chore: merge main into feat/tenant-isolation-phase-0

Resolve add/add conflicts by keeping the complete Phase 0 versions
of test_tenant_isolation_p0.py and the design spec (our branch is
a superset of the squash-merged copilot hotfix content).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CHANGELOG.md

@@ -11,6 +11,7 @@ All notable changes to ResolutionFlow are documented here.
 - **Script Library default view** — "All Scripts" tab now displays all accessible scripts (team + library)
 - **Session documentation overhaul** — reformatted PSA resolution/escalation notes with cleaner headers, inline engineer responses, decimal hour display (0.25 hrs), follow-up recommendations, and improved "What We Know" section from evidence items
 - **Client communication improvements** — new `request_info` audience type for client-facing information requests, improved status update and email draft prompts with per-context guidance
+- **Image support in Assistant Chat** — paste/attach images in chat input, uploaded to S3, resized for vision model, displayed in conversation history
 
 ### Changed
 - **Edit Procedure page** — layout overhaul and color system refinements for better visual hierarchy
@@ -18,6 +19,8 @@ All notable changes to ResolutionFlow are documented here.
 - **Account settings page** — audit fixes for improved consistency and usability
 - **PSA documentation formatting** — removed duplicate timing blocks and AI confidence sections; added client-facing communication context guidance
 - **Status update generation** — fixed option label lookup to use human-readable labels instead of machine values
+- **Assistant Chat session actions** — moved Pause/Resume/Close actions from action bar to page header for consistency with FlowPilot
+- **Design system token normalization** — unified FlowPilot, AssistantChat, and ScriptBuilder components to use consistent design tokens
 
 ### Fixed
 - Dark text rendering on blue accent step-number badges across all flow types
@@ -26,6 +29,10 @@ All notable changes to ResolutionFlow are documented here.
 - Stale async results in Assistant Chat (selectChat) no longer clobber new session task lane
 - Sentry DSN hardcoded fallback removed — now uses environment variable only
 - Option label resolution in status update context generation
+- "Sorry something went wrong" errors in chat when rendering unsupported message types
+- Task Lane stale data when creating new chat or resuming from concluded session
+- Chat ref invalidation race condition between handleNewChat and async data loads
+- Images now properly display in chat message history instead of blank placeholders
 
 ---
 

backend/app/services/copilot_service.py

@@ -8,7 +8,7 @@ from datetime import datetime, timezone, timedelta
 from typing import Optional, Any
 from uuid import UUID
 
-from sqlalchemy import select
+from sqlalchemy import select, or_
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
 
@@ -103,13 +103,23 @@ async def start_conversation(
 
     Returns (conversation, greeting_message).
     """
-    # Load tree
+    # Load tree — must be accessible to this account.
+    # Allows own account's trees, default trees, and public trees.
+    # Raises ValueError (caught by endpoint as 404) if not found or not accessible.
     result = await db.execute(
-        select(Tree).options(selectinload(Tree.tags)).where(Tree.id == tree_id)
+        select(Tree).options(selectinload(Tree.tags)).where(
+            Tree.id == tree_id,
+            or_(
+                Tree.account_id == account_id,
+                Tree.author_id == user_id,
+                Tree.is_default == True,
+                Tree.is_public == True,
+            ),
+        )
     )
     tree = result.scalar_one_or_none()
     if not tree:
-        raise ValueError(f"Tree {tree_id} not found")
+        raise ValueError(f"Tree {tree_id} not found or not accessible")
 
     conversation = CopilotConversation(
         user_id=user_id,