.insteadOf=<httpsBase>`) — git's `insteadOf` is a
+* prefix match, so we only need the host segment.
+*
+*   `https://github.com/owner/repo.git` → `git@github.com:` / `https://github.com/`
+*
+* Returns `null` for inputs that should NOT trigger fallback:
+*   - non-HTTPS URLs (already SSH, `git://`, `file://`, etc.)
+*   - URLs with embedded credentials (schema rejects these on input;
+*     belt-and-braces — never silently downgrade auth strength)
+*   - HTTPS URLs with a non-default port — there is no portable mapping to
+*     an SSH port (HTTPS:8443 ↔ SSH:???), so we refuse to guess
+*   - URLs that fail to parse
+*
+* Exported for unit testing.
+*/
+function httpsToSshBaseRewrite(url) {
+	if (!url || !/^https:\/\//i.test(url)) return null;
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return null;
+	}
+	if (parsed.protocol !== "https:") return null;
+	if (parsed.username.length > 0 || parsed.password.length > 0) return null;
+	if (!parsed.hostname) return null;
+	if (parsed.port && parsed.port !== "443") return null;
+	return {
+		httpsBase: `https://${parsed.hostname}/`,
+		sshBase: `git@${parsed.hostname}:`
+	};
+}
+/**
+* Map an SSH git URL (either `ssh://` or scp-like `[user@]host:path`) to the
+* `insteadOf` rewrite for resolving via HTTPS. Mirror of
+* `httpsToSshBaseRewrite`.
+*
+*   `git@github.com:owner/repo.git`           → `git@github.com:` / `https://github.com/`
+*   `ssh://git@github.com/owner/repo.git`     → `ssh://git@github.com/` / `https://github.com/`
+*   `ssh://git@gitlab.example.com:22/x/y.git` → `ssh://git@gitlab.example.com:22/` / `https://gitlab.example.com/`
+*
+* Returns `null` when:
+*   - URL is not SSH-shaped
+*   - URL has an embedded password (`user:pass@`)
+*   - SSH URL has a non-default port (≠ 22) — no portable mapping to HTTPS
+*
+* Exported for unit testing.
+*/
+function sshToHttpsBaseRewrite(url) {
+	if (!url) return null;
+	if (!url.includes("://")) {
+		const m = url.match(/^((?:[A-Za-z0-9_.-]+@)?)([A-Za-z0-9.-]+):([^/@:\s][^@:\s]*)$/);
+		const userAt = m?.[1];
+		const host = m?.[2];
+		const path = m?.[3];
+		if (userAt === void 0 || !host || !path) return null;
+		if (/^\d+(?:\/|$)/.test(path)) return null;
+		return {
+			sshBase: `${userAt}${host}:`,
+			httpsBase: `https://${host}/`
+		};
+	}
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return null;
+	}
+	if (parsed.protocol !== "ssh:") return null;
+	if (parsed.password.length > 0) return null;
+	if (!parsed.hostname) return null;
+	if (parsed.port && parsed.port !== "22") return null;
+	const userAt = parsed.username.length > 0 ? `${parsed.username}@` : "";
+	return {
+		sshBase: parsed.port ? `ssh://${userAt}${parsed.hostname}:${parsed.port}/` : `ssh://${userAt}${parsed.hostname}/`,
+		httpsBase: `https://${parsed.hostname}/`
+	};
+}
+/**
+* Same shape as `SCP_LIKE_SSH_RE` in the shared schema — kept in sync so
+* what the schema accepts is exactly what we route through the SSH-side
+* fallback. Single source of truth would be ideal, but cross-package import
+* for a regex isn't worth the build coupling.
+*/
+const SCP_LIKE_RE = /^(?:[A-Za-z0-9_.-]+@)?[A-Za-z0-9.-]+:(?!\d+(?:\/|$))[^/:@\s][^:@\s]*$/;
+function pickFallbackDirection(originUrl) {
+	if (/^https:\/\//i.test(originUrl)) {
+		const r = httpsToSshBaseRewrite(originUrl);
+		if (!r) return null;
+		return {
+			fromProtocol: "https",
+			toProtocol: "ssh",
+			originBase: r.httpsBase,
+			peerBase: r.sshBase,
+			shouldRetry: isLikelyHttpsAuthFailure
+		};
+	}
+	if (/^ssh:\/\//i.test(originUrl) || SCP_LIKE_RE.test(originUrl)) {
+		const r = sshToHttpsBaseRewrite(originUrl);
+		if (!r) return null;
+		return {
+			fromProtocol: "ssh",
+			toProtocol: "https",
+			originBase: r.sshBase,
+			peerBase: r.httpsBase,
+			shouldRetry: isLikelySshAuthFailure
+		};
+	}
+	return null;
+}
+function truncate(text, max = 512) {
+	if (text.length <= max) return text;
+	return `${text.slice(0, max)}…[truncated]`;
+}
+/**
 * InputController — push-based async iterable bridge.
 *
 * Bridges imperative `push()` calls to the `AsyncIterable` that
@@ -3471,6 +3914,85 @@ function cleanWorkspaces(workspaceRoot, activeChatIds, ttlMs = DEFAULT_WORKSPACE
 	}
 	return removed;
 }
+const pending = /* @__PURE__ */ new Map();
+/**
+* Register a Promise that will resolve when the matching `question_answer`
+* message arrives. Same `correlationId` re-registration is treated as the
+* SDK retrying — the previous entry is rejected as superseded so its
+* `canUseTool` callback unblocks.
+*/
+function registerPendingQuestion(args) {
+	const { correlationId, agentId, chatId } = args;
+	const existing = pending.get(correlationId);
+	if (existing) existing.resolve({
+		status: "denied",
+		reason: "Question re-registered with the same correlation id."
+	});
+	return new Promise((resolve) => {
+		pending.set(correlationId, {
+			agentId,
+			chatId,
+			registeredAt: Date.now(),
+			resolve
+		});
+	});
+}
+/**
+* Best-effort resolve. Called by the inbox dispatcher when a
+* `format: "question_answer"` message arrives. Returns `true` when an entry
+* matched (so the caller knows it can ack + skip normal session routing),
+* `false` when there was no waiter (stale answer, e.g. session resumed after
+* the bridge was already cleaned up).
+*
+* Schema validation lives here too — a malformed answer payload is logged
+* (well, `false` returned and the dispatcher emits a warn) but never throws.
+*/
+function tryResolveQuestionAnswer(content) {
+	const parsed = questionAnswerMessageContentSchema.safeParse(content);
+	if (!parsed.success) return false;
+	const entry = pending.get(parsed.data.correlationId);
+	if (!entry) return false;
+	pending.delete(parsed.data.correlationId);
+	entry.resolve({
+		status: "answered",
+		answers: parsed.data.answers
+	});
+	return true;
+}
+/** Cleanup hook used by handler.shutdown() to fail-fast every in-flight question. */
+function rejectPendingForAgent(agentId, reason) {
+	let count = 0;
+	for (const [correlationId, entry] of pending) {
+		if (entry.agentId !== agentId) continue;
+		pending.delete(correlationId);
+		entry.resolve({
+			status: "denied",
+			reason
+		});
+		count++;
+	}
+	return count;
+}
+/**
+* Silent cleanup for `handler.suspend()`. Removes pending entries WITHOUT
+* resolving the Promise — the SDK process is being torn down anyway, and
+* resolving would unblock the canUseTool callback whose return value the
+* SDK then writes to a now-closed transport (the symptom: 'ProcessTransport
+* is not ready for writing' uncaught). The orphaned Promise stack frame is
+* GC'd alongside the SDK process exit. When the user eventually answers,
+* SessionManager.dispatch sees no matching waiter (`tryResolveQuestionAnswer`
+* returns false) and routes the answer message through the normal dispatch
+* path so the suspended session resumes with the answer as fresh input.
+*/
+function clearPendingForAgent(agentId) {
+	let count = 0;
+	for (const [correlationId, entry] of pending) {
+		if (entry.agentId !== agentId) continue;
+		pending.delete(correlationId);
+		count++;
+	}
+	return count;
+}
 /**
 * Resolve which Claude Code binary the SDK should spawn.
 *
@@ -3826,6 +4348,90 @@ const createClaudeCodeHandler = (config) => {
 		recordAppliedPayload(sessionCtx);
 		consumerDone = consumeOutput(sessionCtx);
 	}
+	/**
+	* Build the SDK `canUseTool` callback for this session. Auto-allows every
+	* tool except `AskUserQuestion`, which we route through the Hub's inbox:
+	*
+	*   1. Validate the SDK's question shape against the shared Zod schema (so
+	*      a malformed model output can't smuggle bad data into Hub messages).
+	*   2. Send a `format: "question"` message via the agent SDK — this hits
+	*      the server's `sendMessage` path which writes the `pending_questions`
+	*      lifecycle row in the same transaction (see commit 2).
+	*   3. Register a Promise keyed on the SDK `toolUseID`. The matching
+	*      `question_answer` message arrives over the inbox WS / poll path
+	*      and SessionManager.dispatch resolves the Promise (commit 2 wired
+	*      the answer route + supersede hooks; SessionManager wiring lives
+	*      in this commit).
+	*   4. Map the bridge result to `PermissionResult`: `answered` →
+	*      `{ behavior: "allow", updatedInput: { questions, answers } }`,
+	*      `denied` → `{ behavior: "deny", message }` so the model abandons
+	*      the call instead of looping.
+	*
+	* `bypassPermissions` mode still calls `canUseTool` for `AskUserQuestion`
+	* specifically — verified by `tmp-verify/verify.mjs` cases A through G.
+	*/
+	function buildAskUserCanUseTool(sessionCtx) {
+		return async (toolName, input, options) => {
+			if (toolName !== "AskUserQuestion") return {
+				behavior: "allow",
+				updatedInput: input
+			};
+			const parsed = z.object({ questions: z.array(questionItemSchema).min(1).max(4) }).safeParse(input);
+			if (!parsed.success) {
+				sessionCtx.log(`AskUserQuestion: malformed input — ${parsed.error.message.slice(0, 200)}`);
+				return {
+					behavior: "deny",
+					message: "AskUserQuestion input did not validate; abandon the question and pick a different tool or answer."
+				};
+			}
+			const correlationId = options.toolUseID;
+			const questions = parsed.data.questions;
+			const questionContent = {
+				correlationId,
+				questions,
+				previewFormat: "html",
+				allowFreeText: true
+			};
+			try {
+				await sessionCtx.sdk.sendMessage(sessionCtx.chatId, {
+					format: "question",
+					content: questionContent
+				});
+			} catch (err) {
+				const reason = err instanceof Error ? err.message : String(err);
+				sessionCtx.log(`AskUserQuestion: failed to publish question — ${reason}`);
+				return {
+					behavior: "deny",
+					message: `Hub could not publish the question (${reason}); abandon the call.`
+				};
+			}
+			sessionCtx.log(`AskUserQuestion: published correlationId=${correlationId}; awaiting user answer`);
+			const result = await registerPendingQuestion({
+				correlationId,
+				agentId: sessionCtx.agent.agentId,
+				chatId: sessionCtx.chatId
+			});
+			if (options.signal.aborted) return {
+				behavior: "deny",
+				message: "AskUserQuestion aborted before an answer arrived."
+			};
+			if (result.status === "denied") {
+				sessionCtx.log(`AskUserQuestion: denied correlationId=${correlationId} reason=${result.reason}`);
+				return {
+					behavior: "deny",
+					message: result.reason
+				};
+			}
+			sessionCtx.log(`AskUserQuestion: answered correlationId=${correlationId}`);
+			return {
+				behavior: "allow",
+				updatedInput: {
+					questions,
+					answers: result.answers
+				}
+			};
+		};
+	}
 	/** Rebuild query and input controller without starting a new consumer loop (used for retry within the existing loop). */
 	function respawnQuery(sessionId, sessionCtx) {
 		buildQuery(sessionId, sessionCtx, sessionId);
@@ -3858,6 +4464,8 @@ const createClaudeCodeHandler = (config) => {
 				allowDangerouslySkipPermissions: true,
 				settingSources: ["user", "project"],
 				env: buildEnv(sessionCtx),
+				canUseTool: buildAskUserCanUseTool(sessionCtx),
+				toolConfig: { askUserQuestion: { previewFormat: "html" } },
 				...claudeCodeExecutable ? { pathToClaudeCodeExecutable: claudeCodeExecutable } : {},
 				...payload?.model ? { model: payload.model } : {},
 				...payload?.prompt.append ? { systemPrompt: {
@@ -4120,6 +4728,11 @@ const createClaudeCodeHandler = (config) => {
 		},
 		async suspend() {
 			ctx?.log("Suspending session");
+			const sessionCtx = ctx;
+			if (sessionCtx) {
+				const dropped = clearPendingForAgent(sessionCtx.agent.agentId);
+				if (dropped > 0) sessionCtx.log(`Cleared ${dropped} pending AskUserQuestion entries on suspend`);
+			}
 			if (inputController) {
 				inputController.end();
 				inputController = null;
@@ -4137,6 +4750,10 @@ const createClaudeCodeHandler = (config) => {
 		async shutdown() {
 			const sessionCtx = ctx;
 			await handler.suspend();
+			if (sessionCtx) {
+				const dropped = rejectPendingForAgent(sessionCtx.agent.agentId, "Session shutting down.");
+				if (dropped > 0) sessionCtx.log(`Rejected ${dropped} pending AskUserQuestion entries during shutdown`);
+			}
 			if (sessionCtx) await cleanupGitWorktrees(sessionCtx);
 			if (cwd) {
 				try {
@@ -4815,8 +5432,34 @@ function resolveSenderLabel(senderId, participants) {
 * Async because the participant list may need a server round-trip on first
 * use; subsequent messages in the same session hit the cache.
 */
+/**
+* Convert a SessionMessage's payload to a plain-text snippet the LLM can
+* read as user input. Most formats are already strings; the special case
+* is `question_answer` — when an answer arrives AFTER the SDK process was
+* suspended, SessionManager.dispatch routes it through the normal path,
+* and we need to render the structured `{correlationId, answers}` payload
+* as readable English so the resumed Claude turn can act on it.
+*/
+function renderForLLM(message) {
+	if (message.format === "question_answer" && message.content && typeof message.content === "object") {
+		const c = message.content;
+		if (c.answers && typeof c.answers === "object") {
+			const lines = [];
+			for (const [question, answer] of Object.entries(c.answers)) {
+				lines.push(`Q: ${question}`);
+				lines.push(`A: ${answer}`);
+			}
+			return [
+				"[The user has answered an earlier AskUserQuestion you raised. Continue the task using their answers below; do NOT call AskUserQuestion again for the same questions.]",
+				"",
+				...lines
+			].join("\n");
+		}
+	}
+	return typeof message.content === "string" ? message.content : JSON.stringify(message.content);
+}
 async function formatInboundContent(message, participants) {
-	const rawContent = typeof message.content === "string" ? message.content : JSON.stringify(message.content);
+	const rawContent = renderForLLM(message);
 	const preceding = message.precedingMessages ?? [];
 	let header = "";
 	if (preceding.length > 0) {
@@ -5019,6 +5662,16 @@ var SessionManager = class {
 	async dispatch(entry) {
 		const chatId = entry.chatId ?? entry.message.chatId;
 		const messageId = entry.message.id;
+		if (entry.message.format === "question_answer") {
+			if (tryResolveQuestionAnswer(entry.message.content)) {
+				await this.ackEntry(entry.id, chatId);
+				return;
+			}
+			this.config.log.info({
+				chatId,
+				messageId
+			}, "question_answer with no live bridge waiter — resuming session with answer as input");
+		}
 		const dedupKey = `${chatId}:${messageId}`;
 		if (this.deduplicator.isDuplicate(dedupKey)) {
 			this.config.log.debug({
@@ -8376,7 +9029,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-DbSvp9UH.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-fLnwqCOs.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9589,7 +10242,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app--DB1keQE.mjs
+//#region ../server/dist/app-CkYiQS_D.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -9613,53 +10266,6 @@ const adapterAgentMappings = pgTable("adapter_agent_mappings", {
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
 }, (table) => [unique("uq_adapter_agent_mapping").on(table.platform, table.externalUserId)]);
-/** Communication container. All messages between agents flow within a Chat. */
-const chats = pgTable("chats", {
-	id: text("id").primaryKey(),
-	organizationId: text("organization_id").notNull().references(() => organizations.id),
-	type: text("type").notNull().default("direct"),
-	topic: text("topic"),
-	lifecyclePolicy: text("lifecycle_policy").default("persistent"),
-	parentChatId: text("parent_chat_id"),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	lastMessageAt: timestamp("last_message_at", { withTimezone: true }),
-	lastMessagePreview: text("last_message_preview"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [index("idx_chats_org_last_message").on(table.organizationId, desc(table.lastMessageAt))]);
-/** Speaking participants of a chat (M:N). Watchers live in chat_subscriptions. */
-const chatParticipants = pgTable("chat_participants", {
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	role: text("role").notNull().default("member"),
-	mode: text("mode").notNull().default("full"),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	joinedAt: timestamp("joined_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_participants_agent").on(table.agentId)]);
-/**
-* Non-speaking observers ("watchers"). Used by the chat-first workspace so a
-* user can supervise chats their managed agents participate in without
-* accidentally being part of fan-out.
-*
-* Invariants:
-*   1. (chat_id, agent_id) is mutually exclusive with chat_participants.
-*   2. Rows here NEVER produce inbox_entries (fan-out exclusivity).
-*   3. Mention candidate resolution NEVER includes these rows.
-*   4. State transitions (join/leave) carry last_read_at + counter; lifecycle
-*      recomputes default to NULL/0 and MUST NOT run on the join/leave path.
-*
-* See docs/chat-first-workspace-product-design.md "Data Model" + "State
-* Transitions" for the full contract.
-*/
-const chatSubscriptions = pgTable("chat_subscriptions", {
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	kind: text("kind").notNull().default("watching"),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.chatId, table.agentId] }), index("idx_chat_subscriptions_agent").on(table.agentId)]);
 /**
 * Tasks — lightweight work units. Process descriptors, not tickets.
 * Immutable status state machine: pending → assigned → working → (completed | failed | cancelled).
@@ -10090,7 +10696,7 @@ async function deleteAdapterConfig(db, id) {
 	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
 	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
 }
-const log$7 = createLogger$1("Adapters");
+const log$5 = createLogger$1("Adapters");
 function parseId(raw) {
 	const id = Number(raw);
 	if (!Number.isInteger(id) || id <= 0) throw new BadRequestError(`Invalid adapter ID: "${raw}"`);
@@ -10116,7 +10722,7 @@ async function adapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertAgentManageableByUser(app.db, userId, existing.agentId);
 		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after update"));
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after update"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return {
 			...config,
@@ -10130,7 +10736,7 @@ async function adapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertAgentManageableByUser(app.db, userId, existing.agentId);
 		await deleteAdapterConfig(app.db, id);
-		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after delete"));
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after delete"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -10146,619 +10752,6 @@ function requireAgent(request) {
 	if (!agent) throw new UnauthorizedError("Agent authentication required");
 	return agent;
 }
-/**
-* Process-local cache for the per-chat realtime push audience
-* (`chat_participants ∪ chat_subscriptions`, keyed by human agent
-* uuid). Sits in front of the admin WS dispatch so a chat with N
-* messages/sec doesn't issue N audience-resolution queries; one query
-* + cache hit per chat per TTL window.
-*
-* The cache exposes both a populator (`getCachedAudience`) and an
-* invalidator (`invalidateChatAudience`). Participant-mutation paths
-* (`addMeChatParticipants`, `joinMeChat`, `leaveMeChat`,
-* `recomputeChatWatchers`, `joinAsParticipant`, `leaveAsParticipant`)
-* MUST call `invalidateChatAudience` after their tx commits so the
-* very next dispatch reflects the new audience without waiting for
-* the TTL to age out — without invalidation, a freshly-added speaker
-* would miss `chat:message` pushes for up to TTL_MS.
-*
-* Cross-instance correctness: not handled here. The PG NOTIFY layer
-* already broadcasts message events to every replica; each replica's
-* audience cache is independently invalidated by its own
-* service-layer mutations on chats it routes traffic for. For
-* cross-replica participant changes to invalidate this cache, route
-* the mutation through the same replica that hosts the WS connection
-* (sticky routing) or add a dedicated `chat:audience` PG NOTIFY in
-* a follow-up.
-*/
-const log$6 = createLogger$1("ChatAudienceCache");
-const TTL_MS = 5e3;
-const MAX_ENTRIES = 1024;
-const cache = /* @__PURE__ */ new Map();
-/** Resolve a chat's push audience, hitting the cache when fresh.
-*  Returns null on DB error (caller should skip dispatch). */
-async function getCachedAudience(db, chatId) {
-	const now = Date.now();
-	const cached = cache.get(chatId);
-	if (cached && cached.expiresAt > now) return cached.audience;
-	try {
-		const rows = await db.execute(sql`
-      SELECT agent_id FROM chat_participants WHERE chat_id = ${chatId}
-      UNION
-      SELECT agent_id FROM chat_subscriptions WHERE chat_id = ${chatId}
-    `);
-		const audience = new Set(rows.map((r) => r.agent_id));
-		cache.set(chatId, {
-			audience,
-			expiresAt: now + TTL_MS
-		});
-		if (cache.size > MAX_ENTRIES) {
-			for (const [k, v] of cache) if (v.expiresAt <= now) cache.delete(k);
-		}
-		return audience;
-	} catch (err) {
-		log$6.warn({
-			err,
-			chatId
-		}, "failed to resolve chat audience");
-		return null;
-	}
-}
-/** Drop the cached audience for a chat. Called from participant-
-*  mutation paths after their transaction commits, so the next
-*  `chat:message` dispatch hits the DB and reflects the new
-*  membership instead of serving a stale TTL window. */
-function invalidateChatAudience(chatId) {
-	cache.delete(chatId);
-}
-/**
-* Chat-first workspace — watcher subscription helpers.
-*
-* Watchers (rows in `chat_subscriptions`) are non-speaking observers. A
-* member who manages an agent that participates in a chat — but whose own
-* human agent is not a speaker there — sees the chat in their workspace
-* via a watcher row.
-*
-* Two distinct kinds of operation live here:
-*
-*   1. Set rebuilds (`recompute*`). Idempotent set-based recomputations
-*      driven by lifecycle events (chat created, participant added/removed,
-*      member status flipped, etc.). These DEFAULT new rows to NULL/0 read
-*      state.
-*
-*   2. State-carry transitions (`joinAsParticipant`, `leaveAsParticipant`).
-*      Move a single (chat, agent) pair between `chat_participants` and
-*      `chat_subscriptions` while preserving `last_read_at` and
-*      `unread_mention_count`. NEVER call recompute on this path or you'll
-*      lose read state.
-*
-* See docs/chat-first-workspace-product-design.md "State Transitions" and
-* "Risk Constraints".
-*/
-/**
-* Recompute watcher rows for ONE chat. For every active member who:
-*   - manages a non-human agent that speaks in the chat, AND
-*   - whose own human agent is NOT a speaker in the chat
-* an `(chat_id, member.agent_id)` watcher row is upserted (NULL read state).
-*
-* Watchers whose anchoring condition no longer holds (manager left, the
-* managed agent was removed from the chat, the manager joined as a speaker
-* themselves) are deleted.
-*
-* Idempotent: safe to call multiple times for the same chat.
-*/
-async function recomputeChatWatchers(db, chatId) {
-	await db.execute(sql`
-    INSERT INTO chat_subscriptions
-      (chat_id, agent_id, kind, last_read_at, unread_mention_count, created_at)
-    SELECT DISTINCT cp.chat_id, m.agent_id, 'watching', NULL::timestamp with time zone, 0, now()
-      FROM chat_participants cp
-      JOIN agents  a ON a.uuid = cp.agent_id
-      JOIN members m ON m.id   = a.manager_id
-     WHERE cp.chat_id = ${chatId}
-       AND m.status   = 'active'
-       AND a.type    <> 'human'
-       AND NOT EXISTS (
-         SELECT 1 FROM chat_participants cp2
-          WHERE cp2.chat_id  = cp.chat_id
-            AND cp2.agent_id = m.agent_id
-       )
-    ON CONFLICT (chat_id, agent_id) DO NOTHING
-  `);
-	await db.execute(sql`
-    DELETE FROM chat_subscriptions cs
-     WHERE cs.chat_id = ${chatId}
-       AND NOT EXISTS (
-         SELECT 1
-           FROM chat_participants cp
-           JOIN agents  a ON a.uuid = cp.agent_id
-           JOIN members m ON m.id   = a.manager_id
-          WHERE cp.chat_id = cs.chat_id
-            AND m.agent_id = cs.agent_id
-            AND m.status   = 'active'
-            AND a.type    <> 'human'
-            AND NOT EXISTS (
-              SELECT 1 FROM chat_participants cp2
-               WHERE cp2.chat_id  = cp.chat_id
-                 AND cp2.agent_id = m.agent_id
-            )
-       )
-  `);
-}
-/**
-* Recompute watcher rows touching ONE agent across all chats it speaks in.
-* Used after `rebindAgent` (manager change) so the new manager picks up
-* watcher rows and the old manager's are dropped.
-*/
-async function recomputeWatchersForAgent(db, agentId) {
-	const chatRows = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId));
-	for (const { chatId } of chatRows) await recomputeChatWatchers(db, chatId);
-}
-/**
-* Recompute watcher rows touching ONE member across all chats. Triggered
-* when the member's status flips active ↔ left.
-*/
-async function recomputeWatchersForMember(db, memberId) {
-	const rows = await db.selectDistinct({ chatId: chatParticipants.chatId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(and(eq(agents.managerId, memberId), ne(agents.type, "human")));
-	for (const { chatId } of rows) await recomputeChatWatchers(db, chatId);
-}
-/**
-* Mirror of `services/chat.ts` `maybeUpgradeDirectToGroup`. Inlined here so
-* `joinAsParticipant` keeps the upgrade rule + the state carry in one
-* transaction without depending on chat.ts (avoids a circular import).
-*/
-async function maybeUpgradeDirectToGroup$1(tx, chatId, existingParticipantIds) {
-	if (existingParticipantIds.length + 1 < 3) return;
-	const [chat] = await tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat || chat.type !== "direct") return;
-	await tx.update(chats).set({
-		type: "group",
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(chats.id, chatId));
-	if (existingParticipantIds.length === 0) return;
-	const ids = (await tx.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((r) => r.uuid);
-	if (ids.length === 0) return;
-	await tx.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
-}
-/**
-* Watcher → speaking participant. State-carry transaction.
-*
-*   1. DELETE the watcher row (returning read state).
-*   2. If a participant row already exists, no-op (idempotent).
-*   3. Otherwise, run the direct → group upgrade rule against the *current*
-*      participant set, then INSERT the participant row carrying read state.
-*
-* If `requireWatcherOrVisible` is true, refuse when the user has neither a
-* watcher row nor admin-derived visibility — used to keep the public
-* `/me/chats/:chatId/join` endpoint honest. Pre-check happens in the
-* route layer where we have the full member scope.
-*/
-async function joinAsParticipant(db, chatId, humanAgentId) {
-	return db.transaction(async (tx) => {
-		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
-			lastReadAt: chatSubscriptions.lastReadAt,
-			unreadMentionCount: chatSubscriptions.unreadMentionCount
-		});
-		const [existing] = await tx.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
-		if (existing) return {
-			chatId,
-			inserted: false,
-			carried: carriedRow ?? null
-		};
-		await maybeUpgradeDirectToGroup$1(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId));
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId: humanAgentId,
-			role: "member",
-			mode: "full",
-			lastReadAt: carriedRow?.lastReadAt ?? null,
-			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
-		});
-		return {
-			chatId,
-			inserted: true,
-			carried: carriedRow ?? null
-		};
-	});
-}
-/**
-* Speaking participant → watcher (or fully detach).
-*
-*   1. DELETE the participant row (returning read state).
-*   2. Test "still visible": is the user still the manager of an agent that
-*      remains a participant in this chat? If yes, INSERT a watcher row
-*      carrying read state. If no, drop entirely.
-*
-* Caller must validate that the user actually has a participant row to
-* leave (returns `NotFoundError` if not).
-*/
-async function leaveAsParticipant(db, chatId, humanAgentId) {
-	return db.transaction(async (tx) => {
-		const [carried] = await tx.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).returning({
-			lastReadAt: chatParticipants.lastReadAt,
-			unreadMentionCount: chatParticipants.unreadMentionCount
-		});
-		if (!carried) throw new NotFoundError("Not a participant of this chat");
-		const [stillVisibleRow] = await tx.execute(sql`
-      SELECT EXISTS (
-        SELECT 1
-          FROM chat_participants cp
-          JOIN agents  a ON a.uuid = cp.agent_id
-          JOIN members m ON m.id   = a.manager_id
-         WHERE cp.chat_id = ${chatId}
-           AND m.agent_id = ${humanAgentId}
-           AND m.status   = 'active'
-           AND a.type    <> 'human'
-      ) AS visible
-    `);
-		if (!Boolean(stillVisibleRow?.visible)) return {
-			chatId,
-			membershipKind: null
-		};
-		await tx.insert(chatSubscriptions).values({
-			chatId,
-			agentId: humanAgentId,
-			kind: "watching",
-			lastReadAt: carried.lastReadAt,
-			unreadMentionCount: carried.unreadMentionCount
-		}).onConflictDoNothing();
-		return {
-			chatId,
-			membershipKind: "watching"
-		};
-	});
-}
-/**
-* Resolve the membership row of the human agent for the given chat. Returns
-* one of: 'participant', 'watching', or null.
-*
-* Used by `/me/chats/:chatId/join` to refuse a join when the user has
-* neither a watcher row nor a participant row, and isn't otherwise
-* authorised (admin in the chat's org).
-*/
-async function resolveChatMembership(db, chatId, humanAgentId) {
-	const [participant] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, humanAgentId))).limit(1);
-	if (participant) return "participant";
-	const [sub] = await db.select({ chatId: chatSubscriptions.chatId }).from(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).limit(1);
-	if (sub) return "watching";
-	return null;
-}
-/**
-* Used by `/me/chats/:chatId/join`. Throw 409 if already a speaker (no work
-* to do) and 403 if no watcher row and no admin override. Admin override is
-* resolved at the route layer; this helper only reports the watcher state.
-*/
-function ensureCanJoin(membership) {
-	if (membership === "participant") throw new ConflictError("Already a participant in this chat");
-	if (membership === null) throw new ForbiddenError("Not a watcher of this chat — open the chat from your workspace before joining");
-}
-/**
-* When a direct chat grows past 2 participants, upgrade it to `group` and
-* flip every existing non-human agent participant to `mention_only` — see
-* proposals/hub-agent-messaging-reply-and-mentions §3.3. The caller is
-* expected to insert the new participant AFTER this runs, so the "existing"
-* set excludes them.
-*
-* Idempotent: if the chat is already a group, no-op.
-*/
-async function maybeUpgradeDirectToGroup(db, chatId, existingParticipantIds, newParticipantCount) {
-	if (existingParticipantIds.length + newParticipantCount < 3) return;
-	const [chat] = await db.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat || chat.type !== "direct") return;
-	await db.update(chats).set({
-		type: "group",
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(chats.id, chatId));
-	if (existingParticipantIds.length === 0) return;
-	const ids = (await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((a) => a.uuid);
-	if (ids.length === 0) return;
-	await db.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
-}
-async function createChat(db, creatorId, data) {
-	const chatId = randomUUID();
-	const allParticipantIds = new Set([creatorId, ...data.participantIds]);
-	const existingAgents = await db.select({
-		id: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, [...allParticipantIds]));
-	if (existingAgents.length !== allParticipantIds.size) {
-		const found = new Set(existingAgents.map((a) => a.id));
-		throw new BadRequestError(`Agents not found: ${[...allParticipantIds].filter((id) => !found.has(id)).join(", ")}`);
-	}
-	const creator = existingAgents.find((a) => a.id === creatorId);
-	if (!creator) throw new Error("Unexpected: creator not in existingAgents");
-	const orgId = creator.organizationId;
-	const crossOrg = existingAgents.filter((a) => a.organizationId !== orgId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.id).join(", ")}`);
-	const isDirectAgentOnly = data.type === "direct" && existingAgents.every((a) => a.type !== "human");
-	return db.transaction(async (tx) => {
-		const [chat] = await tx.insert(chats).values({
-			id: chatId,
-			organizationId: orgId,
-			type: data.type,
-			topic: data.topic ?? null,
-			metadata: data.metadata ?? {}
-		}).returning();
-		const participantRows = [...allParticipantIds].map((agentId) => ({
-			chatId,
-			agentId,
-			role: agentId === creatorId ? "owner" : "member",
-			...isDirectAgentOnly ? { mode: "mention_only" } : {}
-		}));
-		await tx.insert(chatParticipants).values(participantRows);
-		await recomputeChatWatchers(tx, chatId);
-		const participants = await tx.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		return {
-			...chat,
-			participants
-		};
-	});
-}
-async function getChat(db, chatId) {
-	const [chat] = await db.select().from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
-	return chat;
-}
-async function getChatDetail(db, chatId) {
-	const chat = await getChat(db, chatId);
-	const participants = await db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-	return {
-		...chat,
-		participants
-	};
-}
-async function listChats(db, agentId, limit, cursor) {
-	const chatIds = (await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentId))).map((r) => r.chatId);
-	if (chatIds.length === 0) return {
-		items: [],
-		nextCursor: null
-	};
-	const where = cursor ? and(inArray(chats.id, chatIds), lt(chats.updatedAt, new Date(cursor))) : inArray(chats.id, chatIds);
-	const rows = await db.select().from(chats).where(where).orderBy(desc(chats.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.updatedAt.toISOString() : null
-	};
-}
-/**
-* List participants of a chat with their agent names — used by the client
-* runtime to resolve `@<name>` mentions against the authoritative participant
-* set (see proposals/hub-agent-messaging-reply-and-mentions §4).
-*/
-async function listChatParticipantsWithNames(db, chatId) {
-	return await db.select({
-		agentId: chatParticipants.agentId,
-		role: chatParticipants.role,
-		mode: chatParticipants.mode,
-		joinedAt: chatParticipants.joinedAt,
-		name: agents.name,
-		displayName: agents.displayName,
-		type: agents.type
-	}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
-}
-async function assertParticipant(db, chatId, agentId) {
-	const [row] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
-	if (!row) throw new ForbiddenError("Not a participant of this chat");
-}
-/** Ensure an agent is a participant of a chat. Silently adds them if not already. */
-async function ensureParticipant$1(db, chatId, agentId) {
-	const [existing] = await db.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
-	if (existing) return;
-	await db.transaction(async (tx) => {
-		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
-		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, agentId)));
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId,
-			mode: "full"
-		}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-}
-async function addParticipant(db, chatId, requesterId, data) {
-	const chat = await getChat(db, chatId);
-	await assertParticipant(db, chatId, requesterId);
-	const [targetAgent] = await db.select({
-		id: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, data.agentId)).limit(1);
-	if (!targetAgent) throw new NotFoundError(`Agent "${data.agentId}" not found`);
-	if (targetAgent.organizationId !== chat.organizationId) throw new BadRequestError("Cannot add agent from different organization");
-	const [existing] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, data.agentId))).limit(1);
-	if (existing) throw new ConflictError(`Agent "${data.agentId}" is already a participant`);
-	await db.transaction(async (tx) => {
-		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
-		await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, data.agentId)));
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId: data.agentId,
-			mode: data.mode ?? "full"
-		});
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-async function removeParticipant(db, chatId, requesterId, targetAgentId) {
-	await assertParticipant(db, chatId, requesterId);
-	if (requesterId === targetAgentId) throw new BadRequestError("Cannot remove yourself from a chat");
-	const [removed] = await db.delete(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, targetAgentId))).returning();
-	if (!removed) throw new NotFoundError(`Agent "${targetAgentId}" is not a participant of this chat`);
-	await recomputeChatWatchers(db, chatId);
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-/**
-* List chats visible to a member, grouped by agent.
-* A member sees chats where:
-*   1. Their human agent is a participant, OR
-*   2. Any agent they manage (managerId = memberId) is a participant (supervision)
-*/
-async function listChatsForMember(db, memberId, humanAgentId) {
-	const managedAgents = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		type: agents.type,
-		displayName: agents.displayName
-	}).from(agents).where(eq(agents.managerId, memberId));
-	const agentMap = /* @__PURE__ */ new Map();
-	for (const a of managedAgents) agentMap.set(a.uuid, a);
-	if (!agentMap.has(humanAgentId)) {
-		const [ha] = await db.select({
-			uuid: agents.uuid,
-			name: agents.name,
-			type: agents.type,
-			displayName: agents.displayName
-		}).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
-		if (ha) agentMap.set(ha.uuid, ha);
-	}
-	const agentIds = [...agentMap.keys()];
-	if (agentIds.length === 0) return [];
-	const participations = await db.select({
-		chatId: chatParticipants.chatId,
-		agentId: chatParticipants.agentId,
-		role: chatParticipants.role,
-		mode: chatParticipants.mode
-	}).from(chatParticipants).where(inArray(chatParticipants.agentId, agentIds));
-	if (participations.length === 0) return [];
-	const chatIds = [...new Set(participations.map((p) => p.chatId))];
-	const agentChatMap = /* @__PURE__ */ new Map();
-	for (const p of participations) {
-		const list = agentChatMap.get(p.agentId) ?? [];
-		list.push(p.chatId);
-		agentChatMap.set(p.agentId, list);
-	}
-	const chatRows = await db.select({
-		id: chats.id,
-		type: chats.type,
-		topic: chats.topic,
-		metadata: chats.metadata,
-		createdAt: chats.createdAt,
-		updatedAt: chats.updatedAt,
-		participantCount: sql`(SELECT count(*)::int FROM chat_participants WHERE chat_id = ${chats.id})`
-	}).from(chats).where(inArray(chats.id, chatIds)).orderBy(desc(chats.updatedAt));
-	const chatMap = new Map(chatRows.map((c) => [c.id, c]));
-	const humanParticipantChatIds = new Set(participations.filter((p) => p.agentId === humanAgentId).map((p) => p.chatId));
-	const result = [];
-	for (const [agentId, agentChatIds] of agentChatMap) {
-		const agentInfo = agentMap.get(agentId);
-		if (!agentInfo) continue;
-		const agentChats = agentChatIds.map((chatId) => {
-			const chat = chatMap.get(chatId);
-			if (!chat) return null;
-			const isSupervisionOnly = agentId !== humanAgentId && !humanParticipantChatIds.has(chatId);
-			return {
-				id: chat.id,
-				type: chat.type,
-				topic: chat.topic,
-				participantCount: chat.participantCount,
-				isSupervisionOnly,
-				createdAt: chat.createdAt.toISOString(),
-				updatedAt: chat.updatedAt.toISOString()
-			};
-		}).filter((c) => c !== null);
-		if (agentChats.length > 0) result.push({
-			agent: agentInfo,
-			chats: agentChats
-		});
-	}
-	return result;
-}
-/**
-* Manager joins a chat. Adds their human agent as a participant.
-* Requires the member to have supervision rights (manages at least one existing participant).
-*/
-async function joinChat(db, chatId, memberId, humanAgentId) {
-	const chat = await getChat(db, chatId);
-	const participantAgentIds = (await db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId);
-	if (participantAgentIds.length === 0) throw new NotFoundError("Chat has no participants");
-	if (participantAgentIds.includes(humanAgentId)) throw new ConflictError("Already a participant in this chat");
-	if ((await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, participantAgentIds), eq(agents.managerId, memberId)))).length === 0) throw new ForbiddenError("You can only join chats where you manage at least one participant");
-	const [humanAgent] = await db.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
-	if (!humanAgent || humanAgent.organizationId !== chat.organizationId) throw new BadRequestError("Agent does not belong to the same organization as the chat");
-	await db.transaction(async (tx) => {
-		const [carriedRow] = await tx.delete(chatSubscriptions).where(and(eq(chatSubscriptions.chatId, chatId), eq(chatSubscriptions.agentId, humanAgentId))).returning({
-			lastReadAt: chatSubscriptions.lastReadAt,
-			unreadMentionCount: chatSubscriptions.unreadMentionCount
-		});
-		await maybeUpgradeDirectToGroup(tx, chatId, participantAgentIds, 1);
-		await tx.insert(chatParticipants).values({
-			chatId,
-			agentId: humanAgentId,
-			role: "member",
-			mode: "full",
-			lastReadAt: carriedRow?.lastReadAt ?? null,
-			unreadMentionCount: carriedRow?.unreadMentionCount ?? 0
-		});
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-/**
-* Manager leaves a chat. Removes their human agent from participants.
-* Only allowed if the human agent is a participant.
-*
-* Delegates the participant→watcher transition to `leaveAsParticipant`
-* so admin-side and `/me/chats/:id/leave` share one canonical path. The
-* earlier "recompute then UPDATE-back state" variant violated the design
-* rule that recompute is only for set rebuild — never on a transition
-* path (review #228 issue #2). The returned participant list is fetched
-* after the tx commits, matching the admin route's existing contract.
-*/
-async function leaveChat(db, chatId, humanAgentId) {
-	await leaveAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
-}
-async function findOrCreateDirectChat(db, agentAId, agentBId) {
-	const aChats = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentAId));
-	const bChats = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(eq(chatParticipants.agentId, agentBId));
-	const bChatIds = new Set(bChats.map((r) => r.chatId));
-	const commonChatIds = aChats.map((r) => r.chatId).filter((id) => bChatIds.has(id));
-	if (commonChatIds.length > 0) {
-		const directChats = await db.select().from(chats).where(and(inArray(chats.id, commonChatIds), eq(chats.type, "direct")));
-		if (directChats.length > 0 && directChats[0]) return directChats[0];
-	}
-	const ends = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, [agentAId, agentBId]));
-	const agentA = ends.find((a) => a.uuid === agentAId);
-	if (!agentA) throw new NotFoundError(`Agent "${agentAId}" not found`);
-	const agentB = ends.find((a) => a.uuid === agentBId);
-	if (!agentB) throw new NotFoundError(`Agent "${agentBId}" not found`);
-	const mode = agentA.type !== "human" && agentB.type !== "human" ? "mention_only" : "full";
-	const chatId = randomUUID();
-	return db.transaction(async (tx) => {
-		const [chat] = await tx.insert(chats).values({
-			id: chatId,
-			organizationId: agentA.organizationId,
-			type: "direct"
-		}).returning();
-		await tx.insert(chatParticipants).values([{
-			chatId,
-			agentId: agentAId,
-			role: "member",
-			mode
-		}, {
-			chatId,
-			agentId: agentBId,
-			role: "member",
-			mode
-		}]);
-		await recomputeChatWatchers(tx, chatId);
-		if (!chat) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		return chat;
-	});
-}
 function serializeChat(chat) {
 	return {
 		...chat,
@@ -10866,46 +10859,6 @@ const agentConfigs = pgTable("agent_configs", {
 	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
 });
 /**
-* Shared access-control primitives. Most route-level gating now lives in
-* `scope/require-*.ts` — this module is reduced to two helpers that need
-* SQL building blocks reused across routes and tests:
-*
-*   - `agentVisibilityCondition` — WHERE clause for "agents visible to a
-*     member" (org-visible OR managerId = the caller's member). Composed
-*     into list queries that already select from `agents`.
-*   - `listAgentsManagedByUser` — cross-org list of agents personally
-*     managed by a user; powers the CLI `agent list --remote` view.
-*
-* Visibility is the same for all roles — admin sees the same set as a
-* regular member. Admin privilege is expressed through manageability
-* (`requireAgentAccess(..., "manage")`), not visibility.
-*/
-/**
-* SQL WHERE conditions for agents visible to a member.
-*   target org + not deleted + (organization-visible OR managerId = caller's member)
-*/
-function agentVisibilityCondition(orgId, memberId) {
-	return and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED), or(eq(agents.visibility, AGENT_VISIBILITY.ORGANIZATION), eq(agents.managerId, memberId)));
-}
-/**
-* Cross-org listing helper for "agents I personally manage". Used by the
-* CLI `agent list --remote` view — JOINs `agents → members.id` and filters
-* by `members.user_id`.
-*/
-async function listAgentsManagedByUser(db, userId) {
-	return db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		displayName: agents.displayName,
-		type: agents.type,
-		organizationId: agents.organizationId,
-		inboxId: agents.inboxId,
-		visibility: agents.visibility,
-		runtimeProvider: agents.runtimeProvider,
-		clientId: agents.clientId
-	}).from(agents).innerJoin(members, eq(agents.managerId, members.id)).where(and(eq(members.userId, userId), eq(members.status, "active"), ne(agents.status, AGENT_STATUSES.DELETED)));
-}
-/**
 * Resolve the UUID of the "default" organization. Internal use only —
 * webhooks, fallbacks, etc. The HTTP API layer no longer falls back to
 * the JWT default org.
@@ -11348,7 +11301,7 @@ async function deleteAgent(db, uuid) {
 	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
 	return agent;
 }
-const log$5 = createLogger$1("AgentFeishuBot");
+const log$4 = createLogger$1("AgentFeishuBot");
 async function agentFeishuBotRoutes(app) {
 	/**
 	* PUT /agent/me/feishu-bot
@@ -11376,7 +11329,7 @@ async function agentFeishuBotRoutes(app) {
 			},
 			status: "active"
 		}, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service bind"));
+		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service bind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(current ? 200 : 201).send({
 			...config,
@@ -11393,7 +11346,7 @@ async function agentFeishuBotRoutes(app) {
 		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
 		if (!current) return reply.status(204).send();
 		await deleteAdapterConfig(app.db, current.id);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service unbind"));
+		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service unbind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -11414,20 +11367,6 @@ const adapterChatMappings = pgTable("adapter_chat_mappings", {
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
 });
-/** Messages. Immutable after creation. Each message belongs to exactly one Chat. */
-const messages = pgTable("messages", {
-	id: text("id").primaryKey(),
-	chatId: text("chat_id").notNull().references(() => chats.id),
-	senderId: text("sender_id").notNull(),
-	format: text("format").notNull(),
-	content: jsonb("content").$type().notNull(),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	replyToInbox: text("reply_to_inbox"),
-	replyToChat: text("reply_to_chat"),
-	inReplyTo: text("in_reply_to"),
-	source: text("source"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [index("idx_messages_chat_time").on(table.chatId, table.createdAt), index("idx_messages_in_reply_to").on(table.inReplyTo)]);
 /** Cross-reference between internal messages and external platform message IDs. */
 const adapterMessageReferences = pgTable("adapter_message_references", {
 	id: serial("id").primaryKey(),
@@ -11618,24 +11557,6 @@ async function agentFeishuUserRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-/** Delivery queue (envelope). One entry per recipient created during message fan-out. Uses SKIP LOCKED for concurrent-safe consumption. */
-const inboxEntries = pgTable("inbox_entries", {
-	id: bigserial("id", { mode: "number" }).primaryKey(),
-	inboxId: text("inbox_id").notNull(),
-	messageId: text("message_id").notNull().references(() => messages.id),
-	chatId: text("chat_id"),
-	status: text("status").notNull().default("pending"),
-	notify: boolean("notify").notNull().default(true),
-	retryCount: integer("retry_count").notNull().default(0),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	deliveredAt: timestamp("delivered_at", { withTimezone: true }),
-	ackedAt: timestamp("acked_at", { withTimezone: true })
-}, (table) => [
-	unique("uq_inbox_delivery").on(table.inboxId, table.messageId, table.chatId),
-	index("idx_inbox_pending").on(table.inboxId, table.createdAt),
-	index("idx_inbox_pending_notify").on(table.inboxId, table.createdAt).where(sql`status = 'pending' AND notify = true`),
-	index("idx_inbox_chat_silent").on(table.inboxId, table.chatId, table.notify, table.status)
-]);
 function normaliseSource(source) {
 	if (source === null) return null;
 	const parsed = messageSourceSchema$1.safeParse(source);
@@ -12071,585 +11992,6 @@ async function collectTargetInboxes(db, chatId, inReplyTo) {
 	}
 	return [...set];
 }
-/** Per-session state snapshot. One row per (agent, chat) pair, upserted on each session:state message. */
-const agentChatSessions = pgTable("agent_chat_sessions", {
-	agentId: text("agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	state: text("state").notNull(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [primaryKey({ columns: [table.agentId, table.chatId] })]);
-/**
-* Upsert session state + refresh presence aggregates + NOTIFY.
-*
-* `agent_chat_sessions.(agent_id, chat_id)` is a single-row "current session
-* state" cache, not a session history log. A new runtime session starting on
-* the same (agent, chat) pair MUST overwrite whatever ended before — including
-* an `evicted` row left by a previous terminate. The previous "revival
-* defense" conflated two concerns: "this runtime session ended" (which is
-* what `evicted` actually means) and "this chat is permanently archived for
-* this agent" (a chat-level decision that should live on `chats`, not here).
-* See proposals/hub-agent-messaging-reply-and-mentions §M2-session-lifecycle.
-*
-* Presence row contract: this function tolerates a missing `agent_presence`
-* row by using `INSERT ... ON CONFLICT DO UPDATE`. The predictive-write path
-* (sendMessage on first message) may target an agent whose client has never
-* bound, so a prior `update agent_presence ... where agentId` would silently
-* drop the activeSessions/totalSessions refresh. See PR #198 review §2.
-*/
-async function upsertSessionState(db, agentId, chatId, state, organizationId, notifier, options) {
-	const now = /* @__PURE__ */ new Date();
-	let wrote = false;
-	await db.transaction(async (tx) => {
-		await tx.insert(agentChatSessions).values({
-			agentId,
-			chatId,
-			state,
-			updatedAt: now
-		}).onConflictDoUpdate({
-			target: [agentChatSessions.agentId, agentChatSessions.chatId],
-			set: {
-				state,
-				updatedAt: now
-			},
-			setWhere: ne(agentChatSessions.state, state)
-		});
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		const activeSessions = counts?.active ?? 0;
-		const totalSessions = counts?.total ?? 0;
-		const presenceSet = options?.touchPresenceLastSeen ?? true ? {
-			activeSessions,
-			totalSessions,
-			lastSeenAt: now
-		} : {
-			activeSessions,
-			totalSessions
-		};
-		await tx.insert(agentPresence).values({
-			agentId,
-			activeSessions,
-			totalSessions
-		}).onConflictDoUpdate({
-			target: [agentPresence.agentId],
-			set: presenceSet
-		});
-		wrote = true;
-	});
-	if (wrote && notifier) notifier.notifySessionStateChange(agentId, chatId, state, organizationId).catch(() => {});
-}
-async function resetActivity(db, agentId) {
-	const now = /* @__PURE__ */ new Date();
-	await db.update(agentPresence).set({
-		runtimeState: "idle",
-		runtimeUpdatedAt: now
-	}).where(eq(agentPresence.agentId, agentId));
-}
-async function getActivityOverview(db) {
-	const [agentCounts] = await db.select({
-		total: sql`count(*)::int`,
-		running: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} IS NOT NULL)::int`,
-		idle: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'idle')::int`,
-		working: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'working')::int`,
-		blocked: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'blocked')::int`,
-		error: sql`count(*) FILTER (WHERE ${agentPresence.runtimeState} = 'error')::int`
-	}).from(agentPresence);
-	const [clientCounts] = await db.select({ count: sql`count(*)::int` }).from(clients).where(eq(clients.status, "connected"));
-	return {
-		total: agentCounts?.total ?? 0,
-		running: agentCounts?.running ?? 0,
-		byState: {
-			idle: agentCounts?.idle ?? 0,
-			working: agentCounts?.working ?? 0,
-			blocked: agentCounts?.blocked ?? 0,
-			error: agentCounts?.error ?? 0
-		},
-		clients: clientCounts?.count ?? 0
-	};
-}
-/**
-* List agents with active runtime state.
-* When scope is provided, filters to agents visible to the member.
-*/
-async function listAgentsWithRuntime(db, scope) {
-	if (!scope) return db.select().from(agentPresence).where(isNotNull(agentPresence.runtimeState));
-	return db.select({
-		agentId: agentPresence.agentId,
-		status: agentPresence.status,
-		instanceId: agentPresence.instanceId,
-		connectedAt: agentPresence.connectedAt,
-		lastSeenAt: agentPresence.lastSeenAt,
-		clientId: agentPresence.clientId,
-		runtimeType: agentPresence.runtimeType,
-		runtimeVersion: agentPresence.runtimeVersion,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions,
-		totalSessions: agentPresence.totalSessions,
-		runtimeUpdatedAt: agentPresence.runtimeUpdatedAt,
-		type: agents.type
-	}).from(agentPresence).innerJoin(agents, eq(agentPresence.agentId, agents.uuid)).where(and(isNotNull(agentPresence.runtimeState), agentVisibilityCondition(scope.organizationId, scope.memberId)));
-}
-/**
-* Chat-first workspace — append-only post-fan-out projection.
-*
-* The single sanctioned extension point on the message hot path. Called
-* from `services/message.ts` AFTER existing fan-out completes, inside the
-* same transaction. Three responsibilities:
-*
-*   1. Mention propagation: increment `unread_mention_count` for mentioned
-*      speaking participants AND for watcher rows whose managed agent was
-*      mentioned. Sender row is excluded.
-*
-*   2. Chats projection: roll forward `chats.last_message_at`,
-*      `chats.last_message_preview`. Powers the conversation list cursor +
-*      sort + preview.
-*
-*   3. Realtime kick: fire-and-forget `pg_notify('chat_message_events', …)`
-*      so admin WS sockets can translate it into a `chat:message` frame.
-*      Failure is swallowed — durable persistence is the correctness path.
-*
-* Strict invariants (see docs/chat-first-workspace-product-design.md
-* "Risk Constraints"):
-*   - This module appends ONLY. Never edits existing fan-out / inbox /
-*     mention-extraction code.
-*   - Watchers (chat_subscriptions) are NEVER added to inbox_entries here.
-*     Their counters are bumped purely as a per-user red-dot signal.
-*   - Mention candidate set is `chat_participants` only; watchers are not
-*     direct `@`-mention targets.
-*/
-let dispatcher = null;
-function registerChatMessageDispatcher(fn) {
-	dispatcher = fn;
-}
-/**
-* Best-effort cross-process kick for the chat-first workspace. Call AFTER
-* the message transaction commits — never inside the tx. Failure logs +
-* drops; web reconnect refetches.
-*
-* Speakers also get an inbox NOTIFY through the existing path. They will
-* receive both, and the web client de-dupes naturally because both end up
-* invalidating the same query keys.
-*/
-function fireChatMessageKick(chatId, messageId) {
-	if (!dispatcher) return;
-	try {
-		dispatcher(chatId, messageId);
-	} catch {}
-}
-/**
-* Apply the post-fan-out projection. MUST be called inside the same
-* transaction as the message INSERT. Safe to call when `mentionedAgentIds`
-* is empty (degenerate case skips the mention UPDATEs).
-*/
-async function applyAfterFanOut(tx, input) {
-	const { chatId, senderId, mentionedAgentIds, contentPreview, messageCreatedAt } = input;
-	const previewClipped = contentPreview.length > 0 ? contentPreview.slice(0, 200) : null;
-	const ts = messageCreatedAt ?? /* @__PURE__ */ new Date();
-	await tx.update(chats).set({
-		lastMessageAt: ts,
-		lastMessagePreview: previewClipped
-	}).where(eq(chats.id, chatId));
-	if (mentionedAgentIds.length === 0) return;
-	await tx.update(chatParticipants).set({ unreadMentionCount: sql`${chatParticipants.unreadMentionCount} + 1` }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, mentionedAgentIds), ne(chatParticipants.agentId, senderId)));
-	const managerHumanAgentIds = (await tx.execute(sql`
-    SELECT DISTINCT m.agent_id AS human_agent_id
-      FROM agents a
-      JOIN members m ON m.id = a.manager_id
-     WHERE a.uuid IN ${makeUuidList(mentionedAgentIds)}
-       AND a.type <> 'human'
-       AND m.status = 'active'
-  `)).map((r) => r.human_agent_id);
-	if (managerHumanAgentIds.length === 0) return;
-	await tx.update(chatSubscriptions).set({ unreadMentionCount: sql`${chatSubscriptions.unreadMentionCount} + 1` }).where(and(eq(chatSubscriptions.chatId, chatId), inArray(chatSubscriptions.agentId, managerHumanAgentIds)));
-}
-/**
-* Build a parenthesised, comma-separated list of bound parameters: `(?, ?, ?)`.
-* Used in raw SQL where drizzle's `inArray` can't be directly applied (e.g.
-* inside a hand-rolled SELECT). Always called with a non-empty list — the
-* caller short-circuits the empty case.
-*/
-function makeUuidList(ids) {
-	return sql`(${sql.join(ids.map((id) => sql`${id}`), sql`, `)})`;
-}
-const log$4 = createLogger$1("message");
-async function sendMessage(db, chatId, senderId, data, options = {}) {
-	return withSpan("inbox.enqueue", messageAttrs({
-		chatId,
-		senderAgentId: senderId,
-		source: data.source ?? void 0
-	}), () => sendMessageInner(db, chatId, senderId, data, options));
-}
-async function sendMessageInner(db, chatId, senderId, data, options) {
-	const txResult = await db.transaction(async (tx) => {
-		const [participants, [chatRow], [senderRow]] = await Promise.all([
-			tx.select({
-				agentId: chatParticipants.agentId,
-				inboxId: agents.inboxId,
-				mode: chatParticipants.mode,
-				name: agents.name
-			}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId)),
-			tx.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1),
-			tx.select({
-				inboxId: agents.inboxId,
-				organizationId: agents.organizationId
-			}).from(agents).where(eq(agents.uuid, senderId)).limit(1)
-		]);
-		const chatType = chatRow?.type ?? null;
-		if (!senderRow) throw new NotFoundError(`Sender agent "${senderId}" not found`);
-		if (data.replyToInbox !== void 0 && data.replyToInbox !== null) {
-			if (senderRow.inboxId !== data.replyToInbox) throw new BadRequestError("replyToInbox must reference the sender's own inbox");
-		}
-		const incomingMeta = data.metadata ?? {};
-		const explicitMentionsRaw = incomingMeta.mentions;
-		const explicitMentions = Array.isArray(explicitMentionsRaw) ? explicitMentionsRaw.filter((m) => typeof m === "string") : [];
-		const contentText = typeof data.content === "string" ? data.content : "";
-		const resolved = contentText ? extractMentions(contentText, participants) : [];
-		const mergedMentions = [...new Set([...explicitMentions, ...resolved])];
-		const metadataToStore = mergedMentions.length > 0 ? {
-			...incomingMeta,
-			mentions: mergedMentions
-		} : incomingMeta;
-		if (options.enforceGroupMention && chatType === "group") {
-			if (mergedMentions.filter((id) => id !== senderId).length === 0) throw new BadRequestError("Sending to a group chat requires an explicit @mention. Use `agent send <name>` to message a single agent, or @<name> in the content to address one or more group members.");
-		}
-		let outboundContent = data.content;
-		if (options.normalizeMentionsInContent && typeof outboundContent === "string") {
-			const present = new Set(scanMentionTokens(outboundContent));
-			const missingNames = [];
-			for (const id of mergedMentions) {
-				if (id === senderId) continue;
-				const p = participants.find((q) => q.agentId === id);
-				if (!p?.name) continue;
-				if (present.has(p.name.toLowerCase())) continue;
-				missingNames.push(p.name);
-			}
-			if (missingNames.length > 0) {
-				const prefix = missingNames.map((n) => `@${n}`).join(" ");
-				outboundContent = outboundContent.length > 0 ? `${prefix} ${outboundContent}` : prefix;
-			}
-		}
-		const messageId = randomUUID();
-		const [msg] = await tx.insert(messages).values({
-			id: messageId,
-			chatId,
-			senderId,
-			format: data.format,
-			content: outboundContent,
-			metadata: metadataToStore,
-			replyToInbox: data.replyToInbox ?? null,
-			replyToChat: data.replyToChat ?? null,
-			inReplyTo: data.inReplyTo ?? null,
-			source: data.source ?? null
-		}).returning();
-		const mentionSet = new Set(mergedMentions);
-		const fanout = participants.filter((p) => p.agentId !== senderId).map((p) => ({
-			agentId: p.agentId,
-			inboxId: p.inboxId,
-			notify: p.mode !== "mention_only" || mentionSet.has(p.agentId)
-		}));
-		if (fanout.length > 0) await tx.insert(inboxEntries).values(fanout.map((f) => ({
-			inboxId: f.inboxId,
-			messageId,
-			chatId,
-			notify: f.notify
-		})));
-		const notified = fanout.filter((f) => f.notify);
-		const recipients = notified.map((f) => f.inboxId);
-		const recipientAgentIds = notified.map((f) => f.agentId);
-		if (data.inReplyTo) {
-			const [original] = await tx.select({
-				replyToInbox: messages.replyToInbox,
-				replyToChat: messages.replyToChat
-			}).from(messages).where(eq(messages.id, data.inReplyTo)).limit(1);
-			if (original?.replyToInbox && original?.replyToChat) {
-				await tx.insert(inboxEntries).values({
-					inboxId: original.replyToInbox,
-					messageId,
-					chatId: original.replyToChat
-				}).onConflictDoNothing();
-				if (!recipients.includes(original.replyToInbox)) recipients.push(original.replyToInbox);
-			}
-		}
-		await tx.update(chats).set({ updatedAt: /* @__PURE__ */ new Date() }).where(eq(chats.id, chatId));
-		if (!msg) throw new Error("Unexpected: INSERT RETURNING produced no row");
-		const previewText = typeof outboundContent === "string" ? outboundContent.trim() : "";
-		await applyAfterFanOut(tx, {
-			chatId,
-			messageId: msg.id,
-			senderId,
-			mentionedAgentIds: mergedMentions,
-			contentPreview: previewText,
-			messageCreatedAt: msg.createdAt
-		});
-		return {
-			message: msg,
-			recipients,
-			recipientAgentIds,
-			organizationId: senderRow.organizationId
-		};
-	});
-	const settled = await Promise.allSettled(txResult.recipientAgentIds.map((agentId) => upsertSessionState(db, agentId, chatId, "active", txResult.organizationId, void 0, { touchPresenceLastSeen: false })));
-	for (let i = 0; i < settled.length; i++) {
-		const r = settled[i];
-		if (r?.status === "rejected") log$4.error({
-			err: r.reason,
-			chatId,
-			agentId: txResult.recipientAgentIds[i]
-		}, "predictive session activation failed");
-	}
-	fireChatMessageKick(chatId, txResult.message.id);
-	return {
-		message: txResult.message,
-		recipients: txResult.recipients
-	};
-}
-async function sendToAgent$1(db, senderUuid, targetName, data) {
-	const [sender] = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, senderUuid)).limit(1);
-	if (!sender) throw new NotFoundError(`Agent "${senderUuid}" not found`);
-	const [target] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, sender.organizationId), eq(agents.name, targetName), ne(agents.status, "deleted"))).limit(1);
-	if (!target) throw new NotFoundError(`Agent "${targetName}" not found${/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(targetName) ? " — `agent send` expects an agent NAME, not a uuid. Run `first-tree-hub agent list` to see available names." : ""}`);
-	const chat = await findOrCreateDirectChat(db, senderUuid, target.uuid);
-	const incomingMeta = data.metadata ?? {};
-	const existingMentionsRaw = incomingMeta.mentions;
-	const existingMentions = Array.isArray(existingMentionsRaw) ? existingMentionsRaw.filter((m) => typeof m === "string") : [];
-	const mergedMentions = existingMentions.includes(target.uuid) ? existingMentions : [...existingMentions, target.uuid];
-	const metadata = {
-		...incomingMeta,
-		mentions: mergedMentions
-	};
-	return sendMessage(db, chat.id, senderUuid, {
-		format: data.format,
-		content: data.content,
-		metadata,
-		replyToInbox: data.replyToInbox,
-		replyToChat: data.replyToChat,
-		source: data.source
-	}, { normalizeMentionsInContent: true });
-}
-async function editMessage(db, chatId, messageId, senderId, data) {
-	const [msg] = await db.select().from(messages).where(eq(messages.id, messageId)).limit(1);
-	if (!msg) throw new NotFoundError(`Message "${messageId}" not found`);
-	if (msg.chatId !== chatId) throw new NotFoundError(`Message "${messageId}" not found in this chat`);
-	if (msg.senderId !== senderId) throw new ForbiddenError("Only the sender can edit a message");
-	const setClause = {};
-	if (data.format !== void 0) setClause.format = data.format;
-	if (data.content !== void 0) setClause.content = data.content;
-	const meta = msg.metadata ?? {};
-	meta.editedAt = (/* @__PURE__ */ new Date()).toISOString();
-	setClause.metadata = meta;
-	const [updated] = await db.update(messages).set(setClause).where(eq(messages.id, messageId)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return updated;
-}
-async function listMessages(db, chatId, limit, cursor) {
-	const where = cursor ? and(eq(messages.chatId, chatId), lt(messages.createdAt, new Date(cursor))) : eq(messages.chatId, chatId);
-	const rows = await db.select().from(messages).where(where).orderBy(desc(messages.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
-	};
-}
-const INBOX_CHANNEL = "inbox_notifications";
-const CONFIG_CHANNEL = "config_changes";
-const SESSION_STATE_CHANNEL = "session_state_changes";
-const RUNTIME_STATE_CHANNEL = "runtime_state_changes";
-/**
-* Chat-first workspace cross-process kick. Carries `<chatId>:<messageId>`.
-* Lets admin WS sockets translate every chat message (speaker AND watcher
-* audience) into a `chat:message` frame, without being coupled to the
-* inbox NOTIFY path that only reaches speakers.
-*/
-const CHAT_MESSAGE_CHANNEL = "chat_message_events";
-function createNotifier(listenClient) {
-	const subscriptions = /* @__PURE__ */ new Map();
-	const configChangeHandlers = [];
-	const sessionStateChangeHandlers = [];
-	const runtimeStateChangeHandlers = [];
-	const chatMessageHandlers = [];
-	let unlistenInboxFn = null;
-	let unlistenConfigFn = null;
-	let unlistenSessionStateFn = null;
-	let unlistenRuntimeStateFn = null;
-	let unlistenChatMessageFn = null;
-	function handleNotification(payload) {
-		const sepIdx = payload.indexOf(":");
-		if (sepIdx === -1) return;
-		const inboxId = payload.slice(0, sepIdx);
-		const messageId = payload.slice(sepIdx + 1);
-		const sockets = subscriptions.get(inboxId);
-		if (!sockets) return;
-		const doorbellFrame = JSON.stringify({
-			type: "new_message",
-			inboxId,
-			messageId
-		});
-		for (const [ws, pushHandler] of sockets) {
-			if (ws.readyState !== ws.OPEN) continue;
-			if (pushHandler) Promise.resolve(pushHandler(messageId)).catch(() => {});
-			else ws.send(doorbellFrame);
-		}
-	}
-	return {
-		subscribe(inboxId, ws, pushHandler) {
-			let map = subscriptions.get(inboxId);
-			if (!map) {
-				map = /* @__PURE__ */ new Map();
-				subscriptions.set(inboxId, map);
-			}
-			map.set(ws, pushHandler ?? null);
-		},
-		unsubscribe(inboxId, ws) {
-			const map = subscriptions.get(inboxId);
-			if (map) {
-				map.delete(ws);
-				if (map.size === 0) subscriptions.delete(inboxId);
-			}
-		},
-		async notify(inboxId, messageId) {
-			try {
-				await listenClient`SELECT pg_notify(${INBOX_CHANNEL}, ${`${inboxId}:${messageId}`})`;
-			} catch {}
-		},
-		async notifyConfigChange(configType) {
-			try {
-				await listenClient`SELECT pg_notify(${CONFIG_CHANNEL}, ${configType})`;
-			} catch {}
-		},
-		async notifySessionStateChange(agentId, chatId, state, organizationId) {
-			try {
-				await listenClient`SELECT pg_notify(${SESSION_STATE_CHANNEL}, ${`${agentId}:${chatId}:${state}:${organizationId}`})`;
-			} catch {}
-		},
-		async notifyRuntimeStateChange(agentId, state, organizationId) {
-			try {
-				await listenClient`SELECT pg_notify(${RUNTIME_STATE_CHANNEL}, ${`${agentId}:${state}:${organizationId}`})`;
-			} catch {}
-		},
-		async notifyChatMessage(chatId, messageId) {
-			try {
-				await listenClient`SELECT pg_notify(${CHAT_MESSAGE_CHANNEL}, ${`${chatId}:${messageId}`})`;
-			} catch {}
-		},
-		async pushFrameToInbox(inboxId, frame) {
-			const map = subscriptions.get(inboxId);
-			if (!map) return 0;
-			let queued = 0;
-			const pending = [];
-			for (const ws of map.keys()) {
-				if (ws.readyState !== ws.OPEN) continue;
-				pending.push(new Promise((resolve) => {
-					ws.send(frame, (err) => {
-						if (!err) queued += 1;
-						resolve();
-					});
-				}));
-			}
-			await Promise.all(pending);
-			return queued;
-		},
-		onConfigChange(handler) {
-			configChangeHandlers.push(handler);
-		},
-		onSessionStateChange(handler) {
-			sessionStateChangeHandlers.push(handler);
-		},
-		onRuntimeStateChange(handler) {
-			runtimeStateChangeHandlers.push(handler);
-		},
-		onChatMessage(handler) {
-			chatMessageHandlers.push(handler);
-		},
-		async start() {
-			unlistenInboxFn = (await listenClient.listen(INBOX_CHANNEL, (payload) => {
-				if (payload) handleNotification(payload);
-			})).unlisten;
-			unlistenConfigFn = (await listenClient.listen(CONFIG_CHANNEL, (payload) => {
-				if (payload) for (const handler of configChangeHandlers) handler(payload);
-			})).unlisten;
-			unlistenSessionStateFn = (await listenClient.listen(SESSION_STATE_CHANNEL, (payload) => {
-				if (payload) {
-					const firstSep = payload.indexOf(":");
-					const secondSep = payload.indexOf(":", firstSep + 1);
-					const thirdSep = payload.indexOf(":", secondSep + 1);
-					if (firstSep > 0 && secondSep > firstSep && thirdSep > secondSep) {
-						const agentId = payload.slice(0, firstSep);
-						const chatId = payload.slice(firstSep + 1, secondSep);
-						const state = payload.slice(secondSep + 1, thirdSep);
-						const organizationId = payload.slice(thirdSep + 1);
-						for (const handler of sessionStateChangeHandlers) handler({
-							agentId,
-							chatId,
-							state,
-							organizationId
-						});
-					}
-				}
-			})).unlisten;
-			unlistenRuntimeStateFn = (await listenClient.listen(RUNTIME_STATE_CHANNEL, (payload) => {
-				if (payload) {
-					const firstSep = payload.indexOf(":");
-					const secondSep = payload.indexOf(":", firstSep + 1);
-					if (firstSep > 0 && secondSep > firstSep) {
-						const agentId = payload.slice(0, firstSep);
-						const state = payload.slice(firstSep + 1, secondSep);
-						const organizationId = payload.slice(secondSep + 1);
-						for (const handler of runtimeStateChangeHandlers) handler({
-							agentId,
-							state,
-							organizationId
-						});
-					}
-				}
-			})).unlisten;
-			unlistenChatMessageFn = (await listenClient.listen(CHAT_MESSAGE_CHANNEL, (payload) => {
-				if (!payload) return;
-				const sep = payload.indexOf(":");
-				if (sep <= 0) return;
-				const chatId = payload.slice(0, sep);
-				const messageId = payload.slice(sep + 1);
-				for (const handler of chatMessageHandlers) try {
-					handler({
-						chatId,
-						messageId
-					});
-				} catch {}
-			})).unlisten;
-		},
-		async stop() {
-			if (unlistenInboxFn) {
-				await unlistenInboxFn();
-				unlistenInboxFn = null;
-			}
-			if (unlistenConfigFn) {
-				await unlistenConfigFn();
-				unlistenConfigFn = null;
-			}
-			if (unlistenSessionStateFn) {
-				await unlistenSessionStateFn();
-				unlistenSessionStateFn = null;
-			}
-			if (unlistenRuntimeStateFn) {
-				await unlistenRuntimeStateFn();
-				unlistenRuntimeStateFn = null;
-			}
-			if (unlistenChatMessageFn) {
-				await unlistenChatMessageFn();
-				unlistenChatMessageFn = null;
-			}
-		}
-	};
-}
-/** Fire-and-forget: notify all recipients that a new message is available. */
-function notifyRecipients(notifier, recipients, messageId) {
-	for (const inboxId of recipients) notifier.notify(inboxId, messageId).catch(() => {});
-}
 const log$3 = createLogger$1("AgentMessages");
 const editMessageSchema = z.object({
 	format: z.string().optional(),
@@ -15602,6 +14944,7 @@ async function transitionSessionState(db, agentId, chatId, target, from, organiz
 			totalSessions: counts?.total ?? 0,
 			lastSeenAt: now
 		}).where(eq(agentPresence.agentId, agentId));
+		if (target === "evicted") await markSupersededByChat(tx, chatId, "chat_archived");
 		finalState = target;
 		transitioned = true;
 	});
@@ -16088,6 +15431,28 @@ async function chatRoutes(app) {
 			createdAt: result.message.createdAt.toISOString()
 		});
 	});
+	/**
+	* POST /chats/:chatId/questions/:correlationId/answer — submit an answer
+	* to a pending agent-emitted question. Caller speaks as their human agent;
+	* the answer is fanned out as a `format=question_answer` message back to
+	* the original agent's inbox so the in-flight `canUseTool` callback can
+	* resolve. Returns 409 if already answered or superseded.
+	*/
+	app.post("/:chatId/questions/:correlationId/answer", { config: { otelRecordBody: false } }, async (request, reply) => {
+		const { scope } = await requireChatAccess(request, app.db);
+		const body = submitQuestionAnswerSchema.parse(request.body);
+		await ensureParticipant$1(app.db, request.params.chatId, scope.humanAgentId);
+		const result = await submitAnswer(app.db, app.notifier, {
+			correlationId: request.params.correlationId,
+			chatId: request.params.chatId,
+			submitterAgentId: scope.humanAgentId,
+			answers: body.answers
+		});
+		return reply.status(201).send({
+			correlationId: request.params.correlationId,
+			messageId: result.messageId
+		});
+	});
 	/** POST /chats/:chatId/read — chat-first-workspace read cursor. Idempotent. */
 	app.post("/:chatId/read", async (request) => {
 		const { scope } = await requireChatAccess(request, app.db);
@@ -16269,6 +15634,11 @@ function applyInputDelta(namespace, current, input, encryptionKey) {
 		const inp = input;
 		return { webhookSecretCipher: inp.webhookSecret === void 0 ? cur.webhookSecretCipher : inp.webhookSecret === null ? void 0 : ensureEncrypted(inp.webhookSecret, encryptionKey) };
 	}
+	if (namespace === "source_repos") {
+		const cur = current;
+		const inp = input;
+		return { repos: inp.repos === void 0 ? cur.repos : inp.repos };
+	}
 	return namespace;
 }
 /**
@@ -16292,6 +15662,7 @@ function toOutput(namespace, storage) {
 			webhookUrl: ""
 		};
 	}
+	if (namespace === "source_repos") return { repos: storage.repos };
 	return namespace;
 }
 /**
@@ -16366,19 +15737,26 @@ async function deleteOrgSetting(db, orgId, namespace) {
 	await db.delete(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace)));
 }
 /**
-* Resolve the caller's "primary org" — the earliest-joined active
-* membership for the given user. Used by user-scoped routes that
-* historically didn't take an `:orgId` (e.g. `/context-tree/info`) so
-* the SDK call shape doesn't have to change while the per-tenant lookup
-* still happens correctly.
+* Resolve the caller's "primary org" for user-scoped routes that
+* historically didn't take an `:orgId` (e.g. `/context-tree/info`,
+* `/context-tree/snapshot`).
 *
-* Returns `null` for users with no active membership. Tightening to
-* "explicit org selector" is a future change-once-multi-org-clients-arrive
-* concern. (#7)
+* Uses the same `pickDefaultMembership` helper that `/me` uses to compute
+* `defaultOrganizationId` (most-recently-active membership, id desc tie-break).
+* That guarantees the org `/me` reports as the default is the same org these
+* server-internal lookups read from — earlier the two sides used opposite
+* orderings (`/me` desc, this fn asc), so multi-org users saw `/info`
+* resolve to a different (often unconfigured) org than the one Team Settings
+* was edited for.
+*
+* Returns `null` for users with no active membership.
 */
 async function resolveUserPrimaryOrgId(db, userId) {
-	const [row] = await db.select({ organizationId: members.organizationId }).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))).orderBy(asc(members.createdAt)).limit(1);
-	return row?.organizationId ?? null;
+	return pickDefaultMembership(await db.select({
+		id: members.id,
+		organizationId: members.organizationId,
+		createdAt: members.createdAt
+	}).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))))?.organizationId ?? null;
 }
 async function contextTreeInfoRoutes(app) {
 	/**
@@ -17311,7 +16689,7 @@ function ghostNodeId(path) {
 function toPosix(path) {
 	return sep === "/" ? path : path.split(sep).join("/");
 }
-const querySchema = z.object({ window: z.enum([
+const querySchema$1 = z.object({ window: z.enum([
 	"1d",
 	"7d",
 	"30d"
@@ -17322,7 +16700,7 @@ async function contextTreeSnapshotRoutes(app) {
 		timeWindow: "1 minute",
 		keyGenerator: (request) => request.user?.userId ?? request.ip
 	} } }, async (request) => {
-		const query = querySchema.parse(request.query);
+		const query = querySchema$1.parse(request.query);
 		const { userId } = requireUser(request);
 		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
 		const binding = orgId ? await getOrgContextTree(app.db, orgId) : {};
@@ -17460,7 +16838,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-C299fxkP-BR-niZyp.mjs");
+	const { previewInvitation } = await import("./invitation-C299fxkP-B89eqDos.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -17640,7 +17018,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-D_TRJFZY-LbgJF47t.mjs");
+		const { listMyPinnedAgents } = await import("./client-WubcgX-W-B2bOvgJ1.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -18114,6 +17492,34 @@ async function orgClientRoutes(app) {
 		}));
 	});
 }
+const querySchema = z.object({ window: z.enum([
+	"1d",
+	"7d",
+	"30d"
+]).optional() }).strict();
+async function orgContextTreeSnapshotRoutes(app) {
+	app.get("/snapshot", { config: { rateLimit: {
+		max: app.config.rateLimit?.contextTreeSnapshotMax ?? 6,
+		timeWindow: "1 minute",
+		keyGenerator: (request) => `${request.user?.userId ?? request.ip}:${orgIdParam(request.params) ?? "unknown-org"}`
+	} } }, async (request) => {
+		const query = querySchema.parse(request.query);
+		const scope = await requireOrgMembership(request, app.db);
+		const binding = await getOrgContextTree(app.db, scope.organizationId);
+		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		const snapshot = await getContextTreeSnapshot({
+			...binding,
+			githubToken
+		}, query.window ?? "7d");
+		return contextTreeSnapshotSchema.parse(snapshot);
+	});
+}
+function orgIdParam(params) {
+	if (!params || typeof params !== "object") return null;
+	if (!("orgId" in params)) return null;
+	const orgId = params.orgId;
+	return typeof orgId === "string" ? orgId : null;
+}
 /**
 * Class B — `/api/v1/orgs/:orgId` itself: read & rename the org row.
 * Replaces the deleted `/admin/organizations/:id` GET/PATCH pair.
@@ -18371,14 +17777,18 @@ async function orgSessionRoutes(app) {
 * adding a new config group only requires registering it there — no new
 * route file.
 *
-* All three verbs are admin-only. Even GET, because the masked output
-* still leaks "configured / not-configured" booleans for secret fields,
-* which we don't want to expose to non-admin members.
+* GET gating is per-namespace via `readPolicy` in the registry: namespaces
+* with no secret fields (`context_tree`, `source_repos`) are readable by
+* any active org member, so an invitee can see what tree and repos the
+* team is bound to before joining the chat. Namespaces whose masked output
+* still leaks a `…Configured` boolean (`github_integration`) stay
+* admin-only. PUT and DELETE are always admin-only regardless of
+* namespace — non-admins must never mutate org-wide config.
 */
 async function orgSettingsRoutes(app) {
 	app.get("/:namespace", async (request) => {
-		const scope = await requireOrgAdmin(request, app.db);
 		const namespace = parseNamespace(request.params.namespace);
+		const scope = ORG_SETTINGS_NAMESPACES$1[namespace].readPolicy === "member" ? await requireOrgMembership(request, app.db) : await requireOrgAdmin(request, app.db);
 		return enrichOutput(namespace, await getOrgSetting(app.db, scope.organizationId, namespace), scope.organizationId, app.config.server.publicUrl);
 	});
 	app.put("/:namespace", { config: { otelRecordBody: true } }, async (request) => {
@@ -18902,18 +18312,43 @@ async function githubWebhookRoutes(app) {
 			ok: true,
 			event: "ping"
 		});
-		if (eventType === "issues") return handleIssuesEvent(app, orgId, eventType, payload, reply);
-		if (eventType === "issue_comment") return handleIssueCommentEvent(app, orgId, eventType, payload, reply);
-		let mentionsRouted = 0;
-		const allowedActions = MENTION_ACTIONS[eventType];
-		const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
-		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
-		return reply.status(200).send({
-			ok: true,
-			event: eventType,
-			handled: mentionsRouted > 0,
-			mentionsRouted
-		});
+		const deliveryHeader = request.headers["x-github-delivery"];
+		const deliveryId = typeof deliveryHeader === "string" && deliveryHeader.length > 0 ? deliveryHeader : null;
+		if (deliveryId) {
+			if (!await claimEvent(app.db, deliveryId, "github")) {
+				log$1.info({
+					deliveryId,
+					eventType
+				}, "duplicate GitHub delivery, skipping");
+				return reply.status(200).send({
+					ok: true,
+					event: eventType,
+					deduped: true
+				});
+			}
+		}
+		try {
+			if (eventType === "issues") return await handleIssuesEvent(app, orgId, eventType, payload, reply);
+			if (eventType === "issue_comment") return await handleIssueCommentEvent(app, orgId, eventType, payload, reply);
+			let mentionsRouted = 0;
+			const allowedActions = MENTION_ACTIONS[eventType];
+			const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
+			if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				handled: mentionsRouted > 0,
+				mentionsRouted
+			});
+		} catch (err) {
+			if (deliveryId) await unclaimEvent(app.db, deliveryId, "github").catch((unclaimErr) => {
+				log$1.error({
+					err: unclaimErr,
+					deliveryId
+				}, "failed to unclaim GitHub delivery after handler error");
+			});
+			throw err;
+		}
 	});
 }
 /** Extract text body from any GitHub webhook event for @mention scanning. */
@@ -19218,6 +18653,7 @@ var schema_exports = /* @__PURE__ */ __exportAll({
 	notifications: () => notifications,
 	organizationSettings: () => organizationSettings,
 	organizations: () => organizations,
+	pendingQuestions: () => pendingQuestions,
 	serverInstances: () => serverInstances,
 	sessionEvents: () => sessionEvents,
 	taskChats: () => taskChats,
@@ -20721,6 +20157,7 @@ async function buildApp(config) {
 			await scope.register(orgInvitationRoutes, { prefix: "/invitations" });
 			await scope.register(orgMemberRoutes, { prefix: "/members" });
 			await scope.register(orgSettingsRoutes, { prefix: "/settings" });
+			await scope.register(orgContextTreeSnapshotRoutes, { prefix: "/context-tree" });
 		}), { prefix: "/orgs/:orgId" });
 		await api.register(orgWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/orgs/:orgId/ws" });
 		await api.register(userScope("resourcesScope", async (scope) => {
@@ -20879,7 +20316,7 @@ async function startServer(options) {
 		instanceId: `srv_${randomUUID().slice(0, 8)}`,
 		commandVersion: COMMAND_VERSION
 	};
-	const { initTelemetry, shutdownTelemetry } = await import("./observability-CYsdAcoF.mjs");
+	const { initTelemetry, shutdownTelemetry } = await import("./observability-eLA9iNK_.mjs");
 	await initTelemetry(serverConfig.observability.tracing, config.instanceId);
 	const app = await buildApp(config);
 	const SHUTDOWN_FORCE_EXIT_MS = 8e3;