@xalia/agent 0.6.2 → 0.6.3

package/src/chat/server/openSession.ts

@@ -7,8 +7,6 @@ import {
   Configuration,
   getLogger,
   McpServerSettings,
-  prefsGetAutoApprove,
-  prefsSetAutoApprove,
   SavedAgentProfile,
 } from "@xalia/xmcp/sdk";
 
@@ -34,13 +32,11 @@ import type {
   ServerModelUpdated,
   ServerUserMessage,
   ClientUserMessage,
-  ServerToolAutoApprovalSet,
   ClientSessionMessage,
   ServerSessionError,
   ServerUserAdded,
   ServerUserRemoved,
   ServerSessionInfo,
-  ServerSessionUpdate,
   ClientSetWorkspace,
   ClientToServer,
   ServerSessionFileContent,
@@ -66,7 +62,10 @@ import {
   createSessionParticipantMap,
   UserData,
 } from "../data/database";
-import { ApprovalManager } from "../utils/approvalManager";
+import {
+  DbAgentPreferencesWriter,
+  ToolApprovalManager,
+} from "../utils/approvalManager";
 import { ChatErrorMessage, ChatFatalError } from "../protocol/errors";
 import { addDefaultChatTools } from "./tools";
 import { ChatContextManager, ICheckpointWriter } from "./chatContextManager";
@@ -86,6 +85,7 @@ import { DbMcpServerConfigs } from "../data/dbMcpServerConfigs";
 import { SessionFileEntry } from "../data/dbSessionFileModels";
 import { ApiKeyManager } from "../data/apiKeyManager";
 import { DbSessionMessages } from "../data/dbSessionMessages";
+import { ISessionMessageSender } from "./openSessionMessageSender";
 
 /**
  * The model to use when the AgentProfile does not specify one.
@@ -127,6 +127,170 @@ class DBCheckpointWriter implements ICheckpointWriter {
   }
 }
 
+export class ChatSessionMessageSender
+  implements ISessionMessageSender<ServerToClient>
+{
+  constructor(
+    public readonly connectionManager: IUserConnectionManager<ServerToClient>,
+    public readonly sessionParticipants: SessionParticipantMap
+  ) {}
+
+  broadcast(msg: ServerToClient): void {
+    const users: Set<string> = new Set(this.sessionParticipants.keys());
+    this.connectionManager.sendToUsers(users, msg);
+  }
+
+  sendTo(userUUID: string, msg: ServerToClient): void {
+    this.connectionManager.sendToUsers(new Set([userUUID]), msg);
+  }
+}
+
+class ChatSessionPlatform {
+  constructor(
+    private sender: ISessionMessageSender<ServerToClient>,
+    private sessionUUID: string,
+    private ownerUUID: string
+  ) {}
+
+  // IPlatform.openUrl
+  openUrl(url: string, authResultP: Promise<boolean>, display_name: string) {
+    // These requests are always passed to the original owner, since it is
+    // their settings that will be used for all MCP servers.
+    this.sender.broadcast({
+      type: "authentication_started",
+      session_id: this.sessionUUID,
+      url,
+    });
+    this.sender.sendTo(this.ownerUUID, {
+      type: "authenticate",
+      session_id: this.sessionUUID,
+      url,
+      display_name,
+    });
+
+    // TODO: auth timeout
+    // Don't stall this function waiting for authentication
+    void authResultP.then((result) => {
+      this.sender.broadcast({
+        type: "authentication_finished",
+        session_id: this.sessionUUID,
+        url,
+        result,
+      });
+    });
+  }
+
+  // IPlatform.load
+  load(filename: string): Promise<string> {
+    if (process.env.DEVELOPMENT === "1") {
+      return NODE_PLATFORM.load(filename);
+    }
+    throw new ChatErrorMessage("Platform.load not implemented");
+  }
+
+  // IPlatform.renderHTML
+  renderHTML(html: string): Promise<void> {
+    return new Promise<void>((r) => {
+      this.sender.broadcast({
+        type: "render_html",
+        html,
+        session_id: this.sessionUUID,
+      });
+      r();
+    });
+  }
+}
+
+export class ChatSessionAgentEventHandler implements IAgentEventHandler {
+  constructor(
+    private readonly sessionUUID: string,
+    private readonly sender: ISessionMessageSender<ServerToClient>,
+    private readonly approvalManager: ToolApprovalManager,
+    private readonly contextManager: ChatContextManager
+  ) {}
+
+  onCompletion(result: ChatCompletionAssistantMessageParam): void {
+    logger.debug(`[OpenSession.onCompletion] : ${JSON.stringify(result)}`);
+    // Nothing to broadcast. Caller will receive this via onAgentMessage.
+    this.contextManager.processAgentResponse(result);
+  }
+
+  onImage(image: OpenAI.Chat.Completions.ChatCompletionContentPartImage): void {
+    logger.debug(`[OpenSession.onImage] : ${image.image_url.url}`);
+    throw new Error("[OpenSession.onImage] unimplemented");
+  }
+
+  onToolCallResult(result: ChatCompletionToolMessageParam): void {
+    logger.debug(`[onToolCallResult] : ${JSON.stringify(result)}`);
+    const toolCallMessage = this.contextManager.processToolCallResult(result);
+    this.sender.broadcast(toolCallMessage);
+  }
+
+  async onToolCall(
+    toolCall: ChatCompletionMessageToolCall,
+    agentTool: boolean
+  ): Promise<boolean> {
+    if (agentTool) {
+      // "Agent" tools are considered internal to the agent, and are always
+      // permitted.  Inform all clients and immediately approve.
+      this.sender.broadcast({
+        type: "tool_call",
+        tool_call: toolCall,
+        session_id: this.sessionUUID,
+      });
+      return true;
+    }
+
+    // TODO: Need a proper mapping to/from MCP calls to tool names
+
+    const [serverName, tool] = toolCall.function.name.split("__");
+    const { approved, requested } = await this.approvalManager.getApproval(
+      serverName,
+      tool,
+      toolCall
+    );
+
+    // For now, the frontend uses the tool_call data in the
+    // "approve_tool_call" request to display the tool call data.  If approval
+    // was requested in this way, don't send the "tool_call" message as well.
+
+    if (approved && !requested) {
+      this.sender.broadcast({
+        type: "tool_call",
+        tool_call: toolCall,
+        session_id: this.sessionUUID,
+      });
+    }
+
+    return approved;
+  }
+
+  onAgentMessage(msg: string, end: boolean): Promise<void> {
+    logger.debug(
+      `[OpenSession.onAgentMessage] msg: ${msg}, end: ${String(end)}`
+    );
+
+    // Inform the contextManager and broadcast the ServerAgentMessageChunk
+    const agentMsgChunk = this.contextManager.processAgentMessage(msg, end);
+    this.sender.broadcast(agentMsgChunk);
+    return Promise.resolve();
+  }
+
+  onReasoning(reasoning: string): Promise<void> {
+    return new Promise<void>((r) => {
+      logger.debug(`[OpenSession.onReasoning]${reasoning}`);
+      if (reasoning.length > 0) {
+        this.sender.broadcast({
+          type: "agent_reasoning_chunk",
+          reasoning,
+          session_id: this.sessionUUID,
+        });
+      }
+      r();
+    });
+  }
+}
+
 /**
  * Describes a Session (conversation) with connected participants.
  *
@@ -137,9 +301,7 @@ class DBCheckpointWriter implements ICheckpointWriter {
  * be seen until user messages had been fully processed, which could block
  * tool approvals and other interactions).
  */
-export class OpenSession
-  implements IAgentEventHandler, ISessionFileManagerEventHandler, IPlatform
-{
+export class OpenSession implements ISessionFileManagerEventHandler {
   private readonly db: Database;
   private /* readonly */ agent: Agent;
   private readonly sessionUUID: string;
@@ -149,11 +311,11 @@ export class OpenSession
   private readonly sessionParticipants: SessionParticipantMap;
   private readonly agentProfilePreferences: AgentPreferences;
   private /* readonly */ skillManager: SkillManager;
-  private readonly connectionManager: IUserConnectionManager<ServerToClient>;
+  private readonly sender: ChatSessionMessageSender;
   private readonly messageQueue: AsyncQueue<QueuedClientMessage>;
   private readonly userMessageQueue: MultiAsyncQueue<ServerUserMessage>;
   private readonly contextManager: ChatContextManager;
-  private readonly approvalManager: ApprovalManager;
+  private readonly approvalManager: ToolApprovalManager;
   private readonly savedAgentProfile: SavedAgentProfile;
   private readonly sessionFileManager: ISessionFileManager;
   private isPersisted: boolean;
@@ -172,8 +334,8 @@ export class OpenSession
     agentProfilePreferences: AgentPreferences,
     skillManager: SkillManager,
     contextManager: ChatContextManager,
-    connectionManager: IUserConnectionManager<ServerToClient>,
-    approvalManager: ApprovalManager,
+    sender: ChatSessionMessageSender,
+    approvalManager: ToolApprovalManager,
     fileManager: ISessionFileManager
   ) {
     this.db = db;
@@ -186,7 +348,7 @@ export class OpenSession
     this.sessionParticipants = sessionParticipants;
     this.agentProfilePreferences = agentProfilePreferences;
     this.skillManager = skillManager;
-    this.connectionManager = connectionManager;
+    this.sender = sender;
     this.messageQueue = new AsyncQueue<QueuedClientMessage>((m) =>
       this.processMessage(m)
     );
@@ -223,70 +385,52 @@ export class OpenSession
     const sessionId = sessionData.session_uuid;
 
     const fileManager = await ChatSessionFileManager.init(db, sessionId);
-    const contextManager = new ChatContextManager(
+    const sender = new ChatSessionMessageSender(
+      connectionManager,
+      sessionParticipants
+    );
+    const platform = new ChatSessionPlatform(sender, sessionId, ownerData.uuid);
+    const toolApprovalManager = new ToolApprovalManager(
+      sessionData.session_uuid,
+      savedAgentProfile.uuid,
+      savedAgentProfile.preferences,
+      sender,
+      new DbAgentPreferencesWriter(db)
+    );
+    const { agent, skillManager, contextManager } = await createContextAndAgent(
+      sessionId,
       savedAgentProfile.profile.system_prompt,
+      savedAgentProfile.profile.model || DEFAULT_CHAT_LLM_MODEL,
       sessionMessages,
-      sessionId,
-      ownerData.uuid,
+      sessionData.workspace,
       sessionCheckpoint,
-      llmUrl,
-      savedAgentProfile.profile.model || DEFAULT_CHAT_LLM_MODEL,
+      ownerData,
       ownerApiKey,
-      new DBCheckpointWriter(db, sessionId),
-      fileManager
+      llmUrl,
+      xmcpUrl,
+      fileManager,
+      sender,
+      platform,
+      toolApprovalManager
     );
-    if (sessionData.workspace) {
-      const ws = sessionData.workspace;
-      contextManager.setWorkspace(createUserMessage(ws.message, ws.imageB64));
-    }
 
     const openSession = new OpenSession(
       db,
-      {} as Agent, // Placeholder - will be replaced after agent creation
+      agent,
       sessionData,
       savedAgentProfile,
       isPersisted,
       sessionParticipants,
       savedAgentProfile.preferences,
-      {} as SkillManager, // Placeholder - will be replaced after agent creation
+      skillManager,
       contextManager,
-      connectionManager,
-      new ApprovalManager(),
+      sender,
+      toolApprovalManager,
       fileManager
     );
 
-    // Initialize an empty agent (to ensure there are no callbacks before
-    // the OpenSession and client are fully set up).
-
-    const xmcpConfig = Configuration.new(ownerApiKey, xmcpUrl, false);
-    const [agent, skillManager] = await createAgentWithoutSkills(
-      llmUrl,
-      savedAgentProfile.profile,
-      DEFAULT_CHAT_LLM_MODEL,
-      openSession,
-      openSession,
-      contextManager,
-      ownerApiKey,
-      xmcpConfig,
-      undefined,
-      true
-    );
-    await addDefaultChatTools(
-      agent,
-      ownerData.timezone,
-      openSession,
-      fileManager,
-      llmUrl,
-      ownerApiKey
-    );
-
-    // Update OpenSession with real agent and skillManager
-    openSession.agent = agent;
-    openSession.skillManager = skillManager;
+    // Note, MCP servers have not been enabled yet
 
-    await openSession.restoreMcpSettings(
-      savedAgentProfile.profile.mcp_settings
-    );
     return openSession;
   }
 
@@ -311,12 +455,18 @@ export class OpenSession
     }
 
     const sessionParticipants = new Map<string, TeamParticipant>();
-    sessionParticipants.set(sessionData.user_uuid, {
-      user_uuid: sessionData.user_uuid,
-      nickname: ownerData.nickname || "",
-      email: ownerData.email,
-      role: "owner",
-    });
+    if (sessionData.participants && sessionData.participants.length > 0) {
+      sessionData.participants.forEach((p) => {
+        sessionParticipants.set(p.user_uuid, p);
+      });
+    } else {
+      sessionParticipants.set(sessionData.user_uuid, {
+        user_uuid: sessionData.user_uuid,
+        nickname: ownerData.nickname || "",
+        email: ownerData.email,
+        role: "owner",
+      });
+    }
 
     return OpenSession.init(
       db,
@@ -392,18 +542,34 @@ export class OpenSession
     return this.sessionParticipants;
   }
 
-  sendSessionData(connectionId: string, clientMessageId: string): void {
+  async sendSessionData(
+    connectionId: string,
+    clientMessageId: string,
+    restoreMcpState: boolean
+  ): Promise<void> {
     logger.info(
       `[SessionRegistry] sending session data for session ${this.sessionUUID}`
     );
 
     const sessionInfo = this.serverSessionInfo(clientMessageId);
-    this.connectionManager.sendToConnection(connectionId, sessionInfo);
+    const connMgr = this.sender.connectionManager;
+    connMgr.sendToConnection(connectionId, sessionInfo);
+
+    // This could be cleaner.  If the session has just been created, we must
+    // restore the mcp servers.  However, we cannot do that until the client
+    // has initialized itself (in case we need auth messages), hence it must
+    // happen at this stage, BEFORE we call sendMcpSettings below.
+
+    if (restoreMcpState) {
+      await this.restoreMcpSettings(
+        this.savedAgentProfile.profile.mcp_settings
+      );
+    }
 
     // send session file info
     const fileDescriptors = this.sessionFileManager.listFiles();
     fileDescriptors.forEach((descriptor) => {
-      this.connectionManager.sendToConnection(connectionId, {
+      connMgr.sendToConnection(connectionId, {
         type: "session_file_changed",
         session_id: this.sessionUUID,
         descriptor,
@@ -414,7 +580,7 @@ export class OpenSession
     // send conversation history
     const conversationMessages = this.contextManager.getConversationMessages();
     conversationMessages.forEach((message) => {
-      this.connectionManager.sendToConnection(connectionId, message);
+      connMgr.sendToConnection(connectionId, message);
     });
 
     // add MCP settings
@@ -422,12 +588,12 @@ export class OpenSession
 
     // add system prompt and model
     const agentProfile = this.agent.getAgentProfile();
-    this.connectionManager.sendToConnection(connectionId, {
+    connMgr.sendToConnection(connectionId, {
       type: "system_prompt_updated",
       system_prompt: agentProfile.system_prompt,
       session_id: this.sessionUUID,
     });
-    this.connectionManager.sendToConnection(connectionId, {
+    connMgr.sendToConnection(connectionId, {
       type: "model_updated",
       model: agentProfile.model || "",
       session_id: this.sessionUUID,
@@ -478,7 +644,7 @@ export class OpenSession
           skillManager.enableTool(server_name, enabled_tool);
         }
       } catch (e) {
-        this.broadcast({
+        this.sender.broadcast({
           type: "session_error",
           message: `Error adding MCP server ${server_name}: ${String(e)}`,
           session_id: this.sessionUUID,
@@ -497,9 +663,9 @@ export class OpenSession
   private handleError(err: unknown, from?: string): boolean {
     const sendError = (msg: ServerSessionError) => {
       if (from) {
-        this.sendTo(from, msg);
+        this.sender.sendTo(from, msg);
       } else {
-        this.broadcast(msg);
+        this.sender.broadcast(msg);
       }
     };
 
@@ -529,186 +695,9 @@ export class OpenSession
     return true;
   }
 
-  private broadcast(msg: ServerToClient): void {
-    const users: Set<string> = new Set(this.sessionParticipants.keys());
-    this.connectionManager.sendToUsers(users, msg);
-  }
-
-  sendTo(user_uuid: string, msg: ServerToClient): void {
-    this.connectionManager.sendToUsers(new Set([user_uuid]), msg);
-  }
-
-  // IPlatform.openUrl
-  openUrl(url: string, authResultP: Promise<boolean>, display_name: string) {
-    // These requests are always passed to the original owner, since it is
-    // their settings that will be used for all MCP servers.
-    this.broadcast({
-      type: "authentication_started",
-      session_id: this.sessionUUID,
-      url,
-    });
-    this.sendTo(this.userUUID, {
-      type: "authenticate",
-      session_id: this.sessionUUID,
-      url,
-      display_name,
-    });
-
-    // TODO: auth timeout
-    // Don't stall this function waiting for authentication
-    void authResultP.then((result) => {
-      this.sendTo(this.userUUID, {
-        type: "authentication_finished",
-        session_id: this.sessionUUID,
-        url,
-        result,
-      });
-    });
-  }
-
-  // IPlatform.load
-  load(filename: string): Promise<string> {
-    if (process.env.DEVELOPMENT === "1") {
-      return NODE_PLATFORM.load(filename);
-    }
-    throw new ChatErrorMessage("Platform.load not implemented");
-  }
-
-  // IPlatform.renderHTML
-  renderHTML(html: string): Promise<void> {
-    return new Promise<void>((r) => {
-      this.broadcast({
-        type: "render_html",
-        html,
-        session_id: this.sessionUUID,
-      });
-      r();
-    });
-  }
-
-  // IAgentEventHandler.onCompletion
-  onCompletion(result: ChatCompletionAssistantMessageParam): void {
-    logger.debug(`[OpenSession.onCompletion] : ${JSON.stringify(result)}`);
-    // Nothing to broadcast. Caller will receive this via onAgentMessage.
-    this.contextManager.processAgentResponse(result);
-  }
-
-  // IAgentEventHandler.onImage
-  onImage(image: OpenAI.Chat.Completions.ChatCompletionContentPartImage): void {
-    logger.debug(`[OpenSession.onImage] : ${image.image_url.url}`);
-    throw new Error("[OpenSession.onImage] unimplemented");
-  }
-
-  // IAgentEventHandler.onToolCallResult
-  onToolCallResult(result: ChatCompletionToolMessageParam): void {
-    logger.debug(`[onToolCallResult] : ${JSON.stringify(result)}`);
-    const toolCallMessage = this.contextManager.processToolCallResult(result);
-    this.broadcast(toolCallMessage);
-  }
-
-  // IAgentEventHandler.onToolCall
-  async onToolCall(
-    toolCall: ChatCompletionMessageToolCall,
-    agentTool: boolean
-  ): Promise<boolean> {
-    if (agentTool) {
-      // "Agent" tools are considered internal to the agent, and are always
-      // permitted.  Inform all clients and immediately approve.
-      this.broadcast({
-        type: "tool_call",
-        tool_call: toolCall,
-        session_id: this.sessionUUID,
-      });
-      return true;
-    }
-
-    // TODO: Need a proper mapping to/from MCP calls to tool names
-
-    const [serverName, tool] = toolCall.function.name.split("__");
-    const autoApproved = prefsGetAutoApprove(
-      this.agentProfilePreferences,
-      serverName,
-      tool
-    );
-    if (!autoApproved) {
-      const { id, resultP } = this.approvalManager.startApproval(
-        toolCall.function.name
-      );
-      this.broadcast({
-        type: "approve_tool_call",
-        id,
-        tool_call: toolCall,
-        session_id: this.sessionUUID,
-      });
-
-      try {
-        logger.debug(`[OpenSession.onToolCall] awaiting approval ${id}`);
-        const { approved, auto_approve } = await resultP;
-        logger.debug(
-          `[OpenSession.onToolCall] approval ${id}: ${String(approved)}`
-        );
-        if (auto_approve) {
-          logger.debug(
-            "[OpenSession.onToolCall] auto_approve set. updated preferences"
-          );
-          const autoApprovalMsg = await this.onSetAutoApproval(
-            serverName,
-            tool,
-            true
-          );
-          if (autoApprovalMsg) {
-            this.broadcast(autoApprovalMsg);
-          }
-        }
-
-        return approved;
-      } catch (e) {
-        logger.debug(
-          `[OpenSession.onToolCall] error waiting for approval ${id}: ` +
-            String(e)
-        );
-        return false;
-      }
-    } else {
-      this.broadcast({
-        type: "tool_call",
-        tool_call: toolCall,
-        session_id: this.sessionUUID,
-      });
-      return true;
-    }
-  }
-
-  // IAgentEventHandler.onAgentMessage
-  // eslint-disable-next-line @typescript-eslint/require-await
-  async onAgentMessage(msg: string, end: boolean): Promise<void> {
-    logger.debug(
-      `[OpenSession.onAgentMessage] msg: ${msg}, end: ${String(end)}`
-    );
-
-    // Inform the contextManager and broadcast the ServerAgentMessageChunk
-    const agentMsgChunk = this.contextManager.processAgentMessage(msg, end);
-    this.broadcast(agentMsgChunk);
-  }
-
-  // IAgentEventHandler.onReasoning
-  onReasoning(reasoning: string): Promise<void> {
-    return new Promise<void>((r) => {
-      logger.debug(`[OpenSession.onReasoning]${reasoning}`);
-      if (reasoning.length > 0) {
-        this.broadcast({
-          type: "agent_reasoning_chunk",
-          reasoning,
-          session_id: this.sessionUUID,
-        });
-      }
-      r();
-    });
-  }
-
   // ISessionFileManagerEventHandler.onFileDeleted
   onFileDeleted(name: string): void {
-    this.broadcast({
+    this.sender.broadcast({
       type: "session_file_deleted",
       session_id: this.sessionUUID,
       name,
@@ -717,7 +706,7 @@ export class OpenSession
 
   // ISessionFileManagerEventHandler.onFileChanged
   onFileChanged(entry: SessionFileEntry, new_file: boolean): void {
-    this.broadcast({
+    this.sender.broadcast({
       type: "session_file_changed",
       session_id: this.sessionUUID,
       descriptor: {
@@ -745,7 +734,7 @@ export class OpenSession
       logger.warn(
         `User ${from} not in session ${this.sessionUUID} - ignoring message`
       );
-      this.sendTo(from, {
+      this.sender.sendTo(from, {
         type: "session_error",
         message: "You are not a participant in this session",
         session_id: this.sessionUUID,
@@ -756,7 +745,7 @@ export class OpenSession
 
     // Enqueue message for processing
     if (!this.messageQueue.tryEnqueue({ msg: message, from })) {
-      this.sendTo(
+      this.sender.sendTo(
         from,
         this.addSessionContext({
           type: "session_error",
@@ -777,7 +766,7 @@ export class OpenSession
       const mcpServer = this.skillManager.getMcpServer(server_name);
       const tools = mcpServer.getTools();
       const enabled_tools = Array.from(mcpServer.getEnabledTools().keys());
-      this.connectionManager.sendToConnection(connectionId, {
+      this.sender.connectionManager.sendToConnection(connectionId, {
         type: "mcp_server_added",
         server_name,
         tools,
@@ -808,7 +797,7 @@ export class OpenSession
         undefined;
       switch (msg.type) {
         case "msg":
-          broadcastMsg = this.handleUserMessage(msg, queuedMessage.from);
+          broadcastMsg = await this.handleUserMessage(msg, queuedMessage.from);
           break;
         case "add_mcp_server":
           broadcastMsg = await this.handleAddMcpServer(
@@ -842,20 +831,7 @@ export class OpenSession
           );
           break;
         case "tool_call_approval_result":
-          if (
-            this.approvalManager.approvalResult(
-              msg.id,
-              msg.result,
-              msg.auto_approve
-            )
-          ) {
-            broadcastMsg = {
-              type: "tool_call_approval_result",
-              id: msg.id,
-              result: msg.result,
-              session_id: this.sessionUUID,
-            };
-          }
+          this.approvalManager.onApprovalResult(msg);
           break;
         case "session_file_get_content":
           void this.handleSessionFileGetContent(msg, queuedMessage.from);
@@ -867,7 +843,7 @@ export class OpenSession
           await this.handleSessionFilePutContent(msg);
           break;
         case "set_auto_approval":
-          broadcastMsg = await this.onSetAutoApproval(
+          broadcastMsg = await this.approvalManager.setAutoApprove(
             msg.server_name,
             msg.tool,
             msg.auto_approve
@@ -900,10 +876,10 @@ export class OpenSession
       if (broadcastMsg) {
         if (broadcastMsg instanceof Array) {
           broadcastMsg.map((msg) => {
-            this.broadcast(msg);
+            this.sender.broadcast(msg);
           });
         } else {
-          this.broadcast(broadcastMsg);
+          this.sender.broadcast(broadcastMsg);
         }
       }
     } catch (err: unknown) {
@@ -926,7 +902,7 @@ export class OpenSession
       this.accessToken = accessToken;
     }
 
-    this.sendTo(from, {
+    this.sender.sendTo(from, {
       type: "session_shared",
       access_token: this.accessToken,
       client_message_id: msg.client_message_id,
@@ -970,16 +946,12 @@ export class OpenSession
     return this.contextManager.endAgentResponse();
   }
 
-  /**
-   * `processUserMessage` logic when agent is active.  Start the Agent loop,
-   * adding all agent messages to the context. Extract the new DB messages.
-   */
   private async processUserMessagesActive(
     msgs: ServerUserMessage[]
   ): Promise<SessionMessage[]> {
     const { llmUserMessages, agentFirstChunk } =
       this.contextManager.startAgentResponse(msgs);
-    this.broadcast(agentFirstChunk);
+    this.sender.broadcast(agentFirstChunk);
     try {
       await this.agent.userMessagesRaw(llmUserMessages);
     } catch (e) {
@@ -990,26 +962,23 @@ export class OpenSession
       // Errors during agent replies must be turned into messages.
 
       const errMsg = `error from LLM: ${String(e)}`;
-      await this.onAgentMessage(errMsg, true);
-      const err = this.contextManager.revertAgentResponse(errMsg);
-      this.broadcast(err);
-
-      // return await this.processuserMessagesActive(msgs);
+      this.contextManager.revertAgentResponse(errMsg);
+      throw new Error(errMsg);
     }
     return this.contextManager.endAgentResponse();
   }
 
   private async processUserMessages(msgs: ServerUserMessage[]): Promise<void> {
-    const newSessionMessages = this.agentPaused
-      ? this.processUserMessagePaused(msgs)
-      : await this.processUserMessagesActive(msgs);
+    try {
+      const newSessionMessages = this.agentPaused
+        ? this.processUserMessagePaused(msgs)
+        : await this.processUserMessagesActive(msgs);
 
-    logger.debug(
-      "[processUserMessages] newSessionMessages: " +
-        JSON.stringify(newSessionMessages)
-    );
+      logger.debug(
+        "[processUserMessages] newSessionMessages: " +
+          JSON.stringify(newSessionMessages)
+      );
 
-    try {
       // Append to in-memory conversation and write to the DB
       const dbsm = this.db.createTypedClient(DbSessionMessages);
       await dbsm.append(this.sessionUUID, newSessionMessages);
@@ -1020,10 +989,10 @@ export class OpenSession
     }
   }
 
-  private handleUserMessage(
+  private async handleUserMessage(
     msg: ClientUserMessage,
     from: string
-  ): ServerUserMessage | undefined {
+  ): Promise<ServerUserMessage | undefined> {
     // Return a ServerUserMessage for broadcast.  The actual message is places
     // on a queue to be dealt with in another loop.  This allows Agent
     // processing of user messages to depend on other messages.
@@ -1033,7 +1002,15 @@ export class OpenSession
 
     // Assign the user message_idx and attempt to enqueue.
 
-    const userMessage = this.contextManager.processUserMessage(msg, from);
+    const user = this.sessionParticipants.get(from);
+    if (!user) {
+      throw new Error(`unrecognized user ${from}`);
+    }
+    const userMessage = this.contextManager.processUserMessage(
+      msg,
+      from,
+      user.nickname
+    );
     if (!userMessage) {
       return;
     }
@@ -1041,7 +1018,7 @@ export class OpenSession
 
     if (userMessage.message_idx === MESSAGE_INDEX_START_VALUE) {
       // No need to wait for this to complete before broadcasting.
-      void this.onFirstMessage(userMessage);
+      await this.onFirstMessage(userMessage);
     }
 
     if (!this.userMessageQueue.tryEnqueue(userMessage)) {
@@ -1052,7 +1029,7 @@ export class OpenSession
 
       this.contextManager.unprocessUserMessage(userMessage);
 
-      this.sendTo(from, {
+      this.sender.sendTo(from, {
         type: "session_error",
         message: "failed to queue message.  try again later.",
         session_id: this.sessionUUID,
@@ -1103,14 +1080,39 @@ export class OpenSession
     }
     assert(this.isPersisted);
 
-    // Broadcast the SessionUpdated message
+    // Send session created notification
+    const sessionInfo = this.serverSessionInfo("");
+    
+    if (this.teamUUID) {
+      // Team session: notify all members about the new session
+      try {
+        const teamMembers = await this.db.teamGetMembers(this.teamUUID);
+        const teamMemberIds = new Set(teamMembers.map((m) => m.user_uuid));
 
-    const msg: ServerSessionUpdate = {
-      type: "session_update",
-      session_id: this.sessionUUID,
-      title: this.sessionTitle,
-    };
-    this.broadcast(msg);
+        this.sender.connectionManager.sendToUsers(teamMemberIds, sessionInfo);
+
+        logger.info(
+          `[OpenSession] notified ${String(teamMemberIds.size)} team members` +
+            ` about new session ${this.sessionUUID} in team ${this.teamUUID}`
+        );
+      } catch (error) {
+        logger.error(
+          "[OpenSession] Error notifying team members about session" +
+            `${this.sessionUUID}: ${String(error)}`
+        );
+      }
+    } else {
+      // If this is a user session, notify the session owner
+      this.sender.connectionManager.sendToUsers(
+        new Set([this.userUUID]),
+        sessionInfo
+      );
+      
+      logger.info(
+        `[OpenSession] notified session owner ${this.userUUID} about ` +
+        `new session ${this.sessionUUID}`
+      );
+    }
   }
 
   private async handleAddMcpServer(
@@ -1324,7 +1326,7 @@ export class OpenSession
       name: msg.name,
       data_url,
     };
-    this.sendTo(from, contentMsg);
+    this.sender.sendTo(from, contentMsg);
   }
 
   private async handleSessionFileDelete(
@@ -1356,34 +1358,6 @@ export class OpenSession
     // succeeds.  We broadcast in that callback.
   }
 
-  private async onSetAutoApproval(
-    serverName: string,
-    tool: string,
-    autoApprove: boolean
-  ): Promise<ServerToolAutoApprovalSet | undefined> {
-    if (
-      prefsSetAutoApprove(
-        this.agentProfilePreferences,
-        serverName,
-        tool,
-        autoApprove
-      )
-    ) {
-      await this.db.updateAgentProfilePreferences(
-        this.agentProfileUUID,
-        this.agentProfilePreferences
-      );
-
-      return {
-        type: "tool_auto_approval_set",
-        server_name: serverName,
-        tool,
-        auto_approve: autoApprove,
-        session_id: this.sessionUUID,
-      };
-    }
-  }
-
   private ensureMcpServer(serverName: string): McpServerInfo {
     return this.skillManager.getMcpServer(serverName);
   }
@@ -1411,19 +1385,19 @@ export class OpenSession
    * This only updates the local participant map - actual membership
    * tracking is handled by SessionRegistry.
    */
-  addParticipant(userId: string, role: TeamParticipant): void {
-    this.sessionParticipants.set(userId, role);
+  addParticipant(userId: string, participant: TeamParticipant): void {
+    this.sessionParticipants.set(userId, participant);
     // Broadcast result to all session participants
     const broadcastMessage: ServerUserAdded = {
       type: "user_added",
       user_uuid: userId,
       role: "participant",
-      nickname: role.nickname,
-      email: role.email,
+      nickname: participant.nickname,
+      email: participant.email,
       session_id: this.sessionUUID,
     };
 
-    this.broadcast(broadcastMessage);
+    this.sender.broadcast(broadcastMessage);
   }
 
   /**
@@ -1440,7 +1414,7 @@ export class OpenSession
       session_id: this.sessionUUID,
     };
 
-    this.broadcast(broadcastMessage);
+    this.sender.broadcast(broadcastMessage);
   }
 
   private getSessionParticipants(): TeamParticipant[] {
@@ -1568,3 +1542,72 @@ async function loadSessionData(
     sessionParticipants: createSessionParticipantMap(sessionParticipants),
   };
 }
+
+async function createContextAndAgent(
+  sessionUUID: string,
+  systemPrompt: string,
+  model: string,
+  sessionMessages: SessionMessage[],
+  workspace: UserMessageData | undefined,
+  sessionCheckpoint: SessionCheckpoint | undefined,
+  ownerData: UserData,
+  ownerApiKey: string,
+  llmUrl: string,
+  xmcpUrl: string,
+  fileManager: ChatSessionFileManager,
+  sender: ISessionMessageSender<ServerToClient>,
+  platform: IPlatform,
+  approvalManager: ToolApprovalManager
+): Promise<{
+  agent: Agent;
+  skillManager: SkillManager;
+  contextManager: ChatContextManager;
+}> {
+  const contextManager = new ChatContextManager(
+    systemPrompt,
+    sessionMessages,
+    sessionUUID,
+    ownerData.uuid,
+    sessionCheckpoint,
+    llmUrl,
+    model,
+    ownerApiKey,
+    undefined as unknown as DBCheckpointWriter, // TODO
+    fileManager
+  );
+  if (workspace) {
+    contextManager.setWorkspace(
+      createUserMessage(workspace.message, workspace.imageB64)
+    );
+  }
+
+  const eventHandler = new ChatSessionAgentEventHandler(
+    sessionUUID,
+    sender,
+    approvalManager,
+    contextManager
+  );
+
+  const xmcpConfig = Configuration.new(ownerApiKey, xmcpUrl, false);
+  const [agent, skillManager] = await createAgentWithoutSkills(
+    llmUrl,
+    model,
+    eventHandler,
+    platform,
+    contextManager,
+    ownerApiKey,
+    xmcpConfig,
+    undefined,
+    true
+  );
+  await addDefaultChatTools(
+    agent,
+    ownerData.timezone,
+    platform,
+    fileManager,
+    llmUrl,
+    ownerApiKey
+  );
+
+  return { agent, skillManager, contextManager };
+}