@agent-team-foundation/first-tree-hub 0.9.8 → 0.9.9

package/dist/{core-DKA6g1lL.mjs → core-B2YUTpgg.mjs}

@@ -1,8 +1,8 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DV_fQKqV-CuLWzBxQ.mjs";
 import { s as formatPrettyEntry$1, t as LOG_LEVELS$1, u as parseLogLevel$1 } from "./logger-core-BTmvdflj-DhdipBkV.mjs";
-import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue } from "./bootstrap-DWifXj9b.mjs";
-import { $ as sessionStateMessageSchema, A as createMemberSchema, B as loginSchema, C as agentTypeSchema$1, D as createAdapterMappingSchema, E as createAdapterConfigSchema, F as extractMentions, G as runtimeStateMessageSchema, H as notificationQuerySchema, I as imageInlineContentSchema, J as sendToAgentSchema, K as selfServiceFeishuBotSchema, L as inboxPollQuerySchema, M as createTaskSchema, N as delegateFeishuUserSchema, O as createAgentSchema, P as dryRunAgentRuntimeConfigSchema, Q as sessionReconcileRequestSchema, R as isRedactedEnvValue, S as agentRuntimeConfigPayloadSchema$1, T as connectTokenExchangeSchema, U as paginationQuerySchema, V as messageSourceSchema$1, W as refreshTokenSchema, X as sessionEventMessageSchema, Y as sessionCompletionMessageSchema, Z as sessionEventSchema$1, _ as addParticipantSchema, a as AGENT_SELECTOR_HEADER$1, at as updateMemberSchema, b as agentBindRequestSchema, c as AGENT_TYPES, ct as updateTaskStatusSchema, d as SYSTEM_CONFIG_DEFAULTS, et as taskListQuerySchema, f as TASK_CREATOR_TYPES, g as WS_AUTH_FRAME_TIMEOUT_MS, h as TASK_TERMINAL_STATUSES, i as AGENT_BIND_REJECT_REASONS, it as updateChatSchema, j as createOrganizationSchema, k as createChatSchema, l as AGENT_VISIBILITY, lt as wsAuthFrameSchema, m as TASK_STATUSES, nt as updateAgentRuntimeConfigSchema, o as AGENT_SOURCES, ot as updateOrganizationSchema, p as TASK_HEALTH_SIGNALS, q as sendMessageSchema, rt as updateAgentSchema, s as AGENT_STATUSES, st as updateSystemConfigSchema, tt as updateAdapterConfigSchema, u as DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD, v as adminCreateTaskSchema, w as clientRegisterSchema, x as agentPinnedMessageSchema$1, y as adminUpdateTaskSchema, z as linkTaskChatSchema } from "./feishu-CRNUI05I.mjs";
+import { C as serverConfigSchema, S as resolveConfigReadonly, _ as loadAgents, d as DEFAULT_HOME_DIR$1, f as agentConfigSchema, g as initConfig, i as loadCredentials, l as DEFAULT_CONFIG_DIR, m as collectMissingPrompts, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, s as saveAgentConfig, u as DEFAULT_DATA_DIR$1, v as migrateLegacyHome, w as setConfigValue } from "./bootstrap-hh_PkTu6.mjs";
+import { $ as sessionStateMessageSchema, A as createMemberSchema, B as loginSchema, C as agentTypeSchema$1, D as createAdapterMappingSchema, E as createAdapterConfigSchema, F as extractMentions, G as runtimeStateMessageSchema, H as notificationQuerySchema, I as imageInlineContentSchema, J as sendToAgentSchema, K as selfServiceFeishuBotSchema, L as inboxPollQuerySchema, M as createTaskSchema, N as delegateFeishuUserSchema, O as createAgentSchema, P as dryRunAgentRuntimeConfigSchema, Q as sessionReconcileRequestSchema, R as isRedactedEnvValue, S as agentRuntimeConfigPayloadSchema$1, T as connectTokenExchangeSchema, U as paginationQuerySchema, V as messageSourceSchema$1, W as refreshTokenSchema, X as sessionEventMessageSchema, Y as sessionCompletionMessageSchema, Z as sessionEventSchema$1, _ as addParticipantSchema, a as AGENT_SELECTOR_HEADER$1, at as updateMemberSchema, b as agentBindRequestSchema, c as AGENT_TYPES, ct as updateTaskStatusSchema, d as SYSTEM_CONFIG_DEFAULTS, et as taskListQuerySchema, f as TASK_CREATOR_TYPES, g as WS_AUTH_FRAME_TIMEOUT_MS, h as TASK_TERMINAL_STATUSES, i as AGENT_BIND_REJECT_REASONS, it as updateChatSchema, j as createOrganizationSchema, k as createChatSchema, l as AGENT_VISIBILITY, lt as wsAuthFrameSchema, m as TASK_STATUSES, nt as updateAgentRuntimeConfigSchema, o as AGENT_SOURCES, ot as updateOrganizationSchema, p as TASK_HEALTH_SIGNALS, q as sendMessageSchema, rt as updateAgentSchema, s as AGENT_STATUSES, st as updateSystemConfigSchema, tt as updateAdapterConfigSchema, u as DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD, v as adminCreateTaskSchema, w as clientRegisterSchema, x as agentPinnedMessageSchema$1, y as adminUpdateTaskSchema, z as linkTaskChatSchema } from "./feishu-B1Kiq7S6.mjs";
 import { createRequire } from "node:module";
 import { ZodError, z } from "zod";
 import { delimiter, dirname, isAbsolute, join, resolve } from "node:path";
@@ -13,7 +13,7 @@ import { closeSync, copyFileSync, createReadStream, existsSync, mkdirSync, openS
 import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import WebSocket from "ws";
 import { mkdir, writeFile } from "node:fs/promises";
-import { stringify } from "yaml";
+import { parse, stringify } from "yaml";
 import { query } from "@anthropic-ai/claude-agent-sdk";
 import { execFileSync, execSync, spawn, spawnSync } from "node:child_process";
 import * as semver from "semver";
@@ -21,9 +21,9 @@ import bcrypt from "bcrypt";
 import { and, asc, count, desc, eq, gt, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
+import { confirm, input, password, select } from "@inquirer/prompts";
 import { fileURLToPath } from "node:url";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
-import { confirm, input, password, select } from "@inquirer/prompts";
 import cors from "@fastify/cors";
 import rateLimit from "@fastify/rate-limit";
 import fastifyStatic from "@fastify/static";
@@ -461,7 +461,6 @@ z.object({
 	inboxId: z.string(),
 	status: z.string(),
 	source: z.string().nullable().optional(),
-	cloudUserId: z.string().nullable().optional(),
 	visibility: agentVisibilitySchema,
 	metadata: z.record(z.string(), z.unknown()),
 	managerId: z.string().nullable(),
@@ -1329,6 +1328,22 @@ defineConfig({
 		}),
 		hubPublicUrl: field(z.string(), { env: "FIRST_TREE_HUB_PUBLIC_URL" })
 	}),
+	feedback: optional({
+		repo: field(z.string(), { env: "HEARBACK_FEEDBACK_REPO" }),
+		githubToken: field(z.string(), {
+			env: "HEARBACK_GITHUB_TOKEN",
+			secret: true
+		}),
+		llm: optional({
+			apiKey: field(z.string(), {
+				env: "LLM_API_KEY",
+				secret: true
+			}),
+			baseUrl: field(z.string().optional(), { env: "LLM_BASE_URL" }),
+			model: field(z.string().optional(), { env: "LLM_MODEL" })
+		}),
+		trustProxyHeaders: field(z.boolean().default(false), { env: "HEARBACK_TRUST_PROXY_HEADERS" })
+	}),
 	observability: {
 		logging: {
 			level: field(logLevelSchema.default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" }),
@@ -1511,6 +1526,19 @@ var SdkError = class extends Error {
 		this.name = "SdkError";
 	}
 };
+/**
+* Thrown (emitted on `error` and rejected from `connect()`) when the server
+* refuses a `client:register` because the local clientId is bound to a
+* different organization. The CLI layer detects this via `instanceof` and
+* prompts the user before rotating the local clientId.
+*/
+var ClientOrgMismatchError$1 = class extends Error {
+	code = "CLIENT_ORG_MISMATCH";
+	constructor(message = "Client belongs to a different organization") {
+		super(message);
+		this.name = "ClientOrgMismatchError";
+	}
+};
 const RECONNECT_BASE_MS = 1e3;
 const RECONNECT_MAX_MS = 3e4;
 const WS_CONNECT_TIMEOUT_MS = 1e4;
@@ -1566,6 +1594,12 @@ var ClientConnection = class extends EventEmitter {
 	registered = false;
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
 	welcomeFramesReceived = 0;
+	/**
+	* Last handshake error, stashed for the `close` handler to surface a typed
+	* reason (e.g. {@link ClientOrgMismatchError}) instead of a generic
+	* "closed before ready" when `connect()` is pending.
+	*/
+	lastHandshakeError = null;
 	wsLogger;
 	authLogger;
 	boundAgents = /* @__PURE__ */ new Map();
@@ -1750,7 +1784,9 @@ var ClientConnection = class extends EventEmitter {
 				this.rejectAllPendingBinds("WebSocket closed");
 				if (!settled) {
 					this.wsLogger.warn({ code }, "closed before ready");
-					settle(reject, /* @__PURE__ */ new Error(`WebSocket closed before ready (code ${code})`));
+					const typedErr = this.lastHandshakeError;
+					this.lastHandshakeError = null;
+					settle(reject, typedErr ?? /* @__PURE__ */ new Error(`WebSocket closed before ready (code ${code})`));
 					return;
 				}
 				this.wsLogger.warn({
@@ -1803,8 +1839,15 @@ var ClientConnection = class extends EventEmitter {
 			return;
 		}
 		if (type === "client:register:rejected") {
-			const err = /* @__PURE__ */ new Error(`client:register rejected: ${msg.message ?? "unknown"}`);
-			this.wsLogger.error({ message: msg.message }, "client register rejected");
+			const code = typeof msg.code === "string" ? msg.code : void 0;
+			const message = typeof msg.message === "string" ? msg.message : "unknown";
+			this.closing = true;
+			const err = code === "CLIENT_ORG_MISMATCH" ? new ClientOrgMismatchError$1(message) : /* @__PURE__ */ new Error(`client:register rejected: ${message}`);
+			this.lastHandshakeError = err;
+			this.wsLogger.error({
+				code,
+				message
+			}, "client register rejected");
 			this.emit("error", err);
 			this.ws?.close(4403, "register rejected");
 			return;
@@ -4838,6 +4881,96 @@ function makeUuidV7() {
 	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
 }
 //#endregion
+//#region src/core/client-reidentify.ts
+/**
+* Handle a `CLIENT_ORG_MISMATCH` from the server by rotating the local
+* `client.id` in `client.yaml`. The server binds every client to one org for
+* its lifetime; when the user's credentials move to a different org, the old
+* clientId becomes unusable and a new one must be issued locally. The old
+* yaml is preserved as `client.yaml.bak` so the operator can recover or
+* audit the previous identity.
+*
+* Returns the generated clientId. The caller is expected to reset the config
+* singleton and re-run its initialization so the new id takes effect.
+*/
+function rotateClientIdWithBackup(configDir) {
+	const yamlPath = join(configDir, "client.yaml");
+	const backupPath = join(configDir, "client.yaml.bak");
+	if (!existsSync(yamlPath)) throw new Error(`Cannot rotate client id — ${yamlPath} does not exist.`);
+	const raw = readFileSync(yamlPath, "utf-8");
+	copyFileSync(yamlPath, backupPath);
+	const parsed = parse(raw);
+	const current = typeof parsed === "object" && parsed !== null ? parsed : {};
+	const clientSection = typeof current.client === "object" && current.client !== null ? current.client : {};
+	const oldId = typeof clientSection.id === "string" ? clientSection.id : null;
+	const newId = `client_${randomBytes(4).toString("hex")}`;
+	writeFileSync(yamlPath, stringify({
+		...current,
+		client: {
+			...clientSection,
+			id: newId
+		}
+	}), { mode: 384 });
+	return {
+		oldId,
+		newId,
+		backupPath,
+		yamlPath
+	};
+}
+/**
+* Shared handler for `CLIENT_ORG_MISMATCH` across CLI entry points
+* (`client start` and `client connect --no-service`). Prompts interactively,
+* rotates the local clientId, and always exits the current process — the
+* runtime is already poisoned (wrong clientId in memory), so continuing
+* in-band is not safe. Service-supervised (managed) runs skip the prompt and
+* leave an audit trail in pino so operators can trace `.bak` files later.
+*
+* Exits with:
+*   - 0 after a successful rotate (operator is told how to re-run).
+*   - 1 if the user declines or rotation itself fails.
+*/
+async function handleClientOrgMismatch(err, opts) {
+	print.blank();
+	print.line("  ⚠️  This machine is registered as a client in a different organization.\n");
+	print.line(`     Server message: ${err.message}\n`);
+	print.blank();
+	if (!(opts.managed ? true : await confirm({
+		message: "Rotate the local client identity and register fresh?",
+		default: true
+	}).catch(() => false))) {
+		print.line("  Aborted — no changes made.\n");
+		process.exit(1);
+	}
+	try {
+		const { oldId, newId, backupPath } = rotateClientIdWithBackup(opts.configDir);
+		if (opts.managed) createLogger("client").warn({
+			oldId,
+			newId,
+			backupPath
+		}, "client identity rotated on CLIENT_ORG_MISMATCH (managed mode)");
+		print.blank();
+		print.line(`  ✓ Rotated local client identity.\n`);
+		print.line(`      old clientId: ${oldId ?? "(unset)"}\n`);
+		print.line(`      new clientId: ${newId}\n`);
+		print.line(`      previous yaml backed up to: ${backupPath}\n`);
+		print.blank();
+		print.line("  Note: the old client remains in the previous org. That org's admin\n");
+		print.line("  can remove it if cleanup is needed.\n");
+		print.blank();
+		if (opts.managed) print.line("  The background service will pick up the new identity on its next restart.\n\n");
+		else {
+			print.line("  To reconnect with the new identity, run:\n\n");
+			print.line(`      ${opts.rerunCommand}\n\n`);
+		}
+		process.exit(0);
+	} catch (rotateErr) {
+		const rmsg = rotateErr instanceof Error ? rotateErr.message : String(rotateErr);
+		print.line(`  Failed to rotate client identity: ${rmsg}\n`);
+		process.exit(1);
+	}
+}
+//#endregion
 //#region src/core/client-runtime.ts
 /**
 * Client runtime — one shared ClientConnection, multiple agents multiplexed.
@@ -6146,7 +6279,7 @@ async function onboardCreate(args) {
 	}
 	const runtimeAgent = args.type === "human" ? args.assistant : args.id;
 	if (args.feishuBotAppId && args.feishuBotAppSecret) {
-		const { bindFeishuBot } = await import("./feishu-CRNUI05I.mjs").then((n) => n.r);
+		const { bindFeishuBot } = await import("./feishu-B1Kiq7S6.mjs").then((n) => n.r);
 		const targetAgentUuid = args.type === "human" ? assistantUuid : primary.uuid;
 		if (!targetAgentUuid) print.line(`Warning: Cannot bind Feishu bot — no runtime agent available for "${args.id}".\n`);
 		else {
@@ -6287,7 +6420,764 @@ function setNestedByDot(obj, dotPath, value) {
 	if (lastKey !== void 0) current[lastKey] = value;
 }
 //#endregion
-//#region ../server/dist/app-BcAIFEPL.mjs
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/schema.js
+const FeedbackType = z.enum(["bug", "feature"]);
+const BrowserContext = z.object({
+	url: z.string().optional(),
+	userAgent: z.string().optional(),
+	browser: z.string().optional(),
+	os: z.string().optional(),
+	viewport: z.string().optional()
+});
+const ConsoleError = z.object({
+	message: z.string(),
+	stack: z.string().optional(),
+	timestamp: z.string().optional()
+});
+const FailedRequest = z.object({
+	method: z.string(),
+	url: z.string(),
+	status: z.number().optional(),
+	statusText: z.string().optional()
+});
+const AgentContext = z.object({
+	toolCalls: z.array(z.object({
+		name: z.string(),
+		error: z.string().optional()
+	})).optional(),
+	errorTraces: z.array(z.string()).optional(),
+	environment: z.record(z.string()).optional()
+});
+const FeedbackContext = z.object({
+	source: z.enum(["web-plugin", "agent-skill"]),
+	browser: BrowserContext.optional(),
+	consoleErrors: z.array(ConsoleError).optional(),
+	failedRequests: z.array(FailedRequest).optional(),
+	agent: AgentContext.optional(),
+	screenshotUrl: z.string().optional(),
+	timestamp: z.string().optional(),
+	extra: z.record(z.string()).optional()
+});
+const ReporterInfo = z.object({ email: z.string().email().optional() });
+const FeedbackReport = z.object({
+	type: FeedbackType,
+	title: z.string().min(5, "Title must be at least 5 characters"),
+	description: z.string(),
+	context: FeedbackContext,
+	reporter: ReporterInfo.optional()
+});
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/errors.js
+var HearbackError = class extends Error {
+	code;
+	constructor(message, code) {
+		super(message);
+		this.code = code;
+		this.name = "HearbackError";
+	}
+};
+var GitHubAuthError = class extends HearbackError {
+	constructor(status, message, url = "") {
+		let hint;
+		if (status === 401) hint = "GitHub token is missing or expired.";
+		else if (status === 403) if (url.includes("/contents/") || url.includes("/git/refs")) hint = "Token lacks \"contents:write\" scope. Needed for screenshot uploads and saving subscribers to the hearback-data branch.";
+		else if (url.includes("/issues") || url.includes("/labels")) hint = "Token lacks \"issues:write\" scope. Needed to create issues, labels, and reactions.";
+		else hint = `GitHub returned 403 (forbidden) for ${url || "API call"}. Check token permissions.`;
+		else hint = `GitHub API returned ${status}: ${message}`;
+		super(hint, "GITHUB_AUTH_ERROR");
+	}
+};
+var GitHubRateLimitError = class extends HearbackError {
+	resetAt;
+	constructor(resetAt) {
+		super(`GitHub API rate limit exceeded. Resets at ${resetAt.toISOString()}`, "GITHUB_RATE_LIMIT");
+		this.resetAt = resetAt;
+	}
+};
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/github.js
+function parseRepo(repo) {
+	const parts = repo.split("/");
+	if (parts.length !== 2 || !parts[0] || !parts[1]) throw new HearbackError(`Invalid repo format: "${repo}". Expected "owner/name".`, "INVALID_REPO");
+	return {
+		owner: parts[0],
+		name: parts[1]
+	};
+}
+async function githubFetch(config, path, options = {}) {
+	const base = config.apiBase ?? "https://api.github.com";
+	const url = path.startsWith("http") ? path : `${base}${path}`;
+	const res = await fetch(url, {
+		...options,
+		headers: {
+			Accept: "application/vnd.github.v3+json",
+			Authorization: `Bearer ${config.token}`,
+			"User-Agent": "hearback",
+			...options.headers
+		}
+	});
+	if (res.status === 401 || res.status === 403) throw new GitHubAuthError(res.status, await res.text(), path);
+	if (res.status === 429) {
+		const resetHeader = res.headers.get("x-ratelimit-reset");
+		throw new GitHubRateLimitError(resetHeader ? /* @__PURE__ */ new Date(Number(resetHeader) * 1e3) : /* @__PURE__ */ new Date());
+	}
+	return res;
+}
+async function createIssue(config, params) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/issues`, {
+		method: "POST",
+		body: JSON.stringify(params),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok) throw new HearbackError(`Failed to create issue: ${res.status} ${await res.text()}`, "GITHUB_CREATE_ISSUE_FAILED");
+	return res.json();
+}
+async function searchIssues(config, query) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/search/issues?q=${encodeURIComponent(`${query} repo:${owner}/${name} is:issue label:hearback`)}&per_page=5`);
+	if (!res.ok) return {
+		total_count: 0,
+		items: []
+	};
+	return res.json();
+}
+async function addReaction(config, issueNumber, reaction = "+1") {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/issues/${issueNumber}/reactions`, {
+		method: "POST",
+		body: JSON.stringify({ content: reaction }),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok && res.status !== 422) throw new HearbackError(`Failed to add reaction: ${res.status}`, "GITHUB_REACTION_FAILED");
+}
+/** Read a file from a repo branch. Returns null if not found. */
+async function getRepoFile(config, path, branch) {
+	const { owner, name } = parseRepo(config.repo);
+	const res = await githubFetch(config, `/repos/${owner}/${name}/contents/${path}${branch ? `?ref=${branch}` : ""}`);
+	if (res.status === 404) return null;
+	if (!res.ok) throw new HearbackError(`Failed to read file ${path}: ${res.status}`, "GITHUB_READ_FILE_FAILED");
+	const data = await res.json();
+	return {
+		content: data.encoding === "base64" ? Buffer.from(data.content, "base64").toString("utf-8") : data.content,
+		sha: data.sha
+	};
+}
+/** Write (create or update) a file on a repo branch. Requires sha for updates. */
+async function putRepoFile(config, params) {
+	const { owner, name } = parseRepo(config.repo);
+	const base64 = Buffer.isBuffer(params.content) ? params.content.toString("base64") : Buffer.from(params.content, "utf-8").toString("base64");
+	const body = {
+		message: params.message,
+		content: base64
+	};
+	if (params.branch) body.branch = params.branch;
+	if (params.sha) body.sha = params.sha;
+	const res = await githubFetch(config, `/repos/${owner}/${name}/contents/${params.path}`, {
+		method: "PUT",
+		body: JSON.stringify(body),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!res.ok) throw new HearbackError(`Failed to write file ${params.path}: ${res.status}`, "GITHUB_WRITE_FILE_FAILED");
+	const data = await res.json();
+	return {
+		downloadUrl: data.content.download_url,
+		htmlUrl: data.content.html_url,
+		sha: data.content.sha
+	};
+}
+/** Ensure a branch exists; creates it from default branch (main/master) if missing. */
+async function ensureBranch(config, branchName) {
+	const { owner, name } = parseRepo(config.repo);
+	const checkRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs/heads/${branchName}`);
+	if (checkRes.ok) return;
+	if (checkRes.status !== 404) throw new HearbackError(`Failed to check branch: ${checkRes.status}`, "GITHUB_CHECK_BRANCH_FAILED");
+	const repoRes = await githubFetch(config, `/repos/${owner}/${name}`);
+	if (!repoRes.ok) throw new HearbackError(`Failed to read repo: ${repoRes.status}`, "GITHUB_READ_REPO_FAILED");
+	const defaultRefRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs/heads/${(await repoRes.json()).default_branch}`);
+	if (!defaultRefRes.ok) throw new HearbackError(`Failed to read default branch: ${defaultRefRes.status}`, "GITHUB_READ_DEFAULT_BRANCH_FAILED");
+	const defaultRef = await defaultRefRes.json();
+	const createRes = await githubFetch(config, `/repos/${owner}/${name}/git/refs`, {
+		method: "POST",
+		body: JSON.stringify({
+			ref: `refs/heads/${branchName}`,
+			sha: defaultRef.object.sha
+		}),
+		headers: { "Content-Type": "application/json" }
+	});
+	if (!createRes.ok && createRes.status !== 422) throw new HearbackError(`Failed to create branch: ${createRes.status}`, "GITHUB_CREATE_BRANCH_FAILED");
+}
+async function uploadImage(config, imageData, filename) {
+	const { downloadUrl } = await putRepoFile(config, {
+		path: `_hearback-uploads/${Date.now()}-${filename}`,
+		content: imageData,
+		message: `[hearback] upload screenshot: ${filename}`
+	});
+	const tokenIdx = downloadUrl.indexOf("?token=");
+	return tokenIdx === -1 ? downloadUrl : downloadUrl.slice(0, tokenIdx);
+}
+async function ensureLabels(config, labels) {
+	const { owner, name } = parseRepo(config.repo);
+	for (const label of labels) {
+		const color = getLabelColor(label);
+		const res = await githubFetch(config, `/repos/${owner}/${name}/labels`, {
+			method: "POST",
+			body: JSON.stringify({
+				name: label,
+				color
+			}),
+			headers: { "Content-Type": "application/json" }
+		});
+		if (!res.ok && res.status !== 422) throw new HearbackError(`Failed to create label "${label}": ${res.status}`, "GITHUB_LABEL_FAILED");
+	}
+}
+function getLabelColor(label) {
+	return label === "hearback" ? "F59E0B" : "CCCCCC";
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/formatter.js
+function formatIssueBody(report) {
+	const sections = [];
+	const heading = report.type === "bug" ? "Bug Report" : "Feature Request";
+	sections.push(`## ${heading}`);
+	sections.push(`**描述**: ${report.description}`);
+	if (report.context.screenshotUrl) sections.push(`\n**截图**:\n![screenshot](${report.context.screenshotUrl})`);
+	sections.push(formatContextTable(report));
+	if (report.context.consoleErrors?.length) sections.push(formatConsoleErrors(report.context.consoleErrors));
+	if (report.context.failedRequests?.length) sections.push(formatFailedRequests(report.context.failedRequests));
+	if (report.context.agent?.toolCalls?.length) sections.push(formatToolCalls(report.context.agent.toolCalls));
+	if (report.context.agent?.errorTraces?.length) sections.push(formatErrorTraces(report.context.agent.errorTraces));
+	return sections.join("\n\n");
+}
+function formatContextTable(report) {
+	const rows = [];
+	rows.push(["来源", report.context.source]);
+	if (report.context.browser?.url) rows.push(["页面", report.context.browser.url]);
+	if (report.context.browser?.browser && report.context.browser?.os) rows.push(["浏览器", `${report.context.browser.browser} / ${report.context.browser.os}`]);
+	else if (report.context.browser?.userAgent) rows.push(["User Agent", report.context.browser.userAgent]);
+	if (report.context.timestamp) rows.push(["时间", report.context.timestamp]);
+	if (report.context.extra) for (const [key, value] of Object.entries(report.context.extra)) rows.push([key, value]);
+	if (rows.length === 0) return "";
+	return [
+		"### 自动收集的上下文",
+		"",
+		"| 字段 | 值 |",
+		"|------|-----|",
+		...rows.map(([k, v]) => `| ${k} | ${v} |`)
+	].join("\n");
+}
+function formatConsoleErrors(errors) {
+	return [
+		"<details>",
+		"<summary>Console Errors</summary>",
+		"",
+		...errors.map((e) => {
+			let entry = e.message;
+			if (e.stack) entry += `\n    ${e.stack}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatFailedRequests(requests) {
+	return [
+		"<details>",
+		"<summary>Failed Network Requests</summary>",
+		"",
+		...requests.map((r) => {
+			let entry = `${r.method} ${r.url}`;
+			if (r.status) entry += ` → ${r.status}`;
+			if (r.statusText) entry += ` ${r.statusText}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatToolCalls(calls) {
+	return [
+		"<details>",
+		"<summary>Tool Calls</summary>",
+		"",
+		...calls.map((c) => {
+			let entry = `- \`${c.name}\``;
+			if (c.error) entry += ` — error: ${c.error}`;
+			return entry;
+		}),
+		"",
+		"</details>"
+	].join("\n");
+}
+function formatErrorTraces(traces) {
+	return [
+		"<details>",
+		"<summary>Error Traces</summary>",
+		"",
+		...traces.map((t) => `\`\`\`\n${t}\n\`\`\``),
+		"",
+		"</details>"
+	].join("\n");
+}
+const SUBSCRIBERS_PATH = "subscribers.json";
+function normalize(email) {
+	return email.toLowerCase().trim();
+}
+async function readSubscribers(config, branch) {
+	const file = await getRepoFile(config, SUBSCRIBERS_PATH, branch);
+	if (!file) return { data: {} };
+	try {
+		return {
+			data: JSON.parse(file.content),
+			sha: file.sha
+		};
+	} catch {
+		return {
+			data: {},
+			sha: file.sha
+		};
+	}
+}
+async function writeSubscribers(config, branch, data, sha, message) {
+	await putRepoFile(config, {
+		path: SUBSCRIBERS_PATH,
+		content: JSON.stringify(data, null, 2),
+		message,
+		branch,
+		sha
+	});
+}
+/**
+* Add an email to an issue's subscriber list. Creates the data branch and file
+* if missing. Dedupes. Retries once on sha conflict (concurrent writes).
+*/
+async function addSubscriber(config, issueNumber, email, options = {}) {
+	const branch = options.branch ?? "hearback-data";
+	const normalized = normalize(email);
+	const key = String(issueNumber);
+	await ensureBranch(config, branch);
+	for (let attempt = 0; attempt < 2; attempt++) {
+		const { data, sha } = await readSubscribers(config, branch);
+		const existing = data[key] ?? [];
+		if (existing.includes(normalized)) return;
+		const updated = {
+			...data,
+			[key]: [...existing, normalized]
+		};
+		try {
+			await writeSubscribers(config, branch, updated, sha, `[hearback] add subscriber to #${issueNumber}`);
+			return;
+		} catch (err) {
+			if (err instanceof HearbackError && err.code === "GITHUB_WRITE_FILE_FAILED" && attempt === 0) continue;
+			throw err;
+		}
+	}
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/duplicates.js
+/**
+* Sanitize title for GitHub search. Removes characters that would break
+* search query syntax (quotes, colons, slashes used as operators) and
+* caps length. GitHub search handles stopwords and tokenization internally,
+* so we pass the cleaned title through directly.
+*/
+function sanitizeTitle(title) {
+	return title.replace(/["':/]/g, " ").replace(/\s+/g, " ").trim().slice(0, 100);
+}
+async function findDuplicates(config, title) {
+	const query = sanitizeTitle(title);
+	if (!query) return [];
+	return (await searchIssues(config, query)).items.map((issue) => ({
+		issueNumber: issue.number,
+		title: issue.title,
+		state: issue.state,
+		url: issue.html_url
+	}));
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-core@0.1.1/node_modules/hearback-core/dist/submit.js
+async function checkForDuplicates(config, title) {
+	return findDuplicates(config, title);
+}
+async function subscribeToDuplicate(config, issueNumber, email) {
+	await addReaction(config, issueNumber);
+	await addSubscriber(config, issueNumber, email);
+}
+async function submitFeedback(options) {
+	const { github, report } = options;
+	FeedbackReport.parse(report);
+	const labels = ["hearback"];
+	if (report.type === "bug") labels.push("bug");
+	if (report.type === "feature") labels.push("enhancement");
+	await ensureLabels(github, labels);
+	const body = formatIssueBody(report);
+	const issue = await createIssue(github, {
+		title: report.title,
+		body,
+		labels
+	});
+	let subscribeWarning;
+	if (report.reporter?.email) try {
+		await addSubscriber(github, issue.number, report.reporter.email);
+	} catch (err) {
+		subscribeWarning = `Issue created, but reporter email could not be saved (${err instanceof Error ? err.message : String(err)}). Hint: GitHub token needs "contents:write" scope to write the hearback-data branch for email notifications.`;
+		console.warn(`[hearback] ${subscribeWarning}`);
+	}
+	return {
+		issue,
+		isDuplicate: false,
+		subscribeWarning
+	};
+}
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/rate-limit.js
+var RateLimiter = class {
+	submissions = /* @__PURE__ */ new Map();
+	chatMessages = /* @__PURE__ */ new Map();
+	config;
+	constructor(config) {
+		this.config = {
+			maxSubmissions: config?.maxSubmissions ?? 10,
+			maxChatMessages: config?.maxChatMessages ?? 30,
+			windowMs: config?.windowMs ?? 36e5
+		};
+	}
+	checkSubmission(ip) {
+		return this.check(this.submissions, ip, this.config.maxSubmissions);
+	}
+	checkChatMessage(ip) {
+		return this.check(this.chatMessages, ip, this.config.maxChatMessages);
+	}
+	check(bucket, ip, max) {
+		const now = Date.now();
+		const entry = bucket.get(ip);
+		if (!entry || now >= entry.resetAt) {
+			bucket.set(ip, {
+				count: 1,
+				resetAt: now + this.config.windowMs
+			});
+			return { allowed: true };
+		}
+		if (entry.count >= max) return {
+			allowed: false,
+			retryAfterMs: entry.resetAt - now
+		};
+		entry.count++;
+		return { allowed: true };
+	}
+};
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/chat-prompt.js
+const FEEDBACK_CHAT_SYSTEM_PROMPT = `You are a feedback assistant. Help users report bugs or suggest features. Reply in the user's language.
+
+## Don't make users repeat themselves
+Use details from earlier messages in this conversation. Don't ask for things the user has already told you.
+
+## Default behavior
+- One sentence per reply. One question per turn. Never stack questions.
+- If the user's first message already contains symptom + specifics, SKIP questioning and go straight to the summary.
+
+## Bugs — ask ONLY what's missing, in this priority
+1. Symptom — what did you see?
+2. Trigger — always, or specific steps?
+3. Expected — only if not obvious from the symptom.
+
+## Features — ask ONLY what's missing
+1. Use case — what were you trying to do?
+2. Workaround — how are you handling it today? (only if not stated)
+
+## Stop criterion
+Stop when you can write a specific title (NOT "bug found") and a description a developer can act on. Usually 1–3 exchanges.
+
+## Visual context — ask for a screenshot when it would help
+A picture is faster than a paragraph when the problem is visual. After the user's initial description, decide whether a screenshot would materially help a developer act on it. Ask once when:
+- The description mentions anything visual — layout, color, wrong element, "looks weird", position, styling, icon missing.
+- The description names a specific UI element but is vague about what the user is seeing ("the button didn't work" — a screenshot beats another round of questions).
+- The description is very short and a picture would fill in the gaps.
+
+Phrase it as a concrete call to action, not a vague "do you have a screenshot":
+> "A screenshot would help here. Take one with your OS (Cmd+Shift+Ctrl+4 on Mac / Win+Shift+S on Windows), then paste it in or drag the file into this window."
+
+Skip the screenshot ask entirely for purely behavioral / backend bugs — API errors, permissions, data loading, login failures. Those don't need a picture.
+
+Ask at most once. If the user declines, says they can't, or just replies with text, move on with what you have. Don't ask again later in the same conversation.
+
+## Attachments already provided
+When a user message ends with \`[attachment: <name>]\` (or contains that pattern), the user has already attached an image. In that case:
+- Skip the "ask for a screenshot" step entirely — don't ask for one, don't re-ask even if the description sounds visual.
+- Treat the attachment as additional context confirming what the user described; the image itself isn't visible to you, but its presence means a developer will see it in the final issue.
+- Don't mention the marker back to the user.
+
+## Optional — email for fix notifications
+After you have title + summary but BEFORE the summary/confirmation turn, ask once:
+"Optional: want an email when this is fixed? (Skip to continue anonymously.)"
+- User provides an address → include it verbatim as \`email\` in the final JSON.
+- User declines / says "no" / "skip" / "anonymous" / silence → OMIT the \`email\` field entirely (don't emit "" or null).
+- Never ask twice. If the answer is unclear, treat it as skip.
+- Don't guess or fabricate an email.
+
+## Summary format (before confirmation)
+> **Title:** …
+> **Summary:** …
+> **Email:** … *(only if the user provided one; omit the line otherwise)*
+>
+> Submit this?
+
+## Confirmation — judge intent, don't match keywords
+"yes" / "go" / "就这样" / "可以了" / "submit" / "提交" / 👍 — all confirm.
+"wait" / "先别" / "let me add" — don't. Ambiguous → ask once more.
+
+## After confirmation — output ONLY this JSON, nothing else:
+
+\`\`\`json
+{"ready":true,"type":"bug","title":"under 60 chars, specific","description":"markdown"}
+\`\`\`
+
+\`type\` must be exactly "bug" or "feature" (never "bug_or_feature").
+
+If (and only if) the user provided an email, add it as \`email\`:
+
+\`\`\`json
+{"ready":true,"type":"bug","title":"…","description":"…","email":"user@example.com"}
+\`\`\`
+
+Omit the \`email\` key entirely when the user skipped. Don't emit \`"email":""\` or \`"email":null\`.
+
+Description format (suggested, not strict):
+- Bug: symptom / repro / expected
+- Feature: use case / proposed / workaround
+
+Include the user's own words where they matter.
+
+## Hard rules
+- Never output JSON before confirmation. If unsure, ask once more.
+- If the user pastes a token / password / API key / secret, warn them and OMIT it from the report.
+- "Nevermind" / "算了" / "forget it" → stop cleanly.
+`;
+//#endregion
+//#region ../../node_modules/.pnpm/hearback-server@0.1.6/node_modules/hearback-server/dist/handler.js
+function createFeedbackHandler(config) {
+	const rateLimiter = new RateLimiter(config.rateLimit);
+	const ghConfig = {
+		repo: config.repo,
+		token: config.githubToken,
+		apiBase: config.githubApiBase
+	};
+	const corsHeaders = {
+		"Access-Control-Allow-Methods": "POST, OPTIONS",
+		"Access-Control-Allow-Headers": "Content-Type"
+	};
+	const origins = config.corsOrigins ?? ["*"];
+	if (origins.includes("*")) corsHeaders["Access-Control-Allow-Origin"] = "*";
+	function getCorsHeaders(requestOrigin) {
+		if (origins.includes("*")) return corsHeaders;
+		if (requestOrigin && origins.includes(requestOrigin)) return {
+			...corsHeaders,
+			"Access-Control-Allow-Origin": requestOrigin
+		};
+		return corsHeaders;
+	}
+	async function handle(req) {
+		const cors = getCorsHeaders(req.headers["origin"]);
+		if (req.method === "OPTIONS") return {
+			status: 204,
+			headers: cors,
+			body: null
+		};
+		if (req.method !== "POST") return {
+			status: 405,
+			headers: cors,
+			body: { error: "Method not allowed" }
+		};
+		const route = req.path.replace(/\/$/, "");
+		try {
+			if (route.endsWith("/chat")) return await handleChat(req, cors);
+			if (route.endsWith("/submit")) return await handleSubmit(req, cors);
+			if (route.endsWith("/subscribe")) return await handleSubscribe(req, cors);
+			if (route.endsWith("/upload")) return await handleUpload(req, cors);
+			return {
+				status: 404,
+				headers: cors,
+				body: { error: "Not found" }
+			};
+		} catch (err) {
+			return {
+				status: 500,
+				headers: cors,
+				body: { error: err instanceof Error ? err.message : "Internal error" }
+			};
+		}
+	}
+	async function handleChat(req, cors) {
+		if (!config.llm) return {
+			status: 501,
+			headers: cors,
+			body: { error: "LLM not configured. Use form mode." }
+		};
+		const rateCheck = rateLimiter.checkChatMessage(req.ip);
+		if (!rateCheck.allowed) return {
+			status: 429,
+			headers: {
+				...cors,
+				"Retry-After": String(Math.ceil((rateCheck.retryAfterMs ?? 36e5) / 1e3))
+			},
+			body: { error: "反馈过多，一小时后再试" }
+		};
+		const body = req.body;
+		if (!body.messages || !Array.isArray(body.messages)) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing messages array" }
+		};
+		const messages = body.messages.slice(-10);
+		const baseUrl = config.llm.baseUrl ?? "https://api.openai.com/v1";
+		const model = config.llm.model ?? "gpt-4o-mini";
+		const llmRes = await fetch(`${baseUrl}/chat/completions`, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${config.llm.apiKey}`
+			},
+			body: JSON.stringify({
+				model,
+				messages: [{
+					role: "system",
+					content: FEEDBACK_CHAT_SYSTEM_PROMPT
+				}, ...messages],
+				stream: true
+			})
+		});
+		if (!llmRes.ok) {
+			const text = await llmRes.text();
+			return {
+				status: 502,
+				headers: cors,
+				body: {
+					error: `LLM error: ${llmRes.status}`,
+					detail: text
+				}
+			};
+		}
+		return {
+			status: 200,
+			headers: {
+				...cors,
+				"Content-Type": "text/event-stream",
+				"Cache-Control": "no-cache",
+				Connection: "keep-alive"
+			},
+			body: llmRes.body
+		};
+	}
+	async function handleSubmit(req, cors) {
+		const rateCheck = rateLimiter.checkSubmission(req.ip);
+		if (!rateCheck.allowed) return {
+			status: 429,
+			headers: {
+				...cors,
+				"Retry-After": String(Math.ceil((rateCheck.retryAfterMs ?? 36e5) / 1e3))
+			},
+			body: { error: "反馈过多，一小时后再试" }
+		};
+		const body = req.body;
+		if (!body.title || !body.description || !body.type) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing required fields: type, title, description" }
+		};
+		if (!body.skipDuplicateCheck) {
+			const duplicates = await checkForDuplicates(ghConfig, body.title);
+			if (duplicates.length > 0) return {
+				status: 200,
+				headers: cors,
+				body: {
+					isDuplicate: true,
+					candidates: duplicates.slice(0, 3)
+				}
+			};
+		}
+		const result = await submitFeedback({
+			github: ghConfig,
+			report: FeedbackReport.parse({
+				type: body.type,
+				title: body.title,
+				description: body.description,
+				context: body.context ?? { source: "web-plugin" },
+				reporter: body.reporterEmail ? { email: body.reporterEmail } : void 0
+			})
+		});
+		return {
+			status: 201,
+			headers: cors,
+			body: {
+				isDuplicate: false,
+				issueNumber: result.issue.number,
+				issueUrl: result.issue.html_url,
+				...result.subscribeWarning ? { warning: result.subscribeWarning } : {}
+			}
+		};
+	}
+	async function handleSubscribe(req, cors) {
+		const body = req.body;
+		if (!body.issueNumber || !body.email) return {
+			status: 400,
+			headers: cors,
+			body: { error: "Missing issueNumber and email" }
+		};
+		try {
+			await subscribeToDuplicate(ghConfig, body.issueNumber, body.email);
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			const hint = msg.includes("contents") || msg.includes("403") ? "GitHub token needs \"contents:write\" scope to save subscribers. See docs for token setup." : msg;
+			return {
+				status: 502,
+				headers: cors,
+				body: {
+					subscribed: false,
+					issueNumber: body.issueNumber,
+					error: hint
+				}
+			};
+		}
+		return {
+			status: 200,
+			headers: cors,
+			body: {
+				subscribed: true,
+				issueNumber: body.issueNumber
+			}
+		};
+	}
+	async function handleUpload(req, cors) {
+		if (!req.rawBody || req.rawBody.length === 0) return {
+			status: 400,
+			headers: cors,
+			body: { error: "No file data received" }
+		};
+		if (req.rawBody.length > 10 * 1024 * 1024) return {
+			status: 413,
+			headers: cors,
+			body: { error: "Screenshot exceeds 10MB limit" }
+		};
+		try {
+			const filename = `screenshot-${Date.now()}.jpg`;
+			return {
+				status: 200,
+				headers: cors,
+				body: { url: await uploadImage(ghConfig, req.rawBody, filename) }
+			};
+		} catch (err) {
+			return {
+				status: 500,
+				headers: cors,
+				body: { error: err instanceof Error ? err.message : "Upload failed" }
+			};
+		}
+	}
+	return { handle };
+}
+//#endregion
+//#region ../server/dist/app-RWQiJW6_.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -6298,6 +7188,17 @@ var __exportAll = (all, no_symbols) => {
 	if (!no_symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
+/** Organization entity. Agents and chats belong to exactly one organization. */
+const organizations = pgTable("organizations", {
+	id: text("id").primaryKey(),
+	name: text("name").unique().notNull(),
+	displayName: text("display_name").notNull(),
+	maxAgents: integer("max_agents").notNull().default(0),
+	maxMessagesPerMinute: integer("max_messages_per_minute").notNull().default(0),
+	features: jsonb("features").$type().notNull().default({}),
+	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
+	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
+});
 /** User accounts. Passwords are stored as bcrypt hashes. */
 const users = pgTable("users", {
 	id: text("id").primaryKey(),
@@ -6316,10 +7217,18 @@ const users = pgTable("users", {
 * every `agent:bind` request. `user_id` is nullable only to accommodate legacy
 * rows created before JWT-on-handshake; the WS handshake claims the row on
 * first re-register under an authenticated JWT (see `client:register` M13).
+*
+* A client is also bound to exactly one organization for its lifetime. The
+* `organization_id` column is populated on first registration from the
+* authenticated JWT's org claim and never changes thereafter. Re-registering
+* the same clientId under a JWT for a different org is rejected with
+* `CLIENT_ORG_MISMATCH` — the CLI responds by abandoning the local clientId
+* and registering a new one instead (see docs/multi-tenancy-hardening-design.md).
 */
 const clients = pgTable("clients", {
 	id: text("id").primaryKey(),
 	userId: text("user_id").references(() => users.id, { onDelete: "set null" }),
+	organizationId: text("organization_id").notNull().references(() => organizations.id),
 	status: text("status").notNull().default("disconnected"),
 	sdkVersion: text("sdk_version"),
 	hostname: text("hostname"),
@@ -6328,18 +7237,7 @@ const clients = pgTable("clients", {
 	connectedAt: timestamp("connected_at", { withTimezone: true }),
 	lastSeenAt: timestamp("last_seen_at", { withTimezone: true }).notNull().defaultNow(),
 	metadata: jsonb("metadata").$type()
-}, (table) => [index("idx_clients_user").on(table.userId)]);
-/** Organization entity. Agents and chats belong to exactly one organization. */
-const organizations = pgTable("organizations", {
-	id: text("id").primaryKey(),
-	name: text("name").unique().notNull(),
-	displayName: text("display_name").notNull(),
-	maxAgents: integer("max_agents").notNull().default(0),
-	maxMessagesPerMinute: integer("max_messages_per_minute").notNull().default(0),
-	features: jsonb("features").$type().notNull().default({}),
-	createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
-	updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow()
-});
+}, (table) => [index("idx_clients_user").on(table.userId), index("idx_clients_org").on(table.organizationId)]);
 /** Agent registration. Each agent owns a unique inboxId for message delivery. */
 const agents = pgTable("agents", {
 	uuid: text("uuid").primaryKey(),
@@ -6351,7 +7249,6 @@ const agents = pgTable("agents", {
 	inboxId: text("inbox_id").unique().notNull(),
 	status: text("status").notNull().default("active"),
 	source: text("source"),
-	cloudUserId: text("cloud_user_id"),
 	visibility: text("visibility").notNull().default("private"),
 	metadata: jsonb("metadata").$type().notNull().default({}),
 	managerId: text("manager_id").notNull(),
@@ -6413,6 +7310,20 @@ var BadRequestError = class extends AppError {
 		this.name = "BadRequestError";
 	}
 };
+/**
+* Thrown when an operation targets a client whose organization does not match
+* the caller's authenticated organization. A client is bound to exactly one
+* org for its lifetime; re-registering or operating under a different org's
+* credentials is refused. CLI consumers recognize the `code` field and
+* respond by abandoning the local clientId to register a fresh one.
+*/
+var ClientOrgMismatchError = class extends AppError {
+	code = "CLIENT_ORG_MISMATCH";
+	constructor(message = "Client belongs to a different organization") {
+		super(403, message);
+		this.name = "ClientOrgMismatchError";
+	}
+};
 /** Communication container. All messages between agents flow within a Chat. */
 const chats = pgTable("chats", {
 	id: text("id").primaryKey(),
@@ -7266,14 +8177,19 @@ async function resolveAgentClient(db, data) {
 		return null;
 	}
 	if (!data.clientId) return null;
-	const [manager] = await db.select({ userId: members.userId }).from(members).where(eq(members.id, data.managerId)).limit(1);
+	const [manager] = await db.select({
+		userId: members.userId,
+		organizationId: members.organizationId
+	}).from(members).where(eq(members.id, data.managerId)).limit(1);
 	if (!manager) throw new BadRequestError(`Manager "${data.managerId}" not found`);
 	const [client] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
 	if (!client) throw new BadRequestError(`Client "${data.clientId}" not found`);
 	if (!client.userId) throw new BadRequestError(`Client "${data.clientId}" has not been claimed by a user yet. Have the operator run \`first-tree-hub client connect\` on that machine before pinning an agent to it.`);
+	if (client.organizationId !== manager.organizationId) throw new ForbiddenError(`Client "${data.clientId}" belongs to a different organization — pick a client registered in the manager's org.`);
 	if (client.userId !== manager.userId) throw new ForbiddenError(`Client "${data.clientId}" is not owned by the manager's user — pick a client belonging to that user.`);
 	return client.id;
 }
@@ -7372,7 +8288,6 @@ async function listAgentsForAdmin(db, scope, limit, cursor) {
 		delegateMention: agents.delegateMention,
 		inboxId: agents.inboxId,
 		status: agents.status,
-		cloudUserId: agents.cloudUserId,
 		visibility: agents.visibility,
 		metadata: agents.metadata,
 		managerId: agents.managerId,
@@ -7410,7 +8325,6 @@ async function listAgentsForMember(db, scope, limit, cursor, type) {
 		delegateMention: agents.delegateMention,
 		inboxId: agents.inboxId,
 		status: agents.status,
-		cloudUserId: agents.cloudUserId,
 		visibility: agents.visibility,
 		metadata: agents.metadata,
 		managerId: agents.managerId,
@@ -7940,22 +8854,23 @@ async function cleanupStalePresence(db, staleSeconds = 60) {
 * Assert the caller can act on this client. Throws 404 for both "not found"
 * and "not yours" to prevent UUID enumeration across org/user boundaries.
 *
-*   - member: owner match (`row.user_id == scope.userId`).
-*   - admin: any client whose owner is a member of the admin's own org.
+* A client is bound to exactly one organization (`clients.organization_id`).
+* Access is granted when:
+*   - member: row.user_id == scope.userId AND row.organization_id == scope.organizationId.
+*   - admin: row.organization_id == scope.organizationId AND the owner is a
+*     member of that same org (defense in depth).
 *
-* Legacy unclaimed rows (`user_id IS NULL`) have no org association we can
-* verify — we explicitly refuse to grant admin access to them so a
-* cross-tenant admin can't operate on another org's orphan rows. These
-* orphans are surfaced for self-service re-registration only; the owning
-* operator must claim the row via `first-tree-hub connect` before any
-* admin action becomes available.
+* Same user across two orgs has two distinct client rows; operating on one
+* while logged into the other is refused by the org filter.
 */
 async function assertClientOwner(db, clientId, scope) {
 	const [row] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, clientId)).limit(1);
 	if (!row) throw new NotFoundError(`Client "${clientId}" not found`);
+	if (row.organizationId !== scope.organizationId) throw new NotFoundError(`Client "${clientId}" not found`);
 	if (row.userId === scope.userId) return;
 	if (scope.role === "admin" && row.userId !== null) {
 		const [sibling] = await db.select({ id: members.id }).from(members).where(and(eq(members.userId, row.userId), eq(members.organizationId, scope.organizationId))).limit(1);
@@ -7966,24 +8881,29 @@ async function assertClientOwner(db, clientId, scope) {
 /**
 * Upsert the clients row for a given `client_id` under an authenticated user.
 *
-* Claim semantics (see proposal M13):
-*   - New client_id → INSERT with the authenticated user_id.
-*   - Existing row with `user_id IS NULL` → claim it (set user_id).
-*   - Existing row with a different user_id → {@link ForbiddenError}; the
-*     operator must pick a different clientId. This is a hard conflict rather
-*     than a silent override because the pinned agents under that client
-*     belong to the original owner.
+* Claim semantics (see proposal M13 + multi-tenancy hardening):
+*   - New client_id → INSERT with the authenticated user_id and org_id.
+*   - Existing row with the same user_id + org_id → refresh runtime columns.
+*   - Existing row in a different org → {@link ClientOrgMismatchError}. A
+*     client is bound to one org for its lifetime; the CLI reacts by
+*     abandoning the local clientId and registering a new one.
+*   - Existing row with a different user_id (same org) → {@link ForbiddenError};
+*     the operator must pick a different clientId. Hard conflict because
+*     pinned agents under that client belong to the original owner.
 */
 async function registerClient(db, data) {
 	const now = /* @__PURE__ */ new Date();
 	const [existing] = await db.select({
 		id: clients.id,
-		userId: clients.userId
+		userId: clients.userId,
+		organizationId: clients.organizationId
 	}).from(clients).where(eq(clients.id, data.clientId)).limit(1);
+	if (existing && existing.organizationId !== data.organizationId) throw new ClientOrgMismatchError(`Client "${data.clientId}" is bound to a different organization. Re-register as a new client under the current org.`);
 	if (existing?.userId && existing.userId !== data.userId) throw new ForbiddenError(`Client "${data.clientId}" is already claimed by a different user. Pick a unique client_id.`);
 	await db.insert(clients).values({
 		id: data.clientId,
 		userId: data.userId,
+		organizationId: data.organizationId,
 		status: "connected",
 		instanceId: data.instanceId,
 		hostname: data.hostname ?? null,
@@ -8044,18 +8964,13 @@ async function listActiveAgentsPinnedToClient(db, clientId) {
 /**
 * Scope-aware client listing.
 *
-*   - member: only rows where `user_id = scope.userId`.
-*   - admin: every claimed row whose owner is a member of the caller's
-*     organization.
-*
-* Legacy unclaimed rows (`user_id IS NULL`) are intentionally hidden from
-* both roles — the `clients` table has no org column, so we cannot verify
-* which org an orphan belongs to. Exposing them to admin would leak
-* orphans across tenants. The owning operator reclaims the row via
-* `first-tree-hub connect`, after which it appears in their list.
+*   - member: rows where `user_id = scope.userId` AND `organization_id = scope.organizationId`
+*     — protects against a user listing their own clients registered under a
+*     different org when they're logged into this one.
+*   - admin: every row in `scope.organizationId`, regardless of owner.
 */
 async function listClients(db, scope) {
-	const rows = scope.role === "admin" ? await db.selectDistinct({
+	const rows = scope.role === "admin" ? await db.select({
 		id: clients.id,
 		userId: clients.userId,
 		status: clients.status,
@@ -8066,7 +8981,7 @@ async function listClients(db, scope) {
 		connectedAt: clients.connectedAt,
 		lastSeenAt: clients.lastSeenAt,
 		metadata: clients.metadata
-	}).from(clients).innerJoin(members, eq(members.userId, clients.userId)).where(eq(members.organizationId, scope.organizationId)) : await db.select().from(clients).where(eq(clients.userId, scope.userId));
+	}).from(clients).where(eq(clients.organizationId, scope.organizationId)) : await db.select().from(clients).where(and(eq(clients.userId, scope.userId), eq(clients.organizationId, scope.organizationId)));
 	const counts = await db.select({
 		clientId: agents.clientId,
 		count: sql`count(*)::int`
@@ -8104,6 +9019,14 @@ async function retireClient(db, clientId) {
 		await tx.delete(clients).where(eq(clients.id, clientId));
 	});
 }
+/**
+* System-scope sweep: mark clients as disconnected when their last-seen
+* server instance stopped sending heartbeats. Runs globally across all orgs
+* by design — it is invoked only by internal timers, never from a
+* user-scoped request, so the per-org filter the read paths enforce does not
+* apply. Org isolation on the data these clients belong to is still
+* enforced at the read paths (see `assertClientOwner` / `listClients`).
+*/
 async function cleanupStaleClients(db, staleSeconds = 60) {
 	const result = await db.execute(sql`
     UPDATE clients SET status = 'disconnected'
@@ -11367,6 +12290,7 @@ function clientWsRoutes(notifier, instanceId) {
 								await registerClient(app.db, {
 									clientId: data.clientId,
 									userId: session.userId,
+									organizationId: session.organizationId,
 									instanceId,
 									hostname: data.hostname,
 									os: data.os,
@@ -11374,9 +12298,11 @@ function clientWsRoutes(notifier, instanceId) {
 								});
 							} catch (err) {
 								const message = err instanceof Error ? err.message : "client register failed";
+								const code = err instanceof ClientOrgMismatchError ? err.code : void 0;
 								socket.send(JSON.stringify({
 									type: "client:register:rejected",
-									message
+									message,
+									...code ? { code } : {}
 								}));
 								socket.close(4403, "client register rejected");
 								return;
@@ -11806,6 +12732,65 @@ async function contextTreeInfoRoutes(app) {
 		};
 	});
 }
+/**
+* Resolve the client IP for rate-limit attribution.
+*
+* Headers like `x-forwarded-for` are client-controllable, so we only trust
+* them when the operator explicitly opts in via `HEARBACK_TRUST_PROXY_HEADERS=true`.
+* Otherwise fall back to Fastify's `req.ip` (socket-level) — degrades to one
+* bucket per upstream proxy, which is correct when no proxy metadata is
+* trustworthy.
+*/
+function resolveClientIp(req, trustProxyHeaders) {
+	if (trustProxyHeaders) {
+		const xff = req.headers["x-forwarded-for"];
+		const first = Array.isArray(xff) ? xff[0] : typeof xff === "string" ? xff.split(",")[0] : void 0;
+		if (first && first.trim().length > 0) return first.trim();
+	}
+	return req.ip ?? "";
+}
+/**
+* Mount the hearback-server handler onto Fastify. Register with
+* `{ prefix: "/feedback" }` so the widget's default `data-endpoint="/feedback"`
+* resolves to `/feedback/chat`, `/feedback/submit`, `/feedback/upload`, etc.
+*
+* We don't use hearback's prebuilt `feedbackPlugin` because it expects the
+* `fastify-raw-body` plugin. This adapter uses `addContentTypeParser` with
+* `parseAs: "buffer"` on an encapsulated child instance so upload bytes reach
+* the handler as a Buffer without pulling in another dependency.
+*/
+async function feedbackRoutes(app, config) {
+	const { trustProxyHeaders, ...handlerConfig } = config;
+	const handler = createFeedbackHandler(handlerConfig);
+	app.addContentTypeParser(/^image\//, { parseAs: "buffer" }, (_req, body, done) => {
+		done(null, body);
+	});
+	app.all("/*", async (req, reply) => {
+		const path = req.url.replace(/^.*\/feedback/, "").split("?")[0] || "/";
+		const ip = resolveClientIp(req, trustProxyHeaders);
+		const headers = {};
+		for (const [k, v] of Object.entries(req.headers)) headers[k] = Array.isArray(v) ? v[0] : v;
+		const isUpload = path.replace(/\/$/, "").endsWith("/upload");
+		const rawBody = isUpload && Buffer.isBuffer(req.body) ? req.body : void 0;
+		const result = await handler.handle({
+			method: req.method,
+			path,
+			body: isUpload ? {} : req.body,
+			ip,
+			headers,
+			rawBody
+		});
+		reply.status(result.status).headers(result.headers);
+		if (result.body && typeof result.body === "object" && Symbol.asyncIterator in result.body) {
+			const stream = result.body;
+			for await (const chunk of stream) reply.raw.write(chunk);
+			reply.raw.end();
+			return;
+		}
+		if (result.body === null) reply.send();
+		else reply.send(result.body);
+	});
+}
 async function healthRoutes(app) {
 	app.get("/health", async () => {
 		try {
@@ -13868,6 +14853,21 @@ async function buildApp(config) {
 		await api.register(clientWsRoutes(notifier, config.instanceId), { prefix: "/agent/ws" });
 		await api.register(adminWsRoutes(notifier, config.secrets.jwtSecret), { prefix: "/ws" });
 	}, { prefix: "/api/v1" });
+	if (config.feedback) {
+		const feedbackConfig = config.feedback;
+		await app.register(async (scope) => {
+			await scope.register(feedbackRoutes, {
+				repo: feedbackConfig.repo,
+				githubToken: feedbackConfig.githubToken,
+				llm: feedbackConfig.llm ? {
+					apiKey: feedbackConfig.llm.apiKey,
+					baseUrl: feedbackConfig.llm.baseUrl,
+					model: feedbackConfig.llm.model
+				} : void 0,
+				trustProxyHeaders: feedbackConfig.trustProxyHeaders
+			});
+		}, { prefix: "/feedback" });
+	}
 	const webDistPath = config.webDistPath;
 	if (webDistPath) {
 		const webRoot = resolve(webDistPath);
@@ -14426,4 +15426,4 @@ function createExecuteUpdate({ managed }) {
 	};
 }
 //#endregion
-export { checkServerHealth as A, resolveReplyToFromEnv as B, runMigrations as C, checkDocker as D, checkDatabase as E, isDockerAvailable as F, FirstTreeHubSDK as G, print as H, stopPostgres as I, cleanWorkspaces as J, SdkError as K, ClientRuntime as L, checkWebSocket as M, printResults as N, checkNodeVersion as O, ensurePostgres as P, createOwner as R, uninstallClientService as S, checkClientConfig as T, setJsonMode as U, blank as V, status as W, configureClientLoggerForService as X, applyClientLoggerConfig as Y, runHomeMigration as _, showServiceLogs as a, isServiceSupported as b, COMMAND_VERSION as c, promptMissingFields as d, formatCheckReport as f, saveOnboardState as g, onboardCreate as h, parseDuration as i, checkServerReachable as j, checkServerConfig as k, isInteractive as l, onboardCheck as m, declineUpdate as n, validateLevel as o, loadOnboardState as p, SessionRegistry as q, promptUpdate as r, startServer as s, createExecuteUpdate as t, promptAddAgent as u, getClientServiceStatus as v, checkAgentConfigs as w, resolveCliInvocation as x, installClientService as y, hasUser as z };
+export { configureClientLoggerForService as $, checkServerHealth as A, createOwner as B, runMigrations as C, checkDocker as D, checkDatabase as E, isDockerAvailable as F, setJsonMode as G, resolveReplyToFromEnv as H, stopPostgres as I, FirstTreeHubSDK as J, status as K, ClientRuntime as L, checkWebSocket as M, printResults as N, checkNodeVersion as O, ensurePostgres as P, applyClientLoggerConfig as Q, handleClientOrgMismatch as R, uninstallClientService as S, checkClientConfig as T, blank as U, hasUser as V, print as W, SessionRegistry as X, SdkError as Y, cleanWorkspaces as Z, runHomeMigration as _, showServiceLogs as a, isServiceSupported as b, COMMAND_VERSION as c, promptMissingFields as d, formatCheckReport as f, saveOnboardState as g, onboardCreate as h, parseDuration as i, checkServerReachable as j, checkServerConfig as k, isInteractive as l, onboardCheck as m, declineUpdate as n, validateLevel as o, loadOnboardState as p, ClientOrgMismatchError$1 as q, promptUpdate as r, startServer as s, createExecuteUpdate as t, promptAddAgent as u, getClientServiceStatus as v, checkAgentConfigs as w, resolveCliInvocation as x, installClientService as y, rotateClientIdWithBackup as z };