@agent-team-foundation/first-tree-hub 0.9.7 → 0.9.9

package/dist/{core-USyOOh7y.mjs → core-B2YUTpgg.mjs}

@@ -1,28 +1,29 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DV_fQKqV-CuLWzBxQ.mjs";
 import { s as formatPrettyEntry$1, t as LOG_LEVELS$1, u as parseLogLevel$1 } from "./logger-core-BTmvdflj-DhdipBkV.mjs";
-import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue } from "./bootstrap-DWifXj9b.mjs";
-import { $ as updateAdapterConfigSchema, A as createMemberSchema, B as notificationQuerySchema, C as agentTypeSchema$1, D as createAdapterMappingSchema, E as createAdapterConfigSchema, F as inboxPollQuerySchema, G as sendMessageSchema, H as refreshTokenSchema, I as isRedactedEnvValue, J as sessionEventMessageSchema, K as sendToAgentSchema, L as linkTaskChatSchema, M as createTaskSchema, N as delegateFeishuUserSchema, O as createAgentSchema, P as dryRunAgentRuntimeConfigSchema, Q as taskListQuerySchema, R as loginSchema, S as agentRuntimeConfigPayloadSchema$1, T as connectTokenExchangeSchema, U as runtimeStateMessageSchema, V as paginationQuerySchema, W as selfServiceFeishuBotSchema, X as sessionReconcileRequestSchema, Y as sessionEventSchema$1, Z as sessionStateMessageSchema, _ as addParticipantSchema, a as AGENT_SELECTOR_HEADER$1, at as updateSystemConfigSchema, b as agentBindRequestSchema, c as AGENT_TYPES, d as SYSTEM_CONFIG_DEFAULTS, et as updateAgentRuntimeConfigSchema, f as TASK_CREATOR_TYPES, g as WS_AUTH_FRAME_TIMEOUT_MS, h as TASK_TERMINAL_STATUSES, i as AGENT_BIND_REJECT_REASONS, it as updateOrganizationSchema, j as createOrganizationSchema, k as createChatSchema, l as AGENT_VISIBILITY, m as TASK_STATUSES, nt as updateChatSchema, o as AGENT_SOURCES, ot as updateTaskStatusSchema, p as TASK_HEALTH_SIGNALS, q as sessionCompletionMessageSchema, rt as updateMemberSchema, s as AGENT_STATUSES, st as wsAuthFrameSchema, tt as updateAgentSchema, u as DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD, v as adminCreateTaskSchema, w as clientRegisterSchema, x as agentPinnedMessageSchema$1, y as adminUpdateTaskSchema, z as messageSourceSchema$1 } from "./feishu-GlaczcVf.mjs";
+import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue } from "./bootstrap-hh_PkTu6.mjs";
+import { $ as sessionStateMessageSchema, A as createMemberSchema, B as loginSchema, C as agentTypeSchema$1, D as createAdapterMappingSchema, E as createAdapterConfigSchema, F as extractMentions, G as runtimeStateMessageSchema, H as notificationQuerySchema, I as imageInlineContentSchema, J as sendToAgentSchema, K as selfServiceFeishuBotSchema, L as inboxPollQuerySchema, M as createTaskSchema, N as delegateFeishuUserSchema, O as createAgentSchema, P as dryRunAgentRuntimeConfigSchema, Q as sessionReconcileRequestSchema, R as isRedactedEnvValue, S as agentRuntimeConfigPayloadSchema$1, T as connectTokenExchangeSchema, U as paginationQuerySchema, V as messageSourceSchema$1, W as refreshTokenSchema, X as sessionEventMessageSchema, Y as sessionCompletionMessageSchema, Z as sessionEventSchema$1, _ as addParticipantSchema, a as AGENT_SELECTOR_HEADER$1, at as updateMemberSchema, b as agentBindRequestSchema, c as AGENT_TYPES, ct as updateTaskStatusSchema, d as SYSTEM_CONFIG_DEFAULTS, et as taskListQuerySchema, f as TASK_CREATOR_TYPES, g as WS_AUTH_FRAME_TIMEOUT_MS, h as TASK_TERMINAL_STATUSES, i as AGENT_BIND_REJECT_REASONS, it as updateChatSchema, j as createOrganizationSchema, k as createChatSchema, l as AGENT_VISIBILITY, lt as wsAuthFrameSchema, m as TASK_STATUSES, nt as updateAgentRuntimeConfigSchema, o as AGENT_SOURCES, ot as updateOrganizationSchema, p as TASK_HEALTH_SIGNALS, q as sendMessageSchema, rt as updateAgentSchema, s as AGENT_STATUSES, st as updateSystemConfigSchema, tt as updateAdapterConfigSchema, u as DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD, v as adminCreateTaskSchema, w as clientRegisterSchema, x as agentPinnedMessageSchema$1, y as adminUpdateTaskSchema, z as linkTaskChatSchema } from "./feishu-B1Kiq7S6.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
-import { dirname, isAbsolute, join, resolve } from "node:path";
+import { delimiter, dirname, isAbsolute, join, resolve } from "node:path";
 import { Writable } from "node:stream";
-import { homedir, hostname, platform, userInfo } from "node:os";
+import { homedir, hostname, platform, tmpdir, userInfo } from "node:os";
 import { EventEmitter } from "node:events";
 import { closeSync, copyFileSync, createReadStream, existsSync, mkdirSync, openSync, readFileSync, readdirSync, realpathSync, renameSync, rmSync, statSync, unlinkSync, unwatchFile, watch, watchFile, writeFileSync, writeSync } from "node:fs";
 import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import WebSocket from "ws";
+import { mkdir, writeFile } from "node:fs/promises";
+import { parse, stringify } from "yaml";
 import { query } from "@anthropic-ai/claude-agent-sdk";
 import { execFileSync, execSync, spawn, spawnSync } from "node:child_process";
-import { stringify } from "yaml";
 import * as semver from "semver";
 import bcrypt from "bcrypt";
 import { and, asc, count, desc, eq, gt, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
+import { confirm, input, password, select } from "@inquirer/prompts";
 import { fileURLToPath } from "node:url";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
-import { confirm, input, password, select } from "@inquirer/prompts";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
 import fastifyStatic from "@fastify/static";
@@ -460,7 +461,6 @@ z.object({
 	inboxId: z.string(),
 	status: z.string(),
 	source: z.string().nullable().optional(),
-	cloudUserId: z.string().nullable().optional(),
 	visibility: agentVisibilitySchema,
 	metadata: z.record(z.string(), z.unknown()),
 	managerId: z.string().nullable(),
@@ -659,6 +659,11 @@ const chatParticipantSchema = z.object({
 	mode: z.string(),
 	joinedAt: z.string()
 });
+chatParticipantSchema.extend({
+	name: z.string().nullable(),
+	displayName: z.string().nullable(),
+	type: z.string()
+});
 z.object({
 	id: z.string(),
 	organizationId: z.string(),
@@ -698,6 +703,54 @@ z.object({
 	limit: z.coerce.number().int().min(1).max(100).default(20),
 	cursor: z.string().optional()
 });
+/**
+* MIME types the web + client image paths recognise. Kept in sync with
+* Claude's vision API (see packages/client/src/handlers/claude-code.ts).
+*/
+const SUPPORTED_IMAGE_MIMES$1 = [
+	"image/png",
+	"image/jpeg",
+	"image/gif",
+	"image/webp"
+];
+const supportedImageMimeSchema = z.enum(SUPPORTED_IMAGE_MIMES$1);
+const IMAGE_MIME_TO_EXT = {
+	"image/png": "png",
+	"image/jpeg": "jpg",
+	"image/gif": "gif",
+	"image/webp": "webp"
+};
+z.object({
+	data: z.string().min(1),
+	mimeType: supportedImageMimeSchema,
+	filename: z.string().min(1),
+	size: z.number().int().nonnegative().optional(),
+	imageId: z.string().uuid().optional()
+});
+z.object({
+	imageId: z.string().uuid(),
+	mimeType: supportedImageMimeSchema,
+	filename: z.string().min(1),
+	size: z.number().int().nonnegative().optional()
+});
+/**
+* Server → client WS frame carrying the full image bytes for an image
+* message. Pushed before the corresponding `new_message` notification so
+* the client has the file on disk by the time it polls the message.
+*
+* Best-effort: if the target client WS lives on a different server
+* instance (or is offline), the frame is lost and the reference message
+* will surface a "not available on this device" placeholder downstream.
+*/
+const imagePayloadFrameSchema = z.object({
+	type: z.literal("image_payload"),
+	imageId: z.string().uuid(),
+	chatId: z.string(),
+	base64: z.string().min(1),
+	mimeType: supportedImageMimeSchema,
+	filename: z.string().min(1),
+	size: z.number().int().nonnegative().optional()
+});
 const messageSourceSchema = z.enum([
 	"hub_ui",
 	"cli",
@@ -730,17 +783,7 @@ z.object({
 	replyToChat: z.string().optional(),
 	source: messageSourceSchema.optional()
 });
-/**
-* Wire format for messages routed FROM the Hub TO a client runtime.
-*
-* Adds `configVersion` so the client can compare against its locally cached
-* agent runtime config and refresh before delivering the message to the SDK.
-*
-* Step 3: this is the single shape used by `buildClientMessagePayload` —
-* never serialise a raw `messageSchema` row to a client; always go through
-* the dispatcher.
-*/
-const clientMessageSchema = z.object({
+const messageSchema = z.object({
 	id: z.string(),
 	chatId: z.string(),
 	senderId: z.string(),
@@ -752,7 +795,46 @@ const clientMessageSchema = z.object({
 	inReplyTo: z.string().nullable(),
 	source: messageSourceSchema.nullable(),
 	createdAt: z.string()
-}).extend({ configVersion: z.number().int().positive() });
+});
+/**
+* Snapshot of the `in_reply_to` target that the server materialises at
+* dispatch time so the receiving runtime can decide whether this is an
+* echo it should suppress (see proposal hub-agent-messaging-reply-and-mentions).
+*
+* `chatId` is the original message's `chat_id`; `replyToChat` is the chat
+* its sender expected replies to flow back to (often a different chat).
+* `null` when the message is not a reply, or the original could not be
+* resolved (e.g. deleted).
+*/
+const inReplyToSnapshotSchema = z.object({
+	senderId: z.string(),
+	chatId: z.string(),
+	replyToChat: z.string().nullable()
+}).nullable();
+/** Per-chat participation mode exposed to the recipient runtime. */
+const participantModeSchema = z.enum(["full", "mention_only"]);
+/**
+* Wire format for messages routed FROM the Hub TO a client runtime.
+*
+* Adds `configVersion` so the client can compare against its locally cached
+* agent runtime config and refresh before delivering the message to the SDK.
+*
+* Step 3: this is the single shape used by `buildClientMessagePayload` —
+* never serialise a raw `messageSchema` row to a client; always go through
+* the dispatcher.
+*
+* `recipientMode` is the receiving agent's own mode in the entry's chat —
+* `mention_only` participants must only start a session when they appear in
+* `metadata.mentions` (see session-manager.ts).
+*
+* `inReplyToSnapshot` is populated when `inReplyTo` resolves to an existing
+* message; runtime uses it to suppress self-reply echo on direct chats.
+*/
+const clientMessageSchema = messageSchema.extend({
+	configVersion: z.number().int().positive(),
+	recipientMode: participantModeSchema.default("full"),
+	inReplyToSnapshot: inReplyToSnapshotSchema.default(null)
+});
 z.enum([
 	"pending",
 	"delivered",
@@ -1112,6 +1194,211 @@ const serverWelcomeFrameSchema = z.object({
 	serverCommandVersion: z.string().min(1),
 	serverTimeMs: z.number().int().nonnegative()
 }).passthrough();
+/** Declare a config field with a Zod schema and optional metadata. */
+function field(schema, options) {
+	return {
+		_tag: "field",
+		_type: void 0,
+		schema,
+		options: options ?? {}
+	};
+}
+/** Mark a config group as optional — present only when at least one field has an explicit value. */
+function optional(shape) {
+	return {
+		_tag: "optional",
+		shape
+	};
+}
+/** Define a config shape. Identity function used for type inference. */
+function defineConfig(shape) {
+	return shape;
+}
+defineConfig({
+	agentId: field(z.string().min(1)),
+	runtime: field(z.string().default("claude-code")),
+	concurrency: field(z.number().int().positive().default(5)),
+	session: {
+		idle_timeout: field(z.number().int().positive().default(300)),
+		max_sessions: field(z.number().int().positive().default(10))
+	}
+});
+/**
+* Phase-dependent defaults that flip with release milestones. Kept as a plain
+* module-level constant so reviews of the beta→GA transition are a one-line
+* diff, and so tests can mock this module to exercise both branches.
+*/
+const UPDATE_POLICIES = [
+	"auto",
+	"prompt",
+	"off"
+];
+/**
+* Default value of `update.policy` on the Client config. During the beta this
+* is `"auto"` — operators rarely know to `npm i -g` weekly and we chase the
+* latest published Command by default. The GA PR flips it to `"prompt"` and
+* bumps Command to `1.0.0`.
+*/
+const UPDATE_POLICY_DEFAULT = "auto";
+const updatePolicySchema = z.enum(UPDATE_POLICIES);
+defineConfig({
+	server: { url: field(z.string(), {
+		env: "FIRST_TREE_HUB_SERVER_URL",
+		prompt: {
+			message: "Server URL:",
+			default: "http://localhost:8000"
+		}
+	}) },
+	client: { id: field(z.string().regex(/^client_[a-f0-9]{8}$/), {
+		auto: "client-id",
+		env: "FIRST_TREE_HUB_CLIENT_ID"
+	}) },
+	update: {
+		policy: field(updatePolicySchema.default(UPDATE_POLICY_DEFAULT), { env: "FIRST_TREE_HUB_UPDATE_POLICY" }),
+		restart_quiet_seconds: field(z.number().int().min(1).max(3600).default(30), { env: "FIRST_TREE_HUB_UPDATE_RESTART_QUIET_SECONDS" }),
+		restart_check_interval_seconds: field(z.number().int().min(5).max(300).default(10), { env: "FIRST_TREE_HUB_UPDATE_RESTART_CHECK_INTERVAL_SECONDS" }),
+		prompt_timeout_seconds: field(z.number().int().min(10).max(600).default(60), { env: "FIRST_TREE_HUB_UPDATE_PROMPT_TIMEOUT_SECONDS" })
+	},
+	logLevel: field(logLevelSchema.default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" })
+});
+const DEFAULT_HOME_DIR = process.env.FIRST_TREE_HUB_HOME ?? join(homedir(), ".first-tree", "hub");
+join(DEFAULT_HOME_DIR, "config");
+const DEFAULT_DATA_DIR = join(DEFAULT_HOME_DIR, "data");
+join(homedir(), ".first-tree-hub");
+defineConfig({
+	database: {
+		url: field(z.string(), {
+			env: "FIRST_TREE_HUB_DATABASE_URL",
+			auto: "docker-pg",
+			prompt: {
+				message: "PostgreSQL:",
+				type: "select",
+				choices: [{
+					name: "Auto-provision via Docker",
+					value: "__auto__"
+				}, {
+					name: "Provide connection URL",
+					value: "__input__"
+				}]
+			}
+		}),
+		provider: field(z.enum(["docker", "external"]).default("docker"))
+	},
+	server: {
+		port: field(z.number().default(8e3), { env: "FIRST_TREE_HUB_PORT" }),
+		host: field(z.string().default("127.0.0.1"), { env: "FIRST_TREE_HUB_HOST" })
+	},
+	secrets: {
+		jwtSecret: field(z.string(), {
+			env: "FIRST_TREE_HUB_JWT_SECRET",
+			auto: "random:base64url:32",
+			secret: true
+		}),
+		encryptionKey: field(z.string(), {
+			env: "FIRST_TREE_HUB_ENCRYPTION_KEY",
+			auto: "random:hex:32",
+			secret: true
+		})
+	},
+	contextTree: optional({
+		repo: field(z.string(), {
+			env: "FIRST_TREE_HUB_CONTEXT_TREE_REPO",
+			prompt: { message: "Context Tree repo URL (e.g. https://github.com/org/first-tree):" }
+		}),
+		branch: field(z.string().default("main"))
+	}),
+	github: {
+		webhookSecret: field(z.string().optional(), {
+			env: "FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET",
+			secret: true
+		}),
+		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
+	},
+	cors: optional({ origin: field(z.string(), { env: "FIRST_TREE_HUB_CORS_ORIGIN" }) }),
+	rateLimit: optional({
+		max: field(z.number().default(100), { env: "FIRST_TREE_HUB_RATE_LIMIT_MAX" }),
+		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
+		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" })
+	}),
+	kael: optional({
+		endpoint: field(z.string(), { env: "KAEL_ENDPOINT" }),
+		apiKey: field(z.string(), {
+			env: "KAEL_API_KEY",
+			secret: true
+		}),
+		hubPublicUrl: field(z.string(), { env: "FIRST_TREE_HUB_PUBLIC_URL" })
+	}),
+	feedback: optional({
+		repo: field(z.string(), { env: "HEARBACK_FEEDBACK_REPO" }),
+		githubToken: field(z.string(), {
+			env: "HEARBACK_GITHUB_TOKEN",
+			secret: true
+		}),
+		llm: optional({
+			apiKey: field(z.string(), {
+				env: "LLM_API_KEY",
+				secret: true
+			}),
+			baseUrl: field(z.string().optional(), { env: "LLM_BASE_URL" }),
+			model: field(z.string().optional(), { env: "LLM_MODEL" })
+		}),
+		trustProxyHeaders: field(z.boolean().default(false), { env: "HEARBACK_TRUST_PROXY_HEADERS" })
+	}),
+	observability: {
+		logging: {
+			level: field(logLevelSchema.default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" }),
+			format: field(logFormatSchema.default(process.env.NODE_ENV === "production" ? "json" : "pretty")),
+			bridgeToSpanLevel: field(z.enum([
+				"error",
+				"warn",
+				"off"
+			]).default("error"))
+		},
+		tracing: optional({
+			endpoint: field(z.string(), { env: "FIRST_TREE_HUB_OTEL_ENDPOINT" }),
+			headers: field(z.string().default(""), {
+				env: "FIRST_TREE_HUB_OTEL_HEADERS",
+				secret: true
+			}),
+			exporter: field(z.enum(["otlp-http", "otlp-grpc"]).default("otlp-http")),
+			serviceName: field(z.string().default("first-tree-hub")),
+			environment: field(z.string().default("development"), { env: "FIRST_TREE_HUB_OTEL_ENVIRONMENT" }),
+			sampleRate: field(z.number().min(0).max(1).default(1))
+		})
+	}
+});
+/** UUIDs are the only shape we generate for imageId, but accept the same
+* loose character set as chatId sanitisers elsewhere so a malformed field
+* can never break out of the images dir. */
+function sanitize(segment) {
+	return /^[a-zA-Z0-9-]+$/.test(segment) ? segment : "unknown";
+}
+function imageDir(chatId) {
+	return join(DEFAULT_DATA_DIR, "chats", sanitize(chatId), "images");
+}
+function imagePath(chatId, imageId, mimeType) {
+	const ext = IMAGE_MIME_TO_EXT[mimeType];
+	return join(imageDir(chatId), `${sanitize(imageId)}.${ext}`);
+}
+/**
+* Locate a previously-written image file on disk. Returns null when the
+* file is missing — caller should surface the "image not available on
+* this device" placeholder in that case.
+*/
+function findImagePath(chatId, imageId, mimeType) {
+	const p = imagePath(chatId, imageId, mimeType);
+	return existsSync(p) ? p : null;
+}
+/**
+* Persist image bytes to `<dataDir>/chats/<chatId>/images/<imageId>.<ext>`.
+* Idempotent — rewriting the same imageId is a no-op overwrite.
+*/
+async function writeImage(params) {
+	await mkdir(imageDir(params.chatId), { recursive: true });
+	const path = imagePath(params.chatId, params.imageId, params.mimeType);
+	await writeFile(path, Buffer.from(params.base64, "base64"));
+	return path;
+}
 const FETCH_TIMEOUT_MS = 15e3;
 var FirstTreeHubSDK = class {
 	_baseUrl;
@@ -1185,6 +1472,13 @@ var FirstTreeHubSDK = class {
 	async listMessages(chatId, options) {
 		return this.requestJson(`/api/v1/agent/chats/${chatId}/messages${this.queryString(options)}`);
 	}
+	/**
+	* List participants of a chat with agent names/displayNames — used by the
+	* runtime to resolve `@<name>` mentions against the authoritative set.
+	*/
+	async listChatParticipants(chatId) {
+		return this.requestJson(`/api/v1/agent/chats/${chatId}/participants`);
+	}
 	queryString(options) {
 		const params = new URLSearchParams();
 		if (options?.limit !== void 0) params.set("limit", String(options.limit));
@@ -1232,6 +1526,19 @@ var SdkError = class extends Error {
 		this.name = "SdkError";
 	}
 };
+/**
+* Thrown (emitted on `error` and rejected from `connect()`) when the server
+* refuses a `client:register` because the local clientId is bound to a
+* different organization. The CLI layer detects this via `instanceof` and
+* prompts the user before rotating the local clientId.
+*/
+var ClientOrgMismatchError$1 = class extends Error {
+	code = "CLIENT_ORG_MISMATCH";
+	constructor(message = "Client belongs to a different organization") {
+		super(message);
+		this.name = "ClientOrgMismatchError";
+	}
+};
 const RECONNECT_BASE_MS = 1e3;
 const RECONNECT_MAX_MS = 3e4;
 const WS_CONNECT_TIMEOUT_MS = 1e4;
@@ -1287,12 +1594,26 @@ var ClientConnection = class extends EventEmitter {
 	registered = false;
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
 	welcomeFramesReceived = 0;
+	/**
+	* Last handshake error, stashed for the `close` handler to surface a typed
+	* reason (e.g. {@link ClientOrgMismatchError}) instead of a generic
+	* "closed before ready" when `connect()` is pending.
+	*/
+	lastHandshakeError = null;
 	wsLogger;
 	authLogger;
 	boundAgents = /* @__PURE__ */ new Map();
 	/** Agents scheduled to rebind automatically on every reconnect. */
 	desiredBindings = /* @__PURE__ */ new Map();
 	pendingBinds = /* @__PURE__ */ new Map();
+	/**
+	* In-flight image writes from recent `image_payload` frames. The server
+	* pushes `image_payload` immediately before firing the `new_message`
+	* notification, but WS message handlers run through EventEmitter (sync
+	* dispatch, no await), so the disk write can still race the HTTP poll
+	* that follows. Defer `new_message` emission until these settle.
+	*/
+	pendingImageWrites = /* @__PURE__ */ new Set();
 	constructor(config) {
 		super();
 		this.clientId = config.clientId ?? process.env.FIRST_TREE_HUB_CLIENT_ID ?? `client_${randomUUID().slice(0, 8)}`;
@@ -1463,7 +1784,9 @@ var ClientConnection = class extends EventEmitter {
 				this.rejectAllPendingBinds("WebSocket closed");
 				if (!settled) {
 					this.wsLogger.warn({ code }, "closed before ready");
-					settle(reject, /* @__PURE__ */ new Error(`WebSocket closed before ready (code ${code})`));
+					const typedErr = this.lastHandshakeError;
+					this.lastHandshakeError = null;
+					settle(reject, typedErr ?? /* @__PURE__ */ new Error(`WebSocket closed before ready (code ${code})`));
 					return;
 				}
 				this.wsLogger.warn({
@@ -1516,8 +1839,15 @@ var ClientConnection = class extends EventEmitter {
 			return;
 		}
 		if (type === "client:register:rejected") {
-			const err = /* @__PURE__ */ new Error(`client:register rejected: ${msg.message ?? "unknown"}`);
-			this.wsLogger.error({ message: msg.message }, "client register rejected");
+			const code = typeof msg.code === "string" ? msg.code : void 0;
+			const message = typeof msg.message === "string" ? msg.message : "unknown";
+			this.closing = true;
+			const err = code === "CLIENT_ORG_MISMATCH" ? new ClientOrgMismatchError$1(message) : /* @__PURE__ */ new Error(`client:register rejected: ${message}`);
+			this.lastHandshakeError = err;
+			this.wsLogger.error({
+				code,
+				message
+			}, "client register rejected");
 			this.emit("error", err);
 			this.ws?.close(4403, "register rejected");
 			return;
@@ -1604,9 +1934,36 @@ var ClientConnection = class extends EventEmitter {
 			});
 			return;
 		}
+		if (type === "image_payload") {
+			const parsed = imagePayloadFrameSchema.safeParse(msg);
+			if (!parsed.success) {
+				this.wsLogger.warn({ err: parsed.error.flatten() }, "malformed image_payload frame — dropping");
+				return;
+			}
+			const { imageId, chatId, mimeType, base64 } = parsed.data;
+			const write = writeImage({
+				chatId,
+				imageId,
+				mimeType,
+				base64
+			}).then(() => {}).catch((err) => {
+				this.wsLogger.warn({
+					err,
+					imageId,
+					chatId
+				}, "image_payload write failed");
+			});
+			this.pendingImageWrites.add(write);
+			write.finally(() => this.pendingImageWrites.delete(write));
+			return;
+		}
 		if (type === "new_message") {
 			const inboxId = msg.inboxId;
-			if (inboxId) this.emit("agent:message", inboxId, msg);
+			if (!inboxId) return;
+			if (this.pendingImageWrites.size > 0) Promise.all([...this.pendingImageWrites]).finally(() => {
+				this.emit("agent:message", inboxId, msg);
+			});
+			else this.emit("agent:message", inboxId, msg);
 			return;
 		}
 		if (type === "error") {
@@ -1717,163 +2074,6 @@ function getHandlerFactory(type) {
 	}
 	return factory;
 }
-/** Declare a config field with a Zod schema and optional metadata. */
-function field(schema, options) {
-	return {
-		_tag: "field",
-		_type: void 0,
-		schema,
-		options: options ?? {}
-	};
-}
-/** Mark a config group as optional — present only when at least one field has an explicit value. */
-function optional(shape) {
-	return {
-		_tag: "optional",
-		shape
-	};
-}
-/** Define a config shape. Identity function used for type inference. */
-function defineConfig(shape) {
-	return shape;
-}
-defineConfig({
-	agentId: field(z.string().min(1)),
-	runtime: field(z.string().default("claude-code")),
-	concurrency: field(z.number().int().positive().default(5)),
-	session: {
-		idle_timeout: field(z.number().int().positive().default(300)),
-		max_sessions: field(z.number().int().positive().default(10))
-	}
-});
-/**
-* Phase-dependent defaults that flip with release milestones. Kept as a plain
-* module-level constant so reviews of the beta→GA transition are a one-line
-* diff, and so tests can mock this module to exercise both branches.
-*/
-const UPDATE_POLICIES = [
-	"auto",
-	"prompt",
-	"off"
-];
-/**
-* Default value of `update.policy` on the Client config. During the beta this
-* is `"auto"` — operators rarely know to `npm i -g` weekly and we chase the
-* latest published Command by default. The GA PR flips it to `"prompt"` and
-* bumps Command to `1.0.0`.
-*/
-const UPDATE_POLICY_DEFAULT = "auto";
-const updatePolicySchema = z.enum(UPDATE_POLICIES);
-defineConfig({
-	server: { url: field(z.string(), {
-		env: "FIRST_TREE_HUB_SERVER_URL",
-		prompt: {
-			message: "Server URL:",
-			default: "http://localhost:8000"
-		}
-	}) },
-	client: { id: field(z.string().regex(/^client_[a-f0-9]{8}$/), {
-		auto: "client-id",
-		env: "FIRST_TREE_HUB_CLIENT_ID"
-	}) },
-	update: {
-		policy: field(updatePolicySchema.default(UPDATE_POLICY_DEFAULT), { env: "FIRST_TREE_HUB_UPDATE_POLICY" }),
-		restart_quiet_seconds: field(z.number().int().min(1).max(3600).default(30), { env: "FIRST_TREE_HUB_UPDATE_RESTART_QUIET_SECONDS" }),
-		restart_check_interval_seconds: field(z.number().int().min(5).max(300).default(10), { env: "FIRST_TREE_HUB_UPDATE_RESTART_CHECK_INTERVAL_SECONDS" }),
-		prompt_timeout_seconds: field(z.number().int().min(10).max(600).default(60), { env: "FIRST_TREE_HUB_UPDATE_PROMPT_TIMEOUT_SECONDS" })
-	},
-	logLevel: field(logLevelSchema.default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" })
-});
-const DEFAULT_HOME_DIR = process.env.FIRST_TREE_HUB_HOME ?? join(homedir(), ".first-tree", "hub");
-join(DEFAULT_HOME_DIR, "config");
-const DEFAULT_DATA_DIR = join(DEFAULT_HOME_DIR, "data");
-join(homedir(), ".first-tree-hub");
-defineConfig({
-	database: {
-		url: field(z.string(), {
-			env: "FIRST_TREE_HUB_DATABASE_URL",
-			auto: "docker-pg",
-			prompt: {
-				message: "PostgreSQL:",
-				type: "select",
-				choices: [{
-					name: "Auto-provision via Docker",
-					value: "__auto__"
-				}, {
-					name: "Provide connection URL",
-					value: "__input__"
-				}]
-			}
-		}),
-		provider: field(z.enum(["docker", "external"]).default("docker"))
-	},
-	server: {
-		port: field(z.number().default(8e3), { env: "FIRST_TREE_HUB_PORT" }),
-		host: field(z.string().default("127.0.0.1"), { env: "FIRST_TREE_HUB_HOST" })
-	},
-	secrets: {
-		jwtSecret: field(z.string(), {
-			env: "FIRST_TREE_HUB_JWT_SECRET",
-			auto: "random:base64url:32",
-			secret: true
-		}),
-		encryptionKey: field(z.string(), {
-			env: "FIRST_TREE_HUB_ENCRYPTION_KEY",
-			auto: "random:hex:32",
-			secret: true
-		})
-	},
-	contextTree: optional({
-		repo: field(z.string(), {
-			env: "FIRST_TREE_HUB_CONTEXT_TREE_REPO",
-			prompt: { message: "Context Tree repo URL (e.g. https://github.com/org/first-tree):" }
-		}),
-		branch: field(z.string().default("main"))
-	}),
-	github: {
-		webhookSecret: field(z.string().optional(), {
-			env: "FIRST_TREE_HUB_GITHUB_WEBHOOK_SECRET",
-			secret: true
-		}),
-		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
-	},
-	cors: optional({ origin: field(z.string(), { env: "FIRST_TREE_HUB_CORS_ORIGIN" }) }),
-	rateLimit: optional({
-		max: field(z.number().default(100), { env: "FIRST_TREE_HUB_RATE_LIMIT_MAX" }),
-		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
-		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" })
-	}),
-	kael: optional({
-		endpoint: field(z.string(), { env: "KAEL_ENDPOINT" }),
-		apiKey: field(z.string(), {
-			env: "KAEL_API_KEY",
-			secret: true
-		}),
-		hubPublicUrl: field(z.string(), { env: "FIRST_TREE_HUB_PUBLIC_URL" })
-	}),
-	observability: {
-		logging: {
-			level: field(logLevelSchema.default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" }),
-			format: field(logFormatSchema.default(process.env.NODE_ENV === "production" ? "json" : "pretty")),
-			bridgeToSpanLevel: field(z.enum([
-				"error",
-				"warn",
-				"off"
-			]).default("error"))
-		},
-		tracing: optional({
-			endpoint: field(z.string(), { env: "FIRST_TREE_HUB_OTEL_ENDPOINT" }),
-			headers: field(z.string().default(""), {
-				env: "FIRST_TREE_HUB_OTEL_HEADERS",
-				secret: true
-			}),
-			exporter: field(z.enum(["otlp-http", "otlp-grpc"]).default("otlp-http")),
-			serviceName: field(z.string().default("first-tree-hub")),
-			environment: field(z.string().default("development"), { env: "FIRST_TREE_HUB_OTEL_ENVIRONMENT" }),
-			sampleRate: field(z.number().min(0).max(1).default(1))
-		})
-	}
-});
 join(DEFAULT_DATA_DIR, "context-tree");
 /**
 * Bootstrap a workspace with .agent/ directory files.
@@ -2012,22 +2212,28 @@ Use the \`first-tree-hub agent send\` CLI — it reads the env vars above and
 attaches the \`Authorization\` + \`X-Agent-Id\` headers automatically:
 
 \`\`\`bash
-# Send to another agent (target = agent ID)
-first-tree-hub agent send <agentId> "your message"
+# Send to another agent — target is the agent NAME, NOT a uuid.
+# Names are stable (set on creation, immutable, unique in the org).
+# Run \`first-tree-hub agent list\` to see available names.
+first-tree-hub agent send <agentName> "your message"
 
-# Send to a chat (target = chat ID)
+# Send to a chat (target is a chat UUID; use this when replying into a
+# specific chat, e.g. a group where you were mentioned)
 first-tree-hub agent send --chat <chatId> "your message"
 
 # Send markdown (default format is text)
-first-tree-hub agent send <agentId> -f markdown "**bold** message"
+first-tree-hub agent send <agentName> -f markdown "**bold** message"
 
 # Reply to a specific message
-first-tree-hub agent send <agentId> --reply-to <messageId> "reply content"
+first-tree-hub agent send <agentName> --reply-to <messageId> "reply content"
 
 # Pipe long content via stdin (recommended for special characters)
-echo "long message body" | first-tree-hub agent send <agentId>
+echo "long message body" | first-tree-hub agent send <agentName>
 \`\`\`
 
+> Agent uuids appear in \`agent chats\`, chat history, and participant lists,
+> but they are NOT accepted by \`agent send\` — always use the name.
+
 For content with quotes, \`$\`, backticks, or newlines, prefer stdin to avoid shell escaping issues.
 `;
 }
@@ -2570,20 +2776,99 @@ function cleanWorkspaces(workspaceRoot, activeChatIds, ttlMs = DEFAULT_WORKSPACE
 	}
 	return removed;
 }
+/**
+* Resolve which Claude Code binary the SDK should spawn.
+*
+* Priority:
+*   1. `CLAUDE_CODE_EXECUTABLE` env var — explicit operator override
+*   2. `claude` on PATH — reuses whatever the user has already installed
+*   3. undefined — fall back to the SDK's bundled native binary
+*
+* The SDK's bundled binary ships as a per-platform **optional** npm dep
+* (`@anthropic-ai/claude-agent-sdk-<platform>-<arch>`). Any of: a proxy that
+* skips optional deps, an `.npmrc` with `omit=optional`, libc detection
+* failure, or a transient install error leaves that dep missing and the SDK
+* throws "Native CLI binary for <platform>-<arch> not found". Returning a PATH
+* hit here bypasses the missing bundle entirely.
+*/
+function resolveClaudeCodeExecutable(opts = {}) {
+	const env = opts.env ?? process.env;
+	const override = env.CLAUDE_CODE_EXECUTABLE;
+	if (override && override.length > 0 && existsSync(override)) return {
+		path: override,
+		source: "env"
+	};
+	const found = findOnPath("claude", env);
+	if (found) return {
+		path: found,
+		source: "path"
+	};
+	return {
+		path: void 0,
+		source: "default"
+	};
+}
+function findOnPath(name, env) {
+	const rawPath = env.PATH ?? env.Path ?? env.path ?? "";
+	if (!rawPath) return void 0;
+	const exts = process.platform === "win32" ? splitPathExt(env.PATHEXT) : [""];
+	for (const dir of rawPath.split(delimiter)) {
+		if (!dir) continue;
+		for (const ext of exts) {
+			const full = join(dir, name + ext);
+			if (existsSync(full)) return full;
+		}
+	}
+}
+function splitPathExt(pathext) {
+	if (!pathext) return [
+		".EXE",
+		".CMD",
+		".BAT",
+		".COM",
+		""
+	];
+	const parts = pathext.split(";").filter(Boolean);
+	return parts.length > 0 ? [...parts, ""] : [""];
+}
 const MAX_RETRIES = 2;
 const TOOL_RESULT_PREVIEW_LIMIT = 400;
 const ASSISTANT_TEXT_EVENT_LIMIT = 8e3;
-const SUPPORTED_IMAGE_MIMES = new Set([
-	"image/png",
-	"image/jpeg",
-	"image/gif",
-	"image/webp"
-]);
-function isImageFileContent(content) {
+const SUPPORTED_IMAGE_MIMES = new Set(SUPPORTED_IMAGE_MIMES$1);
+const MIME_TO_EXT = {
+	"image/png": "png",
+	"image/jpeg": "jpg",
+	"image/gif": "gif",
+	"image/webp": "webp"
+};
+function isImageRefContent(content) {
+	if (!content || typeof content !== "object") return false;
+	const c = content;
+	return typeof c.imageId === "string" && typeof c.mimeType === "string" && typeof c.filename === "string" && SUPPORTED_IMAGE_MIMES.has(c.mimeType);
+}
+function isLegacyImageFileContent(content) {
 	if (!content || typeof content !== "object") return false;
 	const c = content;
 	return typeof c.data === "string" && typeof c.mimeType === "string" && typeof c.filename === "string" && SUPPORTED_IMAGE_MIMES.has(c.mimeType);
 }
+/** chat_id values are DB-generated UUIDs; reject anything else so we never
+* traverse out of the images dir if the field is ever tampered with. */
+function sanitizeChatId(chatId) {
+	return /^[a-zA-Z0-9-]+$/.test(chatId) ? chatId : "unknown";
+}
+/**
+* Write a legacy inline-base64 image to a temp file so Claude Code's Read
+* tool can pick it up. Only the legacy path — new messages go through the
+* image_payload WS push which pre-writes to the data dir before delivery.
+*/
+async function writeLegacyImageToTempFile(content, chatId) {
+	const dir = join(tmpdir(), "first-tree-hub", "images", sanitizeChatId(chatId));
+	await mkdir(dir, { recursive: true });
+	const ext = MIME_TO_EXT[content.mimeType];
+	const path = join(dir, `${Date.now()}-${randomUUID().slice(0, 8)}.${ext}`);
+	await writeFile(path, Buffer.from(content.data, "base64"));
+	return path;
+}
 function extractContentBlocks(message) {
 	if (!message || typeof message !== "object") return [];
 	const inner = message.message;
@@ -2741,6 +3026,7 @@ const createClaudeCodeHandler = (config) => {
 	const workspaceRoot = config.workspaceRoot;
 	const agentConfigCache = config.agentConfigCache ?? null;
 	const gitMirrorManager = config.gitMirrorManager ?? null;
+	const claudeCodeExecutable = config.claudeCodeExecutable ?? resolveClaudeCodeExecutable().path;
 	let cwd = null;
 	let claudeSessionId = null;
 	let currentQuery = null;
@@ -2755,35 +3041,64 @@ const createClaudeCodeHandler = (config) => {
 	let appliedPayload = null;
 	/** Worktrees materialised for this session — each entry removed on shutdown. */
 	const ownedWorktrees = [];
-	function toSDKUserMessage(message, sessionId) {
-		if (message.format === "file" && isImageFileContent(message.content)) {
-			const { data, mimeType, filename } = message.content;
-			return {
-				type: "user",
-				message: {
-					role: "user",
-					content: [{
-						type: "text",
-						text: `${message.senderId ? `[From: ${message.senderId}]\n\n` : ""}[Attached image: ${filename}]`
-					}, {
-						type: "image",
-						source: {
-							type: "base64",
-							media_type: mimeType,
-							data
-						}
-					}]
-				},
-				parent_tool_use_id: null,
-				session_id: sessionId
-			};
+	async function toSDKUserMessage(message, sessionCtx, sessionId) {
+		if (message.format === "file") {
+			const senderLabel = message.senderId ? await sessionCtx.resolveSenderLabel(message.senderId) : "";
+			const prefix = senderLabel ? `[From: ${senderLabel}]\n\n` : "";
+			if (isImageRefContent(message.content)) {
+				const { imageId, mimeType, filename } = message.content;
+				const imagePath = findImagePath(message.chatId, imageId, mimeType);
+				if (imagePath) return {
+					type: "user",
+					message: {
+						role: "user",
+						content: `${prefix}An image was shared in this chat. Please use the Read tool to read it, then respond based on what you see.\n\nFilename: ${filename}\nPath: ${imagePath}`
+					},
+					parent_tool_use_id: null,
+					session_id: sessionId
+				};
+				return {
+					type: "user",
+					message: {
+						role: "user",
+						content: `${prefix}${`[Image "${filename}" not available on this device]`}`
+					},
+					parent_tool_use_id: null,
+					session_id: sessionId
+				};
+			}
+			if (isLegacyImageFileContent(message.content)) {
+				const { filename } = message.content;
+				try {
+					return {
+						type: "user",
+						message: {
+							role: "user",
+							content: `${prefix}An image was shared in this chat. Please use the Read tool to read it, then respond based on what you see.\n\nFilename: ${filename}\nPath: ${await writeLegacyImageToTempFile(message.content, message.chatId)}`
+						},
+						parent_tool_use_id: null,
+						session_id: sessionId
+					};
+				} catch (err) {
+					const fallbackText = `[Image attachment "${filename}" failed to materialise]`;
+					ctx?.log(`Failed to write image to temp file: ${err instanceof Error ? err.message : String(err)}`);
+					return {
+						type: "user",
+						message: {
+							role: "user",
+							content: `${prefix}${fallbackText}`
+						},
+						parent_tool_use_id: null,
+						session_id: sessionId
+					};
+				}
+			}
 		}
-		const rawContent = typeof message.content === "string" ? message.content : JSON.stringify(message.content);
 		return {
 			type: "user",
 			message: {
 				role: "user",
-				content: message.senderId ? `[From: ${message.senderId}]\n\n${rawContent}` : rawContent
+				content: await sessionCtx.formatInboundContent(message)
 			},
 			parent_tool_use_id: null,
 			session_id: sessionId
@@ -2796,8 +3111,9 @@ const createClaudeCodeHandler = (config) => {
 	* process.env contains internal markers (CLAUDECODE, CLAUDE_CODE_ENTRYPOINT,
 	* CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, npm_lifecycle_script) that cause the
 	* child to enable Agent Teams infrastructure and use wrong init paths,
-	* resulting in ~90s cold start vs ~17s standalone. Strip these so the child
-	* starts clean; the SDK sets its own CLAUDE_CODE_ENTRYPOINT="sdk-ts".
+	* resulting in ~90s cold start vs ~17s standalone. Strip these here (Claude
+	* Code specific) then let the runtime layer add the Agent-Hub envelope via
+	* `ctx.buildAgentEnv` so all handlers expose the same vars uniformly.
 	*/
 	function buildEnv(sessionCtx) {
 		const env = { ...process.env };
@@ -2807,12 +3123,7 @@ const createClaudeCodeHandler = (config) => {
 		delete env.npm_lifecycle_script;
 		const payload = agentConfigCache?.get(sessionCtx.agent.agentId)?.payload;
 		if (payload) for (const e of payload.env) env[e.key] = e.value;
-		return {
-			...env,
-			FIRST_TREE_HUB_SERVER_URL: sessionCtx.sdk.serverUrl,
-			FIRST_TREE_HUB_AGENT_ID: sessionCtx.agent.agentId,
-			FIRST_TREE_HUB_CHAT_ID: sessionCtx.chatId
-		};
+		return sessionCtx.buildAgentEnv(env);
 	}
 	/** Create query and input controller, then start consumer loop. */
 	function spawnQuery(sessionId, sessionCtx, resume) {
@@ -2850,7 +3161,9 @@ const createClaudeCodeHandler = (config) => {
 				abortController,
 				permissionMode,
 				allowDangerouslySkipPermissions: true,
+				settingSources: ["project"],
 				env: buildEnv(sessionCtx),
+				...claudeCodeExecutable ? { pathToClaudeCodeExecutable: claudeCodeExecutable } : {},
 				...payload?.model ? { model: payload.model } : {},
 				...payload?.prompt.append ? { systemPrompt: {
 					type: "preset",
@@ -2913,10 +3226,7 @@ const createClaudeCodeHandler = (config) => {
 								if (message.result && sessionCtx.chatId) {
 									const resultText = message.result;
 									try {
-										await sessionCtx.sdk.sendMessage(sessionCtx.chatId, {
-											format: "text",
-											content: resultText
-										});
+										await sessionCtx.forwardResult(resultText);
 										sessionCtx.log("Result forwarded to chat");
 										sessionCtx.reportSessionCompletion();
 										sessionCtx.emitEvent({
@@ -3076,7 +3386,7 @@ const createClaudeCodeHandler = (config) => {
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			sessionCtx.log(`Starting session (${claudeSessionId}), cwd=${cwd}, permissionMode=${config.permissionMode ?? "bypassPermissions"}`);
 			spawnQuery(claudeSessionId, sessionCtx);
-			const sdkMsg = toSDKUserMessage(message, claudeSessionId);
+			const sdkMsg = await toSDKUserMessage(message, sessionCtx, claudeSessionId);
 			inputController?.push(sdkMsg);
 			sessionCtx.log(`Session started (${claudeSessionId})`);
 			return claudeSessionId;
@@ -3091,7 +3401,7 @@ const createClaudeCodeHandler = (config) => {
 			await prepareGitWorktrees(cwd, payload, sessionCtx);
 			sessionCtx.log(`Resuming session (${sessionId}), cwd=${cwd}`);
 			spawnQuery(sessionId, sessionCtx, sessionId);
-			if (message) inputController?.push(toSDKUserMessage(message, sessionId));
+			if (message) inputController?.push(await toSDKUserMessage(message, sessionCtx, sessionId));
 			sessionCtx.log(`Session resumed (${sessionId})`);
 			return sessionId;
 		},
@@ -3104,8 +3414,13 @@ const createClaudeCodeHandler = (config) => {
 			const sid = claudeSessionId;
 			maybeSwitchConfig(sessionCtx).catch((err) => {
 				sessionCtx.log(`maybeSwitchConfig errored: ${err instanceof Error ? err.message : String(err)}`);
-			}).finally(() => {
-				inputController?.push(toSDKUserMessage(message, sid));
+			}).finally(async () => {
+				try {
+					const sdkMsg = await toSDKUserMessage(message, sessionCtx, sid);
+					inputController?.push(sdkMsg);
+				} catch (err) {
+					sessionCtx.log(`toSDKUserMessage errored: ${err instanceof Error ? err.message : String(err)}`);
+				}
 			});
 		},
 		async suspend() {
@@ -3190,7 +3505,13 @@ function generateClaudeMd(workspacePath, identity, contextTreePath) {
 }
 /** Register all built-in handlers. Call once at startup. */
 function registerBuiltinHandlers() {
-	registerHandler("claude-code", createClaudeCodeHandler);
+	const resolution = resolveClaudeCodeExecutable();
+	if (resolution.path) process.stderr.write(`[handlers] Claude Code executable: ${resolution.path} (source=${resolution.source})\n`);
+	else process.stderr.write("[handlers] Claude Code executable: using SDK bundled native binary (set CLAUDE_CODE_EXECUTABLE or install `claude` on PATH to override)\n");
+	registerHandler("claude-code", (config) => createClaudeCodeHandler({
+		...config,
+		claudeCodeExecutable: resolution.path
+	}));
 }
 function createAgentConfigCache(opts) {
 	const { sdk } = opts;
@@ -3269,6 +3590,84 @@ function createAgentConfigCache(opts) {
 	};
 }
 /**
+* Cross-handler plumbing for Agent Hub ↔ agent-runtime interaction.
+*
+* Every handler that shells out to the `first-tree-hub` CLI or otherwise acts
+* on behalf of the agent needs the same envelope variables (server URL, agent
+* id, inbox id, chat id). And every handler that hands inbound messages to an
+* LLM benefits from the same `[From: <name>]` attribution header so the LLM
+* can see who authored each message in human-readable terms.
+*
+* Keeping these helpers in one place means adding a second handler (Gemini,
+* Cursor Agent, custom LLM, …) does not reimplement either concern.
+*/
+/**
+* Build the env for CLI sub-processes that need to call `first-tree-hub ...`.
+* Layers the Agent-Hub envelope variables on top of the parent env. Handlers
+* that start sub-processes should call this so every one of them sees the
+* same envelope — enabling replyTo inference, access-token propagation, and
+* agent-id binding without per-handler duplication.
+*/
+function buildAgentEnv(parentEnv, ctx) {
+	return {
+		...parentEnv,
+		FIRST_TREE_HUB_SERVER_URL: ctx.sdk.serverUrl,
+		FIRST_TREE_HUB_AGENT_ID: ctx.agent.agentId,
+		FIRST_TREE_HUB_INBOX_ID: ctx.agent.inboxId,
+		FIRST_TREE_HUB_CHAT_ID: ctx.chatId
+	};
+}
+function createParticipantCache(sdk, chatId, log) {
+	let cached = null;
+	let inflight = null;
+	return { async get() {
+		if (cached) return cached;
+		if (!inflight) inflight = (async () => {
+			try {
+				const rows = await sdk.listChatParticipants(chatId);
+				cached = rows;
+				return rows;
+			} catch (err) {
+				log(`listChatParticipants failed: ${err instanceof Error ? err.message : String(err)}`);
+				return [];
+			} finally {
+				inflight = null;
+			}
+		})();
+		return inflight;
+	} };
+}
+/**
+* Resolve `senderId` → display-friendly label the LLM can actually
+* disambiguate. Prefers `name` (unique per chat, used as the `@<name>`
+* mention token), falls back to `displayName`, then to the raw id. The last
+* fallback matters for edge cases — e.g. a participant removed mid-session
+* after we cached an earlier participants snapshot.
+*/
+function resolveSenderLabel(senderId, participants) {
+	for (const p of participants) {
+		if (p.agentId !== senderId) continue;
+		if (p.name) return p.name;
+		if (p.displayName) return p.displayName;
+		return senderId;
+	}
+	return senderId;
+}
+/**
+* Produce the handler-facing string form of an inbound message. Prefixes a
+* `[From: <name>]` line when the sender is a known participant. Structured
+* content is serialised to JSON — handlers that want to feed structured
+* content some other way should opt out and format themselves.
+*
+* Async because the participant list may need a server round-trip on first
+* use; subsequent messages in the same session hit the cache.
+*/
+async function formatInboundContent(message, participants) {
+	const rawContent = typeof message.content === "string" ? message.content : JSON.stringify(message.content);
+	if (!message.senderId) return rawContent;
+	return `[From: ${resolveSenderLabel(message.senderId, await participants.get())}]\n\n${rawContent}`;
+}
+/**
 * Deduplicator — bounded set of recently seen IDs.
 *
 * Used to deduplicate at-least-once delivered messages at the dispatch layer.
@@ -3299,6 +3698,24 @@ var Deduplicator = class {
 		return this.seen.size;
 	}
 };
+function createResultSink(deps) {
+	async function buildMetadata(trigger) {
+		if (!trigger || trigger.senderId === deps.agent.agentId) return void 0;
+		if ((await deps.participants.get()).length <= 2) return void 0;
+		return { mentions: [trigger.senderId] };
+	}
+	return async function forwardResult(text) {
+		const trigger = deps.getTrigger();
+		deps.clearTrigger();
+		const metadata = await buildMetadata(trigger);
+		await deps.sdk.sendMessage(deps.chatId, {
+			format: "text",
+			content: text,
+			...trigger ? { inReplyTo: trigger.messageId } : {},
+			...metadata ? { metadata } : {}
+		});
+	};
+}
 const REGISTRY_VERSION = 1;
 /**
 * SessionRegistry — persists `chatId → claudeSessionId` mappings to disk.
@@ -3388,6 +3805,14 @@ var SessionManager = class {
 	evictedMappings = /* @__PURE__ */ new Map();
 	config;
 	deduplicator = new Deduplicator(1e3);
+	/**
+	* Current trigger (messageId + senderId) per chat — the message that kicked
+	* off the current or most-recent turn. Read by `forwardResult` (via the
+	* resultSink closure) to attach `inReplyTo` and default mentions to the
+	* outbound reply. Maintained entirely by the runtime: handlers never touch
+	* this map, which keeps adding a new handler trivial.
+	*/
+	currentTrigger = /* @__PURE__ */ new Map();
 	registry;
 	pendingQueue = [];
 	lastReportedStates = /* @__PURE__ */ new Map();
@@ -3407,11 +3832,24 @@ var SessionManager = class {
 	* Delayed ACK: messages are ACKed when the handler begins processing,
 	* not on pull. `delivered` = pulled but not yet processing,
 	* `acked` = handler has started processing (read receipt).
+	*
+	* One routing guard fires before any session lookup (see
+	* proposals/hub-agent-messaging-reply-and-mentions §3.5):
+	*
+	* - **Echo suppression** — in direct chats, a peer's reply to a message
+	*   *we* sent here but whose `replyTo` points elsewhere would otherwise
+	*   bounce our session back on. Suppress it so the reply routes only to
+	*   the external chat where we're actually waiting.
+	*
+	* The mention filter used to live here too, but it moved server-side to
+	* the fan-out step — see `services/message.ts sendMessage`. Anything
+	* reaching dispatch has already passed that check.
 	*/
 	async dispatch(entry) {
 		const chatId = entry.chatId ?? entry.message.chatId;
 		const messageId = entry.message.id;
-		if (this.deduplicator.isDuplicate(messageId)) {
+		const dedupKey = `${chatId}:${messageId}`;
+		if (this.deduplicator.isDuplicate(dedupKey)) {
 			this.config.log.debug({
 				chatId,
 				messageId
@@ -3428,6 +3866,14 @@ var SessionManager = class {
 				err
 			}, "config version mismatch — skipping refresh");
 		}
+		if (shouldSuppressEcho(entry, this.config.agentIdentity.agentId)) {
+			this.config.log.info({
+				chatId,
+				messageId
+			}, "suppressing echo — message replies to our own send whose replyTo points elsewhere");
+			await this.ackEntry(entry.id, chatId);
+			return;
+		}
 		const message = this.extractMessage(entry);
 		await this.routeMessage(chatId, message, entry.id);
 	}
@@ -3454,6 +3900,7 @@ var SessionManager = class {
 			this.evictedMappings.delete(chatId);
 			this.sessionRuntimeStates.delete(chatId);
 			this.lastReportedStates.delete(chatId);
+			this.currentTrigger.delete(chatId);
 			for (let i = this.pendingQueue.length - 1; i >= 0; i--) if (this.pendingQueue[i]?.chatId === chatId) this.pendingQueue.splice(i, 1);
 			this.recomputeRuntimeState();
 			this.persistRegistry();
@@ -3524,6 +3971,10 @@ var SessionManager = class {
 		}));
 	}
 	async routeMessage(chatId, message, entryId) {
+		if (message.id) this.currentTrigger.set(chatId, {
+			messageId: message.id,
+			senderId: message.senderId
+		});
 		const existing = this.sessions.get(chatId);
 		if (existing) switch (existing.status) {
 			case "active":
@@ -3712,6 +4163,7 @@ var SessionManager = class {
 			}
 			this.sessions.delete(candidate.key);
 			this.sessionRuntimeStates.delete(candidate.key);
+			this.currentTrigger.delete(candidate.key);
 			this.recomputeRuntimeState();
 			this.persistRegistry();
 		}
@@ -3769,10 +4221,28 @@ var SessionManager = class {
 	}
 	buildSessionContext(chatId) {
 		const sessionLog = this.config.log.child({ chatId });
+		const log = (msg) => sessionLog.info(msg);
+		const participants = createParticipantCache(this.config.sdk, chatId, log);
+		const forwardResult = createResultSink({
+			sdk: this.config.sdk,
+			agent: this.config.agentIdentity,
+			chatId,
+			getTrigger: () => this.currentTrigger.get(chatId) ?? null,
+			clearTrigger: () => {
+				this.currentTrigger.delete(chatId);
+			},
+			log,
+			participants
+		});
+		const envCtx = {
+			sdk: this.config.sdk,
+			agent: this.config.agentIdentity,
+			chatId
+		};
 		return {
 			agent: this.config.agentIdentity,
 			sdk: this.config.sdk,
-			log: (msg) => sessionLog.info(msg),
+			log,
 			chatId,
 			touch: () => {
 				const entry = this.sessions.get(chatId);
@@ -3786,7 +4256,11 @@ var SessionManager = class {
 			},
 			reportSessionCompletion: () => {
 				this.config.onSessionCompletion?.(chatId);
-			}
+			},
+			forwardResult,
+			buildAgentEnv: (parentEnv) => buildAgentEnv(parentEnv, envCtx),
+			formatInboundContent: (message) => formatInboundContent(message, participants),
+			resolveSenderLabel: async (senderId) => resolveSenderLabel(senderId, await participants.get())
 		};
 	}
 	/** Update per-session runtime state and recompute aggregate. Only active sessions may update. */
@@ -3849,6 +4323,35 @@ var SessionManager = class {
 		this.registry.save(entries);
 	}
 };
+/**
+* Core echo rule: a reply to a message *we* sent in this same chat, whose
+* original carried a `replyTo` pointing to a *different* chat, must not wake
+* our session on this side. Server-side replyTo routing already delivers a
+* second entry in the target chat, so suppressing the fan-out copy here
+* leaves exactly one path from peer's reply to our waiting session.
+*
+* The four early-returns spell out "when this is NOT an echo":
+*  - no snapshot        → just a regular message, not a reply
+*  - sender isn't us    → replying to someone else's message, clearly not an echo
+*  - original chat != this chat
+*       → the reply arrived in a chat where we never sent the original;
+*         could only happen via replyTo fan-out of a different thread, so
+*         suppressing would silence a legit cross-chat handoff
+*  - original had no replyTo → sender didn't ask replies to route away, so
+*                              the peer's reply here is the canonical path
+*
+* Only when all four are satisfied AND the replyTo target is a different
+* chat do we suppress — that's exactly proposal §3.5 Case A.
+*/
+function shouldSuppressEcho(entry, myAgentId) {
+	const snapshot = entry.message.inReplyToSnapshot;
+	if (!snapshot) return false;
+	const entryChatId = entry.chatId ?? entry.message.chatId;
+	if (snapshot.senderId !== myAgentId) return false;
+	if (snapshot.chatId !== entryChatId) return false;
+	if (snapshot.replyToChat === null) return false;
+	return snapshot.replyToChat !== entryChatId;
+}
 var AgentSlot = class {
 	sessionManager = null;
 	config;
@@ -3944,6 +4447,7 @@ var AgentSlot = class {
 			},
 			agentIdentity: {
 				agentId: agent.agentId,
+				inboxId: agent.inboxId,
 				displayName: agent.displayName,
 				type: agent.type,
 				delegateMention: agent.delegateMention,
@@ -4276,6 +4780,27 @@ const print = {
 	line
 };
 //#endregion
+//#region src/core/agent-messaging.ts
+/**
+* Resolve `replyTo` envelope fields for `agent send`. When the CLI is invoked
+* from inside a claude-code session (the handler exports
+* `FIRST_TREE_HUB_CHAT_ID` + `FIRST_TREE_HUB_INBOX_ID`), default the reply
+* target to the calling session's own chat so the peer's reply routes back
+* to the caller rather than echoing in the peer-created direct chat.
+*
+* Explicit `--reply-to-*` flags always win. See proposals/
+* hub-agent-messaging-reply-and-mentions §3.2.
+*/
+function resolveReplyToFromEnv(env, override) {
+	const envChatId = env.FIRST_TREE_HUB_CHAT_ID;
+	const envInboxId = env.FIRST_TREE_HUB_INBOX_ID;
+	const envComplete = Boolean(envChatId && envInboxId);
+	return {
+		replyToInbox: override.replyToInbox ?? (envComplete ? envInboxId : void 0),
+		replyToChat: override.replyToChat ?? (envComplete ? envChatId : void 0)
+	};
+}
+//#endregion
 //#region src/core/admin.ts
 /**
 * Check if any user exists.
@@ -4356,6 +4881,96 @@ function makeUuidV7() {
 	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
 }
 //#endregion
+//#region src/core/client-reidentify.ts
+/**
+* Handle a `CLIENT_ORG_MISMATCH` from the server by rotating the local
+* `client.id` in `client.yaml`. The server binds every client to one org for
+* its lifetime; when the user's credentials move to a different org, the old
+* clientId becomes unusable and a new one must be issued locally. The old
+* yaml is preserved as `client.yaml.bak` so the operator can recover or
+* audit the previous identity.
+*
+* Returns the generated clientId. The caller is expected to reset the config
+* singleton and re-run its initialization so the new id takes effect.
+*/
+function rotateClientIdWithBackup(configDir) {
+	const yamlPath = join(configDir, "client.yaml");
+	const backupPath = join(configDir, "client.yaml.bak");
+	if (!existsSync(yamlPath)) throw new Error(`Cannot rotate client id — ${yamlPath} does not exist.`);
+	const raw = readFileSync(yamlPath, "utf-8");
+	copyFileSync(yamlPath, backupPath);
+	const parsed = parse(raw);
+	const current = typeof parsed === "object" && parsed !== null ? parsed : {};
+	const clientSection = typeof current.client === "object" && current.client !== null ? current.client : {};
+	const oldId = typeof clientSection.id === "string" ? clientSection.id : null;
+	const newId = `client_${randomBytes(4).toString("hex")}`;
+	writeFileSync(yamlPath, stringify({
+		...current,
+		client: {
+			...clientSection,
+			id: newId
+		}
+	}), { mode: 384 });
+	return {
+		oldId,
+		newId,
+		backupPath,
+		yamlPath
+	};
+}
+/**
+* Shared handler for `CLIENT_ORG_MISMATCH` across CLI entry points
+* (`client start` and `client connect --no-service`). Prompts interactively,
+* rotates the local clientId, and always exits the current process — the
+* runtime is already poisoned (wrong clientId in memory), so continuing
+* in-band is not safe. Service-supervised (managed) runs skip the prompt and
+* leave an audit trail in pino so operators can trace `.bak` files later.
+*
+* Exits with:
+*   - 0 after a successful rotate (operator is told how to re-run).
+*   - 1 if the user declines or rotation itself fails.
+*/
+async function handleClientOrgMismatch(err, opts) {
+	print.blank();
+	print.line("  ⚠️  This machine is registered as a client in a different organization.\n");
+	print.line(`     Server message: ${err.message}\n`);
+	print.blank();
+	if (!(opts.managed ? true : await confirm({
+		message: "Rotate the local client identity and register fresh?",
+		default: true
+	}).catch(() => false))) {
+		print.line("  Aborted — no changes made.\n");
+		process.exit(1);
+	}
+	try {
+		const { oldId, newId, backupPath } = rotateClientIdWithBackup(opts.configDir);
+		if (opts.managed) createLogger("client").warn({
+			oldId,
+			newId,
+			backupPath
+		}, "client identity rotated on CLIENT_ORG_MISMATCH (managed mode)");
+		print.blank();
+		print.line(`  ✓ Rotated local client identity.\n`);
+		print.line(`      old clientId: ${oldId ?? "(unset)"}\n`);
+		print.line(`      new clientId: ${newId}\n`);
+		print.line(`      previous yaml backed up to: ${backupPath}\n`);
+		print.blank();
+		print.line("  Note: the old client remains in the previous org. That org's admin\n");
+		print.line("  can remove it if cleanup is needed.\n");
+		print.blank();
+		if (opts.managed) print.line("  The background service will pick up the new identity on its next restart.\n\n");
+		else {
+			print.line("  To reconnect with the new identity, run:\n\n");
+			print.line(`      ${opts.rerunCommand}\n\n`);
+		}
+		process.exit(0);
+	} catch (rotateErr) {
+		const rmsg = rotateErr instanceof Error ? rotateErr.message : String(rotateErr);
+		print.line(`  Failed to rotate client identity: ${rmsg}\n`);
+		process.exit(1);
+	}
+}
+//#endregion
 //#region src/core/client-runtime.ts
 /**
 * Client runtime — one shared ClientConnection, multiple agents multiplexed.
@@ -5664,7 +6279,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-GlaczcVf.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-B1Kiq7S6.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -5737,75 +6352,832 @@ async function promptMissingFields(options) {
 			setNestedByDot(results, dotPath, value);
 		}
 	}
-	return results;
-}
-/**
-* Interactive add agent — simple two-field prompt.
-*/
-async function promptAddAgent() {
-	return {
-		name: await input({
-			message: "Local alias:",
-			validate: (v) => /^[a-z0-9][a-z0-9-]*$/.test(v) ? true : "Lowercase alphanumeric and hyphens only"
-		}),
-		agentId: await input({
-			message: "Agent UUID on the Hub:",
-			validate: (v) => v.length > 0 ? true : "Agent UUID is required"
-		})
-	};
-}
-async function askPrompt(dotPath, prompt) {
-	const type = prompt.type ?? "input";
-	if (type === "select" && prompt.choices) {
-		const value = await select({
-			message: prompt.message,
-			choices: prompt.choices.map((c) => ({
-				name: c.name,
-				value: c.value
-			}))
-		});
-		if (value === "__auto__") return void 0;
-		if (value === "__input__") return input({
-			message: `${dotPath}:`,
-			validate: (v) => v.length > 0 ? true : "Value is required"
+	return results;
+}
+/**
+* Interactive add agent — simple two-field prompt.
+*/
+async function promptAddAgent() {
+	return {
+		name: await input({
+			message: "Local alias:",
+			validate: (v) => /^[a-z0-9][a-z0-9-]*$/.test(v) ? true : "Lowercase alphanumeric and hyphens only"
+		}),
+		agentId: await input({
+			message: "Agent UUID on the Hub:",
+			validate: (v) => v.length > 0 ? true : "Agent UUID is required"
+		})
+	};
+}
+async function askPrompt(dotPath, prompt) {
+	const type = prompt.type ?? "input";
+	if (type === "select" && prompt.choices) {
+		const value = await select({
+			message: prompt.message,
+			choices: prompt.choices.map((c) => ({
+				name: c.name,
+				value: c.value
+			}))
+		});
+		if (value === "__auto__") return void 0;
+		if (value === "__input__") return input({
+			message: `${dotPath}:`,
+			validate: (v) => v.length > 0 ? true : "Value is required"
+		});
+		return value;
+	}
+	if (type === "password") return password({ message: prompt.message });
+	return input({
+		message: prompt.message,
+		default: prompt.default
+	});
+}
+/** Walk schema to find the env var name for a given dot path. */
+function findEnvVar(schema, dotPath) {
+	const parts = dotPath.split(".");
+	let current = schema;
+	for (const part of parts) {
+		if (current === null || current === void 0 || typeof current !== "object") return void 0;
+		const obj = current;
+		if (obj._tag === "optional") current = obj.shape[part];
+		else current = obj[part];
+	}
+	if (typeof current === "object" && current !== null && "_tag" in current) {
+		const field = current;
+		if (field._tag === "field") return field.options?.env;
+	}
+}
+function setNestedByDot(obj, dotPath, value) {
+	const parts = dotPath.split(".");
+	let current = obj;
+	for (let i = 0; i < parts.length - 1; i++) {
+		const key = parts[i];
+		if (key === void 0) continue;
+		if (!(key in current) || typeof current[key] !== "object" || current[key] === null) current[key] = {};
+		current = current[key];
+	}
+	const lastKey = parts.at(-1);
+	if (lastKey !== void 0) current[lastKey] = value;
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/schema.js
+const FeedbackType = z.enum(["bug", "feature"]);
+const BrowserContext = z.object({
+	url: z.string().optional(),
+	userAgent: z.string().optional(),
+	browser: z.string().optional(),
+	os: z.string().optional(),
+	viewport: z.string().optional()
+});
+const ConsoleError = z.object({
+	message: z.string(),
+	stack: z.string().optional(),
+	timestamp: z.string().optional()
+});
+const FailedRequest = z.object({
+	method: z.string(),
+	url: z.string(),
+	status: z.number().optional(),
+	statusText: z.string().optional()
+});
+const AgentContext = z.object({
+	toolCalls: z.array(z.object({
+		name: z.string(),
+		error: z.string().optional()
+	})).optional(),
+	errorTraces: z.array(z.string()).optional(),
+	environment: z.record(z.string()).optional()
+});
+const FeedbackContext = z.object({
+	source: z.enum(["web-plugin", "agent-skill"]),
+	browser: BrowserContext.optional(),
+	consoleErrors: z.array(ConsoleError).optional(),
+	failedRequests: z.array(FailedRequest).optional(),
+	agent: AgentContext.optional(),
+	screenshotUrl: z.string().optional(),
+	timestamp: z.string().optional(),
+	extra: z.record(z.string()).optional()
+});
+const ReporterInfo = z.object({ email: z.string().email().optional() });
+const FeedbackReport = z.object({
+	type: FeedbackType,
+	title: z.string().min(5, "Title must be at least 5 characters"),
+	description: z.string(),
+	context: FeedbackContext,
+	reporter: ReporterInfo.optional()
+});
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/errors.js
+var HearbackError = class extends Error {
+	code;
+	constructor(message, code) {
+		super(message);
+		this.code = code;
+		this.name = "HearbackError";
+	}
+};
+var GitHubAuthError = class extends HearbackError {
+	constructor(status, message, url = "") {
+		let hint;
+		if (status === 401) hint = "GitHub token is missing or expired.";
+		else if (status === 403) if (url.includes("/contents/") || url.includes("/git/refs")) hint = "Token lacks \"contents:write\" scope. Needed for screenshot uploads and saving subscribers to the hearback-data branch.";
+		else if (url.includes("/issues") || url.includes("/labels")) hint = "Token lacks \"issues:write\" scope. Needed to create issues, labels, and reactions.";
+		else hint = `GitHub returned 403 (forbidden) for ${url || "API call"}. Check token permissions.`;
+		else hint = `GitHub API returned ${status}: ${message}`;
+		super(hint, "GITHUB_AUTH_ERROR");
+	}
+};
+var GitHubRateLimitError = class extends HearbackError {
+	resetAt;
+	constructor(resetAt) {
+		super(`GitHub API rate limit exceeded. Resets at ${resetAt.toISOString()}`, "GITHUB_RATE_LIMIT");
+		this.resetAt = resetAt;
+	}
+};
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/github.js
+function parseRepo(repo) {
+	const parts = repo.split("/");
+	if (parts.length !== 2 || !parts[0] || !parts[1]) throw new HearbackError(`Invalid repo format: "${repo}". Expected "owner/name".`, "INVALID_REPO");
+	return {
+		owner: parts[0],
+		name: parts[1]
+	};
+}
+async function githubFetch(config, path, options = {}) {
+	const base = config.apiBase ?? "https://api.github.com";
+	const url = path.startsWith("http") ? path : `${base}${path}`;
+	const res = await fetch(url, {
+		...options,
+		headers: {
+			Accept: "application/vnd.github.v3+json",
+			Authorization: `Bearer ${config.token}`,
+			"User-Agent": "hearback",
+			...options.headers
+		}
+	});
+	if (res.status === 401 || res.status === 403) throw new GitHubAuthError(res.status, await res.text(), path);
+	if (res.status === 429) {
+		const resetHeader = res.headers.get("x-ratelimit-reset");
+		throw new GitHubRateLimitError(resetHeader ? /* @__PURE__ */ new Date(Number(resetHeader) * 1e3) : /* @__PURE__ */ new Date());
+	}
+	return res;
+}
+async function createIssue(config, params) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/issues`, {
+		method: "POST",
+		body: JSON.stringify(params),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok) throw new HearbackError(`Failed to create issue: ${res.status} ${await res.text()}`, "GITHUB_CREATE_ISSUE_FAILED");
+	return res.json();
+}
+async function searchIssues(config, query) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/search/issues?q=${encodeURIComponent(`${query} repo:${owner}/${name} is:issue label:hearback`)}&per_page=5`);
+	if (!res.ok) return {
+		total_count: 0,
+		items: []
+	};
+	return res.json();
+}
+async function addReaction(config, issueNumber, reaction = "+1") {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/issues/${issueNumber}/reactions`, {
+		method: "POST",
+		body: JSON.stringify({ content: reaction }),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok && res.status !== 422) throw new HearbackError(`Failed to add reaction: ${res.status}`, "GITHUB_REACTION_FAILED");
+}
+/** Read a file from a repo branch. Returns null if not found. */
+async function getRepoFile(config, path, branch) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/contents/${path}${branch ? `?ref=${branch}` : ""}`);
+	if (res.status === 404) return null;
+	if (!res.ok) throw new HearbackError(`Failed to read file ${path}: ${res.status}`, "GITHUB_READ_FILE_FAILED");
+	const data = await res.json();
+	return {
+		content: data.encoding === "base64" ? Buffer.from(data.content, "base64").toString("utf-8") : data.content,
+		sha: data.sha
+	};
+}
+/** Write (create or update) a file on a repo branch. Requires sha for updates. */
+async function putRepoFile(config, params) {
+	const { owner, name } = parseRepo(config.repo);
+	const base64 = Buffer.isBuffer(params.content) ? params.content.toString("base64") : Buffer.from(params.content, "utf-8").toString("base64");
+	const body = {
+		message: params.message,
+		content: base64
+	};
+	if (params.branch) body.branch = params.branch;
+	if (params.sha) body.sha = params.sha;
+	const res = await githubFetch(config, `/repos/${owner}/${name}/contents/${params.path}`, {
+		method: "PUT",
+		body: JSON.stringify(body),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok) throw new HearbackError(`Failed to write file ${params.path}: ${res.status}`, "GITHUB_WRITE_FILE_FAILED");
+	const data = await res.json();
+	return {
+		downloadUrl: data.content.download_url,
+		htmlUrl: data.content.html_url,
+		sha: data.content.sha
+	};
+}
+/** Ensure a branch exists; creates it from default branch (main/master) if missing. */
+async function ensureBranch(config, branchName) {
+	const { owner, name } = parseRepo(config.repo);
+	const checkRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs/heads/${branchName}`);
+	if (checkRes.ok) return;
+	if (checkRes.status !== 404) throw new HearbackError(`Failed to check branch: ${checkRes.status}`, "GITHUB_CHECK_BRANCH_FAILED");
+	const repoRes = await githubFetch(config, `/repos/${owner}/${name}`);
+	if (!repoRes.ok) throw new HearbackError(`Failed to read repo: ${repoRes.status}`, "GITHUB_READ_REPO_FAILED");
+	const defaultRefRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs/heads/${(await repoRes.json()).default_branch}`);
+	if (!defaultRefRes.ok) throw new HearbackError(`Failed to read default branch: ${defaultRefRes.status}`, "GITHUB_READ_DEFAULT_BRANCH_FAILED");
+	const defaultRef = await defaultRefRes.json();
+	const createRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs`, {
+		method: "POST",
+		body: JSON.stringify({
+			ref: `refs/heads/${branchName}`,
+			sha: defaultRef.object.sha
+		}),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!createRes.ok && createRes.status !== 422) throw new HearbackError(`Failed to create branch: ${createRes.status}`, "GITHUB_CREATE_BRANCH_FAILED");
+}
+async function uploadImage(config, imageData, filename) {
+	const { downloadUrl } = await putRepoFile(config, {
+		path: `_hearback-uploads/${Date.now()}-${filename}`,
+		content: imageData,
+		message: `[hearback] upload screenshot: ${filename}`
+	});
+	const tokenIdx = downloadUrl.indexOf("?token=");
+	return tokenIdx === -1 ? downloadUrl : downloadUrl.slice(0, tokenIdx);
+}
+async function ensureLabels(config, labels) {
+	const { owner, name } = parseRepo(config.repo);
+	for (const label of labels) {
+		const color = getLabelColor(label);
+		const res = await githubFetch(config, `/repos/${owner}/${name}/labels`, {
+			method: "POST",
+			body: JSON.stringify({
+				name: label,
+				color
+			}),
+			headers: { "Content-Type": "application/json" }
+		});
+		if (!res.ok && res.status !== 422) throw new HearbackError(`Failed to create label "${label}": ${res.status}`, "GITHUB_LABEL_FAILED");
+	}
+}
+function getLabelColor(label) {
+	return label === "hearback" ? "F59E0B" : "CCCCCC";
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/formatter.js
+function formatIssueBody(report) {
+	const sections = [];
+	const heading = report.type === "bug" ? "Bug Report" : "Feature Request";
+	sections.push(`## ${heading}`);
+	sections.push(`**描述**: ${report.description}`);
+	if (report.context.screenshotUrl) sections.push(`\n**截图**:\n![screenshot](${report.context.screenshotUrl})`);
+	sections.push(formatContextTable(report));
+	if (report.context.consoleErrors?.length) sections.push(formatConsoleErrors(report.context.consoleErrors));
+	if (report.context.failedRequests?.length) sections.push(formatFailedRequests(report.context.failedRequests));
+	if (report.context.agent?.toolCalls?.length) sections.push(formatToolCalls(report.context.agent.toolCalls));
+	if (report.context.agent?.errorTraces?.length) sections.push(formatErrorTraces(report.context.agent.errorTraces));
+	return sections.join("\n\n");
+}
+function formatContextTable(report) {
+	const rows = [];
+	rows.push(["来源", report.context.source]);
+	if (report.context.browser?.url) rows.push(["页面", report.context.browser.url]);
+	if (report.context.browser?.browser && report.context.browser?.os) rows.push(["浏览器", `${report.context.browser.browser} / ${report.context.browser.os}`]);
+	else if (report.context.browser?.userAgent) rows.push(["User Agent", report.context.browser.userAgent]);
+	if (report.context.timestamp) rows.push(["时间", report.context.timestamp]);
+	if (report.context.extra) for (const [key, value] of Object.entries(report.context.extra)) rows.push([key, value]);
+	if (rows.length === 0) return "";
+	return [
+		"### 自动收集的上下文",
+		"",
+		"| 字段 | 值 |",
+		"|------|-----|",
+		...rows.map(([k, v]) => `| ${k} | ${v} |`)
+	].join("\n");
+}
+function formatConsoleErrors(errors) {
+	return [
+		"<details>",
+		"<summary>Console Errors</summary>",
+		"",
+		...errors.map((e) => {
+			let entry = e.message;
+			if (e.stack) entry += `\n    ${e.stack}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatFailedRequests(requests) {
+	return [
+		"<details>",
+		"<summary>Failed Network Requests</summary>",
+		"",
+		...requests.map((r) => {
+			let entry = `${r.method} ${r.url}`;
+			if (r.status) entry += ` → ${r.status}`;
+			if (r.statusText) entry += ` ${r.statusText}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatToolCalls(calls) {
+	return [
+		"<details>",
+		"<summary>Tool Calls</summary>",
+		"",
+		...calls.map((c) => {
+			let entry = `- \`${c.name}\``;
+			if (c.error) entry += ` — error: ${c.error}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatErrorTraces(traces) {
+	return [
+		"<details>",
+		"<summary>Error Traces</summary>",
+		"",
+		...traces.map((t) => `\`\`\`\n${t}\n\`\`\``),
+		"",
+		"</details>"
+	].join("\n");
+}
+const SUBSCRIBERS_PATH = "subscribers.json";
+function normalize(email) {
+	return email.toLowerCase().trim();
+}
+async function readSubscribers(config, branch) {
+	const file = await getRepoFile(config, SUBSCRIBERS_PATH, branch);
+	if (!file) return { data: {} };
+	try {
+		return {
+			data: JSON.parse(file.content),
+			sha: file.sha
+		};
+	} catch {
+		return {
+			data: {},
+			sha: file.sha
+		};
+	}
+}
+async function writeSubscribers(config, branch, data, sha, message) {
+	await putRepoFile(config, {
+		path: SUBSCRIBERS_PATH,
+		content: JSON.stringify(data, null, 2),
+		message,
+		branch,
+		sha
+	});
+}
+/**
+* Add an email to an issue's subscriber list. Creates the data branch and file
+* if missing. Dedupes. Retries once on sha conflict (concurrent writes).
+*/
+async function addSubscriber(config, issueNumber, email, options = {}) {
+	const branch = options.branch ?? "hearback-data";
+	const normalized = normalize(email);
+	const key = String(issueNumber);
+	await ensureBranch(config, branch);
+	for (let attempt = 0; attempt < 2; attempt++) {
+		const { data, sha } = await readSubscribers(config, branch);
+		const existing = data[key] ?? [];
+		if (existing.includes(normalized)) return;
+		const updated = {
+			...data,
+			[key]: [...existing, normalized]
+		};
+		try {
+			await writeSubscribers(config, branch, updated, sha, `[hearback] add subscriber to #${issueNumber}`);
+			return;
+		} catch (err) {
+			if (err instanceof HearbackError && err.code === "GITHUB_WRITE_FILE_FAILED" && attempt === 0) continue;
+			throw err;
+		}
+	}
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/duplicates.js
+/**
+* Sanitize title for GitHub search. Removes characters that would break
+* search query syntax (quotes, colons, slashes used as operators) and
+* caps length. GitHub search handles stopwords and tokenization internally,
+* so we pass the cleaned title through directly.
+*/
+function sanitizeTitle(title) {
+	return title.replace(/["':/]/g, " ").replace(/\s+/g, " ").trim().slice(0, 100);
+}
+async function findDuplicates(config, title) {
+	const query = sanitizeTitle(title);
+	if (!query) return [];
+	return (await searchIssues(config, query)).items.map((issue) => ({
+		issueNumber: issue.number,
+		title: issue.title,
+		state: issue.state,
+		url: issue.html_url
+	}));
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/submit.js
+async function checkForDuplicates(config, title) {
+	return findDuplicates(config, title);
+}
+async function subscribeToDuplicate(config, issueNumber, email) {
+	await addReaction(config, issueNumber);
+	await addSubscriber(config, issueNumber, email);
+}
+async function submitFeedback(options) {
+	const { github, report } = options;
+	FeedbackReport.parse(report);
+	const labels = ["hearback"];
+	if (report.type === "bug") labels.push("bug");
+	if (report.type === "feature") labels.push("enhancement");
+	await ensureLabels(github, labels);
+	const body = formatIssueBody(report);
+	const issue = await createIssue(github, {
+		title: report.title,
+		body,
+		labels
+	});
+	let subscribeWarning;
+	if (report.reporter?.email) try {
+		await addSubscriber(github, issue.number, report.reporter.email);
+	} catch (err) {
+		subscribeWarning = `Issue created, but reporter email could not be saved (${err instanceof Error ? err.message : String(err)}). Hint: GitHub token needs "contents:write" scope to write the hearback-data branch for email notifications.`;
+		console.warn(`[hearback] ${subscribeWarning}`);
+	}
+	return {
+		issue,
+		isDuplicate: false,
+		subscribeWarning
+	};
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/rate-limit.js
+var RateLimiter = class {
+	submissions = /* @__PURE__ */ new Map();
+	chatMessages = /* @__PURE__ */ new Map();
+	config;
+	constructor(config) {
+		this.config = {
+			maxSubmissions: config?.maxSubmissions ?? 10,
+			maxChatMessages: config?.maxChatMessages ?? 30,
+			windowMs: config?.windowMs ?? 36e5
+		};
+	}
+	checkSubmission(ip) {
+		return this.check(this.submissions, ip, this.config.maxSubmissions);
+	}
+	checkChatMessage(ip) {
+		return this.check(this.chatMessages, ip, this.config.maxChatMessages);
+	}
+	check(bucket, ip, max) {
+		const now = Date.now();
+		const entry = bucket.get(ip);
+		if (!entry || now >= entry.resetAt) {
+			bucket.set(ip, {
+				count: 1,
+				resetAt: now + this.config.windowMs
+			});
+			return { allowed: true };
+		}
+		if (entry.count >= max) return {
+			allowed: false,
+			retryAfterMs: entry.resetAt - now
+		};
+		entry.count++;
+		return { allowed: true };
+	}
+};
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/chat-prompt.js
+const FEEDBACK_CHAT_SYSTEM_PROMPT = `You are a feedback assistant. Help users report bugs or suggest features. Reply in the user's language.
+
+## Don't make users repeat themselves
+Use details from earlier messages in this conversation. Don't ask for things the user has already told you.
+
+## Default behavior
+- One sentence per reply. One question per turn. Never stack questions.
+- If the user's first message already contains symptom + specifics, SKIP questioning and go straight to the summary.
+
+## Bugs — ask ONLY what's missing, in this priority
+1. Symptom — what did you see?
+2. Trigger — always, or specific steps?
+3. Expected — only if not obvious from the symptom.
+
+## Features — ask ONLY what's missing
+1. Use case — what were you trying to do?
+2. Workaround — how are you handling it today? (only if not stated)
+
+## Stop criterion
+Stop when you can write a specific title (NOT "bug found") and a description a developer can act on. Usually 1–3 exchanges.
+
+## Visual context — ask for a screenshot when it would help
+A picture is faster than a paragraph when the problem is visual. After the user's initial description, decide whether a screenshot would materially help a developer act on it. Ask once when:
+- The description mentions anything visual — layout, color, wrong element, "looks weird", position, styling, icon missing.
+- The description names a specific UI element but is vague about what the user is seeing ("the button didn't work" — a screenshot beats another round of questions).
+- The description is very short and a picture would fill in the gaps.
+
+Phrase it as a concrete call to action, not a vague "do you have a screenshot":
+> "A screenshot would help here. Take one with your OS (Cmd+Shift+Ctrl+4 on Mac / Win+Shift+S on Windows), then paste it in or drag the file into this window."
+
+Skip the screenshot ask entirely for purely behavioral / backend bugs — API errors, permissions, data loading, login failures. Those don't need a picture.
+
+Ask at most once. If the user declines, says they can't, or just replies with text, move on with what you have. Don't ask again later in the same conversation.
+
+## Attachments already provided
+When a user message ends with \`[attachment: <name>]\` (or contains that pattern), the user has already attached an image. In that case:
+- Skip the "ask for a screenshot" step entirely — don't ask for one, don't re-ask even if the description sounds visual.
+- Treat the attachment as additional context confirming what the user described; the image itself isn't visible to you, but its presence means a developer will see it in the final issue.
+- Don't mention the marker back to the user.
+
+## Optional — email for fix notifications
+After you have title + summary but BEFORE the summary/confirmation turn, ask once:
+"Optional: want an email when this is fixed? (Skip to continue anonymously.)"
+- User provides an address → include it verbatim as \`email\` in the final JSON.
+- User declines / says "no" / "skip" / "anonymous" / silence → OMIT the \`email\` field entirely (don't emit "" or null).
+- Never ask twice. If the answer is unclear, treat it as skip.
+- Don't guess or fabricate an email.
+
+## Summary format (before confirmation)
+> **Title:** …
+> **Summary:** …
+> **Email:** … *(only if the user provided one; omit the line otherwise)*
+>
+> Submit this?
+
+## Confirmation — judge intent, don't match keywords
+"yes" / "go" / "就这样" / "可以了" / "submit" / "提交" / 👍 — all confirm.
+"wait" / "先别" / "let me add" — don't. Ambiguous → ask once more.
+
+## After confirmation — output ONLY this JSON, nothing else:
+
+\`\`\`json
+{"ready":true,"type":"bug","title":"under 60 chars, specific","description":"markdown"}
+\`\`\`
+
+\`type\` must be exactly "bug" or "feature" (never "bug_or_feature").
+
+If (and only if) the user provided an email, add it as \`email\`:
+
+\`\`\`json
+{"ready":true,"type":"bug","title":"…","description":"…","email":"user@example.com"}
+\`\`\`
+
+Omit the \`email\` key entirely when the user skipped. Don't emit \`"email":""\` or \`"email":null\`.
+
+Description format (suggested, not strict):
+- Bug: symptom / repro / expected
+- Feature: use case / proposed / workaround
+
+Include the user's own words where they matter.
+
+## Hard rules
+- Never output JSON before confirmation. If unsure, ask once more.
+- If the user pastes a token / password / API key / secret, warn them and OMIT it from the report.
+- "Nevermind" / "算了" / "forget it" → stop cleanly.
+`;
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/handler.js
+function createFeedbackHandler(config) {
+	const rateLimiter = new RateLimiter(config.rateLimit);
+	const ghConfig = {
+		repo: config.repo,
+		token: config.githubToken,
+		apiBase: config.githubApiBase
+	};
+	const corsHeaders = {
+		"Access-Control-Allow-Methods": "POST, OPTIONS",
+		"Access-Control-Allow-Headers": "Content-Type"
+	};
+	const origins = config.corsOrigins ?? ["*"];
+	if (origins.includes("*")) corsHeaders["Access-Control-Allow-Origin"] = "*";
+	function getCorsHeaders(requestOrigin) {
+		if (origins.includes("*")) return corsHeaders;
+		if (requestOrigin && origins.includes(requestOrigin)) return {
+			...corsHeaders,
+			"Access-Control-Allow-Origin": requestOrigin
+		};
+		return corsHeaders;
+	}
+	async function handle(req) {
+		const cors = getCorsHeaders(req.headers["origin"]);
+		if (req.method === "OPTIONS") return {
+			status: 204,
+			headers: cors,
+			body: null
+		};
+		if (req.method !== "POST") return {
+			status: 405,
+			headers: cors,
+			body: { error: "Method not allowed" }
+		};
+		const route = req.path.replace(/\/$/, "");
+		try {
+			if (route.endsWith("/chat")) return await handleChat(req, cors);
+			if (route.endsWith("/submit")) return await handleSubmit(req, cors);
+			if (route.endsWith("/subscribe")) return await handleSubscribe(req, cors);
+			if (route.endsWith("/upload")) return await handleUpload(req, cors);
+			return {
+				status: 404,
+				headers: cors,
+				body: { error: "Not found" }
+			};
+		} catch (err) {
+			return {
+				status: 500,
+				headers: cors,
+				body: { error: err instanceof Error ? err.message : "Internal error" }
+			};
+		}
+	}
+	async function handleChat(req, cors) {
+		if (!config.llm) return {
+			status: 501,
+			headers: cors,
+			body: { error: "LLM not configured. Use form mode." }
+		};
+		const rateCheck = rateLimiter.checkChatMessage(req.ip);
+		if (!rateCheck.allowed) return {
+			status: 429,
+			headers: {
+				...cors,
+				"Retry-After": String(Math.ceil((rateCheck.retryAfterMs ?? 36e5) / 1e3))
+			},
+			body: { error: "反馈过多，一小时后再试" }
+		};
+		const body = req.body;
+		if (!body.messages || !Array.isArray(body.messages)) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing messages array" }
+		};
+		const messages = body.messages.slice(-10);
+		const baseUrl = config.llm.baseUrl ?? "https://api.openai.com/v1";
+		const model = config.llm.model ?? "gpt-4o-mini";
+		const llmRes = await fetch(`${baseUrl}/chat/completions`, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${config.llm.apiKey}`
+			},
+			body: JSON.stringify({
+				model,
+				messages: [{
+					role: "system",
+					content: FEEDBACK_CHAT_SYSTEM_PROMPT
+				}, ...messages],
+				stream: true
+			})
 		});
-		return value;
+		if (!llmRes.ok) {
+			const text = await llmRes.text();
+			return {
+				status: 502,
+				headers: cors,
+				body: {
+					error: `LLM error: ${llmRes.status}`,
+					detail: text
+				}
+			};
+		}
+		return {
+			status: 200,
+			headers: {
+				...cors,
+				"Content-Type": "text/event-stream",
+				"Cache-Control": "no-cache",
+				Connection: "keep-alive"
+			},
+			body: llmRes.body
+		};
 	}
-	if (type === "password") return password({ message: prompt.message });
-	return input({
-		message: prompt.message,
-		default: prompt.default
-	});
-}
-/** Walk schema to find the env var name for a given dot path. */
-function findEnvVar(schema, dotPath) {
-	const parts = dotPath.split(".");
-	let current = schema;
-	for (const part of parts) {
-		if (current === null || current === void 0 || typeof current !== "object") return void 0;
-		const obj = current;
-		if (obj._tag === "optional") current = obj.shape[part];
-		else current = obj[part];
+	async function handleSubmit(req, cors) {
+		const rateCheck = rateLimiter.checkSubmission(req.ip);
+		if (!rateCheck.allowed) return {
+			status: 429,
+			headers: {
+				...cors,
+				"Retry-After": String(Math.ceil((rateCheck.retryAfterMs ?? 36e5) / 1e3))
+			},
+			body: { error: "反馈过多，一小时后再试" }
+		};
+		const body = req.body;
+		if (!body.title || !body.description || !body.type) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing required fields: type, title, description" }
+		};
+		if (!body.skipDuplicateCheck) {
+			const duplicates = await checkForDuplicates(ghConfig, body.title);
+			if (duplicates.length > 0) return {
+				status: 200,
+				headers: cors,
+				body: {
+					isDuplicate: true,
+					candidates: duplicates.slice(0, 3)
+				}
+			};
+		}
+		const result = await submitFeedback({
+			github: ghConfig,
+			report: FeedbackReport.parse({
+				type: body.type,
+				title: body.title,
+				description: body.description,
+				context: body.context ?? { source: "web-plugin" },
+				reporter: body.reporterEmail ? { email: body.reporterEmail } : void 0
+			})
+		});
+		return {
+			status: 201,
+			headers: cors,
+			body: {
+				isDuplicate: false,
+				issueNumber: result.issue.number,
+				issueUrl: result.issue.html_url,
+				...result.subscribeWarning ? { warning: result.subscribeWarning } : {}
+			}
+		};
 	}
-	if (typeof current === "object" && current !== null && "_tag" in current) {
-		const field = current;
-		if (field._tag === "field") return field.options?.env;
+	async function handleSubscribe(req, cors) {
+		const body = req.body;
+		if (!body.issueNumber || !body.email) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing issueNumber and email" }
+		};
+		try {
+			await subscribeToDuplicate(ghConfig, body.issueNumber, body.email);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			const hint = msg.includes("contents") || msg.includes("403") ? "GitHub token needs \"contents:write\" scope to save subscribers. See docs for token setup." : msg;
+			return {
+				status: 502,
+				headers: cors,
+				body: {
+					subscribed: false,
+					issueNumber: body.issueNumber,
+					error: hint
+				}
+			};
+		}
+		return {
+			status: 200,
+			headers: cors,
+			body: {
+				subscribed: true,
+				issueNumber: body.issueNumber
+			}
+		};
 	}
-}
-function setNestedByDot(obj, dotPath, value) {
-	const parts = dotPath.split(".");
-	let current = obj;
-	for (let i = 0; i < parts.length - 1; i++) {
-		const key = parts[i];
-		if (key === void 0) continue;
-		if (!(key in current) || typeof current[key] !== "object" || current[key] === null) current[key] = {};
-		current = current[key];
+	async function handleUpload(req, cors) {
+		if (!req.rawBody || req.rawBody.length === 0) return {
+			status: 400,
+			headers: cors,
+			body: { error: "No file data received" }
+		};
+		if (req.rawBody.length > 10 * 1024 * 1024) return {
+			status: 413,
+			headers: cors,
+			body: { error: "Screenshot exceeds 10MB limit" }
+		};
+		try {
+			const filename = `screenshot-${Date.now()}.jpg`;
+			return {
+				status: 200,
+				headers: cors,
+				body: { url: await uploadImage(ghConfig, req.rawBody, filename) }
+			};
+		} catch (err) {
+			return {
+				status: 500,
+				headers: cors,
+				body: { error: err instanceof Error ? err.message : "Upload failed" }
+			};
+		}
 	}
-	const lastKey = parts.at(-1);
-	if (lastKey !== void 0) current[lastKey] = value;
+	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-Frne_Mbn.mjs
+//#region ../server/dist/app-RWQiJW6_.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -5816,6 +7188,17 @@ var __exportAll = (all, no_symbols) => {
 	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
+/** Organization entity. Agents and chats belong to exactly one organization. */
+const organizations = pgTable("organizations", {
+	id: text("id").primaryKey(),
+	name: text("name").unique().notNull(),
+	displayName: text("display_name").notNull(),
+	maxAgents: integer("max_agents").notNull().default(0),
+	maxMessagesPerMinute: integer("max_messages_per_minute").notNull().default(0),
+	features: jsonb("features").$type().notNull().default({}),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
+	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
+});
 /** User accounts. Passwords are stored as bcrypt hashes. */
 const users = pgTable("users", {
 	id: text("id").primaryKey(),
@@ -5834,10 +7217,18 @@ const users = pgTable("users", {
 * every `agent:bind` request. `user_id` is nullable only to accommodate legacy
 * rows created before JWT-on-handshake; the WS handshake claims the row on
 * first re-register under an authenticated JWT (see `client:register` M13).
+*
+* A client is also bound to exactly one organization for its lifetime. The
+* `organization_id` column is populated on first registration from the
+* authenticated JWT's org claim and never changes thereafter. Re-registering
+* the same clientId under a JWT for a different org is rejected with
+* `CLIENT_ORG_MISMATCH` — the CLI responds by abandoning the local clientId
+* and registering a new one instead (see docs/multi-tenancy-hardening-design.md).
 */
 const clients = pgTable("clients", {
 	id: text("id").primaryKey(),
 	userId: text("user_id").references(() => users.id, { onDelete: "set null" }),
+	organizationId: text("organization_id").notNull().references(() => organizations.id),
 	status: text("status").notNull().default("disconnected"),
 	sdkVersion: text("sdk_version"),
 	hostname: text("hostname"),
@@ -5846,18 +7237,7 @@ const clients = pgTable("clients", {
 	connectedAt: timestamp("connected_at", { withTimezone: true }),
 	lastSeenAt: timestamp("last_seen_at", { withTimezone: true }).notNull().defaultNow(),
 	metadata: jsonb("metadata").$type()
-}, (table) => [index("idx_clients_user").on(table.userId)]);
-/** Organization entity. Agents and chats belong to exactly one organization. */
-const organizations = pgTable("organizations", {
-	id: text("id").primaryKey(),
-	name: text("name").unique().notNull(),
-	displayName: text("display_name").notNull(),
-	maxAgents: integer("max_agents").notNull().default(0),
-	maxMessagesPerMinute: integer("max_messages_per_minute").notNull().default(0),
-	features: jsonb("features").$type().notNull().default({}),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
+}, (table) => [index("idx_clients_user").on(table.userId), index("idx_clients_org").on(table.organizationId)]);
 /** Agent registration. Each agent owns a unique inboxId for message delivery. */
 const agents = pgTable("agents", {
 	uuid: text("uuid").primaryKey(),
@@ -5869,7 +7249,6 @@ const agents = pgTable("agents", {
 	inboxId: text("inbox_id").unique().notNull(),
 	status: text("status").notNull().default("active"),
 	source: text("source"),
-	cloudUserId: text("cloud_user_id"),
 	visibility: text("visibility").notNull().default("private"),
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	managerId: text("manager_id").notNull(),
@@ -5931,6 +7310,20 @@ var BadRequestError = class extends AppError {
 		this.name = "BadRequestError";
 	}
 };
+/**
+* Thrown when an operation targets a client whose organization does not match
+* the caller's authenticated organization. A client is bound to exactly one
+* org for its lifetime; re-registering or operating under a different org's
+* credentials is refused. CLI consumers recognize the `code` field and
+* respond by abandoning the local clientId to register a fresh one.
+*/
+var ClientOrgMismatchError = class extends AppError {
+	code = "CLIENT_ORG_MISMATCH";
+	constructor(message = "Client belongs to a different organization") {
+		super(403, message);
+		this.name = "ClientOrgMismatchError";
+	}
+};
 /** Communication container. All messages between agents flow within a Chat. */
 const chats = pgTable("chats", {
 	id: text("id").primaryKey(),
@@ -6784,14 +8177,19 @@ async function resolveAgentClient(db, data) {
 		return null;
 	}
 	if (!data.clientId) return null;
-	const [manager] = await db.select({ userId: members.userId }).from(members).where(eq(members.id, data.managerId)).limit(1);
+	const [manager] = await db.select({
+		userId: members.userId,
+		organizationId: members.organizationId
+	}).from(members).where(eq(members.id, data.managerId)).limit(1);
 	if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
 	const [client] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
 	if (!client) throw new BadRequestError(`Client "${data.clientId}" not found`);
 	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub client connect\` on that machine before pinning an agent to it.`);
+	if (client.organizationId !== manager.organizationId) throw new ForbiddenError(`Client "${data.clientId}" belongs to a different organization — pick a client registered in the manager's org.`);
 	if (client.userId !== manager.userId) throw new ForbiddenError(`Client "${data.clientId}" is not owned by the manager's user — pick a client belonging to that user.`);
 	return client.id;
 }
@@ -6890,7 +8288,6 @@ async function listAgentsForAdmin(db, scope, limit, cursor) {
 		delegateMention: agents.delegateMention,
 		inboxId: agents.inboxId,
 		status: agents.status,
-		cloudUserId: agents.cloudUserId,
 		visibility: agents.visibility,
 		metadata: agents.metadata,
 		managerId: agents.managerId,
@@ -6928,7 +8325,6 @@ async function listAgentsForMember(db, scope, limit, cursor, type) {
 		delegateMention: agents.delegateMention,
 		inboxId: agents.inboxId,
 		status: agents.status,
-		cloudUserId: agents.cloudUserId,
 		visibility: agents.visibility,
 		metadata: agents.metadata,
 		managerId: agents.managerId,
@@ -7032,6 +8428,28 @@ async function deleteAgent(db, uuid) {
 	if (!agent) throw new Error("Unexpected: UPDATE RETURNING produced no row");
 	return agent;
 }
+/**
+* When a direct chat grows past 2 participants, upgrade it to `group` and
+* flip every existing non-human agent participant to `mention_only` — see
+* proposals/hub-agent-messaging-reply-and-mentions §3.3. The caller is
+* expected to insert the new participant AFTER this runs, so the "existing"
+* set excludes them.
+*
+* Idempotent: if the chat is already a group, no-op.
+*/
+async function maybeUpgradeDirectToGroup(db, chatId, existingParticipantIds, newParticipantCount) {
+	if (existingParticipantIds.length + newParticipantCount < 3) return;
+	const [chat] = await db.select({ type: chats.type }).from(chats).where(eq(chats.id, chatId)).limit(1);
+	if (!chat || chat.type !== "direct") return;
+	await db.update(chats).set({
+		type: "group",
+		updatedAt: /* @__PURE__ */ new Date()
+	}).where(eq(chats.id, chatId));
+	if (existingParticipantIds.length === 0) return;
+	const ids = (await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, existingParticipantIds), ne(agents.type, "human")))).map((a) => a.uuid);
+	if (ids.length === 0) return;
+	await db.update(chatParticipants).set({ mode: "mention_only" }).where(and(eq(chatParticipants.chatId, chatId), inArray(chatParticipants.agentId, ids)));
+}
 async function createChat(db, creatorId, data) {
 	const chatId = randomUUID();
 	const allParticipantIds = new Set([creatorId, ...data.participantIds]);
@@ -7099,17 +8517,38 @@ async function listChats(db, agentId, limit, cursor) {
 		nextCursor: hasMore && last ? last.updatedAt.toISOString() : null
 	};
 }
+/**
+* List participants of a chat with their agent names — used by the client
+* runtime to resolve `@<name>` mentions against the authoritative participant
+* set (see proposals/hub-agent-messaging-reply-and-mentions §4).
+*/
+async function listChatParticipantsWithNames(db, chatId) {
+	return await db.select({
+		agentId: chatParticipants.agentId,
+		role: chatParticipants.role,
+		mode: chatParticipants.mode,
+		joinedAt: chatParticipants.joinedAt,
+		name: agents.name,
+		displayName: agents.displayName,
+		type: agents.type
+	}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
+}
 async function assertParticipant(db, chatId, agentId) {
 	const [row] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
 	if (!row) throw new ForbiddenError("Not a participant of this chat");
 }
 /** Ensure an agent is a participant of a chat. Silently adds them if not already. */
 async function ensureParticipant(db, chatId, agentId) {
-	await db.insert(chatParticipants).values({
-		chatId,
-		agentId,
-		mode: "full"
-	}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
+	const [existing] = await db.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, agentId))).limit(1);
+	if (existing) return;
+	await db.transaction(async (tx) => {
+		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.insert(chatParticipants).values({
+			chatId,
+			agentId,
+			mode: "full"
+		}).onConflictDoNothing({ target: [chatParticipants.chatId, chatParticipants.agentId] });
+	});
 }
 async function addParticipant(db, chatId, requesterId, data) {
 	const chat = await getChat(db, chatId);
@@ -7122,10 +8561,13 @@ async function addParticipant(db, chatId, requesterId, data) {
 	if (targetAgent.organizationId !== chat.organizationId) throw new BadRequestError("Cannot add agent from different organization");
 	const [existing] = await db.select({ chatId: chatParticipants.chatId }).from(chatParticipants).where(and(eq(chatParticipants.chatId, chatId), eq(chatParticipants.agentId, data.agentId))).limit(1);
 	if (existing) throw new ConflictError(`Agent "${data.agentId}" is already a participant`);
-	await db.insert(chatParticipants).values({
-		chatId,
-		agentId: data.agentId,
-		mode: data.mode ?? "full"
+	await db.transaction(async (tx) => {
+		await maybeUpgradeDirectToGroup(tx, chatId, (await tx.select({ agentId: chatParticipants.agentId }).from(chatParticipants).where(eq(chatParticipants.chatId, chatId))).map((p) => p.agentId), 1);
+		await tx.insert(chatParticipants).values({
+			chatId,
+			agentId: data.agentId,
+			mode: data.mode ?? "full"
+		});
 	});
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
@@ -7224,11 +8666,14 @@ async function joinChat(db, chatId, memberId, humanAgentId) {
 	if ((await db.select({ uuid: agents.uuid }).from(agents).where(and(inArray(agents.uuid, participantAgentIds), eq(agents.managerId, memberId)))).length === 0) throw new ForbiddenError("You can only join chats where you manage at least one participant");
 	const [humanAgent] = await db.select({ organizationId: agents.organizationId }).from(agents).where(eq(agents.uuid, humanAgentId)).limit(1);
 	if (!humanAgent || humanAgent.organizationId !== chat.organizationId) throw new BadRequestError("Agent does not belong to the same organization as the chat");
-	await db.insert(chatParticipants).values({
-		chatId,
-		agentId: humanAgentId,
-		role: "member",
-		mode: "full"
+	await db.transaction(async (tx) => {
+		await maybeUpgradeDirectToGroup(tx, chatId, participantAgentIds, 1);
+		await tx.insert(chatParticipants).values({
+			chatId,
+			agentId: humanAgentId,
+			role: "member",
+			mode: "full"
+		});
 	});
 	return db.select().from(chatParticipants).where(eq(chatParticipants.chatId, chatId));
 }
@@ -7409,22 +8854,23 @@ async function cleanupStalePresence(db, staleSeconds = 60) {
 * Assert the caller can act on this client. Throws 404 for both "not found"
 * and "not yours" to prevent UUID enumeration across org/user boundaries.
 *
-*   - member: owner match (`row.user_id == scope.userId`).
-*   - admin: any client whose owner is a member of the admin's own org.
+* A client is bound to exactly one organization (`clients.organization_id`).
+* Access is granted when:
+*   - member: row.user_id == scope.userId AND row.organization_id == scope.organizationId.
+*   - admin: row.organization_id == scope.organizationId AND the owner is a
+*     member of that same org (defense in depth).
 *
-* Legacy unclaimed rows (`user_id IS NULL`) have no org association we can
-* verify — we explicitly refuse to grant admin access to them so a
-* cross-tenant admin can't operate on another org's orphan rows. These
-* orphans are surfaced for self-service re-registration only; the owning
-* operator must claim the row via `first-tree-hub connect` before any
-* admin action becomes available.
+* Same user across two orgs has two distinct client rows; operating on one
+* while logged into the other is refused by the org filter.
 */
 async function assertClientOwner(db, clientId, scope) {
 	const [row] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, clientId)).limit(1);
 	if (!row) throw new NotFoundError(`Client "${clientId}" not found`);
+	if (row.organizationId !== scope.organizationId) throw new NotFoundError(`Client "${clientId}" not found`);
 	if (row.userId === scope.userId) return;
 	if (scope.role === "admin" && row.userId !== null) {
 		const [sibling] = await db.select({ id: members.id }).from(members).where(and(eq(members.userId, row.userId), eq(members.organizationId, scope.organizationId))).limit(1);
@@ -7435,24 +8881,29 @@ async function assertClientOwner(db, clientId, scope) {
 /**
 * Upsert the clients row for a given `client_id` under an authenticated user.
 *
-* Claim semantics (see proposal M13):
-*   - New client_id → INSERT with the authenticated user_id.
-*   - Existing row with `user_id IS NULL` → claim it (set user_id).
-*   - Existing row with a different user_id → {@link ForbiddenError}; the
-*     operator must pick a different clientId. This is a hard conflict rather
-*     than a silent override because the pinned agents under that client
-*     belong to the original owner.
+* Claim semantics (see proposal M13 + multi-tenancy hardening):
+*   - New client_id → INSERT with the authenticated user_id and org_id.
+*   - Existing row with the same user_id + org_id → refresh runtime columns.
+*   - Existing row in a different org → {@link ClientOrgMismatchError}. A
+*     client is bound to one org for its lifetime; the CLI reacts by
+*     abandoning the local clientId and registering a new one.
+*   - Existing row with a different user_id (same org) → {@link ForbiddenError};
+*     the operator must pick a different clientId. Hard conflict because
+*     pinned agents under that client belong to the original owner.
 */
 async function registerClient(db, data) {
 	const now = /* @__PURE__ */ new Date();
 	const [existing] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
+	if (existing && existing.organizationId !== data.organizationId) throw new ClientOrgMismatchError(`Client "${data.clientId}" is bound to a different organization. Re-register as a new client under the current org.`);
 	if (existing?.userId && existing.userId !== data.userId) throw new ForbiddenError(`Client "${data.clientId}" is already claimed by a different user. Pick a unique client_id.`);
 	await db.insert(clients).values({
 		id: data.clientId,
 		userId: data.userId,
+		organizationId: data.organizationId,
 		status: "connected",
 		instanceId: data.instanceId,
 		hostname: data.hostname ?? null,
@@ -7513,18 +8964,13 @@ async function listActiveAgentsPinnedToClient(db, clientId) {
 /**
 * Scope-aware client listing.
 *
-*   - member: only rows where `user_id = scope.userId`.
-*   - admin: every claimed row whose owner is a member of the caller's
-*     organization.
-*
-* Legacy unclaimed rows (`user_id IS NULL`) are intentionally hidden from
-* both roles — the `clients` table has no org column, so we cannot verify
-* which org an orphan belongs to. Exposing them to admin would leak
-* orphans across tenants. The owning operator reclaims the row via
-* `first-tree-hub connect`, after which it appears in their list.
+*   - member: rows where `user_id = scope.userId` AND `organization_id = scope.organizationId`
+*     — protects against a user listing their own clients registered under a
+*     different org when they're logged into this one.
+*   - admin: every row in `scope.organizationId`, regardless of owner.
 */
 async function listClients(db, scope) {
-	const rows = scope.role === "admin" ? await db.selectDistinct({
+	const rows = scope.role === "admin" ? await db.select({
 		id: clients.id,
 		userId: clients.userId,
 		status: clients.status,
@@ -7535,7 +8981,7 @@ async function listClients(db, scope) {
 		connectedAt: clients.connectedAt,
 		lastSeenAt: clients.lastSeenAt,
 		metadata: clients.metadata
-	}).from(clients).innerJoin(members, eq(members.userId, clients.userId)).where(eq(members.organizationId, scope.organizationId)) : await db.select().from(clients).where(eq(clients.userId, scope.userId));
+	}).from(clients).where(eq(clients.organizationId, scope.organizationId)) : await db.select().from(clients).where(and(eq(clients.userId, scope.userId), eq(clients.organizationId, scope.organizationId)));
 	const counts = await db.select({
 		clientId: agents.clientId,
 		count: sql`count(*)::int`
@@ -7573,6 +9019,14 @@ async function retireClient(db, clientId) {
 		await tx.delete(clients).where(eq(clients.id, clientId));
 	});
 }
+/**
+* System-scope sweep: mark clients as disconnected when their last-seen
+* server instance stopped sending heartbeats. Runs globally across all orgs
+* by design — it is invoked only by internal timers, never from a
+* user-scoped request, so the per-org filter the read paths enforce does not
+* apply. Org isolation on the data these clients belong to is still
+* enforced at the read paths (see `assertClientOwner` / `listClients`).
+*/
 async function cleanupStaleClients(db, staleSeconds = 60) {
 	const result = await db.execute(sql`
     UPDATE clients SET status = 'disconnected'
@@ -7723,6 +9177,26 @@ async function sendMessage(db, chatId, senderId, data) {
 }
 async function sendMessageInner(db, chatId, senderId, data) {
 	return db.transaction(async (tx) => {
+		const participants = await tx.select({
+			agentId: chatParticipants.agentId,
+			inboxId: agents.inboxId,
+			mode: chatParticipants.mode,
+			name: agents.name
+		}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
+		if (data.replyToInbox !== void 0 && data.replyToInbox !== null) {
+			const [senderRow] = await tx.select({ inboxId: agents.inboxId }).from(agents).where(eq(agents.uuid, senderId)).limit(1);
+			if (!senderRow || senderRow.inboxId !== data.replyToInbox) throw new BadRequestError("replyToInbox must reference the sender's own inbox");
+		}
+		const incomingMeta = data.metadata ?? {};
+		const explicitMentionsRaw = incomingMeta.mentions;
+		const explicitMentions = Array.isArray(explicitMentionsRaw) ? explicitMentionsRaw.filter((m) => typeof m === "string") : [];
+		const contentText = typeof data.content === "string" ? data.content : "";
+		const resolved = contentText ? extractMentions(contentText, participants) : [];
+		const mergedMentions = [...new Set([...explicitMentions, ...resolved])];
+		const metadataToStore = mergedMentions.length > 0 ? {
+			...incomingMeta,
+			mentions: mergedMentions
+		} : incomingMeta;
 		const messageId = randomUUID();
 		const [msg] = await tx.insert(messages).values({
 			id: messageId,
@@ -7730,16 +9204,14 @@ async function sendMessageInner(db, chatId, senderId, data) {
 			senderId,
 			format: data.format,
 			content: data.content,
-			metadata: data.metadata ?? {},
+			metadata: metadataToStore,
 			replyToInbox: data.replyToInbox ?? null,
 			replyToChat: data.replyToChat ?? null,
 			inReplyTo: data.inReplyTo ?? null,
 			source: data.source ?? null
 		}).returning();
-		const entries = (await tx.select({
-			agentId: chatParticipants.agentId,
-			inboxId: agents.inboxId
-		}).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId))).filter((p) => p.agentId !== senderId).map((p) => ({
+		const mentionSet = new Set(mergedMentions);
+		const entries = participants.filter((p) => p.agentId !== senderId).filter((p) => p.mode !== "mention_only" || mentionSet.has(p.agentId)).map((p) => ({
 			inboxId: p.inboxId,
 			messageId,
 			chatId
@@ -7775,7 +9247,7 @@ async function sendToAgent(db, senderUuid, targetName, data) {
 	}).from(agents).where(eq(agents.uuid, senderUuid)).limit(1);
 	if (!sender) throw new NotFoundError(`Agent "${senderUuid}" not found`);
 	const [target] = await db.select({ uuid: agents.uuid }).from(agents).where(and(eq(agents.organizationId, sender.organizationId), eq(agents.name, targetName), ne(agents.status, "deleted"))).limit(1);
-	if (!target) throw new NotFoundError(`Agent "${targetName}" not found`);
+	if (!target) throw new NotFoundError(`Agent "${targetName}" not found${/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(targetName) ? " — `agent send` expects an agent NAME, not a uuid. Run `first-tree-hub agent list` to see available names." : ""}`);
 	return sendMessage(db, (await findOrCreateDirectChat(db, senderUuid, target.uuid)).id, senderUuid, {
 		format: data.format,
 		content: data.content,
@@ -7874,6 +9346,23 @@ function createNotifier(listenClient) {
 				await listenClient`SELECT pg_notify(${RUNTIME_STATE_CHANNEL}, ${`${agentId}:${state}:${organizationId}`})`;
 			} catch {}
 		},
+		async pushFrameToInbox(inboxId, frame) {
+			const sockets = subscriptions.get(inboxId);
+			if (!sockets) return 0;
+			let queued = 0;
+			const pending = [];
+			for (const ws of sockets) {
+				if (ws.readyState !== ws.OPEN) continue;
+				pending.push(new Promise((resolve) => {
+					ws.send(frame, (err) => {
+						if (!err) queued += 1;
+						resolve();
+					});
+				}));
+			}
+			await Promise.all(pending);
+			return queued;
+		},
 		onConfigChange(handler) {
 			configChangeHandlers.push(handler);
 		},
@@ -8250,6 +9739,73 @@ function requireAdminRoleHook() {
 		if (request.member?.role !== "admin") throw new ForbiddenError("Admin role required");
 	};
 }
+/**
+* Intercepts outbound image messages. If `data.content` carries an inline
+* base64 image (legacy-style payload from the web), we:
+*
+*   1. Generate / adopt an `imageId`
+*   2. Push the bytes as an `image_payload` WS frame to every participant
+*      agent's inbox — plus the reply-to inbox when this is a cross-chat
+*      reply (matches sendMessage's extra fan-out). Best-effort, local
+*      instance only, no PG NOTIFY.
+*   3. Return a copy of `data` whose `content` is just the reference
+*      {imageId, mimeType, filename, size}
+*
+* The push is fire-and-forget: `ws.send()` queues the frame into the socket's
+* send buffer synchronously, which is the only ordering guarantee we need
+* — the subsequent `new_message` notification travels a strictly slower PG
+* NOTIFY round trip, so the image lands first on the wire. Awaiting the TCP
+* flush here would put a slow subscriber's backpressure on the sender's
+* HTTP response for a feature that is already best-effort.
+*
+* Non-image messages are returned unchanged. Missing-subscriber / wrong-
+* instance cases are acceptable loss per the image-out-of-messages design
+* (the reference-only message still lands in the DB; clients that missed
+* the bytes surface a "not available on this device" placeholder).
+*/
+async function prepareImageOutbound(db, notifier, chatId, data) {
+	if (data.format !== "file") return data;
+	const parsed = imageInlineContentSchema.safeParse(data.content);
+	if (!parsed.success) return data;
+	const inline = parsed.data;
+	const imageId = inline.imageId ?? randomUUID();
+	const frame = {
+		type: "image_payload",
+		imageId,
+		chatId,
+		base64: inline.data,
+		mimeType: inline.mimeType,
+		filename: inline.filename,
+		...inline.size !== void 0 ? { size: inline.size } : {}
+	};
+	const serialised = JSON.stringify(frame);
+	const inboxIds = await collectTargetInboxes(db, chatId, data.inReplyTo);
+	for (const inboxId of inboxIds) notifier.pushFrameToInbox(inboxId, serialised).catch(() => {});
+	const ref = {
+		imageId,
+		mimeType: inline.mimeType,
+		filename: inline.filename,
+		...inline.size !== void 0 ? { size: inline.size } : {}
+	};
+	return {
+		...data,
+		content: ref
+	};
+}
+/**
+* Mirror `sendMessage`'s fan-out set: every participant of the current
+* chat, plus the original requester's inbox when this message is a cross-
+* chat reply (see `services/message.ts` replyTo routing).
+*/
+async function collectTargetInboxes(db, chatId, inReplyTo) {
+	const participants = await db.select({ inboxId: agents.inboxId }).from(chatParticipants).innerJoin(agents, eq(chatParticipants.agentId, agents.uuid)).where(eq(chatParticipants.chatId, chatId));
+	const set = new Set(participants.map((p) => p.inboxId));
+	if (inReplyTo) {
+		const [original] = await db.select({ replyToInbox: messages.replyToInbox }).from(messages).where(eq(messages.id, inReplyTo)).limit(1);
+		if (original?.replyToInbox) set.add(original.replyToInbox);
+	}
+	return [...set];
+}
 async function adminChatRoutes(app) {
 	/** List all chats in org (admin-only, for audit). Members should use GET /mine. */
 	app.get("/", { preHandler: requireAdminRoleHook() }, async (request) => {
@@ -8427,10 +9983,11 @@ async function adminChatRoutes(app) {
 		const body = sendMessageSchema.parse(request.body);
 		await assertChatAccess(app.db, scope, chatId);
 		await ensureParticipant(app.db, chatId, member.agentId);
-		const result = await sendMessage(app.db, chatId, member.agentId, {
+		const prepared = await prepareImageOutbound(app.db, app.notifier, chatId, {
 			...body,
 			source: "hub_ui"
 		});
+		const result = await sendMessage(app.db, chatId, member.agentId, prepared);
 		notifyRecipients(app.notifier, result.recipients, result.message.id);
 		return reply.status(201).send({
 			id: result.message.id,
@@ -8453,15 +10010,19 @@ const agentChatSessions = pgTable("agent_chat_sessions", {
 /**
 * Upsert session state + refresh presence aggregates + NOTIFY.
 *
-* Revival defense: an admin-terminated (`evicted`) row is immutable; a client
-* report for the same chatId is silently dropped after the FOR UPDATE check.
+* `agent_chat_sessions.(agent_id, chat_id)` is a single-row "current session
+* state" cache, not a session history log. A new runtime session starting on
+* the same (agent, chat) pair MUST overwrite whatever ended before — including
+* an `evicted` row left by a previous terminate. The previous "revival
+* defense" conflated two concerns: "this runtime session ended" (which is
+* what `evicted` actually means) and "this chat is permanently archived for
+* this agent" (a chat-level decision that should live on `chats`, not here).
+* See proposals/hub-agent-messaging-reply-and-mentions §M2-session-lifecycle.
 */
 async function upsertSessionState(db, agentId, chatId, state, organizationId, notifier) {
 	const now = /* @__PURE__ */ new Date();
 	let wrote = false;
 	await db.transaction(async (tx) => {
-		const [existing] = await tx.select({ state: agentChatSessions.state }).from(agentChatSessions).where(and(eq(agentChatSessions.agentId, agentId), eq(agentChatSessions.chatId, chatId))).for("update");
-		if (existing?.state === "evicted") return;
 		await tx.insert(agentChatSessions).values({
 			agentId,
 			chatId,
@@ -8986,7 +10547,8 @@ function extractSummary(content, maxLen = SUMMARY_MAX_LENGTH) {
 	let text = "";
 	if (typeof content === "object" && content !== null && "text" in content) text = String(content.text ?? "");
 	else if (typeof content === "string") text = content;
-	return text ? text.slice(0, maxLen) : null;
+	if (!text) return null;
+	return Array.from(text).slice(0, maxLen).join("");
 }
 /** List sessions for a specific agent, with optional state filters. */
 async function listAgentSessions(db, agentId, filters) {
@@ -9071,7 +10633,8 @@ async function listAllSessions(db, limit, cursor, filters) {
 		chatId: agentChatSessions.chatId,
 		state: agentChatSessions.state,
 		updatedAt: agentChatSessions.updatedAt,
-		chatCreatedAt: chats.createdAt
+		chatCreatedAt: chats.createdAt,
+		chatTopic: chats.topic
 	}).from(agentChatSessions).innerJoin(chats, eq(agentChatSessions.chatId, chats.id)).innerJoin(agents, eq(agentChatSessions.agentId, agents.uuid)).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(desc(agentChatSessions.updatedAt)).limit(limit + 1);
 	const hasMore = rows.length > limit;
 	const items = hasMore ? rows.slice(0, limit) : rows;
@@ -9081,6 +10644,16 @@ async function listAllSessions(db, limit, cursor, filters) {
 		runtimeState: agentPresence.runtimeState
 	}).from(agentPresence).where(inArray(agentPresence.agentId, agentIds)) : [];
 	const runtimeMap = new Map(presenceRows.map((r) => [r.agentId, r.runtimeState]));
+	const chatIds = [...new Set(items.map((r) => r.chatId))];
+	const firstMessages = chatIds.length > 0 ? await db.selectDistinctOn([messages.chatId], {
+		chatId: messages.chatId,
+		content: messages.content
+	}).from(messages).where(inArray(messages.chatId, chatIds)).orderBy(messages.chatId, messages.createdAt) : [];
+	const summaryMap = /* @__PURE__ */ new Map();
+	for (const row of firstMessages) {
+		const summary = extractSummary(row.content);
+		if (summary) summaryMap.set(row.chatId, summary);
+	}
 	const last = items[items.length - 1];
 	const nextCursor = hasMore && last ? last.updatedAt.toISOString() : null;
 	return {
@@ -9092,8 +10665,8 @@ async function listAllSessions(db, limit, cursor, filters) {
 			startedAt: r.chatCreatedAt.toISOString(),
 			lastActivityAt: r.updatedAt.toISOString(),
 			messageCount: 0,
-			summary: null,
-			topic: null
+			summary: summaryMap.get(r.chatId) ?? null,
+			topic: r.chatTopic ?? null
 		})),
 		nextCursor
 	};
@@ -10055,6 +11628,24 @@ async function agentChatRoutes(app) {
 			}))
 		};
 	});
+	/**
+	* List chat participants with agent names/displayNames. Used by the client
+	* runtime to resolve `@<name>` mentions against the authoritative participant
+	* set (see proposals/hub-agent-messaging-reply-and-mentions §4).
+	*/
+	app.get("/:chatId/participants", async (request) => {
+		const identity = requireAgent(request);
+		await assertParticipant(app.db, request.params.chatId, identity.uuid);
+		return (await listChatParticipantsWithNames(app.db, request.params.chatId)).map((r) => ({
+			agentId: r.agentId,
+			role: r.role,
+			mode: r.mode,
+			name: r.name,
+			displayName: r.displayName,
+			type: r.type,
+			joinedAt: r.joinedAt.toISOString()
+		}));
+	});
 	app.post("/:chatId/participants", async (request, reply) => {
 		const identity = requireAgent(request);
 		const body = addParticipantSchema.parse(request.body);
@@ -10180,19 +11771,46 @@ function normaliseSource(source) {
 	const parsed = messageSourceSchema$1.safeParse(source);
 	return parsed.success ? parsed.data : null;
 }
+function normaliseMode(mode) {
+	return mode === "mention_only" ? "mention_only" : "full";
+}
 /**
-* Batch variant — builds all payloads with a single DB lookup per agent.
-* Use this from `pollInbox` to avoid an N+1 against `agent_configs`.
+* Batch variant — builds all payloads with a single DB lookup per agent plus
+* batched lookups for participant modes and inReplyTo snapshots.
 */
-async function buildClientMessagePayloadsForInbox(db, inboxId, messages) {
-	if (messages.length === 0) return [];
+async function buildClientMessagePayloadsForInbox(db, inboxId, items) {
+	if (items.length === 0) return [];
 	const agentId = await resolveAgentId(db, {
 		kind: "inboxId",
 		inboxId
 	});
 	const [cfg] = await db.select({ version: agentConfigs.version }).from(agentConfigs).where(eq(agentConfigs.agentId, agentId)).limit(1);
 	const version = cfg?.version ?? 1;
-	return messages.map((m) => ({
+	const chatIds = [...new Set(items.map((it) => it.entryChatId ?? it.message.chatId).filter((id) => id !== null))];
+	const modeByChat = /* @__PURE__ */ new Map();
+	if (chatIds.length > 0) {
+		const rows = await db.select({
+			chatId: chatParticipants.chatId,
+			mode: chatParticipants.mode
+		}).from(chatParticipants).where(and(eq(chatParticipants.agentId, agentId), inArray(chatParticipants.chatId, chatIds)));
+		for (const r of rows) modeByChat.set(r.chatId, normaliseMode(r.mode));
+	}
+	const inReplyToIds = [...new Set(items.map((it) => it.message.inReplyTo).filter((id) => id !== null))];
+	const snapshotById = /* @__PURE__ */ new Map();
+	if (inReplyToIds.length > 0) {
+		const origs = await db.select({
+			id: messages.id,
+			senderId: messages.senderId,
+			chatId: messages.chatId,
+			replyToChat: messages.replyToChat
+		}).from(messages).where(inArray(messages.id, inReplyToIds));
+		for (const o of origs) snapshotById.set(o.id, {
+			senderId: o.senderId,
+			chatId: o.chatId,
+			replyToChat: o.replyToChat
+		});
+	}
+	return items.map(({ entryChatId, message: m }) => ({
 		id: m.id,
 		chatId: m.chatId,
 		senderId: m.senderId,
@@ -10204,7 +11822,9 @@ async function buildClientMessagePayloadsForInbox(db, inboxId, messages) {
 		inReplyTo: m.inReplyTo,
 		source: normaliseSource(m.source),
 		createdAt: m.createdAt,
-		configVersion: version
+		configVersion: version,
+		recipientMode: modeByChat.get(entryChatId ?? m.chatId) ?? "full",
+		inReplyToSnapshot: m.inReplyTo ? snapshotById.get(m.inReplyTo) ?? null : null
 	}));
 }
 async function resolveAgentId(db, source) {
@@ -10243,23 +11863,25 @@ async function pollInboxInner(db, inboxId, limit) {
 			const msg = msgMap.get(entry.message_id);
 			if (!msg) throw new Error(`Unexpected: message ${entry.message_id} not found`);
 			return {
-				id: msg.id,
-				chatId: msg.chatId,
-				senderId: msg.senderId,
-				format: msg.format,
-				content: msg.content,
-				metadata: msg.metadata,
-				replyToInbox: msg.replyToInbox,
-				replyToChat: msg.replyToChat,
-				inReplyTo: msg.inReplyTo,
-				source: msg.source,
-				createdAt: msg.createdAt.toISOString()
+				entryChatId: entry.chat_id,
+				message: {
+					id: msg.id,
+					chatId: msg.chatId,
+					senderId: msg.senderId,
+					format: msg.format,
+					content: msg.content,
+					metadata: msg.metadata,
+					replyToInbox: msg.replyToInbox,
+					replyToChat: msg.replyToChat,
+					inReplyTo: msg.inReplyTo,
+					source: msg.source,
+					createdAt: msg.createdAt.toISOString()
+				}
 			};
 		}));
-		const payloadByMessageId = new Map(payloads.map((p) => [p.id, p]));
-		return claimed.map((entry) => {
-			const payload = payloadByMessageId.get(entry.message_id);
-			if (!payload) throw new Error(`Unexpected: payload for ${entry.message_id} not built`);
+		return claimed.map((entry, idx) => {
+			const payload = payloads[idx];
+			if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
 			return {
 				id: entry.id,
 				inboxId: entry.inbox_id,
@@ -10359,7 +11981,8 @@ async function agentMessageRoutes(app) {
 		const identity = requireAgent(request);
 		await assertParticipant(app.db, request.params.chatId, identity.uuid);
 		const body = sendMessageSchema.parse(request.body);
-		const { message: msg, recipients } = await sendMessage(app.db, request.params.chatId, identity.uuid, body);
+		const prepared = await prepareImageOutbound(app.db, app.notifier, request.params.chatId, body);
+		const { message: msg, recipients } = await sendMessage(app.db, request.params.chatId, identity.uuid, prepared);
 		notifyRecipients(app.notifier, recipients, msg.id);
 		return reply.status(201).send({
 			...msg,
@@ -10667,6 +12290,7 @@ function clientWsRoutes(notifier, instanceId) {
 								await registerClient(app.db, {
 									clientId: data.clientId,
 									userId: session.userId,
+									organizationId: session.organizationId,
 									instanceId,
 									hostname: data.hostname,
 									os: data.os,
@@ -10674,9 +12298,11 @@ function clientWsRoutes(notifier, instanceId) {
 								});
 							} catch (err) {
 								const message = err instanceof Error ? err.message : "client register failed";
+								const code = err instanceof ClientOrgMismatchError ? err.code : void 0;
 								socket.send(JSON.stringify({
 									type: "client:register:rejected",
-									message
+									message,
+									...code ? { code } : {}
 								}));
 								socket.close(4403, "client register rejected");
 								return;
@@ -11106,6 +12732,65 @@ async function contextTreeInfoRoutes(app) {
 		};
 	});
 }
+/**
+* Resolve the client IP for rate-limit attribution.
+*
+* Headers like `x-forwarded-for` are client-controllable, so we only trust
+* them when the operator explicitly opts in via `HEARBACK_TRUST_PROXY_HEADERS=true`.
+* Otherwise fall back to Fastify's `req.ip` (socket-level) — degrades to one
+* bucket per upstream proxy, which is correct when no proxy metadata is
+* trustworthy.
+*/
+function resolveClientIp(req, trustProxyHeaders) {
+	if (trustProxyHeaders) {
+		const xff = req.headers["x-forwarded-for"];
+		const first = Array.isArray(xff) ? xff[0] : typeof xff === "string" ? xff.split(",")[0] : void 0;
+		if (first && first.trim().length > 0) return first.trim();
+	}
+	return req.ip ?? "";
+}
+/**
+* Mount the hearback-server handler onto Fastify. Register with
+* `{ prefix: "/feedback" }` so the widget's default `data-endpoint="/feedback"`
+* resolves to `/feedback/chat`, `/feedback/submit`, `/feedback/upload`, etc.
+*
+* We don't use hearback's prebuilt `feedbackPlugin` because it expects the
+* `fastify-raw-body` plugin. This adapter uses `addContentTypeParser` with
+* `parseAs: "buffer"` on an encapsulated child instance so upload bytes reach
+* the handler as a Buffer without pulling in another dependency.
+*/
+async function feedbackRoutes(app, config) {
+	const { trustProxyHeaders, ...handlerConfig } = config;
+	const handler = createFeedbackHandler(handlerConfig);
+	app.addContentTypeParser(/^image\//, { parseAs: "buffer" }, (_req, body, done) => {
+		done(null, body);
+	});
+	app.all("/*", async (req, reply) => {
+		const path = req.url.replace(/^.*\/feedback/, "").split("?")[0] || "/";
+		const ip = resolveClientIp(req, trustProxyHeaders);
+		const headers = {};
+		for (const [k, v] of Object.entries(req.headers)) headers[k] = Array.isArray(v) ? v[0] : v;
+		const isUpload = path.replace(/\/$/, "").endsWith("/upload");
+		const rawBody = isUpload && Buffer.isBuffer(req.body) ? req.body : void 0;
+		const result = await handler.handle({
+			method: req.method,
+			path,
+			body: isUpload ? {} : req.body,
+			ip,
+			headers,
+			rawBody
+		});
+		reply.status(result.status).headers(result.headers);
+		if (result.body && typeof result.body === "object" && Symbol.asyncIterator in result.body) {
+			const stream = result.body;
+			for await (const chunk of stream) reply.raw.write(chunk);
+			reply.raw.end();
+			return;
+		}
+		if (result.body === null) reply.send();
+		else reply.send(result.body);
+	});
+}
 async function healthRoutes(app) {
 	app.get("/health", async () => {
 		try {
@@ -11385,7 +13070,7 @@ function isRecord(value) {
 }
 /** Extract unique @mentions from text. Returns lowercase usernames.
 * Excludes email patterns (user@example.com) and team mentions (@org/team). */
-function extractMentions(text) {
+function extractMentions$1(text) {
 	if (!text) return [];
 	const re = /(?<!\w)@([a-zA-Z0-9][\w-]*)(\/)?/g;
 	const names = /* @__PURE__ */ new Set();
@@ -11679,7 +13364,7 @@ function extractEventContext(eventType, payload) {
 * Only called after action gating confirms this is a "new content" event.
 */
 async function handleMentionDelegation(app, eventType, payload) {
-	const mentions = extractMentions(extractEventText(eventType, payload));
+	const mentions = extractMentions$1(extractEventText(eventType, payload));
 	const mentionCtx = extractEventContext(eventType, payload);
 	if (mentions.length > 0 && mentionCtx) return routeMentionDelegations(app, mentions, mentionCtx);
 	return 0;
@@ -13168,6 +14853,21 @@ async function buildApp(config) {
 		await api.register(clientWsRoutes(notifier, config.instanceId), { prefix: "/agent/ws" });
 		await api.register(adminWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/ws" });
 	}, { prefix: "/api/v1" });
+	if (config.feedback) {
+		const feedbackConfig = config.feedback;
+		await app.register(async (scope) => {
+			await scope.register(feedbackRoutes, {
+				repo: feedbackConfig.repo,
+				githubToken: feedbackConfig.githubToken,
+				llm: feedbackConfig.llm ? {
+					apiKey: feedbackConfig.llm.apiKey,
+					baseUrl: feedbackConfig.llm.baseUrl,
+					model: feedbackConfig.llm.model
+				} : void 0,
+				trustProxyHeaders: feedbackConfig.trustProxyHeaders
+			});
+		}, { prefix: "/feedback" });
+	}
 	const webDistPath = config.webDistPath;
 	if (webDistPath) {
 		const webRoot = resolve(webDistPath);
@@ -13726,4 +15426,4 @@ function createExecuteUpdate({ managed }) {
 	};
 }
 //#endregion
-export { checkServerHealth as A, blank as B, runMigrations as C, checkDocker as D, checkDatabase as E, isDockerAvailable as F, SdkError as G, setJsonMode as H, stopPostgres as I, applyClientLoggerConfig as J, SessionRegistry as K, ClientRuntime as L, checkWebSocket as M, printResults as N, checkNodeVersion as O, ensurePostgres as P, createOwner as R, uninstallClientService as S, checkClientConfig as T, status as U, print as V, FirstTreeHubSDK as W, configureClientLoggerForService as Y, runHomeMigration as _, showServiceLogs as a, isServiceSupported as b, COMMAND_VERSION as c, promptMissingFields as d, formatCheckReport as f, saveOnboardState as g, onboardCreate as h, parseDuration as i, checkServerReachable as j, checkServerConfig as k, isInteractive as l, onboardCheck as m, declineUpdate as n, validateLevel as o, loadOnboardState as p, cleanWorkspaces as q, promptUpdate as r, startServer as s, createExecuteUpdate as t, promptAddAgent as u, getClientServiceStatus as v, checkAgentConfigs as w, resolveCliInvocation as x, installClientService as y, hasUser as z };
+export { configureClientLoggerForService as $, checkServerHealth as A, createOwner as B, runMigrations as C, checkDocker as D, checkDatabase as E, isDockerAvailable as F, setJsonMode as G, resolveReplyToFromEnv as H, stopPostgres as I, FirstTreeHubSDK as J, status as K, ClientRuntime as L, checkWebSocket as M, printResults as N, checkNodeVersion as O, ensurePostgres as P, applyClientLoggerConfig as Q, handleClientOrgMismatch as R, uninstallClientService as S, checkClientConfig as T, blank as U, hasUser as V, print as W, SessionRegistry as X, SdkError as Y, cleanWorkspaces as Z, runHomeMigration as _, showServiceLogs as a, isServiceSupported as b, COMMAND_VERSION as c, promptMissingFields as d, formatCheckReport as f, saveOnboardState as g, onboardCreate as h, parseDuration as i, checkServerReachable as j, checkServerConfig as k, isInteractive as l, onboardCheck as m, declineUpdate as n, validateLevel as o, loadOnboardState as p, ClientOrgMismatchError$1 as q, promptUpdate as r, startServer as s, createExecuteUpdate as t, promptAddAgent as u, getClientServiceStatus as v, checkAgentConfigs as w, resolveCliInvocation as x, installClientService as y, rotateClientIdWithBackup as z };