@venturewild/workspace 0.3.8 → 0.4.1

package/server/src/index.mjs

@@ -59,6 +59,18 @@ import { createCanvasRails } from './canvas-rails.mjs';
 import { createUsageService } from './usage.mjs';
 import { createPowers } from './skills.mjs';
 import { createSettings, resolveAutonomyMode } from './settings.mjs';
+import {
+  listWorkspaces,
+  getWorkspace,
+  createWorkspace as registryCreateWorkspace,
+  touchWorkspace,
+  removeWorkspace,
+  markShared,
+  setSyncProject,
+  seedDefault,
+  workspaceIdForDir,
+} from './workspace-registry.mjs';
+import { createWorkspaceRails } from './workspaces.mjs';
 import { matchCandidates } from './bazaar/mock-tickup.mjs';
 import { servePreviewFile, confineBuildDir } from './bazaar/preview-server.mjs';
 import { TURN_SYSTEM_PROMPT, writeTurnMcpConfig } from './turn-mcp.mjs';
@@ -110,6 +122,9 @@ function loadChatSessionId(dataDir) {
 }
 function saveChatSessionId(dataDir, sessionId) {
   try {
+    // A freshly-created workspace has no .wild-workspace/ dir yet — make it so the
+    // per-workspace conversation persists from the very first turn (lobby M1).
+    mkdirSync(dataDir, { recursive: true });
     writeFileSync(
       chatSessionPath(dataDir),
       JSON.stringify({ sessionId: sessionId || null }, null, 2),
@@ -323,6 +338,12 @@ export async function createServer(overrides = {}) {
   // cache. `canvas` above still owns the workspace-SHARED agent content (blocks +
   // agent theme). Person-scoped state stores are built lazily + cached per personKey.
   const canvasRails = overrides.canvasRails || createCanvasRails(config, config.account);
+  // Shared-workspace membership client (sharing slice — design §4). The account
+  // token is kept top-level on config (out of the broadcast `config.account`), so
+  // pass it explicitly, mirroring the CLI `wild-workspace workspace …`. Inert (and
+  // every call returns {ok:false, code:'not_configured'}) until the owner logs in.
+  const workspaceRails =
+    overrides.workspaceRails || createWorkspaceRails(config, { accountToken: config.accountToken });
   const canvasStores = new Map();
   function canvasFor(personKey) {
     let store = canvasStores.get(personKey);
@@ -400,9 +421,29 @@ export async function createServer(overrides = {}) {
   // One conversation per workspace in v1 (single-user, single tab — PRD §5.5).
   // Both user sends and auto-wake turns thread through one turn-runner so they
   // share the agent's memory and never run two claude processes at once.
-  let chatSessionId = loadChatSessionId(config.dataDir);
   const chatClients = new Set(); // every connected /ws/chat socket
-  let currentTurn = null; //       { session, messageId } — at most one at a time
+  // Per-workspace live turns (lobby M2): one in-flight agent turn PER workspace,
+  // keyed by workspace id, so a task started in workspace A keeps running when you
+  // hop to B (design §8.1 decision 6 — "switching keeps in-flight work alive"). A
+  // user send supersedes only its OWN workspace's turn. Capped at
+  // MAX_CONCURRENT_TURNS live workspaces (reject, don't queue — the user resends,
+  // auto-wake self-retries): a `claude -p` turn measured ~340 MB peak working set
+  // (full-context turn in this repo, 2026-06-13), so 3 concurrent ≈ 1 GB — safe
+  // headroom on any modern machine, while the cap stops an unbounded fan-out from
+  // OOMing a laptop. Raise/lower via WILD_WORKSPACE_MAX_CONCURRENT_TURNS.
+  const currentTurns = new Map(); // workspace.id → { session, messageId, workspaceId }
+  const MAX_CONCURRENT_TURNS =
+    overrides.maxConcurrentTurns ??
+    Math.max(1, Number(process.env.WILD_WORKSPACE_MAX_CONCURRENT_TURNS) || 3);
+  // Drop a workspace's turn entry ONLY if it still points at THIS session. A
+  // superseded turn's `end` fires a tick AFTER its proc is killed (the 'close'
+  // event), by which point the replacement turn may already own the slot — so an
+  // unconditional delete would evict the live replacement. The identity check
+  // prevents that race.
+  function clearTurnIf(workspaceId, session) {
+    const t = currentTurns.get(workspaceId);
+    if (t && t.session === session) currentTurns.delete(workspaceId);
+  }
 
   // Per-connection chat rate limit (SECURITY.md S6 / concern C4). Every send
   // spawns an agent subprocess that costs real API tokens, so cap the burst a
@@ -416,10 +457,16 @@ export async function createServer(overrides = {}) {
       (Number(process.env.WILD_WORKSPACE_CHAT_RATE_WINDOW_MS) || 60_000),
   };
 
-  function broadcastChat(obj) {
+  // Broadcast a chat frame. When `workspaceId` is given, only sockets attached to
+  // that workspace receive it — so a tab viewing workspace B never renders a turn
+  // that belongs to A (lobby M1: per-workspace conversations over one WS pool).
+  // Frames with no workspaceId (e.g. the usage gauge, bazaar meter) go to all.
+  function broadcastChat(obj, workspaceId) {
     const data = JSON.stringify(obj);
     for (const ws of chatClients) {
-      if (ws.readyState === ws.OPEN) ws.send(data);
+      if (ws.readyState !== ws.OPEN) continue;
+      if (workspaceId && ws._wsWorkspaceId !== workspaceId) continue;
+      ws.send(data);
     }
   }
 
@@ -432,19 +479,40 @@ export async function createServer(overrides = {}) {
    *     and retries once if the run fails (PRD §13 A8).
    * Returns false if the turn could not start (an auto turn while busy).
    */
-  function runChatTurn({ prompt, mode, messageId, userText, note, auto = false }) {
-    if (currentTurn) {
-      if (auto) return false; //          auto-wake yields to a live turn
-      currentTurn.session.close(); //     a user send supersedes what's running
-      currentTurn = null;
+  function runChatTurn({ prompt, mode, messageId, userText, note, auto = false, workspace = defaultWorkspace }) {
+    const id = messageId || nanoid(8);
+    // Supersede only THIS workspace's in-flight turn — a send in B must never kill
+    // a turn still running in A (lobby M2).
+    const live = currentTurns.get(workspace.id);
+    if (live) {
+      if (auto) return false; //          auto-wake yields to a live turn in this workspace
+      live.session.close(); //            a user send supersedes what's running here
+      currentTurns.delete(workspace.id);
+    }
+    // Concurrency cap (after the per-workspace supersede, before spawn): too many
+    // OTHER workspaces are already mid-turn. Reject — don't queue — and tell the
+    // tab so the user can resend (an auto-wake re-queues itself, so it stays quiet).
+    if (currentTurns.size >= MAX_CONCURRENT_TURNS) {
+      log('[chat]', `cap reached (${currentTurns.size}/${MAX_CONCURRENT_TURNS}) — rejecting ${auto ? 'auto' : 'user'} turn in ${workspace.id}`);
+      if (!auto) {
+        broadcastChat({
+          type: 'error',
+          messageId: id,
+          message: `${MAX_CONCURRENT_TURNS} workspaces are already working at once. Wait for one to finish, then resend.`,
+        }, workspace.id);
+      }
+      return false;
     }
     // Apply the autonomy dial (§8). Auto-wake is exempt — it's the system consent
     // boundary and stays in the plan mode it was given. For a USER turn we resolve
     // the stored level + the per-message toggle through resolveAutonomyMode, whose
     // guardrail guarantees an unbuilt/unknown level can NEVER become bypassPermissions.
     if (!auto) mode = resolveAutonomyMode(settings.getAutonomyLevel(), mode);
-    const id = messageId || nanoid(8);
-    broadcastChat({ type: 'turn-begin', messageId: id, userText, note });
+    // Per-workspace conversation (lobby M1): resume THIS workspace's claude session
+    // from its own dataDir, and tag every frame with the workspace so it streams
+    // only to tabs viewing it.
+    const resumeId = loadChatSessionId(workspace.dataDir);
+    broadcastChat({ type: 'turn-begin', messageId: id, userText, note }, workspace.id);
     activityBus.publish({
       type: 'chat-user',
       messageId: id,
@@ -456,7 +524,7 @@ export async function createServer(overrides = {}) {
       const startedAt = Date.now();
       log('[chat]', `turn-begin id=${id} auto=${auto} mode=${mode || 'build'} promptChars=${(prompt || '').length}`);
       const session = new AgentSession(activeAgent);
-      currentTurn = { session, messageId: id };
+      currentTurns.set(workspace.id, { session, messageId: id, workspaceId: workspace.id });
       let sawError = false;
       session.on('chunk', (chunk) => {
         // The per-turn context signal (working-memory gauge, §8) feeds the usage
@@ -467,7 +535,7 @@ export async function createServer(overrides = {}) {
           return;
         }
         if (chunk.type === 'error') sawError = true;
-        broadcastChat({ type: 'chunk', messageId: id, chunk });
+        broadcastChat({ type: 'chunk', messageId: id, chunk }, workspace.id);
         activityBus.publish({ type: 'chat-stream', messageId: id, chunk });
         // Surface the turn's token/cost totals so the activity bar can show
         // running usage — the ActivityBus accumulates events typed 'usage'.
@@ -478,7 +546,7 @@ export async function createServer(overrides = {}) {
       session.on('stderr', (text) => {
         const trimmed = String(text || '').trim();
         if (trimmed) log('[chat]', `stderr id=${id}: ${trimmed.slice(0, 240)}`);
-        broadcastChat({ type: 'stderr', messageId: id, text });
+        broadcastChat({ type: 'stderr', messageId: id, text }, workspace.id);
       });
       session.on('error', (err) => {
         sawError = true;
@@ -494,11 +562,11 @@ export async function createServer(overrides = {}) {
           type: 'error',
           messageId: id,
           message: msg,
-        });
-        currentTurn = null;
+        }, workspace.id);
+        clearTurnIf(workspace.id, session);
       });
       session.on('end', ({ code }) => {
-        currentTurn = null;
+        clearTurnIf(workspace.id, session);
         const elapsed = Date.now() - startedAt;
         log('[chat]', `turn-end id=${id} code=${code} ms=${elapsed} closed=${session.closed} sawError=${sawError}`);
         // Silent agent crash → telemetry. A non-zero exit (or signal-kill =
@@ -528,17 +596,16 @@ export async function createServer(overrides = {}) {
             return;
           }
           if (session.sessionId) {
-            chatSessionId = session.sessionId;
-            saveChatSessionId(config.dataDir, chatSessionId);
+            saveChatSessionId(workspace.dataDir, session.sessionId);
           }
         }
-        broadcastChat({ type: 'end', messageId: id, code });
+        broadcastChat({ type: 'end', messageId: id, code }, workspace.id);
         activityBus.publish({ type: 'chat-end', messageId: id, code });
       });
       session.send(prompt, {
-        cwd: config.workspaceDir,
+        cwd: workspace.dir,
         mode,
-        resumeSessionId: chatSessionId,
+        resumeSessionId: resumeId,
         // Auto-wake (import integration, plan mode) stays bazaar-free; only the
         // user's own turns get the marketplace tools + disposition.
         ...(auto ? {} : turnCtx),
@@ -548,14 +615,16 @@ export async function createServer(overrides = {}) {
     return true;
   }
 
-  function resetChat() {
-    if (currentTurn) {
-      currentTurn.session.close();
-      currentTurn = null;
+  function resetChat(workspace = defaultWorkspace) {
+    // Only stop the live turn if it belongs to THIS workspace — a "new chat" in B
+    // must never kill a turn still running in A (lobby M1/M2).
+    const live = currentTurns.get(workspace.id);
+    if (live) {
+      live.session.close();
+      currentTurns.delete(workspace.id);
     }
-    chatSessionId = null;
-    saveChatSessionId(config.dataDir, null);
-    broadcastChat({ type: 'reset' });
+    saveChatSessionId(workspace.dataDir, null);
+    broadcastChat({ type: 'reset' }, workspace.id);
   }
 
   // --- auto-wake on import (AR-23) ------------------------------------------
@@ -734,6 +803,36 @@ export async function createServer(overrides = {}) {
     return null;
   }
 
+  // --- multi-workspace re-root (lobby M1) ---
+  // One install can hold many workspaces; the ACTIVE one is per-REQUEST, carried
+  // by the `X-Workspace-Id` header that each browser tab sets (a cookie can't be
+  // per-tab — it's shared across tabs). `workspaceFor(c)` resolves it to
+  // {id, dir, dataDir, name}; absent/unknown falls back to the boot default. The
+  // boot/default workspace's id is COMPUTED from its dir (never persisted), so
+  // startup writes nothing and the registry holds only workspaces the user adds.
+  const registryEnv = overrides.registryEnv || process.env;
+  const defaultWorkspace = {
+    id: workspaceIdForDir(config.workspaceDir),
+    dir: config.workspaceDir,
+    dataDir: config.dataDir, // preserves any WILD_WORKSPACE_DATA_DIR override
+    name: config.workspaceId,
+    isDefault: true,
+  };
+  function resolveWorkspace(id) {
+    if (!id || id === defaultWorkspace.id) return defaultWorkspace;
+    const w = getWorkspace(id, registryEnv);
+    if (!w) return defaultWorkspace; // unknown id → safe fallback to the default
+    return {
+      id: w.id,
+      dir: w.dir,
+      dataDir: path.join(w.dir, '.wild-workspace'),
+      name: w.name,
+    };
+  }
+  function workspaceFor(c) {
+    return c.get('workspace') || resolveWorkspace(c.req.header('x-workspace-id'));
+  }
+
   // Persistent audit trail for privileged actions (SECURITY.md S8). The [http]
   // line is ephemeral (stdout, rotated); this records WHO did WHAT to a durable
   // log under ~/.wild-workspace (outside the synced repo) that doctor/logs and
@@ -803,6 +902,9 @@ export async function createServer(overrides = {}) {
     const session = await resolveRole(c);
     c.set('role', session.role);
     c.set('session', session);
+    // Resolve the active workspace for this request (lobby M1). Per-tab via the
+    // X-Workspace-Id header; absent/unknown → the boot default.
+    c.set('workspace', resolveWorkspace(c.req.header('x-workspace-id')));
     // Block the API for denied (non-localhost, unauthenticated) requests, but
     // let static assets + the public endpoints through so the SPA can still
     // load and prompt for sign-in. (Concern C1.)
@@ -831,13 +933,24 @@ export async function createServer(overrides = {}) {
   app.get('/api/session', (c) => {
     const session = c.get('session');
     const role = c.get('role');
-    const identity = loadIdentity(config.dataDir);
+    const ws = workspaceFor(c);
+    // A different agent per workspace (design §8.1 decision 4): the identity +
+    // onboarded flag are read from the ACTIVE workspace's own dataDir, so each
+    // workspace has its own named agent and "meet your agent" is a per-workspace
+    // first-entry moment. A brand-new workspace has no identity yet → onboarded
+    // is false → the client runs the meet-your-agent beat for it.
+    const identity = loadIdentity(ws.dataDir);
     return c.json({
       version: APP_VERSION,
       role,
       capabilities: ROLE_CAPABILITIES[role],
-      workspace: workspaceSummary(config.workspaceDir),
+      workspace: workspaceSummary(ws.dir),
       workspaceId: config.workspaceId,
+      // The active workspace for THIS request/tab (lobby M1). Distinct from the
+      // legacy `workspaceId` (the boot default's folder name, kept stable so the
+      // canvas localStorage cache key doesn't churn). The client echoes
+      // `currentWorkspace.id` back in X-Workspace-Id to stay on this workspace.
+      currentWorkspace: { id: ws.id, name: ws.name, isDefault: Boolean(ws.isDefault) },
       session,
       // The identity that scopes this person's canvas state (multi-host step 1).
       // The client folds it into its localStorage cache key so two people on one
@@ -1157,7 +1270,7 @@ export async function createServer(overrides = {}) {
   // Persisted to <dataDir>/agent-identity.json. Absence of this file is the
   // signal the UI uses to launch the 5-step onboarding flow.
   app.get('/api/agent/identity', (c) => {
-    const identity = loadIdentity(config.dataDir);
+    const identity = loadIdentity(workspaceFor(c).dataDir);
     return c.json({ identity, tones: TONES });
   });
 
@@ -1458,7 +1571,7 @@ export async function createServer(overrides = {}) {
     if (forbidden) return forbidden;
     const body = await c.req.json().catch(() => ({}));
     try {
-      const saved = saveIdentity(config.dataDir, {
+      const saved = saveIdentity(workspaceFor(c).dataDir, {
         name: body.name,
         tone: body.tone,
         color: body.color,
@@ -1476,7 +1589,7 @@ export async function createServer(overrides = {}) {
     const forbidden = require(c, 'chatWrite');
     if (forbidden) return forbidden;
     try {
-      const saved = markOnboarded(config.dataDir);
+      const saved = markOnboarded(workspaceFor(c).dataDir);
       log('[onboarding]', `complete name=${saved.name}`);
       activityBus.publish({ type: 'onboarded', at: saved.onboardedAt });
       return c.json({ identity: saved });
@@ -1521,7 +1634,7 @@ export async function createServer(overrides = {}) {
           : `--- ${f.path}`;
       })
       .join('\n');
-    const identity = loadIdentity(config.dataDir);
+    const identity = loadIdentity(workspaceFor(c).dataDir);
     const youAre = identity?.name
       ? `You are ${identity.name}, a ${identity.tone || 'concise'} AI assistant just meeting your human for the first time.`
       : `You are an AI assistant just meeting your human for the first time.`;
@@ -1545,6 +1658,7 @@ export async function createServer(overrides = {}) {
       messageId,
       note: `👀 ${identity?.name || 'Your agent'} is looking at ${folderName}…`,
       auto: true,
+      workspace: workspaceFor(c),
     });
     return c.json({ ok: true, sampled: files.length, started: started !== false });
   });
@@ -1568,7 +1682,7 @@ export async function createServer(overrides = {}) {
       typeof body.peekFolderName === 'string'
         ? body.peekFolderName.slice(0, 80)
         : null;
-    const identity = loadIdentity(config.dataDir);
+    const identity = loadIdentity(workspaceFor(c).dataDir);
     const tone = identity?.tone || 'concise';
     const name = identity?.name || 'your agent';
     const youAre = `You are ${name}, a ${tone} AI assistant. Your human just finished a 5-step onboarding and picked their first job. Stay in character.`;
@@ -1609,6 +1723,7 @@ export async function createServer(overrides = {}) {
       messageId,
       note,
       auto: true,
+      workspace: workspaceFor(c),
     });
     return c.json({ ok: true, started: started !== false });
   });
@@ -1767,13 +1882,367 @@ export async function createServer(overrides = {}) {
   });
 
   // --- workspace files ---
+  // --- lobby: the per-install workspace list (lobby M1) ---
+  // One install holds many local workspaces; the lobby lists them and the user
+  // picks one to enter (the client then sends X-Workspace-Id to re-root the agent,
+  // files, and chat). Creating is a HOST action — the folder lives on THIS machine
+  // — so it's refused for remote/tunnel requests; entering an existing one works
+  // from anywhere. Gated on `fileTree` (owner-level: never expose the host's other
+  // projects to a shared-link viewer/client). Distinct origin from the bmo-sync
+  // rails `/api/workspaces/*` (those live on the sync server).
+  const lobbyBootTime = Date.now();
+  function isHostRequest(c) {
+    const src = c.get('session')?.source;
+    return src === 'localhost' || src === 'loopback';
+  }
+  // The client-facing shape of a lobby card. Shared workspaces (sharing slice)
+  // carry their rails identity + the local member's role so the lobby can badge
+  // the card + gate owner-only actions (invite/un-share).
+  function lobbyShape(w) {
+    return {
+      id: w.id,
+      name: w.name,
+      dir: w.dir,
+      kind: w.kind,
+      shared: w.kind === 'shared' && w.shared ? w.shared : undefined,
+      lastOpenedAt: w.lastOpenedAt,
+      isDefault: w.id === defaultWorkspace.id,
+    };
+  }
+  function lobbyList() {
+    const reg = listWorkspaces(registryEnv);
+    const items = reg.map(lobbyShape);
+    // The boot/default workspace is computed (never persisted) — inject it if it
+    // isn't already an explicit registry entry, so the lobby is never blank.
+    if (!reg.some((w) => w.id === defaultWorkspace.id)) {
+      items.push({
+        id: defaultWorkspace.id,
+        name: defaultWorkspace.name,
+        dir: defaultWorkspace.dir,
+        kind: 'local',
+        lastOpenedAt: lobbyBootTime, // "the one you booted into" → sorts to the top
+        isDefault: true,
+      });
+    }
+    return items.sort((a, b) => b.lastOpenedAt - a.lastOpenedAt);
+  }
+
+  // The shared workspaces THIS account belongs to, from the rails (sharing slice).
+  // Degrade-never: not logged in / rails down → []; the lobby still shows local
+  // workspaces. This is how a workspace someone shared with you APPEARS in your
+  // lobby — before you've joined it, it has no local folder yet.
+  async function sharedFromRails() {
+    if (!config.account?.email || !workspaceRails.capable) return [];
+    const r = await workspaceRails.list();
+    if (!r.ok || !Array.isArray(r.data?.workspaces)) return [];
+    return r.data.workspaces; // [{ slug, name, role, owner_email }]
+  }
+
+  // Merge the local registry with the rails membership: shared workspaces I belong
+  // to but haven't given a local home yet surface as `joinable` cards (no dir,
+  // can't be entered until joined). Ones I already host locally are deduped by slug.
+  async function lobbyListMerged() {
+    const local = lobbyList();
+    const localSlugs = new Set(local.filter((w) => w.shared?.slug).map((w) => w.shared.slug));
+    const joinable = (await sharedFromRails())
+      .filter((w) => !localSlugs.has(w.slug))
+      .map((w) => ({
+        id: `shared:${w.slug}`, // synthetic — no local folder to re-root into yet
+        name: w.name,
+        slug: w.slug,
+        kind: 'shared',
+        joinable: true,
+        shared: { slug: w.slug, ownerEmail: w.owner_email, role: w.role },
+        lastOpenedAt: 0,
+      }));
+    return [...local, ...joinable];
+  }
+
+  app.get('/api/lobby/workspaces', async (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    return c.json({ workspaces: await lobbyListMerged(), defaultId: defaultWorkspace.id });
+  });
+
+  app.post('/api/lobby/workspaces', async (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    if (!isHostRequest(c)) {
+      return c.json(
+        {
+          error: 'host_only',
+          message:
+            'Create a workspace on your computer — its folder lives there. From here you can open the ones that already exist.',
+        },
+        403,
+      );
+    }
+    const body = await c.req.json().catch(() => ({}));
+    const name = typeof body.name === 'string' ? body.name.trim() : '';
+    const dir = typeof body.dir === 'string' ? body.dir.trim() : '';
+    if (!name && !dir) return c.json({ error: 'name_or_dir_required' }, 400);
+    try {
+      const w = registryCreateWorkspace(
+        { name: name || undefined, dir: dir || undefined },
+        registryEnv,
+      );
+      auditAction(c, 'lobby.create', `id=${w.id} dir=${w.dir}`);
+      return c.json({
+        ok: true,
+        workspace: { id: w.id, name: w.name, dir: w.dir, kind: w.kind },
+      });
+    } catch (e) {
+      return c.json({ error: 'create_failed', message: String(e.message || e) }, 400);
+    }
+  });
+
+  app.post('/api/lobby/workspaces/:id/open', (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    const id = c.req.param('id');
+    if (id !== defaultWorkspace.id) touchWorkspace(id, registryEnv);
+    return c.json({ ok: true });
+  });
+
+  app.delete('/api/lobby/workspaces/:id', (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    if (!isHostRequest(c)) return c.json({ error: 'host_only' }, 403);
+    const id = c.req.param('id');
+    if (id === defaultWorkspace.id) {
+      return c.json({ error: 'cannot_remove_default' }, 400);
+    }
+    const removed = removeWorkspace(id, registryEnv);
+    auditAction(c, 'lobby.remove', `id=${id} removed=${removed}`);
+    return c.json({ ok: true, removed });
+  });
+
+  // --- sharing slice (design §4): promote a local workspace to shared + invite ---
+  // "Share" mints a first-class shared workspace on the bmo-sync rails (its own
+  // slug + member set) and flips THIS install's registry entry to kind:'shared'.
+  // The folder never moves (decision 7). HOST-only (you share the folder where it
+  // lives) + owner-level (fileTree) + must be logged in (the rails identity is the
+  // account's). The Decision-11 "this carries the files AND the agent's memory"
+  // heads-up lives on the client; the server just mints + records.
+
+  // Resolve a lobby workspace id to its registry entry, seeding the computed
+  // boot/default workspace on first touch so it can be shared like any other.
+  function lobbyEntryFor(id) {
+    let entry = getWorkspace(id, registryEnv);
+    if (!entry && id === defaultWorkspace.id) {
+      entry = seedDefault(
+        { dir: defaultWorkspace.dir, name: defaultWorkspace.name },
+        registryEnv,
+      );
+    }
+    return entry;
+  }
+
+  // Slice 3 "going live": start file-sync for a shared workspace by minting a
+  // membership-gated pass on the rails (provisions the file-sync project on first
+  // call) and pairing the LOCAL daemon to the folder, so it backs up to VW's
+  // rails. Best-effort by design — a down daemon or a rails hiccup must NOT fail
+  // Share (the membership identity is already minted); it returns a status the UI
+  // can surface ("backing up…" / "we'll start syncing when the daemon is up").
+  // Idempotent: a workspace already linked + already syncing is a no-op success.
+  async function startWorkspaceSync(entry, slug) {
+    try {
+      const linked = entry.shared?.projectCode || null;
+      if (linked) {
+        // Already provisioned — if the daemon is already syncing it, nothing to do.
+        const ws = await syncControl.listWorkspaces();
+        if (ws.some((w) => w.workspaceId === linked || w.projectId === linked)) {
+          return { synced: true, projectCode: linked };
+        }
+      }
+      const cred = await workspaceRails.syncCredential(slug);
+      if (!cred.ok || !cred.data?.invite_code) {
+        return { synced: false, reason: cred.code || 'rails_unreachable', message: cred.message };
+      }
+      const projectCode = cred.data.project_code;
+      try {
+        await syncControl.pair(cred.data.invite_code, entry.dir);
+      } catch (e) {
+        // The daemon is down / unreachable — file-sync will start once it's up and
+        // the owner re-shares (or a future watcher re-pairs). Membership stands.
+        return {
+          synced: false,
+          reason: 'daemon_unreachable',
+          message: String(e.message || e),
+          projectCode,
+        };
+      }
+      setSyncProject(entry.id, projectCode, registryEnv);
+      return { synced: true, projectCode };
+    } catch (e) {
+      // Belt-and-braces: file-sync is best-effort — ANY failure here leaves the
+      // workspace shared (membership minted) and just reports sync didn't start.
+      return { synced: false, reason: 'sync_error', message: String(e?.message || e) };
+    }
+  }
+
+  app.post('/api/lobby/workspaces/:id/share', async (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    if (!isHostRequest(c)) {
+      return c.json(
+        {
+          error: 'host_only',
+          message: 'Share a workspace from the computer where its folder lives.',
+        },
+        403,
+      );
+    }
+    if (!config.account?.email || !workspaceRails.capable) {
+      return c.json(
+        {
+          error: 'login_required',
+          message: 'Sign in to VentureWild first — sharing gives the workspace an identity on the rails.',
+        },
+        400,
+      );
+    }
+    const id = c.req.param('id');
+    const entry = lobbyEntryFor(id);
+    if (!entry) return c.json({ error: 'no_such_workspace' }, 404);
+    const wasShared = entry.kind === 'shared' && Boolean(entry.shared?.slug);
+    // Mint the membership identity (idempotent: an already-shared workspace keeps
+    // its slug). Then "go live" — start backing the folder up. The file-sync step
+    // runs on BOTH a fresh share AND a re-share of an already-shared-but-not-yet-
+    // synced workspace, so a Share that happened before the daemon was up heals.
+    let shared = entry;
+    if (!wasShared) {
+      const r = await workspaceRails.create(entry.name);
+      if (!r.ok) {
+        // Surface the rails' code/message (slug_taken / unreachable / …) at a sane status.
+        const status = r.status >= 400 && r.status < 600 ? r.status : 502;
+        return c.json({ error: r.code || 'share_failed', message: r.message }, status);
+      }
+      shared = markShared(
+        id,
+        { slug: r.data.slug, ownerEmail: config.account.email, role: 'owner' },
+        registryEnv,
+      );
+      auditAction(c, 'lobby.share', `id=${id} slug=${r.data.slug}`);
+    }
+    if (!shared?.shared?.slug) return c.json({ error: 'share_failed' }, 500);
+    const sync = await startWorkspaceSync(shared, shared.shared.slug);
+    auditAction(c, 'lobby.share.sync', `id=${id} slug=${shared.shared.slug} synced=${sync.synced}`);
+    const finalEntry = getWorkspace(id, registryEnv) || shared;
+    return c.json({ ok: true, alreadyShared: wasShared, workspace: lobbyShape(finalEntry), sync });
+  });
+
+  app.post('/api/lobby/workspaces/:id/invite', async (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    if (!isHostRequest(c)) return c.json({ error: 'host_only' }, 403);
+    if (!config.account?.email || !workspaceRails.capable) {
+      return c.json({ error: 'login_required' }, 400);
+    }
+    const id = c.req.param('id');
+    const entry = getWorkspace(id, registryEnv);
+    if (!entry || entry.kind !== 'shared' || !entry.shared?.slug) {
+      return c.json({ error: 'not_shared', message: 'Share this workspace before inviting people.' }, 400);
+    }
+    const body = await c.req.json().catch(() => ({}));
+    const email = typeof body.email === 'string' ? body.email.trim() : '';
+    if (!email || !email.includes('@')) {
+      return c.json({ error: 'invalid_email', message: 'Enter a teammate’s email address.' }, 400);
+    }
+    const r = await workspaceRails.addMember(entry.shared.slug, email);
+    if (!r.ok) {
+      const status = r.status >= 400 && r.status < 600 ? r.status : 502;
+      return c.json({ error: r.code || 'invite_failed', message: r.message }, status);
+    }
+    // No account yet → the rails recorded a PENDING invite; they'll claim it by
+    // signing in with Google + Join (no account-first requirement). Already-an-
+    // account → active immediately.
+    const pending = Boolean(r.data?.pending);
+    auditAction(c, 'lobby.invite', `slug=${entry.shared.slug} email=${email} pending=${pending}`);
+    return c.json({ ok: true, email, pending, accountId: r.data?.account_id || null });
+  });
+
+  // Join a shared workspace someone invited you to (design §4 decision 9). The
+  // invitee PICKS where it lives on their disk (a new folder under the Workspaces
+  // home, or an existing one — same mechanic as create), then it's registered
+  // locally + marked shared with this member's role. HOST-only (the folder lives
+  // here) + login. Membership is verified against the rails list, so you can only
+  // give a local home to a workspace you actually belong to. This binds the
+  // IDENTITY (so the per-person canvas syncs) AND — Slice 3 "filling in" — starts
+  // file-sync via the SAME `startWorkspaceSync` the owner uses: the joiner's daemon
+  // pairs the chosen folder and pulls the current state, so it fills with the
+  // owner's files + agent-brain instead of landing empty. Best-effort: a down
+  // daemon still joins you (you land in the folder; it fills once sync starts).
+  app.post('/api/lobby/workspaces/join', async (c) => {
+    const forbidden = require(c, 'fileTree');
+    if (forbidden) return forbidden;
+    if (!isHostRequest(c)) {
+      return c.json(
+        { error: 'host_only', message: 'Join a shared workspace from the computer where you want its folder.' },
+        403,
+      );
+    }
+    if (!config.account?.email || !workspaceRails.capable) {
+      return c.json({ error: 'login_required' }, 400);
+    }
+    const body = await c.req.json().catch(() => ({}));
+    const slug = typeof body.slug === 'string' ? body.slug.trim().toLowerCase() : '';
+    if (!slug) return c.json({ error: 'slug_required' }, 400);
+    // Claim membership on the rails: this BOTH verifies the caller belongs (an
+    // active member OR a pending invite addressed to their verified email) AND
+    // activates a pending invite (invited→active) — the invite-a-teammate-who-
+    // has-no-account-yet payoff. 403 not_a_member if neither.
+    const claimed = await workspaceRails.claim(slug);
+    if (!claimed.ok) {
+      if (claimed.code === 'not_a_member' || claimed.status === 403) {
+        return c.json({ error: 'not_a_member', message: 'You’re not a member of that workspace.' }, 403);
+      }
+      const status = claimed.status >= 400 && claimed.status < 600 ? claimed.status : 502;
+      return c.json({ error: claimed.code || 'join_failed', message: claimed.message }, status);
+    }
+    const ws = {
+      name: claimed.data?.name || slug,
+      role: claimed.data?.role || 'member',
+      owner_email: claimed.data?.owner_email || '',
+    };
+    // Already have a local home for it? Return that (idempotent re-join), and
+    // (re)start file-sync so a join that happened before the daemon was up heals.
+    const existing = listWorkspaces(registryEnv).find((w) => w.shared?.slug === slug);
+    if (existing) {
+      touchWorkspace(existing.id, registryEnv);
+      const sync = await startWorkspaceSync(existing, slug);
+      const finalEntry = getWorkspace(existing.id, registryEnv) || existing;
+      return c.json({ ok: true, alreadyJoined: true, workspace: lobbyShape(finalEntry), sync });
+    }
+    const name = typeof body.name === 'string' && body.name.trim() ? body.name.trim() : ws.name;
+    const dir = typeof body.dir === 'string' ? body.dir.trim() : '';
+    let entry;
+    try {
+      entry = registryCreateWorkspace({ name, dir: dir || undefined }, registryEnv);
+    } catch (e) {
+      return c.json({ error: 'join_failed', message: String(e.message || e) }, 400);
+    }
+    const updated = markShared(
+      entry.id,
+      { slug, ownerEmail: ws.owner_email, role: ws.role || 'member' },
+      registryEnv,
+    );
+    auditAction(c, 'lobby.join', `id=${entry.id} slug=${slug} claimed=${Boolean(claimed.data?.claimed)}`);
+    // Filling in: pair the joiner's daemon → it pulls the owner's files + brain.
+    const sync = await startWorkspaceSync(updated, slug);
+    auditAction(c, 'lobby.join.sync', `id=${entry.id} slug=${slug} synced=${sync.synced}`);
+    const finalEntry = getWorkspace(entry.id, registryEnv) || updated;
+    return c.json({ ok: true, workspace: lobbyShape(finalEntry), sync });
+  });
+
   app.get('/api/workspace/tree', async (c) => {
     if (!ROLE_CAPABILITIES[c.get('role')].fileTree) {
       return c.json({ error: 'forbidden' }, 403);
     }
     try {
-      const tree = await fullTree(config.workspaceDir, 3);
-      return c.json({ root: config.workspaceDir, entries: tree });
+      const dir = workspaceFor(c).dir;
+      const tree = await fullTree(dir, 3);
+      return c.json({ root: dir, entries: tree });
     } catch (e) {
       return c.json({ error: String(e.message || e) }, 500);
     }
@@ -1785,7 +2254,7 @@ export async function createServer(overrides = {}) {
     }
     const p = c.req.query('path') || '';
     try {
-      const items = await listDir(config.workspaceDir, p);
+      const items = await listDir(workspaceFor(c).dir, p);
       if (items == null) return c.json({ error: 'not-a-directory' }, 400);
       return c.json({ path: p, items });
     } catch (e) {
@@ -1800,7 +2269,7 @@ export async function createServer(overrides = {}) {
     const p = c.req.query('path');
     if (!p) return c.json({ error: 'path-required' }, 400);
     try {
-      const result = await readFile(config.workspaceDir, p);
+      const result = await readFile(workspaceFor(c).dir, p);
       return c.json({ path: p, ...result });
     } catch (e) {
       return c.json({ error: String(e.message || e) }, 400);
@@ -2364,10 +2833,16 @@ export async function createServer(overrides = {}) {
       socket.destroy();
       return;
     }
+    // The chat WS carries its tab's active workspace as `?workspace=<id>` (lobby
+    // M1) — the per-tab channel for the socket, mirroring the X-Workspace-Id header
+    // on HTTP. Absent/unknown → the boot default.
+    const wsWorkspace = resolveWorkspace(reqUrl.searchParams.get('workspace'));
     wss.handleUpgrade(req, socket, head, (ws) => {
       ws._wsRole = role;
       ws._wsSub = sub;
-      log('[ws]', `open ${reqUrl.pathname} role=${role} sub=${sub}`);
+      ws._wsWorkspace = wsWorkspace;
+      ws._wsWorkspaceId = wsWorkspace.id;
+      log('[ws]', `open ${reqUrl.pathname} role=${role} sub=${sub} ws=${wsWorkspace.id}`);
       wss.emit('connection', ws, req, reqUrl.pathname);
     });
   });
@@ -2442,22 +2917,25 @@ export async function createServer(overrides = {}) {
           return;
         }
         ws._sendTimes.push(now);
-        // The turn-runner is server-level: it streams to every chat client and
-        // resumes the persisted claude session, so the agent keeps its memory.
+        // The turn-runner resumes THIS tab's workspace conversation and streams
+        // back only to tabs on the same workspace (lobby M1).
         runChatTurn({
           prompt: msg.text,
           mode: msg.mode,
           messageId: msg.messageId,
           userText: msg.text,
+          workspace: ws._wsWorkspace,
         });
       } else if (msg.type === 'cancel') {
-        if (currentTurn) {
-          currentTurn.session.close();
-          currentTurn = null;
+        // Cancel only the turn that belongs to this tab's workspace.
+        const live = currentTurns.get(ws._wsWorkspaceId);
+        if (live) {
+          live.session.close();
+          currentTurns.delete(ws._wsWorkspaceId);
         }
       } else if (msg.type === 'reset') {
         // "New chat" — drop the resumed session so the next turn starts fresh.
-        if (cap.chatWrite) resetChat();
+        if (cap.chatWrite) resetChat(ws._wsWorkspace);
       }
     });
     ws.on('close', () => {
@@ -2486,7 +2964,10 @@ export async function createServer(overrides = {}) {
     getActiveAgent: () => activeAgent,
     async stop() {
       try { clearTimeout(autoWakeTimer); } catch {}
-      try { currentTurn?.session.close(); } catch {}
+      for (const t of currentTurns.values()) {
+        try { t.session.close(); } catch {}
+      }
+      currentTurns.clear();
       try { sessionReporter.stop(); } catch {}
       try { transcriptRecorder.stop(); } catch {}
       try { inboxWatcher.stop(); } catch {}