@remixhq/mcp 0.1.8 → 0.1.10

package/dist/server.js

@@ -83,6 +83,8 @@ var ERROR_CODES = {
   METADATA_CONFLICT: "METADATA_CONFLICT",
   DESTRUCTIVE_OPERATION_BLOCKED: "DESTRUCTIVE_OPERATION_BLOCKED",
   CONFIG_INVALID: "CONFIG_INVALID",
+  ACCESS_DENIED: "ACCESS_DENIED",
+  RESOURCE_NOT_FOUND: "RESOURCE_NOT_FOUND",
   INTERNAL_ERROR: "INTERNAL_ERROR"
 };
 var RemixMcpError = class extends Error {
@@ -100,6 +102,15 @@ function toStringOrNull(value) {
   const trimmed = value.trim();
   return trimmed.length > 0 ? trimmed : null;
 }
+function parseJsonObject(value) {
+  if (!value) return null;
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" ? parsed : null;
+  } catch {
+    return null;
+  }
+}
 function makeNormalized(params) {
   return {
     code: params.code,
@@ -113,6 +124,8 @@ function normalizeByMessage(err) {
   const code = toStringOrNull(err.code);
   const message = toStringOrNull(err.message) ?? "Unexpected error.";
   const hint = toStringOrNull(err.hint);
+  const hintBody = parseJsonObject(hint);
+  const statusCode = typeof hintBody?.statusCode === "number" ? hintBody.statusCode : typeof hintBody?.statusCode === "string" ? Number(hintBody.statusCode) : null;
   if (code === ERROR_CODES.REPO_LOCK_HELD) {
     return makeNormalized({
       code: ERROR_CODES.REPO_LOCK_HELD,
@@ -213,6 +226,22 @@ function normalizeByMessage(err) {
       category: "remote_state"
     });
   }
+  if (statusCode === 403) {
+    return makeNormalized({
+      code: ERROR_CODES.ACCESS_DENIED,
+      message,
+      hint,
+      category: "remote_state"
+    });
+  }
+  if (statusCode === 404) {
+    return makeNormalized({
+      code: ERROR_CODES.RESOURCE_NOT_FOUND,
+      message,
+      hint,
+      category: "remote_state"
+    });
+  }
   if (message.includes("Timed out") || message.includes("failed") || message.includes("error state")) {
     return makeNormalized({
       code: ERROR_CODES.REMOTE_ERROR,
@@ -405,6 +434,11 @@ function makeErrorResult(envelope) {
 // src/contracts/collab.ts
 var genericRecordSchema = z2.record(z2.string(), z2.unknown());
 var genericArraySchema = z2.array(genericRecordSchema);
+var paginationSchema = z2.object({
+  limit: z2.number().int().positive(),
+  offset: z2.number().int().nonnegative(),
+  hasMore: z2.boolean()
+});
 var mergeRequestQueueSchema = z2.enum([
   "reviewable",
   "created_by_me",
@@ -426,7 +460,12 @@ var initInputSchema = {
 var listInputSchema = {
   requestId: z2.string().trim().min(1).optional(),
   outputMode: z2.enum(["summary", "full"]).optional(),
-  forked: z2.enum(["only", "exclude", "all"]).optional()
+  ownership: z2.enum(["mine", "shared", "all"]).optional(),
+  accessScope: z2.enum(["all_readable", "explicit_member"]).optional(),
+  createdBy: z2.string().trim().min(1).optional(),
+  forked: z2.enum(["only", "exclude", "all"]).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
 };
 var remixInputSchema = {
   ...commonRequestFieldsSchema,
@@ -455,6 +494,16 @@ var recordTurnInputSchema = {
   allowBranchMismatch: z2.boolean().optional(),
   idempotencyKey: z2.string().trim().min(1).optional()
 };
+var finalizeTurnInputSchema = {
+  ...commonRequestFieldsSchema,
+  prompt: z2.string().trim().min(1),
+  assistantResponse: z2.string().trim().min(1),
+  diffSource: z2.enum(["worktree", "external"]).optional(),
+  externalDiff: z2.string().optional(),
+  sync: z2.boolean().optional(),
+  allowBranchMismatch: z2.boolean().optional(),
+  idempotencyKey: z2.string().trim().min(1).optional()
+};
 var previewInputSchema = {
   ...commonRequestFieldsSchema
 };
@@ -470,20 +519,26 @@ var reviewQueueInputSchema = {
   requestId: z2.string().trim().min(1).optional(),
   outputMode: z2.enum(["summary", "full"]).optional(),
   status: z2.string().trim().min(1).optional(),
-  kind: z2.enum(["merge", "sync", "all"]).optional()
+  kind: z2.enum(["merge", "sync", "all"]).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
 };
 var myMergeRequestsInputSchema = {
   requestId: z2.string().trim().min(1).optional(),
   outputMode: z2.enum(["summary", "full"]).optional(),
   status: z2.string().trim().min(1).optional(),
-  kind: z2.enum(["merge", "sync", "all"]).optional()
+  kind: z2.enum(["merge", "sync", "all"]).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
 };
 var appMergeRequestsInputSchema = {
   ...commonRequestFieldsSchema,
   queue: appScopedMergeRequestQueueSchema,
   appId: z2.string().trim().min(1).optional(),
   status: z2.string().trim().min(1).optional(),
-  kind: z2.enum(["merge", "sync", "all"]).optional()
+  kind: z2.enum(["merge", "sync", "all"]).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
 };
 var viewMergeRequestInputSchema = {
   requestId: z2.string().trim().min(1).optional(),
@@ -514,6 +569,38 @@ var inviteInputSchema = {
 var listMembersInputSchema = {
   ...commonRequestFieldsSchema,
   scope: memberScopeSchema,
+  targetId: z2.string().trim().min(1).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
+};
+var listInvitesInputSchema = {
+  ...commonRequestFieldsSchema,
+  scope: memberScopeSchema.optional(),
+  targetId: z2.string().trim().min(1).optional(),
+  limit: z2.number().int().positive().max(50).optional(),
+  offset: z2.number().int().nonnegative().optional()
+};
+var resendInviteInputSchema = {
+  ...commonRequestFieldsSchema,
+  scope: memberScopeSchema.optional(),
+  targetId: z2.string().trim().min(1).optional(),
+  inviteId: z2.string().trim().min(1),
+  ttlDays: z2.number().int().positive().max(30).optional()
+};
+var revokeInviteInputSchema = {
+  ...commonRequestFieldsSchema,
+  scope: memberScopeSchema.optional(),
+  targetId: z2.string().trim().min(1).optional(),
+  inviteId: z2.string().trim().min(1),
+  confirm: z2.boolean()
+};
+var acceptInvitationInputSchema = {
+  requestId: z2.string().trim().min(1).optional(),
+  token: z2.string().trim().min(20)
+};
+var accessDebugInputSchema = {
+  ...commonRequestFieldsSchema,
+  scope: memberScopeSchema.optional(),
   targetId: z2.string().trim().min(1).optional()
 };
 var updateMemberRoleInputSchema = {
@@ -537,7 +624,8 @@ var initDataSchema = z2.object({
   repoRoot: z2.string()
 });
 var listDataSchema = z2.object({
-  apps: genericArraySchema
+  apps: genericArraySchema,
+  pagination: paginationSchema
 });
 var remixDataSchema = z2.object({
   appId: z2.string(),
@@ -560,12 +648,21 @@ var addDataSchema = z2.object({
   autoSync: genericRecordSchema
 });
 var recordTurnDataSchema = genericRecordSchema;
+var finalizeTurnDataSchema = z2.object({
+  mode: z2.enum(["changed_turn", "no_diff_turn"]),
+  idempotencyKey: z2.string().min(1),
+  changeStep: genericRecordSchema.nullable(),
+  collabTurn: genericRecordSchema.nullable(),
+  autoSync: genericRecordSchema.nullable(),
+  warnings: z2.array(z2.string())
+});
 var syncDataSchema = genericRecordSchema;
 var requestMergeDataSchema = genericRecordSchema;
 var mergeRequestQueueDataSchema = z2.object({
   queue: mergeRequestQueueSchema,
   appId: z2.string().nullable(),
-  mergeRequests: z2.array(genericRecordSchema)
+  mergeRequests: z2.array(genericRecordSchema),
+  pagination: paginationSchema
 });
 var viewMergeRequestDataSchema = genericRecordSchema;
 var approveDataSchema = genericRecordSchema;
@@ -577,7 +674,49 @@ var memberRecordSchema = genericRecordSchema;
 var listMembersDataSchema = z2.object({
   scopeType: memberScopeSchema,
   targetId: z2.string(),
-  members: z2.array(memberRecordSchema)
+  members: z2.array(memberRecordSchema),
+  pagination: paginationSchema
+});
+var listInvitesDataSchema = z2.object({
+  scopeType: memberScopeSchema,
+  targetId: z2.string(),
+  invites: z2.array(genericRecordSchema),
+  pagination: paginationSchema
+});
+var resendInviteDataSchema = genericRecordSchema;
+var revokeInviteDataSchema = z2.object({
+  scopeType: memberScopeSchema,
+  targetId: z2.string(),
+  inviteId: z2.string(),
+  revoked: z2.boolean()
+});
+var acceptInvitationDataSchema = genericRecordSchema;
+var accessDebugDataSchema = z2.object({
+  viewer: genericRecordSchema,
+  scope: z2.object({
+    scopeType: memberScopeSchema,
+    targetId: z2.string()
+  }),
+  entities: z2.object({
+    organization: genericRecordSchema.nullable(),
+    project: genericRecordSchema.nullable(),
+    app: genericRecordSchema.nullable()
+  }),
+  binding: z2.object({
+    repoRoot: z2.string().nullable(),
+    binding: genericRecordSchema.nullable()
+  }),
+  access: z2.object({
+    appContext: genericRecordSchema.nullable(),
+    viewerMember: genericRecordSchema.nullable(),
+    viewerProjectMember: genericRecordSchema.nullable(),
+    inviteForViewerEmail: genericRecordSchema.nullable(),
+    effectiveAppAccess: genericRecordSchema.nullable()
+  }),
+  members: z2.array(genericRecordSchema),
+  membersPageInfo: paginationSchema,
+  invites: z2.array(genericRecordSchema),
+  invitesPageInfo: paginationSchema
 });
 var updateMemberRoleDataSchema = z2.object({
   scopeType: memberScopeSchema,
@@ -591,6 +730,7 @@ var remixSuccessSchema = makeSuccessSchema(remixDataSchema);
 var checkoutSuccessSchema = makeSuccessSchema(checkoutDataSchema);
 var addSuccessSchema = makeSuccessSchema(addDataSchema);
 var recordTurnSuccessSchema = makeSuccessSchema(recordTurnDataSchema);
+var finalizeTurnSuccessSchema = makeSuccessSchema(finalizeTurnDataSchema);
 var syncSuccessSchema = makeSuccessSchema(syncDataSchema);
 var requestMergeSuccessSchema = makeSuccessSchema(requestMergeDataSchema);
 var mergeRequestQueueSuccessSchema = makeSuccessSchema(mergeRequestQueueDataSchema);
@@ -601,13 +741,20 @@ var syncUpstreamSuccessSchema = makeSuccessSchema(syncUpstreamDataSchema);
 var reconcileSuccessSchema = makeSuccessSchema(reconcileDataSchema);
 var inviteSuccessSchema = makeSuccessSchema(inviteDataSchema);
 var listMembersSuccessSchema = makeSuccessSchema(listMembersDataSchema);
+var listInvitesSuccessSchema = makeSuccessSchema(listInvitesDataSchema);
+var resendInviteSuccessSchema = makeSuccessSchema(resendInviteDataSchema);
+var revokeInviteSuccessSchema = makeSuccessSchema(revokeInviteDataSchema);
+var acceptInvitationSuccessSchema = makeSuccessSchema(acceptInvitationDataSchema);
+var accessDebugSuccessSchema = makeSuccessSchema(accessDebugDataSchema);
 var updateMemberRoleSuccessSchema = makeSuccessSchema(updateMemberRoleDataSchema);
 
 // src/domain/coreAdapter.ts
 import {
+  collabList as coreCollabList,
   collabListMembers as coreCollabListMembers,
   collabUpdateMemberRole as coreCollabUpdateMemberRole,
   collabAdd as coreCollabAdd,
+  collabFinalizeTurn as coreCollabFinalizeTurn,
   collabRecordTurn as coreCollabRecordTurn,
   collabApprove as coreCollabApprove,
   collabCheckout as coreCollabCheckout,
@@ -624,13 +771,6 @@ import {
   collabView as coreCollabView
 } from "@remixhq/core/collab";
 import { findGitRoot, getHeadCommitHash, listUntrackedFiles } from "@remixhq/core/repo";
-function unwrapResponseObject(resp, label) {
-  const obj = resp?.responseObject;
-  if (obj === void 0 || obj === null) {
-    throw new Error(typeof resp?.message === "string" && resp.message.trim() ? resp.message : `Missing ${label} response`);
-  }
-  return obj;
-}
 function getRiskLevel(status) {
   if (status.recommendedAction === "reconcile") return "high";
   if (status.recommendedAction === "sync" || status.remote.incomingOpenMergeRequestCount) return "medium";
@@ -717,13 +857,20 @@ async function initCollab(params) {
   };
 }
 async function listApps(params) {
-  const api = await createApiClient();
-  const resp = await api.listApps({ forked: params.forked ?? "all" });
-  const apps = unwrapResponseObject(resp, "apps");
+  const api = await createCollabApiClient();
+  const result = await coreCollabList({
+    api,
+    ownership: params.ownership,
+    accessScope: params.accessScope,
+    createdBy: params.createdBy,
+    forked: params.forked,
+    limit: params.limit,
+    offset: params.offset
+  });
   return {
-    data: { apps },
+    data: result,
     warnings: [],
-    recommendedNextActions: [],
+    recommendedNextActions: result.pagination.hasMore ? [`Pass offset=${result.pagination.offset + result.pagination.limit} to load the next page.`] : [],
     logContext: {}
   };
 }
@@ -764,70 +911,28 @@ async function checkoutCollab(params) {
     }
   };
 }
-async function addCollabStep(params) {
+async function finalizeCollabTurn(params) {
   const api = await createCollabApiClient();
   const repoRoot = await findGitRoot(params.cwd);
-  const preHead = await getHeadCommitHash(repoRoot);
-  const untrackedBefore = params.diffSource === "worktree" ? await listUntrackedFiles(repoRoot) : [];
-  const changeStep = await coreCollabAdd({
+  const result = await coreCollabFinalizeTurn({
     api,
     cwd: params.cwd,
     prompt: params.prompt,
-    assistantResponse: params.assistantResponse ?? null,
+    assistantResponse: params.assistantResponse,
     diff: params.externalDiff ?? null,
     diffSource: params.diffSource,
-    allowBranchMismatch: params.allowBranchMismatch ?? false,
-    idempotencyKey: params.idempotencyKey ?? null,
-    actor: params.agent
-  });
-  const postHead = await getHeadCommitHash(repoRoot);
-  const autoSyncEligible = params.diffSource === "worktree";
-  const localRepoMutated = autoSyncEligible && preHead !== postHead;
-  return {
-    data: {
-      changeStep,
-      autoSync: {
-        requested: true,
-        eligible: autoSyncEligible,
-        attempted: autoSyncEligible,
-        applied: autoSyncEligible,
-        trackedChangesDiscarded: autoSyncEligible,
-        capturedUntrackedPathsCandidate: untrackedBefore,
-        localHeadBefore: preHead,
-        localHeadAfter: postHead,
-        localRepoMutated
-      }
-    },
-    warnings: [
-      ...collectResultWarnings(changeStep),
-      ...params.diffSource === "external" ? [
-        "Automatic local discard+sync was skipped because the diff came from an external source and may not match the current worktree."
-      ] : []
-    ],
-    recommendedNextActions: [],
-    logContext: {
-      repoRoot
-    }
-  };
-}
-async function recordCollabTurn(params) {
-  const api = await createCollabApiClient();
-  const result = await coreCollabRecordTurn({
-    api,
-    cwd: params.cwd,
-    prompt: params.prompt,
-    assistantResponse: params.assistantResponse,
+    sync: params.sync,
     allowBranchMismatch: params.allowBranchMismatch ?? false,
     idempotencyKey: params.idempotencyKey ?? null,
     actor: params.agent
   });
   return {
     data: result,
-    warnings: [],
+    warnings: result.warnings,
     recommendedNextActions: [],
     logContext: {
-      repoRoot: params.cwd,
-      appId: result.appId
+      repoRoot,
+      appId: result.changeStep?.appId ?? result.collabTurn?.appId ?? null
     }
   };
 }
@@ -869,16 +974,19 @@ async function reviewQueue(params) {
     api,
     queue: "reviewable",
     status: params.status ?? "open",
-    kind: params.kind ?? "merge"
+    kind: params.kind ?? "merge",
+    limit: params.limit,
+    offset: params.offset
   });
   return {
     data: {
       queue: result.queue,
       appId: result.appId,
-      mergeRequests: result.mergeRequests
+      mergeRequests: result.mergeRequests,
+      pagination: result.pagination
     },
     warnings: [],
-    recommendedNextActions: [],
+    recommendedNextActions: result.pagination.hasMore ? [`Pass offset=${result.pagination.offset + result.pagination.limit} to load the next page.`] : [],
     logContext: {}
   };
 }
@@ -888,16 +996,19 @@ async function myMergeRequests(params) {
     api,
     queue: "created_by_me",
     status: params.status ?? "open",
-    kind: params.kind ?? "merge"
+    kind: params.kind ?? "merge",
+    limit: params.limit,
+    offset: params.offset
   });
   return {
     data: {
       queue: result.queue,
       appId: result.appId,
-      mergeRequests: result.mergeRequests
+      mergeRequests: result.mergeRequests,
+      pagination: result.pagination
     },
     warnings: [],
-    recommendedNextActions: [],
+    recommendedNextActions: result.pagination.hasMore ? [`Pass offset=${result.pagination.offset + result.pagination.limit} to load the next page.`] : [],
     logContext: {}
   };
 }
@@ -909,16 +1020,19 @@ async function listAppMergeRequests(params) {
     appId: params.appId,
     queue: params.queue,
     status: params.status ?? "open",
-    kind: params.kind ?? "merge"
+    kind: params.kind ?? "merge",
+    limit: params.limit,
+    offset: params.offset
   });
   return {
     data: {
       queue: result.queue,
       appId: result.appId,
-      mergeRequests: result.mergeRequests
+      mergeRequests: result.mergeRequests,
+      pagination: result.pagination
     },
     warnings: [],
-    recommendedNextActions: [],
+    recommendedNextActions: result.pagination.hasMore ? [`Pass offset=${result.pagination.offset + result.pagination.limit} to load the next page.`] : [],
     logContext: {
       appId: result.appId
     }
@@ -1043,12 +1157,14 @@ async function listMembers(params) {
     api,
     cwd: params.cwd,
     scope: params.scope,
-    targetId: params.targetId ?? null
+    targetId: params.targetId ?? null,
+    limit: params.limit,
+    offset: params.offset
   });
   return {
     data: result,
     warnings: [],
-    recommendedNextActions: [],
+    recommendedNextActions: result.pagination.hasMore ? [`Pass offset=${result.pagination.offset + result.pagination.limit} to load the next page.`] : [],
     logContext: {}
   };
 }
@@ -1070,83 +1186,578 @@ async function updateMemberRole(params) {
   };
 }
 
-// src/tools/collab/register.ts
-function getAnnotations(access) {
-  if (access === "read") {
+// src/domain/shared.ts
+import { readCollabBinding } from "@remixhq/core/binding";
+import { findGitRoot as findGitRoot2 } from "@remixhq/core/repo";
+function unwrapResponseObject(resp, label) {
+  const obj = resp?.responseObject;
+  if (obj === void 0 || obj === null) {
+    throw new Error(typeof resp?.message === "string" && resp.message.trim() ? resp.message : `Missing ${label} response`);
+  }
+  return obj;
+}
+async function maybeFindGitRoot(cwd) {
+  try {
+    return await findGitRoot2(cwd);
+  } catch {
+    return null;
+  }
+}
+async function loadBindingContext(cwd) {
+  if (!cwd) return { repoRoot: null, binding: null };
+  const repoRoot = await maybeFindGitRoot(cwd);
+  if (!repoRoot) return { repoRoot: null, binding: null };
+  const binding = await readCollabBinding(repoRoot);
+  return {
+    repoRoot,
+    binding
+  };
+}
+function makeNotBoundError(message = "Repository is not bound to Remix.", hint) {
+  const error = new Error(message);
+  error.hint = hint ?? "Run `remix_collab_init` in this repository, or pass the explicit id for a direct read.";
+  return error;
+}
+function parseJsonObject2(value) {
+  if (!value) return null;
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function getBackendStatusCode(error) {
+  if (!error || typeof error !== "object") return null;
+  const hint = "hint" in error && typeof error.hint === "string" ? error.hint : null;
+  const body = parseJsonObject2(hint);
+  if (typeof body?.statusCode === "number") return body.statusCode;
+  if (typeof body?.statusCode === "string") {
+    const parsed = Number(body.statusCode);
+    return Number.isFinite(parsed) ? parsed : null;
+  }
+  return null;
+}
+function isBackendForbidden(error) {
+  return getBackendStatusCode(error) === 403;
+}
+function isBackendNotFound(error) {
+  return getBackendStatusCode(error) === 404;
+}
+function createAccessDeniedError(message, hint) {
+  return new RemixMcpError({
+    code: ERROR_CODES.ACCESS_DENIED,
+    message,
+    hint: hint ?? null,
+    retryable: false,
+    category: "remote_state"
+  });
+}
+
+// src/domain/collabAdminAdapter.ts
+var MEMBERSHIP_PAGE_SIZE = 100;
+function normalizePagination(params) {
+  const rawLimit = typeof params?.limit === "number" ? Math.trunc(params.limit) : 25;
+  const rawOffset = typeof params?.offset === "number" ? Math.trunc(params.offset) : 0;
+  return {
+    limit: Math.max(1, Math.min(50, rawLimit)),
+    offset: Math.max(0, rawOffset)
+  };
+}
+async function resolveScopeTarget(api, params) {
+  const explicitTargetId = params.targetId?.trim();
+  const bindingContext = await loadBindingContext(params.cwd);
+  if (explicitTargetId) {
     return {
-      readOnlyHint: true,
-      idempotentHint: true,
-      openWorldHint: false
+      scopeType: params.scope,
+      targetId: explicitTargetId,
+      repoRoot: bindingContext.repoRoot
+    };
+  }
+  if (!bindingContext.binding) {
+    throw makeNotBoundError("Scope target was not provided and the current repository is not bound to Remix.");
+  }
+  if (params.scope === "app") {
+    return {
+      scopeType: "app",
+      targetId: bindingContext.binding.currentAppId,
+      repoRoot: bindingContext.repoRoot
+    };
+  }
+  const appContext = unwrapResponseObject(
+    await api.getAppContext(bindingContext.binding.currentAppId),
+    "bound app context"
+  );
+  if (params.scope === "project") {
+    if (!appContext.readableScopes.project) {
+      throw createAccessDeniedError(
+        "The bound app's project is not readable to the current user.",
+        "Use `scope=app` for app-level diagnostics, or pass an explicit readable project id."
+      );
+    }
+    return {
+      scopeType: "project",
+      targetId: appContext.projectId,
+      repoRoot: bindingContext.repoRoot
     };
   }
+  if (!appContext.readableScopes.organization) {
+    throw createAccessDeniedError(
+      "The bound app's organization is not readable to the current user.",
+      "Use `scope=app` or `scope=project` for narrower diagnostics, or pass an explicit readable organization id."
+    );
+  }
   return {
-    readOnlyHint: false,
-    destructiveHint: access === "local_write",
-    idempotentHint: false,
-    openWorldHint: false
+    scopeType: "organization",
+    targetId: appContext.organizationId,
+    repoRoot: bindingContext.repoRoot
   };
 }
-function buildSuccessEnvelope(tool, requestId, result) {
+async function getScopeEntity(api, scopeType, targetId) {
+  if (scopeType === "organization") {
+    return {
+      organization: unwrapResponseObject(await api.getOrganization(targetId), "organization"),
+      project: null,
+      app: null
+    };
+  }
+  if (scopeType === "project") {
+    const project2 = unwrapResponseObject(await api.getProject(targetId), "project");
+    const organizationId2 = typeof project2.organizationId === "string" ? project2.organizationId : null;
+    return {
+      organization: organizationId2 == null ? null : unwrapResponseObject(await api.getOrganization(organizationId2), "organization"),
+      project: project2,
+      app: null
+    };
+  }
+  const app = unwrapResponseObject(await api.getApp(targetId), "app");
+  const projectId = typeof app.projectId === "string" ? app.projectId : null;
+  const project = projectId == null ? null : unwrapResponseObject(await api.getProject(projectId), "project");
+  const organizationId = typeof project?.organizationId === "string" ? project.organizationId : null;
   return {
-    schemaVersion: SCHEMA_VERSION,
-    ok: true,
-    tool,
-    requestId: requestId ?? null,
-    data: result.data,
-    warnings: result.warnings ?? [],
-    risks: result.risks ?? [],
-    recommendedNextActions: result.recommendedNextActions ?? []
+    organization: organizationId == null ? null : unwrapResponseObject(await api.getOrganization(organizationId), "organization"),
+    project,
+    app
   };
 }
-function deriveErrorRisks(tool, normalized) {
-  if ((tool === "remix_collab_add" || tool === "remix_collab_add_change_step") && normalized.message === "Change step succeeded remotely, but automatic local sync failed.") {
-    return ["The change step succeeded remotely, but the local repository may need manual recovery or a follow-up sync."];
+function mapProjectRoleToAppRole(role) {
+  switch (role) {
+    case "owner":
+    case "maintainer":
+      return "maintainer";
+    case "editor":
+      return "editor";
+    case "viewer":
+      return "viewer";
+    default:
+      return null;
   }
-  if (normalized.code === "DESTRUCTIVE_OPERATION_BLOCKED") {
-    return ["A policy guard blocked a potentially destructive or state-mutating operation."];
+}
+function strongestRole(...roles) {
+  if (roles.includes("owner")) return "owner";
+  if (roles.includes("maintainer")) return "maintainer";
+  if (roles.includes("editor")) return "editor";
+  if (roles.includes("viewer")) return "viewer";
+  return null;
+}
+function resolveAppAccessSource(params) {
+  if (params.directAppRole && params.inheritedProjectRole) return "both";
+  if (params.directAppRole) return "direct_app_membership";
+  if (params.inheritedProjectRole) return "project_membership";
+  return "none";
+}
+function buildEffectiveAppAccess(params) {
+  const directAppRole = params.directAppRole ?? null;
+  const inheritedProjectRole = mapProjectRoleToAppRole(params.projectRole);
+  const effectiveRole = strongestRole(directAppRole, inheritedProjectRole);
+  return {
+    effectiveRole,
+    directAppRole,
+    projectRole: params.projectRole,
+    inheritedProjectRole,
+    accessSource: resolveAppAccessSource({ directAppRole, inheritedProjectRole }),
+    canReadWorkflow: effectiveRole !== null,
+    canEdit: effectiveRole === "owner" || effectiveRole === "maintainer" || effectiveRole === "editor",
+    canManage: effectiveRole === "owner" || effectiveRole === "maintainer",
+    isOwner: directAppRole === "owner"
+  };
+}
+async function listMembersForScope(api, scopeType, targetId, params) {
+  if (scopeType === "organization") {
+    return unwrapResponseObject(await api.listOrganizationMembers(targetId, params), "organization members");
   }
-  if (normalized.code === "REPO_LOCK_TIMEOUT") {
-    return ["Another Remix mutation was already in progress for this repository, so the local mutation did not run."];
+  if (scopeType === "project") {
+    return unwrapResponseObject(await api.listProjectMembers(targetId, params), "project members");
   }
-  if (normalized.code === "REPO_STATE_CHANGED_DURING_OPERATION") {
-    return ["The repository changed during the operation, so Remix aborted before applying a destructive local mutation."];
+  return unwrapResponseObject(await api.listAppMembers(targetId, params), "app members");
+}
+async function loadFirstPageSample(fetchPage) {
+  const items = await fetchPage(MEMBERSHIP_PAGE_SIZE, 0);
+  const hasMore = items.length < MEMBERSHIP_PAGE_SIZE ? false : (await fetchPage(1, MEMBERSHIP_PAGE_SIZE)).length > 0;
+  return {
+    items,
+    pageInfo: {
+      limit: MEMBERSHIP_PAGE_SIZE,
+      offset: 0,
+      hasMore
+    }
+  };
+}
+function emptyFirstPageSample() {
+  return {
+    items: [],
+    pageInfo: {
+      limit: MEMBERSHIP_PAGE_SIZE,
+      offset: 0,
+      hasMore: false
+    }
+  };
+}
+async function listInvitesForScope(api, scopeType, targetId, params) {
+  if (scopeType === "organization") {
+    return unwrapResponseObject(
+      await api.listOrganizationInvites(targetId, params),
+      "organization invites"
+    );
+  }
+  if (scopeType === "project") {
+    return unwrapResponseObject(
+      await api.listProjectInvites(targetId, params),
+      "project invites"
+    );
+  }
+  return unwrapResponseObject(await api.listAppInvites(targetId, params), "app invites");
+}
+function getSelfMember(meId, members) {
+  return meId == null ? null : members.find((member) => member.userId === meId || member.user_id === meId) ?? null;
+}
+async function findPendingInviteForEmailForScope(api, scopeType, targetId, email) {
+  if (email == null) return null;
+  let offset = 0;
+  for (; ; ) {
+    const invites = await listInvitesForScope(api, scopeType, targetId, {
+      limit: MEMBERSHIP_PAGE_SIZE,
+      offset
+    });
+    const match = invites.find((invite) => invite.email.toLowerCase() === email && invite.state === "pending") ?? null;
+    if (match) return match;
+    if (invites.length < MEMBERSHIP_PAGE_SIZE) return null;
+    offset += MEMBERSHIP_PAGE_SIZE;
   }
-  return [];
 }
-function buildErrorEnvelope(tool, requestId, error) {
-  const normalized = normalizeToolError(error);
-  const recommendedNextActions = normalized.code === "AUTH_REQUIRED" ? ["Set COMERGE_ACCESS_TOKEN, then retry the tool call."] : normalized.code === "REPO_LOCK_TIMEOUT" ? ["Wait for the active Remix mutation to finish, then retry the tool call."] : normalized.code === "REPO_STATE_CHANGED_DURING_OPERATION" ? ["Review local repository changes, then rerun the tool once the worktree is stable."] : normalized.code === "PREFERRED_BRANCH_MISMATCH" ? ["Switch to the repository's preferred Remix branch, or rerun with allowBranchMismatch=true if intentional."] : [];
+async function findSelfMemberForScope(api, scopeType, targetId, meId) {
+  if (meId == null) return null;
+  let offset = 0;
+  for (; ; ) {
+    const members = scopeType === "organization" ? unwrapResponseObject(
+      await api.listOrganizationMembers(targetId, { limit: MEMBERSHIP_PAGE_SIZE, offset }),
+      "organization members"
+    ) : scopeType === "project" ? unwrapResponseObject(
+      await api.listProjectMembers(targetId, { limit: MEMBERSHIP_PAGE_SIZE, offset }),
+      "project members"
+    ) : unwrapResponseObject(
+      await api.listAppMembers(targetId, { limit: MEMBERSHIP_PAGE_SIZE, offset }),
+      "app members"
+    );
+    const match = getSelfMember(meId, members);
+    if (match) return match;
+    if (members.length < MEMBERSHIP_PAGE_SIZE) return null;
+    offset += MEMBERSHIP_PAGE_SIZE;
+  }
+}
+async function listInvites(params) {
+  const api = await createApiClient();
+  const target = await resolveScopeTarget(api, {
+    scope: params.scope ?? "project",
+    targetId: params.targetId,
+    cwd: params.cwd
+  });
+  const pagination = normalizePagination(params);
+  const invites = await listInvitesForScope(api, target.scopeType, target.targetId, {
+    limit: pagination.limit + 1,
+    offset: pagination.offset
+  });
   return {
-    schemaVersion: SCHEMA_VERSION,
-    ok: false,
-    tool,
-    requestId: requestId ?? null,
-    error: normalized,
+    data: {
+      scopeType: target.scopeType,
+      targetId: target.targetId,
+      invites: invites.slice(0, pagination.limit),
+      pagination: {
+        ...pagination,
+        hasMore: invites.length > pagination.limit
+      }
+    },
     warnings: [],
-    risks: deriveErrorRisks(tool, normalized),
-    recommendedNextActions
+    recommendedNextActions: invites.length > pagination.limit ? [`Pass offset=${pagination.offset + pagination.limit} to load the next page.`] : invites.length > 0 ? ["Use `remix_collab_resend_invite` or `remix_collab_revoke_invite` for lifecycle actions on a selected invite id."] : ["Use `remix_collab_invite` if you need to create a new invitation for this scope."],
+    logContext: {
+      repoRoot: target.repoRoot
+    }
   };
 }
-function registerTool(server, context, params) {
-  const errorSchema = makeErrorSchema();
-  server.registerTool(
-    params.name,
-    {
-      title: params.name,
-      description: params.description,
-      inputSchema: params.inputSchema,
-      outputSchema: params.outputSchema,
-      annotations: getAnnotations(params.access)
+async function resendInvite(params) {
+  const api = await createApiClient();
+  const target = await resolveScopeTarget(api, {
+    scope: params.scope ?? "project",
+    targetId: params.targetId,
+    cwd: params.cwd
+  });
+  const response = target.scopeType === "organization" ? await api.resendOrganizationInvite(target.targetId, params.inviteId, { ttlDays: params.ttlDays }) : target.scopeType === "project" ? await api.resendProjectInvite(target.targetId, params.inviteId, { ttlDays: params.ttlDays }) : await api.resendAppInvite(target.targetId, params.inviteId, { ttlDays: params.ttlDays });
+  return {
+    data: unwrapResponseObject(response, "resent invite"),
+    warnings: [],
+    recommendedNextActions: ["Use `remix_collab_list_invites` to confirm the refreshed expiry and delivery state."],
+    logContext: {
+      repoRoot: target.repoRoot
+    }
+  };
+}
+async function revokeInvite(params) {
+  const api = await createApiClient();
+  const target = await resolveScopeTarget(api, {
+    scope: params.scope ?? "project",
+    targetId: params.targetId,
+    cwd: params.cwd
+  });
+  if (target.scopeType === "organization") {
+    await api.revokeOrganizationInvite(target.targetId, params.inviteId);
+  } else if (target.scopeType === "project") {
+    await api.revokeProjectInvite(target.targetId, params.inviteId);
+  } else {
+    await api.revokeAppInvite(target.targetId, params.inviteId);
+  }
+  return {
+    data: {
+      scopeType: target.scopeType,
+      targetId: target.targetId,
+      inviteId: params.inviteId,
+      revoked: true
     },
-    async (rawArgs) => {
-      const requestId = typeof rawArgs.requestId === "string" ? rawArgs.requestId : void 0;
-      const startedAt = Date.now();
-      try {
-        assertToolAccess(context.policy, params.access);
-        const result = await params.run(rawArgs);
-        const envelope = buildSuccessEnvelope(params.name, requestId, result);
-        params.outputSchema.parse(envelope);
-        context.logger.log({
+    warnings: [],
+    recommendedNextActions: ["Use `remix_collab_list_invites` to confirm the invite state is now `revoked`."],
+    logContext: {
+      repoRoot: target.repoRoot
+    }
+  };
+}
+async function acceptInvitation(params) {
+  const api = await createApiClient();
+  const result = unwrapResponseObject(await api.acceptInvitation({ token: params.token }), "accepted invitation");
+  return {
+    data: result,
+    warnings: [],
+    recommendedNextActions: result.redirectPath ? [`The invitation is accepted. Use the returned redirect metadata to continue with the newly granted Remix scope.`] : [],
+    logContext: {}
+  };
+}
+async function accessDebug(params) {
+  const api = await createApiClient();
+  const target = await resolveScopeTarget(api, {
+    scope: params.scope ?? "project",
+    targetId: params.targetId,
+    cwd: params.cwd
+  });
+  const bindingContext = await loadBindingContext(params.cwd);
+  const viewer = unwrapResponseObject(await api.getMe(), "current user");
+  const viewerId = typeof viewer.id === "string" ? viewer.id : null;
+  const viewerEmail = typeof viewer.email === "string" ? viewer.email.toLowerCase() : null;
+  const warnings = [...bindingContext.binding ? [] : ["No local Remix binding was detected for the provided cwd."]];
+  let entities;
+  let appContext = null;
+  let membersPage = emptyFirstPageSample();
+  let invitesPage = emptyFirstPageSample();
+  let viewerMember = null;
+  let viewerProjectMember = null;
+  let inviteForViewerEmail = null;
+  let effectiveAppAccess = null;
+  if (target.scopeType !== "app") {
+    [entities, membersPage, invitesPage] = await Promise.all([
+      getScopeEntity(api, target.scopeType, target.targetId),
+      loadFirstPageSample((limit, offset) => listMembersForScope(api, target.scopeType, target.targetId, { limit, offset })),
+      loadFirstPageSample((limit, offset) => listInvitesForScope(api, target.scopeType, target.targetId, { limit, offset }))
+    ]);
+    viewerMember = await findSelfMemberForScope(api, target.scopeType, target.targetId, viewerId);
+    inviteForViewerEmail = await findPendingInviteForEmailForScope(api, target.scopeType, target.targetId, viewerEmail);
+  } else {
+    const [app, loadedAppContext] = await Promise.all([
+      unwrapResponseObject(await api.getApp(target.targetId), "app"),
+      unwrapResponseObject(await api.getAppContext(target.targetId), "app context")
+    ]);
+    appContext = loadedAppContext;
+    entities = {
+      organization: null,
+      project: null,
+      app
+    };
+    if (appContext.readableScopes.project) {
+      try {
+        entities.project = unwrapResponseObject(await api.getProject(appContext.projectId), "project");
+      } catch (error) {
+        if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+        warnings.push("The app is readable, but its project/workspace metadata is not currently readable to the current user.");
+      }
+    } else {
+      warnings.push("The app is readable, but its project/workspace is not readable to the current user.");
+    }
+    if (appContext.readableScopes.organization) {
+      try {
+        entities.organization = unwrapResponseObject(await api.getOrganization(appContext.organizationId), "organization");
+      } catch (error) {
+        if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+        warnings.push("The app is readable, but its organization metadata is not currently readable to the current user.");
+      }
+    } else {
+      warnings.push("The app's organization is not readable to the current user.");
+    }
+    effectiveAppAccess = {
+      ...buildEffectiveAppAccess({
+        directAppRole: appContext.roles.appRole,
+        projectRole: appContext.roles.projectRole
+      }),
+      accessPath: appContext.accessPath,
+      readableScopes: appContext.readableScopes,
+      visibility: appContext.visibility,
+      organizationRole: appContext.roles.organizationRole ?? null
+    };
+    if (appContext.capabilities.canReadWorkflow) {
+      membersPage = await loadFirstPageSample((limit, offset) => listMembersForScope(api, "app", target.targetId, { limit, offset }));
+      viewerMember = await findSelfMemberForScope(api, "app", target.targetId, viewerId);
+      if (appContext.readableScopes.project) {
+        viewerProjectMember = await findSelfMemberForScope(api, "project", appContext.projectId, viewerId);
+      }
+      try {
+        invitesPage = await loadFirstPageSample((limit, offset) => listInvitesForScope(api, "app", target.targetId, { limit, offset }));
+        inviteForViewerEmail = await findPendingInviteForEmailForScope(api, "app", target.targetId, viewerEmail);
+      } catch (error) {
+        if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+        warnings.push("App invite data is not readable to the current user, so invite diagnostics are partial.");
+      }
+    } else {
+      warnings.push("The current viewer can read the app, but cannot read workflow-scoped app membership data.");
+    }
+  }
+  if (membersPage.pageInfo.hasMore) {
+    warnings.push("The `members` array is a first-page sample only; use the scope member list tool to inspect the remaining entries.");
+  }
+  if (invitesPage.pageInfo.hasMore) {
+    warnings.push("The `invites` array is a first-page sample only; use the invite list tool with pagination to inspect the remaining entries.");
+  }
+  return {
+    data: {
+      viewer,
+      scope: {
+        scopeType: target.scopeType,
+        targetId: target.targetId
+      },
+      entities,
+      binding: {
+        repoRoot: bindingContext.repoRoot,
+        binding: bindingContext.binding
+      },
+      access: {
+        appContext,
+        viewerMember,
+        viewerProjectMember,
+        inviteForViewerEmail,
+        effectiveAppAccess: effectiveAppAccess ?? null
+      },
+      members: membersPage.items,
+      membersPageInfo: membersPage.pageInfo,
+      invites: invitesPage.items,
+      invitesPageInfo: invitesPage.pageInfo
+    },
+    warnings,
+    recommendedNextActions: inviteForViewerEmail ? ["A pending invite exists for the current viewer email. Use `remix_collab_accept_invitation` if the viewer should accept it."] : target.scopeType === "app" ? ["Use `access.appContext` and `access.effectiveAppAccess` together to explain app-level visibility versus workspace-level visibility."] : ["Use the member and invite lists above to explain missing access, role mismatches, or stale invite state."],
+    logContext: {
+      repoRoot: target.repoRoot,
+      appId: entities.app?.id ?? bindingContext.binding?.currentAppId ?? null
+    }
+  };
+}
+
+// src/tools/collab/register.ts
+function getAnnotations(access, options) {
+  if (access === "read") {
+    return {
+      readOnlyHint: true,
+      idempotentHint: true,
+      openWorldHint: false
+    };
+  }
+  return {
+    readOnlyHint: false,
+    destructiveHint: access === "local_write",
+    idempotentHint: options?.idempotent ?? false,
+    openWorldHint: false
+  };
+}
+function buildSuccessEnvelope(tool, requestId, result) {
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: true,
+    tool,
+    requestId: requestId ?? null,
+    data: result.data,
+    warnings: result.warnings ?? [],
+    risks: result.risks ?? [],
+    recommendedNextActions: result.recommendedNextActions ?? []
+  };
+}
+function deriveErrorRisks(tool, normalized) {
+  if (isFinalizeTurnLocalSyncFailure(tool, normalized)) {
+    return ["The change step succeeded remotely, but the local repository may need manual recovery or a follow-up sync."];
+  }
+  if (normalized.code === "DESTRUCTIVE_OPERATION_BLOCKED") {
+    return ["A policy guard blocked a potentially destructive or state-mutating operation."];
+  }
+  if (normalized.code === "REPO_LOCK_TIMEOUT") {
+    return ["Another Remix mutation was already in progress for this repository, so the local mutation did not run."];
+  }
+  if (normalized.code === "REPO_STATE_CHANGED_DURING_OPERATION") {
+    return ["The repository changed during the operation, so Remix aborted before applying a destructive local mutation."];
+  }
+  return [];
+}
+function isFinalizeTurnLocalSyncFailure(tool, normalized) {
+  return tool === "remix_collab_finalize_turn" && normalized.message === "Change step succeeded remotely, but automatic local sync failed.";
+}
+function buildErrorEnvelope(tool, requestId, error) {
+  const normalized = normalizeToolError(error);
+  const recommendedNextActions = isFinalizeTurnLocalSyncFailure(tool, normalized) ? [
+    "Run `remix_collab_status` to confirm the bound repo state before attempting recovery.",
+    "Run `remix_collab_sync_preview` next, then `remix_collab_sync_apply` with `confirm=true` if the preview looks correct.",
+    "Inspect `error.hint` for any preserved diff backup path before retrying local recovery, and do not rerun `remix_collab_finalize_turn` immediately."
+  ] : normalized.code === "AUTH_REQUIRED" ? ["Set COMERGE_ACCESS_TOKEN, then retry the tool call."] : normalized.code === "REPO_LOCK_TIMEOUT" ? ["Wait for the active Remix mutation to finish, then retry the tool call."] : normalized.code === "REPO_STATE_CHANGED_DURING_OPERATION" ? ["Review local repository changes, then rerun the tool once the worktree is stable."] : normalized.code === "PREFERRED_BRANCH_MISMATCH" ? ["Switch to the repository's preferred Remix branch, or rerun with allowBranchMismatch=true if intentional."] : [];
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: false,
+    tool,
+    requestId: requestId ?? null,
+    error: normalized,
+    warnings: [],
+    risks: deriveErrorRisks(tool, normalized),
+    recommendedNextActions
+  };
+}
+function registerTool(server, context, params) {
+  const errorSchema = makeErrorSchema();
+  server.registerTool(
+    params.name,
+    {
+      title: params.name,
+      description: params.description,
+      inputSchema: params.inputSchema,
+      outputSchema: params.outputSchema,
+      annotations: params.annotations ?? getAnnotations(params.access)
+    },
+    async (rawArgs) => {
+      const requestId = typeof rawArgs.requestId === "string" ? rawArgs.requestId : void 0;
+      const startedAt = Date.now();
+      try {
+        assertToolAccess(context.policy, params.access);
+        const result = await params.run(rawArgs);
+        const envelope = buildSuccessEnvelope(params.name, requestId, result);
+        params.outputSchema.parse(envelope);
+        context.logger.log({
           level: "info",
           message: "tool_completed",
           tool: params.name,
@@ -1210,13 +1821,20 @@ function registerCollabTools(server, context) {
   });
   registerTool(server, context, {
     name: "remix_collab_list",
-    description: "List Remix apps visible to the current authenticated user.",
+    description: "List Remix apps visible to the current authenticated user. Defaults to membership-oriented discovery; pass accessScope=all_readable explicitly for broader readable discovery.",
     access: "read",
     inputSchema: listInputSchema,
     outputSchema: listSuccessSchema,
     run: async (args) => {
       const input = z3.object(listInputSchema).parse(args);
-      return listApps({ forked: input.forked });
+      return listApps({
+        ownership: input.ownership,
+        accessScope: input.accessScope,
+        createdBy: input.createdBy,
+        forked: input.forked,
+        limit: input.limit,
+        offset: input.offset
+      });
     }
   });
   registerTool(server, context, {
@@ -1253,89 +1871,25 @@ function registerCollabTools(server, context) {
     }
   });
   registerTool(server, context, {
-    name: "remix_collab_add",
-    description: "Authoritative way to record completed code changes for the current bound repository, using the live worktree diff by default instead of raw git commit or push.",
-    access: "local_write",
-    inputSchema: addInputSchema,
-    outputSchema: addSuccessSchema,
-    run: async (args) => {
-      const input = z3.object(addInputSchema).parse(args);
-      const cwd = resolvePolicyCwd(context.policy, input.cwd);
-      const diffSource = input.diffSource ?? "worktree";
-      if (diffSource === "external") {
-        const externalDiff = input.externalDiff ?? "";
-        assertDiffWithinLimit(context.policy, externalDiff);
-      }
-      return addCollabStep({
-        cwd,
-        prompt: input.prompt,
-        assistantResponse: input.assistantResponse,
-        diffSource,
-        externalDiff: input.externalDiff,
-        allowBranchMismatch: input.allowBranchMismatch ?? false,
-        idempotencyKey: input.idempotencyKey,
-        agent: context.agentMetadata
-      });
-    }
-  });
-  registerTool(server, context, {
-    name: "remix_collab_add_change_step",
-    description: "Alias of remix_collab_add with a more explicit name: record a code-diff change step for the current bound repository.",
+    name: "remix_collab_finalize_turn",
+    description: "Primary turn recorder for the current bound repository. Call this exactly once before the final response; it records a changed turn when the worktree has a diff, records a no-diff turn when it does not, and can accept an explicit external diff when needed.",
     access: "local_write",
-    inputSchema: addInputSchema,
-    outputSchema: addSuccessSchema,
+    inputSchema: finalizeTurnInputSchema,
+    outputSchema: finalizeTurnSuccessSchema,
+    annotations: getAnnotations("local_write", { idempotent: true }),
     run: async (args) => {
-      const input = z3.object(addInputSchema).parse(args);
+      const input = z3.object(finalizeTurnInputSchema).parse(args);
       const cwd = resolvePolicyCwd(context.policy, input.cwd);
-      const diffSource = input.diffSource ?? "worktree";
-      if (diffSource === "external") {
-        const externalDiff = input.externalDiff ?? "";
-        assertDiffWithinLimit(context.policy, externalDiff);
+      if ((input.diffSource ?? "worktree") === "external" || typeof input.externalDiff === "string") {
+        assertDiffWithinLimit(context.policy, input.externalDiff ?? "");
       }
-      return addCollabStep({
+      return finalizeCollabTurn({
         cwd,
         prompt: input.prompt,
         assistantResponse: input.assistantResponse,
-        diffSource,
+        diffSource: input.diffSource,
         externalDiff: input.externalDiff,
-        allowBranchMismatch: input.allowBranchMismatch ?? false,
-        idempotencyKey: input.idempotencyKey,
-        agent: context.agentMetadata
-      });
-    }
-  });
-  registerTool(server, context, {
-    name: "remix_collab_record_turn",
-    description: "Record one no-diff collaboration turn for the current bound repository after a completed assistant response. This is for prompt/response history only and will fail if the worktree has code changes.",
-    access: "remote_write",
-    inputSchema: recordTurnInputSchema,
-    outputSchema: recordTurnSuccessSchema,
-    run: async (args) => {
-      const input = z3.object(recordTurnInputSchema).parse(args);
-      const cwd = resolvePolicyCwd(context.policy, input.cwd);
-      return recordCollabTurn({
-        cwd,
-        prompt: input.prompt,
-        assistantResponse: input.assistantResponse,
-        allowBranchMismatch: input.allowBranchMismatch ?? false,
-        idempotencyKey: input.idempotencyKey,
-        agent: context.agentMetadata
-      });
-    }
-  });
-  registerTool(server, context, {
-    name: "remix_collab_record_no_diff_turn",
-    description: "Alias of remix_collab_record_turn with a more explicit name: record a prompt/response turn only when the worktree has no code diff.",
-    access: "remote_write",
-    inputSchema: recordTurnInputSchema,
-    outputSchema: recordTurnSuccessSchema,
-    run: async (args) => {
-      const input = z3.object(recordTurnInputSchema).parse(args);
-      const cwd = resolvePolicyCwd(context.policy, input.cwd);
-      return recordCollabTurn({
-        cwd,
-        prompt: input.prompt,
-        assistantResponse: input.assistantResponse,
+        sync: input.sync,
         allowBranchMismatch: input.allowBranchMismatch ?? false,
         idempotencyKey: input.idempotencyKey,
         agent: context.agentMetadata
@@ -1387,7 +1941,12 @@ function registerCollabTools(server, context) {
     outputSchema: mergeRequestQueueSuccessSchema,
     run: async (args) => {
       const input = z3.object(reviewQueueInputSchema).parse(args);
-      return reviewQueue({ status: input.status, kind: input.kind });
+      return reviewQueue({
+        status: input.status,
+        kind: input.kind,
+        limit: input.limit,
+        offset: input.offset
+      });
     }
   });
   registerTool(server, context, {
@@ -1398,7 +1957,12 @@ function registerCollabTools(server, context) {
     outputSchema: mergeRequestQueueSuccessSchema,
     run: async (args) => {
       const input = z3.object(myMergeRequestsInputSchema).parse(args);
-      return myMergeRequests({ status: input.status, kind: input.kind });
+      return myMergeRequests({
+        status: input.status,
+        kind: input.kind,
+        limit: input.limit,
+        offset: input.offset
+      });
     }
   });
   registerTool(server, context, {
@@ -1415,7 +1979,9 @@ function registerCollabTools(server, context) {
         appId: input.appId,
         queue: input.queue,
         status: input.status,
-        kind: input.kind
+        kind: input.kind,
+        limit: input.limit,
+        offset: input.offset
       });
     }
   });
@@ -1549,6 +2115,92 @@ function registerCollabTools(server, context) {
       return listMembers({
         cwd,
         scope: input.scope,
+        targetId: input.targetId,
+        limit: input.limit,
+        offset: input.offset
+      });
+    }
+  });
+  registerTool(server, context, {
+    name: "remix_collab_list_invites",
+    description: "List invitations for an organization, project, or app, using the current repository binding unless targetId is provided.",
+    access: "read",
+    inputSchema: listInvitesInputSchema,
+    outputSchema: listInvitesSuccessSchema,
+    run: async (args) => {
+      const input = z3.object(listInvitesInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listInvites({
+        cwd,
+        scope: input.scope ?? "project",
+        targetId: input.targetId,
+        limit: input.limit,
+        offset: input.offset
+      });
+    }
+  });
+  registerTool(server, context, {
+    name: "remix_collab_resend_invite",
+    description: "Resend an existing invitation for an organization, project, or app, using the current repository binding unless targetId is provided.",
+    access: "remote_write",
+    inputSchema: resendInviteInputSchema,
+    outputSchema: resendInviteSuccessSchema,
+    run: async (args) => {
+      const input = z3.object(resendInviteInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return resendInvite({
+        cwd,
+        scope: input.scope ?? "project",
+        targetId: input.targetId,
+        inviteId: input.inviteId,
+        ttlDays: input.ttlDays
+      });
+    }
+  });
+  registerTool(server, context, {
+    name: "remix_collab_revoke_invite",
+    description: "Revoke an existing invitation for an organization, project, or app, using the current repository binding unless targetId is provided.",
+    access: "remote_write",
+    inputSchema: revokeInviteInputSchema,
+    outputSchema: revokeInviteSuccessSchema,
+    run: async (args) => {
+      const input = z3.object(revokeInviteInputSchema).parse(args);
+      assertConfirm(input.confirm, "remix_collab_revoke_invite");
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return revokeInvite({
+        cwd,
+        scope: input.scope ?? "project",
+        targetId: input.targetId,
+        inviteId: input.inviteId
+      });
+    }
+  });
+  registerTool(server, context, {
+    name: "remix_collab_accept_invitation",
+    description: "Accept an invitation token for the currently authenticated Remix user.",
+    access: "remote_write",
+    inputSchema: acceptInvitationInputSchema,
+    outputSchema: acceptInvitationSuccessSchema,
+    annotations: getAnnotations("remote_write", { idempotent: true }),
+    run: async (args) => {
+      const input = z3.object(acceptInvitationInputSchema).parse(args);
+      return acceptInvitation({
+        token: input.token
+      });
+    }
+  });
+  registerTool(server, context, {
+    name: "remix_access_debug",
+    description: "Explain why the current user does or does not have access to an organization, project, or app by composing binding, membership, invite, and scope context.",
+    access: "read",
+    inputSchema: accessDebugInputSchema,
+    outputSchema: accessDebugSuccessSchema,
+    run: async (args) => {
+      const input = z3.object(accessDebugInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return accessDebug({
+        cwd,
+        scope: input.scope ?? "project",
         targetId: input.targetId
       });
     }
@@ -1573,92 +2225,663 @@ function registerCollabTools(server, context) {
   });
 }
 
-// src/tools/memory/register.ts
+// src/tools/identity/register.ts
 import { z as z5 } from "zod";
 
-// src/contracts/memory.ts
+// src/contracts/identity.ts
 import { z as z4 } from "zod";
 var genericRecordSchema2 = z4.record(z4.string(), z4.unknown());
 var genericArraySchema2 = z4.array(genericRecordSchema2);
-var memoryKindSchema = z4.enum(["collab_turn", "change_step", "merge_request", "reconcile"]);
-var paginationSchema = z4.object({
-  limit: z4.number().int().nonnegative(),
+var paginationSchema2 = z4.object({
+  limit: z4.number().int().positive(),
   offset: z4.number().int().nonnegative(),
   hasMore: z4.boolean()
 });
-var memorySummaryInputSchema = {
+var whoamiInputSchema = {
+  ...commonRequestFieldsSchema
+};
+var directoryOrganizationInputSchema = {
   ...commonRequestFieldsSchema,
-  appId: z4.string().trim().min(1).optional()
+  organizationId: z4.string().trim().min(1).optional()
 };
-var memorySearchInputSchema = {
+var directoryListProjectsInputSchema = {
   ...commonRequestFieldsSchema,
-  appId: z4.string().trim().min(1).optional(),
-  query: z4.string().trim().min(1),
-  kinds: z4.array(memoryKindSchema).max(4).optional(),
-  limit: z4.number().int().positive().max(50).optional(),
-  offset: z4.number().int().nonnegative().optional(),
-  createdAfter: z4.string().trim().min(1).optional(),
-  createdBefore: z4.string().trim().min(1).optional()
+  organizationId: z4.string().trim().min(1).optional(),
+  clientAppId: z4.string().trim().min(1).optional()
 };
-var memoryTimelineInputSchema = {
+var directoryProjectInputSchema = {
+  ...commonRequestFieldsSchema,
+  projectId: z4.string().trim().min(1).optional()
+};
+var directoryListAppsInputSchema = {
   ...commonRequestFieldsSchema,
-  appId: z4.string().trim().min(1).optional(),
-  kinds: z4.array(memoryKindSchema).max(4).optional(),
+  projectId: z4.string().trim().min(1).optional(),
+  organizationId: z4.string().trim().min(1).optional(),
+  ownership: z4.enum(["mine", "shared", "all"]).optional(),
+  accessScope: z4.enum(["all_readable", "explicit_member"]).optional(),
+  createdBy: z4.string().trim().min(1).optional(),
+  forked: z4.enum(["only", "exclude", "all"]).optional(),
   limit: z4.number().int().positive().max(50).optional(),
-  offset: z4.number().int().nonnegative().optional(),
-  createdAfter: z4.string().trim().min(1).optional(),
-  createdBefore: z4.string().trim().min(1).optional()
+  offset: z4.number().int().nonnegative().optional()
 };
-var changeStepDiffInputSchema = {
+var directoryAppInputSchema = {
   ...commonRequestFieldsSchema,
-  appId: z4.string().trim().min(1).optional(),
-  changeStepId: z4.string().trim().min(1)
+  appId: z4.string().trim().min(1).optional()
 };
-var memorySummaryDataSchema = genericRecordSchema2;
-var memorySearchDataSchema = z4.object({
-  items: genericArraySchema2,
-  pagination: paginationSchema
+var whoamiDataSchema = z4.object({
+  id: z4.string().nullable(),
+  name: z4.string().nullable(),
+  email: z4.string().nullable(),
+  organizationId: z4.string().nullable(),
+  roles: genericRecordSchema2,
+  binding: genericRecordSchema2.nullable()
 });
-var memoryTimelineDataSchema = z4.object({
-  items: genericArraySchema2,
-  pagination: paginationSchema
+var listOrganizationsDataSchema = z4.object({
+  organizations: genericArraySchema2
 });
-var changeStepDiffDataSchema = z4.object({
-  changeStepId: z4.string(),
-  appId: z4.string(),
-  diff: z4.string(),
-  diffSha256: z4.string(),
-  contentType: z4.string(),
-  encoding: z4.string(),
-  expiresIn: z4.number().int().positive()
+var getOrganizationDataSchema = z4.object({
+  organization: genericRecordSchema2
 });
-var memorySummarySuccessSchema = makeSuccessSchema(memorySummaryDataSchema);
-var memorySearchSuccessSchema = makeSuccessSchema(memorySearchDataSchema);
-var memoryTimelineSuccessSchema = makeSuccessSchema(memoryTimelineDataSchema);
-var changeStepDiffSuccessSchema = makeSuccessSchema(changeStepDiffDataSchema);
+var listProjectsDataSchema = z4.object({
+  organizationId: z4.string().nullable(),
+  projects: genericArraySchema2
+});
+var getProjectDataSchema = z4.object({
+  project: genericRecordSchema2
+});
+var listAppsDataSchema = z4.object({
+  apps: genericArraySchema2,
+  pagination: paginationSchema2,
+  filters: z4.object({
+    projectId: z4.string().nullable(),
+    organizationId: z4.string().nullable(),
+    ownership: z4.enum(["mine", "shared", "all"]),
+    accessScope: z4.enum(["all_readable", "explicit_member"]),
+    createdBy: z4.string().nullable(),
+    forked: z4.enum(["only", "exclude", "all"])
+  })
+});
+var getAppDataSchema = z4.object({
+  app: genericRecordSchema2
+});
+var whoamiSuccessSchema = makeSuccessSchema(whoamiDataSchema);
+var listOrganizationsSuccessSchema = makeSuccessSchema(listOrganizationsDataSchema);
+var getOrganizationSuccessSchema = makeSuccessSchema(getOrganizationDataSchema);
+var listProjectsSuccessSchema = makeSuccessSchema(listProjectsDataSchema);
+var getProjectSuccessSchema = makeSuccessSchema(getProjectDataSchema);
+var listAppsSuccessSchema = makeSuccessSchema(listAppsDataSchema);
+var getAppSuccessSchema = makeSuccessSchema(getAppDataSchema);
 
-// src/domain/memoryAdapter.ts
-import { readCollabBinding } from "@remixhq/core/binding";
-import { findGitRoot as findGitRoot2 } from "@remixhq/core/repo";
-function buildSummaryNextActions(summary) {
-  const actions = [];
-  actions.push(
-    "Use `remix_collab_memory_search` next for focused why/history/failed-attempt questions about this app."
-  );
-  const recentItemCount = summary.recent.collabTurns.length + summary.recent.changeSteps.length + summary.recent.mergeRequests.length + summary.recent.reconciles.length;
-  if (recentItemCount > 0) {
-    actions.push("Use `remix_collab_memory_timeline` next if you need the chronological sequence of recent activity.");
+// src/domain/directoryAdapter.ts
+function normalizePagination2(params) {
+  const rawLimit = typeof params?.limit === "number" ? Math.trunc(params.limit) : 25;
+  const rawOffset = typeof params?.offset === "number" ? Math.trunc(params.offset) : 0;
+  return {
+    limit: Math.max(1, Math.min(50, rawLimit)),
+    offset: Math.max(0, rawOffset)
+  };
+}
+async function resolveOrganizationId(api, params) {
+  const explicitId = params.organizationId?.trim();
+  if (explicitId) return explicitId;
+  const bindingContext = await loadBindingContext(params.cwd);
+  if (!bindingContext.binding) {
+    throw makeNotBoundError("Organization id was not provided and the current repository is not bound to Remix.");
   }
-  if (summary.counts.failedChangeStepCount > 0 || summary.counts.reconcileCount > 0) {
-    actions.push(
-      "For prior failures or recovery history, run `remix_collab_memory_search` with a focused query and `kinds` narrowed to `change_step` and `reconcile` when appropriate."
+  const appContext = unwrapResponseObject(
+    await api.getAppContext(bindingContext.binding.currentAppId),
+    "bound app context"
+  );
+  if (!appContext.readableScopes.organization) {
+    throw createAccessDeniedError(
+      "The bound app's organization is not readable to the current user.",
+      "Use an explicit organization id you can access, or inspect the bound app with `remix_directory_get_app` / `remix_access_debug` for app-level context."
     );
   }
-  return actions;
-}
-function getFirstChangeStepId(items) {
-  const changeStep = items.find((item) => item.kind === "change_step");
-  return changeStep?.id ?? null;
+  return appContext.organizationId;
+}
+async function resolveProjectId(api, params) {
+  const explicitId = params.projectId?.trim();
+  if (explicitId) {
+    const bindingContext2 = await loadBindingContext(params.cwd);
+    return { projectId: explicitId, repoRoot: bindingContext2.repoRoot };
+  }
+  const bindingContext = await loadBindingContext(params.cwd);
+  if (!bindingContext.binding) {
+    throw makeNotBoundError("Project id was not provided and the current repository is not bound to Remix.");
+  }
+  const appContext = unwrapResponseObject(
+    await api.getAppContext(bindingContext.binding.currentAppId),
+    "bound app context"
+  );
+  if (!appContext.readableScopes.project) {
+    throw createAccessDeniedError(
+      "The bound app's project is not readable to the current user.",
+      "Use `remix_directory_get_app` or `remix_access_debug` for app-level diagnostics, or pass an explicit project id you can access."
+    );
+  }
+  return {
+    projectId: appContext.projectId,
+    repoRoot: bindingContext.repoRoot
+  };
+}
+async function resolveAppId(params) {
+  const explicitId = params.appId?.trim();
+  if (explicitId) {
+    const bindingContext2 = await loadBindingContext(params.cwd);
+    return { appId: explicitId, repoRoot: bindingContext2.repoRoot };
+  }
+  const bindingContext = await loadBindingContext(params.cwd);
+  if (!bindingContext.binding) {
+    throw makeNotBoundError("App id was not provided and the current repository is not bound to Remix.");
+  }
+  return {
+    appId: bindingContext.binding.currentAppId,
+    repoRoot: bindingContext.repoRoot
+  };
+}
+function toEffectiveAppRole(role) {
+  switch (role) {
+    case "owner":
+    case "maintainer":
+    case "editor":
+    case "viewer":
+      return role;
+    default:
+      return null;
+  }
+}
+function resolveAppAccessSource2(params) {
+  if (params.directAppRole && params.inheritedProjectRole) return "both";
+  if (params.directAppRole) return "direct_app_membership";
+  if (params.inheritedProjectRole) return "project_membership";
+  return "none";
+}
+function emptySelfRoles() {
+  return {
+    organizationRole: null,
+    projectRole: null,
+    appRole: null,
+    directAppRole: null,
+    inheritedProjectRole: null,
+    appAccessSource: "none"
+  };
+}
+function resolveSelfRolesFromAppContext(appContext) {
+  if (!appContext) return emptySelfRoles();
+  const directAppRole = toEffectiveAppRole(appContext.roles.appRole);
+  const inheritedProjectRole = toEffectiveAppRole(appContext.roles.inheritedProjectRole);
+  return {
+    organizationRole: appContext.roles.organizationRole ?? null,
+    projectRole: appContext.roles.projectRole ?? null,
+    appRole: toEffectiveAppRole(appContext.roles.effectiveAppRole),
+    directAppRole,
+    inheritedProjectRole,
+    appAccessSource: resolveAppAccessSource2({ directAppRole, inheritedProjectRole })
+  };
+}
+async function whoAmI(params) {
+  const api = await createApiClient();
+  const bindingContext = await loadBindingContext(params.cwd);
+  const me = unwrapResponseObject(await api.getMe(), "current user");
+  const warnings = bindingContext.binding ? [] : ["No local Remix binding was detected for the provided cwd."];
+  let boundAppContext = null;
+  let boundProject = null;
+  let boundApp = null;
+  if (bindingContext.binding) {
+    try {
+      boundAppContext = unwrapResponseObject(
+        await api.getAppContext(bindingContext.binding.currentAppId),
+        "bound app context"
+      );
+    } catch (error) {
+      if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+      warnings.push(
+        "The bound app context could not be loaded. The local binding may be stale, or the current user may no longer be able to read that app."
+      );
+    }
+    try {
+      boundApp = unwrapResponseObject(await api.getApp(bindingContext.binding.currentAppId), "app");
+    } catch (error) {
+      if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+      warnings.push("The bound app metadata could not be loaded for the current user.");
+    }
+    if (boundAppContext?.readableScopes.project) {
+      try {
+        boundProject = unwrapResponseObject(await api.getProject(boundAppContext.projectId), "project");
+      } catch (error) {
+        if (!isBackendForbidden(error) && !isBackendNotFound(error)) throw error;
+        warnings.push("The bound app is readable, but its project metadata is not currently readable to the current user.");
+      }
+    } else if (boundAppContext) {
+      warnings.push("The bound app is readable, but its project/workspace is not readable to the current user.");
+    }
+  }
+  const roles = resolveSelfRolesFromAppContext(boundAppContext);
+  return {
+    data: {
+      id: me.id ?? null,
+      name: me.name ?? null,
+      email: me.email ?? null,
+      organizationId: me.organizationId ?? null,
+      roles,
+      binding: bindingContext.binding == null ? null : {
+        repoRoot: bindingContext.repoRoot,
+        ...bindingContext.binding,
+        projectId: boundAppContext?.projectId ?? bindingContext.binding.projectId,
+        organizationId: boundAppContext?.organizationId ?? null,
+        visibility: boundAppContext?.visibility ?? null,
+        accessPath: boundAppContext?.accessPath ?? null,
+        readableScopes: boundAppContext?.readableScopes ?? null,
+        projectName: boundProject?.name ?? null,
+        appName: boundApp?.name ?? null
+      }
+    },
+    warnings,
+    recommendedNextActions: bindingContext.binding ? ["Use `remix_access_debug` next when you need to explain repository binding or membership issues in this workspace."] : ["Use `remix_directory_list_organizations` to inspect visible tenancy context, or run `remix_collab_init` in a repository to create a local binding."],
+    logContext: {
+      repoRoot: bindingContext.repoRoot,
+      appId: bindingContext.binding?.currentAppId ?? null
+    }
+  };
+}
+async function listOrganizations() {
+  const api = await createApiClient();
+  const organizations = unwrapResponseObject(await api.listOrganizations(), "organizations");
+  return {
+    data: { organizations },
+    warnings: [],
+    recommendedNextActions: organizations.length ? ["Use `remix_directory_get_organization` for one organization, or `remix_directory_list_projects` to inspect projects under a chosen organization."] : [],
+    logContext: {}
+  };
+}
+async function getOrganization(params) {
+  const api = await createApiClient();
+  const organizationId = await resolveOrganizationId(api, params);
+  const bindingContext = await loadBindingContext(params.cwd);
+  const organization = unwrapResponseObject(await api.getOrganization(organizationId), "organization");
+  return {
+    data: { organization },
+    warnings: [],
+    recommendedNextActions: ["Use `remix_directory_list_projects` with this organization id to inspect its project directory."],
+    logContext: {
+      repoRoot: bindingContext.repoRoot
+    }
+  };
+}
+async function listProjects(params) {
+  const api = await createApiClient();
+  const bindingContext = await loadBindingContext(params.cwd);
+  const organizationId = params.organizationId !== void 0 ? await resolveOrganizationId(api, { organizationId: params.organizationId, cwd: params.cwd }) : null;
+  const projects = unwrapResponseObject(
+    await api.listProjects({
+      organizationId: organizationId ?? void 0,
+      clientAppId: params.clientAppId
+    }),
+    "projects"
+  );
+  return {
+    data: {
+      projects,
+      organizationId
+    },
+    warnings: [],
+    recommendedNextActions: projects.length ? ["Use `remix_directory_get_project` for one project, or `remix_directory_list_apps` to inspect apps under a chosen project or organization."] : [],
+    logContext: {
+      repoRoot: bindingContext.repoRoot,
+      appId: bindingContext.binding?.currentAppId ?? null
+    }
+  };
+}
+async function getProject(params) {
+  const api = await createApiClient();
+  const target = await resolveProjectId(api, params);
+  const project = unwrapResponseObject(await api.getProject(target.projectId), "project");
+  return {
+    data: { project },
+    warnings: [],
+    recommendedNextActions: ["Use `remix_directory_list_apps` with this project id to inspect apps under the project."],
+    logContext: {
+      repoRoot: target.repoRoot
+    }
+  };
+}
+async function listApps2(params) {
+  const api = await createApiClient();
+  const bindingContext = await loadBindingContext(params.cwd);
+  const pagination = normalizePagination2(params);
+  const apps = unwrapResponseObject(
+    await api.listApps({
+      projectId: params.projectId,
+      organizationId: params.organizationId,
+      ownership: params.ownership ?? "all",
+      accessScope: params.accessScope ?? "explicit_member",
+      createdBy: params.createdBy,
+      forked: params.forked,
+      limit: pagination.limit + 1,
+      offset: pagination.offset
+    }),
+    "apps"
+  );
+  return {
+    data: {
+      apps: apps.slice(0, pagination.limit),
+      pagination: {
+        ...pagination,
+        hasMore: apps.length > pagination.limit
+      },
+      filters: {
+        projectId: params.projectId ?? null,
+        organizationId: params.organizationId ?? null,
+        ownership: params.ownership ?? "all",
+        accessScope: params.accessScope ?? "explicit_member",
+        createdBy: params.createdBy ?? null,
+        forked: params.forked ?? "all"
+      }
+    },
+    warnings: [],
+    recommendedNextActions: apps.length > pagination.limit ? [`Pass offset=${pagination.offset + pagination.limit} to load the next page.`] : ["Use `remix_directory_get_app` for one app, or `remix_context_get_app_overview` for operational context on a chosen app."],
+    logContext: {
+      repoRoot: bindingContext.repoRoot,
+      appId: bindingContext.binding?.currentAppId ?? null
+    }
+  };
+}
+async function getApp(params) {
+  const api = await createApiClient();
+  const target = await resolveAppId(params);
+  const app = unwrapResponseObject(await api.getApp(target.appId), "app");
+  return {
+    data: { app },
+    warnings: [],
+    recommendedNextActions: ["Use `remix_context_get_app_overview` for status and capability context, or `remix_ops_list_timeline` for bounded historical activity."],
+    logContext: {
+      repoRoot: target.repoRoot,
+      appId: target.appId
+    }
+  };
+}
+
+// src/tools/identity/register.ts
+function getAnnotations2(access) {
+  return {
+    readOnlyHint: access === "read",
+    destructiveHint: false,
+    idempotentHint: true,
+    openWorldHint: false
+  };
+}
+function buildSuccessEnvelope2(tool, requestId, result) {
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: true,
+    tool,
+    requestId: requestId ?? null,
+    data: result.data,
+    warnings: result.warnings ?? [],
+    risks: result.risks ?? [],
+    recommendedNextActions: result.recommendedNextActions ?? []
+  };
+}
+function deriveErrorRisks2(normalized) {
+  if (normalized.code === "DESTRUCTIVE_OPERATION_BLOCKED") {
+    return ["A policy guard blocked a disallowed operation."];
+  }
+  return [];
+}
+function buildErrorEnvelope2(tool, requestId, error) {
+  const normalized = normalizeToolError(error);
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: false,
+    tool,
+    requestId: requestId ?? null,
+    error: normalized,
+    warnings: [],
+    risks: deriveErrorRisks2(normalized),
+    recommendedNextActions: normalized.code === "AUTH_REQUIRED" ? ["Run `remix login` or set COMERGE_ACCESS_TOKEN, then retry."] : []
+  };
+}
+function registerTool2(server, context, params) {
+  const errorSchema = makeErrorSchema();
+  server.registerTool(
+    params.name,
+    {
+      title: params.name,
+      description: params.description,
+      inputSchema: params.inputSchema,
+      outputSchema: params.outputSchema,
+      annotations: getAnnotations2(params.access)
+    },
+    async (rawArgs) => {
+      const requestId = typeof rawArgs.requestId === "string" ? rawArgs.requestId : void 0;
+      const startedAt = Date.now();
+      try {
+        assertToolAccess(context.policy, params.access);
+        const result = await params.run(rawArgs);
+        const envelope = buildSuccessEnvelope2(params.name, requestId, result);
+        params.outputSchema.parse(envelope);
+        context.logger.log({
+          level: "info",
+          message: "tool_completed",
+          tool: params.name,
+          requestId: envelope.requestId,
+          durationMs: Date.now() - startedAt,
+          result: "success",
+          repoRoot: result.logContext?.repoRoot ?? null,
+          appId: result.logContext?.appId ?? null,
+          mrId: result.logContext?.mrId ?? null
+        });
+        return makeSuccessResult(envelope);
+      } catch (error) {
+        const envelope = buildErrorEnvelope2(params.name, requestId, error);
+        errorSchema.parse(envelope);
+        context.logger.log({
+          level: "error",
+          message: "tool_failed",
+          tool: params.name,
+          requestId: envelope.requestId,
+          durationMs: Date.now() - startedAt,
+          result: "error",
+          errorCode: envelope.error.code
+        });
+        return makeErrorResult(envelope);
+      }
+    }
+  );
+}
+function registerIdentityTools(server, context) {
+  registerTool2(server, context, {
+    name: "remix_identity_whoami",
+    description: "Show the authenticated Remix user and, when cwd is provided, the current local binding and any immediately derivable roles for that bound workspace.",
+    access: "read",
+    inputSchema: whoamiInputSchema,
+    outputSchema: whoamiSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(whoamiInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return whoAmI({ cwd });
+    }
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_list_organizations",
+    description: "List organizations visible to the authenticated Remix user.",
+    access: "read",
+    inputSchema: whoamiInputSchema,
+    outputSchema: listOrganizationsSuccessSchema,
+    run: async () => listOrganizations()
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_get_organization",
+    description: "Fetch one organization by id, or infer the bound repository's organization from cwd when possible.",
+    access: "read",
+    inputSchema: directoryOrganizationInputSchema,
+    outputSchema: getOrganizationSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(directoryOrganizationInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getOrganization({
+        organizationId: input.organizationId,
+        cwd
+      });
+    }
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_list_projects",
+    description: "List projects visible to the authenticated user, optionally narrowed to one organization or client app.",
+    access: "read",
+    inputSchema: directoryListProjectsInputSchema,
+    outputSchema: listProjectsSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(directoryListProjectsInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listProjects({
+        organizationId: input.organizationId,
+        clientAppId: input.clientAppId,
+        cwd
+      });
+    }
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_get_project",
+    description: "Fetch one project by id, or infer the bound repository's project from cwd when possible.",
+    access: "read",
+    inputSchema: directoryProjectInputSchema,
+    outputSchema: getProjectSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(directoryProjectInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getProject({
+        projectId: input.projectId,
+        cwd
+      });
+    }
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_list_apps",
+    description: "List apps visible to the authenticated user, with optional organization, project, ownership, and access-scope filters. Defaults to membership-oriented discovery unless accessScope=all_readable is passed explicitly.",
+    access: "read",
+    inputSchema: directoryListAppsInputSchema,
+    outputSchema: listAppsSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(directoryListAppsInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listApps2({
+        projectId: input.projectId,
+        organizationId: input.organizationId,
+        ownership: input.ownership,
+        accessScope: input.accessScope,
+        createdBy: input.createdBy,
+        forked: input.forked,
+        limit: input.limit,
+        offset: input.offset,
+        cwd
+      });
+    }
+  });
+  registerTool2(server, context, {
+    name: "remix_directory_get_app",
+    description: "Fetch one app by id, or infer the bound repository's current app from cwd when possible.",
+    access: "read",
+    inputSchema: directoryAppInputSchema,
+    outputSchema: getAppSuccessSchema,
+    run: async (args) => {
+      const input = z5.object(directoryAppInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getApp({
+        appId: input.appId,
+        cwd
+      });
+    }
+  });
+}
+
+// src/tools/memory/register.ts
+import { z as z7 } from "zod";
+
+// src/contracts/memory.ts
+import { z as z6 } from "zod";
+var genericRecordSchema3 = z6.record(z6.string(), z6.unknown());
+var genericArraySchema3 = z6.array(genericRecordSchema3);
+var memoryKindSchema = z6.enum(["collab_turn", "change_step", "merge_request", "reconcile"]);
+var paginationSchema3 = z6.object({
+  limit: z6.number().int().nonnegative(),
+  offset: z6.number().int().nonnegative(),
+  hasMore: z6.boolean()
+});
+var memorySummaryInputSchema = {
+  ...commonRequestFieldsSchema,
+  appId: z6.string().trim().min(1).optional()
+};
+var memorySearchInputSchema = {
+  ...commonRequestFieldsSchema,
+  appId: z6.string().trim().min(1).optional(),
+  query: z6.string().trim().min(1),
+  kinds: z6.array(memoryKindSchema).max(4).optional(),
+  limit: z6.number().int().positive().max(50).optional(),
+  offset: z6.number().int().nonnegative().optional(),
+  createdAfter: z6.string().trim().min(1).optional(),
+  createdBefore: z6.string().trim().min(1).optional()
+};
+var memoryTimelineInputSchema = {
+  ...commonRequestFieldsSchema,
+  appId: z6.string().trim().min(1).optional(),
+  kinds: z6.array(memoryKindSchema).max(4).optional(),
+  limit: z6.number().int().positive().max(50).optional(),
+  offset: z6.number().int().nonnegative().optional(),
+  createdAfter: z6.string().trim().min(1).optional(),
+  createdBefore: z6.string().trim().min(1).optional()
+};
+var changeStepDiffInputSchema = {
+  ...commonRequestFieldsSchema,
+  appId: z6.string().trim().min(1).optional(),
+  changeStepId: z6.string().trim().min(1)
+};
+var memorySummaryDataSchema = genericRecordSchema3;
+var memorySearchDataSchema = z6.object({
+  items: genericArraySchema3,
+  pagination: paginationSchema3
+});
+var memoryTimelineDataSchema = z6.object({
+  items: genericArraySchema3,
+  pagination: paginationSchema3
+});
+var changeStepDiffDataSchema = z6.object({
+  changeStepId: z6.string(),
+  appId: z6.string(),
+  diff: z6.string(),
+  diffSha256: z6.string(),
+  contentType: z6.string(),
+  encoding: z6.string(),
+  expiresIn: z6.number().int().positive()
+});
+var memorySummarySuccessSchema = makeSuccessSchema(memorySummaryDataSchema);
+var memorySearchSuccessSchema = makeSuccessSchema(memorySearchDataSchema);
+var memoryTimelineSuccessSchema = makeSuccessSchema(memoryTimelineDataSchema);
+var changeStepDiffSuccessSchema = makeSuccessSchema(changeStepDiffDataSchema);
+
+// src/domain/memoryAdapter.ts
+import { readCollabBinding as readCollabBinding2 } from "@remixhq/core/binding";
+import { findGitRoot as findGitRoot3 } from "@remixhq/core/repo";
+function buildSummaryNextActions(summary) {
+  const actions = [];
+  actions.push(
+    "Use `remix_collab_memory_search` next for focused why/history/failed-attempt questions about this app."
+  );
+  const recentItemCount = summary.recent.collabTurns.length + summary.recent.changeSteps.length + summary.recent.mergeRequests.length + summary.recent.reconciles.length;
+  if (recentItemCount > 0) {
+    actions.push("Use `remix_collab_memory_timeline` next if you need the chronological sequence of recent activity.");
+  }
+  if (summary.counts.failedChangeStepCount > 0 || summary.counts.reconcileCount > 0) {
+    actions.push(
+      "For prior failures or recovery history, run `remix_collab_memory_search` with a focused query and `kinds` narrowed to `change_step` and `reconcile` when appropriate."
+    );
+  }
+  return actions;
+}
+function getFirstChangeStepId(items) {
+  const changeStep = items.find((item) => item.kind === "change_step");
+  return changeStep?.id ?? null;
 }
 function buildSearchNextActions(result) {
   if (result.items.length === 0) {
@@ -1713,14 +2936,14 @@ function unwrapResponseObject2(resp, label) {
   }
   return obj;
 }
-function makeNotBoundError() {
+function makeNotBoundError2() {
   const error = new Error("Repository is not bound to Remix.");
   error.hint = "Run `remix_collab_init` in this repository, or pass `appId` explicitly for a direct memory read.";
   return error;
 }
-async function maybeFindGitRoot(cwd) {
+async function maybeFindGitRoot2(cwd) {
   try {
-    return await findGitRoot2(cwd);
+    return await findGitRoot3(cwd);
   } catch {
     return null;
   }
@@ -1730,13 +2953,13 @@ async function resolveMemoryTarget(params) {
   if (explicitAppId) {
     return {
       appId: explicitAppId,
-      repoRoot: await maybeFindGitRoot(params.cwd)
+      repoRoot: await maybeFindGitRoot2(params.cwd)
     };
   }
-  const repoRoot = await findGitRoot2(params.cwd);
-  const binding = await readCollabBinding(repoRoot);
+  const repoRoot = await findGitRoot3(params.cwd);
+  const binding = await readCollabBinding2(repoRoot);
   if (!binding) {
-    throw makeNotBoundError();
+    throw makeNotBoundError2();
   }
   return {
     appId: binding.currentAppId,
@@ -1806,7 +3029,7 @@ async function getChangeStepDiff(params) {
 }
 
 // src/tools/memory/register.ts
-function getAnnotations2(access) {
+function getAnnotations3(access) {
   return {
     readOnlyHint: access === "read",
     destructiveHint: false,
@@ -1814,7 +3037,7 @@ function getAnnotations2(access) {
     openWorldHint: false
   };
 }
-function buildSuccessEnvelope2(tool, requestId, result) {
+function buildSuccessEnvelope3(tool, requestId, result) {
   return {
     schemaVersion: SCHEMA_VERSION,
     ok: true,
@@ -1826,7 +3049,7 @@ function buildSuccessEnvelope2(tool, requestId, result) {
     recommendedNextActions: result.recommendedNextActions ?? []
   };
 }
-function buildErrorEnvelope2(tool, requestId, error) {
+function buildErrorEnvelope3(tool, requestId, error) {
   const normalized = normalizeToolError(error);
   return {
     schemaVersion: SCHEMA_VERSION,
@@ -1835,17 +3058,17 @@ function buildErrorEnvelope2(tool, requestId, error) {
     requestId: requestId ?? null,
     error: normalized,
     warnings: [],
-    risks: deriveErrorRisks2(normalized),
+    risks: deriveErrorRisks3(normalized),
     recommendedNextActions: normalized.code === "AUTH_REQUIRED" ? ["Run `remix login` or set COMERGE_ACCESS_TOKEN, then retry."] : []
   };
 }
-function deriveErrorRisks2(normalized) {
+function deriveErrorRisks3(normalized) {
   if (normalized.code === "DESTRUCTIVE_OPERATION_BLOCKED") {
     return ["A policy guard blocked a disallowed operation."];
   }
   return [];
 }
-function registerTool2(server, context, params) {
+function registerTool3(server, context, params) {
   const errorSchema = makeErrorSchema();
   server.registerTool(
     params.name,
@@ -1854,7 +3077,7 @@ function registerTool2(server, context, params) {
       description: params.description,
       inputSchema: params.inputSchema,
       outputSchema: params.outputSchema,
-      annotations: getAnnotations2(params.access)
+      annotations: getAnnotations3(params.access)
     },
     async (rawArgs) => {
       const requestId = typeof rawArgs.requestId === "string" ? rawArgs.requestId : void 0;
@@ -1862,7 +3085,7 @@ function registerTool2(server, context, params) {
       try {
         assertToolAccess(context.policy, params.access);
         const result = await params.run(rawArgs);
-        const envelope = buildSuccessEnvelope2(params.name, requestId, result);
+        const envelope = buildSuccessEnvelope3(params.name, requestId, result);
         params.outputSchema.parse(envelope);
         context.logger.log({
           level: "info",
@@ -1878,7 +3101,7 @@ function registerTool2(server, context, params) {
         });
         return makeSuccessResult(envelope);
       } catch (error) {
-        const envelope = buildErrorEnvelope2(params.name, requestId, error);
+        const envelope = buildErrorEnvelope3(params.name, requestId, error);
         errorSchema.parse(envelope);
         context.logger.log({
           level: "error",
@@ -1895,14 +3118,14 @@ function registerTool2(server, context, params) {
   );
 }
 function registerMemoryTools(server, context) {
-  registerTool2(server, context, {
+  registerTool3(server, context, {
     name: "remix_collab_memory_summary",
     description: "First read for a bound app's current collaboration state, recent reasoning context, and merge or reconcile history before deeper inspection or any raw git history lookup.",
     access: "read",
     inputSchema: memorySummaryInputSchema,
     outputSchema: memorySummarySuccessSchema,
     run: async (args) => {
-      const input = z5.object(memorySummaryInputSchema).parse(args);
+      const input = z7.object(memorySummaryInputSchema).parse(args);
       const cwd = resolvePolicyCwd(context.policy, input.cwd);
       return getMemorySummary({
         cwd,
@@ -1910,14 +3133,14 @@ function registerMemoryTools(server, context) {
       });
     }
   });
-  registerTool2(server, context, {
+  registerTool3(server, context, {
     name: "remix_collab_memory_search",
     description: "Default tool for why/history/failed-attempt/user-intent questions. Search prompts, diffs, merge activity, reconciles, and other historical context before using raw git for exact repository facts.",
     access: "read",
     inputSchema: memorySearchInputSchema,
     outputSchema: memorySearchSuccessSchema,
     run: async (args) => {
-      const input = z5.object(memorySearchInputSchema).parse(args);
+      const input = z7.object(memorySearchInputSchema).parse(args);
       const cwd = resolvePolicyCwd(context.policy, input.cwd);
       return searchMemory({
         cwd,
@@ -1931,14 +3154,14 @@ function registerMemoryTools(server, context) {
       });
     }
   });
-  registerTool2(server, context, {
+  registerTool3(server, context, {
     name: "remix_collab_memory_timeline",
     description: "Chronological view of collaboration memory for understanding what happened and in what order, with optional filters for bounded historical inspection before any exact-facts raw git follow-up.",
     access: "read",
     inputSchema: memoryTimelineInputSchema,
     outputSchema: memoryTimelineSuccessSchema,
     run: async (args) => {
-      const input = z5.object(memoryTimelineInputSchema).parse(args);
+      const input = z7.object(memoryTimelineInputSchema).parse(args);
       const cwd = resolvePolicyCwd(context.policy, input.cwd);
       return getMemoryTimeline({
         cwd,
@@ -1951,14 +3174,14 @@ function registerMemoryTools(server, context) {
       });
     }
   });
-  registerTool2(server, context, {
+  registerTool3(server, context, {
     name: "remix_collab_memory_change_step_diff",
     description: "Second-hop expansion tool that fetches the full stored diff for a specific change step after memory search, timeline, or review work has identified the relevant `changeStepId`, keeping historical inspection inside Remix before raw git fallback.",
     access: "read",
     inputSchema: changeStepDiffInputSchema,
     outputSchema: changeStepDiffSuccessSchema,
     run: async (args) => {
-      const input = z5.object(changeStepDiffInputSchema).parse(args);
+      const input = z7.object(changeStepDiffInputSchema).parse(args);
       const cwd = resolvePolicyCwd(context.policy, input.cwd);
       return getChangeStepDiff({
         cwd,
@@ -1969,6 +3192,442 @@ function registerMemoryTools(server, context) {
   });
 }
 
+// src/tools/ops/register.ts
+import { z as z9 } from "zod";
+
+// src/contracts/ops.ts
+import { z as z8 } from "zod";
+var genericRecordSchema4 = z8.record(z8.string(), z8.unknown());
+var appScopedInputSchema = {
+  ...commonRequestFieldsSchema,
+  appId: z8.string().trim().min(1).optional()
+};
+var editQueueInputSchema = {
+  ...appScopedInputSchema,
+  limit: z8.number().int().positive().max(100).optional(),
+  offset: z8.number().int().nonnegative().optional()
+};
+var bundleInputSchema = {
+  ...appScopedInputSchema,
+  bundleId: z8.string().trim().min(1)
+};
+var timelineInputSchema = {
+  ...appScopedInputSchema,
+  limit: z8.number().int().positive().max(100).optional(),
+  cursor: z8.string().trim().min(1).optional()
+};
+var agentRunsInputSchema = {
+  ...appScopedInputSchema,
+  limit: z8.number().int().positive().max(100).optional(),
+  offset: z8.number().int().nonnegative().optional(),
+  status: z8.string().trim().min(1).optional(),
+  currentPhase: z8.string().trim().min(1).optional(),
+  createdAfter: z8.string().datetime().optional(),
+  createdBefore: z8.string().datetime().optional()
+};
+var agentRunInputSchema = {
+  ...appScopedInputSchema,
+  runId: z8.string().trim().min(1)
+};
+var agentRunEventsInputSchema = {
+  ...appScopedInputSchema,
+  runId: z8.string().trim().min(1),
+  limit: z8.number().int().positive().max(100).optional(),
+  offset: z8.number().int().nonnegative().optional(),
+  createdAfter: z8.string().datetime().optional(),
+  createdBefore: z8.string().datetime().optional()
+};
+var appOverviewSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var editQueueSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var bundleSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var timelineSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var agentRunsSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var agentRunSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var agentRunEventsSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+var sandboxStatusSuccessSchema = makeSuccessSchema(genericRecordSchema4);
+
+// src/domain/opsAdapter.ts
+async function resolveAppTarget(_api, params) {
+  const explicitAppId = params.appId?.trim();
+  const bindingContext = await loadBindingContext(params.cwd);
+  if (explicitAppId) {
+    return {
+      appId: explicitAppId,
+      repoRoot: bindingContext.repoRoot
+    };
+  }
+  if (!bindingContext.binding) {
+    throw makeNotBoundError("App id was not provided and the current repository is not bound to Remix.");
+  }
+  return {
+    appId: bindingContext.binding.currentAppId,
+    repoRoot: bindingContext.repoRoot
+  };
+}
+async function getAppOverview(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(await api.getAppOverview(target.appId), "app overview");
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: [
+      "Use `remix_ops_list_timeline`, `remix_ops_list_agent_runs`, `remix_ops_get_edit_queue`, or `remix_ops_get_sandbox_status` for the next operational drill-down on this app."
+    ],
+    logContext: target
+  };
+}
+async function getEditQueue(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(
+    await api.listAppEditQueue(target.appId, {
+      limit: params.limit,
+      offset: params.offset
+    }),
+    "edit queue"
+  );
+  const pageInfo = typeof data.pageInfo === "object" && data.pageInfo ? data.pageInfo : null;
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: pageInfo?.hasMore === true && typeof pageInfo.limit === "number" && typeof pageInfo.offset === "number" ? [`Pass offset=${pageInfo.offset + pageInfo.limit} to load the next edit queue page.`] : [],
+    logContext: target
+  };
+}
+async function getBundle(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(await api.getBundle(target.appId, params.bundleId), "bundle");
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: ["Use the bundle download-url client methods only when you need the actual artifact, not just metadata inspection."],
+    logContext: target
+  };
+}
+async function listTimeline(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(
+    await api.listAppTimeline(target.appId, {
+      limit: params.limit,
+      cursor: params.cursor
+    }),
+    "app timeline"
+  );
+  const pageInfo = typeof data.pageInfo === "object" && data.pageInfo ? data.pageInfo : null;
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: pageInfo?.hasMore === true && typeof pageInfo.nextCursor === "string" ? [`Pass cursor=${pageInfo.nextCursor} to load the next timeline page.`] : [],
+    logContext: target
+  };
+}
+async function listAgentRuns(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(
+    await api.listAgentRuns(target.appId, {
+      limit: params.limit,
+      offset: params.offset,
+      status: params.status,
+      currentPhase: params.currentPhase,
+      createdAfter: params.createdAfter,
+      createdBefore: params.createdBefore
+    }),
+    "agent runs"
+  );
+  const pageInfo = typeof data.pageInfo === "object" && data.pageInfo ? data.pageInfo : null;
+  const items = Array.isArray(data.items) ? data.items : [];
+  const firstRunId = items.length > 0 && items[0] && typeof items[0] === "object" && typeof items[0].id === "string" ? items[0].id : null;
+  const recommendedNextActions = [];
+  if (firstRunId) {
+    recommendedNextActions.push(
+      `Use \`remix_ops_get_agent_run\` with \`runId=${firstRunId}\` for the top listed run, then \`remix_ops_list_agent_run_events\` if you need its event stream.`
+    );
+  }
+  if (pageInfo?.hasMore === true && typeof pageInfo.limit === "number" && typeof pageInfo.offset === "number") {
+    recommendedNextActions.push(`Pass offset=${pageInfo.offset + pageInfo.limit} to load the next agent-runs page.`);
+  }
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions,
+    logContext: target
+  };
+}
+async function getAgentRun(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(await api.getAgentRun(target.appId, params.runId), "agent run");
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: [`Use \`remix_ops_list_agent_run_events\` with \`runId=${params.runId}\` for the event stream behind this run.`],
+    logContext: target
+  };
+}
+async function listAgentRunEvents(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(
+    await api.listAgentRunEvents(target.appId, params.runId, {
+      limit: params.limit,
+      offset: params.offset,
+      createdAfter: params.createdAfter,
+      createdBefore: params.createdBefore
+    }),
+    "agent run events"
+  );
+  const pageInfo = typeof data.pageInfo === "object" && data.pageInfo ? data.pageInfo : null;
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: pageInfo?.hasMore === true && typeof pageInfo.limit === "number" && typeof pageInfo.offset === "number" ? [`Pass offset=${pageInfo.offset + pageInfo.limit} to load the next event page.`] : [],
+    logContext: target
+  };
+}
+async function getSandboxStatus(params) {
+  const api = await createApiClient();
+  const target = await resolveAppTarget(api, params);
+  const data = unwrapResponseObject(await api.getSandboxStatus(target.appId), "sandbox status");
+  return {
+    data,
+    warnings: [],
+    recommendedNextActions: ["Use the sandbox metadata here to decide whether a resume is plausible before attempting any write-side sandbox action."],
+    logContext: target
+  };
+}
+
+// src/tools/ops/register.ts
+function getAnnotations4(access) {
+  return {
+    readOnlyHint: access === "read",
+    destructiveHint: false,
+    idempotentHint: true,
+    openWorldHint: false
+  };
+}
+function buildSuccessEnvelope4(tool, requestId, result) {
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: true,
+    tool,
+    requestId: requestId ?? null,
+    data: result.data,
+    warnings: result.warnings ?? [],
+    risks: result.risks ?? [],
+    recommendedNextActions: result.recommendedNextActions ?? []
+  };
+}
+function deriveErrorRisks4(normalized) {
+  if (normalized.code === "DESTRUCTIVE_OPERATION_BLOCKED") {
+    return ["A policy guard blocked a disallowed operation."];
+  }
+  return [];
+}
+function buildErrorEnvelope4(tool, requestId, error) {
+  const normalized = normalizeToolError(error);
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    ok: false,
+    tool,
+    requestId: requestId ?? null,
+    error: normalized,
+    warnings: [],
+    risks: deriveErrorRisks4(normalized),
+    recommendedNextActions: normalized.code === "AUTH_REQUIRED" ? ["Run `remix login` or set COMERGE_ACCESS_TOKEN, then retry."] : []
+  };
+}
+function registerTool4(server, context, params) {
+  const errorSchema = makeErrorSchema();
+  server.registerTool(
+    params.name,
+    {
+      title: params.name,
+      description: params.description,
+      inputSchema: params.inputSchema,
+      outputSchema: params.outputSchema,
+      annotations: getAnnotations4(params.access)
+    },
+    async (rawArgs) => {
+      const requestId = typeof rawArgs.requestId === "string" ? rawArgs.requestId : void 0;
+      const startedAt = Date.now();
+      try {
+        assertToolAccess(context.policy, params.access);
+        const result = await params.run(rawArgs);
+        const envelope = buildSuccessEnvelope4(params.name, requestId, result);
+        params.outputSchema.parse(envelope);
+        context.logger.log({
+          level: "info",
+          message: "tool_completed",
+          tool: params.name,
+          requestId: envelope.requestId,
+          durationMs: Date.now() - startedAt,
+          result: "success",
+          repoRoot: result.logContext?.repoRoot ?? null,
+          appId: result.logContext?.appId ?? null,
+          mrId: result.logContext?.mrId ?? null
+        });
+        return makeSuccessResult(envelope);
+      } catch (error) {
+        const envelope = buildErrorEnvelope4(params.name, requestId, error);
+        errorSchema.parse(envelope);
+        context.logger.log({
+          level: "error",
+          message: "tool_failed",
+          tool: params.name,
+          requestId: envelope.requestId,
+          durationMs: Date.now() - startedAt,
+          result: "error",
+          errorCode: envelope.error.code
+        });
+        return makeErrorResult(envelope);
+      }
+    }
+  );
+}
+function registerOpsTools(server, context) {
+  registerTool4(server, context, {
+    name: "remix_context_get_app_overview",
+    description: "Read the current app's overview, capabilities, and workflow readiness without mutating state.",
+    access: "read",
+    inputSchema: appScopedInputSchema,
+    outputSchema: appOverviewSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(appScopedInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getAppOverview({
+        appId: input.appId,
+        cwd
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_get_edit_queue",
+    description: "Inspect the pending edit queue for one app with bounded pagination.",
+    access: "read",
+    inputSchema: editQueueInputSchema,
+    outputSchema: editQueueSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(editQueueInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getEditQueue({
+        appId: input.appId,
+        cwd,
+        limit: input.limit,
+        offset: input.offset
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_get_bundle",
+    description: "Inspect one app bundle by id without downloading the artifact payload.",
+    access: "read",
+    inputSchema: bundleInputSchema,
+    outputSchema: bundleSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(bundleInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getBundle({
+        appId: input.appId,
+        cwd,
+        bundleId: input.bundleId
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_list_timeline",
+    description: "List bounded timeline events for one app using the backend cursor pagination model.",
+    access: "read",
+    inputSchema: timelineInputSchema,
+    outputSchema: timelineSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(timelineInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listTimeline({
+        appId: input.appId,
+        cwd,
+        limit: input.limit,
+        cursor: input.cursor
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_get_agent_run",
+    description: "Fetch one stored agent run for an app, including status, phase, and summary metadata.",
+    access: "read",
+    inputSchema: agentRunInputSchema,
+    outputSchema: agentRunSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(agentRunInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getAgentRun({
+        appId: input.appId,
+        cwd,
+        runId: input.runId
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_list_agent_runs",
+    description: "List paginated agent runs for one app so run ids can be discovered before deeper inspection.",
+    access: "read",
+    inputSchema: agentRunsInputSchema,
+    outputSchema: agentRunsSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(agentRunsInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listAgentRuns({
+        appId: input.appId,
+        cwd,
+        limit: input.limit,
+        offset: input.offset,
+        status: input.status,
+        currentPhase: input.currentPhase,
+        createdAfter: input.createdAfter,
+        createdBefore: input.createdBefore
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_list_agent_run_events",
+    description: "List paginated agent-run events for one stored run, with optional time bounds.",
+    access: "read",
+    inputSchema: agentRunEventsInputSchema,
+    outputSchema: agentRunEventsSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(agentRunEventsInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return listAgentRunEvents({
+        appId: input.appId,
+        cwd,
+        runId: input.runId,
+        limit: input.limit,
+        offset: input.offset,
+        createdAfter: input.createdAfter,
+        createdBefore: input.createdBefore
+      });
+    }
+  });
+  registerTool4(server, context, {
+    name: "remix_ops_get_sandbox_status",
+    description: "Read safe sandbox metadata and the latest migration status for one app without exposing execution handles or secrets.",
+    access: "read",
+    inputSchema: appScopedInputSchema,
+    outputSchema: sandboxStatusSuccessSchema,
+    run: async (args) => {
+      const input = z9.object(appScopedInputSchema).parse(args);
+      const cwd = input.cwd ? resolvePolicyCwd(context.policy, input.cwd) : void 0;
+      return getSandboxStatus({
+        appId: input.appId,
+        cwd
+      });
+    }
+  });
+}
+
 // src/server.ts
 function createRemixMcpServer(params) {
   const context = createServerContext({ version: params.version });
@@ -1976,7 +3635,9 @@ function createRemixMcpServer(params) {
     name: context.serverName,
     version: context.version
   });
+  registerIdentityTools(server, context);
   registerCollabTools(server, context);
+  registerOpsTools(server, context);
   registerMemoryTools(server, context);
   return { server, context };
 }