@agent-team-foundation/first-tree-hub 0.12.0 → 0.12.3

package/dist/{saas-connect-Drn9g6cR.mjs → saas-connect-_lNV0Liy.mjs}

@@ -2,10 +2,10 @@ import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw
 import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
 import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C_K2CKXC.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as loginSchema, A as createAgentSchema, At as updateTaskStatusSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateAdapterConfigSchema, D as contextTreeSnapshotSchema, Dt as updateClientCapabilitiesSchema, E as connectTokenExchangeSchema, Et as updateChatSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as updateMemberSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as taskListQuerySchema, T as clientRegisterSchema, Tt as updateAgentSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionEventSchema$1, a as AGENT_STATUSES, b as agentBindRequestSchema, bt as stripCode, ct as refreshTokenSchema, d as TASK_CREATOR_TYPES, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as selfServiceFeishuBotSchema, g as addMeChatParticipantsSchema, gt as sessionEventMessageSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionCompletionMessageSchema, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, jt as wsAuthFrameSchema, k as createAdapterMappingSchema, kt as updateOrganizationSchema, l as MENTION_REGEX, lt as runtimeStateMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sendToAgentSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, p as TASK_STATUSES, pt as sendMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as rebindAgentSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as safeRedirectPath, v as adminCreateTaskSchema, vt as sessionReconcileRequestSchema, wt as updateAgentRuntimeConfigSchema, x as agentPinnedMessageSchema$1, xt as submitQuestionAnswerSchema, y as adminUpdateTaskSchema, yt as sessionStateMessageSchema } from "./dist-UOZ6vMUW.mjs";
+import { $ as loginSchema, A as createAgentSchema, At as updateTaskStatusSchema, B as githubCallbackQuerySchema, C as agentTypeSchema$1, Ct as updateAdapterConfigSchema, D as contextTreeSnapshotSchema, Dt as updateClientCapabilitiesSchema, E as connectTokenExchangeSchema, Et as updateChatSchema, F as createTaskSchema, G as inboxDeliverFrameSchema$1, H as githubStartQuerySchema, I as defaultRuntimeConfigPayload, J as isRedactedEnvValue, K as inboxPollQuerySchema, L as delegateFeishuUserSchema, M as createMeChatSchema, N as createMemberSchema, O as createAdapterConfigSchema, Ot as updateMemberSchema, P as createOrgFromMeSchema, Q as listMeChatsQuerySchema, R as dryRunAgentRuntimeConfigSchema, S as agentRuntimeConfigPayloadSchema$1, St as taskListQuerySchema, T as clientRegisterSchema, Tt as updateAgentSchema, U as imageInlineContentSchema, V as githubDevCallbackQuerySchema, W as inboxAckFrameSchema, X as joinByInvitationSchema, Y as isReservedAgentName$1, Z as linkTaskChatSchema, _ as addParticipantSchema, _t as sessionEventSchema$1, a as AGENT_STATUSES, b as agentBindRequestSchema, bt as stripCode, ct as refreshTokenSchema, d as TASK_CREATOR_TYPES, et as messageSourceSchema$1, f as TASK_HEALTH_SIGNALS, ft as selfServiceFeishuBotSchema, g as addMeChatParticipantsSchema, gt as sessionEventMessageSchema, h as WS_AUTH_FRAME_TIMEOUT_MS, ht as sessionCompletionMessageSchema, i as AGENT_SOURCES, it as patchOnboardingSchema, j as createChatSchema, jt as wsAuthFrameSchema, k as createAdapterMappingSchema, kt as updateOrganizationSchema, l as MENTION_REGEX, lt as runtimeStateMessageSchema, m as TASK_TERMINAL_STATUSES, mt as sendToAgentSchema, n as AGENT_NAME_REGEX$1, nt as onboardingEventSchema, o as AGENT_TYPES, p as TASK_STATUSES, pt as sendMessageSchema, q as isOrgSettingNamespace, r as AGENT_SELECTOR_HEADER$1, rt as paginationQuerySchema, s as AGENT_VISIBILITY, st as rebindAgentSchema, t as AGENT_BIND_REJECT_REASONS, tt as notificationQuerySchema, u as ORG_SETTINGS_NAMESPACES$1, ut as safeRedirectPath, v as adminCreateTaskSchema, vt as sessionReconcileRequestSchema, wt as updateAgentRuntimeConfigSchema, x as agentPinnedMessageSchema$1, xt as submitQuestionAnswerSchema, y as adminUpdateTaskSchema, yt as sessionStateMessageSchema } from "./dist-DHHd2dar.mjs";
 import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
 import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { $ as pendingQuestions, A as heartbeatClient, B as listAgentsWithRuntime, C as findOrCreateDirectChat, D as getClient, E as getChatDetail, F as joinChat, G as listClientsForOrgAdmin, H as listChats, I as leaveAsParticipant, J as markStaleAgents, K as listMessages, L as leaveChat, M as inboxEntries, N as invalidateChatAudience, O as getOnlineCount, P as joinAsParticipant, Q as notifyRecipients, R as listActiveAgentsPinnedToClient, S as ensureParticipant$1, T as getCachedAudience, U as listChatsForMember, V as listChatParticipantsWithNames, W as listClients, X as members, Y as markSupersededByChat, Z as messages, _ as createNotifier, _t as updateClientCapabilities, a as agents, at as removeParticipant, b as editMessage, c as bindAgent, ct as retireClient, d as chats, dt as serverInstances, et as recomputeChatWatchers, f as claimClient, ft as setOffline, g as createChat, gt as unbindAgent, h as clients, ht as touchAgent, i as agentVisibilityCondition, it as registerClient, j as heartbeatInstance, k as getPresence, l as chatParticipants, lt as sendMessage, m as cleanupStalePresence, mt as submitAnswer, n as agentChatSessions, nt as recomputeWatchersForMember, o as assertClientOwner, ot as resetActivity, p as cleanupStaleClients, pt as setRuntimeState, r as agentPresence, rt as registerChatMessageDispatcher, s as assertParticipant, st as resolveChatMembership, t as addParticipant, tt as recomputeWatchersForAgent, u as chatSubscriptions, ut as sendToAgent$1, v as deriveAuthState, vt as upsertSessionState, w as getActivityOverview, x as ensureCanJoin, y as disconnectClient, z as listAgentsManagedByUser } from "./client-BPUdUaZT-CyCrpCTP.mjs";
+import { $ as pendingQuestions, A as heartbeatClient, B as listAgentsWithRuntime, C as findOrCreateDirectChat, D as getClient, E as getChatDetail, F as joinChat, G as listClientsForOrgAdmin, H as listChats, I as leaveAsParticipant, J as markStaleAgents, K as listMessages, L as leaveChat, M as inboxEntries, N as invalidateChatAudience, O as getOnlineCount, P as joinAsParticipant, Q as notifyRecipients, R as listActiveAgentsPinnedToClient, S as ensureParticipant$1, T as getCachedAudience, U as listChatsForMember, V as listChatParticipantsWithNames, W as listClients, X as members, Y as markSupersededByChat, Z as messages, _ as createNotifier, _t as updateClientCapabilities, a as agents, at as removeParticipant, b as editMessage, c as bindAgent, ct as retireClient, d as chats, dt as serverInstances, et as recomputeChatWatchers, f as claimClient, ft as setOffline, g as createChat, gt as unbindAgent, h as clients, ht as touchAgent, i as agentVisibilityCondition, it as registerClient, j as heartbeatInstance, k as getPresence, l as chatParticipants, lt as sendMessage, m as cleanupStalePresence, mt as submitAnswer, n as agentChatSessions, nt as recomputeWatchersForMember, o as assertClientOwner, ot as resetActivity, p as cleanupStaleClients, pt as setRuntimeState, r as agentPresence, rt as registerChatMessageDispatcher, s as assertParticipant, st as resolveChatMembership, t as addParticipant, tt as recomputeWatchersForAgent, u as chatSubscriptions, ut as sendToAgent$1, v as deriveAuthState, vt as upsertSessionState, w as getActivityOverview, x as ensureCanJoin, y as disconnectClient, z as listAgentsManagedByUser } from "./client-D1TDiik_-gxtXN9bj.mjs";
 import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Bg0TRiyx-BsZH4GCS.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
@@ -1365,26 +1365,51 @@ z.object({
 *   2. Add a key to `ORG_SETTINGS_NAMESPACES`.
 *   3. Done. No DB migration, no new API route.
 */
-const httpsRepoUrlSchema = z.string().url().refine((value) => {
+const SCP_LIKE_SSH_RE = /^(?:[A-Za-z0-9_.-]+@)?[A-Za-z0-9.-]+:(?!\d+(?:\/|$))[^/:@\s][^:@\s]*$/;
+function isScpLikeSshUrl(value) {
+	if (value.includes("://")) return false;
+	return SCP_LIKE_SSH_RE.test(value);
+}
+const repoUrlSchema = z.string().min(1).superRefine((value, ctx) => {
+	if (isScpLikeSshUrl(value)) return;
+	let url;
 	try {
-		return new URL(value).protocol === "https:";
+		url = new URL(value);
 	} catch {
-		return false;
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must be HTTPS, SSH (ssh://...), or scp-like (git@host:path)."
+		});
+		return;
 	}
-}, { message: "Repo URL must use HTTPS." }).refine((value) => {
-	try {
-		const url = new URL(value);
-		return url.username.length === 0 && url.password.length === 0;
-	} catch {
-		return false;
+	if (url.protocol !== "https:" && url.protocol !== "ssh:") {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must use HTTPS or SSH."
+		});
+		return;
 	}
-}, { message: "Repo URL must not include credentials." });
+	if (url.password.length > 0) {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must not include credentials."
+		});
+		return;
+	}
+	if (url.protocol === "https:" && url.username.length > 0) {
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: "Repo URL must not include credentials."
+		});
+		return;
+	}
+});
 const orgContextTreeStorageSchema = z.object({
-	repo: httpsRepoUrlSchema.optional(),
+	repo: repoUrlSchema.optional(),
 	branch: z.string().default("main")
 });
 const orgContextTreeInputSchema = z.object({
-	repo: httpsRepoUrlSchema.nullish(),
+	repo: repoUrlSchema.nullish(),
 	branch: z.string().min(1).nullish()
 });
 const orgContextTreeOutputSchema = z.object({
@@ -1398,11 +1423,11 @@ const orgGithubIntegrationOutputSchema = z.object({
 	webhookUrl: z.string()
 });
 const orgSourceReposStorageSchema = z.object({ repos: z.array(z.object({
-	url: httpsRepoUrlSchema,
+	url: repoUrlSchema,
 	defaultBranch: z.string().optional()
 })).default([]) });
 const orgSourceReposInputSchema = z.object({ repos: z.array(z.object({
-	url: httpsRepoUrlSchema,
+	url: repoUrlSchema,
 	defaultBranch: z.string().min(1).optional()
 })).optional() });
 const orgSourceReposOutputSchema = z.object({ repos: z.array(z.object({
@@ -2923,8 +2948,6 @@ function installFirstTreeIntegration(options) {
 	const integrateArgs = [
 		"tree",
 		"integrate",
-		"--source-path",
-		workspacePath,
 		"--tree-path",
 		contextTreePath,
 		"--mode",
@@ -2959,8 +2982,13 @@ function installFirstTreeIntegration(options) {
 		} catch (err) {
 			const msg = err instanceof Error ? err.message : String(err);
 			const binaryMissing = /ENOENT|not found|command not found/i.test(msg);
+			const unsupportedByThisCli = /unknown (?:option|command|argument)|unrecognized option/i.test(msg);
+			const shouldRetry = binaryMissing || unsupportedByThisCli;
 			const isLastAttempt = index === attempts.length - 1;
-			if (binaryMissing && !isLastAttempt) continue;
+			if (shouldRetry && !isLastAttempt) {
+				log(`First-tree integration via ${attempt.label} unusable; falling back: ${msg.slice(0, 200)}`);
+				continue;
+			}
 			log(`First-tree integration skipped (${attempt.label}): ${msg.slice(0, 200)}`);
 			return false;
 		}
@@ -3029,8 +3057,65 @@ For content with quotes, \`$\`, backticks, or newlines, prefer stdin to avoid sh
 const DEFAULT_CLONE_TIMEOUT_MS = 300 * 1e3;
 const FETCH_REFSPEC = "+refs/heads/*:refs/remotes/origin/*";
 const SESSION_BRANCH_PREFIX = "hub-session";
+/**
+* Hash a repo URL into the mirror directory name.
+*
+* The hash is computed over a *canonical* form (host + path, lowercased
+* host, no `.git` suffix, no leading/trailing slash, no protocol, no
+* `user@` prefix), so the same upstream repo addressed via any of the
+* accepted forms (HTTPS, `ssh://`, or scp-like) all land in the same
+* mirror dir. That matters because:
+*   - admins may write any of those three forms into `source_repos[].url`
+*     (the schema accepts all of them)
+*   - the `fetchOrigin` fallback below transparently swaps protocols when
+*     credentials are missing — without canonical hashing, the fallback
+*     would silently maintain a second mirror dir
+*
+* Migration cost: pre-existing mirrors created before this change use the
+* raw-URL hash and will be orphaned after the upgrade. `gcMirrors` removes
+* them on the next run; the next fetch repopulates the canonical-keyed
+* mirror. No data loss — mirror is a cache, not state.
+*/
 function hashUrl(url) {
-	return createHash("sha256").update(url).digest("hex").slice(0, 32);
+	return createHash("sha256").update(canonicalizeRepoUrl(url)).digest("hex").slice(0, 32);
+}
+/**
+* Reduce a repo URL to `<host[:port]>/<path-without-.git>`. Used as the
+* input to the mirror dir hash and exposed for unit testing.
+*
+*   `https://github.com/foo/bar.git`         → `github.com/foo/bar`
+*   `git@github.com:foo/bar.git`             → `github.com/foo/bar`
+*   `ssh://git@github.com/foo/bar.git`       → `github.com/foo/bar`
+*   `ssh://git@gitlab.example.com:2222/x/y`  → `gitlab.example.com:2222/x/y`
+*
+* Falls back to the raw input for un-parseable strings — better to keep
+* a stable mirror than to throw mid-bootstrap.
+*/
+function canonicalizeRepoUrl(url) {
+	if (!url.includes("://")) {
+		const m = url.match(/^(?:[A-Za-z0-9_.-]+@)?([A-Za-z0-9.-]+):([^/@:\s][^@:\s]*)$/);
+		const host = m?.[1];
+		const rawPath = m?.[2];
+		if (host && rawPath && !/^\d+(?:\/|$)/.test(rawPath)) {
+			const path = normalizePath(rawPath);
+			return `${host.toLowerCase()}/${path}`;
+		}
+	}
+	try {
+		const parsed = new URL(url);
+		const host = parsed.hostname.toLowerCase();
+		return `${parsed.port === "" || parsed.protocol === "https:" && parsed.port === "443" || parsed.protocol === "ssh:" && parsed.port === "22" ? host : `${host}:${parsed.port}`}/${normalizePath(parsed.pathname)}`;
+	} catch {
+		return url;
+	}
+}
+/**
+* Strip leading slashes, trailing slashes, and a trailing `.git`. Used by
+* `canonicalizeRepoUrl` so that `…/foo/bar`, `…/foo/bar/`, and `…/foo/bar.git`
+* all collapse to the same canonical path (and therefore the same mirror dir).
+*/
+function normalizePath(rawPath) {
+	return rawPath.replace(/^\/+/, "").replace(/\/+$/, "").replace(/\.git$/i, "");
 }
 function shortHash(input) {
 	return createHash("sha256").update(input).digest("hex").slice(0, 8);
@@ -3067,10 +3152,14 @@ function createGitMirrorManager(opts) {
 	}
 	async function git(args, cwd, timeoutMs, env) {
 		const start = Date.now();
+		const finalEnv = {
+			GIT_TERMINAL_PROMPT: "0",
+			...env ?? process.env
+		};
 		return await new Promise((resolveExec, rejectExec) => {
 			const proc = spawn("git", args, {
 				cwd: cwd ?? void 0,
-				env: env ?? process.env,
+				env: finalEnv,
 				stdio: [
 					"ignore",
 					"pipe",
@@ -3114,6 +3203,116 @@ function createGitMirrorManager(opts) {
 		}
 	}
 	/**
+	* `git fetch --prune origin` with one-shot bidirectional protocol fallback.
+	*
+	* Decides direction from `originUrl`'s protocol:
+	*   - HTTPS origin → on credential-shaped failure, retry as SSH
+	*   - SSH   origin → on credential-shaped failure, retry as HTTPS
+	* The fallback fires only when **all** hold:
+	*   1. The first attempt failed with a credential-shaped error in the
+	*      direction-appropriate sense (`isLikelyHttpsAuthFailure` /
+	*      `isLikelySshAuthFailure`). Network failures, missing-ref errors,
+	*      and TLS/host-key surprises propagate as-is — those won't be cured
+	*      by switching transports and silently retrying would mask real bugs.
+	*   2. The origin URL maps to a usable peer-protocol form
+	*      (see `httpsToSshBaseRewrite` / `sshToHttpsBaseRewrite`). Custom
+	*      ports beyond the protocol default disable the rewrite — there's no
+	*      universal mapping between `https://host:8443` and an SSH peer.
+	*
+	* Implementation: the retry uses `git -c url.<peer-base>.insteadOf=<origin-base>`
+	* — git resolves origin's URL through that rewrite for the duration of
+	* one subprocess and never persists anything to disk. The mirror's
+	* `remote.origin.url` stays as configured, so the next fetch starts back
+	* at the original protocol unless this fallback fires again.
+	*/
+	/**
+	* `remote set-head --auto` is a remote-talking op too — under the same
+	* credential rules as `fetch`. If we don't apply the same fallback,
+	* mirrors whose HTTPS creds are missing end up with `refs/remotes/origin/HEAD`
+	* unset, which then breaks `resolveBase()` for callers without an explicit
+	* `ref` (the default-branch lookup throws).
+	*
+	* Strategy mirrors `fetchOrigin`: try the configured protocol first, fall
+	* back to the peer protocol once via `-c url.<peer>.insteadOf=<origin>`.
+	* Returns true on either success, false if both attempts failed (which
+	* mirrors the historical `gitOk` semantics — non-fatal). No `GitMirrorAuthError`
+	* here: callers that need origin/HEAD already get a clear
+	* `GitMirrorError("Cannot resolve default branch …")` if both attempts fail.
+	*/
+	async function setHeadAuto(mirrorPath, originUrl) {
+		if (await gitOk([
+			"remote",
+			"set-head",
+			"origin",
+			"--auto"
+		], mirrorPath, 3e4)) return true;
+		const direction = pickFallbackDirection(originUrl);
+		if (!direction) return false;
+		return await gitOk([
+			"-c",
+			`url.${direction.peerBase}.insteadOf=${direction.originBase}`,
+			"remote",
+			"set-head",
+			"origin",
+			"--auto"
+		], mirrorPath, 3e4);
+	}
+	async function readOriginUrl(mirrorPath) {
+		try {
+			const { stdout } = await git([
+				"config",
+				"--get",
+				"remote.origin.url"
+			], mirrorPath, 1e4);
+			return stdout.trim() || null;
+		} catch {
+			return null;
+		}
+	}
+	async function fetchOrigin(mirrorPath, originUrl) {
+		const direction = pickFallbackDirection(originUrl);
+		try {
+			const { elapsedMs } = await git([
+				"fetch",
+				"--prune",
+				"origin"
+			], mirrorPath, cloneTimeoutMs);
+			return {
+				elapsedMs,
+				usedFallback: false
+			};
+		} catch (primaryErr) {
+			const primaryMessage = primaryErr instanceof Error ? primaryErr.message : String(primaryErr);
+			if (!direction || !direction.shouldRetry(primaryMessage)) throw primaryErr;
+			log?.info({
+				gitUrl: originUrl,
+				fromProtocol: direction.fromProtocol,
+				toProtocol: direction.toProtocol,
+				peerBase: direction.peerBase
+			}, "fetch failed with credential-shaped error; retrying with peer-protocol insteadOf rewrite");
+			try {
+				const { elapsedMs } = await git([
+					"-c",
+					`url.${direction.peerBase}.insteadOf=${direction.originBase}`,
+					"fetch",
+					"--prune",
+					"origin"
+				], mirrorPath, cloneTimeoutMs);
+				log?.info({
+					gitUrl: originUrl,
+					toProtocol: direction.toProtocol
+				}, "protocol-fallback fetch succeeded");
+				return {
+					elapsedMs,
+					usedFallback: true
+				};
+			} catch (peerErr) {
+				const peerMessage = peerErr instanceof Error ? peerErr.message : String(peerErr);
+				throw new GitMirrorAuthError(`Could not fetch ${originUrl} over ${direction.fromProtocol.toUpperCase()} or ${direction.toProtocol.toUpperCase()}. ${direction.fromProtocol.toUpperCase()} attempt failed: ${truncate(primaryMessage)} ${direction.toProtocol.toUpperCase()} retry (${direction.peerBase}) failed: ${truncate(peerMessage)}`);
+			}
+		}
+	}
+	/**
 	* Bring the mirror's config to the invariant expected by this module:
 	* fetch refspec = `+refs/heads/*:refs/remotes/origin/*`, `remote.origin.mirror`
 	* absent, `refs/remotes/origin/HEAD` resolvable.
@@ -3181,17 +3380,8 @@ function createGitMirrorManager(opts) {
 			migrated = true;
 		}
 		if (migrated) {
-			await git([
-				"fetch",
-				"--prune",
-				"origin"
-			], mirrorPath, cloneTimeoutMs);
-			await gitOk([
-				"remote",
-				"set-head",
-				"origin",
-				"--auto"
-			], mirrorPath, 3e4);
+			await fetchOrigin(mirrorPath, url);
+			await setHeadAuto(mirrorPath, url);
 			log?.info({ gitUrl: url }, "mirror config migrated");
 		}
 		return { migrated };
@@ -3221,17 +3411,8 @@ function createGitMirrorManager(opts) {
 			"remote.origin.fetch",
 			FETCH_REFSPEC
 		], mirrorPath, 1e4);
-		await git([
-			"fetch",
-			"--prune",
-			"origin"
-		], mirrorPath, cloneTimeoutMs);
-		await gitOk([
-			"remote",
-			"set-head",
-			"origin",
-			"--auto"
-		], mirrorPath, 3e4);
+		await fetchOrigin(mirrorPath, url);
+		await setHeadAuto(mirrorPath, url);
 	}
 	async function branchExists(mirrorPath, branchName) {
 		return await gitOk([
@@ -3257,6 +3438,21 @@ function createGitMirrorManager(opts) {
 				"--quiet",
 				"refs/remotes/origin/HEAD"
 			], mirrorPath, 1e4)) return "refs/remotes/origin/HEAD";
+			const url = await readOriginUrl(mirrorPath);
+			if (url && await setHeadAuto(mirrorPath, url)) {
+				if (await gitOk([
+					"rev-parse",
+					"--verify",
+					"--quiet",
+					"refs/remotes/origin/HEAD"
+				], mirrorPath, 1e4)) {
+					log?.info({
+						mirrorPath,
+						gitUrl: url
+					}, "origin/HEAD self-healed via setHeadAuto");
+					return "refs/remotes/origin/HEAD";
+				}
+			}
 			throw new GitMirrorError("Cannot resolve default branch: refs/remotes/origin/HEAD is missing. Re-run with an explicit `ref`.");
 		}
 		if (looksLikeCommitSha(ref)) {
@@ -3325,16 +3521,12 @@ function createGitMirrorManager(opts) {
 				const path = mirrorDir(url);
 				if (!existsSync(join(path, "HEAD"))) throw new GitMirrorError(`Cannot fetch — no mirror exists for "${url}"`);
 				try {
-					const { elapsedMs } = await git([
-						"fetch",
-						"--prune",
-						"origin"
-					], path, cloneTimeoutMs);
+					const { elapsedMs } = await fetchOrigin(path, url);
 					return { elapsedMs };
 				} catch (err) {
 					log?.warn({
 						gitUrl: url,
-						errorCode: err instanceof GitMirrorError ? "git-failed" : "unknown",
+						errorCode: err instanceof GitMirrorAuthError ? "auth-failed" : err instanceof GitMirrorTimeoutError ? "timeout" : err instanceof GitMirrorError ? "git-failed" : "unknown",
 						stderr: err instanceof Error ? err.message.slice(0, 1024) : String(err).slice(0, 1024)
 					}, "mirror fetch failed");
 					throw err;
@@ -3472,6 +3664,166 @@ var GitMirrorWorktreeConflictError = class extends GitMirrorError {
 	}
 };
 /**
+* Thrown when both the HTTPS fetch and the SSH fallback fail. The message
+* carries trimmed stderr from both attempts so the operator can see whether
+* the host's HTTPS credentials are missing, the SSH key is missing, or both.
+*/
+var GitMirrorAuthError = class extends GitMirrorError {
+	constructor(message) {
+		super(message);
+		this.name = "GitMirrorAuthError";
+	}
+};
+/**
+* Heuristic for HTTPS-side credential failures. Matches the indicators git
+* itself emits over libcurl / git-credential helpers, regardless of platform.
+*
+* Negative space (intentionally NOT matched): network errors
+* (`Could not resolve host`, `connection refused`), repo errors
+* (`Repository not found`, `couldn't find remote ref`), TLS errors
+* (`SSL certificate problem`). Those won't be cured by switching transports
+* and silently retrying would mask the real bug.
+*
+* Exported for unit testing.
+*/
+function isLikelyHttpsAuthFailure(message) {
+	if (!message) return false;
+	return /could not read Username/i.test(message) || /could not read Password/i.test(message) || /Authentication failed/i.test(message) || /terminal prompts disabled/i.test(message) || /HTTP\s*(?:Basic:\s*)?Access denied/i.test(message) || /\bHTTP[/ ]?(1\.[01]|2|2\.0)?\s*40[13]\b/i.test(message) || /\bfatal:\s*unable to access\b.*\b(401|403)\b/i.test(message) || /\bremote: Invalid username or password\b/i.test(message);
+}
+/**
+* Heuristic for SSH-side credential failures (no key on disk, key not
+* accepted by remote, agent has nothing usable, host key mismatch).
+*
+* Negative space (intentionally NOT matched): SSH-level network errors
+* (`Could not resolve hostname`, `Connection refused`, `Connection timed out`).
+* Those are network reachability issues — switching to HTTPS won't help
+* unless the network policy specifically blocks port 22, which is rare
+* enough that we'd rather surface the original error than guess.
+*
+* Exported for unit testing.
+*/
+function isLikelySshAuthFailure(message) {
+	if (!message) return false;
+	return /Permission denied\s*(?:\(|,)/i.test(message) || /Could not read from remote repository/i.test(message) || /Host key verification failed/i.test(message) || /no matching host key type/i.test(message) || /no mutual signature algorithm/i.test(message);
+}
+/**
+* Map an HTTPS git URL to the `insteadOf` rewrite needed to make git resolve
+* it through SSH. Returns *base* strings (suitable for
+* `git -c url.<sshBase>.insteadOf=<httpsBase>`) — git's `insteadOf` is a
+* prefix match, so we only need the host segment.
+*
+*   `https://github.com/owner/repo.git` → `git@github.com:` / `https://github.com/`
+*
+* Returns `null` for inputs that should NOT trigger fallback:
+*   - non-HTTPS URLs (already SSH, `git://`, `file://`, etc.)
+*   - URLs with embedded credentials (schema rejects these on input;
+*     belt-and-braces — never silently downgrade auth strength)
+*   - HTTPS URLs with a non-default port — there is no portable mapping to
+*     an SSH port (HTTPS:8443 ↔ SSH:???), so we refuse to guess
+*   - URLs that fail to parse
+*
+* Exported for unit testing.
+*/
+function httpsToSshBaseRewrite(url) {
+	if (!url || !/^https:\/\//i.test(url)) return null;
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return null;
+	}
+	if (parsed.protocol !== "https:") return null;
+	if (parsed.username.length > 0 || parsed.password.length > 0) return null;
+	if (!parsed.hostname) return null;
+	if (parsed.port && parsed.port !== "443") return null;
+	return {
+		httpsBase: `https://${parsed.hostname}/`,
+		sshBase: `git@${parsed.hostname}:`
+	};
+}
+/**
+* Map an SSH git URL (either `ssh://` or scp-like `[user@]host:path`) to the
+* `insteadOf` rewrite for resolving via HTTPS. Mirror of
+* `httpsToSshBaseRewrite`.
+*
+*   `git@github.com:owner/repo.git`           → `git@github.com:` / `https://github.com/`
+*   `ssh://git@github.com/owner/repo.git`     → `ssh://git@github.com/` / `https://github.com/`
+*   `ssh://git@gitlab.example.com:22/x/y.git` → `ssh://git@gitlab.example.com:22/` / `https://gitlab.example.com/`
+*
+* Returns `null` when:
+*   - URL is not SSH-shaped
+*   - URL has an embedded password (`user:pass@`)
+*   - SSH URL has a non-default port (≠ 22) — no portable mapping to HTTPS
+*
+* Exported for unit testing.
+*/
+function sshToHttpsBaseRewrite(url) {
+	if (!url) return null;
+	if (!url.includes("://")) {
+		const m = url.match(/^((?:[A-Za-z0-9_.-]+@)?)([A-Za-z0-9.-]+):([^/@:\s][^@:\s]*)$/);
+		const userAt = m?.[1];
+		const host = m?.[2];
+		const path = m?.[3];
+		if (userAt === void 0 || !host || !path) return null;
+		if (/^\d+(?:\/|$)/.test(path)) return null;
+		return {
+			sshBase: `${userAt}${host}:`,
+			httpsBase: `https://${host}/`
+		};
+	}
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return null;
+	}
+	if (parsed.protocol !== "ssh:") return null;
+	if (parsed.password.length > 0) return null;
+	if (!parsed.hostname) return null;
+	if (parsed.port && parsed.port !== "22") return null;
+	const userAt = parsed.username.length > 0 ? `${parsed.username}@` : "";
+	return {
+		sshBase: parsed.port ? `ssh://${userAt}${parsed.hostname}:${parsed.port}/` : `ssh://${userAt}${parsed.hostname}/`,
+		httpsBase: `https://${parsed.hostname}/`
+	};
+}
+/**
+* Same shape as `SCP_LIKE_SSH_RE` in the shared schema — kept in sync so
+* what the schema accepts is exactly what we route through the SSH-side
+* fallback. Single source of truth would be ideal, but cross-package import
+* for a regex isn't worth the build coupling.
+*/
+const SCP_LIKE_RE = /^(?:[A-Za-z0-9_.-]+@)?[A-Za-z0-9.-]+:(?!\d+(?:\/|$))[^/:@\s][^:@\s]*$/;
+function pickFallbackDirection(originUrl) {
+	if (/^https:\/\//i.test(originUrl)) {
+		const r = httpsToSshBaseRewrite(originUrl);
+		if (!r) return null;
+		return {
+			fromProtocol: "https",
+			toProtocol: "ssh",
+			originBase: r.httpsBase,
+			peerBase: r.sshBase,
+			shouldRetry: isLikelyHttpsAuthFailure
+		};
+	}
+	if (/^ssh:\/\//i.test(originUrl) || SCP_LIKE_RE.test(originUrl)) {
+		const r = sshToHttpsBaseRewrite(originUrl);
+		if (!r) return null;
+		return {
+			fromProtocol: "ssh",
+			toProtocol: "https",
+			originBase: r.sshBase,
+			peerBase: r.httpsBase,
+			shouldRetry: isLikelySshAuthFailure
+		};
+	}
+	return null;
+}
+function truncate(text, max = 512) {
+	if (text.length <= max) return text;
+	return `${text.slice(0, max)}…[truncated]`;
+}
+/**
 * InputController — push-based async iterable bridge.
 *
 * Bridges imperative `push()` calls to the `AsyncIterable` that
@@ -4259,6 +4611,8 @@ const createClaudeCodeHandler = (config) => {
 		}
 	}
 	const contextTreePath = config.contextTreePath ?? null;
+	const contextTreeRepoUrl = config.contextTreeRepoUrl ?? null;
+	const agentName = config.agentName ?? null;
 	/**
 	* Materialise the runtime config's `gitRepos` into worktrees under `cwd`.
 	* Idempotent across resumes: reuses an existing Hub-managed worktree if
@@ -4326,7 +4680,8 @@ const createClaudeCodeHandler = (config) => {
 		if (contextTreePath) installFirstTreeIntegration({
 			workspacePath: workspace,
 			contextTreePath,
-			workspaceId: sessionCtx.chatId,
+			workspaceId: agentName ?? sessionCtx.chatId,
+			treeRepoUrl: contextTreeRepoUrl ?? void 0,
 			log: (msg) => sessionCtx.log(msg)
 		});
 	}
@@ -4515,6 +4870,8 @@ const createCodexHandler = (config) => {
 	const agentConfigCache = config.agentConfigCache ?? null;
 	const gitMirrorManager = config.gitMirrorManager ?? null;
 	const contextTreePath = config.contextTreePath ?? null;
+	const contextTreeRepoUrl = config.contextTreeRepoUrl ?? null;
+	const agentName = config.agentName ?? null;
 	let cwd = null;
 	let codex = null;
 	let thread = null;
@@ -4786,6 +5143,17 @@ const createCodexHandler = (config) => {
 		if (inputs.length === 0) return;
 		await runTurn(inputs.join("\n\n"), sessionCtx);
 	}
+	/** Install the first-tree skill + binding block; no-op when context tree is unconfigured. */
+	function ensureFirstTreeBinding(workspace, sessionCtx) {
+		if (!contextTreePath) return;
+		installFirstTreeIntegration({
+			workspacePath: workspace,
+			contextTreePath,
+			workspaceId: agentName ?? sessionCtx.chatId,
+			treeRepoUrl: contextTreeRepoUrl ?? void 0,
+			log: (msg) => sessionCtx.log(msg)
+		});
+	}
 	return {
 		async start(message, sessionCtx) {
 			ctx = sessionCtx;
@@ -4811,6 +5179,7 @@ const createCodexHandler = (config) => {
 					content: buildAgentBriefing(payload)
 				}
 			});
+			ensureFirstTreeBinding(cwd, sessionCtx);
 			await prepareGitWorktrees(payload, cwd, sessionCtx.chatId);
 			codex = new Codex({
 				env: buildEnv(sessionCtx),
@@ -4835,17 +5204,20 @@ const createCodexHandler = (config) => {
 				env: [],
 				gitRepos: []
 			};
-			bootstrapWorkspace({
-				workspacePath: cwd,
-				identity: sessionCtx.agent,
-				contextTreePath,
-				serverUrl: sessionCtx.sdk.serverUrl,
-				chatId: sessionCtx.chatId,
-				briefing: {
-					format: "agents-md",
-					content: buildAgentBriefing(payload)
-				}
-			});
+			if (!existsSync(join(cwd, ".agent", "identity.json"))) {
+				bootstrapWorkspace({
+					workspacePath: cwd,
+					identity: sessionCtx.agent,
+					contextTreePath,
+					serverUrl: sessionCtx.sdk.serverUrl,
+					chatId: sessionCtx.chatId,
+					briefing: {
+						format: "agents-md",
+						content: buildAgentBriefing(payload)
+					}
+				});
+				ensureFirstTreeBinding(cwd, sessionCtx);
+			}
 			await prepareGitWorktrees(payload, cwd, sessionCtx.chatId);
 			codex = new Codex({
 				env: buildEnv(sessionCtx),
@@ -5878,7 +6250,7 @@ var AgentSlot = class {
 			lastActivityMs: 0
 		};
 	}
-	async start(contextTreePath) {
+	async start(contextTreeBinding) {
 		const sdk = (await this.clientConnection.bindAgent(this.config.agentId, this.config.runtimeType ?? this.config.type, this.config.runtimeVersion)).sdk;
 		this.sdk = sdk;
 		const agent = await sdk.register();
@@ -5956,7 +6328,9 @@ var AgentSlot = class {
 			handlerFactory: this.config.handlerFactory,
 			handlerConfig: {
 				workspaceRoot: join(DEFAULT_DATA_DIR, "workspaces", this.config.name),
-				contextTreePath: contextTreePath ?? void 0,
+				agentName: this.config.name,
+				contextTreePath: contextTreeBinding?.path,
+				contextTreeRepoUrl: contextTreeBinding?.repoUrl,
 				gitMirrorManager
 			},
 			agentIdentity: {
@@ -8680,7 +9054,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-C6qlhju2.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-fLnwqCOs.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9893,7 +10267,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-CVe_gn9M.mjs
+//#region ../server/dist/app-BXdU2BzM.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -10658,6 +11032,28 @@ async function resolveAgentClient(db, data) {
 	return client.id;
 }
 /**
+* Validate a `delegateMention` write at the service layer. Two checks:
+*   1. Target uuid must resolve to an existing agent — dangling references
+*      would silently break webhook delegation at runtime.
+*   2. Target must belong to the same organization as the source agent —
+*      cross-org delegate links are rejected here at the source so the
+*      database never accumulates dirty rows. The webhook router has a
+*      defense-in-depth check that filters them at fan-out time, but this
+*      keeps the data clean and gives the admin UI an immediate 422 instead
+*      of a silent runtime drop.
+*
+* `null` clears the field — handled by the caller; we are only invoked when
+* the caller wrote a non-null uuid.
+*/
+async function validateDelegateMentionTarget(db, targetUuid, sourceOrgId) {
+	const [target] = await db.select({
+		uuid: agents.uuid,
+		organizationId: agents.organizationId
+	}).from(agents).where(eq(agents.uuid, targetUuid)).limit(1);
+	if (!target) throw new BadRequestError(`delegateMention target "${targetUuid}" not found`);
+	if (target.organizationId !== sourceOrgId) throw new BadRequestError("delegateMention target must belong to the same organization as the agent");
+}
+/**
 * Pick the first admin member in the org for internal system agents. Throws
 * if the org has no admin — the caller should surface the error so an admin
 * is created before the system tries to register more agents.
@@ -10697,6 +11093,7 @@ async function createAgent(db, data, options = {}) {
 		type: data.type
 	});
 	await ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, { force: options.force });
+	if (data.delegateMention) await validateDelegateMentionTarget(db, data.delegateMention, orgId);
 	const [org] = await db.select({ maxAgents: organizations.maxAgents }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
 	if (org && org.maxAgents > 0) {
 		if (((await db.select({ value: count() }).from(agents).where(and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED))))[0]?.value ?? 0) >= org.maxAgents) throw new ForbiddenError(`Organization "${orgId}" has reached its agent limit (${org.maxAgents}). Upgrade your plan or delete unused agents.`);
@@ -10843,7 +11240,10 @@ async function updateAgent(db, uuid, data) {
 	const updates = { updatedAt: /* @__PURE__ */ new Date() };
 	if (data.type !== void 0) updates.type = data.type;
 	if (data.displayName !== void 0) updates.displayName = data.displayName;
-	if (data.delegateMention !== void 0) updates.delegateMention = data.delegateMention;
+	if (data.delegateMention !== void 0) {
+		if (data.delegateMention !== null) await validateDelegateMentionTarget(db, data.delegateMention, agent.organizationId);
+		updates.delegateMention = data.delegateMention;
+	}
 	if (data.visibility !== void 0) updates.visibility = data.visibility;
 	if (data.metadata !== void 0) updates.metadata = data.metadata;
 	if (data.managerId !== void 0) {
@@ -13430,7 +13830,7 @@ async function agentRoutes(app) {
 	});
 	app.post("/:uuid/test", async (request, reply) => {
 		const { uuid } = request.params;
-		await requireAgentAccess(request, app.db, "manage");
+		const { agent: targetAgent } = await requireAgentAccess(request, app.db, "manage");
 		const presence = await getPresence(app.db, uuid);
 		const wsConnected = hasActiveConnection(uuid);
 		const clientId = getAgentClientId(uuid) ?? presence?.clientId ?? null;
@@ -13467,15 +13867,15 @@ async function agentRoutes(app) {
 			message: "Agent connection is stale — heartbeat lost. The client process may have crashed.",
 			connection
 		});
-		const [owner] = await app.db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.delegateMention, uuid), eq(agents.status, "active"))).limit(1);
+		const [owner] = await app.db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.delegateMention, uuid), eq(agents.status, "active"), eq(agents.organizationId, targetAgent.organizationId))).limit(1);
 		let senderId = owner?.uuid ?? null;
 		if (!senderId) {
-			const [other] = await app.db.select({ uuid: agents.uuid }).from(agents).where(and(ne(agents.uuid, uuid), eq(agents.status, "active"))).limit(1);
+			const [other] = await app.db.select({ uuid: agents.uuid }).from(agents).where(and(ne(agents.uuid, uuid), eq(agents.status, "active"), eq(agents.organizationId, targetAgent.organizationId))).limit(1);
 			senderId = other?.uuid ?? null;
 		}
 		if (!senderId) return reply.status(200).send({
 			status: "error",
-			message: "No suitable sender found. Need at least one other active agent.",
+			message: "No suitable sender found. Need at least one other active agent in the same organization.",
 			connection
 		});
 		const chat = await findOrCreateDirectChat(app.db, senderId, uuid);
@@ -14668,7 +15068,7 @@ function decodeCursor(cursor) {
 *   - Cursor narrows the result to rows STRICTLY before `(cursor.ts, cursor.id)`.
 *   - Followed by a small participant-list lookup for the page only.
 */
-async function listMeChats(db, humanAgentId, query) {
+async function listMeChats(db, humanAgentId, organizationId, query) {
 	const limit = query.limit;
 	const cursor = query.cursor ? decodeCursor(query.cursor) : null;
 	if (query.cursor && !cursor) throw new BadRequestError("Invalid cursor");
@@ -14709,6 +15109,11 @@ async function listMeChats(db, humanAgentId, query) {
       FROM chats c
       JOIN deduped d ON d.chat_id = c.id
      WHERE c.parent_chat_id IS NULL
+       /* Scope to the caller's org. Without this, cross-org dirty chats
+          whose chat_participants still reference the caller's human agent
+          (historical pollution — see fix/cross-org-direct-chat-pollution)
+          would leak into the list and 404 on click via requireChatAccess. */
+       AND c.organization_id = ${organizationId}
        /* Filter: unread / watching */
        AND (${!filterUnreadOnly}::bool OR d.unread_mention_count > 0)
        AND (${!filterWatchingOnly}::bool OR d.membership_kind = 'watching')
@@ -15388,19 +15793,26 @@ async function deleteOrgSetting(db, orgId, namespace) {
 	await db.delete(organizationSettings).where(and(eq(organizationSettings.organizationId, orgId), eq(organizationSettings.namespace, namespace)));
 }
 /**
-* Resolve the caller's "primary org" — the earliest-joined active
-* membership for the given user. Used by user-scoped routes that
-* historically didn't take an `:orgId` (e.g. `/context-tree/info`) so
-* the SDK call shape doesn't have to change while the per-tenant lookup
-* still happens correctly.
+* Resolve the caller's "primary org" for user-scoped routes that
+* historically didn't take an `:orgId` (e.g. `/context-tree/info`,
+* `/context-tree/snapshot`).
 *
-* Returns `null` for users with no active membership. Tightening to
-* "explicit org selector" is a future change-once-multi-org-clients-arrive
-* concern. (#7)
+* Uses the same `pickDefaultMembership` helper that `/me` uses to compute
+* `defaultOrganizationId` (most-recently-active membership, id desc tie-break).
+* That guarantees the org `/me` reports as the default is the same org these
+* server-internal lookups read from — earlier the two sides used opposite
+* orderings (`/me` desc, this fn asc), so multi-org users saw `/info`
+* resolve to a different (often unconfigured) org than the one Team Settings
+* was edited for.
+*
+* Returns `null` for users with no active membership.
 */
 async function resolveUserPrimaryOrgId(db, userId) {
-	const [row] = await db.select({ organizationId: members.organizationId }).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))).orderBy(asc(members.createdAt)).limit(1);
-	return row?.organizationId ?? null;
+	return pickDefaultMembership(await db.select({
+		id: members.id,
+		organizationId: members.organizationId,
+		createdAt: members.createdAt
+	}).from(members).where(and(eq(members.userId, userId), eq(members.status, "active"))))?.organizationId ?? null;
 }
 async function contextTreeInfoRoutes(app) {
 	/**
@@ -15721,17 +16133,17 @@ function isGithubHttpsRepo(repoUrl) {
 }
 function contextStatus(warning) {
 	if (warning?.stale) return {
-		label: "Team context is stale",
+		label: "Context Tree may be stale",
 		detail: warning.detail,
 		severity: "warning"
 	};
 	if (warning) return {
-		label: "Team context needs attention",
+		label: "Context Tree needs attention",
 		detail: warning.detail,
 		severity: "warning"
 	};
 	return {
-		label: "Team context is current",
+		label: "Context Tree is up to date",
 		detail: "Agents have a synced team context snapshot available.",
 		severity: "ok"
 	};
@@ -16333,7 +16745,7 @@ function ghostNodeId(path) {
 function toPosix(path) {
 	return sep === "/" ? path : path.split(sep).join("/");
 }
-const querySchema = z.object({ window: z.enum([
+const querySchema$1 = z.object({ window: z.enum([
 	"1d",
 	"7d",
 	"30d"
@@ -16344,7 +16756,7 @@ async function contextTreeSnapshotRoutes(app) {
 		timeWindow: "1 minute",
 		keyGenerator: (request) => request.user?.userId ?? request.ip
 	} } }, async (request) => {
-		const query = querySchema.parse(request.query);
+		const query = querySchema$1.parse(request.query);
 		const { userId } = requireUser(request);
 		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
 		const binding = orgId ? await getOrgContextTree(app.db, orgId) : {};
@@ -16482,7 +16894,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-C299fxkP-KyCNax4T.mjs");
+	const { previewInvitation } = await import("./invitation-C299fxkP-B89eqDos.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -16662,7 +17074,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-BhCtO2df-BGOu-rRN.mjs");
+		const { listMyPinnedAgents } = await import("./client-0RrgrMjR-DPyuu6Ls.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -17095,7 +17507,7 @@ async function orgChatRoutes(app) {
 		}
 		if (view === "grouped") return listChatsForMember(app.db, scope.memberId, scope.humanAgentId);
 		const query = listMeChatsQuerySchema.parse(request.query);
-		return listMeChats(app.db, scope.humanAgentId, query);
+		return listMeChats(app.db, scope.humanAgentId, scope.organizationId, query);
 	});
 	/**
 	* POST /orgs/:orgId/chats — create a new chat. The :orgId path param
@@ -17136,6 +17548,34 @@ async function orgClientRoutes(app) {
 		}));
 	});
 }
+const querySchema = z.object({ window: z.enum([
+	"1d",
+	"7d",
+	"30d"
+]).optional() }).strict();
+async function orgContextTreeSnapshotRoutes(app) {
+	app.get("/snapshot", { config: { rateLimit: {
+		max: app.config.rateLimit?.contextTreeSnapshotMax ?? 6,
+		timeWindow: "1 minute",
+		keyGenerator: (request) => `${request.user?.userId ?? request.ip}:${orgIdParam(request.params) ?? "unknown-org"}`
+	} } }, async (request) => {
+		const query = querySchema.parse(request.query);
+		const scope = await requireOrgMembership(request, app.db);
+		const binding = await getOrgContextTree(app.db, scope.organizationId);
+		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		const snapshot = await getContextTreeSnapshot({
+			...binding,
+			githubToken
+		}, query.window ?? "7d");
+		return contextTreeSnapshotSchema.parse(snapshot);
+	});
+}
+function orgIdParam(params) {
+	if (!params || typeof params !== "object") return null;
+	if (!("orgId" in params)) return null;
+	const orgId = params.orgId;
+	return typeof orgId === "string" ? orgId : null;
+}
 /**
 * Class B — `/api/v1/orgs/:orgId` itself: read & rename the org row.
 * Replaces the deleted `/admin/organizations/:id` GET/PATCH pair.
@@ -17803,6 +18243,31 @@ function extractMentions$1(text) {
 	}
 	return [...names];
 }
+/** Extract mentions from structural payload fields (not free-form text).
+* GitHub's `pull_request.review_requested` puts the targeted reviewer in
+* `requested_reviewer.login`, not in any text body — `extractMentions` would
+* miss it. Team requests use `requested_team` instead, which we deliberately
+* skip to stay consistent with `extractMentions` ignoring `@org/team`. */
+function extractStructuralMentions(eventType, payload) {
+	if (!isRecord(payload)) return [];
+	if (eventType !== "pull_request") return [];
+	if (payload.action !== "review_requested") return [];
+	const reviewer = isRecord(payload.requested_reviewer) ? payload.requested_reviewer : null;
+	const login = typeof reviewer?.login === "string" ? reviewer.login : null;
+	return login ? [login.toLowerCase()] : [];
+}
+const DELEGATE_VERDICT_MESSAGES = {
+	ok: "delegate_mention target eligible",
+	not_found: "delegate_mention target not found, skipping",
+	cross_org: "delegate_mention target belongs to another org, skipping",
+	inactive: "delegate_mention target not active, skipping"
+};
+function evaluateDelegateTarget(target, sourceOrgId) {
+	if (!target) return "not_found";
+	if (target.organizationId !== sourceOrgId) return "cross_org";
+	if (target.status !== "active") return "inactive";
+	return "ok";
+}
 /**
 * Route @mentions to delegate agents.
 * For each mentioned user who has delegate_mention configured,
@@ -17821,13 +18286,19 @@ async function routeMentionDelegations(app, organizationId, mentionedNames, ctx)
 		if (agent.status !== "active" || !agent.delegateMention) continue;
 		const [target] = await app.db.select({
 			id: agents.uuid,
-			status: agents.status
+			status: agents.status,
+			organizationId: agents.organizationId
 		}).from(agents).where(eq(agents.uuid, agent.delegateMention)).limit(1);
-		if (!target || target.status !== "active") {
+		const verdict = evaluateDelegateTarget(target, organizationId);
+		if (verdict !== "ok") {
 			log$1.warn({
 				targetAgent: agent.delegateMention,
-				sourceAgent: agent.name
-			}, "delegate_mention target not active, skipping");
+				sourceAgent: agent.name,
+				sourceOrg: organizationId,
+				targetOrg: target?.organizationId,
+				targetStatus: target?.status,
+				verdict
+			}, DELEGATE_VERDICT_MESSAGES[verdict]);
 			continue;
 		}
 		try {
@@ -17838,6 +18309,7 @@ async function routeMentionDelegations(app, organizationId, mentionedNames, ctx)
 					type: "github_mention",
 					mentionedUser: agent.name,
 					event: ctx.event,
+					action: ctx.action,
 					repository: ctx.repository,
 					sender: ctx.sender,
 					title: ctx.title,
@@ -17847,7 +18319,8 @@ async function routeMentionDelegations(app, organizationId, mentionedNames, ctx)
 				metadata: {
 					source: "github",
 					event: "mention_delegation",
-					mentionedUser: agent.name
+					mentionedUser: agent.name,
+					action: ctx.action
 				}
 			});
 			notifyRecipients(app.notifier, recipients, msg.id);
@@ -17928,18 +18401,43 @@ async function githubWebhookRoutes(app) {
 			ok: true,
 			event: "ping"
 		});
-		if (eventType === "issues") return handleIssuesEvent(app, orgId, eventType, payload, reply);
-		if (eventType === "issue_comment") return handleIssueCommentEvent(app, orgId, eventType, payload, reply);
-		let mentionsRouted = 0;
-		const allowedActions = MENTION_ACTIONS[eventType];
-		const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
-		if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
-		return reply.status(200).send({
-			ok: true,
-			event: eventType,
-			handled: mentionsRouted > 0,
-			mentionsRouted
-		});
+		const deliveryHeader = request.headers["x-github-delivery"];
+		const deliveryId = typeof deliveryHeader === "string" && deliveryHeader.length > 0 ? deliveryHeader : null;
+		if (deliveryId) {
+			if (!await claimEvent(app.db, deliveryId, "github")) {
+				log$1.info({
+					deliveryId,
+					eventType
+				}, "duplicate GitHub delivery, skipping");
+				return reply.status(200).send({
+					ok: true,
+					event: eventType,
+					deduped: true
+				});
+			}
+		}
+		try {
+			if (eventType === "issues") return await handleIssuesEvent(app, orgId, eventType, payload, reply);
+			if (eventType === "issue_comment") return await handleIssueCommentEvent(app, orgId, eventType, payload, reply);
+			let mentionsRouted = 0;
+			const allowedActions = MENTION_ACTIONS[eventType];
+			const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
+			if (allowedActions && action && allowedActions.includes(action)) mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				handled: mentionsRouted > 0,
+				mentionsRouted
+			});
+		} catch (err) {
+			if (deliveryId) await unclaimEvent(app.db, deliveryId, "github").catch((unclaimErr) => {
+				log$1.error({
+					err: unclaimErr,
+					deliveryId
+				}, "failed to unclaim GitHub delivery after handler error");
+			});
+			throw err;
+		}
 	});
 }
 /** Extract text body from any GitHub webhook event for @mention scanning. */
@@ -17979,12 +18477,14 @@ function extractEventContext(eventType, payload) {
 	const sender = isRecord(payload.sender) ? payload.sender : null;
 	const repository = typeof repo?.full_name === "string" ? repo.full_name : "";
 	const senderLogin = typeof sender?.login === "string" ? sender.login : "";
+	const action = typeof payload.action === "string" ? payload.action : void 0;
 	switch (eventType) {
 		case "issues": {
 			const issue = isRecord(payload.issue) ? payload.issue : null;
 			if (!issue) return null;
 			return {
 				event: "issues",
+				action,
 				repository,
 				sender: senderLogin,
 				title: `Issue #${issue.number}: ${issue.title}`,
@@ -17998,6 +18498,7 @@ function extractEventContext(eventType, payload) {
 			if (!issue || !comment) return null;
 			return {
 				event: "issue_comment",
+				action,
 				repository,
 				sender: senderLogin,
 				title: `Issue #${issue.number}: ${issue.title}`,
@@ -18010,6 +18511,7 @@ function extractEventContext(eventType, payload) {
 			if (!pr) return null;
 			return {
 				event: "pull_request",
+				action,
 				repository,
 				sender: senderLogin,
 				title: `PR #${pr.number}: ${pr.title}`,
@@ -18023,6 +18525,7 @@ function extractEventContext(eventType, payload) {
 			if (!pr || !review) return null;
 			return {
 				event: "pull_request_review",
+				action,
 				repository,
 				sender: senderLogin,
 				title: `PR #${pr.number}: ${pr.title}`,
@@ -18036,6 +18539,7 @@ function extractEventContext(eventType, payload) {
 			if (!pr || !comment) return null;
 			return {
 				event: "pull_request_review_comment",
+				action,
 				repository,
 				sender: senderLogin,
 				title: `PR #${pr.number}: ${pr.title}`,
@@ -18048,6 +18552,7 @@ function extractEventContext(eventType, payload) {
 			if (!disc) return null;
 			return {
 				event: "discussion",
+				action,
 				repository,
 				sender: senderLogin,
 				title: typeof disc.title === "string" ? disc.title : "",
@@ -18061,6 +18566,7 @@ function extractEventContext(eventType, payload) {
 			if (!disc || !comment) return null;
 			return {
 				event: "discussion_comment",
+				action,
 				repository,
 				sender: senderLogin,
 				title: typeof disc.title === "string" ? disc.title : "",
@@ -18073,6 +18579,7 @@ function extractEventContext(eventType, payload) {
 			if (!comment) return null;
 			return {
 				event: "commit_comment",
+				action,
 				repository,
 				sender: senderLogin,
 				title: "Commit comment",
@@ -18088,16 +18595,26 @@ function extractEventContext(eventType, payload) {
 * Only called after action gating confirms this is a "new content" event.
 */
 async function handleMentionDelegation(app, organizationId, eventType, payload) {
-	const mentions = extractMentions$1(extractEventText(eventType, payload));
+	const textMentions = extractMentions$1(extractEventText(eventType, payload));
+	const structuralMentions = extractStructuralMentions(eventType, payload);
+	const mentions = [...new Set([...textMentions, ...structuralMentions])];
 	const mentionCtx = extractEventContext(eventType, payload);
 	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, organizationId, mentions, mentionCtx);
 	return 0;
 }
-/** Actions that represent new/changed content (worth scanning for @mentions). */
+/** Actions that represent new/changed content (worth scanning for @mentions).
+* Note: `pull_request.review_requested` doesn't carry an @mention in any
+* text body — the reviewer is in `requested_reviewer.login`. We pick it up
+* via `extractStructuralMentions`. The complementary `review_request_removed`
+* is intentionally omitted to avoid notifying the reviewer twice. */
 const MENTION_ACTIONS = {
 	issues: ["opened", "edited"],
 	issue_comment: ["created"],
-	pull_request: ["opened", "edited"],
+	pull_request: [
+		"opened",
+		"edited",
+		"review_requested"
+	],
 	pull_request_review: ["submitted"],
 	pull_request_review_comment: ["created"],
 	discussion: ["created", "edited"],
@@ -19748,6 +20265,7 @@ async function buildApp(config) {
 			await scope.register(orgInvitationRoutes, { prefix: "/invitations" });
 			await scope.register(orgMemberRoutes, { prefix: "/members" });
 			await scope.register(orgSettingsRoutes, { prefix: "/settings" });
+			await scope.register(orgContextTreeSnapshotRoutes, { prefix: "/context-tree" });
 		}), { prefix: "/orgs/:orgId" });
 		await api.register(orgWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/orgs/:orgId/ws" });
 		await api.register(userScope("resourcesScope", async (scope) => {