@happyvertical/smrt-chat 0.30.0

package/dist/chunks/ChatService-Dpzc1Pa5.js

@@ -0,0 +1,2044 @@
+import { field, crossPackageRef, foreignKey, smrt, SmrtObject, SmrtCollection, ObjectRegistry } from "@happyvertical/smrt-core";
+import { tenantId, TenantScoped } from "@happyvertical/smrt-tenancy";
+import { createHash } from "node:crypto";
+var __defProp$5 = Object.defineProperty;
+var __getOwnPropDesc$5 = Object.getOwnPropertyDescriptor;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp$5(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __decorateClass$5 = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$5(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$5(target, key, result);
+  return result;
+};
+var __publicField = (obj, key, value) => __defNormalProp(obj, key + "", value);
+let AgentSession = class extends SmrtObject {
+  tenantId = null;
+  agentId = "";
+  participantProfileId = "";
+  chatRoomId = null;
+  status = "active";
+  allowedTools = "[]";
+  sessionContext = "{}";
+  systemPrompt = "";
+  messageCount = 0;
+  totalTokensUsed = 0;
+  maxTokens = 0;
+  maxMessages = 0;
+  lastMessageAt = null;
+  expiresAt = null;
+  closedAt = null;
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.agentId !== void 0) this.agentId = options.agentId;
+    if (options.participantProfileId !== void 0)
+      this.participantProfileId = options.participantProfileId;
+    if (options.chatRoomId !== void 0) this.chatRoomId = options.chatRoomId;
+    if (options.status !== void 0) this.status = options.status;
+    if (options.allowedTools !== void 0)
+      this.allowedTools = options.allowedTools;
+    if (options.sessionContext !== void 0)
+      this.sessionContext = options.sessionContext;
+    if (options.systemPrompt !== void 0)
+      this.systemPrompt = options.systemPrompt;
+    if (options.messageCount !== void 0)
+      this.messageCount = options.messageCount;
+    if (options.totalTokensUsed !== void 0)
+      this.totalTokensUsed = options.totalTokensUsed;
+    if (options.maxTokens !== void 0) this.maxTokens = options.maxTokens;
+    if (options.maxMessages !== void 0)
+      this.maxMessages = options.maxMessages;
+    if (options.lastMessageAt !== void 0)
+      this.lastMessageAt = options.lastMessageAt;
+    if (options.expiresAt !== void 0) this.expiresAt = options.expiresAt;
+    if (options.closedAt !== void 0) this.closedAt = options.closedAt;
+  }
+  getAllowedTools() {
+    try {
+      const parsed = JSON.parse(this.allowedTools);
+      return Array.isArray(parsed) ? parsed.filter((t) => typeof t === "string") : [];
+    } catch {
+      return [];
+    }
+  }
+  setAllowedTools(tools) {
+    this.allowedTools = JSON.stringify(tools);
+  }
+  /**
+   * Fail-closed authorization check for an agent tool call (S5 #1392).
+   *
+   * A tool may only be invoked when it appears in this session's allow-list.
+   * If the allow-list is empty or unparseable, NO tools are permitted. This is
+   * deliberately conservative: an empty whitelist means "no tools", never
+   * "all tools".
+   */
+  isToolAllowed(toolName) {
+    if (typeof toolName !== "string" || toolName.length === 0) return false;
+    return this.getAllowedTools().includes(toolName);
+  }
+  isActive() {
+    if (this.status !== "active") return false;
+    if (this.expiresAt && /* @__PURE__ */ new Date() >= this.expiresAt) return false;
+    if (this.maxMessages > 0 && this.messageCount >= this.maxMessages)
+      return false;
+    if (this.maxTokens > 0 && this.totalTokensUsed >= this.maxTokens)
+      return false;
+    return true;
+  }
+  isExpired() {
+    return this.expiresAt !== null && /* @__PURE__ */ new Date() >= this.expiresAt;
+  }
+  async close() {
+    this.status = "closed";
+    this.closedAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+  async expire() {
+    this.status = "expired";
+    this.closedAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+  getSessionContext() {
+    try {
+      return JSON.parse(this.sessionContext);
+    } catch {
+      return {};
+    }
+  }
+  setSessionContext(ctx) {
+    this.sessionContext = JSON.stringify(ctx);
+  }
+  /**
+   * Stable identity key that scopes this session to a conversation subject
+   * (S5 #1392). Returns `null` when the session is not subject-scoped. Used by
+   * the reuse lookup so a session opened for one subject is never reused for a
+   * request about a different subject.
+   */
+  getSessionKey() {
+    const value = this.getSessionContext()[AgentSession.SESSION_KEY_CONTEXT_FIELD];
+    return typeof value === "string" && value.length > 0 ? value : null;
+  }
+  async updateSessionContext(updates) {
+    const current = this.getSessionContext();
+    this.sessionContext = JSON.stringify({ ...current, ...updates });
+    await this.save();
+  }
+  async recordMessage(tokensUsed = 0) {
+    this.messageCount++;
+    this.totalTokensUsed += tokensUsed;
+    this.lastMessageAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+};
+__publicField(AgentSession, "SESSION_KEY_CONTEXT_FIELD", "__sessionKey");
+__decorateClass$5([
+  tenantId({ nullable: true })
+], AgentSession.prototype, "tenantId", 2);
+__decorateClass$5([
+  field({ required: true })
+], AgentSession.prototype, "agentId", 2);
+__decorateClass$5([
+  crossPackageRef("@happyvertical/smrt-profiles:Profile", { required: true })
+], AgentSession.prototype, "participantProfileId", 2);
+__decorateClass$5([
+  foreignKey("ChatRoom")
+], AgentSession.prototype, "chatRoomId", 2);
+__decorateClass$5([
+  field({ required: true })
+], AgentSession.prototype, "status", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "allowedTools", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "sessionContext", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "systemPrompt", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "messageCount", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "totalTokensUsed", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "maxTokens", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "maxMessages", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "lastMessageAt", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "expiresAt", 2);
+__decorateClass$5([
+  field()
+], AgentSession.prototype, "closedAt", 2);
+AgentSession = __decorateClass$5([
+  TenantScoped({ mode: "optional" }),
+  smrt({
+    tableName: "agent_sessions",
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], AgentSession);
+var __defProp$4 = Object.defineProperty;
+var __getOwnPropDesc$4 = Object.getOwnPropertyDescriptor;
+var __decorateClass$4 = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$4(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$4(target, key, result);
+  return result;
+};
+let ChatMessage = class extends SmrtObject {
+  tenantId = "";
+  roomId = "";
+  threadId = null;
+  senderProfileId = "";
+  agentSessionId = null;
+  content = "";
+  messageType = "text";
+  role = "user";
+  isEdited = false;
+  editedAt = null;
+  isDeleted = false;
+  replyToMessageId = null;
+  metadata = "{}";
+  toolCallData = null;
+  attachments = "[]";
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.roomId !== void 0) this.roomId = options.roomId;
+    if (options.threadId !== void 0) this.threadId = options.threadId;
+    if (options.senderProfileId !== void 0)
+      this.senderProfileId = options.senderProfileId;
+    if (options.agentSessionId !== void 0)
+      this.agentSessionId = options.agentSessionId;
+    if (options.content !== void 0) this.content = options.content;
+    if (options.messageType !== void 0)
+      this.messageType = options.messageType;
+    if (options.role !== void 0) this.role = options.role;
+    if (options.isEdited !== void 0) this.isEdited = options.isEdited;
+    if (options.editedAt !== void 0) this.editedAt = options.editedAt;
+    if (options.isDeleted !== void 0) this.isDeleted = options.isDeleted;
+    if (options.replyToMessageId !== void 0)
+      this.replyToMessageId = options.replyToMessageId;
+    if (options.metadata !== void 0)
+      this.metadata = typeof options.metadata === "string" ? options.metadata : JSON.stringify(options.metadata);
+    if (options.toolCallData !== void 0)
+      this.toolCallData = options.toolCallData === null ? null : typeof options.toolCallData === "string" ? options.toolCallData : JSON.stringify(options.toolCallData);
+    if (options.attachments !== void 0)
+      this.attachments = options.attachments;
+  }
+  getAttachments() {
+    try {
+      return JSON.parse(this.attachments);
+    } catch {
+      return [];
+    }
+  }
+  setAttachments(items) {
+    this.attachments = JSON.stringify(items);
+  }
+  getMetadata() {
+    try {
+      return JSON.parse(this.metadata);
+    } catch {
+      return {};
+    }
+  }
+  setMetadata(data) {
+    this.metadata = JSON.stringify(data);
+  }
+  getToolCallData() {
+    if (!this.toolCallData) return null;
+    try {
+      return JSON.parse(this.toolCallData);
+    } catch {
+      return null;
+    }
+  }
+  setToolCallData(data) {
+    this.toolCallData = data ? JSON.stringify(data) : null;
+  }
+  hasAttachments() {
+    return this.getAttachments().length > 0;
+  }
+  isToolCall() {
+    return this.messageType === "tool_call";
+  }
+  isToolResult() {
+    return this.messageType === "tool_result";
+  }
+  isFromAgent() {
+    return this.role === "assistant";
+  }
+  isSystemMessage() {
+    return this.role === "system";
+  }
+  async edit(newContent) {
+    this.content = newContent;
+    this.isEdited = true;
+    this.editedAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+  async softDelete() {
+    this.isDeleted = true;
+    this.content = "";
+    await this.save();
+  }
+  getPreview(maxLength = 100) {
+    if (this.isDeleted) return "(deleted)";
+    const text = this.content || "";
+    if (text.length <= maxLength) return text;
+    return `${text.slice(0, maxLength)}...`;
+  }
+};
+__decorateClass$4([
+  tenantId()
+], ChatMessage.prototype, "tenantId", 2);
+__decorateClass$4([
+  foreignKey("ChatRoom", { required: true })
+], ChatMessage.prototype, "roomId", 2);
+__decorateClass$4([
+  foreignKey("ChatThread")
+], ChatMessage.prototype, "threadId", 2);
+__decorateClass$4([
+  crossPackageRef("@happyvertical/smrt-profiles:Profile", { required: true })
+], ChatMessage.prototype, "senderProfileId", 2);
+__decorateClass$4([
+  foreignKey("AgentSession")
+], ChatMessage.prototype, "agentSessionId", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "content", 2);
+__decorateClass$4([
+  field({ required: true })
+], ChatMessage.prototype, "messageType", 2);
+__decorateClass$4([
+  field({ required: true })
+], ChatMessage.prototype, "role", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "isEdited", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "editedAt", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "isDeleted", 2);
+__decorateClass$4([
+  foreignKey("ChatMessage")
+], ChatMessage.prototype, "replyToMessageId", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "metadata", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "toolCallData", 2);
+__decorateClass$4([
+  field()
+], ChatMessage.prototype, "attachments", 2);
+ChatMessage = __decorateClass$4([
+  TenantScoped({ mode: "required" }),
+  smrt({
+    tableName: "chat_messages",
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], ChatMessage);
+var __defProp$3 = Object.defineProperty;
+var __getOwnPropDesc$3 = Object.getOwnPropertyDescriptor;
+var __decorateClass$3 = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$3(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$3(target, key, result);
+  return result;
+};
+let ChatParticipant = class extends SmrtObject {
+  tenantId = "";
+  roomId = "";
+  profileId = "";
+  role = "member";
+  status = "active";
+  onlineStatus = "offline";
+  lastReadMessageId = null;
+  lastSeenAt = null;
+  joinedAt = null;
+  nickname = "";
+  isMuted = false;
+  isPinned = false;
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.roomId !== void 0) this.roomId = options.roomId;
+    if (options.profileId !== void 0) this.profileId = options.profileId;
+    if (options.role !== void 0) this.role = options.role;
+    if (options.status !== void 0) this.status = options.status;
+    if (options.onlineStatus !== void 0)
+      this.onlineStatus = options.onlineStatus;
+    if (options.lastReadMessageId !== void 0)
+      this.lastReadMessageId = options.lastReadMessageId;
+    if (options.lastSeenAt !== void 0) this.lastSeenAt = options.lastSeenAt;
+    if (options.joinedAt !== void 0) this.joinedAt = options.joinedAt;
+    if (options.nickname !== void 0) this.nickname = options.nickname;
+    if (options.isMuted !== void 0) this.isMuted = options.isMuted;
+    if (options.isPinned !== void 0) this.isPinned = options.isPinned;
+  }
+  isActive() {
+    return this.status === "active";
+  }
+  isOwner() {
+    return this.role === "owner";
+  }
+  isAdmin() {
+    return this.role === "admin" || this.role === "owner";
+  }
+  async markRead(messageId) {
+    this.lastReadMessageId = messageId;
+    this.lastSeenAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+  async leave() {
+    this.status = "left";
+    await this.save();
+  }
+  async setOnline(status) {
+    this.onlineStatus = status;
+    this.lastSeenAt = /* @__PURE__ */ new Date();
+    await this.save();
+  }
+};
+__decorateClass$3([
+  tenantId()
+], ChatParticipant.prototype, "tenantId", 2);
+__decorateClass$3([
+  foreignKey("ChatRoom", { required: true })
+], ChatParticipant.prototype, "roomId", 2);
+__decorateClass$3([
+  crossPackageRef("@happyvertical/smrt-profiles:Profile", { required: true })
+], ChatParticipant.prototype, "profileId", 2);
+__decorateClass$3([
+  field({ required: true })
+], ChatParticipant.prototype, "role", 2);
+__decorateClass$3([
+  field({ required: true })
+], ChatParticipant.prototype, "status", 2);
+__decorateClass$3([
+  field({ required: true })
+], ChatParticipant.prototype, "onlineStatus", 2);
+__decorateClass$3([
+  foreignKey("ChatMessage")
+], ChatParticipant.prototype, "lastReadMessageId", 2);
+__decorateClass$3([
+  field()
+], ChatParticipant.prototype, "lastSeenAt", 2);
+__decorateClass$3([
+  field()
+], ChatParticipant.prototype, "joinedAt", 2);
+__decorateClass$3([
+  field()
+], ChatParticipant.prototype, "nickname", 2);
+__decorateClass$3([
+  field()
+], ChatParticipant.prototype, "isMuted", 2);
+__decorateClass$3([
+  field()
+], ChatParticipant.prototype, "isPinned", 2);
+ChatParticipant = __decorateClass$3([
+  TenantScoped({ mode: "required" }),
+  smrt({
+    tableName: "chat_participants",
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], ChatParticipant);
+var __defProp$2 = Object.defineProperty;
+var __getOwnPropDesc$2 = Object.getOwnPropertyDescriptor;
+var __decorateClass$2 = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$2(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$2(target, key, result);
+  return result;
+};
+let ChatReaction = class extends SmrtObject {
+  tenantId = "";
+  messageId = "";
+  profileId = "";
+  emoji = "";
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.messageId !== void 0) this.messageId = options.messageId;
+    if (options.profileId !== void 0) this.profileId = options.profileId;
+    if (options.emoji !== void 0) this.emoji = options.emoji;
+  }
+};
+__decorateClass$2([
+  tenantId()
+], ChatReaction.prototype, "tenantId", 2);
+__decorateClass$2([
+  foreignKey("ChatMessage", { required: true })
+], ChatReaction.prototype, "messageId", 2);
+__decorateClass$2([
+  crossPackageRef("@happyvertical/smrt-profiles:Profile", { required: true })
+], ChatReaction.prototype, "profileId", 2);
+__decorateClass$2([
+  field({ required: true })
+], ChatReaction.prototype, "emoji", 2);
+ChatReaction = __decorateClass$2([
+  TenantScoped({ mode: "required" }),
+  smrt({
+    tableName: "chat_reactions",
+    api: { include: ["list"] },
+    mcp: { include: ["list"] },
+    cli: false
+  })
+], ChatReaction);
+var __defProp$1 = Object.defineProperty;
+var __getOwnPropDesc$1 = Object.getOwnPropertyDescriptor;
+var __decorateClass$1 = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$1(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$1(target, key, result);
+  return result;
+};
+let ChatRoom = class extends SmrtObject {
+  tenantId = "";
+  name = "";
+  description = "";
+  roomType = "public";
+  status = "active";
+  topic = "";
+  avatarUrl = "";
+  isArchived = false;
+  maxParticipants = 0;
+  metadata = "{}";
+  createdByProfileId = "";
+  lastMessageAt = null;
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.name !== void 0) this.name = options.name;
+    if (options.description !== void 0)
+      this.description = options.description;
+    if (options.roomType !== void 0) this.roomType = options.roomType;
+    if (options.status !== void 0) this.status = options.status;
+    if (options.topic !== void 0) this.topic = options.topic;
+    if (options.avatarUrl !== void 0) this.avatarUrl = options.avatarUrl;
+    if (options.isArchived !== void 0) this.isArchived = options.isArchived;
+    if (options.maxParticipants !== void 0)
+      this.maxParticipants = options.maxParticipants;
+    if (options.metadata !== void 0)
+      this.metadata = typeof options.metadata === "string" ? options.metadata : JSON.stringify(options.metadata);
+    if (options.createdByProfileId !== void 0)
+      this.createdByProfileId = options.createdByProfileId;
+    if (options.lastMessageAt !== void 0)
+      this.lastMessageAt = options.lastMessageAt;
+  }
+  getMetadata() {
+    try {
+      return JSON.parse(this.metadata);
+    } catch {
+      return {};
+    }
+  }
+  setMetadata(data) {
+    this.metadata = JSON.stringify(data);
+  }
+  updateMetadata(updates) {
+    const current = this.getMetadata();
+    this.metadata = JSON.stringify({ ...current, ...updates });
+  }
+  isDM() {
+    return this.roomType === "dm";
+  }
+  isAgentRoom() {
+    return this.roomType === "agent";
+  }
+  isPublic() {
+    return this.roomType === "public";
+  }
+  isActive() {
+    return this.status === "active";
+  }
+  async archive() {
+    this.isArchived = true;
+    this.status = "archived";
+    await this.save();
+  }
+  async unarchive() {
+    this.isArchived = false;
+    this.status = "active";
+    await this.save();
+  }
+};
+__decorateClass$1([
+  tenantId()
+], ChatRoom.prototype, "tenantId", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "name", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "description", 2);
+__decorateClass$1([
+  field({ required: true })
+], ChatRoom.prototype, "roomType", 2);
+__decorateClass$1([
+  field({ required: true })
+], ChatRoom.prototype, "status", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "topic", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "avatarUrl", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "isArchived", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "maxParticipants", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "metadata", 2);
+__decorateClass$1([
+  crossPackageRef("@happyvertical/smrt-profiles:Profile")
+], ChatRoom.prototype, "createdByProfileId", 2);
+__decorateClass$1([
+  field()
+], ChatRoom.prototype, "lastMessageAt", 2);
+ChatRoom = __decorateClass$1([
+  TenantScoped({ mode: "required" }),
+  smrt({
+    tableName: "chat_rooms",
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], ChatRoom);
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+let ChatThread = class extends SmrtObject {
+  tenantId = "";
+  roomId = "";
+  rootMessageId = null;
+  title = "";
+  isResolved = false;
+  messageCount = 0;
+  lastMessageAt = null;
+  participantCount = 0;
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.roomId !== void 0) this.roomId = options.roomId;
+    if (options.rootMessageId !== void 0)
+      this.rootMessageId = options.rootMessageId;
+    if (options.title !== void 0) this.title = options.title;
+    if (options.isResolved !== void 0) this.isResolved = options.isResolved;
+    if (options.messageCount !== void 0)
+      this.messageCount = options.messageCount;
+    if (options.lastMessageAt !== void 0)
+      this.lastMessageAt = options.lastMessageAt;
+    if (options.participantCount !== void 0)
+      this.participantCount = options.participantCount;
+  }
+  async resolve() {
+    this.isResolved = true;
+    await this.save();
+  }
+  async reopen() {
+    this.isResolved = false;
+    await this.save();
+  }
+};
+__decorateClass([
+  tenantId()
+], ChatThread.prototype, "tenantId", 2);
+__decorateClass([
+  foreignKey("ChatRoom", { required: true })
+], ChatThread.prototype, "roomId", 2);
+__decorateClass([
+  foreignKey("ChatMessage", { nullable: true })
+], ChatThread.prototype, "rootMessageId", 2);
+__decorateClass([
+  field()
+], ChatThread.prototype, "title", 2);
+__decorateClass([
+  field()
+], ChatThread.prototype, "isResolved", 2);
+__decorateClass([
+  field()
+], ChatThread.prototype, "messageCount", 2);
+__decorateClass([
+  field()
+], ChatThread.prototype, "lastMessageAt", 2);
+__decorateClass([
+  field()
+], ChatThread.prototype, "participantCount", 2);
+ChatThread = __decorateClass([
+  TenantScoped({ mode: "required" }),
+  smrt({
+    tableName: "chat_threads",
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], ChatThread);
+class AgentSessionCollection extends SmrtCollection {
+  static _itemClass = AgentSession;
+  async findActiveByParticipant(participantProfileId) {
+    const sessions = await this.list({
+      where: { participantProfileId, status: "active" }
+    });
+    return sessions.filter((s) => s.isActive());
+  }
+  /**
+   * Resolve the active agent session for an (agent, participant) pair within a
+   * tenant (S5 #1392).
+   *
+   * `tenantId` is REQUIRED and always bound into the WHERE clause — including the
+   * `null` (untenanted) case — so the lookup can never silently drop its tenant
+   * predicate and resolve a session from another tenant. AgentSession uses
+   * optional tenancy, so `null` is a legitimate, explicitly-bound scope rather
+   * than "any tenant".
+   *
+   * When `sessionKey` is supplied the result is additionally narrowed to the
+   * session whose stored {@link AgentSession.getSessionKey} matches EXACTLY
+   * (S5 #1392). This binds session identity to a conversation subject (e.g. a
+   * content id) so a session opened for one subject is never reused for another;
+   * `sessionContext` is a JSON blob so the discriminator is matched in memory
+   * after the tenant-bound SQL filter.
+   */
+  async findActiveSession(agentId, participantProfileId, tenantId2, sessionKey) {
+    const where = {
+      agentId,
+      participantProfileId,
+      status: "active",
+      tenantId: tenantId2
+    };
+    const sessions = await this.list({ where });
+    const active = sessions.find(
+      (s) => s.isActive() && (sessionKey === void 0 || s.getSessionKey() === (sessionKey ?? null))
+    );
+    return active ?? null;
+  }
+  async findOrCreate(params) {
+    const existing = await this.findActiveSession(
+      params.agentId,
+      params.participantProfileId,
+      params.tenantId,
+      params.sessionKey
+    );
+    if (existing) return existing;
+    const sessionContext = params.sessionKey != null ? JSON.stringify({
+      [AgentSession.SESSION_KEY_CONTEXT_FIELD]: params.sessionKey
+    }) : void 0;
+    const session = await this.create({
+      agentId: params.agentId,
+      participantProfileId: params.participantProfileId,
+      tenantId: params.tenantId ?? null,
+      allowedTools: JSON.stringify(params.allowedTools ?? []),
+      chatRoomId: params.chatRoomId ?? null,
+      systemPrompt: params.systemPrompt ?? "",
+      status: "active",
+      ...sessionContext !== void 0 ? { sessionContext } : {}
+    });
+    return session;
+  }
+  async findByAgent(agentId) {
+    return this.list({ where: { agentId } });
+  }
+  /**
+   * Expire active sessions whose last activity predates `olderThan`.
+   *
+   * Caller-scoping (S5 #1392): pass `scope` to restrict the sweep to a single
+   * tenant and/or agent. Without a scope this expires stale sessions across the
+   * whole (tenant-filtered) collection — only safe for trusted maintenance
+   * callers, never for a per-tenant request handler.
+   *
+   * The candidate set is narrowed in SQL (status + activity timestamp) rather
+   * than loading every active session into memory and filtering in JS
+   * (DoS hardening). `lastMessageAt < olderThan` is applied server-side; rows
+   * that never recorded a message fall back to `created_at`.
+   */
+  async expireStale(olderThan, scope) {
+    const baseWhere = { status: "active" };
+    if (scope?.tenantId !== void 0) baseWhere.tenantId = scope.tenantId;
+    if (scope?.agentId !== void 0) baseWhere.agentId = scope.agentId;
+    const byLastMessage = await this.list({
+      where: { ...baseWhere, "lastMessageAt <": olderThan }
+    });
+    const neverMessaged = await this.list({
+      where: { ...baseWhere, lastMessageAt: null, "created_at <": olderThan }
+    });
+    const seen = /* @__PURE__ */ new Set();
+    let expired = 0;
+    for (const session of [...byLastMessage, ...neverMessaged]) {
+      const id = session.id;
+      if (!id || seen.has(id)) continue;
+      seen.add(id);
+      await session.expire();
+      expired++;
+    }
+    return expired;
+  }
+}
+class ChatMessageCollection extends SmrtCollection {
+  static _itemClass = ChatMessage;
+  /**
+   * Get messages for a room (newest first), excluding threads and deleted.
+   *
+   * Filtering, ordering and pagination are pushed into SQL rather than loading
+   * the full room history into memory (S5 #1392, DoS hardening). Thread replies
+   * are excluded via `threadId IS NULL` (the WHERE API maps a `null` value to
+   * `IS NULL`).
+   *
+   * `tenantId` is REQUIRED and bound into BOTH the message window AND the cursor
+   * lookup (S5 #1392): room ids are not globally unique, so a roomId-only read
+   * could surface another tenant's messages for a same-id room. The caller's
+   * membership gate is tenant-scoped, so the read MUST be too.
+   */
+  async getByRoom(roomId, tenantId2, options) {
+    const where = {
+      roomId,
+      tenantId: tenantId2,
+      isDeleted: false,
+      threadId: null
+    };
+    if (options?.before) {
+      const cursorMsg = await this.get({
+        id: options.before,
+        roomId,
+        tenantId: tenantId2,
+        isDeleted: false,
+        threadId: null
+      });
+      if (cursorMsg?.created_at) {
+        where["created_at <"] = cursorMsg.created_at;
+      }
+    }
+    return this.list({
+      where,
+      orderBy: "created_at DESC",
+      limit: options?.limit
+    });
+  }
+  /**
+   * Get messages in a thread, tenant-bound (S5 #1392).
+   *
+   * `tenantId` is bound into the query so a thread id from another tenant can
+   * never surface that tenant's thread history.
+   */
+  async getByThread(threadId, tenantId2) {
+    return this.list({ where: { threadId, tenantId: tenantId2, isDeleted: false } });
+  }
+  /**
+   * Get messages for an agent session, tenant-bound (S5 #1392).
+   *
+   * `tenantId` is bound into the query so a session id from another tenant can
+   * never surface that tenant's session messages.
+   */
+  async getByAgentSession(agentSessionId, tenantId2) {
+    return this.list({ where: { agentSessionId, tenantId: tenantId2, isDeleted: false } });
+  }
+  /**
+   * Search messages with filters.
+   *
+   * All structural filters (tenant/room/thread/sender/type/role/date/text) are
+   * pushed into SQL instead of loading the full message set and filtering in JS
+   * (S5 #1392, DoS hardening). `tenantId` is REQUIRED and always bound so the
+   * search can never cross a tenant boundary.
+   *
+   * `hasAttachments` is derived from the stored `attachments` JSON column and is
+   * pushed into SQL as a `!=`/`=` pre-filter against the empty-array sentinel
+   * (`'[]'`, the column default) so the `LIMIT` applies to the ALREADY-FILTERED
+   * set, not the raw window (S5 #1392). Previously the limit truncated the
+   * newest-N window first and the JS filter ran afterwards, so a room whose
+   * newest messages lacked attachments could return fewer (or zero)
+   * attachment-bearing rows than existed. A precise JS pass on
+   * `hasAttachments()` still runs to reject any malformed/empty column value the
+   * coarse SQL sentinel can't distinguish, and the requested `limit` is enforced
+   * on the filtered result.
+   */
+  async search(filters) {
+    const where = {
+      tenantId: filters.tenantId,
+      isDeleted: false
+    };
+    if (filters.roomId) where.roomId = filters.roomId;
+    if (filters.threadId) where.threadId = filters.threadId;
+    if (filters.senderProfileId)
+      where.senderProfileId = filters.senderProfileId;
+    if (filters.messageType) where.messageType = filters.messageType;
+    if (filters.role) where.role = filters.role;
+    if (filters.query) where["content like"] = `%${filters.query}%`;
+    if (filters.sinceDate) where["created_at >="] = filters.sinceDate;
+    if (filters.beforeDate) where["created_at <"] = filters.beforeDate;
+    const limit = filters.limit ?? 100;
+    if (filters.hasAttachments === true) {
+      where["attachments !="] = "[]";
+    } else if (filters.hasAttachments === false) {
+      where.attachments = "[]";
+    }
+    const messages = await this.list({
+      where,
+      orderBy: "created_at DESC",
+      limit
+    });
+    if (filters.hasAttachments !== void 0) {
+      return messages.filter((m) => m.hasAttachments() === filters.hasAttachments).slice(0, limit);
+    }
+    return messages;
+  }
+  /**
+   * Get unread count for a participant in a room (excludes thread replies).
+   *
+   * Counting is pushed into SQL via `count()` rather than loading the whole
+   * room history into memory (S5 #1392, DoS hardening). `tenantId` is REQUIRED
+   * and bound into both the count and the read-cursor lookup so the count can
+   * never include another tenant's messages for a same-id room.
+   */
+  async getUnreadCount(roomId, tenantId2, lastReadMessageId) {
+    const base = { roomId, tenantId: tenantId2, isDeleted: false, threadId: null };
+    if (!lastReadMessageId) return this.count({ where: base });
+    const lastReadMsg = await this.get({
+      id: lastReadMessageId,
+      roomId,
+      tenantId: tenantId2,
+      isDeleted: false,
+      threadId: null
+    });
+    if (!lastReadMsg?.created_at) return this.count({ where: base });
+    return this.count({
+      where: { ...base, "created_at >": lastReadMsg.created_at }
+    });
+  }
+  /**
+   * Get most recent root message for each room (for room list preview).
+   *
+   * Each room is fetched with `orderBy created_at DESC, limit 1` so we never
+   * load the full per-room history into memory (S5 #1392, DoS hardening).
+   * `tenantId` is REQUIRED and bound into each per-room read so a same-id room
+   * from another tenant can never leak a preview message.
+   */
+  async getLatestPerRoom(roomIds, tenantId2) {
+    const result = /* @__PURE__ */ new Map();
+    for (const roomId of roomIds) {
+      const latest = await this.list({
+        where: { roomId, tenantId: tenantId2, isDeleted: false, threadId: null },
+        orderBy: "created_at DESC",
+        limit: 1
+      });
+      if (latest.length > 0) {
+        result.set(roomId, latest[0]);
+      }
+    }
+    return result;
+  }
+}
+class ChatParticipantCollection extends SmrtCollection {
+  static _itemClass = ChatParticipant;
+  async getByRoom(roomId) {
+    return this.list({ where: { roomId, status: "active" } });
+  }
+  async getByProfile(profileId) {
+    return this.list({ where: { profileId, status: "active" } });
+  }
+  async findMembership(roomId, profileId, tenantId2) {
+    const where = { roomId, profileId };
+    if (tenantId2 !== void 0) where.tenantId = tenantId2;
+    const results = await this.list({ where });
+    return results[0] ?? null;
+  }
+  /**
+   * Returns the participant row only if the profile is an ACTIVE member of the
+   * room (not left/kicked/banned). Used by ChatService to gate sends and reads
+   * on room membership (S5 #1392, IDOR hardening).
+   *
+   * `tenantId` is REQUIRED and always bound into the WHERE clause so a membership
+   * lookup can never resolve a row belonging to another tenant, even when no ALS
+   * tenant context is active to drive the tenancy interceptor (defense in depth).
+   * Making it a required parameter (rather than optional) closes the hole where a
+   * caller could omit it and silently drop the tenant predicate from the query.
+   */
+  async findActiveMembership(roomId, profileId, tenantId2) {
+    const where = {
+      roomId,
+      profileId,
+      status: "active",
+      tenantId: tenantId2
+    };
+    const results = await this.list({ where, limit: 1 });
+    return results[0] ?? null;
+  }
+  /** True when the profile is an active member of the room (tenant-bound). */
+  async isActiveMember(roomId, profileId, tenantId2) {
+    return await this.findActiveMembership(roomId, profileId, tenantId2) !== null;
+  }
+  async getOnlineInRoom(roomId) {
+    const participants = await this.list({
+      where: { roomId, status: "active" }
+    });
+    return participants.filter((p) => p.onlineStatus !== "offline");
+  }
+  async getAdminsInRoom(roomId) {
+    const participants = await this.list({
+      where: { roomId, status: "active" }
+    });
+    return participants.filter((p) => p.isAdmin());
+  }
+  async countInRoom(roomId) {
+    const participants = await this.list({
+      where: { roomId, status: "active" }
+    });
+    return participants.length;
+  }
+}
+class ChatReactionCollection extends SmrtCollection {
+  static _itemClass = ChatReaction;
+  async getByMessage(messageId) {
+    return this.list({ where: { messageId } });
+  }
+  /** Get reaction counts grouped by emoji for a message */
+  async getReactionCounts(messageId) {
+    const reactions = await this.list({ where: { messageId } });
+    const counts = /* @__PURE__ */ new Map();
+    for (const reaction of reactions) {
+      const existing = counts.get(reaction.emoji);
+      if (existing) {
+        existing.count++;
+        existing.profileIds.push(reaction.profileId);
+      } else {
+        counts.set(reaction.emoji, {
+          count: 1,
+          profileIds: [reaction.profileId]
+        });
+      }
+    }
+    return counts;
+  }
+  /**
+   * Toggle a reaction: add if not present, remove if already reacted.
+   *
+   * `tenantId` is bound into the existence lookup (S5 #1392) so the toggle can
+   * never match or delete a reaction row belonging to another tenant. Prefer the
+   * membership-checked {@link ChatService.addReaction}/{@link ChatService.removeReaction}
+   * for request-driven flows; this low-level helper performs no membership check.
+   */
+  async toggle(messageId, profileId, emoji, tenantId2) {
+    const existing = await this.list({
+      where: { messageId, profileId, emoji, tenantId: tenantId2 }
+    });
+    if (existing.length > 0) {
+      await existing[0].delete();
+      return { added: false };
+    }
+    await this.create({
+      tenantId: tenantId2,
+      messageId,
+      profileId,
+      emoji
+    });
+    return { added: true };
+  }
+}
+function canonicalDmRoomId(tenantId2, profileId1, profileId2) {
+  const [a, b] = [profileId1, profileId2].sort();
+  const key = `dm ${tenantId2} ${a} ${b}`;
+  const hash = createHash("sha1").update(key).digest("hex");
+  return [
+    hash.slice(0, 8),
+    hash.slice(8, 12),
+    `5${hash.slice(13, 16)}`,
+    (Number.parseInt(hash.slice(16, 18), 16) & 63 | 128).toString(16).padStart(2, "0") + hash.slice(18, 20),
+    hash.slice(20, 32)
+  ].join("-");
+}
+class ChatRoomCollection extends SmrtCollection {
+  static _itemClass = ChatRoom;
+  async findByType(roomType) {
+    return this.list({ where: { roomType, status: "active" } });
+  }
+  async findPublic() {
+    return this.list({ where: { roomType: "public", status: "active" } });
+  }
+  async findDMs() {
+    return this.list({ where: { roomType: "dm", status: "active" } });
+  }
+  async findAgentRooms() {
+    return this.list({ where: { roomType: "agent", status: "active" } });
+  }
+  /**
+   * Search rooms by name/description/topic.
+   *
+   * Filtering and limiting are pushed into SQL via `LIKE` instead of loading
+   * the entire tenant room set and filtering in JS (S5 #1392, DoS hardening).
+   * The WHERE API does not support OR, so we issue one bounded query per
+   * searchable column and merge the results, capping the total returned.
+   */
+  async search(query, options) {
+    const limit = options?.limit ?? 50;
+    const like = `%${query}%`;
+    const columns = ["name", "description", "topic"];
+    const merged = /* @__PURE__ */ new Map();
+    for (const column of columns) {
+      const matches = await this.list({
+        where: { status: "active", [`${column} like`]: like },
+        orderBy: "created_at DESC",
+        limit
+      });
+      for (const room of matches) {
+        if (room.id) merged.set(room.id, room);
+      }
+      if (merged.size >= limit) break;
+    }
+    return Array.from(merged.values()).slice(0, limit);
+  }
+  /**
+   * Find an existing 1:1 DM room between two profiles, or create one.
+   *
+   * DM identity is derived from the authoritative `chat_participants` join
+   * (server-controlled) rather than client-mutable room metadata (S5 #1392).
+   * Callers are responsible for attaching both profiles as participants after
+   * creation; {@link ChatService.getOrCreateDM} does this.
+   */
+  async findOrCreateDM(profileId1, profileId2, tenantId2, participants) {
+    const dmId = canonicalDmRoomId(tenantId2, profileId1, profileId2);
+    const canonical = await this.get({ id: dmId, tenantId: tenantId2 });
+    if (canonical && canonical.roomType === "dm") {
+      return canonical;
+    }
+    const memberships1 = await participants.list({
+      where: { profileId: profileId1, status: "active", tenantId: tenantId2 }
+    });
+    const candidateRoomIds = memberships1.map((m) => m.roomId);
+    for (const roomId of candidateRoomIds) {
+      const dm = await this.get({ id: roomId, tenantId: tenantId2 });
+      if (!dm || dm.roomType !== "dm" || dm.status !== "active") continue;
+      const others = await participants.list({
+        where: { roomId, profileId: profileId2, status: "active", tenantId: tenantId2 }
+      });
+      if (others.length > 0) {
+        return dm;
+      }
+    }
+    const room = await this.create({
+      id: dmId,
+      tenantId: tenantId2,
+      name: "",
+      roomType: "dm",
+      status: "active",
+      maxParticipants: 2
+    });
+    return room;
+  }
+}
+class ChatThreadCollection extends SmrtCollection {
+  static _itemClass = ChatThread;
+  async getByRoom(roomId) {
+    return this.list({ where: { roomId } });
+  }
+  async getActive(roomId) {
+    const threads = await this.list({ where: { roomId } });
+    return threads.filter((t) => !t.isResolved);
+  }
+  async getUnresolved() {
+    const threads = await this.list({});
+    return threads.filter((t) => !t.isResolved);
+  }
+}
+const RUN_AGENT_REPLY = /* @__PURE__ */ Symbol("smrt-chat.runAgentReply");
+class ChatService {
+  // Raw persistence collections are PRIVATE (S5 #1392). They can author/mutate
+  // any row with no actor/membership check, so they must NOT appear on the
+  // public `ChatService` type, and the package index no longer re-exports the
+  // collection classes for direct construction around the service. Every
+  // external read/write goes through the authorized facade methods below.
+  #rooms;
+  #messages;
+  #participants;
+  #threads;
+  #agentSessions;
+  #reactions;
+  constructor(rooms, messages, participants, threads, agentSessions, reactions) {
+    this.#rooms = rooms;
+    this.#messages = messages;
+    this.#participants = participants;
+    this.#threads = threads;
+    this.#agentSessions = agentSessions;
+    this.#reactions = reactions;
+  }
+  static async create(options) {
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:ChatRoom",
+      ChatRoomCollection
+    );
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:ChatMessage",
+      ChatMessageCollection
+    );
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:ChatParticipant",
+      ChatParticipantCollection
+    );
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:ChatThread",
+      ChatThreadCollection
+    );
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:AgentSession",
+      AgentSessionCollection
+    );
+    ObjectRegistry.registerCollection(
+      "@happyvertical/smrt-chat:ChatReaction",
+      ChatReactionCollection
+    );
+    const rooms = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:ChatRoom",
+      options
+    );
+    const messages = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:ChatMessage",
+      options
+    );
+    const participants = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:ChatParticipant",
+      options
+    );
+    const threads = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:ChatThread",
+      options
+    );
+    const agentSessions = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:AgentSession",
+      options
+    );
+    const reactions = await ObjectRegistry.getCollection(
+      "@happyvertical/smrt-chat:ChatReaction",
+      options
+    );
+    return new ChatService(
+      rooms,
+      messages,
+      participants,
+      threads,
+      agentSessions,
+      reactions
+    );
+  }
+  /** Initialize all underlying collections (table creation) */
+  async initialize() {
+    await this.#rooms.initialize();
+    await this.#messages.initialize();
+    await this.#participants.initialize();
+    await this.#threads.initialize();
+    await this.#agentSessions.initialize();
+    await this.#reactions.initialize();
+  }
+  /**
+   * Create a room and add the creating actor as owner (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId` (the
+   * authenticated principal the route injects). The creator/owner is ALWAYS the
+   * actor — a caller cannot supply a `createdByProfileId` to attribute the room
+   * to (and enroll as owner) some other profile.
+   */
+  async createRoom(params) {
+    const room = await this.#rooms.create({
+      tenantId: params.tenantId,
+      name: params.name,
+      roomType: params.roomType,
+      createdByProfileId: params.actorProfileId,
+      description: params.description ?? "",
+      topic: params.topic ?? "",
+      status: "active"
+    });
+    await this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: room.id,
+      profileId: params.actorProfileId,
+      role: "owner"
+    });
+    return room;
+  }
+  /**
+   * Send a USER message to a room as the authenticated caller (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId` (the
+   * authenticated principal the route injects). The message is ALWAYS authored
+   * as `actorProfileId` with `role: 'user'` — the caller cannot supply a
+   * `senderProfileId` to impersonate another profile or the agent, and cannot
+   * supply a privileged `role` (assistant/system/tool). Agent-authored messages
+   * go exclusively through the internal {@link ChatService.sendAgentReply}.
+   *
+   * Authorization: `actorProfileId` must be an ACTIVE participant of the target
+   * room, preventing cross-room IDOR within a tenant. There is no public
+   * membership-skip parameter; system-authored writes use the internal
+   * {@link ChatService.writeMessage} path.
+   */
+  async sendMessage(params) {
+    return this.#writeMessage({
+      tenantId: params.tenantId,
+      roomId: params.roomId,
+      senderProfileId: params.actorProfileId,
+      content: params.content,
+      role: "user",
+      messageType: params.messageType ?? "text",
+      threadId: params.threadId ?? null,
+      agentSessionId: params.agentSessionId ?? null,
+      replyToMessageId: params.replyToMessageId ?? null
+    });
+  }
+  /**
+   * INTERNAL persistence path for all message writes. Not exposed publicly: it
+   * accepts an arbitrary author/role and an internal-only `skipMembershipCheck`
+   * (S5 #1392). Every public entry point (`sendMessage`, `sendAgentUserMessage`,
+   * `sendAgentReply`) funnels through here with a server-derived author/role.
+   *
+   * Membership is enforced unless `skipMembershipCheck` is set, which only the
+   * in-class system-authored callers may do.
+   */
+  async #writeMessage(write) {
+    if (!write.skipMembershipCheck) {
+      const isMember = await this.#participants.isActiveMember(
+        write.roomId,
+        write.senderProfileId,
+        write.tenantId
+      );
+      if (!isMember) {
+        throw new Error(
+          "Sender is not an active member of the room (authorization denied)"
+        );
+      }
+    }
+    const thread = write.threadId ? await this.#threads.get({
+      id: write.threadId,
+      roomId: write.roomId,
+      tenantId: write.tenantId
+    }) : null;
+    if (write.threadId && !thread) {
+      throw new Error(
+        "threadId does not belong to this room/tenant (authorization denied)"
+      );
+    }
+    const session = write.agentSessionId ? await this.#agentSessions.get({
+      id: write.agentSessionId,
+      chatRoomId: write.roomId,
+      tenantId: write.tenantId
+    }) : null;
+    if (write.agentSessionId && !session) {
+      throw new Error(
+        "agentSessionId does not belong to this room/tenant (authorization denied)"
+      );
+    }
+    if (write.replyToMessageId) {
+      const replyTo = await this.#messages.get({
+        id: write.replyToMessageId,
+        roomId: write.roomId,
+        tenantId: write.tenantId
+      });
+      if (!replyTo) {
+        throw new Error(
+          "replyToMessageId does not belong to this room/tenant (authorization denied)"
+        );
+      }
+    }
+    const message = await this.#messages.create({
+      tenantId: write.tenantId,
+      roomId: write.roomId,
+      senderProfileId: write.senderProfileId,
+      content: write.content,
+      messageType: write.messageType ?? "text",
+      role: write.role,
+      threadId: write.threadId ?? null,
+      agentSessionId: write.agentSessionId ?? null,
+      replyToMessageId: write.replyToMessageId ?? null,
+      toolCallData: write.toolCallData ? JSON.stringify(write.toolCallData) : null
+    });
+    const room = await this.#rooms.get({
+      id: write.roomId,
+      tenantId: write.tenantId
+    });
+    if (room) {
+      room.lastMessageAt = /* @__PURE__ */ new Date();
+      await room.save();
+    }
+    if (thread) {
+      thread.messageCount++;
+      thread.lastMessageAt = /* @__PURE__ */ new Date();
+      await thread.save();
+    }
+    if (session) {
+      await session.recordMessage();
+    }
+    return message;
+  }
+  /**
+   * Start a thread in a room (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId`, which must be
+   * an active member of the room. Generated thread `create` is disabled, so this
+   * is the only path to create a thread.
+   *
+   * When a `rootMessageId` is supplied it is bound to `{ id, roomId, tenantId }`
+   * and rejected unless it belongs to the SAME room and tenant — without this a
+   * member of one room could anchor a thread to a message from another
+   * room/tenant. `rootMessageId` is optional (a thread can be opened without a
+   * root message, e.g. an agent-editor thread).
+   */
+  async startThread(params) {
+    await this.#requireActiveMembership(
+      params.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    if (params.rootMessageId) {
+      const rootMessage = await this.#messages.get({
+        id: params.rootMessageId,
+        roomId: params.roomId,
+        tenantId: params.tenantId
+      });
+      if (!rootMessage) {
+        throw new Error(
+          "rootMessageId does not belong to this room/tenant (authorization denied)"
+        );
+      }
+    }
+    const thread = await this.#threads.create({
+      tenantId: params.tenantId,
+      roomId: params.roomId,
+      rootMessageId: params.rootMessageId ?? null,
+      title: params.title ?? "",
+      messageCount: 0
+    });
+    return thread;
+  }
+  /**
+   * Add a participant to a room (S5 #1392).
+   *
+   * Authorization: the acting identity is the server-supplied `actorProfileId`,
+   * which MUST be an owner/admin of the target room. This prevents an arbitrary
+   * tenant member from adding anyone (or themselves) to any room with any role —
+   * a privilege-escalation / IDOR. System-bootstrap enrollment (room creation,
+   * DM/agent-session setup) uses the internal {@link ChatService.enrollParticipant}.
+   */
+  async addParticipant(params) {
+    await this.#requireRoomAdmin(
+      params.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    return this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: params.roomId,
+      profileId: params.profileId,
+      role: params.role
+    });
+  }
+  /**
+   * INTERNAL participant enrollment (S5 #1392). No authorization check — only
+   * the trusted in-class bootstrap paths (room creation, DM/agent-session setup)
+   * and the owner-checked {@link ChatService.addParticipant} call this. Not
+   * exposed publicly so a route cannot enroll an arbitrary profile.
+   */
+  async #enrollParticipant(params) {
+    const existing = await this.#participants.findMembership(
+      params.roomId,
+      params.profileId,
+      params.tenantId
+    );
+    if (existing) {
+      if (existing.status !== "active") {
+        existing.status = "active";
+        existing.joinedAt = /* @__PURE__ */ new Date();
+        await existing.save();
+      }
+      return existing;
+    }
+    const participant = await this.#participants.create({
+      tenantId: params.tenantId,
+      roomId: params.roomId,
+      profileId: params.profileId,
+      role: params.role ?? "member",
+      status: "active",
+      joinedAt: /* @__PURE__ */ new Date()
+    });
+    return participant;
+  }
+  /**
+   * Remove (soft-leave) a participant from a room (S5 #1392).
+   *
+   * Authorization: the server-supplied `actorProfileId` may remove THEMSELVES
+   * (leave) at any time; removing ANOTHER profile requires the actor to be an
+   * owner/admin of the room. An admin who is not an owner cannot remove an owner.
+   */
+  async removeParticipant(params) {
+    const target = await this.#participants.findMembership(
+      params.roomId,
+      params.profileId,
+      params.tenantId
+    );
+    if (!target) return;
+    const isSelf = params.actorProfileId === params.profileId;
+    if (!isSelf) {
+      const actor = await this.#participants.findActiveMembership(
+        params.roomId,
+        params.actorProfileId,
+        params.tenantId
+      );
+      if (!actor || !actor.isAdmin()) {
+        throw new Error(
+          "Only a room owner/admin may remove another participant (authorization denied)"
+        );
+      }
+      if (target.isOwner() && !actor.isOwner()) {
+        throw new Error(
+          "Only a room owner may remove an owner (authorization denied)"
+        );
+      }
+    }
+    target.status = "left";
+    await target.save();
+  }
+  /**
+   * Update mutable room fields, restricted to a room owner/admin (S5 #1392).
+   *
+   * Generated `update` on ChatRoom is disabled, so this owner-checked path is the
+   * only way to mutate room state. The acting identity is the server-supplied
+   * `actorProfileId`.
+   */
+  async updateRoom(params) {
+    await this.#requireRoomAdmin(
+      params.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    const room = await this.#rooms.get({
+      id: params.roomId,
+      tenantId: params.tenantId
+    });
+    if (!room) throw new Error("Room not found");
+    if (params.name !== void 0) room.name = params.name;
+    if (params.description !== void 0) room.description = params.description;
+    if (params.topic !== void 0) room.topic = params.topic;
+    if (params.avatarUrl !== void 0) room.avatarUrl = params.avatarUrl;
+    if (params.status !== void 0) room.status = params.status;
+    await room.save();
+    return room;
+  }
+  /**
+   * Add a reaction to a message as the authenticated caller (S5 #1392).
+   *
+   * Generated `create` on ChatReaction is disabled. The reaction is always
+   * authored as the server-supplied `actorProfileId` (no caller-supplied
+   * `profileId`), and the actor must be an active member of the room that owns
+   * the message. Idempotent: re-reacting with the same emoji returns the
+   * existing row.
+   */
+  async addReaction(params) {
+    const message = await this.#messages.get({
+      id: params.messageId,
+      tenantId: params.tenantId
+    });
+    if (!message) throw new Error("Message not found");
+    await this.#requireActiveMembership(
+      message.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    const existing = await this.#reactions.list({
+      where: {
+        tenantId: params.tenantId,
+        messageId: params.messageId,
+        profileId: params.actorProfileId,
+        emoji: params.emoji
+      },
+      limit: 1
+    });
+    if (existing[0]) return existing[0];
+    return this.#reactions.create({
+      tenantId: params.tenantId,
+      messageId: params.messageId,
+      profileId: params.actorProfileId,
+      emoji: params.emoji
+    });
+  }
+  /**
+   * Remove the caller's own reaction from a message (S5 #1392).
+   *
+   * Generated `delete` on ChatReaction is disabled. A caller may only delete
+   * THEIR OWN reaction (keyed on `actorProfileId`), so the route cannot remove
+   * another member's reaction.
+   */
+  async removeReaction(params) {
+    const existing = await this.#reactions.list({
+      where: {
+        tenantId: params.tenantId,
+        messageId: params.messageId,
+        profileId: params.actorProfileId,
+        emoji: params.emoji
+      },
+      limit: 1
+    });
+    if (existing[0]) {
+      await existing[0].delete();
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get or create a DM room with auto-participant setup.
+   *
+   * The acting identity is the server-supplied `actorProfileId`, which must be
+   * one of the two DM participants — a caller cannot open a DM between two other
+   * profiles on their behalf (S5 #1392). Enrollment uses the internal system
+   * path (no owner check needed for a DM the actor is part of).
+   */
+  async getOrCreateDM(params) {
+    if (params.actorProfileId !== params.profileId1 && params.actorProfileId !== params.profileId2) {
+      throw new Error(
+        "Caller must be a participant of the DM (authorization denied)"
+      );
+    }
+    const room = await this.#rooms.findOrCreateDM(
+      params.profileId1,
+      params.profileId2,
+      params.tenantId,
+      this.#participants
+    );
+    await this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: room.id,
+      profileId: params.profileId1
+    });
+    await this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: room.id,
+      profileId: params.profileId2
+    });
+    return room;
+  }
+  /**
+   * Create an agent conversation session with a linked chat room (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId`; the session is
+   * ALWAYS created for that actor as the owning participant. A caller cannot
+   * supply a `participantProfileId` to open (and own) a session on behalf of
+   * another profile.
+   *
+   * `sessionKey` scopes the session's identity to a conversation subject (e.g. a
+   * content id) (S5 #1392). The reuse lookup keys on `(agentId,
+   * participantProfileId, tenantId)`, which is too coarse for callers that open
+   * separate conversations for distinct subjects under one agent/profile/tenant:
+   * without a key, a session opened for subject A would be reused for a request
+   * about subject B, returning A's room/threads on B's route. When `sessionKey`
+   * is set, an existing session is reused ONLY if its key matches exactly, and a
+   * newly created session records the key; distinct keys therefore get distinct
+   * sessions and rooms. When omitted, behavior is unchanged (single session per
+   * agent/profile/tenant).
+   */
+  async createAgentSession(params) {
+    const participantProfileId = params.actorProfileId;
+    const sessionKey = params.sessionKey ?? null;
+    const existingSession = await this.#agentSessions.findActiveSession(
+      params.agentId,
+      participantProfileId,
+      params.tenantId,
+      sessionKey
+    );
+    if (existingSession && existingSession.tenantId === params.tenantId) {
+      if (existingSession.chatRoomId) {
+        const existingRoom = await this.#rooms.get({
+          id: existingSession.chatRoomId,
+          tenantId: params.tenantId
+        });
+        if (existingRoom) {
+          await this.#enrollParticipant({
+            tenantId: params.tenantId,
+            roomId: existingRoom.id,
+            profileId: participantProfileId,
+            role: "owner"
+          });
+          await this.#enrollParticipant({
+            tenantId: params.tenantId,
+            roomId: existingRoom.id,
+            profileId: params.agentId,
+            role: "member"
+          });
+          return { session: existingSession, room: existingRoom };
+        }
+      }
+      await existingSession.expire();
+    }
+    const room = await this.#rooms.create({
+      tenantId: params.tenantId,
+      name: "",
+      roomType: "agent",
+      createdByProfileId: participantProfileId,
+      status: "active",
+      maxParticipants: 2
+    });
+    await this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: room.id,
+      profileId: participantProfileId,
+      role: "owner"
+    });
+    await this.#enrollParticipant({
+      tenantId: params.tenantId,
+      roomId: room.id,
+      profileId: params.agentId,
+      role: "member"
+    });
+    const session = await this.#agentSessions.findOrCreate({
+      agentId: params.agentId,
+      participantProfileId,
+      tenantId: params.tenantId,
+      allowedTools: params.allowedTools,
+      chatRoomId: room.id,
+      systemPrompt: params.systemPrompt,
+      sessionKey
+    });
+    if (params.maxTokens) session.maxTokens = params.maxTokens;
+    if (params.maxMessages) session.maxMessages = params.maxMessages;
+    await session.save();
+    return { session, room };
+  }
+  /**
+   * Send a USER message within an agent session (S5 #1392).
+   *
+   * The authenticated caller (`actorProfileId`) must be the session's owning
+   * participant. The message is always authored as `session.participantProfileId`
+   * — the caller cannot supply a `senderProfileId`, a `role`, or tool-call data,
+   * so this path can never be used to post as the agent (`assistant`/`tool`) or
+   * to impersonate another profile. Agent replies go through the internal
+   * {@link ChatService.sendAgentReply}.
+   */
+  async sendAgentUserMessage(params) {
+    const session = await this.#loadActiveSession(
+      params.agentSessionId,
+      params.tenantId
+    );
+    if (params.actorProfileId !== session.participantProfileId) {
+      throw new Error(
+        "Only the session participant may post user messages in this agent session (authorization denied)"
+      );
+    }
+    return this.#writeMessage({
+      tenantId: params.tenantId,
+      roomId: session.chatRoomId,
+      senderProfileId: session.participantProfileId,
+      content: params.content,
+      role: "user",
+      messageType: params.messageType ?? "text",
+      agentSessionId: params.agentSessionId
+    });
+  }
+  /**
+   * Emit an ASSISTANT or TOOL message authored by the agent (S5 #1392).
+   *
+   * INTERNAL authority: this is the only path that authors a message as the
+   * agent, and it is not reachable with a caller-supplied `senderProfileId`/
+   * `role`. The author is always `session.agentId`. Tool calls are gated
+   * fail-closed against the session's allow-list. Intended for the trusted
+   * agent-runtime, never a per-tenant request handler driven by client-supplied
+   * role/sender.
+   *
+   * This is a `private` method and is NOT exported from the package index. The
+   * in-process agent runtime reaches it through the {@link sendAgentReply}
+   * bridge in this module, which is deliberately not re-exported from
+   * `src/index.ts`, so a route/consumer can never author a message as the agent.
+   */
+  async #emitAgentReply(params) {
+    const session = await this.#loadActiveSession(
+      params.agentSessionId,
+      params.tenantId
+    );
+    const role = params.kind === "tool" ? "tool" : "assistant";
+    if (params.messageType === "tool_call" || role === "tool" || params.toolCallData) {
+      const toolName = ChatService.#extractToolName(params.toolCallData);
+      if (!toolName) {
+        throw new Error("Tool call is missing a tool name");
+      }
+      if (!session.isToolAllowed(toolName)) {
+        throw new Error(
+          `Tool '${toolName}' is not allowed for this agent session (authorization denied)`
+        );
+      }
+    }
+    return this.#writeMessage({
+      tenantId: params.tenantId,
+      roomId: session.chatRoomId,
+      senderProfileId: session.agentId,
+      content: params.content,
+      role,
+      messageType: params.messageType ?? "text",
+      threadId: params.threadId ?? null,
+      agentSessionId: params.agentSessionId,
+      toolCallData: params.toolCallData ?? null
+    });
+  }
+  /** Load an active agent session by id, tenant-bound, or throw. */
+  async #loadActiveSession(agentSessionId, tenantId2) {
+    const session = await this.#agentSessions.get({
+      id: agentSessionId,
+      tenantId: tenantId2
+    });
+    if (!session) throw new Error("Agent session not found");
+    if (!session.isActive()) throw new Error("Agent session is not active");
+    if (!session.chatRoomId) throw new Error("Agent session has no chat room");
+    return session;
+  }
+  /**
+   * Read messages in a room, gated on the AUTHENTICATED CALLER's active
+   * membership (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId` (the
+   * authenticated principal the route injects), NOT a caller-controlled
+   * `profileId`. Authorizing a supplied `profileId` would make a route a
+   * confused deputy: any caller could read a room by smuggling some member's
+   * profile id. Throws if `actorProfileId` is not an active participant of
+   * `roomId`. `tenantId` is required so the membership gate is always
+   * tenant-scoped.
+   */
+  async getRoomMessages(params) {
+    await this.#requireActiveMembership(
+      params.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    return this.#messages.getByRoom(params.roomId, params.tenantId, {
+      limit: params.limit,
+      before: params.before
+    });
+  }
+  /**
+   * Load a room only if the AUTHENTICATED CALLER is an active member (S5 #1392).
+   *
+   * The acting identity is the server-supplied `actorProfileId`, never a
+   * caller-controlled `profileId` (confused-deputy avoidance — see
+   * {@link ChatService.getRoomMessages}). Returns null when the room does not
+   * exist; throws when the actor is not an active participant. `tenantId` is
+   * required so the lookup and the membership gate are always tenant-scoped.
+   */
+  async getRoomForMember(roomId, actorProfileId, tenantId2) {
+    const room = await this.#rooms.get({ id: roomId, tenantId: tenantId2 });
+    if (!room) return null;
+    await this.#requireActiveMembership(roomId, actorProfileId, tenantId2);
+    return room;
+  }
+  /**
+   * Tenant-bound read of a single agent session (S5 #1392).
+   *
+   * The lookup ALWAYS binds `tenantId` (including the `null`/untenanted scope),
+   * so a caller can never resolve a session belonging to another tenant by id.
+   * Returns `null` when no session matches the id within the tenant. Replaces
+   * direct `agentSessions.get(id)` reach-ins in package consumers; consumers
+   * still apply their own ownership/context authorization on the returned row.
+   */
+  async getAgentSession(lookup) {
+    const session = await this.#agentSessions.get({
+      id: lookup.agentSessionId,
+      tenantId: lookup.tenantId
+    });
+    return session ?? null;
+  }
+  /**
+   * Tenant-bound list of ACTIVE agent sessions for an (agent, participant) pair
+   * (S5 #1392).
+   *
+   * Binds `tenantId` into the query so the result can never include a session
+   * from another tenant. Replaces direct `agentSessions.list({ where })`
+   * reach-ins; consumers apply their own per-session context authorization.
+   */
+  async findActiveAgentSessions(params) {
+    const sessions = await this.#agentSessions.list({
+      where: {
+        tenantId: params.tenantId,
+        agentId: params.agentId,
+        participantProfileId: params.participantProfileId,
+        status: "active"
+      }
+    });
+    return sessions.filter((s) => s.isActive());
+  }
+  /**
+   * Tenant-bound read of a single thread (S5 #1392).
+   *
+   * Binds `tenantId` into the lookup so a thread from another tenant can never
+   * be resolved by id. Returns `null` when no thread matches within the tenant.
+   * Replaces direct `threads.get(id)` reach-ins.
+   */
+  async getThread(lookup) {
+    const thread = await this.#threads.get({
+      id: lookup.threadId,
+      tenantId: lookup.tenantId
+    });
+    return thread ?? null;
+  }
+  /**
+   * List a room's threads, gated on the caller's active membership (S5 #1392).
+   *
+   * Tenant- and membership-scoped: throws if `actorProfileId` is not an active
+   * participant of `roomId`. Replaces direct `threads.list({ where: { roomId } })`
+   * reach-ins that returned threads without a membership/tenant gate.
+   */
+  async listRoomThreads(params) {
+    await this.#requireActiveMembership(
+      params.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    return this.#threads.list({
+      where: { tenantId: params.tenantId, roomId: params.roomId },
+      orderBy: "createdAt DESC"
+    });
+  }
+  /**
+   * Read messages within a thread, tenant- and membership-bound (S5 #1392).
+   *
+   * The thread is resolved tenant-bound; the caller must be an active member of
+   * the thread's room. Messages are returned oldest-first (chronological).
+   * Replaces direct `messages.list({ where: { threadId } })` reach-ins that
+   * could read another tenant's/room's thread history by raw id.
+   */
+  async getThreadMessages(params) {
+    const thread = await this.#threads.get({
+      id: params.threadId,
+      tenantId: params.tenantId
+    });
+    if (!thread) {
+      throw new Error("Thread not found");
+    }
+    await this.#requireActiveMembership(
+      thread.roomId,
+      params.actorProfileId,
+      params.tenantId
+    );
+    const messages = await this.#messages.list({
+      where: {
+        tenantId: params.tenantId,
+        threadId: params.threadId,
+        isDeleted: false
+      },
+      orderBy: "created_at DESC",
+      limit: params.limit
+    });
+    return messages.reverse();
+  }
+  /**
+   * Update the per-session agent configuration (allowedTools / systemPrompt),
+   * restricted to the session owner — the room owner participant (S5 #1392).
+   *
+   * Tool whitelist and system prompt govern what the agent may do, so only the
+   * owning participant (not arbitrary tenant members or the agent itself) may
+   * mutate them.
+   */
+  async updateAgentSessionConfig(params) {
+    const session = await this.#agentSessions.get({
+      id: params.agentSessionId,
+      tenantId: params.tenantId
+    });
+    if (!session) throw new Error("Agent session not found");
+    const isOwner = params.actorProfileId === session.participantProfileId;
+    if (!isOwner) {
+      throw new Error(
+        "Only the session owner may update agent session configuration (authorization denied)"
+      );
+    }
+    if (params.allowedTools !== void 0) {
+      session.setAllowedTools(params.allowedTools);
+    }
+    if (params.systemPrompt !== void 0) {
+      session.systemPrompt = params.systemPrompt;
+    }
+    await session.save();
+    return session;
+  }
+  /** Throw unless the profile is an active participant of the room. */
+  async #requireActiveMembership(roomId, profileId, tenantId2) {
+    const isMember = await this.#participants.isActiveMember(
+      roomId,
+      profileId,
+      tenantId2
+    );
+    if (!isMember) {
+      throw new Error(
+        "Caller is not an active member of the room (authorization denied)"
+      );
+    }
+  }
+  /** Throw unless the profile is an active owner/admin of the room. */
+  async #requireRoomAdmin(roomId, profileId, tenantId2) {
+    const actor = await this.#participants.findActiveMembership(
+      roomId,
+      profileId,
+      tenantId2
+    );
+    if (!actor || !actor.isAdmin()) {
+      throw new Error(
+        "Caller must be a room owner/admin (authorization denied)"
+      );
+    }
+  }
+  /** Extract a tool name from tool-call payload data, if present. */
+  static #extractToolName(data) {
+    if (!data || typeof data !== "object") return null;
+    const candidate = data.name ?? data.tool ?? data.toolName;
+    return typeof candidate === "string" && candidate.length > 0 ? candidate : null;
+  }
+  /**
+   * Symbol-keyed bridge to the `private` {@link ChatService.emitAgentReply} for
+   * the module-local {@link sendAgentReply} function (S5 #1392). A static member
+   * may reach a private instance member of its own class, so this is the
+   * sanctioned "friend" access without widening the public instance surface.
+   *
+   * Keyed on the module-private {@link RUN_AGENT_REPLY} symbol — NOT a named
+   * static — so it does not appear on the `ChatService` type, is not enumerable,
+   * and is callable only by code holding the (non-exported) symbol. This is the
+   * sole path the agent-runtime bridge uses to author a message as the agent.
+   */
+  static [RUN_AGENT_REPLY](service, params) {
+    return service.#emitAgentReply(params);
+  }
+}
+function sendAgentReply(service, params) {
+  return ChatService[RUN_AGENT_REPLY](service, params);
+}
+export {
+  AgentSession as A,
+  ChatMessage as C,
+  ChatParticipant as a,
+  ChatReaction as b,
+  ChatRoom as c,
+  ChatService as d,
+  ChatThread as e,
+  sendAgentReply as s
+};
+//# sourceMappingURL=ChatService-Dpzc1Pa5.js.map