@agent-team-foundation/first-tree-hub 0.14.1 → 0.14.3

package/dist/{saas-connect-BBRxjmBS.mjs → saas-connect-ChxZv2YQ.mjs}

@@ -1,12 +1,12 @@
 import { a as __toCommonJS, o as __toESM, t as __commonJSMin } from "./chunk-BSw8zbkd.mjs";
 import { A as FIRST_TREE_HUB_ATTR, C as stampOrgScope, D as untrustedAttrs, E as startWsConnectionSpan, M as require_pino, O as withSpan, S as stampChatResource, _ as rootLogger$1, a as buildRateLimitError, c as currentTraceId, g as reportErrorToRoot, i as bodyCaptureOnSendHook, j as redactUrl, k as withWsMessageSpan, l as decodeJwtForTrace, m as observabilityPlugin, n as applyLoggerConfig, o as classifyJoseError, r as attachRequestContext, s as createLogger$1, t as adapterAttrs, u as endWsConnectionSpan, x as stampAgentResource, y as setWsConnectionAttrs } from "./observability-BAScT_5S-BcW9HgkG.mjs";
-import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-C15ZBOCC.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-CQQGgIx1.mjs";
 import { a as print, i as blank, n as CLI_USER_AGENT, r as COMMAND_VERSION, s as status, t as cliFetch } from "./cli-fetch--tiwKm5S.mjs";
-import { $ as listMeChatSourceCountsQuerySchema, A as createMeChatSchema, At as updateOrganizationSchema, B as githubAppInstallationClaimBodySchema, C as clientRegisterSchema, Ct as submitQuestionAnswerSchema, D as createAdapterMappingSchema, Dt as updateChatSchema, E as createAdapterConfigSchema, Et as updateAgentSchema, F as delegateFeishuUserSchema, G as imageInlineContentSchema, H as githubCallbackQuerySchema, I as dryRunAgentRuntimeConfigSchema, J as inboxPollQuerySchema, K as inboxAckFrameSchema, M as createOrgFromMeSchema, O as createAgentSchema, Ot as updateClientCapabilitiesSchema, P as defaultRuntimeConfigPayload, Q as joinByInvitationSchema, R as getMeDocResponseSchema, St as stripCode, T as contextTreeSnapshotSchema, Tt as updateAgentRuntimeConfigSchema, U as githubDevCallbackQuerySchema, V as githubAppInstallationPermissionsSchema$1, W as githubStartQuerySchema, X as isRedactedEnvValue, Y as isOrgSettingNamespace, Z as isReservedAgentName$1, _ as agentBindRequestSchema, _t as sendToAgentSchema, a as AGENT_TYPES, at as paginationQuerySchema, b as agentTypeSchema$1, bt as sessionReconcileRequestSchema, d as MENTION_REGEX, dt as refreshTokenSchema, et as listMeChatsQuerySchema, f as NOTIFICATION_TYPES, ft as runtimeStateMessageSchema, g as addParticipantSchema, gt as sendMessageSchema, h as addMeChatParticipantsSchema, ht as selfServiceFeishuBotSchema, i as AGENT_STATUSES, it as onboardingEventSchema, j as createMemberSchema, jt as wsAuthFrameSchema, k as createChatSchema, kt as updateMemberSchema, l as GITHUB_ENTITY_TYPES, m as WS_AUTH_FRAME_TIMEOUT_MS, n as AGENT_NAME_REGEX$1, nt as messageSourceSchema$1, o as AGENT_VISIBILITY, ot as patchChatEngagementSchema, p as ORG_SETTINGS_NAMESPACES$1, pt as safeRedirectPath, q as inboxDeliverFrameSchema$1, r as AGENT_SELECTOR_HEADER$1, rt as notificationQuerySchema, s as CHAT_ENGAGEMENT_STATUSES, st as patchOnboardingSchema, t as AGENT_BIND_REJECT_REASONS, tt as loginSchema, ut as rebindAgentSchema, v as agentPinnedMessageSchema$1, vt as sessionEventMessageSchema, w as connectTokenExchangeSchema, wt as updateAdapterConfigSchema, x as chatMetadataSchema$1, xt as sessionStateMessageSchema, y as agentRuntimeConfigPayloadSchema$1, yt as sessionEventSchema$1, z as getMeDocSchema } from "./dist-1XGLJMOq.mjs";
-import { a as ConflictError, c as UnauthorizedError, i as ClientUserMismatchError$1, l as organizations, n as BadRequestError, o as ForbiddenError, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as users } from "./errors-LPcARA4K-Dbrptiyz.mjs";
+import { $ as listMeChatSourceCountsQuerySchema, A as createMeChatSchema, At as updateOrganizationSchema, B as githubAppInstallationClaimBodySchema, C as clientRegisterSchema, Ct as submitQuestionAnswerSchema, D as createAdapterMappingSchema, Dt as updateChatSchema, E as createAdapterConfigSchema, Et as updateAgentSchema, F as delegateFeishuUserSchema, G as imageInlineContentSchema, H as githubCallbackQuerySchema, I as dryRunAgentRuntimeConfigSchema, J as inboxPollQuerySchema, K as inboxAckFrameSchema, M as createOrgFromMeSchema, O as createAgentSchema, Ot as updateClientCapabilitiesSchema, Q as joinByInvitationSchema, R as getMeDocResponseSchema, T as contextTreeSnapshotSchema, Tt as updateAgentRuntimeConfigSchema, U as githubDevCallbackQuerySchema, V as githubAppInstallationPermissionsSchema$1, W as githubStartQuerySchema, X as isRedactedEnvValue, Y as isOrgSettingNamespace, _ as agentBindRequestSchema, _t as sendToAgentSchema, at as paginationQuerySchema, b as agentTypeSchema$1, bt as sessionReconcileRequestSchema, dt as refreshTokenSchema, et as listMeChatsQuerySchema, f as NOTIFICATION_TYPES, ft as runtimeStateMessageSchema, g as addParticipantSchema, gt as sendMessageSchema, h as addMeChatParticipantsSchema, ht as selfServiceFeishuBotSchema, i as AGENT_STATUSES, it as onboardingEventSchema, j as createMemberSchema, jt as wsAuthFrameSchema, k as createChatSchema, kt as updateMemberSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, o as AGENT_VISIBILITY, ot as patchChatEngagementSchema, p as ORG_SETTINGS_NAMESPACES$1, pt as safeRedirectPath, q as inboxDeliverFrameSchema$1, r as AGENT_SELECTOR_HEADER$1, rt as notificationQuerySchema, s as CHAT_ENGAGEMENT_STATUSES, st as patchOnboardingSchema, t as AGENT_BIND_REJECT_REASONS, tt as loginSchema, ut as rebindAgentSchema, v as agentPinnedMessageSchema$1, vt as sessionEventMessageSchema, w as connectTokenExchangeSchema, wt as updateAdapterConfigSchema, x as chatMetadataSchema$1, xt as sessionStateMessageSchema, y as agentRuntimeConfigPayloadSchema$1, yt as sessionEventSchema$1, z as getMeDocSchema } from "./dist-CwsiHGX7.mjs";
+import { a as ClientUserMismatchError$1, c as NotFoundError, d as users, f as uuidv7, i as ClientOrgMismatchError$1, l as UnauthorizedError, n as AppError, o as ConflictError, r as BadRequestError, s as ForbiddenError, u as organizations } from "./uuid-DbS_4vFh-iFghv4zA.mjs";
 import { n as init_esm, r as trace, t as esm_exports } from "./esm-iadMkGbV.mjs";
-import { $ as notifyRecipients, A as getPresence, B as listAgentsManagedByUser, C as ensureParticipant, D as getChatDetail, E as getCachedAudience, F as joinAsParticipant, G as listClients, H as listChatParticipantsWithNames, I as joinChat, K as listClientsForOrgAdmin, L as leaveAsParticipant, M as heartbeatInstance, N as inboxEntries, O as getClient, P as invalidateChatAudience, Q as messages, R as leaveChat, S as ensureCanJoin, T as getActivityOverview, U as listChats, V as listAgentsWithRuntime, W as listChatsForMember, X as markSupersededByChat, Y as markStaleAgents, Z as members, _ as createChat, _t as unbindAgent, a as agentVisibilityCondition, at as registerClient, b as disconnectClient, c as assertParticipant, ct as resolveChatMembership, d as chatMembership, dt as sendToAgent$1, et as pendingQuestions, f as chats, ft as serverInstances, g as clients, gt as touchAgent, h as cleanupStalePresence, ht as submitAnswer, i as agentPresence, it as registerChatMessageDispatcher, j as heartbeatClient, k as getOnlineCount, l as bindAgent, lt as retireClient, m as cleanupStaleClients, mt as setRuntimeState, n as addParticipant, nt as recomputeWatchersForAgent, o as agents, ot as removeParticipant, p as claimClient, pt as setOffline, q as listMessages, r as agentChatSessions, rt as recomputeWatchersForMember, s as assertClientOwner, st as resetActivity, t as addChatParticipants, tt as recomputeChatWatchers, u as changeChatType, ut as sendMessage, v as createNotifier, vt as updateClientCapabilities, w as findOrCreateDirectChat, x as editMessage, y as deriveAuthState, yt as upsertSessionState, z as listActiveAgentsPinnedToClient } from "./client-CzXmweS9-DhUiuQvL.mjs";
-import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl, u as uuidv7 } from "./invitation-DZO4NX3P-BPxTeHf-.mjs";
+import { $ as heartbeatClient, $t as unbindAgent, A as createChat, At as pruneStaleSilentEntries, B as filterSessionsByParticipant, Bt as resolveDefaultOrgId$1, C as claimBacklogForPush, Ct as markMeChatUnread, D as clearAgentAvatarImage, Dt as notifyRecipients, E as cleanupStalePresence, Et as messages, F as disconnectClient, Ft as registerClient, G as getCachedAudience, Gt as setAgentAvatarImage, H as getActivityOverview, Ht as sendMessage, I as editMessage, It as removeParticipant, J as getClient, Jt as setRuntimeState, K as getCallerEngagement, Kt as setChatEngagement, L as ensureDefaultOrganization, Lt as resetActivity, M as createNotifier, Mt as rebindAgent, N as deleteAgent, Nt as recomputeWatchersForMember, O as clients, Ot as pendingQuestions, P as deriveAuthState, Pt as registerChatMessageDispatcher, Q as getSession, Qt as touchAgent, R as ensureParticipant, Rt as resetTimedOutEntries, S as claimAndBuildForPush, St as markMeChatRead, T as cleanupStaleClients, Tt as members, U as getAgent, Ut as sendToAgent$1, V as findOrCreateDirectChat, Vt as retireClient, W as getAgentAvatarImage, Wt as serverInstances, X as getOrganization, Xt as suspendAgent, Y as getOnlineCount, Yt as submitAnswer, Z as getPresence, Zt as suspendSession, _ as bindAgent, _t as listClientsForOrgAdmin, a as adapterConfigs, at as leaveMeChat, b as chats, bt as listMessages, c as addParticipant, ct as listAgentsForAdmin, d as agentConfigs, dt as listAgentsWithRuntime, en as updateAgent, et as heartbeatInstance, f as agentPresence, ft as listAllSessions, g as assertParticipant, gt as listClients, h as assertClientOwner, ht as listChatsForMember, i as adapterAgentMappings, it as leaveChat, j as createMeChat, jt as reactivateAgent, k as createAgent, kt as pollInbox, l as agentAvatarImageUrl, lt as listAgentsForMember, m as archiveSession, mt as listChats, n as SUPPORTED_AVATAR_IMAGE_MIMES, nn as updateOrganization, nt as joinChat, o as addChatParticipants, ot as listActiveAgentsPinnedToClient, p as agents, pt as listChatParticipantsWithNames, q as getChatDetail, qt as setOffline, r as ackEntryByIdForBoundAgents, rn as upsertSessionState, rt as joinMeChat, s as addMeChatParticipants, st as listAgentSessions, t as MAX_AVATAR_IMAGE_BYTES, tn as updateClientCapabilities, tt as inboxEntries, u as agentChatSessions, ut as listAgentsManagedByUser, v as chatMembership, vt as listMeChatSourceCounts, w as claimClient, wt as markStaleAgents, x as checkAgentNameAvailability, y as chatUserState, yt as listMeChats, z as extractSummary, zt as resolveChatTitle } from "./client-BSfCc0pJ-BP_1f21y.mjs";
+import { a as invitationRedemptions, c as recordRedemption, i as getActiveInvitation, l as rotateInvitation, n as ensureActiveInvitation, o as invitations, r as findActiveByToken, t as buildInviteUrl } from "./invitation-D_ENPHyj-5ETiae5r.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { basename, delimiter, dirname, extname, isAbsolute, join, normalize, relative, resolve, sep } from "node:path";
@@ -25,7 +25,7 @@ import { fileURLToPath } from "node:url";
 import * as semver from "semver";
 import { confirm, input, password, select } from "@inquirer/prompts";
 import bcrypt from "bcrypt";
-import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
+import { and, asc, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
@@ -822,13 +822,17 @@ z.object({
 	participantIds: z.array(z.string()).min(1),
 	metadata: optionalChatMetadataSchema.optional()
 });
-const chatParticipantSchema = z.object({
+/**
+* Participant row with the agent's public-ish metadata resolved — used by the
+* client runtime for `@<name>` mention extraction against the authoritative
+* participant set (see proposals/hub-agent-messaging-reply-and-mentions §4).
+*/
+const chatParticipantDetailSchema = z.object({
 	agentId: z.string(),
 	role: z.string(),
 	mode: z.string(),
 	joinedAt: z.string()
-});
-chatParticipantSchema.extend({
+}).extend({
 	name: z.string().nullable(),
 	displayName: z.string(),
 	type: z.string()
@@ -843,7 +847,7 @@ z.object({
 	createdAt: z.string(),
 	updatedAt: z.string()
 }).extend({
-	participants: z.array(chatParticipantSchema),
+	participants: z.array(chatParticipantDetailSchema),
 	title: z.string(),
 	firstMessagePreview: z.string().nullable(),
 	engagementStatus: chatEngagementStatusSchema
@@ -883,9 +887,13 @@ z.object({
 * Optional opt-in flags the client carries on `client:register` to advertise
 * which negotiable wire-protocol features it implements. Distinct from
 * `clientCapabilitiesSchema` (per-runtime-provider availability — different
-* concept). Older clients omit the field; the server treats every unset flag
-* as `false` and falls back to the legacy path. See proposal
-* hub-inbox-ws-data-plane §3.6.
+* concept).
+*
+* 0.10.4 ~ 0.14.2 clients still send this block (with `wsInboxDeliver: true`
+* hard-coded). The 0.14.3+ runtime omits it. The schema is retained so that
+* middle-version `client:register` frames still parse, even though the
+* server no longer reads any of these fields — the WS inbox data plane is
+* mandatory on this server build.
 */
 const clientWireCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
 z.object({
@@ -1110,8 +1118,8 @@ z.object({
 });
 /**
 * Server → client WS frame carrying the full image bytes for an image
-* message. Pushed before the corresponding `new_message` notification so
-* the client has the file on disk by the time it polls the message.
+* message. Pushed before the corresponding `inbox:deliver` frame so the
+* client has the file on disk by the time it renders the message.
 *
 * Best-effort: if the target client WS lives on a different server
 * instance (or is offline), the frame is lost and the reference message
@@ -1142,6 +1150,23 @@ const messageFormatSchema = z.enum([
 	"question",
 	"question_answer"
 ]);
+/**
+* Optional intent tag set by the client when posting through
+* `POST /agent/chats/:id/messages`. Tells the server *why* this write is
+* happening so it can pick the right enforcement profile.
+*
+*   - `"agent-final-text"`: handler-initiated forward of an agent's final
+*     reply text (today: `runtime/result-sink.ts`) OR an `AskUserQuestion`
+*     payload posted via the canUseTool bridge. Both should land in chat
+*     history so human observers in the web UI can see what the agent is
+*     doing, but neither should wake other agents and neither should be
+*     subject to the group-chat `@mention required` guard — they are not
+*     a user-typed group broadcast. v1 §四 改造 4 (b) bypass channel.
+*
+* Default-`undefined` means a regular agent-initiated send (CLI `chat send`,
+* adapter, etc.) and goes through the normal enforcement profile.
+*/
+const messagePurposeSchema = z.enum(["agent-final-text"]);
 z.object({
 	format: messageFormatSchema.default("text"),
 	content: z.unknown(),
@@ -1149,7 +1174,8 @@ z.object({
 	inReplyTo: z.string().optional(),
 	replyToInbox: z.string().optional(),
 	replyToChat: z.string().optional(),
-	source: messageSourceSchema.optional()
+	source: messageSourceSchema.optional(),
+	purpose: messagePurposeSchema.optional()
 });
 z.object({
 	format: messageFormatSchema.default("text"),
@@ -1157,7 +1183,8 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()).optional(),
 	replyToInbox: z.string().optional(),
 	replyToChat: z.string().optional(),
-	source: messageSourceSchema.optional()
+	source: messageSourceSchema.optional(),
+	direct: z.boolean().optional()
 });
 const messageSchema = z.object({
 	id: z.string(),
@@ -1253,14 +1280,11 @@ z.object({
 }).extend({ message: clientMessageSchema });
 z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
 /**
-* server → client: a single inbox entry pushed over the active WS connection,
-* replacing the legacy `new_message` doorbell + HTTP `/inbox` poll round-trip.
+* server → client: a single inbox entry pushed over the active WS connection.
 *
 * `entryId` is the server-side `inbox_entries.id` the client must echo back
-* in `inbox:ack`. `message` is exactly what the legacy poll path returned —
-* `clientMessageSchema` already carries `precedingMessages`, so the client-
-* side dispatch logic is reused verbatim (see proposal
-* hub-inbox-ws-data-plane §3.1).
+* in `inbox:ack`. `clientMessageSchema` carries `precedingMessages`, so the
+* client-side dispatch logic handles the silent-context bundle uniformly.
 *
 * `.passthrough()` so a forward-rolling server may extend the frame without
 * breaking older clients that validate strictly. Older clients drop unknown
@@ -1370,6 +1394,10 @@ z.object({
 	lastReadAt: z.string(),
 	unreadMentionCount: z.number().int()
 });
+z.object({
+	chatId: z.string(),
+	unreadMentionCount: z.number().int()
+});
 z.object({
 	chatId: z.string(),
 	membershipKind: meChatMembershipKindSchema.nullable()
@@ -1988,8 +2016,13 @@ z.object({
 /**
 * Negotiable wire-protocol features the server advertises in its `welcome`
 * frame. Older clients drop the `capabilities` field silently because the
-* frame is `.passthrough()`. New clients gate optional code paths on it —
-* absent ⇒ feature off, never assumed.
+* frame is `.passthrough()`.
+*
+* Required by clients in the 0.10.4 ~ 0.14.2 range: those builds read
+* `wsInboxDeliver` here to decide whether to skip the local HTTP poll loop
+* and rely on `inbox:deliver` push frames. The 0.14.3+ runtime ignores the
+* field (push is the only path) but the server still emits it so middle-
+* version clients keep working.
 */
 const serverCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
 /**
@@ -2118,13 +2151,6 @@ defineConfig({
 		refreshTokenExpiry: field(z.string().default("30d"), { env: "FIRST_TREE_HUB_AUTH_REFRESH_TOKEN_EXPIRY" }),
 		connectTokenExpiry: field(z.string().default("10m"), { env: "FIRST_TREE_HUB_AUTH_CONNECT_TOKEN_EXPIRY" })
 	},
-	contextTreeSync: optional({
-		githubToken: field(z.string(), {
-			env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN",
-			secret: true
-		}),
-		githubTokenRepos: field(z.string().optional(), { env: "FIRST_TREE_HUB_CONTEXT_TREE_GITHUB_TOKEN_REPOS" })
-	}),
 	oauth: optional({ githubApp: optional({
 		appId: field(z.string().min(1), { env: "FIRST_TREE_HUB_GITHUB_APP_ID" }),
 		clientId: field(z.string().min(1), { env: "FIRST_TREE_HUB_GITHUB_APP_CLIENT_ID" }),
@@ -2380,15 +2406,6 @@ var FirstTreeHubSDK = class {
 			return false;
 		}
 	}
-	async pull(limit = 10) {
-		return { entries: await this.requestJson(`/api/v1/agent/inbox?limit=${limit}`) };
-	}
-	async ack(entryId) {
-		await this.requestVoid(`/api/v1/agent/inbox/${entryId}/ack`, { method: "POST" });
-	}
-	async renew(entryId) {
-		await this.requestVoid(`/api/v1/agent/inbox/${entryId}/renew`, { method: "POST" });
-	}
 	async sendMessage(chatId, data) {
 		return this.requestJson(`/api/v1/agent/chats/${chatId}/messages`, {
 			method: "POST",
@@ -2404,6 +2421,16 @@ var FirstTreeHubSDK = class {
 	async listChats(options) {
 		return this.requestJson(`/api/v1/agent/chats${this.queryString(options)}`);
 	}
+	/**
+	* Fetch full chat detail (topic + participant membership rows). Used by the
+	* runtime bootstrap path to assemble a chat-level identity block injected
+	* into CLAUDE.md / AGENTS.md so the agent knows the chat's topic and who
+	* else is in the room. Participant rows here lack name/displayName/type —
+	* call `listChatParticipants` for that.
+	*/
+	async getChatDetail(chatId) {
+		return this.requestJson(`/api/v1/agent/chats/${chatId}`);
+	}
 	async listMessages(chatId, options) {
 		return this.requestJson(`/api/v1/agent/chats/${chatId}/messages${this.queryString(options)}`);
 	}
@@ -2546,17 +2573,6 @@ const RECONNECT_MAX_MS = 3e4;
 const WS_CONNECT_TIMEOUT_MS = 1e4;
 const HEARTBEAT_INTERVAL_MS = 3e4;
 /**
-* Client-side opt-in for the WS inbox data plane. Gates BOTH the
-* `wireCapabilities.wsInboxDeliver` flag we declare on `client:register`
-* AND how we interpret the server's welcome capability — without this AND,
-* a future client kill-switch could land in a half-state where we tell the
-* server "no thanks" but still treat welcome's `wsInboxDeliver:true` as
-* authoritative and stop the 5s HTTP poll, leaving messages stuck if a
-* NOTIFY ever drops. Hard-coded `true` for now; flip to a config knob if
-* you need a runtime kill-switch.
-*/
-const WS_INBOX_DELIVER_OPT_IN = true;
-/**
 * Unified-user-token C5: reconnect PROACTIVELY this many ms before the JWT's
 * `exp` claim so the client rotates to a fresh JWT without ever hitting the
 * server-side `auth:expired` push. The provider's next `getAccessToken()` call
@@ -2616,15 +2632,6 @@ var ClientConnection = class extends EventEmitter {
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
 	welcomeFramesReceived = 0;
 	/**
-	* Whether the most recent `server:welcome` frame advertised
-	* `capabilities.wsInboxDeliver`. The runtime (AgentSlot) reads this
-	* (via {@link supportsWsInboxDeliver}) to decide whether to keep the
-	* legacy 5s HTTP poll or rely entirely on `inbox:deliver` push frames.
-	* Re-evaluated on every reconnect — the welcome frame is the source of
-	* truth, never assumed sticky across connections.
-	*/
-	wsInboxDeliverActive = false;
-	/**
 	* Last handshake error, stashed for the `close` handler to surface a typed
 	* reason (e.g. {@link ClientOrgMismatchError}) instead of a generic
 	* "closed before ready" when `connect()` is pending.
@@ -2637,11 +2644,11 @@ var ClientConnection = class extends EventEmitter {
 	desiredBindings = /* @__PURE__ */ new Map();
 	pendingBinds = /* @__PURE__ */ new Map();
 	/**
-	* In-flight image writes from recent `image_payload` frames. The server
-	* pushes `image_payload` immediately before firing the `new_message`
-	* notification, but WS message handlers run through EventEmitter (sync
-	* dispatch, no await), so the disk write can still race the HTTP poll
-	* that follows. Defer `new_message` emission until these settle.
+	* In-flight image writes from recent `image_payload` frames. `image_payload`
+	* arrives on the WS just before `inbox:deliver` for the same message, but
+	* the EventEmitter dispatch is sync — so without gating, the deliver
+	* handler can fire before the image bytes hit disk. Block `inbox:deliver`
+	* emission until these settle.
 	*/
 	pendingImageWrites = /* @__PURE__ */ new Set();
 	constructor(config) {
@@ -2662,24 +2669,21 @@ var ClientConnection = class extends EventEmitter {
 		return this.boundAgents;
 	}
 	/**
-	* True when the current connection's `server:welcome` advertised
-	* `capabilities.wsInboxDeliver` — meaning the server will push
-	* `inbox:deliver` frames and accept `inbox:ack` frames over this WS.
-	* Resets to false on every reconnect until the new welcome arrives.
-	*/
-	get supportsWsInboxDeliver() {
-		return this.wsInboxDeliverActive;
-	}
-	/**
-	* Ack a delivered inbox entry over the WS data plane. Replaces the legacy
-	* `sdk.ack()` HTTP call when the connection has negotiated
-	* `wsInboxDeliver`. Safe to call when the WS is closed — the frame is
-	* dropped silently and the entry will time out and re-deliver on
-	* reconnect, mirroring how the legacy timeout reaper handles HTTP
-	* ack-loss.
+	* Ack a delivered inbox entry over the WS data plane. Safe to call when the
+	* WS is closed — the frame is dropped (logged) and the entry will time out
+	* server-side and re-deliver on reconnect. The handler has by then already
+	* started processing, so reaper-driven redelivery surfaces as a duplicate
+	* dispatch on the next connect; SessionManager's dedupe key
+	* `(chatId, messageId)` collapses it.
 	*/
 	sendInboxAck(entryId) {
-		if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
+		if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+			this.wsLogger.warn({
+				entryId,
+				readyState: this.ws?.readyState
+			}, "inbox:ack dropped — socket not OPEN");
+			return;
+		}
 		this.ws.send(JSON.stringify({
 			type: "inbox:ack",
 			entryId
@@ -2836,7 +2840,6 @@ var ClientConnection = class extends EventEmitter {
 				this.clearAuthRefreshTimer();
 				const wasRegistered = this.registered;
 				this.registered = false;
-				this.wsInboxDeliverActive = false;
 				this.rejectAllPendingBinds("WebSocket closed");
 				if (!settled) {
 					this.wsLogger.warn({ code }, "closed before ready");
@@ -2872,8 +2875,7 @@ var ClientConnection = class extends EventEmitter {
 				clientId: this.clientId,
 				hostname: hostname(),
 				os: platform(),
-				sdkVersion: this.sdkVersion,
-				wireCapabilities: { wsInboxDeliver: WS_INBOX_DELIVER_OPT_IN }
+				sdkVersion: this.sdkVersion
 			}));
 			return;
 		}
@@ -2883,7 +2885,6 @@ var ClientConnection = class extends EventEmitter {
 				this.wsLogger.warn({ issues: parsed.error.issues.map((i) => i.message) }, "ignoring malformed server:welcome frame");
 				return;
 			}
-			this.wsInboxDeliverActive = parsed.data.capabilities?.wsInboxDeliver === true && WS_INBOX_DELIVER_OPT_IN;
 			const isReconnect = this.welcomeFramesReceived > 0;
 			this.welcomeFramesReceived++;
 			this.emit("server:welcome", {
@@ -3021,15 +3022,6 @@ var ClientConnection = class extends EventEmitter {
 			write.finally(() => this.pendingImageWrites.delete(write));
 			return;
 		}
-		if (type === "new_message") {
-			const inboxId = msg.inboxId;
-			if (!inboxId) return;
-			if (this.pendingImageWrites.size > 0) Promise.all([...this.pendingImageWrites]).finally(() => {
-				this.emit("agent:message", inboxId, msg);
-			});
-			else this.emit("agent:message", inboxId, msg);
-			return;
-		}
 		if (type === "inbox:deliver") {
 			const parsed = inboxDeliverFrameSchema.safeParse(msg);
 			if (!parsed.success) {
@@ -3332,7 +3324,7 @@ const FIRST_TREE_WORKSPACE_MARKER = ".first-tree-workspace";
 * and on resume().
 */
 function bootstrapWorkspace(options) {
-	const { workspacePath, identity, contextTreePath, serverUrl, chatId, briefing } = options;
+	const { workspacePath, identity, contextTreePath, serverUrl, chatId, chatContext, briefing } = options;
 	const agentDir = join(workspacePath, ".agent");
 	const contextDir = join(agentDir, "context");
 	if (existsSync(contextDir)) rmSync(contextDir, {
@@ -3348,7 +3340,8 @@ function bootstrapWorkspace(options) {
 		metadata: identity.metadata,
 		chatId,
 		serverUrl,
-		contextTreePath
+		contextTreePath,
+		...chatContext ? { chatContext } : {}
 	};
 	writeFileSync(join(agentDir, "identity.json"), JSON.stringify(identityData, null, 2), "utf-8");
 	if (contextTreePath) {
@@ -3440,22 +3433,51 @@ You are running inside **Agent Hub**, a messaging platform for agent teams.
 
 - Messages from other team members arrive as your prompt input. Each message has a
   \`[From: <agent-name>]\` header — that name is what you pass back to \`chat send\`.
-- **Your final text response is automatically delivered** to the chat — just respond normally.
+- **Your final response text is delivered to the chat for human observers to read.
+  It does NOT wake other agents.** To make another agent take action, use
+  \`first-tree-hub chat send <name>\` explicitly (see "Communication Rules" below).
 - **Stay silent when you have nothing to add.** Not every message needs a reply.
   If you have nothing new for the recipient, output nothing and the runtime ends the turn.
 - For **proactive communication** (other agents, other chats, or different format),
   use the \`first-tree-hub\` CLI below.
 
+## Communication Rules
+
+Your final response text is delivered to the chat for **human observers**
+to read. It does NOT wake other agents.
+
+To make another agent take action, you MUST explicitly call:
+
+    first-tree-hub chat send <name> "..."
+
+Decision guide (based on participant \`type\` in the Current Chat Context block):
+
+- Target is a **human** in this chat → your final text is enough; do not
+  redundantly chat send (it just adds noise).
+- Target is an **agent** in this chat → they will NOT see your final text
+  as a wake signal. You MUST chat send <name> if you need them to act.
+- No specific target (just narrating progress / thinking aloud) → final
+  text only; no send needed.
+
+**Fallback** (if Current Chat Context block is missing — context injection
+may have failed): use conservative mode — all cross-agent collaboration
+goes through explicit \`chat send\`; do not rely on final text to wake
+anyone.
+
 ## Sending Messages
 
 The CLI auto-reads its config from env — no setup needed.
 
 \`\`\`bash
-# Send to an agent by NAME (uuids are NOT accepted — run \`first-tree-hub agent list\` for names)
+# Send to an agent by NAME (uuids are NOT accepted — run \`first-tree-hub agent list\` for names).
+# Routing: the recipient MUST be a participant of your current chat — the message
+# lands in that chat. If they are NOT a member the call ERRORS with a hint. To open
+# a side-conversation with a non-member, use the --direct flag explicitly.
 first-tree-hub chat send <agentName> "your message"
 
-# Address a specific chat (only when not your current chat)
-first-tree-hub chat send --chat <chatId> "your message"
+# Open or reuse a direct chat with the recipient (bypass the member check).
+# Use only when intentionally starting a side conversation with a non-member.
+first-tree-hub chat send --direct <agentName> "your message"
 
 # Markdown format (default is text)
 first-tree-hub chat send <agentName> -f markdown "**bold**"
@@ -3467,6 +3489,17 @@ first-tree-hub chat send <agentName> --reply-to <messageId> "reply"
 echo "long body" | first-tree-hub chat send <agentName>
 \`\`\`
 
+**Reaching another agent — pick the right flag**:
+
+- **Same chat member** → \`chat send <agentName> "..."\` (no flag).
+- **Non-member** → \`chat send --direct <agentName> "..."\`. The CLI opens (or
+  reuses) the direct chat AND auto-mentions the recipient so they actually wake.
+
+The CLI **only addresses agents by name**. You cannot route by chat-id from
+this command, and \`@<name>\` in your content only resolves against the chat
+you are currently in — naming someone who is not a member is rejected so a
+silent-drop misroute is impossible.
+
 **Content rules (important):**
 
 - Pass content as a **raw string** — never \`JSON.stringify\` it first. Wrapping in
@@ -3476,6 +3509,74 @@ echo "long body" | first-tree-hub chat send <agentName>
   use **stdin** with real newlines, plus \`-f markdown\`.
 `;
 }
+/**
+* Build a narrow `ChatContext` snapshot for the current session.
+*
+* Calls the two existing agent-scoped endpoints in parallel:
+*   - `GET /agent/chats/:chatId`              — chat detail (topic)
+*   - `GET /agent/chats/:chatId/participants` — participant rows with names
+*
+* Throws on either HTTP failure so the caller (handler) can log + degrade
+* to the no-context path. The bootstrap branch then writes neither the
+* identity.json `chatContext` field nor the CLAUDE.md / AGENTS.md section.
+*/
+async function fetchChatContext(sdk, chatId, identity) {
+	const [detail, participants] = await Promise.all([sdk.getChatDetail(chatId), sdk.listChatParticipants(chatId)]);
+	const filteredParticipants = participants.filter((p) => p.name !== null && p.name.length > 0).map((p) => ({
+		name: p.name,
+		displayName: p.displayName,
+		type: p.type === "human" ? "human" : "agent"
+	}));
+	const selfOwner = resolveSelfOwner(identity, participants);
+	return {
+		chatId,
+		title: detail.title,
+		topic: detail.topic,
+		...selfOwner ? { selfOwner } : {},
+		participants: filteredParticipants
+	};
+}
+/**
+* For delegate agents (personal_assistant whose `delegateMention` points at
+* a chat participant) return `{name, displayName}` of the human owner; for
+* autonomous agents return `undefined`.
+*
+* `delegateMention` holds the OWNER'S `name` slug — see
+* web/.../identity-section.tsx ("delegate <AgentChip ...>").
+*/
+function resolveSelfOwner(identity, participants) {
+	if (identity.type !== "personal_assistant") return void 0;
+	if (!identity.delegateMention) return void 0;
+	const owner = participants.find((p) => p.name === identity.delegateMention && p.type === "human");
+	if (!owner || !owner.name) return void 0;
+	return {
+		name: owner.name,
+		displayName: owner.displayName
+	};
+}
+/**
+* Render the "Current Chat Context" markdown section that both Claude Code
+* (CLAUDE.md) and Codex (AGENTS.md) inject into the agent's prompt context.
+*
+* Shared so the two handlers never drift on field shape or wording. Returns
+* `null` when there's no context to render — caller skips the section.
+*
+* See proposals/hub-chat-message-v1-design §四 改造 3.
+*/
+function renderChatContextSection(chatContext) {
+	if (!chatContext) return null;
+	const lines = [];
+	lines.push("## Current Chat Context");
+	lines.push("");
+	lines.push(`- Chat ID: ${chatContext.chatId}`);
+	if (chatContext.title && chatContext.title.trim().length > 0) lines.push(`- Title: ${chatContext.title}`);
+	if (chatContext.topic && chatContext.topic.trim().length > 0 && chatContext.topic !== chatContext.title) lines.push(`- Topic: ${chatContext.topic}`);
+	if (chatContext.selfOwner) lines.push(`- Your owner: ${chatContext.selfOwner.displayName} (@${chatContext.selfOwner.name})`);
+	lines.push("- Participants:");
+	if (chatContext.participants.length === 0) lines.push("  - (none)");
+	else for (const p of chatContext.participants) lines.push(`  - @${p.name} (${p.displayName}, type=${p.type})`);
+	return `${lines.join("\n")}\n`;
+}
 function resolveGitRepoTargetPath(workspace, localPath) {
 	const safetyError = getRepoLocalPathSafetyError(localPath);
 	if (safetyError) throw new Error(`Unsafe git repo localPath "${localPath}": ${safetyError}`);
@@ -3997,6 +4098,7 @@ function createGitMirrorManager(opts) {
 					}, "worktree create conflict");
 					throw new GitMirrorWorktreeConflictError(`Worktree target "${absTarget}" is already occupied by ${classifyOccupant(absTarget)} — aborting (D13)`);
 				}
+				await gitOk(["worktree", "prune"], mirror, 1e4);
 				const pathExists = existsSync(absTarget);
 				const hasBranch = await branchExists(mirror, branchName);
 				mkdirSync(dirname(absTarget), { recursive: true });
@@ -4897,7 +4999,8 @@ const createClaudeCodeHandler = (config) => {
 			try {
 				await sessionCtx.sdk.sendMessage(sessionCtx.chatId, {
 					format: "question",
-					content: questionContent
+					content: questionContent,
+					purpose: "agent-final-text"
 				});
 			} catch (err) {
 				const reason = err instanceof Error ? err.message : String(err);
@@ -5167,16 +5270,45 @@ const createClaudeCodeHandler = (config) => {
 			}
 		}
 	}
-	/** Bootstrap workspace and generate CLAUDE.md. */
-	function runBootstrap(workspace, sessionCtx) {
+	/**
+	* Best-effort chat-context fetch for the identity-injection path. Failures
+	* are logged but never bubble — bootstrap continues with `undefined` and
+	* the agent simply loses the "Current Chat Context" block (graceful
+	* degradation; the Communication Rules in tools.md still tell it to fall
+	* back to conservative mode).
+	*/
+	async function fetchChatContextOrLog(sessionCtx) {
+		try {
+			return await fetchChatContext(sessionCtx.sdk, sessionCtx.chatId, sessionCtx.agent);
+		} catch (err) {
+			sessionCtx.log(`fetchChatContext failed: ${err instanceof Error ? err.message : String(err)}`);
+			return;
+		}
+	}
+	/**
+	* Refresh the workspace's identity.json + CLAUDE.md from the latest chat
+	* context. v1.7 fix: chat-context must NOT be frozen at first bootstrap.
+	* When new participants join later, every resume re-fetches and rewrites
+	* the "Current Chat Context" section so the agent sees the live roster.
+	* Skips the expensive `first-tree tree integrate` shell-out — that part
+	* stays sentinel-protected and runs only on a fresh bootstrap.
+	*/
+	function refreshIdentityAndPrompt(workspace, sessionCtx, chatContext) {
 		bootstrapWorkspace({
 			workspacePath: workspace,
 			identity: sessionCtx.agent,
 			contextTreePath,
 			serverUrl: sessionCtx.sdk.serverUrl,
-			chatId: sessionCtx.chatId
+			chatId: sessionCtx.chatId,
+			chatContext
 		});
-		generateClaudeMd(workspace, sessionCtx.agent, contextTreePath);
+		generateClaudeMd(workspace, sessionCtx.agent, contextTreePath, chatContext);
+	}
+	/** Full bootstrap: refresh identity/prompt + run the expensive
+	*  `first-tree tree integrate` shell-out. Used on `start()` and on
+	*  `resume()` when the stage-2 sentinel is missing. */
+	function runBootstrap(workspace, sessionCtx, chatContext) {
+		refreshIdentityAndPrompt(workspace, sessionCtx, chatContext);
 		if (contextTreePath) installFirstTreeIntegration({
 			workspacePath: workspace,
 			contextTreePath,
@@ -5190,7 +5322,8 @@ const createClaudeCodeHandler = (config) => {
 			ctx = sessionCtx;
 			claudeSessionId = randomUUID();
 			cwd = acquireWorkspace(workspaceRoot, sessionCtx.chatId);
-			runBootstrap(cwd, sessionCtx);
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			runBootstrap(cwd, sessionCtx, chatContext);
 			const payload = agentConfigCache?.get(sessionCtx.agent.agentId)?.payload;
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			markWorkspaceInitComplete(cwd);
@@ -5206,7 +5339,9 @@ const createClaudeCodeHandler = (config) => {
 			claudeSessionId = sessionId;
 			retryCount = 0;
 			cwd = acquireWorkspace(workspaceRoot, sessionCtx.chatId);
-			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) runBootstrap(cwd, sessionCtx);
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) runBootstrap(cwd, sessionCtx, chatContext);
+			else refreshIdentityAndPrompt(cwd, sessionCtx, chatContext);
 			const payload = agentConfigCache?.get(sessionCtx.agent.agentId)?.payload;
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			markWorkspaceInitComplete(cwd);
@@ -5299,12 +5434,14 @@ function isHubWorktreeMarker(path) {
 * `agent_configs.payload.prompt.append` and are passed to the Claude SDK via
 * `systemPrompt.append` — not through this file.
 */
-function generateClaudeMd(workspacePath, identity, contextTreePath) {
+function generateClaudeMd(workspacePath, identity, contextTreePath, chatContext) {
 	const sections = [];
 	const contextDir = join(workspacePath, ".agent", "context");
 	const name = identity.displayName ?? identity.agentId;
 	if (identity.type === "personal_assistant") sections.push(`# Agent Identity\n\nYou are ${name}, a personal assistant agent.\n`);
 	else sections.push(`# Agent Identity\n\nYou are ${name}, an autonomous agent.\n`);
+	const chatContextSection = renderChatContextSection(chatContext);
+	if (chatContextSection) sections.push(chatContextSection);
 	const agentInstructionsPath = join(contextDir, "agent-instructions.md");
 	if (existsSync(agentInstructionsPath)) {
 		const instructions = readFileSync(agentInstructionsPath, "utf-8");
@@ -5410,7 +5547,7 @@ const createCodexHandler = (config) => {
 		cfg.mcp_servers = mcpServers;
 		return cfg;
 	}
-	function buildAgentBriefing(payload) {
+	function buildAgentBriefing(payload, chatContext) {
 		const lines = [];
 		lines.push("# Agent Briefing");
 		lines.push("");
@@ -5418,11 +5555,28 @@ const createCodexHandler = (config) => {
 			lines.push(payload.prompt.append.trim());
 			lines.push("");
 		}
+		const chatContextSection = renderChatContextSection(chatContext);
+		if (chatContextSection) {
+			lines.push(chatContextSection.trimEnd());
+			lines.push("");
+		}
 		lines.push("Refer to `.agent/identity.json` for your agent identity, `.agent/tools.md` for the");
 		lines.push("first-tree-hub SDK reference, and `.agent/context/` for organisational context");
 		lines.push("(when configured).");
 		return lines.join("\n").concat("\n");
 	}
+	/**
+	* Best-effort chat-context fetch for the identity-injection path. Failures
+	* are logged but never bubble — bootstrap continues with `undefined`.
+	*/
+	async function fetchChatContextOrLog(sessionCtx) {
+		try {
+			return await fetchChatContext(sessionCtx.sdk, sessionCtx.chatId, sessionCtx.agent);
+		} catch (err) {
+			sessionCtx.log(`fetchChatContext failed: ${err instanceof Error ? err.message : String(err)}`);
+			return;
+		}
+	}
 	function toCodexInput(message, sessionCtx) {
 		return sessionCtx.formatInboundContent(message).then((text) => text);
 	}
@@ -5682,15 +5836,17 @@ const createCodexHandler = (config) => {
 				env: [],
 				gitRepos: []
 			};
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
 			bootstrapWorkspace({
 				workspacePath: cwd,
 				identity: sessionCtx.agent,
 				contextTreePath,
 				serverUrl: sessionCtx.sdk.serverUrl,
 				chatId: sessionCtx.chatId,
+				chatContext,
 				briefing: {
 					format: "agents-md",
-					content: buildAgentBriefing(payload)
+					content: buildAgentBriefing(payload, chatContext)
 				}
 			});
 			ensureFirstTreeBinding(cwd, sessionCtx);
@@ -5719,20 +5875,20 @@ const createCodexHandler = (config) => {
 				env: [],
 				gitRepos: []
 			};
-			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) {
-				bootstrapWorkspace({
-					workspacePath: cwd,
-					identity: sessionCtx.agent,
-					contextTreePath,
-					serverUrl: sessionCtx.sdk.serverUrl,
-					chatId: sessionCtx.chatId,
-					briefing: {
-						format: "agents-md",
-						content: buildAgentBriefing(payload)
-					}
-				});
-				ensureFirstTreeBinding(cwd, sessionCtx);
-			}
+			const chatContext = await fetchChatContextOrLog(sessionCtx);
+			bootstrapWorkspace({
+				workspacePath: cwd,
+				identity: sessionCtx.agent,
+				contextTreePath,
+				serverUrl: sessionCtx.sdk.serverUrl,
+				chatId: sessionCtx.chatId,
+				chatContext,
+				briefing: {
+					format: "agents-md",
+					content: buildAgentBriefing(payload, chatContext)
+				}
+			});
+			if (!existsSync(join(cwd, INIT_COMPLETE_SENTINEL_REL))) ensureFirstTreeBinding(cwd, sessionCtx);
 			await prepareGitWorktrees(payload, cwd, sessionCtx);
 			markWorkspaceInitComplete(cwd);
 			codex = new Codex({
@@ -6048,17 +6204,10 @@ var Deduplicator = class {
 	}
 };
 function createResultSink(deps) {
-	async function buildMetadata(trigger) {
+	async function buildMetadata() {
 		const metadata = {};
 		const documentBasePath = await deps.getDocumentBasePath?.();
 		if (documentBasePath) metadata.documentContext = documentContextSchema.parse({ basePath: documentBasePath });
-		if (trigger && trigger.senderId !== deps.agent.agentId) {
-			const participants = await deps.participants.get();
-			if (participants.length <= 2) {
-				const peer = participants.find((p) => p.agentId === trigger.senderId);
-				if (!peer || peer.mode === "mention_only") metadata.mentions = [trigger.senderId];
-			} else metadata.mentions = [trigger.senderId];
-		}
 		return Object.keys(metadata).length > 0 ? metadata : void 0;
 	}
 	return async function forwardResult(text) {
@@ -6069,10 +6218,11 @@ function createResultSink(deps) {
 		}
 		const trigger = deps.getTrigger();
 		deps.clearTrigger();
-		const metadata = await buildMetadata(trigger);
+		const metadata = await buildMetadata();
 		await deps.sdk.sendMessage(deps.chatId, {
 			format: "text",
 			content: text,
+			purpose: "agent-final-text",
 			...trigger ? { inReplyTo: trigger.messageId } : {},
 			...metadata ? { metadata } : {}
 		});
@@ -6617,18 +6767,13 @@ var SessionManager = class {
 		this.config.onStateChange(chatId, state);
 	}
 	/**
-	* ACK an inbox entry — delayed until handler starts processing.
-	*
-	* Routes through `config.ackEntry` when set (WS push path) or falls back to
-	* `sdk.ack` (HTTP poll path). One ack per entry, one channel per slot —
-	* mixing channels in one slot would leak the server's per-agent in-flight
-	* counter (proposal hub-inbox-ws-data-plane §3.5).
+	* ACK an inbox entry — delayed until handler starts processing. Routes
+	* through `config.ackEntry`, which is wired to the WS data plane.
 	*/
 	async ackEntry(entryId, chatId) {
 		if (entryId === void 0) return;
 		try {
-			if (this.config.ackEntry) await this.config.ackEntry(entryId);
-			else await this.config.sdk.ack(entryId);
+			await this.config.ackEntry(entryId);
 		} catch {
 			this.config.log.warn({
 				chatId,
@@ -6649,7 +6794,6 @@ var SessionManager = class {
 				this.currentTrigger.delete(chatId);
 			},
 			log,
-			participants,
 			getDocumentBasePath: () => this.resolveDocumentBasePath(log)
 		});
 		const envCtx = {
@@ -6782,9 +6926,7 @@ var AgentSlot = class {
 	sessionManager = null;
 	config;
 	logger;
-	sdk = null;
 	agentConfigCache = null;
-	pollingTimer = null;
 	reconcileTimer = null;
 	listeners = [];
 	/**
@@ -6822,7 +6964,6 @@ var AgentSlot = class {
 	}
 	async start(contextTreeBinding) {
 		const sdk = (await this.clientConnection.bindAgent(this.config.agentId, this.config.runtimeType ?? this.config.type, this.config.runtimeVersion)).sdk;
-		this.sdk = sdk;
 		const agent = await sdk.register();
 		this.logger.info({ displayName: agent.displayName }, "agent bound");
 		if (agent.type === "human") {
@@ -6842,9 +6983,6 @@ var AgentSlot = class {
 			throw new Error(`Hub unreachable while loading agent config: ${msg}`);
 		}
 		this.inboxId = agent.inboxId;
-		const onMessage = (agentId) => {
-			if (agentId === this.config.agentId) this.pullAndDispatch();
-		};
 		const onInboxDeliver = (inboxId, frame) => {
 			if (inboxId !== this.inboxId) return;
 			this.dispatchPushedFrame(frame).catch((err) => {
@@ -6863,14 +7001,10 @@ var AgentSlot = class {
 		const onReconcileResult = (result) => {
 			if (result.agentId === this.config.agentId && this.sessionManager) this.sessionManager.applyStaleChatIds(result.staleChatIds);
 		};
-		this.clientConnection.on("agent:message", onMessage);
 		this.clientConnection.on("inbox:deliver", onInboxDeliver);
 		this.clientConnection.on("agent:bound", onBound);
 		this.clientConnection.on("session:reconcile:result", onReconcileResult);
 		this.listeners.push({
-			event: "agent:message",
-			fn: onMessage
-		}, {
 			event: "inbox:deliver",
 			fn: onInboxDeliver
 		}, {
@@ -6888,10 +7022,10 @@ var AgentSlot = class {
 				agentId: this.config.agentId
 			})
 		});
-		const ackEntry = this.clientConnection.supportsWsInboxDeliver ? (entryId) => {
+		const ackEntry = (entryId) => {
 			this.clientConnection.sendInboxAck(entryId);
 			return Promise.resolve();
-		} : void 0;
+		};
 		this.sessionManager = new SessionManager({
 			session: this.config.session,
 			concurrency: this.config.concurrency,
@@ -6934,24 +7068,15 @@ var AgentSlot = class {
 			event: "session:command",
 			fn: onCommand
 		});
-		this.startPolling();
 		this.startReconcileLoop();
 		return agent;
 	}
 	async stop() {
-		if (this.pollingTimer) {
-			clearInterval(this.pollingTimer);
-			this.pollingTimer = null;
-		}
 		if (this.reconcileTimer) {
 			clearInterval(this.reconcileTimer);
 			this.reconcileTimer = null;
 		}
-		for (const entry of this.listeners) if (entry.event === "agent:message") this.clientConnection.off(entry.event, entry.fn);
-		else if (entry.event === "inbox:deliver") this.clientConnection.off(entry.event, entry.fn);
-		else if (entry.event === "agent:bound") this.clientConnection.off(entry.event, entry.fn);
-		else if (entry.event === "session:reconcile:result") this.clientConnection.off(entry.event, entry.fn);
-		else this.clientConnection.off(entry.event, entry.fn);
+		for (const entry of this.listeners) this.clientConnection.off(entry.event, entry.fn);
 		this.listeners = [];
 		await this.clientConnection.unbindAgent(this.config.agentId);
 		await this.sessionManager?.shutdown();
@@ -6972,31 +7097,18 @@ var AgentSlot = class {
 		const runtimeState = this.sessionManager.getAggregateRuntimeState();
 		if (runtimeState) this.clientConnection.reportRuntimeState(this.config.agentId, runtimeState);
 	}
-	startPolling() {
-		if (this.clientConnection.supportsWsInboxDeliver) {
-			this.logger.info("WS inbox data plane active — skipping 5s HTTP poll");
-			return;
-		}
-		this.pollingTimer = setInterval(() => {
-			this.pullAndDispatch();
-		}, 5e3);
-		this.pullAndDispatch();
-	}
 	/**
 	* Translate an `inbox:deliver` push frame into the {@link InboxEntryWithMessage}
 	* shape `SessionManager.dispatch` expects, then dispatch.
 	*
 	* Ack happens INSIDE `dispatch` via the `ackEntry` callback we pinned at
-	* construction time — for push slots that's `clientConnection.sendInboxAck`,
-	* for poll slots it stays the legacy `sdk.ack`. Sending an additional ack
-	* here would double-ack: HTTP first (`delivered → acked`) followed by a
-	* WS frame the server can no longer match against any `delivered` row,
-	* which leaks the server's per-agent in-flight counter and stalls push
-	* after `inboxMaxInFlightPerAgent` messages.
+	* construction time — `clientConnection.sendInboxAck`. Sending an additional
+	* ack here would double-ack: a WS frame the server cannot match against any
+	* `delivered` row, which leaks the server's per-agent in-flight counter and
+	* stalls push after `inboxMaxInFlightPerAgent` messages.
 	*
 	* Dispatch errors propagate up; the entry stays `delivered` server-side
-	* and the 300s timeout reaper rolls it back to `pending` for replay
-	* (proposal §3.7).
+	* and the 300s timeout reaper rolls it back to `pending` for replay.
 	*/
 	async dispatchPushedFrame(frame) {
 		if (!this.sessionManager) return;
@@ -7024,15 +7136,6 @@ var AgentSlot = class {
 		if (chatIds.length === 0) return;
 		this.clientConnection.sendSessionReconcile(this.config.agentId, chatIds);
 	}
-	async pullAndDispatch() {
-		if (!this.sdk || !this.sessionManager) return;
-		try {
-			const { entries } = await this.sdk.pull(10);
-			for (const entry of entries) await this.sessionManager.dispatch(entry);
-		} catch (err) {
-			this.logger.warn({ err }, "poll error");
-		}
-	}
 };
 /**
 * Top-level marker file Claude Code writes after a successful OAuth login.
@@ -9587,7 +9690,7 @@ function formatCheckReport(items) {
 	}
 	return lines.join("\n");
 }
-async function resolveDefaultOrgId$1(serverUrl, accessToken) {
+async function resolveDefaultOrgId(serverUrl, accessToken) {
 	const res = await cliFetch(`${serverUrl}/api/v1/me`, {
 		headers: { Authorization: `Bearer ${accessToken}` },
 		signal: AbortSignal.timeout(1e4)
@@ -9622,7 +9725,7 @@ async function onboardCreate(args) {
 	if (args.role) metadata.role = args.role;
 	if (args.domains) metadata.domains = args.domains.split(",").map((d) => d.trim());
 	print.line(`Creating agent "${args.id}"...\n`);
-	const orgId = await resolveDefaultOrgId$1(serverUrl, accessToken);
+	const orgId = await resolveDefaultOrgId(serverUrl, accessToken);
 	const primary = await createAgentViaAdmin(serverUrl, accessToken, orgId, {
 		name: args.id,
 		type: args.type,
@@ -9659,7 +9762,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-BGx71p5s.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-DHSy6WDD.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -10872,7 +10975,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-BcZq1C1l.mjs
+//#region ../server/dist/app-z2-jRXbZ.mjs
 var import_fastify_opentelemetry = /* @__PURE__ */ __toESM(require_fastify_opentelemetry(), 1);
 init_esm();
 var __defProp = Object.defineProperty;
@@ -10885,17 +10988,6 @@ var __exportAll = (all, no_symbols) => {
 	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
-/** Maps external user identities to internal Agents. */
-const adapterAgentMappings = pgTable("adapter_agent_mappings", {
-	id: serial("id").primaryKey(),
-	platform: text("platform").notNull(),
-	externalUserId: text("external_user_id").notNull(),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	boundVia: text("bound_via"),
-	displayName: text("display_name"),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [unique("uq_adapter_agent_mapping").on(table.platform, table.externalUserId)]);
 /**
 * Pull the JWT-verified `UserScope` off the request. The `userAuthHook`
 * middleware populates `request.user` synchronously before any handler
@@ -10956,10 +11048,23 @@ async function requireAgentAccess(request, db, kind) {
 	};
 }
 /**
-* Gate access to a chat. Allowed if the caller's HUMAN agent is a
-* participant, OR any agent the caller manages (via members.id) is a
-* participant. Admin role does NOT auto-grant chat access — chat content
-* remains private to participants and supervisors (their managers).
+* Gate access to a chat. Allowed if the caller's HUMAN agent has any
+* `chat_membership` row (speaker OR watcher), OR any agent the caller
+* manages (via members.id) is a speaker. Admin role does NOT auto-grant
+* chat access — chat content remains private to members and supervisors
+* (their managers).
+*
+* Watchers are allowed on the direct-membership branch because they
+* surface in `listMeChats` with their own unread badge and engagement
+* state; chat-scoped per-user operations like read-cursor and
+* watcher→speaker upgrade must be reachable from that surface. Write
+* endpoints that need to refuse watchers rely on `ensureParticipant`
+* or service-layer checks, not on this guard.
+*
+* The supervisor branch is a fallback for callers whose human agent
+* has no direct row but who manage a speaker — e.g. before
+* `recomputeChatWatchers` has materialised the watcher row, or when a
+* member's human agent and managed agent diverge in cross-org chats.
 *
 * The Params type is generic so routes that mount on a path with extra
 * params (e.g. `/agents/:uuid/sessions/:chatId/...` for compound checks)
@@ -10979,7 +11084,7 @@ async function requireChatAccess(request, db) {
 		role: caller.role,
 		humanAgentId: caller.humanAgentId
 	};
-	const [direct] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, caller.humanAgentId), eq(chatMembership.accessMode, "speaker"))).limit(1);
+	const [direct] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, caller.humanAgentId))).limit(1);
 	if (direct) {
 		stampOrgScope(request, scope);
 		stampChatResource(request, chat);
@@ -11068,16 +11173,6 @@ async function adapterMappingRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-/** Bot credentials for external platform adapters. Credentials are encrypted at application layer (AES-256-GCM). */
-const adapterConfigs = pgTable("adapter_configs", {
-	id: serial("id").primaryKey(),
-	platform: text("platform").notNull(),
-	agentId: text("agent_id").notNull().references(() => agents.uuid),
-	credentials: jsonb("credentials").$type().notNull(),
-	status: text("status").notNull().default("active"),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-}, (t) => [unique("uq_adapter_configs_agent_platform").on(t.agentId, t.platform)]);
 const ALGORITHM = "aes-256-gcm";
 const IV_LENGTH = 12;
 const AUTH_TAG_LENGTH = 16;
@@ -11346,7 +11441,7 @@ async function agentChatRoutes(app) {
 	app.get("/:chatId", async (request) => {
 		const identity = requireAgent(request);
 		await assertParticipant(app.db, request.params.chatId, identity.uuid);
-		const detail = await getChatDetail(app.db, request.params.chatId);
+		const detail = await getChatDetail(app.db, request.params.chatId, identity.uuid);
 		return {
 			...serializeChat(detail),
 			participants: detail.participants.map((p) => ({
@@ -11411,710 +11506,124 @@ async function agentConfigRoutes$1(app) {
 		return await app.configService.getDecrypted(identity.uuid);
 	});
 }
-/**
-* Per-agent runtime configuration (Hub-managed; not the local YAML config).
-*
-* One row per agent. `version` increments on every successful UPDATE
-* (optimistic locking via WHERE version = :expected). Sensitive env values
-* inside `payload.env[*]` are AES-256-GCM encrypted at write time and
-* masked when echoed via the Admin API (see Step 2).
-*
-* Integrity is enforced by the service layer per project convention:
-* no FK / CHECK / triggers on this table.
-*/
-const agentConfigs = pgTable("agent_configs", {
-	agentId: text("agent_id").primaryKey(),
-	version: integer("version").notNull().default(1),
-	payload: jsonb("payload").$type().notNull(),
-	updatedBy: text("updated_by").notNull(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
-/**
-* Resolve the UUID of the "default" organization. Internal use only —
-* webhooks, fallbacks, etc. The HTTP API layer no longer falls back to
-* the JWT default org.
-*/
-async function resolveDefaultOrgId(db) {
-	const [org] = await db.select({ id: organizations.id }).from(organizations).where(eq(organizations.name, "default")).limit(1);
-	if (!org) throw new Error("Default organization not found. Ensure the server has started and ensureDefaultOrganization() ran.");
-	return org.id;
-}
-async function getOrganization(db, id) {
-	const [org] = await db.select().from(organizations).where(eq(organizations.id, id)).limit(1);
-	if (!org) throw new NotFoundError(`Organization "${id}" not found`);
-	return org;
-}
-async function updateOrganization(db, id, data) {
-	const updates = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.name !== void 0) updates.name = data.name;
-	if (data.displayName !== void 0) updates.displayName = data.displayName;
-	if (data.maxAgents !== void 0) updates.maxAgents = data.maxAgents;
-	if (data.maxMessagesPerMinute !== void 0) updates.maxMessagesPerMinute = data.maxMessagesPerMinute;
-	if (data.features !== void 0) updates.features = data.features;
-	try {
-		const [org] = await db.update(organizations).set(updates).where(eq(organizations.id, id)).returning();
-		if (!org) throw new NotFoundError(`Organization "${id}" not found`);
-		return org;
-	} catch (err) {
-		if ((err?.code ?? err?.cause?.code ?? "") === "23505") throw new ConflictError(`Organization name "${data.name}" is already taken`);
-		throw err;
-	}
-}
-/**
-* Ensure the default organization exists. Called on server startup.
-* Uses a fixed UUID for the default org to ensure idempotency.
-*/
-async function ensureDefaultOrganization(db) {
-	const [existing] = await db.select({ id: organizations.id }).from(organizations).where(eq(organizations.name, "default")).limit(1);
-	if (existing) return existing;
-	const id = uuidv7();
-	const [org] = await db.insert(organizations).values({
-		id,
-		name: "default",
-		displayName: "Default Organization"
-	}).onConflictDoNothing().returning();
-	return org ?? existing;
+const log$5 = createLogger$1("AgentFeishuBot");
+async function agentFeishuBotRoutes(app) {
+	/**
+	* PUT /agent/me/feishu-bot
+	* Self-service: agent binds its own Feishu bot (upsert).
+	*/
+	app.put("/me/feishu-bot", async (request, reply) => {
+		const identity = requireAgent(request);
+		const body = selfServiceFeishuBotSchema.parse(request.body);
+		if ((await getAgent(app.db, identity.uuid)).type === "human") throw new BadRequestError("Human agents cannot bind Feishu bots. Use bind-user instead.");
+		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
+		let config;
+		if (current) config = await updateAdapterConfig(app.db, current.id, {
+			credentials: {
+				app_id: body.appId,
+				app_secret: body.appSecret
+			},
+			status: "active"
+		}, app.config.secrets.encryptionKey);
+		else config = await createAdapterConfig(app.db, {
+			platform: "feishu",
+			agentId: identity.uuid,
+			credentials: {
+				app_id: body.appId,
+				app_secret: body.appSecret
+			},
+			status: "active"
+		}, app.config.secrets.encryptionKey);
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service bind"));
+		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
+		return reply.status(current ? 200 : 201).send({
+			...config,
+			createdAt: config.createdAt.toISOString(),
+			updatedAt: config.updatedAt.toISOString()
+		});
+	});
+	/**
+	* DELETE /agent/me/feishu-bot
+	* Self-service: agent unbinds its own Feishu bot.
+	*/
+	app.delete("/me/feishu-bot", async (request, reply) => {
+		const identity = requireAgent(request);
+		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
+		if (!current) return reply.status(204).send();
+		await deleteAdapterConfig(app.db, current.id);
+		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service unbind"));
+		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
+		return reply.status(204).send();
+	});
 }
 /**
-* Names beginning with `__` are reserved for Hub-internal pseudo agents.
-* User-facing creation must not be able to squat on them, otherwise
-* internal traffic could be routed through a real account.
+* Maps internal Chats to external IM platform channels.
+* NOTE: The unique constraint uses COALESCE(thread_id, '') which cannot be
+* expressed in Drizzle ORM. It is defined in the migration SQL directly as:
+*   CREATE UNIQUE INDEX uq_adapter_chat_mapping ON adapter_chat_mappings
+*     (platform, external_channel_id, COALESCE(thread_id, ''));
 */
-const RESERVED_AGENT_NAME_PREFIX = "__";
+const adapterChatMappings = pgTable("adapter_chat_mappings", {
+	id: serial("id").primaryKey(),
+	platform: text("platform").notNull(),
+	externalChannelId: text("external_channel_id").notNull(),
+	chatId: text("chat_id").notNull().references(() => chats.id),
+	threadId: text("thread_id"),
+	metadata: jsonb("metadata").$type().notNull().default({}),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+});
+/** Cross-reference between internal messages and external platform message IDs. */
+const adapterMessageReferences = pgTable("adapter_message_references", {
+	id: serial("id").primaryKey(),
+	messageId: text("message_id").notNull().references(() => messages.id),
+	platform: text("platform").notNull(),
+	externalMessageId: text("external_message_id").notNull(),
+	externalChannelId: text("external_channel_id").notNull(),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
+}, (table) => [unique("uq_adapter_message_ref").on(table.messageId, table.platform)]);
 /**
-* Derive the relative URL clients should use to fetch a manager-uploaded
-* avatar image. Returns `null` when no image is set. Embeds the upload
-* timestamp as `?v=<epoch>` so a fresh upload busts any browser cache
-* that may have memoised the previous version.
-*
-* Auth: the image route is intentionally public read — the URL leaks no
-* more than the agent's UUID, which is already required to address it.
-* Keeping it unauthenticated lets `<img src>` render without bespoke
-* fetch-and-blob plumbing.
+* Attempt to claim an event for processing.
+* Returns true if this is the first time the event is seen, false if duplicate.
 */
-function agentAvatarImageUrl(uuid, updatedAt) {
-	if (!updatedAt) return null;
-	return `/api/v1/agents/${uuid}/avatar?v=${updatedAt.getTime()}`;
+async function claimEvent(db, eventId, platform) {
+	return (await db.execute(sql`INSERT INTO processed_events (event_id, platform) VALUES (${eventId}, ${platform}) ON CONFLICT DO NOTHING RETURNING event_id`)).length > 0;
 }
 /**
-* True iff `clients.metadata.capabilities` is a non-empty object — i.e. the
-* client has reported at least one runtime probe result. Used to distinguish
-* "we don't know what's installed yet" (empty / never reported) from
-* "client explicitly reports this provider is missing".
+* Remove a claimed event so it can be retried on next delivery.
+* Called when processing fails after claimEvent() succeeded.
 */
-function clientCapabilitiesReported(metadata) {
-	if (!metadata || typeof metadata !== "object") return false;
-	const caps = metadata.capabilities;
-	if (!caps || typeof caps !== "object") return false;
-	return Object.keys(caps).length > 0;
+async function unclaimEvent(db, eventId, platform) {
+	await db.execute(sql`DELETE FROM processed_events WHERE event_id = ${eventId} AND platform = ${platform}`);
 }
-/**
-* Inspect a `clients.metadata.capabilities` blob (jsonb) for a specific
-* runtime provider entry. Capabilities live under the `metadata.capabilities`
-* subkey (Option C); the column is unstructured at the DB layer, so we
-* defensively narrow before key access.
-*
-* "Supports" requires the entry's SDK to be **available** — `state: "ok"` or
-* `state: "unauthenticated"`. A `missing` or `error` entry is *reported* but
-* not usable, so we explicitly reject those rather than treating mere key
-* presence as support. Auth state is left to the user to fix at runtime
-* (the re-bind dialog surfaces an `unauthenticated` hint).
-*/
-function clientSupportsRuntimeProvider(metadata, provider) {
-	if (!metadata || typeof metadata !== "object") return false;
-	const caps = metadata.capabilities;
-	if (!caps || typeof caps !== "object") return false;
-	const entry = caps[provider];
-	if (!entry || typeof entry !== "object") return false;
-	return entry.available === true;
-}
-/** Default visibility per agent type. */
-function defaultVisibility(type) {
-	switch (type) {
-		case "human":
-		case "autonomous_agent": return AGENT_VISIBILITY.ORGANIZATION;
-		case "personal_assistant": return AGENT_VISIBILITY.PRIVATE;
-		default: return AGENT_VISIBILITY.PRIVATE;
+/** Look up the internal agent ID for an external user. */
+async function findAgentByExternalUser(db, platform, externalUserId) {
+	const [row] = await db.select({
+		agentId: adapterAgentMappings.agentId,
+		displayName: adapterAgentMappings.displayName
+	}).from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, platform), eq(adapterAgentMappings.externalUserId, externalUserId))).limit(1);
+	return row ?? null;
+}
+/** Look up the external user ID for an internal agent. */
+async function findExternalUserByAgent(db, platform, agentId) {
+	const [row] = await db.select({ externalUserId: adapterAgentMappings.externalUserId }).from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, platform), eq(adapterAgentMappings.agentId, agentId))).limit(1);
+	return row ?? null;
+}
+/** Create an agent mapping. */
+async function createAgentMapping(db, data) {
+	const [row] = await db.insert(adapterAgentMappings).values({
+		platform: data.platform,
+		externalUserId: data.externalUserId,
+		agentId: data.agentId,
+		boundVia: data.boundVia ?? null,
+		displayName: data.displayName ?? null,
+		metadata: data.metadata ?? {}
+	}).onConflictDoNothing().returning();
+	if (!row) {
+		const [existing] = await db.select().from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, data.platform), eq(adapterAgentMappings.externalUserId, data.externalUserId))).limit(1);
+		if (!existing) throw new Error("Unexpected: concurrent insert failed and row not found");
+		return existing;
 	}
-}
-/**
-* Resolve + validate the client that will own the new agent.
-*
-* Rule (unified-user-token, post-first-bind relaxation):
-*   - Human agents represent the member themselves and have no runtime; a
-*     missing `clientId` is required and the column stays NULL.
-*   - Non-human agents MAY omit `clientId` at creation; the row stays NULL
-*     and is claimed on the first WS bind (see `api/agent/ws-client.ts`).
-*   - When a non-human agent IS created with a `clientId`, the pinned client
-*     must already be owned by the manager's user (Rule R-RUN).
-*/
-/**
-* Check that a client's reported capabilities show the given runtime provider
-* as **available** (SDK installed, regardless of auth state).
-*
-* Tri-state semantics by `clients.metadata.capabilities` shape:
-*   - empty / absent — client hasn't probed yet (newly registered or pre-P2
-*     install). Treat as "unknown" and allow; the in-band repair path
-*     (RUNTIME_PROVIDER_MISMATCH on bind) catches actual incompatibility.
-*   - reported, entry shows `state: ok | unauthenticated` (i.e. `available:
-*     true`) — allow.
-*   - reported, entry missing OR `state: missing | error` — block unless
-*     `force` is set. We deliberately do NOT treat mere key presence as
-*     support: probeCapabilities() always emits an entry per built-in
-*     provider, including `{ state: "missing" }` for absent SDKs.
-*
-* Skipped entirely for human agents (no clientId) and when `force` is set
-* (e.g. operator overrides for an offline client).
-*/
-async function ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, options = {}) {
-	if (clientId === null) return;
-	if (options.force) return;
-	const [client] = await db.select({ metadata: clients.metadata }).from(clients).where(eq(clients.id, clientId)).limit(1);
-	if (!client) return;
-	if (!clientCapabilitiesReported(client.metadata)) return;
-	if (!clientSupportsRuntimeProvider(client.metadata, runtimeProvider)) throw new BadRequestError(`Client "${clientId}" does not have runtime provider "${runtimeProvider}" available. Install the matching SDK on that machine and re-run capability detection, or retry with \`force: true\` if the client is offline / capabilities are stale.`);
-}
-async function resolveAgentClient(db, data) {
-	if (data.type === "human") {
-		if (data.clientId) throw new BadRequestError("Human agents cannot be pinned to a client");
-		return null;
-	}
-	if (!data.clientId) return null;
-	const [manager] = await db.select({ userId: members.userId }).from(members).where(eq(members.id, data.managerId)).limit(1);
-	if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-	const [client] = await db.select({
-		id: clients.id,
-		userId: clients.userId
-	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
-	if (!client) throw new BadRequestError(`Client "${data.clientId}" not found`);
-	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub connect <token>\` on that machine before pinning an agent to it.`);
-	if (client.userId !== manager.userId) throw new ForbiddenError(`Client "${data.clientId}" is not owned by the manager's user — pick a client belonging to that user.`);
-	return client.id;
-}
-/**
-* Validate a `delegateMention` write at the service layer. Two checks:
-*   1. Target uuid must resolve to an existing agent — dangling references
-*      would silently break webhook delegation at runtime.
-*   2. Target must belong to the same organization as the source agent —
-*      cross-org delegate links are rejected here at the source so the
-*      database never accumulates dirty rows. The webhook router has a
-*      defense-in-depth check that filters them at fan-out time, but this
-*      keeps the data clean and gives the admin UI an immediate 422 instead
-*      of a silent runtime drop.
-*
-* `null` clears the field — handled by the caller; we are only invoked when
-* the caller wrote a non-null uuid.
-*/
-async function validateDelegateMentionTarget(db, targetUuid, sourceOrgId) {
-	const [target] = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId
-	}).from(agents).where(eq(agents.uuid, targetUuid)).limit(1);
-	if (!target) throw new BadRequestError(`delegateMention target "${targetUuid}" not found`);
-	if (target.organizationId !== sourceOrgId) throw new BadRequestError("delegateMention target must belong to the same organization as the agent");
-}
-/**
-* Service-layer guard: `delegateMention` is only available for `human` agents.
-* Mirrors the Web UI in `identity-section.tsx`, which only renders the
-* delegate-mention selector when `agent.type === "human"`. Without this
-* server-side check, CLI / Admin API / internal scripts could write
-* delegateMention onto non-human rows, silently re-enabling the
-* autonomous-agent-self-mention path that resolveAudience would then fan
-* out. Called from `createAgent` / `updateAgent` before
-* `validateDelegateMentionTarget` so a wrong source type fails fast without
-* the target lookup round-trip.
-*/
-function assertDelegateMentionAllowed(sourceType) {
-	if (sourceType !== AGENT_TYPES.HUMAN) throw new BadRequestError("delegateMention can only be set on human agents");
-}
-/**
-* Pick the first admin member in the org for internal system agents. Throws
-* if the org has no admin — the caller should surface the error so an admin
-* is created before the system tries to register more agents.
-*/
-async function resolveFallbackManagerId(db, orgId) {
-	const [row] = await db.select({ id: members.id }).from(members).where(and(eq(members.organizationId, orgId), eq(members.role, "admin"))).orderBy(members.createdAt).limit(1);
-	if (!row) throw new BadRequestError(`Cannot create agent in organization "${orgId}" — no admin member exists. Create an admin member first (see \`first-tree-hub onboard\`).`);
-	return row.id;
-}
-async function createAgent(db, data, options = {}) {
-	const uuid = uuidv7();
-	const name = data.name ?? null;
-	const runtimeProvider = data.runtimeProvider ?? "claude-code";
-	if (name?.startsWith(RESERVED_AGENT_NAME_PREFIX)) throw new BadRequestError(`Agent name "${name}" is reserved — names starting with "${RESERVED_AGENT_NAME_PREFIX}" are Hub-internal`);
-	if (name && isReservedAgentName$1(name)) throw new BadRequestError(`Agent name "${name}" is reserved — pick a different one.`);
-	const inboxId = `inbox_${uuid}`;
-	let orgId;
-	let managerId;
-	if (data.managerId && data.organizationId) {
-		orgId = data.organizationId;
-		managerId = data.managerId;
-	} else if (data.managerId) {
-		const [manager] = await db.select({
-			id: members.id,
-			organizationId: members.organizationId
-		}).from(members).where(eq(members.id, data.managerId)).limit(1);
-		if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-		orgId = manager.organizationId;
-		managerId = manager.id;
-	} else {
-		orgId = data.organizationId ?? await resolveDefaultOrgId(db);
-		managerId = await resolveFallbackManagerId(db, orgId);
-	}
-	const clientId = await resolveAgentClient(db, {
-		clientId: data.clientId,
-		managerId,
-		type: data.type
-	});
-	await ensureClientSupportsRuntimeProvider(db, clientId, runtimeProvider, { force: options.force });
-	if (data.delegateMention) {
-		assertDelegateMentionAllowed(data.type);
-		await validateDelegateMentionTarget(db, data.delegateMention, orgId);
-	}
-	const [org] = await db.select({ maxAgents: organizations.maxAgents }).from(organizations).where(eq(organizations.id, orgId)).limit(1);
-	if (org && org.maxAgents > 0) {
-		if (((await db.select({ value: count() }).from(agents).where(and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED))))[0]?.value ?? 0) >= org.maxAgents) throw new ForbiddenError(`Organization "${orgId}" has reached its agent limit (${org.maxAgents}). Upgrade your plan or delete unused agents.`);
-	}
-	const resolvedDisplayName = data.displayName?.trim() || name || "Unnamed Agent";
-	try {
-		return await db.transaction(async (tx) => {
-			const [row] = await tx.insert(agents).values({
-				uuid,
-				name,
-				organizationId: orgId,
-				type: data.type,
-				displayName: resolvedDisplayName,
-				delegateMention: data.delegateMention ?? null,
-				inboxId,
-				source: data.source ?? null,
-				visibility: data.visibility ?? defaultVisibility(data.type),
-				metadata: data.metadata ?? {},
-				managerId,
-				clientId,
-				runtimeProvider
-			}).returning();
-			if (!row) throw new Error("Unexpected: INSERT RETURNING produced no row");
-			const initialPayload = defaultRuntimeConfigPayload(runtimeProvider);
-			if (data.gitRepos && data.gitRepos.length > 0) initialPayload.gitRepos = data.gitRepos;
-			await tx.insert(agentConfigs).values({
-				agentId: row.uuid,
-				version: 1,
-				payload: initialPayload,
-				updatedBy: "system"
-			}).onConflictDoNothing();
-			return row;
-		});
-	} catch (err) {
-		if ((err?.code ?? err?.cause?.code ?? "") === "23505" && name) throw new ConflictError(`Agent name "${name}" already exists in organization "${orgId}"`);
-		throw err;
-	}
-}
-async function checkAgentNameAvailability(db, orgId, name) {
-	if (!AGENT_NAME_REGEX$1.test(name)) return {
-		available: false,
-		reason: "invalid"
-	};
-	if (isReservedAgentName$1(name) || name.startsWith(RESERVED_AGENT_NAME_PREFIX)) return {
-		available: false,
-		reason: "reserved"
-	};
-	const [existing] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, orgId), eq(agents.name, name), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	return existing ? {
-		available: false,
-		reason: "taken"
-	} : { available: true };
-}
-async function getAgent(db, uuid) {
-	const [agent] = await db.select().from(agents).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	if (!agent) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return agent;
-}
-/**
-* Admin-only variant: return every non-deleted agent in the org, ignoring
-* the visibility filter. Used by the `/admin` "All Agents" view so a team
-* admin can see and act on private agents owned by other members. The
-* route layer is responsible for gating this to admin callers — the
-* service does not enforce role by itself, but it does enforce org scope
-* and the not-deleted predicate.
-*/
-async function listAgentsForAdmin(db, scope, limit, cursor) {
-	const conditions = [eq(agents.organizationId, scope.organizationId), ne(agents.status, AGENT_STATUSES.DELETED)];
-	if (cursor) conditions.push(lt(agents.createdAt, new Date(cursor)));
-	const where = and(...conditions);
-	const rows = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		organizationId: agents.organizationId,
-		type: agents.type,
-		displayName: agents.displayName,
-		delegateMention: agents.delegateMention,
-		inboxId: agents.inboxId,
-		status: agents.status,
-		visibility: agents.visibility,
-		metadata: agents.metadata,
-		managerId: agents.managerId,
-		clientId: agents.clientId,
-		runtimeProvider: agents.runtimeProvider,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		createdAt: agents.createdAt,
-		updatedAt: agents.updatedAt,
-		presenceStatus: agentPresence.status,
-		runtimeType: agentPresence.runtimeType,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions
-	}).from(agents).leftJoin(agentPresence, eq(agents.uuid, agentPresence.agentId)).where(where).orderBy(desc(agents.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
-	};
-}
-/**
-* List agents visible to a specific member.
-* Uses agentVisibilityCondition from access-control (same rules for all roles).
-*/
-async function listAgentsForMember(db, scope, limit, cursor, type) {
-	const conditions = [agentVisibilityCondition(scope.organizationId, scope.memberId)];
-	if (cursor) conditions.push(lt(agents.createdAt, new Date(cursor)));
-	if (type) conditions.push(eq(agents.type, type));
-	const where = and(...conditions);
-	const rows = await db.select({
-		uuid: agents.uuid,
-		name: agents.name,
-		organizationId: agents.organizationId,
-		type: agents.type,
-		displayName: agents.displayName,
-		delegateMention: agents.delegateMention,
-		inboxId: agents.inboxId,
-		status: agents.status,
-		visibility: agents.visibility,
-		metadata: agents.metadata,
-		managerId: agents.managerId,
-		clientId: agents.clientId,
-		runtimeProvider: agents.runtimeProvider,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		createdAt: agents.createdAt,
-		updatedAt: agents.updatedAt,
-		presenceStatus: agentPresence.status,
-		runtimeType: agentPresence.runtimeType,
-		runtimeState: agentPresence.runtimeState,
-		activeSessions: agentPresence.activeSessions
-	}).from(agents).leftJoin(agentPresence, eq(agents.uuid, agentPresence.agentId)).where(where).orderBy(desc(agents.createdAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const last = items[items.length - 1];
-	return {
-		items,
-		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
-	};
-}
-async function updateAgent(db, uuid, data) {
-	const agent = await getAgent(db, uuid);
-	if (data.clientId !== void 0) {
-		if (data.clientId === null) throw new BadRequestError("clientId cannot be cleared — once bound, an agent stays bound to its client");
-		if (agent.clientId !== null && agent.clientId !== data.clientId) throw new BadRequestError("clientId is immutable through this entry — cross-client moves go through rebindAgent (PATCH /agents/:uuid/rebind), which runs owner / org / capability checks atomically.");
-	}
-	const updates = { updatedAt: /* @__PURE__ */ new Date() };
-	if (data.type !== void 0) {
-		if (data.type !== AGENT_TYPES.HUMAN && agent.delegateMention !== null && data.delegateMention !== null) throw new BadRequestError("Cannot change type away from `human` while delegateMention is set — clear delegateMention in the same patch.");
-		updates.type = data.type;
-	}
-	if (data.displayName !== void 0) updates.displayName = data.displayName;
-	if (data.delegateMention !== void 0) {
-		if (data.delegateMention !== null) {
-			assertDelegateMentionAllowed(data.type ?? agent.type);
-			await validateDelegateMentionTarget(db, data.delegateMention, agent.organizationId);
-		}
-		updates.delegateMention = data.delegateMention;
-	}
-	if (data.visibility !== void 0) updates.visibility = data.visibility;
-	if (data.metadata !== void 0) updates.metadata = data.metadata;
-	if (data.avatarColorToken !== void 0) updates.avatarColorToken = data.avatarColorToken;
-	if (data.managerId !== void 0) {
-		if (data.managerId === null) throw new BadRequestError("managerId cannot be cleared — every agent must have a manager");
-		const [manager] = await db.select({
-			id: members.id,
-			organizationId: members.organizationId
-		}).from(members).where(eq(members.id, data.managerId)).limit(1);
-		if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
-		if (manager.organizationId !== agent.organizationId) throw new BadRequestError("Manager must belong to the same organization as the agent");
-		updates.managerId = data.managerId;
-	}
-	if (data.clientId !== void 0 && data.clientId !== null && agent.clientId === null) {
-		const resolvedClientId = await resolveAgentClient(db, {
-			clientId: data.clientId,
-			managerId: updates.managerId ?? agent.managerId,
-			type: agent.type
-		});
-		if (resolvedClientId !== null) updates.clientId = resolvedClientId;
-	}
-	const [updated] = await db.update(agents).set(updates).where(eq(agents.uuid, agent.uuid)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	if (data.managerId !== void 0 && data.managerId !== agent.managerId) await recomputeWatchersForAgent(db, agent.uuid);
-	return updated;
-}
-/**
-* Atomically re-bind an agent to a new client and/or runtime provider.
-*
-* Validations: agent must exist and not be human; new client must belong to
-* the same owner (manager.userId) and same organization; client must report
-* the requested runtime provider in its capabilities (skipped under `force`).
-*
-* Intended caller: PATCH /agents/:uuid/rebind. The Web "Re-bind"
-* dialog routes both same-client runtime-only switches and cross-client
-* moves through this single entry.
-*
-* NOTE: active sessions on the previous client are not auto-suspended in P1.
-* P3 will wire in cross-service coordination (inbox + presence + session)
-* so the destination client can resume cleanly.
-*/
-async function rebindAgent(db, uuid, data) {
-	const agent = await getAgent(db, uuid);
-	if (agent.type === "human") throw new BadRequestError("Human agents have no runtime — they cannot be re-bound to a client.");
-	const newClientId = await resolveAgentClient(db, {
-		clientId: data.clientId,
-		managerId: agent.managerId,
-		type: agent.type
-	});
-	if (newClientId === null) throw new BadRequestError("Rebind requires a non-null clientId.");
-	await ensureClientSupportsRuntimeProvider(db, newClientId, data.runtimeProvider, { force: data.force });
-	const [updated] = await db.update(agents).set({
-		clientId: newClientId,
-		runtimeProvider: data.runtimeProvider,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return updated;
-}
-/**
-* Reactivate a suspended agent.
-*/
-async function reactivateAgent(db, uuid) {
-	const [existing] = await db.select({
-		uuid: agents.uuid,
-		status: agents.status
-	}).from(agents).where(eq(agents.uuid, uuid)).limit(1);
-	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${uuid}" not found`);
-	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be reactivated.");
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.ACTIVE,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return agent;
-}
-/**
-* Suspend an agent. Once suspended, Rule R-RUN refuses every runtime bind
-* and every agent-selector-authorised HTTP call.
-*/
-async function suspendAgent(db, uuid) {
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.SUSPENDED,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning();
-	if (!agent) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return agent;
-}
-/**
-* Delete an agent. Only allowed when status is "suspended". Sets name to NULL
-* so the name becomes reusable.
-*/
-async function deleteAgent(db, uuid) {
-	const [existing] = await db.select({
-		uuid: agents.uuid,
-		status: agents.status
-	}).from(agents).where(eq(agents.uuid, uuid)).limit(1);
-	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${uuid}" not found`);
-	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be deleted. Suspend the agent first.");
-	const [agent] = await db.update(agents).set({
-		status: AGENT_STATUSES.DELETED,
-		name: null,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(eq(agents.uuid, uuid)).returning();
-	await db.delete(adapterConfigs).where(eq(adapterConfigs.agentId, uuid));
-	await db.delete(adapterAgentMappings).where(eq(adapterAgentMappings.agentId, uuid));
-	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
-	return agent;
-}
-/**
-* Supported avatar-image MIME types. The web client always uploads WEBP after
-* its own resize step; we accept PNG/JPEG too so a caller using the raw HTTP
-* API (curl, scripts) doesn't have to re-encode. Anything else is rejected at
-* the boundary — we never store an unknown content type.
-*/
-const SUPPORTED_AVATAR_IMAGE_MIMES = [
-	"image/webp",
-	"image/png",
-	"image/jpeg"
-];
-/** Hard server-side ceiling for the stored bytea blob. Client pre-resizes to ~50KB. */
-const MAX_AVATAR_IMAGE_BYTES = 512 * 1024;
-function isSupportedAvatarMime(mime) {
-	return SUPPORTED_AVATAR_IMAGE_MIMES.find((m) => m === mime) !== void 0;
-}
-/**
-* Fetch the avatar image blob for an agent. Returns `null` when no image
-* is set (the column is NULL). The data + mime pair is always coherent
-* (set/cleared together by the service writes below).
-*/
-async function getAgentAvatarImage(db, uuid) {
-	const [row] = await db.select({
-		data: agents.avatarImageData,
-		mime: agents.avatarImageMime,
-		updatedAt: agents.avatarImageUpdatedAt
-	}).from(agents).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).limit(1);
-	if (!row || !row.data || !row.mime || !row.updatedAt) return null;
-	return {
-		data: row.data,
-		mime: row.mime,
-		updatedAt: row.updatedAt
-	};
-}
-/** Replace (or set) an agent's avatar image. Validates mime + size. */
-async function setAgentAvatarImage(db, uuid, data, mime) {
-	if (!isSupportedAvatarMime(mime)) throw new BadRequestError(`Unsupported avatar image type "${mime}". Use PNG, JPEG, or WEBP.`);
-	if (data.length === 0) throw new BadRequestError("Avatar image payload is empty.");
-	if (data.length > 524288) throw new BadRequestError(`Avatar image is too large (${data.length} bytes; max ${MAX_AVATAR_IMAGE_BYTES}).`);
-	const now = /* @__PURE__ */ new Date();
-	if ((await db.update(agents).set({
-		avatarImageData: data,
-		avatarImageMime: mime,
-		avatarImageUpdatedAt: now,
-		updatedAt: now
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning({ uuid: agents.uuid })).length === 0) throw new NotFoundError(`Agent "${uuid}" not found`);
-	return now;
-}
-/** Clear an agent's avatar image (falls back to color + initial). */
-async function clearAgentAvatarImage(db, uuid) {
-	if ((await db.update(agents).set({
-		avatarImageData: null,
-		avatarImageMime: null,
-		avatarImageUpdatedAt: null,
-		updatedAt: /* @__PURE__ */ new Date()
-	}).where(and(eq(agents.uuid, uuid), ne(agents.status, AGENT_STATUSES.DELETED))).returning({ uuid: agents.uuid })).length === 0) throw new NotFoundError(`Agent "${uuid}" not found`);
-}
-const log$5 = createLogger$1("AgentFeishuBot");
-async function agentFeishuBotRoutes(app) {
-	/**
-	* PUT /agent/me/feishu-bot
-	* Self-service: agent binds its own Feishu bot (upsert).
-	*/
-	app.put("/me/feishu-bot", async (request, reply) => {
-		const identity = requireAgent(request);
-		const body = selfServiceFeishuBotSchema.parse(request.body);
-		if ((await getAgent(app.db, identity.uuid)).type === "human") throw new BadRequestError("Human agents cannot bind Feishu bots. Use bind-user instead.");
-		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
-		let config;
-		if (current) config = await updateAdapterConfig(app.db, current.id, {
-			credentials: {
-				app_id: body.appId,
-				app_secret: body.appSecret
-			},
-			status: "active"
-		}, app.config.secrets.encryptionKey);
-		else config = await createAdapterConfig(app.db, {
-			platform: "feishu",
-			agentId: identity.uuid,
-			credentials: {
-				app_id: body.appId,
-				app_secret: body.appSecret
-			},
-			status: "active"
-		}, app.config.secrets.encryptionKey);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service bind"));
-		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
-		return reply.status(current ? 200 : 201).send({
-			...config,
-			createdAt: config.createdAt.toISOString(),
-			updatedAt: config.updatedAt.toISOString()
-		});
-	});
-	/**
-	* DELETE /agent/me/feishu-bot
-	* Self-service: agent unbinds its own Feishu bot.
-	*/
-	app.delete("/me/feishu-bot", async (request, reply) => {
-		const identity = requireAgent(request);
-		const current = (await listAdapterConfigs(app.db)).find((c) => c.agentId === identity.uuid && c.platform === "feishu");
-		if (!current) return reply.status(204).send();
-		await deleteAdapterConfig(app.db, current.id);
-		app.adapterManager.reload().catch((err) => log$5.error({ err }, "adapter reload failed after self-service unbind"));
-		app.notifier.notifyConfigChange("adapter_configs").catch(() => {});
-		return reply.status(204).send();
-	});
-}
-/**
-* Maps internal Chats to external IM platform channels.
-* NOTE: The unique constraint uses COALESCE(thread_id, '') which cannot be
-* expressed in Drizzle ORM. It is defined in the migration SQL directly as:
-*   CREATE UNIQUE INDEX uq_adapter_chat_mapping ON adapter_chat_mappings
-*     (platform, external_channel_id, COALESCE(thread_id, ''));
-*/
-const adapterChatMappings = pgTable("adapter_chat_mappings", {
-	id: serial("id").primaryKey(),
-	platform: text("platform").notNull(),
-	externalChannelId: text("external_channel_id").notNull(),
-	chatId: text("chat_id").notNull().references(() => chats.id),
-	threadId: text("thread_id"),
-	metadata: jsonb("metadata").$type().notNull().default({}),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-});
-/** Cross-reference between internal messages and external platform message IDs. */
-const adapterMessageReferences = pgTable("adapter_message_references", {
-	id: serial("id").primaryKey(),
-	messageId: text("message_id").notNull().references(() => messages.id),
-	platform: text("platform").notNull(),
-	externalMessageId: text("external_message_id").notNull(),
-	externalChannelId: text("external_channel_id").notNull(),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow()
-}, (table) => [unique("uq_adapter_message_ref").on(table.messageId, table.platform)]);
-/**
-* Attempt to claim an event for processing.
-* Returns true if this is the first time the event is seen, false if duplicate.
-*/
-async function claimEvent(db, eventId, platform) {
-	return (await db.execute(sql`INSERT INTO processed_events (event_id, platform) VALUES (${eventId}, ${platform}) ON CONFLICT DO NOTHING RETURNING event_id`)).length > 0;
-}
-/**
-* Remove a claimed event so it can be retried on next delivery.
-* Called when processing fails after claimEvent() succeeded.
-*/
-async function unclaimEvent(db, eventId, platform) {
-	await db.execute(sql`DELETE FROM processed_events WHERE event_id = ${eventId} AND platform = ${platform}`);
-}
-/** Look up the internal agent ID for an external user. */
-async function findAgentByExternalUser(db, platform, externalUserId) {
-	const [row] = await db.select({
-		agentId: adapterAgentMappings.agentId,
-		displayName: adapterAgentMappings.displayName
-	}).from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, platform), eq(adapterAgentMappings.externalUserId, externalUserId))).limit(1);
-	return row ?? null;
-}
-/** Look up the external user ID for an internal agent. */
-async function findExternalUserByAgent(db, platform, agentId) {
-	const [row] = await db.select({ externalUserId: adapterAgentMappings.externalUserId }).from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, platform), eq(adapterAgentMappings.agentId, agentId))).limit(1);
-	return row ?? null;
-}
-/** Create an agent mapping. */
-async function createAgentMapping(db, data) {
-	const [row] = await db.insert(adapterAgentMappings).values({
-		platform: data.platform,
-		externalUserId: data.externalUserId,
-		agentId: data.agentId,
-		boundVia: data.boundVia ?? null,
-		displayName: data.displayName ?? null,
-		metadata: data.metadata ?? {}
-	}).onConflictDoNothing().returning();
-	if (!row) {
-		const [existing] = await db.select().from(adapterAgentMappings).where(and(eq(adapterAgentMappings.platform, data.platform), eq(adapterAgentMappings.externalUserId, data.externalUserId))).limit(1);
-		if (!existing) throw new Error("Unexpected: concurrent insert failed and row not found");
-		return existing;
-	}
-	return row;
+	return row;
 }
 /** Look up the internal chat ID for an external channel. */
 async function findChatByExternalChannel(db, platform, externalChannelId, threadId) {
@@ -12147,7 +11656,7 @@ async function findOrCreateChatForChannel(db, data) {
 	const internalType = data.chatType === "p2p" ? "direct" : "group";
 	return db.transaction(async (tx) => {
 		const [botAgent] = await tx.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, data.botAgentId)).limit(1);
-		const orgId = botAgent?.organizationId ?? await resolveDefaultOrgId(db);
+		const orgId = botAgent?.organizationId ?? await resolveDefaultOrgId$1(db);
 		const metadata = chatMetadataSchema$1.parse({
 			source: data.platform,
 			externalChannelId: data.externalChannelId
@@ -12238,355 +11747,11 @@ async function agentFeishuUserRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-function normaliseSource(source) {
-	if (source === null) return null;
-	const parsed = messageSourceSchema$1.safeParse(source);
-	return parsed.success ? parsed.data : null;
-}
-function normaliseMode(mode) {
-	return mode === "mention_only" ? "mention_only" : "full";
-}
-/**
-* Batch variant — builds all payloads with a single DB lookup per agent plus
-* batched lookups for participant modes and inReplyTo snapshots.
-*/
-async function buildClientMessagePayloadsForInbox(db, inboxId, items) {
-	if (items.length === 0) return [];
-	const agentId = await resolveAgentId(db, {
-		kind: "inboxId",
-		inboxId
-	});
-	const [cfg] = await db.select({ version: agentConfigs.version }).from(agentConfigs).where(eq(agentConfigs.agentId, agentId)).limit(1);
-	const version = cfg?.version ?? 1;
-	const chatIds = [...new Set(items.map((it) => it.entryChatId ?? it.message.chatId).filter((id) => id !== null))];
-	const modeByChat = /* @__PURE__ */ new Map();
-	if (chatIds.length > 0) {
-		const rows = await db.select({
-			chatId: chatMembership.chatId,
-			mode: chatMembership.mode
-		}).from(chatMembership).where(and(eq(chatMembership.agentId, agentId), inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
-		for (const r of rows) modeByChat.set(r.chatId, normaliseMode(r.mode));
-	}
-	const inReplyToIds = [...new Set(items.map((it) => it.message.inReplyTo).filter((id) => id !== null))];
-	const snapshotById = /* @__PURE__ */ new Map();
-	if (inReplyToIds.length > 0) {
-		const origs = await db.select({
-			id: messages.id,
-			senderId: messages.senderId,
-			chatId: messages.chatId,
-			replyToChat: messages.replyToChat
-		}).from(messages).where(inArray(messages.id, inReplyToIds));
-		for (const o of origs) snapshotById.set(o.id, {
-			senderId: o.senderId,
-			chatId: o.chatId,
-			replyToChat: o.replyToChat
-		});
-	}
-	return items.map(({ entryChatId, message: m, precedingMessages = [] }) => ({
-		id: m.id,
-		chatId: m.chatId,
-		senderId: m.senderId,
-		format: m.format,
-		content: m.content,
-		metadata: m.metadata,
-		replyToInbox: m.replyToInbox,
-		replyToChat: m.replyToChat,
-		inReplyTo: m.inReplyTo,
-		source: normaliseSource(m.source),
-		createdAt: m.createdAt,
-		configVersion: version,
-		recipientMode: modeByChat.get(entryChatId ?? m.chatId) ?? "full",
-		inReplyToSnapshot: m.inReplyTo ? snapshotById.get(m.inReplyTo) ?? null : null,
-		precedingMessages
-	}));
-}
-async function resolveAgentId(db, source) {
-	if (source.kind === "agentId") return source.agentId;
-	const [agent] = await db.select({ uuid: agents.uuid }).from(agents).where(eq(agents.inboxId, source.inboxId)).limit(1);
-	if (!agent) throw new Error(`No agent owns inbox "${source.inboxId}"`);
-	return agent.uuid;
-}
-const DEFAULT_INBOX_TIMEOUT_SECONDS = 300;
-const DEFAULT_MAX_RETRY_COUNT = 3;
-const PRECEDING_CONTEXT_WINDOW_SECONDS = 1440 * 60;
-async function pollInbox(db, inboxId, limit) {
-	return withSpan("inbox.deliver", {
-		"inbox.id": inboxId,
-		"inbox.poll.limit": limit
-	}, () => pollInboxInner(db, inboxId, limit));
-}
-async function pollInboxInner(db, inboxId, limit) {
-	return db.transaction(async (tx) => {
-		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(limit).for("update", { skipLocked: true });
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
-			status: "delivered",
-			deliveredAt: /* @__PURE__ */ new Date()
-		}).where(inArray(inboxEntries.id, targetIds)).returning());
-	});
-}
-/**
-* Shared payload assembler for already-claimed `inbox_entries` rows.
-*
-* Both the HTTP poll path (`pollInbox`) and the WS push path
-* (`claimAndBuildForPush`) call this with rows they have just `UPDATE`d to
-* `status='delivered'`. Keeping the silent-context bundling in one place is
-* the only way to keep the two paths from drifting (proposal
-* hub-inbox-ws-data-plane §3.2 risk #1).
-*
-* Steps:
-*   1. Sort by `createdAt` ASC (PG `RETURNING` does not guarantee order).
-*   2. For each trigger, collect silent context & bulk-ack stale silent rows.
-*   3. Fetch the trigger messages.
-*   4. Build wire payloads via the single dispatcher.
-*
-* Returns `[]` if `claimed` is empty.
-*/
-async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
-	if (claimed.length === 0) return [];
-	claimed.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-	const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
-	const messageIds = claimed.map((e) => e.messageId);
-	const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
-	const msgMap = new Map(msgs.map((m) => [m.id, m]));
-	const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
-		const msg = msgMap.get(entry.messageId);
-		if (!msg) throw new Error(`Unexpected: message ${entry.messageId} not found`);
-		return {
-			entryChatId: entry.chatId,
-			precedingMessages: precedingByEntryId.get(entry.id) ?? [],
-			message: {
-				id: msg.id,
-				chatId: msg.chatId,
-				senderId: msg.senderId,
-				format: msg.format,
-				content: msg.content,
-				metadata: msg.metadata,
-				replyToInbox: msg.replyToInbox,
-				replyToChat: msg.replyToChat,
-				inReplyTo: msg.inReplyTo,
-				source: msg.source,
-				createdAt: msg.createdAt.toISOString()
-			}
-		};
-	}));
-	return claimed.map((entry, idx) => {
-		const payload = payloads[idx];
-		if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
-		return {
-			id: entry.id,
-			inboxId: entry.inboxId,
-			messageId: entry.messageId,
-			chatId: entry.chatId,
-			status: entry.status,
-			retryCount: entry.retryCount,
-			createdAt: entry.createdAt.toISOString(),
-			deliveredAt: entry.deliveredAt?.toISOString() ?? null,
-			ackedAt: entry.ackedAt?.toISOString() ?? null,
-			message: payload
-		};
-	});
-}
-/**
-* Realistic upper bound on rows a single NOTIFY references. The unique
-* constraint `(inbox_id, message_id, chat_id)` caps a `(inbox, message)`
-* pair at one row per chatId; the only way to exceed 1 today is the replyTo
-* cross-chat path (`message.ts` writes a second row keyed by the original's
-* `replyToChat`). 8 leaves headroom for any future fan-out variant without
-* requiring a schema change here.
-*/
-const PUSH_CLAIM_BATCH_LIMIT = 8;
-/**
-* WS-push path: atomically claim every pending entry the just-fired
-* `NOTIFY (inboxId:messageId)` references and assemble their wire payloads.
-*
-* Returns `[]` if no row matches — benign race with HTTP poll or another
-* server instance that already claimed the entry. NOTIFY is fire-and-forget
-* (proposal §3.2).
-*
-* Why an array, not a single row: `sendMessage` can write **two** rows for
-* the same `(inbox, messageId)` pair when the recipient is both a chat
-* participant and the `replyToInbox` of an earlier message — the unique key
-* is `(inbox_id, message_id, chat_id)`, so the rows differ by chatId. The
-* old `LIMIT 1` shape would only push the first; the second sat `pending`
-* until reconnect. Aligning with `pollInboxInner`'s `LIMIT N` shape closes
-* that gap and keeps push/poll behaviour interchangeable.
-*/
-async function claimAndBuildForPush(db, inboxId, messageId) {
-	return withSpan("inbox.deliver.push", {
-		"inbox.id": inboxId,
-		"message.id": messageId
-	}, () => db.transaction(async (tx) => {
-		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.messageId, messageId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(PUSH_CLAIM_BATCH_LIMIT).for("update", { skipLocked: true });
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
-			status: "delivered",
-			deliveredAt: /* @__PURE__ */ new Date()
-		}).where(inArray(inboxEntries.id, targetIds)).returning());
-	}));
-}
-/**
-* WS-push backlog path: on agent rebind (or once an in-flight slot frees up
-* after an ack), drain up to `limit` pending `notify=true` entries oldest-
-* first and assemble wire payloads. Identical claim shape to the HTTP poll
-* path — they are intentionally interchangeable so a hot-path bug fixed in
-* one shows up in the other (proposal §3.3 / §3.5).
-*/
-async function claimBacklogForPush(db, inboxId, limit) {
-	return withSpan("inbox.deliver.backlog", {
-		"inbox.id": inboxId,
-		"inbox.backlog.limit": limit
-	}, () => pollInboxInner(db, inboxId, limit));
-}
-/**
-* Per claimed trigger: SELECT silent (notify=false) pending rows in the same
-* chat that occurred between the previous trigger in this batch (or beginning
-* of time) and this trigger, capped by `PRECEDING_CONTEXT_MAX_ENTRIES` and
-* `PRECEDING_CONTEXT_WINDOW_SECONDS`. Returned messages are oldest-first.
-*
-* Side effect: bulk-ack ALL silent pending rows in each chat with
-* createdAt < latest_trigger.createdAt — including ones that fell outside
-* the window/cap. Otherwise stale silent rows would accumulate and re-load
-* on every poll.
-*/
-async function collectPrecedingContext(tx, inboxId, triggers) {
-	const result = /* @__PURE__ */ new Map();
-	const byChat = /* @__PURE__ */ new Map();
-	for (const t of triggers) {
-		if (t.chatId === null) continue;
-		const list = byChat.get(t.chatId) ?? [];
-		list.push(t);
-		byChat.set(t.chatId, list);
-	}
-	for (const [chatId, chatTriggers] of byChat) {
-		chatTriggers.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-		let prevCreatedAt = null;
-		for (const trigger of chatTriggers) {
-			const preceding = (await tx.select({
-				messageId: messages.id,
-				senderId: messages.senderId,
-				format: messages.format,
-				content: messages.content,
-				metadata: messages.metadata,
-				createdAt: messages.createdAt
-			}).from(inboxEntries).innerJoin(messages, eq(messages.id, inboxEntries.messageId)).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, trigger.createdAt), prevCreatedAt === null ? void 0 : gt(inboxEntries.createdAt, prevCreatedAt), sql`${inboxEntries.createdAt} > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})`)).orderBy(desc(inboxEntries.createdAt)).limit(50).for("update", {
-				of: inboxEntries,
-				skipLocked: true
-			})).map((r) => ({
-				id: r.messageId,
-				senderId: r.senderId,
-				format: r.format,
-				content: r.content,
-				metadata: r.metadata ?? {},
-				createdAt: r.createdAt.toISOString()
-			})).reverse();
-			result.set(trigger.id, preceding);
-			prevCreatedAt = trigger.createdAt;
-		}
-		const latestTrigger = chatTriggers[chatTriggers.length - 1];
-		if (latestTrigger) await tx.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, latestTrigger.createdAt)));
-	}
-	return result;
-}
-async function ackEntry$2(db, entryId, inboxId) {
-	return withSpan("inbox.ack", {
-		[FIRST_TREE_HUB_ATTR.INBOX_ENTRY_ID]: String(entryId),
-		"inbox.id": inboxId
-	}, async () => {
-		const [entry] = await db.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.id, entryId), eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "delivered"))).returning();
-		if (!entry) throw new NotFoundError("Inbox entry not found or not in delivered status");
-		return entry;
-	});
-}
-/**
-* Ack a delivered entry from the WS data plane, scoped to the inboxes the
-* connected socket has bound. Returns the acked row on success, `null` if no
-* row matches — a benign outcome the caller should ignore (the entry may
-* have already been acked, timed out, or never belonged to this socket).
-*
-* Distinct from {@link ackEntry} so the WS path can ack without trusting an
-* `inboxId` from the wire — only entries whose `inboxId` is in `inboxIds`
-* are eligible. Empty `inboxIds` short-circuits to `null`.
-*/
-async function ackEntryByIdForBoundAgents(db, entryId, inboxIds) {
-	if (inboxIds.length === 0) return null;
-	return withSpan("inbox.ack.ws", { [FIRST_TREE_HUB_ATTR.INBOX_ENTRY_ID]: String(entryId) }, async () => {
-		const [entry] = await db.update(inboxEntries).set({
-			status: "acked",
-			ackedAt: /* @__PURE__ */ new Date()
-		}).where(and(eq(inboxEntries.id, entryId), inArray(inboxEntries.inboxId, inboxIds), eq(inboxEntries.status, "delivered"))).returning();
-		return entry ?? null;
-	});
-}
-async function renewEntry(db, entryId, inboxId) {
-	const [entry] = await db.update(inboxEntries).set({ deliveredAt: /* @__PURE__ */ new Date() }).where(and(eq(inboxEntries.id, entryId), eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "delivered"))).returning();
-	if (!entry) throw new NotFoundError("Inbox entry not found or not in delivered status");
-	return entry;
-}
-async function resetTimedOutEntries(db, timeoutSeconds = DEFAULT_INBOX_TIMEOUT_SECONDS, maxRetries = DEFAULT_MAX_RETRY_COUNT) {
-	const reset = await db.update(inboxEntries).set({
-		status: "pending",
-		retryCount: sql`${inboxEntries.retryCount} + 1`
-	}).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, lt(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
-	const failed = await db.update(inboxEntries).set({ status: "failed" }).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, gte(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
-	return {
-		reset: reset.length,
-		failed: failed.length
-	};
-}
-/** Default age (30 days) past which silent rows that no notify-true delivery
-*  ever picked up are physically deleted. */
-const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
-/**
-* Garbage-collect silent inbox rows so the table doesn't grow forever in
-* chats where a `mention_only` agent is never @mentioned.
-*
-* Two cleanup paths:
-*
-*   1. `notify=false AND status='acked'` of any age — these are fully
-*      consumed (either bundled into a previous trigger or aged out via the
-*      bulk-ack in `collectPrecedingContext`); keep them only as long as
-*      the corresponding message rows we link to. The unique constraint
-*      `(inbox_id, message_id, chat_id)` means leaving them around blocks
-*      legitimate retries with the same key.
-*
-*   2. `notify=false AND status='pending' AND createdAt < NOW() - maxAge` —
-*      stale silent rows that no trigger ever caught up with. After 30
-*      days they're useless as preceding context (the @mention almost
-*      certainly already happened or the chat went dormant).
-*
-* Returns the number of rows deleted in each bucket so the background task
-* can log meaningful counts.
-*/
-async function pruneStaleSilentEntries(db, maxAgeSeconds = SILENT_ROW_GC_MAX_AGE_SECONDS) {
-	const ackedDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "acked"))).returning({ id: inboxEntries.id });
-	const stalePendingDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "pending"), sql`${inboxEntries.createdAt} < NOW() - make_interval(secs => ${maxAgeSeconds})`)).returning({ id: inboxEntries.id });
-	return {
-		ackedDeleted: ackedDeleted.length,
-		stalePendingDeleted: stalePendingDeleted.length
-	};
-}
 async function agentInboxRoutes(app) {
 	app.get("/", async (request) => {
 		const identity = requireAgent(request);
-		const query = inboxPollQuerySchema.parse(request.query);
-		return await pollInbox(app.db, identity.inboxId, query.limit);
-	});
-	app.post("/:entryId/ack", async (request, reply) => {
-		const identity = requireAgent(request);
-		const entryId = Number(request.params.entryId);
-		await ackEntry$2(app.db, entryId, identity.inboxId);
-		return reply.status(204).send();
-	});
-	app.post("/:entryId/renew", async (request, reply) => {
-		const identity = requireAgent(request);
-		const entryId = Number(request.params.entryId);
-		await renewEntry(app.db, entryId, identity.inboxId);
-		return reply.status(204).send();
+		const query = inboxPollQuerySchema.parse(request.query);
+		return await pollInbox(app.db, identity.inboxId, query.limit);
 	});
 }
 async function agentMeRoutes(app) {
@@ -12619,11 +11784,11 @@ async function agentMeRoutes(app) {
 *      {imageId, mimeType, filename, size}
 *
 * The push is fire-and-forget: `ws.send()` queues the frame into the socket's
-* send buffer synchronously, which is the only ordering guarantee we need
-* — the subsequent `new_message` notification travels a strictly slower PG
-* NOTIFY round trip, so the image lands first on the wire. Awaiting the TCP
-* flush here would put a slow subscriber's backpressure on the sender's
-* HTTP response for a feature that is already best-effort.
+* send buffer synchronously, which is the only ordering guarantee we need —
+* the subsequent `inbox:deliver` frame is driven by a PG NOTIFY round trip,
+* so the image lands first on the wire. Awaiting the TCP flush here would
+* put a slow subscriber's backpressure on the sender's HTTP response for a
+* feature that is already best-effort.
 *
 * Non-image messages are returned unchanged. Missing-subscriber / wrong-
 * instance cases are acceptable loss per the image-out-of-messages design
@@ -13320,8 +12485,7 @@ async function summarizeContextTreeUsage(db, organizationId, windowDays) {
 /**
 * Default per-agent in-flight cap when `server.inbox.maxInFlightPerAgent` is
 * unset. Mirrors the schema default so a hub running without an explicit
-* `inbox` block still gets reasonable backpressure once `wsDataPlane` is
-* flipped on. See proposal hub-inbox-ws-data-plane §3.5.
+* `inbox` block still gets reasonable backpressure.
 */
 const DEFAULT_INBOX_MAX_IN_FLIGHT_PER_AGENT = 32;
 /**
@@ -13366,23 +12530,12 @@ function clientWsRoutes(notifier, instanceId) {
 			let authExpiryTimer = null;
 			const boundAgents = /* @__PURE__ */ new Map();
 			/**
-			* Whether the connected client opted into the WS inbox data plane via
-			* `client:register.wireCapabilities.wsInboxDeliver`. Set per-socket
-			* because client SDKs are upgraded independently — an old client
-			* connecting to a new server must keep receiving the legacy
-			* `new_message` doorbell + HTTP poll path (proposal §3.6).
-			*/
-			let clientWantsWsInboxDeliver = false;
-			/**
 			* Per-agent in-flight `inbox:deliver` counter for backpressure. Lives on
 			* the socket — when the WS closes it goes with it; that's intentional,
 			* because re-counting on a fresh connection would bias the cap against
-			* a healthy reconnect (proposal §3.5).
+			* a healthy reconnect.
 			*/
 			const inboxInFlight = /* @__PURE__ */ new Map();
-			function pushUseWsDataPlane() {
-				return clientWantsWsInboxDeliver;
-			}
 			/**
 			* Returns `false` when the socket has already moved out of `OPEN` —
 			* the only failure mode the caller can observe synchronously.
@@ -13625,7 +12778,6 @@ function clientWsRoutes(notifier, instanceId) {
 					try {
 						if (type === "client:register") {
 							const data = clientRegisterSchema.parse(msg);
-							clientWantsWsInboxDeliver = data.wireCapabilities?.wsInboxDeliver === true;
 							let placeholderOrgId = jwtDefaultOrgId;
 							if (!placeholderOrgId) {
 								const [m] = await app.db.select({ organizationId: members.organizationId }).from(members).where(and(eq(members.userId, session.userId), eq(members.status, "active"))).orderBy(desc(members.createdAt), desc(members.id)).limit(1);
@@ -13763,9 +12915,7 @@ function clientWsRoutes(notifier, instanceId) {
 								inboxId: agent.inboxId,
 								organizationId: agent.organizationId
 							});
-							const wsPushActive = pushUseWsDataPlane();
-							if (wsPushActive) notifier.subscribe(agent.inboxId, socket, makeInboxPushHandler(agent.id, agent.inboxId));
-							else notifier.subscribe(agent.inboxId, socket);
+							notifier.subscribe(agent.inboxId, socket, makeInboxPushHandler(agent.id, agent.inboxId));
 							socket.send(JSON.stringify({
 								type: "agent:bound",
 								ref,
@@ -13773,7 +12923,7 @@ function clientWsRoutes(notifier, instanceId) {
 								displayName: agent.displayName,
 								agentType: agent.type
 							}));
-							if (wsPushActive) drainBacklogForAgent(agent.id, agent.inboxId).catch((err) => {
+							drainBacklogForAgent(agent.id, agent.inboxId).catch((err) => {
 								app.log.error({
 									err,
 									agentId: agent.id
@@ -13894,6 +13044,14 @@ function clientWsRoutes(notifier, instanceId) {
 						} else if (type === "inbox:ack") {
 							const payloadResult = inboxAckFrameSchema.safeParse(msg);
 							if (!payloadResult.success) {
+								app.log.warn({
+									clientId,
+									issues: payloadResult.error.issues.map((i) => ({
+										path: i.path.join("."),
+										code: i.code,
+										message: i.message
+									}))
+								}, "malformed inbox:ack frame — replying error");
 								socket.send(JSON.stringify({
 									type: "error",
 									message: "Malformed inbox:ack frame"
@@ -13903,7 +13061,14 @@ function clientWsRoutes(notifier, instanceId) {
 							const { entryId } = payloadResult.data;
 							try {
 								const ackedEntry = await ackEntryByIdForBoundAgents(app.db, entryId, [...boundAgents.values()].map((a) => a.inboxId));
-								if (!ackedEntry) return;
+								if (!ackedEntry) {
+									app.log.debug({
+										clientId,
+										entryId,
+										boundInboxes: boundAgents.size
+									}, "inbox:ack matched no row — stale ack or reaper race");
+									return;
+								}
 								const owner = [...boundAgents.values()].find((a) => a.inboxId === ackedEntry.inboxId);
 								if (owner) {
 									inboxInFlight.set(owner.agentId, Math.max(0, (inboxInFlight.get(owner.agentId) ?? 1) - 1));
@@ -14591,6 +13756,7 @@ const APP_JWT_EXPIRY = "9m";
 * caller's side; the docs recommend 60 seconds. We mirror that.
 */
 const APP_JWT_IAT_SKEW_SECONDS = 60;
+const APP_INSTALLATION_TOKEN_URL = (id) => `https://api.github.com/app/installations/${id}/access_tokens`;
 const APP_INSTALLATION_URL = (id) => `https://api.github.com/app/installations/${id}`;
 const OAUTH_TOKEN_URL = "https://github.com/login/oauth/access_token";
 const OAUTH_AUTHORIZE_URL = "https://github.com/login/oauth/authorize";
@@ -14695,6 +13861,39 @@ async function listUserAccessibleInstallationIds(userAccessToken, opts = {}) {
 	return out;
 }
 /**
+* Mint a per-installation token (server-to-server). The token is cheap
+* (one signature + one HTTP round-trip) and the upstream TTL is ~1h, so
+* the recommended caller pattern is "mint per request" rather than caching
+* — caching forces the caller to also track expiry, suspended state, and
+* GitHub-side permission churn, which the design explicitly punts to Phase
+* 4. We give callers a typed result and let them cache if profiling shows
+* the round-trip is hot.
+*
+* Throws `GithubAppApiError` on non-2xx. 401 means the App JWT is bad or
+* the App's key has been rotated upstream; 404 means the installation
+* was uninstalled. Callers SHOULD persist the suspension state when 403
+* comes back with `suspended` (the design tracks this as `suspended_at`
+* on `github_app_installations`).
+*/
+async function mintInstallationToken(appJwt, installationId, opts = {}) {
+	const res = await (opts.fetcher ?? fetch)(APP_INSTALLATION_TOKEN_URL(installationId), {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${appJwt}`,
+			Accept: "application/vnd.github+json",
+			"X-GitHub-Api-Version": "2022-11-28"
+		}
+	});
+	if (!res.ok) throw new GithubAppApiError(res.status, `GitHub App installation-token request failed (${res.status})`);
+	const body = await res.json();
+	return {
+		token: body.token,
+		expiresAt: body.expires_at,
+		permissions: body.permissions ?? {},
+		repositorySelection: body.repository_selection ?? "all"
+	};
+}
+/**
 * Trade an expiring user-to-server access token for a fresh pair using
 * its refresh token. Thrown on:
 *   - Network / 5xx           — `GithubAppApiError(status, …)`
@@ -15765,743 +14964,6 @@ async function bootstrapConfigRoutes(_app) {
 	});
 }
 /**
-* Per-(chat, agent) user state — independent from membership structure.
-*
-* This is the third layer of the chat data model: while `chats` owns
-* the entity and `chat_membership` owns the structural relation
-* (who can speak, who watches), this table owns the user's private
-* state about a chat. The reason it lives apart: structural changes
-* (speaker ↔ watcher, manager rebind, recompute) must never overwrite
-* user-private state — physical separation makes that an invariant
-* rather than a service-layer discipline.
-*
-* Columns evolve incrementally as new per-user state is needed.
-* Currently:
-*   - `last_read_at`, `unread_mention_count` — seeded by PR-A from
-*     the legacy `chat_participants` / `chat_subscriptions` columns.
-*   - `engagement_status` — added in 0040; per-(chat, user) view
-*     state (active / archived / deleted). Auto-revives archived →
-*     active on new message; deleted is sticky (only the user can
-*     restore from the chat detail page).
-*
-* Future fields slated for this table: pinned, mute_until, draft,
-* custom_title, last_seen_at — each as a separate change.
-*
-* Rows are lazy-upserted on first user write (markRead / mention
-* counter bump / engagement transition). Reads use COALESCE for
-* defaults so callers see `'active'` etc. even when no row exists.
-* Service-layer integrity (no FK / CHECK / trigger).
-*
-* See proposals/chat-data-model-restructure.20260512.md §8.6.
-*/
-const chatUserState = pgTable("chat_user_state", {
-	chatId: text("chat_id").notNull(),
-	agentId: text("agent_id").notNull(),
-	lastReadAt: timestamp("last_read_at", { withTimezone: true }),
-	unreadMentionCount: integer("unread_mention_count").notNull().default(0),
-	engagementStatus: text("engagement_status").notNull().default("active")
-}, (table) => [
-	primaryKey({ columns: [table.chatId, table.agentId] }),
-	index("idx_user_state_agent").on(table.agentId),
-	index("idx_user_state_unread").on(table.agentId).where(sql`unread_mention_count > 0`)
-]);
-/** Extract a plain-text summary from a message's JSONB content field.
-*  Used as the auto-title fallback in chat list rendering — see
-*  `me-chat.ts:resolveChatTitle` and `admin/chats.ts:getChat`.
-*
-*  - `@<name>` mention tokens are stripped before truncation: in the
-*    chat-first model they're routing/audience metadata, not part of
-*    the user's intent. Leaving them in produces noisy titles like
-*    "@hub-agent-01 帮我重构这个文件" or "你好 @hub-agent-02 看看".
-*  - Whitespace runs (including those left behind by mention removal)
-*    collapse to single spaces.
-*  - If the cleaned text is empty (e.g., a message that's only
-*    `@hub-agent-01`), returns null so the caller falls through to
-*    the participant-join fallback.
-*  - Slicing is code-point-aware (`Array.from + join`) so emoji /
-*    surrogate pairs aren't split into garbled half-characters. */
-function extractSummary(content, maxLen = 50) {
-	let text = "";
-	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
-	else if (typeof content === "string") text = content;
-	if (!text) return null;
-	const cleaned = stripCode(text).replace(MENTION_REGEX, "").replace(/\s+/g, " ").trim();
-	if (!cleaned) return null;
-	return Array.from(cleaned).slice(0, maxLen).join("");
-}
-/** List sessions for a specific agent, with optional state filters. */
-async function listAgentSessions(db, agentId, filters) {
-	const conditions = [eq(agentChatSessions.agentId, agentId)];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(...conditions)).orderBy(desc(agentChatSessions.updatedAt));
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const agentRuntimeState = presence?.runtimeState ?? null;
-	if (filters?.runtimeState && agentRuntimeState !== filters.runtimeState) return [];
-	const chatIds = rows.map((r) => r.chatId);
-	const messageCounts = chatIds.length > 0 ? await db.select({
-		chatId: inboxEntries.chatId,
-		count: sql`count(*)::int`
-	}).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), inArray(inboxEntries.chatId, chatIds))).groupBy(inboxEntries.chatId) : [];
-	const countMap = new Map(messageCounts.map((r) => [r.chatId, r.count]));
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	return rows.map((r) => ({
-		agentId: r.agentId,
-		chatId: r.chatId,
-		state: r.state,
-		runtimeState: agentRuntimeState,
-		startedAt: r.chatCreatedAt.toISOString(),
-		lastActivityAt: r.updatedAt.toISOString(),
-		messageCount: countMap.get(r.chatId) ?? 0,
-		summary: summaryMap.get(r.chatId) ?? null,
-		topic: r.chatTopic ?? null
-	}));
-}
-/** Get a single session's detail. */
-async function getSession(db, agentId, chatId) {
-	const [row] = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).limit(1);
-	if (!row) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	const [presence] = await db.select({ runtimeState: agentPresence.runtimeState }).from(agentPresence).where(eq(agentPresence.agentId, agentId)).limit(1);
-	const [countRow] = await db.select({ count: sql`count(*)::int` }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, sql`(SELECT inbox_id FROM agents WHERE uuid = ${agentId})`), eq(inboxEntries.chatId, chatId)));
-	const firstMsg = (await db.execute(sql`SELECT content FROM messages WHERE chat_id = ${chatId} ORDER BY created_at ASC LIMIT 1`))[0];
-	const summary = firstMsg ? extractSummary(firstMsg.content) : null;
-	return {
-		agentId: row.agentId,
-		chatId: row.chatId,
-		state: row.state,
-		runtimeState: presence?.runtimeState ?? null,
-		startedAt: row.chatCreatedAt.toISOString(),
-		lastActivityAt: row.updatedAt.toISOString(),
-		messageCount: countRow?.count ?? 0,
-		summary,
-		topic: row.chatTopic ?? null
-	};
-}
-/** List all sessions across all agents, with pagination. Scoped to organization. */
-async function listAllSessions(db, limit, cursor, filters) {
-	const conditions = [];
-	if (filters?.state) conditions.push(eq(agentChatSessions.state, filters.state));
-	else conditions.push(ne(agentChatSessions.state, "evicted"));
-	if (filters?.agentId) conditions.push(eq(agentChatSessions.agentId, filters.agentId));
-	if (filters?.organizationId) conditions.push(eq(agents.organizationId, filters.organizationId));
-	if (cursor) conditions.push(sql`${agentChatSessions.updatedAt} < ${new Date(cursor)}`);
-	const rows = await db.select({
-		agentId: agentChatSessions.agentId,
-		chatId: agentChatSessions.chatId,
-		state: agentChatSessions.state,
-		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt,
-		chatTopic: chats.topic
-	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
-	const hasMore = rows.length > limit;
-	const items = hasMore ? rows.slice(0, limit) : rows;
-	const agentIds = [...new Set(items.map((r) => r.agentId))];
-	const presenceRows = agentIds.length > 0 ? await db.select({
-		agentId: agentPresence.agentId,
-		runtimeState: agentPresence.runtimeState
-	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
-	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
-	const chatIds = [...new Set(items.map((r) => r.chatId))];
-	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const summaryMap = /* @__PURE__ */ new Map();
-	for (const row of firstMessages) {
-		const summary = extractSummary(row.content);
-		if (summary) summaryMap.set(row.chatId, summary);
-	}
-	const last = items[items.length - 1];
-	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
-	return {
-		items: items.map((r) => ({
-			agentId: r.agentId,
-			chatId: r.chatId,
-			state: r.state,
-			runtimeState: runtimeMap.get(r.agentId) ?? null,
-			startedAt: r.chatCreatedAt.toISOString(),
-			lastActivityAt: r.updatedAt.toISOString(),
-			messageCount: 0,
-			summary: summaryMap.get(r.chatId) ?? null,
-			topic: r.chatTopic ?? null
-		})),
-		nextCursor
-	};
-}
-/** Commit `active → suspended`. No-op on suspended/evicted. Throws if row is missing. */
-async function suspendSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "suspended", ["active"], organizationId, notifier);
-}
-/** Commit `suspended → evicted` (terminal — listings hide it, revival defense blocks resurrection). */
-async function archiveSession(db, agentId, chatId, organizationId, notifier) {
-	return transitionSessionState(db, agentId, chatId, "evicted", ["suspended"], organizationId, notifier);
-}
-async function transitionSessionState(db, agentId, chatId, target, from, organizationId, notifier) {
-	const now = /* @__PURE__ */ new Date();
-	let finalState = null;
-	let transitioned = false;
-	await db.transaction(async (tx) => {
-		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
-		if (!existing) return;
-		const current = existing.state;
-		finalState = current;
-		if (!from.includes(current)) return;
-		await tx.update(agentChatSessions).set({
-			state: target,
-			updatedAt: now
-		}).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId)));
-		const [counts] = await tx.select({
-			active: sql`count(*) FILTER (WHERE ${agentChatSessions.state} = 'active')::int`,
-			total: sql`count(*) FILTER (WHERE ${agentChatSessions.state} != 'evicted')::int`
-		}).from(agentChatSessions).where(eq(agentChatSessions.agentId, agentId));
-		await tx.update(agentPresence).set({
-			activeSessions: counts?.active ?? 0,
-			totalSessions: counts?.total ?? 0,
-			lastSeenAt: now
-		}).where(eq(agentPresence.agentId, agentId));
-		if (target === "evicted") await markSupersededByChat(tx, chatId, "chat_archived");
-		finalState = target;
-		transitioned = true;
-	});
-	if (finalState === null) throw new NotFoundError(`Session (${agentId}, ${chatId}) not found`);
-	if (transitioned && notifier) notifier.notifySessionStateChange(agentId, chatId, target, organizationId).catch(() => {});
-	return {
-		state: finalState,
-		transitioned
-	};
-}
-/**
-* Filter sessions to only those where the given agent is also a participant in the chat.
-* Used when a non-manager views sessions of an org-visible agent — they should only see
-* sessions for chats they participate in.
-*/
-async function filterSessionsByParticipant(db, sessions, participantAgentId) {
-	if (sessions.length === 0) return [];
-	const chatIds = sessions.map((s) => s.chatId);
-	const participantRows = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.agentId, participantAgentId), eq(chatMembership.accessMode, "speaker")));
-	const allowedChatIds = new Set(participantRows.map((r) => r.chatId));
-	return sessions.filter((s) => allowedChatIds.has(s.chatId));
-}
-/**
-* Member-facing chat service backing `/me/chats*` endpoints (chat-first
-* workspace).
-*
-* Responsibilities:
-*   - Cursor-paginated conversation list (single-stream JOIN over the
-*     unified `chat_membership` + `chat_user_state` tables).
-*   - Create a new chat (no dedupe, runs `recomputeChatWatchers` after).
-*   - Add participants (idempotent, UPSERT into `chat_membership`,
-*     runs `recomputeChatWatchers` after).
-*   - Mark-read (UPSERT into `chat_user_state`).
-*   - Join → watcher to speaker (delegates to `watcher.ts`).
-*   - Leave → speaker to watcher or detach (delegates to `watcher.ts`).
-*
-* See proposals/chat-data-model-restructure.20260512.md §8 (schema)
-* and §11.1 (per-route mapping).
-*/
-function encodeCursor(lastMessageAt, chatId) {
-	const payload = `${lastMessageAt ? lastMessageAt.toISOString() : ""}|${chatId}`;
-	return Buffer.from(payload, "utf8").toString("base64url");
-}
-function decodeCursor(cursor) {
-	try {
-		const decoded = Buffer.from(cursor, "base64url").toString("utf8");
-		const sep = decoded.indexOf("|");
-		if (sep < 0) return null;
-		const tsPart = decoded.slice(0, sep);
-		const chatId = decoded.slice(sep + 1);
-		if (!chatId) return null;
-		const lastMessageAt = tsPart.length > 0 ? new Date(tsPart) : null;
-		if (lastMessageAt && Number.isNaN(lastMessageAt.getTime())) return null;
-		return {
-			lastMessageAt,
-			chatId
-		};
-	} catch {
-		return null;
-	}
-}
-const { ACTIVE: ACTIVE$1, ARCHIVED: ARCHIVED$1, DELETED } = CHAT_ENGAGEMENT_STATUSES;
-/**
-* SQL predicate for each engagement view tab. `deleted` is never a valid view
-* value — deleted rows are reachable only through `GET /chats/:chatId` + the
-* Restore banner on the chat detail page.
-*/
-const ENGAGEMENT_VIEW_PREDICATE = {
-	active: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) = ${ACTIVE$1}`,
-	archived: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) = ${ARCHIVED$1}`,
-	all: sql`COALESCE(cus.engagement_status, ${ACTIVE$1}) IN (${ACTIVE$1}, ${ARCHIVED$1})`
-};
-/**
-* Write the caller's engagement state for this chat. UPSERT into
-* `chat_user_state` — the row may not yet exist (the user might not have
-* marked-read or been @-mentioned), so an INSERT with the engagement value
-* is the first write; subsequent transitions are UPDATEs.
-*
-* Idempotent. Mirrors the UPSERT shape used by `markMeChatRead`.
-*/
-async function setChatEngagement(db, chatId, agentId, status) {
-	await db.insert(chatUserState).values({
-		chatId,
-		agentId,
-		unreadMentionCount: 0,
-		engagementStatus: status
-	}).onConflictDoUpdate({
-		target: [chatUserState.chatId, chatUserState.agentId],
-		set: { engagementStatus: status }
-	});
-}
-/**
-* Read the caller's engagement state. Returns `'active'` when no
-* `chat_user_state` row exists yet (lazy-materialised; matches the SQL
-* `COALESCE(..., 'active')` used elsewhere).
-*/
-async function getCallerEngagement(db, chatId, agentId) {
-	const [row] = await db.select({ engagementStatus: chatUserState.engagementStatus }).from(chatUserState).where(and(eq(chatUserState.chatId, chatId), eq(chatUserState.agentId, agentId))).limit(1);
-	return row?.engagementStatus ?? ACTIVE$1;
-}
-const KNOWN_NON_MANUAL_PREDICATE = sql`(
-     (c.metadata->>'source' = 'github' AND c.metadata->>'entityType' IN (${sql.join(GITHUB_ENTITY_TYPES.map((t) => sql`${t}`), sql.raw(", "))}))
-  OR c.metadata->>'source' = 'feishu'
-)`;
-const chatSourceSqlExpression = sql`CASE
-    ${sql.join(GITHUB_ENTITY_TYPES.map((t) => sql`WHEN c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = ${t} THEN ${`github_${t}`}`), sql.raw("\n    "))}
-    WHEN c.metadata->>'source' = 'feishu' THEN 'feishu'
-    ELSE 'manual'
-  END`;
-function sourceFilterSql(source) {
-	switch (source) {
-		case "manual": return sql`(${KNOWN_NON_MANUAL_PREDICATE}) IS NOT TRUE`;
-		case "github_issue": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'issue')`;
-		case "github_pull_request": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'pull_request')`;
-		case "github_discussion": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'discussion')`;
-		case "github_commit": return sql`(c.metadata->>'source' = 'github' AND c.metadata->>'entityType' = 'commit')`;
-		case "feishu": return sql`(c.metadata->>'source' = 'feishu')`;
-	}
-}
-/**
-* GET /me/chats — cursor-paginated conversation list.
-*
-* SQL strategy:
-*   - Single-stream query: `chats JOIN chat_membership LEFT JOIN
-*     chat_user_state`. The membership row carries access_mode
-*     (speaker → "participant" / watcher → "watching"); the user
-*     state row supplies the unread counter (COALESCE → 0 when
-*     row is missing).
-*   - Filter `parent_chat_id IS NULL` (nested chats not surfaced in v1).
-*   - Filter `c.organization_id = ?` to defend against historical
-*     cross-org pollution rows that may still reference the caller
-*     (see fix/cross-org-direct-chat-pollution).
-*   - Sort `(last_message_at DESC NULLS LAST, chat_id DESC)`.
-*   - Cursor narrows the result to rows STRICTLY before the cursor.
-*   - Followed by a participants-list lookup for the page only.
-*/
-async function listMeChats(db, humanAgentId, organizationId, query) {
-	const limit = query.limit;
-	const cursor = query.cursor ? decodeCursor(query.cursor) : null;
-	if (query.cursor && !cursor) throw new BadRequestError("Invalid cursor");
-	const filterUnreadOnly = query.filter === "unread";
-	const filterWatchingOnly = query.filter === "watching";
-	const engagementPredicate = ENGAGEMENT_VIEW_PREDICATE[query.engagement];
-	const sourcePredicate = query.source ? sourceFilterSql(query.source) : sql`TRUE`;
-	const cursorTsIso = cursor?.lastMessageAt ? cursor.lastMessageAt.toISOString() : null;
-	const cursorPredicate = !cursor ? sql`TRUE` : cursor.lastMessageAt === null ? sql`(c.last_message_at IS NULL AND c.id < ${cursor.chatId})` : sql`(c.last_message_at IS NULL
-             OR c.last_message_at < ${cursorTsIso}::timestamptz
-             OR (c.last_message_at = ${cursorTsIso}::timestamptz AND c.id < ${cursor.chatId}))`;
-	const rawRows = await db.execute(sql`
-    SELECT
-      c.id                  AS chat_id,
-      c.type                AS type,
-      c.topic               AS topic,
-      c.parent_chat_id      AS parent_chat_id,
-      c.last_message_at     AS last_message_at,
-      c.last_message_preview AS last_message_preview,
-      (SELECT count(*) FROM chat_membership
-        WHERE chat_id = c.id AND access_mode = 'speaker') AS participant_count,
-      cm.access_mode AS access_mode,
-      COALESCE(cus.unread_mention_count, 0) AS unread_mention_count,
-      COALESCE(cus.engagement_status, ${ACTIVE$1}) AS engagement_status
-      FROM chats c
-      JOIN chat_membership cm
-        ON cm.chat_id = c.id AND cm.agent_id = ${humanAgentId}
-      LEFT JOIN chat_user_state cus
-        ON cus.chat_id = c.id AND cus.agent_id = ${humanAgentId}
-     WHERE c.parent_chat_id IS NULL
-       /* Scope to the caller's org. Without this, cross-org dirty
-          chats whose chat_membership still references the caller's
-          human agent (historical pollution — see
-          fix/cross-org-direct-chat-pollution) would leak into the
-          list and 404 on click via requireChatAccess. */
-       AND c.organization_id = ${organizationId}
-       AND (${!filterUnreadOnly}::bool OR COALESCE(cus.unread_mention_count, 0) > 0)
-       AND (${!filterWatchingOnly}::bool OR cm.access_mode = 'watcher')
-       AND ${engagementPredicate}
-       AND ${sourcePredicate}
-       AND ${cursorPredicate}
-     ORDER BY c.last_message_at DESC NULLS LAST, c.id DESC
-     LIMIT ${limit + 1}
-  `);
-	const toDate = (v) => {
-		if (v === null) return null;
-		return v instanceof Date ? v : new Date(v);
-	};
-	const hasMore = rawRows.length > limit;
-	const pageRaw = hasMore ? rawRows.slice(0, limit) : rawRows;
-	const last = pageRaw[pageRaw.length - 1];
-	const nextCursor = hasMore && last ? encodeCursor(toDate(last.last_message_at), last.chat_id) : null;
-	if (pageRaw.length === 0) return {
-		rows: [],
-		nextCursor: null
-	};
-	const chatIds = pageRaw.map((r) => r.chat_id);
-	const participantRows = await db.select({
-		chatId: chatMembership.chatId,
-		agentId: chatMembership.agentId,
-		displayName: agents.displayName,
-		type: agents.type,
-		avatarColorToken: agents.avatarColorToken,
-		avatarImageUpdatedAt: agents.avatarImageUpdatedAt,
-		sessionState: agentChatSessions.state
-	}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).leftJoin(agentChatSessions, and(eq(agentChatSessions.agentId, chatMembership.agentId), eq(agentChatSessions.chatId, chatMembership.chatId))).where(and(inArray(chatMembership.chatId, chatIds), eq(chatMembership.accessMode, "speaker")));
-	const participantsByChat = /* @__PURE__ */ new Map();
-	const engagedByChat = /* @__PURE__ */ new Map();
-	for (const p of participantRows) {
-		const list = participantsByChat.get(p.chatId) ?? [];
-		list.push({
-			agentId: p.agentId,
-			displayName: p.displayName,
-			type: p.type,
-			avatarColorToken: p.avatarColorToken,
-			avatarImageUrl: agentAvatarImageUrl(p.agentId, p.avatarImageUpdatedAt)
-		});
-		participantsByChat.set(p.chatId, list);
-		if (p.sessionState === "active") {
-			const engaged = engagedByChat.get(p.chatId) ?? [];
-			engaged.push(p.agentId);
-			engagedByChat.set(p.chatId, engaged);
-		}
-	}
-	const liveActivityByChat = await deriveLiveActivity(db, chatIds);
-	const firstMessageRows = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
-		chatId: messages.chatId,
-		content: messages.content
-	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
-	const firstMessageSummary = /* @__PURE__ */ new Map();
-	for (const row of firstMessageRows) {
-		const s = extractSummary(row.content);
-		if (s) firstMessageSummary.set(row.chatId, s);
-	}
-	return {
-		rows: pageRaw.map((r) => {
-			const participants = participantsByChat.get(r.chat_id) ?? [];
-			const title = resolveChatTitle(r.topic, firstMessageSummary.get(r.chat_id) ?? null, participants, humanAgentId);
-			const isSpeaker = r.access_mode === "speaker";
-			return {
-				chatId: r.chat_id,
-				type: r.type,
-				membershipKind: isSpeaker ? "participant" : "watching",
-				title,
-				topic: r.topic,
-				participants,
-				participantCount: Number(r.participant_count),
-				lastMessageAt: toDate(r.last_message_at)?.toISOString() ?? null,
-				lastMessagePreview: r.last_message_preview,
-				unreadMentionCount: r.unread_mention_count,
-				canReply: isSpeaker,
-				engagementStatus: r.engagement_status,
-				engagedAgentIds: engagedByChat.get(r.chat_id) ?? [],
-				liveActivity: liveActivityByChat.get(r.chat_id) ?? null
-			};
-		}),
-		nextCursor
-	};
-}
-/**
-* Per-chat live activity, derived from the most recent `session_events` row.
-*
-* Returns a chatId → LiveActivity map; chats with no activity (or where the
-* latest event is terminal / stale) are absent from the map (caller treats
-* absence as null).
-*/
-async function deriveLiveActivity(db, chatIds) {
-	if (chatIds.length === 0) return /* @__PURE__ */ new Map();
-	const chatIdInClause = sql.join(chatIds.map((id) => sql`${id}`), sql`, `);
-	const rows = (await db.execute(sql`
-    SELECT acs.agent_id        AS agent_id,
-           acs.chat_id         AS chat_id,
-           e.kind              AS kind,
-           e.payload           AS payload,
-           e.created_at        AS created_at
-      FROM agent_chat_sessions acs
-      CROSS JOIN LATERAL (
-        SELECT kind, payload, created_at, seq
-          FROM session_events se
-         WHERE se.agent_id = acs.agent_id
-           AND se.chat_id  = acs.chat_id
-         ORDER BY se.seq DESC
-         LIMIT 1
-      ) e
-     WHERE acs.chat_id IN (${chatIdInClause})
-       AND acs.state <> 'evicted'
-  `)).map((r) => ({
-		agent_id: r.agent_id,
-		chat_id: r.chat_id,
-		kind: r.kind,
-		payload: r.payload,
-		created_at: r.created_at
-	}));
-	const now = Date.now();
-	const byChat = /* @__PURE__ */ new Map();
-	for (const row of rows) {
-		const activity = toLiveActivity(row);
-		if (!activity) continue;
-		const createdAtMs = new Date(row.created_at).getTime();
-		if (now - createdAtMs > 6e4) continue;
-		const existing = byChat.get(row.chat_id);
-		if (!existing || createdAtMs > existing.createdAtMs) byChat.set(row.chat_id, {
-			activity,
-			createdAtMs
-		});
-	}
-	const out = /* @__PURE__ */ new Map();
-	for (const [chatId, { activity }] of byChat) out.set(chatId, activity);
-	return out;
-}
-/**
-* Translate a `session_events` row into a `LiveActivity`, or null when the
-* kind is terminal (`turn_end` / `error`) or unrecognised. Pure & exported
-* for unit testing.
-*/
-function toLiveActivity(row) {
-	const startedAt = new Date(row.created_at).toISOString();
-	switch (row.kind) {
-		case "tool_call": {
-			const payload = row.payload ?? {};
-			const label = typeof payload.name === "string" && payload.name.length > 0 ? payload.name : "Tool";
-			return {
-				agentId: row.agent_id,
-				kind: "tool_call",
-				label,
-				startedAt
-			};
-		}
-		case "thinking": return {
-			agentId: row.agent_id,
-			kind: "thinking",
-			label: "Thinking",
-			startedAt
-		};
-		case "assistant_text": return {
-			agentId: row.agent_id,
-			kind: "assistant_text",
-			label: "Writing",
-			startedAt
-		};
-		default: return null;
-	}
-}
-/**
-* Title resolution priority:
-*
-*   1. `chat.topic` (manual, set via `PATCH /chats/:chatId`)
-*   2. First message summary (auto, ≤ 50 chars from `extractSummary`)
-*   3. Participant join (fallback when chat has no messages yet)
-*/
-function resolveChatTitle(topic, firstMessageSummary, participants, selfAgentId) {
-	if (topic && topic.length > 0) return topic;
-	if (firstMessageSummary && firstMessageSummary.length > 0) return firstMessageSummary;
-	const others = participants.filter((p) => p.agentId !== selfAgentId);
-	if (others.length === 0) return "Empty chat";
-	if (others.length <= 3) return others.map((p) => p.displayName).join(", ");
-	return `${others[0]?.displayName}, ${others[1]?.displayName} +${others.length - 2}`;
-}
-async function createMeChat(db, humanAgentId, organizationId, body) {
-	const distinctIds = [...new Set(body.participantIds)].filter((id) => id !== humanAgentId);
-	if (distinctIds.length === 0) throw new BadRequestError("At least one non-self participant required");
-	const allIds = [humanAgentId, ...distinctIds];
-	const found = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, allIds));
-	if (found.length !== allIds.length) {
-		const foundSet = new Set(found.map((a) => a.uuid));
-		throw new BadRequestError(`Agents not found: ${allIds.filter((id) => !foundSet.has(id)).join(", ")}`);
-	}
-	const crossOrg = found.filter((a) => a.organizationId !== organizationId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization chat not allowed: ${crossOrg.map((a) => a.uuid).join(", ")}`);
-	const chatType = distinctIds.length === 1 ? "direct" : "group";
-	const chatId = randomUUID();
-	const topic = body.topic ?? null;
-	await db.transaction(async (tx) => {
-		await tx.insert(chats).values({
-			id: chatId,
-			organizationId,
-			type: chatType,
-			topic
-		});
-		await addChatParticipants(tx, chatId, allIds.map((agentId) => ({
-			agentId,
-			role: agentId === humanAgentId ? "owner" : "member"
-		})));
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-	return { chatId };
-}
-async function addMeChatParticipants(db, chatId, callerHumanAgentId, callerOrganizationId, body) {
-	const distinct = [...new Set(body.participantIds)];
-	if (distinct.length === 0) throw new BadRequestError("At least one participant required");
-	const [chat] = await db.select({
-		id: chats.id,
-		organizationId: chats.organizationId,
-		type: chats.type
-	}).from(chats).where(eq(chats.id, chatId)).limit(1);
-	if (!chat) throw new NotFoundError(`Chat "${chatId}" not found`);
-	if (chat.organizationId !== callerOrganizationId) throw new NotFoundError(`Chat "${chatId}" not found`);
-	const [callerRow] = await db.select({ chatId: chatMembership.chatId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.agentId, callerHumanAgentId), eq(chatMembership.accessMode, "speaker"))).limit(1);
-	if (!callerRow) throw new NotFoundError(`Chat "${chatId}" not found`);
-	const found = await db.select({
-		uuid: agents.uuid,
-		organizationId: agents.organizationId,
-		type: agents.type
-	}).from(agents).where(inArray(agents.uuid, distinct));
-	if (found.length !== distinct.length) {
-		const foundSet = new Set(found.map((a) => a.uuid));
-		throw new BadRequestError(`Agents not found: ${distinct.filter((id) => !foundSet.has(id)).join(", ")}`);
-	}
-	const crossOrg = found.filter((a) => a.organizationId !== chat.organizationId);
-	if (crossOrg.length > 0) throw new BadRequestError(`Cross-organization participant rejected: ${crossOrg.map((a) => a.uuid).join(", ")}`);
-	await db.transaction(async (tx) => {
-		const existingSpeakers = await tx.select({ agentId: chatMembership.agentId }).from(chatMembership).where(and(eq(chatMembership.chatId, chatId), eq(chatMembership.accessMode, "speaker")));
-		const existingSpeakerSet = new Set(existingSpeakers.map((e) => e.agentId));
-		const toUpsert = distinct.filter((id) => !existingSpeakerSet.has(id));
-		if (toUpsert.length === 0) {
-			await recomputeChatWatchers(tx, chatId);
-			return;
-		}
-		if (existingSpeakers.length + toUpsert.length >= 3 && chat.type === "direct") await changeChatType(tx, chatId, "group");
-		await addChatParticipants(tx, chatId, toUpsert.map((agentId) => ({
-			agentId,
-			role: "member"
-		})), { upgradeWatcherToSpeaker: true });
-		await recomputeChatWatchers(tx, chatId);
-	});
-	invalidateChatAudience(chatId);
-}
-async function markMeChatRead(db, chatId, humanAgentId) {
-	const now = /* @__PURE__ */ new Date();
-	await db.insert(chatUserState).values({
-		chatId,
-		agentId: humanAgentId,
-		lastReadAt: now,
-		unreadMentionCount: 0
-	}).onConflictDoUpdate({
-		target: [chatUserState.chatId, chatUserState.agentId],
-		set: {
-			lastReadAt: now,
-			unreadMentionCount: 0
-		}
-	});
-	return {
-		chatId,
-		lastReadAt: now.toISOString(),
-		unreadMentionCount: 0
-	};
-}
-async function joinMeChat(db, chatId, humanAgentId) {
-	ensureCanJoin(await resolveChatMembership(db, chatId, humanAgentId));
-	await joinAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-}
-async function leaveMeChat(db, chatId, humanAgentId) {
-	const result = await leaveAsParticipant(db, chatId, humanAgentId);
-	invalidateChatAudience(chatId);
-	return result;
-}
-/**
-* Used by future bell-badge / list-pill counts. The partial index
-* `idx_user_state_unread WHERE unread_mention_count > 0` bounds the
-* driving scan; we then join `chat_membership` + `chats` so the badge
-* stays consistent with `listMeChats`.
-*
-* Why the joins (not just a single-table count): per §11.4 a user's
-* `chat_user_state` row is **preserved on detach** so read state
-* survives a leave/rejoin cycle. Without the membership join, any
-* preserved row with `unread_mention_count > 0` would keep
-* contributing to the badge even though the chat no longer appears in
-* the list. The `chats` join applies the same org-scoping +
-* `parent_chat_id IS NULL` filter as `listMeChats` so the two counts
-* cannot drift in the cross-org pollution or nested-chat cases either.
-*
-* Engagement parity: deleted chats are excluded from `listMeChats`
-* (any `engagement` view), so the badge must exclude them too — otherwise
-* the user sees an unread red dot for a chat they've removed from view.
-*/
-/**
-* Per-source aggregate for the conversation-list tag bar.
-*
-* Returns one row per source the caller has at least one chat for, plus an
-* always-present `manual` entry (zero counts when there are no manual chats —
-* the workspace UI uses `manual` as its default tab and must render it even
-* when empty).
-*
-* Filtering matches `listMeChats` for the corresponding tab so the badges
-* cannot drift from the list: same membership join, same `parent_chat_id IS
-* NULL` and `organization_id` scopes, same engagement view, same
-* `chat_user_state.unread_mention_count` source.
-*/
-async function listMeChatSourceCounts(db, humanAgentId, organizationId, query) {
-	const engagementPredicate = ENGAGEMENT_VIEW_PREDICATE[query.engagement];
-	const rows = await db.execute(sql`
-    SELECT
-      ${chatSourceSqlExpression} AS source,
-      count(*)::int AS chat_count,
-      count(*) FILTER (WHERE COALESCE(cus.unread_mention_count, 0) > 0)::int AS unread_chat_count
-      FROM chats c
-      JOIN chat_membership cm
-        ON cm.chat_id = c.id AND cm.agent_id = ${humanAgentId}
-      LEFT JOIN chat_user_state cus
-        ON cus.chat_id = c.id AND cus.agent_id = ${humanAgentId}
-     WHERE c.parent_chat_id IS NULL
-       AND c.organization_id = ${organizationId}
-       AND ${engagementPredicate}
-     GROUP BY 1
-  `);
-	const counts = {};
-	for (const row of rows) counts[row.source] = {
-		chatCount: Number(row.chat_count),
-		unreadChatCount: Number(row.unread_chat_count)
-	};
-	if (!counts.manual) counts.manual = {
-		chatCount: 0,
-		unreadChatCount: 0
-	};
-	return { counts };
-}
-/**
 * Class C — resource-scoped chat routes. Mounted at
 * `/api/v1/chats/:chatId/...`. The chat's `organizationId` locates its
 * org; `requireChatAccess` resolves the caller's membership in that org
@@ -16510,7 +14972,17 @@ async function listMeChatSourceCounts(db, humanAgentId, organizationId, query) {
 async function chatRoutes(app) {
 	app.get("/:chatId", async (request) => {
 		const { chat, scope } = await requireChatAccess(request, app.db);
-		const participants = await app.db.select().from(chatMembership).where(and(eq(chatMembership.chatId, chat.id), eq(chatMembership.accessMode, "speaker")));
+		const participants = await app.db.select({
+			agentId: chatMembership.agentId,
+			role: chatMembership.role,
+			mode: chatMembership.mode,
+			joinedAt: chatMembership.joinedAt,
+			name: agents.name,
+			displayName: agents.displayName,
+			type: agents.type,
+			avatarColorToken: agents.avatarColorToken,
+			avatarImageUpdatedAt: agents.avatarImageUpdatedAt
+		}).from(chatMembership).innerJoin(agents, eq(chatMembership.agentId, agents.uuid)).where(and(eq(chatMembership.chatId, chat.id), eq(chatMembership.accessMode, "speaker")));
 		const firstMsgRows = await app.db.execute(sql`
       SELECT content FROM messages
        WHERE chat_id = ${chat.id}
@@ -16518,25 +14990,13 @@ async function chatRoutes(app) {
        LIMIT 1
     `);
 		const firstMessagePreview = firstMsgRows[0] ? extractSummary(firstMsgRows[0].content) : null;
-		const participantAgentIds = participants.map((p) => p.agentId);
-		const agentRows = participantAgentIds.length > 0 ? await app.db.select({
-			agentId: agents.uuid,
-			displayName: agents.displayName,
-			type: agents.type,
-			avatarColorToken: agents.avatarColorToken,
-			avatarImageUpdatedAt: agents.avatarImageUpdatedAt
-		}).from(agents).where(inArray(agents.uuid, participantAgentIds)) : [];
-		const agentMeta = new Map(agentRows.map((a) => [a.agentId, a]));
-		const participantsForTitle = participants.map((p) => {
-			const meta = agentMeta.get(p.agentId);
-			return {
-				agentId: p.agentId,
-				displayName: meta?.displayName ?? p.agentId,
-				type: meta?.type ?? "unknown",
-				avatarColorToken: meta?.avatarColorToken ?? null,
-				avatarImageUrl: agentAvatarImageUrl(p.agentId, meta?.avatarImageUpdatedAt ?? null)
-			};
-		});
+		const participantsForTitle = participants.map((p) => ({
+			agentId: p.agentId,
+			displayName: p.displayName,
+			type: p.type,
+			avatarColorToken: p.avatarColorToken ?? null,
+			avatarImageUrl: agentAvatarImageUrl(p.agentId, p.avatarImageUpdatedAt ?? null)
+		}));
 		const title = resolveChatTitle(chat.topic, firstMessagePreview, participantsForTitle, scope.humanAgentId);
 		const engagementStatus = await getCallerEngagement(app.db, chat.id, scope.humanAgentId);
 		return {
@@ -16550,6 +15010,9 @@ async function chatRoutes(app) {
 				agentId: p.agentId,
 				role: p.role,
 				mode: p.mode,
+				name: p.name,
+				displayName: p.displayName,
+				type: p.type,
 				joinedAt: p.joinedAt.toISOString()
 			}))
 		};
@@ -16699,6 +15162,11 @@ async function chatRoutes(app) {
 		const { scope } = await requireChatAccess(request, app.db);
 		return markMeChatRead(app.db, request.params.chatId, scope.humanAgentId);
 	});
+	/** POST /chats/:chatId/unread — manual "mark as unread" affordance. Idempotent. */
+	app.post("/:chatId/unread", async (request) => {
+		const { scope } = await requireChatAccess(request, app.db);
+		return markMeChatUnread(app.db, request.params.chatId, scope.humanAgentId);
+	});
 	/** POST /chats/:chatId/participants — add speaking participants. Idempotent. */
 	app.post("/:chatId/participants", async (request, reply) => {
 		const { scope } = await requireChatAccess(request, app.db);
@@ -17158,6 +15626,26 @@ function normalizeRemoteRepoUrl(value) {
 	if (/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+(?:\.git)?$/.test(value)) return `https://github.com/${value}`;
 	return value;
 }
+/**
+* Whether this binding actually drives a GitHub-hosted remote fetch — the
+* only case where minting a GitHub App installation token is meaningful.
+*
+* Returns false when:
+*  - `localPath` is set (sync code short-circuits to the local checkout
+*    before ever looking at `repo`)
+*  - `repo` is missing
+*  - `repo` is a file:// URL, a non-GitHub HTTPS URL, or otherwise
+*    unparseable
+*
+* Used by the snapshot routes to gate the "install the GitHub App"
+* guidance — without this gate, every unavailable snapshot (missing repo,
+* bad branch, …) gets a misleading App-install hint appended.
+*/
+function isGithubRemoteBinding(binding) {
+	if (binding.localPath && binding.localPath.trim().length > 0) return false;
+	if (!binding.repo) return false;
+	return isGithubHttpsRepo(normalizeRemoteRepoUrl(binding.repo));
+}
 function managedContextTreeCacheRoot() {
 	return join(DEFAULT_DATA_DIR$1, "context-tree-repos");
 }
@@ -17331,7 +15819,7 @@ function errorMessage(error) {
 	return redactSecret(error.message.trim().split("\n")[0] ?? "");
 }
 function redactSecret(message) {
-	return message.replace(/(https?:\/\/)[^/@\s]+@/g, "$1[redacted]@").replace(/\bghp_[A-Za-z0-9_]+/g, "[redacted]").replace(/\bgithub_pat_[A-Za-z0-9_]+/g, "[redacted]");
+	return message.replace(/(https?:\/\/)[^/@\s]+@/g, "$1[redacted]@").replace(/\b(?:ghp|ghs|ghu|gho|ghr)_[A-Za-z0-9_]+/g, "[redacted]").replace(/\bgithub_pat_[A-Za-z0-9_]+/g, "[redacted]");
 }
 function unavailableSnapshot(repo, branch, detail) {
 	return {
@@ -17911,6 +16399,80 @@ function ghostNodeId(path) {
 function toPosix(path) {
 	return sep === "/" ? path : path.split(sep).join("/");
 }
+/**
+* Mint a short-lived GitHub App installation token for the given installation.
+* Returns `ok: false` (with a precise reason) when the org has no App
+* configured, no installation row, the installation is suspended, or GitHub
+* rejects the mint — callers fall back to unauthenticated git fetch (public
+* repos still resolve; private repos surface as an unavailable snapshot
+* with a remediation message).
+*
+* Takes the `installation` row directly so the helper has no DB dependency
+* — route handlers do the `findInstallationByOrg` lookup themselves. Keeps
+* this module a pure transform that's trivial to unit-test.
+*
+* Credentials use the narrow `GithubAppCredentials` shape so the helper
+* isn't coupled to the broader OAuth config surface; callers pass
+* `config.oauth?.githubApp`, which structurally satisfies it.
+*/
+async function mintContextTreeInstallationToken(installation, appCredentials, options = {}) {
+	if (!appCredentials) return {
+		ok: false,
+		reason: "no-app-config"
+	};
+	if (!installation) return {
+		ok: false,
+		reason: "no-installation"
+	};
+	if (installation.suspendedAt) return {
+		ok: false,
+		reason: "suspended"
+	};
+	try {
+		return {
+			ok: true,
+			token: (await mintInstallationToken(await createAppJwt({
+				appId: appCredentials.appId,
+				privateKeyPem: appCredentials.privateKeyPem
+			}), installation.installationId, { fetcher: options.fetcher })).token
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			reason: "mint-failed",
+			detail: error instanceof GithubAppApiError ? `GitHub returned ${error.status} when minting an installation token.` : "Hub could not mint a GitHub App installation token."
+		};
+	}
+}
+/**
+* Append a remediation hint to an unavailable snapshot's `contextStatus.detail`
+* when the underlying cause is a missing / suspended / failed GitHub App token
+* mint. Public-repo snapshots (mint reason `no-app-config`) are left untouched
+* — the deployment may legitimately have no App configured.
+*
+* Gated on `isGithubRemoteBinding(binding)` so unrelated unavailable
+* reasons (no repo configured, localPath missing, illegal branch name,
+* public-repo fetch error) don't get a misleading "install the GitHub
+* App" hint appended.
+*
+* Lives next to `mintContextTreeInstallationToken` so the two routes that
+* call mint share one shaping function; the snapshot service itself stays
+* token-agnostic.
+*/
+function decorateSnapshotWithMintGuidance(snapshot, binding, mintResult) {
+	if (mintResult.ok) return snapshot;
+	if (snapshot.snapshotStatus !== "unavailable") return snapshot;
+	if (mintResult.reason === "no-app-config") return snapshot;
+	if (!isGithubRemoteBinding(binding)) return snapshot;
+	const guidance = mintResult.reason === "no-installation" ? "Install the First Tree GitHub App from Team Settings and grant it access to this repo." : mintResult.reason === "suspended" ? "The GitHub App installation is suspended — unsuspend it from your GitHub account settings." : `Hub could not mint a GitHub App installation token.${mintResult.detail ? ` ${mintResult.detail}` : ""}`;
+	return {
+		...snapshot,
+		contextStatus: {
+			...snapshot.contextStatus,
+			detail: `${snapshot.contextStatus.detail} ${guidance}`
+		}
+	};
+}
 const querySchema$1 = z.object({ window: z.enum([
 	"1d",
 	"7d",
@@ -17926,12 +16488,15 @@ async function contextTreeSnapshotRoutes(app) {
 		const { userId } = requireUser(request);
 		const orgId = await resolveUserPrimaryOrgId(app.db, userId);
 		const binding = orgId ? await getOrgContextTree(app.db, orgId) : {};
-		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		let mintResult = null;
+		if (orgId && isGithubRemoteBinding(binding)) mintResult = await mintContextTreeInstallationToken(await findInstallationByOrg(app.db, orgId), app.config.oauth?.githubApp);
+		const githubToken = mintResult?.ok ? mintResult.token : void 0;
 		const window = query.window ?? "7d";
-		const snapshot = await getContextTreeSnapshot({
+		const rawSnapshot = await getContextTreeSnapshot({
 			...binding,
 			githubToken
 		}, window);
+		const snapshot = mintResult ? decorateSnapshotWithMintGuidance(rawSnapshot, binding, mintResult) : rawSnapshot;
 		const usage = orgId ? await summarizeContextTreeUsage(app.db, orgId, contextTreeSnapshotWindowDays(window)) : snapshot.usage;
 		return contextTreeSnapshotSchema.parse({
 			...snapshot,
@@ -17939,31 +16504,6 @@ async function contextTreeSnapshotRoutes(app) {
 		});
 	});
 }
-function contextTreeGithubTokenForRepo(repo, syncConfig) {
-	if (!repo || !syncConfig?.githubToken) return void 0;
-	const repoKey = githubRepoKey(repo);
-	if (!repoKey) return void 0;
-	return new Set((syncConfig.githubTokenRepos ?? "").split(",").map((entry) => normalizeGithubRepoKey(entry)).filter((entry) => entry !== null)).has(repoKey) ? syncConfig.githubToken : void 0;
-}
-function githubRepoKey(value) {
-	const shorthand = normalizeGithubRepoKey(value);
-	if (shorthand) return shorthand;
-	let url;
-	try {
-		url = new URL(value);
-	} catch {
-		return null;
-	}
-	if (url.protocol !== "https:" || url.hostname.toLowerCase() !== "github.com") return null;
-	if (url.username || url.password) return null;
-	return normalizeGithubRepoKey(url.pathname.replace(/^\/+/, ""));
-}
-function normalizeGithubRepoKey(value) {
-	const trimmed = value.trim().replace(/^\/+/, "").replace(/\.git$/i, "");
-	const match = /^([A-Za-z0-9_.-]+)\/([A-Za-z0-9_.-]+)$/.exec(trimmed);
-	if (!match) return null;
-	return `${match[1]?.toLowerCase()}/${match[2]?.toLowerCase()}`;
-}
 /**
 * Resolve the client IP for rate-limit attribution.
 *
@@ -18065,7 +16605,7 @@ async function healthzRoutes(app) {
 * `api/orgs/invitations.ts` (Class B, admin-gated).
 */
 async function publicInvitationRoutes(app) {
-	const { previewInvitation } = await import("./invitation-CNv7gfFF-DOFZ75wb.mjs");
+	const { previewInvitation } = await import("./invitation-C9m2gQx4-BSErdb8x.mjs");
 	app.get("/:token/preview", async (request, reply) => {
 		if (!request.params.token) throw new UnauthorizedError("Token required");
 		const preview = await previewInvitation(app.db, request.params.token);
@@ -18354,7 +16894,7 @@ async function meRoutes(app) {
 	*/
 	app.get("/me/pinned-agents", async (request) => {
 		const { userId } = requireUser(request);
-		const { listMyPinnedAgents } = await import("./client-CREn8bJ0-C5fHJir6.mjs");
+		const { listMyPinnedAgents } = await import("./client-q1EYQD1n-ypjoumIO.mjs");
 		return listMyPinnedAgents(app.db, { userId });
 	});
 	/**
@@ -18930,12 +17470,15 @@ async function orgContextTreeSnapshotRoutes(app) {
 		const query = querySchema.parse(request.query);
 		const scope = await requireOrgMembership(request, app.db);
 		const binding = await getOrgContextTree(app.db, scope.organizationId);
-		const githubToken = contextTreeGithubTokenForRepo(binding.repo, app.config.contextTreeSync);
+		let mintResult = null;
+		if (isGithubRemoteBinding(binding)) mintResult = await mintContextTreeInstallationToken(await findInstallationByOrg(app.db, scope.organizationId), app.config.oauth?.githubApp);
+		const githubToken = mintResult?.ok ? mintResult.token : void 0;
 		const window = query.window ?? "7d";
-		const snapshot = await getContextTreeSnapshot({
+		const rawSnapshot = await getContextTreeSnapshot({
 			...binding,
 			githubToken
 		}, window);
+		const snapshot = mintResult ? decorateSnapshotWithMintGuidance(rawSnapshot, binding, mintResult) : rawSnapshot;
 		const usage = await summarizeContextTreeUsage(app.db, scope.organizationId, contextTreeSnapshotWindowDays(window));
 		return contextTreeSnapshotSchema.parse({
 			...snapshot,