@lobu/cli 7.1.0 → 7.2.0

package/dist/start-local.bundle.mjs

@@ -1173,7 +1173,7 @@ function createLogger(serviceName) {
       format: USE_JSON_FORMAT ? jsonFormat : humanFormat
     })
   ];
-  const logger98 = winston.createLogger({
+  const logger100 = winston.createLogger({
     level,
     format: winston.format.combine(
       winston.format.timestamp({ format: "YYYY-MM-DD HH:mm:ss" }),
@@ -1187,12 +1187,12 @@ function createLogger(serviceName) {
     if (isProduction || process.env.SENTRY_DSN) {
       try {
         const transport = new SentryTransport();
-        logger98.add(transport);
+        logger100.add(transport);
       } catch {
       }
     }
   });
-  return logger98;
+  return logger100;
 }
 var USE_WINSTON_LOGGER, USE_JSON_FORMAT, SentryTransport;
 var init_logger2 = __esm({
@@ -1346,6 +1346,7 @@ var init_capabilities = __esm({
       "browser.scripting",
       "browser.history",
       "browser.bookmarks",
+      "browser.downloads",
       "browser.debugger"
       // browser.cookies intentionally absent in v1 — high-trust, not approved
     ];
@@ -2199,7 +2200,8 @@ function generateWorkerToken(userId, conversationId, deploymentName, options) {
     platform: options.platform,
     sessionKey: options.sessionKey,
     traceId: options.traceId,
-    jti: randomUUID()
+    jti: randomUUID(),
+    runId: options.runId
   };
   return encrypt(JSON.stringify(payload));
 }
@@ -2223,6 +2225,12 @@ function verifyWorkerToken(token) {
       );
       return null;
     }
+    if (data.runId !== void 0) {
+      if (typeof data.runId !== "number" || !Number.isInteger(data.runId) || data.runId <= 0) {
+        logger10.error("Worker token rejected: runId must be a positive integer");
+        return null;
+      }
+    }
     const ttl = parsePositiveIntEnv("WORKER_TOKEN_TTL_MS", 2 * 60 * 60 * 1e3);
     const skewMs = parsePositiveIntEnv(
       "WORKER_TOKEN_CLOCK_SKEW_MS",
@@ -6143,12 +6151,32 @@ function sessionMatchesMetadataOwner(session, ownerPlatform, ownerUserId) {
   }
   return ownerPlatform === session.platform || session.platform === "external";
 }
+async function resolveAuthorizedOrgId(store, agentId, ownerPlatform, ownerUserId) {
+  if (!store || !ownerPlatform || !ownerUserId) return void 0;
+  const orgs = await store.findAgentOrganizations(
+    ownerPlatform,
+    ownerUserId,
+    agentId
+  );
+  if (orgs.length !== 1) return void 0;
+  return orgs[0];
+}
 async function verifyOwnedAgentAccess(session, agentId, config) {
   if (session.isAdmin) {
     return { authorized: true };
   }
   if (session.agentId) {
-    return { authorized: session.agentId === agentId };
+    if (session.agentId !== agentId) {
+      return { authorized: false };
+    }
+    const lookupUserId2 = resolveSettingsLookupUserId(session);
+    const organizationId2 = await resolveAuthorizedOrgId(
+      config.userAgentsStore,
+      agentId,
+      session.platform,
+      lookupUserId2 || void 0
+    );
+    return { authorized: true, organizationId: organizationId2 };
   }
   const lookupUserId = resolveSettingsLookupUserId(session);
   if (config.userAgentsStore) {
@@ -6158,10 +6186,17 @@ async function verifyOwnedAgentAccess(session, agentId, config) {
       agentId
     );
     if (owns) {
+      const organizationId2 = await resolveAuthorizedOrgId(
+        config.userAgentsStore,
+        agentId,
+        session.platform,
+        lookupUserId
+      );
       return {
         authorized: true,
         ownerPlatform: session.platform,
-        ownerUserId: lookupUserId
+        ownerUserId: lookupUserId,
+        organizationId: organizationId2
       };
     }
   }
@@ -6180,10 +6215,17 @@ async function verifyOwnedAgentAccess(session, agentId, config) {
     config.userAgentsStore.addAgent(session.platform, lookupUserId, agentId).catch(() => {
     });
   }
+  const organizationId = metadata.organizationId ?? await resolveAuthorizedOrgId(
+    config.userAgentsStore,
+    agentId,
+    metadata.owner.platform,
+    metadata.owner.userId
+  );
   return {
     authorized: true,
     ownerPlatform: metadata.owner.platform,
-    ownerUserId: metadata.owner.userId
+    ownerUserId: metadata.owner.userId,
+    organizationId
   };
 }
 function createTokenVerifier(config) {
@@ -6193,6 +6235,12 @@ function createTokenVerifier(config) {
     return result.authorized ? payload : null;
   };
 }
+function createOwnershipResolver(config) {
+  return async (payload, agentId) => {
+    if (!payload) return { authorized: false };
+    return verifyOwnedAgentAccess(payload, agentId, config);
+  };
+}
 var init_agent_ownership = __esm({
   "src/gateway/routes/shared/agent-ownership.ts"() {
     "use strict";
@@ -6587,41 +6635,46 @@ function createAgentApi(config) {
       if (requestSignal?.aborted) {
         return;
       }
-      sseManager.addConnection(sseKey, stream2);
-      await stream2.writeSSE({
-        event: "connected",
-        data: JSON.stringify({
-          agentId: session.agentId || sessionKey3,
-          timestamp: Date.now()
-        })
-      });
-      for (const entry of sseManager.getRecentEvents(sseKey)) {
-        await stream2.writeSSE({
-          event: entry.event,
-          data: JSON.stringify(entry.data)
-        });
-      }
-      const heartbeatInterval = setInterval(async () => {
-        try {
-          await stream2.writeSSE({
-            event: "ping",
-            data: JSON.stringify({ timestamp: Date.now() })
-          });
-        } catch {
-          clearInterval(heartbeatInterval);
-        }
-      }, 3e4);
+      let heartbeatInterval;
+      let connectionAdded = false;
       let cleanedUp = false;
       const cleanup = () => {
         if (cleanedUp) return;
         cleanedUp = true;
-        clearInterval(heartbeatInterval);
-        sseManager.removeConnection(sseKey, stream2);
+        if (heartbeatInterval) clearInterval(heartbeatInterval);
+        if (connectionAdded) {
+          sseManager.removeConnection(sseKey, stream2);
+        }
         logger24.info(`SSE connection closed for session ${sseKey}`);
       };
       stream2.onAbort(cleanup);
       const detachAbortBridge = bindRequestAbortToStream(requestSignal, stream2);
+      sseManager.addConnection(sseKey, stream2);
+      connectionAdded = true;
       try {
+        await stream2.writeSSE({
+          event: "connected",
+          data: JSON.stringify({
+            agentId: session.agentId || sessionKey3,
+            timestamp: Date.now()
+          })
+        });
+        for (const entry of sseManager.getRecentEvents(sseKey)) {
+          await stream2.writeSSE({
+            event: entry.event,
+            data: JSON.stringify(entry.data)
+          });
+        }
+        heartbeatInterval = setInterval(async () => {
+          try {
+            await stream2.writeSSE({
+              event: "ping",
+              data: JSON.stringify({ timestamp: Date.now() })
+            });
+          } catch {
+            if (heartbeatInterval) clearInterval(heartbeatInterval);
+          }
+        }, 3e4);
         while (!stream2.aborted && !stream2.closed) {
           await stream2.sleep(1e3);
         }
@@ -7520,6 +7573,20 @@ var init_agent_config = __esm({
 import { readdir, readFile, stat } from "node:fs/promises";
 import { join as join3, resolve } from "node:path";
 import { Hono as Hono7 } from "hono";
+async function readLatestSnapshotJsonl(agentId, organizationId) {
+  if (!organizationId) return null;
+  const sql = getDb();
+  const snapshotRows = await sql`
+    SELECT snapshot_jsonl
+    FROM public.agent_transcript_snapshot
+    WHERE organization_id = ${organizationId}
+      AND agent_id = ${agentId}
+      AND terminal_status = 'completed'
+    ORDER BY run_id DESC
+    LIMIT 1
+  `;
+  return snapshotRows[0]?.snapshot_jsonl ?? null;
+}
 function isSafeAgentId(id) {
   return SAFE_AGENT_ID.test(id);
 }
@@ -7616,17 +7683,23 @@ function entryToMessage(entry) {
   }
   return null;
 }
-async function readSessionMessages(agentId, cursorParam, limit) {
-  const sessionPath = await findSessionFile(agentId);
-  if (!sessionPath) {
-    return {
-      messages: [],
-      nextCursor: null,
-      hasMore: false,
-      sessionId: "none"
-    };
+async function readSessionMessages(agentId, cursorParam, limit, organizationId) {
+  let content = null;
+  if (process.env.LOBU_SESSION_STORE !== "file") {
+    content = await readLatestSnapshotJsonl(agentId, organizationId);
+  }
+  if (content === null) {
+    const sessionPath = await findSessionFile(agentId);
+    if (!sessionPath) {
+      return {
+        messages: [],
+        nextCursor: null,
+        hasMore: false,
+        sessionId: "none"
+      };
+    }
+    content = await readFile(sessionPath, "utf-8");
   }
-  const content = await readFile(sessionPath, "utf-8");
   const { entries, sessionId } = parseSessionEntries(content);
   const allMessages = [];
   for (const entry of entries) {
@@ -7648,19 +7721,25 @@ async function readSessionMessages(agentId, cursorParam, limit) {
     sessionId: sessionId || "unknown"
   };
 }
-async function readSessionStats(agentId) {
-  const sessionPath = await findSessionFile(agentId);
-  if (!sessionPath) {
-    return {
-      sessionId: "none",
-      messageCount: 0,
-      userMessages: 0,
-      assistantMessages: 0,
-      totalInputTokens: 0,
-      totalOutputTokens: 0
-    };
+async function readSessionStats(agentId, organizationId) {
+  let content = null;
+  if (process.env.LOBU_SESSION_STORE !== "file") {
+    content = await readLatestSnapshotJsonl(agentId, organizationId);
+  }
+  if (content === null) {
+    const sessionPath = await findSessionFile(agentId);
+    if (!sessionPath) {
+      return {
+        sessionId: "none",
+        messageCount: 0,
+        userMessages: 0,
+        assistantMessages: 0,
+        totalInputTokens: 0,
+        totalOutputTokens: 0
+      };
+    }
+    content = await readFile(sessionPath, "utf-8");
   }
-  const content = await readFile(sessionPath, "utf-8");
   const { entries, sessionId } = parseSessionEntries(content);
   let messageCount = 0;
   let userMessages = 0;
@@ -7696,17 +7775,18 @@ async function readSessionStats(agentId) {
 function createAgentHistoryRoutes(deps) {
   const app2 = new Hono7();
   const { connectionManager } = deps;
-  const verifyToken = createTokenVerifier({
+  const resolveOwnership = createOwnershipResolver({
     userAgentsStore: deps.userAgentsStore,
     agentMetadataStore: deps.agentConfigStore
   });
-  async function getAuthorizedAgentId(c) {
+  async function getAuthorizedAgentScope(c) {
     const session = await verifySettingsSession(c);
     if (!session) return null;
     const agentId = c.req.param("agentId") || session.agentId || null;
     if (!agentId || !isSafeAgentId(agentId)) return null;
-    const verified = await verifyToken(session, agentId);
-    return verified ? agentId : null;
+    const result = await resolveOwnership(session, agentId);
+    if (!result.authorized) return null;
+    return { agentId, organizationId: result.organizationId };
   }
   async function resolveActiveAgent(agentId) {
     if (connectionManager.getDeploymentsForAgent(agentId).length > 0) {
@@ -7739,10 +7819,21 @@ function createAgentHistoryRoutes(deps) {
     }
   }
   app2.get("/status", async (c) => {
-    const agentId = await getAuthorizedAgentId(c);
-    if (!agentId) return errorResponse(c, "Unauthorized", 401);
-    const { connected, resolvedAgentId } = await resolveActiveAgent(agentId);
-    const hasSessionFile = !!await findSessionFile(resolvedAgentId);
+    const scope = await getAuthorizedAgentScope(c);
+    if (!scope) return errorResponse(c, "Unauthorized", 401);
+    const { connected, resolvedAgentId } = await resolveActiveAgent(
+      scope.agentId
+    );
+    let hasSessionFile = false;
+    if (process.env.LOBU_SESSION_STORE !== "file") {
+      hasSessionFile = await readLatestSnapshotJsonl(
+        resolvedAgentId,
+        scope.organizationId
+      ) !== null;
+    }
+    if (!hasSessionFile) {
+      hasSessionFile = !!await findSessionFile(resolvedAgentId);
+    }
     return c.json({
       connected: connected || hasSessionFile,
       hasHttpServer: !!connectionManager.getHttpUrl(resolvedAgentId),
@@ -7750,14 +7841,14 @@ function createAgentHistoryRoutes(deps) {
     });
   });
   app2.get("/session/messages", async (c) => {
-    const agentId = await getAuthorizedAgentId(c);
-    if (!agentId) return errorResponse(c, "Unauthorized", 401);
+    const scope = await getAuthorizedAgentScope(c);
+    if (!scope) return errorResponse(c, "Unauthorized", 401);
     const cursor = c.req.query("cursor") || "";
     const limit = Math.min(parseInt(c.req.query("limit") || "50", 10), 200);
     const result = await proxyOrFallback(
-      agentId,
+      scope.agentId,
       `/session/messages?cursor=${cursor}&limit=${limit}`,
-      (resolved) => readSessionMessages(resolved, cursor, limit)
+      (resolved) => readSessionMessages(resolved, cursor, limit, scope.organizationId)
     );
     if (!result) {
       return c.json(
@@ -7774,12 +7865,12 @@ function createAgentHistoryRoutes(deps) {
     return c.json(result.data);
   });
   app2.get("/session/stats", async (c) => {
-    const agentId = await getAuthorizedAgentId(c);
-    if (!agentId) return errorResponse(c, "Unauthorized", 401);
+    const scope = await getAuthorizedAgentScope(c);
+    if (!scope) return errorResponse(c, "Unauthorized", 401);
     const result = await proxyOrFallback(
-      agentId,
+      scope.agentId,
       "/session/stats",
-      readSessionStats
+      (resolved) => readSessionStats(resolved, scope.organizationId)
     );
     if (!result) {
       return c.json({ error: "Agent offline", connected: false }, 503);
@@ -7793,6 +7884,7 @@ var init_agent_history = __esm({
   "src/gateway/routes/public/agent-history.ts"() {
     "use strict";
     init_src();
+    init_client();
     init_helpers();
     init_agent_ownership();
     init_settings_auth();
@@ -9576,8 +9668,10 @@ async function postOAuthCompletionPrompt(params) {
     {},
     agentSettingsStore
   );
-  const conversationState = connectionId ? chatInstanceManager2?.getInstance(connectionId)?.conversationState : void 0;
+  const instance = connectionId ? chatInstanceManager2?.getInstance(connectionId) : void 0;
+  const conversationState = instance?.conversationState;
   const conversationHistory = connectionId && conversationState ? await conversationState.getHistory(connectionId, channelId).catch(() => []) : [];
+  const organizationId = instance?.connection.organizationId ?? void 0;
   const scopeSuffix = scope ? ` (granted scopes: ${scope})` : "";
   const messageText = `[System] Authentication for "${mcpId}" completed successfully${scopeSuffix}. Retry the user's previous request that required ${mcpId} and report the result \u2014 do not ask for confirmation first.`;
   const messageId = randomUUID5();
@@ -9589,6 +9683,7 @@ async function postOAuthCompletionPrompt(params) {
     conversationId: conversationId || channelId,
     teamId: teamId ?? platform,
     agentId,
+    organizationId,
     messageId,
     messageText,
     channelId,
@@ -12994,7 +13089,6 @@ async function storePendingQuestion(questionId, organizationId, connectionId, ex
       connection_id    = EXCLUDED.connection_id,
       expected_user_id = EXCLUDED.expected_user_id,
       entry_payload    = EXCLUDED.entry_payload,
-      created_at       = now(),
       claimed_at       = NULL
   `;
 }
@@ -13013,20 +13107,38 @@ async function claimPendingQuestion(questionId, organizationId, connectionId, ex
   if (rows.length === 0) return null;
   return rows[0].entry_payload ?? null;
 }
-async function sweepStalePendingInteractions(maxAgeMs = 24 * 60 * 60 * 1e3) {
+async function sweepStalePendingInteractions(maxAgeMs = 24 * 60 * 60 * 1e3, limit = DEFAULT_SWEEP_LIMIT) {
   const sql = getDb();
   const cutoff = new Date(Date.now() - maxAgeMs);
   const rows = await sql`
     DELETE FROM pending_interactions
-     WHERE created_at < ${cutoff}
+     WHERE id IN (
+       SELECT id FROM pending_interactions
+        WHERE created_at < ${cutoff}
+        LIMIT ${limit}
+     )
     RETURNING id
   `;
   return rows.map((r) => r.id);
 }
+async function deletePendingQuestion(questionId, organizationId, connectionId, expectedUserId) {
+  const sql = getDb();
+  const rows = await sql`
+    DELETE FROM pending_interactions
+     WHERE id               = ${questionId}
+       AND organization_id  = ${organizationId}
+       AND connection_id    = ${connectionId}
+       AND expected_user_id = ${expectedUserId}
+    RETURNING id
+  `;
+  return rows.length > 0;
+}
+var DEFAULT_SWEEP_LIMIT;
 var init_pending_interaction_store = __esm({
   "src/gateway/connections/pending-interaction-store.ts"() {
     "use strict";
     init_client();
+    DEFAULT_SWEEP_LIMIT = 1e3;
   }
 });
 
@@ -13131,34 +13243,14 @@ function registerInteractionBridge(interactionService, manager, connection, chat
   const PENDING_SENT_SWEEP_INTERVAL_MS = 60 * 60 * 1e3;
   const pendingSentMessages = /* @__PURE__ */ new Map();
   const pendingSentSweepTimer = setInterval(() => {
-    sweepPendingSent().catch((error) => {
-      logger45.warn(
-        { connectionId, error: String(error) },
-        "pendingSentMessages sweep failed"
-      );
-    });
-  }, PENDING_SENT_SWEEP_INTERVAL_MS);
-  pendingSentSweepTimer.unref?.();
-  async function sweepPendingSent() {
     const ttlCutoff = Date.now() - PENDING_SENT_TTL_MS;
     for (const [id, entry] of pendingSentMessages) {
       if (entry.registeredAt <= ttlCutoff) {
         pendingSentMessages.delete(id);
       }
     }
-    let deletedIds = [];
-    try {
-      deletedIds = await sweepStalePendingInteractions();
-    } catch (error) {
-      logger45.debug(
-        { connectionId, error: String(error) },
-        "sweepStalePendingInteractions failed during local sweep"
-      );
-    }
-    for (const id of deletedIds) {
-      pendingSentMessages.delete(id);
-    }
-  }
+  }, PENDING_SENT_SWEEP_INTERVAL_MS);
+  pendingSentSweepTimer.unref?.();
   function rememberSentMessage(questionId, sent) {
     if (!sent) return;
     pendingSentMessages.set(questionId, {
@@ -13247,7 +13339,7 @@ ${event.options.map((o, i) => `${i + 1}. ${o}`).join("\n")}`;
       );
       if (!sent) {
         try {
-          await claimPendingQuestion(
+          await deletePendingQuestion(
             event.id,
             organizationId,
             connectionId,
@@ -14593,6 +14685,7 @@ var init_message_handler_bridge = __esm({
             conversationId,
             teamId: teamId || platform,
             agentId,
+            organizationId: this.connection.organizationId,
             messageId,
             messageText: value,
             channelId,
@@ -14791,15 +14884,47 @@ var init_chat_instance_manager = __esm({
             continue;
           }
           try {
-            if (connection.status === "active") {
+            if (connection.status === "active" || connection.status === "error") {
               await this.startInstance(connection);
+              if (connection.status === "error") {
+                const recoveryOrgId = connection.organizationId;
+                const clearError = () => this.connectionStore.updateConnection(connection.id, {
+                  status: "active",
+                  errorMessage: void 0
+                });
+                if (recoveryOrgId) {
+                  await orgContext.run(
+                    { organizationId: recoveryOrgId },
+                    clearError
+                  );
+                } else {
+                  await clearError();
+                }
+                logger47.info(
+                  { id: connection.id },
+                  "Recovered previously-errored connection"
+                );
+              }
             }
           } catch (error) {
             logger47.error({ id: connection.id, error: String(error) }, "Failed to load connection");
-            await this.connectionStore.updateConnection(connection.id, {
+            const errOrgId = connection.organizationId;
+            const markErrored = () => this.connectionStore.updateConnection(connection.id, {
               status: "error",
               errorMessage: `Startup failed: ${error instanceof Error ? error.message : String(error)}`
             });
+            try {
+              if (errOrgId) {
+                await orgContext.run({ organizationId: errOrgId }, markErrored);
+              } else {
+                await markErrored();
+              }
+            } catch (markErr) {
+              logger47.error(
+                { id: connection.id, error: String(markErr) },
+                "Failed to mark connection as errored"
+              );
+            }
           }
         }
       }
@@ -15054,8 +15179,7 @@ var init_chat_instance_manager = __esm({
         return instance;
       }
       async startInstance(connection) {
-        const callerOrgId = tryGetOrgId();
-        if (!callerOrgId && connection.organizationId) {
+        if (connection.organizationId) {
           return orgContext.run(
             { organizationId: connection.organizationId },
             () => this.startInstanceUnscoped(connection)
@@ -15693,6 +15817,7 @@ var init_chat_instance_manager = __esm({
           channelId: options.channelId,
           teamId: options.teamId,
           agentId: options.agentId,
+          organizationId: connection.organizationId,
           botId: `${name}-platform`,
           platform: name,
           messageText: message,
@@ -16139,6 +16264,7 @@ var init_chat_response_bridge = __esm({
   "src/gateway/connections/chat-response-bridge.ts"() {
     "use strict";
     init_src();
+    init_client();
     init_link_buttons();
     init_platform_strategies();
     logger49 = createLogger("chat-response-bridge");
@@ -16276,6 +16402,31 @@ var init_chat_response_bridge = __esm({
                 "No session file to delete on reset"
               );
             }
+            if (process.env.LOBU_SESSION_STORE !== "file") {
+              try {
+                const sql = getDb();
+                const deleted = await sql`
+              DELETE FROM public.agent_transcript_snapshot s
+              USING public.agents a
+              WHERE s.agent_id = ${agentId}
+                AND s.conversation_id = ${payload.conversationId}
+                AND a.id = s.agent_id
+                AND a.organization_id = s.organization_id
+              RETURNING s.id
+            `;
+                if (deleted.length > 0) {
+                  logger49.info(
+                    { agentId, conversationId: payload.conversationId, count: deleted.length },
+                    "Purged agent_transcript_snapshot rows for session reset"
+                  );
+                }
+              } catch (error) {
+                logger49.warn(
+                  { agentId, conversationId: payload.conversationId, error: String(error) },
+                  "Failed to purge transcript snapshots on session reset (next boot may rehydrate stale history)"
+                );
+              }
+            }
           }
         }
         logger49.info(
@@ -20465,7 +20616,8 @@ var init_runs_queue = __esm({
         const runAtSql = delayMs > 0 ? `now() + ${Number(delayMs) / 1e3}::float * interval '1 second'` : "now()";
         const expiresAtSql = expireInSeconds && expireInSeconds > 0 ? `now() + ${Number(expireInSeconds)}::int * interval '1 second'` : "NULL";
         const sql = getDb();
-        const actionInput = JSON.stringify(data ?? {});
+        const actionInput = sql.json(data ?? {});
+        const organizationIdFromPayload = typeof data?.organizationId === "string" && data.organizationId.length > 0 ? data.organizationId : null;
         const id = await sql.begin(async (tx) => {
           const result = await tx.unsafe(
             `INSERT INTO public.runs (
@@ -20480,9 +20632,10 @@ var init_runs_queue = __esm({
           run_at,
           priority,
           expires_at,
-          retry_delay_seconds
+          retry_delay_seconds,
+          organization_id
         ) VALUES (
-          $1, $2, $3, $4::jsonb, $5, $6, 0, 'pending', ${runAtSql}, $7, ${expiresAtSql}, $8
+          $1, $2, $3, $4, $5, $6, 0, 'pending', ${runAtSql}, $7, ${expiresAtSql}, $8, $9
         )
         ON CONFLICT (idempotency_key)
           WHERE idempotency_key IS NOT NULL
@@ -20497,7 +20650,8 @@ var init_runs_queue = __esm({
               idempotencyKey,
               maxAttempts,
               priority,
-              retryDelaySeconds
+              retryDelaySeconds,
+              organizationIdFromPayload
             ]
           );
           if (result.length === 0 && idempotencyKey) {
@@ -21411,6 +21565,34 @@ var init_user_agents_store = __esm({
         const agents = await this.listAgents(platform, userId, organizationId);
         return agents.includes(agentId);
       }
+      /**
+       * Resolve the orgs in which `(platform, userId)` owns `agentId`.
+       *
+       * Reads `agent_users` directly, which IS the per-org owner mapping —
+       * unlike `agents.{owner_platform, owner_user_id}` (used by the prior
+       * `resolveAuthorizedOrgId` in agent-ownership.ts) those columns are
+       * legacy and unique on `(owner_platform, owner_user_id, id)` only by
+       * convention; they can return the wrong org when the same human owns
+       * the same agentId across two orgs. The authoritative mapping for
+       * "this user is allowed to read this agent's snapshot in org X" lives
+       * here. Codex round 2 finding B on PR #865.
+       *
+       * Returns an empty array if the user owns no instance of `agentId`.
+       * Typically returns 1 element; >1 means the same user has the same
+       * agentId in multiple orgs (rare but legal).
+       */
+      async findAgentOrganizations(platform, userId, agentId) {
+        const sql = getDb();
+        const rows = await sql`
+      SELECT organization_id
+      FROM agent_users
+      WHERE platform = ${platform}
+        AND user_id = ${userId}
+        AND agent_id = ${agentId}
+      ORDER BY organization_id
+    `;
+        return rows.map((r) => r.organization_id);
+      }
     };
   }
 });
@@ -22270,10 +22452,183 @@ var init_job_router = __esm({
   }
 });
 
-// src/gateway/gateway/index.ts
+// src/gateway/gateway/transcript-routes.ts
 import { Hono as Hono18 } from "hono";
+function authenticate(c) {
+  const authHeader = c.req.header("authorization");
+  if (!authHeader?.startsWith("Bearer ")) return null;
+  const token = authHeader.substring(7);
+  return verifyWorkerToken(token);
+}
+async function isRunOwnedByJwtScope(runId, organizationId, agentId, conversationId) {
+  const sql = getDb();
+  const rows = await sql`
+    SELECT 1 AS ok FROM public.runs
+    WHERE id = ${runId}
+      AND organization_id = ${organizationId}
+      AND CASE jsonb_typeof(action_input)
+            WHEN 'object' THEN action_input ->> 'agentId'
+            WHEN 'string' THEN (action_input #>> '{}')::jsonb ->> 'agentId'
+            ELSE NULL
+          END = ${agentId}
+      AND CASE jsonb_typeof(action_input)
+            WHEN 'object' THEN action_input ->> 'conversationId'
+            WHEN 'string' THEN (action_input #>> '{}')::jsonb ->> 'conversationId'
+            ELSE NULL
+          END = ${conversationId}
+    LIMIT 1
+  `;
+  return rows.length > 0;
+}
+function createTranscriptRoutes() {
+  const app2 = new Hono18();
+  app2.get("/snapshot", async (c) => {
+    const token = authenticate(c);
+    if (!token) return c.json({ error: "Invalid token" }, 401);
+    const { organizationId, agentId, conversationId } = token;
+    if (!organizationId || !agentId || !conversationId) {
+      return c.json({ error: "Token missing required scope" }, 400);
+    }
+    const sql = getDb();
+    const rows = await sql`
+      SELECT snapshot_jsonl
+      FROM public.agent_transcript_snapshot
+      WHERE organization_id = ${organizationId}
+        AND agent_id = ${agentId}
+        AND conversation_id = ${conversationId}
+        AND terminal_status = 'completed'
+      ORDER BY run_id DESC
+      LIMIT 1
+    `;
+    const row = rows[0];
+    if (!row) {
+      return c.json({ error: "No snapshot found" }, 404);
+    }
+    return c.body(row.snapshot_jsonl, 200, {
+      "content-type": "application/x-ndjson; charset=utf-8"
+    });
+  });
+  app2.post("/snapshot", async (c) => {
+    const token = authenticate(c);
+    if (!token) return c.json({ error: "Invalid token" }, 401);
+    const { organizationId, agentId, conversationId } = token;
+    if (!organizationId || !agentId || !conversationId) {
+      return c.json({ error: "Token missing required scope" }, 400);
+    }
+    let body2;
+    try {
+      body2 = await c.req.json();
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const terminalStatus = body2.terminalStatus;
+    const snapshotJsonl = body2.snapshotJsonl;
+    if (terminalStatus !== "completed" && terminalStatus !== "failed" && terminalStatus !== "timeout" && terminalStatus !== "cancelled") {
+      return c.json({ error: "Invalid terminalStatus" }, 400);
+    }
+    if (typeof snapshotJsonl !== "string" || snapshotJsonl.length === 0) {
+      return c.json({ error: "Missing snapshotJsonl" }, 400);
+    }
+    const byteSize = Buffer.byteLength(snapshotJsonl, "utf-8");
+    if (byteSize > MAX_SNAPSHOT_BYTES) {
+      logger72.warn(
+        `Rejecting oversize snapshot (${byteSize} > ${MAX_SNAPSHOT_BYTES} bytes) for (${organizationId}, ${agentId}, ${conversationId})`
+      );
+      return c.json({ error: "Snapshot too large" }, 413);
+    }
+    const rawRunId = body2.runId;
+    const runId = typeof rawRunId === "number" && Number.isFinite(rawRunId) && rawRunId > 0 ? rawRunId : null;
+    if (runId === null) {
+      return c.json({ error: "Missing or invalid runId" }, 400);
+    }
+    if (token.runId !== runId) {
+      logger72.warn(
+        `Token runId mismatch: token.runId=${token.runId ?? "<absent>"} body.runId=${runId}; rejecting snapshot`
+      );
+      return c.json({ error: "runId out of scope" }, 403);
+    }
+    if (!await isRunOwnedByJwtScope(
+      runId,
+      organizationId,
+      agentId,
+      conversationId
+    )) {
+      logger72.warn(
+        `Run ${runId} does not belong to (${organizationId}, ${agentId}, ${conversationId}); rejecting snapshot`
+      );
+      return c.json({ error: "runId out of scope" }, 403);
+    }
+    const sql = getDb();
+    try {
+      const inserted = await sql`
+        INSERT INTO public.agent_transcript_snapshot
+          (organization_id, agent_id, conversation_id, run_id,
+           snapshot_jsonl, byte_size, terminal_status)
+        VALUES
+          (${organizationId}, ${agentId}, ${conversationId}, ${runId},
+           ${snapshotJsonl}, ${byteSize}, ${terminalStatus})
+        ON CONFLICT (organization_id, agent_id, conversation_id, run_id)
+          DO NOTHING
+        RETURNING id
+      `;
+      if (inserted.length === 0) {
+        return c.json({ error: "Snapshot already exists for run" }, 409);
+      }
+      logger72.info(
+        `Wrote snapshot id=${inserted[0].id} run_id=${runId} byte_size=${byteSize} status=${terminalStatus}`
+      );
+      return c.json({ id: inserted[0].id });
+    } catch (err) {
+      logger72.error(
+        `Snapshot INSERT failed: ${err instanceof Error ? err.message : String(err)}`
+      );
+      return c.json({ error: "Internal error" }, 500);
+    }
+  });
+  app2.delete("/snapshot", async (c) => {
+    const token = authenticate(c);
+    if (!token) return c.json({ error: "Invalid token" }, 401);
+    const { organizationId, agentId, conversationId } = token;
+    if (!organizationId || !agentId || !conversationId) {
+      return c.json({ error: "Token missing required scope" }, 400);
+    }
+    const sql = getDb();
+    try {
+      const deleted = await sql`
+        DELETE FROM public.agent_transcript_snapshot
+        WHERE organization_id = ${organizationId}
+          AND agent_id = ${agentId}
+          AND conversation_id = ${conversationId}
+        RETURNING id
+      `;
+      logger72.info(
+        `Purged ${deleted.length} snapshot row(s) for (${organizationId}, ${agentId}, ${conversationId}) on session reset`
+      );
+      return c.json({ deleted: deleted.length });
+    } catch (err) {
+      logger72.error(
+        `Snapshot DELETE failed: ${err instanceof Error ? err.message : String(err)}`
+      );
+      return c.json({ error: "Internal error" }, 500);
+    }
+  });
+  return app2;
+}
+var logger72, MAX_SNAPSHOT_BYTES;
+var init_transcript_routes = __esm({
+  "src/gateway/gateway/transcript-routes.ts"() {
+    "use strict";
+    init_src();
+    init_client();
+    logger72 = createLogger("worker-transcript");
+    MAX_SNAPSHOT_BYTES = 4 * 1024 * 1024;
+  }
+});
+
+// src/gateway/gateway/index.ts
+import { Hono as Hono19 } from "hono";
 import { stream } from "hono/streaming";
-var logger72, WorkerGateway;
+var logger73, WorkerGateway;
 var init_gateway2 = __esm({
   "src/gateway/gateway/index.ts"() {
     "use strict";
@@ -22284,7 +22639,8 @@ var init_gateway2 = __esm({
     init_model_selection();
     init_connection_manager();
     init_job_router();
-    logger72 = createLogger("worker-gateway");
+    init_transcript_routes();
+    logger73 = createLogger("worker-gateway");
     WorkerGateway = class {
       app;
       connectionManager;
@@ -22308,7 +22664,7 @@ var init_gateway2 = __esm({
         this.providerCatalogService = providerCatalogService;
         this.agentSettingsStore = agentSettingsStore;
         this.secretStore = secretStore;
-        this.app = new Hono18();
+        this.app = new Hono19();
         this.setupRoutes();
       }
       /**
@@ -22333,7 +22689,8 @@ var init_gateway2 = __esm({
           "/session-context",
           (c) => this.handleSessionContextRequest(c)
         );
-        logger72.debug("Worker gateway routes registered");
+        this.app.route("/transcript", createTranscriptRoutes());
+        logger73.debug("Worker gateway routes registered");
       }
       async enrichMcpStatus(mcpStatus, agentId, userId) {
         const secretStore = this.secretStore;
@@ -22362,7 +22719,7 @@ var init_gateway2 = __esm({
                 mcp.id
               );
             } catch (error) {
-              logger72.warn("Failed to look up stored MCP credential", {
+              logger73.warn("Failed to look up stored MCP credential", {
                 mcpId: mcp.id,
                 agentId,
                 userId,
@@ -22419,6 +22776,29 @@ var init_gateway2 = __esm({
               });
             }
           };
+          let connectionAdded = false;
+          let cleanupRan = false;
+          let aborted = false;
+          const runCleanup = () => {
+            if (cleanupRan) return;
+            cleanupRan = true;
+            aborted = true;
+            if (!connectionAdded) {
+              return;
+            }
+            const current = this.connectionManager.getConnection(deploymentName);
+            if (current && current.writer !== sseWriter) {
+              logger73.debug(
+                `Ignoring stale disconnect for ${deploymentName} (replaced by newer SSE)`
+              );
+              return;
+            }
+            this.jobRouter.pauseWorker(deploymentName).catch((err) => {
+              logger73.error(`Failed to pause worker ${deploymentName}:`, err);
+            });
+            this.connectionManager.removeConnection(deploymentName);
+          };
+          sseWriter.onClose(runCleanup);
           const detachAbortBridge = bindRequestAbortToStream(
             requestSignal,
             streamWriter
@@ -22428,8 +22808,13 @@ var init_gateway2 = __esm({
           c.header("Connection", "keep-alive");
           c.header("X-Accel-Buffering", "no");
           await this.jobRouter.pauseWorker(deploymentName);
+          if (aborted || requestSignal?.aborted) {
+            detachAbortBridge();
+            runCleanup();
+            return;
+          }
           if (this.connectionManager.isConnected(deploymentName)) {
-            logger72.info(
+            logger73.info(
               `Cleaning up stale connection for ${deploymentName} before new SSE`
             );
             this.connectionManager.removeConnection(deploymentName);
@@ -22442,21 +22827,14 @@ var init_gateway2 = __esm({
             sseWriter,
             httpPort
           );
+          connectionAdded = true;
+          if (aborted || requestSignal?.aborted) {
+            detachAbortBridge();
+            runCleanup();
+            return;
+          }
           await this.jobRouter.registerWorker(deploymentName);
           await this.jobRouter.resumeWorker(deploymentName);
-          sseWriter.onClose(() => {
-            const current = this.connectionManager.getConnection(deploymentName);
-            if (current && current.writer !== sseWriter) {
-              logger72.debug(
-                `Ignoring stale disconnect for ${deploymentName} (replaced by newer SSE)`
-              );
-              return;
-            }
-            this.jobRouter.pauseWorker(deploymentName).catch((err) => {
-              logger72.error(`Failed to pause worker ${deploymentName}:`, err);
-            });
-            this.connectionManager.removeConnection(deploymentName);
-          });
           try {
             while (!isClosed) {
               await streamWriter.sleep(1e3);
@@ -22479,36 +22857,37 @@ var init_gateway2 = __esm({
         try {
           const body2 = await c.req.json();
           const { jobId, ...responseData } = body2;
-          const enrichedResponse = auth.tokenData.connectionId && (!responseData.platformMetadata || typeof responseData.platformMetadata === "object") ? {
-            ...responseData,
+          const orgEnriched = auth.tokenData.organizationId && !responseData.organizationId ? { ...responseData, organizationId: auth.tokenData.organizationId } : responseData;
+          const enrichedResponse = auth.tokenData.connectionId && (!orgEnriched.platformMetadata || typeof orgEnriched.platformMetadata === "object") ? {
+            ...orgEnriched,
             platformMetadata: {
-              ...responseData.platformMetadata || {},
+              ...orgEnriched.platformMetadata || {},
               connectionId: auth.tokenData.connectionId
             }
-          } : responseData;
+          } : orgEnriched;
           if (jobId) {
             this.jobRouter.acknowledgeJob(jobId);
           }
           if (enrichedResponse.received) {
             if (enrichedResponse.heartbeat) {
-              logger72.debug(
+              logger73.debug(
                 `[WORKER-GATEWAY] Received heartbeat ACK from ${deploymentName}`
               );
             }
             return c.json({ success: true });
           }
-          logger72.info(
+          logger73.info(
             `[WORKER-GATEWAY] Received response with fields: ${Object.keys(enrichedResponse).join(", ")}`
           );
           if (enrichedResponse.delta) {
-            logger72.info(
+            logger73.info(
               `[WORKER-GATEWAY] Stream delta: deltaLength=${enrichedResponse.delta.length}`
             );
           }
           await this.queue.send("thread_response", enrichedResponse);
           return c.json({ success: true });
         } catch (error) {
-          logger72.error(`Error handling worker response: ${error}`);
+          logger73.error(`Error handling worker response: ${error}`);
           return c.json({ error: "Failed to process response" }, 500);
         }
       }
@@ -22597,7 +22976,7 @@ var init_gateway2 = __esm({
                   mcpInstructions[result.value.mcpId] = result.value.instructions;
                 }
               } else {
-                logger72.error("MCP tool fetch rejected", {
+                logger73.error("MCP tool fetch rejected", {
                   reason: result.reason instanceof Error ? result.reason.message : String(result.reason)
                 });
               }
@@ -22625,13 +23004,13 @@ var init_gateway2 = __esm({
                 }
               }
             } catch (error) {
-              logger72.error("Failed to fetch skills config for worker sync", {
+              logger73.error("Failed to fetch skills config for worker sync", {
                 error
               });
             }
           }
           const mergedSkillsInstructions = contextData.skillsInstructions || "";
-          logger72.info(
+          logger73.info(
             `Session context for ${userId}: ${Object.keys(mcpConfig.mcpServers || {}).length} MCPs, ${contextData.agentInstructions.length} chars agent instructions, ${contextData.platformInstructions.length} chars platform instructions, ${contextData.networkInstructions.length} chars network instructions, ${mergedSkillsInstructions.length} chars skills instructions, ${enrichedMcpStatus.length} MCP status entries, ${Object.keys(mcpTools).length} MCP tool lists, ${Object.keys(mcpInstructions).length} MCP instructions, ${skillsConfig.length} skills, provider: ${providerConfig.defaultProvider || "none"}`
           );
           return c.json({
@@ -22648,7 +23027,7 @@ var init_gateway2 = __esm({
             skillsConfig
           });
         } catch (error) {
-          logger72.error("Failed to generate session context", { err: error });
+          logger73.error("Failed to generate session context", { err: error });
           return c.json({ error: "session_context_error" }, 500);
         }
       }
@@ -22660,11 +23039,11 @@ var init_gateway2 = __esm({
         const token = authHeader.substring(7);
         const tokenData = verifyWorkerToken(token);
         if (!tokenData) {
-          logger72.warn("Invalid token");
+          logger73.warn("Invalid token");
           return null;
         }
         if (tokenData.jti && await getRevokedTokenStore().isRevoked(tokenData.jti)) {
-          logger72.warn("Revoked worker token");
+          logger73.warn("Revoked worker token");
           return null;
         }
         return { tokenData, token };
@@ -22780,12 +23159,12 @@ var init_gateway2 = __esm({
 });
 
 // src/gateway/infrastructure/queue/queue-producer.ts
-var logger73, QueueProducer;
+var logger74, QueueProducer;
 var init_queue_producer = __esm({
   "src/gateway/infrastructure/queue/queue-producer.ts"() {
     "use strict";
     init_src();
-    logger73 = createLogger("queue-producer");
+    logger74 = createLogger("queue-producer");
     QueueProducer = class {
       queue;
       isInitialized = false;
@@ -22800,9 +23179,9 @@ var init_queue_producer = __esm({
         try {
           await this.queue.createQueue("messages");
           this.isInitialized = true;
-          logger73.debug("Queue producer initialized");
+          logger74.debug("Queue producer initialized");
         } catch (error) {
-          logger73.error("Failed to initialize queue producer:", error);
+          logger74.error("Failed to initialize queue producer:", error);
           throw error;
         }
       }
@@ -22811,7 +23190,7 @@ var init_queue_producer = __esm({
        */
       async stop() {
         this.isInitialized = false;
-        logger73.debug("Queue producer stopped");
+        logger74.debug("Queue producer stopped");
       }
       /**
        * Enqueue any message (direct or thread) to the single 'messages' queue
@@ -22832,12 +23211,12 @@ var init_queue_producer = __esm({
             singletonKey: rawSingletonKey.replace(/:/g, "-")
             // Prevent duplicates within canonical conversation identity
           });
-          logger73.info(
+          logger74.info(
             `Enqueued message job ${jobId} for user ${payload.userId}, conversation ${payload.conversationId}`
           );
           return jobId || "job-sent";
         } catch (error) {
-          logger73.error(
+          logger74.error(
             `Failed to enqueue message for user ${payload.userId}:`,
             error
           );
@@ -22886,12 +23265,12 @@ function assertConnectionId(connectionId, kind) {
     );
   }
 }
-var logger74, SAFE_LINK_BUTTON_SCHEMES, InteractionService;
+var logger75, SAFE_LINK_BUTTON_SCHEMES, InteractionService;
 var init_interactions2 = __esm({
   "src/gateway/interactions.ts"() {
     "use strict";
     init_src();
-    logger74 = createLogger("interactions");
+    logger75 = createLogger("interactions");
     SAFE_LINK_BUTTON_SCHEMES = /* @__PURE__ */ new Set(["http:", "https:"]);
     InteractionService = class extends EventEmitter {
       beforeCreateHook;
@@ -22922,7 +23301,7 @@ var init_interactions2 = __esm({
           question,
           options
         };
-        logger74.info(
+        logger75.info(
           `Posted question ${posted.id} for conversation ${conversationId}`
         );
         this.emit("question:created", posted);
@@ -22955,7 +23334,7 @@ var init_interactions2 = __esm({
           args,
           grantPattern
         };
-        logger74.info(
+        logger75.info(
           `Posted tool approval ${posted.id} for ${mcpId}/${toolName} agent=${agentId}`
         );
         this.emit("tool:approval-needed", posted);
@@ -22984,7 +23363,7 @@ var init_interactions2 = __esm({
           body: body2,
           linkType
         };
-        logger74.info(
+        logger75.info(
           `Posted link button ${posted.id} for conversation ${conversationId} (${linkType})`
         );
         this.emit("link-button:created", posted);
@@ -23025,7 +23404,7 @@ var init_interactions2 = __esm({
           platform,
           text
         };
-        logger74.info(
+        logger75.info(
           `Posted status message ${posted.id} for conversation ${conversationId}`
         );
         this.emit("status-message:created", posted);
@@ -23045,7 +23424,7 @@ var init_interactions2 = __esm({
           blocking: false,
           prompts
         };
-        logger74.info(
+        logger75.info(
           `Created suggestion ${suggestion.id} for conversation ${conversationId}`
         );
         this.emit("suggestion:created", suggestion);
@@ -23116,12 +23495,12 @@ function findMatchingRule(hostname, rules) {
 function hashPolicy(organizationId, agentId, judgeName, policy) {
   return crypto3.createHash("sha256").update(`${organizationId} ${agentId} ${judgeName} ${policy}`).digest("hex").slice(0, 16);
 }
-var logger75, PolicyStore;
+var logger76, PolicyStore;
 var init_policy_store = __esm({
   "src/gateway/permissions/policy-store.ts"() {
     "use strict";
     init_src();
-    logger75 = createLogger("policy-store");
+    logger76 = createLogger("policy-store");
     PolicyStore = class _PolicyStore {
       policies = /* @__PURE__ */ new Map();
       static composeKey(organizationId, agentId) {
@@ -23130,7 +23509,7 @@ var init_policy_store = __esm({
       set(organizationId, agentId, bundle) {
         const prepared = prepareBundle(organizationId, agentId, bundle);
         this.policies.set(_PolicyStore.composeKey(organizationId, agentId), prepared);
-        logger75.debug("Set egress policy bundle", {
+        logger76.debug("Set egress policy bundle", {
           organizationId,
           agentId,
           domains: prepared.judgedDomains.length,
@@ -23161,7 +23540,7 @@ var init_policy_store = __esm({
         const judgeName = matched.judge ?? "default";
         const judge = prepared.preparedJudges[judgeName];
         if (!judge) {
-          logger75.warn(
+          logger76.warn(
             "Judge rule matched but named policy not found \u2014 failing closed",
             { organizationId, agentId, hostname, judgeName }
           );
@@ -23179,7 +23558,7 @@ var init_policy_store = __esm({
 });
 
 // src/gateway/proxy/secret-proxy.ts
-import { Hono as Hono19 } from "hono";
+import { Hono as Hono20 } from "hono";
 function defaultPlaceholderTtlSeconds() {
   const raw = process.env.SECRET_PLACEHOLDER_TTL_MS;
   if (raw) {
@@ -23194,8 +23573,8 @@ function lookupPlaceholderMapping(placeholder, expectedOrganizationId) {
   const uuid = placeholder.slice(prefixIdx + PLACEHOLDER_PREFIX.length);
   const mapping = placeholderCache.get(uuid);
   if (!mapping) return null;
-  if (expectedOrganizationId && mapping.organizationId && mapping.organizationId !== expectedOrganizationId) {
-    logger76.warn(
+  if (expectedOrganizationId !== void 0 && mapping.organizationId !== expectedOrganizationId) {
+    logger77.warn(
       {
         mappingAgentId: mapping.agentId,
         mappingOrg: mapping.organizationId,
@@ -23205,6 +23584,15 @@ function lookupPlaceholderMapping(placeholder, expectedOrganizationId) {
     );
     return null;
   }
+  if (!mapping.organizationId) {
+    logger77.warn(
+      {
+        mappingAgentId: mapping.agentId,
+        expectedOrg: expectedOrganizationId
+      },
+      "Placeholder mapping accessed without organizationId \u2014 legacy row, schedule rotation"
+    );
+  }
   return mapping;
 }
 function safeDecodePathSegment(value) {
@@ -23236,13 +23624,14 @@ function generatePlaceholder(agentId, envVarName, secretRef, deploymentName, opt
   );
   return `${PLACEHOLDER_PREFIX}${uuid}`;
 }
-var logger76, PLACEHOLDER_PREFIX, RESOLVE_FAILURE_THRESHOLD, RESOLVE_FAILURE_WINDOW_MS, ResolutionFailureLimiter, resolutionFailureLimiter, PlaceholderCache, placeholderCache, SecretProxy;
+var logger77, PLACEHOLDER_PREFIX, RESOLVE_FAILURE_THRESHOLD, RESOLVE_FAILURE_WINDOW_MS, ResolutionFailureLimiter, resolutionFailureLimiter, PlaceholderCache, placeholderCache, SecretProxy;
 var init_secret_proxy = __esm({
   "src/gateway/proxy/secret-proxy.ts"() {
     "use strict";
     init_src();
+    init_org_context();
     init_rate_limiter();
-    logger76 = createLogger("secret-proxy");
+    logger77 = createLogger("secret-proxy");
     PLACEHOLDER_PREFIX = "lobu_secret_";
     RESOLVE_FAILURE_THRESHOLD = 20;
     RESOLVE_FAILURE_WINDOW_MS = 5 * 60 * 1e3;
@@ -23352,11 +23741,11 @@ var init_secret_proxy = __esm({
         this.slugMap = /* @__PURE__ */ new Map();
         for (const upstream of config.providerUpstreams ?? []) {
           this.slugMap.set(upstream.slug, upstream.upstreamBaseUrl);
-          logger76.debug(
+          logger77.debug(
             `Registered provider upstream: ${upstream.slug} -> ${upstream.upstreamBaseUrl}`
           );
         }
-        this.app = new Hono19();
+        this.app = new Hono20();
         this.setupRoutes();
       }
       setAuthProfilesManager(manager) {
@@ -23387,7 +23776,7 @@ var init_secret_proxy = __esm({
         if (providerId) {
           this.slugToProviderId.set(upstream.slug, providerId);
         }
-        logger76.debug(
+        logger77.debug(
           `Registered provider upstream: ${upstream.slug} -> ${upstream.upstreamBaseUrl}${providerId ? ` (providerId: ${providerId})` : ""}`
         );
       }
@@ -23409,7 +23798,7 @@ var init_secret_proxy = __esm({
         try {
           return await this.forward(c);
         } catch (error) {
-          logger76.error("Secret proxy error:", error);
+          logger77.error("Secret proxy error:", error);
           return c.json({ error: "Internal proxy error" }, 500);
         }
       }
@@ -23505,12 +23894,12 @@ var init_secret_proxy = __esm({
             const { shouldLog, nowThrottled } = resolutionFailureLimiter.recordFailure(source);
             if (shouldLog) {
               if (nowThrottled) {
-                logger76.warn(
+                logger77.warn(
                   { source },
                   "Throttling placeholder resolution for source after repeated failures"
                 );
               } else {
-                logger76.warn({ source }, "Failed to resolve secret placeholder");
+                logger77.warn({ source }, "Failed to resolve secret placeholder");
               }
             }
             return "";
@@ -23561,9 +23950,13 @@ var init_secret_proxy = __esm({
             const orgId = await this.agentOrgResolver(urlAgentId);
             if (orgId) expectedOrganizationId = orgId;
           } catch (err) {
-            logger76.warn(
+            logger77.error(
               { urlAgentId, err: String(err) },
-              "agentOrgResolver failed \u2014 falling through without org expectation"
+              "agentOrgResolver failed \u2014 rejecting request to preserve org isolation"
+            );
+            return c.json(
+              { error: "Service Unavailable: failed to resolve agent organization" },
+              503
             );
           }
         }
@@ -23574,26 +23967,26 @@ var init_secret_proxy = __esm({
               expectedOrganizationId
             );
             if (!mapping) {
-              logger76.warn(
+              logger77.warn(
                 { urlAgentId },
                 "Rejecting proxy request: placeholder did not resolve"
               );
               return c.json({ error: "Unauthorized" }, 401);
             }
             if (mapping.agentId !== urlAgentId) {
-              logger76.warn(
+              logger77.warn(
                 { urlAgentId, mappingAgentId: mapping.agentId },
                 "Rejecting proxy request: placeholder agentId does not match URL"
               );
               return c.json({ error: "Forbidden" }, 403);
             }
           } else if (callerToken) {
-            logger76.debug(
+            logger77.debug(
               { urlAgentId },
               "Proxy request authenticated by non-placeholder token; agentId binding skipped"
             );
           } else {
-            logger76.warn(
+            logger77.warn(
               { urlAgentId },
               "Rejecting proxy request: names an agent but carries no auth header"
             );
@@ -23616,17 +24009,23 @@ var init_secret_proxy = __esm({
         if (urlAgentId && resolvedSlug && this.authProfilesManager) {
           const providerId = this.slugToProviderId.get(resolvedSlug);
           if (providerId) {
-            const profile = await this.authProfilesManager.getBestProfile(
-              urlAgentId,
-              providerId,
-              void 0,
-              providerContext
+            const runWithOrg = (fn) => expectedOrganizationId ? orgContext.run({ organizationId: expectedOrganizationId }, fn) : fn();
+            const authProfilesManager = this.authProfilesManager;
+            const profile = await runWithOrg(
+              () => authProfilesManager.getBestProfile(
+                urlAgentId,
+                providerId,
+                void 0,
+                providerContext
+              )
             );
             const userIdForRefresh = providerContext?.userId;
-            const credential = profile && userIdForRefresh ? await this.authProfilesManager.ensureFreshCredential(profile, {
-              userId: userIdForRefresh,
-              agentId: urlAgentId
-            }) : profile?.credential;
+            const credential = profile && userIdForRefresh ? await runWithOrg(
+              () => authProfilesManager.ensureFreshCredential(profile, {
+                userId: userIdForRefresh,
+                agentId: urlAgentId
+              })
+            ) : profile?.credential;
             if (credential) {
               headers.authorization = `Bearer ${credential}`;
             } else if (this.systemKeyResolver) {
@@ -23634,7 +24033,7 @@ var init_secret_proxy = __esm({
               if (systemKey) {
                 headers.authorization = `Bearer ${systemKey}`;
               } else {
-                logger76.warn(
+                logger77.warn(
                   `No auth profile or system key for agent ${urlAgentId}, provider ${providerId}`
                 );
                 return c.json(
@@ -23649,7 +24048,7 @@ var init_secret_proxy = __esm({
                 );
               }
             } else {
-              logger76.warn(
+              logger77.warn(
                 `No auth profile for agent ${urlAgentId}, provider ${providerId}`
               );
               return c.json(
@@ -23664,7 +24063,7 @@ var init_secret_proxy = __esm({
               );
             }
           } else {
-            logger76.warn(`No providerId mapping for slug "${resolvedSlug}"`);
+            logger77.warn(`No providerId mapping for slug "${resolvedSlug}"`);
           }
         } else {
           const source = urlAgentId ?? getClientIp({
@@ -23692,10 +24091,10 @@ var init_secret_proxy = __esm({
             }
           }
         }
-        logger76.info(`Forwarding to upstream: ${method} ${upstream}`);
+        logger77.info(`Forwarding to upstream: ${method} ${upstream}`);
         const response = await fetch(upstream, { method, headers, body: body2 });
         if (!response.ok) {
-          logger76.warn(
+          logger77.warn(
             `Upstream returned ${response.status} for ${method} ${upstream}`
           );
         }
@@ -23732,14 +24131,14 @@ var init_secret_proxy = __esm({
 });
 
 // src/gateway/proxy/token-refresh-job.ts
-var logger77, EXPIRY_BUFFER_MS, TokenRefreshJob;
+var logger78, EXPIRY_BUFFER_MS, TokenRefreshJob;
 var init_token_refresh_job = __esm({
   "src/gateway/proxy/token-refresh-job.ts"() {
     "use strict";
     init_src();
     init_client();
     init_org_context();
-    logger77 = createLogger("token-refresh-job");
+    logger78 = createLogger("token-refresh-job");
     EXPIRY_BUFFER_MS = 5 * 60 * 1e3;
     TokenRefreshJob = class {
       constructor(authProfilesManager, refreshableProviders) {
@@ -23766,7 +24165,7 @@ var init_token_refresh_job = __esm({
               () => this.maybeRefresh(userId, agentId)
             );
           } catch (err) {
-            logger77.warn(
+            logger78.warn(
               { userId, agentId, organizationId, err: String(err) },
               "Token refresh failed for user/agent \u2014 continuing scan"
             );
@@ -23789,7 +24188,7 @@ var init_token_refresh_job = __esm({
       async refreshForUserAgent(userId, agentId) {
         const organizationId = await this.lookupAgentOrg(agentId);
         if (organizationId === null) {
-          logger77.warn(
+          logger78.warn(
             { userId, agentId },
             "Skipping token refresh \u2014 agent has no org row (deleted?)"
           );
@@ -23836,7 +24235,7 @@ var init_token_refresh_job = __esm({
           const expiresAt = oauthProfile.metadata.expiresAt || 0;
           const isExpiring = expiresAt <= Date.now() + EXPIRY_BUFFER_MS;
           if (!isExpiring) continue;
-          logger77.info(
+          logger78.info(
             `Refreshing ${providerId} token for user ${userId} agent ${agentId} profile ${oauthProfile.id}`,
             { expiresAt: new Date(expiresAt).toISOString() }
           );
@@ -23860,11 +24259,11 @@ var init_token_refresh_job = __esm({
               },
               makePrimary: false
             });
-            logger77.info(
+            logger78.info(
               `Token refreshed for user ${userId} agent ${agentId} (${providerId})`
             );
           } catch (error) {
-            logger77.error(
+            logger78.error(
               `Failed to refresh ${providerId} token for user ${userId} agent ${agentId}`,
               {
                 error,
@@ -24436,12 +24835,12 @@ async function loadBedrockModelsFromAws() {
 function loadFallbackRegistryModels() {
   return getModels("amazon-bedrock").map(normalizeRegistryModel).sort(sortModels);
 }
-var logger78, CACHE_TTL_MS3, BedrockModelCatalog;
+var logger79, CACHE_TTL_MS3, BedrockModelCatalog;
 var init_bedrock_model_catalog = __esm({
   "src/gateway/services/bedrock-model-catalog.ts"() {
     "use strict";
     init_src();
-    logger78 = createLogger("bedrock-model-catalog");
+    logger79 = createLogger("bedrock-model-catalog");
     CACHE_TTL_MS3 = 5 * 60 * 1e3;
     BedrockModelCatalog = class {
       cacheTtlMs;
@@ -24464,7 +24863,7 @@ var init_bedrock_model_catalog = __esm({
           };
           return models;
         } catch (error) {
-          logger78.warn(
+          logger79.warn(
             {
               error: error instanceof Error ? error.message : String(error)
             },
@@ -24498,7 +24897,7 @@ var init_bedrock_model_catalog = __esm({
 // src/gateway/services/bedrock-openai-service.ts
 import { getModel } from "@mariozechner/pi-ai";
 import { streamBedrock } from "@mariozechner/pi-ai/dist/providers/amazon-bedrock.js";
-import { Hono as Hono20 } from "hono";
+import { Hono as Hono21 } from "hono";
 function parseDataUrl(url) {
   if (!url) return null;
   const match = url.match(/^data:([^;,]+);base64,(.+)$/);
@@ -24785,16 +25184,16 @@ function createSseStream(requestModel, stream2, includeUsage) {
     }
   });
 }
-var logger79, BedrockOpenAIService;
+var logger80, BedrockOpenAIService;
 var init_bedrock_openai_service = __esm({
   "src/gateway/services/bedrock-openai-service.ts"() {
     "use strict";
     init_src();
     init_middleware();
     init_bedrock_model_catalog();
-    logger79 = createLogger("bedrock-openai-service");
+    logger80 = createLogger("bedrock-openai-service");
     BedrockOpenAIService = class {
-      app = new Hono20();
+      app = new Hono21();
       modelCatalog;
       modelResolver;
       bedrockStreamer;
@@ -24883,7 +25282,7 @@ var init_bedrock_openai_service = __esm({
         const context2 = buildBedrockContext(request2);
         const stopSequences = Array.isArray(request2.stop) ? request2.stop : typeof request2.stop === "string" ? [request2.stop] : [];
         const toolChoice = mapToolChoice(request2.tool_choice);
-        logger79.info(
+        logger80.info(
           {
             modelId: request2.model,
             region,
@@ -24968,12 +25367,12 @@ function buildRegistryMap(configAgents) {
   }
   return result;
 }
-var logger80, DeclaredAgentRegistry;
+var logger81, DeclaredAgentRegistry;
 var init_declared_agent_registry = __esm({
   "src/gateway/services/declared-agent-registry.ts"() {
     "use strict";
     init_src();
-    logger80 = createLogger("declared-agent-registry");
+    logger81 = createLogger("declared-agent-registry");
     DeclaredAgentRegistry = class {
       entries = /* @__PURE__ */ new Map();
       has(agentId) {
@@ -24994,7 +25393,7 @@ var init_declared_agent_registry = __esm({
         for (const [agentId, entry] of next) {
           this.entries.set(agentId, entry);
         }
-        logger80.debug(`Registry now holds ${this.entries.size} declared agent(s)`);
+        logger81.debug(`Registry now holds ${this.entries.size} declared agent(s)`);
       }
     };
   }
@@ -25036,12 +25435,12 @@ function hasImageGenerationAccess(profileProviderId, profile) {
   if (!scopes) return true;
   return scopes.has("api.model.image.request") || scopes.has("api.model.request") || scopes.has("model.image.request");
 }
-var logger81, IMAGE_CAPABLE_PROVIDERS, ImageGenerationService;
+var logger82, IMAGE_CAPABLE_PROVIDERS, ImageGenerationService;
 var init_image_generation_service = __esm({
   "src/gateway/services/image-generation-service.ts"() {
     "use strict";
     init_src();
-    logger81 = createLogger("image-generation-service");
+    logger82 = createLogger("image-generation-service");
     IMAGE_CAPABLE_PROVIDERS = [
       {
         profileProviderId: "chatgpt",
@@ -25076,7 +25475,7 @@ var init_image_generation_service = __esm({
           );
           if (!profile?.credential) continue;
           if (!hasImageGenerationAccess(profileProviderId, profile)) {
-            logger81.info("Skipping provider without image-generation scope", {
+            logger82.info("Skipping provider without image-generation scope", {
               agentId,
               profileProviderId,
               authType: profile.authType
@@ -25106,7 +25505,7 @@ var init_image_generation_service = __esm({
             agentId
           );
         }
-        logger81.info("Generating image", {
+        logger82.info("Generating image", {
           agentId,
           provider: config.provider,
           profileProviderId: config.profileProviderId,
@@ -25125,7 +25524,7 @@ var init_image_generation_service = __esm({
           };
         } catch (error) {
           const errorMessage3 = error instanceof Error ? error.message : String(error);
-          logger81.error("Image generation failed", {
+          logger82.error("Image generation failed", {
             agentId,
             provider: config.provider,
             profileProviderId: config.profileProviderId,
@@ -25139,7 +25538,7 @@ var init_image_generation_service = __esm({
       }
       noProviderError(message, agentId) {
         const availableProviders = IMAGE_CAPABLE_PROVIDERS.map((p) => p.provider);
-        logger81.info(message, { agentId, availableProviders });
+        logger82.info(message, { agentId, availableProviders });
         return { error: message, availableProviders };
       }
       async generateWithOpenAI(prompt, apiKey, options) {
@@ -25228,13 +25627,13 @@ var init_session = __esm({
 });
 
 // src/gateway/services/session-manager.ts
-var logger82, StateAdapterSessionStore, SessionManager;
+var logger83, StateAdapterSessionStore, SessionManager;
 var init_session_manager = __esm({
   "src/gateway/services/session-manager.ts"() {
     "use strict";
     init_src();
     init_session();
-    logger82 = createLogger("session-manager");
+    logger83 = createLogger("session-manager");
     StateAdapterSessionStore = class {
       constructor(conversations) {
         this.conversations = conversations;
@@ -25244,23 +25643,23 @@ var init_session_manager = __esm({
         try {
           return await this.conversations.getSession(sessionKey3);
         } catch (error) {
-          logger82.error(`Failed to get session ${sessionKey3}:`, error);
+          logger83.error(`Failed to get session ${sessionKey3}:`, error);
           return null;
         }
       }
       async set(sessionKey3, session) {
         await this.conversations.setSession(sessionKey3, session);
-        logger82.debug(`Stored session ${sessionKey3}`);
+        logger83.debug(`Stored session ${sessionKey3}`);
       }
       async delete(sessionKey3) {
         await this.conversations.deleteSession(sessionKey3);
-        logger82.debug(`Deleted session ${sessionKey3}`);
+        logger83.debug(`Deleted session ${sessionKey3}`);
       }
       async getByThread(channelId, threadTs) {
         try {
           return await this.conversations.getSessionByThread(channelId, threadTs);
         } catch (error) {
-          logger82.error(
+          logger83.error(
             `Failed to get session by thread ${channelId}:${threadTs}:`,
             error
           );
@@ -25269,7 +25668,7 @@ var init_session_manager = __esm({
       }
       /** Optional cleanup - state adapter TTL handles this automatically */
       async cleanup() {
-        logger82.debug("StateAdapter TTL handles automatic cleanup");
+        logger83.debug("StateAdapter TTL handles automatic cleanup");
         return 0;
       }
     };
@@ -25539,17 +25938,17 @@ data: ${JSON.stringify({ reason })}
 });
 
 // src/gateway/watchers/run-tracker.ts
-var logger83, WatcherRunTracker;
+var logger84, WatcherRunTracker;
 var init_run_tracker = __esm({
   "src/gateway/watchers/run-tracker.ts"() {
     "use strict";
     init_src();
-    logger83 = createLogger("watcher-run-tracker");
+    logger84 = createLogger("watcher-run-tracker");
     WatcherRunTracker = class {
       pending = /* @__PURE__ */ new Map();
       register(handle) {
         if (this.pending.has(handle.messageId)) {
-          logger83.warn(
+          logger84.warn(
             { messageId: handle.messageId, runId: handle.runId },
             "duplicate watcher run registration ignored"
           );
@@ -25564,7 +25963,7 @@ var init_run_tracker = __esm({
         try {
           await handle.onResolve(result);
         } catch (err) {
-          logger83.error(
+          logger84.error(
             { err, messageId, runId: handle.runId },
             "watcher run onResolve callback failed"
           );
@@ -25626,12 +26025,12 @@ function resolveProviderRegistryFromRaw(raw) {
   try {
     rawParsed = JSON.parse(raw);
   } catch {
-    logger84.error("Invalid providers JSON");
+    logger85.error("Invalid providers JSON");
     return null;
   }
   const substituted = raw.replace(/\$\{env:([^}]+)\}/g, (_match, varName) => {
     if (isBlockedEnvSubstitution(varName)) {
-      logger84.warn(`Blocked env substitution for sensitive var: ${varName}`);
+      logger85.warn(`Blocked env substitution for sensitive var: ${varName}`);
       return "";
     }
     return process.env[varName] || "";
@@ -25640,21 +26039,21 @@ function resolveProviderRegistryFromRaw(raw) {
   try {
     parsed = JSON.parse(substituted);
   } catch {
-    logger84.error("Invalid providers JSON after env substitution");
+    logger85.error("Invalid providers JSON after env substitution");
     return null;
   }
   if (!Array.isArray(parsed.providers)) {
-    logger84.error("Invalid providers config: missing 'providers' array");
+    logger85.error("Invalid providers config: missing 'providers' array");
     return null;
   }
   return { raw: rawParsed, resolved: parsed };
 }
-var logger84, ENV_SUBSTITUTION_BLOCKLIST, ProviderRegistryService;
+var logger85, ENV_SUBSTITUTION_BLOCKLIST, ProviderRegistryService;
 var init_provider_registry_service = __esm({
   "src/gateway/services/provider-registry-service.ts"() {
     "use strict";
     init_src();
-    logger84 = createLogger("provider-registry-service");
+    logger85 = createLogger("provider-registry-service");
     ENV_SUBSTITUTION_BLOCKLIST = /* @__PURE__ */ new Set([
       "ENCRYPTION_KEY",
       "DATABASE_URL",
@@ -25676,7 +26075,7 @@ var init_provider_registry_service = __esm({
           const config = { providers: preloadedProviders };
           this.loaded = config;
           this.rawLoaded = config;
-          logger84.info(
+          logger85.info(
             `Loaded ${preloadedProviders.length} bundled provider(s) (injected)`
           );
         }
@@ -25713,7 +26112,7 @@ var init_provider_registry_service = __esm({
           if (this.configUrl.startsWith("http://") || this.configUrl.startsWith("https://")) {
             const response = await fetch(this.configUrl);
             if (!response.ok) {
-              logger84.error(`Failed to fetch providers config: ${response.status}`);
+              logger85.error(`Failed to fetch providers config: ${response.status}`);
               return null;
             }
             raw = await response.text();
@@ -25724,10 +26123,10 @@ var init_provider_registry_service = __esm({
           if (!resolved) return null;
           this.rawLoaded = resolved.raw;
           this.loaded = resolved.resolved;
-          logger84.info(`Loaded ${this.loaded.providers.length} bundled provider(s)`);
+          logger85.info(`Loaded ${this.loaded.providers.length} bundled provider(s)`);
           return this.loaded;
         } catch (error) {
-          logger84.debug("Providers config not available", { error });
+          logger85.debug("Providers config not available", { error });
           return null;
         }
       }
@@ -25739,12 +26138,12 @@ var init_provider_registry_service = __esm({
 function displayName(provider2) {
   return TTS_CAPABLE_PROVIDERS.find((p) => p.ttsProvider === provider2)?.displayName ?? provider2;
 }
-var logger85, TTS_CAPABLE_PROVIDERS, TranscriptionService;
+var logger86, TTS_CAPABLE_PROVIDERS, TranscriptionService;
 var init_transcription_service = __esm({
   "src/gateway/services/transcription-service.ts"() {
     "use strict";
     init_src();
-    logger85 = createLogger("transcription-service");
+    logger86 = createLogger("transcription-service");
     TTS_CAPABLE_PROVIDERS = [
       {
         profileProviderId: "chatgpt",
@@ -25785,7 +26184,7 @@ var init_transcription_service = __esm({
         }
         const attemptErrors = [];
         for (const config of configs) {
-          logger85.info("Transcribing audio", {
+          logger86.info("Transcribing audio", {
             agentId,
             provider: config.provider,
             profileProviderId: config.profileProviderId,
@@ -25798,7 +26197,7 @@ var init_transcription_service = __esm({
               config,
               mimeType
             );
-            logger85.info("Transcription successful", {
+            logger86.info("Transcription successful", {
               agentId,
               provider: config.provider,
               profileProviderId: config.profileProviderId,
@@ -25807,7 +26206,7 @@ var init_transcription_service = __esm({
             return { text, provider: config.provider };
           } catch (error) {
             const errorMessage3 = error instanceof Error ? error.message : String(error);
-            logger85.error("Transcription failed", {
+            logger86.error("Transcription failed", {
               agentId,
               provider: config.provider,
               profileProviderId: config.profileProviderId,
@@ -25875,7 +26274,7 @@ var init_transcription_service = __esm({
         try {
           providerConfigs = await this.providerConfigSource();
         } catch (error) {
-          logger85.warn("Failed to load provider configs for STT", {
+          logger86.warn("Failed to load provider configs for STT", {
             error: error instanceof Error ? error.message : String(error)
           });
           return [];
@@ -25887,7 +26286,7 @@ var init_transcription_service = __esm({
           const sttEnabled = stt ? stt.enabled !== false : compat === "openai";
           if (!sttEnabled) continue;
           if (compat !== "openai") {
-            logger85.warn("Unsupported config-driven STT compatibility", {
+            logger86.warn("Unsupported config-driven STT compatibility", {
               providerId,
               compat
             });
@@ -25898,7 +26297,7 @@ var init_transcription_service = __esm({
             stt?.baseUrl || entry.upstreamBaseUrl
           );
           if (!endpoint) {
-            logger85.warn("Invalid STT endpoint configuration", {
+            logger86.warn("Invalid STT endpoint configuration", {
               providerId,
               transcriptionPath: stt?.transcriptionPath,
               baseUrl: stt?.baseUrl || entry.upstreamBaseUrl
@@ -25937,7 +26336,7 @@ var init_transcription_service = __esm({
         if (!config) {
           return this.noProviderError("No audio provider configured", agentId);
         }
-        logger85.info("Synthesizing audio", {
+        logger86.info("Synthesizing audio", {
           agentId,
           provider: config.provider,
           textLength: text.length,
@@ -25945,7 +26344,7 @@ var init_transcription_service = __esm({
         });
         try {
           const result = await this.synthesizeWithProvider(text, config, options);
-          logger85.info("Synthesis successful", {
+          logger86.info("Synthesis successful", {
             agentId,
             provider: config.provider,
             audioSize: result.audioBuffer.length
@@ -25953,7 +26352,7 @@ var init_transcription_service = __esm({
           return { ...result, provider: config.provider };
         } catch (error) {
           const errorMessage3 = error instanceof Error ? error.message : String(error);
-          logger85.error("Synthesis failed", {
+          logger86.error("Synthesis failed", {
             agentId,
             provider: config.provider,
             error: errorMessage3
@@ -25966,7 +26365,7 @@ var init_transcription_service = __esm({
       }
       noProviderError(message, agentId) {
         const availableProviders = TTS_CAPABLE_PROVIDERS.map((p) => p.ttsProvider);
-        logger85.info(message, { agentId, availableProviders });
+        logger86.info(message, { agentId, availableProviders });
         return { error: message, availableProviders };
       }
       // ==========================================================================
@@ -26219,7 +26618,7 @@ var init_transcription_service = __esm({
 });
 
 // src/gateway/services/core-services.ts
-var logger86, CoreServices;
+var logger87, CoreServices;
 var init_core_services = __esm({
   "src/gateway/services/core-services.ts"() {
     "use strict";
@@ -26275,7 +26674,7 @@ var init_core_services = __esm({
     init_provider_config_resolver();
     init_provider_registry_service();
     init_transcription_service();
-    logger86 = createLogger("core-services");
+    logger87 = createLogger("core-services");
     CoreServices = class {
       constructor(config, options) {
         this.config = config;
@@ -26381,20 +26780,20 @@ var init_core_services = __esm({
        * Initialize all core services in dependency order
        */
       async initialize() {
-        logger86.debug("Initializing core services...");
+        logger87.debug("Initializing core services...");
         await this.initializeQueue();
-        logger86.debug("Queue initialized");
+        logger87.debug("Queue initialized");
         await this.initializeSessionServices();
-        logger86.debug("Session services initialized");
+        logger87.debug("Session services initialized");
         await this.initializeClaudeServices();
-        logger86.debug("Auth & provider services initialized");
+        logger87.debug("Auth & provider services initialized");
         await this.initializeMcpServices();
-        logger86.debug("MCP services initialized");
+        logger87.debug("MCP services initialized");
         await this.initializeQueueProducer();
-        logger86.debug("Queue producer initialized");
+        logger87.debug("Queue producer initialized");
         this.initializeCommandRegistry();
-        logger86.debug("Command registry initialized");
-        logger86.info("Core services initialized successfully");
+        logger87.debug("Command registry initialized");
+        logger87.info("Core services initialized successfully");
       }
       /** Public entry point for the scheduler-registered ephemeral-table sweep.
        *  Deletes expired rows from oauth_states, rate_limits, grants, and
@@ -26411,13 +26810,13 @@ var init_core_services = __esm({
           ]);
           const pendingInteractions = pendingIds.length;
           if (oauthStates + rate + grants + completedRuns + pendingInteractions > 0) {
-            logger86.debug(
+            logger87.debug(
               { oauthStates, rate, grants, completedRuns, pendingInteractions },
               "Ephemeral table sweeper deleted expired rows"
             );
           }
         } catch (error) {
-          logger86.warn(
+          logger87.warn(
             { error: error instanceof Error ? error.message : String(error) },
             "Ephemeral table sweeper failed"
           );
@@ -26429,7 +26828,7 @@ var init_core_services = __esm({
       async initializeQueue() {
         this.queue = new RunsQueue();
         await this.queue.start();
-        logger86.debug("Queue connection established (runs-table substrate)");
+        logger87.debug("Queue connection established (runs-table substrate)");
       }
       async initializeQueueProducer() {
         if (!this.queue) {
@@ -26437,7 +26836,7 @@ var init_core_services = __esm({
         }
         this.queueProducer = new QueueProducer(this.queue);
         await this.queueProducer.start();
-        logger86.debug("Queue producer initialized");
+        logger87.debug("Queue producer initialized");
       }
       // ============================================================================
       // 2. Session Services Initialization
@@ -26452,17 +26851,17 @@ var init_core_services = __esm({
           new ConversationStateStore(stateAdapter)
         );
         this.sessionManager = new SessionManager(sessionStore);
-        logger86.debug("Session manager initialized");
+        logger87.debug("Session manager initialized");
         this.interactionService = new InteractionService();
-        logger86.debug("Interaction service initialized");
+        logger87.debug("Interaction service initialized");
         this.sseManager = new SseManager();
-        logger86.debug("SSE manager initialized");
+        logger87.debug("SSE manager initialized");
         this.watcherRunTracker = new WatcherRunTracker();
-        logger86.debug("Watcher run tracker initialized");
+        logger87.debug("Watcher run tracker initialized");
         this.grantStore = new GrantStore();
-        logger86.debug("Grant store initialized");
+        logger87.debug("Grant store initialized");
         this.policyStore = new PolicyStore();
-        logger86.debug("Policy store initialized");
+        logger87.debug("Policy store initialized");
         const defaultSecretStore = new PostgresSecretStore();
         this.secretStore = this.options?.secretStore ?? new SecretStoreRegistry(
           defaultSecretStore,
@@ -26475,7 +26874,7 @@ var init_core_services = __esm({
             }
           }
         );
-        logger86.debug("Secret store initialized");
+        logger87.debug("Secret store initialized");
         this.channelBindingService = new ChannelBindingService();
         this.userAgentsStore = new UserAgentsStore();
         if (!this.configStore || !this.connectionStore || !this.accessStore) {
@@ -26488,7 +26887,7 @@ var init_core_services = __esm({
               inMemoryStore,
               this.config.agents
             );
-            logger86.debug(
+            logger87.debug(
               `Agent sub-stores initialized (in-memory, ${this.config.agents.length} agent(s) from config)`
             );
           } else {
@@ -26497,11 +26896,11 @@ var init_core_services = __esm({
             );
           }
         } else {
-          logger86.debug("Using host-provided agent sub-stores (embedded mode)");
+          logger87.debug("Using host-provided agent sub-stores (embedded mode)");
         }
         this.agentSettingsStore = new AgentSettingsStore(this.configStore);
         this.agentMetadataStore = new AgentMetadataStore(this.configStore);
-        logger86.debug(
+        logger87.debug(
           "Agent settings, channel binding, user agents & metadata stores initialized"
         );
         const externalAuthKv = /* @__PURE__ */ new Map();
@@ -26527,7 +26926,7 @@ var init_core_services = __esm({
           }
         }) ?? void 0;
         if (this.externalAuthClient) {
-          logger86.debug("External OAuth client initialized");
+          logger87.debug("External OAuth client initialized");
         }
       }
       // ============================================================================
@@ -26588,7 +26987,7 @@ var init_core_services = __esm({
             }
           }
         }
-        logger86.debug(
+        logger87.debug(
           "Auth profile, model preference, transcription, and image generation services initialized"
         );
         this.secretProxy = new SecretProxy(
@@ -26597,7 +26996,7 @@ var init_core_services = __esm({
           },
           this.secretStore
         );
-        logger86.debug(
+        logger87.debug(
           `Secret proxy initialized (upstream: ${this.config.anthropicProxy.anthropicBaseUrl || "https://api.anthropic.com"})`
         );
         if (!this.authProfilesManager) {
@@ -26608,24 +27007,24 @@ var init_core_services = __esm({
         this.tokenRefreshJob = new TokenRefreshJob(this.authProfilesManager, [
           { providerId: "claude", oauthClient: new OAuthClient(CLAUDE_PROVIDER) }
         ]);
-        logger86.debug("Token refresh job constructed");
+        logger87.debug("Token refresh job constructed");
         this.oauthStateStore = createOAuthStateStore("claude");
         const claudeOAuthModule = new ClaudeOAuthModule(
           this.authProfilesManager,
           this.modelPreferenceStore
         );
         moduleRegistry.register(claudeOAuthModule);
-        logger86.debug(
+        logger87.debug(
           `Claude OAuth module registered (system token: ${claudeOAuthModule.hasSystemKey() ? "available" : "not available"})`
         );
         const chatgptOAuthModule = new ChatGPTOAuthModule(this.authProfilesManager);
         moduleRegistry.register(chatgptOAuthModule);
-        logger86.debug(
+        logger87.debug(
           `ChatGPT OAuth module registered (system token: ${chatgptOAuthModule.hasSystemKey() ? "available" : "not available"})`
         );
         const geminiCliModule = new GeminiCliModule(this.authProfilesManager);
         moduleRegistry.register(geminiCliModule);
-        logger86.debug("Gemini CLI module registered (acpx sub-agent shell-out)");
+        logger87.debug("Gemini CLI module registered (acpx sub-agent shell-out)");
         const bedrockModelCatalog = new BedrockModelCatalog();
         const bedrockProviderModule = new BedrockProviderModule(
           this.authProfilesManager,
@@ -26635,23 +27034,23 @@ var init_core_services = __esm({
         this.bedrockOpenAIService = new BedrockOpenAIService({
           modelCatalog: bedrockModelCatalog
         });
-        logger86.debug("Bedrock provider module registered");
+        logger87.debug("Bedrock provider module registered");
         const injectedProviders = this.options?.providerRegistry;
         if (injectedProviders) {
           this.providerRegistryService = new ProviderRegistryService(
             void 0,
             injectedProviders
           );
-          logger86.debug(
+          logger87.debug(
             `Provider registry initialized from injected providers (${injectedProviders.length})`
           );
         } else {
           const registryPath = resolveProviderRegistryPath();
           this.providerRegistryService = new ProviderRegistryService(registryPath);
           if (registryPath) {
-            logger86.info(`Provider registry path: ${registryPath}`);
+            logger87.info(`Provider registry path: ${registryPath}`);
           } else {
-            logger86.warn(
+            logger87.warn(
               "No providers registry found (set LOBU_PROVIDER_REGISTRY_PATH or run from a dir with config/providers.json) \u2014 config-driven providers will be unavailable"
             );
           }
@@ -26663,7 +27062,7 @@ var init_core_services = __esm({
           () => this.providerConfigResolver ? this.providerConfigResolver.getProviderConfigs() : Promise.resolve({})
         );
         const configProviders = await this.providerConfigResolver.getProviderConfigs();
-        logger86.info(
+        logger87.info(
           `Provider registry loaded ${Object.keys(configProviders).length} config-driven provider(s)`
         );
         const registeredIds = new Set(
@@ -26671,7 +27070,7 @@ var init_core_services = __esm({
         );
         for (const [id, entry] of Object.entries(configProviders)) {
           if (registeredIds.has(id)) {
-            logger86.info(
+            logger87.info(
               `Skipping config-driven provider "${id}" \u2014 already registered`
             );
             continue;
@@ -26693,7 +27092,7 @@ var init_core_services = __esm({
           });
           moduleRegistry.register(module);
           registeredIds.add(id);
-          logger86.debug(
+          logger87.debug(
             `Registered config-driven provider: ${id} (system key: ${module.hasSystemKey() ? "available" : "not available"})`
           );
         }
@@ -26702,7 +27101,7 @@ var init_core_services = __esm({
           this.authProfilesManager,
           this.declaredAgentRegistry
         );
-        logger86.debug("Provider catalog service initialized");
+        logger87.debug("Provider catalog service initialized");
         if (this.secretProxy) {
           this.secretProxy.setAuthProfilesManager(this.authProfilesManager);
           this.secretProxy.setAgentOrgResolver(
@@ -26725,7 +27124,7 @@ var init_core_services = __esm({
             }
             return testEnv[mod.getCredentialEnvVarName()] || void 0;
           });
-          logger86.debug("Provider upstreams registered with secret proxy");
+          logger87.debug("Provider upstreams registered with secret proxy");
         }
       }
       // ============================================================================
@@ -26757,7 +27156,7 @@ var init_core_services = __esm({
           this.mcpConfigService,
           this.agentSettingsStore
         );
-        logger86.debug("Instruction service initialized");
+        logger87.debug("Instruction service initialized");
         if (!this.secretStore) {
           throw new Error("Secret store must be initialized before MCP proxy");
         }
@@ -26808,7 +27207,7 @@ var init_core_services = __esm({
             payload.message
           );
         };
-        logger86.debug("MCP proxy initialized");
+        logger87.debug("MCP proxy initialized");
         this.workerGateway = new WorkerGateway(
           this.queue,
           this.config.mcp.publicGatewayUrl,
@@ -26819,10 +27218,10 @@ var init_core_services = __esm({
           this.agentSettingsStore,
           this.secretStore
         );
-        logger86.debug("Worker gateway initialized");
+        logger87.debug("Worker gateway initialized");
         await moduleRegistry.registerAvailableModules();
         await moduleRegistry.initAll();
-        logger86.debug("Modules initialized");
+        logger87.debug("Modules initialized");
       }
       // ============================================================================
       // 7. Command Registry Initialization
@@ -26837,7 +27236,7 @@ var init_core_services = __esm({
         registerBuiltInCommands(this.commandRegistry, {
           agentSettingsStore: this.agentSettingsStore
         });
-        logger86.debug("Command registry initialized with built-in commands");
+        logger87.debug("Command registry initialized with built-in commands");
       }
       // ============================================================================
       // SDK-Embedded Helpers
@@ -26865,18 +27264,18 @@ var init_core_services = __esm({
       // Shutdown
       // ============================================================================
       async shutdown() {
-        logger86.info("Shutting down core services...");
+        logger87.info("Shutting down core services...");
         if (this.queueProducer) {
           await this.queueProducer.stop();
         }
         if (this.workerGateway) {
           this.workerGateway.shutdown();
-          logger86.info("Worker gateway shutdown complete");
+          logger87.info("Worker gateway shutdown complete");
         }
         if (this.queue) {
           await this.queue.stop();
         }
-        logger86.info("Core services shutdown complete");
+        logger87.info("Core services shutdown complete");
       }
       // ============================================================================
       // Service Accessors (implements ICoreServices interface)
@@ -27028,7 +27427,7 @@ var init_core_services = __esm({
 });
 
 // src/gateway/gateway-main.ts
-var logger87, Gateway;
+var logger88, Gateway;
 var init_gateway_main = __esm({
   "src/gateway/gateway-main.ts"() {
     "use strict";
@@ -27036,7 +27435,7 @@ var init_gateway_main = __esm({
     init_platform2();
     init_unified_thread_consumer();
     init_core_services();
-    logger87 = createLogger("gateway");
+    logger88 = createLogger("gateway");
     Gateway = class {
       constructor(config, options) {
         this.config = config;
@@ -27073,7 +27472,7 @@ var init_gateway_main = __esm({
             this.coreServices.getInstructionService()?.registerPlatformProvider(platform.name, provider2);
           }
         }
-        logger87.debug(`Platform registered: ${platform.name}`);
+        logger88.debug(`Platform registered: ${platform.name}`);
         return this;
       }
       /**
@@ -27084,10 +27483,10 @@ var init_gateway_main = __esm({
        * 4. Start all platforms
        */
       async start() {
-        logger87.debug("Starting gateway...");
+        logger88.debug("Starting gateway...");
         await this.coreServices.initialize();
         for (const [name, platform] of this.platforms) {
-          logger87.debug(`Initializing platform: ${name}`);
+          logger88.debug(`Initializing platform: ${name}`);
           await platform.initialize(this.coreServices);
         }
         const instructionService = this.coreServices.getInstructionService();
@@ -27102,7 +27501,7 @@ var init_gateway_main = __esm({
           }
         }
         for (const [name, platform] of this.platforms) {
-          logger87.debug(`Starting platform: ${name}`);
+          logger88.debug(`Starting platform: ${name}`);
           await platform.start();
         }
         this.unifiedConsumer = new UnifiedThreadResponseConsumer(
@@ -27120,26 +27519,26 @@ var init_gateway_main = __esm({
        * 3. Shutdown core services
        */
       async stop() {
-        logger87.info("Stopping gateway...");
+        logger88.info("Stopping gateway...");
         if (this.unifiedConsumer) {
-          logger87.info("Stopping unified thread response consumer");
+          logger88.info("Stopping unified thread response consumer");
           try {
             await this.unifiedConsumer.stop();
           } catch (error) {
-            logger87.error("Failed to stop unified consumer:", error);
+            logger88.error("Failed to stop unified consumer:", error);
           }
         }
         for (const [name, platform] of this.platforms) {
-          logger87.info(`Stopping platform: ${name}`);
+          logger88.info(`Stopping platform: ${name}`);
           try {
             await platform.stop();
           } catch (error) {
-            logger87.error(`Failed to stop platform ${name}:`, error);
+            logger88.error(`Failed to stop platform ${name}:`, error);
           }
         }
         await this.coreServices.shutdown();
         this.isRunning = false;
-        logger87.info("\u2705 Gateway stopped");
+        logger88.info("\u2705 Gateway stopped");
       }
       /**
        * Get gateway status
@@ -27204,7 +27603,7 @@ function isSecretEnvVar(name, providerModules) {
   const upper = name.toUpperCase();
   return upper.includes("_KEY") || upper.includes("_TOKEN") || upper.includes("_SECRET") || upper.includes("_PASSWORD");
 }
-var logger88, SECRET_PLACEHOLDER_TTL_SECONDS, GRANT_SYNC_CACHE_MAX, BaseDeploymentManager;
+var logger89, SECRET_PLACEHOLDER_TTL_SECONDS, GRANT_SYNC_CACHE_MAX, BaseDeploymentManager;
 var init_base_deployment_manager = __esm({
   "src/gateway/orchestration/base-deployment-manager.ts"() {
     "use strict";
@@ -27212,7 +27611,7 @@ var init_base_deployment_manager = __esm({
     init_policy_store();
     init_secret_proxy();
     init_secrets();
-    logger88 = createLogger("orchestrator");
+    logger89 = createLogger("orchestrator");
     SECRET_PLACEHOLDER_TTL_SECONDS = (() => {
       const raw = process.env.SECRET_PLACEHOLDER_TTL_MS;
       if (raw) {
@@ -27321,7 +27720,7 @@ var init_base_deployment_manager = __esm({
         };
         const deploymentName = generateDeploymentName(deploymentIdentity);
         const canonicalConversationKey = buildCanonicalConversationKey(deploymentIdentity);
-        logger88.info(
+        logger89.info(
           `Worker deployment - conversationId: ${conversationId}, canonicalKey: ${canonicalConversationKey}, deploymentName: ${deploymentName}`
         );
         try {
@@ -27334,14 +27733,14 @@ var init_base_deployment_manager = __esm({
               await this.scaleDeployment(deploymentName, 1);
               return;
             } catch (scaleErr) {
-              logger88.warn(
+              logger89.warn(
                 `scaleDeployment(${deploymentName}, 1) failed (${scaleErr instanceof Error ? scaleErr.message : String(scaleErr)}); re-spawning`
               );
             }
           }
           const maxDeployments = this.config.worker.maxDeployments;
           if (maxDeployments > 0 && deployments.length >= maxDeployments) {
-            logger88.warn(
+            logger89.warn(
               `\u26A0\uFE0F  Maximum deployments limit reached (${deployments.length}/${maxDeployments}). Running cleanup before creating new deployment.`
             );
             await this.reconcileDeployments();
@@ -27405,7 +27804,7 @@ var init_base_deployment_manager = __esm({
         const organizationId = messageData.organizationId;
         if (!this.policyStore || !agentId || !organizationId) {
           if (!organizationId && agentId) {
-            logger88.warn(
+            logger89.warn(
               { agentId, deploymentName },
               "Skipping egress policy sync \u2014 message has no organizationId"
             );
@@ -27420,11 +27819,11 @@ var init_base_deployment_manager = __esm({
         if (bundle) {
           this.policyStore.set(organizationId, agentId, bundle);
           if (deploymentName) {
-            logger88.info(
+            logger89.info(
               `Synced egress judge policy for ${deploymentName}: ${bundle.judgedDomains.length} rule(s), ${Object.keys(bundle.judges).length} judge(s)`
             );
           } else {
-            logger88.debug("Synced egress judge policy", {
+            logger89.debug("Synced egress judge policy", {
               organizationId,
               agentId,
               rules: bundle.judgedDomains.length,
@@ -27447,7 +27846,7 @@ var init_base_deployment_manager = __esm({
           for (const domain of messageData.networkConfig.allowedDomains) {
             await this.grantStore.grant(agentId, domain, null, void 0, orgId);
           }
-          logger88.info(
+          logger89.info(
             `Synced network config domains as grants for ${deploymentName}: ${messageData.networkConfig.allowedDomains.join(", ")}`
           );
         }
@@ -27455,7 +27854,7 @@ var init_base_deployment_manager = __esm({
           for (const pattern of messageData.preApprovedTools) {
             await this.grantStore.grant(agentId, pattern, null, void 0, orgId);
           }
-          logger88.info(
+          logger89.info(
             `Synced pre-approved tool patterns as grants for ${deploymentName}: ${messageData.preApprovedTools.join(", ")}`
           );
         }
@@ -27469,7 +27868,7 @@ var init_base_deployment_manager = __esm({
           for (const domain of NIX_DOMAINS) {
             await this.grantStore.grant(agentId, domain, null, void 0, orgId);
           }
-          logger88.info(
+          logger89.info(
             `Added Nix cache domains as grants for ${deploymentName}: ${NIX_DOMAINS.join(", ")}`
           );
         }
@@ -27608,7 +28007,7 @@ var init_base_deployment_manager = __esm({
           if (flakeUrl) envVars.NIX_FLAKE_URL = flakeUrl;
           if (packages && packages.length > 0)
             envVars.NIX_PACKAGES = packages.join(",");
-          logger88.debug(
+          logger89.debug(
             `Nix config for ${deploymentName}: flakeUrl=${flakeUrl || "none"}, packages=${packages?.length || 0}`
           );
         }
@@ -27671,12 +28070,12 @@ var init_base_deployment_manager = __esm({
               envVars[key] = placeholder;
               hasSecrets = true;
             } catch (error) {
-              logger88.warn(`Failed to generate placeholder for ${key}:`, error);
+              logger89.warn(`Failed to generate placeholder for ${key}:`, error);
             }
           }
         }
         if (hasSecrets) {
-          logger88.info(
+          logger89.info(
             `\u{1F510} Generated secret placeholders for ${deploymentName}, routing through proxy`
           );
         }
@@ -27739,7 +28138,7 @@ var init_base_deployment_manager = __esm({
               providerContext
             );
           } catch (error) {
-            logger88.warn("Failed to build module environment variables:", error);
+            logger89.warn("Failed to build module environment variables:", error);
           }
         }
         if (this.config.worker.env) {
@@ -27774,7 +28173,7 @@ var init_base_deployment_manager = __esm({
           }
         }
         if (primaryProvider) {
-          logger88.info(
+          logger89.info(
             {
               agentId,
               primaryProviderId: primaryProvider.providerId,
@@ -27820,7 +28219,7 @@ var init_base_deployment_manager = __esm({
           for (const domain of NPM_DOMAINS) {
             await this.grantStore.grant(agentId, domain, null, void 0, orgId);
           }
-          logger88.info(
+          logger89.info(
             `Added npm registry domains as grants for ${deploymentName}: ${NPM_DOMAINS.join(", ")}`
           );
         }
@@ -27839,12 +28238,12 @@ var init_base_deployment_manager = __esm({
                 `deployments/${deploymentName}/`
               );
               if (cleared > 0) {
-                logger88.debug(
+                logger89.debug(
                   `Cleared ${cleared} deployment secret(s) for ${deploymentName}`
                 );
               }
             } catch (error) {
-              logger88.warn(
+              logger89.warn(
                 `Failed to clear deployment secrets for ${deploymentName}:`,
                 error
               );
@@ -27867,7 +28266,7 @@ var init_base_deployment_manager = __esm({
       async reconcileDeployments() {
         try {
           const maxDeployments = this.config.worker.maxDeployments;
-          logger88.debug("Running deployment cleanup...");
+          logger89.debug("Running deployment cleanup...");
           const activeDeployments = await this.listDeployments();
           if (activeDeployments.length === 0) {
             return;
@@ -27908,7 +28307,7 @@ var init_base_deployment_manager = __esm({
               if (results[j]?.status === "fulfilled") {
                 processedCount++;
               } else {
-                logger88.error(
+                logger89.error(
                   `\u274C Failed to delete deployment ${batch[j]}:`,
                   results[j].reason
                 );
@@ -27924,7 +28323,7 @@ var init_base_deployment_manager = __esm({
               if (results[j]?.status === "fulfilled") {
                 processedCount++;
               } else {
-                logger88.error(
+                logger89.error(
                   `\u274C Failed to scale down deployment ${batch[j]}:`,
                   results[j].reason
                 );
@@ -27932,12 +28331,12 @@ var init_base_deployment_manager = __esm({
             }
           }
           if (processedCount > 0) {
-            logger88.info(
+            logger89.info(
               `\u2705 Cleanup completed: processed ${processedCount} deployment(s)`
             );
           }
         } catch (error) {
-          logger88.error(
+          logger89.error(
             "Error during deployment reconciliation:",
             error instanceof Error ? error.message : String(error)
           );
@@ -28059,6 +28458,111 @@ function makeUnitName(deploymentName) {
   const tag = Math.random().toString(36).slice(2, 8);
   return `lobu-worker-${safe}-${tag}`;
 }
+function getDefaultMaxReservedLocks() {
+  const poolMax = Number.parseInt(process.env.DB_POOL_MAX || "20", 10);
+  if (!Number.isFinite(poolMax) || poolMax <= 0) {
+    return Math.max(1, 20 - POOL_HEADROOM);
+  }
+  return Math.max(1, poolMax - POOL_HEADROOM);
+}
+function getMaxReservedLocks() {
+  const raw = process.env.LOBU_MAX_RESERVED_LOCKS;
+  if (!raw) return getDefaultMaxReservedLocks();
+  const n = Number.parseInt(raw, 10);
+  if (!Number.isFinite(n) || n < 0) return getDefaultMaxReservedLocks();
+  return n;
+}
+function getReservedLockCount() {
+  return reservedLockCount;
+}
+async function acquireConversationLock(organizationId, agentId, conversationId) {
+  if (process.env.LOBU_DISABLE_PREPARE === "1") {
+    return { release: async () => {
+    } };
+  }
+  const max = getMaxReservedLocks();
+  if (reservedLockCount >= max) {
+    logger90.warn(
+      `Reserved-lock cap reached (${reservedLockCount}/${max}); deferring spawn for ${organizationId}/${agentId}/${conversationId}`
+    );
+    return null;
+  }
+  reservedLockCount += 1;
+  if (!warnedNearCap && reservedLockCount >= Math.ceil(max * 0.8)) {
+    logger90.warn(
+      `Reserved-lock count near cap: ${reservedLockCount}/${max}. Tune via LOBU_MAX_RESERVED_LOCKS or scale pods.`
+    );
+    warnedNearCap = true;
+  }
+  let decremented = false;
+  const decrementOnce = () => {
+    if (decremented) return;
+    decremented = true;
+    reservedLockCount = Math.max(0, reservedLockCount - 1);
+    if (warnedNearCap && reservedLockCount < Math.ceil(max * 0.8)) {
+      warnedNearCap = false;
+    }
+  };
+  const sql = getDb();
+  let reserved;
+  try {
+    reserved = await sql.reserve();
+  } catch (err) {
+    decrementOnce();
+    throw err;
+  }
+  const key2 = hashConvKey2(organizationId, agentId, conversationId);
+  try {
+    const rows = await reserved`SELECT pg_try_advisory_lock(${CONV_LOCK_KEY1}, ${key2}) AS acquired`;
+    if (!rows[0]?.acquired) {
+      reserved.release();
+      decrementOnce();
+      return null;
+    }
+  } catch (err) {
+    reserved.release();
+    decrementOnce();
+    throw err;
+  }
+  return {
+    async release() {
+      const MAX_ATTEMPTS = 3;
+      const BACKOFF_MS = 100;
+      let lastErr = null;
+      for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+        try {
+          await reserved`SELECT pg_advisory_unlock(${CONV_LOCK_KEY1}, ${key2})`;
+          lastErr = null;
+          break;
+        } catch (err) {
+          lastErr = err;
+          if (attempt < MAX_ATTEMPTS) {
+            await new Promise((r) => setTimeout(r, BACKOFF_MS * attempt));
+          }
+        }
+      }
+      if (lastErr) {
+        logger90.error(
+          `Failed to release advisory lock after ${MAX_ATTEMPTS} attempts for ${organizationId}/${agentId}/${conversationId}: ${lastErr instanceof Error ? lastErr.message : String(lastErr)}`
+        );
+      }
+      try {
+        reserved.release();
+      } catch {
+      }
+      decrementOnce();
+    }
+  };
+}
+function hashConvKey2(organizationId, agentId, conversationId) {
+  const input = `${organizationId}:${agentId}:${conversationId}`;
+  let hash = 2166136261;
+  for (let i = 0; i < input.length; i++) {
+    hash ^= input.charCodeAt(i);
+    hash = hash + ((hash << 1) + (hash << 4) + (hash << 7) + (hash << 8) + (hash << 24)) | 0;
+  }
+  return hash;
+}
 function buildEmbeddedWorkerPath(binPathEntries, existingPath) {
   const segments = (existingPath || "").split(":").filter(Boolean);
   for (const candidate of [...binPathEntries ?? []].reverse()) {
@@ -28115,15 +28619,20 @@ function nixPackageAttrRef(pkg) {
   }
   return `pkgs.${namespace}.${leaf}`;
 }
-var logger89, KILL_TIMEOUT_MS, cachedSystemdRun, NIX_PACKAGE_NAMESPACES, NIX_LEAF_RE, NIX_ATTR_LEAF_RE, EmbeddedDeploymentManager;
+var logger90, KILL_TIMEOUT_MS, cachedSystemdRun, CONV_LOCK_KEY1, POOL_HEADROOM, reservedLockCount, warnedNearCap, NIX_PACKAGE_NAMESPACES, NIX_LEAF_RE, NIX_ATTR_LEAF_RE, EmbeddedDeploymentManager;
 var init_embedded_deployment = __esm({
   "src/gateway/orchestration/impl/embedded-deployment.ts"() {
     "use strict";
     init_src();
+    init_client();
     init_base_deployment_manager();
     init_deployment_utils();
-    logger89 = createLogger("orchestrator");
+    logger90 = createLogger("orchestrator");
     KILL_TIMEOUT_MS = 5e3;
+    CONV_LOCK_KEY1 = 1819239029;
+    POOL_HEADROOM = 5;
+    reservedLockCount = 0;
+    warnedNearCap = false;
     NIX_PACKAGE_NAMESPACES = /* @__PURE__ */ new Set([
       "python3Packages",
       "python311Packages",
@@ -28175,7 +28684,7 @@ var init_embedded_deployment = __esm({
             `Worker entry point not found: ${entryPoint}`
           );
         }
-        logger89.debug(`Worker entry point verified: ${entryPoint}`);
+        logger90.debug(`Worker entry point verified: ${entryPoint}`);
       }
       async spawnDeployment(deploymentName, username, userId, messageData) {
         if (this.workers.has(deploymentName)) {
@@ -28196,111 +28705,164 @@ var init_embedded_deployment = __esm({
         }
         const workspaceDir = path5.resolve(`workspaces/${agentId}`);
         fs2.mkdirSync(workspaceDir, { recursive: true, mode: 448 });
-        const commonEnvVars = await this.generateEnvironmentVariables(
-          username,
-          userId,
-          deploymentName,
-          messageData,
-          true
-        );
-        commonEnvVars.WORKSPACE_DIR = workspaceDir;
-        const embeddedPath = buildEmbeddedWorkerPath(
-          this.config.worker.binPathEntries,
-          commonEnvVars.PATH || process.env.PATH
-        );
-        if (embeddedPath) {
-          commonEnvVars.PATH = embeddedPath;
-        }
-        const allowedDomains = messageData?.networkConfig?.allowedDomains ?? [];
-        if (allowedDomains.length > 0) {
-          commonEnvVars.JUST_BASH_ALLOWED_DOMAINS = JSON.stringify(allowedDomains);
-        }
-        const nixPackages = messageData?.nixConfig?.packages ?? [];
-        const workerEntryPoint = this.getWorkerEntryPoint();
-        const workerInvocation = buildWorkerInvocation(workerEntryPoint);
-        let command;
-        let spawnArgs;
-        if (nixPackages.length > 0) {
-          const packageRefs = nixPackages.map(nixPackageAttrRef);
-          command = "nix-shell";
-          spawnArgs = [
-            "-E",
-            `let pkgs = import <nixpkgs> {}; in pkgs.mkShell { buildInputs = [ ${packageRefs.join(" ")} ]; }`,
-            "--run",
-            buildShellCommand(workerInvocation.command, workerInvocation.args)
-          ];
-          logger89.info(
-            `Spawning embedded worker ${deploymentName} with nix packages: ${nixPackages.join(", ")}`
+        const snapshotModeEnabled = process.env.LOBU_SESSION_STORE !== "file";
+        const conversationId = typeof messageData?.conversationId === "string" ? messageData.conversationId : null;
+        const organizationId = typeof messageData?.organizationId === "string" ? messageData.organizationId : null;
+        let convLock = null;
+        if (snapshotModeEnabled && organizationId && conversationId) {
+          try {
+            convLock = await acquireConversationLock(
+              organizationId,
+              agentId,
+              conversationId
+            );
+          } catch (err) {
+            logger90.error(
+              `Failed to acquire conversation lock: ${err instanceof Error ? err.message : String(err)}`
+            );
+            throw new OrchestratorError(
+              "DEPLOYMENT_CREATE_FAILED" /* DEPLOYMENT_CREATE_FAILED */,
+              "Could not acquire per-conversation lock"
+            );
+          }
+          if (!convLock) {
+            logger90.info(
+              `Conversation lock busy for ${organizationId}/${agentId}/${conversationId}; deferring spawn`
+            );
+            throw new OrchestratorError(
+              "DEPLOYMENT_CREATE_FAILED" /* DEPLOYMENT_CREATE_FAILED */,
+              "Conversation lock busy on another pod"
+            );
+          }
+        }
+        let child;
+        let commonEnvVars;
+        try {
+          commonEnvVars = await this.generateEnvironmentVariables(
+            username,
+            userId,
+            deploymentName,
+            messageData,
+            true
           );
-        } else {
-          command = workerInvocation.command;
-          spawnArgs = workerInvocation.args;
-        }
-        const systemdRun = locateSystemdRun();
-        if (systemdRun) {
-          const unitName = makeUnitName(deploymentName);
-          const innerCommand = command;
-          const innerArgs = spawnArgs;
-          command = systemdRun;
-          spawnArgs = [
-            ...buildSystemdRunArgs({ unitName, workspaceDir }),
-            "--",
-            innerCommand,
-            ...innerArgs
-          ];
-          logger89.info(
-            `Spawning embedded worker ${deploymentName} under systemd-run scope ${unitName}`
+          commonEnvVars.WORKSPACE_DIR = workspaceDir;
+          if (!snapshotModeEnabled) {
+            commonEnvVars.LOBU_SESSION_STORE = "file";
+          }
+          const embeddedPath = buildEmbeddedWorkerPath(
+            this.config.worker.binPathEntries,
+            commonEnvVars.PATH || process.env.PATH
           );
+          if (embeddedPath) {
+            commonEnvVars.PATH = embeddedPath;
+          }
+          const allowedDomains = messageData?.networkConfig?.allowedDomains ?? [];
+          if (allowedDomains.length > 0) {
+            commonEnvVars.JUST_BASH_ALLOWED_DOMAINS = JSON.stringify(allowedDomains);
+          }
+          const nixPackages = messageData?.nixConfig?.packages ?? [];
+          const workerEntryPoint = this.getWorkerEntryPoint();
+          const workerInvocation = buildWorkerInvocation(workerEntryPoint);
+          let command;
+          let spawnArgs;
+          if (nixPackages.length > 0) {
+            const packageRefs = nixPackages.map(nixPackageAttrRef);
+            command = "nix-shell";
+            spawnArgs = [
+              "-E",
+              `let pkgs = import <nixpkgs> {}; in pkgs.mkShell { buildInputs = [ ${packageRefs.join(" ")} ]; }`,
+              "--run",
+              buildShellCommand(workerInvocation.command, workerInvocation.args)
+            ];
+            logger90.info(
+              `Spawning embedded worker ${deploymentName} with nix packages: ${nixPackages.join(", ")}`
+            );
+          } else {
+            command = workerInvocation.command;
+            spawnArgs = workerInvocation.args;
+          }
+          const systemdRun = locateSystemdRun();
+          if (systemdRun) {
+            const unitName = makeUnitName(deploymentName);
+            const innerCommand = command;
+            const innerArgs = spawnArgs;
+            command = systemdRun;
+            spawnArgs = [
+              ...buildSystemdRunArgs({ unitName, workspaceDir }),
+              "--",
+              innerCommand,
+              ...innerArgs
+            ];
+            logger90.info(
+              `Spawning embedded worker ${deploymentName} under systemd-run scope ${unitName}`
+            );
+          }
+          child = spawn(command, spawnArgs, {
+            // Workers must not inherit gateway-only secrets or telemetry settings
+            // (DATABASE_URL, SENTRY_DSN, OAuth secrets, etc.). Everything a worker
+            // needs is assembled explicitly above, with optional operator-provided
+            // values forwarded only via WORKER_ENV_*.
+            env: commonEnvVars,
+            cwd: workspaceDir,
+            stdio: ["ignore", "pipe", "pipe"]
+          });
+        } catch (err) {
+          if (convLock) {
+            void convLock.release();
+          }
+          throw err;
         }
-        const child = spawn(command, spawnArgs, {
-          // Workers must not inherit gateway-only secrets or telemetry settings
-          // (DATABASE_URL, SENTRY_DSN, OAuth secrets, etc.). Everything a worker
-          // needs is assembled explicitly above, with optional operator-provided
-          // values forwarded only via WORKER_ENV_*.
-          env: commonEnvVars,
-          cwd: workspaceDir,
-          stdio: ["ignore", "pipe", "pipe"]
-        });
+        let lockReleased = false;
+        const releaseLockOnce = async () => {
+          if (lockReleased) return;
+          lockReleased = true;
+          if (convLock) {
+            await convLock.release();
+          }
+        };
         child.once("error", (err) => {
-          logger89.error(
+          logger90.error(
             `Embedded worker ${deploymentName} spawn error: ${err.message}`
           );
           this.workers.delete(deploymentName);
+          releaseLockOnce();
         });
         child.stdout?.on("data", (data) => {
           for (const line of data.toString().trimEnd().split("\n")) {
-            logger89.info({ worker: deploymentName }, line);
+            logger90.info({ worker: deploymentName }, line);
           }
         });
         child.stderr?.on("data", (data) => {
           for (const line of data.toString().trimEnd().split("\n")) {
-            logger89.warn({ worker: deploymentName }, line);
+            logger90.warn({ worker: deploymentName }, line);
           }
         });
         child.once("exit", (code, signal) => {
-          const entry = this.workers.get(deploymentName);
-          if (entry) {
-            this.workers.delete(deploymentName);
-          }
+          this.workers.delete(deploymentName);
+          releaseLockOnce();
           if (signal) {
-            logger89.info(
+            logger90.info(
               `Embedded worker ${deploymentName} exited with signal ${signal}`
             );
           } else if (code !== 0) {
-            logger89.error(
+            logger90.error(
               `Embedded worker ${deploymentName} exited with code ${code}`
             );
           } else {
-            logger89.info(`Embedded worker ${deploymentName} exited cleanly`);
+            logger90.info(`Embedded worker ${deploymentName} exited cleanly`);
           }
         });
         this.workers.set(deploymentName, {
           process: child,
           env: commonEnvVars,
           lastActivity: /* @__PURE__ */ new Date(),
-          workspaceDir
+          workspaceDir,
+          // Expose the idempotent release on the entry for introspection /
+          // tests. The exit handler is the authoritative release site;
+          // killWorker no longer touches this field.
+          ...convLock ? { releaseConvLock: releaseLockOnce } : {}
         });
-        logger89.info(
+        logger90.info(
           `Started embedded worker subprocess for ${deploymentName} (pid=${child.pid})`
         );
       }
@@ -28308,7 +28870,7 @@ var init_embedded_deployment = __esm({
         const entry = this.workers.get(deploymentName);
         if (replicas === 0 && entry) {
           await this.killWorker(entry, deploymentName);
-          logger89.info(`Stopped embedded worker ${deploymentName}`);
+          logger90.info(`Stopped embedded worker ${deploymentName}`);
         } else if (replicas === 1 && !entry) {
           throw new Error(
             `Embedded worker ${deploymentName} is not running \u2014 must re-create`
@@ -28319,7 +28881,7 @@ var init_embedded_deployment = __esm({
         const entry = this.workers.get(deploymentName);
         if (entry) {
           await this.killWorker(entry, deploymentName);
-          logger89.info(`Stopped embedded worker: ${deploymentName}`);
+          logger90.info(`Stopped embedded worker: ${deploymentName}`);
         }
       }
       async listDeployments() {
@@ -28347,7 +28909,14 @@ var init_embedded_deployment = __esm({
           entry.lastActivity = /* @__PURE__ */ new Date();
         }
       }
-      /** Send SIGTERM, then SIGKILL after timeout. Resolves on child exit. */
+      /** Send SIGTERM, then SIGKILL after timeout. Resolves on child exit.
+       *
+       * Does NOT release the conversation lock — the child's exit handler is
+       * the authoritative release site, and the release call there is
+       * idempotent. Releasing here before `await exited` (as a prior version
+       * did) lets a sibling pod claim the conversation while this worker is
+       * still flushing its cleanup() snapshot. Codex P1#3 on PR #865.
+       */
       async killWorker(entry, deploymentName) {
         const child = entry.process;
         this.workers.delete(deploymentName);
@@ -28358,7 +28927,7 @@ var init_embedded_deployment = __esm({
         child.kill("SIGTERM");
         const killTimer = setTimeout(() => {
           if (child.exitCode === null && child.signalCode === null) {
-            logger89.warn(
+            logger90.warn(
               `Embedded worker ${deploymentName} did not exit after SIGTERM, sending SIGKILL`
             );
             child.kill("SIGKILL");
@@ -28376,14 +28945,14 @@ var init_embedded_deployment = __esm({
 
 // src/gateway/orchestration/message-consumer.ts
 import * as Sentry3 from "@sentry/node";
-var logger90, MessageConsumer;
+var logger91, MessageConsumer;
 var init_message_consumer = __esm({
   "src/gateway/orchestration/message-consumer.ts"() {
     "use strict";
     init_src();
     init_queue();
     init_base_deployment_manager();
-    logger90 = createLogger("orchestrator");
+    logger91 = createLogger("orchestrator");
     MessageConsumer = class {
       queue;
       deploymentManager;
@@ -28407,7 +28976,7 @@ var init_message_consumer = __esm({
           await this.queue.start();
           this.isRunning = true;
           await this.queue.createQueue("messages");
-          logger90.debug("Created/verified messages queue");
+          logger91.debug("Created/verified messages queue");
           await this.queue.work(
             "messages",
             async (job) => {
@@ -28425,7 +28994,7 @@ var init_message_consumer = __esm({
               );
             }
           );
-          logger90.debug("Queue consumer started");
+          logger91.debug("Queue consumer started");
         } catch (error) {
           throw new OrchestratorError(
             "QUEUE_JOB_PROCESSING_FAILED" /* QUEUE_JOB_PROCESSING_FAILED */,
@@ -28455,7 +29024,7 @@ var init_message_consumer = __esm({
           "lobu.conversation_id": data?.conversationId || "unknown"
         });
         const childTraceparent = getTraceparent(queueSpan) || traceparent;
-        logger90.info(
+        logger91.info(
           {
             traceparent,
             traceId,
@@ -28466,6 +29035,10 @@ var init_message_consumer = __esm({
           "Processing job with trace context"
         );
         try {
+          const parsedRunId = Number(jobId);
+          if (Number.isFinite(parsedRunId) && parsedRunId > 0) {
+            data.runId = parsedRunId;
+          }
           const effectiveConversationId = data.conversationId;
           if (!effectiveConversationId) {
             throw new OrchestratorError(
@@ -28486,7 +29059,22 @@ var init_message_consumer = __esm({
             channelId: data.channelId,
             conversationId: effectiveConversationId
           });
-          logger90.info(
+          if (data.runId !== void 0) {
+            data.runJobToken = generateWorkerToken(
+              data.userId,
+              effectiveConversationId,
+              deploymentName,
+              {
+                channelId: data.channelId,
+                teamId: data.teamId,
+                agentId: data.agentId,
+                organizationId: data.organizationId,
+                platform: data.platform,
+                runId: data.runId
+              }
+            );
+          }
+          logger91.info(
             `Conversation routing - effectiveConversationId: ${effectiveConversationId}, canonicalKey: ${canonicalConversationKey}, deploymentName: ${deploymentName}`
           );
           await Sentry3.startSpan(
@@ -28503,7 +29091,7 @@ var init_message_consumer = __esm({
               await this.sendToWorkerQueue(data, deploymentName);
             }
           );
-          logger90.info(
+          logger91.info(
             { traceId, traceparent: childTraceparent, deploymentName },
             "Enqueued message to thread queue"
           );
@@ -28523,7 +29111,7 @@ var init_message_consumer = __esm({
               },
               level: "error"
             });
-            logger90.error(
+            logger91.error(
               {
                 traceId,
                 error: bgError instanceof Error ? bgError.message : String(bgError),
@@ -28536,13 +29124,13 @@ var init_message_consumer = __esm({
             );
             this.trackFailedDeployment(deploymentName, data, bgError).catch(
               (trackError) => {
-                logger90.error("Failed to track deployment failure:", trackError);
+                logger91.error("Failed to track deployment failure:", trackError);
               }
             );
           });
           queueSpan?.setStatus({ code: SpanStatusCode.OK });
           queueSpan?.end();
-          logger90.info({ traceId, jobId }, "Message job queued successfully");
+          logger91.info({ traceId, jobId }, "Message job queued successfully");
         } catch (error) {
           queueSpan?.setStatus({
             code: SpanStatusCode.ERROR,
@@ -28550,7 +29138,7 @@ var init_message_consumer = __esm({
           });
           queueSpan?.end();
           Sentry3.captureException(error);
-          logger90.error({ traceId, jobId, error }, "Message job failed");
+          logger91.error({ traceId, jobId, error }, "Message job failed");
           throw new OrchestratorError(
             "QUEUE_JOB_PROCESSING_FAILED" /* QUEUE_JOB_PROCESSING_FAILED */,
             `Failed to process message job: ${error instanceof Error ? error.message : String(error)}`,
@@ -28582,11 +29170,11 @@ var init_message_consumer = __esm({
               true
             );
           }
-          logger90.info(
+          logger91.info(
             `\u2705 Sent message to thread queue ${threadQueueName} for conversation ${data.conversationId}, jobId: ${jobId}`
           );
         } catch (error) {
-          logger90.error(`\u274C [ERROR] sendToWorkerQueue failed:`, error);
+          logger91.error(`\u274C [ERROR] sendToWorkerQueue failed:`, error);
           throw new OrchestratorError(
             "QUEUE_JOB_PROCESSING_FAILED" /* QUEUE_JOB_PROCESSING_FAILED */,
             `Failed to send message to thread queue: ${error instanceof Error ? error.message : String(error)}`,
@@ -28632,7 +29220,7 @@ var init_message_consumer = __esm({
             if (isNewThread) {
               const acquired = this.acquireDeploymentLock(deploymentName);
               if (!acquired) {
-                logger90.info(
+                logger91.info(
                   { traceId, deploymentName },
                   "Another handler is creating this deployment, waiting"
                 );
@@ -28640,7 +29228,7 @@ var init_message_consumer = __esm({
                 const rechecked = await this.deploymentManager.listDeployments();
                 if (rechecked.some((d) => d.deploymentName === deploymentName)) {
                   await this.deploymentManager.scaleDeployment(deploymentName, 1);
-                  logger90.info(
+                  logger91.info(
                     { traceId, deploymentName },
                     "Deployment created by other handler, scaled up"
                   );
@@ -28654,7 +29242,7 @@ var init_message_consumer = __esm({
               try {
                 const recheckAfterLock = await this.deploymentManager.listDeployments();
                 if (recheckAfterLock.some((d) => d.deploymentName === deploymentName)) {
-                  logger90.info(
+                  logger91.info(
                     { traceId, deploymentName },
                     "Deployment already created by another handler after lock acquired"
                   );
@@ -28664,7 +29252,7 @@ var init_message_consumer = __esm({
                   );
                   return;
                 }
-                logger90.info(
+                logger91.info(
                   { traceId, traceparent, conversationId, deploymentName },
                   "New thread - creating deployment"
                 );
@@ -28674,24 +29262,24 @@ var init_message_consumer = __esm({
                   dataWithTrace,
                   recheckAfterLock
                 );
-                logger90.info({ traceId, deploymentName }, "Created deployment");
+                logger91.info({ traceId, deploymentName }, "Created deployment");
               } finally {
                 this.releaseDeploymentLock(deploymentName);
               }
             } else {
-              logger90.info(
+              logger91.info(
                 { traceId, conversationId, deploymentName },
                 "Existing thread - ensuring worker exists"
               );
               await this.deploymentManager.syncNetworkConfigGrants(dataWithTrace);
               try {
                 await this.deploymentManager.scaleDeployment(deploymentName, 1);
-                logger90.info(
+                logger91.info(
                   { traceId, deploymentName },
                   "Scaled existing worker to 1"
                 );
               } catch {
-                logger90.info(
+                logger91.info(
                   { traceId, conversationId, deploymentName },
                   "Worker doesn't exist, creating it"
                 );
@@ -28700,11 +29288,11 @@ var init_message_consumer = __esm({
                   conversationId,
                   dataWithTrace
                 );
-                logger90.info({ traceId, deploymentName }, "Created worker");
+                logger91.info({ traceId, deploymentName }, "Created worker");
               }
             }
             await this.deploymentManager.updateDeploymentActivity(deploymentName);
-            logger90.info({ traceId, deploymentName }, "Worker is ready");
+            logger91.info({ traceId, deploymentName }, "Worker is ready");
           },
           {
             maxRetries: 3,
@@ -28712,7 +29300,7 @@ var init_message_consumer = __esm({
             strategy: "linear",
             jitter: true,
             onRetry: (attempt, error) => {
-              logger90.warn(
+              logger91.warn(
                 { traceId, deploymentName, attempt, maxAttempts: 3 },
                 `Retry attempt failed: ${error.message}`
               );
@@ -28726,7 +29314,7 @@ var init_message_consumer = __esm({
        */
       async trackFailedDeployment(deploymentName, data, error) {
         try {
-          logger90.error(
+          logger91.error(
             {
               deploymentName,
               userId: data.userId,
@@ -28752,10 +29340,10 @@ var init_message_consumer = __esm({
               processedMessageIds: [data.messageId]
             });
           } catch (notifyError) {
-            logger90.error("Failed to send error notification to user:", notifyError);
+            logger91.error("Failed to send error notification to user:", notifyError);
           }
         } catch (trackError) {
-          logger90.error("Failed to track deployment failure:", trackError);
+          logger91.error("Failed to track deployment failure:", trackError);
         }
       }
       /**
@@ -28769,7 +29357,7 @@ var init_message_consumer = __esm({
             isRunning: this.isRunning
           };
         } catch (error) {
-          logger90.error("Failed to get queue stats:", error);
+          logger91.error("Failed to get queue stats:", error);
           return {
             isRunning: this.isRunning,
             error: error instanceof Error ? error.message : String(error)
@@ -28781,7 +29369,7 @@ var init_message_consumer = __esm({
 });
 
 // src/gateway/orchestration/index.ts
-var logger91, Orchestrator;
+var logger92, Orchestrator;
 var init_orchestration = __esm({
   "src/gateway/orchestration/index.ts"() {
     "use strict";
@@ -28793,7 +29381,7 @@ var init_orchestration = __esm({
     init_deployment_utils();
     init_embedded_deployment();
     init_message_consumer();
-    logger91 = createLogger("orchestrator");
+    logger92 = createLogger("orchestrator");
     Orchestrator = class {
       config;
       deploymentManager;
@@ -28833,7 +29421,7 @@ var init_orchestration = __esm({
         }
         const providerModules = getModelProviderModules();
         this.deploymentManager.setProviderModules(providerModules);
-        logger91.debug(
+        logger92.debug(
           `Provider modules injected into orchestrator (${providerModules.length})`
         );
       }
@@ -28846,9 +29434,9 @@ var init_orchestration = __esm({
           await this.queueConsumer.start();
           this.setupIdleCleanup();
           this.isRunning = true;
-          logger91.debug("Orchestrator started");
+          logger92.debug("Orchestrator started");
         } catch (error) {
-          logger91.error("\u274C Failed to start orchestrator:", error);
+          logger92.error("\u274C Failed to start orchestrator:", error);
           throw error;
         }
       }
@@ -28866,9 +29454,9 @@ var init_orchestration = __esm({
             this.initialReconcileTimer = void 0;
           }
           if (this.activeReconciliation) {
-            logger91.info("Waiting for in-flight reconciliation to complete...");
+            logger92.info("Waiting for in-flight reconciliation to complete...");
             const safeReconciliation = this.activeReconciliation.catch((error) => {
-              logger91.error(
+              logger92.error(
                 "In-flight reconciliation failed during shutdown:",
                 error
               );
@@ -28888,11 +29476,11 @@ var init_orchestration = __esm({
               )
             );
           } catch (error) {
-            logger91.error("Error draining workers during shutdown:", error);
+            logger92.error("Error draining workers during shutdown:", error);
           }
-          logger91.info("\u2705 Orchestrator stopped");
+          logger92.info("\u2705 Orchestrator stopped");
         } catch (error) {
-          logger91.error("\u274C Error stopping orchestrator:", error);
+          logger92.error("\u274C Error stopping orchestrator:", error);
         }
       }
       setupIdleCleanup() {
@@ -28900,7 +29488,7 @@ var init_orchestration = __esm({
           this.initialReconcileTimer = void 0;
           if (this.shuttingDown) return;
           const p = this.deploymentManager.reconcileDeployments().catch((error) => {
-            logger91.error("\u274C Initial deployment reconciliation failed:", error);
+            logger92.error("\u274C Initial deployment reconciliation failed:", error);
           });
           this.activeReconciliation = p;
           p.finally(() => {
@@ -28910,7 +29498,7 @@ var init_orchestration = __esm({
         this.cleanupInterval = setInterval(async () => {
           if (this.shuttingDown) return;
           if (this.isReconciling) {
-            logger91.debug(
+            logger92.debug(
               "Skipping reconciliation interval: previous run still in progress"
             );
             return;
@@ -28921,7 +29509,7 @@ var init_orchestration = __esm({
             this.activeReconciliation = p;
             await p;
           } catch (error) {
-            logger91.error(
+            logger92.error(
               "Error during deployment reconciliation:",
               error instanceof Error ? error.message : String(error)
             );
@@ -28960,20 +29548,20 @@ var init_orchestration = __esm({
 function loadAllowedDomains() {
   const allowedDomains = process.env.WORKER_ALLOWED_DOMAINS;
   if (!allowedDomains) {
-    logger92.warn(
+    logger93.warn(
       "\u26A0\uFE0F  WORKER_ALLOWED_DOMAINS not set - workers will have NO internet access (complete isolation)"
     );
     return [];
   }
   const trimmed = allowedDomains.trim();
   if (trimmed === "*") {
-    logger92.debug("WORKER_ALLOWED_DOMAINS=* - unrestricted internet access");
+    logger93.debug("WORKER_ALLOWED_DOMAINS=* - unrestricted internet access");
     return ["*"];
   }
   const parsed = normalizeDomainPatterns(
     trimmed.split(",").map((d) => d.trim()).filter((d) => d.length > 0)
   ) ?? [];
-  logger92.debug(
+  logger93.debug(
     `Loaded ${parsed.length} allowed domains from WORKER_ALLOWED_DOMAINS`
   );
   return parsed;
@@ -28987,17 +29575,17 @@ function loadDisallowedDomains() {
   const parsed = normalizeDomainPatterns(
     disallowedDomains.split(",").map((d) => d.trim()).filter((d) => d.length > 0)
   ) ?? [];
-  logger92.debug(
+  logger93.debug(
     `Loaded ${parsed.length} disallowed domains from WORKER_DISALLOWED_DOMAINS`
   );
   return parsed;
 }
-var logger92;
+var logger93;
 var init_network_allowlist = __esm({
   "src/gateway/config/network-allowlist.ts"() {
     "use strict";
     init_src();
-    logger92 = createLogger("network-allowlist");
+    logger93 = createLogger("network-allowlist");
   }
 });
 
@@ -29031,7 +29619,7 @@ var init_policy_composer = __esm({
 });
 
 // src/gateway/proxy/egress-judge/judge.ts
-var logger93;
+var logger94;
 var init_judge = __esm({
   "src/gateway/proxy/egress-judge/judge.ts"() {
     "use strict";
@@ -29040,7 +29628,7 @@ var init_judge = __esm({
     init_cache();
     init_circuit_breaker();
     init_policy_composer();
-    logger93 = createLogger("egress-judge");
+    logger94 = createLogger("egress-judge");
   }
 });
 
@@ -29077,7 +29665,7 @@ async function checkDomainAccess(hostname, agentId, organizationId, requestConte
         organizationId
       );
       if (denied) {
-        logger94.debug(`Domain ${hostname} denied via grant (agent: ${agentId})`);
+        logger95.debug(`Domain ${hostname} denied via grant (agent: ${agentId})`);
         return { allowed: false, source: "grant" };
       }
     }
@@ -29090,7 +29678,7 @@ async function checkDomainAccess(hostname, agentId, organizationId, requestConte
       organizationId
     );
     if (granted) {
-      logger94.debug(`Domain ${hostname} allowed via grant (agent: ${agentId})`);
+      logger95.debug(`Domain ${hostname} allowed via grant (agent: ${agentId})`);
       return { allowed: true, source: "grant" };
     }
   }
@@ -29286,13 +29874,13 @@ function validateProxyAuth(req) {
   }
   const tokenData = verifyWorkerToken(creds.token);
   if (!tokenData) {
-    logger94.warn(
+    logger95.warn(
       `Proxy auth failed: invalid token (claimed deployment: ${creds.deploymentName})`
     );
     return null;
   }
   if (tokenData.jti && getRevokedTokenStore().isRevokedCached(tokenData.jti)) {
-    logger94.warn(
+    logger95.warn(
       `Proxy auth failed: revoked jti (claimed deployment: ${creds.deploymentName})`
     );
     return null;
@@ -29302,7 +29890,7 @@ function validateProxyAuth(req) {
     Buffer.from(creds.deploymentName)
   );
   if (!deploymentMatch) {
-    logger94.warn(
+    logger95.warn(
       `Proxy auth failed: deployment mismatch (claimed: ${creds.deploymentName}, token: ${tokenData.deploymentName})`
     );
     return null;
@@ -29344,7 +29932,7 @@ function logAccessDecision(method, hostname, deploymentName, agentId, decision)
   if (decision.allowed && decision.source === "global") {
     return;
   }
-  logger94.info("egress-decision", {
+  logger95.info("egress-decision", {
     method,
     hostname,
     deploymentName,
@@ -29372,7 +29960,7 @@ async function handleConnect(req, clientSocket, head) {
   const url = req.url || "";
   const hostname = extractConnectHostname(url);
   if (!hostname) {
-    logger94.warn(`Invalid CONNECT request: ${url}`);
+    logger95.warn(`Invalid CONNECT request: ${url}`);
     clientSocket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
     clientSocket.end();
     return;
@@ -29380,9 +29968,9 @@ async function handleConnect(req, clientSocket, head) {
   let targetSocket = null;
   clientSocket.on("error", (err) => {
     if (err.code === "ECONNRESET") {
-      logger94.debug(`Client disconnected for ${hostname} (ECONNRESET)`);
+      logger95.debug(`Client disconnected for ${hostname} (ECONNRESET)`);
     } else {
-      logger94.debug(`Client connection error for ${hostname}: ${err.message}`);
+      logger95.debug(`Client connection error for ${hostname}: ${err.message}`);
     }
     try {
       targetSocket?.end();
@@ -29397,7 +29985,7 @@ async function handleConnect(req, clientSocket, head) {
   });
   const auth = validateProxyAuth(req);
   if (!auth) {
-    logger94.warn(`Proxy auth required for CONNECT to ${hostname}`);
+    logger95.warn(`Proxy auth required for CONNECT to ${hostname}`);
     try {
       clientSocket.write(
         'HTTP/1.1 407 Proxy Authentication Required\r\nProxy-Authenticate: Basic realm="lobu-proxy"\r\n\r\n'
@@ -29422,7 +30010,7 @@ async function handleConnect(req, clientSocket, head) {
   );
   if (!decision.allowed) {
     const reason = decision.judge?.reason ?? `Domain not allowed: ${hostname}`;
-    logger94.warn(
+    logger95.warn(
       `Blocked CONNECT to ${hostname} (deployment: ${deploymentName}) - ${reason}`
     );
     try {
@@ -29440,7 +30028,7 @@ Content-Type: text/plain\r
   }
   const targetResolution = await resolveAndValidateTarget(hostname);
   if (!targetResolution.ok) {
-    logger94.warn(
+    logger95.warn(
       `Blocked CONNECT to ${hostname} (deployment: ${deploymentName}) - ${targetResolution.reason}`
     );
     try {
@@ -29462,17 +30050,17 @@ ${targetResolution.clientMessage}\r
     clientSocket.end();
     return;
   }
-  logger94.debug(`Allowing CONNECT to ${hostname} via ${resolvedIp}`);
+  logger95.debug(`Allowing CONNECT to ${hostname} via ${resolvedIp}`);
   const [host, portStr] = url.split(":");
   const port = portStr ? Number.parseInt(portStr, 10) : 443;
   if (!host) {
-    logger94.warn(`Invalid CONNECT host: ${url}`);
+    logger95.warn(`Invalid CONNECT host: ${url}`);
     clientSocket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
     clientSocket.end();
     return;
   }
   if (!Number.isInteger(port) || port < 1 || port > 65535) {
-    logger94.warn(`Invalid CONNECT port: ${url}`);
+    logger95.warn(`Invalid CONNECT port: ${url}`);
     clientSocket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
     clientSocket.end();
     return;
@@ -29485,7 +30073,7 @@ ${targetResolution.clientMessage}\r
   });
   targetSocket = tunnelSocket;
   tunnelSocket.on("error", (err) => {
-    logger94.debug(`Target connection error for ${hostname}: ${err.message}`);
+    logger95.debug(`Target connection error for ${hostname}: ${err.message}`);
     try {
       clientSocket.end();
     } catch {
@@ -29516,7 +30104,7 @@ async function handleProxyRequest(req, res) {
   const hostname = parsedUrl.hostname;
   const auth = validateProxyAuth(req);
   if (!auth) {
-    logger94.warn(`Proxy auth required for ${req.method} ${hostname}`);
+    logger95.warn(`Proxy auth required for ${req.method} ${hostname}`);
     res.writeHead(407, {
       "Content-Type": "text/plain",
       "Proxy-Authenticate": 'Basic realm="lobu-proxy"'
@@ -29538,7 +30126,7 @@ async function handleProxyRequest(req, res) {
   );
   if (!decision.allowed) {
     const reason = decision.judge?.reason ?? `Domain not allowed: ${hostname}`;
-    logger94.warn(
+    logger95.warn(
       `Blocked request to ${hostname} (deployment: ${deploymentName}) - ${reason}`
     );
     res.writeHead(403, escapeHeaderValue(reason), {
@@ -29552,7 +30140,7 @@ async function handleProxyRequest(req, res) {
   }
   const targetResolution = await resolveAndValidateTarget(hostname);
   if (!targetResolution.ok) {
-    logger94.warn(
+    logger95.warn(
       `Blocked request to ${hostname} (deployment: ${deploymentName}) - ${targetResolution.reason}`
     );
     res.writeHead(targetResolution.statusCode ?? 502, {
@@ -29568,7 +30156,7 @@ async function handleProxyRequest(req, res) {
     res.end("Internal proxy error\n");
     return;
   }
-  logger94.debug(
+  logger95.debug(
     `Proxying ${req.method} ${hostname}${parsedUrl.pathname} via ${resolvedIp}`
   );
   const forwardHeaders = { ...req.headers };
@@ -29585,7 +30173,7 @@ async function handleProxyRequest(req, res) {
     proxyRes.pipe(res);
   });
   proxyReq.on("error", (err) => {
-    logger94.error(`Proxy request error for ${hostname}:`, err.message);
+    logger95.error(`Proxy request error for ${hostname}:`, err.message);
     if (!res.headersSent) {
       res.writeHead(502, { "Content-Type": "text/plain" });
       res.end("Bad Gateway: Could not reach target server\n");
@@ -29600,7 +30188,7 @@ function startHttpProxy(port = 8118, host = "::") {
     const global = getGlobalConfig();
     const server = http.createServer((req, res) => {
       handleProxyRequest(req, res).catch((err) => {
-        logger94.error("Error handling proxy request:", err);
+        logger95.error("Error handling proxy request:", err);
         if (!res.headersSent) {
           res.writeHead(500, { "Content-Type": "text/plain" });
           res.end("Internal proxy error\n");
@@ -29609,7 +30197,7 @@ function startHttpProxy(port = 8118, host = "::") {
     });
     server.on("connect", (req, clientSocket, head) => {
       handleConnect(req, clientSocket, head).catch((err) => {
-        logger94.error("Error handling CONNECT:", err);
+        logger95.error("Error handling CONNECT:", err);
         try {
           clientSocket.write("HTTP/1.1 500 Internal Server Error\r\n\r\n");
           clientSocket.end();
@@ -29618,13 +30206,13 @@ function startHttpProxy(port = 8118, host = "::") {
       });
     });
     server.on("error", (err) => {
-      logger94.error("HTTP proxy server error:", err);
+      logger95.error("HTTP proxy server error:", err);
       reject(err);
     });
     server.listen(port, host, () => {
       server.removeAllListeners("error");
       server.on("error", (err) => {
-        logger94.error("HTTP proxy server error:", err);
+        logger95.error("HTTP proxy server error:", err);
       });
       let mode;
       if (isUnrestrictedMode(global.allowedDomains)) {
@@ -29634,7 +30222,7 @@ function startHttpProxy(port = 8118, host = "::") {
       } else {
         mode = "complete-isolation";
       }
-      logger94.debug(
+      logger95.debug(
         `HTTP proxy started on ${host}:${port} (mode=${mode}, allowed=${global.allowedDomains.length}, denied=${global.deniedDomains.length})`
       );
       resolve6(server);
@@ -29645,16 +30233,16 @@ function stopHttpProxy(server) {
   return new Promise((resolve6, reject) => {
     server.close((err) => {
       if (err) {
-        logger94.error("Error stopping HTTP proxy:", err);
+        logger95.error("Error stopping HTTP proxy:", err);
         reject(err);
       } else {
-        logger94.info("HTTP proxy stopped");
+        logger95.info("HTTP proxy stopped");
         resolve6();
       }
     });
   });
 }
-var logger94, blockedIpv4Ranges, blockedIpv6Ranges, blockedIpv4List, blockedIpv6List, globalConfig, proxyGrantStore, proxyPolicyStore, proxyEgressJudge, dnsLookupOverride;
+var logger95, blockedIpv4Ranges, blockedIpv6Ranges, blockedIpv4List, blockedIpv6List, globalConfig, proxyGrantStore, proxyPolicyStore, proxyEgressJudge, dnsLookupOverride;
 var init_http_proxy = __esm({
   "src/gateway/proxy/http-proxy.ts"() {
     "use strict";
@@ -29662,7 +30250,7 @@ var init_http_proxy = __esm({
     init_network_allowlist();
     init_revoked_token_store();
     init_judge();
-    logger94 = createLogger("http-proxy");
+    logger95 = createLogger("http-proxy");
     blockedIpv4Ranges = [
       ["0.0.0.0", 8],
       ["10.0.0.0", 8],
@@ -29711,26 +30299,26 @@ async function startFilteringProxy() {
   const host = "127.0.0.1";
   try {
     proxyServer = await startHttpProxy(port, host);
-    logger95.debug(`HTTP proxy started on ${host}:${port}`);
+    logger96.debug(`HTTP proxy started on ${host}:${port}`);
   } catch (error) {
-    logger95.error("Failed to start HTTP proxy:", error);
+    logger96.error("Failed to start HTTP proxy:", error);
     throw error;
   }
 }
 async function stopFilteringProxy() {
   if (proxyServer) {
-    logger95.info("Stopping HTTP proxy...");
+    logger96.info("Stopping HTTP proxy...");
     await stopHttpProxy(proxyServer);
     proxyServer = null;
   }
 }
-var logger95, proxyServer;
+var logger96, proxyServer;
 var init_proxy_manager = __esm({
   "src/gateway/proxy/proxy-manager.ts"() {
     "use strict";
     init_src();
     init_http_proxy();
-    logger95 = createLogger("proxy-manager");
+    logger96 = createLogger("proxy-manager");
     proxyServer = null;
     process.on("SIGTERM", async () => {
       await stopFilteringProxy();
@@ -43422,7 +44010,7 @@ async function createAuthRun(params) {
 async function createConnectorOperationRun(params) {
   const sql = getDb();
   const approvalStatus = params.approvalMode === "queued" ? "pending" : "auto";
-  const status = params.approvalMode === "queued" ? "pending" : "running";
+  const status = params.approvalMode === "inline" ? "running" : "pending";
   const defRows = await sql`
     SELECT version FROM connector_definitions
     WHERE key = ${params.connectorKey}
@@ -46929,7 +47517,7 @@ var init_rate_limiter2 = __esm({
 });
 
 // src/auth/oauth/routes.ts
-import { Hono as Hono21 } from "hono";
+import { Hono as Hono22 } from "hono";
 async function parseRequestBody(c) {
   const contentType = c.req.header("content-type") || "";
   if (contentType.includes("application/x-www-form-urlencoded")) {
@@ -47101,7 +47689,7 @@ var init_routes = __esm({
     init_scopes();
     init_utils();
     init_public_origin();
-    oauthRoutes = new Hono21();
+    oauthRoutes = new Hono22();
     oauthRoutes.get("/.well-known/oauth-protected-resource/:path{.+}", (c) => {
       const provider2 = getProvider(c);
       const metadata = provider2.getProtectedResourceMetadata();
@@ -47541,7 +48129,7 @@ var init_routes = __esm({
 
 // src/auth/routes.ts
 import { createHmac } from "node:crypto";
-import { Hono as Hono22 } from "hono";
+import { Hono as Hono23 } from "hono";
 function getAuthenticatedUser(c) {
   const user = c.get("user");
   if (!user) {
@@ -47648,7 +48236,7 @@ var init_routes2 = __esm({
     init_middleware2();
     init_clients();
     init_tokens();
-    credentialRoutes = new Hono22();
+    credentialRoutes = new Hono23();
     credentialRoutes.get("/accounts", requireAuth, async (c) => {
       const user = getAuthenticatedUser(c);
       const sql = createDbClientFromEnv(c.env);
@@ -47860,7 +48448,7 @@ var init_routes2 = __esm({
 
 // src/connect/routes.ts
 import { createHash as createHash12, randomBytes as randomBytes12 } from "node:crypto";
-import { Hono as Hono23 } from "hono";
+import { Hono as Hono24 } from "hono";
 import { createMiddleware } from "hono/factory";
 function buildPkceVerifier() {
   return randomBytes12(32).toString("base64url");
@@ -48152,7 +48740,7 @@ var init_routes3 = __esm({
       c.set("tokenRow", tokenRow);
       return next();
     });
-    connectRoutes = new Hono23();
+    connectRoutes = new Hono24();
     connectRoutes.get("/:token", async (c, next) => {
       const accept = c.req.header("Accept") ?? "";
       const token = c.req.param("token");
@@ -57835,6 +58423,86 @@ async function handleListAvailable(args, ctx) {
     offset: result.offset
   };
 }
+async function waitForDeviceActionRun(runId, organizationId) {
+  const sql = getDb();
+  const QUEUE_BUDGET_MS = 6e4;
+  const POST_CLAIM_BUDGET_MS = 95e3;
+  const POLL_MS = 500;
+  const queueDeadline = Date.now() + QUEUE_BUDGET_MS;
+  let claimedAtMs = null;
+  while (true) {
+    const rows = await sql`
+      SELECT status, action_output, error_message, claimed_at
+      FROM runs
+      WHERE id = ${runId} AND organization_id = ${organizationId}
+      LIMIT 1
+    `;
+    const row = rows[0];
+    if (!row) {
+      return {
+        status: "failed",
+        error_message: `Run ${runId} disappeared from runs table while waiting.`
+      };
+    }
+    if (row.status === "completed") {
+      return {
+        status: "completed",
+        output: row.action_output ?? {}
+      };
+    }
+    if (row.status === "failed" || row.status === "timeout") {
+      return {
+        status: row.status,
+        error_message: row.error_message ?? `Run ${runId} ${row.status}`
+      };
+    }
+    if (row.claimed_at && claimedAtMs == null) {
+      claimedAtMs = row.claimed_at instanceof Date ? row.claimed_at.getTime() : new Date(row.claimed_at).getTime();
+    }
+    const now = Date.now();
+    if (claimedAtMs != null) {
+      if (now - claimedAtMs >= POST_CLAIM_BUDGET_MS) break;
+    } else {
+      if (now >= queueDeadline) break;
+    }
+    await new Promise((r) => setTimeout(r, POLL_MS));
+  }
+  const updated = await sql`
+    UPDATE runs
+    SET status = 'timeout',
+        completed_at = current_timestamp,
+        error_message = ${"waitForDeviceActionRun: device worker did not complete in time"}
+    WHERE id = ${runId}
+      AND organization_id = ${organizationId}
+      AND status IN ('pending', 'running')
+    RETURNING id
+  `;
+  if (updated.length === 0) {
+    const finalRows = await sql`
+      SELECT status, action_output, error_message
+      FROM runs
+      WHERE id = ${runId} AND organization_id = ${organizationId}
+      LIMIT 1
+    `;
+    const final = finalRows[0];
+    if (final?.status === "completed") {
+      return {
+        status: "completed",
+        output: final.action_output ?? {}
+      };
+    }
+    if (final?.status === "failed") {
+      return {
+        status: "failed",
+        error_message: final.error_message ?? `Run ${runId} failed`
+      };
+    }
+  }
+  return {
+    status: "timeout",
+    error_message: claimedAtMs != null ? `Run ${runId} claimed but the device worker didn't finish within ${POST_CLAIM_BUDGET_MS}ms.` : `Run ${runId} was never claimed within ${QUEUE_BUDGET_MS}ms \u2014 the chrome-extension / device worker may be offline.`
+  };
+}
 async function handleExecute(args, env, ctx) {
   const sql = getDb();
   const resolved = await getOperationForConnection(
@@ -57857,13 +58525,23 @@ async function handleExecute(args, env, ctx) {
     };
   }
   const shouldQueue = mode === "approval";
+  const defRows = await sql`
+    SELECT runtime FROM connector_definitions
+    WHERE key = ${connection.connector_key}
+      AND organization_id = ${ctx.organizationId}
+      AND status = 'active'
+    ORDER BY updated_at DESC, id DESC
+    LIMIT 1
+  `;
+  const isDeviceBound = defRows[0]?.runtime != null;
+  const approvalMode = shouldQueue ? "queued" : isDeviceBound ? "device" : "inline";
   const runId = await createConnectorOperationRun({
     organizationId: ctx.organizationId,
     connectionId: connection.id,
     connectorKey: connection.connector_key,
     operationKey: operation.operation_key,
     operationInput: input,
-    approvalMode: shouldQueue ? "queued" : "inline",
+    approvalMode,
     requireCompiledCode: operation.backend === "local_action"
   });
   if (args.watcher_source) {
@@ -57938,6 +58616,31 @@ async function handleExecute(args, env, ctx) {
       message: `Operation '${operation.name}' requires approval. Share the approval_url with the user to confirm.`
     };
   }
+  if (approvalMode === "device") {
+    const result2 = await waitForDeviceActionRun(runId, ctx.organizationId);
+    if (result2.status === "completed") {
+      return {
+        action: "execute",
+        run_id: runId,
+        status: "completed",
+        output: result2.output ?? {}
+      };
+    }
+    if (result2.status === "timeout") {
+      return {
+        action: "execute",
+        run_id: runId,
+        status: "timeout",
+        error_message: result2.error_message ?? "Device action run timed out."
+      };
+    }
+    return {
+      action: "execute",
+      run_id: runId,
+      status: "failed",
+      error_message: result2.error_message ?? "Device action run failed."
+    };
+  }
   const result = await executeOperationInline(
     runId,
     ctx.organizationId,
@@ -67830,7 +68533,7 @@ async function sseToJson(response) {
   }
   return response;
 }
-function withSSEHeartbeat(response) {
+function withSSEHeartbeat(response, signal) {
   if (!response.headers.get("content-type")?.includes("text/event-stream") || !response.body) {
     return response;
   }
@@ -67851,22 +68554,37 @@ function withSSEHeartbeat(response) {
     if (intervalId) clearInterval(intervalId);
     writer.abort(reason).catch(() => void 0);
   };
+  const adapter = {
+    get aborted() {
+      return terminated;
+    },
+    get closed() {
+      return terminated;
+    },
+    abort() {
+      abortWriter(new Error("Request aborted"));
+    }
+  };
   intervalId = setInterval(() => {
     writer.write(heartbeat2).catch(() => abortWriter(new Error("SSE heartbeat write failed")));
   }, SSE_HEARTBEAT_INTERVAL_MS);
+  const detachAbortBridge = bindRequestAbortToStream(signal, adapter);
   response.body.pipeTo(
     new WritableStream({
       write(chunk) {
         return writer.write(chunk);
       },
       close() {
+        detachAbortBridge();
         closeWriter();
       },
       abort(reason) {
+        detachAbortBridge();
         abortWriter(reason);
       }
     })
   ).catch(() => {
+    detachAbortBridge();
     abortWriter(new Error("Source SSE stream error"));
   });
   return new Response(readable, { status: response.status, headers: response.headers });
@@ -67876,7 +68594,7 @@ async function handleAndMaybeConvert(transport, req, wantsSSE) {
   if (!wantsSSE && response.headers.get("content-type")?.includes("text/event-stream")) {
     return sseToJson(response);
   }
-  return withSSEHeartbeat(response);
+  return withSSEHeartbeat(response, req.signal);
 }
 async function resolveAuthWithInstructions(c, req) {
   const authCtx = extractAuthContext(c);
@@ -68110,6 +68828,7 @@ var MCP_PROTOCOL_VERSION2, SESSION_MAX_AGE_MS, SESSION_CLEANUP_INTERVAL_MS, sess
 var init_mcp_handler = __esm({
   "src/mcp-handler.ts"() {
     "use strict";
+    init_sse_abort_bridge();
     init_clients();
     init_tool_access();
     init_client();
@@ -68142,7 +68861,7 @@ var init_mcp_handler = __esm({
 });
 
 // src/lobu/client-routes.ts
-import { Hono as Hono24 } from "hono";
+import { Hono as Hono25 } from "hono";
 function isFirstPartyLobuClient(name, softwareId) {
   const s = (softwareId ?? "").trim().toLowerCase();
   if (s && LOBU_FIRST_PARTY_SOFTWARE_IDS.has(s)) return true;
@@ -68253,8 +68972,8 @@ var init_client_routes = __esm({
     init_client();
     init_mcp_handler();
     init_org_context();
-    routes = new Hono24();
-    platformSchemaRoutes = new Hono24();
+    routes = new Hono25();
+    platformSchemaRoutes = new Hono25();
     LOBU_FIRST_PARTY_SOFTWARE_IDS = /* @__PURE__ */ new Set([
       "lobu-cli",
       "lobu",
@@ -68543,7 +69262,7 @@ var init_client_routes = __esm({
 // src/lobu/agent-routes.ts
 import { readFile as readFile9 } from "node:fs/promises";
 import { resolve as resolve5 } from "node:path";
-import { Hono as Hono25 } from "hono";
+import { Hono as Hono26 } from "hono";
 function toStringArray(value) {
   if (Array.isArray(value)) return value.map(String);
   if (typeof value === "string") {
@@ -68793,7 +69512,7 @@ var init_agent_routes = __esm({
     init_gateway3();
     init_postgres_stores();
     init_org_context();
-    routes2 = new Hono25();
+    routes2 = new Hono26();
     configStore = createPostgresAgentConfigStore();
     connectionStore = createPostgresAgentConnectionStore();
     DEFAULT_PROVIDER_REGISTRY_CONFIG_PATH = resolve5(process.cwd(), "config/providers.json");
@@ -71520,6 +72239,192 @@ var init_join_public = __esm({
   }
 });
 
+// src/gateway/routes/internal/smoke.ts
+import { timingSafeEqual as timingSafeEqual3 } from "node:crypto";
+import { Hono as Hono27 } from "hono";
+function compareTokens(provided, expected) {
+  if (provided.length !== expected.length) return false;
+  try {
+    return timingSafeEqual3(Buffer.from(provided), Buffer.from(expected));
+  } catch {
+    return false;
+  }
+}
+function createSmokeRoutes() {
+  const app2 = new Hono27();
+  app2.post("/dispatch", async (c) => {
+    const expected = process.env.SMOKE_TEST_TOKEN ?? "";
+    const smokeAgentId = (process.env.SMOKE_TEST_AGENT_ID ?? "").trim();
+    const smokeOrgId = (process.env.SMOKE_TEST_ORG_ID ?? "").trim();
+    if (expected.length === 0 || smokeAgentId === "" || smokeOrgId === "") {
+      return c.json(
+        {
+          error: "Smoke dispatch disabled (SMOKE_TEST_TOKEN/SMOKE_TEST_AGENT_ID/SMOKE_TEST_ORG_ID unset)"
+        },
+        503
+      );
+    }
+    for (const h of FORWARDED_HEADERS) {
+      if (c.req.header(h)) {
+        logger97.warn(
+          `Smoke dispatch refused: ${h} header present (request came through ingress)`
+        );
+        return c.json({ error: "Forwarded request refused" }, 403);
+      }
+    }
+    const allowedHost = (process.env.SMOKE_TEST_ALLOWED_HOST ?? "").trim();
+    if (allowedHost !== "") {
+      const rawHost = (c.req.header("host") ?? "").toLowerCase();
+      const hostPart = rawHost.split(":")[0] ?? "";
+      const expected2 = allowedHost.toLowerCase();
+      if (hostPart !== expected2 && !hostPart.startsWith(`${expected2}.`)) {
+        logger97.warn(
+          `Smoke dispatch refused: Host '${rawHost}' does not match SMOKE_TEST_ALLOWED_HOST '${allowedHost}'`
+        );
+        return c.json({ error: "Host header refused" }, 403);
+      }
+    }
+    const auth = c.req.header("authorization") ?? "";
+    if (!auth.startsWith("Bearer ")) {
+      return c.json({ error: "Missing bearer token" }, 401);
+    }
+    const provided = auth.substring(7);
+    if (!compareTokens(provided, expected)) {
+      return c.json({ error: "Invalid smoke token" }, 401);
+    }
+    let body2;
+    try {
+      body2 = await c.req.json();
+    } catch {
+      return c.json({ error: "Invalid JSON body" }, 400);
+    }
+    const agentId = smokeAgentId;
+    const organizationId = smokeOrgId;
+    const conversationId = body2.conversationId?.trim();
+    const messageText = body2.messageText?.trim() || "smoke-test ping";
+    if (!conversationId) {
+      return c.json({ error: "conversationId is required" }, 400);
+    }
+    if (!conversationId.startsWith("smoke-")) {
+      return c.json(
+        {
+          error: "conversationId must start with 'smoke-' for safety"
+        },
+        400
+      );
+    }
+    const idempotencyKey = `smoke:${conversationId}`;
+    const messageId = `smoke-msg-${Date.now()}`;
+    const payload = {
+      platform: "smoke",
+      userId: "smoke-user",
+      botId: "smoke",
+      conversationId,
+      teamId: "smoke",
+      agentId,
+      organizationId,
+      messageId,
+      messageText,
+      channelId: conversationId,
+      platformMetadata: {
+        agentId,
+        chatId: conversationId,
+        senderId: "smoke-user",
+        responseChannel: conversationId,
+        responseId: messageId,
+        responseThreadId: conversationId
+      },
+      agentOptions: {}
+    };
+    const sql = getDb();
+    try {
+      const result = await sql`
+        INSERT INTO public.runs (
+          run_type,
+          queue_name,
+          action_input,
+          idempotency_key,
+          max_attempts,
+          attempts,
+          status,
+          run_at,
+          priority,
+          retry_delay_seconds
+        ) VALUES (
+          'chat_message',
+          'messages',
+          ${sql.json(payload)},
+          ${idempotencyKey},
+          1,
+          0,
+          'pending',
+          now(),
+          0,
+          NULL
+        )
+        ON CONFLICT (idempotency_key)
+          WHERE idempotency_key IS NOT NULL
+            AND status IN ('pending', 'claimed', 'running')
+        DO NOTHING
+        RETURNING id
+      `;
+      let runId = null;
+      if (result.length > 0 && result[0]) {
+        runId = Number(result[0].id);
+      } else {
+        const existing = await sql`
+          SELECT id FROM public.runs
+          WHERE idempotency_key = ${idempotencyKey}
+            AND status IN ('pending', 'claimed', 'running')
+          ORDER BY id DESC
+          LIMIT 1
+        `;
+        if (existing.length > 0 && existing[0]) {
+          runId = Number(existing[0].id);
+        }
+      }
+      if (runId === null) {
+        return c.json({ error: "Failed to enqueue smoke run" }, 500);
+      }
+      try {
+        await sql`SELECT pg_notify('runs_lobu:messages', 'chat_message')`;
+      } catch (err) {
+        logger97.warn(
+          `pg_notify after smoke dispatch failed (non-fatal): ${err instanceof Error ? err.message : String(err)}`
+        );
+      }
+      logger97.info(
+        `Smoke dispatch: runId=${runId} agentId=${agentId} org=${organizationId} conv=${conversationId}`
+      );
+      return c.json({ runId, idempotencyKey });
+    } catch (err) {
+      logger97.error(
+        `Smoke dispatch INSERT failed: ${err instanceof Error ? err.message : String(err)}`
+      );
+      return c.json({ error: "Internal error" }, 500);
+    }
+  });
+  return app2;
+}
+var logger97, FORWARDED_HEADERS;
+var init_smoke = __esm({
+  "src/gateway/routes/internal/smoke.ts"() {
+    "use strict";
+    init_src();
+    init_client();
+    logger97 = createLogger("smoke-dispatch");
+    FORWARDED_HEADERS = [
+      "x-forwarded-for",
+      "x-forwarded-host",
+      "x-forwarded-proto",
+      "x-forwarded-port",
+      "x-forwarded-server",
+      "x-real-ip",
+      "forwarded"
+    ];
+  }
+});
+
 // src/scheduled/check-due-feeds.ts
 async function materializeDueFeeds(env, db) {
   const sql = db ?? getDb();
@@ -71609,7 +72514,7 @@ async function createThreadForAgent(deps, args) {
     isEphemeral: false
   };
   await sessionManager.setSession(session);
-  logger96.info(
+  logger98.info(
     `Created thread ${conversationId} for agent ${agentId}${reason ? ` (reason=${reason})` : ""}`
   );
   return { threadId: conversationId, token, expiresAt };
@@ -71649,12 +72554,12 @@ async function enqueueAgentMessage(deps, args) {
   });
   return { messageId, jobId };
 }
-var logger96, TOKEN_EXPIRATION_MS2;
+var logger98, TOKEN_EXPIRATION_MS2;
 var init_agent_threads = __esm({
   "src/gateway/services/agent-threads.ts"() {
     "use strict";
     init_src();
-    logger96 = createLogger("agent-threads");
+    logger98 = createLogger("agent-threads");
     TOKEN_EXPIRATION_MS2 = 24 * 60 * 60 * 1e3;
   }
 });
@@ -73892,6 +74797,8 @@ async function postAuthSignal(c) {
 async function completeActionRun(c) {
   try {
     const req = await c.req.json();
+    const denied = await authorizeRunForWorker(c, req.run_id, req.worker_id);
+    if (denied) return denied;
     const sql = getDb();
     const updatedRuns = await sql`
       UPDATE runs
@@ -73900,8 +74807,17 @@ async function completeActionRun(c) {
           action_output = ${req.action_output ? sql.json(req.action_output) : null},
           error_message = ${req.error_message ?? null}
       WHERE id = ${req.run_id}
+        AND status = 'running'
+        AND claimed_by = ${req.worker_id}
       RETURNING organization_id, action_key
     `;
+    if (updatedRuns.length === 0) {
+      logger_default.info(
+        { run_id: req.run_id, worker_id: req.worker_id, claimed_status: req.status },
+        "[completeActionRun] no-op: run already in terminal state (likely gateway timeout)"
+      );
+      return c.json({ success: false, reason: "already_finalized" });
+    }
     const organizationId = updatedRuns[0]?.organization_id;
     const actionKey = updatedRuns[0]?.action_key ?? "Action";
     if (organizationId) {
@@ -74659,7 +75575,7 @@ __export(index_exports, {
 import fs5 from "node:fs/promises";
 import path9 from "node:path";
 import { fileURLToPath as fileURLToPath6 } from "node:url";
-import { Hono as Hono26 } from "hono";
+import { Hono as Hono28 } from "hono";
 import { compress } from "hono/compress";
 import { cors as cors2 } from "hono/cors";
 import { pinoLogger } from "hono-pino";
@@ -74839,12 +75755,14 @@ var init_index = __esm({
     init_logger();
     init_openapi_generator();
     init_public_origin();
+    init_embedded_deployment();
     init_scheduler_health();
     init_rate_limiter2();
     init_runtime_info();
     init_workspace();
     init_join_public();
     init_multi_tenant();
+    init_smoke();
     init_worker_api();
     LOCALHOST_HOSTNAMES2 = /* @__PURE__ */ new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
     STATIC_TEXT_CONTENT_TYPES = {
@@ -74869,7 +75787,7 @@ var init_index = __esm({
       ".woff2": "font/woff2"
     };
     APP_ROOT2 = path9.resolve(fileURLToPath6(new URL(".", import.meta.url)), "..");
-    app = new Hono26();
+    app = new Hono28();
     app.use("/*", compress({ threshold: 1024 }));
     app.use(
       "/*",
@@ -74901,8 +75819,13 @@ var init_index = __esm({
       if (contentType.startsWith("text/html")) {
         const rawFrameAncestors = c.env.FRAME_ANCESTORS?.trim();
         const frameAncestors = rawFrameAncestors ? rawFrameAncestors.split(/[\s,]+/).map((entry) => entry.trim()).filter((entry) => isValidFrameAncestor(entry)).join(" ") : "https://lobu.ai https://*.lobu.ai";
-        const path11 = new URL(c.req.url).pathname;
-        const extensionAllowed = path11 === "/embedded" ? " chrome-extension:" : "";
+        const extraExtensionIds = (c.env.LOBU_OWLETTO_EXTENSION_IDS ?? "").split(",").map((s) => s.trim()).filter((s) => /^[a-p]{32}$/.test(s));
+        const ownedExtensionIds = [
+          // canonical, derived from apps/chrome/manifest.json's `key`
+          "amnnhclgmbldmfcfamonoggjhfidemmm",
+          ...extraExtensionIds
+        ];
+        const extensionAllowed = ownedExtensionIds.map((id) => ` chrome-extension://${id}`).join("");
         c.header(
           "Content-Security-Policy",
           `frame-ancestors 'self' ${frameAncestors}${extensionAllowed}`
@@ -74974,6 +75897,17 @@ var init_index = __esm({
         );
       }
     });
+    app.get("/health/orchestrator", (c) => {
+      const count = getReservedLockCount();
+      const cap = getMaxReservedLocks();
+      const nearCap = cap > 0 && count >= Math.ceil(cap * 0.8);
+      return c.json({
+        status: "ok",
+        reserved_conversation_locks: count,
+        reserved_conversation_locks_cap: cap,
+        near_cap: nearCap
+      });
+    });
     app.get("/health/scheduler", async (c) => {
       try {
         const health = await getSchedulerHealth(c.env);
@@ -75052,6 +75986,7 @@ var init_index = __esm({
 </html>`);
     });
     app.get("/api/health", restHealth);
+    app.route("/api/internal/smoke", createSmokeRoutes());
     app.use("/api/workers/*", async (c, next) => {
       const expected = c.env.WORKER_API_TOKEN;
       const provided = c.req.header("Authorization")?.replace("Bearer ", "");
@@ -75067,7 +76002,13 @@ var init_index = __esm({
             "/api/workers/poll",
             "/api/workers/heartbeat",
             "/api/workers/stream",
-            "/api/workers/complete"
+            "/api/workers/complete",
+            // Action runs (run_type='action') finalize via /complete-action,
+            // which persists action_output. The handler still goes through
+            // authorizeRunForWorker so a user worker can only finalize runs
+            // it claimed. Required for chrome-extension action tools to
+            // return their observation back to the gateway.
+            "/api/workers/complete-action"
           ]);
           const requestPath = new URL(c.req.url).pathname;
           const isAuthProfileSubpath = requestPath.startsWith("/api/workers/me/auth-profiles");
@@ -75548,56 +76489,75 @@ async function reapStaleRuns() {
     try {
       const errorMessage3 = "worker_heartbeat_lost";
       const reaped = await reserved`
-        UPDATE public.runs
-        SET status = 'timeout',
-            completed_at = current_timestamp,
-            error_message = ${errorMessage3}
-        WHERE run_type IN ('sync', 'action', 'embed_backfill', 'auth')
-          AND status IN ('claimed', 'running')
-          AND (
-            (last_heartbeat_at IS NULL
-             AND COALESCE(claimed_at, created_at)
-                 < current_timestamp - (${thresholdSeconds}::int * interval '1 second'))
-            OR
-            (last_heartbeat_at IS NOT NULL
-             AND last_heartbeat_at
-                 < current_timestamp - (${thresholdSeconds}::int * interval '1 second'))
+        WITH timed_out AS (
+          UPDATE public.runs
+          SET status = 'timeout',
+              completed_at = current_timestamp,
+              error_message = ${errorMessage3}
+          WHERE run_type IN ('sync', 'action', 'embed_backfill', 'auth')
+            AND status IN ('claimed', 'running')
+            AND (
+              (last_heartbeat_at IS NULL
+               AND COALESCE(claimed_at, created_at)
+                   < current_timestamp - (${thresholdSeconds}::int * interval '1 second'))
+              OR
+              (last_heartbeat_at IS NOT NULL
+               AND last_heartbeat_at
+                   < current_timestamp - (${thresholdSeconds}::int * interval '1 second'))
+            )
+          RETURNING id, run_type, feed_id, connection_id, connector_key, connector_version, organization_id
+        ),
+        retries AS (
+          INSERT INTO public.runs (
+            organization_id, run_type, feed_id, connection_id,
+            connector_key, connector_version, status, approval_status, created_at
           )
-        RETURNING id, run_type, feed_id, connection_id, connector_key, connector_version, organization_id
+          SELECT
+            t.organization_id, 'sync', t.feed_id, t.connection_id,
+            t.connector_key, t.connector_version, 'pending', 'auto', current_timestamp
+          FROM timed_out t
+          WHERE t.run_type = 'sync'
+            AND t.feed_id IS NOT NULL
+            AND NOT EXISTS (
+              -- Look for an unrelated active sync run on the same feed.
+              -- Exclude timed_out.id because in PostgreSQL the sibling
+              -- CTE UPDATE is not visible here (all CTEs see the same
+              -- snapshot), so the row we just reaped still appears as
+              -- running. Without this exclusion, every reap would
+              -- dedupe against itself and no retries would ever land.
+              SELECT 1 FROM public.runs r
+              WHERE r.feed_id = t.feed_id
+                AND r.run_type = 'sync'
+                AND r.status IN ('pending', 'claimed', 'running')
+                AND r.id NOT IN (SELECT id FROM timed_out)
+            )
+          RETURNING id, feed_id
+        )
+        SELECT
+          (SELECT count(*)::int FROM timed_out) AS reaped,
+          (SELECT count(*)::int FROM retries) AS retries_created,
+          (SELECT count(*)::int FROM timed_out
+            WHERE run_type = 'sync' AND feed_id IS NOT NULL) AS sync_eligible
       `;
-      if (reaped.length === 0) {
+      const reapedRow = reaped[0];
+      const reapedCount = reapedRow?.reaped ?? 0;
+      const retriesCreated = reapedRow?.retries_created ?? 0;
+      const syncEligible = reapedRow?.sync_eligible ?? 0;
+      if (reapedCount === 0) {
         return { acquired: true, reaped: 0, retriesCreated: 0 };
       }
       logger_default.warn(
-        { reaped: reaped.length, thresholdSeconds },
+        { reaped: reapedCount, retriesCreated, thresholdSeconds },
         "[reaper] Marked stale connector runs as timeout (worker_heartbeat_lost)"
       );
-      let retriesCreated = 0;
-      for (const row of reaped) {
-        if (row.run_type !== "sync" || !row.feed_id) continue;
-        try {
-          await reserved`
-            INSERT INTO runs (
-              organization_id, run_type, feed_id, connection_id,
-              connector_key, connector_version, status, approval_status, created_at
-            ) VALUES (
-              ${row.organization_id}, 'sync', ${row.feed_id}, ${row.connection_id},
-              ${row.connector_key}, ${row.connector_version}, 'pending', 'auto', current_timestamp
-            )
-          `;
-          retriesCreated += 1;
-        } catch (err) {
-          if (isUniqueViolation(err, "idx_runs_active_sync_per_feed")) {
-            logger_default.info(
-              { feedId: row.feed_id },
-              "[reaper] Skipped sync retry \u2014 another active sync run exists"
-            );
-          } else {
-            logger_default.error({ err, runId: row.id }, "[reaper] Failed to insert sync retry");
-          }
-        }
+      const skippedRetries = syncEligible - retriesCreated;
+      if (skippedRetries > 0) {
+        logger_default.info(
+          { count: skippedRetries },
+          "[reaper] Skipped sync retries \u2014 another active sync run exists (ON CONFLICT DO NOTHING)"
+        );
       }
-      return { acquired: true, reaped: reaped.length, retriesCreated };
+      return { acquired: true, reaped: reapedCount, retriesCreated };
     } finally {
       await reserved`SELECT pg_advisory_unlock(${REAPER_ADVISORY_LOCK_KEY})`;
     }
@@ -75662,7 +76622,6 @@ var init_check_stalled_executions = __esm({
     init_client();
     init_connect_tokens();
     init_logger();
-    init_pg_errors();
     init_automation();
     REAPER_ADVISORY_LOCK_KEY = 1919841138;
     DEFAULT_STALE_AFTER_SECONDS = 120;
@@ -76189,13 +77148,13 @@ import * as Sentry7 from "@sentry/node";
 function cronSeedKey(name, tick) {
   return `cron:${name}:${tick.toISOString()}`;
 }
-var logger97, TASK_QUEUE_NAME, TaskScheduler;
+var logger99, TASK_QUEUE_NAME, TaskScheduler;
 var init_task_scheduler = __esm({
   "src/scheduled/task-scheduler.ts"() {
     "use strict";
     init_src();
     init_cron();
-    logger97 = createLogger("task-scheduler");
+    logger99 = createLogger("task-scheduler");
     TASK_QUEUE_NAME = "task";
     TaskScheduler = class {
       constructor(queue) {
@@ -76245,7 +77204,7 @@ var init_task_scheduler = __esm({
           try {
             await this.seedNextCronTick(reg);
           } catch (err) {
-            logger97.error(
+            logger99.error(
               { err, taskName: reg.name, cron: reg.cron },
               "[task-scheduler] Failed to seed cron row at boot; will retry in background"
             );
@@ -76254,7 +77213,7 @@ var init_task_scheduler = __esm({
         }
         await this.queue.work(TASK_QUEUE_NAME, (job) => this.dispatch(job));
         const periodic = [...this.handlers.values()].filter((r) => r.cron).length;
-        logger97.info(
+        logger99.info(
           { total: this.handlers.size, periodic },
           "[task-scheduler] Started"
         );
@@ -76266,12 +77225,12 @@ var init_task_scheduler = __esm({
           setTimeout(() => {
             if (!this.started) return;
             this.seedNextCronTick(reg).then(
-              () => logger97.info(
+              () => logger99.info(
                 { taskName: reg.name, cron: reg.cron, attempt: i + 1 },
                 "[task-scheduler] Recovered cron seed in background"
               )
             ).catch((err) => {
-              logger97.error(
+              logger99.error(
                 { err, taskName: reg.name, cron: reg.cron, attempt: i + 1 },
                 "[task-scheduler] Background cron seed retry failed"
               );
@@ -76294,7 +77253,7 @@ var init_task_scheduler = __esm({
         const data = job.data ?? { name: "", payload: {} };
         const reg = this.handlers.get(data.name);
         if (!reg) {
-          logger97.error(
+          logger99.error(
             { taskName: data.name, runId: job.id },
             "[task-scheduler] No handler registered for task; failing run"
           );
@@ -76803,6 +77762,9 @@ function normalizeServerConfig(raw) {
   if (typeof src.dataDir === "string" && src.dataDir.trim()) {
     out.dataDir = src.dataDir.trim();
   }
+  if (src.lifecycle === "managed" || src.lifecycle === "external") {
+    out.lifecycle = src.lifecycle;
+  }
   return Object.keys(out).length === 0 ? void 0 : out;
 }
 function applyUserServerConfigToEnv(configPath, contextOverride) {
@@ -76830,7 +77792,7 @@ import { pg_trgm } from "@electric-sql/pglite/contrib/pg_trgm";
 import { vector } from "@electric-sql/pglite/vector";
 import { PGLiteSocketServer } from "@electric-sql/pglite-socket";
 import { getRequestListener } from "@hono/node-server";
-import { Hono as Hono27 } from "hono";
+import { Hono as Hono29 } from "hono";
 
 // src/db/embedded-schema-patches.ts
 var EMBEDDED_SCHEMA_PATCHES = [
@@ -77626,6 +78588,30 @@ var EMBEDDED_SCHEMA_PATCHES = [
             AND run_type IN ('sync', 'action', 'embed_backfill', 'auth')
       `);
     }
+  },
+  {
+    id: "runs-heartbeat-inflight-narrow",
+    apply: async (sql) => {
+      await sql.unsafe(`DROP INDEX IF EXISTS public.idx_runs_heartbeat_inflight`);
+      await sql.unsafe(`
+        CREATE INDEX IF NOT EXISTS idx_runs_heartbeat_inflight
+          ON public.runs (last_heartbeat_at)
+          WHERE status IN ('claimed', 'running')
+            AND run_type IN ('sync', 'auth')
+      `);
+    }
+  },
+  {
+    id: "runs-heartbeat-inflight-widen",
+    apply: async (sql) => {
+      await sql.unsafe(`DROP INDEX IF EXISTS public.idx_runs_heartbeat_inflight`);
+      await sql.unsafe(`
+        CREATE INDEX IF NOT EXISTS idx_runs_heartbeat_inflight
+          ON public.runs (last_heartbeat_at)
+          WHERE status IN ('claimed', 'running')
+            AND run_type IN ('sync', 'action', 'embed_backfill', 'auth')
+      `);
+    }
   }
 ];
 
@@ -77733,7 +78719,7 @@ async function main() {
   const stopScheduler = () => taskScheduler.stop();
   const { startStaleRunReaper: startStaleRunReaper2 } = await Promise.resolve().then(() => (init_check_stalled_executions(), check_stalled_executions_exports));
   const stopReaper = startStaleRunReaper2();
-  const wrapper = new Hono27();
+  const wrapper = new Hono29();
   wrapper.use("*", async (c, next) => {
     const incoming = c.env?.incoming;
     const peerRemoteAddress = incoming?.socket?.remoteAddress ?? null;