appostle-installer 0.0.14 → 0.0.15

package/dist/appostle.js

@@ -1832,7 +1832,13 @@ function extractTimestamps(record) {
     // Fork lineage — preserved across resume so the in-memory ManagedAgent
     // can flow `parentAgentId` into snapshots that drive the tab Split icon.
     ...record.parentAgentId ? { parentAgentId: record.parentAgentId } : {},
-    ...record.forkedFromMessageUuid ? { forkedFromMessageUuid: record.forkedFromMessageUuid } : {}
+    ...record.forkedFromMessageUuid ? { forkedFromMessageUuid: record.forkedFromMessageUuid } : {},
+    // Multi-tenant ownership — closes the daemon-restart gap. Old records
+    // lack these fields → ownerUserId stays undefined (→ null in
+    // registerSession), agent rehydrates as unscoped.
+    ownerUserId: record.ownerUserId ?? null,
+    sharedWithUserIds: record.sharedWithUserIds ?? [],
+    ownerUsername: record.ownerUsername ?? null
   };
 }
 function hasRegisteredProvider(registeredProviders, value) {
@@ -1916,6 +1922,11 @@ function toAgentPayload(agent, options) {
     title: options?.title ?? null,
     labels: agent.labels,
     internal: agent.internal,
+    // Surface ownership so the client can render an owner badge / detect
+    // "shared with me" agents. `sharedWithUserIds` deliberately stays off
+    // the snapshot — only owners read the full ACL, via the dedicated
+    // `list_agent_shared_users_request` RPC.
+    ownerUserId: agent.ownerUserId,
     // Fork lineage — the client's tab descriptor uses `parentAgentId` to
     // mark the agent as a fork (Split glyph). Carry it from the live
     // ManagedAgent so the marker doesn't disappear once the agent is
@@ -3982,7 +3993,19 @@ var AgentSnapshotPayloadSchema = z11.object({
    * lists at display time. The agent itself is a real, full-featured session
    * in every other respect; `internal` is a UI visibility hint, nothing more.
    */
-  internal: z11.boolean().optional()
+  internal: z11.boolean().optional(),
+  /**
+   * Multi-tenant ownership (Phase 2c/4). Surfaces the auth-server user-id
+   * of the agent's creator so the app can render an owner badge and
+   * detect "shared with me" state (owner !== current user). Optional/
+   * nullable for legacy agents created before per-agent ownership
+   * existed — those render without a badge.
+   *
+   * NOTE: `sharedWithUserIds` is intentionally NOT exposed here. Only the
+   * owner can enumerate the full ACL, via `list_agent_shared_users_request`.
+   * The snapshot stays cheap and recipient-safe.
+   */
+  ownerUserId: z11.string().nullable().optional()
 });
 var VoiceAudioChunkMessageSchema = z11.object({
   type: z11.literal("voice_audio_chunk"),
@@ -5191,6 +5214,74 @@ var DeleteSessionUploadResponseSchema = z11.object({
     })
   ])
 });
+var ShareAgentWithUserRequestSchema = z11.object({
+  type: z11.literal("share_agent_with_user_request"),
+  requestId: z11.string(),
+  /** Accepts full ID, unique prefix, or exact full title (server resolves). */
+  agentId: z11.string(),
+  /** Auth-server user-id of the recipient. */
+  userId: z11.string()
+});
+var ShareAgentWithUserResponseSchema = z11.object({
+  type: z11.literal("share_agent_with_user_response"),
+  payload: z11.discriminatedUnion("ok", [
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(true),
+      /** Updated ACL after the share applied (owner is not included). */
+      sharedWithUserIds: z11.array(z11.string())
+    }),
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(false),
+      error: z11.string()
+    })
+  ])
+});
+var UnshareAgentWithUserRequestSchema = z11.object({
+  type: z11.literal("unshare_agent_with_user_request"),
+  requestId: z11.string(),
+  agentId: z11.string(),
+  userId: z11.string()
+});
+var UnshareAgentWithUserResponseSchema = z11.object({
+  type: z11.literal("unshare_agent_with_user_response"),
+  payload: z11.discriminatedUnion("ok", [
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(true),
+      sharedWithUserIds: z11.array(z11.string())
+    }),
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(false),
+      error: z11.string()
+    })
+  ])
+});
+var ListAgentSharedUsersRequestSchema = z11.object({
+  type: z11.literal("list_agent_shared_users_request"),
+  requestId: z11.string(),
+  agentId: z11.string()
+});
+var ListAgentSharedUsersResponseSchema = z11.object({
+  type: z11.literal("list_agent_shared_users_response"),
+  payload: z11.discriminatedUnion("ok", [
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(true),
+      /** Auth-server user-id of the owner (always present when ok). */
+      ownerUserId: z11.string().nullable(),
+      /** Auth-server user-ids that the owner has granted access to. */
+      sharedWithUserIds: z11.array(z11.string())
+    }),
+    z11.object({
+      requestId: z11.string(),
+      ok: z11.literal(false),
+      error: z11.string()
+    })
+  ])
+});
 var SessionImageSchema = z11.object({
   id: z11.string(),
   fileName: z11.string(),
@@ -5433,6 +5524,9 @@ var SessionInboundMessageSchema = z11.discriminatedUnion("type", [
   DeleteSessionUploadRequestSchema,
   ListSessionImagesRequestSchema,
   DeleteSessionImageRequestSchema,
+  ShareAgentWithUserRequestSchema,
+  UnshareAgentWithUserRequestSchema,
+  ListAgentSharedUsersRequestSchema,
   FetchAttachmentBytesRequestSchema
 ]);
 var ActivityLogPayloadSchema = z11.object({
@@ -7016,6 +7110,9 @@ var SessionOutboundMessageSchema = z11.discriminatedUnion("type", [
   DeleteSessionUploadResponseSchema,
   ListSessionImagesResponseSchema,
   DeleteSessionImageResponseSchema,
+  ShareAgentWithUserResponseSchema,
+  UnshareAgentWithUserResponseSchema,
+  ListAgentSharedUsersResponseSchema,
   FetchAttachmentBytesResponseSchema
 ]);
 var WSPingMessageSchema = z11.object({
@@ -7209,7 +7306,7 @@ import { exec } from "node:child_process";
 import { promisify as promisify3 } from "util";
 import { join as join14, resolve as resolve9, sep as sep2 } from "path";
 import { homedir as homedir5, hostname as osHostname } from "node:os";
-import { z as z36 } from "zod";
+import { z as z38 } from "zod";
 
 // ../server/src/server/persisted-config.ts
 import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "node:fs";
@@ -7723,7 +7820,9 @@ function ensurePrng() {
   const cryptoObj = globalThis.crypto;
   if (cryptoObj?.getRandomValues) {
     nacl.setPRNG((x, n) => {
-      cryptoObj.getRandomValues(x.subarray(0, n));
+      const buf = new Uint8Array(n);
+      cryptoObj.getRandomValues(buf);
+      x.set(buf, 0);
     });
     prngReady = true;
     return;
@@ -7834,8 +7933,8 @@ function base64ToArrayBuffer(base64) {
 // ../relay/dist/encrypted-channel.js
 var HANDSHAKE_RETRY_MS = 1e3;
 var MAX_PENDING_SENDS = 200;
-async function createClientChannel(transport, daemonPublicKeyB64, events = {}) {
-  const keyPair = generateKeyPair();
+async function createClientChannel(transport, daemonPublicKeyB64, events = {}, staticKeyPair) {
+  const keyPair = staticKeyPair ?? generateKeyPair();
   const daemonPublicKey = importPublicKey(daemonPublicKeyB64);
   const sharedKey = deriveSharedKey(keyPair.secretKey, daemonPublicKey);
   const channel = new EncryptedChannel(transport, sharedKey, events);
@@ -8007,6 +8106,16 @@ var EncryptedChannel = class {
   isOpen() {
     return this.state === "open";
   }
+  /**
+   * Peer's X25519 public key (base64) captured during the daemon-side
+   * handshake. Returns `null` on the client side or when the channel was
+   * built without this metadata (legacy code paths). Used by the daemon's
+   * WS-server to resolve the connecting device → owning user.
+   */
+  getPeerPublicKeyB64() {
+    const v = this.options.peerPublicKeyB64;
+    return v && v.length > 0 ? v : null;
+  }
   onTransitionToOpen(cb) {
     this.onOpenCallbacks.push(cb);
   }
@@ -9949,7 +10058,14 @@ async function ensureAgentLoaded(agentId, deps) {
       if (!config) {
         throw new Error(`Agent ${agentId} references unavailable provider '${record.provider}'`);
       }
-      snapshot = await deps.agentManager.createAgent(config, agentId, { labels: record.labels });
+      snapshot = await deps.agentManager.createAgent(config, agentId, {
+        labels: record.labels,
+        // Preserve multi-tenant ownership across the no-handle rehydrate
+        // path (records that never landed a persistence handle, e.g. very
+        // early agents). Without this, agents would silently drop their
+        // owner whenever they took this branch through `ensureAgentLoaded`.
+        ownerUserId: record.ownerUserId ?? null
+      });
       deps.logger.info({ agentId, provider: record.provider }, "Agent created from stored config");
     }
     await deps.agentManager.hydrateTimelineFromProvider(agentId);
@@ -31261,6 +31377,53 @@ function buildProviderRegistry(logger, options) {
   );
 }
 
+// ../server/src/server/claude-profile.ts
+import { existsSync as existsSync10, mkdirSync as mkdirSync5, symlinkSync, rmSync as rmSync2 } from "node:fs";
+import path13 from "node:path";
+import os5 from "node:os";
+var SHARED_ITEMS = ["settings.json", "hooks", "agents", "skills", "plugins", "keybindings.json"];
+function getClaudeProfileDir(username) {
+  return path13.join(os5.homedir(), `.claude-${username}`);
+}
+function ensureClaudeProfile(username, logger) {
+  const profileDir = getClaudeProfileDir(username);
+  const ownerDir = path13.join(os5.homedir(), ".claude");
+  if (!existsSync10(ownerDir)) {
+    throw new Error(`Owner claude config dir not found: ${ownerDir}`);
+  }
+  if (!existsSync10(profileDir)) {
+    mkdirSync5(profileDir, { recursive: true });
+    logger?.info({ profileDir, username }, "created claude profile directory");
+  }
+  for (const item of SHARED_ITEMS) {
+    const target = path13.join(ownerDir, item);
+    const link = path13.join(profileDir, item);
+    if (!existsSync10(target)) continue;
+    if (existsSync10(link)) continue;
+    symlinkSync(target, link);
+    logger?.info({ item, profileDir }, "symlinked shared config item");
+  }
+  return profileDir;
+}
+function hasClaudeAuth(username) {
+  const profileDir = getClaudeProfileDir(username);
+  return existsSync10(profileDir);
+}
+function removeClaudeProfile(username, logger) {
+  const profileDir = getClaudeProfileDir(username);
+  if (!existsSync10(profileDir)) return;
+  rmSync2(profileDir, { recursive: true, force: true });
+  logger?.info({ profileDir, username }, "removed claude profile directory");
+}
+
+// ../server/src/server/agent/agent-manager.ts
+import { z as z33 } from "zod";
+import { getSessionMessages } from "@anthropic-ai/claude-agent-sdk";
+
+// ../server/src/server/agent/handoff-mcp.ts
+import { createSdkMcpServer, tool } from "@anthropic-ai/claude-agent-sdk";
+import { z as z32 } from "zod";
+
 // ../server/src/server/agent/agent-metadata-generator.ts
 import { basename as basename5 } from "path";
 import { z as z31 } from "zod";
@@ -31738,6 +31901,14 @@ function scheduleAgentMetadataGeneration(options) {
   });
 }
 
+// ../server/src/server/agent/agent-manager.ts
+var AgentIdSchema = z33.string().uuid();
+function canUserAccessAgent(agent, requesterUserId) {
+  if (agent.ownerUserId === null) return true;
+  if (agent.ownerUserId === requesterUserId) return true;
+  return agent.sharedWithUserIds.includes(requesterUserId);
+}
+
 // ../server/src/server/agent/timeline-append.ts
 async function appendTimelineItemIfAgentKnown(options) {
   try {
@@ -32121,25 +32292,25 @@ async function buildProjectPlacementForCwd(input) {
 }
 
 // ../server/src/server/workspace-registry.ts
-import { z as z32 } from "zod";
-var PersistedProjectRecordSchema = z32.object({
-  projectId: z32.string(),
-  rootPath: z32.string(),
-  kind: z32.enum(["git", "non_git"]),
-  displayName: z32.string(),
-  createdAt: z32.string(),
-  updatedAt: z32.string(),
-  archivedAt: z32.string().nullable()
-});
-var PersistedWorkspaceRecordSchema = z32.object({
-  workspaceId: z32.string(),
-  projectId: z32.string(),
-  cwd: z32.string(),
-  kind: z32.enum(["local_checkout", "worktree", "directory"]),
-  displayName: z32.string(),
-  createdAt: z32.string(),
-  updatedAt: z32.string(),
-  archivedAt: z32.string().nullable()
+import { z as z34 } from "zod";
+var PersistedProjectRecordSchema = z34.object({
+  projectId: z34.string(),
+  rootPath: z34.string(),
+  kind: z34.enum(["git", "non_git"]),
+  displayName: z34.string(),
+  createdAt: z34.string(),
+  updatedAt: z34.string(),
+  archivedAt: z34.string().nullable()
+});
+var PersistedWorkspaceRecordSchema = z34.object({
+  workspaceId: z34.string(),
+  projectId: z34.string(),
+  cwd: z34.string(),
+  kind: z34.enum(["local_checkout", "worktree", "directory"]),
+  displayName: z34.string(),
+  createdAt: z34.string(),
+  updatedAt: z34.string(),
+  archivedAt: z34.string().nullable()
 });
 function createPersistedProjectRecord(input) {
   return PersistedProjectRecordSchema.parse({
@@ -32218,7 +32389,7 @@ function isVoicePermissionAllowed(request) {
 
 // ../server/src/server/file-explorer/service.ts
 import { promises as fs8 } from "fs";
-import path13 from "path";
+import path14 from "path";
 
 // ../server/src/server/path-utils.ts
 import { homedir as homedir2 } from "node:os";
@@ -32272,7 +32443,7 @@ async function listDirectoryEntries({
   const dirents = await fs8.readdir(directoryPath, { withFileTypes: true });
   const entriesWithNulls = await Promise.all(
     dirents.map(async (dirent) => {
-      const targetPath = path13.join(directoryPath, dirent.name);
+      const targetPath = path14.join(directoryPath, dirent.name);
       const kind = dirent.isDirectory() ? "directory" : "file";
       try {
         return await buildEntryPayload({
@@ -32311,7 +32482,7 @@ async function readExplorerFile({
   if (!stats.isFile()) {
     throw new Error("Requested path is not a file");
   }
-  const ext = path13.extname(filePath).toLowerCase();
+  const ext = path14.extname(filePath).toLowerCase();
   const basePayload = {
     path: normalizeRelativePath({ root, targetPath: filePath }),
     size: stats.size,
@@ -32349,7 +32520,7 @@ async function writeTextFile({
   relativePath,
   content
 }) {
-  const ext = path13.extname(relativePath).toLowerCase();
+  const ext = path14.extname(relativePath).toLowerCase();
   if (ext in IMAGE_MIME_TYPES) {
     throw new Error(`Refusing to write '${relativePath}': binary/image file`);
   }
@@ -32359,7 +32530,7 @@ async function writeTextFile({
   await fs8.rename(tempPath, filePath);
 }
 async function deleteFile({ root, relativePath }) {
-  const ext = path13.extname(relativePath).toLowerCase();
+  const ext = path14.extname(relativePath).toLowerCase();
   if (ext !== ".md") {
     throw new Error(`Refusing to delete '${relativePath}': only .md files allowed`);
   }
@@ -32393,7 +32564,7 @@ async function getDownloadableFileInfo({ root, relativePath }) {
   if (!stats.isFile()) {
     throw new Error("Requested path is not a file");
   }
-  const ext = path13.extname(filePath).toLowerCase();
+  const ext = path14.extname(filePath).toLowerCase();
   let mimeType = "application/octet-stream";
   if (ext in IMAGE_MIME_TYPES) {
     mimeType = IMAGE_MIME_TYPES[ext] ?? mimeType;
@@ -32415,23 +32586,23 @@ async function getDownloadableFileInfo({ root, relativePath }) {
   return {
     path: normalizeRelativePath({ root, targetPath: filePath }),
     absolutePath: filePath,
-    fileName: path13.basename(filePath),
+    fileName: path14.basename(filePath),
     mimeType,
     size: stats.size
   };
 }
 async function resolveScopedPath({ root, relativePath = "." }) {
-  const normalizedRoot = path13.resolve(root);
+  const normalizedRoot = path14.resolve(root);
   const requestedPath = resolvePathFromBase(normalizedRoot, relativePath);
-  const relative = path13.relative(normalizedRoot, requestedPath);
-  if (relative !== "" && (relative.startsWith("..") || path13.isAbsolute(relative))) {
+  const relative = path14.relative(normalizedRoot, requestedPath);
+  if (relative !== "" && (relative.startsWith("..") || path14.isAbsolute(relative))) {
     throw new Error("Access outside of workspace is not allowed");
   }
   const realRoot = await fs8.realpath(normalizedRoot);
   try {
     const realPath = await fs8.realpath(requestedPath);
-    const realRelative = path13.relative(realRoot, realPath);
-    if (realRelative !== "" && (realRelative.startsWith("..") || path13.isAbsolute(realRelative))) {
+    const realRelative = path14.relative(realRoot, realPath);
+    if (realRelative !== "" && (realRelative.startsWith("..") || path14.isAbsolute(realRelative))) {
       throw new Error("Access outside of workspace is not allowed");
     }
     return requestedPath;
@@ -32462,10 +32633,10 @@ function isMissingEntryError(error) {
   return code === "ENOENT" || code === "ENOTDIR" || code === "ELOOP";
 }
 function normalizeRelativePath({ root, targetPath }) {
-  const normalizedRoot = path13.resolve(root);
-  const normalizedTarget = path13.resolve(targetPath);
-  const relative = path13.relative(normalizedRoot, normalizedTarget);
-  return relative === "" ? "." : relative.split(path13.sep).join("/");
+  const normalizedRoot = path14.resolve(root);
+  const normalizedTarget = path14.resolve(targetPath);
+  const relative = path14.relative(normalizedRoot, normalizedTarget);
+  return relative === "" ? "." : relative.split(path14.sep).join("/");
 }
 function textMimeTypeForExtension(ext) {
   return TEXT_MIME_TYPES[ext] ?? DEFAULT_TEXT_MIME_TYPE;
@@ -32818,65 +32989,65 @@ async function getProjectIcon(projectDir) {
 }
 
 // ../server/src/utils/path.ts
-import os5 from "os";
+import os6 from "os";
 function expandTilde(path29) {
   if (path29.startsWith("~/")) {
-    const homeDir3 = process.env.HOME || os5.homedir();
+    const homeDir3 = process.env.HOME || os6.homedir();
     return path29.replace("~", homeDir3);
   }
   if (path29 === "~") {
-    return process.env.HOME || os5.homedir();
+    return process.env.HOME || os6.homedir();
   }
   return path29;
 }
 
 // ../server/src/server/skills/scanner.ts
 import fs9 from "node:fs/promises";
-import os6 from "node:os";
-import path14 from "node:path";
+import os7 from "node:os";
+import path15 from "node:path";
 var NAME_REGEX = /^[a-z0-9][a-z0-9._-]*$/i;
 function homeDir() {
-  return process.env.HOME || os6.homedir();
+  return process.env.HOME || os7.homedir();
 }
 function codexHomeDir() {
-  return process.env.CODEX_HOME || path14.join(homeDir(), ".codex");
+  return process.env.CODEX_HOME || path15.join(homeDir(), ".codex");
 }
 function resolveScopeDir(provider, scope, workspaceRoot) {
   if (scope === "codex-prompts") {
     if (provider !== "codex") {
       throw new Error(`Scope "codex-prompts" is only valid for provider "codex"`);
     }
-    return path14.join(codexHomeDir(), "prompts");
+    return path15.join(codexHomeDir(), "prompts");
   }
   if (scope === "project") {
     if (!workspaceRoot) {
       throw new Error(`workspaceRoot is required for scope "project"`);
     }
     const dotDir = provider === "claude" ? ".claude" : ".codex";
-    return path14.join(workspaceRoot, dotDir, "skills");
+    return path15.join(workspaceRoot, dotDir, "skills");
   }
   if (provider === "claude") {
-    return path14.join(homeDir(), ".claude", "skills");
+    return path15.join(homeDir(), ".claude", "skills");
   }
-  return path14.join(codexHomeDir(), "skills");
+  return path15.join(codexHomeDir(), "skills");
 }
 function allowedRoots(workspaceRoot) {
   const roots = [
-    path14.join(homeDir(), ".claude", "skills"),
-    path14.join(codexHomeDir(), "skills"),
-    path14.join(codexHomeDir(), "prompts")
+    path15.join(homeDir(), ".claude", "skills"),
+    path15.join(codexHomeDir(), "skills"),
+    path15.join(codexHomeDir(), "prompts")
   ];
   if (workspaceRoot) {
-    roots.push(path14.join(workspaceRoot, ".claude", "skills"));
-    roots.push(path14.join(workspaceRoot, ".codex", "skills"));
+    roots.push(path15.join(workspaceRoot, ".claude", "skills"));
+    roots.push(path15.join(workspaceRoot, ".codex", "skills"));
   }
-  return roots.map((r) => path14.resolve(r));
+  return roots.map((r) => path15.resolve(r));
 }
 function isInsideAllowedRoot(absPath, workspaceRoot) {
-  const resolved = path14.resolve(absPath);
+  const resolved = path15.resolve(absPath);
   for (const root of allowedRoots(workspaceRoot)) {
-    const rel = path14.relative(root, resolved);
-    if (rel === "" || !rel.startsWith("..") && !path14.isAbsolute(rel)) {
+    const rel = path15.relative(root, resolved);
+    if (rel === "" || !rel.startsWith("..") && !path15.isAbsolute(rel)) {
       return true;
     }
   }
@@ -33007,7 +33178,7 @@ async function listSkills(args) {
       if (!entry.name.endsWith(".md")) continue;
       const name = entry.name.slice(0, -".md".length);
       if (!name) continue;
-      const fullPath = path14.join(dir, entry.name);
+      const fullPath = path15.join(dir, entry.name);
       const stat5 = await safeStat(fullPath);
       if (!stat5) continue;
       const description = await readDescriptionSafely(fullPath);
@@ -33025,8 +33196,8 @@ async function listSkills(args) {
   } else {
     for (const entry of entries) {
       if (!entry.isDirectory() && !entry.isSymbolicLink()) continue;
-      const skillDir = path14.join(dir, entry.name);
-      const skillPath = path14.join(skillDir, "SKILL.md");
+      const skillDir = path15.join(dir, entry.name);
+      const skillPath = path15.join(skillDir, "SKILL.md");
       const stat5 = await safeStat(skillPath);
       if (!stat5) continue;
       const description = await readDescriptionSafely(skillPath);
@@ -33073,7 +33244,7 @@ async function createSkill(args) {
   const dir = resolveScopeDir(args.provider, args.scope, args.workspaceRoot);
   await fs9.mkdir(dir, { recursive: true });
   if (args.scope === "codex-prompts") {
-    const filePath2 = path14.join(dir, `${args.name}.md`);
+    const filePath2 = path15.join(dir, `${args.name}.md`);
     try {
       await fs9.access(filePath2);
       throw new Error(`A prompt named "${args.name}" already exists at ${filePath2}`);
@@ -33089,7 +33260,7 @@ async function createSkill(args) {
     await fs9.writeFile(filePath2, initial2, "utf8");
     return { path: filePath2 };
   }
-  const skillDir = path14.join(dir, args.name);
+  const skillDir = path15.join(dir, args.name);
   let dirExists = false;
   try {
     const stat5 = await fs9.stat(skillDir);
@@ -33101,7 +33272,7 @@ async function createSkill(args) {
     throw new Error(`A skill named "${args.name}" already exists at ${skillDir}`);
   }
   await fs9.mkdir(skillDir, { recursive: true });
-  const filePath = path14.join(skillDir, "SKILL.md");
+  const filePath = path15.join(skillDir, "SKILL.md");
   const initial = buildStarterSkill(args.name);
   await fs9.writeFile(filePath, initial, "utf8");
   return { path: filePath };
@@ -33130,7 +33301,7 @@ Body of the prompt. Use \`$1\`, \`$2\`, ... or \`$ARGUMENTS\` for parameter expa
 `;
 }
 async function writeSkillFrontmatter(args, workspaceRoot) {
-  if (!path14.isAbsolute(args.path)) {
+  if (!path15.isAbsolute(args.path)) {
     throw new Error(`writeSkillFrontmatter expects an absolute path; got "${args.path}"`);
   }
   if (!isInsideAllowedRoot(args.path, workspaceRoot)) {
@@ -33156,7 +33327,7 @@ ${original}`;
 
 // ../server/src/utils/directory-suggestions.ts
 import { readdir as readdir2, realpath, stat as stat3 } from "node:fs/promises";
-import path15 from "node:path";
+import path16 from "node:path";
 var DEFAULT_LIMIT = 30;
 var MAX_LIMIT = 100;
 var DEFAULT_MAX_DEPTH = 6;
@@ -33242,7 +33413,7 @@ function normalizeLimit(limit) {
   return Math.max(1, Math.min(MAX_LIMIT, bounded));
 }
 async function searchWithinParentDirectory(input) {
-  const parentPath = path15.resolve(input.homeRoot, input.parentPart || ".");
+  const parentPath = path16.resolve(input.homeRoot, input.parentPart || ".");
   const parentRoot = await resolveDirectory(parentPath);
   if (!parentRoot || !isPathInsideRoot(input.homeRoot, parentRoot)) {
     return [];
@@ -33307,7 +33478,7 @@ async function searchAcrossHomeTree(input) {
   return dedupeAndSort(ranked).slice(0, input.limit);
 }
 async function searchWorkspaceWithinParentDirectory(input) {
-  const parentPath = path15.resolve(input.workspaceRoot, input.parentPart || ".");
+  const parentPath = path16.resolve(input.workspaceRoot, input.parentPart || ".");
   const parentRoot = await resolveDirectory(parentPath);
   if (!parentRoot || !isPathInsideRoot(input.workspaceRoot, parentRoot)) {
     return [];
@@ -33553,15 +33724,15 @@ function findSegmentMatchIndex(segments, predicate) {
   return -1;
 }
 function normalizeRelativePath2(homeRoot, absolutePath) {
-  const relative = path15.relative(homeRoot, absolutePath);
+  const relative = path16.relative(homeRoot, absolutePath);
   if (!relative) {
     return ".";
   }
-  return relative.split(path15.sep).join("/");
+  return relative.split(path16.sep).join("/");
 }
 function isPathInsideRoot(root, target) {
-  const relative = path15.relative(root, target);
-  return relative === "" || !relative.startsWith("..") && !path15.isAbsolute(relative);
+  const relative = path16.relative(root, target);
+  return relative === "" || !relative.startsWith("..") && !path16.isAbsolute(relative);
 }
 function normalizeQueryParts(query2, homeRoot) {
   const typedQuery = query2.trim().replace(/\\/g, "/");
@@ -33577,9 +33748,9 @@ function normalizeQueryParts(query2, homeRoot) {
       normalized = normalized.slice(1);
     }
   }
-  if (path15.isAbsolute(normalized)) {
+  if (path16.isAbsolute(normalized)) {
     isRooted = true;
-    const absolute = path15.resolve(normalized);
+    const absolute = path16.resolve(normalized);
     if (!isPathInsideRoot(homeRoot, absolute)) {
       return null;
     }
@@ -33618,8 +33789,8 @@ function normalizeQueryParts(query2, homeRoot) {
 }
 function normalizeWorkspaceQueryParts(query2, workspaceRoot) {
   let normalized = query2.trim().replace(/\\/g, "/");
-  if (path15.isAbsolute(normalized)) {
-    const absolute = path15.resolve(normalized);
+  if (path16.isAbsolute(normalized)) {
+    const absolute = path16.resolve(normalized);
     if (!isPathInsideRoot(workspaceRoot, absolute)) {
       return null;
     }
@@ -33645,7 +33816,7 @@ function normalizeWorkspaceQueryParts(query2, workspaceRoot) {
 }
 async function resolveDirectory(inputPath) {
   try {
-    const resolved = await realpath(path15.resolve(inputPath));
+    const resolved = await realpath(path16.resolve(inputPath));
     const stats = await stat3(resolved);
     if (!stats.isDirectory()) {
       return null;
@@ -33672,7 +33843,7 @@ async function listChildDirectories(input) {
     if (!dirent.isDirectory() && !dirent.isSymbolicLink()) {
       continue;
     }
-    const candidatePath = path15.join(input.directory, dirent.name);
+    const candidatePath = path16.join(input.directory, dirent.name);
     const absolutePath = await resolveDirectoryCandidate({
       candidatePath,
       dirent,
@@ -33709,7 +33880,7 @@ async function listWorkspaceChildEntries(input) {
     if (isIgnoredWorkspaceDirectoryName(dirent.name)) {
       continue;
     }
-    const candidatePath = path15.join(input.directory, dirent.name);
+    const candidatePath = path16.join(input.directory, dirent.name);
     const entry = await resolveWorkspaceCandidate({
       candidatePath,
       dirent,
@@ -33732,7 +33903,7 @@ async function listWorkspaceChildEntries(input) {
 }
 async function resolveDirectoryCandidate(input) {
   if (input.dirent.isDirectory()) {
-    const resolved2 = path15.resolve(input.candidatePath);
+    const resolved2 = path16.resolve(input.candidatePath);
     return isPathInsideRoot(input.homeRoot, resolved2) ? resolved2 : null;
   }
   const resolved = await resolveDirectory(input.candidatePath);
@@ -33743,14 +33914,14 @@ async function resolveDirectoryCandidate(input) {
 }
 async function resolveWorkspaceCandidate(input) {
   if (input.dirent.isDirectory()) {
-    const resolved = path15.resolve(input.candidatePath);
+    const resolved = path16.resolve(input.candidatePath);
     if (!isPathInsideRoot(input.workspaceRoot, resolved)) {
       return null;
     }
     return { absolutePath: resolved, kind: "directory" };
   }
   if (input.dirent.isFile()) {
-    const resolved = path15.resolve(input.candidatePath);
+    const resolved = path16.resolve(input.candidatePath);
     if (!isPathInsideRoot(input.workspaceRoot, resolved)) {
       return null;
     }
@@ -33830,7 +34001,7 @@ function pruneWorkspaceEntryListCache() {
 // ../server/src/utils/directory-listing.ts
 import { readdir as readdir3, stat as stat4, realpath as realpath2 } from "node:fs/promises";
 import { homedir as homedir3 } from "node:os";
-import path16 from "node:path";
+import path17 from "node:path";
 var DEFAULT_LIMIT2 = 500;
 async function listDirectoryContents(options) {
   const includeFiles = options.includeFiles ?? false;
@@ -33841,7 +34012,7 @@ async function listDirectoryContents(options) {
   const collected = [];
   for (const dirent of dirents) {
     if (!includeHidden && dirent.name.startsWith(".")) continue;
-    const childPath = path16.join(resolvedPath, dirent.name);
+    const childPath = path17.join(resolvedPath, dirent.name);
     const kind = await classifyEntry(dirent, childPath);
     if (!kind) continue;
     if (kind === "file" && !includeFiles) continue;
@@ -33849,7 +34020,7 @@ async function listDirectoryContents(options) {
     if (collected.length >= limit) break;
   }
   collected.sort(compareEntries);
-  const parent = path16.dirname(resolvedPath);
+  const parent = path17.dirname(resolvedPath);
   return {
     path: resolvedPath,
     parent: parent === resolvedPath ? null : parent,
@@ -33860,12 +34031,12 @@ async function resolveAbsolutePath(rawPath) {
   const home = process.env.HOME ?? homedir3();
   const trimmed = rawPath.trim();
   if (trimmed === "" || trimmed === "~") {
-    return path16.resolve(home);
+    return path17.resolve(home);
   }
   if (trimmed.startsWith("~/")) {
-    return path16.resolve(home, trimmed.slice(2));
+    return path17.resolve(home, trimmed.slice(2));
   }
-  if (!path16.isAbsolute(trimmed)) {
+  if (!path17.isAbsolute(trimmed)) {
     throw new Error(
       `list_directory requires an absolute path, an empty string, or a "~"-prefixed path; got ${JSON.stringify(rawPath)}`
     );
@@ -33873,7 +34044,7 @@ async function resolveAbsolutePath(rawPath) {
   try {
     return await realpath2(trimmed);
   } catch {
-    return path16.resolve(trimmed);
+    return path17.resolve(trimmed);
   }
 }
 async function classifyEntry(dirent, fullPath) {
@@ -33913,10 +34084,10 @@ function resolveClientMessageId(clientMessageId, generateId = uuidv45) {
 }
 
 // ../server/src/server/chat/chat-service.ts
-import { z as z33 } from "zod";
-var ChatStorePayloadSchema = z33.object({
-  rooms: z33.array(ChatRoomSchema),
-  messages: z33.array(ChatMessageSchema)
+import { z as z35 } from "zod";
+var ChatStorePayloadSchema = z35.object({
+  rooms: z35.array(ChatRoomSchema),
+  messages: z35.array(ChatMessageSchema)
 });
 var ChatServiceError = class extends Error {
   constructor(code, message) {
@@ -34007,33 +34178,33 @@ function buildChatMentionNotification(input) {
 
 // ../server/src/server/roles/scanner.ts
 import fs10 from "node:fs/promises";
-import os7 from "node:os";
-import path17 from "node:path";
+import os8 from "node:os";
+import path18 from "node:path";
 var NAME_REGEX2 = /^[a-z0-9][a-z0-9._-]*$/i;
 function homeDir2() {
-  return process.env.HOME || os7.homedir();
+  return process.env.HOME || os8.homedir();
 }
 function resolveScopeDir2(scope, workspaceRoot) {
   if (scope === "project") {
     if (!workspaceRoot) {
       throw new Error('workspaceRoot is required for scope "project"');
     }
-    return path17.join(workspaceRoot, ".roles");
+    return path18.join(workspaceRoot, ".roles");
   }
-  return path17.join(homeDir2(), ".appostle", ".roles");
+  return path18.join(homeDir2(), ".appostle", ".roles");
 }
 function allowedRoots2(workspaceRoot) {
-  const roots = [path17.join(homeDir2(), ".appostle", ".roles")];
+  const roots = [path18.join(homeDir2(), ".appostle", ".roles")];
   if (workspaceRoot) {
-    roots.push(path17.join(workspaceRoot, ".roles"));
+    roots.push(path18.join(workspaceRoot, ".roles"));
   }
-  return roots.map((r) => path17.resolve(r));
+  return roots.map((r) => path18.resolve(r));
 }
 function isInsideAllowedRoot2(absPath, workspaceRoot) {
-  const resolved = path17.resolve(absPath);
+  const resolved = path18.resolve(absPath);
   for (const root of allowedRoots2(workspaceRoot)) {
-    const rel = path17.relative(root, resolved);
-    if (rel === "" || !rel.startsWith("..") && !path17.isAbsolute(rel)) {
+    const rel = path18.relative(root, resolved);
+    if (rel === "" || !rel.startsWith("..") && !path18.isAbsolute(rel)) {
       return true;
     }
   }
@@ -34231,7 +34402,7 @@ async function readRolesFromDir(scope, dir, category) {
     if (!entry.name.endsWith(".md")) continue;
     const name = entry.name.slice(0, -".md".length);
     if (!name || !NAME_REGEX2.test(name)) continue;
-    const fullPath = path17.join(dir, entry.name);
+    const fullPath = path18.join(dir, entry.name);
     let stat5;
     try {
       const s = await fs10.stat(fullPath);
@@ -34281,7 +34452,7 @@ async function readRolesFromScopeDir(scope, scopeDir) {
   }
   const flat = await readRolesFromDir(scope, scopeDir, null);
   const categoryResults = await Promise.all(
-    topEntries.filter((e) => e.isDirectory() && NAME_REGEX2.test(e.name)).map((e) => readRolesFromDir(scope, path17.join(scopeDir, e.name), e.name))
+    topEntries.filter((e) => e.isDirectory() && NAME_REGEX2.test(e.name)).map((e) => readRolesFromDir(scope, path18.join(scopeDir, e.name), e.name))
   );
   const all = [...flat, ...categoryResults.flat()];
   all.sort((a, b) => {
@@ -34321,9 +34492,9 @@ async function createRole(args) {
     throw new Error(`Role name must not contain path separators or "..".`);
   }
   const scopeDir = resolveScopeDir2(args.scope, args.workspaceRoot);
-  const dir = args.category ? path17.join(scopeDir, args.category) : scopeDir;
+  const dir = args.category ? path18.join(scopeDir, args.category) : scopeDir;
   await fs10.mkdir(dir, { recursive: true });
-  const filePath = path17.join(dir, `${args.name}.md`);
+  const filePath = path18.join(dir, `${args.name}.md`);
   try {
     await fs10.access(filePath);
     throw new Error(`A role named "${args.name}" already exists at ${filePath}`);
@@ -34357,7 +34528,7 @@ the role is invoked.
 `;
 }
 async function writeRoleFrontmatter(args, workspaceRoot) {
-  if (!path17.isAbsolute(args.path)) {
+  if (!path18.isAbsolute(args.path)) {
     throw new Error(`writeRoleFrontmatter expects an absolute path; got "${args.path}"`);
   }
   if (!isInsideAllowedRoot2(args.path, workspaceRoot)) {
@@ -34381,20 +34552,20 @@ ${original}`;
   await fs10.writeFile(args.path, nextContent, "utf8");
 }
 async function moveRole(args, workspaceRoot) {
-  if (!path17.isAbsolute(args.path)) {
+  if (!path18.isAbsolute(args.path)) {
     throw new Error(`moveRole expects an absolute path; got "${args.path}"`);
   }
   if (!isInsideAllowedRoot2(args.path, workspaceRoot)) {
     throw new Error(`Path "${args.path}" is not inside an allowlisted role root`);
   }
-  const oldDir = path17.dirname(args.path);
-  const oldFilename = path17.basename(args.path, ".md");
+  const oldDir = path18.dirname(args.path);
+  const oldFilename = path18.basename(args.path, ".md");
   const roots = allowedRoots2(workspaceRoot);
-  const rolesRoot = roots.find((r) => path17.resolve(args.path).startsWith(r));
+  const rolesRoot = roots.find((r) => path18.resolve(args.path).startsWith(r));
   if (!rolesRoot) {
     throw new Error(`Cannot determine roles root for "${args.path}"`);
   }
-  const relFromRoot = path17.relative(rolesRoot, path17.dirname(args.path));
+  const relFromRoot = path18.relative(rolesRoot, path18.dirname(args.path));
   const currentCategory = relFromRoot && relFromRoot !== "." ? relFromRoot : "";
   const newName = args.newName ?? oldFilename;
   const newCategory = args.newCategory !== void 0 ? args.newCategory : currentCategory;
@@ -34404,9 +34575,9 @@ async function moveRole(args, workspaceRoot) {
   if (newCategory && !NAME_REGEX2.test(newCategory)) {
     throw new Error(`Invalid category name: "${newCategory}"`);
   }
-  const newDir = newCategory ? path17.join(rolesRoot, newCategory) : rolesRoot;
-  const newPath = path17.join(newDir, `${newName}.md`);
-  if (path17.resolve(newPath) === path17.resolve(args.path)) {
+  const newDir = newCategory ? path18.join(rolesRoot, newCategory) : rolesRoot;
+  const newPath = path18.join(newDir, `${newName}.md`);
+  if (path18.resolve(newPath) === path18.resolve(args.path)) {
     return { path: args.path };
   }
   await fs10.mkdir(newDir, { recursive: true });
@@ -34444,17 +34615,17 @@ async function moveRole(args, workspaceRoot) {
 
 // ../server/src/server/brands/scanner.ts
 import fs11 from "node:fs/promises";
-import path18 from "node:path";
+import path19 from "node:path";
 var CATEGORY_REGEX = /^[a-z0-9][a-z0-9_-]*$/i;
 function resolveAssetsDir(workspaceRoot, category) {
-  const base = path18.join(workspaceRoot, ".appostle", "brand", "assets");
+  const base = path19.join(workspaceRoot, ".appostle", "brand", "assets");
   if (!category) return base;
   if (!CATEGORY_REGEX.test(category) || category.includes("..")) {
     throw new Error(
       `Invalid asset category "${category}". Use letters, digits, dot, underscore, dash.`
     );
   }
-  return path18.join(base, category);
+  return path19.join(base, category);
 }
 function relativePathFor(category, fileName) {
   return category ? `assets/${category}/${fileName}` : `assets/${fileName}`;
@@ -34470,9 +34641,9 @@ async function removeSiblingExtensions(dir, targetName, keepFileName) {
     if (entry === keepFileName) continue;
     if (!entry.startsWith(`${targetName}.`)) continue;
     try {
-      const stat5 = await fs11.stat(path18.join(dir, entry));
+      const stat5 = await fs11.stat(path19.join(dir, entry));
       if (!stat5.isFile()) continue;
-      await fs11.unlink(path18.join(dir, entry));
+      await fs11.unlink(path19.join(dir, entry));
     } catch {
     }
   }
@@ -34483,7 +34654,7 @@ function convertSvgToMono(svg, color) {
 async function runDerivations(options) {
   const { primaryAbsolutePath, assetsDir, category, derive } = options;
   if (derive.length === 0) return [];
-  const ext = path18.extname(primaryAbsolutePath).toLowerCase();
+  const ext = path19.extname(primaryAbsolutePath).toLowerCase();
   const isSvg = ext === ".svg";
   const results = [];
   for (const spec of derive) {
@@ -34518,9 +34689,9 @@ async function runDerivations(options) {
       const sourceText = await fs11.readFile(primaryAbsolutePath, "utf8");
       const monoText = convertSvgToMono(sourceText, spec.color);
       const fileName = `${spec.targetName}${ext}`;
-      const destAbs = path18.resolve(assetsDir, fileName);
-      const rel = path18.relative(path18.resolve(assetsDir), destAbs);
-      if (rel.startsWith("..") || path18.isAbsolute(rel)) {
+      const destAbs = path19.resolve(assetsDir, fileName);
+      const rel = path19.relative(path19.resolve(assetsDir), destAbs);
+      if (rel.startsWith("..") || path19.isAbsolute(rel)) {
         results.push({
           targetName: spec.targetName,
           relativePath: "",
@@ -34554,22 +34725,22 @@ function resolveScopeDir3(scope, workspaceRoot) {
     if (!workspaceRoot) {
       throw new Error('workspaceRoot is required for scope "project"');
     }
-    return path18.join(workspaceRoot, ".appostle", "brand");
+    return path19.join(workspaceRoot, ".appostle", "brand");
   }
   throw new Error(`Unknown scope: ${scope}`);
 }
 function allowedRoots3(workspaceRoot) {
   const roots = [];
   if (workspaceRoot) {
-    roots.push(path18.join(workspaceRoot, ".appostle", "brand"));
+    roots.push(path19.join(workspaceRoot, ".appostle", "brand"));
   }
-  return roots.map((r) => path18.resolve(r));
+  return roots.map((r) => path19.resolve(r));
 }
 function isInsideAllowedRoot3(absPath, workspaceRoot) {
-  const resolved = path18.resolve(absPath);
+  const resolved = path19.resolve(absPath);
   for (const root of allowedRoots3(workspaceRoot)) {
-    const rel = path18.relative(root, resolved);
-    if (rel === "" || !rel.startsWith("..") && !path18.isAbsolute(rel)) {
+    const rel = path19.relative(root, resolved);
+    if (rel === "" || !rel.startsWith("..") && !path19.isAbsolute(rel)) {
       return true;
     }
   }
@@ -34783,7 +34954,7 @@ async function readBrandsFromDir(scope, dir) {
     if (!entry.name.endsWith(".md")) continue;
     const name = entry.name.slice(0, -".md".length);
     if (!name || !NAME_REGEX3.test(name)) continue;
-    const fullPath = path18.join(dir, entry.name);
+    const fullPath = path19.join(dir, entry.name);
     let stat5;
     try {
       const s = await fs11.stat(fullPath);
@@ -34827,7 +34998,7 @@ async function createBrand(args) {
   }
   const dir = resolveScopeDir3("project", args.workspaceRoot);
   await fs11.mkdir(dir, { recursive: true });
-  const filePath = path18.join(dir, `${args.name}.md`);
+  const filePath = path19.join(dir, `${args.name}.md`);
   try {
     await fs11.access(filePath);
     throw new Error(`A brand named "${args.name}" already exists at ${filePath}`);
@@ -34883,7 +35054,7 @@ async function copyBrandAsset(args) {
   if (!args.workspaceRoot) {
     throw new Error("workspaceRoot is required to copy a brand asset");
   }
-  if (!args.sourcePath || !path18.isAbsolute(args.sourcePath)) {
+  if (!args.sourcePath || !path19.isAbsolute(args.sourcePath)) {
     throw new Error(`copyBrandAsset expects an absolute sourcePath; got "${args.sourcePath}"`);
   }
   if (!TARGET_NAME_REGEX.test(args.targetName) || args.targetName.includes("..")) {
@@ -34895,12 +35066,12 @@ async function copyBrandAsset(args) {
   if (!stats.isFile()) {
     throw new Error(`Source path is not a regular file: ${args.sourcePath}`);
   }
-  const ext = path18.extname(args.sourcePath).toLowerCase();
+  const ext = path19.extname(args.sourcePath).toLowerCase();
   const fileName = `${args.targetName}${ext}`;
   const assetsDir = resolveAssetsDir(args.workspaceRoot, args.category);
-  const destAbs = path18.resolve(assetsDir, fileName);
-  const rel = path18.relative(path18.resolve(assetsDir), destAbs);
-  if (rel.startsWith("..") || path18.isAbsolute(rel)) {
+  const destAbs = path19.resolve(assetsDir, fileName);
+  const rel = path19.relative(path19.resolve(assetsDir), destAbs);
+  if (rel.startsWith("..") || path19.isAbsolute(rel)) {
     throw new Error(`Refusing to write outside of .appostle/brand/assets: ${destAbs}`);
   }
   await fs11.mkdir(assetsDir, { recursive: true });
@@ -34930,13 +35101,13 @@ async function uploadBrandAsset(args) {
   if (!args.dataBase64 || args.dataBase64.trim().length === 0) {
     throw new Error("No file data provided for brand asset upload");
   }
-  const extFromSource = args.sourceName ? path18.extname(args.sourceName).toLowerCase() : "";
+  const extFromSource = args.sourceName ? path19.extname(args.sourceName).toLowerCase() : "";
   const ext = extFromSource || ".png";
   const fileName = `${args.targetName}${ext}`;
   const assetsDir = resolveAssetsDir(args.workspaceRoot, args.category);
-  const destAbs = path18.resolve(assetsDir, fileName);
-  const rel = path18.relative(path18.resolve(assetsDir), destAbs);
-  if (rel.startsWith("..") || path18.isAbsolute(rel)) {
+  const destAbs = path19.resolve(assetsDir, fileName);
+  const rel = path19.relative(path19.resolve(assetsDir), destAbs);
+  if (rel.startsWith("..") || path19.isAbsolute(rel)) {
     throw new Error(`Refusing to write outside of .appostle/brand/assets: ${destAbs}`);
   }
   let data;
@@ -34964,7 +35135,7 @@ async function uploadBrandAsset(args) {
   };
 }
 async function writeBrandFrontmatter(args, workspaceRoot) {
-  if (!path18.isAbsolute(args.path)) {
+  if (!path19.isAbsolute(args.path)) {
     throw new Error(`writeBrandFrontmatter expects an absolute path; got "${args.path}"`);
   }
   if (!isInsideAllowedRoot3(args.path, workspaceRoot)) {
@@ -34989,10 +35160,10 @@ ${original}`;
 }
 
 // ../server/src/server/brand/token-generator.ts
-import { z as z34 } from "zod";
+import { z as z36 } from "zod";
 var HEX6 = /^#[0-9a-f]{6}$/i;
-var TokensResponseSchema = z34.object({
-  tokens: z34.record(z34.string(), z34.string())
+var TokensResponseSchema = z36.object({
+  tokens: z36.record(z36.string(), z36.string())
 });
 function buildPrompt2(args) {
   const baseColours = args.paletteVars.filter((v) => v.type === "color");
@@ -35210,21 +35381,21 @@ async function generateAndApplyBrandTokens(options) {
 
 // ../server/src/server/brand/art-direction-generator.ts
 import { promises as fs12 } from "node:fs";
-import path19 from "node:path";
+import path20 from "node:path";
 import { fileURLToPath as fileURLToPath2 } from "node:url";
-import { z as z35 } from "zod";
+import { z as z37 } from "zod";
 var PROMPT_FILENAME = "art-direction-prompt.md";
 var MAX_LOOKUP_LEVELS = 10;
 async function findPromptFile() {
-  let dir = path19.dirname(fileURLToPath2(import.meta.url));
+  let dir = path20.dirname(fileURLToPath2(import.meta.url));
   for (let i = 0; i < MAX_LOOKUP_LEVELS; i++) {
-    const candidate = path19.join(dir, PROMPT_FILENAME);
+    const candidate = path20.join(dir, PROMPT_FILENAME);
     try {
       await fs12.access(candidate);
       return candidate;
     } catch {
     }
-    const parent = path19.dirname(dir);
+    const parent = path20.dirname(dir);
     if (parent === dir) break;
     dir = parent;
   }
@@ -35257,8 +35428,8 @@ var EMBEDDED_PROMPT_FALLBACK = [
   "",
   'Return ONLY JSON: { "fields": { "art-direction.intent": "...", ... } }'
 ].join("\n");
-var ArtDirectionResponseSchema = z35.object({
-  fields: z35.record(z35.string(), z35.string())
+var ArtDirectionResponseSchema = z37.object({
+  fields: z37.record(z37.string(), z37.string())
 });
 var KNOWN_KEYS = /* @__PURE__ */ new Set([
   "art-direction.intent",
@@ -35413,45 +35584,6 @@ async function generateAndApplyArtDirection(options) {
   return { generatedCount: acceptedUpdates.size };
 }
 
-// ../server/src/server/claude-profile.ts
-import { existsSync as existsSync10, mkdirSync as mkdirSync5, symlinkSync, rmSync as rmSync2 } from "node:fs";
-import path20 from "node:path";
-import os8 from "node:os";
-var SHARED_ITEMS = ["settings.json", "hooks", "agents", "skills", "plugins", "keybindings.json"];
-function getClaudeProfileDir(username) {
-  return path20.join(os8.homedir(), `.claude-${username}`);
-}
-function ensureClaudeProfile(username, logger) {
-  const profileDir = getClaudeProfileDir(username);
-  const ownerDir = path20.join(os8.homedir(), ".claude");
-  if (!existsSync10(ownerDir)) {
-    throw new Error(`Owner claude config dir not found: ${ownerDir}`);
-  }
-  if (!existsSync10(profileDir)) {
-    mkdirSync5(profileDir, { recursive: true });
-    logger?.info({ profileDir, username }, "created claude profile directory");
-  }
-  for (const item of SHARED_ITEMS) {
-    const target = path20.join(ownerDir, item);
-    const link = path20.join(profileDir, item);
-    if (!existsSync10(target)) continue;
-    if (existsSync10(link)) continue;
-    symlinkSync(target, link);
-    logger?.info({ item, profileDir }, "symlinked shared config item");
-  }
-  return profileDir;
-}
-function hasClaudeAuth(username) {
-  const profileDir = getClaudeProfileDir(username);
-  return existsSync10(profileDir);
-}
-function removeClaudeProfile(username, logger) {
-  const profileDir = getClaudeProfileDir(username);
-  if (!existsSync10(profileDir)) return;
-  rmSync2(profileDir, { recursive: true, force: true });
-  logger?.info({ profileDir, username }, "removed claude profile directory");
-}
-
 // ../server/src/services/oauth-service.ts
 import { createHash as createHash4, randomBytes as randomBytes2 } from "node:crypto";
 import { mkdir as mkdir4, readFile as readFile3, rename, unlink, writeFile as writeFile4 } from "node:fs/promises";
@@ -36843,7 +36975,7 @@ var MIN_STREAMING_SEGMENT_DURATION_MS = 1e3;
 var MIN_STREAMING_SEGMENT_BYTES = Math.round(
   PCM_BYTES_PER_MS * MIN_STREAMING_SEGMENT_DURATION_MS
 );
-var AgentIdSchema = z36.string().uuid();
+var AgentIdSchema2 = z38.string().uuid();
 var VOICE_INTERRUPT_CONFIRMATION_MS = 500;
 var VoiceFeatureUnavailableError = class extends Error {
   constructor(context) {
@@ -36949,6 +37081,8 @@ var Session = class _Session {
     const {
       clientId,
       appVersion,
+      peerPublicKeyB64,
+      ownerUserId,
       onMessage,
       onBinaryMessage,
       onLifecycleIntent,
@@ -37011,6 +37145,8 @@ var Session = class _Session {
     });
     this.agentManager = agentManager;
     this.agentStorage = agentStorage;
+    this.peerPublicKeyB64 = peerPublicKeyB64 ?? null;
+    this.ownerUserId = ownerUserId ?? null;
     this.uploadStore = new SessionUploadStore({ logger: this.sessionLogger });
     this.imageStore = new SessionImageStore({ logger: this.sessionLogger });
     this.projectRegistry = projectRegistry;
@@ -37085,7 +37221,43 @@ var Session = class _Session {
     });
     void this.initializeAgentMcp();
     this.subscribeToAgentEvents();
-    this.sessionLogger.trace("Session created");
+    this.sessionLogger.trace(
+      {
+        hasPeerPubkey: this.peerPublicKeyB64 !== null,
+        // Log a fingerprint, not the full key, so the audit log stays useful
+        // without bloating every entry with 44-char base64. First 8 chars is
+        // unique enough for human cross-reference.
+        peerPubkeyPrefix: this.peerPublicKeyB64 ? this.peerPublicKeyB64.slice(0, 8) : null,
+        ownerUserId: this.ownerUserId
+      },
+      "Session created"
+    );
+  }
+  /**
+   * Peer device's e2ee pubkey (base64). Surfaced so the upcoming user-scope
+   * lookup can resolve it via the auth-server allow-list. Null when unknown
+   * (local TCP, legacy paths).
+   */
+  getPeerPublicKeyB64() {
+    return this.peerPublicKeyB64;
+  }
+  /**
+   * Auth-server user-id that owns the connecting device. Null when the
+   * daemon has no auth-server linkage, when the peer pubkey is unknown
+   * (local TCP), or when the resolver returned no match (allow-list entry
+   * for this pubkey hasn't been seen yet). Callers use this for per-user
+   * agent filtering; null means "show everything" (single-tenant fallback).
+   */
+  getOwnerUserId() {
+    return this.ownerUserId;
+  }
+  /**
+   * Whether this session is bound to a specific account. Equivalent to
+   * `getOwnerUserId() !== null` but reads cleaner at call sites that gate
+   * on "should we apply per-user filtering at all?".
+   */
+  hasOwnerUserId() {
+    return this.ownerUserId !== null;
   }
   updateAppVersion(appVersion) {
     if (appVersion && appVersion !== this.appVersion) {
@@ -37330,6 +37502,9 @@ var Session = class _Session {
             );
           });
         }
+        if (this.ownerUserId !== null && !this.agentManager.canUserAccessAgentById(event.agentId, this.ownerUserId)) {
+          return;
+        }
         const activity = this.clientActivity;
         if (activity?.deviceType === "mobile") {
           if (!activity.focusedAgentId) {
@@ -37557,6 +37732,9 @@ var Session = class _Session {
   }
   async forwardAgentUpdate(agent) {
     try {
+      if (this.ownerUserId !== null && !this.agentManager.canUserAccessAgentById(agent.id, this.ownerUserId)) {
+        return;
+      }
       const subscription = this.agentUpdatesSubscription;
       const payload = await this.buildAgentPayload(agent);
       if (subscription) {
@@ -37671,6 +37849,15 @@ var Session = class _Session {
           case "delete_session_upload_request":
             await this.handleDeleteSessionUploadRequest(msg);
             break;
+          case "share_agent_with_user_request":
+            await this.handleShareAgentWithUserRequest(msg);
+            break;
+          case "unshare_agent_with_user_request":
+            await this.handleUnshareAgentWithUserRequest(msg);
+            break;
+          case "list_agent_shared_users_request":
+            await this.handleListAgentSharedUsersRequest(msg);
+            break;
           case "list_session_images_request":
             await this.handleListSessionImagesRequest(msg);
             break;
@@ -38969,7 +39156,7 @@ var Session = class _Session {
     }
   }
   parseVoiceTargetAgentId(rawId, source) {
-    const parsed = AgentIdSchema.safeParse(rawId.trim());
+    const parsed = AgentIdSchema2.safeParse(rawId.trim());
     if (!parsed.success) {
       throw new Error(`${source}: agentId must be a UUID`);
     }
@@ -39298,6 +39485,12 @@ var Session = class _Session {
           labels,
           workspaceId: resolvedWorkspace.workspaceId,
           initialPrompt: trimmedPrompt,
+          // Stamp the agent with the user that created it. Null on single-
+          // tenant daemons (no auth-server linkage) — agent stays globally
+          // visible, preserving legacy behavior. This is the authoritative
+          // owner (pubkey-derived), used for `canAccessAgent`.
+          ownerUserId: this.ownerUserId,
+          // Self-declared identity, used for Claude profile dir naming etc.
           userId: this.userId ?? void 0,
           username: this.username ?? void 0
         }
@@ -39778,8 +39971,8 @@ var Session = class _Session {
   }
   async generateCommitMessage(cwd) {
     const files = await listUncommittedFiles(cwd);
-    const schema = z36.object({
-      message: z36.string().min(1).max(100).describe(
+    const schema = z38.object({
+      message: z38.string().min(1).max(100).describe(
         "Short feature-level summary, lowercase, imperative mood, no trailing period, no filename references."
       )
     });
@@ -39824,9 +40017,9 @@ var Session = class _Session {
       },
       { appostleHome: this.appostleHome }
     );
-    const schema = z36.object({
-      title: z36.string().min(1).max(72),
-      body: z36.string().min(1)
+    const schema = z38.object({
+      title: z38.string().min(1).max(72),
+      body: z38.string().min(1)
     });
     const fileList = diff.structured && diff.structured.length > 0 ? [
       "Files changed:",
@@ -41866,13 +42059,22 @@ ${details}`.trim());
    * Build the current agent list payload (live + persisted), optionally filtered by labels.
    */
   async listAgentPayloads(filter) {
-    const agentSnapshots = this.agentManager.listAgents();
+    const agentSnapshots = this.agentManager.listAgentsForUser(this.ownerUserId);
     const liveAgents = await Promise.all(
       agentSnapshots.map((agent) => this.buildAgentPayload(agent))
     );
     const registryRecords = await this.agentStorage.list();
+    const requesterId = this.ownerUserId;
     const liveIds = new Set(agentSnapshots.map((a) => a.id));
-    const persistedAgents = registryRecords.filter((record) => !liveIds.has(record.id)).map((record) => this.buildStoredAgentPayload(record));
+    const persistedAgents = registryRecords.filter((record) => !liveIds.has(record.id)).filter(
+      (record) => requesterId === null || canUserAccessAgent(
+        {
+          ownerUserId: record.ownerUserId ?? null,
+          sharedWithUserIds: record.sharedWithUserIds
+        },
+        requesterId
+      )
+    ).map((record) => this.buildStoredAgentPayload(record));
     let agents = [...liveAgents, ...persistedAgents];
     agents = agents.filter((agent) => this.isProviderVisibleToClient(agent.provider));
     if (filter?.labels) {
@@ -41889,6 +42091,9 @@ ${details}`.trim());
       return { ok: false, error: "Agent identifier cannot be empty" };
     }
     if (this.agentManager.getAgent(trimmed)) {
+      if (!this.agentManager.canUserAccessAgentById(trimmed, this.ownerUserId)) {
+        return { ok: false, error: "Agent not found" };
+      }
       return { ok: true, agentId: trimmed };
     }
     const exactStored = await this.agentStorage.get(trimmed);
@@ -43492,6 +43697,139 @@ ${details}`.trim());
     }
   }
   // ──────────────────────────────────────────────────────────────────────
+  // Phase 4: agent sharing — owner-only mutations of the access ACL.
+  // The visibility predicate (Phase 2c) already honors `sharedWithUserIds`;
+  // these handlers surface a typed user-facing path so an owner can grant /
+  // revoke / inspect access from the app instead of editing JSON on disk.
+  //
+  // Authorization:
+  //   - All three handlers require the session's `ownerUserId` to equal the
+  //     agent's `ownerUserId`. Anyone else gets `unauthorized` (including
+  //     existing share-recipients — only the owner can re-share).
+  //   - `resolveAgentIdentifier` already applies `canUserAccessAgent`, so a
+  //     non-recipient even sees the agent as "not found". The owner check
+  //     here is the strictly-tighter follow-up gate for mutations.
+  //   - On a single-tenant daemon (session.ownerUserId == null) the gate
+  //     opens — no isolation to enforce, sharing is a no-op for unscoped
+  //     agents (their ownerUserId is also null).
+  // ──────────────────────────────────────────────────────────────────────
+  async handleShareAgentWithUserRequest(msg) {
+    const resolved = await this.resolveAgentIdentifier(msg.agentId);
+    if (!resolved.ok) {
+      this.emit({
+        type: "share_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: resolved.error }
+      });
+      return;
+    }
+    const agent = this.agentManager.getAgent(resolved.agentId);
+    if (!agent) {
+      this.emit({
+        type: "share_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: "Agent not found" }
+      });
+      return;
+    }
+    if (this.ownerUserId !== null && agent.ownerUserId !== null && agent.ownerUserId !== this.ownerUserId) {
+      this.emit({
+        type: "share_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: "unauthorized" }
+      });
+      return;
+    }
+    try {
+      const sharedWithUserIds = await this.agentManager.shareAgentWithUser(
+        resolved.agentId,
+        msg.userId
+      );
+      this.emit({
+        type: "share_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: true, sharedWithUserIds }
+      });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      this.emit({
+        type: "share_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: message }
+      });
+    }
+  }
+  async handleUnshareAgentWithUserRequest(msg) {
+    const resolved = await this.resolveAgentIdentifier(msg.agentId);
+    if (!resolved.ok) {
+      this.emit({
+        type: "unshare_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: resolved.error }
+      });
+      return;
+    }
+    const agent = this.agentManager.getAgent(resolved.agentId);
+    if (!agent) {
+      this.emit({
+        type: "unshare_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: "Agent not found" }
+      });
+      return;
+    }
+    if (this.ownerUserId !== null && agent.ownerUserId !== null && agent.ownerUserId !== this.ownerUserId) {
+      this.emit({
+        type: "unshare_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: "unauthorized" }
+      });
+      return;
+    }
+    try {
+      const sharedWithUserIds = await this.agentManager.unshareAgentWithUser(
+        resolved.agentId,
+        msg.userId
+      );
+      this.emit({
+        type: "unshare_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: true, sharedWithUserIds }
+      });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      this.emit({
+        type: "unshare_agent_with_user_response",
+        payload: { requestId: msg.requestId, ok: false, error: message }
+      });
+    }
+  }
+  async handleListAgentSharedUsersRequest(msg) {
+    const resolved = await this.resolveAgentIdentifier(msg.agentId);
+    if (!resolved.ok) {
+      this.emit({
+        type: "list_agent_shared_users_response",
+        payload: { requestId: msg.requestId, ok: false, error: resolved.error }
+      });
+      return;
+    }
+    const agent = this.agentManager.getAgent(resolved.agentId);
+    if (!agent) {
+      this.emit({
+        type: "list_agent_shared_users_response",
+        payload: { requestId: msg.requestId, ok: false, error: "Agent not found" }
+      });
+      return;
+    }
+    if (this.ownerUserId !== null && agent.ownerUserId !== null && agent.ownerUserId !== this.ownerUserId) {
+      this.emit({
+        type: "list_agent_shared_users_response",
+        payload: { requestId: msg.requestId, ok: false, error: "unauthorized" }
+      });
+      return;
+    }
+    this.emit({
+      type: "list_agent_shared_users_response",
+      payload: {
+        requestId: msg.requestId,
+        ok: true,
+        ownerUserId: agent.ownerUserId,
+        sharedWithUserIds: [...agent.sharedWithUserIds]
+      }
+    });
+  }
+  // ──────────────────────────────────────────────────────────────────────
   // Session images — backs the "Images" tab inside the uploads modal. Same
   // shape as the file handlers above; the store has no manifest, so listing
   // is a directory scan and delete is `unlink` (traversal-guarded).
@@ -45666,7 +46004,7 @@ import webpush from "web-push";
 import webpush2 from "web-push";
 
 // ../server/src/server/speech/providers/local/sherpa/model-catalog.ts
-import { z as z37 } from "zod";
+import { z as z39 } from "zod";
 var SHERPA_ONNX_MODEL_CATALOG = {
   "zipformer-bilingual-zh-en-2023-02-20": {
     kind: "stt-online",
@@ -45759,7 +46097,7 @@ function buildAliasMap(modelIds) {
 }
 function createAliasedModelIdSchema(params) {
   const validIds = new Set(params.modelIds);
-  return z37.string().trim().toLowerCase().refine(
+  return z39.string().trim().toLowerCase().refine(
     (value) => validIds.has(value) || Object.prototype.hasOwnProperty.call(params.aliases, value),
     {
       message: "Invalid model id"
@@ -45790,20 +46128,20 @@ import { v4 as uuidv410 } from "uuid";
 import { v4 as uuidv411 } from "uuid";
 
 // ../server/src/server/speech/providers/openai/config.ts
-import { z as z38 } from "zod";
+import { z as z40 } from "zod";
 var DEFAULT_OPENAI_REALTIME_TRANSCRIPTION_MODEL = "gpt-4o-transcribe";
 var DEFAULT_OPENAI_TTS_MODEL = "tts-1";
-var OpenAiTtsVoiceSchema = z38.enum(["alloy", "echo", "fable", "onyx", "nova", "shimmer"]);
-var OpenAiTtsModelSchema = z38.enum(["tts-1", "tts-1-hd"]);
-var NumberLikeSchema = z38.union([z38.number(), z38.string().trim().min(1)]);
-var OptionalFiniteNumberSchema = NumberLikeSchema.pipe(z38.coerce.number().finite()).optional();
-var OptionalTrimmedStringSchema = z38.string().trim().optional().transform((value) => value && value.length > 0 ? value : void 0);
-var OpenAiSpeechResolutionSchema = z38.object({
+var OpenAiTtsVoiceSchema = z40.enum(["alloy", "echo", "fable", "onyx", "nova", "shimmer"]);
+var OpenAiTtsModelSchema = z40.enum(["tts-1", "tts-1-hd"]);
+var NumberLikeSchema = z40.union([z40.number(), z40.string().trim().min(1)]);
+var OptionalFiniteNumberSchema = NumberLikeSchema.pipe(z40.coerce.number().finite()).optional();
+var OptionalTrimmedStringSchema = z40.string().trim().optional().transform((value) => value && value.length > 0 ? value : void 0);
+var OpenAiSpeechResolutionSchema = z40.object({
   apiKey: OptionalTrimmedStringSchema,
   sttConfidenceThreshold: OptionalFiniteNumberSchema,
   sttModel: OptionalTrimmedStringSchema,
-  ttsVoice: z38.string().trim().toLowerCase().pipe(OpenAiTtsVoiceSchema).default("alloy"),
-  ttsModel: z38.string().trim().toLowerCase().pipe(OpenAiTtsModelSchema).default(DEFAULT_OPENAI_TTS_MODEL),
+  ttsVoice: z40.string().trim().toLowerCase().pipe(OpenAiTtsVoiceSchema).default("alloy"),
+  ttsModel: z40.string().trim().toLowerCase().pipe(OpenAiTtsModelSchema).default(DEFAULT_OPENAI_TTS_MODEL),
   realtimeTranscriptionModel: OptionalTrimmedStringSchema.default(
     DEFAULT_OPENAI_REALTIME_TRANSCRIPTION_MODEL
   )
@@ -45847,17 +46185,6 @@ import { v4 } from "uuid";
 // ../server/src/server/speech/providers/openai/tts.ts
 import OpenAI2 from "openai";
 
-// ../server/src/server/agent/agent-manager.ts
-import { z as z40 } from "zod";
-import { getSessionMessages } from "@anthropic-ai/claude-agent-sdk";
-
-// ../server/src/server/agent/handoff-mcp.ts
-import { createSdkMcpServer, tool } from "@anthropic-ai/claude-agent-sdk";
-import { z as z39 } from "zod";
-
-// ../server/src/server/agent/agent-manager.ts
-var AgentIdSchema2 = z40.string().uuid();
-
 // ../server/src/server/agent/agent-storage.ts
 import { z as z41 } from "zod";
 var SERIALIZABLE_CONFIG_SCHEMA = z41.object({
@@ -45907,7 +46234,22 @@ var STORED_AGENT_SCHEMA = z41.object({
   archivedAt: z41.string().nullable().optional(),
   // Fork lineage (optional for backward compat with pre-fork records).
   parentAgentId: z41.string().optional(),
-  forkedFromMessageUuid: z41.string().optional()
+  forkedFromMessageUuid: z41.string().optional(),
+  // Multi-tenant session isolation: the auth-server user-id that created
+  // (and therefore owns) this agent + the additive ACL of other users
+  // granted access. Both optional/null-default for backward compatibility
+  // with pre-Phase-2c records — those load with `null` owner and stay
+  // visible to every connecting user (matches today's single-tenant
+  // behavior). Set on new agents at create time via Session.ownerUserId.
+  ownerUserId: z41.string().nullable().optional(),
+  sharedWithUserIds: z41.array(z41.string()).default([]),
+  // Owner's display username — needed on resume to route to the correct
+  // `CLAUDE_CONFIG_DIR` via `ensureClaudeProfile(username)` for agents
+  // created by a shared (non-owner) user. Without this, a resumed shared-
+  // user agent would silently fall back to the daemon owner's Claude
+  // profile/subscription. Optional — pre-Phase-3 records rehydrate without
+  // per-user profile routing.
+  ownerUsername: z41.string().optional()
 });
 
 // ../server/src/server/agent/mcp-server.ts
@@ -46591,10 +46933,10 @@ function encodeUtf8String(value) {
 function createRelayE2eeTransportFactory(args) {
   return ({ url, headers }) => {
     const base = args.baseFactory({ url, headers });
-    return createEncryptedTransport(base, args.daemonPublicKeyB64, args.logger);
+    return createEncryptedTransport(base, args.daemonPublicKeyB64, args.logger, args.staticKeyPair);
   };
 }
-function createEncryptedTransport(base, daemonPublicKeyB64, logger) {
+function createEncryptedTransport(base, daemonPublicKeyB64, logger, staticKeyPair) {
   let channel = null;
   let opened = false;
   let closed = false;
@@ -46651,12 +46993,17 @@ function createEncryptedTransport(base, daemonPublicKeyB64, logger) {
   };
   const startHandshake = async () => {
     try {
-      channel = await createClientChannel(relayTransport, daemonPublicKeyB64, {
-        onopen: emitOpen,
-        onmessage: (data) => emitMessage(data),
-        onclose: (code, reason) => emitClose({ code, reason }),
-        onerror: (error) => emitError(error)
-      });
+      channel = await createClientChannel(
+        relayTransport,
+        daemonPublicKeyB64,
+        {
+          onopen: emitOpen,
+          onmessage: (data) => emitMessage(data),
+          onclose: (code, reason) => emitClose({ code, reason }),
+          onerror: (error) => emitError(error)
+        },
+        staticKeyPair
+      );
     } catch (error) {
       logger.warn({ err: normalizeTransportError(error) }, "relay_e2ee_handshake_failed");
       emitError(error);
@@ -47019,7 +47366,8 @@ var DaemonClient = class {
         transportFactory = createRelayE2eeTransportFactory({
           baseFactory: baseTransportFactory,
           daemonPublicKeyB64,
-          logger: this.logger
+          logger: this.logger,
+          staticKeyPair: this.config.e2ee?.staticKeyPair
         });
       }
       const transportUrl = this.resolveTransportUrlForAttempt();
@@ -48093,6 +48441,99 @@ var DaemonClient = class {
       throw new Error(payload.error || "Failed to delete session upload");
     }
   }
+  // ──────────────────────────────────────────────────────────────────────
+  // Phase 4 agent sharing — owner-only mutations of the per-agent ACL.
+  // ──────────────────────────────────────────────────────────────────────
+  /**
+   * Grant a user access to this agent. Owner-only. Idempotent — sharing
+   * with a user already on the ACL is a no-op. The recipient does not
+   * need to be currently paired; access takes effect at their next
+   * connection.
+   */
+  async shareAgentWithUser(agentId, userId) {
+    const requestId = this.createRequestId();
+    const message = SessionInboundMessageSchema.parse({
+      type: "share_agent_with_user_request",
+      requestId,
+      agentId,
+      userId
+    });
+    const payload = await this.sendRequest({
+      requestId,
+      message,
+      timeout: 15e3,
+      options: { skipQueue: true },
+      select: (msg) => {
+        if (msg.type !== "share_agent_with_user_response") return null;
+        if (msg.payload.requestId !== requestId) return null;
+        return msg.payload;
+      }
+    });
+    if (!payload.ok) {
+      throw new Error(payload.error || "Failed to share agent");
+    }
+    return payload.sharedWithUserIds;
+  }
+  /**
+   * Revoke a user's access to this agent. Owner-only. Effects are
+   * immediate — once the auth-server allow-list propagates (and the
+   * daemon's in-memory state updates here), the removed user's resolver
+   * answers "Agent not found" for any further per-agent RPC.
+   */
+  async unshareAgentWithUser(agentId, userId) {
+    const requestId = this.createRequestId();
+    const message = SessionInboundMessageSchema.parse({
+      type: "unshare_agent_with_user_request",
+      requestId,
+      agentId,
+      userId
+    });
+    const payload = await this.sendRequest({
+      requestId,
+      message,
+      timeout: 15e3,
+      options: { skipQueue: true },
+      select: (msg) => {
+        if (msg.type !== "unshare_agent_with_user_response") return null;
+        if (msg.payload.requestId !== requestId) return null;
+        return msg.payload;
+      }
+    });
+    if (!payload.ok) {
+      throw new Error(payload.error || "Failed to unshare agent");
+    }
+    return payload.sharedWithUserIds;
+  }
+  /**
+   * Return the ACL — owner + the user-ids the owner has granted access
+   * to. Owner-only: recipients can't enumerate who else has access.
+   */
+  async listAgentSharedUsers(agentId) {
+    const requestId = this.createRequestId();
+    const message = SessionInboundMessageSchema.parse({
+      type: "list_agent_shared_users_request",
+      requestId,
+      agentId
+    });
+    const payload = await this.sendRequest({
+      requestId,
+      message,
+      timeout: 15e3,
+      options: { skipQueue: true },
+      select: (msg) => {
+        if (msg.type !== "list_agent_shared_users_response") return null;
+        if (msg.payload.requestId !== requestId) return null;
+        return msg.payload;
+      }
+    });
+    if (!payload.ok) {
+      throw new Error(payload.error || "Failed to list agent shared users");
+    }
+    return {
+      ownerUserId: payload.ownerUserId,
+      sharedWithUserIds: payload.sharedWithUserIds
+    };
+  }
   /**
    * List the images the user has attached to this agent's chat (the "Images"
    * tab in the uploads modal). Returns newest first; the daemon scans