@agent-team-foundation/first-tree-hub 0.14.0 → 0.14.2

package/dist/{saas-connect-DX3-nDs9.mjs → saas-connect-DgCSZ8Yk.mjs}

@@ -2,11 +2,11 @@ import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw
 import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
 import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C15ZBOCC.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as listMeChatSourceCountsQuerySchema, A as createMeChatSchema, At as updateOrganizationSchema, B as githubAppInstallationClaimBodySchema, C as clientRegisterSchema, Ct as submitQuestionAnswerSchema, D as createAdapterMappingSchema, Dt as updateChatSchema, E as createAdapterConfigSchema, Et as updateAgentSchema, F as delegateFeishuUserSchema, G as imageInlineContentSchema, H as githubCallbackQuerySchema, I as dryRunAgentRuntimeConfigSchema, J as inboxPollQuerySchema, K as inboxAckFrameSchema, M as createOrgFromMeSchema, O as createAgentSchema, Ot as updateClientCapabilitiesSchema, P as defaultRuntimeConfigPayload, Q as joinByInvitationSchema, R as getMeDocResponseSchema, St as stripCode, T as contextTreeSnapshotSchema, Tt as updateAgentRuntimeConfigSchema, U as githubDevCallbackQuerySchema, V as githubAppInstallationPermissionsSchema$1, W as githubStartQuerySchema, X as isRedactedEnvValue, Y as isOrgSettingNamespace, Z as isReservedAgentName$1, _ as agentBindRequestSchema, _t as sendToAgentSchema, a as AGENT_TYPES, at as paginationQuerySchema, b as agentTypeSchema$1, bt as sessionReconcileRequestSchema, d as MENTION_REGEX, dt as refreshTokenSchema, et as listMeChatsQuerySchema, f as NOTIFICATION_TYPES, ft as runtimeStateMessageSchema, g as addParticipantSchema, gt as sendMessageSchema, h as addMeChatParticipantsSchema, ht as selfServiceFeishuBotSchema, i as AGENT_STATUSES, it as onboardingEventSchema, j as createMemberSchema, jt as wsAuthFrameSchema, k as createChatSchema, kt as updateMemberSchema, l as GITHUB_ENTITY_TYPES, m as WS_AUTH_FRAME_TIMEOUT_MS, n as AGENT_NAME_REGEX$1, nt as messageSourceSchema$1, o as AGENT_VISIBILITY, ot as patchChatEngagementSchema, p as ORG_SETTINGS_NAMESPACES$1, pt as safeRedirectPath, q as inboxDeliverFrameSchema$1, r as AGENT_SELECTOR_HEADER$1, rt as notificationQuerySchema, s as CHAT_ENGAGEMENT_STATUSES, st as patchOnboardingSchema, t as AGENT_BIND_REJECT_REASONS, tt as loginSchema, ut as rebindAgentSchema, v as agentPinnedMessageSchema$1, vt as sessionEventMessageSchema, w as connectTokenExchangeSchema, wt as updateAdapterConfigSchema, x as chatMetadataSchema$1, xt as sessionStateMessageSchema, y as agentRuntimeConfigPayloadSchema$1, yt as sessionEventSchema$1, z as getMeDocSchema } from "./dist-1XGLJMOq.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-LPcARA4K-Dbrptiyz.mjs";
+import { $ as listMeChatSourceCountsQuerySchema, A as createMeChatSchema, At as updateOrganizationSchema, B as githubAppInstallationClaimBodySchema, C as clientRegisterSchema, Ct as submitQuestionAnswerSchema, D as createAdapterMappingSchema, Dt as updateChatSchema, E as createAdapterConfigSchema, Et as updateAgentSchema, F as delegateFeishuUserSchema, G as imageInlineContentSchema, H as githubCallbackQuerySchema, I as dryRunAgentRuntimeConfigSchema, J as inboxPollQuerySchema, K as inboxAckFrameSchema, M as createOrgFromMeSchema, O as createAgentSchema, Ot as updateClientCapabilitiesSchema, Q as joinByInvitationSchema, R as getMeDocResponseSchema, T as contextTreeSnapshotSchema, Tt as updateAgentRuntimeConfigSchema, U as githubDevCallbackQuerySchema, V as githubAppInstallationPermissionsSchema$1, W as githubStartQuerySchema, X as isRedactedEnvValue, Y as isOrgSettingNamespace, _ as agentBindRequestSchema, _t as sendToAgentSchema, at as paginationQuerySchema, b as agentTypeSchema$1, bt as sessionReconcileRequestSchema, dt as refreshTokenSchema, et as listMeChatsQuerySchema, f as NOTIFICATION_TYPES, ft as runtimeStateMessageSchema, g as addParticipantSchema, gt as sendMessageSchema, h as addMeChatParticipantsSchema, ht as selfServiceFeishuBotSchema, i as AGENT_STATUSES, it as onboardingEventSchema, j as createMemberSchema, jt as wsAuthFrameSchema, k as createChatSchema, kt as updateMemberSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, o as AGENT_VISIBILITY, ot as patchChatEngagementSchema, p as ORG_SETTINGS_NAMESPACES$1, pt as safeRedirectPath, q as inboxDeliverFrameSchema$1, r as AGENT_SELECTOR_HEADER$1, rt as notificationQuerySchema, s as CHAT_ENGAGEMENT_STATUSES, st as patchOnboardingSchema, t as AGENT_BIND_REJECT_REASONS, tt as loginSchema, ut as rebindAgentSchema, v as agentPinnedMessageSchema$1, vt as sessionEventMessageSchema, w as connectTokenExchangeSchema, wt as updateAdapterConfigSchema, x as chatMetadataSchema$1, xt as sessionStateMessageSchema, y as agentRuntimeConfigPayloadSchema$1, yt as sessionEventSchema$1, z as getMeDocSchema } from "./dist-DmYxT5Kb.mjs";
+import { a as ClientUserMismatchError$1, c as NotFoundError, d as users, f as uuidv7, i as ClientOrgMismatchError$1, l as UnauthorizedError, n as AppError, o as ConflictError, r as BadRequestError, s as ForbiddenError, u as organizations } from "./uuid-DbS_4vFh-iFghv4zA.mjs";
 import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { $ as notifyRecipients, A as getPresence, B as listAgentsManagedByUser, C as ensureParticipant, D as getChatDetail, E as getCachedAudience, F as joinAsParticipant, G as listClients, H as listChatParticipantsWithNames, I as joinChat, K as listClientsForOrgAdmin, L as leaveAsParticipant, M as heartbeatInstance, N as inboxEntries, O as getClient, P as invalidateChatAudience, Q as messages, R as leaveChat, S as ensureCanJoin, T as getActivityOverview, U as listChats, V as listAgentsWithRuntime, W as listChatsForMember, X as markSupersededByChat, Y as markStaleAgents, Z as members, _ as createChat, _t as unbindAgent, a as agentVisibilityCondition, at as registerClient, b as disconnectClient, c as assertParticipant, ct as resolveChatMembership, d as chatMembership, dt as sendToAgent$1, et as pendingQuestions, f as chats, ft as serverInstances, g as clients, gt as touchAgent, h as cleanupStalePresence, ht as submitAnswer, i as agentPresence, it as registerChatMessageDispatcher, j as heartbeatClient, k as getOnlineCount, l as bindAgent, lt as retireClient, m as cleanupStaleClients, mt as setRuntimeState, n as addParticipant, nt as recomputeWatchersForAgent, o as agents, ot as removeParticipant, p as claimClient, pt as setOffline, q as listMessages, r as agentChatSessions, rt as recomputeWatchersForMember, s as assertClientOwner, st as resetActivity, t as addChatParticipants, tt as recomputeChatWatchers, u as changeChatType, ut as sendMessage, v as createNotifier, vt as updateClientCapabilities, w as findOrCreateDirectChat, x as editMessage, y as deriveAuthState, yt as upsertSessionState, z as listActiveAgentsPinnedToClient } from "./client-RM_03B_l-DiEIa9xe.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-DZO4NX3P-BPxTeHf-.mjs";
+import { $ as getSession, $t as suspendSession, A as createAgent, At as pollInbox, B as extractSummary, Bt as resetTimedOutEntries, C as claimAndBuildForPush, Ct as markMeChatRead, D as cleanupStalePresence, Dt as messages, E as cleanupStaleClients, Et as members, F as deriveAuthState, Ft as registerChatMessageDispatcher, G as getAgentAvatarImage, Gt as sendToAgent$1, H as findOrCreateDirectChat, Ht as resolveDefaultOrgId$1, I as disconnectClient, It as registerClient, J as getChatDetail, Jt as setChatEngagement, K as getCachedAudience, Kt as serverInstances, L as editMessage, Lt as removeParticipant, M as createMeChat, Mt as reactivateAgent, N as createNotifier, Nt as rebindAgent, O as clearAgentAvatarImage, Ot as notifyRecipients, P as deleteAgent, Pt as recomputeWatchersForMember, Q as getPresence, Qt as suspendAgent, R as ensureDefaultOrganization, Rt as renewEntry, S as checkAgentNameAvailability, T as claimClient, Tt as markStaleAgents, U as getActivityOverview, Ut as retireClient, V as filterSessionsByParticipant, Vt as resolveChatTitle, W as getAgent, Wt as sendMessage, X as getOnlineCount, Xt as setRuntimeState, Y as getClient, Yt as setOffline, Z as getOrganization, Zt as submitAnswer, _ as assertParticipant, _t as listClients, a as adapterAgentMappings, an as upsertSessionState, at as leaveChat, b as chatUserState, bt as listMeChats, c as addMeChatParticipants, ct as listAgentSessions, d as agentChatSessions, dt as listAgentsManagedByUser, en as touchAgent, et as heartbeatClient, f as agentConfigs, ft as listAgentsWithRuntime, g as assertClientOwner, gt as listChatsForMember, h as archiveSession, ht as listChats, i as ackEntryByIdForBoundAgents, in as updateOrganization, it as joinMeChat, j as createChat, jt as pruneStaleSilentEntries, k as clients, kt as pendingQuestions, l as addParticipant, lt as listAgentsForAdmin, m as agents, mt as listChatParticipantsWithNames, n as SUPPORTED_AVATAR_IMAGE_MIMES, nn as updateAgent, nt as inboxEntries, o as adapterConfigs, ot as leaveMeChat, p as agentPresence, pt as listAllSessions, q as getCallerEngagement, qt as setAgentAvatarImage, r as ackEntry$2, rn as updateClientCapabilities, rt as joinChat, s as addChatParticipants, st as listActiveAgentsPinnedToClient, t as MAX_AVATAR_IMAGE_BYTES, tn as unbindAgent, tt as heartbeatInstance, u as agentAvatarImageUrl, ut as listAgentsForMember, v as bindAgent, vt as listClientsForOrgAdmin, w as claimBacklogForPush, wt as markMeChatUnread, x as chats, xt as listMessages, y as chatMembership, yt as listMeChatSourceCounts, z as ensureParticipant, zt as resetActivity } from "./client-CZ_VnbEc-CBF46cJd.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl } from "./invitation-D_ENPHyj-5ETiae5r.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -25,7 +25,7 @@ import { fileURLToPath } from "node:url";
 import * as semver from "semver";
 import { confirm, input, password, select } from "@inquirer/prompts";
 import bcrypt from "bcrypt";
-import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
+import { and, asc, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
@@ -822,13 +822,17 @@ z.object({
 	participantIds: z.array(z.string()).min(1),
 	metadata: optionalChatMetadataSchema.optional()
 });
-const chatParticipantSchema = z.object({
+/**
+* Participant row with the agent's public-ish metadata resolved — used by the
+* client runtime for `@<name>` mention extraction against the authoritative
+* participant set (see proposals/hub-agent-messaging-reply-and-mentions §4).
+*/
+const chatParticipantDetailSchema = z.object({
 	agentId: z.string(),
 	role: z.string(),
 	mode: z.string(),
 	joinedAt: z.string()
-});
-chatParticipantSchema.extend({
+}).extend({
 	name: z.string().nullable(),
 	displayName: z.string(),
 	type: z.string()
@@ -843,7 +847,7 @@ z.object({
 	createdAt: z.string(),
 	updatedAt: z.string()
 }).extend({
-	participants: z.array(chatParticipantSchema),
+	participants: z.array(chatParticipantDetailSchema),
 	title: z.string(),
 	firstMessagePreview: z.string().nullable(),
 	engagementStatus: chatEngagementStatusSchema
@@ -1142,6 +1146,23 @@ const messageFormatSchema = z.enum([
 	"question",
 	"question_answer"
 ]);
+/**
+* Optional intent tag set by the client when posting through
+* `POST /agent/chats/:id/messages`. Tells the server *why* this write is
+* happening so it can pick the right enforcement profile.
+*
+*   - `"agent-final-text"`: handler-initiated forward of an agent's final
+*     reply text (today: `runtime/result-sink.ts`) OR an `AskUserQuestion`
+*     payload posted via the canUseTool bridge. Both should land in chat
+*     history so human observers in the web UI can see what the agent is
+*     doing, but neither should wake other agents and neither should be
+*     subject to the group-chat `@mention required` guard — they are not
+*     a user-typed group broadcast. v1 §四 改造 4 (b) bypass channel.
+*
+* Default-`undefined` means a regular agent-initiated send (CLI `chat send`,
+* adapter, etc.) and goes through the normal enforcement profile.
+*/
+const messagePurposeSchema = z.enum(["agent-final-text"]);
 z.object({
 	format: messageFormatSchema.default("text"),
 	content: z.unknown(),
@@ -1149,7 +1170,8 @@ z.object({
 	inReplyTo: z.string().optional(),
 	replyToInbox: z.string().optional(),
 	replyToChat: z.string().optional(),
-	source: messageSourceSchema.optional()
+	source: messageSourceSchema.optional(),
+	purpose: messagePurposeSchema.optional()
 });
 z.object({
 	format: messageFormatSchema.default("text"),
@@ -1157,7 +1179,8 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()).optional(),
 	replyToInbox: z.string().optional(),
 	replyToChat: z.string().optional(),
-	source: messageSourceSchema.optional()
+	source: messageSourceSchema.optional(),
+	direct: z.boolean().optional()
 });
 const messageSchema = z.object({
 	id: z.string(),
@@ -1370,6 +1393,10 @@ z.object({
 	lastReadAt: z.string(),
 	unreadMentionCount: z.number().int()
 });
+z.object({
+	chatId: z.string(),
+	unreadMentionCount: z.number().int()
+});
 z.object({
 	chatId: z.string(),
 	membershipKind: meChatMembershipKindSchema.nullable()
@@ -2404,6 +2431,16 @@ var FirstTreeHubSDK = class {
 	async listChats(options) {
 		return this.requestJson(`/api/v1/agent/chats${this.queryString(options)}`);
 	}
+	/**
+	* Fetch full chat detail (topic + participant membership rows). Used by the
+	* runtime bootstrap path to assemble a chat-level identity block injected
+	* into CLAUDE.md / AGENTS.md so the agent knows the chat's topic and who
+	* else is in the room. Participant rows here lack name/displayName/type —
+	* call `listChatParticipants` for that.
+	*/
+	async getChatDetail(chatId) {
+		return this.requestJson(`/api/v1/agent/chats/${chatId}`);
+	}
 	async listMessages(chatId, options) {
 		return this.requestJson(`/api/v1/agent/chats/${chatId}/messages${this.queryString(options)}`);
 	}
@@ -3332,7 +3369,7 @@ const FIRST_TREE_WORKSPACE_MARKER = ".first-tree-workspace";
 * and on resume().
 */
 function bootstrapWorkspace(options) {
-	const { workspacePath, identity, contextTreePath, serverUrl, chatId, briefing } = options;
+	const { workspacePath, identity, contextTreePath, serverUrl, chatId, chatContext, briefing } = options;
 	const agentDir = join(workspacePath, ".agent");
 	const contextDir = join(agentDir, "context");
 	if (existsSync(contextDir)) rmSync(contextDir, {
@@ -3348,7 +3385,8 @@ function bootstrapWorkspace(options) {
 		metadata: identity.metadata,
 		chatId,
 		serverUrl,
-		contextTreePath
+		contextTreePath,
+		...chatContext ? { chatContext } : {}
 	};
 	writeFileSync(join(agentDir, "identity.json"), JSON.stringify(identityData, null, 2), "utf-8");
 	if (contextTreePath) {
@@ -3436,70 +3474,154 @@ function installFirstTreeIntegration(options) {
 function generateToolsDoc() {
 	return `# Agent Hub SDK
 
-## How You Communicate
-
 You are running inside **Agent Hub**, a messaging platform for agent teams.
 
-- Messages from other team members arrive as your prompt input
-- Each message includes a \`[From: <agent-name>]\` header — that name is also
-  what you pass back to \`chat send\` to reply to or address that agent
-- **Your final text response is automatically delivered** to the chat — just respond normally
-- For **proactive communication** (sending to other agents, other chats, or structured data),
-  use the \`first-tree-hub\` CLI below
-- **Use your judgment about when to respond.** Not every message requires
-  a reply — if you have nothing new for the recipient, output nothing and
-  the runtime will end the turn silently.
-  Your role and responsibilities are injected via the Hub-managed system prompt.
+- Messages from other team members arrive as your prompt input. Each message has a
+  \`[From: <agent-name>]\` header — that name is what you pass back to \`chat send\`.
+- **Your final response text is delivered to the chat for human observers to read.
+  It does NOT wake other agents.** To make another agent take action, use
+  \`first-tree-hub chat send <name>\` explicitly (see "Communication Rules" below).
+- **Stay silent when you have nothing to add.** Not every message needs a reply.
+  If you have nothing new for the recipient, output nothing and the runtime ends the turn.
+- For **proactive communication** (other agents, other chats, or different format),
+  use the \`first-tree-hub\` CLI below.
+
+## Communication Rules
+
+Your final response text is delivered to the chat for **human observers**
+to read. It does NOT wake other agents.
 
-## Environment Variables
+To make another agent take action, you MUST explicitly call:
 
-These are injected automatically when the agent process starts:
+    first-tree-hub chat send <name> "..."
 
-| Variable | Description |
-|----------|-------------|
-| \`FIRST_TREE_HUB_SERVER_URL\` | Server address for API calls |
-| \`FIRST_TREE_HUB_ACCESS_TOKEN\` | User member access JWT (short-lived) |
-| \`FIRST_TREE_HUB_AGENT_ID\` | YOUR own agent UUID. The CLI reads it to identify you as the sender — never pass it as a \`send\` target. |
-| \`FIRST_TREE_HUB_CHAT_ID\` | The chat this session is currently bound to. The CLI uses it to route messages — you don't need to pass it manually. |
+Decision guide (based on participant \`type\` in the Current Chat Context block):
 
-The \`first-tree-hub\` CLI reads these automatically — no extra setup needed.
+- Target is a **human** in this chat → your final text is enough; do not
+  redundantly chat send (it just adds noise).
+- Target is an **agent** in this chat → they will NOT see your final text
+  as a wake signal. You MUST chat send <name> if you need them to act.
+- No specific target (just narrating progress / thinking aloud) → final
+  text only; no send needed.
+
+**Fallback** (if Current Chat Context block is missing — context injection
+may have failed): use conservative mode — all cross-agent collaboration
+goes through explicit \`chat send\`; do not rely on final text to wake
+anyone.
 
 ## Sending Messages
 
-Use the \`first-tree-hub chat send\` CLI — it reads the env vars above and
-attaches the \`Authorization\` + \`X-Agent-Id\` headers automatically:
+The CLI auto-reads its config from env — no setup needed.
 
 \`\`\`bash
-# Send to another agent — first positional argument is the recipient's NAME
-# (NOT a uuid; uuids in chat history / participant lists are not accepted).
-# Run \`first-tree-hub agent list\` to see available names.
-#
-# Routing: if the recipient is a participant of your current chat (typically
-# the case in a group chat where someone @-mentioned you to talk to them),
-# the message stays in that chat. Otherwise it falls back to a direct chat
-# between you and the recipient. You don't need to think about which.
+# Send to an agent by NAME (uuids are NOT accepted — run \`first-tree-hub agent list\` for names).
+# Routing: the recipient MUST be a participant of your current chat — the message
+# lands in that chat. If they are NOT a member the call ERRORS with a hint. To open
+# a side-conversation with a non-member, use the --direct flag explicitly.
 first-tree-hub chat send <agentName> "your message"
 
-# Send into a specific chat by id — use this only when you explicitly want
-# to address a chat your current session is NOT bound to.
-first-tree-hub chat send --chat <chatId> "your message"
+# Open or reuse a direct chat with the recipient (bypass the member check).
+# Use only when intentionally starting a side conversation with a non-member.
+first-tree-hub chat send --direct <agentName> "your message"
 
-# Send markdown (default format is text)
-first-tree-hub chat send <agentName> -f markdown "**bold** message"
+# Markdown format (default is text)
+first-tree-hub chat send <agentName> -f markdown "**bold**"
 
-# Reply to a specific message
-first-tree-hub chat send <agentName> --reply-to <messageId> "reply content"
+# Reply to a message
+first-tree-hub chat send <agentName> --reply-to <messageId> "reply"
 
-# Pipe long content via stdin (recommended for special characters)
-echo "long message body" | first-tree-hub chat send <agentName>
+# Pipe long / multiline content via stdin
+echo "long body" | first-tree-hub chat send <agentName>
 \`\`\`
 
-> Agent uuids appear in \`chat list\`, chat history, and participant lists,
-> but they are NOT accepted by \`chat send\` — always use the name.
+**Reaching another agent — pick the right flag**:
+
+- **Same chat member** → \`chat send <agentName> "..."\` (no flag).
+- **Non-member** → \`chat send --direct <agentName> "..."\`. The CLI opens (or
+  reuses) the direct chat AND auto-mentions the recipient so they actually wake.
+
+The CLI **only addresses agents by name**. You cannot route by chat-id from
+this command, and \`@<name>\` in your content only resolves against the chat
+you are currently in — naming someone who is not a member is rejected so a
+silent-drop misroute is impossible.
+
+**Content rules (important):**
 
-For content with quotes, \`$\`, backticks, or newlines, prefer stdin to avoid shell escaping issues.
+- Pass content as a **raw string** — never \`JSON.stringify\` it first. Wrapping in
+  outer quotes + \`\\n\` escapes produces a literal \`"@x ...\\n..."\` that the UI
+  cannot render as markdown.
+- For multi-line / markdown / special chars (quotes, \`$\`, backticks, newlines),
+  use **stdin** with real newlines, plus \`-f markdown\`.
 `;
 }
+/**
+* Build a narrow `ChatContext` snapshot for the current session.
+*
+* Calls the two existing agent-scoped endpoints in parallel:
+*   - `GET /agent/chats/:chatId`              — chat detail (topic)
+*   - `GET /agent/chats/:chatId/participants` — participant rows with names
+*
+* Throws on either HTTP failure so the caller (handler) can log + degrade
+* to the no-context path. The bootstrap branch then writes neither the
+* identity.json `chatContext` field nor the CLAUDE.md / AGENTS.md section.
+*/
+async function fetchChatContext(sdk, chatId, identity) {
+	const [detail, participants] = await Promise.all([sdk.getChatDetail(chatId), sdk.listChatParticipants(chatId)]);
+	const filteredParticipants = participants.filter((p) => p.name !== null && p.name.length > 0).map((p) => ({
+		name: p.name,
+		displayName: p.displayName,
+		type: p.type === "human" ? "human" : "agent"
+	}));
+	const selfOwner = resolveSelfOwner(identity, participants);
+	return {
+		chatId,
+		title: detail.title,
+		topic: detail.topic,
+		...selfOwner ? { selfOwner } : {},
+		participants: filteredParticipants
+	};
+}
+/**
+* For delegate agents (personal_assistant whose `delegateMention` points at
+* a chat participant) return `{name, displayName}` of the human owner; for
+* autonomous agents return `undefined`.
+*
+* `delegateMention` holds the OWNER'S `name` slug — see
+* web/.../identity-section.tsx ("delegate <AgentChip ...>").
+*/
+function resolveSelfOwner(identity, participants) {
+	if (identity.type !== "personal_assistant") return void 0;
+	if (!identity.delegateMention) return void 0;
+	const owner = participants.find((p) => p.name === identity.delegateMention && p.type === "human");
+	if (!owner || !owner.name) return void 0;
+	return {
+		name: owner.name,
+		displayName: owner.displayName
+	};
+}
+/**
+* Render the "Current Chat Context" markdown section that both Claude Code
+* (CLAUDE.md) and Codex (AGENTS.md) inject into the agent's prompt context.
+*
+* Shared so the two handlers never drift on field shape or wording. Returns
+* `null` when there's no context to render — caller skips the section.
+*
+* See proposals/hub-chat-message-v1-design §四 改造 3.
+*/
+function renderChatContextSection(chatContext) {
+	if (!chatContext) return null;
+	const lines = [];
+	lines.push("## Current Chat Context");
+	lines.push("");
+	lines.push(`- Chat ID: ${chatContext.chatId}`);
+	if (chatContext.title && chatContext.title.trim().length > 0) lines.push(`- Title: ${chatContext.title}`);
+	if (chatContext.topic && chatContext.topic.trim().length > 0 && chatContext.topic !== chatContext.title) lines.push(`- Topic: ${chatContext.topic}`);
+	if (chatContext.selfOwner) lines.push(`- Your owner: ${chatContext.selfOwner.displayName} (@${chatContext.selfOwner.name})`);
+	lines.push("- Participants:");
+	if (chatContext.participants.length === 0) lines.push("  - (none)");
+	else for (const p of chatContext.participants) lines.push(`  - @${p.name} (${p.displayName}, type=${p.type})`);
+	return `${lines.join("\n")}\n`;
+}
 function resolveGitRepoTargetPath(workspace, localPath) {
 	const safetyError = getRepoLocalPathSafetyError(localPath);
 	if (safetyError) throw new Error(`Unsafe git repo localPath "${localPath}": ${safetyError}`);
@@ -4021,6 +4143,7 @@ function createGitMirrorManager(opts) {
 					}, "worktree create conflict");
 					throw new GitMirrorWorktreeConflictError(`Worktree target "${absTarget}" is already occupied by ${classifyOccupant(absTarget)} — aborting (D13)`);
 				}
+				await gitOk(["worktree", "prune"], mirror, 1e4);
 				const pathExists = existsSync(absTarget);
 				const hasBranch = await branchExists(mirror, branchName);
 				mkdirSync(dirname(absTarget), { recursive: true });
@@ -4921,7 +5044,8 @@ const createClaudeCodeHandler = (config) => {
 			try {
 				await sessionCtx.sdk.sendMessage(sessionCtx.chatId, {
 					format: "question",
-					content: questionContent
+					content: questionContent,
+					purpose: "agent-final-text"
 				});
 			} catch (err) {
 				const reason = err instanceof Error ? err.message : String(err);
@@ -5191,16 +5315,45 @@ const createClaudeCodeHandler = (config) => {
 			}
 		}
 	}
-	/** Bootstrap workspace and generate CLAUDE.md. */
-	function runBootstrap(workspace, sessionCtx) {
+	/**
+	* Best-effort chat-context fetch for the identity-injection path. Failures
+	* are logged but never bubble — bootstrap continues with `undefined` and
+	* the agent simply loses the "Current Chat Context" block (graceful
+	* degradation; the Communication Rules in tools.md still tell it to fall
+	* back to conservative mode).
+	*/
+	async function fetchChatContextOrLog(sessionCtx) {
+		try {
+			return await fetchChatContext(sessionCtx.sdk, sessionCtx.chatId, sessionCtx.agent);
+		} catch (err) {
+			sessionCtx.log(`fetchChatContext failed: ${err instanceof Error ? err.message : String(err)}`);
+			return;
+		}
+	}
+	/**
+	* Refresh the workspace's identity.json + CLAUDE.md from the latest chat
+	* context. v1.7 fix: chat-context must NOT be frozen at first bootstrap.
+	* When new participants join later, every resume re-fetches and rewrites
+	* the "Current Chat Context" section so the agent sees the live roster.
+	* Skips the expensive `first-tree tree integrate` shell-out — that part
+	* stays sentinel-protected and runs only on a fresh bootstrap.
+	*/
+	function refreshIdentityAndPrompt(workspace, sessionCtx, chatContext) {
 		bootstrapWorkspace({
 			workspacePath: workspace,
 			identity: sessionCtx.agent,
 			contextTreePath,
 			serverUrl: sessionCtx.sdk.serverUrl,
-			chatId: sessionCtx.chatId
+			chatId: sessionCtx.chatId,
+			chatContext
 		});
-		generateClaudeMd(workspace, sessionCtx.agent, contextTreePath);
+		generateClaudeMd(workspace, sessionCtx.agent, contextTreePath, chatContext);
+	}
+	/** Full bootstrap: refresh identity/prompt + run the expensive
+	*  `first-tree tree integrate` shell-out. Used on `start()` and on
+	*  `resume()` when the stage-2 sentinel is missing. */
+	function runBootstrap(workspace, sessionCtx, chatContext) {
+		refreshIdentityAndPrompt(workspace, sessionCtx, chatContext);
 		if (contextTreePath) installFirstTreeIntegration({
 			workspacePath: workspace,
 			contextTreePath,
@@ -5214,7 +5367,8 @@ const createClaudeCodeHandler = (config) => {
 			ctx = sessionCtx;
 			claudeSessionId = randomUUID();
 			cwd = acquireWorkspace(workspaceRoot, sessionCtx.chatId);
-			runBootstrap(cwd, sessionCtx);
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			runBootstrap(cwd, sessionCtx, chatContext);
 			const payload = agentConfigCache?.get(sessionCtx.agent.agentId)?.payload;
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			markWorkspaceInitComplete(cwd);
@@ -5230,7 +5384,9 @@ const createClaudeCodeHandler = (config) => {
 			claudeSessionId = sessionId;
 			retryCount = 0;
 			cwd = acquireWorkspace(workspaceRoot, sessionCtx.chatId);
-			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) runBootstrap(cwd, sessionCtx);
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) runBootstrap(cwd, sessionCtx, chatContext);
+			else refreshIdentityAndPrompt(cwd, sessionCtx, chatContext);
 			const payload = agentConfigCache?.get(sessionCtx.agent.agentId)?.payload;
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			markWorkspaceInitComplete(cwd);
@@ -5323,12 +5479,14 @@ function isHubWorktreeMarker(path) {
 * `agent_configs.payload.prompt.append` and are passed to the Claude SDK via
 * `systemPrompt.append` — not through this file.
 */
-function generateClaudeMd(workspacePath, identity, contextTreePath) {
+function generateClaudeMd(workspacePath, identity, contextTreePath, chatContext) {
 	const sections = [];
 	const contextDir = join(workspacePath, ".agent", "context");
 	const name = identity.displayName ?? identity.agentId;
 	if (identity.type === "personal_assistant") sections.push(`# Agent Identity\n\nYou are ${name}, a personal assistant agent.\n`);
 	else sections.push(`# Agent Identity\n\nYou are ${name}, an autonomous agent.\n`);
+	const chatContextSection = renderChatContextSection(chatContext);
+	if (chatContextSection) sections.push(chatContextSection);
 	const agentInstructionsPath = join(contextDir, "agent-instructions.md");
 	if (existsSync(agentInstructionsPath)) {
 		const instructions = readFileSync(agentInstructionsPath, "utf-8");
@@ -5434,7 +5592,7 @@ const createCodexHandler = (config) => {
 		cfg.mcp_servers = mcpServers;
 		return cfg;
 	}
-	function buildAgentBriefing(payload) {
+	function buildAgentBriefing(payload, chatContext) {
 		const lines = [];
 		lines.push("# Agent Briefing");
 		lines.push("");
@@ -5442,11 +5600,28 @@ const createCodexHandler = (config) => {
 			lines.push(payload.prompt.append.trim());
 			lines.push("");
 		}
+		const chatContextSection = renderChatContextSection(chatContext);
+		if (chatContextSection) {
+			lines.push(chatContextSection.trimEnd());
+			lines.push("");
+		}
 		lines.push("Refer to `.agent/identity.json` for your agent identity, `.agent/tools.md` for the");
 		lines.push("first-tree-hub SDK reference, and `.agent/context/` for organisational context");
 		lines.push("(when configured).");
 		return lines.join("\n").concat("\n");
 	}
+	/**
+	* Best-effort chat-context fetch for the identity-injection path. Failures
+	* are logged but never bubble — bootstrap continues with `undefined`.
+	*/
+	async function fetchChatContextOrLog(sessionCtx) {
+		try {
+			return await fetchChatContext(sessionCtx.sdk, sessionCtx.chatId, sessionCtx.agent);
+		} catch (err) {
+			sessionCtx.log(`fetchChatContext failed: ${err instanceof Error ? err.message : String(err)}`);
+			return;
+		}
+	}
 	function toCodexInput(message, sessionCtx) {
 		return sessionCtx.formatInboundContent(message).then((text) => text);
 	}
@@ -5706,15 +5881,17 @@ const createCodexHandler = (config) => {
 				env: [],
 				gitRepos: []
 			};
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
 			bootstrapWorkspace({
 				workspacePath: cwd,
 				identity: sessionCtx.agent,
 				contextTreePath,
 				serverUrl: sessionCtx.sdk.serverUrl,
 				chatId: sessionCtx.chatId,
+				chatContext,
 				briefing: {
 					format: "agents-md",
-					content: buildAgentBriefing(payload)
+					content: buildAgentBriefing(payload, chatContext)
 				}
 			});
 			ensureFirstTreeBinding(cwd, sessionCtx);
@@ -5743,20 +5920,20 @@ const createCodexHandler = (config) => {
 				env: [],
 				gitRepos: []
 			};
-			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) {
-				bootstrapWorkspace({
-					workspacePath: cwd,
-					identity: sessionCtx.agent,
-					contextTreePath,
-					serverUrl: sessionCtx.sdk.serverUrl,
-					chatId: sessionCtx.chatId,
-					briefing: {
-						format: "agents-md",
-						content: buildAgentBriefing(payload)
-					}
-				});
-				ensureFirstTreeBinding(cwd, sessionCtx);
-			}
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			bootstrapWorkspace({
+				workspacePath: cwd,
+				identity: sessionCtx.agent,
+				contextTreePath,
+				serverUrl: sessionCtx.sdk.serverUrl,
+				chatId: sessionCtx.chatId,
+				chatContext,
+				briefing: {
+					format: "agents-md",
+					content: buildAgentBriefing(payload, chatContext)
+				}
+			});
+			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) ensureFirstTreeBinding(cwd, sessionCtx);
 			await prepareGitWorktrees(payload, cwd, sessionCtx);
 			markWorkspaceInitComplete(cwd);
 			codex = new Codex({
@@ -6072,17 +6249,10 @@ var Deduplicator = class {
 	}
 };
 function createResultSink(deps) {
-	async function buildMetadata(trigger) {
+	async function buildMetadata() {
 		const metadata = {};
 		const documentBasePath = await deps.getDocumentBasePath?.();
 		if (documentBasePath) metadata.documentContext = documentContextSchema.parse({ basePath: documentBasePath });
-		if (trigger && trigger.senderId !== deps.agent.agentId) {
-			const participants = await deps.participants.get();
-			if (participants.length <= 2) {
-				const peer = participants.find((p) => p.agentId === trigger.senderId);
-				if (!peer || peer.mode === "mention_only") metadata.mentions = [trigger.senderId];
-			} else metadata.mentions = [trigger.senderId];
-		}
 		return Object.keys(metadata).length > 0 ? metadata : void 0;
 	}
 	return async function forwardResult(text) {
@@ -6093,10 +6263,11 @@ function createResultSink(deps) {
 		}
 		const trigger = deps.getTrigger();
 		deps.clearTrigger();
-		const metadata = await buildMetadata(trigger);
+		const metadata = await buildMetadata();
 		await deps.sdk.sendMessage(deps.chatId, {
 			format: "text",
 			content: text,
+			purpose: "agent-final-text",
 			...trigger ? { inReplyTo: trigger.messageId } : {},
 			...metadata ? { metadata } : {}
 		});
@@ -6673,7 +6844,6 @@ var SessionManager = class {
 				this.currentTrigger.delete(chatId);
 			},
 			log,
-			participants,
 			getDocumentBasePath: () => this.resolveDocumentBasePath(log)
 		});
 		const envCtx = {
@@ -9611,7 +9781,7 @@ function formatCheckReport(items) {
 	}
 	return lines.join("\n");
 }
-async function resolveDefaultOrgId$1(serverUrl, accessToken) {
+async function resolveDefaultOrgId(serverUrl, accessToken) {
 	const res = await cliFetch(`${serverUrl}/api/v1/me`, {
 		headers: { Authorization: `Bearer ${accessToken}` },
 		signal: AbortSignal.timeout(1e4)
@@ -9646,7 +9816,7 @@ async function onboardCreate(args) {
 	if (args.role) metadata.role = args.role;
 	if (args.domains) metadata.domains = args.domains.split(",").map((d) => d.trim());
 	print.line(`Creating agent "${args.id}"...\n`);
-	const orgId = await resolveDefaultOrgId$1(serverUrl, accessToken);
+	const orgId = await resolveDefaultOrgId(serverUrl, accessToken);
 	const primary = await createAgentViaAdmin(serverUrl, accessToken, orgId, {
 		name: args.id,
 		type: args.type,
@@ -9683,7 +9853,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-BGx71p5s.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-CCWd-JE4.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -10896,7 +11066,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-l2iy80P2.mjs
+//#region ../server/dist/app-Cv337jed.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -10909,17 +11079,6 @@ var __exportAll = (all, no_symbols) => {
 	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
-/** Maps external user identities to internal Agents. */
-const adapterAgentMappings = pgTable("adapter_agent_mappings", {
-	id: serial("id").primaryKey(),
-	platform: text("platform").notNull(),
-	externalUserId: text("external_user_id").notNull(),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	boundVia: text("bound_via"),
-	displayName: text("display_name"),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [unique("uq_adapter_agent_mapping").on(table.platform, table.externalUserId)]);
 /**
 * Pull the JWT-verified `UserScope` off the request. The `userAuthHook`
 * middleware populates `request.user` synchronously before any handler
@@ -10980,10 +11139,23 @@ async function requireAgentAccess(request, db, kind) {
 	};
 }
 /**
-* Gate access to a chat. Allowed if the caller's HUMAN agent is a
-* participant, OR any agent the caller manages (via members.id) is a
-* participant. Admin role does NOT auto-grant chat access — chat content
-* remains private to participants and supervisors (their managers).
+* Gate access to a chat. Allowed if the caller's HUMAN agent has any
+* `chat_membership` row (speaker OR watcher), OR any agent the caller
+* manages (via members.id) is a speaker. Admin role does NOT auto-grant
+* chat access — chat content remains private to members and supervisors
+* (their managers).
+*
+* Watchers are allowed on the direct-membership branch because they
+* surface in `listMeChats` with their own unread badge and engagement
+* state; chat-scoped per-user operations like read-cursor and
+* watcher→speaker upgrade must be reachable from that surface. Write
+* endpoints that need to refuse watchers rely on `ensureParticipant`
+* or service-layer checks, not on this guard.
+*
+* The supervisor branch is a fallback for callers whose human agent
+* has no direct row but who manage a speaker — e.g. before
+* `recomputeChatWatchers` has materialised the watcher row, or when a
+* member's human agent and managed agent diverge in cross-org chats.
 *
 * The Params type is generic so routes that mount on a path with extra
 * params (e.g. `/agents/:uuid/sessions/:chatId/...` for compound checks)
@@ -11003,7 +11175,7 @@ async function requireChatAccess(request, db) {
 		role: caller.role,
 		humanAgentId: caller.humanAgentId
 	};
-	const [direct] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, caller.humanAgentId), eq(chatMembership.accessMode, "speaker"))).limit(1);
+	const [direct] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, caller.humanAgentId))).limit(1);
 	if (direct) {
 		stampOrgScope(request, scope);
 		stampChatResource(request, chat);
@@ -11092,16 +11264,6 @@ async function adapterMappingRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-/** Bot credentials for external platform adapters. Credentials are encrypted at application layer (AES-256-GCM). */
-const adapterConfigs = pgTable("adapter_configs", {
-	id: serial("id").primaryKey(),
-	platform: text("platform").notNull(),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	credentials: jsonb("credentials").$type().notNull(),
-	status: text("status").notNull().default("active"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (t) => [unique("uq_adapter_configs_agent_platform").on(t.agentId, t.platform)]);
 const ALGORITHM = "aes-256-gcm";
 const IV_LENGTH = 12;
 const AUTH_TAG_LENGTH = 16;
@@ -11370,7 +11532,7 @@ async function agentChatRoutes(app) {
 	app.get("/:chatId", async (request) => {
 		const identity = requireAgent(request);
 		await assertParticipant(app.db, request.params.chatId, identity.uuid);
-		const detail = await getChatDetail(app.db, request.params.chatId);
+		const detail = await getChatDetail(app.db, request.params.chatId, identity.uuid);
 		return {
 			...serializeChat(detail),
 			participants: detail.participants.map((p) => ({
@@ -11435,592 +11597,6 @@ async function agentConfigRoutes$1(app) {
 		return await app.configService.getDecrypted(identity.uuid);
 	});
 }
-/**
-* Per-agent runtime configuration (Hub-managed; not the local YAML config).
-*
-* One row per agent. `version` increments on every successful UPDATE
-* (optimistic locking via WHERE version = :expected). Sensitive env values
-* inside `payload.env[*]` are AES-256-GCM encrypted at write time and
-* masked when echoed via the Admin API (see Step 2).
-*
-* Integrity is enforced by the service layer per project convention:
-* no FK / CHECK / triggers on this table.
-*/
-const agentConfigs = pgTable("agent_configs", {
-	agentId: text("agent_id").primaryKey(),
-	version: integer("version").notNull().default(1),
-	payload: jsonb("payload").$type().notNull(),
-	updatedBy: text("updated_by").notNull(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
-/**
-* Resolve the UUID of the "default" organization. Internal use only —
-* webhooks, fallbacks, etc. The HTTP API layer no longer falls back to
-* the JWT default org.
-*/
-async function resolveDefaultOrgId(db) {
-	const [org] = await db.select({ id: organizations.id }).from(organizations).where(eq(organizations.name, "default")).limit(1);
-	if (!org) throw new Error("Default organization not found. Ensure the server has started and ensureDefaultOrganization() ran.");
-	return org.id;
-}
-async function getOrganization(db, id) {
-	const [org] = await db.select().from(organizations).where(eq(organizations.id, id)).limit(1);
-	if (!org) throw new NotFoundError(`Organization "${id}" not found`);
-	return org;
-}
-async function updateOrganization(db, id, data) {
-	const updates = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.name !== void 0) updates.name = data.name;
-	if (data.displayName !== void 0) updates.displayName = data.displayName;
-	if (data.maxAgents !== void 0) updates.maxAgents = data.maxAgents;
-	if (data.maxMessagesPerMinute !== void 0) updates.maxMessagesPerMinute = data.maxMessagesPerMinute;
-	if (data.features !== void 0) updates.features = data.features;
-	try {
-		const [org] = await db.update(organizations).set(updates).where(eq(organizations.id, id)).returning();
-		if (!org) throw new NotFoundError(`Organization "${id}" not found`);
-		return org;
-	} catch (err) {
-		if ((err?.code ?? err?.cause?.code ?? "") === "23505") throw new ConflictError(`Organization name "${data.name}" is already taken`);
-		throw err;
-	}
-}
-/**
-* Ensure the default organization exists. Called on server startup.
-* Uses a fixed UUID for the default org to ensure idempotency.
-*/
-async function ensureDefaultOrganization(db) {
-	const [existing] = await db.select({ id: organizations.id }).from(organizations).where(eq(organizations.name, "default")).limit(1);
-	if (existing) return existing;
-	const id = uuidv7();
-	const [org] = await db.insert(organizations).values({
-		id,
-		name: "default",
-		displayName: "Default Organization"
-	}).onConflictDoNothing().returning();
-	return org ?? existing;
-}
-/**
-* Names beginning with `__` are reserved for Hub-internal pseudo agents.
-* User-facing creation must not be able to squat on them, otherwise
-* internal traffic could be routed through a real account.
-*/
-const RESERVED_AGENT_NAME_PREFIX = "__";
-/**
-* Derive the relative URL clients should use to fetch a manager-uploaded
-* avatar image. Returns `null` when no image is set. Embeds the upload
-* timestamp as `?v=<epoch>` so a fresh upload busts any browser cache
-* that may have memoised the previous version.
-*
-* Auth: the image route is intentionally public read — the URL leaks no
-* more than the agent's UUID, which is already required to address it.
-* Keeping it unauthenticated lets `<img src>` render without bespoke
-* fetch-and-blob plumbing.
-*/
-function agentAvatarImageUrl(uuid, updatedAt) {
-	if (!updatedAt) return null;
-	return `/api/v1/agents/${uuid}/avatar?v=${updatedAt.getTime()}`;
-}
-/**
-* True iff `clients.metadata.capabilities` is a non-empty object — i.e. the
-* client has reported at least one runtime probe result. Used to distinguish
-* "we don't know what's installed yet" (empty / never reported) from
-* "client explicitly reports this provider is missing".
-*/
-function clientCapabilitiesReported(metadata) {
-	if (!metadata || typeof metadata !== "object") return false;
-	const caps = metadata.capabilities;
-	if (!caps || typeof caps !== "object") return false;
-	return Object.keys(caps).length > 0;
-}
-/**
-* Inspect a `clients.metadata.capabilities` blob (jsonb) for a specific
-* runtime provider entry. Capabilities live under the `metadata.capabilities`
-* subkey (Option C); the column is unstructured at the DB layer, so we
-* defensively narrow before key access.
-*
-* "Supports" requires the entry's SDK to be **available** — `state: "ok"` or
-* `state: "unauthenticated"`. A `missing` or `error` entry is *reported* but
-* not usable, so we explicitly reject those rather than treating mere key
-* presence as support. Auth state is left to the user to fix at runtime
-* (the re-bind dialog surfaces an `unauthenticated` hint).
-*/
-function clientSupportsRuntimeProvider(metadata, provider) {
-	if (!metadata || typeof metadata !== "object") return false;
-	const caps = metadata.capabilities;
-	if (!caps || typeof caps !== "object") return false;
-	const entry = caps[provider];
-	if (!entry || typeof entry !== "object") return false;
-	return entry.available === true;
-}
-/** Default visibility per agent type. */
-function defaultVisibility(type) {
-	switch (type) {
-		case "human":
-		case "autonomous_agent": return AGENT_VISIBILITY.ORGANIZATION;
-		case "personal_assistant": return AGENT_VISIBILITY.PRIVATE;
-		default: return AGENT_VISIBILITY.PRIVATE;
-	}
-}
-/**
-* Resolve + validate the client that will own the new agent.
-*
-* Rule (unified-user-token, post-first-bind relaxation):
-*   - Human agents represent the member themselves and have no runtime; a
-*     missing `clientId` is required and the column stays NULL.
-*   - Non-human agents MAY omit `clientId` at creation; the row stays NULL
-*     and is claimed on the first WS bind (see `api/agent/ws-client.ts`).
-*   - When a non-human agent IS created with a `clientId`, the pinned client
-*     must already be owned by the manager's user (Rule R-RUN).
-*/
-/**
-* Check that a client's reported capabilities show the given runtime provider
-* as **available** (SDK installed, regardless of auth state).
-*
-* Tri-state semantics by `clients.metadata.capabilities` shape:
-*   - empty / absent — client hasn't probed yet (newly registered or pre-P2
-*     install). Treat as "unknown" and allow; the in-band repair path
-*     (RUNTIME_PROVIDER_MISMATCH on bind) catches actual incompatibility.
-*   - reported, entry shows `state: ok | unauthenticated` (i.e. `available:
-*     true`) — allow.
-*   - reported, entry missing OR `state: missing | error` — block unless
-*     `force` is set. We deliberately do NOT treat mere key presence as
-*     support: probeCapabilities() always emits an entry per built-in
-*     provider, including `{ state: "missing" }` for absent SDKs.
-*
-* Skipped entirely for human agents (no clientId) and when `force` is set
-* (e.g. operator overrides for an offline client).
-*/
-async function ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, options = {}) {
-	if (clientId === null) return;
-	if (options.force) return;
-	const [client] = await db.select({ metadata: clients.metadata }).from(clients).where(eq(clients.id, clientId)).limit(1);
-	if (!client) return;
-	if (!clientCapabilitiesReported(client.metadata)) return;
-	if (!clientSupportsRuntimeProvider(client.metadata, runtimeProvider)) throw new BadRequestError(`Client "${clientId}" does not have runtime provider "${runtimeProvider}" available. Install the matching SDK on that machine and re-run capability detection, or retry with \`force: true\` if the client is offline / capabilities are stale.`);
-}
-async function resolveAgentClient(db, data) {
-	if (data.type === "human") {
-		if (data.clientId) throw new BadRequestError("Human agents cannot be pinned to a client");
-		return null;
-	}
-	if (!data.clientId) return null;
-	const [manager] = await db.select({ userId: members.userId }).from(members).where(eq(members.id, data.managerId)).limit(1);
-	if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-	const [client] = await db.select({
-		id: clients.id,
-		userId: clients.userId
-	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
-	if (!client) throw new BadRequestError(`Client "${data.clientId}" not found`);
-	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub connect <token>\` on that machine before pinning an agent to it.`);
-	if (client.userId !== manager.userId) throw new ForbiddenError(`Client "${data.clientId}" is not owned by the manager's user — pick a client belonging to that user.`);
-	return client.id;
-}
-/**
-* Validate a `delegateMention` write at the service layer. Two checks:
-*   1. Target uuid must resolve to an existing agent — dangling references
-*      would silently break webhook delegation at runtime.
-*   2. Target must belong to the same organization as the source agent —
-*      cross-org delegate links are rejected here at the source so the
-*      database never accumulates dirty rows. The webhook router has a
-*      defense-in-depth check that filters them at fan-out time, but this
-*      keeps the data clean and gives the admin UI an immediate 422 instead
-*      of a silent runtime drop.
-*
-* `null` clears the field — handled by the caller; we are only invoked when
-* the caller wrote a non-null uuid.
-*/
-async function validateDelegateMentionTarget(db, targetUuid, sourceOrgId) {
-	const [target] = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, targetUuid)).limit(1);
-	if (!target) throw new BadRequestError(`delegateMention target "${targetUuid}" not found`);
-	if (target.organizationId !== sourceOrgId) throw new BadRequestError("delegateMention target must belong to the same organization as the agent");
-}
-/**
-* Service-layer guard: `delegateMention` is only available for `human` agents.
-* Mirrors the Web UI in `identity-section.tsx`, which only renders the
-* delegate-mention selector when `agent.type === "human"`. Without this
-* server-side check, CLI / Admin API / internal scripts could write
-* delegateMention onto non-human rows, silently re-enabling the
-* autonomous-agent-self-mention path that resolveAudience would then fan
-* out. Called from `createAgent` / `updateAgent` before
-* `validateDelegateMentionTarget` so a wrong source type fails fast without
-* the target lookup round-trip.
-*/
-function assertDelegateMentionAllowed(sourceType) {
-	if (sourceType !== AGENT_TYPES.HUMAN) throw new BadRequestError("delegateMention can only be set on human agents");
-}
-/**
-* Pick the first admin member in the org for internal system agents. Throws
-* if the org has no admin — the caller should surface the error so an admin
-* is created before the system tries to register more agents.
-*/
-async function resolveFallbackManagerId(db, orgId) {
-	const [row] = await db.select({ id: members.id }).from(members).where(and(eq(members.organizationId, orgId), eq(members.role, "admin"))).orderBy(members.createdAt).limit(1);
-	if (!row) throw new BadRequestError(`Cannot create agent in organization "${orgId}" — no admin member exists. Create an admin member first (see \`first-tree-hub onboard\`).`);
-	return row.id;
-}
-async function createAgent(db, data, options = {}) {
-	const uuid = uuidv7();
-	const name = data.name ?? null;
-	const runtimeProvider = data.runtimeProvider ?? "claude-code";
-	if (name?.startsWith(RESERVED_AGENT_NAME_PREFIX)) throw new BadRequestError(`Agent name "${name}" is reserved — names starting with "${RESERVED_AGENT_NAME_PREFIX}" are Hub-internal`);
-	if (name && isReservedAgentName$1(name)) throw new BadRequestError(`Agent name "${name}" is reserved — pick a different one.`);
-	const inboxId = `inbox_${uuid}`;
-	let orgId;
-	let managerId;
-	if (data.managerId && data.organizationId) {
-		orgId = data.organizationId;
-		managerId = data.managerId;
-	} else if (data.managerId) {
-		const [manager] = await db.select({
-			id: members.id,
-			organizationId: members.organizationId
-		}).from(members).where(eq(members.id, data.managerId)).limit(1);
-		if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-		orgId = manager.organizationId;
-		managerId = manager.id;
-	} else {
-		orgId = data.organizationId ?? await resolveDefaultOrgId(db);
-		managerId = await resolveFallbackManagerId(db, orgId);
-	}
-	const clientId = await resolveAgentClient(db, {
-		clientId: data.clientId,
-		managerId,
-		type: data.type
-	});
-	await ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, { force: options.force });
-	if (data.delegateMention) {
-		assertDelegateMentionAllowed(data.type);
-		await validateDelegateMentionTarget(db, data.delegateMention, orgId);
-	}
-	const [org] = await db.select({ maxAgents: organizations.maxAgents }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
-	if (org && org.maxAgents > 0) {
-		if (((await db.select({ value: count() }).from(agents).where(and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED))))[0]?.value ?? 0) >= org.maxAgents) throw new ForbiddenError(`Organization "${orgId}" has reached its agent limit (${org.maxAgents}). Upgrade your plan or delete unused agents.`);
-	}
-	const resolvedDisplayName = data.displayName?.trim() || name || "Unnamed Agent";
-	try {
-		return await db.transaction(async (tx) => {
-			const [row] = await tx.insert(agents).values({
-				uuid,
-				name,
-				organizationId: orgId,
-				type: data.type,
-				displayName: resolvedDisplayName,
-				delegateMention: data.delegateMention ?? null,
-				inboxId,
-				source: data.source ?? null,
-				visibility: data.visibility ?? defaultVisibility(data.type),
-				metadata: data.metadata ?? {},
-				managerId,
-				clientId,
-				runtimeProvider
-			}).returning();
-			if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
-			const initialPayload = defaultRuntimeConfigPayload(runtimeProvider);
-			if (data.gitRepos && data.gitRepos.length > 0) initialPayload.gitRepos = data.gitRepos;
-			await tx.insert(agentConfigs).values({
-				agentId: row.uuid,
-				version: 1,
-				payload: initialPayload,
-				updatedBy: "system"
-			}).onConflictDoNothing();
-			return row;
-		});
-	} catch (err) {
-		if ((err?.code ?? err?.cause?.code ?? "") === "23505" && name) throw new ConflictError(`Agent name "${name}" already exists in organization "${orgId}"`);
-		throw err;
-	}
-}
-async function checkAgentNameAvailability(db, orgId, name) {
-	if (!AGENT_NAME_REGEX$1.test(name)) return {
-		available: false,
-		reason: "invalid"
-	};
-	if (isReservedAgentName$1(name) || name.startsWith(RESERVED_AGENT_NAME_PREFIX)) return {
-		available: false,
-		reason: "reserved"
-	};
-	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, orgId), eq(agents.name, name), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	return existing ? {
-		available: false,
-		reason: "taken"
-	} : { available: true };
-}
-async function getAgent(db, uuid) {
-	const [agent] = await db.select().from(agents).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	if (!agent) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return agent;
-}
-/**
-* Admin-only variant: return every non-deleted agent in the org, ignoring
-* the visibility filter. Used by the `/admin` "All Agents" view so a team
-* admin can see and act on private agents owned by other members. The
-* route layer is responsible for gating this to admin callers — the
-* service does not enforce role by itself, but it does enforce org scope
-* and the not-deleted predicate.
-*/
-async function listAgentsForAdmin(db, scope, limit, cursor) {
-	const conditions = [eq(agents.organizationId, scope.organizationId), ne(agents.status, AGENT_STATUSES.DELETED)];
-	if (cursor) conditions.push(lt(agents.createdAt, new Date(cursor)));
-	const where = and(...conditions);
-	const rows = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		organizationId: agents.organizationId,
-		type: agents.type,
-		displayName: agents.displayName,
-		delegateMention: agents.delegateMention,
-		inboxId: agents.inboxId,
-		status: agents.status,
-		visibility: agents.visibility,
-		metadata: agents.metadata,
-		managerId: agents.managerId,
-		clientId: agents.clientId,
-		runtimeProvider: agents.runtimeProvider,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		createdAt: agents.createdAt,
-		updatedAt: agents.updatedAt,
-		presenceStatus: agentPresence.status,
-		runtimeType: agentPresence.runtimeType,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions
-	}).from(agents).leftJoin(agentPresence, eq(agents.uuid, agentPresence.agentId)).where(where).orderBy(desc(agents.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
-	};
-}
-/**
-* List agents visible to a specific member.
-* Uses agentVisibilityCondition from access-control (same rules for all roles).
-*/
-async function listAgentsForMember(db, scope, limit, cursor, type) {
-	const conditions = [agentVisibilityCondition(scope.organizationId, scope.memberId)];
-	if (cursor) conditions.push(lt(agents.createdAt, new Date(cursor)));
-	if (type) conditions.push(eq(agents.type, type));
-	const where = and(...conditions);
-	const rows = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		organizationId: agents.organizationId,
-		type: agents.type,
-		displayName: agents.displayName,
-		delegateMention: agents.delegateMention,
-		inboxId: agents.inboxId,
-		status: agents.status,
-		visibility: agents.visibility,
-		metadata: agents.metadata,
-		managerId: agents.managerId,
-		clientId: agents.clientId,
-		runtimeProvider: agents.runtimeProvider,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		createdAt: agents.createdAt,
-		updatedAt: agents.updatedAt,
-		presenceStatus: agentPresence.status,
-		runtimeType: agentPresence.runtimeType,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions
-	}).from(agents).leftJoin(agentPresence, eq(agents.uuid, agentPresence.agentId)).where(where).orderBy(desc(agents.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
-	};
-}
-async function updateAgent(db, uuid, data) {
-	const agent = await getAgent(db, uuid);
-	if (data.clientId !== void 0) {
-		if (data.clientId === null) throw new BadRequestError("clientId cannot be cleared — once bound, an agent stays bound to its client");
-		if (agent.clientId !== null && agent.clientId !== data.clientId) throw new BadRequestError("clientId is immutable through this entry — cross-client moves go through rebindAgent (PATCH /agents/:uuid/rebind), which runs owner / org / capability checks atomically.");
-	}
-	const updates = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.type !== void 0) {
-		if (data.type !== AGENT_TYPES.HUMAN && agent.delegateMention !== null && data.delegateMention !== null) throw new BadRequestError("Cannot change type away from `human` while delegateMention is set — clear delegateMention in the same patch.");
-		updates.type = data.type;
-	}
-	if (data.displayName !== void 0) updates.displayName = data.displayName;
-	if (data.delegateMention !== void 0) {
-		if (data.delegateMention !== null) {
-			assertDelegateMentionAllowed(data.type ?? agent.type);
-			await validateDelegateMentionTarget(db, data.delegateMention, agent.organizationId);
-		}
-		updates.delegateMention = data.delegateMention;
-	}
-	if (data.visibility !== void 0) updates.visibility = data.visibility;
-	if (data.metadata !== void 0) updates.metadata = data.metadata;
-	if (data.avatarColorToken !== void 0) updates.avatarColorToken = data.avatarColorToken;
-	if (data.managerId !== void 0) {
-		if (data.managerId === null) throw new BadRequestError("managerId cannot be cleared — every agent must have a manager");
-		const [manager] = await db.select({
-			id: members.id,
-			organizationId: members.organizationId
-		}).from(members).where(eq(members.id, data.managerId)).limit(1);
-		if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-		if (manager.organizationId !== agent.organizationId) throw new BadRequestError("Manager must belong to the same organization as the agent");
-		updates.managerId = data.managerId;
-	}
-	if (data.clientId !== void 0 && data.clientId !== null && agent.clientId === null) {
-		const resolvedClientId = await resolveAgentClient(db, {
-			clientId: data.clientId,
-			managerId: updates.managerId ?? agent.managerId,
-			type: agent.type
-		});
-		if (resolvedClientId !== null) updates.clientId = resolvedClientId;
-	}
-	const [updated] = await db.update(agents).set(updates).where(eq(agents.uuid, agent.uuid)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	if (data.managerId !== void 0 && data.managerId !== agent.managerId) await recomputeWatchersForAgent(db, agent.uuid);
-	return updated;
-}
-/**
-* Atomically re-bind an agent to a new client and/or runtime provider.
-*
-* Validations: agent must exist and not be human; new client must belong to
-* the same owner (manager.userId) and same organization; client must report
-* the requested runtime provider in its capabilities (skipped under `force`).
-*
-* Intended caller: PATCH /agents/:uuid/rebind. The Web "Re-bind"
-* dialog routes both same-client runtime-only switches and cross-client
-* moves through this single entry.
-*
-* NOTE: active sessions on the previous client are not auto-suspended in P1.
-* P3 will wire in cross-service coordination (inbox + presence + session)
-* so the destination client can resume cleanly.
-*/
-async function rebindAgent(db, uuid, data) {
-	const agent = await getAgent(db, uuid);
-	if (agent.type === "human") throw new BadRequestError("Human agents have no runtime — they cannot be re-bound to a client.");
-	const newClientId = await resolveAgentClient(db, {
-		clientId: data.clientId,
-		managerId: agent.managerId,
-		type: agent.type
-	});
-	if (newClientId === null) throw new BadRequestError("Rebind requires a non-null clientId.");
-	await ensureClientSupportsRuntimeProvider(db, newClientId, data.runtimeProvider, { force: data.force });
-	const [updated] = await db.update(agents).set({
-		clientId: newClientId,
-		runtimeProvider: data.runtimeProvider,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return updated;
-}
-/**
-* Reactivate a suspended agent.
-*/
-async function reactivateAgent(db, uuid) {
-	const [existing] = await db.select({
-		uuid: agents.uuid,
-		status: agents.status
-	}).from(agents).where(eq(agents.uuid, uuid)).limit(1);
-	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${uuid}" not found`);
-	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be reactivated.");
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.ACTIVE,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return agent;
-}
-/**
-* Suspend an agent. Once suspended, Rule R-RUN refuses every runtime bind
-* and every agent-selector-authorised HTTP call.
-*/
-async function suspendAgent(db, uuid) {
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.SUSPENDED,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning();
-	if (!agent) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return agent;
-}
-/**
-* Delete an agent. Only allowed when status is "suspended". Sets name to NULL
-* so the name becomes reusable.
-*/
-async function deleteAgent(db, uuid) {
-	const [existing] = await db.select({
-		uuid: agents.uuid,
-		status: agents.status
-	}).from(agents).where(eq(agents.uuid, uuid)).limit(1);
-	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${uuid}" not found`);
-	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be deleted. Suspend the agent first.");
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.DELETED,
-		name: null,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	await db.delete(adapterConfigs).where(eq(adapterConfigs.agentId, uuid));
-	await db.delete(adapterAgentMappings).where(eq(adapterAgentMappings.agentId, uuid));
-	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return agent;
-}
-/**
-* Supported avatar-image MIME types. The web client always uploads WEBP after
-* its own resize step; we accept PNG/JPEG too so a caller using the raw HTTP
-* API (curl, scripts) doesn't have to re-encode. Anything else is rejected at
-* the boundary — we never store an unknown content type.
-*/
-const SUPPORTED_AVATAR_IMAGE_MIMES = [
-	"image/webp",
-	"image/png",
-	"image/jpeg"
-];
-/** Hard server-side ceiling for the stored bytea blob. Client pre-resizes to ~50KB. */
-const MAX_AVATAR_IMAGE_BYTES = 512 * 1024;
-function isSupportedAvatarMime(mime) {
-	return SUPPORTED_AVATAR_IMAGE_MIMES.find((m) => m === mime) !== void 0;
-}
-/**
-* Fetch the avatar image blob for an agent. Returns `null` when no image
-* is set (the column is NULL). The data + mime pair is always coherent
-* (set/cleared together by the service writes below).
-*/
-async function getAgentAvatarImage(db, uuid) {
-	const [row] = await db.select({
-		data: agents.avatarImageData,
-		mime: agents.avatarImageMime,
-		updatedAt: agents.avatarImageUpdatedAt
-	}).from(agents).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	if (!row || !row.data || !row.mime || !row.updatedAt) return null;
-	return {
-		data: row.data,
-		mime: row.mime,
-		updatedAt: row.updatedAt
-	};
-}
-/** Replace (or set) an agent's avatar image. Validates mime + size. */
-async function setAgentAvatarImage(db, uuid, data, mime) {
-	if (!isSupportedAvatarMime(mime)) throw new BadRequestError(`Unsupported avatar image type "${mime}". Use PNG, JPEG, or WEBP.`);
-	if (data.length === 0) throw new BadRequestError("Avatar image payload is empty.");
-	if (data.length > 524288) throw new BadRequestError(`Avatar image is too large (${data.length} bytes; max ${MAX_AVATAR_IMAGE_BYTES}).`);
-	const now = /* @__PURE__ */ new Date();
-	if ((await db.update(agents).set({
-		avatarImageData: data,
-		avatarImageMime: mime,
-		avatarImageUpdatedAt: now,
-		updatedAt: now
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning({ uuid: agents.uuid })).length === 0) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return now;
-}
-/** Clear an agent's avatar image (falls back to color + initial). */
-async function clearAgentAvatarImage(db, uuid) {
-	if ((await db.update(agents).set({
-		avatarImageData: null,
-		avatarImageMime: null,
-		avatarImageUpdatedAt: null,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning({ uuid: agents.uuid })).length === 0) throw new NotFoundError(`Agent "${uuid}" not found`);
-}
 const log$5 = createLogger$1("AgentFeishuBot");
 async function agentFeishuBotRoutes(app) {
 	/**
@@ -12171,7 +11747,7 @@ async function findOrCreateChatForChannel(db, data) {
 	const internalType = data.chatType === "p2p" ? "direct" : "group";
 	return db.transaction(async (tx) => {
 		const [botAgent] = await tx.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, data.botAgentId)).limit(1);
-		const orgId = botAgent?.organizationId ?? await resolveDefaultOrgId(db);
+		const orgId = botAgent?.organizationId ?? await resolveDefaultOrgId$1(db);
 		const metadata = chatMetadataSchema$1.parse({
 			source: data.platform,
 			externalChannelId: data.externalChannelId
@@ -12262,338 +11838,6 @@ async function agentFeishuUserRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-function normaliseSource(source) {
-	if (source === null) return null;
-	const parsed = messageSourceSchema$1.safeParse(source);
-	return parsed.success ? parsed.data : null;
-}
-function normaliseMode(mode) {
-	return mode === "mention_only" ? "mention_only" : "full";
-}
-/**
-* Batch variant — builds all payloads with a single DB lookup per agent plus
-* batched lookups for participant modes and inReplyTo snapshots.
-*/
-async function buildClientMessagePayloadsForInbox(db, inboxId, items) {
-	if (items.length === 0) return [];
-	const agentId = await resolveAgentId(db, {
-		kind: "inboxId",
-		inboxId
-	});
-	const [cfg] = await db.select({ version: agentConfigs.version }).from(agentConfigs).where(eq(agentConfigs.agentId, agentId)).limit(1);
-	const version = cfg?.version ?? 1;
-	const chatIds = [...new Set(items.map((it) => it.entryChatId ?? it.message.chatId).filter((id) => id !== null))];
-	const modeByChat = /* @__PURE__ */ new Map();
-	if (chatIds.length > 0) {
-		const rows = await db.select({
-			chatId: chatMembership.chatId,
-			mode: chatMembership.mode
-		}).from(chatMembership).where(and(eq(chatMembership.agentId, agentId), inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
-		for (const r of rows) modeByChat.set(r.chatId, normaliseMode(r.mode));
-	}
-	const inReplyToIds = [...new Set(items.map((it) => it.message.inReplyTo).filter((id) => id !== null))];
-	const snapshotById = /* @__PURE__ */ new Map();
-	if (inReplyToIds.length > 0) {
-		const origs = await db.select({
-			id: messages.id,
-			senderId: messages.senderId,
-			chatId: messages.chatId,
-			replyToChat: messages.replyToChat
-		}).from(messages).where(inArray(messages.id, inReplyToIds));
-		for (const o of origs) snapshotById.set(o.id, {
-			senderId: o.senderId,
-			chatId: o.chatId,
-			replyToChat: o.replyToChat
-		});
-	}
-	return items.map(({ entryChatId, message: m, precedingMessages = [] }) => ({
-		id: m.id,
-		chatId: m.chatId,
-		senderId: m.senderId,
-		format: m.format,
-		content: m.content,
-		metadata: m.metadata,
-		replyToInbox: m.replyToInbox,
-		replyToChat: m.replyToChat,
-		inReplyTo: m.inReplyTo,
-		source: normaliseSource(m.source),
-		createdAt: m.createdAt,
-		configVersion: version,
-		recipientMode: modeByChat.get(entryChatId ?? m.chatId) ?? "full",
-		inReplyToSnapshot: m.inReplyTo ? snapshotById.get(m.inReplyTo) ?? null : null,
-		precedingMessages
-	}));
-}
-async function resolveAgentId(db, source) {
-	if (source.kind === "agentId") return source.agentId;
-	const [agent] = await db.select({ uuid: agents.uuid }).from(agents).where(eq(agents.inboxId, source.inboxId)).limit(1);
-	if (!agent) throw new Error(`No agent owns inbox "${source.inboxId}"`);
-	return agent.uuid;
-}
-const DEFAULT_INBOX_TIMEOUT_SECONDS = 300;
-const DEFAULT_MAX_RETRY_COUNT = 3;
-const PRECEDING_CONTEXT_WINDOW_SECONDS = 1440 * 60;
-async function pollInbox(db, inboxId, limit) {
-	return withSpan("inbox.deliver", {
-		"inbox.id": inboxId,
-		"inbox.poll.limit": limit
-	}, () => pollInboxInner(db, inboxId, limit));
-}
-async function pollInboxInner(db, inboxId, limit) {
-	return db.transaction(async (tx) => {
-		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(limit).for("update", { skipLocked: true });
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
-			status: "delivered",
-			deliveredAt: /* @__PURE__ */ new Date()
-		}).where(inArray(inboxEntries.id, targetIds)).returning());
-	});
-}
-/**
-* Shared payload assembler for already-claimed `inbox_entries` rows.
-*
-* Both the HTTP poll path (`pollInbox`) and the WS push path
-* (`claimAndBuildForPush`) call this with rows they have just `UPDATE`d to
-* `status='delivered'`. Keeping the silent-context bundling in one place is
-* the only way to keep the two paths from drifting (proposal
-* hub-inbox-ws-data-plane §3.2 risk #1).
-*
-* Steps:
-*   1. Sort by `createdAt` ASC (PG `RETURNING` does not guarantee order).
-*   2. For each trigger, collect silent context & bulk-ack stale silent rows.
-*   3. Fetch the trigger messages.
-*   4. Build wire payloads via the single dispatcher.
-*
-* Returns `[]` if `claimed` is empty.
-*/
-async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
-	if (claimed.length === 0) return [];
-	claimed.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-	const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
-	const messageIds = claimed.map((e) => e.messageId);
-	const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
-	const msgMap = new Map(msgs.map((m) => [m.id, m]));
-	const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
-		const msg = msgMap.get(entry.messageId);
-		if (!msg) throw new Error(`Unexpected: message ${entry.messageId} not found`);
-		return {
-			entryChatId: entry.chatId,
-			precedingMessages: precedingByEntryId.get(entry.id) ?? [],
-			message: {
-				id: msg.id,
-				chatId: msg.chatId,
-				senderId: msg.senderId,
-				format: msg.format,
-				content: msg.content,
-				metadata: msg.metadata,
-				replyToInbox: msg.replyToInbox,
-				replyToChat: msg.replyToChat,
-				inReplyTo: msg.inReplyTo,
-				source: msg.source,
-				createdAt: msg.createdAt.toISOString()
-			}
-		};
-	}));
-	return claimed.map((entry, idx) => {
-		const payload = payloads[idx];
-		if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
-		return {
-			id: entry.id,
-			inboxId: entry.inboxId,
-			messageId: entry.messageId,
-			chatId: entry.chatId,
-			status: entry.status,
-			retryCount: entry.retryCount,
-			createdAt: entry.createdAt.toISOString(),
-			deliveredAt: entry.deliveredAt?.toISOString() ?? null,
-			ackedAt: entry.ackedAt?.toISOString() ?? null,
-			message: payload
-		};
-	});
-}
-/**
-* Realistic upper bound on rows a single NOTIFY references. The unique
-* constraint `(inbox_id, message_id, chat_id)` caps a `(inbox, message)`
-* pair at one row per chatId; the only way to exceed 1 today is the replyTo
-* cross-chat path (`message.ts` writes a second row keyed by the original's
-* `replyToChat`). 8 leaves headroom for any future fan-out variant without
-* requiring a schema change here.
-*/
-const PUSH_CLAIM_BATCH_LIMIT = 8;
-/**
-* WS-push path: atomically claim every pending entry the just-fired
-* `NOTIFY (inboxId:messageId)` references and assemble their wire payloads.
-*
-* Returns `[]` if no row matches — benign race with HTTP poll or another
-* server instance that already claimed the entry. NOTIFY is fire-and-forget
-* (proposal §3.2).
-*
-* Why an array, not a single row: `sendMessage` can write **two** rows for
-* the same `(inbox, messageId)` pair when the recipient is both a chat
-* participant and the `replyToInbox` of an earlier message — the unique key
-* is `(inbox_id, message_id, chat_id)`, so the rows differ by chatId. The
-* old `LIMIT 1` shape would only push the first; the second sat `pending`
-* until reconnect. Aligning with `pollInboxInner`'s `LIMIT N` shape closes
-* that gap and keeps push/poll behaviour interchangeable.
-*/
-async function claimAndBuildForPush(db, inboxId, messageId) {
-	return withSpan("inbox.deliver.push", {
-		"inbox.id": inboxId,
-		"message.id": messageId
-	}, () => db.transaction(async (tx) => {
-		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.messageId, messageId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(PUSH_CLAIM_BATCH_LIMIT).for("update", { skipLocked: true });
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
-			status: "delivered",
-			deliveredAt: /* @__PURE__ */ new Date()
-		}).where(inArray(inboxEntries.id, targetIds)).returning());
-	}));
-}
-/**
-* WS-push backlog path: on agent rebind (or once an in-flight slot frees up
-* after an ack), drain up to `limit` pending `notify=true` entries oldest-
-* first and assemble wire payloads. Identical claim shape to the HTTP poll
-* path — they are intentionally interchangeable so a hot-path bug fixed in
-* one shows up in the other (proposal §3.3 / §3.5).
-*/
-async function claimBacklogForPush(db, inboxId, limit) {
-	return withSpan("inbox.deliver.backlog", {
-		"inbox.id": inboxId,
-		"inbox.backlog.limit": limit
-	}, () => pollInboxInner(db, inboxId, limit));
-}
-/**
-* Per claimed trigger: SELECT silent (notify=false) pending rows in the same
-* chat that occurred between the previous trigger in this batch (or beginning
-* of time) and this trigger, capped by `PRECEDING_CONTEXT_MAX_ENTRIES` and
-* `PRECEDING_CONTEXT_WINDOW_SECONDS`. Returned messages are oldest-first.
-*
-* Side effect: bulk-ack ALL silent pending rows in each chat with
-* createdAt < latest_trigger.createdAt — including ones that fell outside
-* the window/cap. Otherwise stale silent rows would accumulate and re-load
-* on every poll.
-*/
-async function collectPrecedingContext(tx, inboxId, triggers) {
-	const result = /* @__PURE__ */ new Map();
-	const byChat = /* @__PURE__ */ new Map();
-	for (const t of triggers) {
-		if (t.chatId === null) continue;
-		const list = byChat.get(t.chatId) ?? [];
-		list.push(t);
-		byChat.set(t.chatId, list);
-	}
-	for (const [chatId, chatTriggers] of byChat) {
-		chatTriggers.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-		let prevCreatedAt = null;
-		for (const trigger of chatTriggers) {
-			const preceding = (await tx.select({
-				messageId: messages.id,
-				senderId: messages.senderId,
-				format: messages.format,
-				content: messages.content,
-				metadata: messages.metadata,
-				createdAt: messages.createdAt
-			}).from(inboxEntries).innerJoin(messages, eq(messages.id, inboxEntries.messageId)).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, trigger.createdAt), prevCreatedAt === null ? void 0 : gt(inboxEntries.createdAt, prevCreatedAt), sql`${inboxEntries.createdAt} > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})`)).orderBy(desc(inboxEntries.createdAt)).limit(50).for("update", {
-				of: inboxEntries,
-				skipLocked: true
-			})).map((r) => ({
-				id: r.messageId,
-				senderId: r.senderId,
-				format: r.format,
-				content: r.content,
-				metadata: r.metadata ?? {},
-				createdAt: r.createdAt.toISOString()
-			})).reverse();
-			result.set(trigger.id, preceding);
-			prevCreatedAt = trigger.createdAt;
-		}
-		const latestTrigger = chatTriggers[chatTriggers.length - 1];
-		if (latestTrigger) await tx.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, latestTrigger.createdAt)));
-	}
-	return result;
-}
-async function ackEntry$2(db, entryId, inboxId) {
-	return withSpan("inbox.ack", {
-		[FIRST_TREE_HUB_ATTR.INBOX_ENTRY_ID]: String(entryId),
-		"inbox.id": inboxId
-	}, async () => {
-		const [entry] = await db.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.id, entryId), eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "delivered"))).returning();
-		if (!entry) throw new NotFoundError("Inbox entry not found or not in delivered status");
-		return entry;
-	});
-}
-/**
-* Ack a delivered entry from the WS data plane, scoped to the inboxes the
-* connected socket has bound. Returns the acked row on success, `null` if no
-* row matches — a benign outcome the caller should ignore (the entry may
-* have already been acked, timed out, or never belonged to this socket).
-*
-* Distinct from {@link ackEntry} so the WS path can ack without trusting an
-* `inboxId` from the wire — only entries whose `inboxId` is in `inboxIds`
-* are eligible. Empty `inboxIds` short-circuits to `null`.
-*/
-async function ackEntryByIdForBoundAgents(db, entryId, inboxIds) {
-	if (inboxIds.length === 0) return null;
-	return withSpan("inbox.ack.ws", { [FIRST_TREE_HUB_ATTR.INBOX_ENTRY_ID]: String(entryId) }, async () => {
-		const [entry] = await db.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.id, entryId), inArray(inboxEntries.inboxId, inboxIds), eq(inboxEntries.status, "delivered"))).returning();
-		return entry ?? null;
-	});
-}
-async function renewEntry(db, entryId, inboxId) {
-	const [entry] = await db.update(inboxEntries).set({ deliveredAt: /* @__PURE__ */ new Date() }).where(and(eq(inboxEntries.id, entryId), eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "delivered"))).returning();
-	if (!entry) throw new NotFoundError("Inbox entry not found or not in delivered status");
-	return entry;
-}
-async function resetTimedOutEntries(db, timeoutSeconds = DEFAULT_INBOX_TIMEOUT_SECONDS, maxRetries = DEFAULT_MAX_RETRY_COUNT) {
-	const reset = await db.update(inboxEntries).set({
-		status: "pending",
-		retryCount: sql`${inboxEntries.retryCount} + 1`
-	}).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, lt(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
-	const failed = await db.update(inboxEntries).set({ status: "failed" }).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, gte(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
-	return {
-		reset: reset.length,
-		failed: failed.length
-	};
-}
-/** Default age (30 days) past which silent rows that no notify-true delivery
-*  ever picked up are physically deleted. */
-const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
-/**
-* Garbage-collect silent inbox rows so the table doesn't grow forever in
-* chats where a `mention_only` agent is never @mentioned.
-*
-* Two cleanup paths:
-*
-*   1. `notify=false AND status='acked'` of any age — these are fully
-*      consumed (either bundled into a previous trigger or aged out via the
-*      bulk-ack in `collectPrecedingContext`); keep them only as long as
-*      the corresponding message rows we link to. The unique constraint
-*      `(inbox_id, message_id, chat_id)` means leaving them around blocks
-*      legitimate retries with the same key.
-*
-*   2. `notify=false AND status='pending' AND createdAt < NOW() - maxAge` —
-*      stale silent rows that no trigger ever caught up with. After 30
-*      days they're useless as preceding context (the @mention almost
-*      certainly already happened or the chat went dormant).
-*
-* Returns the number of rows deleted in each bucket so the background task
-* can log meaningful counts.
-*/
-async function pruneStaleSilentEntries(db, maxAgeSeconds = SILENT_ROW_GC_MAX_AGE_SECONDS) {
-	const ackedDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "acked"))).returning({ id: inboxEntries.id });
-	const stalePendingDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "pending"), sql`${inboxEntries.createdAt} < NOW() - make_interval(secs => ${maxAgeSeconds})`)).returning({ id: inboxEntries.id });
-	return {
-		ackedDeleted: ackedDeleted.length,
-		stalePendingDeleted: stalePendingDeleted.length
-	};
-}
 async function agentInboxRoutes(app) {
 	app.get("/", async (request) => {
 		const identity = requireAgent(request);
@@ -15789,743 +15033,6 @@ async function bootstrapConfigRoutes(_app) {
 	});
 }
 /**
-* Per-(chat, agent) user state — independent from membership structure.
-*
-* This is the third layer of the chat data model: while `chats` owns
-* the entity and `chat_membership` owns the structural relation
-* (who can speak, who watches), this table owns the user's private
-* state about a chat. The reason it lives apart: structural changes
-* (speaker ↔ watcher, manager rebind, recompute) must never overwrite
-* user-private state — physical separation makes that an invariant
-* rather than a service-layer discipline.
-*
-* Columns evolve incrementally as new per-user state is needed.
-* Currently:
-*   - `last_read_at`, `unread_mention_count` — seeded by PR-A from
-*     the legacy `chat_participants` / `chat_subscriptions` columns.
-*   - `engagement_status` — added in 0040; per-(chat, user) view
-*     state (active / archived / deleted). Auto-revives archived →
-*     active on new message; deleted is sticky (only the user can
-*     restore from the chat detail page).
-*
-* Future fields slated for this table: pinned, mute_until, draft,
-* custom_title, last_seen_at — each as a separate change.
-*
-* Rows are lazy-upserted on first user write (markRead / mention
-* counter bump / engagement transition). Reads use COALESCE for
-* defaults so callers see `'active'` etc. even when no row exists.
-* Service-layer integrity (no FK / CHECK / trigger).
-*
-* See proposals/chat-data-model-restructure.20260512.md §8.6.
-*/
-const chatUserState = pgTable("chat_user_state", {
-	chatId: text("chat_id").notNull(),
-	agentId: text("agent_id").notNull(),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	engagementStatus: text("engagement_status").notNull().default("active")
-}, (table) => [
-	primaryKey({ columns: [table.chatId, table.agentId] }),
-	index("idx_user_state_agent").on(table.agentId),
-	index("idx_user_state_unread").on(table.agentId).where(sql`unread_mention_count > 0`)
-]);
-/** Extract a plain-text summary from a message's JSONB content field.
-*  Used as the auto-title fallback in chat list rendering — see
-*  `me-chat.ts:resolveChatTitle` and `admin/chats.ts:getChat`.
-*
-*  - `@<name>` mention tokens are stripped before truncation: in the
-*    chat-first model they're routing/audience metadata, not part of
-*    the user's intent. Leaving them in produces noisy titles like
-*    "@hub-agent-01 帮我重构这个文件" or "你好 @hub-agent-02 看看".
-*  - Whitespace runs (including those left behind by mention removal)
-*    collapse to single spaces.
-*  - If the cleaned text is empty (e.g., a message that's only
-*    `@hub-agent-01`), returns null so the caller falls through to
-*    the participant-join fallback.
-*  - Slicing is code-point-aware (`Array.from + join`) so emoji /
-*    surrogate pairs aren't split into garbled half-characters. */
-function extractSummary(content, maxLen = 50) {
-	let text = "";
-	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
-	else if (typeof content === "string") text = content;
-	if (!text) return null;
-	const cleaned = stripCode(text).replace(MENTION_REGEX, "").replace(/\s+/g, " ").trim();
-	if (!cleaned) return null;
-	return Array.from(cleaned).slice(0, maxLen).join("");
-}
-/** List sessions for a specific agent, with optional state filters. */
-async function listAgentSessions(db, agentId, filters) {
-	const conditions = [eq(agentChatSessions.agentId, agentId)];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const agentRuntimeState = presence?.runtimeState ?? null;
-	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
-	const chatIds = rows.map((r) => r.chatId);
-	const messageCounts = chatIds.length > 0 ? await db.select({
-		chatId: inboxEntries.chatId,
-		count: sql`count(*)::int`
-	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
-	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	return rows.map((r) => ({
-		agentId: r.agentId,
-		chatId: r.chatId,
-		state: r.state,
-		runtimeState: agentRuntimeState,
-		startedAt: r.chatCreatedAt.toISOString(),
-		lastActivityAt: r.updatedAt.toISOString(),
-		messageCount: countMap.get(r.chatId) ?? 0,
-		summary: summaryMap.get(r.chatId) ?? null,
-		topic: r.chatTopic ?? null
-	}));
-}
-/** Get a single session's detail. */
-async function getSession(db, agentId, chatId) {
-	const [row] = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
-	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
-	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
-	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
-	return {
-		agentId: row.agentId,
-		chatId: row.chatId,
-		state: row.state,
-		runtimeState: presence?.runtimeState ?? null,
-		startedAt: row.chatCreatedAt.toISOString(),
-		lastActivityAt: row.updatedAt.toISOString(),
-		messageCount: countRow?.count ?? 0,
-		summary,
-		topic: row.chatTopic ?? null
-	};
-}
-/** List all sessions across all agents, with pagination. Scoped to organization. */
-async function listAllSessions(db, limit, cursor, filters) {
-	const conditions = [];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
-	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
-	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const agentIds = [...new Set(items.map((r) => r.agentId))];
-	const presenceRows = agentIds.length > 0 ? await db.select({
-		agentId: agentPresence.agentId,
-		runtimeState: agentPresence.runtimeState
-	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
-	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
-	const chatIds = [...new Set(items.map((r) => r.chatId))];
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	const last = items[items.length - 1];
-	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
-	return {
-		items: items.map((r) => ({
-			agentId: r.agentId,
-			chatId: r.chatId,
-			state: r.state,
-			runtimeState: runtimeMap.get(r.agentId) ?? null,
-			startedAt: r.chatCreatedAt.toISOString(),
-			lastActivityAt: r.updatedAt.toISOString(),
-			messageCount: 0,
-			summary: summaryMap.get(r.chatId) ?? null,
-			topic: r.chatTopic ?? null
-		})),
-		nextCursor
-	};
-}
-/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
-async function suspendSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
-}
-/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
-async function archiveSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
-}
-async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
-	const now = /* @__PURE__ */ new Date();
-	let finalState = null;
-	let transitioned = false;
-	await db.transaction(async (tx) => {
-		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
-		if (!existing) return;
-		const current = existing.state;
-		finalState = current;
-		if (!from.includes(current)) return;
-		await tx.update(agentChatSessions).set({
-			state: target,
-			updatedAt: now
-		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		await tx.update(agentPresence).set({
-			activeSessions: counts?.active ?? 0,
-			totalSessions: counts?.total ?? 0,
-			lastSeenAt: now
-		}).where(eq(agentPresence.agentId, agentId));
-		if (target === "evicted") await markSupersededByChat(tx, chatId, "chat_archived");
-		finalState = target;
-		transitioned = true;
-	});
-	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
-	return {
-		state: finalState,
-		transitioned
-	};
-}
-/**
-* Filter sessions to only those where the given agent is also a participant in the chat.
-* Used when a non-manager views sessions of an org-visible agent — they should only see
-* sessions for chats they participate in.
-*/
-async function filterSessionsByParticipant(db, sessions, participantAgentId) {
-	if (sessions.length === 0) return [];
-	const chatIds = sessions.map((s) => s.chatId);
-	const participantRows = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.agentId, participantAgentId), eq(chatMembership.accessMode, "speaker")));
-	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
-	return sessions.filter((s) => allowedChatIds.has(s.chatId));
-}
-/**
-* Member-facing chat service backing `/me/chats*` endpoints (chat-first
-* workspace).
-*
-* Responsibilities:
-*   - Cursor-paginated conversation list (single-stream JOIN over the
-*     unified `chat_membership` + `chat_user_state` tables).
-*   - Create a new chat (no dedupe, runs `recomputeChatWatchers` after).
-*   - Add participants (idempotent, UPSERT into `chat_membership`,
-*     runs `recomputeChatWatchers` after).
-*   - Mark-read (UPSERT into `chat_user_state`).
-*   - Join → watcher to speaker (delegates to `watcher.ts`).
-*   - Leave → speaker to watcher or detach (delegates to `watcher.ts`).
-*
-* See proposals/chat-data-model-restructure.20260512.md §8 (schema)
-* and §11.1 (per-route mapping).
-*/
-function encodeCursor(lastMessageAt, chatId) {
-	const payload = `${lastMessageAt ? lastMessageAt.toISOString() : ""}|${chatId}`;
-	return Buffer.from(payload, "utf8").toString("base64url");
-}
-function decodeCursor(cursor) {
-	try {
-		const decoded = Buffer.from(cursor, "base64url").toString("utf8");
-		const sep = decoded.indexOf("|");
-		if (sep < 0) return null;
-		const tsPart = decoded.slice(0, sep);
-		const chatId = decoded.slice(sep + 1);
-		if (!chatId) return null;
-		const lastMessageAt = tsPart.length > 0 ? new Date(tsPart) : null;
-		if (lastMessageAt && Number.isNaN(lastMessageAt.getTime())) return null;
-		return {
-			lastMessageAt,
-			chatId
-		};
-	} catch {
-		return null;
-	}
-}
-const { ACTIVE: ACTIVE$1, ARCHIVED: ARCHIVED$1, DELETED } = CHAT_ENGAGEMENT_STATUSES;
-/**
-* SQL predicate for each engagement view tab. `deleted` is never a valid view
-* value — deleted rows are reachable only through `GET /chats/:chatId` + the
-* Restore banner on the chat detail page.
-*/
-const ENGAGEMENT_VIEW_PREDICATE = {
-	active: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) = ${ACTIVE$1}`,
-	archived: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) = ${ARCHIVED$1}`,
-	all: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) IN (${ACTIVE$1}, ${ARCHIVED$1})`
-};
-/**
-* Write the caller's engagement state for this chat. UPSERT into
-* `chat_user_state` — the row may not yet exist (the user might not have
-* marked-read or been @-mentioned), so an INSERT with the engagement value
-* is the first write; subsequent transitions are UPDATEs.
-*
-* Idempotent. Mirrors the UPSERT shape used by `markMeChatRead`.
-*/
-async function setChatEngagement(db, chatId, agentId, status) {
-	await db.insert(chatUserState).values({
-		chatId,
-		agentId,
-		unreadMentionCount: 0,
-		engagementStatus: status
-	}).onConflictDoUpdate({
-		target: [chatUserState.chatId, chatUserState.agentId],
-		set: { engagementStatus: status }
-	});
-}
-/**
-* Read the caller's engagement state. Returns `'active'` when no
-* `chat_user_state` row exists yet (lazy-materialised; matches the SQL
-* `COALESCE(..., 'active')` used elsewhere).
-*/
-async function getCallerEngagement(db, chatId, agentId) {
-	const [row] = await db.select({ engagementStatus: chatUserState.engagementStatus }).from(chatUserState).where(and(eq(chatUserState.chatId, chatId), eq(chatUserState.agentId, agentId))).limit(1);
-	return row?.engagementStatus ?? ACTIVE$1;
-}
-const KNOWN_NON_MANUAL_PREDICATE = sql`(
-     (c.metadata->>'source' = 'github' AND c.metadata->>'entityType' IN (${sql.join(GITHUB_ENTITY_TYPES.map((t) => sql`${t}`), sql.raw(", "))}))
-  OR c.metadata->>'source' = 'feishu'
-)`;
-const chatSourceSqlExpression = sql`CASE
-    ${sql.join(GITHUB_ENTITY_TYPES.map((t) => sql`WHEN c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = ${t} THEN ${`github_${t}`}`), sql.raw("\n    "))}
-    WHEN c.metadata->>'source' = 'feishu' THEN 'feishu'
-    ELSE 'manual'
-  END`;
-function sourceFilterSql(source) {
-	switch (source) {
-		case "manual": return sql`(${KNOWN_NON_MANUAL_PREDICATE}) IS NOT TRUE`;
-		case "github_issue": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'issue')`;
-		case "github_pull_request": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'pull_request')`;
-		case "github_discussion": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'discussion')`;
-		case "github_commit": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'commit')`;
-		case "feishu": return sql`(c.metadata->>'source' = 'feishu')`;
-	}
-}
-/**
-* GET /me/chats — cursor-paginated conversation list.
-*
-* SQL strategy:
-*   - Single-stream query: `chats JOIN chat_membership LEFT JOIN
-*     chat_user_state`. The membership row carries access_mode
-*     (speaker → "participant" / watcher → "watching"); the user
-*     state row supplies the unread counter (COALESCE → 0 when
-*     row is missing).
-*   - Filter `parent_chat_id IS NULL` (nested chats not surfaced in v1).
-*   - Filter `c.organization_id = ?` to defend against historical
-*     cross-org pollution rows that may still reference the caller
-*     (see fix/cross-org-direct-chat-pollution).
-*   - Sort `(last_message_at DESC NULLS LAST, chat_id DESC)`.
-*   - Cursor narrows the result to rows STRICTLY before the cursor.
-*   - Followed by a participants-list lookup for the page only.
-*/
-async function listMeChats(db, humanAgentId, organizationId, query) {
-	const limit = query.limit;
-	const cursor = query.cursor ? decodeCursor(query.cursor) : null;
-	if (query.cursor && !cursor) throw new BadRequestError("Invalid cursor");
-	const filterUnreadOnly = query.filter === "unread";
-	const filterWatchingOnly = query.filter === "watching";
-	const engagementPredicate = ENGAGEMENT_VIEW_PREDICATE[query.engagement];
-	const sourcePredicate = query.source ? sourceFilterSql(query.source) : sql`TRUE`;
-	const cursorTsIso = cursor?.lastMessageAt ? cursor.lastMessageAt.toISOString() : null;
-	const cursorPredicate = !cursor ? sql`TRUE` : cursor.lastMessageAt === null ? sql`(c.last_message_at IS NULL AND c.id < ${cursor.chatId})` : sql`(c.last_message_at IS NULL
-             OR c.last_message_at < ${cursorTsIso}::timestamptz
-             OR (c.last_message_at = ${cursorTsIso}::timestamptz AND c.id < ${cursor.chatId}))`;
-	const rawRows = await db.execute(sql`
-    SELECT
-      c.id                  AS chat_id,
-      c.type                AS type,
-      c.topic               AS topic,
-      c.parent_chat_id      AS parent_chat_id,
-      c.last_message_at     AS last_message_at,
-      c.last_message_preview AS last_message_preview,
-      (SELECT count(*) FROM chat_membership
-        WHERE chat_id = c.id AND access_mode = 'speaker') AS participant_count,
-      cm.access_mode AS access_mode,
-      COALESCE(cus.unread_mention_count, 0) AS unread_mention_count,
-      COALESCE(cus.engagement_status, ${ACTIVE$1}) AS engagement_status
-      FROM chats c
-      JOIN chat_membership cm
-        ON cm.chat_id = c.id AND cm.agent_id = ${humanAgentId}
-      LEFT JOIN chat_user_state cus
-        ON cus.chat_id = c.id AND cus.agent_id = ${humanAgentId}
-     WHERE c.parent_chat_id IS NULL
-       /* Scope to the caller's org. Without this, cross-org dirty
-          chats whose chat_membership still references the caller's
-          human agent (historical pollution — see
-          fix/cross-org-direct-chat-pollution) would leak into the
-          list and 404 on click via requireChatAccess. */
-       AND c.organization_id = ${organizationId}
-       AND (${!filterUnreadOnly}::bool OR COALESCE(cus.unread_mention_count, 0) > 0)
-       AND (${!filterWatchingOnly}::bool OR cm.access_mode = 'watcher')
-       AND ${engagementPredicate}
-       AND ${sourcePredicate}
-       AND ${cursorPredicate}
-     ORDER BY c.last_message_at DESC NULLS LAST, c.id DESC
-     LIMIT ${limit + 1}
-  `);
-	const toDate = (v) => {
-		if (v === null) return null;
-		return v instanceof Date ? v : new Date(v);
-	};
-	const hasMore = rawRows.length > limit;
-	const pageRaw = hasMore ? rawRows.slice(0, limit) : rawRows;
-	const last = pageRaw[pageRaw.length - 1];
-	const nextCursor = hasMore && last ? encodeCursor(toDate(last.last_message_at), last.chat_id) : null;
-	if (pageRaw.length === 0) return {
-		rows: [],
-		nextCursor: null
-	};
-	const chatIds = pageRaw.map((r) => r.chat_id);
-	const participantRows = await db.select({
-		chatId: chatMembership.chatId,
-		agentId: chatMembership.agentId,
-		displayName: agents.displayName,
-		type: agents.type,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		sessionState: agentChatSessions.state
-	}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).leftJoin(agentChatSessions, and(eq(agentChatSessions.agentId, chatMembership.agentId), eq(agentChatSessions.chatId, chatMembership.chatId))).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
-	const participantsByChat = /* @__PURE__ */ new Map();
-	const engagedByChat = /* @__PURE__ */ new Map();
-	for (const p of participantRows) {
-		const list = participantsByChat.get(p.chatId) ?? [];
-		list.push({
-			agentId: p.agentId,
-			displayName: p.displayName,
-			type: p.type,
-			avatarColorToken: p.avatarColorToken,
-			avatarImageUrl: agentAvatarImageUrl(p.agentId, p.avatarImageUpdatedAt)
-		});
-		participantsByChat.set(p.chatId, list);
-		if (p.sessionState === "active") {
-			const engaged = engagedByChat.get(p.chatId) ?? [];
-			engaged.push(p.agentId);
-			engagedByChat.set(p.chatId, engaged);
-		}
-	}
-	const liveActivityByChat = await deriveLiveActivity(db, chatIds);
-	const firstMessageRows = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const firstMessageSummary = /* @__PURE__ */ new Map();
-	for (const row of firstMessageRows) {
-		const s = extractSummary(row.content);
-		if (s) firstMessageSummary.set(row.chatId, s);
-	}
-	return {
-		rows: pageRaw.map((r) => {
-			const participants = participantsByChat.get(r.chat_id) ?? [];
-			const title = resolveChatTitle(r.topic, firstMessageSummary.get(r.chat_id) ?? null, participants, humanAgentId);
-			const isSpeaker = r.access_mode === "speaker";
-			return {
-				chatId: r.chat_id,
-				type: r.type,
-				membershipKind: isSpeaker ? "participant" : "watching",
-				title,
-				topic: r.topic,
-				participants,
-				participantCount: Number(r.participant_count),
-				lastMessageAt: toDate(r.last_message_at)?.toISOString() ?? null,
-				lastMessagePreview: r.last_message_preview,
-				unreadMentionCount: r.unread_mention_count,
-				canReply: isSpeaker,
-				engagementStatus: r.engagement_status,
-				engagedAgentIds: engagedByChat.get(r.chat_id) ?? [],
-				liveActivity: liveActivityByChat.get(r.chat_id) ?? null
-			};
-		}),
-		nextCursor
-	};
-}
-/**
-* Per-chat live activity, derived from the most recent `session_events` row.
-*
-* Returns a chatId → LiveActivity map; chats with no activity (or where the
-* latest event is terminal / stale) are absent from the map (caller treats
-* absence as null).
-*/
-async function deriveLiveActivity(db, chatIds) {
-	if (chatIds.length === 0) return /* @__PURE__ */ new Map();
-	const chatIdInClause = sql.join(chatIds.map((id) => sql`${id}`), sql`, `);
-	const rows = (await db.execute(sql`
-    SELECT acs.agent_id        AS agent_id,
-           acs.chat_id         AS chat_id,
-           e.kind              AS kind,
-           e.payload           AS payload,
-           e.created_at        AS created_at
-      FROM agent_chat_sessions acs
-      CROSS JOIN LATERAL (
-        SELECT kind, payload, created_at, seq
-          FROM session_events se
-         WHERE se.agent_id = acs.agent_id
-           AND se.chat_id  = acs.chat_id
-         ORDER BY se.seq DESC
-         LIMIT 1
-      ) e
-     WHERE acs.chat_id IN (${chatIdInClause})
-       AND acs.state <> 'evicted'
-  `)).map((r) => ({
-		agent_id: r.agent_id,
-		chat_id: r.chat_id,
-		kind: r.kind,
-		payload: r.payload,
-		created_at: r.created_at
-	}));
-	const now = Date.now();
-	const byChat = /* @__PURE__ */ new Map();
-	for (const row of rows) {
-		const activity = toLiveActivity(row);
-		if (!activity) continue;
-		const createdAtMs = new Date(row.created_at).getTime();
-		if (now - createdAtMs > 6e4) continue;
-		const existing = byChat.get(row.chat_id);
-		if (!existing || createdAtMs > existing.createdAtMs) byChat.set(row.chat_id, {
-			activity,
-			createdAtMs
-		});
-	}
-	const out = /* @__PURE__ */ new Map();
-	for (const [chatId, { activity }] of byChat) out.set(chatId, activity);
-	return out;
-}
-/**
-* Translate a `session_events` row into a `LiveActivity`, or null when the
-* kind is terminal (`turn_end` / `error`) or unrecognised. Pure & exported
-* for unit testing.
-*/
-function toLiveActivity(row) {
-	const startedAt = new Date(row.created_at).toISOString();
-	switch (row.kind) {
-		case "tool_call": {
-			const payload = row.payload ?? {};
-			const label = typeof payload.name === "string" && payload.name.length > 0 ? payload.name : "Tool";
-			return {
-				agentId: row.agent_id,
-				kind: "tool_call",
-				label,
-				startedAt
-			};
-		}
-		case "thinking": return {
-			agentId: row.agent_id,
-			kind: "thinking",
-			label: "Thinking",
-			startedAt
-		};
-		case "assistant_text": return {
-			agentId: row.agent_id,
-			kind: "assistant_text",
-			label: "Writing",
-			startedAt
-		};
-		default: return null;
-	}
-}
-/**
-* Title resolution priority:
-*
-*   1. `chat.topic` (manual, set via `PATCH /chats/:chatId`)
-*   2. First message summary (auto, ≤ 50 chars from `extractSummary`)
-*   3. Participant join (fallback when chat has no messages yet)
-*/
-function resolveChatTitle(topic, firstMessageSummary, participants, selfAgentId) {
-	if (topic && topic.length > 0) return topic;
-	if (firstMessageSummary && firstMessageSummary.length > 0) return firstMessageSummary;
-	const others = participants.filter((p) => p.agentId !== selfAgentId);
-	if (others.length === 0) return "Empty chat";
-	if (others.length <= 3) return others.map((p) => p.displayName).join(", ");
-	return `${others[0]?.displayName}, ${others[1]?.displayName} +${others.length - 2}`;
-}
-async function createMeChat(db, humanAgentId, organizationId, body) {
-	const distinctIds = [...new Set(body.participantIds)].filter((id) => id !== humanAgentId);
-	if (distinctIds.length === 0) throw new BadRequestError("At least one non-self participant required");
-	const allIds = [humanAgentId, ...distinctIds];
-	const found = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, allIds));
-	if (found.length !== allIds.length) {
-		const foundSet = new Set(found.map((a) => a.uuid));
-		throw new BadRequestError(`Agents not found: ${allIds.filter((id) => !foundSet.has(id)).join(", ")}`);
-	}
-	const crossOrg = found.filter((a) => a.organizationId !== organizationId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.uuid).join(", ")}`);
-	const chatType = distinctIds.length === 1 ? "direct" : "group";
-	const chatId = randomUUID();
-	const topic = body.topic ?? null;
-	await db.transaction(async (tx) => {
-		await tx.insert(chats).values({
-			id: chatId,
-			organizationId,
-			type: chatType,
-			topic
-		});
-		await addChatParticipants(tx, chatId, allIds.map((agentId) => ({
-			agentId,
-			role: agentId === humanAgentId ? "owner" : "member"
-		})));
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-	return { chatId };
-}
-async function addMeChatParticipants(db, chatId, callerHumanAgentId, callerOrganizationId, body) {
-	const distinct = [...new Set(body.participantIds)];
-	if (distinct.length === 0) throw new BadRequestError("At least one participant required");
-	const [chat] = await db.select({
-		id: chats.id,
-		organizationId: chats.organizationId,
-		type: chats.type
-	}).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
-	if (chat.organizationId !== callerOrganizationId) throw new NotFoundError(`Chat "${chatId}" not found`);
-	const [callerRow] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, callerHumanAgentId), eq(chatMembership.accessMode, "speaker"))).limit(1);
-	if (!callerRow) throw new NotFoundError(`Chat "${chatId}" not found`);
-	const found = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, distinct));
-	if (found.length !== distinct.length) {
-		const foundSet = new Set(found.map((a) => a.uuid));
-		throw new BadRequestError(`Agents not found: ${distinct.filter((id) => !foundSet.has(id)).join(", ")}`);
-	}
-	const crossOrg = found.filter((a) => a.organizationId !== chat.organizationId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization participant rejected: ${crossOrg.map((a) => a.uuid).join(", ")}`);
-	await db.transaction(async (tx) => {
-		const existingSpeakers = await tx.select({ agentId: chatMembership.agentId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.accessMode, "speaker")));
-		const existingSpeakerSet = new Set(existingSpeakers.map((e) => e.agentId));
-		const toUpsert = distinct.filter((id) => !existingSpeakerSet.has(id));
-		if (toUpsert.length === 0) {
-			await recomputeChatWatchers(tx, chatId);
-			return;
-		}
-		if (existingSpeakers.length + toUpsert.length >= 3 && chat.type === "direct") await changeChatType(tx, chatId, "group");
-		await addChatParticipants(tx, chatId, toUpsert.map((agentId) => ({
-			agentId,
-			role: "member"
-		})), { upgradeWatcherToSpeaker: true });
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-}
-async function markMeChatRead(db, chatId, humanAgentId) {
-	const now = /* @__PURE__ */ new Date();
-	await db.insert(chatUserState).values({
-		chatId,
-		agentId: humanAgentId,
-		lastReadAt: now,
-		unreadMentionCount: 0
-	}).onConflictDoUpdate({
-		target: [chatUserState.chatId, chatUserState.agentId],
-		set: {
-			lastReadAt: now,
-			unreadMentionCount: 0
-		}
-	});
-	return {
-		chatId,
-		lastReadAt: now.toISOString(),
-		unreadMentionCount: 0
-	};
-}
-async function joinMeChat(db, chatId, humanAgentId) {
-	ensureCanJoin(await resolveChatMembership(db, chatId, humanAgentId));
-	await joinAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-}
-async function leaveMeChat(db, chatId, humanAgentId) {
-	const result = await leaveAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-	return result;
-}
-/**
-* Used by future bell-badge / list-pill counts. The partial index
-* `idx_user_state_unread WHERE unread_mention_count > 0` bounds the
-* driving scan; we then join `chat_membership` + `chats` so the badge
-* stays consistent with `listMeChats`.
-*
-* Why the joins (not just a single-table count): per §11.4 a user's
-* `chat_user_state` row is **preserved on detach** so read state
-* survives a leave/rejoin cycle. Without the membership join, any
-* preserved row with `unread_mention_count > 0` would keep
-* contributing to the badge even though the chat no longer appears in
-* the list. The `chats` join applies the same org-scoping +
-* `parent_chat_id IS NULL` filter as `listMeChats` so the two counts
-* cannot drift in the cross-org pollution or nested-chat cases either.
-*
-* Engagement parity: deleted chats are excluded from `listMeChats`
-* (any `engagement` view), so the badge must exclude them too — otherwise
-* the user sees an unread red dot for a chat they've removed from view.
-*/
-/**
-* Per-source aggregate for the conversation-list tag bar.
-*
-* Returns one row per source the caller has at least one chat for, plus an
-* always-present `manual` entry (zero counts when there are no manual chats —
-* the workspace UI uses `manual` as its default tab and must render it even
-* when empty).
-*
-* Filtering matches `listMeChats` for the corresponding tab so the badges
-* cannot drift from the list: same membership join, same `parent_chat_id IS
-* NULL` and `organization_id` scopes, same engagement view, same
-* `chat_user_state.unread_mention_count` source.
-*/
-async function listMeChatSourceCounts(db, humanAgentId, organizationId, query) {
-	const engagementPredicate = ENGAGEMENT_VIEW_PREDICATE[query.engagement];
-	const rows = await db.execute(sql`
-    SELECT
-      ${chatSourceSqlExpression} AS source,
-      count(*)::int AS chat_count,
-      count(*) FILTER (WHERE COALESCE(cus.unread_mention_count, 0) > 0)::int AS unread_chat_count
-      FROM chats c
-      JOIN chat_membership cm
-        ON cm.chat_id = c.id AND cm.agent_id = ${humanAgentId}
-      LEFT JOIN chat_user_state cus
-        ON cus.chat_id = c.id AND cus.agent_id = ${humanAgentId}
-     WHERE c.parent_chat_id IS NULL
-       AND c.organization_id = ${organizationId}
-       AND ${engagementPredicate}
-     GROUP BY 1
-  `);
-	const counts = {};
-	for (const row of rows) counts[row.source] = {
-		chatCount: Number(row.chat_count),
-		unreadChatCount: Number(row.unread_chat_count)
-	};
-	if (!counts.manual) counts.manual = {
-		chatCount: 0,
-		unreadChatCount: 0
-	};
-	return { counts };
-}
-/**
 * Class C — resource-scoped chat routes. Mounted at
 * `/api/v1/chats/:chatId/...`. The chat's `organizationId` locates its
 * org; `requireChatAccess` resolves the caller's membership in that org
@@ -16534,7 +15041,17 @@ async function listMeChatSourceCounts(db, humanAgentId, organizationId, query) {
 async function chatRoutes(app) {
 	app.get("/:chatId", async (request) => {
 		const { chat, scope } = await requireChatAccess(request, app.db);
-		const participants = await app.db.select().from(chatMembership).where(and(eq(chatMembership.chatId, chat.id), eq(chatMembership.accessMode, "speaker")));
+		const participants = await app.db.select({
+			agentId: chatMembership.agentId,
+			role: chatMembership.role,
+			mode: chatMembership.mode,
+			joinedAt: chatMembership.joinedAt,
+			name: agents.name,
+			displayName: agents.displayName,
+			type: agents.type,
+			avatarColorToken: agents.avatarColorToken,
+			avatarImageUpdatedAt: agents.avatarImageUpdatedAt
+		}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).where(and(eq(chatMembership.chatId, chat.id), eq(chatMembership.accessMode, "speaker")));
 		const firstMsgRows = await app.db.execute(sql`
       SELECT content FROM messages
        WHERE chat_id = ${chat.id}
@@ -16542,25 +15059,13 @@ async function chatRoutes(app) {
        LIMIT 1
     `);
 		const firstMessagePreview = firstMsgRows[0] ? extractSummary(firstMsgRows[0].content) : null;
-		const participantAgentIds = participants.map((p) => p.agentId);
-		const agentRows = participantAgentIds.length > 0 ? await app.db.select({
-			agentId: agents.uuid,
-			displayName: agents.displayName,
-			type: agents.type,
-			avatarColorToken: agents.avatarColorToken,
-			avatarImageUpdatedAt: agents.avatarImageUpdatedAt
-		}).from(agents).where(inArray(agents.uuid, participantAgentIds)) : [];
-		const agentMeta = new Map(agentRows.map((a) => [a.agentId, a]));
-		const participantsForTitle = participants.map((p) => {
-			const meta = agentMeta.get(p.agentId);
-			return {
-				agentId: p.agentId,
-				displayName: meta?.displayName ?? p.agentId,
-				type: meta?.type ?? "unknown",
-				avatarColorToken: meta?.avatarColorToken ?? null,
-				avatarImageUrl: agentAvatarImageUrl(p.agentId, meta?.avatarImageUpdatedAt ?? null)
-			};
-		});
+		const participantsForTitle = participants.map((p) => ({
+			agentId: p.agentId,
+			displayName: p.displayName,
+			type: p.type,
+			avatarColorToken: p.avatarColorToken ?? null,
+			avatarImageUrl: agentAvatarImageUrl(p.agentId, p.avatarImageUpdatedAt ?? null)
+		}));
 		const title = resolveChatTitle(chat.topic, firstMessagePreview, participantsForTitle, scope.humanAgentId);
 		const engagementStatus = await getCallerEngagement(app.db, chat.id, scope.humanAgentId);
 		return {
@@ -16574,6 +15079,9 @@ async function chatRoutes(app) {
 				agentId: p.agentId,
 				role: p.role,
 				mode: p.mode,
+				name: p.name,
+				displayName: p.displayName,
+				type: p.type,
 				joinedAt: p.joinedAt.toISOString()
 			}))
 		};
@@ -16723,6 +15231,11 @@ async function chatRoutes(app) {
 		const { scope } = await requireChatAccess(request, app.db);
 		return markMeChatRead(app.db, request.params.chatId, scope.humanAgentId);
 	});
+	/** POST /chats/:chatId/unread — manual "mark as unread" affordance. Idempotent. */
+	app.post("/:chatId/unread", async (request) => {
+		const { scope } = await requireChatAccess(request, app.db);
+		return markMeChatUnread(app.db, request.params.chatId, scope.humanAgentId);
+	});
 	/** POST /chats/:chatId/participants — add speaking participants. Idempotent. */
 	app.post("/:chatId/participants", async (request, reply) => {
 		const { scope } = await requireChatAccess(request, app.db);
@@ -18089,7 +16602,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-CNv7gfFF-DOFZ75wb.mjs");
+	const { previewInvitation } = await import("./invitation-C9m2gQx4-CkwWteA3.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -18378,7 +16891,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-gSnsRu5W-v_mC1sRY.mjs");
+		const { listMyPinnedAgents } = await import("./client-CDw0f-kN-BPzOVd8L.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**