fix(editor,git-sync): parse details open as a boolean so open state survives render/round-trip

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.env.example

@@ -187,11 +187,43 @@ MCP_DOCMOST_PASSWORD=
 # Per-request output-token ceiling for the anonymous assistant (default: 512).
 # Worst-case output per accepted call = agent steps (5) × this value.
 # SHARE_AI_MAX_OUTPUT_TOKENS=512
+
+# --- GIT-SYNC (native two-way Docmost <-> git Markdown sync) ---
+# Master switch. Off by default. When 'true', GIT_SYNC_SERVICE_USER_ID below is
+# REQUIRED (the service account that git-originated create/move/rename/delete are
+# attributed to) — the server refuses to boot with sync enabled and no user id.
+# GIT_SYNC_ENABLED=false
+#
+# Serve the per-space vaults over smart-HTTP (the /git host). Defaults to
+# GIT_SYNC_ENABLED when unset.
+# GIT_SYNC_HTTP_ENABLED=false
+#
+# REQUIRED when GIT_SYNC_ENABLED=true: id of the user that git-originated page
+# operations (create / move / rename / delete) are attributed to.
+# GIT_SYNC_SERVICE_USER_ID=
+#
+# Where the per-space working vaults live (non-bare repos; the engine needs a
+# working tree).
+# Defaults to "<DATA_DIR or ./data>/git-sync".
+# GIT_SYNC_DATA_DIR=
+#
+# Optional remote URL template to mirror each space's vault to (e.g. a git host).
+# Leave unset to keep vaults local-only.
+# GIT_SYNC_REMOTE_TEMPLATE=
+#
+# Path to the SSH private key used when pushing to GIT_SYNC_REMOTE_TEMPLATE.
+# GIT_SYNC_SSH_KEY_PATH=
+#
+# Poll-safety interval in ms — the cadence of the background reconcile cycle
+# (default: 15000).
+# GIT_SYNC_POLL_INTERVAL_MS=15000
+#
+# Debounce window in ms for collapsing bursts of page edits into one sync cycle
+# (default: 2000).
+# GIT_SYNC_DEBOUNCE_MS=2000
+#
+# Watchdog timeout in ms for the spawned `git http-backend` process serving a
+# git smart-HTTP push (default: 120000). A stalled/hung receive-pack is killed
+# after this deadline so it cannot hold the per-space lock forever.
+# GIT_SYNC_BACKEND_TIMEOUT_MS=120000
 #
-# Second cost backstop: a cluster-wide per-workspace rolling-DAY token budget
-# (input re-sent per step + output, summed across every accepted turn). The
-# hourly request cap above bounds how MANY calls run, not how expensive each is,
-# so this caps the owner's actual provider bill directly. Like the request cap it
-# FAILS CLOSED if Redis is unavailable (default: 1,000,000 tokens per workspace
-# per rolling day).
-# SHARE_AI_WORKSPACE_TOKEN_BUDGET_PER_DAY=1000000

.github/workflows/develop.yml

@@ -56,160 +56,3 @@ jobs:
           tags: ${{ env.IMAGE }}:develop
           cache-from: type=gha,scope=develop-amd64
           cache-to: type=gha,scope=develop-amd64,mode=max,ignore-error=true
-
-  # e2e jobs run on every develop push but DO NOT gate the build/publish above:
-  # `build` stays `needs: test` only, so the :develop image still ships even if
-  # e2e fails. A failing e2e job turns the run red and triggers GitHub's email
-  # to the pusher — that red run + email is the intended notification, not a
-  # deploy block.
-  e2e-server:
-    runs-on: ubuntu-latest
-    env:
-      DATABASE_URL: postgresql://docmost:docmost@localhost:5432/docmost
-      REDIS_URL: redis://localhost:6379
-      APP_SECRET: ci-e2e-secret-change-me-min-32-characters
-      APP_URL: http://localhost:3000
-    services:
-      postgres:
-        image: pgvector/pgvector:pg18
-        env:
-          POSTGRES_DB: docmost
-          POSTGRES_USER: docmost
-          POSTGRES_PASSWORD: docmost
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd "pg_isready -U docmost"
-          --health-interval 5s
-          --health-timeout 5s
-          --health-retries 20
-      redis:
-        image: redis:7
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 5s
-          --health-timeout 5s
-          --health-retries 20
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: pnpm
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Build editor-ext
-        run: pnpm --filter @docmost/editor-ext build
-
-      - name: Run migrations
-        run: pnpm --filter ./apps/server migration:latest
-
-      - name: Run server e2e
-        run: pnpm --filter ./apps/server test:e2e
-
-  # Same rationale as e2e-server: this job is intentionally NOT in
-  # `build.needs`. Deploy of the :develop image must not be blocked by e2e;
-  # a red run plus GitHub's email to the pusher is the notification mechanism.
-  e2e-mcp:
-    runs-on: ubuntu-latest
-    env:
-      DATABASE_URL: postgresql://docmost:docmost@localhost:5432/docmost
-      REDIS_URL: redis://localhost:6379
-      APP_SECRET: ci-e2e-secret-change-me-min-32-characters
-      APP_URL: http://localhost:3000
-      NODE_ENV: production
-    services:
-      postgres:
-        image: pgvector/pgvector:pg18
-        env:
-          POSTGRES_DB: docmost
-          POSTGRES_USER: docmost
-          POSTGRES_PASSWORD: docmost
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd "pg_isready -U docmost"
-          --health-interval 5s
-          --health-timeout 5s
-          --health-retries 20
-      redis:
-        image: redis:7
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 5s
-          --health-timeout 5s
-          --health-retries 20
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Set up Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: pnpm
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Build editor-ext
-        run: pnpm --filter @docmost/editor-ext build
-
-      - name: Build server
-        run: pnpm server:build
-
-      - name: Build mcp
-        run: pnpm --filter @docmost/mcp build
-
-      - name: Run migrations
-        run: pnpm --filter ./apps/server migration:latest
-
-      - name: Start server (prod)
-        # Capture stdout/stderr so a start-up crash (bind error, stack trace,
-        # migration mismatch) is diagnosable; without this the only signal is
-        # the generic health-loop timeout below, ~120s later.
-        run: pnpm --filter ./apps/server start:prod > /tmp/server.log 2>&1 &
-
-      - name: Wait for server health
-        run: |
-          for i in $(seq 1 60); do
-            if curl -fsS http://localhost:3000/api/health > /dev/null; then
-              echo "Server is healthy"
-              exit 0
-            fi
-            sleep 2
-          done
-          echo "Server did not become healthy in time"
-          exit 1
-
-      - name: Dump server log on failure
-        if: failure()
-        run: cat /tmp/server.log || true
-
-      - name: Seed admin
-        run: |
-          curl -fsS -X POST http://localhost:3000/api/auth/setup \
-            -H "Content-Type: application/json" \
-            -d '{"name":"E2E","email":"e2e@example.com","password":"E2ePassword123","workspaceName":"E2E"}'
-
-      - name: Run mcp e2e
-        env:
-          DOCMOST_API_URL: http://localhost:3000/api
-          DOCMOST_EMAIL: e2e@example.com
-          DOCMOST_PASSWORD: E2ePassword123
-        run: pnpm --filter @docmost/mcp test:e2e

.github/workflows/test.yml

@@ -68,6 +68,13 @@ jobs:
       - name: Build editor-ext
         run: pnpm --filter @docmost/editor-ext build
 
+      # git-sync and mcp are no longer committed in built form (build/ is
+      # gitignored), so CI must compile them: the server resolves both via their
+      # built build/index.js. The server pretest also builds them, but building
+      # here keeps it explicit and independent of pnpm lifecycle ordering.
+      - name: Build git-sync and mcp
+        run: pnpm --filter @docmost/git-sync build && pnpm --filter @docmost/mcp build
+
       - name: Run unit tests
         run: pnpm -r test
 

.gitignore

@@ -5,6 +5,12 @@ data
 # compiled output
 /dist
 /node_modules
+# workspace package node_modules (pnpm symlinks — never commit; they bake
+# machine-local store paths) and the git-sync compiled output (built in CI/Docker
+# via `pnpm build`, never committed, so src/ and prod can never silently diverge).
+packages/*/node_modules/
+packages/git-sync/build/
+packages/mcp/build/
 
 # Logs
 logs

AGENTS.md

@@ -182,7 +182,7 @@ tea issues create --repo vvzvlad/gitmost --labels feature \
 
 ## Monorepo layout
 
-pnpm workspace (`pnpm@10.4.0`) orchestrated by **Nx**. Four workspace packages:
+pnpm workspace (`pnpm@10.4.0`) orchestrated by **Nx**. Five workspace packages:
 
 | Path | Name | Stack | Role |
 | --- | --- | --- | --- |
@@ -190,6 +190,7 @@ pnpm workspace (`pnpm@10.4.0`) orchestrated by **Nx**. Four workspace packages:
 | `apps/client` | `client` | React 18 + Vite + Mantine 8 + TanStack Query + Jotai | SPA frontend |
 | `packages/editor-ext` | `@docmost/editor-ext` | Tiptap/ProseMirror | Shared Tiptap node/mark extensions, imported by both the client and the server |
 | `packages/mcp` | `@docmost/mcp` | MCP SDK, Tiptap, Yjs | Standalone MCP server, also bundled into the server at `/mcp`. Does **not** import `editor-ext` — it keeps its own vendored mirror of the schema in `packages/mcp/src/lib/` |
+| `packages/git-sync` | `@docmost/git-sync` | Tiptap/ProseMirror, Yjs, git | Pure ProseMirror↔Markdown converter plus the two-way Docmost↔git Markdown sync engine. Bundled into the server (loaded over the ESM bridge), built in CI and the Dockerfile. Does **not** import `editor-ext` — it keeps its own vendored mirror of the document schema (kept in sync with `editor-ext`). |
 
 `build` targets are Nx-cached and dependency-ordered (`dependsOn: ["^build"]`), so `editor-ext` builds before the apps. `nx.json` sets `affected.defaultBase: main`.
 
@@ -263,7 +264,7 @@ The API server is a Fastify app with a global `/api` prefix (`main.ts` excludes
 ### Client structure
 Vite SPA. Code is organized by feature under `apps/client/src/features/*` (mirrors the server domains: `page`, `space`, `comment`, `ai-chat`, `editor`, …). Conventions:
 - **TanStack Query** for server state (one `queries/` file per feature), **Jotai** atoms for local/shared UI state, **Mantine 8** + CSS modules (`*.module.css`) + `postcss-preset-mantine` for UI.
-- The editor is Tiptap; shared node/mark extensions live in `packages/editor-ext` and are imported by **both the client and the server** (collaboration, import/export) — editor schema changes often need to be made in `editor-ext`, not just the client. Note `packages/mcp` does *not* depend on `editor-ext`; it carries its own mirrored copy of the schema, so keep the two in sync manually when the document schema changes.
+- The editor is Tiptap; shared node/mark extensions live in `packages/editor-ext` and are imported by **both the client and the server** (collaboration, import/export) — editor schema changes often need to be made in `editor-ext`, not just the client. Note neither `packages/mcp` nor `packages/git-sync` depends on `editor-ext`; each carries its own mirrored copy of the schema. There are now **three** independent copies (`editor-ext` is canonical, plus `packages/mcp` and `packages/git-sync`), so keep all three in sync manually when the document schema changes.
 - API access goes through `apps/client/src/lib/api-client.ts` (axios). The `@` alias maps to `apps/client/src`.
 - Runtime config is injected at build time by `vite.config.ts` via `define` (`APP_URL`, `COLLAB_URL`, `APP_VERSION`, …) — these come from the root `.env`, not from `import.meta.env`.
 

CHANGELOG.md

@@ -10,16 +10,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [0.94.0] - 2026-06-26
-
-This release makes AI chat durable and fast: assistant turns are persisted to
-the database step by step and exported server-side, the desktop app no longer
-freezes at 100% CPU on long agent runs, and MCP writes are badged with
-unspoofable AI attribution. It also reworks footnotes (Pandoc-style reuse and
-per-reference back-links), hardens page moves and duplication against cycles
-and lost edits, and caps the anonymous public-share assistant with a
-per-workspace rolling-day token budget.
-
 ### Added
 
 - **Persistent AI-chat history as the source of truth + server-side export.**
@@ -88,13 +78,6 @@ per-workspace rolling-day token budget.
 
 ### Fixed
 
-- **AI chat: the desktop app no longer freezes at 100% CPU on long agent runs.**
-  `useChat` re-rendered on every streamed token and `MessageItem`/`ReasoningBlock`
-  re-parsed the whole transcript markdown (marked + DOMPurify) on every delta, so
-  per-turn work grew quadratically and saturated the main thread. The stream is now
-  throttled (`experimental_throttle`) to ~20 Hz and each finalized message row /
-  markdown part / reasoning block is memoized, so a long turn no longer re-parses
-  already-finished content. (#182)
 - **Editor: caret/selection landed on the wrong line when clicking inside code
   blocks and footnotes.** The affected NodeViews rendered their non-editable
   chrome (language menu, footnotes heading, footnote number marker) before the
@@ -109,37 +92,6 @@ per-workspace rolling-day token budget.
   no longer froze on the previous step's authoritative usage; the current step's
   estimate is combined per-component with `max`, so the count rises smoothly and
   never jumps backwards. (#163)
-- **AI chat: "New chat" during a streaming first turn now resets the whole
-  chat, not just the role badge.** Starting a new chat mid-stream cleared the
-  header but left the in-flight turn's messages behind, so the fresh chat opened
-  pre-populated with the previous conversation; it now fully resets. (#161)
-- **AI chat: a dropped tool argument now yields an actionable error.** When the
-  model omitted a required parameter (typically `pageId`) in a parallel/batch
-  tool call, the assistant forwarded zod's raw "expected string, received
-  undefined" text; tool inputs now return a message naming each missing/invalid
-  parameter (the JSON Schema contract is unchanged and nothing is backfilled).
-  (#190)
-- **Page move: cycle checks are now atomic and depth-bounded.** Moving a page
-  under one of its own descendants is rejected in the same transaction as the
-  update (closing a TOCTOU window where two concurrent A→B / B→A moves could
-  form a cycle), and the recursive tree-traversal CTEs carry a cycle/depth guard
-  so a pre-existing cycle can no longer spin a query. (#207)
-- **Page/editor robustness batch.** Duplicating a page now copies shared
-  attachments for every referencing page (not just the first); colliding block
-  ids are de-duplicated on import/normalize so MCP addressed edits can't hit the
-  wrong node; transient collab store failures are retried so autosave edits
-  aren't lost; and an out-of-order tree move no longer drops the moved subtree.
-  (#206)
-
-### Security
-
-- **Public share AI: per-workspace rolling-day token budget.** The anonymous
-  share assistant now caps a workspace's actual token spend (input + output,
-  summed across every accepted turn) over a trailing day, on top of the hourly
-  request cap — so a caller who evades the per-IP throttle still cannot run up
-  the owner's provider bill without bound. Cluster-wide via Redis and FAILS
-  CLOSED if Redis is down; default 1,000,000 tokens/day, overridable via
-  `SHARE_AI_WORKSPACE_TOKEN_BUDGET_PER_DAY`. (#159)
 
 ## [0.93.0] - 2026-06-21
 

Dockerfile

@@ -17,8 +17,9 @@ RUN pnpm build
 
 FROM base AS installer
 
+# git: required by the git-sync VaultGit (shells out to git)
 RUN apt-get update \
-  && apt-get install -y --no-install-recommends curl bash \
+  && apt-get install -y --no-install-recommends curl bash git \
   && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
@@ -33,6 +34,11 @@ COPY --from=builder /app/packages/editor-ext/dist /app/packages/editor-ext/dist
 COPY --from=builder /app/packages/editor-ext/package.json /app/packages/editor-ext/package.json
 COPY --from=builder /app/packages/mcp/build /app/packages/mcp/build
 COPY --from=builder /app/packages/mcp/package.json /app/packages/mcp/package.json
+# git-sync: the server requires @docmost/git-sync at runtime; without these the
+# image starts and crashes on `require('@docmost/git-sync')`. Built fresh by the
+# builder's `pnpm build` (nx builds the package's tsc `build` target).
+COPY --from=builder /app/packages/git-sync/build /app/packages/git-sync/build
+COPY --from=builder /app/packages/git-sync/package.json /app/packages/git-sync/package.json
 
 # Copy root package files
 COPY --from=builder /app/package.json /app/package.json

README.md

@@ -114,7 +114,7 @@ community feature, with no enterprise license. Open it from the page header; the
 - 🔭 **Viewer comments** — let read-only viewers leave comments.
 - 🔭 **Password-protected pages** — protect individual pages / shares with a password.
 - 🔭 **Windows / Linux app** — native desktop app for Windows and Linux.
-- 🔭 **Mobile app** — mobile apps (iOS first, Android to follow), reusing the existing responsive web UI and editor via a Capacitor wrapper, with offline planned for later. See [issue #195](https://gitea.vvzvlad.xyz/vvzvlad/gitmost/issues/195).
+- 🔭 **Mobile app** — mobile apps (iOS first, Android to follow), reusing the existing responsive web UI and editor via a Capacitor wrapper, with offline planned for later. See [docs/mobile-app-plan.md](docs/mobile-app-plan.md).
 - 🔭 **Offline mode** — offline sync & PWA support.
 - 🔭 **Editor & UX improvements** — blocks inside tables (lists, to-do items), column layout, additional heading levels, highlight blocks, custom emoji in callouts, floating images, anchor links for page mentions, toggles (shared-page width, aside/sidebar, spellcheck, ligatures), sanitized space-tree export, and mentions in breadcrumbs.
 

README.ru.md

@@ -115,7 +115,7 @@ real-time-коллаборации Docmost, поэтому запись нико
 - 🔭 **Комментарии зрителей** — возможность комментировать для пользователей с доступом только на чтение.
 - 🔭 **Защищённые паролем страницы** — защита отдельных страниц / шар паролем.
 - 🔭 **Приложение для Windows / Linux** — нативное десктоп-приложение для Windows и Linux.
-- 🔭 **Мобильное приложение** — мобильные приложения (iOS обязательно, Android как пойдёт) на базе существующей адаптивной веб-версии и редактора через обёртку Capacitor; оффлайн запланирован на будущее. См. [issue #195](https://gitea.vvzvlad.xyz/vvzvlad/gitmost/issues/195).
+- 🔭 **Мобильное приложение** — мобильные приложения (iOS обязательно, Android как пойдёт) на базе существующей адаптивной веб-версии и редактора через обёртку Capacitor; оффлайн запланирован на будущее. См. [docs/mobile-app-plan.md](docs/mobile-app-plan.md).
 - 🔭 **Офлайн-режим** — офлайн-синхронизация и поддержка PWA.
 - 🔭 **Улучшения редактора и UX** — блоки внутри таблиц (списки, чек-листы), колоночная вёрстка, дополнительные уровни заголовков, highlight-блоки, кастомные эмодзи в callout-ах, плавающие изображения, anchor-ссылки на упоминания страниц, тоглы (ширина шары, aside/сайдбар, spellcheck, лигатуры), санитизация экспорта дерева спейса и mentions в хлебных крошках.
 

apps/client/package.json

@@ -1,7 +1,7 @@
 {
   "name": "client",
   "private": true,
-  "version": "0.94.0",
+  "version": "0.93.0",
   "scripts": {
     "dev": "node scripts/copy-vad-assets.mjs && vite",
     "build": "node scripts/copy-vad-assets.mjs && tsc && vite build",

apps/client/public/locales/en-US/translation.json

@@ -715,8 +715,6 @@
   "Test": "Test",
   "Available tools": "Available tools",
   "No tools available": "No tools available",
-  "Failed": "Failed",
-  "OK · {{n}}": "OK · {{n}}",
   "Created successfully": "Created successfully",
   "Deleted successfully": "Deleted successfully",
   "Clear": "Clear",
@@ -1169,9 +1167,8 @@
   "Pick an agent role whose persona the public assistant adopts. The safety rules always still apply.": "Pick an agent role whose persona the public assistant adopts. The safety rules always still apply.",
   "Built-in assistant persona": "Built-in assistant persona",
   "Minimize": "Minimize",
-  "Context size / model limit": "Context size / model limit",
-  "Context window (tokens)": "Context window (tokens)",
-  "Shown as used / total in the chat header. Leave empty to hide the limit.": "Shown as used / total in the chat header. Leave empty to hide the limit.",
+  "Current context size": "Current context size",
+  "Tokens generated this turn": "Tokens generated this turn",
   "AI agent": "AI agent",
   "Take a look at the current document": "Take a look at the current document",
   "AI agent is typing…": "AI agent is typing…",
@@ -1207,6 +1204,8 @@
   "Ran tool {{name}}": "Ran tool {{name}}",
   "AI-agent": "AI-agent",
   "Edited by AI agent on behalf of {{name}}": "Edited by AI agent on behalf of {{name}}",
+  "Git sync": "Git sync",
+  "Synced from Git on behalf of {{name}}": "Synced from Git on behalf of {{name}}",
   "Endpoints": "Endpoints",
   "where we fetch models": "where we fetch models",
   "All endpoints are OpenAI-compatible. Point the Base URL at OpenAI, OpenRouter, a local Ollama, or any self-hosted server.": "All endpoints are OpenAI-compatible. Point the Base URL at OpenAI, OpenRouter, a local Ollama, or any self-hosted server.",
@@ -1231,6 +1230,8 @@
   "MCP server": "MCP server",
   "expose the workspace": "expose the workspace",
   "Enable MCP server": "Enable MCP server",
+  "Enable Git sync": "Enable Git sync",
+  "Sync this space's pages to a Git repository.": "Sync this space's pages to a Git repository.",
   "Exposes the workspace as an MCP server at /mcp — this provides a capability, it doesn't consume a model.": "Exposes the workspace as an MCP server at /mcp — this provides a capability, it doesn't consume a model.",
   "Resolves to {{url}}": "Resolves to {{url}}",
   "Model": "Model",

apps/client/public/locales/ru-RU/translation.json

@@ -704,19 +704,13 @@
   "Ask the AI agent…": "Спросите AI-агента…",
   "Copy chat": "Копировать чат",
   "Created successfully": "Успешно создано",
-  "Context size / model limit": "Размер контекста / лимит модели",
-  "Context window (tokens)": "Окно контекста (токены)",
-  "Shown as used / total in the chat header. Leave empty to hide the limit.": "Показывается в шапке чата как использовано / всего. Пусто — лимит скрыт.",
+  "Current context size": "Текущий размер контекста",
+  "Tokens generated this turn": "Токенов сгенерировано за ход",
   "Delete this chat?": "Удалить этот чат?",
   "Deleted successfully": "Успешно удалено",
   "Edited by AI agent on behalf of {{name}}": "Отредактировано AI-агентом от имени {{name}}",
   "Failed to delete chat": "Не удалось удалить чат",
   "Failed to rename chat": "Не удалось переименовать чат",
-  "Failed": "Ошибка",
-  "OK · {{n}}": "OK · {{n}}",
-  "Test": "Тест",
-  "No tools available": "Инструменты недоступны",
-  "Available tools": "Доступные инструменты",
   "Minimize": "Свернуть",
   "No chats yet.": "Чатов пока нет.",
   "Send": "Отправить",

apps/client/src/components/ui/git-sync-badge.tsx

@@ -0,0 +1,37 @@
+import { Badge, Tooltip } from "@mantine/core";
+import { IconGitMerge } from "@tabler/icons-react";
+import { useTranslation } from "react-i18next";
+
+interface GitSyncBadgeProps {
+  authorName?: string;
+}
+
+/**
+ * Badge marking a version produced by git-sync (provenance §8.1). The history
+ * version is created on the PUSH path — when an incoming git body is written back
+ * into the Docmost doc — not by the pull itself. Like {@link AiAgentBadge} it is
+ * ADDITIVE — shown next to the human author, never replacing them — but a git-sync
+ * edit is NOT an agent edit and has no chat to deep-link into, so it is a small,
+ * neutral, non-clickable label.
+ */
+export function GitSyncBadge({ authorName }: GitSyncBadgeProps) {
+  const { t } = useTranslation();
+
+  const tooltip = t("Synced from Git on behalf of {{name}}", {
+    name: authorName ?? "",
+  });
+
+  return (
+    <Tooltip label={tooltip} withArrow>
+      <Badge
+        size="sm"
+        variant="light"
+        color="gray"
+        radius="sm"
+        leftSection={<IconGitMerge size={12} stroke={2} />}
+      >
+        {t("Git sync")}
+      </Badge>
+    </Tooltip>
+  );
+}

apps/client/src/features/ai-chat/components/ai-chat-window.tsx

@@ -45,7 +45,6 @@ import {
   shouldCollapseOnOutsidePointer,
   isHeaderClick,
 } from "@/features/ai-chat/utils/collapse-helpers.ts";
-import { selectContextBadge } from "@/features/ai-chat/utils/context-badge.ts";
 import { useClipboard } from "@/hooks/use-clipboard";
 import { notifications } from "@mantine/notifications";
 import classes from "@/features/ai-chat/components/ai-chat-window.module.css";
@@ -162,6 +161,12 @@ export default function AiChatWindow() {
   const { data: messageRows, isLoading: messagesLoading } =
     useAiChatMessagesQuery(activeChatId ?? undefined);
 
+  // Live turn-token total (reasoning + output) for the in-flight turn, pushed up
+  // (THROTTLED to ~8 Hz inside ChatThread) so the header badge ticks mid-stream.
+  // `null` means no turn is in flight -> the badge falls back to the persisted
+  // context size below.
+  const [liveTurnTokens, setLiveTurnTokens] = useState<number | null>(null);
+
   // The page the user is currently viewing. AiChatWindow lives in a pathless
   // parent layout route, so useParams() can't see :pageSlug. Match the full
   // pathname against the authenticated page route instead so "the current page"
@@ -188,7 +193,6 @@ export default function AiChatWindow() {
   const {
     threadKey,
     waitingForHistory,
-    startFreshThread,
     onTurnFinished,
     onServerChatId,
     cancelPendingAdoption,
@@ -211,25 +215,12 @@ export default function AiChatWindow() {
   // just-failed chat after they chose a fresh one.
   const startNewChat = useCallback((): void => {
     cancelPendingAdoption();
-    // Force a fresh, empty thread UNCONDITIONALLY (#161). Pressing "New chat"
-    // while a brand-new chat's first turn is still streaming leaves activeChatId
-    // null (the real id is adopted only at turn end), so setActiveChatId(null)
-    // alone is a no-op and the reconciler never remounts — the chat/stream/history
-    // would persist and only the role badge would drop. This always remounts the
-    // thread into a clean new chat.
-    startFreshThread();
     setActiveChatId(null);
     setHistoryOpen(false);
     setDraft("");
     // Default the picker back to "Universal assistant" for the fresh chat.
     setSelectedRoleId(null);
-  }, [
-    cancelPendingAdoption,
-    startFreshThread,
-    setActiveChatId,
-    setDraft,
-    setSelectedRoleId,
-  ]);
+  }, [cancelPendingAdoption, setActiveChatId, setDraft, setSelectedRoleId]);
 
   const selectChat = useCallback(
     (chatId: string): void => {
@@ -296,19 +287,24 @@ export default function AiChatWindow() {
   // shipped; older rows fall back to that turn's `usage` total. NOTE: reflects
   // PERSISTED rows (updates on chat open/switch); it does not tick live
   // mid-stream — acceptable for v1.
-  //
-  // The denominator `maxContextTokens` (the model's configured max window) is
-  // derived in the SAME backward scan: it is stamped alongside `contextTokens`
-  // on a completed turn, but the numerator and denominator are taken from the
-  // most recent row carrying EACH value independently — they may land on
-  // different rows (e.g. a fresh error row can carry contextTokens but not
-  // maxContextTokens), so we keep scanning for whichever is still unset. 0 when
-  // no row has it (older rows, or no admin-configured limit) — the badge then
-  // shows just the current size with no denominator.
-  const { contextTokens, maxContextTokens } = useMemo(
-    () => selectContextBadge(activeChatId ? messageRows : undefined),
-    [activeChatId, messageRows],
-  );
+  const contextTokens = useMemo(() => {
+    if (!activeChatId || !messageRows) return 0;
+    for (let i = messageRows.length - 1; i >= 0; i--) {
+      const meta = messageRows[i].metadata;
+      if (!meta) continue;
+      if (typeof meta.contextTokens === "number" && meta.contextTokens > 0) {
+        return meta.contextTokens;
+      }
+      const usage = meta.usage;
+      if (usage) {
+        const fallback =
+          usage.totalTokens ??
+          (usage.inputTokens ?? 0) + (usage.outputTokens ?? 0);
+        if (fallback > 0) return fallback;
+      }
+    }
+    return 0;
+  }, [activeChatId, messageRows]);
 
   // On (re)open, settle the geometry before paint (useLayoutEffect → no
   // first-frame jump): compute an initial top-right placement the first time,
@@ -499,17 +495,20 @@ export default function AiChatWindow() {
         )}
 
         <div style={{ flex: 1, display: "flex", justifyContent: "center" }}>
-          {/* Always show the persisted "current / max" context. The denominator
-              (the admin-configured model limit) is appended only when known;
-              not clamped when current > max (shown as-is, e.g. "210k / 200k").
-              Hidden entirely until a turn has recorded a context figure. */}
-          {contextTokens > 0 ? (
-            <Tooltip label={t("Context size / model limit")} withArrow>
+          {/* While a turn streams, show the LIVE turn-token count (ticks ~8 Hz);
+              once it finishes, fall back to the persisted context size. Require
+              > 0 so the very first emit (an empty tail message, count 0) does not
+              flash a "0" badge before any token streams in (#151 review). */}
+          {liveTurnTokens !== null && liveTurnTokens > 0 ? (
+            <Tooltip label={t("Tokens generated this turn")} withArrow>
+              <span className={classes.badge}>
+                {formatTokens(liveTurnTokens)}
+              </span>
+            </Tooltip>
+          ) : contextTokens > 0 ? (
+            <Tooltip label={t("Current context size")} withArrow>
               <span className={classes.badge}>
                 {formatTokens(contextTokens)}
-                {maxContextTokens > 0
-                  ? ` / ${formatTokens(maxContextTokens)}`
-                  : ""}
               </span>
             </Tooltip>
           ) : null}
@@ -623,7 +622,6 @@ export default function AiChatWindow() {
           ) : (
             <ChatThread
               key={threadKey}
-              threadKey={threadKey}
               chatId={activeChatId}
               initialRows={activeChatId ? messageRows : []}
               openPage={openPage}
@@ -636,6 +634,7 @@ export default function AiChatWindow() {
               assistantName={currentRole?.name}
               onTurnFinished={onTurnFinished}
               onServerChatId={onServerChatId}
+              onLiveTurnTokens={setLiveTurnTokens}
             />
           )}
         </div>

apps/client/src/features/ai-chat/components/chat-thread.tsx

@@ -20,6 +20,7 @@ import {
 } from "@/features/ai-chat/utils/role-launch.ts";
 import { describeChatError } from "@/features/ai-chat/utils/error-message.ts";
 import { extractServerChatId } from "@/features/ai-chat/utils/adopt-chat-id.ts";
+import { liveTurnTokens } from "@/features/ai-chat/utils/count-stream-tokens.ts";
 import {
   dequeue,
   enqueueMessage,
@@ -28,14 +29,6 @@ import {
 } from "@/features/ai-chat/utils/queue-helpers.ts";
 import classes from "@/features/ai-chat/components/ai-chat.module.css";
 
-// Throttle how often the streamed `messages` state triggers a re-render. Without
-// it, useChat updates state on EVERY token, so the whole transcript's markdown
-// (marked + DOMPurify) is re-parsed per token — on a long agent run that grows
-// into a quadratic CPU storm that pins the main thread and freezes the UI.
-// ~50ms (20 Hz) keeps streaming visually smooth while decoupling re-render cost
-// from the token rate.
-const STREAM_THROTTLE_MS = 50;
-
 /** The page the user is currently viewing, sent as chat context. */
 export interface OpenPageContext {
   id: string;
@@ -45,11 +38,6 @@ export interface OpenPageContext {
 interface ChatThreadProps {
   /** The open chat id, or null for a brand-new (not-yet-created) chat. */
   chatId: string | null;
-  /** This thread's mount key (the same value the parent uses as React `key`).
-   *  Forwarded to onTurnFinished so the session can tell a turn finishing on the
-   *  CURRENT thread from one ABANDONED by New chat mid-stream — whose onFinish/
-   *  onError still fire after unmount and must not adopt the abandoned chat (#161). */
-  threadKey?: string;
   /** Persisted rows to seed initial messages (existing chats only). */
   initialRows?: IAiChatMessageRow[];
   /** The page currently open in the workspace, or null on a non-page route.
@@ -71,16 +59,20 @@ interface ChatThreadProps {
   /** Called when a turn finishes; the parent refreshes the chat list and, for a
    *  new chat, adopts the freshly created chat id. `serverChatId` is the
    *  authoritative id the server streamed on the assistant message metadata, or
-   *  undefined on a failed turn — see adopt-chat-id.ts for the full #137 design.
-   *  `finishingThreadKey` (this thread's mount key) lets the session ignore a turn
-   *  finishing on a thread already abandoned by New chat mid-stream (#161). */
-  onTurnFinished: (serverChatId?: string, finishingThreadKey?: string) => void;
+   *  undefined on a failed turn — see adopt-chat-id.ts for the full #137 design. */
+  onTurnFinished: (serverChatId?: string) => void;
   /** Called EARLY (at the stream's `start` chunk) with the authoritative server
    *  chat id streamed on the assistant message metadata, so a brand-new chat
    *  adopts its real id WHILE the first turn is still streaming (#174 — makes the
    *  Copy/export button available mid-stream). Distinct from onTurnFinished,
    *  which fires only at the terminal outcome. */
   onServerChatId?: (serverChatId?: string) => void;
+  /** Reports the live turn-token total (reasoning + output) for the in-flight
+   *  turn so the parent can show a header badge that ticks mid-stream. THROTTLED
+   *  here (~8 Hz) so the parent re-renders a handful of times a second, not on
+   *  every streamed delta. Called with `null` when no turn is in flight (the
+   *  parent then reverts the badge to the persisted context size). */
+  onLiveTurnTokens?: (tokens: number | null) => void;
 }
 
 /**
@@ -117,7 +109,6 @@ function rowToUiMessage(row: IAiChatMessageRow): UIMessage {
  */
 export default function ChatThread({
   chatId,
-  threadKey,
   initialRows,
   openPage,
   roleId,
@@ -126,6 +117,7 @@ export default function ChatThread({
   assistantName,
   onTurnFinished,
   onServerChatId,
+  onLiveTurnTokens,
 }: ChatThreadProps) {
   const { t } = useTranslation();
 
@@ -254,8 +246,6 @@ export default function ChatThread({
     id: chatStoreId,
     messages: initialMessages,
     transport,
-    // See STREAM_THROTTLE_MS — bounds re-render/markdown-reparse frequency.
-    experimental_throttle: STREAM_THROTTLE_MS,
     // `onFinish` (ai@6 useChat) fires from a `finally` on EVERY terminal outcome
     // — success, user Stop/abort (`isAbort`), network drop (`isDisconnect`), and
     // stream error (`isError`). Keep calling `onTurnFinished()` on all of them
@@ -267,10 +257,8 @@ export default function ChatThread({
     onFinish: ({ message, isAbort, isDisconnect, isError }) => {
       // Forward the authoritative server chatId (streamed on the assistant
       // message metadata) so the parent adopts the REAL created chat id for a new
-      // chat — see adopt-chat-id.ts for the full #137 design. `threadKey` lets the
-      // session ignore this finish if it belongs to a thread abandoned by New chat
-      // mid-stream (#161).
-      onTurnFinished(extractServerChatId(message), threadKey);
+      // chat — see adopt-chat-id.ts for the full #137 design.
+      onTurnFinished(extractServerChatId(message));
       // Show a neutral "stopped" marker for an aborted turn; the red error banner
       // (via `error`) already covers isError, and a clean finish clears any marker.
       if (isError) setStopNotice(null);
@@ -291,7 +279,7 @@ export default function ChatThread({
       // Surface the raw failure in the browser console (devtools) for debugging;
       // the UI separately shows a friendly classified banner (see errorView).
       console.error("AI chat stream error:", streamError);
-      onTurnFinished(undefined, threadKey);
+      onTurnFinished();
     },
   });
 
@@ -340,6 +328,53 @@ export default function ChatThread({
   // the SAME on-screen banner text can be mirrored into the export (issue #160).
   const errorView = error ? describeChatError(error.message ?? "", t) : null;
 
+  // Report the live turn-token total to the parent header badge, THROTTLED to
+  // ~8 Hz so the parent re-renders a few times a second instead of on every
+  // streamed delta. The tail assistant message's reasoning+output (estimate while
+  // streaming, authoritative once a step reports usage) is the live figure. When
+  // the turn ends we emit a final exact value, then `null` so the parent reverts
+  // the badge to the persisted context size.
+  const lastEmitRef = useRef(0);
+  const emitTimerRef = useRef<ReturnType<typeof setTimeout> | null>(null);
+  useEffect(() => {
+    if (!onLiveTurnTokens) return;
+    if (!isStreaming) {
+      // Turn ended (or never started): clear any pending throttle and revert.
+      if (emitTimerRef.current) {
+        clearTimeout(emitTimerRef.current);
+        emitTimerRef.current = null;
+      }
+      lastEmitRef.current = 0;
+      onLiveTurnTokens(null);
+      return;
+    }
+    const tail = messages[messages.length - 1];
+    const live = tail?.role === "assistant" ? liveTurnTokens(tail) : null;
+    const total = live ? live.reasoning + live.output : 0;
+    const now = Date.now();
+    const MIN_INTERVAL = 120; // ms (~8 Hz)
+    const elapsed = now - lastEmitRef.current;
+    if (elapsed >= MIN_INTERVAL) {
+      lastEmitRef.current = now;
+      onLiveTurnTokens(total);
+    } else if (!emitTimerRef.current) {
+      // Schedule a trailing emit so the FINAL value of a burst is not dropped.
+      emitTimerRef.current = setTimeout(() => {
+        emitTimerRef.current = null;
+        lastEmitRef.current = Date.now();
+        onLiveTurnTokens(total);
+      }, MIN_INTERVAL - elapsed);
+    }
+  }, [messages, isStreaming, onLiveTurnTokens]);
+
+  // Clear any pending throttle timer on unmount (chat switch via `key`) so a
+  // trailing emit can't fire into a torn-down thread's parent.
+  useEffect(() => {
+    return () => {
+      if (emitTimerRef.current) clearTimeout(emitTimerRef.current);
+    };
+  }, []);
+
   // A role was picked with autoStart=false: the role is bound but NOTHING was
   // sent, so chatId stays null and the empty state would keep showing the cards.
   // This flag hides the cards and reveals the composer (with the role indicated)

apps/client/src/features/ai-chat/components/message-item-memo.test.tsx

@@ -1,81 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import { render } from "@testing-library/react";
-import { MantineProvider } from "@mantine/core";
-import type { UIMessage } from "@ai-sdk/react";
-
-// Stub react-i18next (the component reads `useTranslation`). Mirrors the stub in
-// reasoning-block.test.tsx.
-vi.mock("react-i18next", () => ({
-  useTranslation: () => ({ t: (key: string) => key }),
-}));
-
-// Spy on `renderChatMarkdown` so we can count parse calls per text. We keep every
-// OTHER named export of markdown.ts intact via `importActual`, and override only
-// `renderChatMarkdown` with a `vi.fn()` that returns simple HTML so the component
-// still renders. This is the seam that proves the MarkdownPart memo works: a
-// finalized text part must NOT be re-parsed on a later streamed delta.
-// `vi.hoisted` so the spy exists when the hoisted `vi.mock` factory runs.
-const { renderChatMarkdownSpy } = vi.hoisted(() => ({
-  renderChatMarkdownSpy: vi.fn((text: string) => `<p>${text}</p>`),
-}));
-vi.mock("@/features/ai-chat/utils/markdown.ts", async () => {
-  const actual = await vi.importActual<
-    typeof import("@/features/ai-chat/utils/markdown.ts")
-  >("@/features/ai-chat/utils/markdown.ts");
-  return { ...actual, renderChatMarkdown: renderChatMarkdownSpy };
-});
-
-import MessageItem from "./message-item";
-
-// matchMedia (read by MantineProvider) is stubbed globally in vitest.setup.ts.
-
-const msg = (parts: UIMessage["parts"]): UIMessage =>
-  ({ id: "m1", role: "assistant", parts }) as UIMessage;
-
-const renderRow = (message: UIMessage) =>
-  render(
-    <MantineProvider>
-      <MessageItem message={message} />
-    </MantineProvider>,
-  );
-
-/** Count how many spy calls parsed exactly `text` (filtering by the first arg). */
-const callsFor = (text: string) =>
-  renderChatMarkdownSpy.mock.calls.filter((c) => c[0] === text).length;
-
-describe("MessageItem markdown memoization", () => {
-  it("does not re-parse finalized text parts when only a tail part grows", () => {
-    renderChatMarkdownSpy.mockClear();
-
-    // Two finalized text parts.
-    const first = msg([
-      { type: "text", text: "alpha" },
-      { type: "text", text: "beta" },
-    ]);
-    const { rerender } = renderRow(first);
-
-    // Both finalized parts parsed exactly once on the initial render.
-    expect(callsFor("alpha")).toBe(1);
-    expect(callsFor("beta")).toBe(1);
-
-    // A streamed delta: a NEW message object where only a third tail part grows;
-    // the first two parts' text is byte-identical.
-    const next = msg([
-      { type: "text", text: "alpha" },
-      { type: "text", text: "beta" },
-      { type: "text", text: "gamm" },
-    ]);
-    rerender(
-      <MantineProvider>
-        <MessageItem message={next} />
-      </MantineProvider>,
-    );
-
-    // The finalized parts hit the MarkdownPart memo: still parsed at most once
-    // each across BOTH renders (the resilient invariant). The only new parse is
-    // for the changed/added tail part.
-    expect(callsFor("alpha")).toBe(1);
-    expect(callsFor("beta")).toBe(1);
-    expect(callsFor("gamm")).toBe(1);
-  });
-});

apps/client/src/features/ai-chat/components/message-item.test.ts

@@ -1,73 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import type { UIMessage } from "@ai-sdk/react";
-
-// Stub react-i18next: importing the component module pulls in `useTranslation`,
-// and we only exercise the pure `arePropsEqual` comparator (no rendering), so a
-// minimal `t` that echoes the key is enough. Mirrors the stub in
-// reasoning-block.test.tsx.
-vi.mock("react-i18next", () => ({
-  useTranslation: () => ({ t: (key: string) => key }),
-}));
-
-import { arePropsEqual } from "./message-item";
-
-/**
- * Tests for `arePropsEqual`, the `React.memo` comparator for MessageItem. It must
- * return false on any visible prop/content change (so the row re-renders) and
- * true when nothing visible changed (so a finalized row is skipped). A FIXED
- * message id is used so a content-identical clone yields an equal signature.
- */
-const msg = (parts: UIMessage["parts"]): UIMessage =>
-  ({ id: "m1", role: "assistant", parts }) as UIMessage;
-
-const props = (
-  message: UIMessage,
-  over: Record<string, unknown> = {},
-) => ({
-  message,
-  showCitations: true,
-  neutralizeInternalLinks: false,
-  assistantName: "AI",
-  ...over,
-});
-
-describe("arePropsEqual", () => {
-  it("returns false when showCitations differs", () => {
-    const m = msg([{ type: "text", text: "answer" }]);
-    expect(
-      arePropsEqual(props(m), props(m, { showCitations: false })),
-    ).toBe(false);
-  });
-
-  it("returns false when neutralizeInternalLinks differs", () => {
-    const m = msg([{ type: "text", text: "answer" }]);
-    expect(
-      arePropsEqual(props(m), props(m, { neutralizeInternalLinks: true })),
-    ).toBe(false);
-  });
-
-  it("returns false when assistantName differs", () => {
-    const m = msg([{ type: "text", text: "answer" }]);
-    expect(
-      arePropsEqual(props(m), props(m, { assistantName: "Other" })),
-    ).toBe(false);
-  });
-
-  it("returns true on the identity fast path (same message object, equal props)", () => {
-    const m = msg([{ type: "text", text: "answer" }]);
-    expect(arePropsEqual(props(m), props(m))).toBe(true);
-  });
-
-  it("returns true for the same content in a different message object", () => {
-    const a = msg([{ type: "text", text: "answer" }]);
-    const b = msg([{ type: "text", text: "answer" }]);
-    expect(a).not.toBe(b);
-    expect(arePropsEqual(props(a), props(b))).toBe(true);
-  });
-
-  it("returns false when content changed in a different message object", () => {
-    const a = msg([{ type: "text", text: "answer" }]);
-    const b = msg([{ type: "text", text: "answer grown" }]);
-    expect(arePropsEqual(props(a), props(b))).toBe(false);
-  });
-});

apps/client/src/features/ai-chat/components/message-item.tsx

@@ -1,4 +1,3 @@
-import { memo } from "react";
 import { Box, Text } from "@mantine/core";
 import { useTranslation } from "react-i18next";
 import type { UIMessage } from "@ai-sdk/react";
@@ -11,7 +10,6 @@ import { assistantMessageHasVisibleContent } from "@/features/ai-chat/utils/mess
 import { renderChatMarkdown } from "@/features/ai-chat/utils/markdown.ts";
 import { resolveAssistantName } from "@/features/ai-chat/utils/assistant-name.ts";
 import { reasoningTokensForPart } from "@/features/ai-chat/utils/reasoning-tokens.ts";
-import { messageSignature } from "@/features/ai-chat/utils/message-signature.ts";
 import { describeChatError } from "@/features/ai-chat/utils/error-message.ts";
 import classes from "@/features/ai-chat/components/ai-chat.module.css";
 
@@ -36,39 +34,6 @@ interface MessageItemProps {
   assistantName?: string;
 }
 
-/**
- * One assistant text part rendered as sanitized markdown. Memoized on its inputs
- * so a finalized text part is NOT re-parsed on every streamed delta: during a
- * turn only the actively-growing tail part changes its `text`, so every earlier
- * part hits the memo and skips the expensive marked + DOMPurify pass. Props are
- * primitives, so React.memo's default shallow compare is exactly right (the
- * `text` string is compared by value).
- */
-const MarkdownPart = memo(function MarkdownPart({
-  text,
-  neutralizeInternalLinks,
-}: {
-  text: string;
-  neutralizeInternalLinks: boolean;
-}) {
-  const html = renderChatMarkdown(text, { neutralizeInternalLinks });
-  if (html) {
-    return (
-      <div
-        className={classes.markdown}
-        // Sanitized by renderChatMarkdown (DOMPurify) before insertion.
-        dangerouslySetInnerHTML={{ __html: html }}
-      />
-    );
-  }
-  // Fallback when markdown could not render synchronously: raw text.
-  return (
-    <Text className={classes.markdown} style={{ whiteSpace: "pre-wrap" }}>
-      {text}
-    </Text>
-  );
-});
-
 /**
  * Render a single UIMessage by iterating its `parts`:
  *  - `text` parts -> sanitized markdown.
@@ -76,13 +41,12 @@ const MarkdownPart = memo(function MarkdownPart({
  * Other part kinds (reasoning, sources, files, step-start) are ignored for v1.
  * User messages render their text as a right-aligned plain bubble.
  *
- * This component is memoized (see `arePropsEqual` at the bottom) on a cheap
- * per-message content signature: the streaming TAIL message's signature changes
- * on each delta so it still re-renders and streams in, while finalized rows are
- * skipped. Each text part's markdown is itself memoized via `MarkdownPart`, so a
- * long turn no longer re-parses the whole transcript on every token.
+ * This component is intentionally NOT memoized: `useChat` replaces the streaming
+ * assistant message with a freshly cloned object on every streamed delta, so the
+ * `message` prop identity (and its `parts`) changes each tick. Re-rendering the
+ * text parts on each delta is what makes the answer stream in progressively.
  */
-function MessageItem({
+export default function MessageItem({
   message,
   showCitations = true,
   neutralizeInternalLinks = false,
@@ -145,12 +109,24 @@ function MessageItem({
           // starts with an empty text part before the first token arrives); the
           // typing indicator covers that gap until real content streams in.
           if (!part.text.trim()) return null;
+          const html = renderChatMarkdown(part.text, {
+            neutralizeInternalLinks,
+          });
+          if (html) {
+            return (
+              <div
+                key={index}
+                className={classes.markdown}
+                // Sanitized by renderChatMarkdown (DOMPurify) before insertion.
+                dangerouslySetInnerHTML={{ __html: html }}
+              />
+            );
+          }
+          // Fallback when markdown could not render synchronously: raw text.
           return (
-            <MarkdownPart
-              key={index}
-              text={part.text}
-              neutralizeInternalLinks={neutralizeInternalLinks}
-            />
+            <Text key={index} className={classes.markdown} style={{ whiteSpace: "pre-wrap" }}>
+              {part.text}
+            </Text>
           );
         }
 
@@ -201,26 +177,3 @@ function MessageItem({
     </Box>
   );
 }
-
-/** Skip re-rendering a message whose visible content is unchanged. The streaming
- *  TAIL message gets a fresh object whose signature changes each delta, so it
- *  still re-renders and streams in; every FINALIZED message is skipped, turning a
- *  per-token whole-transcript re-render into a tail-only one. */
-export function arePropsEqual(
-  prev: MessageItemProps,
-  next: MessageItemProps,
-): boolean {
-  if (
-    prev.showCitations !== next.showCitations ||
-    prev.neutralizeInternalLinks !== next.neutralizeInternalLinks ||
-    prev.assistantName !== next.assistantName
-  ) {
-    return false;
-  }
-  // Fast path: identical message object (finalized rows keep their identity
-  // across deltas) — skip without building signatures.
-  if (prev.message === next.message) return true;
-  return messageSignature(prev.message) === messageSignature(next.message);
-}
-
-export default memo(MessageItem, arePropsEqual);

apps/client/src/features/ai-chat/components/reasoning-block.tsx

@@ -1,4 +1,4 @@
-import { memo, useMemo, useState } from "react";
+import { useState } from "react";
 import { Box, Collapse, Group, Text, UnstyledButton } from "@mantine/core";
 import { IconChevronDown } from "@tabler/icons-react";
 import { useTranslation } from "react-i18next";
@@ -27,23 +27,19 @@ interface ReasoningBlockProps {
  * Providers that don't stream reasoning TEXT still render this block from the
  * authoritative count alone (header only, empty body) so the cost is visible.
  */
-function ReasoningBlock({ text, tokens }: ReasoningBlockProps) {
+export default function ReasoningBlock({ text, tokens }: ReasoningBlockProps) {
   const { t } = useTranslation();
   const [open, setOpen] = useState(false);
 
   // Authoritative count wins; otherwise estimate live from the streamed text.
   const count = tokens && tokens > 0 ? tokens : estimateTokens(text);
   const trimmed = text.trim();
-  // Memoize the markdown render so toggling `open` (or a parent re-render caused
-  // by an unrelated streamed delta) does not re-parse the reasoning text; it
-  // recomputes only when the reasoning text itself changes (while it streams in).
-  // collapseBlankLines collapses the blank-line gaps the model emits between every
-  // list item / paragraph so the reasoning renders compactly (tight lists, joined
-  // paragraphs) — ONLY here, not in the normal answer.
-  const html = useMemo(
-    () => (trimmed ? renderChatMarkdown(collapseBlankLines(trimmed), {}) : ""),
-    [trimmed],
-  );
+  // Collapse the blank-line gaps the model emits between every list item /
+  // paragraph so the reasoning renders compactly (tight lists, joined
+  // paragraphs) — see collapseBlankLines. ONLY here, not in the normal answer.
+  const html = trimmed
+    ? renderChatMarkdown(collapseBlankLines(trimmed), {})
+    : "";
 
   return (
     <Box className={classes.reasoningBlock} mb={6}>
@@ -91,8 +87,3 @@ function ReasoningBlock({ text, tokens }: ReasoningBlockProps) {
     </Box>
   );
 }
-
-// Memoized: re-renders only when `text`/`tokens` change (primitive props, default
-// shallow compare), so a parent re-render during streaming of OTHER content does
-// not re-run the markdown parse for an already-finalized reasoning block.
-export default memo(ReasoningBlock);

apps/client/src/features/ai-chat/hooks/use-chat-session.test.tsx

@@ -1,5 +1,5 @@
 import { describe, it, expect, vi, beforeEach } from "vitest";
-import { renderHook, act } from "@testing-library/react";
+import { renderHook } from "@testing-library/react";
 import { useChatSession } from "./use-chat-session";
 import type { UseChatSessionOptions } from "./use-chat-session";
 
@@ -227,50 +227,6 @@ describe("useChatSession", () => {
     expect(result.current.threadKey).toBe("C");
   });
 
-  it("#161: New chat during a streaming first turn forces a fresh thread (remount), not just a no-op", () => {
-    // Brand-new chat whose first turn is still streaming: the id is adopted only
-    // at turn end, so activeChatId AND thread.chatId are both null. Pressing "New
-    // chat" must still remount to a clean thread even though the atom is unchanged
-    // — the render-phase reconciler (null === null) would otherwise do nothing,
-    // leaving the old chat/stream/history in place (the bug: only the role badge
-    // dropped).
-    const { result } = setup({ activeChatId: null, chats: { items: [] } });
-    const keyBefore = result.current.threadKey;
-    act(() => result.current.startFreshThread());
-    expect(result.current.threadKey).not.toBe(keyBefore);
-  });
-
-  it("#161: an abandoned thread's late onTurnFinished does NOT adopt its chat (thread-aware guard)", () => {
-    // New chat mid-stream remounts to a fresh thread, but @ai-sdk/react does not
-    // abort the abandoned stream on unmount: its onFinish still fires later with
-    // the real server id, tagged with the OLD (abandoned) mount key. That must not
-    // adopt — it would yank the user back into the chat they just left.
-    const { result, setActiveChatId, onInvalidateChatList } = setup({
-      activeChatId: null,
-      chats: { items: [] },
-    });
-    const abandonedKey = result.current.threadKey;
-    act(() => result.current.startFreshThread());
-    expect(result.current.threadKey).not.toBe(abandonedKey);
-    // The abandoned turn finishes in the background, streaming its real id "A".
-    result.current.onTurnFinished("A", abandonedKey);
-    expect(setActiveChatId).not.toHaveBeenCalledWith("A");
-    // It still refreshes the chat list so the left-behind chat shows in history.
-    expect(onInvalidateChatList).toHaveBeenCalled();
-  });
-
-  it("#161: a turn finishing on the CURRENT thread still adopts (guard is key-scoped, not blanket)", () => {
-    // The happy path must keep working: onTurnFinished tagged with the mounted
-    // thread's own key adopts in place as before.
-    const { result, setActiveChatId } = setup({
-      activeChatId: null,
-      chats: { items: [] },
-    });
-    const currentKey = result.current.threadKey;
-    result.current.onTurnFinished("A", currentKey);
-    expect(setActiveChatId).toHaveBeenCalledWith("A");
-  });
-
   it("waitingForHistory gates the loader only while opening an unloaded existing chat", () => {
     // Open an existing chat whose history is still loading => loader on.
     const { result, rerender } = setup({

apps/client/src/features/ai-chat/hooks/use-chat-session.ts

@@ -31,19 +31,9 @@ export interface UseChatSessionResult {
   threadKey: string;
   /** Show the history loader instead of the live thread. */
   waitingForHistory: boolean;
-  /** Force a brand-new, empty thread (new mount key, no chat id) UNCONDITIONALLY,
-   *  even when `activeChatId` is unchanged. The window calls this from
-   *  startNewChat so "New chat" pressed WHILE a brand-new chat's first turn is
-   *  still streaming (activeChatId still null, nothing to diverge) actually
-   *  resets the chat instead of only dropping the role badge (#161). */
-  startFreshThread: () => void;
   /** Call when a turn finishes; `serverChatId` is the authoritative streamed id
-   *  (undefined on a failed turn). `finishingThreadKey` is the mount key of the
-   *  thread that produced the turn (omit => "current thread", back-compatible):
-   *  a turn ABANDONED by New chat mid-stream still fires this after its thread
-   *  unmounted, so adoption is gated to the still-mounted thread (#161). Handles
-   *  new-chat id adoption + invalidations. */
-  onTurnFinished: (serverChatId?: string, finishingThreadKey?: string) => void;
+   *  (undefined on a failed turn). Handles new-chat id adoption + invalidations. */
+  onTurnFinished: (serverChatId?: string) => void;
   /** Call EARLY (at the stream's `start` chunk) with the authoritative streamed
    *  chat id so a brand-new chat adopts its real id WHILE its first turn is still
    *  streaming — making `activeChatId`-gated affordances (e.g. the Copy/export
@@ -108,15 +98,6 @@ export function useChatSession(
       : switchThread(activeChatId),
   );
 
-  // Live mirror of the mounted thread's mount key, read by onTurnFinished to tell
-  // the CURRENT thread from one ABANDONED by New chat mid-stream. @ai-sdk/react
-  // does not abort a stream on unmount and proxies callbacks through a ref, so an
-  // abandoned turn's onFinish/onError still fires AFTER its ChatThread unmounted;
-  // matching its key against this ref keeps that late finish from adopting the
-  // abandoned chat and yanking the user out of the fresh chat they opened (#161).
-  const threadKeyRef = useRef(thread.key);
-  threadKeyRef.current = thread.key;
-
   // Error-path fallback for new-chat id adoption. When a brand-new chat's first
   // turn errors BEFORE the server's `start` chunk, no authoritative chatId ever
   // reaches the client, so the primary metadata adoption cannot run. We then ARM
@@ -134,23 +115,7 @@ export function useChatSession(
   // yet) we adopt the server's AUTHORITATIVE streamed id (never the newest in the
   // list, which races a second tab — #137; see adopt-chat-id.ts).
   const onTurnFinished = useCallback(
-    (serverChatId?: string, finishingThreadKey?: string) => {
-      // Thread-aware guard (#161). A turn ABANDONED by "New chat" mid-stream still
-      // fires onFinish/onError after its ChatThread unmounted (@ai-sdk/react does
-      // not abort on unmount and proxies callbacks through a ref). If that late
-      // finish ran the adoption path it would set activeChatId to the abandoned
-      // chat's real id and yank the user out of the fresh chat they just opened.
-      // So adopt / arm the fallback ONLY for the still-mounted thread; an
-      // abandoned one merely refreshes the chat list (so the left-behind chat
-      // surfaces in history) and does nothing else. A missing key (undefined)
-      // means "current thread" — keeps old call sites/tests working.
-      if (
-        finishingThreadKey !== undefined &&
-        finishingThreadKey !== threadKeyRef.current
-      ) {
-        onInvalidateChatList();
-        return;
-      }
+    (serverChatId?: string) => {
       // Read the live id from the ref, not the closure: on a failed turn this can
       // run twice in one turn (onFinish + onError) before any re-render, and the
       // primary branch below updates the ref so the second call sees the adopted id.
@@ -293,28 +258,9 @@ export function useChatSession(
     pendingNewChatRef.current = null;
   }, []);
 
-  // Force a fresh, empty thread regardless of `activeChatId` (#161). The render-
-  // phase reconciler only remounts when activeChatId diverges from thread.chatId,
-  // so "New chat" pressed while a brand-new chat's first turn is still streaming
-  // (activeChatId AND thread.chatId both null — the real id is adopted only at the
-  // end of the turn) is a no-op for it and the abandoned thread/stream/history
-  // would persist. Dispatching reconcile with a fresh key and chatId:null here
-  // always produces a new mount key, so React remounts ChatThread (a clean useChat
-  // store) and the post-dispatch state (activeChatId null === thread.chatId null)
-  // keeps the reconciler from interfering. Also disarms any pending fallback.
-  const startFreshThread = useCallback(() => {
-    pendingNewChatRef.current = null;
-    dispatch({
-      type: "reconcile",
-      chatId: null,
-      newKey: `new-${generateId()}`,
-    });
-  }, []);
-
   return {
     threadKey: thread.key,
     waitingForHistory,
-    startFreshThread,
     onTurnFinished,
     onServerChatId,
     cancelPendingAdoption,

apps/client/src/features/ai-chat/types/ai-chat.types.ts

@@ -116,9 +116,6 @@ export interface IAiChatMessageRow {
     // turn. Distinct from `usage` (legacy cumulative totalUsage). Shown in the
     // floating window's header badge.
     contextTokens?: number;
-    // The model's max context window (denominator for the header badge); set
-    // alongside contextTokens on a completed turn; absent on older rows.
-    maxContextTokens?: number;
     // Set on an assistant row whose turn ended in a provider/stream error; the
     // raw provider error text (e.g. "402: ...") for inline display in the thread.
     error?: string;

apps/client/src/features/ai-chat/utils/context-badge.test.ts

@@ -1,90 +0,0 @@
-import { describe, expect, it } from "vitest";
-import type { IAiChatMessageRow } from "@/features/ai-chat/types/ai-chat.types.ts";
-import { selectContextBadge } from "@/features/ai-chat/utils/context-badge.ts";
-
-/**
- * Pure-helper tests for the header context badge selection. Covers the two
- * non-obvious rules: numerator and denominator are each taken from the most
- * recent row carrying THAT value (they may live on different rows), and a fresh
- * row with a zero/absent value must NOT shadow an older positive one.
- */
-const row = (metadata: IAiChatMessageRow["metadata"]): IAiChatMessageRow => ({
-  id: Math.random().toString(),
-  role: "assistant",
-  content: null,
-  metadata,
-  createdAt: "2026-01-01T00:00:00.000Z",
-});
-
-describe("selectContextBadge", () => {
-  it("returns zeros for empty / nullish input", () => {
-    expect(selectContextBadge(undefined)).toEqual({
-      contextTokens: 0,
-      maxContextTokens: 0,
-    });
-    expect(selectContextBadge(null)).toEqual({
-      contextTokens: 0,
-      maxContextTokens: 0,
-    });
-    expect(selectContextBadge([])).toEqual({
-      contextTokens: 0,
-      maxContextTokens: 0,
-    });
-  });
-
-  it("reads both figures from the most recent row that carries them", () => {
-    expect(
-      selectContextBadge([
-        row({ contextTokens: 100, maxContextTokens: 200000 }),
-        row({ contextTokens: 1500, maxContextTokens: 200000 }),
-      ]),
-    ).toEqual({ contextTokens: 1500, maxContextTokens: 200000 });
-  });
-
-  it("falls back to legacy usage total for older rows without contextTokens", () => {
-    expect(
-      selectContextBadge([
-        row({ usage: { inputTokens: 30, outputTokens: 70 } }),
-      ]),
-    ).toEqual({ contextTokens: 100, maxContextTokens: 0 });
-
-    expect(
-      selectContextBadge([row({ usage: { totalTokens: 250 } })]),
-    ).toEqual({ contextTokens: 250, maxContextTokens: 0 });
-  });
-
-  it("takes numerator and denominator from different rows", () => {
-    // Freshest row (an error turn) carries contextTokens but no max; the older
-    // completed turn carries the max. Each is picked from its own latest row.
-    expect(
-      selectContextBadge([
-        row({ contextTokens: 800, maxContextTokens: 200000 }),
-        row({ contextTokens: 1200, error: "402: nope" }),
-      ]),
-    ).toEqual({ contextTokens: 1200, maxContextTokens: 200000 });
-  });
-
-  it("does not let a fresh zero/absent max shadow an older positive max", () => {
-    expect(
-      selectContextBadge([
-        row({ contextTokens: 100, maxContextTokens: 200000 }),
-        row({ contextTokens: 1200, maxContextTokens: 0 }),
-      ]),
-    ).toEqual({ contextTokens: 1200, maxContextTokens: 200000 });
-  });
-
-  it("skips rows with null metadata", () => {
-    expect(
-      selectContextBadge([
-        row({ contextTokens: 500, maxContextTokens: 200000 }),
-        row(null),
-      ]),
-    ).toEqual({ contextTokens: 500, maxContextTokens: 200000 });
-  });
-
-  it("reports current > max as-is (no clamp)", () => {
-    expect(
-      selectContextBadge([row({ contextTokens: 250000, maxContextTokens: 200000 })]),
-    ).toEqual({ contextTokens: 250000, maxContextTokens: 200000 });
-  });
-});

apps/client/src/features/ai-chat/utils/context-badge.ts

@@ -1,49 +0,0 @@
-import type { IAiChatMessageRow } from "@/features/ai-chat/types/ai-chat.types.ts";
-
-/**
- * Derive the header context badge figures from the persisted message rows.
- *
- * - `contextTokens` (numerator): how much the conversation now occupies in the
- *   model's context window. Read from the most recent row carrying a context
- *   figure — `contextTokens` (final-step input+output) on rows recorded after
- *   this shipped, else that turn's legacy `usage` total for older rows.
- * - `maxContextTokens` (denominator): the model's configured max window, stamped
- *   alongside `contextTokens` on a completed turn.
- *
- * Each value is taken from the most recent row carrying THAT value
- * independently — they may land on different rows (e.g. a fresh error row can
- * carry `contextTokens` but not `maxContextTokens`), so the scan continues for
- * whichever is still unset. `0` means "no row has it" (older rows, or no
- * admin-configured limit); the badge then omits the value.
- */
-export function selectContextBadge(
-  messageRows: readonly IAiChatMessageRow[] | undefined | null,
-): { contextTokens: number; maxContextTokens: number } {
-  let contextTokens = 0;
-  let maxContextTokens = 0;
-  if (!messageRows) return { contextTokens, maxContextTokens };
-  for (let i = messageRows.length - 1; i >= 0; i--) {
-    const meta = messageRows[i].metadata;
-    if (!meta) continue;
-    if (contextTokens === 0) {
-      if (typeof meta.contextTokens === "number" && meta.contextTokens > 0) {
-        contextTokens = meta.contextTokens;
-      } else if (meta.usage) {
-        const usage = meta.usage;
-        const fallback =
-          usage.totalTokens ??
-          (usage.inputTokens ?? 0) + (usage.outputTokens ?? 0);
-        if (fallback > 0) contextTokens = fallback;
-      }
-    }
-    if (
-      maxContextTokens === 0 &&
-      typeof meta.maxContextTokens === "number" &&
-      meta.maxContextTokens > 0
-    ) {
-      maxContextTokens = meta.maxContextTokens;
-    }
-    if (contextTokens !== 0 && maxContextTokens !== 0) break;
-  }
-  return { contextTokens, maxContextTokens };
-}

apps/client/src/features/ai-chat/utils/count-stream-tokens.test.ts

@@ -1,5 +1,17 @@
 import { describe, expect, it } from "vitest";
-import { estimateTokens } from "@/features/ai-chat/utils/count-stream-tokens.ts";
+import type { UIMessage } from "@ai-sdk/react";
+import {
+  estimateTokens,
+  liveTurnTokens,
+} from "@/features/ai-chat/utils/count-stream-tokens.ts";
+
+const msg = (parts: unknown[], metadata?: unknown): UIMessage =>
+  ({
+    id: Math.random().toString(),
+    role: "assistant",
+    parts,
+    metadata,
+  }) as UIMessage;
 
 describe("estimateTokens", () => {
   it("returns 0 for the empty string", () => {
@@ -13,3 +25,147 @@ describe("estimateTokens", () => {
     expect(estimateTokens("12345678")).toBe(2);
   });
 });
+
+describe("liveTurnTokens — estimate path", () => {
+  it("is all zeros for an undefined message", () => {
+    expect(liveTurnTokens(undefined)).toEqual({
+      reasoning: 0,
+      output: 0,
+      authoritative: false,
+    });
+  });
+
+  it("is all zeros for a parts-less message", () => {
+    expect(liveTurnTokens({ id: "x", role: "assistant" } as UIMessage)).toEqual({
+      reasoning: 0,
+      output: 0,
+      authoritative: false,
+    });
+  });
+
+  it("estimates output from text parts", () => {
+    // 8 chars -> 2 tokens.
+    const r = liveTurnTokens(msg([{ type: "text", text: "12345678" }]));
+    expect(r).toEqual({ reasoning: 0, output: 2, authoritative: false });
+  });
+
+  it("estimates reasoning from reasoning parts (kept separate from output)", () => {
+    const r = liveTurnTokens(
+      msg([
+        { type: "reasoning", text: "12345678" },
+        { type: "text", text: "abcd" },
+      ]),
+    );
+    expect(r).toEqual({ reasoning: 2, output: 1, authoritative: false });
+  });
+
+  it("accumulates across multiple text + reasoning parts (multi-step)", () => {
+    const r = liveTurnTokens(
+      msg([
+        { type: "reasoning", text: "abcd" }, // 1
+        { type: "text", text: "abcd" }, // 1
+        { type: "tool-getPage", state: "output-available" }, // ignored
+        { type: "reasoning", text: "abcd" }, // 1
+        { type: "text", text: "abcdefgh" }, // 2
+      ]),
+    );
+    expect(r).toEqual({ reasoning: 2, output: 3, authoritative: false });
+  });
+
+  it("ignores non text/reasoning parts (tools, step-start)", () => {
+    const r = liveTurnTokens(
+      msg([
+        { type: "step-start" },
+        { type: "tool-getPage", state: "input-available" },
+      ]),
+    );
+    expect(r).toEqual({ reasoning: 0, output: 0, authoritative: false });
+  });
+});
+
+describe("liveTurnTokens — authoritative path", () => {
+  it("returns authoritative usage verbatim, splitting reasoning out of output", () => {
+    // outputTokens INCLUDES reasoning in the AI SDK shape -> answer = 100 - 30.
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: "estimate would be tiny" }], {
+        usage: { inputTokens: 500, outputTokens: 100, reasoningTokens: 30 },
+      }),
+    );
+    expect(r).toEqual({ reasoning: 30, output: 70, authoritative: true });
+  });
+
+  it("treats missing reasoningTokens as 0 and keeps full output", () => {
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: "x" }], {
+        usage: { inputTokens: 10, outputTokens: 42 },
+      }),
+    );
+    expect(r).toEqual({ reasoning: 0, output: 42, authoritative: true });
+  });
+
+  it("never returns a negative output when reasoning exceeds reported output", () => {
+    const r = liveTurnTokens(
+      msg([], { usage: { outputTokens: 10, reasoningTokens: 40 } }),
+    );
+    expect(r).toEqual({ reasoning: 40, output: 0, authoritative: true });
+  });
+
+  it("falls back to the estimate when metadata has no usage object", () => {
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: "abcd" }], { chatId: "c1" }),
+    );
+    expect(r).toEqual({ reasoning: 0, output: 1, authoritative: false });
+  });
+});
+
+describe("liveTurnTokens — combined authoritative + estimate (#163)", () => {
+  it("ticks the in-flight step above the completed-steps authoritative base", () => {
+    // The authoritative usage is the sum over COMPLETED steps (step 1). The
+    // CURRENT step is streaming and its text is NOT in `usage` yet, but it IS in
+    // the parts -> the running estimate must push the live figure above the base
+    // so the badge keeps growing between step boundaries.
+    const longText = "x".repeat(800); // 800 chars -> 200 est output tokens
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: longText }], {
+        usage: { inputTokens: 500, outputTokens: 40 }, // step-1 base: 40 output
+      }),
+    );
+    // max(authOutput=40, estOutput=200) = 200 -> the counter ticks, not frozen.
+    expect(r.output).toBe(200);
+    expect(r.authoritative).toBe(true);
+  });
+
+  it("ticks reasoning of the in-flight step above the authoritative reasoning base", () => {
+    const longReasoning = "r".repeat(400); // 400 chars -> 100 est reasoning
+    const r = liveTurnTokens(
+      msg([{ type: "reasoning", text: longReasoning }], {
+        usage: { inputTokens: 100, outputTokens: 20, reasoningTokens: 20 },
+      }),
+    );
+    // reasoning: max(20, 100) = 100 ; output: max(max(0,20-20)=0, 0) = 0.
+    expect(r.reasoning).toBe(100);
+    expect(r.output).toBe(0);
+    expect(r.authoritative).toBe(true);
+  });
+
+  it("snaps to the authoritative figure once it exceeds the rough estimate", () => {
+    // Short on-screen text (estimate tiny) but a large authoritative output:
+    // the exact figure wins at the boundary (the counter never under-reports).
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: "abcd" }], {
+        usage: { inputTokens: 10, outputTokens: 5000 },
+      }),
+    );
+    expect(r.output).toBe(5000);
+  });
+
+  it("is monotonic: max never drops below the authoritative base when the estimate is smaller", () => {
+    // Mirrors the legacy 'verbatim' tests: estimate < authoritative -> unchanged.
+    const r = liveTurnTokens(
+      msg([{ type: "text", text: "tiny" }], {
+        usage: { inputTokens: 500, outputTokens: 100, reasoningTokens: 30 },
+      }),
+    );
+    expect(r).toEqual({ reasoning: 30, output: 70, authoritative: true });
+  });
+});

apps/client/src/features/ai-chat/utils/count-stream-tokens.ts

@@ -1,11 +1,18 @@
+import type { UIMessage } from "@ai-sdk/react";
+
 /**
- * Rough client-side token estimation for AI-chat UI affordances.
+ * Live token counting for a streaming AI-chat turn — split into REASONING
+ * (thinking) and OUTPUT (answer) tokens, mirroring how Claude Code shows
+ * `Thinking… · 60 tokens` next to its thinking indicator.
  *
- * No provider streams exact per-token usage mid-stream, so any in-flight figure
- * is a CLIENT ESTIMATE (chars/≈4 heuristic). Pure + unit-testable: it never runs
- * a real BPE tokenizer (that would be O(n²) on the hot path, bloat the bundle,
- * and be wrong for Gemini/Ollama anyway). Used by the in-body reasoning counter
- * ("Thinking · N tokens").
+ * No provider streams exact per-token usage mid-stream, so the live number is a
+ * CLIENT ESTIMATE (chars/≈4 heuristic) that is reconciled to AUTHORITATIVE usage
+ * once the server attaches it on a step/turn boundary (see the server's
+ * `chatStreamMetadata` + the client's read of `message.metadata.usage`). When
+ * authoritative usage is present we return it verbatim (the number "jumps to
+ * exact"); otherwise we return the running estimate. Pure + unit-testable: it
+ * never runs a real BPE tokenizer (that would be O(n²) on the hot path, bloat the
+ * bundle, and be wrong for Gemini/Ollama anyway).
  */
 
 /**
@@ -17,3 +24,90 @@ export function estimateTokens(text: string): number {
   if (!text) return 0;
   return Math.ceil(text.length / 4);
 }
+
+/** Authoritative per-step/turn usage the server attaches to message metadata. */
+export interface AuthoritativeUsage {
+  inputTokens?: number;
+  outputTokens?: number;
+  totalTokens?: number;
+  reasoningTokens?: number;
+}
+
+/** Live token split for a turn's tail (streaming) assistant message. */
+export interface LiveTurnTokens {
+  /** Thinking/reasoning tokens (estimate, or authoritative when available). */
+  reasoning: number;
+  /** Answer/output tokens (estimate, or authoritative when available). */
+  output: number;
+  /** True when the numbers come from authoritative server usage, not estimate. */
+  authoritative: boolean;
+}
+
+/** Read the authoritative usage off a UIMessage's metadata, if the server set it. */
+function metadataUsage(message: UIMessage): AuthoritativeUsage | undefined {
+  const meta = message?.metadata as
+    | { usage?: AuthoritativeUsage }
+    | undefined;
+  const usage = meta?.usage;
+  if (!usage || typeof usage !== "object") return undefined;
+  return usage;
+}
+
+/**
+ * Token split for the given (streaming) assistant message.
+ *
+ * COMBINES the authoritative server usage with the running text estimate so the
+ * counter ticks in real time AND lands exact. The server only attaches
+ * `metadata.usage` at a step/turn boundary (`finish-step`/`finish`) and it is
+ * CUMULATIVE over COMPLETED steps — it does NOT yet include the in-flight step.
+ * So a multi-step turn that returned the authoritative figure verbatim would
+ * FREEZE between boundaries and jump in steps (issue #163).
+ *
+ * Instead we always compute the running ESTIMATE (chars/≈4 over the message's
+ * `reasoning`/`text` parts, which grows on every streamed delta) and take the
+ * per-component MAX of the authoritative base and the estimate:
+ *   - between boundaries the estimate of the in-flight step ticks the number up;
+ *   - at a boundary the authoritative figure snaps it to exact;
+ *   - because the server's usage is cumulative and we only ever take the max, the
+ *     number is MONOTONIC — it never drops.
+ *
+ * Providers that don't stream reasoning text still surface a reasoning count once
+ * the authoritative usage arrives (`max(reasoningTokens, 0)`); on the pure
+ * estimate path (no usage yet) such a turn shows `reasoning: 0` until then.
+ */
+export function liveTurnTokens(message: UIMessage | undefined): LiveTurnTokens {
+  if (!message) return { reasoning: 0, output: 0, authoritative: false };
+
+  // Running ESTIMATE over every reasoning/text part — grows on each delta. This
+  // includes the IN-FLIGHT step, which the authoritative usage does not cover yet.
+  let estReasoning = 0;
+  let estOutput = 0;
+  for (const part of message.parts ?? []) {
+    if (part.type === "reasoning") {
+      estReasoning += estimateTokens((part as { text?: string }).text ?? "");
+    } else if (part.type === "text") {
+      estOutput += estimateTokens((part as { text?: string }).text ?? "");
+    }
+  }
+
+  const usage = metadataUsage(message);
+  if (!usage) {
+    // No authoritative usage streamed yet: the estimate IS the live figure.
+    return { reasoning: estReasoning, output: estOutput, authoritative: false };
+  }
+
+  // Authoritative sum over COMPLETED steps. `outputTokens` already INCLUDES
+  // reasoning in the AI SDK usage shape, so subtract it out for the "answer"
+  // figure (never go negative if a provider reports them inconsistently).
+  const authReasoning = usage.reasoningTokens ?? 0;
+  const authOutput = Math.max(0, (usage.outputTokens ?? 0) - authReasoning);
+
+  // Per-component max: the in-flight step's estimate ticks above the completed-
+  // steps base between boundaries, and the authoritative figure wins once it
+  // exceeds the (rough) estimate at the next boundary. Monotonic by construction.
+  return {
+    reasoning: Math.max(authReasoning, estReasoning),
+    output: Math.max(authOutput, estOutput),
+    authoritative: true,
+  };
+}

apps/client/src/features/ai-chat/utils/message-signature.test.ts

@@ -1,241 +0,0 @@
-import { describe, expect, it } from "vitest";
-import type { UIMessage } from "@ai-sdk/react";
-import { messageSignature } from "@/features/ai-chat/utils/message-signature.ts";
-
-/**
- * Pure-helper tests for `messageSignature`, the cheap per-message content
- * signature that drives MessageItem's memo (a streaming row's signature must
- * change on every delta so it re-renders, while a finalized row's stays stable
- * so it is skipped). Each test exercises ONE change signal and asserts it flips
- * the signature; a content-identical clone must keep an EQUAL signature.
- *
- * The signature embeds `message.id` and `message.role`, so the `msg` factory
- * uses a FIXED id/role here (not `Math.random()`): otherwise two messages with
- * identical content would get different signatures and the negative case would
- * be impossible to express.
- */
-const msg = (
-  parts: UIMessage["parts"],
-  metadata?: unknown,
-): UIMessage =>
-  ({
-    id: "m1",
-    role: "assistant",
-    parts,
-    metadata,
-  }) as UIMessage;
-
-describe("messageSignature", () => {
-  it("changes when a text part grows", () => {
-    const before = msg([{ type: "text", text: "alpha" }]);
-    const after = msg([{ type: "text", text: "alpha beta" }]);
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when a new part is appended", () => {
-    const before = msg([{ type: "text", text: "alpha" }]);
-    const after = msg([
-      { type: "text", text: "alpha" },
-      { type: "text", text: "beta" },
-    ]);
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when a part's state flips", () => {
-    const before = msg([
-      { type: "tool-getPage", state: "input-streaming" } as never,
-    ]);
-    const after = msg([
-      { type: "tool-getPage", state: "output-available" } as never,
-    ]);
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when a tool part gains an output", () => {
-    const before = msg([
-      { type: "tool-getPage", state: "output-available" } as never,
-    ]);
-    const after = msg([
-      {
-        type: "tool-getPage",
-        state: "output-available",
-        output: { ok: true },
-      } as never,
-    ]);
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when a part gains an errorText", () => {
-    const before = msg([
-      { type: "tool-getPage", state: "output-error" } as never,
-    ]);
-    const after = msg([
-      {
-        type: "tool-getPage",
-        state: "output-error",
-        errorText: "boom",
-      } as never,
-    ]);
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when usage.reasoningTokens arrives on finish-step (text/state already frozen)", () => {
-    // The specifically-commented edge case: the authoritative turn total lands on
-    // the final finish-step AFTER the reasoning text length and state are frozen.
-    // Only the token count appears between these two snapshots, so the signature
-    // MUST still flip — otherwise the "Thinking · N tokens" header would never
-    // snap from the live estimate to the exact figure.
-    const before = msg([
-      { type: "reasoning", text: "thinking", state: "done" } as never,
-    ]);
-    const after = msg(
-      [{ type: "reasoning", text: "thinking", state: "done" } as never],
-      { usage: { reasoningTokens: 42 } },
-    );
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when metadata.error appears", () => {
-    const before = msg([{ type: "text", text: "answer" }]);
-    const after = msg([{ type: "text", text: "answer" }], { error: "boom" });
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("changes when metadata.finishReason changes (e.g. to 'aborted')", () => {
-    const before = msg([{ type: "text", text: "answer" }], {
-      finishReason: "stop",
-    });
-    const after = msg([{ type: "text", text: "answer" }], {
-      finishReason: "aborted",
-    });
-    expect(messageSignature(before)).not.toBe(messageSignature(after));
-  });
-
-  it("is UNCHANGED for a content-identical clone (different object, same values)", () => {
-    // A finalized row that is re-created as a fresh object (different parts array
-    // by reference, same parts by value) must keep an EQUAL signature, so the
-    // memo skips re-rendering it.
-    const a = msg([
-      { type: "text", text: "alpha" },
-      { type: "tool-getPage", state: "output-available", output: { ok: true } } as never,
-    ]);
-    const b = msg([
-      { type: "text", text: "alpha" },
-      { type: "tool-getPage", state: "output-available", output: { ok: true } } as never,
-    ]);
-    expect(a).not.toBe(b);
-    expect(messageSignature(a)).toBe(messageSignature(b));
-  });
-});
-
-/**
- * Per-part-kind coupling guard for the load-bearing invariant documented at the
- * top of message-signature.ts: the signature MUST sample every VISIBLE field the
- * MessageItem render body draws, or the memo freezes a stale row. This is an
- * executable lock for the part kinds rendered TODAY — read alongside
- * `MessageItem` (message-item.tsx) and the `assistantMessageHasVisibleContent`
- * helper (message-content.ts), which "mirrors MessageItem's render decisions
- * EXACTLY". For each kind, mutating a field the render body DRAWS must flip the
- * signature. If a new visible field is rendered without being added here AND to
- * the signature, the corresponding assertion below should fail — that is the
- * guard. (This intentionally stops short of the render-descriptor refactor:
- * adding a part kind or a visible field still requires a human to extend both
- * the signature and this block.)
- */
-describe("messageSignature ↔ render coupling (per visible part kind)", () => {
-  describe("text part — render draws part.text (MarkdownPart text={part.text})", () => {
-    it("flips when the visible text changes", () => {
-      // Streaming is append-only, so the visible text only grows; the signature
-      // samples its length, so the growth is the change signal.
-      const before = msg([{ type: "text", text: "answer" }]);
-      const after = msg([{ type: "text", text: "answer extended" }]);
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-  });
-
-  describe("reasoning part — render draws text + tokens (ReasoningBlock)", () => {
-    it("flips when the visible reasoning text changes", () => {
-      const before = msg([
-        { type: "reasoning", text: "think", state: "streaming" } as never,
-      ]);
-      const after = msg([
-        { type: "reasoning", text: "think harder", state: "streaming" } as never,
-      ]);
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-
-    it("flips when the visible token count (metadata.usage.reasoningTokens) lands", () => {
-      // The header's "Thinking · N tokens" reads reasoningTokensForPart, fed by
-      // metadata.usage.reasoningTokens — a VISIBLE field that arrives on the final
-      // finish-step after text length and state are frozen.
-      const before = msg([
-        { type: "reasoning", text: "think", state: "done" } as never,
-      ]);
-      const after = msg(
-        [{ type: "reasoning", text: "think", state: "done" } as never],
-        { usage: { reasoningTokens: 99 } },
-      );
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-  });
-
-  describe("tool-* part — render draws state/errorText/citations (ToolCallCard)", () => {
-    it("flips when the run state changes (running ↔ done icon + label)", () => {
-      // toolRunState(part.state) selects the spinner/check/error icon.
-      const before = msg([
-        { type: "tool-getPage", state: "input-available" } as never,
-      ]);
-      const after = msg([
-        { type: "tool-getPage", state: "output-available" } as never,
-      ]);
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-
-    it("flips when output arrives (drives the rendered citation links)", () => {
-      // toolCitations reads part.output to render the "/p/{id}" anchors.
-      const before = msg([
-        { type: "tool-getPage", state: "output-available" } as never,
-      ]);
-      const after = msg([
-        {
-          type: "tool-getPage",
-          state: "output-available",
-          output: { id: "page-1", title: "Doc" },
-        } as never,
-      ]);
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-
-    it("flips when errorText appears (the visible red error detail line)", () => {
-      const before = msg([
-        { type: "tool-getPage", state: "output-error" } as never,
-      ]);
-      const after = msg([
-        {
-          type: "tool-getPage",
-          state: "output-error",
-          errorText: "permission denied",
-        } as never,
-      ]);
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-  });
-
-  describe("metadata banners — render draws error / aborted notices", () => {
-    it("flips when metadata.error appears (ChatErrorAlert banner)", () => {
-      const before = msg([{ type: "text", text: "answer" }]);
-      const after = msg([{ type: "text", text: "answer" }], { error: "boom" });
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-
-    it("flips when metadata.finishReason becomes 'aborted' (ChatStoppedNotice)", () => {
-      const before = msg([{ type: "text", text: "answer" }], {
-        finishReason: "stop",
-      });
-      const after = msg([{ type: "text", text: "answer" }], {
-        finishReason: "aborted",
-      });
-      expect(messageSignature(before)).not.toBe(messageSignature(after));
-    });
-  });
-});

apps/client/src/features/ai-chat/utils/message-signature.ts

@@ -1,44 +0,0 @@
-import type { UIMessage } from "@ai-sdk/react";
-
-/** Cheap content signature for one message: changes iff something VISIBLE in the
- *  row changed. Streaming is APPEND-ONLY (text parts only grow, parts are only
- *  appended, a tool/text part flips state once), so a per-part [type, text
- *  length, state, error/output presence] tuple + the persisted metadata
- *  (error/finishReason) is a sufficient change signal without comparing full
- *  strings on every delta. WARNING — load-bearing for the MessageItem memo:
- *  if a future part kind's VISIBLE content can change WITHOUT changing [type,
- *  text length, state, error/output presence] (e.g. a tool that streams
- *  `preliminary` output, or a client-side regenerate that edits a finalized
- *  row in place), extend this signature or the memo will freeze a stale row. */
-export function messageSignature(message: UIMessage): string {
-  const parts = message.parts
-    .map((p) => {
-      const any = p as {
-        type: string;
-        text?: string;
-        state?: string;
-        errorText?: string;
-        output?: unknown;
-      };
-      return [
-        any.type,
-        any.text?.length ?? 0,
-        any.state ?? "",
-        any.errorText ? 1 : 0,
-        any.output !== undefined ? 1 : 0,
-      ].join(":");
-    })
-    .join("|");
-  const meta = message.metadata as
-    | { error?: string; finishReason?: string; usage?: { reasoningTokens?: number } }
-    | undefined;
-  // `usage.reasoningTokens` is neither append-only nor part-bound: the authoritative
-  // turn total arrives on the final `finish-step` AFTER the reasoning text length and
-  // state are already frozen. Without it in the signature the row's signature would be
-  // unchanged at that point and the re-render skipped, so the "Thinking · N tokens"
-  // header (reasoningTokensForPart) would keep the live estimate instead of snapping
-  // to the exact figure.
-  return `${message.id}#${message.role}#${parts}#${meta?.error ?? ""}#${
-    meta?.finishReason ?? ""
-  }#${meta?.usage?.reasoningTokens ?? ""}`;
-}

apps/client/src/features/page-history/components/history-item.test.tsx

@@ -0,0 +1,227 @@
+import { describe, it, expect, vi, afterEach, beforeAll } from "vitest";
+import { render, screen, cleanup, within } from "@testing-library/react";
+import { MantineProvider } from "@mantine/core";
+
+// Mantine Tooltip mounts its label lazily on hover via Floating UI, which is
+// flaky under jsdom. Replace ONLY the Tooltip with a thin wrapper that renders
+// the label inline (keeping Badge/Switch/etc. real), so the provenance label —
+// the contract we care about — is deterministically queryable.
+vi.mock("@mantine/core", async () => {
+  const actual =
+    await vi.importActual<typeof import("@mantine/core")>("@mantine/core");
+  const Tooltip = ({
+    label,
+    children,
+  }: {
+    label?: React.ReactNode;
+    children?: React.ReactNode;
+  }) => (
+    <>
+      {children}
+      <span data-testid="tooltip-label">{label}</span>
+    </>
+  );
+  Tooltip.Group = ({ children }: { children?: React.ReactNode }) => (
+    <>{children}</>
+  );
+  return { ...actual, Tooltip };
+});
+
+// jsdom lacks matchMedia, which MantineProvider's color-scheme hook needs.
+beforeAll(() => {
+  if (!window.matchMedia) {
+    window.matchMedia = (query: string) =>
+      ({
+        matches: false,
+        media: query,
+        onchange: null,
+        addListener: () => {},
+        removeListener: () => {},
+        addEventListener: () => {},
+        removeEventListener: () => {},
+        dispatchEvent: () => false,
+      }) as unknown as MediaQueryList;
+  }
+});
+
+// --- Mocks for the heavy / networked module graph ---------------------------
+// HistoryItem pulls in i18n, jotai atoms (ai-chat / history), a config-backed
+// avatar and a time formatter. The provenance-badge contract is the unit under
+// test, so we stub everything else down to inert, deterministic renders and
+// keep the real Mantine Badge/Tooltip so role/label queries are meaningful.
+
+// i18n: interpolate {{name}} so the git-sync tooltip carries the author name,
+// letting us assert provenance attribution without a real i18n backend.
+vi.mock("react-i18next", () => ({
+  useTranslation: () => ({
+    t: (key: string, vars?: Record<string, unknown>) =>
+      vars && typeof vars.name !== "undefined"
+        ? key.replace("{{name}}", String(vars.name))
+        : key,
+  }),
+}));
+
+// jotai setters: the badges call useSetAtom; return inert setters so a click on
+// the (deep-linkable) AiAgentBadge would fire these — proving the git-sync badge
+// does NOT wire any of them.
+const setAiChatWindowOpen = vi.fn();
+const setActiveChatId = vi.fn();
+const setDraft = vi.fn();
+const setHistoryModalOpen = vi.fn();
+vi.mock("jotai", async () => {
+  const actual = await vi.importActual<typeof import("jotai")>("jotai");
+  return {
+    ...actual,
+    useSetAtom: (atom: unknown) => {
+      switch (atom) {
+        case aiChatWindowOpenAtom:
+          return setAiChatWindowOpen;
+        case activeAiChatIdAtom:
+          return setActiveChatId;
+        case aiChatDraftAtom:
+          return setDraft;
+        case historyAtoms:
+          return setHistoryModalOpen;
+        default:
+          return vi.fn();
+      }
+    },
+  };
+});
+
+// Atoms are imported only as identity tokens for the useSetAtom switch above.
+vi.mock("@/features/ai-chat/atoms/ai-chat-atom.ts", () => ({
+  activeAiChatIdAtom: { __tag: "activeAiChatIdAtom" },
+  aiChatWindowOpenAtom: { __tag: "aiChatWindowOpenAtom" },
+  aiChatDraftAtom: { __tag: "aiChatDraftAtom" },
+}));
+vi.mock("@/features/page-history/atoms/history-atoms.ts", () => ({
+  historyAtoms: { __tag: "historyAtoms" },
+}));
+
+// Avatar reaches into config (getAvatarUrl) — stub to a plain element.
+vi.mock("@/components/ui/custom-avatar.tsx", () => ({
+  CustomAvatar: ({ name }: { name?: string }) => (
+    <span data-testid="avatar">{name}</span>
+  ),
+}));
+
+// Deterministic, locale-free date string.
+vi.mock("@/lib/time", () => ({
+  formattedDate: () => "2026-06-21",
+}));
+
+import HistoryItem from "./history-item";
+import {
+  activeAiChatIdAtom,
+  aiChatWindowOpenAtom,
+  aiChatDraftAtom,
+} from "@/features/ai-chat/atoms/ai-chat-atom.ts";
+import { historyAtoms } from "@/features/page-history/atoms/history-atoms.ts";
+import type { IPageHistory } from "@/features/page-history/types/page.types";
+
+function makeItem(overrides: Partial<IPageHistory> = {}): IPageHistory {
+  return {
+    id: "h1",
+    pageId: "p1",
+    title: "Title",
+    slug: "slug",
+    icon: "",
+    coverPhoto: "",
+    version: 1,
+    lastUpdatedById: "u1",
+    workspaceId: "w1",
+    createdAt: "2026-06-21T00:00:00.000Z",
+    updatedAt: "2026-06-21T00:00:00.000Z",
+    lastUpdatedBy: { id: "u1", name: "Alice", avatarUrl: "" },
+    ...overrides,
+  };
+}
+
+function renderItem(item: IPageHistory) {
+  return render(
+    <MantineProvider>
+      <HistoryItem
+        historyItem={item}
+        index={0}
+        onSelect={vi.fn()}
+        isActive={false}
+      />
+    </MantineProvider>,
+  );
+}
+
+afterEach(() => {
+  cleanup();
+  vi.clearAllMocks();
+});
+
+describe("HistoryItem git-sync provenance badge", () => {
+  // Test 1: the git-sync badge renders ONLY for lastUpdatedSource === 'git-sync'.
+  it("renders the Git sync badge only when lastUpdatedSource is 'git-sync'", () => {
+    renderItem(makeItem({ lastUpdatedSource: "git-sync" }));
+    expect(screen.getByText("Git sync")).toBeTruthy();
+  });
+
+  it.each([
+    ["agent", "agent"],
+    ["user", "user"],
+    ["undefined", undefined],
+  ])(
+    "does NOT render the Git sync badge when lastUpdatedSource is %s",
+    (_label, source) => {
+      renderItem(makeItem({ lastUpdatedSource: source }));
+      expect(screen.queryByText("Git sync")).toBeNull();
+    },
+  );
+
+  // Test 2: provenance attribution + the git-sync badge is NOT interactive.
+  it("attributes the git-sync provenance to the correct author and is not clickable", () => {
+    renderItem(
+      makeItem({
+        lastUpdatedSource: "git-sync",
+        lastUpdatedBy: { id: "u2", name: "Bob", avatarUrl: "" },
+      }),
+    );
+
+    const badge = screen.getByText("Git sync");
+
+    // Provenance attribution: the tooltip label carries the author name (the
+    // git-sync badge passes authorName -> "Synced from Git on behalf of {{name}}").
+    expect(screen.getByText("Synced from Git on behalf of Bob")).toBeTruthy();
+
+    // The git-sync badge must NOT behave like AiAgentBadge: the badge element
+    // itself is not a button, carries no role=button and no tabIndex, and
+    // clicking it must not trigger any ai-chat deep-link. (The surrounding
+    // history-row IS an UnstyledButton — that is the row's own select affordance,
+    // not the badge — so we scope these checks to the badge element.)
+    const badgeRoot = (badge.closest("[class*='mantine-Badge-root']") ??
+      badge) as HTMLElement;
+    expect(badgeRoot.getAttribute("role")).not.toBe("button");
+    expect(badgeRoot.getAttribute("tabindex")).toBeNull();
+    expect(badgeRoot.tagName.toLowerCase()).not.toBe("button");
+    // No interactive descendant button lives inside the badge itself.
+    expect(within(badgeRoot).queryByRole("button")).toBeNull();
+
+    badgeRoot.dispatchEvent(new MouseEvent("click", { bubbles: true }));
+    expect(setActiveChatId).not.toHaveBeenCalled();
+    expect(setAiChatWindowOpen).not.toHaveBeenCalled();
+    expect(setDraft).not.toHaveBeenCalled();
+    expect(setHistoryModalOpen).not.toHaveBeenCalled();
+  });
+
+  // Sanity contrast: the agent badge (the copy-paste source) IS interactive when
+  // it carries an aiChatId — proving the not-clickable assertion above is real.
+  it("contrast: the AI-agent badge is a deep-link button when it has an aiChatId", () => {
+    renderItem(
+      makeItem({
+        lastUpdatedSource: "agent",
+        lastUpdatedAiChatId: "chat-1",
+      }),
+    );
+    const agentBadge = screen.getByText("AI-agent");
+    const root = agentBadge.closest("[role='button']");
+    expect(root).not.toBeNull();
+    within(root as HTMLElement).getByText("AI-agent");
+  });
+});

apps/client/src/features/page-history/components/history-item.tsx

@@ -1,6 +1,7 @@
 import { Text, Group, UnstyledButton, Avatar, Tooltip } from "@mantine/core";
 import { CustomAvatar } from "@/components/ui/custom-avatar.tsx";
 import { AiAgentBadge } from "@/components/ui/ai-agent-badge.tsx";
+import { GitSyncBadge } from "@/components/ui/git-sync-badge.tsx";
 import { formattedDate } from "@/lib/time";
 import classes from "./css/history.module.css";
 import clsx from "clsx";
@@ -41,6 +42,7 @@ const HistoryItem = memo(function HistoryItem({
   const contributors = historyItem.contributors;
   const hasContributors = contributors && contributors.length > 0;
   const isAgentEdit = historyItem.lastUpdatedSource === "agent";
+  const isGitSyncEdit = historyItem.lastUpdatedSource === "git-sync";
 
   return (
     <UnstyledButton
@@ -108,6 +110,10 @@ const HistoryItem = memo(function HistoryItem({
             onActivate={() => setHistoryModalOpen(false)}
           />
         )}
+
+        {isGitSyncEdit && (
+          <GitSyncBadge authorName={historyItem.lastUpdatedBy?.name} />
+        )}
       </Group>
     </UnstyledButton>
   );

apps/client/src/features/page/tree/model/tree-model.test.ts

@@ -752,27 +752,6 @@ describe("treeModel.placeByPosition", () => {
     });
     expect(t.map((n) => n.id)).toEqual(["r1", "child", "r2", "rp"]);
   });
-
-  it("returns same reference (no-op) when the destination parent is inside the source's own subtree (#206 ui-state-races-1)", () => {
-    // Moving `a` under its own descendant `b` is a cycle. Without the guard,
-    // remove(a) drops b too and insertByPosition can't re-place a -> the whole
-    // subtree silently vanishes. The guard refuses the move (same reference).
-    const cyclic: P[] = [
-      {
-        id: "a",
-        name: "A",
-        position: "a0",
-        children: [{ id: "b", name: "B", position: "a1" }],
-      },
-    ];
-    const t = treeModel.placeByPosition(cyclic, "a", {
-      parentId: "b",
-      position: "a5",
-    });
-    expect(t).toBe(cyclic);
-    expect(treeModel.find(t, "a")).not.toBeNull();
-    expect(treeModel.find(t, "b")).not.toBeNull();
-  });
 });
 
 describe("treeModel.move", () => {

apps/client/src/features/page/tree/model/tree-model.ts

@@ -294,20 +294,6 @@ export const treeModel = {
     const source = treeModel.find(tree, sourceId);
     if (!source) return tree;
     if (to.parentId !== null && !treeModel.find(tree, to.parentId)) return tree;
-    // Cycle guard, mirroring `move`'s `isDescendant` check (#206 ui-state-races-1).
-    // If the destination parent is INSIDE the moved node's own subtree (reachable
-    // when server-authoritative move events arrive out of order — e.g. X moved
-    // under Y, then Y under X, but on this receiver Y is still inside X), then
-    // `remove(sourceId)` would drop the future parent along with the whole subtree
-    // and `insertByPosition` could not find it again — the node and ALL its
-    // descendants would silently vanish. Refuse the move and return the same
-    // reference so callers can detect the no-op and reconcile (refetch) instead.
-    if (
-      to.parentId !== null &&
-      treeModel.isDescendant(tree, sourceId, to.parentId)
-    ) {
-      return tree;
-    }
     const removed = treeModel.remove(tree, sourceId);
     // Reuse the same position-ordered insertion as `insertByPosition` by
     // stamping the authoritative position onto the moved node first.

apps/client/src/features/space/components/edit-space-form.test.tsx

@@ -0,0 +1,240 @@
+import {
+  describe,
+  it,
+  expect,
+  vi,
+  beforeAll,
+  afterEach,
+} from "vitest";
+import {
+  render,
+  screen,
+  cleanup,
+  fireEvent,
+  waitFor,
+} from "@testing-library/react";
+import { MantineProvider } from "@mantine/core";
+
+// --- Mocks for the heavy / networked module graph ---------------------------
+// EditSpaceForm wires the "Enable Git sync" Switch to a TanStack-Query mutation
+// (useUpdateSpaceMutation). We mock ONLY that hook so the test fully controls
+// mutateAsync (resolve / reject) and isPending, and stub i18n. The real Mantine
+// Switch is rendered so the checkbox role / disabled state is meaningful.
+
+// i18n: identity translator — labels stay as their English keys for queries.
+vi.mock("react-i18next", () => ({
+  useTranslation: () => ({ t: (key: string) => key }),
+}));
+
+// Mutation hook: a controllable mutateAsync plus a togglable isPending.
+const mutateAsync = vi.fn();
+let isPending = false;
+vi.mock("@/features/space/queries/space-query.ts", () => ({
+  useUpdateSpaceMutation: () => ({
+    mutateAsync,
+    get isPending() {
+      return isPending;
+    },
+  }),
+}));
+
+// jsdom lacks matchMedia, which MantineProvider's color-scheme hook needs.
+beforeAll(() => {
+  if (!window.matchMedia) {
+    window.matchMedia = (query: string) =>
+      ({
+        matches: false,
+        media: query,
+        onchange: null,
+        addListener: () => {},
+        removeListener: () => {},
+        addEventListener: () => {},
+        removeEventListener: () => {},
+        dispatchEvent: () => false,
+      }) as unknown as MediaQueryList;
+  }
+});
+
+import { EditSpaceForm } from "./edit-space-form";
+import type { ISpace } from "@/features/space/types/space.types.ts";
+
+function makeSpace(overrides: Partial<ISpace> = {}): ISpace {
+  return {
+    id: "space-1",
+    name: "Engineering",
+    description: "",
+    slug: "eng",
+    hostname: "host",
+    creatorId: "u1",
+    createdAt: new Date("2026-01-01"),
+    updatedAt: new Date("2026-01-01"),
+    ...overrides,
+  } as ISpace;
+}
+
+function renderForm(props: { space: ISpace; readOnly?: boolean }) {
+  return render(
+    <MantineProvider>
+      <EditSpaceForm space={props.space} readOnly={props.readOnly} />
+    </MantineProvider>,
+  );
+}
+
+// The form now renders TWO switches (git-sync enable + auto-merge-conflicts) in
+// that DOM order. Mantine renders each as an <input type="checkbox"
+// role="switch"> but does NOT expose its label as the accessible name, so we
+// disambiguate by DOM order (index 0 = enable, 1 = auto-merge) and assert the
+// human-readable label text is present alongside.
+function getToggle(): HTMLInputElement {
+  screen.getByText("Enable Git sync");
+  return screen.getAllByRole("switch")[0] as HTMLInputElement;
+}
+
+function getAutoMergeToggle(): HTMLInputElement {
+  screen.getByText("Auto-merge conflicts on push");
+  return screen.getAllByRole("switch")[1] as HTMLInputElement;
+}
+
+afterEach(() => {
+  cleanup();
+  mutateAsync.mockReset();
+  isPending = false;
+});
+
+describe("EditSpaceForm git-sync toggle", () => {
+  // Test 3: initial checked state derives from settings.gitSync.enabled ?? false.
+  it("derives initial checked state from space.settings.gitSync.enabled (true -> checked)", () => {
+    renderForm({
+      space: makeSpace({ settings: { gitSync: { enabled: true } } }),
+    });
+    expect(getToggle().checked).toBe(true);
+  });
+
+  it("defaults to unchecked when gitSync settings are missing", () => {
+    renderForm({ space: makeSpace() });
+    expect(getToggle().checked).toBe(false);
+  });
+
+  // Test 4: toggling fires the mutation with { spaceId, gitSyncEnabled } and
+  // optimistically flips the switch.
+  it("fires the mutation with the correct payload and optimistically flips on", async () => {
+    mutateAsync.mockResolvedValue(undefined);
+    renderForm({ space: makeSpace() });
+
+    const toggle = getToggle();
+    expect(toggle.checked).toBe(false);
+
+    fireEvent.click(toggle);
+
+    // Optimistic update: the switch reflects the new state immediately.
+    expect(toggle.checked).toBe(true);
+
+    expect(mutateAsync).toHaveBeenCalledTimes(1);
+    expect(mutateAsync).toHaveBeenCalledWith({
+      spaceId: "space-1",
+      gitSyncEnabled: true,
+    });
+
+    // Resolution leaves the toggle on.
+    await waitFor(() => expect(toggle.checked).toBe(true));
+  });
+
+  // Test 5: rollback on mutation error — the most valuable test.
+  it("rolls back the toggle to its prior state when the mutation rejects", async () => {
+    mutateAsync.mockRejectedValue(new Error("network"));
+    renderForm({
+      space: makeSpace({ settings: { gitSync: { enabled: false } } }),
+    });
+
+    const toggle = getToggle();
+    expect(toggle.checked).toBe(false);
+
+    fireEvent.click(toggle);
+
+    // Optimistically flips on before the rejection lands.
+    expect(toggle.checked).toBe(true);
+    expect(mutateAsync).toHaveBeenCalledWith({
+      spaceId: "space-1",
+      gitSyncEnabled: true,
+    });
+
+    // After the rejected promise settles, the component reverts to OFF so the
+    // user is not misled into believing sync is enabled.
+    await waitFor(() => expect(toggle.checked).toBe(false));
+  });
+
+  // Test 6: disabled when readOnly and when the mutation is pending.
+  it("disables the toggle when readOnly", () => {
+    renderForm({ space: makeSpace(), readOnly: true });
+    expect(getToggle().disabled).toBe(true);
+  });
+
+  it("disables the toggle while the mutation is pending", () => {
+    isPending = true;
+    renderForm({ space: makeSpace() });
+    expect(getToggle().disabled).toBe(true);
+  });
+});
+
+describe("EditSpaceForm auto-merge-conflicts toggle", () => {
+  it("derives initial checked state from space.settings.gitSync.autoMergeConflicts (true -> checked)", () => {
+    renderForm({
+      space: makeSpace({
+        settings: { gitSync: { autoMergeConflicts: true } },
+      }),
+    });
+    expect(getAutoMergeToggle().checked).toBe(true);
+  });
+
+  it("defaults to unchecked when autoMergeConflicts is missing (SAFE default)", () => {
+    renderForm({ space: makeSpace() });
+    expect(getAutoMergeToggle().checked).toBe(false);
+  });
+
+  it("fires the mutation with { spaceId, autoMergeConflicts } and optimistically flips on", async () => {
+    mutateAsync.mockResolvedValue(undefined);
+    renderForm({ space: makeSpace() });
+
+    const toggle = getAutoMergeToggle();
+    expect(toggle.checked).toBe(false);
+
+    fireEvent.click(toggle);
+
+    // Optimistic update.
+    expect(toggle.checked).toBe(true);
+    expect(mutateAsync).toHaveBeenCalledTimes(1);
+    expect(mutateAsync).toHaveBeenCalledWith({
+      spaceId: "space-1",
+      autoMergeConflicts: true,
+    });
+
+    await waitFor(() => expect(toggle.checked).toBe(true));
+  });
+
+  it("rolls back to its prior state when the mutation rejects", async () => {
+    mutateAsync.mockRejectedValue(new Error("network"));
+    renderForm({
+      space: makeSpace({
+        settings: { gitSync: { autoMergeConflicts: false } },
+      }),
+    });
+
+    const toggle = getAutoMergeToggle();
+    expect(toggle.checked).toBe(false);
+
+    fireEvent.click(toggle);
+
+    expect(toggle.checked).toBe(true);
+    expect(mutateAsync).toHaveBeenCalledWith({
+      spaceId: "space-1",
+      autoMergeConflicts: true,
+    });
+
+    await waitFor(() => expect(toggle.checked).toBe(false));
+  });
+
+  it("disables the toggle when readOnly", () => {
+    renderForm({ space: makeSpace(), readOnly: true });
+    expect(getAutoMergeToggle().disabled).toBe(true);
+  });
+});

apps/client/src/features/space/components/edit-space-form.tsx

@@ -1,5 +1,14 @@
-import { Group, Box, Button, TextInput, Stack, Textarea } from "@mantine/core";
-import React from "react";
+import {
+  Group,
+  Box,
+  Button,
+  TextInput,
+  Stack,
+  Textarea,
+  Divider,
+  Switch,
+} from "@mantine/core";
+import React, { useState } from "react";
 import { useForm } from "@mantine/form";
 import { zod4Resolver } from "mantine-form-zod-resolver";
 import { z } from "zod/v4";
@@ -29,6 +38,44 @@ export function EditSpaceForm({ space, readOnly }: EditSpaceFormProps) {
   const { t } = useTranslation();
   const updateSpaceMutation = useUpdateSpaceMutation();
 
+  const [gitSyncEnabled, setGitSyncEnabled] = useState<boolean>(
+    space?.settings?.gitSync?.enabled ?? false,
+  );
+
+  const [autoMergeConflicts, setAutoMergeConflicts] = useState<boolean>(
+    space?.settings?.gitSync?.autoMergeConflicts ?? false,
+  );
+
+  const handleGitSyncToggle = async (value: boolean) => {
+    const previous = gitSyncEnabled;
+    setGitSyncEnabled(value); // optimistic update
+    try {
+      await updateSpaceMutation.mutateAsync({
+        spaceId: space.id,
+        gitSyncEnabled: value,
+      });
+    } catch (err) {
+      setGitSyncEnabled(previous); // revert on failure
+      // The mutation surfaces a toast via onError; still log the raw error so it
+      // is not silently swallowed (AGENTS.md).
+      console.error("Failed to toggle git-sync for space", err);
+    }
+  };
+
+  const handleAutoMergeConflictsToggle = async (value: boolean) => {
+    const previous = autoMergeConflicts;
+    setAutoMergeConflicts(value); // optimistic update
+    try {
+      await updateSpaceMutation.mutateAsync({
+        spaceId: space.id,
+        autoMergeConflicts: value,
+      });
+    } catch (err) {
+      setAutoMergeConflicts(previous); // revert on failure
+      console.error("Failed to toggle git-sync auto-merge-conflicts", err);
+    }
+  };
+
   const form = useForm<FormValues>({
     validate: zod4Resolver(formSchema),
     initialValues: {
@@ -104,6 +151,31 @@ export function EditSpaceForm({ space, readOnly }: EditSpaceFormProps) {
             </Group>
           )}
         </form>
+
+        <Divider my="lg" />
+
+        <Switch
+          label={t("Enable Git sync")}
+          description={t("Sync this space's pages to a Git repository.")}
+          checked={gitSyncEnabled}
+          disabled={readOnly || updateSpaceMutation.isPending}
+          onChange={(event) =>
+            handleGitSyncToggle(event.currentTarget.checked)
+          }
+        />
+
+        <Switch
+          mt="md"
+          label={t("Auto-merge conflicts on push")}
+          description={t(
+            "When off (recommended), a page whose content still has unresolved Git conflict markers is skipped on push until you resolve the conflict in Git. When on, the markers are stripped and both sides' content is pushed.",
+          )}
+          checked={autoMergeConflicts}
+          disabled={readOnly || updateSpaceMutation.isPending}
+          onChange={(event) =>
+            handleAutoMergeConflictsToggle(event.currentTarget.checked)
+          }
+        />
       </Box>
     </>
   );

apps/client/src/features/space/types/space.types.ts

@@ -13,9 +13,15 @@ export interface ISpaceCommentsSettings {
   allowViewerComments?: boolean;
 }
 
+export interface ISpaceGitSyncSettings {
+  enabled?: boolean;
+  autoMergeConflicts?: boolean;
+}
+
 export interface ISpaceSettings {
   sharing?: ISpaceSharingSettings;
   comments?: ISpaceCommentsSettings;
+  gitSync?: ISpaceGitSyncSettings;
 }
 
 export interface ISpace {
@@ -35,6 +41,8 @@ export interface ISpace {
   // for updates
   disablePublicSharing?: boolean;
   allowViewerComments?: boolean;
+  gitSyncEnabled?: boolean;
+  autoMergeConflicts?: boolean;
 }
 
 interface IMembership {

apps/client/src/features/websocket/tree-socket-reducers.test.ts

@@ -183,34 +183,6 @@ describe("applyMoveTreeNode", () => {
     expect(moved?.hasChildren).toBe(true);
     expect(moved?.position).toBe("a4");
   });
-
-  it("does NOT drop a subtree on a cyclic/out-of-order move (parent inside source) (#206 ui-state-races-1)", () => {
-    // Locally `b` is still nested inside `a` (an earlier "a under b" echo hasn't
-    // applied yet). An out-of-order "move a under b" event now arrives — b is a
-    // descendant of a, so re-parenting would make placeByPosition remove a (and
-    // its whole subtree, incl. b) and fail to re-insert. Before the fix BOTH a
-    // and b silently vanished; now the reducer leaves the tree untouched.
-    const tree: SpaceTreeNode[] = [
-      node("a", {
-        position: "a0",
-        hasChildren: true,
-        children: [node("b", { position: "a1", parentPageId: "a" })],
-      }),
-    ];
-    const next = applyMoveTreeNode(tree, {
-      id: "a",
-      parentId: "b",
-      oldParentId: null,
-      index: 0,
-      position: "a4",
-      pageData: {},
-    });
-    // No silent data loss: both nodes survive.
-    expect(treeModel.find(next, "a")).not.toBeNull();
-    expect(treeModel.find(next, "b")).not.toBeNull();
-    // The cyclic move is refused as a no-op (same reference) pending reconcile.
-    expect(next).toBe(tree);
-  });
 });
 
 describe("applyDeleteTreeNode", () => {

apps/client/src/features/websocket/tree-socket-reducers.ts

@@ -76,19 +76,6 @@ export function applyMoveTreeNode(
   const oldParentId = (sourceBefore as SpaceTreeNode).parentPageId ?? null;
   const newParentId = payload.parentId as string | null;
 
-  // Cyclic / out-of-order move guard (#206 ui-state-races-1): if the
-  // authoritative new parent is currently INSIDE the moved node's own subtree on
-  // this client (e.g. server moved X under Y then Y under X and the events
-  // arrived such that Y is still nested in X here), re-parenting is impossible to
-  // represent locally. `placeByPosition` returns `prev` for this, but the
-  // `placed === prev` fallback below would then `remove` the source — dropping
-  // the node AND every descendant (incl. the would-be parent) silently. Leave the
-  // tree untouched instead; a later corrective event or a reconnect refetch
-  // reconciles it. Never delete a subtree we cannot safely re-place.
-  if (newParentId && treeModel.isDescendant(prev, payload.id, newParentId)) {
-    return prev;
-  }
-
   // Place the node by its fractional `position` among the new siblings — NOT by
   // the sender's absolute `index` (the sender computed that against its own
   // loaded set, which differs from this receiver's). Using the position keeps

apps/client/src/features/workspace/components/settings/components/ai-mcp-server-test-view.test.ts

@@ -1,87 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { mcpTestButtonView } from "./ai-mcp-server-test-view";
-
-/**
- * Pure-helper tests for the inline "Test" button presentation. Covers the four
- * states (idle / loading is handled by the component's `isPending`, so here:
- * idle / ok-with-tools / ok-without-tools / failed) and the tooltip text
- * branches that are easiest to break silently.
- */
-// Identity-ish translator that echoes the key and interpolates {{n}} so the
-// label/tooltip branches are observable without the real i18n bundle.
-const t = (key: string, options?: Record<string, unknown>): string =>
-  options && "n" in options
-    ? key.replace("{{n}}", String((options as { n: unknown }).n))
-    : key;
-
-describe("mcpTestButtonView", () => {
-  it("idle when there is no result", () => {
-    expect(mcpTestButtonView(undefined, t)).toEqual({
-      state: "idle",
-      color: undefined,
-      variant: "default",
-      label: "Test",
-      tooltip: "",
-    });
-  });
-
-  it("ok with tools lists them in the tooltip", () => {
-    expect(mcpTestButtonView({ ok: true, tools: ["a", "b"] }, t)).toEqual({
-      state: "ok",
-      color: "green",
-      variant: "light",
-      label: "OK · 2",
-      tooltip: "a, b",
-    });
-  });
-
-  it('ok with zero tools shows "No tools available"', () => {
-    expect(mcpTestButtonView({ ok: true, tools: [] }, t)).toEqual({
-      state: "ok",
-      color: "green",
-      variant: "light",
-      label: "OK · 0",
-      tooltip: "No tools available",
-    });
-  });
-
-  it("failed surfaces the error text in the tooltip", () => {
-    expect(
-      mcpTestButtonView({ ok: false, error: "402: nope" }, t),
-    ).toEqual({
-      state: "failed",
-      color: "red",
-      variant: "light",
-      label: "Failed",
-      tooltip: "402: nope",
-    });
-  });
-
-  it("failed when the request itself rejects (no result payload)", () => {
-    // 401/403/500/network: there is no { ok } body, only a thrown error. The
-    // row must still show a red "Failed" rather than reverting to idle "Test".
-    expect(
-      mcpTestButtonView(undefined, t, {
-        response: { data: { message: "Unauthorized" } },
-      }),
-    ).toEqual({
-      state: "failed",
-      color: "red",
-      variant: "light",
-      label: "Failed",
-      tooltip: "Unauthorized",
-    });
-  });
-
-  it("reject without a server message falls back to the generic label", () => {
-    // A bare network error (no response body) still surfaces as failed, using
-    // the i18n fallback for the tooltip.
-    expect(mcpTestButtonView(undefined, t, new Error("network down"))).toEqual({
-      state: "failed",
-      color: "red",
-      variant: "light",
-      label: "Failed",
-      tooltip: "Failed to update data",
-    });
-  });
-});

apps/client/src/features/workspace/components/settings/components/ai-mcp-server-test-view.ts

@@ -1,90 +0,0 @@
-import type { IAiMcpServerTestResult } from "@/features/workspace/services/ai-mcp-server-service.ts";
-
-/** Minimal translator shape (i18next `t`): key + optional interpolation. */
-type Translate = (key: string, options?: Record<string, unknown>) => string;
-
-/** Subset of an axios-style rejection we read for the reject tooltip. */
-type McpTestRequestError = {
-  response?: { data?: { message?: string } };
-};
-
-/**
- * Best-effort extraction of a server-sent message from a rejected test request
- * (axios stores it at `error.response.data.message`). Returns undefined for a
- * bare/network error so the caller can fall back to a generic label.
- */
-function readRequestErrorMessage(error: unknown): string | undefined {
-  if (error && typeof error === "object" && "response" in error) {
-    return (error as McpTestRequestError).response?.data?.message;
-  }
-  return undefined;
-}
-
-/**
- * Presentation for the inline "Test" button, derived from the current test
- * result tristate (no result yet / ok / failed). Color is never the only signal
- * — the label and icon change too (a11y / colorblind-friendly). Kept as a single
- * pure derivation (rather than two parallel if/else chains) so the button and
- * tooltip can never drift apart, and so the text branches are unit-testable
- * without rendering the row.
- */
-export interface McpTestButtonView {
-  /** Tristate; the component maps this to the leftSection icon. */
-  state: "idle" | "ok" | "failed";
-  /** Mantine Button color; undefined = theme default (idle). */
-  color?: string;
-  /** Mantine Button variant. */
-  variant: string;
-  /** Translated button label. */
-  label: string;
-  /** Translated tooltip text; "" while there is no result (tooltip disabled). */
-  tooltip: string;
-}
-
-export function mcpTestButtonView(
-  result: IAiMcpServerTestResult | undefined,
-  t: Translate,
-  error?: unknown,
-): McpTestButtonView {
-  if (result?.ok) {
-    return {
-      state: "ok",
-      color: "green",
-      variant: "light",
-      label: t("OK · {{n}}", { n: result.tools.length }),
-      tooltip:
-        result.tools.length > 0
-          ? result.tools.join(", ")
-          : t("No tools available"),
-    };
-  }
-  if (result && result.ok === false) {
-    return {
-      state: "failed",
-      color: "red",
-      variant: "light",
-      label: t("Failed"),
-      tooltip: result.error,
-    };
-  }
-  if (error) {
-    // The test request itself rejected (401/403/500/network) — there is no
-    // `{ ok }` payload, so without this branch the row would silently revert to
-    // the idle "Test" instead of reporting the failure. Tooltip prefers the
-    // server-sent message, else the generic i18n fallback.
-    return {
-      state: "failed",
-      color: "red",
-      variant: "light",
-      label: t("Failed"),
-      tooltip: readRequestErrorMessage(error) ?? t("Failed to update data"),
-    };
-  }
-  return {
-    state: "idle",
-    color: undefined,
-    variant: "default",
-    label: t("Test"),
-    tooltip: "",
-  };
-}

apps/client/src/features/workspace/components/settings/components/ai-mcp-servers.tsx

@@ -1,4 +1,4 @@
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import {
   ActionIcon,
   Badge,
@@ -10,28 +10,18 @@ import {
   Stack,
   Switch,
   Text,
-  Tooltip,
 } from "@mantine/core";
 import { useDisclosure } from "@mantine/hooks";
 import { modals } from "@mantine/modals";
-import {
-  IconCheck,
-  IconPencil,
-  IconPlugConnected,
-  IconPlus,
-  IconTrash,
-  IconX,
-} from "@tabler/icons-react";
+import { IconPencil, IconPlus, IconTrash } from "@tabler/icons-react";
 import { useTranslation } from "react-i18next";
 import useUserRole from "@/hooks/use-user-role.tsx";
 import {
   useAiMcpServersQuery,
   useDeleteAiMcpServerMutation,
-  useTestAiMcpServerMutation,
   useUpdateAiMcpServerMutation,
 } from "@/features/workspace/queries/ai-mcp-server-query.ts";
 import { IAiMcpServer } from "@/features/workspace/services/ai-mcp-server-service.ts";
-import { mcpTestButtonView } from "@/features/workspace/components/settings/components/ai-mcp-server-test-view.ts";
 import AiMcpServerForm from "./ai-mcp-server-form.tsx";
 
 /**
@@ -122,15 +112,55 @@ export default function AiMcpServers() {
 
       <Stack gap="xs" mt="sm">
         {servers?.map((server) => (
-          <AiMcpServerRow
-            key={server.id}
-            server={server}
-            onEdit={openEdit}
-            onDelete={confirmDelete}
-            onToggleEnabled={(enabled) =>
-              updateMutation.mutate({ id: server.id, enabled })
-            }
-          />
+          <Group key={server.id} justify="space-between" wrap="nowrap">
+            <Stack gap={2} style={{ minWidth: 0 }}>
+              <Group gap="xs">
+                <Text fw={500} truncate>
+                  {server.name}
+                </Text>
+                <Badge size="xs" variant="light">
+                  {server.transport.toUpperCase()}
+                </Badge>
+              </Group>
+              <Text
+                size="xs"
+                c="dimmed"
+                truncate
+                style={{ fontFamily: "ui-monospace, Menlo, monospace" }}
+              >
+                {server.url}
+              </Text>
+            </Stack>
+
+            <Group gap="xs" wrap="nowrap">
+              <Switch
+                size="sm"
+                checked={server.enabled}
+                aria-label={t("Enabled")}
+                onChange={(event) =>
+                  updateMutation.mutate({
+                    id: server.id,
+                    enabled: event.currentTarget.checked,
+                  })
+                }
+              />
+              <ActionIcon
+                variant="subtle"
+                aria-label={t("Edit")}
+                onClick={() => openEdit(server)}
+              >
+                <IconPencil size={16} />
+              </ActionIcon>
+              <ActionIcon
+                variant="subtle"
+                color="red"
+                aria-label={t("Delete")}
+                onClick={() => confirmDelete(server)}
+              >
+                <IconTrash size={16} />
+              </ActionIcon>
+            </Group>
+          </Group>
         ))}
       </Stack>
 
@@ -150,127 +180,3 @@ export default function AiMcpServers() {
     </Paper>
   );
 }
-
-interface AiMcpServerRowProps {
-  server: IAiMcpServer;
-  onEdit: (server: IAiMcpServer) => void;
-  onDelete: (server: IAiMcpServer) => void;
-  onToggleEnabled: (enabled: boolean) => void;
-}
-
-/**
- * A single external MCP server row: name/badge/url on the left and the
- * Test / Switch / Edit / Delete controls on the right. Each row owns its own
- * `useTestAiMcpServerMutation()` so the inline Test result and loading state are
- * independent per row (a shared mutation would make `isPending` global and make
- * every row flicker).
- */
-function AiMcpServerRow({
-  server,
-  onEdit,
-  onDelete,
-  onToggleEnabled,
-}: AiMcpServerRowProps) {
-  const { t } = useTranslation();
-  const testMutation = useTestAiMcpServerMutation();
-  const result = testMutation.data;
-
-  // The row is keyed by `server.id`, so editing the connection-relevant fields
-  // (url/transport/headers) does NOT remount it — an old success/failure result
-  // would otherwise stick. Clear the result when those fields change.
-  useEffect(() => {
-    testMutation.reset();
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [server.url, server.transport, server.hasHeaders]);
-
-  // Single derivation of the button/tooltip presentation from the test tristate
-  // (idle / ok / failed), so the two can never drift apart. Tooltip is "" while
-  // there is no result; the icon is mapped from `view.state` below. When the
-  // request itself rejects (401/403/500/network) there is no `data` payload, so
-  // we feed the mutation error in too — otherwise the row would silently revert
-  // to "Test" instead of showing a red "Failed".
-  const view = mcpTestButtonView(
-    result,
-    t,
-    testMutation.isError ? testMutation.error : undefined,
-  );
-  const tooltipLabel = view.tooltip;
-  const buttonColor = view.color;
-  const buttonVariant = view.variant;
-  const buttonLabel = view.label;
-  const buttonIcon =
-    view.state === "ok" ? (
-      <IconCheck size={16} />
-    ) : view.state === "failed" ? (
-      <IconX size={16} />
-    ) : (
-      <IconPlugConnected size={16} />
-    );
-
-  return (
-    <Group justify="space-between" wrap="nowrap">
-      <Stack gap={2} style={{ minWidth: 0 }}>
-        <Group gap="xs">
-          <Text fw={500} truncate>
-            {server.name}
-          </Text>
-          <Badge size="xs" variant="light">
-            {server.transport.toUpperCase()}
-          </Badge>
-        </Group>
-        <Text
-          size="xs"
-          c="dimmed"
-          truncate
-          style={{ fontFamily: "ui-monospace, Menlo, monospace" }}
-        >
-          {server.url}
-        </Text>
-      </Stack>
-
-      <Group gap="xs" wrap="nowrap">
-        {/* Always clickable: testing a disabled server before enabling it is useful. */}
-        <Tooltip
-          label={tooltipLabel}
-          disabled={view.state === "idle"}
-          multiline
-          maw={320}
-          withinPortal
-        >
-          <Button
-            size="xs"
-            miw={88}
-            color={buttonColor}
-            variant={buttonVariant}
-            leftSection={testMutation.isPending ? undefined : buttonIcon}
-            loading={testMutation.isPending}
-            onClick={() => testMutation.mutate(server.id)}
-          >
-            {buttonLabel}
-          </Button>
-        </Tooltip>
-        <Switch
-          size="sm"
-          checked={server.enabled}
-          aria-label={t("Enabled")}
-          onChange={(event) => onToggleEnabled(event.currentTarget.checked)}
-        />
-        <ActionIcon
-          variant="subtle"
-          aria-label={t("Edit")}
-          onClick={() => onEdit(server)}
-        >
-          <IconPencil size={16} />
-        </ActionIcon>
-        <ActionIcon
-          variant="subtle"
-          color="red"
-          aria-label={t("Delete")}
-          onClick={() => onDelete(server)}
-        >
-          <IconTrash size={16} />
-        </ActionIcon>
-      </Group>
-    </Group>
-  );
-}

apps/client/src/features/workspace/components/settings/components/ai-provider-settings.tsx

@@ -7,7 +7,6 @@ import {
   Button,
   Group,
   Modal,
-  NumberInput,
   Paper,
   PasswordInput,
   Select,
@@ -84,9 +83,6 @@ const STT_LANGUAGE_OPTIONS: { value: string; label: string }[] = [
 // (empty means "leave unchanged" unless explicitly cleared).
 const formSchema = z.object({
   chatModel: z.string(),
-  // Max context window in tokens shown in the chat header badge. A number, or ""
-  // when the NumberInput is empty (no limit).
-  chatContextWindow: z.union([z.number(), z.literal("")]),
   // Chat provider implementation (reasoning surfacing). Default openai-compatible.
   chatApiStyle: z.enum(["openai-compatible", "openai"]),
   // Cheap model id for the anonymous public-share assistant; empty = use chatModel.
@@ -315,7 +311,6 @@ export default function AiProviderSettings() {
     validate: zod4Resolver(formSchema),
     initialValues: {
       chatModel: "",
-      chatContextWindow: "",
       chatApiStyle: "openai-compatible" as ChatApiStyle,
       publicShareChatModel: "",
       publicShareAssistantRoleId: "",
@@ -339,7 +334,6 @@ export default function AiProviderSettings() {
     if (!settings) return;
     form.setValues({
       chatModel: settings.chatModel ?? "",
-      chatContextWindow: settings.chatContextWindow ?? "",
       chatApiStyle: settings.chatApiStyle ?? "openai-compatible",
       publicShareChatModel: settings.publicShareChatModel ?? "",
       publicShareAssistantRoleId: settings.publicShareAssistantRoleId ?? "",
@@ -370,12 +364,6 @@ export default function AiProviderSettings() {
       // Everything is OpenAI-compatible.
       driver: "openai",
       chatModel: values.chatModel,
-      // Max context window for the chat header badge; empty NumberInput ("") →
-      // 0, which clears the limit server-side (no denominator shown).
-      chatContextWindow:
-        typeof values.chatContextWindow === "number"
-          ? values.chatContextWindow
-          : 0,
       chatApiStyle: values.chatApiStyle,
       // Cheap model id for the anonymous public-share assistant; empty falls
       // back to chatModel server-side.
@@ -779,18 +767,6 @@ export default function AiProviderSettings() {
           {t("Resolves to {{url}}", { url: chatResolved })}
         </Text>
 
-        <NumberInput
-          mt="sm"
-          label={t("Context window (tokens)")}
-          description={t(
-            "Shown as used / total in the chat header. Leave empty to hide the limit.",
-          )}
-          min={0}
-          allowDecimal={false}
-          disabled={isLoading}
-          {...form.getInputProps("chatContextWindow")}
-        />
-
         <Select
           mt="sm"
           label={t("Protocol")}

apps/client/src/features/workspace/services/ai-settings-service.ts

@@ -22,8 +22,6 @@ export type ChatApiStyle = "openai-compatible" | "openai";
 export interface IAiSettings {
   driver?: AiDriver;
   chatModel?: string;
-  // Max context window in tokens shown in the chat header badge; 0/unset = no limit.
-  chatContextWindow?: number;
   chatApiStyle?: ChatApiStyle;
   // Cheap model id for the anonymous public-share assistant; empty = chatModel.
   publicShareChatModel?: string;
@@ -58,8 +56,6 @@ export interface IAiSettings {
 export interface IAiSettingsUpdate {
   driver?: AiDriver;
   chatModel?: string;
-  // Max context window in tokens for the chat header badge; 0 = clear the limit.
-  chatContextWindow?: number;
   chatApiStyle?: ChatApiStyle;
   publicShareChatModel?: string;
   // Agent-role id whose persona the public-share assistant adopts; empty =

apps/server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "server",
-  "version": "0.94.0",
+  "version": "0.93.0",
   "description": "",
   "author": "",
   "private": true,
@@ -23,7 +23,7 @@
     "migration:reset": "tsx src/database/migrate.ts down-to NO_MIGRATIONS",
     "migration:codegen": "kysely-codegen --dialect=postgres --camel-case --env-file=../../.env --out-file=./src/database/types/db.d.ts",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
-    "pretest": "pnpm --filter @docmost/editor-ext build",
+    "pretest": "pnpm --filter @docmost/editor-ext build && pnpm --filter @docmost/git-sync build && pnpm --filter @docmost/mcp build",
     "test": "jest",
     "test:int": "jest --config test/jest-integration.json",
     "test:watch": "jest --watch",
@@ -41,6 +41,7 @@
     "@aws-sdk/s3-request-presigner": "3.1050.0",
     "@azure/storage-blob": "12.31.0",
     "@clickhouse/client": "^1.18.2",
+    "@docmost/git-sync": "workspace:*",
     "@docmost/mcp": "workspace:*",
     "@docmost/pdf-inspector": "1.9.6",
     "@fastify/cookie": "^11.0.2",
@@ -188,7 +189,12 @@
           ]
         }
       ],
-      "^.+\\.(t|j)sx?$": "ts-jest"
+      "^.+\\.(t|j)sx?$": [
+        "ts-jest",
+        {
+          "isolatedModules": true
+        }
+      ]
     },
     "transformIgnorePatterns": [
       "/node_modules/(?!(\\.pnpm/)?(nanoid|uuid|image-dimensions|marked|happy-dom|lib0)(@|/))"
@@ -198,11 +204,17 @@
     ],
     "coverageDirectory": "../coverage",
     "testEnvironment": "node",
+    "setupFiles": [
+      "<rootDir>/../test/jest.setup.ts"
+    ],
     "moduleNameMapper": {
       "^@docmost/db/(.*)$": "<rootDir>/database/$1",
       "^@docmost/transactional/(.*)$": "<rootDir>/integrations/transactional/$1",
       "^@docmost/ee/(.*)$": "<rootDir>/ee/$1",
-      "^src/(.*)$": "<rootDir>/$1"
+      "^src/(.*)$": "<rootDir>/$1",
+      "^@docmost/git-sync$": "<rootDir>/../../../packages/git-sync/src/index.ts",
+      "^@docmost/git-sync/(.*)$": "<rootDir>/../../../packages/git-sync/src/$1",
+      "^(\\.{1,2}/.*)\\.js$": "$1"
     }
   }
 }

apps/server/src/app.module.ts

@@ -28,6 +28,7 @@ import { ClsModule } from 'nestjs-cls';
 import { NoopAuditModule } from './integrations/audit/audit.module';
 import { ThrottleModule } from './integrations/throttle/throttle.module';
 import { McpModule } from './integrations/mcp/mcp.module';
+import { GitSyncModule } from './integrations/git-sync/git-sync.module';
 import { AiModule } from './integrations/ai/ai.module';
 import { AiChatModule } from './core/ai-chat/ai-chat.module';
 
@@ -89,6 +90,7 @@ try {
     TelemetryModule,
     ThrottleModule,
     McpModule,
+    GitSyncModule,
     AiModule,
     AiChatModule,
     ...enterpriseModules,

apps/server/src/collaboration/collaboration.gateway.ts

@@ -149,6 +149,45 @@ export class CollaborationGateway {
     return this.hocuspocus.openDirectConnection(documentName, context);
   }
 
+  /**
+   * Write a git-originated body into a page, applying the merge on the instance
+   * that OWNS the live Y.Doc so a connected editor CONVERGES on the change.
+   *
+   * git-sync must NOT use openDirectConnection directly for this: that opens the
+   * document on whichever instance/process runs git-sync (the API/worker). When
+   * an editor is connected to a DIFFERENT collab instance/process, that is a
+   * SEPARATE, detached Y.Doc — the merge lands in the detached doc and the DB,
+   * but the live editor never receives the Yjs update; its next debounced
+   * autosave then overwrites the DB with its stale state and SILENTLY REVERTS
+   * the git change (the data-loss bug). Routing through the custom-event channel
+   * runs the merge on the owning instance's shared Document, whose update is
+   * broadcast to every connection (handleUpdate), so the editor's CRDT converges
+   * on the merged result.
+   *
+   * Without redis there is a single instance, so the write runs locally — which
+   * is already the owning (and only) instance the editor is connected to.
+   */
+  async writePageBody(
+    documentName: string,
+    payload: {
+      prosemirrorJson: unknown;
+      baseProsemirrorJson?: unknown;
+      userId: string;
+    },
+  ): Promise<void> {
+    if (this.redisSync) {
+      await this.handleYjsEvent(
+        'gitSyncWriteBody',
+        documentName,
+        payload as any,
+      );
+      return;
+    }
+    await this.collabEventsService
+      .getHandlers(this.hocuspocus)
+      .gitSyncWriteBody(documentName, payload as any);
+  }
+
   /*
    *Can be used before calling openDirectConnection directly
    */

apps/server/src/collaboration/collaboration.handler.git-sync.spec.ts

@@ -0,0 +1,182 @@
+// Exercises the REAL `gitSyncWriteBody` collab handler (the owner-routed body
+// write the data-loss fix introduces). The handler imports the editor graph via
+// collaboration.util / yjs.util (tiptapExtensions -> editor-ext -> react-dom,
+// unloadable under jest's node env, same coupling noted in
+// gitmost-datasource.service.spec.ts), so we stub those + the transformer. The
+// stubbed toYdoc builds paragraph blocks straight from the ProseMirror JSON so
+// we can assert convergence on real text.
+jest.mock('./collaboration.util', () => ({
+  tiptapExtensions: [],
+  getPageId: (name: string) => name.replace(/^page\./, ''),
+  prosemirrorNodeToYElement: jest.fn(),
+}));
+jest.mock('./yjs.util', () => ({
+  setYjsMark: jest.fn(),
+  updateYjsMarkAttribute: jest.fn(),
+}));
+jest.mock('@hocuspocus/transformer', () => {
+  const Yjs = require('yjs');
+  return {
+    TiptapTransformer: {
+      toYdoc: (json: any) => {
+        if (json?.__throw) throw new Error('boom: malformed doc');
+        const d = new Yjs.Doc();
+        const frag = d.getXmlFragment('default');
+        const blocks = (json?.content ?? []).map((node: any) => {
+          const el = new Yjs.XmlElement(node.type || 'paragraph');
+          const text = (node.content ?? [])
+            .map((t: any) => t.text ?? '')
+            .join('');
+          const t = new Yjs.XmlText();
+          if (text) t.insert(0, text);
+          el.insert(0, [t]);
+          return el;
+        });
+        if (blocks.length) frag.insert(0, blocks);
+        return d;
+      },
+    },
+  };
+});
+
+import * as Y from 'yjs';
+import { CollaborationHandler } from './collaboration.handler';
+
+const pmDoc = (...paras: string[]) => ({
+  type: 'doc',
+  content: paras.map((text) => ({
+    type: 'paragraph',
+    content: text ? [{ type: 'text', text }] : [],
+  })),
+});
+
+const texts = (frag: Y.XmlFragment): string[] =>
+  frag.toArray().map((el) =>
+    (el as Y.XmlElement)
+      .toArray()
+      .map((c) => (c as Y.XmlText).toString())
+      .join(''),
+  );
+
+// Build a fake Hocuspocus whose openDirectConnection yields a DirectConnection
+// over a REAL shared Document, with a connected "editor" doc that receives the
+// shared doc's updates (modelling Document.handleUpdate's broadcast on the
+// OWNING instance). Initial content carries live block ids; the editor starts
+// fully synced with the shared doc.
+function fakeHocuspocus(initial: { text: string; id: string }[]) {
+  const shared = new Y.Doc();
+  const frag = shared.getXmlFragment('default');
+  shared.transact(() => {
+    frag.insert(
+      0,
+      initial.map((s) => {
+        const el = new Y.XmlElement('paragraph');
+        el.setAttribute('id', s.id);
+        const t = new Y.XmlText();
+        if (s.text) t.insert(0, s.text);
+        el.insert(0, [t]);
+        return el;
+      }),
+    );
+  });
+  const editor = new Y.Doc();
+  Y.applyUpdate(editor, Y.encodeStateAsUpdate(shared));
+  // Broadcast relay: server-originated updates flow to the connected editor.
+  shared.on('update', (u: Uint8Array, origin: any) => {
+    if (origin !== 'editor') Y.applyUpdate(editor, u, 'server');
+  });
+
+  const openDirectConnection = jest.fn(async () => ({
+    // DirectConnection.transact runs the fn directly against the Document (no
+    // wrapping Y transaction), exactly like @hocuspocus/server.
+    transact: async (fn: (doc: Y.Doc) => void) => fn(shared),
+    disconnect: jest.fn(async () => undefined),
+  }));
+
+  return { hocuspocus: { openDirectConnection } as any, shared, editor };
+}
+
+describe('CollaborationHandler.gitSyncWriteBody (owner-routed body write)', () => {
+  it('converges a connected editor on the git change (no silent revert)', async () => {
+    const { hocuspocus, shared, editor } = fakeHocuspocus([
+      { text: 'alpha', id: 'p1' },
+      { text: 'beta', id: 'p2' },
+    ]);
+    const handler = new CollaborationHandler();
+    const handlers = handler.getHandlers(hocuspocus);
+
+    // git changed block 1 beta -> beta2; base is the pre-change content.
+    await handlers.gitSyncWriteBody('page.x', {
+      prosemirrorJson: pmDoc('alpha', 'beta2'),
+      baseProsemirrorJson: pmDoc('alpha', 'beta'),
+      userId: 'svc-user',
+    });
+
+    // The shared (owning-instance) doc holds the merge...
+    expect(texts(shared.getXmlFragment('default'))).toEqual(['alpha', 'beta2']);
+    // ...and the connected editor CONVERGED via the broadcast (the bug would
+    // leave it on 'beta' and revert the page on its next autosave).
+    expect(texts(editor.getXmlFragment('default'))).toEqual(['alpha', 'beta2']);
+  });
+
+  it('preserves a concurrent edit to a DIFFERENT block (3-way, finding #2)', async () => {
+    const { hocuspocus, shared, editor } = fakeHocuspocus([
+      { text: 'alpha', id: 'p1' },
+      { text: 'beta', id: 'p2' },
+    ]);
+    // The editor is actively editing block 0 while the push arrives.
+    const eFrag = editor.getXmlFragment('default');
+    editor.transact(
+      () => (eFrag.get(0) as Y.XmlElement).get(0) instanceof Y.XmlText &&
+        ((eFrag.get(0) as Y.XmlElement).get(0) as Y.XmlText).insert(5, ' EDIT'),
+      'editor',
+    );
+    Y.applyUpdate(shared, Y.encodeStateAsUpdate(editor), 'editor');
+
+    const handler = new CollaborationHandler();
+    await handler.getHandlers(hocuspocus).gitSyncWriteBody('page.x', {
+      prosemirrorJson: pmDoc('alpha', 'beta2'),
+      baseProsemirrorJson: pmDoc('alpha', 'beta'),
+      userId: 'svc-user',
+    });
+
+    // Human's block-0 edit AND git's block-1 change both survive on the editor.
+    expect(texts(editor.getXmlFragment('default'))).toEqual([
+      'alpha EDIT',
+      'beta2',
+    ]);
+  });
+
+  it('crash-safe: a transform failure never opens the connection or mutates the live doc', async () => {
+    const { hocuspocus, shared } = fakeHocuspocus([{ text: 'alpha', id: 'p1' }]);
+    const before = texts(shared.getXmlFragment('default'));
+    const handler = new CollaborationHandler();
+
+    await expect(
+      handler.getHandlers(hocuspocus).gitSyncWriteBody('page.x', {
+        prosemirrorJson: { __throw: true } as any,
+        userId: 'svc-user',
+      }),
+    ).rejects.toThrow('boom');
+
+    // The incoming doc is built BEFORE opening the connection, so the throw
+    // happens first: the live doc is untouched and no connection was opened.
+    expect(hocuspocus.openDirectConnection).not.toHaveBeenCalled();
+    expect(texts(shared.getXmlFragment('default'))).toEqual(before);
+  });
+
+  it('falls back to a 2-way merge when no base is supplied', async () => {
+    const { hocuspocus, shared, editor } = fakeHocuspocus([
+      { text: 'alpha', id: 'p1' },
+    ]);
+    const handler = new CollaborationHandler();
+
+    await handler.getHandlers(hocuspocus).gitSyncWriteBody('page.x', {
+      prosemirrorJson: pmDoc('alpha', 'gamma'),
+      userId: 'svc-user',
+    });
+
+    expect(texts(shared.getXmlFragment('default'))).toEqual(['alpha', 'gamma']);
+    expect(texts(editor.getXmlFragment('default'))).toEqual(['alpha', 'gamma']);
+  });
+});

apps/server/src/collaboration/collaboration.handler.ts

@@ -8,6 +8,10 @@ import {
 import { setYjsMark, updateYjsMarkAttribute, YjsSelection } from './yjs.util';
 import * as Y from 'yjs';
 import { User } from '@docmost/db/types/entity.types';
+import {
+  mergeXmlFragments,
+  mergeXmlFragments3Way,
+} from '../integrations/git-sync/services/yjs-body-merge';
 
 export type CollabEventHandlers = ReturnType<
   CollaborationHandler['getHandlers']
@@ -112,6 +116,69 @@ export class CollaborationHandler {
           },
         );
       },
+      /**
+       * Git-sync body write, applied as a block-level MERGE into the LIVE doc on
+       * the instance that OWNS it (routed here via the custom-event channel —
+       * see CollaborationGateway.writePageBody). Running on the owning instance
+       * is what makes a connected editor CONVERGE: the merge mutates the shared
+       * Document, whose update is broadcast to every connection, so the editor's
+       * CRDT applies the git change instead of silently reverting it on its next
+       * autosave (the data-loss bug this fixes).
+       *
+       * With a `baseProsemirrorJson` (the last-synced common ancestor) it does a
+       * THREE-WAY merge — a block only the human changed is kept, a block only
+       * git changed is taken (conflicts -> git). Without a base it falls back to
+       * the 2-way merge.
+       */
+      gitSyncWriteBody: async (
+        documentName: string,
+        payload: {
+          prosemirrorJson: any;
+          baseProsemirrorJson?: any;
+          userId: string;
+        },
+      ) => {
+        const { prosemirrorJson, baseProsemirrorJson, userId } = payload;
+
+        // Build the incoming (and base) Yjs docs BEFORE opening the connection /
+        // touching the live doc. If a transform throws (a malformed/unsupported
+        // doc) we must NOT have mutated the live body — otherwise a conversion
+        // failure could leave the page empty (crash-safe conversion).
+        const targetDoc = TiptapTransformer.toYdoc(
+          prosemirrorJson,
+          'default',
+          tiptapExtensions,
+        );
+        const baseDoc =
+          baseProsemirrorJson != null
+            ? TiptapTransformer.toYdoc(
+                baseProsemirrorJson,
+                'default',
+                tiptapExtensions,
+              )
+            : null;
+
+        // actor:'git-sync' + the service user flow into PersistenceExtension
+        // (lastUpdatedSource='git-sync', lastUpdatedById=userId).
+        await this.withYdocConnection(
+          hocuspocus,
+          documentName,
+          { actor: 'git-sync', user: { id: userId } },
+          (doc) => {
+            const liveFrag = doc.getXmlFragment('default');
+            const targetFrag = targetDoc.getXmlFragment('default');
+            if (baseDoc) {
+              mergeXmlFragments3Way(
+                liveFrag,
+                targetFrag,
+                baseDoc.getXmlFragment('default'),
+              );
+            } else {
+              mergeXmlFragments(liveFrag, targetFrag);
+            }
+          },
+        );
+      },
     };
   }
 

apps/server/src/collaboration/extensions/persistence-store.spec.ts

@@ -182,46 +182,4 @@ describe('PersistenceExtension.onStoreDocument — Approach-A boundary snapshot'
     expect(pageHistoryRepo.saveHistory).not.toHaveBeenCalled();
     expect(historyQueue.add).not.toHaveBeenCalled();
   });
-
-  // persist-1 — a transient DB failure during store must not silently lose the
-  // edit. hocuspocus unloads (destroys) the in-memory Y.Doc right after this
-  // hook resolves, so the store has to retry while it still holds the only copy.
-  it('retries a transient DB failure and still persists the edit (persist-1)', async () => {
-    const document = ydocFor(doc('NEW HUMAN CONTENT'));
-    pageRepo.findById.mockResolvedValue(persistedHumanPage('NEW HUMAN CONTENT'));
-    let attempts = 0;
-    pageRepo.updatePage.mockImplementation(async () => {
-      attempts += 1;
-      if (attempts === 1) throw new Error('deadlock detected'); // transient
-      callOrder.push('updatePage');
-    });
-
-    await ext.onStoreDocument(buildData(document, 'user') as any);
-
-    // First attempt failed and rolled back; the retry persisted the edit.
-    expect(pageRepo.updatePage).toHaveBeenCalledTimes(2);
-    // The edit WAS saved, so the post-store success path runs as normal.
-    expect((document as any).broadcastStateless).toHaveBeenCalledTimes(1);
-    expect(historyQueue.add).toHaveBeenCalledTimes(1);
-  });
-
-  // persist-1 — when every attempt fails the hook must NOT report a phantom
-  // success: no "page.updated" badge broadcast and no history snapshot for
-  // content that was never written.
-  it('does not run post-store side effects when every store attempt fails (persist-1)', async () => {
-    const document = ydocFor(doc('NEW HUMAN CONTENT'));
-    pageRepo.findById.mockResolvedValue(persistedHumanPage('NEW HUMAN CONTENT'));
-    pageRepo.updatePage.mockRejectedValue(new Error('connection reset'));
-
-    await expect(
-      ext.onStoreDocument(buildData(document, 'user') as any),
-    ).resolves.toBeUndefined();
-
-    // Bounded retry exhausted (MAX_STORE_ATTEMPTS).
-    expect(pageRepo.updatePage).toHaveBeenCalledTimes(3);
-    // No false-success: nothing downstream fires for the unsaved content.
-    expect((document as any).broadcastStateless).not.toHaveBeenCalled();
-    expect(historyQueue.add).not.toHaveBeenCalled();
-    expect(aiQueue.add).not.toHaveBeenCalled();
-  });
 });

apps/server/src/collaboration/extensions/persistence.extension.spec.ts

@@ -0,0 +1,208 @@
+// Stub collaboration.util so importing the extension does not drag in the
+// editor-ext -> @tiptap/react -> react-dom graph (unloadable under jest's node
+// env, same coupling the gitmost-datasource / mcp specs document). The
+// extension only calls getPageId, jsonToText and isEmptyParagraphDoc from it on
+// the store path; tiptapExtensions is unused by onStoreDocument.
+jest.mock('../collaboration.util', () => ({
+  tiptapExtensions: [],
+  getPageId: (name: string) => name.replace(/^page\./, ''),
+  jsonToText: () => 'text',
+  isEmptyParagraphDoc: () => false,
+  // The post-write mention extraction walks the doc via jsonToNode().descendants;
+  // return a node-like stub with no descendants so no mentions are produced
+  // (mention handling is out of scope here — we only assert provenance).
+  jsonToNode: () => ({ descendants: () => undefined }),
+}));
+
+// Control the Yjs<->JSON bridge: fromYdoc returns the "incoming" doc the writer
+// is storing. We keep it distinct from the page's persisted content so the
+// no-op guard (isDeepStrictEqual) never short-circuits the write.
+const INCOMING_JSON = { type: 'doc', content: [{ type: 'paragraph' }, { t: 1 }] };
+jest.mock('@hocuspocus/transformer', () => ({
+  TiptapTransformer: {
+    fromYdoc: jest.fn(() => INCOMING_JSON),
+    toYdoc: jest.fn(),
+  },
+}));
+
+// Run the executeTx callback inline with a passthrough trx.
+jest.mock('@docmost/db/utils', () => ({
+  executeTx: jest.fn(async (_db: any, cb: any) => cb({} as any)),
+}));
+
+import * as Y from 'yjs';
+import { PersistenceExtension } from './persistence.extension';
+import {
+  onChangePayload,
+  onStoreDocumentPayload,
+} from '@hocuspocus/server';
+
+/**
+ * Provenance-precedence coverage for PersistenceExtension.onStoreDocument
+ * (test-strategy Module 4 / item #2): the contract `agent > git-sync > user`,
+ * plus the negative that a git-sync store does NOT pin a boundary history
+ * snapshot. We drive the precedence through the real public method (onChange to
+ * arm the sticky agent marker, then onStoreDocument), mocking the repos / db /
+ * Yjs bridge so no real database or collab server is needed. The store's
+ * persisted `lastUpdatedSource` and the saveHistory call are the observable
+ * outputs.
+ */
+describe('PersistenceExtension.onStoreDocument — provenance precedence (#2)', () => {
+  const DOCUMENT_NAME = 'page.page-1';
+  const PAGE_ID = 'page-1';
+
+  // `page.content` differs from INCOMING_JSON so the write is never skipped.
+  const persistedPage = (overrides?: { lastUpdatedSource?: string }) => ({
+    id: PAGE_ID,
+    slugId: 'slug-1',
+    spaceId: 'space-1',
+    workspaceId: 'ws-1',
+    creatorId: 'creator-1',
+    contributorIds: ['creator-1'],
+    content: { type: 'doc', content: [{ type: 'paragraph', content: [] }] },
+    lastUpdatedSource: overrides?.lastUpdatedSource ?? 'user',
+    createdAt: new Date(),
+  });
+
+  const build = (pageOverrides?: { lastUpdatedSource?: string }) => {
+    const pageRepo = {
+      findById: jest.fn().mockResolvedValue(persistedPage(pageOverrides)),
+      updatePage: jest.fn().mockResolvedValue({ numUpdatedRows: 1n }),
+    };
+    const pageHistoryRepo = {
+      // No prior snapshot -> humanBaselineMissing is true, so the ONLY thing
+      // gating the boundary snapshot in these tests is the source precedence.
+      findPageLastHistory: jest.fn().mockResolvedValue(null),
+      saveHistory: jest.fn().mockResolvedValue(undefined),
+    };
+    const aiQueue = { add: jest.fn().mockResolvedValue(undefined) };
+    const historyQueue = { add: jest.fn().mockResolvedValue(undefined) };
+    const notificationQueue = { add: jest.fn().mockResolvedValue(undefined) };
+    const collabHistory = {
+      addContributors: jest.fn().mockResolvedValue(undefined),
+    };
+    const transclusionService = {
+      syncPageTransclusions: jest.fn().mockResolvedValue(undefined),
+      syncPageReferences: jest.fn().mockResolvedValue(undefined),
+      syncPageTemplateReferences: jest.fn().mockResolvedValue(undefined),
+    };
+
+    const ext = new PersistenceExtension(
+      pageRepo as any,
+      pageHistoryRepo as any,
+      {} as any, // db
+      aiQueue as any,
+      historyQueue as any,
+      notificationQueue as any,
+      collabHistory as any,
+      transclusionService as any,
+    );
+
+    return { ext, pageRepo, pageHistoryRepo, historyQueue };
+  };
+
+  // A real Y.Doc is required for Y.encodeStateAsUpdate(document); broadcastStateless
+  // is a no-op spy. The fromYdoc bridge is mocked, so the doc's contents are
+  // irrelevant to the JSON path.
+  const makeStorePayload = (context: any): onStoreDocumentPayload =>
+    ({
+      documentName: DOCUMENT_NAME,
+      document: Object.assign(new Y.Doc(), {
+        broadcastStateless: jest.fn(),
+      }),
+      context,
+    }) as any;
+
+  const makeChangePayload = (actor: string): onChangePayload =>
+    ({
+      documentName: DOCUMENT_NAME,
+      context: { user: { id: 'user-1' }, actor },
+    }) as any;
+
+  const sourceOf = (pageRepo: { updatePage: jest.Mock }) =>
+    pageRepo.updatePage.mock.calls[0][0].lastUpdatedSource;
+
+  it("tags 'user' for a plain write (no agent touch, no git-sync actor)", async () => {
+    const { ext, pageRepo } = build();
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'user-1' }, actor: 'user' }),
+    );
+
+    expect(sourceOf(pageRepo)).toBe('user');
+  });
+
+  it("tags 'git-sync' when the writer's actor is 'git-sync' and no agent touched the window", async () => {
+    const { ext, pageRepo } = build();
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'svc-user' }, actor: 'git-sync' }),
+    );
+
+    expect(sourceOf(pageRepo)).toBe('git-sync');
+  });
+
+  it("keeps 'git-sync' for an explicit git-sync store even with a sticky agent marker (#14 loop-guard)", async () => {
+    const { ext, pageRepo } = build();
+
+    // An agent edit landed earlier in the coalescing window (sticky marker),
+    // then a git-sync writer performs the store. Red-team finding #14: an
+    // EXPLICIT current-write actor is authoritative for THIS write, so the
+    // store must stay 'git-sync' — otherwise the PageChangeListener loop-guard
+    // (keyed on lastUpdatedSource === 'git-sync') fails to recognize git-sync's
+    // own write and re-exports it. Explicit 'agent' still wins (see below); the
+    // sticky marker only promotes a plain human writer to 'agent'.
+    await ext.onChange(makeChangePayload('agent'));
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'svc-user' }, actor: 'git-sync' }),
+    );
+
+    expect(sourceOf(pageRepo)).toBe('git-sync');
+  });
+
+  it("tags 'agent' when the storing writer itself is the agent (no prior onChange)", async () => {
+    const { ext, pageRepo } = build();
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'agent-user' }, actor: 'agent' }),
+    );
+
+    expect(sourceOf(pageRepo)).toBe('agent');
+  });
+
+  // --- negative: a git-sync store must NOT pin a boundary history snapshot ----
+  // The boundary-snapshot branch only fires when the resolved source is 'agent'
+  // AND the prior persisted source is not 'agent'. A git-sync store resolves to
+  // 'git-sync', so saveHistory must NOT be called.
+  it('does NOT write a boundary history snapshot for a git-sync store', async () => {
+    const { ext, pageHistoryRepo } = build({ lastUpdatedSource: 'user' });
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'svc-user' }, actor: 'git-sync' }),
+    );
+
+    expect(pageHistoryRepo.saveHistory).not.toHaveBeenCalled();
+  });
+
+  it('DOES pin a boundary snapshot for an agent store over a prior human state (control)', async () => {
+    // Confirms the negative above is meaningful: under the SAME mocks, an agent
+    // store over a 'user' baseline DOES trigger the boundary snapshot.
+    const { ext, pageHistoryRepo } = build({ lastUpdatedSource: 'user' });
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'agent-user' }, actor: 'agent' }),
+    );
+
+    expect(pageHistoryRepo.saveHistory).toHaveBeenCalledTimes(1);
+  });
+
+  it('does NOT pin a boundary snapshot for a plain user store', async () => {
+    const { ext, pageHistoryRepo } = build({ lastUpdatedSource: 'user' });
+
+    await ext.onStoreDocument(
+      makeStorePayload({ user: { id: 'user-1' }, actor: 'user' }),
+    );
+
+    expect(pageHistoryRepo.saveHistory).not.toHaveBeenCalled();
+  });
+});

apps/server/src/collaboration/extensions/persistence.extension.ts

@@ -52,7 +52,17 @@ export function resolveSource(
   stickyTouched: boolean,
   contextActor?: string,
 ): ProvenanceSource {
-  return stickyTouched || contextActor === 'agent' ? 'agent' : 'user';
+  // An EXPLICIT current-write actor is authoritative for THIS write and wins
+  // over the sticky-agent fallback. Order: explicit 'agent' > explicit
+  // 'git-sync' > sticky agent marker > plain human 'user'. The git-sync case
+  // must NOT be masked by the sticky marker, or the PageChangeListener
+  // loop-guard (which keys on lastUpdatedSource === 'git-sync') would re-export
+  // git-sync's own writes (#14). Explicit agent still wins so a window that
+  // mixed an agent edit stays tagged 'agent'.
+  if (contextActor === 'agent') return 'agent';
+  if (contextActor === 'git-sync') return 'git-sync';
+  if (stickyTouched) return 'agent';
+  return 'user';
 }
 
 /**
@@ -176,118 +186,93 @@ export class PersistenceExtension implements Extension {
     // Sticky agent marker: 'agent' if any agent edit landed in this window, OR
     // if the current writer is the agent (covers a store with no prior onChange
     // agent event in the same window). §15 H2.
+    // Provenance precedence: agent > git-sync > user (see resolveSource). A
+    // 'git-sync' store is NOT given an immediate history snapshot — it is
+    // debounced like a human edit (a git-sync write is a block-level merge into
+    // the live doc, so it reads like an incremental human edit, not a bulk
+    // import that would warrant its own immediate snapshot).
     const lastUpdatedSource = resolveSource(
       this.consumeAgentTouched(documentName),
       context?.actor,
     );
 
-    // Persist with a small bounded retry. The in-memory Y.Doc is the ONLY copy
-    // of the latest edit until this hook returns: hocuspocus destroys/unloads the
-    // doc right after onStoreDocument resolves (see storeDocumentHooks' finally
-    // -> unloadDocument). If a transient DB error (deadlock, serialization
-    // failure, dropped connection) is merely logged and swallowed, the function
-    // resolves "successfully", the doc is unloaded, and the edit is lost silently
-    // (#206 persist-1). Retrying here re-attempts the write while we still hold
-    // the doc; on total failure we clear `page` so the post-store side effects
-    // (badge broadcast, history snapshot) never report a save that didn't happen.
-    const MAX_STORE_ATTEMPTS = 3;
-    for (let attempt = 1; attempt <= MAX_STORE_ATTEMPTS; attempt++) {
-      try {
-        await executeTx(this.db, async (trx) => {
-          page = await this.pageRepo.findById(pageId, {
-            withLock: true,
-            includeContent: true,
-            trx,
-          });
-
-          if (!page) {
-            this.logger.error(`Page with id ${pageId} not found`);
-            return;
-          }
-
-          if (isDeepStrictEqual(tiptapJson, page.content)) {
-            page = null;
-            return;
-          }
-
-          let contributorIds = undefined;
-          try {
-            const existingContributors = page.contributorIds || [];
-            contributorIds = Array.from(
-              new Set([
-                ...existingContributors,
-                ...editingUserIds,
-                page.creatorId,
-              ]),
-            );
-          } catch (err) {
-            //this.logger.debug('Contributors error:' + err?.['message']);
-          }
-
-          // Approach A — boundary snapshot before the agent's first edit.
-          // When this store is the agent's and the page's currently persisted
-          // state was authored by a human, pin that human state as its own
-          // history version BEFORE the agent overwrites it. `page` still holds
-          // the OLD content/provenance here, so saveHistory(page) captures the
-          // pre-agent state tagged 'user'. The agent's new content is
-          // snapshotted later by the debounced PAGE_HISTORY job ('agent'). Skip
-          // if the prior state is already agent-authored (boundary already
-          // pinned on the user->agent transition), if the page is effectively
-          // empty, or if the latest existing snapshot already equals this human
-          // state (avoid duplicates).
-          if (
-            lastUpdatedSource === 'agent' &&
-            page.lastUpdatedSource !== 'agent'
-          ) {
-            const lastHistory = await this.pageHistoryRepo.findPageLastHistory(
-              pageId,
-              { includeContent: true, trx },
-            );
-            const humanBaselineMissing =
-              !lastHistory ||
-              !isDeepStrictEqual(lastHistory.content, page.content);
-            if (
-              !isEmptyParagraphDoc(page.content as any) &&
-              humanBaselineMissing
-            ) {
-              await this.pageHistoryRepo.saveHistory(page, {
-                contributorIds: page.contributorIds ?? undefined,
-                trx,
-              });
-            }
-          }
-
-          await this.pageRepo.updatePage(
-            {
-              content: tiptapJson,
-              textContent: textContent,
-              ydoc: ydocState,
-              lastUpdatedById: context.user.id,
-              // Human stays the responsible author; these annotate the source.
-              lastUpdatedSource,
-              lastUpdatedAiChatId: context?.aiChatId ?? null,
-              contributorIds: contributorIds,
-            },
-            pageId,
-            trx,
-          );
-
-          this.logger.debug(`Page updated: ${pageId} - SlugId: ${page.slugId}`);
+    try {
+      await executeTx(this.db, async (trx) => {
+        page = await this.pageRepo.findById(pageId, {
+          withLock: true,
+          includeContent: true,
+          trx,
         });
-        break;
-      } catch (err) {
-        this.logger.error(
-          `Failed to update page ${pageId} (attempt ${attempt}/${MAX_STORE_ATTEMPTS})`,
-          err,
-        );
-        // The write failed and rolled back; clear the partially-assigned `page`
-        // so the post-store success branch below is skipped (no false "saved"
-        // broadcast / history snapshot for content that was never persisted).
-        page = null;
-        if (attempt < MAX_STORE_ATTEMPTS) {
-          await new Promise((resolve) => setTimeout(resolve, attempt * 50));
+
+        if (!page) {
+          this.logger.error(`Page with id ${pageId} not found`);
+          return;
         }
-      }
+
+        if (isDeepStrictEqual(tiptapJson, page.content)) {
+          page = null;
+          return;
+        }
+
+        let contributorIds = undefined;
+        try {
+          const existingContributors = page.contributorIds || [];
+          contributorIds = Array.from(
+            new Set([
+              ...existingContributors,
+              ...editingUserIds,
+              page.creatorId,
+            ]),
+          );
+        } catch (err) {
+          //this.logger.debug('Contributors error:' + err?.['message']);
+        }
+
+        // Approach A — boundary snapshot before the agent's first edit.
+        // When this store is the agent's and the page's currently persisted
+        // state was authored by a human, pin that human state as its own
+        // history version BEFORE the agent overwrites it. `page` still holds the
+        // OLD content/provenance here, so saveHistory(page) captures the
+        // pre-agent state tagged 'user'. The agent's new content is snapshotted
+        // later by the debounced PAGE_HISTORY job ('agent'). Skip if the prior
+        // state is already agent-authored (boundary already pinned on the
+        // user->agent transition), if the page is effectively empty, or if the
+        // latest existing snapshot already equals this human state (avoid
+        // duplicates).
+        if (lastUpdatedSource === 'agent' && page.lastUpdatedSource !== 'agent') {
+          const lastHistory = await this.pageHistoryRepo.findPageLastHistory(
+            pageId,
+            { includeContent: true, trx },
+          );
+          const humanBaselineMissing =
+            !lastHistory || !isDeepStrictEqual(lastHistory.content, page.content);
+          if (!isEmptyParagraphDoc(page.content as any) && humanBaselineMissing) {
+            await this.pageHistoryRepo.saveHistory(page, {
+              contributorIds: page.contributorIds ?? undefined,
+              trx,
+            });
+          }
+        }
+
+        await this.pageRepo.updatePage(
+          {
+            content: tiptapJson,
+            textContent: textContent,
+            ydoc: ydocState,
+            lastUpdatedById: context.user.id,
+            // Human stays the responsible author; these annotate the source.
+            lastUpdatedSource,
+            lastUpdatedAiChatId: context?.aiChatId ?? null,
+            contributorIds: contributorIds,
+          },
+          pageId,
+          trx,
+        );
+
+        this.logger.debug(`Page updated: ${pageId} - SlugId: ${page.slugId}`);
+      });
+    } catch (err) {
+      this.logger.error(`Failed to update page ${pageId}`, err);
     }
 
     if (page) {

apps/server/src/collaboration/extensions/redis-sync/redis-sync.extension.spec.ts

@@ -0,0 +1,208 @@
+// Regression coverage for the custom-event request/reply protocol in the
+// RedisSyncExtension. git-sync routes its body write through a custom event
+// (`gitSyncWriteBody`) which, when the target doc is owned by a DIFFERENT collab
+// instance, runs REMOTELY inside `handleRedisMessage` on the owning instance. The
+// remote handler can THROW (markdown->ProseMirror transform on a malformed body).
+//
+// Before the fix the throw was uncaught: (1) no `customEventComplete` reply was
+// published, so the origin's awaiting promise only rejected after `customEventTTL`
+// (~30s) as a generic 'TIMEOUT', and (2) an unhandledRejection escaped the async
+// `messageBuffer` listener on the owning instance. These tests assert the throw is
+// turned into an error-carrying reply that rejects the origin PROMPTLY with the
+// real message, with the no-throw and local paths unchanged.
+
+import { RedisSyncExtension } from './redis-sync.extension';
+
+type Listener = (channel: Buffer, message: Buffer) => unknown;
+
+// Minimal in-memory pub/sub + lock store shared across FakeRedis duplicates,
+// modelling the two-instance topology (origin + owner) over one Redis.
+class FakeRedisBus {
+  instances: FakeRedis[] = [];
+  locks = new Map<string, string>();
+  published: { channel: string; message: Buffer }[] = [];
+
+  register(inst: FakeRedis) {
+    this.instances.push(inst);
+  }
+
+  publish(channel: string, message: Buffer) {
+    this.published.push({ channel, message });
+    for (const inst of this.instances) {
+      if (!inst.subscribed.has(channel)) continue;
+      for (const listener of inst.messageListeners) {
+        // ioredis delivers async; `void` mirrors the production listener
+        // registration (`sub.on('messageBuffer', ...)`), whose rejection would
+        // surface as an unhandledRejection if the handler did not catch.
+        void listener(Buffer.from(channel), message);
+      }
+    }
+  }
+}
+
+class FakeRedis {
+  subscribed = new Set<string>();
+  messageListeners: Listener[] = [];
+
+  constructor(private bus: FakeRedisBus) {
+    bus.register(this);
+  }
+
+  duplicate() {
+    return new FakeRedis(this.bus);
+  }
+
+  subscribe(...channels: string[]) {
+    for (const c of channels) this.subscribed.add(c);
+    return Promise.resolve();
+  }
+
+  on(event: string, cb: any) {
+    if (event === 'messageBuffer') this.messageListeners.push(cb as Listener);
+    return this;
+  }
+
+  publish(channel: string, message: Buffer) {
+    this.bus.publish(channel, message);
+    return Promise.resolve(1);
+  }
+
+  // Models `SET key val PX ttl NX GET`: only writes when absent (NX); returns the
+  // previous value (GET) so the origin observes the owner already holding the lock.
+  set(key: string, val: string, ...args: any[]) {
+    const hasNX = args.includes('NX');
+    const hasGET = args.includes('GET');
+    const old = this.bus.locks.get(key) ?? null;
+    if (!hasNX || old === null) this.bus.locks.set(key, val);
+    return Promise.resolve(hasGET ? old : 'OK');
+  }
+
+  del(key: string) {
+    this.bus.locks.delete(key);
+    return Promise.resolve(1);
+  }
+
+  disconnect() {}
+}
+
+const pack = (m: any) => Buffer.from(JSON.stringify(m));
+const unpack = (b: Buffer) => JSON.parse(b.toString());
+
+function makeExtension(
+  bus: FakeRedisBus,
+  serverId: string,
+  customEvents: Record<string, (doc: string, payload: any) => Promise<any>>,
+) {
+  const ext = new RedisSyncExtension({
+    redis: new FakeRedis(bus) as any,
+    pack: pack as any,
+    unpack: unpack as any,
+    serverId,
+    customEvents: customEvents as any,
+    customEventTTL: 30_000,
+  });
+  // Doc is NOT loaded on this instance -> handleEvent takes the remote/proxy path.
+  (ext as any).instance = { documents: new Map() };
+  return ext;
+}
+
+describe('RedisSyncExtension custom-event error propagation', () => {
+  let unhandled: unknown[];
+  let onUnhandled: (e: unknown) => void;
+
+  beforeEach(() => {
+    // Fake timers so the 30s TTL fallback timer never fires (and never dangles).
+    jest.useFakeTimers();
+    unhandled = [];
+    onUnhandled = (e) => unhandled.push(e);
+    process.on('unhandledRejection', onUnhandled);
+  });
+
+  afterEach(() => {
+    process.off('unhandledRejection', onUnhandled);
+    jest.useRealTimers();
+  });
+
+  const flush = async () => {
+    for (let i = 0; i < 10; i++) await Promise.resolve();
+  };
+
+  it('owner publishes an error-carrying reply (no unhandledRejection) when the remote handler throws', async () => {
+    const bus = new FakeRedisBus();
+    const owner = makeExtension(bus, 'owner', {
+      boom: async () => {
+        throw new Error('kaboom');
+      },
+    });
+
+    // Drive the remote branch directly, as if the origin's customEventStart arrived.
+    await (owner as any).handleRedisMessage(
+      Buffer.from('collabMsg:owner'),
+      pack({
+        type: 'customEventStart',
+        documentName: 'page.x',
+        eventName: 'boom',
+        payload: {},
+        replyTo: 'collabMsg:origin',
+        replyId: 7,
+      }),
+    );
+    await flush();
+
+    const replies = bus.published
+      .filter((p) => p.channel === 'collabMsg:origin')
+      .map((p) => unpack(p.message));
+    expect(replies).toHaveLength(1);
+    expect(replies[0]).toMatchObject({
+      type: 'customEventComplete',
+      replyId: 7,
+      error: 'kaboom',
+    });
+    expect(unhandled).toHaveLength(0);
+  });
+
+  it('origin rejects PROMPTLY with the real error (not a TTL TIMEOUT) when the remote handler throws', async () => {
+    const bus = new FakeRedisBus();
+    // Owner already holds the document lock.
+    bus.locks.set('collabLock:page.x', 'owner');
+    makeExtension(bus, 'owner', {
+      boom: async () => {
+        throw new Error('kaboom');
+      },
+    });
+    const origin = makeExtension(bus, 'origin', {
+      boom: async () => undefined,
+    });
+
+    const promise = (origin as any).handleEvent('boom', 'page.x', { foo: 1 });
+    // Attach a catch immediately so a rejection is never momentarily unhandled.
+    const settled = promise.then(
+      () => ({ ok: true as const }),
+      (e: unknown) => ({ ok: false as const, error: e }),
+    );
+
+    await flush();
+    // Resolves WITHOUT advancing any timer -> the 30s TIMEOUT fallback did not fire.
+    const result = await settled;
+    expect(result.ok).toBe(false);
+    expect((result as any).error).toBeInstanceOf(Error);
+    expect(((result as any).error as Error).message).toBe('kaboom');
+    expect(unhandled).toHaveLength(0);
+  });
+
+  it('origin resolves with the payload when the remote handler succeeds (unchanged behavior)', async () => {
+    const bus = new FakeRedisBus();
+    bus.locks.set('collabLock:page.x', 'owner');
+    makeExtension(bus, 'owner', {
+      ok: async (_doc: string, payload: any) => ({ echoed: payload }),
+    });
+    const origin = makeExtension(bus, 'origin', {
+      ok: async () => undefined,
+    });
+
+    const promise = (origin as any).handleEvent('ok', 'page.x', { foo: 1 });
+    await flush();
+    await expect(promise).resolves.toEqual({ echoed: { foo: 1 } });
+    expect(unhandled).toHaveLength(0);
+  });
+});

apps/server/src/collaboration/extensions/redis-sync/redis-sync.extension.ts

@@ -51,9 +51,15 @@ export class RedisSyncExtension<TCE extends CustomEvents> implements Extension {
   private instance!: Hocuspocus;
   private readonly customEvents: TCE;
   private replyIdCounter: number = 0;
-  // @ts-ignore
-  private pendingReplies: Record<number, PromiseWithResolvers<any>['resolve']> =
-    {};
+  private pendingReplies: Record<
+    number,
+    {
+      // @ts-ignore
+      resolve: PromiseWithResolvers<any>['resolve'];
+      // @ts-ignore
+      reject: PromiseWithResolvers<any>['reject'];
+    }
+  > = {};
 
   constructor(configuration: Configuration<TCE>) {
     const {
@@ -176,25 +182,45 @@ export class RedisSyncExtension<TCE extends CustomEvents> implements Extension {
     }
     if (type === 'customEventStart') {
       const { documentName, eventName, payload, replyTo, replyId } = msg;
-      const res = await this.handleEventLocally(
-        eventName as Extract<keyof TCE, string>,
-        documentName,
-        payload,
-      );
-      const reply: RSAMessageCustomEventComplete = {
-        type: 'customEventComplete',
-        replyId,
-        payload: res,
-      };
+      let reply: RSAMessageCustomEventComplete;
+      try {
+        const res = await this.handleEventLocally(
+          eventName as Extract<keyof TCE, string>,
+          documentName,
+          payload,
+        );
+        reply = {
+          type: 'customEventComplete',
+          replyId,
+          payload: res,
+        };
+      } catch (err) {
+        // The remote handler threw (e.g. the markdown->ProseMirror transform in
+        // gitSyncWriteBody can throw on a malformed body). Reply with the error on
+        // the SAME correlation channel so the origin rejects promptly with the real
+        // message instead of waiting out customEventTTL as a generic 'TIMEOUT'.
+        // Catching here also keeps the throw from escaping this async messageBuffer
+        // listener as an unhandledRejection on the owning instance.
+        reply = {
+          type: 'customEventComplete',
+          replyId,
+          payload: undefined,
+          error: err instanceof Error ? err.message : String(err),
+        };
+      }
       this.pub.publish(`${replyTo}`, this.pack(reply));
       return;
     }
     if (type === 'customEventComplete') {
-      const { replyId, payload } = msg;
-      const resolveFn = this.pendingReplies[replyId];
-      if (!resolveFn) return;
+      const { replyId, payload, error } = msg;
+      const pending = this.pendingReplies[replyId];
+      if (!pending) return;
       delete this.pendingReplies[replyId];
-      resolveFn(payload);
+      if (error !== undefined) {
+        pending.reject(new Error(error));
+      } else {
+        pending.resolve(payload);
+      }
       return;
     }
     const { socketId } = msg;
@@ -273,11 +299,22 @@ export class RedisSyncExtension<TCE extends CustomEvents> implements Extension {
       };
       const msg = this.pack(proxyMessage);
       this.pub.publish(`${this.msgChannel}:${proxyTo}`, msg);
-      // @ts-ignore
-      const { promise, resolve, reject } = Promise.withResolvers();
-      this.pendingReplies[replyId] = resolve;
+      // Manual deferred (no Promise.withResolvers) so this runs on Node < 22 too.
+      let resolve!: (v: unknown) => void;
+      let reject!: (e: unknown) => void;
+      const promise = new Promise((res, rej) => {
+        resolve = res;
+        reject = rej;
+      });
+      this.pendingReplies[replyId] = { resolve, reject };
       setTimeout(() => {
-        reject('TIMEOUT');
+        // Fallback for a genuinely lost reply. A handler that threw now rejects
+        // promptly via the error-carrying customEventComplete above; this TIMEOUT
+        // only fires when no reply ever comes back.
+        if (this.pendingReplies[replyId]) {
+          delete this.pendingReplies[replyId];
+          reject('TIMEOUT');
+        }
       }, this.customEventTTL);
       return promise as Promise<ReturnType<TCE[TName]>>;
     }

apps/server/src/collaboration/extensions/redis-sync/redis-sync.types.ts

@@ -72,6 +72,10 @@ export type RSAMessageCustomEventComplete = {
   type: 'customEventComplete';
   replyId: number;
   payload: unknown;
+  // When the remote handler THREW, the owner sends back the error message here
+  // instead of a payload, so the origin can reject its awaiting promise promptly
+  // (with the real error) rather than waiting out the customEventTTL timeout.
+  error?: string;
 };
 
 export type RSAMessage =

apps/server/src/collaboration/extensions/redteam-provenance.spec.ts

@@ -0,0 +1,10 @@
+import { resolveSource } from './persistence.extension';
+
+// Red-team finding #14: an explicit git-sync write (no agent edit in the
+// coalescing window) must keep the 'git-sync' source so the git-sync
+// listener's loop-guard can recognize its own writes and not re-export them.
+describe('resolveSource — #14 git-sync provenance loop-guard', () => {
+  it('keeps git-sync source for an explicit git-sync write (stickyTouched=true, actor=git-sync)', () => {
+    expect(resolveSource(true, 'git-sync')).toBe('git-sync');
+  });
+});

apps/server/src/collaboration/git-sync-converter-gate.spec.ts

@@ -0,0 +1,535 @@
+/**
+ * JEST CONFIG NOTE (#119 ESM refactor): this is the one spec that needs the REAL
+ * `@docmost/git-sync` converter (not a mock). The package is now ESM, which jest
+ * cannot `require()` nor `import()` without --experimental-vm-modules, so the
+ * server jest config `moduleNameMapper`s `@docmost/git-sync` to its TS SOURCE and
+ * strips the ESM `.js` import suffixes. ts-jest then type-checks that source under
+ * the server's (looser) tsconfig and trips a benign narrowing; the global
+ * `isolatedModules: true` on the ts-jest transform (apps/server/package.json)
+ * makes it transpile-only so this spec loads. Full type-checking of the package
+ * is still enforced by its own `tsc`/vitest gates and the server `tsc --noEmit`.
+ *
+ * §13.1 IDEMPOTENCY GATE — the blocking gate for git-sync Phase B.
+ *
+ * Proves the `@docmost/git-sync` pure converter is schema-compatible
+ * with the server's REAL editor-ext document schema: a representative corpus of
+ * editor-ext ProseMirror documents must survive a full round trip through the
+ * actual server write path without losing any node / mark / attribute.
+ *
+ * Pipeline per document (issue #194 §13.1):
+ *   1. md   = convertProseMirrorToMarkdown(content)          // git-sync export
+ *   2. doc  = await markdownToProseMirror(md)                // git-sync import
+ *   3. push `doc` through the REAL editor-ext Yjs write path the server uses:
+ *        ydoc       = TiptapTransformer.toYdoc(doc, 'default', tiptapExtensions)
+ *        normalized = TiptapTransformer.fromYdoc(ydoc, 'default')
+ *      This is exactly what PersistenceExtension does on store
+ *      (apps/server/src/collaboration/extensions/persistence.extension.ts:96/115)
+ *      with the same `tiptapExtensions` (collaboration.util.ts) and the same
+ *      `@hocuspocus/transformer`, so the gate exercises the real schema
+ *      validation that runs on a git-sync write (issue #194 §3.3).
+ *   4. assert docsCanonicallyEqual(canon(original), canon(normalized)) === true
+ *
+ * Any node / mark / attr that editor-ext drops (because the git-sync
+ * docmost-schema named it differently, or declares a different default) makes
+ * the gate FAIL for that document — exactly the schema-divergence issue #194 §3.3 /
+ * §13.1 warn about. Genuine, irreducible divergences are isolated into the
+ * clearly-named `KNOWN DIVERGENCE` block at the bottom (never silently hidden).
+ *
+ * Requires the workspace packages built first:
+ *   pnpm --filter @docmost/editor-ext build
+ *   pnpm --filter @docmost/git-sync  build
+ */
+import { TiptapTransformer } from '@hocuspocus/transformer';
+// Import the server's real schema FIRST so `@docmost/editor-ext` resolves to its
+// built CJS `dist` (its `main`). The ESM-only `@docmost/git-sync` package is
+// mapped to its TS SOURCE by the jest `moduleNameMapper` (the built ESM cannot
+// be `require()`d nor dynamically `import()`ed under jest's node VM), so ts-jest
+// transpiles the real converter to CJS here — exercising the actual converter
+// the server ships, not a stub.
+import { tiptapExtensions } from './collaboration.util';
+import {
+  convertProseMirrorToMarkdown,
+  markdownToProseMirror,
+  canonicalizeContent,
+  docsCanonicallyEqual,
+} from '@docmost/git-sync';
+
+/**
+ * Run a single editor-ext document through the full gate pipeline and return
+ * the canonical original vs the canonical doc as it lands after the real Yjs
+ * write path, plus the intermediate markdown for diagnostics.
+ */
+async function runGate(original: any): Promise<{
+  md: string;
+  imported: any;
+  normalized: any;
+  canonOriginal: any;
+  canonNormalized: any;
+}> {
+  // 1) editor-ext JSON -> markdown (git-sync export).
+  const md = convertProseMirrorToMarkdown(original);
+
+  // 2) markdown -> ProseMirror JSON (git-sync import, docmost-schema).
+  const imported = await markdownToProseMirror(md);
+
+  // 3) push through the REAL editor-ext schema via the server's Yjs write path.
+  //    toYdoc validates `imported` against tiptapExtensions (throws on an
+  //    unknown node, drops unknown attrs); fromYdoc reads it back as the
+  //    normalized editor-ext JSON the server would persist.
+  const ydoc = TiptapTransformer.toYdoc(imported, 'default', tiptapExtensions);
+  const normalized = TiptapTransformer.fromYdoc(ydoc, 'default');
+
+  return {
+    md,
+    imported,
+    normalized,
+    canonOriginal: canonicalizeContent(original),
+    canonNormalized: canonicalizeContent(normalized),
+  };
+}
+
+const doc = (...content: any[]) => ({ type: 'doc', content });
+const text = (t: string, marks?: any[]) =>
+  marks ? { type: 'text', text: t, marks } : { type: 'text', text: t };
+const para = (...content: any[]) => ({ type: 'paragraph', content });
+
+// ---------------------------------------------------------------------------
+// Corpus: editor-ext ProseMirror documents covering the common node/mark types.
+// Node / mark / attr names and DEFAULTS are taken from the real schema —
+// editor-ext (packages/editor-ext/src) + the server's tiptapExtensions
+// (collaboration.util.ts) — NOT guessed. Where editor-ext materializes a
+// non-null default on import (e.g. image.align="center", callout.type, list
+// start) the fixture pre-authors that materialized value so the round trip is
+// already at its fixpoint (matches how the engine normalizes-on-write, SPEC §11).
+// ---------------------------------------------------------------------------
+const CORPUS: Record<string, any> = {
+  'paragraphs + headings (h1-h3)': doc(
+    { type: 'heading', attrs: { level: 1 }, content: [text('Heading one')] },
+    { type: 'heading', attrs: { level: 2 }, content: [text('Heading two')] },
+    { type: 'heading', attrs: { level: 3 }, content: [text('Heading three')] },
+    para(text('A plain paragraph of text.')),
+    para(text('Second paragraph.')),
+  ),
+
+  'inline marks (bold/italic/strike/code)': doc(
+    para(
+      text('normal '),
+      text('bold', [{ type: 'bold' }]),
+      text(' '),
+      text('italic', [{ type: 'italic' }]),
+      text(' '),
+      text('struck', [{ type: 'strike' }]),
+      text(' '),
+      text('code', [{ type: 'code' }]),
+    ),
+  ),
+
+  'links': doc(
+    para(
+      text('see '),
+      text('the site', [
+        { type: 'link', attrs: { href: 'https://example.com' } },
+      ]),
+      text(' for more'),
+    ),
+  ),
+
+  'bullet list': doc({
+    type: 'bulletList',
+    content: [
+      { type: 'listItem', content: [para(text('first'))] },
+      { type: 'listItem', content: [para(text('second'))] },
+      { type: 'listItem', content: [para(text('third'))] },
+    ],
+  }),
+
+  'ordered list': doc({
+    type: 'orderedList',
+    attrs: { start: 1 },
+    content: [
+      { type: 'listItem', content: [para(text('one'))] },
+      { type: 'listItem', content: [para(text('two'))] },
+    ],
+  }),
+
+  'task list (checkbox)': doc({
+    type: 'taskList',
+    content: [
+      {
+        type: 'taskItem',
+        attrs: { checked: true },
+        content: [para(text('done item'))],
+      },
+      {
+        type: 'taskItem',
+        attrs: { checked: false },
+        content: [para(text('todo item'))],
+      },
+    ],
+  }),
+
+  'blockquote': doc({
+    type: 'blockquote',
+    content: [para(text('a quoted line')), para(text('second quoted line'))],
+  }),
+
+  'callout (info)': doc({
+    type: 'callout',
+    attrs: { type: 'info' },
+    content: [para(text('an informational callout'))],
+  }),
+
+  'callout (warning)': doc({
+    type: 'callout',
+    attrs: { type: 'warning' },
+    content: [para(text('a warning callout'))],
+  }),
+
+  'code block (with language)': doc({
+    type: 'codeBlock',
+    attrs: { language: 'typescript' },
+    // A fenced code block's body is stored with a trailing newline (the form a
+    // markdown ``` fence round-trips to: marked normalizes the code text to end
+    // in "\n"). Authoring the fixture at that fixpoint mirrors how the engine
+    // normalizes-on-write (SPEC §11): codeBlock + `language` round-trip exactly.
+    content: [text('const a: number = 1;\nconsole.log(a);\n')],
+  }),
+
+  'horizontal rule': doc(
+    para(text('before')),
+    { type: 'horizontalRule' },
+    para(text('after')),
+  ),
+
+  'table (header row + cells)': doc({
+    type: 'table',
+    content: [
+      {
+        type: 'tableRow',
+        content: [
+          {
+            type: 'tableHeader',
+            attrs: { colspan: 1, rowspan: 1, colwidth: null },
+            content: [para(text('Name'))],
+          },
+          {
+            type: 'tableHeader',
+            attrs: { colspan: 1, rowspan: 1, colwidth: null },
+            content: [para(text('Value'))],
+          },
+        ],
+      },
+      {
+        type: 'tableRow',
+        content: [
+          {
+            type: 'tableCell',
+            attrs: { colspan: 1, rowspan: 1, colwidth: null },
+            content: [para(text('alpha'))],
+          },
+          {
+            type: 'tableCell',
+            attrs: { colspan: 1, rowspan: 1, colwidth: null },
+            content: [para(text('1'))],
+          },
+        ],
+      },
+    ],
+  }),
+
+  // --- editor-ext nodes/marks beyond the original corpus (item #7) ----------
+  // Each of these was verified to round-trip CLEANLY through the real gate
+  // (export -> markdown -> import -> editor-ext Yjs write path). Fixtures are
+  // pre-authored at the engine's normalize-on-write fixpoint (SPEC §11), e.g.
+  // details carries the materialized `open:false`, and color marks use the
+  // `rgb(...)` form the HTML re-parser normalizes to.
+
+  'mention (user)': doc(
+    para(
+      text('hi '),
+      {
+        type: 'mention',
+        attrs: {
+          id: 'user-123',
+          label: 'Alice',
+          entityType: 'user',
+          entityId: 'user-123',
+          creatorId: 'creator-1',
+        },
+      },
+      text(' there'),
+    ),
+  ),
+
+  'inline math': doc(
+    para(
+      text('inline '),
+      { type: 'mathInline', attrs: { text: 'x^2' } },
+      text(' math'),
+    ),
+  ),
+
+  'block math': doc({ type: 'mathBlock', attrs: { text: 'x^2 + y^2 = z^2' } }),
+
+  'details (collapsible)': doc({
+    type: 'details',
+    // `open:false` is the value editor-ext materializes on import; pre-authoring
+    // it puts the fixture at its round-trip fixpoint.
+    attrs: { open: false },
+    content: [
+      { type: 'detailsSummary', content: [text('Summary line')] },
+      { type: 'detailsContent', content: [para(text('hidden body'))] },
+    ],
+  }),
+
+  'highlight (mark, no color)': doc(
+    para(
+      text('a '),
+      text('highlighted', [{ type: 'highlight' }]),
+      text(' word'),
+    ),
+  ),
+
+  'highlight (mark, with color)': doc(
+    para(
+      text('a '),
+      text('red', [{ type: 'highlight', attrs: { color: 'rgb(255, 0, 0)' } }]),
+      text(' word'),
+    ),
+  ),
+
+  'subscript': doc(
+    para(text('H'), text('2', [{ type: 'subscript' }]), text('O')),
+  ),
+
+  'superscript': doc(
+    para(text('E=mc'), text('2', [{ type: 'superscript' }])),
+  ),
+
+  'text color (textStyle)': doc(
+    // The HTML re-parser normalizes CSS colors to the `rgb(...)` form, so the
+    // fixture pre-authors that form; a `#hex` color would round-trip to the
+    // equivalent rgb() and is therefore a value-normalization divergence (see
+    // the KNOWN DIVERGENCE block below).
+    para(text('green', [{ type: 'textStyle', attrs: { color: 'rgb(0, 255, 0)' } }])),
+  ),
+
+  'nested / mixed document': doc(
+    { type: 'heading', attrs: { level: 1 }, content: [text('Mixed')] },
+    para(
+      text('intro with '),
+      text('bold', [{ type: 'bold' }]),
+      text(' and a '),
+      text('link', [{ type: 'link', attrs: { href: 'https://example.com' } }]),
+      text('.'),
+    ),
+    {
+      type: 'bulletList',
+      content: [
+        {
+          type: 'listItem',
+          content: [
+            para(text('item with '), text('code', [{ type: 'code' }])),
+          ],
+        },
+        {
+          type: 'listItem',
+          content: [
+            para(text('item with sublist')),
+            {
+              type: 'bulletList',
+              content: [
+                { type: 'listItem', content: [para(text('nested a'))] },
+                { type: 'listItem', content: [para(text('nested b'))] },
+              ],
+            },
+          ],
+        },
+      ],
+    },
+    {
+      type: 'callout',
+      attrs: { type: 'success' },
+      content: [
+        para(text('callout body')),
+        { type: 'codeBlock', attrs: { language: 'bash' }, content: [text('echo hi\n')] },
+      ],
+    },
+    {
+      type: 'blockquote',
+      content: [para(text('quote at the end'))],
+    },
+  ),
+
+  // Atom embeds that carry no inline text: they must round-trip via their
+  // schema-matching HTML (data-type div), NOT a literal that re-imports as plain
+  // text. `subpages` used to export as the literal "{{SUBPAGES}}" and came back
+  // as visible text on the page (red-team round-trip data loss) — this locks it.
+  // editor-ext materializes the `recursive: false` default on import, so the
+  // fixture pre-authors it to sit at the round-trip fixpoint (matches the other
+  // default-materializing fixtures above).
+  'subpages embed': doc({ type: 'subpages', attrs: { recursive: false } }),
+};
+
+describe('git-sync converter §13.1 idempotency gate (editor-ext schema)', () => {
+  for (const [name, original] of Object.entries(CORPUS)) {
+    it(`round-trips losslessly: ${name}`, async () => {
+      const { md, canonOriginal, canonNormalized } = await runGate(original);
+
+      const equal = docsCanonicallyEqual(original, canonNormalized);
+      if (!equal) {
+        // Surface a readable diff so a real divergence is actionable.
+        // eslint-disable-next-line no-console
+        console.error(
+          `\n[GATE FAIL] ${name}\n--- markdown ---\n${md}\n` +
+            `--- canonical original ---\n${JSON.stringify(canonOriginal, null, 2)}\n` +
+            `--- canonical round-tripped ---\n${JSON.stringify(canonNormalized, null, 2)}\n`,
+        );
+      }
+      expect(equal).toBe(true);
+    });
+  }
+});
+
+// ---------------------------------------------------------------------------
+// KNOWN DIVERGENCE — images (isolated so it does NOT silently weaken the gate).
+//
+// This is NOT a schema-name divergence: the `image` NODE itself round-trips
+// through editor-ext fine (it survives toYdoc under the real tiptapExtensions).
+// The loss is intrinsic to MARKDOWN, the on-disk transport format git-sync uses:
+//
+//   1. `convertProseMirrorToMarkdown` emits a standard `![alt](src)` image
+//      (markdown-converter.ts case "image"). Standard markdown image syntax has
+//      no way to express `width` / `height` / `align`, so those attrs are
+//      DROPPED on export and cannot be recovered on import.
+//   2. A block-level image is hoisted out of its line by the HTML re-parser,
+//      leaving a leading EMPTY paragraph (the same block-image-hoist limitation
+//      documented in packages/git-sync/test/fixtures/known-limitations).
+//
+// The gate documents the EXACT lossy shape below. If the converter is ever
+// taught to preserve image dimensions (e.g. by emitting an HTML <img> with
+// data-* attrs, as it already does for video/diagrams), these assertions flip
+// and the image fixture should be promoted into the green CORPUS above.
+// ---------------------------------------------------------------------------
+describe('git-sync converter §13.1 image dimensions preserved (was KNOWN DIVERGENCE)', () => {
+  const imageDoc = doc({
+    type: 'image',
+    attrs: {
+      src: 'https://example.com/pic.png',
+      width: 640,
+      height: 480,
+      align: 'center',
+    },
+  });
+
+  it('preserves width/height/align by exporting an HTML <img> (PR #119 round-trip fix)', async () => {
+    const { md, canonNormalized } = await runGate(imageDoc);
+
+    // A top-level image carrying layout attrs is now exported as a schema-
+    // matching HTML <img> (the same path video/diagrams already use), so the
+    // dimensions and alignment survive the round trip instead of collapsing to
+    // bare `![](src)`.
+    expect(md.trim()).toBe(
+      '<img src="https://example.com/pic.png" width="640" height="480" align="center">',
+    );
+
+    // The round-tripped image keeps src + the layout attrs. width/height are
+    // re-imported as strings (matching the video/audio/pdf string convention),
+    // so assert the values rather than the JS type.
+    const imgAttrs = (canonNormalized as any).content[0].attrs;
+    expect((canonNormalized as any).content[0].type).toBe('image');
+    expect(imgAttrs.src).toBe('https://example.com/pic.png');
+    expect(imgAttrs.align).toBe('center');
+    expect(String(imgAttrs.width)).toBe('640');
+    expect(String(imgAttrs.height)).toBe('480');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// KNOWN DIVERGENCE — text alignment (item #7; isolated, not silently dropped).
+//
+// editor-ext registers TextAlign for heading+paragraph, and the SERVER schema
+// fully supports it — the loss is intrinsic to the MARKDOWN transport:
+//
+//   • A paragraph's `textAlign` is EXPORTED as `<div align="...">text</div>`
+//     (markdown-converter case "paragraph"), but on import the converter's
+//     docmost-schema declares `textAlign` WITHOUT a parseHTML mapping, so the
+//     `align` attribute is never recovered -> it imports as `textAlign:null`
+//     and canonicalizes away. A heading's alignment is not even exported.
+//   • Therefore any non-default alignment is dropped on a full round trip.
+//
+// If the converter is ever taught to parse `align`/`text-align` back onto the
+// block, this assertion flips and an aligned-paragraph fixture should be
+// promoted into the green CORPUS above.
+// ---------------------------------------------------------------------------
+describe('git-sync converter §13.1 KNOWN DIVERGENCE (text alignment dropped)', () => {
+  it('drops a paragraph textAlign on the markdown round trip', async () => {
+    const alignedDoc = doc({
+      type: 'paragraph',
+      attrs: { textAlign: 'center' },
+      content: [text('centered')],
+    });
+
+    const { canonNormalized } = await runGate(alignedDoc);
+
+    // The round-tripped paragraph carries no alignment.
+    expect(canonNormalized).toEqual({
+      type: 'doc',
+      content: [{ type: 'paragraph', content: [{ type: 'text', text: 'centered' }] }],
+    });
+    expect(docsCanonicallyEqual(alignedDoc, canonNormalized)).toBe(false);
+  });
+
+  it('drops a heading textAlign (headings do not export alignment at all)', async () => {
+    const alignedHeading = doc({
+      type: 'heading',
+      attrs: { level: 2, textAlign: 'center' },
+      content: [text('centered heading')],
+    });
+
+    const { md, canonNormalized } = await runGate(alignedHeading);
+
+    // Export is a plain markdown heading — no alignment syntax.
+    expect(md.trim()).toBe('## centered heading');
+    expect(docsCanonicallyEqual(alignedHeading, canonNormalized)).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// KNOWN DIVERGENCE — textStyle color is VALUE-NORMALIZED, not lost (item #7).
+//
+// The textStyle/color mark itself round-trips (the green CORPUS has the rgb()
+// form). But a `#hex` color is normalized to the equivalent `rgb(...)` string
+// by the HTML re-parser on import, and canonicalize.ts does NOT normalize color
+// formats — so a `#hex` original is not STRING-identical to its round trip even
+// though the color is semantically preserved. Locked here so the boundary is
+// explicit: author color fixtures in rgb() form to stay in the green corpus.
+// ---------------------------------------------------------------------------
+describe('git-sync converter §13.1 KNOWN DIVERGENCE (textStyle color #hex -> rgb)', () => {
+  it('normalizes a #hex text color to rgb() (semantically preserved, string-divergent)', async () => {
+    const hexDoc = doc(
+      para(text('green', [{ type: 'textStyle', attrs: { color: '#00ff00' } }])),
+    );
+
+    const { canonNormalized } = await runGate(hexDoc);
+
+    // Color survives, but as the normalized rgb() string.
+    expect(canonNormalized).toEqual({
+      type: 'doc',
+      content: [
+        {
+          type: 'paragraph',
+          content: [
+            {
+              type: 'text',
+              text: 'green',
+              marks: [{ type: 'textStyle', attrs: { color: 'rgb(0, 255, 0)' } }],
+            },
+          ],
+        },
+      ],
+    });
+    // Not string-identical to the #hex original.
+    expect(docsCanonicallyEqual(hexDoc, canonNormalized)).toBe(false);
+  });
+});

apps/server/src/common/decorators/auth-provenance.decorator.ts

@@ -9,6 +9,8 @@ import { ProvenanceSource } from '../../core/auth/dto/jwt-payload';
  * cannot fake an 'agent' marker.
  */
 export interface AuthProvenanceData {
+  // ProvenanceSource includes 'git-sync' — set by the in-process git-sync data
+  // plane (issue #194 §8.1) when it drives PageService writes; never from a request token.
   actor: ProvenanceSource;
   aiChatId: string | null;
 }
@@ -60,6 +62,14 @@ export function agentSourceFields<S extends string, C extends string>(
   sourceKey: S,
   chatKey: C,
 ): Partial<Record<S, ProvenanceSource> & Record<C, string | null>> {
+  // git-sync data-plane write (issue #194 §8.1): stamp the source 'git-sync' with NO
+  // aiChatId (it has no internal ai_chats row). Mirrors the agent branch; each
+  // write has a single actor, so precedence is irrelevant here.
+  if (provenance?.actor === 'git-sync') {
+    return { [sourceKey]: 'git-sync' } as Partial<
+      Record<S, ProvenanceSource> & Record<C, string | null>
+    >;
+  }
   if (provenance?.actor !== 'agent') return {};
   return {
     [sourceKey]: 'agent',

apps/server/src/core/ai-chat/ai-chat.service.spec.ts

@@ -275,12 +275,11 @@ describe('flushAssistant', () => {
     expect(f.toolCalls).not.toBeNull();
   });
 
-  it('completed: attaches finishReason + normalized usage + contextTokens + maxContextTokens', () => {
+  it('completed: attaches finishReason + normalized usage + contextTokens', () => {
     const f = flushAssistant([toolStep], '', 'completed', {
       finishReason: 'stop',
       usage: { inputTokens: 10, outputTokens: 5, totalTokens: 15 },
       contextTokens: 15,
-      maxContextTokens: 200000,
     });
     expect(f.status).toBe('completed');
     expect(f.metadata.finishReason).toBe('stop');
@@ -291,23 +290,6 @@ describe('flushAssistant', () => {
       reasoningTokens: undefined,
     });
     expect(f.metadata.contextTokens).toBe(15);
-    expect(f.metadata.maxContextTokens).toBe(200000);
-  });
-
-  it('completed: omits maxContextTokens when unset or 0', () => {
-    // No maxContextTokens in the extra (admin set no context window).
-    const f = flushAssistant([toolStep], '', 'completed', {
-      finishReason: 'stop',
-      contextTokens: 15,
-    });
-    expect('maxContextTokens' in f.metadata).toBe(false);
-    // Explicit 0 is treated the same as unset (no limit -> key omitted).
-    const f0 = flushAssistant([toolStep], '', 'completed', {
-      finishReason: 'stop',
-      contextTokens: 15,
-      maxContextTokens: 0,
-    });
-    expect('maxContextTokens' in f0.metadata).toBe(false);
   });
 
   it('error: records the error and a derived finishReason', () => {

apps/server/src/core/ai-chat/ai-chat.service.ts

@@ -616,10 +616,6 @@ export class AiChatService implements OnModuleInit {
               contextTokens:
                 (usage?.inputTokens ?? 0) + (usage?.outputTokens ?? 0) ||
                 undefined,
-              // Max context window for the chat header badge denominator;
-              // resolved from the admin-configured provider settings (in
-              // closure scope here). Omitted/0 = no limit.
-              maxContextTokens: resolved?.chatContextWindow,
             }),
           );
           // Lifecycle: release the external MCP clients leased for this turn.
@@ -1216,9 +1212,8 @@ export async function applyFinalize(
  * `metadata.parts` is built by assistantParts over the finished steps, then the
  * in-progress text appended as a trailing text part, so rowToUiMessage /
  * findRecent keep replaying the turn unchanged. `metadata.finishReason`,
- * `metadata.error`, `metadata.usage`, `metadata.contextTokens` and
- * `metadata.maxContextTokens` are attached only when provided/relevant, matching
- * the pre-#183 onFinish/onError records.
+ * `metadata.error`, `metadata.usage` and `metadata.contextTokens` are attached
+ * only when provided/relevant, matching the pre-#183 onFinish/onError records.
  */
 export function flushAssistant(
   capturedSteps: ReadonlyArray<StepLike> | undefined,
@@ -1228,7 +1223,6 @@ export function flushAssistant(
     finishReason?: string;
     usage?: ChatStreamUsage | StreamUsage | undefined;
     contextTokens?: number;
-    maxContextTokens?: number;
     error?: string;
   },
 ): AssistantFlush {
@@ -1259,8 +1253,6 @@ export function flushAssistant(
       normalizeStreamUsage(extra.usage as StreamUsage) ?? extra.usage;
   }
   if (extra?.contextTokens) metadata.contextTokens = extra.contextTokens;
-  if (extra?.maxContextTokens)
-    metadata.maxContextTokens = extra.maxContextTokens;
   if (extra?.error) metadata.error = extra.error;
 
   return {

apps/server/src/core/ai-chat/public-share-chat.controller.spec.ts

@@ -34,7 +34,6 @@ describe('resolveShareAssistantRequest (extracted controller funnel)', () => {
     resolveShareRole?: jest.Mock;
     getShareChatModel?: jest.Mock;
     tryConsumeWorkspaceQuota?: jest.Mock;
-    withinShareTokenBudget?: jest.Mock;
   } = {}) {
     const aiSettings = {
       isPublicShareAssistantEnabled: jest
@@ -66,8 +65,6 @@ describe('resolveShareAssistantRequest (extracted controller funnel)', () => {
         over.getShareChatModel ?? jest.fn().mockResolvedValue('MODEL'),
       tryConsumeWorkspaceQuota:
         over.tryConsumeWorkspaceQuota ?? jest.fn().mockResolvedValue(true),
-      withinShareTokenBudget:
-        over.withinShareTokenBudget ?? jest.fn().mockResolvedValue(true),
     };
     const deps: ShareAssistantDeps = {
       aiSettings: aiSettings as never,
@@ -194,39 +191,6 @@ describe('resolveShareAssistantRequest (extracted controller funnel)', () => {
     expect(publicShareChat.tryConsumeWorkspaceQuota).toHaveBeenCalledWith('ws-1');
   });
 
-  it('withinShareTokenBudget false => 429 thrown BEFORE any stream (cost cap, #159 #5)', async () => {
-    const { deps, publicShareChat } = makeDeps({
-      withinShareTokenBudget: jest.fn().mockResolvedValue(false),
-    });
-    expect(await statusOf(deps, body())).toBe(429);
-    expect(publicShareChat.withinShareTokenBudget).toHaveBeenCalledWith('ws-1');
-    // The token budget is the COST backstop: an over-budget workspace must be
-    // rejected WITHOUT consuming a request slot, so the request cap never runs.
-    expect(publicShareChat.tryConsumeWorkspaceQuota).not.toHaveBeenCalled();
-  });
-
-  it('the token budget is checked BEFORE the request cap (over-budget wins, no slot spent)', async () => {
-    // Over budget AND the request cap would also reject: the read-only budget
-    // gate must win so the (mutating) request-slot consume is never reached.
-    const { deps, publicShareChat } = makeDeps({
-      withinShareTokenBudget: jest.fn().mockResolvedValue(false),
-      tryConsumeWorkspaceQuota: jest.fn().mockResolvedValue(false),
-    });
-    expect(await statusOf(deps, body())).toBe(429);
-    expect(publicShareChat.tryConsumeWorkspaceQuota).not.toHaveBeenCalled();
-  });
-
-  it('the token-budget gate is checked BEFORE the payload caps (429 wins over 413)', async () => {
-    const { deps } = makeDeps({
-      withinShareTokenBudget: jest.fn().mockResolvedValue(false),
-    });
-    const huge = {
-      role: 'user',
-      parts: [{ type: 'text', text: 'x'.repeat(MAX_SHARE_MESSAGE_CHARS + 1) }],
-    };
-    expect(await statusOf(deps, body({ messages: [huge] }))).toBe(429);
-  });
-
   it('messages over MAX_SHARE_MESSAGES => 413', async () => {
     const { deps } = makeDeps();
     const tooMany = Array.from({ length: MAX_SHARE_MESSAGES + 1 }, () => ({

apps/server/src/core/ai-chat/public-share-chat.controller.ts

@@ -151,7 +151,6 @@ export interface ShareAssistantDeps {
     | 'resolveShareRole'
     | 'getShareChatModel'
     | 'tryConsumeWorkspaceQuota'
-    | 'withinShareTokenBudget'
   >;
 }
 
@@ -268,21 +267,9 @@ export async function resolveShareAssistantRequest(
     throw new NotFoundException('Not found');
   }
 
-  // 5a. Per-WORKSPACE rolling-day TOKEN budget (the COST backstop). Read-only and
-  //     checked FIRST so a workspace that has already burned its day's token
-  //     budget gets a clean 429 WITHOUT consuming a request slot, and spends
-  //     nothing. Counting requests alone does not bound the owner's provider
-  //     bill (issue #159, finding #5).
-  if (!(await deps.publicShareChat.withinShareTokenBudget(workspaceId))) {
-    throw new HttpException(
-      'This documentation assistant has reached its usage budget. Please try again later.',
-      HttpStatus.TOO_MANY_REQUESTS,
-    );
-  }
-
-  // 5b. Per-WORKSPACE anti-abuse request cap (IP-independent; defense in depth).
-  //     Checked BEFORE res.hijack(), so an over-cap workspace gets a clean 429
-  //     and spends nothing.
+  // 5. Per-WORKSPACE anti-abuse cap (IP-independent; defense in depth). Checked
+  //    BEFORE res.hijack(), so an over-cap workspace gets a clean 429 and spends
+  //    nothing.
   if (!(await deps.publicShareChat.tryConsumeWorkspaceQuota(workspaceId))) {
     throw new HttpException(
       'This documentation assistant is temporarily busy. Please try again later.',

apps/server/src/core/ai-chat/public-share-chat.service.ts

@@ -17,9 +17,7 @@ import { buildShareSystemPrompt } from './public-share-chat.prompt';
 import { roleModelOverride } from './roles/role-model-config';
 import {
   PublicShareWorkspaceLimiter,
-  PublicShareWorkspaceTokenBudget,
   createPublicShareWorkspaceLimiter,
-  createPublicShareWorkspaceTokenBudget,
 } from './public-share-workspace-limiter';
 import { describeProviderError } from '../../integrations/ai/ai-error.util';
 import {
@@ -127,16 +125,6 @@ export class PublicShareChatService {
    */
   private readonly workspaceLimiter: PublicShareWorkspaceLimiter;
 
-  /**
-   * COST contour two: a per-workspace TOKEN budget over a rolling day. The
-   * request-count limiter above bounds how many anonymous calls run; this bounds
-   * how many provider TOKENS they spend (input re-sent per step + output),
-   * which is what the owner is actually billed for (issue #159, finding #5).
-   * Checked read-only before a turn streams; the real usage is recorded once the
-   * turn finishes (`onFinish`).
-   */
-  private readonly tokenBudget: PublicShareWorkspaceTokenBudget;
-
   constructor(
     private readonly ai: AiService,
     private readonly aiSettings: AiSettingsService,
@@ -145,7 +133,6 @@ export class PublicShareChatService {
     private readonly aiAgentRoleRepo: AiAgentRoleRepo,
   ) {
     this.workspaceLimiter = createPublicShareWorkspaceLimiter(redisService);
-    this.tokenBudget = createPublicShareWorkspaceTokenBudget(redisService);
   }
 
   /**
@@ -157,48 +144,6 @@ export class PublicShareChatService {
     return this.workspaceLimiter.tryConsume(workspaceId);
   }
 
-  /**
-   * Read-only pre-stream COST gate: true while the workspace is under its
-   * rolling-day token budget, false once the trailing-day token spend has
-   * reached it (the controller must then 429 BEFORE starting the stream). This
-   * bounds the owner's actual provider bill, which counting requests alone does
-   * not (issue #159, finding #5).
-   */
-  async withinShareTokenBudget(workspaceId: string): Promise<boolean> {
-    return this.tokenBudget.withinBudget(workspaceId);
-  }
-
-  /**
-   * Record a finished turn's real token spend against the rolling-day budget.
-   * Best-effort (the turn already ran): failures are swallowed by the budget.
-   */
-  async recordShareTokens(workspaceId: string, tokens: number): Promise<void> {
-    return this.tokenBudget.record(workspaceId, tokens);
-  }
-
-  /**
-   * `streamText` onFinish hook body: account a finished turn's REAL token spend
-   * (input re-sent per step + output, summed across all steps) against the
-   * per-workspace rolling-day budget, so a future turn over budget is rejected up
-   * front (issue #159, finding #5). `totalUsage` fields are `number | undefined`;
-   * fall back to the sum of input+output when the provider omits `totalTokens`.
-   * Fire-and-forget: the turn already streamed, so a record failure must not
-   * break it.
-   */
-  recordTurnUsage(
-    workspaceId: string,
-    totalUsage: {
-      totalTokens?: number;
-      inputTokens?: number;
-      outputTokens?: number;
-    },
-  ): void {
-    const tokens =
-      totalUsage.totalTokens ??
-      (totalUsage.inputTokens ?? 0) + (totalUsage.outputTokens ?? 0);
-    void this.recordShareTokens(workspaceId, tokens);
-  }
-
   /**
    * Resolve the admin-selected agent role for the anonymous public-share
    * assistant, scoped to the workspace and soft-delete aware. Returns null when
@@ -286,8 +231,6 @@ export class PublicShareChatService {
         // bill even if the per-IP throttle is evaded; worst case = steps × this.
         maxOutputTokens: resolveShareAiMaxOutputTokens(),
         abortSignal: signal,
-        onFinish: ({ totalUsage }) =>
-          this.recordTurnUsage(workspaceId, totalUsage),
         onError: ({ error }) => {
           // Reuse the shared formatter so provider error formatting stays
           // unified (statusCode + body) with the authenticated path.

apps/server/src/core/ai-chat/public-share-chat.spec.ts

@@ -11,11 +11,8 @@ import {
 import { PublicShareChatToolsService } from './tools/public-share-chat-tools.service';
 import {
   PublicShareWorkspaceLimiter,
-  PublicShareWorkspaceTokenBudget,
   resolveShareAiWorkspaceMax,
-  resolveShareAiWorkspaceTokenBudget,
   SHARE_AI_WORKSPACE_MAX_PER_WINDOW,
-  SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT,
 } from './public-share-workspace-limiter';
 
 /**
@@ -549,228 +546,6 @@ describe('PublicShareWorkspaceLimiter (cluster-wide sliding-window per-workspace
   });
 });
 
-/**
- * In-memory fake of the ioredis slice the TOKEN budget uses. Unlike the request
- * limiter (one Lua), the budget runs TWO scripts over the same sorted set:
- *  - the read-only CHECK (sums the token counts encoded as each member's leading
- *    integer, admits while the sum is under budget, never mutates), and
- *  - the RECORD (ZADDs a finished turn's `<tokens>:<unique>` member).
- * The fake faithfully reproduces both (branching on the script body) so the spec
- * exercises the REAL budget math, not a re-implementation.
- */
-class FakeTokenRedis {
-  private sets = new Map<string, Array<{ score: number; member: string }>>();
-
-  async eval(
-    script: string,
-    _numKeys: number,
-    key: string,
-    nowStr: string,
-    windowMsStr: string,
-    arg3: string,
-  ): Promise<number> {
-    const now = Number(nowStr);
-    const windowMs = Number(windowMsStr);
-    const cutoff = now - windowMs;
-    const arr = (this.sets.get(key) ?? []).filter((e) => e.score > cutoff);
-    if (script.includes('ZADD')) {
-      // RECORD: arg3 is the `<tokens>:<unique>` member; append at score=now.
-      arr.push({ score: now, member: arg3 });
-      this.sets.set(key, arr);
-      return 1;
-    }
-    // CHECK: arg3 is the budget; sum the leading integer of each survivor.
-    const budget = Number(arg3);
-    this.sets.set(key, arr);
-    const total = arr.reduce((sum, e) => {
-      const m = /^(\d+)/.exec(e.member);
-      return sum + (m ? Number(m[1]) : 0);
-    }, 0);
-    return total >= budget ? 0 : 1;
-  }
-}
-
-function makeTokenBudget(budget: number, windowMs: number, clock: () => number) {
-  const redis = new FakeTokenRedis() as unknown as import('ioredis').Redis;
-  return new PublicShareWorkspaceTokenBudget(redis, budget, windowMs, clock);
-}
-
-describe('resolveShareAiWorkspaceTokenBudget (env-overridable per-day token budget)', () => {
-  const KEY = 'SHARE_AI_WORKSPACE_TOKEN_BUDGET_PER_DAY';
-  const saved = process.env[KEY];
-  afterEach(() => {
-    if (saved === undefined) delete process.env[KEY];
-    else process.env[KEY] = saved;
-  });
-
-  it('falls back to the default when unset', () => {
-    delete process.env[KEY];
-    expect(resolveShareAiWorkspaceTokenBudget()).toBe(
-      SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT,
-    );
-  });
-
-  it('honors a positive override', () => {
-    process.env[KEY] = '250000';
-    expect(resolveShareAiWorkspaceTokenBudget()).toBe(250000);
-  });
-
-  it('ignores a non-positive / unparseable value (uses the default)', () => {
-    for (const bad of ['0', '-5', 'nope', '']) {
-      process.env[KEY] = bad;
-      expect(resolveShareAiWorkspaceTokenBudget()).toBe(
-        SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT,
-      );
-    }
-  });
-});
-
-describe('PublicShareWorkspaceTokenBudget (cluster-wide rolling-day token cap)', () => {
-  it('admits while under budget and rejects once the recorded spend reaches it', async () => {
-    const budget = makeTokenBudget(1000, 60_000, () => 1_000);
-    expect(await budget.withinBudget('ws-1')).toBe(true); // nothing spent yet
-    await budget.record('ws-1', 600);
-    expect(await budget.withinBudget('ws-1')).toBe(true); // 600 < 1000
-    await budget.record('ws-1', 400);
-    // 1000 >= 1000: the budget is exhausted, so the next turn is rejected up front.
-    expect(await budget.withinBudget('ws-1')).toBe(false);
-  });
-
-  it('counts TOKENS, not requests: one fat turn can exhaust the budget alone', async () => {
-    const budget = makeTokenBudget(1000, 60_000, () => 1_000);
-    // A single accepted turn re-sends the whole transcript across 5 steps; here
-    // it lands as 1200 tokens — already over the day budget on its own.
-    await budget.record('ws-1', 1200);
-    expect(await budget.withinBudget('ws-1')).toBe(false);
-  });
-
-  it('ages out spend older than the window so the budget recovers', async () => {
-    let now = 0;
-    const budget = makeTokenBudget(1000, 60_000, () => now);
-    await budget.record('ws-1', 1000); // at budget
-    now += 59_999; // still inside the day window
-    expect(await budget.withinBudget('ws-1')).toBe(false);
-    now += 2; // the spend is now strictly older than windowMs
-    expect(await budget.withinBudget('ws-1')).toBe(true);
-  });
-
-  it('ignores non-positive / non-finite usage (never records phantom spend)', async () => {
-    const budget = makeTokenBudget(1000, 60_000, () => 1_000);
-    await budget.record('ws-1', 0);
-    await budget.record('ws-1', -50);
-    await budget.record('ws-1', Number.NaN);
-    await budget.record('ws-1', Infinity);
-    expect(await budget.withinBudget('ws-1')).toBe(true); // nothing accumulated
-  });
-
-  it('keeps separate budgets per workspace', async () => {
-    const budget = makeTokenBudget(500, 60_000, () => 1_000);
-    await budget.record('ws-a', 500); // ws-a exhausted
-    expect(await budget.withinBudget('ws-a')).toBe(false);
-    expect(await budget.withinBudget('ws-b')).toBe(true); // ws-b untouched
-  });
-
-  it('FAILS CLOSED on the read-only check when Redis rejects', async () => {
-    const failingRedis = {
-      eval: () => Promise.reject(new Error('redis down')),
-    } as unknown as import('ioredis').Redis;
-    const budget = new PublicShareWorkspaceTokenBudget(
-      failingRedis,
-      1000,
-      60_000,
-      () => 1_000,
-    );
-    const errSpy = jest
-      .spyOn(Logger.prototype, 'error')
-      .mockImplementation(() => undefined);
-    expect(await budget.withinBudget('ws-1')).toBe(false);
-    expect(errSpy).toHaveBeenCalled();
-    errSpy.mockRestore();
-  });
-
-  it('SWALLOWS a record failure (best-effort post-accounting, never throws)', async () => {
-    // The turn already streamed; a record failure must not surface to the caller.
-    const failingRedis = {
-      eval: () => Promise.reject(new Error('redis down')),
-    } as unknown as import('ioredis').Redis;
-    const budget = new PublicShareWorkspaceTokenBudget(
-      failingRedis,
-      1000,
-      60_000,
-      () => 1_000,
-    );
-    const errSpy = jest
-      .spyOn(Logger.prototype, 'error')
-      .mockImplementation(() => undefined);
-    await expect(budget.record('ws-1', 100)).resolves.toBeUndefined();
-    expect(errSpy).toHaveBeenCalled();
-    errSpy.mockRestore();
-  });
-});
-
-describe('PublicShareChatService.withinShareTokenBudget / recordShareTokens', () => {
-  it('delegates the cost gate + accounting to the redis-backed token budget', async () => {
-    const redis = new FakeTokenRedis();
-    const redisService = { getOrThrow: () => redis } as never;
-    const service = new PublicShareChatService(
-      {} as never,
-      {} as never,
-      {} as never,
-      redisService,
-      {} as never,
-    );
-    // Default budget is large, so a fresh workspace is under budget; recording a
-    // modest spend keeps it under budget (asserts the wiring the controller +
-    // onFinish rely on).
-    expect(await service.withinShareTokenBudget('ws-1')).toBe(true);
-    await service.recordShareTokens('ws-1', 1234);
-    expect(await service.withinShareTokenBudget('ws-1')).toBe(true);
-  });
-});
-
-describe('PublicShareChatService.recordTurnUsage (streamText onFinish accounting)', () => {
-  function makeService() {
-    const redisService = { getOrThrow: () => new FakeTokenRedis() } as never;
-    const service = new PublicShareChatService(
-      {} as never,
-      {} as never,
-      {} as never,
-      redisService,
-      {} as never,
-    );
-    const recordSpy = jest
-      .spyOn(service, 'recordShareTokens')
-      .mockResolvedValue(undefined);
-    return { service, recordSpy };
-  }
-
-  it('sums input+output when the provider omits totalTokens', () => {
-    const { service, recordSpy } = makeService();
-    // The onFinish payload shape: a totalUsage with per-component counts but no
-    // authoritative total (provider omitted it).
-    service.recordTurnUsage('ws-1', { inputTokens: 1200, outputTokens: 300 });
-    expect(recordSpy).toHaveBeenCalledWith('ws-1', 1500);
-  });
-
-  it('treats missing input/output components as 0 in the fallback sum', () => {
-    const { service, recordSpy } = makeService();
-    service.recordTurnUsage('ws-1', { outputTokens: 42 });
-    expect(recordSpy).toHaveBeenCalledWith('ws-1', 42);
-  });
-
-  it('prefers the authoritative totalTokens when present (not the sum)', () => {
-    const { service, recordSpy } = makeService();
-    // totalTokens is the provider's authoritative figure and may differ from a
-    // naive input+output sum (e.g. cached/ reasoning tokens); it must win.
-    service.recordTurnUsage('ws-1', {
-      totalTokens: 5000,
-      inputTokens: 1200,
-      outputTokens: 300,
-    });
-    expect(recordSpy).toHaveBeenCalledWith('ws-1', 5000);
-  });
-});
-
 describe('PublicShareChatService.tryConsumeWorkspaceQuota', () => {
   it('delegates to the redis-backed per-workspace limiter', async () => {
     const redis = new FakeRedis();

apps/server/src/core/ai-chat/public-share-workspace-limiter.ts

@@ -136,177 +136,6 @@ export class PublicShareWorkspaceLimiter {
   }
 }
 
-/**
- * SECOND cost contour: a per-workspace TOKEN budget over a rolling DAY.
- *
- * The request-count cap above bounds how MANY anonymous calls a workspace
- * admits, but NOT how expensive each one is: one accepted call runs the agent
- * loop up to `stepCountIs(5)`, and every step re-sends the WHOLE client-held
- * transcript (~hundreds of KB) as input, so the provider input alone can be tens
- * of thousands of tokens PER step while `maxOutputTokens` only caps the output.
- * The request cap is also hourly with no daily ceiling, so a steady stream at
- * the hourly cap sustains ~24x its count per day. Counting requests therefore
- * does not bound the owner's actual LLM bill (issue #159, finding #5).
- *
- * This contour caps the SPEND directly: the actual tokens consumed (input +
- * output, summed across all steps of every accepted turn) over the trailing
- * `windowMs` (one rolling day) must stay under `budget`. It is checked BEFORE a
- * turn streams (read-only) and the turn's real usage is recorded AFTER it
- * finishes (`streamText` onFinish). Like the request cap it is cluster-wide
- * (shared Redis) and uses a sliding-window LOG so the day boundary cannot be
- * gamed for a 2x burst.
- *
- * Pre-check is read-only, so a turn already over budget is rejected, but the
- * tokens of an in-flight turn are not yet known and are accounted only once it
- * finishes. The worst-case overshoot past the budget is therefore one turn
- * (bounded by steps x (maxOutputTokens + transcript size)) — acceptable for a
- * cost backstop on an optional anonymous assistant.
- */
-
-/** Default per-workspace token budget over the rolling day. */
-export const SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT = 1_000_000;
-/** Default token-budget window length: one rolling day. */
-export const SHARE_AI_WORKSPACE_TOKEN_WINDOW_MS = 24 * 60 * 60 * 1000;
-
-/** Redis key namespace for the per-workspace token-spend sliding-window log. */
-const TOKEN_KEY_PREFIX = 'share-ai:ws-tokens:';
-
-/**
- * Read-only sliding-window token-budget check.
- *
- * KEYS[1] = the per-workspace token sorted-set key
- * ARGV[1] = now (epoch ms)
- * ARGV[2] = windowMs
- * ARGV[3] = budget (max tokens in the trailing window)
- *
- * Drops entries older than the window, then sums the token counts encoded as the
- * leading integer of each surviving member. Returns 1 if the running total is
- * still UNDER budget (admit), 0 once it has reached/exceeded the budget. Does NOT
- * add anything — the turn's real usage is recorded separately once it finishes.
- */
-const TOKEN_BUDGET_CHECK_LUA = `
-local key = KEYS[1]
-local now = tonumber(ARGV[1])
-local windowMs = tonumber(ARGV[2])
-local budget = tonumber(ARGV[3])
-redis.call('ZREMRANGEBYSCORE', key, 0, now - windowMs)
-local members = redis.call('ZRANGE', key, 0, -1)
-local total = 0
-for i = 1, #members do
-  local t = tonumber(string.match(members[i], '^(%d+)'))
-  if t then total = total + t end
-end
-if total >= budget then
-  return 0
-end
-return 1
-`;
-
-/**
- * Record one finished turn's token spend in the sliding-window log.
- *
- * KEYS[1] = the per-workspace token sorted-set key
- * ARGV[1] = now (epoch ms) — the entry score
- * ARGV[2] = windowMs
- * ARGV[3] = member (`<tokens>:<unique>`; the leading integer is the token count)
- *
- * Always ZADDs (the turn already ran and spent the tokens) and refreshes the
- * key TTL so idle workspaces cost no memory. Trims expired entries first so the
- * set never grows unbounded for a busy workspace.
- */
-const TOKEN_RECORD_LUA = `
-local key = KEYS[1]
-local now = tonumber(ARGV[1])
-local windowMs = tonumber(ARGV[2])
-local member = ARGV[3]
-redis.call('ZREMRANGEBYSCORE', key, 0, now - windowMs)
-redis.call('ZADD', key, now, member)
-redis.call('PEXPIRE', key, windowMs)
-return 1
-`;
-
-/**
- * Cluster-wide, sliding-window per-workspace TOKEN budget backed by Redis.
- * `withinBudget(key)` is a read-only pre-stream gate; `record(key, tokens)`
- * accounts a finished turn's real usage. Decoupled from NestJS so it is testable
- * against a mocked/real ioredis client, mirroring the request-count limiter.
- */
-export class PublicShareWorkspaceTokenBudget {
-  private readonly logger = new Logger(PublicShareWorkspaceTokenBudget.name);
-  private counter = 0;
-
-  constructor(
-    private readonly redis: Redis,
-    private readonly budget: number = SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT,
-    private readonly windowMs: number = SHARE_AI_WORKSPACE_TOKEN_WINDOW_MS,
-    private readonly now: () => number = Date.now,
-  ) {}
-
-  /**
-   * Read-only pre-stream check. Returns true while the workspace is under its
-   * rolling-day token budget, false once the trailing-window spend has reached
-   * it (caller must then 429 BEFORE streaming any tokens).
-   *
-   * FAILS CLOSED (false) on a Redis error: identical reasoning to the request
-   * limiter — when we cannot prove the workspace is under budget we DENY rather
-   * than admit an unmetered billable call. The assistant is optional, so a
-   * transient Redis blip briefly disabling it beats an unbounded provider bill.
-   */
-  async withinBudget(key: string): Promise<boolean> {
-    const t = this.now();
-    try {
-      const admitted = await this.redis.eval(
-        TOKEN_BUDGET_CHECK_LUA,
-        1,
-        TOKEN_KEY_PREFIX + key,
-        String(t),
-        String(this.windowMs),
-        String(this.budget),
-      );
-      return admitted === 1;
-    } catch (err) {
-      this.logger.error(
-        `share-ai token budget Redis failure for key "${key}"; failing closed`,
-        err as Error,
-      );
-      return false;
-    }
-  }
-
-  /**
-   * Record a finished turn's token spend. Best-effort: the turn already ran, so
-   * a Redis failure here is logged but not propagated — it would only cause a
-   * slight under-count of the running budget, never a wrong answer to the
-   * caller. Non-positive / non-finite usage is ignored.
-   */
-  async record(key: string, tokens: number): Promise<void> {
-    if (!Number.isFinite(tokens) || tokens <= 0) return;
-    const spend = Math.floor(tokens);
-    const t = this.now();
-    // Member: `<tokens>:<unique>` — the check Lua sums the leading integer, and
-    // the unique suffix keeps distinct turns in the same ms from colliding on
-    // the sorted-set member (which would drop one entry and under-count).
-    const member = `${spend}:${t}-${this.counter++}-${Math.random()
-      .toString(36)
-      .slice(2)}`;
-    try {
-      await this.redis.eval(
-        TOKEN_RECORD_LUA,
-        1,
-        TOKEN_KEY_PREFIX + key,
-        String(t),
-        String(this.windowMs),
-        member,
-      );
-    } catch (err) {
-      this.logger.error(
-        `share-ai token budget record failure for key "${key}" (${spend} tokens); ignoring`,
-        err as Error,
-      );
-    }
-  }
-}
-
 /**
  * Read the per-workspace cap from the environment (overridable seam), falling
  * back to the sane default. A non-positive / unparseable value uses the default.
@@ -333,31 +162,3 @@ export function createPublicShareWorkspaceLimiter(
     SHARE_AI_WORKSPACE_WINDOW_MS,
   );
 }
-
-/**
- * Read the per-workspace rolling-day token budget from the environment
- * (overridable seam), falling back to the sane default. A non-positive /
- * unparseable value uses the default.
- */
-export function resolveShareAiWorkspaceTokenBudget(): number {
-  const raw = Number(process.env.SHARE_AI_WORKSPACE_TOKEN_BUDGET_PER_DAY);
-  return Number.isFinite(raw) && raw > 0
-    ? Math.floor(raw)
-    : SHARE_AI_WORKSPACE_TOKEN_BUDGET_DEFAULT;
-}
-
-/**
- * Build the per-workspace token budget from the injected RedisService (the same
- * global ioredis client used by the request-count limiter). Tiny factory so the
- * service constructor stays declarative and the budget stays unit-testable with
- * a hand-rolled fake redis.
- */
-export function createPublicShareWorkspaceTokenBudget(
-  redisService: RedisService,
-): PublicShareWorkspaceTokenBudget {
-  return new PublicShareWorkspaceTokenBudget(
-    redisService.getOrThrow(),
-    resolveShareAiWorkspaceTokenBudget(),
-    SHARE_AI_WORKSPACE_TOKEN_WINDOW_MS,
-  );
-}

apps/server/src/core/ai-chat/tools/ai-chat-tools.service.spec.ts

@@ -120,25 +120,18 @@ describe('AiChatToolsService deletePage guardrail (H4)', () => {
     const tools = await buildTools();
     const deletePage = tools.deletePage;
 
-    // The wrapped input schema (modelFriendlyInput) only allows `pageId`;
-    // validation strips/ignores extra keys, so a permanent/force flag is never
-    // part of the validated input handed to execute.
+    // The Zod input schema only allows `pageId`; parsing strips/ignores extra
+    // keys, so a permanent/force flag is never part of the validated input.
     const schema = (deletePage as unknown as { inputSchema: unknown })
       .inputSchema as {
-      validate: (
-        v: unknown,
-      ) =>
-        | { success: boolean; value?: Record<string, unknown> }
-        | Promise<{ success: boolean; value?: Record<string, unknown> }>;
+      parse: (v: unknown) => Record<string, unknown>;
     };
-    const result = await schema.validate({
+    const parsed = schema.parse({
       pageId: 'page-789',
       permanentlyDelete: true,
       forceDelete: true,
     });
 
-    expect(result.success).toBe(true);
-    const parsed = result.value as Record<string, unknown>;
     expect(parsed).toHaveProperty('pageId', 'page-789');
     expect(parsed).not.toHaveProperty('permanentlyDelete');
     expect(parsed).not.toHaveProperty('forceDelete');
@@ -214,26 +207,19 @@ describe('AiChatToolsService expanded toolset guardrails', () => {
     const tools = await buildTools();
     const transformPage = tools.transformPage;
 
-    // The wrapped input schema only allows pageId/transformJs/dryRun;
-    // validation strips unknown keys, so deleteComments can never reach the
-    // client.
+    // The Zod input schema only allows pageId/transformJs/dryRun; parsing
+    // strips unknown keys, so deleteComments can never reach the client.
     const schema = (transformPage as unknown as { inputSchema: unknown })
       .inputSchema as {
-      validate: (
-        v: unknown,
-      ) =>
-        | { success: boolean; value?: Record<string, unknown> }
-        | Promise<{ success: boolean; value?: Record<string, unknown> }>;
+      parse: (v: unknown) => Record<string, unknown>;
     };
-    const result = await schema.validate({
+    const parsed = schema.parse({
       pageId: 'p',
       transformJs: '(d)=>d',
       dryRun: true,
       deleteComments: true,
     });
 
-    expect(result.success).toBe(true);
-    const parsed = result.value as Record<string, unknown>;
     expect(parsed).toHaveProperty('pageId', 'p');
     expect(parsed).not.toHaveProperty('deleteComments');
   });
@@ -409,95 +395,3 @@ describe('AiChatToolsService node-arg JSON-string coercion', () => {
     expect(updatePageJsonCalls).toHaveLength(0);
   });
 });
-
-/**
- * Model-friendly tool-call validation (#190): when the model drops a required
- * `pageId` in a parallel/batch tool call, the built-in input schema must return
- * a CLEAR, actionable message (naming the parameter, reminding it not to drop
- * ids in batches) instead of zod's raw "expected string, received undefined" —
- * while a valid call still validates. This is wired centrally via
- * modelFriendlyInput, so it applies to every in-app tool; createComment (the
- * tool from the bug report) and a sharedTool-built tool (getPage's sibling
- * getOutline) are exercised here end-to-end through forUser().
- */
-describe('AiChatToolsService model-friendly input validation (#190)', () => {
-  const fakeClient: Partial<DocmostClientLike> = {};
-  const tokenServiceStub = {
-    generateAccessToken: jest.fn().mockResolvedValue('access-token'),
-    generateCollabToken: jest.fn().mockResolvedValue('collab-token'),
-  };
-  let service: AiChatToolsService;
-
-  beforeEach(() => {
-    jest.spyOn(loader, 'loadDocmostMcp').mockResolvedValue(
-      mockLoaded(function () {
-        return fakeClient as DocmostClientLike;
-      } as unknown as loader.DocmostClientCtor),
-    );
-    service = new AiChatToolsService(
-      tokenServiceStub as never,
-      {} as never,
-      {} as never,
-      {} as never,
-      {} as never,
-    );
-  });
-
-  afterEach(() => jest.restoreAllMocks());
-
-  function buildTools() {
-    return service.forUser(
-      { id: 'user-1', email: 'u@example.com', workspaceId: 'ws-1' } as never,
-      'session-1',
-      'ws-1',
-      'chat-1',
-    );
-  }
-
-  // The AI SDK Schema produced by modelFriendlyInput exposes `validate`.
-  type ValidatableSchema = {
-    validate: (
-      v: unknown,
-    ) =>
-      | { success: boolean; value?: unknown; error?: Error }
-      | Promise<{ success: boolean; value?: unknown; error?: Error }>;
-  };
-  const inputSchemaOf = (t: unknown) =>
-    (t as { inputSchema: unknown }).inputSchema as ValidatableSchema;
-
-  it('createComment: a dropped pageId yields a clear, model-actionable message', async () => {
-    const tools = await buildTools();
-    // The exact failing shape from the bug report's second parallel batch:
-    // content + selection, but pageId silently dropped.
-    const result = await inputSchemaOf(tools.createComment).validate({
-      content: 'A remark',
-      selection: 'титановый проводник',
-    });
-    expect(result.success).toBe(false);
-    expect(result.error?.message).toContain('parameter "pageId": missing (required)');
-    expect(result.error?.message).toContain('parallel/batch tool calls');
-    // Not the raw zod text the model previously received.
-    expect(result.error?.message).not.toContain('received undefined');
-  });
-
-  it('createComment: a valid call with pageId validates successfully', async () => {
-    const tools = await buildTools();
-    const result = await inputSchemaOf(tools.createComment).validate({
-      pageId: '019efe44-0000-0000-0000-000000000000',
-      content: 'A remark',
-      selection: 'титановый проводник',
-    });
-    expect(result.success).toBe(true);
-    expect(result.value).toMatchObject({
-      pageId: '019efe44-0000-0000-0000-000000000000',
-      content: 'A remark',
-    });
-  });
-
-  it('sharedTool-built tools (getOutline) also get the friendly message on a dropped pageId', async () => {
-    const tools = await buildTools();
-    const result = await inputSchemaOf(tools.getOutline).validate({});
-    expect(result.success).toBe(false);
-    expect(result.error?.message).toContain('parameter "pageId": missing (required)');
-  });
-});

apps/server/src/core/ai-chat/tools/ai-chat-tools.service.ts

@@ -15,7 +15,6 @@ import {
 } from './docmost-client.loader';
 import { resolveCurrentPageResult } from './current-page.util';
 import { parseNodeArg } from './parse-node-arg';
-import { modelFriendlyInput } from './model-friendly-input';
 
 /**
  * Per-user, per-request adapter that exposes Docmost READ operations to the
@@ -103,13 +102,9 @@ export class AiChatToolsService {
     ): Tool =>
       tool({
         description: spec.description,
-        // Wrap via modelFriendlyInput so a dropped/invalid parameter (e.g. a
-        // pageId omitted in a parallel batch, #190) yields a clear, actionable
-        // tool error instead of zod's raw text. No-arg specs still get an empty
-        // object schema.
-        inputSchema: modelFriendlyInput(
-          spec.buildShape ? (spec.buildShape(z) as z.ZodRawShape) : {},
-        ),
+        inputSchema: spec.buildShape
+          ? z.object(spec.buildShape(z) as z.ZodRawShape)
+          : z.object({}),
         execute,
       });
 
@@ -123,7 +118,7 @@ export class AiChatToolsService {
           'and entities), not a full sentence. If the first results look weak ' +
           'or incomplete, search again with different wording or synonyms ' +
           'before answering.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           query: z.string().describe('The search query.'),
           limit: z
             .number()
@@ -232,7 +227,7 @@ export class AiChatToolsService {
           '"the current page", or "here" refers to. Returns the page id and title, ' +
           'or null if the user is not currently on a page. Call this first whenever ' +
           'the user refers to the current page without giving an explicit id.',
-        inputSchema: modelFriendlyInput({}),
+        inputSchema: z.object({}),
         execute: async () => resolveCurrentPageResult(openedPage),
       }),
 
@@ -240,7 +235,7 @@ export class AiChatToolsService {
         description:
           'Fetch a single page as Markdown by its page id. Returns the page ' +
           'title and its Markdown content.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id (or slugId) of the page.'),
         }),
         execute: async ({ pageId }) => {
@@ -264,7 +259,7 @@ export class AiChatToolsService {
           'Create a new page with a Markdown body in a space, optionally under ' +
           'a parent page. Returns the new page id and title. Reversible: a page ' +
           'can be moved to trash later.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           title: z.string().describe('The title of the new page.'),
           content: z
             .string()
@@ -299,7 +294,7 @@ export class AiChatToolsService {
         description:
           "Replace a page's body with new Markdown content (and optionally its " +
           'title). Reversible: the previous version is kept in page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to update.'),
           content: z.string().describe('The new page body as Markdown.'),
           title: z
@@ -321,7 +316,7 @@ export class AiChatToolsService {
         description:
           "Rename a page (change its title only; the body is untouched). " +
           'Reversible: rename back at any time.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to rename.'),
           title: z.string().describe('The new title.'),
         }),
@@ -336,7 +331,7 @@ export class AiChatToolsService {
         description:
           'Move a page under a new parent page, or to the space root when no ' +
           'parent is given. Reversible: move it back at any time.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to move.'),
           parentPageId: z
             .string()
@@ -358,7 +353,7 @@ export class AiChatToolsService {
         description:
           'Move a page to the trash (SOFT delete only — fully reversible; the ' +
           'page can be restored from trash). This NEVER permanently deletes.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to move to trash.'),
         }),
         // GUARDRAIL (§14 H4): the only field ever passed to the client is
@@ -384,7 +379,7 @@ export class AiChatToolsService {
           '"selection not found" error, retry with a corrected EXACT selection ' +
           'copied verbatim from a single paragraph/block. Reversible via the ' +
           'comment UI.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to comment on.'),
           content: z.string().describe('The comment body as Markdown.'),
           selection: z
@@ -433,7 +428,7 @@ export class AiChatToolsService {
         description:
           'Resolve or reopen a top-level comment thread (reversible — toggle ' +
           'the resolved flag). Only top-level comments can be resolved.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           commentId: z
             .string()
             .describe('The id of the top-level comment to resolve/reopen.'),
@@ -465,7 +460,7 @@ export class AiChatToolsService {
           'List the most recent pages, optionally scoped to a single space. ' +
           'Returns a bounded list (default 50, max 100). Pass tree:true (with ' +
           "spaceId) to instead get the space's full page hierarchy as a nested tree.",
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           spaceId: z
             .string()
             .optional()
@@ -493,7 +488,7 @@ export class AiChatToolsService {
           'List sidebar pages for a space. With no pageId, returns the ' +
           "space's ROOT pages; with a pageId, returns that page's direct " +
           'CHILDREN.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           spaceId: z.string().describe('The id of the space.'),
           pageId: z
             .string()
@@ -525,7 +520,7 @@ export class AiChatToolsService {
         description:
           'Read a table as a matrix of cell texts (plus a parallel cellIds ' +
           'matrix so cells can be addressed for rich edits).',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           tableRef: z
             .string()
@@ -541,7 +536,7 @@ export class AiChatToolsService {
       listComments: tool({
         description:
           'List all comments on a page (content as Markdown).',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
         }),
         execute: async ({ pageId }) => await client.listComments(pageId),
@@ -549,7 +544,7 @@ export class AiChatToolsService {
 
       getComment: tool({
         description: 'Fetch a single comment by id (content as Markdown).',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           commentId: z.string().describe('The id of the comment.'),
         }),
         execute: async ({ commentId }) => await client.getComment(commentId),
@@ -559,7 +554,7 @@ export class AiChatToolsService {
         description:
           'Find new comments across a space (optionally scoped to a subtree) ' +
           'created after a given timestamp.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           spaceId: z.string().describe('The id of the space to scan.'),
           since: z
             .string()
@@ -591,7 +586,7 @@ export class AiChatToolsService {
         description:
           'Fetch a single page-history version including its lossless ' +
           'ProseMirror content.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           historyId: z.string().describe('The id of the history version.'),
         }),
         execute: async ({ historyId }) =>
@@ -609,7 +604,7 @@ export class AiChatToolsService {
           'Export a page to a single self-contained Docmost-flavoured ' +
           'Markdown file (meta + body + comment threads). Lossless round-trip ' +
           'with importPageMarkdown.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to export.'),
         }),
         execute: async ({ pageId }) => {
@@ -635,7 +630,7 @@ export class AiChatToolsService {
           '{"type":"text","text":"x","marks":[{"type":"bold"}]}. The node arg ' +
           'may be a JSON object or a JSON string (both accepted). Reversible: ' +
           'the previous version is kept in page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           nodeId: z
             .string()
@@ -668,7 +663,7 @@ export class AiChatToolsService {
           '{"type":"text","text":"x","marks":[{"type":"bold"}]}. The node arg ' +
           'may be a JSON object or a JSON string (both accepted). Reversible ' +
           'via page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           node: z
             .any()
@@ -727,7 +722,7 @@ export class AiChatToolsService {
           'object or a JSON string (both accepted). Omit content for a ' +
           'title-only update. Reversible: the previous version is kept in page ' +
           'history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to update.'),
           content: z
             .any()
@@ -758,7 +753,7 @@ export class AiChatToolsService {
         description:
           'Insert a row of plain-text cells into a table. Reversible via ' +
           'page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           tableRef: z
             .string()
@@ -777,7 +772,7 @@ export class AiChatToolsService {
       tableDeleteRow: tool({
         description:
           'Delete a table row at a 0-based index. Reversible via page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           tableRef: z
             .string()
@@ -792,7 +787,7 @@ export class AiChatToolsService {
         description:
           'Set the plain-text content of a table cell at [row, col] (0-based). ' +
           'Reversible via page history.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page.'),
           tableRef: z
             .string()
@@ -822,7 +817,7 @@ export class AiChatToolsService {
           'Make a page PUBLICLY accessible and return its public URL. ' +
           'Reversible via unsharePage. Only share when the user explicitly ' +
           'asked, since this exposes the page to anyone with the link.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to share.'),
           searchIndexing: z
             .boolean()
@@ -849,7 +844,7 @@ export class AiChatToolsService {
           "page's ProseMirror document for complex/scripted rewrites. dryRun " +
           '(default true) previews a diff WITHOUT writing; set dryRun:false to ' +
           'apply. Reversible: applying creates a new page-history snapshot.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z.string().describe('The id of the page to transform.'),
           transformJs: z
             .string()

apps/server/src/core/ai-chat/tools/model-friendly-input.spec.ts

@@ -1,101 +0,0 @@
-import { z } from 'zod';
-import {
-  modelFriendlyInput,
-  buildModelFriendlyMessage,
-} from './model-friendly-input';
-
-/**
- * Unit tests for the centralized in-app tool input wrapper (#190). A dropped or
- * invalid parameter must surface a clear, model-actionable message (naming the
- * parameter and reminding the model not to drop ids in parallel batches), while
- * a valid call validates cleanly and strips unknown keys — and the advertised
- * JSON Schema keeps the unchanged required/description contract.
- */
-describe('modelFriendlyInput', () => {
-  // Mirrors createComment's shape: pageId is the required id the model drops in
-  // parallel batches; selection is optional with a min length.
-  const shape = {
-    pageId: z.string().describe('The id of the page to comment on.'),
-    content: z.string().describe('The comment body as Markdown.'),
-    selection: z.string().min(1).max(250).optional(),
-  };
-
-  // Loose return type: the AI SDK ValidationResult is a discriminated union, but
-  // these tests assert on both branches, so a flat optional shape is simpler.
-  async function validate(
-    value: unknown,
-  ): Promise<{ success: boolean; value?: unknown; error?: Error }> {
-    const schema = modelFriendlyInput(shape);
-    return await schema.validate!(value);
-  }
-
-  it('rejects a dropped required pageId with a clear, actionable message', async () => {
-    const result = await validate({
-      content: 'Looks off here',
-      selection: 'титановый проводник',
-    });
-    expect(result.success).toBe(false);
-    const msg = result.error?.message ?? '';
-    // Names the dropped parameter...
-    expect(msg).toContain('parameter "pageId": missing (required)');
-    // ...and gives an explicit, non-raw instruction (not zod's raw text).
-    expect(msg).toContain('parallel/batch tool calls');
-    expect(msg).not.toContain('expected string, received undefined');
-  });
-
-  it('distinguishes a present-but-invalid parameter from a missing one', async () => {
-    // selection is present but too short (invalid), pageId is missing.
-    const result = await validate({ content: 'x', selection: '' });
-    expect(result.success).toBe(false);
-    const msg = result.error?.message ?? '';
-    expect(msg).toContain('parameter "pageId": missing (required)');
-    expect(msg).toContain('parameter "selection": invalid');
-  });
-
-  it('accepts a valid call and strips unknown keys from the validated value', async () => {
-    const result = await validate({
-      pageId: 'page-1',
-      content: 'A comment',
-      selection: 'anchor text',
-      bogus: true,
-    });
-    expect(result.success).toBe(true);
-    if (!result.success) throw new Error('expected success');
-    expect(result.value).toEqual({
-      pageId: 'page-1',
-      content: 'A comment',
-      selection: 'anchor text',
-    });
-    expect(result.value).not.toHaveProperty('bogus');
-  });
-
-  it('preserves the required/description contract in the advertised JSON Schema', async () => {
-    const schema = modelFriendlyInput(shape);
-    const json = (await schema.jsonSchema) as {
-      required?: string[];
-      properties?: Record<string, { description?: string }>;
-    };
-    // pageId + content stay required; selection stays optional.
-    expect(json.required).toEqual(expect.arrayContaining(['pageId', 'content']));
-    expect(json.required).not.toContain('selection');
-    expect(json.properties?.pageId.description).toBe(
-      'The id of the page to comment on.',
-    );
-  });
-
-  it('handles a no-arg tool (empty shape) without error', async () => {
-    const schema = modelFriendlyInput({});
-    const result = await schema.validate!({});
-    expect(result.success).toBe(true);
-  });
-});
-
-describe('buildModelFriendlyMessage', () => {
-  it('falls back to a generic message when issues carry an empty path', () => {
-    // safeParse on a non-object yields a root-level issue (empty path).
-    const error = z.object({ a: z.string() }).safeParse('not-an-object');
-    if (error.success) throw new Error('expected failure');
-    const msg = buildModelFriendlyMessage(error.error, 'not-an-object');
-    expect(msg).toContain('parameter "input"');
-  });
-});

apps/server/src/core/ai-chat/tools/model-friendly-input.ts

@@ -1,93 +0,0 @@
-import { jsonSchema, type Schema } from 'ai';
-import type { JSONSchema7 } from '@ai-sdk/provider';
-import { z } from 'zod';
-
-/**
- * Centralized input-schema wrapper for every in-app AI-chat tool.
- *
- * THE PROBLEM (#190): when the model issues PARALLEL / batch tool calls it
- * sometimes drops an "obvious" repeated required argument (typically `pageId`)
- * from some of the calls. zod v4 correctly rejects the missing value, but the
- * AI SDK forwards zod's RAW message ("Invalid input: expected string, received
- * undefined") straight back to the model, which is not actionable — the model
- * cannot tell WHICH parameter it dropped or that it must re-send it.
- *
- * THE FIX: keep the exact same validation, but replace the raw zod text with a
- * model-friendly message that names every problematic parameter and tells the
- * model to re-issue the call with all required parameters present. We do NOT
- * guess/backfill the value (a silently-assumed "current page" could comment on
- * the wrong page — cf. #159); the model is simply told to retry correctly.
- *
- * HOW IT WORKS: we build the tool's JSON Schema from the zod shape via
- * `z.toJSONSchema(..., { target: 'draft-7' })` (so the advertised contract —
- * `required` / `description` / field constraints — is unchanged) and hand the
- * AI SDK a custom `validate` that runs `z.object(shape).safeParse(value)`. On
- * failure the AI SDK wraps our returned `Error` in `InvalidToolInputError`, so
- * our clear text is what reaches the model as the tool error.
- */
-export function modelFriendlyInput<T extends z.ZodRawShape>(
-  shape: T,
-): Schema<z.output<z.ZodObject<T>>> {
-  const objectSchema = z.object(shape);
-  // draft-07 keeps required/description/constraints intact, matching what the
-  // model already saw — the tool contract does not change.
-  const json = z.toJSONSchema(objectSchema, {
-    target: 'draft-7',
-  }) as JSONSchema7;
-
-  return jsonSchema<z.output<z.ZodObject<T>>>(json, {
-    validate: (value) => {
-      const result = objectSchema.safeParse(value);
-      if (result.success) {
-        return { success: true, value: result.data };
-      }
-      return {
-        success: false,
-        error: new Error(buildModelFriendlyMessage(result.error, value)),
-      };
-    },
-  });
-}
-
-/**
- * Turn a zod validation failure into a clear, model-actionable message naming
- * each problematic parameter (and whether it is missing vs. invalid), plus an
- * explicit reminder not to drop required ids in parallel/batch tool calls.
- */
-export function buildModelFriendlyMessage(
-  error: z.ZodError,
-  value: unknown,
-): string {
-  const seen = new Set<string>();
-  const parts: string[] = [];
-  for (const issue of error.issues) {
-    const name = issue.path.length ? issue.path.map(String).join('.') : 'input';
-    // A parameter the model omitted entirely reads as `undefined` at its path;
-    // anything else is present-but-invalid (wrong type, too short, etc.).
-    const missing = valueAtPath(value, issue.path) === undefined;
-    const part = `parameter "${name}": ${missing ? 'missing (required)' : 'invalid'}`;
-    if (seen.has(part)) continue;
-    seen.add(part);
-    parts.push(part);
-  }
-  if (parts.length === 0) {
-    // Defensive: a ZodError always has issues, but never emit an empty list.
-    parts.push('input: invalid');
-  }
-  return (
-    `Invalid input for this tool — ${parts.join('; ')}. ` +
-    'Re-issue the call with EVERY required parameter present and valid. ' +
-    "Do not drop ids like pageId, even when making parallel/batch tool calls — " +
-    'each tool call must carry its own pageId.'
-  );
-}
-
-/** Read the value at a zod issue path; returns undefined if any hop is absent. */
-function valueAtPath(value: unknown, path: ReadonlyArray<PropertyKey>): unknown {
-  let current: unknown = value;
-  for (const key of path) {
-    if (current === null || typeof current !== 'object') return undefined;
-    current = (current as Record<PropertyKey, unknown>)[key];
-  }
-  return current;
-}

apps/server/src/core/ai-chat/tools/public-share-chat-tools.service.ts

@@ -5,7 +5,6 @@ import { ShareService } from '../../share/share.service';
 import { SearchService } from '../../search/search.service';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
 import { jsonToMarkdown } from '../../../collaboration/collaboration.util';
-import { modelFriendlyInput } from './model-friendly-input';
 
 /**
  * Isolated, READ-ONLY toolset for the ANONYMOUS public-share assistant.
@@ -53,7 +52,7 @@ export class PublicShareChatToolsService {
           '(key terms and entities), not a full sentence. If the first ' +
           'results look weak, search again with different wording before ' +
           'answering. Only pages inside this share are ever returned.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           query: z.string().describe('The search query.'),
           limit: z
             .number()
@@ -88,7 +87,7 @@ export class PublicShareChatToolsService {
           'Markdown, by its page id. Returns the page title and its Markdown ' +
           'content. Only pages inside this share can be read; reading any ' +
           'other page fails.',
-        inputSchema: modelFriendlyInput({
+        inputSchema: z.object({
           pageId: z
             .string()
             .describe('The id (or slugId) of a page within this share.'),
@@ -143,7 +142,7 @@ export class PublicShareChatToolsService {
           'List the pages (titles + ids) that make up THIS published ' +
           'documentation share, so you can orient yourself before reading or ' +
           'searching. Only pages inside this share are listed.',
-        inputSchema: modelFriendlyInput({}),
+        inputSchema: z.object({}),
         execute: async () => {
           // Reuse the same share-tree logic the public /shares/tree route uses:
           // it validates the share + workspace, excludes restricted subtrees,

apps/server/src/core/auth/dto/jwt-payload.ts

@@ -3,8 +3,12 @@
  * from the SIGNED token claim (never a request body), so 'agent' is unspoofable.
  * Single source of truth so a typo like 'agnet' can't slip through as a bare
  * string (#143 review). Distinct from `ActorType` (auth principal kind).
+ *
+ * 'git-sync' marks writes made by the git-sync data plane (issue #194 §8.1). It NEVER
+ * travels in a user-facing token; it is set in-process on the collab connection
+ * context by the native datasource, so it cannot be spoofed from a request.
  */
-export type ProvenanceSource = 'user' | 'agent';
+export type ProvenanceSource = 'user' | 'agent' | 'git-sync';
 
 export enum JwtType {
   ACCESS = 'access',
@@ -26,7 +30,8 @@ export type JwtPayload = {
   // normal user token (treated as 'user'); set only when the internal agent
   // mints a provenance access token so REST writes (create/rename/move page,
   // comment create/resolve) record a non-spoofable 'agent' marker (§6.5 / §15
-  // C3 / §14 N2).
+  // C3 / §14 N2). (git-sync writes use the in-process actor, not a token — see
+  // the ProvenanceSource note.)
   actor?: ProvenanceSource;
   // Nullable: an external MCP agent has no internal ai_chats row, so it carries
   // an 'agent' actor with a null aiChatId.
@@ -39,7 +44,8 @@ export type JwtCollabPayload = {
   type: 'collab';
   // Optional agent-edit provenance, signed into the collab token. Absent for
   // the human collab path (treated as 'user'); set only when the internal agent
-  // mints a provenance collab token (§6.6 / §15 C2).
+  // mints a provenance collab token (§6.6 / §15 C2). 'git-sync' (in ProvenanceSource)
+  // is accepted for type-compatibility with the in-process git-sync write path.
   actor?: ProvenanceSource;
   // Nullable: an external MCP agent has no internal ai_chats row, so it carries
   // an 'agent' actor with a null aiChatId.

apps/server/src/core/page/services/page.service.spec.ts

@@ -1,7 +1,10 @@
 import { BadRequestException } from '@nestjs/common';
 import { PageService } from './page.service';
 import { MovePageDto } from '../dto/move-page.dto';
-import { Page } from '@docmost/db/types/entity.types';
+import { CreatePageDto } from '../dto/create-page.dto';
+import { UpdatePageDto } from '../dto/update-page.dto';
+import { Page, User } from '@docmost/db/types/entity.types';
+import { AuthProvenanceData } from '../../../common/decorators/auth-provenance.decorator';
 
 // Direct instantiation with stub deps. The Test.createTestingModule form failed
 // to resolve the @InjectKysely()/@InjectQueue() tokens at compile(), and this
@@ -57,28 +60,11 @@ describe('PageService', () => {
 
       const eventEmitter = { emit: jest.fn() };
 
-      // movePage now runs the cycle-check + UPDATE inside executeTx(this.db),
-      // i.e. this.db.transaction().execute(fn => fn(trx)). A permissive chainable
-      // Proxy stands in for the Kysely trx so the per-space advisory-lock
-      // `sql``.execute(trx)` resolves; a thrown BadRequestException still
-      // propagates out of the transaction unchanged.
-      const trxStub: any = new Proxy(function () {}, {
-        get: (_t, p) =>
-          p === 'then'
-            ? undefined
-            : p === 'execute' || p === 'executeTakeFirst'
-              ? () => Promise.resolve([])
-              : () => trxStub,
-      });
-      const db = {
-        transaction: () => ({ execute: (fn: any) => fn(trxStub) }),
-      };
-
       const svc = new PageService(
         pageRepo as any, // pageRepo
         {} as any, // pagePermissionRepo
         {} as any, // attachmentRepo
-        db as any, // db
+        {} as any, // db
         {} as any, // storageService
         {} as any, // attachmentQueue
         {} as any, // aiQueue
@@ -285,23 +271,9 @@ describe('PageService', () => {
           }),
           updatePage: jest.fn().mockResolvedValue({ numUpdatedRows: 1n }),
         };
-        // movePage now runs the cycle-check + UPDATE inside executeTx(this.db),
-        // which calls this.db.transaction().execute(fn => fn(trx)). A permissive
-        // chainable Proxy stands in for the Kysely trx so the per-space
-        // advisory-lock `sql``.execute(trx)` resolves and updatePage receives it.
-        const trxStub: any = new Proxy(function () {}, {
-          get: (_t, p) =>
-            p === 'then'
-              ? undefined
-              : p === 'execute' || p === 'executeTakeFirst'
-                ? () => Promise.resolve([])
-                : () => trxStub,
-        });
         const svc = makeSvc({
           pageRepo,
-          db: {
-            transaction: () => ({ execute: (fn: any) => fn(trxStub) }),
-          } as any,
+          db: {} as any,
         });
         // Legitimate move: destination ancestors do NOT include the moved page.
         jest
@@ -420,4 +392,279 @@ describe('PageService', () => {
       });
     });
   });
+
+  describe('git-sync provenance stamping (#1)', () => {
+    const GIT_SYNC: AuthProvenanceData = { actor: 'git-sync', aiChatId: null };
+    const USER_PROVENANCE: AuthProvenanceData = { actor: 'user', aiChatId: null };
+
+    describe('create()', () => {
+      // Build a service whose insertPage/generalQueue are observable and whose
+      // nextPagePosition (a DB query) is stubbed, so create() reaches insertPage
+      // without a real database.
+      const makeService = () => {
+        const insertedPage = { id: 'page-1', slugId: 'slug-1' };
+        const pageRepo = {
+          insertPage: jest.fn().mockResolvedValue(insertedPage),
+        };
+        // add() is fire-and-forget (the service .catch()es it); resolve so no
+        // unhandled rejection leaks.
+        const generalQueue = { add: jest.fn().mockResolvedValue(undefined) };
+
+        const svc = new PageService(
+          pageRepo as any, // pageRepo
+          {} as any, // pagePermissionRepo
+          {} as any, // attachmentRepo
+          {} as any, // db
+          {} as any, // storageService
+          {} as any, // attachmentQueue
+          {} as any, // aiQueue
+          generalQueue as any, // generalQueue
+          {} as any, // eventEmitter
+          {} as any, // collaborationGateway
+          {} as any, // watcherService
+          {} as any, // transclusionService
+        );
+
+        // nextPagePosition runs a kysely query; stub it so create() never hits
+        // the db. No DTO content is provided, so parseProsemirrorContent is
+        // skipped entirely (content/textContent/ydoc stay undefined).
+        jest.spyOn(svc, 'nextPagePosition').mockResolvedValue('a0');
+
+        return { svc, pageRepo };
+      };
+
+      const createDto: CreatePageDto = {
+        title: 'New page',
+        spaceId: 'space-1',
+      } as any;
+
+      it("stamps lastUpdatedSource:'git-sync' on the insertPage payload", async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.create('user-1', 'ws-1', createDto, GIT_SYNC);
+
+        expect(pageRepo.insertPage).toHaveBeenCalledTimes(1);
+        expect(pageRepo.insertPage).toHaveBeenCalledWith(
+          expect.objectContaining({ lastUpdatedSource: 'git-sync' }),
+        );
+        // git-sync carries no aiChatId (unlike the agent branch).
+        const payload = pageRepo.insertPage.mock.calls[0][0];
+        expect(payload.lastUpdatedAiChatId).toBeUndefined();
+        // The human stays the responsible author.
+        expect(payload.creatorId).toBe('user-1');
+        expect(payload.lastUpdatedById).toBe('user-1');
+      });
+
+      it('leaves the source column unset for a plain user create', async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.create('user-1', 'ws-1', createDto, USER_PROVENANCE);
+
+        const payload = pageRepo.insertPage.mock.calls[0][0];
+        expect(payload.lastUpdatedSource).toBeUndefined();
+      });
+    });
+
+    describe('update() (rename)', () => {
+      const makeService = () => {
+        const pageRepo = {
+          updatePage: jest.fn().mockResolvedValue({ numUpdatedRows: 1n }),
+          // update() re-reads the row at the end to return the refreshed page.
+          findById: jest.fn().mockResolvedValue({ id: 'page-1' }),
+        };
+        const generalQueue = { add: jest.fn().mockResolvedValue(undefined) };
+        const aiQueue = { add: jest.fn().mockResolvedValue(undefined) };
+
+        const svc = new PageService(
+          pageRepo as any, // pageRepo
+          {} as any, // pagePermissionRepo
+          {} as any, // attachmentRepo
+          {} as any, // db
+          {} as any, // storageService
+          {} as any, // attachmentQueue
+          aiQueue as any, // aiQueue
+          generalQueue as any, // generalQueue
+          {} as any, // eventEmitter
+          {} as any, // collaborationGateway
+          {} as any, // watcherService
+          {} as any, // transclusionService
+        );
+
+        return { svc, pageRepo };
+      };
+
+      const page: Page = {
+        id: 'page-1',
+        slugId: 'slug-1',
+        spaceId: 'space-1',
+        workspaceId: 'ws-1',
+        title: 'Old title',
+        icon: null,
+        parentPageId: null,
+        contributorIds: [],
+      } as any;
+
+      const user: User = { id: 'user-1' } as any;
+
+      it("stamps lastUpdatedSource:'git-sync' on the updatePage payload", async () => {
+        const { svc, pageRepo } = makeService();
+        const dto: UpdatePageDto = { title: 'New title' } as any;
+
+        await svc.update(page, dto, user, GIT_SYNC);
+
+        expect(pageRepo.updatePage).toHaveBeenCalledTimes(1);
+        const payload = pageRepo.updatePage.mock.calls[0][0];
+        expect(payload.lastUpdatedSource).toBe('git-sync');
+        expect(payload.lastUpdatedAiChatId).toBeUndefined();
+        // The acting user stays the responsible author.
+        expect(payload.lastUpdatedById).toBe('user-1');
+      });
+
+      it('leaves the source column unset for a plain user rename', async () => {
+        const { svc, pageRepo } = makeService();
+        const dto: UpdatePageDto = { title: 'New title' } as any;
+
+        await svc.update(page, dto, user, USER_PROVENANCE);
+
+        const payload = pageRepo.updatePage.mock.calls[0][0];
+        expect(payload.lastUpdatedSource).toBeUndefined();
+      });
+    });
+
+    describe('movePage()', () => {
+      const SPACE_ID = 'space-1';
+      const VALID_POSITION = 'a0';
+
+      const makeService = () => {
+        const pageRepo = {
+          findById: jest.fn().mockResolvedValue({
+            id: 'dest-parent',
+            deletedAt: null,
+            spaceId: SPACE_ID,
+          }),
+          updatePage: jest.fn().mockResolvedValue({ numUpdatedRows: 1n }),
+        };
+        const eventEmitter = { emit: jest.fn() };
+
+        const svc = new PageService(
+          pageRepo as any, // pageRepo
+          {} as any, // pagePermissionRepo
+          {} as any, // attachmentRepo
+          {} as any, // db
+          {} as any, // storageService
+          {} as any, // attachmentQueue
+          {} as any, // aiQueue
+          {} as any, // generalQueue
+          eventEmitter as any, // eventEmitter
+          {} as any, // collaborationGateway
+          {} as any, // watcherService
+          {} as any, // transclusionService
+        );
+
+        // No cycle: the destination's ancestor chain does not contain the moved
+        // page, so movePage reaches updatePage.
+        jest
+          .spyOn(svc, 'getPageBreadCrumbs')
+          .mockResolvedValue([{ id: 'dest-parent' }, { id: 'root' }] as any);
+
+        return { svc, pageRepo };
+      };
+
+      const movedPage: Page = {
+        id: 'page-1',
+        parentPageId: 'old-parent',
+        spaceId: SPACE_ID,
+        workspaceId: 'ws-1',
+        slugId: 'slug-1',
+        title: 'Page 1',
+        icon: null,
+      } as any;
+
+      const dto: MovePageDto = {
+        pageId: 'page-1',
+        position: VALID_POSITION,
+        parentPageId: 'dest-parent',
+      };
+
+      it("stamps lastUpdatedSource:'git-sync' on the updatePage payload", async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.movePage(dto, movedPage, GIT_SYNC);
+
+        expect(pageRepo.updatePage).toHaveBeenCalledTimes(1);
+        const payload = pageRepo.updatePage.mock.calls[0][0];
+        expect(payload.lastUpdatedSource).toBe('git-sync');
+        expect(payload.lastUpdatedAiChatId).toBeUndefined();
+      });
+
+      it('leaves the source column unset for a plain user move', async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.movePage(dto, movedPage, USER_PROVENANCE);
+
+        const payload = pageRepo.updatePage.mock.calls[0][0];
+        expect(payload.lastUpdatedSource).toBeUndefined();
+      });
+    });
+
+    describe('removePage()', () => {
+      // removePage forwards a `source` 4th arg to pageRepo.removePage: 'git-sync'
+      // for a git-sync-driven soft-delete (so the change-listener loop-guard skips
+      // its own write), undefined otherwise.
+      const makeService = () => {
+        const pageRepo = {
+          removePage: jest.fn().mockResolvedValue(undefined),
+        };
+
+        const svc = new PageService(
+          pageRepo as any, // pageRepo
+          {} as any, // pagePermissionRepo
+          {} as any, // attachmentRepo
+          {} as any, // db
+          {} as any, // storageService
+          {} as any, // attachmentQueue
+          {} as any, // aiQueue
+          {} as any, // generalQueue
+          {} as any, // eventEmitter
+          {} as any, // collaborationGateway
+          {} as any, // watcherService
+          {} as any, // transclusionService
+        );
+
+        return { svc, pageRepo };
+      };
+
+      it("forwards 'git-sync' as the source for a git-sync soft-delete", async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.removePage('page-1', 'user-1', 'ws-1', GIT_SYNC);
+
+        expect(pageRepo.removePage).toHaveBeenCalledTimes(1);
+        const [pageId, userId, workspaceId, source] =
+          pageRepo.removePage.mock.calls[0];
+        expect(pageId).toBe('page-1');
+        expect(userId).toBe('user-1');
+        expect(workspaceId).toBe('ws-1');
+        expect(source).toBe('git-sync');
+      });
+
+      it('forwards undefined as the source for a plain user delete', async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.removePage('page-1', 'user-1', 'ws-1', USER_PROVENANCE);
+
+        const [, , , source] = pageRepo.removePage.mock.calls[0];
+        expect(source).toBeUndefined();
+      });
+
+      it('forwards undefined as the source when no provenance is given', async () => {
+        const { svc, pageRepo } = makeService();
+
+        await svc.removePage('page-1', 'user-1', 'ws-1');
+
+        const [, , , source] = pageRepo.removePage.mock.calls[0];
+        expect(source).toBeUndefined();
+      });
+    });
+  });
 });

apps/server/src/core/page/services/page.service.ts

@@ -15,13 +15,13 @@ import {
   executeWithCursorPagination,
 } from '@docmost/db/pagination/cursor-pagination';
 import { InjectKysely } from 'nestjs-kysely';
-import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
+import { KyselyDB } from '@docmost/db/types/kysely.types';
 import { generateJitteredKeyBetween } from 'fractional-indexing-jittered';
 import { MovePageDto } from '../dto/move-page.dto';
 import { shapeSidebarPagesTree } from './sidebar-pages-tree.util';
 import { generateSlugId } from '../../../common/helpers';
 import { getPageTitle } from '../../../common/helpers';
-import { dbOrTx, executeTx } from '@docmost/db/utils';
+import { executeTx } from '@docmost/db/utils';
 import { AttachmentRepo } from '@docmost/db/repos/attachment/attachment.repo';
 import { v7 as uuid7 } from 'uuid';
 import {
@@ -62,23 +62,6 @@ import {
   agentSourceFields,
 } from '../../../common/decorators/auth-provenance.decorator';
 
-// Hard upper bound on how deep the recursive page-tree CTEs (ancestor /
-// descendant traversals) may walk. Real page trees are only a handful of levels
-// deep, so this cap never truncates a legitimate result; it purely defends the
-// recursive CTEs against runaway iteration if a parent/child cycle ever exists
-// in the data (e.g. one slipped in before the move guard, #207 #8). Without it a
-// cycle makes `withRecursive` loop forever (hang / statement timeout), and the
-// move guard itself calls one of these CTEs — so a cycle would disable the very
-// guard meant to prevent it. Each CTE carries a depth counter and stops here.
-const MAX_PAGE_TREE_DEPTH = 10_000;
-
-// Advisory-lock namespace (the first key of pg_advisory_xact_lock) used to
-// serialize concurrent page moves within a single space so the cycle check and
-// the move UPDATE stay atomic (see movePage, #207 #7). A dedicated namespace
-// constant keeps these locks from colliding with any other advisory lock; the
-// second key is hashtext(spaceId). Fits a signed int4 ('page' in ASCII).
-const PAGE_MOVE_LOCK_NAMESPACE = 0x70616765;
-
 @Injectable()
 export class PageService {
   private readonly logger = new Logger(PageService.name);
@@ -618,13 +601,7 @@ export class PageService {
       slugIdMap.set(entry.oldSlugId, entry);
     }
 
-    // Keyed by old attachmentId. A single attachment can be referenced by more
-    // than one page in the copied subtree (e.g. a block copy-pasted into a child
-    // page keeps the same attachmentId). Each referencing page needs its own
-    // fresh attachment id / row / blob copy, so the value is a LIST of copy
-    // entries rather than a single one — otherwise the last page's entry would
-    // clobber the others and their images would 404 in the copies (#206 attach-1).
-    const attachmentMap = new Map<string, ICopyPageAttachment[]>();
+    const attachmentMap = new Map<string, ICopyPageAttachment>();
 
     const insertablePages: InsertablePage[] = await Promise.all(
       pages.map(async (page) => {
@@ -640,14 +617,12 @@ export class PageService {
           attachmentIds.forEach((attachmentId: string) => {
             const newPageId = pageFromMap.newPageId;
             const newAttachmentId = uuid7();
-            const existingEntries = attachmentMap.get(attachmentId) ?? [];
-            existingEntries.push({
+            attachmentMap.set(attachmentId, {
               newPageId: newPageId,
               oldPageId: page.id,
               oldAttachmentId: attachmentId,
               newAttachmentId: newAttachmentId,
             });
-            attachmentMap.set(attachmentId, existingEntries);
 
             prosemirrorDoc.descendants((node: PMNode) => {
               if (isAttachmentNode(node.type.name)) {
@@ -844,53 +819,51 @@ export class PageService {
         .execute();
 
       for (const attachment of attachments) {
-        // One source attachment may need to be copied for several destination
-        // pages (it is referenced by more than one page in the subtree). Copy a
-        // distinct blob + row for every referencing page so each copy resolves
-        // (#206 attach-1). The old per-page ownership guard is gone: when the
-        // same attachmentId is shared, only one page would ever match the row's
-        // pageId, silently dropping the other copies.
-        const pageAttachments = attachmentMap.get(attachment.id) ?? [];
-        for (const pageAttachment of pageAttachments) {
-          try {
-            const newAttachmentId = pageAttachment.newAttachmentId;
+        try {
+          const pageAttachment = attachmentMap.get(attachment.id);
 
-            const newPageId = pageAttachment.newPageId;
-
-            const newPathFile = attachment.filePath.replace(
-              attachment.id,
-              newAttachmentId,
-            );
-
-            try {
-              await this.storageService.copy(attachment.filePath, newPathFile);
-
-              await this.db
-                .insertInto('attachments')
-                .values({
-                  id: newAttachmentId,
-                  type: attachment.type,
-                  filePath: newPathFile,
-                  fileName: attachment.fileName,
-                  fileSize: attachment.fileSize,
-                  mimeType: attachment.mimeType,
-                  fileExt: attachment.fileExt,
-                  creatorId: attachment.creatorId,
-                  workspaceId: attachment.workspaceId,
-                  pageId: newPageId,
-                  spaceId: spaceId,
-                })
-                .execute();
-            } catch (err) {
-              this.logger.error(
-                `Duplicate page: failed to copy attachment ${attachment.id}`,
-                err,
-              );
-              // Continue with other attachments even if one fails
-            }
-          } catch (err) {
-            this.logger.error(err);
+          // make sure the copied attachment belongs to the page it was copied from
+          if (attachment.pageId !== pageAttachment.oldPageId) {
+            continue;
           }
+
+          const newAttachmentId = pageAttachment.newAttachmentId;
+
+          const newPageId = pageAttachment.newPageId;
+
+          const newPathFile = attachment.filePath.replace(
+            attachment.id,
+            newAttachmentId,
+          );
+
+          try {
+            await this.storageService.copy(attachment.filePath, newPathFile);
+
+            await this.db
+              .insertInto('attachments')
+              .values({
+                id: newAttachmentId,
+                type: attachment.type,
+                filePath: newPathFile,
+                fileName: attachment.fileName,
+                fileSize: attachment.fileSize,
+                mimeType: attachment.mimeType,
+                fileExt: attachment.fileExt,
+                creatorId: attachment.creatorId,
+                workspaceId: attachment.workspaceId,
+                pageId: newPageId,
+                spaceId: spaceId,
+              })
+              .execute();
+          } catch (err) {
+            this.logger.error(
+              `Duplicate page: failed to copy attachment ${attachment.id}`,
+              err,
+            );
+            // Continue with other attachments even if one fails
+          }
+        } catch (err) {
+          this.logger.error(err);
         }
       }
     }
@@ -942,61 +915,34 @@ export class PageService {
       }
     }
 
-    // Server-side cycle guard + the move UPDATE run in ONE transaction. A page
-    // may not be moved into itself or into any page within its own subtree;
-    // without this an MCP/REST/agent caller (or a fast drag racing the client
-    // check) could persist a cycle and broadcast it. Crucially, doing the guard
-    // and the write as two separate, unlocked statements is a TOCTOU race: two
-    // concurrent moves ("A under B" and "B under A") can each read the same
-    // pre-write acyclic snapshot, both pass the guard, then persist
-    // A.parentPageId=B AND B.parentPageId=A — a parent/child cycle (#207 #7). A
-    // per-space advisory lock (held until COMMIT) serializes all moves within a
-    // space: the second mover blocks until the first commits and then sees the
-    // freshly written parent, so its guard rejects the cycle.
-    const updateResult = await executeTx(this.db, async (trx) => {
-      await sql`select pg_advisory_xact_lock(${sql.lit(
-        PAGE_MOVE_LOCK_NAMESPACE,
-      )}, hashtext(${movedPage.spaceId}))`.execute(trx);
-
-      // Only relevant when re-parenting under a concrete parent; moving to root
-      // (parentPageId null/undefined) can never create a cycle.
-      if (dto.parentPageId) {
-        if (dto.parentPageId === dto.pageId) {
-          throw new BadRequestException(
-            'Cannot move a page into its own subtree',
-          );
-        }
-        // Walk the destination parent's ancestor chain (reusing the breadcrumb
-        // ancestor CTE) inside the lock. If the page being moved appears among
-        // those ancestors, the destination lives inside the moved page's
-        // subtree -> cycle.
-        const destAncestors = await this.getPageBreadCrumbs(
-          dto.parentPageId,
-          trx,
-        );
-        if (destAncestors.some((ancestor) => ancestor.id === dto.pageId)) {
-          throw new BadRequestException(
-            'Cannot move a page into its own subtree',
-          );
-        }
+    // Server-side cycle guard: a page may not be moved into itself or into any
+    // page within its own subtree. Without this, an MCP/REST/agent caller (or a
+    // fast drag racing the client check) could persist a cycle and broadcast it.
+    // Only relevant when re-parenting under a concrete parent; moving to root
+    // (parentPageId null/undefined) can never create a cycle.
+    if (dto.parentPageId) {
+      if (dto.parentPageId === dto.pageId) {
+        throw new BadRequestException('Cannot move a page into its own subtree');
       }
+      // Walk the destination parent's ancestor chain (reusing the breadcrumb
+      // ancestor CTE). If the page being moved appears among those ancestors,
+      // the destination lives inside the moved page's subtree -> cycle.
+      const destAncestors = await this.getPageBreadCrumbs(dto.parentPageId);
+      if (destAncestors.some((ancestor) => ancestor.id === dto.pageId)) {
+        throw new BadRequestException('Cannot move a page into its own subtree');
+      }
+    }
 
-      return this.pageRepo.updatePage(
-        {
-          position: dto.position,
-          parentPageId: parentPageId,
-          // Agent-edit provenance: annotate the source on an agent move. A
-          // normal user request leaves the existing source value unchanged.
-          ...agentSourceFields(
-            provenance,
-            'lastUpdatedSource',
-            'lastUpdatedAiChatId',
-          ),
-        },
-        dto.pageId,
-        trx,
-      );
-    });
+    const updateResult = await this.pageRepo.updatePage(
+      {
+        position: dto.position,
+        parentPageId: parentPageId,
+        // Agent-edit provenance: annotate the source on an agent move. A normal
+        // user request leaves the existing source value unchanged.
+        ...agentSourceFields(provenance, 'lastUpdatedSource', 'lastUpdatedAiChatId'),
+      },
+      dto.pageId,
+    );
 
     // Guard against a phantom broadcast: if the row was concurrently deleted or
     // otherwise not updated, skip the PAGE_MOVED event so we don't replay a move
@@ -1035,8 +981,8 @@ export class PageService {
     });
   }
 
-  async getPageBreadCrumbs(childPageId: string, trx?: KyselyTransaction) {
-    const ancestors = await dbOrTx(this.db, trx)
+  async getPageBreadCrumbs(childPageId: string) {
+    const ancestors = await this.db
       .withRecursive('page_ancestors', (db) =>
         db
           .selectFrom('pages')
@@ -1050,9 +996,6 @@ export class PageService {
             'spaceId',
             'deletedAt',
           ])
-          // Depth counter: bounds the walk so a parent/child cycle in the data
-          // can't make this recursive CTE loop forever (#207 #8).
-          .select(sql<number>`0`.as('depth'))
           .where('id', '=', childPageId)
           .where('deletedAt', 'is', null)
           .unionAll((exp) =>
@@ -1068,25 +1011,12 @@ export class PageService {
                 'p.spaceId',
                 'p.deletedAt',
               ])
-              .select(sql<number>`pa.depth + 1`.as('depth'))
               .innerJoin('page_ancestors as pa', 'pa.parentPageId', 'p.id')
-              .where('p.deletedAt', 'is', null)
-              .where(sql<number>`pa.depth`, '<', MAX_PAGE_TREE_DEPTH),
+              .where('p.deletedAt', 'is', null),
           ),
       )
       .selectFrom('page_ancestors')
-      // Explicit column list (not selectAll) so the internal `depth` counter
-      // never leaks into the breadcrumb result shape.
-      .select([
-        'id',
-        'slugId',
-        'title',
-        'icon',
-        'position',
-        'parentPageId',
-        'spaceId',
-        'deletedAt',
-      ])
+      .selectAll('page_ancestors')
       .select((eb) =>
         eb
           .exists(
@@ -1207,21 +1137,16 @@ export class PageService {
         db
           .selectFrom('pages')
           .select(['id'])
-          // Depth counter: bounds the walk so a parent/child cycle in the data
-          // can't make this recursive CTE loop forever (#207 #8).
-          .select(sql<number>`0`.as('depth'))
           .where('id', '=', pageId)
           .unionAll((exp) =>
             exp
               .selectFrom('pages as p')
               .select(['p.id'])
-              .select(sql<number>`pd.depth + 1`.as('depth'))
-              .innerJoin('page_descendants as pd', 'pd.id', 'p.parentPageId')
-              .where(sql<number>`pd.depth`, '<', MAX_PAGE_TREE_DEPTH),
+              .innerJoin('page_descendants as pd', 'pd.id', 'p.parentPageId'),
           ),
       )
       .selectFrom('page_descendants')
-      .select(['id'])
+      .selectAll()
       .execute();
 
     const pageIds = descendants.map((d) => d.id);
@@ -1257,8 +1182,18 @@ export class PageService {
     pageId: string,
     userId: string,
     workspaceId: string,
+    // Optional provenance. A git-sync-driven soft-delete stamps
+    // `lastUpdatedSource = 'git-sync'` so the change-listener loop-guard skips
+    // its own write (mirrors the create/update/move provenance branches above).
+    provenance?: AuthProvenanceData,
   ): Promise<void> {
-    await this.pageRepo.removePage(pageId, userId, workspaceId);
+    const isGitSync = provenance?.actor === 'git-sync';
+    await this.pageRepo.removePage(
+      pageId,
+      userId,
+      workspaceId,
+      isGitSync ? 'git-sync' : undefined,
+    );
   }
 
   private async parseProsemirrorContent(

apps/server/src/core/space/dto/update-space.dto.ts

@@ -15,4 +15,12 @@ export class UpdateSpaceDto extends PartialType(CreateSpaceDto) {
   @IsOptional()
   @IsBoolean()
   allowViewerComments: boolean;
+
+  @IsOptional()
+  @IsBoolean()
+  gitSyncEnabled?: boolean;
+
+  @IsOptional()
+  @IsBoolean()
+  autoMergeConflicts?: boolean;
 }

apps/server/src/core/space/services/space.service.spec.ts

@@ -22,4 +22,199 @@ describe('SpaceService', () => {
   it('should be defined', () => {
     expect(service).toBeDefined();
   });
+
+  describe('updateSpace gitSyncEnabled', () => {
+    const workspaceId = 'ws-1';
+    const spaceId = 'space-1';
+
+    // executeTx runs the callback immediately with a passthrough trx so the
+    // repo calls happen inline; mirrors how the sibling sharing/comments flags
+    // are persisted.
+    const buildService = (settingsBefore: Record<string, any>) => {
+      const spaceRepo = {
+        findById: jest.fn().mockResolvedValue({
+          id: spaceId,
+          name: 'Space',
+          slug: 'space',
+          description: '',
+          settings: settingsBefore,
+        }),
+        updateGitSyncSettings: jest.fn().mockResolvedValue({}),
+        updateSharingSettings: jest.fn().mockResolvedValue({}),
+        updateCommentSettings: jest.fn().mockResolvedValue({}),
+        updateSpace: jest
+          .fn()
+          .mockResolvedValue({ id: spaceId, name: 'Space', slug: 'space' }),
+        slugExists: jest.fn().mockResolvedValue(false),
+      };
+      const auditService = { log: jest.fn() };
+
+      const svc = new SpaceService(
+        spaceRepo as any,
+        {} as any, // spaceMemberService
+        {} as any, // shareRepo
+        {} as any, // workspaceRepo
+        {} as any, // licenseCheckService
+        {} as any, // db
+        {} as any, // attachmentQueue
+        auditService as any,
+      );
+
+      // executeTx is invoked via the imported helper; patch it on the module.
+      jest
+        .spyOn(require('@docmost/db/utils'), 'executeTx')
+        .mockImplementation(async (_db: any, cb: any) => cb({} as any));
+
+      return { svc, spaceRepo, auditService };
+    };
+
+    it('persists gitSyncEnabled via updateGitSyncSettings(enabled)', async () => {
+      const { svc, spaceRepo } = buildService({});
+
+      await svc.updateSpace(
+        { spaceId, gitSyncEnabled: true } as any,
+        workspaceId,
+      );
+
+      expect(spaceRepo.updateGitSyncSettings).toHaveBeenCalledWith(
+        spaceId,
+        workspaceId,
+        'enabled',
+        true,
+        expect.anything(),
+      );
+    });
+
+    it('does not call updateGitSyncSettings when flag is undefined', async () => {
+      const { svc, spaceRepo } = buildService({});
+
+      await svc.updateSpace({ spaceId } as any, workspaceId);
+
+      expect(spaceRepo.updateGitSyncSettings).not.toHaveBeenCalled();
+    });
+
+    // --- audit delta on the git-sync toggle (test-strategy Module 4 / item #5)
+    // updateSpace builds a before/after delta only when a flag's value actually
+    // changes, and only logs an audit event when that delta is non-empty. These
+    // assert that contract specifically for gitSyncEnabled.
+    it('writes a SPACE_UPDATED audit delta on a REAL gitSyncEnabled change (false -> true)', async () => {
+      // Prior persisted state: gitSync.enabled = false; the request flips it on.
+      const { svc, auditService } = buildService({ gitSync: { enabled: false } });
+
+      await svc.updateSpace(
+        { spaceId, gitSyncEnabled: true } as any,
+        workspaceId,
+      );
+
+      expect(auditService.log).toHaveBeenCalledTimes(1);
+      expect(auditService.log).toHaveBeenCalledWith(
+        expect.objectContaining({
+          resourceId: spaceId,
+          spaceId,
+          changes: {
+            before: expect.objectContaining({ gitSyncEnabled: false }),
+            after: expect.objectContaining({ gitSyncEnabled: true }),
+          },
+        }),
+      );
+    });
+
+    it('also records the delta when no prior gitSync settings exist (undefined -> true defaults prev to false)', async () => {
+      // No gitSync key at all: prev resolves to the `?? false` default, so
+      // enabling it is still a real change and is audited.
+      const { svc, auditService } = buildService({});
+
+      await svc.updateSpace(
+        { spaceId, gitSyncEnabled: true } as any,
+        workspaceId,
+      );
+
+      expect(auditService.log).toHaveBeenCalledTimes(1);
+      const call = auditService.log.mock.calls[0][0];
+      expect(call.changes.before.gitSyncEnabled).toBe(false);
+      expect(call.changes.after.gitSyncEnabled).toBe(true);
+    });
+
+    it('does NOT write an audit delta on a no-op gitSyncEnabled (same value true -> true)', async () => {
+      // Prior persisted state already true; the request sets the same value.
+      // updateGitSyncSettings still runs (idempotent persist), but nothing is
+      // added to the before/after delta, so no audit event is emitted.
+      const { svc, spaceRepo, auditService } = buildService({
+        gitSync: { enabled: true },
+      });
+
+      await svc.updateSpace(
+        { spaceId, gitSyncEnabled: true } as any,
+        workspaceId,
+      );
+
+      expect(spaceRepo.updateGitSyncSettings).toHaveBeenCalledTimes(1);
+      expect(auditService.log).not.toHaveBeenCalled();
+    });
+
+    // --- autoMergeConflicts: a SECOND key in the SAME `gitSync` jsonb object,
+    // persisted the same way as `enabled` (the repo's jsonb-merge keeps siblings).
+    it('persists autoMergeConflicts via updateGitSyncSettings(autoMergeConflicts)', async () => {
+      const { svc, spaceRepo } = buildService({});
+
+      await svc.updateSpace(
+        { spaceId, autoMergeConflicts: true } as any,
+        workspaceId,
+      );
+
+      expect(spaceRepo.updateGitSyncSettings).toHaveBeenCalledWith(
+        spaceId,
+        workspaceId,
+        'autoMergeConflicts',
+        true,
+        expect.anything(),
+      );
+    });
+
+    it('does not call updateGitSyncSettings when autoMergeConflicts is undefined', async () => {
+      const { svc, spaceRepo } = buildService({});
+
+      await svc.updateSpace({ spaceId } as any, workspaceId);
+
+      expect(spaceRepo.updateGitSyncSettings).not.toHaveBeenCalled();
+    });
+
+    it('writes a SPACE_UPDATED audit delta on a REAL autoMergeConflicts change (false -> true)', async () => {
+      // Prior persisted state: gitSync.autoMergeConflicts = false; flip it on.
+      const { svc, auditService } = buildService({
+        gitSync: { autoMergeConflicts: false },
+      });
+
+      await svc.updateSpace(
+        { spaceId, autoMergeConflicts: true } as any,
+        workspaceId,
+      );
+
+      expect(auditService.log).toHaveBeenCalledTimes(1);
+      expect(auditService.log).toHaveBeenCalledWith(
+        expect.objectContaining({
+          resourceId: spaceId,
+          spaceId,
+          changes: {
+            before: expect.objectContaining({ autoMergeConflicts: false }),
+            after: expect.objectContaining({ autoMergeConflicts: true }),
+          },
+        }),
+      );
+    });
+
+    it('does NOT write an audit delta on a no-op autoMergeConflicts (same value true -> true)', async () => {
+      const { svc, spaceRepo, auditService } = buildService({
+        gitSync: { autoMergeConflicts: true },
+      });
+
+      await svc.updateSpace(
+        { spaceId, autoMergeConflicts: true } as any,
+        workspaceId,
+      );
+
+      expect(spaceRepo.updateGitSyncSettings).toHaveBeenCalledTimes(1);
+      expect(auditService.log).not.toHaveBeenCalled();
+    });
+  });
 });

apps/server/src/core/space/services/space.service.ts

@@ -213,6 +213,41 @@ export class SpaceService {
         );
       }
 
+      if (typeof updateSpaceDto.gitSyncEnabled !== 'undefined') {
+        const prev = settingsBefore?.gitSync?.enabled ?? false;
+        if (prev !== updateSpaceDto.gitSyncEnabled) {
+          before.gitSyncEnabled = prev;
+          after.gitSyncEnabled = updateSpaceDto.gitSyncEnabled;
+        }
+
+        await this.spaceRepo.updateGitSyncSettings(
+          updateSpaceDto.spaceId,
+          workspaceId,
+          'enabled',
+          updateSpaceDto.gitSyncEnabled,
+          trx,
+        );
+      }
+
+      if (typeof updateSpaceDto.autoMergeConflicts !== 'undefined') {
+        const prev = settingsBefore?.gitSync?.autoMergeConflicts ?? false;
+        if (prev !== updateSpaceDto.autoMergeConflicts) {
+          before.autoMergeConflicts = prev;
+          after.autoMergeConflicts = updateSpaceDto.autoMergeConflicts;
+        }
+
+        // Merges into the SAME `gitSync` jsonb object as `enabled` (the repo's
+        // jsonb-merge preserves sibling keys), so toggling one never clobbers the
+        // other.
+        await this.spaceRepo.updateGitSyncSettings(
+          updateSpaceDto.spaceId,
+          workspaceId,
+          'autoMergeConflicts',
+          updateSpaceDto.autoMergeConflicts,
+          trx,
+        );
+      }
+
       updatedSpace = await this.spaceRepo.updateSpace(
         {
           name: updateSpaceDto.name,

apps/server/src/database/repos/page/page.repo.spec.ts

@@ -0,0 +1,157 @@
+import {
+  Kysely,
+  CamelCasePlugin,
+  DummyDriver,
+  PostgresAdapter,
+  PostgresIntrospector,
+  PostgresQueryCompiler,
+  CompiledQuery,
+} from 'kysely';
+import { PageRepo } from './page.repo';
+import type { KyselyDB } from '../../types/kysely.types';
+
+/**
+ * SQL-builder unit test for the git-sync provenance stamp on PageRepo's
+ * soft-delete / restore paths (PR #119 review). Both `removePage` and
+ * `restorePage` take an optional `lastUpdatedSource` arg and conditionally fold
+ * it into the recursive-subtree `UPDATE pages SET ...` via
+ * `...(lastUpdatedSource ? { lastUpdatedSource } : {})`. The change-listener
+ * loop-guard reads `last_updated_source = 'git-sync'` to recognize git-sync's own
+ * writes and skip the echo cycle; this test guards that the stamp is present when
+ * the arg is supplied and ABSENT when it is omitted (an ordinary user delete must
+ * not clobber the column).
+ *
+ * Harness: the same compile-only Kysely/DummyDriver pattern as
+ * space.repo.spec.ts, plus the production `CamelCasePlugin` (so the compiled SQL
+ * carries the real snake_case column names, e.g. `last_updated_source`) and a
+ * thin driver that returns ONE fixed row for every query. The fixed row is what
+ * lets the repo's guard reads (root snapshot / recursive descendants / restore
+ * target) resolve non-empty so execution reaches the subtree UPDATE we assert on
+ * — a bare DummyDriver returns no rows and both methods short-circuit before the
+ * update. We never hit a real database; we capture each compiled statement via
+ * Kysely's `log` hook and inspect the `update "pages" set ...` SQL.
+ */
+describe('PageRepo — git-sync provenance on soft-delete / restore SQL', () => {
+  // A single row shaped to satisfy every column the repo reads off its guard
+  // queries. `parentPageId: null` keeps restorePage on the simple path (no
+  // parent-detach UPDATE), so the only `update "pages"` statement is the one we
+  // assert on.
+  const FIXED_ROW = {
+    id: 'p1',
+    slugId: 's1',
+    title: 'Doc',
+    icon: null,
+    position: 'a0',
+    spaceId: 'space-1',
+    parentPageId: null,
+    deletedAt: null,
+  };
+
+  class FixedRowDriver extends DummyDriver {
+    async acquireConnection(): Promise<any> {
+      return {
+        async executeQuery() {
+          return { rows: [{ ...FIXED_ROW }] };
+        },
+        // eslint-disable-next-line @typescript-eslint/no-empty-function
+        async *streamQuery() {},
+      };
+    }
+  }
+
+  interface Captured {
+    sql: string;
+    parameters: readonly unknown[];
+  }
+
+  // Compile-only Kysely on the Postgres dialect (CamelCasePlugin for real column
+  // names) whose `log` hook records every executed statement's compiled SQL.
+  function makeRepoCapturingSql() {
+    const captured: Captured[] = [];
+    const db = new Kysely<any>({
+      dialect: {
+        createAdapter: () => new PostgresAdapter(),
+        createDriver: () => new FixedRowDriver(),
+        createIntrospector: (d) => new PostgresIntrospector(d),
+        createQueryCompiler: () => new PostgresQueryCompiler(),
+      },
+      plugins: [new CamelCasePlugin()],
+      log: (event) => {
+        if (event.level === 'query') {
+          const q = event.query as CompiledQuery;
+          captured.push({ sql: q.sql, parameters: q.parameters });
+        }
+      },
+    });
+
+    const repo = new PageRepo(
+      db as unknown as KyselyDB,
+      {} as any,
+      { emit: jest.fn() } as any,
+    );
+    // Find the single subtree UPDATE on pages (collapse whitespace for matching).
+    const getUpdatePagesSql = (): Captured | undefined =>
+      captured
+        .map((c) => ({ ...c, sql: c.sql.replace(/\s+/g, ' ') }))
+        .find((c) => /update "pages" set/i.test(c.sql));
+    return { repo, getUpdatePagesSql };
+  }
+
+  describe('removePage', () => {
+    it("stamps last_updated_source = 'git-sync' on the subtree soft-delete when the provenance arg is supplied", async () => {
+      const { repo, getUpdatePagesSql } = makeRepoCapturingSql();
+
+      await repo.removePage('p1', 'user-1', 'ws-1', 'git-sync');
+
+      const update = getUpdatePagesSql();
+      expect(update).toBeDefined();
+      // The provenance column is in the UPDATE's SET clause...
+      expect(update!.sql).toContain('"last_updated_source" =');
+      // ...with the 'git-sync' marker as the bound value.
+      expect(update!.parameters).toContain('git-sync');
+      // Sanity: it is still the soft-delete UPDATE (sets deleted_at too).
+      expect(update!.sql).toContain('"deleted_at" =');
+    });
+
+    it('OMITS last_updated_source from the soft-delete when the provenance arg is undefined', async () => {
+      const { repo, getUpdatePagesSql } = makeRepoCapturingSql();
+
+      await repo.removePage('p1', 'user-1', 'ws-1');
+
+      const update = getUpdatePagesSql();
+      expect(update).toBeDefined();
+      // Ordinary user delete: the column must NOT be touched (keeps prior value).
+      expect(update!.sql).not.toContain('last_updated_source');
+      expect(update!.parameters).not.toContain('git-sync');
+      // It is still the soft-delete UPDATE.
+      expect(update!.sql).toContain('"deleted_at" =');
+    });
+  });
+
+  describe('restorePage', () => {
+    it("stamps last_updated_source = 'git-sync' on the subtree restore when the provenance arg is supplied", async () => {
+      const { repo, getUpdatePagesSql } = makeRepoCapturingSql();
+
+      await repo.restorePage('p1', 'ws-1', 'git-sync');
+
+      const update = getUpdatePagesSql();
+      expect(update).toBeDefined();
+      expect(update!.sql).toContain('"last_updated_source" =');
+      expect(update!.parameters).toContain('git-sync');
+      // Sanity: it is the restore UPDATE (clears deleted_at).
+      expect(update!.sql).toContain('"deleted_at" =');
+    });
+
+    it('OMITS last_updated_source from the restore when the provenance arg is undefined', async () => {
+      const { repo, getUpdatePagesSql } = makeRepoCapturingSql();
+
+      await repo.restorePage('p1', 'ws-1');
+
+      const update = getUpdatePagesSql();
+      expect(update).toBeDefined();
+      expect(update!.sql).not.toContain('last_updated_source');
+      expect(update!.parameters).not.toContain('git-sync');
+      expect(update!.sql).toContain('"deleted_at" =');
+    });
+  });
+});

apps/server/src/database/repos/page/page.repo.ts

@@ -297,6 +297,11 @@ export class PageRepo {
     pageId: string,
     deletedById: string,
     workspaceId: string,
+    // Optional provenance marker. When the soft-delete is driven by an automated
+    // data plane (e.g. git-sync), stamp `lastUpdatedSource` so the change-listener
+    // loop-guard recognizes it as its own write and does not schedule an echo
+    // cycle. Omitted for ordinary user deletes (column keeps its prior value).
+    lastUpdatedSource?: string,
   ): Promise<void> {
     const currentDate = new Date();
 
@@ -347,6 +352,7 @@ export class PageRepo {
           .set({
             deletedById: deletedById,
             deletedAt: currentDate,
+            ...(lastUpdatedSource ? { lastUpdatedSource } : {}),
           })
           .where('id', 'in', pageIds)
           .where('deletedAt', 'is', null)
@@ -377,7 +383,14 @@ export class PageRepo {
     }
   }
 
-  async restorePage(pageId: string, workspaceId: string): Promise<void> {
+  async restorePage(
+    pageId: string,
+    workspaceId: string,
+    // See removePage: stamp `lastUpdatedSource` for automated (git-sync) restores
+    // so the change-listener loop-guard skips the echo cycle. Omitted for
+    // ordinary user restores.
+    lastUpdatedSource?: string,
+  ): Promise<void> {
     // First, check if the page being restored has a deleted parent
     const pageToRestore = await this.db
       .selectFrom('pages')
@@ -425,7 +438,11 @@ export class PageRepo {
     // Restore all pages, but only detach the root page if its parent is deleted
     await this.db
       .updateTable('pages')
-      .set({ deletedById: null, deletedAt: null })
+      .set({
+        deletedById: null,
+        deletedAt: null,
+        ...(lastUpdatedSource ? { lastUpdatedSource } : {}),
+      })
       .where('id', 'in', pageIds)
       .execute();
 

apps/server/src/database/repos/space/space.repo.spec.ts

@@ -0,0 +1,141 @@
+import {
+  Kysely,
+  DummyDriver,
+  PostgresAdapter,
+  PostgresIntrospector,
+  PostgresQueryCompiler,
+  CompiledQuery,
+} from 'kysely';
+import { SpaceRepo } from './space.repo';
+import type { KyselyDB } from '../../types/kysely.types';
+
+/**
+ * SQL-builder unit test for the jsonb-merge invariant of
+ * SpaceRepo.updateGitSyncSettings (review comment #694 / test-strategy item #6).
+ *
+ * The merge is RAW SQL, so a behavioural test would need a live Postgres — which
+ * is intentionally out of scope here (the reviewer's own §13.3 was deferred for
+ * the same reason). Instead we follow the existing repo-spec convention
+ * (ai-agent-roles.repo.spec.ts) of NOT executing: we compile the query with a
+ * DummyDriver Postgres dialect and assert the generated SQL preserves sibling
+ * keys. The structural invariant the SQL must encode:
+ *
+ *   settings  := COALESCE(settings, '{}') || jsonb_build_object('gitSync', ...)
+ *   gitSync   := COALESCE(settings->'gitSync', '{}') || jsonb_build_object(key, value)
+ *
+ * The OUTER `||` merges into the existing top-level `settings`, so a sibling
+ * top-level key (e.g. `sharing`) is preserved. The INNER COALESCE merges into
+ * the existing `gitSync` object, so a sibling key inside gitSync (e.g. `other`)
+ * is preserved. A naive `set settings = jsonb_build_object('gitSync', ...)`
+ * would clobber both — this test guards exactly that regression.
+ */
+describe('SpaceRepo.updateGitSyncSettings — jsonb merge SQL', () => {
+  // A real Kysely on the Postgres dialect, but with a DummyDriver: it compiles
+  // queries to real Postgres SQL without ever opening a connection.
+  function makeCompileOnlyDb() {
+    return new Kysely<any>({
+      dialect: {
+        createAdapter: () => new PostgresAdapter(),
+        createDriver: () => new DummyDriver(),
+        createIntrospector: (db) => new PostgresIntrospector(db),
+        createQueryCompiler: () => new PostgresQueryCompiler(),
+      },
+    });
+  }
+
+  // Build the repo over the compile-only db. The repo terminates the query with
+  // `.executeTakeFirst()`, so we wrap every kysely builder in a Proxy: when the
+  // repo finally calls `executeTakeFirst`, we `.compile()` that same builder
+  // ourselves to capture the exact SQL it was about to run, then delegate.
+  function makeRepoCapturingSql() {
+    const db = makeCompileOnlyDb();
+    let captured: CompiledQuery | undefined;
+
+    // kysely builders are immutable — each .set()/.where()/.returningAll()
+    // returns a NEW builder — so re-wrap any chainable result.
+    const wrap = (b: any): any =>
+      new Proxy(b, {
+        get(target, prop, receiver) {
+          const value = Reflect.get(target, prop, receiver);
+          if (typeof value !== 'function') return value;
+          return (...callArgs: unknown[]) => {
+            // Capture the SQL at the terminal execute call.
+            if (
+              (prop === 'executeTakeFirst' || prop === 'execute') &&
+              typeof target.compile === 'function'
+            ) {
+              captured = target.compile();
+            }
+            const result = value.apply(target, callArgs);
+            if (
+              result &&
+              typeof result === 'object' &&
+              typeof (result as any).compile === 'function'
+            ) {
+              return wrap(result);
+            }
+            return result;
+          };
+        },
+      });
+
+    const originalUpdateTable = db.updateTable.bind(db);
+    jest
+      .spyOn(db, 'updateTable')
+      .mockImplementation((...args: Parameters<typeof originalUpdateTable>) =>
+        wrap(originalUpdateTable(...args)),
+      );
+
+    const repo = new SpaceRepo(db as unknown as KyselyDB, {} as any);
+    return { repo, getCaptured: () => captured };
+  }
+
+  it("compiles a jsonb merge that preserves sibling top-level and gitSync keys", async () => {
+    const { repo, getCaptured } = makeRepoCapturingSql();
+
+    // DummyDriver yields no rows; executeTakeFirst resolves to undefined. The
+    // SQL is fully compiled by then, which is all we assert.
+    await repo.updateGitSyncSettings('space-1', 'ws-1', 'enabled', true);
+
+    const compiled = getCaptured();
+    expect(compiled).toBeDefined();
+    // The raw SQL template carries newlines/indentation; collapse whitespace so
+    // the structural assertions are not coupled to source formatting.
+    const sql = compiled!.sql.replace(/\s+/g, ' ');
+
+    // OUTER merge into the existing settings object -> sibling top-level keys
+    // (e.g. `sharing`) survive (NOT a bare jsonb_build_object assignment).
+    expect(sql).toContain(`set "settings" = COALESCE(settings, '{}'::jsonb) ||`);
+    // INNER merge into the existing gitSync object -> sibling gitSync keys
+    // (e.g. `other`) survive.
+    expect(sql).toContain(
+      `jsonb_build_object('gitSync', COALESCE(settings->'gitSync', '{}'::jsonb) ||`,
+    );
+    // The pref key is set via jsonb_build_object on the inner object.
+    expect(sql).toContain(`jsonb_build_object('enabled',`);
+    // Scoped to the row + workspace.
+    expect(sql).toContain(`where "id" =`);
+    expect(sql).toContain(`and "workspaceId" =`);
+
+    // Sanity: this is NOT a clobbering assignment (no top-level
+    // `set "settings" = jsonb_build_object(` without the COALESCE/merge).
+    expect(sql).not.toContain(`set "settings" = jsonb_build_object(`);
+
+    // The pref VALUE is inlined via sql.lit (matches the repo's sql.lit usage);
+    // updatedAt + id + workspaceId are the only bound parameters (the jsonb
+    // merge text is all literal). updatedAt is a Date, so assert id/workspaceId.
+    expect(compiled!.parameters).toContain('space-1');
+    expect(compiled!.parameters).toContain('ws-1');
+  });
+
+  it('inlines the prefKey/prefValue literally (sql.raw key, sql.lit value)', async () => {
+    const { repo, getCaptured } = makeRepoCapturingSql();
+
+    await repo.updateGitSyncSettings('space-1', 'ws-1', 'enabled', false);
+
+    const sql = getCaptured()!.sql.replace(/\s+/g, ' ');
+    // key via sql.raw + value via sql.lit -> both appear literally in the
+    // inner build object (no bound parameter for either).
+    expect(sql).toContain(`jsonb_build_object('enabled', false)`);
+  });
+});

apps/server/src/database/repos/space/space.repo.ts

@@ -111,6 +111,28 @@ export class SpaceRepo {
       .executeTakeFirst();
   }
 
+  async updateGitSyncSettings(
+    spaceId: string,
+    workspaceId: string,
+    prefKey: string,
+    prefValue: string | boolean,
+    trx?: KyselyTransaction,
+  ) {
+    const db = dbOrTx(this.db, trx);
+    return db
+      .updateTable('spaces')
+      .set({
+        settings: sql`COALESCE(settings, '{}'::jsonb)
+          || jsonb_build_object('gitSync', COALESCE(settings->'gitSync', '{}'::jsonb)
+          || jsonb_build_object('${sql.raw(prefKey)}', ${sql.lit(prefValue)}))`,
+        updatedAt: new Date(),
+      })
+      .where('id', '=', spaceId)
+      .where('workspaceId', '=', workspaceId)
+      .returningAll()
+      .executeTakeFirst();
+  }
+
   async updateCommentSettings(
     spaceId: string,
     workspaceId: string,

apps/server/src/database/repos/workspace/workspace.repo.ts

@@ -20,7 +20,6 @@ import { DB, Workspaces } from '@docmost/db/types/db';
 export const AI_PROVIDER_SETTINGS_ALLOWED: readonly string[] = [
   'driver',
   'chatModel',
-  'chatContextWindow',
   'chatApiStyle',
   'embeddingModel',
   'baseUrl',

apps/server/src/integrations/ai/ai-provider-settings-keys.spec.ts

@@ -41,35 +41,3 @@ describe('UpdateAiSettingsDto.chatApiStyle', () => {
     expect(errs.find((e) => e.property === 'chatApiStyle')).toBeUndefined();
   });
 });
-
-/** DTO validation for the new chatContextWindow field (@IsInt @Min(0)). */
-describe('UpdateAiSettingsDto.chatContextWindow', () => {
-  const errorsFor = async (chatContextWindow: unknown) =>
-    validate(plainToInstance(UpdateAiSettingsDto, { chatContextWindow }));
-
-  it('accepts a non-negative integer (incl. 0 = clear the limit)', async () => {
-    for (const v of [0, 200000]) {
-      const errs = await errorsFor(v);
-      expect(
-        errs.find((e) => e.property === 'chatContextWindow'),
-      ).toBeUndefined();
-    }
-  });
-
-  it('rejects a negative value', async () => {
-    const errs = await errorsFor(-1);
-    expect(errs.find((e) => e.property === 'chatContextWindow')).toBeDefined();
-  });
-
-  it('rejects a non-integer value', async () => {
-    const errs = await errorsFor(1.5);
-    expect(errs.find((e) => e.property === 'chatContextWindow')).toBeDefined();
-  });
-
-  it('accepts the field being omitted (optional)', async () => {
-    const errs = await validate(plainToInstance(UpdateAiSettingsDto, {}));
-    expect(
-      errs.find((e) => e.property === 'chatContextWindow'),
-    ).toBeUndefined();
-  });
-});

apps/server/src/integrations/ai/ai-settings.service.spec.ts

@@ -1,43 +0,0 @@
-import { parsePositiveInt } from './ai-settings.service';
-
-/**
- * Round-trip coercion for numeric `::text` provider settings (e.g.
- * chatContextWindow). Values are stored as text and read back as strings, so
- * this guards the read path the DTO write-validation does not cover: a silent
- * loss of `Math.floor` or a `> 0` → `>= 0` drift would otherwise go unnoticed.
- */
-describe('parsePositiveInt', () => {
-  it('keeps a valid positive integer string', () => {
-    expect(parsePositiveInt('200000')).toBe(200000);
-  });
-
-  it('floors a fractional string', () => {
-    expect(parsePositiveInt('1.9')).toBe(1);
-    expect(parsePositiveInt('1.0')).toBe(1);
-  });
-
-  it('returns undefined for zero', () => {
-    expect(parsePositiveInt('0')).toBeUndefined();
-  });
-
-  it('returns undefined for a negative value', () => {
-    expect(parsePositiveInt('-5')).toBeUndefined();
-  });
-
-  it('returns undefined for an empty string', () => {
-    expect(parsePositiveInt('')).toBeUndefined();
-  });
-
-  it('returns undefined for a non-numeric string', () => {
-    expect(parsePositiveInt('abc')).toBeUndefined();
-  });
-
-  it('returns undefined for undefined / null', () => {
-    expect(parsePositiveInt(undefined)).toBeUndefined();
-    expect(parsePositiveInt(null)).toBeUndefined();
-  });
-
-  it('accepts a real number too (not only ::text strings)', () => {
-    expect(parsePositiveInt(42)).toBe(42);
-  });
-});

apps/server/src/integrations/ai/ai-settings.service.ts

@@ -18,18 +18,6 @@ import {
   PROVIDER_SETTINGS_KEYS,
 } from './ai.types';
 
-/**
- * Coerce a raw provider value (stored as `::text`, so it arrives as a string —
- * see workspace.repo.ts) into a positive integer, or `undefined` when it is not
- * a finite number greater than zero. Used for numeric `::text` settings such as
- * `chatContextWindow`. Fractions are floored: `"1.9" → 1`, `"0"`/`"-5"`/`""`/
- * `"abc"`/`undefined` → `undefined`.
- */
-export function parsePositiveInt(raw: unknown): number | undefined {
-  const n = Number(raw);
-  return Number.isFinite(n) && n > 0 ? Math.floor(n) : undefined;
-}
-
 /**
  * Shape of the partial update accepted by `update`. Mirrors the validated
  * controller DTO. `apiKey` / `embeddingApiKey` are write-only: undefined =
@@ -38,8 +26,6 @@ export function parsePositiveInt(raw: unknown): number | undefined {
 export interface UpdateAiSettingsInput {
   driver?: AiDriver;
   chatModel?: string;
-  // Max context window in tokens for the chat header badge. 0/empty = no limit.
-  chatContextWindow?: number;
   chatApiStyle?: ChatApiStyle;
   embeddingModel?: string;
   baseUrl?: string;
@@ -174,9 +160,6 @@ export class AiSettingsService {
     const config: ResolvedAiConfig = {
       driver: provider.driver,
       chatModel: provider.chatModel,
-      // Max context window for the chat header badge denominator. Stored as
-      // ::text; 0/unset/invalid = no limit (undefined).
-      chatContextWindow: parsePositiveInt(provider.chatContextWindow),
       // Plain passthrough; getChatModel defaults unset to 'openai-compatible'.
       chatApiStyle: provider.chatApiStyle,
       // Cheap model id for the anonymous public-share assistant; reuses the chat
@@ -236,10 +219,6 @@ export class AiSettingsService {
   async getMasked(workspaceId: string): Promise<MaskedAiSettings> {
     const provider = await this.readProvider(workspaceId);
 
-    // Stored as ::text; coerce to a positive integer (or undefined) so the
-    // client receives a real number.
-    const chatContextWindow = parsePositiveInt(provider.chatContextWindow);
-
     let hasApiKey = false;
     let hasEmbeddingApiKey = false;
     let hasSttApiKey = false;
@@ -264,7 +243,6 @@ export class AiSettingsService {
     return {
       driver: provider.driver,
       chatModel: provider.chatModel,
-      chatContextWindow,
       chatApiStyle: provider.chatApiStyle,
       embeddingModel: provider.embeddingModel,
       baseUrl: provider.baseUrl,

apps/server/src/integrations/ai/ai.types.ts

@@ -32,9 +32,6 @@ export const CHAT_API_STYLES: ChatApiStyle[] = ['openai-compatible', 'openai'];
 export interface AiProviderSettings {
   driver: AiDriver;
   chatModel: string;
-  // Max context window in tokens; surfaced to the chat header badge as the
-  // denominator ("current / max"). 0/unset = no limit (badge shows no denominator).
-  chatContextWindow?: number;
   // Chat provider implementation for the `openai` driver. Unset → defaults to
   // 'openai-compatible' (so reasoning is surfaced by default). See ChatApiStyle.
   chatApiStyle?: ChatApiStyle;
@@ -75,7 +72,6 @@ export interface AiProviderSettings {
 export const PROVIDER_SETTINGS_KEYS = [
   'driver',
   'chatModel',
-  'chatContextWindow',
   'chatApiStyle',
   'embeddingModel',
   'baseUrl',
@@ -102,9 +98,6 @@ export const PROVIDER_SETTINGS_KEYS = [
 export interface ResolvedAiConfig extends Partial<AiProviderSettings> {
   driver?: AiDriver;
   chatModel?: string;
-  // Max context window in tokens; surfaced to the chat header badge as the
-  // "current / max" denominator. 0/unset = no limit.
-  chatContextWindow?: number;
   // Cheap model id for the public-share assistant; reuses the chat creds.
   publicShareChatModel?: string;
   // Agent-role id whose persona the public-share assistant adopts (empty/unset
@@ -123,9 +116,6 @@ export interface ResolvedAiConfig extends Partial<AiProviderSettings> {
 export interface MaskedAiSettings {
   driver?: AiDriver;
   chatModel?: string;
-  // Max context window in tokens; the chat header badge denominator. 0/unset =
-  // no limit.
-  chatContextWindow?: number;
   chatApiStyle?: ChatApiStyle;
   embeddingModel?: string;
   baseUrl?: string;

apps/server/src/integrations/ai/dto/update-ai-settings.dto.ts

@@ -1,4 +1,4 @@
-import { IsIn, IsInt, IsOptional, IsString, Min } from 'class-validator';
+import { IsIn, IsOptional, IsString } from 'class-validator';
 import {
   AI_DRIVERS,
   AiDriver,
@@ -25,13 +25,6 @@ export class UpdateAiSettingsDto {
   @IsString()
   chatModel?: string;
 
-  // Max context window in tokens shown in the chat header badge. 0/empty =
-  // clear the limit (no denominator shown).
-  @IsOptional()
-  @IsInt()
-  @Min(0)
-  chatContextWindow?: number;
-
   @IsOptional()
   @IsIn(CHAT_API_STYLES)
   chatApiStyle?: ChatApiStyle;

apps/server/src/integrations/environment/environment.service.spec.ts

@@ -14,4 +14,112 @@ describe('EnvironmentService', () => {
   it('should be defined', () => {
     expect(service).toBeDefined();
   });
+
+  describe('getGitSyncPollIntervalMs', () => {
+    const withEnv = (value?: string) =>
+      new EnvironmentService({
+        get: (_key: string, fallback?: string) => value ?? fallback,
+      } as any);
+
+    it('defaults to 15000 when unset', () => {
+      expect(withEnv().getGitSyncPollIntervalMs()).toBe(15000);
+    });
+
+    it('parses a valid positive int', () => {
+      expect(withEnv('30000').getGitSyncPollIntervalMs()).toBe(30000);
+    });
+
+    it('falls back to 15000 for non-positive or unparseable values', () => {
+      expect(withEnv('0').getGitSyncPollIntervalMs()).toBe(15000);
+      expect(withEnv('-100').getGitSyncPollIntervalMs()).toBe(15000);
+      expect(withEnv('not-a-number').getGitSyncPollIntervalMs()).toBe(15000);
+    });
+  });
+
+  describe('getGitSyncDebounceMs', () => {
+    const withEnv = (value?: string) =>
+      new EnvironmentService({
+        get: (_key: string, fallback?: string) => value ?? fallback,
+      } as any);
+
+    it('defaults to 2000 when unset', () => {
+      expect(withEnv().getGitSyncDebounceMs()).toBe(2000);
+    });
+
+    it('parses a valid positive int', () => {
+      expect(withEnv('500').getGitSyncDebounceMs()).toBe(500);
+    });
+
+    it('falls back to 2000 for non-positive or unparseable values', () => {
+      expect(withEnv('0').getGitSyncDebounceMs()).toBe(2000);
+      expect(withEnv('-5').getGitSyncDebounceMs()).toBe(2000);
+      expect(withEnv('not-a-number').getGitSyncDebounceMs()).toBe(2000);
+    });
+  });
+
+  // getGitSyncDataDir reads two distinct keys (GIT_SYNC_DATA_DIR and DATA_DIR),
+  // so this builder maps each key to a supplied value (and honours the fallback
+  // the getter passes for DATA_DIR's `|| './data'`).
+  describe('getGitSyncDataDir', () => {
+    const withEnv = (values: Record<string, string | undefined>) =>
+      new EnvironmentService({
+        get: (key: string, fallback?: string) => values[key] ?? fallback,
+      } as any);
+
+    it("defaults to './data/git-sync' when neither key is set", () => {
+      expect(withEnv({}).getGitSyncDataDir()).toBe('./data/git-sync');
+    });
+
+    it('derives from DATA_DIR with the /git-sync suffix', () => {
+      expect(
+        withEnv({ DATA_DIR: '/var/lib/docmost' }).getGitSyncDataDir(),
+      ).toBe('/var/lib/docmost/git-sync');
+    });
+
+    it('strips trailing slashes from DATA_DIR before appending', () => {
+      expect(
+        withEnv({ DATA_DIR: '/var/lib/docmost///' }).getGitSyncDataDir(),
+      ).toBe('/var/lib/docmost/git-sync');
+    });
+
+    it('lets an explicit GIT_SYNC_DATA_DIR override the DATA_DIR derivation', () => {
+      expect(
+        withEnv({
+          GIT_SYNC_DATA_DIR: '/custom/vault',
+          DATA_DIR: '/var/lib/docmost',
+        }).getGitSyncDataDir(),
+      ).toBe('/custom/vault');
+    });
+
+    it('returns the explicit override verbatim (no /git-sync suffix, no slash strip)', () => {
+      expect(
+        withEnv({ GIT_SYNC_DATA_DIR: '/custom/vault/' }).getGitSyncDataDir(),
+      ).toBe('/custom/vault/');
+    });
+  });
+
+  // isGitSyncEnabled is the `.toLowerCase() === 'true'` contract: only a
+  // case-insensitive "true" enables it; everything else (unset, "false",
+  // garbage) is false.
+  describe('isGitSyncEnabled', () => {
+    const withEnv = (value?: string) =>
+      new EnvironmentService({
+        get: (_key: string, fallback?: string) => value ?? fallback,
+      } as any);
+
+    it('is true for "true" and "TRUE" (case-insensitive)', () => {
+      expect(withEnv('true').isGitSyncEnabled()).toBe(true);
+      expect(withEnv('TRUE').isGitSyncEnabled()).toBe(true);
+    });
+
+    it('is false when unset (defaults to "false")', () => {
+      expect(withEnv().isGitSyncEnabled()).toBe(false);
+    });
+
+    it('is false for "false" and garbage values', () => {
+      expect(withEnv('false').isGitSyncEnabled()).toBe(false);
+      expect(withEnv('maybe').isGitSyncEnabled()).toBe(false);
+      expect(withEnv('1').isGitSyncEnabled()).toBe(false);
+    });
+  });
 });

apps/server/src/integrations/environment/environment.service.ts

@@ -320,4 +320,96 @@ export class EnvironmentService {
       .map((o) => o.trim())
       .filter(Boolean);
   }
+
+  // --- git-sync (issue #194 §7.2) -------------------------------------------------
+
+  /** Global master switch for the git-sync control plane (default false). */
+  isGitSyncEnabled(): boolean {
+    return (
+      this.configService.get<string>('GIT_SYNC_ENABLED', 'false').toLowerCase() ===
+      'true'
+    );
+  }
+
+  /**
+   * Whether gitmost serves the per-space vaults over smart-HTTP (the /git host).
+   * When GIT_SYNC_HTTP_ENABLED is UNSET it DEFAULTS to isGitSyncEnabled() — so
+   * enabling sync also enables the host unless explicitly disabled. When set, it
+   * is honored verbatim ('true' -> on, anything else -> off).
+   */
+  isGitSyncHttpEnabled(): boolean {
+    const raw = this.configService.get<string>('GIT_SYNC_HTTP_ENABLED');
+    if (raw === undefined) return this.isGitSyncEnabled();
+    return raw.toLowerCase() === 'true';
+  }
+
+  /**
+   * Root directory holding the per-space vault repos. Defaults to
+   * `<DATA_DIR or ./data>/git-sync`. `DATA_DIR` is read directly (no dedicated
+   * getter exists in this codebase) so the vault root tracks the data volume.
+   */
+  getGitSyncDataDir(): string {
+    const explicit = this.configService.get<string>('GIT_SYNC_DATA_DIR');
+    if (explicit) return explicit;
+    const dataDir = this.configService.get<string>('DATA_DIR') || './data';
+    return `${dataDir.replace(/\/+$/, '')}/git-sync`;
+  }
+
+  /** Optional remote template, e.g. `git@host:vault-{spaceId}.git`. */
+  getGitSyncRemoteTemplate(): string | undefined {
+    return this.configService.get<string>('GIT_SYNC_REMOTE_TEMPLATE');
+  }
+
+  /**
+   * Poll-safety interval in ms (default 15000). A NaN / non-positive value falls
+   * back to the default so a bad override can never disable or zero the poll loop.
+   */
+  getGitSyncPollIntervalMs(): number {
+    const parsed = parseInt(
+      this.configService.get<string>('GIT_SYNC_POLL_INTERVAL_MS', '15000'),
+      10,
+    );
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : 15000;
+  }
+
+  /**
+   * Spawned `git http-backend` watchdog timeout in ms (default 120000). Bounds a
+   * single smart-HTTP request so a stalled `git-receive-pack` cannot hold the
+   * per-space lock forever (the child is killed and a 500 sent on expiry). A NaN /
+   * non-positive value falls back to the default so a bad override can never
+   * disable the watchdog.
+   */
+  getGitSyncBackendTimeoutMs(): number {
+    const v = parseInt(
+      this.configService.get<string>('GIT_SYNC_BACKEND_TIMEOUT_MS', '120000'),
+      10,
+    );
+    return Number.isFinite(v) && v > 0 ? v : 120000;
+  }
+
+  /**
+   * Event debounce window in ms (default 2000). A NaN / non-positive value falls
+   * back to the default so a bad override can never disable the debounce.
+   */
+  getGitSyncDebounceMs(): number {
+    const parsed = parseInt(
+      this.configService.get<string>('GIT_SYNC_DEBOUNCE_MS', '2000'),
+      10,
+    );
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : 2000;
+  }
+
+
+  /**
+   * The service user id git-sync writes are attributed to. Required when sync is
+   * enabled (validated in environment.validation.ts); optional otherwise.
+   */
+  getGitSyncServiceUserId(): string | undefined {
+    return this.configService.get<string>('GIT_SYNC_SERVICE_USER_ID');
+  }
+
+  /** Optional path to the SSH key used for git remote access. */
+  getGitSyncSshKeyPath(): string | undefined {
+    return this.configService.get<string>('GIT_SYNC_SSH_KEY_PATH');
+  }
 }

apps/server/src/integrations/environment/environment.validation.spec.ts

@@ -0,0 +1,74 @@
+import { plainToInstance } from 'class-transformer';
+import { validateSync } from 'class-validator';
+import { EnvironmentVariables } from './environment.validation';
+
+/**
+ * Validation-layer coverage for the git-sync env contract (test-strategy Module
+ * 4 / item #4). We drive the decorated class with `validateSync` directly — the
+ * exported `validate()` helper calls `process.exit(1)` on failure and so cannot
+ * be asserted in-process. We only assert the git-sync rules, providing the
+ * minimal always-required fields so unrelated validators do not add noise.
+ */
+describe('EnvironmentVariables — git-sync validation', () => {
+  // A baseline config that satisfies the unconditionally-required fields
+  // (DATABASE_URL, REDIS_URL, APP_SECRET) so the only errors we ever see come
+  // from the git-sync rules under test.
+  const baseConfig = {
+    DATABASE_URL: 'postgres://user:pass@localhost:5432/docmost',
+    REDIS_URL: 'redis://localhost:6379',
+    APP_SECRET: 'x'.repeat(32),
+  };
+
+  const validate = (extra: Record<string, unknown>) => {
+    const instance = plainToInstance(EnvironmentVariables, {
+      ...baseConfig,
+      ...extra,
+    });
+    return validateSync(instance);
+  };
+
+  const errorFor = (errors: ReturnType<typeof validateSync>, property: string) =>
+    errors.find((e) => e.property === property);
+
+  it('flags GIT_SYNC_SERVICE_USER_ID when GIT_SYNC_ENABLED="true" and the id is absent', () => {
+    const errors = validate({ GIT_SYNC_ENABLED: 'true' });
+
+    const err = errorFor(errors, 'GIT_SYNC_SERVICE_USER_ID');
+    expect(err).toBeDefined();
+    // @IsNotEmpty is the failing constraint (sync is on but no attributable
+    // author was configured).
+    expect(err?.constraints).toHaveProperty('isNotEmpty');
+  });
+
+  it('accepts GIT_SYNC_ENABLED="true" once GIT_SYNC_SERVICE_USER_ID is present', () => {
+    const errors = validate({
+      GIT_SYNC_ENABLED: 'true',
+      GIT_SYNC_SERVICE_USER_ID: 'service-user-1',
+    });
+
+    expect(errorFor(errors, 'GIT_SYNC_SERVICE_USER_ID')).toBeUndefined();
+  });
+
+  it('does not require the service user id when git-sync is disabled (unset)', () => {
+    const errors = validate({});
+
+    // The @ValidateIf gate (GIT_SYNC_ENABLED === "true") is not met, so the
+    // required-if-enabled rule is skipped entirely.
+    expect(errorFor(errors, 'GIT_SYNC_SERVICE_USER_ID')).toBeUndefined();
+  });
+
+  it('does not require the service user id when git-sync is explicitly "false"', () => {
+    const errors = validate({ GIT_SYNC_ENABLED: 'false' });
+
+    expect(errorFor(errors, 'GIT_SYNC_SERVICE_USER_ID')).toBeUndefined();
+    expect(errorFor(errors, 'GIT_SYNC_ENABLED')).toBeUndefined();
+  });
+
+  it('rejects a GIT_SYNC_ENABLED value outside the {true,false} set via @IsIn', () => {
+    const errors = validate({ GIT_SYNC_ENABLED: 'maybe' });
+
+    const err = errorFor(errors, 'GIT_SYNC_ENABLED');
+    expect(err).toBeDefined();
+    expect(err?.constraints).toHaveProperty('isIn');
+  });
+});

apps/server/src/integrations/environment/environment.validation.ts

@@ -170,6 +170,56 @@ export class EnvironmentVariables {
     },
   )
   CLICKHOUSE_URL: string;
+
+  // --- git-sync (issue #194 §7.2) — all OPTIONAL. The master switch defaults off; a
+  // required-if-enabled service user id is validated only when sync is on. ---
+
+  @IsOptional()
+  @IsIn(['true', 'false'])
+  @IsString()
+  GIT_SYNC_ENABLED: string;
+
+  // Whether to serve the per-space vaults over smart-HTTP (the /git host).
+  // When unset, defaults to GIT_SYNC_ENABLED (see isGitSyncHttpEnabled).
+  @IsOptional()
+  @IsIn(['true', 'false'])
+  @IsString()
+  GIT_SYNC_HTTP_ENABLED: string;
+
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_DATA_DIR: string;
+
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_REMOTE_TEMPLATE: string;
+
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_POLL_INTERVAL_MS: string;
+
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_DEBOUNCE_MS: string;
+
+  // Watchdog timeout (ms) for the spawned `git http-backend` process (default
+  // 120000): a stalled receive-pack is killed so it cannot hold the per-space
+  // lock forever. Optional int (validated as a string env).
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_BACKEND_TIMEOUT_MS: string;
+
+
+  // Required when git-sync is enabled: the service user create/move/rename/delete
+  // are attributed to (issue #194 §7.2). Optional otherwise.
+  @ValidateIf((obj) => obj.GIT_SYNC_ENABLED === 'true')
+  @IsNotEmpty()
+  @IsString()
+  GIT_SYNC_SERVICE_USER_ID: string;
+
+  @IsOptional()
+  @IsString()
+  GIT_SYNC_SSH_KEY_PATH: string;
 }
 
 export function validate(config: Record<string, any>) {

apps/server/src/integrations/git-sync/git-sync.constants.ts

@@ -0,0 +1,41 @@
+/**
+ * Git-sync control-plane constants.
+ *
+ * Event/job names are REUSED from the shared event contract (event.contants.ts)
+ * so the listener subscribes to the exact names the rest of the server emits —
+ * never a string literal that could drift. The Redis lock-key prefix + TTLs back
+ * the single-writer leader lock (§9); the debounce default backs the per-space
+ * event coalescing (§10).
+ */
+import { EventName } from '../../common/events/event.contants';
+
+/**
+ * The page lifecycle events the git-sync listener reacts to. A change
+ * to any of these in an enabled space schedules a debounced sync cycle.
+ *   - PAGE_CREATED / PAGE_UPDATED / PAGE_MOVED — structural + content edits;
+ *   - PAGE_SOFT_DELETED / PAGE_RESTORED — Trash transitions (deletes are soft);
+ *   - PAGE_MOVED_TO_SPACE — cross-space move (cross-repo).
+ *
+ * NOTE: body edits arrive via PAGE_UPDATED (emitted from persistence.extension),
+ * NOT via EventName.PAGE_CONTENT_UPDATED — that name is a BullMQ queue-job name,
+ * not an EventEmitter2 event, so @OnEvent would never fire for it.
+ */
+export const GIT_SYNC_PAGE_EVENTS = [
+  EventName.PAGE_CREATED,
+  EventName.PAGE_UPDATED,
+  EventName.PAGE_MOVED,
+  EventName.PAGE_MOVED_TO_SPACE,
+  EventName.PAGE_SOFT_DELETED,
+  EventName.PAGE_RESTORED,
+] as const;
+
+/** Redis key prefix for the per-space leader lock. */
+export const GIT_SYNC_LOCK_PREFIX = 'git-sync:lock:';
+
+/**
+ * Leader-lock TTL (ms). Must exceed the maximum expected cycle duration so the
+ * lock is not lost mid-cycle; on a crash it expires on its own. The
+ * in-process mutex (orchestrator) prevents overlapping cycles on one instance,
+ * and the Redis lock prevents two instances racing the same space.
+ */
+export const GIT_SYNC_LOCK_TTL_MS = 5 * 60 * 1000;

apps/server/src/integrations/git-sync/git-sync.controller.spec.ts

@@ -0,0 +1,115 @@
+// Unit tests for the ops/testing controller. The orchestrator, env,
+// and the workspace-ability factory are hand-built mocks. We assert the admin
+// guard (non-admin -> ForbiddenException, no orchestrator call), that trigger
+// uses the workspace from request context (never the body), and that status
+// returns the env-derived object.
+import { ForbiddenException } from '@nestjs/common';
+import {
+  WorkspaceCaslAction,
+  WorkspaceCaslSubject,
+} from '../../core/casl/interfaces/workspace-ability.type';
+import { GitSyncController } from './git-sync.controller';
+
+type AnyMock = jest.Mock;
+
+interface Built {
+  controller: GitSyncController;
+  orchestrator: { runOnce: AnyMock };
+  env: Record<string, AnyMock>;
+  workspaceAbility: { createForUser: AnyMock };
+  ability: { cannot: AnyMock };
+}
+
+function build(opts: { cannot?: boolean } = {}): Built {
+  const { cannot = false } = opts;
+  const ability = { cannot: jest.fn(() => cannot) };
+  const workspaceAbility = { createForUser: jest.fn(() => ability) };
+
+  const orchestrator = {
+    runOnce: jest.fn(async () => ({ spaceId: 'space-1', ran: true })),
+  };
+  const env: Record<string, AnyMock> = {
+    isGitSyncEnabled: jest.fn(() => true),
+    getGitSyncDataDir: jest.fn(() => '/vaults'),
+    getGitSyncPollIntervalMs: jest.fn(() => 15000),
+    getGitSyncDebounceMs: jest.fn(() => 2000),
+    getGitSyncServiceUserId: jest.fn(() => 'svc-user'),
+  };
+
+  const controller = new GitSyncController(
+    orchestrator as any,
+    env as any,
+    workspaceAbility as any,
+  );
+  return { controller, orchestrator, env, workspaceAbility, ability };
+}
+
+const USER = { id: 'user-1' } as any;
+const WORKSPACE = { id: 'ctx-ws' } as any;
+
+beforeEach(() => {
+  jest.clearAllMocks();
+});
+
+describe('GitSyncController', () => {
+  describe('trigger', () => {
+    it('blocks a non-admin: throws ForbiddenException and never calls runOnce', async () => {
+      const { controller, orchestrator, ability } = build({ cannot: true });
+
+      await expect(
+        controller.trigger({ spaceId: 'space-1' } as any, USER, WORKSPACE),
+      ).rejects.toBeInstanceOf(ForbiddenException);
+
+      expect(ability.cannot).toHaveBeenCalledWith(
+        WorkspaceCaslAction.Manage,
+        WorkspaceCaslSubject.Settings,
+      );
+      expect(orchestrator.runOnce).not.toHaveBeenCalled();
+    });
+
+    it('admin: calls runOnce(dto.spaceId, workspace.id) using the workspace from context', async () => {
+      const { controller, orchestrator } = build({ cannot: false });
+
+      // The body carries an attacker-controlled workspaceId that must be ignored.
+      const res = await controller.trigger(
+        { spaceId: 'space-1', workspaceId: 'evil-ws' } as any,
+        USER,
+        WORKSPACE,
+      );
+
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('space-1', 'ctx-ws');
+      expect(res).toEqual({ spaceId: 'space-1', ran: true });
+    });
+  });
+
+  describe('status', () => {
+    it('blocks a non-admin: throws ForbiddenException and never reads env', async () => {
+      const { controller, env, ability } = build({ cannot: true });
+
+      await expect(controller.status(USER, WORKSPACE)).rejects.toBeInstanceOf(
+        ForbiddenException,
+      );
+
+      expect(ability.cannot).toHaveBeenCalledWith(
+        WorkspaceCaslAction.Manage,
+        WorkspaceCaslSubject.Settings,
+      );
+      // The admin guard short-circuits before the env-derived status is built.
+      expect(env.isGitSyncEnabled).not.toHaveBeenCalled();
+    });
+
+    it('admin: returns the env-derived status object', async () => {
+      const { controller } = build({ cannot: false });
+
+      const res = await controller.status(USER, WORKSPACE);
+
+      expect(res).toEqual({
+        enabled: true,
+        dataDir: '/vaults',
+        pollIntervalMs: 15000,
+        debounceMs: 2000,
+        serviceUserConfigured: true,
+      });
+    });
+  });
+});

apps/server/src/integrations/git-sync/git-sync.controller.ts

@@ -0,0 +1,97 @@
+import {
+  Body,
+  Controller,
+  ForbiddenException,
+  HttpCode,
+  HttpStatus,
+  Post,
+  Get,
+  UseGuards,
+} from '@nestjs/common';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { AuthUser } from '../../common/decorators/auth-user.decorator';
+import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
+import { User, Workspace } from '@docmost/db/types/entity.types';
+import WorkspaceAbilityFactory from '../../core/casl/abilities/workspace-ability.factory';
+import {
+  WorkspaceCaslAction,
+  WorkspaceCaslSubject,
+} from '../../core/casl/interfaces/workspace-ability.type';
+import { EnvironmentService } from '../environment/environment.service';
+import { IsUUID } from 'class-validator';
+import {
+  GitSyncOrchestrator,
+  GitSyncRunStatus,
+} from './services/git-sync.orchestrator';
+
+/** Body for the manual one-shot trigger. */
+class TriggerGitSyncDto {
+  // The global ValidationPipe runs with whitelist:true, which STRIPS any field
+  // lacking a validation decorator — without this @IsUUID the spaceId would be
+  // dropped and arrive as undefined.
+  @IsUUID()
+  spaceId: string;
+}
+
+/**
+ * Ops/testing endpoints for the git-sync control plane. Admin-guarded
+ * (workspace Manage/Settings, mirroring WorkspaceController) so only workspace
+ * admins can force a cycle. Mounted under the global `/api` prefix:
+ *   - POST /api/git-sync/trigger { spaceId } — run one cycle now (await result),
+ *   - GET  /api/git-sync/status — report whether sync is enabled + config.
+ */
+@UseGuards(JwtAuthGuard)
+@Controller('git-sync')
+export class GitSyncController {
+  constructor(
+    private readonly orchestrator: GitSyncOrchestrator,
+    private readonly environmentService: EnvironmentService,
+    private readonly workspaceAbility: WorkspaceAbilityFactory,
+  ) {}
+
+  /** Throw unless the caller is a workspace admin (Manage Settings). */
+  private assertAdmin(user: User, workspace: Workspace): void {
+    const ability = this.workspaceAbility.createForUser(user, workspace);
+    if (
+      ability.cannot(WorkspaceCaslAction.Manage, WorkspaceCaslSubject.Settings)
+    ) {
+      throw new ForbiddenException();
+    }
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('trigger')
+  async trigger(
+    @Body() dto: TriggerGitSyncDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ): Promise<GitSyncRunStatus> {
+    this.assertAdmin(user, workspace);
+    // Use the workspace from the request context (never client-supplied).
+    return this.orchestrator.runOnce(dto.spaceId, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Get('status')
+  async status(
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ): Promise<{
+    enabled: boolean;
+    dataDir: string;
+    pollIntervalMs: number;
+    debounceMs: number;
+    serviceUserConfigured: boolean;
+  }> {
+    this.assertAdmin(user, workspace);
+    return {
+      enabled: this.environmentService.isGitSyncEnabled(),
+      dataDir: this.environmentService.getGitSyncDataDir(),
+      pollIntervalMs: this.environmentService.getGitSyncPollIntervalMs(),
+      debounceMs: this.environmentService.getGitSyncDebounceMs(),
+      serviceUserConfigured: Boolean(
+        this.environmentService.getGitSyncServiceUserId(),
+      ),
+    };
+  }
+}

apps/server/src/integrations/git-sync/git-sync.loader.ts

@@ -0,0 +1,59 @@
+import { pathToFileURL } from 'node:url';
+import type {
+  VaultGit as VaultGitClass,
+  vaultGitEnv as vaultGitEnvFn,
+  runCycle as runCycleFn,
+  parseDocmostMarkdown as parseDocmostMarkdownFn,
+  markdownToProseMirror as markdownToProseMirrorFn,
+} from '@docmost/git-sync';
+
+/**
+ * Runtime value-export surface of the ESM-only `@docmost/git-sync` package that
+ * the server consumes. Types are imported with `import type` (erased at compile,
+ * no runtime require); only the VALUE exports below need the dynamic-load
+ * treatment so a CJS `require()` of the ESM package never happens.
+ */
+interface GitSyncModule {
+  VaultGit: typeof VaultGitClass;
+  vaultGitEnv: typeof vaultGitEnvFn;
+  runCycle: typeof runCycleFn;
+  parseDocmostMarkdown: typeof parseDocmostMarkdownFn;
+  markdownToProseMirror: typeof markdownToProseMirrorFn;
+}
+
+// TS with module:commonjs downlevels a literal `import()` to `require()`, which
+// cannot load the ESM-only `@docmost/git-sync` package. Indirect through
+// Function so the real dynamic `import()` survives compilation and can load ESM
+// from CommonJS at runtime (same trick as
+// apps/server/src/core/ai-chat/tools/docmost-client.loader.ts and
+// integrations/mcp/mcp.service.ts).
+const esmImport = new Function(
+  'specifier',
+  'return import(specifier)',
+) as (specifier: string) => Promise<unknown>;
+
+// Memoize the in-flight/loaded module so the dynamic import runs at most once.
+let modulePromise: Promise<GitSyncModule> | null = null;
+
+/**
+ * Lazily load the ESM-only `@docmost/git-sync` package (cached). Resolves the
+ * package entry to an absolute path, then imports it as a `file://` URL so the
+ * package "exports" map is honoured without bare-specifier resolution-base
+ * fragility.
+ */
+export async function loadGitSync(): Promise<GitSyncModule> {
+  if (!modulePromise) {
+    modulePromise = (async () => {
+      const entry = require.resolve('@docmost/git-sync');
+      const mod = (await esmImport(
+        pathToFileURL(entry).href,
+      )) as GitSyncModule;
+      return mod;
+    })().catch((err) => {
+      // Do not cache a rejected import — allow the next call to retry.
+      modulePromise = null;
+      throw err;
+    });
+  }
+  return modulePromise;
+}

apps/server/src/integrations/git-sync/git-sync.module.ts

@@ -0,0 +1,62 @@
+import { Module } from '@nestjs/common';
+import { ScheduleModule } from '@nestjs/schedule';
+import { DatabaseModule } from '@docmost/db/database.module';
+import { EnvironmentModule } from '../environment/environment.module';
+import { CollaborationModule } from '../../collaboration/collaboration.module';
+import { PageModule } from '../../core/page/page.module';
+import { AuthModule } from '../../core/auth/auth.module';
+import { GitmostDataSourceService } from './services/gitmost-datasource.service';
+import { GitSyncOrchestrator } from './services/git-sync.orchestrator';
+import { SpaceLockService } from './services/space-lock.service';
+import { VaultRegistryService } from './services/vault-registry.service';
+import { PageChangeListener } from './listeners/page-change.listener';
+import { GitSyncController } from './git-sync.controller';
+import { GitHttpBackendService } from './http/git-http-backend.service';
+import { GitHttpService } from './http/git-http.service';
+
+/**
+ * The git-sync control plane. Wires the native datasource, the
+ * orchestrator (poll + leader-lock), the per-space vault registry, the
+ * event-driven listener, and the admin trigger controller.
+ *
+ * Imports:
+ *   - DatabaseModule (global) — PageRepo / SpaceRepo / KyselyDB for the
+ *     datasource + orchestrator queries;
+ *   - EnvironmentModule (global) — EnvironmentService config;
+ *   - CollaborationModule — exports CollaborationGateway for native body writes;
+ *   - PageModule — exports PageService for structural mutations;
+ *   - ScheduleModule (NOT forRoot) — so SchedulerRegistry is injectable (the
+ *     orchestrator registers a DYNAMIC poll interval in onModuleInit). forRoot()
+ *     is already registered globally by TelemetryModule; importing the plain
+ *     module here avoids a duplicate scheduler registration.
+ *
+ * RedisService is provided by the global RedisModule (app.module) and CASL's
+ * WorkspaceAbilityFactory by the global CaslModule — both resolve without an
+ * explicit import here.
+ */
+@Module({
+  imports: [
+    DatabaseModule,
+    EnvironmentModule,
+    CollaborationModule,
+    PageModule,
+    // AuthModule exports AuthService (verifyUserCredentials for /git HTTP Basic).
+    AuthModule,
+    ScheduleModule,
+  ],
+  controllers: [GitSyncController],
+  providers: [
+    GitmostDataSourceService,
+    GitSyncOrchestrator,
+    SpaceLockService,
+    VaultRegistryService,
+    PageChangeListener,
+    // /git smart-HTTP host (the raw Fastify route in main.ts resolves these).
+    GitHttpBackendService,
+    GitHttpService,
+  ],
+  // Exported so the raw Fastify route registered in main.ts can resolve the
+  // handler from the Nest container (app.get(GitHttpService)).
+  exports: [GitHttpService],
+})
+export class GitSyncModule {}

apps/server/src/integrations/git-sync/http/git-http-backend.service.spec.ts

@@ -0,0 +1,375 @@
+// Unit tests for the pure CGI-response helpers used by GitHttpBackendService.
+// The header/body split MUST treat the body as binary (Buffer) and never
+// stringify it; the Status: header sets the HTTP status (default 200).
+import { EventEmitter } from 'node:events';
+import { spawn } from 'node:child_process';
+
+// Mock the spawn boundary so run() never launches a real `git http-backend`; the
+// fake child lets us drive every stdout/stderr/error/close branch by hand.
+jest.mock('node:child_process', () => ({ spawn: jest.fn() }));
+// vaultGitEnv just builds the CGI env overlay; stub it to a passthrough so the
+// service runs without the real engine. The service loads it at runtime via the
+// `loadGitSync()` bridge (the ESM `@docmost/git-sync` package cannot be
+// `require()`d under jest), so we mock that loader rather than the package.
+jest.mock('../git-sync.loader', () => ({
+  loadGitSync: jest.fn(async () => ({
+    vaultGitEnv: (overlay: Record<string, string>) => overlay,
+  })),
+}));
+
+import {
+  parseCgiResponse,
+  splitCgiBuffer,
+  buildGitBackendCgiEnv,
+  GitHttpBackendService,
+} from './git-http-backend.service';
+import { Logger } from '@nestjs/common';
+import type { GitHttpBackendRequest } from './git-http-backend.service';
+
+const spawnMock = spawn as unknown as jest.Mock;
+
+/** A fake `git http-backend` child: EventEmitter + stdout/stderr/stdin streams. */
+function fakeChild() {
+  const child = new EventEmitter() as any;
+  child.stdout = new EventEmitter();
+  child.stderr = new EventEmitter();
+  // stdin is written/ended/piped to; capture the calls, swallow nothing.
+  child.stdin = Object.assign(new EventEmitter(), {
+    end: jest.fn(),
+    write: jest.fn(),
+  });
+  // The watchdog kills the child on timeout; capture the signal.
+  child.kill = jest.fn();
+  return child;
+}
+
+/** A fake raw Node ServerResponse capturing status/headers/body/end. */
+function fakeRes() {
+  const res: any = {
+    headersSent: false,
+    writableEnded: false,
+    statusCode: 200,
+    _headers: {} as Record<string, string>,
+    _written: [] as Buffer[],
+    setHeader: jest.fn((name: string, value: string) => {
+      res._headers[name] = value;
+    }),
+    write: jest.fn((chunk: Buffer) => {
+      res._written.push(chunk);
+      return true;
+    }),
+    end: jest.fn((chunk?: Buffer | string) => {
+      if (chunk !== undefined) res._written.push(chunk as Buffer);
+      res.writableEnded = true;
+    }),
+  };
+  return res;
+}
+
+/** A fake raw Node IncomingMessage (GET => no body piped). */
+function fakeReq() {
+  const req = new EventEmitter() as any;
+  req.pipe = jest.fn();
+  return req;
+}
+
+const baseRequest: GitHttpBackendRequest = {
+  spaceId: 'space-1',
+  subpath: 'info/refs',
+  method: 'GET',
+  queryString: 'service=git-upload-pack',
+  contentType: '',
+  remoteUser: 'alice@example.com',
+};
+
+function buildService(backendTimeoutMs = 120000) {
+  const env = {
+    getGitSyncDataDir: jest.fn(() => '/vaults'),
+    // The watchdog timeout for the spawned git http-backend. Tests inject a tiny
+    // value (or use fake timers) to drive the timeout branch.
+    getGitSyncBackendTimeoutMs: jest.fn(() => backendTimeoutMs),
+  };
+  return new GitHttpBackendService(env as any);
+}
+
+// `run()` now awaits the async `loadGitSync()` bridge before it spawns the
+// child, so the spawn (and its stream-handler wiring) happens one microtask
+// after `run()` is called. These tests drive the fake child synchronously, so
+// flush the microtask queue first to let `run()` reach the spawn.
+const flush = () => new Promise((resolve) => setImmediate(resolve));
+
+describe('GitHttpBackendService.run', () => {
+  beforeEach(() => {
+    spawnMock.mockReset();
+    jest.spyOn(Logger.prototype, 'warn').mockImplementation(() => undefined);
+    jest.spyOn(Logger.prototype, 'error').mockImplementation(() => undefined);
+  });
+  afterEach(() => jest.restoreAllMocks());
+
+  it('(a) responds 500 when the child errors before any headers were written', async () => {
+    const child = fakeChild();
+    spawnMock.mockReturnValue(child);
+    const service = buildService();
+    const res = fakeRes();
+
+    const p = service.run(baseRequest, fakeReq(), res);
+    await flush();
+    // Emit a child 'error' before any stdout -> 500, headers not already sent.
+    child.emit('error', new Error('ENOENT spawn git'));
+    await p;
+
+    expect(res.statusCode).toBe(500);
+    expect(res._headers['Content-Type']).toBe('text/plain');
+    expect(res.end).toHaveBeenCalledWith('Internal server error');
+  });
+
+  it('(a) responds 500 when the child closes before a complete CGI header block', async () => {
+    const child = fakeChild();
+    spawnMock.mockReturnValue(child);
+    const service = buildService();
+    const res = fakeRes();
+
+    const p = service.run(baseRequest, fakeReq(), res);
+    await flush();
+    // stderr diagnostics, then a close with no valid CGI output -> 500.
+    child.stderr.emit('data', Buffer.from('fatal: boom'));
+    child.emit('close', 128);
+    await p;
+
+    expect(res.statusCode).toBe(500);
+    expect(res.end).toHaveBeenCalledWith('Internal server error');
+  });
+
+  it('(b) parses the CGI header block, sets status/headers, writes the body', async () => {
+    const child = fakeChild();
+    spawnMock.mockReturnValue(child);
+    const service = buildService();
+    const res = fakeRes();
+
+    const p = service.run(baseRequest, fakeReq(), res);
+    await flush();
+    // A full CGI response: status line + header + blank line + body.
+    child.stdout.emit(
+      'data',
+      Buffer.from(
+        'Status: 200 OK\r\nContent-Type: application/x-git-upload-pack-advertisement\r\n\r\nPACKBODY',
+        'utf8',
+      ),
+    );
+    child.emit('close', 0);
+    await p;
+
+    expect(res.statusCode).toBe(200);
+    expect(res._headers['Content-Type']).toBe(
+      'application/x-git-upload-pack-advertisement',
+    );
+    expect(Buffer.concat(res._written.map((c) => Buffer.from(c))).toString()).toContain(
+      'PACKBODY',
+    );
+    expect(res.writableEnded).toBe(true);
+  });
+
+  it('(c) swallows a stdout stream error (EPIPE) without throwing or 500ing', async () => {
+    const child = fakeChild();
+    spawnMock.mockReturnValue(child);
+    const service = buildService();
+    const res = fakeRes();
+    const warnSpy = jest.spyOn(Logger.prototype, 'warn');
+
+    const p = service.run(baseRequest, fakeReq(), res);
+    await flush();
+    // The stdout 'error' handler must absorb this — no unhandled throw, no 500.
+    expect(() => child.stdout.emit('error', new Error('EPIPE'))).not.toThrow();
+    expect(() => child.stderr.emit('error', new Error('EPIPE'))).not.toThrow();
+    expect(warnSpy).toHaveBeenCalled();
+    expect(res.statusCode).not.toBe(500);
+
+    // Let run() settle so the promise does not dangle.
+    child.emit('close', 0);
+    await p;
+  });
+
+  it('(d) timeout: a child that never closes is killed and a 500 is sent', async () => {
+    // The child never emits stdout/close (a stalled git-receive-pack). With a
+    // tiny injected watchdog timeout the run() promise must still resolve: the
+    // child is killed and a clean 500 is sent (no headers were sent yet).
+    const child = fakeChild();
+    spawnMock.mockReturnValue(child);
+    const service = buildService(5); // 5ms watchdog
+    const res = fakeRes();
+    const warnSpy = jest.spyOn(Logger.prototype, 'warn');
+
+    // run() resolves only via the watchdog firing (no close/error emitted).
+    await service.run(baseRequest, fakeReq(), res);
+
+    expect(child.kill).toHaveBeenCalledWith('SIGTERM');
+    expect(warnSpy).toHaveBeenCalled();
+    expect(res.statusCode).toBe(500);
+    expect(res.end).toHaveBeenCalledWith('Internal server error');
+  });
+
+  it('(d) timeout watchdog is cleared on a normal close (no kill, no 500)', async () => {
+    // A normal request that completes well within the watchdog window must NOT be
+    // killed and must NOT trip the timeout 500 — the timer is cleared on close.
+    jest.useFakeTimers();
+    try {
+      const child = fakeChild();
+      spawnMock.mockReturnValue(child);
+      const service = buildService(120000);
+      const res = fakeRes();
+
+      const p = service.run(baseRequest, fakeReq(), res);
+      // loadGitSync resolves on a real microtask; advance it under fake timers.
+      await Promise.resolve();
+      await Promise.resolve();
+
+      child.stdout.emit(
+        'data',
+        Buffer.from('Status: 200 OK\r\nContent-Type: text/plain\r\n\r\nOK', 'utf8'),
+      );
+      child.emit('close', 0);
+      await p;
+
+      // The watchdog never fired even if we advance past its window.
+      jest.advanceTimersByTime(200000);
+      expect(child.kill).not.toHaveBeenCalled();
+      expect(res.statusCode).toBe(200);
+    } finally {
+      jest.useRealTimers();
+    }
+  });
+
+  it('spawn throwing synchronously -> 500 (spawn-failed)', async () => {
+    spawnMock.mockImplementation(() => {
+      throw new Error('spawn EACCES');
+    });
+    const service = buildService();
+    const res = fakeRes();
+
+    await service.run(baseRequest, fakeReq(), res);
+
+    expect(res.statusCode).toBe(500);
+    expect(res.end).toHaveBeenCalledWith('Internal server error');
+  });
+});
+
+describe('buildGitBackendCgiEnv', () => {
+  const base = {
+    spaceId: 'space-1',
+    subpath: 'info/refs',
+    method: 'GET',
+    queryString: 'service=git-upload-pack',
+    contentType: '',
+    remoteUser: 'alice@example.com',
+  };
+
+  it('points PATH_INFO at the NON-bare repo dir (no .git suffix)', () => {
+    // Regression guard: the vault lives at <root>/<spaceId> (a working repo), so
+    // PATH_INFO must be /<spaceId>/<subpath>. A `.git` suffix made git
+    // http-backend resolve <root>/<spaceId>.git and 404 every fetch/push.
+    const env = buildGitBackendCgiEnv(base, '/vaults');
+    expect(env.PATH_INFO).toBe('/space-1/info/refs');
+    expect(env.PATH_INFO).not.toContain('.git');
+    expect(env.GIT_PROJECT_ROOT).toBe('/vaults');
+  });
+
+  it('forwards method/query/content-type/remote-user and exports all repos', () => {
+    const env = buildGitBackendCgiEnv(
+      { ...base, method: 'POST', subpath: 'git-receive-pack', contentType: 'application/x-git-receive-pack-request', queryString: '' },
+      '/vaults',
+    );
+    expect(env.REQUEST_METHOD).toBe('POST');
+    expect(env.PATH_INFO).toBe('/space-1/git-receive-pack');
+    expect(env.CONTENT_TYPE).toBe('application/x-git-receive-pack-request');
+    expect(env.REMOTE_USER).toBe('alice@example.com');
+    expect(env.GIT_HTTP_EXPORT_ALL).toBe('1');
+  });
+
+  it('sets GIT_PROTOCOL only when the client sent the header', () => {
+    expect(buildGitBackendCgiEnv(base, '/vaults').GIT_PROTOCOL).toBeUndefined();
+    expect(
+      buildGitBackendCgiEnv({ ...base, gitProtocol: 'version=2' }, '/vaults')
+        .GIT_PROTOCOL,
+    ).toBe('version=2');
+  });
+});
+
+describe('parseCgiResponse', () => {
+  it('defaults to status 200 with no Status header', () => {
+    const r = parseCgiResponse('Content-Type: application/x-git-upload-pack-result');
+    expect(r.statusCode).toBe(200);
+    expect(r.headers).toEqual([
+      ['Content-Type', 'application/x-git-upload-pack-result'],
+    ]);
+  });
+
+  it('honors a Status header and does not forward it', () => {
+    const r = parseCgiResponse('Status: 404 Not Found\nContent-Type: text/plain');
+    expect(r.statusCode).toBe(404);
+    expect(r.headers).toEqual([['Content-Type', 'text/plain']]);
+  });
+
+  it('parses multiple headers and trims whitespace', () => {
+    const r = parseCgiResponse(
+      'Status: 403 Forbidden\r\nContent-Type:  text/plain \r\nX-Foo:  bar ',
+    );
+    expect(r.statusCode).toBe(403);
+    expect(r.headers).toEqual([
+      ['Content-Type', 'text/plain'],
+      ['X-Foo', 'bar'],
+    ]);
+  });
+
+  it('ignores malformed (colon-less) lines defensively', () => {
+    const r = parseCgiResponse('Content-Type: text/plain\ngarbage-line\nX-A: b');
+    expect(r.statusCode).toBe(200);
+    expect(r.headers).toEqual([
+      ['Content-Type', 'text/plain'],
+      ['X-A', 'b'],
+    ]);
+  });
+
+  it('ignores an out-of-range Status code and keeps the default', () => {
+    const r = parseCgiResponse('Status: not-a-number\nContent-Type: text/plain');
+    expect(r.statusCode).toBe(200);
+  });
+
+  it('treats the Status header case-insensitively', () => {
+    const r = parseCgiResponse('status: 500 Boom');
+    expect(r.statusCode).toBe(500);
+    expect(r.headers).toEqual([]);
+  });
+});
+
+describe('splitCgiBuffer', () => {
+  it('splits on a CRLF blank line and keeps the body as bytes', () => {
+    const buf = Buffer.concat([
+      Buffer.from('Status: 200 OK\r\nContent-Type: text/plain\r\n\r\n', 'utf8'),
+      Buffer.from([0x00, 0x01, 0x02, 0xff]),
+    ]);
+    const split = splitCgiBuffer(buf);
+    expect(split).not.toBeNull();
+    expect(split!.headerText).toBe('Status: 200 OK\r\nContent-Type: text/plain');
+    expect(Array.from(split!.body)).toEqual([0x00, 0x01, 0x02, 0xff]);
+  });
+
+  it('splits on a bare LF blank line', () => {
+    const buf = Buffer.from('Content-Type: text/plain\n\nhello', 'utf8');
+    const split = splitCgiBuffer(buf);
+    expect(split).not.toBeNull();
+    expect(split!.headerText).toBe('Content-Type: text/plain');
+    expect(split!.body.toString('utf8')).toBe('hello');
+  });
+
+  it('returns an empty body when nothing follows the separator', () => {
+    const buf = Buffer.from('Content-Type: text/plain\r\n\r\n', 'utf8');
+    const split = splitCgiBuffer(buf);
+    expect(split).not.toBeNull();
+    expect(split!.body.length).toBe(0);
+  });
+
+  it('returns null when there is no blank-line separator yet', () => {
+    const buf = Buffer.from('Content-Type: text/plain\r\nincomplete', 'utf8');
+    expect(splitCgiBuffer(buf)).toBeNull();
+  });
+});

apps/server/src/integrations/git-sync/http/git-http-backend.service.ts

@@ -0,0 +1,335 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { spawn } from 'node:child_process';
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { loadGitSync } from '../git-sync.loader';
+import { EnvironmentService } from '../../environment/environment.service';
+
+/** The parsed first part of a CGI response: the HTTP status + header pairs. */
+export interface ParsedCgiResponse {
+  statusCode: number;
+  /** Lower-cased? No — keep header names verbatim as git http-backend emits. */
+  headers: Array<[string, string]>;
+}
+
+/**
+ * Parse the CGI header block emitted by `git http-backend` into an HTTP status
+ * and a list of header pairs. The input is ONLY the header text (everything up
+ * to, but not including, the blank-line separator) — the binary body is split
+ * off by the caller on the raw Buffer (never stringified).
+ *
+ * CGI semantics (RFC 3875 §6): a `Status: <code> <reason>` header sets the HTTP
+ * status (default 200 when absent). Every other header is forwarded verbatim.
+ * Header lines are `Name: value`; a line without a ':' is ignored defensively.
+ *
+ * Pure + framework-free so it is unit-testable in isolation.
+ */
+export function parseCgiResponse(headerBlock: string): ParsedCgiResponse {
+  let statusCode = 200;
+  const headers: Array<[string, string]> = [];
+
+  // Header lines may be separated by CRLF or LF; split on either.
+  const lines = headerBlock.split(/\r?\n/);
+  for (const line of lines) {
+    if (line.length === 0) continue;
+    const sep = line.indexOf(':');
+    if (sep === -1) continue; // not a header line — ignore defensively
+    const name = line.slice(0, sep).trim();
+    const value = line.slice(sep + 1).trim();
+    if (name.toLowerCase() === 'status') {
+      // `Status: 404 Not Found` — the leading integer is the HTTP status code.
+      const code = parseInt(value, 10);
+      if (Number.isFinite(code) && code >= 100 && code <= 599) {
+        statusCode = code;
+      }
+      continue; // never forward the CGI Status header itself
+    }
+    headers.push([name, value]);
+  }
+
+  return { statusCode, headers };
+}
+
+/**
+ * Split a raw CGI response buffer at the first blank-line boundary
+ * (`\r\n\r\n` or `\n\n`). Returns the header text and the remaining body bytes.
+ * Returns null when no blank-line separator is present (a malformed response).
+ *
+ * Pure (operates on Buffers, never stringifies the body) so it is testable.
+ */
+export function splitCgiBuffer(
+  buf: Buffer,
+): { headerText: string; body: Buffer } | null {
+  // Prefer the CRLF separator; fall back to bare LF.
+  let idx = buf.indexOf('\r\n\r\n');
+  let sepLen = 4;
+  if (idx === -1) {
+    idx = buf.indexOf('\n\n');
+    sepLen = 2;
+  }
+  if (idx === -1) return null;
+  const headerText = buf.subarray(0, idx).toString('utf8');
+  const body = buf.subarray(idx + sepLen);
+  return { headerText, body };
+}
+
+/** A parsed git smart-HTTP request, resolved by the controller/handler. */
+export interface GitHttpBackendRequest {
+  /** The space id (the on-disk vault dir name == GIT_PROJECT_ROOT child). */
+  spaceId: string;
+  /** The subpath after `<spaceId>.git/`, e.g. `info/refs` or `git-receive-pack`. */
+  subpath: string;
+  /** REQUEST_METHOD — `GET` or `POST`. */
+  method: string;
+  /** Raw query string WITHOUT the leading '?', e.g. `service=git-receive-pack`. */
+  queryString: string;
+  /** Content-Type header value (may be empty for GET). */
+  contentType: string;
+  /** The Git-Protocol request header value, or undefined when absent. */
+  gitProtocol?: string;
+  /** Authenticated user email — used as REMOTE_USER (reflog identity). */
+  remoteUser: string;
+}
+
+/**
+ * Bridges an HTTP git smart-protocol request to `git http-backend` (the CGI that
+ * implements the entire smart-HTTP protocol: info/refs, upload-pack,
+ * receive-pack, protocol v2, dumb fallback). We do NOT reimplement pkt-line.
+ *
+ * The Fastify reply is hijacked by the caller; this service streams the request
+ * body to the child's stdin and writes the child's CGI response (status +
+ * headers parsed from the leading header block, then the raw binary body) to the
+ * Node response. Errors before any output produce a 500. Credentials are never
+ * logged.
+ */
+/**
+ * Build the `git http-backend` CGI environment overlay for one request (the
+ * variables layered on top of `vaultGitEnv`'s cwd-isolated base). Pure so the
+ * PATH_INFO / REMOTE_USER / conditional GIT_PROTOCOL wiring is unit-testable
+ * without spawning git.
+ *
+ * PATH_INFO is the repo-relative CGI path. The vault is a NON-BARE working repo
+ * on disk at `<dataDir>/<spaceId>` (the engine needs a working tree), so the
+ * repo directory git http-backend must resolve is `<spaceId>` — NOT
+ * `<spaceId>.git`. The URL carries the conventional `.git` suffix (stripped by
+ * parseGitPath into `spaceId`); re-appending it here pointed the CGI at a
+ * non-existent `<dataDir>/<spaceId>.git` and every fetch/push 404'd.
+ */
+export function buildGitBackendCgiEnv(
+  parsed: GitHttpBackendRequest,
+  projectRoot: string,
+): Record<string, string> {
+  const cgiEnv: Record<string, string> = {
+    GIT_PROJECT_ROOT: projectRoot,
+    GIT_HTTP_EXPORT_ALL: '1', // authz is done by us; no git-daemon-export-ok file
+    PATH_INFO: `/${parsed.spaceId}/${parsed.subpath}`,
+    REQUEST_METHOD: parsed.method,
+    QUERY_STRING: parsed.queryString,
+    CONTENT_TYPE: parsed.contentType,
+    REMOTE_USER: parsed.remoteUser,
+  };
+  // GIT_PROTOCOL is only set when the client sent the Git-Protocol header.
+  if (parsed.gitProtocol) {
+    cgiEnv.GIT_PROTOCOL = parsed.gitProtocol;
+  }
+  return cgiEnv;
+}
+
+@Injectable()
+export class GitHttpBackendService {
+  private readonly logger = new Logger(GitHttpBackendService.name);
+
+  constructor(private readonly environmentService: EnvironmentService) {}
+
+  /**
+   * Spawn `git http-backend` for one request and bridge it to the raw Node
+   * request/response. Resolves when the response has been fully written (the
+   * child exited and its output was flushed), or after a 500 was sent on an
+   * early failure. Never rejects — push ingestion relies on this resolving so
+   * the lock-held cycle body can run afterwards.
+   */
+  async run(
+    parsed: GitHttpBackendRequest,
+    rawReq: IncomingMessage,
+    rawRes: ServerResponse,
+  ): Promise<void> {
+    const { vaultGitEnv } = await loadGitSync();
+    const projectRoot = this.environmentService.getGitSyncDataDir();
+    // Build the CGI env from the engine's cwd-isolated base (strips GIT_DIR /
+    // GIT_WORK_TREE), then layer the http-backend CGI variables. PATH is
+    // preserved (vaultGitEnv already copies process.env, so PATH carries
+    // through).
+    const env = vaultGitEnv(buildGitBackendCgiEnv(parsed, projectRoot));
+
+    return new Promise<void>((resolve) => {
+      let settled = false;
+      const done = () => {
+        if (settled) return;
+        settled = true;
+        resolve();
+      };
+
+      let child: ReturnType<typeof spawn>;
+      try {
+        child = spawn('git', ['http-backend'], { env });
+      } catch (err) {
+        this.send500(rawRes, 'spawn-failed', err);
+        return done();
+      }
+
+      // Watchdog: a client that opens git-receive-pack and stalls keeps the
+      // child alive forever, so run() never resolves and (because this runs
+      // inside withSpaceLock) the per-space lock is held + heartbeat-refreshed
+      // indefinitely. Bound the request: on expiry kill the child, send a clean
+      // 500 if nothing was sent yet, and settle the promise. The log carries no
+      // client echo / credentials / body. `.unref()` so the timer never keeps the
+      // event loop alive; ALWAYS cleared in the close/error handlers below.
+      const timer = setTimeout(() => {
+        this.logger.warn(
+          `git http-backend timed out after ` +
+            `${this.environmentService.getGitSyncBackendTimeoutMs()}ms; killing child`,
+        );
+        try {
+          child.kill('SIGTERM');
+          // Escalate to SIGKILL shortly after in case SIGTERM is ignored.
+          const sigkill = setTimeout(() => {
+            try {
+              child.kill('SIGKILL');
+            } catch {
+              /* ignore */
+            }
+          }, 2000);
+          sigkill.unref?.();
+        } catch {
+          /* ignore */
+        }
+        if (!headerParsed && !rawRes.headersSent) {
+          this.send500(rawRes, 'timeout');
+        } else {
+          try {
+            rawRes.end();
+          } catch {
+            /* ignore */
+          }
+        }
+        done();
+      }, this.environmentService.getGitSyncBackendTimeoutMs());
+      timer.unref?.();
+
+      // Accumulate stdout until we have the full CGI header block, then write the
+      // parsed status/headers and start streaming the remaining body bytes.
+      let headerParsed = false;
+      let pending: Buffer = Buffer.alloc(0);
+
+      const flushHeadersAndBody = (chunk: Buffer): void => {
+        pending = Buffer.concat([pending, chunk]);
+        const split = splitCgiBuffer(pending);
+        if (!split) return; // header block not complete yet
+        headerParsed = true;
+        const { statusCode, headers } = parseCgiResponse(split.headerText);
+        rawRes.statusCode = statusCode;
+        for (const [name, value] of headers) {
+          rawRes.setHeader(name, value);
+        }
+        if (split.body.length > 0) rawRes.write(split.body);
+        pending = Buffer.alloc(0);
+      };
+
+      child.stdout?.on('data', (chunk: Buffer) => {
+        if (headerParsed) {
+          rawRes.write(chunk);
+        } else {
+          flushHeadersAndBody(chunk);
+        }
+      });
+      // A stream 'error' (e.g. EPIPE when the client aborts mid-response) is an
+      // EventEmitter 'error' with no listener -> Node rethrows it as an uncaught
+      // exception and crashes the process. Swallow + log it (never echo to the
+      // client); child.on('close')/'error' below drives the actual cleanup.
+      child.stdout?.on('error', (err) => {
+        this.logger.warn(`git http-backend stdout stream error: ${err.message}`);
+      });
+
+      let stderr = '';
+      child.stderr?.on('data', (chunk: Buffer) => {
+        // Capture for diagnostics; never echo to the client. http-backend writes
+        // CGI errors here. We do NOT log the request body or any credentials.
+        if (stderr.length < 8192) stderr += chunk.toString('utf8');
+      });
+      child.stderr?.on('error', (err) => {
+        this.logger.warn(`git http-backend stderr stream error: ${err.message}`);
+      });
+
+      child.on('error', (err) => {
+        clearTimeout(timer);
+        if (!headerParsed && !rawRes.headersSent) {
+          this.send500(rawRes, 'child-error', err);
+        } else {
+          // Output already started — we can only terminate the stream.
+          try {
+            rawRes.end();
+          } catch {
+            /* ignore */
+          }
+        }
+        done();
+      });
+
+      child.on('close', (code) => {
+        clearTimeout(timer);
+        if (!headerParsed && !rawRes.headersSent) {
+          // The child exited before emitting a complete CGI header block.
+          this.logger.error(
+            `git http-backend produced no valid response (exit ${code}) for ` +
+              `space; stderr: ${stderr.trim().slice(0, 500)}`,
+          );
+          this.send500(rawRes, 'no-output');
+        } else {
+          try {
+            rawRes.end();
+          } catch {
+            /* ignore */
+          }
+        }
+        done();
+      });
+
+      // Pipe the request body to the child's stdin. For GET there is no body, so
+      // end stdin immediately. We pipe `rawReq` (the raw Node stream) directly so
+      // large pushes are streamed, not buffered.
+      if (parsed.method === 'POST') {
+        rawReq.pipe(child.stdin!);
+        rawReq.on('error', () => {
+          try {
+            child.stdin?.end();
+          } catch {
+            /* ignore */
+          }
+        });
+      } else {
+        child.stdin?.end();
+      }
+      // Swallow EPIPE etc. on the child's stdin so a client disconnect does not
+      // crash the process.
+      child.stdin?.on('error', () => {
+        /* ignore broken-pipe on stdin */
+      });
+    });
+  }
+
+  /** Send a clean 500 without leaking credentials or the request body. */
+  private send500(rawRes: ServerResponse, reason: string, err?: unknown): void {
+    const message = err instanceof Error ? err.message : undefined;
+    this.logger.error(
+      `git http-backend failed (${reason})${message ? `: ${message}` : ''}`,
+    );
+    try {
+      if (!rawRes.headersSent) {
+        rawRes.statusCode = 500;
+        rawRes.setHeader('Content-Type', 'text/plain');
+      }
+      rawRes.end('Internal server error');
+    } catch {
+      /* ignore */
+    }
+  }
+}

apps/server/src/integrations/git-sync/http/git-http.helpers.spec.ts

@@ -0,0 +1,183 @@
+// Unit tests for the pure /git smart-HTTP helpers: URL parsing, service->kind
+// mapping (read vs write), and the gating/auth decision precedence.
+import {
+  decideGitHttpGate,
+  parseGitPath,
+  resolveServiceKind,
+} from './git-http.helpers';
+
+describe('parseGitPath', () => {
+  it('parses spaceId + subpath, stripping the trailing .git', () => {
+    expect(parseGitPath('abc123.git/info/refs')).toEqual({
+      spaceId: 'abc123',
+      subpath: 'info/refs',
+    });
+  });
+
+  it('tolerates a leading slash', () => {
+    expect(parseGitPath('/abc.git/git-receive-pack')).toEqual({
+      spaceId: 'abc',
+      subpath: 'git-receive-pack',
+    });
+  });
+
+  it('returns an empty subpath for the bare repo root', () => {
+    expect(parseGitPath('abc.git')).toEqual({ spaceId: 'abc', subpath: '' });
+  });
+
+  it('returns null when the first segment lacks .git', () => {
+    expect(parseGitPath('abc/info/refs')).toBeNull();
+  });
+
+  it('returns null on an empty space id', () => {
+    expect(parseGitPath('.git/info/refs')).toBeNull();
+  });
+
+  it('rejects path traversal', () => {
+    expect(parseGitPath('abc.git/../../etc/passwd')).toBeNull();
+    expect(parseGitPath('..git/x')).toBeNull();
+  });
+
+  it('rejects percent-encoded dot/slash traversal in the subpath (case-insensitive)', () => {
+    expect(parseGitPath('abc.git/%2e%2e%2fetc/passwd')).toBeNull();
+    expect(parseGitPath('abc.git/%2E%2E/secret')).toBeNull();
+    expect(parseGitPath('abc.git/objects/%2fabsolute')).toBeNull();
+  });
+});
+
+describe('resolveServiceKind', () => {
+  it('GET info/refs?service=git-upload-pack -> read', () => {
+    expect(
+      resolveServiceKind({
+        method: 'GET',
+        subpath: 'info/refs',
+        service: 'git-upload-pack',
+      }),
+    ).toBe('read');
+  });
+
+  it('GET info/refs?service=git-receive-pack -> write', () => {
+    expect(
+      resolveServiceKind({
+        method: 'GET',
+        subpath: 'info/refs',
+        service: 'git-receive-pack',
+      }),
+    ).toBe('write');
+  });
+
+  it('POST git-upload-pack -> read', () => {
+    expect(
+      resolveServiceKind({ method: 'POST', subpath: 'git-upload-pack' }),
+    ).toBe('read');
+  });
+
+  it('POST git-receive-pack -> write', () => {
+    expect(
+      resolveServiceKind({ method: 'POST', subpath: 'git-receive-pack' }),
+    ).toBe('write');
+  });
+
+  it('a dumb-protocol GET (HEAD / objects) -> read', () => {
+    expect(resolveServiceKind({ method: 'GET', subpath: 'HEAD' })).toBe('read');
+    expect(
+      resolveServiceKind({ method: 'GET', subpath: 'objects/12/abcdef' }),
+    ).toBe('read');
+  });
+
+  it('info/refs with no/unknown service -> read (dumb discovery)', () => {
+    expect(resolveServiceKind({ method: 'GET', subpath: 'info/refs' })).toBe(
+      'read',
+    );
+  });
+
+  it('an unknown POST endpoint -> null', () => {
+    expect(resolveServiceKind({ method: 'POST', subpath: 'whatever' })).toBeNull();
+  });
+
+  it('an unsupported method -> null', () => {
+    expect(
+      resolveServiceKind({ method: 'DELETE', subpath: 'git-receive-pack' }),
+    ).toBeNull();
+  });
+});
+
+describe('decideGitHttpGate', () => {
+  const base = {
+    hasCredentials: true,
+    credentialsValid: true,
+    serviceKind: 'read' as const,
+    gitSyncEnabled: true,
+    gitHttpEnabled: true,
+    spaceExists: true,
+    spaceGitSyncEnabled: true,
+    permissionGranted: true,
+  };
+
+  it('proceeds on the happy path', () => {
+    expect(decideGitHttpGate(base)).toEqual({ kind: 'proceed' });
+  });
+
+  it('401 when credentials are missing (even for a valid space)', () => {
+    expect(
+      decideGitHttpGate({ ...base, hasCredentials: false }),
+    ).toEqual({ kind: 'unauthorized' });
+  });
+
+  it('401 when credentials are present but invalid', () => {
+    expect(
+      decideGitHttpGate({ ...base, credentialsValid: false }),
+    ).toEqual({ kind: 'unauthorized' });
+  });
+
+  it('400 on an unparseable service kind', () => {
+    expect(decideGitHttpGate({ ...base, serviceKind: null })).toEqual({
+      kind: 'bad-request',
+    });
+  });
+
+  it('404 when the space is not git-sync-enabled (never reveals existence)', () => {
+    expect(
+      decideGitHttpGate({ ...base, spaceGitSyncEnabled: false }),
+    ).toEqual({ kind: 'not-found' });
+  });
+
+  it('404 when the space does not exist', () => {
+    expect(decideGitHttpGate({ ...base, spaceExists: false })).toEqual({
+      kind: 'not-found',
+    });
+  });
+
+  it('404 when git-sync is globally disabled', () => {
+    expect(decideGitHttpGate({ ...base, gitSyncEnabled: false })).toEqual({
+      kind: 'not-found',
+    });
+  });
+
+  it('404 when the git-http host is disabled', () => {
+    expect(decideGitHttpGate({ ...base, gitHttpEnabled: false })).toEqual({
+      kind: 'not-found',
+    });
+  });
+
+  it('403 when authenticated but lacking the required permission (reader on write)', () => {
+    expect(
+      decideGitHttpGate({
+        ...base,
+        serviceKind: 'write',
+        permissionGranted: false,
+      }),
+    ).toEqual({ kind: 'forbidden' });
+  });
+
+  it('still 401 (not 404) for missing creds against a disabled space', () => {
+    // Anonymous probe must always get 401 first, regardless of space state.
+    expect(
+      decideGitHttpGate({
+        ...base,
+        hasCredentials: false,
+        spaceGitSyncEnabled: false,
+      }),
+    ).toEqual({ kind: 'unauthorized' });
+  });
+});

apps/server/src/integrations/git-sync/http/git-http.helpers.ts

@@ -0,0 +1,147 @@
+// Pure, framework-free helpers for the /git smart-HTTP host. They carry no Nest
+// / DI / concrete-service imports so the request parsing and the auth/authz
+// gating DECISION can be unit-tested in isolation, and nothing here ever logs a
+// password or the Authorization header.
+
+/** The git operation a request maps to: a read (fetch/clone) or a write (push). */
+export type GitHttpServiceKind = 'read' | 'write';
+
+/** A parsed `/git/<spaceId>.git/<subpath>` URL. */
+export interface ParsedGitPath {
+  spaceId: string;
+  /** The subpath after `<spaceId>.git/` (no leading slash), e.g. `info/refs`. */
+  subpath: string;
+}
+
+/**
+ * Parse the `<rest>` of a `/git/<rest>` URL path (no query string) into the
+ * space id and the repo-relative subpath. The space id is the first path
+ * segment with its trailing `.git` stripped. Returns null when the shape does
+ * not match (missing `.git`, empty space id, traversal attempt).
+ *
+ * `rest` MUST already be URL-path-decoded of its query string by the caller
+ * (pass the pathname only). We reject `..` segments defensively even though
+ * http-backend resolves PATH_INFO against GIT_PROJECT_ROOT.
+ */
+export function parseGitPath(rest: string): ParsedGitPath | null {
+  // Strip a leading slash, then take the first segment as `<spaceId>.git`.
+  const clean = rest.replace(/^\/+/, '');
+  const slash = clean.indexOf('/');
+  const first = slash === -1 ? clean : clean.slice(0, slash);
+  const subpath = slash === -1 ? '' : clean.slice(slash + 1);
+
+  if (!first.endsWith('.git')) return null;
+  const spaceId = first.slice(0, -'.git'.length);
+  if (!spaceId) return null;
+
+  // Reject path traversal / degenerate ids in either component.
+  if (
+    spaceId === '.' ||
+    spaceId.includes('..') ||
+    spaceId.includes('/') ||
+    subpath.split('/').some((seg) => seg === '..')
+  ) {
+    return null;
+  }
+
+  // Defense-in-depth: reject percent-encoded dot/slash traversal (`%2e`, `%2f`,
+  // case-insensitive) in the subpath BEFORE it is used to build PATH_INFO — a
+  // decoder downstream could otherwise turn `%2e%2e%2f` back into `../`.
+  if (/%2e|%2f/i.test(subpath)) {
+    return null;
+  }
+
+  return { spaceId, subpath };
+}
+
+/**
+ * Map a parsed git request (method + subpath + query) to the required operation
+ * kind. The smart-HTTP shapes:
+ *   - GET  info/refs?service=git-upload-pack   -> read (fetch)
+ *   - GET  info/refs?service=git-receive-pack  -> write (push)
+ *   - POST git-upload-pack                      -> read (fetch)
+ *   - POST git-receive-pack                     -> write (push)
+ *   - any other dumb-protocol GET (HEAD, objects/…) -> read
+ * Returns null for an unsupported shape (e.g. a POST that is neither pack
+ * endpoint) so the caller can 403/404 rather than guess.
+ */
+export function resolveServiceKind(input: {
+  method: string;
+  subpath: string;
+  service?: string;
+}): GitHttpServiceKind | null {
+  const method = input.method.toUpperCase();
+  const subpath = input.subpath;
+
+  if (method === 'GET') {
+    if (subpath === 'info/refs') {
+      if (input.service === 'git-receive-pack') return 'write';
+      if (input.service === 'git-upload-pack') return 'read';
+      // info/refs without a known service: dumb-protocol discovery — read.
+      return 'read';
+    }
+    // Dumb-protocol object/ref fetches (HEAD, objects/…) are reads.
+    return 'read';
+  }
+
+  if (method === 'POST') {
+    if (subpath === 'git-receive-pack') return 'write';
+    if (subpath === 'git-upload-pack') return 'read';
+    return null; // unknown POST endpoint
+  }
+
+  return null; // unsupported method
+}
+
+/** The outcome of the gating/auth decision the request handler must enforce. */
+export type GitHttpGateDecision =
+  | { kind: 'unauthorized' } // 401 + WWW-Authenticate (missing/invalid creds)
+  | { kind: 'not-found' } // 404 (space hidden / sync or http disabled)
+  | { kind: 'forbidden' } // 403 (authenticated but lacks the permission)
+  | { kind: 'bad-request' } // 400 (unparseable git request shape)
+  | { kind: 'proceed' }; // run http-backend
+
+/**
+ * Pure gating decision, mirroring the handler precedence so it can be unit
+ * tested without the DB / CASL graph. Inputs are the already-resolved booleans
+ * the handler computes from EnvironmentService / SpaceRepo / SpaceAbilityFactory.
+ *
+ * Precedence (matches the spec):
+ *   1. no/invalid Basic credentials               -> 401 (regardless of space).
+ *   2. credentials present but invalid             -> 401.
+ *   3. unparseable git request shape               -> 400.
+ *   4. git-sync globally disabled, or git-http disabled, or the space is missing
+ *      / not git-sync-enabled                       -> 404 (never reveal existence).
+ *   5. authenticated but lacking the required perm -> 403.
+ *   6. otherwise                                    -> proceed.
+ *
+ * Note (4) is checked AFTER (1)/(2): an anonymous probe always gets 401 first;
+ * an authenticated user hitting a hidden/disabled space gets 404 (not 403).
+ */
+export function decideGitHttpGate(input: {
+  hasCredentials: boolean;
+  credentialsValid: boolean;
+  serviceKind: GitHttpServiceKind | null;
+  gitSyncEnabled: boolean;
+  gitHttpEnabled: boolean;
+  spaceExists: boolean;
+  spaceGitSyncEnabled: boolean;
+  permissionGranted: boolean;
+}): GitHttpGateDecision {
+  if (!input.hasCredentials) return { kind: 'unauthorized' };
+  if (!input.credentialsValid) return { kind: 'unauthorized' };
+  if (input.serviceKind === null) return { kind: 'bad-request' };
+
+  if (
+    !input.gitSyncEnabled ||
+    !input.gitHttpEnabled ||
+    !input.spaceExists ||
+    !input.spaceGitSyncEnabled
+  ) {
+    return { kind: 'not-found' };
+  }
+
+  if (!input.permissionGranted) return { kind: 'forbidden' };
+
+  return { kind: 'proceed' };
+}

apps/server/src/integrations/git-sync/http/git-http.service.spec.ts

@@ -0,0 +1,463 @@
+// Unit tests for GitHttpService — the /git smart-HTTP handler. Everything it
+// depends on (backend, auth, repos, ability factory, env, orchestrator) is
+// mocked so we exercise ONLY the handler wiring: workspace resolution (which is
+// done HERE, not by DomainMiddleware — see FIX 1), the auth/gating precedence,
+// the read-vs-write dispatch, and that a fetch does NOT take the lock.
+//
+// These tests deliberately NEVER set `req.raw.workspaceId`: the workspace must
+// come from WorkspaceRepo. If the handler regressed to reading
+// `req.raw.workspaceId`, the happy-path fetch test below would fail (the repo
+// would not be consulted and the request would 401).
+import { Logger, UnauthorizedException } from '@nestjs/common';
+import {
+  SpaceCaslAction,
+  SpaceCaslSubject,
+} from '../../../core/casl/interfaces/space-ability.type';
+import { GitHttpService } from './git-http.service';
+import { GitSyncLockHeldError } from '../services/git-sync.orchestrator';
+
+type AnyMock = jest.Mock;
+
+interface BuildOptions {
+  selfHosted?: boolean;
+  gitSyncEnabled?: boolean;
+  gitHttpEnabled?: boolean;
+  /** What workspaceRepo.findFirst() returns (self-hosted resolution). */
+  workspace?: { id: string } | null;
+  /** What spaceRepo.findById() returns. */
+  space?: { id: string; settings?: unknown } | null;
+  /** Result of authService.verifyUserCredentials: a user, or throw 401. */
+  user?: { id: string; email: string } | null;
+  /** Whether the created ability grants the requested action. */
+  abilityCan?: boolean;
+}
+
+interface Built {
+  service: GitHttpService;
+  env: Record<string, AnyMock>;
+  authService: { verifyUserCredentials: AnyMock };
+  spaceRepo: { findById: AnyMock };
+  workspaceRepo: { findFirst: AnyMock; findByHostname: AnyMock };
+  abilityFactory: { createForUser: AnyMock };
+  abilityCan: AnyMock;
+  vaultRegistry: { ensureServable: AnyMock };
+  orchestrator: { ingestExternalPush: AnyMock };
+  backend: { run: AnyMock };
+}
+
+function build(opts: BuildOptions = {}): Built {
+  const {
+    selfHosted = true,
+    gitSyncEnabled = true,
+    gitHttpEnabled = true,
+    workspace = { id: 'ws-1' },
+    space = { id: 'space-1', settings: { gitSync: { enabled: true } } },
+    user = { id: 'user-1', email: 'dev@example.com' },
+    abilityCan = true,
+  } = opts;
+
+  const env: Record<string, AnyMock> = {
+    isSelfHosted: jest.fn(() => selfHosted),
+    isCloud: jest.fn(() => !selfHosted),
+    isGitSyncEnabled: jest.fn(() => gitSyncEnabled),
+    isGitSyncHttpEnabled: jest.fn(() => gitHttpEnabled),
+  };
+
+  const authService = {
+    verifyUserCredentials: jest.fn(async () => {
+      if (!user) throw new UnauthorizedException();
+      return user;
+    }),
+  };
+
+  const spaceRepo = { findById: jest.fn(async () => space) };
+
+  const workspaceRepo = {
+    findFirst: jest.fn(async () => workspace),
+    findByHostname: jest.fn(async () => workspace),
+  };
+
+  const abilityCanMock = jest.fn(() => abilityCan);
+  const abilityFactory = {
+    createForUser: jest.fn(async () => ({ can: abilityCanMock })),
+  };
+
+  const vaultRegistry = { ensureServable: jest.fn(async () => undefined) };
+  const orchestrator = { ingestExternalPush: jest.fn(async () => undefined) };
+  const backend = { run: jest.fn(async () => undefined) };
+
+  const service = new GitHttpService(
+    env as any,
+    authService as any,
+    spaceRepo as any,
+    workspaceRepo as any,
+    abilityFactory as any,
+    vaultRegistry as any,
+    orchestrator as any,
+    backend as any,
+  );
+
+  return {
+    service,
+    env,
+    authService,
+    spaceRepo,
+    workspaceRepo,
+    abilityFactory,
+    abilityCan: abilityCanMock,
+    vaultRegistry,
+    orchestrator,
+    backend,
+  };
+}
+
+/** A fake Fastify reply capturing the terminal status/headers/body. */
+function fakeReply() {
+  const state: {
+    statusCode?: number;
+    headers: Record<string, string>;
+    body?: unknown;
+    hijacked: boolean;
+    sent: boolean;
+  } = { headers: {}, hijacked: false, sent: false };
+
+  const reply: any = {
+    header(name: string, value: string) {
+      state.headers[name] = value;
+      return reply;
+    },
+    status(code: number) {
+      state.statusCode = code;
+      return reply;
+    },
+    send(body: unknown) {
+      state.body = body;
+      state.sent = true;
+      return reply;
+    },
+    hijack() {
+      state.hijacked = true;
+    },
+    get sent() {
+      return state.sent;
+    },
+    // The raw Node response — only touched on the streaming/error paths.
+    raw: {
+      headersSent: false,
+      writableEnded: false,
+      statusCode: 200,
+      setHeader: jest.fn(),
+      end: jest.fn(),
+    },
+  };
+  return { reply, state };
+}
+
+/** A fake Fastify request for a /git smart-HTTP call. */
+function fakeRequest(opts: {
+  url: string;
+  method?: string;
+  authorization?: string;
+  host?: string;
+}) {
+  const { url, method = 'GET', authorization, host = 'docs.example.com' } = opts;
+  const headers: Record<string, string> = { host };
+  if (authorization) headers['authorization'] = authorization;
+  // query is parsed by Fastify; mirror the `service` param when present.
+  const qIdx = url.indexOf('?');
+  const query: Record<string, string> = {};
+  if (qIdx !== -1) {
+    for (const pair of url.slice(qIdx + 1).split('&')) {
+      const [k, v] = pair.split('=');
+      if (k) query[k] = v ?? '';
+    }
+  }
+  return {
+    url,
+    method,
+    headers,
+    query,
+    // raw is intentionally WITHOUT workspaceId — the handler must resolve it
+    // itself via WorkspaceRepo (a regression to req.raw.workspaceId would 401).
+    raw: {},
+  } as any;
+}
+
+function basic(email: string, password: string): string {
+  return 'Basic ' + Buffer.from(`${email}:${password}`).toString('base64');
+}
+
+beforeEach(() => {
+  jest.clearAllMocks();
+  // Silence the handler's logger.warn/error in negative-path tests.
+  jest.spyOn(Logger.prototype, 'warn').mockImplementation(() => undefined);
+  jest.spyOn(Logger.prototype, 'error').mockImplementation(() => undefined);
+});
+
+describe('GitHttpService.handle', () => {
+  it('fetch with valid creds resolves the workspace via the repo and dispatches WITHOUT the lock', async () => {
+    const built = build({ selfHosted: true });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // The workspace came from WorkspaceRepo, NOT req.raw.workspaceId.
+    expect(built.workspaceRepo.findFirst).toHaveBeenCalledTimes(1);
+    expect(built.authService.verifyUserCredentials).toHaveBeenCalledWith(
+      { email: 'dev@example.com', password: 'pw' },
+      'ws-1',
+    );
+    expect(built.spaceRepo.findById).toHaveBeenCalledWith('space-1', 'ws-1');
+    // Read ability was evaluated.
+    expect(built.abilityCan).toHaveBeenCalledWith(
+      SpaceCaslAction.Read,
+      SpaceCaslSubject.Page,
+    );
+    // It proceeded: vault prepared, reply hijacked, backend ran directly.
+    expect(built.vaultRegistry.ensureServable).toHaveBeenCalledWith('space-1');
+    expect(state.hijacked).toBe(true);
+    expect(built.backend.run).toHaveBeenCalledTimes(1);
+    // A fetch must NOT take the push lock.
+    expect(built.orchestrator.ingestExternalPush).not.toHaveBeenCalled();
+  });
+
+  it('cloud deployment resolves the workspace by the host subdomain', async () => {
+    const built = build({ selfHosted: false });
+    const { reply } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+      host: 'acme.example.com',
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(built.workspaceRepo.findByHostname).toHaveBeenCalledWith('acme');
+    expect(built.workspaceRepo.findFirst).not.toHaveBeenCalled();
+    expect(built.backend.run).toHaveBeenCalledTimes(1);
+  });
+
+  it('missing Basic credentials -> 401 with WWW-Authenticate', async () => {
+    const built = build();
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      // no Authorization header
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(state.statusCode).toBe(401);
+    expect(state.headers['WWW-Authenticate']).toBe('Basic realm="gitmost"');
+    expect(built.backend.run).not.toHaveBeenCalled();
+    expect(built.authService.verifyUserCredentials).not.toHaveBeenCalled();
+  });
+
+  it('invalid Basic credentials -> 401 with WWW-Authenticate', async () => {
+    const built = build({ user: null }); // verifyUserCredentials throws 401
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'wrong'),
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(state.statusCode).toBe(401);
+    expect(state.headers['WWW-Authenticate']).toBe('Basic realm="gitmost"');
+    expect(built.backend.run).not.toHaveBeenCalled();
+  });
+
+  it('a write by a Read-only user -> 403 (reader cannot push)', async () => {
+    const built = build({ abilityCan: false });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/git-receive-pack',
+      method: 'POST',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // The Manage ability was checked for a write and denied.
+    expect(built.abilityCan).toHaveBeenCalledWith(
+      SpaceCaslAction.Manage,
+      SpaceCaslSubject.Page,
+    );
+    expect(state.statusCode).toBe(403);
+    expect(built.orchestrator.ingestExternalPush).not.toHaveBeenCalled();
+    expect(built.backend.run).not.toHaveBeenCalled();
+  });
+
+  it('a space that is not git-sync-enabled -> 404 (existence never revealed)', async () => {
+    const built = build({
+      space: { id: 'space-1', settings: { gitSync: { enabled: false } } },
+    });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(state.statusCode).toBe(404);
+    // CASL is never even evaluated for a non-candidate space.
+    expect(built.abilityFactory.createForUser).not.toHaveBeenCalled();
+    expect(built.backend.run).not.toHaveBeenCalled();
+  });
+
+  it('git-sync globally disabled -> 404 even with valid creds', async () => {
+    const built = build({ gitSyncEnabled: false });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(state.statusCode).toBe(404);
+    expect(built.backend.run).not.toHaveBeenCalled();
+  });
+
+  it('a valid write proceeds through the orchestrator (push takes the lock)', async () => {
+    const built = build({ abilityCan: true });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/git-receive-pack',
+      method: 'POST',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    expect(built.abilityCan).toHaveBeenCalledWith(
+      SpaceCaslAction.Manage,
+      SpaceCaslSubject.Page,
+    );
+    expect(state.hijacked).toBe(true);
+    expect(built.orchestrator.ingestExternalPush).toHaveBeenCalledTimes(1);
+    const [spaceId, workspaceId] =
+      built.orchestrator.ingestExternalPush.mock.calls[0];
+    expect(spaceId).toBe('space-1');
+    expect(workspaceId).toBe('ws-1');
+  });
+
+  it('GET info/refs?service=git-receive-pack streams the backend WITHOUT a cycle/lock (so the follow-up POST never 503-collides)', async () => {
+    // A push is a TWO-request exchange: GET info/refs?service=git-receive-pack
+    // (ref advertisement) then POST git-receive-pack (the pack). The info/refs
+    // request is write-AUTHORIZED (push perms needed to see those refs) but is
+    // READ-ONLY — it must NOT run ingestExternalPush (a Docmost cycle under the
+    // per-space lock), or the immediately-following POST collides with the still-
+    // running cycle and deterministically 503s. It must just stream the backend.
+    const built = build({ abilityCan: true });
+    const { reply } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-receive-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // Authorized as a write (Manage), but executed as a plain stream.
+    expect(built.abilityCan).toHaveBeenCalledWith(
+      SpaceCaslAction.Manage,
+      SpaceCaslSubject.Page,
+    );
+    expect(built.orchestrator.ingestExternalPush).not.toHaveBeenCalled();
+    expect(built.backend.run).toHaveBeenCalledTimes(1);
+  });
+
+  it('a push that loses the lock -> 503 with Retry-After and a busy body (headers not written twice)', async () => {
+    const built = build({ abilityCan: true });
+    // The lock could not be acquired: the receive-pack closure never ran, so the
+    // response is still unwritten and the handler must answer 503 itself.
+    built.orchestrator.ingestExternalPush.mockRejectedValue(
+      new GitSyncLockHeldError('space-1'),
+    );
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/git-receive-pack',
+      method: 'POST',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // It hijacked and went through the orchestrator (write path), but the lock
+    // was held so the backend never ran.
+    expect(state.hijacked).toBe(true);
+    expect(built.orchestrator.ingestExternalPush).toHaveBeenCalledTimes(1);
+    expect(built.backend.run).not.toHaveBeenCalled();
+
+    // 503 + Retry-After were written on the raw response (headersSent was false).
+    const raw = reply.raw as any;
+    expect(raw.statusCode).toBe(503);
+    expect(raw.setHeader).toHaveBeenCalledWith('Content-Type', 'text/plain');
+    expect(raw.setHeader).toHaveBeenCalledWith('Retry-After', '1');
+    // The body carries the busy/retry message and the response was ended once.
+    expect(raw.end).toHaveBeenCalledTimes(1);
+    expect(raw.end).toHaveBeenCalledWith('git-sync busy, retry');
+    // Exactly the two headers above were set — no double write of headers.
+    expect(raw.setHeader).toHaveBeenCalledTimes(2);
+  });
+
+  it('does NOT rewrite the 503 status/headers when the response is already sent', async () => {
+    const built = build({ abilityCan: true });
+    built.orchestrator.ingestExternalPush.mockRejectedValue(
+      new GitSyncLockHeldError('space-1'),
+    );
+    const { reply } = fakeReply();
+    // Simulate the (defensive) case where headers were already flushed: the
+    // handler must skip statusCode/setHeader and only end() the socket.
+    const raw = reply.raw as any;
+    raw.headersSent = true;
+    const req = fakeRequest({
+      url: '/git/space-1.git/git-receive-pack',
+      method: 'POST',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // No header writes when headersSent is already true (no "headers already
+    // sent" double-write path), but the body/end still runs.
+    expect(raw.setHeader).not.toHaveBeenCalled();
+    expect(raw.statusCode).toBe(200); // untouched default from the fake
+    expect(raw.end).toHaveBeenCalledTimes(1);
+    expect(raw.end).toHaveBeenCalledWith('git-sync busy, retry');
+  });
+
+  it('an unresolvable workspace -> 401 (credentials cannot be validated without one)', async () => {
+    const built = build({ workspace: null });
+    const { reply, state } = fakeReply();
+    const req = fakeRequest({
+      url: '/git/space-1.git/info/refs?service=git-upload-pack',
+      method: 'GET',
+      authorization: basic('dev@example.com', 'pw'),
+    });
+
+    await built.service.handle(req, reply);
+
+    // Without a workspace we cannot run verifyUserCredentials, so credentials
+    // are not validated -> 401 (the 401-before-404 ordering is preserved: an
+    // unauthenticated request never reaches the space-existence 404).
+    expect(built.workspaceRepo.findFirst).toHaveBeenCalledTimes(1);
+    expect(built.authService.verifyUserCredentials).not.toHaveBeenCalled();
+    expect(state.statusCode).toBe(401);
+    expect(state.headers['WWW-Authenticate']).toBe('Basic realm="gitmost"');
+    expect(built.backend.run).not.toHaveBeenCalled();
+  });
+});

apps/server/src/integrations/git-sync/http/git-http.service.ts

@@ -0,0 +1,328 @@
+import { Injectable, Logger, UnauthorizedException } from '@nestjs/common';
+import type { FastifyReply, FastifyRequest } from 'fastify';
+import { AuthService } from '../../../core/auth/services/auth.service';
+import SpaceAbilityFactory from '../../../core/casl/abilities/space-ability.factory';
+import {
+  SpaceCaslAction,
+  SpaceCaslSubject,
+} from '../../../core/casl/interfaces/space-ability.type';
+import { SpaceRepo } from '@docmost/db/repos/space/space.repo';
+import { WorkspaceRepo } from '@docmost/db/repos/workspace/workspace.repo';
+import { User } from '@docmost/db/types/entity.types';
+import { parseBasicAuth } from '../../mcp/mcp-auth.helpers';
+import { EnvironmentService } from '../../environment/environment.service';
+import { VaultRegistryService } from '../services/vault-registry.service';
+import {
+  GitSyncLockHeldError,
+  GitSyncOrchestrator,
+} from '../services/git-sync.orchestrator';
+import { GitHttpBackendService } from './git-http-backend.service';
+import {
+  decideGitHttpGate,
+  parseGitPath,
+  resolveServiceKind,
+  GitHttpServiceKind,
+} from './git-http.helpers';
+
+const WWW_AUTHENTICATE = 'Basic realm="gitmost"';
+
+/**
+ * The /git smart-HTTP host. Wires request parsing, the reused auth primitives
+ * (HTTP Basic -> AuthService.verifyUserCredentials), per-space gating
+ * (EnvironmentService flags + space.settings.gitSync.enabled), CASL authz
+ * (SpaceAbilityFactory), and dispatch to `git http-backend`:
+ *   - fetch  (read)  -> ensureServable then stream http-backend directly (no lock).
+ *   - push   (write) -> ensureServable then orchestrator.ingestExternalPush, which
+ *     runs the receive-pack under the space lock and then a Docmost cycle.
+ *
+ * Mounted at the ROOT (`/git/...`) by a raw Fastify route in main.ts (the global
+ * `/api` prefix does not apply). Never logs the password or Authorization header.
+ */
+@Injectable()
+export class GitHttpService {
+  private readonly logger = new Logger(GitHttpService.name);
+
+  constructor(
+    private readonly environmentService: EnvironmentService,
+    private readonly authService: AuthService,
+    private readonly spaceRepo: SpaceRepo,
+    private readonly workspaceRepo: WorkspaceRepo,
+    private readonly spaceAbilityFactory: SpaceAbilityFactory,
+    private readonly vaultRegistry: VaultRegistryService,
+    private readonly orchestrator: GitSyncOrchestrator,
+    private readonly backend: GitHttpBackendService,
+  ) {}
+
+  /**
+   * Resolve the workspace for a /git request the SAME way DomainMiddleware does,
+   * because Nest middleware does NOT run for this raw root-mounted route (it is
+   * registered under the global '/api' router), so `req.raw.workspaceId` is never
+   * populated here. We replicate DomainMiddleware / McpService:
+   *   - self-hosted (single workspace) -> workspaceRepo.findFirst();
+   *   - cloud (multi-tenant)           -> resolve by the host-header subdomain.
+   * Returns null when no workspace resolves; the gate then 404s (after the
+   * 401-before-404 credential check encoded in decideGitHttpGate).
+   */
+  private async resolveWorkspaceId(req: FastifyRequest): Promise<string | null> {
+    try {
+      if (this.environmentService.isSelfHosted()) {
+        const workspace = await this.workspaceRepo.findFirst();
+        return workspace?.id ?? null;
+      }
+      if (this.environmentService.isCloud()) {
+        const host = this.headerValue(req.headers['host']);
+        const subdomain = host ? host.split('.')[0] : '';
+        if (!subdomain) return null;
+        const workspace = await this.workspaceRepo.findByHostname(subdomain);
+        return workspace?.id ?? null;
+      }
+    } catch (err) {
+      // A DB error resolving the workspace must not leak details; treat as
+      // unresolvable (the gate will 404, unless creds are missing -> 401 first).
+      this.logger.warn(
+        `git-http: workspace resolution error: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+    return null;
+  }
+
+  /**
+   * Handle one `/git/<spaceId>.git/<subpath>` request. `rest` is the path AFTER
+   * the `/git/` prefix (no query string). The Fastify reply is hijacked before
+   * any streaming so the binary CGI body is written directly to the raw socket.
+   */
+  async handle(req: FastifyRequest, reply: FastifyReply): Promise<void> {
+    const rawReq = req.raw;
+    const rawRes = reply.raw;
+
+    // --- parse the URL into spaceId + subpath -------------------------------
+    const rest = this.extractRest(req.url);
+    const parsedPath = rest === null ? null : parseGitPath(rest);
+
+    // --- resolve the requested git service kind (read vs write) -------------
+    const service =
+      typeof req.query === 'object' && req.query !== null
+        ? (req.query as Record<string, string | undefined>).service
+        : undefined;
+    const serviceKind: GitHttpServiceKind | null = parsedPath
+      ? resolveServiceKind({
+          method: req.method,
+          subpath: parsedPath.subpath,
+          service,
+        })
+      : null;
+
+    // --- authenticate (HTTP Basic) ------------------------------------------
+    const authHeader = req.headers['authorization'];
+    const basic = parseBasicAuth(
+      Array.isArray(authHeader) ? authHeader[0] : authHeader,
+    );
+    // Resolve the workspace ourselves — DomainMiddleware does NOT run for this
+    // raw root route, so `req.raw.workspaceId` is never set (see resolver doc).
+    const workspaceId: string | null = await this.resolveWorkspaceId(req);
+
+    let user: User | undefined;
+    let credentialsValid = false;
+    if (basic && workspaceId) {
+      try {
+        user = await this.authService.verifyUserCredentials(
+          { email: basic.email, password: basic.password },
+          workspaceId,
+        );
+        credentialsValid = true;
+      } catch (err) {
+        if (!(err instanceof UnauthorizedException)) {
+          // A non-credential failure (e.g. DB error): treat as invalid creds for
+          // the gate (a 401), and log without leaking the password/header.
+          this.logger.warn(
+            `git-http: credential check error: ${
+              err instanceof Error ? err.message : String(err)
+            }`,
+          );
+        }
+        credentialsValid = false;
+      }
+    }
+
+    // --- resolve the space + per-space gating + CASL ------------------------
+    let spaceExists = false;
+    let spaceGitSyncEnabled = false;
+    let spaceId: string | undefined;
+    let permissionGranted = false;
+    if (credentialsValid && user && workspaceId && parsedPath && serviceKind) {
+      const space = await this.spaceRepo.findById(
+        parsedPath.spaceId,
+        workspaceId,
+      );
+      if (space) {
+        spaceExists = true;
+        spaceId = space.id;
+        spaceGitSyncEnabled =
+          (space.settings as any)?.gitSync?.enabled === true;
+
+        // Only evaluate CASL when the space is actually a sync candidate — an
+        // unrelated space stays a 404 (existence is never revealed).
+        if (spaceGitSyncEnabled) {
+          try {
+            const ability = await this.spaceAbilityFactory.createForUser(
+              user,
+              space.id,
+            );
+            const action =
+              serviceKind === 'write'
+                ? SpaceCaslAction.Manage
+                : SpaceCaslAction.Read;
+            permissionGranted = ability.can(action, SpaceCaslSubject.Page);
+          } catch {
+            // createForUser throws NotFoundException when the user has no role in
+            // the space — that is simply "no permission" here.
+            permissionGranted = false;
+          }
+        }
+      }
+    }
+
+    // --- the gate decision (pure) -------------------------------------------
+    const decision = decideGitHttpGate({
+      hasCredentials: Boolean(basic),
+      credentialsValid,
+      serviceKind,
+      gitSyncEnabled: this.environmentService.isGitSyncEnabled(),
+      gitHttpEnabled: this.environmentService.isGitSyncHttpEnabled(),
+      spaceExists,
+      spaceGitSyncEnabled,
+      permissionGranted,
+    });
+
+    if (decision.kind === 'unauthorized') {
+      reply
+        .header('WWW-Authenticate', WWW_AUTHENTICATE)
+        .status(401)
+        .send('Authentication required');
+      return;
+    }
+    if (decision.kind === 'bad-request') {
+      reply.status(400).send('Bad request');
+      return;
+    }
+    if (decision.kind === 'not-found') {
+      reply.status(404).send('Not found');
+      return;
+    }
+    if (decision.kind === 'forbidden') {
+      reply.status(403).send('Forbidden');
+      return;
+    }
+
+    // decision.kind === 'proceed' — guaranteed below (narrowing for TS).
+    if (!parsedPath || !serviceKind || !spaceId || !user || !workspaceId) {
+      // Defensive: 'proceed' implies these are set, but keep TS + runtime safe.
+      reply.status(500).send('Internal server error');
+      return;
+    }
+
+    // --- dispatch to git http-backend ---------------------------------------
+    const backendRequest = {
+      spaceId,
+      subpath: parsedPath.subpath,
+      method: req.method,
+      queryString: this.extractQueryString(req.url),
+      contentType: this.headerValue(req.headers['content-type']) ?? '',
+      gitProtocol: this.headerValue(req.headers['git-protocol']),
+      remoteUser: user.email,
+    };
+
+    try {
+      // Idempotently make the vault servable (repo + receive/upload config).
+      await this.vaultRegistry.ensureServable(spaceId);
+    } catch (err) {
+      this.logger.error(
+        `git-http: failed to prepare vault for space ${spaceId}: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+      if (!reply.sent) reply.status(500).send('Internal server error');
+      return;
+    }
+
+    // Hijack the reply so the backend can stream the raw (possibly binary) CGI
+    // response directly to the socket (mirrors the MCP transport pattern).
+    reply.hijack();
+
+    // Only the ACTUAL pack-receiving write (POST git-receive-pack) runs under the
+    // space lock + a Docmost cycle. Everything else streams the http-backend
+    // directly with NO lock and NO cycle: a fetch/clone (read), AND the
+    // write-AUTHORIZED but READ-ONLY ref advertisement
+    // (GET info/refs?service=git-receive-pack). Running a cycle on info/refs is
+    // both wasteful and HARMFUL — it holds the per-space lock, so the push's
+    // immediately-following POST git-receive-pack collides with it and 503s
+    // (a deterministic push failure). Authz already happened above via the gate.
+    const isReceivePack =
+      req.method === 'POST' && parsedPath.subpath === 'git-receive-pack';
+    if (serviceKind === 'read' || !isReceivePack) {
+      await this.backend.run(backendRequest, rawReq, rawRes);
+      return;
+    }
+
+    // Push: run the receive-pack under the space lock, then a Docmost cycle.
+    try {
+      await this.orchestrator.ingestExternalPush(spaceId, workspaceId, () =>
+        this.backend.run(backendRequest, rawReq, rawRes),
+      );
+    } catch (err) {
+      if (err instanceof GitSyncLockHeldError) {
+        // The lock could not be acquired and the receive-pack never ran, so the
+        // response is still unwritten — answer 503 so git retries.
+        if (!rawRes.headersSent) {
+          rawRes.statusCode = 503;
+          rawRes.setHeader('Content-Type', 'text/plain');
+          rawRes.setHeader('Retry-After', '1');
+        }
+        try {
+          rawRes.end('git-sync busy, retry');
+        } catch {
+          /* ignore */
+        }
+        return;
+      }
+      // Any other error: the receive-pack closure handles its own response, so
+      // we only log here and make sure the socket is closed.
+      this.logger.error(
+        `git-http: push ingestion error for space ${spaceId}: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+      try {
+        if (!rawRes.writableEnded) rawRes.end();
+      } catch {
+        /* ignore */
+      }
+    }
+  }
+
+  /** Normalise a possibly-array header value to its first string. */
+  private headerValue(value: string | string[] | undefined): string | undefined {
+    if (Array.isArray(value)) return value[0];
+    return value;
+  }
+
+  /**
+   * Extract the part of the URL AFTER `/git/` and BEFORE the query string.
+   * Returns null when the URL is not under `/git/`.
+   */
+  private extractRest(url: string): string | null {
+    const qIdx = url.indexOf('?');
+    const pathname = qIdx === -1 ? url : url.slice(0, qIdx);
+    const prefix = '/git/';
+    if (!pathname.startsWith(prefix)) return null;
+    return pathname.slice(prefix.length);
+  }
+
+  /** The raw query string without the leading '?', or '' when none. */
+  private extractQueryString(url: string): string {
+    const qIdx = url.indexOf('?');
+    return qIdx === -1 ? '' : url.slice(qIdx + 1);
+  }
+}

apps/server/src/integrations/git-sync/listeners/page-change.listener.spec.ts

@@ -0,0 +1,252 @@
+// Unit tests for the event-driven git-sync trigger. The orchestrator
+// and page repo are hand-built mocks; the debounce coalescing is exercised with
+// jest fake timers. We assert the gate, the loop-guard (anti-echo), the
+// missing-page short-circuit, the heterogeneous event-shape id resolution, the
+// debounce collapse, and that errors are swallowed + logged.
+import { Logger } from '@nestjs/common';
+import { PageChangeListener } from './page-change.listener';
+
+type AnyMock = jest.Mock;
+
+interface Built {
+  listener: PageChangeListener;
+  env: { isGitSyncEnabled: AnyMock; getGitSyncDebounceMs: AnyMock };
+  orchestrator: { runOnce: AnyMock };
+  pageRepo: { findById: AnyMock };
+}
+
+function build(opts: { enabled?: boolean; debounceMs?: number } = {}): Built {
+  const { enabled = true, debounceMs = 2000 } = opts;
+  const env = {
+    isGitSyncEnabled: jest.fn(() => enabled),
+    getGitSyncDebounceMs: jest.fn(() => debounceMs),
+  };
+  const orchestrator = { runOnce: jest.fn(async () => undefined) };
+  const pageRepo = { findById: jest.fn() };
+
+  const listener = new PageChangeListener(
+    env as any,
+    orchestrator as any,
+    pageRepo as any,
+  );
+  return { listener, env, orchestrator, pageRepo };
+}
+
+beforeEach(() => {
+  jest.clearAllMocks();
+});
+
+describe('PageChangeListener', () => {
+  describe('gate', () => {
+    it('does nothing when git-sync is disabled (no findById, no schedule)', async () => {
+      const { listener, orchestrator, pageRepo } = build({ enabled: false });
+      await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+      expect(pageRepo.findById).not.toHaveBeenCalled();
+      expect(orchestrator.runOnce).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('loop-guard (anti-echo)', () => {
+    it("does NOT schedule a cycle when the page row's source is 'git-sync'", async () => {
+      jest.useFakeTimers();
+      try {
+        const { listener, orchestrator, pageRepo } = build();
+        pageRepo.findById.mockResolvedValue({
+          id: 'p1',
+          spaceId: 'space-1',
+          workspaceId: 'ws-1',
+          lastUpdatedSource: 'git-sync',
+        });
+        await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+        jest.runOnlyPendingTimers();
+        expect(orchestrator.runOnce).not.toHaveBeenCalled();
+      } finally {
+        jest.useRealTimers();
+      }
+    });
+
+    it('schedules exactly one cycle for a normal (non-git-sync) source', async () => {
+      jest.useFakeTimers();
+      try {
+        const { listener, orchestrator, pageRepo } = build();
+        pageRepo.findById.mockResolvedValue({
+          id: 'p1',
+          spaceId: 'space-1',
+          workspaceId: 'ws-1',
+          lastUpdatedSource: 'user',
+        });
+        await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+        jest.runOnlyPendingTimers();
+        expect(orchestrator.runOnce).toHaveBeenCalledTimes(1);
+        expect(orchestrator.runOnce).toHaveBeenCalledWith('space-1', 'ws-1');
+      } finally {
+        jest.useRealTimers();
+      }
+    });
+  });
+
+  describe('missing page', () => {
+    it('does not schedule when findById returns null/undefined', async () => {
+      jest.useFakeTimers();
+      try {
+        const { listener, orchestrator, pageRepo } = build();
+        pageRepo.findById.mockResolvedValue(undefined);
+        await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+        jest.runOnlyPendingTimers();
+        expect(orchestrator.runOnce).not.toHaveBeenCalled();
+      } finally {
+        jest.useRealTimers();
+      }
+    });
+  });
+
+  describe('spaceId/workspaceId resolution', () => {
+    // The page row used to fill in any ids the event omits.
+    const pageRow = {
+      id: 'p1',
+      spaceId: 'row-space',
+      workspaceId: 'row-ws',
+      lastUpdatedSource: 'user',
+    };
+
+    async function resolve(event: Record<string, unknown>) {
+      jest.useFakeTimers();
+      try {
+        const { listener, orchestrator, pageRepo } = build();
+        pageRepo.findById.mockResolvedValue(pageRow);
+        await listener.handlePageEvent(event as any);
+        jest.runOnlyPendingTimers();
+        return { orchestrator, pageRepo };
+      } finally {
+        jest.useRealTimers();
+      }
+    }
+
+    it("resolves pageId + event.spaceId + event.workspaceId", async () => {
+      const { orchestrator, pageRepo } = await resolve({
+        pageId: 'p1',
+        spaceId: 'evt-space',
+        workspaceId: 'evt-ws',
+      });
+      expect(pageRepo.findById).toHaveBeenCalledWith('p1', { includeContent: false });
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('evt-space', 'evt-ws');
+    });
+
+    it('resolves pageId from pageIds[0]', async () => {
+      const { orchestrator, pageRepo } = await resolve({
+        pageIds: ['p1', 'p2'],
+        spaceId: 'evt-space',
+        workspaceId: 'evt-ws',
+      });
+      expect(pageRepo.findById).toHaveBeenCalledWith('p1', { includeContent: false });
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('evt-space', 'evt-ws');
+    });
+
+    it('resolves pageId + spaceId from pages[]', async () => {
+      const { orchestrator } = await resolve({
+        pages: [{ id: 'p1', spaceId: 'pages-space' }],
+        workspaceId: 'evt-ws',
+      });
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('pages-space', 'evt-ws');
+    });
+
+    it('resolves pageId + spaceId from node', async () => {
+      const { orchestrator } = await resolve({
+        node: { id: 'p1', spaceId: 'node-space' },
+        workspaceId: 'evt-ws',
+      });
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('node-space', 'evt-ws');
+    });
+
+    it('falls back to the fetched page row when the event omits spaceId/workspaceId', async () => {
+      const { orchestrator } = await resolve({ pageId: 'p1' });
+      // No spaceId/workspaceId on the event -> use the page row's values.
+      expect(orchestrator.runOnce).toHaveBeenCalledWith('row-space', 'row-ws');
+    });
+  });
+
+  describe('debounce coalescing', () => {
+    it('collapses a burst of N events for one space into exactly one runOnce', async () => {
+      jest.useFakeTimers();
+      try {
+        const { listener, orchestrator, pageRepo } = build({ debounceMs: 500 });
+        pageRepo.findById.mockResolvedValue({
+          id: 'p1',
+          spaceId: 'space-1',
+          workspaceId: 'ws-1',
+          lastUpdatedSource: 'user',
+        });
+
+        // Fire a burst of 5 events; await each so its findById promise settles
+        // and schedule() runs before the next event resets the timer.
+        for (let i = 0; i < 5; i++) {
+          await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+        }
+
+        // Nothing fired yet (still within the debounce window).
+        expect(orchestrator.runOnce).not.toHaveBeenCalled();
+
+        // Advance past the debounce window: the coalesced cycle fires once.
+        jest.advanceTimersByTime(500);
+        expect(orchestrator.runOnce).toHaveBeenCalledTimes(1);
+        expect(orchestrator.runOnce).toHaveBeenCalledWith('space-1', 'ws-1');
+      } finally {
+        jest.useRealTimers();
+      }
+    });
+  });
+
+  describe('onModuleDestroy', () => {
+    it('clears every pending debounce timer and empties the map', async () => {
+      jest.useFakeTimers();
+      const clearSpy = jest.spyOn(global, 'clearTimeout');
+      try {
+        const { listener, orchestrator, pageRepo } = build({ debounceMs: 500 });
+        pageRepo.findById.mockResolvedValue({
+          id: 'p1',
+          spaceId: 'space-1',
+          workspaceId: 'ws-1',
+          lastUpdatedSource: 'user',
+        });
+
+        // Schedule a pending cycle, then tear the module down before it fires.
+        await listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' });
+        clearSpy.mockClear(); // ignore any clears done by schedule() itself
+
+        listener.onModuleDestroy();
+
+        // The pending timer was cleared and the map drained, so advancing past
+        // the debounce window fires NO cycle.
+        expect(clearSpy).toHaveBeenCalledTimes(1);
+        expect((listener as any).debounce.size).toBe(0);
+        jest.advanceTimersByTime(500);
+        expect(orchestrator.runOnce).not.toHaveBeenCalled();
+      } finally {
+        clearSpy.mockRestore();
+        jest.useRealTimers();
+      }
+    });
+  });
+
+  describe('error swallowing', () => {
+    it('does not throw and logs a warning when findById throws', async () => {
+      const warnSpy = jest
+        .spyOn(Logger.prototype, 'warn')
+        .mockImplementation(() => undefined);
+      try {
+        const { listener, orchestrator, pageRepo } = build();
+        pageRepo.findById.mockRejectedValue(new Error('db down'));
+
+        await expect(
+          listener.handlePageEvent({ pageId: 'p1', workspaceId: 'ws-1' }),
+        ).resolves.toBeUndefined();
+
+        expect(warnSpy).toHaveBeenCalledTimes(1);
+        expect(String(warnSpy.mock.calls[0][0])).toContain('db down');
+        expect(orchestrator.runOnce).not.toHaveBeenCalled();
+      } finally {
+        warnSpy.mockRestore();
+      }
+    });
+  });
+});