npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.3.4 → 0.4.0 - Mend

@agent-team-foundation/first-tree-hub 0.3.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/{bootstrap-CPdLNPme.mjs → bootstrap-uyPaaI05.mjs} +24 -14
package/dist/cli/index.mjs +39 -34
package/dist/{core-CZjUVAU-.mjs → core-CMeOAZmx.mjs} +504 -812
package/dist/drizzle/0007_decouple_context_tree.sql +2 -0
package/dist/drizzle/meta/_journal.json +7 -0
package/dist/index.mjs +3 -3
package/dist/web/assets/index-C4J9gHaF.js +280 -0
package/dist/web/assets/index-vo2Sa6IQ.css +1 -0
package/dist/web/index.html +2 -2
package/package.json +1 -1
package/dist/web/assets/index-BHn3RVzY.js +0 -272
package/dist/web/assets/index-BURu6jt9.css +0 -1

package/dist/{core-CZjUVAU-.mjs → core-CMeOAZmx.mjs} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { a as getGitHubUsername, b as serverConfigSchema, c as DEFAULT_CONFIG_DIR, d as clientConfigSchema, f as collectMissingPrompts, h as loadAgents, m as initConfig, r as checkBootstrapStatus, s as resolveServerUrl, t as bootstrapToken$1, u as agentConfigSchema, x as setConfigValue, y as resolveConfigReadonly } from "./bootstrap-CPdLNPme.mjs";
+import { S as setConfigValue, a as getGitHubUsername, b as resolveConfigReadonly, c as DEFAULT_CONFIG_DIR, d as agentConfigSchema, f as clientConfigSchema, g as loadAgents, h as initConfig, p as collectMissingPrompts, s as resolveServerUrl, t as bootstrapToken$1, u as DEFAULT_HOME_DIR$1, x as serverConfigSchema } from "./bootstrap-uyPaaI05.mjs";
 import { copyFileSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join, resolve } from "node:path";
 import { EventEmitter } from "node:events";
@@ -51,12 +51,13 @@ var FirstTreeHubSDK = class {
 			displayName: agent.displayName,
 			type: agent.type,
 			delegateMention: agent.delegateMention ?? null,
+			profile: agent.profile ?? null,
 			metadata: agent.metadata ?? {}
 		};
 	}
-	/** Fetch Context Tree configuration from the server. */
+	/** Fetch Context Tree configuration from the server (public endpoint). */
 	async getContextTreeConfig() {
-		return this.requestJson("/api/v1/agent/context-tree");
+		return this.requestJson("/api/v1/context-tree/info");
 	}
 	/** Fetch pending inbox entries. */
 	async pull(limit = 10) {
@@ -395,7 +396,7 @@ defineConfig({
 		"error"
 	]).default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" })
 });
-const DEFAULT_HOME_DIR = join(homedir(), ".first-tree-hub");
+const DEFAULT_HOME_DIR = process.env.FIRST_TREE_HUB_HOME ?? join(homedir(), ".first-tree-hub");
 join(DEFAULT_HOME_DIR, "config");
 const DEFAULT_DATA_DIR = join(DEFAULT_HOME_DIR, "data");
 defineConfig({
@@ -433,33 +434,37 @@ defineConfig({
 			secret: true
 		})
 	},
-	contextTree: {
+	contextTree: optional({
 		repo: field(z.string(), {
 			env: "FIRST_TREE_HUB_CONTEXT_TREE_REPO",
 			prompt: { message: "Context Tree repo URL (e.g. https://github.com/org/first-tree):" }
 		}),
-		branch: field(z.string().default("main")),
-		syncInterval: field(z.number().default(60))
-	},
+		branch: field(z.string().default("main"))
+	}),
 	github: {
-		token: field(z.string(), {
+		token: field(z.string().optional(), {
 			env: "FIRST_TREE_HUB_GITHUB_TOKEN",
-			secret: true,
-			prompt: {
-				message: "GitHub token (create at https://github.com/settings/tokens → repo scope):",
-				type: "password"
-			}
+			secret: true
 		}),
 		webhookSecret: field(z.string().optional(), {
 			env: "FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET",
 			secret: true
-		})
+		}),
+		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
 	},
 	cors: optional({ origin: field(z.string(), { env: "FIRST_TREE_HUB_CORS_ORIGIN" }) }),
 	rateLimit: optional({
 		max: field(z.number().default(100), { env: "FIRST_TREE_HUB_RATE_LIMIT_MAX" }),
 		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
 		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" })
+	}),
+	kael: optional({
+		endpoint: field(z.string(), { env: "KAEL_ENDPOINT" }),
+		apiKey: field(z.string(), {
+			env: "KAEL_API_KEY",
+			secret: true
+		}),
+		hubPublicUrl: field(z.string(), { env: "FIRST_TREE_HUB_PUBLIC_URL" })
 	})
 });
 join(DEFAULT_DATA_DIR, "context-tree");
@@ -489,14 +494,13 @@ function bootstrapWorkspace(options) {
 		contextTreePath
 	};
 	writeFileSync(join(agentDir, "identity.json"), JSON.stringify(identityData, null, 2), "utf-8");
+	if (identity.profile) writeFileSync(join(contextDir, "self.md"), identity.profile, "utf-8");
 	if (contextTreePath) {
-		const selfNodePath = join(contextTreePath, "members", identity.agentId, "NODE.md");
-		if (existsSync(selfNodePath)) copyFileSync(selfNodePath, join(contextDir, "self.md"));
 		const agentMdPath = join(contextTreePath, "AGENT.md");
 		if (existsSync(agentMdPath)) copyFileSync(agentMdPath, join(contextDir, "agent-instructions.md"));
 		const rootNodePath = join(contextTreePath, "NODE.md");
 		if (existsSync(rootNodePath)) copyFileSync(rootNodePath, join(contextDir, "domain-map.md"));
-	} else writeFileSync(join(contextDir, "degraded.md"), "Context Tree is not available for this session.\nOrganizational context, domain structure, and ownership information are not loaded.\n", "utf-8");
+	}
 	writeFileSync(join(agentDir, "tools.md"), generateToolsDoc(), "utf-8");
 }
 function generateToolsDoc() {
@@ -834,10 +838,9 @@ const createClaudeCodeHandler = (config) => {
 /**
 * Generate a CLAUDE.md file from .agent/ bootstrap data.
 *
-* Layered Bootstrap:
-*   Layer 1 (always): Agent identity + member profile + AGENT.md operating instructions
-*   Layer 2 (if available): Organization domain map from root NODE.md
-*   Layer 3 (on-demand): Agent reads specific domain nodes via contextTreePath
+* Layer 1 (always): Agent identity + profile (from Hub)
+* Layer 2 (if Context Tree configured): Operating instructions + domain map
+* Layer 3 (if Context Tree configured): Context Tree location for on-demand reading
 */
 function generateClaudeMd(workspacePath, identity, contextTreePath) {
 	const sections = [];
@@ -849,25 +852,18 @@ function generateClaudeMd(workspacePath, identity, contextTreePath) {
 	if (existsSync(selfMdPath)) {
 		const selfContent = readFileSync(selfMdPath, "utf-8");
 		sections.push(`## Your Profile\n\n${selfContent}\n`);
-	} else sections.push("## Your Profile\n\nNo member profile available. Your responsibilities are not loaded from the Context Tree.\n");
+	}
 	const agentInstructionsPath = join(contextDir, "agent-instructions.md");
 	if (existsSync(agentInstructionsPath)) {
 		const instructions = readFileSync(agentInstructionsPath, "utf-8");
-		sections.push(`## Context Tree Operating Instructions\n\n${instructions}\n`);
-	} else sections.push("## Context Tree Operating Instructions\n\nContext Tree instructions unavailable. Organizational context is not loaded for this session.\n");
+		sections.push(`## Operating Instructions\n\n${instructions}\n`);
+	}
 	const domainMapPath = join(contextDir, "domain-map.md");
 	if (existsSync(domainMapPath)) {
 		const domainMap = readFileSync(domainMapPath, "utf-8");
 		sections.push(`## Organization Domain Map\n\n${domainMap}\n`);
 	}
 	if (contextTreePath) sections.push(`## Context Tree Location\n\nThe full Context Tree is available at: \`${contextTreePath}\`\n\nRead specific domain nodes as needed following the operating instructions above.\n`);
-	else {
-		const degradedPath = join(contextDir, "degraded.md");
-		if (existsSync(degradedPath)) {
-			const degradedMsg = readFileSync(degradedPath, "utf-8");
-			sections.push(`## Context Tree Location\n\nWARNING: ${degradedMsg}\nYou can still use the SDK tools below, but you lack organizational context for decisions.\n`);
-		}
-	}
 	const toolsPath = join(workspacePath, ".agent", "tools.md");
 	if (existsSync(toolsPath)) {
 		const toolsContent = readFileSync(toolsPath, "utf-8");
@@ -1291,6 +1287,7 @@ var AgentSlot = class {
 				displayName: agent.displayName,
 				type: agent.type,
 				delegateMention: agent.delegateMention,
+				profile: agent.profile,
 				metadata: agent.metadata
 			},
 			sdk: this.connection.sdk,
@@ -2003,10 +2000,10 @@ async function runMigrations(databaseUrl) {
 }
 //#endregion
 //#region src/core/onboard.ts
-const STATE_FILE = join(homedir(), ".first-tree-hub", ".onboard-state.json");
+const STATE_FILE = join(DEFAULT_HOME_DIR$1, ".onboard-state.json");
 /** Save current onboard args to state file for resume. */
 function saveOnboardState(args) {
-	mkdirSync(join(homedir(), ".first-tree-hub"), { recursive: true });
+	mkdirSync(DEFAULT_HOME_DIR$1, { recursive: true });
 	writeFileSync(STATE_FILE, JSON.stringify({ args }, null, 2));
 }
 /** Load saved onboard args from state file. */
@@ -2050,14 +2047,32 @@ async function onboardCheck(args) {
 				key: "server_reachable",
 				label: "Server reachable",
 				status: res.ok ? "ok" : "error",
-				value: res.ok ? "yes" : `HTTP ${res.status}`
+				value: res.ok ? "healthy" : `HTTP ${res.status}`
 			});
+			if (res.ok) try {
+				const configRes = await fetch(`${serverUrl}/api/v1/bootstrap/config`);
+				if (configRes.ok) {
+					const config = await configRes.json();
+					if (config.allowedOrg) items.push({
+						key: "allowed_org",
+						label: "GitHub org",
+						status: "ok",
+						value: config.allowedOrg
+					});
+					else items.push({
+						key: "allowed_org",
+						label: "GitHub org",
+						status: "error",
+						hint: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG not configured on server"
+					});
+				}
+			} catch {}
 		} catch {
 			items.push({
 				key: "server_reachable",
 				label: "Server reachable",
 				status: "error",
-				value: "no"
+				hint: "Cannot connect to server"
 			});
 		}
 	} catch {
@@ -2065,126 +2080,32 @@ async function onboardCheck(args) {
 			key: "server",
 			label: "Server URL",
 			status: "missing_required",
-			hint: "--server <url> or FIRST_TREE_HUB_SERVER"
-		});
-	}
-	const repoPath = await resolveContextTreeRepo(args.server);
-	if (repoPath) items.push({
-		key: "repo",
-		label: "Context Tree repo",
-		status: "ok",
-		value: repoPath
-	});
-	else {
-		const serverAvailable = items.some((i) => i.key === "server" && i.status === "ok");
-		items.push({
-			key: "repo",
-			label: "Context Tree repo",
-			status: "missing_required",
-			hint: serverAvailable ? "auto-clone failed (check server Context Tree config and gh auth)" : "configure --server first (repo will be auto-cloned from server)"
+			hint: "Provide via --server, FIRST_TREE_HUB_SERVER, or config"
 		});
 	}
-	items.push(args.id ? {
+	if (args.id) items.push({
 		key: "id",
-		label: "id",
+		label: "Agent ID",
 		status: "ok",
 		value: args.id
-	} : {
+	});
+	else items.push({
 		key: "id",
-		label: "id",
+		label: "Agent ID",
 		status: "missing_required",
-		hint: "Member directory name"
+		hint: "Provide via --id"
 	});
-	items.push(args.type ? {
+	if (args.type) items.push({
 		key: "type",
-		label: "type",
+		label: "Agent type",
 		status: "ok",
 		value: args.type
-	} : {
-		key: "type",
-		label: "type",
-		status: "missing_required",
-		hint: "human | personal_assistant | autonomous_agent"
-	});
-	items.push(args.role ? {
-		key: "role",
-		label: "role",
-		status: "ok",
-		value: args.role
-	} : {
-		key: "role",
-		label: "role",
-		status: "missing_required",
-		hint: "e.g. \"Engineer\""
-	});
-	items.push(args.domains ? {
-		key: "domains",
-		label: "domains",
-		status: "ok",
-		value: args.domains
-	} : {
-		key: "domains",
-		label: "domains",
-		status: "missing_required",
-		hint: "Comma-separated, e.g. \"backend,infra\""
 	});
-	items.push(args.displayName ? {
-		key: "display_name",
-		label: "display-name",
-		status: "ok",
-		value: args.displayName
-	} : {
-		key: "display_name",
-		label: "display-name",
-		status: "missing_optional",
-		hint: `defaults to "${args.id ?? ""}"`
-	});
-	items.push(args.assistant ? {
-		key: "assistant",
-		label: "assistant",
-		status: "ok",
-		value: args.assistant
-	} : {
-		key: "assistant",
-		label: "assistant",
-		status: "missing_optional",
-		hint: "Also create a personal_assistant"
-	});
-	items.push(args.feishuBotAppId ? {
-		key: "feishu_bot",
-		label: "feishu-bot-app-id",
-		status: "ok",
-		value: args.feishuBotAppId
-	} : {
-		key: "feishu_bot",
-		label: "feishu-bot-app-id",
-		status: "missing_optional",
-		hint: "Feishu bot App ID for assistant"
-	});
-	if (args.id && repoPath) if (existsSync(join(repoPath, "members", args.id))) try {
-		execSync(`git ls-files --error-unmatch members/${args.id}/NODE.md`, {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
-		items.push({
-			key: "conflict",
-			label: `ID "${args.id}" availability`,
-			status: "warning",
-			value: "already exists (will overwrite)"
-		});
-	} catch {
-		items.push({
-			key: "conflict",
-			label: `ID "${args.id}" availability`,
-			status: "ok",
-			value: "resuming (local files from previous run)"
-		});
-	}
 	else items.push({
-		key: "conflict",
-		label: `ID "${args.id}" availability`,
-		status: "ok",
-		value: "available"
+		key: "type",
+		label: "Agent type",
+		status: "missing_required",
+		hint: "Provide via --type"
 	});
 	return items;
 }
@@ -2199,322 +2120,74 @@ function formatCheckReport(items) {
 	return lines.join("\n");
 }
 async function onboardCreate(args) {
-	const repoPath = await resolveContextTreeRepo(args.server);
-	if (!repoPath) throw new Error("Context Tree repo not available. Ensure --server is configured and the server is running.");
-	const ghUsername = getGitHubUsername();
-	const githubField = args.type === "human" ? ghUsername : null;
-	const humanNodePath = join(repoPath, "members", args.id, "NODE.md");
-	if (existsSync(humanNodePath) && isTrackedByGit(repoPath, join("members", args.id, "NODE.md"))) {
-		process.stderr.write(`Member "${args.id}" already exists, skipping NODE.md creation.\n`);
-		if (args.assistant) {
-			const existingContent = readFileSync(humanNodePath, "utf-8");
-			if (!existingContent.includes("delegate_mention")) {
-				writeFileSync(humanNodePath, existingContent.replace(/^(---\n[\s\S]*?)(---)/m, `$1delegate_mention: ${args.assistant}\n$2`));
-				process.stderr.write(`Updated delegate_mention → ${args.assistant}\n`);
-			}
-		}
-	} else createMemberNodeMd(repoPath, {
-		id: args.id,
-		type: args.type,
-		displayName: args.displayName ?? args.id,
-		role: args.role,
-		domains: args.domains.split(",").map((d) => d.trim()),
-		owner: ghUsername,
-		github: githubField,
-		delegateMention: args.assistant ?? args.delegateMention ?? null
-	});
-	if (args.assistant) if (existsSync(join(repoPath, "members", args.id, args.assistant, "NODE.md")) && isTrackedByGit(repoPath, join("members", args.id, args.assistant, "NODE.md"))) process.stderr.write(`Assistant "${args.assistant}" already exists, skipping.\n`);
-	else createMemberNodeMd(repoPath, {
-		parentPath: join("members", args.id),
-		id: args.assistant,
-		type: "personal_assistant",
-		displayName: args.assistant,
-		role: `Personal Assistant to ${args.id}`,
-		domains: ["message triage", "task coordination"],
-		owner: ghUsername,
-		github: null,
-		delegateMention: null
-	});
+	const serverUrl = resolveServerUrl(args.server).replace(/\/+$/, "");
+	getGitHubUsername();
+	process.stderr.write(`Bootstrapping agent "${args.id}"...\n`);
+	const metadata = {};
+	if (args.role) metadata.role = args.role;
+	if (args.domains) metadata.domains = args.domains.split(",").map((d) => d.trim());
+	let token;
 	try {
-		execSync("npx -y first-tree verify", {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
+		token = (await bootstrapToken$1(serverUrl, args.id, {
+			saveTo: "agent",
+			type: args.type,
+			displayName: args.displayName ?? args.id,
+			profile: args.profile,
+			delegateMention: args.assistant ?? args.delegateMention,
+			metadata: Object.keys(metadata).length > 0 ? metadata : void 0
+		})).token;
 	} catch (err) {
-		const stderr = err instanceof Error && "stderr" in err ? err.stderr.toString() : "";
-		const stdout = err instanceof Error && "stdout" in err ? err.stdout.toString() : "";
-		const output = stderr || stdout || String(err);
-		if (output.includes("VERSION") || output.includes("AGENT.md") || output.includes("Root NODE.md")) throw new Error("Context Tree repo is not properly initialized.\nRun 'context-tree init' in the repo first, or see:\n  https://github.com/agent-team-foundation/first-tree\n\n" + output);
-		throw new Error(`Verification failed:\n${output}`);
-	}
-	const baseBranch = `onboard/${args.id}`;
-	let branch = baseBranch;
-	const branchExists = (name) => {
-		try {
-			execSync(`git rev-parse --verify ${name}`, {
-				cwd: repoPath,
-				stdio: "pipe"
-			});
-			return true;
-		} catch {
-			return false;
-		}
-	};
-	if (branchExists(branch)) branch = `${baseBranch}-${Date.now().toString(36)}`;
-	try {
-		execSync("git checkout main", {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
-	} catch {
-		try {
-			execSync("git checkout master", {
-				cwd: repoPath,
-				stdio: "pipe"
-			});
-		} catch {}
-	}
-	execSync(`git checkout -b ${branch}`, {
-		cwd: repoPath,
-		stdio: "pipe"
-	});
-	execSync(`git add members/${args.id}`, {
-		cwd: repoPath,
-		stdio: "pipe"
-	});
-	execFileSync("git", [
-		"commit",
-		"-m",
-		args.assistant ? `feat: onboard ${args.id} + ${args.assistant}` : `feat: onboard ${args.id}`
-	], {
-		cwd: repoPath,
-		stdio: "pipe"
-	});
-	const pushToken = execSync("gh auth token", {
-		encoding: "utf-8",
-		stdio: "pipe"
-	}).trim();
-	const cleanRemote = execSync("git remote get-url origin", {
-		cwd: repoPath,
-		encoding: "utf-8",
-		stdio: "pipe"
-	}).trim();
-	execSync(`git remote set-url origin "${cleanRemote.replace("https://github.com/", `https://x-access-token:${pushToken}@github.com/`)}"`, {
-		cwd: repoPath,
-		stdio: "pipe"
-	});
-	try {
-		execSync(`git push -u origin ${branch}`, {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
-	} finally {
-		execSync(`git remote set-url origin "${cleanRemote}"`, {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
+		const msg = err instanceof Error ? err.message : String(err);
+		if (msg.includes("already has") || msg.includes("409")) throw new Error(`Agent "${args.id}" already has an active token.\nAsk an admin to revoke the existing token in the Web UI, then re-run onboard.`);
+		throw err;
 	}
-	const prOutput = execSync(`gh pr create --title "${args.assistant ? `Onboard ${args.id} + assistant` : `Onboard ${args.id}`}" --body "Automated onboard via first-tree-hub CLI"`, {
-		cwd: repoPath,
-		encoding: "utf-8"
-	}).trim();
-	const state = {
-		args,
-		branch,
-		prUrl: prOutput
-	};
-	mkdirSync(join(homedir(), ".first-tree-hub"), { recursive: true });
-	writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
-	return { prUrl: prOutput };
-}
-async function onboardContinue(args) {
-	let state = null;
-	try {
-		state = JSON.parse(readFileSync(STATE_FILE, "utf-8"));
-	} catch {}
-	if (!state && !args.id) throw new Error("No onboard in progress. Run 'first-tree-hub onboard' first to start a new onboard.");
-	const mergedArgs = {
-		...state?.args,
-		...stripUndefined(args)
-	};
-	const serverUrl = resolveServerUrl(mergedArgs.server).replace(/\/+$/, "");
-	const agentToBootstrap = mergedArgs.assistant ?? mergedArgs.id;
-	if (!agentToBootstrap) throw new Error("Cannot determine which agent to bootstrap. Provide --id or run onboard first.");
-	if (!mergedArgs.id) throw new Error("Cannot determine member ID. Provide --id or run onboard first.");
-	process.stderr.write(`Waiting for agent "${agentToBootstrap}" to be synced...\n`);
-	let synced = false;
-	for (let i = 0; i < 30; i++) {
+	process.stderr.write(`Agent "${args.id}" ready.\n`);
+	if (args.assistant) {
+		process.stderr.write(`Bootstrapping assistant "${args.assistant}"...\n`);
 		try {
-			const status = await checkBootstrapStatus(serverUrl, agentToBootstrap);
-			if (status.exists && status.status === "active") {
-				synced = true;
-				break;
-			}
+			token = (await bootstrapToken$1(serverUrl, args.assistant, {
+				saveTo: "agent",
+				type: "personal_assistant",
+				displayName: args.assistant,
+				metadata: {
+					role: `Personal Assistant to ${args.id}`,
+					domains: ["message triage", "task coordination"]
+				}
+			})).token;
+			process.stderr.write(`Assistant "${args.assistant}" ready.\n`);
 		} catch (err) {
-			if (i === 0) process.stderr.write(`  (check failed: ${err instanceof Error ? err.message : String(err)})\n`);
+			const msg = err instanceof Error ? err.message : String(err);
+			process.stderr.write(`Warning: Failed to bootstrap assistant "${args.assistant}": ${msg}\n`);
 		}
-		await sleep(2e3);
 	}
-	if (!synced) throw new Error(`Agent "${agentToBootstrap}" not found after 60s. Trigger sync manually or wait for auto-sync.`);
-	process.stderr.write(`Bootstrapping token for "${agentToBootstrap}"...\n`);
-	let token;
-	try {
-		token = (await bootstrapToken$1(serverUrl, agentToBootstrap, { saveTo: "agent" })).token;
-	} catch (err) {
-		const msg = err instanceof Error ? err.message : String(err);
-		if (msg.includes("already has") || msg.includes("409")) throw new Error(`Agent "${agentToBootstrap}" already has an active token.\nAsk an admin to revoke the existing token in the Web UI, then re-run:
-  first-tree-hub onboard --continue`);
-		throw err;
-	}
-	process.stderr.write(`Token saved to ~/.first-tree-hub/agents/${agentToBootstrap}/agent.yaml\n`);
-	if (mergedArgs.feishuBotAppId && mergedArgs.feishuBotAppSecret) {
+	const agentToBootstrap = args.assistant ?? args.id;
+	process.stderr.write(`Token saved to ${DEFAULT_HOME_DIR$1}/config/agents/${agentToBootstrap}/agent.yaml\n`);
+	if (args.feishuBotAppId && args.feishuBotAppSecret) {
 		const { bindFeishuBot } = await import("./feishu-Y4m2zFc3.mjs").then((n) => n.r);
 		process.stderr.write("Binding Feishu bot...\n");
-		await bindFeishuBot(serverUrl, token, mergedArgs.feishuBotAppId, mergedArgs.feishuBotAppSecret);
+		await bindFeishuBot(serverUrl, token, args.feishuBotAppId, args.feishuBotAppSecret);
 		process.stderr.write("Feishu bot bound.\n");
 	}
+	setConfigValue(join(DEFAULT_CONFIG_DIR, "client.yaml"), "server.url", serverUrl);
 	try {
 		const { unlinkSync } = await import("node:fs");
 		unlinkSync(STATE_FILE);
 	} catch {}
+	const typeLabel = args.type === "human" ? "Human" : args.type === "autonomous_agent" ? "Agent" : "Assistant";
 	process.stderr.write("\n✅ Onboard complete!\n\n");
-	process.stderr.write(`  Human:     ${mergedArgs.id}\n`);
-	if (mergedArgs.assistant) process.stderr.write(`  Assistant: ${mergedArgs.assistant}\n`);
-	process.stderr.write(`  Token:     ~/.first-tree-hub/config/agents/${agentToBootstrap}/agent.yaml\n`);
-	if (mergedArgs.feishuBotAppId) process.stderr.write(`  Feishu:    bot bound (${mergedArgs.feishuBotAppId})\n`);
-	setConfigValue(join(DEFAULT_CONFIG_DIR, "client.yaml"), "server.url", serverUrl);
-	if (mergedArgs.type === "human") {
+	process.stderr.write(`  ${typeLabel}:${" ".repeat(Math.max(1, 10 - typeLabel.length))}${args.id}\n`);
+	if (args.assistant) process.stderr.write(`  Assistant: ${args.assistant}\n`);
+	process.stderr.write(`  Token:     ${DEFAULT_HOME_DIR$1}/config/agents/${agentToBootstrap}/agent.yaml\n`);
+	if (args.feishuBotAppId) process.stderr.write(`  Feishu:    bot bound (${args.feishuBotAppId})\n`);
+	if (args.type === "human") {
 		process.stderr.write("\n  Next step — bind your Feishu account:\n");
-		process.stderr.write(`    Send this message to the bot in Feishu:  /bind ${mergedArgs.id}\n`);
-		if (!mergedArgs.feishuBotAppId) process.stderr.write("    (requires a Feishu bot to be configured in the system)\n");
+		process.stderr.write(`    Send this message to the bot in Feishu:  /bind ${args.id}\n`);
+		if (!args.feishuBotAppId) process.stderr.write("    (requires a Feishu bot to be configured in the system)\n");
 	}
 	process.stderr.write("\n  Start the agent:\n");
 	process.stderr.write("    first-tree-hub client start\n");
 	process.stderr.write("\n");
 }
-function createMemberNodeMd(repoPath, data) {
-	const memberDir = join(repoPath, data.parentPath ?? "members", data.id);
-	mkdirSync(memberDir, { recursive: true });
-	const domainsList = data.domains.map((d) => `  - "${d}"`).join("\n");
-	const githubLine = data.github ? `\ngithub: ${data.github}` : "";
-	const delegateLine = data.delegateMention ? `\ndelegate_mention: ${data.delegateMention}` : "";
-	const content = `---
-title: "${data.displayName}"
-owners: [${data.owner}]
-type: ${data.type}
-role: "${data.role}"
-domains:
-${domainsList}${githubLine}${delegateLine}
----
-# ${data.displayName}
-## About
-## Current Focus
-`;
-	writeFileSync(join(memberDir, "NODE.md"), content);
-}
-function isTrackedByGit(repoPath, filePath) {
-	try {
-		execSync(`git ls-files --error-unmatch ${filePath}`, {
-			cwd: repoPath,
-			stdio: "pipe"
-		});
-		return true;
-	} catch {
-		return false;
-	}
-}
-const CONTEXT_TREE_DIR = join(homedir(), ".first-tree-hub", "context-tree");
-/**
-* Resolve Context Tree to a **local path** at ~/.first-tree-hub/context-tree/.
-*
-* Repo URL is obtained from the Hub server. The local clone is always
-* managed in the standard location — no custom paths allowed.
-*/
-async function resolveContextTreeRepo(serverUrl) {
-	const repoUrl = await fetchRepoUrlFromServer(serverUrl);
-	if (!repoUrl) return null;
-	let ghToken;
-	try {
-		ghToken = execSync("gh auth token", {
-			encoding: "utf-8",
-			stdio: "pipe"
-		}).trim();
-	} catch {
-		return null;
-	}
-	const gitEnv = {
-		...process.env,
-		GIT_ASKPASS: "echo",
-		GIT_TERMINAL_PROMPT: "0",
-		GH_TOKEN: ghToken,
-		GITHUB_TOKEN: ghToken
-	};
-	const gitConfigArgs = `-c url."https://x-access-token:${ghToken}@github.com/".insteadOf="https://github.com/"`;
-	if (existsSync(join(CONTEXT_TREE_DIR, ".git"))) {
-		try {
-			if (execSync("git remote get-url origin", {
-				cwd: CONTEXT_TREE_DIR,
-				encoding: "utf-8",
-				stdio: "pipe"
-			}).trim().includes(repoUrl.replace(/^https?:\/\/github\.com\//, "").replace(/\.git$/, ""))) {
-				process.stderr.write("Updating Context Tree...\n");
-				execSync("git checkout main 2>/dev/null || git checkout master", {
-					cwd: CONTEXT_TREE_DIR,
-					stdio: "pipe"
-				});
-				try {
-					execSync(`git ${gitConfigArgs} pull --ff-only`, {
-						cwd: CONTEXT_TREE_DIR,
-						stdio: "pipe",
-						env: gitEnv
-					});
-				} catch {}
-				return CONTEXT_TREE_DIR;
-			}
-		} catch {}
-		const safePrefix = join(homedir(), ".first-tree-hub");
-		if (!CONTEXT_TREE_DIR.startsWith(safePrefix) || CONTEXT_TREE_DIR === safePrefix) throw new Error(`Refusing to delete unsafe path: ${CONTEXT_TREE_DIR}`);
-		execSync(`rm -rf ${CONTEXT_TREE_DIR}`);
-	}
-	try {
-		process.stderr.write(`Cloning Context Tree to ${CONTEXT_TREE_DIR}...\n`);
-		mkdirSync(join(homedir(), ".first-tree-hub"), { recursive: true });
-		execSync(`git ${gitConfigArgs} clone ${repoUrl} ${CONTEXT_TREE_DIR}`, {
-			stdio: "pipe",
-			env: gitEnv
-		});
-		return CONTEXT_TREE_DIR;
-	} catch {
-		return null;
-	}
-}
-/** Query server for Context Tree repo URL. */
-async function fetchRepoUrlFromServer(serverUrl) {
-	if (!serverUrl) try {
-		serverUrl = resolveServerUrl();
-	} catch {
-		return null;
-	}
-	try {
-		const url = `${serverUrl.replace(/\/+$/, "")}/api/v1/context-tree/info`;
-		const res = await fetch(url, { signal: AbortSignal.timeout(5e3) });
-		if (!res.ok) return null;
-		return (await res.json()).repo ?? null;
-	} catch {
-		return null;
-	}
-}
-function sleep(ms) {
-	return new Promise((resolve) => setTimeout(resolve, ms));
-}
-function stripUndefined(obj) {
-	const result = {};
-	for (const [key, value] of Object.entries(obj)) if (value !== void 0) result[key] = value;
-	return result;
-}
 //#endregion
 //#region src/core/prompt.ts
 /**
@@ -2546,8 +2219,7 @@ async function promptMissingFields(options) {
 			const envStr = envHint ? `  (env: ${envHint})` : "";
 			return `  ${m.dotPath}${envStr}`;
 		});
-		throw new Error(`Missing required configuration:\n${lines.join("\n")}\n\nProvide values via environment variables, config file (~/.first-tree-hub/server.yaml),
-or run without --no-interactive to use the interactive setup wizard.`);
+		throw new Error(`Missing required configuration:\n${lines.join("\n")}\n\nProvide values via environment variables, config file (${DEFAULT_HOME_DIR$1}/server.yaml),\nor run without --no-interactive to use the interactive setup wizard.`);
 	}
 	const configPath = join(options.configDir ?? DEFAULT_CONFIG_DIR, `${options.role}.yaml`);
 	const results = {};
@@ -2627,7 +2299,11 @@ function setNestedByDot(obj, dotPath, value) {
 }
 //#endregion
 //#region ../shared/dist/index.mjs
-const adapterPlatformSchema = z.enum(["feishu", "slack"]);
+const adapterPlatformSchema = z.enum([
+	"feishu",
+	"slack",
+	"kael"
+]);
 const adapterStatusSchema = z.enum(["active", "inactive"]);
 const createAdapterConfigSchema = z.object({
 	platform: adapterPlatformSchema,
@@ -2731,30 +2407,21 @@ const AGENT_STATUSES = {
 	DELETED: "deleted"
 };
 z.enum(["active", "suspended"]);
-z.object({
+const createAgentSchema = z.object({
 	id: z.string().min(1).max(100).regex(/^[a-z0-9_-]+$/, "Only lowercase alphanumeric, hyphens, and underscores").optional(),
 	type: agentTypeSchema,
 	displayName: z.string().max(200).optional(),
+	delegateMention: z.string().max(100).optional(),
+	profile: z.string().optional(),
 	organizationId: z.string().max(100).optional(),
 	metadata: z.record(z.string(), z.unknown()).optional()
 });
-z.object({
-	syncedAt: z.string(),
-	treePath: z.string(),
-	summary: z.object({
-		created: z.number(),
-		updated: z.number(),
-		suspended: z.number(),
-		unchanged: z.number(),
-		errors: z.number()
-	}),
-	created: z.array(z.string()),
-	updated: z.array(z.string()),
-	suspended: z.array(z.string()),
-	errors: z.array(z.object({
-		memberId: z.string(),
-		error: z.string()
-	}))
+const updateAgentSchema = z.object({
+	type: agentTypeSchema.optional(),
+	displayName: z.string().max(200).nullable().optional(),
+	delegateMention: z.string().max(100).nullable().optional(),
+	profile: z.string().nullable().optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
 });
 z.object({
 	id: z.string(),
@@ -2762,7 +2429,7 @@ z.object({
 	type: agentTypeSchema,
 	displayName: z.string().nullable(),
 	delegateMention: z.string().nullable(),
-	treePath: z.string().nullable(),
+	profile: z.string().nullable(),
 	inboxId: z.string(),
 	status: z.string(),
 	metadata: z.record(z.string(), z.unknown()),
@@ -2770,15 +2437,21 @@ z.object({
 	createdAt: z.string(),
 	updatedAt: z.string()
 });
-const bootstrapTokenRequestSchema = z.object({ name: z.string().max(100).optional() });
+const bootstrapTokenRequestSchema = z.object({
+	name: z.string().max(100).optional(),
+	type: agentTypeSchema.optional(),
+	displayName: z.string().max(200).optional(),
+	delegateMention: z.string().max(100).optional(),
+	profile: z.string().optional(),
+	metadata: z.record(z.string(), z.unknown()).optional()
+});
 z.object({
 	exists: z.boolean(),
 	status: z.enum(["active", "suspended"]).nullable()
 });
 z.object({
-	repo: z.string(),
-	branch: z.string(),
-	lastSync: z.string().nullable()
+	repo: z.string().nullable(),
+	branch: z.string().nullable()
 });
 const createAgentTokenSchema = z.object({
 	name: z.string().max(100).optional(),
@@ -2900,7 +2573,7 @@ const SYSTEM_CONFIG_DEFAULTS = {
 	[SYSTEM_CONFIG_KEYS.PRESENCE_CLEANUP_SECONDS]: 60
 };
 //#endregion
-//#region ../server/dist/app-BVTDWxJE.mjs
+//#region ../server/dist/app-41WnR_ri.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -2918,7 +2591,7 @@ const agents = pgTable("agents", {
 	type: text("type").notNull(),
 	displayName: text("display_name"),
 	delegateMention: text("delegate_mention"),
-	treePath: text("tree_path"),
+	profile: text("profile"),
 	inboxId: text("inbox_id").unique().notNull(),
 	status: text("status").notNull().default("active"),
 	metadata: jsonb("metadata").$type().notNull().default({}),
@@ -3404,289 +3077,6 @@ async function adminAdapterRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-const GRAPHQL_URL = "https://api.github.com/graphql";
-const REST_API_URL = "https://api.github.com";
-/** Parse "owner/repo" or "https://github.com/owner/repo" into { owner, name }. */
-function parseRepo(input) {
-	const urlMatch = /github\.com\/([^/]+)\/([^/.]+)/.exec(input);
-	if (urlMatch) return {
-		owner: urlMatch[1] ?? "",
-		name: urlMatch[2] ?? ""
-	};
-	const parts = input.split("/");
-	return {
-		owner: parts[0] ?? "",
-		name: parts[1] ?? ""
-	};
-}
-/** Step 1: Get the tree OID of the members/ directory via GraphQL. */
-async function fetchMembersTreeOid(owner, name, branch, token) {
-	const query = `
-    query($owner: String!, $name: String!, $expr: String!) {
-      repository(owner: $owner, name: $name) {
-        object(expression: $expr) {
-          ... on Tree { oid }
-        }
-      }
-    }
-  `;
-	const res = await fetch(GRAPHQL_URL, {
-		method: "POST",
-		headers: {
-			Authorization: `Bearer ${token}`,
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify({
-			query,
-			variables: {
-				owner,
-				name,
-				expr: `${branch}:members`
-			}
-		})
-	});
-	if (!res.ok) throw new Error(`GitHub API returned ${res.status}: ${await res.text()}`);
-	const json = await res.json();
-	if (json.errors) throw new Error(`GitHub GraphQL errors: ${json.errors.map((e) => e.message).join(", ")}`);
-	return json.data?.repository?.object?.oid ?? null;
-}
-/** Step 2: Recursively list all entries under the members/ tree via REST API. */
-async function fetchRecursiveTree(owner, name, treeSha, token) {
-	const url = `${REST_API_URL}/repos/${owner}/${name}/git/trees/${treeSha}?recursive=1`;
-	const res = await fetch(url, { headers: {
-		Authorization: `Bearer ${token}`,
-		Accept: "application/vnd.github+json"
-	} });
-	if (!res.ok) throw new Error(`GitHub REST API returned ${res.status}: ${await res.text()}`);
-	const json = await res.json();
-	if (json.truncated) throw new Error("[context-tree-sync] GitHub REST tree API returned truncated response — members/ subtree is too large. Sync aborted to prevent incorrect agent suspension from partial data.");
-	return json.tree;
-}
-/**
-* Step 3: Batch-fetch NODE.md content for all member directories via GraphQL aliases.
-* Each alias fetches one NODE.md file by expression.
-*/
-async function batchFetchNodeMd(owner, name, branch, memberPaths, token) {
-	if (memberPaths.length === 0) return /* @__PURE__ */ new Map();
-	const query = `
-    query($owner: String!, $name: String!) {
-      repository(owner: $owner, name: $name) {
-        ${memberPaths.map((p, i) => {
-		const expr = `${branch}:members/${p}/NODE.md`;
-		return `m${i}: object(expression: ${JSON.stringify(expr)}) { ... on Blob { text } }`;
-	}).join("\n        ")}
-      }
-    }
-  `;
-	const res = await fetch(GRAPHQL_URL, {
-		method: "POST",
-		headers: {
-			Authorization: `Bearer ${token}`,
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify({
-			query,
-			variables: {
-				owner,
-				name
-			}
-		})
-	});
-	if (!res.ok) throw new Error(`GitHub API returned ${res.status}: ${await res.text()}`);
-	const json = await res.json();
-	if (json.errors) throw new Error(`GitHub GraphQL errors: ${json.errors.map((e) => e.message).join(", ")}`);
-	const repo = json.data?.repository ?? {};
-	const result = /* @__PURE__ */ new Map();
-	for (let i = 0; i < memberPaths.length; i++) {
-		const blob = repo[`m${i}`];
-		const path = memberPaths[i];
-		if (blob?.text && path) result.set(path, blob.text);
-	}
-	return result;
-}
-/**
-* Extract member directory paths from a recursive tree listing.
-* A directory is a member if it contains a NODE.md blob.
-*/
-function extractMemberDirs(treeEntries) {
-	const nodeMdPaths = /* @__PURE__ */ new Set();
-	for (const entry of treeEntries) if (entry.type === "blob" && entry.path.endsWith("/NODE.md")) nodeMdPaths.add(entry.path);
-	const memberDirs = [];
-	for (const entry of treeEntries) {
-		if (entry.type !== "tree") continue;
-		if (nodeMdPaths.has(`${entry.path}/NODE.md`)) memberDirs.push(entry.path);
-	}
-	return memberDirs.sort();
-}
-/**
-* Fetch all members from a Context Tree repo via GitHub API.
-* Uses 3 API calls:
-*   1. GraphQL: get members/ tree OID
-*   2. REST: recursive tree listing (scoped to members/ only)
-*   3. GraphQL: batch-fetch all NODE.md contents via aliases
-*/
-async function fetchMembers(repo, branch, token) {
-	const { owner, name } = parseRepo(repo);
-	if (!owner || !name) throw new Error(`Invalid repo format: "${repo}" — expected "owner/repo" or a GitHub URL`);
-	const treeOid = await fetchMembersTreeOid(owner, name, branch, token);
-	if (!treeOid) {
-		console.warn("[context-tree-sync] members/ directory not found in repo");
-		return [];
-	}
-	const memberDirs = extractMemberDirs(await fetchRecursiveTree(owner, name, treeOid, token));
-	if (memberDirs.length === 0) {
-		console.warn("[context-tree-sync] No member directories with NODE.md found");
-		return [];
-	}
-	const nameMap = /* @__PURE__ */ new Map();
-	for (const dir of memberDirs) {
-		const dirName = dir.split("/").pop() ?? dir;
-		const existing = nameMap.get(dirName);
-		if (existing) throw new Error(`[context-tree-sync] Duplicate member directory name '${dirName}' found at 'members/${existing}' and 'members/${dir}' — directory names must be unique across all levels under members/. Fix this in the Context Tree repo.`);
-		nameMap.set(dirName, dir);
-	}
-	const nodeContents = await batchFetchNodeMd(owner, name, branch, memberDirs, token);
-	return memberDirs.map((dir) => ({
-		name: dir.split("/").pop() ?? dir,
-		treePath: dir,
-		nodeContent: nodeContents.get(dir) ?? null
-	}));
-}
-/** Parse NODE.md frontmatter for agent metadata. */
-function parseNodeMetadata(content) {
-	const match = /^---\n([\s\S]*?)\n---/.exec(content);
-	if (!match) return {
-		type: "autonomous_agent",
-		displayName: null,
-		delegateMention: null,
-		owners: [],
-		github: null
-	};
-	const frontmatter = match[1] ?? "";
-	const getValue = (key) => {
-		const lineMatch = new RegExp(`^${key}:\\s*(.+)$`, "m").exec(frontmatter);
-		return lineMatch ? lineMatch[1]?.trim().replace(/^["']|["']$/g, "") ?? null : null;
-	};
-	const ownersRaw = getValue("owners");
-	let owners = [];
-	if (ownersRaw) {
-		const listMatch = /^\[([^\]]*)\]$/.exec(ownersRaw);
-		if (listMatch?.[1]) owners = listMatch[1].split(",").map((s) => s.trim().replace(/^["']|["']$/g, "")).filter(Boolean);
-	}
-	return {
-		type: getValue("type") ?? "autonomous_agent",
-		displayName: getValue("display_name") ?? getValue("title") ?? getValue("name"),
-		delegateMention: getValue("delegate_mention"),
-		owners,
-		github: getValue("github")
-	};
-}
-/** Stored for the /status endpoint */
-let _lastSyncResult;
-function getLastGraphQLSyncResult() {
-	return _lastSyncResult;
-}
-/**
-* Sync agents from a GitHub Context Tree repo via GraphQL.
-*
-* Lifecycle semantics:
-* - Member in tree, not in DB → create (active)
-* - Member in tree, in DB as active, fields changed → update
-* - Member in tree, in DB as active, fields unchanged → unchanged
-* - Member in tree, in DB as suspended → reactivate (set active)
-* - Agent in DB as active, NOT in tree → suspend
-*/
-async function syncFromGitHub(db, repo, branch, githubToken) {
-	const members = await fetchMembers(repo, branch, githubToken);
-	const memberNames = new Set(members.map((m) => m.name));
-	const result = {
-		created: 0,
-		updated: 0,
-		suspended: 0,
-		reactivated: 0,
-		unchanged: 0,
-		errors: 0,
-		syncedAt: (/* @__PURE__ */ new Date()).toISOString()
-	};
-	for (const member of members) try {
-		const meta = member.nodeContent ? parseNodeMetadata(member.nodeContent) : {
-			type: "autonomous_agent",
-			displayName: null,
-			delegateMention: null,
-			owners: [],
-			github: null
-		};
-		const metadataJson = JSON.stringify({
-			owners: meta.owners,
-			github: meta.github
-		});
-		const existing = await db.execute(sql`SELECT id, status, type, display_name, delegate_mention, tree_path, metadata FROM agents WHERE id = ${member.name}`);
-		if (existing.length === 0) {
-			await db.execute(sql`
-          INSERT INTO agents (id, type, display_name, delegate_mention, tree_path, status, inbox_id, metadata)
-          VALUES (${member.name}, ${meta.type}, ${meta.displayName}, ${meta.delegateMention}, ${member.treePath}, 'active', ${`inbox_${member.name}`}, ${metadataJson}::jsonb)
-        `);
-			result.created++;
-		} else {
-			const agent = existing[0];
-			const existingMeta = agent.metadata ?? {};
-			const mergedMeta = JSON.stringify({
-				...existingMeta,
-				owners: meta.owners,
-				github: meta.github
-			});
-			if (agent.status === "suspended" || agent.status === "deleted") {
-				await db.execute(sql`
-            UPDATE agents SET status = 'active', type = ${meta.type}, display_name = ${meta.displayName}, delegate_mention = ${meta.delegateMention}, tree_path = ${member.treePath}, metadata = ${mergedMeta}::jsonb
-            WHERE id = ${member.name}
-          `);
-				result.reactivated++;
-			} else if (agent.type !== meta.type || agent.display_name !== meta.displayName || agent.delegate_mention !== meta.delegateMention || agent.tree_path !== member.treePath || JSON.stringify(existingMeta.owners) !== JSON.stringify(meta.owners) || (existingMeta.github ?? null) !== (meta.github ?? null)) {
-				await db.execute(sql`
-            UPDATE agents SET type = ${meta.type}, display_name = ${meta.displayName}, delegate_mention = ${meta.delegateMention}, tree_path = ${member.treePath}, metadata = ${mergedMeta}::jsonb
-            WHERE id = ${member.name}
-          `);
-				result.updated++;
-			} else result.unchanged++;
-		}
-	} catch (err) {
-		console.error(`[context-tree-sync] Failed to sync member "${member.name}" (path: members/${member.treePath}):`, err);
-		result.errors++;
-	}
-	try {
-		const activeAgents = await db.execute(sql`SELECT id FROM agents WHERE status = 'active' AND (metadata->>'managed')::boolean IS NOT TRUE`);
-		for (const row of activeAgents) {
-			const agent = row;
-			if (!memberNames.has(agent.id)) {
-				await db.execute(sql`UPDATE agents SET status = 'suspended' WHERE id = ${agent.id}`);
-				result.suspended++;
-			}
-		}
-	} catch (err) {
-		console.error("[context-tree-sync] Failed to suspend removed agents:", err);
-		result.errors++;
-	}
-	_lastSyncResult = result;
-	return result;
-}
-async function adminAgentSyncRoutes(app) {
-	app.post("/", async (_request, reply) => {
-		const { repo, branch } = app.config.contextTree;
-		const { token } = app.config.github;
-		try {
-			const result = await syncFromGitHub(app.db, repo, branch, token);
-			return reply.send({ summary: result });
-		} catch (error) {
-			const msg = error instanceof Error ? error.message : String(error);
-			app.log.error(error, "Context Tree sync failed");
-			return reply.status(502).send({ error: msg });
-		}
-	});
-	app.get("/status", async (_request, reply) => {
-		const lastSync = getLastGraphQLSyncResult();
-		return reply.send({ lastSync: lastSync ?? null });
-	});
-}
 /** Agent online status. Tracked via WebSocket connections; stale entries are cleaned up using server_instances heartbeat. */
 const agentPresence = pgTable("agent_presence", {
 	agentId: text("agent_id").primaryKey().references(() => agents.id, { onDelete: "cascade" }),
@@ -3722,6 +3112,8 @@ async function createAgent(db, data) {
 			organizationId: data.organizationId ?? "default",
 			type: data.type,
 			displayName: data.displayName ?? null,
+			delegateMention: data.delegateMention ?? null,
+			profile: data.profile ?? null,
 			status: "active",
 			metadata: data.metadata ?? {},
 			updatedAt: /* @__PURE__ */ new Date()
@@ -3734,6 +3126,8 @@ async function createAgent(db, data) {
 		organizationId: data.organizationId ?? "default",
 		type: data.type,
 		displayName: data.displayName ?? null,
+		delegateMention: data.delegateMention ?? null,
+		profile: data.profile ?? null,
 		inboxId,
 		metadata: data.metadata ?? {}
 	}).returning();
@@ -3745,16 +3139,18 @@ async function getAgent(db, id) {
 	if (!agent) throw new NotFoundError(`Agent "${id}" not found`);
 	return agent;
 }
-async function listAgents(db, limit, cursor) {
-	const notDeleted = ne(agents.status, AGENT_STATUSES.DELETED);
-	const where = cursor ? and(notDeleted, lt(agents.createdAt, new Date(cursor))) : notDeleted;
+async function listAgents(db, limit, cursor, type) {
+	const conditions = [ne(agents.status, AGENT_STATUSES.DELETED)];
+	if (cursor) conditions.push(lt(agents.createdAt, new Date(cursor)));
+	if (type) conditions.push(eq(agents.type, type));
+	const where = and(...conditions);
 	const rows = await db.select({
 		id: agents.id,
 		organizationId: agents.organizationId,
 		type: agents.type,
 		displayName: agents.displayName,
 		delegateMention: agents.delegateMention,
-		treePath: agents.treePath,
+		profile: agents.profile,
 		inboxId: agents.inboxId,
 		status: agents.status,
 		metadata: agents.metadata,
@@ -3770,8 +3166,50 @@ async function listAgents(db, limit, cursor) {
 		nextCursor: hasMore && last ? last.createdAt.toISOString() : null
 	};
 }
+async function updateAgent(db, id, data) {
+	const agent = await getAgent(db, id);
+	const updates = { updatedAt: /* @__PURE__ */ new Date() };
+	if (data.type !== void 0) updates.type = data.type;
+	if (data.displayName !== void 0) updates.displayName = data.displayName;
+	if (data.delegateMention !== void 0) updates.delegateMention = data.delegateMention;
+	if (data.profile !== void 0) updates.profile = data.profile;
+	if (data.metadata !== void 0) updates.metadata = data.metadata;
+	const [updated] = await db.update(agents).set(updates).where(eq(agents.id, agent.id)).returning();
+	if (!updated) throw new Error("Unexpected: UPDATE RETURNING produced no row");
+	return updated;
+}
 /**
-* Delete an agent. Only allowed when status is "suspended" (removed from tree).
+* Reactivate a suspended agent.
+*/
+async function reactivateAgent(db, id) {
+	const [existing] = await db.select({
+		id: agents.id,
+		status: agents.status
+	}).from(agents).where(eq(agents.id, id)).limit(1);
+	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${id}" not found`);
+	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be reactivated.");
+	const [agent] = await db.update(agents).set({
+		status: AGENT_STATUSES.ACTIVE,
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(eq(agents.id, id)).returning();
+	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
+	return agent;
+}
+/**
+* Suspend an agent. Revokes all active tokens so the agent can no longer authenticate.
+*/
+async function suspendAgent(db, id) {
+	const [agent] = await db.update(agents).set({
+		status: AGENT_STATUSES.SUSPENDED,
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(and(eq(agents.id, id), ne(agents.status, AGENT_STATUSES.DELETED))).returning();
+	if (!agent) throw new NotFoundError(`Agent "${id}" not found`);
+	await db.update(agentTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(agentTokens.agentId, id), isNull(agentTokens.revokedAt)));
+	return agent;
+}
+/**
+* Delete an agent. Only allowed when status is "suspended".
+* Suspend the agent first to revoke tokens, then delete.
 */
 async function deleteAgent(db, id) {
 	const [existing] = await db.select({
@@ -3779,7 +3217,7 @@ async function deleteAgent(db, id) {
 		status: agents.status
 	}).from(agents).where(eq(agents.id, id)).limit(1);
 	if (!existing || existing.status === AGENT_STATUSES.DELETED) throw new NotFoundError(`Agent "${id}" not found`);
-	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be deleted. Active agents are managed by Context Tree.");
+	if (existing.status !== AGENT_STATUSES.SUSPENDED) throw new BadRequestError("Only suspended agents can be deleted. Suspend the agent first.");
 	const [agent] = await db.update(agents).set({
 		status: AGENT_STATUSES.DELETED,
 		updatedAt: /* @__PURE__ */ new Date()
@@ -3790,16 +3228,41 @@ async function deleteAgent(db, id) {
 	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
 	return agent;
 }
-/**
-* Bootstrap a token for an agent using GitHub identity.
-* Only works when the agent has no active (non-revoked, non-expired) tokens.
-*/
-async function bootstrapToken(db, agentId, githubUsername, tokenName) {
-	const agent = await getAgent(db, agentId);
+async function bootstrapToken(db, agentId, githubUsername, options) {
+	let agent;
+	try {
+		agent = await getAgent(db, agentId);
+	} catch (err) {
+		if (err instanceof NotFoundError) {
+			const metadata = {
+				...options?.metadata,
+				owners: [githubUsername]
+			};
+			agent = await createAgent(db, {
+				id: agentId,
+				type: options?.type ?? "autonomous_agent",
+				displayName: options?.displayName ?? agentId,
+				delegateMention: options?.delegateMention,
+				profile: options?.profile,
+				metadata
+			});
+		} else throw err;
+	}
 	if (!(Array.isArray(agent.metadata?.owners) ? agent.metadata.owners : []).includes(githubUsername)) throw new ForbiddenError(`GitHub user "${githubUsername}" is not in the owners list for agent "${agentId}"`);
 	const activeTokens = await db.select({ id: agentTokens.id }).from(agentTokens).where(and(eq(agentTokens.agentId, agentId), isNull(agentTokens.revokedAt)));
 	if (activeTokens.length > 0) throw new ConflictError(`Agent "${agentId}" already has ${activeTokens.length} active token(s). Revoke all tokens first to re-bootstrap.`);
-	return createToken(db, agentId, { name: tokenName ?? "bootstrap" });
+	return createToken(db, agentId, { name: options?.tokenName ?? "bootstrap" });
+}
+/**
+* Check if a GitHub user belongs to a specific organization.
+*/
+async function checkGitHubOrgMembership(githubToken, org) {
+	const res = await fetch(`https://api.github.com/user/orgs`, { headers: {
+		Authorization: `Bearer ${githubToken}`,
+		Accept: "application/vnd.github+json"
+	} });
+	if (!res.ok) return false;
+	return (await res.json()).some((o) => o.login.toLowerCase() === org.toLowerCase());
 }
 async function createToken(db, agentId, data) {
 	await getAgent(db, agentId);
@@ -4236,9 +3699,11 @@ function serializeDate$1(d) {
 	return d ? d.toISOString() : null;
 }
 async function adminAgentRoutes(app) {
+	const listAgentsFilterSchema = z.object({ type: agentTypeSchema.optional() });
 	app.get("/", async (request) => {
 		const query = paginationQuerySchema.parse(request.query);
-		const result = await listAgents(app.db, query.limit, query.cursor);
+		const { type } = listAgentsFilterSchema.parse(request.query);
+		const result = await listAgents(app.db, query.limit, query.cursor, type);
 		return {
 			items: result.items.map((a) => ({
 				...a,
@@ -4249,6 +3714,24 @@ async function adminAgentRoutes(app) {
 			nextCursor: result.nextCursor
 		};
 	});
+	app.post("/", async (request, reply) => {
+		const body = createAgentSchema.parse(request.body);
+		const agent = await createAgent(app.db, body);
+		return reply.status(201).send({
+			...agent,
+			createdAt: agent.createdAt.toISOString(),
+			updatedAt: agent.updatedAt.toISOString()
+		});
+	});
+	app.patch("/:agentId", async (request) => {
+		const body = updateAgentSchema.parse(request.body);
+		const agent = await updateAgent(app.db, request.params.agentId, body);
+		return {
+			...agent,
+			createdAt: agent.createdAt.toISOString(),
+			updatedAt: agent.updatedAt.toISOString()
+		};
+	});
 	app.get("/:agentId", async (request) => {
 		const agent = await getAgent(app.db, request.params.agentId);
 		return {
@@ -4288,6 +3771,22 @@ async function adminAgentRoutes(app) {
 		await setOffline(app.db, agentId);
 		return reply.status(200).send({ disconnected: wasConnected });
 	});
+	app.post("/:agentId/suspend", async (request) => {
+		const agent = await suspendAgent(app.db, request.params.agentId);
+		return {
+			...agent,
+			createdAt: agent.createdAt.toISOString(),
+			updatedAt: agent.updatedAt.toISOString()
+		};
+	});
+	app.post("/:agentId/reactivate", async (request) => {
+		const agent = await reactivateAgent(app.db, request.params.agentId);
+		return {
+			...agent,
+			createdAt: agent.createdAt.toISOString(),
+			updatedAt: agent.updatedAt.toISOString()
+		};
+	});
 	app.delete("/:agentId", async (request, reply) => {
 		await deleteAgent(app.db, request.params.agentId);
 		return reply.status(204).send();
@@ -4683,16 +4182,6 @@ async function agentChatRoutes(app) {
 		return reply.status(204).send();
 	});
 }
-async function agentContextTreeRoutes(app) {
-	app.get("/", async (_request, reply) => {
-		const { repo, branch } = app.config.contextTree;
-		if (!repo) return reply.status(404).send({ error: "Context Tree not configured" });
-		return reply.send({
-			repo,
-			branch
-		});
-	});
-}
 async function agentFeishuBotRoutes(app) {
 	/**
 	* PUT /agent/me/feishu-bot
@@ -4832,7 +4321,7 @@ async function pollInbox(db, inboxId, limit) {
 		});
 	});
 }
-async function ackEntry$1(db, entryId, inboxId) {
+async function ackEntry$2(db, entryId, inboxId) {
 	const [entry] = await db.update(inboxEntries).set({
 		status: "acked",
 		ackedAt: /* @__PURE__ */ new Date()
@@ -4874,7 +4363,7 @@ async function agentInboxRoutes(app) {
 	app.post("/:entryId/ack", async (request, reply) => {
 		const identity = requireAgent(request);
 		const entryId = Number(request.params.entryId);
-		await ackEntry$1(app.db, entryId, identity.inboxId);
+		await ackEntry$2(app.db, entryId, identity.inboxId);
 		return reply.status(204).send();
 	});
 	app.post("/:entryId/renew", async (request, reply) => {
@@ -4976,18 +4465,37 @@ function agentWsRoutes(notifier, instanceId) {
 		});
 	};
 }
+async function bootstrapConfigRoutes(app) {
+	/** Public endpoint — returns bootstrap prerequisites for CLI auto-discovery. */
+	app.get("/config", async () => {
+		return { allowedOrg: app.config.github.allowedOrg ?? null };
+	});
+}
 async function bootstrapRoutes(app) {
 	/**
 	* POST /bootstrap/:agentId/token
 	* GitHub identity → Agent token.
+	* Auto-creates the agent if it does not exist.
 	* Only works when the agent has no active tokens.
 	*/
 	app.post("/:agentId/token", async (request, reply) => {
 		const { agentId } = request.params;
 		const githubUser = request.githubUser;
 		if (!githubUser) throw new ForbiddenError("GitHub authentication required");
+		const allowedOrg = app.config.github.allowedOrg;
+		if (!allowedOrg) throw new ForbiddenError("FIRST_TREE_HUB_GITHUB_ALLOWED_ORG is not configured. Agent registration is disabled.");
+		const githubToken = request.headers["x-github-token"];
+		if (!githubToken || typeof githubToken !== "string") throw new ForbiddenError("Missing GitHub token for org membership check");
+		if (!await checkGitHubOrgMembership(githubToken, allowedOrg)) throw new ForbiddenError(`GitHub user "${githubUser.username}" is not a member of organization "${allowedOrg}"`);
 		const body = bootstrapTokenRequestSchema.parse(request.body ?? {});
-		const result = await bootstrapToken(app.db, agentId, githubUser.username, body.name);
+		const result = await bootstrapToken(app.db, agentId, githubUser.username, {
+			tokenName: body.name,
+			type: body.type,
+			displayName: body.displayName,
+			delegateMention: body.delegateMention,
+			profile: body.profile,
+			metadata: body.metadata
+		});
 		return reply.status(201).send({
 			id: result.id,
 			agentId: result.agentId,
@@ -4999,7 +4507,7 @@ async function bootstrapRoutes(app) {
 	});
 	/**
 	* GET /bootstrap/:agentId/status
-	* Check if an agent exists and its status (for polling after PR merge + sync).
+	* Check if an agent exists and its status (for polling).
 	*/
 	app.get("/:agentId/status", async (request) => {
 		const { agentId } = request.params;
@@ -5024,11 +4532,9 @@ async function bootstrapRoutes(app) {
 async function contextTreeInfoRoutes(app) {
 	/** Public endpoint — returns Context Tree repo metadata for CLI auto-discovery. */
 	app.get("/info", async () => {
-		const { repo, branch } = app.config.contextTree;
 		return {
-			repo,
-			branch,
-			lastSync: null
+			repo: app.config.contextTree?.repo ?? null,
+			branch: app.config.contextTree?.branch ?? null
 		};
 	});
 }
@@ -5647,7 +5153,7 @@ async function withoutProxy(fn) {
 		for (const [key, val] of Object.entries(saved)) process.env[key] = val;
 	}
 }
-const OUTBOUND_BATCH_SIZE = 10;
+const OUTBOUND_BATCH_SIZE$1 = 10;
 /** Wrap an SDK API call with proxy bypass if needed. */
 function botApiCall(bot, fn) {
 	return bot.bypassProxy ? withoutProxy(fn) : fn();
@@ -5822,6 +5328,8 @@ function parseEventData(appId, data) {
 	const sender = data.sender;
 	const message = data.message;
 	if (!sender?.sender_id?.open_id || !message) return null;
+	if (!sender.sender_id.union_id) process.stderr.write(`[warn] Feishu event missing union_id for sender ${sender.sender_id.open_id}, falling back to open_id\n`);
+	const resolvedSenderId = sender.sender_id.union_id ?? sender.sender_id.open_id;
 	const eventId = data.event_id ?? `ws_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
 	let parsedContent;
 	try {
@@ -5838,7 +5346,8 @@ function parseEventData(appId, data) {
 		eventId,
 		platform: "feishu",
 		appId,
-		senderId: sender.sender_id.open_id,
+		senderId: resolvedSenderId,
+		senderOpenId: sender.sender_id.open_id,
 		senderType: sender.sender_type ?? "user",
 		externalChannelId: message.chat_id ?? "",
 		chatType: message.chat_type ?? "group",
@@ -6011,7 +5520,7 @@ async function processFeishuOutbound(db, findBotByAgentId, log) {
       JOIN adapter_agent_mappings aam ON a.id = aam.agent_id
       WHERE aam.platform = 'feishu' AND ie.status = 'pending'
       ORDER BY ie.created_at
-      LIMIT ${OUTBOUND_BATCH_SIZE}
+      LIMIT ${OUTBOUND_BATCH_SIZE$1}
       FOR UPDATE SKIP LOCKED
     )
     RETURNING id, inbox_id, message_id, chat_id
@@ -6020,21 +5529,21 @@ async function processFeishuOutbound(db, findBotByAgentId, log) {
 	for (const entry of claimed) try {
 		const [msg] = await db.select().from(messages).where(eq(messages.id, entry.message_id)).limit(1);
 		if (!msg) {
-			await ackEntry(db, entry.id);
+			await ackEntry$1(db, entry.id);
 			continue;
 		}
 		if (msg.metadata?.source === "feishu") {
-			await ackEntry(db, entry.id);
+			await ackEntry$1(db, entry.id);
 			continue;
 		}
 		const channelMapping = await findExternalChannelByChat(db, "feishu", entry.chat_id ?? msg.chatId);
 		if (!channelMapping) {
-			await ackEntry(db, entry.id);
+			await ackEntry$1(db, entry.id);
 			continue;
 		}
 		const dedupKey = `${msg.id}:${channelMapping.externalChannelId}`;
 		if (sentMessages.has(dedupKey)) {
-			await ackEntry(db, entry.id);
+			await ackEntry$1(db, entry.id);
 			continue;
 		}
 		const bot = findBotByAgentId(msg.senderId);
@@ -6043,7 +5552,7 @@ async function processFeishuOutbound(db, findBotByAgentId, log) {
 				messageId: msg.id,
 				senderId: msg.senderId
 			}, "Outbound skip: sender has no feishu bot binding");
-			await ackEntry(db, entry.id);
+			await ackEntry$1(db, entry.id);
 			continue;
 		}
 		const { msgType, content } = formatForFeishu(msg.format, msg.content);
@@ -6063,7 +5572,7 @@ async function processFeishuOutbound(db, findBotByAgentId, log) {
 			externalMessageId: externalMsgId,
 			externalChannelId: channelMapping.externalChannelId
 		});
-		await ackEntry(db, entry.id);
+		await ackEntry$1(db, entry.id);
 		bot.lastActiveAt = /* @__PURE__ */ new Date();
 		sent++;
 	} catch (err) {
@@ -6078,7 +5587,7 @@ async function processFeishuOutbound(db, findBotByAgentId, log) {
 		errors: errorCount
 	};
 }
-async function ackEntry(db, entryId) {
+async function ackEntry$1(db, entryId) {
 	await db.update(inboxEntries).set({
 		status: "acked",
 		ackedAt: /* @__PURE__ */ new Date()
@@ -6116,10 +5625,11 @@ function formatForFeishu(format, content) {
 		content: JSON.stringify({ text })
 	};
 }
-function createBackgroundTasks(app, instanceId, adapterManager) {
+function createBackgroundTasks(app, instanceId, adapterManager, kaelRuntime) {
 	let inboxTimer = null;
 	let heartbeatTimer = null;
 	let adapterOutboundTimer = null;
+	let kaelOutboundTimer = null;
 	return {
 		start() {
 			inboxTimer = setInterval(async () => {
@@ -6148,6 +5658,13 @@ function createBackgroundTasks(app, instanceId, adapterManager) {
 					app.log.error(err, "Adapter outbound processing failed");
 				}
 			}, 5e3);
+			if (kaelRuntime) kaelOutboundTimer = setInterval(async () => {
+				try {
+					await kaelRuntime.processOutbound();
+				} catch (err) {
+					app.log.error(err, "Kael outbound processing failed");
+				}
+			}, 5e3);
 			heartbeatInstance(app.db, instanceId).catch((err) => {
 				app.log.error(err, "Failed initial heartbeat");
 			});
@@ -6165,9 +5682,195 @@ function createBackgroundTasks(app, instanceId, adapterManager) {
 				clearInterval(adapterOutboundTimer);
 				adapterOutboundTimer = null;
 			}
+			if (kaelOutboundTimer) {
+				clearInterval(kaelOutboundTimer);
+				kaelOutboundTimer = null;
+			}
 		}
 	};
 }
+const OUTBOUND_BATCH_SIZE = 10;
+function createKaelRuntime(db, encryptionKey, kaelEndpoint, kaelApiKey, serverUrl, log) {
+	const agentConfigs = /* @__PURE__ */ new Map();
+	const inboxToConfig = /* @__PURE__ */ new Map();
+	let aborted = false;
+	return {
+		async reload() {
+			if (!encryptionKey) {
+				log.warn("Encryption key not set — Kael runtime disabled");
+				return;
+			}
+			if (!kaelEndpoint) {
+				log.debug("KAEL_ENDPOINT not configured — Kael runtime idle");
+				agentConfigs.clear();
+				inboxToConfig.clear();
+				return;
+			}
+			const configs = await db.select().from(adapterConfigs).where(and(eq(adapterConfigs.platform, "kael"), eq(adapterConfigs.status, "active")));
+			const configAgentIds = configs.filter((c) => c.credentials).map((c) => c.agentId);
+			const agentRows = configAgentIds.length > 0 ? await db.execute(sql`SELECT id, inbox_id FROM agents WHERE id IN (${sql.join(configAgentIds.map((id) => sql`${id}`), sql`, `)}) AND status = 'active'`) : [];
+			const agentInboxMap = new Map(agentRows.map((a) => [a.id, a.inbox_id]));
+			const seen = /* @__PURE__ */ new Set();
+			for (const config of configs) {
+				if (!config.credentials) continue;
+				let creds;
+				try {
+					creds = decryptCredentials(config.credentials, encryptionKey);
+				} catch (err) {
+					log.error({
+						configId: config.id,
+						err
+					}, "Failed to decrypt Kael adapter credentials");
+					continue;
+				}
+				seen.add(config.agentId);
+				const inboxId = agentInboxMap.get(config.agentId);
+				if (!inboxId) {
+					log.warn({
+						configId: config.id,
+						agentId: config.agentId
+					}, "Kael config agent not found or inactive");
+					continue;
+				}
+				const entry = {
+					configId: config.id,
+					agentId: config.agentId,
+					inboxId,
+					kaelUserId: creds.kaelUserId,
+					kaelProjectId: creds.kaelProjectId,
+					agentToken: creds.agentToken
+				};
+				agentConfigs.set(config.agentId, entry);
+				inboxToConfig.set(inboxId, entry);
+				log.info({
+					configId: config.id,
+					agentId: config.agentId
+				}, "Loaded Kael adapter config");
+			}
+			for (const agentId of agentConfigs.keys()) if (!seen.has(agentId)) {
+				const old = agentConfigs.get(agentId);
+				if (old) inboxToConfig.delete(old.inboxId);
+				agentConfigs.delete(agentId);
+				log.info({ agentId }, "Removed inactive Kael adapter config");
+			}
+		},
+		async processOutbound() {
+			if (agentConfigs.size === 0 || !kaelEndpoint || aborted) return {
+				sent: 0,
+				errors: 0
+			};
+			let sent = 0;
+			let errorCount = 0;
+			try {
+				const agentIds = [...agentConfigs.keys()];
+				const claimed = await db.execute(sql`
+          UPDATE inbox_entries
+          SET status = 'delivered', delivered_at = NOW()
+          WHERE id IN (
+            SELECT ie.id FROM inbox_entries ie
+            JOIN agents a ON ie.inbox_id = a.inbox_id
+            JOIN adapter_configs ac ON a.id = ac.agent_id
+            WHERE ac.platform = 'kael' AND ac.status = 'active'
+              AND ie.status = 'pending'
+              AND a.id IN (${sql.join(agentIds.map((id) => sql`${id}`), sql`, `)})
+            ORDER BY ie.created_at
+            LIMIT ${OUTBOUND_BATCH_SIZE}
+            FOR UPDATE OF ie SKIP LOCKED
+          )
+          RETURNING id, inbox_id, message_id, chat_id
+        `);
+				for (const entry of claimed) try {
+					const [msg] = await db.select().from(messages).where(eq(messages.id, entry.message_id)).limit(1);
+					if (!msg) {
+						await ackEntry(db, entry.id);
+						continue;
+					}
+					const config = inboxToConfig.get(entry.inbox_id);
+					if (!config) {
+						await ackEntry(db, entry.id);
+						continue;
+					}
+					const messageContent = typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content);
+					const payload = {
+						hub_chat_id: entry.chat_id ?? msg.chatId,
+						hub_agent_id: config.agentId,
+						hub_server_url: serverUrl,
+						hub_agent_token: config.agentToken,
+						user_id: config.kaelUserId,
+						project_id: config.kaelProjectId,
+						message: messageContent,
+						sender_id: msg.senderId,
+						format: msg.format
+					};
+					const response = await fetch(`${kaelEndpoint}/api/v1/hub/messages`, {
+						method: "POST",
+						headers: {
+							"Content-Type": "application/json",
+							...kaelApiKey ? { "X-Internal-API-Key": kaelApiKey } : {}
+						},
+						body: JSON.stringify(payload)
+					});
+					if (!response.ok) {
+						const body = await response.text().catch(() => "");
+						log.error({
+							entryId: entry.id,
+							status: response.status,
+							body
+						}, "Kael API rejected outbound message");
+						await nackEntry(db, entry.id);
+						errorCount++;
+						continue;
+					}
+					await ackEntry(db, entry.id);
+					sent++;
+				} catch (err) {
+					log.error({
+						entryId: entry.id,
+						err
+					}, "Failed to send outbound Kael message");
+					await nackEntry(db, entry.id).catch((nackErr) => {
+						log.error({
+							entryId: entry.id,
+							err: nackErr
+						}, "Failed to NACK entry");
+					});
+					errorCount++;
+				}
+			} catch (err) {
+				log.error({ err }, "Kael outbound processing error");
+				return {
+					sent: 0,
+					errors: 1
+				};
+			}
+			return {
+				sent,
+				errors: errorCount
+			};
+		},
+		shutdown() {
+			aborted = true;
+			agentConfigs.clear();
+			inboxToConfig.clear();
+		}
+	};
+}
+async function ackEntry(db, entryId) {
+	await db.update(inboxEntries).set({
+		status: "acked",
+		ackedAt: /* @__PURE__ */ new Date()
+	}).where(eq(inboxEntries.id, entryId));
+}
+const MAX_RETRY_COUNT = 3;
+async function nackEntry(db, entryId) {
+	await db.execute(sql`
+    UPDATE inbox_entries
+    SET
+      status = CASE WHEN retry_count >= ${MAX_RETRY_COUNT} THEN 'failed' ELSE 'pending' END,
+      retry_count = retry_count + 1
+    WHERE id = ${entryId}
+  `);
+}
 async function buildApp(config) {
 	const app = Fastify({ logger: config.logger ?? true });
 	const db = connectDatabase(config.database.url);
@@ -6204,6 +5907,7 @@ async function buildApp(config) {
 		await api.register(githubWebhookRoutes, { prefix: "/webhooks" });
 		await api.register(adminAuthRoutes, { prefix: "/admin/auth" });
 		await api.register(contextTreeInfoRoutes, { prefix: "/context-tree" });
+		await api.register(bootstrapConfigRoutes, { prefix: "/bootstrap" });
 		await api.register(async (bootstrapApp) => {
 			bootstrapApp.addHook("onRequest", githubAuth);
 			await bootstrapApp.register(bootstrapRoutes);
@@ -6212,10 +5916,6 @@ async function buildApp(config) {
 			adminApp.addHook("onRequest", adminAuth);
 			await adminApp.register(adminAgentRoutes);
 		}, { prefix: "/admin/agents" });
-		await api.register(async (adminApp) => {
-			adminApp.addHook("onRequest", adminAuth);
-			await adminApp.register(adminAgentSyncRoutes);
-		}, { prefix: "/admin/agents/sync" });
 		await api.register(async (adminApp) => {
 			adminApp.addHook("onRequest", adminAuth);
 			await adminApp.register(adminSystemConfigRoutes);
@@ -6251,7 +5951,6 @@ async function buildApp(config) {
 			await agentApp.register(agentMessageRoutes, { prefix: "/chats" });
 			await agentApp.register(agentSendToAgentRoutes, { prefix: "/agents" });
 			await agentApp.register(agentInboxRoutes, { prefix: "/inbox" });
-			await agentApp.register(agentContextTreeRoutes, { prefix: "/context-tree" });
 			await agentApp.register(agentFeishuBotRoutes);
 			await agentApp.register(agentFeishuUserRoutes, { prefix: "/delegated" });
 			await agentApp.register(agentWsRoutes(notifier, config.instanceId), { prefix: "/ws" });
@@ -6274,31 +5973,24 @@ async function buildApp(config) {
 	app.decorate("notifier", notifier);
 	const adapterManager = createAdapterManager(db, config.secrets.encryptionKey, app.log, notifier);
 	app.decorate("adapterManager", adapterManager);
-	const backgroundTasks = createBackgroundTasks(app, config.instanceId, adapterManager);
+	const kaelRuntime = config.kael?.endpoint ? createKaelRuntime(db, config.secrets.encryptionKey, config.kael.endpoint, config.kael.apiKey, config.kael.hubPublicUrl, app.log) : void 0;
+	const backgroundTasks = createBackgroundTasks(app, config.instanceId, adapterManager, kaelRuntime);
 	notifier.onConfigChange((configType) => {
-		if (configType === "adapter_configs") adapterManager.reload().catch((err) => app.log.error(err, "Adapter hot-reload failed (PG NOTIFY)"));
+		if (configType === "adapter_configs") {
+			adapterManager.reload().catch((err) => app.log.error(err, "Adapter hot-reload failed (PG NOTIFY)"));
+			kaelRuntime?.reload().catch((err) => app.log.error(err, "Kael hot-reload failed (PG NOTIFY)"));
+		}
 	});
 	app.addHook("onReady", async () => {
 		await notifier.start();
 		backgroundTasks.start();
 		await adapterManager.reload();
-		const { repo: ctRepo, branch: ctBranch, syncInterval } = config.contextTree;
-		const { token: ghToken } = config.github;
-		try {
-			const report = await syncFromGitHub(db, ctRepo, ctBranch, ghToken);
-			app.log.info(`Context Tree sync: created=${report.created} updated=${report.updated} unchanged=${report.unchanged} errors=${report.errors}`);
-		} catch (err) {
-			app.log.error(err, "Initial Context Tree sync failed");
-		}
-		const intervalMs = syncInterval * 1e3;
-		const timer = setInterval(() => {
-			syncFromGitHub(db, ctRepo, ctBranch, ghToken).catch((err) => app.log.error(err, "Periodic Context Tree sync failed"));
-		}, intervalMs);
-		app.addHook("onClose", async () => clearInterval(timer));
+		await kaelRuntime?.reload();
 	});
 	app.addHook("onClose", async () => {
 		backgroundTasks.stop();
 		adapterManager.shutdown();
+		kaelRuntime?.shutdown();
 		await notifier.stop();
 		await listenClient.end();
 	});
@@ -6413,4 +6105,4 @@ function resolveWebDist() {
 	} catch {}
 }
 //#endregion
-export { ClientRuntime as A, checkWebSocket as C, ensurePostgres as D, status as E, SessionRegistry as F, cleanWorkspaces as I, hasAdminUser as M, FirstTreeHubSDK as N, isDockerAvailable as O, SdkError as P, checkServerReachable as S, blank as T, checkDocker as _, formatCheckReport as a, checkServerConfig as b, onboardContinue as c, runMigrations as d, checkAgentConfigs as f, checkDatabase as g, checkContextTreeRepo as h, promptMissingFields as i, createAdminUser$1 as j, stopPostgres as k, onboardCreate as l, checkClientConfig as m, isInteractive as n, loadOnboardState as o, checkAgentTokens as p, promptAddAgent as r, onboardCheck as s, startServer as t, saveOnboardState as u, checkGitHubToken as v, printResults as w, checkServerHealth as x, checkNodeVersion as y };
+export { createAdminUser$1 as A, printResults as C, isDockerAvailable as D, ensurePostgres as E, cleanWorkspaces as F, FirstTreeHubSDK as M, SdkError as N, stopPostgres as O, SessionRegistry as P, checkWebSocket as S, status as T, checkGitHubToken as _, formatCheckReport as a, checkServerHealth as b, onboardCreate as c, checkAgentConfigs as d, checkAgentTokens as f, checkDocker as g, checkDatabase as h, promptMissingFields as i, hasAdminUser as j, ClientRuntime as k, saveOnboardState as l, checkContextTreeRepo as m, isInteractive as n, loadOnboardState as o, checkClientConfig as p, promptAddAgent as r, onboardCheck as s, startServer as t, runMigrations as u, checkNodeVersion as v, blank as w, checkServerReachable as x, checkServerConfig as y };