npm - @hasna/conversations - Versions diffs - 0.2.42 → 0.2.44 - Mend

@hasna/conversations 0.2.42 → 0.2.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/bin/mcp.js CHANGED Viewed

@@ -6,39 +6,60 @@ var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+function __accessProp(key) {
+  return this[key];
+}
+var __toESMCache_node;
+var __toESMCache_esm;
 var __toESM = (mod, isNodeMode, target) => {
+  var canCache = mod != null && typeof mod === "object";
+  if (canCache) {
+    var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
+    var cached = cache.get(mod);
+    if (cached)
+      return cached;
+  }
   target = mod != null ? __create(__getProtoOf(mod)) : {};
   const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
   for (let key of __getOwnPropNames(mod))
     if (!__hasOwnProp.call(to, key))
       __defProp(to, key, {
-        get: () => mod[key],
+        get: __accessProp.bind(mod, key),
         enumerable: true
       });
+  if (canCache)
+    cache.set(mod, to);
   return to;
 };
-var __moduleCache = /* @__PURE__ */ new WeakMap;
 var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
+  var entry = (__moduleCache ??= new WeakMap).get(from), desc;
   if (entry)
     return entry;
   entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (var key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(entry, key))
+        __defProp(entry, key, {
+          get: __accessProp.bind(from, key),
+          enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+        });
+  }
   __moduleCache.set(from, entry);
   return entry;
 };
+var __moduleCache;
 var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: (newValue) => all[name] = () => newValue
+      set: __exportSetter.bind(all, name)
     });
 };
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
@@ -6302,7 +6323,7 @@ var require_formats = __commonJS((exports) => {
   }
   var TIME = /^(\d\d):(\d\d):(\d\d(?:\.\d+)?)(z|([+-])(\d\d)(?::?(\d\d))?)?$/i;
   function getTime(strictTimeZone) {
-    return function time(str) {
+    return function time3(str) {
       const matches = TIME.exec(str);
       if (!matches)
         return false;
@@ -6515,7 +6536,7 @@ var require_dist = __commonJS((exports, module) => {
   exports.default = formatsPlugin;
 });
-// ../../../../node_modules/@hasna/cloud/dist/index.js
+// node_modules/@hasna/cloud/dist/index.js
 var exports_dist = {};
 __export(exports_dist, {
   translateSql: () => translateSql,
@@ -6610,11 +6631,11 @@ import { join as join5 } from "path";
 import { join as join6, dirname } from "path";
 import { existsSync as existsSync6, writeFileSync as writeFileSync2, unlinkSync, mkdirSync as mkdirSync3 } from "fs";
 import { homedir as homedir5, platform } from "os";
-function __accessProp(key) {
+function __accessProp2(key) {
   return this[key];
 }
-function __exportSetter(name, newValue) {
-  this[name] = __returnValue.bind(null, newValue);
+function __exportSetter2(name, newValue) {
+  this[name] = __returnValue2.bind(null, newValue);
 }
 function translateSql(sql, dialect) {
   if (dialect === "sqlite")
@@ -7927,9 +7948,9 @@ async function syncTransfer(source, target, options, _direction) {
           const batch = rows.slice(offset, offset + batchSize);
           try {
             if (isAsyncAdapter(target)) {
-              await batchUpsertPg(target, table, columns, updateCols, pkColumns, batch, columns.includes(conflictColumn) ? conflictColumn : undefined);
+              await batchUpsertPg(target, table, columns, updateCols, pkColumns, batch);
             } else {
-              batchUpsertSqlite(target, table, columns, updateCols, pkColumns, batch, columns.includes(conflictColumn) ? conflictColumn : undefined);
+              batchUpsertSqlite(target, table, columns, updateCols, pkColumns, batch);
             }
             result.rowsWritten += batch.length;
           } catch (err) {
@@ -7976,7 +7997,7 @@ async function syncTransfer(source, target, options, _direction) {
   }
   return results;
 }
-async function batchUpsertPg(target, table, columns, updateCols, primaryKeys, batch, conflictColumn) {
+async function batchUpsertPg(target, table, columns, updateCols, primaryKeys, batch) {
   if (batch.length === 0)
     return;
   const colList = columns.map((c) => `"${c}"`).join(", ");
@@ -7986,22 +8007,20 @@ async function batchUpsertPg(target, table, columns, updateCols, primaryKeys, ba
   }).join(", ");
   const pkList = primaryKeys.map((c) => `"${c}"`).join(", ");
   const setClause = updateCols.length > 0 ? updateCols.map((c) => `"${c}" = EXCLUDED."${c}"`).join(", ") : `"${primaryKeys[0]}" = EXCLUDED."${primaryKeys[0]}"`;
-  const whereClause = conflictColumn && updateCols.includes(conflictColumn) ? ` WHERE "${table}"."${conflictColumn}" IS NULL OR EXCLUDED."${conflictColumn}" >= "${table}"."${conflictColumn}"` : "";
   const sql = `INSERT INTO "${table}" (${colList}) VALUES ${valuePlaceholders}
-    ON CONFLICT (${pkList}) DO UPDATE SET ${setClause}${whereClause}`;
+    ON CONFLICT (${pkList}) DO UPDATE SET ${setClause}`;
   const params = batch.flatMap((row) => columns.map((c) => row[c] ?? null));
   await target.run(sql, ...params);
 }
-function batchUpsertSqlite(target, table, columns, updateCols, primaryKeys, batch, conflictColumn) {
+function batchUpsertSqlite(target, table, columns, updateCols, primaryKeys, batch) {
   if (batch.length === 0)
     return;
   const colList = columns.map((c) => `"${c}"`).join(", ");
   const valuePlaceholders = batch.map(() => `(${columns.map(() => "?").join(", ")})`).join(", ");
   const pkList = primaryKeys.map((c) => `"${c}"`).join(", ");
   const setClause = updateCols.length > 0 ? updateCols.map((c) => `"${c}" = EXCLUDED."${c}"`).join(", ") : `"${primaryKeys[0]}" = EXCLUDED."${primaryKeys[0]}"`;
-  const whereClause = conflictColumn && updateCols.includes(conflictColumn) ? ` WHERE "${table}"."${conflictColumn}" IS NULL OR EXCLUDED."${conflictColumn}" >= "${table}"."${conflictColumn}"` : "";
   const sql = `INSERT INTO "${table}" (${colList}) VALUES ${valuePlaceholders}
-    ON CONFLICT (${pkList}) DO UPDATE SET ${setClause}${whereClause}`;
+    ON CONFLICT (${pkList}) DO UPDATE SET ${setClause}`;
   const params = batch.flatMap((row) => columns.map((c) => coerceForSqlite(row[c])));
   target.run(sql, ...params);
 }
@@ -9071,7 +9090,7 @@ async function ensureAllPgDatabases() {
   }
   return results;
 }
-function registerCloudTools(server, serviceName, opts = {}) {
+function registerCloudTools(server, serviceName) {
   server.tool(`${serviceName}_cloud_status`, "Show cloud configuration and connection health", {}, async () => {
     const config2 = getCloudConfig();
     const lines = [
@@ -9104,13 +9123,8 @@ function registerCloudTools(server, serviceName, opts = {}) {
         isError: true
       };
     }
-    const local = new SqliteAdapter(opts.dbPath ?? getDbPath(serviceName));
+    const local = new SqliteAdapter(getDbPath(serviceName));
     const cloud = new PgAdapterAsync(getConnectionString(serviceName));
-    if (opts.migrations?.length) {
-      for (const sql of opts.migrations) {
-        await cloud.run(sql);
-      }
-    }
     const tableList = tablesStr ? tablesStr.split(",").map((t) => t.trim()) : listSqliteTables(local);
     const results = await syncPush(local, cloud, { tables: tableList });
     local.close();
@@ -9132,7 +9146,7 @@ function registerCloudTools(server, serviceName, opts = {}) {
         isError: true
       };
     }
-    const local = new SqliteAdapter(opts.dbPath ?? getDbPath(serviceName));
+    const local = new SqliteAdapter(getDbPath(serviceName));
     const cloud = new PgAdapterAsync(getConnectionString(serviceName));
     let tableList;
     if (tablesStr) {
@@ -9255,10 +9269,10 @@ function registerCloudCommands(program, serviceName) {
     }
   });
 }
-var __create2, __getProtoOf2, __defProp2, __getOwnPropNames2, __hasOwnProp2, __toESMCache_node, __toESMCache_esm, __toESM2 = (mod, isNodeMode, target) => {
+var __create2, __getProtoOf2, __defProp2, __getOwnPropNames2, __hasOwnProp2, __toESMCache_node2, __toESMCache_esm2, __toESM2 = (mod, isNodeMode, target) => {
   var canCache = mod != null && typeof mod === "object";
   if (canCache) {
-    var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
+    var cache = isNodeMode ? __toESMCache_node2 ??= new WeakMap : __toESMCache_esm2 ??= new WeakMap;
     var cached2 = cache.get(mod);
     if (cached2)
       return cached2;
@@ -9268,19 +9282,19 @@ var __create2, __getProtoOf2, __defProp2, __getOwnPropNames2, __hasOwnProp2, __t
   for (let key of __getOwnPropNames2(mod))
     if (!__hasOwnProp2.call(to, key))
       __defProp2(to, key, {
-        get: __accessProp.bind(mod, key),
+        get: __accessProp2.bind(mod, key),
         enumerable: true
       });
   if (canCache)
     cache.set(mod, to);
   return to;
-}, __commonJS2 = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports), __returnValue = (v) => v, __export2 = (target, all) => {
+}, __commonJS2 = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports), __returnValue2 = (v) => v, __export2 = (target, all) => {
   for (var name in all)
     __defProp2(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: __exportSetter.bind(all, name)
+      set: __exportSetter2.bind(all, name)
     });
 }, __esm2 = (fn, res) => () => (fn && (res = fn(fn = 0)), res), __require, require_postgres_array, require_arrayParser, require_postgres_date, require_mutable, require_postgres_interval, require_postgres_bytea, require_textParsers, require_pg_int8, require_binaryParsers, require_builtins, require_pg_types, require_defaults2, require_utils2, require_utils_legacy, require_utils_webcrypto, require_utils22, require_cert_signatures, require_sasl, require_type_overrides, require_pg_connection_string, require_connection_parameters, require_result, require_query, require_messages, require_buffer_writer, require_serializer, require_buffer_reader, require_parser, require_dist2, require_empty, require_stream, require_connection, require_split2, require_helper, require_lib, require_client, require_pg_pool, require_query2, require_client2, require_lib2, import_lib, Client, Pool, Connection, types, Query, DatabaseError, escapeIdentifier, escapeLiteral, Result, TypeOverrides, defaults, esm_default, init_esm, init_adapter, util2, objectUtil2, ZodParsedType2, getParsedType3 = (data) => {
   const t = typeof data;
@@ -17637,6 +17651,137 @@ function getDbPath2() {
     return process.env.CONVERSATIONS_DB_PATH;
   return join7(getDataDir2(), "messages.db");
 }
+function parsePresenceTimestamp(value) {
+  if (typeof value !== "string" || !value)
+    return 0;
+  return new Date(`${value}Z`).getTime() || 0;
+}
+function normalizePresenceText(value) {
+  if (typeof value !== "string")
+    return null;
+  const normalized = value.trim();
+  return normalized ? normalized : null;
+}
+function shouldRebuildAgentPresenceTable(columns) {
+  const byName = new Map(columns.map((column) => [column.name, column]));
+  const agentCol = byName.get("agent");
+  const projectCol = byName.get("project_id");
+  if (!agentCol)
+    return false;
+  if (!projectCol)
+    return true;
+  return agentCol.pk !== 1 || projectCol.pk !== 2 || projectCol.notnull !== 1 || byName.has("pid");
+}
+function rebuildLegacyAgentPresenceTable(db2) {
+  const fallbackNow = db2.prepare("SELECT strftime('%Y-%m-%dT%H:%M:%f', 'now') AS now").get().now;
+  const legacyRows = db2.prepare("SELECT rowid AS _rowid, * FROM agent_presence").all();
+  legacyRows.sort((left, right) => {
+    const lastSeenDelta = parsePresenceTimestamp(right.last_seen_at) - parsePresenceTimestamp(left.last_seen_at);
+    if (lastSeenDelta !== 0)
+      return lastSeenDelta;
+    const createdDelta = parsePresenceTimestamp(right.created_at) - parsePresenceTimestamp(left.created_at);
+    if (createdDelta !== 0)
+      return createdDelta;
+    const projectDelta = Number(Boolean(normalizePresenceText(right.project_id))) - Number(Boolean(normalizePresenceText(left.project_id)));
+    if (projectDelta !== 0)
+      return projectDelta;
+    return right._rowid - left._rowid;
+  });
+  const dedupedRows = new Map;
+  for (const row of legacyRows) {
+    const normalizedAgent = normalizePresenceText(row.agent)?.toLowerCase();
+    if (!normalizedAgent)
+      continue;
+    const storedProjectId = normalizePresenceText(row.project_id) ?? "";
+    const dedupeKey = `${normalizedAgent}\x00${storedProjectId}`;
+    if (dedupedRows.has(dedupeKey))
+      continue;
+    dedupedRows.set(dedupeKey, row);
+  }
+  db2.exec("BEGIN");
+  try {
+    db2.exec(`
+      CREATE TABLE agent_presence_new (
+        id TEXT NOT NULL,
+        agent TEXT NOT NULL,
+        session_id TEXT,
+        role TEXT NOT NULL DEFAULT 'agent',
+        project_id TEXT NOT NULL DEFAULT '',
+        status TEXT NOT NULL DEFAULT 'online',
+        last_seen_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%f', 'now')),
+        created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%f', 'now')),
+        metadata TEXT,
+        PRIMARY KEY (agent, project_id)
+      )
+    `);
+    const insertPresence = db2.prepare(`
+      INSERT INTO agent_presence_new (id, agent, session_id, role, project_id, status, last_seen_at, created_at, metadata)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+    for (const [dedupeKey, row] of dedupedRows) {
+      const [agent, projectKey] = dedupeKey.split("\x00");
+      const id = normalizePresenceText(row.id) ?? crypto.randomUUID().slice(0, 8);
+      const sessionId = normalizePresenceText(row.session_id);
+      const role = normalizePresenceText(row.role) ?? "agent";
+      const projectId = projectKey;
+      const status = normalizePresenceText(row.status) ?? "online";
+      const lastSeenAt = normalizePresenceText(row.last_seen_at) ?? fallbackNow;
+      const createdAt = normalizePresenceText(row.created_at) ?? lastSeenAt;
+      const metadata = typeof row.metadata === "string" ? row.metadata : row.metadata == null ? null : JSON.stringify(row.metadata);
+      insertPresence.run(id, agent, sessionId, role, projectId, status, lastSeenAt, createdAt, metadata);
+    }
+    db2.exec("DROP TABLE agent_presence");
+    db2.exec("ALTER TABLE agent_presence_new RENAME TO agent_presence");
+    db2.exec("COMMIT");
+  } catch (error48) {
+    db2.exec("ROLLBACK");
+    throw error48;
+  }
+}
+function collapseDuplicateAgentPresenceRows(db2) {
+  const rows = db2.prepare("SELECT rowid AS _rowid, * FROM agent_presence").all();
+  rows.sort((left, right) => {
+    const lastSeenDelta = parsePresenceTimestamp(right.last_seen_at) - parsePresenceTimestamp(left.last_seen_at);
+    if (lastSeenDelta !== 0)
+      return lastSeenDelta;
+    const createdDelta = parsePresenceTimestamp(right.created_at) - parsePresenceTimestamp(left.created_at);
+    if (createdDelta !== 0)
+      return createdDelta;
+    const projectDelta = Number(Boolean(normalizePresenceText(right.project_id))) - Number(Boolean(normalizePresenceText(left.project_id)));
+    if (projectDelta !== 0)
+      return projectDelta;
+    return right._rowid - left._rowid;
+  });
+  const rowIdsToDelete = [];
+  const seenAgents = new Set;
+  for (const row of rows) {
+    const normalizedAgent = normalizePresenceText(row.agent)?.toLowerCase();
+    if (!normalizedAgent)
+      continue;
+    if (seenAgents.has(normalizedAgent)) {
+      rowIdsToDelete.push(row._rowid);
+      continue;
+    }
+    seenAgents.add(normalizedAgent);
+  }
+  if (rowIdsToDelete.length === 0)
+    return;
+  db2.exec("BEGIN");
+  try {
+    const deleteRow = db2.prepare("DELETE FROM agent_presence WHERE rowid = ?");
+    for (const rowId of rowIdsToDelete) {
+      deleteRow.run(rowId);
+    }
+    db2.exec("COMMIT");
+  } catch (error48) {
+    db2.exec("ROLLBACK");
+    throw error48;
+  }
+}
+function ensureAgentPresenceAgentUniqueIndex(db2) {
+  collapseDuplicateAgentPresenceRows(db2);
+  db2.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_agent_presence_agent_unique ON agent_presence(agent)");
+}
 function getDb() {
   if (db)
     return db;
@@ -17709,16 +17854,18 @@ function getDb() {
   db.exec(`
     CREATE TABLE IF NOT EXISTS agent_presence (
       id TEXT NOT NULL,
-      agent TEXT PRIMARY KEY,
+      agent TEXT NOT NULL,
       session_id TEXT,
       role TEXT NOT NULL DEFAULT 'agent',
-      project_id TEXT,
+      project_id TEXT NOT NULL DEFAULT '',
       status TEXT NOT NULL DEFAULT 'online',
       last_seen_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%f', 'now')),
       created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%f', 'now')),
-      metadata TEXT
+      metadata TEXT,
+      PRIMARY KEY (agent, project_id)
     )
   `);
+  ensureAgentPresenceAgentUniqueIndex(db);
   db.exec(`
     CREATE TABLE IF NOT EXISTS resource_locks (
       resource_type TEXT NOT NULL,
@@ -17820,8 +17967,13 @@ function getDb() {
     db.exec("UPDATE messages SET uuid = lower(hex(randomblob(16))) WHERE uuid IS NULL");
     db.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_messages_uuid ON messages(uuid)");
   }
-  const presenceCols = db.prepare("PRAGMA table_info(agent_presence)").all();
-  const presenceColNames = presenceCols.map((c) => c.name);
+  let presenceCols = db.prepare("PRAGMA table_info(agent_presence)").all();
+  let presenceColNames = presenceCols.map((c) => c.name);
+  if (shouldRebuildAgentPresenceTable(presenceCols)) {
+    rebuildLegacyAgentPresenceTable(db);
+    presenceCols = db.prepare("PRAGMA table_info(agent_presence)").all();
+    presenceColNames = presenceCols.map((c) => c.name);
+  }
   if (!presenceColNames.includes("id")) {
     db.exec("ALTER TABLE agent_presence ADD COLUMN id TEXT NOT NULL DEFAULT ''");
     const rows = db.prepare("SELECT agent FROM agent_presence").all();
@@ -17842,7 +17994,9 @@ function getDb() {
   }
   if (!presenceColNames.includes("project_id")) {
     db.exec("ALTER TABLE agent_presence ADD COLUMN project_id TEXT");
+    db.exec("UPDATE agent_presence SET project_id = '' WHERE project_id IS NULL");
   }
+  ensureAgentPresenceAgentUniqueIndex(db);
   db.exec(`
     CREATE TABLE IF NOT EXISTS message_read_receipts (
       message_id INTEGER NOT NULL REFERENCES messages(id) ON DELETE CASCADE,
@@ -18437,15 +18591,17 @@ var init_pg_migrations = __esm(() => {
   CREATE TABLE IF NOT EXISTS agent_presence (
     id TEXT NOT NULL DEFAULT '',
-    agent TEXT PRIMARY KEY,
+    agent TEXT NOT NULL,
     session_id TEXT,
     role TEXT NOT NULL DEFAULT 'agent',
-    project_id TEXT,
+    project_id TEXT NOT NULL DEFAULT '',
     status TEXT NOT NULL DEFAULT 'online',
     last_seen_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
     created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
-    metadata TEXT
+    metadata TEXT,
+    PRIMARY KEY (agent, project_id)
   );
+  CREATE UNIQUE INDEX IF NOT EXISTS idx_agent_presence_agent_unique ON agent_presence(agent);
   CREATE TABLE IF NOT EXISTS resource_locks (
     resource_type TEXT NOT NULL,
@@ -40361,6 +40517,33 @@ class StdioServerTransport {
 init_db();
 var ONLINE_THRESHOLD_SECONDS = 60;
 var CONFLICT_THRESHOLD_SECONDS = 30 * 60;
+function normalizeAgentName(name) {
+  return name.trim().toLowerCase();
+}
+function toStoredProjectId(projectId) {
+  const normalized = projectId?.trim() ?? "";
+  return normalized || "";
+}
+function fromStoredProjectId(projectId) {
+  const normalized = typeof projectId === "string" ? projectId.trim() : "";
+  return normalized || null;
+}
+function getPresenceByAgent(db2, agent) {
+  return db2.prepare(`
+    SELECT * FROM agent_presence
+    WHERE LOWER(agent) = ?
+    ORDER BY last_seen_at DESC
+    LIMIT 1
+  `).get(agent);
+}
+function getPresenceByAgentAndProject(db2, agent, projectId) {
+  return db2.prepare(`
+    SELECT * FROM agent_presence
+    WHERE LOWER(agent) = ? AND COALESCE(project_id, '') = ?
+    ORDER BY last_seen_at DESC
+    LIMIT 1
+  `).get(agent, projectId);
+}
 function parsePresence(row) {
   let metadata = null;
   if (row.metadata) {
@@ -40379,7 +40562,7 @@ function parsePresence(row) {
     agent: row.agent,
     session_id: row.session_id ?? null,
     role: row.role || "agent",
-    project_id: row.project_id ?? null,
+    project_id: fromStoredProjectId(row.project_id),
     status: row.status,
     last_seen_at: lastSeenAt,
     created_at: row.created_at || lastSeenAt,
@@ -40394,9 +40577,10 @@ function isActiveSession(lastSeenAt) {
 }
 function registerAgent(name, sessionId, role, projectId) {
   const db2 = getDb();
-  const normalizedName = name.trim().toLowerCase();
+  const normalizedName = normalizeAgentName(name);
   const result = db2.transaction(() => {
-    const existing = db2.prepare("SELECT * FROM agent_presence WHERE agent = ?").get(normalizedName);
+    const existing = getPresenceByAgent(db2, normalizedName);
+    const storedProjectId = toStoredProjectId(projectId ?? existing?.project_id);
     if (existing) {
       const lastSeenAt = existing.last_seen_at;
       const existingSessionId = existing.session_id;
@@ -40414,12 +40598,26 @@ function registerAgent(name, sessionId, role, projectId) {
         };
       }
       const tookOver = existingSessionId !== sessionId;
-      db2.prepare(`
-        UPDATE agent_presence
-        SET session_id = ?, role = ?, project_id = ?, last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now')
-        WHERE agent = ?
-      `).run(sessionId, role || existing.role || "agent", projectId ?? existing.project_id ?? null, normalizedName);
-      const updated = db2.prepare("SELECT * FROM agent_presence WHERE agent = ?").get(normalizedName);
+      const existingId = existing.id;
+      const target = getPresenceByAgentAndProject(db2, normalizedName, storedProjectId);
+      if (target && target.id !== existingId) {
+        db2.prepare(`
+          UPDATE agent_presence
+          SET session_id = ?, role = ?, status = 'online', last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now')
+          WHERE id = ?
+        `).run(sessionId, role || existing.role || "agent", target.id);
+        db2.prepare("DELETE FROM agent_presence WHERE id = ?").run(existingId);
+      } else {
+        db2.prepare(`
+          UPDATE agent_presence
+          SET session_id = ?, role = ?, project_id = ?, status = 'online', last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now')
+          WHERE id = ?
+        `).run(sessionId, role || existing.role || "agent", storedProjectId, existingId);
+      }
+      const updated = getPresenceByAgentAndProject(db2, normalizedName, storedProjectId) ?? getPresenceByAgent(db2, normalizedName);
+      if (!updated) {
+        throw new Error(`Failed to update presence for agent "${normalizedName}"`);
+      }
       return { agent: parsePresence(updated), created: false, took_over: tookOver };
     }
     const id = crypto.randomUUID().slice(0, 8);
@@ -40427,33 +40625,60 @@ function registerAgent(name, sessionId, role, projectId) {
     db2.prepare(`
       INSERT INTO agent_presence (id, agent, session_id, role, project_id, status, last_seen_at, created_at)
       VALUES (?, ?, ?, ?, ?, 'online', strftime('%Y-%m-%dT%H:%M:%f', 'now'), strftime('%Y-%m-%dT%H:%M:%f', 'now'))
-    `).run(id, normalizedName, sessionId, resolvedRole, projectId ?? null);
-    const created = db2.prepare("SELECT * FROM agent_presence WHERE agent = ?").get(normalizedName);
+    `).run(id, normalizedName, sessionId, resolvedRole, storedProjectId);
+    const created = getPresenceByAgentAndProject(db2, normalizedName, storedProjectId) ?? getPresenceByAgent(db2, normalizedName);
+    if (!created) {
+      throw new Error(`Failed to create presence for agent "${normalizedName}"`);
+    }
     return { agent: parsePresence(created), created: true, took_over: false };
   });
   return result;
 }
-function heartbeat(agent, status, metadata, sessionId) {
+function heartbeat(agent, status, metadata, sessionId, projectId) {
   const db2 = getDb();
   const metadataJson = metadata ? JSON.stringify(metadata) : null;
   const resolvedStatus = status || "online";
-  const normalizedAgent = agent.trim().toLowerCase();
-  const existing = db2.prepare("SELECT id FROM agent_presence WHERE agent = ?").get(agent);
-  const id = existing?.id || crypto.randomUUID().slice(0, 8);
-  db2.prepare(`
-    INSERT INTO agent_presence (id, agent, session_id, role, status, last_seen_at, created_at, metadata)
-    VALUES (?, ?, ?, 'agent', ?, strftime('%Y-%m-%dT%H:%M:%f', 'now'), strftime('%Y-%m-%dT%H:%M:%f', 'now'), ?)
-    ON CONFLICT(agent) DO UPDATE SET
-      status = excluded.status,
-      last_seen_at = excluded.last_seen_at,
-      session_id = COALESCE(excluded.session_id, agent_presence.session_id),
-      metadata = excluded.metadata
-  `).run(id, normalizedAgent, sessionId ?? null, resolvedStatus, metadataJson);
+  const normalizedAgent = normalizeAgentName(agent);
+  db2.transaction(() => {
+    const existing = getPresenceByAgent(db2, normalizedAgent);
+    const storedProjectId = toStoredProjectId(projectId ?? existing?.project_id);
+    const id = existing?.id || crypto.randomUUID().slice(0, 8);
+    if (existing) {
+      const existingId = existing.id;
+      const target = getPresenceByAgentAndProject(db2, normalizedAgent, storedProjectId);
+      if (target && target.id !== existingId) {
+        db2.prepare(`
+          UPDATE agent_presence
+          SET status = ?,
+              last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now'),
+              session_id = COALESCE(?, session_id),
+              metadata = ?
+          WHERE id = ?
+        `).run(resolvedStatus, sessionId ?? null, metadataJson, target.id);
+        db2.prepare("DELETE FROM agent_presence WHERE id = ?").run(existingId);
+        return;
+      }
+      db2.prepare(`
+        UPDATE agent_presence
+        SET status = ?,
+            last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now'),
+            session_id = COALESCE(?, session_id),
+            metadata = ?,
+            project_id = ?
+        WHERE id = ?
+      `).run(resolvedStatus, sessionId ?? null, metadataJson, storedProjectId, existingId);
+      return;
+    }
+    db2.prepare(`
+      INSERT INTO agent_presence (id, agent, session_id, role, project_id, status, last_seen_at, created_at, metadata)
+      VALUES (?, ?, ?, 'agent', ?, ?, strftime('%Y-%m-%dT%H:%M:%f', 'now'), strftime('%Y-%m-%dT%H:%M:%f', 'now'), ?)
+    `).run(id, normalizedAgent, sessionId ?? null, storedProjectId, resolvedStatus, metadataJson);
+  });
 }
 function getPresence(agent) {
   const db2 = getDb();
-  const normalizedAgent = agent.trim().toLowerCase();
-  const row = db2.prepare("SELECT * FROM agent_presence WHERE LOWER(agent) = ?").get(normalizedAgent);
+  const normalizedAgent = normalizeAgentName(agent);
+  const row = getPresenceByAgent(db2, normalizedAgent);
   return row ? parsePresence(row) : null;
 }
 function listAgents(opts) {
@@ -40468,14 +40693,14 @@ function listAgents(opts) {
 }
 function removePresence(agent) {
   const db2 = getDb();
-  const normalizedAgent = agent.trim().toLowerCase();
+  const normalizedAgent = normalizeAgentName(agent);
   const result = db2.prepare("DELETE FROM agent_presence WHERE LOWER(agent) = ?").run(normalizedAgent);
   return result.changes > 0;
 }
 function renameAgent(oldName, newName) {
   const db2 = getDb();
-  const normalizedOld = oldName.trim().toLowerCase();
-  const normalizedNew = newName.trim().toLowerCase();
+  const normalizedOld = normalizeAgentName(oldName);
+  const normalizedNew = normalizeAgentName(newName);
   const existing = db2.prepare("SELECT agent FROM agent_presence WHERE LOWER(agent) = ?").get(normalizedOld);
   if (!existing)
     return false;
@@ -40485,17 +40710,53 @@ function renameAgent(oldName, newName) {
   db2.prepare("UPDATE agent_presence SET agent = ? WHERE LOWER(agent) = ?").run(normalizedNew, normalizedOld);
   return true;
 }
+function setPresenceProject(agent, projectId) {
+  const db2 = getDb();
+  const normalizedAgent = normalizeAgentName(agent);
+  const desiredProjectId = toStoredProjectId(projectId);
+  const latest = getPresenceByAgent(db2, normalizedAgent);
+  if (!latest) {
+    heartbeat(normalizedAgent, "online", undefined, undefined, projectId);
+    return;
+  }
+  const currentProjectId = toStoredProjectId(latest.project_id);
+  if (currentProjectId === desiredProjectId)
+    return;
+  db2.transaction(() => {
+    const latestId = latest.id;
+    const target = getPresenceByAgentAndProject(db2, normalizedAgent, desiredProjectId);
+    if (target && target.id !== latestId) {
+      db2.prepare(`
+        UPDATE agent_presence
+        SET status = ?,
+            last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now'),
+            session_id = COALESCE(?, session_id),
+            metadata = COALESCE(?, metadata)
+        WHERE LOWER(agent) = ? AND COALESCE(project_id, '') = ?
+      `).run(latest.status || target.status || "online", latest.session_id ?? null, latest.metadata ?? null, normalizedAgent, desiredProjectId);
+      db2.prepare("DELETE FROM agent_presence WHERE id = ?").run(latestId);
+      return;
+    }
+    db2.prepare(`
+      UPDATE agent_presence
+      SET project_id = ?, last_seen_at = strftime('%Y-%m-%dT%H:%M:%f', 'now')
+      WHERE id = ?
+    `).run(desiredProjectId, latestId);
+  });
+}
 // src/lib/messages.ts
 init_db();
 import { randomUUID } from "crypto";
-import { mkdirSync as mkdirSync6, copyFileSync as copyFileSync3, statSync as statSync2 } from "fs";
-import { join as join10 } from "path";
+import { mkdirSync as mkdirSync6, copyFileSync as copyFileSync3, statSync as statSync2, existsSync as existsSync9, realpathSync } from "fs";
+import { join as join10, basename, resolve } from "path";
 // src/lib/webhooks.ts
 init_db();
 import { readFileSync as readFileSync3 } from "fs";
 import { join as join9 } from "path";
+import dns from "dns";
+import net from "net";
 var cachedConfig = null;
 var configLoadedAt = 0;
 var CONFIG_CACHE_MS = 1e4;
@@ -40530,6 +40791,44 @@ function matchesEvent(webhook, msg) {
   }
   return false;
 }
+function isPrivateIP(ip) {
+  if (net.isIPv4(ip)) {
+    const parts = ip.split(".").map(Number);
+    if (parts[0] === 10)
+      return true;
+    if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31)
+      return true;
+    if (parts[0] === 192 && parts[1] === 168)
+      return true;
+    if (parts[0] === 127)
+      return true;
+    if (parts[0] === 169 && parts[1] === 254)
+      return true;
+    if (parts[0] === 0)
+      return true;
+  } else if (net.isIPv6(ip)) {
+    const lower = ip.toLowerCase();
+    if (lower === "::1" || lower.startsWith("::ffff:") || lower.startsWith("fc") || lower.startsWith("fd"))
+      return true;
+  }
+  return false;
+}
+async function validateWebhookUrl(urlStr) {
+  try {
+    const url2 = new URL(urlStr);
+    if (url2.protocol !== "https:")
+      return false;
+    const hostname4 = url2.hostname;
+    if (hostname4 === "localhost" || hostname4 === "0.0.0.0" || hostname4 === "127.0.0.1" || hostname4 === "::1")
+      return false;
+    const addresses = await dns.promises.lookup(hostname4, { all: true });
+    if (!Array.isArray(addresses))
+      return false;
+    return !addresses.some((a) => isPrivateIP(a.address));
+  } catch {
+    return false;
+  }
+}
 function fireWebhooks(msg) {
   const config2 = loadConfig();
   if (!config2.webhooks || config2.webhooks.length === 0)
@@ -40539,20 +40838,24 @@ function fireWebhooks(msg) {
       continue;
     if (!matchesEvent(webhook, msg))
       continue;
-    fetch(webhook.url, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        id: msg.id,
-        from: msg.from_agent,
-        to: msg.to_agent,
-        space: msg.space,
-        content: msg.content,
-        priority: msg.priority,
-        blocking: msg.blocking,
-        created_at: msg.created_at
-      })
-    }).catch(() => {});
+    validateWebhookUrl(webhook.url).then((valid) => {
+      if (!valid)
+        return;
+      fetch(webhook.url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          id: msg.id,
+          from: msg.from_agent,
+          to: msg.to_agent,
+          space: msg.space,
+          content: msg.content,
+          priority: msg.priority,
+          blocking: msg.blocking,
+          created_at: msg.created_at
+        })
+      }).catch(() => {});
+    });
   }
 }
@@ -40597,6 +40900,22 @@ function getAttachmentsDir() {
     return process.env.CONVERSATIONS_ATTACHMENTS_DIR;
   return join10(getDataDir2(), "attachments");
 }
+function validateAttachment(sourcePath, name) {
+  const absolute = resolve(sourcePath);
+  if (!existsSync9(absolute)) {
+    throw new Error(`Attachment source not found: ${sourcePath}`);
+  }
+  const real = realpathSync(absolute);
+  const stat = statSync2(real);
+  if (!stat.isFile()) {
+    throw new Error(`Attachment source must be a regular file: ${sourcePath}`);
+  }
+  const safeName = basename(name.replace(/\0/g, ""));
+  if (!safeName || safeName.startsWith(".")) {
+    throw new Error(`Invalid attachment name: ${name}`);
+  }
+  return { safeSource: real, safeName };
+}
 function guessMimeType(name) {
   const ext = name.split(".").pop()?.toLowerCase();
   const mimeMap = {
@@ -40668,14 +40987,15 @@ function sendMessage(opts) {
     mkdirSync6(attachmentsDir, { recursive: true });
     const attachmentInfos = [];
     for (const att of opts.attachments) {
-      const destPath = join10(attachmentsDir, att.name);
-      copyFileSync3(att.source_path, destPath);
+      const { safeSource, safeName } = validateAttachment(att.source_path, att.name);
+      const destPath = join10(attachmentsDir, safeName);
+      copyFileSync3(safeSource, destPath);
       const stat = statSync2(destPath);
       attachmentInfos.push({
-        name: att.name,
+        name: safeName,
         path: destPath,
         size: stat.size,
-        mime_type: guessMimeType(att.name)
+        mime_type: guessMimeType(safeName)
       });
     }
     const attachmentsJson = JSON.stringify(attachmentInfos);
@@ -40737,8 +41057,10 @@ function readMessages(opts = {}) {
   const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
   const resolvedLimit = isLatest ? Math.floor(opts.latest) : Number.isFinite(opts.limit) && opts.limit > 0 ? Math.floor(opts.limit) : 20;
   const order = isLatest ? "DESC" : opts.order?.toLowerCase() === "desc" ? "DESC" : "ASC";
-  const resolvedOffset = opts.offset && opts.offset > 0 ? Math.floor(opts.offset) : 0;
-  const rows = db2.prepare(`SELECT * FROM messages ${where} ORDER BY created_at ${order}, id ${order} LIMIT ${resolvedLimit} OFFSET ${resolvedOffset}`).all(...params);
+  const resolvedOffset = Number.isFinite(opts.offset) ? Math.floor(opts.offset) : 0;
+  const safeLimit = Math.max(1, Math.min(resolvedLimit, 1e4));
+  const safeOffset = Math.max(0, Math.floor(resolvedOffset));
+  const rows = db2.prepare(`SELECT * FROM messages ${where} ORDER BY created_at ${order}, id ${order} LIMIT ${safeLimit} OFFSET ${safeOffset}`).all(...params);
   let messages = rows.map(parseMessage);
   if (opts.include_reply_counts && messages.length > 0) {
     const db22 = getDb();
@@ -40778,10 +41100,20 @@ function getMessageById(id) {
   const row = db2.prepare("SELECT * FROM messages WHERE id = ?").get(id);
   return row ? parseMessage(row) : null;
 }
-function markReadByIds(ids) {
+function markReadByIds(ids, agent) {
   const db2 = getDb();
   if (ids.length === 0)
     return 0;
+  if (agent) {
+    const stmt2 = db2.prepare(`INSERT OR REPLACE INTO message_read_receipts (message_id, agent, read_at)
+       VALUES (?, ?, strftime('%Y-%m-%dT%H:%M:%f', 'now'))`);
+    const normalized = agent.toLowerCase();
+    for (const id of ids)
+      stmt2.run(id, normalized);
+    const placeholders2 = ids.map(() => "?").join(", ");
+    const update = db2.prepare(`UPDATE messages SET read_at = strftime('%Y-%m-%dT%H:%M:%f', 'now') WHERE id IN (${placeholders2}) AND read_at IS NULL`);
+    return update.run(...ids).changes;
+  }
   const placeholders = ids.map(() => "?").join(", ");
   const stmt = db2.prepare(`UPDATE messages SET read_at = strftime('%Y-%m-%dT%H:%M:%f', 'now') WHERE id IN (${placeholders}) AND read_at IS NULL`);
   const result = stmt.run(...ids);
@@ -40929,8 +41261,9 @@ function getPinnedMessages(opts) {
     params.push(opts.session_id);
   }
   const where = `WHERE ${conditions.join(" AND ")}`;
-  const limit = Number.isFinite(opts?.limit) && opts.limit > 0 ? `LIMIT ${Math.floor(opts.limit)}` : "";
-  const rows = db2.prepare(`SELECT * FROM messages ${where} ORDER BY pinned_at DESC, id DESC ${limit}`).all(...params);
+  const safeLimit = Number.isFinite(opts?.limit) && opts.limit > 0 ? Math.floor(opts.limit) : 0;
+  const limitClause = safeLimit > 0 ? `LIMIT ${safeLimit}` : "";
+  const rows = db2.prepare(`SELECT * FROM messages ${where} ORDER BY pinned_at DESC, id DESC ${limitClause}`).all(...params);
   return rows.map(parseMessage);
 }
 function getUnreadBlockers(agent) {
@@ -41119,11 +41452,11 @@ function getMessagesForAgent(agent, opts) {
   if (opts?.unread_only) {
     conditions.push("mm.notified_at IS NULL");
   }
-  const limit = opts?.limit ?? 50;
+  const safeLimit = Math.max(1, Math.min(Math.floor(opts?.limit ?? 50), 1000));
   const rows = db2.prepare(`SELECT m.*, mm.id AS mention_id FROM messages m
      JOIN message_mentions mm ON mm.message_id = m.id
      WHERE ${conditions.join(" AND ")}
-     ORDER BY m.created_at DESC LIMIT ${limit}`).all(...params);
+     ORDER BY m.created_at DESC LIMIT ${safeLimit}`).all(...params);
   return rows.map(({ mention_id, ...row }) => ({ message: parseMessage(row), mention_id }));
 }
 function markMentionsRead(agent, space) {
@@ -41231,6 +41564,7 @@ function getSessionActivity(sessionId) {
 // src/mcp/tools/messaging.ts
 init_identity();
 function registerMessagingTools(server, resolveProjectId) {
+  const _sessionInjectRate = new Map;
   server.registerTool("send_message", {
     description: "Send a DM to an agent by name, or to a specific agent-claude session by ID. When target_session_id is provided, the message is routed to that exact session and auto-injected into its conversation.",
     inputSchema: {
@@ -41270,6 +41604,22 @@ function registerMessagingTools(server, resolveProjectId) {
   }, async (args) => {
     const { target_session_id, content, from: fromParam, priority } = args;
     const from = resolveIdentity(fromParam);
+    const rateKey = `session:${from}:${target_session_id}`;
+    const now = Date.now();
+    const windowMs = 60000;
+    const maxPerWindow = 10;
+    const rateEntry = _sessionInjectRate.get(rateKey);
+    if (rateEntry && now - rateEntry.start < windowMs && rateEntry.count >= maxPerWindow) {
+      return {
+        content: [{ type: "text", text: `Rate limit: max ${maxPerWindow} session injections per minute. Try again soon.` }],
+        isError: true
+      };
+    }
+    if (!rateEntry || now - rateEntry.start >= windowMs) {
+      _sessionInjectRate.set(rateKey, { count: 1, start: now });
+    } else {
+      rateEntry.count++;
+    }
     const msg = sendMessage({
       from,
       to: `session:${target_session_id}`,
@@ -41307,7 +41657,7 @@ function registerMessagingTools(server, resolveProjectId) {
       project_id: args.project_id ?? resolveProjectId(undefined, agent)
     });
     if (args.mark_read !== false && messages.length > 0) {
-      markReadByIds(messages.map((m) => m.id));
+      markReadByIds(messages.map((m) => m.id), agent);
     }
     return {
       content: [{ type: "text", text: JSON.stringify({ messages, count: messages.length, offset: args.offset ?? 0 }) }]
@@ -42691,8 +43041,7 @@ function registerAgentTools(server, agentFocus, getAgentFocus) {
     const { project_id, from: fromParam } = args;
     const agent = resolveIdentity(fromParam);
     agentFocus.set(agent, { project_id });
-    const db2 = (await Promise.resolve().then(() => (init_db(), exports_db))).getDb();
-    db2.prepare("UPDATE agent_presence SET project_id = ? WHERE agent = ?").run(project_id, agent);
+    setPresenceProject(agent, project_id);
     return {
       content: [{ type: "text", text: JSON.stringify({ agent, focused: true, project_id }) }]
     };
@@ -42727,8 +43076,7 @@ function registerAgentTools(server, agentFocus, getAgentFocus) {
   }, async (args) => {
     const agent = resolveIdentity(args.from);
     agentFocus.delete(agent);
-    const db2 = (await Promise.resolve().then(() => (init_db(), exports_db))).getDb();
-    db2.prepare("UPDATE agent_presence SET project_id = NULL WHERE agent = ?").run(agent);
+    setPresenceProject(agent, null);
     return {
       content: [{ type: "text", text: JSON.stringify({ agent, focused: false, project_id: null }) }]
     };
@@ -44315,7 +44663,7 @@ ${msg.text}`;
 // src/cli/commands/tmux.ts
 import { execSync } from "child_process";
 function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 function countLines(message) {
   const matches = message.match(/\r?\n/g);
@@ -44359,7 +44707,7 @@ async function tmuxSend(target, message, opts = {}) {
 // src/mcp/tools/tmux.ts
 function sleep2(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
 }
 function parseOptionalDelayMs(value) {
   return typeof value === "number" && value >= 0 ? value : undefined;
@@ -44460,7 +44808,7 @@ function registerTmuxTools(server) {
 // package.json
 var package_default = {
   name: "@hasna/conversations",
-  version: "0.2.42",
+  version: "0.2.44",
   description: "Real-time CLI messaging for AI agents",
   type: "module",
   bin: {