@rubytech/create-maxy 1.0.877 → 1.0.878

package/payload/server/server.js

@@ -75,7 +75,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-I4AQMEJA.js";
+} from "./chunk-LQDUG4II.js";
 import {
   CDP_PORT,
   COMMERCIAL_MODE,
@@ -102,7 +102,7 @@ import {
   getVisitorIdForSession,
   interruptClient,
   listAdminSessionsInProgress,
-  mintAdminSessionKey,
+  mintAdminSessionToken,
   preConversationLogStream,
   registerGrantSession,
   registerResumedSession,
@@ -114,7 +114,7 @@ import {
   sigtermFlushStreamLogs,
   unregisterSession,
   validateSession
-} from "./chunk-GOZP57CX.js";
+} from "./chunk-JTZYXIUW.js";
 import {
   CLOUDFLARE_TASK_DIAGNOSTICS,
   appendCloudflareSteps,
@@ -122,10 +122,11 @@ import {
   openCloudflareTask,
   readTunnelState,
   resolveUnitGoneVerdict
-} from "./chunk-RRVBWC66.js";
+} from "./chunk-RP25NRQY.js";
 import {
   GREETING_DIRECTIVE,
   HAIKU_MODEL,
+  backfillConversationChannelAddress,
   backfillNullUserIdConversations,
   bindVisitorToGroup,
   checkGroupMembership,
@@ -154,8 +155,9 @@ import {
   runAdminUserSelfHeal,
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership,
-  writeAdminUserAndPerson
-} from "./chunk-LU6TUP3E.js";
+  writeAdminUserAndPerson,
+  writeTurnFailure
+} from "./chunk-INI2ED6U.js";
 import {
   __commonJS,
   __toESM
@@ -180,7 +182,7 @@ var require_dist = __commonJS({
       Event: ["eventId"],
       KnowledgeDocument: ["attachmentId"],
       DigitalDocument: ["attachmentId"],
-      Conversation: ["conversationId", "sessionKey"],
+      Conversation: ["conversationId"],
       Message: ["messageId"],
       OnboardingState: ["accountId"],
       Workflow: ["workflowId"],
@@ -2087,22 +2089,22 @@ async function persistWhatsAppMessage(input) {
   const messageId = `whatsapp-live:${input.accountId}:${input.remoteJid}:${input.msgKeyId}`;
   const senderTelephone = input.fromMe && input.selfPhone ? input.selfPhone : input.senderPhone;
   const dateSentIso = new Date(input.timestamp * 1e3).toISOString();
-  const scope = deriveScope(input.sessionKey);
+  const scope = deriveScope(input.cacheKey);
   const { givenName, familyName } = splitName(input.pushName);
-  const prev = sessionWriteLocks.get(input.sessionKey);
+  const prev = sessionWriteLocks.get(input.cacheKey);
   let release;
   const mine = new Promise((resolve22) => {
     release = resolve22;
   });
   const chained = (prev ?? Promise.resolve()).then(() => mine);
-  sessionWriteLocks.set(input.sessionKey, chained);
+  sessionWriteLocks.set(input.cacheKey, chained);
   await prev;
   const t0 = Date.now();
   let session = null;
   try {
     session = getSession();
     const cypher = `
-      MATCH (c:Conversation {sessionKey: $sessionKey})
+      MATCH (c:Conversation {conversationId: $conversationId})
       OPTIONAL MATCH (existingS:Person {telephone: $senderTelephone})
       OPTIONAL MATCH (existingM:Message {messageId: $messageId})
       WITH c,
@@ -2166,7 +2168,7 @@ async function persistWhatsAppMessage(input) {
         senderReused         AS senderReused
     `;
     const params = {
-      sessionKey: input.sessionKey,
+      conversationId: input.conversationId,
       messageId,
       platformAccountId: input.platformAccountId,
       senderTelephone,
@@ -2185,7 +2187,7 @@ async function persistWhatsAppMessage(input) {
     const result = await session.run(cypher, params);
     const ms = Date.now() - t0;
     if (result.records.length === 0) {
-      console.error(`${TAG7} skip reason=conversation-not-found accountId=${input.platformAccountId} sessionKey=${input.sessionKey} messageId=${messageId}`);
+      console.error(`${TAG7} skip reason=conversation-not-found accountId=${input.platformAccountId} cacheKey=${input.cacheKey} messageId=${messageId}`);
       return null;
     }
     const rec = result.records[0];
@@ -2206,7 +2208,7 @@ async function persistWhatsAppMessage(input) {
       console.error(`${TAG7} next-skip reason=no-prior msgId=${messageId}`);
     }
     console.error(
-      `${TAG7} write messageId=${messageId} accountId=${input.platformAccountId} sessionKey=${input.sessionKey} fromMe=${input.fromMe} dateSent=${dateSentIso} bodyBytes=${Buffer.byteLength(input.body, "utf8")} ms=${ms}`
+      `${TAG7} write messageId=${messageId} accountId=${input.platformAccountId} cacheKey=${input.cacheKey} fromMe=${input.fromMe} dateSent=${dateSentIso} bodyBytes=${Buffer.byteLength(input.body, "utf8")} ms=${ms}`
     );
     return { messageId, created: true, senderElementId };
   } catch (err) {
@@ -2218,14 +2220,14 @@ async function persistWhatsAppMessage(input) {
     return null;
   } finally {
     release();
-    if (sessionWriteLocks.get(input.sessionKey) === chained) {
-      sessionWriteLocks.delete(input.sessionKey);
+    if (sessionWriteLocks.get(input.cacheKey) === chained) {
+      sessionWriteLocks.delete(input.cacheKey);
     }
     if (session) await session.close();
   }
 }
-function deriveScope(sessionKey) {
-  const segments = sessionKey.split(":");
+function deriveScope(cacheKey) {
+  const segments = cacheKey.split(":");
   return segments.length <= 2 ? "admin" : "public";
 }
 function splitName(pushName) {
@@ -2253,24 +2255,24 @@ async function ensureWhatsAppConversation(input) {
     const result = await ensureConversation(
       input.platformAccountId,
       input.agentType,
-      input.sessionKey
+      input.cacheKey
     );
     const ms = Date.now() - t0;
     if (!result.conversationId) {
       console.error(
-        `${TAG8} conversation-merged FAIL sessionKey=${input.sessionKey} reason=null-conversationId ms=${ms}`
+        `${TAG8} conversation-merged FAIL cacheKey=${input.cacheKey} reason=null-conversationId ms=${ms}`
       );
       return null;
     }
     console.error(
-      `${TAG8} conversation-merged sessionKey=${input.sessionKey} agentType=${input.agentType} channel=whatsapp created=${result.created} ms=${ms}`
+      `${TAG8} conversation-merged cacheKey=${input.cacheKey} agentType=${input.agentType} channel=whatsapp created=${result.created} ms=${ms}`
     );
     return { conversationId: result.conversationId, created: result.created };
   } catch (err) {
     const ms = Date.now() - t0;
     const reason = err instanceof Error ? `${err.name}:${err.message.slice(0, 200)}` : String(err).slice(0, 200);
     console.error(
-      `${TAG8} conversation-merged FAIL sessionKey=${input.sessionKey} reason=${reason} ms=${ms}`
+      `${TAG8} conversation-merged FAIL cacheKey=${input.cacheKey} reason=${reason} ms=${ms}`
     );
     return null;
   }
@@ -2781,14 +2783,14 @@ function storeMessage(storeKey, entry) {
     console.error(`${TAG13} message store trimmed for ${storeKey}: ${trimmed} oldest messages removed`);
   }
 }
-function deriveSessionKey(input) {
+function deriveCacheKey(input) {
   if (input.isOwnerMirror || input.agentType === "admin") {
     return `whatsapp:${input.accountId}`;
   }
   if (input.isGroup) {
     if (!input.groupJid) {
       throw new Error(
-        `deriveSessionKey: isGroup=true requires groupJid (accountId=${input.accountId}, senderPhone=${input.senderPhone})`
+        `deriveCacheKey: isGroup=true requires groupJid (accountId=${input.accountId}, senderPhone=${input.senderPhone})`
       );
     }
     return `whatsapp:${input.accountId}:group:${input.groupJid}`;
@@ -3267,14 +3269,14 @@ function monitorInbound(conn) {
             jid: remoteJid
           });
           const fromMe = Boolean(msg.key.fromMe);
-          const sessionKeyAgentType = isGroup ? "public" : fromMe ? "admin" : checkDmAccess({
+          const cacheKeyAgentType = isGroup ? "public" : fromMe ? "admin" : checkDmAccess({
             senderPhone,
             selfPhone: conn.selfPhone ?? "",
             config: whatsAppConfig,
             accountConfig: whatsAppConfig.accounts?.[conn.accountId]
           }).agentType;
-          const sessionKey = deriveSessionKey({
-            agentType: sessionKeyAgentType,
+          const cacheKey = deriveCacheKey({
+            agentType: cacheKeyAgentType,
             accountId: conn.accountId,
             senderPhone,
             isGroup,
@@ -3285,8 +3287,8 @@ function monitorInbound(conn) {
             const merged = await ensureWhatsAppConversation({
               accountId: conn.accountId,
               platformAccountId: conn.platformAccountId,
-              sessionKey,
-              agentType: sessionKeyAgentType,
+              cacheKey,
+              agentType: cacheKeyAgentType,
               groupJid: isGroup ? remoteJid : void 0
             });
             if (merged) {
@@ -3294,7 +3296,8 @@ function monitorInbound(conn) {
                 accountId: conn.accountId,
                 platformAccountId: conn.platformAccountId,
                 remoteJid,
-                sessionKey,
+                cacheKey,
+                conversationId: merged.conversationId,
                 msgKeyId: msg.key.id,
                 fromMe,
                 senderPhone,
@@ -3376,7 +3379,7 @@ async function handleInboundMessage(conn, msg) {
       isGroup: isGroup2,
       groupJid: isGroup2 ? remoteJid : void 0,
       reply: reply2,
-      sessionKey: deriveSessionKey({
+      cacheKey: deriveCacheKey({
         agentType: "admin",
         accountId: conn.accountId,
         senderPhone: senderPhone2,
@@ -3470,7 +3473,7 @@ async function handleInboundMessage(conn, msg) {
     if (!currentSock) throw new Error("WhatsApp disconnected \u2014 cannot reply");
     await sendTextMessage(currentSock, remoteJid, text, { accountId: conn.accountId });
   };
-  const sessionKey = deriveSessionKey({
+  const cacheKey = deriveCacheKey({
     agentType: accessResult.agentType,
     accountId: conn.accountId,
     senderPhone,
@@ -3487,7 +3490,7 @@ async function handleInboundMessage(conn, msg) {
     groupJid: isGroup ? remoteJid : void 0,
     groupSubject,
     reply,
-    sessionKey,
+    cacheKey,
     mediaPath: mediaResult?.path,
     mediaMimetype: mediaResult?.mimetype,
     mediaType: extracted.mediaType,
@@ -3832,9 +3835,9 @@ app2.post("/", async (c) => {
           ...m.role === "user" ? { senderName: m.senderName } : {}
         });
       }
-      const sessionKey2 = crypto.randomUUID();
-      registerResumedSession(sessionKey2, accountId, agentSlug, groupInfo.conversationId, agentMessages);
-      setGroupContextForSession(sessionKey2, {
+      const cacheKey2 = crypto.randomUUID();
+      registerResumedSession(cacheKey2, accountId, agentSlug, groupInfo.conversationId, agentMessages);
+      setGroupContextForSession(cacheKey2, {
         groupSlug,
         groupName: groupInfo.groupName,
         conversationId: groupInfo.conversationId,
@@ -3846,7 +3849,7 @@ app2.post("/", async (c) => {
       console.log(`[session] cold-resume group=${groupSlug} visitor=${visitorId.slice(0, 8)}\u2026 messages=${uiMessages.length}`);
       return withVisitorCookie(
         Response.json({
-          session_key: sessionKey2,
+          session_key: cacheKey2,
           agent_id: agentSlug,
           resumed,
           ...resumed ? { messages: uiMessages } : {},
@@ -3889,13 +3892,13 @@ app2.post("/", async (c) => {
         content: m.content,
         timestamp: new Date(m.createdAt).getTime() || Date.now()
       }));
-      const sessionKey2 = crypto.randomUUID();
-      registerResumedSession(sessionKey2, accountId, agentSlug, recent.conversationId, agentMessages);
+      const cacheKey2 = crypto.randomUUID();
+      registerResumedSession(cacheKey2, accountId, agentSlug, recent.conversationId, agentMessages);
       const resumed = uiMessages.length > 0;
       console.log(`[session] cold-resume visitor=${visitorId.slice(0, 8)}\u2026 conversation=${recent.conversationId.slice(0, 8)}\u2026 messages=${uiMessages.length}`);
       return withVisitorCookie(
         Response.json({
-          session_key: sessionKey2,
+          session_key: cacheKey2,
           agent_id: agentSlug,
           resumed,
           ...resumed ? { messages: uiMessages } : {},
@@ -3907,13 +3910,13 @@ app2.post("/", async (c) => {
     }
   }
   const newVisitorId = visitorId ?? crypto.randomUUID();
-  const sessionKey = crypto.randomUUID();
-  registerSession(sessionKey, "public", accountId, agentSlug);
+  const cacheKey = crypto.randomUUID();
+  registerSession(cacheKey, "public", accountId, agentSlug);
   const hasImage = agentConfig?.image ? "yes" : "no";
-  console.log(`[session] new-session visitor=${newVisitorId.slice(0, 8)}\u2026 session=${sessionKey.slice(0, 8)}\u2026 agent=${agentSlug} image=${hasImage} showAgentName=${agentConfig?.showAgentName ?? false}`);
+  console.log(`[session] new-session visitor=${newVisitorId.slice(0, 8)}\u2026 session=${cacheKey.slice(0, 8)}\u2026 agent=${agentSlug} image=${hasImage} showAgentName=${agentConfig?.showAgentName ?? false}`);
   return withVisitorCookie(
     Response.json({
-      session_key: sessionKey,
+      session_key: cacheKey,
       agent_id: agentSlug,
       ...branding ? { branding } : {},
       ...agentIdentity
@@ -4506,9 +4509,9 @@ var chat_default = app3;
 // server/routes/group.ts
 var app4 = new Hono();
 app4.get("/messages", async (c) => {
-  const sessionKey = c.req.query("session_key");
+  const cacheKey = c.req.query("session_key");
   const since = c.req.query("since");
-  if (!sessionKey) {
+  if (!cacheKey) {
     return c.json({ error: "session_key required" }, 400);
   }
   if (!since) {
@@ -4518,18 +4521,18 @@ app4.get("/messages", async (c) => {
   if (isNaN(sinceDate.getTime())) {
     return c.json({ error: "Invalid since parameter \u2014 expected ISO 8601" }, 400);
   }
-  if (!validateSession(sessionKey, "public").ok) {
+  if (!validateSession(cacheKey, "public").ok) {
     return c.json({ error: "Session expired" }, 401);
   }
-  const groupSlug = getGroupSlugForSession(sessionKey);
+  const groupSlug = getGroupSlugForSession(cacheKey);
   if (!groupSlug) {
     return c.json({ error: "Not a group session" }, 400);
   }
-  const conversationId = getConversationIdForSession(sessionKey);
+  const conversationId = getConversationIdForSession(cacheKey);
   if (!conversationId) {
     return c.json({ error: "No conversation bound" }, 400);
   }
-  const visitorId = getVisitorIdForSession(sessionKey);
+  const visitorId = getVisitorIdForSession(cacheKey);
   const POLL_LIMIT = 100;
   try {
     const messages = await getMessagesSince(conversationId, since, POLL_LIMIT);
@@ -5026,8 +5029,8 @@ app5.post("/verify-token", async (c) => {
     }
     await consumeMagicToken(result.grantId);
     const accountId = result.accountId;
-    const sessionKey = crypto.randomUUID();
-    registerGrantSession(sessionKey, accountId, agentSlug, {
+    const cacheKey = crypto.randomUUID();
+    registerGrantSession(cacheKey, accountId, agentSlug, {
       grantId: result.grantId,
       grantExpiresAt: result.expiresAt ?? void 0,
       grantStatus: result.status,
@@ -5038,7 +5041,7 @@ app5.post("/verify-token", async (c) => {
     clearAccessRateLimit(clientIp, agentSlug);
     console.error(`[access-gate] verify-token ip=${clientIp} agent=${agentSlug} contact=${maskContact(result.contactValue)} result=success`);
     return c.json({
-      session_key: sessionKey,
+      session_key: cacheKey,
       grant: {
         displayName: result.displayName,
         contactValue: result.contactValue,
@@ -5106,8 +5109,8 @@ app5.post("/verify-otp", async (c) => {
       }, remaining > 0 ? 401 : 429);
     }
     await consumeOtp(grant.grantId);
-    const sessionKey = crypto.randomUUID();
-    registerGrantSession(sessionKey, account.accountId, agentSlug, {
+    const cacheKey = crypto.randomUUID();
+    registerGrantSession(cacheKey, account.accountId, agentSlug, {
       grantId: grant.grantId,
       grantExpiresAt: grant.expiresAt ?? void 0,
       grantStatus: grant.status,
@@ -5118,7 +5121,7 @@ app5.post("/verify-otp", async (c) => {
     clearAccessRateLimit(clientIp, agentSlug);
     console.error(`[access-gate] verify-otp ip=${clientIp} agent=${agentSlug} phone=${maskContact(phone)} result=success`);
     return c.json({
-      session_key: sessionKey,
+      session_key: cacheKey,
       grant: {
         displayName: grant.displayName,
         contactValue: grant.contactValue,
@@ -5216,8 +5219,8 @@ app5.post("/login", async (c) => {
       console.error(`[access-gate] login ip=${clientIp} agent=${agentSlug} contact=${maskContact(contact)} result=wrong_password`);
       return c.json({ error: "Invalid credentials" }, 401);
     }
-    const sessionKey = crypto.randomUUID();
-    registerGrantSession(sessionKey, account.accountId, agentSlug, {
+    const cacheKey = crypto.randomUUID();
+    registerGrantSession(cacheKey, account.accountId, agentSlug, {
       grantId: grant.grantId,
       grantExpiresAt: grant.expiresAt ?? void 0,
       grantStatus: grant.status,
@@ -5227,7 +5230,7 @@ app5.post("/login", async (c) => {
     });
     clearAccessRateLimit(clientIp, agentSlug);
     console.error(`[access-gate] login ip=${clientIp} agent=${agentSlug} contact=${maskContact(contact)} result=success`);
-    return c.json({ session_key: sessionKey, agent_id: agentSlug });
+    return c.json({ session_key: cacheKey, agent_id: agentSlug });
   } catch (err) {
     console.error(`[access-gate] login ip=${clientIp} agent=${agentSlug} error=${err instanceof Error ? err.message : String(err)}`);
     return c.json({ error: "Internal server error" }, 500);
@@ -5386,11 +5389,11 @@ function verifyWebhookSecret(headerValue, storedSecret) {
 }
 async function handleInbound(params) {
   const { chatId, senderId, text, botType, botToken, accountId, agentType } = params;
-  const sessionKey = `telegram:${chatId}`;
+  const cacheKey = `telegram:${chatId}`;
   const gatewayChannel = agentType === "admin" ? "telegram-admin" : "telegram-dm";
-  registerSession(sessionKey, agentType, accountId);
+  registerSession(cacheKey, agentType, accountId);
   console.error(
-    `${TAG16} session registered: sessionKey=${sessionKey} agentType=${agentType} botType=${botType} senderId=${senderId} accountId=${accountId.slice(0, 8)}\u2026`
+    `${TAG16} session registered: cacheKey=${cacheKey} agentType=${agentType} botType=${botType} senderId=${senderId} accountId=${accountId.slice(0, 8)}\u2026`
   );
   const gatewayResult = await processInbound(text, gatewayChannel);
   if (gatewayResult.screening.verdict === "discard") {
@@ -5404,7 +5407,7 @@ async function handleInbound(params) {
     for await (const event of invokeAgent(
       { type: agentType },
       gatewayResult.processedText,
-      sessionKey,
+      cacheKey,
       [],
       void 0,
       gatewayResult
@@ -6220,19 +6223,25 @@ app7.get("/messages", (c) => {
 });
 app7.get("/conversation-graph-state", async (c) => {
   try {
-    const directSessionKey = c.req.query("sessionKey");
+    const directCacheKey = c.req.query("cacheKey");
     const jid = c.req.query("jid");
     const accountIdQuery = c.req.query("accountId");
-    let sessionKey;
-    if (directSessionKey) {
-      sessionKey = directSessionKey;
+    let cacheKey;
+    let accountId;
+    if (directCacheKey) {
+      cacheKey = directCacheKey;
+      const m = directCacheKey.match(/^whatsapp:([^:]+)/);
+      if (!m) {
+        return c.json({ error: `cacheKey=${directCacheKey} not a recognised whatsapp cacheKey shape.` }, 400);
+      }
+      accountId = validateAccountId(m[1] ?? accountIdQuery ?? null);
     } else {
       if (!jid) {
-        return c.json({ error: "Provide either sessionKey or jid (with optional accountId)." }, 400);
+        return c.json({ error: "Provide either cacheKey or jid (with optional accountId)." }, 400);
       }
-      const accountId = validateAccountId(accountIdQuery ?? null);
+      accountId = validateAccountId(accountIdQuery ?? null);
       if (isGroupJid(jid)) {
-        sessionKey = deriveSessionKey({
+        cacheKey = deriveCacheKey({
           agentType: "public",
           accountId,
           senderPhone: "",
@@ -6242,9 +6251,9 @@ app7.get("/conversation-graph-state", async (c) => {
       } else {
         const e164 = jid.replace(/^(\d+)(?::\d+)?@s\.whatsapp\.net$/i, "$1");
         if (!/^\d+$/.test(e164)) {
-          return c.json({ error: `Cannot derive sessionKey from jid=${jid} \u2014 not a recognised user JID. Pass sessionKey explicitly.` }, 400);
+          return c.json({ error: `Cannot derive cacheKey from jid=${jid} \u2014 not a recognised user JID. Pass cacheKey explicitly.` }, 400);
         }
-        sessionKey = deriveSessionKey({
+        cacheKey = deriveCacheKey({
           agentType: "public",
           accountId,
           senderPhone: e164,
@@ -6252,8 +6261,9 @@ app7.get("/conversation-graph-state", async (c) => {
         });
       }
     }
+    const channelAddress = cacheKey.startsWith("whatsapp:") ? cacheKey.slice("whatsapp:".length) : cacheKey;
     const cypher = `
-      MATCH (c:Conversation {sessionKey: $sessionKey})
+      MATCH (c:Conversation {accountId: $accountId, channel: 'whatsapp', channelAddress: $channelAddress})
       OPTIONAL MATCH (m:Message:WhatsAppMessage)-[:PART_OF]->(c)
       RETURN
         c.conversationId AS conversationId,
@@ -6270,7 +6280,7 @@ app7.get("/conversation-graph-state", async (c) => {
     const rows = [];
     try {
       session = getSession();
-      const result = await session.run(cypher, { sessionKey });
+      const result = await session.run(cypher, { accountId, channelAddress });
       for (const rec of result.records) {
         if (conversationId === null) {
           conversationId = rec.get("conversationId") ?? null;
@@ -6288,13 +6298,13 @@ app7.get("/conversation-graph-state", async (c) => {
       }
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
-      console.error(`${TAG18} conversation-graph-state ERR sessionKey=${sessionKey} reason=${msg}`);
-      return c.json({ error: `Graph query failed: ${msg}`, sessionKey, cypher: cypher.trim() }, 500);
+      console.error(`${TAG18} conversation-graph-state ERR cacheKey=${cacheKey} reason=${msg}`);
+      return c.json({ error: `Graph query failed: ${msg}`, cacheKey, cypher: cypher.trim() }, 500);
     }
     const ms = Date.now() - t0;
-    console.error(`[mcp:whatsapp] tool=whatsapp-conversation-graph-state sessionKey=${sessionKey} graphRows=${rows.length} conversationId=${conversationId ?? "null"} ms=${ms}`);
+    console.error(`[mcp:whatsapp] tool=whatsapp-conversation-graph-state cacheKey=${cacheKey} graphRows=${rows.length} conversationId=${conversationId ?? "null"} ms=${ms}`);
     return c.json({
-      sessionKey,
+      cacheKey,
       conversationId,
       graphRows: rows,
       cypher: cypher.trim(),
@@ -7005,9 +7015,9 @@ async function resolveUserIdentity(accountId, userId) {
 async function createAdminSession(accountId, thinkingView, userId, userName, role, avatar) {
   const account = resolveAccount();
   const effectiveThinkingView = thinkingView ?? account?.config.thinkingView ?? "default";
-  const sessionKey = userId ? mintAdminSessionKey({ accountId, userId }) : crypto.randomUUID();
-  registerSession(sessionKey, "admin", accountId, void 0, userId, userName, role);
-  if (userId) setWantsPriorConversation(sessionKey);
+  const cacheKey = userId ? mintAdminSessionToken({ accountId, userId }) : crypto.randomUUID();
+  registerSession(cacheKey, "admin", accountId, void 0, userId, userName, role);
+  if (userId) setWantsPriorConversation(cacheKey);
   let onboardingComplete = true;
   try {
     const step = await loadOnboardingStep(accountId);
@@ -7021,10 +7031,27 @@ async function createAdminSession(accountId, thinkingView, userId, userName, rol
     businessName = branding?.name || void 0;
   } catch {
   }
-  console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} admin session created: userId=${userId ?? "\u2013"} userName=${userName ?? "\u2013"} accountId=${accountId} conversationId=deferred sessionKey=${sessionKey.slice(0, 8)}`);
-  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=create`);
+  let initialConversationId = null;
+  try {
+    const ensured = await ensureConversation(
+      accountId,
+      "admin",
+      cacheKey,
+      void 0,
+      void 0,
+      userId
+    );
+    if (ensured.conversationId) {
+      initialConversationId = ensured.conversationId;
+      setConversationIdForSession(cacheKey, ensured.conversationId);
+    }
+  } catch (err) {
+    console.error(`[session] eager-ensureConversation FAILED at boot: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} admin session created: userId=${userId ?? "\u2013"} userName=${userName ?? "\u2013"} accountId=${accountId} conversationId=${initialConversationId ?? "unbound"} cacheKey=${cacheKey.slice(0, 8)}`);
+  console.log(`[admin-session] role=${role ?? "null"} cacheKey=${cacheKey.slice(0, 8)} phase=create eager-ensured=${initialConversationId ? "true" : "false"}`);
   return {
-    session_key: sessionKey,
+    session_key: cacheKey,
     agent_id: "admin",
     userId,
     userName,
@@ -7033,16 +7060,16 @@ async function createAdminSession(accountId, thinkingView, userId, userName, rol
     thinkingView: effectiveThinkingView,
     onboardingComplete,
     businessName,
-    conversationId: null
+    conversationId: initialConversationId
   };
 }
 var app10 = new Hono();
 app10.get("/", async (c) => {
-  const sessionKey = c.req.query("session_key");
-  if (!sessionKey || !validateSession(sessionKey, "admin").ok) {
+  const cacheKey = c.req.query("session_key");
+  if (!cacheKey || !validateSession(cacheKey, "admin").ok) {
     return c.json({ error: "Invalid or expired admin session" }, 401);
   }
-  const accountId = getAccountIdForSession(sessionKey);
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     return c.json({ error: "Session has no account binding" }, 401);
   }
@@ -7061,21 +7088,21 @@ app10.get("/", async (c) => {
     businessName = branding?.name || void 0;
   } catch {
   }
-  const role = getRoleForSession(sessionKey);
-  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=restore`);
-  const restoredUserId = getUserIdForSession(sessionKey);
-  let restoredUserName = getUserNameForSession(sessionKey);
+  const role = getRoleForSession(cacheKey);
+  console.log(`[admin-session] role=${role ?? "null"} cacheKey=${cacheKey.slice(0, 8)} phase=restore`);
+  const restoredUserId = getUserIdForSession(cacheKey);
+  let restoredUserName = getUserNameForSession(cacheKey);
   let restoredAvatar = null;
   if (restoredUserId) {
     const resolved = await resolveUserIdentity(accountId, restoredUserId);
     restoredUserName = resolved.userName;
     restoredAvatar = resolved.avatar;
     if (resolved.userName !== void 0) {
-      registerSession(sessionKey, "admin", accountId, void 0, restoredUserId, resolved.userName, role ?? void 0);
+      registerSession(cacheKey, "admin", accountId, void 0, restoredUserId, resolved.userName, role ?? void 0);
     }
   }
   return c.json({
-    session_key: sessionKey,
+    session_key: cacheKey,
     agent_id: "admin",
     userId: restoredUserId,
     userName: restoredUserName,
@@ -7084,7 +7111,7 @@ app10.get("/", async (c) => {
     thinkingView,
     onboardingComplete,
     businessName,
-    conversationId: getConversationIdForSession(sessionKey) ?? null
+    conversationId: getConversationIdForSession(cacheKey) ?? null
   });
 });
 app10.post("/", async (c) => {
@@ -7435,7 +7462,7 @@ ${inner.content}`;
 }
 function chatReject(status, error, sk) {
   const keyPrefix = sk ? sk.slice(0, 8) + "\u2026" : "none";
-  console.log(`[session] chat-reject status=${status} reason="${error}" sessionKey=${keyPrefix}`);
+  console.log(`[session] chat-reject status=${status} reason="${error}" cacheKey=${keyPrefix}`);
   return new Response(JSON.stringify({ error }), {
     status,
     headers: { "Content-Type": "application/json" }
@@ -7443,9 +7470,9 @@ function chatReject(status, error, sk) {
 }
 var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
-  const session_key = c.var.sessionKey;
+  const session_key = c.var.cacheKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-VYDOIFG7.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-AIZ5QKFD.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -7453,7 +7480,7 @@ app11.post("/cancel", requireAdminSession, async (c) => {
   }
 });
 app11.post("/", requireAdminSession, async (c) => {
-  const session_key = c.var.sessionKey;
+  const session_key = c.var.cacheKey;
   const contentType = c.req.header("content-type") ?? "";
   let message;
   let userTimestamp;
@@ -7534,7 +7561,7 @@ app11.post("/", requireAdminSession, async (c) => {
   try {
     const authResult = await ensureAuth();
     if (authResult.status === "dead" || authResult.status === "missing") {
-      console.log(`[session] chat-reject status=401 reason="auth_expired" sessionKey=${session_key.slice(0, 8)}\u2026 auth_status=${authResult.status}`);
+      console.log(`[session] chat-reject status=401 reason="auth_expired" cacheKey=${session_key.slice(0, 8)}\u2026 auth_status=${authResult.status}`);
       return new Response(
         JSON.stringify({ error: "auth_expired", auth_status: authResult.status }),
         { status: 401, headers: { "Content-Type": "application/json" } }
@@ -7622,10 +7649,10 @@ app11.post("/", requireAdminSession, async (c) => {
       setAgentSessionId(session_key, prior.agentSessionId);
       resumedAgentSessionId = prior.agentSessionId;
       acquireReason = "pin-rebind";
-      console.log(`[chat-route] resume-from-prior conversationId=${conversationId.slice(0, 8)}\u2026 priorAgentSessionId=${prior.agentSessionId.slice(0, 8)}\u2026 sessionKey=${session_key.slice(0, 12)}\u2026`);
+      console.log(`[chat-route] resume-from-prior conversationId=${conversationId.slice(0, 8)}\u2026 priorAgentSessionId=${prior.agentSessionId.slice(0, 8)}\u2026 cacheKey=${session_key.slice(0, 12)}\u2026`);
     } else {
       if (wantsPrior) {
-        console.log(`[chat-route] prior-conversation-not-found accountId=${accountId.slice(0, 8)}\u2026 userId=${userId.slice(0, 8)}\u2026 sessionKey=${session_key.slice(0, 12)}\u2026 \u2014 cold-minting`);
+        console.log(`[chat-route] prior-conversation-not-found accountId=${accountId.slice(0, 8)}\u2026 userId=${userId.slice(0, 8)}\u2026 cacheKey=${session_key.slice(0, 12)}\u2026 \u2014 cold-minting`);
       }
       const minted = randomUUID6();
       const created = await createNewAdminConversation(userId, accountId, session_key, userName, minted);
@@ -7635,7 +7662,7 @@ app11.post("/", requireAdminSession, async (c) => {
       conversationId = created;
       setConversationIdForSession(session_key, conversationId);
       acquireReason = "cold";
-      console.log(`[chat-route] new conversation conversationId=${conversationId} sessionKey=${session_key.slice(0, 12)}\u2026`);
+      console.log(`[chat-route] new conversation conversationId=${conversationId} cacheKey=${session_key.slice(0, 12)}\u2026`);
     }
   }
   const encoder = new TextEncoder();
@@ -7643,12 +7670,12 @@ app11.post("/", requireAdminSession, async (c) => {
   const sk = conversationId.slice(0, 8);
   const teeStreamLogPath = resolve8(account.accountDir, "logs", `claude-agent-stream-${conversationId}.log`);
   try {
-    appendFileSync3(teeStreamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [chat-route-version=task965-mint-at-entry] sessionKey=${session_key.slice(0, 12)}\u2026 conversationId=${conversationId}
+    appendFileSync3(teeStreamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [chat-route-version=task965-mint-at-entry] cacheKey=${session_key.slice(0, 12)}\u2026 conversationId=${conversationId}
 `);
   } catch {
   }
   try {
-    appendFileSync3(teeStreamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [client-acquire] sessionKey=${session_key.slice(0, 12)}\u2026 resume=${resumedAgentSessionId ? resumedAgentSessionId.slice(0, 8) + "\u2026" : "none"} reason=${acquireReason}
+    appendFileSync3(teeStreamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [client-acquire] cacheKey=${session_key.slice(0, 12)}\u2026 resume=${resumedAgentSessionId ? resumedAgentSessionId.slice(0, 8) + "\u2026" : "none"} reason=${acquireReason}
 `);
   } catch {
   }
@@ -7657,12 +7684,12 @@ app11.post("/", requireAdminSession, async (c) => {
     incoming.on("close", () => {
       const tsClose = (/* @__PURE__ */ new Date()).toISOString();
       try {
-        appendFileSync3(teeStreamLogPath, `[${tsClose}] [incoming-close] sessionKey=${session_key.slice(0, 12)}\u2026 complete=${incoming.complete}
+        appendFileSync3(teeStreamLogPath, `[${tsClose}] [incoming-close] cacheKey=${session_key.slice(0, 12)}\u2026 complete=${incoming.complete}
 `);
       } catch {
       }
       if (incoming.complete === false) {
-        console.error(`[${tsClose}] [incoming-close] DISCONNECT sessionKey=${session_key.slice(0, 12)}\u2026`);
+        console.error(`[${tsClose}] [incoming-close] DISCONNECT cacheKey=${session_key.slice(0, 12)}\u2026`);
         interruptClient(session_key).catch((err) => {
           try {
             appendFileSync3(teeStreamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [incoming-close] interrupt-failed: ${err instanceof Error ? err.message : String(err)}
@@ -7718,7 +7745,7 @@ app11.post("/", requireAdminSession, async (c) => {
       const reasonStr = typeof reason === "string" ? reason : reason instanceof Error ? reason.message : "consumer-cancelled";
       sseLog.write(`[${ts}] [${sk}] admin: CANCEL [stream-cancel] reason=${reasonStr}
 `);
-      console.error(`[${(/* @__PURE__ */ new Date()).toISOString()}] [stream-cancel-callback] sessionKey=${session_key.slice(0, 12)}\u2026 reason=${JSON.stringify(reasonStr)}`);
+      console.error(`[${(/* @__PURE__ */ new Date()).toISOString()}] [stream-cancel-callback] cacheKey=${session_key.slice(0, 12)}\u2026 reason=${JSON.stringify(reasonStr)}`);
       interruptClient(session_key).catch((err) => {
         sseLog.write(`[${ts}] [${sk}] admin: ABORT [interrupt-failed] ${err instanceof Error ? err.message : String(err)}
 `);
@@ -7726,7 +7753,7 @@ app11.post("/", requireAdminSession, async (c) => {
     },
     async start(controller) {
       let controllerOpen = true;
-      const sseEntry = { controller, conversationId, sessionKey: session_key };
+      const sseEntry = { controller, conversationId, cacheKey: session_key };
       try {
         const reqSignal = c.req.raw?.signal;
         if (reqSignal) {
@@ -7840,14 +7867,89 @@ app11.post("/", requireAdminSession, async (c) => {
 });
 var chat_default2 = app11;
 
-// server/routes/admin/compact.ts
+// server/routes/admin/chat-failure.ts
+var MODE_VALUES = /* @__PURE__ */ new Set(["server-shutdown", "client-network-drop"]);
+var UUID_RE3 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+var ISO_RE = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{1,3})?(?:Z|[+-]\d{2}:\d{2})$/;
+function validate(body) {
+  if (typeof body.mode !== "string" || !MODE_VALUES.has(body.mode)) {
+    return { ok: false, reason: "mode" };
+  }
+  if (typeof body.at !== "string" || !ISO_RE.test(body.at)) {
+    return { ok: false, reason: "at" };
+  }
+  if (body.conversationId !== null && (typeof body.conversationId !== "string" || !UUID_RE3.test(body.conversationId))) {
+    return { ok: false, reason: "conversationId" };
+  }
+  if (typeof body.prior_event_count !== "number" || !Number.isInteger(body.prior_event_count) || body.prior_event_count < 0) {
+    return { ok: false, reason: "prior_event_count" };
+  }
+  return {
+    ok: true,
+    value: {
+      mode: body.mode,
+      at: body.at,
+      conversationId: body.conversationId,
+      priorEventCount: body.prior_event_count
+    }
+  };
+}
 var app12 = new Hono();
 app12.post("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
+  let body;
+  try {
+    body = await c.req.json();
+  } catch {
+    console.error(`[admin-chat-failure] persist kind=? conversationId=? writer=clientReport outcome=fail reason=body-not-json`);
+    return c.json({ ok: false, reason: "body-not-json" }, 400);
+  }
+  const v = validate(body);
+  if (!v.ok) {
+    console.error(`[admin-chat-failure] persist kind=? conversationId=? writer=clientReport outcome=fail reason=schema:${v.reason}`);
+    return c.json({ ok: false, reason: `schema:${v.reason}` }, 400);
+  }
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
+  if (!accountId) {
+    console.error(`[admin-chat-failure] persist kind=${v.value.mode} conversationId=? writer=clientReport outcome=fail reason=no-account`);
+    return c.json({ ok: false, reason: "no-account" }, 401);
+  }
+  const cid = v.value.conversationId;
+  const cidTag = cid ? cid : "null";
+  console.error(`[admin-chat] stream-drop kind=${v.value.mode} conversationId=${cidTag} at=${v.value.at}`);
+  if (cid === null) {
+    console.error(`[admin-chat-failure] persist kind=${v.value.mode} conversationId=null writer=clientReport outcome=skip reason=no-cid`);
+    return c.body(null, 204);
+  }
+  const result = await writeTurnFailure({
+    conversationId: cid,
+    accountId,
+    mode: v.value.mode,
+    at: v.value.at,
+    cacheKey,
+    priorEventCount: v.value.priorEventCount
+  });
+  if (!result.ok) {
+    if (result.reason === "cid-not-found") {
+      console.error(`[admin-chat-failure] persist kind=${v.value.mode} conversationId=${cid} writer=clientReport outcome=skip reason=cid-not-found`);
+      return c.body(null, 204);
+    }
+    console.error(`[admin-chat-failure] persist kind=${v.value.mode} conversationId=${cid} writer=clientReport outcome=fail reason=${result.reason}`);
+    return c.json({ ok: false, reason: result.reason }, 500);
+  }
+  console.error(`[admin-chat-failure] persist kind=${v.value.mode} conversationId=${cid} writer=clientReport outcome=ok at=${result.at}`);
+  return c.json({ ok: true, at: result.at });
+});
+var chat_failure_default = app12;
+
+// server/routes/admin/compact.ts
+var app13 = new Hono();
+app13.post("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
   const encoder = new TextEncoder();
   const stream = new ReadableStream({
     async start(controller) {
-      const iter = compactSession(sessionKey);
+      const iter = compactSession(cacheKey);
       let step = await iter.next();
       while (!step.done) {
         controller.enqueue(encoder.encode(`data: ${JSON.stringify({ type: "status", message: step.value })}
@@ -7869,18 +7971,18 @@ app12.post("/", requireAdminSession, async (c) => {
     }
   });
 });
-var compact_default = app12;
+var compact_default = app13;
 
 // server/routes/admin/logs.ts
 import { existsSync as existsSync12, readdirSync as readdirSync5, readFileSync as readFileSync11, statSync as statSync6 } from "fs";
 import { resolve as resolve9, basename as basename2 } from "path";
 var TAIL_BYTES = 8192;
-var app13 = new Hono();
-app13.get("/", async (c) => {
+var app14 = new Hono();
+app14.get("/", async (c) => {
   const fileParam = c.req.query("file");
   const typeParam = c.req.query("type");
   const conversationIdParam = c.req.query("conversationId");
-  const sessionKeyParam = c.req.query("sessionKey");
+  const cacheKeyParam = c.req.query("cacheKey");
   const download = c.req.query("download") === "1";
   const account = resolveAccount();
   const accountLogDir = account ? resolve9(account.accountDir, "logs") : null;
@@ -7927,56 +8029,29 @@ app13.get("/", async (c) => {
         400
       );
     }
-    if (!conversationIdParam && !sessionKeyParam) {
+    if (!conversationIdParam && !cacheKeyParam) {
       console.warn(`[admin/logs] rejected type=${typeParam} reason=no-id`);
       return c.json(
-        { error: `type=${typeParam} requires conversationId or sessionKey`, code: "ID_REQUIRED" },
+        { error: `type=${typeParam} requires conversationId or cacheKey`, code: "ID_REQUIRED" },
         400
       );
     }
-    let sessionKey = sessionKeyParam ?? null;
-    let conversationId = conversationIdParam ?? null;
-    if (!sessionKey && conversationId || sessionKey && !conversationId) {
-      const neoSession = getSession();
-      try {
-        if (!sessionKey && conversationId) {
-          const result = await neoSession.run(
-            `MATCH (c:Conversation {conversationId: $conversationId})
-             RETURN c.sessionKey AS sessionKey LIMIT 1`,
-            { conversationId }
-          );
-          const sk = result.records[0]?.get("sessionKey");
-          if (typeof sk === "string" && sk.length > 0) sessionKey = sk;
-        } else if (sessionKey && !conversationId) {
-          const result = await neoSession.run(
-            `MATCH (c:Conversation {sessionKey: $sessionKey})
-             RETURN c.conversationId AS conversationId LIMIT 1`,
-            { sessionKey }
-          );
-          const cid = result.records[0]?.get("conversationId");
-          if (typeof cid === "string" && cid.length > 0) conversationId = cid;
-        }
-      } catch (err) {
-        const reason2 = err instanceof Error ? err.message : String(err);
-        console.warn(`[admin/logs] id-lookup-neo4j-error sessionKey=${sessionKey ?? "none"} conversationId=${conversationId ?? "none"} reason=${reason2}`);
-      } finally {
-        await neoSession.close();
-      }
-    }
+    const cacheKey = cacheKeyParam ?? null;
+    const conversationId = conversationIdParam ?? null;
     const MISSING_SENTINEL = ".task702-identifier-not-supplied.log";
     const fullFilename = conversationId ? `${prefix}-${conversationId}.log` : MISSING_SENTINEL;
-    const preflushFilename = sessionKey && typeParam === "public" ? `${prefix}-${preflushSliceOf(sessionKey)}.log` : MISSING_SENTINEL;
+    const preflushFilename = cacheKey && typeParam === "public" ? `${prefix}-${preflushSliceOf(cacheKey)}.log` : MISSING_SENTINEL;
     const { hits, stalePreflushPaths, tried } = resolveConversationLogPaths(
       fullFilename,
       preflushFilename,
       logDirs
     );
     const stalePreflushCount = stalePreflushPaths.length;
-    const sessionKeySlice = sessionKey ? sessionKey.slice(0, 12) : "none";
+    const cacheKeySlice = cacheKey ? cacheKey.slice(0, 12) : "none";
     const conversationIdSlice = conversationId ? conversationId.slice(0, 12) : "none";
     if (hits.length > 0) {
       const hit = hits[0];
-      console.info(`[admin/logs] resolved sessionKey=${sessionKeySlice} conversationId=${conversationIdSlice} shape=${hit.shape} stalePreflushCount=${stalePreflushCount}`);
+      console.info(`[admin/logs] resolved cacheKey=${cacheKeySlice} conversationId=${conversationIdSlice} shape=${hit.shape} stalePreflushCount=${stalePreflushCount}`);
       try {
         const filename = basename2(hit.path);
         if (stalePreflushCount > 0 && !download) {
@@ -8006,14 +8081,14 @@ app13.get("/", async (c) => {
         );
       }
     }
-    const reason = !conversationId ? "no preflush log on disk for sessionKey and conversationId not derivable" : !sessionKey ? "no full log on disk and sessionKey not derivable" : "no preflush log, no full log";
-    console.warn(`[admin/logs] not-found tried=[${tried.join(",")}] sessionKey=${sessionKeySlice} conversationId=${conversationIdSlice} reason=${JSON.stringify(reason)}`);
+    const reason = !conversationId ? "no preflush log on disk for cacheKey and conversationId not derivable" : !cacheKey ? "no full log on disk and cacheKey not derivable" : "no preflush log, no full log";
+    console.warn(`[admin/logs] not-found tried=[${tried.join(",")}] cacheKey=${cacheKeySlice} conversationId=${conversationIdSlice} reason=${JSON.stringify(reason)}`);
     return c.json(
       {
         error: reason,
         code: "NOT_FOUND",
         reason,
-        sessionKey: sessionKey ?? null,
+        cacheKey: cacheKey ?? null,
         conversationId: conversationId ?? null
       },
       404
@@ -8046,12 +8121,12 @@ app13.get("/", async (c) => {
   }
   return c.json({ logs });
 });
-var logs_default = app13;
+var logs_default = app14;
 
 // server/routes/admin/claude-info.ts
 import { execFileSync as execFileSync2 } from "child_process";
-var app14 = new Hono();
-app14.get("/", (c) => {
+var app15 = new Hono();
+app15.get("/", (c) => {
   let version = "unknown";
   try {
     const raw = execFileSync2("claude", ["--version"], { encoding: "utf-8", timeout: 5e3 });
@@ -8069,17 +8144,17 @@ app14.get("/", (c) => {
   const thinkingView = resolvedAccount?.config.thinkingView ?? "default";
   return c.json({ version, account, model, thinkingView });
 });
-var claude_info_default = app14;
+var claude_info_default = app15;
 
 // server/routes/admin/attachment.ts
 import { readFile as readFile2, readdir } from "fs/promises";
 import { existsSync as existsSync13 } from "fs";
 import { resolve as resolve10 } from "path";
-var app15 = new Hono();
-app15.get("/:attachmentId", requireAdminSession, async (c) => {
+var app16 = new Hono();
+app16.get("/:attachmentId", requireAdminSession, async (c) => {
   const attachmentId = c.req.param("attachmentId");
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     return new Response("Unauthorized", { status: 401 });
   }
@@ -8115,13 +8190,13 @@ app15.get("/:attachmentId", requireAdminSession, async (c) => {
     }
   });
 });
-var attachment_default = app15;
+var attachment_default = app16;
 
 // server/routes/admin/agents.ts
 import { resolve as resolve11 } from "path";
 import { readdirSync as readdirSync6, readFileSync as readFileSync12, existsSync as existsSync14, rmSync } from "fs";
-var app16 = new Hono();
-app16.get("/", (c) => {
+var app17 = new Hono();
+app17.get("/", (c) => {
   const account = resolveAccount();
   if (!account) return c.json({ agents: [] });
   const agentsDir = resolve11(account.accountDir, "agents");
@@ -8151,7 +8226,7 @@ app16.get("/", (c) => {
   }
   return c.json({ agents });
 });
-app16.delete("/:slug", async (c) => {
+app17.delete("/:slug", async (c) => {
   const slug = c.req.param("slug");
   const account = resolveAccount();
   if (!account) return c.json({ error: "No account resolved" }, 400);
@@ -8181,7 +8256,7 @@ app16.delete("/:slug", async (c) => {
     return c.json({ error: "Failed to delete agent" }, 500);
   }
 });
-app16.post("/:slug/project", async (c) => {
+app17.post("/:slug/project", async (c) => {
   const slug = c.req.param("slug");
   const account = resolveAccount();
   if (!account) return c.json({ error: "No account resolved" }, 400);
@@ -8203,7 +8278,7 @@ app16.post("/:slug/project", async (c) => {
     return c.json({ error: `Projection failed: ${msg}` }, 500);
   }
 });
-var agents_default = app16;
+var agents_default = app17;
 
 // server/routes/admin/sessions.ts
 import crypto2 from "crypto";
@@ -8471,19 +8546,19 @@ function formatAge(updatedAtStr) {
     return "unknown";
   }
 }
-var app17 = new Hono();
-app17.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app18 = new Hono();
+app18.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
-  const userId = getUserIdForSession(sessionKey);
+  const userId = getUserIdForSession(cacheKey);
   if (!userId) return c.json({ error: "User identity required \u2014 authenticate with users.json PIN" }, 401);
   try {
     const flushed = await listAdminSessions(accountId, userId, 20);
     const inProgressRaw = listAdminSessionsInProgress(accountId, userId);
     const flushedRows = flushed.map((r) => ({
       conversationId: r.conversationId,
-      sessionKey: null,
+      cacheKey: null,
       name: r.name,
       updatedAt: r.updatedAt,
       phase: "flushed",
@@ -8491,7 +8566,7 @@ app17.get("/", requireAdminSession, async (c) => {
     }));
     const inProgressRows = inProgressRaw.map((r) => ({
       conversationId: null,
-      sessionKey: r.sessionKey,
+      cacheKey: r.cacheKey,
       name: null,
       updatedAt: new Date(r.createdAt).toISOString(),
       phase: "pre-flush",
@@ -8512,52 +8587,52 @@ app17.get("/", requireAdminSession, async (c) => {
     return c.json({ error: "Failed to fetch sessions" }, 500);
   }
 });
-app17.post("/new", requireAdminSession, async (c) => {
-  const oldSessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(oldSessionKey);
-  const userId = getUserIdForSession(oldSessionKey);
+app18.post("/new", requireAdminSession, async (c) => {
+  const oldCacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(oldCacheKey);
+  const userId = getUserIdForSession(oldCacheKey);
   if (!accountId || !userId) {
     return c.json({ error: "Session missing account or user context" }, 400);
   }
-  const newSessionKey = crypto2.randomUUID();
-  const userName = getUserNameForSession(oldSessionKey);
-  registerSession(newSessionKey, "admin", accountId, void 0, userId, userName);
-  const previousConversationId = clearSessionHistory(oldSessionKey);
-  unregisterSession(oldSessionKey);
-  console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} session reset for new conversation: oldSessionKey=${oldSessionKey.slice(0, 8)}\u2026 newSessionKey=${newSessionKey.slice(0, 8)}\u2026 previousConversationId=${previousConversationId?.slice(0, 8) ?? "none"}\u2026 newConversationId=deferred`);
-  return c.json({ session_key: newSessionKey, conversationId: null });
+  const newCacheKey = crypto2.randomUUID();
+  const userName = getUserNameForSession(oldCacheKey);
+  registerSession(newCacheKey, "admin", accountId, void 0, userId, userName);
+  const previousConversationId = clearSessionHistory(oldCacheKey);
+  unregisterSession(oldCacheKey);
+  console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} session reset for new conversation: oldCacheKey=${oldCacheKey.slice(0, 8)}\u2026 newCacheKey=${newCacheKey.slice(0, 8)}\u2026 previousConversationId=${previousConversationId?.slice(0, 8) ?? "none"}\u2026 newConversationId=deferred`);
+  return c.json({ session_key: newCacheKey, conversationId: null });
 });
-app17.post("/switch", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
-  const userId = getUserIdForSession(sessionKey);
+app18.post("/switch", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
+  const userId = getUserIdForSession(cacheKey);
   if (!accountId || !userId) {
     return c.json({ error: "Session missing account or user context" }, 400);
   }
   const body = await c.req.json().catch(() => ({}));
-  const targetSessionKey = typeof body.target_session_key === "string" ? body.target_session_key : "";
-  if (!targetSessionKey) {
+  const targetCacheKey = typeof body.target_session_key === "string" ? body.target_session_key : "";
+  if (!targetCacheKey) {
     return c.json({ error: "target_session_key required" }, 400);
   }
-  const targetCheck = validateSession(targetSessionKey, "admin");
+  const targetCheck = validateSession(targetCacheKey, "admin");
   if (!targetCheck.ok) {
-    console.error(`[session-switch] reject reason=${targetCheck.reason} from=${sessionKey.slice(0, 8)} target=${targetSessionKey.slice(0, 8)}`);
+    console.error(`[session-switch] reject reason=${targetCheck.reason} from=${cacheKey.slice(0, 8)} target=${targetCacheKey.slice(0, 8)}`);
     return c.json({ error: "Target session not registered or wrong agent type", code: targetCheck.reason }, 404);
   }
-  const targetAccountId = getAccountIdForSession(targetSessionKey);
-  const targetUserId = getUserIdForSession(targetSessionKey);
+  const targetAccountId = getAccountIdForSession(targetCacheKey);
+  const targetUserId = getUserIdForSession(targetCacheKey);
   if (targetAccountId !== accountId || targetUserId !== userId) {
-    console.error(`[session-switch] reject reason=ownership-mismatch from=${sessionKey.slice(0, 8)} target=${targetSessionKey.slice(0, 8)} accountMatch=${targetAccountId === accountId} userMatch=${targetUserId === userId}`);
+    console.error(`[session-switch] reject reason=ownership-mismatch from=${cacheKey.slice(0, 8)} target=${targetCacheKey.slice(0, 8)} accountMatch=${targetAccountId === accountId} userMatch=${targetUserId === userId}`);
     return c.json({ error: "Target session not owned by current operator" }, 403);
   }
-  const targetConversationId = getConversationIdForSession(targetSessionKey) ?? null;
-  console.log(`[session-switch] from=${sessionKey.slice(0, 8)} to=${targetSessionKey.slice(0, 8)} targetConvId=${targetConversationId?.slice(0, 8) ?? "none"} accountId=${accountId.slice(0, 8)}`);
-  return c.json({ session_key: targetSessionKey, conversationId: targetConversationId });
+  const targetConversationId = getConversationIdForSession(targetCacheKey) ?? null;
+  console.log(`[session-switch] from=${cacheKey.slice(0, 8)} to=${targetCacheKey.slice(0, 8)} targetConvId=${targetConversationId?.slice(0, 8) ?? "none"} accountId=${accountId.slice(0, 8)}`);
+  return c.json({ session_key: targetCacheKey, conversationId: targetConversationId });
 });
-app17.delete("/:id", requireAdminSession, async (c) => {
+app18.delete("/:id", requireAdminSession, async (c) => {
   const conversationId = c.req.param("id");
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
   const owned = await verifyConversationOwnership(conversationId, accountId);
   if (!owned) return c.json({ error: "Conversation not found" }, 404);
@@ -8569,42 +8644,42 @@ app17.delete("/:id", requireAdminSession, async (c) => {
     return c.json({ error: "Failed to delete session" }, 500);
   }
 });
-app17.post("/:id/resume", async (c) => {
+app18.post("/:id/resume", async (c) => {
   const conversationId = c.req.param("id");
-  const sessionKey = c.req.query("session_key") ?? "";
-  if (!sessionKey) {
+  const cacheKey = c.req.query("session_key") ?? "";
+  if (!cacheKey) {
     console.error(`[session] middleware-reject status=400 code=session-missing reason="session_key required" path=${c.req.path}`);
     return c.json({ error: "session_key required", code: "session-missing" }, 400);
   }
   let bridged = false;
-  let result = validateSession(sessionKey, "admin");
+  let result = validateSession(cacheKey, "admin");
   if (!result.ok) {
     if (result.reason === "session-not-registered") {
-      const bridge = await tryCookieBridgeForConversation(c, sessionKey, conversationId);
+      const bridge = await tryCookieBridgeForConversation(c, cacheKey, conversationId);
       if (!bridge.ok) {
         if (bridge.reason === "conversation-not-found") {
           return c.json({ error: "Conversation not found" }, 404);
         }
-        const tail = sessionKey.slice(0, 8);
-        console.error(`[session] middleware-reject status=401 code=session-not-registered reason="cookie-bridge-rejected:${bridge.reason}" path=${c.req.path} sessionKey=${tail}\u2026`);
+        const tail = cacheKey.slice(0, 8);
+        console.error(`[session] middleware-reject status=401 code=session-not-registered reason="cookie-bridge-rejected:${bridge.reason}" path=${c.req.path} cacheKey=${tail}\u2026`);
         return c.json({ error: "Invalid or expired admin session", code: "session-not-registered" }, 401);
       }
       bridged = true;
-      result = validateSession(sessionKey, "admin");
+      result = validateSession(cacheKey, "admin");
       if (!result.ok) {
-        const tail = sessionKey.slice(0, 8);
-        console.error(`[session] middleware-reject status=401 code=session-not-registered reason="post-bridge re-validate failed" path=${c.req.path} sessionKey=${tail}\u2026`);
+        const tail = cacheKey.slice(0, 8);
+        console.error(`[session] middleware-reject status=401 code=session-not-registered reason="post-bridge re-validate failed" path=${c.req.path} cacheKey=${tail}\u2026`);
         return c.json({ error: "Invalid or expired admin session", code: "session-not-registered" }, 401);
       }
     } else {
-      const tail = sessionKey.slice(0, 8);
+      const tail = cacheKey.slice(0, 8);
       const wireCode = result.reason === "agent-type-mismatch" ? "session-not-registered" : result.reason;
-      console.error(`[session] middleware-reject status=401 code=${wireCode} reason="invalid or expired admin session" path=${c.req.path} sessionKey=${tail}\u2026`);
+      console.error(`[session] middleware-reject status=401 code=${wireCode} reason="invalid or expired admin session" path=${c.req.path} cacheKey=${tail}\u2026`);
       return c.json({ error: "Invalid or expired admin session", code: wireCode }, 401);
     }
   }
-  const accountId = getAccountIdForSession(sessionKey);
-  const userId = getUserIdForSession(sessionKey);
+  const accountId = getAccountIdForSession(cacheKey);
+  const userId = getUserIdForSession(cacheKey);
   if (!accountId) {
     return c.json({ error: "Session missing account context" }, 400);
   }
@@ -8614,9 +8689,9 @@ app17.post("/:id/resume", async (c) => {
   const updatedAt = await verifyAndGetConversationUpdatedAt(conversationId, accountId);
   if (updatedAt === null) return c.json({ error: "Conversation not found" }, 404);
   const persistedAgentSessionId = await getAgentSessionIdForConversation(conversationId);
-  setConversationIdForSession(sessionKey, conversationId);
+  setConversationIdForSession(cacheKey, conversationId);
   if (persistedAgentSessionId) {
-    setAgentSessionId(sessionKey, persistedAgentSessionId);
+    setAgentSessionId(cacheKey, persistedAgentSessionId);
   }
   const streamLogPath = resolvePath(ACCOUNTS_DIR, accountId, "logs", `claude-agent-stream-${conversationId}.log`);
   const tag = persistedAgentSessionId ? `agentSessionId=${persistedAgentSessionId.slice(0, 8)}\u2026` : "agentSessionId=missing";
@@ -8641,7 +8716,7 @@ app17.post("/:id/resume", async (c) => {
     jsonlMalformedLines = replay.malformedLines;
     jsonlReplayMessages = replay.messages;
     if (replay.jsonlMissing) {
-      console.error(`[jsonl-resume-miss] sessionKey=${sessionKey.slice(0, 8)}\u2026 conversationId=${conversationId.slice(0, 8)}\u2026 agentSessionId=${persistedAgentSessionId.slice(0, 8)}\u2026 expectedPath=${jsonlPath} configDir=${process.env.CLAUDE_CONFIG_DIR ?? "<unset>"}`);
+      console.error(`[jsonl-resume-miss] cacheKey=${cacheKey.slice(0, 8)}\u2026 conversationId=${conversationId.slice(0, 8)}\u2026 agentSessionId=${persistedAgentSessionId.slice(0, 8)}\u2026 expectedPath=${jsonlPath} configDir=${process.env.CLAUDE_CONFIG_DIR ?? "<unset>"}`);
     }
   } else {
     jsonlMissing = true;
@@ -8804,7 +8879,7 @@ app17.post("/:id/resume", async (c) => {
   const reason = bridged ? "post-restart" : "page-refresh";
   try {
     const source = jsonlMissing ? persistedAgentSessionId ? "jsonl-missing" : "neo4j-only" : "jsonl";
-    appendFileSync4(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] reason=${reason} source=${source} sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} jsonlReplayMessages=${jsonlReplayMessages.length} neo4jMessages=${neo4jMessages.length} jsonlMalformed=${jsonlMalformedLines} componentCount=${totalComponents} userAttachmentCount=${totalAttachments} syntheticHidden=${syntheticHidden}
+    appendFileSync4(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] reason=${reason} source=${source} cacheKey=${cacheKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} jsonlReplayMessages=${jsonlReplayMessages.length} neo4jMessages=${neo4jMessages.length} jsonlMalformed=${jsonlMalformedLines} componentCount=${totalComponents} userAttachmentCount=${totalAttachments} syntheticHidden=${syntheticHidden}
 `);
     if (totalComponents > 0) {
       appendFileSync4(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-rehydrate] conversationId=${conversationId.slice(0, 8)} count=${totalComponents} valid=${totalValid} invalid=${totalInvalid} textRuns=${textRuns}
@@ -8821,7 +8896,7 @@ app17.post("/:id/resume", async (c) => {
   } catch {
   }
   const age = formatAge(updatedAt);
-  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} reason=${reason} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} syntheticHidden=${syntheticHidden} jsonlMissing=${jsonlMissing} healMissing=${jsonlHealMissing} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
+  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} reason=${reason} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} syntheticHidden=${syntheticHidden} jsonlMissing=${jsonlMissing} healMissing=${jsonlHealMissing} cacheKey=${cacheKey.slice(0, 8)}\u2026`);
   return c.json({
     conversationId,
     messages: rehydrated,
@@ -8834,10 +8909,10 @@ app17.post("/:id/resume", async (c) => {
     }
   });
 });
-app17.post("/:id/label", requireAdminSession, async (c) => {
+app18.post("/:id/label", requireAdminSession, async (c) => {
   const conversationId = c.req.param("id");
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
   const owned = await verifyConversationOwnership(conversationId, accountId);
   if (!owned) return c.json({ error: "Conversation not found" }, 404);
@@ -8861,16 +8936,16 @@ app17.post("/:id/label", requireAdminSession, async (c) => {
     return c.json({ label: null });
   }
 });
-app17.put("/:id/label", requireAdminSession, async (c) => {
+app18.put("/:id/label", requireAdminSession, async (c) => {
   const conversationId = c.req.param("id");
-  const sessionKey = c.var.sessionKey;
+  const cacheKey = c.var.cacheKey;
   let body;
   try {
     body = await c.req.json();
   } catch {
     return c.json({ error: "Invalid JSON body" }, 400);
   }
-  const accountId = getAccountIdForSession(sessionKey);
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
   const owned = await verifyConversationOwnership(conversationId, accountId);
   if (!owned) return c.json({ error: "Conversation not found" }, 404);
@@ -8887,11 +8962,11 @@ app17.put("/:id/label", requireAdminSession, async (c) => {
     return c.json({ error: "Failed to rename session" }, 500);
   }
 });
-var sessions_default = app17;
+var sessions_default = app18;
 
 // server/routes/admin/browser.ts
-var app18 = new Hono();
-app18.post("/launch", async (c) => {
+var app19 = new Hono();
+app19.post("/launch", async (c) => {
   try {
     const transport = resolveBrowserTransport(c.req.raw, c.env?.incoming?.socket?.remoteAddress);
     if (transport === "vnc") {
@@ -8913,7 +8988,7 @@ app18.post("/launch", async (c) => {
     );
   }
 });
-var browser_default = app18;
+var browser_default = app19;
 
 // server/routes/admin/browser-iframe.ts
 var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
@@ -8930,8 +9005,8 @@ function asString(v, max = 500) {
 function asNumber(v) {
   return typeof v === "number" && Number.isFinite(v) ? v : void 0;
 }
-var app19 = new Hono();
-app19.post("/event", async (c) => {
+var app20 = new Hono();
+app20.post("/event", async (c) => {
   let body = {};
   try {
     body = await c.req.json();
@@ -8952,7 +9027,7 @@ app19.post("/event", async (c) => {
   });
   return c.body(null, 204);
 });
-var browser_iframe_default = app19;
+var browser_iframe_default = app20;
 
 // app/lib/cdp-client.ts
 var CDP_HOST = "127.0.0.1";
@@ -8995,8 +9070,8 @@ async function cdpNavigateNewTab(url, opts = {}) {
 }
 
 // server/routes/admin/device-browser.ts
-var app20 = new Hono();
-app20.post("/navigate", async (c) => {
+var app21 = new Hono();
+app21.post("/navigate", async (c) => {
   const TAG19 = "[device-url:click]";
   let body;
   try {
@@ -9083,7 +9158,7 @@ app20.post("/navigate", async (c) => {
     targetId: outcome.targetId
   });
 });
-var device_browser_default = app20;
+var device_browser_default = app21;
 
 // server/routes/admin/events.ts
 var ALLOWED_EVENTS2 = /* @__PURE__ */ new Set([
@@ -9092,8 +9167,8 @@ var ALLOWED_EVENTS2 = /* @__PURE__ */ new Set([
   "device-url:vnc-surface-shown",
   "device-url:malformed"
 ]);
-var app21 = new Hono();
-app21.post("/", async (c) => {
+var app22 = new Hono();
+app22.post("/", async (c) => {
   const TAG19 = "[admin:events]";
   let body;
   try {
@@ -9124,7 +9199,7 @@ app21.post("/", async (c) => {
   console.error(`[${event}] ${formatted}`);
   return c.json({ ok: true });
 });
-var events_default = app21;
+var events_default = app22;
 
 // server/routes/admin/cloudflare.ts
 import { homedir as homedir2 } from "os";
@@ -9242,7 +9317,7 @@ function validateBody(body) {
   }
   return null;
 }
-var app22 = new Hono();
+var app23 = new Hono();
 function fieldFromReason(reason) {
   switch (reason) {
     case "not-signed-in":
@@ -9263,15 +9338,15 @@ function fieldFromReason(reason) {
       return "script";
   }
 }
-app22.get("/domains", requireAdminSession, async (c) => {
+app23.get("/domains", requireAdminSession, async (c) => {
   const started = Date.now();
-  const sessionKey = c.var.sessionKey;
+  const cacheKey = c.var.cacheKey;
   let correlationId;
-  let sessionKeyTail;
+  let cacheKeyTail;
   let streamLogPath;
   function tag() {
     if (!correlationId) return "";
-    return ` conversationId=${correlationId} session_key=${sessionKeyTail ?? "unknown"}`;
+    return ` conversationId=${correlationId} session_key=${cacheKeyTail ?? "unknown"}`;
   }
   function log(line) {
     console.log(`[cloudflare-domains] ${line}${tag()}`);
@@ -9299,9 +9374,9 @@ app22.get("/domains", requireAdminSession, async (c) => {
     };
     return c.json(body, 200);
   }
-  const accountId = getAccountIdForSession(sessionKey);
-  correlationId = getConversationIdForSession(sessionKey);
-  sessionKeyTail = sessionKey.slice(-8);
+  const accountId = getAccountIdForSession(cacheKey);
+  correlationId = getConversationIdForSession(cacheKey);
+  cacheKeyTail = cacheKey.slice(-8);
   if (!accountId) return err("session", "No account bound to session \u2014 refresh chat.");
   if (!correlationId) return err("session", "No active conversation for session \u2014 refresh chat.");
   streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
@@ -9358,15 +9433,15 @@ ${result.stderr}` : ""}`;
   return c.json(success, 200);
 });
 var TUNNELS_TIMEOUT_MS = 30 * 1e3;
-app22.get("/tunnels", requireAdminSession, async (c) => {
+app23.get("/tunnels", requireAdminSession, async (c) => {
   const started = Date.now();
-  const sessionKey = c.var.sessionKey;
+  const cacheKey = c.var.cacheKey;
   let correlationId;
-  let sessionKeyTail;
+  let cacheKeyTail;
   let streamLogPath;
   function tag() {
     if (!correlationId) return "";
-    return ` conversationId=${correlationId} session_key=${sessionKeyTail ?? "unknown"}`;
+    return ` conversationId=${correlationId} session_key=${cacheKeyTail ?? "unknown"}`;
   }
   function log(line) {
     console.log(`[cloudflare-tunnels] ${line}${tag()}`);
@@ -9391,9 +9466,9 @@ app22.get("/tunnels", requireAdminSession, async (c) => {
     const body = { ok: false, field, message, output, defaultName, correlationId, streamLogPath };
     return c.json(body, 200);
   }
-  const accountId = getAccountIdForSession(sessionKey);
-  correlationId = getConversationIdForSession(sessionKey);
-  sessionKeyTail = sessionKey.slice(-8);
+  const accountId = getAccountIdForSession(cacheKey);
+  correlationId = getConversationIdForSession(cacheKey);
+  cacheKeyTail = cacheKey.slice(-8);
   if (!accountId) return err("session", "No account bound to session \u2014 refresh chat.");
   if (!correlationId) return err("session", "No active conversation for session \u2014 refresh chat.");
   streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
@@ -9454,15 +9529,15 @@ ${result.stderr}` : ""}`;
   const success = { ok: true, tunnels, defaultName, correlationId, streamLogPath };
   return c.json(success, 200);
 });
-app22.post("/setup", requireAdminSession, async (c) => {
+app23.post("/setup", requireAdminSession, async (c) => {
   const started = Date.now();
-  const sessionKey = c.var.sessionKey;
+  const cacheKey = c.var.cacheKey;
   let correlationId;
-  let sessionKeyTail;
+  let cacheKeyTail;
   let streamLogPath;
   function tag() {
     if (!correlationId) return "";
-    return ` conversationId=${correlationId} session_key=${sessionKeyTail ?? "unknown"}`;
+    return ` conversationId=${correlationId} session_key=${cacheKeyTail ?? "unknown"}`;
   }
   function log(line) {
     console.log(`[cloudflare-setup] ${line}${tag()}`);
@@ -9498,9 +9573,9 @@ app22.post("/setup", requireAdminSession, async (c) => {
   } catch {
     return err("request", "Invalid JSON body");
   }
-  const accountId = getAccountIdForSession(sessionKey);
-  correlationId = getConversationIdForSession(sessionKey);
-  sessionKeyTail = sessionKey.slice(-8);
+  const accountId = getAccountIdForSession(cacheKey);
+  correlationId = getConversationIdForSession(cacheKey);
+  cacheKeyTail = cacheKey.slice(-8);
   if (!accountId) {
     return err("request", "No account bound to session \u2014 refresh chat.");
   }
@@ -9553,7 +9628,7 @@ app22.post("/setup", requireAdminSession, async (c) => {
   try {
     cloudflareTask = await openCloudflareTask({
       accountId,
-      conversationKey: sessionKey,
+      conversationId: correlationId,
       inputsProvided: Object.keys(taskInputs),
       inputs: taskInputs,
       inputSchema: CLOUDFLARE_SETUP_FORM_SCHEMA,
@@ -9601,7 +9676,7 @@ app22.post("/setup", requireAdminSession, async (c) => {
             taskId: cloudflareTask.taskId,
             taskElementId: cloudflareTask.taskElementId,
             accountId,
-            conversationKey: sessionKey,
+            conversationId: correlationId,
             status: "failed",
             errorMessage: CLOUDFLARE_TASK_DIAGNOSTICS.endpointDiedPreReconcile
           });
@@ -9618,7 +9693,7 @@ app22.post("/setup", requireAdminSession, async (c) => {
           taskId: cloudflareTask.taskId,
           taskElementId: cloudflareTask.taskElementId,
           accountId,
-          conversationKey: sessionKey,
+          conversationId: correlationId,
           status: "failed",
           errorMessage: `${CLOUDFLARE_TASK_DIAGNOSTICS.scriptExitedNonzero} exit=${status.execMainStatus}`
         });
@@ -9660,7 +9735,7 @@ app22.post("/setup", requireAdminSession, async (c) => {
         taskId: cloudflareTask.taskId,
         taskElementId: cloudflareTask.taskElementId,
         accountId,
-        conversationKey: sessionKey,
+        conversationId: correlationId,
         tunnelId: tunnelState?.tunnelId,
         tunnelName: tunnelState?.tunnelName,
         hostnames: tunnelState ? hostnameRecords : void 0,
@@ -9691,7 +9766,7 @@ actionId: ${actionId}`,
   };
   return ok(success);
 });
-var cloudflare_default = app22;
+var cloudflare_default = app23;
 
 // server/routes/admin/files.ts
 import { createReadStream as createReadStream3 } from "fs";
@@ -9751,7 +9826,7 @@ var UNIQUE_KEYS_BY_LABEL = {
   Event: ["eventId"],
   KnowledgeDocument: ["attachmentId"],
   DigitalDocument: ["attachmentId"],
-  Conversation: ["conversationId", "sessionKey"],
+  Conversation: ["conversationId"],
   Message: ["messageId"],
   OnboardingState: ["accountId"],
   Workflow: ["workflowId"],
@@ -9972,7 +10047,7 @@ async function restoreNode(params) {
 }
 
 // app/lib/file-delete-cascade.ts
-var UUID_RE3 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function parseAttachmentPath(relPath2) {
   const segments = relPath2.split("/").filter(Boolean);
   if (segments.length !== 4) return null;
@@ -9980,7 +10055,7 @@ function parseAttachmentPath(relPath2) {
   const accountId = segments[1];
   const attachmentId = segments[2];
   const filename = segments[3];
-  if (!UUID_RE3.test(accountId) || !UUID_RE3.test(attachmentId)) return null;
+  if (!UUID_RE4.test(accountId) || !UUID_RE4.test(attachmentId)) return null;
   const dot = filename.lastIndexOf(".");
   if (dot === -1) return null;
   const stem = filename.slice(0, dot);
@@ -10052,7 +10127,7 @@ async function cascadeDeleteDocument(params) {
 }
 
 // server/routes/admin/files.ts
-var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 async function readMeta(absDir, baseName) {
   try {
     const raw = await readFile3(join9(absDir, `${baseName}.meta.json`), "utf8");
@@ -10074,7 +10149,7 @@ async function readAccountNames() {
     return map;
   }
   for (const name of names) {
-    if (!UUID_RE4.test(name)) continue;
+    if (!UUID_RE5.test(name)) continue;
     const configPath2 = resolve15(accountsDir, name, "account.json");
     try {
       const raw = await readFile3(configPath2, "utf8");
@@ -10092,7 +10167,7 @@ async function readAccountNames() {
   return map;
 }
 async function enrich(absolute, entry, accountNames) {
-  if (entry.kind === "directory" && UUID_RE4.test(entry.name)) {
+  if (entry.kind === "directory" && UUID_RE5.test(entry.name)) {
     const meta = await readMeta(join9(absolute, entry.name), entry.name);
     if (meta?.filename) {
       entry.displayName = meta.filename;
@@ -10108,7 +10183,7 @@ async function enrich(absolute, entry, accountNames) {
   if (entry.kind === "file") {
     const dot = entry.name.lastIndexOf(".");
     const base = dot === -1 ? entry.name : entry.name.slice(0, dot);
-    if (UUID_RE4.test(base)) {
+    if (UUID_RE5.test(base)) {
       const meta = await readMeta(absolute, base);
       if (meta?.filename) {
         entry.displayName = meta.filename;
@@ -10120,14 +10195,14 @@ async function enrich(absolute, entry, accountNames) {
 function buildDisplayPath(relPath2, accountNames) {
   if (relPath2 === "." || relPath2 === "") return [];
   return relPath2.split("/").filter(Boolean).map((seg) => {
-    const dn = UUID_RE4.test(seg) ? accountNames.get(seg) : void 0;
+    const dn = UUID_RE5.test(seg) ? accountNames.get(seg) : void 0;
     return dn ? { name: seg, displayName: dn } : { name: seg };
   });
 }
-var app23 = new Hono();
-app23.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  if (!getAccountIdForSession(sessionKey)) {
+var app24 = new Hono();
+app24.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  if (!getAccountIdForSession(cacheKey)) {
     console.error(`[data] auth-rejected endpoint="/api/admin/files" reason="no account for session"`);
     return c.json({ error: "Account not found for session" }, 401);
   }
@@ -10148,7 +10223,7 @@ app23.get("/", requireAdminSession, async (c) => {
     const names = await readdir2(absolute);
     const entries = [];
     for (const name of names) {
-      if (UUID_RE4.test(name.replace(/\.meta\.json$/, "")) && name.endsWith(".meta.json")) {
+      if (UUID_RE5.test(name.replace(/\.meta\.json$/, "")) && name.endsWith(".meta.json")) {
         continue;
       }
       try {
@@ -10186,9 +10261,9 @@ app23.get("/", requireAdminSession, async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-app23.get("/download", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  if (!getAccountIdForSession(sessionKey)) {
+app24.get("/download", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  if (!getAccountIdForSession(cacheKey)) {
     console.error(`[data] auth-rejected endpoint="/api/admin/files/download" reason="no account for session"`);
     return c.json({ error: "Account not found for session" }, 401);
   }
@@ -10234,9 +10309,9 @@ app23.get("/download", requireAdminSession, async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-app23.post("/upload", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+app24.post("/upload", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error(`[data] auth-rejected endpoint="/api/admin/files/upload" reason="no account for session"`);
     return c.json({ error: "Account not found for session" }, 401);
@@ -10292,9 +10367,9 @@ app23.post("/upload", requireAdminSession, async (c) => {
     mimeType: file.type
   });
 });
-app23.delete("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+app24.delete("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error(`[data] auth-rejected endpoint="DELETE /api/admin/files" reason="no account for session"`);
     return c.json({ error: "Account not found for session" }, 401);
@@ -10325,7 +10400,7 @@ app23.delete("/", requireAdminSession, async (c) => {
     }
     const dot = base.lastIndexOf(".");
     const stem = dot === -1 ? base : base.slice(0, dot);
-    const sidecarPath = UUID_RE4.test(stem) && base !== `${stem}.meta.json` ? join9(dirname6(absolute), `${stem}.meta.json`) : null;
+    const sidecarPath = UUID_RE5.test(stem) && base !== `${stem}.meta.json` ? join9(dirname6(absolute), `${stem}.meta.json`) : null;
     await unlink2(absolute);
     if (sidecarPath) {
       try {
@@ -10359,7 +10434,7 @@ app23.delete("/", requireAdminSession, async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-var files_default = app23;
+var files_default = app24;
 
 // ../lib/graph-search/src/index.ts
 var import_dist = __toESM(require_dist());
@@ -10739,14 +10814,14 @@ var MAX_LIMIT = 2e3;
 var DEFAULT_VECTOR_THRESHOLD = 0.82;
 var MESSAGE_FAMILY_LABELS = ["Message", "UserMessage", "AssistantMessage", "WhatsAppMessage"];
 var CONVERSATION_PARENT_LABELS = /* @__PURE__ */ new Set(["AdminConversation", "PublicConversation"]);
-var app24 = new Hono();
-app24.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
+var app25 = new Hono();
+app25.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
   const q = (c.req.query("q") ?? "").trim();
   const rawLimit = c.req.query("limit");
   const rawLabels = c.req.query("labels");
   const rawThreshold = c.req.query("threshold");
-  const accountId = getAccountIdForSession(sessionKey);
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error(`[graph-search] auth-rejected endpoint="/api/admin/graph-search" reason="no account for session"`);
     return c.json({ error: "Account not found for session" }, 401);
@@ -10871,7 +10946,7 @@ app24.get("/", requireAdminSession, async (c) => {
     await session.close();
   }
 });
-var graph_search_default = app24;
+var graph_search_default = app25;
 
 // server/routes/admin/graph-subgraph.ts
 import neo4j2 from "neo4j-driver";
@@ -11027,12 +11102,12 @@ var STRIPPED_PROPERTIES = /* @__PURE__ */ new Set([
   "passwordHash",
   "magicToken",
   "otpCode",
-  "sessionKey"
+  "cacheKey"
 ]);
-var app25 = new Hono();
-app25.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app26 = new Hono();
+app26.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error('[graph-page] auth-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
@@ -11613,14 +11688,14 @@ function pruneNode(node, warnedClasses, conversationWarnings) {
   }
   return trashed ? { id: node.id, labels, properties, trashed: true } : { id: node.id, labels, properties };
 }
-var graph_subgraph_default = app25;
+var graph_subgraph_default = app26;
 
 // server/routes/admin/graph-delete.ts
 var ALLOWED_BY = ["graph-page", "graph-drag-trash"];
-var app26 = new Hono();
-app26.post("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app27 = new Hono();
+app27.post("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error('[graph-page] delete auth-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
@@ -11689,13 +11764,13 @@ app26.post("/", requireAdminSession, async (c) => {
     }
   }
 });
-var graph_delete_default = app26;
+var graph_delete_default = app27;
 
 // server/routes/admin/graph-restore.ts
-var app27 = new Hono();
-app27.post("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app28 = new Hono();
+app28.post("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error('[graph-page] restore auth-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
@@ -11757,13 +11832,13 @@ app27.post("/", requireAdminSession, async (c) => {
     }
   }
 });
-var graph_restore_default = app27;
+var graph_restore_default = app28;
 
 // server/routes/admin/graph-labels-in-graph.ts
-var app28 = new Hono();
-app28.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app29 = new Hono();
+app29.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     console.error('[graph-page] labels-in-graph-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
@@ -11827,14 +11902,14 @@ var LABELS_IN_GRAPH_CYPHER = `
        sum(halfEdges) AS relDegree
   RETURN label, nodeCount, relDegree
 `;
-var graph_labels_in_graph_default = app28;
+var graph_labels_in_graph_default = app29;
 
 // server/routes/admin/graph-default-view.ts
-var app29 = new Hono();
-app29.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
-  const userId = getUserIdForSession(sessionKey);
+var app30 = new Hono();
+app30.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
+  const userId = getUserIdForSession(cacheKey);
   if (!accountId || !userId) {
     console.error('[graph-page] default-view-rejected reason="missing account or user context"');
     return c.json({ error: "Account and user context required for default view" }, 401);
@@ -11869,10 +11944,10 @@ app29.get("/", requireAdminSession, async (c) => {
     }
   }
 });
-app29.put("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
-  const userId = getUserIdForSession(sessionKey);
+app30.put("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
+  const userId = getUserIdForSession(cacheKey);
   if (!accountId || !userId) {
     console.error('[graph-page] default-view-rejected reason="missing account or user context"');
     return c.json({ error: "Account and user context required for default view" }, 401);
@@ -11958,11 +12033,11 @@ var WRITE_CYPHER = `
       p.updatedAt = $updatedAt
   RETURN p.labels AS labels
 `;
-var graph_default_view_default = app29;
+var graph_default_view_default = app30;
 
 // server/routes/admin/file-attach.ts
-var app30 = new Hono();
-app30.post("/", async (c) => {
+var app31 = new Hono();
+app31.post("/", async (c) => {
   try {
     const body = await c.req.json();
     const { filePath, accountId } = body;
@@ -11985,11 +12060,11 @@ app30.post("/", async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-var file_attach_default = app30;
+var file_attach_default = app31;
 
 // server/routes/admin/adherence.ts
-var app31 = new Hono();
-app31.get("/", requireAdminSession, async (c) => {
+var app32 = new Hono();
+app32.get("/", requireAdminSession, async (c) => {
   const agent = c.req.query("agent") ?? "admin";
   const includeBlock = c.req.query("block") === "1";
   const account = resolveAccount();
@@ -12010,7 +12085,7 @@ app31.get("/", requireAdminSession, async (c) => {
     return c.json({ error: "Failed to read adherence ledger", agent }, 500);
   }
 });
-var adherence_default = app31;
+var adherence_default = app32;
 
 // server/routes/admin/sidebar-artefacts.ts
 import neo4j3 from "neo4j-driver";
@@ -12020,10 +12095,10 @@ import { existsSync as existsSync18 } from "fs";
 var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
-var app32 = new Hono();
-app32.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var app33 = new Hono();
+app33.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) {
     return c.json({ error: "Account not found for session" }, 401);
   }
@@ -12227,18 +12302,18 @@ function isWithin(target, root) {
   const rel = relative2(root, target);
   return !rel.startsWith("..") && !isAbsolute(rel);
 }
-var sidebar_artefacts_default = app32;
+var sidebar_artefacts_default = app33;
 
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir3, readdir as readdir4, stat as stat5, writeFile as writeFile4 } from "fs/promises";
 import { resolve as resolve17 } from "path";
 import { existsSync as existsSync19 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
-var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
-var app33 = new Hono();
-app33.post("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var UUID_RE6 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+var app34 = new Hono();
+app34.post("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
   const body = await safeJson(c);
   if (!body || typeof body.id !== "string" || typeof body.content !== "string") {
@@ -12294,7 +12369,7 @@ async function resolveSavePath(id, accountId, accountDir) {
     }
     return { kind: "admin-template", path: resolve17(parent, filename) };
   }
-  if (UUID_RE5.test(id)) {
+  if (UUID_RE6.test(id)) {
     const dir = resolve17(ATTACHMENTS_ROOT, accountId, id);
     if (!existsSync19(dir)) {
       return { kind: "reject", status: 400, reason: "not-found" };
@@ -12316,20 +12391,20 @@ async function resolveSavePath(id, accountId, accountDir) {
 function relPath(absPath, root) {
   return absPath.startsWith(root) ? absPath.slice(root.length + 1) : absPath;
 }
-var sidebar_artefact_save_default = app33;
+var sidebar_artefact_save_default = app34;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile5, readdir as readdir5 } from "fs/promises";
 import { existsSync as existsSync20 } from "fs";
 import { resolve as resolve18 } from "path";
-var UUID_RE6 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
-var app34 = new Hono();
-app34.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
+var UUID_RE7 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+var app35 = new Hono();
+app35.get("/", requireAdminSession, async (c) => {
+  const cacheKey = c.var.cacheKey;
+  const accountId = getAccountIdForSession(cacheKey);
   if (!accountId) return new Response("Unauthorized", { status: 401 });
   const id = c.req.query("id") ?? "";
-  if (!UUID_RE6.test(id)) {
+  if (!UUID_RE7.test(id)) {
     console.error(`[admin/sidebar-artefact-content] not-found id=${id.slice(0, 8)}`);
     return new Response("Not found", { status: 404 });
   }
@@ -12365,7 +12440,7 @@ app34.get("/", requireAdminSession, async (c) => {
     }
   });
 });
-var sidebar_artefact_content_default = app34;
+var sidebar_artefact_content_default = app35;
 
 // server/routes/admin/health.ts
 import { existsSync as existsSync21, readFileSync as readFileSync16 } from "fs";
@@ -12410,8 +12485,8 @@ async function probeConversationDb() {
     });
   }
 }
-var app35 = new Hono();
-app35.get("/", async (c) => {
+var app36 = new Hono();
+app36.get("/", async (c) => {
   const version = readVersion();
   const probe = await probeConversationDb();
   const uptimeMs = Date.now() - new Date(PROCESS_STARTED_AT).getTime();
@@ -12433,37 +12508,38 @@ app35.get("/", async (c) => {
     uptimeMs
   });
 });
-var health_default2 = app35;
+var health_default2 = app36;
 
 // server/routes/admin/index.ts
-var app36 = new Hono();
-app36.route("/session", session_default2);
-app36.route("/chat", chat_default2);
-app36.route("/compact", compact_default);
-app36.route("/logs", logs_default);
-app36.route("/claude-info", claude_info_default);
-app36.route("/attachment", attachment_default);
-app36.route("/agents", agents_default);
-app36.route("/sessions", sessions_default);
-app36.route("/browser", browser_default);
-app36.route("/browser-iframe", browser_iframe_default);
-app36.route("/device-browser", device_browser_default);
-app36.route("/events", events_default);
-app36.route("/cloudflare", cloudflare_default);
-app36.route("/files", files_default);
-app36.route("/graph-search", graph_search_default);
-app36.route("/graph-subgraph", graph_subgraph_default);
-app36.route("/graph-delete", graph_delete_default);
-app36.route("/graph-restore", graph_restore_default);
-app36.route("/graph-labels-in-graph", graph_labels_in_graph_default);
-app36.route("/graph-default-view", graph_default_view_default);
-app36.route("/file-attach", file_attach_default);
-app36.route("/adherence", adherence_default);
-app36.route("/sidebar-artefacts", sidebar_artefacts_default);
-app36.route("/sidebar-artefact-save", sidebar_artefact_save_default);
-app36.route("/sidebar-artefact-content", sidebar_artefact_content_default);
-app36.route("/health-brand", health_default2);
-var admin_default = app36;
+var app37 = new Hono();
+app37.route("/session", session_default2);
+app37.route("/chat", chat_default2);
+app37.route("/chat-failure", chat_failure_default);
+app37.route("/compact", compact_default);
+app37.route("/logs", logs_default);
+app37.route("/claude-info", claude_info_default);
+app37.route("/attachment", attachment_default);
+app37.route("/agents", agents_default);
+app37.route("/sessions", sessions_default);
+app37.route("/browser", browser_default);
+app37.route("/browser-iframe", browser_iframe_default);
+app37.route("/device-browser", device_browser_default);
+app37.route("/events", events_default);
+app37.route("/cloudflare", cloudflare_default);
+app37.route("/files", files_default);
+app37.route("/graph-search", graph_search_default);
+app37.route("/graph-subgraph", graph_subgraph_default);
+app37.route("/graph-delete", graph_delete_default);
+app37.route("/graph-restore", graph_restore_default);
+app37.route("/graph-labels-in-graph", graph_labels_in_graph_default);
+app37.route("/graph-default-view", graph_default_view_default);
+app37.route("/file-attach", file_attach_default);
+app37.route("/adherence", adherence_default);
+app37.route("/sidebar-artefacts", sidebar_artefacts_default);
+app37.route("/sidebar-artefact-save", sidebar_artefact_save_default);
+app37.route("/sidebar-artefact-content", sidebar_artefact_content_default);
+app37.route("/health-brand", health_default2);
+var admin_default = app37;
 
 // server/routes/sites.ts
 import { existsSync as existsSync22, readFileSync as readFileSync17, realpathSync as realpathSync4, statSync as statSync7 } from "fs";
@@ -12498,8 +12574,8 @@ function getExt(p) {
   if (idx < p.lastIndexOf("/")) return "";
   return p.slice(idx).toLowerCase();
 }
-var app37 = new Hono();
-app37.get("/:rel{.*}", (c) => {
+var app38 = new Hono();
+app38.get("/:rel{.*}", (c) => {
   const reqPath = c.req.path;
   const rawRel = c.req.param("rel") ?? "";
   const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
@@ -12602,7 +12678,7 @@ app37.get("/:rel{.*}", (c) => {
     "X-Content-Type-Options": "nosniff"
   });
 });
-var sites_default = app37;
+var sites_default = app38;
 
 // app/lib/graph-health.ts
 var HOUR_MS = 60 * 60 * 1e3;
@@ -12756,9 +12832,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app38 = new Hono();
-app38.use("*", clientIpMiddleware);
-app38.use("*", async (c, next) => {
+var app39 = new Hono();
+app39.use("*", clientIpMiddleware);
+app39.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -12768,7 +12844,7 @@ app38.use("*", async (c, next) => {
   );
 });
 var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
-app38.use("*", async (c, next) => {
+app39.use("*", async (c, next) => {
   if (!HTTP_LOG_PATHS.has(c.req.path)) {
     await next();
     return;
@@ -12801,7 +12877,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/sites/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app38.use("*", async (c, next) => {
+app39.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -12841,7 +12917,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app38.post("/__remote-auth/login", async (c) => {
+app39.post("/__remote-auth/login", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   if (!requestIsTlsTerminated(c)) {
@@ -12886,7 +12962,7 @@ app38.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app38.get("/__remote-auth/logout", (c) => {
+app39.get("/__remote-auth/logout", (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   console.error(`[remote-auth] logout ip=${clientIp}`);
@@ -12899,7 +12975,7 @@ app38.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app38.post("/__remote-auth/change-password", async (c) => {
+app39.post("/__remote-auth/change-password", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   const rateLimited = checkRateLimit(client);
@@ -12950,13 +13026,13 @@ app38.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app38.get("/__remote-auth/setup", (c) => {
+app39.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app38.post("/__remote-auth/set-initial-password", async (c) => {
+app39.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -12994,10 +13070,10 @@ app38.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app38.get("/api/remote-auth/status", (c) => {
+app39.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app38.post("/api/remote-auth/set-password", async (c) => {
+app39.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -13027,9 +13103,9 @@ app38.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app38.route("/api/_client-error", client_error_default);
+app39.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app38.use("*", async (c, next) => {
+app39.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -13069,15 +13145,15 @@ app38.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app38.route("/api/health", health_default);
-app38.route("/api/session", session_default);
-app38.route("/api/chat", chat_default);
-app38.route("/api/group", group_default);
-app38.route("/api/access", access_default);
-app38.route("/api/telegram", telegram_default);
-app38.route("/api/whatsapp", whatsapp_default);
-app38.route("/api/onboarding", onboarding_default);
-app38.route("/api/admin", admin_default);
+app39.route("/api/health", health_default);
+app39.route("/api/session", session_default);
+app39.route("/api/chat", chat_default);
+app39.route("/api/group", group_default);
+app39.route("/api/access", access_default);
+app39.route("/api/telegram", telegram_default);
+app39.route("/api/whatsapp", whatsapp_default);
+app39.route("/api/onboarding", onboarding_default);
+app39.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -13089,7 +13165,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app38.get("/agent-assets/:slug/:filename", (c) => {
+app39.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -13124,7 +13200,7 @@ app38.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app38.get("/generated/:filename", (c) => {
+app39.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -13154,7 +13230,7 @@ app38.get("/generated/:filename", (c) => {
     "Cache-Control": "public, max-age=86400"
   });
 });
-app38.route("/sites", sites_default);
+app39.route("/sites", sites_default);
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
@@ -13291,7 +13367,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app38.get("/", (c) => {
+app39.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -13299,12 +13375,12 @@ app38.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app38.get("/public", (c) => {
+app39.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app38.get("/chat", (c) => {
+app39.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -13323,9 +13399,9 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app38.use("/vnc-viewer.html", logViewerFetch);
-app38.use("/vnc-popout.html", logViewerFetch);
-app38.get("/vnc-popout.html", (c) => {
+app39.use("/vnc-viewer.html", logViewerFetch);
+app39.use("/vnc-popout.html", logViewerFetch);
+app39.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
     html = readFileSync18(resolve21(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -13338,7 +13414,7 @@ app38.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app38.post("/api/vnc/client-event", async (c) => {
+app39.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -13359,20 +13435,20 @@ app38.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app38.get("/g/:slug", (c) => {
+app39.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app38.get("/graph", (c) => {
+app39.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app38.get("/data", (c) => {
+app39.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app38.get("/:slug", async (c, next) => {
+app39.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -13382,15 +13458,15 @@ app38.get("/:slug", async (c, next) => {
   await next();
 });
 if (brandFaviconPath !== "/favicon.ico") {
-  app38.get("/favicon.ico", (c) => {
+  app39.get("/favicon.ico", (c) => {
     c.header("Cache-Control", "public, max-age=300");
     return c.redirect(brandFaviconPath, 302);
   });
 }
-app38.use("/*", serveStatic({ root: "./public" }));
+app39.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.MAXY_UI_INTERNAL_PORT ?? process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app38.fetch, port, hostname });
+var httpServer = serve({ fetch: app39.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 console.log("[boot] auth-mode summary: oauth=8 api-key=1 (api-key consumer: invokePublicAgent only)");
 var SUBAPP_MANIFEST = [
@@ -13411,7 +13487,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app38.routes ?? []) {
+  for (const r of app39.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -13443,6 +13519,13 @@ try {
     console.error(`[session] backfill startup failed: ${err instanceof Error ? err.message : String(err)}`);
   }
 })();
+(async () => {
+  try {
+    await backfillConversationChannelAddress();
+  } catch (err) {
+    console.error(`[session-985] channelAddress backfill startup failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+})();
 (async () => {
   try {
     if (!existsSync23(USERS_FILE)) return;
@@ -13497,15 +13580,14 @@ autoDeliverPremiumPlugins(bootEntitlement?.purchasedPlugins ?? void 0);
 (async () => {
   if (!bootAccount) return;
   try {
-    const { recoverRunningCloudflareTasks } = await import("./cloudflare-task-tracker-M7APAYEF.js");
+    const { recoverRunningCloudflareTasks } = await import("./cloudflare-task-tracker-B6FXP3HI.js");
     const result = await recoverRunningCloudflareTasks(
       bootAccount.accountId,
       configDirForWhatsApp,
-      // No conversationKey at boot — the tracker's writeNodeWithEdges path
-      // requires it for the Conversation join, but the recovery path is
-      // operating on Tasks whose Conversation is already linked. Pass null
-      // and let the tracker pick up the linked Conversation via the Task's
-      // existing edge.
+      // Task 985 — no conversationId at boot. The reconciler operates on
+      // Tasks whose Conversation is already linked via RAISED_DURING; the
+      // tracker resolves the conversationId off that edge when present.
+      // Pass null and let the recovery path pick it up.
       null
     );
     if (result.scanned > 0) {
@@ -13587,10 +13669,10 @@ init({
         agentName = resolved.slug;
       }
       let enrichedText = msg.text || msg.mediaPath || msg.mediaType || msg.replyContext ? buildEnrichedText2(msg.text ?? "") : "";
-      if (msg.sessionKey) {
+      if (msg.cacheKey) {
         const platformAccountId = bootAccount?.accountId ?? msg.accountId;
-        registerSession(msg.sessionKey, msg.agentType, platformAccountId, agentName);
-        console.error(`[session] channel session registered: sessionKey=${msg.sessionKey.slice(0, 12)}\u2026 channel=whatsapp accountId=${platformAccountId.slice(0, 8)}\u2026`);
+        registerSession(msg.cacheKey, msg.agentType, platformAccountId, agentName);
+        console.error(`[session] channel session registered: cacheKey=${msg.cacheKey.slice(0, 12)}\u2026 channel=whatsapp accountId=${platformAccountId.slice(0, 8)}\u2026`);
       }
       let gatewayResult;
       if (msg.text) {
@@ -13614,7 +13696,7 @@ init({
         for await (const event of invokeAgent(
           { type: msg.agentType, agentName },
           enrichedText,
-          msg.sessionKey,
+          msg.cacheKey,
           [],
           void 0,
           gatewayResult
@@ -13632,7 +13714,7 @@ init({
       for await (const event of invokeAgent(
         { type: msg.agentType, agentName },
         enrichedText,
-        msg.sessionKey,
+        msg.cacheKey,
         [],
         void 0,
         gatewayResult