@agent-team-foundation/first-tree-hub 0.14.4 → 0.14.6

package/dist/{dist-CrdnqZjv.mjs → feishu-BE7QRxnE.mjs}

@@ -1,110 +1,59 @@
+import { t as cliFetch } from "./cli-fetch-BGVItZxo.mjs";
 import { z } from "zod";
 //#region ../shared/dist/index.mjs
-const MENTION_REGEX = /(?<![A-Za-z0-9_.@-])@([A-Za-z0-9][A-Za-z0-9_-]{0,63})\b/g;
 /**
-* Strip Markdown code regions (fenced + inline) so identifier-shaped
-* tokens inside code (`@param`, `@staticmethod`, etc.) don't get
-* misclassified as mentions. Shared between `extractMentions` (routing)
-* and `extractSummary` (auto-title) so they agree on what counts as a
-* "real" mention vs a code reference.
-*/
-function stripCode(content) {
-	return content.replace(/```[\s\S]*?```/g, "").replace(/~~~[\s\S]*?~~~/g, "").replace(/`[^`\n]+`/g, "");
-}
-/**
-* Resolve `@<name>` mentions in `content` to a list of participant agentIds.
-* Names match case-insensitively; unknown `@tokens` are dropped.
-*/
-function extractMentions(content, participants) {
-	const stripped = stripCode(content);
-	const nameMap = /* @__PURE__ */ new Map();
-	for (const p of participants) if (p.name) nameMap.set(p.name.toLowerCase(), p.agentId);
-	if (nameMap.size === 0) return [];
-	const hits = /* @__PURE__ */ new Set();
-	for (const m of stripped.matchAll(MENTION_REGEX)) {
-		const token = m[1];
-		if (!token) continue;
-		const id = nameMap.get(token.toLowerCase());
-		if (id) hits.add(id);
-	}
-	return [...hits];
-}
-/**
-* Return every `@<name>` token that survives the code-stripping / word-
-* boundary gates, regardless of whether it matches a participant. The
-* caller uses this to log unmatched tokens (typos, renamed agents) without
-* polluting the authoritative mention list.
-*/
-function scanMentionTokens(content) {
-	const stripped = stripCode(content);
-	const tokens = [];
-	for (const m of stripped.matchAll(MENTION_REGEX)) {
-		const token = m[1];
-		if (token) tokens.push(token.toLowerCase());
-	}
-	return tokens;
-}
-/**
-* Derive the `chat_membership.mode` that a freshly inserted speaker row MUST
-* get, given the chat's `type` and the joining agent's `type`. This is the
-* single authoritative rule for the invariant
-*
-*   `(chat.type === 'group' && agent.type !== 'human') ⇒ mode === 'mention_only'`
-*
-* plus the legacy "agent-only direct chat" anti-echo rule. The helper is
-* pure and synchronous; all DB lookups are the caller's responsibility (see
-* `services/participant-mode.ts::addChatParticipants` for the canonical
-* server entrypoint that wires it).
+* Workspace-relative markdown doc path normalisation.
 *
-* Rule (encoded once, here):
+* Shared by:
+*  - web link click handlers (`docPreviewPathFromHref`)
+*  - client runtime snapshot scan (`buildMessageDocumentSnapshots`)
+*  - server snapshot schema refinement (`snapshotDocSchema`)
 *
-*   - `agent.type === 'human'`                          → 'full'
-*   - `chat.type  === 'group'` (and agent is non-human) → 'mention_only'
-*   - `chat.type  === 'direct'` + agent non-human:
-*       - if every other participant on this chat is also non-human →
-*         'mention_only' (prevents the A↔B reply loop noted in migration
-*         0029)
-*       - otherwise → 'full' (the peer is a human / external user, so the
-*         agent should listen to every message in this 1:1 line)
+* All three must agree on canonical form or runtime stores one shape and
+* web looks up another, producing silent cache misses. The canonical form
+* is POSIX-style ("/"-separated), no leading "/", no "./" / ".." segments,
+* and no empty segments.
 *
-* `peerAgentTypes` is read only in the `direct` branch; callers may pass
-* an empty array (or omit it) for `group` chats — it's ignored. Watcher
-* rows (`chat_membership.access_mode = 'watcher'`) are unaffected; the
-* helper only governs the "speaking" mode column.
+* Returns `null` when:
+*  - the input is an external link (has a scheme like `https:`, `mailto:`,
+*    or is `//`-scheme-relative, or starts with `#` as a pure fragment) —
+*    these must NEVER be interpreted as workspace paths. Runtime would
+*    otherwise try to open `<workspace>/https:/foo/bar.md` on disk;
+*  - the path escapes the workspace (resolves above root);
+*  - the path is empty after normalisation;
+*  - any segment is hidden (".dotfile" / ".agent/" / ".git/") — defence in
+*    depth against link paths that try to walk into hidden dirs.
 */
-function defaultParticipantMode(chatType, agentType, peerAgentTypes = []) {
-	if (agentType === "human") return "full";
-	if (chatType === "group") return "mention_only";
-	return peerAgentTypes.every((t) => t !== "human") ? "mention_only" : "full";
+const SCHEME_RE = /^[a-z][a-z0-9+.-]*:/i;
+function normalizeDocLinkPath(raw) {
+	if (typeof raw !== "string") return null;
+	const trimmed = raw.trim();
+	if (!trimmed) return null;
+	if (trimmed.startsWith("#") || trimmed.startsWith("//") || SCHEME_RE.test(trimmed)) return null;
+	if (trimmed.includes("?") || trimmed.includes("#")) return null;
+	const stripped = trimmed.startsWith("/") ? trimmed.slice(1) : trimmed;
+	const parts = [];
+	for (const part of stripped.split("/")) {
+		if (!part || part === ".") continue;
+		if (part === "..") {
+			if (parts.length === 0) return null;
+			parts.pop();
+			continue;
+		}
+		if (part.startsWith(".")) return null;
+		parts.push(part);
+	}
+	return parts.length > 0 ? parts.join("/") : null;
 }
 /**
-* Single source of truth for "is this string safe to redirect to after a
-* successful OAuth callback".
-*
-* Both the server (`/auth/github/start` validates `?next=` before signing
-* the state JWT) and the web client (the fragment-consumer page validates
-* before navigating) must agree on the regex — drift here is what enables
-* open-redirect bugs. The server is authoritative; the client check is a
-* defense-in-depth.
-*
-* Allowed: a path that begins with exactly one `/` and is not the start of
-* an authority component (`//`, `/\`). Permits typical SPA paths with
-* query strings and fragments. Anything else (absolute URLs, scheme-less
-* authority components, `javascript:`) falls through to the safe default.
-*/
-const SAFE_NEXT_PATH = /^\/(?![/\\])[A-Za-z0-9_\-./?=&%#]*$/;
-/**
-* Return `next` if it is a syntactically safe relative path, otherwise the
-* default landing path. The check is deliberately conservative — the
-* intent is to reject anything that could be parsed as an absolute URL by
-* a browser navigation. Length is capped at 256 chars to defang
-* pathological inputs.
+* `true` when `path` is already in canonical form per `normalizeDocLinkPath`.
+* Used by the server snapshot schema to reject anything the runtime didn't
+* normalise correctly — the wire format must carry canonical paths so the
+* web cache lookup is deterministic.
 */
-function safeRedirectPath(next) {
-	if (!next || typeof next !== "string") return "/";
-	if (next.length > 256) return "/";
-	if (!SAFE_NEXT_PATH.test(next)) return "/";
-	return next;
+function isCanonicalDocLinkPath(path) {
+	const normalized = normalizeDocLinkPath(path);
+	return normalized !== null && normalized === path;
 }
 const adapterPlatformSchema = z.enum([
 	"feishu",
@@ -112,13 +61,13 @@ const adapterPlatformSchema = z.enum([
 	"kael"
 ]);
 const adapterStatusSchema = z.enum(["active", "inactive"]);
-const createAdapterConfigSchema = z.object({
+z.object({
 	platform: adapterPlatformSchema,
 	agentId: z.string().min(1),
 	credentials: z.record(z.string(), z.unknown()),
 	status: adapterStatusSchema.default("active")
 });
-const updateAdapterConfigSchema = z.object({
+z.object({
 	agentId: z.string().min(1).optional(),
 	credentials: z.record(z.string(), z.unknown()).optional(),
 	status: adapterStatusSchema.optional()
@@ -138,11 +87,11 @@ const adapterBindMethodSchema = z.enum([
 	"oauth",
 	"manual"
 ]);
-const selfServiceFeishuBotSchema = z.object({
+z.object({
 	appId: z.string().min(1),
 	appSecret: z.string().min(1)
 });
-const createAdapterMappingSchema = z.object({
+z.object({
 	platform: adapterPlatformSchema,
 	externalUserId: z.string().min(1),
 	agentId: z.string().min(1),
@@ -158,7 +107,7 @@ z.object({
 	displayName: z.string().nullable(),
 	createdAt: z.string()
 });
-const delegateFeishuUserSchema = z.object({
+z.object({
 	feishuUserId: z.string().min(1),
 	displayName: z.string().max(200).optional()
 });
@@ -332,39 +281,6 @@ const agentRuntimeConfigPayloadSchema = z.preprocess((input) => {
 }, taggedPayloadUnion).superRefine((payload, ctx) => {
 	payloadDuplicatesRefinement(payload, ctx);
 });
-/** Default payload used when creating a fresh claude-code agent. */
-const DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD = {
-	kind: "claude-code",
-	prompt: { append: "" },
-	model: "opus",
-	mcpServers: [],
-	env: [],
-	gitRepos: []
-};
-/**
-* Default payload for a fresh codex agent. Same 5 fields as claude-code.
-* `model` is left empty by default so the Codex CLI picks one matching the
-* user's auth mode — `gpt-5-codex` is rejected by ChatGPT-account auth, while
-* an empty string lets the SDK fall through to its built-in default.
-*/
-const DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD = {
-	kind: "codex",
-	prompt: { append: "" },
-	model: "",
-	mcpServers: [],
-	env: [],
-	gitRepos: []
-};
-/**
-* Default payload selector by runtime provider.
-*/
-function defaultRuntimeConfigPayload(provider) {
-	switch (provider) {
-		case "codex": return { ...DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD };
-		case "claude-code": return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
-		default: return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
-	}
-}
 const agentRuntimeConfigSchema = z.object({
 	agentId: z.string(),
 	version: z.number().int().positive(),
@@ -392,17 +308,11 @@ const agentRuntimeConfigPatchShape = z.object({
 	env: z.array(envEntrySchema),
 	gitRepos: z.array(gitRepoSchema)
 }).partial();
-/**
-* Patch payload for PATCH /api/v1/admin/agents/:uuid/config.
-*
-* - `expectedVersion` enforces optimistic locking; mismatch → 409.
-* - All payload fields are optional; omitted fields are left untouched.
-*/
-const updateAgentRuntimeConfigSchema = z.object({
+z.object({
 	expectedVersion: z.number().int().positive(),
 	payload: agentRuntimeConfigPatchShape
 });
-const dryRunAgentRuntimeConfigSchema = z.object({ payload: agentRuntimeConfigPatchShape });
+z.object({ payload: agentRuntimeConfigPatchShape });
 z.object({
 	current: agentRuntimeConfigSchema,
 	next: agentRuntimeConfigPayloadSchema,
@@ -417,10 +327,6 @@ z.object({
 		after: z.unknown().optional()
 	}))
 });
-/** Mask of a previously-stored sensitive value when echoing back to admin. */
-function isRedactedEnvValue(value) {
-	return value === "***";
-}
 /**
 * Derive a default local path from a repo URL.
 * Used both for validation (duplicate detection) and at runtime when the user
@@ -450,25 +356,16 @@ const clientSessionStateSchema = z.enum([
 	"suspended",
 	"errored"
 ]);
-const sessionStateMessageSchema = z.object({
+z.object({
 	chatId: z.string().min(1),
 	state: clientSessionStateSchema
 });
-/** Client-reported runtime state override (client → server, per-agent). */
-const runtimeStateMessageSchema = z.object({ runtimeState: runtimeStateSchema });
-const agentBindRequestSchema = z.object({
+z.object({ runtimeState: runtimeStateSchema });
+z.object({
 	agentId: z.string().min(1),
 	runtimeType: z.string().max(50),
 	runtimeVersion: z.string().max(50).optional()
 });
-const AGENT_BIND_REJECT_REASONS = {
-	WRONG_CLIENT: "wrong_client",
-	NOT_OWNED: "not_owned",
-	AGENT_SUSPENDED: "agent_suspended",
-	WRONG_ORG: "wrong_org",
-	UNKNOWN_AGENT: "unknown_agent",
-	RUNTIME_PROVIDER_MISMATCH: "runtime_provider_mismatch"
-};
 z.enum([
 	"wrong_client",
 	"not_owned",
@@ -504,21 +401,11 @@ z.object({
 	clients: z.number().int()
 });
 const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
-const DEFAULT_RUNTIME_PROVIDER = "claude-code";
-const AGENT_TYPES = {
-	HUMAN: "human",
-	PERSONAL_ASSISTANT: "personal_assistant",
-	AUTONOMOUS_AGENT: "autonomous_agent"
-};
 const agentTypeSchema = z.enum([
 	"human",
 	"personal_assistant",
 	"autonomous_agent"
 ]);
-const AGENT_VISIBILITY = {
-	PRIVATE: "private",
-	ORGANIZATION: "organization"
-};
 const agentVisibilitySchema = z.enum(["private", "organization"]);
 const avatarColorTokenSchema = z.enum([
 	"hue-0",
@@ -530,11 +417,6 @@ const avatarColorTokenSchema = z.enum([
 	"hue-6",
 	"hue-7"
 ]);
-const AGENT_STATUSES = {
-	ACTIVE: "active",
-	SUSPENDED: "suspended",
-	DELETED: "deleted"
-};
 const agentSourceSchema = z.enum(["admin-api", "portal"]);
 z.enum(["active", "suspended"]);
 /**
@@ -560,7 +442,7 @@ const RESERVED_AGENT_NAMES_SET = new Set([
 function isReservedAgentName(name) {
 	return RESERVED_AGENT_NAMES_SET.has(name);
 }
-const createAgentSchema = z.object({
+z.object({
 	name: z.string().min(1).max(64).regex(AGENT_NAME_REGEX, "Must start with a letter or digit and contain only lowercase letters, digits, hyphens (-), and underscores (_). Max 64 chars.").refine((n) => !isReservedAgentName(n), { message: "That agent name is reserved — pick a different one." }).optional(),
 	type: agentTypeSchema,
 	displayName: z.string().min(1).max(200).optional(),
@@ -574,7 +456,7 @@ const createAgentSchema = z.object({
 	runtimeProvider: runtimeProviderSchema.optional(),
 	gitRepos: z.array(gitRepoSchema).optional()
 });
-const updateAgentSchema = z.object({
+z.object({
 	type: agentTypeSchema.optional(),
 	displayName: z.string().min(1).max(200).optional(),
 	delegateMention: z.string().max(100).nullable().optional(),
@@ -584,14 +466,7 @@ const updateAgentSchema = z.object({
 	clientId: z.string().min(1).max(100).nullable().optional(),
 	avatarColorToken: avatarColorTokenSchema.nullable().optional()
 });
-/**
-* Service-level rebind input. Admin / owner re-binds an agent to a new
-* client and/or a new runtime provider in one atomic operation.
-*
-* `force` bypasses the capability-match check (e.g. when the client is
-* offline and capabilities are stale).
-*/
-const rebindAgentSchema = z.object({
+z.object({
 	clientId: z.string().min(1).max(100),
 	runtimeProvider: runtimeProviderSchema,
 	force: z.boolean().optional()
@@ -621,13 +496,7 @@ z.object({
 	repo: z.string().nullable(),
 	branch: z.string().nullable()
 });
-/**
-* Server → client WebSocket frame announcing that an agent has just been
-* pinned to the connected client (either created with `clientId` or bound via
-* PATCH NULL → ID). The client can auto-register a local config from this so
-* the operator doesn't have to run `first-tree-hub agent add` manually.
-*/
-const agentPinnedMessageSchema = z.object({
+z.object({
 	type: z.literal("agent:pinned"),
 	agentId: z.string(),
 	name: z.string().nullable(),
@@ -635,7 +504,7 @@ const agentPinnedMessageSchema = z.object({
 	agentType: agentTypeSchema,
 	runtimeProvider: runtimeProviderSchema
 });
-const loginSchema = z.object({
+z.object({
 	username: z.string().min(1),
 	password: z.string().min(1)
 });
@@ -643,37 +512,19 @@ z.object({
 	accessToken: z.string(),
 	refreshToken: z.string()
 });
-const refreshTokenSchema = z.object({ refreshToken: z.string().min(1) });
-const connectTokenExchangeSchema = z.object({ token: z.string().min(1) });
+z.object({ refreshToken: z.string().min(1) });
+z.object({ token: z.string().min(1) });
 z.object({
 	token: z.string(),
 	expiresIn: z.number(),
 	command: z.string()
 });
-/**
-* `chats.metadata` is `jsonb` at the DB layer. Without a typed contract every
-* writer was free to invent their own keys, so a GitHub webhook writing
-* `{ source: "github", entityKey: "..." }` and a Feishu adapter writing
-* `{ source: "feishu", externalChannelId: "..." }` could collide on shared
-* keys (`source`, `title`). The discriminated union below pins both writers
-* to a single shape and lets TypeScript narrow on `metadata.source`.
-*
-* Add new variants here; do not extend with free-form `Record<string, unknown>`.
-*/
-/**
-* Source of truth for which github entities get their own tag in the
-* conversation list. Adding a new entry here extends `ChatSource`
-* (`github_${entityType}`) and the SQL CASE/IN-list in
-* `server/services/me-chat.ts` without touching them — both derive from
-* this constant.
-*/
-const GITHUB_ENTITY_TYPES = [
+const githubEntityTypeSchema = z.enum([
 	"issue",
 	"pull_request",
 	"discussion",
 	"commit"
-];
-const githubEntityTypeSchema = z.enum(GITHUB_ENTITY_TYPES);
+]);
 const githubChatMetadataSchema = z.object({
 	source: z.literal("github"),
 	entityType: githubEntityTypeSchema,
@@ -701,28 +552,13 @@ const chatSourceSchema = z.enum([
 	"feishu"
 ]);
 const chatTypeSchema = z.enum(["direct", "group"]);
-/**
-* Per-(chat, user) engagement state. Stored on `chat_user_state` so each
-* user manages their own view independently of structural membership.
-*
-*   active   — default; chat is in the user's active conversation list.
-*   archived — user-snoozed; auto-revives to `active` when a new message
-*              lands in the chat (see `services/chat-projection.ts`).
-*   deleted  — user-removed; never auto-revives. Restorable only by the
-*              user from the chat detail page.
-*/
-const CHAT_ENGAGEMENT_STATUSES = {
-	ACTIVE: "active",
-	ARCHIVED: "archived",
-	DELETED: "deleted"
-};
 const chatEngagementStatusSchema = z.enum([
 	"active",
 	"archived",
 	"deleted"
 ]);
-const patchChatEngagementSchema = z.object({ status: chatEngagementStatusSchema });
-const createChatSchema = z.object({
+z.object({ status: chatEngagementStatusSchema });
+z.object({
 	type: chatTypeSchema,
 	topic: z.string().max(500).optional(),
 	participantIds: z.array(z.string()).min(1),
@@ -759,18 +595,8 @@ z.object({
 	engagementStatus: chatEngagementStatusSchema,
 	viewerMembershipKind: z.enum(["participant", "watching"]).nullable()
 });
-const updateChatSchema = z.object({ topic: z.string().trim().max(500).nullable() });
-/**
-* Public API body for `POST /api/v1/agent/chats/:chatId/participants`.
-* Phase 1 removed the `mode` field: participant mode is derived server-side
-* from `(chats.type, agents.type)` via `services/participant-mode.ts` and
-* cannot be overridden by the caller. The handler still inspects the raw
-* body and rejects with `400 MODE_FIELD_DEPRECATED` if `mode` is present,
-* so an out-of-tree caller that still sends it gets a clear error and a
-* telemetry counter increments — see `chat-participant-mode-fix-design.md`
-* §3.2 / §6.
-*/
-const addParticipantSchema = z.object({ agentId: z.string().min(1) });
+z.object({ topic: z.string().trim().max(500).nullable() });
+z.object({ agentId: z.string().min(1) });
 z.object({ agentId: z.string().min(1) });
 const clientStatusSchema = z.enum(["connected", "disconnected"]);
 /**
@@ -813,7 +639,7 @@ z.object({
 * mandatory on this server build.
 */
 const clientWireCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
-const clientRegisterSchema = z.object({
+z.object({
 	clientId: z.string().min(1).max(100),
 	hostname: z.string().max(100).optional(),
 	os: z.string().max(50).optional(),
@@ -855,8 +681,8 @@ const capabilityEntrySchema = z.object({
 * as `RuntimeProvider` strings.
 */
 const clientCapabilitiesSchema = z.record(z.string(), capabilityEntrySchema);
-const updateClientCapabilitiesSchema = z.object({ capabilities: clientCapabilitiesSchema });
-const paginationQuerySchema = z.object({
+z.object({ capabilities: clientCapabilitiesSchema });
+z.object({
 	limit: z.coerce.number().int().min(1).max(100).default(20),
 	cursor: z.string().optional()
 });
@@ -950,7 +776,7 @@ const contextTreeUsageSummarySchema = z.object({
 	agentCount: z.number().int().nonnegative(),
 	usageCount: z.number().int().nonnegative()
 });
-const contextTreeSnapshotSchema = z.object({
+z.object({
 	repo: z.string().nullable(),
 	branch: z.string().nullable(),
 	headCommit: z.string().nullable(),
@@ -990,24 +816,7 @@ z.object({
 	refreshToken: z.string().optional(),
 	refreshTokenExpiresAt: z.string().datetime({ offset: true }).optional()
 });
-/**
-* GET-side projection returned by the Hub admin API for the Integrations
-* panel. Secrets are never echoed — only the metadata needed to render
-* "you're connected as @octocat (Organization), 7 repos selected".
-*
-* `selectedRepoCount` is derived from a separate join (App webhook
-* `installation_repositories` events update a children table not modeled
-* here yet); included now so the panel's API shape is stable from the
-* first ship.
-*/
-/**
-* Body for `POST /orgs/:orgId/github-app-installation/claim` — manual
-* recovery for an installation row that ended up unbound (codex P1-5 + H1).
-* The orphan-reclaim sweep at sign-in auto-claims the single-orphan case;
-* this endpoint backs the Settings "Claim install" buttons when there's
-* more than one (or the account is an org, where auto-claim is too risky).
-*/
-const githubAppInstallationClaimBodySchema = z.object({ installationId: z.number().int().positive() });
+z.object({ installationId: z.number().int().positive() });
 z.object({
 	installationId: z.number().int().positive(),
 	accountType: githubAccountTypeSchema,
@@ -1026,14 +835,7 @@ const supportedImageMimeSchema = z.enum([
 	"image/gif",
 	"image/webp"
 ]);
-/**
-* Legacy inbound shape: an image message with base64 bytes inlined into
-* `messages.content`. Web still uploads in this shape so no new endpoint is
-* needed; the server extracts the bytes, broadcasts them as an `image_payload`
-* WS frame, then rewrites `content` to {@link imageRefContentSchema} before
-* the DB insert.
-*/
-const imageInlineContentSchema = z.object({
+z.object({
 	data: z.string().min(1),
 	mimeType: supportedImageMimeSchema,
 	filename: z.string().min(1),
@@ -1088,7 +890,7 @@ const messageFormatSchema = z.enum([
 * adapter, etc.) and goes through the normal enforcement profile.
 */
 const messagePurposeSchema = z.enum(["agent-final-text"]);
-const sendMessageSchema = z.object({
+z.object({
 	format: messageFormatSchema.default("text"),
 	content: z.unknown(),
 	metadata: z.record(z.string(), z.unknown()).optional(),
@@ -1098,7 +900,7 @@ const sendMessageSchema = z.object({
 	source: messageSourceSchema.optional(),
 	purpose: messagePurposeSchema.optional()
 });
-const sendToAgentSchema = z.object({
+z.object({
 	format: messageFormatSchema.default("text"),
 	content: z.unknown(),
 	metadata: z.record(z.string(), z.unknown()).optional(),
@@ -1199,29 +1001,15 @@ z.object({
 	deliveredAt: z.string().nullable(),
 	ackedAt: z.string().nullable()
 }).extend({ message: clientMessageSchema });
-const inboxPollQuerySchema = z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
-/**
-* server → client: a single inbox entry pushed over the active WS connection.
-*
-* `entryId` is the server-side `inbox_entries.id` the client must echo back
-* in `inbox:ack`. `clientMessageSchema` carries `precedingMessages`, so the
-* client-side dispatch logic handles the silent-context bundle uniformly.
-*
-* `.passthrough()` so a forward-rolling server may extend the frame without
-* breaking older clients that validate strictly. Older clients drop unknown
-* fields silently.
-*/
-const inboxDeliverFrameSchema = z.object({
+z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
+z.object({
 	type: z.literal("inbox:deliver"),
 	entryId: z.number().int().nonnegative(),
 	inboxId: z.string().min(1),
 	chatId: z.string().nullable(),
 	message: clientMessageSchema
 }).passthrough();
-/**
-* client → server: ack for an `inbox:deliver` frame.
-*/
-const inboxAckFrameSchema = z.object({
+z.object({
 	type: z.literal("inbox:ack"),
 	entryId: z.number().int().nonnegative()
 });
@@ -1241,8 +1029,7 @@ z.object({
 	createdAt: z.string(),
 	expiresAt: z.string().nullable()
 });
-/** Body for joining via invite token. */
-const joinByInvitationSchema = z.object({ token: z.string().min(1) });
+z.object({ token: z.string().min(1) });
 z.object({}).optional();
 const meChatFilterSchema = z.enum([
 	"all",
@@ -1255,7 +1042,7 @@ const chatEngagementViewSchema = z.enum([
 	"archived",
 	"all"
 ]);
-const listMeChatsQuerySchema = z.object({
+z.object({
 	cursor: z.string().optional(),
 	limit: z.coerce.number().int().min(1).max(200).default(50),
 	filter: meChatFilterSchema.default("all"),
@@ -1289,8 +1076,6 @@ const liveActivitySchema = z.object({
 	label: z.string(),
 	startedAt: z.string()
 });
-/** Stale threshold (ms) past which a `session_events` row stops driving liveActivity. */
-const LIVE_ACTIVITY_STALE_MS = 6e4;
 const meChatRowSchema = z.object({
 	chatId: z.string(),
 	type: z.string(),
@@ -1311,11 +1096,11 @@ z.object({
 	rows: z.array(meChatRowSchema),
 	nextCursor: z.string().nullable()
 });
-const createMeChatSchema = z.object({
+z.object({
 	participantIds: z.array(z.string().min(1)).min(1),
 	topic: z.string().trim().max(500).optional().nullable()
 });
-const addMeChatParticipantsSchema = z.object({ participantIds: z.array(z.string().min(1)).min(1) });
+z.object({ participantIds: z.array(z.string().min(1)).min(1) });
 z.object({
 	chatId: z.string(),
 	lastReadAt: z.string(),
@@ -1354,7 +1139,7 @@ const chatSourceCountSchema = z.object({
 	chatCount: z.number().int().nonnegative(),
 	unreadChatCount: z.number().int().nonnegative()
 });
-const listMeChatSourceCountsQuerySchema = z.object({ engagement: chatEngagementViewSchema.default("active") });
+z.object({ engagement: chatEngagementViewSchema.default("active") });
 z.object({ counts: z.partialRecord(chatSourceSchema, chatSourceCountSchema) });
 const workspaceDocRefSchema = z.object({
 	type: z.literal("workspace"),
@@ -1363,13 +1148,33 @@ const workspaceDocRefSchema = z.object({
 	basePath: z.string().trim().optional(),
 	path: z.string().trim().min(1)
 });
-z.object({ basePath: z.string().trim().min(1) });
-const getMeDocSchema = z.object({
+const snapshotDocSchema = z.object({
+	path: z.string().trim().min(1).refine(isCanonicalDocLinkPath, { message: "path must be a canonical workspace-relative doc path (no leading /, no ./, no ..)" }).refine((p) => p.toLowerCase().endsWith(".md"), { message: "path must have a .md extension" }),
+	sha256: z.string().regex(/^[0-9a-f]{64}$/, "sha256 must be 64 lowercase hex chars"),
+	size: z.number().int().nonnegative(),
+	content: z.string()
+});
+const snapshotDocumentContextSchema = z.object({
+	kind: z.literal("snapshot"),
+	docs: z.array(snapshotDocSchema).min(1).max(5)
+});
+const pathDocumentContextSchema = z.object({
+	kind: z.literal("path"),
+	basePath: z.string().trim().min(1)
+});
+z.preprocess((val) => {
+	if (val && typeof val === "object" && !Array.isArray(val) && !("kind" in val) && "basePath" in val) return {
+		kind: "path",
+		...val
+	};
+	return val;
+}, z.discriminatedUnion("kind", [snapshotDocumentContextSchema, pathDocumentContextSchema]));
+z.object({
 	agentId: z.string().trim().min(1),
 	basePath: z.string().trim().optional(),
 	path: z.string().trim().min(1)
 });
-const getMeDocResponseSchema = z.object({
+z.object({
 	ref: workspaceDocRefSchema,
 	path: z.string(),
 	content: z.string()
@@ -1385,18 +1190,11 @@ z.object({
 	displayName: z.string(),
 	role: z.enum(["admin", "member"])
 });
-/** Body for `POST /me/organizations` — operator wants to create another team. */
-const createOrgFromMeSchema = z.object({
+z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/),
 	displayName: z.string().min(1).max(200)
 });
-/**
-* Body for `PATCH /me/onboarding`. v1 only mutates `dismissed` — true to
-* hide the onboarding stepper (server stamps `users.onboarding_dismissed_at
-* = NOW()`), false to restore it. See docs/new-user-onboarding-design.md
-* §8.4.
-*/
-const patchOnboardingSchema = z.object({ dismissed: z.boolean().optional() });
+z.object({ dismissed: z.boolean().optional() });
 /**
 * Body for `POST /me/onboarding/events`. The web SPA reports key
 * milestones so the server can log them as a single funnel-trackable
@@ -1418,7 +1216,7 @@ const onboardingEventNameSchema = z.enum([
 	"tree_chat_started",
 	"tree_intro_dismissed"
 ]);
-const onboardingEventSchema = z.object({
+z.object({
 	event: onboardingEventNameSchema,
 	attrs: z.record(z.string(), z.union([
 		z.string(),
@@ -1444,13 +1242,12 @@ const memberSchema = z.object({
 	role: memberRoleSchema,
 	createdAt: z.string()
 });
-/** Admin creates a member — password is auto-generated, returned once. */
-const createMemberSchema = z.object({
+z.object({
 	username: z.string().min(1).max(100),
 	displayName: z.string().min(1).max(200),
 	role: memberRoleSchema.default("member")
 });
-const updateMemberSchema = z.object({
+z.object({
 	role: memberRoleSchema.optional(),
 	displayName: z.string().min(1).max(200).optional()
 });
@@ -1550,11 +1347,6 @@ z.object({
 	}),
 	mentionedUser: z.string().optional()
 });
-const NOTIFICATION_TYPES = {
-	AGENT_ERROR: "agent_error",
-	AGENT_BLOCKED: "agent_blocked",
-	AGENT_STALE: "agent_stale"
-};
 const notificationTypeSchema = z.enum([
 	"agent_error",
 	"agent_blocked",
@@ -1576,21 +1368,15 @@ z.object({
 	read: z.boolean(),
 	createdAt: z.string()
 });
-const notificationQuerySchema = z.object({
+z.object({
 	limit: z.coerce.number().int().min(1).max(100).default(20),
 	cursor: z.string().optional(),
 	severity: notificationSeveritySchema.optional(),
 	read: z.enum(["true", "false"]).transform((v) => v === "true").optional(),
 	agentId: z.string().optional()
 });
-/**
-* `GET /api/v1/auth/github/start` query — `next` is the post-login landing
-* path. It is validated again before signing the state JWT (see
-* `safe-redirect.ts`); the schema only enforces the syntactic upper bound
-* so over-long paths bounce with a Zod error rather than silently truncate.
-*/
-const githubStartQuerySchema = z.object({ next: z.string().max(256).optional() });
-const githubCallbackQuerySchema = z.object({
+z.object({ next: z.string().max(256).optional() });
+z.object({
 	code: z.string().min(1),
 	state: z.string().min(1),
 	installation_id: z.string().regex(/^\d+$/).optional(),
@@ -1600,19 +1386,7 @@ const githubCallbackQuerySchema = z.object({
 		"request"
 	]).optional()
 });
-/**
-* Dev-only callback to bypass the GitHub round-trip — sign in as a stub
-* Github user. Gated by NODE_ENV !== 'production'; production always 404s.
-*
-* The App-flow extension fields (`installationId`, `installationAccountType`,
-* `installationAccountLogin`, `installationAccountGithubId`) let the dev
-* flow simulate a GitHub App install in the same redirect — when present
-* they stub a `github_app_installations` row before the OAuth flow
-* completes, so the rest of the dev session can exercise the App-bound
-* code paths (Settings → Integrations panel, webhook routing) without a
-* real install. Missing → legacy OAuth-only dev flow.
-*/
-const githubDevCallbackQuerySchema = z.object({
+z.object({
 	githubId: z.string().min(1),
 	login: z.string().min(1),
 	email: z.string().email().optional(),
@@ -1721,9 +1495,6 @@ const ORG_SETTINGS_NAMESPACES = {
 };
 const ORG_SETTINGS_NAMESPACE_KEYS = Object.keys(ORG_SETTINGS_NAMESPACES);
 z.enum(ORG_SETTINGS_NAMESPACE_KEYS);
-function isOrgSettingNamespace(value) {
-	return typeof value === "string" && ORG_SETTINGS_NAMESPACE_KEYS.includes(value);
-}
 const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/, "Must start with a letter or digit and contain only lowercase alphanumeric and hyphens").refine((v) => !UUID_PATTERN.test(v), "Name must not be a UUID format"),
@@ -1732,7 +1503,7 @@ z.object({
 	maxMessagesPerMinute: z.number().int().min(0).default(0),
 	features: z.record(z.string(), z.unknown()).default({})
 });
-const updateOrganizationSchema = z.object({
+z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/, "Must start with a letter or digit and contain only lowercase alphanumeric and hyphens").refine((v) => !UUID_PATTERN.test(v), "Name must not be a UUID format").optional(),
 	displayName: z.string().min(1).max(200).optional(),
 	maxAgents: z.number().int().min(0).optional(),
@@ -1807,33 +1578,17 @@ const questionItemSchema = z.object({
 });
 /** Session-level preview format hint. Mirrors `toolConfig.askUserQuestion.previewFormat`. */
 const questionPreviewFormatSchema = z.enum(["html", "markdown"]).nullable();
-/**
-* Content payload for a message whose `format === "question"`.
-*
-* `correlationId` ties the question to its eventual answer message AND to the
-* server-side `pending_questions` row; client runtime uses it to resolve the
-* waiting `canUseTool` promise. Reuse the SDK `tool_use_id` when available so
-* a single id flows end-to-end.
-*/
-const questionMessageContentSchema = z.object({
+z.object({
 	correlationId: z.string().min(1),
 	questions: z.array(questionItemSchema).min(1).max(4),
 	previewFormat: questionPreviewFormatSchema,
 	allowFreeText: z.boolean()
 });
-/**
-* Content payload for a message whose `format === "question_answer"`.
-*
-* `answers` is keyed by `QuestionItem.question` text. For `multiSelect` questions
-* the value is a `, `-joined string of selected labels (matches SDK convention).
-* For free-text answers the value is the user's raw input.
-*/
-const questionAnswerMessageContentSchema = z.object({
+z.object({
 	correlationId: z.string().min(1),
 	answers: z.record(z.string().min(1), z.string())
 });
-/** Submit-answer request body for `POST /api/admin/questions/:correlationId/answer`. */
-const submitQuestionAnswerSchema = z.object({ answers: z.record(z.string().min(1), z.string()) });
+z.object({ answers: z.record(z.string().min(1), z.string()) });
 z.enum([
 	"pending",
 	"answered",
@@ -1933,14 +1688,12 @@ z.object({
 	]),
 	createdAt: z.string()
 });
-/** WS message: client reports a session event (tool_call / error) to the server. */
-const sessionEventMessageSchema = z.object({
+z.object({
 	agentId: z.string(),
 	chatId: z.string(),
 	event: sessionEventSchema
 });
-/** Client → server: list locally-held chatIds; server replies with the subset to drop. */
-const sessionReconcileRequestSchema = z.object({
+z.object({
 	type: z.literal("session:reconcile"),
 	agentId: z.string().min(1),
 	chatIds: z.array(z.string().min(1)).max(500)
@@ -1981,17 +1734,10 @@ z.object({
 	displayName: z.string().min(1).max(200).optional(),
 	password: z.string().min(8).max(200).optional()
 });
-/**
-* First-frame auth envelope sent by the SDK on the client WS connection.
-* The server rejects the connection with close code 4401 if this frame does
-* not arrive within {@link WS_AUTH_FRAME_TIMEOUT_MS} or fails verification.
-*/
-const wsAuthFrameSchema = z.object({
+z.object({
 	type: z.literal("auth"),
 	token: z.string().min(1)
 });
-/** How long the server waits for the first `auth` frame before closing the WS. */
-const WS_AUTH_FRAME_TIMEOUT_MS = 5e3;
 /**
 * Negotiable wire-protocol features the server advertises in its `welcome`
 * frame. Older clients drop the `capabilities` field silently because the
@@ -2011,4 +1757,49 @@ z.object({
 	capabilities: serverCapabilitiesSchema.optional()
 }).passthrough();
 //#endregion
-export { listMeChatSourceCountsQuerySchema as $, createMeChatSchema as A, updateOrganizationSchema as At, githubAppInstallationClaimBodySchema as B, clientRegisterSchema as C, submitQuestionAnswerSchema as Ct, createAdapterMappingSchema as D, updateChatSchema as Dt, createAdapterConfigSchema as E, updateAgentSchema as Et, delegateFeishuUserSchema as F, imageInlineContentSchema as G, githubCallbackQuerySchema as H, dryRunAgentRuntimeConfigSchema as I, inboxPollQuerySchema as J, inboxAckFrameSchema as K, extractMentions as L, createOrgFromMeSchema as M, defaultParticipantMode as N, createAgentSchema as O, updateClientCapabilitiesSchema as Ot, defaultRuntimeConfigPayload as P, joinByInvitationSchema as Q, getMeDocResponseSchema as R, clientCapabilitiesSchema as S, stripCode as St, contextTreeSnapshotSchema as T, updateAgentRuntimeConfigSchema as Tt, githubDevCallbackQuerySchema as U, githubAppInstallationPermissionsSchema as V, githubStartQuerySchema as W, isRedactedEnvValue as X, isOrgSettingNamespace as Y, isReservedAgentName as Z, agentBindRequestSchema as _, sendToAgentSchema as _t, AGENT_TYPES as a, paginationQuerySchema as at, agentTypeSchema as b, sessionReconcileRequestSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, questionAnswerMessageContentSchema as ct, MENTION_REGEX as d, refreshTokenSchema as dt, listMeChatsQuerySchema as et, NOTIFICATION_TYPES as f, runtimeStateMessageSchema as ft, addParticipantSchema as g, sendMessageSchema as gt, addMeChatParticipantsSchema as h, selfServiceFeishuBotSchema as ht, AGENT_STATUSES as i, onboardingEventSchema as it, createMemberSchema as j, wsAuthFrameSchema as jt, createChatSchema as k, updateMemberSchema as kt, GITHUB_ENTITY_TYPES as l, questionMessageContentSchema as lt, WS_AUTH_FRAME_TIMEOUT_MS as m, scanMentionTokens as mt, AGENT_NAME_REGEX as n, messageSourceSchema as nt, AGENT_VISIBILITY as o, patchChatEngagementSchema as ot, ORG_SETTINGS_NAMESPACES as p, safeRedirectPath as pt, inboxDeliverFrameSchema as q, AGENT_SELECTOR_HEADER as r, notificationQuerySchema as rt, CHAT_ENGAGEMENT_STATUSES as s, patchOnboardingSchema as st, AGENT_BIND_REJECT_REASONS as t, loginSchema as tt, LIVE_ACTIVITY_STALE_MS as u, rebindAgentSchema as ut, agentPinnedMessageSchema as v, sessionEventMessageSchema as vt, connectTokenExchangeSchema as w, updateAdapterConfigSchema as wt, chatMetadataSchema as x, sessionStateMessageSchema as xt, agentRuntimeConfigPayloadSchema as y, sessionEventSchema as yt, getMeDocSchema as z };
+//#region src/core/feishu.ts
+/**
+* Feishu-related core operations: bind-bot, bind-user.
+*
+* All agent-scoped calls carry both the member access JWT (Authorization)
+* and the acting agent UUID (X-Agent-Id); the server's agent-selector
+* middleware enforces Rule R-RUN.
+*/
+async function bindFeishuBot(serverUrl, accessToken, agentId, appId, appSecret) {
+	const res = await cliFetch(`${serverUrl}/api/v1/agent/me/feishu-bot`, {
+		method: "PUT",
+		headers: {
+			Authorization: `Bearer ${accessToken}`,
+			[AGENT_SELECTOR_HEADER]: agentId,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({
+			appId,
+			appSecret
+		})
+	});
+	if (!res.ok) {
+		const body = await res.json().catch(() => ({}));
+		throw new Error(body.error ?? `Bind Feishu bot failed: HTTP ${res.status}`);
+	}
+}
+async function bindFeishuUser(serverUrl, accessToken, agentId, humanAgentId, feishuUserId, displayName) {
+	const res = await cliFetch(`${serverUrl}/api/v1/agent/delegated/${encodeURIComponent(humanAgentId)}/feishu-user`, {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${accessToken}`,
+			[AGENT_SELECTOR_HEADER]: agentId,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify({
+			feishuUserId,
+			displayName
+		})
+	});
+	if (!res.ok) {
+		const body = await res.json().catch(() => ({}));
+		throw new Error(body.error ?? `Bind Feishu user failed: HTTP ${res.status}`);
+	}
+}
+//#endregion
+export { bindFeishuUser as n, bindFeishuBot as t };