@agent-team-foundation/first-tree-hub 0.9.0 → 0.9.1

package/dist/cli/index.mjs

@@ -2,7 +2,7 @@
 import "../logger-core-2yeIU1fc-B-__AsQO.mjs";
 import { C as serverConfigSchema, _ as loadAgents, b as resetConfig, c as saveCredentials, f as agentConfigSchema, g as initConfig, h as getConfigValue, i as loadCredentials, l as DEFAULT_CONFIG_DIR, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, r as ensureFreshAdminToken, s as saveAgentConfig, u as DEFAULT_DATA_DIR, w as setConfigValue, x as resetConfigMeta, y as readConfigFile } from "../bootstrap-CWcBzk6C.mjs";
 import "../observability-CJzDFY_G-CmvgUuzc.mjs";
-import { A as printResults, B as SdkError, C as checkDatabase, D as checkServerHealth, E as checkServerConfig, F as stopPostgres, H as cleanWorkspaces, I as ClientRuntime, L as createOwner, O as checkServerReachable, S as checkClientConfig, T as checkNodeVersion, U as applyClientLoggerConfig, V as SessionRegistry, _ as isServiceSupported, a as COMMAND_VERSION, b as runMigrations, c as promptMissingFields, d as onboardCheck, f as onboardCreate, g as installClientService, h as getClientServiceStatus, i as startServer, k as checkWebSocket, l as formatCheckReport, m as runHomeMigration, n as declineUpdate, o as isInteractive, p as saveOnboardState, r as promptUpdate, s as promptAddAgent, t as createExecuteUpdate, u as loadOnboardState, w as checkDocker, x as checkAgentConfigs, y as uninstallClientService, z as FirstTreeHubSDK } from "../core-DZDhomaN.mjs";
+import { A as printResults, B as SdkError, C as checkDatabase, D as checkServerHealth, E as checkServerConfig, F as stopPostgres, H as cleanWorkspaces, I as ClientRuntime, L as createOwner, O as checkServerReachable, S as checkClientConfig, T as checkNodeVersion, U as applyClientLoggerConfig, V as SessionRegistry, _ as isServiceSupported, a as COMMAND_VERSION, b as runMigrations, c as promptMissingFields, d as onboardCheck, f as onboardCreate, g as installClientService, h as getClientServiceStatus, i as startServer, k as checkWebSocket, l as formatCheckReport, m as runHomeMigration, n as declineUpdate, o as isInteractive, p as saveOnboardState, r as promptUpdate, s as promptAddAgent, t as createExecuteUpdate, u as loadOnboardState, w as checkDocker, x as checkAgentConfigs, y as uninstallClientService, z as FirstTreeHubSDK } from "../core-DzuW7b5v.mjs";
 import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-GlaczcVf.mjs";
 import { Command } from "commander";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync } from "node:fs";

package/dist/{core-DZDhomaN.mjs → core-DzuW7b5v.mjs}

@@ -7807,7 +7807,7 @@ var require_secure_json_parse = /* @__PURE__ */ __commonJSMin(((exports, module)
 	module.exports.scan = filter;
 }));
 //#endregion
-//#region ../server/dist/app-BDvasXc4.mjs
+//#region ../server/dist/app-BcKNAbK-.mjs
 var import_multipart = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMin(((exports, module) => {
 	const Busboy = require_main();
 	const os = __require("node:os");
@@ -11111,17 +11111,35 @@ async function createNotification(db, data) {
 	pushToWebhook(db, notification).catch(() => {});
 	return notification;
 }
-/** List notifications with pagination and optional filters. */
-async function listNotifications(db, orgId, query) {
+/**
+* List notifications with pagination and optional filters, scoped to the
+* caller's visible agents.
+*
+* Rule: a member sees a notification iff
+*   - it carries an `agentId` the member can see
+*     (`agents.visibility = organization` OR `agents.managerId = self`), OR
+*   - it has no `agentId` (org-wide system notification)
+*
+* Private agents owned by other members never surface.
+*/
+async function listNotifications(db, orgId, memberId, query) {
+	const visibleAgents = await loadVisibleAgentIds$1(db, orgId, memberId);
+	if (query.agentId && !visibleAgents.has(query.agentId)) return {
+		items: [],
+		nextCursor: null
+	};
 	const conditions = [eq(notifications.organizationId, orgId)];
 	if (query.cursor) conditions.push(lt(notifications.createdAt, new Date(query.cursor)));
 	if (query.severity) conditions.push(eq(notifications.severity, query.severity));
 	if (query.read !== void 0) conditions.push(eq(notifications.read, query.read));
 	if (query.agentId) conditions.push(eq(notifications.agentId, query.agentId));
 	const where = and(...conditions);
-	const rows = await db.select().from(notifications).where(where).orderBy(desc(notifications.createdAt)).limit(query.limit + 1);
-	const hasMore = rows.length > query.limit;
-	const items = hasMore ? rows.slice(0, query.limit) : rows;
+	const overscanFactor = 4;
+	const targetLimit = query.limit;
+	const rawLimit = Math.min(targetLimit * overscanFactor + 1, 400);
+	const visible = (await db.select().from(notifications).where(where).orderBy(desc(notifications.createdAt)).limit(rawLimit)).filter((n) => n.agentId === null || visibleAgents.has(n.agentId));
+	const hasMore = visible.length > targetLimit;
+	const items = hasMore ? visible.slice(0, targetLimit) : visible;
 	const last = items[items.length - 1];
 	const nextCursor = hasMore && last ? last.createdAt.toISOString() : null;
 	return {
@@ -11132,36 +11150,116 @@ async function listNotifications(db, orgId, query) {
 		nextCursor
 	};
 }
-/** Mark a single notification as read, scoped to organization. */
-async function markRead(db, notificationId, organizationId) {
-	const [updated] = await db.update(notifications).set({ read: true }).where(and(eq(notifications.id, notificationId), eq(notifications.organizationId, organizationId))).returning();
+/** Mark a single notification as read, scoped to organization + visible agents. */
+async function markRead(db, notificationId, orgId, memberId) {
+	const [existing] = await db.select({
+		id: notifications.id,
+		agentId: notifications.agentId
+	}).from(notifications).where(and(eq(notifications.id, notificationId), eq(notifications.organizationId, orgId))).limit(1);
+	if (!existing) return null;
+	if (existing.agentId) {
+		if (!(await loadVisibleAgentIds$1(db, orgId, memberId)).has(existing.agentId)) return null;
+	}
+	const [updated] = await db.update(notifications).set({ read: true }).where(and(eq(notifications.id, notificationId), eq(notifications.organizationId, orgId))).returning();
 	return updated ?? null;
 }
-/** Mark all notifications as read for an organization. */
-async function markAllRead(db, orgId) {
-	await db.update(notifications).set({ read: true }).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false)));
+/** Mark all notifications visible to this member as read. */
+async function markAllRead(db, orgId, memberId) {
+	const visible = await loadVisibleAgentIds$1(db, orgId, memberId);
+	const idsToMark = (await db.select({
+		id: notifications.id,
+		agentId: notifications.agentId
+	}).from(notifications).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false))).limit(1e3)).filter((n) => n.agentId === null || visible.has(n.agentId)).map((n) => n.id);
+	if (idsToMark.length === 0) return;
+	const batchSize = 200;
+	for (let i = 0; i < idsToMark.length; i += batchSize) {
+		const batch = idsToMark.slice(i, i + batchSize);
+		await db.update(notifications).set({ read: true }).where(and(eq(notifications.organizationId, orgId), eq(notifications.read, false), inArray(notifications.id, batch)));
+	}
 }
 /**
-* Convenience: create a notification for an agent event, resolving org automatically.
-* Fire-and-forget — errors are swallowed.
+* Shared visibility predicate. Mirrors
+* {@link packages/server/src/services/access-control.ts#agentVisibilityCondition}
+* but returns a Set because the notification query joins are mostly in Node.
 */
-async function notifyAgentEvent(db, agentId, type, severity, message, chatId) {
+async function loadVisibleAgentIds$1(db, orgId, memberId) {
+	const rows = await db.select({ id: agents.uuid }).from(agents).where(and(eq(agents.organizationId, orgId), ne(agents.status, AGENT_STATUSES.DELETED), or(eq(agents.visibility, AGENT_VISIBILITY.ORGANIZATION), eq(agents.managerId, memberId))));
+	return new Set(rows.map((r) => r.id));
+}
+async function resolveAgentContext(db, agentId) {
+	const [agent] = await db.select({
+		organizationId: agents.organizationId,
+		name: agents.name,
+		displayName: agents.displayName,
+		clientId: agents.clientId
+	}).from(agents).where(eq(agents.uuid, agentId)).limit(1);
+	if (!agent) return null;
+	let clientLabel = null;
+	if (agent.clientId) {
+		const [client] = await db.select({
+			hostname: clients.hostname,
+			id: clients.id
+		}).from(clients).where(eq(clients.id, agent.clientId)).limit(1);
+		clientLabel = client?.hostname ?? agent.clientId;
+	}
+	return {
+		organizationId: agent.organizationId,
+		agentName: agent.displayName ?? agent.name ?? agentId,
+		clientId: agent.clientId,
+		clientLabel
+	};
+}
+async function resolveChatContext(db, chatId) {
+	const [chat] = await db.select({ topic: chats.topic }).from(chats).where(eq(chats.id, chatId)).limit(1);
+	const shortId = chatId.slice(0, 8);
+	return { chatLabel: chat?.topic && chat.topic.trim().length > 0 ? chat.topic.trim() : `Chat ${shortId}` };
+}
+/**
+* Compose a human-readable message for each notification type.
+*
+* Keep subjects consistent with what the dashboard shows the member:
+*   - Session-scoped events → subject is the chat (topic / "Chat xxxxxxxx")
+*   - Client-scoped events  → subject is the computer (hostname / clientId)
+*   - Agent-scoped events   → subject is the agent display name
+*/
+function composeMessage(type, agentCtx, chatCtx) {
+	const agent = agentCtx.agentName;
+	const computer = agentCtx.clientLabel ?? "Unknown computer";
+	const chat = chatCtx?.chatLabel ?? null;
+	switch (type) {
+		case "session_completed": return chat ? `${chat} completed` : `${agent} completed a task`;
+		case "session_error": return chat ? `${chat} hit an error` : `${agent} hit a session error`;
+		case "agent_disconnected": return `Computer ${computer} disconnected`;
+		case "agent_connected": return `Computer ${computer} reconnected`;
+		case "agent_stale": return `Computer ${computer} is unresponsive`;
+		case "agent_error": return `${agent} entered error state`;
+		case "agent_blocked": return `${agent} is blocked`;
+		case "agent_needs_decision": return chat ? `${agent} needs a decision in ${chat}` : `${agent} needs a decision`;
+		default: return `${agent} event`;
+	}
+}
+/**
+* Convenience: create a notification for an agent event, resolving org,
+* agent display name, computer hostname, and chat topic automatically.
+* Callers supply the event type and severity; the message text is generated
+* here so language/phrasing is centralized (see {@link composeMessage}).
+*
+* Fire-and-forget — errors are swallowed so event producers never fail just
+* because the notification pipeline is unhealthy.
+*/
+async function notifyAgentEvent(db, agentId, type, severity, chatId) {
 	try {
-		const [agent] = await db.select({
-			organizationId: agents.organizationId,
-			name: agents.name,
-			displayName: agents.displayName
-		}).from(agents).where(eq(agents.uuid, agentId)).limit(1);
-		if (!agent) return;
-		const name = agent.displayName ?? agent.name ?? agentId;
-		const resolvedMessage = message.replace(agentId, name);
+		const agentCtx = await resolveAgentContext(db, agentId);
+		if (!agentCtx) return;
+		const message = composeMessage(type, agentCtx, chatId ? await resolveChatContext(db, chatId) : null);
 		await createNotification(db, {
-			organizationId: agent.organizationId,
+			organizationId: agentCtx.organizationId,
 			type,
 			severity,
 			agentId,
 			chatId: chatId ?? null,
-			message: resolvedMessage
+			clientId: agentCtx.clientId,
+			message
 		});
 	} catch {}
 }
@@ -11169,6 +11267,7 @@ function pushToAdminWs(notification) {
 	broadcastToAdmins({
 		type: "notification",
 		organizationId: notification.organizationId,
+		agentId: notification.agentId ?? null,
 		data: notification
 	});
 }
@@ -11185,26 +11284,34 @@ async function pushToWebhook(db, notification) {
 	} catch {}
 }
 async function adminNotificationRoutes(app) {
-	/** GET /admin/notifications — list notifications scoped to caller's org */
+	/**
+	* GET /admin/notifications — list notifications visible to the caller.
+	*
+	* Scoped by (a) organization (via JWT) and (b) per-agent visibility: the
+	* member only sees notifications whose agentId is visible to them
+	* (organization-visible agents or agents they manage), plus org-wide
+	* system notifications with no agentId. This mirrors the rule the admin
+	* WebSocket route enforces on live pushes — REST and WS stay in sync.
+	*/
 	app.get("/", async (request) => {
 		const member = requireMember(request);
 		const query = notificationQuerySchema.parse(request.query);
-		return listNotifications(app.db, member.organizationId, query);
+		return listNotifications(app.db, member.organizationId, member.memberId, query);
 	});
 	/** POST /admin/notifications/:id/read — mark a single notification as read */
 	app.post("/:id/read", async (request) => {
 		const member = requireMember(request);
-		const result = await markRead(app.db, request.params.id, member.organizationId);
+		const result = await markRead(app.db, request.params.id, member.organizationId, member.memberId);
 		if (!result) throw new NotFoundError(`Notification "${request.params.id}" not found`);
 		return {
 			...result,
 			createdAt: result.createdAt.toISOString()
 		};
 	});
-	/** POST /admin/notifications/read-all — mark all notifications as read */
+	/** POST /admin/notifications/read-all — mark all visible notifications as read */
 	app.post("/read-all", async (request) => {
 		const member = requireMember(request);
-		await markAllRead(app.db, member.organizationId);
+		await markAllRead(app.db, member.organizationId, member.memberId);
 		return { status: "ok" };
 	});
 }
@@ -12315,6 +12422,8 @@ function adminWsRoutes(notifier, jwtSecret) {
 		const orgId = payload.organizationId;
 		if (typeof orgId !== "string" || orgId.length === 0) return;
 		const isPulseTick = payload.type === "pulse:tick" && typeof payload.agents === "object" && payload.agents !== null;
+		const isNotification = payload.type === "notification";
+		const notificationAgentId = isNotification && typeof payload.agentId === "string" && payload.agentId.length > 0 ? payload.agentId : null;
 		const sharedData = isPulseTick ? null : JSON.stringify(payload);
 		for (const [ws, meta] of adminSockets) {
 			if (ws.readyState !== 1 || meta.organizationId !== orgId) continue;
@@ -12324,7 +12433,10 @@ function adminWsRoutes(notifier, jwtSecret) {
 					...payload,
 					agents: filtered
 				}));
-			} else ws.send(sharedData);
+			} else {
+				if (isNotification && notificationAgentId && !meta.visibleAgentIds.has(notificationAgentId)) continue;
+				ws.send(sharedData);
+			}
 		}
 	}
 	registerAdminBroadcaster(broadcastOrgScoped);
@@ -13245,8 +13357,8 @@ function clientWsRoutes(notifier, instanceId) {
 								organizationId: session.organizationId,
 								notifier
 							});
-							if (payload.runtimeState === "error" && shouldNotify(agentId, "agent_error")) notifyAgentEvent(app.db, agentId, "agent_error", "high", `Agent ${agentId} entered error state`).catch(() => {});
-							else if (payload.runtimeState === "blocked" && shouldNotify(agentId, "agent_blocked")) notifyAgentEvent(app.db, agentId, "agent_blocked", "medium", `Agent ${agentId} is blocked`).catch(() => {});
+							if (payload.runtimeState === "error" && shouldNotify(agentId, "agent_error")) notifyAgentEvent(app.db, agentId, "agent_error", "high").catch(() => {});
+							else if (payload.runtimeState === "blocked" && shouldNotify(agentId, "agent_blocked")) notifyAgentEvent(app.db, agentId, "agent_blocked", "medium").catch(() => {});
 						} else if (type === "session:event") {
 							const agentId = parsed.data.agentId;
 							if (!agentId || !boundAgents.has(agentId)) {
@@ -13277,7 +13389,7 @@ function clientWsRoutes(notifier, instanceId) {
 								return;
 							}
 							const payload = sessionCompletionMessageSchema.parse(msg);
-							if (shouldNotify(agentId, `session_completed:${payload.chatId}`)) notifyAgentEvent(app.db, agentId, "session_completed", "low", `Agent ${agentId} completed a task`, payload.chatId).catch(() => {});
+							if (shouldNotify(agentId, `session_completed:${payload.chatId}`)) notifyAgentEvent(app.db, agentId, "session_completed", "low", payload.chatId).catch(() => {});
 						} else if (type === "heartbeat") {
 							if (clientId) {
 								await heartbeatClient(app.db, clientId);
@@ -13302,7 +13414,7 @@ function clientWsRoutes(notifier, instanceId) {
 					notifier.unsubscribe(info.inboxId, socket);
 					if (getAgentClientId(agentId) === clientId) try {
 						await unbindAgent(app.db, agentId);
-						if (shouldNotify(agentId, "agent_disconnected")) notifyAgentEvent(app.db, agentId, "agent_disconnected", "medium", `Agent ${agentId} disconnected`).catch(() => {});
+						if (shouldNotify(agentId, "agent_disconnected")) notifyAgentEvent(app.db, agentId, "agent_disconnected", "medium").catch(() => {});
 					} catch {}
 				}
 				boundAgents.clear();
@@ -14804,7 +14916,7 @@ function createBackgroundTasks(app, instanceId, adapterManager, kaelRuntime) {
 							count: staleAgents.length,
 							agentIds: staleAgents
 						}, "marked agents as stale");
-						for (const agentId of staleAgents) notifyAgentEvent(app.db, agentId, "agent_stale", "medium", `Agent ${agentId} is unresponsive`).catch(() => {});
+						for (const agentId of staleAgents) notifyAgentEvent(app.db, agentId, "agent_stale", "medium").catch(() => {});
 					}
 				} catch (err) {
 					log.error({ err }, "failed to heartbeat / cleanup presence");

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import "./logger-core-2yeIU1fc-B-__AsQO.mjs";
 import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-CWcBzk6C.mjs";
 import "./observability-CJzDFY_G-CmvgUuzc.mjs";
-import { A as printResults, B as SdkError, C as checkDatabase, D as checkServerHealth, E as checkServerConfig, F as stopPostgres, I as ClientRuntime, L as createOwner, M as status, N as ensurePostgres, O as checkServerReachable, P as isDockerAvailable, R as hasUser, S as checkClientConfig, T as checkNodeVersion, _ as isServiceSupported, b as runMigrations, c as promptMissingFields, d as onboardCheck, f as onboardCreate, g as installClientService, h as getClientServiceStatus, i as startServer, j as blank, k as checkWebSocket, l as formatCheckReport, m as runHomeMigration, o as isInteractive, s as promptAddAgent, v as resolveCliInvocation, w as checkDocker, x as checkAgentConfigs, y as uninstallClientService, z as FirstTreeHubSDK } from "./core-DZDhomaN.mjs";
+import { A as printResults, B as SdkError, C as checkDatabase, D as checkServerHealth, E as checkServerConfig, F as stopPostgres, I as ClientRuntime, L as createOwner, M as status, N as ensurePostgres, O as checkServerReachable, P as isDockerAvailable, R as hasUser, S as checkClientConfig, T as checkNodeVersion, _ as isServiceSupported, b as runMigrations, c as promptMissingFields, d as onboardCheck, f as onboardCreate, g as installClientService, h as getClientServiceStatus, i as startServer, j as blank, k as checkWebSocket, l as formatCheckReport, m as runHomeMigration, o as isInteractive, s as promptAddAgent, v as resolveCliInvocation, w as checkDocker, x as checkAgentConfigs, y as uninstallClientService, z as FirstTreeHubSDK } from "./core-DzuW7b5v.mjs";
 import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-GlaczcVf.mjs";
 export { ClientRuntime, FirstTreeHubSDK, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };