@xalia/agent 0.6.9 → 0.6.11

package/src/chat/server/sessionRegistry.ts

@@ -1,1425 +0,0 @@
-import { v4 as uuidv4 } from "uuid";
-
-import {
-  AgentProfile,
-  getLogger,
-  SavedAgentProfile,
-  DEFAULT_AGENT_PROFILE_NAME,
-  DEFAULT_AGENT_PROFILE,
-} from "@xalia/xmcp/sdk";
-
-import {
-  ClientSessionMessage,
-  ClientToServer,
-  ServerControlSessionList,
-  ClientControlMessage,
-  isClientControlMessage,
-  ClientControlGetSessionList,
-  ClientControlSessionCreate,
-  ClientControlSessionJoin,
-  ServerControlError,
-  ClientControlSessionDelete,
-  ServerControlSessionDeleted,
-  ClientControlTeamCreate,
-  ServerControlTeamCreated,
-  ClientControlAddTeamUser,
-  ClientControlRemoveTeamUser,
-  ServerToClient,
-  ClientControlAgentProfileCreate,
-  ClientControlAgentProfileDelete,
-  ClientControlAddCustomMcpServer,
-  ClientControlRemoveCustomMcpServer,
-} from "../protocol/messages";
-import { GUEST_TOKEN_PREFIX, OpenSession } from "./openSession";
-import {
-  CustomMcpServerDescriptor,
-  SessionCreateData,
-  SessionData,
-  SessionDescriptor,
-  TeamInfo,
-  TeamParticipant,
-} from "../data/dataModels";
-import { Database, UserData } from "../data/database";
-import { resolveUserIdentifier } from "../utils/userResolver";
-import { ChatFatalError } from "../protocol/errors";
-import { IMessageProcessor, IUserConnectionManager } from "./connectionManager";
-import { getErrorString } from "./errorUtils";
-import { ApiKeyManager } from "../data/apiKeyManager";
-
-const logger = getLogger();
-
-export type GuestUser = UserData & { guest_for_session: string };
-
-// server_name => url
-type CustomMcpServersForUser = Map<string, CustomMcpServerDescriptor>;
-
-export class CustomMcpServerManager {
-  private perUser: Map<string, CustomMcpServersForUser>;
-
-  constructor(_db: Database) {
-    this.perUser = new Map();
-  }
-
-  getForUser(user_uuid: string): Record<string, CustomMcpServerDescriptor> {
-    const servers = this.perUser.get(user_uuid);
-    if (!servers) {
-      return {};
-    }
-
-    return Object.fromEntries(servers.entries());
-  }
-
-  async addForUser(
-    user_uuid: string,
-    server_name: string,
-    description: string,
-    url: string
-  ): Promise<void> {
-    // TODO: persistence to DB
-
-    const userServers = this.getUserServers(user_uuid);
-    if (userServers.has(server_name)) {
-      throw new Error(`server ${server_name} already added`);
-    }
-
-    userServers.set(server_name, { name: server_name, description, url });
-
-    return Promise.resolve();
-  }
-
-  async removeForUser(user_uuid: string, server_name: string): Promise<void> {
-    const userServers = this.getUserServers(user_uuid);
-    if (userServers.has(server_name)) {
-      userServers.delete(server_name);
-    }
-    return Promise.resolve();
-  }
-
-  private getUserServers(user_uuid: string): CustomMcpServersForUser {
-    let userServers = this.perUser.get(user_uuid);
-    if (!userServers) {
-      userServers = new Map();
-      this.perUser.set(user_uuid, userServers);
-    }
-
-    return userServers;
-  }
-}
-
-export class SessionRegistry implements IMessageProcessor<ClientToServer> {
-  // In memory session-user/user-session mappings
-  // Note: this mappings ONLY trackes online users and will
-  // be cleaned up when the user disconnects.
-  // sessionId -> userIds
-  private sessionUsers: Map<string, Set<string>> = new Map();
-  // userId -> sessionIds
-  private userSessions: Map<string, Set<string>> = new Map();
-
-  // Session instances
-  // sessionId -> OpenSession
-  private openSessions: Map<string, OpenSession> = new Map();
-
-  private guests: Map<string, GuestUser> = new Map();
-
-  private apiKeyManager: ApiKeyManager;
-
-  private customMcpServerManager: CustomMcpServerManager;
-
-  constructor(
-    private db: Database,
-    private connectionManager: IUserConnectionManager<ServerToClient>,
-    private xmcpUrl: string
-  ) {
-    this.apiKeyManager = new ApiKeyManager(db);
-    this.customMcpServerManager = new CustomMcpServerManager(db);
-  }
-
-  /**
-   * Add user to session membership.
-   * Creates session tracking if it doesn't exist.
-   */
-  private addUserToSessionMemory(userId: string, sessionId: string): void {
-    logger.debug(
-      `[SessionRegistry] Adding user ${userId} to session ${sessionId}`
-    );
-
-    // Add to sessionUsers
-    if (!this.sessionUsers.has(sessionId)) {
-      this.sessionUsers.set(sessionId, new Set());
-    }
-    const sessionUserSet = this.sessionUsers.get(sessionId);
-    if (sessionUserSet) {
-      sessionUserSet.add(userId);
-    }
-
-    // Add to userSessions
-    if (!this.userSessions.has(userId)) {
-      this.userSessions.set(userId, new Set());
-    }
-    const userSessionSet = this.userSessions.get(userId);
-    if (userSessionSet) {
-      userSessionSet.add(sessionId);
-    }
-  }
-
-  /**
-   * Remove user from session membership.
-   * Cleans up empty sessions and triggers session cleanup if needed.
-   */
-  private removeUserFromSessionMemory(userId: string, sessionId: string): void {
-    logger.debug(
-      `[SessionRegistry] Removing user ${userId} from session ${sessionId}`
-    );
-
-    // Remove from sessionUsers
-    const sessionUserSet = this.sessionUsers.get(sessionId);
-    if (sessionUserSet) {
-      sessionUserSet.delete(userId);
-      if (sessionUserSet.size === 0) {
-        this.sessionUsers.delete(sessionId);
-        // Clean up session instance when empty
-        const session = this.openSessions.get(sessionId);
-        if (session) {
-          logger.debug(
-            `[SessionRegistry] Triggering cleanup for empty session ` +
-              sessionId
-          );
-          // The onEmpty callback will remove from openSessions map
-
-          logger.debug(
-            `[SessionRegistry] Session ${sessionId} empty. Removing`
-          );
-          session.onEmpty();
-          this.openSessions.delete(sessionId);
-        }
-      }
-    }
-
-    // Remove from userSessions
-    const userSessionSet = this.userSessions.get(userId);
-    if (userSessionSet) {
-      userSessionSet.delete(sessionId);
-      if (userSessionSet.size === 0) {
-        this.userSessions.delete(userId);
-      }
-    }
-
-    logger.info(
-      `[SessionRegistry] User ${userId} removed from session ${sessionId}`
-    );
-  }
-
-  /**
-   * Get all users in a session.
-   */
-  async getSessionUsers(sessionId: string): Promise<Set<string>> {
-    const users = await this.db.sessionGetParticipants(sessionId);
-    return new Set(users.map((u) => u.user_uuid));
-  }
-
-  /**
-   * Get all users in a session.
-   */
-  getInMemorySessionUsers(sessionId: string): Set<string> {
-    return this.sessionUsers.get(sessionId) || new Set();
-  }
-
-  /**
-   * Get all sessions a user belongs to.
-   */
-  getUserSessions(userId: string): Set<string> {
-    return this.userSessions.get(userId) || new Set();
-  }
-
-  /**
-   * Get all sessions a user belongs to in memory.
-   */
-  getInMemoryUserSessions(userId: string): Set<string> {
-    return this.userSessions.get(userId) || new Set();
-  }
-
-  // IMessageProcessor<ClientToServer>
-  async authenticate(token: string): Promise<string | undefined> {
-    // Parse the api key to determine the type of connection
-    const {
-      prefix,
-      apiKey,
-      payload: sessionUUID,
-    } = ApiKeyManager.parseToken(token);
-
-    if (prefix === GUEST_TOKEN_PREFIX) {
-      if (!sessionUUID) {
-        throw new Error(`invalid token ${token}`);
-      }
-
-      const descriptor = await this.getSessionDescriptor(sessionUUID);
-      if (!descriptor) {
-        throw new Error(`no such session ${sessionUUID}`);
-      }
-      if (descriptor.access_token !== token) {
-        throw new Error(`invalid guest key ${apiKey}`);
-      }
-
-      // For now, add a new user to the DB (so simplify the process of adding
-      // users).
-
-      const user_uuid = uuidv4();
-      const email = `${user_uuid}@`;
-      const nickname = "Guest";
-      const timezone = "UTC";
-
-      await this.db.createUser(user_uuid, email, nickname, timezone);
-
-      const user: GuestUser = {
-        uuid: user_uuid,
-        nickname: "Guest",
-        email: "guest",
-        timezone: "UTC",
-        guest_for_session: sessionUUID,
-      };
-      this.guests.set(user_uuid, user);
-      return user.uuid;
-
-      // throw new Error("unimpl");
-      // // return "";
-    }
-
-    const userData = await this.apiKeyManager.verifyApiKey(apiKey);
-    if (!userData) {
-      throw new ChatFatalError("invalid api key");
-    }
-    return userData.uuid;
-  }
-
-  // IMessageProcessor<ClientToServer>
-  async processMessage(
-    connectionId: string,
-    userId: string,
-    message: ClientToServer
-  ): Promise<void> {
-    if (isClientControlMessage(message)) {
-      // handle connection level message
-      await this.processClientControlMessage(connectionId, userId, message);
-    } else {
-      // handle session level message
-      this.processSessionMessage(userId, message as ClientSessionMessage);
-    }
-  }
-
-  private sendControlError(
-    connectionId: string,
-    clientMsgId: string,
-    errorMessage: string
-  ): void {
-    // TODO: Why is this managed at the transport level?
-
-    const errorMsg: ServerControlError = {
-      type: "control_error",
-      message: errorMessage,
-      client_message_id: clientMsgId,
-    };
-    this.connectionManager.sendToConnection(connectionId, errorMsg);
-  }
-
-  private async processClientControlMessage(
-    connectionId: string,
-    userId: string,
-    message: ClientControlMessage
-  ): Promise<void> {
-    switch (message.type) {
-      case "control_agent_profile_create":
-        await this.handleAgentProfileCreate(userId, message);
-        break;
-      case "control_agent_profile_delete":
-        await this.handleAgentProfileDelete(userId, message);
-        break;
-      case "control_get_session_list":
-        await this.handleGetSessionList(connectionId, userId, message);
-        break;
-      case "control_session_create":
-        await this.handleSessionCreate(connectionId, userId, message);
-        break;
-      case "control_session_join":
-        await this.handleSessionJoin(connectionId, userId, message);
-        break;
-      case "control_session_delete":
-        await this.handleSessionDelete(connectionId, userId, message);
-        break;
-      case "control_team_create":
-        await this.handleTeamCreate(connectionId, userId, message);
-        break;
-      case "control_add_team_user":
-        await this.handleAddTeamUser(connectionId, userId, message);
-        break;
-      case "control_remove_team_user":
-        await this.handleRemoveTeamUser(connectionId, userId, message);
-        break;
-      case "control_add_custom_mcp_server":
-        await this.handleAddCustomMcpServer(userId, message);
-        break;
-      case "control_remove_custom_mcp_server":
-        await this.handleRemoveCustomMcpServer(userId, message);
-        break;
-      default: {
-        const exhaustive: never = message;
-        // unknown connection type should be a fatal error
-        throw new ChatFatalError(
-          `Unknown connection message type: ${String(exhaustive)}`
-        );
-      }
-    }
-  }
-
-  private async handleAddCustomMcpServer(
-    userId: string,
-    message: ClientControlAddCustomMcpServer
-  ): Promise<void> {
-    await this.customMcpServerManager.addForUser(
-      userId,
-      message.server_name,
-      message.description,
-      message.url
-    );
-    this.connectionManager.sendToUsers([userId], {
-      type: "control_custom_mcp_server_added",
-      server_name: message.server_name,
-      url: message.url,
-    });
-  }
-
-  private async handleRemoveCustomMcpServer(
-    userId: string,
-    message: ClientControlRemoveCustomMcpServer
-  ): Promise<void> {
-    await this.customMcpServerManager.removeForUser(
-      userId,
-      message.server_name
-    );
-    this.connectionManager.sendToUsers([userId], {
-      type: "control_custom_mcp_server_removed",
-      server_name: message.server_name,
-    });
-  }
-
-  /**
-   * Handle session_list request
-   */
-  private async handleGetSessionList(
-    connectionId: string,
-    userId: string,
-    message: ClientControlGetSessionList
-  ): Promise<void> {
-    try {
-      const [userSessions, teamSessions, userAgents] =
-        await this.getAllAgentsAndSessionsByUser(userId);
-
-      // Mark any guest session as a user session
-
-      const guest = this.guests.get(userId);
-      if (guest) {
-        const guestSession = await this.db.sessionGetDescriptorById(
-          guest.guest_for_session
-        );
-        if (guestSession) {
-          userSessions.push(guestSession);
-        }
-      }
-
-      const response: ServerControlSessionList = {
-        type: "control_session_list",
-        user_sessions: userSessions,
-        team_sessions: teamSessions,
-        user_agents: userAgents,
-        client_message_id: message.client_message_id,
-        custom_mcp_servers: this.customMcpServerManager.getForUser(userId),
-      };
-
-      this.connectionManager.sendToConnection(connectionId, response);
-      logger.info(
-        `[ConnectionManager] Sent ` +
-          `${String(userSessions.length)} user sessions and ` +
-          `${String(teamSessions.length)} team sessions to user ${userId}`
-      );
-    } catch (error) {
-      logger.error(`[ConnectionManager] Failed to get session list:`, error);
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        JSON.stringify(error)
-      );
-    }
-  }
-
-  private async handleSessionDelete(
-    connectionId: string,
-    userId: string,
-    message: ClientControlSessionDelete
-  ): Promise<void> {
-    const sessionId = message.target_session_id;
-    try {
-      // validate the session access
-      await this.validateSessionAccess(sessionId, userId, "owner");
-
-      // get users/team-uuid before deletion
-      const [users, sessionData] = await Promise.all([
-        this.getSessionUsers(sessionId),
-        this.db.sessionGetDescriptorById(sessionId),
-      ]);
-      const teamUuid = sessionData?.team_uuid;
-
-      if (!sessionData) {
-        throw new ChatFatalError(`No such session: ${sessionId}`);
-      }
-
-      // delete the session from database
-      await this.db.sessionDeleteById(sessionId);
-
-      // remove the session from memory (should be no thrown from here)
-      const session = this.openSessions.get(sessionId);
-      if (session) {
-        const users = this.getInMemorySessionUsers(sessionId);
-        for (const user of users) {
-          this.removeUserFromSessionMemory(user, sessionId);
-        }
-      }
-      this.openSessions.delete(sessionId);
-
-      // send confirmation to the client
-      const response: ServerControlSessionDeleted = {
-        type: "control_session_deleted",
-        session_id: sessionId,
-        team_uuid: teamUuid,
-        agent_profile_uuid: sessionData.agent_profile_uuid,
-        client_message_id: message.client_message_id,
-      };
-      this.connectionManager.sendToUsers(users, response);
-    } catch (error) {
-      logger.error(
-        `[SessionRegistry] Error delete session ${sessionId}:`,
-        error
-      );
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        String(error)
-      );
-    }
-  }
-
-  /**
-   * Handle team_create_request message - creates a new team.
-   * @param connectionId  connection id
-   * @param userId  user id
-   * @param message  team create request message
-   */
-  private async handleTeamCreate(
-    connectionId: string,
-    userId: string,
-    message: ClientControlTeamCreate
-  ): Promise<void> {
-    try {
-      // Resolve all initial members in parallel
-      // this contains undefined to mark failed lookups
-      const resolvedMemberIds = await Promise.all(
-        message.initial_members.map((member) =>
-          resolveUserIdentifier(this.db, member)
-        )
-      );
-
-      const failedLookups: string[] = [];
-      const validMemberIds: string[] = [];
-      const participants: TeamParticipant[] = [];
-
-      // No need to filter out the owner here, that is done in
-      // `createTeamWithParticipants`
-      resolvedMemberIds.forEach((user, index) => {
-        if (user) {
-          validMemberIds.push(user.uuid);
-          participants.push({
-            user_uuid: user.uuid,
-            nickname: user.nickname || "",
-            email: user.email,
-            role: "participant",
-          });
-        } else {
-          failedLookups.push(message.initial_members[index]);
-        }
-      });
-
-      // Create the team with initial participants
-      const teamUuid = await this.db.createTeamWithParticipants(
-        message.team_name,
-        userId,
-        validMemberIds
-      );
-
-      // Create a default agent for the new team
-      const defaultAgentProfile = await this.db.createAgentProfile(
-        undefined,
-        teamUuid,
-        DEFAULT_AGENT_PROFILE_NAME,
-        DEFAULT_AGENT_PROFILE
-      );
-
-      if (!defaultAgentProfile) {
-        throw new Error(
-          `Failed to create default agent profile for team ${teamUuid}`
-        );
-      }
-
-      // Get owner's information and add to participants for the response
-      const ownerInfo = await this.db.getUserFromUuid(userId);
-      if (!ownerInfo) {
-        throw new Error(`Cannot find owner user data for user ${userId}`);
-      }
-
-      const ownerParticipant: TeamParticipant = {
-        user_uuid: userId,
-        nickname: ownerInfo.nickname || "",
-        email: ownerInfo.email,
-        role: "owner",
-      };
-
-      const response: ServerControlTeamCreated = {
-        type: "control_team_created",
-        team_uuid: teamUuid,
-        team_owner_uuid: userId,
-        team_name: message.team_name,
-        members: [ownerParticipant, ...participants],
-        failed_lookups: failedLookups,
-      };
-      const members = new Set(validMemberIds);
-      members.add(userId);
-      this.connectionManager.sendToUsers(members, response);
-
-      // Broadcast the default agent profile to all team members
-      this.connectionManager.sendToUsers(members, {
-        type: "control_agent_profile_created",
-        profile: defaultAgentProfile,
-      });
-    } catch (error) {
-      logger.error(`[SessionRegistry] Error creating team: ${String(error)}`);
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        String(error)
-      );
-    }
-  }
-
-  /**
-   * Process session-scoped client message.
-   * Handles membership messages here, others to OpenSession.
-   */
-  private processSessionMessage(
-    userId: string,
-    message: ClientSessionMessage
-  ): void {
-    const sessionId = message.session_id;
-    logger.info(
-      `[SessionRegistry] Processing message from user ${userId} in session ` +
-        sessionId
-    );
-
-    const session = this.openSessions.get(sessionId);
-    if (!session) {
-      throw new ChatFatalError(`Internal error: No such session ${sessionId}`);
-    }
-
-    // Forward all other messages to OpenSession
-    session.onClientSessionMessage(userId, message);
-  }
-
-  /**
-   * Handle add_user message - adds user to team.
-   */
-  private async handleAddTeamUser(
-    connectionId: string,
-    fromUserId: string,
-    message: ClientControlAddTeamUser
-  ): Promise<void> {
-    // Validate permissions - only owner can add users
-    const access = await this.validateTeamAccess(
-      message.target_team_id,
-      fromUserId,
-      "owner"
-    );
-
-    if (!access) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "Only team owner can add users"
-      );
-      return;
-    }
-    // Resolve user identifier
-    const user = await resolveUserIdentifier(
-      this.db,
-      message.user_uuid_or_email
-    );
-    if (!user) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "User not found"
-      );
-      return;
-    }
-
-    // Check if user is already a participant
-    const participants = await this.db.teamGetMembers(message.target_team_id);
-    if (participants.some((p) => p.user_uuid === user.uuid)) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "User is already a participant"
-      );
-      return;
-    }
-
-    // Update database
-    try {
-      await this.db.teamAddMember(message.target_team_id, user.uuid);
-    } catch (error) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "Server Internal Error: cannot add user."
-      );
-      logger.error(
-        `[SessionRegistry] Error adding user ${user.uuid}` +
-          ` to team ${message.target_team_id}:`,
-        error
-      );
-      return;
-    }
-
-    // add user to related active sessions
-    const sessions = await this.db.teamGetSessions(message.target_team_id);
-    for (const sessionData of sessions) {
-      const session = this.openSessions.get(sessionData.session_uuid);
-      if (session) {
-        session.addParticipant(user.uuid, {
-          user_uuid: user.uuid,
-          nickname: user.nickname || "",
-          email: user.email,
-          role: "participant",
-        });
-      }
-    }
-
-    // Notify all team members about the updated member list
-    const updatedParticipants = await this.db.teamGetMembers(
-      message.target_team_id
-    );
-    this.connectionManager.sendToUsers(
-      new Set(updatedParticipants.map((p) => p.user_uuid)),
-      {
-        type: "control_team_members_updated",
-        team_uuid: message.target_team_id,
-        members: updatedParticipants,
-      }
-    );
-
-    logger.info(
-      `[SessionRegistry] User ${user.uuid}` +
-        `added to team ${message.target_team_id}`
-    );
-  }
-
-  /**
-   * Handle remove_user message - removes user from session membership.
-   * Only session owner can remove users.
-   */
-  private async handleRemoveTeamUser(
-    connectionId: string,
-    fromUserId: string,
-    message: ClientControlRemoveTeamUser
-  ): Promise<void> {
-    // Validate permissions - only owner can remove users
-    const access = await this.validateTeamAccess(
-      message.target_team_id,
-      fromUserId,
-      "owner"
-    );
-    if (!access) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "Only team owner can remove users"
-      );
-      return;
-    }
-
-    // Resolve user identifier
-    const user = await resolveUserIdentifier(
-      this.db,
-      message.user_uuid_or_email
-    );
-    if (!user) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "User not found"
-      );
-      return;
-    }
-
-    // owner cannot remove her/himself
-    if (user.uuid === fromUserId) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "Owner cannot remove herself/himself"
-      );
-      return;
-    }
-
-    // Check if user is actually a participant
-    const participants = await this.db.teamGetMembers(message.target_team_id);
-    if (!participants.some((p) => p.user_uuid === user.uuid)) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "User is not a participant"
-      );
-      return;
-    }
-
-    // Remove from database
-    try {
-      await this.db.teamRemoveMember(message.target_team_id, user.uuid);
-    } catch (error) {
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        "Server Internal Error: cannot remove user."
-      );
-      logger.error(
-        `[SessionRegistry] Error removing user ${user.uuid}` +
-          ` from team ${message.target_team_id}:`,
-        error
-      );
-      return;
-    }
-
-    // Update OpenSession's participant map and in memory tracking
-    const sessions = await this.db.teamGetSessions(message.target_team_id);
-    for (const sessionData of sessions) {
-      const session = this.openSessions.get(sessionData.session_uuid);
-      if (session) {
-        session.removeParticipant(user.uuid);
-        this.removeUserFromSessionMemory(user.uuid, sessionData.session_uuid);
-      }
-    }
-
-    // Notify all remaining team members about the updated member list
-    const updatedParticipants = await this.db.teamGetMembers(
-      message.target_team_id
-    );
-    this.connectionManager.sendToUsers(
-      new Set(updatedParticipants.map((p) => p.user_uuid)),
-      {
-        type: "control_team_members_updated",
-        team_uuid: message.target_team_id,
-        members: updatedParticipants,
-      }
-    );
-
-    logger.info(
-      `[SessionRegistry] User ${user.uuid} ` +
-        `removed from team ${message.target_team_id}`
-    );
-  }
-
-  /**
-   * Get session instance, if the session has not been initialized,
-   * it will be.
-   */
-  private async getAndActivateSession(
-    sessionId: string
-  ): Promise<{ session: OpenSession; isNew: boolean } | undefined> {
-    if (this.openSessions.has(sessionId)) {
-      logger.info(`[SessionRegistry] Session ${sessionId} already exists`);
-      const session = this.openSessions.get(sessionId);
-      if (!session) {
-        throw new ChatFatalError(
-          `Internal error: No such session: ${sessionId}`
-        );
-      }
-      return { session, isNew: false };
-    } else {
-      logger.info(`[SessionRegistry] loading session ${sessionId}`);
-      const session = await OpenSession.initWithExistingSession(
-        this.db,
-        sessionId,
-        this.xmcpUrl,
-        this.connectionManager
-      );
-      return { session, isNew: true };
-    }
-  }
-
-  /**
-   * Handle user joining a session.
-   * Activates the session if not already active.
-   * return the session info to the client joining the session.
-   */
-  async handleSessionJoin(
-    connectionId: string,
-    userId: string,
-    message: ClientControlSessionJoin
-  ): Promise<void> {
-    const sessionId = message.target_session_id;
-    logger.info(
-      `[SessionRegistry] Joining session ${sessionId} for user ${userId}`
-    );
-    try {
-      // Validate session access permissions
-      const access = await this.validateSessionAccess(sessionId, userId);
-      if (!access) {
-        throw new ChatFatalError(
-          `User ${userId} is not authorized to join session ${sessionId}`
-        );
-      }
-
-      // get or create the session
-      const sessionInfo = await this.getAndActivateSession(sessionId);
-      if (!sessionInfo) {
-        // this in theory should not happen
-        // since we have validated the access
-        throw new ChatFatalError(
-          `Server internal error: ` + `failed to load session ${sessionId}`
-        );
-      }
-      const { session, isNew } = sessionInfo;
-
-      const guest = this.guests.get(userId);
-      if (guest) {
-        session.addParticipant(userId, {
-          user_uuid: guest.uuid,
-          nickname: guest.nickname || "Guest",
-          email: guest.email,
-          role: "participant",
-        });
-      }
-      // To this point, there should be no error thrown.
-      // Update in-memory session-user/user-session mappings
-      this.addUserToSessionMemory(userId, sessionId);
-
-      // Register session immediately
-      if (!this.openSessions.has(sessionId)) {
-        this.openSessions.set(sessionId, session);
-      }
-
-      // pass the message to the session to handle the rest
-      await session.sendSessionData(
-        connectionId,
-        message.client_message_id,
-        isNew
-      );
-    } catch (error) {
-      logger.error(
-        `[SessionRegistry] Error handling user join: ${String(error)}`
-      );
-      this.sendControlError(
-        connectionId,
-        message.client_message_id,
-        String(error)
-      );
-    }
-  }
-
-  async handleAgentProfileCreate(
-    userId: string,
-    message: ClientControlAgentProfileCreate
-  ): Promise<string> {
-    // get agent profile from template
-    let agentProfileFromTemplate: AgentProfile | undefined = undefined;
-    if (message.template_name) {
-      const template = await this.db.agentTemplateGetByName(
-        message.template_name
-      );
-      if (!template) {
-        throw new Error(`template ${message.template_name} not found`);
-      }
-      agentProfileFromTemplate = template.agent_profile;
-    }
-
-    const newAgentProfile: AgentProfile =
-      agentProfileFromTemplate ||
-      new AgentProfile(
-        message.model || DEFAULT_AGENT_PROFILE.model,
-        DEFAULT_AGENT_PROFILE.system_prompt,
-        DEFAULT_AGENT_PROFILE.mcp_settings
-      );
-    const team_uuid = message.team_uuid || undefined;
-
-    if (team_uuid) {
-      // TODO: should be able to reconstruct the full SavedAgentProfile in one
-      // call.
-      const savedAgentProfile = await this.db.createAgentProfile(
-        undefined,
-        team_uuid,
-        message.title,
-        newAgentProfile
-      );
-      if (!savedAgentProfile) {
-        throw new Error(
-          "failed creating team agent profile (createAgentProfile)"
-        );
-      }
-
-      // Broadcast the new AgentProfile to all participants
-
-      const participants = await this.db.teamGetMembers(team_uuid);
-      this.connectionManager.sendToUsers(
-        new Set(participants.map((p) => p.user_uuid)),
-        { type: "control_agent_profile_created", profile: savedAgentProfile }
-      );
-      return savedAgentProfile.uuid;
-    }
-
-    // User AgentProfile
-
-    const savedAgentProfile = await this.db.createAgentProfile(
-      userId,
-      undefined,
-      message.title,
-      newAgentProfile
-    );
-    if (!savedAgentProfile) {
-      throw new Error("failed creating agent profile (createAgentProfile)");
-    }
-
-    // Send the new AgentProfile to the user
-    this.connectionManager.sendToUsers(new Set([userId]), {
-      type: "control_agent_profile_created",
-      profile: savedAgentProfile,
-    });
-
-    return savedAgentProfile.uuid;
-  }
-
-  async handleAgentProfileDelete(
-    userId: string,
-    message: ClientControlAgentProfileDelete
-  ): Promise<void> {
-    const agentProfileUuid = message.agent_profile_uuid;
-
-    // Get the agent profile to determine if it's a team or user profile
-    const agentProfile =
-      await this.db.getSavedAgentProfileById(agentProfileUuid);
-    if (!agentProfile) {
-      throw new Error(`Agent profile ${agentProfileUuid} not found`);
-    }
-
-    // Validate team access: user must own the profile or be in the team
-    // TODO: Only allow the owner to delete the profile?
-    if (agentProfile.team_uuid) {
-      const hasAccess = await this.validateTeamAccess(
-        agentProfile.team_uuid,
-        userId
-      );
-      if (!hasAccess) {
-        throw new Error(
-          `User ${userId} is not authorized to delete this agent profile`
-        );
-      }
-    }
-
-    // Delete the agent profile from database
-    await this.db.deleteAgentProfile(agentProfileUuid);
-
-    // Send confirmation to all relevant users
-    if (agentProfile.team_uuid) {
-      const participants = await this.db.teamGetMembers(agentProfile.team_uuid);
-      this.connectionManager.sendToUsers(
-        new Set(participants.map((p) => p.user_uuid)),
-        {
-          type: "control_agent_profile_deleted",
-          profile_uuid: agentProfileUuid,
-        }
-      );
-    } else {
-      this.connectionManager.sendToUsers(new Set([userId]), {
-        type: "control_agent_profile_deleted",
-        profile_uuid: agentProfileUuid,
-      });
-    }
-  }
-
-  /**
-   * Create a new session for a user.
-   * - create session in database (via `newSession`)
-   * - create an OpenSession instance
-   * - return the session info
-   */
-  async handleSessionCreate(
-    connectionId: string,
-    fromUserId: string,
-    message: ClientControlSessionCreate
-  ): Promise<void> {
-    try {
-      // If agent not given, create one and inform the client
-
-      if (!message.agent_profile_id) {
-        logger.info("[handleSessionCreate] creating new AgentProfile");
-
-        // Create AgentProfile and inform the client
-        message.agent_profile_id = await this.handleAgentProfileCreate(
-          fromUserId,
-          {
-            type: "control_agent_profile_create",
-            title: "New Agent " + uuidv4(),
-            user_uuid: fromUserId,
-            team_uuid: message.team_id,
-          }
-        );
-      }
-
-      // Create new session and get its instance
-      const { openSession, sessionId } = message.team_id
-        ? await this.newTeamSession(
-            fromUserId,
-            message.team_id,
-            message.title,
-            message.agent_profile_id
-          )
-        : await this.newUserSession(
-            fromUserId,
-            message.title,
-            message.agent_profile_id
-          );
-
-      // there should be no further error thrown from now.
-      // Register session immediately
-      this.openSessions.set(sessionId, openSession);
-
-      // add owner to session memory
-      this.addUserToSessionMemory(fromUserId, sessionId);
-
-      // send session info to the connection.  It has just been created so we
-      // must also restore the mcp servers.
-      await openSession.sendSessionData(
-        connectionId,
-        message.client_message_id,
-        true
-      );
-
-      logger.info(
-        `[SessionRegistry] new session ${sessionId}:` +
-          ` ${message.title} for ${fromUserId}`
-      );
-    } catch (error) {
-      const errStr = getErrorString(error);
-      logger.error(`[SessionRegistry] Error in session create: ${errStr}`);
-      this.sendControlError(connectionId, message.client_message_id, errStr);
-    }
-  }
-
-  /**
-   * Create a new user session.
-   */
-  private async newUserSession(
-    ownerId: string,
-    title: string,
-    agentProfileId: string
-  ): Promise<{ openSession: OpenSession; sessionId: string }> {
-    // validate the agent profile
-    await this.validateSavedAgentProfile(agentProfileId);
-
-    const newSessionData: SessionDescriptor = {
-      ...userSessionCreateData(ownerId, title, agentProfileId),
-      updated_at: new Date().toISOString(),
-    };
-    const openSession = await OpenSession.initWithEmptySession(
-      this.db,
-      newSessionData,
-      this.xmcpUrl,
-      this.connectionManager
-    );
-    return { sessionId: newSessionData.session_uuid, openSession };
-  }
-
-  /**
-   * Create a new team session.
-   */
-  private async newTeamSession(
-    fromUserId: string,
-    teamId: string,
-    title: string,
-    agentProfileId: string
-  ): Promise<{ openSession: OpenSession; sessionId: string }> {
-    // validate agent profile and team access
-    const [_savedAgentProfile, access, participants] = await Promise.all([
-      this.validateSavedAgentProfile(agentProfileId),
-      this.validateTeamAccess(teamId, fromUserId),
-      this.db.teamGetMembers(teamId),
-    ]);
-
-    if (!access) {
-      throw new ChatFatalError(
-        `User ${fromUserId} is not a participant of team ${teamId}`
-      );
-    }
-
-    const newSessionData: SessionDescriptor = {
-      ...teamSessionCreateData(
-        teamId,
-        participants,
-        fromUserId,
-        title,
-        agentProfileId
-      ),
-      updated_at: new Date().toISOString(),
-    };
-
-    // initialize the open session
-    const openSession = await OpenSession.initWithEmptySession(
-      this.db,
-      newSessionData,
-      this.xmcpUrl,
-      this.connectionManager
-    );
-    return { sessionId: newSessionData.session_uuid, openSession };
-  }
-
-  /**
-   * Gracefully shutdown all sessions and clean up resources.
-   */
-  shutdown(): void {
-    logger.info(
-      `[SessionRegistry] Shutting down ` +
-        String(this.openSessions.size) +
-        ` sessions`
-    );
-
-    // Create list of sessions to avoid concurrent modification
-    const sessionsToClose = Array.from(this.openSessions.keys());
-
-    for (const sessionId of sessionsToClose) {
-      const session = this.openSessions.get(sessionId);
-      if (session) {
-        logger.debug(`[SessionRegistry] Closing session ${sessionId}`);
-        try {
-          // Trigger the session's cleanup
-          session.onEmpty();
-        } catch (error) {
-          logger.error(
-            `[SessionRegistry] Error closing session ${sessionId}:`,
-            error
-          );
-        }
-      }
-    }
-
-    // Clear all maps
-    this.sessionUsers.clear();
-    this.userSessions.clear();
-    this.openSessions.clear();
-
-    logger.info(`[SessionRegistry] Shutdown complete`);
-  }
-
-  /**
-   * Handle user disconnect - clean up from all sessions.
-   * Called when a connection is closed to ensure proper cleanup.
-   */
-  async handleUserDisconnect(userId: string): Promise<void> {
-    logger.info(`[SessionRegistry] Handling disconnect for user ${userId}`);
-
-    // If the user is a guest, remove his DB entry.
-    const guest = this.guests.get(userId);
-    if (guest) {
-      const session = this.openSessions.get(guest.guest_for_session);
-      if (session) {
-        session.removeParticipant(userId);
-      }
-      this.guests.delete(userId);
-      try {
-        logger.info(
-          `[SessionRegistry.handleUserDisconnect] deleting user ${userId}`
-        );
-        await this.db.deleteUser(userId);
-      } catch (e) {
-        logger.warn(`error removing guest ${userId}: ${getErrorString(e)}`);
-      }
-    }
-
-    // Get all sessions the user is in (copy to avoid concurrent modification)
-    const userSessionIds = this.getInMemoryUserSessions(userId);
-    const sessionsToLeave = Array.from(userSessionIds);
-
-    // Remove user from each session
-    for (const sessionId of sessionsToLeave) {
-      this.removeUserFromSessionMemory(userId, sessionId);
-    }
-
-    logger.info(
-      `[SessionRegistry] User ${userId} removed` +
-        ` from ${String(sessionsToLeave.length)} sessions`
-    );
-  }
-
-  /**
-   * Get all sessions for a user,
-   * including user solo sessions and team sessions.
-   * This will also create a default agent profile if none exists.
-   */
-  private async getAllAgentsAndSessionsByUser(
-    userId: string
-  ): Promise<[SessionData[], TeamInfo[], SavedAgentProfile[]]> {
-    const [userSessions, teamInfos, userAgents] = await Promise.all([
-      this.db.getUserSessions(userId),
-      this.db.getTeamInfosByUser(userId),
-      this.agentProfilesGetByUserOrDefault(userId),
-    ]);
-
-    return [userSessions, teamInfos, userAgents];
-  }
-
-  private async agentProfilesGetByUserOrDefault(
-    userId: string
-  ): Promise<SavedAgentProfile[]> {
-    const agentProfiles = await this.db.agentProfilesGetByUser(userId);
-    if (agentProfiles.length === 0) {
-      const profileName = DEFAULT_AGENT_PROFILE_NAME;
-      const profile = await this.db.createAgentProfile(
-        userId,
-        undefined,
-        profileName,
-        DEFAULT_AGENT_PROFILE
-      );
-      if (!profile) {
-        throw new Error(`No such agent profile: ${profileName}`);
-      }
-      return [profile];
-    }
-    return agentProfiles;
-  }
-
-  /**
-   * Validates that an agent profile exists in the database.
-   */
-  private async validateSavedAgentProfile(
-    agentProfileId: string
-  ): Promise<SavedAgentProfile> {
-    const savedAgentProfile =
-      await this.db.getSavedAgentProfileById(agentProfileId);
-    if (!savedAgentProfile) {
-      throw new ChatFatalError(`No such agent profile: ${agentProfileId}`);
-    }
-    return savedAgentProfile;
-  }
-
-  /**
-   * Validates that a user has permission to access a session.
-   */
-  async validateSessionAccess(
-    sessionId: string,
-    userId: string,
-    accessType?: "participant" | "owner"
-  ): Promise<boolean> {
-    const session = this.openSessions.get(sessionId);
-    if (session) {
-      // in memory session
-      const participants = session.getParticipants();
-      const role = participants.get(userId);
-      if (!role) {
-        // Check for guest access
-        const guest = this.guests.get(userId);
-        if (guest && guest.guest_for_session === sessionId) {
-          return !accessType || accessType === "participant";
-        }
-
-        // Not authorized to join the session
-        return false;
-      } else {
-        return !accessType || role.role === accessType;
-      }
-    } else {
-      // fetch the session from database
-      const participants = await this.db.sessionGetParticipants(sessionId);
-      const role = participants.find((p) => p.user_uuid === userId)?.role;
-      if (!role) {
-        // Check for guest access
-        const guest = this.guests.get(userId);
-        logger.info(`[validateSessionAccess] guest: ${JSON.stringify(guest)}`);
-        if (guest && guest.guest_for_session === sessionId) {
-          return !accessType || accessType === "participant";
-        }
-
-        return false;
-      } else {
-        return !accessType || role === accessType;
-      }
-    }
-  }
-
-  /**
-   * Validates that a user has permission to access a team.
-   */
-  private async validateTeamAccess(
-    teamId: string,
-    userId: string,
-    accessType?: "participant" | "owner"
-  ): Promise<boolean> {
-    const participants = await this.db.teamGetMembers(teamId);
-    const role = participants.find((p) => p.user_uuid === userId)?.role;
-    if (!role) {
-      return false;
-    } else {
-      return !accessType || role === accessType;
-    }
-  }
-
-  /**
-   * Read from DB if the session is not active
-   */
-  private async getSessionDescriptor(
-    sessionId: string
-  ): Promise<SessionDescriptor | undefined> {
-    const session = this.openSessions.get(sessionId);
-    if (session) {
-      return session.getDescriptor();
-    } else {
-      // fetch the session from database
-      return this.db.sessionGetDescriptorById(sessionId);
-    }
-  }
-}
-
-export function userSessionCreateData(
-  ownerId: string,
-  title: string,
-  agentProfileId: string
-): SessionCreateData {
-  return {
-    session_uuid: Database.sessionNewUUID(),
-    title,
-    team_uuid: undefined,
-    agent_profile_uuid: agentProfileId,
-    user_uuid: ownerId,
-    agent_paused: false,
-  };
-}
-
-export function teamSessionCreateData(
-  teamId: string,
-  participants: TeamParticipant[],
-  ownerId: string,
-  title: string,
-  agentProfileId: string
-): SessionCreateData {
-  return {
-    session_uuid: Database.sessionNewUUID(),
-    title,
-    team_uuid: teamId,
-    participants,
-    agent_profile_uuid: agentProfileId,
-    user_uuid: ownerId,
-    agent_paused: false,
-  };
-}