chore: Wave 1 complete — fix merge conflicts, update task status (#296)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

apps/gateway/src/chat/chat.gateway.ts

@@ -127,14 +127,17 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
     // Persist the user message
     if (userId) {
       try {
-        await this.brain.conversations.addMessage({
-          conversationId,
-          role: 'user',
-          content: data.content,
-          metadata: {
-            timestamp: new Date().toISOString(),
+        await this.brain.conversations.addMessage(
+          {
+            conversationId,
+            role: 'user',
+            content: data.content,
+            metadata: {
+              timestamp: new Date().toISOString(),
+            },
           },
-        });
+          userId,
+        );
       } catch (err) {
         this.logger.error(
           `Failed to persist user message for conversation=${conversationId}`,
@@ -257,7 +260,7 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
    */
   private async ensureConversation(conversationId: string, userId: string): Promise<void> {
     try {
-      const existing = await this.brain.conversations.findById(conversationId);
+      const existing = await this.brain.conversations.findById(conversationId, userId);
       if (!existing) {
         await this.brain.conversations.create({
           id: conversationId,
@@ -341,12 +344,15 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
           }
 
           this.brain.conversations
-            .addMessage({
-              conversationId,
-              role: 'assistant',
-              content: cs.assistantText,
-              metadata,
-            })
+            .addMessage(
+              {
+                conversationId,
+                role: 'assistant',
+                content: cs.assistantText,
+                metadata,
+              },
+              userId,
+            )
             .catch((err: unknown) => {
               this.logger.error(
                 `Failed to persist assistant message for conversation=${conversationId}`,

docs/TASKS.md

@@ -15,12 +15,12 @@
 | M1-006 | not-started | sonnet | M1: Persistence    | Conversation search: full-text search on messages table via /api/conversations/search                           | —    | #229                                 |
 | M1-007 | not-started | sonnet | M1: Persistence    | TUI: /history command to display conversation message count and context usage                                   | —    | #230                                 |
 | M1-008 | not-started | haiku  | M1: Persistence    | Verify: send messages → kill TUI → resume with -c → agent references prior context                              | —    | #231                                 |
-| M2-001 | not-started | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search                                      | —    | #232                                 |
-| M2-002 | not-started | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights()                                       | —    | #233                                 |
+| M2-001 | done        | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to searchByEmbedding() vector search                                      | #290 | #232 closed                          |
+| M2-002 | done        | sonnet | M2: Security       | Audit InsightsRepo: add userId filter to findByUser(), decayOldInsights()                                       | #290 | #233 closed                          |
 | M2-003 | done        | sonnet | M2: Security       | Audit PreferencesRepo: verify all queries filter by userId                                                      | #294 | #234 closed — already scoped         |
 | M2-004 | done        | sonnet | M2: Security       | Audit agent memory tools: verify memory*search, memory_save*_, memory*get*_ scope to session user               | #294 | #235 closed — FIXED userId injection |
-| M2-005 | not-started | sonnet | M2: Security       | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages           | —    | #236                                 |
-| M2-006 | not-started | sonnet | M2: Security       | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents                            | —    | #237                                 |
+| M2-005 | done        | sonnet | M2: Security       | Audit ConversationsRepo: verify ownership check on findById, update, delete, addMessage, findMessages           | #293 | #236 closed                          |
+| M2-006 | done        | sonnet | M2: Security       | Audit AgentsRepo: verify findAccessible() returns only user's agents + system agents                            | #293 | #237 closed                          |
 | M2-007 | not-started | sonnet | M2: Security       | Integration test: create two users, populate data, verify cross-user isolation on every query path              | —    | #238 TDD                             |
 | M2-008 | not-started | sonnet | M2: Security       | Audit Valkey keys: verify session keys include userId or are not enumerable across users                        | —    | #239                                 |
 | M3-001 | not-started | opus   | M3: Providers      | Refactor ProviderService into IProviderAdapter pattern: register(), listModels(), healthCheck(), createClient() | —    | #240 Verify Pi SDK compat            |