npm - @poncho-ai/harness - Versions diffs - 0.34.0 → 0.35.0 - Mend

@poncho-ai/harness 0.34.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/index.js CHANGED Viewed

@@ -397,10 +397,11 @@ var estimateTotalTokens = (systemPrompt, messages, toolDefinitionsJson) => {
       return sum + 200;
     }, 0);
   }
+  let tokens = Math.ceil(chars / 4 * OVERHEAD_MULTIPLIER);
   if (toolDefinitionsJson) {
-    chars += toolDefinitionsJson.length;
+    tokens += Math.ceil(toolDefinitionsJson.length / 6);
   }
-  return Math.ceil(chars / 4 * OVERHEAD_MULTIPLIER);
+  return tokens;
 };
 var findSafeSplitPoint = (messages, keepRecentMessages) => {
   const candidateIdx = messages.length - keepRecentMessages;
@@ -1449,6 +1450,112 @@ Available memory tools:
 - \`memory_main_write\` \u2014 overwrite the entire memory document
 - \`memory_main_edit\` \u2014 edit memory via exact string replacement (\`old_str\` / \`new_str\`)
 - \`conversation_recall\` \u2014 search past conversations
+## Multi-Tenancy
+Deploy one agent and let many users (tenants) use it, each with fully isolated data. Multi-tenancy is opt-in \u2014 it activates automatically when a valid tenant JWT is received. Existing single-user deployments work unchanged.
+### How it works
+1. **Builder creates a JWT** for each tenant, signed with \`PONCHO_AUTH_TOKEN\` (HS256).
+2. **Tenant accesses the agent** using \`?token=<jwt>\` in the web UI URL, or \`Authorization: Bearer <jwt>\` for API calls.
+3. **All data is scoped** \u2014 conversations, memory, reminders, and todos are isolated per tenant.
+### Creating tenant tokens
+Using the CLI (for development/testing):
+\`\`\`bash
+poncho auth create-token --tenant acme-corp --ttl 24h
+\`\`\`
+Using the client SDK (for your backend):
+\`\`\`typescript
+import { createTenantToken } from "@poncho-ai/client";
+const token = await createTenantToken({
+  signingKey: process.env.PONCHO_AUTH_TOKEN,
+  tenantId: "acme-corp",
+  expiresIn: "1h",
+  metadata: { plan: "pro" },  // optional, stored in JWT \`meta\` claim
+});
+// Give this URL to the tenant:
+const url = \`https://my-agent.example.com/?token=\${token}\`;
+\`\`\`
+Or use any HS256 JWT library in any language \u2014 set \`sub\` to the tenant ID.
+### Tenant-scoped API access
+\`\`\`typescript
+import { AgentClient, createTenantToken } from "@poncho-ai/client";
+const token = await createTenantToken({
+  signingKey: process.env.PONCHO_AUTH_TOKEN,
+  tenantId: "acme-corp",
+  expiresIn: "1h",
+});
+const client = new AgentClient({
+  url: "https://my-agent.example.com",
+  token,  // tenant-scoped access
+});
+const conversations = await client.listConversations(); // only acme-corp's
+\`\`\`
+### Per-tenant secrets
+Tenants can provide their own API keys for MCP integrations. Declare which env vars are tenant-managed in \`poncho.config.js\`:
+\`\`\`javascript
+export default {
+  tenantSecrets: {
+    LINEAR_API_KEY: "Linear API Key",
+    GITHUB_TOKEN: "GitHub Token",
+  },
+  mcp: [
+    { url: "https://mcp.linear.app/sse", auth: { type: "bearer", tokenEnv: "LINEAR_API_KEY" } },
+  ],
+};
+\`\`\`
+When a tenant sets their \`LINEAR_API_KEY\` through the web UI settings panel (or API), MCP tool calls for that tenant use their key. If the tenant hasn't set it, the agent falls back to \`process.env.LINEAR_API_KEY\`.
+Builders can also set secrets for tenants via CLI:
+\`\`\`bash
+poncho secrets set --tenant acme-corp LINEAR_API_KEY lk_acme_123
+poncho secrets list --tenant acme-corp
+poncho secrets delete --tenant acme-corp LINEAR_API_KEY
+\`\`\`
+Secrets are encrypted at rest (AES-256-GCM) using a key derived from \`PONCHO_AUTH_TOKEN\`.
+### Auth model
+| Access type | Token | Scope |
+|---|---|---|
+| **Builder** | \`Authorization: Bearer <PONCHO_AUTH_TOKEN>\` | Full admin access |
+| **Tenant** | \`Authorization: Bearer <JWT>\` or \`?token=<JWT>\` | Scoped to one tenant |
+| **Anonymous** | No token (when \`auth.required\` is false) | Legacy single-user mode |
+### What's isolated per tenant
+- Conversations and message history
+- Persistent memory
+- Reminders
+- Todos
+- Secrets (MCP auth tokens)
+- Subagent conversations
+### Limitations
+- **No tenant registry**: builders can't enumerate all tenants. Cron jobs and reminders run in agent scope, not per-tenant.
+- **No token revocation**: use short TTLs (1h recommended). Stateless JWTs can't be individually revoked.
+- **\`PONCHO_AUTH_TOKEN\` is immutable**: rotating it invalidates all tenant JWTs and encrypted secrets.
 `,
   "configuration": `# Configuration & Security
@@ -1531,6 +1638,14 @@ export default {
   // When auth.required is true:
   // - Web UI: users enter the passphrase (value of PONCHO_AUTH_TOKEN env var)
   // - API: clients include Authorization: Bearer <token> header
+  // - Tenants: use JWT tokens (see Multi-Tenancy in docs/features.md)
+  // Per-tenant secrets (optional). Tenants can set their own values for these
+  // env vars via the web UI settings panel or API. Used for MCP auth tokens.
+  // tenantSecrets: {
+  //   LINEAR_API_KEY: 'Linear API Key',
+  //   GITHUB_TOKEN: 'GitHub Token',
+  // },
   // Model provider API key env var overrides (optional)
   providers: {
@@ -2101,8 +2216,8 @@ var ponchoDocsTool = defineTool({
 // src/harness.ts
 import { randomUUID as randomUUID3 } from "crypto";
-import { readFile as readFile10 } from "fs/promises";
-import { resolve as resolve12 } from "path";
+import { readFile as readFile11 } from "fs/promises";
+import { resolve as resolve13 } from "path";
 import { defineTool as defineTool8, getTextContent as getTextContent2 } from "@poncho-ai/sdk";
 // src/upload-store.ts
@@ -2615,20 +2730,25 @@ var InMemoryMemoryStore = class {
 var FileMainMemoryStore = class {
   workingDir;
   filePath = "";
+  customRelPath;
   ttlMs;
   loaded = false;
   writing = Promise.resolve();
   mainMemory = { ...DEFAULT_MAIN_MEMORY };
-  constructor(workingDir, ttlSeconds) {
+  constructor(workingDir, ttlSeconds, customRelPath) {
     this.workingDir = workingDir;
     this.ttlMs = typeof ttlSeconds === "number" ? ttlSeconds * 1e3 : void 0;
+    this.customRelPath = customRelPath;
   }
   async ensureFilePath() {
     if (this.filePath) {
       return;
     }
     const identity = await ensureAgentIdentity(this.workingDir);
-    this.filePath = resolve6(getAgentStoreDirectory(identity), LOCAL_MEMORY_FILE);
+    this.filePath = resolve6(
+      getAgentStoreDirectory(identity),
+      this.customRelPath ?? LOCAL_MEMORY_FILE
+    );
   }
   isExpired(updatedAt) {
     return typeof this.ttlMs === "number" && Date.now() - updatedAt > this.ttlMs;
@@ -2724,7 +2844,15 @@ var createMemoryStore = (agentId, config, options) => {
   const provider = config?.provider ?? "local";
   const ttl = config?.ttl;
   const workingDir = options?.workingDir ?? process.cwd();
+  const tenantId = options?.tenantId;
   if (provider === "local") {
+    if (tenantId) {
+      return new FileMainMemoryStore(
+        workingDir,
+        ttl,
+        `tenants/${slugifyStorageComponent(tenantId)}/${LOCAL_MEMORY_FILE}`
+      );
+    }
     return new FileMainMemoryStore(workingDir, ttl);
   }
   if (provider === "memory") {
@@ -2732,7 +2860,8 @@ var createMemoryStore = (agentId, config, options) => {
   }
   const kv = createRawKVStore(config);
   if (kv) {
-    const storageKey = `poncho:${STORAGE_SCHEMA_VERSION}:${slugifyStorageComponent(agentId)}:memory:main`;
+    const base = `poncho:${STORAGE_SCHEMA_VERSION}:${slugifyStorageComponent(agentId)}`;
+    const storageKey = tenantId ? `${base}:t:${slugifyStorageComponent(tenantId)}:memory:main` : `${base}:memory:main`;
     return new KVBackedMemoryStore(kv, storageKey, ttl);
   }
   return new InMemoryMemoryStore(ttl);
@@ -2767,6 +2896,7 @@ var buildRecallSnippet = (content, query, maxChars = 360) => {
   return content.slice(start, end);
 };
 var createMemoryTools = (store, options) => {
+  const resolveStore = typeof store === "function" ? store : () => store;
   const maxRecallConversations = Math.max(1, options?.maxRecallConversations ?? 20);
   return [
     defineTool2({
@@ -2777,8 +2907,8 @@ var createMemoryTools = (store, options) => {
         properties: {},
         additionalProperties: false
       },
-      handler: async () => {
-        const memory = await store.getMainMemory();
+      handler: async (_input, context) => {
+        const memory = await resolveStore(context).getMainMemory();
         return { memory };
       }
     }),
@@ -2796,12 +2926,12 @@ var createMemoryTools = (store, options) => {
         required: ["content"],
         additionalProperties: false
       },
-      handler: async (input) => {
+      handler: async (input, context) => {
         const content = typeof input.content === "string" ? input.content.trim() : "";
         if (!content) {
           throw new Error("content is required");
         }
-        const memory = await store.updateMainMemory({ content });
+        const memory = await resolveStore(context).updateMainMemory({ content });
         return { ok: true, memory };
       }
     }),
@@ -2823,13 +2953,13 @@ var createMemoryTools = (store, options) => {
         required: ["old_str", "new_str"],
         additionalProperties: false
       },
-      handler: async (input) => {
+      handler: async (input, context) => {
         const oldStr = typeof input.old_str === "string" ? input.old_str : "";
         const newStr = typeof input.new_str === "string" ? input.new_str : "";
         if (!oldStr) {
           throw new Error("old_str must not be empty.");
         }
-        const current = await store.getMainMemory();
+        const current = await resolveStore(context).getMainMemory();
         const content = current.content;
         const first = content.indexOf(oldStr);
         if (first === -1) {
@@ -2844,7 +2974,7 @@ var createMemoryTools = (store, options) => {
           );
         }
         const newContent = content.slice(0, first) + newStr + content.slice(first + oldStr.length);
-        const memory = await store.updateMainMemory({ content: newContent });
+        const memory = await resolveStore(context).updateMainMemory({ content: newContent });
         return { ok: true, memory };
       }
     }),
@@ -3207,7 +3337,8 @@ var InMemoryReminderStore = class {
       status: "pending",
       createdAt: Date.now(),
       conversationId: input.conversationId,
-      ownerId: input.ownerId
+      ownerId: input.ownerId,
+      tenantId: input.tenantId
     };
     this.reminders = pruneStale(this.reminders);
     this.reminders.push(reminder);
@@ -3266,7 +3397,8 @@ var FileReminderStore = class {
       status: "pending",
       createdAt: Date.now(),
       conversationId: input.conversationId,
-      ownerId: input.ownerId
+      ownerId: input.ownerId,
+      tenantId: input.tenantId
     };
     let reminders = await this.readAll();
     reminders = pruneStale(reminders);
@@ -3392,6 +3524,171 @@ var createReminderStore = (agentId, config, options) => {
   return new InMemoryReminderStore();
 };
+// src/secrets-store.ts
+import { createCipheriv, createDecipheriv, randomBytes, createHash as createHash3 } from "crypto";
+import { mkdir as mkdir6, readFile as readFile8, writeFile as writeFile7 } from "fs/promises";
+import { dirname as dirname5, resolve as resolve9 } from "path";
+function deriveKey(signingKey) {
+  return createHash3("sha256").update("poncho-secrets-v1:" + signingKey).digest();
+}
+function encrypt(plaintext, key) {
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", key, iv);
+  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("base64"),
+    ct: ct.toString("base64"),
+    tag: tag.toString("base64")
+  };
+}
+function decrypt(blob, key) {
+  const decipher = createDecipheriv(
+    "aes-256-gcm",
+    key,
+    Buffer.from(blob.iv, "base64")
+  );
+  decipher.setAuthTag(Buffer.from(blob.tag, "base64"));
+  return Buffer.concat([
+    decipher.update(Buffer.from(blob.ct, "base64")),
+    decipher.final()
+  ]).toString("utf8");
+}
+var FileSecretsStore = class {
+  workingDir;
+  encKey;
+  constructor(workingDir, signingKey) {
+    this.workingDir = workingDir;
+    this.encKey = deriveKey(signingKey);
+  }
+  async filePath(tenantId) {
+    const identity = await ensureAgentIdentity(this.workingDir);
+    const dir = resolve9(
+      getAgentStoreDirectory(identity),
+      "tenants",
+      slugifyStorageComponent(tenantId)
+    );
+    return resolve9(dir, "secrets.json");
+  }
+  async readAll(tenantId) {
+    try {
+      const raw = await readFile8(await this.filePath(tenantId), "utf8");
+      return JSON.parse(raw);
+    } catch {
+      return {};
+    }
+  }
+  async writeAll(tenantId, data) {
+    const fp = await this.filePath(tenantId);
+    await mkdir6(dirname5(fp), { recursive: true });
+    await writeFile7(fp, JSON.stringify(data, null, 2), "utf8");
+  }
+  async get(tenantId) {
+    const data = await this.readAll(tenantId);
+    const result = {};
+    for (const [k, blob] of Object.entries(data)) {
+      try {
+        result[k] = decrypt(blob, this.encKey);
+      } catch {
+      }
+    }
+    return result;
+  }
+  async set(tenantId, key, value) {
+    const data = await this.readAll(tenantId);
+    data[key] = encrypt(value, this.encKey);
+    await this.writeAll(tenantId, data);
+  }
+  async delete(tenantId, key) {
+    const data = await this.readAll(tenantId);
+    delete data[key];
+    await this.writeAll(tenantId, data);
+  }
+  async list(tenantId) {
+    const data = await this.readAll(tenantId);
+    return Object.keys(data);
+  }
+};
+var KVSecretsStore = class {
+  kv;
+  baseKey;
+  encKey;
+  ttl;
+  constructor(kv, baseKey, signingKey, ttl) {
+    this.kv = kv;
+    this.baseKey = baseKey;
+    this.encKey = deriveKey(signingKey);
+    this.ttl = ttl;
+  }
+  kvKey(tenantId) {
+    return `${this.baseKey}:t:${slugifyStorageComponent(tenantId)}:secrets`;
+  }
+  async readAll(tenantId) {
+    try {
+      const raw = await this.kv.get(this.kvKey(tenantId));
+      if (!raw) return {};
+      return JSON.parse(raw);
+    } catch {
+      return {};
+    }
+  }
+  async writeAll(tenantId, data) {
+    const key = this.kvKey(tenantId);
+    const value = JSON.stringify(data);
+    if (this.ttl) {
+      await this.kv.setWithTtl(key, value, this.ttl);
+    } else {
+      await this.kv.set(key, value);
+    }
+  }
+  async get(tenantId) {
+    const data = await this.readAll(tenantId);
+    const result = {};
+    for (const [k, blob] of Object.entries(data)) {
+      try {
+        result[k] = decrypt(blob, this.encKey);
+      } catch {
+      }
+    }
+    return result;
+  }
+  async set(tenantId, key, value) {
+    const data = await this.readAll(tenantId);
+    data[key] = encrypt(value, this.encKey);
+    await this.writeAll(tenantId, data);
+  }
+  async delete(tenantId, key) {
+    const data = await this.readAll(tenantId);
+    delete data[key];
+    await this.writeAll(tenantId, data);
+  }
+  async list(tenantId) {
+    const data = await this.readAll(tenantId);
+    return Object.keys(data);
+  }
+};
+var createSecretsStore = (agentId, signingKey, config, options) => {
+  const provider = config?.provider ?? "local";
+  const ttl = typeof config?.ttl === "number" ? config.ttl : void 0;
+  const workingDir = options?.workingDir ?? process.cwd();
+  if (provider === "local" || provider === "memory") {
+    return new FileSecretsStore(workingDir, signingKey);
+  }
+  const kv = createRawKVStore(config);
+  if (kv) {
+    const baseKey = `poncho:${STORAGE_SCHEMA_VERSION}:${slugifyStorageComponent(agentId)}`;
+    return new KVSecretsStore(kv, baseKey, signingKey, ttl);
+  }
+  return new FileSecretsStore(workingDir, signingKey);
+};
+async function resolveEnv(secretsStore, tenantId, envName) {
+  if (tenantId && secretsStore) {
+    const secrets = await secretsStore.get(tenantId);
+    if (secrets[envName]) return secrets[envName];
+  }
+  return process.env[envName];
+}
 // src/reminder-tools.ts
 import { defineTool as defineTool4 } from "@poncho-ai/sdk";
 var VALID_STATUSES2 = ["pending", "cancelled"];
@@ -3464,7 +3761,8 @@ var createReminderTools = (store) => [
         task,
         scheduledAt,
         timezone,
-        conversationId
+        conversationId,
+        tenantId: context.tenantId
       });
       return {
         ok: true,
@@ -3492,8 +3790,11 @@ var createReminderTools = (store) => [
       },
       additionalProperties: false
     },
-    handler: async (input) => {
+    handler: async (input, context) => {
       let reminders = await store.list();
+      if (context.tenantId) {
+        reminders = reminders.filter((r) => r.tenantId === context.tenantId);
+      }
       const status = typeof input.status === "string" ? input.status : void 0;
       if (status && VALID_STATUSES2.includes(status)) {
         reminders = reminders.filter((r) => r.status === status);
@@ -3525,9 +3826,16 @@ var createReminderTools = (store) => [
       required: ["id"],
       additionalProperties: false
     },
-    handler: async (input) => {
+    handler: async (input, context) => {
       const id = typeof input.id === "string" ? input.id.trim() : "";
       if (!id) throw new Error("id is required");
+      if (context.tenantId) {
+        const all = await store.list();
+        const target = all.find((r) => r.id === id);
+        if (target && target.tenantId !== context.tenantId) {
+          throw new Error("Reminder not found");
+        }
+      }
       const cancelled = await store.cancel(id);
       return {
         ok: true,
@@ -3750,6 +4058,14 @@ var LocalMcpBridge = class {
   toolCatalog = /* @__PURE__ */ new Map();
   unavailableServers = /* @__PURE__ */ new Map();
   authFailedServers = /* @__PURE__ */ new Set();
+  envResolver;
+  /**
+   * Set a resolver for per-tenant env vars (e.g. MCP auth tokens).
+   * Called by the harness after creating the secrets store.
+   */
+  setEnvResolver(resolver) {
+    this.envResolver = resolver;
+  }
   constructor(config) {
     this.remoteServers = (config?.mcp ?? []).filter(
       (entry) => typeof entry.url === "string"
@@ -3789,8 +4105,11 @@ var LocalMcpBridge = class {
     }
     console.info(`[poncho][mcp] ${line}`);
   }
+  /** Set of servers where discovery was deferred (no default token, has env resolver). */
+  deferredDiscoveryServers = /* @__PURE__ */ new Set();
   async discoverTools() {
     this.toolCatalog.clear();
+    this.deferredDiscoveryServers.clear();
     for (const remoteServer of this.remoteServers) {
       const name = this.getServerName(remoteServer);
       if (this.unavailableServers.has(name)) {
@@ -3811,6 +4130,11 @@ var LocalMcpBridge = class {
       } catch (error) {
         const message = error instanceof Error ? error.message : String(error);
         if (error instanceof McpHttpError && error.status === 401) {
+          if (this.envResolver && remoteServer.auth?.tokenEnv) {
+            this.deferredDiscoveryServers.add(name);
+            this.log("info", "catalog.deferred", { server: name, reason: "auth_deferred_to_tenant" });
+            continue;
+          }
           this.authFailedServers.add(name);
           this.log("warn", "auth.failed", {
             server: name,
@@ -3823,6 +4147,57 @@ var LocalMcpBridge = class {
       }
     }
   }
+  /**
+   * Run deferred discovery and return ToolDefinitions for all newly discovered tools.
+   * Call this during run() so the tools are available to the model immediately.
+   */
+  async discoverAndLoadDeferred(tenantId) {
+    if (this.deferredDiscoveryServers.size === 0) return [];
+    for (const server of this.remoteServers) {
+      await this.tryDeferredDiscovery(server, tenantId);
+    }
+    const tools = [];
+    for (const server of this.remoteServers) {
+      const name = this.getServerName(server);
+      if (!server.auth?.tokenEnv) continue;
+      const discovered = this.toolCatalog.get(name);
+      if (!discovered || discovered.length === 0) continue;
+      const client = this.rpcClients.get(name);
+      if (!client) continue;
+      tools.push(...this.toToolDefinitions(name, discovered, client, server));
+    }
+    return tools;
+  }
+  async tryDeferredDiscovery(server, tenantId) {
+    const name = this.getServerName(server);
+    if (!this.deferredDiscoveryServers.has(name)) return;
+    if (this.toolCatalog.has(name)) return;
+    const tokenEnv = server.auth?.tokenEnv;
+    if (!tokenEnv || !this.envResolver) return;
+    const token = await this.envResolver(tenantId, tokenEnv);
+    if (!token) return;
+    try {
+      const probeClient = new StreamableHttpMcpRpcClient(
+        server.url,
+        server.timeoutMs ?? 1e4,
+        token,
+        server.headers
+      );
+      const discovered = await probeClient.listTools();
+      this.toolCatalog.set(name, discovered);
+      this.deferredDiscoveryServers.delete(name);
+      this.log("info", "catalog.loaded", {
+        server: name,
+        discoveredCount: discovered.length,
+        via: "deferred_tenant_discovery"
+      });
+    } catch (error) {
+      this.log("warn", "catalog.deferred_failed", {
+        server: name,
+        error: error instanceof Error ? error.message : String(error)
+      });
+    }
+  }
   async startLocalServers() {
     this.unavailableServers.clear();
     for (const server of this.remoteServers) {
@@ -3831,15 +4206,21 @@ var LocalMcpBridge = class {
       if (tokenEnv) {
         const token = process.env[tokenEnv];
         if (!token || token.trim().length === 0) {
-          this.unavailableServers.set(
-            name,
-            `Missing bearer token value from env var ${tokenEnv}`
-          );
-          this.log("warn", "auth.token_missing", {
+          if (!this.envResolver) {
+            this.unavailableServers.set(
+              name,
+              `Missing bearer token value from env var ${tokenEnv}`
+            );
+            this.log("warn", "auth.token_missing", {
+              server: name,
+              tokenEnv
+            });
+            continue;
+          }
+          this.log("info", "auth.token_deferred", {
             server: name,
             tokenEnv
           });
-          continue;
         }
       }
       this.rpcClients.set(
@@ -3903,6 +4284,29 @@ var LocalMcpBridge = class {
     }
     return output.sort();
   }
+  hasDeferredServers() {
+    return this.deferredDiscoveryServers.size > 0;
+  }
+  /**
+   * Return ToolDefinitions for catalog tools not already registered in the dispatcher.
+   */
+  getUnregisteredTools(registeredNames) {
+    const tools = [];
+    for (const server of this.remoteServers) {
+      const name = this.getServerName(server);
+      const discovered = this.toolCatalog.get(name);
+      if (!discovered || discovered.length === 0) continue;
+      const client = this.rpcClients.get(name);
+      if (!client) continue;
+      const unregistered = discovered.filter(
+        (d) => !registeredNames.has(`${name}/${d.name}`)
+      );
+      if (unregistered.length > 0) {
+        tools.push(...this.toToolDefinitions(name, unregistered, client, server));
+      }
+    }
+    return tools;
+  }
   async loadTools(requestedPatterns) {
     for (const [index, pattern] of requestedPatterns.entries()) {
       validateMcpPattern(pattern, `requestedPatterns[${index}]`);
@@ -3934,7 +4338,7 @@ var LocalMcpBridge = class {
       const selectedDescriptors = discovered.filter(
         (descriptor) => selectedRawNames.has(descriptor.name)
       );
-      tools.push(...this.toToolDefinitions(serverName, selectedDescriptors, client));
+      tools.push(...this.toToolDefinitions(serverName, selectedDescriptors, client, server));
     }
     this.log("info", "tools.selected", {
       requestedPatternCount: requestedPatterns.length,
@@ -3944,7 +4348,7 @@ var LocalMcpBridge = class {
     });
     return tools;
   }
-  toToolDefinitions(serverName, tools, client) {
+  toToolDefinitions(serverName, tools, client, server) {
     return tools.map((tool) => ({
       name: `${serverName}/${tool.name}`,
       description: tool.description ?? `MCP tool ${tool.name} from ${serverName}`,
@@ -3952,9 +4356,23 @@ var LocalMcpBridge = class {
         type: "object",
         properties: {}
       },
-      handler: async (input) => {
+      handler: async (input, context) => {
         try {
-          return await client.callTool(tool.name, input);
+          const tokenEnv = server?.auth?.tokenEnv;
+          let callClient = client;
+          if (tokenEnv && this.envResolver && context?.tenantId) {
+            const tenantToken = await this.envResolver(context.tenantId, tokenEnv);
+            const defaultToken = process.env[tokenEnv];
+            if (tenantToken && tenantToken !== defaultToken) {
+              callClient = new StreamableHttpMcpRpcClient(
+                server.url,
+                server.timeoutMs ?? 1e4,
+                tenantToken,
+                server.headers
+              );
+            }
+          }
+          return await callClient.callTool(tool.name, input);
         } catch (error) {
           if (error instanceof McpHttpError && error.status === 401) {
             this.authFailedServers.add(serverName);
@@ -3985,8 +4403,8 @@ import { createAnthropic } from "@ai-sdk/anthropic";
 // src/openai-codex-auth.ts
 import { homedir as homedir3 } from "os";
-import { dirname as dirname5, resolve as resolve9 } from "path";
-import { mkdir as mkdir6, readFile as readFile8, chmod, writeFile as writeFile7, rm as rm3 } from "fs/promises";
+import { dirname as dirname6, resolve as resolve10 } from "path";
+import { mkdir as mkdir7, readFile as readFile9, chmod, writeFile as writeFile8, rm as rm3 } from "fs/promises";
 var OPENAI_CODEX_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
 var OPENAI_AUTH_ISSUER = "https://auth.openai.com";
 var REFRESH_TOKEN_GRACE_MS = 5 * 60 * 1e3;
@@ -4018,14 +4436,14 @@ var getOpenAICodexAuthFilePath = (config) => {
   const env = defaultedConfig(config);
   const fromEnv = process.env[env.authFilePathEnv];
   if (typeof fromEnv === "string" && fromEnv.trim().length > 0) {
-    return resolve9(fromEnv);
+    return resolve10(fromEnv);
   }
-  return resolve9(homedir3(), ".poncho", "auth", "openai-codex.json");
+  return resolve10(homedir3(), ".poncho", "auth", "openai-codex.json");
 };
 var readOpenAICodexSession = async (config) => {
   const filePath = getOpenAICodexAuthFilePath(config);
   try {
-    const content = await readFile8(filePath, "utf8");
+    const content = await readFile9(filePath, "utf8");
     const parsed = JSON.parse(content);
     if (typeof parsed.refreshToken !== "string" || parsed.refreshToken.length === 0) {
       return void 0;
@@ -4042,12 +4460,12 @@ var readOpenAICodexSession = async (config) => {
 };
 var writeOpenAICodexSession = async (session, config) => {
   const filePath = getOpenAICodexAuthFilePath(config);
-  await mkdir6(dirname5(filePath), { recursive: true });
+  await mkdir7(dirname6(filePath), { recursive: true });
   const payload = {
     ...session,
     updatedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
-  await writeFile7(filePath, `${JSON.stringify(payload, null, 2)}
+  await writeFile8(filePath, `${JSON.stringify(payload, null, 2)}
 `, "utf8");
   await chmod(filePath, 384);
 };
@@ -4360,8 +4778,8 @@ var createModelProvider = (provider, config) => {
 };
 // src/skill-context.ts
-import { readFile as readFile9, readdir as readdir2, stat } from "fs/promises";
-import { dirname as dirname6, resolve as resolve10, normalize } from "path";
+import { readFile as readFile10, readdir as readdir2, stat } from "fs/promises";
+import { dirname as dirname7, resolve as resolve11, normalize } from "path";
 import YAML3 from "yaml";
 var DEFAULT_SKILL_DIRS = ["skills"];
 var resolveSkillDirs = (workingDir, extraPaths) => {
@@ -4373,7 +4791,7 @@ var resolveSkillDirs = (workingDir, extraPaths) => {
       }
     }
   }
-  return dirs.map((d) => resolve10(workingDir, d));
+  return dirs.map((d) => resolve11(workingDir, d));
 };
 var FRONTMATTER_PATTERN3 = /^---\s*\n([\s\S]*?)\n---\s*\n?([\s\S]*)$/;
 var asRecord2 = (value) => typeof value === "object" && value !== null ? value : {};
@@ -4442,7 +4860,7 @@ var collectSkillManifests = async (directory) => {
   const entries = await readdir2(directory, { withFileTypes: true });
   const files = [];
   for (const entry of entries) {
-    const fullPath = resolve10(directory, entry.name);
+    const fullPath = resolve11(directory, entry.name);
     let isDir = entry.isDirectory();
     let isFile = entry.isFile();
     if (entry.isSymbolicLink()) {
@@ -4477,13 +4895,13 @@ var loadSkillMetadata = async (workingDir, extraSkillPaths) => {
   const seen = /* @__PURE__ */ new Set();
   for (const manifest of allManifests) {
     try {
-      const content = await readFile9(manifest, "utf8");
+      const content = await readFile10(manifest, "utf8");
       const parsed = parseSkillFrontmatter(content);
       if (parsed && !seen.has(parsed.name)) {
         seen.add(parsed.name);
         skills.push({
           ...parsed,
-          skillDir: dirname6(manifest),
+          skillDir: dirname7(manifest),
           skillPath: manifest
         });
       }
@@ -4522,7 +4940,7 @@ ${xmlSkills}
 };
 var escapeXml = (value) => value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&apos;");
 var loadSkillInstructions = async (skill) => {
-  const content = await readFile9(skill.skillPath, "utf8");
+  const content = await readFile10(skill.skillPath, "utf8");
   const match = content.match(FRONTMATTER_PATTERN3);
   return match ? match[2].trim() : content.trim();
 };
@@ -4531,11 +4949,11 @@ var readSkillResource = async (skill, relativePath) => {
   if (normalized.startsWith("..") || normalized.startsWith("/")) {
     throw new Error("Path must be relative and within the skill directory");
   }
-  const fullPath = resolve10(skill.skillDir, normalized);
+  const fullPath = resolve11(skill.skillDir, normalized);
   if (!fullPath.startsWith(skill.skillDir)) {
     throw new Error("Path escapes the skill directory");
   }
-  return await readFile9(fullPath, "utf8");
+  return await readFile10(fullPath, "utf8");
 };
 var MAX_INSTRUCTIONS_PER_SKILL = 1200;
 var loadSkillContext = async (workingDir) => {
@@ -4654,7 +5072,7 @@ function convertSchema(schema) {
 // src/skill-tools.ts
 import { defineTool as defineTool5 } from "@poncho-ai/sdk";
 import { access as access2, readdir as readdir3, stat as stat2 } from "fs/promises";
-import { extname, normalize as normalize2, resolve as resolve11, sep as sep2 } from "path";
+import { extname, normalize as normalize2, resolve as resolve12, sep as sep2 } from "path";
 import { pathToFileURL } from "url";
 import { createJiti as createJiti2 } from "jiti";
 var createSkillTools = (skills, options) => {
@@ -4912,7 +5330,7 @@ var collectScriptFiles = async (directory) => {
     if (entry.name === "node_modules") {
       continue;
     }
-    const fullPath = resolve11(directory, entry.name);
+    const fullPath = resolve12(directory, entry.name);
     let isDir = entry.isDirectory();
     let isFile = entry.isFile();
     if (entry.isSymbolicLink()) {
@@ -4951,8 +5369,8 @@ var normalizeScriptPolicyPath = (relativePath) => {
 };
 var resolveScriptPath = (baseDir, relativePath, containmentDir) => {
   const normalized = normalizeScriptPolicyPath(relativePath);
-  const fullPath = resolve11(baseDir, normalized);
-  const boundary = resolve11(containmentDir ?? baseDir);
+  const fullPath = resolve12(baseDir, normalized);
+  const boundary = resolve12(containmentDir ?? baseDir);
   if (!fullPath.startsWith(`${boundary}${sep2}`) && fullPath !== boundary) {
     throw new Error("Script path must stay inside the allowed directory");
   }
@@ -5058,8 +5476,8 @@ function applyRateLimitCooldown(retryAfterHeader) {
 async function runWithSearchThrottle(fn) {
   const previous = searchQueue;
   let release;
-  searchQueue = new Promise((resolve14) => {
-    release = resolve14;
+  searchQueue = new Promise((resolve15) => {
+    release = resolve15;
   });
   await previous.catch(() => {
   });
@@ -5265,7 +5683,8 @@ var createSubagentTools = (manager) => [
       const { subagentId } = await manager.spawn({
         task: task.trim(),
         parentConversationId: conversationId,
-        ownerId
+        ownerId,
+        tenantId: context.tenantId
       });
       return { subagentId, status: "running" };
     }
@@ -5350,8 +5769,12 @@ import { OTLPTraceExporter } from "@opentelemetry/exporter-trace-otlp-http";
 // src/telemetry.ts
 var MAX_FIELD_LENGTH = 200;
+var OMIT_FROM_LOG = /* @__PURE__ */ new Set(["continuationMessages", "_harnessMessages", "messages", "compactedHistory"]);
 function sanitizeEventForLog(event) {
-  return JSON.stringify(event, (_key, value) => {
+  return JSON.stringify(event, (key, value) => {
+    if (OMIT_FROM_LOG.has(key) && Array.isArray(value)) {
+      return `[${value.length} messages]`;
+    }
     if (typeof value === "string" && value.length > MAX_FIELD_LENGTH) {
       return `${value.slice(0, 80)}...[${value.length} chars]`;
     }
@@ -6001,8 +6424,11 @@ var AgentHarness = class _AgentHarness {
   uploadStore;
   skillContextWindow = "";
   memoryStore;
+  tenantMemoryStores = /* @__PURE__ */ new Map();
+  memoryConfig;
   todoStore;
   reminderStore;
+  secretsStore;
   loadedConfig;
   loadedSkills = [];
   skillFingerprint = "";
@@ -6287,6 +6713,28 @@ var AgentHarness = class _AgentHarness {
     if (!this.todoStore) return [];
     return this.todoStore.get(conversationId);
   }
+  /**
+   * Get a memory store, optionally scoped to a tenant.
+   * Returns the default (agent-wide) store when tenantId is null/undefined.
+   */
+  getMemoryStore(tenantId) {
+    if (!this.memoryConfig?.enabled) return void 0;
+    if (!tenantId) return this.memoryStore;
+    let store = this.tenantMemoryStores.get(tenantId);
+    if (!store) {
+      const agentId = this.parsedAgent?.frontmatter.id ?? this.parsedAgent?.frontmatter.name ?? "unknown";
+      store = createMemoryStore(agentId, this.memoryConfig, {
+        workingDir: this.workingDir,
+        tenantId
+      });
+      this.tenantMemoryStores.set(tenantId, store);
+      if (this.tenantMemoryStores.size > 100) {
+        const oldest = this.tenantMemoryStores.keys().next().value;
+        if (oldest) this.tenantMemoryStores.delete(oldest);
+      }
+    }
+    return store;
+  }
   listActiveSkills() {
     return [...this.activeSkillNames].sort();
   }
@@ -6517,8 +6965,8 @@ var AgentHarness = class _AgentHarness {
       return false;
     }
     try {
-      const agentFilePath = resolve12(this.workingDir, "AGENT.md");
-      const rawContent = await readFile10(agentFilePath, "utf8");
+      const agentFilePath = resolve13(this.workingDir, "AGENT.md");
+      const rawContent = await readFile11(agentFilePath, "utf8");
       if (rawContent === this.agentFileFingerprint) {
         return false;
       }
@@ -6587,8 +7035,8 @@ var AgentHarness = class _AgentHarness {
     }
   }
   async initialize() {
-    const agentFilePath = resolve12(this.workingDir, "AGENT.md");
-    const agentRawContent = await readFile10(agentFilePath, "utf8");
+    const agentFilePath = resolve13(this.workingDir, "AGENT.md");
+    const agentRawContent = await readFile11(agentFilePath, "utf8");
     this.parsedAgent = parseAgentMarkdown(agentRawContent);
     this.agentFileFingerprint = agentRawContent;
     const identity = await ensureAgentIdentity(this.workingDir);
@@ -6612,6 +7060,7 @@ var AgentHarness = class _AgentHarness {
     this.skillFingerprint = this.buildSkillFingerprint(skillMetadata);
     this.registerSkillTools(skillMetadata);
     const agentId = this.parsedAgent.frontmatter.id ?? this.parsedAgent.frontmatter.name;
+    this.memoryConfig = memoryConfig ?? void 0;
     if (memoryConfig?.enabled) {
       this.memoryStore = createMemoryStore(
         agentId,
@@ -6619,9 +7068,10 @@ var AgentHarness = class _AgentHarness {
         { workingDir: this.workingDir }
       );
       this.dispatcher.registerMany(
-        createMemoryTools(this.memoryStore, {
-          maxRecallConversations: memoryConfig.maxRecallConversations
-        })
+        createMemoryTools(
+          (ctx) => this.getMemoryStore(ctx.tenantId) ?? this.memoryStore,
+          { maxRecallConversations: memoryConfig.maxRecallConversations }
+        )
       );
     }
     const stateConfig = resolveStateConfig(config);
@@ -6646,6 +7096,14 @@ var AgentHarness = class _AgentHarness {
         );
       });
     }
+    const authTokenEnv = config?.auth?.tokenEnv ?? "PONCHO_AUTH_TOKEN";
+    const authToken = process.env[authTokenEnv];
+    if (authToken) {
+      this.secretsStore = createSecretsStore(agentId, authToken, stateConfig, { workingDir: this.workingDir });
+      bridge.setEnvResolver(async (tenantId, envName) => {
+        return resolveEnv(this.secretsStore, tenantId, envName);
+      });
+    }
     await bridge.startLocalServers();
     await bridge.discoverTools();
     await this.refreshMcpTools("initialize");
@@ -6679,14 +7137,14 @@ var AgentHarness = class _AgentHarness {
       const filePath = pathResolve(stateDir, `${sessionId}.json`);
       return {
         async save(json) {
-          const { mkdir: mkdir8, writeFile: writeFile9 } = await import("fs/promises");
-          await mkdir8(stateDir, { recursive: true });
-          await writeFile9(filePath, json, "utf8");
+          const { mkdir: mkdir9, writeFile: writeFile10 } = await import("fs/promises");
+          await mkdir9(stateDir, { recursive: true });
+          await writeFile10(filePath, json, "utf8");
         },
         async load() {
-          const { readFile: readFile12 } = await import("fs/promises");
+          const { readFile: readFile13 } = await import("fs/promises");
           try {
-            return await readFile12(filePath, "utf8");
+            return await readFile13(filePath, "utf8");
           } catch {
             return void 0;
           }
@@ -6752,7 +7210,7 @@ var AgentHarness = class _AgentHarness {
     let browserMod;
     try {
       const { existsSync } = await import("fs");
-      const { join, dirname: dirname8 } = await import("path");
+      const { join, dirname: dirname9 } = await import("path");
       const { pathToFileURL: pathToFileURL2 } = await import("url");
       let searchDir = this.workingDir;
       let entryPath;
@@ -6762,7 +7220,7 @@ var AgentHarness = class _AgentHarness {
           entryPath = candidate;
           break;
         }
-        const parent = dirname8(searchDir);
+        const parent = dirname9(searchDir);
         if (parent === searchDir) break;
         searchDir = parent;
       }
@@ -6838,7 +7296,8 @@ var AgentHarness = class _AgentHarness {
         kind: SpanKind.INTERNAL,
         attributes: {
           "gen_ai.operation.name": "invoke_agent",
-          ...input.conversationId ? { "gen_ai.conversation.id": input.conversationId } : {}
+          ...input.conversationId ? { "gen_ai.conversation.id": input.conversationId } : {},
+          ...input.tenantId ? { "tenant.id": input.tenantId } : {}
         }
       });
       const spanContext = trace.setSpan(otelContext.active(), rootSpan);
@@ -6884,10 +7343,18 @@ var AgentHarness = class _AgentHarness {
     if (!this.parsedAgent) {
       await this.initialize();
     }
-    const memoryPromise = this.memoryStore ? this.memoryStore.getMainMemory() : void 0;
+    const activeMemoryStore = this.getMemoryStore(input.tenantId);
+    const memoryPromise = activeMemoryStore ? activeMemoryStore.getMainMemory() : void 0;
     const todosPromise = this.todoStore ? this.todoStore.get(input.conversationId ?? "__default__") : void 0;
     await this.refreshAgentIfChanged();
     await this.refreshSkillsIfChanged();
+    if (input.tenantId && this.mcpBridge?.hasDeferredServers()) {
+      const newTools = await this.mcpBridge.discoverAndLoadDeferred(input.tenantId);
+      for (const tool of newTools) {
+        this.dispatcher.register(tool);
+        this.registeredMcpToolNames.add(tool.name);
+      }
+    }
     let agent = this.parsedAgent;
     const runId = `run_${randomUUID3()}`;
     const start = now();
@@ -7289,19 +7756,24 @@ ${textContent}` };
                   };
                 }
                 let resolvedData;
-                if (part.data.startsWith(PONCHO_UPLOAD_SCHEME) && this.uploadStore) {
-                  const buf = await this.uploadStore.get(part.data);
-                  resolvedData = buf.toString("base64");
-                } else if (part.data.startsWith("https://") || part.data.startsWith("http://")) {
-                  if (this.uploadStore) {
+                try {
+                  if (part.data.startsWith(PONCHO_UPLOAD_SCHEME) && this.uploadStore) {
                     const buf = await this.uploadStore.get(part.data);
                     resolvedData = buf.toString("base64");
+                  } else if (part.data.startsWith("https://") || part.data.startsWith("http://")) {
+                    if (this.uploadStore) {
+                      const buf = await this.uploadStore.get(part.data);
+                      resolvedData = buf.toString("base64");
+                    } else {
+                      const resp = await fetch(part.data);
+                      resolvedData = Buffer.from(await resp.arrayBuffer()).toString("base64");
+                    }
                   } else {
-                    const resp = await fetch(part.data);
-                    resolvedData = Buffer.from(await resp.arrayBuffer()).toString("base64");
+                    resolvedData = part.data;
                   }
-                } else {
-                  resolvedData = part.data;
+                } catch {
+                  const label = part.filename ?? part.mediaType;
+                  return { type: "text", text: `[Attached file: ${label} \u2014 file is no longer available]` };
                 }
                 if (isSupportedImage) {
                   return {
@@ -7330,8 +7802,8 @@ ${textContent}` };
         const compactionConfig = resolveCompactionConfig(agent.frontmatter.compaction);
         if (compactionConfig.enabled && (step === 1 || step % COMPACTION_CHECK_INTERVAL_STEPS === 0)) {
           const estimated = estimateTotalTokens(systemPrompt, messages, toolDefsJsonForEstimate);
-          const lastReportedInput = totalInputTokens > 0 ? totalInputTokens : 0;
-          const effectiveTokens = Math.max(estimated, lastReportedInput);
+          const lastReportedContext = latestContextTokens > 0 ? latestContextTokens + toolOutputEstimateSinceModel : 0;
+          const effectiveTokens = Math.max(estimated, lastReportedContext);
           if (effectiveTokens > compactionConfig.trigger * contextWindow) {
             yield pushEvent({ type: "compaction:started", estimatedTokens: effectiveTokens });
             const compactResult = await compactMessages(
@@ -7439,8 +7911,8 @@ ${textContent}` };
               let timer;
               nextPart = await Promise.race([
                 fullStreamIterator.next(),
-                new Promise((resolve14) => {
-                  timer = setTimeout(() => resolve14(null), effectiveTimeout);
+                new Promise((resolve15) => {
+                  timer = setTimeout(() => resolve15(null), effectiveTimeout);
                 })
               ]);
               clearTimeout(timer);
@@ -7658,7 +8130,8 @@ ${textContent}` };
           workingDir: this.workingDir,
           parameters: input.parameters ?? {},
           abortSignal: input.abortSignal,
-          conversationId: input.conversationId
+          conversationId: input.conversationId,
+          tenantId: input.tenantId
         };
         const toolResultsForModel = [];
         const richToolResults = [];
@@ -7760,7 +8233,7 @@ ${textContent}` };
           const raced = await Promise.race([
             this.dispatcher.executeBatch(approvedCalls, toolContext),
             new Promise(
-              (resolve14) => setTimeout(() => resolve14(TOOL_DEADLINE_SENTINEL), toolDeadlineRemainingMs)
+              (resolve15) => setTimeout(() => resolve15(TOOL_DEADLINE_SENTINEL), toolDeadlineRemainingMs)
             )
           ]);
           if (raced === TOOL_DEADLINE_SENTINEL) {
@@ -8133,8 +8606,8 @@ ${this.skillFingerprint}`;
 // src/state.ts
 import { randomUUID as randomUUID4 } from "crypto";
-import { mkdir as mkdir7, readFile as readFile11, readdir as readdir4, rename as rename4, rm as rm4, writeFile as writeFile8 } from "fs/promises";
-import { dirname as dirname7, resolve as resolve13 } from "path";
+import { mkdir as mkdir8, readFile as readFile12, readdir as readdir4, rename as rename4, rm as rm4, writeFile as writeFile9 } from "fs/promises";
+import { dirname as dirname8, resolve as resolve14 } from "path";
 var DEFAULT_OWNER = "local-owner";
 var LOCAL_STATE_FILE = "state.json";
 var CONVERSATIONS_DIRECTORY = "conversations";
@@ -8150,9 +8623,9 @@ var toStoreIdentity = async ({
   return { name: ensured.name, id: agentId };
 };
 var writeJsonAtomic4 = async (filePath, payload) => {
-  await mkdir7(dirname7(filePath), { recursive: true });
+  await mkdir8(dirname8(filePath), { recursive: true });
   const tmpPath = `${filePath}.tmp`;
-  await writeFile8(tmpPath, JSON.stringify(payload, null, 2), "utf8");
+  await writeFile9(tmpPath, JSON.stringify(payload, null, 2), "utf8");
   await rename4(tmpPath, filePath);
 };
 var formatUtcTimestamp = (value) => new Date(value).toISOString().replace(/[-:]/g, "").replace(/\.\d{3}Z$/, "Z");
@@ -8248,18 +8721,19 @@ var InMemoryConversationStore = class {
       }
     }
   }
-  async list(ownerId) {
+  async list(ownerId, tenantId) {
     this.purgeExpired();
-    return Array.from(this.conversations.values()).filter((conversation) => !ownerId || conversation.ownerId === ownerId).sort((a, b) => b.updatedAt - a.updatedAt);
+    return Array.from(this.conversations.values()).filter((conversation) => !ownerId || conversation.ownerId === ownerId).filter((c) => tenantId === void 0 || c.tenantId === tenantId).sort((a, b) => b.updatedAt - a.updatedAt);
   }
-  async listSummaries(ownerId) {
+  async listSummaries(ownerId, tenantId) {
     this.purgeExpired();
-    return Array.from(this.conversations.values()).filter((c) => !ownerId || c.ownerId === ownerId).sort((a, b) => b.updatedAt - a.updatedAt).map((c) => ({
+    return Array.from(this.conversations.values()).filter((c) => !ownerId || c.ownerId === ownerId).filter((c) => tenantId === void 0 || c.tenantId === tenantId).sort((a, b) => b.updatedAt - a.updatedAt).map((c) => ({
       conversationId: c.conversationId,
       title: c.title,
       updatedAt: c.updatedAt,
       createdAt: c.createdAt,
       ownerId: c.ownerId,
+      tenantId: c.tenantId,
       parentConversationId: c.parentConversationId,
       messageCount: c.messages.length,
       hasPendingApprovals: Array.isArray(c.pendingApprovals) && c.pendingApprovals.length > 0,
@@ -8270,14 +8744,14 @@ var InMemoryConversationStore = class {
     this.purgeExpired();
     return this.conversations.get(conversationId);
   }
-  async create(ownerId = DEFAULT_OWNER, title) {
+  async create(ownerId = DEFAULT_OWNER, title, tenantId = null) {
     const now2 = Date.now();
     const conversation = {
       conversationId: globalThis.crypto?.randomUUID?.() ?? `${now2}-${Math.random()}`,
       title: normalizeTitle(title),
       messages: [],
       ownerId,
-      tenantId: null,
+      tenantId,
       createdAt: now2,
       updatedAt: now2
     };
@@ -8341,8 +8815,8 @@ var FileConversationStore = class {
       agentId: this.agentId
     });
     const agentDir = getAgentStoreDirectory(identity);
-    const conversationsDir = resolve13(agentDir, CONVERSATIONS_DIRECTORY);
-    const indexPath = resolve13(conversationsDir, LOCAL_CONVERSATION_INDEX_FILE);
+    const conversationsDir = resolve14(agentDir, CONVERSATIONS_DIRECTORY);
+    const indexPath = resolve14(conversationsDir, LOCAL_CONVERSATION_INDEX_FILE);
     this.paths = { conversationsDir, indexPath };
     return this.paths;
   }
@@ -8356,9 +8830,9 @@ var FileConversationStore = class {
   }
   async readConversationFile(fileName) {
     const { conversationsDir } = await this.resolvePaths();
-    const filePath = resolve13(conversationsDir, fileName);
+    const filePath = resolve14(conversationsDir, fileName);
     try {
-      const raw = await readFile11(filePath, "utf8");
+      const raw = await readFile12(filePath, "utf8");
       return JSON.parse(raw);
     } catch {
       return void 0;
@@ -8383,6 +8857,7 @@ var FileConversationStore = class {
           updatedAt: conversation.updatedAt,
           createdAt: conversation.createdAt,
           ownerId: conversation.ownerId,
+          tenantId: conversation.tenantId,
           fileName: entry.name,
           parentConversationId: conversation.parentConversationId,
           messageCount: conversation.messages.length,
@@ -8404,7 +8879,7 @@ var FileConversationStore = class {
     this.loaded = true;
     const { indexPath } = await this.resolvePaths();
     try {
-      const raw = await readFile11(indexPath, "utf8");
+      const raw = await readFile12(indexPath, "utf8");
       const parsed = JSON.parse(raw);
       for (const conversation of parsed.conversations ?? []) {
         this.conversations.set(conversation.conversationId, conversation);
@@ -8427,7 +8902,7 @@ var FileConversationStore = class {
     const { conversationsDir } = await this.resolvePaths();
     const existing = this.conversations.get(conversation.conversationId);
     const fileName = existing?.fileName ?? this.resolveConversationFileName(conversation);
-    const filePath = resolve13(conversationsDir, fileName);
+    const filePath = resolve14(conversationsDir, fileName);
     this.writing = this.writing.then(async () => {
       await writeJsonAtomic4(filePath, conversation);
       this.conversations.set(conversation.conversationId, {
@@ -8436,6 +8911,7 @@ var FileConversationStore = class {
         updatedAt: conversation.updatedAt,
         createdAt: conversation.createdAt,
         ownerId: conversation.ownerId,
+        tenantId: conversation.tenantId,
         fileName,
         parentConversationId: conversation.parentConversationId,
         messageCount: conversation.messages.length,
@@ -8446,9 +8922,9 @@ var FileConversationStore = class {
     });
     await this.writing;
   }
-  async list(ownerId) {
+  async list(ownerId, tenantId) {
     await this.ensureLoaded();
-    const summaries = Array.from(this.conversations.values()).filter((conversation) => !ownerId || conversation.ownerId === ownerId).sort((a, b) => b.updatedAt - a.updatedAt);
+    const summaries = Array.from(this.conversations.values()).filter((conversation) => !ownerId || conversation.ownerId === ownerId).filter((c) => tenantId === void 0 || (c.tenantId ?? null) === tenantId).sort((a, b) => b.updatedAt - a.updatedAt);
     const conversations = [];
     for (const summary of summaries) {
       const loaded = await this.readConversationFile(summary.fileName);
@@ -8458,14 +8934,15 @@ var FileConversationStore = class {
     }
     return conversations;
   }
-  async listSummaries(ownerId) {
+  async listSummaries(ownerId, tenantId) {
     await this.ensureLoaded();
-    return Array.from(this.conversations.values()).filter((c) => !ownerId || c.ownerId === ownerId).sort((a, b) => b.updatedAt - a.updatedAt).map((c) => ({
+    return Array.from(this.conversations.values()).filter((c) => !ownerId || c.ownerId === ownerId).filter((c) => tenantId === void 0 || (c.tenantId ?? null) === tenantId).sort((a, b) => b.updatedAt - a.updatedAt).map((c) => ({
       conversationId: c.conversationId,
       title: c.title,
       updatedAt: c.updatedAt,
       createdAt: c.createdAt,
       ownerId: c.ownerId,
+      tenantId: c.tenantId,
       parentConversationId: c.parentConversationId,
       messageCount: c.messageCount,
       hasPendingApprovals: c.hasPendingApprovals,
@@ -8480,7 +8957,7 @@ var FileConversationStore = class {
     }
     return await this.readConversationFile(summary.fileName);
   }
-  async create(ownerId = DEFAULT_OWNER, title) {
+  async create(ownerId = DEFAULT_OWNER, title, tenantId = null) {
     await this.ensureLoaded();
     const now2 = Date.now();
     const conversation = {
@@ -8488,7 +8965,7 @@ var FileConversationStore = class {
       title: normalizeTitle(title),
       messages: [],
       ownerId,
-      tenantId: null,
+      tenantId,
       createdAt: now2,
       updatedAt: now2
     };
@@ -8525,7 +9002,7 @@ var FileConversationStore = class {
     if (removed) {
       this.writing = this.writing.then(async () => {
         if (existing) {
-          await rm4(resolve13(conversationsDir, existing.fileName), { force: true });
+          await rm4(resolve14(conversationsDir, existing.fileName), { force: true });
         }
         await this.writeIndex();
       });
@@ -8547,7 +9024,7 @@ var FileConversationStore = class {
     const summary = this.conversations.get(conversationId);
     if (!summary) return void 0;
     const { conversationsDir } = await this.resolvePaths();
-    const filePath = resolve13(conversationsDir, summary.fileName);
+    const filePath = resolve14(conversationsDir, summary.fileName);
     let result;
     this.writing = this.writing.then(async () => {
       const conv = await this.readConversationFile(summary.fileName);
@@ -8586,7 +9063,7 @@ var FileStateStore = class {
       workingDir: this.workingDir,
       agentId: this.agentId
     });
-    this.filePath = resolve13(getAgentStoreDirectory(identity), LOCAL_STATE_FILE);
+    this.filePath = resolve14(getAgentStoreDirectory(identity), LOCAL_STATE_FILE);
   }
   isExpired(state) {
     return typeof this.ttlMs === "number" && Date.now() - state.updatedAt > this.ttlMs;
@@ -8598,7 +9075,7 @@ var FileStateStore = class {
     }
     this.loaded = true;
     try {
-      const raw = await readFile11(this.filePath, "utf8");
+      const raw = await readFile12(this.filePath, "utf8");
       const parsed = JSON.parse(raw);
       for (const state of parsed.states ?? []) {
         this.states.set(state.runId, state);
@@ -8731,10 +9208,10 @@ var KeyValueConversationStoreBase = class {
       return void 0;
     }
   }
-  async list(ownerId) {
+  async list(ownerId, tenantId) {
     const kv = await this.client();
     if (!kv) {
-      return await this.memoryFallback.list(ownerId);
+      return await this.memoryFallback.list(ownerId, tenantId);
     }
     if (!ownerId) {
       return [];
@@ -8747,16 +9224,19 @@ var KeyValueConversationStoreBase = class {
     for (const raw of rawValues) {
       if (!raw) continue;
       try {
-        conversations.push(JSON.parse(raw));
+        const conv = JSON.parse(raw);
+        if (tenantId === void 0 || conv.tenantId === tenantId) {
+          conversations.push(conv);
+        }
       } catch {
       }
     }
     return conversations.sort((a, b) => b.updatedAt - a.updatedAt);
   }
-  async listSummaries(ownerId) {
+  async listSummaries(ownerId, tenantId) {
     const kv = await this.client();
     if (!kv) {
-      return await this.memoryFallback.listSummaries(ownerId);
+      return await this.memoryFallback.listSummaries(ownerId, tenantId);
     }
     if (!ownerId) {
       return [];
@@ -8770,13 +9250,14 @@ var KeyValueConversationStoreBase = class {
       if (!raw) continue;
       try {
         const meta = JSON.parse(raw);
-        if (meta.ownerId === ownerId) {
+        if (meta.ownerId === ownerId && (tenantId === void 0 || (meta.tenantId ?? null) === tenantId)) {
           summaries.push({
             conversationId: meta.conversationId,
             title: meta.title,
             updatedAt: meta.updatedAt,
             createdAt: meta.createdAt,
             ownerId: meta.ownerId,
+            tenantId: meta.tenantId,
             parentConversationId: meta.parentConversationId,
             messageCount: meta.messageCount,
             hasPendingApprovals: meta.hasPendingApprovals,
@@ -8803,14 +9284,14 @@ var KeyValueConversationStoreBase = class {
       return void 0;
     }
   }
-  async create(ownerId = DEFAULT_OWNER, title) {
+  async create(ownerId = DEFAULT_OWNER, title, tenantId = null) {
     const now2 = Date.now();
     const conversation = {
       conversationId: globalThis.crypto?.randomUUID?.() ?? `${now2}-${Math.random()}`,
       title: normalizeTitle(title),
       messages: [],
       ownerId,
-      tenantId: null,
+      tenantId,
       createdAt: now2,
       updatedAt: now2
     };
@@ -8839,6 +9320,7 @@ var KeyValueConversationStoreBase = class {
         updatedAt: nextConversation.updatedAt,
         createdAt: nextConversation.createdAt,
         ownerId: nextConversation.ownerId,
+        tenantId: nextConversation.tenantId,
         parentConversationId: nextConversation.parentConversationId,
         messageCount: nextConversation.messages.length,
         hasPendingApprovals: Array.isArray(nextConversation.pendingApprovals) && nextConversation.pendingApprovals.length > 0,
@@ -9298,6 +9780,32 @@ var createConversationStore = (config, options) => {
   return new InMemoryConversationStore(ttl);
 };
+// src/tenant-token.ts
+import { jwtVerify } from "jose";
+async function verifyTenantToken(signingKey, token) {
+  try {
+    const secret = new TextEncoder().encode(signingKey);
+    const { payload } = await jwtVerify(token, secret, {
+      algorithms: ["HS256"]
+    });
+    const tenantId = payload.sub;
+    if (!tenantId || typeof tenantId !== "string") {
+      return void 0;
+    }
+    const metadata = extractMetadata(payload);
+    return { tenantId, metadata };
+  } catch {
+    return void 0;
+  }
+}
+function extractMetadata(payload) {
+  const meta = payload.meta;
+  if (meta && typeof meta === "object" && !Array.isArray(meta)) {
+    return meta;
+  }
+  return void 0;
+}
 // src/index.ts
 import { defineTool as defineTool9 } from "@poncho-ai/sdk";
 export {
@@ -9328,6 +9836,7 @@ export {
   createReminderStore,
   createReminderTools,
   createSearchTools,
+  createSecretsStore,
   createSkillTools,
   createStateStore,
   createSubagentTools,
@@ -9362,10 +9871,12 @@ export {
   renderAgentPrompt,
   resolveAgentIdentity,
   resolveCompactionConfig,
+  resolveEnv,
   resolveMemoryConfig,
   resolveSkillDirs,
   resolveStateConfig,
   slugifyStorageComponent,
   startOpenAICodexDeviceAuth,
+  verifyTenantToken,
   writeOpenAICodexSession
 };