@agent-team-foundation/first-tree-hub 0.12.9 → 0.13.0

package/dist/{saas-connect-CXZhK485.mjs → saas-connect-Bb5LR4y6.mjs}

@@ -1,12 +1,12 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
 import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-BCZC1ki6.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-Cya2OoHz.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as patchOnboardingSchema, A as defaultRuntimeConfigPayload, B as inboxDeliverFrameSchema$1, C as createAdapterMappingSchema, Ct as updateOrganizationSchema, D as createMemberSchema, E as createMeChatSchema, F as githubCallbackQuerySchema, G as joinByInvitationSchema, H as isOrgSettingNamespace, I as githubDevCallbackQuerySchema, J as messageSourceSchema$1, K as listMeChatsQuerySchema, L as githubStartQuerySchema, M as dryRunAgentRuntimeConfigSchema, O as createOrgFromMeSchema, P as githubAppInstallationClaimBodySchema, Q as patchChatEngagementSchema, R as imageInlineContentSchema, S as createAdapterConfigSchema, St as updateMemberSchema, T as createChatSchema, U as isRedactedEnvValue, V as inboxPollQuerySchema, W as isReservedAgentName$1, X as onboardingEventSchema, Y as notificationQuerySchema, Z as paginationQuerySchema, _ as chatMetadataSchema$1, _t as updateAdapterConfigSchema, a as AGENT_VISIBILITY, at as safeRedirectPath, b as connectTokenExchangeSchema, bt as updateChatSchema, c as MENTION_REGEX, ct as sendMessageSchema, d as addMeChatParticipantsSchema, dt as sessionEventMessageSchema, f as addParticipantSchema, ft as sessionEventSchema$1, g as agentTypeSchema$1, gt as submitQuestionAnswerSchema, h as agentRuntimeConfigPayloadSchema$1, ht as stripCode, i as AGENT_STATUSES, it as runtimeStateMessageSchema, j as delegateFeishuUserSchema, l as ORG_SETTINGS_NAMESPACES$1, lt as sendToAgentSchema, m as agentPinnedMessageSchema$1, mt as sessionStateMessageSchema, n as AGENT_NAME_REGEX$1, nt as rebindAgentSchema, o as CHAT_ENGAGEMENT_STATUSES, p as agentBindRequestSchema, pt as sessionReconcileRequestSchema, q as loginSchema, r as AGENT_SELECTOR_HEADER$1, rt as refreshTokenSchema, st as selfServiceFeishuBotSchema, t as AGENT_BIND_REJECT_REASONS, u as WS_AUTH_FRAME_TIMEOUT_MS, ut as sessionCompletionMessageSchema, vt as updateAgentRuntimeConfigSchema, w as createAgentSchema, wt as wsAuthFrameSchema, x as contextTreeSnapshotSchema, xt as updateClientCapabilitiesSchema, y as clientRegisterSchema, yt as updateAgentSchema, z as inboxAckFrameSchema } from "./dist-CnjqakXS.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-CF5evtJt-B0NTIVPt.mjs";
+import { $ as notificationQuerySchema, A as createMemberSchema, B as githubDevCallbackQuerySchema, C as connectTokenExchangeSchema, Ct as updateChatSchema, D as createAgentSchema, Dt as wsAuthFrameSchema, E as createAdapterMappingSchema, Et as updateOrganizationSchema, F as dryRunAgentRuntimeConfigSchema, G as inboxPollQuerySchema, H as imageInlineContentSchema, J as isReservedAgentName$1, K as isOrgSettingNamespace, L as githubAppInstallationClaimBodySchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as messageSourceSchema$1, R as githubAppInstallationPermissionsSchema$1, S as clientRegisterSchema, St as updateAgentSchema, T as createAdapterConfigSchema, Tt as updateMemberSchema, U as inboxAckFrameSchema, V as githubStartQuerySchema, W as inboxDeliverFrameSchema$1, X as listMeChatsQuerySchema, Y as joinByInvitationSchema, Z as loginSchema, _ as agentPinnedMessageSchema$1, _t as sessionStateMessageSchema, a as AGENT_TYPES, b as chatMetadataSchema$1, bt as updateAdapterConfigSchema, ct as runtimeStateMessageSchema, d as NOTIFICATION_TYPES, dt as selfServiceFeishuBotSchema, et as onboardingEventSchema, f as ORG_SETTINGS_NAMESPACES$1, ft as sendMessageSchema, g as agentBindRequestSchema, gt as sessionReconcileRequestSchema, h as addParticipantSchema, ht as sessionEventSchema$1, i as AGENT_STATUSES, j as createOrgFromMeSchema, k as createMeChatSchema, lt as safeRedirectPath, m as addMeChatParticipantsSchema, mt as sessionEventMessageSchema, n as AGENT_NAME_REGEX$1, nt as patchChatEngagementSchema, o as AGENT_VISIBILITY, ot as rebindAgentSchema, p as WS_AUTH_FRAME_TIMEOUT_MS, pt as sendToAgentSchema, q as isRedactedEnvValue, r as AGENT_SELECTOR_HEADER$1, rt as patchOnboardingSchema, s as CHAT_ENGAGEMENT_STATUSES, st as refreshTokenSchema, t as AGENT_BIND_REJECT_REASONS, tt as paginationQuerySchema, u as MENTION_REGEX, v as agentRuntimeConfigPayloadSchema$1, vt as stripCode, w as contextTreeSnapshotSchema, wt as updateClientCapabilitiesSchema, xt as updateAgentRuntimeConfigSchema, y as agentTypeSchema$1, yt as submitQuestionAnswerSchema, z as githubCallbackQuerySchema } from "./dist-C8yStx2L.mjs";
+import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-LPcARA4K-Dbrptiyz.mjs";
 import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { $ as notifyRecipients, A as getPresence, B as listAgentsManagedByUser, C as ensureParticipant, D as getChatDetail, E as getCachedAudience, F as joinAsParticipant, G as listClients, H as listChatParticipantsWithNames, I as joinChat, K as listClientsForOrgAdmin, L as leaveAsParticipant, M as heartbeatInstance, N as inboxEntries, O as getClient, P as invalidateChatAudience, Q as messages, R as leaveChat, S as ensureCanJoin, T as getActivityOverview, U as listChats, V as listAgentsWithRuntime, W as listChatsForMember, X as markSupersededByChat, Y as markStaleAgents, Z as members, _ as createChat, _t as unbindAgent, a as agentVisibilityCondition, at as registerClient, b as disconnectClient, c as assertParticipant, ct as resolveChatMembership, d as chatMembership, dt as sendToAgent$1, et as pendingQuestions, f as chats, ft as serverInstances, g as clients, gt as touchAgent, h as cleanupStalePresence, ht as submitAnswer, i as agentPresence, it as registerChatMessageDispatcher, j as heartbeatClient, k as getOnlineCount, l as bindAgent, lt as retireClient, m as cleanupStaleClients, mt as setRuntimeState, n as addParticipant, nt as recomputeWatchersForAgent, o as agents, ot as removeParticipant, p as claimClient, pt as setOffline, q as listMessages, r as agentChatSessions, rt as recomputeWatchersForMember, s as assertClientOwner, st as resetActivity, t as addChatParticipants, tt as recomputeChatWatchers, u as changeChatType, ut as sendMessage, v as createNotifier, vt as updateClientCapabilities, w as findOrCreateDirectChat, x as editMessage, y as deriveAuthState, yt as upsertSessionState, z as listActiveAgentsPinnedToClient } from "./client-OMwJMCQt-R1T06ZH6.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-Bg0TRiyx-BsZH4GCS.mjs";
+import { $ as notifyRecipients, A as getPresence, B as listAgentsManagedByUser, C as ensureParticipant, D as getChatDetail, E as getCachedAudience, F as joinAsParticipant, G as listClients, H as listChatParticipantsWithNames, I as joinChat, K as listClientsForOrgAdmin, L as leaveAsParticipant, M as heartbeatInstance, N as inboxEntries, O as getClient, P as invalidateChatAudience, Q as messages, R as leaveChat, S as ensureCanJoin, T as getActivityOverview, U as listChats, V as listAgentsWithRuntime, W as listChatsForMember, X as markSupersededByChat, Y as markStaleAgents, Z as members, _ as createChat, _t as unbindAgent, a as agentVisibilityCondition, at as registerClient, b as disconnectClient, c as assertParticipant, ct as resolveChatMembership, d as chatMembership, dt as sendToAgent$1, et as pendingQuestions, f as chats, ft as serverInstances, g as clients, gt as touchAgent, h as cleanupStalePresence, ht as submitAnswer, i as agentPresence, it as registerChatMessageDispatcher, j as heartbeatClient, k as getOnlineCount, l as bindAgent, lt as retireClient, m as cleanupStaleClients, mt as setRuntimeState, n as addParticipant, nt as recomputeWatchersForAgent, o as agents, ot as removeParticipant, p as claimClient, pt as setOffline, q as listMessages, r as agentChatSessions, rt as recomputeWatchersForMember, s as assertClientOwner, st as resetActivity, t as addChatParticipants, tt as recomputeChatWatchers, u as changeChatType, ut as sendMessage, v as createNotifier, vt as updateClientCapabilities, w as findOrCreateDirectChat, x as editMessage, y as deriveAuthState, yt as upsertSessionState, z as listActiveAgentsPinnedToClient } from "./client-BH4CmUL0-CybE3kuP.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-DZO4NX3P-BPxTeHf-.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -386,6 +386,7 @@ z.object({
 const PROMPT_APPEND_MAX_LENGTH = 32e3;
 const MCP_NAME_PATTERN = /^[a-z0-9][a-z0-9_-]{0,63}$/i;
 const ENV_KEY_PATTERN = /^[A-Z][A-Z0-9_]*$/;
+const WINDOWS_DRIVE_PATH_PATTERN = /^[A-Za-z]:/;
 const promptConfigSchema = z.object({ append: z.string().max(PROMPT_APPEND_MAX_LENGTH).default("") });
 const mcpStdioServerSchema = z.object({
 	name: z.string().regex(MCP_NAME_PATTERN, "MCP name must match /^[a-z0-9][a-z0-9_-]{0,63}$/i"),
@@ -415,10 +416,38 @@ const envEntrySchema = z.object({
 	value: z.string(),
 	sensitive: z.boolean().default(false)
 });
+function hasControlCharacters(value) {
+	for (let idx = 0; idx < value.length; idx++) {
+		const code = value.charCodeAt(idx);
+		if (code <= 31 || code === 127) return true;
+	}
+	return false;
+}
+function getRepoLocalPathSafetyError(localPath) {
+	if (localPath.length === 0) return "Git repo local path must not be empty";
+	if (localPath.trim() !== localPath) return "Git repo local path must not have leading or trailing whitespace";
+	if (hasControlCharacters(localPath)) return "Git repo local path must not contain control characters";
+	if (localPath.includes("\\")) return "Git repo local path must use forward slashes";
+	if (localPath.startsWith("/") || WINDOWS_DRIVE_PATH_PATTERN.test(localPath)) return "Git repo local path must be relative";
+	const segments = localPath.split("/");
+	for (const segment of segments) {
+		if (!segment) return "Git repo local path must not contain empty path segments";
+		if (segment === "." || segment === "..") return "Git repo local path must not contain dot segments";
+		if (segment.trim() !== segment) return "Git repo local path segments must not have leading or trailing whitespace";
+	}
+	return null;
+}
 const gitRepoSchema = z.object({
 	url: z.string().min(1),
 	ref: z.string().min(1).optional(),
-	localPath: z.string().min(1).optional()
+	localPath: z.string().min(1).superRefine((localPath, ctx) => {
+		const safetyError = getRepoLocalPathSafetyError(localPath);
+		if (!safetyError) return;
+		ctx.addIssue({
+			code: z.ZodIssueCode.custom,
+			message: safetyError
+		});
+	}).optional()
 });
 /**
 * Untagged base shape — 5 user-tunable fields, no `kind` discriminator.
@@ -759,11 +788,7 @@ const chatMetadataSchema = z.discriminatedUnion("source", [githubChatMetadataSch
 * sneak through `{ source: "github" }` without the required fields.
 */
 const optionalChatMetadataSchema = z.union([z.object({}).strict(), chatMetadataSchema]);
-const chatTypeSchema = z.enum([
-	"direct",
-	"group",
-	"thread"
-]);
+const chatTypeSchema = z.enum(["direct", "group"]);
 const chatEngagementStatusSchema = z.enum([
 	"active",
 	"archived",
@@ -1265,6 +1290,26 @@ const meChatParticipantSchema = z.object({
 	displayName: z.string(),
 	type: z.string()
 });
+/**
+* Live activity hint surfaced in the conversation row's time slot. Derived
+* server-side from the latest `session_events` row for the chat. See
+* `MeChatRow.liveActivity` for the lifecycle rules.
+*
+* `kind` is intentionally narrower than the full `sessionEventKind` enum:
+* `turn_end` / `error` produce `liveActivity: null` rather than a live
+* indicator.
+*/
+const liveActivityKindSchema = z.enum([
+	"tool_call",
+	"thinking",
+	"assistant_text"
+]);
+const liveActivitySchema = z.object({
+	agentId: z.string(),
+	kind: liveActivityKindSchema,
+	label: z.string(),
+	startedAt: z.string()
+});
 const meChatRowSchema = z.object({
 	chatId: z.string(),
 	type: z.string(),
@@ -1277,7 +1322,9 @@ const meChatRowSchema = z.object({
 	lastMessagePreview: z.string().nullable(),
 	unreadMentionCount: z.number().int(),
 	canReply: z.boolean(),
-	engagementStatus: chatEngagementStatusSchema
+	engagementStatus: chatEngagementStatusSchema,
+	engagedAgentIds: z.array(z.string()),
+	liveActivity: liveActivitySchema.nullable()
 });
 z.object({
 	rows: z.array(meChatRowSchema),
@@ -1377,15 +1424,101 @@ memberSchema.extend({
 	displayName: z.string(),
 	password: z.string()
 });
+/**
+* Origin of a normalized webhook event. After the GitHub App ingestion
+* cutover this is single-form (App installations only); the type stays
+* a structured object so future non-GitHub sources can be added by
+* widening it into a discriminated union without churning callers.
+*/
+const webhookSourceSchema = z.object({
+	kind: z.literal("github-app-installation"),
+	installationId: z.number().int(),
+	organizationId: z.string().min(1)
+});
+const involveReasonSchema = z.enum([
+	"mentioned",
+	"review_requested",
+	"assigned"
+]);
+const normalizedEventKindSchema = z.enum([
+	"opened",
+	"edited",
+	"closed",
+	"merged",
+	"reopened",
+	"commented",
+	"review_requested",
+	"reviewed",
+	"review_comment",
+	"synchronized",
+	"commit_commented",
+	"assigned",
+	"other"
+]);
+const normalizedEntitySchema = z.object({
+	type: githubEntityTypeSchema,
+	repo: z.string().min(1),
+	key: z.string().min(1),
+	title: z.string().optional(),
+	url: z.string().optional()
+});
+const normalizedActorSchema = z.object({
+	githubLogin: z.string().min(1),
+	isBot: z.boolean()
+});
+const normalizedInvolveSchema = z.object({
+	githubLogin: z.string().min(1),
+	reason: involveReasonSchema
+});
+const normalizedSurfaceSchema = z.object({
+	title: z.string(),
+	body: z.string(),
+	url: z.string()
+});
+const normalizedRelatedRefSchema = z.object({
+	type: z.literal("issue"),
+	key: z.string().min(1)
+});
+z.object({
+	source: webhookSourceSchema,
+	deliveryId: z.string().nullable(),
+	rawEventType: z.string().min(1),
+	rawAction: z.string().nullable(),
+	entity: normalizedEntitySchema,
+	actor: normalizedActorSchema,
+	kind: normalizedEventKindSchema,
+	involves: z.array(normalizedInvolveSchema),
+	surface: normalizedSurfaceSchema,
+	relatedRefs: z.array(normalizedRelatedRefSchema)
+});
+const githubEventCardReasonSchema = z.enum([
+	"mentioned",
+	"review_requested",
+	"assigned",
+	"subscribed"
+]);
+z.object({
+	type: z.literal("github_event"),
+	reason: githubEventCardReasonSchema,
+	event: z.string().min(1),
+	action: z.string().nullable(),
+	kind: normalizedEventKindSchema,
+	repository: z.string(),
+	sender: z.string(),
+	title: z.string(),
+	body: z.string(),
+	url: z.string(),
+	entity: z.object({
+		type: githubEntityTypeSchema,
+		key: z.string().min(1),
+		url: z.string().nullable()
+	}),
+	mentionedUser: z.string().optional()
+});
 const notificationTypeSchema = z.enum([
 	"agent_error",
-	"session_error",
-	"agent_needs_decision",
 	"agent_blocked",
-	"agent_stale",
-	"agent_disconnected",
-	"agent_connected",
-	"session_completed"
+	"agent_stale"
 ]);
 const notificationSeveritySchema = z.enum([
 	"high",
@@ -1502,12 +1635,6 @@ const orgContextTreeOutputSchema = z.object({
 	repo: z.string().optional(),
 	branch: z.string().optional()
 });
-const orgGithubIntegrationStorageSchema = z.object({ webhookSecretCipher: z.string().optional() });
-const orgGithubIntegrationInputSchema = z.object({ webhookSecret: z.string().min(1).nullish() });
-const orgGithubIntegrationOutputSchema = z.object({
-	webhookSecretConfigured: z.boolean(),
-	webhookUrl: z.string()
-});
 const orgSourceReposStorageSchema = z.object({ repos: z.array(z.object({
 	url: repoUrlSchema,
 	defaultBranch: z.string().optional()
@@ -1527,12 +1654,6 @@ const ORG_SETTINGS_NAMESPACES = {
 		output: orgContextTreeOutputSchema,
 		readPolicy: "member"
 	},
-	github_integration: {
-		storage: orgGithubIntegrationStorageSchema,
-		input: orgGithubIntegrationInputSchema,
-		output: orgGithubIntegrationOutputSchema,
-		readPolicy: "admin"
-	},
 	source_repos: {
 		storage: orgSourceReposStorageSchema,
 		input: orgSourceReposInputSchema,
@@ -1737,10 +1858,6 @@ z.object({
 	chatId: z.string(),
 	event: sessionEventSchema
 });
-z.object({
-	agentId: z.string(),
-	chatId: z.string()
-});
 z.object({
 	type: z.literal("session:reconcile"),
 	agentId: z.string().min(1),
@@ -1947,7 +2064,7 @@ defineConfig({
 	rateLimit: optional({
 		max: field(z.number().default(100), { env: "FIRST_TREE_HUB_RATE_LIMIT_MAX" }),
 		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
-		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" }),
+		webhookMax: field(z.number().default(600), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" }),
 		contextTreeSnapshotMax: field(z.number().default(6), { env: "FIRST_TREE_HUB_RATE_LIMIT_CONTEXT_TREE_SNAPSHOT_MAX" }),
 		agentMessageMax: field(z.number().default(30), { env: "FIRST_TREE_HUB_RATE_LIMIT_AGENT_MESSAGE_MAX" })
 	}),
@@ -2538,14 +2655,6 @@ var ClientConnection = class extends EventEmitter {
 			event
 		}));
 	}
-	reportSessionCompletion(agentId, chatId) {
-		if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
-		this.ws.send(JSON.stringify({
-			type: "session:completion",
-			agentId,
-			chatId
-		}));
-	}
 	/** Ask the server which of the supplied chatIds the client should drop. */
 	sendSessionReconcile(agentId, chatIds) {
 		if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
@@ -3250,7 +3359,7 @@ You are running inside **Agent Hub**, a messaging platform for agent teams.
 
 - Messages from other team members arrive as your prompt input
 - Each message includes a \`[From: <agent-name>]\` header — that name is also
-  what you pass back to \`agent send\` to reply to or address that agent
+  what you pass back to \`chat send\` to reply to or address that agent
 - **Your final text response is automatically delivered** to the chat — just respond normally
 - For **proactive communication** (sending to other agents, other chats, or structured data),
   use the \`first-tree-hub\` CLI below
@@ -3274,7 +3383,7 @@ The \`first-tree-hub\` CLI reads these automatically — no extra setup needed.
 
 ## Sending Messages
 
-Use the \`first-tree-hub agent send\` CLI — it reads the env vars above and
+Use the \`first-tree-hub chat send\` CLI — it reads the env vars above and
 attaches the \`Authorization\` + \`X-Agent-Id\` headers automatically:
 
 \`\`\`bash
@@ -3286,28 +3395,38 @@ attaches the \`Authorization\` + \`X-Agent-Id\` headers automatically:
 # the case in a group chat where someone @-mentioned you to talk to them),
 # the message stays in that chat. Otherwise it falls back to a direct chat
 # between you and the recipient. You don't need to think about which.
-first-tree-hub agent send <agentName> "your message"
+first-tree-hub chat send <agentName> "your message"
 
 # Send into a specific chat by id — use this only when you explicitly want
 # to address a chat your current session is NOT bound to.
-first-tree-hub agent send --chat <chatId> "your message"
+first-tree-hub chat send --chat <chatId> "your message"
 
 # Send markdown (default format is text)
-first-tree-hub agent send <agentName> -f markdown "**bold** message"
+first-tree-hub chat send <agentName> -f markdown "**bold** message"
 
 # Reply to a specific message
-first-tree-hub agent send <agentName> --reply-to <messageId> "reply content"
+first-tree-hub chat send <agentName> --reply-to <messageId> "reply content"
 
 # Pipe long content via stdin (recommended for special characters)
-echo "long message body" | first-tree-hub agent send <agentName>
+echo "long message body" | first-tree-hub chat send <agentName>
 \`\`\`
 
-> Agent uuids appear in \`agent chats\`, chat history, and participant lists,
-> but they are NOT accepted by \`agent send\` — always use the name.
+> Agent uuids appear in \`chat list\`, chat history, and participant lists,
+> but they are NOT accepted by \`chat send\` — always use the name.
 
 For content with quotes, \`$\`, backticks, or newlines, prefer stdin to avoid shell escaping issues.
 `;
 }
+function resolveGitRepoTargetPath(workspace, localPath) {
+	const safetyError = getRepoLocalPathSafetyError(localPath);
+	if (safetyError) throw new Error(`Unsafe git repo localPath "${localPath}": ${safetyError}`);
+	const workspaceRoot = resolve(workspace);
+	const targetPath = resolve(workspaceRoot, localPath);
+	const relativeTarget = relative(workspaceRoot, targetPath);
+	const escapesWorkspace = relativeTarget === ".." || relativeTarget.startsWith(`..${sep}`);
+	if (!relativeTarget || escapesWorkspace || isAbsolute(relativeTarget)) throw new Error(`Unsafe git repo localPath "${localPath}": resolved path escapes the session workspace`);
+	return targetPath;
+}
 const DEFAULT_CLONE_TIMEOUT_MS = 300 * 1e3;
 const FETCH_REFSPEC = "+refs/heads/*:refs/remotes/origin/*";
 const SESSION_BRANCH_PREFIX = "hub-session";
@@ -4844,7 +4963,6 @@ const createClaudeCodeHandler = (config) => {
 									try {
 										await sessionCtx.forwardResult(resultText);
 										sessionCtx.log("Result forwarded to chat");
-										sessionCtx.reportSessionCompletion();
 										sessionCtx.emitEvent({
 											kind: "turn_end",
 											payload: { status: "success" }
@@ -4936,7 +5054,7 @@ const createClaudeCodeHandler = (config) => {
 		if (!gitMirrorManager || !payload?.gitRepos?.length) return;
 		for (const repo of payload.gitRepos) {
 			const localPath = repo.localPath ?? deriveRepoLocalPath(repo.url);
-			const targetPath = join(workspace, localPath);
+			const targetPath = resolveGitRepoTargetPath(workspace, localPath);
 			sessionCtx.log(`Git: preparing ${repo.url} → ${localPath}${repo.ref ? ` @ ${repo.ref}` : ""}`);
 			const mirror = await gitMirrorManager.ensureMirror(repo.url);
 			if (mirror.cloned) sessionCtx.log(`Git: cloned ${repo.url} in ${mirror.elapsedMs}ms`);
@@ -5147,7 +5265,7 @@ function buildCodexThreadOptions(payload, workspaceCwd) {
 	for (const repo of payload.gitRepos) {
 		const localPath = repo.localPath ?? deriveRepoLocalPath(repo.url);
 		if (!localPath) continue;
-		additionalDirectories.push(join(workspaceCwd, localPath));
+		additionalDirectories.push(resolveGitRepoTargetPath(workspaceCwd, localPath));
 	}
 	const opts = {
 		workingDirectory: workspaceCwd,
@@ -5244,7 +5362,7 @@ const createCodexHandler = (config) => {
 		for (const repo of payload.gitRepos) {
 			const localPath = repo.localPath ?? deriveRepoLocalPath(repo.url);
 			if (!localPath) continue;
-			const targetPath = join(workspaceCwd, localPath);
+			const targetPath = resolveGitRepoTargetPath(workspaceCwd, localPath);
 			if (existsSync(targetPath)) continue;
 			try {
 				await gitMirrorManager.ensureMirror(repo.url);
@@ -5437,7 +5555,6 @@ const createCodexHandler = (config) => {
 			kind: "turn_end",
 			payload: { status: succeeded ? "success" : "error" }
 		});
-		if (succeeded && accumulated.trim()) sessionCtx.reportSessionCompletion();
 		sessionCtx.setRuntimeState("idle");
 		if (queuedMessages.length > 0 && !drainScheduled) {
 			drainScheduled = true;
@@ -6459,9 +6576,6 @@ var SessionManager = class {
 			emitEvent: (event) => {
 				this.config.onSessionEvent?.(chatId, event);
 			},
-			reportSessionCompletion: () => {
-				this.config.onSessionCompletion?.(chatId);
-			},
 			forwardResult,
 			buildAgentEnv: (parentEnv) => buildAgentEnv(parentEnv, envCtx),
 			formatInboundContent: (message) => formatInboundContent(message, participants),
@@ -6698,8 +6812,7 @@ var AgentSlot = class {
 			ackEntry,
 			onStateChange: (chatId, state) => this.reportSessionState(chatId, state),
 			onRuntimeStateChange: (state) => this.reportRuntimeState(state),
-			onSessionEvent: (chatId, event) => this.reportSessionEvent(chatId, event),
-			onSessionCompletion: (chatId) => this.reportSessionCompletion(chatId)
+			onSessionEvent: (chatId, event) => this.reportSessionEvent(chatId, event)
 		});
 		const onCommand = (cmd) => {
 			if (cmd.agentId === this.config.agentId && this.sessionManager) this.sessionManager.handleCommand(cmd.chatId, cmd.type).catch((err) => {
@@ -6747,9 +6860,6 @@ var AgentSlot = class {
 	reportSessionEvent(chatId, event) {
 		this.clientConnection.reportSessionEvent(this.config.agentId, chatId, event);
 	}
-	reportSessionCompletion(chatId) {
-		this.clientConnection.reportSessionCompletion(this.config.agentId, chatId);
-	}
 	fullStateSync() {
 		if (!this.sessionManager) return;
 		for (const { chatId, state } of this.sessionManager.getSessionStates()) this.clientConnection.reportSessionState(this.config.agentId, chatId, state);
@@ -7226,7 +7336,7 @@ function fail(code, message, exitCode = 1) {
 //#endregion
 //#region src/core/agent-messaging.ts
 /**
-* Resolve `replyTo` envelope fields for `agent send`. When the CLI is invoked
+* Resolve `replyTo` envelope fields for `chat send`. When the CLI is invoked
 * from inside a claude-code session (the handler exports
 * `FIRST_TREE_HUB_CHAT_ID` + `FIRST_TREE_HUB_INBOX_ID`), default the reply
 * target to the calling session's own chat so the peer's reply routes back
@@ -7518,7 +7628,7 @@ function rotateClientIdWithBackup(configDir) {
 }
 /**
 * Shared handler for `CLIENT_ORG_MISMATCH` across CLI entry points
-* (`client start` and `client connect --no-service`). Prompts interactively,
+* (`client start` and `connect <token> --no-service`). Prompts interactively,
 * rotates the local clientId, and always exits the current process — the
 * runtime is already poisoned (wrong clientId in memory), so continuing
 * in-band is not safe. Service-supervised (managed) runs skip the prompt and
@@ -8281,7 +8391,7 @@ function installLaunchd() {
 		lastBootstrapErr = res;
 		if (attempt < 2) sleepSync(1e3);
 	}
-	if (lastBootstrapErr) throw new Error(`launchctl bootstrap failed: ${lastBootstrapErr.stderr || `exit ${lastBootstrapErr.code ?? "unknown"}`}\n    Command: launchctl bootstrap ${target} ${plistPath}\n    Recovery: \`launchctl bootout ${target}/${LAUNCHD_LABEL}\` then \`first-tree-hub client connect <server-url>\`.`);
+	if (lastBootstrapErr) throw new Error(`launchctl bootstrap failed: ${lastBootstrapErr.stderr || `exit ${lastBootstrapErr.code ?? "unknown"}`}\n    Command: launchctl bootstrap ${target} ${plistPath}\n    Recovery: \`launchctl bootout ${target}/${LAUNCHD_LABEL}\` then \`first-tree-hub connect <token>\`.`);
 	const enableRes = runCapture("launchctl", ["enable", `${target}/${LAUNCHD_LABEL}`], 5e3);
 	if (!enableRes.ok) print.line(`    warning: launchctl enable: ${enableRes.stderr || `exit ${enableRes.code ?? "unknown"}`}\n`);
 	const { state, pid, detail } = launchdState();
@@ -8441,7 +8551,7 @@ function installSystemd() {
 		"--now",
 		SYSTEMD_UNIT
 	], 1e4);
-	if (!enableRes.ok) throw new Error(`systemctl --user enable --now ${SYSTEMD_UNIT} failed: ${enableRes.stderr || `exit ${enableRes.code ?? "unknown"}`}\n    Recovery: \`systemctl --user stop ${SYSTEMD_UNIT}\` then \`first-tree-hub client connect <server-url>\`.`);
+	if (!enableRes.ok) throw new Error(`systemctl --user enable --now ${SYSTEMD_UNIT} failed: ${enableRes.stderr || `exit ${enableRes.code ?? "unknown"}`}\n    Recovery: \`systemctl --user stop ${SYSTEMD_UNIT}\` then \`first-tree-hub connect <token>\`.`);
 	const { state, pid, detail } = systemdState();
 	return {
 		platform: "systemd",
@@ -8953,7 +9063,7 @@ function checkBackgroundService() {
 	return {
 		label: "Background service",
 		ok: false,
-		detail: "not installed — re-run `first-tree-hub client connect <url>` to install"
+		detail: "not installed — re-run `first-tree-hub connect <token>` to install"
 	};
 }
 async function checkWebSocket() {
@@ -9247,7 +9357,7 @@ function runHomeMigration() {
 	}
 	print.line(`[first-tree-hub] Copied client home to new layout: ${result.from} → ${result.to}\n  (Legacy directory preserved as a backup — delete it manually once you've verified the new location works.)\n`);
 	if (process.argv.includes("--no-interactive")) {
-		print.line("[first-tree-hub] Note: running as background service — skipped auto re-register to avoid self-termination.\n  Service paths will refresh on the next `first-tree-hub client connect <url>`.\n");
+		print.line("[first-tree-hub] Note: running as background service — skipped auto re-register to avoid self-termination.\n  Service paths will refresh on the next `first-tree-hub connect <token>`.\n");
 		return;
 	}
 	const status = getClientServiceStatus();
@@ -9257,7 +9367,7 @@ function runHomeMigration() {
 		print.line(`[first-tree-hub] Re-registered background service with new home paths.\n`);
 	} catch (err) {
 		const msg = err instanceof Error ? err.message : String(err);
-		print.line(`[first-tree-hub] WARNING: home migration succeeded but re-registering the background service failed: ${msg}\n  Re-run \`first-tree-hub client connect <url>\` to refresh service paths.\n`);
+		print.line(`[first-tree-hub] WARNING: home migration succeeded but re-registering the background service failed: ${msg}\n  Re-run \`first-tree-hub connect <token>\` to refresh service paths.\n`);
 	}
 }
 //#endregion
@@ -9289,7 +9399,7 @@ async function onboardCheck(args) {
 		key: "connect",
 		label: "Signed in",
 		status: "missing_required",
-		hint: "Run `first-tree-hub client connect <server-url>` first"
+		hint: "Run `first-tree-hub connect <token>` first"
 	});
 	try {
 		const serverUrl = resolveServerUrl(args.server);
@@ -9443,7 +9553,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-DrnBbl8T.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-D_vnqC6a.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -9530,13 +9640,13 @@ async function promptMissingFields(options) {
 * add (there's nothing sensible to key the local dir on).
 */
 async function promptAddAgent(opts = {}) {
-	if (loadCredentials() === null) throw new Error("Not connected. Run `first-tree-hub client connect <server-url>` first.");
+	if (loadCredentials() === null) throw new Error("Not connected. Run `first-tree-hub connect <token>` first.");
 	let serverUrl;
 	try {
 		serverUrl = resolveServerUrl(process.env.FIRST_TREE_HUB_SERVER_URL);
 	} catch (err) {
 		const msg = err instanceof Error ? err.message : String(err);
-		throw new Error(`${msg} Run \`first-tree-hub client connect\` or set FIRST_TREE_HUB_SERVER_URL.`);
+		throw new Error(`${msg} Run \`first-tree-hub connect <token>\` or set FIRST_TREE_HUB_SERVER_URL.`);
 	}
 	const agentId = opts.agentId ?? await input({
 		message: "Agent UUID on the Hub:",
@@ -10656,7 +10766,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-BpskScln.mjs
+//#region ../server/dist/app-DQVUb4ZY.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -11041,7 +11151,7 @@ async function deleteAdapterConfig(db, id) {
 	const [row] = await db.delete(adapterConfigs).where(eq(adapterConfigs.id, id)).returning();
 	if (!row) throw new NotFoundError(`Adapter config "${id}" not found`);
 }
-const log$6 = createLogger$1("Adapters");
+const log$7 = createLogger$1("Adapters");
 function parseId(raw) {
 	const id = Number(raw);
 	if (!Number.isInteger(id) || id <= 0) throw new BadRequestError(`Invalid adapter ID: "${raw}"`);
@@ -11067,7 +11177,7 @@ async function adapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertAgentManageableByUser(app.db, userId, existing.agentId);
 		const config = await updateAdapterConfig(app.db, id, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after update"));
+		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after update"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return {
 			...config,
@@ -11081,7 +11191,7 @@ async function adapterRoutes(app) {
 		const existing = await getAdapterConfig(app.db, id);
 		await assertAgentManageableByUser(app.db, userId, existing.agentId);
 		await deleteAdapterConfig(app.db, id);
-		app.adapterManager.reload().catch((err) => log$6.error({ err }, "adapter reload failed after delete"));
+		app.adapterManager.reload().catch((err) => log$7.error({ err }, "adapter reload failed after delete"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -11097,7 +11207,7 @@ function requireAgent(request) {
 	if (!agent) throw new UnauthorizedError("Agent authentication required");
 	return agent;
 }
-const log$5 = createLogger$1("AgentChatsRoute");
+const log$6 = createLogger$1("AgentChatsRoute");
 function serializeChat(chat) {
 	return {
 		...chat,
@@ -11160,7 +11270,7 @@ async function agentChatRoutes(app) {
 	app.post("/:chatId/participants", async (request, reply) => {
 		const identity = requireAgent(request);
 		if (request.body !== null && typeof request.body === "object" && "mode" in request.body) {
-			log$5.warn({
+			log$6.warn({
 				code: "MODE_FIELD_DEPRECATED",
 				chatId: request.params.chatId,
 				senderAgentId: identity.uuid,
@@ -11356,7 +11466,7 @@ async function resolveAgentClient(db, data) {
 		userId: clients.userId
 	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
 	if (!client) throw new BadRequestError(`Client "${data.clientId}" not found`);
-	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub client connect\` on that machine before pinning an agent to it.`);
+	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub connect <token>\` on that machine before pinning an agent to it.`);
 	if (client.userId !== manager.userId) throw new ForbiddenError(`Client "${data.clientId}" is not owned by the manager's user — pick a client belonging to that user.`);
 	return client.id;
 }
@@ -11383,6 +11493,20 @@ async function validateDelegateMentionTarget(db, targetUuid, sourceOrgId) {
 	if (target.organizationId !== sourceOrgId) throw new BadRequestError("delegateMention target must belong to the same organization as the agent");
 }
 /**
+* Service-layer guard: `delegateMention` is only available for `human` agents.
+* Mirrors the Web UI in `identity-section.tsx`, which only renders the
+* delegate-mention selector when `agent.type === "human"`. Without this
+* server-side check, CLI / Admin API / internal scripts could write
+* delegateMention onto non-human rows, silently re-enabling the
+* autonomous-agent-self-mention path that resolveAudience would then fan
+* out. Called from `createAgent` / `updateAgent` before
+* `validateDelegateMentionTarget` so a wrong source type fails fast without
+* the target lookup round-trip.
+*/
+function assertDelegateMentionAllowed(sourceType) {
+	if (sourceType !== AGENT_TYPES.HUMAN) throw new BadRequestError("delegateMention can only be set on human agents");
+}
+/**
 * Pick the first admin member in the org for internal system agents. Throws
 * if the org has no admin — the caller should surface the error so an admin
 * is created before the system tries to register more agents.
@@ -11422,7 +11546,10 @@ async function createAgent(db, data, options = {}) {
 		type: data.type
 	});
 	await ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, { force: options.force });
-	if (data.delegateMention) await validateDelegateMentionTarget(db, data.delegateMention, orgId);
+	if (data.delegateMention) {
+		assertDelegateMentionAllowed(data.type);
+		await validateDelegateMentionTarget(db, data.delegateMention, orgId);
+	}
 	const [org] = await db.select({ maxAgents: organizations.maxAgents }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
 	if (org && org.maxAgents > 0) {
 		if (((await db.select({ value: count() }).from(agents).where(and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED))))[0]?.value ?? 0) >= org.maxAgents) throw new ForbiddenError(`Organization "${orgId}" has reached its agent limit (${org.maxAgents}). Upgrade your plan or delete unused agents.`);
@@ -11567,10 +11694,16 @@ async function updateAgent(db, uuid, data) {
 		if (agent.clientId !== null && agent.clientId !== data.clientId) throw new BadRequestError("clientId is immutable through this entry — cross-client moves go through rebindAgent (PATCH /agents/:uuid/rebind), which runs owner / org / capability checks atomically.");
 	}
 	const updates = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.type !== void 0) updates.type = data.type;
+	if (data.type !== void 0) {
+		if (data.type !== AGENT_TYPES.HUMAN && agent.delegateMention !== null && data.delegateMention !== null) throw new BadRequestError("Cannot change type away from `human` while delegateMention is set — clear delegateMention in the same patch.");
+		updates.type = data.type;
+	}
 	if (data.displayName !== void 0) updates.displayName = data.displayName;
 	if (data.delegateMention !== void 0) {
-		if (data.delegateMention !== null) await validateDelegateMentionTarget(db, data.delegateMention, agent.organizationId);
+		if (data.delegateMention !== null) {
+			assertDelegateMentionAllowed(data.type ?? agent.type);
+			await validateDelegateMentionTarget(db, data.delegateMention, agent.organizationId);
+		}
 		updates.delegateMention = data.delegateMention;
 	}
 	if (data.visibility !== void 0) updates.visibility = data.visibility;
@@ -11681,7 +11814,7 @@ async function deleteAgent(db, uuid) {
 	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
 	return agent;
 }
-const log$4 = createLogger$1("AgentFeishuBot");
+const log$5 = createLogger$1("AgentFeishuBot");
 async function agentFeishuBotRoutes(app) {
 	/**
 	* PUT /agent/me/feishu-bot
@@ -11709,7 +11842,7 @@ async function agentFeishuBotRoutes(app) {
 			},
 			status: "active"
 		}, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service bind"));
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service bind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(current ? 200 : 201).send({
 			...config,
@@ -11726,7 +11859,7 @@ async function agentFeishuBotRoutes(app) {
 		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
 		if (!current) return reply.status(204).send();
 		await deleteAdapterConfig(app.db, current.id);
-		app.adapterManager.reload().catch((err) => log$4.error({ err }, "adapter reload failed after self-service unbind"));
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service unbind"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(204).send();
 	});
@@ -12357,7 +12490,7 @@ async function collectTargetInboxes(db, chatId, inReplyTo) {
 	}
 	return [...set];
 }
-const log$3 = createLogger$1("AgentMessages");
+const log$4 = createLogger$1("AgentMessages");
 const editMessageSchema = z.object({
 	format: z.string().optional(),
 	content: z.unknown()
@@ -12385,7 +12518,7 @@ function agentMessageWriteRateLimit(max) {
 		keyGenerator: (req) => {
 			const agentId = req.agent?.uuid;
 			if (agentId) return `agent:${agentId}`;
-			log$3.warn({
+			log$4.warn({
 				ip: req.ip,
 				route: req.routeOptions?.url ?? req.url
 			}, "rate-limit keyGenerator fell back to IP — req.agent missing on a route under /agent (hook order regression?)");
@@ -12418,7 +12551,7 @@ async function agentMessageRoutes(app) {
 		await assertParticipant(app.db, request.params.chatId, identity.uuid);
 		const body = editMessageSchema.parse(request.body);
 		const msg = await editMessage(app.db, request.params.chatId, request.params.messageId, identity.uuid, body);
-		app.adapterManager.editOutboundMessage(msg.id, msg.format, msg.content).catch((err) => log$3.error({
+		app.adapterManager.editOutboundMessage(msg.id, msg.format, msg.content).catch((err) => log$4.error({
 			err,
 			messageId: msg.id
 		}, "failed to edit outbound message"));
@@ -12597,35 +12730,84 @@ const notifications = pgTable("notifications", {
 	chatId: text("chat_id"),
 	message: text("message").notNull(),
 	read: boolean("read").notNull().default(false),
+	dedupKey: text("dedup_key"),
 	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
 }, (table) => [
 	index("idx_notifications_org_created").on(table.organizationId, table.createdAt),
 	index("idx_notifications_agent").on(table.agentId),
-	index("idx_notifications_org_read").on(table.organizationId, table.read)
+	index("idx_notifications_org_read").on(table.organizationId, table.read),
+	uniqueIndex("uq_notifications_org_dedup_unread").on(table.organizationId, table.dedupKey).where(sql`read = false AND dedup_key IS NOT NULL`)
 ]);
-let registered = null;
+let localBroadcaster = null;
+let crossInstanceBroadcaster = null;
 function registerAdminBroadcaster(fn) {
-	registered = fn;
+	localBroadcaster = fn;
+}
+function registerCrossInstanceBroadcaster(fn) {
+	crossInstanceBroadcaster = fn;
 }
 function broadcastToAdmins(payload) {
-	if (!registered) return;
+	if (!localBroadcaster) return;
 	try {
-		registered(payload);
+		localBroadcaster(payload);
 	} catch {}
 }
-/** Create a notification, persist it, and fire-and-forget push to all channels. */
+/**
+* Fan out to every admin socket across every server instance via PG NOTIFY.
+* Falls back to single-instance fanout when no cross-instance broadcaster is
+* registered (e.g. unit tests that don't boot a notifier).
+*/
+function broadcastAdminsCrossInstance(payload) {
+	if (crossInstanceBroadcaster) {
+		try {
+			crossInstanceBroadcaster(payload);
+		} catch {}
+		return;
+	}
+	broadcastToAdmins(payload);
+}
+/**
+* Create a notification, persist it, and fire-and-forget push to all channels.
+*
+* Dedup contract (when `dedupKey` is set and an unread row already exists):
+*   - **severity escalates monotonically** — `high` never drops back to
+*     `medium`, `medium` never drops back to `low`. Prevents the bell badge
+*     from understating a degrading agent (stale=medium first, then
+*     error=high arriving — the row sticks at high).
+*   - **type and message take the latest event's values** — so the row
+*     reflects the most recent observation in the UI ("entered error state"
+*     replaces "is unresponsive" once the runtime starts reporting error).
+*   - **createdAt is preserved** so the bell ordering still tracks "when did
+*     this incident open" rather than "when was the last observation".
+*
+* Rows without a `dedupKey` never hit the partial unique index and keep the
+* legacy always-insert behaviour.
+*/
 async function createNotification(db, data) {
 	const id = uuidv7();
-	const [row] = await db.insert(notifications).values({
+	const row = (await db.insert(notifications).values({
 		id,
 		organizationId: data.organizationId,
 		type: data.type,
 		severity: data.severity,
 		agentId: data.agentId ?? null,
 		chatId: data.chatId ?? null,
-		message: data.message
-	}).returning();
-	if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
+		message: data.message,
+		dedupKey: data.dedupKey ?? null
+	}).onConflictDoUpdate({
+		target: [notifications.organizationId, notifications.dedupKey],
+		set: {
+			severity: sql`CASE
+          WHEN ${notifications.severity} = 'high' OR excluded.severity = 'high' THEN 'high'
+          WHEN ${notifications.severity} = 'medium' OR excluded.severity = 'medium' THEN 'medium'
+          ELSE 'low'
+        END`,
+			type: sql`excluded.type`,
+			message: sql`excluded.message`
+		},
+		targetWhere: sql`${notifications.read} = false AND ${notifications.dedupKey} IS NOT NULL`
+	}).returning())[0];
+	if (!row) return null;
 	const notification = {
 		id: row.id,
 		organizationId: row.organizationId,
@@ -12658,18 +12840,15 @@ async function listNotifications(db, orgId, memberId, query) {
 		items: [],
 		nextCursor: null
 	};
-	const conditions = [eq(notifications.organizationId, orgId)];
+	const targetLimit = query.limit;
+	const conditions = [eq(notifications.organizationId, orgId), buildVisibilityCondition([...visibleAgents])];
 	if (query.cursor) conditions.push(lt(notifications.createdAt, new Date(query.cursor)));
 	if (query.severity) conditions.push(eq(notifications.severity, query.severity));
 	if (query.read !== void 0) conditions.push(eq(notifications.read, query.read));
 	if (query.agentId) conditions.push(eq(notifications.agentId, query.agentId));
-	const where = and(...conditions);
-	const overscanFactor = 4;
-	const targetLimit = query.limit;
-	const rawLimit = Math.min(targetLimit * overscanFactor + 1, 400);
-	const visible = (await db.select().from(notifications).where(where).orderBy(desc(notifications.createdAt)).limit(rawLimit)).filter((n) => n.agentId === null || visibleAgents.has(n.agentId));
-	const hasMore = visible.length > targetLimit;
-	const items = hasMore ? visible.slice(0, targetLimit) : visible;
+	const rows = await db.select().from(notifications).where(and(...conditions)).orderBy(desc(notifications.createdAt)).limit(targetLimit + 1);
+	const hasMore = rows.length > targetLimit;
+	const items = hasMore ? rows.slice(0, targetLimit) : rows;
 	const last = items[items.length - 1];
 	const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
 	return {
@@ -12680,6 +12859,16 @@ async function listNotifications(db, orgId, memberId, query) {
 		nextCursor
 	};
 }
+/**
+* Return the unread notification count for this member's visible agents.
+* Single `SELECT COUNT(*)` — no row fetch — so the topbar bell badge can
+* surface an accurate number (>100) without paying for a list query.
+*/
+async function unreadCount(db, orgId, memberId) {
+	const visibleAgents = await loadVisibleAgentIds$1(db, orgId, memberId);
+	const [row] = await db.select({ count: sql`count(*)` }).from(notifications).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false), buildVisibilityCondition([...visibleAgents])));
+	return Number(row?.count ?? "0");
+}
 /** Mark a single notification as read, scoped to organization + visible agents. */
 async function markRead(db, notificationId, orgId, memberId) {
 	const [existing] = await db.select({
@@ -12696,16 +12885,17 @@ async function markRead(db, notificationId, orgId, memberId) {
 /** Mark all notifications visible to this member as read. */
 async function markAllRead(db, orgId, memberId) {
 	const visible = await loadVisibleAgentIds$1(db, orgId, memberId);
-	const idsToMark = (await db.select({
-		id: notifications.id,
-		agentId: notifications.agentId
-	}).from(notifications).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false))).limit(1e3)).filter((n) => n.agentId === null || visible.has(n.agentId)).map((n) => n.id);
-	if (idsToMark.length === 0) return;
-	const batchSize = 200;
-	for (let i = 0; i < idsToMark.length; i += batchSize) {
-		const batch = idsToMark.slice(i, i + batchSize);
-		await db.update(notifications).set({ read: true }).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false), inArray(notifications.id, batch)));
-	}
+	await db.update(notifications).set({ read: true }).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false), buildVisibilityCondition([...visible])));
+}
+/**
+* SQL fragment matching every notification visible to a member: org-wide
+* (`agent_id IS NULL`) plus rows tied to an agent in the member's visible
+* set. Centralised so listNotifications, markAllRead, and unreadCount can
+* never drift apart.
+*/
+function buildVisibilityCondition(visibleAgentIds) {
+	if (visibleAgentIds.length === 0) return isNull(notifications.agentId);
+	return or(isNull(notifications.agentId), inArray(notifications.agentId, visibleAgentIds));
 }
 /**
 * Shared visibility predicate. Mirrors
@@ -12739,62 +12929,81 @@ async function resolveAgentContext(db, agentId) {
 		clientLabel
 	};
 }
-async function resolveChatContext(db, chatId) {
-	const [chat] = await db.select({ topic: chats.topic }).from(chats).where(eq(chats.id, chatId)).limit(1);
-	const shortId = chatId.slice(0, 8);
-	return { chatLabel: chat?.topic && chat.topic.trim().length > 0 ? chat.topic.trim() : `Chat ${shortId}` };
-}
 /**
-* Compose a human-readable message for each notification type.
-*
-* Keep subjects consistent with what the dashboard shows the member:
-*   - Session-scoped events → subject is the chat (topic / "Chat xxxxxxxx")
-*   - Client-scoped events  → subject is the computer (hostname / clientId)
-*   - Agent-scoped events   → subject is the agent display name
+* Compose a human-readable message for each notification type. The full set
+* is fault-scoped (error / blocked / stale) — completion events are not
+* notifications because the conversation list already surfaces them.
 */
-function composeMessage(type, agentCtx, chatCtx) {
+function composeMessage(type, agentCtx) {
 	const agent = agentCtx.agentName;
 	const computer = agentCtx.clientLabel ?? "Unknown computer";
-	const chat = chatCtx?.chatLabel ?? null;
 	switch (type) {
-		case "session_completed": return chat ? `${chat} completed` : `${agent} completed a task`;
-		case "session_error": return chat ? `${chat} hit an error` : `${agent} hit a session error`;
-		case "agent_disconnected": return `Computer ${computer} disconnected`;
-		case "agent_connected": return `Computer ${computer} reconnected`;
 		case "agent_stale": return `Computer ${computer} is unresponsive`;
 		case "agent_error": return `${agent} entered error state`;
 		case "agent_blocked": return `${agent} is blocked`;
-		case "agent_needs_decision": return chat ? `${agent} needs a decision in ${chat}` : `${agent} needs a decision`;
 		default: return `${agent} event`;
 	}
 }
 /**
-* Convenience: create a notification for an agent event, resolving org,
-* agent display name, computer hostname, and chat topic automatically.
-* Callers supply the event type and severity; the message text is generated
-* here so language/phrasing is centralized (see {@link composeMessage}).
+* Convenience: create a notification for an agent event, resolving org and
+* agent display name automatically. The message text is generated here so
+* language/phrasing is centralized (see {@link composeMessage}).
+*
+* Default dedup_key when none is supplied: `agent:{agentId}:fault`. All three
+* current fault types (error / blocked / stale) collapse onto one unread row
+* per agent — a single agent that goes error AND then stale should not double
+* the badge for the same underlying problem. Pair with
+* {@link markAgentFaultsResolved}, which closes the row when the agent
+* recovers.
 *
 * Fire-and-forget — errors are swallowed so event producers never fail just
 * because the notification pipeline is unhealthy.
 */
-async function notifyAgentEvent(db, agentId, type, severity, chatId) {
+async function notifyAgentEvent(db, agentId, type, severity, options = {}) {
 	try {
 		const agentCtx = await resolveAgentContext(db, agentId);
 		if (!agentCtx) return;
-		const message = composeMessage(type, agentCtx, chatId ? await resolveChatContext(db, chatId) : null);
+		const message = composeMessage(type, agentCtx);
+		const dedupKey = options.dedupKey === void 0 ? `agent:${agentId}:fault` : options.dedupKey;
 		await createNotification(db, {
 			organizationId: agentCtx.organizationId,
 			type,
 			severity,
 			agentId,
-			chatId: chatId ?? null,
 			clientId: agentCtx.clientId,
-			message
+			message,
+			dedupKey
 		});
 	} catch {}
 }
+/**
+* Mark every unread fault-scoped notification for this agent as read. Called
+* when the agent recovers — either by rebinding (offline → online) or by
+* reporting a healthy runtime state (error/blocked → idle/working). Without
+* this, a transient incident leaves its notification row in "unread" forever
+* and the badge never clears even though the underlying problem is gone.
+*
+* Fire-and-forget — same rationale as {@link notifyAgentEvent}: presence /
+* runtime-state callers must not fail just because notification bookkeeping
+* is unhealthy.
+*
+* Note on badge freshness: this UPDATEs the DB but does not push an event
+* across admin WS. The bell refetches on its own next push or reconnect, so
+* the badge may lag the actual state by up to one push cycle. Adding a
+* dedicated `notification:read` envelope was deferred — it adds a new event
+* shape on both sides for a sub-second cosmetic difference.
+*/
+async function markAgentFaultsResolved(db, agentId) {
+	try {
+		await db.update(notifications).set({ read: true }).where(and(eq(notifications.agentId, agentId), eq(notifications.read, false), inArray(notifications.type, [
+			NOTIFICATION_TYPES.AGENT_ERROR,
+			NOTIFICATION_TYPES.AGENT_BLOCKED,
+			NOTIFICATION_TYPES.AGENT_STALE
+		])));
+	} catch {}
+}
 function pushToAdminWs(notification) {
-	broadcastToAdmins({
+	broadcastAdminsCrossInstance({
 		type: "notification",
 		organizationId: notification.organizationId,
 		agentId: notification.agentId ?? null,
@@ -12815,8 +13024,9 @@ async function pushToWebhook(notification) {
 }
 /**
 * Session events — structured event stream per (agent, chat) session.
-* `kind` is 'tool_call' | 'error'; the payload shape is enforced by the
-* service layer via Zod (no FK / CHECK on this table per project rule).
+* `kind` is one of `'tool_call' | 'error' | 'assistant_text' | 'thinking'
+* | 'turn_end'`; payload shape per kind is enforced by the service layer
+* via Zod (no FK / CHECK on this table per project rule).
 *
 * `seq` is monotonic per (agent_id, chat_id). The single-writer invariant
 * in the client-side session-manager guarantees ordering; the service wraps
@@ -12938,35 +13148,6 @@ const wsMessageSchema = z.object({
 	agentId: z.string().optional(),
 	ref: z.string().optional()
 });
-/**
-* Client WebSocket: one WS per client, multiple agents multiplexed.
-*
-* Protocol (unified-user-token milestone):
-*   1. Client connects; server waits up to {@link WS_AUTH_FRAME_TIMEOUT_MS}
-*      for the first `auth` frame carrying a member access JWT.
-*      Failure ⇒ server sends `auth:rejected` and closes (code 4401).
-*   2. `client:register` — bind the client_id to the authenticated user.
-*   3. `agent:bind` — run Rule R-RUN (no token); populate presence.
-*   4. `session:state` / `runtime:state` / `session:event` / `session:completion` / `heartbeat`.
-*   5. `agent:unbind` — stop multiplexing for a specific agent.
-*
-* When the JWT is about to expire the server sends `auth:expired` so the
-* SDK can refresh and reconnect without silently half-opening the socket.
-*/
-/** Notification cooldown: prevents duplicate notifications for same (agentId, type) within window. */
-const NOTIFICATION_COOLDOWN_MS = 3e5;
-const notificationCooldowns = /* @__PURE__ */ new Map();
-function shouldNotify(agentId, notificationType) {
-	const key = `${agentId}:${notificationType}`;
-	const now = Date.now();
-	const lastSent = notificationCooldowns.get(key);
-	if (lastSent && now - lastSent < NOTIFICATION_COOLDOWN_MS) return false;
-	notificationCooldowns.set(key, now);
-	if (notificationCooldowns.size > 1e3) {
-		for (const [k, ts] of notificationCooldowns) if (now - ts > NOTIFICATION_COOLDOWN_MS) notificationCooldowns.delete(k);
-	}
-	return true;
-}
 function sendRejected(socket, ref, reason) {
 	socket.send(JSON.stringify({
 		type: "agent:bind:rejected",
@@ -13380,6 +13561,7 @@ function clientWsRoutes(notifier, instanceId) {
 								runtimeType: bindRequest.runtimeType,
 								runtimeVersion: bindRequest.runtimeVersion
 							});
+							markAgentFaultsResolved(app.db, agent.id).catch(() => {});
 							bindAgentToClient(clientId, agent.id);
 							boundAgents.set(agent.id, {
 								agentId: agent.id,
@@ -13489,8 +13671,9 @@ function clientWsRoutes(notifier, instanceId) {
 								organizationId: boundAgentInfo.organizationId,
 								notifier
 							});
-							if (payload.runtimeState === "error" && shouldNotify(agentId, "agent_error")) notifyAgentEvent(app.db, agentId, "agent_error", "high").catch(() => {});
-							else if (payload.runtimeState === "blocked" && shouldNotify(agentId, "agent_blocked")) notifyAgentEvent(app.db, agentId, "agent_blocked", "medium").catch(() => {});
+							if (payload.runtimeState === "error") notifyAgentEvent(app.db, agentId, "agent_error", "high").catch(() => {});
+							else if (payload.runtimeState === "blocked") notifyAgentEvent(app.db, agentId, "agent_blocked", "medium").catch(() => {});
+							else if (payload.runtimeState === "idle" || payload.runtimeState === "working") markAgentFaultsResolved(app.db, agentId).catch(() => {});
 						} else if (type === "session:event") {
 							const agentId = parsed.data.agentId;
 							if (!agentId || !boundAgents.has(agentId)) {
@@ -13501,9 +13684,11 @@ function clientWsRoutes(notifier, instanceId) {
 								return;
 							}
 							const payload = sessionEventMessageSchema.parse(msg);
+							const boundInfo = boundAgents.get(agentId);
 							chainSessionOp(agentId, payload.chatId, async () => {
 								try {
 									await appendEvent(app.db, agentId, payload.chatId, payload.event);
+									if (boundInfo) notifier.notifySessionEvent(agentId, payload.chatId, payload.event.kind, boundInfo.organizationId).catch(() => {});
 								} catch (err) {
 									socket.send(JSON.stringify({
 										type: "error",
@@ -13511,17 +13696,6 @@ function clientWsRoutes(notifier, instanceId) {
 									}));
 								}
 							});
-						} else if (type === "session:completion") {
-							const agentId = parsed.data.agentId;
-							if (!agentId || !boundAgents.has(agentId)) {
-								socket.send(JSON.stringify({
-									type: "error",
-									message: "Agent not bound"
-								}));
-								return;
-							}
-							const payload = sessionCompletionMessageSchema.parse(msg);
-							if (shouldNotify(agentId, `session_completed:${payload.chatId}`)) notifyAgentEvent(app.db, agentId, "session_completed", "low", payload.chatId).catch(() => {});
 						} else if (type === "inbox:ack") {
 							const payloadResult = inboxAckFrameSchema.safeParse(msg);
 							if (!payloadResult.success) {
@@ -13575,7 +13749,6 @@ function clientWsRoutes(notifier, instanceId) {
 					notifier.unsubscribe(info.inboxId, socket);
 					if (getAgentClientId(agentId) === clientId) try {
 						await unbindAgent(app.db, agentId);
-						if (shouldNotify(agentId, "agent_disconnected")) notifyAgentEvent(app.db, agentId, "agent_disconnected", "medium").catch(() => {});
 					} catch {}
 				}
 				boundAgents.clear();
@@ -13717,7 +13890,7 @@ async function agentRoutes(app) {
 		};
 		if (health === "disconnected") return reply.status(200).send({
 			status: "offline",
-			message: "Agent is not connected. Start the client with: first-tree-hub client connect <server-url>",
+			message: "Agent is not connected. Connect the client with: first-tree-hub connect <token>",
 			connection
 		});
 		if (health === "stale") return reply.status(200).send({
@@ -14611,6 +14784,83 @@ async function bindInstallationToOrg(db, installationId, hubOrganizationId) {
 	return true;
 }
 /**
+* Webhook handler for `installation: suspend`. Sets `suspended_at` to the
+* timestamp GitHub put on `installation.suspended_at`.
+*
+* Out-of-order safety (codex P1-7): GitHub doesn't guarantee delivery
+* order and redelivers on failure, so a *stale* `suspend` event could
+* arrive after a newer one. The conditional UPDATE only writes when the
+* row is currently unsuspended OR carries an *earlier* `suspended_at` —
+* a stale re-suspend with an older timestamp is a no-op.
+*
+* (Limitation: once an `unsuspend` has cleared `suspended_at` to NULL we
+* no longer know *when* that happened, so a stale `suspend` arriving after
+* an `unsuspend` would still re-suspend. Proper handling would need a
+* dedicated lifecycle-sequence column; in practice suspend/unsuspend are
+* minutes-apart human actions, well outside any realistic reorder window.)
+*/
+async function markInstallationSuspended(db, installationId, suspendedAt) {
+	await db.update(githubAppInstallations).set({
+		suspendedAt,
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(and(eq(githubAppInstallations.installationId, installationId), or(isNull(githubAppInstallations.suspendedAt), lt(githubAppInstallations.suspendedAt, suspendedAt))));
+}
+/**
+* Webhook handler for `installation: unsuspend`. Clears `suspended_at`.
+*
+* `unsuspendedAt` is the time we received the event (GitHub's `unsuspend`
+* payload, unlike `suspend`, carries no event timestamp). The conditional
+* UPDATE only clears when the current `suspended_at` predates that — i.e.
+* a stale `unsuspend` that lost the race to a newer `suspend` won't undo
+* it. A row that's already unsuspended (`suspended_at IS NULL`) is left
+* alone (the `< unsuspendedAt` comparison is NULL → no match), which is
+* the desired no-op.
+*/
+async function markInstallationUnsuspended(db, installationId, unsuspendedAt) {
+	await db.update(githubAppInstallations).set({
+		suspendedAt: null,
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(and(eq(githubAppInstallations.installationId, installationId), lt(githubAppInstallations.suspendedAt, unsuspendedAt)));
+}
+/**
+* Webhook handler for `installation: deleted`. Removes the row outright —
+* the user uninstalled the App from their account; the row has no value.
+*
+* The earlier 60-s `createdAt`-based grace window (added in C.12 codex P1-7
+* to guard against delayed `deleted` events clobbering fresh re-installs)
+* was reverted after a post-Phase-C codex challenge flagged a worse bug:
+* a real install + immediate uninstall (within 60 s) became permanent —
+* the handler returned a 200 no-op so GitHub never redelivered, and the
+* Hub-side row lived forever even though the App was gone upstream.
+*
+* The original race the grace was meant to solve doesn't actually exist:
+* GitHub mints a fresh `installation.id` per install, so a delayed
+* `deleted` for id N cannot wipe a fresh re-install (which has id M ≠ N).
+* Same-id replays are handled by the `processed_events` dedup table.
+*
+* The remaining "stale `created` after `deleted` resurrects the row" risk
+* is a pre-existing hole in `upsertInstallationFromMetadata` (not
+* introduced by Phase C). Tracked as a Phase D follow-up — the upsert
+* path needs a `last_lifecycle_event_at` column or tombstone to be
+* order-safe.
+*
+* Note: deleting the org on the Hub side is the inverse case — handled
+* by the `ON DELETE SET NULL` FK on `hub_organization_id`, which keeps
+* the installation row alive so a future rebind can recover.
+*/
+async function deleteInstallationByGithubId(db, installationId) {
+	await db.delete(githubAppInstallations).where(eq(githubAppInstallations.installationId, installationId));
+}
+/**
+* Lookup an installation by GitHub-side id. Used by the webhook router
+* to resolve `installation.id` → `hub_organization_id` so downstream
+* event handlers (issues, PRs) know which Hub team the event belongs to.
+*/
+async function findInstallationByGithubId(db, installationId) {
+	const [row] = await db.select().from(githubAppInstallations).where(eq(githubAppInstallations.installationId, installationId)).limit(1);
+	return row ?? null;
+}
+/**
 * Lookup the installation bound to a Hub team. Used by Settings →
 * Integrations to render the connected-account panel. Returns null when
 * no install is bound.
@@ -15266,10 +15516,9 @@ async function bootstrapConfigRoutes(_app) {
 	* Public endpoint — returns bootstrap prerequisites for CLI auto-discovery.
 	*
 	* `allowedOrg` used to surface here from the global `github.allowedOrg`
-	* config; it is now a per-org setting (see issue #255). A public bootstrap
-	* endpoint can't resolve an org without a caller, so the field is
-	* surfaced as `null` and consumers should fetch the per-org value via
-	* `/api/v1/orgs/:orgId/settings/github_integration` after auth.
+	* config; it is now per-installation state on `github_app_installations`
+	* (see issue #255). A public bootstrap endpoint can't resolve an
+	* installation without a caller, so the field is surfaced as `null`.
 	*/
 	_app.get("/config", async () => {
 		return { allowedOrg: null };
@@ -15602,7 +15851,7 @@ async function getCallerEngagement(db, chatId, agentId) {
 *     (speaker → "participant" / watcher → "watching"); the user
 *     state row supplies the unread counter (COALESCE → 0 when
 *     row is missing).
-*   - Filter `parent_chat_id IS NULL` (threads excluded in v1).
+*   - Filter `parent_chat_id IS NULL` (nested chats not surfaced in v1).
 *   - Filter `c.organization_id = ?` to defend against historical
 *     cross-org pollution rows that may still reference the caller
 *     (see fix/cross-org-direct-chat-pollution).
@@ -15670,9 +15919,11 @@ async function listMeChats(db, humanAgentId, organizationId, query) {
 		chatId: chatMembership.chatId,
 		agentId: chatMembership.agentId,
 		displayName: agents.displayName,
-		type: agents.type
-	}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
+		type: agents.type,
+		sessionState: agentChatSessions.state
+	}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).leftJoin(agentChatSessions, and(eq(agentChatSessions.agentId, chatMembership.agentId), eq(agentChatSessions.chatId, chatMembership.chatId))).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
 	const participantsByChat = /* @__PURE__ */ new Map();
+	const engagedByChat = /* @__PURE__ */ new Map();
 	for (const p of participantRows) {
 		const list = participantsByChat.get(p.chatId) ?? [];
 		list.push({
@@ -15681,7 +15932,13 @@ async function listMeChats(db, humanAgentId, organizationId, query) {
 			type: p.type
 		});
 		participantsByChat.set(p.chatId, list);
+		if (p.sessionState === "active") {
+			const engaged = engagedByChat.get(p.chatId) ?? [];
+			engaged.push(p.agentId);
+			engagedByChat.set(p.chatId, engaged);
+		}
 	}
+	const liveActivityByChat = await deriveLiveActivity(db, chatIds);
 	const firstMessageRows = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
 		chatId: messages.chatId,
 		content: messages.content
@@ -15708,13 +15965,99 @@ async function listMeChats(db, humanAgentId, organizationId, query) {
 				lastMessagePreview: r.last_message_preview,
 				unreadMentionCount: r.unread_mention_count,
 				canReply: isSpeaker,
-				engagementStatus: r.engagement_status
+				engagementStatus: r.engagement_status,
+				engagedAgentIds: engagedByChat.get(r.chat_id) ?? [],
+				liveActivity: liveActivityByChat.get(r.chat_id) ?? null
 			};
 		}),
 		nextCursor
 	};
 }
 /**
+* Per-chat live activity, derived from the most recent `session_events` row.
+*
+* Returns a chatId → LiveActivity map; chats with no activity (or where the
+* latest event is terminal / stale) are absent from the map (caller treats
+* absence as null).
+*/
+async function deriveLiveActivity(db, chatIds) {
+	if (chatIds.length === 0) return /* @__PURE__ */ new Map();
+	const chatIdInClause = sql.join(chatIds.map((id) => sql`${id}`), sql`, `);
+	const rows = (await db.execute(sql`
+    SELECT acs.agent_id        AS agent_id,
+           acs.chat_id         AS chat_id,
+           e.kind              AS kind,
+           e.payload           AS payload,
+           e.created_at        AS created_at
+      FROM agent_chat_sessions acs
+      CROSS JOIN LATERAL (
+        SELECT kind, payload, created_at, seq
+          FROM session_events se
+         WHERE se.agent_id = acs.agent_id
+           AND se.chat_id  = acs.chat_id
+         ORDER BY se.seq DESC
+         LIMIT 1
+      ) e
+     WHERE acs.chat_id IN (${chatIdInClause})
+       AND acs.state <> 'evicted'
+  `)).map((r) => ({
+		agent_id: r.agent_id,
+		chat_id: r.chat_id,
+		kind: r.kind,
+		payload: r.payload,
+		created_at: r.created_at
+	}));
+	const now = Date.now();
+	const byChat = /* @__PURE__ */ new Map();
+	for (const row of rows) {
+		const activity = toLiveActivity(row);
+		if (!activity) continue;
+		const createdAtMs = new Date(row.created_at).getTime();
+		if (now - createdAtMs > 6e4) continue;
+		const existing = byChat.get(row.chat_id);
+		if (!existing || createdAtMs > existing.createdAtMs) byChat.set(row.chat_id, {
+			activity,
+			createdAtMs
+		});
+	}
+	const out = /* @__PURE__ */ new Map();
+	for (const [chatId, { activity }] of byChat) out.set(chatId, activity);
+	return out;
+}
+/**
+* Translate a `session_events` row into a `LiveActivity`, or null when the
+* kind is terminal (`turn_end` / `error`) or unrecognised. Pure & exported
+* for unit testing.
+*/
+function toLiveActivity(row) {
+	const startedAt = new Date(row.created_at).toISOString();
+	switch (row.kind) {
+		case "tool_call": {
+			const payload = row.payload ?? {};
+			const label = typeof payload.name === "string" && payload.name.length > 0 ? payload.name : "Tool";
+			return {
+				agentId: row.agent_id,
+				kind: "tool_call",
+				label,
+				startedAt
+			};
+		}
+		case "thinking": return {
+			agentId: row.agent_id,
+			kind: "thinking",
+			label: "Thinking",
+			startedAt
+		};
+		case "assistant_text": return {
+			agentId: row.agent_id,
+			kind: "assistant_text",
+			label: "Writing",
+			startedAt
+		};
+		default: return null;
+	}
+}
+/**
 * Title resolution priority:
 *
 *   1. `chat.topic` (manual, set via `PATCH /chats/:chatId`)
@@ -16156,15 +16499,13 @@ const organizationSettings = pgTable("organization_settings", {
 * registry of valid namespaces and their storage / input / output schemas
 * lives in `@agent-team-foundation/first-tree-hub-shared`.
 *
-* Read path:  storage row → decrypt secrets → output (mask)
-* Write path: input → validate → encrypt secrets → merge with current storage → upsert (in tx)
+* Read path:  storage row → output (mask)
+* Write path: input → validate → merge with current storage → upsert (in tx)
 *
-* The generic getter returns the masked output. Callers needing plaintext
-* for a specific secret use a purpose-built helper (e.g.
-* `getDecryptedGithubWebhookSecret`) rather than the generic storage shape
-* — this avoids a `…Cipher` field name silently holding plaintext at
-* call-sites and limits secret exposure to one explicit code path per
-* secret. (#4)
+* The generic getter returns the masked output. Per-namespace plaintext
+* accessors live alongside this module when a secret needs to leave the
+* encrypted-at-rest boundary (none today after the github_integration
+* webhook secret was retired — DP12).
 */
 function assertNamespace(ns) {
 	if (!isOrgSettingNamespace(ns)) throw new BadRequestError(`Unknown organization-settings namespace: "${ns}"`);
@@ -16177,19 +16518,15 @@ async function fetchStorageRow(db, orgId, namespace) {
 function emptyStorage(namespace) {
 	return ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse({});
 }
-function ensureEncrypted(value, encryptionKey) {
-	return isEncryptedValue(value) ? value : encryptValue(value, encryptionKey);
-}
 /**
 * Merge a validated input into the current storage row for a namespace.
-* Secret fields are encrypted here.
 *
 * Input semantics per nullish field:
 *   `undefined` → unchanged
 *   `null`      → cleared
 *   value       → set / replace (already validated as non-empty by the input schema)
 */
-function applyInputDelta(namespace, current, input, encryptionKey) {
+function applyInputDelta(namespace, current, input) {
 	if (namespace === "context_tree") {
 		const cur = current;
 		const inp = input;
@@ -16198,11 +16535,6 @@ function applyInputDelta(namespace, current, input, encryptionKey) {
 			branch: inp.branch === void 0 ? cur.branch : inp.branch ?? "main"
 		};
 	}
-	if (namespace === "github_integration") {
-		const cur = current;
-		const inp = input;
-		return { webhookSecretCipher: inp.webhookSecret === void 0 ? cur.webhookSecretCipher : inp.webhookSecret === null ? void 0 : ensureEncrypted(inp.webhookSecret, encryptionKey) };
-	}
 	if (namespace === "source_repos") {
 		const cur = current;
 		const inp = input;
@@ -16212,9 +16544,7 @@ function applyInputDelta(namespace, current, input, encryptionKey) {
 }
 /**
 * Project the storage row into the API output for a namespace, masking
-* any secret fields. `webhookUrl` for `github_integration` is left as an
-* empty string here — the route layer enriches it with the resolved
-* `server.publicUrl` (the service stays config-agnostic).
+* any secret fields.
 */
 function toOutput(namespace, storage) {
 	if (namespace === "context_tree") {
@@ -16224,13 +16554,6 @@ function toOutput(namespace, storage) {
 			branch: s.branch
 		};
 	}
-	if (namespace === "github_integration") {
-		const s = storage;
-		return {
-			webhookSecretConfigured: typeof s.webhookSecretCipher === "string" && s.webhookSecretCipher.length > 0,
-			webhookUrl: ""
-		};
-	}
 	if (namespace === "source_repos") return { repos: storage.repos };
 	return namespace;
 }
@@ -16251,17 +16574,6 @@ async function getOrgContextTree(db, orgId) {
 	return await fetchStorageRow(db, orgId, "context_tree") ?? emptyStorage("context_tree");
 }
 /**
-* Decrypt and return the plaintext GitHub webhook secret for an org.
-* Returns `null` when the org has not configured one. The only intended
-* caller is the webhook route's signature verifier — the result must
-* never leak through HTTP responses or logs. (#4)
-*/
-async function getDecryptedGithubWebhookSecret(db, orgId, encryptionKey) {
-	const cipher = (await fetchStorageRow(db, orgId, "github_integration"))?.webhookSecretCipher;
-	if (!cipher) return null;
-	return isEncryptedValue(cipher) ? decryptValue(cipher, encryptionKey) : cipher;
-}
-/**
 * Upsert a setting. Returns the masked output of the resulting row.
 *
 * The fetch + merge + upsert sequence runs inside a single transaction so
@@ -16277,7 +16589,7 @@ async function putOrgSetting(db, orgId, namespace, rawInput, options) {
 		const txDb = tx;
 		const [org] = await txDb.select({ id: organizations.id }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
 		if (!org) throw new NotFoundError(`Organization "${orgId}" not found`);
-		const merged = applyInputDelta(namespace, await fetchStorageRow(txDb, orgId, namespace) ?? emptyStorage(namespace), input, options.encryptionKey);
+		const merged = applyInputDelta(namespace, await fetchStorageRow(txDb, orgId, namespace) ?? emptyStorage(namespace), input);
 		const validated = ORG_SETTINGS_NAMESPACES$1[namespace].storage.parse(merged);
 		await tx.insert(organizationSettings).values({
 			organizationId: orgId,
@@ -17407,7 +17719,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-C299fxkP-KKslbta2.mjs");
+	const { previewInvitation } = await import("./invitation-CNv7gfFF-D93KQte0.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -17477,7 +17789,8 @@ async function meRoutes(app) {
 			username: users.username,
 			displayName: users.displayName,
 			avatarUrl: users.avatarUrl,
-			onboardingDismissedAt: users.onboardingDismissedAt
+			onboardingDismissedAt: users.onboardingDismissedAt,
+			onboardingCompletedAt: users.onboardingCompletedAt
 		}).from(users).where(eq(users.id, userId)).limit(1);
 		const memberships = await listActiveMemberships(app.db, userId);
 		const defaultMembership = pickDefaultMembership(memberships.map((m) => ({
@@ -17505,7 +17818,8 @@ async function meRoutes(app) {
 			})),
 			onboarding: {
 				step: onboardingStep,
-				dismissedAt: user?.onboardingDismissedAt ? user.onboardingDismissedAt.toISOString() : null
+				dismissedAt: user?.onboardingDismissedAt ? user.onboardingDismissedAt.toISOString() : null,
+				completedAt: user?.onboardingCompletedAt ? user.onboardingCompletedAt.toISOString() : null
 			},
 			inviteUrl
 		};
@@ -17531,6 +17845,25 @@ async function meRoutes(app) {
 		return reply.status(200).send({ dismissedAt: u?.onboardingDismissedAt ? u.onboardingDismissedAt.toISOString() : null });
 	});
 	/**
+	* POST /me/onboarding-completed — stamp the terminal-state column when
+	* the user walks Step 3 to success (admin Continue, invitee Confirm /
+	* Continue). Distinct from PATCH /me/onboarding { dismissed: true },
+	* which only hides the stepper UI. Once stamped, the web sidebar drops
+	* the Settings → Onboarding entry point and /settings/onboarding
+	* redirects, so the wizard cannot re-enter.
+	*
+	* Idempotent: only writes when the column is still NULL — re-calling on
+	* an already-completed user is a no-op rather than resetting the stamp.
+	*/
+	app.post("/me/onboarding-completed", async (request, reply) => {
+		const { userId } = requireUser(request);
+		if ((await app.db.update(users).set({ onboardingCompletedAt: /* @__PURE__ */ new Date() }).where(and(eq(users.id, userId), isNull(users.onboardingCompletedAt))).returning({ id: users.id })).length > 0) app.log.info({
+			event: "onboarding.completed",
+			userId
+		}, "onboarding funnel: setup completed");
+		return reply.status(200).send({ ok: true });
+	});
+	/**
 	* POST /me/onboarding/events — web-side onboarding funnel reporter.
 	* Server-side milestones (`team_created` at OAuth, `dismissed` on PATCH)
 	* are emitted directly; this endpoint surfaces the web-driven ones into
@@ -17673,7 +18006,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-CjGIGddS-BrpazWa3.mjs");
+		const { listMyPinnedAgents } = await import("./client-h4KZ3b9o-CQyibXig.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -17925,7 +18258,7 @@ async function orgAdapterStatusRoutes(app) {
 		return app.adapterManager.getBotStatuses().filter((s) => visibleIds.has(s.configId));
 	});
 }
-const log$2 = createLogger$1("OrgAdapters");
+const log$3 = createLogger$1("OrgAdapters");
 /** Class B — `/api/v1/orgs/:orgId/adapters`. */
 async function orgAdapterRoutes(app) {
 	app.get("/", async (request) => {
@@ -17941,7 +18274,7 @@ async function orgAdapterRoutes(app) {
 		const body = createAdapterConfigSchema.parse(request.body);
 		await assertAgentManageableByUser(app.db, scope.userId, body.agentId);
 		const config = await createAdapterConfig(app.db, body, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$2.error({ err }, "adapter reload failed after create"));
+		app.adapterManager.reload().catch((err) => log$3.error({ err }, "adapter reload failed after create"));
 		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
 		return reply.status(201).send({
 			...config,
@@ -18464,6 +18797,10 @@ async function orgNotificationRoutes(app) {
 		const query = notificationQuerySchema.parse(request.query);
 		return listNotifications(app.db, scope.organizationId, scope.memberId, query);
 	});
+	app.get("/unread-count", async (request) => {
+		const scope = await requireOrgMembership(request, app.db);
+		return { count: await unreadCount(app.db, scope.organizationId, scope.memberId) };
+	});
 	app.post("/:id/read", async (request) => {
 		const scope = await requireOrgMembership(request, app.db);
 		const result = await markRead(app.db, request.params.id, scope.organizationId, scope.memberId);
@@ -18524,24 +18861,20 @@ async function orgSessionRoutes(app) {
 * GET gating is per-namespace via `readPolicy` in the registry: namespaces
 * with no secret fields (`context_tree`, `source_repos`) are readable by
 * any active org member, so an invitee can see what tree and repos the
-* team is bound to before joining the chat. Namespaces whose masked output
-* still leaks a `…Configured` boolean (`github_integration`) stay
-* admin-only. PUT and DELETE are always admin-only regardless of
-* namespace — non-admins must never mutate org-wide config.
+* team is bound to before joining the chat. PUT and DELETE are always
+* admin-only regardless of namespace — non-admins must never mutate
+* org-wide config.
 */
 async function orgSettingsRoutes(app) {
 	app.get("/:namespace", async (request) => {
 		const namespace = parseNamespace(request.params.namespace);
 		const scope = ORG_SETTINGS_NAMESPACES$1[namespace].readPolicy === "member" ? await requireOrgMembership(request, app.db) : await requireOrgAdmin(request, app.db);
-		return enrichOutput(namespace, await getOrgSetting(app.db, scope.organizationId, namespace), scope.organizationId, app.config.server.publicUrl);
+		return getOrgSetting(app.db, scope.organizationId, namespace);
 	});
 	app.put("/:namespace", { config: { otelRecordBody: true } }, async (request) => {
 		const scope = await requireOrgAdmin(request, app.db);
 		const namespace = parseNamespace(request.params.namespace);
-		return enrichOutput(namespace, await putOrgSetting(app.db, scope.organizationId, namespace, request.body, {
-			updatedBy: scope.userId,
-			encryptionKey: app.config.secrets.encryptionKey
-		}), scope.organizationId, app.config.server.publicUrl);
+		return putOrgSetting(app.db, scope.organizationId, namespace, request.body, { updatedBy: scope.userId });
 	});
 	app.delete("/:namespace", async (request, reply) => {
 		const scope = await requireOrgAdmin(request, app.db);
@@ -18554,27 +18887,6 @@ function parseNamespace(raw) {
 	if (!isOrgSettingNamespace(raw)) throw new BadRequestError(`Unknown organization-settings namespace: "${raw}"`);
 	return raw;
 }
-/**
-* Resolve namespace-specific server-config-derived fields. The service
-* layer stays config-agnostic — namespace knowledge that needs `app.config`
-* lives here. Currently only `github_integration.webhookUrl` qualifies.
-*
-* If `server.publicUrl` is unset on the Hub, `webhookUrl` is left as `""`
-* so the UI can render a "contact your site administrator" notice rather
-* than fall back to `window.location.origin` (which is wrong behind a
-* reverse proxy). (#12)
-*/
-function enrichOutput(namespace, out, orgId, publicUrl) {
-	if (namespace === "github_integration") {
-		const o = out;
-		const webhookUrl = publicUrl ? `${publicUrl.replace(/\/+$/, "")}/api/v1/webhooks/github/${orgId}` : "";
-		return {
-			...o,
-			webhookUrl
-		};
-	}
-	return out;
-}
 async function loadVisibleAgentIds(db, organizationId, memberId) {
 	const rows = await db.select({ id: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), ne(agents.status, AGENT_STATUSES.DELETED), or(eq(agents.visibility, AGENT_VISIBILITY.ORGANIZATION), eq(agents.managerId, memberId))));
 	return new Set(rows.map((r) => r.id));
@@ -18615,6 +18927,12 @@ function orgWsRoutes(notifier, jwtSecret) {
 			...payload
 		});
 	});
+	notifier.onSessionEvent((payload) => {
+		broadcastOrgScoped({
+			type: "session:event",
+			...payload
+		});
+	});
 	notifier.onChatMessage(({ chatId }) => {
 		dispatchChatMessage(chatId);
 	});
@@ -18795,6 +19113,128 @@ async function sessionRoutes(app) {
 		});
 	});
 }
+/**
+* GitHub-specific webhook entity → chat clustering (Phase 0).
+*
+* Each `(organization, human_agent, delegate_agent, entity)` tuple resolves to
+* exactly one chat. Future external sources (Linear, Slack, …) get their own
+* tables — their entity models differ enough that a generic table would slip
+* back into untyped jsonb.
+*
+* `bound_via` distinguishes the first-touch row (`direct`) from a row written
+* by the `Fixes #N` linker (`fixes_link`). Routing logic ignores the
+* distinction; it exists for audit and future strategy tweaks.
+*/
+const githubEntityChatMappings = pgTable("github_entity_chat_mappings", {
+	organizationId: text("organization_id").notNull().references(() => organizations.id),
+	humanAgentId: text("human_agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
+	delegateAgentId: text("delegate_agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
+	entityType: text("entity_type").notNull(),
+	entityKey: text("entity_key").notNull(),
+	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
+	boundAt: timestamp("bound_at", { withTimezone: true }).notNull().defaultNow(),
+	boundVia: text("bound_via").notNull()
+}, (table) => [primaryKey({ columns: [
+	table.organizationId,
+	table.humanAgentId,
+	table.delegateAgentId,
+	table.entityType,
+	table.entityKey
+] }), index("idx_github_entity_chat_mappings_chat").on(table.chatId)]);
+function evaluateDelegateTarget(target, sourceOrgId) {
+	if (!target) return "not_found";
+	if (target.organizationId !== sourceOrgId) return "cross_org";
+	if (target.status !== "active") return "inactive";
+	return "ok";
+}
+async function identifyActor(db, organizationId, actor, appSlug) {
+	if (actor.isBot && appSlug && actor.githubLogin.toLowerCase() === `${appSlug.toLowerCase()}[bot]`) return { kind: "our-app-bot" };
+	const [agentRow] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, organizationId), eq(sql`lower(${agents.name})`, actor.githubLogin.toLowerCase()))).limit(1);
+	if (agentRow) return {
+		kind: "agent",
+		agentId: agentRow.uuid
+	};
+	return { kind: "external" };
+}
+/**
+* Compute the Stage 2 audience for a normalized event.
+*
+*   audience = subscribed ∪ involved
+*
+* `subscribed` reads every `(human, delegate)` row already bound to
+* `(org, entity)` in `github_entity_chat_mappings`. `involved` walks
+* `event.involves` and for each login that resolves to an org-local
+* `delegate_mention`-configured agent whose target is eligible AND isn't
+* already subscribed, appends a `new` row.
+*
+* Echo filtering runs after the union: when the actor maps to an agent in
+* this org, rows where the actor is either the human or the delegate side
+* are dropped so the agent's own action doesn't bounce back. When the actor
+* is our App's bot user (DP13), the whole audience is suppressed.
+*/
+async function resolveAudience(db, event, appSlug) {
+	const organizationId = event.source.organizationId;
+	const subscribed = (await db.select({
+		humanAgentId: githubEntityChatMappings.humanAgentId,
+		delegateAgentId: githubEntityChatMappings.delegateAgentId,
+		chatId: githubEntityChatMappings.chatId
+	}).from(githubEntityChatMappings).where(and(eq(githubEntityChatMappings.organizationId, organizationId), eq(githubEntityChatMappings.entityType, event.entity.type), eq(githubEntityChatMappings.entityKey, event.entity.key)))).map((row) => ({
+		humanAgentId: row.humanAgentId,
+		delegateAgentId: row.delegateAgentId,
+		kind: "existing",
+		chatId: row.chatId,
+		involveReason: null,
+		involveLogin: null
+	}));
+	const subscribedKeys = new Set(subscribed.map((s) => `${s.humanAgentId} ${s.delegateAgentId}`));
+	const involved = [];
+	if (event.involves.length > 0) {
+		const candidateLogins = event.involves.map((i) => i.githubLogin.toLowerCase());
+		const reasonByLogin = /* @__PURE__ */ new Map();
+		for (const i of event.involves) reasonByLogin.set(i.githubLogin.toLowerCase(), i.reason);
+		const candidates = await db.select({
+			id: agents.uuid,
+			name: agents.name,
+			delegateMention: agents.delegateMention,
+			status: agents.status
+		}).from(agents).where(and(eq(agents.organizationId, organizationId), isNotNull(agents.delegateMention), inArray(sql`lower(${agents.name})`, candidateLogins)));
+		const delegateIds = /* @__PURE__ */ new Set();
+		for (const c of candidates) if (c.delegateMention) delegateIds.add(c.delegateMention);
+		const delegateRows = delegateIds.size > 0 ? await db.select({
+			id: agents.uuid,
+			organizationId: agents.organizationId,
+			status: agents.status
+		}).from(agents).where(inArray(agents.uuid, [...delegateIds])) : [];
+		const delegateById = /* @__PURE__ */ new Map();
+		for (const row of delegateRows) delegateById.set(row.id, {
+			organizationId: row.organizationId,
+			status: row.status
+		});
+		for (const c of candidates) {
+			if (c.status !== "active" || !c.delegateMention || !c.name) continue;
+			if (evaluateDelegateTarget(delegateById.get(c.delegateMention), organizationId) !== "ok") continue;
+			const key = `${c.id} ${c.delegateMention}`;
+			if (subscribedKeys.has(key)) continue;
+			const candidateLogin = c.name.toLowerCase();
+			const reason = reasonByLogin.get(candidateLogin);
+			if (!reason) continue;
+			involved.push({
+				humanAgentId: c.id,
+				delegateAgentId: c.delegateMention,
+				kind: "new",
+				chatId: null,
+				involveReason: reason,
+				involveLogin: candidateLogin
+			});
+		}
+	}
+	const audience = [...subscribed, ...involved];
+	if (audience.length === 0) return audience;
+	const actor = await identifyActor(db, organizationId, event.actor, appSlug);
+	if (actor.kind === "our-app-bot") return [];
+	if (actor.kind === "agent") return audience.filter((a) => a.kind === "new" || a.humanAgentId !== actor.agentId && a.delegateAgentId !== actor.agentId);
+	return audience;
+}
 function isRecord(value) {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
 }
@@ -18804,10 +19244,10 @@ function repoFullName(payload) {
 	const repo = isRecord(payload.repository) ? payload.repository : null;
 	return typeof repo?.full_name === "string" && repo.full_name.length > 0 ? repo.full_name : null;
 }
-function readNumber(value) {
+function readNumber$1(value) {
 	return typeof value === "number" && Number.isFinite(value) ? value : null;
 }
-function readString(value) {
+function readString$1(value) {
 	return typeof value === "string" && value.length > 0 ? value : null;
 }
 /**
@@ -18828,51 +19268,68 @@ function extractEventEntity(eventType, payload) {
 	const repo = repoFullName(payload);
 	if (!repo) return null;
 	switch (eventType) {
-		case "issues":
-		case "issue_comment": {
+		case "issues": {
 			const issue = isRecord(payload.issue) ? payload.issue : null;
-			const number = readNumber(issue?.number);
+			const number = readNumber$1(issue?.number);
 			if (number === null) return null;
 			return {
 				type: "issue",
 				key: `${repo}#${number}`,
-				title: readString(issue?.title) ?? void 0,
-				url: readString(issue?.html_url) ?? void 0
+				title: readString$1(issue?.title) ?? void 0,
+				url: readString$1(issue?.html_url) ?? void 0
 			};
 		}
-		case "pull_request":
-		case "pull_request_review":
-		case "pull_request_review_comment": {
-			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
-			const number = readNumber(pr?.number);
+		case "issue_comment": {
+			const issue = isRecord(payload.issue) ? payload.issue : null;
+			const number = readNumber$1(issue?.number);
 			if (number === null) return null;
-			return {
+			const prInfo = isRecord(issue?.pull_request) ? issue.pull_request : null;
+			if (prInfo) return {
 				type: "pull_request",
 				key: `${repo}#${number}`,
-				title: readString(pr?.title) ?? void 0,
-				url: readString(pr?.html_url) ?? void 0
+				title: readString$1(issue?.title) ?? void 0,
+				url: readString$1(prInfo.html_url) ?? readString$1(issue?.html_url) ?? void 0
 			};
-		}
+			return {
+				type: "issue",
+				key: `${repo}#${number}`,
+				title: readString$1(issue?.title) ?? void 0,
+				url: readString$1(issue?.html_url) ?? void 0
+			};
+		}
+		case "pull_request":
+		case "pull_request_review":
+		case "pull_request_review_comment": {
+			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
+			const number = readNumber$1(pr?.number);
+			if (number === null) return null;
+			return {
+				type: "pull_request",
+				key: `${repo}#${number}`,
+				title: readString$1(pr?.title) ?? void 0,
+				url: readString$1(pr?.html_url) ?? void 0
+			};
+		}
 		case "discussion":
 		case "discussion_comment": {
 			const disc = isRecord(payload.discussion) ? payload.discussion : null;
-			const number = readNumber(disc?.number);
+			const number = readNumber$1(disc?.number);
 			if (number === null) return null;
 			return {
 				type: "discussion",
 				key: `${repo}#discussion-${number}`,
-				title: readString(disc?.title) ?? void 0,
-				url: readString(disc?.html_url) ?? void 0
+				title: readString$1(disc?.title) ?? void 0,
+				url: readString$1(disc?.html_url) ?? void 0
 			};
 		}
 		case "commit_comment": {
 			const comment = isRecord(payload.comment) ? payload.comment : null;
-			const sha = readString(comment?.commit_id);
+			const sha = readString$1(comment?.commit_id);
 			if (!sha) return null;
 			return {
 				type: "commit",
 				key: `${repo}@${sha}`,
-				url: readString(comment?.html_url) ?? void 0
+				url: readString$1(comment?.html_url) ?? void 0
 			};
 		}
 		default: return null;
@@ -18959,92 +19416,6 @@ function formatEntityTitle(entity, eventType, action) {
 	if (entity.title && entity.title.length > 0) return `${head}: ${entity.title}`;
 	return head;
 }
-const SILENT_EVENT_TYPES = new Set([
-	"workflow_run",
-	"workflow_job",
-	"check_run",
-	"check_suite",
-	"status",
-	"push",
-	"create",
-	"delete",
-	"fork",
-	"watch",
-	"release",
-	"label",
-	"label_created",
-	"label_deleted",
-	"reaction",
-	"member",
-	"membership",
-	"team",
-	"team_add",
-	"organization",
-	"org_block",
-	"project",
-	"project_card",
-	"project_column"
-]);
-/**
-* Per-event-type action-level filters. Frequent low-signal actions that would
-* otherwise spam an entity chat. `synchronize` (PR branch push) is the most
-* common offender — it fires on every commit push to a PR branch and never
-* carries new conversation.
-*/
-const SILENT_ACTIONS = {
-	issues: new Set([
-		"labeled",
-		"unlabeled",
-		"milestoned",
-		"demilestoned",
-		"pinned",
-		"unpinned"
-	]),
-	pull_request: new Set([
-		"labeled",
-		"unlabeled",
-		"auto_merge_enabled",
-		"auto_merge_disabled",
-		"synchronize"
-	])
-};
-/** True iff the event should be silently 200-OKed without further routing. */
-function shouldSilent(eventType, payload) {
-	if (SILENT_EVENT_TYPES.has(eventType)) return true;
-	if (!isRecord(payload)) return false;
-	if (readString((isRecord(payload.sender) ? payload.sender : null)?.type) === "Bot") return true;
-	const action = readString(payload.action);
-	if (!action) return false;
-	return SILENT_ACTIONS[eventType]?.has(action) ?? false;
-}
-/**
-* GitHub-specific webhook entity → chat clustering (Phase 0).
-*
-* Each `(organization, human_agent, delegate_agent, entity)` tuple resolves to
-* exactly one chat. Future external sources (Linear, Slack, …) get their own
-* tables — their entity models differ enough that a generic table would slip
-* back into untyped jsonb.
-*
-* `bound_via` distinguishes the first-touch row (`direct`) from a row written
-* by the `Fixes #N` linker (`fixes_link`). Routing logic ignores the
-* distinction; it exists for audit and future strategy tweaks.
-*/
-const githubEntityChatMappings = pgTable("github_entity_chat_mappings", {
-	organizationId: text("organization_id").notNull().references(() => organizations.id),
-	humanAgentId: text("human_agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
-	delegateAgentId: text("delegate_agent_id").notNull().references(() => agents.uuid, { onDelete: "cascade" }),
-	entityType: text("entity_type").notNull(),
-	entityKey: text("entity_key").notNull(),
-	chatId: text("chat_id").notNull().references(() => chats.id, { onDelete: "cascade" }),
-	boundAt: timestamp("bound_at", { withTimezone: true }).notNull().defaultNow(),
-	boundVia: text("bound_via").notNull()
-}, (table) => [primaryKey({ columns: [
-	table.organizationId,
-	table.humanAgentId,
-	table.delegateAgentId,
-	table.entityType,
-	table.entityKey
-] }), index("idx_github_entity_chat_mappings_chat").on(table.chatId)]);
 /**
 * Resolve which chat a GitHub event for (human, delegate, entity) belongs to.
 *
@@ -19162,160 +19533,693 @@ async function createEntityChat(db, humanAgentId, delegateAgentId, entity, event
 		metadata
 	})).id };
 }
-const log$1 = createLogger$1("GithubWebhook");
-function verifySignature(secret, rawBody, signatureHeader) {
-	const expected = `sha256=${createHmac("sha256", secret).update(rawBody).digest("hex")}`;
-	const expectedBuf = Buffer.from(expected, "utf8");
-	const receivedBuf = Buffer.from(signatureHeader, "utf8");
-	if (expectedBuf.length !== receivedBuf.length || !timingSafeEqual(expectedBuf, receivedBuf)) throw new UnauthorizedError("Invalid webhook signature");
+const log$2 = createLogger$1("GithubDelivery");
+/**
+* Stage 3 — actually emit one card per audience target.
+*
+* `existing` targets carry their chatId and short-circuit straight to the
+* send. `new` targets go through `resolveTargetChat` which performs the
+* §4.4 direct / fixes_link / fresh-chat lookup and writes the mapping row.
+* Each target's row is delivered + dispatched independently so a single
+* failure (e.g. cross-org rejection on chat creation) doesn't poison the
+* whole audience — the loop logs and continues.
+*
+* The card `reason` is `subscribed` for existing rows and the new target's
+* `involveReason` for involved rows; the surface event payload is the same
+* either way.
+*/
+async function deliverNormalizedEvent(app, event, audience) {
+	const stats = {
+		delivered: 0,
+		newChats: 0
+	};
+	for (const target of audience) try {
+		const resolved = await resolveChatFor(app, event, target);
+		if (resolved.created) stats.newChats += 1;
+		const card = buildCard(event, target);
+		const mentionedUser = card.mentionedUser ?? void 0;
+		const { message, recipients } = await sendMessage(app.db, resolved.chatId, target.humanAgentId, {
+			format: "card",
+			content: card,
+			metadata: {
+				source: "github",
+				event: event.rawEventType,
+				action: event.rawAction,
+				entityType: event.entity.type,
+				entityKey: event.entity.key,
+				reason: card.reason,
+				...mentionedUser ? { mentionedUser } : {}
+			}
+		});
+		notifyRecipients(app.notifier, recipients, message.id);
+		stats.delivered += 1;
+	} catch (err) {
+		log$2.error({
+			err,
+			humanAgent: target.humanAgentId,
+			delegateAgent: target.delegateAgentId,
+			entityType: event.entity.type,
+			entityKey: event.entity.key
+		}, "failed to deliver normalized github event to target");
+	}
+	return stats;
+}
+async function resolveChatFor(app, event, target) {
+	if (target.kind === "existing") {
+		if (!target.chatId) throw new Error("audience target kind=existing must carry chatId");
+		return {
+			chatId: target.chatId,
+			created: false
+		};
+	}
+	const entity = {
+		type: event.entity.type,
+		key: event.entity.key,
+		title: event.entity.title,
+		url: event.entity.url
+	};
+	const relatedEntities = event.relatedRefs.map((ref) => ({
+		type: "issue",
+		key: ref.key
+	}));
+	const resolved = await resolveTargetChat(app.db, {
+		organizationId: event.source.organizationId,
+		humanAgentId: target.humanAgentId,
+		delegateAgentId: target.delegateAgentId,
+		entity,
+		relatedEntities,
+		eventType: event.rawEventType,
+		action: event.rawAction ?? ""
+	});
+	return {
+		chatId: resolved.chatId,
+		created: resolved.created
+	};
+}
+function buildCard(event, target) {
+	const card = {
+		type: "github_event",
+		reason: target.kind === "existing" ? "subscribed" : target.involveReason ?? "mentioned",
+		event: event.rawEventType,
+		action: event.rawAction,
+		kind: event.kind,
+		repository: event.entity.repo,
+		sender: event.actor.githubLogin,
+		title: event.surface.title,
+		body: event.surface.body,
+		url: event.surface.url,
+		entity: {
+			type: event.entity.type,
+			key: event.entity.key,
+			url: event.entity.url ?? null
+		}
+	};
+	if (target.involveLogin) card.mentionedUser = target.involveLogin;
+	return card;
 }
-/** Extract unique @mentions from text. Returns lowercase usernames.
-* Excludes email patterns (user@example.com) and team mentions (@org/team). */
+const MENTION_REGEX$1 = /(?<!\w)@([a-zA-Z0-9][\w-]*)(\/)?/g;
+/** Lower-cased unique @mention logins from free-form text. Skips team
+* mentions (`@org/team`) to match the agent-name lookup downstream
+* (`agents.name` doesn't carry slashes). */
 function extractMentions$1(text) {
 	if (!text) return [];
-	const re = /(?<!\w)@([a-zA-Z0-9][\w-]*)(\/)?/g;
 	const names = /* @__PURE__ */ new Set();
-	for (const m of text.matchAll(re)) {
+	for (const m of text.matchAll(MENTION_REGEX$1)) {
 		if (m[2]) continue;
-		names.add(m[1].toLowerCase());
+		const login = m[1];
+		if (!login) continue;
+		names.add(login.toLowerCase());
 	}
 	return [...names];
 }
-/** Extract mentions from structural payload fields (not free-form text).
-* GitHub's `pull_request.review_requested` puts the targeted reviewer in
-* `requested_reviewer.login`, not in any text body — `extractMentions` would
-* miss it. Team requests use `requested_team` instead, which we deliberately
-* skip to stay consistent with `extractMentions` ignoring `@org/team`. */
-function extractStructuralMentions(eventType, payload) {
-	if (!isRecord(payload)) return [];
-	if (eventType !== "pull_request") return [];
-	if (payload.action !== "review_requested") return [];
-	const reviewer = isRecord(payload.requested_reviewer) ? payload.requested_reviewer : null;
-	const login = typeof reviewer?.login === "string" ? reviewer.login : null;
-	return login ? [login.toLowerCase()] : [];
-}
-const DELEGATE_VERDICT_MESSAGES = {
-	ok: "delegate_mention target eligible",
-	not_found: "delegate_mention target not found, skipping",
-	cross_org: "delegate_mention target belongs to another org, skipping",
-	inactive: "delegate_mention target not active, skipping"
-};
-function evaluateDelegateTarget(target, sourceOrgId) {
-	if (!target) return "not_found";
-	if (target.organizationId !== sourceOrgId) return "cross_org";
-	if (target.status !== "active") return "inactive";
-	return "ok";
+function readString(value) {
+	return typeof value === "string" && value.length > 0 ? value : null;
+}
+function readNumber(value) {
+	return typeof value === "number" && Number.isFinite(value) ? value : null;
+}
+function readStringArray(value) {
+	if (!Array.isArray(value)) return [];
+	const out = [];
+	for (const item of value) if (isRecord(item)) {
+		const login = readString(item.login);
+		if (login) out.push(login.toLowerCase());
+	}
+	return out;
+}
+function buildInvolves(items) {
+	const seen = /* @__PURE__ */ new Set();
+	const out = [];
+	for (const group of items) for (const login of group.logins) {
+		const key = login.toLowerCase();
+		if (seen.has(key)) continue;
+		seen.add(key);
+		out.push({
+			githubLogin: key,
+			reason: group.reason
+		});
+	}
+	return out;
+}
+function entitySurfacePrefix(entity) {
+	switch (entity.type) {
+		case "pull_request": return "PR";
+		case "issue": return "Issue";
+		case "discussion": return "Discussion";
+		case "commit": return "Commit";
+	}
+}
+function entitySurfaceTitle(entity, number) {
+	const prefix = entitySurfacePrefix(entity);
+	const head = number !== null ? `${prefix} #${number}` : prefix;
+	return entity.title ? `${head}: ${entity.title}` : head;
 }
 /**
-* Route @mentions to delegate agents.
-*
-* For each mentioned GitHub user who maps to an agent with `delegate_mention`
-* configured, resolve which chat the event belongs to (via §4.4's
-* entity-clustering rules) and post a card from the human-bound agent to its
-* delegate.
+* Stage 1 — pure normalization. Returns the structured event for downstream
+* audience + delivery, or `null` for events we deliberately drop (silent /
+* out-of-scope event types and actions, malformed payloads, …).
 *
-* The entity argument is the §4.2 entity for the current event; `relatedRefs`
-* is the parsed `Fixes #N` list (empty for non-PR events). Both are
-* pre-computed by the caller so the heavy parsing doesn't run once per
-* mention.
+* Pure function: no DB, no chat, no network. Caller is expected to hand the
+* raw payload, the wire event type from `x-github-event`, and the source +
+* deliveryId already resolved by the route handler.
 */
-async function routeMentionDelegations(app, organizationId, mentionedNames, ctx, entity, relatedRefs) {
-	if (mentionedNames.length === 0) return 0;
-	const delegates = await app.db.select({
-		id: agents.uuid,
-		name: agents.name,
-		delegateMention: agents.delegateMention,
-		status: agents.status
-	}).from(agents).where(and(eq(agents.organizationId, organizationId), inArray(agents.name, mentionedNames), isNotNull(agents.delegateMention)));
-	let routed = 0;
-	for (const agent of delegates) {
-		if (agent.status !== "active" || !agent.delegateMention) continue;
-		const [target] = await app.db.select({
-			id: agents.uuid,
-			status: agents.status,
-			organizationId: agents.organizationId
-		}).from(agents).where(eq(agents.uuid, agent.delegateMention)).limit(1);
-		const verdict = evaluateDelegateTarget(target, organizationId);
-		if (verdict !== "ok") {
-			log$1.warn({
-				targetAgent: agent.delegateMention,
-				sourceAgent: agent.name,
-				sourceOrg: organizationId,
-				targetOrg: target?.organizationId,
-				targetStatus: target?.status,
-				verdict
-			}, DELEGATE_VERDICT_MESSAGES[verdict]);
-			continue;
+function normalizeGithubEvent(eventType, payload, source, deliveryId) {
+	if (!isRecord(payload)) return null;
+	const senderRec = isRecord(payload.sender) ? payload.sender : null;
+	const senderLogin = readString(senderRec?.login);
+	if (!senderLogin) return null;
+	const senderIsBot = readString(senderRec?.type) === "Bot";
+	const repo = readString((isRecord(payload.repository) ? payload.repository : null)?.full_name);
+	if (!repo) return null;
+	const action = readString(payload.action);
+	const rule = buildRule(eventType, action, payload, repo);
+	if (!rule) return null;
+	return {
+		source,
+		deliveryId,
+		rawEventType: eventType,
+		rawAction: action,
+		entity: {
+			type: rule.entity.type,
+			repo,
+			key: rule.entity.key,
+			title: rule.entity.title,
+			url: rule.entity.url
+		},
+		actor: {
+			githubLogin: senderLogin,
+			isBot: senderIsBot
+		},
+		kind: rule.kind,
+		involves: rule.involves,
+		surface: rule.surface,
+		relatedRefs: rule.relatedRefs
+	};
+}
+function buildRule(eventType, action, payload, repo) {
+	switch (eventType) {
+		case "pull_request": return buildPullRequestRule(action, payload, repo);
+		case "pull_request_review": return buildPullRequestReviewRule(action, payload);
+		case "pull_request_review_comment": return buildPullRequestReviewCommentRule(action, payload);
+		case "issue_comment": return buildIssueCommentRule(action, payload);
+		case "issues": return buildIssuesRule(action, payload);
+		case "discussion": return buildDiscussionRule(action, payload);
+		case "discussion_comment": return buildDiscussionCommentRule(action, payload);
+		case "commit_comment": return buildCommitCommentRule(action, payload);
+		default: return null;
+	}
+}
+function buildPullRequestRule(action, payload, repo) {
+	const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
+	if (!pr) return null;
+	const entity = extractEventEntity("pull_request", payload);
+	if (!entity) return null;
+	const number = readNumber(pr.number);
+	const body = readString(pr.body) ?? "";
+	const surface = {
+		title: entitySurfaceTitle(entity, number),
+		body,
+		url: readString(pr.html_url) ?? ""
+	};
+	switch (action) {
+		case "opened": {
+			const assigneeLogins = readStringArray(pr.assignees);
+			const mentionLogins = extractMentions$1(body);
+			return {
+				entity,
+				kind: "opened",
+				involves: buildInvolves([{
+					logins: assigneeLogins,
+					reason: "assigned"
+				}, {
+					logins: mentionLogins,
+					reason: "mentioned"
+				}]),
+				surface,
+				relatedRefs: parseFixesRefs(body, repo).map((ref) => ({
+					type: "issue",
+					key: ref.key
+				}))
+			};
 		}
-		try {
-			const resolved = await resolveTargetChat(app.db, {
-				organizationId,
-				humanAgentId: agent.id,
-				delegateAgentId: agent.delegateMention,
+		case "edited": return {
+			entity,
+			kind: "edited",
+			involves: buildInvolves([{
+				logins: extractMentions$1(body),
+				reason: "mentioned"
+			}]),
+			surface,
+			relatedRefs: []
+		};
+		case "review_requested": {
+			const reviewerLogin = readString((isRecord(payload.requested_reviewer) ? payload.requested_reviewer : null)?.login);
+			return {
 				entity,
-				relatedEntities: relatedRefs,
-				eventType: ctx.event,
-				action: ctx.action ?? ""
-			});
-			log$1.info({
-				chatId: resolved.chatId,
-				entityType: entity.type,
-				entityKey: entity.key,
-				boundVia: resolved.boundVia,
-				created: resolved.created,
-				humanAgent: agent.name
-			}, "resolved entity chat");
-			const { message: msg, recipients } = await sendMessage(app.db, resolved.chatId, agent.id, {
-				format: "card",
-				content: {
-					type: "github_mention",
-					mentionedUser: agent.name,
-					event: ctx.event,
-					action: ctx.action,
-					repository: ctx.repository,
-					sender: ctx.sender,
-					title: ctx.title,
-					body: ctx.body,
-					url: ctx.url,
-					entity: {
-						type: entity.type,
-						key: entity.key,
-						url: entity.url ?? null
-					}
+				kind: "review_requested",
+				involves: buildInvolves([{
+					logins: reviewerLogin ? [reviewerLogin.toLowerCase()] : [],
+					reason: "review_requested"
+				}]),
+				surface,
+				relatedRefs: []
+			};
+		}
+		case "ready_for_review": {
+			const reviewerLogins = readStringArray(pr.requested_reviewers);
+			if (reviewerLogins.length === 0) return null;
+			return {
+				entity,
+				kind: "review_requested",
+				involves: buildInvolves([{
+					logins: reviewerLogins,
+					reason: "review_requested"
+				}]),
+				surface,
+				relatedRefs: []
+			};
+		}
+		case "assigned": {
+			const assigneeLogin = readString((isRecord(payload.assignee) ? payload.assignee : null)?.login);
+			if (!assigneeLogin) return null;
+			return {
+				entity,
+				kind: "assigned",
+				involves: buildInvolves([{
+					logins: [assigneeLogin.toLowerCase()],
+					reason: "assigned"
+				}]),
+				surface,
+				relatedRefs: []
+			};
+		}
+		case "synchronize": return {
+			entity,
+			kind: "synchronized",
+			involves: [],
+			surface,
+			relatedRefs: []
+		};
+		default: return null;
+	}
+}
+function buildPullRequestReviewRule(action, payload) {
+	if (action !== "submitted" && action !== "dismissed" && action !== "edited") return null;
+	const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
+	const review = isRecord(payload.review) ? payload.review : null;
+	if (!pr || !review) return null;
+	const entity = extractEventEntity("pull_request_review", payload);
+	if (!entity) return null;
+	const number = readNumber(pr.number);
+	const body = readString(review.body) ?? "";
+	return {
+		entity,
+		kind: "reviewed",
+		involves: buildInvolves([{
+			logins: extractMentions$1(body),
+			reason: "mentioned"
+		}]),
+		surface: {
+			title: entitySurfaceTitle(entity, number),
+			body,
+			url: readString(review.html_url) ?? ""
+		},
+		relatedRefs: []
+	};
+}
+function buildPullRequestReviewCommentRule(action, payload) {
+	if (action !== "created" && action !== "edited") return null;
+	const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
+	const comment = isRecord(payload.comment) ? payload.comment : null;
+	if (!pr || !comment) return null;
+	const entity = extractEventEntity("pull_request_review_comment", payload);
+	if (!entity) return null;
+	const number = readNumber(pr.number);
+	const body = readString(comment.body) ?? "";
+	return {
+		entity,
+		kind: "review_comment",
+		involves: buildInvolves([{
+			logins: extractMentions$1(body),
+			reason: "mentioned"
+		}]),
+		surface: {
+			title: entitySurfaceTitle(entity, number),
+			body,
+			url: readString(comment.html_url) ?? ""
+		},
+		relatedRefs: []
+	};
+}
+function buildIssueCommentRule(action, payload) {
+	if (action !== "created" && action !== "edited") return null;
+	const issue = isRecord(payload.issue) ? payload.issue : null;
+	const comment = isRecord(payload.comment) ? payload.comment : null;
+	if (!issue || !comment) return null;
+	const entity = extractEventEntity("issue_comment", payload);
+	if (!entity) return null;
+	const number = readNumber(issue.number);
+	const body = readString(comment.body) ?? "";
+	return {
+		entity,
+		kind: "commented",
+		involves: buildInvolves([{
+			logins: extractMentions$1(body),
+			reason: "mentioned"
+		}]),
+		surface: {
+			title: entitySurfaceTitle(entity, number),
+			body,
+			url: readString(comment.html_url) ?? ""
+		},
+		relatedRefs: []
+	};
+}
+function buildIssuesRule(action, payload) {
+	const issue = isRecord(payload.issue) ? payload.issue : null;
+	if (!issue) return null;
+	const entity = extractEventEntity("issues", payload);
+	if (!entity) return null;
+	const number = readNumber(issue.number);
+	const body = readString(issue.body) ?? "";
+	const url = readString(issue.html_url) ?? "";
+	const title = entitySurfaceTitle(entity, number);
+	switch (action) {
+		case "opened": {
+			const assigneeLogins = readStringArray(issue.assignees);
+			const mentionLogins = extractMentions$1(body);
+			return {
+				entity,
+				kind: "opened",
+				involves: buildInvolves([{
+					logins: assigneeLogins,
+					reason: "assigned"
+				}, {
+					logins: mentionLogins,
+					reason: "mentioned"
+				}]),
+				surface: {
+					title,
+					body,
+					url
 				},
-				metadata: {
-					source: "github",
-					event: "mention_delegation",
-					mentionedUser: agent.name,
-					action: ctx.action,
-					entityType: entity.type,
-					entityKey: entity.key
-				}
-			});
-			notifyRecipients(app.notifier, recipients, msg.id);
-			routed++;
-		} catch (err) {
-			log$1.error({
-				err,
-				sourceAgent: agent.name,
-				targetAgent: agent.delegateMention
-			}, "failed to route mention delegation");
+				relatedRefs: []
+			};
+		}
+		case "edited": return {
+			entity,
+			kind: "edited",
+			involves: buildInvolves([{
+				logins: extractMentions$1(body),
+				reason: "mentioned"
+			}]),
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "assigned": {
+			const login = readString((isRecord(payload.assignee) ? payload.assignee : null)?.login);
+			if (!login) return null;
+			return {
+				entity,
+				kind: "assigned",
+				involves: buildInvolves([{
+					logins: [login.toLowerCase()],
+					reason: "assigned"
+				}]),
+				surface: {
+					title,
+					body,
+					url
+				},
+				relatedRefs: []
+			};
 		}
+		case "closed": return {
+			entity,
+			kind: "closed",
+			involves: [],
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "reopened": return {
+			entity,
+			kind: "reopened",
+			involves: [],
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		default: return null;
+	}
+}
+function buildDiscussionRule(action, payload) {
+	const disc = isRecord(payload.discussion) ? payload.discussion : null;
+	if (!disc) return null;
+	const entity = extractEventEntity("discussion", payload);
+	if (!entity) return null;
+	const number = readNumber(disc.number);
+	const body = readString(disc.body) ?? "";
+	const url = readString(disc.html_url) ?? "";
+	const title = entitySurfaceTitle(entity, number);
+	switch (action) {
+		case "created": return {
+			entity,
+			kind: "opened",
+			involves: buildInvolves([{
+				logins: extractMentions$1(body),
+				reason: "mentioned"
+			}]),
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "edited": return {
+			entity,
+			kind: "edited",
+			involves: buildInvolves([{
+				logins: extractMentions$1(body),
+				reason: "mentioned"
+			}]),
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "closed": return {
+			entity,
+			kind: "closed",
+			involves: [],
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "reopened": return {
+			entity,
+			kind: "reopened",
+			involves: [],
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		case "answered":
+		case "unanswered": return {
+			entity,
+			kind: "other",
+			involves: [],
+			surface: {
+				title,
+				body,
+				url
+			},
+			relatedRefs: []
+		};
+		default: return null;
 	}
-	return routed;
 }
-async function githubWebhookRoutes(app) {
+function buildDiscussionCommentRule(action, payload) {
+	if (action !== "created" && action !== "edited") return null;
+	const disc = isRecord(payload.discussion) ? payload.discussion : null;
+	const comment = isRecord(payload.comment) ? payload.comment : null;
+	if (!disc || !comment) return null;
+	const entity = extractEventEntity("discussion_comment", payload);
+	if (!entity) return null;
+	const number = readNumber(disc.number);
+	const body = readString(comment.body) ?? "";
+	return {
+		entity,
+		kind: "commented",
+		involves: buildInvolves([{
+			logins: extractMentions$1(body),
+			reason: "mentioned"
+		}]),
+		surface: {
+			title: entitySurfaceTitle(entity, number),
+			body,
+			url: readString(comment.html_url) ?? ""
+		},
+		relatedRefs: []
+	};
+}
+function buildCommitCommentRule(action, payload) {
+	if (action !== "created") return null;
+	const comment = isRecord(payload.comment) ? payload.comment : null;
+	if (!comment) return null;
+	const entity = extractEventEntity("commit_comment", payload);
+	if (!entity) return null;
+	const body = readString(comment.body) ?? "";
+	return {
+		entity,
+		kind: "commit_commented",
+		involves: buildInvolves([{
+			logins: extractMentions$1(body),
+			reason: "mentioned"
+		}]),
+		surface: {
+			title: entitySurfaceTitle(entity, null),
+			body,
+			url: readString(comment.html_url) ?? ""
+		},
+		relatedRefs: []
+	};
+}
+const log$1 = createLogger$1("GithubAppWebhook");
+function verifySignature(secret, rawBody, signatureHeader) {
+	const expected = `sha256=${createHmac("sha256", secret).update(rawBody).digest("hex")}`;
+	const expectedBuf = Buffer.from(expected, "utf8");
+	const receivedBuf = Buffer.from(signatureHeader, "utf8");
+	if (expectedBuf.length !== receivedBuf.length || !timingSafeEqual(expectedBuf, receivedBuf)) throw new UnauthorizedError("Invalid webhook signature");
+}
+function readInstallationId(payload) {
+	if (!isRecord(payload)) return null;
+	const id = (isRecord(payload.installation) ? payload.installation : null)?.id;
+	return typeof id === "number" && Number.isFinite(id) ? id : null;
+}
+function parseInstallationMetadata(installation) {
+	const id = installation.id;
+	if (typeof id !== "number" || !Number.isFinite(id)) return null;
+	const account = isRecord(installation.account) ? installation.account : null;
+	if (!account) return null;
+	const accountId = account.id;
+	const accountLogin = account.login;
+	const accountType = account.type;
+	if (typeof accountId !== "number" || typeof accountLogin !== "string") return null;
+	if (accountType !== "User" && accountType !== "Organization") return null;
+	const permissionsParsed = githubAppInstallationPermissionsSchema$1.safeParse(installation.permissions);
+	return {
+		id,
+		accountType,
+		accountLogin,
+		accountGithubId: accountId,
+		permissions: permissionsParsed.success ? permissionsParsed.data : {},
+		events: Array.isArray(installation.events) ? installation.events.filter((e) => typeof e === "string") : [],
+		suspendedAt: typeof installation.suspended_at === "string" ? installation.suspended_at : null
+	};
+}
+async function handleInstallationLifecycle(app, eventType, payload) {
+	if (!isRecord(payload)) return "ignored:malformed";
+	if (eventType === "installation_repositories") return "noop";
+	const action = typeof payload.action === "string" ? payload.action : null;
+	const installation = isRecord(payload.installation) ? payload.installation : null;
+	const installationId = installation && typeof installation.id === "number" ? installation.id : null;
+	if (!installation || installationId === null) return "ignored:malformed";
+	switch (action) {
+		case "created":
+		case "new_permissions_accepted": {
+			const metadata = parseInstallationMetadata(installation);
+			if (!metadata) return "ignored:malformed";
+			await upsertInstallationFromMetadata(app.db, { installation: metadata });
+			return action;
+		}
+		case "deleted":
+			await deleteInstallationByGithubId(app.db, installationId);
+			return "deleted";
+		case "suspend": {
+			const suspendedAtRaw = installation.suspended_at;
+			const suspendedAt = typeof suspendedAtRaw === "string" ? new Date(suspendedAtRaw) : /* @__PURE__ */ new Date();
+			await markInstallationSuspended(app.db, installationId, suspendedAt);
+			return "suspended";
+		}
+		case "unsuspend":
+			await markInstallationUnsuspended(app.db, installationId, /* @__PURE__ */ new Date());
+			return "unsuspended";
+		default: return "ignored:unknown-action";
+	}
+}
+/**
+* GitHub App webhook ingestion — single SaaS-wide endpoint. Replaces the
+* legacy `/webhooks/github/:orgId` per-org endpoint. Wiring:
+*
+*   1. HMAC verify (server-level App webhook secret, NOT per-org)
+*   2. ping → 200 fast-path
+*   3. installation / installation_repositories → lifecycle handler, NOT
+*      the normalize pipeline (these events shouldn't fan out as cards)
+*   4. other events → installation.id → hub_organization_id reverse-lookup,
+*      then Stage 1 normalize → claimEvent → Stage 2 audience → Stage 3
+*      deliver. unclaimEvent on handler failure so GitHub's retry has a
+*      chance to clear.
+*
+* Routes return 200 for "ignored" cases (no installation context, not
+* bound, suspended, duplicate delivery) so GitHub doesn't accumulate
+* retries for events the operator can't act on.
+*/
+async function githubAppWebhookRoutes(app) {
 	app.addContentTypeParser("application/json", { parseAs: "buffer" }, (_request, body, done) => {
 		done(null, body);
 	});
-	const webhookMax = app.config.rateLimit?.webhookMax ?? 60;
-	app.post("/github/:orgId", { config: { rateLimit: {
+	const appConfig = app.config.oauth?.githubApp;
+	if (!appConfig?.webhookSecret) {
+		app.post("/github-app", async (_request, reply) => reply.status(501).send({ error: "GitHub App webhook is not configured for this Hub deployment." }));
+		return;
+	}
+	const webhookSecret = appConfig.webhookSecret;
+	const appSlug = appConfig.slug ?? null;
+	const webhookMax = app.config.rateLimit?.webhookMax ?? 600;
+	app.post("/github-app", { config: { rateLimit: {
 		max: webhookMax,
 		timeWindow: "1 minute"
 	} } }, async (request, reply) => {
-		const { orgId } = request.params;
-		const webhookSecret = await getDecryptedGithubWebhookSecret(app.db, orgId, app.config.secrets.encryptionKey);
-		if (!webhookSecret) return reply.status(501).send({ error: "GitHub webhook is not configured for this organization. An admin must set the webhook secret in Team settings." });
 		const rawBody = request.body;
 		if (!Buffer.isBuffer(rawBody)) throw new BadRequestError("Expected raw body buffer");
 		const signatureHeader = request.headers["x-hub-signature-256"];
@@ -19333,19 +20237,73 @@ async function githubWebhookRoutes(app) {
 			ok: true,
 			event: "ping"
 		});
-		if (shouldSilent(eventType, payload)) return reply.status(200).send({
+		if (eventType === "installation" || eventType === "installation_repositories") {
+			const lifecycle = await handleInstallationLifecycle(app, eventType, payload);
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				lifecycle
+			});
+		}
+		const installationId = readInstallationId(payload);
+		if (installationId === null) return reply.status(200).send({
 			ok: true,
 			event: eventType,
-			silent: true
+			ignored: "no installation context"
 		});
+		const installation = await findInstallationByGithubId(app.db, installationId);
+		if (!installation) {
+			log$1.warn({
+				installationId,
+				eventType
+			}, "installation not seen, skipping");
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				ignored: "installation not seen"
+			});
+		}
+		if (!installation.hubOrganizationId) {
+			log$1.warn({
+				installationId,
+				eventType
+			}, "installation not bound to any hub org, skipping");
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				ignored: "installation not bound"
+			});
+		}
+		if (installation.suspendedAt !== null) return reply.status(200).send({
+			ok: true,
+			event: eventType,
+			ignored: "suspended"
+		});
+		const source = {
+			kind: "github-app-installation",
+			installationId,
+			organizationId: installation.hubOrganizationId
+		};
 		const deliveryHeader = request.headers["x-github-delivery"];
 		const deliveryId = typeof deliveryHeader === "string" && deliveryHeader.length > 0 ? deliveryHeader : null;
+		const event = normalizeGithubEvent(eventType, payload, source, deliveryId);
+		if (!event) {
+			log$1.debug({
+				eventType,
+				action: isRecord(payload) ? payload.action : null
+			}, "Stage 1 returned null");
+			return reply.status(200).send({
+				ok: true,
+				event: eventType,
+				handled: false
+			});
+		}
 		if (deliveryId) {
 			if (!await claimEvent(app.db, deliveryId, "github")) {
 				log$1.info({
 					deliveryId,
 					eventType
-				}, "duplicate GitHub delivery, skipping");
+				}, "duplicate delivery, skipping");
 				return reply.status(200).send({
 					ok: true,
 					event: eventType,
@@ -19354,217 +20312,36 @@ async function githubWebhookRoutes(app) {
 			}
 		}
 		try {
-			const action = isRecord(payload) && typeof payload.action === "string" ? payload.action : void 0;
-			const allowedActions = MENTION_ACTIONS[eventType];
-			if (!allowedActions || !action || !allowedActions.includes(action)) return reply.status(200).send({
-				ok: true,
-				event: eventType,
-				handled: false
-			});
-			const mentionsRouted = await handleMentionDelegation(app, orgId, eventType, payload);
+			const audience = await resolveAudience(app.db, event, appSlug);
+			if (audience.length === 0) {
+				log$1.info({
+					entityType: event.entity.type,
+					entityKey: event.entity.key,
+					actor: event.actor.githubLogin
+				}, "audience empty, skipping");
+				return reply.status(200).send({
+					ok: true,
+					event: eventType,
+					audience: 0
+				});
+			}
+			const stats = await deliverNormalizedEvent(app, event, audience);
 			return reply.status(200).send({
 				ok: true,
 				event: eventType,
-				mentionsRouted
+				...stats
 			});
 		} catch (err) {
 			if (deliveryId) await unclaimEvent(app.db, deliveryId, "github").catch((unclaimErr) => {
 				log$1.error({
 					err: unclaimErr,
 					deliveryId
-				}, "failed to unclaim GitHub delivery after handler error");
+				}, "failed to unclaim delivery after handler error");
 			});
 			throw err;
 		}
 	});
 }
-/** Extract text body from any GitHub webhook event for @mention scanning. */
-function extractEventText(eventType, payload) {
-	if (!isRecord(payload)) return null;
-	switch (eventType) {
-		case "issues": {
-			const issue = isRecord(payload.issue) ? payload.issue : null;
-			return typeof issue?.body === "string" ? issue.body : null;
-		}
-		case "issue_comment":
-		case "pull_request_review_comment":
-		case "commit_comment":
-		case "discussion_comment": {
-			const comment = isRecord(payload.comment) ? payload.comment : null;
-			return typeof comment?.body === "string" ? comment.body : null;
-		}
-		case "pull_request": {
-			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
-			return typeof pr?.body === "string" ? pr.body : null;
-		}
-		case "pull_request_review": {
-			const review = isRecord(payload.review) ? payload.review : null;
-			return typeof review?.body === "string" ? review.body : null;
-		}
-		case "discussion": {
-			const disc = isRecord(payload.discussion) ? payload.discussion : null;
-			return typeof disc?.body === "string" ? disc.body : null;
-		}
-		default: return null;
-	}
-}
-/** Extract context info from any GitHub webhook event for delegation messages. */
-function extractEventContext(eventType, payload) {
-	if (!isRecord(payload)) return null;
-	const repo = isRecord(payload.repository) ? payload.repository : null;
-	const sender = isRecord(payload.sender) ? payload.sender : null;
-	const repository = typeof repo?.full_name === "string" ? repo.full_name : "";
-	const senderLogin = typeof sender?.login === "string" ? sender.login : "";
-	const action = typeof payload.action === "string" ? payload.action : void 0;
-	switch (eventType) {
-		case "issues": {
-			const issue = isRecord(payload.issue) ? payload.issue : null;
-			if (!issue) return null;
-			return {
-				event: "issues",
-				action,
-				repository,
-				sender: senderLogin,
-				title: `Issue #${issue.number}: ${issue.title}`,
-				body: typeof issue.body === "string" ? issue.body : "",
-				url: typeof issue.html_url === "string" ? issue.html_url : ""
-			};
-		}
-		case "issue_comment": {
-			const issue = isRecord(payload.issue) ? payload.issue : null;
-			const comment = isRecord(payload.comment) ? payload.comment : null;
-			if (!issue || !comment) return null;
-			return {
-				event: "issue_comment",
-				action,
-				repository,
-				sender: senderLogin,
-				title: `Issue #${issue.number}: ${issue.title}`,
-				body: typeof comment.body === "string" ? comment.body : "",
-				url: typeof comment.html_url === "string" ? comment.html_url : ""
-			};
-		}
-		case "pull_request": {
-			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
-			if (!pr) return null;
-			return {
-				event: "pull_request",
-				action,
-				repository,
-				sender: senderLogin,
-				title: `PR #${pr.number}: ${pr.title}`,
-				body: typeof pr.body === "string" ? pr.body : "",
-				url: typeof pr.html_url === "string" ? pr.html_url : ""
-			};
-		}
-		case "pull_request_review": {
-			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
-			const review = isRecord(payload.review) ? payload.review : null;
-			if (!pr || !review) return null;
-			return {
-				event: "pull_request_review",
-				action,
-				repository,
-				sender: senderLogin,
-				title: `PR #${pr.number}: ${pr.title}`,
-				body: typeof review.body === "string" ? review.body : "",
-				url: typeof review.html_url === "string" ? review.html_url : ""
-			};
-		}
-		case "pull_request_review_comment": {
-			const pr = isRecord(payload.pull_request) ? payload.pull_request : null;
-			const comment = isRecord(payload.comment) ? payload.comment : null;
-			if (!pr || !comment) return null;
-			return {
-				event: "pull_request_review_comment",
-				action,
-				repository,
-				sender: senderLogin,
-				title: `PR #${pr.number}: ${pr.title}`,
-				body: typeof comment.body === "string" ? comment.body : "",
-				url: typeof comment.html_url === "string" ? comment.html_url : ""
-			};
-		}
-		case "discussion": {
-			const disc = isRecord(payload.discussion) ? payload.discussion : null;
-			if (!disc) return null;
-			return {
-				event: "discussion",
-				action,
-				repository,
-				sender: senderLogin,
-				title: typeof disc.title === "string" ? disc.title : "",
-				body: typeof disc.body === "string" ? disc.body : "",
-				url: typeof disc.html_url === "string" ? disc.html_url : ""
-			};
-		}
-		case "discussion_comment": {
-			const disc = isRecord(payload.discussion) ? payload.discussion : null;
-			const comment = isRecord(payload.comment) ? payload.comment : null;
-			if (!disc || !comment) return null;
-			return {
-				event: "discussion_comment",
-				action,
-				repository,
-				sender: senderLogin,
-				title: typeof disc.title === "string" ? disc.title : "",
-				body: typeof comment.body === "string" ? comment.body : "",
-				url: typeof comment.html_url === "string" ? comment.html_url : ""
-			};
-		}
-		case "commit_comment": {
-			const comment = isRecord(payload.comment) ? payload.comment : null;
-			if (!comment) return null;
-			return {
-				event: "commit_comment",
-				action,
-				repository,
-				sender: senderLogin,
-				title: "Commit comment",
-				body: typeof comment.body === "string" ? comment.body : "",
-				url: typeof comment.html_url === "string" ? comment.html_url : ""
-			};
-		}
-		default: return null;
-	}
-}
-/**
-* Run mention delegation for a given event type and payload.
-* Only called after action gating confirms this is a "new content" event.
-*/
-async function handleMentionDelegation(app, organizationId, eventType, payload) {
-	const textMentions = extractMentions$1(extractEventText(eventType, payload));
-	const structuralMentions = extractStructuralMentions(eventType, payload);
-	const mentions = [...new Set([...textMentions, ...structuralMentions])];
-	if (mentions.length === 0) return 0;
-	const ctx = extractEventContext(eventType, payload);
-	if (!ctx) return 0;
-	const entity = extractEventEntity(eventType, payload);
-	if (!entity) {
-		log$1.warn({ eventType }, "mention extracted but no entity resolvable; skipping fan-out");
-		return 0;
-	}
-	return routeMentionDelegations(app, organizationId, mentions, ctx, entity, eventType === "pull_request" && ctx.repository.length > 0 ? parseFixesRefs(ctx.body, ctx.repository) : []);
-}
-/** Actions that represent new/changed content (worth scanning for @mentions).
-* Note: `pull_request.review_requested` doesn't carry an @mention in any
-* text body — the reviewer is in `requested_reviewer.login`. We pick it up
-* via `extractStructuralMentions`. The complementary `review_request_removed`
-* is intentionally omitted to avoid notifying the reviewer twice. */
-const MENTION_ACTIONS = {
-	issues: ["opened", "edited"],
-	issue_comment: ["created"],
-	pull_request: [
-		"opened",
-		"edited",
-		"review_requested"
-	],
-	pull_request_review: ["submitted"],
-	pull_request_review_comment: ["created"],
-	discussion: ["created", "edited"],
-	discussion_comment: ["created"],
-	commit_comment: ["created"]
-};
 /**
 * Boot-time configuration sanity checks. Called from `buildApp` so BOTH
 * server entry points are covered:
@@ -21019,6 +21796,12 @@ async function buildApp(config) {
 		...sslOptions(config.database.url)
 	});
 	const notifier = createNotifier(listenClient);
+	registerCrossInstanceBroadcaster((payload) => {
+		notifier.notifyAdminBroadcast(payload).catch(() => {});
+	});
+	notifier.onAdminBroadcast((payload) => {
+		broadcastToAdmins(payload);
+	});
 	await app.register(websocket, { options: { maxPayload: config.ws?.maxPayload ?? 65536 } });
 	const corsOrigin = config.cors?.origin;
 	const isDev = process.env.NODE_ENV !== "production";
@@ -21098,7 +21881,7 @@ async function buildApp(config) {
 	await app.register(healthzRoutes);
 	await app.register(namePlugin("apiV1Scope", async (api) => {
 		await api.register(healthRoutes);
-		await api.register(githubWebhookRoutes, { prefix: "/webhooks" });
+		await api.register(githubAppWebhookRoutes, { prefix: "/webhooks" });
 		await api.register(authRoutes, { prefix: "/auth" });
 		await api.register(githubOauthRoutes, { prefix: "/auth/github" });
 		await api.register(publicInvitationRoutes, { prefix: "/invitations" });
@@ -21540,7 +22323,7 @@ const declineUpdate = async () => false;
 * relaunch picks up the new binary.
 *
 * `managed=false` means the process is running standalone (e.g. manual
-* `client start`, `client connect --no-service`, CI without a supervisor).
+* `client start`, `connect <token> --no-service`, CI without a supervisor).
 * Exiting in that mode would leave the client offline until an operator
 * noticed — so the callback instead prints a restart hint, returns
 * `{ installed: true }`, and the UpdateManager stops retrying until the