Jason Woltje
cbea60b3ad
ConversationsRepo: add userId parameter to findById, update, remove, findMessages, and addMessage so every query filters by conversations.userId in the WHERE clause. This prevents cross-user data access even if the controller layer were bypassed. AgentsRepo: add optional ownerId parameter to update (enforced for user-owned agents, omitted for admin system-agent path) and required ownerId to remove so the DELETE WHERE clause always scopes to the requesting user's agents. Controller call sites updated to pass userId/ownerId to the repo methods. The resource-ownership unit test updated to reflect that findById now returns undefined (not a foreign-user object) when ownership is checked at the DB layer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>