@rubytech/create-realagent 1.0.865 → 1.0.866

package/payload/server/chunk-FHNFKJZN.js

@@ -0,0 +1,2143 @@
+// app/lib/neo4j-store.ts
+import neo4j from "neo4j-driver";
+import { randomUUID } from "crypto";
+import { spawn } from "child_process";
+import { readFileSync, readdirSync, existsSync, openSync, readSync, closeSync, statSync, rmSync } from "fs";
+import { resolve } from "path";
+
+// ../lib/models/src/index.ts
+var OPUS_MODEL = "claude-opus-4-7";
+var SONNET_MODEL = "claude-sonnet-4-6";
+var HAIKU_MODEL = "claude-haiku-4-5";
+var MODEL_CONTEXT_WINDOW = {
+  [OPUS_MODEL]: 2e5,
+  [SONNET_MODEL]: 2e5,
+  [HAIKU_MODEL]: 2e5
+};
+function contextWindow(model) {
+  return MODEL_CONTEXT_WINDOW[model] ?? 2e5;
+}
+
+// app/lib/neo4j-store.ts
+var PLATFORM_ROOT = process.env.MAXY_PLATFORM_ROOT ?? resolve(process.cwd(), "..");
+var driver = null;
+function readPassword() {
+  if (process.env.NEO4J_PASSWORD) return process.env.NEO4J_PASSWORD;
+  const passwordFile = resolve(PLATFORM_ROOT, "config/.neo4j-password");
+  try {
+    return readFileSync(passwordFile, "utf-8").trim();
+  } catch {
+    throw new Error(
+      `Neo4j password not found. Expected at ${passwordFile} or in NEO4J_PASSWORD env var.`
+    );
+  }
+}
+function getDriver() {
+  if (!driver) {
+    const uri = process.env.NEO4J_URI;
+    if (!uri) {
+      throw new Error(
+        "[ui/neo4j-store] NEO4J_URI unset \u2014 refusing to default to bolt://localhost:7687"
+      );
+    }
+    const user = process.env.NEO4J_USER ?? "neo4j";
+    const password = readPassword();
+    console.error(`[ui/neo4j-store] resolved neo4j_uri=${uri}`);
+    driver = neo4j.driver(uri, neo4j.auth.basic(user, password), {
+      maxConnectionPoolSize: 5
+    });
+  }
+  return driver;
+}
+function getSession() {
+  return getDriver().session();
+}
+async function runAdminUserSelfHeal(args) {
+  const { selfHealAdminUser } = await import("./adminuser-self-heal-QAWOZ3JV.js");
+  return selfHealAdminUser({ driver: getDriver(), ...args });
+}
+process.on("SIGINT", async () => {
+  if (driver) {
+    await driver.close();
+    driver = null;
+  }
+});
+var OLLAMA_URL = process.env.OLLAMA_URL ?? "http://localhost:11434";
+var EMBED_MODEL = process.env.EMBED_MODEL ?? "nomic-embed-text";
+async function embed(text) {
+  const res = await fetch(`${OLLAMA_URL}/api/embed`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ model: EMBED_MODEL, input: text }),
+    signal: AbortSignal.timeout(5e3)
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Ollama embedding failed (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  return data.embeddings[0];
+}
+var sessionStoreRef = null;
+function setSessionStoreRef(ref) {
+  sessionStoreRef = ref;
+}
+function getCachedConversationId(sessionKey) {
+  return sessionStoreRef?.get(sessionKey)?.conversationId;
+}
+function cacheConversationId(sessionKey, conversationId) {
+  const session = sessionStoreRef?.get(sessionKey);
+  if (session) {
+    session.conversationId = conversationId;
+  }
+}
+var GREETING_DIRECTIVE = "[New session. Greet the visitor.]";
+var DIRECTIVE_PREFIX = "[New session.";
+async function ensureConversation(accountId, agentType, sessionKey, visitorId, agentSlug, userId) {
+  const cached = getCachedConversationId(sessionKey);
+  if (cached) return { conversationId: cached, created: false };
+  const conversationId = randomUUID();
+  const channel = sessionKey.startsWith("whatsapp:") ? "whatsapp" : sessionKey.startsWith("telegram:") ? "telegram" : "webchat";
+  const conversationSublabel = agentType === "admin" ? "AdminConversation" : "PublicConversation";
+  const handlerSlug = agentSlug ?? (agentType === "admin" ? "admin" : null);
+  const wantsHandledByEdge = !!handlerSlug;
+  const handledByClause = wantsHandledByEdge ? `WITH c, created
+       OPTIONAL MATCH (a:Agent {accountId: $accountId, slug: $handlerSlug})
+       FOREACH (_ IN CASE WHEN a IS NULL THEN [] ELSE [1] END | MERGE (c)-[:HANDLED_BY]->(a))
+       RETURN c.conversationId AS conversationId, created AS created, a IS NOT NULL AS handledBy` : `RETURN c.conversationId AS conversationId, created AS created, false AS handledBy`;
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `OPTIONAL MATCH (existing:Conversation {sessionKey: $sessionKey})
+       WITH existing, existing IS NULL AS created
+       MERGE (c:Conversation {sessionKey: $sessionKey})
+       ON CREATE SET
+         c:${conversationSublabel},
+         c.conversationId = $conversationId,
+         c.accountId = $accountId,
+         c.agentType = $agentType,
+         c.channel = $channel,
+         ${visitorId ? "c.visitorId = $visitorId," : ""}
+         ${agentSlug ? "c.agentSlug = $agentSlug," : ""}
+         ${userId ? "c.userId = $userId," : ""}
+         c.createdAt = datetime(),
+         c.updatedAt = datetime()
+       ON MATCH SET
+         c.updatedAt = datetime()
+       ${handledByClause}`,
+      {
+        sessionKey,
+        conversationId,
+        accountId,
+        agentType,
+        channel,
+        ...visitorId ? { visitorId } : {},
+        ...agentSlug ? { agentSlug } : {},
+        ...handlerSlug ? { handlerSlug } : {},
+        ...userId ? { userId } : {}
+      }
+    );
+    const id = result.records[0]?.get("conversationId");
+    const created = result.records[0]?.get("created") === true;
+    if (id) {
+      cacheConversationId(sessionKey, id);
+      console.error(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} conversation attributed: conversationId=${id.slice(0, 8)}\u2026 userId=${userId ?? "none"} ${agentType}/${accountId.slice(0, 8)}\u2026 sublabel=${conversationSublabel}`);
+      if (wantsHandledByEdge) {
+        const handled = result.records[0]?.get("handledBy");
+        const id8 = id.slice(0, 8);
+        if (handled === true) {
+          console.error(`[agent-graph] handled-by-write conversationId=${id8} slug=${handlerSlug}`);
+        } else {
+          console.error(`[agent-graph] handled-by-skip reason=no-agent-node conversationId=${id8} slug=${handlerSlug}`);
+        }
+      }
+    }
+    return { conversationId: id ?? null, created };
+  } catch (err) {
+    console.error(`[persist] ensureConversation failed: ${err instanceof Error ? err.message : String(err)}`);
+    return { conversationId: null, created: false };
+  } finally {
+    await session.close();
+  }
+}
+async function findRecentConversation(visitorId, accountId, agentSlug, maxAgeHours = 24) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {visitorId: $visitorId, accountId: $accountId, agentType: 'public'})
+       WHERE c.agentSlug = $agentSlug
+         AND c.updatedAt > datetime() - duration({hours: $maxAgeHours})
+         AND NOT c:Trashed
+       RETURN c.conversationId AS conversationId, c.sessionKey AS sessionKey
+       ORDER BY c.updatedAt DESC
+       LIMIT 1`,
+      { visitorId, accountId, agentSlug, maxAgeHours: neo4j.int(maxAgeHours) },
+      { timeout: 2e3 }
+    );
+    const record = result.records[0];
+    if (!record) return null;
+    const conversationId = record.get("conversationId");
+    const sessionKey = record.get("sessionKey");
+    if (!conversationId) return null;
+    console.log(`[persist] found recent conversation ${conversationId.slice(0, 8)}\u2026 for visitor ${visitorId.slice(0, 8)}\u2026`);
+    return { conversationId, sessionKey };
+  } catch (err) {
+    console.error(`[persist] findRecentConversation failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function findGroupBySlug(groupSlug, accountId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {groupSlug: $groupSlug, accountId: $accountId, type: 'group'})
+       WHERE NOT c:Trashed
+       RETURN c.conversationId AS conversationId, c.groupName AS groupName, c.agentSlug AS agentSlug`,
+      { groupSlug, accountId },
+      { timeout: 2e3 }
+    );
+    const record = result.records[0];
+    if (!record) return null;
+    return {
+      conversationId: record.get("conversationId"),
+      groupName: record.get("groupName"),
+      agentSlug: record.get("agentSlug")
+    };
+  } catch (err) {
+    console.error(`[group] findGroupBySlug failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function getGroupParticipants(conversationId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (p:Person)-[r:PARTICIPATES_IN]->(c:Conversation {conversationId: $conversationId})
+       RETURN p.givenName AS givenName, p.familyName AS familyName,
+              r.displayName AS displayName, r.joinedAt AS joinedAt, r.visitorId AS visitorId`,
+      { conversationId }
+    );
+    return result.records.map((r) => ({
+      displayName: r.get("displayName") || r.get("givenName"),
+      givenName: r.get("givenName"),
+      familyName: r.get("familyName"),
+      joinedAt: String(r.get("joinedAt")),
+      visitorId: r.get("visitorId")
+    }));
+  } catch (err) {
+    console.error(`[group] getGroupParticipants failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+async function checkGroupMembership(conversationId, visitorId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (p:Person)-[r:PARTICIPATES_IN]->(c:Conversation {conversationId: $conversationId})
+       WHERE r.visitorId = $visitorId
+       RETURN r.displayName AS displayName
+       LIMIT 1`,
+      { conversationId, visitorId }
+    );
+    return result.records[0]?.get("displayName") ?? null;
+  } catch (err) {
+    console.error(`[group] checkGroupMembership failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function bindVisitorToGroup(conversationId, visitorId, personEmail, personPhone) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (p:Person)-[r:PARTICIPATES_IN]->(c:Conversation {conversationId: $conversationId})
+       WHERE ($email IS NOT NULL AND p.email = $email)
+          OR ($phone IS NOT NULL AND p.telephone = $phone)
+       SET r.visitorId = $visitorId
+       RETURN r.displayName AS displayName
+       LIMIT 1`,
+      {
+        conversationId,
+        visitorId,
+        email: personEmail ?? null,
+        phone: personPhone ?? null
+      }
+    );
+    const name = result.records[0]?.get("displayName");
+    if (name) {
+      console.error(`[group] joined id=${conversationId.slice(0, 8)}\u2026 visitor=${visitorId.slice(0, 8)}\u2026`);
+    } else {
+      console.error(`[group] auth-denied id=${conversationId.slice(0, 8)}\u2026 visitor=${visitorId.slice(0, 8)}\u2026`);
+    }
+    return name ? { displayName: name } : null;
+  } catch (err) {
+    console.error(`[group] bindVisitorToGroup failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function getMessagesSince(conversationId, since, limit = 100) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (m:Message)-[:PART_OF]->(c:Conversation {conversationId: $conversationId})
+       WHERE m.createdAt > datetime($since)
+       RETURN m.messageId AS messageId, m.role AS role, m.content AS content,
+              m.senderName AS senderName, m.senderVisitorId AS senderVisitorId,
+              m.createdAt AS createdAt
+       ORDER BY m.createdAt ASC
+       LIMIT $limit`,
+      { conversationId, since, limit: neo4j.int(limit) },
+      { timeout: 3e3 }
+    );
+    return result.records.map((r) => ({
+      messageId: r.get("messageId"),
+      role: r.get("role"),
+      content: r.get("content"),
+      senderName: r.get("senderName"),
+      senderVisitorId: r.get("senderVisitorId"),
+      createdAt: String(r.get("createdAt"))
+    }));
+  } catch (err) {
+    console.error(`[group] getMessagesSince failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+async function getGroupMessagesForContext(conversationId, limit = 50) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (m:Message)-[:PART_OF]->(c:Conversation {conversationId: $conversationId})
+       WITH m ORDER BY m.createdAt DESC LIMIT $limit
+       RETURN m.role AS role, m.content AS content, m.senderName AS senderName
+       ORDER BY m.createdAt ASC`,
+      { conversationId, limit: neo4j.int(limit) }
+    );
+    return result.records.map((r) => ({
+      role: r.get("role"),
+      content: r.get("content"),
+      senderName: r.get("senderName")
+    }));
+  } catch (err) {
+    console.error(`[group] getGroupMessagesForContext failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+async function backfillNullUserIdConversations(userId) {
+  if (!userId) {
+    console.warn(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} backfill: skipped \u2014 no userId provided (no Owner in users.json?)`);
+    return 0;
+  }
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {agentType: 'admin'})
+       WHERE c.userId IS NULL
+       SET c.userId = $userId
+       RETURN count(c) AS updated`,
+      { userId }
+    );
+    const updated = result.records[0]?.get("updated")?.toNumber?.() ?? result.records[0]?.get("updated") ?? 0;
+    if (updated > 0) {
+      console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} backfill: set userId on ${updated} admin conversations`);
+    } else {
+      console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} backfill: no orphaned admin conversations found`);
+    }
+    return typeof updated === "number" ? updated : 0;
+  } catch (err) {
+    console.error(`[session] backfillNullUserIdConversations failed: ${err instanceof Error ? err.message : String(err)}`);
+    return 0;
+  } finally {
+    await session.close();
+  }
+}
+async function createNewAdminConversation(userId, accountId, sessionKey, adminName, preMintedConversationId) {
+  if (!userId || !sessionKey || !accountId) {
+    console.error(`[admin/conversation-write] schema-violation userId=${userId ? "set" : "EMPTY"} sessionKey=${sessionKey ? "set" : "EMPTY"} accountId=${accountId ? "set" : "EMPTY"}`);
+    return null;
+  }
+  const conversationId = preMintedConversationId ?? randomUUID();
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `OPTIONAL MATCH (existing:AdminUser {userId: $userId})
+       WITH existing IS NULL AS adminUserCreated
+       MERGE (au:AdminUser {userId: $userId})
+       ON CREATE SET au.accountId = $accountId,
+                     au.name = COALESCE($adminName, 'Admin'),
+                     au.createdAt = datetime(),
+                     au.scope = 'admin'
+       CREATE (c:Conversation:AdminConversation {
+         conversationId: $conversationId,
+         sessionKey: $sessionKey,
+         accountId: $accountId,
+         agentType: 'admin',
+         userId: $userId,
+         createdBySource: 'admin-conversation',
+         createdAt: datetime(),
+         updatedAt: datetime()
+       })-[:STARTED_BY]->(au)
+       RETURN adminUserCreated`,
+      { conversationId, sessionKey, accountId, userId, adminName: adminName ?? null }
+    );
+    const adminUserCreated = result.records[0]?.get("adminUserCreated") === true;
+    cacheConversationId(sessionKey, conversationId);
+    console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} conversation created: conversationId=${conversationId.slice(0, 8)}\u2026 sessionKey=${sessionKey.slice(0, 8)}\u2026 accountId=${accountId.slice(0, 8)}\u2026 userId=${userId} agentType=admin createdBySource=admin-conversation createdAt=set updatedAt=set sublabel=AdminConversation adminUserCreated=${adminUserCreated}`);
+    return conversationId;
+  } catch (err) {
+    console.error(`[session] createNewAdminConversation failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+var HEX_COLOR_RE = /^#[0-9a-fA-F]{3,8}$/;
+async function fetchBranding(accountId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (b:LocalBusiness {accountId: $accountId})
+       OPTIONAL MATCH (b)-[:HAS_BRAND_ASSET]->(logo:ImageObject {purpose: "logo"})
+       OPTIONAL MATCH (b)-[:HAS_BRAND_ASSET]->(icon:ImageObject {purpose: "icon"})
+       RETURN b.name AS name,
+              b.primaryColor AS primaryColor,
+              b.accentColor AS accentColor,
+              b.backgroundColor AS backgroundColor,
+              b.tagline AS tagline,
+              logo.contentUrl AS logoUrl,
+              icon.contentUrl AS faviconUrl`,
+      { accountId },
+      { timeout: 2e3 }
+    );
+    const record = result.records[0];
+    if (!record) return null;
+    const name = record.get("name");
+    if (!name) return null;
+    const primaryColor = record.get("primaryColor");
+    const accentColor = record.get("accentColor");
+    const backgroundColor = record.get("backgroundColor");
+    const tagline = record.get("tagline");
+    const logoUrl = record.get("logoUrl");
+    const faviconUrl = record.get("faviconUrl");
+    const hasBranding = primaryColor || accentColor || backgroundColor || tagline || logoUrl || faviconUrl;
+    if (!hasBranding) return null;
+    const branding = { name };
+    if (primaryColor && HEX_COLOR_RE.test(primaryColor)) branding.primaryColor = primaryColor;
+    if (accentColor && HEX_COLOR_RE.test(accentColor)) branding.accentColor = accentColor;
+    if (backgroundColor && HEX_COLOR_RE.test(backgroundColor)) branding.backgroundColor = backgroundColor;
+    if (tagline) branding.tagline = tagline;
+    if (logoUrl) branding.logoUrl = logoUrl;
+    if (faviconUrl) branding.faviconUrl = faviconUrl;
+    console.error(`[branding] resolved for accountId=${accountId.slice(0, 8)}\u2026: primary=${branding.primaryColor ?? "\u2013"} logo=${branding.logoUrl ? "yes" : "no"}`);
+    return branding;
+  } catch (err) {
+    console.error(`[branding] fetchBranding failed for accountId=${accountId.slice(0, 8)}\u2026: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function persistToolCall(record) {
+  const session = getSession();
+  try {
+    const optionalFields = [
+      record.pluginName != null ? ", pluginName: $pluginName" : "",
+      record.error != null ? ", error: $error" : "",
+      record.subagentType != null ? ", subagentType: $subagentType" : "",
+      record.subagentDescription != null ? ", subagentDescription: $subagentDescription" : "",
+      record.approvalState != null ? ", approvalState: $approvalState" : "",
+      record.originalInput != null ? ", originalInput: $originalInput" : ""
+    ].join("");
+    const res = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       CREATE (c)-[:HAS_TOOL_CALL]->(tc:ToolCall {
+         callId: $callId,
+         toolName: $toolName,
+         input: $input,
+         output: $output,
+         isError: $isError,
+         agentType: $agentType,
+         accountId: $accountId,
+         conversationId: $conversationId,
+         createdBySource: 'persist-tool-call',
+         createdBySession: $conversationId,
+         startedAt: datetime($startedAt),
+         completedAt: datetime($completedAt)
+         ${optionalFields}
+       })`,
+      {
+        callId: record.callId,
+        toolName: record.toolName,
+        input: record.input,
+        output: record.output,
+        isError: record.isError,
+        agentType: record.agentType,
+        accountId: record.accountId,
+        conversationId: record.conversationId,
+        startedAt: record.startedAt,
+        completedAt: record.completedAt,
+        ...record.pluginName != null ? { pluginName: record.pluginName } : {},
+        ...record.error != null ? { error: record.error } : {},
+        ...record.subagentType != null ? { subagentType: record.subagentType } : {},
+        ...record.subagentDescription != null ? { subagentDescription: record.subagentDescription } : {},
+        ...record.approvalState != null ? { approvalState: record.approvalState } : {},
+        ...record.originalInput != null ? { originalInput: record.originalInput } : {}
+      }
+    );
+    if (res.summary.counters.updates().nodesCreated === 0) {
+      console.error(
+        `[persist] tool-call skipped: conversation ${record.conversationId.slice(0, 8)}\u2026 not found for tool=${record.toolName}`
+      );
+      return;
+    }
+    console.error(`[persist] tool-call persisted: name=${record.toolName} conversation=${record.conversationId.slice(0, 8)}\u2026${record.approvalState ? ` approval=${record.approvalState}` : ""}`);
+  } catch (err) {
+    console.error(`[persist] tool-call write failed: name=${record.toolName} error=${err instanceof Error ? err.message : String(err)}`);
+  } finally {
+    await session.close();
+  }
+}
+var SUMMARY_MAX_LEN = 200;
+var persistMessageLocks = /* @__PURE__ */ new Map();
+async function persistMessage(conversationId, role, content, accountId, tokens, createdAt, sender, components, attachments) {
+  if (!content) return null;
+  const messageId = randomUUID();
+  const summary = role === "user" ? content.slice(0, SUMMARY_MAX_LEN).trim() : "";
+  let embedding = null;
+  try {
+    embedding = await embed(content);
+  } catch (err) {
+    console.error(`[persist] Embedding failed, storing without: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  const prev = persistMessageLocks.get(conversationId);
+  const waited = prev !== void 0;
+  let release;
+  const mine = new Promise((resolve2) => {
+    release = resolve2;
+  });
+  const chained = (prev ?? Promise.resolve()).then(() => mine);
+  persistMessageLocks.set(conversationId, chained);
+  await prev;
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       OPTIONAL MATCH (tail:Message)-[:PART_OF]->(c)
+         WHERE NOT (tail)-[:NEXT]->(:Message)
+           AND (tail:UserMessage OR tail:AssistantMessage)
+       // Task 857 \u2014 sublabel-scope the tail to the agent-path's own sublabels.
+       // Without this, a Task-857 :WhatsAppMessage row (no outgoing :NEXT)
+       // would be picked as tail and the agent-path would chain
+       // :WhatsAppMessage\u2192:UserMessage, crossing the live-channel chain.
+       // The live writer's tail predicate is sublabel-scoped to
+       // :WhatsAppMessage; this clause is the matching defence on the
+       // agent side. Backward-compatible \u2014 pre-Task-857 graphs only carry
+       // UserMessage/AssistantMessage sublabels under :Message.
+       // Capture whether THIS write's guard will fire. Read c.summary
+       // before the SET so the boolean reflects the pre-state, not the
+       // post-state \u2014 a false positive otherwise when a new user message
+       // happens to equal an already-set summary (verbatim retry, short
+       // catchphrase) and fooled a post-state equality check.
+       WITH c, tail, (c.summary IS NULL AND $role = 'user' AND $summary <> '') AS summarySetThisWrite
+       CREATE (m:Message:${role === "user" ? "UserMessage" : "AssistantMessage"} {
+         messageId: $messageId,
+         conversationId: $conversationId,
+         accountId: $accountId,
+         role: $role,
+         content: $content,
+         createdAt: ${createdAt ? "datetime($createdAt)" : "datetime()"}
+         ${embedding ? ", embedding: $embedding" : ""}
+         ${sender ? ", senderVisitorId: $senderVisitorId, senderName: $senderName" : ""}
+         ${tokens?.inputTokens != null ? ", inputTokens: $inputTokens" : ""}
+         ${tokens?.outputTokens != null ? ", outputTokens: $outputTokens" : ""}
+         ${tokens?.cacheReadTokens != null ? ", cacheReadTokens: $cacheReadTokens" : ""}
+         ${tokens?.cacheCreationTokens != null ? ", cacheCreationTokens: $cacheCreationTokens" : ""}
+       })
+       SET c.updatedAt = datetime()
+       CREATE (m)-[:PART_OF]->(c)
+       FOREACH (prev IN CASE WHEN tail IS NULL THEN [] ELSE [tail] END |
+         CREATE (prev)-[:NEXT]->(m)
+       )
+       FOREACH (_ IN CASE WHEN summarySetThisWrite THEN [1] ELSE [] END |
+         SET c.summary = $summary
+       )
+       FOREACH (comp IN $components |
+         CREATE (m)-[:HAS_COMPONENT]->(:Component {
+           componentId: comp.componentId,
+           conversationId: $conversationId,
+           accountId: $accountId,
+           messageId: $messageId,
+           name: comp.name,
+           data: comp.data,
+           ordinal: comp.ordinal,
+           textOffset: comp.textOffset,
+           submitted: false,
+           createdAt: datetime(),
+           // Task 942 \u2014 store the artefact attachmentId on the :Component
+           // itself when this is a PERSISTENT_COMPONENTS write whose disk
+           // write succeeded. Field is null for non-persistent / mime-skip
+           // / disk-fail components. Lets the audit + backfill scripts
+           // read the attachmentId directly off the :Component row instead
+           // of re-deriving (the live + heal paths use different sources \u2014
+           // sha256(block.id) live, componentId-fallback backfill \u2014 and
+           // the audit must match either).
+           attachmentId: comp.artefactAttachmentId
+         })
+       )
+       // Task 942 \u2014 for PERSISTENT_COMPONENTS whose disk write succeeded
+       // (artefactAttachmentId is non-null), MERGE the sibling
+       // :KnowledgeDocument projection AND a :HAS_KNOWLEDGE_DOCUMENT edge
+       // from the parent :Message in the same Cypher tx. ON CREATE stamps
+       // name+encodingFormat from the live render; ON MATCH only bumps
+       // updatedAt so a heal-on-resume re-run cannot clobber an operator's
+       // subsequent rename via the knowledge-documents API (eng-review \xA72).
+       // The edge makes the projection graph-discoverable from the
+       // conversation timeline so file-delete-cascade and conversation
+       // cleanup can reach it. FOREACH on the filtered list collapses to a
+       // no-op when no component has an attachmentId, preserving the
+       // text-only-turn fast path.
+       FOREACH (kd IN $knowledgeDocs |
+         MERGE (k:KnowledgeDocument {accountId: $accountId, attachmentId: kd.attachmentId})
+         ON CREATE SET k.name = kd.title,
+                       k.encodingFormat = kd.mimeType,
+                       k.createdAt = datetime(),
+                       k.updatedAt = datetime()
+         ON MATCH SET k.updatedAt = datetime()
+         MERGE (m)-[:HAS_KNOWLEDGE_DOCUMENT]->(k)
+       )
+       FOREACH (att IN $attachments |
+         CREATE (m)-[:HAS_ATTACHMENT]->(:Attachment {
+           attachmentId: att.attachmentId,
+           conversationId: $conversationId,
+           accountId: $accountId,
+           messageId: $messageId,
+           filename: att.filename,
+           mimeType: att.mimeType,
+           sizeBytes: att.sizeBytes,
+           storagePath: att.storagePath,
+           ordinal: att.ordinal,
+           createdAt: datetime()
+         })
+       )
+       RETURN tail.messageId AS prevMessageId,
+              summarySetThisWrite,
+              size([(m2:Message)-[:PART_OF]->(c) | m2]) AS chainLen`,
+      {
+        messageId,
+        conversationId,
+        accountId,
+        role,
+        content,
+        summary,
+        ...createdAt ? { createdAt } : {},
+        ...embedding ? { embedding } : {},
+        ...sender ? { senderVisitorId: sender.visitorId, senderName: sender.displayName } : {},
+        ...tokens?.inputTokens != null ? { inputTokens: neo4j.int(tokens.inputTokens) } : {},
+        ...tokens?.outputTokens != null ? { outputTokens: neo4j.int(tokens.outputTokens) } : {},
+        ...tokens?.cacheReadTokens != null ? { cacheReadTokens: neo4j.int(tokens.cacheReadTokens) } : {},
+        ...tokens?.cacheCreationTokens != null ? { cacheCreationTokens: neo4j.int(tokens.cacheCreationTokens) } : {},
+        components: (components ?? []).map((comp) => ({
+          componentId: comp.componentId,
+          name: comp.name,
+          data: comp.data,
+          ordinal: neo4j.int(comp.ordinal),
+          textOffset: neo4j.int(comp.textOffset),
+          // Task 942 — null for non-persistent / mime-skip / disk-fail
+          // components; the FOREACH stamps this directly onto the
+          // :Component row so audit + backfill read attachmentId without
+          // re-deriving from componentId.
+          artefactAttachmentId: comp.artefactAttachmentId ?? null
+        })),
+        // Task 942 — :KnowledgeDocument MERGE list. One row per
+        // PERSISTENT_COMPONENTS component whose disk write succeeded;
+        // text-only / mime-skip / disk-fail components are absent so
+        // the FOREACH no-ops on them. attachmentId here matches the
+        // value the stream-parser stamped after writeAttachment.
+        knowledgeDocs: (components ?? []).filter((comp) => typeof comp.artefactAttachmentId === "string").map((comp) => ({
+          attachmentId: comp.artefactAttachmentId,
+          title: comp.artefactTitle ?? "",
+          mimeType: comp.artefactMimeType ?? ""
+        })),
+        attachments: (attachments ?? []).map((att) => ({
+          attachmentId: att.attachmentId,
+          filename: att.filename,
+          mimeType: att.mimeType,
+          sizeBytes: neo4j.int(att.sizeBytes),
+          storagePath: att.storagePath,
+          ordinal: neo4j.int(att.ordinal)
+        }))
+      }
+    );
+    if (result.records.length === 0) {
+      console.error(`[persist] Neo4j write skipped \u2014 conversation not found: ${conversationId.slice(0, 8)}\u2026`);
+      return null;
+    }
+    const record = result.records[0];
+    const prevMessageId = record.get("prevMessageId") ?? null;
+    const summarySetThisWrite = record.get("summarySetThisWrite") === true;
+    const chainLenRaw = record.get("chainLen");
+    const chainLen = typeof chainLenRaw === "bigint" ? Number(chainLenRaw) : typeof chainLenRaw?.toNumber === "function" ? chainLenRaw.toNumber() : Number(chainLenRaw ?? 0);
+    const messageSublabel = role === "user" ? "UserMessage" : "AssistantMessage";
+    console.error(`[neo4j-store] append-message conversationId=${conversationId.slice(0, 8)}\u2026 messageId=${messageId.slice(0, 8)}\u2026 prev=${prevMessageId ? prevMessageId.slice(0, 8) + "\u2026" : "null"} chainLen=${chainLen} waited=${waited} sublabel=${messageSublabel}`);
+    if (summarySetThisWrite) {
+      console.error(`[neo4j-store] conversation-summary-set conversationId=${conversationId.slice(0, 8)}\u2026 len=${summary.length}`);
+    }
+    const componentList = components ?? [];
+    if (componentList.length > 0) {
+      const relsCreated = result.summary.counters.updates().relationshipsCreated;
+      const expectedComponentEdges = componentList.length;
+      const baseEdges = relsCreated - expectedComponentEdges;
+      if (baseEdges < 1) {
+        console.error(`[neo4j-store] persist-component WARN conversationId=${conversationId.slice(0, 8)}\u2026 messageId=${messageId.slice(0, 8)}\u2026 relsCreated=${relsCreated} expected\u2265${1 + expectedComponentEdges} \u2014 component edges may not have been created`);
+      }
+      for (const comp of componentList) {
+        console.error(`[neo4j-store] persist-component conversationId=${conversationId.slice(0, 8)}\u2026 messageId=${messageId.slice(0, 8)}\u2026 componentId=${comp.componentId.slice(0, 8)}\u2026 name=${comp.name} dataLen=${comp.data.length} ordinal=${comp.ordinal} textOffset=${comp.textOffset}`);
+      }
+    }
+    const attachmentList = attachments ?? [];
+    if (attachmentList.length > 0) {
+      const relsCreated = result.summary.counters.updates().relationshipsCreated;
+      const expectedAttachmentEdges = attachmentList.length;
+      const expectedComponentEdges = (components ?? []).length;
+      const baseEdges = relsCreated - expectedComponentEdges - expectedAttachmentEdges;
+      if (baseEdges < 1) {
+        console.error(`[neo4j-store] persist-attachment WARN conversationId=${conversationId.slice(0, 8)}\u2026 messageId=${messageId.slice(0, 8)}\u2026 relsCreated=${relsCreated} expected\u2265${1 + expectedComponentEdges + expectedAttachmentEdges} \u2014 attachment edges may not have been created`);
+      }
+      for (const att of attachmentList) {
+        console.error(`[neo4j-store] persist-attachment conversationId=${conversationId.slice(0, 8)}\u2026 messageId=${messageId.slice(0, 8)}\u2026 attachmentId=${att.attachmentId.slice(0, 8)}\u2026 filename=${att.filename} mimeType=${att.mimeType} sizeBytes=${att.sizeBytes} ordinal=${att.ordinal}`);
+      }
+    }
+    console.error(`[persist] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 role=${role} len=${content.length}${sender ? ` sender=${sender.displayName}` : ""}`);
+    return messageId;
+  } catch (err) {
+    console.error(`[persist] Neo4j write failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    release();
+    if (persistMessageLocks.get(conversationId) === chained) {
+      persistMessageLocks.delete(conversationId);
+    }
+    await session.close();
+  }
+}
+async function setConversationAgentSessionId(conversationId, agentSessionId) {
+  const prev = persistMessageLocks.get(conversationId);
+  let release;
+  const mine = new Promise((resolve2) => {
+    release = resolve2;
+  });
+  const chained = (prev ?? Promise.resolve()).then(() => mine);
+  persistMessageLocks.set(conversationId, chained);
+  await prev;
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       SET c.agentSessionId = $agentSessionId
+       RETURN c.conversationId AS conversationId`,
+      { conversationId, agentSessionId }
+    );
+    if (result.records.length === 0) {
+      console.error(`[persist] agent-session-id convId=${conversationId.slice(0, 8)}\u2026 status=skipped reason=conversation-not-found`);
+      return false;
+    }
+    console.log(`[persist] agent-session-id convId=${conversationId.slice(0, 8)}\u2026 status=ok agentSessionId=${agentSessionId ? agentSessionId.slice(0, 8) + "\u2026" : "null"}`);
+    return true;
+  } catch (err) {
+    console.error(`[persist] agent-session-id convId=${conversationId.slice(0, 8)}\u2026 status=failed error=${err instanceof Error ? err.message : String(err)}`);
+    return false;
+  } finally {
+    release();
+    if (persistMessageLocks.get(conversationId) === chained) {
+      persistMessageLocks.delete(conversationId);
+    }
+    await session.close();
+  }
+}
+async function getAgentSessionIdForConversation(conversationId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       RETURN c.agentSessionId AS agentSessionId`,
+      { conversationId }
+    );
+    const value = result.records[0]?.get("agentSessionId");
+    return typeof value === "string" && value.length > 0 ? value : null;
+  } catch (err) {
+    console.error(`[persist] agent-session-id read failed convId=${conversationId.slice(0, 8)}\u2026 error=${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function getRecentMessages(conversationId, limit = 50) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (tail:Message {conversationId: $conversationId})
+         WHERE NOT (tail)-[:NEXT]->(:Message)
+       WITH tail ORDER BY tail.createdAt DESC LIMIT 1
+       MATCH path = (m:Message)-[:NEXT*0..]->(tail)
+         WHERE m.conversationId = $conversationId
+           AND length(path) < $limit
+       WITH m, length(path) AS depthFromTail
+       OPTIONAL MATCH (m)-[:HAS_COMPONENT]->(c:Component)
+       WITH m, depthFromTail, c ORDER BY c.ordinal ASC
+       WITH m, depthFromTail,
+            [comp IN collect(c) WHERE comp IS NOT NULL | comp {.*}] AS components
+       OPTIONAL MATCH (m)-[:HAS_ATTACHMENT]->(a:Attachment)
+       WITH m, depthFromTail, components, a ORDER BY a.ordinal ASC
+       WITH m, depthFromTail, components,
+            [att IN collect(a) WHERE att IS NOT NULL | att {.*}] AS attachments
+       RETURN m.messageId AS messageId, m.role AS role, m.content AS content,
+              m.createdAt AS createdAt, components, attachments
+       ORDER BY depthFromTail DESC`,
+      { conversationId, limit: neo4j.int(limit) }
+    );
+    return result.records.map((r) => {
+      const rawComponents = r.get("components") ?? [];
+      const components = rawComponents.map((c) => ({
+        componentId: String(c.componentId ?? ""),
+        name: String(c.name ?? ""),
+        data: String(c.data ?? ""),
+        ordinal: typeof c.ordinal?.toNumber === "function" ? c.ordinal.toNumber() : Number(c.ordinal ?? 0),
+        textOffset: typeof c.textOffset?.toNumber === "function" ? c.textOffset.toNumber() : Number(c.textOffset ?? 0),
+        submitted: c.submitted === true
+      }));
+      const rawAttachments = r.get("attachments") ?? [];
+      const attachments = rawAttachments.map((a) => ({
+        attachmentId: String(a.attachmentId ?? ""),
+        filename: String(a.filename ?? ""),
+        mimeType: String(a.mimeType ?? ""),
+        sizeBytes: typeof a.sizeBytes?.toNumber === "function" ? a.sizeBytes.toNumber() : Number(a.sizeBytes ?? 0),
+        storagePath: String(a.storagePath ?? ""),
+        ordinal: typeof a.ordinal?.toNumber === "function" ? a.ordinal.toNumber() : Number(a.ordinal ?? 0),
+        accountId: String(a.accountId ?? "")
+      }));
+      return {
+        messageId: r.get("messageId"),
+        role: r.get("role"),
+        content: r.get("content"),
+        createdAt: String(r.get("createdAt")),
+        components,
+        attachments
+      };
+    });
+  } catch (err) {
+    console.error(`[persist] getRecentMessages failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+async function markComponentSubmitted(conversationId, componentName, accountId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (conv:Conversation {conversationId: $conversationId, accountId: $accountId})
+       MATCH (m:Message)-[:PART_OF]->(conv)
+       MATCH (m)-[:HAS_COMPONENT]->(c:Component {name: $componentName, accountId: $accountId})
+       WHERE c.submitted = false OR c.submitted IS NULL
+       WITH c, m ORDER BY m.createdAt DESC, c.ordinal DESC
+       LIMIT 1
+       SET c.submitted = true, c.submittedAt = datetime()
+       RETURN c.componentId AS componentId`,
+      { conversationId, componentName, accountId }
+    );
+    const componentId = result.records[0]?.get("componentId");
+    if (componentId) {
+      console.error(`[neo4j-store] component-submitted conversationId=${conversationId.slice(0, 8)}\u2026 name=${componentName} componentId=${componentId.slice(0, 8)}\u2026`);
+      return componentId;
+    }
+    console.error(`[neo4j-store] component-submit-skipped conversationId=${conversationId.slice(0, 8)}\u2026 name=${componentName} reason=no-unsubmitted-match`);
+    return null;
+  } catch (err) {
+    console.error(`[neo4j-store] component-submit-failed conversationId=${conversationId.slice(0, 8)}\u2026 name=${componentName} error=${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function verifyConversationOwnership(conversationId, accountId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId, accountId: $accountId})
+       RETURN c.conversationId AS id LIMIT 1`,
+      { conversationId, accountId }
+    );
+    return result.records.length > 0;
+  } catch (err) {
+    console.error(`[persist] verifyConversationOwnership failed: ${err instanceof Error ? err.message : String(err)}`);
+    return false;
+  } finally {
+    await session.close();
+  }
+}
+async function getConversationOwner(conversationId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       RETURN c.accountId AS accountId, c.userId AS userId LIMIT 1`,
+      { conversationId }
+    );
+    const record = result.records[0];
+    if (!record) return null;
+    const accountId = record.get("accountId");
+    const userId = record.get("userId");
+    if (!accountId) return null;
+    return { accountId, userId: userId ?? null };
+  } catch (err) {
+    console.error(`[persist] getConversationOwner failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function verifyAndGetConversationUpdatedAt(conversationId, accountId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId, accountId: $accountId})
+       RETURN toString(c.updatedAt) AS updatedAt LIMIT 1`,
+      { conversationId, accountId }
+    );
+    const record = result.records[0];
+    return record ? record.get("updatedAt") : null;
+  } catch (err) {
+    console.error(`[persist] verifyAndGetConversationUpdatedAt failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function searchMessages(accountId, queryEmbedding, limit = 10) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `CALL db.index.vector.queryNodes('message_embedding', $limit, $embedding)
+       YIELD node, score
+       WHERE node.accountId = $accountId
+       RETURN node.messageId AS messageId,
+              node.role AS role,
+              node.content AS content,
+              node.conversationId AS conversationId,
+              node.createdAt AS createdAt,
+              score
+       ORDER BY score DESC
+       LIMIT $limit`,
+      { embedding: queryEmbedding, limit: neo4j.int(limit), accountId }
+    );
+    return result.records.map((r) => ({
+      messageId: r.get("messageId"),
+      role: r.get("role"),
+      content: r.get("content"),
+      conversationId: r.get("conversationId"),
+      createdAt: String(r.get("createdAt")),
+      score: typeof r.get("score") === "number" ? r.get("score") : Number(r.get("score"))
+    }));
+  } catch (err) {
+    console.error(`[persist] searchMessages failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+var LIST_BACKFILL_CAP = 3;
+async function listAdminSessions(accountId, userId, limit = 20) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {accountId: $accountId, agentType: 'admin', userId: $userId})
+       WHERE NOT c:Trashed
+       WITH c
+       ORDER BY c.updatedAt DESC
+       LIMIT $limit
+       CALL {
+         WITH c
+         OPTIONAL MATCH (m:Message)-[:PART_OF]->(c)
+         WHERE m.role = 'user'
+           AND c.name IS NULL
+           AND NOT (m.content STARTS WITH '[New session.')
+           AND NOT (m.content STARTS WITH '{"')
+           AND size(m.content) >= 4
+         RETURN m.content AS content, m.createdAt AS createdAt
+         ORDER BY m.createdAt ASC
+         LIMIT 1
+       }
+       RETURN c.conversationId AS conversationId,
+              c.name AS name,
+              c.updatedAt AS updatedAt,
+              c.channel AS channel,
+              content AS firstSubstantiveUserMessage`,
+      { accountId, userId, limit: neo4j.int(limit) }
+    );
+    const rows = result.records.map((r) => ({
+      conversationId: r.get("conversationId"),
+      name: r.get("name"),
+      updatedAt: String(r.get("updatedAt")),
+      channel: r.get("channel"),
+      firstSubstantiveUserMessage: r.get("firstSubstantiveUserMessage")
+    }));
+    let backfillsKicked = 0;
+    for (const row of rows) {
+      if (backfillsKicked >= LIST_BACKFILL_CAP) break;
+      if (row.name !== null) continue;
+      const seed = row.firstSubstantiveUserMessage;
+      if (!seed || !isMessageUseful(seed)) continue;
+      backfillsKicked++;
+      autoLabelSession(row.conversationId, seed).catch(() => {
+      });
+    }
+    return rows.map(({ conversationId, name, updatedAt, channel }) => ({ conversationId, name, updatedAt, channel }));
+  } catch (err) {
+    console.error(`[persist] listAdminSessions failed: ${err instanceof Error ? err.message : String(err)}`);
+    return [];
+  } finally {
+    await session.close();
+  }
+}
+async function deleteConversation(conversationId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       OPTIONAL MATCH (m:Message)-[:PART_OF]->(c)
+       OPTIONAL MATCH (m)-[:HAS_COMPONENT]->(comp:Component)
+       OPTIONAL MATCH (m)-[:HAS_ATTACHMENT]->(att:Attachment)
+       DETACH DELETE att, comp, m, c
+       RETURN count(c) AS deleted`,
+      { conversationId }
+    );
+    const deleted = result.records[0]?.get("deleted");
+    const count = typeof deleted === "object" && deleted !== null ? Number(deleted) : Number(deleted ?? 0);
+    console.error(`[persist] deleteConversation ${conversationId.slice(0, 8)}\u2026: ${count > 0 ? "deleted" : "not found"}`);
+    return count > 0;
+  } catch (err) {
+    console.error(`[persist] deleteConversation failed: ${err instanceof Error ? err.message : String(err)}`);
+    return false;
+  } finally {
+    await session.close();
+  }
+}
+var GENERIC_MESSAGE = /^(h(i|ello|ey|owdy)|yo|sup|thanks|thank you|ok|okay|yes|no|good\s*(morning|afternoon|evening|night)|greetings|what'?s\s*up)[\s!?.,:;]*$/i;
+var SESSION_LABEL_MSG_CAP = 500;
+var SESSION_LABEL_TIMEOUT_MS = 15e3;
+var SESSION_LABEL_MODEL = HAIKU_MODEL;
+var SESSION_LABEL_MAX_WORDS = 6;
+var SESSION_LABEL_MAX_ATTEMPTS = 3;
+var SESSION_LABEL_MAX_STDERR = 2048;
+function isMessageUseful(message) {
+  const trimmed = message.trim();
+  if (trimmed.length < 4) return false;
+  if (trimmed.startsWith('{"')) return false;
+  if (GENERIC_MESSAGE.test(trimmed)) return false;
+  if (trimmed.startsWith(DIRECTIVE_PREFIX)) return false;
+  return true;
+}
+function totalFailures(f) {
+  return f.skip + f.error;
+}
+function failureBreakdown(f) {
+  return `skip:${f.skip} error:${f.error}`;
+}
+var labelAccumulator = /* @__PURE__ */ new Map();
+var _spawnOverride = null;
+var SESSION_LABEL_SYSTEM = `You are a session labeler. Given the opening messages of a conversation with an AI assistant, produce a concise topic label.
+
+Rules:
+- Exactly 3 to 6 words
+- Summarize the user's intent, do not copy verbatim
+- Capitalize the first word only (sentence case)
+- No punctuation, no quotes
+- You MUST always produce a label. Vague, terse, or single-word messages still get a best-effort label (e.g. a one-word "hi" or an emoji becomes "Greeting"; an unintelligible fragment becomes "Unstructured note"). Never abstain.`;
+async function generateSessionLabel(messages) {
+  const cappedMessages = messages.map((m) => m.slice(0, SESSION_LABEL_MSG_CAP));
+  const userContent = cappedMessages.map((m, i) => `Message ${i + 1}: ${m}`).join("\n");
+  const prompt = `${SESSION_LABEL_SYSTEM}
+
+${userContent}`;
+  const args = [
+    "--print",
+    "--model",
+    SESSION_LABEL_MODEL,
+    "--max-turns",
+    "1",
+    "--permission-mode",
+    "dontAsk",
+    prompt
+  ];
+  return new Promise((resolve2) => {
+    let stdout = "";
+    let stderr = "";
+    const spawnFn = _spawnOverride ?? spawn;
+    const proc = spawnFn("claude", args, {
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    proc.stdout?.on("data", (chunk) => {
+      stdout += chunk.toString("utf-8");
+    });
+    proc.stderr?.on("data", (chunk) => {
+      if (stderr.length < SESSION_LABEL_MAX_STDERR) {
+        stderr += chunk.toString("utf-8").slice(0, SESSION_LABEL_MAX_STDERR - stderr.length);
+      }
+    });
+    const timer = setTimeout(() => {
+      proc.kill("SIGTERM");
+      console.error("[persist] autoLabel: haiku subprocess timed out");
+      resolve2(null);
+    }, SESSION_LABEL_TIMEOUT_MS);
+    proc.on("error", (err) => {
+      clearTimeout(timer);
+      console.error(`[persist] autoLabel: subprocess error \u2014 ${err.message}`);
+      resolve2(null);
+    });
+    proc.on("close", (code) => {
+      clearTimeout(timer);
+      if (code !== 0) {
+        console.error(`[persist] autoLabel: subprocess exited code=${code}${stderr ? ` stderr=${stderr.trim().slice(0, 200)}` : ""}`);
+        resolve2(null);
+        return;
+      }
+      const text = stdout.trim();
+      if (!text) {
+        console.error("[persist] autoLabel: haiku returned empty response");
+        resolve2(null);
+        return;
+      }
+      const words = text.split(/\s+/).slice(0, SESSION_LABEL_MAX_WORDS);
+      const label = words.join(" ");
+      console.error(`[persist] autoLabel: haiku response="${label}"`);
+      resolve2(label);
+    });
+  });
+}
+async function autoLabelSession(conversationId, userMessage) {
+  if (!conversationId) return;
+  if (!isMessageUseful(userMessage)) {
+    const trimmed = userMessage.trim();
+    const reason = trimmed.startsWith('{"') ? "JSON envelope" : trimmed.startsWith(DIRECTIVE_PREFIX) ? "directive" : GENERIC_MESSAGE.test(trimmed) ? "greeting" : trimmed.length < 4 ? "too short" : "directive";
+    console.error(`[persist] autoLabel: skipped ${conversationId.slice(0, 8)}\u2026 \u2014 ${reason}`);
+    return;
+  }
+  try {
+    const preCheck = getSession();
+    try {
+      const res = await preCheck.run(
+        `MATCH (c:Conversation {conversationId: $conversationId})
+         OPTIONAL MATCH (m:Message)-[:PART_OF]->(c)
+         WHERE m.role = 'user'
+         WITH c, count(m) AS userCount
+         RETURN c.name AS name, userCount`,
+        { conversationId }
+      );
+      const firstRecord = res.records[0];
+      const existingName = firstRecord?.get("name");
+      const userCountRaw = firstRecord?.get("userCount");
+      const userCount = typeof userCountRaw === "object" && userCountRaw !== null ? Number(userCountRaw) : Number(userCountRaw ?? 0);
+      if (existingName) {
+        console.error(`[persist] autoLabel: already named ${conversationId.slice(0, 8)}\u2026 \u2014 skipping`);
+        labelAccumulator.delete(conversationId);
+        return;
+      }
+      if (userCount > 3) {
+        console.error(`[persist] autoLabel: past autolabel window ${conversationId.slice(0, 8)}\u2026 \u2014 userCount=${userCount}, skipping`);
+        labelAccumulator.delete(conversationId);
+        return;
+      }
+    } finally {
+      await preCheck.close();
+    }
+  } catch (err) {
+    console.error(`[persist] autoLabel: pre-check read failed for ${conversationId.slice(0, 8)}\u2026 \u2014 proceeding: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  let entry = labelAccumulator.get(conversationId);
+  if (!entry) {
+    entry = {
+      messages: [],
+      pending: false,
+      failures: { skip: 0, error: 0 }
+    };
+    labelAccumulator.set(conversationId, entry);
+  }
+  if (totalFailures(entry.failures) >= SESSION_LABEL_MAX_ATTEMPTS) {
+    console.error(`[persist] autoLabel: evicted ${conversationId.slice(0, 8)}\u2026 after ${SESSION_LABEL_MAX_ATTEMPTS} failed-attempts (${failureBreakdown(entry.failures)})`);
+    labelAccumulator.delete(conversationId);
+    return;
+  }
+  entry.messages.push(userMessage.trim());
+  if (entry.pending) {
+    console.error(`[persist] autoLabel: accumulated for ${conversationId.slice(0, 8)}\u2026 (pending, ${entry.messages.length} msgs)`);
+    return;
+  }
+  entry.pending = true;
+  try {
+    const label = await generateSessionLabel(entry.messages);
+    if (!label) {
+      entry.failures.skip++;
+      console.error(`[persist] autoLabel: generateSessionLabel returned null for ${conversationId.slice(0, 8)}\u2026 (failures ${failureBreakdown(entry.failures)}, ${entry.messages.length} msgs)`);
+      entry.pending = false;
+      return;
+    }
+    const fullLabel = `${label} \xB7 ${conversationId.slice(0, 8)}`;
+    let embedding = null;
+    try {
+      embedding = await embed(fullLabel);
+    } catch (err) {
+      console.error(`[persist] Conversation embedding failed, labelling without: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const session = getSession();
+    try {
+      const result = await session.run(
+        `MATCH (c:Conversation {conversationId: $conversationId})
+         WHERE c.name IS NULL
+         WITH c
+         OPTIONAL MATCH (m:Message)-[:PART_OF]->(c)
+         WHERE m.role = 'user'
+         WITH c, count(m) AS userCount
+         WHERE userCount <= 3
+         SET c.name = $label, c.updatedAt = datetime()
+         ${embedding ? ", c.embedding = $embedding" : ""}
+         RETURN c.name AS name`,
+        { conversationId, label: fullLabel, ...embedding ? { embedding } : {} }
+      );
+      if (result.records.length > 0) {
+        console.error(`[persist] autoLabel: commit ${conversationId.slice(0, 8)}\u2026 name="${fullLabel}"${embedding ? " (embedded)" : ""}`);
+        labelAccumulator.delete(conversationId);
+      } else {
+        console.error(`[persist] autoLabel: no-op commit ${conversationId.slice(0, 8)}\u2026 (name already set or userCount>3)`);
+        labelAccumulator.delete(conversationId);
+      }
+    } catch (err) {
+      entry.failures.error++;
+      console.error(`[persist] autoLabelSession failed: ${err instanceof Error ? err.message : String(err)} (failures ${failureBreakdown(entry.failures)})`);
+    } finally {
+      await session.close();
+    }
+  } catch (err) {
+    const currentEntry = labelAccumulator.get(conversationId);
+    if (currentEntry) currentEntry.failures.error++;
+    console.error(`[persist] autoLabel: unexpected error \u2014 ${err instanceof Error ? err.message : String(err)}${currentEntry ? ` (failures ${failureBreakdown(currentEntry.failures)})` : ""}`);
+  } finally {
+    const currentEntry = labelAccumulator.get(conversationId);
+    if (currentEntry) currentEntry.pending = false;
+  }
+}
+async function renameConversation(conversationId, label) {
+  let embedding = null;
+  try {
+    embedding = await embed(label);
+  } catch (err) {
+    console.error(`[persist] manual-label: embedding failed, persisting without: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  const session = getSession();
+  try {
+    await session.run(
+      `MATCH (c:Conversation {conversationId: $conversationId})
+       SET c.name = $label, c.updatedAt = datetime()
+       ${embedding ? ", c.embedding = $embedding" : ""}`,
+      { conversationId, label, ...embedding ? { embedding } : {} }
+    );
+    console.error(`[persist] manual-label: renamed ${conversationId} to "${label}"${embedding ? " (embedded)" : ""}`);
+  } finally {
+    await session.close();
+  }
+}
+var DECAY_THRESHOLD_DAYS = 14;
+var DECAY_RATE_PER_DAY = 0.05;
+var INJECTION_THRESHOLD = 0.4;
+var MAX_SUMMARY_PREFERENCES = 30;
+async function getUserTimezone(accountId, userId) {
+  const session = getSession();
+  try {
+    const query = userId ? `MATCH (up:UserProfile {accountId: $accountId, userId: $userId})
+         RETURN up.timezone AS timezone` : `MATCH (up:UserProfile {accountId: $accountId})
+         RETURN up.timezone AS timezone ORDER BY up.createdAt LIMIT 1`;
+    const result = await session.run(query, { accountId, userId: userId ?? "" });
+    if (result.records.length === 0) return null;
+    const tz = result.records[0].get("timezone");
+    return tz && tz.trim().length > 0 ? tz : null;
+  } catch (err) {
+    console.error(`[datetime] getUserTimezone failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function loadAdminUserName(accountId, userId) {
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (au:AdminUser {userId: $userId})-[:OWNS]->(p:Person {accountId: $accountId})
+       RETURN p.givenName AS givenName, p.familyName AS familyName, p.avatar AS avatar
+       LIMIT 1`,
+      { accountId, userId }
+    );
+    if (result.records.length === 0) {
+      return { source: "fallback", reason: "no-person-node" };
+    }
+    const givenName = result.records[0].get("givenName");
+    const familyName = result.records[0].get("familyName");
+    const avatar = result.records[0].get("avatar");
+    if (!givenName || givenName.trim().length === 0) {
+      return { source: "fallback", reason: "no-givenName" };
+    }
+    const trimmedFamily = familyName && familyName.trim().length > 0 ? familyName.trim() : null;
+    const trimmedAvatar = avatar && avatar.trim().length > 0 ? avatar.trim() : null;
+    const joined = trimmedFamily ? `${givenName.trim()} ${trimmedFamily}` : givenName.trim();
+    return { source: "neo4j", joined, givenName: givenName.trim(), familyName: trimmedFamily, avatar: trimmedAvatar };
+  } catch (err) {
+    console.error(`[admin-identity] loadAdminUserName failed: ${err instanceof Error ? err.message : String(err)}`);
+    return { source: "fallback", reason: "neo4j-unreachable" };
+  } finally {
+    await session.close();
+  }
+}
+async function writeAdminUserAndPerson(params) {
+  const { userId, fullName, accountId } = params;
+  const trimmed = fullName.trim();
+  if (!trimmed) {
+    throw new Error("writeAdminUserAndPerson: fullName cannot be empty");
+  }
+  const firstSpace = trimmed.search(/\s/);
+  const givenName = firstSpace === -1 ? trimmed : trimmed.slice(0, firstSpace).trim();
+  const familyName = firstSpace === -1 ? null : trimmed.slice(firstSpace + 1).trim() || null;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MERGE (au:AdminUser {userId: $userId})
+       ON CREATE SET au.name = $fullName, au.createdAt = $now
+       ON MATCH SET au.name = $fullName, au.updatedAt = $now
+       WITH au
+
+       // Case-insensitive Person reuse: same accountId, same givenName, same familyName
+       // (null/empty familyName collapsed to '' so 'Joel' does NOT match 'Joel Smalley').
+       OPTIONAL MATCH (existingPerson:Person {accountId: $accountId})
+       WHERE toLower(existingPerson.givenName) = toLower($givenName)
+         AND coalesce(toLower(existingPerson.familyName), '') = coalesce(toLower($familyName), '')
+       WITH au, existingPerson
+
+       CALL {
+         WITH au, existingPerson
+         WITH au, existingPerson WHERE existingPerson IS NOT NULL
+         MERGE (au)-[:OWNS]->(existingPerson)
+         RETURN existingPerson AS p, true AS reused
+         UNION
+         WITH au, existingPerson
+         WITH au WHERE existingPerson IS NULL
+         CREATE (newPerson:Person {
+           accountId: $accountId,
+           givenName: $givenName,
+           familyName: $familyName,
+           role: 'admin-personal',
+           scope: 'admin',
+           createdAt: $now
+         })
+         MERGE (au)-[:OWNS]->(newPerson)
+         RETURN newPerson AS p, false AS reused
+       }
+       RETURN reused, elementId(p) AS personElementId,
+              p.givenName AS givenName, p.familyName AS familyName`,
+      { userId, fullName: trimmed, accountId, givenName, familyName, now }
+    );
+    if (result.records.length === 0) {
+      throw new Error("writeAdminUserAndPerson: no record returned");
+    }
+    const record = result.records[0];
+    return {
+      personReused: record.get("reused"),
+      personElementId: record.get("personElementId"),
+      givenName: record.get("givenName"),
+      familyName: record.get("familyName")
+    };
+  } finally {
+    await session.close();
+  }
+}
+var PROFILE_CATEGORIES = [
+  "communication",
+  "scheduling",
+  "decision",
+  "workflow",
+  "content",
+  "interaction"
+];
+var PROFILE_FIELD_TEMPLATES = {
+  communication: [
+    "preferredChannel",
+    "quietHours",
+    "responseLatencyExpectation",
+    "formalityLevel",
+    "escalationPath"
+  ],
+  scheduling: [
+    "workdayStartTime",
+    "workdayEndTime",
+    "weekendAvailability",
+    "meetingBlockPreference",
+    "focusBlockTiming"
+  ],
+  decision: [
+    "riskTolerance",
+    "autonomyBoundary",
+    "evidenceThreshold",
+    "reversibilityPreference",
+    "stakeholderConsultation"
+  ],
+  workflow: [
+    "batchingPreference",
+    "taskGranularity",
+    "deepWorkBlocks",
+    "statusUpdateCadence",
+    "toolingChoices"
+  ],
+  content: [
+    "outputFormat",
+    "lengthPreference",
+    "citationStyle",
+    "tonality"
+  ],
+  interaction: [
+    "addressForm",
+    "humourTolerance",
+    "directnessLevel",
+    "emotionalRegisterPreference"
+  ]
+};
+var TOTAL_PROFILE_FIELDS = Object.values(PROFILE_FIELD_TEMPLATES).reduce(
+  (n, fs) => n + fs.length,
+  0
+);
+function computeAbsentFields(preferences) {
+  const covered = /* @__PURE__ */ new Set();
+  for (const pref of preferences) {
+    const isCovered = pref.notApplicable === true || pref.confidence >= INJECTION_THRESHOLD;
+    if (isCovered) covered.add(`${pref.category}.${pref.key}`);
+  }
+  const absent = [];
+  for (const [category, fields] of Object.entries(PROFILE_FIELD_TEMPLATES)) {
+    for (const field of fields) {
+      const dotted = `${category}.${field}`;
+      if (!covered.has(dotted)) absent.push(dotted);
+    }
+  }
+  return absent;
+}
+var sparseStateLogged = /* @__PURE__ */ new Set();
+async function loadUserProfile(accountId, userId, conversationId) {
+  console.error(
+    `[profile] loadUserProfile entry accountId=${accountId.slice(0, 8)}\u2026 userId=${userId} conversationId=${conversationId ? `${conversationId.slice(0, 8)}\u2026` : "<none>"}`
+  );
+  const session = getSession();
+  try {
+    const serverTimezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
+    const mergeResult = await session.run(
+      `MATCH (au:AdminUser {userId: $userId})
+       MERGE (au)-[:HAS_PROFILE]->(up:UserProfile {accountId: $accountId, userId: $userId})
+       ON CREATE SET
+         up.createdAt = $now,
+         up.updatedAt = $now,
+         up.profileVersion = 0,
+         up.scope = 'admin',
+         up.timezone = $serverTimezone
+       ON MATCH SET
+         up.timezone = CASE WHEN up.timezone IS NULL OR trim(up.timezone) = '' THEN $serverTimezone ELSE up.timezone END
+       RETURN up.createdAt = $now AS isNew`,
+      { accountId, userId, now: (/* @__PURE__ */ new Date()).toISOString(), serverTimezone }
+    );
+    if (mergeResult.records.length === 0) {
+      console.error(`[profile] loadUserProfile: AdminUser not found for userId=${userId} accountId=${accountId.slice(0, 8)}\u2026 \u2014 profile not created, invariant violated`);
+      return null;
+    }
+    const isNew = mergeResult.records[0].get("isNew");
+    if (isNew) {
+      console.error(`[profile] created new profile: userId=${userId} accountId=${accountId.slice(0, 8)}\u2026 timezone=${serverTimezone}`);
+    }
+    const nowMs = Date.now();
+    const thresholdMs = DECAY_THRESHOLD_DAYS * 24 * 60 * 60 * 1e3;
+    const staleResult = await session.run(
+      `MATCH (up:UserProfile {accountId: $accountId, userId: $userId})-[:HAS_PREFERENCE]->(pref:Preference)
+       WHERE pref.observedAt IS NOT NULL
+       RETURN pref.preferenceId AS preferenceId,
+              pref.observedAt AS observedAt,
+              pref.confidence AS confidence`,
+      { accountId, userId }
+    );
+    let decayCount = 0;
+    for (const record of staleResult.records) {
+      const observedAt = record.get("observedAt");
+      const confidence = record.get("confidence");
+      const observedMs = new Date(observedAt).getTime();
+      const ageMs = nowMs - observedMs;
+      if (ageMs > thresholdMs && confidence > 0) {
+        const daysPastThreshold = (ageMs - thresholdMs) / (24 * 60 * 60 * 1e3);
+        const decayedConfidence = Math.max(0, confidence - DECAY_RATE_PER_DAY * daysPastThreshold);
+        if (decayedConfidence !== confidence) {
+          await session.run(
+            `MATCH (pref:Preference {preferenceId: $preferenceId, accountId: $accountId})
+             SET pref.confidence = $confidence`,
+            {
+              preferenceId: record.get("preferenceId"),
+              accountId,
+              confidence: decayedConfidence
+            }
+          );
+          decayCount++;
+        }
+      }
+    }
+    const result = await session.run(
+      `MATCH (up:UserProfile {accountId: $accountId, userId: $userId})
+       OPTIONAL MATCH (au:AdminUser {userId: $userId})-[:OWNS]->(p:Person {accountId: $accountId})
+       OPTIONAL MATCH (up)-[:HAS_PREFERENCE]->(pref:Preference)
+       WHERE pref.confidence >= $threshold OR pref.notApplicable = true
+       WITH up, p, pref
+       ORDER BY pref.confidence DESC
+       WITH up, p, collect(pref) AS allPrefs
+       WITH up, p, allPrefs[0..$limit] AS prefs
+       RETURN up, p AS person, prefs`,
+      { accountId, userId, threshold: INJECTION_THRESHOLD, limit: MAX_SUMMARY_PREFERENCES }
+    );
+    if (result.records.length === 0 || !result.records[0].get("up")) {
+      return null;
+    }
+    const upNode = result.records[0].get("up");
+    const profileProps = { ...upNode.properties };
+    const personNode = result.records[0].get("person");
+    if (personNode?.properties) {
+      if (personNode.properties.givenName !== void 0) profileProps.givenName = personNode.properties.givenName;
+      if (personNode.properties.familyName !== void 0) profileProps.familyName = personNode.properties.familyName;
+      if (personNode.properties.email !== void 0) profileProps.email = personNode.properties.email;
+      if (personNode.properties.telephone !== void 0) profileProps.telephone = personNode.properties.telephone;
+    }
+    const prefNodes = result.records[0].get("prefs");
+    const preferences = prefNodes.map((p) => ({
+      preferenceId: p.properties.preferenceId,
+      category: p.properties.category,
+      key: p.properties.key,
+      value: p.properties.value,
+      confidence: p.properties.confidence,
+      source: p.properties.source,
+      observedAt: p.properties.observedAt,
+      notApplicable: p.properties.notApplicable === true
+    }));
+    const summary = formatProfileSummary(profileProps, preferences);
+    const absentFields = computeAbsentFields(preferences);
+    const fieldCoverageCount = TOTAL_PROFILE_FIELDS - absentFields.length;
+    const presentCategories = new Set(
+      preferences.filter((p) => p.notApplicable === true || p.confidence >= INJECTION_THRESHOLD).map((p) => p.category)
+    );
+    const absentCategories = PROFILE_CATEGORIES.filter((c) => !presentCategories.has(c));
+    const categoryCoverage = PROFILE_CATEGORIES.length - absentCategories.length;
+    console.error(
+      `[profile] loaded for userId=${userId} accountId=${accountId.slice(0, 8)}\u2026 preferences=${preferences.length} fieldCoverage=${fieldCoverageCount}/${TOTAL_PROFILE_FIELDS} categoryCoverage=${categoryCoverage}/${PROFILE_CATEGORIES.length} (decay: ${decayCount} updated)`
+    );
+    const identityKeys = [
+      { prop: "email", token: "email" },
+      // Schema-canonical name. `phone` is the synonym (rejected at tool
+      // surface); the log uses `telephone` to keep grep aligned with
+      // schema-base.md doctrine the brief enforces.
+      { prop: "telephone", token: "telephone" },
+      { prop: "givenName", token: "givenName" },
+      { prop: "familyName", token: "familyName" },
+      { prop: "role", token: "role" }
+    ];
+    const absentIdentity = identityKeys.filter((k) => {
+      const v = profileProps[k.prop];
+      return typeof v !== "string" || v.trim().length === 0;
+    });
+    const sparseFired = absentCategories.length > 0 || absentFields.length > 0 || absentIdentity.length > 0;
+    if (conversationId && sparseFired) {
+      const dedupeKey = `${accountId}:${userId}:${conversationId}`;
+      if (!sparseStateLogged.has(dedupeKey)) {
+        sparseStateLogged.add(dedupeKey);
+        const FIELDS_LOG_CAP = 10;
+        const absentFieldsTruncated = absentFields.length <= FIELDS_LOG_CAP ? absentFields.join(",") : `${absentFields.slice(0, FIELDS_LOG_CAP).join(",")}+${absentFields.length - FIELDS_LOG_CAP} more`;
+        console.error(
+          `[profile] sparse-state injected accountId=${accountId.slice(0, 8)}\u2026 userId=${userId} conversationId=${conversationId.slice(0, 8)}\u2026 absentCategories=${absentCategories.join(",")} absentFields=${absentFieldsTruncated || "none"} absentIdentity=${absentIdentity.map((k) => k.token).join(",") || "none"}`
+        );
+      }
+    }
+    return summary;
+  } catch (err) {
+    console.error(`[profile] loadUserProfile failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+function formatProfileSummary(profile, preferences) {
+  const givenName = typeof profile.givenName === "string" ? profile.givenName.trim() : "";
+  const familyName = typeof profile.familyName === "string" ? profile.familyName.trim() : "";
+  const joined = familyName ? `${givenName} ${familyName}` : givenName;
+  const name = joined || "Owner";
+  const role = profile.role ? ` (${profile.role})` : "";
+  const tz = profile.timezone ? ` \u2014 ${profile.timezone}` : "";
+  const locale = profile.locale ? `, ${profile.locale}` : "";
+  const expertise = profile.expertise ? `
+Expertise: ${typeof profile.expertise === "string" ? profile.expertise : JSON.stringify(profile.expertise)}` : "";
+  const lines = [`## About the Owner
+`];
+  lines.push(`${name}${role}${tz}${locale}${expertise}
+`);
+  const categories = {};
+  for (const pref of preferences) {
+    if (pref.notApplicable === true) continue;
+    if (!categories[pref.category]) categories[pref.category] = [];
+    categories[pref.category].push(pref);
+  }
+  const categoryLabels = {
+    communication: "Communication",
+    scheduling: "Scheduling",
+    decision: "Decisions",
+    workflow: "Workflow",
+    content: "Content",
+    interaction: "Interaction patterns"
+  };
+  const workCategories = ["communication", "scheduling", "decision", "workflow", "content"];
+  const workPrefs = workCategories.filter((c) => categories[c]);
+  if (workPrefs.length > 0) {
+    lines.push(`### How they work`);
+    for (const cat of workPrefs) {
+      const label = categoryLabels[cat] || cat;
+      const items = categories[cat].map((p) => p.value).join("; ");
+      lines.push(`- ${label}: ${items}`);
+    }
+    lines.push("");
+  }
+  if (categories.interaction) {
+    lines.push(`### Interaction patterns`);
+    for (const pref of categories.interaction) {
+      lines.push(`- ${pref.value}`);
+    }
+    lines.push("");
+  }
+  const identityFields = [
+    { key: "email", label: "email" },
+    { key: "telephone", label: "phone" },
+    { key: "givenName", label: "first name" },
+    { key: "familyName", label: "last name" },
+    { key: "role", label: "role" }
+  ];
+  const absentIdentity = identityFields.filter((f) => {
+    const v = profile[f.key];
+    return typeof v !== "string" || v.trim().length === 0;
+  });
+  if (absentIdentity.length > 0) {
+    lines.push(`### Identity coverage`);
+    lines.push(`Missing: ${absentIdentity.map((f) => f.label).join(", ")}`);
+    lines.push("");
+  }
+  const absentFields = computeAbsentFields(preferences);
+  if (absentFields.length > 0) {
+    lines.push(`### Coverage`);
+    lines.push(`Missing: ${absentFields.join(", ")}`);
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+var MAX_SESSION_TASKS = 20;
+var MAX_SESSION_PROJECTS = 5;
+var MAX_RECENT_TOOL_FAILURES = 3;
+var RECENT_FAILURES_TAIL_BYTES = 10 * 1024;
+function readRecentToolFailures(accountId, conversationId) {
+  try {
+    const platformRoot = process.env.MAXY_PLATFORM_ROOT ?? resolve(process.cwd(), "..");
+    const logDir = resolve(platformRoot, "..", "data/accounts", accountId, "logs");
+    const logPath = resolve(logDir, `claude-agent-stream-${conversationId}.log`);
+    if (!existsSync(logPath)) {
+      console.error(`[review-tail-skip] path=${logPath} reason=file-missing \u2014 first turn of conversation, subprocess not yet spawned, or log rotated`);
+      return [];
+    }
+    const st = statSync(logPath);
+    const size = st.size;
+    const readBytes = Math.min(size, RECENT_FAILURES_TAIL_BYTES);
+    const position = size - readBytes;
+    const fd = openSync(logPath, "r");
+    try {
+      const buf = Buffer.alloc(readBytes);
+      readSync(fd, buf, 0, readBytes, position);
+      const text = buf.toString("utf-8");
+      const lines = text.split("\n");
+      const matches = [];
+      for (let i = lines.length - 1; i >= 0 && matches.length < MAX_RECENT_TOOL_FAILURES; i--) {
+        const line = lines[i];
+        if (line.includes("[tool-failure-diag]")) {
+          matches.push(line);
+        }
+      }
+      return matches.reverse();
+    } finally {
+      closeSync(fd);
+    }
+  } catch (err) {
+    console.error(
+      `[session-context] recent-tool-failures read failed: ${err instanceof Error ? err.message : String(err)}`
+    );
+    return [];
+  }
+}
+async function loadSessionContext(accountId, conversationId) {
+  const session = getSession();
+  try {
+    const digestResult = await session.run(
+      `MATCH (d:CreativeWork {accountId: $accountId})
+       WHERE d.title STARTS WITH 'Chat Review'
+       RETURN d.title AS title, d.createdAt AS createdAt, d.abstract AS abstract
+       ORDER BY d.createdAt DESC LIMIT 1`,
+      { accountId }
+    );
+    const tasksResult = await session.run(
+      `MATCH (t:Task {accountId: $accountId})
+       WHERE t.status IN ['pending', 'active']
+       RETURN t.taskId AS taskId, t.name AS name, t.status AS status,
+              t.priority AS priority, t.dueDate AS dueDate
+       ORDER BY
+         CASE t.priority
+           WHEN 'urgent' THEN 0
+           WHEN 'high' THEN 1
+           WHEN 'normal' THEN 2
+           WHEN 'low' THEN 3
+           ELSE 4
+         END,
+         t.createdAt DESC
+       LIMIT $limit`,
+      { accountId, limit: neo4j.int(MAX_SESSION_TASKS) }
+    );
+    let projectsCount = 0;
+    let projectLines = [];
+    try {
+      const projectsResult = await session.run(
+        `MATCH (p:Project:Task {accountId: $accountId})
+         WHERE p.status IN ['pending', 'active']
+         OPTIONAL MATCH (p)-[:HAS_TASK]->(child:Task)
+         WITH p,
+           count(child) AS totalTasks,
+           count(CASE WHEN child.status = 'completed' THEN 1 END) AS completedTasks,
+           count(CASE WHEN child.dueDate IS NOT NULL
+             AND date(child.dueDate) < date()
+             AND child.status <> 'completed' THEN 1 END) AS overdueTasks,
+           count(CASE WHEN child.status IN ['pending', 'active'] AND EXISTS {
+             MATCH (blocker:Task)-[:BLOCKS]->(child)
+             WHERE blocker.status IN ['pending', 'active']
+           } THEN 1 END) AS blockedTasks
+         RETURN p.name AS name, p.phase AS phase, p.tier AS tier,
+                p.clientRef AS clientRef, p.status AS status,
+                totalTasks, completedTasks, overdueTasks, blockedTasks
+         ORDER BY p.updatedAt DESC
+         LIMIT $limit`,
+        { accountId, limit: neo4j.int(MAX_SESSION_PROJECTS) }
+      );
+      projectsCount = projectsResult.records.length;
+      if (projectsCount > 0) {
+        projectLines = projectsResult.records.map((r) => {
+          const name = r.get("name") || "Unnamed project";
+          const phase = r.get("phase") || "planning";
+          const tier = r.get("tier") || "standard";
+          const clientRef = r.get("clientRef");
+          const total = typeof r.get("totalTasks") === "number" ? r.get("totalTasks") : r.get("totalTasks")?.toNumber?.() ?? 0;
+          const completed = typeof r.get("completedTasks") === "number" ? r.get("completedTasks") : r.get("completedTasks")?.toNumber?.() ?? 0;
+          const overdue = typeof r.get("overdueTasks") === "number" ? r.get("overdueTasks") : r.get("overdueTasks")?.toNumber?.() ?? 0;
+          const blocked = typeof r.get("blockedTasks") === "number" ? r.get("blockedTasks") : r.get("blockedTasks")?.toNumber?.() ?? 0;
+          let signal;
+          const hasDueDates = overdue > 0 || total > 0;
+          if (!hasDueDates && total === 0) {
+            signal = "grey";
+          } else if (overdue > 1 || blocked > 1) {
+            signal = "red";
+          } else if (overdue > 0 || blocked > 0) {
+            signal = "amber";
+          } else {
+            signal = "green";
+          }
+          const client = clientRef ? ` (${clientRef})` : "";
+          const health = signal !== "grey" ? ` [${signal.toUpperCase()}]` : "";
+          return `- **${name}**${client} \u2014 ${tier}, ${phase}${health}, ${completed}/${total} done${overdue > 0 ? `, ${overdue} overdue` : ""}${blocked > 0 ? `, ${blocked} blocked` : ""}`;
+        });
+      }
+    } catch (projectErr) {
+      console.error(
+        `[session-context] project query failed: ${projectErr instanceof Error ? projectErr.message : String(projectErr)}`
+      );
+    }
+    const sections = [];
+    if (digestResult.records.length > 0) {
+      const rec = digestResult.records[0];
+      const createdAt = rec.get("createdAt");
+      const abstract = rec.get("abstract");
+      if (abstract) {
+        const dateSuffix = createdAt ? ` (${createdAt.slice(0, 10)})` : "";
+        sections.push(`## Recent Public Chat Digest${dateSuffix}
+${abstract}`);
+      }
+    }
+    if (tasksResult.records.length > 0) {
+      const taskLines = tasksResult.records.map((r) => {
+        const priority = (r.get("priority") || "normal").toUpperCase();
+        const status = r.get("status");
+        const name = r.get("name");
+        const dueDate = r.get("dueDate");
+        const due = dueDate ? ` due:${dueDate.slice(0, 10)}` : "";
+        const taskId = r.get("taskId");
+        return `- [${priority}] ${status} \u2014 ${name}${due} (${taskId})`;
+      });
+      sections.push(`## Open Tasks (${tasksResult.records.length})
+${taskLines.join("\n")}`);
+    }
+    let pendingCount = 0;
+    let pendingLines = [];
+    try {
+      const platformRoot = process.env.MAXY_PLATFORM_ROOT ?? resolve(process.cwd(), "..");
+      const pendingDir = resolve(platformRoot, "..", "data/accounts", accountId, "pending-actions");
+      if (existsSync(pendingDir)) {
+        const files = readdirSync(pendingDir).filter((f) => f.endsWith(".json") && !f.startsWith("."));
+        for (const file of files) {
+          try {
+            const raw = readFileSync(resolve(pendingDir, file), "utf-8");
+            const action = JSON.parse(raw);
+            if (action.state === "pending") {
+              const inputSummary = JSON.stringify(action.hookPayload?.tool_input ?? {}).slice(0, 150);
+              pendingLines.push(`- **${action.toolName}** (${action.actionId.slice(0, 8)}\u2026) queued ${action.createdAt?.slice(0, 16) ?? "unknown"}
+  Input: ${inputSummary}`);
+              pendingCount++;
+            }
+          } catch {
+          }
+        }
+      }
+    } catch (pendingErr) {
+      console.error(
+        `[session-context] pending actions read failed: ${pendingErr instanceof Error ? pendingErr.message : String(pendingErr)}`
+      );
+    }
+    if (pendingCount > 0) {
+      sections.push(`## Pending Actions (${pendingCount})
+Actions queued for your approval. Use action-approve, action-reject, or action-edit.
+${pendingLines.join("\n")}`);
+    }
+    if (projectLines.length > 0) {
+      sections.push(`## Active Projects (${projectLines.length})
+${projectLines.join("\n")}`);
+    }
+    let recentFailuresCount = 0;
+    if (conversationId) {
+      const failureLines = readRecentToolFailures(accountId, conversationId);
+      if (failureLines.length > 0) {
+        recentFailuresCount = failureLines.length;
+        const guidance = "These tool calls failed in the current conversation. Inspect the diagnostic fields before retrying the same tool against the same target \u2014 if you do retry, narrate explicitly why the diagnostic suggests a retry will now succeed. A second identical failure is evidence the path is broken, not evidence another attempt is warranted.";
+        sections.push(`## Recent Tool Failures (${failureLines.length})
+${guidance}
+
+${failureLines.map((l) => `- ${l.trim()}`).join("\n")}`);
+      }
+    }
+    if (sections.length === 0) return null;
+    console.error(
+      `[session-context] Loaded for ${accountId.slice(0, 8)}\u2026: digest=${digestResult.records.length > 0 ? "yes" : "no"}, tasks=${tasksResult.records.length}, projects=${projectsCount}, pendingActions=${pendingCount}, recentFailures=${recentFailuresCount}`
+    );
+    return `<previous-context>
+${sections.join("\n\n")}
+</previous-context>`;
+  } catch (err) {
+    console.error(`[session-context] loadSessionContext failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+async function consumeStep7FlagUI(session, accountId) {
+  const accountDir = resolve(PLATFORM_ROOT, "..", "data/accounts", accountId);
+  const flagPath = resolve(accountDir, "onboarding", "step7-complete");
+  if (!existsSync(flagPath)) return false;
+  let completedAt = (/* @__PURE__ */ new Date()).toISOString();
+  try {
+    const raw = readFileSync(flagPath, "utf-8").trim();
+    if (raw) {
+      const parsed = JSON.parse(raw);
+      if (typeof parsed.completedAt === "string") {
+        completedAt = parsed.completedAt;
+      }
+    }
+  } catch {
+  }
+  const result = await session.run(
+    `MATCH (o:OnboardingState {accountId: $accountId})
+     SET o.step7CompletedAt = CASE WHEN o.step7CompletedAt IS NULL THEN $completedAt ELSE o.step7CompletedAt END,
+         o.currentStep = CASE WHEN 7 > o.currentStep THEN 7 ELSE o.currentStep END,
+         o.updatedAt = $completedAt
+     RETURN count(o) AS updated`,
+    { accountId, completedAt }
+  );
+  const updatedRaw = result.records[0]?.get("updated");
+  const updated = typeof updatedRaw === "number" ? updatedRaw : updatedRaw && typeof updatedRaw === "object" && "toNumber" in updatedRaw ? updatedRaw.toNumber() : 0;
+  if (updated === 0) {
+    console.log(
+      `[onboarding-flag-consumed] accountId=${accountId.slice(0, 8)}\u2026 step=7 source=filesystem flagPath=${flagPath} skipped=no-node`
+    );
+    return false;
+  }
+  console.log(
+    `[onboarding-flag-consumed] accountId=${accountId.slice(0, 8)}\u2026 step=7 source=filesystem flagPath=${flagPath} completedAt=${completedAt}`
+  );
+  try {
+    rmSync(flagPath);
+  } catch (err) {
+    console.error(
+      `[onboarding-flag-consumed] warn: failed to delete ${flagPath}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  return true;
+}
+async function loadOnboardingStep(accountId) {
+  const session = getSession();
+  try {
+    await consumeStep7FlagUI(session, accountId);
+    const result = await session.run(
+      `MATCH (o:OnboardingState {accountId: $accountId})
+       RETURN o.currentStep AS currentStep`,
+      { accountId }
+    );
+    if (result.records.length === 0) {
+      return -1;
+    }
+    const raw = result.records[0].get("currentStep");
+    if (typeof raw === "number") return raw;
+    if (raw && typeof raw === "object" && "toNumber" in raw) {
+      return raw.toNumber();
+    }
+    return 0;
+  } catch (err) {
+    console.error(`[onboarding-inject] loadOnboardingStep failed: ${err instanceof Error ? err.message : String(err)}`);
+    return null;
+  } finally {
+    await session.close();
+  }
+}
+var AGENT_FILE_ROLES = [
+  { filename: "IDENTITY.md", role: "identity" },
+  { filename: "SOUL.md", role: "soul" },
+  { filename: "KNOWLEDGE.md", role: "knowledge" },
+  { filename: "KNOWLEDGE-SUMMARY.md", role: "knowledge-summary" }
+];
+var ROLE_TO_EDGE = {
+  identity: "HAS_IDENTITY",
+  soul: "HAS_SOUL",
+  knowledge: "HAS_KNOWLEDGE",
+  "knowledge-summary": "HAS_KNOWLEDGE"
+};
+function assertSafeAgentSlug(slug) {
+  if (!slug || slug.includes("/") || slug.includes("\\") || slug.includes("..")) {
+    throw new Error(`[agent-graph] refusing unsafe slug=${JSON.stringify(slug)}`);
+  }
+}
+function agentAttachmentId(accountId, slug, role) {
+  return `agent:${accountId}:${slug}:${role}`;
+}
+async function projectAgent(accountId, accountDir, slug) {
+  const start = Date.now();
+  const account8 = accountId.slice(0, 8);
+  try {
+    assertSafeAgentSlug(slug);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[agent-graph] project FAILED slug=${slug} account=${account8} error="${msg}"`
+    );
+    return;
+  }
+  const agentDir = resolve(accountDir, "agents", slug);
+  const configPath = resolve(agentDir, "config.json");
+  let config;
+  let presentRoles = [];
+  try {
+    if (!existsSync(configPath)) {
+      console.error(
+        `[agent-graph] project FAILED slug=${slug} account=${account8} error="config.json missing at ${configPath}"`
+      );
+      return;
+    }
+    config = JSON.parse(readFileSync(configPath, "utf-8"));
+    for (const { filename, role } of AGENT_FILE_ROLES) {
+      const filePath = resolve(agentDir, filename);
+      if (!existsSync(filePath)) continue;
+      const body = readFileSync(filePath, "utf-8");
+      presentRoles.push({ role, body, edge: ROLE_TO_EDGE[role] });
+    }
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[agent-graph] project FAILED slug=${slug} account=${account8} error="${msg}"`
+    );
+    return;
+  }
+  const session = getSession();
+  try {
+    await session.run(
+      `MERGE (a:Agent {accountId: $accountId, slug: $slug})
+       ON CREATE SET a.createdAt = datetime()
+       SET a.displayName = $displayName,
+           a.status = $status,
+           a.model = $model,
+           a.liveMemory = $liveMemory,
+           a.knowledgeKeywords = $knowledgeKeywords,
+           a.role = 'agent',
+           a.updatedAt = datetime()
+       RETURN a.slug AS slug`,
+      {
+        accountId,
+        slug,
+        displayName: config.displayName ?? slug,
+        status: config.status ?? "unknown",
+        model: config.model ?? "",
+        liveMemory: config.liveMemory ?? false,
+        knowledgeKeywords: config.knowledgeKeywords ?? []
+      }
+    );
+    for (const { role, body, edge } of presentRoles) {
+      const attachmentId = agentAttachmentId(accountId, slug, role);
+      await session.run(
+        `MATCH (a:Agent {accountId: $accountId, slug: $slug})
+         MERGE (k:KnowledgeDocument {attachmentId: $attachmentId})
+         ON CREATE SET k.createdAt = datetime()
+         SET k.accountId = $accountId,
+             k.role = $role,
+             k.name = $name,
+             k.text = $text,
+             k.scope = 'admin',
+             k.updatedAt = datetime()
+         MERGE (a)-[:${edge}]->(k)
+         RETURN k.attachmentId AS attachmentId`,
+        {
+          accountId,
+          slug,
+          attachmentId,
+          role,
+          name: `${slug} ${role}`,
+          text: body
+        }
+      );
+    }
+    const usesResult = await session.run(
+      `MATCH (a:Agent {accountId: $accountId, slug: $slug})
+       MATCH (k:KnowledgeDocument {accountId: $accountId})
+       WHERE $slug IN coalesce(k.agents, [])
+         AND NOT k.attachmentId STARTS WITH $namespacePrefix
+       MERGE (a)-[:USES_KNOWLEDGE]->(k)
+       RETURN count(k) AS uses`,
+      {
+        accountId,
+        slug,
+        namespacePrefix: `agent:${accountId}:${slug}:`
+      }
+    );
+    const uses = usesResult.records[0]?.get("uses");
+    const usesCount = typeof uses === "number" ? uses : uses && typeof uses.toNumber === "function" ? uses.toNumber() : 0;
+    const ms = Date.now() - start;
+    console.error(
+      `[agent-graph] project slug=${slug} account=${account8} docs=${presentRoles.length} uses=${usesCount} ms=${ms}`
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[agent-graph] project FAILED slug=${slug} account=${account8} error="${msg}"`
+    );
+    throw err;
+  } finally {
+    await session.close();
+  }
+}
+async function deleteAgentProjection(accountId, slug) {
+  const start = Date.now();
+  const account8 = accountId.slice(0, 8);
+  assertSafeAgentSlug(slug);
+  const session = getSession();
+  try {
+    await session.run(
+      `MATCH (a:Agent {accountId: $accountId, slug: $slug})
+       DETACH DELETE a
+       WITH 1 AS _
+       UNWIND $attachmentIds AS aid
+       OPTIONAL MATCH (k:KnowledgeDocument {accountId: $accountId, attachmentId: aid})
+       WHERE k.attachmentId STARTS WITH $namespacePrefix
+       DETACH DELETE k`,
+      {
+        accountId,
+        slug,
+        namespacePrefix: `agent:${accountId}:${slug}:`,
+        attachmentIds: ["identity", "soul", "knowledge", "knowledge-summary"].map((role) => agentAttachmentId(accountId, slug, role))
+      }
+    );
+    const ms = Date.now() - start;
+    console.error(
+      `[agent-graph] delete slug=${slug} account=${account8} ms=${ms}`
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[agent-graph] delete FAILED slug=${slug} account=${account8} error="${msg}"`
+    );
+    throw err;
+  } finally {
+    await session.close();
+  }
+}
+
+export {
+  HAIKU_MODEL,
+  contextWindow,
+  getSession,
+  runAdminUserSelfHeal,
+  embed,
+  setSessionStoreRef,
+  GREETING_DIRECTIVE,
+  ensureConversation,
+  findRecentConversation,
+  findGroupBySlug,
+  getGroupParticipants,
+  checkGroupMembership,
+  bindVisitorToGroup,
+  getMessagesSince,
+  getGroupMessagesForContext,
+  backfillNullUserIdConversations,
+  createNewAdminConversation,
+  fetchBranding,
+  persistToolCall,
+  persistMessage,
+  setConversationAgentSessionId,
+  getAgentSessionIdForConversation,
+  getRecentMessages,
+  markComponentSubmitted,
+  verifyConversationOwnership,
+  getConversationOwner,
+  verifyAndGetConversationUpdatedAt,
+  searchMessages,
+  listAdminSessions,
+  deleteConversation,
+  isMessageUseful,
+  generateSessionLabel,
+  autoLabelSession,
+  renameConversation,
+  getUserTimezone,
+  loadAdminUserName,
+  writeAdminUserAndPerson,
+  loadUserProfile,
+  loadSessionContext,
+  loadOnboardingStep,
+  projectAgent,
+  deleteAgentProjection
+};